[RFE] For dependency rules, add ability to ignore a match if its an indirect dependency

[pranavgaikwad]

See following rule

rulesets/default/generated/quarkus/214-jakarta-jaxrs-to-quarkus.windup.yaml

Lines 1 to 17 in f7ce549

	- category: mandatory
	customVariables: []
	description: Replace jakarta JAX-RS dependency
	effort: 1
	labels:
	- konveyor.io/source=java-ee
	- konveyor.io/target=quarkus
	links:
	- title: Quarkus - Guide
	url: https://quarkus.io/guides/resteasy-reactive
	message: Dependency `jakarta.ws.rs:jakarta.ws.rs-api` has to be replaced with `io.quarkus:quarkus-resteasy-reactive`
	artifact.
	ruleID: jakarta-jaxrs-to-quarkus-00010
	when:
	java.dependency:
	lowerbound: 0.0.0
	name: jakarta.ws.rs.jakarta.ws.rs-api

The above rule looks for a specific javax dependency that is to be replaced with rest easy. However, resteasy itself brings in the Jakarta dependency as indirect. The original intent of the rule seems to be only replace the direct dependency. A new rule construct to ignore a match when a dependency is indirect would help in scenarios like this.

[konveyor-ci-bot]

This issue is currently awaiting triage.
If contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members.

[pranavgaikwad]

@rromannissen Please let me know if you think this makes sense.

[jwmatthews]

Here is some background of the motivation of this issue.
I saw an issue coming up telling me to upgrade to resteasy but our pom.xml was already on resteasy so I was confused why I was seeing this.

I captured some info here with what I saw:
https://gist.github.com/jwmatthews/531b7c36647cfc690ce8c73207ed07ad

[rromannissen]

I think the dependency condition should only match direct dependencies, if it's matching a transitive one then there's something wrong. If that's indeed the case and the condition is also matching transitive conditions as it is now, I would make it work as follows:

• By default, only match direct dependencies.
• If matchtransitive is true (defaults to false), then also match with transitive dependencies. We should find a way to indicate this to the user though, and I don't know which part of the POM we would be highlighting.