Fixing NUL characters in event data

We have both psycopg2 and 3 installed in the AWX venv.

Old versions of Django only used psycopg2 but 4.2 now supports 3

Django 4.2 detects psycopg3 first and will use that over psycopg2

So old migrations needed to be updated to support psycopg3

awx/main/analytics/collectors.py

@@ -399,7 +399,10 @@ def _copy_table(table, query, path):
     file_path = os.path.join(path, table + '_table.csv')
     file = FileSplitter(filespec=file_path)
     with connection.cursor() as cursor:
-        cursor.copy_expert(query, file)
+        with cursor.copy(query) as copy:
+            while data := copy.read():
+                byte_data = bytes(data)
+                file.write(byte_data.decode())
     return file.file_list()
 
 

awx/main/dispatch/worker/callback.py

@@ -9,6 +9,7 @@ from django.conf import settings
 from django.utils.functional import cached_property
 from django.utils.timezone import now as tz_now
 from django.db import transaction, connection as django_connection
+from django.db.utils import DataError
 from django_guid import set_guid
 
 import psutil
@@ -191,10 +192,16 @@ class CallbackBrokerWorker(BaseWorker):
                             e._retry_count = retry_count
 
                             # special sanitization logic for postgres treatment of NUL 0x00 char
-                            if (retry_count == 1) and isinstance(exc_indv, ValueError) and ("\x00" in e.stdout):
-                                e.stdout = e.stdout.replace("\x00", "")
-
-                            if retry_count >= self.INDIVIDUAL_EVENT_RETRIES:
+                            if (retry_count == 1) and isinstance(exc_indv, DataError):
+                                # The easiest place is in stdout. This raises as an error stating that it can't save a NUL character
+                                if "\x00" in e.stdout:
+                                    e.stdout = e.stdout.replace("\x00", "")
+                                # There is also a chance that NUL char is embedded in event data which is part of a JSON blob. In that case we, thankfully, get a different exception
+                                if 'unsupported Unicode escape sequence' in str(exc_indv):
+                                    e.event_data = json.loads(
+                                        json.dumps(e.event_data).replace("\x00", "").replace("\\x00", "").replace("\u0000", "").replace("\\u0000", "")
+                                    )
+                            elif retry_count >= self.INDIVIDUAL_EVENT_RETRIES:
                                 logger.error(f'Hit max retries ({retry_count}) saving individual Event error: {str(exc_indv)}\ndata:\n{e.__dict__}')
                                 events.remove(e)
                             else:

awx/main/migrations/0006_v320_release.py

@@ -2,9 +2,6 @@
 # Python
 from __future__ import unicode_literals
 
-# Psycopg2
-from psycopg2.extensions import AsIs
-
 # Django
 from django.db import connection, migrations, models, OperationalError, ProgrammingError
 from django.conf import settings
@@ -136,8 +133,8 @@ class Migration(migrations.Migration):
             ),
         ),
         migrations.RunSQL(
-            [("CREATE INDEX host_ansible_facts_default_gin ON %s USING gin" "(ansible_facts jsonb_path_ops);", [AsIs(Host._meta.db_table)])],
-            [('DROP INDEX host_ansible_facts_default_gin;', None)],
+            sql="CREATE INDEX host_ansible_facts_default_gin ON {} USING gin(ansible_facts jsonb_path_ops);".format(Host._meta.db_table),
+            reverse_sql='DROP INDEX host_ansible_facts_default_gin;',
         ),
         # SCM file-based inventories
         migrations.AddField(

awx/main/migrations/0113_v370_event_bigint.py

@@ -22,10 +22,8 @@ def migrate_event_data(apps, schema_editor):
             # recreate counter for the new table's primary key to
             # start where the *old* table left off (we have to do this because the
             # counter changed from an int to a bigint)
-            cursor.execute(f'DROP SEQUENCE IF EXISTS "{tblname}_id_seq" CASCADE;')
-            cursor.execute(f'CREATE SEQUENCE "{tblname}_id_seq";')
-            cursor.execute(f'ALTER TABLE "{tblname}" ALTER COLUMN "id" ' f"SET DEFAULT nextval('{tblname}_id_seq');")
-            cursor.execute(f"SELECT setval('{tblname}_id_seq', (SELECT MAX(id) FROM _old_{tblname}), true);")
+            cursor.execute(f'CREATE SEQUENCE IF NOT EXISTS "{tblname}_id_seq";')
+            cursor.execute(f"SELECT setval('{tblname}_id_seq', COALESCE((SELECT MAX(id)+1 FROM _old_{tblname}), 1), false);")
             cursor.execute(f'DROP TABLE _old_{tblname};')
 
