Refactors the project form

2026-02-06 03:54:44 -03:30 · 2022-10-05 15:43:01 -04:00
169 changed files with 2191 additions and 207771 deletions
--- a/.github/workflows/feature_branch_deletion.yml
+++ b/.github/workflows/feature_branch_deletion.yml
@@ -1,24 +0,0 @@
---
-name: Feature branch deletion cleanup
-on:
-  delete:
-    branches:
-      - feature_**
-jobs:
-  push:
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-    steps:
-      - name: Delete API Schema
-        env:
-          AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
-          AWS_REGION: 'us-east-1'
-        run: |
-          ansible localhost -c local, -m command -a "{{ ansible_python_interpreter + ' -m pip install boto3'}}"
-          ansible localhost -c local -m aws_s3 \
-            -a "bucket=awx-public-ci-files object=${GITHUB_REF##*/}/schema.json mode=delete permission=public-read"
-
-
--- a/.github/workflows/pr_body_check.yml
+++ b/.github/workflows/pr_body_check.yml
@@ -13,13 +13,21 @@ jobs:
      packages: write
      contents: read
    steps:
-      - name: Check for each of the lines
-        env:
-          PR_BODY: ${{ github.event.pull_request.body }}
+      - name: Write PR body to a file
        run: |
-          echo $PR_BODY | grep "Bug, Docs Fix or other nominal change" > Z
-          echo $PR_BODY | grep "New or Enhanced Feature" > Y
-          echo $PR_BODY | grep "Breaking Change" > X
+          cat >> pr.body << __SOME_RANDOM_PR_EOF__
+          ${{ github.event.pull_request.body }}
+          __SOME_RANDOM_PR_EOF__
+
+      - name: Display the received body for troubleshooting
+        run: cat pr.body
+
+      # We want to write these out individually just incase the options were joined on a single line
+      - name: Check for each of the lines
+        run: |
+          grep "Bug, Docs Fix or other nominal change" pr.body > Z
+          grep "New or Enhanced Feature" pr.body > Y
+          grep "Breaking Change" pr.body > X
          exit 0
        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
--- a/.github/workflows/upload_schema.yml
+++ b/.github/workflows/upload_schema.yml
@@ -5,7 +5,6 @@ on:
    branches:
      - devel
      - release_**
-      - feature_**
 jobs:
  push:
    runs-on: ubuntu-latest
--- a/176
+++ b/176
@@ -54,6 +54,46 @@ I18N_FLAG_FILE = .i18n_built
 	VERSION PYTHON_VERSION docker-compose-sources \
 	.git/hooks/pre-commit

+clean-tmp:
+	rm -rf tmp/
+
+clean-venv:
+	rm -rf venv/
+
+clean-dist:
+	rm -rf dist
+
+clean-schema:
+	rm -rf swagger.json
+	rm -rf schema.json
+	rm -rf reference-schema.json
+
+clean-languages:
+	rm -f $(I18N_FLAG_FILE)
+	find ./awx/locale/ -type f -regex ".*\.mo$" -delete
+
+## Remove temporary build files, compiled Python files.
+clean: clean-ui clean-api clean-awxkit clean-dist
+	rm -rf awx/public
+	rm -rf awx/lib/site-packages
+	rm -rf awx/job_status
+	rm -rf awx/job_output
+	rm -rf reports
+	rm -rf tmp
+	rm -rf $(I18N_FLAG_FILE)
+	mkdir tmp
+
+clean-api:
+	rm -rf build $(NAME)-$(VERSION) *.egg-info
+	find . -type f -regex ".*\.py[co]$$" -delete
+	find . -type d -name "__pycache__" -delete
+	rm -f awx/awx_test.sqlite3*
+	rm -rf requirements/vendor
+	rm -rf awx/projects
+
+clean-awxkit:
+	rm -rf awxkit/*.egg-info awxkit/.tox awxkit/build/*
+
 ## convenience target to assert environment variables are defined
 guard-%:
 	@if [ "$${$*}" = "" ]; then \
@@ -77,7 +117,7 @@ virtualenv_awx:
 		fi; \
 	fi

-## Install third-party requirements needed for AWX's environment.
+## Install third-party requirements needed for AWX's environment. 
 # this does not use system site packages intentionally
 requirements_awx: virtualenv_awx
 	if [[ "$(PIP_OPTIONS)" == *"--no-index"* ]]; then \
@@ -141,7 +181,7 @@ collectstatic:
 	@if [ "$(VENV_BASE)" ]; then \
 		. $(VENV_BASE)/awx/bin/activate; \
 	fi; \
-	$(PYTHON) manage.py collectstatic --clear --noinput > /dev/null 2>&1
+	mkdir -p awx/public/static && $(PYTHON) manage.py collectstatic --clear --noinput > /dev/null 2>&1

 DEV_RELOAD_COMMAND ?= supervisorctl restart tower-processes:*

@@ -331,6 +371,13 @@ bulk_data:

 UI_BUILD_FLAG_FILE = awx/ui/.ui-built

+clean-ui:
+	rm -rf node_modules
+	rm -rf awx/ui/node_modules
+	rm -rf awx/ui/build
+	rm -rf awx/ui/src/locales/_build
+	rm -rf $(UI_BUILD_FLAG_FILE)
+
 awx/ui/node_modules:
 	NODE_OPTIONS=--max-old-space-size=6144 $(NPM_BIN) --prefix awx/ui --loglevel warn --force ci

@@ -339,14 +386,16 @@ $(UI_BUILD_FLAG_FILE):
 	$(PYTHON) tools/scripts/compilemessages.py
 	$(NPM_BIN) --prefix awx/ui --loglevel warn run compile-strings
 	$(NPM_BIN) --prefix awx/ui --loglevel warn run build
-	mkdir -p /var/lib/awx/public/static/css
-	mkdir -p /var/lib/awx/public/static/js
-	mkdir -p /var/lib/awx/public/static/media
-	cp -r awx/ui/build/static/css/* /var/lib/awx/public/static/css
-	cp -r awx/ui/build/static/js/* /var/lib/awx/public/static/js
-	cp -r awx/ui/build/static/media/* /var/lib/awx/public/static/media
+	mkdir -p awx/public/static/css
+	mkdir -p awx/public/static/js
+	mkdir -p awx/public/static/media
+	cp -r awx/ui/build/static/css/* awx/public/static/css
+	cp -r awx/ui/build/static/js/* awx/public/static/js
+	cp -r awx/ui/build/static/media/* awx/public/static/media
 	touch $@

+
+
 ui-release: $(UI_BUILD_FLAG_FILE)

 ui-devel: awx/ui/node_modules
@@ -402,9 +451,8 @@ awx/projects:
 COMPOSE_UP_OPTS ?=
 COMPOSE_OPTS ?=
 CONTROL_PLANE_NODE_COUNT ?= 1
-EXECUTION_NODE_COUNT ?= 0
+EXECUTION_NODE_COUNT ?= 2
 MINIKUBE_CONTAINER_GROUP ?= false
-MINIKUBE_SETUP ?= false # if false, run minikube separately
 EXTRA_SOURCES_ANSIBLE_OPTS ?=

 ifneq ($(ADMIN_PASSWORD),)
@@ -413,7 +461,7 @@ endif

 docker-compose-sources: .git/hooks/pre-commit
 	@if [ $(MINIKUBE_CONTAINER_GROUP) = true ]; then\
-	    ansible-playbook -i tools/docker-compose/inventory -e minikube_setup=$(MINIKUBE_SETUP) tools/docker-compose-minikube/deploy.yml; \
+	    ansible-playbook -i tools/docker-compose/inventory tools/docker-compose-minikube/deploy.yml; \
 	fi;

 	ansible-playbook -i tools/docker-compose/inventory tools/docker-compose/ansible/sources.yml \
@@ -453,6 +501,15 @@ detect-schema-change: genschema
 	# Ignore differences in whitespace with -b
 	diff -u -b reference-schema.json schema.json

+docker-compose-clean: awx/projects
+	docker-compose -f tools/docker-compose/_sources/docker-compose.yml rm -sf
+
+docker-compose-container-group-clean:
+	@if [ -f "tools/docker-compose-minikube/_sources/minikube" ]; then \
+	    tools/docker-compose-minikube/_sources/minikube delete; \
+	fi
+	rm -rf tools/docker-compose-minikube/_sources/
+
 ## Base development image build
 docker-compose-build:
 	ansible-playbook tools/ansible/dockerfile.yml -e build_dev=True -e receptor_image=$(RECEPTOR_IMAGE)
@@ -460,6 +517,15 @@ docker-compose-build:
 	    --build-arg BUILDKIT_INLINE_CACHE=1 \
 	    --cache-from=$(DEV_DOCKER_TAG_BASE)/awx_devel:$(COMPOSE_TAG) .

+docker-clean:
+	$(foreach container_id,$(shell docker ps -f name=tools_awx -aq && docker ps -f name=tools_receptor -aq),docker stop $(container_id); docker rm -f $(container_id);)
+	if [ "$(shell docker images | grep awx_devel)" ]; then \
+	  docker images | grep awx_devel | awk '{print $$3}' | xargs docker rmi --force; \
+	fi
+
+docker-clean-volumes: docker-compose-clean docker-compose-container-group-clean
+	docker volume rm -f tools_awx_db tools_grafana_storage tools_prometheus_storage $(docker volume ls --filter name=tools_redis_socket_ -q)
+
 docker-refresh: docker-clean docker-compose

 ## Docker Development Environment with Elastic Stack Connected
@@ -472,6 +538,14 @@ docker-compose-cluster-elk: awx/projects docker-compose-sources
 docker-compose-container-group:
 	MINIKUBE_CONTAINER_GROUP=true make docker-compose

+clean-elk:
+	docker stop tools_kibana_1
+	docker stop tools_logstash_1
+	docker stop tools_elasticsearch_1
+	docker rm tools_logstash_1
+	docker rm tools_elasticsearch_1
+	docker rm tools_kibana_1
+
 psql-container:
 	docker run -it --net tools_default --rm postgres:12 sh -c 'exec psql -h "postgres" -p "5432" -U postgres'

@@ -528,84 +602,6 @@ messages:
 print-%:
 	@echo $($*)

-# Cleaning
-# --------------------------------------
-## Remove temporary build files, compiled Python files.
-clean: clean-ui clean-api clean-awxkit clean-dist
-	rm -rf awx/public
-	rm -rf awx/lib/site-packages
-	rm -rf awx/job_status
-	rm -rf awx/job_output
-	rm -rf reports
-	rm -rf tmp
-	rm -rf $(I18N_FLAG_FILE)
-	mkdir tmp
-
-clean-elk:
-	docker stop tools_kibana_1
-	docker stop tools_logstash_1
-	docker stop tools_elasticsearch_1
-	docker rm tools_logstash_1
-	docker rm tools_elasticsearch_1
-	docker rm tools_kibana_1
-
-clean-ui:
-	rm -rf node_modules
-	rm -rf awx/ui/node_modules
-	rm -rf awx/ui/build
-	rm -rf awx/ui/src/locales/_build
-	rm -rf $(UI_BUILD_FLAG_FILE)
-    # the collectstatic command doesn't like it if this dir doesn't exist.
-	mkdir -p awx/ui/build/static
-
-clean-tmp:
-	rm -rf tmp/
-
-clean-venv:
-	rm -rf venv/
-
-clean-dist:
-	rm -rf dist
-
-clean-schema:
-	rm -rf swagger.json
-	rm -rf schema.json
-	rm -rf reference-schema.json
-
-clean-languages:
-	rm -f $(I18N_FLAG_FILE)
-	find ./awx/locale/ -type f -regex ".*\.mo$" -delete
-
-clean-api:
-	rm -rf build $(NAME)-$(VERSION) *.egg-info
-	rm -rf .tox
-	find . -type f -regex ".*\.py[co]$$" -delete
-	find . -type d -name "__pycache__" -delete
-	rm -f awx/awx_test.sqlite3*
-	rm -rf requirements/vendor
-	rm -rf awx/projects
-
-clean-awxkit:
-	rm -rf awxkit/*.egg-info awxkit/.tox awxkit/build/*
-
-docker-compose-clean: awx/projects
-	docker-compose -f tools/docker-compose/_sources/docker-compose.yml rm -sf
-
-docker-compose-container-group-clean:
-	@if [ -f "tools/docker-compose-minikube/_sources/minikube" ]; then \
-	    tools/docker-compose-minikube/_sources/minikube delete; \
-	fi
-	rm -rf tools/docker-compose-minikube/_sources/
-
-docker-clean:
-	$(foreach container_id,$(shell docker ps -f name=tools_awx -aq && docker ps -f name=tools_receptor -aq),docker stop $(container_id); docker rm -f $(container_id);)
-	if [ "$(shell docker images | grep awx_devel)" ]; then \
-	  docker images | grep awx_devel | awk '{print $$3}' | xargs docker rmi --force; \
-	fi
-
-docker-clean-volumes: docker-compose-clean docker-compose-container-group-clean
-	docker volume rm -f tools_awx_db tools_grafana_storage tools_prometheus_storage $(docker volume ls --filter name=tools_redis_socket_ -q)
-
 # HELP related targets
 # --------------------------------------

@@ -639,4 +635,4 @@ help/generate:
 		} \
 	} \
 	{ lastLine = $$0 }' $(MAKEFILE_LIST) | sort -u
-	@printf "\n"
+	@printf "\n"
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -6,6 +6,7 @@ import inspect
 import logging
 import time
 import uuid
+import urllib.parse

 # Django
 from django.conf import settings
@@ -13,7 +14,7 @@ from django.contrib.auth import views as auth_views
 from django.contrib.contenttypes.models import ContentType
 from django.core.cache import cache
 from django.core.exceptions import FieldDoesNotExist
-from django.db import connection, transaction
+from django.db import connection
 from django.db.models.fields.related import OneToOneRel
 from django.http import QueryDict
 from django.shortcuts import get_object_or_404
@@ -29,7 +30,7 @@ from rest_framework.response import Response
 from rest_framework import status
 from rest_framework import views
 from rest_framework.permissions import AllowAny
-from rest_framework.renderers import StaticHTMLRenderer
+from rest_framework.renderers import StaticHTMLRenderer, JSONRenderer
 from rest_framework.negotiation import DefaultContentNegotiation

 # AWX
@@ -40,7 +41,7 @@ from awx.main.utils import camelcase_to_underscore, get_search_fields, getattrd,
 from awx.main.utils.db import get_all_field_names
 from awx.main.utils.licensing import server_product_name
 from awx.main.views import ApiErrorView
-from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer
+from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
 from awx.api.versioning import URLPathVersioning
 from awx.api.metadata import SublistAttachDetatchMetadata, Metadata
 from awx.conf import settings_registry
@@ -64,7 +65,6 @@ __all__ = [
    'ParentMixin',
    'SubListAttachDetachAPIView',
    'CopyAPIView',
-    'GenericCancelView',
    'BaseUsersList',
 ]

@@ -90,9 +90,13 @@ class LoggedLoginView(auth_views.LoginView):

    def post(self, request, *args, **kwargs):
        ret = super(LoggedLoginView, self).post(request, *args, **kwargs)
+        current_user = getattr(request, 'user', None)
        if request.user.is_authenticated:
            logger.info(smart_str(u"User {} logged in from {}".format(self.request.user.username, request.META.get('REMOTE_ADDR', None))))
            ret.set_cookie('userLoggedIn', 'true')
+            current_user = UserSerializer(self.request.user)
+            current_user = smart_str(JSONRenderer().render(current_user.data))
+            current_user = urllib.parse.quote('%s' % current_user, '')
            ret.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid'))

            return ret
@@ -249,7 +253,7 @@ class APIView(views.APIView):
            response['X-API-Query-Time'] = '%0.3fs' % sum(q_times)

        if getattr(self, 'deprecated', False):
-            response['Warning'] = '299 awx "This resource has been deprecated and will be removed in a future release."'
+            response['Warning'] = '299 awx "This resource has been deprecated and will be removed in a future release."'  # noqa

        return response

@@ -986,23 +990,6 @@ class CopyAPIView(GenericAPIView):
        return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)


-class GenericCancelView(RetrieveAPIView):
-    # In subclass set model, serializer_class
-    obj_permission_type = 'cancel'
-
-    @transaction.non_atomic_requests
-    def dispatch(self, *args, **kwargs):
-        return super(GenericCancelView, self).dispatch(*args, **kwargs)
-
-    def post(self, request, *args, **kwargs):
-        obj = self.get_object()
-        if obj.can_cancel:
-            obj.cancel()
-            return Response(status=status.HTTP_202_ACCEPTED)
-        else:
-            return self.http_method_not_allowed(request, *args, **kwargs)
-
-
 class BaseUsersList(SubListCreateAttachDetachAPIView):
    def post(self, request, *args, **kwargs):
        ret = super(BaseUsersList, self).post(request, *args, **kwargs)
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -24,6 +24,7 @@ __all__ = [
    'InventoryInventorySourcesUpdatePermission',
    'UserPermission',
    'IsSystemAdminOrAuditor',
+    'InstanceGroupTowerPermission',
    'WorkflowApprovalPermission',
 ]

--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -29,7 +29,6 @@ from django.utils.translation import gettext_lazy as _
 from django.utils.encoding import force_str
 from django.utils.text import capfirst
 from django.utils.timezone import now
-from django.core.validators import RegexValidator, MaxLengthValidator

 # Django REST Framework
 from rest_framework.exceptions import ValidationError, PermissionDenied
@@ -121,9 +120,6 @@ from awx.main.validators import vars_validate_or_raise
 from awx.api.versioning import reverse
 from awx.api.fields import BooleanNullField, CharNullField, ChoiceNullField, VerbatimField, DeprecatedCredentialField

-# AWX Utils
-from awx.api.validators import HostnameRegexValidator
-
 logger = logging.getLogger('awx.api.serializers')

 # Fields that should be summarized regardless of object type.
@@ -2221,15 +2217,6 @@ class InventorySourceUpdateSerializer(InventorySourceSerializer):
    class Meta:
        fields = ('can_update',)

-    def validate(self, attrs):
-        project = self.instance.source_project
-        if project:
-            failed_reason = project.get_reason_if_failed()
-            if failed_reason:
-                raise serializers.ValidationError(failed_reason)
-
-        return super(InventorySourceUpdateSerializer, self).validate(attrs)
-

 class InventoryUpdateSerializer(UnifiedJobSerializer, InventorySourceOptionsSerializer):

@@ -3759,11 +3746,7 @@ class LaunchConfigurationBaseSerializer(BaseSerializer):

        # Build unsaved version of this config, use it to detect prompts errors
        mock_obj = self._build_mock_obj(attrs)
-        if set(list(ujt.get_ask_mapping().keys()) + ['extra_data']) & set(attrs.keys()):
-            accepted, rejected, errors = ujt._accept_or_ignore_job_kwargs(_exclude_errors=self.exclude_errors, **mock_obj.prompts_dict())
-        else:
-            # Only perform validation of prompts if prompts fields are provided
-            errors = {}
+        accepted, rejected, errors = ujt._accept_or_ignore_job_kwargs(_exclude_errors=self.exclude_errors, **mock_obj.prompts_dict())

        # Remove all unprocessed $encrypted$ strings, indicating default usage
        if 'extra_data' in attrs and password_dict:
@@ -4281,10 +4264,17 @@ class JobLaunchSerializer(BaseSerializer):
        # Basic validation - cannot run a playbook without a playbook
        if not template.project:
            errors['project'] = _("A project is required to run a job.")
-        else:
-            failure_reason = template.project.get_reason_if_failed()
-            if failure_reason:
-                errors['playbook'] = failure_reason
+        elif template.project.status in ('error', 'failed'):
+            errors['playbook'] = _("Missing a revision to run due to failed project update.")
+
+            latest_update = template.project.project_updates.last()
+            if latest_update is not None and latest_update.failed:
+                failed_validation_tasks = latest_update.project_update_events.filter(
+                    event='runner_on_failed',
+                    play="Perform project signature/checksum verification",
+                )
+                if failed_validation_tasks:
+                    errors['playbook'] = _("Last project update failed due to signature validation failure.")

        # cannot run a playbook without an inventory
        if template.inventory and template.inventory.pending_deletion is True:
@@ -4931,19 +4921,6 @@ class InstanceSerializer(BaseSerializer):
        extra_kwargs = {
            'node_type': {'initial': Instance.Types.EXECUTION, 'default': Instance.Types.EXECUTION},
            'node_state': {'initial': Instance.States.INSTALLED, 'default': Instance.States.INSTALLED},
-            'hostname': {
-                'validators': [
-                    MaxLengthValidator(limit_value=250),
-                    validators.UniqueValidator(queryset=Instance.objects.all()),
-                    RegexValidator(
-                        regex=r'^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$',
-                        flags=re.IGNORECASE,
-                        inverse_match=True,
-                        message="hostname cannot be localhost or 127.0.0.1",
-                    ),
-                    HostnameRegexValidator(),
-                ],
-            },
        }

    def get_related(self, obj):
@@ -4954,7 +4931,7 @@ class InstanceSerializer(BaseSerializer):
            res['install_bundle'] = self.reverse('api:instance_install_bundle', kwargs={'pk': obj.pk})
        res['peers'] = self.reverse('api:instance_peers_list', kwargs={"pk": obj.pk})
        if self.context['request'].user.is_superuser or self.context['request'].user.is_system_auditor:
-            if obj.node_type == 'execution':
+            if obj.node_type != 'hop':
                res['health_check'] = self.reverse('api:instance_health_check', kwargs={'pk': obj.pk})
        return res

@@ -5014,10 +4991,6 @@ class InstanceSerializer(BaseSerializer):
        return value

    def validate_hostname(self, value):
-        """
-        - Hostname cannot be "localhost" - but can be something like localhost.domain
-        - Cannot change the hostname of an-already instantiated & initialized Instance object
-        """
        if self.instance and self.instance.hostname != value:
            raise serializers.ValidationError("Cannot change hostname.")

