TUN-6917: Bump go to 1.19.3

Makefile

@@ -297,8 +297,8 @@ quic-deps:
 
 .PHONY: vet
 vet:
-	go vet -v -mod=vendor ./...
+	go vet -v -mod=vendor github.com/cloudflare/cloudflared/...
 
-.PHONY: goimports
-goimports:
-	for d in $$(go list -mod=readonly -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -w $$d ; done
+.PHONY: fmt
+fmt:
+	goimports -l -w -local github.com/cloudflare/cloudflared $$(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc)

carrier/carrier.go

@@ -1,6 +1,6 @@
-//Package carrier provides a WebSocket proxy to carry or proxy a connection
-//from the local client to the edge. See it as a wrapper around any protocol
-//that it packages up in a WebSocket connection to the edge.
+// Package carrier provides a WebSocket proxy to carry or proxy a connection
+// from the local client to the edge. See it as a wrapper around any protocol
+// that it packages up in a WebSocket connection to the edge.
 package carrier
 
 import (

cfsetup.yaml

@@ -1,23 +1,29 @@
-pinned_go: &pinned_go go=1.18.6-1
-pinned_go_fips: &pinned_go_fips go-boring=1.18.6-1
+pinned_go: &pinned_go go=1.19.3-1
+pinned_go_fips: &pinned_go_fips go-boring=1.19.3-1
 
 build_dir: &build_dir /cfsetup_build
 default-flavor: bullseye
 stretch: &stretch
   build:
     build_dir: *build_dir
-    builddeps:
+    builddeps: &build_deps
       - *pinned_go
       - build-essential
+      - gotest-to-teamcity
+    pre-cache: &build_pre_cache
+      - export GOCACHE=/cfsetup_build/.cache/go-build
+      - go install golang.org/x/tools/cmd/goimports@latest
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64
       - make cloudflared
   build-fips:
     build_dir: *build_dir
-    builddeps:
+    builddeps: &build_deps_fips
       - *pinned_go_fips
       - build-essential
+      - gotest-to-teamcity
+    pre-cache: *build_pre_cache
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64
@@ -163,12 +169,8 @@ stretch: &stretch
       - make github-windows-upload
   test:
     build_dir: *build_dir
-    builddeps:
-      - *pinned_go
-      - build-essential
-      - gotest-to-teamcity
-    pre-cache: &test_pre_cache
-      - go install golang.org/x/tools/cmd/goimports@latest
+    builddeps: *build_deps
+    pre-cache: *build_pre_cache
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64
@@ -177,11 +179,8 @@ stretch: &stretch
       - make test | gotest-to-teamcity
   test-fips:
     build_dir: *build_dir
-    builddeps:
-      - *pinned_go_fips
-      - build-essential
-      - gotest-to-teamcity
-    pre-cache: *test_pre_cache
+    builddeps: *build_deps_fips
+    pre-cache: *build_pre_cache
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64

dev.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.18 as builder
+FROM golang:1.19 as builder
 ENV GO111MODULE=on \
     CGO_ENABLED=0
 WORKDIR /go/src/github.com/cloudflare/cloudflared/

edgediscovery/allregions/discovery.go

@@ -71,11 +71,14 @@ type EdgeAddr struct {
 // If the call to net.LookupSRV fails, try to fall back to DoT from Cloudflare directly.
 //
 // Note: Instead of DoT, we could also have used DoH. Either of these:
-//     - directly via the JSON API (https://1.1.1.1/dns-query?ct=application/dns-json&name=_origintunneld._tcp.argotunnel.com&type=srv)
-//     - indirectly via `tunneldns.NewUpstreamHTTPS()`
+//   - directly via the JSON API (https://1.1.1.1/dns-query?ct=application/dns-json&name=_origintunneld._tcp.argotunnel.com&type=srv)
+//   - indirectly via `tunneldns.NewUpstreamHTTPS()`
+//
 // But both of these cases miss out on a key feature from the stdlib:
-//     "The returned records are sorted by priority and randomized by weight within a priority."
-//     (https://golang.org/pkg/net/#Resolver.LookupSRV)
+//
+//	"The returned records are sorted by priority and randomized by weight within a priority."
+//	(https://golang.org/pkg/net/#Resolver.LookupSRV)
+//
 // Does this matter? I don't know. It may someday. Let's use DoT so we don't need to worry about it.
 // See also: Go feature request for stdlib-supported DoH: https://github.com/golang/go/issues/27552
 var fallbackLookupSRV = lookupSRVWithDOT

fmt-check.sh

@@ -2,12 +2,12 @@
 
 set -e -o pipefail
 
-OUTPUT=$(for d in $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -d $d ; done)
+OUTPUT=$(goimports -l -d -local github.com/cloudflare/cloudflared $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc))
 
 if [ -n "$OUTPUT" ] ; then
   PAGER=$(which colordiff || echo cat)
   echo
-  echo "Code formatting issues found, use 'goimports -format-only -local github.com/cloudflare/cloudflared' to correct them"
+  echo "Code formatting issues found, use 'make fmt' to correct them"
   echo
   echo "$OUTPUT" | $PAGER
   exit 1

go.mod

@@ -1,6 +1,6 @@
 module github.com/cloudflare/cloudflared
 
-go 1.18
+go 1.19
 
 require (
 	github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93

ingress/config.go

@@ -435,10 +435,11 @@ func (defaults *OriginRequestConfig) setAccess(overrides config.OriginRequestCon
 