 

awx/main/migrations/0183_pre_django_upgrade.py

@@ -0,0 +1,30 @@
+# Generated by Django 3.2.16 on 2023-04-21 14:15
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.OAUTH2_PROVIDER_ID_TOKEN_MODEL),
+        ('main', '0182_constructed_inventory'),
+        ('oauth2_provider', '0005_auto_20211222_2352'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='oauth2accesstoken',
+            name='id_token',
+            field=models.OneToOneField(
+                blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='access_token', to=settings.OAUTH2_PROVIDER_ID_TOKEN_MODEL
+            ),
+        ),
+        migrations.AddField(
+            model_name='oauth2application',
+            name='algorithm',
+            field=models.CharField(
+                blank=True, choices=[('', 'No OIDC support'), ('RS256', 'RSA with SHA-2 256'), ('HS256', 'HMAC with SHA-2 256')], default='', max_length=5
+            ),
+        ),
+    ]

awx/main/migrations/0184_django_upgrade.py

@@ -0,0 +1,972 @@
+# Generated by Django 4.2 on 2023-04-21 14:43
+
+import awx.main.fields
+import awx.main.utils.polymorphic
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('contenttypes', '0002_remove_content_type_name'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('main', '0183_pre_django_upgrade'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='activitystream',
+            name='unified_job',
+            field=models.ManyToManyField(blank=True, related_name='activity_stream_as_unified_job+', to='main.unifiedjob'),
+        ),
+        migrations.AlterField(
+            model_name='activitystream',
+            name='unified_job_template',
+            field=models.ManyToManyField(blank=True, related_name='activity_stream_as_unified_job_template+', to='main.unifiedjobtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='credential',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='credential',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='credentialinputsource',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='credentialinputsource',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='credentialtype',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='credentialtype',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='custominventoryscript',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='custominventoryscript',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='executionenvironment',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='executionenvironment',
+            name='credential',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.credential'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='executionenvironment',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='executionenvironment',
+            name='organization',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The organization used to determine access to this execution environment.',
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name='%(class)ss',
+                to='main.organization',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='group',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='group',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='host',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='host',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='host',
+            name='smart_inventories',
+            field=models.ManyToManyField(related_name='+', through='main.SmartInventoryMembership', to='main.inventory'),
+        ),
+        migrations.AlterField(
+            model_name='instancegroup',
+            name='credential',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.credential'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='inventory',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='inventory',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='job',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.inventory'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='job',
+            name='project',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.project'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='job',
+            name='webhook_credential',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='Personal Access Token for posting back the status to the service API',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.credential',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='joblaunchconfig',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='joblaunchconfig',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_as_prompt',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='joblaunchconfig',
+            name='instance_groups',
+            field=awx.main.fields.OrderedManyToManyField(
+                blank=True, editable=False, related_name='%(class)ss', through='main.JobLaunchConfigInstanceGroupMembership', to='main.instancegroup'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='joblaunchconfig',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='joblaunchconfig',
+            name='labels',
+            field=models.ManyToManyField(related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='jobtemplate',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.inventory'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='jobtemplate',
+            name='project',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.project'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='jobtemplate',
+            name='webhook_credential',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='Personal Access Token for posting back the status to the service API',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.credential',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='label',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='label',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='notificationtemplate',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='notificationtemplate',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='oauth2accesstoken',
+            name='user',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='The user representing the token owner',
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name='%(app_label)s_%(class)s',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='oauth2application',
+            name='user',
+            field=models.ForeignKey(
+                blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='%(app_label)s_%(class)s', to=settings.AUTH_USER_MODEL
+            ),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='galaxy_credentials',
+            field=awx.main.fields.OrderedManyToManyField(
+                blank=True, related_name='%(class)s_galaxy_credentials', through='main.OrganizationGalaxyCredentialMembership', to='main.credential'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='notification_templates_approvals',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_approvals', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='notification_templates_error',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_errors', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='notification_templates_started',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_started', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='organization',
+            name='notification_templates_success',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_success', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='project',
+            name='credential',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.credential'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='project',
+            name='signature_validation_credential',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='An optional credential used for validating files in the project against unexpected changes.',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss_signature_validation',
+                to='main.credential',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='projectupdate',
+            name='credential',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.credential'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_as_prompt',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='labels',
+            field=models.ManyToManyField(related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='schedule',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='team',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='team',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='dependent_jobs',
+            field=models.ManyToManyField(editable=False, related_name='%(class)s_blocked_jobs', to='main.unifiedjob'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)ss',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='labels',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='notifications',
+            field=models.ManyToManyField(editable=False, related_name='%(class)s_notifications', to='main.notification'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='organization',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='The organization used to determine access to this unified job.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)ss',
+                to='main.organization',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='polymorphic_ctype',
+            field=models.ForeignKey(
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name='polymorphic_%(app_label)s.%(class)s_set+',
+                to='contenttypes.contenttype',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjob',
+            name='unified_job_template',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_unified_jobs',
+                to='main.unifiedjobtemplate',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='created_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_created+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='current_job',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)s_as_current_job+',
+                to='main.unifiedjob',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)ss',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='labels',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='last_job',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)s_as_last_job+',
+                to='main.unifiedjob',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='modified_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_modified+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='next_schedule',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_as_next_schedule+',
+                to='main.schedule',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='notification_templates_error',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_errors', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='notification_templates_started',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_started', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='notification_templates_success',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_success', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='organization',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='The organization used to determine access to this template.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)ss',
+                to='main.organization',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='unifiedjobtemplate',
+            name='polymorphic_ctype',
+            field=models.ForeignKey(
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name='polymorphic_%(app_label)s.%(class)s_set+',
+                to='contenttypes.contenttype',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowapproval',
+            name='approved_or_denied_by',
+            field=models.ForeignKey(
+                default=None,
+                editable=False,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%s(class)s_approved+',
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjob',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjob',
+            name='webhook_credential',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='Personal Access Token for posting back the status to the service API',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.credential',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='always_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_always', to='main.workflowjobnode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_as_prompt',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='failure_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_failure', to='main.workflowjobnode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='labels',
+            field=models.ManyToManyField(related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='success_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_success', to='main.workflowjobnode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobnode',
+            name='unified_job_template',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.unifiedjobtemplate'
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplate',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplate',
+            name='notification_templates_approvals',
+            field=models.ManyToManyField(blank=True, related_name='%(class)s_notification_templates_for_approvals', to='main.notificationtemplate'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplate',
+            name='webhook_credential',
+            field=models.ForeignKey(
+                blank=True,
+                help_text='Personal Access Token for posting back the status to the service API',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.credential',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='always_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_always', to='main.workflowjobtemplatenode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='credentials',
+            field=models.ManyToManyField(related_name='%(class)ss', to='main.credential'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='execution_environment',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='The container image to be used for execution.',
+                null=True,
+                on_delete=awx.main.utils.polymorphic.SET_NULL,
+                related_name='%(class)s_as_prompt',
+                to='main.executionenvironment',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='failure_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_failure', to='main.workflowjobtemplatenode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='inventory',
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text='Inventory applied as a prompt, assuming job template prompts for inventory',
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name='%(class)ss',
+                to='main.inventory',
+            ),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='labels',
+            field=models.ManyToManyField(related_name='%(class)s_labels', to='main.label'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='success_nodes',
+            field=models.ManyToManyField(blank=True, related_name='%(class)ss_success', to='main.workflowjobtemplatenode'),
+        ),
+        migrations.AlterField(
+            model_name='workflowjobtemplatenode',
+            name='unified_job_template',
+            field=models.ForeignKey(
+                blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)ss', to='main.unifiedjobtemplate'
+            ),
+        ),
+    ]

