From 2f6d3c9bb26ef553e0a62790d83f7fbebbc49ce8 Mon Sep 17 00:00:00 2001
From: Tanishq Dubey <dubey@dws.rip>
Date: Fri, 16 May 2025 21:20:39 -0400
Subject: [PATCH] Use local paths when possible, some AI cleanup

---
 cmd/kat-agent/main.go         | 14 +++++++-------
 examples/cluster.kat          |  6 +++---
 internal/config/parse_test.go |  4 ++--
 internal/config/types.go      | 12 ++++++------
 internal/pki/certs.go         |  4 ----
 internal/pki/certs_test.go    |  2 +-
 internal/testutil/testutil.go |  4 ++--
 7 files changed, 21 insertions(+), 25 deletions(-)

diff --git a/cmd/kat-agent/main.go b/cmd/kat-agent/main.go
index d841978..3e85ff6 100644
--- a/cmd/kat-agent/main.go
+++ b/cmd/kat-agent/main.go
@@ -44,7 +44,7 @@ const (
 	clusterUIDKey    = "/kat/config/cluster_uid"
 	clusterConfigKey = "/kat/config/cluster_config" // Stores the JSON of pb.ClusterConfigurationSpec
 	defaultNodeName  = "kat-node"
-	leaderCertCN     = "leader.kat.cluster.local"   // Common Name for leader certificate
+	leaderCertCN     = "leader.kat.cluster.local" // Common Name for leader certificate
 )
 
 func init() {
@@ -75,11 +75,11 @@ func runInit(cmd *cobra.Command, args []string) {
 	pkiDir := pki.GetPKIPathFromClusterConfig(parsedClusterConfig.Spec.BackupPath)
 	caKeyPath := filepath.Join(pkiDir, "ca.key")
 	caCertPath := filepath.Join(pkiDir, "ca.crt")
-	
+
 	// Check if CA already exists
 	_, caKeyErr := os.Stat(caKeyPath)
 	_, caCertErr := os.Stat(caCertPath)
-	
+
 	if os.IsNotExist(caKeyErr) || os.IsNotExist(caCertErr) {
 		log.Printf("CA key or certificate not found. Generating new CA in %s", pkiDir)
 		if err := pki.GenerateCA(pkiDir, caKeyPath, caCertPath); err != nil {
@@ -158,23 +158,23 @@ func runInit(cmd *cobra.Command, args []string) {
 			} else {
 				log.Printf("Cluster UID already exists in etcd. Skipping storage.")
 			}
-			
+
 			// Generate leader's server certificate for mTLS
 			leaderKeyPath := filepath.Join(pkiDir, "leader.key")
 			leaderCSRPath := filepath.Join(pkiDir, "leader.csr")
 			leaderCertPath := filepath.Join(pkiDir, "leader.crt")
-			
+
 			// Check if leader cert already exists
 			_, leaderCertErr := os.Stat(leaderCertPath)
 			if os.IsNotExist(leaderCertErr) {
 				log.Println("Generating leader server certificate for mTLS")
-				
+
 				// Generate key and CSR for leader
 				if err := pki.GenerateCertificateRequest(leaderCertCN, leaderKeyPath, leaderCSRPath); err != nil {
 					log.Printf("Failed to generate leader key and CSR: %v", err)
 				} else {
 					// Read the CSR file
-					csrData, err := os.ReadFile(leaderCSRPath)
+					_, err := os.ReadFile(leaderCSRPath)
 					if err != nil {
 						log.Printf("Failed to read leader CSR file: %v", err)
 					} else {
diff --git a/examples/cluster.kat b/examples/cluster.kat
index bab91e9..36cc86c 100644
--- a/examples/cluster.kat
+++ b/examples/cluster.kat
@@ -3,8 +3,8 @@ kind: ClusterConfiguration
 metadata:
   name: my-kat-cluster
 spec:
-  clusterCIDR: "10.100.0.0/16"
-  serviceCIDR: "10.200.0.0/16"
+  cluster_CIDR: "10.100.0.0/16"
+  service_CIDR: "10.200.0.0/16"
   nodeSubnetBits: 7 # Results in /23 node subnets (e.g., 10.100.0.0/23, 10.100.2.0/23)
   clusterDomain: "kat.example.local" # Overriding default
   apiPort: 9115
@@ -15,4 +15,4 @@ spec:
   backupPath: "/opt/kat/backups"     # Overriding default
   backupIntervalMinutes: 60
   agentTickSeconds: 10
-  nodeLossTimeoutSeconds: 45
\ No newline at end of file
+  nodeLossTimeoutSeconds: 45
diff --git a/internal/config/parse_test.go b/internal/config/parse_test.go
index 1217d01..ce0fd48 100644
--- a/internal/config/parse_test.go
+++ b/internal/config/parse_test.go
@@ -201,8 +201,8 @@ func TestValidateClusterConfiguration_InvalidValues(t *testing.T) {
 			ApiPort:                10251,
 			EtcdPeerPort:           2380,
 			EtcdClientPort:         2379,
-			VolumeBasePath:         "/var/lib/kat/volumes",
-			BackupPath:             "/var/lib/kat/backups",
+			VolumeBasePath:         "~/.kat/volumes",
+			BackupPath:             "~/.kat/backups",
 			BackupIntervalMinutes:  30,
 			AgentTickSeconds:       15,
 			NodeLossTimeoutSeconds: 60,
diff --git a/internal/config/types.go b/internal/config/types.go
index d49c9c7..c5c0c84 100644
--- a/internal/config/types.go
+++ b/internal/config/types.go
@@ -11,13 +11,13 @@ const (
 	DefaultApiPort            = 9115
 	DefaultEtcdPeerPort       = 2380
 	DefaultEtcdClientPort     = 2379
-	DefaultVolumeBasePath     = "/var/lib/kat/volumes"
-	DefaultBackupPath         = "/var/lib/kat/backups"
+	DefaultVolumeBasePath     = "~/.kat/volumes"
+	DefaultBackupPath         = "~/.kat/backups"
 	DefaultBackupIntervalMins = 30
 	DefaultAgentTickSeconds   = 15
 	DefaultNodeLossTimeoutSec = 60 // DefaultNodeLossTimeoutSeconds = DefaultAgentTickSeconds * 4 (example logic)
 	DefaultNodeSubnetBits     = 7  // yields /23 from /16, or /31 from /24 etc. (5 bits for /29, 7 for /25)
-                                     // RFC says 7 for /23 from /16. This means 2^(32-16-7) = 2^9 = 512 IPs per node subnet.
-                                     // If nodeSubnetBits means bits for the node portion *within* the host part of clusterCIDR:
-                                     // e.g. /16 -> 16 host bits. If nodeSubnetBits = 7, then node subnet is / (16+7) = /23.
-)
\ No newline at end of file
+	// RFC says 7 for /23 from /16. This means 2^(32-16-7) = 2^9 = 512 IPs per node subnet.
+	// If nodeSubnetBits means bits for the node portion *within* the host part of clusterCIDR:
+	// e.g. /16 -> 16 host bits. If nodeSubnetBits = 7, then node subnet is / (16+7) = /23.
+)
diff --git a/internal/pki/certs.go b/internal/pki/certs.go
index 724f904..0186ba1 100644
--- a/internal/pki/certs.go
+++ b/internal/pki/certs.go
@@ -1,15 +1,11 @@
 package pki
 
