(CommandList children: [ (C {(set)} {(-o)} {(errexit)}) (C {(set)} {(-o)} {(nounset)}) (C {(set)} {(-o)} {(pipefail)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:DEBUG) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name DEBUG> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(false)}) spids: [65 69] ) ) } spids: [63] ) ] spids: [63] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ (${ VSub_Name DEBUG))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (true))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [(C {(set)} {(-x)})] spids: [-1 93] ) ] spids: [-1 100] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_ip) op: Equal rhs: {($ VSub_Number "$1")} spids: [103] ) ] spids: [103] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:extra_sans) op: Equal rhs: { (BracedVarSub token: <VSub_Number 2> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{}) spids: [107 110] ) } spids: [106] ) ] spids: [106] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_dir) op: Equal rhs: { (BracedVarSub token: <VSub_Name CERT_DIR> suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: {(Lit_Slash /) (srv) (Lit_Slash /) (kubernetes)} ) spids: [113 120] ) } spids: [112] ) ] spids: [112] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_group) op: Equal rhs: { (BracedVarSub token: <VSub_Name CERT_GROUP> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(kube-cert)}) spids: [123 127] ) } spids: [122] ) ] spids: [122] ) (C {(mkdir)} {(-p)} {(DQ ($ VSub_Name "$cert_dir"))}) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:use_cn) op:Equal rhs:{(false)} spids:[139])] spids: [139] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$cert_ip"))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (_use_gce_external_ip_))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_ip) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(curl)} {(-s)} {(-H)} {(Metadata-Flavor) (Lit_Other ":") (Google)} {(http) (Lit_Other ":") ( //metadata.google.internal./computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip ) } ) ] ) left_token: <Left_CommandSub "$("> spids: [168 182] ) } spids: [167] ) ] spids: [167] ) ] spids: [-1 164] ) ] spids: [-1 184] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$cert_ip"))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (_use_aws_external_ip_))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (If arms: [ (if_arm cond: [ (Sentence child: (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_ip) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(curl)} {(-f)} {(-s)} {(http) (Lit_Other ":") (//169.254.169.254/latest/meta-data/public-ipv4) } ) ] ) left_token: <Left_CommandSub "$("> spids: [231 241] ) } spids: [230] ) ] spids: [230] ) terminator: <Op_Semi ";"> ) ] action: [(C {(Lit_Other ":")})] spids: [-1 244] ) ] else_action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_ip) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(curl)} {(-f)} {(-s)} {(http) (Lit_Other ":") (//169.254.169.254/latest/meta-data/local-ipv4) } ) ] ) left_token: <Left_CommandSub "$("> spids: [254 264] ) } spids: [253] ) ] spids: [253] ) ] spids: [250 267] ) ] spids: [-1 205] ) ] spids: [-1 269] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$cert_ip"))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (_use_azure_dns_name_))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_ip) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(uname)} {(-n)}) (C {(awk)} {(-F.)} {(SQ <"{ print $2 }">)}) ] negated: False ) ] ) left_token: <Left_CommandSub "$("> spids: [294 308] ) (.cloudapp.net) } spids: [293] ) ] spids: [293] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:use_cn) op:Equal rhs:{(true)} spids:[312])] spids: [312] ) ] spids: [-1 290] ) ] spids: [-1 315] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sans) op: Equal rhs: {(DQ ("IP:") (${ VSub_Name cert_ip))} spids: [318] ) ] spids: [318] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr:(BoolUnary op_id:BoolUnary_n child:{(DQ (${ VSub_Name extra_sans))})) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sans) op: Equal rhs: {(DQ (${ VSub_Name sans) (",") (${ VSub_Name extra_sans))} spids: [344] ) ] spids: [344] ) ] spids: [-1 341] ) ] spids: [-1 355] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:tmpdir) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(mktemp)} {(-d)} {(-t)} {(kubernetes_cacert.XXXXXX)})] ) left_token: <Left_CommandSub "$("> spids: [359 367] ) } spids: [358] ) ] spids: [358] ) (C {(trap)} {(SQ <"rm -rf \"${tmpdir}\"">)} {(EXIT)}) (C {(cd)} {(DQ (${ VSub_Name tmpdir))}) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(-f)} {(TildeSubPart prefix:"") (/kube/easy-rsa.tar.gz)} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [(C {(ln)} {(-s)} {(TildeSubPart prefix:"") (/kube/easy-rsa.tar.gz)} {(.)