awx/main/migrations/0185_djanog_indexes.py

@@ -0,0 +1,102 @@
+# Generated by Django 4.2 on 2023-04-28 19:21
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('main', '0184_django_upgrade'),
+    ]
+
+    operations = [
+        migrations.RenameIndex(
+            model_name='adhoccommandevent',
+            new_name='main_adhocc_ad_hoc__a57777_idx',
+            old_fields=('ad_hoc_command', 'job_created', 'counter'),
+        ),
+        migrations.RenameIndex(
+            model_name='adhoccommandevent',
+            new_name='main_adhocc_ad_hoc__e72142_idx',
+            old_fields=('ad_hoc_command', 'job_created', 'event'),
+        ),
+        migrations.RenameIndex(
+            model_name='adhoccommandevent',
+            new_name='main_adhocc_ad_hoc__1e4d24_idx',
+            old_fields=('ad_hoc_command', 'job_created', 'uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='inventoryupdateevent',
+            new_name='main_invent_invento_f72b21_idx',
+            old_fields=('inventory_update', 'job_created', 'uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='inventoryupdateevent',
+            new_name='main_invent_invento_364dcb_idx',
+            old_fields=('inventory_update', 'job_created', 'counter'),
+        ),
+        migrations.RenameIndex(
+            model_name='jobevent',
+            new_name='main_jobeve_job_id_51c382_idx',
+            old_fields=('job', 'job_created', 'counter'),
+        ),
+        migrations.RenameIndex(
+            model_name='jobevent',
+            new_name='main_jobeve_job_id_0ddc6b_idx',
+            old_fields=('job', 'job_created', 'event'),
+        ),
+        migrations.RenameIndex(
+            model_name='jobevent',
+            new_name='main_jobeve_job_id_40a56d_idx',
+            old_fields=('job', 'job_created', 'parent_uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='jobevent',
+            new_name='main_jobeve_job_id_3c4a4a_idx',
+            old_fields=('job', 'job_created', 'uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='projectupdateevent',
+            new_name='main_projec_project_c44b7c_idx',
+            old_fields=('project_update', 'job_created', 'event'),
+        ),
+        migrations.RenameIndex(
+            model_name='projectupdateevent',
+            new_name='main_projec_project_449bbd_idx',
+            old_fields=('project_update', 'job_created', 'uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='projectupdateevent',
+            new_name='main_projec_project_69559a_idx',
+            old_fields=('project_update', 'job_created', 'counter'),
+        ),
+        migrations.RenameIndex(
+            model_name='role',
+            new_name='main_rbac_r_content_979bdd_idx',
+            old_fields=('content_type', 'object_id'),
+        ),
+        migrations.RenameIndex(
+            model_name='roleancestorentry',
+            new_name='main_rbac_r_ancesto_22b9f0_idx',
+            old_fields=('ancestor', 'content_type_id', 'object_id'),
+        ),
+        migrations.RenameIndex(
+            model_name='roleancestorentry',
+            new_name='main_rbac_r_ancesto_b44606_idx',
+            old_fields=('ancestor', 'content_type_id', 'role_field'),
+        ),
+        migrations.RenameIndex(
+            model_name='roleancestorentry',
+            new_name='main_rbac_r_ancesto_c87b87_idx',
+            old_fields=('ancestor', 'descendent'),
+        ),
+        migrations.RenameIndex(
+            model_name='systemjobevent',
+            new_name='main_system_system__e39825_idx',
+            old_fields=('system_job', 'job_created', 'uuid'),
+        ),
+        migrations.RenameIndex(
+            model_name='systemjobevent',
+            new_name='main_system_system__73537a_idx',
+            old_fields=('system_job', 'job_created', 'counter'),
+        ),
+    ]

