fix: add respect for RequestRateLimitedExceeded from WireServer when initializing certs on Linux (#6770)

Author: cameronmeissner

parts/linux/cloud-init/artifacts/init-aks-custom-cloud-operation-requests-mariner.sh

@@ -5,22 +5,51 @@ mkdir -p /root/AzureCACertificates
 # http://168.63.129.16 is a constant for the host's wireserver endpoint
 WIRESERVER_ENDPOINT="http://168.63.129.16"
 
+# Function to make HTTP request with retry logic for rate limiting
+make_request_with_retry() {
+    local url="$1"
+    local max_retries=10
+    local retry_delay=3
+    local attempt=1
+    
+    local response
+    while [ $attempt -le $max_retries ]; do
+        response=$(curl -f --no-progress-meter "$url")
+        local request_status=$?
+
+        if echo "$response" | grep -q "RequestRateLimitExceeded"; then
+            sleep $retry_delay
+            retry_delay=$((retry_delay * 2))
+            attempt=$((attempt + 1))
+        elif [ $request_status -ne 0 ]; then
+            sleep $retry_delay
+            attempt=$((attempt + 1))
+        else
+            echo "$response"
+            return 0
+        fi
+    done
+    
+    echo "exhausted all retries, last response: $response"
+    return 1
+}
+
 # Function to process certificate operations from a given endpoint
 process_cert_operations() {
     local endpoint_type="$1"
     local operation_response
 
     echo "Retrieving certificate operations for type: $endpoint_type"
-    operation_response=$(curl "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json")
-    
-    if [ -z "$operation_response" ]; then
-        echo "Warning: No response received for $endpoint_type"
+    operation_response=$(make_request_with_retry "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json")
+    local request_status=$?
+    if [ -z "$operation_response" ] || [ $request_status -ne 0 ]; then
+        echo "Warning: No response received or request failed for: ${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json"
         return
     fi
 
     # Extract ResourceFileName values from the JSON response
     local cert_filenames
-    cert_filenames=($(echo "$operation_response" | grep -oP '(?<="ResouceFileName": ")[^"]*'))
+    mapfile -t cert_filenames < <(echo "$operation_response" | grep -oP '(?<="ResouceFileName": ")[^"]*')
 
     if [ ${#cert_filenames[@]} -eq 0 ]; then
         echo "No certificate filenames found in response for $endpoint_type"
@@ -37,9 +66,14 @@ process_cert_operations() {
 
         echo "Downloading certificate: filename=$filename, extension=$extension"
 
-        # Retrieve the actual certificate content
+        # Retrieve the actual certificate content with retry logic
         local cert_content
-        cert_content=$(curl "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension")
+        cert_content=$(make_request_with_retry "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension")
+        local request_status=$?
+        if [ -z "$cert_content" ] || [ $request_status -ne 0 ]; then
+            echo "Warning: No response received or request failed for: ${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension"
+            continue
+        fi
 
         if [ -n "$cert_content" ]; then
             # Save the certificate to the appropriate location
@@ -58,12 +92,7 @@ process_cert_operations "operationrequestsroot"
 process_cert_operations "operationrequestsintermediate"
 
 # Copy all certificate files to the Mariner/AzureLinux system certificate directory
-if [ -n "$(find /root/AzureCACertificates -name '*.crt' 2>/dev/null)" ]; then
-    cp /root/AzureCACertificates/*.crt /etc/pki/ca-trust/source/anchors/
-    echo "Copied certificate files to /etc/pki/ca-trust/source/anchors/"
-else
-    echo "Warning: No .crt files found to copy"
-fi
+cp /root/AzureCACertificates/*.crt /etc/pki/ca-trust/source/anchors/
 
 # Update the system certificate store using Mariner/AzureLinux command
 /usr/bin/update-ca-trust

parts/linux/cloud-init/artifacts/init-aks-custom-cloud-operation-requests.sh

@@ -5,22 +5,51 @@ mkdir -p /root/AzureCACertificates
 # http://168.63.129.16 is a constant for the host's wireserver endpoint
 WIRESERVER_ENDPOINT="http://168.63.129.16"
 
