cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[dnf] Some fixes around filtering (#72483)

Browse source 
Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
This commit is contained in:
Rick Elrod 2020-11-04 14:13:55 -06:00 committed by GitHub
parent 5654de6fce
commit d8c637da37
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/ansible/modules/dnf.py
View file

@ -128,12 +128,14 @@ options:
security: security:
description: description:
- If set to C(yes), and C(state=latest) then only installs updates that have been marked security related. - If set to C(yes), and C(state=latest) then only installs updates that have been marked security related.
- Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
type: bool type: bool
default: "no" default: "no"
version_added: "2.7" version_added: "2.7"
bugfix: bugfix:
description: description:
- If set to C(yes), and C(state=latest) then only installs updates that have been marked bugfix related. - If set to C(yes), and C(state=latest) then only installs updates that have been marked bugfix related.
- Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
default: "no" default: "no"
type: bool type: bool
version_added: "2.7" version_added: "2.7"
@ -674,10 +676,10 @@ class DnfModule(YumDnf):
filters = [] filters = []
if self.bugfix: if self.bugfix:
key = {'advisory_type__eq': 'bugfix'} key = {'advisory_type__eq': 'bugfix'}
filters.append(base.sack.query().filter(**key)) filters.append(base.sack.query().upgrades().filter(**key))
if self.security: if self.security:
key = {'advisory_type__eq': 'security'} key = {'advisory_type__eq': 'security'}
filters.append(base.sack.query().filter(**key)) filters.append(base.sack.query().upgrades().filter(**key))
if filters: if filters:
base._update_security_filters = filters base._update_security_filters = filters

16
test/integration/targets/dnf/tasks/filters_check_mode.yml
View file

@ -20,7 +20,9 @@
- name: Ask for pending updates (check_mode) - name: Ask for pending updates (check_mode)
dnf: dnf:
name: '*' name:
- toaster
- oven
state: latest state: latest
update_only: true update_only: true
disable_gpg_check: true disable_gpg_check: true
@ -38,7 +40,9 @@
- name: Ask for pending updates with security=true (check_mode) - name: Ask for pending updates with security=true (check_mode)
dnf: dnf:
name: '*' name:
- toaster
- oven
state: latest state: latest
update_only: true update_only: true
disable_gpg_check: true disable_gpg_check: true
@ -57,7 +61,9 @@
- name: Ask for pending updates with bugfix=true (check_mode) - name: Ask for pending updates with bugfix=true (check_mode)
dnf: dnf:
name: '*' name:
- toaster
- oven
state: latest state: latest
update_only: true update_only: true
disable_gpg_check: true disable_gpg_check: true
@ -76,7 +82,9 @@
- name: Ask for pending updates with bugfix=true and security=true (check_mode) - name: Ask for pending updates with bugfix=true and security=true (check_mode)
dnf: dnf:
name: '*' name:
- toaster
- oven
state: latest state: latest
update_only: true update_only: true
disable_gpg_check: true disable_gpg_check: true