From dcb9a3ec464129bfbefb05dc3497b857b0db4068 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 16 Aug 2023 16:11:55 +0200 Subject: [PATCH 01/24] Introduce an argo-healthcheck make target This is a simple quick check to see if all argo applications in all namespaces are synced and error out if they are not. Synced example: $ make argo-healthcheck make -f common/Makefile argo-healthcheck make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops' Checking argo applications mcg-private-hub acm -> Sync: Synced - Health: Healthy mcg-private-hub config-demo -> Sync: Synced - Health: Healthy mcg-private-hub golang-external-secrets -> Sync: Synced - Health: Healthy mcg-private-hub hello-world -> Sync: Synced - Health: Healthy mcg-private-hub vault -> Sync: Synced - Health: Healthy openshift-gitops mcg-private-hub -> Sync: Synced - Health: Healthy make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops' Not synced example: $ make argo-healthcheck make -f common/Makefile argo-healthcheck make[1]: Entering directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops' Checking argo applications mcg-private-hub acm -> Sync: Synced - Health: Healthy mcg-private-hub config-demo -> Sync: Synced - Health: Degraded mcg-private-hub golang-external-secrets -> Sync: Synced - Health: Healthy mcg-private-hub hello-world -> Sync: Synced - Health: Healthy mcg-private-hub vault -> Sync: Synced - Health: Progressing openshift-gitops mcg-private-hub -> Sync: Synced - Health: Healthy Some applications are not synced or are unhealthy make[1]: *** [common/Makefile:115: argo-healthcheck] Error 1 make[1]: Leaving directory '/home/michele/Engineering/cloud-patterns/multicloud-gitops' make: *** [Makefile:12: argo-healthcheck] Error 2 --- Makefile | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/Makefile b/Makefile index d8182da6..c872a939 100644 --- a/Makefile +++ b/Makefile @@ -108,6 +108,30 @@ validate-prereq: ## verify pre-requisites @if ! ansible-galaxy collection list | grep kubernetes.core > /dev/null 2>&1; then echo "Not found"; exit 1; fi @echo "OK" +.PHONY: argo-healthcheck +argo-healthcheck: ## Checks if all argo applications are synced + @echo "Checking argo applications" + $(eval APPS := $(shell oc get applications -A -o jsonpath='{range .items[*]}{@.metadata.namespace}{","}{@.metadata.name}{"\n"}{end}')) + @NOTOK=0; \ + for i in $(APPS); do\ + n=`echo "$${i}" | cut -f1 -d,`;\ + a=`echo "$${i}" | cut -f2 -d,`;\ + STATUS=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.sync.status}'`;\ + if [[ $$STATUS != "Synced" ]]; then\ + NOTOK=$$(( $${NOTOK} + 1));\ + fi;\ + HEALTH=`oc get -n "$${n}" application/"$${a}" -o jsonpath='{.status.health.status}'`;\ + if [[ $$HEALTH != "Healthy" ]]; then\ + NOTOK=$$(( $${NOTOK} + 1));\ + fi;\ + echo "$${n} $${a} -> Sync: $${STATUS} - Health: $${HEALTH}";\ + done;\ + if [ $${NOTOK} -gt 0 ]; then\ + echo "Some applications are not synced or are unhealthy";\ + exit 1;\ + fi + + ##@ Test and Linters Tasks CHARTS=$(shell find . -type f -iname 'Chart.yaml' -exec dirname "{}" \; | grep -v examples | sed -e 's/.\///') From a968124172c424cba44d9460850c9e7ebd67c13c Mon Sep 17 00:00:00 2001 From: Lester Claudio Date: Sat, 2 Sep 2023 08:57:31 -0600 Subject: [PATCH 02/24] Adding label validatedpatterns.io/pattern to all applications. --- clustergroup/templates/plumbing/applications.