Bump Go version to 1.19.1 (#3398)

* Bump Go version to 1.19.1

pickup the fix for https://nvd.nist.gov/vuln/detail/CVE-2022-27664

* make goimports

* make goimports -f init_Makefile

* fix seelog xml

* deprecate ioutil

Author: sparrc

GO_VERSION

@@ -1 +1 @@
-1.18.3
+1.19.1

GO_VERSION_WINDOWS

@@ -1 +1 @@
-1.18.3
+1.19.1

agent/api/container/container_test.go

@@ -138,7 +138,7 @@ func TestIsInternal(t *testing.T) {
 }
 
 // TestSetupExecutionRoleFlag tests whether or not the container appropriately
-//sets the flag for using execution roles
+// sets the flag for using execution roles
 func TestSetupExecutionRoleFlag(t *testing.T) {
 	testCases := []struct {
 		container *Container

agent/api/task/task_linux.go

@@ -98,11 +98,12 @@ func buildCgroupV1Root(taskID string) string {
 // buildCgroupV2Root creates a root cgroup using the systemd driver's special "-"
 // character. The "-" specifies a parent slice, so tasks and their containers end up
 // looking like this in the cgroup directory:
-//   /sys/fs/cgroup/ecstasks.slice/
-//   ├── ecstasks-XXXXf406f70c4c678073ae96944fXXXX.slice
-//   │   └── docker-XXXX7c6dc81f2e9a8bf1c566dc769733ccba594b3007dd289a0f50ad7923XXXX.scope
-//   └── ecstasks-XXXX30467358463ab6bbba4e73afXXXX.slice
-//       └── docker-XXXX7ef4e942552437c96051356859c1df169f16e1cf9a9fc96fd30614e6XXXX.scope
+//
+//	/sys/fs/cgroup/ecstasks.slice/
+//	├── ecstasks-XXXXf406f70c4c678073ae96944fXXXX.slice
+//	│   └── docker-XXXX7c6dc81f2e9a8bf1c566dc769733ccba594b3007dd289a0f50ad7923XXXX.scope
+//	└── ecstasks-XXXX30467358463ab6bbba4e73afXXXX.slice
+//	    └── docker-XXXX7ef4e942552437c96051356859c1df169f16e1cf9a9fc96fd30614e6XXXX.scope
 func buildCgroupV2Root(taskID string) string {
 	return fmt.Sprintf("%s-%s.slice", config.DefaultTaskCgroupV2Prefix, taskID)
 }

agent/app/agent_capability.go

@@ -129,53 +129,53 @@ var (
 // capabilities returns the supported capabilities of this agent / docker-client pair.
 // Currently, the following capabilities are possible:
 //
-//    com.amazonaws.ecs.capability.privileged-container
-//    com.amazonaws.ecs.capability.docker-remote-api.1.17
-//    com.amazonaws.ecs.capability.docker-remote-api.1.18
-//    com.amazonaws.ecs.capability.docker-remote-api.1.19
-//    com.amazonaws.ecs.capability.docker-remote-api.1.20
-//    com.amazonaws.ecs.capability.logging-driver.json-file
-//    com.amazonaws.ecs.capability.logging-driver.syslog
-//    com.amazonaws.ecs.capability.logging-driver.fluentd
-//    com.amazonaws.ecs.capability.logging-driver.journald
-//    com.amazonaws.ecs.capability.logging-driver.gelf
-//    com.amazonaws.ecs.capability.logging-driver.none
-//    com.amazonaws.ecs.capability.selinux
-//    com.amazonaws.ecs.capability.apparmor
-//    com.amazonaws.ecs.capability.ecr-auth
-//    com.amazonaws.ecs.capability.task-iam-role
-//    com.amazonaws.ecs.capability.task-iam-role-network-host
-//    ecs.capability.docker-volume-driver.${driverName}
-//    ecs.capability.task-eni
-//    ecs.capability.task-eni-block-instance-metadata
-//    ecs.capability.execution-role-ecr-pull
-//    ecs.capability.execution-role-awslogs
-//    ecs.capability.container-health-check
-//    ecs.capability.private-registry-authentication.secretsmanager
-//    ecs.capability.secrets.ssm.environment-variables
-//    ecs.capability.secrets.ssm.bootstrap.log-driver
-//    ecs.capability.pid-ipc-namespace-sharing
-//    ecs.capability.ecr-endpoint
-//    ecs.capability.secrets.asm.environment-variables
-//    ecs.capability.secrets.asm.bootstrap.log-driver
-//    ecs.capability.aws-appmesh
-//    ecs.capability.task-eia
-//    ecs.capability.task-eni-trunking
-//    ecs.capability.task-eia.optimized-cpu
-//    ecs.capability.firelens.fluentd
-//    ecs.capability.firelens.fluentbit
-//    ecs.capability.efs
-//    com.amazonaws.ecs.capability.logging-driver.awsfirelens
-//    ecs.capability.logging-driver.awsfirelens.log-driver-buffer-limit
-//    ecs.capability.firelens.options.config.file
-//    ecs.capability.firelens.options.config.s3
-//    ecs.capability.full-sync
-//    ecs.capability.gmsa
-//    ecs.capability.efsAuth
-//    ecs.capability.env-files.s3
-//    ecs.capability.fsxWindowsFileServer
-//    ecs.capability.execute-command
-//    ecs.capability.external
+//	com.amazonaws.ecs.capability.privileged-container
+//	com.amazonaws.ecs.capability.docker-remote-api.1.17
+//	com.amazonaws.ecs.capability.docker-remote-api.1.18
+//	com.amazonaws.ecs.capability.docker-remote-api.1.19
+//	com.amazonaws.ecs.capability.docker-remote-api.1.20
+//	com.amazonaws.ecs.capability.logging-driver.json-file
+//	com.amazonaws.ecs.capability.logging-driver.syslog
+//	com.amazonaws.ecs.capability.logging-driver.fluentd
+//	com.amazonaws.ecs.capability.logging-driver.journald
+//	com.amazonaws.ecs.capability.logging-driver.gelf
+//	com.amazonaws.ecs.capability.logging-driver.none
+//	com.amazonaws.ecs.capability.selinux
+//	com.amazonaws.ecs.capability.apparmor
+//	com.amazonaws.ecs.capability.ecr-auth
+//	com.amazonaws.ecs.capability.task-iam-role
+//	com.amazonaws.ecs.capability.task-iam-role-network-host
+//	ecs.capability.docker-volume-driver.${driverName}
+//	ecs.capability.task-eni
+//	ecs.capability.task-eni-block-instance-metadata
+//	ecs.capability.execution-role-ecr-pull
+//	ecs.capability.execution-role-awslogs
+//	ecs.capability.container-health-check
+//	ecs.capability.private-registry-authentication.secretsmanager
+//	ecs.capability.secrets.ssm.environment-variables
+//	ecs.capability.secrets.ssm.bootstrap.log-driver
+//	ecs.capability.pid-ipc-namespace-sharing
+//	ecs.capability.ecr-endpoint
+//	ecs.capability.secrets.asm.environment-variables
+//	ecs.capability.secrets.asm.bootstrap.log-driver
+//	ecs.capability.aws-appmesh
+//	ecs.capability.task-eia
+//	ecs.capability.task-eni-trunking
+//	ecs.capability.task-eia.optimized-cpu
+//	ecs.capability.firelens.fluentd
+//	ecs.capability.firelens.fluentbit
+//	ecs.capability.efs
+//	com.amazonaws.ecs.capability.logging-driver.awsfirelens
+//	ecs.capability.logging-driver.awsfirelens.log-driver-buffer-limit
+//	ecs.capability.firelens.options.config.file
+//	ecs.capability.firelens.options.config.s3
+//	ecs.capability.full-sync
+//	ecs.capability.gmsa
+//	ecs.capability.efsAuth
+//	ecs.capability.env-files.s3
+//	ecs.capability.fsxWindowsFileServer
+//	ecs.capability.execute-command
+//	ecs.capability.external
 func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {
 	var capabilities []*ecs.Attribute
 