awx/main/migrations/_OrgAdmin_to_use_ig.py

@@ -8,7 +8,7 @@ logger = logging.getLogger('awx.main.migrations')
 def migrate_org_admin_to_use(apps, schema_editor):
     logger.info('Initiated migration from Org admin to use role')
     roles_added = 0
-    for org in Organization.objects.prefetch_related('admin_role__members').iterator():
+    for org in Organization.objects.prefetch_related('admin_role__members').iterator(chunk_size=1000):
         igs = list(org.instance_groups.all())
         if not igs:
             continue

awx/main/models/credential/__init__.py

@@ -195,6 +195,9 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
 
     @cached_property
     def dynamic_input_fields(self):
+        # if the credential is not yet saved we can't access the input_sources
+        if not self.id:
+            return []
         return [obj.input_field_name for obj in self.input_sources.all()]
 
     def _password_field_allows_ask(self, field):

awx/main/models/events.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 
 import datetime
+from datetime import timezone
 import logging
 from collections import defaultdict
 
@@ -10,7 +11,7 @@ from django.db import models, DatabaseError
 from django.db.models.functions import Cast
 from django.utils.dateparse import parse_datetime
 from django.utils.text import Truncator
-from django.utils.timezone import utc, now
+from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django.utils.encoding import force_str
 
@@ -422,7 +423,7 @@ class BasePlaybookEvent(CreatedModifiedModel):
             if not isinstance(kwargs['created'], datetime.datetime):
                 kwargs['created'] = parse_datetime(kwargs['created'])
             if not kwargs['created'].tzinfo:
-                kwargs['created'] = kwargs['created'].replace(tzinfo=utc)
+                kwargs['created'] = kwargs['created'].replace(tzinfo=timezone.utc)
         except (KeyError, ValueError):
             kwargs.pop('created', None)
 
@@ -432,7 +433,7 @@ class BasePlaybookEvent(CreatedModifiedModel):
             if not isinstance(kwargs['job_created'], datetime.datetime):
                 kwargs['job_created'] = parse_datetime(kwargs['job_created'])
             if not kwargs['job_created'].tzinfo:
-                kwargs['job_created'] = kwargs['job_created'].replace(tzinfo=utc)
+                kwargs['job_created'] = kwargs['job_created'].replace(tzinfo=timezone.utc)
         except (KeyError, ValueError):
             kwargs.pop('job_created', None)
 
@@ -470,11 +471,11 @@ class JobEvent(BasePlaybookEvent):
     class Meta:
         app_label = 'main'
         ordering = ('pk',)
-        index_together = [
-            ('job', 'job_created', 'event'),
-            ('job', 'job_created', 'uuid'),
-            ('job', 'job_created', 'parent_uuid'),
-            ('job', 'job_created', 'counter'),
+        indexes = [
+            models.Index(fields=['job', 'job_created', 'event']),
+            models.Index(fields=['job', 'job_created', 'uuid']),
+            models.Index(fields=['job', 'job_created', 'parent_uuid']),
+            models.Index(fields=['job', 'job_created', 'counter']),
         ]
 
     id = models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')
@@ -632,10 +633,10 @@ class ProjectUpdateEvent(BasePlaybookEvent):
     class Meta:
         app_label = 'main'
         ordering = ('pk',)
-        index_together = [
-            ('project_update', 'job_created', 'event'),
-            ('project_update', 'job_created', 'uuid'),
-            ('project_update', 'job_created', 'counter'),
+        indexes = [
+            models.Index(fields=['project_update', 'job_created', 'event']),
+            models.Index(fields=['project_update', 'job_created', 'uuid']),
+            models.Index(fields=['project_update', 'job_created', 'counter']),
         ]
 
     id = models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')
@@ -734,7 +735,7 @@ class BaseCommandEvent(CreatedModifiedModel):
             if not isinstance(kwargs['created'], datetime.datetime):
                 kwargs['created'] = parse_datetime(kwargs['created'])
             if not kwargs['created'].tzinfo:
-                kwargs['created'] = kwargs['created'].replace(tzinfo=utc)
+                kwargs['created'] = kwargs['created'].replace(tzinfo=timezone.utc)
         except (KeyError, ValueError):
             kwargs.pop('created', None)
 
@@ -770,10 +771,10 @@ class AdHocCommandEvent(BaseCommandEvent):
     class Meta:
         app_label = 'main'
         ordering = ('-pk',)
-        index_together = [
-            ('ad_hoc_command', 'job_created', 'event'),
-            ('ad_hoc_command', 'job_created', 'uuid'),
-            ('ad_hoc_command', 'job_created', 'counter'),
+        indexes = [
+            models.Index(fields=['ad_hoc_command', 'job_created', 'event']),
+            models.Index(fields=['ad_hoc_command', 'job_created', 'uuid']),
+            models.Index(fields=['ad_hoc_command', 'job_created', 'counter']),
         ]
 
