* Revert "AAP-58452 Add version fallback for external query files (#16309)"
This reverts commit 0f2692b504.
* AAP-58441: Add runtime integration for external query collection (#7208)
Extend build_private_data_files() to copy vendor collections from
/var/lib/awx/vendor_collections/ to the job's private_data_dir,
making external query files available to the indirect node counting
callback plugin in execution environments.
Changes:
- Copy vendor_collections to private_data_dir during job preparation
- Add vendor_collections path to ANSIBLE_COLLECTIONS_PATH in build_env()
- Gracefully handle missing source directory with warning log
- Feature gated by FEATURE_INDIRECT_NODE_COUNTING_ENABLED flag
This enables external query file discovery for indirect node counting
across all deployment types (RPM, Podman, OpenShift, Kubernetes) using
the existing private_data_dir mechanism.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* [stable-2.6] AAP-58451: Add callback plugin discovery for external query files (#7223)
* AAP-58451: Add callback plugin discovery for external query files
Extend the indirect_instance_count callback plugin to discover and load
external query files from the bundled redhat.indirect_accounting collection
when embedded queries are not present in the target collection.
Changes:
- Add external query discovery with precedence (embedded queries first)
- External query path: redhat.indirect_accounting/extensions/audit/
external_queries/{namespace}.{name}.{version}.yml
- Use self._display.v() for external query messages (visible with -v)
- Use self._display.vv() for embedded query messages (visible with -vv)
- Fix: Change .exists() to .is_file() per Traversable ABC
- Handle missing external query collection gracefully (ModuleNotFoundError)
Note: This implements exact version match only. Version fallback logic
is covered in AAP-58452.
* fix CI error when using Traversable.is_file
* Add minimal implementation for AAP-58451
* Fix formatting
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* AAP-58452 Add version fallback for external query files (#7254)
* AAP-58456 unit test suite for external query handling (#7283)
* Add unit tests for external query handling
* Refactor unit tests for external query handling
* Refactor indirect node counting callback code to improve testing code
* Refactor unit tests for external query handling for improved callback code
* Fix test for majore version boundary check
* Fix weaknesses in some unit tests
* Make callback plugin module self contained, independent from awx
* AAP-58470 integration tests (core) for external queries (#7278)
* Add collection for testing external queries
* Add query files for testing external query file runtime integration
* Add live tests for external query file runtime integration
* Remove redundant wait for events and refactor test data folders
* Fix unit tests: mock flag_enabled to avoid DB access
The AAP-58441 cherry-pick added a flag_enabled() call in
BaseTask.build_private_data_files(), which is called by all task types.
Tests for RunInventoryUpdate and RunJob credentials now hit this code
path and need the flag mocked to avoid database access in unit tests.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: attempt exact query file match before Version parsing (#7345)
The exact-version filename check does not require PEP440 parsing, but
Version() was called first, causing early return on non-PEP440 version
strings even when an exact file exists on disk. Move the exact file
check before Version parsing so fallback logic only parses when needed.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Do no longer mutate global sys.modules (#7337)
* [stable-2.6] AAP-58452 fix: Add queries_dir guard (#7338)
* Add queries_dir guard
* fix: update unit tests to mock _get_query_file_dir instead of files
The TestVersionFallback tests mocked `files()` with chainable path
mocks, but `find_external_query_with_fallback` now uses
`_get_query_file_dir()` which returns the queries directory directly.
Mock the helper instead for simpler, correct tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove unused EXTERNAL_QUERY_PATH constant (#7336)
The constant was defined but never referenced — the path is constructed
inline via Traversable's `/` operator which requires individual segments,
not a slash-separated string.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: restore original feature flag state in test fixture (#7347)
The enable_indirect_host_counting fixture unconditionally disabled the
FEATURE_INDIRECT_NODE_COUNTING_ENABLED flag on teardown, even when it
was already enabled before the test (as is the case in development via
development_defaults.py). This caused test_indirect_host_counting to
fail when run after the external query tests, because the callback
plugin was no longer enabled.
Save and restore the original flag state instead.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Dirk Julich <djulich@redhat.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* Add new tests for bug saving concurrent facts
* Fix first bug and improve tests
* Fix new bug where concurrent job clears facts from other job in unwanted way
* minor test fixes
* Add in missing playbook
* Fix host reference for constructed inventory
* Increase speed for concurrent fact tests
* Make test a bit faster
* Fix linters
* Add some functional tests
* Remove the sanity test
* Agent markers added
* Address SonarCloud
* Do backdating method, resolving stricter assertions
* Address coderabbit comments
* Address review comment with qs only method
* Delete missed sleep statement
* Add more coverage
Django 5.2 restricts LogoutView to POST only (deprecated in 4.1,
removed in 5.0+). Without this fix, GET requests to /api/logout/
return 405 Method Not Allowed.
