Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[receiver/kubeletstats] fix client to refresh service account tokens #26316

Merged
merged 3 commits into from
Sep 5, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .chloggen/kubelet-client-refresh-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Use this changelog template to create an entry for release notes.

# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
change_type: bug_fix

# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
component: receiver/kubeletstats

# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: "Fixes client to refresh service account token when authenticating with kubelet"

# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
issues: [26120]

# (Optional) One or more lines of additional information to render under the primary note.
# These lines will be padded with 2 spaces and then inserted directly into the document.
# Use pipe (|) for multiline entries.
subtext:

# If your change doesn't affect end users or the exported elements of any package,
# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
# Optional: The change log or logs in which this entry should be included.
# e.g. '[user]' or '[user, api]'
# Include 'user' if the change is relevant to end users.
# Include 'api' if there is a change to a library API.
# Default: '[user]'
change_logs: [user]
22 changes: 20 additions & 2 deletions internal/kubelet/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (

"go.uber.org/zap"
"k8s.io/client-go/rest"
"k8s.io/client-go/transport"

"github.com/open-telemetry/opentelemetry-collector-contrib/internal/common/sanitize"
"github.com/open-telemetry/opentelemetry-collector-contrib/internal/k8sconfig"
Expand Down Expand Up @@ -165,9 +166,26 @@ func (p *saClientProvider) BuildClient() (Client, error) {
}
tr := defaultTransport()
tr.TLSClientConfig = &tls.Config{
RootCAs: rootCAs,
RootCAs: rootCAs,
InsecureSkipVerify: true,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have not been passing the user provided InsecureSkipVerify config when authType is service account. I am keeping the same behavior here and will create a different issue to address this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#26319 Any ideas/context if this was done intentionally?

}
endpoint, err := buildEndpoint(p.endpoint, true, p.logger)
if err != nil {
return nil, err
}
rt, err := transport.NewBearerAuthWithRefreshRoundTripper(string(tok), p.tokenPath, tr)
if err != nil {
return nil, err
}
return defaultTLSClient(p.endpoint, true, rootCAs, nil, tok, p.logger)

return &clientImpl{
baseURL: endpoint,
httpClient: http.Client{
Transport: rt,
},
tok: nil,
logger: p.logger,
}, nil
}

func defaultTLSClient(
Expand Down
24 changes: 19 additions & 5 deletions internal/kubelet/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
package kubelet

import (
"crypto/tls"
"crypto/x509"
"errors"
"io"
Expand Down Expand Up @@ -102,15 +103,29 @@ func TestDefaultTLSClient(t *testing.T) {
}

func TestSvcAcctClient(t *testing.T) {
server := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
// Check if call is authenticated using token from test file
require.Equal(t, req.Header.Get("Authorization"), "Bearer s3cr3t")
_, err := rw.Write([]byte(`OK`))
require.NoError(t, err)
}))
cert, err := tls.LoadX509KeyPair("./testdata/testcert.crt", "./testdata/testkey.key")
require.NoError(t, err)
server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
server.StartTLS()
defer server.Close()

p := &saClientProvider{
endpoint: "localhost:9876",
caCertPath: certPath,
endpoint: server.Listener.Addr().String(),
caCertPath: "./testdata/testcert.crt",
tokenPath: "./testdata/token",
logger: zap.NewNop(),
}
cl, err := p.BuildClient()
client, err := p.BuildClient()
require.NoError(t, err)
require.Equal(t, "s3cr3t", string(cl.(*clientImpl).tok))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NewBearerAuthWithRefreshRoundTripper handles the authorization header for us, so removing this test case and replacing with the server validation check

resp, err := client.Get("/")
require.NoError(t, err)
require.Equal(t, []byte(`OK`), resp)
}

func TestNewKubeConfigClient(t *testing.T) {
Expand Down Expand Up @@ -268,7 +283,6 @@ func TestBuildReq(t *testing.T) {
req, err := cl.(*clientImpl).buildReq("/foo")
require.NoError(t, err)
require.NotNil(t, req)
require.Equal(t, req.Header["Authorization"][0], "bearer s3cr3t")
}

