cli/command/trust: remove deprecated io/ioutil and use t.TempDir()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 14:33:57 +01:00 · 2022-02-25 14:33:57 +01:00 · b5dce3c9e6
parent e0299ff862
commit b5dce3c9e6
12 changed files with 80 additions and 159 deletions
--- a/cli/command/trust/helpers_test.go
+++ b/cli/command/trust/helpers_test.go
@ -1,8 +1,6 @@
 package trust

 import (
-	"io/ioutil"
-	"os"
 	"testing"

 	"github.com/theupdateframework/notary/client"
@ -12,11 +10,7 @@ import (
 )

 func TestGetOrGenerateNotaryKeyAndInitRepo(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)

 	err = getOrGenerateRootKeyAndInitRepo(notaryRepo)
--- a/cli/command/trust/inspect_pretty_test.go
+++ b/cli/command/trust/inspect_pretty_test.go
@ -5,7 +5,6 @@ import (
 	"context"
 	"encoding/hex"
 	"io"
-	"io/ioutil"
 	"testing"

 	"github.com/docker/cli/cli/trust"
@ -65,7 +64,7 @@ func TestTrustInspectPrettyCommandErrors(t *testing.T) {
 		cmd := newInspectCommand(
 			test.NewFakeCli(&fakeClient{}))
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		cmd.Flags().Set("pretty", "true")
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
@ -77,7 +76,7 @@ func TestTrustInspectPrettyCommandOfflineErrors(t *testing.T) {
 	cmd := newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"nonexistent-reg-name.io/image"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image")

 	cli = test.NewFakeCli(&fakeClient{})
@ -85,7 +84,7 @@ func TestTrustInspectPrettyCommandOfflineErrors(t *testing.T) {
 	cmd = newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"nonexistent-reg-name.io/image:tag"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image")
 }

@ -95,7 +94,7 @@ func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) {
 	cmd := newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/unsigned-img"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img")

 	cli = test.NewFakeCli(&fakeClient{})
@ -103,7 +102,7 @@ func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) {
 	cmd = newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/unsigned-img:tag"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img:tag")
 }

@ -113,7 +112,7 @@ func TestTrustInspectPrettyCommandEmptyNotaryRepoErrors(t *testing.T) {
 	cmd := newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/img:unsigned-tag"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.NilError(t, cmd.Execute())
 	assert.Check(t, is.Contains(cli.OutBuffer().String(), "No signatures for reg/img:unsigned-tag"))
 	assert.Check(t, is.Contains(cli.OutBuffer().String(), "Administrative keys for reg/img"))
@ -123,7 +122,7 @@ func TestTrustInspectPrettyCommandEmptyNotaryRepoErrors(t *testing.T) {
 	cmd = newInspectCommand(cli)
 	cmd.Flags().Set("pretty", "true")
 	cmd.SetArgs([]string{"reg/img"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.NilError(t, cmd.Execute())
 	assert.Check(t, is.Contains(cli.OutBuffer().String(), "No signatures for reg/img"))
 	assert.Check(t, is.Contains(cli.OutBuffer().String(), "Administrative keys for reg/img"))
--- a/cli/command/trust/inspect_test.go
+++ b/cli/command/trust/inspect_test.go
@ -1,7 +1,7 @@
 package trust

 import (
-	"io/ioutil"
+	"io"
 	"testing"

