Azure · tariq1890 · Oct 4, 2018 · Oct 3, 2018 · Oct 3, 2018 · Oct 3, 2018
diff --git a/cmd/dcos-upgrade.go b/cmd/dcos-upgrade.go
@@ -8,7 +8,6 @@ import (
 	"path"
 	"path/filepath"
 
-	"github.com/Azure/acs-engine/pkg/acsengine"
 	"github.com/Azure/acs-engine/pkg/api"
 	"github.com/Azure/acs-engine/pkg/armhelpers"
 	"github.com/Azure/acs-engine/pkg/helpers"
@@ -230,7 +229,7 @@ func (uc *dcosUpgradeCmd) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	f := acsengine.FileSaver{
+	f := helpers.FileSaver{
 		Translator: &i18n.Translator{
 			Locale: uc.locale,
 		},

diff --git a/cmd/deploy.go b/cmd/deploy.go
@@ -294,7 +294,7 @@ func autofillApimodel(dc *deployCmd) error {
 		translator := &i18n.Translator{
 			Locale: dc.locale,
 		}
-		_, publicKey, err := acsengine.CreateSaveSSH(dc.containerService.Properties.LinuxProfile.AdminUsername, dc.outputDirectory, translator)
+		_, publicKey, err := helpers.CreateSaveSSH(dc.containerService.Properties.LinuxProfile.AdminUsername, dc.outputDirectory, translator)
 		if err != nil {
 			return errors.Wrap(err, "Failed to generate SSH Key")
 		}

diff --git a/cmd/scale.go b/cmd/scale.go
@@ -442,7 +442,7 @@ func (sc *scaleCmd) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	f := acsengine.FileSaver{
+	f := helpers.FileSaver{
 		Translator: &i18n.Translator{
 			Locale: sc.locale,
 		},

diff --git a/cmd/upgrade.go b/cmd/upgrade.go
@@ -244,7 +244,7 @@ func (uc *upgradeCmd) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	f := acsengine.FileSaver{
+	f := helpers.FileSaver{
 		Translator: &i18n.Translator{
 			Locale: uc.locale,
 		},

diff --git a/pkg/acsengine/defaults.go b/pkg/acsengine/defaults.go
@@ -705,98 +705,98 @@ func setHostedMasterProfileDefaults(a *api.Properties) {
 	a.HostedMasterProfile.Subnet = DefaultKubernetesMasterSubnet
 }
 
-func setDefaultCerts(a *api.Properties) (bool, error) {
-	if a.MasterProfile != nil && a.OrchestratorProfile.OrchestratorType == api.OpenShift {
-		return certgen.OpenShiftSetDefaultCerts(a, api.DefaultOpenshiftOrchestratorName, a.GetClusterID())
+func setDefaultCerts(p *api.Properties) (bool, error) {
+	if p.MasterProfile != nil && p.OrchestratorProfile.OrchestratorType == api.OpenShift {
+		return certgen.OpenShiftSetDefaultCerts(p, api.DefaultOpenshiftOrchestratorName, p.GetClusterID())
 	}
 
-	if a.MasterProfile == nil || a.OrchestratorProfile.OrchestratorType != api.Kubernetes {
+	if p.MasterProfile == nil || p.OrchestratorProfile.OrchestratorType != api.Kubernetes {
 		return false, nil
 	}
 
-	provided := certsAlreadyPresent(a.CertificateProfile, a.MasterProfile.Count)
+	provided := certsAlreadyPresent(p.CertificateProfile, p.MasterProfile.Count)
 
 	if areAllTrue(provided) {
 		return false, nil
 	}
 
-	masterExtraFQDNs := append(formatAzureProdFQDNs(a.MasterProfile.DNSPrefix), a.MasterProfile.SubjectAltNames...)
-	firstMasterIP := net.ParseIP(a.MasterProfile.FirstConsecutiveStaticIP).To4()
+	masterExtraFQDNs := append(formatAzureProdFQDNs(p.MasterProfile.DNSPrefix), p.MasterProfile.SubjectAltNames...)
+	firstMasterIP := net.ParseIP(p.MasterProfile.FirstConsecutiveStaticIP).To4()
 
 	if firstMasterIP == nil {
-		return false, errors.Errorf("MasterProfile.FirstConsecutiveStaticIP '%s' is an invalid IP address", a.MasterProfile.FirstConsecutiveStaticIP)
+		return false, errors.Errorf("MasterProfile.FirstConsecutiveStaticIP '%s' is an invalid IP address", p.MasterProfile.FirstConsecutiveStaticIP)
 	}
 
 	ips := []net.IP{firstMasterIP}
-	// Add the Internal Loadbalancer IP which is always at at a known offset from the firstMasterIP
+	// Add the Internal Loadbalancer IP which is always at at p known offset from the firstMasterIP
 	ips = append(ips, net.IP{firstMasterIP[0], firstMasterIP[1], firstMasterIP[2], firstMasterIP[3] + byte(DefaultInternalLbStaticIPOffset)})
 	// Include the Internal load balancer as well
 
