Add basic auth to subscription management API (#16103)

Allow users to do subscription management using Red Hat username and password. In basic auth case, the candlepin API at subscriptions.rhsm.redhat.com will be used instead of console.redhat.com. Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2026-02-14 17:50:02 -03:30 · 2025-10-02 01:06:47 -04:00
parent 6db08bfa4e
commit 2729076f7f
7 changed files with 569 additions and 75 deletions
--- a/awx_collection/plugins/modules/subscriptions.py
+++ b/awx_collection/plugins/modules/subscriptions.py
@@ -19,18 +19,27 @@ short_description: Get subscription list
 description:
    - Get subscriptions available to Automation Platform Controller. See
      U(https://www.ansible.com/tower) for an overview.
+    - The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions
 options:
+    username:
+      description:
+        - Red Hat username to get available subscriptions.
+      required: False
+      type: str
+    password:
+      description:
+        - Red Hat password to get available subscriptions.
+      required: False
+      type: str
    client_id:
      description:
-        - Red Hat service account client ID or Red Hat Satellite username to get available subscriptions.
-        - The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions
-      required: True
+        - Red Hat service account client ID to get available subscriptions.
+      required: False
      type: str
    client_secret:
      description:
-        - Red Hat service account client secret or Red Hat Satellite password to get available subscriptions.
-        - The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions
-      required: True
+        - Red Hat service account client secret to get available subscriptions.
+      required: False
      type: str
    filters:
      description:
@@ -72,19 +81,41 @@ def main():

    module = ControllerAPIModule(
        argument_spec=dict(
-            client_id=dict(type='str', required=True),
-            client_secret=dict(type='str', no_log=True, required=True),
+            username=dict(type='str', required=False),
+            password=dict(type='str', no_log=True, required=False),
+            client_id=dict(type='str', required=False),
+            client_secret=dict(type='str', no_log=True, required=False),
            filters=dict(type='dict', required=False, default={}),
        ),
+        mutually_exclusive=[
+            ['username', 'client_id']
+        ],
+        required_together=[
+            ['username', 'password'],
+            ['client_id', 'client_secret']
+        ],
+        required_one_of=[
+            ['username', 'client_id']
+        ],
    )

    json_output = {'changed': False}
+    username = module.params.get('username')
+    password = module.params.get('password')
+    client_id = module.params.get('client_id')
+    client_secret = module.params.get('client_secret')
+
+    if username and password:
+        post_data = {
+            'subscriptions_username': username,
+            'subscriptions_password': password,
+        }
+    else:
+        post_data = {
+            'subscriptions_client_id': client_id,
+            'subscriptions_client_secret': client_secret,
+        }

-    # Check if Tower is already licensed
-    post_data = {
-        'subscriptions_client_secret': module.params.get('client_secret'),
-        'subscriptions_client_id': module.params.get('client_id'),
-    }
    all_subscriptions = module.post_endpoint('config/subscriptions', data=post_data)['json']
    json_output['subscriptions'] = []
    for subscription in all_subscriptions: