Replace deprecated ioutil package (#6230)

* Replace ioutil package * check integration test null pointer * Remove rotate retries Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-07 17:36:57 -07:00 · 2022-10-07 17:36:57 -07:00 · 06d81cb936
parent d650645944
commit 06d81cb936
42 changed files with 137 additions and 145 deletions
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@ -8,7 +8,7 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/url"
@ -145,13 +145,13 @@ func getNodeNamedCrt(nodeName string, nodeIPs []net.IP, nodePasswordFile string)
 			return nil, fmt.Errorf("%s: %s", u, resp.Status)
 		}

-		return ioutil.ReadAll(resp.Body)
+		return io.ReadAll(resp.Body)
 	}
 }

 func ensureNodeID(nodeIDFile string) (string, error) {
 	if _, err := os.Stat(nodeIDFile); err == nil {
-		id, err := ioutil.ReadFile(nodeIDFile)
+		id, err := os.ReadFile(nodeIDFile)
 		return strings.TrimSpace(string(id)), err
 	}
 	id := make([]byte, 4, 4)
@ -160,12 +160,12 @@ func ensureNodeID(nodeIDFile string) (string, error) {
 		return "", err
 	}
 	nodeID := hex.EncodeToString(id)
-	return nodeID, ioutil.WriteFile(nodeIDFile, []byte(nodeID+"\n"), 0644)
+	return nodeID, os.WriteFile(nodeIDFile, []byte(nodeID+"\n"), 0644)
 }

 func ensureNodePassword(nodePasswordFile string) (string, error) {
 	if _, err := os.Stat(nodePasswordFile); err == nil {
-		password, err := ioutil.ReadFile(nodePasswordFile)
+		password, err := os.ReadFile(nodePasswordFile)
 		return strings.TrimSpace(string(password)), err
 	}
 	password := make([]byte, 16, 16)
@ -174,15 +174,15 @@ func ensureNodePassword(nodePasswordFile string) (string, error) {
 		return "", err
 	}
 	nodePassword := hex.EncodeToString(password)
-	return nodePassword, ioutil.WriteFile(nodePasswordFile, []byte(nodePassword+"\n"), 0600)
+	return nodePassword, os.WriteFile(nodePasswordFile, []byte(nodePassword+"\n"), 0600)
 }

 func upgradeOldNodePasswordPath(oldNodePasswordFile, newNodePasswordFile string) {
-	password, err := ioutil.ReadFile(oldNodePasswordFile)
+	password, err := os.ReadFile(oldNodePasswordFile)
 	if err != nil {
 		return
 	}
-	if err := ioutil.WriteFile(newNodePasswordFile, password, 0600); err != nil {
+	if err := os.WriteFile(newNodePasswordFile, password, 0600); err != nil {
 		logrus.Warnf("Unable to write password file: %v", err)
 		return
 	}
@ -200,11 +200,11 @@ func getServingCert(nodeName string, nodeIPs []net.IP, servingCertFile, servingK

 	servingCert, servingKey := splitCertKeyPEM(servingCert)

-	if err := ioutil.WriteFile(servingCertFile, servingCert, 0600); err != nil {
+	if err := os.WriteFile(servingCertFile, servingCert, 0600); err != nil {
 		return nil, errors.Wrapf(err, "failed to write node cert")
 	}

-	if err := ioutil.WriteFile(servingKeyFile, servingKey, 0600); err != nil {
+	if err := os.WriteFile(servingKeyFile, servingKey, 0600); err != nil {
 		return nil, errors.Wrapf(err, "failed to write node key")
 	}

@ -222,15 +222,15 @@ func getHostFile(filename, keyFile string, info *clientaccess.Info) error {
 		return err
 	}
 	if keyFile == "" {
-		if err := ioutil.WriteFile(filename, fileBytes, 0600); err != nil {
+		if err := os.WriteFile(filename, fileBytes, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write cert %s", filename)
 		}
 	} else {
 		fileBytes, keyBytes := splitCertKeyPEM(fileBytes)
-		if err := ioutil.WriteFile(filename, fileBytes, 0600); err != nil {
+		if err := os.WriteFile(filename, fileBytes, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write cert %s", filename)
 		}
-		if err := ioutil.WriteFile(keyFile, keyBytes, 0600); err != nil {
+		if err := os.WriteFile(keyFile, keyBytes, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write key %s", filename)
 		}
 	}
@ -263,10 +263,10 @@ func getNodeNamedHostFile(filename, keyFile, nodeName string, nodeIPs []net.IP,
 	}
 	fileBytes, keyBytes := splitCertKeyPEM(fileBytes)

-	if err := ioutil.WriteFile(filename, fileBytes, 0600); err != nil {
+	if err := os.WriteFile(filename, fileBytes, 0600); err != nil {
 		return errors.Wrapf(err, "failed to write cert %s", filename)
 	}
-	if err := ioutil.WriteFile(keyFile, keyBytes, 0600); err != nil {
+	if err := os.WriteFile(keyFile, keyBytes, 0600); err != nil {
 		return errors.Wrapf(err, "failed to write key %s", filename)
 	}
 	return nil
--- a/pkg/agent/containerd/config_linux.go
+++ b/pkg/agent/containerd/config_linux.go
@ -5,7 +5,6 @@ package containerd

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"time"

@ -83,7 +82,7 @@ func setupContainerdConfig(ctx context.Context, cfg *config.Node) error {
 		logrus.Warnf("SELinux is enabled for "+version.Program+" but process is not running in context '%s', "+version.Program+"-selinux policy may need to be applied", SELinuxContextType)
 	}