--- a/awx/api/templates/api/job_template_launch.md
+++ b/awx/api/templates/api/job_template_launch.md
@@ -1,5 +1,5 @@
 Launch a Job Template:
-{% ifmeth GET %}
+
 Make a GET request to this resource to determine if the job_template can be
 launched and whether any passwords are required to launch the job_template.
 The response will include the following fields:
@@ -29,8 +29,8 @@ The response will include the following fields:
 * `inventory_needed_to_start`: Flag indicating the presence of an inventory
  associated with the job template.  If not then one should be supplied when
  launching the job (boolean, read-only)
-{% endifmeth %}
-{% ifmeth POST %}Make a POST request to this resource to launch the job_template. If any
+
+Make a POST request to this resource to launch the job_template. If any
 passwords, inventory, or extra variables (extra_vars) are required, they must
 be passed via POST data, with extra_vars given as a YAML or JSON string and
 escaped parentheses. If the `inventory_needed_to_start` is `True` then the
@@ -41,4 +41,3 @@ are not provided, a 400 status code will be returned.  If the job cannot be
 launched, a 405 status code will be returned. If the provided credential or
 inventory are not allowed to be used by the user, then a 403 status code will
 be returned.
-{% endifmeth %}
--- a/awx/api/templates/instance_install_bundle/group_vars/all.yml
+++ b/awx/api/templates/instance_install_bundle/group_vars/all.yml
@@ -1,5 +1,3 @@
-receptor_user: awx
-receptor_group: awx
 receptor_verify: true
 receptor_tls: true
 receptor_work_commands:
@@ -7,17 +5,17 @@ receptor_work_commands:
    command: ansible-runner
    params: worker
    allowruntimeparams: true
-    verifysignature: {{ sign_work }}
+    verifysignature: true
 custom_worksign_public_keyfile: receptor/work-public-key.pem
 custom_tls_certfile: receptor/tls/receptor.crt
 custom_tls_keyfile: receptor/tls/receptor.key
 custom_ca_certfile: receptor/tls/ca/receptor-ca.crt
+receptor_user: awx
+receptor_group: awx
 receptor_protocol: 'tcp'
 receptor_listener: true
 receptor_port: {{ instance.listener_port }}
 receptor_dependencies:
+  - podman
+  - crun
  - python39-pip
-{% verbatim %}
-podman_user: "{{ receptor_user }}"
-podman_group: "{{ receptor_group }}"
-{% endverbatim %}
--- a/awx/api/templates/instance_install_bundle/install_receptor.yml
+++ b/awx/api/templates/instance_install_bundle/install_receptor.yml
@@ -9,12 +9,10 @@
        shell: /bin/bash
    - name: Enable Copr repo for Receptor
      command: dnf copr enable ansible-awx/receptor -y
-    - import_role:
-        name: ansible.receptor.podman
    - import_role:
        name: ansible.receptor.setup
    - name: Install ansible-runner
      pip:
        name: ansible-runner
        executable: pip3.9
-{% endverbatim %}
+{% endverbatim %}
--- a/awx/api/templates/instance_install_bundle/requirements.yml
+++ b/awx/api/templates/instance_install_bundle/requirements.yml
@@ -1,4 +1,6 @@
 ---
 collections:
  - name: ansible.receptor
-    version: 1.1.0
+    source: https://github.com/ansible/receptor-collection/
+    type: git
+    version: 0.1.1
--- a/awx/api/urls/instance.py
+++ b/awx/api/urls/instance.py
@@ -9,9 +9,9 @@ from awx.api.views import (
    InstanceUnifiedJobsList,
    InstanceInstanceGroupsList,
    InstanceHealthCheck,
+    InstanceInstallBundle,
    InstancePeersList,
 )
-from awx.api.views.instance_install_bundle import InstanceInstallBundle


 urls = [
--- a/awx/api/urls/inventory.py
+++ b/awx/api/urls/inventory.py
@@ -3,28 +3,26 @@

 from django.urls import re_path

-from awx.api.views.inventory import (
+from awx.api.views import (
    InventoryList,
    InventoryDetail,
+    InventoryHostsList,
+    InventoryGroupsList,
+    InventoryRootGroupsList,
+    InventoryVariableData,
+    InventoryScriptView,
+    InventoryTreeView,
+    InventoryInventorySourcesList,
+    InventoryInventorySourcesUpdate,
    InventoryActivityStreamList,
    InventoryJobTemplateList,
+    InventoryAdHocCommandsList,
    InventoryAccessList,
    InventoryObjectRolesList,
    InventoryInstanceGroupsList,
    InventoryLabelList,
    InventoryCopy,
 )
-from awx.api.views import (
-    InventoryHostsList,
-    InventoryGroupsList,
-    InventoryInventorySourcesList,
-    InventoryInventorySourcesUpdate,
-    InventoryAdHocCommandsList,
-    InventoryRootGroupsList,
-    InventoryScriptView,
-    InventoryTreeView,
-    InventoryVariableData,
-)


 urls = [
--- a/awx/api/urls/inventory_update.py
+++ b/awx/api/urls/inventory_update.py
@@ -3,9 +3,6 @@

 from django.urls import re_path

-from awx.api.views.inventory import (
-    InventoryUpdateEventsList,
-)
 from awx.api.views import (
    InventoryUpdateList,
    InventoryUpdateDetail,
@@ -13,6 +10,7 @@ from awx.api.views import (
    InventoryUpdateStdout,
    InventoryUpdateNotificationsList,
    InventoryUpdateCredentialsList,
+    InventoryUpdateEventsList,
 )


--- a/awx/api/urls/oauth2_root.py
+++ b/awx/api/urls/oauth2_root.py
@@ -10,7 +10,7 @@ from oauthlib import oauth2
 from oauth2_provider import views

 from awx.main.models import RefreshToken
-from awx.api.views.root import ApiOAuthAuthorizationRootView
+from awx.api.views import ApiOAuthAuthorizationRootView


 class TokenView(views.TokenView):
--- a/awx/api/urls/organization.py
+++ b/awx/api/urls/organization.py
@@ -3,7 +3,7 @@

 from django.urls import re_path

-from awx.api.views.organization import (
+from awx.api.views import (
    OrganizationList,
    OrganizationDetail,
    OrganizationUsersList,
@@ -14,6 +14,7 @@ from awx.api.views.organization import (
    OrganizationJobTemplatesList,
    OrganizationWorkflowJobTemplatesList,
    OrganizationTeamsList,
+    OrganizationCredentialList,
    OrganizationActivityStreamList,
    OrganizationNotificationTemplatesList,
    OrganizationNotificationTemplatesErrorList,
@@ -24,8 +25,8 @@ from awx.api.views.organization import (
    OrganizationGalaxyCredentialsList,
    OrganizationObjectRolesList,
    OrganizationAccessList,
+    OrganizationApplicationList,
 )
-from awx.api.views import OrganizationCredentialList, OrganizationApplicationList


 urls = [
--- a/awx/api/urls/urls.py
+++ b/awx/api/urls/urls.py
@@ -6,15 +6,13 @@ from django.urls import include, re_path

 from awx import MODE
 from awx.api.generics import LoggedLoginView, LoggedLogoutView
-from awx.api.views.root import (
+from awx.api.views import (
    ApiRootView,
    ApiV2RootView,
    ApiV2PingView,
    ApiV2ConfigView,
    ApiV2SubscriptionView,
    ApiV2AttachView,
-)
-from awx.api.views import (
    AuthView,
    UserMeList,
    DashboardView,
@@ -30,8 +28,8 @@ from awx.api.views import (
    OAuth2TokenList,
    ApplicationOAuth2TokenList,
    OAuth2ApplicationDetail,
+    MeshVisualizer,
 )
-from awx.api.views.mesh_visualizer import MeshVisualizer

 from awx.api.views.metrics import MetricsView

--- a/awx/api/urls/webhooks.py
+++ b/awx/api/urls/webhooks.py
@@ -1,6 +1,6 @@
 from django.urls import re_path

-from awx.api.views.webhooks import WebhookKeyView, GithubWebhookReceiver, GitlabWebhookReceiver
+from awx.api.views import WebhookKeyView, GithubWebhookReceiver, GitlabWebhookReceiver


 urlpatterns = [
--- a/awx/api/validators.py
+++ b/awx/api/validators.py
@@ -1,55 +0,0 @@
-import re
-
-from django.core.validators import RegexValidator, validate_ipv46_address
-from django.core.exceptions import ValidationError
-
-
-class HostnameRegexValidator(RegexValidator):
-    """
-    Fully validates a domain name that is compliant with norms in Linux/RHEL
-        - Cannot start with a hyphen
-        - Cannot begin with, or end with a "."
-        - Cannot contain any whitespaces
-        - Entire hostname is max 255 chars (including dots)
-        - Each domain/label is between 1 and 63 characters, except top level domain, which must be at least 2 characters
-        - Supports ipv4, ipv6, simple hostnames and FQDNs
-        - Follows RFC 9210 (modern RFC 1123, 1178) requirements
-
-    Accepts an IP Address or Hostname as the argument
-    """
-
-    regex = '^[a-z0-9][-a-z0-9]*$|^([a-z0-9][-a-z0-9]{0,62}[.])*[a-z0-9][-a-z0-9]{1,62}$'
-    flags = re.IGNORECASE
-
-    def __call__(self, value):
-        regex_matches, err = self.__validate(value)
-        invalid_input = regex_matches if self.inverse_match else not regex_matches
-        if invalid_input:
-            if err is None:
-                err = ValidationError(self.message, code=self.code, params={"value": value})
-            raise err
-
-    def __str__(self):
-        return f"regex={self.regex}, message={self.message}, code={self.code}, inverse_match={self.inverse_match}, flags={self.flags}"
-
-    def __validate(self, value):
-
-        if ' ' in value:
-            return False, ValidationError("whitespaces in hostnames are illegal")
-
-        """
-        If we have an IP address, try and validate it.
-        """
-        try:
-            validate_ipv46_address(value)
-            return True, None
-        except ValidationError:
-            pass
-
-        """
-        By this point in the code, we probably have a simple hostname, FQDN or a strange hostname like "192.localhost.domain.101"
-        """
-        if not self.regex.match(value):
-            return False, ValidationError(f"illegal characters detected in hostname={value}. Please verify.")
-
-        return True, None
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@@ -5,7 +5,6 @@
 import dateutil
 import functools
 import html
-import itertools
 import logging
 import re
 import requests
@@ -21,10 +20,9 @@ from urllib3.exceptions import ConnectTimeoutError
 # Django
 from django.conf import settings
 from django.core.exceptions import FieldError, ObjectDoesNotExist
-from django.db.models import Q, Sum, Count
+from django.db.models import Q, Sum
 from django.db import IntegrityError, ProgrammingError, transaction, connection
 from django.db.models.fields.related import ManyToManyField, ForeignKey
-from django.db.models.functions import Trunc
 from django.shortcuts import get_object_or_404
 from django.utils.safestring import mark_safe
 from django.utils.timezone import now
@@ -49,6 +47,9 @@ from rest_framework import status
 from rest_framework_yaml.parsers import YAMLParser
 from rest_framework_yaml.renderers import YAMLRenderer

+# QSStats
+import qsstats
+
 # ANSIConv
 import ansiconv

@@ -68,7 +69,6 @@ from awx.api.generics import (
    APIView,
    BaseUsersList,
    CopyAPIView,
-    GenericCancelView,
    GenericAPIView,
    ListAPIView,
    ListCreateAPIView,
@@ -122,6 +122,56 @@ from awx.api.views.mixin import (
    UnifiedJobDeletionMixin,
    NoTruncateMixin,
 )
+from awx.api.views.instance_install_bundle import InstanceInstallBundle  # noqa
+from awx.api.views.inventory import (  # noqa
+    InventoryList,
+    InventoryDetail,
+    InventoryUpdateEventsList,
+    InventoryList,
+    InventoryDetail,
+    InventoryActivityStreamList,
+    InventoryInstanceGroupsList,
+    InventoryAccessList,
+    InventoryObjectRolesList,
+    InventoryJobTemplateList,
+    InventoryLabelList,
+    InventoryCopy,
+)
+from awx.api.views.mesh_visualizer import MeshVisualizer  # noqa
+from awx.api.views.organization import (  # noqa
+    OrganizationList,
+    OrganizationDetail,
+    OrganizationInventoriesList,
+    OrganizationUsersList,
+    OrganizationAdminsList,
+    OrganizationExecutionEnvironmentsList,
+    OrganizationProjectsList,
+    OrganizationJobTemplatesList,
+    OrganizationWorkflowJobTemplatesList,
+    OrganizationTeamsList,
+    OrganizationActivityStreamList,
+    OrganizationNotificationTemplatesList,
+    OrganizationNotificationTemplatesAnyList,
+    OrganizationNotificationTemplatesErrorList,
+    OrganizationNotificationTemplatesStartedList,
+    OrganizationNotificationTemplatesSuccessList,
+    OrganizationNotificationTemplatesApprovalList,
+    OrganizationInstanceGroupsList,
+    OrganizationGalaxyCredentialsList,
+    OrganizationAccessList,
+    OrganizationObjectRolesList,
+)
+from awx.api.views.root import (  # noqa
+    ApiRootView,
+    ApiOAuthAuthorizationRootView,
+    ApiVersionRootView,
+    ApiV2RootView,
+    ApiV2PingView,
+    ApiV2ConfigView,
+    ApiV2SubscriptionView,
+    ApiV2AttachView,
+)
+from awx.api.views.webhooks import WebhookKeyView, GithubWebhookReceiver, GitlabWebhookReceiver  # noqa
 from awx.api.pagination import UnifiedJobEventPagination
 from awx.main.utils import set_environ

@@ -282,50 +332,30 @@ class DashboardJobsGraphView(APIView):
            success_query = success_query.filter(instance_of=models.ProjectUpdate)
            failed_query = failed_query.filter(instance_of=models.ProjectUpdate)

-        end = now()
-        interval = 'day'
+        success_qss = qsstats.QuerySetStats(success_query, 'finished')
+        failed_qss = qsstats.QuerySetStats(failed_query, 'finished')
+
+        start_date = now()
        if period == 'month':
-            start = end - dateutil.relativedelta.relativedelta(months=1)
+            end_date = start_date - dateutil.relativedelta.relativedelta(months=1)
+            interval = 'days'
        elif period == 'two_weeks':
-            start = end - dateutil.relativedelta.relativedelta(weeks=2)
+            end_date = start_date - dateutil.relativedelta.relativedelta(weeks=2)
+            interval = 'days'
        elif period == 'week':
-            start = end - dateutil.relativedelta.relativedelta(weeks=1)
+            end_date = start_date - dateutil.relativedelta.relativedelta(weeks=1)
+            interval = 'days'
        elif period == 'day':
-            start = end - dateutil.relativedelta.relativedelta(days=1)
-            interval = 'hour'
+            end_date = start_date - dateutil.relativedelta.relativedelta(days=1)
+            interval = 'hours'
        else:
            return Response({'error': _('Unknown period "%s"') % str(period)}, status=status.HTTP_400_BAD_REQUEST)

        dashboard_data = {"jobs": {"successful": [], "failed": []}}
-
-        succ_list = dashboard_data['jobs']['successful']
-        fail_list = dashboard_data['jobs']['failed']
-
-        qs_s = (
-            success_query.filter(finished__range=(start, end))
-            .annotate(d=Trunc('finished', interval, tzinfo=end.tzinfo))
-            .order_by()
-            .values('d')
-            .annotate(agg=Count('id', distinct=True))
-        )
-        data_s = {item['d']: item['agg'] for item in qs_s}
-        qs_f = (
-            failed_query.filter(finished__range=(start, end))
-            .annotate(d=Trunc('finished', interval, tzinfo=end.tzinfo))
-            .order_by()
-            .values('d')
-            .annotate(agg=Count('id', distinct=True))
-        )
-        data_f = {item['d']: item['agg'] for item in qs_f}
-
-        start_date = start.replace(hour=0, minute=0, second=0, microsecond=0)
-        for d in itertools.count():
-            date = start_date + dateutil.relativedelta.relativedelta(days=d)
-            if date > end:
-                break
-            succ_list.append([time.mktime(date.timetuple()), data_s.get(date, 0)])
-            fail_list.append([time.mktime(date.timetuple()), data_f.get(date, 0)])
-
+        for element in success_qss.time_series(end_date, start_date, interval=interval):
+            dashboard_data['jobs']['successful'].append([time.mktime(element[0].timetuple()), element[1]])
+        for element in failed_qss.time_series(end_date, start_date, interval=interval):
+            dashboard_data['jobs']['failed'].append([time.mktime(element[0].timetuple()), element[1]])
        return Response(dashboard_data)


@@ -411,8 +441,8 @@ class InstanceHealthCheck(GenericAPIView):
    permission_classes = (IsSystemAdminOrAuditor,)

    def get_queryset(self):
-        return super().get_queryset().filter(node_type='execution')
        # FIXME: For now, we don't have a good way of checking the health of a hop node.
+        return super().get_queryset().exclude(node_type='hop')

    def get(self, request, *args, **kwargs):
        obj = self.get_object()
@@ -432,10 +462,9 @@ class InstanceHealthCheck(GenericAPIView):

            execution_node_health_check.apply_async([obj.hostname])
        else:
-            return Response(
-                {"error": f"Cannot run a health check on instances of type {obj.node_type}.  Health checks can only be run on execution nodes."},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
+            from awx.main.tasks.system import cluster_node_health_check
+
+            cluster_node_health_check.apply_async([obj.hostname], queue=obj.hostname)
        return Response({'msg': f"Health check is running for {obj.hostname}."}, status=status.HTTP_200_OK)


@@ -997,11 +1026,20 @@ class SystemJobEventsList(SubListAPIView):
        return job.get_event_queryset()


-class ProjectUpdateCancel(GenericCancelView):
+class ProjectUpdateCancel(RetrieveAPIView):

    model = models.ProjectUpdate
+    obj_permission_type = 'cancel'
    serializer_class = serializers.ProjectUpdateCancelSerializer

+    def post(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)
+

 class ProjectUpdateNotificationsList(SubListAPIView):

@@ -2240,8 +2278,6 @@ class InventorySourceUpdateView(RetrieveAPIView):

    def post(self, request, *args, **kwargs):
        obj = self.get_object()
-        serializer = self.get_serializer(instance=obj, data=request.data)
-        serializer.is_valid(raise_exception=True)
        if obj.can_update:
            update = obj.update()
            if not update:
@@ -2276,11 +2312,20 @@ class InventoryUpdateCredentialsList(SubListAPIView):
    relationship = 'credentials'


-class InventoryUpdateCancel(GenericCancelView):
+class InventoryUpdateCancel(RetrieveAPIView):

    model = models.InventoryUpdate
+    obj_permission_type = 'cancel'
    serializer_class = serializers.InventoryUpdateCancelSerializer

+    def post(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)
+

 class InventoryUpdateNotificationsList(SubListAPIView):

@@ -3055,7 +3100,8 @@ class WorkflowJobNodeChildrenBaseList(SubListAPIView):
    search_fields = ('unified_job_template__name', 'unified_job_template__description')

    #
-    # Limit the set of WorkflowJobNodes to the related nodes of specified by self.relationship
+    # Limit the set of WorkflowJobeNodes to the related nodes of specified by
+    #'relationship'
    #
    def get_queryset(self):
        parent = self.get_parent_object()
@@ -3357,15 +3403,20 @@ class WorkflowJobWorkflowNodesList(SubListAPIView):
        return super(WorkflowJobWorkflowNodesList, self).get_queryset().order_by('id')


-class WorkflowJobCancel(GenericCancelView):
+class WorkflowJobCancel(RetrieveAPIView):

    model = models.WorkflowJob
+    obj_permission_type = 'cancel'
    serializer_class = serializers.WorkflowJobCancelSerializer

    def post(self, request, *args, **kwargs):
-        r = super().post(request, *args, **kwargs)
-        ScheduleWorkflowManager().schedule()
-        return r
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            ScheduleWorkflowManager().schedule()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)


 class WorkflowJobNotificationsList(SubListAPIView):
@@ -3521,11 +3572,20 @@ class JobActivityStreamList(SubListAPIView):
    search_fields = ('changes',)


-class JobCancel(GenericCancelView):
+class JobCancel(RetrieveAPIView):

    model = models.Job
+    obj_permission_type = 'cancel'
    serializer_class = serializers.JobCancelSerializer

+    def post(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)
+

 class JobRelaunch(RetrieveAPIView):

@@ -3996,11 +4056,20 @@ class AdHocCommandDetail(UnifiedJobDeletionMixin, RetrieveDestroyAPIView):
    serializer_class = serializers.AdHocCommandDetailSerializer


-class AdHocCommandCancel(GenericCancelView):
+class AdHocCommandCancel(RetrieveAPIView):

    model = models.AdHocCommand
+    obj_permission_type = 'cancel'
    serializer_class = serializers.AdHocCommandCancelSerializer

+    def post(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)
+

 class AdHocCommandRelaunch(GenericAPIView):

@@ -4135,11 +4204,20 @@ class SystemJobDetail(UnifiedJobDeletionMixin, RetrieveDestroyAPIView):
    serializer_class = serializers.SystemJobSerializer


-class SystemJobCancel(GenericCancelView):
+class SystemJobCancel(RetrieveAPIView):

    model = models.SystemJob
+    obj_permission_type = 'cancel'
    serializer_class = serializers.SystemJobCancelSerializer

+    def post(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_cancel:
+            obj.cancel()
+            return Response(status=status.HTTP_202_ACCEPTED)
+        else:
+            return self.http_method_not_allowed(request, *args, **kwargs)
+

 class SystemJobNotificationsList(SubListAPIView):