+# Function to make HTTP request with retry logic for rate limiting
+make_request_with_retry() {
+    local url="$1"
+    local max_retries=10
+    local retry_delay=3
+    local attempt=1
+    
+    local response
+    while [ $attempt -le $max_retries ]; do
+        response=$(curl -f --no-progress-meter "$url")
+        local request_status=$?
+
+        if echo "$response" | grep -q "RequestRateLimitExceeded"; then
+            sleep $retry_delay
+            retry_delay=$((retry_delay * 2))
+            attempt=$((attempt + 1))
+        elif [ $request_status -ne 0 ]; then
+            sleep $retry_delay
+            attempt=$((attempt + 1))
+        else
+            echo "$response"
+            return 0
+        fi
+    done
+    
+    echo "exhausted all retries, last response: $response"
+    return 1
+}
+
 # Function to process certificate operations from a given endpoint
 process_cert_operations() {
     local endpoint_type="$1"
     local operation_response
 
     echo "Retrieving certificate operations for type: $endpoint_type"
-    operation_response=$(curl "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json")
-    
-    if [ -z "$operation_response" ]; then
-        echo "Warning: No response received for $endpoint_type"
+    operation_response=$(make_request_with_retry "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json")
+    local request_status=$?
+    if [ -z "$operation_response" ] || [ $request_status -ne 0 ]; then
+        echo "Warning: No response received or request failed for: ${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$endpoint_type&ext=json"
         return
     fi
 
     # Extract ResourceFileName values from the JSON response
     local cert_filenames
-    cert_filenames=($(echo "$operation_response" | grep -oP '(?<="ResouceFileName": ")[^"]*'))
+    mapfile -t cert_filenames < <(echo "$operation_response" | grep -oP '(?<="ResouceFileName": ")[^"]*')
 
     if [ ${#cert_filenames[@]} -eq 0 ]; then
         echo "No certificate filenames found in response for $endpoint_type"
@@ -37,9 +66,14 @@ process_cert_operations() {
 
         echo "Downloading certificate: filename=$filename, extension=$extension"
 
-        # Retrieve the actual certificate content
+        # Retrieve the actual certificate content with retry logic
         local cert_content
-        cert_content=$(curl "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension")
+        cert_content=$(make_request_with_retry "${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension")
+        local request_status=$?
+        if [ -z "$cert_content" ] || [ $request_status -ne 0 ]; then
+            echo "Warning: No response received or request failed for: ${WIRESERVER_ENDPOINT}/machine?comp=acmspackage&type=$filename&ext=$extension"
+            continue
+        fi
 
         if [ -n "$cert_content" ]; then
             # Save the certificate to the appropriate location
@@ -58,12 +92,7 @@ process_cert_operations "operationrequestsroot"
 process_cert_operations "operationrequestsintermediate"
 
 # Copy all certificate files to the system certificate directory
-if [ -n "$(find /root/AzureCACertificates -name '*.crt' 2>/dev/null)" ]; then
-    cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/
-    echo "Copied certificate files to /usr/local/share/ca-certificates/"
-else
-    echo "Warning: No .crt files found to copy"
-fi
+cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/
 
