From 882c6f70567c493efa067cd620b0cffc2129d2ce Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Mon, 24 Nov 2025 14:10:47 -0600 Subject: [PATCH] Migrate away from deprecated ioutil --- pkg/controller/cabundleinjector/starter.go | 10 +++++----- pkg/controller/servingcert/starter/starter.go | 3 +-- test/util/rotate.go | 5 ++--- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/pkg/controller/cabundleinjector/starter.go b/pkg/controller/cabundleinjector/starter.go index 0112101ee..227ff98a9 100644 --- a/pkg/controller/cabundleinjector/starter.go +++ b/pkg/controller/cabundleinjector/starter.go @@ -3,12 +3,12 @@ package cabundleinjector import ( "context" "fmt" - "io/ioutil" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" "os" "strings" "time" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" kubeinformers "k8s.io/client-go/informers" @@ -52,18 +52,18 @@ func StartCABundleInjector(ctx context.Context, controllerContext *controllercmd // TODO(marun) Detect and respond to changes in this path rather than // depending on the operator for redeployment caBundleFile := "/var/run/configmaps/signing-cabundle/ca-bundle.crt" - caBundleContent, err := ioutil.ReadFile(caBundleFile) + caBundleContent, err := os.ReadFile(caBundleFile) if err != nil { return err } // this construction matches what the old kube controller manager did. It added the entire ca.crt to the service-ca.crt. - vulnerableLegacyCABundleContent, err := ioutil.ReadFile(caBundleFile) + vulnerableLegacyCABundleContent, err := os.ReadFile(caBundleFile) if err != nil { return err } saTokenCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - saTokenCABundleContent, err := ioutil.ReadFile(saTokenCAFile) + saTokenCABundleContent, err := os.ReadFile(saTokenCAFile) if err != nil && !os.IsNotExist(err) { return err } diff --git a/pkg/controller/servingcert/starter/starter.go b/pkg/controller/servingcert/starter/starter.go index 63bd6e6a0..c1c749a2f 100644 --- a/pkg/controller/servingcert/starter/starter.go +++ b/pkg/controller/servingcert/starter/starter.go @@ -4,7 +4,6 @@ import ( "context" "crypto/x509" "fmt" - "io/ioutil" "os" "time" @@ -103,7 +102,7 @@ func StartServiceServingCertSigner(ctx context.Context, controllerContext *contr // bridge trust between the current and previous CA, but a new cluster // will not have a previous CA. func readIntermediateCACert(filename string) (*x509.Certificate, error) { - certsPEMBlock, err := ioutil.ReadFile(filename) + certsPEMBlock, err := os.ReadFile(filename) if os.IsNotExist(err) { klog.V(4).Infof("%q does not exist which indicates that an intermediate certificate was not specified", filename) return nil, nil diff --git a/test/util/rotate.go b/test/util/rotate.go index 8b2f1b793..efe87e1f2 100644 --- a/test/util/rotate.go +++ b/test/util/rotate.go @@ -7,7 +7,6 @@ import ( "crypto/x509" "encoding/base64" "fmt" - "io/ioutil" "net" "net/http" "os" @@ -59,7 +58,7 @@ func CheckRotation(t *testing.T, dnsName string, oldCertPEM, oldKeyPEM, oldBundl func checkClientTrust(t *testing.T, testName, dnsName string, certPEM, keyPEM, bundlePEM []byte) { // Emulate how a service will consume the serving cert by writing // the cert and key to disk. - certFile, err := ioutil.TempFile("", v1.TLSCertKey) + certFile, err := os.CreateTemp("", v1.TLSCertKey) if err != nil { t.Fatalf("error creating tmpfile for cert: %v", err) @@ -75,7 +74,7 @@ func checkClientTrust(t *testing.T, testName, dnsName string, certPEM, keyPEM, b t.Fatalf("Error writing cert to disk: %v", err) } - keyFile, err := ioutil.TempFile("", v1.TLSPrivateKeyKey) + keyFile, err := os.CreateTemp("", v1.TLSPrivateKeyKey) if err != nil { t.Fatalf("error creating tmpfile for key: %v", err)