-	containerdTemplateBytes, err := ioutil.ReadFile(cfg.Containerd.Template)
+	containerdTemplateBytes, err := os.ReadFile(cfg.Containerd.Template)
 	if err == nil {
 		logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)
 		containerdTemplate = string(containerdTemplateBytes)
--- a/pkg/agent/containerd/config_windows.go
+++ b/pkg/agent/containerd/config_windows.go
@ -5,7 +5,6 @@ package containerd

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"time"

@ -50,7 +49,7 @@ func setupContainerdConfig(ctx context.Context, cfg *config.Node) error {
 		PrivateRegistryConfig: privRegistries.Registry,
 	}

-	containerdTemplateBytes, err := ioutil.ReadFile(cfg.Containerd.Template)
+	containerdTemplateBytes, err := os.ReadFile(cfg.Containerd.Template)
 	if err == nil {
 		logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)
 		containerdTemplate = string(containerdTemplateBytes)
--- a/pkg/agent/containerd/containerd.go
+++ b/pkg/agent/containerd/containerd.go
@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -144,7 +143,7 @@ func preloadImages(ctx context.Context, cfg *config.Node) error {
 		return nil
 	}

-	fileInfos, err := ioutil.ReadDir(cfg.Images)
+	fileInfos, err := os.ReadDir(cfg.Images)
 	if err != nil {
 		logrus.Errorf("Unable to read images in %s: %v", cfg.Images, err)
 		return nil
--- a/pkg/agent/flannel/setup_test.go
+++ b/pkg/agent/flannel/setup_test.go
@ -1,8 +1,8 @@
 package flannel

 import (
-	"io/ioutil"
 	"net"
+	"os"
 	"regexp"
 	"strings"
 	"testing"
@ -68,7 +68,7 @@ func Test_createFlannelConf(t *testing.T) {
 			if err := createFlannelConf(nodeConfig); (err != nil) != tt.wantErr {
 				t.Errorf("createFlannelConf() error = %v, wantErr %v", err, tt.wantErr)
 			}
-			data, err := ioutil.ReadFile("test_file")
+			data, err := os.ReadFile("test_file")
 			if err != nil {
 				t.Errorf("Something went wrong when reading the flannel config file")
 			}
--- a/pkg/agent/loadbalancer/config.go
+++ b/pkg/agent/loadbalancer/config.go
@ -2,7 +2,7 @@ package loadbalancer

 import (
 	"encoding/json"
-	"io/ioutil"
+	"os"

 	"github.com/k3s-io/k3s/pkg/agent/util"
 )
@ -17,7 +17,7 @@ func (lb *LoadBalancer) writeConfig() error {

 func (lb *LoadBalancer) updateConfig() error {
 	writeConfig := true
-	if configBytes, err := ioutil.ReadFile(lb.configFile); err == nil {
+	if configBytes, err := os.ReadFile(lb.configFile); err == nil {
 		config := &LoadBalancer{}
 		if err := json.Unmarshal(configBytes, config); err == nil {
 			if config.ServerURL == lb.ServerURL {
--- a/pkg/agent/loadbalancer/loadbalancer_test.go
+++ b/pkg/agent/loadbalancer/loadbalancer_test.go
@ -5,7 +5,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/url"
 	"os"
@ -85,7 +84,7 @@ func assertNotEqual(t *testing.T, a interface{}, b interface{}) {
 }

 func Test_UnitFailOver(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "lb-test")
+	tmpDir, err := os.MkdirTemp("", "lb-test")
 	if err != nil {
 		assertEqual(t, err, nil)
 	}
@ -146,7 +145,7 @@ func Test_UnitFailOver(t *testing.T) {
 }

 func Test_UnitFailFast(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "lb-test")
+	tmpDir, err := os.MkdirTemp("", "lb-test")
 	if err != nil {
 		assertEqual(t, err, nil)
 	}
--- a/pkg/agent/run_linux.go
+++ b/pkg/agent/run_linux.go
@ -4,7 +4,6 @@
 package agent

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"

@ -38,5 +37,5 @@ func setupCriCtlConfig(cfg cmds.Agent, nodeConfig *config.Node) error {
 	}

 	crp := "runtime-endpoint: " + cre + "\n"
-	return ioutil.WriteFile(agentConfDir+"/crictl.yaml", []byte(crp), 0600)
+	return os.WriteFile(agentConfDir+"/crictl.yaml", []byte(crp), 0600)
 }
--- a/pkg/agent/run_windows.go
+++ b/pkg/agent/run_windows.go
@ -4,7 +4,6 @@
 package agent

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -40,5 +39,5 @@ func setupCriCtlConfig(cfg cmds.Agent, nodeConfig *config.Node) error {
 	}

 	crp := "runtime-endpoint: " + cre + "\n"
-	return ioutil.WriteFile(filepath.Join(agentConfDir, "crictl.yaml"), []byte(crp), 0600)
+	return os.WriteFile(filepath.Join(agentConfDir, "crictl.yaml"), []byte(crp), 0600)
 }
--- a/pkg/agent/util/file.go
+++ b/pkg/agent/util/file.go
@ -1,7 +1,6 @@
 package util

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"

@ -10,7 +9,7 @@ import (

 func WriteFile(name string, content string) error {
 	os.MkdirAll(filepath.Dir(name), 0755)
-	err := ioutil.WriteFile(name, []byte(content), 0644)
+	err := os.WriteFile(name, []byte(content), 0644)
 	if err != nil {
 		return errors.Wrapf(err, "writing %s", name)
 	}
@ -19,11 +18,11 @@ func WriteFile(name string, content string) error {

 func CopyFile(sourceFile string, destinationFile string) error {
 	os.MkdirAll(filepath.Dir(destinationFile), 0755)
-	input, err := ioutil.ReadFile(sourceFile)
+	input, err := os.ReadFile(sourceFile)
 	if err != nil {
 		return errors.Wrapf(err, "copying %s to %s", sourceFile, destinationFile)
 	}
-	err = ioutil.WriteFile(destinationFile, input, 0644)
+	err = os.WriteFile(destinationFile, input, 0644)
 	if err != nil {
 		return errors.Wrapf(err, "copying %s to %s", sourceFile, destinationFile)
 	}
--- a/pkg/authenticator/passwordfile/passwordfile_test.go
+++ b/pkg/authenticator/passwordfile/passwordfile_test.go
@ -18,7 +18,6 @@ package passwordfile

