Query gid to prevent errors with missing users with the same id (fixes #1229)

Author: cmusik

lib/puppet/provider/firewall/firewall.rb

@@ -376,9 +376,16 @@ def insync?(context, _name, property_name, is_hash, should_hash)
       end
 
       # If 'is' or 'should' contain anything other than digits or digit range,
-      # we assume that we have to do a lookup to convert to UID
-      is = Etc.getpwnam(is).uid unless is[%r{[0-9]+(-[0-9]+)?}] == is
-      should = Etc.getpwnam(should).uid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      # we assume that we have to do a lookup to convert to UID or GID
+      if property_name == :uid
+        is = Etc.getpwnam(is).uid unless is[%r{[0-9]+(-[0-9]+)?}] == is
+        should = Etc.getpwnam(should).uid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      end
+
+      if property_name == :gid
+        is = Etc.getgrnam(is).gid unless is[%r{[0-9]+(-[0-9]+)?}] == is
+        should = Etc.getgrnam(should).gid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      end
 
       "#{is_negate}#{is}" == "#{should_negate}#{should}"
     when :mac_source, :jump

spec/acceptance/firewall_attributes_happy_path_spec.rb

@@ -12,6 +12,9 @@
   describe 'attributes test' do
     before(:all) do
       pp = <<-PUPPETCODE
+          group { 'testgroup':
+            gid => '1234',
+          }
           class { '::firewall': }
           firewall { '004 - log_level and log_prefix':
             chain      => 'INPUT',
@@ -293,6 +296,12 @@ class { '::firewall': }
             gid   => 'root',
             proto => 'all',
           }
+          firewall { '801 - gid testgroup':
+            chain => 'OUTPUT',
+            jump  => accept,
+            gid   => 'testgroup',
+            proto => 'all',
+          }
           firewall { '802 - gid root negated':
             chain => 'OUTPUT',
             jump  => accept,