 	"github.com/docker/cli/cli/trust"
@ -38,7 +38,7 @@ func TestTrustInspectCommandErrors(t *testing.T) {
 			test.NewFakeCli(&fakeClient{}))
 		cmd.Flags().Set("pretty", "true")
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -85,7 +85,7 @@ func TestTrustInspectCommandRepositoryErrors(t *testing.T) {
 			cli.SetNotaryClient(tc.notaryRepository)
 			cmd := newInspectCommand(cli)
 			cmd.SetArgs(tc.args)
-			cmd.SetOut(ioutil.Discard)
+			cmd.SetOut(io.Discard)
 			assert.ErrorContains(t, cmd.Execute(), tc.err)
 			if tc.golden != "" {
 				golden.Assert(t, cli.OutBuffer().String(), tc.golden)
--- a/cli/command/trust/key_generate.go
+++ b/cli/command/trust/key_generate.go
@ -3,7 +3,6 @@ package trust
 import (
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@ -126,7 +125,7 @@ func writePubKeyPEMToDir(pubPEM pem.Block, keyName, workingDir string) (string,
 	// Output the public key to a file in the CWD or specified dir
 	pubFileName := strings.Join([]string{keyName, "pub"}, ".")
 	pubFilePath := filepath.Join(workingDir, pubFileName)
-	if err := ioutil.WriteFile(pubFilePath, pem.EncodeToMemory(&pubPEM), notary.PrivNoExecPerms); err != nil {
+	if err := os.WriteFile(pubFilePath, pem.EncodeToMemory(&pubPEM), notary.PrivNoExecPerms); err != nil {
 		return "", errors.Wrapf(err, "failed to write public key to %s", pubFilePath)
 	}
 	return pubFilePath, nil
--- a/cli/command/trust/key_generate_test.go
+++ b/cli/command/trust/key_generate_test.go
@ -3,7 +3,7 @@ package trust
 import (
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"path/filepath"
 	"testing"
@ -35,28 +35,20 @@ func TestTrustKeyGenerateErrors(t *testing.T) {
 		},
 	}

-	tmpDir, err := ioutil.TempDir("", "docker-key-generate-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{})
 		cmd := newKeyGenerateCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }

 func TestGenerateKeySuccess(t *testing.T) {
-	pubKeyCWD, err := ioutil.TempDir("", "pub-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(pubKeyCWD)
-
-	privKeyStorageDir, err := ioutil.TempDir("", "priv-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(privKeyStorageDir)
+	pubKeyCWD := t.TempDir()
+	privKeyStorageDir := t.TempDir()

 	passwd := "password"
 	cannedPasswordRetriever := passphrase.ConstantRetriever(passwd)
@ -79,7 +71,7 @@ func TestGenerateKeySuccess(t *testing.T) {
 	_, err = os.Stat(expectedPrivKeyDir)
 	assert.NilError(t, err)

-	keyFiles, err := ioutil.ReadDir(expectedPrivKeyDir)
+	keyFiles, err := os.ReadDir(expectedPrivKeyDir)
 	assert.NilError(t, err)
 	assert.Check(t, is.Len(keyFiles, 1))
 	privKeyFilePath := filepath.Join(expectedPrivKeyDir, keyFiles[0].Name())
@ -87,7 +79,7 @@ func TestGenerateKeySuccess(t *testing.T) {
 	// verify the key content
 	privFrom, _ := os.OpenFile(privKeyFilePath, os.O_RDONLY, notary.PrivExecPerms)
 	defer privFrom.Close()
-	fromBytes, _ := ioutil.ReadAll(privFrom)
+	fromBytes, _ := io.ReadAll(privFrom)
 	privKeyPEM, _ := pem.Decode(fromBytes)
 	assert.Check(t, is.Equal(keyName, privKeyPEM.Headers["role"]))
 	// the default GUN is empty
@ -106,17 +98,15 @@ func TestGenerateKeySuccess(t *testing.T) {
 	_, err = os.Stat(expectedPubKeyPath)
 	assert.NilError(t, err)
 	// check that the public key is the only file output in CWD
-	cwdKeyFiles, err := ioutil.ReadDir(pubKeyCWD)
+	cwdKeyFiles, err := os.ReadDir(pubKeyCWD)
 	assert.NilError(t, err)
 	assert.Check(t, is.Len(cwdKeyFiles, 1))
 }

 func TestValidateKeyArgs(t *testing.T) {
-	pubKeyCWD, err := ioutil.TempDir("", "pub-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(pubKeyCWD)
+	pubKeyCWD := t.TempDir()