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clustergroup/templates/plumbing/applications.yaml b/clustergroup/templates/plumbing/applications.yaml index 536ff0d3..c09e3c8c 100644 --- a/clustergroup/templates/plumbing/applications.yaml +++ b/clustergroup/templates/plumbing/applications.yaml @@ -121,6 +121,8 @@ kind: Application metadata: name: {{ .name }} namespace: {{ $namespace }} + labels: + validatedpatterns.io/pattern: {{ $.Values.global.pattern }} finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: From 7a0a5c0fb72ba93b9be979e5df6d3d2cf27a04c4 Mon Sep 17 00:00:00 2001 From: Lester Claudio Date: Sat, 2 Sep 2023 09:05:47 -0600 Subject: [PATCH 03/24] CI test updates --- ...roup-industrial-edge-factory.expected.yaml | 4 +++ ...tergroup-industrial-edge-hub.expected.yaml | 16 ++++++++++++ ...rgroup-medical-diagnosis-hub.expected.yaml | 26 +++++++++++++++++++ tests/clustergroup-normal.expected.yaml | 4 +++ 4 files changed, 50 insertions(+) diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 3c6d6286..4986e2b5 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -368,6 +368,8 @@ kind: Application metadata: name: stormshift namespace: mypattern-factory + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -393,6 +395,8 @@ kind: Application metadata: name: odh namespace: mypattern-factory + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 8a5220b2..e48f2ed8 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -668,6 +668,8 @@ kind: Application metadata: name: acm namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -723,6 +725,8 @@ kind: Application metadata: name: odh namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -769,6 +773,8 @@ kind: Application metadata: name: pipelines namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -815,6 +821,8 @@ kind: Application metadata: name: production-data-lake namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -891,6 +899,8 @@ kind: Application metadata: name: external-secrets namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -937,6 +947,8 @@ kind: Application metadata: name: golang-external-secrets namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -983,6 +995,8 @@ kind: Application metadata: name: manuela-test namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1008,6 +1022,8 @@ kind: Application metadata: name: vault namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index dbecaa84..0ff5754f 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -613,6 +613,8 @@ kind: Application metadata: name: golang-external-secrets namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -659,6 +661,8 @@ kind: Application metadata: name: kafdrop namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -705,6 +709,8 @@ kind: Application metadata: name: kafka namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -751,6 +757,8 @@ kind: Application metadata: name: odh namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -797,6 +805,8 @@ kind: Application metadata: name: odf namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -843,6 +853,8 @@ kind: Application metadata: name: serverless namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -889,6 +901,8 @@ kind: Application metadata: name: xraylab-service-account namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -935,6 +949,8 @@ kind: Application metadata: name: vault namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -999,6 +1015,8 @@ kind: Application metadata: name: xraylab-database namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1045,6 +1063,8 @@ kind: Application metadata: name: xraylab-grafana-dashboards namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1091,6 +1111,8 @@ kind: Application metadata: name: xraylab-image-generator namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1146,6 +1168,8 @@ kind: Application metadata: name: xraylab-image-server namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1201,6 +1225,8 @@ kind: Application metadata: name: xraylab-init namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 901a7d62..8c12d1b3 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -523,6 +523,8 @@ kind: Application metadata: name: acm namespace: mypattern-example + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -578,6 +580,8 @@ kind: Application metadata: name: pipelines namespace: mypattern-example + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: From f25f4399e51cd3804746fd323a04862a18522beb Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Sat, 