[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)

* [stable-2.10] [dnf] Some fixes around filtering (#72483) Change: - Docs: Add note that security/bugfix apply to dependencies too, like the dnf command. - dnf: security/bugfix only makes sense for updates, so limit the package query sack to available updates. - tests: Limit tests to our known-good test packages, so that RHEL packages marked security/bugfix without similarly marked dependencies don't fail our tests. Test Plan: - Tested with `dnf upgrade-minimal --bugfix` and reproduced the same error currently seen in CI, showing that we are consistent with what dnf does. Tickets: - Likely fixes #72316 Signed-off-by: Rick Elrod <rick@elrod.me> (cherry picked from commit d8c637da37) Co-authored-by: Rick Elrod <rick@elrod.me> * Add changelog (#72502) (cherry picked from commit b33d7e2e29) Co-authored-by: Rick Elrod <rick@elrod.me>
2020-11-06 09:56:18 -05:00 · 2020-11-06 09:56:18 -05:00 · 8c5910efe7
parent 31ab3d8a64
commit 8c5910efe7
3 changed files with 18 additions and 6 deletions
--- a/changelogs/fragments/72316-dnf-filtering.yml
+++ b/changelogs/fragments/72316-dnf-filtering.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - dnf - fix filtering to avoid dependncy conflicts (https://github.com/ansible/ansible/issues/72316)
--- a/lib/ansible/modules/dnf.py
+++ b/lib/ansible/modules/dnf.py
@ -117,12 +117,14 @@ options:
  security:
    description:
      - If set to C(yes), and C(state=latest) then only installs updates that have been marked security related.
+      - Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
    type: bool
    default: "no"
    version_added: "2.7"
  bugfix:
    description:
      - If set to C(yes), and C(state=latest) then only installs updates that have been marked bugfix related.
+      - Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
    default: "no"
    type: bool
    version_added: "2.7"
@ -646,10 +648,10 @@ class DnfModule(YumDnf):
        filters = []
        if self.bugfix:
            key = {'advisory_type__eq': 'bugfix'}
-            filters.append(base.sack.query().filter(**key))
+            filters.append(base.sack.query().upgrades().filter(**key))
        if self.security:
            key = {'advisory_type__eq': 'security'}
-            filters.append(base.sack.query().filter(**key))
+            filters.append(base.sack.query().upgrades().filter(**key))
        if filters:
            base._update_security_filters = filters

--- a/test/integration/targets/dnf/tasks/filters_check_mode.yml
+++ b/test/integration/targets/dnf/tasks/filters_check_mode.yml
@ -20,7 +20,9 @@

    - name: Ask for pending updates (check_mode)
      dnf:
-        name: '*'
+        name:
+          - toaster
+          - oven
        state: latest
        update_only: true
        disable_gpg_check: true
@ -38,7 +40,9 @@

    - name: Ask for pending updates with security=true (check_mode)
      dnf:
-        name: '*'
+        name:
+          - toaster
+          - oven
        state: latest
        update_only: true
        disable_gpg_check: true
@ -57,7 +61,9 @@

    - name: Ask for pending updates with bugfix=true (check_mode)
      dnf:
-        name: '*'
+        name:
+          - toaster
+          - oven
        state: latest
        update_only: true
        disable_gpg_check: true
@ -76,7 +82,9 @@

    - name: Ask for pending updates with bugfix=true and security=true (check_mode)
      dnf:
-        name: '*'
+        name:
+          - toaster
+          - oven
        state: latest
        update_only: true
        disable_gpg_check: true