--- a/awx/api/views/instance_install_bundle.py
+++ b/awx/api/views/instance_install_bundle.py
@@ -178,7 +178,7 @@ def generate_receptor_tls(instance_obj):
        .public_key(csr.public_key())
        .serial_number(x509.random_serial_number())
        .not_valid_before(datetime.datetime.utcnow())
-        .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=3650))
+        .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10))
        .add_extension(
            csr.extensions.get_extension_for_class(x509.SubjectAlternativeName).value,
            critical=csr.extensions.get_extension_for_class(x509.SubjectAlternativeName).critical,
--- a/awx/locale/translations/es/django.po
+++ b/awx/locale/translations/es/django.po
--- a/awx/locale/translations/es/messages.po
+++ b/awx/locale/translations/es/messages.po
--- a/awx/locale/translations/fr/django.po
+++ b/awx/locale/translations/fr/django.po
--- a/awx/locale/translations/fr/messages.po
+++ b/awx/locale/translations/fr/messages.po
--- a/awx/locale/translations/ja/django.po
+++ b/awx/locale/translations/ja/django.po
--- a/awx/locale/translations/ja/messages.po
+++ b/awx/locale/translations/ja/messages.po
--- a/awx/locale/translations/ko/django.po
+++ b/awx/locale/translations/ko/django.po
--- a/awx/locale/translations/ko/messages.po
+++ b/awx/locale/translations/ko/messages.po
--- a/awx/locale/translations/nl/django.po
+++ b/awx/locale/translations/nl/django.po
--- a/awx/locale/translations/nl/messages.po
+++ b/awx/locale/translations/nl/messages.po
--- a/awx/locale/translations/zh/django.po
+++ b/awx/locale/translations/zh/django.po
--- a/awx/locale/translations/zh/messages.po
+++ b/awx/locale/translations/zh/messages.po
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -993,6 +993,9 @@ class HostAccess(BaseAccess):
        if data and 'name' in data:
            self.check_license(add_host_name=data['name'])

+            # Check the per-org limit
+            self.check_org_host_limit({'inventory': obj.inventory}, add_host_name=data['name'])
+
        # Checks for admin or change permission on inventory, controls whether
        # the user can edit variable data.
        return obj and self.user in obj.inventory.admin_role
--- a/awx/main/analytics/collectors.py
+++ b/awx/main/analytics/collectors.py
@@ -238,9 +238,7 @@ def instance_info(since, include_hostnames=False, **kwargs):
    info = {}
    # Use same method that the TaskManager does to compute consumed capacity without querying all running jobs for each Instance
    active_tasks = models.UnifiedJob.objects.filter(status__in=['running', 'waiting']).only('task_impact', 'controller_node', 'execution_node')
-    tm_instances = TaskManagerInstances(
-        active_tasks, instance_fields=['uuid', 'version', 'capacity', 'cpu', 'memory', 'managed_by_policy', 'enabled', 'node_type']
-    )
+    tm_instances = TaskManagerInstances(active_tasks, instance_fields=['uuid', 'version', 'capacity', 'cpu', 'memory', 'managed_by_policy', 'enabled'])
    for tm_instance in tm_instances.instances_by_hostname.values():
        instance = tm_instance.obj
        instance_info = {
@@ -253,7 +251,6 @@ def instance_info(since, include_hostnames=False, **kwargs):
            'enabled': instance.enabled,
            'consumed_capacity': tm_instance.consumed_capacity,
            'remaining_capacity': instance.capacity - tm_instance.consumed_capacity,
-            'node_type': instance.node_type,
        }
        if include_hostnames is True:
            instance_info['hostname'] = instance.hostname
--- a/awx/main/analytics/metrics.py
+++ b/awx/main/analytics/metrics.py
@@ -57,7 +57,6 @@ def metrics():
        [
            'hostname',
            'instance_uuid',
-            'node_type',
        ],
        registry=REGISTRY,
    )
@@ -85,7 +84,6 @@ def metrics():
        [
            'hostname',
            'instance_uuid',
-            'node_type',
        ],
        registry=REGISTRY,
    )
@@ -113,7 +111,6 @@ def metrics():
        [
            'hostname',
            'instance_uuid',
-            'node_type',
        ],
        registry=REGISTRY,
    )
@@ -123,7 +120,6 @@ def metrics():
        [
            'hostname',
            'instance_uuid',
-            'node_type',
        ],
        registry=REGISTRY,
    )
@@ -184,13 +180,12 @@ def metrics():
    instance_data = instance_info(None, include_hostnames=True)
    for uuid, info in instance_data.items():
        hostname = info['hostname']
-        node_type = info['node_type']
-        INSTANCE_CAPACITY.labels(hostname=hostname, instance_uuid=uuid, node_type=node_type).set(instance_data[uuid]['capacity'])
+        INSTANCE_CAPACITY.labels(hostname=hostname, instance_uuid=uuid).set(instance_data[uuid]['capacity'])
        INSTANCE_CPU.labels(hostname=hostname, instance_uuid=uuid).set(instance_data[uuid]['cpu'])
        INSTANCE_MEMORY.labels(hostname=hostname, instance_uuid=uuid).set(instance_data[uuid]['memory'])
-        INSTANCE_CONSUMED_CAPACITY.labels(hostname=hostname, instance_uuid=uuid, node_type=node_type).set(instance_data[uuid]['consumed_capacity'])
-        INSTANCE_REMAINING_CAPACITY.labels(hostname=hostname, instance_uuid=uuid, node_type=node_type).set(instance_data[uuid]['remaining_capacity'])
-        INSTANCE_INFO.labels(hostname=hostname, instance_uuid=uuid, node_type=node_type).info(
+        INSTANCE_CONSUMED_CAPACITY.labels(hostname=hostname, instance_uuid=uuid).set(instance_data[uuid]['consumed_capacity'])
+        INSTANCE_REMAINING_CAPACITY.labels(hostname=hostname, instance_uuid=uuid).set(instance_data[uuid]['remaining_capacity'])
+        INSTANCE_INFO.labels(hostname=hostname, instance_uuid=uuid).info(
            {
                'enabled': str(instance_data[uuid]['enabled']),
                'managed_by_policy': str(instance_data[uuid]['managed_by_policy']),
--- a/awx/main/analytics/subsystem_metrics.py
+++ b/awx/main/analytics/subsystem_metrics.py
@@ -5,9 +5,7 @@ import logging

 from django.conf import settings
 from django.apps import apps
-
 from awx.main.consumers import emit_channel_notification
-from awx.main.utils import is_testing

 root_key = 'awx_metrics'
 logger = logging.getLogger('awx.main.analytics')
@@ -165,10 +163,14 @@ class Metrics:
        Instance = apps.get_model('main', 'Instance')
        if instance_name:
            self.instance_name = instance_name
-        elif is_testing():
+        elif settings.IS_TESTING():
            self.instance_name = "awx_testing"
        else:
-            self.instance_name = Instance.objects.my_hostname()
+            try:
+                self.instance_name = Instance.objects.me().hostname
+            except Exception as e:
+                self.instance_name = settings.CLUSTER_HOST_ID
+                logger.info(f'Instance {self.instance_name} seems to be unregistered, error: {e}')

        # metric name, help_text
        METRICSLIST = [
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -1,5 +1,6 @@
 from .plugin import CredentialPlugin, CertFiles, raise_for_status

+import base64
 from urllib.parse import urljoin, quote

 from django.utils.translation import gettext_lazy as _
@@ -60,7 +61,7 @@ def conjur_backend(**kwargs):
    cacert = kwargs.get('cacert', None)

    auth_kwargs = {
-        'headers': {'Content-Type': 'text/plain', 'Accept-Encoding': 'base64'},
+        'headers': {'Content-Type': 'text/plain'},
        'data': api_key,
        'allow_redirects': False,
    }
@@ -68,9 +69,9 @@ def conjur_backend(**kwargs):
    with CertFiles(cacert) as cert:
        # https://www.conjur.org/api.html#authentication-authenticate-post
        auth_kwargs['verify'] = cert
-        resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
+        resp = requests.post(urljoin(url, '/'.join(['authn', account, username, 'authenticate'])), **auth_kwargs)
    raise_for_status(resp)
-    token = resp.content.decode('utf-8')
+    token = base64.b64encode(resp.content).decode('utf-8')

    lookup_kwargs = {
        'headers': {'Authorization': 'Token token="{}"'.format(token)},
@@ -78,10 +79,9 @@ def conjur_backend(**kwargs):
    }

    # https://www.conjur.org/api.html#secrets-retrieve-a-secret-get
-    path = urljoin(url, '/'.join(['api', 'secrets', account, 'variable', secret_path]))
+    path = urljoin(url, '/'.join(['secrets', account, 'variable', secret_path]))
    if version:
-        ver = "version={}".format(version)
-        path = '?'.join([path, ver])
+        path = '?'.join([path, version])

    with CertFiles(cacert) as cert:
        lookup_kwargs['verify'] = cert
@@ -90,4 +90,4 @@ def conjur_backend(**kwargs):
    return resp.text


-conjur_plugin = CredentialPlugin('CyberArk Conjur Secrets Manager Lookup', inputs=conjur_inputs, backend=conjur_backend)
+conjur_plugin = CredentialPlugin('CyberArk Conjur Secret Lookup', inputs=conjur_inputs, backend=conjur_backend)
--- a/awx/main/dispatch/control.py
+++ b/awx/main/dispatch/control.py
@@ -3,7 +3,6 @@ import uuid
 import json

 from django.conf import settings
-from django.db import connection
 import redis

 from awx.main.dispatch import get_local_queuename
@@ -50,10 +49,7 @@ class Control(object):
        reply_queue = Control.generate_reply_queue_name()
        self.result = None

-        if not connection.get_autocommit():
-            raise RuntimeError('Control-with-reply messages can only be done in autocommit mode')
-
-        with pg_bus_conn() as conn:
+        with pg_bus_conn(new_connection=True) as conn:
            conn.listen(reply_queue)
            send_data = {'control': command, 'reply_to': reply_queue}
            if extra_data:
--- a/awx/main/dispatch/pool.py
+++ b/awx/main/dispatch/pool.py
@@ -387,8 +387,6 @@ class AutoscalePool(WorkerPool):
                                reaper.reap_job(j, 'failed')
                        except Exception:
                            logger.exception('failed to reap job UUID {}'.format(w.current_task['uuid']))
-                    else:
-                        logger.warning(f'Worker was told to quit but has not, pid={w.pid}')
                orphaned.extend(w.orphaned_tasks)
                self.workers.remove(w)
            elif w.idle and len(self.workers) > self.min_workers:
@@ -452,6 +450,9 @@ class AutoscalePool(WorkerPool):
        try:
            if isinstance(body, dict) and body.get('bind_kwargs'):
                self.add_bind_kwargs(body)
+            # when the cluster heartbeat occurs, clean up internally
+            if isinstance(body, dict) and 'cluster_node_heartbeat' in body['task']:
+                self.cleanup()
            if self.should_grow:
                self.up()
            # we don't care about "preferred queue" round robin distribution, just
@@ -466,7 +467,7 @@ class AutoscalePool(WorkerPool):
                task_name = 'unknown'
                if isinstance(body, dict):
                    task_name = body.get('task')
-                logger.warning(f'Workers maxed, queuing {task_name}, load: {sum(len(w.managed_tasks) for w in self.workers)} / {len(self.workers)}')
+                logger.warn(f'Workers maxed, queuing {task_name}, load: {sum(len(w.managed_tasks) for w in self.workers)} / {len(self.workers)}')
                return super(AutoscalePool, self).write(preferred_queue, body)
        except Exception:
            for conn in connections.all():
--- a/awx/main/dispatch/publish.py
+++ b/awx/main/dispatch/publish.py
@@ -1,13 +1,14 @@
 import inspect
 import logging
+import sys
 import json
 import time
 from uuid import uuid4

+from django.conf import settings
 from django_guid import get_guid

 from . import pg_bus_conn
-from awx.main.utils import is_testing

 logger = logging.getLogger('awx.main.dispatch')

@@ -92,7 +93,7 @@ class task:
                obj.update(**kw)
                if callable(queue):
                    queue = queue()
-                if not is_testing():
+                if not settings.IS_TESTING(sys.argv):
                    with pg_bus_conn() as conn:
                        conn.notify(queue, json.dumps(obj))
                return (obj, queue)
--- a/awx/main/dispatch/reaper.py
+++ b/awx/main/dispatch/reaper.py
@@ -16,7 +16,12 @@ def startup_reaping():
    If this particular instance is starting, then we know that any running jobs are invalid
    so we will reap those jobs as a special action here
    """
-    jobs = UnifiedJob.objects.filter(status='running', controller_node=Instance.objects.my_hostname())
+    try:
+        me = Instance.objects.me()
+    except RuntimeError as e:
+        logger.warning(f'Local instance is not registered, not running startup reaper: {e}')
+        return
+    jobs = UnifiedJob.objects.filter(status='running', controller_node=me.hostname)
    job_ids = []
    for j in jobs:
        job_ids.append(j.id)
@@ -57,13 +62,16 @@ def reap_waiting(instance=None, status='failed', job_explanation=None, grace_per
    if grace_period is None:
        grace_period = settings.JOB_WAITING_GRACE_PERIOD + settings.TASK_MANAGER_TIMEOUT

-    if instance is None:
-        hostname = Instance.objects.my_hostname()
-    else:
-        hostname = instance.hostname
+    me = instance
+    if me is None:
+        try:
+            me = Instance.objects.me()
+        except RuntimeError as e:
+            logger.warning(f'Local instance is not registered, not running reaper: {e}')
+            return
    if ref_time is None:
        ref_time = tz_now()
-    jobs = UnifiedJob.objects.filter(status='waiting', modified__lte=ref_time - timedelta(seconds=grace_period), controller_node=hostname)
+    jobs = UnifiedJob.objects.filter(status='waiting', modified__lte=ref_time - timedelta(seconds=grace_period), controller_node=me.hostname)
    if excluded_uuids:
        jobs = jobs.exclude(celery_task_id__in=excluded_uuids)
    for j in jobs:
@@ -74,13 +82,16 @@ def reap(instance=None, status='failed', job_explanation=None, excluded_uuids=No
    """
    Reap all jobs in running for this instance.
    """
-    if instance is None:
-        hostname = Instance.objects.my_hostname()
-    else:
-        hostname = instance.hostname
+    me = instance
+    if me is None:
+        try:
+            me = Instance.objects.me()
+        except RuntimeError as e:
+            logger.warning(f'Local instance is not registered, not running reaper: {e}')
+            return
    workflow_ctype_id = ContentType.objects.get_for_model(WorkflowJob).id
    jobs = UnifiedJob.objects.filter(
-        Q(status='running') & (Q(execution_node=hostname) | Q(controller_node=hostname)) & ~Q(polymorphic_ctype_id=workflow_ctype_id)
+        Q(status='running') & (Q(execution_node=me.hostname) | Q(controller_node=me.hostname)) & ~Q(polymorphic_ctype_id=workflow_ctype_id)
    )
    if excluded_uuids:
        jobs = jobs.exclude(celery_task_id__in=excluded_uuids)
--- a/awx/main/dispatch/worker/base.py
+++ b/awx/main/dispatch/worker/base.py
@@ -114,6 +114,7 @@ class AWXConsumerBase(object):
            queue = 0
        self.pool.write(queue, body)
        self.total_messages += 1
+        self.record_statistics()

    @log_excess_runtime(logger)
    def record_statistics(self):
@@ -155,16 +156,6 @@ class AWXConsumerPG(AWXConsumerBase):
        # if no successful loops have ran since startup, then we should fail right away
        self.pg_is_down = True  # set so that we fail if we get database errors on startup
        self.pg_down_time = time.time() - self.pg_max_wait  # allow no grace period
-        self.last_cleanup = time.time()
-
-    def run_periodic_tasks(self):
-        self.record_statistics()  # maintains time buffer in method
-
-        if time.time() - self.last_cleanup > 60:  # same as cluster_node_heartbeat
-            # NOTE: if we run out of database connections, it is important to still run cleanup
-            # so that we scale down workers and free up connections
-            self.pool.cleanup()
-            self.last_cleanup = time.time()

    def run(self, *args, **kwargs):
        super(AWXConsumerPG, self).run(*args, **kwargs)
@@ -180,10 +171,8 @@ class AWXConsumerPG(AWXConsumerBase):
                    if init is False:
                        self.worker.on_start()
                        init = True
-                    for e in conn.events(yield_timeouts=True):
-                        if e is not None:
-                            self.process_task(json.loads(e.payload))
-                        self.run_periodic_tasks()
+                    for e in conn.events():
+                        self.process_task(json.loads(e.payload))
                        self.pg_is_down = False
                    if self.should_stop:
                        return
@@ -240,8 +229,6 @@ class BaseWorker(object):
                    # so we can establish a new connection
                    conn.close_if_unusable_or_obsolete()
                self.perform_work(body, *args)
-            except Exception:
-                logger.exception(f'Unhandled exception in perform_work in worker pid={os.getpid()}')
            finally:
                if 'uuid' in body:
                    uuid = body['uuid']
--- a/awx/main/management/commands/bottleneck.py
+++ b/awx/main/management/commands/bottleneck.py
@@ -25,7 +25,7 @@ class Command(BaseCommand):
        with connection.cursor() as cursor:
            cursor.execute(
                f'''
-                SELECT
+                SELECT 
                    b.id, b.job_id, b.host_name, b.created - a.created delta,
                    b.task task,
                    b.event_data::json->'task_action' task_action,
--- a/awx/main/management/commands/run_wsbroadcast.py
+++ b/awx/main/management/commands/run_wsbroadcast.py
@@ -53,7 +53,7 @@ class Command(BaseCommand):
        return lines

    @classmethod
-    def get_connection_status(cls, hostnames, data):
+    def get_connection_status(cls, me, hostnames, data):
        host_stats = [('hostname', 'state', 'start time', 'duration (sec)')]
        for h in hostnames:
            connection_color = '91'  # red
@@ -78,7 +78,7 @@ class Command(BaseCommand):
        return host_stats

    @classmethod
-    def get_connection_stats(cls, hostnames, data):
+    def get_connection_stats(cls, me, hostnames, data):
        host_stats = [('hostname', 'total', 'per minute')]
        for h in hostnames:
            h_safe = safe_name(h)
@@ -119,8 +119,8 @@ class Command(BaseCommand):
            return

        try:
-            my_hostname = Instance.objects.my_hostname()
-            logger.info('Active instance with hostname {} is registered.'.format(my_hostname))
+            me = Instance.objects.me()
+            logger.info('Active instance with hostname {} is registered.'.format(me.hostname))
        except RuntimeError as e:
            # the CLUSTER_HOST_ID in the task, and web instance must match and
            # ensure network connectivity between the task and web instance
@@ -145,19 +145,19 @@ class Command(BaseCommand):
                else:
                    data[family.name] = family.samples[0].value

-            my_hostname = Instance.objects.my_hostname()
-            hostnames = [i.hostname for i in Instance.objects.exclude(hostname=my_hostname)]
+            me = Instance.objects.me()
+            hostnames = [i.hostname for i in Instance.objects.exclude(hostname=me.hostname)]

-            host_stats = Command.get_connection_status(hostnames, data)
+            host_stats = Command.get_connection_status(me, hostnames, data)
            lines = Command._format_lines(host_stats)

-            print(f'Broadcast websocket connection status from "{my_hostname}" to:')
+            print(f'Broadcast websocket connection status from "{me.hostname}" to:')
            print('\n'.join(lines))

-            host_stats = Command.get_connection_stats(hostnames, data)
+            host_stats = Command.get_connection_stats(me, hostnames, data)
            lines = Command._format_lines(host_stats)

-            print(f'\nBroadcast websocket connection stats from "{my_hostname}" to:')
+            print(f'\nBroadcast websocket connection stats from "{me.hostname}" to:')
            print('\n'.join(lines))

            return
--- a/awx/main/managers.py
+++ b/awx/main/managers.py
@@ -99,12 +99,9 @@ class InstanceManager(models.Manager):
    instance or role.
    """

-    def my_hostname(self):
-        return settings.CLUSTER_HOST_ID
-
    def me(self):
        """Return the currently active instance."""
-        node = self.filter(hostname=self.my_hostname())
+        node = self.filter(hostname=settings.CLUSTER_HOST_ID)
        if node.exists():
            return node[0]
        raise RuntimeError("No instance found with the current cluster host id")
--- a/awx/main/migrations/_create_system_jobs.py
+++ b/awx/main/migrations/_create_system_jobs.py
@@ -4,7 +4,7 @@ from django.utils.timezone import now

 logger = logging.getLogger('awx.main.migrations')

-__all__ = ['create_clearsessions_jt', 'create_cleartokens_jt']
+__all__ = ['create_collection_jt', 'create_clearsessions_jt', 'create_cleartokens_jt']

 '''
 These methods are called by migrations to create various system job templates
--- a/awx/main/migrations/_galaxy.py
+++ b/awx/main/migrations/_galaxy.py
@@ -44,7 +44,7 @@ def migrate_galaxy_settings(apps, schema_editor):
            credential_type=galaxy_type,
            inputs={'url': 'https://galaxy.ansible.com/'},
        )
-    except Exception:
+    except:
        # Needed for new migrations, tests
        public_galaxy_credential = Credential(
            created=now(), modified=now(), name='Ansible Galaxy', managed=True, credential_type=galaxy_type, inputs={'url': 'https://galaxy.ansible.com/'}
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -282,7 +282,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
                        return field['default']
                if 'default' in kwargs:
                    return kwargs['default']
-                raise AttributeError(field_name)
+                raise AttributeError
        if field_name in self.inputs:
            return self.inputs[field_name]
        if 'default' in kwargs:
--- a/awx/main/models/ha.py
+++ b/awx/main/models/ha.py
@@ -233,12 +233,11 @@ class Instance(HasPolicyEditsMixin, BaseModel):
        if not isinstance(vargs.get('grace_period'), int):
            vargs['grace_period'] = 60  # grace period of 60 minutes, need to set because CLI default will not take effect
        if 'exclude_strings' not in vargs and vargs.get('file_pattern'):
-            active_job_qs = UnifiedJob.objects.filter(status__in=('running', 'waiting'))
-            if self.node_type == 'execution':
-                active_job_qs = active_job_qs.filter(execution_node=self.hostname)
-            else:
-                active_job_qs = active_job_qs.filter(controller_node=self.hostname)
-            active_pks = list(active_job_qs.values_list('pk', flat=True))
+            active_pks = list(
+                UnifiedJob.objects.filter(
+                    (models.Q(execution_node=self.hostname) | models.Q(controller_node=self.hostname)) & models.Q(status__in=('running', 'waiting'))
+                ).values_list('pk', flat=True)
+            )
            if active_pks:
                vargs['exclude_strings'] = [JOB_FOLDER_PREFIX % job_id for job_id in active_pks]
        if 'remove_images' in vargs or 'image_prune' in vargs:
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -247,19 +247,6 @@ class Inventory(CommonModelNameNotUnique, ResourceMixin, RelatedJobsMixin):
        return (number, step)

    def get_sliced_hosts(self, host_queryset, slice_number, slice_count):
-        """
-        Returns a slice of Hosts given a slice number and total slice count, or
-        the original queryset if slicing is not requested.
-
-        NOTE: If slicing is performed, this will return a List[Host] with the
-        resulting slice. If slicing is not performed it will return the
-        original queryset (not evaluating it or forcing it to a list). This
-        puts the burden on the caller to check the resulting type. This is
-        non-ideal because it's easy to get wrong, but I think the only way
-        around it is to force the queryset which has memory implications for
-        large inventories.
-        """
-
        if slice_count > 1 and slice_number > 0:
            offset = slice_number - 1
            host_queryset = host_queryset[offset::slice_count]
@@ -567,6 +554,17 @@ class Host(CommonModelNameNotUnique, RelatedJobsMixin):
    # Use .job_host_summaries.all() to get jobs affecting this host.
    # Use .job_events.all() to get events affecting this host.

