Add service account support to Insights credential

Adds fields client_id and client_secret which
will result in authentication via service account
on console.redhat.com

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

awx/main/models/credential/__init__.py

@@ -1039,30 +1039,68 @@ ManagedCredentialType(
     },
 )
 
-ManagedCredentialType(
+insights = ManagedCredentialType(
     namespace='insights',
     kind='insights',
     name=gettext_noop('Insights'),
     managed=True,
     inputs={
         'fields': [
-            {'id': 'username', 'label': gettext_noop('Username'), 'type': 'string'},
+            {
-            {'id': 'password', 'label': gettext_noop('Password'), 'type': 'string', 'secret': True},
+                'id': 'username',
+                'label': gettext_noop('Username'),
+                'type': 'string',
+                'help_text': gettext_noop(
+                    'Required for basic authentication. ' 'May be blank if using client_id and client_secret',
+                ),
+            },
+            {
+                'id': 'password',
+                'label': gettext_noop('Password'),
+                'type': 'string',
+                'secret': True,
+                'help_text': gettext_noop(
+                    'Required for basic authentication. ' 'May be blank if using client_id and client_secret',
+                ),
+            },
+            {
+                'id': 'client_id',
+                'label': gettext_noop('Client ID'),
+                'type': 'string',
+                'help_text': gettext_noop(
+                    'Required for service account authentication. ' 'May be blank if using username and password',
+                ),
+            },
+            {
+                'id': 'client_secret',
+                'label': gettext_noop('Client Secret'),
+                'type': 'string',
+                'secret': True,
+                'help_text': gettext_noop(
+                    'Required for service account authentication. ' 'May be blank if using username and password',
+                ),
+            },
         ],
-        'required': ['username', 'password'],
+        'required': [],
     },
     injectors={
         'extra_vars': {
-            "scm_username": "{{username}}",
+            'scm_username': '{{username}}',
-            "scm_password": "{{password}}",
+            'scm_password': '{{password}}',
+            'client_id': '{{client_id}}',
+            'client_secret': '{{client_secret}}',
+            'authentication': '{% if client_id %}service_account{% else %}basic{% endif %}',
         },
         'env': {
             'INSIGHTS_USER': '{{username}}',
             'INSIGHTS_PASSWORD': '{{password}}',
+            'INSIGHTS_CLIENT_ID': '{{client_id}}',
+            'INSIGHTS_CLIENT_SECRET': '{{client_secret}}',
         },
     },
 )
 
+
 ManagedCredentialType(
     namespace='rhv',
     kind='cloud',

awx/main/models/inventory.py

@@ -1695,6 +1695,14 @@ class insights(PluginFileInjector):
     downstream_collection = 'insights'
     use_fqcn = True
 
+    def inventory_as_dict(self, inventory_update, private_data_dir):
+        inventory_data = super().inventory_as_dict(inventory_update, private_data_dir)
+        credential = inventory_update.get_cloud_credential()
+        if credential.get_input('client_id', default=''):
+            inventory_data['authentication'] = 'service_account'
+
+        return inventory_data
+
 
 class openshift_virtualization(PluginFileInjector):
     plugin_name = 'kubevirt'

awx/main/tests/data/inventory/plugins/insights/env.json

@@ -1,4 +1,6 @@
 {
     "INSIGHTS_USER": "fooo",
-    "INSIGHTS_PASSWORD": "fooo"
+    "INSIGHTS_PASSWORD": "fooo",
+    "INSIGHTS_CLIENT_ID": "fooo",
+    "INSIGHTS_CLIENT_SECRET": "fooo"
 }