 // SetConfig gets config for the requests that cloudflared sends to origins.
 // Each field has a setter method which sets a value for the field by trying to find:
-//   1. The user config for this rule
-//   2. The user config for the overall ingress config
-//   3. Defaults chosen by the cloudflared team
-//   4. Golang zero values for that type
+//  1. The user config for this rule
+//  2. The user config for the overall ingress config
+//  3. Defaults chosen by the cloudflared team
+//  4. Golang zero values for that type
+//
 // If an earlier option isn't set, it will try the next option down.
 func setConfig(defaults OriginRequestConfig, overrides config.OriginRequestConfig) OriginRequestConfig {
 	cfg := defaults

ingress/icmp_windows.go

@@ -376,20 +376,20 @@ func (ip *icmpProxy) icmpEchoRoundtrip(dst netip.Addr, echo *icmp.Echo) (echoRes
 }
 
 /*
-	Wrapper to call https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho
-	Parameters:
-	- IcmpHandle: Handle created by IcmpCreateFile
-	- DestinationAddress: IPv4 in the form of https://docs.microsoft.com/en-us/windows/win32/api/inaddr/ns-inaddr-in_addr#syntax
-	- RequestData: A pointer to echo data
-	- RequestSize: Number of bytes in buffer pointed by echo data
-	- RequestOptions: IP header options
-	- ReplyBuffer: A pointer to the buffer for echoReply, options and data
-	- ReplySize: Number of bytes allocated for ReplyBuffer
-	- Timeout: Timeout in milliseconds to wait for a reply
-	Returns:
-	- the number of replies in uint32 https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho#return-value
-	To retain the reference allocated objects, conversion from pointer to uintptr must happen as arguments to the
-	syscall function
+Wrapper to call https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho
+Parameters:
+- IcmpHandle: Handle created by IcmpCreateFile
+- DestinationAddress: IPv4 in the form of https://docs.microsoft.com/en-us/windows/win32/api/inaddr/ns-inaddr-in_addr#syntax
+- RequestData: A pointer to echo data
+- RequestSize: Number of bytes in buffer pointed by echo data
+- RequestOptions: IP header options
+- ReplyBuffer: A pointer to the buffer for echoReply, options and data
+- ReplySize: Number of bytes allocated for ReplyBuffer
+- Timeout: Timeout in milliseconds to wait for a reply
+Returns:
+- the number of replies in uint32 https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho#return-value
+To retain the reference allocated objects, conversion from pointer to uintptr must happen as arguments to the
+syscall function
 */
 func (ip *icmpProxy) icmpSendEcho(dst netip.Addr, echo *icmp.Echo) (*echoV4Resp, error) {
 	dataSize := len(echo.Data)

ingress/icmp_windows_test.go

@@ -125,7 +125,7 @@ func TestParseEchoV6Reply(t *testing.T) {
 	}
 }
 
-//  TestSendEchoErrors makes sure icmpSendEcho handles error cases
+// TestSendEchoErrors makes sure icmpSendEcho handles error cases
 func TestSendEchoErrors(t *testing.T) {
 	testSendEchoErrors(t, netip.IPv4Unspecified())
 	testSendEchoErrors(t, netip.IPv6Unspecified())

token/encrypt.go

@@ -3,26 +3,26 @@
 // tldr is it uses Elliptic Curves (Curve25519) for the keys, XSalsa20 and Poly1305 for encryption.
 // You can read more here https://godoc.org/golang.org/x/crypto/nacl/box.
 //
-//		msg := []byte("super safe message.")
-//		alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem")
-//		if err != nil {
-//			log.Fatal(err)
-//		}
+//	msg := []byte("super safe message.")
+//	alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem")
+//	if err != nil {
+//		log.Fatal(err)
+//	}
 //
-//		bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem")
-//		if err != nil {
-//			log.Fatal(err)
-//		}
-//		encrypted, err := alice.Encrypt(msg, bob.PublicKey())
-//		if err != nil {
-//			log.Fatal(err)
-//		}
+//	bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem")
+//	if err != nil {
+//		log.Fatal(err)
+//	}
+//	encrypted, err := alice.Encrypt(msg, bob.PublicKey())
+//	if err != nil {
+//		log.Fatal(err)
+//	}
 //
-//		data, err := bob.Decrypt(encrypted, alice.PublicKey())
-//		if err != nil {
-//			log.Fatal(err)
-//		}
-//		fmt.Println(string(data))
+//	data, err := bob.Decrypt(encrypted, alice.PublicKey())
+//	if err != nil {
+//		log.Fatal(err)
+//	}
+//	fmt.Println(string(data))
 package token
 
 import (

tunnelrpc/pogs/auth_outcome.go

@@ -40,7 +40,6 @@ func (ar AuthenticateResponse) Outcome() AuthOutcome {
 }
 
 // AuthOutcome is a programmer-friendly sum type denoting the possible outcomes of Authenticate.
-//go-sumtype:decl AuthOutcome
 type AuthOutcome interface {
 	isAuthOutcome()
 	// Serialize into an AuthenticateResponse which can be sent via Capnp

validation/validation.go

@@ -61,9 +61,13 @@ func ValidateHostname(hostname string) (string, error) {
 
 // ValidateUrl returns a validated version of `originUrl` with a scheme prepended (by default http://).
 // Note: when originUrl contains a scheme, the path is removed:
-//   ValidateUrl("https://localhost:8080/api/") => "https://localhost:8080"
+//
+//	ValidateUrl("https://localhost:8080/api/") => "https://localhost:8080"
+//
 // but when it does not, the path is preserved:
-//   ValidateUrl("localhost:8080/api/") => "http://localhost:8080/api/"
+//
+//	ValidateUrl("localhost:8080/api/") => "http://localhost:8080/api/"
+//
 // This is arguably a bug, but changing it might break some cloudflared users.
 func ValidateUrl(originUrl string) (*url.URL, error) {
 	urlStr, err := validateUrlString(originUrl)