+    '''
+    We don't use timestamp, but we may in the future.
+    '''
+
+    def update_ansible_facts(self, module, facts, timestamp=None):
+        if module == "ansible":
+            self.ansible_facts.update(facts)
+        else:
+            self.ansible_facts[module] = facts
+        self.save()
+
    def get_effective_host_name(self):
        """
        Return the name of the host that will be used in actual ansible
--- a/awx/main/models/jobs.py
+++ b/awx/main/models/jobs.py
@@ -15,7 +15,6 @@ from urllib.parse import urljoin
 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db import models
-from django.db.models.query import QuerySet

 # from django.core.cache import cache
 from django.utils.encoding import smart_str
@@ -44,7 +43,7 @@ from awx.main.models.notifications import (
    NotificationTemplate,
    JobNotificationMixin,
 )
-from awx.main.utils import parse_yaml_or_json, getattr_dne, NullablePromptPseudoField, polymorphic, log_excess_runtime
+from awx.main.utils import parse_yaml_or_json, getattr_dne, NullablePromptPseudoField, polymorphic
 from awx.main.fields import ImplicitRoleField, AskForField, JSONBlob, OrderedManyToManyField
 from awx.main.models.mixins import (
    ResourceMixin,
@@ -845,35 +844,22 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin, TaskMana
    def get_notification_friendly_name(self):
        return "Job"

-    def _get_inventory_hosts(self, only=('name', 'ansible_facts', 'ansible_facts_modified', 'modified', 'inventory_id'), **filters):
-        """Return value is an iterable for the relevant hosts for this job"""
+    def _get_inventory_hosts(self, only=['name', 'ansible_facts', 'ansible_facts_modified', 'modified', 'inventory_id']):
        if not self.inventory:
            return []
        host_queryset = self.inventory.hosts.only(*only)
-        if filters:
-            host_queryset = host_queryset.filter(**filters)
-        host_queryset = self.inventory.get_sliced_hosts(host_queryset, self.job_slice_number, self.job_slice_count)
-        if isinstance(host_queryset, QuerySet):
-            return host_queryset.iterator()
-        return host_queryset
+        return self.inventory.get_sliced_hosts(host_queryset, self.job_slice_number, self.job_slice_count)

-    @log_excess_runtime(logger, debug_cutoff=0.01, msg='Job {job_id} host facts prepared for {written_ct} hosts, took {delta:.3f} s', add_log_data=True)
-    def start_job_fact_cache(self, destination, log_data, timeout=None):
+    def start_job_fact_cache(self, destination, modification_times, timeout=None):
        self.log_lifecycle("start_job_fact_cache")
-        log_data['job_id'] = self.id
-        log_data['written_ct'] = 0
        os.makedirs(destination, mode=0o700)
-
+        hosts = self._get_inventory_hosts()
        if timeout is None:
            timeout = settings.ANSIBLE_FACT_CACHE_TIMEOUT
        if timeout > 0:
            # exclude hosts with fact data older than `settings.ANSIBLE_FACT_CACHE_TIMEOUT seconds`
            timeout = now() - datetime.timedelta(seconds=timeout)
-            hosts = self._get_inventory_hosts(ansible_facts_modified__gte=timeout)
-        else:
-            hosts = self._get_inventory_hosts()
-
-        last_filepath_written = None
+            hosts = hosts.filter(ansible_facts_modified__gte=timeout)
        for host in hosts:
            filepath = os.sep.join(map(str, [destination, host.name]))
            if not os.path.realpath(filepath).startswith(destination):
@@ -883,38 +869,23 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin, TaskMana
                with codecs.open(filepath, 'w', encoding='utf-8') as f:
                    os.chmod(f.name, 0o600)
                    json.dump(host.ansible_facts, f)
-                    log_data['written_ct'] += 1
-                    last_filepath_written = filepath
            except IOError:
                system_tracking_logger.error('facts for host {} could not be cached'.format(smart_str(host.name)))
                continue
-        # make note of the time we wrote the last file so we can check if any file changed later
-        if last_filepath_written:
-            return os.path.getmtime(last_filepath_written)
-        return None
+            # make note of the time we wrote the file so we can check if it changed later
+            modification_times[filepath] = os.path.getmtime(filepath)

-    @log_excess_runtime(
-        logger,
-        debug_cutoff=0.01,
-        msg='Job {job_id} host facts: updated {updated_ct}, cleared {cleared_ct}, unchanged {unmodified_ct}, took {delta:.3f} s',
-        add_log_data=True,
-    )
-    def finish_job_fact_cache(self, destination, facts_write_time, log_data):
+    def finish_job_fact_cache(self, destination, modification_times):
        self.log_lifecycle("finish_job_fact_cache")
-        log_data['job_id'] = self.id
-        log_data['updated_ct'] = 0
-        log_data['unmodified_ct'] = 0
-        log_data['cleared_ct'] = 0
-        hosts_to_update = []
        for host in self._get_inventory_hosts():
            filepath = os.sep.join(map(str, [destination, host.name]))
            if not os.path.realpath(filepath).startswith(destination):
                system_tracking_logger.error('facts for host {} could not be cached'.format(smart_str(host.name)))
                continue
            if os.path.exists(filepath):
-                # If the file changed since we wrote the last facts file, pre-playbook run...
+                # If the file changed since we wrote it pre-playbook run...
                modified = os.path.getmtime(filepath)
-                if (not facts_write_time) or modified > facts_write_time:
+                if modified > modification_times.get(filepath, 0):
                    with codecs.open(filepath, 'r', encoding='utf-8') as f:
                        try:
                            ansible_facts = json.load(f)
@@ -922,7 +893,7 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin, TaskMana
                            continue
                        host.ansible_facts = ansible_facts
                        host.ansible_facts_modified = now()
-                        hosts_to_update.append(host)
+                        host.save(update_fields=['ansible_facts', 'ansible_facts_modified'])
                        system_tracking_logger.info(
                            'New fact for inventory {} host {}'.format(smart_str(host.inventory.name), smart_str(host.name)),
                            extra=dict(
@@ -933,21 +904,12 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin, TaskMana
                                job_id=self.id,
                            ),
                        )
-                        log_data['updated_ct'] += 1
-                else:
-                    log_data['unmodified_ct'] += 1
            else:
                # if the file goes missing, ansible removed it (likely via clear_facts)
                host.ansible_facts = {}
                host.ansible_facts_modified = now()
-                hosts_to_update.append(host)
                system_tracking_logger.info('Facts cleared for inventory {} host {}'.format(smart_str(host.inventory.name), smart_str(host.name)))
-                log_data['cleared_ct'] += 1
-            if len(hosts_to_update) > 100:
-                self.inventory.hosts.bulk_update(hosts_to_update, ['ansible_facts', 'ansible_facts_modified'])
-                hosts_to_update = []
-        if hosts_to_update:
-            self.inventory.hosts.bulk_update(hosts_to_update, ['ansible_facts', 'ansible_facts_modified'])
+                host.save()


 class LaunchTimeConfigBase(BaseModel):
--- a/awx/main/models/projects.py
+++ b/awx/main/models/projects.py
@@ -471,29 +471,6 @@ class Project(UnifiedJobTemplate, ProjectOptions, ResourceMixin, CustomVirtualEn
    def get_absolute_url(self, request=None):
        return reverse('api:project_detail', kwargs={'pk': self.pk}, request=request)

-    def get_reason_if_failed(self):
-        """
-        If the project is in a failed or errored state, return a human-readable
-        error message explaining why. Otherwise return None.
-
-        This is used during validation in the serializer and also by
-        RunProjectUpdate/RunInventoryUpdate.
-        """
-
-        if self.status not in ('error', 'failed'):
-            return None
-
-        latest_update = self.project_updates.last()
-        if latest_update is not None and latest_update.failed:
-            failed_validation_tasks = latest_update.project_update_events.filter(
-                event='runner_on_failed',
-                play="Perform project signature/checksum verification",
-            )
-            if failed_validation_tasks:
-                return _("Last project update failed due to signature validation failure.")
-
-        return _("Missing a revision to run due to failed project update.")
-
    '''
    RelatedJobsMixin
    '''
--- a/awx/main/models/schedules.py
+++ b/awx/main/models/schedules.py
@@ -153,7 +153,7 @@ class Schedule(PrimordialModel, LaunchTimeConfig):
        #

        # Find the DTSTART rule or raise an error, its usually the first rule but that is not strictly enforced
-        start_date_rule = re.sub(r'^.*(DTSTART[^\s]+)\s.*$', r'\1', rrule)
+        start_date_rule = re.sub('^.*(DTSTART[^\s]+)\s.*$', r'\1', rrule)
        if not start_date_rule:
            raise ValueError('A DTSTART field needs to be in the rrule')

--- a/awx/main/models/unified_jobs.py
+++ b/awx/main/models/unified_jobs.py
@@ -1305,8 +1305,6 @@ class UnifiedJob(
                    status_data['instance_group_name'] = None
            elif status in ['successful', 'failed', 'canceled'] and self.finished:
                status_data['finished'] = datetime.datetime.strftime(self.finished, "%Y-%m-%dT%H:%M:%S.%fZ")
-            elif status == 'running':
-                status_data['started'] = datetime.datetime.strftime(self.finished, "%Y-%m-%dT%H:%M:%S.%fZ")
            status_data.update(self.websocket_emit_data())
            status_data['group_name'] = 'jobs'
            if getattr(self, 'unified_job_template_id', None):
@@ -1467,23 +1465,23 @@ class UnifiedJob(
                    self.job_explanation = job_explanation
                    cancel_fields.append('job_explanation')

-                # Important to save here before sending cancel signal to dispatcher to cancel because
-                # the job control process will use the cancel_flag to distinguish a shutdown from a cancel
-                self.save(update_fields=cancel_fields)
-
            controller_notified = False
            if self.celery_task_id:
                controller_notified = self.cancel_dispatcher_process()

+            else:
+                # Avoid race condition where we have stale model from pending state but job has already started,
+                # its checking signal but not cancel_flag, so re-send signal after this database commit
+                connection.on_commit(self.fallback_cancel)
+
            # If a SIGTERM signal was sent to the control process, and acked by the dispatcher
            # then we want to let its own cleanup change status, otherwise change status now
            if not controller_notified:
                if self.status != 'canceled':
                    self.status = 'canceled'
-                    self.save(update_fields=['status'])
-                # Avoid race condition where we have stale model from pending state but job has already started,
-                # its checking signal but not cancel_flag, so re-send signal after updating cancel fields
-                self.fallback_cancel()
+                    cancel_fields.append('status')
+
+            self.save(update_fields=cancel_fields)

        return self.cancel_flag

--- a/awx/main/notifications/webhook_backend.py
+++ b/awx/main/notifications/webhook_backend.py
@@ -5,6 +5,9 @@ import json
 import logging
 import requests

+from django.utils.encoding import smart_str
+from django.utils.translation import gettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
 from awx.main.utils import get_awx_http_client_headers
 from awx.main.notifications.custom_notification_base import CustomNotificationBase
@@ -14,8 +17,6 @@ logger = logging.getLogger('awx.main.notifications.webhook_backend')

 class WebhookBackend(AWXBaseEmailBackend, CustomNotificationBase):

-    MAX_RETRIES = 5
-
    init_parameters = {
        "url": {"label": "Target URL", "type": "string"},
        "http_method": {"label": "HTTP Method", "type": "string", "default": "POST"},
@@ -63,67 +64,20 @@ class WebhookBackend(AWXBaseEmailBackend, CustomNotificationBase):
        if self.http_method.lower() not in ['put', 'post']:
            raise ValueError("HTTP method must be either 'POST' or 'PUT'.")
        chosen_method = getattr(requests, self.http_method.lower(), None)
-
        for m in messages:
-
            auth = None
            if self.username or self.password:
                auth = (self.username, self.password)
-
-            # the constructor for EmailMessage - https://docs.djangoproject.com/en/4.1/_modules/django/core/mail/message will turn an empty dictionary to an empty string
-            # sometimes an empty dict is intentional and we added this conditional to enforce that
-            if not m.body:
-                m.body = {}
-
-            url = str(m.recipients()[0])
-            data = json.dumps(m.body, ensure_ascii=False).encode('utf-8')
-            headers = {**(get_awx_http_client_headers()), **(self.headers or {})}
-
-            err = None
-
-            for retries in range(self.MAX_RETRIES):
-
-                # Sometimes we hit redirect URLs. We must account for this. We still extract the redirect URL from the response headers and try again. Max retires == 5
-                resp = chosen_method(
-                    url=url,
-                    auth=auth,
-                    data=data,
-                    headers=headers,
-                    verify=(not self.disable_ssl_verification),
-                    allow_redirects=False,  # override default behaviour for redirects
-                )
-
-                # either success or error reached if this conditional fires
-                if resp.status_code not in [301, 307]:
-                    break
-
-                # we've hit a redirect. extract the redirect URL out of the first response header and try again
-                logger.warning(
-                    f"Received a {resp.status_code} from {url}, trying to reach redirect url {resp.headers.get('Location', None)}; attempt #{retries+1}"
-                )
-
-                # take the first redirect URL in the response header and try that
-                url = resp.headers.get("Location", None)
-
-                if url is None:
-                    err = f"Webhook notification received redirect to a blank URL from {url}. Response headers={resp.headers}"
-                    break
-            else:
-                # no break condition in the loop encountered; therefore we have hit the maximum number of retries
-                err = f"Webhook notification max number of retries [{self.MAX_RETRIES}] exceeded. Failed to send webhook notification to {url}"
-
-            if resp.status_code >= 400:
-                err = f"Error sending webhook notification: {resp.status_code}"
-
-            # log error message
-            if err:
-                logger.error(err)
+            r = chosen_method(
+                "{}".format(m.recipients()[0]),
+                auth=auth,
+                data=json.dumps(m.body, ensure_ascii=False).encode('utf-8'),
+                headers=dict(list(get_awx_http_client_headers().items()) + list((self.headers or {}).items())),
+                verify=(not self.disable_ssl_verification),
+            )
+            if r.status_code >= 400:
+                logger.error(smart_str(_("Error sending notification webhook: {}").format(r.status_code)))
                if not self.fail_silently:
-                    raise Exception(err)
-
-            # no errors were encountered therefore we successfully sent off the notification webhook
-            if resp.status_code in range(200, 299):
-                logger.debug(f"Notification webhook successfully sent to {url}. Received {resp.status_code}")
-                sent_messages += 1
-
+                    raise Exception(smart_str(_("Error sending notification webhook: {}").format(r.status_code)))
+            sent_messages += 1
        return sent_messages
--- a/awx/main/registrar.py
+++ b/awx/main/registrar.py
@@ -3,8 +3,6 @@

 from django.db.models.signals import pre_save, post_save, pre_delete, m2m_changed

-from taggit.managers import TaggableManager
-

 class ActivityStreamRegistrar(object):
    def __init__(self):
@@ -21,8 +19,6 @@ class ActivityStreamRegistrar(object):
            pre_delete.connect(activity_stream_delete, sender=model, dispatch_uid=str(self.__class__) + str(model) + "_delete")

            for m2mfield in model._meta.many_to_many:
-                if isinstance(m2mfield, TaggableManager):
-                    continue  # Special case for taggit app
                try:
                    m2m_attr = getattr(model, m2mfield.name)
                    m2m_changed.connect(
--- a/awx/main/scheduler/task_manager.py
+++ b/awx/main/scheduler/task_manager.py
@@ -39,7 +39,7 @@ from awx.main.utils import (
    ScheduleTaskManager,
    ScheduleWorkflowManager,
 )
-from awx.main.utils.common import task_manager_bulk_reschedule, is_testing
+from awx.main.utils.common import task_manager_bulk_reschedule
 from awx.main.signals import disable_activity_stream
 from awx.main.constants import ACTIVE_STATES
 from awx.main.scheduler.dependency_graph import DependencyGraph
@@ -97,7 +97,7 @@ class TaskBase:
        self.all_tasks = [t for t in qs]

    def record_aggregate_metrics(self, *args):
-        if not is_testing():
+        if not settings.IS_TESTING():
            # increment task_manager_schedule_calls regardless if the other
            # metrics are recorded
            s_metrics.Metrics(auto_pipe_execute=True).inc(f"{self.prefix}__schedule_calls", 1)
--- a/awx/main/tasks/callback.py
+++ b/awx/main/tasks/callback.py
@@ -2,6 +2,8 @@ import json
 import time
 import logging
 from collections import deque
+import os
+import stat

 # Django
 from django.conf import settings
@@ -204,6 +206,21 @@ class RunnerCallback:
                self.instance = self.update_model(self.instance.pk, job_args=json.dumps(runner_config.command), job_cwd=runner_config.cwd, job_env=job_env)
            # We opened a connection just for that save, close it here now
            connections.close_all()
+        elif status_data['status'] == 'failed':
+            # For encrypted ssh_key_data, ansible-runner worker will open and write the
+            # ssh_key_data to a named pipe. Then, once the podman container starts, ssh-agent will
+            # read from this named pipe so that the key can be used in ansible-playbook.
+            # Once the podman container exits, the named pipe is deleted.
+            # However, if the podman container fails to start in the first place, e.g. the image
+            # name is incorrect, then this pipe is not cleaned up. Eventually ansible-runner
+            # processor will attempt to write artifacts to the private data dir via unstream_dir, requiring
+            # that it open this named pipe. This leads to a hang. Thus, before any artifacts
+            # are written by the processor, it's important to remove this ssh_key_data pipe.
+            private_data_dir = self.instance.job_env.get('AWX_PRIVATE_DATA_DIR', None)
+            if private_data_dir:
+                key_data_file = os.path.join(private_data_dir, 'artifacts', str(self.instance.id), 'ssh_key_data')
+                if os.path.exists(key_data_file) and stat.S_ISFIFO(os.stat(key_data_file).st_mode):
+                    os.remove(key_data_file)
        elif status_data['status'] == 'error':
            result_traceback = status_data.get('result_traceback', None)
            if result_traceback:
--- a/awx/main/tasks/jobs.py
+++ b/awx/main/tasks/jobs.py
@@ -426,7 +426,7 @@ class BaseTask(object):
        """
        instance.log_lifecycle("post_run")

-    def final_run_hook(self, instance, status, private_data_dir):
+    def final_run_hook(self, instance, status, private_data_dir, fact_modification_times):
        """
        Hook for any steps to run after job/task is marked as complete.
        """
@@ -469,6 +469,7 @@ class BaseTask(object):
        self.instance = self.update_model(pk, status='running', start_args='')  # blank field to remove encrypted passwords
        self.instance.websocket_emit_status("running")
        status, rc = 'error', None
+        fact_modification_times = {}
        self.runner_callback.event_ct = 0

        '''
@@ -497,6 +498,14 @@ class BaseTask(object):
            if not os.path.exists(settings.AWX_ISOLATION_BASE_PATH):
                raise RuntimeError('AWX_ISOLATION_BASE_PATH=%s does not exist' % settings.AWX_ISOLATION_BASE_PATH)

+            # Fetch "cached" fact data from prior runs and put on the disk
+            # where ansible expects to find it
+            if getattr(self.instance, 'use_fact_cache', False):
+                self.instance.start_job_fact_cache(
+                    os.path.join(private_data_dir, 'artifacts', str(self.instance.id), 'fact_cache'),
+                    fact_modification_times,
+                )
+
            # May have to serialize the value
            private_data_files, ssh_key_data = self.build_private_data_files(self.instance, private_data_dir)
            passwords = self.build_passwords(self.instance, kwargs)
@@ -637,7 +646,7 @@ class BaseTask(object):
            self.instance.send_notification_templates('succeeded' if status == 'successful' else 'failed')

        try:
-            self.final_run_hook(self.instance, status, private_data_dir)
+            self.final_run_hook(self.instance, status, private_data_dir, fact_modification_times)
        except Exception:
            logger.exception('{} Final run hook errored.'.format(self.instance.log_format))

@@ -691,7 +700,7 @@ class SourceControlMixin(BaseTask):

    def spawn_project_sync(self, project, sync_needs, scm_branch=None):
        pu_ig = self.instance.instance_group
-        pu_en = Instance.objects.my_hostname()
+        pu_en = Instance.objects.me().hostname

        sync_metafields = dict(
            launch_type="sync",
@@ -758,10 +767,6 @@ class SourceControlMixin(BaseTask):

        try:
            original_branch = None
-            failed_reason = project.get_reason_if_failed()
-            if failed_reason:
-                self.update_model(self.instance.pk, status='failed', job_explanation=failed_reason)
-                raise RuntimeError(failed_reason)
            project_path = project.get_project_path(check_if_exists=False)
            if project.scm_type == 'git' and (scm_branch and scm_branch != project.scm_branch):
                if os.path.exists(project_path):
@@ -1051,25 +1056,22 @@ class RunJob(SourceControlMixin, BaseTask):
            error = _('Job could not start because no Execution Environment could be found.')
            self.update_model(job.pk, status='error', job_explanation=error)
            raise RuntimeError(error)
+        elif job.project.status in ('error', 'failed'):
+            msg = _('The project revision for this job template is unknown due to a failed update.')
+            job = self.update_model(job.pk, status='failed', job_explanation=msg)
+            raise RuntimeError(msg)

        if job.inventory.kind == 'smart':
            # cache smart inventory memberships so that the host_filter query is not
            # ran inside of the event saving code
            update_smart_memberships_for_inventory(job.inventory)