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"reflect"
 	"testing"
@ -146,14 +145,14 @@ func Test_UnitInsufficientColumnsPasswordFile(t *testing.T) {
 }

 func newWithContents(t *testing.T, contents string) (auth *PasswordAuthenticator, err error) {
-	f, err := ioutil.TempFile("", "passwordfile_test")
+	f, err := os.CreateTemp("", "passwordfile_test")
 	if err != nil {
 		t.Fatalf("unexpected error creating passwordfile: %v", err)
 	}
 	f.Close()
 	defer os.Remove(f.Name())

-	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil {
+	if err := os.WriteFile(f.Name(), []byte(contents), 0700); err != nil {
 		t.Fatalf("unexpected error writing passwordfile: %v", err)
 	}

--- a/pkg/bootstrap/bootstrap.go
+++ b/pkg/bootstrap/bootstrap.go
@ -3,7 +3,6 @@ package bootstrap
 import (
 	"encoding/json"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
@ -34,7 +33,7 @@ func ReadFromDisk(w io.Writer, bootstrap *config.ControlRuntimeBootstrap) error
 		if path == "" {
 			continue
 		}
-		data, err := ioutil.ReadFile(path)
+		data, err := os.ReadFile(path)
 		if err != nil {
 			logrus.Warnf("failed to read %s", path)
 			continue
--- a/pkg/cgroups/cgroups_linux.go
+++ b/pkg/cgroups/cgroups_linux.go
@ -7,7 +7,6 @@ import (
 	"bufio"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -26,7 +25,7 @@ func Validate() error {
 }

 func validateCgroupsV1() error {
-	cgroups, err := ioutil.ReadFile("/proc/self/cgroup")
+	cgroups, err := os.ReadFile("/proc/self/cgroup")
 	if err != nil {
 		return err
 	}
--- a/pkg/cli/cert/cert.go
+++ b/pkg/cli/cert/cert.go
@ -2,7 +2,6 @@ package cert

 import (
 	"errors"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@ -154,7 +153,7 @@ func rotate(app *cli.Context, cfg *cmds.Server) error {
 				serverConfig.ControlConfig.Runtime.ClientCloudControllerKey)
 		case version.Program + k3sServerService:
 			dynamicListenerRegenFilePath := filepath.Join(serverDataDir, "tls", "dynamic-cert-regenerate")
-			if err := ioutil.WriteFile(dynamicListenerRegenFilePath, []byte{}, 0600); err != nil {
+			if err := os.WriteFile(dynamicListenerRegenFilePath, []byte{}, 0600); err != nil {
 				return err
 			}
 			logrus.Infof("Rotating dynamic listener certificate")
@ -199,11 +198,11 @@ func rotate(app *cli.Context, cfg *cmds.Server) error {
 func copyFile(src, destDir string) error {
 	_, err := os.Stat(src)
 	if err == nil {
-		input, err := ioutil.ReadFile(src)
+		input, err := os.ReadFile(src)
 		if err != nil {
 			return err
 		}
-		return ioutil.WriteFile(filepath.Join(destDir, filepath.Base(src)), input, 0644)
+		return os.WriteFile(filepath.Join(destDir, filepath.Base(src)), input, 0644)
 	} else if errors.Is(err, os.ErrNotExist) {
 		return nil
 	}
--- a/pkg/cli/secretsencrypt/secrets_encrypt.go
+++ b/pkg/cli/secretsencrypt/secrets_encrypt.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -33,7 +32,7 @@ func commandPrep(app *cli.Context, cfg *cmds.Server) (*clientaccess.Info, error)

 	if cfg.Token == "" {
 		fp := filepath.Join(dataDir, "token")
-		tokenByte, err := ioutil.ReadFile(fp)
+		tokenByte, err := os.ReadFile(fp)
 		if err != nil {
 			return nil, err
 		}
--- a/pkg/clientaccess/kubeconfig.go
+++ b/pkg/clientaccess/kubeconfig.go
@ -1,7 +1,7 @@
 package clientaccess

 import (
-	"io/ioutil"
+	"os"

 	"github.com/pkg/errors"
 	"k8s.io/client-go/tools/clientcmd"
@ -10,17 +10,17 @@ import (

 // WriteClientKubeConfig generates a kubeconfig at destFile that can be used to connect to a server at url with the given certs and keys
 func WriteClientKubeConfig(destFile, url, serverCAFile, clientCertFile, clientKeyFile string) error {
-	serverCA, err := ioutil.ReadFile(serverCAFile)
+	serverCA, err := os.ReadFile(serverCAFile)
 	if err != nil {
 		return errors.Wrapf(err, "failed to read %s", serverCAFile)
 	}

-	clientCert, err := ioutil.ReadFile(clientCertFile)
+	clientCert, err := os.ReadFile(clientCertFile)
 	if err != nil {
 		return errors.Wrapf(err, "failed to read %s", clientCertFile)
 	}

-	clientKey, err := ioutil.ReadFile(clientKeyFile)
+	clientKey, err := os.ReadFile(clientKeyFile)
 	if err != nil {
 		return errors.Wrapf(err, "failed to read %s", clientKeyFile)
 	}
--- a/pkg/clientaccess/token.go
+++ b/pkg/clientaccess/token.go
@ -7,9 +7,10 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 	"time"