-	err = validateKeyArgs("a", pubKeyCWD)
+	err := validateKeyArgs("a", pubKeyCWD)
 	assert.NilError(t, err)

 	err = validateKeyArgs("a/b", pubKeyCWD)
@ -125,7 +115,7 @@ func TestValidateKeyArgs(t *testing.T) {
 	err = validateKeyArgs("-", pubKeyCWD)
 	assert.Error(t, err, "key name \"-\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character")

-	assert.NilError(t, ioutil.WriteFile(filepath.Join(pubKeyCWD, "a.pub"), []byte("abc"), notary.PrivExecPerms))
+	assert.NilError(t, os.WriteFile(filepath.Join(pubKeyCWD, "a.pub"), []byte("abc"), notary.PrivExecPerms))
 	err = validateKeyArgs("a", pubKeyCWD)
 	assert.Error(t, err, fmt.Sprintf("public key file already exists: \"%s\"", filepath.Join(pubKeyCWD, "a.pub")))

--- a/cli/command/trust/key_load.go
+++ b/cli/command/trust/key_load.go
@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"runtime"

@ -86,7 +86,7 @@ func getPrivKeyBytesFromPath(keyPath string) ([]byte, error) {
 	}
 	defer from.Close()

-	return ioutil.ReadAll(from)
+	return io.ReadAll(from)
 }

 func loadPrivKeyBytesToStore(privKeyBytes []byte, privKeyImporters []trustmanager.Importer, keyPath, keyName string, passRet notary.PassRetriever) error {
--- a/cli/command/trust/key_load_test.go
+++ b/cli/command/trust/key_load_test.go
@ -3,7 +3,7 @@ package trust
 import (
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"path/filepath"
 	"runtime"
@ -56,16 +56,13 @@ func TestTrustKeyLoadErrors(t *testing.T) {
 			expectedOutput: "",
 		},
 	}
-	tmpDir, err := ioutil.TempDir("", "docker-key-load-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{})
 		cmd := newKeyLoadCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 		assert.Check(t, is.Contains(cli.OutBuffer().String(), tc.expectedOutput))
 	}
@ -125,17 +122,12 @@ func TestLoadKeyFromPath(t *testing.T) {
 }

 func testLoadKeyFromPath(t *testing.T, privKeyID string, privKeyFixture []byte) {
-	privKeyDir, err := ioutil.TempDir("", "key-load-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(privKeyDir)
-	privKeyFilepath := filepath.Join(privKeyDir, "privkey.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, notary.PrivNoExecPerms))
+	privKeyFilepath := filepath.Join(t.TempDir(), "privkey.pem")
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, notary.PrivNoExecPerms))

-	keyStorageDir, err := ioutil.TempDir("", "loaded-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(keyStorageDir)
+	keyStorageDir := t.TempDir()

-	passwd := "password"
+	const passwd = "password"
 	cannedPasswordRetriever := passphrase.ConstantRetriever(passwd)
 	keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension)
 	assert.NilError(t, err)
@ -156,7 +148,7 @@ func testLoadKeyFromPath(t *testing.T, privKeyID string, privKeyFixture []byte)
 	// verify the key content
 	from, _ := os.OpenFile(expectedImportKeyPath, os.O_RDONLY, notary.PrivExecPerms)
 	defer from.Close()
-	fromBytes, _ := ioutil.ReadAll(from)
+	fromBytes, _ := io.ReadAll(from)
 	keyPEM, _ := pem.Decode(fromBytes)
 	assert.Check(t, is.Equal("signer-name", keyPEM.Headers["role"]))
 	// the default GUN is empty
@ -181,43 +173,37 @@ func TestLoadKeyTooPermissive(t *testing.T) {
 }

 func testLoadKeyTooPermissive(t *testing.T, privKeyFixture []byte) {
-	privKeyDir, err := ioutil.TempDir("", "key-load-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(privKeyDir)
+	privKeyDir := t.TempDir()
 	privKeyFilepath := filepath.Join(privKeyDir, "privkey477.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, 0477))
-
-	keyStorageDir, err := ioutil.TempDir("", "loaded-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(keyStorageDir)
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, 0477))