-	if a.MasterProfile.IsVirtualMachineScaleSets() {
+	if p.MasterProfile.IsVirtualMachineScaleSets() {
 		// Include the Internal load balancer as well
-		for i := 1; i < a.MasterProfile.Count; i++ {
-			offset := i * a.MasterProfile.IPAddressCount
+		for i := 1; i < p.MasterProfile.Count; i++ {
+			offset := i * p.MasterProfile.IPAddressCount
 			ip := net.IP{firstMasterIP[0], firstMasterIP[1], firstMasterIP[2], firstMasterIP[3] + byte(offset)}
 			ips = append(ips, ip)
 		}
 	} else {
-		for i := 1; i < a.MasterProfile.Count; i++ {
+		for i := 1; i < p.MasterProfile.Count; i++ {
 			ip := net.IP{firstMasterIP[0], firstMasterIP[1], firstMasterIP[2], firstMasterIP[3] + byte(i)}
 			ips = append(ips, ip)
 		}
 	}
-	if a.CertificateProfile == nil {
-		a.CertificateProfile = &api.CertificateProfile{}
+	if p.CertificateProfile == nil {
+		p.CertificateProfile = &api.CertificateProfile{}
 	}
 
-	// use the specified Certificate Authority pair, or generate a new pair
-	var caPair *PkiKeyCertPair
+	// use the specified Certificate Authority pair, or generate p new pair
+	var caPair *helpers.PkiKeyCertPair
 	if provided["ca"] {
-		caPair = &PkiKeyCertPair{CertificatePem: a.CertificateProfile.CaCertificate, PrivateKeyPem: a.CertificateProfile.CaPrivateKey}
+		caPair = &helpers.PkiKeyCertPair{CertificatePem: p.CertificateProfile.CaCertificate, PrivateKeyPem: p.CertificateProfile.CaPrivateKey}
 	} else {
-		caCertificate, caPrivateKey, err := createCertificate("ca", nil, nil, false, false, nil, nil, nil)
+		var err error
+		caPair, err = helpers.CreatePkiKeyCertPair("ca")
 		if err != nil {
 			return false, err
 		}
-		caPair = &PkiKeyCertPair{CertificatePem: string(certificateToPem(caCertificate.Raw)), PrivateKeyPem: string(privateKeyToPem(caPrivateKey))}
-		a.CertificateProfile.CaCertificate = caPair.CertificatePem
-		a.CertificateProfile.CaPrivateKey = caPair.PrivateKeyPem
+		p.CertificateProfile.CaCertificate = caPair.CertificatePem
+		p.CertificateProfile.CaPrivateKey = caPair.PrivateKeyPem
 	}
 
-	cidrFirstIP, err := common.CidrStringFirstIP(a.OrchestratorProfile.KubernetesConfig.ServiceCIDR)
+	cidrFirstIP, err := common.CidrStringFirstIP(p.OrchestratorProfile.KubernetesConfig.ServiceCIDR)
 	if err != nil {
 		return false, err
 	}
 	ips = append(ips, cidrFirstIP)
 
-	apiServerPair, clientPair, kubeConfigPair, etcdServerPair, etcdClientPair, etcdPeerPairs, err := CreatePki(masterExtraFQDNs, ips, DefaultKubernetesClusterDomain, caPair, a.MasterProfile.Count)
+	apiServerPair, clientPair, kubeConfigPair, etcdServerPair, etcdClientPair, etcdPeerPairs, err := helpers.CreatePki(masterExtraFQDNs, ips, DefaultKubernetesClusterDomain, caPair, p.MasterProfile.Count)
 	if err != nil {
 		return false, err
 	}
 