})] spids: [-1 443] ) ] else_action: [ (SimpleCommand words: [ {(curl)} {(-L)} {(-O)} {(https) (Lit_Other ":") (//storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz) } ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[468]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[472]) ] ) ] spids: [455 475] ) (SimpleCommand words: [{(tar)} {(xzf)} {(easy-rsa.tar.gz)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[483]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[487]) ] ) (C {(cd)} {(easy-rsa-master/easyrsa3)}) (SimpleCommand words: [{(./easyrsa)} {(init-pki)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[499]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[503]) ] ) (SimpleCommand words: [ {(./easyrsa)} {(--batch)} { (DQ ("--req-cn=") ($ VSub_Name "$cert_ip") ("@") (CommandSubPart command_list: (CommandList children: [(C {(date)} {(Lit_Other "+") (Lit_Other "%") (s)})] ) left_token: <Left_Backtick "`"> spids: [514 520] ) ) } {(build-ca)} {(nopass)} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[527]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[531]) ] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {($ VSub_Name "$use_cn")} {(Lit_Other "=")} {(DQ (true))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (SimpleCommand words: [{(./easyrsa)} {(build-server-full)} {($ VSub_Name "$cert_ip")} {(nopass)}] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[560]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[564]) ] ) (SimpleCommand words: [ {(cp)} {(-p)} {(pki/issued/) ($ VSub_Name "$cert_ip") (.crt)} {(DQ (${ VSub_Name cert_dir) (/server.cert))} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[583]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[587]) ] ) (SimpleCommand words: [ {(cp)} {(-p)} {(pki/private/) ($ VSub_Name "$cert_ip") (.key)} {(DQ (${ VSub_Name cert_dir) (/server.key))} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[606]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[610]) ] ) ] spids: [-1 549] ) ] else_action: [ (SimpleCommand words: [ {(./easyrsa)} {(--subject-alt-name) (Lit_Other "=") (DQ (${ VSub_Name sans))} {(build-server-full)} {(kubernetes-master)} {(nopass)} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[632]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[636]) ] ) (SimpleCommand words: [ {(cp)} {(-p)} {(pki/issued/kubernetes-master.crt)} {(DQ (${ VSub_Name cert_dir) (/server.cert))} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[653]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[657]) ] ) (SimpleCommand words: [ {(cp)} {(-p)} {(pki/private/kubernetes-master.key)} {(DQ (${ VSub_Name cert_dir) (/server.key))} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[674]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[678]) ] ) ] spids: [613 681] ) (SimpleCommand words: [ {(./easyrsa)} {(--dn-mode) (Lit_Other "=") (org)} {(--req-cn) (Lit_Other "=") (kubecfg)} {(--req-org) (Lit_Other "=") (system) (Lit_Other ":") (masters)} {(--req-c) (Lit_Other "=")} {(--req-st) (Lit_Other "=")} {(--req-city) (Lit_Other "=")} {(--req-email) (Lit_Other "=")} {(--req-ou) (Lit_Other "=")} {(build-client-full)} {(kubecfg)} {(nopass)} ] redirects: [ (Redir op_id:Redir_Great fd:-1 arg_word:{(/dev/null)} spids:[729]) (Redir op_id:Redir_GreatAnd fd:2 arg_word:{(1)} spids:[733]) ] ) (C {(cp)} {(-p)} {(pki/ca.crt)} {(DQ (${ VSub_Name cert_dir) (/ca.crt))}) (C {(cp)} {(-p)} {(pki/issued/kubecfg.crt)} {(DQ (${ VSub_Name cert_dir) (/kubecfg.crt))}) (C {(cp)} {(-p)} {(pki/private/kubecfg.key)} {(DQ (${ VSub_Name cert_dir) (/kubecfg.key))}) (C {(chgrp)} {($ VSub_Name "$cert_group")} {(DQ (${ VSub_Name cert_dir) (/server.key))} {(DQ (${ VSub_Name cert_dir) (/server.cert))} {(DQ (${ VSub_Name cert_dir) (/ca.crt))} ) (C {(chmod)} {(660)} {(DQ (${ VSub_Name cert_dir) (/server.key))} {(DQ (${ VSub_Name cert_dir) (/server.cert))} {(DQ (${ VSub_Name cert_dir) (/ca.crt))} ) ] )