diff --git a/plugins/doc_fragments/attributes.py b/plugins/doc_fragments/attributes.py index d55c51b..0ed8c7d 100644 --- a/plugins/doc_fragments/attributes.py +++ b/plugins/doc_fragments/attributes.py @@ -24,14 +24,14 @@ class ModuleDocFragment(object): INFO_MODULE = r''' options: {} attributes: - check_mode: - support: full - details: - - This action does not modify state. - diff_mode: - support: N/A - details: - - This action does not modify state. + check_mode: + support: full + details: + - This action does not modify state. + diff_mode: + support: N/A + details: + - This action does not modify state. ''' FACTS = r""" @@ -45,16 +45,16 @@ class ModuleDocFragment(object): FACTS_MODULE = r''' options: {} attributes: - check_mode: - support: full - details: - - This action does not modify state. - diff_mode: - support: N/A - details: - - This action does not modify state. - facts: - support: full + check_mode: + support: full + details: + - This action does not modify state. + diff_mode: + support: N/A + details: + - This action does not modify state. + facts: + support: full ''' FILES = r""" diff --git a/plugins/doc_fragments/sops.py b/plugins/doc_fragments/sops.py index 3e5176c..5680b35 100644 --- a/plugins/doc_fragments/sops.py +++ b/plugins/doc_fragments/sops.py @@ -84,217 +84,217 @@ class ModuleDocFragment(object): ANSIBLE_VARIABLES = r''' options: - sops_binary: - vars: - - name: sops_binary - age_key: - vars: - - name: sops_age_key - age_keyfile: - vars: - - name: sops_age_keyfile - aws_profile: - vars: - - name: sops_aws_profile - aws_access_key_id: - vars: - - name: sops_aws_access_key_id - aws_secret_access_key: - vars: - - name: sops_aws_secret_access_key - aws_session_token: - vars: - - name: sops_session_token - - name: sops_aws_session_token - version_added: 1.2.0 - config_path: - vars: - - name: sops_config_path - enable_local_keyservice: - vars: - - name: sops_enable_local_keyservice - keyservice: - vars: - - name: sops_keyservice + sops_binary: + vars: + - name: sops_binary + age_key: + vars: + - name: sops_age_key + age_keyfile: + vars: + - name: sops_age_keyfile + aws_profile: + vars: + - name: sops_aws_profile + aws_access_key_id: + vars: + - name: sops_aws_access_key_id + aws_secret_access_key: + vars: + - name: sops_aws_secret_access_key + aws_session_token: + vars: + - name: sops_session_token + - name: sops_aws_session_token + version_added: 1.2.0 + config_path: + vars: + - name: sops_config_path + enable_local_keyservice: + vars: + - name: sops_enable_local_keyservice + keyservice: + vars: + - name: sops_keyservice ''' ANSIBLE_ENV = r''' options: - sops_binary: - env: - - name: ANSIBLE_SOPS_BINARY - version_added: 1.2.0 - age_key: - env: - - name: ANSIBLE_SOPS_AGE_KEY - age_keyfile: - env: - - name: ANSIBLE_SOPS_AGE_KEYFILE - aws_profile: - env: - - name: ANSIBLE_SOPS_AWS_PROFILE - version_added: 1.2.0 - aws_access_key_id: - env: - - name: ANSIBLE_SOPS_AWS_ACCESS_KEY_ID - version_added: 1.2.0 - aws_secret_access_key: - env: - - name: ANSIBLE_SOPS_AWS_SECRET_ACCESS_KEY - version_added: 1.2.0 - aws_session_token: - env: - - name: ANSIBLE_SOPS_AWS_SESSION_TOKEN - version_added: 1.2.0 - config_path: - env: - - name: ANSIBLE_SOPS_CONFIG_PATH - version_added: 1.2.0 - enable_local_keyservice: - env: - - name: ANSIBLE_SOPS_ENABLE_LOCAL_KEYSERVICE - version_added: 1.2.0 - keyservice: - env: - - name: ANSIBLE_SOPS_KEYSERVICE - version_added: 1.2.0 + sops_binary: + env: + - name: ANSIBLE_SOPS_BINARY + version_added: 1.2.0 + age_key: + env: + - name: ANSIBLE_SOPS_AGE_KEY + age_keyfile: + env: + - name: ANSIBLE_SOPS_AGE_KEYFILE + aws_profile: + env: + - name: ANSIBLE_SOPS_AWS_PROFILE + version_added: 1.2.0 + aws_access_key_id: + env: + - name: ANSIBLE_SOPS_AWS_ACCESS_KEY_ID + version_added: 1.2.0 + aws_secret_access_key: + env: + - name: ANSIBLE_SOPS_AWS_SECRET_ACCESS_KEY + version_added: 1.2.0 + aws_session_token: + env: + - name: ANSIBLE_SOPS_AWS_SESSION_TOKEN + version_added: 1.2.0 + config_path: + env: + - name: ANSIBLE_SOPS_CONFIG_PATH + version_added: 1.2.0 + enable_local_keyservice: + env: + - name: ANSIBLE_SOPS_ENABLE_LOCAL_KEYSERVICE + version_added: 1.2.0 + keyservice: + env: + - name: ANSIBLE_SOPS_KEYSERVICE + version_added: 1.2.0 ''' ANSIBLE_INI = r''' options: - sops_binary: - ini: - - section: community.sops - key: binary - version_added: 1.2.0 - # We do not provide an INI key for - # age_key - # to make sure that secrets cannot be provided in ansible.ini. Use environment variables or another mechanism for that. - age_keyfile: - ini: - - section: community.sops - key: age_keyfile - aws_profile: - ini: - - section: community.sops - key: aws_profile - version_added: 1.2.0 - aws_access_key_id: - ini: - - section: community.sops - key: aws_access_key_id - version_added: 1.2.0 - # We do not provide an INI key for - # aws_secret_access_key - # to make sure that secrets cannot be provided in ansible.ini. Use environment variables or another mechanism for that. - aws_session_token: - ini: - - section: community.sops - key: aws_session_token - version_added: 1.2.0 - config_path: - ini: - - section: community.sops - key: config_path - version_added: 1.2.0 - enable_local_keyservice: - ini: - - section: community.sops - key: enable_local_keyservice - version_added: 1.2.0 - keyservice: - ini: - - section: community.sops - key: keyservice - version_added: 1.2.0 + sops_binary: + ini: + - section: community.sops + key: binary + version_added: 1.2.0 + # We do not provide an INI key for + # age_key + # to make sure that secrets cannot be provided in ansible.ini. Use environment variables or another mechanism for that. + age_keyfile: + ini: + - section: community.sops + key: age_keyfile + aws_profile: + ini: + - section: community.sops + key: aws_profile + version_added: 1.2.0 + aws_access_key_id: + ini: + - section: community.sops + key: aws_access_key_id + version_added: 1.2.0 + # We do not provide an INI key for + # aws_secret_access_key + # to make sure that secrets cannot be provided in ansible.ini. Use environment variables or another mechanism for that. + aws_session_token: + ini: + - section: community.sops + key: aws_session_token + version_added: 1.2.0 + config_path: + ini: + - section: community.sops + key: config_path + version_added: 1.2.0 + enable_local_keyservice: + ini: + - section: community.sops + key: enable_local_keyservice + version_added: 1.2.0 + keyservice: + ini: + - section: community.sops + key: keyservice + version_added: 1.2.0 ''' ENCRYPT_SPECIFIC = r''' options: - age: - description: - - Age fingerprints to use. - - This corresponds to the SOPS C(--age) option. - type: list - elements: str - version_added: 1.4.0 - kms: - description: - - List of KMS ARNs to use. - - This corresponds to the SOPS C(--kms) option. - type: list - elements: str - version_added: 1.0.0 - gcp_kms: - description: - - GCP KMS resource IDs to use. - - This corresponds to the SOPS C(--gcp-kms) option. - type: list - elements: str - version_added: 1.0.0 - azure_kv: - description: - - Azure Key Vault URLs to use. - - This corresponds to the SOPS C(--azure-kv) option. - type: list - elements: str - version_added: 1.0.0 - hc_vault_transit: - description: - - HashiCorp Vault key URIs to use. - - For example, C(https://vault.example.org:8200/v1/transit/keys/dev). - - This corresponds to the SOPS C(--hc-vault-transit) option. - type: list - elements: str - version_added: 1.0.0 - pgp: - description: - - PGP fingerprints to use. - - This corresponds to the SOPS C(--pgp) option. - type: list - elements: str - version_added: 1.0.0 - unencrypted_suffix: - description: - - Override the unencrypted key suffix. - - This corresponds to the SOPS C(--unencrypted-suffix) option. - type: str - version_added: 1.0.0 - encrypted_suffix: - description: - - Override the encrypted key suffix. - - When set to an empty string, all keys