-        # Fetch "cached" fact data from prior runs and put on the disk
-        # where ansible expects to find it
-        if job.use_fact_cache:
-            self.facts_write_time = self.instance.start_job_fact_cache(os.path.join(private_data_dir, 'artifacts', str(job.id), 'fact_cache'))
-
    def build_project_dir(self, job, private_data_dir):
        self.sync_and_copy(job.project, private_data_dir, scm_branch=job.scm_branch)

-    def post_run_hook(self, job, status):
-        super(RunJob, self).post_run_hook(job, status)
-        job.refresh_from_db(fields=['job_env'])
-        private_data_dir = job.job_env.get('AWX_PRIVATE_DATA_DIR')
-        if (not private_data_dir) or (not hasattr(self, 'facts_write_time')):
+    def final_run_hook(self, job, status, private_data_dir, fact_modification_times):
+        super(RunJob, self).final_run_hook(job, status, private_data_dir, fact_modification_times)
+        if not private_data_dir:
            # If there's no private data dir, that means we didn't get into the
            # actual `run()` call; this _usually_ means something failed in
            # the pre_run_hook method
@@ -1077,11 +1079,9 @@ class RunJob(SourceControlMixin, BaseTask):
        if job.use_fact_cache:
            job.finish_job_fact_cache(
                os.path.join(private_data_dir, 'artifacts', str(job.id), 'fact_cache'),
-                self.facts_write_time,
+                fact_modification_times,
            )

-    def final_run_hook(self, job, status, private_data_dir):
-        super(RunJob, self).final_run_hook(job, status, private_data_dir)
        try:
            inventory = job.inventory
        except Inventory.DoesNotExist:
--- a/awx/main/tasks/receptor.py
+++ b/awx/main/tasks/receptor.py
@@ -208,10 +208,7 @@ def run_until_complete(node, timing_data=None, **kwargs):
    if state_name.lower() == 'failed':
        work_detail = status.get('Detail', '')
        if work_detail:
-            if stdout:
-                raise RemoteJobError(f'Receptor error from {node}, detail:\n{work_detail}\nstdout:\n{stdout}')
-            else:
-                raise RemoteJobError(f'Receptor error from {node}, detail:\n{work_detail}')
+            raise RemoteJobError(f'Receptor error from {node}, detail:\n{work_detail}')
        else:
            raise RemoteJobError(f'Unknown ansible-runner error on node {node}, stdout:\n{stdout}')

--- a/awx/main/tests/functional/api/test_instance.py
+++ b/awx/main/tests/functional/api/test_instance.py
@@ -4,10 +4,8 @@ from awx.api.versioning import reverse
 from awx.main.models.activity_stream import ActivityStream
 from awx.main.models.ha import Instance

-from django.test.utils import override_settings

-
-INSTANCE_KWARGS = dict(hostname='example-host', cpu=6, node_type='execution', memory=36000000000, cpu_capacity=6, mem_capacity=42)
+INSTANCE_KWARGS = dict(hostname='example-host', cpu=6, memory=36000000000, cpu_capacity=6, mem_capacity=42)


@pytest.mark.django_db
@@ -56,33 +54,3 @@ def test_health_check_usage(get, post, admin_user):
    get(url=url, user=admin_user, expect=200)
    r = post(url=url, user=admin_user, expect=200)
    assert r.data['msg'] == f"Health check is running for {instance.hostname}."
-
-
-def test_custom_hostname_regex(post, admin_user):
-    url = reverse('api:instance_list')
-    with override_settings(IS_K8S=True):
-        for value in [
-            ("foo.bar.baz", 201),
-            ("f.bar.bz", 201),
-            ("foo.bar.b", 400),
-            ("a.b.c", 400),
-            ("localhost", 400),
-            ("127.0.0.1", 400),
-            ("192.168.56.101", 201),
-            ("2001:0db8:85a3:0000:0000:8a2e:0370:7334", 201),
-            ("foobar", 201),
-            ("--yoooo", 400),
-            ("$3$@foobar@#($!@#*$", 400),
-            ("999.999.999.999", 201),
-            ("0000:0000:0000:0000:0000:0000:0000:0001", 400),
-            ("whitespaces are bad for hostnames", 400),
-            ("0:0:0:0:0:0:0:1", 400),
-            ("192.localhost.domain.101", 201),
-            ("F@$%(@#$H%^(I@#^HCTQEWRFG", 400),
-        ]:
-            data = {
-                "hostname": value[0],
-                "node_type": "execution",
-                "node_state": "installed",
-            }
-            post(url=url, user=admin_user, data=data, expect=value[1])
--- a/awx/main/tests/functional/api/test_instance_group.py
+++ b/awx/main/tests/functional/api/test_instance_group.py
@@ -216,7 +216,7 @@ def test_instance_attach_to_instance_group(post, instance_group, node_type_insta

    count = ActivityStream.objects.count()

-    url = reverse('api:instance_group_instance_list', kwargs={'pk': instance_group.pk})
+    url = reverse(f'api:instance_group_instance_list', kwargs={'pk': instance_group.pk})
    post(url, {'associate': True, 'id': instance.id}, admin, expect=204 if node_type != 'control' else 400)

    new_activity = ActivityStream.objects.all()[count:]
@@ -240,7 +240,7 @@ def test_instance_unattach_from_instance_group(post, instance_group, node_type_i

    count = ActivityStream.objects.count()

-    url = reverse('api:instance_group_instance_list', kwargs={'pk': instance_group.pk})
+    url = reverse(f'api:instance_group_instance_list', kwargs={'pk': instance_group.pk})
    post(url, {'disassociate': True, 'id': instance.id}, admin, expect=204 if node_type != 'control' else 400)

    new_activity = ActivityStream.objects.all()[count:]
@@ -263,7 +263,7 @@ def test_instance_group_attach_to_instance(post, instance_group, node_type_insta

    count = ActivityStream.objects.count()

-    url = reverse('api:instance_instance_groups_list', kwargs={'pk': instance.pk})
+    url = reverse(f'api:instance_instance_groups_list', kwargs={'pk': instance.pk})
    post(url, {'associate': True, 'id': instance_group.id}, admin, expect=204 if node_type != 'control' else 400)

    new_activity = ActivityStream.objects.all()[count:]
@@ -287,7 +287,7 @@ def test_instance_group_unattach_from_instance(post, instance_group, node_type_i

    count = ActivityStream.objects.count()

-    url = reverse('api:instance_instance_groups_list', kwargs={'pk': instance.pk})
+    url = reverse(f'api:instance_instance_groups_list', kwargs={'pk': instance.pk})
    post(url, {'disassociate': True, 'id': instance_group.id}, admin, expect=204 if node_type != 'control' else 400)

    new_activity = ActivityStream.objects.all()[count:]
@@ -314,4 +314,4 @@ def test_cannot_remove_controlplane_hybrid_instances(post, controlplane_instance

    url = reverse('api:instance_instance_groups_list', kwargs={'pk': instance.pk})
    r = post(url, {'disassociate': True, 'id': controlplane_instance_group.id}, admin_user, expect=400)
-    assert 'Cannot disassociate hybrid instance' in str(r.data)
+    assert f'Cannot disassociate hybrid instance' in str(r.data)
--- a/awx/main/tests/functional/api/test_schedules.py
+++ b/awx/main/tests/functional/api/test_schedules.py
@@ -105,30 +105,6 @@ def test_encrypted_survey_answer(post, patch, admin_user, project, inventory, su
    assert decrypt_value(get_encryption_key('value', pk=None), schedule.extra_data['var1']) == 'bar'


-@pytest.mark.django_db
-def test_survey_password_default(post, patch, admin_user, project, inventory, survey_spec_factory):
-    job_template = JobTemplate.objects.create(
-        name='test-jt',
-        project=project,
-        playbook='helloworld.yml',
-        inventory=inventory,
-        ask_variables_on_launch=False,
-        survey_enabled=True,
-        survey_spec=survey_spec_factory([{'variable': 'var1', 'question_name': 'Q1', 'type': 'password', 'required': True, 'default': 'foobar'}]),
-    )
-
-    # test removal of $encrypted$
-    url = reverse('api:job_template_schedules_list', kwargs={'pk': job_template.id})
-    r = post(url, {'name': 'test sch', 'rrule': RRULE_EXAMPLE, 'extra_data': '{"var1": "$encrypted$"}'}, admin_user, expect=201)
-    schedule = Schedule.objects.get(pk=r.data['id'])
-    assert schedule.extra_data == {}
-    assert schedule.enabled is True
-
-    # test an unrelated change
-    patch(schedule.get_absolute_url(), data={'enabled': False}, user=admin_user, expect=200)
-    patch(schedule.get_absolute_url(), data={'enabled': True}, user=admin_user, expect=200)
-
-
@pytest.mark.django_db
@pytest.mark.parametrize(
    'rrule, error',
@@ -147,19 +123,19 @@ def test_survey_password_default(post, patch, admin_user, project, inventory, su
        ("DTSTART:20030925T104941Z RRULE:FREQ=DAILY;INTERVAL=10;COUNT=500;UNTIL=20040925T104941Z", "RRULE may not contain both COUNT and UNTIL"),  # noqa
        ("DTSTART:20300308T050000Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2000", "COUNT > 999 is unsupported"),  # noqa
        # Individual rule test with multiple rules
-        # Bad Rule:  RRULE:NONSENSE
+        ## Bad Rule:  RRULE:NONSENSE
        ("DTSTART:20300308T050000Z RRULE:NONSENSE RRULE:INTERVAL=1;FREQ=DAILY EXRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU", "INTERVAL required in rrule"),
-        # Bad Rule:  RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=5MO
+        ## Bad Rule:  RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=5MO
        (
            "DTSTART:20300308T050000Z RRULE:INTERVAL=1;FREQ=DAILY EXRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=5MO",
            "BYDAY with numeric prefix not supported",
        ),  # noqa
-        # Bad Rule:  RRULE:FREQ=DAILY;INTERVAL=10;COUNT=500;UNTIL=20040925T104941Z
+        ## Bad Rule:  RRULE:FREQ=DAILY;INTERVAL=10;COUNT=500;UNTIL=20040925T104941Z
        (
            "DTSTART:20030925T104941Z RRULE:INTERVAL=1;FREQ=DAILY EXRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU RRULE:FREQ=DAILY;INTERVAL=10;COUNT=500;UNTIL=20040925T104941Z",
            "RRULE may not contain both COUNT and UNTIL",
        ),  # noqa
-        # Bad Rule:  RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2000
+        ## Bad Rule:  RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2000
        (
            "DTSTART:20300308T050000Z RRULE:INTERVAL=1;FREQ=DAILY EXRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU RRULE:FREQ=DAILY;INTERVAL=1;COUNT=2000",
            "COUNT > 999 is unsupported",
--- a/awx/main/tests/functional/test_instances.py
+++ b/awx/main/tests/functional/test_instances.py
@@ -1,7 +1,7 @@
 import pytest
 from unittest import mock

-from awx.main.models import AdHocCommand, InventoryUpdate, JobTemplate, Job
+from awx.main.models import AdHocCommand, InventoryUpdate, JobTemplate
 from awx.main.models.activity_stream import ActivityStream
 from awx.main.models.ha import Instance, InstanceGroup
 from awx.main.tasks.system import apply_cluster_membership_policies
@@ -15,24 +15,6 @@ def test_default_tower_instance_group(default_instance_group, job_factory):
    assert default_instance_group in job_factory().preferred_instance_groups


-@pytest.mark.django_db
-@pytest.mark.parametrize('node_type', ('execution', 'control'))
-@pytest.mark.parametrize('active', (True, False))
-def test_get_cleanup_task_kwargs_active_jobs(node_type, active):
-    instance = Instance.objects.create(hostname='foobar', node_type=node_type)
-    job_kwargs = dict()
-    job_kwargs['controller_node' if node_type == 'control' else 'execution_node'] = instance.hostname
-    job_kwargs['status'] = 'running' if active else 'successful'
-
-    job = Job.objects.create(**job_kwargs)
-    kwargs = instance.get_cleanup_task_kwargs()
-
-    if active:
-        assert kwargs['exclude_strings'] == [f'awx_{job.pk}_']
-    else:
-        assert 'exclude_strings' not in kwargs
-
-
@pytest.mark.django_db
 class TestPolicyTaskScheduling:
    """Tests make assertions about when the policy task gets scheduled"""
--- a/awx/main/tests/functional/test_notifications.py
+++ b/awx/main/tests/functional/test_notifications.py
@@ -75,7 +75,6 @@ def test_encrypted_subfields(get, post, user, organization):
    url = reverse('api:notification_template_detail', kwargs={'pk': response.data['id']})
    response = get(url, u)
    assert response.data['notification_configuration']['account_token'] == "$encrypted$"
-
    with mock.patch.object(notification_template_actual.notification_class, "send_messages", assert_send):
        notification_template_actual.send("Test", {'body': "Test"})

@@ -176,46 +175,3 @@ def test_custom_environment_injection(post, user, organization):

        fake_send.side_effect = _send_side_effect
        template.send('subject', 'message')
-
-
-def mock_post(*args, **kwargs):
-    class MockGoodResponse:
-        def __init__(self):
-            self.status_code = 200
-
-    class MockRedirectResponse:
-        def __init__(self):
-            self.status_code = 301
-            self.headers = {"Location": "http://goodendpoint"}
-
-    if kwargs['url'] == "http://goodendpoint":
-        return MockGoodResponse()
-    else:
-        return MockRedirectResponse()
-
-
-@pytest.mark.django_db
-@mock.patch('requests.post', side_effect=mock_post)
-def test_webhook_notification_pointed_to_a_redirect_launch_endpoint(post, admin, organization):
-
-    n1 = NotificationTemplate.objects.create(
-        name="test-webhook",
-        description="test webhook",
-        organization=organization,
-        notification_type="webhook",
-        notification_configuration=dict(
-            url="http://some.fake.url",
-            disable_ssl_verification=True,
-            http_method="POST",
-            headers={
-                "Content-Type": "application/json",
-            },
-            username=admin.username,
-            password=admin.password,
-        ),
-        messages={
-            "success": {"message": "", "body": "{}"},
-        },
-    )
-
-    assert n1.send("", n1.messages.get("success").get("body")) == 1
--- a/awx/main/tests/unit/api/test_views.py
+++ b/awx/main/tests/unit/api/test_views.py
@@ -5,8 +5,7 @@ from unittest import mock

 from collections import namedtuple

-from awx.api.views.root import ApiVersionRootView
-from awx.api.views import JobTemplateLabelList, InventoryInventorySourcesUpdate, JobTemplateSurveySpec
+from awx.api.views import ApiVersionRootView, JobTemplateLabelList, InventoryInventorySourcesUpdate, JobTemplateSurveySpec

 from awx.main.views import handle_error

@@ -24,7 +23,7 @@ class TestApiRootView:
        endpoints = [
            'ping',
            'config',
-            # 'settings',
+            #'settings',
            'me',
            'dashboard',
            'organizations',
--- a/awx/main/tests/unit/models/test_jobs.py
+++ b/awx/main/tests/unit/models/test_jobs.py
@@ -36,14 +36,15 @@ def job(mocker, hosts, inventory):

 def test_start_job_fact_cache(hosts, job, inventory, tmpdir):
    fact_cache = os.path.join(tmpdir, 'facts')
-    last_modified = job.start_job_fact_cache(fact_cache, timeout=0)
+    modified_times = {}
+    job.start_job_fact_cache(fact_cache, modified_times, 0)

    for host in hosts:
        filepath = os.path.join(fact_cache, host.name)
        assert os.path.exists(filepath)
        with open(filepath, 'r') as f:
            assert f.read() == json.dumps(host.ansible_facts)
-        assert os.path.getmtime(filepath) <= last_modified
+        assert filepath in modified_times


 def test_fact_cache_with_invalid_path_traversal(job, inventory, tmpdir, mocker):
@@ -57,16 +58,18 @@ def test_fact_cache_with_invalid_path_traversal(job, inventory, tmpdir, mocker):
    )

    fact_cache = os.path.join(tmpdir, 'facts')
-    job.start_job_fact_cache(fact_cache, timeout=0)
+    job.start_job_fact_cache(fact_cache, {}, 0)
    # a file called "foo" should _not_ be written outside the facts dir
    assert os.listdir(os.path.join(fact_cache, '..')) == ['facts']


 def test_finish_job_fact_cache_with_existing_data(job, hosts, inventory, mocker, tmpdir):
    fact_cache = os.path.join(tmpdir, 'facts')
-    last_modified = job.start_job_fact_cache(fact_cache, timeout=0)
+    modified_times = {}
+    job.start_job_fact_cache(fact_cache, modified_times, 0)

-    bulk_update = mocker.patch('django.db.models.query.QuerySet.bulk_update')
+    for h in hosts:
+        h.save = mocker.Mock()

    ansible_facts_new = {"foo": "bar"}
    filepath = os.path.join(fact_cache, hosts[1].name)
@@ -80,20 +83,23 @@ def test_finish_job_fact_cache_with_existing_data(job, hosts, inventory, mocker,
        new_modification_time = time.time() + 3600
        os.utime(filepath, (new_modification_time, new_modification_time))

-    job.finish_job_fact_cache(fact_cache, last_modified)
+    job.finish_job_fact_cache(fact_cache, modified_times)

    for host in (hosts[0], hosts[2], hosts[3]):
+        host.save.assert_not_called()
        assert host.ansible_facts == {"a": 1, "b": 2}
        assert host.ansible_facts_modified is None
    assert hosts[1].ansible_facts == ansible_facts_new
-    bulk_update.assert_called_once_with([hosts[1]], ['ansible_facts', 'ansible_facts_modified'])
+    hosts[1].save.assert_called_once_with(update_fields=['ansible_facts', 'ansible_facts_modified'])


 def test_finish_job_fact_cache_with_bad_data(job, hosts, inventory, mocker, tmpdir):
    fact_cache = os.path.join(tmpdir, 'facts')
-    last_modified = job.start_job_fact_cache(fact_cache, timeout=0)
+    modified_times = {}
+    job.start_job_fact_cache(fact_cache, modified_times, 0)

-    bulk_update = mocker.patch('django.db.models.query.QuerySet.bulk_update')
+    for h in hosts:
+        h.save = mocker.Mock()

    for h in hosts:
        filepath = os.path.join(fact_cache, h.name)
@@ -103,22 +109,26 @@ def test_finish_job_fact_cache_with_bad_data(job, hosts, inventory, mocker, tmpd
            new_modification_time = time.time() + 3600
            os.utime(filepath, (new_modification_time, new_modification_time))

-    job.finish_job_fact_cache(fact_cache, last_modified)
+    job.finish_job_fact_cache(fact_cache, modified_times)

-    bulk_update.assert_not_called()
+    for h in hosts:
+        h.save.assert_not_called()


 def test_finish_job_fact_cache_clear(job, hosts, inventory, mocker, tmpdir):
    fact_cache = os.path.join(tmpdir, 'facts')
-    last_modified = job.start_job_fact_cache(fact_cache, timeout=0)
+    modified_times = {}
+    job.start_job_fact_cache(fact_cache, modified_times, 0)

-    bulk_update = mocker.patch('django.db.models.query.QuerySet.bulk_update')
+    for h in hosts:
+        h.save = mocker.Mock()

    os.remove(os.path.join(fact_cache, hosts[1].name))
-    job.finish_job_fact_cache(fact_cache, last_modified)
+    job.finish_job_fact_cache(fact_cache, modified_times)

    for host in (hosts[0], hosts[2], hosts[3]):
+        host.save.assert_not_called()
        assert host.ansible_facts == {"a": 1, "b": 2}
        assert host.ansible_facts_modified is None
    assert hosts[1].ansible_facts == {}
-    bulk_update.assert_called_once_with([hosts[1]], ['ansible_facts', 'ansible_facts_modified'])
+    hosts[1].save.assert_called_once_with()
--- a/awx/main/tests/unit/models/test_unified_job_unit.py
+++ b/awx/main/tests/unit/models/test_unified_job_unit.py
@@ -50,10 +50,7 @@ def test_cancel(unified_job):
    # Some more thought may want to go into only emitting canceled if/when the job record
    # status is changed to canceled. Unlike, currently, where it's emitted unconditionally.
    unified_job.websocket_emit_status.assert_called_with("canceled")
-    assert [(args, kwargs) for args, kwargs in unified_job.save.call_args_list] == [
-        ((), {'update_fields': ['cancel_flag', 'start_args']}),
-        ((), {'update_fields': ['status']}),
-    ]
+    unified_job.save.assert_called_with(update_fields=['cancel_flag', 'start_args', 'status'])


 def test_cancel_job_explanation(unified_job):
@@ -63,10 +60,7 @@ def test_cancel_job_explanation(unified_job):
        unified_job.cancel(job_explanation=job_explanation)

    assert unified_job.job_explanation == job_explanation
-    assert [(args, kwargs) for args, kwargs in unified_job.save.call_args_list] == [
-        ((), {'update_fields': ['cancel_flag', 'start_args', 'job_explanation']}),
-        ((), {'update_fields': ['status']}),
-    ]
+    unified_job.save.assert_called_with(update_fields=['cancel_flag', 'start_args', 'job_explanation', 'status'])


 def test_organization_copy_to_jobs():
--- a/awx/main/tests/unit/notifications/test_webhook.py
+++ b/awx/main/tests/unit/notifications/test_webhook.py
@@ -27,12 +27,11 @@ def test_send_messages_as_POST():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=None,
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -58,12 +57,11 @@ def test_send_messages_as_PUT():
            ]
        )
        requests_mock.put.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=None,
            data=json.dumps({'text': 'test body 2'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -89,12 +87,11 @@ def test_send_messages_with_username():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=('userstring', None),
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -120,12 +117,11 @@ def test_send_messages_with_password():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=(None, 'passwordstring'),
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -151,12 +147,11 @@ def test_send_messages_with_username_and_password():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=('userstring', 'passwordstring'),
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -182,12 +177,11 @@ def test_send_messages_with_no_verify_ssl():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=None,
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={'Content-Type': 'application/json', 'User-Agent': 'AWX 0.0.1.dev (open)'},
            verify=False,
-            allow_redirects=False,
        )
        assert sent_messages == 1