 	// If no Certificate Authority pair or no cert/key pair was provided, use generated cert/key pairs signed by provided Certificate Authority pair
 	if !provided["apiserver"] || !provided["ca"] {
-		a.CertificateProfile.APIServerCertificate = apiServerPair.CertificatePem
-		a.CertificateProfile.APIServerPrivateKey = apiServerPair.PrivateKeyPem
+		p.CertificateProfile.APIServerCertificate = apiServerPair.CertificatePem
+		p.CertificateProfile.APIServerPrivateKey = apiServerPair.PrivateKeyPem
 	}
 	if !provided["client"] || !provided["ca"] {
-		a.CertificateProfile.ClientCertificate = clientPair.CertificatePem
-		a.CertificateProfile.ClientPrivateKey = clientPair.PrivateKeyPem
+		p.CertificateProfile.ClientCertificate = clientPair.CertificatePem
+		p.CertificateProfile.ClientPrivateKey = clientPair.PrivateKeyPem
 	}
 	if !provided["kubeconfig"] || !provided["ca"] {
-		a.CertificateProfile.KubeConfigCertificate = kubeConfigPair.CertificatePem
-		a.CertificateProfile.KubeConfigPrivateKey = kubeConfigPair.PrivateKeyPem
+		p.CertificateProfile.KubeConfigCertificate = kubeConfigPair.CertificatePem
+		p.CertificateProfile.KubeConfigPrivateKey = kubeConfigPair.PrivateKeyPem
 	}
 	if !provided["etcd"] || !provided["ca"] {
-		a.CertificateProfile.EtcdServerCertificate = etcdServerPair.CertificatePem
-		a.CertificateProfile.EtcdServerPrivateKey = etcdServerPair.PrivateKeyPem
-		a.CertificateProfile.EtcdClientCertificate = etcdClientPair.CertificatePem
-		a.CertificateProfile.EtcdClientPrivateKey = etcdClientPair.PrivateKeyPem
-		a.CertificateProfile.EtcdPeerCertificates = make([]string, a.MasterProfile.Count)
-		a.CertificateProfile.EtcdPeerPrivateKeys = make([]string, a.MasterProfile.Count)
+		p.CertificateProfile.EtcdServerCertificate = etcdServerPair.CertificatePem
+		p.CertificateProfile.EtcdServerPrivateKey = etcdServerPair.PrivateKeyPem
+		p.CertificateProfile.EtcdClientCertificate = etcdClientPair.CertificatePem
+		p.CertificateProfile.EtcdClientPrivateKey = etcdClientPair.PrivateKeyPem
+		p.CertificateProfile.EtcdPeerCertificates = make([]string, p.MasterProfile.Count)
+		p.CertificateProfile.EtcdPeerPrivateKeys = make([]string, p.MasterProfile.Count)
 		for i, v := range etcdPeerPairs {
-			a.CertificateProfile.EtcdPeerCertificates[i] = v.CertificatePem
-			a.CertificateProfile.EtcdPeerPrivateKeys[i] = v.PrivateKeyPem
+			p.CertificateProfile.EtcdPeerCertificates[i] = v.CertificatePem
+			p.CertificateProfile.EtcdPeerPrivateKeys[i] = v.PrivateKeyPem
 		}
 	}
 

diff --git a/pkg/acsengine/engine_test.go b/pkg/acsengine/engine_test.go
@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"path"
 	"path/filepath"
+	"reflect"
 	"strings"
 	"testing"
 
