remove deprecated ioutil usages (#2877)

* fix: Fixed return description error * config/options: Adjust the position of TracingJaegerAgentEndpoint option * DOCS: Remove duplicate configuration items Remove duplicate configuration items of route * remove deprecated ioutil usages
2025-05-20 20:47:16 +02:00 · 2021-12-30 10:02:12 -08:00 · 2021-12-30 10:02:12 -08:00 · 84dad4c612
commit 84dad4c612
parent 9b5a816246
33 changed files with 69 additions and 87 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -121,7 +121,7 @@ issues:
    - G307
    # gosec: Too many issues in popular repos
    - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
-    # gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
+    # gosec: False positive is triggered by 'src, err := os.ReadFile(filename)'
    - Potential file inclusion via variable

    ##
--- a/authorize/evaluator/google_cloud_serverless.go
+++ b/authorize/evaluator/google_cloud_serverless.go
@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
@ -82,7 +81,7 @@ func (src *gcpIdentityTokenSource) Token() (*oauth2.Token, error) {
 		}
 		defer func() { _ = res.Body.Close() }()

-		bs, err := ioutil.ReadAll(io.LimitReader(res.Body, GCPIdentityMaxBodySize))
+		bs, err := io.ReadAll(io.LimitReader(res.Body, GCPIdentityMaxBodySize))
 		if err != nil {
 			return nil, err
 		}
--- a/authorize/grpc.go
+++ b/authorize/grpc.go
@ -2,7 +2,7 @@ package authorize

 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@ -159,7 +159,7 @@ func getHTTPRequestFromCheckRequest(req *envoy_service_auth_v3.CheckRequest) *ht
 		Method:     hattrs.GetMethod(),
 		URL:        &u,
 		Header:     make(http.Header),
-		Body:       ioutil.NopCloser(strings.NewReader(hattrs.GetBody())),
+		Body:       io.NopCloser(strings.NewReader(hattrs.GetBody())),
 		Host:       hattrs.GetHost(),
 		RequestURI: hattrs.GetPath(),
 	}
--- a/config/autocert.go
+++ b/config/autocert.go
@ -4,7 +4,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"os"

 	"github.com/pomerium/pomerium/pkg/cryptutil"
 )
@ -86,7 +86,7 @@ func (o *AutocertOptions) Validate() error {
 		}
 	}
 	if o.TrustedCAFile != "" {
-		if _, err := ioutil.ReadFile(o.TrustedCAFile); err != nil {
+		if _, err := os.ReadFile(o.TrustedCAFile); err != nil {
 			return fmt.Errorf("config: bad trusted certificate (bundle) file: %w", err)
 		}
 		if _, err := cryptutil.GetCertPool("", o.TrustedCAFile); err != nil {
--- a/config/autocert_test.go
+++ b/config/autocert_test.go
@ -8,7 +8,6 @@ import (
 	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/pem"
-	"io/ioutil"
 	"math/big"
 	"os"
 	"testing"
@ -91,7 +90,7 @@ func TestAutocertOptions_Validate(t *testing.T) {
 			}
 		},
 		"ok/trusted-ca-file": func(t *testing.T) test {
-			f, err := ioutil.TempFile("", "pomerium-test-ca")
+			f, err := os.CreateTemp("", "pomerium-test-ca")
 			require.NoError(t, err)
 			n, err := f.Write(certPEM)
 			require.NoError(t, err)
@ -129,7 +128,7 @@ func TestAutocertOptions_Validate(t *testing.T) {
 			}
 		},
 		"fail/trusted-ca-combined": func(t *testing.T) test {
-			f, err := ioutil.TempFile("", "pomerium-test-ca")
+			f, err := os.CreateTemp("", "pomerium-test-ca")
 			require.NoError(t, err)
 			n, err := f.Write(certPEM)
 			require.NoError(t, err)
--- a/config/config_source.go
+++ b/config/config_source.go
@ -3,7 +3,7 @@ package config
 import (
 	"context"
 	"crypto/sha256"
-	"io/ioutil"
+	"os"
 	"sync"

