(CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_dir) op: Equal rhs: { (BracedVarSub token: <VSub_Name CERT_DIR> suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: {(Lit_Slash /) (srv) (Lit_Slash /) (kubernetes)} ) spids: [45 52] ) } spids: [44] ) ] spids: [44] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:cert_group) op: Equal rhs: { (BracedVarSub token: <VSub_Name CERT_GROUP> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(kube-cert)}) spids: [55 59] ) } spids: [54] ) ] spids: [54] ) (C {(mkdir)} {(-p)} {(DQ ($ VSub_Name "$cert_dir"))}) (C {(openssl)} {(req)} {(-new)} {(-newkey)} {(rsa) (Lit_Other ":") (4096)} {(-days)} {(365)} {(-nodes)} {(-x509)} {(-subj)} {(DQ ("/CN=kubernetes.invalid/O=Kubernetes"))} {(-keyout)} {(DQ (${ VSub_Name cert_dir) (/server.key))} {(-out)} {(DQ (${ VSub_Name cert_dir) (/server.cert))} ) (C {(chgrp)} {($ VSub_Name "$cert_group")} {(DQ (${ VSub_Name cert_dir) (/server.key))} {(DQ (${ VSub_Name cert_dir) (/server.cert))} ) (C {(chmod)} {(660)} {(DQ (${ VSub_Name cert_dir) (/server.key))} {(DQ (${ VSub_Name cert_dir) (/server.cert))} ) ] )