     EVENT_TYPES = [
@@ -875,9 +876,9 @@ class InventoryUpdateEvent(BaseCommandEvent):
     class Meta:
         app_label = 'main'
         ordering = ('-pk',)
-        index_together = [
-            ('inventory_update', 'job_created', 'uuid'),
-            ('inventory_update', 'job_created', 'counter'),
+        indexes = [
+            models.Index(fields=['inventory_update', 'job_created', 'uuid']),
+            models.Index(fields=['inventory_update', 'job_created', 'counter']),
         ]
 
     id = models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')
@@ -920,9 +921,9 @@ class SystemJobEvent(BaseCommandEvent):
     class Meta:
         app_label = 'main'
         ordering = ('-pk',)
-        index_together = [
-            ('system_job', 'job_created', 'uuid'),
-            ('system_job', 'job_created', 'counter'),
+        indexes = [
+            models.Index(fields=['system_job', 'job_created', 'uuid']),
+            models.Index(fields=['system_job', 'job_created', 'counter']),
         ]
 
     id = models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')

awx/main/models/rbac.py

@@ -141,7 +141,7 @@ class Role(models.Model):
         app_label = 'main'
         verbose_name_plural = _('roles')
         db_table = 'main_rbac_roles'
-        index_together = [("content_type", "object_id")]
+        indexes = [models.Index(fields=["content_type", "object_id"])]
         ordering = ("content_type", "object_id")
 
     role_field = models.TextField(null=False)
@@ -447,10 +447,10 @@ class RoleAncestorEntry(models.Model):
         app_label = 'main'
         verbose_name_plural = _('role_ancestors')
         db_table = 'main_rbac_role_ancestors'
-        index_together = [
-            ("ancestor", "content_type_id", "object_id"),  # used by get_roles_on_resource
-            ("ancestor", "content_type_id", "role_field"),  # used by accessible_objects
-            ("ancestor", "descendent"),  # used by rebuild_role_ancestor_list in the NOT EXISTS clauses.
+        indexes = [
+            models.Index(fields=["ancestor", "content_type_id", "object_id"]),  # used by get_roles_on_resource
+            models.Index(fields=["ancestor", "content_type_id", "role_field"]),  # used by accessible_objects
+            models.Index(fields=["ancestor", "descendent"]),  # used by rebuild_role_ancestor_list in the NOT EXISTS clauses.
         ]
 
     descendent = models.ForeignKey(Role, null=False, on_delete=models.CASCADE, related_name='+')

awx/main/models/unified_jobs.py

@@ -1137,11 +1137,9 @@ class UnifiedJob(
                     if total > max_supported:
                         raise StdoutMaxBytesExceeded(total, max_supported)
 
-                # psycopg2's copy_expert writes bytes, but callers of this
+                # psycopg3's copy writes bytes, but callers of this
                 # function assume a str-based fd will be returned; decode
                 # .write() calls on the fly to maintain this interface
-                _write = fd.write
-                fd.write = lambda s: _write(smart_str(s))
                 tbl = self._meta.db_table + 'event'
                 created_by_cond = ''
                 if self.has_unpartitioned_events:
@@ -1150,7 +1148,9 @@ class UnifiedJob(
                     created_by_cond = f"job_created='{self.created.isoformat()}' AND "
 
                 sql = f"copy (select stdout from {tbl} where {created_by_cond}{self.event_parent_key}={self.id} and stdout != '' order by start_line) to stdout"  # nosql
-                cursor.copy_expert(sql, fd)
+                with cursor.copy(sql) as copy:
+                    while data := copy.read():
+                        fd.write(smart_str(bytes(data)))
 
                 if hasattr(fd, 'name'):
                     # If we're dealing with a physical file, use `sed` to clean

awx/main/tests/functional/analytics/test_collectors.py

@@ -2,8 +2,8 @@ import pytest
 import tempfile
 import os
 import re
-import shutil
 import csv
+from io import StringIO
 
 from django.utils.timezone import now
 from datetime import timedelta
@@ -20,15 +20,16 @@ from awx.main.models import (
 )
 
 
-@pytest.fixture
-def sqlite_copy_expert(request):
-    # copy_expert is postgres-specific, and SQLite doesn't support it; mock its
-    # behavior to test that it writes a file that contains stdout from events
-    path = tempfile.mkdtemp(prefix="copied_tables")
+class MockCopy:
+    headers = None
+    results = None
+    sent_data = False
 
-    def write_stdout(self, sql, fd):
+    def __init__(self, sql, parent_connection):
         # Would be cool if we instead properly disected the SQL query and verified
         # it that way. But instead, we just take the naive approach here.
+        self.results = None
+        self.headers = None
         sql = sql.strip()
         assert sql.startswith("COPY (")
         assert sql.endswith(") TO STDOUT WITH CSV HEADER")
@@ -51,29 +52,49 @@ def sqlite_copy_expert(request):
             elif not line.endswith(","):
                 sql_new[-1] = sql_new[-1].rstrip(",")
         sql = "\n".join(sql_new)
+        parent_connection.execute(sql)
+        self.results = parent_connection.fetchall()
+        self.headers = [i[0] for i in parent_connection.description]
 
-        self.execute(sql)
-        results = self.fetchall()
-        headers = [i[0] for i in self.description]
+    def read(self):
+        if not self.sent_data:
+            mem_file = StringIO()
+            csv_handle = csv.writer(
+                mem_file,
+                delimiter=",",
+                quoting=csv.QUOTE_ALL,
+                escapechar="\\",
+                lineterminator="\n",
+            )
+            if self.headers:
+                csv_handle.writerow(self.headers)
+            if self.results:
+                csv_handle.writerows(self.results)
+            self.sent_data = True
+            return memoryview((mem_file.getvalue()).encode())
+        return None
 