@ -296,7 +297,7 @@ func get(u string, client *http.Client, username, password string) ([]byte, erro
 		return nil, fmt.Errorf("%s: %s", u, resp.Status)
 	}

-	return ioutil.ReadAll(resp.Body)
+	return io.ReadAll(resp.Body)
 }

 // put makes a request to a url using a provided client, username, and password
@ -317,7 +318,7 @@ func put(u string, body []byte, client *http.Client, username, password string)
 	}
 	defer resp.Body.Close()

-	respBody, _ := ioutil.ReadAll(resp.Body)
+	respBody, _ := io.ReadAll(resp.Body)
 	if resp.StatusCode != http.StatusOK {
 		return fmt.Errorf("%s: %s %s", u, resp.Status, string(respBody))
 	}
@ -332,7 +333,7 @@ func FormatToken(token, certFile string) (string, error) {

 	certHash := ""
 	if len(certFile) > 0 {
-		b, err := ioutil.ReadFile(certFile)
+		b, err := os.ReadFile(certFile)
 		if err != nil {
 			return "", nil
 		}
--- a/pkg/cloudprovider/cloudprovider.go
+++ b/pkg/cloudprovider/cloudprovider.go
@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"

 	"github.com/k3s-io/k3s/pkg/util"
 	"github.com/k3s-io/k3s/pkg/version"
@ -63,7 +62,7 @@ func init() {

 		if config != nil {
 			var bytes []byte
-			bytes, err = ioutil.ReadAll(config)
+			bytes, err = io.ReadAll(config)
 			if err == nil {
 				err = json.Unmarshal(bytes, &k.Config)
 			}
--- a/pkg/cluster/bootstrap.go
+++ b/pkg/cluster/bootstrap.go
@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@ -340,7 +339,7 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker,
 		}
 		defer f.Close()

-		fData, err := ioutil.ReadAll(f)
+		fData, err := io.ReadAll(f)
 		if err != nil {
 			return errors.Wrapf(err, "reconcile failed to read %s", pathKey)
 		}
--- a/pkg/cluster/https.go
+++ b/pkg/cluster/https.go
@ -5,7 +5,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net"
 	"net/http"
@ -115,7 +115,7 @@ func (c *Cluster) initClusterAndHTTPS(ctx context.Context) error {
 	if logrus.IsLevelEnabled(logrus.DebugLevel) {
 		server.ErrorLog = log.New(logrus.StandardLogger().Writer(), "Cluster-Http-Server ", log.LstdFlags)
 	} else {
-		server.ErrorLog = log.New(ioutil.Discard, "Cluster-Http-Server", 0)
+		server.ErrorLog = log.New(io.Discard, "Cluster-Http-Server", 0)
 	}

 	// Start the supervisor http server on the tls listener
--- a/pkg/cluster/storage.go
+++ b/pkg/cluster/storage.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"context"
 	"errors"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -183,7 +182,7 @@ func getBootstrapKeyFromStorage(ctx context.Context, storageClient client.Client
 func readTokenFromFile(serverToken, certs, dataDir string) (string, error) {
 	tokenFile := filepath.Join(dataDir, "token")

-	b, err := ioutil.ReadFile(tokenFile)
+	b, err := os.ReadFile(tokenFile)
 	if err != nil {
 		if os.IsNotExist(err) {
 			token, err := clientaccess.FormatToken(serverToken, certs)
--- a/pkg/configfilearg/parser.go
+++ b/pkg/configfilearg/parser.go
@ -2,7 +2,7 @@ package configfilearg

 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@ -183,7 +183,7 @@ func (p *Parser) findStart(args []string) ([]string, []string, bool) {
 }

 func dotDFiles(basefile string) (result []string, _ error) {
-	files, err := ioutil.ReadDir(basefile + ".d")
+	files, err := os.ReadDir(basefile + ".d")
 	if os.IsNotExist(err) {
 		return nil, nil
 	} else if err != nil {
@ -295,8 +295,8 @@ func readConfigFileData(file string) ([]byte, error) {
 			return nil, fmt.Errorf("failed to read http config %s: %w", file, err)
 		}
 		defer resp.Body.Close()
-		return ioutil.ReadAll(resp.Body)
+		return io.ReadAll(resp.Body)
 	default:
-		return ioutil.ReadFile(file)
+		return os.ReadFile(file)
 	}
 }
--- a/pkg/daemons/control/deps/deps.go
+++ b/pkg/daemons/control/deps/deps.go
@ -10,7 +10,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@ -254,7 +253,7 @@ func genUsers(config *config.Control) error {
 func genEncryptedNetworkInfo(controlConfig *config.Control) error {
 	runtime := controlConfig.Runtime
 	if s, err := os.Stat(runtime.IPSECKey); err == nil && s.Size() > 0 {
-		psk, err := ioutil.ReadFile(runtime.IPSECKey)
+		psk, err := os.ReadFile(runtime.IPSECKey)
 		if err != nil {
 			return err
 		}
@ -268,7 +267,7 @@ func genEncryptedNetworkInfo(controlConfig *config.Control) error {
 	}

 	controlConfig.IPSECPSK = psk
-	return ioutil.WriteFile(runtime.IPSECKey, []byte(psk+"\n"), 0600)
+	return os.WriteFile(runtime.IPSECKey, []byte(psk+"\n"), 0600)
 }

