Why not simple render templates with puppet with safemode templating [1]? this will avoid things like <%= File.read "/etc/shadow" %> and such, additionally, it can whitelist which params are allowed to be accessed within the template.
I started using it within Foreman recently, and I find it very useful. Ohad [1] - https://github.com/svenfuchs/safemode#readme On Tue, Jan 11, 2011 at 8:15 PM, Dan Bode <d...@puppetlabs.com> wrote: > > > On Tue, Jan 11, 2011 at 9:59 AM, Daniel Pittman <dan...@rimspace.net>wrote: > >> On Jan 11, 2011 8:58 AM, "Dan Bode" <d...@puppetlabs.com> wrote: >> > On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels <uwe.bart...@gmail.com> >> wrote: >> >> >> are there any reserved words i'm not allowed to use in the puppet >> manifests? >> >> I have some strange errors that came up using puppet manifests with >> variables like >> >> - $string >> >> - $type >> >> - $label >> > >> > The are special variables, not reserved words: >> > also $module_name, $title, $name, $caller_module_name >> >> However, watch out that any name exported by the Ruby "Kernel" module is >> unavailable in an erb template - they invoke the Ruby method instead. (This >> is nasty for, say, the 'fork' variable in the template.) >> >> feel free to vote on http://projects.puppetlabs.com/issues/5489, I had > the same problem, but with a function called y > > >> While it doesn't sound like that was your problem, it has caught me out >> more than once. >> >> Regards, >> Daniel >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