-        csv_handle = csv.writer(
-            fd,
-            delimiter=",",
-            quoting=csv.QUOTE_ALL,
-            escapechar="\\",
-            lineterminator="\n",
-        )
-        csv_handle.writerow(headers)
-        csv_handle.writerows(results)
+    def __enter__(self):
+        return self
 
-    setattr(SQLiteCursorWrapper, "copy_expert", write_stdout)
-    request.addfinalizer(lambda: shutil.rmtree(path))
-    request.addfinalizer(lambda: delattr(SQLiteCursorWrapper, "copy_expert"))
-    return path
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        pass
+
+
+@pytest.fixture
+def sqlite_copy(request, mocker):
+    # copy is postgres-specific, and SQLite doesn't support it; mock its
+    # behavior to test that it writes a file that contains stdout from events
+
+    def write_stdout(self, sql):
+        mock_copy = MockCopy(sql, self)
+        return mock_copy
+
+    mocker.patch.object(SQLiteCursorWrapper, 'copy', write_stdout, create=True)
 
 
 @pytest.mark.django_db
-def test_copy_tables_unified_job_query(sqlite_copy_expert, project, inventory, job_template):
+def test_copy_tables_unified_job_query(sqlite_copy, project, inventory, job_template):
     """
     Ensure that various unified job types are in the output of the query.
     """
@@ -127,7 +148,7 @@ def workflow_job(states=["new", "new", "new", "new", "new"]):
 
 
 @pytest.mark.django_db
-def test_copy_tables_workflow_job_node_query(sqlite_copy_expert, workflow_job):
+def test_copy_tables_workflow_job_node_query(sqlite_copy, workflow_job):
     time_start = now() - timedelta(hours=9)
 
     with tempfile.TemporaryDirectory() as tmpdir:

awx/main/tests/functional/api/test_job.py

@@ -214,7 +214,7 @@ class TestControllerNode:
         return AdHocCommand.objects.create(inventory=inventory)
 
     @pytest.mark.django_db
-    def test_field_controller_node_exists(self, sqlite_copy_expert, admin_user, job, project_update, inventory_update, adhoc, get, system_job_factory):
+    def test_field_controller_node_exists(self, sqlite_copy, admin_user, job, project_update, inventory_update, adhoc, get, system_job_factory):
         system_job = system_job_factory()
 
         r = get(reverse('api:unified_job_list') + '?id={}'.format(job.id), admin_user, expect=200)

awx/main/tests/functional/api/test_unified_jobs_stdout.py

@@ -57,7 +57,7 @@ def _mk_inventory_update(created=None):
         [_mk_inventory_update, InventoryUpdateEvent, 'inventory_update', 'api:inventory_update_stdout'],
     ],
 )
-def test_text_stdout(sqlite_copy_expert, Parent, Child, relation, view, get, admin):
+def test_text_stdout(sqlite_copy, Parent, Child, relation, view, get, admin):
     job = Parent()
     job.save()
     for i in range(3):
@@ -79,7 +79,7 @@ def test_text_stdout(sqlite_copy_expert, Parent, Child, relation, view, get, adm
     ],
 )
 @pytest.mark.parametrize('download', [True, False])
-def test_ansi_stdout_filtering(sqlite_copy_expert, Parent, Child, relation, view, download, get, admin):
+def test_ansi_stdout_filtering(sqlite_copy, Parent, Child, relation, view, download, get, admin):
     job = Parent()
     job.save()
     for i in range(3):
@@ -111,7 +111,7 @@ def test_ansi_stdout_filtering(sqlite_copy_expert, Parent, Child, relation, view
         [_mk_inventory_update, InventoryUpdateEvent, 'inventory_update', 'api:inventory_update_stdout'],
     ],
 )
-def test_colorized_html_stdout(sqlite_copy_expert, Parent, Child, relation, view, get, admin):
+def test_colorized_html_stdout(sqlite_copy, Parent, Child, relation, view, get, admin):
     job = Parent()
     job.save()
     for i in range(3):
@@ -134,7 +134,7 @@ def test_colorized_html_stdout(sqlite_copy_expert, Parent, Child, relation, view
         [_mk_inventory_update, InventoryUpdateEvent, 'inventory_update', 'api:inventory_update_stdout'],
     ],
 )
-def test_stdout_line_range(sqlite_copy_expert, Parent, Child, relation, view, get, admin):
+def test_stdout_line_range(sqlite_copy, Parent, Child, relation, view, get, admin):
     job = Parent()
     job.save()
     for i in range(20):
@@ -146,7 +146,7 @@ def test_stdout_line_range(sqlite_copy_expert, Parent, Child, relation, view, ge
 
 
 @pytest.mark.django_db
-def test_text_stdout_from_system_job_events(sqlite_copy_expert, get, admin):
+def test_text_stdout_from_system_job_events(sqlite_copy, get, admin):
     created = tz_now()
     job = SystemJob(created=created)
     job.save()
@@ -158,7 +158,7 @@ def test_text_stdout_from_system_job_events(sqlite_copy_expert, get, admin):
 