9 Sep 2023 10:10:07 +0200 Subject: [PATCH 04/24] Rework installation target Drop the old logic and just install the CRD via OC and use helm template for the rest. The rationale is that helm install is very picky whenever it encounters things that already exist. We have three potential scenarios at work here: A) User installs operator+pattern via CLI and updates the pattern via CLI (this worked before this change as well) B) User installs operator+pattern via UI but runs updates (changing branch for example) via CLI (this worked before this change as well) C) User installs only the operator via UI. Installs and updated the pattern via CLI. This was broken before this change. The error you'd get was: ``` ./pattern.sh make install ... https://github.com/mbaldessari/multicloud-gitops.git - branch main: Running inside a container: Skipping git ssh checks + oc get crds patterns.gitops.hybrid-cloud-patterns.io + echo 'Reapplying helm chart:' Reapplying helm chart: + helm template --name-template multicloud-gitops common/operator-install/ -f values-global.yaml --set main.git.repoURL=https://github.com/mbaldessari/multicloud-gitops.git --set main.git.revision=main + oc apply set-last-applied --create-annotation -f- WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/michele/sno1-kubeconfig Error from server (NotFound): patterns.gitops.hybrid-cloud-patterns.io "multicloud-gitops" not found ``` With this change we simplify the process and we forcefully apply/install the CRD for patterns via the oc command. And then we simply template out the operator-install chart and oc apply it. We retry it a few times, because the CRD might not yet be fully registered in the cluster. Tested with on the A), B) and C) scenarios successfully. --- Makefile | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 682e53ba..b7f4ec1b 100644 --- a/Makefile +++ b/Makefile @@ -44,21 +44,15 @@ help: ## This help message show: ## show the starting template without installing it helm template common/operator-install/ --name-template $(NAME) $(HELM_OPTS) -# Only call helm install if the CRD is missing. If it already exists just -# push the templated files. -# The reason we have two helm template calls in the else branch is to avoid -# warnings when the chart gets applied the first time, but the resources were -# created first via the VP operator's UI .PHONY: operator-deploy operator-deploy operator-upgrade: validate-prereq validate-origin ## runs helm install - @set -e; if ! oc get crds patterns.gitops.hybrid-cloud-patterns.io >/dev/null 2>&1; then \ - echo "Running helm:"; \ - helm upgrade --install $(NAME) common/operator-install/ $(HELM_OPTS); \ - else \ - echo "Reapplying helm chart:"; \ - helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply set-last-applied --create-annotation -f-; \ - helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f-; \ - fi + @set -e -o pipefail + # We reapply the CRD and if it already exists we do not error out + oc apply common/operator-install/crds/*.yaml 2>/dev/null || /bin/true + # Retry five times because the CRD might not be fully installed yet + for i in {1..5}; do \ + helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f- && break || sleep 10; \ + done .PHONY: uninstall uninstall: ## runs helm uninstall From ae57e3895dffbe5e86a40781927f318e9db3d85c Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Sun, 10 Sep 2023 10:46:35 +0200 Subject: [PATCH 05/24] Simplify the loop Install the CRD inside the loop to simplify the code a bit --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index b7f4ec1b..2b3400fd 100644 --- a/Makefile +++ b/Makefile @@ -47,11 +47,9 @@ show: ## show the starting template without installing it .PHONY: operator-deploy operator-deploy operator-upgrade: validate-prereq validate-origin ## runs helm install @set -e -o pipefail - # We reapply the CRD and if it already exists