 # Update the system certificate store
 /usr/sbin/update-ca-certificates

pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/CustomData

@@ -81,7 +81,7 @@ write_files:
   encoding: gzip
   owner: root
   content: !!binary |
-    H4sIAAAAAAAC/6RVXW/bNhR956+4o7XGNiYz7oBgdaZ2ReoAfXEDd1gfgsxgqKuYq0SqJJUldf3fB1GJvmxt2JYABiHee865nxx9x26lYrfcbolFB+EDyT7H0kCYAzNaO/b2a2Hw4u0FGicTKbhDS8in9+vlx+X6t+V6s1y9u/rwfvVrRLfO5QvG5mc/zc5+nM1fvprNzyghudECrd0ING6jczTcSa3seAI7AgCQasFTQBXnWiq3cY85RjSY09Zl7bUxaHOtLPpL/4Niq4Gu0RmJ91LdgWiUNo4WEm2gxF5A0OGqeA4ZomAsCpMCDXZHot2zjIutVPhG6CyPuMhszsVnfocvfABdjhf44KI/rFZ00giXCVxD+BVocEhO4eYc3BaVt2zC/MSNkupuASsNz7ZgUKC8x9iHeCy48s+gK0wFl8hGRJVfX5pEpqh4htZfdD9F42BcKTgq9hvcGcwh1FdwMn7zc0TXaHUh8FKmuOIZ0gXQyfXv9GZ6MulnINiNulzXv9zsIcQvcDqQhJXu1Lh2hEQXKgapmtT8h4yULh1BJSANdoci6TnEuqftqmr2fh+WfgsIOhiNkvpQVePZIOqzfj+b7mnPGB8cKiu1OrAejaaz/RGSSug7/adKNY97ShcNe/B8+qFFEtTHQflehNDKoXL1Vfvj/5ysZ1l+qFp6JoeCqhEry9fmPxyuJi09w9dAB7cgGypng/axEGU3JEWaPoLl5Yx2cj2EgOnThhuY/ksuU4zBlUvA7z3sdNuT/Kr7ByieWj7WCsl+cEkDrc8GvxRonS3TQf+Ng1QOTYax5A4pIU1NxolU8fArA6GfvpPpTBh3Ai9fsxjvmSrSdNKtoPibp4p5b2CFNcy3J7NbbpAJHoq2WespudC57BbKz4Qt0/2POJTUtTvc2F5KhVWtKqdB6PyRkkQS4rFt+RoXecwdhj1sQspA0QlmbcrKG9unb8Uqb2uzWY4ZIVw4P8C7+SKUSrp9VQkaVBcUIqCChwYTg3bbzTA+SOc1joXRyvFbCFM4f4rwFOavYOr/g1NoQUzgG9T2hIyWHy7/CgAA//9fpECbbwgAAA==
+    H4sIAAAAAAAC/8RW72/bNhD9zr/ixmit7VVW3ALB6kTLitYBCgxp4A7rhyAzGOoUc5FIhaQSp4n/90E/LFNy1DVAgTlfGPLu3uPjO1J7PwWXQgaXzCyJQQv+iqTXkdDgZxBopWzw7muu8f2796itiAVnFg0hXz7OZ59n879m88Xs9MPZp4+nf4Z0aW02DYLJwa/jgzfjyeu348kBJSRl17jQeJOjsYs7YZcLjVbfD4bwQAAAEsVZArlOQupNqDOVslUZKtCEk31nocxfRJiw+/CNM8+sxTSz4aScayWYTEmD5dTdUiQI5+DV4eAnCJ4DBheHEKkytvhtkkNvwHOdgB+D70vlZ1pdaTTGT9GiBurlOqHDJm2DXO3bWGZzE3rHpAkQMSBfKqDeBoHCI1xpzMC/ATqvMufM4h8iFXa24ogRRvQQ7BJlU6b4mQQxA8/RpbXs6uUNBs6/MILXw2EreCOiNxhsBPoFJk4QJiIu5GtvDXyJsF9I91x23wFYn1wz0ZGtu9lcS9hvJmNRDiMlceuLqgSuliw3FiNgSWUrgeYVJMzY5tin0AGqASZkTUimFUdjFhy1XagMNbNCSdPxNsooU0Lahb3PsOvyJmvRcqnDcl7yuhXyCvi2C7eJBmKloag9Ba+FVeHsIoTeoKcrgXoPTzT3OkgZXwqJx1ylWch4ajLGr9kVvij31IZ9gSsb/mOUrNuhrxXqLjgH/ytQb5cmhQt4fPxur1VqfWFaCnk1hVPVnCFo5ChuMQKlNzwgZiLBqNBuCj9006RtReKY0JGjtEwsEpQsRVMupCwrJsC3nVU4gqNB7fqnZNpcG+oMXg6Oj0I6R6NyjiciwVOWIp0CHZ7/TS9GL4dbHlUbP+y1sc5/v1iDjze9Ap+qlg23JGOVywiE3Mpe+PIpR35DnCKlRagoSL2HXZK0dUtX3M6qfuy2SpE3Ba9VY8ukc2VvAsIu6s/j0Zp2gnFlURqh5E703t5ovH4CpCL6Qd3JRLGow3S6Rfc2o1cOiNcMe+mXJLiSFqVtltzJH9/8G6ZlCzgU//sxdN7C+hZwmT6z//+XO6Bv7y1WxX6EzLH7JrWOr9JA7mrQu81O4G9Aez/Zgj7zb6t9znnRO3GeJPdgWKFUy5l9FXqe5+YMTiqNraof2Fts9WZNv7oreiDcJ7z/1QXajOvzNYUc9DkJQlrUKUaCWaSE8G98BQejMdcWgtzooPR3YJZMY8CZz90wQsoQU3xn51nELPqdkAoHLQ+MSYJixXSrOFDisgkbZ5gSwrgt74aHydQXUtg1Ka1EvWqBQgiUM19jrNEs24bClbAkFoQMuFbSskvwEzisj3AfJm9hVP55++CUGMIjNPGE7M0+nfwbAAD//x6vRDNJDAAA
 
