(List (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS errexit]} ) (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS nounset]} ) (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS pipefail]} ) (= scope= flags=0 words=[] bindings=[('DEBUG', {[DQ [VarSub DEBUG test_op=VS_TEST_COLON_HYPHEN {[LIT_CHARS false]}]]})]) (If (Com {[LIT_DBRACKET_LIKE "["]} {[DQ [VarSub DEBUG]]} {[LIT_DBRACKET_LIKE "=="]} {[DQ [LIT_CHARS true]]} {[LIT_DBRACKET_LIKE "]"]} ) (Com {[LIT_CHARS set]} {[LIT_CHARS -x]} ) ) (= scope= flags=0 words=[] bindings=[('cert_ip', {[VarSub 1]})]) (= scope= flags=0 words=[] bindings=[('extra_sans', {[VarSub 2 test_op=VS_TEST_COLON_HYPHEN {}]})]) (= scope= flags=0 words=[] bindings=[('cert_dir', {[VarSub CERT_DIR test_op=VS_TEST_COLON_HYPHEN {[LIT_SLASH /] [LIT_CHARS srv] [LIT_SLASH /] [LIT_CHARS kubernetes]}]})]) (= scope= flags=0 words=[] bindings=[('cert_group', {[VarSub CERT_GROUP test_op=VS_TEST_COLON_HYPHEN {[LIT_CHARS kube-cert]}]})]) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub cert_dir]]} ) (= scope= flags=0 words=[] bindings=[('use_cn', {[LIT_CHARS false]})]) (If (Com {[LIT_DBRACKET_LIKE "["]} {[DQ [VarSub cert_ip]]} {[LIT_DBRACKET_LIKE "=="]} {[DQ [LIT_CHARS _use_gce_external_ip_]]} {[LIT_DBRACKET_LIKE "]"]} ) (= scope= flags=0 words=[] bindings=[('cert_ip', {[ComSub (Com {[LIT_CHARS curl]} {[LIT_CHARS -s]} {[LIT_CHARS -H]} {[LIT_CHARS Metadata-Flavor] [LIT_OTHER ":"] [LIT_CHARS Google]} {[LIT_CHARS http] [LIT_OTHER ":"] [LIT_CHARS //metadata.google.internal./computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip]})]})]) ) (If (Com {[LIT_DBRACKET_LIKE "["]} {[DQ [VarSub cert_ip]]} {[LIT_DBRACKET_LIKE "=="]} {[DQ [LIT_CHARS _use_aws_external_ip_]]} {[LIT_DBRACKET_LIKE "]"]} ) (If (= scope= flags=0 words=[] bindings=[('cert_ip', {[ComSub (Com {[LIT_CHARS curl]} {[LIT_CHARS -f]} {[LIT_CHARS -s]} {[LIT_CHARS http] [LIT_OTHER ":"] [LIT_CHARS //169.254.169.254/latest/meta-data/public-ipv4]})]})]) (Com {[LIT_OTHER ":"]} ) (ElseTrue) (= scope= flags=0 words=[] bindings=[('cert_ip', {[ComSub (Com {[LIT_CHARS curl]} {[LIT_CHARS -f]} {[LIT_CHARS -s]} {[LIT_CHARS http] [LIT_OTHER ":"] [LIT_CHARS //169.254.169.254/latest/meta-data/local-ipv4]})]})]) ) ) (If (Com {[LIT_DBRACKET_LIKE "["]} {[DQ [VarSub cert_ip]]} {[LIT_DBRACKET_LIKE "=="]} {[DQ [LIT_CHARS _use_azure_dns_name_]]} {[LIT_DBRACKET_LIKE "]"]} ) (List (= scope= flags=0 words=[] bindings=[('cert_ip', {[ComSub (Pipeline (Com {[LIT_CHARS uname]} {[LIT_CHARS -n]}) (Com {[LIT_CHARS awk]} {[LIT_CHARS -F.]} {[SQ ]}) )] [LIT_CHARS .cloudapp.net]})]) (= scope= flags=0 words=[] bindings=[('use_cn', {[LIT_CHARS true]})]) ) ) (= scope= flags=0 words=[] bindings=[('sans', {[DQ [LIT_CHARS "IP:"][VarSub cert_ip]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub extra_sans]]}}) (= scope= flags=0 words=[] bindings=[('sans', {[DQ [VarSub sans][LIT_CHARS ","][VarSub extra_sans]]})]) ) (= scope= flags=0 words=[] bindings=[('tmpdir', {[ComSub (Com {[LIT_CHARS mktemp]} {[LIT_CHARS -d]} {[LIT_CHARS -t]} {[LIT_CHARS kubernetes_cacert.XXXXXX]})]})]) (Com {[LIT_CHARS trap]} {[SQ ]} {[LIT_CHARS EXIT]} ) (Com {[LIT_CHARS cd]} {[DQ [VarSub tmpdir]]} ) (If (Com {[LIT_DBRACKET_LIKE "["]} {[LIT_CHARS -f]} {[TildeSub ''] [LIT_CHARS /kube/easy-rsa.tar.gz]} {[LIT_DBRACKET_LIKE "]"]} ) (Com {[LIT_CHARS ln]} {[LIT_CHARS -s]} {[TildeSub ''] [LIT_CHARS /kube/easy-rsa.tar.gz]} {[LIT_CHARS .]