diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bb25b191..b61bfe4c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - go: [ '1.15', '1.16', '1.17' ] + go: [ '1.16', '1.17' ] steps: - name: Checkout @@ -26,26 +26,8 @@ jobs: name: golangci-lint uses: golangci/golangci-lint-action@v2 with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: 'latest' - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. + version: 'v1.43.0' args: --timeout=30m - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true then the action will use pre-installed Go. - # skip-go-installation: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true - - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true - name: Test, Build id: lintTestBuild @@ -251,7 +233,7 @@ jobs: name: Update Reference id: update_refrence run: | - ./bin/step help --markdown ./docs/step-cli/reference + ./bin/step help --markdown ./docs/src/pages/docs/step-cli/reference cd ./docs git config user.email "eng@smallstep.com" git config user.name "Github Action CI" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 14e1c93d..d6fe1344 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - go: [ '1.15', '1.16', '1.17' ] + go: [ '1.16', '1.17' ] steps: - name: Checkout @@ -28,26 +28,8 @@ jobs: name: golangci-lint uses: golangci/golangci-lint-action@v2 with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: 'latest' - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. + version: 'v1.43.0' args: --timeout=30m - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true then the action will use pre-installed Go. - # skip-go-installation: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true - - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true - name: Test, Build id: lintTestBuild @@ -55,7 +37,8 @@ jobs: - name: Codecov uses: codecov/codecov-action@v1.2.1 + if: matrix.go == '1.17' with: - file: ./coverage.out # optional - name: codecov-umbrella # optional - fail_ci_if_error: true # optional (default = false) + file: ./coverage.out + name: codecov-umbrella + fail_ci_if_error: true diff --git a/.golangci.yml b/.golangci.yml index 277bcd19..5c6faefb 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -71,9 +71,3 @@ issues: - should have a package comment, unless it's in another file for this package - func `CLICommand. - error strings should not be capitalized or end with punctuation or a newline -# golangci.com configuration -# https://github.com/golangci/golangci/wiki/Configuration -service: - golangci-lint-version: 1.19.x # use the fixed version to not introduce new linters unexpectedly - prepare: - - echo "here I can run custom commands, but no preparation needed for this repo" diff --git a/README.md b/README.md index fa1c880a..bdf013a8 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # Step CLI [![GitHub release](https://img.shields.io/github/release/smallstep/cli.svg)](https://github.com/smallstep/cli/releases) -[![CA Image](https://images.microbadger.com/badges/image/smallstep/step-cli.svg)](https://microbadger.com/images/smallstep/step-cli) [![Go Report Card](https://goreportcard.com/badge/github.com/smallstep/cli)](https://goreportcard.com/report/github.com/smallstep/cli) [![Build Status](https://travis-ci.com/smallstep/cli.svg?branch=master)](https://travis-ci.com/smallstep/cli) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) @@ -10,27 +9,26 @@ [![GitHub stars](https://img.shields.io/github/stars/smallstep/cli.svg?style=social)](https://github.com/smallstep/cli/stargazers) [![Twitter followers](https://img.shields.io/twitter/follow/smallsteplabs.svg?label=Follow&style=social)](https://twitter.com/intent/follow?screen_name=smallsteplabs) -`step` is a toolkit for working with your *public key infrastructure* (PKI). -It's also the client counterpart to the [`step-ca`](https://github.com/smallstep/certificates) online Certificate Authority (CA). - -Here's a quick example, combining `step oauth` and `step crypto` to get and verify the signature of a Google OAuth OIDC token: - -![Animated terminal showing step in practice](https://smallstep.com/images/blog/2018-08-07-unfurl.gif) +`step` is an easy-to-use CLI tool for building, operating, and automating Public Key Infrastructure (PKI) systems and workflows. +It's the client counterpart to the [`step-ca` online Certificate Authority (CA)](https://github.com/smallstep/certificates). +You can use it for many common crypto and X.509 operations—independently, or with a CA. **Questions? Ask us on [GitHub Discussions](https://github.com/smallstep/certificates/discussions) or [Discord](https://bit.ly/step-discord).** [Website](https://smallstep.com) | [Documentation](https://smallstep.com/docs/step-cli) | [Installation](https://smallstep.com/docs/step-cli/installation) | -[Getting Started](https://smallstep.com/docs/step-cli/basic-crypto-operations) | +[Basic Crypto Operations](https://smallstep.com/docs/step-cli/basic-crypto-operations) | [Contributor's Guide](./docs/CONTRIBUTING.md) ## Features -Step CLI's command groups illustrate some of its uses: +Step CLI's command groups illustrate its wide-ranging uses: + - [`step certificate`](https://smallstep.com/docs/step-cli/reference/certificate/): Work with X.509 (TLS/HTTPS) certificates. - Create, revoke, validate, lint, and bundle X.509 certificates. - Install (and remove) X.509 certificates into your system's (and brower's) trust store. + - Validate certificate deployment and renewal status for automation - Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs) - [Sign CSRs](https://smallstep.com/docs/step-cli/reference/certificate/sign/) - Create [RFC5280](https://tools.ietf.org/html/rfc5280) and [CA/Browser Forum](https://cabforum.org/baseline-requirements-documents/)-compliant certificates that work for TLS and HTTPS @@ -45,6 +43,7 @@ Step CLI's command groups illustrate some of its uses: - Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties - [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by [`step-ca`](https://github.com/smallstep/certificates) - [Submit CSRs](https://smallstep.com/docs/step-cli/reference/ca/sign/) to be signed by [`step-ca`](https://github.com/smallstep/certificates) + - With an ACME CA, `step` supports the `http-01` challenge type - [`step crypto`](https://smallstep.com/docs/step-cli/reference/crypto/): A general-purpose crypto toolkit - Work with [JWTs](https://jwt.io) ([RFC7519](https://tools.ietf.org/html/rfc7519)) and [other JOSE constructs](https://datatracker.ietf.org/wg/jose/documents/) @@ -57,10 +56,12 @@ Step CLI's command groups illustrate some of its uses: signing - [Apply key derivation functions](https://smallstep.com/docs/step-cli/reference/crypto/kdf/) (KDFs) and [verify passwords](https://smallstep.com/docs/step-cli/reference/crypto/kdf/compare/) using `scrypt`, `bcrypt`, and `argo2` - Generate and check [file hashes](https://smallstep.com/docs/step-cli/reference/crypto/hash/) + - [`step oauth`](https://smallstep.com/docs/step-cli/reference/oauth/): Add an OAuth 2.0 single sign-on flow to any CLI application. - Supports OAuth authorization code, out-of-band (OOB), JWT bearer, and refresh token flows - Get OAuth access tokens and OIDC identity tokens at the command line from any provider. - Verify OIDC identity tokens (`step crypto jwt verify`) + - [`step ssh`](https://smallstep.com/docs/step-cli/reference/ssh/): Create and manage SSH certificates (requires an online or offline [`step-ca`](https://github.com/smallstep/certificates) instance) - Generate SSH user and host key pairs and short-lived certificates - Add and remove certificates to the SSH agent @@ -71,6 +72,12 @@ Step CLI's command groups illustrate some of its uses: See our installation docs [here](https://smallstep.com/docs/step-cli/installation). +## Example + +Here's a quick example, combining `step oauth` and `step crypto` to get and verify the signature of a Google OAuth OIDC token: + +![Animated terminal showing step in practice](https://smallstep.com/images/blog/2018-08-07-unfurl.gif) + ## Community * Connect with `step` users on [GitHub Discussions](https://github.com/smallstep/certificates/discussions) or [Discord](https://bit.ly/step-discord) diff --git a/command/ca/init.go b/command/ca/init.go index 0e237f37..c5d98be8 100644 --- a/command/ca/init.go +++ b/command/ca/init.go @@ -724,7 +724,7 @@ func promptDeploymentType(ctx *cli.Context, isRA bool) (pki.DeploymentType, erro ui.WithSelectTemplates(&promptui.SelectTemplates{ Active: fmt.Sprintf("%s {{ printf \"%%s - %%s\" .Name .Description | underline }}", ui.IconSelect), Inactive: " {{ .Name }} - {{ .Description }}", - Selected: fmt.Sprintf(`{{ "%s" | green }} {{ "Deployment Type:" | bold }} {{ .Name }}`, ui.IconGood), + Selected: fmt.Sprintf(`{{ %q | green }} {{ "Deployment Type:" | bold }} {{ .Name }}`, ui.IconGood), })) if err != nil { return 0, err diff --git a/command/ca/provisioner/add.go b/command/ca/provisioner/add.go index 2d463fe2..898b3ddf 100644 --- a/command/ca/provisioner/add.go +++ b/command/ca/provisioner/add.go @@ -6,8 +6,8 @@ import ( "crypto/rsa" "crypto/x509" "encoding/pem" - "io/ioutil" "net/url" + "os" "strings" "github.com/pkg/errors" @@ -662,7 +662,7 @@ func addK8sSAProvisioner(ctx *cli.Context, name string, provMap map[string]bool) return nil, errs.RequiredWithFlagValue(ctx, "type", "k8sSA", "pem-keys") } - pemKeysB, err := ioutil.ReadFile(pemKeysF) + pemKeysB, err := os.ReadFile(pemKeysF) if err != nil { return nil, errors.Wrap(err, "error reading pem keys") } diff --git a/command/ca/provisionerbeta/add.go b/command/ca/provisionerbeta/add.go index 1dfad8b5..0b7f1c4c 100644 --- a/command/ca/provisionerbeta/add.go +++ b/command/ca/provisionerbeta/add.go @@ -9,8 +9,8 @@ import ( "encoding/json" "encoding/pem" "fmt" - "io/ioutil" "net/url" + "os" "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" @@ -473,7 +473,7 @@ func createJWKDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) { if ctx.IsSet("private-key") { jwkFile = ctx.String("private-key") - b, err := ioutil.ReadFile(jwkFile) + b, err := os.ReadFile(jwkFile) if err != nil { return nil, errors.Wrapf(err, "error reading %s", jwkFile) } @@ -587,7 +587,7 @@ func createK8SSADetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) return nil, errs.RequiredWithFlagValue(ctx, "type", "k8sSA", "public-key") } - pemKeysB, err := ioutil.ReadFile(pemKeysF) + pemKeysB, err := os.ReadFile(pemKeysF) if err != nil { return nil, errors.Wrap(err, "error reading pem keys") } diff --git a/command/ca/provisionerbeta/update.go b/command/ca/provisionerbeta/update.go index 26f9d11a..76f02df8 100644 --- a/command/ca/provisionerbeta/update.go +++ b/command/ca/provisionerbeta/update.go @@ -9,8 +9,8 @@ import ( "encoding/json" "encoding/pem" "fmt" - "io/ioutil" "net/url" + "os" "github.com/pkg/errors" "github.com/smallstep/certificates/ca" @@ -511,7 +511,7 @@ func updateJWKDetails(ctx *cli.Context, p *linkedca.Provisioner) error { if ctx.IsSet("private-key") { jwkFile := ctx.String("private-key") - b, err := ioutil.ReadFile(jwkFile) + b, err := os.ReadFile(jwkFile) if err != nil { return errors.Wrapf(err, "error reading %s", jwkFile) } @@ -619,7 +619,7 @@ func updateK8SSADetails(ctx *cli.Context, p *linkedca.Provisioner) error { details := data.K8SSA if ctx.IsSet("public-key") { pemKeysF := ctx.String("public-key") - pemKeysB, err := ioutil.ReadFile(pemKeysF) + pemKeysB, err := os.ReadFile(pemKeysF) if err != nil { return errors.Wrap(err, "error reading pem keys") } diff --git a/command/ca/rekey.go b/command/ca/rekey.go index 08fd4ad8..35b07fa7 100644 --- a/command/ca/rekey.go +++ b/command/ca/rekey.go @@ -2,8 +2,8 @@ package ca import ( "crypto" - "io/ioutil" "math/rand" + "os" "strconv" "strings" "syscall" @@ -267,7 +267,7 @@ func rekeyCertificateAction(ctx *cli.Context) error { pidFile := ctx.String("pid-file") if len(pidFile) > 0 { - pidB, err := ioutil.ReadFile(pidFile) + pidB, err := os.ReadFile(pidFile) if err != nil { return errs.FileError(err, pidFile) } diff --git a/command/ca/renew.go b/command/ca/renew.go index e8674294..1c612580 100644 --- a/command/ca/renew.go +++ b/command/ca/renew.go @@ -6,7 +6,6 @@ import ( "crypto/tls" "crypto/x509" "encoding/pem" - "io/ioutil" "log" "math/rand" "net/http" @@ -248,7 +247,7 @@ func renewCertificateAction(ctx *cli.Context) error { pidFile := ctx.String("pid-file") if len(pidFile) > 0 { - pidB, err := ioutil.ReadFile(pidFile) + pidB, err := os.ReadFile(pidFile) if err != nil { return errs.FileError(err, pidFile) } diff --git a/command/ca/revoke.go b/command/ca/revoke.go index 395a371f..21aafbbb 100644 --- a/command/ca/revoke.go +++ b/command/ca/revoke.go @@ -4,7 +4,6 @@ import ( "crypto/tls" "crypto/x509" "encoding/pem" - "io/ioutil" "net/http" "os" "strconv" @@ -405,7 +404,7 @@ func (f *revokeFlow) Revoke(ctx *cli.Context, serial, token string) error { if token == "" { certFile, keyFile := ctx.String("cert"), ctx.String("key") - certPEMBytes, err := ioutil.ReadFile(certFile) + certPEMBytes, err := os.ReadFile(certFile) if err != nil { return errors.Wrap(err, "error reading certificate") } diff --git a/command/certificate/bundle.go b/command/certificate/bundle.go index 676d6c37..878312e0 100644 --- a/command/certificate/bundle.go +++ b/command/certificate/bundle.go @@ -2,7 +2,7 @@ package certificate import ( "encoding/pem" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/smallstep/cli/flags" @@ -55,7 +55,7 @@ func bundleAction(ctx *cli.Context) error { } crtFile := ctx.Args().Get(0) - crtBytes, err := ioutil.ReadFile(crtFile) + crtBytes, err := os.ReadFile(crtFile) if err != nil { return errs.FileError(err, crtFile) } @@ -65,7 +65,7 @@ func bundleAction(ctx *cli.Context) error { } caFile := ctx.Args().Get(1) - caBytes, err := ioutil.ReadFile(caFile) + caBytes, err := os.ReadFile(caFile) if err != nil { return errs.FileError(err, caFile) } diff --git a/command/certificate/lint.go b/command/certificate/lint.go index 57440dea..c95820a8 100644 --- a/command/certificate/lint.go +++ b/command/certificate/lint.go @@ -3,7 +3,6 @@ package certificate import ( "encoding/json" "encoding/pem" - "io/ioutil" "os" "github.com/pkg/errors" @@ -117,7 +116,7 @@ func lintAction(ctx *cli.Context) error { Bytes: crt.Raw, } default: // is not URL - crtBytes, err := ioutil.ReadFile(crtFile) + crtBytes, err := os.ReadFile(crtFile) if err != nil { return errs.FileError(err, crtFile) } diff --git a/command/certificate/verify.go b/command/certificate/verify.go index 08918bf3..94424c43 100644 --- a/command/certificate/verify.go +++ b/command/certificate/verify.go @@ -3,7 +3,7 @@ package certificate import ( "crypto/x509" "encoding/pem" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/smallstep/cli/crypto/x509util" @@ -120,7 +120,7 @@ func verifyAction(ctx *cli.Context) error { intermediatePool.AddCert(pc) } default: - crtBytes, err := ioutil.ReadFile(crtFile) + crtBytes, err := os.ReadFile(crtFile) if err != nil { return errs.FileError(err, crtFile) } diff --git a/command/command.go b/command/command.go index 03e6f0a1..7d249572 100644 --- a/command/command.go +++ b/command/command.go @@ -3,7 +3,6 @@ package command import ( "encoding/json" "fmt" - "io/ioutil" "os" "reflect" "strings" @@ -63,7 +62,7 @@ func getConfigVars(ctx *cli.Context) error { configFile = step.DefaultsFile() } - b, err := ioutil.ReadFile(configFile) + b, err := os.ReadFile(configFile) if err != nil { return nil } diff --git a/command/crypto/change-pass.go b/command/crypto/change-pass.go index eeacc15c..d56adf16 100644 --- a/command/crypto/change-pass.go +++ b/command/crypto/change-pass.go @@ -4,7 +4,7 @@ import ( "bytes" "encoding/json" "fmt" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/urfave/cli" @@ -109,7 +109,7 @@ func changePassAction(ctx *cli.Context) error { newKeyPath = keyPath } - b, err := ioutil.ReadFile(keyPath) + b, err := os.ReadFile(keyPath) if err != nil { return errs.FileError(err, keyPath) } diff --git a/command/crypto/hash/hash.go b/command/crypto/hash/hash.go index 9e7f9d58..cc13d63f 100644 --- a/command/crypto/hash/hash.go +++ b/command/crypto/hash/hash.go @@ -11,7 +11,6 @@ import ( "fmt" "hash" "io" - "io/ioutil" "os" "path" "strings" @@ -320,7 +319,7 @@ func hashFile(h hash.Hash, filename string) ([]byte, error) { // 3. return sum func hashDir(hc hashConstructor, dirname string) ([]byte, error) { // ReadDir returns the entries sorted by filename - files, err := ioutil.ReadDir(dirname) + dirEntries, err := os.ReadDir(dirname) if err != nil { return nil, errs.FileError(err, dirname) } @@ -336,7 +335,11 @@ func hashDir(hc hashConstructor, dirname string) ([]byte, error) { h := hc() binary.LittleEndian.PutUint32(mode, uint32(st.Mode())) h.Write(mode) - for _, fi := range files { + for _, dirEntry := range dirEntries { + fi, err := dirEntry.Info() + if err != nil { + return nil, errs.FileError(err, dirEntry.Name()) + } name := path.Join(dirname, fi.Name()) switch { case fi.IsDir(): diff --git a/command/crypto/jose/jose.go b/command/crypto/jose/jose.go index 2d870981..d968a0fd 100644 --- a/command/crypto/jose/jose.go +++ b/command/crypto/jose/jose.go @@ -2,7 +2,7 @@ package jose import ( "fmt" - "io/ioutil" + "io" "os" "regexp" "strings" @@ -65,7 +65,7 @@ $ step crypto jwt sign --key p256.priv.json --iss "joe" --aud "bob" \ } func formatAction(ctx *cli.Context) error { - input, err := ioutil.ReadAll(os.Stdin) + input, err := io.ReadAll(os.Stdin) if err != nil { return errors.Wrap(err, "error reading input") } diff --git a/command/crypto/jwk/keyset.go b/command/crypto/jwk/keyset.go index e7773d3e..94f015bd 100644 --- a/command/crypto/jwk/keyset.go +++ b/command/crypto/jwk/keyset.go @@ -4,7 +4,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "os" "syscall" @@ -124,7 +123,7 @@ func keysetAddAction(ctx *cli.Context) error { return err } - b, err := ioutil.ReadAll(os.Stdin) + b, err := io.ReadAll(os.Stdin) if err != nil { return errors.Wrap(err, "error reading STDIN") } @@ -256,7 +255,7 @@ func rwLockKeySet(filename string) (jwks *jose.JSONWebKeySet, writeFunc func(boo // Read key set var b []byte - b, err = ioutil.ReadAll(f) + b, err = io.ReadAll(f) if err != nil { err = errors.Wrapf(err, "error reading %s", filename) return diff --git a/command/crypto/jwk/public.go b/command/crypto/jwk/public.go index 8417f913..bfd588b3 100644 --- a/command/crypto/jwk/public.go +++ b/command/crypto/jwk/public.go @@ -3,7 +3,7 @@ package jwk import ( "encoding/json" "fmt" - "io/ioutil" + "io" "os" "github.com/pkg/errors" @@ -25,7 +25,7 @@ For examples, see **step help crypto jwk**.`, } func publicAction(ctx *cli.Context) error { - b, err := ioutil.ReadAll(os.Stdin) + b, err := io.ReadAll(os.Stdin) if err != nil { return errors.Wrap(err, "error reading from STDIN") } diff --git a/command/crypto/jwk/thumbprint.go b/command/crypto/jwk/thumbprint.go index e7d6d931..5103f0cb 100644 --- a/command/crypto/jwk/thumbprint.go +++ b/command/crypto/jwk/thumbprint.go @@ -5,7 +5,7 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" + "io" "os" "github.com/pkg/errors" @@ -28,7 +28,7 @@ For examples, see **step help crypto jwk**.`, } func thumbprintAction(ctx *cli.Context) error { - b, err := ioutil.ReadAll(os.Stdin) + b, err := io.ReadAll(os.Stdin) if err != nil { return errors.Wrap(err, "error reading from STDIN") } diff --git a/command/crypto/jws/sign.go b/command/crypto/jws/sign.go index a4e11085..07bcafe6 100644 --- a/command/crypto/jws/sign.go +++ b/command/crypto/jws/sign.go @@ -2,7 +2,6 @@ package jws import ( "fmt" - "io/ioutil" "os" "strings" @@ -361,7 +360,7 @@ func readPayload(filename string) ([]byte, error) { case "-": return utils.ReadAll(os.Stdin) default: - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } diff --git a/command/crypto/jwt/sign.go b/command/crypto/jwt/sign.go index a26d85f5..2ab64d0c 100644 --- a/command/crypto/jwt/sign.go +++ b/command/crypto/jwt/sign.