Move CreateTempFile to its own package

Signed-off-by: Niraj Yadav <niryadav@redhat.com>

internal/kms/vault.go

@@ -25,6 +25,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/ceph/ceph-csi/internal/util/file"
 	"github.com/hashicorp/vault/api"
 	loss "github.com/libopenstorage/secrets"
 	"github.com/libopenstorage/secrets/vault"
@@ -269,10 +270,12 @@ func (vc *vaultConnection) initCertificates(config map[string]interface{}, secre
 			return fmt.Errorf("missing vault CA in secret %s", vaultCAFromSecret)
 		}
 
-		vaultConfig[api.EnvVaultCACert], err = createTempFile("vault-ca-cert", []byte(caPEM))
+		tf, err := file.CreateTempFile("vault-ca-cert", caPEM)
 		if err != nil {
 			return fmt.Errorf("failed to create temporary file for Vault CA: %w", err)
 		}
+		vaultConfig[api.EnvVaultCACert] = tf.Name()
+
 		// update the existing config
 		for key, value := range vaultConfig {
 			vc.vaultConfig[key] = value
@@ -480,31 +483,3 @@ func detectAuthMountPath(path string) (string, error) {
 
 	return authMountPath, nil
 }
-
-// createTempFile writes data to a temporary file that contains the pattern in
-// the filename (see os.CreateTemp for details).
-func createTempFile(pattern string, data []byte) (string, error) {
-	t, err := os.CreateTemp("", pattern)
-	if err != nil {
-		return "", fmt.Errorf("failed to create temporary file: %w", err)
-	}
-
-	// delete the tmpfile on error
-	defer func() {
-		if err != nil {
-			// ignore error on failure to remove tmpfile (gosec complains)
-			_ = os.Remove(t.Name())
-		}
-	}()
-
-	s, err := t.Write(data)
-	if err != nil || s != len(data) {
-		return "", fmt.Errorf("failed to write temporary file: %w", err)
-	}
-	err = t.Close()
-	if err != nil {
-		return "", fmt.Errorf("failed to close temporary file: %w", err)
-	}
-
-	return t.Name(), nil
-}

internal/kms/vault_test.go

@@ -21,6 +21,7 @@ import (
 	"os"
 	"testing"
 
+	"github.com/ceph/ceph-csi/internal/util/file"
 	loss "github.com/libopenstorage/secrets"
 	"github.com/stretchr/testify/require"
 )
@@ -46,16 +47,16 @@ func TestDetectAuthMountPath(t *testing.T) {
 
 func TestCreateTempFile(t *testing.T) {
 	t.Parallel()
-	data := []byte("Hello World!")
-	tmpfile, err := createTempFile("my-file", data)
+	data := "Hello World!"
+	tmpfile, err := file.CreateTempFile("my-file", data)
 	if err != nil {
 		t.Errorf("createTempFile() failed: %s", err)
 	}
-	if tmpfile == "" {
+	if tmpfile.Name() == "" {
 		t.Errorf("createTempFile() returned an empty filename")
 	}
 
-	err = os.Remove(tmpfile)
+	err = os.Remove(tmpfile.Name())
 	if err != nil {
 		t.Errorf("failed to remove tmpfile (%s): %s", tmpfile, err)
 	}

internal/kms/vault_tokens.go

@@ -24,6 +24,7 @@ import (
 	"os"
 	"strconv"
 
+	"github.com/ceph/ceph-csi/internal/util/file"
 	"github.com/ceph/ceph-csi/internal/util/k8s"
 
 	"github.com/hashicorp/vault/api"
@@ -378,10 +379,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{}
 				return fmt.Errorf("failed to get CA certificate from secret %s: %w", vaultCAFromSecret, cErr)
 			}
 		}
-		vaultConfig[api.EnvVaultCACert], err = createTempFile("vault-ca-cert", []byte(cert))
+		cer, err := file.CreateTempFile("vault-ca-cert", cert)
 		if err != nil {
 			return fmt.Errorf("failed to create temporary file for Vault CA: %w", err)
 		}
+		vaultConfig[api.EnvVaultCACert] = cer.Name()
 	}
 
 	vaultClientCertFromSecret := "" // optional
@@ -403,10 +405,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{}
 				return fmt.Errorf("failed to get client certificate from secret %s: %w", vaultCAFromSecret, cErr)
 			}
 		}
-		vaultConfig[api.EnvVaultClientCert], err = createTempFile("vault-ca-cert", []byte(cert))
+		cer, err := file.CreateTempFile("vault-ca-cert", cert)
 		if err != nil {
 			return fmt.Errorf("failed to create temporary file for Vault client certificate: %w", err)
 		}
+		vaultConfig[api.EnvVaultClientCert] = cer.Name()
 	}
 