} ) (ElseTrue) (Com {[LIT_CHARS curl]} {[LIT_CHARS -L]} {[LIT_CHARS -O]} {[LIT_CHARS https] [LIT_OTHER ":"] [LIT_CHARS //storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) ) (Com {[LIT_CHARS tar]} {[LIT_CHARS xzf]} {[LIT_CHARS easy-rsa.tar.gz]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cd]} {[LIT_CHARS easy-rsa-master/easyrsa3]} ) (Com {[LIT_CHARS ./easyrsa]} {[LIT_CHARS init-pki]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS ./easyrsa]} {[LIT_CHARS --batch]} {[DQ [LIT_CHARS "--req-cn="][VarSub cert_ip][LIT_CHARS "@"][ComSub (Com {[LIT_CHARS date]} {[LIT_OTHER "+"] [LIT_OTHER "%"] [LIT_CHARS s]})]]} {[LIT_CHARS build-ca]} {[LIT_CHARS nopass]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (If (Com {[LIT_DBRACKET_LIKE "["]} {[VarSub use_cn]} {[LIT_DBRACKET_LIKE "="]} {[DQ [LIT_CHARS true]]} {[LIT_DBRACKET_LIKE "]"]} ) (List (Com {[LIT_CHARS ./easyrsa]} {[LIT_CHARS build-server-full]} {[VarSub cert_ip]} {[LIT_CHARS nopass]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/issued/] [VarSub cert_ip] [LIT_CHARS .crt]} {[DQ [VarSub cert_dir][LIT_CHARS /server.cert]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/private/] [VarSub cert_ip] [LIT_CHARS .key]} {[DQ [VarSub cert_dir][LIT_CHARS /server.key]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) ) (ElseTrue) (List (Com {[LIT_CHARS ./easyrsa]} {[LIT_CHARS --subject-alt-name] [LIT_DBRACKET_LIKE "="] [DQ [VarSub sans]]} {[LIT_CHARS build-server-full]} {[LIT_CHARS kubernetes-master]} {[LIT_CHARS nopass]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/issued/kubernetes-master.crt]} {[DQ [VarSub cert_dir][LIT_CHARS /server.cert]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/private/kubernetes-master.key]} {[DQ [VarSub cert_dir][LIT_CHARS /server.key]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) ) ) (Com {[LIT_CHARS ./easyrsa]} {[LIT_CHARS build-client-full]} {[LIT_CHARS kubecfg]} {[LIT_CHARS nopass]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), (DescriptorRedirectNode target={[LIT_CHARS 1]} &"> 2), > ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/ca.crt]} {[DQ [VarSub cert_dir][LIT_CHARS /ca.crt]]} ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/issued/kubecfg.crt]} {[DQ [VarSub cert_dir][LIT_CHARS /kubecfg.crt]]} ) (Com {[LIT_CHARS cp]} {[LIT_CHARS -p]} {[LIT_CHARS pki/private/kubecfg.key]} {[DQ [VarSub cert_dir][LIT_CHARS /kubecfg.key]]} ) (Com {[LIT_CHARS chgrp]} {[VarSub cert_group]} {[DQ [VarSub cert_dir][LIT_CHARS /server.key]]} {[DQ [VarSub cert_dir][LIT_CHARS /server.cert]]} {[DQ [VarSub cert_dir][LIT_CHARS /ca.crt]]} ) (Com {[LIT_CHARS chmod]} {[LIT_CHARS 660]} {[DQ [VarSub cert_dir][LIT_CHARS /server.key]]} {[DQ [VarSub cert_dir][LIT_CHARS /server.cert]]} {[DQ [VarSub cert_dir][LIT_CHARS /ca.crt]]} ) )