From 2b03d65c3b93b53b5df03777e24947f8e0b22ae8 Mon Sep 17 00:00:00 2001
From: Jack Doan <jackdoan@rivian.com>
Date: Wed, 10 Jul 2024 16:16:55 -0400
Subject: [PATCH] make nebula-cert build+function

---
 cmd/nebula-cert/ca.go   | 31 +++++++++----------------------
 cmd/nebula-cert/sign.go | 17 +++++------------
 2 files changed, 14 insertions(+), 34 deletions(-)

diff --git a/cmd/nebula-cert/ca.go b/cmd/nebula-cert/ca.go
index 4e5d51d0c..7b690c125 100644
--- a/cmd/nebula-cert/ca.go
+++ b/cmd/nebula-cert/ca.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"io"
 	"math"
-	"net"
+	"net/netip"
 	"os"
 	"strings"
 	"time"
@@ -106,37 +106,24 @@ func ca(args []string, out io.Writer, errOut io.Writer, pr PasswordReader) error
 		}
 	}
 
-	var ips []*net.IPNet
+	var ips netip.Prefix
 	if *cf.ips != "" {
-		for _, rs := range strings.Split(*cf.ips, ",") {
-			rs := strings.Trim(rs, " ")
-			if rs != "" {
-				ip, ipNet, err := net.ParseCIDR(rs)
-				if err != nil {
-					return newHelpErrorf("invalid ip definition: %s", err)
-				}
-				if ip.To4() == nil {
-					return newHelpErrorf("invalid ip definition: can only be ipv4, have %s", rs)
-				}
-
-				ipNet.IP = ip
-				ips = append(ips, ipNet)
-			}
+		rs := strings.Trim(*cf.ips, " ")
+		ips, err = netip.ParsePrefix(rs)
+		if err != nil {
+			return newHelpErrorf("invalid ip definition: %s", err)
 		}
 	}
 
-	var subnets []*net.IPNet
+	var subnets []netip.Prefix
 	if *cf.subnets != "" {
 		for _, rs := range strings.Split(*cf.subnets, ",") {
 			rs := strings.Trim(rs, " ")
 			if rs != "" {
-				_, s, err := net.ParseCIDR(rs)
+				s, err := netip.ParsePrefix(rs)
 				if err != nil {
 					return newHelpErrorf("invalid subnet definition: %s", err)
 				}
-				if s.IP.To4() == nil {
-					return newHelpErrorf("invalid subnet definition: can only be ipv4, have %s", rs)
-				}
 				subnets = append(subnets, s)
 			}
 		}
@@ -195,7 +182,7 @@ func ca(args []string, out io.Writer, errOut io.Writer, pr PasswordReader) error
 		Details: cert.NebulaCertificateDetails{
 			Name:      *cf.name,
 			Groups:    groups,
-			Ips:       ips,
+			Ip:        ips,
 			Subnets:   subnets,
 			NotBefore: time.Now(),
 			NotAfter:  time.Now().Add(*cf.duration),
diff --git a/cmd/nebula-cert/sign.go b/cmd/nebula-cert/sign.go
index 35d644689..3f126ee6d 100644
--- a/cmd/nebula-cert/sign.go
+++ b/cmd/nebula-cert/sign.go
@@ -6,7 +6,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"net"
+	"net/netip"
 	"os"
 	"strings"
 	"time"
@@ -139,14 +139,10 @@ func signCert(args []string, out io.Writer, errOut io.Writer, pr PasswordReader)
 		*sf.duration = time.Until(caCert.Details.NotAfter) - time.Second*1
 	}
 
-	ip, ipNet, err := net.ParseCIDR(*sf.ip)
+	ipNet, err := netip.ParsePrefix(*sf.ip)
 	if err != nil {
 		return newHelpErrorf("invalid ip definition: %s", err)
 	}
-	if ip.To4() == nil {
-		return newHelpErrorf("invalid ip definition: can only be ipv4, have %s", *sf.ip)
-	}
-	ipNet.IP = ip
 
 	groups := []string{}
 	if *sf.groups != "" {
@@ -158,18 +154,15 @@ func signCert(args []string, out io.Writer, errOut io.Writer, pr PasswordReader)
 		}
 	}
 
-	subnets := []*net.IPNet{}
+	var subnets []netip.Prefix
 	if *sf.subnets != "" {
 		for _, rs := range strings.Split(*sf.subnets, ",") {
 			rs := strings.Trim(rs, " ")
 			if rs != "" {
-				_, s, err := net.ParseCIDR(rs)
+				s, err := netip.ParsePrefix(rs)
 				if err != nil {
 					return newHelpErrorf("invalid subnet definition: %s", err)
 				}
-				if s.IP.To4() == nil {
-					return newHelpErrorf("invalid subnet definition: can only be ipv4, have %s", rs)
-				}
 				subnets = append(subnets, s)
 			}
 		}
@@ -196,7 +189,7 @@ func signCert(args []string, out io.Writer, errOut io.Writer, pr PasswordReader)
 	nc := cert.NebulaCertificate{
 		Details: cert.NebulaCertificateDetails{
 			Name:      *sf.name,
-			Ips:       []*net.IPNet{ipNet},
+			Ip:        ipNet,
 			Groups:    groups,
 			Subnets:   subnets,
 			NotBefore: time.Now(),