agent/app/data.go

@@ -46,20 +46,20 @@ type savedData struct {
 // load from boltdb, and if it doesn't get anything, it tries to load from state file and then save data it loaded to
 // boltdb. Behavior of three cases are considered:
 //
-// 1. Agent starts from fresh instance (no previous state):
-//    (1) Try to load from boltdb, get nothing;
-//    (2) Try to load from state file, get nothing;
-//    (3) Return empty data.
+//  1. Agent starts from fresh instance (no previous state):
+//     (1) Try to load from boltdb, get nothing;
+//     (2) Try to load from state file, get nothing;
+//     (3) Return empty data.
 //
-// 2. Agent starts with previous state stored in boltdb:
-//    (1) Try to load from boltdb, get the data;
-//    (2) Return loaded data.
+//  2. Agent starts with previous state stored in boltdb:
+//     (1) Try to load from boltdb, get the data;
+//     (2) Return loaded data.
 //
-// 3. Agent starts with previous state stored in state file (i.e. it was just upgraded from an old agent that uses state file):
-//    (1) Try to load from boltdb, get nothing;
-//    (2) Try to load from state file, get something;
-//    (3) Save loaded data to boltdb;
-//    (4) Return loaded data.
+//  3. Agent starts with previous state stored in state file (i.e. it was just upgraded from an old agent that uses state file):
+//     (1) Try to load from boltdb, get nothing;
+//     (2) Try to load from state file, get something;
+//     (3) Save loaded data to boltdb;
+//     (4) Return loaded data.
 func (agent *ecsAgent) loadData(containerChangeEventStream *eventstream.EventStream,
 	credentialsManager credentials.Manager,
 	state dockerstate.TaskEngineState,

agent/config/conditional.go

@@ -71,7 +71,7 @@ type BooleanDefaultFalse struct {
 	Value Conditional
 }
 
-/// Enabled is a convenience function for when consumers don't care if the value is implicit or explicit
+// / Enabled is a convenience function for when consumers don't care if the value is implicit or explicit
 func (b BooleanDefaultFalse) Enabled() bool {
 	return b.Value == ExplicitlyEnabled
 }

agent/config/doc.go

@@ -15,7 +15,7 @@
 Package config handles loading configuration data, warning on missing data,
 and setting sane defaults.
 
-Configuration Sources
+# Configuration Sources
 
 Configuration data is loaded from two sources currently: the environment and
 a json config file.

agent/credentials/instancecreds/instancecreds_linux.go

@@ -25,10 +25,10 @@ import (
 // GetCredentials returns the instance credentials chain. This is the default chain
 // credentials plus the "rotating shared credentials provider", so credentials will
 // be checked in this order:
-//    1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
-//    2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
-//    3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
-//    4. Rotating shared credentials file located at /rotatingcreds/credentials
+//  1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
+//  2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
+//  3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
+//  4. Rotating shared credentials file located at /rotatingcreds/credentials
 func GetCredentials(isExternal bool) *credentials.Credentials {
 	mu.Lock()
 	if credentialChain == nil {

agent/credentials/instancecreds/instancecreds_unsupported.go

@@ -23,10 +23,10 @@ import (
 // GetCredentials returns the instance credentials chain. This is the default chain
 // credentials plus the "rotating shared credentials provider", so credentials will
 // be checked in this order:
-//    1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
-//    2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
-//    3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
-//    4. Rotating shared credentials file located at /rotatingcreds/credentials
+//  1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
+//  2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
+//  3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
+//  4. Rotating shared credentials file located at /rotatingcreds/credentials
 func GetCredentials(isExternal bool) *credentials.Credentials {
 	return nil
 }

agent/credentials/instancecreds/instancecreds_windows.go

@@ -25,21 +25,25 @@ import (
 // GetCredentials returns the instance credentials chain. This is the default chain
 // credentials plus the "rotating shared credentials provider", so credentials will
 // be checked in this order:
-//    1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
-//    2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
-//    3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
-//    4. Rotating shared credentials file located at /rotatingcreds/credentials
 //
-//    The default credential chain provided by the SDK includes:
-//    * EnvProvider
-//    * SharedCredentialsProvider
-//    * RemoteCredProvider (EC2RoleProvider)
+//  1. Env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
 //
-//    In the case of ECS-A on Windows, the `SharedCredentialsProvider` takes
-//    precedence over the `RotatingSharedCredentialsProvider` and this results
-//    in the credentials not being refreshed. To mitigate this issue, we will
-//    reorder the credential chain and ensure that `RotatingSharedCredentialsProvider`
-//    takes precedence over the `SharedCredentialsProvider` for ECS-A.
+//  2. Shared credentials file (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html) (file at ~/.aws/credentials containing access key id and secret access key).
+//
+//  3. EC2 role credentials. This is an IAM role that the user specifies when they launch their EC2 container instance (ie ecsInstanceRole (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html)).
+//
+//  4. Rotating shared credentials file located at /rotatingcreds/credentials
+//
+//     The default credential chain provided by the SDK includes:
+//     * EnvProvider
+//     * SharedCredentialsProvider
+//     * RemoteCredProvider (EC2RoleProvider)
+//
+//     In the case of ECS-A on Windows, the `SharedCredentialsProvider` takes
+//     precedence over the `RotatingSharedCredentialsProvider` and this results
+//     in the credentials not being refreshed. To mitigate this issue, we will
+//     reorder the credential chain and ensure that `RotatingSharedCredentialsProvider`
+//     takes precedence over the `SharedCredentialsProvider` for ECS-A.
 func GetCredentials(isExternal bool) *credentials.Credentials {
 	mu.Lock()
 	credProviders := defaults.CredProviders(defaults.Config(), defaults.Handlers())