 	// import the key to our keyStorageDir
-	_, err = getPrivKeyBytesFromPath(privKeyFilepath)
+	_, err := getPrivKeyBytesFromPath(privKeyFilepath)
 	expected := fmt.Sprintf("private key file %s must not be readable or writable by others", privKeyFilepath)
 	assert.Error(t, err, expected)

 	privKeyFilepath = filepath.Join(privKeyDir, "privkey667.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, 0677))
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, 0677))

 	_, err = getPrivKeyBytesFromPath(privKeyFilepath)
 	expected = fmt.Sprintf("private key file %s must not be readable or writable by others", privKeyFilepath)
 	assert.Error(t, err, expected)

 	privKeyFilepath = filepath.Join(privKeyDir, "privkey777.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, 0777))
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, 0777))

 	_, err = getPrivKeyBytesFromPath(privKeyFilepath)
 	expected = fmt.Sprintf("private key file %s must not be readable or writable by others", privKeyFilepath)
 	assert.Error(t, err, expected)

 	privKeyFilepath = filepath.Join(privKeyDir, "privkey400.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, 0400))
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, 0400))

 	_, err = getPrivKeyBytesFromPath(privKeyFilepath)
 	assert.NilError(t, err)

 	privKeyFilepath = filepath.Join(privKeyDir, "privkey600.pem")
-	assert.NilError(t, ioutil.WriteFile(privKeyFilepath, privKeyFixture, 0600))
+	assert.NilError(t, os.WriteFile(privKeyFilepath, privKeyFixture, 0600))

 	_, err = getPrivKeyBytesFromPath(privKeyFilepath)
 	assert.NilError(t, err)
@ -230,16 +216,12 @@ H3nzy2O6Q/ct4BjOBKa+WCdRtPo78bA+C/7t81ADQO8Jqaj59W50rwoqDQ==

 func TestLoadPubKeyFailure(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows")
-	pubKeyDir, err := ioutil.TempDir("", "key-load-test-pubkey-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(pubKeyDir)
+	pubKeyDir := t.TempDir()
 	pubKeyFilepath := filepath.Join(pubKeyDir, "pubkey.pem")
-	assert.NilError(t, ioutil.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))
-	keyStorageDir, err := ioutil.TempDir("", "loaded-keys-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(keyStorageDir)
+	assert.NilError(t, os.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))
+	keyStorageDir := t.TempDir()

-	passwd := "password"
+	const passwd = "password"
 	cannedPasswordRetriever := passphrase.ConstantRetriever(passwd)
 	keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension)
 	assert.NilError(t, err)
--- a/cli/command/trust/revoke_test.go
+++ b/cli/command/trust/revoke_test.go
@ -1,8 +1,7 @@
 package trust

 import (
-	"io/ioutil"
-	"os"
+	"io"
 	"testing"

 	"github.com/docker/cli/cli/trust"
@ -50,7 +49,7 @@ func TestTrustRevokeCommandErrors(t *testing.T) {
 		cmd := newRevokeCommand(
 			test.NewFakeCli(&fakeClient{}))
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -131,7 +130,7 @@ func TestTrustRevokeCommand(t *testing.T) {
 			cli.SetNotaryClient(tc.notaryRepository)
 			cmd := newRevokeCommand(cli)
 			cmd.SetArgs(tc.args)
-			cmd.SetOut(ioutil.Discard)
+			cmd.SetOut(io.Discard)
 			if tc.expectedErr != "" {
 				assert.ErrorContains(t, cmd.Execute(), tc.expectedErr)
 				return
@ -144,11 +143,7 @@ func TestTrustRevokeCommand(t *testing.T) {
 }

 func TestGetSignableRolesForTargetAndRemoveError(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever("password"), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever("password"), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)
 	target := client.Target{}
 	err = getSignableRolesForTargetAndRemove(target, notaryRepo)
--- a/cli/command/trust/sign_test.go
+++ b/cli/command/trust/sign_test.go
@ -3,8 +3,7 @@ package trust
 import (
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
-	"os"
+	"io"
 	"runtime"
 	"testing"