func TestBuildBadReq(t *testing.T) {
Expand Down
48 changes: 31 additions & 17 deletions internal/kubelet/testdata/testcert.crt
Original file line number Diff line number Diff line change
@@ -1,19 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIJAO8ClxUckM5xMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
BAYTAk9UMRYwFAYDVQQIDA1PcGVuVGVsZW1ldHJ5MRAwDgYDVQQHDAdTZXJ2aWNl
MRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMjAwNTA2MDAzMTQ0WhcNMjEwNTA2MDAz
MTQ0WjBLMQswCQYDVQQGEwJPVDEWMBQGA1UECAwNT3BlblRlbGVtZXRyeTEQMA4G
A1UEBwwHU2VydmljZTESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyVL12RmIXJP/K1wkGDW2k9OKvmP/kX0w2iPEZ7f0
3kUvDpAUjGHr3FnnOYYmxQU+gXK0g/pRupNh5n4GuzFGbQNEAl1V+dmAB5w/yX3p
SSZVZmsIRRgTVRd1501mDNqRS6aOy8+PhFUF7rI6V5KBaizLch6ojOtDSouUTnRI
9o47WSeyVALHFllm1BYlCBoiSZ/ZX2BJOteJ/9fawPQzVMSmNOQcymRiHqeBlhlI
gIPFEOh68oJScGNRVin0tnxfUr7eO+cR3iC20aCUXsL3Yq1KKXrxD3/0T8ICK5DM
qWj4gKC4CVlIF68zvVWD/jKSR9u9Gs+aRxA2ZHF+scsHgQIDAQABoxMwETAPBgNV
HREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQA2DT7VxpFLCqc0FHW16yZ9
/9fQChEN5IBe6mjbysjeYhef8w7xP03wl6SwFXFpTQDFqz6KdolH+Zl4gm6MsrsX
nQNP8fkHfNtHr+28JPDPWC5aWx5xfdQ4ybfeEV+xdNmrKeKGOcQ+Nmjcx06ysy0J
OSjOBwyTvlCIOF5AnafFuCk81EnbMLQeIvsfudXTAi0aw6HMmS2UgmGUcwGsFDRt
Xx1n1nLclK73f2a9mrzrh1s3lMom1FLaZ8fRecB9cVZJAHdw7RDtkG0qFf+v9Hk0
y8JKVfSmRIveHz62a/61T36VSKIO0qksdR4wEPCjADsdpagVMrwjyu8qShLFXRkn
MIIFuDCCA6CgAwIBAgIUX6gHrM+cXSsdSQTFUTl7ISB8xoYwDQYJKoZIhvcNAQEL
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated cert since the ones checked in have expired

