ignore ENOENT errors when parsing .crt files

As always listing files in a dir to then read them is racy as the file might have been removed in the meantime. Thus we must ignore ENOENT errors when the file is opened. Now here the code already did not cause an hard error but it will cause a spurious warning in such case. There is really no need to log that as it can cause flakes for podman. Now there is the case here for .cert and .key files where both files must be present for a valid config. Ignoring ENOENT there seems wrong as it would hide a common misconfiguration where only one of the files exists. That mean the race can still cause a failure when these files are removed from the dir. Signed-off-by: Paul Holzinger <[email protected]>
containers · Jan 27, 2025 · 3f17e2e · 3f17e2e
1 parent c9771a8
commit 3f17e2e
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/pkg/tlsclientconfig/tlsclientconfig.go b/pkg/tlsclientconfig/tlsclientconfig.go
@@ -3,6 +3,7 @@ package tlsclientconfig
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -36,12 +37,9 @@ func SetupCertificates(dir string, tlsc *tls.Config) error {
 			logrus.Debugf(" crt: %s", fullPath)
 			data, err := os.ReadFile(fullPath)
 			if err != nil {
-				if os.IsNotExist(err) {
-					// Dangling symbolic link?
-					// Race with someone who deleted the
-					// file after we read the directory's
-					// list of contents?
-					logrus.Warnf("error reading certificate %q: %v", fullPath, err)
+				if errors.Is(err, os.ErrNotExist) {
+					// file must have been removed between the directory listing
+					// and the open call, ignore that as it is a expected race
 					continue
 				}
 				return err