Update subscription API to use service accounts

Update code to pull subscriptions from console.redhat.com instead of subscription.rhsm.redhat.com Uses service account client ID and client secret instead of username/password, which is being deprecated in July 2025. Additional changes: - In awx.awx.subscriptions module, use new service account params rather than old basic auth params - Update awx.awx.license module to use subscription_id instead of pool_id. This is due to using a different API, which identifies unique subscriptions by subscriptionID instead of pool ID. Signed-off-by: Seth Foster <fosterbseth@gmail.com> Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com> Co-authored-by: Peter Braun <pbraun@redhat.com>
2026-02-25 06:56:00 -03:30 · 2025-04-30 15:44:38 -04:00
parent 000f6b0708
commit 95289ff28c
13 changed files with 199 additions and 152 deletions
--- a/awx_collection/plugins/modules/license.py
+++ b/awx_collection/plugins/modules/license.py
@@ -31,9 +31,9 @@ options:
          unlicensed or trial licensed.  When force=true, the license is always applied.
      type: bool
      default: 'False'
-    pool_id:
+    subscription_id:
      description:
-        - Red Hat or Red Hat Satellite pool_id to attach to
+        - Red Hat or Red Hat Satellite subscription_id to attach to
      required: False
      type: str
    state:
@@ -57,9 +57,9 @@ EXAMPLES = '''
    username: "my_satellite_username"
    password: "my_satellite_password"

- name: Attach to a pool (requires fetching subscriptions at least once before)
+- name: Attach to a subscription (requires fetching subscriptions at least once before)
  license:
-    pool_id: 123456
+    subscription_id: 123456

 - name: Remove license
  license:
@@ -75,14 +75,14 @@ def main():
    module = ControllerAPIModule(
        argument_spec=dict(
            manifest=dict(type='str', required=False),
-            pool_id=dict(type='str', required=False),
+            subscription_id=dict(type='str', required=False),
            force=dict(type='bool', default=False),
            state=dict(choices=['present', 'absent'], default='present'),
        ),
        required_if=[
-            ['state', 'present', ['manifest', 'pool_id'], True],
+            ['state', 'present', ['manifest', 'subscription_id'], True],
        ],
-        mutually_exclusive=[("manifest", "pool_id")],
+        mutually_exclusive=[("manifest", "subscription_id")],
    )

    json_output = {'changed': False}
@@ -124,7 +124,7 @@ def main():
        if module.params.get('manifest', None):
            module.post_endpoint('config', data={'manifest': manifest.decode()})
        else:
-            module.post_endpoint('config/attach', data={'pool_id': module.params.get('pool_id')})
+            module.post_endpoint('config/attach', data={'subscription_id': module.params.get('subscription_id')})

    module.exit_json(**json_output)

--- a/awx_collection/plugins/modules/subscriptions.py
+++ b/awx_collection/plugins/modules/subscriptions.py
@@ -20,15 +20,15 @@ description:
    - Get subscriptions available to Automation Platform Controller. See
      U(https://www.ansible.com/tower) for an overview.
 options:
-    username:
+    client_id:
      description:
-        - Red Hat or Red Hat Satellite username to get available subscriptions.
+        - Red Hat service account client ID or Red Hat Satellite username to get available subscriptions.
        - The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions
      required: True
      type: str
-    password:
+    client_secret:
      description:
-        - Red Hat or Red Hat Satellite password to get available subscriptions.
+        - Red Hat service account client secret or Red Hat Satellite password to get available subscriptions.
        - The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions
      required: True
      type: str
@@ -53,13 +53,13 @@ subscriptions:
 EXAMPLES = '''
 - name: Get subscriptions
  subscriptions:
-    username: "my_username"
-    password: "My Password"
+    client_id: "c6bd7594-d776-46e5-8156-6d17af147479"
+    client_secret: "MO9QUvoOZ5fc5JQKXoTch1AsTLI7nFsZ"

 - name: Get subscriptions with a filter
  subscriptions:
-    username: "my_username"
-    password: "My Password"
+    client_id: "c6bd7594-d776-46e5-8156-6d17af147479"
+    client_secret: "MO9QUvoOZ5fc5JQKXoTch1AsTLI7nFsZ"
    filters:
      product_name: "Red Hat Ansible Automation Platform"
      support_level: "Self-Support"
@@ -72,8 +72,8 @@ def main():

    module = ControllerAPIModule(
        argument_spec=dict(
-            username=dict(type='str', required=True),
-            password=dict(type='str', no_log=True, required=True),
+            client_id=dict(type='str', required=True),
+            client_secret=dict(type='str', no_log=True, required=True),
            filters=dict(type='dict', required=False, default={}),
        ),
    )
@@ -82,8 +82,8 @@ def main():

    # Check if Tower is already licensed
    post_data = {
-        'subscriptions_password': module.params.get('password'),
-        'subscriptions_username': module.params.get('username'),
+        'subscriptions_client_secret': module.params.get('client_secret'),
+        'subscriptions_client_id': module.params.get('client_id'),
    }
    all_subscriptions = module.post_endpoint('config/subscriptions', data=post_data)['json']
    json_output['subscriptions'] = []