 	vaultClientCertKeyFromSecret := "" // optional
@@ -432,10 +435,11 @@ func (vtc *vaultTenantConnection) initCertificates(config map[string]interface{}
 				return fmt.Errorf("failed to get client certificate key from secret %s: %w", vaultCAFromSecret, err)
 			}
 		}
-		vaultConfig[api.EnvVaultClientKey], err = createTempFile("vault-client-cert-key", []byte(certKey))
+		ckey, err := file.CreateTempFile("vault-client-cert-key", certKey)
 		if err != nil {
 			return fmt.Errorf("failed to create temporary file for Vault client cert key: %w", err)
 		}
+		vaultConfig[api.EnvVaultClientKey] = ckey.Name()
 	}
 
 	for key, value := range vaultConfig {

internal/util/cryptsetup.go

@@ -23,6 +23,8 @@ import (
 	"os/exec"
 	"strconv"
 	"strings"
+
+	"github.com/ceph/ceph-csi/internal/util/file"
 )
 
 // Limit memory used by Argon2i PBKDF to 32 MiB.
@@ -69,13 +71,13 @@ func LuksStatus(mapperFile string) (string, string, error) {
 
 // LuksAddKey adds a new key to the specified slot
 func LuksAddKey(devicePath, passphrase, newPassphrase, slot string) error {
-	passFile, err := CreateTempFile(passphrase)
+	passFile, err := file.CreateTempFile("luks-", passphrase)
 	if err != nil {
 		return err
 	}
 	defer os.Remove(passFile.Name())
 
-	newPassFile, err := CreateTempFile(newPassphrase)
+	newPassFile, err := file.CreateTempFile("luks-", newPassphrase)
 	if err != nil {
 		return err
 	}
@@ -138,7 +140,7 @@ func LuksAddKey(devicePath, passphrase, newPassphrase, slot string) error {
 
 // LuksRemoveKey removes the key by killing the specified slot
 func LuksRemoveKey(devicePath, passphrase, slot string) error {
-	keyFile, err := CreateTempFile(passphrase)
+	keyFile, err := file.CreateTempFile("luks-", passphrase)
 	if err != nil {
 		return err
 	}
@@ -166,7 +168,7 @@ func LuksRemoveKey(devicePath, passphrase, slot string) error {
 // LuksVerifyKey verifies that a key exists in a given slot
 func LuksVerifyKey(devicePath, passphrase, slot string) (bool, error) {
 	// Create a temp file that we will use to open the device
-	keyFile, err := CreateTempFile(passphrase)
+	keyFile, err := file.CreateTempFile("luks-", passphrase)
 	if err != nil {
 		return false, err
 	}

internal/util/file.go → internal/util/file/file.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package util
+package file
 
 import (
 	"fmt"
@@ -24,10 +24,10 @@ import (
 // CreateTempFile create a temporary file with the given string
 // content and returns the reference to the file.
 // The caller is responsible for disposing the file.
-func CreateTempFile(contents string) (*os.File, error) {
+func CreateTempFile(prefix, contents string) (*os.File, error) {
 	// Create a temp file
 	// FIXME: Discuss location and prefix..
-	file, err := os.CreateTemp("", "")
+	file, err := os.CreateTemp("", prefix)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create temporary file: %w", err)
 	}

internal/util/file_test.go → internal/util/file/file_test.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package util
+package file
 
 import (
 	"os"
@@ -24,7 +24,7 @@ import (
 func TestCreateTempFile_WithValidContent(t *testing.T) {
 	content := "Valid Content"
 
-	file, err := CreateTempFile(content)
+	file, err := CreateTempFile("test-", content)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
@@ -47,7 +47,7 @@ func TestCreateTempFile_WithValidContent(t *testing.T) {
 func TestCreateTempFile_WithEmptyContent(t *testing.T) {
 	content := ""
 
-	file, err := CreateTempFile(content)
+	file, err := CreateTempFile("test-", content)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
@@ -70,7 +70,7 @@ func TestCreateTempFile_WithEmptyContent(t *testing.T) {
 func TestCreateTempFile_WithLargeContent(t *testing.T) {
 	content := string(make([]byte, 1<<20))
 
-	file, err := CreateTempFile(content)
+	file, err := CreateTempFile("test-", content)
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}