From d9183b8df57ceb8aa64df99326c3b5cf8aec295b Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Tue, 1 Jun 2021 21:32:38 +0200
Subject: [PATCH] dnf - replace usage of private attribute with supported API
 (#73529)

base._update_security_filters is a private attribute of DNF used
as performance optimization. Modification or even call from outside
of DNF is against all recommendation including PEP8.

* Improve compatibility with all DNF versions

* Add changelog fragment for dnf security change
---
 changelogs/fragments/dnf-security.yaml |  2 ++
 lib/ansible/modules/dnf.py             | 28 +++++++++++++++++---------
 2 files changed, 21 insertions(+), 9 deletions(-)
 create mode 100644 changelogs/fragments/dnf-security.yaml

diff --git a/changelogs/fragments/dnf-security.yaml b/changelogs/fragments/dnf-security.yaml
new file mode 100644
index 00000000000..cc8577afe4b
--- /dev/null
+++ b/changelogs/fragments/dnf-security.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - Replace usage of private dnf.Base() attribute by future dnf API
\ No newline at end of file
diff --git a/lib/ansible/modules/dnf.py b/lib/ansible/modules/dnf.py
index 237b4439650..0401d491cb6 100644
--- a/lib/ansible/modules/dnf.py
+++ b/lib/ansible/modules/dnf.py
@@ -687,15 +687,25 @@ class DnfModule(YumDnf):
                 rc=1
             )
 
-        filters = []
-        if self.bugfix:
-            key = {'advisory_type__eq': 'bugfix'}
-            filters.append(base.sack.query().upgrades().filter(**key))
-        if self.security:
-            key = {'advisory_type__eq': 'security'}
-            filters.append(base.sack.query().upgrades().filter(**key))
-        if filters:
-            base._update_security_filters = filters
+        add_security_filters = getattr(base, "add_security_filters", None)
+        if callable(add_security_filters):
+            filters = {}
+            if self.bugfix:
+                filters.setdefault('types', []).append('bugfix')
+            if self.security:
+                filters.setdefault('types', []).append('security')
+            if filters:
+                add_security_filters('eq', **filters)
+        else:
+            filters = []
+            if self.bugfix:
+                key = {'advisory_type__eq': 'bugfix'}
+                filters.append(base.sack.query().upgrades().filter(**key))
+            if self.security:
+                key = {'advisory_type__eq': 'security'}
+                filters.append(base.sack.query().upgrades().filter(**key))
+            if filters:
+                base._update_security_filters = filters
 
         return base