Update go and modules

.github/workflows/specs.yml

@@ -4,7 +4,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.16.x]
+        go-version: [1.21.1]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:

Makefile

@@ -24,11 +24,11 @@ now          = $(shell date -u)
 fpm          = @docker run --platform linux/amd64 --rm -i -v "$(CURDIR):$(CURDIR)" -w "$(CURDIR)" -u $(shell id -u) digitalocean/fpm:latest
 shellcheck   = @docker run --platform linux/amd64 --rm -i -v "$(CURDIR):$(CURDIR)" -w "$(CURDIR)" -u $(shell id -u) koalaman/shellcheck:v0.6.0
 version_check = @./scripts/check_version.sh
-linter = docker run --platform linux/amd64 --rm -i -v "$(CURDIR):$(CURDIR)" -w "$(CURDIR)" -e "GO111MODULE=on" -e "GOFLAGS=-mod=vendor" -e "XDG_CACHE_HOME=$(CURDIR)/target/.cache/go" \
-	-u $(shell id -u) golangci/golangci-lint:v1.39 \
-	golangci-lint run --skip-files=.*_test.go -D errcheck -E golint -E gosec -E gofmt
+linter = docker run --platform linux/amd64 --rm -i -v "$(CURDIR):$(CURDIR)" -w "$(CURDIR)" -e "GOOS=$(GOOS)" -e "GOARCH=$(GOARCH)" -e "GO111MODULE=on" -e "GOFLAGS=-mod=vendor" -e "XDG_CACHE_HOME=$(CURDIR)/target/.cache/go" \
+	-u $(shell id -u) golangci/golangci-lint:v1.54 \
+	golangci-lint run --skip-files=.*_test.go -D errcheck -E revive -E gosec -E gofmt
 
-go_docker_linux = golang:1.18.2
+go_docker_linux = golang:1.21.1
 ifeq ($(GOOS), linux)
 go = docker run --platform linux/amd64 --rm -i \
 	-e "GOOS=$(GOOS)" \

cmd/agent/main.go

@@ -70,9 +70,8 @@ func main() {
 	// launch the watcher
 	if err := metadataWatcher.Run(); err != nil {
 		log.Fatal("Failed to run watcher... %v", err)
-	} else {
-		log.Info("Watcher finished")
 	}
+	log.Info("Watcher finished")
 }
 
 func handleShutdown(bgJobsCancel context.CancelFunc, metadataWatcher watcher.MetadataWatcher, infoUpdater updater.AgentInfoUpdater, sshMgr *sysaccess.SSHManager) {

go.mod

@@ -1,14 +1,14 @@
 module github.com/digitalocean/droplet-agent
 
-go 1.15
+go 1.21
 
 require (
-	github.com/fsnotify/fsnotify v1.5.1
+	github.com/fsnotify/fsnotify v1.6.0
 	github.com/golang/mock v1.6.0
-	github.com/opencontainers/selinux v1.8.1
-	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
-	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
-	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324
+	github.com/opencontainers/selinux v1.11.0
+	golang.org/x/crypto v0.13.0
+	golang.org/x/net v0.15.0
+	golang.org/x/sync v0.3.0
+	golang.org/x/sys v0.12.0
+	golang.org/x/time v0.3.0
 )

go.sum

@@ -1,42 +1,39 @@
-github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
-github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/opencontainers/selinux v1.8.1 h1:yvEZh7CsfnJNwKzG9ZeXwbvR05RAZsu5RS/3vA6qFTA=
-github.com/opencontainers/selinux v1.8.1/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/willf/bitset v1.1.11 h1:N7Z7E9UvjW+sGsEl7k/SJrvY2reP1A07MrGuCjIOjRE=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
+github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
+github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY=
-golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE=
-golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=

internal/log/mutelog.go

@@ -19,6 +19,6 @@ func Mute() {
 
 type muteLogger struct{}
 
-func (*muteLogger) Output(calldepth int, s string) error {
+func (*muteLogger) Output(_ int, _ string) error {
 	return nil
 }