 - path: /opt/azure/containers/reconcilePrivateHosts.sh
   permissions: "0744"

pkg/agent/testdata/AKSUbuntu2204+CustomCloud/CustomData

@@ -81,7 +81,7 @@ write_files:
   encoding: gzip
   owner: root
   content: !!binary |
-    H4sIAAAAAAAC/6RVXW/bNhR956+4o7XGNiYz7oBgdaZ2ReoAfXEDd1gfgsxgqKuYq0SqJJUldf3fB1GJvmxt2JYABiHee865nxx9x26lYrfcbolFB+EDyT7H0kCYAzNaO/b2a2Hw4u0FGicTKbhDS8in9+vlx+X6t+V6s1y9u/rwfvVrRLfO5QvG5mc/zc5+nM1fvprNzyghudECrd0ING6jczTcSa3seAI7AgCQasFTQBXnWiq3cY85RjSY09Zl7bUxaHOtLPpL/4Niq4Gu0RmJ91LdgWiUNo4WEm2gxF5A0OGqeA4ZomAsCpMCDXZHot2zjIutVPhG6CyPuMhszsVnfocvfABdjhf44KI/rFZ00giXCVxD+BVocEhO4eYc3BaVt2zC/MSNkupuASsNz7ZgUKC8x9iHeCy48s+gK0wFl8hGRJVfX5pEpqh4htZfdD9F42BcKTgq9hvcGcwh1FdwMn7zc0TXaHUh8FKmuOIZ0gXQyfXv9GZ6MulnINiNulzXv9zsIcQvcDqQhJXu1Lh2hEQXKgapmtT8h4yULh1BJSANdoci6TnEuqftqmr2fh+WfgsIOhiNkvpQVePZIOqzfj+b7mnPGB8cKiu1OrAejaaz/RGSSug7/adKNY97ShcNe/B8+qFFEtTHQflehNDKoXL1Vfvj/5ysZ1l+qFp6JoeCqhEry9fmPxyuJi09w9dAB7cgGypng/axEGU3JEWaPoLl5Yx2cj2EgOnThhuY/ksuU4zBlUvA7z3sdNuT/Kr7ByieWj7WCsl+cEkDrc8GvxRonS3TQf+Ng1QOTYax5A4pIU1NxolU8fArA6GfvpPpTBh3Ai9fsxjvmSrSdNKtoPibp4p5b2CFNcy3J7NbbpAJHoq2WespudC57BbKz4Qt0/2POJTUtTvc2F5KhVWtKqdB6PyRkkQS4rFt+RoXecwdhj1sQspA0QlmbcrKG9unb8Uqb2uzWY4ZIVw4P8C7+SKUSrp9VQkaVBcUIqCChwYTg3bbzTA+SOc1joXRyvFbCFM4f4rwFOavYOr/g1NoQUzgG9T2hIyWHy7/CgAA//9fpECbbwgAAA==
