Blocklist Feature Fails to Exclude Specified Packages During Patching on RHEL

[fasilcv86]

Use Case

During the patching process, we need to exclude specific packages using the blocklist feature in Puppet's patching configuration. For example, running yum update --exclude vim-* should prevent the vim-* packages from being updated. While the blocklist entry is being correctly reflected in /opt/puppetlabs/facter/facts.d/patching_configuration.json, it is not effectively excluding the specified packages during the update process.

Describe the Solution You Would Like

The blocklist functionality should correctly exclude the specified packages during the patching process. For instance, when a package like vim-* is added to the blocklist, Puppet should automatically append the --exclude option to the yum update command or its equivalent for other package managers, ensuring that the excluded packages are not updated.

Describe Alternatives You've Considered

Manually running the yum update command with the --exclude flag after determining the packages to exclude, though this defeats the purpose of automation.
Using custom scripts or configurations outside of Puppet to handle package exclusion, which adds complexity and maintenance overhead.

Additional Context

The issue occurs even though the blocklist is correctly populated and visible in /opt/puppetlabs/facter/facts.d/patching_configuration.json.
It seems the exclusion rules are not being correctly interpreted or applied during the actual update process.
This issue might be specific to certain versions of Puppet or the module handling patching; please ensure compatibility across versions.