 func getServerPass(passwd *passwd.Passwd, config *config.Control) (string, error) {
@ -672,13 +671,13 @@ func genEncryptionConfigAndState(controlConfig *config.Control) error {
 	if s, err := os.Stat(runtime.EncryptionConfig); err == nil && s.Size() > 0 {
 		// On upgrade from older versions, the encryption hash may not exist, create it
 		if _, err := os.Stat(runtime.EncryptionHash); errors.Is(err, os.ErrNotExist) {
-			curEncryptionByte, err := ioutil.ReadFile(runtime.EncryptionConfig)
+			curEncryptionByte, err := os.ReadFile(runtime.EncryptionConfig)
 			if err != nil {
 				return err
 			}
 			encryptionConfigHash := sha256.Sum256(curEncryptionByte)
 			ann := "start-" + hex.EncodeToString(encryptionConfigHash[:])
-			return ioutil.WriteFile(controlConfig.Runtime.EncryptionHash, []byte(ann), 0600)
+			return os.WriteFile(controlConfig.Runtime.EncryptionHash, []byte(ann), 0600)
 		}
 		return nil
 	}
@ -720,12 +719,12 @@ func genEncryptionConfigAndState(controlConfig *config.Control) error {
 	if err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(runtime.EncryptionConfig, b, 0600); err != nil {
+	if err := os.WriteFile(runtime.EncryptionConfig, b, 0600); err != nil {
 		return err
 	}
 	encryptionConfigHash := sha256.Sum256(b)
 	ann := "start-" + hex.EncodeToString(encryptionConfigHash[:])
-	return ioutil.WriteFile(controlConfig.Runtime.EncryptionHash, []byte(ann), 0600)
+	return os.WriteFile(controlConfig.Runtime.EncryptionHash, []byte(ann), 0600)
 }

 func genEgressSelectorConfig(controlConfig *config.Control) error {
@ -768,7 +767,7 @@ func genEgressSelectorConfig(controlConfig *config.Control) error {
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(controlConfig.Runtime.EgressSelectorConfig, b, 0600)
+	return os.WriteFile(controlConfig.Runtime.EgressSelectorConfig, b, 0600)
 }

 func genCloudConfig(controlConfig *config.Control) error {
@ -786,6 +785,6 @@ func genCloudConfig(controlConfig *config.Control) error {
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(controlConfig.Runtime.CloudControllerConfig, b, 0600)
+	return os.WriteFile(controlConfig.Runtime.CloudControllerConfig, b, 0600)

 }
--- a/pkg/daemons/executor/etcd.go
+++ b/pkg/daemons/executor/etcd.go
@ -3,7 +3,7 @@ package executor
 import (
 	"context"
 	"errors"
-	"io/ioutil"
+	"os"
 	"path/filepath"

 	daemonconfig "github.com/k3s-io/k3s/pkg/daemons/config"
@ -37,7 +37,7 @@ func (e *Embedded) ETCD(ctx context.Context, args ETCDConfig, extraArgs []string
 		case err := <-etcd.Server.ErrNotify():
 			if errors.Is(err, rafthttp.ErrMemberRemoved) {
 				tombstoneFile := filepath.Join(args.DataDir, "tombstone")
-				if err := ioutil.WriteFile(tombstoneFile, []byte{}, 0600); err != nil {
+				if err := os.WriteFile(tombstoneFile, []byte{}, 0600); err != nil {
 					logrus.Fatalf("failed to write tombstone file to %s", tombstoneFile)
 				}
 				logrus.Infof("this node has been removed from the cluster please restart %s to rejoin the cluster", version.Program)
--- a/pkg/daemons/executor/executor.go
+++ b/pkg/daemons/executor/executor.go
@ -2,7 +2,6 @@ package executor

 import (
 	"context"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
@ -123,7 +122,7 @@ func (e ETCDConfig) ToConfigFile(extraArgs []string) (string, error) {
 	if err := os.MkdirAll(e.DataDir, 0700); err != nil {
 		return "", err
 	}
-	return confFile, ioutil.WriteFile(confFile, bytes, 0600)
+	return confFile, os.WriteFile(confFile, bytes, 0600)
 }

 func Set(driver Executor) {
--- a/pkg/deploy/controller.go
+++ b/pkg/deploy/controller.go
@ -7,7 +7,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sort"
@ -176,7 +175,7 @@ func (w *watcher) deploy(path string, compareChecksum bool) error {
 		addon = *newAddon
 	}

-	content, err := ioutil.ReadFile(path)
+	content, err := os.ReadFile(path)
 	if err != nil {
 		w.recorder.Eventf(&addon, corev1.EventTypeWarning, "ReadManifestFailed", "Read manifest at %q failed: %v", path, err)
 		return err
@ -224,7 +223,7 @@ func (w *watcher) delete(path string) error {
 		return err
 	}

-	content, err := ioutil.ReadFile(path)
+	content, err := os.ReadFile(path)
 	if err != nil {
 		w.recorder.Eventf(&addon, corev1.EventTypeWarning, "ReadManifestFailed", "Read manifest at %q failed: %v", path, err)
 	} else {
--- a/pkg/deploy/stage.go
+++ b/pkg/deploy/stage.go
@ -4,7 +4,6 @@ package deploy

