[AAP-72722] Remove jwt_aud field from OIDC-enabled credential plugins

[dleehr]

Plugin hosts will be using the url field when requesting tokens as a more appropriate value. The jwt_aud becomes unused, so it is removed.

For https://redhat.atlassian.net/browse/AAP-72722

Related: ansible/awx#16432

Summary by CodeRabbit

• Changes
  • Removed the JWT Audience field from HashiVault OIDC credential configuration; it is no longer accepted or required for OIDC authentication.
• Tests
  • Updated unit tests to reflect the removed JWT Audience field.
  • Adjusted a test helper to align with expected Azure SDK call signature.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: a8ee1d12-4198-4d8d-8bf9-4db44aebe7ac

📥 Commits

Reviewing files that changed from the base of the PR and between 6c23498 and 3eca315.

📒 Files selected for processing (1)

• tests/azure_kv_test.py

✅ Files skipped from review due to trivial changes (1)

• tests/azure_kv_test.py

---

📝 Walkthrough

Walkthrough

This PR removes the JWT Audience field (jwt_aud) from OIDC/JWT configuration schemas for HashiVault credential plugins, deleting the field declaration and removing it from both Kv and SSH OIDC plugin input fields and their required lists.

Changes

Cohort / File(s)	Summary
OIDC Plugin Configuration src/awx_plugins/credentials/hashivault.py	Removed the jwt_audience_field declaration (id: jwt_aud) and dropped it from hashi_kv_oidc_inputs and hashi_ssh_oidc_inputs fields and required lists.
Unit Test Assertions tests/unit/credentials/hashivault_test.py	Updated test expectations to remove the jwt_aud field from the asserted inputs['fields'] for kv_oidc and ssh_oidc.
Azure KV Test shim tests/azure_kv_test.py	Adjusted fake SecretClient.get_secret signature to accept keyword-only out_content_type and broadened **kwargs typing; return behavior unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically describes the main change: removing the jwt_aud field from OIDC-enabled credential plugins, with a reference to the issue ticket.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dleehr]

I see that a 3.14 lint check and pre-commit.ci check are failing with the same issue on azure_kv_test.py, but this file was not changed by this PR and the failure is unrelated.

[yoonhyunwoo]

I see that a 3.14 lint check and pre-commit.ci check are failing with the same issue on azure_kv_test.py, but this file was not changed by this PR and the failure is unrelated.

Related:

• test(credentials): align Azure Key Vault fake client signature #183

[dleehr]

Cherry-picked acfbc83 from #183 to fix the linter error in a signed commit.