@@ -213,7 +207,7 @@ def test_send_messages_with_additional_headers():
            ]
        )
        requests_mock.post.assert_called_once_with(
-            url='http://example.com',
+            'http://example.com',
            auth=None,
            data=json.dumps({'text': 'test body'}, ensure_ascii=False).encode('utf-8'),
            headers={
@@ -223,6 +217,5 @@ def test_send_messages_with_additional_headers():
                'X-Test-Header2': 'test-content-2',
            },
            verify=True,
-            allow_redirects=False,
        )
        assert sent_messages == 1
--- a/awx/main/tests/unit/utils/test_common.py
+++ b/awx/main/tests/unit/utils/test_common.py
@@ -3,7 +3,6 @@
 # Copyright (c) 2017 Ansible, Inc.
 # All Rights Reserved.
 import os
-import re
 import pytest
 from uuid import uuid4
 import json
@@ -13,13 +12,9 @@ from unittest import mock
 from rest_framework.exceptions import ParseError

 from awx.main.utils import common
-from awx.api.validators import HostnameRegexValidator

 from awx.main.models import Job, AdHocCommand, InventoryUpdate, ProjectUpdate, SystemJob, WorkflowJob, Inventory, JobTemplate, UnifiedJobTemplate, UnifiedJob

-from django.core.exceptions import ValidationError
-from django.utils.regex_helper import _lazy_re_compile
-

@pytest.mark.parametrize(
    'input_, output',
@@ -199,136 +194,3 @@ def test_extract_ansible_vars():
    redacted, var_list = common.extract_ansible_vars(json.dumps(my_dict))
    assert var_list == set(['ansible_connetion_setting'])
    assert redacted == {"foobar": "baz"}
-
-
-@pytest.mark.parametrize(
-    'scm_type, url, username, password, check_special_cases, scp_format, expected',
-    [
-        # General/random cases
-        ('git', '', True, True, True, False, ''),
-        ('git', 'git://example.com/foo.git', True, True, True, False, 'git://example.com/foo.git'),
-        ('git', 'http://example.com/foo.git', True, True, True, False, 'http://example.com/foo.git'),
-        ('git', 'example.com:bar.git', True, True, True, False, 'git+ssh://example.com/bar.git'),
-        ('git', 'user@example.com:bar.git', True, True, True, False, 'git+ssh://user@example.com/bar.git'),
-        ('git', '127.0.0.1:bar.git', True, True, True, False, 'git+ssh://127.0.0.1/bar.git'),
-        ('git', 'git+ssh://127.0.0.1/bar.git', True, True, True, True, '127.0.0.1:bar.git'),
-        ('git', 'ssh://127.0.0.1:22/bar.git', True, True, True, False, 'ssh://127.0.0.1:22/bar.git'),
-        ('git', 'ssh://root@127.0.0.1:22/bar.git', True, True, True, False, 'ssh://root@127.0.0.1:22/bar.git'),
-        ('git', 'some/path', True, True, True, False, 'file:///some/path'),
-        ('git', '/some/path', True, True, True, False, 'file:///some/path'),
-        # Invalid URLs - ensure we error properly
-        ('cvs', 'anything', True, True, True, False, ValueError('Unsupported SCM type "cvs"')),
-        ('svn', 'anything-without-colon-slash-slash', True, True, True, False, ValueError('Invalid svn URL')),
-        ('git', 'http://example.com:123invalidport/foo.git', True, True, True, False, ValueError('Invalid git URL')),
-        ('git', 'git+ssh://127.0.0.1/bar.git', True, True, True, False, ValueError('Unsupported git URL')),
-        ('git', 'git@example.com:3000:/git/repo.git', True, True, True, False, ValueError('Invalid git URL')),
-        ('insights', 'git://example.com/foo.git', True, True, True, False, ValueError('Unsupported insights URL')),
-        ('svn', 'file://example/path', True, True, True, False, ValueError('Unsupported host "example" for file:// URL')),
-        ('svn', 'svn:///example', True, True, True, False, ValueError('Host is required for svn URL')),
-        # Username/password cases
-        ('git', 'https://example@example.com/bar.git', False, True, True, False, 'https://example.com/bar.git'),
-        ('git', 'https://example@example.com/bar.git', 'user', True, True, False, 'https://user@example.com/bar.git'),
-        ('git', 'https://example@example.com/bar.git', 'user:pw', True, True, False, 'https://user%3Apw@example.com/bar.git'),
-        ('git', 'https://example@example.com/bar.git', False, 'pw', True, False, 'https://example.com/bar.git'),
-        ('git', 'https://some:example@example.com/bar.git', True, False, True, False, 'https://some@example.com/bar.git'),
-        ('git', 'https://some:example@example.com/bar.git', False, False, True, False, 'https://example.com/bar.git'),
-        ('git', 'https://example.com/bar.git', 'user', 'pw', True, False, 'https://user:pw@example.com/bar.git'),
-        ('git', 'https://example@example.com/bar.git', False, 'something', True, False, 'https://example.com/bar.git'),
-        # Special github/bitbucket cases
-        ('git', 'notgit@github.com:ansible/awx.git', True, True, True, False, ValueError('Username must be "git" for SSH access to github.com.')),
-        (
-            'git',
-            'notgit@bitbucket.org:does-not-exist/example.git',
-            True,
-            True,
-            True,
-            False,
-            ValueError('Username must be "git" for SSH access to bitbucket.org.'),
-        ),
-        (
-            'git',
-            'notgit@altssh.bitbucket.org:does-not-exist/example.git',
-            True,
-            True,
-            True,
-            False,
-            ValueError('Username must be "git" for SSH access to altssh.bitbucket.org.'),
-        ),
-        ('git', 'git:password@github.com:ansible/awx.git', True, True, True, False, 'git+ssh://git@github.com/ansible/awx.git'),
-        # Disabling the special handling should not raise an error
-        ('git', 'notgit@github.com:ansible/awx.git', True, True, False, False, 'git+ssh://notgit@github.com/ansible/awx.git'),
-        ('git', 'notgit@bitbucket.org:does-not-exist/example.git', True, True, False, False, 'git+ssh://notgit@bitbucket.org/does-not-exist/example.git'),
-        (
-            'git',
-            'notgit@altssh.bitbucket.org:does-not-exist/example.git',
-            True,
-            True,
-            False,
-            False,
-            'git+ssh://notgit@altssh.bitbucket.org/does-not-exist/example.git',
-        ),
-        # awx#12992 - IPv6
-        ('git', 'http://[fd00:1234:2345:6789::11]:3000/foo.git', True, True, True, False, 'http://[fd00:1234:2345:6789::11]:3000/foo.git'),
-        ('git', 'http://foo:bar@[fd00:1234:2345:6789::11]:3000/foo.git', True, True, True, False, 'http://foo:bar@[fd00:1234:2345:6789::11]:3000/foo.git'),
-        ('git', 'example@[fd00:1234:2345:6789::11]:example/foo.git', True, True, True, False, 'git+ssh://example@[fd00:1234:2345:6789::11]/example/foo.git'),
-    ],
-)
-def test_update_scm_url(scm_type, url, username, password, check_special_cases, scp_format, expected):
-    if isinstance(expected, Exception):
-        with pytest.raises(type(expected)) as excinfo:
-            common.update_scm_url(scm_type, url, username, password, check_special_cases, scp_format)
-        assert str(excinfo.value) == str(expected)
-    else:
-        assert common.update_scm_url(scm_type, url, username, password, check_special_cases, scp_format) == expected
-
-
-class TestHostnameRegexValidator:
-    @pytest.fixture
-    def regex_expr(self):
-        return '^[a-z0-9][-a-z0-9]*$|^([a-z0-9][-a-z0-9]{0,62}[.])*[a-z0-9][-a-z0-9]{1,62}$'
-
-    @pytest.fixture
-    def re_flags(self):
-        return re.IGNORECASE
-
-    @pytest.fixture
-    def custom_err_message(self):
-        return "foobar"
-
-    def test_hostame_regex_validator_constructor_with_args(self, regex_expr, re_flags, custom_err_message):
-        h = HostnameRegexValidator(regex=regex_expr, flags=re_flags, message=custom_err_message)
-        assert h.regex == _lazy_re_compile(regex_expr, re_flags)
-        assert h.message == 'foobar'
-        assert h.code == 'invalid'
-        assert h.inverse_match == False
-        assert h.flags == re_flags
-
-    def test_hostame_regex_validator_default_constructor(self, regex_expr, re_flags):
-        h = HostnameRegexValidator()
-        assert h.regex == _lazy_re_compile(regex_expr, re_flags)
-        assert h.message == 'Enter a valid value.'
-        assert h.code == 'invalid'
-        assert h.inverse_match == False
-        assert h.flags == re_flags
-
-    def test_good_call(self, regex_expr, re_flags):
-        h = HostnameRegexValidator(regex=regex_expr, flags=re_flags)
-        assert (h("192.168.56.101"), None)
-
-    def test_bad_call(self, regex_expr, re_flags):
-        h = HostnameRegexValidator(regex=regex_expr, flags=re_flags)
-        try:
-            h("@#$%)$#(TUFAS_DG")
-        except ValidationError as e:
-            assert e.message is not None
-
-    def test_good_call_with_inverse(self, regex_expr, re_flags, inverse_match=True):
-        h = HostnameRegexValidator(regex=regex_expr, flags=re_flags, inverse_match=inverse_match)
-        try:
-            h("1.2.3.4")
-        except ValidationError as e:
-            assert e.message is not None
-
-    def test_bad_call_with_inverse(self, regex_expr, re_flags, inverse_match=True):
-        h = HostnameRegexValidator(regex=regex_expr, flags=re_flags, inverse_match=inverse_match)
-        assert (h("@#$%)$#(TUFAS_DG"), None)
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -11,12 +11,11 @@ import os
 import subprocess
 import re
 import stat
-import sys
 import urllib.parse
 import threading
 import contextlib
 import tempfile
-import functools
+from functools import reduce, wraps

 # Django
 from django.core.exceptions import ObjectDoesNotExist, FieldDoesNotExist
@@ -74,7 +73,6 @@ __all__ = [
    'NullablePromptPseudoField',
    'model_instance_diff',
    'parse_yaml_or_json',
-    'is_testing',
    'RequireDebugTrueOrTest',
    'has_model_field_prefetched',
    'set_environ',
@@ -90,7 +88,6 @@ __all__ = [
    'deepmerge',
    'get_event_partition_epoch',
    'cleanup_new_process',
-    'log_excess_runtime',
 ]


@@ -147,19 +144,6 @@ def underscore_to_camelcase(s):
    return ''.join(x.capitalize() or '_' for x in s.split('_'))


-@functools.cache
-def is_testing(argv=None):
-    '''Return True if running django or py.test unit tests.'''
-    if 'PYTEST_CURRENT_TEST' in os.environ.keys():
-        return True
-    argv = sys.argv if argv is None else argv
-    if len(argv) >= 1 and ('py.test' in argv[0] or 'py/test.py' in argv[0]):
-        return True
-    elif len(argv) >= 2 and argv[1] == 'test':
-        return True
-    return False
-
-
 class RequireDebugTrueOrTest(logging.Filter):
    """
    Logging filter to output when in DEBUG mode or running tests.
@@ -168,7 +152,7 @@ class RequireDebugTrueOrTest(logging.Filter):
    def filter(self, record):
        from django.conf import settings

-        return settings.DEBUG or is_testing()
+        return settings.DEBUG or settings.IS_TESTING()


 class IllegalArgumentError(ValueError):
@@ -190,7 +174,7 @@ def memoize(ttl=60, cache_key=None, track_function=False, cache=None):
    cache = cache or get_memoize_cache()

    def memoize_decorator(f):
-        @functools.wraps(f)
+        @wraps(f)
        def _memoizer(*args, **kwargs):
            if track_function:
                cache_dict_key = slugify('%r %r' % (args, kwargs))
@@ -280,15 +264,9 @@ def update_scm_url(scm_type, url, username=True, password=True, check_special_ca
                userpass, hostpath = url.split('@', 1)
            else:
                userpass, hostpath = '', url
-            # Handle IPv6 here. In this case, we might have hostpath of:
-            # [fd00:1234:2345:6789::11]:example/foo.git
-            if hostpath.startswith('[') and ']:' in hostpath:
-                host, path = hostpath.split(']:', 1)
-                host = host + ']'
-            elif hostpath.count(':') > 1:
+            if hostpath.count(':') > 1:
                raise ValueError(_('Invalid %s URL') % scm_type)
-            else:
-                host, path = hostpath.split(':', 1)
+            host, path = hostpath.split(':', 1)
            # if not path.startswith('/') and not path.startswith('~/'):
            #    path = '~/%s' % path
            # if path.startswith('/'):
@@ -347,11 +325,7 @@ def update_scm_url(scm_type, url, username=True, password=True, check_special_ca
        netloc = u':'.join([urllib.parse.quote(x, safe='') for x in (netloc_username, netloc_password) if x])
    else:
        netloc = u''
-    # urllib.parse strips brackets from IPv6 addresses, so we need to add them back in
-    hostname = parts.hostname
-    if hostname and ':' in hostname and '[' in url and ']' in url:
-        hostname = f'[{hostname}]'
-    netloc = u'@'.join(filter(None, [netloc, hostname]))
+    netloc = u'@'.join(filter(None, [netloc, parts.hostname]))
    if parts.port:
        netloc = u':'.join([netloc, str(parts.port)])
    new_url = urllib.parse.urlunsplit([parts.scheme, netloc, parts.path, parts.query, parts.fragment])
@@ -1008,7 +982,7 @@ def getattrd(obj, name, default=NoDefaultProvided):
    """

    try:
-        return functools.reduce(getattr, name.split("."), obj)
+        return reduce(getattr, name.split("."), obj)
    except AttributeError:
        if default != NoDefaultProvided:
            return default
@@ -1204,7 +1178,7 @@ def cleanup_new_process(func):
    Cleanup django connection, cache connection, before executing new thread or processes entry point, func.
    """

-    @functools.wraps(func)
+    @wraps(func)
    def wrapper_cleanup_new_process(*args, **kwargs):
        from awx.conf.settings import SettingsWrapper  # noqa

@@ -1216,30 +1190,15 @@ def cleanup_new_process(func):
    return wrapper_cleanup_new_process


-def log_excess_runtime(func_logger, cutoff=5.0, debug_cutoff=5.0, msg=None, add_log_data=False):
+def log_excess_runtime(func_logger, cutoff=5.0):
    def log_excess_runtime_decorator(func):
-        @functools.wraps(func)
+        @wraps(func)
        def _new_func(*args, **kwargs):
            start_time = time.time()
-            log_data = {'name': repr(func.__name__)}
-
-            if add_log_data:
-                return_value = func(*args, log_data=log_data, **kwargs)
-            else:
-                return_value = func(*args, **kwargs)
-
-            log_data['delta'] = time.time() - start_time
-            if isinstance(return_value, dict):
-                log_data.update(return_value)
-
-            if msg is None:
-                record_msg = 'Running {name} took {delta:.2f}s'
-            else:
-                record_msg = msg
-            if log_data['delta'] > cutoff:
-                func_logger.info(record_msg.format(**log_data))
-            elif log_data['delta'] > debug_cutoff:
-                func_logger.debug(record_msg.format(**log_data))
+            return_value = func(*args, **kwargs)
+            delta = time.time() - start_time
+            if delta > cutoff:
+                logger.info(f'Running {func.__name__!r} took {delta:.2f}s')
            return return_value

        return _new_func
--- a/awx/main/utils/handlers.py
+++ b/awx/main/utils/handlers.py
@@ -110,7 +110,7 @@ if settings.COLOR_LOGS is True:
                # logs rendered with cyan text
                previous_level_map = self.level_map.copy()
                if record.name == "awx.analytics.job_lifecycle":
-                    self.level_map[logging.INFO] = (None, 'cyan', True)
+                    self.level_map[logging.DEBUG] = (None, 'cyan', True)
                msg = super(ColorHandler, self).colorize(line, record)
                self.level_map = previous_level_map
                return msg
--- a/awx/main/wsbroadcast.py
+++ b/awx/main/wsbroadcast.py
@@ -35,7 +35,7 @@ def unwrap_broadcast_msg(payload: dict):
 def get_broadcast_hosts():
    Instance = apps.get_model('main', 'Instance')
    instances = (
-        Instance.objects.exclude(hostname=Instance.objects.my_hostname())
+        Instance.objects.exclude(hostname=Instance.objects.me().hostname)
        .exclude(node_type='execution')
        .exclude(node_type='hop')
        .order_by('hostname')
@@ -47,7 +47,7 @@ def get_broadcast_hosts():

 def get_local_host():
    Instance = apps.get_model('main', 'Instance')
-    return Instance.objects.my_hostname()
+    return Instance.objects.me().hostname


 class WebsocketTask:
--- a/awx/playbooks/action_plugins/verify_project.py
+++ b/awx/playbooks/action_plugins/verify_project.py
@@ -5,6 +5,7 @@ __metaclass__ = type
 import gnupg
 import os
 import tempfile
+from ansible.module_utils.basic import *
 from ansible.plugins.action import ActionBase
 from ansible.utils.display import Display

@@ -14,7 +15,7 @@ from ansible_sign.checksum import (
    InvalidChecksumLine,
 )
 from ansible_sign.checksum.differ import DistlibManifestChecksumFileExistenceDiffer
-from ansible_sign.signing import GPGVerifier
+from ansible_sign.signing import *

 display = Display()

--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -10,6 +10,28 @@ import socket
 from datetime import timedelta


+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+
+
+def is_testing(argv=None):
+    import sys
+
+    '''Return True if running django or py.test unit tests.'''
+    if 'PYTEST_CURRENT_TEST' in os.environ.keys():
+        return True
+    argv = sys.argv if argv is None else argv
+    if len(argv) >= 1 and ('py.test' in argv[0] or 'py/test.py' in argv[0]):
+        return True
+    elif len(argv) >= 2 and argv[1] == 'test':
+        return True
+    return False
+
+
+def IS_TESTING(argv=None):
+    return is_testing(argv)
+
+
 if "pytest" in sys.modules:
    from unittest import mock

@@ -18,13 +40,9 @@ if "pytest" in sys.modules:
 else:
    import ldap

-
 DEBUG = True
 SQL_DEBUG = DEBUG

-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-BASE_DIR = os.path.dirname(os.path.dirname(__file__))
-
 # FIXME: it would be nice to cycle back around and allow this to be
 # BigAutoField going forward, but we'd have to be explicit about our
 # existing models.
@@ -83,7 +101,7 @@ USE_L10N = True

 USE_TZ = True

-STATICFILES_DIRS = [os.path.join(BASE_DIR, 'ui', 'build', 'static'), os.path.join(BASE_DIR, 'static')]
+STATICFILES_DIRS = (os.path.join(BASE_DIR, 'ui', 'build', 'static'), os.path.join(BASE_DIR, 'static'))

 # Absolute filesystem path to the directory where static file are collected via
 # the collectstatic command.
@@ -236,14 +254,6 @@ START_TASK_LIMIT = 100
 TASK_MANAGER_TIMEOUT = 300
 TASK_MANAGER_TIMEOUT_GRACE_PERIOD = 60

-# Number of seconds _in addition to_ the task manager timeout a job can stay
-# in waiting without being reaped
-JOB_WAITING_GRACE_PERIOD = 60
-
-# Number of seconds after a container group job finished time to wait
-# before the awx_k8s_reaper task will tear down the pods
-K8S_POD_REAPER_GRACE_PERIOD = 60
-
 # Disallow sending session cookies over insecure connections
 SESSION_COOKIE_SECURE = True

@@ -350,7 +360,7 @@ REST_FRAMEWORK = {
    # For swagger schema generation
    # see https://github.com/encode/django-rest-framework/pull/6532
    'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.AutoSchema',
-    # 'URL_FORMAT_OVERRIDE': None,
+    #'URL_FORMAT_OVERRIDE': None,
 }

 AUTHENTICATION_BACKENDS = (
@@ -994,5 +1004,16 @@ DEFAULT_CONTAINER_RUN_OPTIONS = ['--network', 'slirp4netns:enable_ipv6=true']
 # Mount exposed paths as hostPath resource in k8s/ocp
 AWX_MOUNT_ISOLATED_PATHS_ON_K8S = False

+# Time out task managers if they take longer than this many seconds
+TASK_MANAGER_TIMEOUT = 300
+
+# Number of seconds _in addition to_ the task manager timeout a job can stay
+# in waiting without being reaped
+JOB_WAITING_GRACE_PERIOD = 60
+
+# Number of seconds after a container group job finished time to wait
+# before the awx_k8s_reaper task will tear down the pods
+K8S_POD_REAPER_GRACE_PERIOD = 60
+
 # This is overridden downstream via /etc/tower/conf.d/cluster_host_id.py
 CLUSTER_HOST_ID = socket.gethostname()
--- a/awx/settings/production.py
+++ b/awx/settings/production.py
@@ -101,5 +101,5 @@ except IOError:
 # The below runs AFTER all of the custom settings are imported.