BQAwYzELMAkGA1UEBhMCT1QxFjAUBgNVBAgMDU9wZW50ZWxlbWV0cnkxEDAOBgNV
BAcMB1NlcnZpY2UxFjAUBgNVBAoMDU9wZW50ZWxlbWV0cnkxEjAQBgNVBAMMCTEy
Ny4wLjAuMTAeFw0yMzA4MzAxNTQ5MTJaFw0zMzA4MjcxNTQ5MTJaMGMxCzAJBgNV
BAYTAk9UMRYwFAYDVQQIDA1PcGVudGVsZW1ldHJ5MRAwDgYDVQQHDAdTZXJ2aWNl
MRYwFAYDVQQKDA1PcGVudGVsZW1ldHJ5MRIwEAYDVQQDDAkxMjcuMC4wLjEwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1bq9pqg6CYsAYfB1OIK1sj8kc
Ia1wCVEJ+fr7Mw+DmDR3nEto6W+2+JU5n2FZWGrV8mPztJVd9WdMXEsJTVC/gNX1
92X8YmiJOWzfglalYzWO9LJn9hrdgS56j0F++MXRNDgouZNlRXfU7dYErn3x6NIe
DaIoAGep6ekO5JyW0AjeuVw+Th9kT0CThzCRwB3CpPmKD0Zwt3mAgsDDTlN6PopR
fmeeDQ9tiiA33uVOfXQfmXcXfoUYr1E4JmuO+OrjR4xoFRfvvSJW8cqCm6TZi5k0
lfKC23lso3r6qojIMGHTOhjxuPuY5kMSq8RrtnjIB8l2ulcDZWSnKTqiOmkwThBe
uHuOCsGbjt9YEeF/7LRU+R02G5Ybt3PWnHiUlNzuZkbeCqrQ2/LJLhiGPQ/+D2LT
i9D0Vc2TsswhCz+5UpyvJe4/CDuR5oeniVoyVpN9wxyUDG80c7H0tOYAp/BTptjy
ASGjr7Iq2RMpsP12dyjbIxalYBQdlyoSjfnNnf4knHFtum7DzyDc6e0/tY5vzetA
7ij+k8+S19PLOrEw/BVSlC34xa/epcsLgxWh4wSCBs6h5Eg0Rgvh6riPdoAHOUb1
U33WAIUmSk2JqUqrVCtoV/4B6WMzbuwH0tFJkVTcXs6jDsR77wrhIsv8zXRzt+ar
XT+b61pFf9EJVeizSQIDAQABo2QwYjAdBgNVHQ4EFgQUep0QJqlnV6W2WHfHu6sM
fIPQWdswHwYDVR0jBBgwFoAUep0QJqlnV6W2WHfHu6sMfIPQWdswDwYDVR0TAQH/
BAUwAwEB/zAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4ICAQDTTYkH
+L7LZDAbFQ9XaWs12NtvR+BzWNAWtY06KEy/Bxd/me2fi1UjdQDjSMQCQjeRyVXZ
Xj6hJmZ+CFsdKpl1v7i9CxmHPyUUGrm2C+pYxeG9gg7e682FfKnSH9pTmD1SowSR
6vX30PWJcgizhXrnrvNjZCZFie6lbDmsmkIu2ZCtJonaNUWuSA3uX2ZYQhGCgimJ
+T6G5wKlJUcpT2QgI7I3qqijc8a76wvQbqW3hdsquygiugcI0d9riyuH/GuwtHUy
JTTef5BSGkt+oVqXHsfsRmM+BHQQh46dDaRcECKDi2kHLIF1SfonrWf7Z1hIVbec
i58GNs4oXP1HDG97Uz8hw6prn1tWJFjjhev990WWWPSW3NFuPkoZ3Q1CGU15IRI7
ezcIIDkcOyqsCGgHjQYFMdSiBgXXBf7xxN6e1byvTJQLppz51rShd1yFuWZ7Ca5X
5D4TfI6F/KSYSt07F6YhfjOkUsItwaYNLEO0CA4dP01mbh+Nu2VgRLxsgKKQoHhY
Ru55HmjEkE8Bq+jOQ52f2eFPmuDyxt4fm+RrqNr6GblVypmUSZneJclkcVSa5uIT
Dnze9zEN9yorfK+75tzVN2/B4tA4UtQ2/Osqcw/fLgYQOacK24EYeeCJmOAI+4Ym
+aF1tP4s2ptfLFm0lDgVlGr1j6UDIV3RClraVA==
-----END CERTIFICATE-----
79 changes: 52 additions & 27 deletions internal/kubelet/testdata/testkey.key
Original file line number Diff line number Diff line change
@@ -1,27 +1,52 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyVL12RmIXJP/K1wkGDW2k9OKvmP/kX0w2iPEZ7f03kUvDpAU
jGHr3FnnOYYmxQU+gXK0g/pRupNh5n4GuzFGbQNEAl1V+dmAB5w/yX3pSSZVZmsI
RRgTVRd1501mDNqRS6aOy8+PhFUF7rI6V5KBaizLch6ojOtDSouUTnRI9o47WSey
