AAP-57614 fix: remove early dispatch, rely on events_processed_hook

Dispatching save_indirect_host_entries from artifacts_handler was
fundamentally flawed: it ran before job events were written to the DB
by the callback receiver, so the task found no events to process, set
event_queries_processed=True, and blocked all future processing.

Remove the dispatch and the now-unused import.  The existing
events_processed_hook (called from both the task runner after the
final save and the callback receiver after the wrapup event) handles
dispatching at the right time — after events are in the DB.

The direct DB write of event_queries_processed=False and
installed_collections (added in the previous commit) remains: it
ensures events_processed_hook sees the correct values regardless of
which call site runs first.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Makefile

@@ -581,7 +581,7 @@ detect-schema-change: genschema
 
 validate-openapi-schema: genschema
 	@echo "Validating OpenAPI schema from schema.json..."
-	@python3 -c "from openapi_spec_validator import validate; import json; spec = json.load(open('schema.json')); validate(spec); print('✓ Schema is valid')"
+	@python3 -c "from openapi_spec_validator import validate; import json; spec = json.load(open('schema.json')); validate(spec); print('✓ OpenAPI Schema is valid!')"
 
 docker-compose-clean: awx/projects
 	$(DOCKER_COMPOSE) -f tools/docker-compose/_sources/docker-compose.yml rm -sf

awx/main/management/commands/inventory_import.py

@@ -409,12 +409,10 @@ class Command(BaseCommand):
             del_child_group_pks = list(set(db_children_name_pk_map.values()))
             for offset in range(0, len(del_child_group_pks), self._batch_size):
                 child_group_pks = del_child_group_pks[offset : (offset + self._batch_size)]
-                children_to_remove = list(db_children.filter(pk__in=child_group_pks))
-                if children_to_remove:
-                    group_group_count += len(children_to_remove)
-                    db_group.children.remove(*children_to_remove)
-                    for db_child in children_to_remove:
-                        logger.debug('Group "%s" removed from group "%s"', db_child.name, db_group.name)
+                for db_child in db_children.filter(pk__in=child_group_pks):
+                    group_group_count += 1
+                    db_group.children.remove(db_child)
+                    logger.debug('Group "%s" removed from group "%s"', db_child.name, db_group.name)
             # FIXME: Inventory source group relationships
             # Delete group/host relationships not present in imported data.
             db_hosts = db_group.hosts
@@ -443,12 +441,12 @@ class Command(BaseCommand):
             del_host_pks = list(del_host_pks)
             for offset in range(0, len(del_host_pks), self._batch_size):
                 del_pks = del_host_pks[offset : (offset + self._batch_size)]
-                hosts_to_remove = list(db_hosts.filter(pk__in=del_pks))
-                if hosts_to_remove:
-                    group_host_count += len(hosts_to_remove)
-                    db_group.hosts.remove(*hosts_to_remove)
-                    for db_host in hosts_to_remove:
-                        logger.debug('Host "%s" removed from group "%s"', db_host.name, db_group.name)
+                for db_host in db_hosts.filter(pk__in=del_pks):
+                    group_host_count += 1
+                    if db_host not in db_group.hosts.all():
+                        continue
+                    db_group.hosts.remove(db_host)
+                    logger.debug('Host "%s" removed from group "%s"', db_host.name, db_group.name)
         if settings.SQL_DEBUG:
             logger.warning(
                 'group-group and group-host deletions took %d queries for %d relationships',

awx/main/models/credential.py

@@ -531,7 +531,6 @@ class CredentialType(CommonModelNameNotUnique):
             existing = ct_class.objects.filter(name=default.name, kind=default.kind).first()
             if existing is not None:
                 existing.namespace = default.namespace
-                existing.description = getattr(default, 'description', '')
                 existing.inputs = {}
                 existing.injectors = {}
                 existing.save()
@@ -571,14 +570,7 @@ class CredentialType(CommonModelNameNotUnique):
     @classmethod
     def load_plugin(cls, ns, plugin):
         # TODO: User "side-loaded" credential custom_injectors isn't supported
-        ManagedCredentialType.registry[ns] = SimpleNamespace(
-            namespace=ns,
-            name=plugin.name,
-            kind='external',
-            inputs=plugin.inputs,
-            backend=plugin.backend,
-            description=getattr(plugin, 'plugin_description', ''),
-        )
+        ManagedCredentialType.registry[ns] = SimpleNamespace(namespace=ns, name=plugin.name, kind='external', inputs=plugin.inputs, backend=plugin.backend)
 
     def inject_credential(self, credential, env, safe_env, args, private_data_dir, container_root=None):
         from awx_plugins.interfaces._temporary_private_inject_api import inject_credential
@@ -590,13 +582,7 @@ class CredentialTypeHelper:
     @classmethod
     def get_creation_params(cls, cred_type):
         if cred_type.kind == 'external':
-            return {
-                'namespace': cred_type.namespace,
-                'kind': cred_type.kind,
-                'name': cred_type.name,
-                'managed': True,
-                'description': getattr(cred_type, 'description', ''),
-            }
+            return dict(namespace=cred_type.namespace, kind=cred_type.kind, name=cred_type.name, managed=True)
         return dict(
             namespace=cred_type.namespace,
             kind=cred_type.kind,

awx/main/models/workflow.py

@@ -335,9 +335,7 @@ class WorkflowJobNode(WorkflowNodeBase):
             # or labels, because they do not propogate WFJT-->node at all
 