agent/dockerclient/dockerapi/docker_client.go

@@ -214,20 +214,21 @@ type DockerClient interface {
 
 // DockerGoClient wraps the underlying go-dockerclient and docker/docker library.
 // It exists primarily for the following four purposes:
-// 1) Provide an abstraction over inputs and outputs,
-//    a) Inputs: Trims them down to what we actually need (largely unchanged tbh)
-//    b) Outputs: Unifies error handling and the common 'start->inspect'
-//       pattern by having a consistent error output. This error output
-//       contains error data with a given Name that aims to be presentable as a
-//       'reason' in state changes. It also filters out the information about a
-//       container that is of interest, such as network bindings, while
-//       ignoring the rest.
-// 2) Timeouts: It adds timeouts everywhere, mostly as a reaction to
-//    pull-related issues in the Docker daemon.
-// 3) Versioning: It abstracts over multiple client versions to allow juggling
-//    appropriately there.
-// 4) Allows for both the go-dockerclient client and Docker SDK client to live
-//    side-by-side until migration to the Docker SDK is complete.
+//  1. Provide an abstraction over inputs and outputs,
+//     a) Inputs: Trims them down to what we actually need (largely unchanged tbh)
+//     b) Outputs: Unifies error handling and the common 'start->inspect'
+//     pattern by having a consistent error output. This error output
+//     contains error data with a given Name that aims to be presentable as a
+//     'reason' in state changes. It also filters out the information about a
+//     container that is of interest, such as network bindings, while
+//     ignoring the rest.
+//  2. Timeouts: It adds timeouts everywhere, mostly as a reaction to
+//     pull-related issues in the Docker daemon.
+//  3. Versioning: It abstracts over multiple client versions to allow juggling
+//     appropriately there.
+//  4. Allows for both the go-dockerclient client and Docker SDK client to live
+//     side-by-side until migration to the Docker SDK is complete.
+//
 // Implements DockerClient
 // TODO Remove clientfactory field once all API calls are migrated to sdkclientFactory
 type dockerGoClient struct {

agent/dockerclient/dockerauth/doc.go

@@ -15,7 +15,7 @@
 Package dockerauth handles storing auth configuration information for Docker
 registries.
 
-Usage
+# Usage
 
 This package pulls authentication information from the passed configuration.
 A user should set the "EngineAuthType" and "EngineAuthData" configuration
@@ -24,7 +24,7 @@ keys to values indicated below.
 These keys may be set by either setting the environment variables
 "ECS_ENGINE_AUTH_TYPE" and "ECS_ENGINE_AUTH_DATA" or by setting the keys "EngineAuthData" and "EngineAuthType" in the JSON configuration file located at the configured "ECS_AGENT_CONFIG_FILE_PATH" (see http://godoc.org/github.com/aws/amazon-ecs-agent/agent/config)
 
-Auth Types
+# Auth Types
 
 The two currently supported auth types are "docker" and "dockercfg".
 
@@ -34,6 +34,7 @@ The auth type "docker" is intended to work most naturally with a JSON
 configuration file. The "AuthData" is a structured JSON object which specifies
 values for the docker "AuthConfig" structure. The "AuthData" should be an object
 similar to the following:
+
 	{
 		"my.registry.example.com": {
 			"username": "myUsername",
@@ -46,13 +47,13 @@ similar to the following:
 		}
 	}
 
-
 Dockercfg:
 
 The auth type "dockercfg" is intended to allow easy use of an existing
 ".dockercfg" file generated by running "docker login". This auth type expects
 the "AuthData" to be a string containing the contents of that file. The contents
 of your ".dockercfg" will generally be a string of the following form:
+
 	'{"http://myregistry.com/v1/":{"auth":"dXNlcjpzd29yZGZpc2g=","email":"email"}}'
 */
 package dockerauth