 import (
 	"bytes"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -38,7 +37,7 @@ staging:
 		p := filepath.Join(dataDir, name)
 		os.MkdirAll(filepath.Dir(p), 0700)
 		logrus.Info("Writing manifest: ", p)
-		if err := ioutil.WriteFile(p, content, 0600); err != nil {
+		if err := os.WriteFile(p, content, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write to %s", name)
 		}
 	}
--- a/pkg/etcd/etcd.go
+++ b/pkg/etcd/etcd.go
@ -9,7 +9,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
+	"io/fs"
 	"net"
 	"net/http"
 	"net/url"
@ -352,7 +352,7 @@ func (e *ETCD) Reset(ctx context.Context, rebootstrap func() error) error {
 		return err
 	}
 	// touch a file to avoid multiple resets
-	if err := ioutil.WriteFile(ResetFile(e.config), []byte{}, 0600); err != nil {
+	if err := os.WriteFile(ResetFile(e.config), []byte{}, 0600); err != nil {
 		return err
 	}
 	return e.newCluster(ctx, true)
@ -561,13 +561,13 @@ func (e *ETCD) Register(ctx context.Context, config *config.Control, handler htt
 // name is used on subsequent calls.
 func (e *ETCD) setName(force bool) error {
 	fileName := nameFile(e.config)
-	data, err := ioutil.ReadFile(fileName)
+	data, err := os.ReadFile(fileName)
 	if os.IsNotExist(err) || force {
 		e.name = e.config.ServerNodeName + "-" + uuid.New().String()[:8]
 		if err := os.MkdirAll(filepath.Dir(fileName), 0700); err != nil {
 			return err
 		}
-		return ioutil.WriteFile(fileName, []byte(e.name), 0600)
+		return os.WriteFile(fileName, []byte(e.name), 0600)
 	} else if err != nil {
 		return err
 	}
@ -1488,22 +1488,26 @@ func (e *ETCD) listLocalSnapshots() (map[string]snapshotFile, error) {
 		return snapshots, errors.Wrap(err, "failed to get the snapshot dir")
 	}

-	files, err := ioutil.ReadDir(snapshotDir)
+	dirEntries, err := os.ReadDir(snapshotDir)
 	if err != nil {
 		return nil, err
 	}

 	nodeName := os.Getenv("NODE_NAME")

-	for _, f := range files {
+	for _, de := range dirEntries {
+		file, err := de.Info()
+		if err != nil {
+			return nil, err
+		}
 		sf := snapshotFile{
-			Name:     f.Name(),
-			Location: "file://" + filepath.Join(snapshotDir, f.Name()),
+			Name:     file.Name(),
+			Location: "file://" + filepath.Join(snapshotDir, file.Name()),
 			NodeName: nodeName,
 			CreatedAt: &metav1.Time{
-				Time: f.ModTime(),
+				Time: file.ModTime(),
 			},
-			Size:   f.Size(),
+			Size:   file.Size(),
 			Status: successfulSnapshotStatus,
 		}
 		sfKey := generateSnapshotConfigMapKey(sf)
@ -2024,7 +2028,18 @@ func backupDirWithRetention(dir string, maxBackupRetention int) (string, error)
 	if _, err := os.Stat(dir); err != nil {
 		return "", nil
 	}
-	files, err := ioutil.ReadDir(filepath.Dir(dir))
+	entries, err := os.ReadDir(filepath.Dir(dir))
+	if err != nil {
+		return "", err
+	}
+	files := make([]fs.FileInfo, 0, len(entries))
+	for _, entry := range entries {
+		info, err := entry.Info()
+		if err != nil {
+			return "", err
+		}
+		files = append(files, info)
+	}
 	if err != nil {
 		return "", err
 	}
--- a/pkg/etcd/s3.go
+++ b/pkg/etcd/s3.go
@ -8,7 +8,6 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
@ -269,7 +268,7 @@ func (s *S3) snapshotRetention(ctx context.Context) error {
 func readS3EndpointCA(endpointCA string) ([]byte, error) {
 	ca, err := base64.StdEncoding.DecodeString(endpointCA)
 	if err != nil {
-		return ioutil.ReadFile(endpointCA)
+		return os.ReadFile(endpointCA)
 	}
 	return ca, nil
 }
--- a/pkg/nodepassword/nodepassword_test.go
+++ b/pkg/nodepassword/nodepassword_test.go
@ -2,7 +2,6 @@ package nodepassword

 import (
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"runtime"
@ -209,7 +208,7 @@ func assertNotEqual(t *testing.T, a interface{}, b interface{}) {
 }

 func generateNodePasswordFile(migrateNumNodes int) string {
-	tempFile, err := ioutil.TempFile("", "node-password-test.*")
+	tempFile, err := os.CreateTemp("", "node-password-test.*")
 	if err != nil {
 		log.Fatal(err)
 	}
@ -219,7 +218,7 @@ func generateNodePasswordFile(migrateNumNodes int) string {
 	for i := 1; i <= migrateNumNodes; i++ {
 		passwordEntries += fmt.Sprintf("node%d,node%d\n", i, i)
 	}
-	if err := ioutil.WriteFile(tempFile.Name(), []byte(passwordEntries), 0600); err != nil {
+	if err := os.WriteFile(tempFile.Name(), []byte(passwordEntries), 0600); err != nil {
 		log.Fatal(err)
 	}

--- a/pkg/rootless/rootless.go
+++ b/pkg/rootless/rootless.go
@ -4,7 +4,6 @@
 package rootless

 import (
-	"io/ioutil"
 	"net"
 	"os"
 	"os/exec"
@ -100,7 +99,7 @@ func validateSysctl() error {

 func readSysctl(key string) (string, error) {
 	p := "/proc/sys/" + strings.ReplaceAll(key, ".", "/")
-	b, err := ioutil.ReadFile(p)
+	b, err := os.ReadFile(p)
 	if err != nil {
 		return "", err
 	}
@ -126,7 +125,7 @@ func createParentOpt(stateDir string) (*parent.Opt, error) {
 		return nil, errors.Wrapf(err, "failed to mkdir %s", stateDir)
 	}

-	stateDir, err := ioutil.TempDir("", "rootless")
+	stateDir, err := os.MkdirTemp("", "rootless")
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/secretsencrypt/config.go
+++ b/pkg/secretsencrypt/config.go
@ -5,7 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"