VALHFllm1BYlCBoiSZ/ZX2BJOteJ/9fawPQzVMSmNOQcymRiHqeBlhlIgIPFEOh6
8oJScGNRVin0tnxfUr7eO+cR3iC20aCUXsL3Yq1KKXrxD3/0T8ICK5DMqWj4gKC4
CVlIF68zvVWD/jKSR9u9Gs+aRxA2ZHF+scsHgQIDAQABAoIBAG/6OMw8K2By4ObZ
JSpiFd87NlyXejsOCvIKGuAlrYlDqdzLvuImRO4XA0k3mLDVLeMKTeVqgbLo7vco
+c18ptNTkaxPBdcmZtPU0JXd9re9HpsMxVjI/1fA6M9yeWSE3XPafGpYVFcig140
u8ahsmG/8JjU/KME6DS6Vg8dFsgrb0aJypv1VxA2n4xeWkbwVdniTlny4LFhwvvk
P4dgnGNhUHkeet+re9YZEkXJbNp9hXP/wdEwLJ5tUNI/exngxQaAJ6fP2e1htFoJ
a8TGTwjEwRIAocjI8ieHnUO4lARF8uhEzhSadtZNZvKgbNpE5xJNl9OH9pkQTjo2
4CLOxpECgYEA8ZbV2o1EcdCKvIWAYhYbBHYe2gadcnO04gtA1bbGk/+YtzaiS20W
zq2qKDhrQJ6sCFe17CN9hM0gdkpsyS1nLtR3F3MVacYe8STh7BD61E5ens+wDWJU
zva3bS1CRMPthZ+i0xc4AOgXDZewD1rxb8rvT5SeXYRZGkvyh9TAzocCgYEA1VVC
lLy3EG/geiMAWd+FnTwWnMViGb8rDY03vJDSKEes9b8HqwEPsX0I3TVeyyYBM3Te
sPYqJxBFh5afU8DYhNue9UbJKSN4j1jg43pK58i99LT+lGRAVaJZLVbsWiEF3MwX
8muCtELAT7j9648oEUX4sF/nnz422Q0VPRS5s7cCgYAqrDHqALnuQJ/A3PPoX282
QocAi9qTtMxmgQZauYYp7iPTeNsB56r3psU/hXesWlqYvqVrqHkrU/A/9LVyc4qe
QvkmMzW9ETm17oXZZMZpac5czuKR+qRwSjPsHOpvqwvxZlkkYB2MS3KG/BwlGjM7
Q+UxcVbnvdDfTDrysym7UQKBgQDFeVPVjM7EZ1tak7XKe68aOjoQSmIhxSTcOYGD
imcPJDIFlRxK/gOB32TqJ3IlCHwKHr/Y/TVNzbEe7p1zkMqcSRPepfSloREDWFls
GJLn9ZlowHX79MTcwBhecNz+HR1pIn90RnLJ3BRad7qMZ4rGWof28//bF2L8DjE/
xkSUBwKBgQCAki3+tscHa1ZQ+VZmvTeQ9gwNZt+cm0FzavhjnvWZAKCrKwg+MvAN
BifZjKsPK7u9u1QGuPP0Zn/Zw3VoMlrC/Paa/OZzwTtb2yN824wbMo0Qvm5WciS7
DXyNy887h1NLGEyMh6rGUutmI6OPf8WaLqcxrz16dhtr9+N6YDZ/tQ==
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQD1bq9pqg6CYsAY
fB1OIK1sj8kcIa1wCVEJ+fr7Mw+DmDR3nEto6W+2+JU5n2FZWGrV8mPztJVd9WdM
XEsJTVC/gNX192X8YmiJOWzfglalYzWO9LJn9hrdgS56j0F++MXRNDgouZNlRXfU
7dYErn3x6NIeDaIoAGep6ekO5JyW0AjeuVw+Th9kT0CThzCRwB3CpPmKD0Zwt3mA
gsDDTlN6PopRfmeeDQ9tiiA33uVOfXQfmXcXfoUYr1E4JmuO+OrjR4xoFRfvvSJW
8cqCm6TZi5k0lfKC23lso3r6qojIMGHTOhjxuPuY5kMSq8RrtnjIB8l2ulcDZWSn
KTqiOmkwThBeuHuOCsGbjt9YEeF/7LRU+R02G5Ybt3PWnHiUlNzuZkbeCqrQ2/LJ
LhiGPQ/+D2LTi9D0Vc2TsswhCz+5UpyvJe4/CDuR5oeniVoyVpN9wxyUDG80c7H0
tOYAp/BTptjyASGjr7Iq2RMpsP12dyjbIxalYBQdlyoSjfnNnf4knHFtum7DzyDc
6e0/tY5vzetA7ij+k8+S19PLOrEw/BVSlC34xa/epcsLgxWh4wSCBs6h5Eg0Rgvh
6riPdoAHOUb1U33WAIUmSk2JqUqrVCtoV/4B6WMzbuwH0tFJkVTcXs6jDsR77wrh
Isv8zXRzt+arXT+b61pFf9EJVeizSQIDAQABAoICAAyJJZ++ojzV5SSjAz6sM9tv
iSi9Dh4ita9OI7v8nspchfKFisL+KFj2v614pujgt507oxANrVLmH8tyS9la5/jO
EG+eniiK0LbQlm9gmYMbSv8lH68obnUZnel/42skMvtlYMhwuRbzOkSHjNbCoFdw