will be encrypted that are not explicitly - marked by O(unencrypted_suffix). - - This corresponds to the SOPS C(--encrypted-suffix) option. - type: str - version_added: 1.0.0 - unencrypted_regex: - description: - - Set the unencrypted key suffix. - - When specified, only keys matching the regular expression will be left unencrypted. - - This corresponds to the SOPS C(--unencrypted-regex) option. - type: str - version_added: 1.0.0 - encrypted_regex: - description: - - Set the encrypted key suffix. - - When specified, only keys matching the regular expression will be encrypted. - - This corresponds to the SOPS C(--encrypted-regex) option. - type: str - version_added: 1.0.0 - encryption_context: - description: - - List of KMS encryption context pairs of format C(key:value). - - This corresponds to the SOPS C(--encryption-context) option. - type: list - elements: str - version_added: 1.0.0 - shamir_secret_sharing_threshold: - description: - - The number of distinct keys required to retrieve the data key with - L(Shamir's Secret Sharing, https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). - - If not set here and in the SOPS config file, will default to V(0). - - This corresponds to the SOPS C(--shamir-secret-sharing-threshold) option. - type: int - version_added: 1.0.0 + age: + description: + - Age fingerprints to use. + - This corresponds to the SOPS C(--age) option. + type: list + elements: str + version_added: 1.4.0 + kms: + description: + - List of KMS ARNs to use. + - This corresponds to the SOPS C(--kms) option. + type: list + elements: str + version_added: 1.0.0 + gcp_kms: + description: + - GCP KMS resource IDs to use. + - This corresponds to the SOPS C(--gcp-kms) option. + type: list + elements: str + version_added: 1.0.0 + azure_kv: + description: + - Azure Key Vault URLs to use. + - This corresponds to the SOPS C(--azure-kv) option. + type: list + elements: str + version_added: 1.0.0 + hc_vault_transit: + description: + - HashiCorp Vault key URIs to use. + - For example, C(https://vault.example.org:8200/v1/transit/keys/dev). + - This corresponds to the SOPS C(--hc-vault-transit) option. + type: list + elements: str + version_added: 1.0.0 + pgp: + description: + - PGP fingerprints to use. + - This corresponds to the SOPS C(--pgp) option. + type: list + elements: str + version_added: 1.0.0 + unencrypted_suffix: + description: + - Override the unencrypted key suffix. + - This corresponds to the SOPS C(--unencrypted-suffix) option. + type: str + version_added: 1.0.0 + encrypted_suffix: + description: + - Override the encrypted key suffix. + - When set to an empty string, all keys will be encrypted that are not explicitly + marked by O(unencrypted_suffix). + - This corresponds to the SOPS C(--encrypted-suffix) option. + type: str + version_added: 1.0.0 + unencrypted_regex: + description: + - Set the unencrypted key suffix. + - When specified, only keys matching the regular expression will be left unencrypted. + - This corresponds to the SOPS C(--unencrypted-regex) option. + type: str + version_added: 1.0.0 + encrypted_regex: + description: + - Set the encrypted key suffix. + - When specified, only keys matching the regular expression will be encrypted. + - This corresponds to the SOPS C(--encrypted-regex) option. + type: str + version_added: 1.0.0 + encryption_context: + description: + - List of KMS encryption context pairs of format C(key:value). + - This corresponds to the SOPS C(--encryption-context) option. + type: list + elements: str + version_added: 1.0.0 + shamir_secret_sharing_threshold: + description: + - The number of distinct keys required to retrieve the data key with + L(Shamir's Secret Sharing, https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). + - If not set here and in the SOPS config file, will default to V(0). + - This corresponds to the SOPS C(--shamir-secret-sharing-threshold) option. + type: int + version_added: 1.0.0 '''