Closed ekohl closed 1 year ago
I have a bunch of examples of this in my code. I always use command
(which this has helped turn into arrays!) but I can't figure out a way to get the resource titles to pass check_unsafe_interpolations
. I tried removing the interpolation, but every Exec
must be unique and I use the pathname for that (since it varies by app). Example:
# For each hostname, generate ssl dhparam file
$ssl_dhparam_path = "${nginx::conf_dir}/ssl/${hostname}_dhparam.pem"
exec { "generate ${ssl_dhparam_path}": # FAILS check_unsafe_interpolations (false positive), but must be unique
# PASSES check_unsafe_interpolations
command => ['/usr/bin/openssl', 'dhparam', '-dsaparam', '-out', $ssl_dhparam_path, 4096],
...
}
/cc @GSPatton @david22swan
Hey! :-) Closing as we have reverted the check, apologies for any inconvenience caused.
The newly added check_unsafe_interpolations give false positives. If
command
is present, the title doesn't need to be validated. An example: https://github.com/voxpupuli/puppet-trusted_ca/blob/8f9ccc04a12ed3608131d9cb4d80d9d9ecffb380/manifests/ca.pp#L74-L81Or simplified, this being flagged as unsafe but I don't see any problem with it:
Originally posted by @ekohl in https://github.com/puppetlabs/puppet-lint/issues/142#issuecomment-1694652627