Document attributes (#526)

* Add 'acme' action group attribute. * Compatibility with older ansible-core releases. * Fix typo. * Document standard attributes. * Improve docs. * Add shortcuts for common combinations.
2022-11-06 21:10:56 +01:00 · 2022-11-06 21:10:56 +01:00 · 7bbe8f467c
parent 0c67afb6c3
commit 7bbe8f467c
34 changed files with 509 additions and 228 deletions
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@ -11,7 +11,6 @@ action_groups:
    - acme_certificate_revoke
    - acme_certificate
    - acme_account
-  - acme_account_facts
    - acme_account_info

 plugin_routing:
--- a/plugins/doc_fragments/attributes.py
+++ b/plugins/doc_fragments/attributes.py
@ -0,0 +1,85 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard documentation fragment
+    DOCUMENTATION = r'''
+options: {}
+attributes:
+    check_mode:
+      description: Can run in C(check_mode) and return changed status prediction without modifying target.
+    diff_mode:
+      description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode.
+'''
+
+    # Should be used together with the standard fragment
+    INFO_MODULE = r'''
+options: {}
+attributes:
+    check_mode:
+      support: full
+      details:
+        - This action does not modify state.
+    diff_mode:
+      support: N/A
+      details:
+        - This action does not modify state.
+'''
+
+    ACTIONGROUP_ACME = r'''
+options: {}
+attributes:
+    action_group:
+      description: Use C(group/acme) or C(group/community.crypto.acme) in C(module_defaults) to set defaults for this module.
+      support: full
+      membership:
+        - community.crypto.acme
+        - acme
+'''
+
+    FACTS = r'''
+options: {}
+attributes:
+    facts:
+      description: Action returns an C(ansible_facts) dictionary that will update existing host facts.
+'''
+
+    # Should be used together with the standard fragment and the FACTS fragment
+    FACTS_MODULE = r'''
+options: {}
+attributes:
+    check_mode:
+      support: full
+      details:
+        - This action does not modify state.
+    diff_mode:
+      support: N/A
+      details:
+        - This action does not modify state.
+    facts:
+      support: full
+'''
+
+    FILES = r'''
+options: {}
+attributes:
+    safe_file_operations:
+      description: Uses Ansible's strict file operation functions to ensure proper permissions and avoid data corruption.
+'''
+
+    FLOW = r'''
+options: {}
+attributes:
+    action:
+      description: Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller.
+    async:
+      description: Supports being used with the C(async) keyword.
+'''
--- a/plugins/modules/acme_account.py
+++ b/plugins/modules/acme_account.py
@ -37,8 +37,14 @@ seealso:
  - module: community.crypto.acme_inspect
    description: Allows to debug problems.
 extends_documentation_fragment:
- community.crypto.acme
-
+  - community.crypto.acme
+  - community.crypto.attributes
+  - community.crypto.attributes.actiongroup_acme
+attributes:
+  check_mode:
+    support: full
+  diff_mode:
+    support: full
 options:
  state:
    description:
--- a/plugins/modules/acme_account_info.py
+++ b/plugins/modules/acme_account_info.py
@ -24,7 +24,11 @@ notes:
     accounts."
  - "This module was called C(acme_account_facts) before Ansible 2.8. The usage
     did not change."
-   - Supports C(check_mode).
+extends_documentation_fragment:
+  - community.crypto.acme
+  - community.crypto.attributes
+  - community.crypto.attributes.actiongroup_acme
+  - community.crypto.attributes.info_module
 options:
  retrieve_orders:
    description:
@ -45,8 +49,6 @@ options:
 seealso:
  - module: community.crypto.acme_account
    description: Allows to create, modify or delete an ACME account.
-extends_documentation_fragment:
- community.crypto.acme

 '''

