From 7a37a368e6e2fcb38248d738f3a933b0b79b4bb8 Mon Sep 17 00:00:00 2001
From: Peter Rifel <pgrifel@gmail.com>
Date: Thu, 5 Oct 2023 18:41:42 -0500
Subject: [PATCH] Have kops-controller authorize droplet names instead of IPs

---
 upup/pkg/fi/cloudup/do/verifier.go | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/upup/pkg/fi/cloudup/do/verifier.go b/upup/pkg/fi/cloudup/do/verifier.go
index d0596a26a8d95..84ff15f177558 100644
--- a/upup/pkg/fi/cloudup/do/verifier.go
+++ b/upup/pkg/fi/cloudup/do/verifier.go
@@ -98,20 +98,12 @@ func (o digitalOceanVerifier) VerifyToken(ctx context.Context, rawRequest *http.
 
 	// The node challenge is important here though, verifying the caller has control of the IP address.
 
-	nodeName := ""
-	if len(addresses) == 0 {
-		// Name seems a better default than the first IP, but we have to match what other components are expecting
-		nodeName = droplet.Name
-	} else {
-		nodeName = addresses[0]
-	}
-
 	if len(challengeEndpoints) == 0 {
 		return nil, fmt.Errorf("cannot determine challenge endpoint for server %q", serverID)
 	}
 
 	result := &bootstrap.VerifyResult{
-		NodeName:          nodeName,
+		NodeName:          droplet.Name,
 		CertificateNames:  addresses,
 		ChallengeEndpoint: challengeEndpoints[0],
 	}