 	"github.com/k3s-io/k3s/pkg/daemons/config"
 	"github.com/k3s-io/k3s/pkg/version"
@ -28,7 +28,7 @@ const (
 var EncryptionHashAnnotation = version.Program + ".io/encryption-config-hash"

 func GetEncryptionProviders(runtime *config.ControlRuntime) ([]apiserverconfigv1.ProviderConfiguration, error) {
-	curEncryptionByte, err := ioutil.ReadFile(runtime.EncryptionConfig)
+	curEncryptionByte, err := os.ReadFile(runtime.EncryptionConfig)
 	if err != nil {
 		return nil, err
 	}
@ -106,11 +106,11 @@ func WriteEncryptionConfig(runtime *config.ControlRuntime, keys []apiserverconfi
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(runtime.EncryptionConfig, jsonfile, 0600)
+	return os.WriteFile(runtime.EncryptionConfig, jsonfile, 0600)
 }

 func GenEncryptionConfigHash(runtime *config.ControlRuntime) (string, error) {
-	curEncryptionByte, err := ioutil.ReadFile(runtime.EncryptionConfig)
+	curEncryptionByte, err := os.ReadFile(runtime.EncryptionConfig)
 	if err != nil {
 		return "", err
 	}
@ -140,7 +140,7 @@ func GenReencryptHash(runtime *config.ControlRuntime, keyName string) (string, e
 }

 func getEncryptionHashFile(runtime *config.ControlRuntime) (string, error) {
-	curEncryptionByte, err := ioutil.ReadFile(runtime.EncryptionHash)
+	curEncryptionByte, err := os.ReadFile(runtime.EncryptionHash)
 	if err != nil {
 		return "", err
 	}
@ -170,5 +170,5 @@ func WriteEncryptionHashAnnotation(runtime *config.ControlRuntime, node *corev1.
 		return err
 	}
 	logrus.Debugf("encryption hash annotation set successfully on node: %s\n", node.ObjectMeta.Name)
-	return ioutil.WriteFile(runtime.EncryptionHash, []byte(ann), 0600)
+	return os.WriteFile(runtime.EncryptionHash, []byte(ann), 0600)
 }
--- a/pkg/server/etcd.go
+++ b/pkg/server/etcd.go
@ -2,7 +2,6 @@ package server

 import (
 	"context"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"time"
@ -75,7 +74,7 @@ func setETCDLabelsAndAnnotations(ctx context.Context, config *Config) error {
 		}
 		fileName := filepath.Join(controlConfig.DataDir, "db", "etcd", "name")

-		data, err := ioutil.ReadFile(fileName)
+		data, err := os.ReadFile(fileName)
 		if err != nil {
 			logrus.Infof("Waiting for etcd node name file to be available: %v", err)
 			continue
--- a/pkg/server/router.go
+++ b/pkg/server/router.go
@ -5,7 +5,6 @@ import (
 	"crypto"
 	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@ -131,7 +130,7 @@ func cacerts(serverCA string) http.Handler {
 	return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
 		if ca == nil {
 			var err error
-			ca, err = ioutil.ReadFile(serverCA)
+			ca, err = os.ReadFile(serverCA)
 			if err != nil {
 				sendError(err, resp)
 				return
@ -157,7 +156,7 @@ func getNodeInfo(req *http.Request) (string, string, error) {
 }

 func getCACertAndKeys(caCertFile, caKeyFile, signingKeyFile string) ([]*x509.Certificate, crypto.Signer, crypto.Signer, error) {
-	keyBytes, err := ioutil.ReadFile(signingKeyFile)
+	keyBytes, err := os.ReadFile(signingKeyFile)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@ -167,7 +166,7 @@ func getCACertAndKeys(caCertFile, caKeyFile, signingKeyFile string) ([]*x509.Cer
 		return nil, nil, nil, err
 	}

-	caKeyBytes, err := ioutil.ReadFile(caKeyFile)
+	caKeyBytes, err := os.ReadFile(caKeyFile)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@ -177,7 +176,7 @@ func getCACertAndKeys(caCertFile, caKeyFile, signingKeyFile string) ([]*x509.Cer
 		return nil, nil, nil, err
 	}

-	caBytes, err := ioutil.ReadFile(caCertFile)
+	caBytes, err := os.ReadFile(caCertFile)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@ -235,7 +234,7 @@ func servingKubeletCert(server *config.Control, keyFile string, auth nodePassBoo
 			return
 		}

-		keyBytes, err := ioutil.ReadFile(keyFile)
+		keyBytes, err := os.ReadFile(keyFile)
 		if err != nil {
 			http.Error(resp, err.Error(), http.StatusInternalServerError)
 			return
@ -275,7 +274,7 @@ func clientKubeletCert(server *config.Control, keyFile string, auth nodePassBoot
 			return
 		}

-		keyBytes, err := ioutil.ReadFile(keyFile)
+		keyBytes, err := os.ReadFile(keyFile)
 		if err != nil {
 			http.Error(resp, err.Error(), http.StatusInternalServerError)
 			return
@ -300,7 +299,7 @@ func fileHandler(fileName ...string) http.Handler {
 		}

 		for _, f := range fileName {
-			bytes, err := ioutil.ReadFile(f)
+			bytes, err := os.ReadFile(f)
 			if err != nil {
 				logrus.Errorf("Failed to read %s: %v", f, err)
 				resp.WriteHeader(http.StatusInternalServerError)
@ -442,7 +441,7 @@ func verifyLocalPassword(ctx context.Context, config *Config, mu *sync.Mutex, de
 	nodeConfigPath := filepath.Join(nodePasswordRoot, "etc", "rancher", "node")
 	nodePasswordFile := filepath.Join(nodeConfigPath, "password")