 
 @pytest.mark.django_db
-def test_text_stdout_with_max_stdout(sqlite_copy_expert, get, admin):
+def test_text_stdout_with_max_stdout(sqlite_copy, get, admin):
     created = tz_now()
     job = SystemJob(created=created)
     job.save()
@@ -185,7 +185,7 @@ def test_text_stdout_with_max_stdout(sqlite_copy_expert, get, admin):
 )
 @pytest.mark.parametrize('fmt', ['txt', 'ansi'])
 @mock.patch('awx.main.redact.UriCleaner.SENSITIVE_URI_PATTERN', mock.Mock(**{'search.return_value': None}))  # really slow for large strings
-def test_max_bytes_display(sqlite_copy_expert, Parent, Child, relation, view, fmt, get, admin):
+def test_max_bytes_display(sqlite_copy, Parent, Child, relation, view, fmt, get, admin):
     created = tz_now()
     job = Parent(created=created)
     job.save()
@@ -255,7 +255,7 @@ def test_legacy_result_stdout_with_max_bytes(Cls, view, fmt, get, admin):
     ],
 )
 @pytest.mark.parametrize('fmt', ['txt', 'ansi', 'txt_download', 'ansi_download'])
-def test_text_with_unicode_stdout(sqlite_copy_expert, Parent, Child, relation, view, get, admin, fmt):
+def test_text_with_unicode_stdout(sqlite_copy, Parent, Child, relation, view, get, admin, fmt):
     job = Parent()
     job.save()
     for i in range(3):
@@ -267,7 +267,7 @@ def test_text_with_unicode_stdout(sqlite_copy_expert, Parent, Child, relation, v
 
 
 @pytest.mark.django_db
-def test_unicode_with_base64_ansi(sqlite_copy_expert, get, admin):
+def test_unicode_with_base64_ansi(sqlite_copy, get, admin):
     created = tz_now()
     job = Job(created=created)
     job.save()

awx/main/tests/functional/conftest.py

@@ -1,8 +1,6 @@
 # Python
 import pytest
 from unittest import mock
-import tempfile
-import shutil
 import urllib.parse
 from unittest.mock import PropertyMock
 
@@ -789,25 +787,43 @@ def oauth_application(admin):
     return Application.objects.create(name='test app', user=admin, client_type='confidential', authorization_grant_type='password')
 
 
-@pytest.fixture
-def sqlite_copy_expert(request):
-    # copy_expert is postgres-specific, and SQLite doesn't support it; mock its
-    # behavior to test that it writes a file that contains stdout from events
-    path = tempfile.mkdtemp(prefix='job-event-stdout')
+class MockCopy:
+    events = []
+    index = -1
 
-    def write_stdout(self, sql, fd):
-        # simulate postgres copy_expert support with ORM code
+    def __init__(self, sql):
+        self.events = []
         parts = sql.split(' ')
         tablename = parts[parts.index('from') + 1]
         for cls in (JobEvent, AdHocCommandEvent, ProjectUpdateEvent, InventoryUpdateEvent, SystemJobEvent):
             if cls._meta.db_table == tablename:
                 for event in cls.objects.order_by('start_line').all():
-                    fd.write(event.stdout)
+                    self.events.append(event.stdout)
 
-    setattr(SQLiteCursorWrapper, 'copy_expert', write_stdout)
-    request.addfinalizer(lambda: shutil.rmtree(path))
-    request.addfinalizer(lambda: delattr(SQLiteCursorWrapper, 'copy_expert'))
-    return path
+    def read(self):
+        self.index = self.index + 1
+        if self.index < len(self.events):
+            return memoryview(self.events[self.index].encode())
+
+        return None
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        pass
+
+
+@pytest.fixture
+def sqlite_copy(request, mocker):
+    # copy is postgres-specific, and SQLite doesn't support it; mock its
+    # behavior to test that it writes a file that contains stdout from events
+
+    def write_stdout(self, sql):
+        mock_copy = MockCopy(sql)
+        return mock_copy
+
+    mocker.patch.object(SQLiteCursorWrapper, 'copy', write_stdout, create=True)
 
 
 @pytest.fixture

awx/main/tests/functional/models/test_inventory.py

@@ -271,6 +271,7 @@ def test_inventory_update_excessively_long_name(inventory, inventory_source):
 class TestHostManager:
     def test_host_filter_not_smart(self, setup_ec2_gce, organization):
         smart_inventory = Inventory(name='smart', organization=organization, host_filter='inventory_sources__source=ec2')
+        smart_inventory.save()
         assert len(smart_inventory.hosts.all()) == 0
 
     def test_host_distinctness(self, setup_inventory_groups, organization):

awx/main/tests/functional/models/test_notifications.py

@@ -98,7 +98,7 @@ class TestJobNotificationMixin(object):
 
     @pytest.mark.django_db
     @pytest.mark.parametrize('JobClass', [AdHocCommand, InventoryUpdate, Job, ProjectUpdate, SystemJob, WorkflowJob])
-    def test_context(self, JobClass, sqlite_copy_expert, project, inventory_source):
+    def test_context(self, JobClass, sqlite_copy, project, inventory_source):
         """The Jinja context defines all of the fields that can be used by a template. Ensure that the context generated
         for each job type has the expected structure."""
         kwargs = {}

awx/main/tests/unit/models/test_events.py

@@ -1,5 +1,5 @@
 from datetime import datetime
-from django.utils.timezone import utc
+from datetime import timezone
 import pytest
 
 from awx.main.models import JobEvent, ProjectUpdateEvent, AdHocCommandEvent, InventoryUpdateEvent, SystemJobEvent
@@ -18,7 +18,7 @@ from awx.main.models import JobEvent, ProjectUpdateEvent, AdHocCommandEvent, Inv
 @pytest.mark.parametrize('created', [datetime(2018, 1, 1).isoformat(), datetime(2018, 1, 1)])
 def test_event_parse_created(job_identifier, cls, created):
     event = cls.create_from_data(**{job_identifier: 123, 'created': created})
-    assert event.created == datetime(2018, 1, 1).replace(tzinfo=utc)
+    assert event.created == datetime(2018, 1, 1).replace(tzinfo=timezone.utc)
 