             # Combine WFJT prompts with node here, WFJT at higher level
-            # Empty string values on the workflow job (e.g. from IaC setting limit: "")
-            # should not override a node's explicit non-empty prompt value
-            node_prompts_data.update({k: v for k, v in wj_prompts_data.items() if v != ''})
+            node_prompts_data.update(wj_prompts_data)
             accepted_fields, ignored_fields, errors = ujt_obj._accept_or_ignore_job_kwargs(**node_prompts_data)
             if errors:
                 logger.info(

awx/main/tasks/callback.py

@@ -277,7 +277,6 @@ class RunnerCallback:
     def artifacts_handler(self, artifact_dir):
         success, query_file_contents = try_load_query_file(artifact_dir)
         if success:
-            self.delay_update(event_queries_processed=False)
             collections_info = collect_queries(query_file_contents)
             for collection, data in collections_info.items():
                 version = data['version']
@@ -301,6 +300,24 @@ class RunnerCallback:
             else:
                 logger.warning(f'The file {COLLECTION_FILENAME} unexpectedly did not contain ansible_version')
 
+            # Write event_queries_processed and installed_collections directly
+            # to the DB instead of using delay_update.  delay_update defers
+            # writes until the final job status save, but
+            # events_processed_hook (called from both the task runner after
+            # the final save and the callback receiver after the wrapup
+            # event) needs event_queries_processed=False visible in the DB
+            # to dispatch save_indirect_host_entries.  The field defaults to
+            # True, so without a direct write the hook would see True and
+            # skip the dispatch.  installed_collections is also written
+            # directly so it is available if the callback receiver
+            # dispatches before the final save.
+            from awx.main.models import Job
+
+            db_updates = {'event_queries_processed': False}
+            if 'installed_collections' in query_file_contents:
+                db_updates['installed_collections'] = query_file_contents['installed_collections']
+            Job.objects.filter(id=self.instance.id).update(**db_updates)
+
         self.artifacts_processed = True
 
 

awx/main/tests/functional/commands/test_inventory_import.py

@@ -305,47 +305,6 @@ class TestINIImports:
         has_host_group = inventory.groups.get(name='has_a_host')
         assert has_host_group.hosts.count() == 1
 
-    @mock.patch.object(inventory_import, 'AnsibleInventoryLoader', MockLoader)
-    def test_overwrite_removes_stale_memberships(self, inventory):
-        """When overwrite is enabled, host-group and group-group memberships
-        that are no longer in the imported data should be removed."""
-        # First import: parent_group has two children, host_group has two hosts
-        inventory_import.AnsibleInventoryLoader._data = {
-            "_meta": {"hostvars": {"host1": {}, "host2": {}}},
-            "all": {"children": ["ungrouped", "parent_group", "child_a", "child_b", "host_group"]},
-            "parent_group": {"children": ["child_a", "child_b"]},
-            "host_group": {"hosts": ["host1", "host2"]},
-            "ungrouped": {"hosts": []},
-        }
-        cmd = inventory_import.Command()
-        cmd.handle(inventory_id=inventory.pk, source=__file__, overwrite=True)
-
-        parent = inventory.groups.get(name='parent_group')
-        assert set(parent.children.values_list('name', flat=True)) == {'child_a', 'child_b'}
-        host_grp = inventory.groups.get(name='host_group')
-        assert set(host_grp.hosts.values_list('name', flat=True)) == {'host1', 'host2'}
-
-        # Second import: child_b removed from parent_group, host2 moved out of host_group
-        inventory_import.AnsibleInventoryLoader._data = {
-            "_meta": {"hostvars": {"host1": {}, "host2": {}}},
-            "all": {"children": ["ungrouped", "parent_group", "child_a", "child_b", "host_group"]},
-            "parent_group": {"children": ["child_a"]},
-            "host_group": {"hosts": ["host1"]},
-            "ungrouped": {"hosts": ["host2"]},
-        }
-        cmd = inventory_import.Command()
-        cmd.handle(inventory_id=inventory.pk, source=__file__, overwrite=True)
-
-        parent.refresh_from_db()
-        host_grp.refresh_from_db()
-        # child_b should be removed from parent_group
-        assert set(parent.children.values_list('name', flat=True)) == {'child_a'}
-        # host2 should be removed from host_group
-        assert set(host_grp.hosts.values_list('name', flat=True)) == {'host1'}
-        # host2 and child_b should still exist in the inventory, just not in those groups
-        assert inventory.hosts.filter(name='host2').exists()
-        assert inventory.groups.filter(name='child_b').exists()
-
     @mock.patch.object(inventory_import, 'AnsibleInventoryLoader', MockLoader)
     def test_recursive_group_error(self, inventory):
         inventory_import.AnsibleInventoryLoader._data = {

awx/main/tests/functional/models/test_workflow.py

@@ -291,33 +291,6 @@ class TestWorkflowJob:
         assert set(data['labels']) == set(node_labels)  # as exception, WFJT labels not applied
         assert data['limit'] == 'wj_limit'
 