+    H4sIAAAAAAAC/8RW72/bNhD9zr/ixmit7VVW3ALB6kTLitYBCgxp4A7rhyAzGOoUc5FIhaQSp4n/90E/LFNy1DVAgTlfGPLu3uPjO1J7PwWXQgaXzCyJQQv+iqTXkdDgZxBopWzw7muu8f2796itiAVnFg0hXz7OZ59n879m88Xs9MPZp4+nf4Z0aW02DYLJwa/jgzfjyeu348kBJSRl17jQeJOjsYs7YZcLjVbfD4bwQAAAEsVZArlOQupNqDOVslUZKtCEk31nocxfRJiw+/CNM8+sxTSz4aScayWYTEmD5dTdUiQI5+DV4eAnCJ4DBheHEKkytvhtkkNvwHOdgB+D70vlZ1pdaTTGT9GiBurlOqHDJm2DXO3bWGZzE3rHpAkQMSBfKqDeBoHCI1xpzMC/ATqvMufM4h8iFXa24ogRRvQQ7BJlU6b4mQQxA8/RpbXs6uUNBs6/MILXw2EreCOiNxhsBPoFJk4QJiIu5GtvDXyJsF9I91x23wFYn1wz0ZGtu9lcS9hvJmNRDiMlceuLqgSuliw3FiNgSWUrgeYVJMzY5tin0AGqASZkTUimFUdjFhy1XagMNbNCSdPxNsooU0Lahb3PsOvyJmvRcqnDcl7yuhXyCvi2C7eJBmKloag9Ba+FVeHsIoTeoKcrgXoPTzT3OkgZXwqJx1ylWch4ajLGr9kVvij31IZ9gSsb/mOUrNuhrxXqLjgH/ytQb5cmhQt4fPxur1VqfWFaCnk1hVPVnCFo5ChuMQKlNzwgZiLBqNBuCj9006RtReKY0JGjtEwsEpQsRVMupCwrJsC3nVU4gqNB7fqnZNpcG+oMXg6Oj0I6R6NyjiciwVOWIp0CHZ7/TS9GL4dbHlUbP+y1sc5/v1iDjze9Ap+qlg23JGOVywiE3Mpe+PIpR35DnCKlRagoSL2HXZK0dUtX3M6qfuy2SpE3Ba9VY8ukc2VvAsIu6s/j0Zp2gnFlURqh5E703t5ovH4CpCL6Qd3JRLGow3S6Rfc2o1cOiNcMe+mXJLiSFqVtltzJH9/8G6ZlCzgU//sxdN7C+hZwmT6z//+XO6Bv7y1WxX6EzLH7JrWOr9JA7mrQu81O4G9Aez/Zgj7zb6t9znnRO3GeJPdgWKFUy5l9FXqe5+YMTiqNraof2Fts9WZNv7oreiDcJ7z/1QXajOvzNYUc9DkJQlrUKUaCWaSE8G98BQejMdcWgtzooPR3YJZMY8CZz90wQsoQU3xn51nELPqdkAoHLQ+MSYJixXSrOFDisgkbZ5gSwrgt74aHydQXUtg1Ka1EvWqBQgiUM19jrNEs24bClbAkFoQMuFbSskvwEzisj3AfJm9hVP55++CUGMIjNPGE7M0+nfwbAAD//x6vRDNJDAAA
 