we do not error out - oc apply common/operator-install/crds/*.yaml 2>/dev/null || /bin/true # Retry five times because the CRD might not be fully installed yet for i in {1..5}; do \ - helm template --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f- && break || sleep 10; \ + helm template --include-crds --name-template $(NAME) common/operator-install/ $(HELM_OPTS) | oc apply -f- && break || sleep 10; \ done .PHONY: uninstall From 62fb3370feeee5acc4ac7bd7434c3b03f12357c2 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 12 Sep 2023 12:18:06 +0200 Subject: [PATCH 06/24] Introduce a validate-cluster target in the install target The validate-cluster target will be in charge of doing some sanity check on the cluster. Initially we just check the connection to the cluster and that at least one storageclass is available to the cluster. Tested as follows: 1) Cluster with a storageclass (LVM in my case) $ make validate-cluster Checking cluster: cluster-info: OK storageclass: OK 2) Cluster without a storageclass: $ make validate-cluster Checking cluster: cluster-info: OK storageclass: None Found make: *** [Makefile:99: validate-cluster] Error 1 --- Makefile | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2b3400fd..6fc5fbe6 100644 --- a/Makefile +++ b/Makefile @@ -45,7 +45,7 @@ show: ## show the starting template without installing it helm template common/operator-install/ --name-template $(NAME) $(HELM_OPTS) .PHONY: operator-deploy -operator-deploy operator-upgrade: validate-prereq validate-origin ## runs helm install +operator-deploy operator-upgrade: validate-prereq validate-origin validate-cluster ## runs helm install @set -e -o pipefail # Retry five times because the CRD might not be fully installed yet for i in {1..5}; do \ @@ -90,6 +90,19 @@ validate-origin: ## verify the git origin is available echo "Running inside a container: Skipping git ssh checks";\ fi +.PHONY: validate-cluster +validate-cluster: ## Do some cluster validations before installing + @echo "Checking cluster:" + @echo -n " cluster-info: " + @oc cluster-info >/dev/null && echo "OK" || (echo "Error"; exit 1) + @echo -n " storageclass: " + @if [ `oc get storageclass -o go-template='{{printf "%d\n" (len .items)}}'` -eq 0 ]; then\ + echo "None Found"; exit 1;\ + else\ + echo "OK";\ + fi + + .PHONY: validate-schema validate-schema: ## validates values files against schema in common/clustergroup $(eval VAL_PARAMS := $(shell for i in ./values-*.yaml; do echo -n "$${i} "; done)) From 01718b090634a8b67457db36e8fd5d8321c434cd Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 10:34:48 +0200 Subject: [PATCH 07/24] Increase the wait for the internal registry --- ansible/roles/iib_ci/tasks/setup-internal-registry.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml index 4e31928f..e45def74 100644 --- a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml +++ b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml @@ -34,7 +34,7 @@ oc registry info --public=true register: registry_route_raw retries: 20 - delay: 10 + delay: 20 until: - registry_route_raw is not failed - registry_route_raw.stdout | length > 0 From a7873c660592b6aca52e23c6630841564cd08529 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 10:35:00 +0200 Subject: [PATCH 08/24] Add a note about SNOs and internal registries --- ansible/roles/iib_ci/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/roles/iib_ci/README.md b/ansible/roles/iib_ci/README.md index 1d8b447e..9f421e8f 100644 --- a/ansible/roles/iib_ci/README.md +++ b/ansible/roles/iib_ci/README.md @@ -26,6 +26,13 @@ make load-iib # This will install the pattern using the gitops operator from the IIB ``` +***NOTE:*** When using an SNO without shared storage in a non-production environment, the enablement of the internal registry will fail. You need to run the following to enable it: + +```sh +oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}' +oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}' +``` + Then