From 4ec801f96d5c761ce61b52a8d45e65b6b863e6cd Mon Sep 17 00:00:00 2001
From: James Lee <james@james.tl>
Date: Mon, 18 Mar 2024 15:55:55 -0400
Subject: [PATCH] firewalld_zone: Fix failure creating new zone

Possibly due to a change in recent firewalld versions, creating a new
zone fails with:

> Debug: Firewalld_zone[test3](provider=firewall_cmd): Creating new zone test3 with target: ''
> Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value
> Debug: Executing: '/usr/sbin/firewall-cmd --state'
> Debug: Executing: '/usr/sbin/firewall-offline-cmd --new-zone test3'
> Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value
> Debug: Executing: '/usr/sbin/firewall-cmd --state'
> Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --list-interfaces'
> Debug: Firewalld_zone[test3](provider=firewall_cmd): removing icmp block inversion for zone test3
> Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value
> Debug: Executing: '/usr/sbin/firewall-cmd --state'
> Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion'
> Error: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12:
> Error: /Stage[main]/Main/Firewalld_zone[test3]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12:

which seems to be because ICMP block inversion is unset by default:

```
> /usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion
NOT_ENABLED: icmp-block-inversion
> echo $?
12
```

Only manage `icmp_block_inversion` property on new zones if set to
`true`.
---
 lib/puppet/provider/firewalld_zone/firewall_cmd.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/puppet/provider/firewalld_zone/firewall_cmd.rb b/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
index a4fffe3e..fa25a85f 100644
--- a/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
+++ b/lib/puppet/provider/firewalld_zone/firewall_cmd.rb
@@ -24,7 +24,7 @@ def create
     self.protocols = (@resource[:protocols]) if @resource[:protocols]
     self.interfaces = @resource[:interfaces]
     self.icmp_blocks = (@resource[:icmp_blocks]) if @resource[:icmp_blocks]
-    self.icmp_block_inversion = (@resource[:icmp_block_inversion]) if @resource[:icmp_block_inversion]
+    self.icmp_block_inversion = (@resource[:icmp_block_inversion]) if @resource[:icmp_block_inversion] == :true
     self.description = (@resource[:description]) if @resource[:description]
     self.short = (@resource[:short]) if @resource[:short]
   end