From a3fee8fd4032147b470a2743c46f6c9d6196ed91 Mon Sep 17 00:00:00 2001
From: Dan Lorenc <lorenc.d@gmail.com>
Date: Wed, 11 May 2016 16:50:27 -0700
Subject: [PATCH] Remove unused portions of GenerateSelfSignedCert

---
 cmd/localkube/cmd/start.go      |  7 +------
 pkg/localkube/crypto.go         | 30 +++++++++++++++++++-----------
 pkg/localkube/localkube.go      | 19 ++++++++++++++-----
 pkg/localkube/localkube_test.go | 15 +++++++--------
 4 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/cmd/localkube/cmd/start.go b/cmd/localkube/cmd/start.go
index d9f636fb47..12e421d122 100644
--- a/cmd/localkube/cmd/start.go
+++ b/cmd/localkube/cmd/start.go
@@ -56,12 +56,7 @@ func init() {
 
 func SetupServer(s *localkube.LocalkubeServer) {
 
-	hostIP, err := s.GetHostIP()
-	if err != nil {
-		fmt.Println("Error getting host IP!")
-		panic(err)
-	}
-	if err := s.GenerateCerts(hostIP); err != nil {
+	if err := s.GenerateCerts(); err != nil {
 		fmt.Println("Failed to create certificates!")
 		panic(err)
 	}
diff --git a/pkg/localkube/crypto.go b/pkg/localkube/crypto.go
index 6d955a0f0f..8b5382d5ea 100644
--- a/pkg/localkube/crypto.go
+++ b/pkg/localkube/crypto.go
@@ -1,3 +1,19 @@
+/*
+Copyright 2016 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package localkube
 
 import (
@@ -7,7 +23,6 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
-	"fmt"
 	"io/ioutil"
 	"math/big"
 	"net"
@@ -16,12 +31,11 @@ import (
 	"time"
 )
 
-// Host may be an IP or a DNS name
 // You may also specify additional subject alt names (either ip or dns names) for the certificate
 // The certificate will be created with file mode 0644. The key will be created with file mode 0600.
 // If the certificate or key files already exist, they will be overwritten.
 // Any parent directories of the certPath or keyPath will be created as needed with file mode 0755.
-func GenerateSelfSignedCert(host, certPath, keyPath string, alternateIPs []net.IP, alternateDNS []string) error {
+func GenerateSelfSignedCert(certPath, keyPath string, ips []net.IP, alternateDNS []string) error {
 	priv, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return err
@@ -30,7 +44,7 @@ func GenerateSelfSignedCert(host, certPath, keyPath string, alternateIPs []net.I
 	template := x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
-			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
+			CommonName: "minikube",
 		},
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365),
@@ -41,13 +55,7 @@ func GenerateSelfSignedCert(host, certPath, keyPath string, alternateIPs []net.I
 		IsCA: true,
 	}
 
-	if ip := net.ParseIP(host); ip != nil {
-		template.IPAddresses = append(template.IPAddresses, ip)
-	} else {
-		template.DNSNames = append(template.DNSNames, host)
-	}
-
-	template.IPAddresses = append(template.IPAddresses, alternateIPs...)
+	template.IPAddresses = append(template.IPAddresses, ips...)
 	template.DNSNames = append(template.DNSNames, alternateDNS...)
 
 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
diff --git a/pkg/localkube/localkube.go b/pkg/localkube/localkube.go
index ac27b1b8a1..8602d323f1 100644
--- a/pkg/localkube/localkube.go
+++ b/pkg/localkube/localkube.go
@@ -124,12 +124,11 @@ func (lk LocalkubeServer) shouldGenerateCerts(ips []net.IP) bool {
 	return false
 }
 