 - path: /opt/azure/containers/reconcilePrivateHosts.sh
   permissions: "0744"

pkg/agent/testdata/MarinerV2+CustomCloud/CustomData

@@ -79,7 +79,7 @@ write_files:
   encoding: gzip
   owner: root
   content: !!binary |
-    H4sIAAAAAAAC/6RV30/bSBB+379ibuMjP3TOXjgJXUMNRRAkXgIKVXlANFrW42SLs2t21xRI879XtkkcJ3GrtnmIVt6Z+b6Zb2a28Re7l4rdczslFh34z2T2EEoDfgLMaO3YyWtq8PTkFI2TkRTcoSXk5mI0uB6MPg1G48Hw7OryYvgxoFPnkj5jvYP/uwf/dXv777q9A0pIYrRAa8cCjRvrBA13UivbasOcAADEWvAYUIWJlsqN3UuCAfV6dO1y5TU2aBOtLOaX+R+KqQY6QmckPkk1AVEyLR0tRNpAFrsPXgWrwNlGCLyWSE0M1JvvyHbBZlxMpcJjoWdJwMXMJlw88Anu5QlUMfbw2QVfrFa0XRKXEdyC/wrU2wancHcIbooqtyzTvOFGSTXpw1DD0hYMCpRPGOYp7kou+xl0qSnCRbIkUdQ3lyaSMSo+Q5tfVD8FLa9VMNhJ9htMDCbg6ytoto7fB3SEVqcCz2WMQz5D2gfavv1M7zrN9mYFvHmjinX74W4BPj7CvzVFGOqKxitHiHSqQpCqLM1vVCRzqRDKAlJvvk2SHkKoN7hdFc2+2YeZXx+8SoySyepQqLE0CDZR/+52FnTDGJ8dKiu12rJuNDrdxQ6QguiZ/qpizcMNpv0S3Vue/lkD8VbHWvo5CaGVQ+VWV+sf/3CylrTyoVrj094mVIxYJt86/vZwlWXZMDwCWrsFWZ2cZbTrVGTdEKVx/AKWZzNaqXVdBIzfNlzN9J9zGWMILlsC+d7DSre90S+6vwbireVDrZAsapc00NXZ4GOK1tmsHPRXHKRyaGYYSu6QElJq0oqkCutfGfDz6Wt2usK4JuwfsRCfmErjuF1VUPzgqWK5NzB0giUPkgnuO5Nax6xOjUDGlZhqY9naU3KqE1kVKp8Jm5X7p3EoWWm3vbFzKkWsYlU5DUInL5REkhCWWpM/xmkScof+EoKQxuDy/HsAAAD//8jPQNqpBwAA
+    H4sIAAAAAAAC/8RW72/bNhD9zr/iRmut7VVW3ALB5kbLitYBCgxu4A7rhyAzWOpkc5FIhaQSp4n/90E/LclR1wAF6k80ecf37vEdqcFP3mchvc/MbIhBC+6WxFeB0OAm4GmlrPfmS6rx7Zu3qK0IBWcWDSGf3i/nH+fLv+fL1Xzx7vzD+8VfPt1Ym8w8b3r86+T41WT68rfJ9JgSErMrXGm8TtHY1a2wm5VGq++GI7gnAACR4iyCVEc+daa0MRWzbR4q0PjTo8ZCnr8KMGJ3/qvGPLMW48T603yulWASJQ3mU7cbESFcgFOGgxshOA0wuHwNgcpjs1+V7DtDnuoI3BBcVyo30Wqt0Rg3RosaqJPqiI7qtAq5qNtYZlPjO6ekDhAhIN8ooE6FQOEB1hoTcK+BLovMJbP4p4iFnW85YoABfQ12g7LeJvuZCDEBp6FLa7mplzMcNv7CGF6ORq3gSkRnOKwE+gWmjSCMRJjJ1y4NXIlwlEn3VHbfAFieXD3Rka1bbKolHNWTociHgZK490WxBW43LDUWA2BRYSuB5gVEzNj62GfQASoBpmRHSKIVR2NWHLVdqQQ1s0JJ0/E2yiBRQtqVvUuw6/I6a9VyaYPlMud1I+Qa+L4L94kGQqUh23sGTgurwDlE8J1hT1cCde4fae6dFzO+ERJPuYoTn/HYJIxfsTU+y2tqwz7DrfX/NUqW7dDXCmUXXID7BahzSJPCJTw8fLPXCrU+MS2FXM9goeozBI0cxQ0GoHTFA0ImIgwy7WbwXYsmbSuShgkbcuSWCUWEksVo8oWYJdkEuLazCidwMixd/5hM1bWhzuH58PTEp0s0KuV4JiJcsBjpDOjo4h96OX4+2vMo2vh+0Ma6+ONyBy5e9wq8UC0b7kmGKpUBCLmXPfPlY478ijhZSotQtiF17g9J0tYtXXA7L/qx2ypZ3gyc1h57Jp0ruwrwu6g/T8Y72gnGrUVphJIH0YPBeLJ7BKQg+k7dykixoMN0tkd3qtGLBohTD3vp5yS4khalrZeak9+/+SumeQs0KP7/Y9h4C8tboMn0if3/Q+6AvtpbrLJ6hEyx+ya1jq/QQB5q0FtmJ/B3oL2fbF6f+fe7fUx51jthGkV3YFimVMuZfTv0PM/1GZwVGltVPrA32OrNkn5xV/RANJ/w/lcXaD0uz9dkctCnJAhpUccYCGaREsK/8hXsjSdcW/DQci+5Eh5nrtWpsZ5RqeboMck3ShuPEC81Ov/MTpOAWXSrSEIG8w9n/wUAAP//JwZ6A4MLAAA=
 
 - path: /opt/azure/containers/reconcilePrivateHosts.sh
   permissions: "0744"