fileutils

func AtomicWriteFile ¶

func AtomicWriteFile(targetPath string, data []byte, perm os.FileMode) error

AtomicWriteFile writes data to a file atomically by writing to a temporary file and then renaming it. This ensures that readers either see the complete old file or the complete new file, never a partially written file.

func ValidateWorkloadNameForPath ¶

func ValidateWorkloadNameForPath(workloadName string) error

ValidateWorkloadNameForPath validates a workload name to prevent path traversal attacks. It ensures the name is safe for use in file path construction by checking: - Path traversal patterns (..) - Absolute paths - Path separators (/, \) - Command injection patterns - Null bytes - Invalid characters (only alphanumeric, dots, hyphens, underscores allowed) - Length limits

This function delegates to types.ValidateWorkloadName which performs comprehensive validation including filepath.Clean normalization and filepath.Rel path traversal checks.

Returns nil if the workload name is safe for path construction, or an error describing the validation failure.

func WithFileLock ¶ added in v0.11.1

func WithFileLock(path string, fn func() error) error

WithFileLock executes fn while holding an OS-level advisory file lock on path + ".lock". It uses a 1-second timeout with 100ms retry interval.

func WriteContainedFile ¶ added in v0.11.3

func WriteContainedFile(targetDir, filePath string, content []byte, dirPerm, filePerm os.FileMode) error

WriteContainedFile writes content to filePath (relative) inside targetDir, ensuring the resulting path does not escape targetDir. Parent directories are created with dirPerm, and the file is written atomically with filePerm.

targetDir must already be filepath.Clean'd by the caller.