Split the functionality in node/mounter into smaller packages

cmd/install-mp/main.go

@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/awslabs/aws-s3-csi-driver/pkg/driver"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/util"
 )
 
 const (
@@ -49,7 +49,7 @@ func installFiles(binDir string, installDir string) error {
 		destFile := filepath.Join(installDir, name)
 
 		// First copy to a temporary location then rename to handle replacing running binaries
-		err = driver.ReplaceFile(destFile, filepath.Join(binDir, name), 0755)
+		err = util.ReplaceFile(destFile, filepath.Join(binDir, name), 0755)
 		if err != nil {
 			return fmt.Errorf("Failed to copy file %s: %w", name, err)
 		}

pkg/driver/driver.go

@@ -19,25 +19,24 @@ package driver
 import (
 	"context"
 	"fmt"
-	"io"
-	"io/fs"
 	"net"
 	"os"
-	"time"
 
-	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node"
-	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/mounter"
-	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/version"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"google.golang.org/grpc"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
+
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/credentialprovider"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/mounter"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/regionprovider"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/version"
 )
 
 const (
-	driverName          = "s3.csi.aws.com"
-	webIdentityTokenEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
+	driverName = "s3.csi.aws.com"
 
 	grpcServerMaxReceiveMessageSize = 1024 * 1024 * 2 // 2MB
 
@@ -75,13 +74,14 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 	klog.Infof("Driver version: %v, Git commit: %v, build date: %v, nodeID: %v, mount-s3 version: %v, kubernetes version: %v",
 		version.DriverVersion, version.GitCommit, version.BuildDate, nodeID, mpVersion, kubernetesVersion)
 
-	systemd_mounter, err := mounter.NewSystemdMounter(mpVersion, kubernetesVersion)
+	systemdMounter, err := mounter.NewSystemdMounter(mpVersion)
 	if err != nil {
 		klog.Fatalln(err)
 	}
 
-	credentialProvider := mounter.NewCredentialProvider(clientset.CoreV1(), containerPluginDir, mounter.RegionFromIMDSOnce)
-	nodeServer := node.NewS3NodeServer(nodeID, systemd_mounter, credentialProvider)
+	credentialProvider := credentialprovider.New(clientset.CoreV1())
+	regionProvider := regionprovider.New(regionprovider.RegionFromIMDSOnce)
+	nodeServer := node.NewS3NodeServer(nodeID, systemdMounter, credentialProvider, regionProvider, kubernetesVersion)
 
 	return &Driver{
 		Endpoint:   endpoint,
@@ -91,14 +91,6 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 }
 
 func (d *Driver) Run() error {
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	tokenFile := os.Getenv(webIdentityTokenEnv)
-	if tokenFile != "" {
-		klog.Infof("Found AWS_WEB_IDENTITY_TOKEN_FILE, syncing token")
-		go tokenFileTender(ctx, tokenFile, "/csi/token")
-	}
-
 	scheme, addr, err := ParseEndpoint(d.Endpoint)
 	if err != nil {
 		return err
@@ -151,53 +143,6 @@ func (d *Driver) Stop() {
 	d.Srv.Stop()
 }
 
-func tokenFileTender(ctx context.Context, sourcePath string, destPath string) {
-	for {
-		timer := time.After(10 * time.Second)
-		err := ReplaceFile(destPath, sourcePath, 0600)
-		if err != nil {
-			klog.Infof("Failed to sync AWS web token file: %v", err)
-		}
-		select {
-		case <-timer:
-			continue
-		case <-ctx.Done():
-			return
-		}
-	}
-}
-
-// replaceFile safely replaces a file with a new file by copying to a temporary location first
-// then renaming.
-func ReplaceFile(destPath string, sourcePath string, perm fs.FileMode) error {
-	tmpDest := destPath + ".tmp"
-
-	sourceFile, err := os.Open(sourcePath)
-	if err != nil {
-		return err
-	}
-	defer sourceFile.Close()
-
-	destFile, err := os.OpenFile(tmpDest, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm)
-	if err != nil {
-		return err
-	}
-	defer destFile.Close()
-
-	buf := make([]byte, 64*1024)
-	_, err = io.CopyBuffer(destFile, sourceFile, buf)
-	if err != nil {
-		return err
-	}
-
-	err = os.Rename(tmpDest, destPath)
-	if err != nil {
-		return fmt.Errorf("Failed to rename file %s: %w", destPath, err)
-	}
-
-	return nil
-}
-
 func kubernetesVersion(clientset *kubernetes.Clientset) (string, error) {
 	version, err := clientset.ServerVersion()
 	if err != nil {

pkg/driver/node/awsprofile/aws_profile.go → pkg/driver/node/credentialprovider/awsprofile/aws_profile.go