@ -62,15 +61,12 @@ func TestTrustSignCommandErrors(t *testing.T) {
 		},
 	}
 	// change to a tmpdir
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())
 	for _, tc := range testCases {
 		cmd := newSignCommand(
 			test.NewFakeCli(&fakeClient{}))
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }
@ -80,16 +76,12 @@ func TestTrustSignCommandOfflineErrors(t *testing.T) {
 	cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
 	cmd := newSignCommand(cli)
 	cmd.SetArgs([]string{"reg-name.io/image:tag"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "client is offline")
 }

 func TestGetOrGenerateNotaryKey(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)

 	// repo is empty, try making a root key
@ -131,11 +123,8 @@ func TestGetOrGenerateNotaryKey(t *testing.T) {

 func TestAddStageSigners(t *testing.T) {
 	skip.If(t, runtime.GOOS == "windows", "FIXME: not supported currently")
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)

-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)

 	// stage targets/user
@ -216,11 +205,7 @@ func TestAddStageSigners(t *testing.T) {
 }

 func TestGetSignedManifestHashAndSize(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)
 	target := &client.Target{}
 	target.Hashes, target.Length, err = getSignedManifestHashAndSize(notaryRepo, "test")
@ -244,11 +229,7 @@ func TestGetReleasedTargetHashAndSize(t *testing.T) {
 }

 func TestCreateTarget(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)
 	_, err = createTarget(notaryRepo, "")
 	assert.Error(t, err, "No tag specified")
@ -257,11 +238,7 @@ func TestCreateTarget(t *testing.T) {
 }

 func TestGetExistingSignatureInfoForReleasedTag(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "notary-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-
-	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
+	notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
 	assert.NilError(t, err)
 	_, err = getExistingSignatureInfoForReleasedTag(notaryRepo, "test")
 	assert.Error(t, err, "client is offline")
@ -277,18 +254,16 @@ func TestPrettyPrintExistingSignatureInfo(t *testing.T) {
 }

 func TestSignCommandChangeListIsCleanedOnError(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
+	tmpDir := t.TempDir()

 	config.SetDir(tmpDir)
 	cli := test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
 	cmd := newSignCommand(cli)
 	cmd.SetArgs([]string{"ubuntu:latest"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)

-	err = cmd.Execute()
+	err := cmd.Execute()
 	assert.Assert(t, err != nil)

 	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "docker.io/library/ubuntu", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
@ -303,7 +278,7 @@ func TestSignCommandLocalFlag(t *testing.T) {
 	cli.SetNotaryClient(notaryfake.GetEmptyTargetsNotaryRepository)
 	cmd := newSignCommand(cli)
 	cmd.SetArgs([]string{"--local", "reg-name.io/image:red"})
-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.ErrorContains(t, cmd.Execute(), "error contacting notary server: dial tcp: lookup reg-name.io")

 }
--- a/cli/command/trust/signer_add.go
+++ b/cli/command/trust/signer_add.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"regexp"
@ -125,7 +124,7 @@ func ingestPublicKeys(pubKeyPaths []string) ([]data.PublicKey, error) {
 		defer pubKeyFile.Close()
 		// limit to
 		l := io.LimitReader(pubKeyFile, 1<<20)
-		pubKeyBytes, err := ioutil.ReadAll(l)
+		pubKeyBytes, err := io.ReadAll(l)
 		if err != nil {
 			return nil, errors.Wrap(err, "unable to read public key from file")
 		}
--- a/cli/command/trust/signer_add_test.go
+++ b/cli/command/trust/signer_add_test.go
@ -2,7 +2,7 @@ package trust

 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"path/filepath"
 	"runtime"
@ -52,29 +52,24 @@ func TestTrustSignerAddErrors(t *testing.T) {
 			expectedError: "signer name \"_alice\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character",
 		},
 	}
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{})
 		cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
 		cmd := newSignerAddCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 }

 func TestSignerAddCommandNoTargetsKey(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