in case of the `openshift-gitops-operator` we would install with: ```sh From 5bdd554e7be4759f7e8afa4281c327168d41c599 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 11:46:25 +0200 Subject: [PATCH 09/24] Move from resourceCustomization to resourceHealthcheck Our resourceCustomization is currently giving the following warning: Warning DeprecationNotice 27m ResourceCustomizations is deprecated, please use the new formats `ResourceHealthChecks`, `ResourceIgnoreDifferences`, and `Resource Actions` instead. This actually becomes a problem with gitops-1.10 because it dropped support for v1alpha versions of argoCD (it upgrades them automatically to v1beta). So the cluster-wide argo app which is in charge of creating the namespaced argoCD instance will always be OutOfSync as it will never be able to set the `resourceCustomization` field. Move to resourceHealthcheck which is the new supported way. This is also backwards compatible with gitops-1.8. Tested as follows: 1. Deployed 4.13 with gitops-1.10 and observed the multicloud-gitops-hub being OutOfSync 2. Applied this patch and observed it going to green and sync correctly 3. Tested this on gitops-1.8.5 on 4.13 and deployed MCG correctly with all apps becoming green everywhere. Fixes: https://github.com/validatedpatterns/common/issues/367 --- clustergroup/templates/plumbing/argocd.yaml | 37 +++++++++++---------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/clustergroup/templates/plumbing/argocd.yaml b/clustergroup/templates/plumbing/argocd.yaml index 84643644..de83b53c 100644 --- a/clustergroup/templates/plumbing/argocd.yaml +++ b/clustergroup/templates/plumbing/argocd.yaml @@ -14,26 +14,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize From fe84601ebb358a8bb0b5ff59574121eea58eb28e Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 19 Sep 2023 13:28:39 +0200 Subject: [PATCH 10/24] Fix up common/ tests --- ...roup-industrial-edge-factory.expected.yaml | 37 ++++++++++--------- ...tergroup-industrial-edge-hub.expected.yaml | 37 ++++++++++--------- ...rgroup-medical-diagnosis-hub.expected.yaml | 37 ++++++++++--------- tests/clustergroup-naked.expected.yaml | 37 ++++++++++--------- tests/clustergroup-normal.expected.yaml | 37 ++++++++++--------- 5 files changed, 95 insertions(+), 90 deletions(-) diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 4986e2b5..6ff3a848 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -452,26 +452,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index e48f2ed8..3f5207ab 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -1097,26 +1097,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 0ff5754f..4ffbd77d 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -1282,26 +1282,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 9499eb5d..7f167c74 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -270,26 +270,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 8c12d1b3..4767db6c 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -877,26 +877,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize From 314f9503f7d18389377b964bebb4644e9b7da0a8 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 25 Sep 2023 10:01:40 +0200 Subject: [PATCH 11/24] Upgrade to ESO 0.9.5 --- Changes.md | 4 + golang-external-secrets/Chart.yaml | 2 +- .../charts/external-secrets-0.9.4.tgz | Bin 82899 -> 0 bytes .../charts/external-secrets-0.9.5.tgz | Bin 0 -> 83210 bytes golang-external-secrets/values.yaml | 6 +- ...rets-industrial-edge-factory.expected.yaml | 114 ++++++++++-------- ...