 	"github.com/fsnotify/fsnotify"
@ -250,7 +250,7 @@ func (src *FileWatcherSource) check(ctx context.Context, cfg *Config) {

 	for _, f := range fs {
 		_, _ = h.Write([]byte{0})
-		bs, err := ioutil.ReadFile(f)
+		bs, err := os.ReadFile(f)
 		if err == nil {
 			src.watcher.Add(f)
 			_, _ = h.Write(bs)
--- a/config/config_source_test.go
+++ b/config/config_source_test.go
@ -2,7 +2,6 @@ package config

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
@ -22,12 +21,12 @@ func TestFileWatcherSource(t *testing.T) {
 		return
 	}

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{1, 2, 3, 4}, 0o600)
+	err = os.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{1, 2, 3, 4}, 0o600)
 	if !assert.NoError(t, err) {
 		return
 	}

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{1, 2, 3, 4}, 0o600)
+	err = os.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{1, 2, 3, 4}, 0o600)
 	if !assert.NoError(t, err) {
 		return
 	}
@ -50,7 +49,7 @@ func TestFileWatcherSource(t *testing.T) {
 		})
 	})

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{5, 6, 7, 8}, 0o600)
+	err = os.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{5, 6, 7, 8}, 0o600)
 	if !assert.NoError(t, err) {
 		return
 	}
@ -61,7 +60,7 @@ func TestFileWatcherSource(t *testing.T) {
 		t.Error("expected OnConfigChange to be fired after modifying a file")
 	}

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{5, 6, 7, 8}, 0o600)
+	err = os.WriteFile(filepath.Join(tmpdir, "kubernetes-example.txt"), []byte{5, 6, 7, 8}, 0o600)
 	if !assert.NoError(t, err) {
 		return
 	}
--- a/config/envoyconfig/filemgr/filemgr.go
+++ b/config/envoyconfig/filemgr/filemgr.go
@ -4,7 +4,6 @@ package filemgr
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"

@ -41,7 +40,7 @@ func (mgr *Manager) BytesDataSource(fileName string, data []byte) *envoy_config_

 	filePath := filepath.Join(mgr.cfg.cacheDir, fileName)
 	if _, err := os.Stat(filePath); os.IsNotExist(err) {
-		err = ioutil.WriteFile(filePath, data, 0o600)
+		err = os.WriteFile(filePath, data, 0o600)
 		if err != nil {
 			log.Error(context.TODO()).Err(err).Msg("filemgr: error writing cache file, falling back to inline bytes")
 			return inlineBytes(data)
@ -76,7 +75,7 @@ func (mgr *Manager) ClearCache() {

 // FileDataSource returns an envoy config data source based on a file.
 func (mgr *Manager) FileDataSource(filePath string) *envoy_config_core_v3.DataSource {
-	data, err := ioutil.ReadFile(filePath)
+	data, err := os.ReadFile(filePath)
 	if err != nil {
 		return inlineFilename(filePath)
 	}
--- a/config/envoyconfig/filemgr/filemgr_test.go
+++ b/config/envoyconfig/filemgr/filemgr_test.go
@ -1,7 +1,6 @@
 package filemgr

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@ -34,7 +33,7 @@ func Test(t *testing.T) {

 	t.Run("file", func(t *testing.T) {
 		tmpFilePath := filepath.Join(dir, "test.txt")
-		_ = ioutil.WriteFile(tmpFilePath, []byte("TEST1"), 0o777)
+		_ = os.WriteFile(tmpFilePath, []byte("TEST1"), 0o777)

 		mgr := NewManager(WithCacheDir(dir))

@ -45,7 +44,7 @@ func Test(t *testing.T) {
 			},
 		}, ds)