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "os" "strings" "time" @@ -467,7 +466,7 @@ func readPayload(filename string) (interface{}, error) { case "-": r = os.Stdin default: - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } diff --git a/command/crypto/nacl/auth.go b/command/crypto/nacl/auth.go index cd37ffa8..4507d757 100644 --- a/command/crypto/nacl/auth.go +++ b/command/crypto/nacl/auth.go @@ -3,7 +3,7 @@ package nacl import ( "encoding/hex" "fmt" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/smallstep/cli/utils" @@ -107,7 +107,7 @@ func authDigestAction(ctx *cli.Context) error { keyFile := ctx.Args().Get(0) - key, err := ioutil.ReadFile(keyFile) + key, err := os.ReadFile(keyFile) if err != nil { return errs.FileError(err, keyFile) } else if len(key) != auth.KeySize { @@ -135,7 +135,7 @@ func authVerifyAction(ctx *cli.Context) error { args := ctx.Args() keyFile, digest := args[0], args[1] - key, err := ioutil.ReadFile(keyFile) + key, err := os.ReadFile(keyFile) if err != nil { return errs.FileError(err, keyFile) } else if len(key) != auth.KeySize { diff --git a/command/crypto/nacl/box.go b/command/crypto/nacl/box.go index c082a894..3f191040 100644 --- a/command/crypto/nacl/box.go +++ b/command/crypto/nacl/box.go @@ -3,7 +3,6 @@ package nacl import ( "crypto/rand" "fmt" - "io/ioutil" "os" "github.com/pkg/errors" @@ -248,14 +247,14 @@ func boxOpenAction(ctx *cli.Context) error { return errors.New("nonce cannot be longer than 24 bytes") } - pub, err := ioutil.ReadFile(pubFile) + pub, err := os.ReadFile(pubFile) if err != nil { return errs.FileError(err, pubFile) } else if len(pub) != 32 { return errors.New("invalid public key: key size is not 32 bytes") } - priv, err := ioutil.ReadFile(privFile) + priv, err := os.ReadFile(privFile) if err != nil { return errs.FileError(err, privFile) } else if len(priv) != 32 { @@ -314,14 +313,14 @@ func boxSealAction(ctx *cli.Context) error { return errors.New("nonce cannot be longer than 24 bytes") } - pub, err := ioutil.ReadFile(pubFile) + pub, err := os.ReadFile(pubFile) if err != nil { return errs.FileError(err, pubFile) } else if len(pub) != 32 { return errors.New("invalid public key: key size is not 32 bytes") } - priv, err := ioutil.ReadFile(privFile) + priv, err := os.ReadFile(privFile) if err != nil { return errs.FileError(err, privFile) } else if len(priv) != 32 { diff --git a/command/crypto/nacl/secretbox.go b/command/crypto/nacl/secretbox.go index fdf37a99..ff8fc853 100644 --- a/command/crypto/nacl/secretbox.go +++ b/command/crypto/nacl/secretbox.go @@ -2,7 +2,6 @@ package nacl import ( "fmt" - "io/ioutil" "os" "github.com/pkg/errors" @@ -158,7 +157,7 @@ func secretboxOpenAction(ctx *cli.Context) error { return errors.New("nonce cannot be longer than 24 bytes") } - key, err := ioutil.ReadFile(keyFile) + key, err := os.ReadFile(keyFile) if err != nil { return errs.FileError(err, keyFile) } else if len(key) != 32 { @@ -216,7 +215,7 @@ func secretboxSealAction(ctx *cli.Context) error { return errors.New("nonce cannot be longer than 24 bytes") } - key, err := ioutil.ReadFile(keyFile) + key, err := os.ReadFile(keyFile) if err != nil { return errs.FileError(err, keyFile) } else if len(key) != 32 { diff --git a/command/crypto/nacl/sign.go b/command/crypto/nacl/sign.go index d49a812d..9bc0c51a 100644 --- a/command/crypto/nacl/sign.go +++ b/command/crypto/nacl/sign.go @@ -3,7 +3,6 @@ package nacl import ( "crypto/rand" "fmt" - "io/ioutil" "os" "github.com/pkg/errors" @@ -155,7 +154,7 @@ func signOpenAction(ctx *cli.Context) error { } pubFile := ctx.Args().Get(0) - pub, err := ioutil.ReadFile(pubFile) + pub, err := os.ReadFile(pubFile) if err != nil { return errs.FileError(err, pubFile) } else if len(pub) != 32 { @@ -199,7 +198,7 @@ func signSignAction(ctx *cli.Context) error { } privFile := ctx.Args().Get(0) - priv, err := ioutil.ReadFile(privFile) + priv, err := os.ReadFile(privFile) if err != nil { return errs.FileError(err, privFile) } else if len(priv) != 64 { diff --git a/command/crypto/otp/verify.go b/command/crypto/otp/verify.go index fee11a6e..864e44fe 100644 --- a/command/crypto/otp/verify.go +++ b/command/crypto/otp/verify.go @@ -2,7 +2,6 @@ package otp import ( "fmt" - "io/ioutil" "net/url" "os" "strconv" @@ -89,7 +88,7 @@ func verifyAction(ctx *cli.Context) error { } secretFile = args[0] } - b, err := ioutil.ReadFile(secretFile) + b, err := os.ReadFile(secretFile) if err != nil { return errs.FileError(err, secretFile) } diff --git a/command/crypto/winpe/winpe_test.go b/command/crypto/winpe/winpe_test.go index ddf0cea5..9e382635 100644 --- a/command/crypto/winpe/winpe_test.go +++ b/command/crypto/winpe/winpe_test.go @@ -3,17 +3,17 @@ package winpe import ( "bytes" "encoding/base64" - "github.com/smallstep/assert" "io" - "io/ioutil" "os" "testing" + + "github.com/smallstep/assert" ) // This test will write the chrome.exe installer into a temporary file // Then it will just run the extractPE function. func TestExtract(t *testing.T) { - tmpfile, err := ioutil.TempFile("", "step-crypto-winpe-extract-chrome.*.exe") + tmpfile, err := os.CreateTemp("", "step-crypto-winpe-extract-chrome.*.exe") assert.NoError(t, err) defer os.Remove(tmpfile.Name()) defer tmpfile.Close() diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go index b7e55fe1..cb00a340 100644 --- a/command/oauth/cmd.go +++ b/command/oauth/cmd.go @@ -7,7 +7,7 @@ import ( "encoding/json" "encoding/pem" "fmt" - "io/ioutil" + "io" "net" "net/http" "net/http/httptest" @@ -300,7 +300,7 @@ func oauthCmd(c *cli.Context) error { if c.IsSet("account") { opts.Provider = "" filename := c.String("account") - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return errors.Wrapf(err, "error reading account from %s", filename) } @@ -541,7 +541,7 @@ func disco(provider string) (map[string]interface{}, error) { return nil, errors.Wrapf(err, "error retrieving %s", u.String()) } defer resp.Body.Close() - b, err := ioutil.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) if err != nil { return nil, errors.Wrapf(err, "error retrieving %s", u.String()) } @@ -866,7 +866,7 @@ func (o *oauth) implicitHandler(w http.ResponseWriter, req *http.Request) { w.Write([]byte(`Processing OAuth Request`)) w.Write([]byte(``)) w.Write([]byte(`")) w.Write([]byte(`