qjnDfcCwC5ttwXwDoH1h/Q/+NPhQNnGBzEU0wp3xK3v3f/DlqJYFgwjVtNmM6L3d
z6QLsihsF5mDVHOyGHF+viWGicMLEOqCuuHksXn1HA81hnYC/Mzfks9QzISJBV2g
sBez4HX/Vod+Xp/Kwc+CzB5VMXS4O26S9UJRAGh1gpwJ7Mf6Cst3PHG+zPpABEMM
H5VFI7xmFViN9tfWmw6AsGH/VNPZwJnB9YRW224gbEMMshmAU7KZoYWezV7Z4BGD
/ikNCpZUw1fTiQYi1N4lZBY6ncPYY5z1JOV6O7muynexbuAyvIOVPpZGgJgb9je1
iGkjcX+dQkSE/sy2oujxB51y15607iubW6hwUogutSmcEQmI4vx+2kBf8MPBJyeI
31MnLAaqSMCZKgG86FunFo6O7radWbNlQQ2CZkHDMkef5s0p1jB8LlxJ0xLnb59V
RKKmeZ9V5BbIuksyVpgGHvi1kI/6z2Svh8hQ0avcUoc0uQ/9urK4VnqUdTnjMbvG
kGna2NriKVvlYojxWy0BAoIBAQD/EIO3gKHllAdjpTo9dn3mkxNS2gB6g2MYnTD1
VrK8gOvfZHdKTvqAM8sYhwrl7Z9FIznGGB0Nbi4KfVGtd8M1XI31etBHmrFQz0HO
+5QCT8fj3q/9AelDwgI5CCa4lywtZfjlzL8f80CGrZ0+/SplpaCcWzQlumKYx/bZ
jl1Luhj/SJwpe7hvtku3/pA0fTBkJc6VQDiWYDJ+8Z/m4fniBMXPOEAd9V/iI1ux
11DjnX+nbpYvbQncC3rV2wabm63NyiMGEVd4KPk8LNUgaoCfTyK2jMnrKchLA+e5
V9XYr/LVDsijWpdIQLKXBL4Jbs8sMpSXq0k+uT0NtIj1r18BAoIBAQD2VSB5+ioO
7GPW/pf4AeF+FafiSrqIMWDi4fsxggkDVsOAud9GyqPi9YfaeIJ2ctLg8usyPjph
eQUYKJijbGZm9RObxNYvvo2HhCJ0sT11jK5bKzhgyHqJM94Yfl6ocBgS2r/9Ledh
jXhg4kmA4FBbFHijndAdLI7Q5Zu4eanLlMDFurE9s5/nrk8kSh54YnF5tWJm5BoB
fqSGJnsjd9Wux2WuMkw23H/bh5WNBiGL9yU7ipnFycB+G6GQNy2FSFe1Hnkj0+M+
Tn4AeuXB1se32l0MmHolhkT+Q1FfRWBCFVeSC7231EcYSWsmZKEX92HG5HUzteXw
0bTsQHCrApxJAoIBAQDE1Guw2hUVYyxomwLcl2oE2w6Yax7fbDC2t+cmDKeVjC95
jr/3mgb5k/5wiRXB5aN46PwWgFk7GgFxms/C+56quSfbfdDo0NlwsN/p6H6JYiOx
FxHcPvNRlI++jynCXPZ8eiqeu2fqMf9jburfxuJG2o+c2UzeqHyZxgYaUSBx5cSQ
i+nmoVDs9FJuRIXn24vSXNKUnqCMeuO8zp1EwLHi1ygHBzODau15Ryvli3EilVID
VPWU16I6Kqm6CnGI95QiMJDih9NmKMhcxYQapdVoGtuA4BiZ3v5v1S2m+79MnkrY
W7Y9SRVhbnviyogUI2zAgK/mcwns22nf/6eJYLIBAoIBAAWPID+AdMiHby1f64AO
Us9sn7BMrW77ZktYfDm+zINFxv21tCM92Xr6vYkhpRgVOUsYUFR+8QRYHdRQvjkZ
7imuqDWguJC1RS5kvf5SLafkd97Y19nfTFyiTgXRfENi3Dg4tZJ6Ibmi3q+ZC72b
0lRr3tkaa6Ls6YAvXldIb5uHjN4pe2yADEDHP0P7ZDqlRhhQDptx1GBqQj5AyhCf
2LOsDlBjFDM8wKnsomRfWgx1lGKGmzfKeMyfxQKjLCTQ4CHXQTacxokWbmOGYn8A
YNt2UxlAq6kDIbV3QXPb9fMn1iUWnL50TPJwXbmtFbGbxJofd8Gl/j10Dhgy0Bgb
4/kCggEBAJthdPKPGudGm2wvxSKawNRwnzcg2I8CsVkiWOqbMxkATLRS+c9h0Tyw
fqsDjlTCSplBqbfHbH4n3MagyCFE4bMHl3cSM+xxP283g+xX+xlsKjrNY3hVAS0k
wu9spUaoX9Fy1L9icN2E9P6Fy8wGQ2w3zdKOj0zJTjP58mYEu2Y/RNiYZmjStPL2
0vlqkEkWCYd1qPOpDCENvUMrIyf0qIbcv4zZLuE+ORlAAHgJr7F/FNX4mdye17S+
CpRo1VtVBvxxX45J12ZijpNkVwRHXdsJ8sEb6wY1oK9GP5lMR6t3+rhcg8I8Udyc
xwQFnl9NoVd+jhwW8bP/WSAAL53OvgU=
-----END PRIVATE KEY-----