-		_ = ioutil.WriteFile(tmpFilePath, []byte("TEST2"), 0o777)
+		_ = os.WriteFile(tmpFilePath, []byte("TEST2"), 0o777)

 		ds = mgr.FileDataSource(tmpFilePath)
 		assert.Equal(t, &envoy_config_core_v3.DataSource{
--- a/config/options.go
+++ b/config/options.go
@ -7,7 +7,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"path/filepath"
@ -669,7 +668,7 @@ func (o *Options) Validate() error {
 	}

 	if o.ClientCAFile != "" {
-		_, err := ioutil.ReadFile(o.ClientCAFile)
+		_, err := os.ReadFile(o.ClientCAFile)
 		if err != nil {
 			return fmt.Errorf("config: bad client ca file: %w", err)
 		}
@ -947,7 +946,7 @@ func (o *Options) GetClientCA() ([]byte, error) {
 		return base64.StdEncoding.DecodeString(o.ClientCA)
 	}
 	if o.ClientCAFile != "" {
-		return ioutil.ReadFile(o.ClientCAFile)
+		return os.ReadFile(o.ClientCAFile)
 	}
 	return nil, nil
 }
--- a/config/options_test.go
+++ b/config/options_test.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"sync"
@ -234,7 +233,7 @@ func Test_parsePolicyFile(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			tempFile, _ := ioutil.TempFile("", "*.json")
+			tempFile, _ := os.CreateTemp("", "*.json")
 			defer tempFile.Close()
 			defer os.Remove(tempFile.Name())
 			tempFile.Write(tt.policyBytes)
@ -344,7 +343,7 @@ func TestOptionsFromViper(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			tempFile, _ := ioutil.TempFile("", "*.json")
+			tempFile, _ := os.CreateTemp("", "*.json")
 			defer tempFile.Close()
 			defer os.Remove(tempFile.Name())
 			tempFile.Write(tt.configBytes)
@ -462,7 +461,7 @@ func Test_AutoCertOptionsFromEnvVar(t *testing.T) {
 		"ok/custom-ca-file": func(t *testing.T) test {
 			certPEM, err := newCACertPEM()
 			require.NoError(t, err)
-			f, err := ioutil.TempFile("", "pomerium-test-ca")
+			f, err := os.CreateTemp("", "pomerium-test-ca")
 			require.NoError(t, err)
 			n, err := f.Write(certPEM)
 			require.NoError(t, err)
@ -531,8 +530,8 @@ func TestCertificatesArrayParsing(t *testing.T) {

 	testCertFileRef := "./testdata/example-cert.pem"
 	testKeyFileRef := "./testdata/example-key.pem"
-	testCertFile, _ := ioutil.ReadFile(testCertFileRef)
-	testKeyFile, _ := ioutil.ReadFile(testKeyFileRef)
+	testCertFile, _ := os.ReadFile(testCertFileRef)
+	testKeyFile, _ := os.ReadFile(testKeyFileRef)
 	testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
 	testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)

--- a/config/policy.go
+++ b/config/policy.go
@ -6,7 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"regexp"
@ -474,7 +473,7 @@ func (p *Policy) Validate() error {
 	}

 	if p.TLSDownstreamClientCAFile != "" {
-		bs, err := ioutil.ReadFile(p.TLSDownstreamClientCAFile)
+		bs, err := os.ReadFile(p.TLSDownstreamClientCAFile)
 		if err != nil {
 			return fmt.Errorf("config: couldn't load downstream client ca: %w", err)
 		}
@ -486,7 +485,7 @@ func (p *Policy) Validate() error {
 			return fmt.Errorf("config: specified both `kubernetes_service_account_token_file` and `kubernetes_service_account_token`")
 		}

-		token, err := ioutil.ReadFile(p.KubernetesServiceAccountTokenFile)
+		token, err := os.ReadFile(p.KubernetesServiceAccountTokenFile)
 		if err != nil {
 			return fmt.Errorf("config: failed to load kubernetes service account token: %w", err)
 		}
--- a/databroker/cache_test.go
+++ b/databroker/cache_test.go
@ -1,7 +1,6 @@
 package databroker

 import (
-	"io/ioutil"
 	"log"
 	"os"
 	"testing"
@ -11,7 +10,7 @@ import (
 )