 import (
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"net"
 	"os"
-	"time"
 )
 
 // ParseCSRFromBytes parses a PEM-encoded CSR from bytes
diff --git a/internal/pki/certs_test.go b/internal/pki/certs_test.go
index d3cc27c..ee43291 100644
--- a/internal/pki/certs_test.go
+++ b/internal/pki/certs_test.go
@@ -87,7 +87,7 @@ func TestSignCertificateRequest(t *testing.T) {
 
 	// Sign CSR
 	certPath := filepath.Join(tempDir, "node.crt")
-	err = SignCertificateRequest(caKeyPath, caCertPath, csrData, certPath, 30) // 30 days validity
+	err = SignCertificateRequest(caKeyPath, caCertPath, string(csrData), certPath, 30) // 30 days validity
 	if err != nil {
 		t.Fatalf("SignCertificateRequest failed: %v", err)
 	}
diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go
index 8a31256..ea0391c 100644
--- a/internal/testutil/testutil.go
+++ b/internal/testutil/testutil.go
@@ -51,8 +51,8 @@ spec:
   apiPort: 9115
   etcdPeerPort: 2380
   etcdClientPort: 2379
-  volumeBasePath: "/var/lib/kat/volumes"
-  backupPath: "/var/lib/kat/backups"
+  volumeBasePath: "~/.kat/volumes"
+  backupPath: "~/.kat/backups"
   backupIntervalMinutes: 30
   agentTickSeconds: 15
   nodeLossTimeoutSeconds: 60