-func (lk LocalkubeServer) GenerateCerts(hostIP net.IP) error {
-
-	ips := []net.IP{lk.ServiceClusterIPRange.IP, hostIP}
+func (lk LocalkubeServer) getAllIPs() ([]net.IP, error) {
+	ips := []net.IP{lk.ServiceClusterIPRange.IP}
 	addrs, err := net.InterfaceAddrs()
 	if err != nil {
-		return err
+		return nil, err
 	}
 	for _, addr := range addrs {
 		ipnet, ok := addr.(*net.IPNet)
@@ -139,6 +138,16 @@ func (lk LocalkubeServer) GenerateCerts(hostIP net.IP) error {
 		}
 		ips = append(ips, ipnet.IP)
 	}
+	return ips, nil
+}
+
+func (lk LocalkubeServer) GenerateCerts() error {
+
+	ips, err := lk.getAllIPs()
+	if err != nil {
+		return err
+	}
+
 	if !lk.shouldGenerateCerts(ips) {
 		fmt.Println("Using these existing certs: ", lk.GetPublicKeyCertPath(), lk.GetPrivateKeyCertPath())
 		return nil
@@ -146,7 +155,7 @@ func (lk LocalkubeServer) GenerateCerts(hostIP net.IP) error {
 	fmt.Println("Creating cert with IPs: ", ips)
 	alternateDNS := []string{fmt.Sprintf("%s.%s", "kubernetes.default.svc", lk.DNSDomain), "kubernetes.default.svc", "kubernetes.default", "kubernetes"}
 
-	if err := GenerateSelfSignedCert(hostIP.String(), lk.GetPublicKeyCertPath(), lk.GetPrivateKeyCertPath(), ips, alternateDNS); err != nil {
+	if err := GenerateSelfSignedCert(lk.GetPublicKeyCertPath(), lk.GetPrivateKeyCertPath(), ips, alternateDNS); err != nil {
 		fmt.Println("Failed to create certs: ", err)
 		return err
 	}
diff --git a/pkg/localkube/localkube_test.go b/pkg/localkube/localkube_test.go
index 6ac5e2e830..be83d59b19 100644
--- a/pkg/localkube/localkube_test.go
+++ b/pkg/localkube/localkube_test.go
@@ -39,7 +39,7 @@ func TestGenerateCerts(t *testing.T) {
 		ServiceClusterIPRange: *ipRange,
 	}
 
-	if err := lk.GenerateCerts(testIPs[0]); err != nil {
+	if err := lk.GenerateCerts(); err != nil {
 		t.Fatalf("Unexpected error generating certs: %s", err)
 	}
 
@@ -50,13 +50,10 @@ func TestGenerateCerts(t *testing.T) {
 			t.Fatalf("Certificate not created: %s", p)
 		}
 	}
-	cert, err := lk.loadCert(filepath.Join(tempDir, "certs", "apiserver.crt"))
+	_, err := lk.loadCert(filepath.Join(tempDir, "certs", "apiserver.crt"))
 	if err != nil {
 		t.Fatalf("Error parsing cert: %s", err)
 	}
-	if !cert.IPAddresses[0].Equal(testIPs[0]) {
-		t.Fatalf("IP mismatch: %s != %s.", cert.IPAddresses[0], testIPs[0])
-	}
 }
 
 func TestShouldGenerateCertsNoFiles(t *testing.T) {
@@ -100,7 +97,8 @@ func TestShouldGenerateCertsMismatchedIP(t *testing.T) {
 		LocalkubeDirectory:    tempDir,
 		ServiceClusterIPRange: *ipRange,
 	}
-	lk.GenerateCerts(testIPs[0])
+
+	lk.GenerateCerts()
 
 	if !lk.shouldGenerateCerts([]net.IP{net.ParseIP("4.3.2.1")}) {
 		t.Fatalf("IPs don't match, we should generate.")
@@ -117,8 +115,9 @@ func TestShouldNotGenerateCerts(t *testing.T) {
 		LocalkubeDirectory:    tempDir,
 		ServiceClusterIPRange: *ipRange,
 	}
-	lk.GenerateCerts(testIPs[0])
-	if lk.shouldGenerateCerts(testIPs) {
+	lk.GenerateCerts()
+	ips, _ := lk.getAllIPs()
+	if lk.shouldGenerateCerts(ips) {
 		t.Fatalf("IPs match, we should not generate.")
 	}
 }