-secrets-industrial-edge-hub.expected.yaml | 114 ++++++++++-------- ...ecrets-medical-diagnosis-hub.expected.yaml | 114 ++++++++++-------- ...olang-external-secrets-naked.expected.yaml | 114 ++++++++++-------- ...lang-external-secrets-normal.expected.yaml | 114 ++++++++++-------- 10 files changed, 338 insertions(+), 244 deletions(-) delete mode 100644 golang-external-secrets/charts/external-secrets-0.9.4.tgz create mode 100644 golang-external-secrets/charts/external-secrets-0.9.5.tgz diff --git a/Changes.md b/Changes.md index ab6027d0..ed7d4bf6 100644 --- a/Changes.md +++ b/Changes.md @@ -1,5 +1,9 @@ # Changes +## Sep 25, 2023 + +* Upgraded ESO to v0.9.5 + ## Aug 17, 2023 * Introduced support for multisource applications via .chart + .chartVersion diff --git a/golang-external-secrets/Chart.yaml b/golang-external-secrets/Chart.yaml index 8b58c7e5..c8ef35ae 100644 --- a/golang-external-secrets/Chart.yaml +++ b/golang-external-secrets/Chart.yaml @@ -6,6 +6,6 @@ name: golang-external-secrets version: 0.0.2 dependencies: - name: external-secrets - version: "0.9.4" + version: "0.9.5" repository: "https://charts.external-secrets.io" #"https://external-secrets.github.io/kubernetes-external-secrets" diff --git a/golang-external-secrets/charts/external-secrets-0.9.4.tgz b/golang-external-secrets/charts/external-secrets-0.9.4.tgz deleted file mode 100644 index 313a13018ce45950fb408eb3c3871bcf63d2409d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 82899 zcmV)LK)JskiwFP!000001ML0lcH2mnC=AwbKLrl6YuP>{l9p4p>v&Ffw^DMt)ai?s zq;#HIHMMMzgea6ifDM3>m03A!USl5Qdx7s!=1FE>A_9SX1PRhNV0BkoL_{EBN5sBg zypO3Dhi))TylL#E$@ov*Kab#f_T&lvcmLUwNBV!|^QZlTgJ%bio<4c}=;@yx?H}wv zIrx+FWD9dCJ*y;jW5@Z^!k=DwfmhqE?fn<}c*Xrcx^m-mbmuOD&c1;g{Pf_UcK@F~ zdq(@e|8)P^WBeWdvH$o_&ZEv|(C~cY`|mFOcV3+MQTW`sd3?`ZF0(%$jsDl@;NHwj zrm??F>9-f+xHx=VoP`^@b8q2=sdE{{&d;j}y!KKrxpx&UyywnUnl6*)cEsIRi5J7G6uxFQ(s<$e;n+8}6@D|7O;P2qM zbL|CzA12tsFGf;@ zXf<)7OTA~}xZ%vXif(bHKxHod`3lB?j*EL!H-x1Eg&^Pn}3eX#N!kvw94IYgC#~+{ifcDQ;p9cK@9`M}~*o{%T+)Nf|#{c_| zz6YA0!~c&T9X$KK$N#%{e*b;^KkvQxxI|P!cmo(w#EkgwDWSD{|8or3>i6G=fO#%~ zy>$k~Gc&?Y143$|8RBJ$7T@5A5*K32x4^^3{>*d!<)rZ{oH|dxr+@m3^VQ|0|Irx? z2aXtvaS))ivpfh2C?EwS z3_bqMPZgSmkHb9SBQ$w2+jahq@e$J}@nLB;jw&I-;@)&L@ZLK&b z+$wM==!8vH*7&fxvP{!&E?ApShn#9*r2kmm{r zaWP7+#x#9mh5T?DtY!^M9PuO?8YZxTQ{Y8ji4Tpm(GuV>X=J@j&uqoiocM``-d1sBXcOpvhAgD@~)nxr-oMM&O0w zd!0|wR@92Ew=icp_SWX!c5b>@L*W~nttI2iilU29YdG$78m&;{gZd87=&Vu4L+Lj*2pa^@)@$h= z(5C-;_M~9{e|+%$L9hSY${Jb#y9)-uKjTK+&Naq;vR62?#xZy=gPj_ z$QEcsu!=R{F_NWQ#S75SI%n?)eiFa!IJ7Kd202iS@xPo97KJvV10J-@`Q{;%U5djn zj8Zb^B;3`_e#j=Jxa7(&34DgCMeKsQ9e?U3y!`43h&D$=Q)r;ryYX?O{^}>dyxqM* zRc7-D<@P+1WB_^k3pbr!z0!be3+A#Mk^$i)~P#(i4-g$IsMe2I0w8Mrx9T3yQcl%;g_myelc!5Pjt`>X*()+W9STr z(|9(Fz5iZ$D{trnT;m%z_@RjeP}399GXH5DPn`ZCo`fH4h`Q8S)DK6L{D*4#UNH~+ zN_W#xqgl;DXv&7}Y!?5}aAGtM4zXfD0&!X%@XB+8^y)VruxXpz8C=dJIgO)41bW@Aa|j(Eq+wnS2Q7CoR*IAx(`c8 zAa=vK=lt8Xcem&K+YK%U?Ups5fse%QAzZ9HKm=XClmnF33lPIEzzf`~s#ao(Lh!BY zUG7jsVU<7P7AAQ#Im{6EX%shddq!uHJ`+c2G>wAi&c)Gb;hk_^4o%ZMzyqGf!DRR4@J4jrhK{&%2kGcylz&BY)ZIXVVD& zw$o}nVJ&Hwx0$>W0l@9EDd;1?V@#Kk9KrK}4q$ZgPe3d@cb@^>=*`@{`%hZ`@RWQ_qa z4&=WBKgs^MMf9isS}g&3p89hsUsld_w(t|2Xza~>WO%jRshjhS8~8Jdy%O3q871ZJ za^`ij10=nSkZrG;NABDDq;A*x)Qwm39li*gEkqp39f5NiMe)oJP4=JIrq+2CKu|rG z;c&PCruY$lfK&KIAPku9nRkg}O4v877Fw0jVi#*mR+E1MpCeFL`*?OnH9H1dt}$dfRr04#iqDeB1UCbdeNaK}P z)nK`%y(ov%^VY7CQnt9IZg;Lym3~v4HboH86Et2ao7sB%Fm%=hQw4b12P?v>FjA&x zF5BpembtvXq&wxvL7QT^f4+#vp8gB}bqhA2P5;0DxRC$l@ss^t|FfHCQ~ghMSV2(} zRHW6C>9-@nSDMfv~nvnPH2x1Br%d5D5TkFjY5$rK#6z7 zcuypmuPF~eY}Ce`%}&C9l9*HxdP3a7LNuk=W^6i~y2DG57wcG)KmHi6>)TuagvPzk z;r3#n^@n~N$Vfjm+jG!-iYejLjW3Cjt=d9jtX)Sm&J^+}YX&%LX z=9xDvd|lHRA0C|@(u)iA0<9oFSG;@$zq5oKtYSAPEs5SGS0GovaThHg$2@tfz>SN8 zpmaTrP}88cZg$U+8G)2_gh6_SfJ_!DuE}v=nDFrQ?KzYPlfI=CADH0IS*zYtO_kPG6SQJm)1}3 z9*&#~%&H~kLr|PKv*AewL@VQf4;JUkx0JzS+%qs2^*^jO9)i#YX* z&bb;2&HY~3*!#HqB7}t3kq{unX~Hy|bTT-a92Og68ps6TDRNvQx^p5j^NdK$f{u8? zSHa9-yodQ9r_nt0e^a9+65d4dVV^^h-kE&b_XvY7+&k!q<2tKQ8{vkLqNCDn=HMs^ z1SSeup^xd9aFIV*Az~QMa8t*LKOegB^vX|Rbb|NNAJSw)LZblU@01<#egS-}BgVi32onk@Vjck#agh$-&F$T=dyM>mwLrZYO@M}R+qBcu@91~sKc9U}P5fn5yI z%y(dD)!uCpVs-d{a02u#|JvM#fXxYtP6QgQZd3s0>wF(vaw3R@ zc;%>fMW7K%r?#V-Pqob$ABpu(O1H9h(kGYB0_cvv3@T=c7dL_P9LoHRp0kW*oNpK@ z3ahQ@cR-w+rkH46!