 DATABASES.setdefault('default', dict()).setdefault('OPTIONS', dict()).setdefault(
-    'application_name', f'{CLUSTER_HOST_ID}-{os.getpid()}-{" ".join(sys.argv)}'[:63]  # NOQA
+    'application_name', f'{CLUSTER_HOST_ID}-{os.getpid()}-{" ".join(sys.argv)}'[:63]
 )  # noqa
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -11,11 +11,9 @@ import ldap
 # Django
 from django.dispatch import receiver
 from django.contrib.auth.models import User
-from django.contrib.contenttypes.models import ContentType
 from django.conf import settings as django_settings
 from django.core.signals import setting_changed
 from django.utils.encoding import force_str
-from django.db.utils import IntegrityError

 # django-auth-ldap
 from django_auth_ldap.backend import LDAPSettings as BaseLDAPSettings
@@ -329,32 +327,31 @@ class SAMLAuth(BaseSAMLAuth):
        return super(SAMLAuth, self).get_user(user_id)


-def _update_m2m_from_groups(ldap_user, opts, remove=True):
+def _update_m2m_from_groups(user, ldap_user, related, opts, remove=True):
    """
-    Hepler function to evaluate the LDAP team/org options to determine if LDAP user should
-      be a member of the team/org based on their ldap group dns.
-
-    Returns:
-        True - User should be added
-        False - User should be removed
-        None - Users membership should not be changed
+    Hepler function to update m2m relationship based on LDAP group membership.
    """
+    should_add = False
    if opts is None:
-        return None
+        return
    elif not opts:
        pass
-    elif isinstance(opts, bool) and opts is True:
-        return True
+    elif opts is True:
+        should_add = True
    else:
        if isinstance(opts, str):
            opts = [opts]
-        # If any of the users groups matches any of the list options
        for group_dn in opts:
            if not isinstance(group_dn, str):
                continue
            if ldap_user._get_groups().is_member_of(group_dn):
-                return True
-    return False
+                should_add = True
+    if should_add:
+        user.save()
+        related.add(user)
+    elif remove and user in related.all():
+        user.save()
+        related.remove(user)


@receiver(populate_user, dispatch_uid='populate-ldap-user')
@@ -386,73 +383,31 @@ def on_populate_user(sender, **kwargs):
            force_user_update = True
            logger.warning('LDAP user {} has {} > max {} characters'.format(user.username, field, max_len))

+    # Update organization membership based on group memberships.
    org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {})
-    team_map = getattr(backend.settings, 'TEAM_MAP', {})
-
-    # Move this junk into save of the settings for performance later, there is no need to do that here
-    #    with maybe the exception of someone defining this in settings before the server is started?
-    # ==============================================================================================================
-
-    # Get all of the IDs and names of orgs in the DB and create any new org defined in LDAP that does not exist in the DB
-    existing_orgs = {}
-    for (org_id, org_name) in Organization.objects.all().values_list('id', 'name'):
-        existing_orgs[org_name] = org_id
-
-    # Create any orgs (if needed) for all entries in the org and team maps
-    for org_name in set(list(org_map.keys()) + [item.get('organization', None) for item in team_map.values()]):
-        if org_name and org_name not in existing_orgs:
-            logger.info("LDAP adapter is creating org {}".format(org_name))
-            try:
-                new_org = Organization.objects.create(name=org_name)
-            except IntegrityError:
-                # Another thread must have created this org before we did so now we need to get it
-                new_org = Organization.objects.get(name=org_name)
-            # Add the org name to the existing orgs since we created it and we may need it to build the teams below
-            existing_orgs[org_name] = new_org.id
-
-    # Do the same for teams
-    existing_team_names = list(Team.objects.all().values_list('name', flat=True))
-    for team_name, team_opts in team_map.items():
-        if not team_opts.get('organization', None):
-            # You can't save the LDAP config in the UI w/o an org (or '' or null as the org) so if we somehow got this condition its an error
-            logger.error("Team named {} in LDAP team map settings is invalid due to missing organization".format(team_name))
-            continue
-        if team_name not in existing_team_names:
-            try:
-                Team.objects.create(name=team_name, organization_id=existing_orgs[team_opts['organization']])
-            except IntegrityError:
-                # If another process got here before us that is ok because we don't need the ID from this team or anything
-                pass
-    # End move some day
-    # ==============================================================================================================
-
-    # Compute in memory what the state is of the different LDAP orgs
-    org_roles_and_ldap_attributes = {'admin_role': 'admins', 'auditor_role': 'auditors', 'member_role': 'users'}
-    desired_org_states = {}
    for org_name, org_opts in org_map.items():
+        org, created = Organization.objects.get_or_create(name=org_name)
        remove = bool(org_opts.get('remove', True))
-        desired_org_states[org_name] = {}
-        for org_role_name in org_roles_and_ldap_attributes.keys():
-            ldap_name = org_roles_and_ldap_attributes[org_role_name]
-            opts = org_opts.get(ldap_name, None)
-            remove = bool(org_opts.get('remove_{}'.format(ldap_name), remove))
-            desired_org_states[org_name][org_role_name] = _update_m2m_from_groups(ldap_user, opts, remove)
+        admins_opts = org_opts.get('admins', None)
+        remove_admins = bool(org_opts.get('remove_admins', remove))
+        _update_m2m_from_groups(user, ldap_user, org.admin_role.members, admins_opts, remove_admins)
+        auditors_opts = org_opts.get('auditors', None)
+        remove_auditors = bool(org_opts.get('remove_auditors', remove))
+        _update_m2m_from_groups(user, ldap_user, org.auditor_role.members, auditors_opts, remove_auditors)
+        users_opts = org_opts.get('users', None)
+        remove_users = bool(org_opts.get('remove_users', remove))
+        _update_m2m_from_groups(user, ldap_user, org.member_role.members, users_opts, remove_users)

-        # If everything returned None (because there was no configuration) we can remove this org from our map
-        # This will prevent us from loading the org in the next query
-        if all(desired_org_states[org_name][org_role_name] is None for org_role_name in org_roles_and_ldap_attributes.keys()):
-            del desired_org_states[org_name]
-
-    # Compute in memory what the state is of the different LDAP teams
-    desired_team_states = {}
+    # Update team membership based on group memberships.
+    team_map = getattr(backend.settings, 'TEAM_MAP', {})
    for team_name, team_opts in team_map.items():
        if 'organization' not in team_opts:
            continue
+        org, created = Organization.objects.get_or_create(name=team_opts['organization'])
+        team, created = Team.objects.get_or_create(name=team_name, organization=org)
        users_opts = team_opts.get('users', None)
        remove = bool(team_opts.get('remove', True))
-        state = _update_m2m_from_groups(ldap_user, users_opts, remove)
-        if state is not None:
-            desired_team_states[team_name] = {'member_role': state}
+        _update_m2m_from_groups(user, ldap_user, team.member_role.members, users_opts, remove)

    # Check if user.profile is available, otherwise force user.save()
    try:
@@ -468,62 +423,3 @@ def on_populate_user(sender, **kwargs):
    if profile.ldap_dn != ldap_user.dn:
        profile.ldap_dn = ldap_user.dn
        profile.save()
-
-    reconcile_users_org_team_mappings(user, desired_org_states, desired_team_states, 'LDAP')
-
-
-def reconcile_users_org_team_mappings(user, desired_org_states, desired_team_states, source):
-    from awx.main.models import Organization, Team
-
-    content_types = []
-    reconcile_items = []
-    if desired_org_states:
-        content_types.append(ContentType.objects.get_for_model(Organization))
-        reconcile_items.append(('organization', desired_org_states, Organization))
-    if desired_team_states:
-        content_types.append(ContentType.objects.get_for_model(Team))
-        reconcile_items.append(('team', desired_team_states, Team))
-
-    if not content_types:
-        # If both desired states were empty we can simply return because there is nothing to reconcile
-        return
-
-    # users_roles is a flat set of IDs
-    users_roles = set(user.roles.filter(content_type__in=content_types).values_list('pk', flat=True))
-
-    for object_type, desired_states, model in reconcile_items:
-        # Get all of the roles in the desired states for efficient DB extraction
-        roles = []
-        for sub_dict in desired_states.values():
-            for role_name in sub_dict:
-                if sub_dict[role_name] is None:
-                    continue
-                if role_name not in roles:
-                    roles.append(role_name)
-
-        # Get a set of named tuples for the org/team name plus all of the roles we got above
-        model_roles = model.objects.filter(name__in=desired_states.keys()).values_list('name', *roles, named=True)
-        for row in model_roles:
-            for role_name in roles:
-                desired_state = desired_states.get(row.name, {})
-                if desired_state[role_name] is None:
-                    # The mapping was not defined for this [org/team]/role so we can just pass
-                    pass
-
-                # If somehow the auth adapter knows about an items role but that role is not defined in the DB we are going to print a pretty error
-                # This is your classic safety net that we should never hit; but here you are reading this comment... good luck and Godspeed.
-                role_id = getattr(row, role_name, None)
-                if role_id is None:
-                    logger.error("{} adapter wanted to manage role {} of {} {} but that role is not defined".format(source, role_name, object_type, row.name))
-                    continue
-
-                if desired_state[role_name]:
-                    # The desired state was the user mapped into the object_type, if the user was not mapped in map them in
-                    if role_id not in users_roles:
-                        logger.debug("{} adapter adding user {} to {} {} as {}".format(source, user.username, object_type, row.name, role_name))
-                        user.roles.add(role_id)
-                else:
-                    # The desired state was the user was not mapped into the org, if the user has the permission remove it
-                    if role_id in users_roles:
-                        logger.debug("{} adapter removing user {} permission of {} from {} {}".format(source, user.username, role_name, object_type, row.name))
-                        user.roles.remove(role_id)
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -53,7 +53,7 @@ SOCIAL_AUTH_ORGANIZATION_MAP_HELP_TEXT = _(
    '''\
 Mapping to organization admins/users from social auth accounts. This setting
 controls which users are placed into which organizations based on their
-username and email address. Configuration details are available in the
+username and email address. Configuration details are available in the 
 documentation.\
 '''
 )
--- a/awx/sso/migrations/0003_convert_saml_string_to_list.py
+++ b/awx/sso/migrations/0003_convert_saml_string_to_list.py
@@ -6,7 +6,7 @@ _values_to_change = ['is_superuser_value', 'is_superuser_role', 'is_system_audit

 def _get_setting():
    with connection.cursor() as cursor:
-        cursor.execute('SELECT value FROM conf_setting WHERE key= %s', ['SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR'])
+        cursor.execute(f'SELECT value FROM conf_setting WHERE key= %s', ['SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR'])
        row = cursor.fetchone()
        if row == None:
            return {}
@@ -24,7 +24,7 @@ def _get_setting():

 def _set_setting(value):
    with connection.cursor() as cursor:
-        cursor.execute('UPDATE conf_setting SET value = %s WHERE key = %s', [json.dumps(value), 'SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR'])
+        cursor.execute(f'UPDATE conf_setting SET value = %s WHERE key = %s', [json.dumps(value), 'SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR'])


 def forwards(app, schema_editor):
--- a/awx/sso/tests/functional/test_pipeline.py
+++ b/awx/sso/tests/functional/test_pipeline.py
@@ -163,9 +163,9 @@ class TestSAMLAttr:
                    'PersonImmutableID': [],
                },
            },
-            # 'social': <UserSocialAuth: cmeyers@redhat.com>,
+            #'social': <UserSocialAuth: cmeyers@redhat.com>,
            'social': None,
-            # 'strategy': <awx.sso.strategies.django_strategy.AWXDjangoStrategy object at 0x8523a10>,
+            #'strategy': <awx.sso.strategies.django_strategy.AWXDjangoStrategy object at 0x8523a10>,
            'strategy': None,
            'new_association': False,
        }
--- a/awx/sso/views.py
+++ b/awx/sso/views.py
@@ -11,6 +11,8 @@ from django.http import HttpResponse
 from django.views.generic import View
 from django.views.generic.base import RedirectView
 from django.utils.encoding import smart_str
+from awx.api.serializers import UserSerializer
+from rest_framework.renderers import JSONRenderer
 from django.conf import settings

 logger = logging.getLogger('awx.sso.views')
@@ -40,6 +42,9 @@ class CompleteView(BaseRedirectView):
        if self.request.user and self.request.user.is_authenticated:
            logger.info(smart_str(u"User {} logged in".format(self.request.user.username)))
            response.set_cookie('userLoggedIn', 'true')
+            current_user = UserSerializer(self.request.user)
+            current_user = smart_str(JSONRenderer().render(current_user.data))
+            current_user = urllib.parse.quote('%s' % current_user, '')
            response.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid'))
        return response