-	passBytes, err := ioutil.ReadFile(nodePasswordFile)
+	passBytes, err := os.ReadFile(nodePasswordFile)
 	if err != nil {
 		return "", http.StatusInternalServerError, errors.Wrap(err, "unable to read node password file")
 	}
--- a/pkg/server/secrets-encrypt.go
+++ b/pkg/server/secrets-encrypt.go
@ -6,7 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"math/big"
 	"net/http"
 	"os"
@ -43,7 +43,7 @@ type EncryptionRequest struct {
 }

 func getEncryptionRequest(req *http.Request) (EncryptionRequest, error) {
-	b, err := ioutil.ReadAll(req.Body)
+	b, err := io.ReadAll(req.Body)
 	if err != nil {
 		return EncryptionRequest{}, err
 	}
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -3,7 +3,6 @@ package server
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@ -446,7 +445,7 @@ func writeToken(token, file, certs string) error {
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(file, []byte(token+"\n"), 0600)
+	return os.WriteFile(file, []byte(token+"\n"), 0600)
 }

 func setNoProxyEnv(config *config.Control) error {
--- a/pkg/static/stage.go
+++ b/pkg/static/stage.go
@ -3,7 +3,6 @@
 package static

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"

@ -20,7 +19,7 @@ func Stage(dataDir string) error {
 		p := filepath.Join(dataDir, name)
 		logrus.Info("Writing static file: ", p)
 		os.MkdirAll(filepath.Dir(p), 0700)
-		if err := ioutil.WriteFile(p, content, 0600); err != nil {
+		if err := os.WriteFile(p, content, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write to %s", name)
 		}
 	}
--- a/pkg/token/read.go
+++ b/pkg/token/read.go
@ -3,7 +3,6 @@ package token
 import (
 	cryptorand "crypto/rand"
 	"encoding/hex"
-	"io/ioutil"
 	"os"
 	"strings"
 	"time"
@ -26,7 +25,7 @@ func ReadFile(path string) (string, error) {
 	}

 	for {
-		tokenBytes, err := ioutil.ReadFile(path)
+		tokenBytes, err := os.ReadFile(path)
 		if err == nil {
 			return strings.TrimSpace(string(tokenBytes)), nil
 		} else if os.IsNotExist(err) {
--- a/tests/e2e/testutils.go
+++ b/tests/e2e/testutils.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -196,7 +196,7 @@ func DeployWorkload(workload, kubeconfig string, hardened bool) (string, error)
 	if hardened {
 		resourceDir = "../cis_amd64_resource_files"
 	}
-	files, err := ioutil.ReadDir(resourceDir)
+	files, err := os.ReadDir(resourceDir)
 	if err != nil {
 		err = fmt.Errorf("%s : Unable to read resource manifest file for %s", err, workload)
 		return "", err
@ -288,7 +288,7 @@ func GetVagrantLog(cErr error) string {
 	if err != nil {
 		return err.Error()
 	}
-	bytes, err := ioutil.ReadAll(log)
+	bytes, err := io.ReadAll(log)
 	if err != nil {
 		return err.Error()
 	}
--- a/tests/integration/integration.go
+++ b/tests/integration/integration.go
@ -6,7 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"os/exec"
 	"os/user"
@ -231,8 +231,10 @@ func K3sStartServer(inputArgs ...string) (*K3sServer, error) {

 // K3sKillServer terminates the running K3s server and its children
 func K3sKillServer(server *K3sServer) error {
-	server.log.Close()
-	os.Remove(server.log.Name())
+	if server.log != nil {
+		server.log.Close()
+		os.Remove(server.log.Name())
+	}
 	pgid, err := syscall.Getpgid(server.cmd.Process.Pid)
 	if err != nil {
 		if errors.Is(err, syscall.ESRCH) {
@ -297,7 +299,7 @@ func K3sDumpLog(server *K3sServer) error {
 		return err
 	}
 	defer log.Close()
-	b, err := ioutil.ReadAll(log)
+	b, err := io.ReadAll(log)
 	if err != nil {
 		return err
 	}
--- a/tests/integration/secretsencryption/secretsencryption_int_test.go
+++ b/tests/integration/secretsencryption/secretsencryption_int_test.go
@ -68,12 +68,13 @@ var _ = Describe("secrets encryption rotation", Ordered, func() {
 			Eventually(func() error {
 				return testutil.K3sDefaultDeployments()
 			}, "180s", "5s").Should(Succeed())
+			Eventually(func() (string, error) {
+				return testutil.K3sCmd("secrets-encrypt status -d", secretsEncryptionDataDir)
+			}, "30s", "5s").Should(ContainSubstring("Current Rotation Stage: prepare"))
 		})
 		It("rotates the keys", func() {
-			Eventually(func() (string, error) {
-				return testutil.K3sCmd("secrets-encrypt rotate -d", secretsEncryptionDataDir)
-			}, "10s", "2s").Should(ContainSubstring("rotate completed successfully"))
-
+			Expect(testutil.K3sCmd("secrets-encrypt rotate -d", secretsEncryptionDataDir)).
+				To(ContainSubstring("rotate completed successfully"))
 			result, err := testutil.K3sCmd("secrets-encrypt status -d", secretsEncryptionDataDir)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(result).To(ContainSubstring("Current Rotation Stage: rotate"))
--- a/tests/terraform/testutils.go
+++ b/tests/terraform/testutils.go
@ -3,8 +3,8 @@ package terraform
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"log"
+	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
@ -50,7 +50,7 @@ func checkError(e error) {
 }

 func publicKey(path string) ssh.AuthMethod {
-	key, err := ioutil.ReadFile(path)
+	key, err := os.ReadFile(path)
 	if err != nil {
 		panic(err)
 	}
@ -127,7 +127,7 @@ func DeployWorkload(workload, kubeconfig string, arch string) (string, error) {
 	if arch == "arm64" {
 		resourceDir = GetBasepath() + "/tests/terraform/arm_resource_files"
 	}
-	files, err := ioutil.ReadDir(resourceDir)
+	files, err := os.ReadDir(resourceDir)
 	if err != nil {
 		err = fmt.Errorf("%s : Unable to read resource manifest file for %s", err, workload)
 		return "", err