 func TestNew(t *testing.T) {
-	dir, err := ioutil.TempDir("", "example")
+	dir, err := os.MkdirTemp("", "example")
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/integration/flows/flows.go
+++ b/integration/flows/flows.go
@ -4,7 +4,7 @@ package flows
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -111,7 +111,7 @@ func Authenticate(ctx context.Context, client *http.Client, url *url.URL, option
 		if err != nil {
 			return nil, err
 		}
-		bodyBytes, err := ioutil.ReadAll(res.Body)
+		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/autocert/manager_test.go
+++ b/internal/autocert/manager_test.go
@ -13,7 +13,6 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"math/big"
 	"net"
 	"net/http"
@ -548,7 +547,7 @@ func Test_configureTrustedRoots(t *testing.T) {
 			require.NoError(t, err)
 			ok := copy.AppendCertsFromPEM(ca.certPEM)
 			require.Equal(t, true, ok)
-			f, err := ioutil.TempFile("", "pomerium-test-ca")
+			f, err := os.CreateTemp("", "pomerium-test-ca")
 			require.NoError(t, err)
 			n, err := f.Write(ca.certPEM)
 			require.NoError(t, err)
--- a/internal/cmd/pomerium/pomerium_test.go
+++ b/internal/cmd/pomerium/pomerium_test.go
@ -2,7 +2,6 @@ package pomerium

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"testing"
 	"time"
@ -112,7 +111,7 @@ func Test_run(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			tmpFile, err := ioutil.TempFile(os.TempDir(), "*.json")
+			tmpFile, err := os.CreateTemp(os.TempDir(), "*.json")
 			if err != nil {
 				t.Fatal("Cannot create temporary file", err)
 			}
--- a/internal/directory/okta/okta.go
+++ b/internal/directory/okta/okta.go
@ -8,7 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"sort"
@ -383,7 +382,7 @@ func newAPIError(res *http.Response) error {
 	if res == nil {
 		return nil
 	}
-	buf, _ := ioutil.ReadAll(io.LimitReader(res.Body, readLimit)) // limit to 100kb
+	buf, _ := io.ReadAll(io.LimitReader(res.Body, readLimit)) // limit to 100kb

 	err := &APIError{
 		HTTPStatusCode: res.StatusCode,
--- a/internal/envoy/envoy.go
+++ b/internal/envoy/envoy.go
@ -10,7 +10,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -79,7 +78,7 @@ func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Buil

 		// Checksum is written at build time, if it's not empty we verify the binary
 		if files.Checksum() != "" {
-			bs, err := ioutil.ReadFile(envoyPath)
+			bs, err := os.ReadFile(envoyPath)
 			if err != nil {
 				return nil, fmt.Errorf("error reading envoy binary for checksum verification: %w", err)
 			}
--- a/internal/envoy/envoy_linux.go
+++ b/internal/envoy/envoy_linux.go
@ -5,7 +5,7 @@ package envoy

 import (
 	"context"
-	"io/ioutil"
+	"os"
 	"strconv"
 	"sync"
 	"syscall"
@ -99,7 +99,7 @@ func (srv *Server) prepareRunEnvoyCommand(ctx context.Context, sharedArgs []stri
 }

 func readBaseID() (int, bool) {
-	bs, err := ioutil.ReadFile(baseIDPath)
+	bs, err := os.ReadFile(baseIDPath)
 	if err != nil {
 		return 0, false
 	}
--- a/internal/envoy/envoy_test.go
+++ b/internal/envoy/envoy_test.go
@ -2,7 +2,7 @@ package envoy

 import (
 	"context"
-	"io/ioutil"
+	"io"
 	"regexp"
 	"strings"
 	"testing"
@ -37,7 +37,7 @@ func TestServer_handleLogs(t *testing.T) {

