docs(gpg_secretstore): update module documentation

2024-11-10 06:24:17 +00:00 · 2022-07-12 12:15:24 +02:00 · 2022-07-12 12:15:24 +02:00 · c70755662b
commit c70755662b
parent c76e6af259
1 changed files with 63 additions and 62 deletions
--- a/plugins/modules/gpg_secretstore.py
+++ b/plugins/modules/gpg_secretstore.py
@ -28,103 +28,95 @@ requirements:
    - python >= 3.7
    - python-gnupg >= 0.4.8
 short_description: Save and retrieve secrets from pass compatible files
-description:
-    - Save and retrieve secrets from pass compatible files. Secrets can be random strings or be generated by a command.
-      Secrets in yaml or json format can be parsed as such and will return complex data
+description: >-
+    Save and retrieve secrets from pass compatible files. Secrets can be random
+    strings or be generated by a command. Secrets in yaml or json format can be
+    parsed as such and will return complex data
 options:
    password_store_path:
-        description:
-            - The path in which the password database is stored
-        required: False
+        description: The path in which the password database is stored
        type: str
        default: ~/.password-store/
    file_extension:
-        description:
-            - File extension for the encrypted files
-        required: False
+        description: File extension for the encrypted files
        type: str
        default: .gpg
    keyring:
-        description:
-            - Keyring containing all recipients public keys, and the private key(s) for decryption
-        required: False
+        description: >-
+            Keyring containing all recipients public keys, and the private
+            key(s) for decryption
        type: str
        default: pubring.kbx
    gnupg_home:
-        description:
-            - Folder containing the Keyring and other gnupg config files
-        required: False
+        description: Folder containing the Keyring and other gnupg config files
        type: str
        default: ~/.gnupg
    pass_gpg_id_file:
-        description:
-            - Filename of the file containing the recipient pub key IDs
-        required: False
+        description: Filename of the file containing the recipient pub key IDs
        type: str
        default: .gpg-id
    state:
-        description:
-            - Whether the password file should exist
-        required: True
+        description: Whether the password file should exist
        type: str
-        choices: 'present', 'absent'
+        choices: ['present', 'absent']
        default: 'present'
-    password_slug
-        description:
-            - Password slug, something like `servers/prod/some_secret`
-              used to look find the encrypted files, compatible with the unix pass utility
+    password_slug:
+        description: >-
+            Password slug, something like `servers/prod/some_secret` used to
+            look find the encrypted files, compatible with the unix pass
+            utility
        required: True
        type: str
    data_type:
-        description:
-            - Datatype of the encrypted data. If not `plain` the encrypted file will be parsed.
-              Throws an exception if it can't be parsed
-        required: False
+        description: >-
+            Datatype of the encrypted data. If not `plain` the encrypted file
+            will be parsed. Throws an exception if it can't be parsed
        type: str
-        choices: 'plain', 'yaml', 'json'
+        choices: ['plain', 'yaml', 'json']
        default: 'plain'
    secret_fact:
        description:
-            - If `secret_fact` is set and `state` is `present`, the module will set the secret return value under the contained key as an ansible fact.
-            - WARNING: If you have a persistent cache configured, the secret will be cached in plain text.
-        required: False
+            - >-
+                If `secret_fact` is set and `state` is `present`, the module
+                will set the secret return value under the contained key as an
+                ansible fact.
+            - >-
+                WARNING: If you have a persistent cache configured, the secret
+                will be cached in plain text.
        type: str
    overwrite:
-        description:
-            - Forces the regeneration of a secret
-        required: False
+        description: Forces the regeneration of a secret
        type: bool
        default: False
    secret_type:
-        description:
-            - How a new secret has to be generated
-        required: False
+        description: How a new secret has to be generated
        type: str
-        choices: 'random', 'binary', 'user_supplied'
+        choices: ['random', 'binary', 'user_supplied']
        default: 'random'
    secret_binary:
        description:
-            - If `secret_type` is binary, the supplied command is executed and STDOUT is used as the secret.
-            - If the binary generates yaml or json, set the `data_type` accordingly
-        required=False
+            - >-
+                If `secret_type` is binary, the supplied command is executed
+                and STDOUT is used as the secret.
+            - >-
+                If the binary generates yaml or json, set the `data_type`
+                accordingly
        type: str
    secret_length:
-        description:
-            - If `secret_type` is random, this defines how many characters the new secret has.
-        required: False
+        description: >-
+            If `secret_type` is random, this defines how many characters the
+            new secret has.
        type: int
        default: 20
    secret_pattern:
-        description:
-            - If `secret_type` is random, this defines the characters used in the random string with regex
-              You may just leave it as is
-        required: False
+        description: >-
+            If `secret_type` is random, this defines the characters used in
+            the random string with regex. You may just leave it as is.
        type: str
        default: "([A-Za-z0-9])"
    user_supplied_secret:
-        description:
-            - If `secret_type` is user_supplied, this value defines the secret
-        required: False
+        description: >-
+            If `secret_type` is user_supplied, this value defines the secret
        type: str
 """

@ -163,26 +155,35 @@ EXAMPLES = r"""

 RETURN = r"""
 secret:
-    description: Decrypted Secret, either loaded from the database (if OK) or newly generated (if CHANGED)
-    type: str / list / dict
-action:
-    description: Gives information on what the operation:
-                 add:    Secret was __not__ found in the database and is therefore generated and added
-                 update: Secret was found in the database and was updated
+    description: >-
+      Decrypted Secret, either loaded from the database (if OK) or newly generated
+      (if CHANGED). If data type is json or yaml, this might not actually be a string,
+      but ansible doesn't have a way to specify this in the RETURN spec.
    type: str
-    choices: add / update
+    returned: always
+action:
+    description: >-
+      Gives information on what the operation:
+      `add`: Secret was __not__ found in the database and is therefore generated and added.
+      `update`: Secret was found in the database and was updated
+    type: str
+    returned: changed
 password_slug:
    description: Returns the password slug
    type: str
+    returned: always
 diff:
    description: List of the old and current gpg recipients key-ids
-    type: diff
+    type: dict
+    returned: changed
 message:
    description: Human-readable information about the (completed) task
    type: str
+    returned: changed
 warning:
    description: Human-readable warnings that accrued during the task
    type: str
+    returned: failed or successful but with warnings
 """

 import hashlib