[WIP] Add security option in yum module

Fix adds option to specify security updates in yum module Fixes #11498 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-05-19 13:36:43 +05:30 · 2017-05-19 13:36:43 +05:30 · d3fe598202
commit d3fe598202
parent 0aa7c06395
1 changed files with 14 additions and 2 deletions
--- a/lib/ansible/modules/packaging/os/yum.py
+++ b/lib/ansible/modules/packaging/os/yum.py
@ -126,6 +126,13 @@ options:
    default: "/"
    aliases: []

+  security:
+    description:
+      - If set to C(yes), then installs all security updates.
+    default: "no"
+    choices: ["yes", "no"]
+    version_added: "2.4"
+
 notes:
  - When used with a loop of package names in a playbook, ansible optimizes
    the call to the yum module.  Instead of calling the module with a single
@ -155,6 +162,7 @@ author:
    - "Seth Vidal"
    - "Eduard Snesarev (github.com/verm666)"
    - "Berend De Schouwer (github.com/berenddeschouwer)"
+    - "Abhijeet Kasurde (github.com/akasurde)"
 '''

 EXAMPLES = '''
@ -1060,7 +1068,7 @@ def latest(module, items, repoq, yum_basecmd, conf_file, en_repos, dis_repos, in
    return res

 def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
-           disable_gpg_check, exclude, repoq, skip_broken, installroot='/'):
+           disable_gpg_check, exclude, repoq, skip_broken, security, installroot='/'):

    # fedora will redirect yum to dnf, which has incompatibilities
    # with how this module expects yum to operate. If yum-deprecated
@ -1162,6 +1170,8 @@ def ensure(module, state, pkgs, conf_file, enablerepo, disablerepo,
    elif state == 'latest':
        if disable_gpg_check:
            yum_basecmd.append('--nogpgcheck')
+        if security:
+            yum_basecmd.append('--security')
        res = latest(module, pkgs, repoq, yum_basecmd, conf_file, en_repos, dis_repos, installroot=installroot)
    else:
        # should be caught by AnsibleModule argument_spec
@ -1202,6 +1212,7 @@ def main():
            installroot=dict(required=False, default="/", type='str'),
            # this should not be needed, but exists as a failsafe
            install_repoquery=dict(required=False, default="yes", type='bool'),
+            security=dict(default="no", type='bool'),
        ),
        required_one_of=[['name', 'list']],
        mutually_exclusive=[['name', 'list']],
@ -1256,9 +1267,10 @@ def main():
        disablerepo = params.get('disablerepo', '')
        disable_gpg_check = params['disable_gpg_check']
        skip_broken = params['skip_broken']
+        security = params['security']
        results = ensure(module, state, pkg, params['conf_file'], enablerepo,
                         disablerepo, disable_gpg_check, exclude, repoquery,
-                         skip_broken, params['installroot'])
+                         skip_broken, security, params['installroot'])
        if repoquery:
            results['msg'] = '%s %s' % (results.get('msg', ''),
                    'Warning: Due to potential bad behaviour with rhnplugin and certificates, used slower repoquery calls instead of Yum API.')