go/secretsmgr: set group after deleting files

This commit is contained in:
Luke Granger-Brown 2022-06-25 17:35:23 +00:00
parent 2c04359cfe
commit e9a2ac4980

View file

@ -479,12 +479,6 @@ func shouldRenewACMECert(c acmeCertificate) (bool, error) {
} }
func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error { func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
restoreGroup, err := setGroup(certDef.Group)
if err != nil {
return fmt.Errorf("setting group to write output: %w", err)
}
defer restoreGroup()
setFiles := []struct { setFiles := []struct {
name string name string
content []byte content []byte
@ -504,10 +498,18 @@ func writeCertificate(certDef acmeCertificate, cert *vapi.Secret) error {
}} }}
for _, sf := range setFiles { for _, sf := range setFiles {
log.Infof("writing file %v mode %s", sf.name, sf.perm)
os.Remove(sf.name) // optimistically try to remove the file, we don't care if it succeeds os.Remove(sf.name) // optimistically try to remove the file, we don't care if it succeeds
// if it doesn't, we'll error when we try to open it // if it doesn't, we'll error when we try to open it
}
restoreGroup, err := setGroup(certDef.Group)
if err != nil {
return fmt.Errorf("setting group to write output: %w", err)
}
defer restoreGroup()
for _, sf := range setFiles {
log.Infof("writing file %v mode %s group %s", sf.name, sf.perm, certDef.Group)
f, err := os.OpenFile(sf.name, os.O_WRONLY|os.O_CREATE|os.O_EXCL, sf.perm) f, err := os.OpenFile(sf.name, os.O_WRONLY|os.O_CREATE|os.O_EXCL, sf.perm)
if err != nil { if err != nil {