--- a/plugins/modules/acme_certificate.py
+++ b/plugins/modules/acme_certificate.py
@ -78,8 +78,17 @@ seealso:
  - module: community.crypto.acme_inspect
    description: Allows to debug problems.
 extends_documentation_fragment:
- community.crypto.acme
-
+  - community.crypto.acme
+  - community.crypto.attributes
+  - community.crypto.attributes.files
+  - community.crypto.attributes.actiongroup_acme
+attributes:
+  check_mode:
+    support: full
+  diff_mode:
+    support: none
+  safe_file_operations:
+    support: full
 options:
  account_email:
    description:
--- a/plugins/modules/acme_certificate_revoke.py
+++ b/plugins/modules/acme_certificate_revoke.py
@ -26,7 +26,6 @@ notes:
     was different than the one specified here. Also, depending on the
     server, it can happen that some other error is returned if the
     certificate has already been revoked."
-   - Does not support C(check_mode).
 seealso:
  - name: The Let's Encrypt documentation
    description: Documentation for the Let's Encrypt Certification Authority.
@ -38,8 +37,14 @@ seealso:
  - module: community.crypto.acme_inspect
    description: Allows to debug problems.
 extends_documentation_fragment:
- community.crypto.acme
-
+  - community.crypto.acme
+  - community.crypto.attributes
+  - community.crypto.attributes.actiongroup_acme
+attributes:
+  check_mode:
+    support: none
+  diff_mode:
+    support: none
 options:
  certificate:
    description:
--- a/plugins/modules/acme_challenge_cert_helper.py
+++ b/plugins/modules/acme_challenge_cert_helper.py
@ -28,6 +28,17 @@ seealso:
    link: https://www.rfc-editor.org/rfc/rfc8737.html
 requirements:
  - "cryptography >= 1.3"
+extends_documentation_fragment:
+  - community.crypto.attributes
+attributes:
+  check_mode:
+    support: none
+    details:
+      - This action does not modify state.
+  diff_mode:
+    support: N/A
+    details:
+      - This action does not modify state.
 options:
  challenge:
    description:
@ -58,8 +69,6 @@ options:
      - Phassphrase to use to decode the private key.
    type: str
    version_added: 1.6.0
-notes:
-  - Does not support C(check_mode).
 '''

 EXAMPLES = '''
--- a/plugins/modules/acme_inspect.py
+++ b/plugins/modules/acme_inspect.py
@ -42,8 +42,14 @@ seealso:
    description: The specification of the C(tls-alpn-01) challenge (RFC 8737).
    link: https://www.rfc-editor.org/rfc/rfc8737.html
 extends_documentation_fragment:
- community.crypto.acme
-
+  - community.crypto.acme
+  - community.crypto.attributes
+  - community.crypto.attributes.actiongroup_acme
+attributes:
+  check_mode:
+    support: none
+  diff_mode:
+    support: none
 options:
  url:
    description:
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@ -26,6 +26,17 @@ description:
       generated chain is valid, please use C(openssl verify ...)."
 requirements:
    - "cryptography >= 1.5"
+extends_documentation_fragment:
+    - community.crypto.attributes
+attributes:
+    check_mode:
+        support: full
+        details:
+            - This action does not modify state.
+    diff_mode:
+        support: N/A
+        details:
+            - This action does not modify state.
 options:
    input_chain:
        description:
--- a/plugins/modules/crypto_info.py
+++ b/plugins/modules/crypto_info.py
@ -19,8 +19,9 @@ description:
  - Retrieve information on cryptographic capabilities.
  - The current version retrieves information on the L(Python cryptography library, https://cryptography.io/) available to
    Ansible modules, and on the OpenSSL binary C(openssl) found in the path.
-notes:
-   - Supports C(check_mode).
+extends_documentation_fragment:
+  - community.crypto.attributes
+  - community.crypto.attributes.info_module
 options: {}
 '''

--- a/plugins/modules/ecs_certificate.py
+++ b/plugins/modules/ecs_certificate.py
@ -24,6 +24,19 @@ notes:
    - C(path) must be specified as the output location of the certificate.
 requirements:
    - cryptography >= 1.6
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.ecs_credential
+attributes:
+    check_mode:
+        support: partial
+        details:
+            - Check mode is only supported if I(request_type=new).
+    diff_mode:
+        support: none
+    safe_file_operations:
+        support: full
 options:
    backup:
        description:
@ -337,9 +350,6 @@ seealso:
      description: Can be used to create private keys (both for certificates and accounts).
    - module: community.crypto.openssl_csr
      description: Can be used to create a Certificate Signing Request (CSR).
-extends_documentation_fragment:
- community.crypto.ecs_credential
-
 '''

 EXAMPLES = r'''
--- a/plugins/modules/ecs_domain.py
+++ b/plugins/modules/ecs_domain.py
@ -33,6 +33,14 @@ description:
 notes:
    - There is a small delay (typically about 5 seconds, but can be as long as 60 seconds) before obtaining the random values when requesting a validation
      while C(verification_method=dns) or C(verification_method=web_server). Be aware of that if doing many domain validation requests.
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.ecs_credential
+attributes:
+    check_mode:
+        support: none
+    diff_mode:
+        support: none
 options:
    client_id:
        description:
@ -79,9 +87,6 @@ seealso:
      description: Can be used to request certificates from ECS, with C(provider=entrust).
    - module: community.crypto.ecs_certificate
      description: Can be used to request a Certificate from ECS using a verified domain.
-extends_documentation_fragment:
- community.crypto.ecs_credential
-
 '''

 EXAMPLES = r'''
--- a/plugins/modules/get_certificate.py
+++ b/plugins/modules/get_certificate.py
@ -18,6 +18,17 @@ description:
    - Makes a secure connection and returns information about the presented certificate
    - The module uses the cryptography Python library.
    - Support SNI (L(Server Name Indication,https://en.wikipedia.org/wiki/Server_Name_Indication)) only with python >= 2.7.
+extends_documentation_fragment:
+    - community.crypto.attributes
+attributes:
+    check_mode:
+        support: none
+        details:
+            - This action does not modify state.
+    diff_mode:
+        support: N/A
+        details:
+            - This action does not modify state.
 options:
    host:
      description:
--- a/plugins/modules/luks_device.py
+++ b/plugins/modules/luks_device.py
@ -13,12 +13,20 @@ module: luks_device

 short_description: Manage encrypted (LUKS) devices

-
 description:
    - "Module manages L(LUKS,https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)
      on given device. Supports creating, destroying, opening and closing of
      LUKS container and adding or removing new keys and passphrases."

+extends_documentation_fragment:
+    - community.crypto.attributes
+
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: none
+
 options:
    device:
        description:
--- a/plugins/modules/openssh_cert.py
+++ b/plugins/modules/openssh_cert.py
@ -18,6 +18,17 @@ description:
    - Generate and regenerate OpenSSH host or user certificates.
 requirements:
    - "ssh-keygen"
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -180,8 +191,6 @@ options:
               The serial number may be omitted for checks, but must be specified again for a new certificate.
               Note: The default value set by ssh-keygen is 0."
        type: int
-
-extends_documentation_fragment: files
 '''

 EXAMPLES = '''
--- a/plugins/modules/openssh_keypair.py
+++ b/plugins/modules/openssh_keypair.py
@ -21,6 +21,17 @@ requirements:
    - ssh-keygen (if I(backend=openssh))
    - cryptography >= 2.6 (if I(backend=cryptography) and OpenSSH < 7.8 is installed)
    - cryptography >= 3.0 (if I(backend=cryptography) and OpenSSH >= 7.8 is installed)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -128,10 +139,7 @@ options:
 notes:
    - In case the ssh key is broken or password protected, the module will fail.
      Set the I(force) option to C(true) if you want to regenerate the keypair.
-    - Supports C(check_mode).
    - In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files.
-
-extends_documentation_fragment: files
 '''

 EXAMPLES = '''
--- a/plugins/modules/openssl_csr.py
+++ b/plugins/modules/openssl_csr.py
@ -19,8 +19,20 @@ description:
      options, or if it seems to be corrupt. If you are concerned that this could overwrite
      your existing CSR, consider using the I(backup) option."
 author:
- Yanis Guenane (@Spredzy)
- Felix Fontein (@felixfontein)
+    - Yanis Guenane (@Spredzy)
+    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.module_csr
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -58,11 +70,8 @@ options:
        version_added: 1.1.0
    name_constraints_critical:
        version_added: 1.1.0
-extends_documentation_fragment:
- ansible.builtin.files
- community.crypto.module_csr
 seealso:
- module: community.crypto.openssl_csr_pipe
+    - module: community.crypto.openssl_csr_pipe
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_csr_info.py
+++ b/plugins/modules/openssl_csr_info.py
@ -24,6 +24,10 @@ requirements:
 author:
    - Felix Fontein (@felixfontein)
    - Yanis Guenane (@Spredzy)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
+    - community.crypto.name_encoding
 options:
    path:
        description:
@ -45,9 +49,6 @@ options:
        default: auto
        choices: [ auto, cryptography ]