 func Benchmark_handleLogs(b *testing.B) {
 	line := `[LOG_FORMAT]debug--http--[external/envoy/source/common/http/conn_manager_impl.cc:781] [C25][S14758077654018620250] request headers complete (end_stream=false):\\n\\':authority\\', \\'enabled-ws-echo.localhost.pomerium.io\\'\\n\\':path\\', \\'/\\'\\n\\':method\\', \\'GET\\'\\n\\'upgrade\\', \\'websocket\\'\\n\\'connection\\', \\'upgrade\\'\\n\\'x-request-id\\', \\'30ac7726e0b9e00a9c9ab2bf66d692ac\\'\\n\\'x-real-ip\\', \\'172.17.0.1\\'\\n\\'x-forwarded-for\\', \\'172.17.0.1\\'\\n\\'x-forwarded-host\\', \\'enabled-ws-echo.localhost.pomerium.io\\'\\n\\'x-forwarded-port\\', \\'443\\'\\n\\'x-forwarded-proto\\', \\'https\\'\\n\\'x-scheme\\', \\'https\\'\\n\\'user-agent\\', \\'Go-http-client/1.1\\'\\n\\'sec-websocket-key\\', \\'4bh7+YFVzrJiblaSu/CVfg==\\'\\n\\'sec-websocket-version\\', \\'13\\'`
-	rc := ioutil.NopCloser(strings.NewReader(line))
+	rc := io.NopCloser(strings.NewReader(line))
 	srv := &Server{}
 	zerolog.SetGlobalLevel(zerolog.InfoLevel)

--- a/internal/fileutil/watcher_test.go
+++ b/internal/fileutil/watcher_test.go
@ -1,7 +1,6 @@
 package fileutil

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@ -18,7 +17,7 @@ func TestWatcher(t *testing.T) {
 		return
 	}

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "test1.txt"), []byte{1, 2, 3, 4}, 0o666)
+	err = os.WriteFile(filepath.Join(tmpdir, "test1.txt"), []byte{1, 2, 3, 4}, 0o666)
 	if !assert.NoError(t, err) {
 		return
 	}
@ -29,7 +28,7 @@ func TestWatcher(t *testing.T) {
 	ch := w.Bind()
 	defer w.Unbind(ch)

-	err = ioutil.WriteFile(filepath.Join(tmpdir, "test1.txt"), []byte{5, 6, 7, 8}, 0o666)
+	err = os.WriteFile(filepath.Join(tmpdir, "test1.txt"), []byte{5, 6, 7, 8}, 0o666)
 	if !assert.NoError(t, err) {
 		return
 	}
--- a/internal/httputil/client.go
+++ b/internal/httputil/client.go
@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"time"
@ -124,7 +123,7 @@ func Do(ctx context.Context, method, endpoint, userAgent string, headers map[str
 	}

 	var respBody []byte
-	respBody, err = ioutil.ReadAll(resp.Body)
+	respBody, err = io.ReadAll(resp.Body)
 	defer resp.Body.Close()
 	if err != nil {
 		return err
--- a/internal/httputil/reproxy/reproxy_test.go
+++ b/internal/httputil/reproxy/reproxy_test.go
@ -3,7 +3,6 @@ package reproxy
 import (
 	"context"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -30,7 +29,7 @@ func TestMiddleware(t *testing.T) {
 		res, err := http.Get(srv.URL)
 		require.NoError(t, err)

-		body, err := ioutil.ReadAll(res.Body)
+		body, err := io.ReadAll(res.Body)
 		require.NoError(t, err)
 		res.Body.Close()

@ -72,7 +71,7 @@ func TestMiddleware(t *testing.T) {
 		res, err := http.DefaultClient.Do(req)
 		require.NoError(t, err)

-		body, err := ioutil.ReadAll(res.Body)
+		body, err := io.ReadAll(res.Body)
 		require.NoError(t, err)
 		res.Body.Close()

--- a/internal/httputil/server_test.go
+++ b/internal/httputil/server_test.go
@ -3,7 +3,7 @@ package httputil
 import (
 	"crypto/tls"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
@ -108,7 +108,7 @@ func TestNewServer(t *testing.T) {
 				if err != nil {
 					log.Fatal(err)
 				}
-				greeting, err := ioutil.ReadAll(res.Body)
+				greeting, err := io.ReadAll(res.Body)
 				res.Body.Close()
 				if err != nil {
 					log.Fatal(err)
--- a/internal/identity/oidc/azure/microsoft.go
+++ b/internal/identity/oidc/azure/microsoft.go
@ -8,7 +8,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"

 	go_oidc "github.com/coreos/go-oidc/v3/oidc"
@ -110,7 +110,7 @@ func (transport *wellKnownConfiguration) RoundTrip(req *http.Request) (*http.Res
 	}
 	defer res.Body.Close()