`)) diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go index 284ea49c..68e50ccc 100644 --- a/command/ssh/certificate.go +++ b/command/ssh/certificate.go @@ -5,8 +5,8 @@ import ( "crypto" "crypto/rand" "crypto/x509" - "io/ioutil" "net/url" + "os" "strings" "github.com/google/uuid" @@ -492,7 +492,7 @@ func marshalPublicKey(key ssh.PublicKey, subject string) []byte { func deriveMachineID() (uuid.UUID, error) { // use /etc/machine-id - machineID, err := ioutil.ReadFile("/etc/machine-id") + machineID, err := os.ReadFile("/etc/machine-id") if err != nil { return uuid.Nil, err } diff --git a/command/ssh/rekey.go b/command/ssh/rekey.go index 73174049..42d4fcb5 100644 --- a/command/ssh/rekey.go +++ b/command/ssh/rekey.go @@ -1,7 +1,7 @@ package ssh import ( - "io/ioutil" + "os" "strconv" "github.com/pkg/errors" @@ -106,7 +106,7 @@ func rekeyAction(ctx *cli.Context) error { } // Load the cert, because we need the serial number. - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) } diff --git a/command/ssh/renew.go b/command/ssh/renew.go index d2e173ac..6e1c262a 100644 --- a/command/ssh/renew.go +++ b/command/ssh/renew.go @@ -1,7 +1,7 @@ package ssh import ( - "io/ioutil" + "os" "strconv" "github.com/smallstep/certificates/ca/identity" @@ -28,10 +28,11 @@ func renewCommand() cli.Command { [**--issuer**=] [**--password-file**=] [**--force**] [**--offline**] [**--ca-config**=] [**--ca-url**=] [**--root**=] [**--context**=]`, - Description: `**step ssh renew** command renews an SSH Cerfificate + Description: `**step ssh renew** command renews an SSH Host Cerfificate using [step certificates](https://github.com/smallstep/certificates). It writes the new certificate to disk - either overwriting or -using a new file when the **--out**= flag is used. +using a new file when the **--out**= flag is used. This command cannot +be used to renew SSH User Certificates. ## POSITIONAL ARGUMENTS @@ -92,7 +93,7 @@ func renewAction(ctx *cli.Context) error { } // Load the cert, because we need the serial number. - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) } diff --git a/command/ssh/revoke.go b/command/ssh/revoke.go index 3a123686..6abd298c 100644 --- a/command/ssh/revoke.go +++ b/command/ssh/revoke.go @@ -1,7 +1,7 @@ package ssh import ( - "io/ioutil" + "os" "strconv" "github.com/pkg/errors" @@ -132,7 +132,7 @@ func revokeAction(ctx *cli.Context) error { return errors.New("--sshpop-cert and --sshpop-key must be supplied if serial number is not supplied as first argument") } // Load the cert, because we need the serial number. - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return errors.Wrapf(err, "error reading ssh certificate from %s", certFile) } diff --git a/crypto/keys/clean_test.go b/crypto/keys/clean_test.go index 219bc2dd..586849ce 100644 --- a/crypto/keys/clean_test.go +++ b/crypto/keys/clean_test.go @@ -1,7 +1,7 @@ package keys import ( - "io/ioutil" + "io" "log" "os" "testing" @@ -9,7 +9,7 @@ import ( func TestMain(m *testing.M) { // discard log output when testing - log.SetOutput(ioutil.Discard) + log.SetOutput(io.Discard) result := m.Run() diff --git a/crypto/pemutil/pem.go b/crypto/pemutil/pem.go index 183ca291..986223ec 100644 --- a/crypto/pemutil/pem.go +++ b/crypto/pemutil/pem.go @@ -11,7 +11,6 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" "math/big" "os" @@ -161,7 +160,7 @@ func WithFirstBlock() Options { // ReadCertificate returns a *x509.Certificate from the given filename. It // supports certificates formats PEM and DER. func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error) { - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } @@ -190,7 +189,7 @@ func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error // filename. It supports certificates formats PEM and DER. If a DER-formatted // file is given only one certificate will be returned. func ReadCertificateBundle(filename string) ([]*x509.Certificate, error) { - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } @@ -309,7 +308,7 @@ func ParseKey(b []byte, opts ...Options) (interface{}, error) { // keys are PKCS#1, PKCS#8, RFC5915 for EC, and base64-encoded DER for // certificates and public keys. func Read(filename string, opts ...Options) (interface{}, error) { - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } diff --git a/crypto/pemutil/pem_test.go b/crypto/pemutil/pem_test.go index a7996514..3f1f831f 100644 --- a/crypto/pemutil/pem_test.go +++ b/crypto/pemutil/pem_test.go @@ -11,7 +11,6 @@ import ( "crypto/x509/pkix" "encoding/asn1" "encoding/pem" - "io/ioutil" "math/big" "os" "reflect" @@ -125,7 +124,7 @@ var files = map[string]testdata{ func readOrParseSSH(fn string) (interface{}, error) { if strings.HasPrefix(fn, "testdata/openssh") && strings.HasSuffix(fn, ".pub.pem") { - b, err := ioutil.ReadFile(fn) + b, err := os.ReadFile(fn) if err != nil { return nil, err } @@ -288,7 +287,7 @@ func TestParsePEM(t *testing.T) { } tests := map[string]func(t *testing.T) *ParseTest{ "success-ecdsa-public-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/openssl.p256.pub.pem") + b, err := os.ReadFile("testdata/openssl.p256.pub.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -297,7 +296,7 @@ func TestParsePEM(t *testing.T) { } }, "success-rsa-public-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/openssl.rsa1024.pub.pem") + b, err := os.ReadFile("testdata/openssl.rsa1024.pub.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -306,7 +305,7 @@ func TestParsePEM(t *testing.T) { } }, "success-rsa-private-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/openssl.rsa1024.pem") + b, err := os.ReadFile("testdata/openssl.rsa1024.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -315,7 +314,7 @@ func TestParsePEM(t *testing.T) { } }, "success-ecdsa-private-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/openssl.p256.pem") + b, err := os.ReadFile("testdata/openssl.p256.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -324,7 +323,7 @@ func TestParsePEM(t *testing.T) { } }, "success-ed25519-private-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.pem") + b, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -333,7 +332,7 @@ func TestParsePEM(t *testing.T) { } }, "success-ed25519-enc-private-key": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.enc.pem") + b, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.enc.pem") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -342,7 +341,7 @@ func TestParsePEM(t *testing.T) { } }, "success-x509-crt": func(t *testing.T) *ParseTest { - b, err := ioutil.ReadFile("testdata/ca.crt") + b, err := os.ReadFile("testdata/ca.crt") assert.FatalError(t, err) return &ParseTest{ in: b, @@ -528,7 +527,7 @@ func TestSerialize(t *testing.T) { assert.Equals(t, fileInfo.Mode(), os.FileMode(0600)) // Verify that key written to file is correct var keyFileBytes []byte - keyFileBytes, err = ioutil.ReadFile(test.file) + keyFileBytes, err = os.ReadFile(test.file) assert.FatalError(t, err) pemKey, _ := pem.Decode(keyFileBytes) assert.Equals(t, pemKey.Type, "EC PRIVATE KEY") @@ -608,9 +607,9 @@ func TestParseDER(t *testing.T) { ecdsaKey := k2.(*ecdsa.PrivateKey) edKey := k3.