go/secretsmgr: set group after deleting files
This commit is contained in:
parent
2c04359cfe
commit
e9a2ac4980
1 changed files with 10 additions and 8 deletions
|
@ -479,12 +479,6 @@ func shouldRenewACMECert(c acmeCertificate) (bool, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
|
func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
|
||||||
restoreGroup, err := setGroup(certDef.Group)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("setting group to write output: %w", err)
|
|
||||||
}
|
|
||||||
defer restoreGroup()
|
|
||||||
|
|
||||||
setFiles := []struct {
|
setFiles := []struct {
|
||||||
name string
|
name string
|
||||||
content []byte
|
content []byte
|
||||||
|
@ -504,10 +498,18 @@ func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
|
||||||
}}
|
}}
|
||||||
|
|
||||||
for _, sf := range setFiles {
|
for _, sf := range setFiles {
|
||||||
log.Infof("writing file %v mode %s", sf.name, sf.perm)
|
|
||||||
|
|
||||||
os.Remove(sf.name) // optimistically try to remove the file, we don't care if it succeeds
|
os.Remove(sf.name) // optimistically try to remove the file, we don't care if it succeeds
|
||||||
// if it doesn't, we'll error when we try to open it
|
// if it doesn't, we'll error when we try to open it
|
||||||
|
}
|
||||||
|
|
||||||
|
restoreGroup, err := setGroup(certDef.Group)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("setting group to write output: %w", err)
|
||||||
|
}
|
||||||
|
defer restoreGroup()
|
||||||
|
|
||||||
|
for _, sf := range setFiles {
|
||||||
|
log.Infof("writing file %v mode %s group %s", sf.name, sf.perm, certDef.Group)
|
||||||
|
|
||||||
f, err := os.OpenFile(sf.name, os.O_WRONLY|os.O_CREATE|os.O_EXCL, sf.perm)
|
f, err := os.OpenFile(sf.name, os.O_WRONLY|os.O_CREATE|os.O_EXCL, sf.perm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue