Update main to go 1.19.2 (#17437)

* Update go version to 1.19.2

This commit updates the default version of go to 1.19.2. This update
includes minor security fixes for archive/tar, net/http/httputil, and
regexp packages.

For more information on the release, see: https://go.dev/doc/devel/release#go1.19.2

* Update Docker versions in CI to 20.10.17

After updating Vault to go version 1.19.2, there were several SIGABRTs
in the vault tests. These were related to a missing `pthread_create`
syscall in Docker. Since CI was using a much older version of Docker,
the fix was to bump it to latest-1 (20.10.17).

While we're at it, add a note in the developer docs encouraging the use
of the latest Docker version.

.circleci/config.yml

@@ -120,12 +120,12 @@ jobs:
     environment:
     - CIRCLECI_CLI_VERSION: 0.1.5546
     - GO_TAGS: ''
-    - GO_VERSION: 1.19.1
+    - GO_VERSION: 1.19.2
     - GOFUMPT_VERSION: 0.3.1
     - GOTESTSUM_VERSION: 0.5.2
   test-go-remote-docker:
     docker:
-    - image: docker.mirror.hashicorp.services/cimg/go:1.19.1
+    - image: docker.mirror.hashicorp.services/cimg/go:1.19.2
     resource_class: medium
     working_directory: /home/circleci/go/src/github.com/hashicorp/vault
     parallelism: 8
@@ -144,7 +144,7 @@ jobs:
     - checkout
     - setup_remote_docker:
         docker_layer_caching: true
-        version: 18.09.3
+        version: 20.10.17
     - add_ssh_keys:
         fingerprints:
         - b8:e2:38:f8:5b:1b:82:f3:1f:23:fa:46:6e:95:e7:e9
@@ -260,7 +260,7 @@ jobs:
               -e NO_PROXY \
               -e VAULT_TEST_LOG_DIR=/tmp/testlogs \
               --network ${TEST_DOCKER_NETWORK_NAME} \
-              docker.mirror.hashicorp.services/cimg/go:1.19.1 \
+              docker.mirror.hashicorp.services/cimg/go:1.19.2 \
               tail -f /dev/null)"
             mkdir workspace
             echo ${CONTAINER_ID} > workspace/container_id
@@ -364,12 +364,12 @@ jobs:
     environment:
     - CIRCLECI_CLI_VERSION: 0.1.5546
     - GO_TAGS: ''
-    - GO_VERSION: 1.19.1
+    - GO_VERSION: 1.19.2
     - GOFUMPT_VERSION: 0.3.1
     - GOTESTSUM_VERSION: 0.5.2
   test-go-race:
     docker:
-    - image: docker.mirror.hashicorp.services/cimg/go:1.19.1
+    - image: docker.mirror.hashicorp.services/cimg/go:1.19.2
     resource_class: xlarge
     working_directory: /home/circleci/go/src/github.com/hashicorp/vault
     parallelism: 8
@@ -500,7 +500,7 @@ jobs:
               -e NO_PROXY \
               -e VAULT_TEST_LOG_DIR=/tmp/testlogs \
               --network ${TEST_DOCKER_NETWORK_NAME} \
-              docker.mirror.hashicorp.services/cimg/go:1.19.1 \
+              docker.mirror.hashicorp.services/cimg/go:1.19.2 \
               tail -f /dev/null)"
             mkdir workspace
             echo ${CONTAINER_ID} > workspace/container_id
@@ -560,7 +560,7 @@ jobs:
     - GO_TAGS: ''
   test-go:
     docker:
-    - image: docker.mirror.hashicorp.services/cimg/go:1.19.1
+    - image: docker.mirror.hashicorp.services/cimg/go:1.19.2
     resource_class: large
     working_directory: /home/circleci/go/src/github.com/hashicorp/vault
     parallelism: 8
@@ -691,7 +691,7 @@ jobs:
               -e NO_PROXY \
               -e VAULT_TEST_LOG_DIR=/tmp/testlogs \
               --network ${TEST_DOCKER_NETWORK_NAME} \
-              docker.mirror.hashicorp.services/cimg/go:1.19.1 \
+              docker.mirror.hashicorp.services/cimg/go:1.19.2 \
               tail -f /dev/null)"
             mkdir workspace
             echo ${CONTAINER_ID} > workspace/container_id
@@ -852,12 +852,12 @@ jobs:
     environment:
     - CIRCLECI_CLI_VERSION: 0.1.5546
     - GO_TAGS: ''
-    - GO_VERSION: 1.19.1
+    - GO_VERSION: 1.19.2
     - GOFUMPT_VERSION: 0.3.1
     - GOTESTSUM_VERSION: 0.5.2
   test-go-race-remote-docker:
     docker:
-    - image: docker.mirror.hashicorp.services/cimg/go:1.19.1
+    - image: docker.mirror.hashicorp.services/cimg/go:1.19.2
     resource_class: medium
     working_directory: /home/circleci/go/src/github.com/hashicorp/vault
     parallelism: 8
@@ -876,7 +876,7 @@ jobs:
     - checkout
     - setup_remote_docker:
         docker_layer_caching: true
-        version: 18.09.3
+        version: 20.10.17
     - add_ssh_keys:
         fingerprints:
         - b8:e2:38:f8:5b:1b:82:f3:1f:23:fa:46:6e:95:e7:e9
@@ -992,7 +992,7 @@ jobs:
               -e NO_PROXY \
               -e VAULT_TEST_LOG_DIR=/tmp/testlogs \
               --network ${TEST_DOCKER_NETWORK_NAME} \
-              docker.mirror.hashicorp.services/cimg/go:1.19.1 \
+              docker.mirror.hashicorp.services/cimg/go:1.19.2 \
               tail -f /dev/null)"
             mkdir workspace
             echo ${CONTAINER_ID} > workspace/container_id

.circleci/config/commands/go_test.yml

@@ -14,7 +14,7 @@ parameters:
     default: false
   go_image:
     type: string
-    default: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    default: "docker.mirror.hashicorp.services/cimg/go:1.19.2"
   use_docker:
     type: boolean
     default: false

.circleci/config/executors/@executors.yml

@@ -4,7 +4,7 @@ go-machine:
   shell: /usr/bin/env bash -euo pipefail -c
   environment:
     CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
-    GO_VERSION: 1.19.1 # Pin Go to patch version (ex: 1.2.3)
+    GO_VERSION: 1.19.2 # Pin Go to patch version (ex: 1.2.3)
     GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3)
     GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3)
     GO_TAGS: ""
@@ -30,7 +30,7 @@ semgrep:
 docker-env-go-test-remote-docker:
   resource_class: medium
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2"
   environment:
     CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""
@@ -38,7 +38,7 @@ docker-env-go-test-remote-docker:
 docker-env-go-test:
   resource_class: large
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2"
   environment:
     CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""
@@ -46,7 +46,7 @@ docker-env-go-test:
 docker-env-go-test-race:
   resource_class: xlarge
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.2"
   environment:
     CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""

.circleci/config/jobs/test-go-race-remote-docker.yml

@@ -4,7 +4,7 @@ steps:
   - exit-if-ui-or-docs-branch
   - checkout
   - setup_remote_docker:
-      version: 18.09.3
+      version: 20.10.17
       docker_layer_caching: true
   - go_test:
       extra_flags: "-race"

.circleci/config/jobs/test-go-remote-docker.yml

@@ -4,7 +4,7 @@ steps:
   - exit-if-ui-or-docs-branch
   - checkout
   - setup_remote_docker:
-      version: 18.09.3
+      version: 20.10.17
       docker_layer_caching: true
   - go_test:
       log_dir: "/tmp/testlogs"

Makefile

@@ -15,7 +15,7 @@ GOFMT_FILES?=$$(find . -name '*.go' | grep -v pb.go | grep -v vendor)
 SED?=$(shell command -v gsed || command -v sed)
 
 
-GO_VERSION_MIN=1.19.1
+GO_VERSION_MIN=1.19.2
 PROTOC_VERSION_MIN=3.21.5
 GO_CMD?=go
 CGO_ENABLED?=0

README.md

@@ -71,7 +71,7 @@ Developing Vault
 
 If you wish to work on Vault itself or any of its built-in systems, you'll
 first need [Go](https://www.golang.org) installed on your machine. Go version
-1.19.1+ is *required*.
+1.19.2+ is *required*.
 
 For local dev first make sure Go is properly installed, including setting up a
 [GOPATH](https://golang.org/doc/code.html#GOPATH). Ensure that `$GOPATH/bin` is in

changelog/_go-ver-1120.txt

@@ -1,3 +1,3 @@
 ```release-note:change
-core: Bump Go version to 1.19.1.
+core: Bump Go version to 1.19.2.
 ```

changelog/_go-ver-1130.txt

@@ -0,0 +1,3 @@
+```release-note:change
+core: Bump Go version to 1.19.2.
+```

scripts/docker/Dockerfile

@@ -1,6 +1,6 @@
 # Multi-stage builder to avoid polluting users environment with wrong
 # architecture binaries.
-ARG VERSION=1.19.1
+ARG VERSION=1.19.2
 
 FROM golang:${VERSION} AS builder
 

scripts/docker/Dockerfile.ui

@@ -2,7 +2,7 @@
 # architecture binaries. This file only currently works for linux/amd64.
 FROM debian:buster AS builder
 
-ARG VERSION=1.19.1
+ARG VERSION=1.19.2
 ARG CGO_ENABLED=0
 ARG BUILD_TAGS
 ENV JOBS=2

website/README.md

@@ -46,7 +46,7 @@ The website can be run locally through node.js or [Docker](https://www.docker.co
 
 ### With Docker
 
-Running the site locally is simple. Provided you have Docker installed, clone this repo, run `make`, and then visit `http://localhost:3000`.
+Running the site locally is simple. Provided you have the [latest version](https://docs.docker.com/engine/release-notes/) of Docker installed, clone this repo, run `make`, and then visit `http://localhost:3000`.
 
 The docker image is pre-built with all the website dependencies installed, which is what makes it so quick and simple, but also means if you need to change dependencies and test the changes within Docker, you'll need a new image. If this is something you need to do, you can run `make build-image` to generate a local Docker image with updated dependencies, then `make website-local` to use that image and preview.
 

website/content/docs/get-started/developer-qs.mdx

@@ -23,6 +23,8 @@ For an out-of-the-box runnable demo application showcasing these concepts and mo
 - [Docker](https://docs.docker.com/get-docker/) or a [local installation](https://learn.hashicorp.com/tutorials/vault/getting-started-install?in=vault/getting-started) of the Vault binary
 - A development environment applicable to one of the languages in this quick start (currently **Go**, **Ruby**, **C#**, **Python**, **Java (Spring)**, and **Bash (curl)**)
 
+-> **Note**: Make sure you are using the [latest version](https://docs.docker.com/engine/release-notes/) of Docker. Older versions may not work. As of 1.12.0, the recommended version of Docker is 20.10.17 or higher.
+
 ## Step 1: Start Vault
 
 !> **Warning**: This in-memory “dev” server is useful for practicing with Vault locally for the first time, but is insecure and **should never be used in production**. For developers who need to manage their own production Vault installations, this [page](https://learn.hashicorp.com/tutorials/vault/production-hardening) provides some guidance on how to make your setup more production-friendly.