-	tmpfile, err := ioutil.TempFile("", "pemfile")
+	tmpfile, err := os.CreateTemp("", "pemfile")
 	assert.NilError(t, err)
+	tmpfile.Close()
 	defer os.Remove(tmpfile.Name())

 	cli := test.NewFakeCli(&fakeClient{})
@ -82,22 +77,19 @@ func TestSignerAddCommandNoTargetsKey(t *testing.T) {
 	cmd := newSignerAddCommand(cli)
 	cmd.SetArgs([]string{"--key", tmpfile.Name(), "alice", "alpine", "linuxkit/alpine"})

-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.Error(t, cmd.Execute(), fmt.Sprintf("could not parse public key from file: %s: no valid public key found", tmpfile.Name()))
 }

 func TestSignerAddCommandBadKeyPath(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

 	cli := test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(notaryfake.GetEmptyTargetsNotaryRepository)
 	cmd := newSignerAddCommand(cli)
 	cmd.SetArgs([]string{"--key", "/path/to/key.pem", "alice", "alpine"})

-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	expectedError := "unable to read public key from file: open /path/to/key.pem: no such file or directory"
 	if runtime.GOOS == "windows" {
 		expectedError = "unable to read public key from file: open /path/to/key.pem: The system cannot find the path specified."
@ -106,16 +98,11 @@ func TestSignerAddCommandBadKeyPath(t *testing.T) {
 }

 func TestSignerAddCommandInvalidRepoName(t *testing.T) {
-	tmpDir, err := ioutil.TempDir("", "docker-sign-test-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(tmpDir)
-	config.SetDir(tmpDir)
+	config.SetDir(t.TempDir())

-	pubKeyDir, err := ioutil.TempDir("", "key-load-test-pubkey-")
-	assert.NilError(t, err)
-	defer os.RemoveAll(pubKeyDir)
+	pubKeyDir := t.TempDir()
 	pubKeyFilepath := filepath.Join(pubKeyDir, "pubkey.pem")
-	assert.NilError(t, ioutil.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))
+	assert.NilError(t, os.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))

 	cli := test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(notaryfake.GetUninitializedNotaryRepository)
@ -123,7 +110,7 @@ func TestSignerAddCommandInvalidRepoName(t *testing.T) {
 	imageName := "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"
 	cmd.SetArgs([]string{"--key", pubKeyFilepath, "alice", imageName})

-	cmd.SetOut(ioutil.Discard)
+	cmd.SetOut(io.Discard)
 	assert.Error(t, cmd.Execute(), "Failed to add signer to: 870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd")
 	expectedErr := fmt.Sprintf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings\n\n", imageName)

@ -139,8 +126,9 @@ func TestIngestPublicKeys(t *testing.T) {
 	}
 	assert.Error(t, err, expectedError)
 	// Call with real file path
-	tmpfile, err := ioutil.TempFile("", "pemfile")
+	tmpfile, err := os.CreateTemp("", "pemfile")
 	assert.NilError(t, err)
+	tmpfile.Close()
 	defer os.Remove(tmpfile.Name())
 	_, err = ingestPublicKeys([]string{tmpfile.Name()})
 	assert.Error(t, err, fmt.Sprintf("could not parse public key from file: %s: no valid public key found", tmpfile.Name()))
--- a/cli/command/trust/signer_remove_test.go
+++ b/cli/command/trust/signer_remove_test.go
@ -1,7 +1,7 @@
 package trust

 import (
-	"io/ioutil"
+	"io"
 	"testing"

 	"github.com/docker/cli/internal/test"
@ -32,7 +32,7 @@ func TestTrustSignerRemoveErrors(t *testing.T) {
 		cmd := newSignerRemoveCommand(
 			test.NewFakeCli(&fakeClient{}))
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
 	}
 	testCasesWithOutput := []struct {
@ -61,7 +61,7 @@ func TestTrustSignerRemoveErrors(t *testing.T) {
 		cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
 		cmd := newSignerRemoveCommand(cli)
 		cmd.SetArgs(tc.args)
-		cmd.SetOut(ioutil.Discard)
+		cmd.SetOut(io.Discard)
 		cmd.Execute()
 		assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
 	}