AAP-45875 Runtime Feature Flags #875

fao89 · 2025-10-24T19:45:45Z

Description

https://issues.redhat.com/browse/AAP-45875

What is being changed?
This change is the foundation for enabling runtime platform feature flags for AAP. This updates the django-ansible-base to be the central location where all platform flags are defined. Components can inherit the ansible_base.feature_flags application to inherit all platform feature flag definitions.
Why is this change needed?
To enable runtime platform feature flags in AAP.
How does this change address the issue?
This change addresses the issue by defining a database flag source, which contains all the feature flags along with their associated metadata. These feature flags are installed into each components database at install-time and kept in sync via resource sync (Gateway is the provider)

Before this can be merged, the following should be done:

Confirm each feature flags metadata
1. Only Dispatcher and EDA_Analytics feature flags need their metadata confirmed now.

Type of Change

New feature (non-breaking change which adds functionality)
Documentation update
Test update

Self-Review Checklist

I have performed a self-review of my code
I have added relevant comments to complex code sections
I have updated documentation where needed
I have considered the security impact of these changes
I have considered performance implications
I have thought about error handling and edge cases
I have tested the changes in my local environment

Testing Instructions

Prerequisites

Steps to Test

Recommend testing this through AAP Dev, but it can be tested directly via the test app as well.

Clone https://github.com/ansible/aap-dev/
Enter aap-dev directory and run make configure-sources
Use this PR for the DAB source
Use this PR for the Gateway source - https://github.com/ansible-automation-platform/aap-gateway/pull/1056

Expected Results

AAP Deploys as expected with database feature flags.

Additional Context

Required Actions

Requires downstream repository changes

ansible_base/lib/dynamic_config/dynamic_urls.py

ansible_base/resource_registry/tasks/sync.py

ansible_base/resource_registry/shared_types.py

AlanCoding · 2025-10-27T14:34:59Z

Only Dispatcher and EDA_Analytics feature flags need their metadata confirmed now.

I'm not sure if we're going to keep the dispatcher feature flag, as it was for a transition period. So it's likely better to never port it to the updated flags system.

ansible_base/feature_flags/views.py

ansible_base/feature_flags/serializers.py

ansible_base/feature_flags/models/aap_flag.py

…ests - Add FEATURE_CASE_INSENSITIVE_AUTH_MAPS_ENABLED flag definition to feature_flags.yaml - Update claims.py to use the correct flag name with _ENABLED suffix - Fix test_claims.py to use proper django-flags API (enable_flag/disable_flag) - Remove deprecated settings manipulation in favor of feature flags API - All 237 authentication claims tests now pass Fixes failing tests that were expecting the missing feature flag for case-insensitive authentication mapping functionality. Signed-off-by: Fabricio Aguiar <fabricio.aguiar@gmail.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED

This change resolves failing resource sync tests by ensuring the system user is properly excluded from orphan detection during resource synchronization. **Problem:** Resource sync tests were failing because the system user (_system) was being incorrectly identified as an "orphaned" resource and deleted during sync operations. The issue was an inconsistency between: 1. The manifest endpoint (views.py) which already excluded system users 2. The orphan detection logic (sync.py) which did not exclude system users This caused the system user to be absent from manifests but present in orphan detection, leading to unintended deletion. **Solution:** - Added system user exclusion to get_orphan_resources() function - Used get_system_user() utility for robust system user identification - Filter by object_id rather than username for more reliable exclusion - Maintains consistency with existing manifest endpoint behavior **Impact:** - Fixes 4 failing tests: test_resource_sync, test_delete_orphans, test_resource_sync_update_conflict, test_resource_sync_create_conflict - Protects system user from being deleted during resource sync operations - No impact on regular user resource synchronization behavior Signed-off-by: Fabricio Aguiar <fabricio.aguiar@gmail.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED

github-actions · 2025-11-24T20:23:30Z

DVCS PR Check Results:

PR appears valid (JIRA key(s) found)

sonarqubecloud · 2025-11-24T20:36:40Z

Quality Gate passed

Issues
0 New issues
3 Accepted issues

Measures
0 Security Hotspots
93.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

requires: ansible/django-ansible-base#875 Signed-off-by: Fabricio Aguiar <fabricio.aguiar@gmail.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED

Jira: https://issues.redhat.com/browse/AAP-45879 This PR moves the EDA feature flag source from Settings based feature flags, to platform database level feature flags. This also makes gateway the provider of this data for the platform. This is required to enable platform level feature flags. Gateway is the provider of the feature flag value updates, and is resource synced to EDA/other components. It can be validated and tested simply with AAP Dev, and requires the following DAB PR to be merged in beforehand - ansible/django-ansible-base#875 Once the DAB PR is merged, I will update this PR to point back to the upstream devel branch of DAB To test - 1. Clone AAP-Dev 2. make configure-sources 3. Select DAB, GW, and EDA for sources 4. make aap 5. Attempt to hit <GATEWAY_API>/feature_flags/X api endpoint and patch a flags value. 6. If Gateway Setting RUNTIME_FEATURE_FLAGS == True, the update succeeds and flag value is resource synced to EDA 7. If Gateway Setting RUNTIME_FEATURE_FLAGS == False, the update fails with error explaining why.

fao89 force-pushed the phase2/feature-flags/poc branch 4 times, most recently from c26023f to 58dc37b Compare October 27, 2025 08:30

This was referenced Oct 27, 2025

[HOLD] AAP-45875 Runtime Feature Flags #736

Closed

Move to Runtime Platform Flags ansible/eda-server#1407

Merged

Move to Runtime Platform Flags ansible/awx#16148

Merged

AlanCoding self-requested a review October 27, 2025 14:12

AlanCoding reviewed Oct 27, 2025

View reviewed changes

ansible_base/lib/dynamic_config/dynamic_urls.py Show resolved Hide resolved

AlanCoding reviewed Oct 27, 2025

View reviewed changes

ansible_base/resource_registry/tasks/sync.py Show resolved Hide resolved

fao89 force-pushed the phase2/feature-flags/poc branch from 58dc37b to e27082d Compare October 27, 2025 14:30

AlanCoding reviewed Oct 27, 2025

View reviewed changes

ansible_base/resource_registry/shared_types.py Show resolved Hide resolved

fao89 force-pushed the phase2/feature-flags/poc branch from e27082d to 3b5558b Compare October 27, 2025 14:33

AlanCoding reviewed Oct 27, 2025

View reviewed changes

ansible_base/feature_flags/views.py Show resolved Hide resolved

AlanCoding reviewed Oct 27, 2025

View reviewed changes

ansible_base/feature_flags/views.py Show resolved Hide resolved

AlanCoding reviewed Oct 29, 2025

View reviewed changes

ansible_base/feature_flags/serializers.py Outdated Show resolved Hide resolved

fao89 marked this pull request as ready for review October 30, 2025 18:41