--- a/awx/ui/package-lock.json
+++ b/awx/ui/package-lock.json
@@ -7,15 +7,15 @@
      "name": "ui",
      "dependencies": {
        "@lingui/react": "3.14.0",
-        "@patternfly/patternfly": "4.217.1",
-        "@patternfly/react-core": "^4.250.1",
-        "@patternfly/react-icons": "4.92.10",
-        "@patternfly/react-table": "4.108.0",
+        "@patternfly/patternfly": "4.210.2",
+        "@patternfly/react-core": "^4.221.3",
+        "@patternfly/react-icons": "4.75.1",
+        "@patternfly/react-table": "4.100.8",
        "ace-builds": "^1.10.1",
        "ansi-to-html": "0.7.2",
        "axios": "0.27.2",
        "codemirror": "^6.0.1",
-        "d3": "7.6.1",
+        "d3": "7.4.4",
        "dagre": "^0.8.4",
        "dompurify": "2.4.0",
        "formik": "2.2.9",
@@ -31,7 +31,7 @@
        "react-router-dom": "^5.3.3",
        "react-virtualized": "^9.21.1",
        "rrule": "2.7.1",
-        "styled-components": "5.3.6"
+        "styled-components": "5.3.5"
      },
      "devDependencies": {
        "@babel/core": "^7.16.10",
@@ -3747,26 +3747,35 @@
      "dev": true
    },
    "node_modules/@patternfly/patternfly": {
-      "version": "4.217.1",
-      "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.217.1.tgz",
-      "integrity": "sha512-uN7JgfQsyR16YHkuGRCTIcBcnyKIqKjGkB2SGk9x1XXH3yYGenL83kpAavX9Xtozqp17KppOlybJuzcKvZMrgw=="
+      "version": "4.210.2",
+      "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.210.2.tgz",
+      "integrity": "sha512-aZiW24Bxi6uVmk5RyNTp+6q6ThtlJZotNRJfWVeGuwu1UlbBuV4DFa1bpjA6jfTZpfEpX2YL5+R+4ZVSCFAVdw=="
    },
    "node_modules/@patternfly/react-core": {
-      "version": "4.250.1",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-core/-/react-core-4.250.1.tgz",
-      "integrity": "sha512-vAOZPQdZzYXl/vkHnHMIt1eC3nrPDdsuuErPatkNPwmSvilXuXmWP5wxoJ36FbSNRRURkprFwx52zMmWS3iHJA==",
+      "version": "4.231.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-core/-/react-core-4.231.8.tgz",
+      "integrity": "sha512-2ClqlYCvSADppMfVfkUGIA/8XlO6jX8batoClXLxZDwqGoOfr61XyUgQ6SSlE4w60czoNeX4Nf6cfQKUH4RIKw==",
      "dependencies": {
-        "@patternfly/react-icons": "^4.92.6",
-        "@patternfly/react-styles": "^4.91.6",
-        "@patternfly/react-tokens": "^4.93.6",
+        "@patternfly/react-icons": "^4.82.8",
+        "@patternfly/react-styles": "^4.81.8",
+        "@patternfly/react-tokens": "^4.83.8",
        "focus-trap": "6.9.2",
        "react-dropzone": "9.0.0",
        "tippy.js": "5.1.2",
        "tslib": "^2.0.0"
      },
      "peerDependencies": {
-        "react": "^16.8 || ^17 || ^18",
-        "react-dom": "^16.8 || ^17 || ^18"
+        "react": "^16.8.0 || ^17.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0"
+      }
+    },
+    "node_modules/@patternfly/react-core/node_modules/@patternfly/react-icons": {
+      "version": "4.82.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.82.8.tgz",
+      "integrity": "sha512-cKixprTiMLZRe/+kmdZ5suvYb9ly9p1f/HjlcNiWBfsiA8ZDEPmxJnVdend/YsafelC8YC9QGcQf97ay5PNhcw==",
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0"
      }
    },
    "node_modules/@patternfly/react-core/node_modules/tslib": {
@@ -3775,28 +3784,28 @@
      "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
    },
    "node_modules/@patternfly/react-icons": {
-      "version": "4.92.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.92.10.tgz",
-      "integrity": "sha512-vwCy7b+OyyuvLDSLqLUG2DkJZgMDogjld8tJTdAaG8HiEhC1sJPZac+5wD7AuS3ym/sQolS4vYtNiVDnMEORxA==",
+      "version": "4.75.1",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.75.1.tgz",
+      "integrity": "sha512-1ly8SVi/kcc0zkiViOjUd8D5BEr7GeqWGmDPuDSBtD60l1dYf3hZc44IWFVkRM/oHZML/musdrJkLfh4MDqX9w==",
      "peerDependencies": {
-        "react": "^16.8 || ^17 || ^18",
-        "react-dom": "^16.8 || ^17 || ^18"
+        "react": "^16.8.0 || ^17.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0"
      }
    },
    "node_modules/@patternfly/react-styles": {
-      "version": "4.91.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-styles/-/react-styles-4.91.10.tgz",
-      "integrity": "sha512-fAG4Vjp63ohiR92F4e/Gkw5q1DSSckHKqdnEF75KUpSSBORzYP0EKMpupSd6ItpQFJw3iWs3MJi3/KIAAfU1Jw=="
+      "version": "4.81.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-styles/-/react-styles-4.81.8.tgz",
+      "integrity": "sha512-Q5FiureSSCMIuz+KLMcEm1317TzbXcwmg2q5iNDRKyf/K+5CT6tJp0Wbtk3FlfRvzli4u/7YfXipahia5TL+tA=="
    },
    "node_modules/@patternfly/react-table": {
-      "version": "4.108.0",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-table/-/react-table-4.108.0.tgz",
-      "integrity": "sha512-EUvd3rlkE1UXobAm7L6JHgNE3TW8IYTaVwwH/px4Mkn5mBayDO6f+w6QM3OeoDQVZcXK6IYFe7QQaYd/vWIJCQ==",
+      "version": "4.100.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-table/-/react-table-4.100.8.tgz",
+      "integrity": "sha512-80XZCZzoYN9gsoufNdXUB/dk33SuWF9lUnOJs7ilezD6noTSD7ARqO1h532eaEPIbPBp4uIVkEUdfGSHd0HJtg==",
      "dependencies": {
-        "@patternfly/react-core": "^4.239.0",
-        "@patternfly/react-icons": "^4.90.0",
-        "@patternfly/react-styles": "^4.89.0",
-        "@patternfly/react-tokens": "^4.91.0",
+        "@patternfly/react-core": "^4.231.8",
+        "@patternfly/react-icons": "^4.82.8",
+        "@patternfly/react-styles": "^4.81.8",
+        "@patternfly/react-tokens": "^4.83.8",
        "lodash": "^4.17.19",
        "tslib": "^2.0.0"
      },
@@ -3805,15 +3814,24 @@
        "react-dom": "^16.8.0 || ^17.0.0"
      }
    },
+    "node_modules/@patternfly/react-table/node_modules/@patternfly/react-icons": {
+      "version": "4.82.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.82.8.tgz",
+      "integrity": "sha512-cKixprTiMLZRe/+kmdZ5suvYb9ly9p1f/HjlcNiWBfsiA8ZDEPmxJnVdend/YsafelC8YC9QGcQf97ay5PNhcw==",
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0"
+      }
+    },
    "node_modules/@patternfly/react-table/node_modules/tslib": {
      "version": "2.4.0",
      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
      "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ=="
    },
    "node_modules/@patternfly/react-tokens": {
-      "version": "4.93.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-tokens/-/react-tokens-4.93.10.tgz",
-      "integrity": "sha512-F+j1irDc9M6zvY6qNtDryhbpnHz3R8ymHRdGelNHQzPTIK88YSWEnT1c9iUI+uM/iuZol7sJmO5STtg2aPIDRQ=="
+      "version": "4.83.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-tokens/-/react-tokens-4.83.8.tgz",
+      "integrity": "sha512-Z/MHXNY8PQOuBFGUar2yzPVbz3BNJuhB+Dnk5RJcc/iIn3S+VlSru7g6v5jqoV/+a5wLqZtLGEBp8uhCZ7Xkig=="
    },
    "node_modules/@pmmmwh/react-refresh-webpack-plugin": {
      "version": "0.5.4",
@@ -7464,16 +7482,16 @@
      "integrity": "sha512-jXKhWqXPmlUeoQnF/EhTtTl4C9SnrxSH/jZUih3jmO6lBKr99rP3/+FmrMj4EFpOXzMtXHAZkd3x0E6h6Fgflw=="
    },
    "node_modules/d3": {
-      "version": "7.6.1",
-      "resolved": "https://registry.npmjs.org/d3/-/d3-7.6.1.tgz",
-      "integrity": "sha512-txMTdIHFbcpLx+8a0IFhZsbp+PfBBPt8yfbmukZTQFroKuFqIwqswF0qE5JXWefylaAVpSXFoKm3yP+jpNLFLw==",
+      "version": "7.4.4",
+      "resolved": "https://registry.npmjs.org/d3/-/d3-7.4.4.tgz",
+      "integrity": "sha512-97FE+MYdAlV3R9P74+R3Uar7wUKkIFu89UWMjEaDhiJ9VxKvqaMxauImy8PC2DdBkdM2BxJOIoLxPrcZUyrKoQ==",
      "dependencies": {
        "d3-array": "3",
        "d3-axis": "3",
        "d3-brush": "3",
        "d3-chord": "3",
        "d3-color": "3",
-        "d3-contour": "4",
+        "d3-contour": "3",
        "d3-delaunay": "6",
        "d3-dispatch": "3",
        "d3-drag": "3",
@@ -7504,9 +7522,9 @@
      }
    },
    "node_modules/d3-array": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.0.tgz",
-      "integrity": "sha512-3yXFQo0oG3QCxbF06rMPFyGRMGJNS7NvsV1+2joOjbBE+9xvWQ8+GcMJAjRCzw06zQ3/arXeJgbPYcjUCuC+3g==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.1.1.tgz",
+      "integrity": "sha512-33qQ+ZoZlli19IFiQx4QEpf2CBEayMRzhlisJHSCsSUbDXv6ZishqS1x7uFVClKG4Wr7rZVHvaAttoLow6GqdQ==",
      "dependencies": {
        "internmap": "1 - 2"
      },
@@ -7557,11 +7575,11 @@
      }
    },
    "node_modules/d3-contour": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.0.tgz",
-      "integrity": "sha512-7aQo0QHUTu/Ko3cP9YK9yUTxtoDEiDGwnBHyLxG5M4vqlBkO/uixMRele3nfsfj6UXOcuReVpVXzAboGraYIJw==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-3.0.1.tgz",
+      "integrity": "sha512-0Oc4D0KyhwhM7ZL0RMnfGycLN7hxHB8CMmwZ3+H26PWAG0ozNuYG5hXSDNgmP1SgJkQMrlG6cP20HoaSbvcJTQ==",
      "dependencies": {
-        "d3-array": "^3.2.0"
+        "d3-array": "2 - 3"
      },
      "engines": {
        "node": ">=12"
@@ -20216,9 +20234,9 @@
      "integrity": "sha512-OPhtyEjyyN9x3nhPsu76f52yUGXiZcgvsrFVtvTkyGRQJ0XK+GPc6ov1z+lRpbeabka+MYEQxOYRnt5nF30aMw=="
    },
    "node_modules/styled-components": {
-      "version": "5.3.6",
-      "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-5.3.6.tgz",
-      "integrity": "sha512-hGTZquGAaTqhGWldX7hhfzjnIYBZ0IXQXkCYdvF1Sq3DsUaLx6+NTHC5Jj1ooM2F68sBiVz3lvhfwQs/S3l6qg==",
+      "version": "5.3.5",
+      "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-5.3.5.tgz",
+      "integrity": "sha512-ndETJ9RKaaL6q41B69WudeqLzOpY1A/ET/glXkNZ2T7dPjPqpPCXXQjDFYZWwNnE5co0wX+gTCqx9mfxTmSIPg==",
      "hasInstallScript": true,
      "dependencies": {
        "@babel/helper-module-imports": "^7.0.0",
@@ -25089,24 +25107,30 @@
      "dev": true
    },
    "@patternfly/patternfly": {
-      "version": "4.217.1",
-      "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.217.1.tgz",
-      "integrity": "sha512-uN7JgfQsyR16YHkuGRCTIcBcnyKIqKjGkB2SGk9x1XXH3yYGenL83kpAavX9Xtozqp17KppOlybJuzcKvZMrgw=="
+      "version": "4.210.2",
+      "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.210.2.tgz",
+      "integrity": "sha512-aZiW24Bxi6uVmk5RyNTp+6q6ThtlJZotNRJfWVeGuwu1UlbBuV4DFa1bpjA6jfTZpfEpX2YL5+R+4ZVSCFAVdw=="
    },
    "@patternfly/react-core": {
-      "version": "4.250.1",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-core/-/react-core-4.250.1.tgz",
-      "integrity": "sha512-vAOZPQdZzYXl/vkHnHMIt1eC3nrPDdsuuErPatkNPwmSvilXuXmWP5wxoJ36FbSNRRURkprFwx52zMmWS3iHJA==",
+      "version": "4.231.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-core/-/react-core-4.231.8.tgz",
+      "integrity": "sha512-2ClqlYCvSADppMfVfkUGIA/8XlO6jX8batoClXLxZDwqGoOfr61XyUgQ6SSlE4w60czoNeX4Nf6cfQKUH4RIKw==",
      "requires": {
-        "@patternfly/react-icons": "^4.92.6",
-        "@patternfly/react-styles": "^4.91.6",
-        "@patternfly/react-tokens": "^4.93.6",
+        "@patternfly/react-icons": "^4.82.8",
+        "@patternfly/react-styles": "^4.81.8",
+        "@patternfly/react-tokens": "^4.83.8",
        "focus-trap": "6.9.2",
        "react-dropzone": "9.0.0",
        "tippy.js": "5.1.2",
        "tslib": "^2.0.0"
      },
      "dependencies": {
+        "@patternfly/react-icons": {
+          "version": "4.82.8",
+          "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.82.8.tgz",
+          "integrity": "sha512-cKixprTiMLZRe/+kmdZ5suvYb9ly9p1f/HjlcNiWBfsiA8ZDEPmxJnVdend/YsafelC8YC9QGcQf97ay5PNhcw==",
+          "requires": {}
+        },
        "tslib": {
          "version": "2.3.1",
          "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz",
@@ -25115,29 +25139,35 @@
      }
    },
    "@patternfly/react-icons": {
-      "version": "4.92.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.92.10.tgz",
-      "integrity": "sha512-vwCy7b+OyyuvLDSLqLUG2DkJZgMDogjld8tJTdAaG8HiEhC1sJPZac+5wD7AuS3ym/sQolS4vYtNiVDnMEORxA==",
+      "version": "4.75.1",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.75.1.tgz",
+      "integrity": "sha512-1ly8SVi/kcc0zkiViOjUd8D5BEr7GeqWGmDPuDSBtD60l1dYf3hZc44IWFVkRM/oHZML/musdrJkLfh4MDqX9w==",
      "requires": {}
    },
    "@patternfly/react-styles": {
-      "version": "4.91.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-styles/-/react-styles-4.91.10.tgz",
-      "integrity": "sha512-fAG4Vjp63ohiR92F4e/Gkw5q1DSSckHKqdnEF75KUpSSBORzYP0EKMpupSd6ItpQFJw3iWs3MJi3/KIAAfU1Jw=="
+      "version": "4.81.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-styles/-/react-styles-4.81.8.tgz",
+      "integrity": "sha512-Q5FiureSSCMIuz+KLMcEm1317TzbXcwmg2q5iNDRKyf/K+5CT6tJp0Wbtk3FlfRvzli4u/7YfXipahia5TL+tA=="
    },
    "@patternfly/react-table": {
-      "version": "4.108.0",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-table/-/react-table-4.108.0.tgz",
-      "integrity": "sha512-EUvd3rlkE1UXobAm7L6JHgNE3TW8IYTaVwwH/px4Mkn5mBayDO6f+w6QM3OeoDQVZcXK6IYFe7QQaYd/vWIJCQ==",
+      "version": "4.100.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-table/-/react-table-4.100.8.tgz",
+      "integrity": "sha512-80XZCZzoYN9gsoufNdXUB/dk33SuWF9lUnOJs7ilezD6noTSD7ARqO1h532eaEPIbPBp4uIVkEUdfGSHd0HJtg==",
      "requires": {
-        "@patternfly/react-core": "^4.239.0",
-        "@patternfly/react-icons": "^4.90.0",
-        "@patternfly/react-styles": "^4.89.0",
-        "@patternfly/react-tokens": "^4.91.0",
+        "@patternfly/react-core": "^4.231.8",
+        "@patternfly/react-icons": "^4.82.8",
+        "@patternfly/react-styles": "^4.81.8",
+        "@patternfly/react-tokens": "^4.83.8",
        "lodash": "^4.17.19",
        "tslib": "^2.0.0"
      },
      "dependencies": {
+        "@patternfly/react-icons": {
+          "version": "4.82.8",
+          "resolved": "https://registry.npmjs.org/@patternfly/react-icons/-/react-icons-4.82.8.tgz",
+          "integrity": "sha512-cKixprTiMLZRe/+kmdZ5suvYb9ly9p1f/HjlcNiWBfsiA8ZDEPmxJnVdend/YsafelC8YC9QGcQf97ay5PNhcw==",
+          "requires": {}
+        },
        "tslib": {
          "version": "2.4.0",
          "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
@@ -25146,9 +25176,9 @@
      }
    },
    "@patternfly/react-tokens": {
-      "version": "4.93.10",
-      "resolved": "https://registry.npmjs.org/@patternfly/react-tokens/-/react-tokens-4.93.10.tgz",
-      "integrity": "sha512-F+j1irDc9M6zvY6qNtDryhbpnHz3R8ymHRdGelNHQzPTIK88YSWEnT1c9iUI+uM/iuZol7sJmO5STtg2aPIDRQ=="
+      "version": "4.83.8",
+      "resolved": "https://registry.npmjs.org/@patternfly/react-tokens/-/react-tokens-4.83.8.tgz",
+      "integrity": "sha512-Z/MHXNY8PQOuBFGUar2yzPVbz3BNJuhB+Dnk5RJcc/iIn3S+VlSru7g6v5jqoV/+a5wLqZtLGEBp8uhCZ7Xkig=="
    },
    "@pmmmwh/react-refresh-webpack-plugin": {
      "version": "0.5.4",
@@ -28052,16 +28082,16 @@
      "integrity": "sha512-jXKhWqXPmlUeoQnF/EhTtTl4C9SnrxSH/jZUih3jmO6lBKr99rP3/+FmrMj4EFpOXzMtXHAZkd3x0E6h6Fgflw=="
    },
    "d3": {
-      "version": "7.6.1",
-      "resolved": "https://registry.npmjs.org/d3/-/d3-7.6.1.tgz",
-      "integrity": "sha512-txMTdIHFbcpLx+8a0IFhZsbp+PfBBPt8yfbmukZTQFroKuFqIwqswF0qE5JXWefylaAVpSXFoKm3yP+jpNLFLw==",
+      "version": "7.4.4",
+      "resolved": "https://registry.npmjs.org/d3/-/d3-7.4.4.tgz",
+      "integrity": "sha512-97FE+MYdAlV3R9P74+R3Uar7wUKkIFu89UWMjEaDhiJ9VxKvqaMxauImy8PC2DdBkdM2BxJOIoLxPrcZUyrKoQ==",
      "requires": {
        "d3-array": "3",
        "d3-axis": "3",
        "d3-brush": "3",
        "d3-chord": "3",
        "d3-color": "3",
-        "d3-contour": "4",
+        "d3-contour": "3",
        "d3-delaunay": "6",
        "d3-dispatch": "3",
        "d3-drag": "3",
@@ -28089,9 +28119,9 @@
      }
    },
    "d3-array": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.0.tgz",
-      "integrity": "sha512-3yXFQo0oG3QCxbF06rMPFyGRMGJNS7NvsV1+2joOjbBE+9xvWQ8+GcMJAjRCzw06zQ3/arXeJgbPYcjUCuC+3g==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.1.1.tgz",
+      "integrity": "sha512-33qQ+ZoZlli19IFiQx4QEpf2CBEayMRzhlisJHSCsSUbDXv6ZishqS1x7uFVClKG4Wr7rZVHvaAttoLow6GqdQ==",
      "requires": {
        "internmap": "1 - 2"
      }
@@ -28127,11 +28157,11 @@
      "integrity": "sha512-6/SlHkDOBLyQSJ1j1Ghs82OIUXpKWlR0hCsw0XrLSQhuUPuCSmLQ1QPH98vpnQxMUQM2/gfAkUEWsupVpd9JGw=="
    },
    "d3-contour": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.0.tgz",
-      "integrity": "sha512-7aQo0QHUTu/Ko3cP9YK9yUTxtoDEiDGwnBHyLxG5M4vqlBkO/uixMRele3nfsfj6UXOcuReVpVXzAboGraYIJw==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-3.0.1.tgz",
+      "integrity": "sha512-0Oc4D0KyhwhM7ZL0RMnfGycLN7hxHB8CMmwZ3+H26PWAG0ozNuYG5hXSDNgmP1SgJkQMrlG6cP20HoaSbvcJTQ==",
      "requires": {
-        "d3-array": "^3.2.0"
+        "d3-array": "2 - 3"
      }
    },
    "d3-delaunay": {
@@ -37675,9 +37705,9 @@
      "integrity": "sha512-OPhtyEjyyN9x3nhPsu76f52yUGXiZcgvsrFVtvTkyGRQJ0XK+GPc6ov1z+lRpbeabka+MYEQxOYRnt5nF30aMw=="
    },
    "styled-components": {
-      "version": "5.3.6",
-      "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-5.3.6.tgz",
-      "integrity": "sha512-hGTZquGAaTqhGWldX7hhfzjnIYBZ0IXQXkCYdvF1Sq3DsUaLx6+NTHC5Jj1ooM2F68sBiVz3lvhfwQs/S3l6qg==",
+      "version": "5.3.5",
+      "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-5.3.5.tgz",
+      "integrity": "sha512-ndETJ9RKaaL6q41B69WudeqLzOpY1A/ET/glXkNZ2T7dPjPqpPCXXQjDFYZWwNnE5co0wX+gTCqx9mfxTmSIPg==",
      "requires": {
        "@babel/helper-module-imports": "^7.0.0",
        "@babel/traverse": "^7.4.5",
--- a/awx/ui/package.json
+++ b/awx/ui/package.json
@@ -7,15 +7,15 @@
  },
  "dependencies": {
    "@lingui/react": "3.14.0",
-    "@patternfly/patternfly": "4.217.1",
-    "@patternfly/react-core": "^4.250.1",
-    "@patternfly/react-icons": "4.92.10",
-    "@patternfly/react-table": "4.108.0",
+    "@patternfly/patternfly": "4.210.2",
+    "@patternfly/react-core": "^4.221.3",
+    "@patternfly/react-icons": "4.75.1",
+    "@patternfly/react-table": "4.100.8",
    "ace-builds": "^1.10.1",
    "ansi-to-html": "0.7.2",
    "axios": "0.27.2",
    "codemirror": "^6.0.1",
-    "d3": "7.6.1",
+    "d3": "7.4.4",
    "dagre": "^0.8.4",
    "dompurify": "2.4.0",
    "formik": "2.2.9",
@@ -31,7 +31,7 @@
    "react-router-dom": "^5.3.3",
    "react-virtualized": "^9.21.1",
    "rrule": "2.7.1",
-    "styled-components": "5.3.6"
+    "styled-components": "5.3.5"
  },
  "devDependencies": {
    "@babel/core": "^7.16.10",
--- a/awx/ui/src/components/HealthCheckButton/HealthCheckButton.js
+++ b/awx/ui/src/components/HealthCheckButton/HealthCheckButton.js
@@ -3,12 +3,7 @@ import { Plural, t } from '@lingui/macro';
 import { Button, DropdownItem, Tooltip } from '@patternfly/react-core';
 import { useKebabifiedMenu } from 'contexts/Kebabified';

-function HealthCheckButton({
-  isDisabled,
-  onClick,
-  selectedItems,
-  healthCheckPending,
-}) {
+function HealthCheckButton({ isDisabled, onClick, selectedItems }) {
  const { isKebabified } = useKebabifiedMenu();

  const selectedItemsCount = selectedItems.length;
@@ -33,10 +28,8 @@ function HealthCheckButton({
          component="button"
          onClick={onClick}
          ouiaId="health-check"
-          isLoading={healthCheckPending}
-          spinnerAriaLabel={t`Running health check`}
        >
-          {healthCheckPending ? t`Running health check` : t`Run health check`}
+          {t`Run health check`}
        </DropdownItem>
      </Tooltip>
    );
@@ -49,11 +42,7 @@ function HealthCheckButton({
          variant="secondary"
          ouiaId="health-check"
          onClick={onClick}
-          isLoading={healthCheckPending}
-          spinnerAriaLabel={t`Running health check`}
-        >
-          {healthCheckPending ? t`Running health check` : t`Run health check`}
-        </Button>
+        >{t`Run health check`}</Button>
      </div>
    </Tooltip>
  );
--- a/awx/ui/src/components/LaunchButton/LaunchButton.js
+++ b/awx/ui/src/components/LaunchButton/LaunchButton.js
@@ -107,17 +107,6 @@ function LaunchButton({ resource, children }) {
        jobPromise = JobsAPI.relaunch(resource.id, params || {});
      } else if (resource.type === 'workflow_job') {
        jobPromise = WorkflowJobsAPI.relaunch(resource.id, params || {});
-      } else if (resource.type === 'ad_hoc_command') {
-        if (params?.credential_passwords) {
-          // The api expects the passwords at the top level of the object instead of nested
-          // in credential_passwords like the other relaunch endpoints
-          Object.keys(params.credential_passwords).forEach((key) => {
-            params[key] = params.credential_passwords[key];
-          });
-
-          delete params.credential_passwords;
-        }
-        jobPromise = AdHocCommandsAPI.relaunch(resource.id, params || {});
      }

      const { data: job } = await jobPromise;
--- a/awx/ui/src/components/LaunchPrompt/LaunchPrompt.js
+++ b/awx/ui/src/components/LaunchPrompt/LaunchPrompt.js
@@ -129,7 +129,7 @@ function PromptModalForm({
      }}
      title={t`Launch | ${resource.name}`}
      description={
-        resource.description?.length > 512 ? (
+        resource.description.length > 512 ? (
          <ExpandableSection
            toggleText={
              showDescription ? t`Hide description` : t`Show description`
--- a/awx/ui/src/components/Schedule/shared/ScheduleForm.js
+++ b/awx/ui/src/components/Schedule/shared/ScheduleForm.js
@@ -67,14 +67,14 @@ function ScheduleForm({
      if (schedule.id) {
        if (
          resource.type === 'job_template' &&
-          launchConfig?.ask_credential_on_launch
+          launchConfig.ask_credential_on_launch
        ) {
          const {
            data: { results },
          } = await SchedulesAPI.readCredentials(schedule.id);
          creds = results;
        }
-        if (launchConfig?.ask_labels_on_launch) {
+        if (launchConfig.ask_labels_on_launch) {
          const {
            data: { results },
          } = await SchedulesAPI.readAllLabels(schedule.id);
@@ -82,7 +82,7 @@ function ScheduleForm({
        }
        if (
          resource.type === 'job_template' &&
-          launchConfig?.ask_instance_groups_on_launch
+          launchConfig.ask_instance_groups_on_launch
        ) {
          const {
            data: { results },
@@ -91,7 +91,7 @@ function ScheduleForm({
        }
      } else {
        if (resource.type === 'job_template') {
-          if (launchConfig?.ask_labels_on_launch) {
+          if (launchConfig.ask_labels_on_launch) {
            const {
              data: { results },
            } = await JobTemplatesAPI.readAllLabels(resource.id);
@@ -100,7 +100,7 @@ function ScheduleForm({
        }
        if (
          resource.type === 'workflow_job_template' &&
-          launchConfig?.ask_labels_on_launch
+          launchConfig.ask_labels_on_launch
        ) {
          const {
            data: { results },
@@ -123,7 +123,14 @@ function ScheduleForm({
        zoneLinks: data.links,
        credentials: creds,
      };
-    }, [schedule, resource.id, resource.type, launchConfig]),
+    }, [
+      schedule,
+      resource.id,
+      resource.type,
+      launchConfig.ask_labels_on_launch,
+      launchConfig.ask_instance_groups_on_launch,
+      launchConfig.ask_credential_on_launch,
+    ]),
    {
      zonesOptions: [],
      zoneLinks: {},
@@ -139,7 +146,7 @@ function ScheduleForm({
  const missingRequiredInventory = useCallback(() => {
    let missingInventory = false;
    if (
-      launchConfig?.inventory_needed_to_start &&
+      launchConfig.inventory_needed_to_start &&
      !schedule?.summary_fields?.inventory?.id
    ) {
      missingInventory = true;
@@ -416,14 +423,8 @@ function ScheduleForm({

      if (options.end === 'onDate') {
        if (
-          DateTime.fromFormat(
-            `${values.startDate} ${values.startTime}`,
-            'yyyy-LL-dd h:mm a'
-          ).toMillis() >=
-          DateTime.fromFormat(
-            `${options.endDate} ${options.endTime}`,
-            'yyyy-LL-dd h:mm a'
-          ).toMillis()
+          DateTime.fromISO(values.startDate) >=
+          DateTime.fromISO(options.endDate)
        ) {
          freqErrors.endDate = t`Please select an end date/time that comes after the start date/time.`;
        }
--- a/awx/ui/src/components/Schedule/shared/ScheduleForm.test.js
+++ b/awx/ui/src/components/Schedule/shared/ScheduleForm.test.js
@@ -900,36 +900,6 @@ describe('<ScheduleForm />', () => {
      );
    });

-    test('should create schedule with the same start and end date provided that the end date is at a later time', async () => {
-      const today = DateTime.now().toFormat('yyyy-LL-dd');
-      const laterTime = DateTime.now().plus({ hours: 1 }).toFormat('h:mm a');
-      await act(async () => {
-        wrapper.find('DatePicker[aria-label="End date"]').prop('onChange')(
-          today,
-          new Date(today)
-        );
-      });
-      wrapper.update();
-      expect(
-        wrapper
-          .find('FormGroup[data-cy="schedule-End date/time"]')
-          .prop('helperTextInvalid')
-      ).toBe(
-        'Please select an end date/time that comes after the start date/time.'
-      );
-      await act(async () => {
-        wrapper.find('TimePicker[aria-label="End time"]').prop('onChange')(
-          laterTime
-        );
-      });
-      wrapper.update();
-      expect(
-        wrapper
-          .find('FormGroup[data-cy="schedule-End date/time"]')
-          .prop('helperTextInvalid')
-      ).toBe(undefined);
-    });
-
    test('error shown when on day number is not between 1 and 31', async () => {
      await act(async () => {
        wrapper.find('FrequencySelect#schedule-frequency').invoke('onChange')([
--- a/awx/ui/src/locales/translations/es/django.po
+++ b/awx/ui/src/locales/translations/es/django.po
--- a/awx/ui/src/locales/translations/es/messages.po
+++ b/awx/ui/src/locales/translations/es/messages.po
--- a/awx/ui/src/locales/translations/fr/django.po
+++ b/awx/ui/src/locales/translations/fr/django.po
--- a/awx/ui/src/locales/translations/fr/messages.po
+++ b/awx/ui/src/locales/translations/fr/messages.po
--- a/awx/ui/src/locales/translations/ja/django.po
+++ b/awx/ui/src/locales/translations/ja/django.po
--- a/awx/ui/src/locales/translations/ja/messages.po
+++ b/awx/ui/src/locales/translations/ja/messages.po
--- a/awx/ui/src/locales/translations/ko/django.po
+++ b/awx/ui/src/locales/translations/ko/django.po
--- a/awx/ui/src/locales/translations/ko/messages.po
+++ b/awx/ui/src/locales/translations/ko/messages.po
--- a/awx/ui/src/locales/translations/nl/django.po
+++ b/awx/ui/src/locales/translations/nl/django.po
--- a/awx/ui/src/locales/translations/nl/messages.po
+++ b/awx/ui/src/locales/translations/nl/messages.po
--- a/awx/ui/src/locales/translations/zh/django.po
+++ b/awx/ui/src/locales/translations/zh/django.po
--- a/Show More
+++ b/Show More