Update ZoneTransaction to support adding/removing zones when firewalld is offline.

Add integration test cases for adding/removing a custom zone with the firewalld module.

changelogs/fragments/399_firewalld_create_remove_zone_when_offline.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fixed a bug where firewalld module fails to create/remove zones when the daemon is stopped

plugins/modules/firewalld.py

@@ -675,25 +675,33 @@ class ZoneTransaction(FirewallTransaction):
         self.module.fail_json(msg=self.tx_not_permanent_error_msg)
 
     def get_enabled_permanent(self):
-        zones = self.fw.config().listZones()
+        if self.fw_offline:
-        zone_names = [self.fw.config().getZone(z).get_property("name") for z in zones]
+            zones = self.fw.config.get_zones()
-        if self.zone in zone_names:
+            zone_names = [self.fw.config.get_zone(z).name for z in zones]
-            return True
         else:
-            return False
+            zones = self.fw.config().listZones()
+            zone_names = [self.fw.config().getZone(z).get_property("name") for z in zones]
+        return self.zone in zone_names
 
     def set_enabled_immediate(self):
         self.module.fail_json(msg=self.tx_not_permanent_error_msg)
 
     def set_enabled_permanent(self):
-        self.fw.config().addZone(self.zone, FirewallClientZoneSettings())
+        if self.fw_offline:
+            self.fw.config.new_zone(self.zone, FirewallClientZoneSettings().settings)
+        else:
+            self.fw.config().addZone(self.zone, FirewallClientZoneSettings())
 
     def set_disabled_immediate(self):
         self.module.fail_json(msg=self.tx_not_permanent_error_msg)
 
     def set_disabled_permanent(self):
-        zone_obj = self.fw.config().getZoneByName(self.zone)
+        if self.fw_offline:
-        zone_obj.remove()
+            zone = self.fw.config.get_zone(self.zone)
+            self.fw.config.remove_zone(zone)
+        else:
+            zone_obj = self.fw.config().getZoneByName(self.zone)
+            zone_obj.remove()
 
 
 class ForwardPortTransaction(FirewallTransaction):

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -16,6 +16,9 @@
 # firewalld source operation test cases
 - include_tasks: source_test_cases.yml
 
+# firewalld zone operation test cases
+- include_tasks: zone_test_cases.yml
+
 # firewalld zone target operation test cases
 - include_tasks: zone_target_test_cases.yml
 

tests/integration/targets/firewalld/tasks/zone_test_cases.yml

@@ -0,0 +1,47 @@
+- name: firewalld create zone custom
+  firewalld:
+    zone: custom
+    permanent: True
+    state: present
+  register: result
+
+- name: assert firewalld custom zone created worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld create zone custom rerun (verify not changed)
+  firewalld:
+    zone: custom
+    permanent: True
+    state: present
+  register: result
+
+- name: assert firewalld custom zone created worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld remove zone custom
+  firewalld:
+    zone: custom
+    permanent: True
+    state: absent
+  register: result
+
+- name: assert firewalld custom zone removed worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld remove custom zone rerun (verify not changed)
+  firewalld:
+    zone: custom
+    permanent: True
+    state: absent
+  register: result
+
+- name: assert firewalld custom zone removed worked (verify not changed)
+  assert:
+    that:
+    - result is not changed