When a Webhook POSTed to AWX provides a payload containing extra_vars and other things, the values are made available in AWX as "{awx,tower}_webhook_payload". Is it by design that extra_vars isn’t merged with other variables for the job template run?
In .description of the json options: If any passwords, inventory, or extra variables (extra_vars) are required, they must be passed via POST data, with extra_vars given as a YAML or JSON string and escaped parentheses.
I don’t specifically see anything about webhooks in the API, but I suspect the payload may need to be formatted specially.
This is probably by design as a security conscious decision, so that webhooks aren’t able to intentionally hijack playbook behavior. Instead, you would design your webhooked playbooks around expected payload nested vars. This might also be related to why AWX doesn’t allow jinja in extra_vars by default.