Why not simple render templates with puppet with safemode templating [1]? this will avoid things like <%= File.read "/etc/shadow" %> and such, additionally, it can whitelist which params are allowed to be accessed within the template.
I started using it within Foreman recently, and I find it very useful. Ohad [1] - https://github.com/svenfuchs/safemode#readme On Tue, Jan 11, 2011 at 8:15 PM, Dan Bode <[email protected]> wrote: > > > On Tue, Jan 11, 2011 at 9:59 AM, Daniel Pittman <[email protected]>wrote: > >> On Jan 11, 2011 8:58 AM, "Dan Bode" <[email protected]> wrote: >> > On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels <[email protected]> >> wrote: >> >> >> are there any reserved words i'm not allowed to use in the puppet >> manifests? >> >> I have some strange errors that came up using puppet manifests with >> variables like >> >> - $string >> >> - $type >> >> - $label >> > >> > The are special variables, not reserved words: >> > also $module_name, $title, $name, $caller_module_name >> >> However, watch out that any name exported by the Ruby "Kernel" module is >> unavailable in an erb template - they invoke the Ruby method instead. (This >> is nasty for, say, the 'fork' variable in the template.) >> >> feel free to vote on http://projects.puppetlabs.com/issues/5489, I had > the same problem, but with a function called y > > >> While it doesn't sound like that was your problem, it has caught me out >> more than once. >> >> Regards, >> Daniel >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<puppet-users%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