@@ -556,3 +557,64 @@ func TestGenerateKubeConfig(t *testing.T) {
 		t.Fatalf("Expected an error result from nil Properties child properties")
 	}
 }
+
+func TestFormatAzureProdFQDN(t *testing.T) {
+	dnsPrefix := "santest"
+
+	actual := formatAzureProdFQDNs(dnsPrefix)
+
+	expected := []string{
+		"santest.australiacentral.cloudapp.azure.com",
+		"santest.australiacentral2.cloudapp.azure.com",
+		"santest.australiaeast.cloudapp.azure.com",
+		"santest.australiasoutheast.cloudapp.azure.com",
+		"santest.brazilsouth.cloudapp.azure.com",
+		"santest.canadacentral.cloudapp.azure.com",
+		"santest.canadaeast.cloudapp.azure.com",
+		"santest.centralindia.cloudapp.azure.com",
+		"santest.centralus.cloudapp.azure.com",
+		"santest.centraluseuap.cloudapp.azure.com",
+		"santest.chinaeast.cloudapp.chinacloudapi.cn",
+		"santest.chinaeast2.cloudapp.chinacloudapi.cn",
+		"santest.chinanorth.cloudapp.chinacloudapi.cn",
+		"santest.chinanorth2.cloudapp.chinacloudapi.cn",
+		"santest.eastasia.cloudapp.azure.com",
+		"santest.eastus.cloudapp.azure.com",
+		"santest.eastus2.cloudapp.azure.com",
+		"santest.eastus2euap.cloudapp.azure.com",
+		"santest.francecentral.cloudapp.azure.com",
+		"santest.francesouth.cloudapp.azure.com",
+		"santest.japaneast.cloudapp.azure.com",
+		"santest.japanwest.cloudapp.azure.com",
+		"santest.koreacentral.cloudapp.azure.com",
+		"santest.koreasouth.cloudapp.azure.com",
+		"santest.northcentralus.cloudapp.azure.com",
+		"santest.northeurope.cloudapp.azure.com",
+		"santest.southcentralus.cloudapp.azure.com",
+		"santest.southeastasia.cloudapp.azure.com",
+		"santest.southindia.cloudapp.azure.com",
+		"santest.uksouth.cloudapp.azure.com",
+		"santest.ukwest.cloudapp.azure.com",
+		"santest.westcentralus.cloudapp.azure.com",
+		"santest.westeurope.cloudapp.azure.com",
+		"santest.westindia.cloudapp.azure.com",
+		"santest.westus.cloudapp.azure.com",
+		"santest.westus2.cloudapp.azure.com",
+		"santest.chinaeast.cloudapp.chinacloudapi.cn",
+		"santest.chinanorth.cloudapp.chinacloudapi.cn",
+		"santest.chinanorth2.cloudapp.chinacloudapi.cn",
+		"santest.chinaeast2.cloudapp.chinacloudapi.cn",
+		"santest.germanycentral.cloudapp.microsoftazure.de",
+		"santest.germanynortheast.cloudapp.microsoftazure.de",
+		"santest.usgovvirginia.cloudapp.usgovcloudapi.net",
+		"santest.usgoviowa.cloudapp.usgovcloudapi.net",
+		"santest.usgovarizona.cloudapp.usgovcloudapi.net",
+		"santest.usgovtexas.cloudapp.usgovcloudapi.net",
+		"santest.francecentral.cloudapp.azure.com",
+	}
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Errorf("expected formatted fqdns %s, but got %s", expected, actual)
+	}
+
+}
diff --git a/pkg/acsengine/output.go b/pkg/acsengine/output.go
@@ -8,6 +8,7 @@ import (
 	"strconv"
 
 	"github.com/Azure/acs-engine/pkg/api"
+	"github.com/Azure/acs-engine/pkg/helpers"
 	"github.com/Azure/acs-engine/pkg/i18n"
 	"github.com/pkg/errors"
 )
@@ -24,7 +25,7 @@ func (w *ArtifactWriter) WriteTLSArtifacts(containerService *api.ContainerServic
 		artifactsDir = path.Join("_output", artifactsDir)
 	}
 
-	f := &FileSaver{
+	f := &helpers.FileSaver{
 		Translator: w.Translator,
 	}
 

diff --git a/pkg/acsengine/ssh.go b/pkg/acsengine/ssh.go
diff --git a/pkg/acsengine/ssh_test.go b/pkg/acsengine/ssh_test.go
diff --git a/pkg/acsengine/filesaver.go → pkg/helpers/filesaver.go b/pkg/acsengine/filesaver.go → pkg/helpers/filesaver.go
@@ -1,4 +1,4 @@
-package acsengine
+package helpers
 
 import (
 	"io/ioutil"

diff --git a/pkg/helpers/helpers.go b/pkg/helpers/helpers.go
@@ -3,8 +3,10 @@ package helpers
 import (
 	// "fmt"
 	"bytes"
+	"crypto/rand"
 	"crypto/rsa"
 	"encoding/json"
+	"fmt"
 	"io"
 	"os"
 	"runtime"
@@ -161,3 +163,24 @@ func GetHomeDir() string {
 func ShellQuote(s string) string {
 	return `'` + strings.Replace(s, `'`, `'\''`, -1) + `'`
 }
+
+// CreateSaveSSH generates and stashes an SSH key pair.
+func CreateSaveSSH(username, outputDirectory string, s *i18n.Translator) (privateKey *rsa.PrivateKey, publicKeyString string, err error) {
+	privateKey, publicKeyString, err = CreateSSH(rand.Reader, s)
+	if err != nil {
+		return nil, "", err
+	}
+
+	privateKeyPem := privateKeyToPem(privateKey)
+
+	f := &FileSaver{
+		Translator: s,
+	}
+
+	err = f.SaveFile(outputDirectory, fmt.Sprintf("%s_rsa", username), privateKeyPem)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return privateKey, publicKeyString, nil
+}