-	bs, err := ioutil.ReadAll(res.Body)
+	bs, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}
@ -125,6 +125,6 @@ func (transport *wellKnownConfiguration) RoundTrip(req *http.Request) (*http.Res
 		bs, _ = json.Marshal(wk)
 	}

-	res.Body = ioutil.NopCloser(bytes.NewReader(bs))
+	res.Body = io.NopCloser(bytes.NewReader(bs))
 	return res, nil
 }
--- a/internal/identity/oidc/userinfo.go
+++ b/internal/identity/oidc/userinfo.go
@ -5,7 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strconv"
 	"strings"
@ -47,7 +47,7 @@ func (transport *userInfoRoundTripper) RoundTrip(req *http.Request) (*http.Respo
 	}
 	defer res.Body.Close()

-	bs, err := ioutil.ReadAll(res.Body)
+	bs, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}
@ -68,6 +68,6 @@ func (transport *userInfoRoundTripper) RoundTrip(req *http.Request) (*http.Respo
 		bs, _ = json.Marshal(userInfo)
 	}

-	res.Body = ioutil.NopCloser(bytes.NewReader(bs))
+	res.Body = io.NopCloser(bytes.NewReader(bs))
 	return res, nil
 }
--- a/internal/telemetry/metrics/http_test.go
+++ b/internal/telemetry/metrics/http_test.go
@ -4,7 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@ -178,7 +178,7 @@ func Test_HTTPMetricsRoundTripper(t *testing.T) {
 			req, _ := http.NewRequest(tt.verb, tt.url, new(bytes.Buffer))
 			resp, err := client.Do(req)
 			// must be done to record()
-			ioutil.ReadAll(resp.Body)
+			io.ReadAll(resp.Body)

 			t.Logf("response: %#v, %#v\n\n", resp, err)
 			testDataRetrieval(HTTPClientRequestSizeView, t, tt.wanthttpClientRequestSize)
--- a/internal/telemetry/metrics/providers_test.go
+++ b/internal/telemetry/metrics/providers_test.go
@ -1,7 +1,7 @@
 package metrics

 import (
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -37,7 +37,7 @@ func getMetrics(t *testing.T, envoyURL *url.URL) []byte {
 	h.ServeHTTP(rec, req)

 	resp := rec.Result()
-	b, _ := ioutil.ReadAll(resp.Body)
+	b, _ := io.ReadAll(resp.Body)

 	if resp == nil || resp.StatusCode != 200 {
 		t.Errorf("Metrics endpoint failed to respond: %s", b)
--- a/internal/tests/xdserr/health.go
+++ b/internal/tests/xdserr/health.go
@ -3,7 +3,7 @@ package xdserr
 import (
 	"context"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"

@ -40,7 +40,7 @@ func checkHealth(ctx context.Context, client *http.Client, addr string) error {
 	}
 	defer resp.Body.Close()

-	if _, err = ioutil.ReadAll(resp.Body); err != nil {
+	if _, err = io.ReadAll(resp.Body); err != nil {
 		return err
 	}
 	if resp.StatusCode != http.StatusOK {
--- a/internal/testutil/redis.go
+++ b/internal/testutil/redis.go
@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@ -317,7 +316,7 @@ func RedisTLSConfig() *tls.Config {
 		panic(err)
 	}
 	caCertPool := x509.NewCertPool()
-	caCert, err := ioutil.ReadFile(filepath.Join(TestDataRoot(), "tls", "ca.crt"))
+	caCert, err := os.ReadFile(filepath.Join(TestDataRoot(), "tls", "ca.crt"))
 	if err != nil {
 		panic(err)
 	}
--- a/internal/tripper/chain_test.go
+++ b/internal/tripper/chain_test.go
@ -2,7 +2,7 @@ package tripper

