From 8c5910efe7c8290984eb28d18612fcd037f3f4c5 Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Fri, 6 Nov 2020 09:56:18 -0500 Subject: [PATCH] [stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500) * [stable-2.10] [dnf] Some fixes around filtering (#72483) Change: - Docs: Add note that security/bugfix apply to dependencies too, like the dnf command. - dnf: security/bugfix only makes sense for updates, so limit the package query sack to available updates. - tests: Limit tests to our known-good test packages, so that RHEL packages marked security/bugfix without similarly marked dependencies don't fail our tests. Test Plan: - Tested with `dnf upgrade-minimal --bugfix` and reproduced the same error currently seen in CI, showing that we are consistent with what dnf does. Tickets: - Likely fixes #72316 Signed-off-by: Rick Elrod (cherry picked from commit d8c637da37) Co-authored-by: Rick Elrod * Add changelog (#72502) (cherry picked from commit b33d7e2e29619c442210bbb2fbc3d057c350dad3) Co-authored-by: Rick Elrod --- changelogs/fragments/72316-dnf-filtering.yml | 2 ++ lib/ansible/modules/dnf.py | 6 ++++-- .../targets/dnf/tasks/filters_check_mode.yml | 16 ++++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 changelogs/fragments/72316-dnf-filtering.yml diff --git a/changelogs/fragments/72316-dnf-filtering.yml b/changelogs/fragments/72316-dnf-filtering.yml new file mode 100644 index 00000000000..23a3ec3b88a --- /dev/null +++ b/changelogs/fragments/72316-dnf-filtering.yml @@ -0,0 +1,2 @@ +bugfixes: + - dnf - fix filtering to avoid dependncy conflicts (https://github.com/ansible/ansible/issues/72316) diff --git a/lib/ansible/modules/dnf.py b/lib/ansible/modules/dnf.py index 5d579c95593..8ffe61ad5c6 100644 --- a/lib/ansible/modules/dnf.py +++ b/lib/ansible/modules/dnf.py @@ -117,12 +117,14 @@ options: security: description: - If set to C(yes), and C(state=latest) then only installs updates that have been marked security related. + - Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well. type: bool default: "no" version_added: "2.7" bugfix: description: - If set to C(yes), and C(state=latest) then only installs updates that have been marked bugfix related. + - Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well. default: "no" type: bool version_added: "2.7" @@ -646,10 +648,10 @@ class DnfModule(YumDnf): filters = [] if self.bugfix: key = {'advisory_type__eq': 'bugfix'} - filters.append(base.sack.query().filter(**key)) + filters.append(base.sack.query().upgrades().filter(**key)) if self.security: key = {'advisory_type__eq': 'security'} - filters.append(base.sack.query().filter(**key)) + filters.append(base.sack.query().upgrades().filter(**key)) if filters: base._update_security_filters = filters diff --git a/test/integration/targets/dnf/tasks/filters_check_mode.yml b/test/integration/targets/dnf/tasks/filters_check_mode.yml index 2a30665b94f..024ac0662f8 100644 --- a/test/integration/targets/dnf/tasks/filters_check_mode.yml +++ b/test/integration/targets/dnf/tasks/filters_check_mode.yml @@ -20,7 +20,9 @@ - name: Ask for pending updates (check_mode) dnf: - name: '*' + name: + - toaster + - oven state: latest update_only: true disable_gpg_check: true @@ -38,7 +40,9 @@ - name: Ask for pending updates with security=true (check_mode) dnf: - name: '*' + name: + - toaster + - oven state: latest update_only: true disable_gpg_check: true @@ -57,7 +61,9 @@ - name: Ask for pending updates with bugfix=true (check_mode) dnf: - name: '*' + name: + - toaster + - oven state: latest update_only: true disable_gpg_check: true @@ -76,7 +82,9 @@ - name: Ask for pending updates with bugfix=true and security=true (check_mode) dnf: - name: '*' + name: + - toaster + - oven state: latest update_only: true disable_gpg_check: true