feat: allow EDA credential fields to link to external Secret Management Systems (SMS)

[mkanoor]

AAP allows text fields in a Credential to be connected to an external Secret Management System like Hashicorp Vault.
EDA was lacking this feature, this fix tries to address that by providing

• Test External SMS for connectivity and existence of secrets
• Optionally link text fields to External SMS
• Uses the awx-plugins-core to manage the connections to external SMS

New API end points added

• /api/eda/v1/credential-types/nnn/test/ (POST)
• /api/eda/v1/eda-credentials/nnn/test/ (POST)
• /api/eda/v1/eda-credentials/nnn/input_sources/ (GET)
• /api/eda/v1/credential_input_sources/ (CRUD)

The awx-plugins-core supports 9 different external systems, for parity we have added the schema for all 9 of them

1. CyberArk Central Credential Provider Lookup
2. AWS Secrets Manager lookup
3. Microsoft Azure Key Vault
4. Centrify Vault Credential Provider Lookup
5. CyberArk Conjur Secrets Manager Lookup
6. HashiCorp Vault Secret Lookup
7. HashiCorp Vault Signed SSH
8. Thycotic DevOps Secrets Vault
9. Thycotic Secret Server
10. GitHub App Installation Access Token Lookup

https://issues.redhat.com/browse/AAP-46900

flowchart TD;
    A[EDA UI] -->|Create Credential| B(EDA API);
    B --> C{AWX Plugins};
    C -->|Fetch/Test| D[fa:fa-vault Hashicorp];
    C -->|Fetch/Test| E[fa:fa-vault CyberArk];
    C -->|Fetch/Text| F[fa:fa-vault Azure];

Loading

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 99.67638% with 2 lines in your changes missing coverage. Please review.

Project coverage is 94.06%. Comparing base (f82dabc) to head (6593f6f).

Files with missing lines	Patch %	Lines
src/aap_eda/core/utils/credentials.py	97.29%	1 Missing ⚠️
src/aap_eda/services/project/scm.py	50.00%	1 Missing ⚠️

@@            Coverage Diff             @@
##             main    #1349      +/-   ##
==========================================
+ Coverage   93.91%   94.06%   +0.14%     
==========================================
  Files         320      331      +11     
  Lines       18827    19413     +586     
==========================================
+ Hits        17682    18261     +579     
- Misses       1145     1152       +7     

Flag	Coverage Δ
unit-int-tests-3.11	94.06% <99.67%> (+0.20%)	⬆️
unit-int-tests-3.12	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/aap_eda/analytics/utils.py	100.00% <100.00%> (ø)
src/aap_eda/api/exceptions.py	100.00% <100.00%> (ø)
src/aap_eda/api/filters/__init__.py	100.00% <100.00%> (ø)
src/aap_eda/api/filters/credential_input_source.py	100.00% <100.00%> (ø)
src/aap_eda/api/serializers/__init__.py	100.00% <100.00%> (ø)
src/aap_eda/api/serializers/activation.py	96.20% <100.00%> (+0.02%)	⬆️
...aap_eda/api/serializers/credential_input_source.py	100.00% <100.00%> (ø)
src/aap_eda/api/serializers/credential_type.py	100.00% <100.00%> (ø)
src/aap_eda/api/serializers/eda_credential.py	99.13% <100.00%> (+0.09%)	⬆️
src/aap_eda/api/urls.py	100.00% <100.00%> (ø)
... and 32 more

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hsong-rh]

Can we move this logic into Mixin to avoid duplicates?

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mkanoor]

E2E tests pass with the new Openapi.json https://github.com/ansible/eda-qa/actions/runs/15832565070/job/44631584216