(ed25519.PrivateKey) // Ed25519 der files - edPubDer, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.pub.der") + edPubDer, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.pub.der") assert.FatalError(t, err) - edPrivDer, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.der") + edPrivDer, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.der") assert.FatalError(t, err) toDER := func(k interface{}) []byte { @@ -671,7 +670,7 @@ func TestParseKey(t *testing.T) { continue } t.Run(fn, func(t *testing.T) { - data, err := ioutil.ReadFile(fn) + data, err := os.ReadFile(fn) assert.FatalError(t, err) if td.encrypted { key, err = ParseKey(data, WithPassword([]byte("mypassword"))) @@ -731,7 +730,7 @@ func TestParseSSH(t *testing.T) { continue } t.Run(fn, func(t *testing.T) { - data, err := ioutil.ReadFile(fn) + data, err := os.ReadFile(fn) assert.FatalError(t, err) key, err = ParseSSH(data) assert.FatalError(t, err) diff --git a/crypto/pemutil/pkcs8_test.go b/crypto/pemutil/pkcs8_test.go index b17a270b..0cdbd4ba 100644 --- a/crypto/pemutil/pkcs8_test.go +++ b/crypto/pemutil/pkcs8_test.go @@ -4,7 +4,7 @@ import ( "crypto/ed25519" "crypto/rand" "crypto/x509" - "io/ioutil" + "os" "reflect" "testing" @@ -19,7 +19,7 @@ func TestEncryptDecryptPKCS8(t *testing.T) { continue } - data, err := ioutil.ReadFile(fn) + data, err := os.ReadFile(fn) assert.FatalError(t, err) key1, err := Parse(data) @@ -74,7 +74,7 @@ func TestMarshalPKIXPublicKey(t *testing.T) { assert.FatalError(t, err) edKey, err := Read("testdata/pkcs8/openssl.ed25519.pem") assert.FatalError(t, err) - edPubDer, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.pub.der") + edPubDer, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.pub.der") assert.FatalError(t, err) type args struct { @@ -118,7 +118,7 @@ func TestMarshalPKCS8PrivateKey(t *testing.T) { assert.FatalError(t, err) edKey, err := Read("testdata/pkcs8/openssl.ed25519.pem") assert.FatalError(t, err) - edPrivDer, err := ioutil.ReadFile("testdata/pkcs8/openssl.ed25519.der") + edPrivDer, err := os.ReadFile("testdata/pkcs8/openssl.ed25519.der") assert.FatalError(t, err) type args struct { diff --git a/crypto/x509util/clean_test.go b/crypto/x509util/clean_test.go index 7de20231..01b1499d 100644 --- a/crypto/x509util/clean_test.go +++ b/crypto/x509util/clean_test.go @@ -1,7 +1,7 @@ package x509util import ( - "io/ioutil" + "io" "log" "os" "testing" @@ -9,7 +9,7 @@ import ( func TestMain(m *testing.M) { // discard log output when testing - log.SetOutput(ioutil.Discard) + log.SetOutput(io.Discard) result := m.Run() diff --git a/crypto/x509util/crt.go b/crypto/x509util/crt.go index d708e62b..caffe245 100644 --- a/crypto/x509util/crt.go +++ b/crypto/x509util/crt.go @@ -6,7 +6,6 @@ import ( "encoding/base64" "encoding/hex" "encoding/pem" - "io/ioutil" "net" "net/url" "os" @@ -94,7 +93,7 @@ func ReadCertPool(path string) (*x509.CertPool, error) { pool = x509.NewCertPool() ) if info != nil && info.IsDir() { - finfos, err := ioutil.ReadDir(path) + finfos, err := os.ReadDir(path) if err != nil { return nil, errs.FileError(err, path) } @@ -110,7 +109,7 @@ func ReadCertPool(path string) (*x509.CertPool, error) { var pems []byte for _, f := range files { - bytes, err := ioutil.ReadFile(f) + bytes, err := os.ReadFile(f) if err != nil { return nil, errs.FileError(err, f) } diff --git a/crypto/x509util/crt_test.go b/crypto/x509util/crt_test.go index 087f932f..6c020e52 100644 --- a/crypto/x509util/crt_test.go +++ b/crypto/x509util/crt_test.go @@ -3,9 +3,9 @@ package x509util import ( "crypto/x509" "encoding/pem" - "io/ioutil" "net" "net/url" + "os" "testing" "github.com/smallstep/assert" @@ -51,7 +51,7 @@ func TestEncodedFingerprint(t *testing.T) { } func mustParseCertificate(t *testing.T, filename string) *x509.Certificate { - pemData, err := ioutil.ReadFile(filename) + pemData, err := os.ReadFile(filename) if err != nil { t.Fatalf("failed to read %s: %v", filename, err) } diff --git a/crypto/x509util/identity.go b/crypto/x509util/identity.go index 81b9ce27..e0680e5e 100644 --- a/crypto/x509util/identity.go +++ b/crypto/x509util/identity.go @@ -2,7 +2,7 @@ package x509util import ( "crypto/x509" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/smallstep/cli/crypto/pemutil" @@ -30,7 +30,7 @@ func LoadIdentityFromDisk(crtPath, keyPath string, pemOpts ...pemutil.Options) ( if err != nil { return nil, errors.WithStack(err) } - keyBytes, err := ioutil.ReadFile(keyPath) + keyBytes, err := os.ReadFile(keyPath) if err != nil { return nil, errors.WithStack(err) } diff --git a/crypto/x509util/profile_test.go b/crypto/x509util/profile_test.go index a332ab2a..08adde62 100644 --- a/crypto/x509util/profile_test.go +++ b/crypto/x509util/profile_test.go @@ -11,9 +11,9 @@ import ( "crypto/x509/pkix" "encoding/asn1" "encoding/pem" - "io/ioutil" "net" "net/url" + "os" "reflect" "testing" @@ -24,7 +24,7 @@ import ( func mustParseRSAKey(t *testing.T, filename string) *rsa.PrivateKey { t.Helper() - b, err := ioutil.ReadFile("test_files/noPasscodeCa.key") + b, err := os.ReadFile("test_files/noPasscodeCa.key") if err != nil { t.Fatal(err) } @@ -41,7 +41,7 @@ func mustParseRSAKey(t *testing.T, filename string) *rsa.PrivateKey { func decodeCertificateFile(t *testing.T, filename string) *x509.Certificate { t.Helper() - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { t.Fatal(err) } diff --git a/exec/exec.go b/exec/exec.go index bdb33d34..6925e829 100644 --- a/exec/exec.go +++ b/exec/exec.go @@ -3,7 +3,6 @@ package exec import ( "bytes" "fmt" - "io/ioutil" "os" "os/exec" "os/signal" @@ -30,7 +29,7 @@ func LookPath(file string) (string, error) { // "Official" way of detecting WSL // https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364 func IsWSL() bool { - b, err := ioutil.ReadFile("/proc/sys/kernel/osrelease") + b, err := os.ReadFile("/proc/sys/kernel/osrelease") if err != nil { return false } @@ -85,7 +84,8 @@ func RunWithPid(pidFile, name string, arg ...string) { } // Write pid - f.Write([]byte(strconv.Itoa(cmd.Process.Pid))) + f.WriteString(strconv.Itoa(cmd.Process.Pid)) + f.Close() // Wait until it finishes diff --git a/go.mod b/go.mod index 8463bf17..006c5840 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/smallstep/cli -go 1.13 +go 1.16 require ( github.com/Microsoft/go-winio v0.4.14 diff --git a/integration/help_quality_test.go b/integration/help_quality_test.go index ae8bf900..2283865a 100644 --- a/integration/help_quality_test.go +++ b/integration/help_quality_test.go @@ -5,7 +5,7 @@ package integration import ( "encoding/json" "fmt" - "io/ioutil" + "os" "sort" "strings" "testing" @@ -18,7 +18,7 @@ func TestHelpQuality(t *testing.T) { cmd := NewCLICommand().setCommand("../bin/step