@@ -9,50 +9,51 @@ import (
 	"path/filepath"
 	"strings"
 	"unicode"
+
+	"github.com/google/renameio"
 )
 
 const (
 	awsProfileName                = "s3-csi"
 	awsProfileConfigFilename      = "s3-csi-config"
 	awsProfileCredentialsFilename = "s3-csi-credentials"
-	awsProfileFilePerm            = fs.FileMode(0400) // only owner readable
 )
 
 // ErrInvalidCredentials is returned when given AWS Credentials contains invalid characters.
 var ErrInvalidCredentials = errors.New("aws-profile: Invalid AWS Credentials")
 
 // An AWSProfile represents an AWS profile with it's credentials and config files.
 type AWSProfile struct {
-	Name            string
-	ConfigPath      string
-	CredentialsPath string
+	Name                string
+	ConfigFilename      string
+	CredentialsFilename string
 }
 
 // CreateAWSProfile creates an AWS Profile with credentials and config files from given credentials.
 // Created credentials and config files can be clean up with `CleanupAWSProfile`.
-func CreateAWSProfile(basepath string, accessKeyID string, secretAccessKey string, sessionToken string) (AWSProfile, error) {
+func CreateAWSProfile(basepath string, accessKeyID string, secretAccessKey string, sessionToken string, filePerm fs.FileMode) (AWSProfile, error) {
 	if !isValidCredential(accessKeyID) || !isValidCredential(secretAccessKey) || !isValidCredential(sessionToken) {
 		return AWSProfile{}, ErrInvalidCredentials
 	}
 
 	name := awsProfileName
 
 	configPath := filepath.Join(basepath, awsProfileConfigFilename)
-	err := writeAWSProfileFile(configPath, configFileContents(name))
+	err := writeAWSProfileFile(configPath, configFileContents(name), filePerm)
 	if err != nil {
 		return AWSProfile{}, fmt.Errorf("aws-profile: Failed to create config file %s: %v", configPath, err)
 	}
 
 	credentialsPath := filepath.Join(basepath, awsProfileCredentialsFilename)
-	err = writeAWSProfileFile(credentialsPath, credentialsFileContents(name, accessKeyID, secretAccessKey, sessionToken))
+	err = writeAWSProfileFile(credentialsPath, credentialsFileContents(name, accessKeyID, secretAccessKey, sessionToken), filePerm)
 	if err != nil {
 		return AWSProfile{}, fmt.Errorf("aws-profile: Failed to create credentials file %s: %v", credentialsPath, err)
 	}
 
 	return AWSProfile{
-		Name:            name,
-		ConfigPath:      configPath,
-		CredentialsPath: credentialsPath,
+		Name:                name,
+		ConfigFilename:      awsProfileConfigFilename,
+		CredentialsFilename: awsProfileCredentialsFilename,
 	}, nil
 }
 
@@ -75,14 +76,8 @@ func CleanupAWSProfile(basepath string) error {
 	return nil
 }
 
-func writeAWSProfileFile(path string, content string) error {
-	err := os.WriteFile(path, []byte(content), awsProfileFilePerm)
-	if err != nil {
-		return err
-	}
-	// If the given file exists, `os.WriteFile` just truncates it without changing it's permissions,
-	// so we need to ensure it always has the correct permissions.
-	return os.Chmod(path, awsProfileFilePerm)
+func writeAWSProfileFile(path string, content string, filePerm os.FileMode) error {
+	return renameio.WriteFile(path, []byte(content), filePerm)
 }
 
 func credentialsFileContents(profile string, accessKeyID string, secretAccessKey string, sessionToken string) string {