fix: remove hashDir if no files updated

Author: AlbeeSo

pkg/mounter/oss/ossfs.go

@@ -128,10 +128,9 @@ func (f *fuseOssfs) MakeAuthConfig(o *Options, m metadata.MetadataProvider) (*ut
 		authCfg.RoleName = o.RoleName
 	default:
 		// fixed AKSK
-		passwdFile := utils.GetPasswdFileName(f.Name())
 		if o.AkID != "" && o.AkSecret != "" {
 			authCfg.Secrets = map[string]string{
-				passwdFile: fmt.Sprintf("%s:%s:%s", o.Bucket, o.AkID, o.AkSecret),
+				utils.GetPasswdFileName(f.Name()): fmt.Sprintf("%s:%s:%s", o.Bucket, o.AkID, o.AkSecret),
 			}
 			return authCfg, nil
 		}
@@ -142,10 +141,10 @@ func (f *fuseOssfs) MakeAuthConfig(o *Options, m metadata.MetadataProvider) (*ut
 		}
 		// token secret for RunD
 		authCfg.Secrets = map[string]string{
-			filepath.Join(passwdFile, KeyAccessKeyId):     o.AccessKeyId,
-			filepath.Join(passwdFile, KeyAccessKeySecret): o.AccessKeySecret,
-			filepath.Join(passwdFile, KeySecurityToken):   o.SecurityToken,
-			filepath.Join(passwdFile, KeyExpiration):      o.Expiration,
+			KeyAccessKeyId:     o.AccessKeyId,
+			KeyAccessKeySecret: o.AccessKeySecret,
+			KeySecurityToken:   o.SecurityToken,
+			KeyExpiration:      o.Expiration,
 		}
 
 	}

pkg/mounter/oss/ossfs2.go

@@ -105,7 +105,6 @@ func (f *fuseOssfs2) MakeAuthConfig(o *Options, m metadata.MetadataProvider) (au
 		authCfg.RoleName = o.RoleName
 	case "":
 		// fixed AKSK
-		passwdFile := utils.GetPasswdFileName(f.Name())
 		if o.AkID != "" && o.AkSecret != "" {
 			authCfg.Secrets = map[string]string{
 				utils.GetPasswdFileName(f.Name()): fmt.Sprintf("--oss_access_key_id=%s\n--oss_access_key_secret=%s", o.AkID, o.AkSecret),
@@ -119,9 +118,9 @@ func (f *fuseOssfs2) MakeAuthConfig(o *Options, m metadata.MetadataProvider) (au
 		}
 		// token secret for RunD
 		authCfg.Secrets = map[string]string{
-			filepath.Join(passwdFile, KeyAccessKeyId):     o.AccessKeyId,
-			filepath.Join(passwdFile, KeyAccessKeySecret): o.AccessKeySecret,
-			filepath.Join(passwdFile, KeySecurityToken):   o.SecurityToken,
+			KeyAccessKeyId:     o.AccessKeyId,
+			KeyAccessKeySecret: o.AccessKeySecret,
+			KeySecurityToken:   o.SecurityToken,
 		}
 
 	default:

pkg/mounter/proxy/server/ossfs/utils.go

@@ -20,7 +20,7 @@ func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken, oss.KeyExpiration}
 	for _, key := range tokenKey {
-		val := secrets[filepath.Join(utils.GetPasswdFileName("ossfs"), key)]
+		val := secrets[key]
 		if val == "" {
 			err = fmt.Errorf("invalid authorization. %s is empty", key)
 			klog.Error(err)
@@ -44,13 +44,13 @@ func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err
 func prepareCredentialFiles(target string, secrets map[string]string) (file, dir string, options []string, err error) {
 	// fixed AKSK
 	hashDir := utils.GetPasswdHashDir(target)
-	err = os.MkdirAll(hashDir, 0o644)
-	if err != nil {
-		klog.Errorf("mkdirall hashdir failed %v", err)
-		return
-	}
 
 	if passwd := secrets[utils.GetPasswdFileName("ossfs")]; passwd != "" {
+		err = os.MkdirAll(hashDir, 0o644)
+		if err != nil {
+			klog.Errorf("mkdirall hashdir failed %v", err)
+			return
+		}
 		_, err = utils.WriteFileWithLock(filepath.Join(hashDir, utils.GetPasswdFileName("ossfs")), []byte(passwd), 0o600)
 		if err != nil {
 			return
@@ -61,21 +61,20 @@ func prepareCredentialFiles(target string, secrets map[string]string) (file, dir
 	}
 