Add http_method_names override and a get() method that delegates
to post() where auth_logout() actually runs
* feat: workload identity credentials integration
* feat: cache credentials and add context property to Credential
Assisted-by: Claude
* feat: include safeguard in case feature flag is disabled
* feat: tests to validate workload identity credentials integration
* fix: affected tests by the credential cache mechanism
* feat: remove word cache from variables and comments, use standard library decorators
* fix: reorder tests in correct files
* Use better error catching mechanisms
* Adjust logic to support multiple credential input sources and use internal field
* Remove hardcoded credential type names
* Add tests for the internal field
Assited-by: Claude
* Added worflow dispatch to trigger ci on release_4.6 and stable-2.6
* fix error cascading to subsequent jobs for cron
* made compose_tag resolve to the correct branch name
Remove SELECT FOR UPDATE from job dispatch to reduce transaction rollbacks
Move status transition from BaseTask.transition_status (which used
SELECT FOR UPDATE inside transaction.atomic()) into
dispatch_waiting_jobs. The new approach uses filter().update() which
is atomic at the database level without requiring explicit row locks,
reducing transaction contention and rollbacks observed in perfscale
testing.
The transition_status method was an artifact of the feature flag era
where we needed to support both old and new code paths. Since
dispatch_waiting_jobs is already a singleton
(on_duplicate='queue_one') scoped to the local node, the
de-duplication logic is unnecessary.
Status is updated after task submission to dispatcherd, so the job's
UUID is in the dispatch pipeline before being marked running —
preventing the reaper from incorrectly reaping jobs during the
handoff window. RunJob.run() handles the race where a worker picks
up the task before the status update lands by accepting waiting and
transitioning it to running itself.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add retrieve_workload_identity_jwt to jobs.py and tests
* Apply linting
* Add precondition to client retrieval
* Add test case for client not configured
* Remove trailing period in match string
The schema-swagger-ui URL was removed from awx/api/urls/urls.py in
d7eb714859 when docs endpoints moved to DAB's api_documentation app,
but the reverse call in ApiRootView was not removed, causing a
NoReverseMatch error in development mode.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The awx CLI derives available fields for the `modify` command from
the list endpoint's POST action schema. Users with object-level
admin permissions (e.g., Project Admin) but no list-level POST
permission see no field flags, making modify unusable despite having
PUT access on the detail endpoint.
Fall back to the detail endpoint's action schema when POST is not
available on the list endpoint, and prefer PUT over POST when
building modify arguments.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Introduced in PR https://github.com/ansible/awx/pull/16058/changes
then a later large merge from AAP back into devel removed the changes
* This PR re-introduces the github app lookup migration rename tests
with the migration names updated and the kind to namespace correction
* Multiple credentialtype's have the same kind and kind values look
like: cloud, network, machine, etc.
* namespace is the field that we want to rename
fix: align pip version constraint in requirements_dev.txt with requirements.txt (fixes#16272)
requirements.txt pins pip==25.3 while requirements_dev.txt specified
pip>=21.3,<=24.0, causing ResolutionImpossible when installing both.
Updated requirements_dev.txt to use pip>=25.3 to maintain compatibility.
* AAP-62657 Add populate_claims_for_workload function and unit tests
* Update safe_get helper function
* Trigger CI rebuild to pick up latest django-ansible-base
* Trigger CI after org visibility update
* Retrigger CI
* Rename workload to job, refine safe_get helper function
* Update test_jobs to use job fixture
* Retrigger CI
* Create fresh job, removed launched_by since this is read-only property
* Retrigger CI after runner issues
* Retrigger CI after runner issues
* Add unit tests for other workload types
* Update CLAIM_LAUNCHED_BY_USER_NAME and CLAIM_LAUNCHED_BY_USER_ID, with CLAIM_LAUNCHED_BY_NAME and CLAIM_LAUNCHED_BY_ID
* Generate claims with a more static schema
try to operate directly on object when possible
For cases where field is valid for the type, but null value
still add the field, so blank and null values appear
* Allow unified related items to be omittied
---------
Co-authored-by: AlanCoding <arominge@redhat.com>
* Enable new fancy asyncio metrics for dispatcherd
Remove old dispatcher metrics and patch in new data from local whatever
Update test fixture to new dispatcherd version
* Update dispatcherd again
* Handle node filter in URL, and catch more errors
* Add test for metric filter
* Split module for dispatcherd metrics
The OpenAPI schema incorrectly showed all 12 credential type kinds as
valid for POST/PUT/PATCH operations, when only 'cloud' and 'net' are
allowed for custom credential types. This caused API clients and LLM
agents to receive HTTP 400 errors when attempting to create credential
types with invalid kind values.
Add postprocessing hook to filter CredentialTypeRequest and
PatchedCredentialTypeRequest schemas to only show 'cloud', 'net',
and null as valid enum values, matching the existing validation logic.
No API behavior changes - this is purely a documentation fix.
Co-authored-by: Claude <noreply@anthropic.com>
Changed two instances of 'cancelled' to 'canceled' in awx/main/wsrelay.py
to match AWX's standardized American English spelling convention.
- Updated log message in WebsocketRelayConnection.connect()
- Updated comment in WebSocketRelayManager.cleanup_offline_host()
Fixes#15177
Signed-off-by: Joey Washburn <joey@joeywashburn.com>