internal/metadata/actioner/do_managed_keys_actioner.go

@@ -50,17 +50,17 @@ func (da *doManagedKeysActioner) do(metadata *metadata.Metadata) {
 		da.sshMgr.DisableManagedDropletKeys()
 	}
 	// prepare ssh keys
-	for _, kRaw := range metadata.PublicKeys {
-		k, e := da.keyParser.FromPublicKey(kRaw)
+	for _, keyRaw := range metadata.PublicKeys {
+		k, e := da.keyParser.FromPublicKey(keyRaw)
 		if e != nil {
 			log.Error("[DO-Managed Keys Actioner] invalid public key object. %v", e)
 			continue
 		}
 		sshKeys = append(sshKeys, k)
 	}
 	// prepare dotty keys
-	for _, kRaw := range metadata.DOTTYKeys {
-		k, e := da.keyParser.FromDOTTYKey(kRaw)
+	for _, keyRaw := range metadata.DOTTYKeys {
+		k, e := da.keyParser.FromDOTTYKey(keyRaw)
 		if e != nil {
 			log.Error("[DO-Managed Keys Actioner] invalid ssh key object. %v", e)
 			continue

internal/metadata/watcher/common.go

@@ -10,7 +10,7 @@ const (
 	maxShutdownWaitTimeSeconds = 5
 )
 
-//Possible Errors
+// Possible Errors
 var (
 	ErrFetchMetadataFailed  = errors.New("failed to fetch rmetadata")
 	ErrNoRegisteredActioner = errors.New("no registered actioners")

internal/metadata/watcher/fetcher.go

@@ -5,7 +5,7 @@ package watcher
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 
 	"github.com/digitalocean/droplet-agent/internal/metadata"
@@ -32,7 +32,7 @@ func (m *metadataFetcherImpl) fetchMetadata() (*metadata.Metadata, error) {
 		_ = metaResp.Body.Close()
 	}()
 
-	metadataRaw, err := ioutil.ReadAll(metaResp.Body)
+	metadataRaw, err := io.ReadAll(metaResp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("%w:%v", ErrFetchMetadataFailed, err)
 	}

internal/metadata/watcher/web_watcher.go

@@ -64,8 +64,9 @@ func (w *webBasedWatcher) Run() error {
 	})
 
 	w.server = &http.Server{
-		Addr:    webAddr,
-		Handler: r,
+		Addr:              webAddr,
+		Handler:           r,
+		ReadHeaderTimeout: 3 * time.Second,
 	}
 	if err := w.server.ListenAndServe(); err != nil {
 		if errors.Is(err, http.ErrServerClosed) {

internal/mockutils/http_matcher.go

@@ -5,7 +5,7 @@ package mockutils
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 
 	"github.com/golang/mock/gomock"
@@ -50,12 +50,12 @@ func (m *HTTPRequestMatcher) Matches(x interface{}) bool {
 	actualBodyReader := actual.Body
 	expectedBodyReader := m.ExpectedRequest.Body
 
-	actualBody, err := ioutil.ReadAll(actualBodyReader)
+	actualBody, err := io.ReadAll(actualBodyReader)
 	if err != nil {
 		return false
 	}
 
-	expectedBody, err := ioutil.ReadAll(expectedBodyReader)
+	expectedBody, err := io.ReadAll(expectedBodyReader)
 	if err != nil {
 		return false
 	}

internal/sysaccess/authorized_keys_file_updater.go

@@ -54,10 +54,7 @@ func (u *updaterImpl) updateAuthorizedKeysFile(osUsername string, managedKeys []
 		localKeys = strings.Split(strings.TrimRight(string(localKeysRaw), "\n"), "\n")
 	}
 	updatedKeys := u.sshMgr.prepareAuthorizedKeys(localKeys, managedKeys)
-	if err = u.do(authorizedKeysFile, osUser, updatedKeys, fileExist); err != nil {
-		return err
-	}
-	return nil
+	return u.do(authorizedKeysFile, osUser, updatedKeys, fileExist)
 }
 
 func (u *updaterImpl) do(authorizedKeysFile string, user *sysutil.User, lines []string, srcFileExist bool) (retErr error) {

internal/sysaccess/ssh_helper.go

@@ -56,10 +56,10 @@ func (s *sshHelperImpl) authorizedKeysFile(user *sysutil.User) string {
 