 	// token
-	var token bool
-	token, err = rotateTokenFiles(hashDir, secrets)
-	if err != nil {
-		return
-	}
-	if token {
-		dir = hashDir
+	if token := secrets[oss.KeySecurityToken]; token != "" {
+		tokenDir := filepath.Join(hashDir, utils.GetPasswdFileName("ossfs"))
+		err = os.MkdirAll(tokenDir, 0o644)
+		if err != nil {
+			klog.Errorf("mkdirall tokenDir failed %v", err)
+			return
+		}
+		_, err = rotateTokenFiles(tokenDir, secrets)
+		if err != nil {
+			return
+		}
+		dir = tokenDir
 		options = append(options, "passwd_file="+dir)
 		return
 	}
-
-	// other authorizarion methods
-	err = os.Remove(hashDir)
-	if err != nil {
-		klog.Errorf("removeall hashdir failed %v", err)
-	}
 	return
 }

pkg/mounter/proxy/server/ossfs/utils_test.go

@@ -39,10 +39,10 @@ func TestPrepareCredentialFiles(t *testing.T) {
 		{
 			name: "TokenSecretsExists",
 			secrets: map[string]string{
-				filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "testAKID",
-				filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "testAKSecret",
-				filepath.Join(OssfsPasswdFile, oss.KeyExpiration):      "testExpiration",
-				filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "testSecurityToken",
+				oss.KeyAccessKeyId:     "testAKID",
+				oss.KeyAccessKeySecret: "testAKSecret",
+				oss.KeyExpiration:      "testExpiration",
+				oss.KeySecurityToken:   "testSecurityToken",
 			},
 			wantFile: false,
 			wantDir:  true,
@@ -73,10 +73,10 @@ func TestRotateTokenFiles(t *testing.T) {
 	assert.NoError(t, err)
 	// case 2: initialize token
 	secrets = map[string]string{
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "testAKID",
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "testAKSecret",
-		filepath.Join(OssfsPasswdFile, oss.KeyExpiration):      "testExpiration",
-		filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "testSecurityToken",
+		oss.KeyAccessKeyId:     "testAKID",
+		oss.KeyAccessKeySecret: "testAKSecret",
+		oss.KeyExpiration:      "testExpiration",
+		oss.KeySecurityToken:   "testSecurityToken",
 	}
 	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
 	assert.Equal(t, true, rotated)
@@ -91,10 +91,10 @@ func TestRotateTokenFiles(t *testing.T) {
 	assert.Equal(t, "testSecurityToken", string(st))
 	// case 3: rotate token
 	secrets = map[string]string{
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "newAKID",
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "newAKSecret",
-		filepath.Join(OssfsPasswdFile, oss.KeyExpiration):      "newExpiration",
-		filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "newSecurityToken",
+		oss.KeyAccessKeyId:     "newAKID",
+		oss.KeyAccessKeySecret: "newAKSecret",
+		oss.KeyExpiration:      "newExpiration",
+		oss.KeySecurityToken:   "newSecurityToken",
 	}
 	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
 	assert.Equal(t, true, rotated)

pkg/mounter/proxy/server/ossfs2/utils.go

@@ -20,7 +20,7 @@ func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken}
 	for _, key := range tokenKey {
-		val := secrets[filepath.Join(utils.GetPasswdFileName("ossfs2"), key)]
+		val := secrets[key]
 		if val == "" {
 			err = fmt.Errorf("invalid authorization. %s is empty", key)
 			klog.Error(err)
@@ -44,13 +44,13 @@ func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err
 func prepareCredentialFiles(target string, secrets map[string]string) (file, dir string, options []string, err error) {
 	// fixed AKSK
 	hashDir := utils.GetPasswdHashDir(target)
-	err = os.MkdirAll(hashDir, 0o644)
-	if err != nil {
-		klog.Errorf("mkdirall hashdir failed %v", err)
-		return
-	}
 
 	if passwd := secrets[utils.GetPasswdFileName("ossfs2")]; passwd != "" {
+		err = os.MkdirAll(hashDir, 0o644)
+		if err != nil {
+			klog.Errorf("mkdirall hashdir failed %v", err)
+			return
+		}
 		_, err = utils.WriteFileWithLock(filepath.Join(hashDir, utils.GetPasswdFileName("ossfs2")), []byte(passwd), 0o600)
 		if err != nil {
 			return
@@ -60,25 +60,24 @@ func prepareCredentialFiles(target string, secrets map[string]string) (file, dir
 	}
 
