Ensure to load only regular files for CAs (#5612)

In kubernetes statefulset like environments when secrets are mounted to pods they have sub-directories, we should ideally be only looking for regular files here and skip all others.
2024-09-06 00:37:25 +00:00 · 2018-03-07 08:46:28 -08:00 · 2018-03-07 08:46:28 -08:00 · 27258b9c54
parent b325593b47
commit 27258b9c54
2 changed files with 12 additions and 20 deletions
--- a/cmd/certs.go
+++ b/cmd/certs.go
@ -23,7 +23,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 )

 // TLSPrivateKeyPassword is the environment variable which contains the password used
@ -64,14 +63,18 @@ func parsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err er
 func getRootCAs(certsCAsDir string) (*x509.CertPool, error) {
 	// Get all CA file names.
 	var caFiles []string
-	fis, err := ioutil.ReadDir(certsCAsDir)
+	fis, err := readDir(certsCAsDir)
 	if err != nil {
 		return nil, err
 	}
 	for _, fi := range fis {
-		caFiles = append(caFiles, filepath.Join(certsCAsDir, fi.Name()))
+		// Skip all directories.
+		if hasSuffix(fi, slashSeparator) {
+			continue
+		}
+		// We are only interested in regular files here.
+		caFiles = append(caFiles, pathJoin(certsCAsDir, fi))
 	}
-
 	if len(caFiles) == 0 {
 		return nil, nil
 	}
--- a/cmd/certs_test.go
+++ b/cmd/certs_test.go
@ -219,27 +219,16 @@ func TestGetRootCAs(t *testing.T) {
 		t.Fatalf("Unable create test file. %v", err)
 	}

-	nonexistentErr := fmt.Errorf("open nonexistent-dir: no such file or directory")
-	if runtime.GOOS == "windows" {
-		// Below concatenation is done to get rid of goline error
-		// "error strings should not be capitalized or end with punctuation or a newline"
-		nonexistentErr = fmt.Errorf("open nonexistent-dir:" + " The system cannot find the file specified.")
-	}
-
-	err1 := fmt.Errorf("read %s: is a directory", filepath.Join(dir1, "empty-dir"))
-	if runtime.GOOS == "windows" {
-		// Below concatenation is done to get rid of goline error
-		// "error strings should not be capitalized or end with punctuation or a newline"
-		err1 = fmt.Errorf("read %s:"+" The handle is invalid.", filepath.Join(dir1, "empty-dir"))
-	}
-
 	testCases := []struct {
 		certCAsDir  string
 		expectedErr error
 	}{
-		{"nonexistent-dir", nonexistentErr},
-		{dir1, err1},
+		{"nonexistent-dir", errFileNotFound},
+		// Ignores directories.
+		{dir1, nil},
+		// Ignore empty directory.
 		{emptydir, nil},
+		// Loads the cert properly.
 		{dir2, nil},
 	}