 
 @pytest.mark.parametrize(

awx/settings/defaults.py

@@ -395,6 +395,7 @@ AUTHENTICATION_BACKENDS = (
 OAUTH2_PROVIDER_APPLICATION_MODEL = 'main.OAuth2Application'
 OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'main.OAuth2AccessToken'
 OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
+OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"
 
 OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
 ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False

licenses/deprecated.txt

@@ -0,0 +1,9 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Laurent LAPORTE
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

licenses/jwcrypto.txt

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

licenses/wrapt.txt

@@ -0,0 +1,24 @@
+Copyright (c) 2013-2023, Graham Dumpleton
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

requirements/requirements.in

@@ -9,20 +9,20 @@ cryptography
 Cython<3 # Since the bump to PyYAML 5.4.1 this is now a mandatory dep
 daphne
 distro
-django==3.2.16  # see UPGRADE BLOCKERs https://github.com/ansible/awx/security/dependabot/67
+django==4.2  # see UPGRADE BLOCKERs
 django-auth-ldap
 django-cors-headers
 django-crum
 django-extensions
 django-guid==3.2.1
-django-oauth-toolkit==1.4.1
+django-oauth-toolkit<2.0.0      # Version 2.0.0 has breaking changes that will need to be worked out before upgrading
 django-polymorphic
 django-pglocks
 django-redis
 django-solo
 django-split-settings==1.0.0    # We hit a strange issue where the release process errored when upgrading past 1.0.0 see UPGRADE BLOCKERS
 django-taggit
-djangorestframework==3.13.1
+djangorestframework
 djangorestframework-yaml
 filelock
 GitPython>=3.1.30  # CVE-2022-24439

requirements/requirements.txt

@@ -11,7 +11,7 @@ ansiconv==1.0.0
     # via -r /awx_devel/requirements/requirements.in
 asciichartpy==1.5.25
     # via -r /awx_devel/requirements/requirements.in
-asgiref==3.5.2
+asgiref==3.6.0
     # via
     #   channels
     #   channels-redis
@@ -74,6 +74,7 @@ cryptography==38.0.4
     #   adal
     #   autobahn
     #   azure-keyvault
+    #   jwcrypto
     #   pyopenssl
     #   service-identity
     #   social-auth-core
@@ -91,9 +92,11 @@ defusedxml==0.7.1
     # via
     #   python3-openid
     #   social-auth-core
+deprecated==1.2.13
+    # via jwcrypto
 distro==1.8.0
     # via -r /awx_devel/requirements/requirements.in
-django==3.2.16
+django==4.2
     # via
     #   -r /awx_devel/requirements/requirements.in
     #   channels
@@ -118,7 +121,7 @@ django-extensions==3.2.1
     # via -r /awx_devel/requirements/requirements.in
 django-guid==3.2.1
     # via -r /awx_devel/requirements/requirements.in
-django-oauth-toolkit==1.4.1
+django-oauth-toolkit==1.7.1
     # via -r /awx_devel/requirements/requirements.in
 django-pglocks==1.0.4
     # via -r /awx_devel/requirements/requirements.in
@@ -133,7 +136,7 @@ django-split-settings==1.0.0
     # via -r /awx_devel/requirements/requirements.in
 django-taggit==3.1.0
     # via -r /awx_devel/requirements/requirements.in
-djangorestframework==3.13.1
+djangorestframework==3.14.0
     # via -r /awx_devel/requirements/requirements.in
 djangorestframework-yaml==2.0.0
     # via -r /awx_devel/requirements/requirements.in
@@ -210,6 +213,8 @@ json-log-formatter==0.5.1
     # via -r /awx_devel/requirements/requirements.in
 jsonschema==4.17.3
     # via -r /awx_devel/requirements/requirements.in
+jwcrypto==1.4.2
+    # via django-oauth-toolkit
 kubernetes==25.3.0
     # via openshift
 lockfile==0.12.2
@@ -266,7 +271,7 @@ prometheus-client==0.15.0
     # via -r /awx_devel/requirements/requirements.in
 psutil==5.9.4
     # via -r /awx_devel/requirements/requirements.in
-psycopg==3.1.4
+psycopg==3.1.8
     # via -r /awx_devel/requirements/requirements.in
 psycopg2==2.9.5
     # via -r /awx_devel/requirements/requirements.in
@@ -329,7 +334,6 @@ python3-openid==3.2.0
     # via -r /awx_devel/requirements/requirements_git.txt
 pytz==2022.6
     # via
-    #   django
     #   djangorestframework
     #   irc
     #   tempora
@@ -444,6 +448,8 @@ websocket-client==1.4.2
     # via kubernetes
 wheel==0.38.4
     # via -r /awx_devel/requirements/requirements.in
+wrapt==1.15.0
+    # via deprecated
 xmlsec==1.3.13
     # via python3-saml
 yarl==1.8.1