-extends_documentation_fragment:
-    - community.crypto.name_encoding
-
 seealso:
 - module: community.crypto.openssl_csr
 - module: community.crypto.openssl_csr_pipe
--- a/plugins/modules/openssl_csr_pipe.py
+++ b/plugins/modules/openssl_csr_pipe.py
@ -19,15 +19,21 @@ description:
    - "Please note that the module regenerates an existing CSR if it does not match the module's
      options, or if it seems to be corrupt."
 author:
- Yanis Guenane (@Spredzy)
- Felix Fontein (@felixfontein)
+    - Yanis Guenane (@Spredzy)
+    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.module_csr
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
 options:
    content:
        description:
            - The existing CSR.
        type: str
-extends_documentation_fragment:
- community.crypto.module_csr
 seealso:
 - module: community.crypto.openssl_csr
 '''
--- a/plugins/modules/openssl_dhparam.py
+++ b/plugins/modules/openssl_dhparam.py
@ -27,6 +27,17 @@ requirements:
    - Or OpenSSL binary C(openssl)
 author:
    - Thom Wiggers (@thomwiggers)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: none
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -72,16 +83,12 @@ options:
        type: bool
        default: false
        version_added: "1.0.0"
-notes:
- Supports C(check_mode).
-extends_documentation_fragment:
- files
 seealso:
- module: community.crypto.x509_certificate
- module: community.crypto.openssl_csr
- module: community.crypto.openssl_pkcs12
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_publickey
+    - module: community.crypto.x509_certificate
+    - module: community.crypto.openssl_csr
+    - module: community.crypto.openssl_pkcs12
+    - module: community.crypto.openssl_privatekey
+    - module: community.crypto.openssl_publickey
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_pkcs12.py
+++ b/plugins/modules/openssl_pkcs12.py
@ -25,6 +25,17 @@ description:
    # and will be removed in community.crypto (x+1).0.0.
 requirements:
    - PyOpenSSL >= 0.15 or cryptography >= 3.0
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: none
+    safe_file_operations:
+        support: full
 options:
    action:
        description:
@ -154,14 +165,12 @@ options:
        default: auto
        choices: [ auto, cryptography, pyopenssl ]
        version_added: 1.7.0
-extends_documentation_fragment:
-    - files
 seealso:
- module: community.crypto.x509_certificate
- module: community.crypto.openssl_csr
- module: community.crypto.openssl_dhparam
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_publickey
+    - module: community.crypto.x509_certificate
+    - module: community.crypto.openssl_csr
+    - module: community.crypto.openssl_dhparam
+    - module: community.crypto.openssl_privatekey
+    - module: community.crypto.openssl_publickey
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_privatekey.py
+++ b/plugins/modules/openssl_privatekey.py
@ -19,6 +19,18 @@ description:
 author:
    - Yanis Guenane (@Spredzy)
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.module_privatekey
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -59,12 +71,9 @@ options:
        version_added: '1.0.0'
    regenerate:
        version_added: '1.0.0'
-extends_documentation_fragment:
- ansible.builtin.files
- community.crypto.module_privatekey
 seealso:
- module: community.crypto.openssl_privatekey_pipe
- module: community.crypto.openssl_privatekey_info
+    - module: community.crypto.openssl_privatekey_pipe
+    - module: community.crypto.openssl_privatekey_info
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_privatekey_convert.py
+++ b/plugins/modules/openssl_privatekey_convert.py
@ -19,6 +19,18 @@ description:
    - The default mode for the private key file will be C(0600) if I(mode) is not explicitly set.
 author:
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.module_privatekey_convert
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: none
+    safe_file_operations:
+        support: full
 options:
    dest_path:
        description:
@ -32,9 +44,6 @@ options:
              the original private key back if you overwrote it with a new one by accident.
        type: bool
        default: false
-extends_documentation_fragment:
-    - ansible.builtin.files
-    - community.crypto.module_privatekey_convert
 seealso: []
 '''

--- a/plugins/modules/openssl_privatekey_info.py
+++ b/plugins/modules/openssl_privatekey_info.py
@ -26,6 +26,9 @@ requirements:
 author:
    - Felix Fontein (@felixfontein)
    - Yanis Guenane (@Spredzy)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
 options:
    path:
        description:
@ -70,12 +73,9 @@ options:
        default: auto
        choices: [ auto, cryptography ]