help").setFlag("html", "./html").setFlag("report", "") cmd.run() - raw, _ := ioutil.ReadFile("./html/report.json") + raw, _ := os.ReadFile("./html/report.json") var report *usage.Report json.Unmarshal([]byte(raw), &report) diff --git a/integration/jwk_test.go b/integration/jwk_test.go index 1908c979..0b229506 100644 --- a/integration/jwk_test.go +++ b/integration/jwk_test.go @@ -6,7 +6,6 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" "os" "strconv" "testing" @@ -82,7 +81,7 @@ func (j JWKTest) test(t *testing.T, msg ...interface{}) (CLIOutput, string) { } func (j JWKTest) readJson(t *testing.T, name string) map[string]interface{} { - dat, err := ioutil.ReadFile(name) + dat, err := os.ReadFile(name) assert.FatalError(t, err) m := make(map[string]interface{}) assert.FatalError(t, json.Unmarshal(dat, &m)) @@ -256,7 +255,7 @@ func isJWE(m map[string]interface{}) bool { } func (j JWKTest) decryptJWEPayload(t *testing.T, password string) map[string]interface{} { - dat, err := ioutil.ReadFile(j.prvfile) + dat, err := os.ReadFile(j.prvfile) assert.FatalError(t, err) enc, err := jose.ParseEncrypted(string(dat)) assert.FatalError(t, err) diff --git a/integration/jwt_test.go b/integration/jwt_test.go index 58b4dccd..68e1189d 100644 --- a/integration/jwt_test.go +++ b/integration/jwt_test.go @@ -9,9 +9,9 @@ import ( "encoding/json" "encoding/pem" "fmt" - "io/ioutil" "math" "math/rand" + "os" "os/exec" "reflect" "regexp" @@ -38,7 +38,7 @@ type JWK struct { func (j JWK) jwk() (*jose.JSONWebKey, error) { jwk := new(jose.JSONWebKey) - b, err := ioutil.ReadFile(j.prvfile) + b, err := os.ReadFile(j.prvfile) if err != nil { return nil, err } @@ -67,7 +67,7 @@ func (j JWK) pem() (string, error) { } func readJSON(name string) (map[string]interface{}, error) { - dat, err := ioutil.ReadFile(name) + dat, err := os.ReadFile(name) if err != nil { return nil, err } @@ -696,11 +696,11 @@ func TestCryptoJWT(t *testing.T) { // We don't currently support JSON Serialization, Flattened JSON Serialzation, or multiple signatures // TODO: Right now these are parse failures. They should probably parse correctly and give more helpful error messages. vtst := NewJWTVerifyTest(JWK{"testdata/rsa2048.pub", "testdata/rsa2048.pem", "", true, false}).setFlag("iss", "foo").setFlag("aud", "bar").setFlag("alg", "RS256") - jwtb, _ := ioutil.ReadFile("testdata/jwt-json-serialization.json") + jwtb, _ := os.ReadFile("testdata/jwt-json-serialization.json") vtst.fail(t, "json-serialization", string(jwtb), "error parsing token: unexpected end of JSON input\n") - jwtb, _ = ioutil.ReadFile("testdata/jwt-json-serialization-flattened.json") + jwtb, _ = os.ReadFile("testdata/jwt-json-serialization-flattened.json") vtst.fail(t, "json-serialization-flattened", string(jwtb), "error parsing token: unexpected end of JSON input\n") - jwtb, _ = ioutil.ReadFile("testdata/jwt-json-serialization-multi.json") + jwtb, _ = os.ReadFile("testdata/jwt-json-serialization-multi.json") vtst.fail(t, "json-serialization-multi", string(jwtb), "error parsing token: unexpected end of JSON input\n") }) diff --git a/jose/generate_test.go b/jose/generate_test.go index 2d1575ee..d3774c2c 100644 --- a/jose/generate_test.go +++ b/jose/generate_test.go @@ -8,7 +8,6 @@ import ( "crypto/rsa" "crypto/x509" "encoding/pem" - "io/ioutil" "math/big" "os" "testing" @@ -216,7 +215,7 @@ func newCert(t *testing.T, keyUsage x509.KeyUsage) []byte { } func tempFile(t *testing.T) (_ *os.File, cleanup func()) { - f, err := ioutil.TempFile("" /* use default tmp dir */, "jose-generate-test") + f, err := os.CreateTemp("" /* use default tmp dir */, "jose-generate-test") assert.NoError(t, err) return f, func() { f.Close() diff --git a/jose/parse.go b/jose/parse.go index 824dfe6a..b8e2722d 100644 --- a/jose/parse.go +++ b/jose/parse.go @@ -11,8 +11,9 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" + "os" "strings" "time" @@ -89,7 +90,7 @@ func ParseKey(filename string, opts ...Option) (*JSONWebKey, error) { return nil, err } - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errors.Wrapf(err, "error reading %s", filename) } @@ -164,13 +165,13 @@ func ReadJWKSet(filename string) ([]byte, error) { return nil, errors.Wrapf(err, "error retrieving %s", filename) } defer resp.Body.Close() - b, err := ioutil.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) if err != nil { return nil, errors.Wrapf(err, "error retrieving %s", filename) } return b, nil } - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil { return nil, errors.Wrapf(err, "error reading %s", filename) } diff --git a/jose/validate.go b/jose/validate.go index 899c7174..9a0f0bed 100644 --- a/jose/validate.go +++ b/jose/validate.go @@ -8,7 +8,7 @@ import ( "crypto/x509" "encoding/base64" "fmt" - "io/ioutil" + "os" "github.com/pkg/errors" "github.com/smallstep/cli/crypto/keys" @@ -22,7 +22,7 @@ func ValidateSSHPOP(certFile string, key interface{}) (string, error) { if certFile == "" { return "", errors.New("ssh certfile cannot be empty") } - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return "", errors.Wrapf(err, "error reading ssh certificate from %s", certFile) } diff --git a/pkg/blackfriday/helpers_test.go b/pkg/blackfriday/helpers_test.go index 089c730e..d32c2741 100644 --- a/pkg/blackfriday/helpers_test.go +++ b/pkg/blackfriday/helpers_test.go @@ -14,7 +14,7 @@ package blackfriday import ( - "io/ioutil" + "os" "path/filepath" "regexp" "testing" @@ -151,7 +151,7 @@ func doTestsReference(t *testing.T, files []string, flag Extensions) { execRecoverableTestSuite(t, files, params, func(candidate *string) { for _, basename := range files { filename := filepath.Join("testdata", basename+".text") - inputBytes, err := ioutil.ReadFile(filename) + inputBytes, err := os.ReadFile(filename) if err != nil { t.Errorf("Couldn't open '%s', error: %v\n", filename, err) continue @@ -159,7 +159,7 @@ func doTestsReference(t *testing.T, files []string, flag Extensions) { input := string(inputBytes) filename = filepath.Join("testdata", basename+".html") - expectedBytes, err := ioutil.ReadFile(filename) + expectedBytes, err := os.ReadFile(filename) if err != nil { t.Errorf("Couldn't open '%s', error: %v\n", filename, err) continue diff --git a/pkg/blackfriday/ref_test.go b/pkg/blackfriday/ref_test.go index 4375f540..cecf7d1c 100644 --- a/pkg/blackfriday/ref_test.go +++ b/pkg/blackfriday/ref_test.go @@ -14,7 +14,7 @@ package blackfriday import ( - "io/ioutil" + "os" "path/filepath" "testing" ) @@ -108,7 +108,7 @@ func BenchmarkReference(b *testing.B) { var tests []string for _, basename := range files { filename := filepath.Join("testdata", basename+".text") - inputBytes, err := ioutil.ReadFile(filename) + inputBytes, err := os.ReadFile(filename) if err != nil { b.Errorf("Couldn't open '%s', error: %v\n", filename, err) continue diff --git a/ui/templates.go b/ui/templates.go index 64daecf8..cc37891c 100644 --- a/ui/templates.go +++ b/ui/templates.go @@ -44,7 +44,7 @@ func init() { // PrintSelectedTemplate returns the default template used in PrintSelected. func PrintSelectedTemplate() string { - return fmt.Sprintf(`{{ "%s" | green }} {{ .Name | bold }}{{ ":" | bold }} {{ .Value }}`, IconGood) + "\n" + return fmt.Sprintf(`{{ %q | green }} {{ .Name | bold }}{{ ":" | bold }} {{ .Value }}`, IconGood) + "\n" } // PromptTemplates is the default style for a prompt. @@ -76,7 +76,7 @@ func SelectTemplates(name string) *promptui.SelectTemplates { Label: fmt.Sprintf("%s {{ . }}: ", IconInitial), Active: fmt.Sprintf("%s {{ . | underline }}", IconSelect), Inactive: " {{ . }}", - Selected: fmt.Sprintf(`{{ "%s" | green }} {{ "%s:" | bold }} {{ .Name }}`, IconGood, name), + Selected: fmt.Sprintf(`{{ %q | green }} {{ "%s:" | bold }} {{ .Name }}`, IconGood, name), } } @@ -88,6 +88,6 @@ func NamedSelectTemplates(name string) *promptui.SelectTemplates { Label: fmt.Sprintf("%s {{.Name}}: ", IconInitial), Active: fmt.Sprintf("%s {{ .Name | underline }}", IconSelect), Inactive: " {{.Name}}", - Selected: fmt.Sprintf(`{{ "%s" | green }} {{ "%s:" | bold }} {{ .Name }}`, IconGood, name), + Selected: fmt.Sprintf(`{{ %q | green }} {{ "%s:" | bold }} {{ .Name }}`, IconGood, name), } } diff --git a/usage/html.go b/usage/html.go index 01379957..1ede910f 100644 --- a/usage/html.go +++ b/usage/html.go @@ -2,7 +2,6 @@ package usage import ( "fmt" - "io/ioutil" "net/http" "os" "path" @@ -122,7 +121,7 @@ func htmlHelpAction(ctx *cli.Context) error { // css style cssFile := path.Join(dir, "style.css") - if err := ioutil.WriteFile(cssFile, []byte(css), 0666); err != nil { + if err := os.WriteFile(cssFile, []byte(css), 0666); err != nil { return errs.FileError(err, cssFile) } diff --git a/utils/cautils/acmeutils.go b/utils/cautils/acmeutils.go index 99714412..16f909ba 100644 --- a/utils/cautils/acmeutils.go +++ b/utils/cautils/acmeutils.go @@ -8,7 +8,6 @@ import ( "encoding/json" "encoding/pem" "fmt" - "io/ioutil" "net/http" "os" "strings" @@ -127,7 +126,7 @@ func (wm *webrootMode) Run() error { } } - return errors.Wrapf(ioutil.WriteFile(fmt.Sprintf("%s/%s", chPath, wm.token), []byte(keyAuth), 0644), + return errors.Wrapf(os.WriteFile(fmt.Sprintf("%s/%s", chPath, wm.token), []byte(keyAuth), 0644), "error writing key authorization file %s", chPath+wm.token) } diff --git a/utils/cautils/token_generator.go b/utils/cautils/token_generator.go index ea48bae1..6de5ac12 100644 --- a/utils/cautils/token_generator.go +++ b/utils/cautils/token_generator.go @@ -5,7 +5,6 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" "os" "strings" "time" @@ -149,7 +148,7 @@ func generateK8sSAToken(ctx *cli.Context, p *provisioner.K8sSA) (string, error) if path == "" { path = "/var/run/secrets/kubernetes.io/serviceaccount/token" } - tokBytes, err := ioutil.ReadFile(path) + tokBytes, err := os.ReadFile(path) if err != nil { return "", errors.Wrap(err, "error reading kubernetes service account token") } diff --git a/utils/read.go b/utils/read.go index 4b6f7352..96437056 100644 --- a/utils/read.go +++ b/utils/read.go @@ -4,7 +4,6 @@ import ( "bufio" "bytes" "io" - "io/ioutil" "os" "strings" "unicode" @@ -34,7 +33,7 @@ func FileExists(path string) bool { // ReadAll returns a slice of bytes with the content of the given reader. func ReadAll(r io.Reader) ([]byte, error) { - b, err := ioutil.ReadAll(r) + b, err := io.ReadAll(r) return b, errors.Wrap(err, "error reading data") } @@ -51,7 +50,7 @@ func ReadString(r io.Reader) (string, error) { // ReadPasswordFromFile reads and returns the password from the given filename. // The contents of the file will be trimmed at the right. func ReadPasswordFromFile(filename string) ([]byte, error) { - password, err := ioutil.ReadFile(filename) + password, err := os.ReadFile(filename) if err != nil { return nil, errs.FileError(err, filename) } @@ -89,9 +88,9 @@ func ReadInput(prompt string) ([]byte, error) { func ReadFile(name string) (b []byte, err error) { if name == stdinFilename { name = "/dev/stdin" - b, err = ioutil.ReadAll(stdin) + b, err = io.ReadAll(stdin) } else { - b, err = ioutil.ReadFile(name) + b, err = os.ReadFile(name) } if err != nil { return nil, errs.FileError(err, name) diff --git a/utils/read_test.go b/utils/read_test.go index 76c652c1..4760974f 100644 --- a/utils/read_test.go +++ b/utils/read_test.go @@ -4,7 +4,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "reflect" "testing" @@ -30,7 +29,7 @@ func setStdin(f *os.File) (cleanup func()) { // Returns a temp file and a cleanup function to delete it. func newFile(t *testing.T, data []byte) (file *os.File, cleanup func()) { - f, err := ioutil.TempFile("" /* dir */, "utils-read-test") + f, err := os.CreateTemp("" /* dir */, "utils-read-test") require.NoError(t, err) // write to temp file and reset read cursor to beginning of file _, err = f.Write(data) diff --git a/utils/write.go b/utils/write.go index 12ca3d54..53610279 100644 --- a/utils/write.go +++ b/utils/write.go @@ -5,7 +5,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "strings" "time" @@ -32,19 +31,19 @@ var ( SnippetFooter = "# end" ) -// WriteFile wraps ioutil.WriteFile with a prompt to overwrite a file if +// WriteFile wraps os.WriteFile with a prompt to overwrite a file if // the file exists. It returns ErrFileExists if the user picks to not overwrite // the file. If force is set to true, the prompt will not be presented and the // file if exists will be overwritten. func WriteFile(filename string, data []byte, perm os.FileMode) error { if command.IsForce() { - return ioutil.WriteFile(filename, data, perm) + return os.WriteFile(filename, data, perm) } st, err := os.Stat(filename) if err != nil { if os.IsNotExist(err) { - return ioutil.WriteFile(filename, data, perm) + return os.WriteFile(filename, data, perm) } return errors.Wrapf(err, "error reading information for %s", filename) } @@ -63,7 +62,7 @@ func WriteFile(filename string, data []byte, perm os.FileMode) error { return ErrFileExists } - return ioutil.WriteFile(filename, data, perm) + return os.WriteFile(filename, data, perm) } // AppendNewLine appends the given data at the end of the file. If the last @@ -97,7 +96,7 @@ func WriteSnippet(filename string, data []byte, perm os.FileMode) error { } // Read file contents - b, err := ioutil.ReadFile(filename) + b, err := os.ReadFile(filename) if err != nil && !os.IsNotExist(err) { return errs.FileError(err, filename) }