From 1e848c56f2fcdf3c8dbec5bae2420d789f18a2c3 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Sun, 27 Jun 2021 17:00:05 +0200
Subject: [PATCH] yum_versionlock: fix idempotency when using wildcard
 (asterisk) (#2787) (#2896)

* Check idempotency on yum_versionlock

* Lock packages wildcard

* fix formatting

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix formatting in asserts

* little closer but not still there

* Import fnmatch

* Change check_mode logic

* Add check_mode for add

* Add changelog

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 0a9cf3811880bd3e7640b637ffef2978df8f5429)

Co-authored-by: Amin Vakil <info@aminvakil.com>
---
 ...ck-fix_idempotency_when_using_wildcard.yml |  3 +++
 .../modules/packaging/os/yum_versionlock.py   | 21 +++++++++---------
 .../targets/yum_versionlock/tasks/main.yml    | 22 +++++++++++++++----
 3 files changed, 32 insertions(+), 14 deletions(-)
 create mode 100644 changelogs/fragments/2787-yum_versionlock-fix_idempotency_when_using_wildcard.yml

diff --git a/changelogs/fragments/2787-yum_versionlock-fix_idempotency_when_using_wildcard.yml b/changelogs/fragments/2787-yum_versionlock-fix_idempotency_when_using_wildcard.yml
new file mode 100644
index 0000000000..9fb569ec42
--- /dev/null
+++ b/changelogs/fragments/2787-yum_versionlock-fix_idempotency_when_using_wildcard.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - yum_versionlock - fix idempotency when using wildcard (asterisk) in ``name`` option (https://github.com/ansible-collections/community.general/issues/2761).
diff --git a/plugins/modules/packaging/os/yum_versionlock.py b/plugins/modules/packaging/os/yum_versionlock.py
index 6dfb3d20ba..62110bf00a 100644
--- a/plugins/modules/packaging/os/yum_versionlock.py
+++ b/plugins/modules/packaging/os/yum_versionlock.py
@@ -76,6 +76,7 @@ state:
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.common.text.converters import to_native
+from fnmatch import fnmatch
 
 
 class YumVersionLock:
@@ -125,23 +126,23 @@ def main():
     if state in ('present'):
         command = 'add'
         for single_pkg in packages:
-            if single_pkg not in versionlock_packages:
-                if module.check_mode:
-                    changed = True
-                    continue
+            if not any(fnmatch(pkg.split(":", 1)[-1], single_pkg) for pkg in versionlock_packages.split()):
                 packages_list.append(single_pkg)
         if packages_list:
-            changed = yum_v.ensure_state(packages_list, command)
+            if module.check_mode:
+                changed = True
+            else:
+                changed = yum_v.ensure_state(packages_list, command)
     elif state in ('absent'):
         command = 'delete'
         for single_pkg in packages:
-            if single_pkg in versionlock_packages:
-                if module.check_mode:
-                    changed = True
-                    continue
+            if any(fnmatch(pkg, single_pkg) for pkg in versionlock_packages.split()):
                 packages_list.append(single_pkg)
         if packages_list:
-            changed = yum_v.ensure_state(packages_list, command)
+            if module.check_mode:
+                changed = True
+            else:
+                changed = yum_v.ensure_state(packages_list, command)
 
     module.exit_json(
         changed=changed,
diff --git a/tests/integration/targets/yum_versionlock/tasks/main.yml b/tests/integration/targets/yum_versionlock/tasks/main.yml
index d1a1522087..2e551b48ca 100644
--- a/tests/integration/targets/yum_versionlock/tasks/main.yml
+++ b/tests/integration/targets/yum_versionlock/tasks/main.yml
@@ -29,6 +29,18 @@
             state: present
           register: lock_all_packages
 
+        - name: Lock all packages again
+          community.general.yum_versionlock:
+            name: "{{ yum_updates.results | map(attribute='name') | list }}"
+            state: present
+          register: lock_all_packages_again
+
+        - name: Lock packages wildcard
+          community.general.yum_versionlock:
+            name: "nss*"
+            state: present
+          register: lock_nss_wildcard
+
           # This should fail when it needs user interaction and missing -y is on purpose.
         - name: Update all packages (not really)
           command: yum update --setopt=obsoletes=0
@@ -54,10 +66,12 @@
         - name: Assert everything is fine
           assert:
             that:
-              - "{{ lock_all_packages.changed }}"
-              - "{{ not update_all_locked_packages.changed }}"
-              - "{{ unlock_all_packages.changed }}"
-              - "{{ update_all_packages.changed }}"
+              - lock_all_packages is changed
+              - lock_all_packages_again is not changed
+              - lock_nss_wildcard is not changed
+              - update_all_locked_packages is not changed
+              - unlock_all_packages is changed
+              - update_all_packages is changed
       when: yum_updates.results | length != 0
 
     - name: Remove installed packages in case it was not installed