Revert "feat: allow EDA credential fields to link to external Secret … (#1352)

This reverts commit 09db042 -
#1349

Requested by productization, it needs to wait until have packages for
awx-plugins

<!-- Mandatory: Provide a clear, concise description of the changes and
their purpose -->
<!-- If applicable, provide a link to the issue that is being addressed
-->

<!-- What is being changed? -->
<!-- Why is this change needed? -->
<!-- How does this change address the issue? -->
<!-- Does this change introduce any new dependencies, blockers or
breaking changes? -->
<!-- How it can be tested? -->

Author: Alex-Izquierdo

poetry.lock

@@ -71,18 +71,6 @@ django-flags = "^5.0.13"
 insights-analytics-collector = "^0.3.2"
 distro = "^1.9.0"
 dispatcherd = { version = "v2025.05.19", extras = ["pg_notify"] }
-awx-plugins-core = { version = "^0.0.1a10", extras = [
-                              "credentials-aim",
-                              "credentials-aws-secretsmanager-credential",
-                              "credentials-azure-kv",
-                              "credentials-centrify-vault-kv",
-                              "credentials-conjur",
-                              "credentials-github-app",
-                              "credentials-hashivault-kv",
-                              "credentials-hashivault-ssh",
-                              "credentials-thycotic-dsv",
-                              "credentials-thycotic-tss"
-                    ]}
 
 
 [tool.poetry.group.test.dependencies]

poetry.toml

@@ -26,7 +26,7 @@
 from aap_eda.conf import application_settings
 from aap_eda.conf.registry import ANALYTICS_GATHER_INTERVAL
 from aap_eda.core import enums, models
-from aap_eda.core.utils.credentials import get_resolved_secrets
+from aap_eda.core.utils.credentials import inputs_from_store
 
 logger = logging.getLogger("aap_eda.analytics")
 
@@ -225,7 +225,7 @@ def generate_token() -> ServiceToken:
 def _get_credential_value(field: str, *setting_envs: Tuple[Any, str]) -> str:
     credentials = _get_analytics_credentials()
     for credential in credentials:
-        inputs = get_resolved_secrets(credential)
+        inputs = inputs_from_store(credential.inputs.get_secret_value())
         if value := inputs.get(field):
             return value
 
@@ -314,7 +314,7 @@ def get_analytics_interval() -> int:
 def get_analytics_interval_if_exist(credential: models.EdaCredential) -> int:
     if credential.credential_type.kind != get_auth_mode():
         return 0
-    inputs = get_resolved_secrets(credential)
+    inputs = inputs_from_store(credential.inputs.get_secret_value())
     return inputs.get("gather_interval", 0)
 
 

pyproject.toml

@@ -118,10 +118,3 @@ class InvalidEventStreamSource(APIException):
         "Configuration Error: Event Stream source could not be "
         "updated in ruleset"
     )
-
-
-class ExternalSMSError(APIException):
-    status_code = status.HTTP_503_SERVICE_UNAVAILABLE
-    default_detail = (
-        "External SMS Error: not able to fetch secrets from external SMS"
-    )

src/aap_eda/analytics/utils.py

@@ -17,7 +17,6 @@
     ActivationInstanceFilter,
     ActivationInstanceLogFilter,
 )
-from .credential_input_source import CredentialInputSourceFilter
 from .credential_type import CredentialTypeFilter
 from .decision_environment import DecisionEnvironmentFilter
 from .eda_credential import EdaCredentialFilter
@@ -36,7 +35,6 @@
     # credential type
     "CredentialTypeFilter",
     "EdaCredentialFilter",
-    "CredentialInputSourceFilter",
     # decision_environment
     "DecisionEnvironmentFilter",
     # activation instance

src/aap_eda/api/exceptions.py

@@ -25,18 +25,10 @@
 )
 from .auth import JWTTokenSerializer, LoginSerializer, RefreshTokenSerializer
 from .config import ConfigSerializer
-from .credential_input_source import (
-    CredentialInputSourceCreateSerializer,
-    CredentialInputSourceReferenceSerializer,
-    CredentialInputSourceRefSerializer,
-    CredentialInputSourceSerializer,
-    CredentialInputSourceUpdateSerializer,
-)
 from .credential_type import (
     CredentialTypeCreateSerializer,
     CredentialTypeRefSerializer,
     CredentialTypeSerializer,
-    CredentialTypeTestSerializer,
 )
 from .decision_environment import (
     DecisionEnvironmentCreateSerializer,
@@ -48,7 +40,6 @@
     EdaCredentialCopySerializer,
     EdaCredentialCreateSerializer,
     EdaCredentialSerializer,
-    EdaCredentialTestSerializer,
     EdaCredentialUpdateSerializer,
 )
 from .event_stream import EventStreamInSerializer, EventStreamOutSerializer

src/aap_eda/api/filters/__init__.py

@@ -27,7 +27,7 @@
     EDA_SERVER_VAULT_LABEL,
     SOURCE_MAPPING_ERROR_KEY,
 )
-from aap_eda.api.exceptions import ExternalSMSError, InvalidEventStreamSource
+from aap_eda.api.exceptions import InvalidEventStreamSource
 from aap_eda.api.serializers.decision_environment import (
     DecisionEnvironmentRefSerializer,
 )
@@ -46,11 +46,8 @@
 from aap_eda.api.vault import encrypt_string
 from aap_eda.core import models, validators
 from aap_eda.core.enums import DefaultCredentialType, ProcessParentType
-from aap_eda.core.exceptions import CredentialPluginError, ParseError
-from aap_eda.core.utils.credentials import (
-    get_resolved_secrets,
-    get_secret_fields,
-)
+from aap_eda.core.exceptions import ParseError
+from aap_eda.core.utils.credentials import get_secret_fields
 from aap_eda.core.utils.k8s_service_name import create_k8s_service_name
 from aap_eda.core.utils.rulebook import (
     build_source_list,
@@ -150,10 +147,8 @@ def _update_extra_vars_from_eda_credentials(
         schema_inputs = eda_credential.credential_type.inputs
         injectors = eda_credential.credential_type.injectors
         secret_fields = get_secret_fields(schema_inputs)
-        try:
-            user_inputs = get_resolved_secrets(eda_credential)
-        except CredentialPluginError as err:
-            raise ExternalSMSError(str(err))
+
+        user_inputs = yaml.safe_load(eda_credential.inputs.get_secret_value())
 
         if creating and any(key in user_inputs for key in secret_fields):
             vault_data.password_used = True