feat(zones): add purging option

This introduces a "purge_zones" toggle which, if enabled, ensures
zones not managed using the firewalld pillar get deleted.
Useful to enforce that only Salt managed zones exist and to clean
up pre-Salt data.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

firewalld/zones.sls

         zone: {{ v|json }}
 
 {% endfor %}
+
+{%- if firewalld.get('purge_zones', False) %}
+{%- for file in salt['file.find']('/etc/firewalld/zones', name='*.xml', print='name', type='f') %}
+
+{%- if file.replace('.xml', '') not in firewalld.get('zones', {}).keys() %}
+/etc/firewalld/zones/{{ file }}:
+  file.absent:
+    - watch_in:
+      - cmd: reload_firewalld
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}

pillar.example

       entries:
         - 2a01::1
 
+  # Delete zones not defined under "zones"
+  purge_zones: False
+
   zones:
     public:
       short: Public