 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@ -28,7 +28,7 @@ func mockMiddleware(id string) func(next http.RoundTripper) http.RoundTripper {
 		return RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
 			resp, _ := next.RoundTrip(r)

-			body, _ := ioutil.ReadAll(resp.Body)
+			body, _ := io.ReadAll(resp.Body)
 			mockResp := httptest.NewRecorder()
 			mockResp.Write(body)
 			mockResp.WriteString(fmt.Sprintf(",%s", id))
@ -52,7 +52,7 @@ func TestNew(t *testing.T) {
 		t.Errorf("Wrong number of constructors in chain")
 	}

-	b, _ := ioutil.ReadAll(resp.Body)
+	b, _ := io.ReadAll(resp.Body)
 	if string(b) != want {
 		t.Errorf("Wrong constructors.  want=%s, got=%s", want, b)
 	}
@ -66,7 +66,7 @@ func TestThenNoMiddleware(t *testing.T) {
 	resp, _ := chain.Then(t1).
 		RoundTrip(httptest.NewRequest("GET", "/", nil))

-	b, _ := ioutil.ReadAll(resp.Body)
+	b, _ := io.ReadAll(resp.Body)
 	if string(b) != want {
 		t.Errorf("Wrong constructors.  want=%s, got=%s", want, b)
 	}
@ -95,7 +95,7 @@ func TestAppend(t *testing.T) {
 		t.Errorf("Wrong number of constructors in chain")
 	}

-	b, _ := ioutil.ReadAll(resp.Body)
+	b, _ := io.ReadAll(resp.Body)
 	if string(b) != want {
 		t.Errorf("Wrong constructors.  want=%s, got=%s", want, b)
 	}
@ -114,7 +114,7 @@ func TestAppendImmutability(t *testing.T) {
 	resp, _ := chain.Then(t1).
 		RoundTrip(httptest.NewRequest("GET", "/", nil))

-	b, _ := ioutil.ReadAll(resp.Body)
+	b, _ := io.ReadAll(resp.Body)
 	if string(b) != want {
 		t.Errorf("Wrong constructors.  want=%s, got=%s", want, b)
 	}
--- a/pkg/cryptutil/hash_test.go
+++ b/pkg/cryptutil/hash_test.go
@ -5,7 +5,6 @@ import (
 	"crypto/sha512"
 	"encoding/hex"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"testing"

@ -39,7 +38,7 @@ func TestPasswordHashing(t *testing.T) {

 // Benchmarks SHA256 on 16K of random data.
 func BenchmarkSHA256(b *testing.B) {
-	data, err := ioutil.ReadFile("testdata/random")
+	data, err := os.ReadFile("testdata/random")
 	if err != nil {
 		b.Fatal(err)
 	}
@ -51,7 +50,7 @@ func BenchmarkSHA256(b *testing.B) {

 // Benchmarks SHA512/256 on 16K of random data.
 func BenchmarkSHA512_256(b *testing.B) {
-	data, err := ioutil.ReadFile("testdata/random")
+	data, err := os.ReadFile("testdata/random")
 	if err != nil {
 		b.Fatal(err)
 	}
@ -73,7 +72,7 @@ func BenchmarkBcrypt(b *testing.B) {

 func ExampleHash() {
 	tag := "hashing file for lookup key"
-	contents, err := ioutil.ReadFile("testdata/random")
+	contents, err := os.ReadFile("testdata/random")
 	if err != nil {
 		fmt.Printf("could not read file: %v\n", err)
 		os.Exit(1)
--- a/pkg/cryptutil/tls.go
+++ b/pkg/cryptutil/tls.go
@ -6,7 +6,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"fmt"
-	"io/ioutil"
+	"os"

 	"github.com/caddyserver/certmagic"

@ -32,7 +32,7 @@ func GetCertPool(ca, caFile string) (*x509.CertPool, error) {
 			return nil, fmt.Errorf("failed to decode base64-encoded certificate authority: %w", err)
 		}
 	} else {
-		data, err = ioutil.ReadFile(caFile)
+		data, err = os.ReadFile(caFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to read certificate authority file (%s): %w", caFile, err)
 		}