More tweaks for unsafe interpolation

voxpupuli · Sep 5, 2023 · c7817cb · c7817cb
1 parent ed0bde5
commit c7817cb
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -181,15 +181,15 @@
     }
 
     exec { 'firewalld::set_default_zone_active':
-      command  => ['firewall-cmd --set-default-zone ', $default_zone],
+      command  => ['firewall-cmd', '--set-default-zone', $default_zone],
       unless   => "[ $(firewall-cmd --get-default-zone) = ${default_zone} ]",
       onlyif   => 'firewall-cmd --state',
       require  => Service['firewalld'],
       provider => 'shell',
     }
 
     exec { 'firewalld::set_default_zone_offline':
-      command  => ['firewall-offline-cmd --set-default-zone ', $default_zone],
+      command  => ['firewall-offline-cmd', '--set-default-zone', $default_zone],
       unless   => ["[ $(firewall-offline-cmd --get-default-zone) = ${default_zone} ]", 'firewall-cmd --state',],
       require  => Service['firewalld'],
       provider => 'shell',
@@ -206,14 +206,14 @@
     }
 
     exec { 'firewalld::set_log_denied_active':
-      command  => ['firewall-cmd --set-log-denied ', $log_denied],
+      command  => ['firewall-cmd', '--set-log-denied', $log_denied],
       unless   => "[ $(firewall-cmd --get-log-denied) = ${log_denied} ]",
       onlyif   => 'firewall-cmd --state',
       require  => Service['firewalld'],
       provider => 'shell',
     }
     exec { 'firewalld::set_log_denied_offline':
-      command  => ['firewall-offline-cmd --set-log-denied ', $log_denied],
+      command  => ['firewall-offline-cmd', '--set-log-denied', $log_denied],
       unless   => ["[ $(firewall-offline-cmd --get-log-denied) = ${log_denied} ]", 'firewall-cmd --state'],
       require  => Service['firewalld'],
       provider => 'shell',

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -52,12 +52,12 @@
     it do
       is_expected.to contain_exec('firewalld::set_default_zone').that_requires('Service[firewalld]')
       is_expected.to contain_exec('firewalld::set_default_zone_active').with(
-        command: ['firewall-cmd --set-default-zone ', 'restricted'],
+        command: ['firewall-cmd', '--set-default-zone', 'restricted'],
         unless: '[ $(firewall-cmd --get-default-zone) = restricted ]',
         onlyif: 'firewall-cmd --state'
       ).that_requires('Service[firewalld]')
       is_expected.to contain_exec('firewalld::set_default_zone_offline').with(
-        command: ['firewall-offline-cmd --set-default-zone ', 'restricted'],
+        command: ['firewall-offline-cmd', '--set-default-zone', 'restricted'],
         unless: ['[ $(firewall-offline-cmd --get-default-zone) = restricted ]', 'firewall-cmd --state']
       ).that_requires('Service[firewalld]')
     end
@@ -258,12 +258,12 @@
     it do
       is_expected.to contain_exec('firewalld::set_default_zone').that_requires('Service[firewalld]')
       is_expected.to contain_exec('firewalld::set_default_zone_active').with(
-        command: ['firewall-cmd --set-default-zone ', 'public'],
+        command: ['firewall-cmd', '--set-default-zone', 'public'],
         unless: '[ $(firewall-cmd --get-default-zone) = public ]',
         onlyif: 'firewall-cmd --state'
       ).that_requires('Service[firewalld]')
       is_expected.to contain_exec('firewalld::set_default_zone_offline').with(
-        command: ['firewall-offline-cmd --set-default-zone ', 'public'],
+        command: ['firewall-offline-cmd', '--set-default-zone', 'public'],
         unless: ['[ $(firewall-offline-cmd --get-default-zone) = public ]', 'firewall-cmd --state']
       ).that_requires('Service[firewalld]')
     end
@@ -280,12 +280,12 @@
       it do
         is_expected.to contain_exec('firewalld::set_log_denied').that_requires('Service[firewalld]')
         is_expected.to contain_exec('firewalld::set_log_denied_active').with(
-          command: ['firewall-cmd --set-log-denied ', cond],
+          command: ['firewall-cmd', '--set-log-denied', cond],
           unless: "[ $(firewall-cmd --get-log-denied) = #{cond} ]",
           onlyif: 'firewall-cmd --state'
         ).that_requires('Service[firewalld]')
         is_expected.to contain_exec('firewalld::set_log_denied_offline').with(
-          command: ['firewall-offline-cmd --set-log-denied ', cond],
+          command: ['firewall-offline-cmd', '--set-log-denied', cond],
           unless: ["[ $(firewall-offline-cmd --get-log-denied) = #{cond} ]", 'firewall-cmd --state']
         ).that_requires('Service[firewalld]')
       end