 	// token
-	token, err := rotateTokenFiles(hashDir, secrets)
-	if err != nil {
-		return
-	}
-	if token {
-		dir = hashDir
+	if token := secrets[oss.KeySecurityToken]; token != "" {
+		tokenDir := filepath.Join(hashDir, utils.GetPasswdFileName("ossfs2"))
+		err = os.MkdirAll(tokenDir, 0o644)
+		if err != nil {
+			klog.Errorf("mkdirall tokenDir failed %v", err)
+			return
+		}
+		_, err = rotateTokenFiles(tokenDir, secrets)
+		if err != nil {
+			return
+		}
+		dir = tokenDir
 		options = append(options,
-			fmt.Sprintf("oss_sts_multi_conf_ak_file=%s", filepath.Join(hashDir, oss.KeyAccessKeyId)),
-			fmt.Sprintf("oss_sts_multi_conf_sk_file=%s", filepath.Join(hashDir, oss.KeyAccessKeySecret)),
-			fmt.Sprintf("oss_sts_multi_conf_token_file=%s", filepath.Join(hashDir, oss.KeySecurityToken)),
+			fmt.Sprintf("oss_sts_multi_conf_ak_file=%s", filepath.Join(dir, oss.KeyAccessKeyId)),
+			fmt.Sprintf("oss_sts_multi_conf_sk_file=%s", filepath.Join(dir, oss.KeyAccessKeySecret)),
+			fmt.Sprintf("oss_sts_multi_conf_token_file=%s", filepath.Join(dir, oss.KeySecurityToken)),
 		)
 		return
 	}
-
-	// other authorizarion methods
-	err = os.Remove(hashDir)
-	if err != nil {
-		klog.Errorf("removeall hashdir failed %v", err)
-		return
-	}
 	return
 }

pkg/mounter/proxy/server/ossfs2/utils_test.go

@@ -39,9 +39,9 @@ func TestPrepareCredentialFiles(t *testing.T) {
 		{
 			name: "TokenSecretsExists",
 			secrets: map[string]string{
-				filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "testAKID",
-				filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "testAKSecret",
-				filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "testSecurityToken",
+				oss.KeyAccessKeyId:     "testAKID",
+				oss.KeyAccessKeySecret: "testAKSecret",
+				oss.KeySecurityToken:   "testSecurityToken",
 			},
 			wantFile: false,
 			wantDir:  true,
@@ -75,13 +75,13 @@ func TestRotateTokenFiles(t *testing.T) {
 
 	// case 2: initialize token
 	secrets = map[string]string{
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "testAKID",
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "testAKSecret",
-		filepath.Join(OssfsPasswdFile, oss.KeyExpiration):      "testExpiration",
-		filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "testSecurityToken",
+		oss.KeyAccessKeyId:     "testAKID",
+		oss.KeyAccessKeySecret: "testAKSecret",
+		oss.KeyExpiration:      "testExpiration",
+		oss.KeySecurityToken:   "testSecurityToken",
 	}
 	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.True(t, true)
+	assert.True(t, rotated)
 	assert.NoError(t, err)
 	ak, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
 	assert.Equal(t, "testAKID", string(ak))
@@ -94,10 +94,10 @@ func TestRotateTokenFiles(t *testing.T) {
 
 	// case 3: rotate token
 	secrets = map[string]string{
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeyId):     "newAKID",
-		filepath.Join(OssfsPasswdFile, oss.KeyAccessKeySecret): "newAKSecret",
-		filepath.Join(OssfsPasswdFile, oss.KeyExpiration):      "newExpiration",
-		filepath.Join(OssfsPasswdFile, oss.KeySecurityToken):   "newSecurityToken",
+		oss.KeyAccessKeyId:     "newAKID",
+		oss.KeyAccessKeySecret: "newAKSecret",
+		oss.KeyExpiration:      "newExpiration",
+		oss.KeySecurityToken:   "newSecurityToken",
 	}
 	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
 	assert.True(t, rotated)