`Exicd<#uiI$I0ubjddQ-29ehspMw7dq+tBlAvWFM)|7D7Zng zrOjeSO}H%7J-HPe>0Ut0ThvcYW*tVVHO(!D0>3DIvFjjy{()o8>egbq9()+*HXpyz zvM>)bPg!;^CURNwwgehOrL7u;jF#`2&L5v^ulBk(E&(IW#Jpi*@tw>M&CpfE?SA5X zKs5e=lb~vs2Iw2+N|jle62*XULnM08QZR}hTtm!{4PO9)=%?~Ek~tr?w+$lr7+l5d zA?A7=xagUA3b23);~9-TAmuTg=B-SdwbQn9&!j{#`G#3LC-aam)g}LqoCoY2G8t1g zjt-gk9u@wU`>FWDu>4sbuVc`(B3b$HrR1Gk^IjimL-cpMzuO&7yT9ADOLEPL7@2k1IZTWZM6MmT{cE9<&d$kq+vd0PWYv8v?*jP?O8i|a24;a4Z^Ln-s5I-?)$ zwd>q^K`^`yQJa-%vS~z;PEXFx57FQ5<pd9m+UzZ7O%XyF`6jCiMhT$yxt^ zxW6!I2IpPZ*PXpTbeY!_QD%K zjzY}8c7g3G`U}84cTQK6z@Huk(W*)lkk>)I$d6mV6jCmPk@OiTO@9Sz&ee#Aa`-m+{->zwwO{k`UHp|+RS#y)5nz8ywYG;i~Q$+~m9Qs3( zg;G@#;kb;V3G6A?!Wz*&OyhiF9HW`B(W-4)gJaG|ON5RrERrVb3fDcJ8XAzsXibtY zNnp~fI3t;32q^oFKdUg(ApRn2l4h^MT4ZEV5*8n}OQD`mmK0k8)L^70)6pLO8heap z@td=$8_%+vLAD?P)#SO>{rTcZGf?IHi|Pr7HDZD zIft5U;1@q4v6C=L)}(a))P6DF%G2imCAiRhVz*B7KR?}n_I=U+`{3aFzW(!09?ezi zL4_08!|c~`R=|A4&r*O^?=bewIE+)wHuw-D!g_Kg5>Z2@!&s4 z*zboQ24|QFa`5mUqE*G0;eGSxq%YnCaLlHzc$LQpr3_MDv9p#GnW_(y1E0|u<=%y? zcOmOt$O;|SaUrX`nmI=@Qo48vNwSDeNbOSDttiPhnI`gB_;t;?O4CIJo&>0T&9Wz6+Z2Jnl;V2y?s+--DtFEH1BDphF^BA z=W8s0P-YU0mVnnyQL_9DHb0hi7o;?kW4s*t^_6<{2z|)YThC+X2d${HAj#L>UE;|4 z)~Bq0jOoKQ-)%9P<))Q~$3~NM9uRYd6C3?+`1{`kN1&45(OReQ$sR+;DO7>swixkrPyIem{G6lHJDJ zL*56%14`bPJ#?9#VJuRobCtwe6!oy1wy5rb2$fDhaf(`dIXRxIzWY2bR=~P5OlFQT6J8A+iV+DKNf@+?$~6mW+$;j1{w(y zqc2!_qE_oMET>M2j)G^Cu==06Npc&-v%Ny_tpila#COzsIi?=L4a?Dms$J}XDSpOh zNc&~fu*K_2pQwQ|JzKup(H=e(h+XQK3%tKxG)l7i6*6RtOd}sVbg<^Z*AKfseTBCk z=)c0jDc8q(nB&7fXm37zMpxoZ$wfZD&`*64x;@`U4NWFE%!KF0R*Fe#(N-DwMb>-T z;=TC^t%9cN6Ksqul#J2i8|fnRp)MD5C>mFrQ$6GYGco1_d!Qhq{KWV4s0-G-#Hihj z=b3btIh6zP$dxYCpB62Q89tztTGN&Yp}b~aGWeovwq97xm>IUE>&F687-1@u9PFL; zLUfx&9{cqQraxmXM~YuU3{vqk{!!%=X}frQdYwqa`g)y6cXRD^B8F@2bs}G#PUNzc z+pH!r*iRXQCNBPpnR4LZJ0z5lCkYTDG!&DIh@de)VZWZh^aN(prI|?&xe4OgODYbn zkgdBG;JF25@|5zpjp4AO}O#+SER^pq0A&m+Z=K z%dyc>k($R`S2h%DGe(j|RK*grwMA`jX8qDFKZ#V3W;%9O3X3}Rk}?YyP%0dsWn_bs z!48msv8K^tBI=XzO_vH57?Owr1>K2ZB6**c0HP^3N6xPpT%S}Xmg`VRlU2Q6gRku{sQyHT+&684nnNgMi$9&=a?r#$%p!WEA{w0 ztkcUQVJrvt9)!tY&l#+ef%5FS6h!??X$?>zWlF!P#&4bI zB#HvB;dI*51RXs!rDA17C34!ce>dlyMa7R=?QtP0ZX_KIM*7$Vn%)f!!h}kk48<4# z7ovj#g6m9xgTr*fX%-DGaC2d@T_nV83a69Ldd8b=Bysk_IRME}*`v_W&10kQ8%&kl z(##xIG-OEX=X-Kpd zt}PTOZDGlu`~1yiX>o9xoJi$km`K)6wZqxxUb}|&eOoJ=@vPTuzRryJG0ga`Kh~Bx z)luy7q2(MkocFHXlu_~B^(Jg*gOg9YD_7Oz4ADWpQ+w*;>@ipAW#d~w%obKdKH zH(V1|I^?jaX%89z=Ht9=m=10!?CR7w_9)AniZ8)NB8gk=?9517D*?+b@;VE1;nm^~ zG(+~96bod>$E3AJgyH3pu&|h@0$-NxjRAZ=VPN9fx$>97Yl;g|$+UQE$dg0xIXMY2 zv?ay=y!hy2+Be*TTDioE zau!b7pEjOmF9fiMeOZDwYM3Y_(t(9KQigfd_4Hsf0vXY&LY6ADkg-x1-_LHUD2 zJ4b*;F_CNF<=%-vI(--%0fxdofJPo?&4(KR7>E!qj9#P^d(Q1ulra8O`tAYzHP|bi z?7>Mm*i%`+a%WlLZ8GW&=-pr);<5?7cbt#IYh{5P0yKu=6r|C@pO)HdiDQj819D=h z%@M|Lhb0QiiS;TPm3X58p#7X0)D5et80IH=5au9AmGsj1j>3X$ zpvjMslMOE0aMowk7^i%DbysC{EpB|VP}w%GQ1eGNxG3aR$LX^zZp&#^uc{k!OYS+f z8D6OZlAd}#|1?~i7MRvAxi6seO%>2Ftp6h3QW%Y0@s~ff)PH&M^!rB#j|=r*zJGS` zw6FiNi)WMiFFB{wzWB>GUi?Kv5udQ~i*_dIWvT3o)}XHDi@p-3GF1g%lA3}qTJL+^ zS9?+3Z_?WqWofvsi)D#49lm@~BH&mPqIzJn(ksj{mOgb}lwc~@j~R01xTkrRL6&66 z#pZ2TlO^wtt_cIMHz**eMEpTC&8jowmLadL(hG@*RrZ}0<#ka(2t3&mb1{JU{6R)r zeGpDoeLa`Ho=acPrQ>=o+I?=X;-W`<+v%|c@oSat?icc1v0gHc@!v1b-|9Nb2e9wq z^>f&vIqH8$;=f0Mn>dFkSOEHTEQWqp=!x;!D`WcGqG~d)?%_6CW&4SOF#pXvWQ~JhtnwqgK`;cI$$b=Bi?qaumPI|GlvZ{>0W#18c}bv2n9C!Wo9=;|kqStvrU0DQT$ z;Y--ZTO)5Rs}&?B*Q0X&Z zCQHUiG~mk0UNB)*lA>@w?iHw{^l8Z=DM>}T7v3gkHho+^F3baWGoS*+1Vgt|J3bJ!oGaoe= z#(vuchKzeFU^0&X0Hc0@v+Vi{6<}5b1Ov7PO0a4ayKlW97+#0bZKx@JX+%m;baHln zh#p=qk4~Lmqxd?A+?jKNYF&_Saafzj!(9pr&0@s_*V5r0ggQgnK-qPB5uEtDsF(nV{b=d`1Ceg^bMl&x9 z|7I_BU8pk`Jn`9yEOw!ItwS+{D*90*Wl?ih3j0ap)AQ7=PtQ|-8|d4Lr{)WPVG!(t zPcc<^9*rqo@qLUnAS6ZEp9|+@53LDF?!tf&4_!X6Eks@fzCFDF-Xn|km(U{%qvqDg z;?#}Z*7Obd^cbVZ7zQxvF~--3F$|j;HJiFWuELo`?y}Ptug7SWetH1cZW^I7=IGFw z&>*TB;SEMRqC}NhE7{mWesPGJ;7?