-    def test_node_limit_not_overridden_by_empty_string_wj_limit(self, project, inventory):
-        """
-        When the workflow job has an empty string limit (e.g., set via IaC with limit: ""),
-        the node-level limit should still be passed to the spawned job, not silently suppressed.
-        """
-        jt = JobTemplate.objects.create(
-            project=project,
-            inventory=inventory,
-            ask_limit_on_launch=True,
-        )
-        # Simulate a workflow job whose WFJT was created via IaC with `limit: ""`
-        # (e.g. awx.awx.workflow_job_template: ... limit: "")
-        # This stores '' in char_prompts instead of treating it as None/"no limit".
-        wj = WorkflowJob.objects.create(name='test-wf-job')
-        wj.limit = ''  # stores {'limit': ''} in char_prompts - the IaC bug scenario
-        wj.save()
-
-        node = WorkflowJobNode.objects.create(workflow_job=wj, unified_job_template=jt)
-        node.limit = 'web_servers'
-        node.save()
-
-        data = node.get_job_kwargs()
-        # The node-level limit should be applied; the WJ's empty string limit is not meaningful
-        assert data.get('limit') == 'web_servers', (
-            "Node-level limit 'web_servers' was not passed to the job. " "Likely caused by an empty string WJ limit overriding the node limit"
-        )
-
 
 @pytest.mark.django_db
 class TestWorkflowJobTemplate:

awx/main/tests/unit/models/test_credential.py

@@ -2,11 +2,7 @@
 
 import pytest
 
-from types import SimpleNamespace
-from unittest import mock
-
 from awx.main.models import Credential, CredentialType
-from awx.main.models.credential import CredentialTypeHelper, ManagedCredentialType
 
 from django.apps import apps
 
@@ -82,53 +78,3 @@ def test_credential_context_property_independent_instances():
     assert cred1.context == {'key1': 'value1'}
     assert cred2.context == {'key2': 'value2'}
     assert cred1.context is not cred2.context
-
-
-def test_load_plugin_passes_description():
-    plugin = SimpleNamespace(name='test_plugin', inputs={'fields': []}, backend=None, plugin_description='A test plugin')
-    CredentialType.load_plugin('test_ns', plugin)
-    entry = ManagedCredentialType.registry['test_ns']
-    assert entry.description == 'A test plugin'
-    del ManagedCredentialType.registry['test_ns']
-
-
-def test_load_plugin_missing_description():
-    plugin = SimpleNamespace(name='test_plugin', inputs={'fields': []}, backend=None)
-    CredentialType.load_plugin('test_ns', plugin)
-    entry = ManagedCredentialType.registry['test_ns']
-    assert entry.description == ''
-    del ManagedCredentialType.registry['test_ns']
-
-
-def test_get_creation_params_external_includes_description():
-    cred_type = SimpleNamespace(namespace='test_ns', kind='external', name='Test', description='My description')
-    params = CredentialTypeHelper.get_creation_params(cred_type)
-    assert params['description'] == 'My description'
-
-
-def test_get_creation_params_external_missing_description():
-    cred_type = SimpleNamespace(namespace='test_ns', kind='external', name='Test')
-    params = CredentialTypeHelper.get_creation_params(cred_type)
-    assert params['description'] == ''
-
-
-@pytest.mark.django_db
-def test_setup_tower_managed_defaults_updates_description():
-    registry_entry = SimpleNamespace(
-        namespace='test_ns',
-        kind='external',
-        name='Test Plugin',
-        inputs={'fields': []},
-        backend=None,
-        description='Updated description',
-    )
-    # Create an existing credential type with no description
-    ct = CredentialType.objects.create(name='Test Plugin', kind='external', namespace='old_ns')
-    assert ct.description == ''
-
-    with mock.patch.dict(ManagedCredentialType.registry, {'test_ns': registry_entry}, clear=True):
-        CredentialType._setup_tower_managed_defaults()
-
-    ct.refresh_from_db()
-    assert ct.description == 'Updated description'
-    assert ct.namespace == 'test_ns'

requirements/requirements.txt

@@ -116,7 +116,7 @@ cython==3.1.3
     # via -r /awx_devel/requirements/requirements.in
 daphne==4.2.1
     # via -r /awx_devel/requirements/requirements.in
-dispatcherd[pg-notify]==2026.3.25
+dispatcherd[pg-notify]==2026.02.26
     # via -r /awx_devel/requirements/requirements.in
 distro==1.9.0
     # via -r /awx_devel/requirements/requirements.in