ACME: improve documentation (#44691)

* Override description for account_key_src and account_key_content to also mention private_key_*. * Convert generic OpenSSL/cryptography remark from description to note. This avoids the whole description list to be sorted alphabetically, which will be done by plugin_docs.py in case description is mentioned in both module fragment and module itself. * Moving more notes to the notes: section. * Uniformization of first paragraph. Mainly mention ACME supporting CAs, and only then mention Let's Encrypt as one of them. * Adjusting to current drafts. * Adjusting to updated drafts. * Harmonizing short module descriptions. * Referencing helper modules. * Move general Let's Encrypt remark to doc fragment. * Changing some Let's Encrypt references to more generic statements.
2025-07-22 12:50:22 -07:00 · 2018-08-26 22:46:55 +02:00 · 2018-08-26 22:46:55 +02:00 · fadf8a2d09
commit fadf8a2d09
parent 5fecf8baab
6 changed files with 86 additions and 56 deletions
--- a/lib/ansible/module_utils/acme.py
+++ b/lib/ansible/module_utils/acme.py
@ -466,7 +466,7 @@ class ACMEDirectory(object):
    and allows to obtain a Replay-Nonce. The acme_directory URL
    needs to support unauthenticated GET requests; ACME endpoints
    requiring authentication are not supported.
-    https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.1
+    https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-7.1.1
    '''

    def __init__(self, module):
@ -536,7 +536,7 @@ class ACMEAccount(object):
    def get_keyauthorization(self, token):
        '''
        Returns the key authorization for the given token
-        https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-8.1
+        https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-8.1
        '''
        accountkey_json = json.dumps(self.jwk, sort_keys=True, separators=(',', ':'))
        thumbprint = nopad_b64(hashlib.sha256(accountkey_json.encode('utf8')).digest())
@ -570,7 +570,7 @@ class ACMEAccount(object):
        '''
        Sends a JWS signed HTTP POST request to the ACME server and returns
        the response as dictionary
-        https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-6.2
+        https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-6.2
        '''
        key_data = key_data or self.key_data
        jws_header = jws_header or self.jws_header
@ -601,7 +601,7 @@ class ACMEAccount(object):
                    try:
                        result = self.module.from_json(content.decode('utf8'))
                        # In case of badNonce error, try again (up to 5 times)
-                        # (https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-6.6)
+                        # (https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-6.6)
                        if (400 <= info['status'] < 600 and
                                result.get('type') == 'urn:ietf:params:acme:error:badNonce' and
                                failed_tries <= 5):
@ -629,7 +629,7 @@ class ACMEAccount(object):
        Registers a new ACME account. Returns True if the account was
        created and False if it already existed (e.g. it was not newly
        created).
-        https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.3
+        https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-7.3
        '''
        contact = [] if contact is None else contact

@ -711,7 +711,7 @@ class ACMEAccount(object):
        will be stored in self.uri; if it is None, the account does not
        exist.

-        https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.3
+        https://tools.ietf.org/html/draft-ietf-acme-acme-14#section-7.3
        '''

        new_account = True