From 70e51098b7fcb302fc2bad23f91c09641a3a6f42 Mon Sep 17 00:00:00 2001
From: Christof Musik <musik@bitbone.de>
Date: Thu, 5 Dec 2024 12:35:59 +0100
Subject: [PATCH] Query gid to prevent errors with missing users with the same
 id (fixes #1229)

---
 lib/puppet/provider/firewall/firewall.rb | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/puppet/provider/firewall/firewall.rb b/lib/puppet/provider/firewall/firewall.rb
index b064c9f8..cc5278f9 100644
--- a/lib/puppet/provider/firewall/firewall.rb
+++ b/lib/puppet/provider/firewall/firewall.rb
@@ -376,9 +376,16 @@ def insync?(context, _name, property_name, is_hash, should_hash)
       end
 
       # If 'is' or 'should' contain anything other than digits or digit range,
-      # we assume that we have to do a lookup to convert to UID
-      is = Etc.getpwnam(is).uid unless is[%r{[0-9]+(-[0-9]+)?}] == is
-      should = Etc.getpwnam(should).uid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      # we assume that we have to do a lookup to convert to UID or GID
+      if property_name == :uid
+        is = Etc.getpwnam(is).uid unless is[%r{[0-9]+(-[0-9]+)?}] == is
+        should = Etc.getpwnam(should).uid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      end
+
+      if property_name == :gid
+        is = Etc.getgrnam(is).gid unless is[%r{[0-9]+(-[0-9]+)?}] == is
+        should = Etc.getgrnam(should).gid unless should[%r{[0-9]+(-[0-9]+)?}] == should
+      end
 
       "#{is_negate}#{is}" == "#{should_negate}#{should}"
     when :mac_source, :jump