 // prepareAuthorizedKeys prepares the authorized keys that will be updated to filesystem
 // NOTE: setting managedKeys to nil or empty slice will result in different behaviors
-// - managedKeys = nil: will result in all temporary keys (keys with a TTL) being removed,
-//   but all permanent DO managed droplet keys will be preserved
-// - managedKeys = []*SSHKey{}: means the droplet no longer has any DO managed keys (neither Droplet Keys nor DoTTY Keys),
-//   therefore, all DigitalOcean managed keys will be removed
+//   - managedKeys = nil: will result in all temporary keys (keys with a TTL) being removed,
+//     but all permanent DO managed droplet keys will be preserved
+//   - managedKeys = []*SSHKey{}: means the droplet no longer has any DO managed keys (neither Droplet Keys nor DoTTY Keys),
+//     therefore, all DigitalOcean managed keys will be removed
 func (s *sshHelperImpl) prepareAuthorizedKeys(localKeys []string, managedKeys []*SSHKey) []string {
 	managedDropletKeysEnabled := atomic.LoadUint32(&s.mgr.manageDropletKeys) == manageDropletKeysEnabled
 	managedKeysQuickCheck := make(map[string]bool)

internal/sysaccess/ssh_helper_sshd_config_unix.go

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
+//go:build !windows
 // +build !windows
 
 package sysaccess

internal/sysaccess/sshmgr.go

@@ -130,10 +130,7 @@ func (s *SSHManager) RemoveExpiredKeys() (err error) {
 			return nil
 		})
 	}
-	if err := eg.Wait(); err != nil {
-		return err
-	}
-	return nil
+	return eg.Wait()
 }
 
 // UpdateKeys updates the given ssh keys to corresponding authorized_keys files.
@@ -218,10 +215,7 @@ func (s *SSHManager) RemoveDOTTYKeys() error {
 			return nil
 		})
 	}
-	if err := eg.Wait(); err != nil {
-		return err
-	}
-	return nil
+	return eg.Wait()
 }
 
 // SSHDPort returns the port sshd is binding to
@@ -286,15 +280,16 @@ func (s *SSHManager) Close() error {
 }
 
 // parseSSHDConfig parses the sshd_config file and retrieves configurations needed by the agent, which are:
-//  - AuthorizedKeysFile : to know how to locate the authorized_keys file
-//  - Port | ListenAddress : to know which port sshd is currently binding to
+//   - AuthorizedKeysFile : to know how to locate the authorized_keys file
+//   - Port | ListenAddress : to know which port sshd is currently binding to
+//
 // NOTES:
-//  - the port specified in the command line arguments (--sshd_port) when launching the agent has the highest priority,
-//    if given, parseSSHDConfig will skip parsing port numbers specified in the sshd_config
-//  - only 1 port is currently supported, if there are multiple ports presented, for example, multiple "Port" entries
-//    or more ports are found from `ListenAddress` entry/entries, the agent will only take the first one found, and this
-//    *MAY NOT* be the right one. If this happens to be the case, please explicit specify which port the agent should
-//    watch via the command line argument "--sshd_port"
+//   - the port specified in the command line arguments (--sshd_port) when launching the agent has the highest priority,
+//     if given, parseSSHDConfig will skip parsing port numbers specified in the sshd_config
+//   - only 1 port is currently supported, if there are multiple ports presented, for example, multiple "Port" entries
+//     or more ports are found from `ListenAddress` entry/entries, the agent will only take the first one found, and this
+//     *MAY NOT* be the right one. If this happens to be the case, please explicit specify which port the agent should
+//     watch via the command line argument "--sshd_port"
 func (s *SSHManager) parseSSHDConfig() error {
 	defer func() {
 		if s.authorizedKeysFilePattern == "" {

internal/sysutil/os_operations_unix.go

@@ -1,21 +1,21 @@
 // SPDX-License-Identifier: Apache-2.0
 
+//go:build !windows
 // +build !windows
 
 package sysutil
 
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"strconv"
 	"strings"
 )
 
 func newOSOperator() osOperator {
 	return &osOperatorImpl{
-		readFileFn: ioutil.ReadFile,
+		readFileFn: os.ReadFile,
 		osStatFn:   os.Stat,
 		osMkDir:    os.MkdirAll,
 		osChown:    os.Chown,

internal/sysutil/sysmanager.go

@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"time"
@@ -27,7 +26,7 @@ type SysManager struct {
 
 // ReadFile reads a file
 func (s *SysManager) ReadFile(filename string) ([]byte, error) {
-	return ioutil.ReadFile(filename)
+	return os.ReadFile(filename)
 }
 
 // RenameFile renames a file