From f0cdefa0b5a3050f35022b8350924687f6d055fb Mon Sep 17 00:00:00 2001 From: "Alex Ellis (OpenFaaS Ltd)" Date: Fri, 27 Oct 2023 10:53:23 +0100 Subject: [PATCH] Move temporary file deletion into a defer This is required so that the temporary file, which is potentially sensitive, gets cleaned up even if the function exits early. Signed-off-by: Alex Ellis (OpenFaaS Ltd) --- cmd/install.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/cmd/install.go b/cmd/install.go index b9013ae..c7ca556 100644 --- a/cmd/install.go +++ b/cmd/install.go @@ -471,6 +471,14 @@ func mergeConfigs(localKubeconfigPath, context string, k3sconfig []byte) ([]byte return nil, fmt.Errorf("could not generate a temporary file to store the kubeconfig: %w", err) } + defer func() { + // Remove the temporarily generated file, even if there is an error and the + // function returns early + if err = os.Remove(file.Name()); err != nil { + log.Printf("could not remove temporary kubeconfig file: %s %s", file.Name(), err) + } + }() + if err := writeConfig(file.Name(), []byte(k3sconfig), context, true); err != nil { return nil, err } @@ -503,13 +511,6 @@ func mergeConfigs(localKubeconfigPath, context string, k3sconfig []byte) ([]byte file.Name(), err) } - // Remove the temporarily generated file - err = os.Remove(file.Name()) - if err != nil { - return nil, fmt.Errorf("could not remove temporary kubeconfig file: %s %w", - file.Name(), err) - } - return data, nil } @@ -590,6 +591,8 @@ func loadPublickey(path string) (ssh.AuthMethod, func() error, error) { return ssh.PublicKeys(signer), noopCloseFunc, nil } +// rewriteKubeconfig replaces the IP address of the server with the IP address +// it also changes the context from "default" to the value of the --context flag func rewriteKubeconfig(kubeconfig string, host string, context string) []byte { if context == "" { context = "default"