in server/server.go [305:348]
func (s *CSIDriverProviderServer) writeFile(secret *provider.SecretValue, mode os.FileMode) (*v1alpha1.File, error) {
// Don't write if the driver is supposed to do it.
if s.driverWriteSecrets {
return &v1alpha1.File{
Path: secret.Descriptor.GetFileName(),
Mode: int32(mode),
Contents: secret.Value,
}, nil
}
// Write to a tempfile first
tmpFile, err := ioutil.TempFile(secret.Descriptor.GetMountDir(), secret.Descriptor.GetFileName())
if err != nil {
return nil, err
}
defer os.Remove(tmpFile.Name()) // Cleanup on fail
defer tmpFile.Close() // Don't leak file descriptors
err = tmpFile.Chmod(mode) // Set correct permissions
if err != nil {
return nil, err
}
_, err = tmpFile.Write(secret.Value) // Write the secret
if err != nil {
return nil, err
}
err = tmpFile.Sync() // Make sure to flush to disk
if err != nil {
return nil, err
}
// Swap out the old secret for the new
err = os.Rename(tmpFile.Name(), secret.Descriptor.GetMountPath())
if err != nil {
return nil, err
}
return nil, nil
}