From 7c42741c0d1a6849166934e840eafd99024b5c4f Mon Sep 17 00:00:00 2001 From: Eric Fried Date: Thu, 22 Aug 2024 17:59:53 -0500 Subject: [PATCH] Remove existing Secret files in (deprovision) Pod For Pods with `restartPolicy: OnFailure`, a failed container may be rerun in the same Pod, which will reuse the same file system as the initial run. When we project Secrets (for credentials, certs, etc) to directories in such containers, those writes can fail the second time around because the file already exists. Fix by removing the file, if it exists, before we write it. Note that at the time of this commit, this only affects deprovision pods: - imageset pods don't use ProjectToDir - provision pods have `restartPolicy: Never` HIVE-2604 --- contrib/pkg/utils/generic.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/pkg/utils/generic.go b/contrib/pkg/utils/generic.go index 1fe68650814..a181c0bedb5 100644 --- a/contrib/pkg/utils/generic.go +++ b/contrib/pkg/utils/generic.go @@ -3,6 +3,7 @@ package utils import ( "context" "encoding/json" + "errors" "fmt" "io" "net/http" @@ -199,6 +200,10 @@ func ProjectToDir(obj client.Object, dir string, filter ProjectToDirFileFilter) return } path := filepath.Join(dir, filename) + // Unlink if present, in case this is a recycled pod + if err := os.Remove(path); err != nil && !errors.Is(err, os.ErrNotExist) { + log.WithError(err).WithField("path", path).Fatal("Failed to remove existing file") + } if err := os.WriteFile(path, newBytes, 0400); err != nil { log.WithError(err).WithField("path", path).Fatal("Failed to write file") }