-notes:
- Supports C(check_mode).
-
 seealso:
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_privatekey_pipe
+    - module: community.crypto.openssl_privatekey
+    - module: community.crypto.openssl_privatekey_pipe
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_privatekey_pipe.py
+++ b/plugins/modules/openssl_privatekey_pipe.py
@ -23,6 +23,21 @@ description:
 author:
    - Yanis Guenane (@Spredzy)
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.flow
+    - community.crypto.module_privatekey
+attributes:
+    action:
+        support: full
+    async:
+        support: none
+        details:
+            - This action runs completely on the controller.
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
 options:
    content:
        description:
@ -42,11 +57,9 @@ options:
              current key (if it was provided) and Ansible will replace it by C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER).
        type: bool
        default: false
-extends_documentation_fragment:
- community.crypto.module_privatekey
 seealso:
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_privatekey_info
+    - module: community.crypto.openssl_privatekey
+    - module: community.crypto.openssl_privatekey_info
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_publickey.py
+++ b/plugins/modules/openssl_publickey.py
@ -23,6 +23,17 @@ requirements:
 author:
    - Yanis Guenane (@Spredzy)
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -83,17 +94,15 @@ options:
        type: bool
        default: false
        version_added: '1.0.0'
-extends_documentation_fragment:
- files
 seealso:
- module: community.crypto.x509_certificate
- module: community.crypto.x509_certificate_pipe
- module: community.crypto.openssl_csr
- module: community.crypto.openssl_csr_pipe
- module: community.crypto.openssl_dhparam
- module: community.crypto.openssl_pkcs12
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_privatekey_pipe
+    - module: community.crypto.x509_certificate
+    - module: community.crypto.x509_certificate_pipe
+    - module: community.crypto.openssl_csr
+    - module: community.crypto.openssl_csr_pipe
+    - module: community.crypto.openssl_dhparam
+    - module: community.crypto.openssl_pkcs12
+    - module: community.crypto.openssl_privatekey
+    - module: community.crypto.openssl_privatekey_pipe
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_publickey_info.py
+++ b/plugins/modules/openssl_publickey_info.py
@ -21,6 +21,9 @@ requirements:
    - cryptography >= 1.2.3
 author:
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
 options:
    path:
        description:
@ -41,12 +44,9 @@ options:
        default: auto
        choices: [ auto, cryptography ]

-notes:
- Supports C(check_mode).
-
 seealso:
- module: community.crypto.openssl_publickey
- module: community.crypto.openssl_privatekey_info
+    - module: community.crypto.openssl_publickey
+    - module: community.crypto.openssl_privatekey_info
 '''

 EXAMPLES = r'''
--- a/plugins/modules/openssl_signature.py
+++ b/plugins/modules/openssl_signature.py
@ -22,6 +22,15 @@ requirements:
 author:
    - Patrick Pichler (@aveexy)
    - Markus Teufelberger (@MarkusTeufelberger)
+extends_documentation_fragment:
+    - community.crypto.attributes
+attributes:
+    check_mode:
+        support: full
+        details:
+            - This action does not modify state.
+    diff_mode:
+        support: none
 options:
    privatekey_path:
        description:
--- a/plugins/modules/openssl_signature_info.py
+++ b/plugins/modules/openssl_signature_info.py
@ -22,6 +22,9 @@ requirements:
 author:
    - Patrick Pichler (@aveexy)
    - Markus Teufelberger (@MarkusTeufelberger)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
 options:
    path:
        description:
@ -57,7 +60,6 @@ notes:
      RSA keys: C(cryptography) >= 1.4
      DSA and ECDSA keys: C(cryptography) >= 1.5
      ed448 and ed25519 keys: C(cryptography) >= 2.6
-    - Supports C(check_mode).
 seealso:
    - module: community.crypto.openssl_signature
    - module: community.crypto.x509_certificate
--- a/plugins/modules/x509_certificate.py
+++ b/plugins/modules/x509_certificate.py
@ -31,6 +31,22 @@ description:
 author:
    - Yanis Guenane (@Spredzy)
    - Markus Teufelberger (@MarkusTeufelberger)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.module_certificate
+    - community.crypto.module_certificate.backend_acme_documentation
+    - community.crypto.module_certificate.backend_entrust_documentation
+    - community.crypto.module_certificate.backend_ownca_documentation
+    - community.crypto.module_certificate.backend_selfsigned_documentation
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -82,19 +98,8 @@ options:
    ownca_privatekey_content:
        version_added: '1.0.0'

-notes:
- Supports C(check_mode).
-
 seealso:
- module: community.crypto.x509_certificate_pipe
-
-extends_documentation_fragment:
-    - ansible.builtin.files
-    - community.crypto.module_certificate
-    - community.crypto.module_certificate.backend_acme_documentation
-    - community.crypto.module_certificate.backend_entrust_documentation
-    - community.crypto.module_certificate.backend_ownca_documentation
-    - community.crypto.module_certificate.backend_selfsigned_documentation
+    - module: community.crypto.x509_certificate_pipe
 '''

 EXAMPLES = r'''
--- a/plugins/modules/x509_certificate_info.py
+++ b/plugins/modules/x509_certificate_info.py
@ -31,6 +31,10 @@ author:
    - Felix Fontein (@felixfontein)
    - Yanis Guenane (@Spredzy)
    - Markus Teufelberger (@MarkusTeufelberger)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
+    - community.crypto.name_encoding
 options:
    path:
        description:
@ -63,16 +67,12 @@ options:
        default: auto
        choices: [ auto, cryptography ]

-extends_documentation_fragment:
-    - community.crypto.name_encoding
-
 notes:
    - All timestamp values are provided in ASN.1 TIME format, in other words, following the C(YYYYMMDDHHMMSSZ) pattern.
      They are all in UTC.
-    - Supports C(check_mode).
 seealso:
- module: community.crypto.x509_certificate
- module: community.crypto.x509_certificate_pipe
+    - module: community.crypto.x509_certificate
+    - module: community.crypto.x509_certificate_pipe
 '''

 EXAMPLES = r'''
--- a/plugins/modules/x509_certificate_pipe.py
+++ b/plugins/modules/x509_certificate_pipe.py
@ -26,6 +26,17 @@ author:
    - Yanis Guenane (@Spredzy)
    - Markus Teufelberger (@MarkusTeufelberger)
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.module_certificate
+    - community.crypto.module_certificate.backend_entrust_documentation
+    - community.crypto.module_certificate.backend_ownca_documentation
+    - community.crypto.module_certificate.backend_selfsigned_documentation
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
 options:
    provider:
        description:
@ -42,16 +53,7 @@ options:
        type: str

 seealso:
- module: community.crypto.x509_certificate
-
-notes:
- Supports C(check_mode).
-
-extends_documentation_fragment:
-    - community.crypto.module_certificate
-    - community.crypto.module_certificate.backend_entrust_documentation
-    - community.crypto.module_certificate.backend_ownca_documentation
-    - community.crypto.module_certificate.backend_selfsigned_documentation
+    - module: community.crypto.x509_certificate
 '''

 EXAMPLES = r'''
--- a/plugins/modules/x509_crl.py
+++ b/plugins/modules/x509_crl.py
@ -22,6 +22,18 @@ requirements:
    - cryptography >= 1.2
 author:
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - ansible.builtin.files
+    - community.crypto.attributes
+    - community.crypto.attributes.files
+    - community.crypto.name_encoding
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: full
+    safe_file_operations:
+        support: full
 options:
    state:
        description:
@ -241,14 +253,9 @@ options:
        type: bool
        default: false

-extends_documentation_fragment:
-    - files
-    - community.crypto.name_encoding
-
 notes:
    - All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.
    - Date specified should be UTC. Minutes and seconds are mandatory.
-    - Supports C(check_mode).
 '''

 EXAMPLES = r'''
--- a/plugins/modules/x509_crl_info.py
+++ b/plugins/modules/x509_crl_info.py
@ -20,6 +20,10 @@ requirements:
    - cryptography >= 1.2
 author:
    - Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+    - community.crypto.attributes
+    - community.crypto.attributes.info_module
+    - community.crypto.name_encoding
 options:
    path:
        description:
@ -41,13 +45,9 @@ options:
        default: true
        version_added: 1.7.0

-extends_documentation_fragment:
-    - community.crypto.name_encoding
-
 notes:
    - All timestamp values are provided in ASN.1 TIME format, in other words, following the C(YYYYMMDDHHMMSSZ) pattern.
      They are all in UTC.
-    - Supports C(check_mode).
 seealso:
    - module: community.crypto.x509_crl
 '''