&qW=+{;&g>+uq7MGQFRieDy|_3%M;wzz(~Znx90kJ=0Mt^50EDfDn?83Yca4eXjP`u$o;H}{ zD}jEY8R3;?E(1H~+BXM$7bewq%w37GRqPw$T`Z_AZkJjef>11IkK^HJ>qs;oFb*5k zhtXt@@%1x7u#JdS_zaQ%8G4kZ2C zsF56)BUhp|!d z5G#HQ$ETtgKly=oYE;k7HnDybc-xqH!lCD;4l)*F+gJw*`(xN62XTWw0)_@HHK=@A z6NGl573y=YqCnLz%w%;AU{^TH?2_YSZ+ZCHyE{2H^4qIi6cXseY@pr*(d!7dv4mbn zVAR}7s|XiXIMH`=`^5?AF+h(2wy=aA0~j^mlCwviOR(uyKruViU&h`X_P^P)qEbdY zqmJ4|S9-M;88DmL#zk)sb2hw|Yg=1%zBLSq`SsjRWQO(vPl#aXoy*PlNn+Mx$1rXV zb+qK_@8P+0{4$ukEkQ+aaLdrOkcwQE$ zH;bmp2!*fN4GhlV!0{Y9MCV}Kq5Y+(sK1~6*AbB8!qx|pkzfKA%ADv6EB##1_r z0*@Vd>0gIuZ?xPXeCUg68y4W)Bw01Gv_^BSNUzyAT_GJQWe(3(O0FWs)g<%a%Zh*3 zCsUP=Ni|tfa72Klr7<~Zdzh9?Wu>crI?@pGX>4d9;Iy`i@V8a$UEi3g39;?Z@9b2C z*vCOK+FjHmC`LZ+3mPnLj>;EX-HHzE}}7Q?_OMEQ|HDjaij1o=vd;jWK(|m-5`Glwr-i zKGKHh?{NX{Wekhlg`GK+eCQ<`O$<)K`YFH&xABI!F@Zy5 zbuv|x2v#*jkNf;&2F?R9(TA8QQqsLF5`2h*GrK*LR;7U) zQT(2nn=q^1Jj_f=%V_32NIcJR-PsWS82X~+!zL@KnIK>cd~9A=K}&0CM>A+{bWr80 zn|a0DAvw8p7O;6lD@tHSd9e)XJ+yjL)?_U`D&~00Fmp%ZqM4buN^s12YPswxEu)wR zq##dHU6!hZP{sY~g1a}i34g1$U_%?QH70Mj`EDEp)|riW%b{Rj8s*+?7?lx4m-Nj% zdXqaG=QSsix#zc>f|}~wX(_`yP(2s{kl2A=;>IfOxh1hSXP3E$O|)fl8S84pF5TYP6i<8L8gTa69e4T8`tzo=!jdGCb(4JcmZ(>vk!)Z<%s z!ncW=EYJ?~9tMdjH1D1a{qE3kwKO3r#Y)-SL-rLVu@eMwx_|z}Og((^qn&aX+kc`gfooBG++LisT!pMg|Cwup zmwvAb?iqo481;-m&j_?K0!delfRMm#d?SRWNu(}EFu#x`;_)|fL(A$IPUYr^I3#6e zlxjnHmp^Z!o0W1jqPM#@9)w3d#I=P_vkTk$6)&O{vO6n zQxl7HZV#z|6-R?GhNvny-XZFqcy8>)Yg*2GzP9IUD`C|0wOOlO%ROxy~pU|rqR%8OBIKxd1>d3xXl;$kh(={b859A!qX7I9;%55gaT1yi=I^<4_ zj=6N}P%GW46$Wh?*02aFKE~(PtQcx(QTKDn_q~sB2SYa)igPgXqw&q7(ZOhcj8ts= zU1fuPH&|Y|`=g^nIfbSS68P*YRSq7cofJvMXZM+IIw+XB*2LG#b#sx!<2chbilzi7G$6t)u3Pvha+%pz zN9~l8dv;8uvZb}c-T(sIwns;?JFO>_IpDmdrdD=n(WTRzmOJnU)2B`4)4jzqz1!pB z;a8aylVx+-V`1gi7cHP=zBEpjat8z(oY_v@%L;xMvaSJE8*mfc$2eNeF_|oo(bT`m zg-&;w7w-}dg%=~#>=mXzWqqZ;h&G(0nTMw*xGOiPH2@Z&m!o?*di^Ezan$&*G@B}{C5CX`9-SPESQp|Hvyjiu(%#{?R#W{&OvDXEWFgP8=zc4# zwL8v7XX2+!VkZN*r4_h1LYxEcEKUIDm^C{B=2_~DXZB8hp0#Q4$9=K& zGK01}0X)%~SmhlAJGB;hxM`60TQ{{4Y84Q(k%Ry0CRhF!BmlotX^*>!gL0S4vzF2< z<=JzeswwjH7_=nxEtigJ>nyzKl^goWVlP`zOmD-PJh!x2B#Y<#%?pf0m!j{|ZQi*I z211hsFvD5fvdZ^Q;X~q*mSB^yz|O>-USl3jIJpZ%=nM^l>>hgBJa-0S27@+rKR#A0 z0*=~VyrZ-1fSZSiW!bgTv(0tTHcs*QCuKsar{-8#khENPVa=p zKXE2^q$|fW!a)(bL%^P{bLMa^SASpn43eCMmtI9}P})&s*HIRXM(z*#+>4YW2Z9I<4e!_>}SqgSY|&JYy}IdAxIr3*0Y~Qe9~i*9+PytgdUR^ zHSabG;Geg4jM#tOR`OwtA~fbpX>$JS*9#FXkRcHGZT$A+_-N~_R_11ukDpmDrr_<8 zt1mbegB7Bz3NA@{{1n<;Pcw|@rPPLfppnnG$p9$a#q|1qe&J@`$E6?BT>?}dg|iL!G#k!IeWHWNpy0Tl-}df5!n`3X^e8l3v-JP= z!}RHa)rLS1udTSYeAY@ij!$J(afL+aj%mDHs*!S6!+Ql>WeOWxB!Z7MA}Ou%8w^>+ z#}bd=vj#57x|!n>d~CQ&e0Cegnytzb7}gwTX>DIB*SRLh>_S`dF%ECdW@IQP+Xvd( zrXIJRlC|LwIPXo3hR9pn+Y8~t+p!g{WhrDuCa#1;hI%cg5*jwsWbVissL2XSFM})- zUDm{0N0W(9Myi=+$*Q;J_4=9hm(c5HjGBK6Yo76!+w)q=r!K#xiSnm{(_bUAa>uQjI1a1rCY$v?%bWzL}W6Yho`vc}k#YS|d{U$^ZyiyFH67I6MN1Fx@aGyqo_E*)Ef)k3q-2A?{Ne(yqUmclmLrUhw~74aZbn6^AA1$ zu>KNy{=ulZv88y^QidAV>PWd*r+?EC)?Q@`fjF5M=PfvqE~SErSumbuFmsny;^Zsn zU?fOl1Q^0}j6d8)@eJPhv8L~Ob$ocbbuR*I)h+^LQ#r9}Wd;%=e!6?vaHno*YOf_d zBT!HPW=n`f7Y75MUWRFVdKt!c9p4DWw31;Ydbh?Zzle@(Jj(C`{Z@%23YcMMHl!_t zZAhqfMZQTqFs@LSznrowjq1C41j5*KB^0{k|8V{69}QwgH%5rC*@4;U>6r4 z{6x99FfL(RS_$^R05fgC23Q%UlQr6Hvox}$TdR^}O3pdkCXqJNXrmfFX^N8#@bRZj z6>EIyOi<{y)5BU#)(CNSpAy!1jwY#Kca{d$ECsA_`d9PRuN^1eY2^o7Q@t9|48SY5 zZag~yDgf6LaA|Xb$b4eRa$hI)f*=uy2s5B_6Iiu78@iWBaBpKj^`v9DqPN^5fM!S% zSY?mLBk>nYKnbu_@tw31kh&p=qNSiEQ#XVzu$?ZPA3$b=w^6Y!h*CuJ#Y69f?j-PL z0!1P^8mS!Jx3{+=3Lg+9(J=-0ESe@`nf8K2igD~M10h~~=LSJ^`(CUOX7~Qaci&&p z8d~>d5=F4u`lLEW7eB9WdZXbeP8p;I8D)G_!XlQiz+ZZ9N;zr-V0j;2gefKbqNJ*T z-)Nz7TfOkckE3wmiIPxgg^A)6ZxoE=yoNUZP~?Le2_;sT><>oHYfRMRPSCg=X4Ap# z1D5%c%+;hVYuyr0&2O9y)TARbx}0rV!3yo3Fv^qej`~aZGpK%kr!;(?D6uQmdaQsO za1M~0$JkVu%)D^!hwvL7&?wBZKn=zyunhP!$?Edb|43{BRT;p$p%)p*vP(rOo(B`M z6m2*@vr|Hrqj(VIh=3m&Z46bs`hNqC{a3vAjZ8)%`HJ2RfRfNL^^+(ds$0S+i3gV+ zBvsBBKvV^RGV_7M2UvPDRgYJ@!c_f+>fJh?3xr3YC2>@>WW3_odN%;2l}jusqrB;z z(%5czlC>c>#vYb6BJK;mT^#3(J$78qyRG<7oyC+#SuT>OG+I3W%i~9n z2AdxtaTS`EBQ*6lk4+c-PFygtXmw*Nuc1b2V23>)1%796vp*pAC*_k%}hKtWhM&P5Vb^ytxdy9r<2>qL=VD+?^dr_zhdt%lO*U%lN&F-^=*o zVTrWy?gN|WvzTydh${?1kvkKA<%w*%9=7TkV_C^DylyiF8j3TCO_JX;YAy&(+6*gG zH2u#c3Qgi2@@YPxlaf&3R;=QXadtOH-e}_lS7r>nbHT--A_)aoH022fE_Ileciv`QnYo z>(t>haSAc@TQTx^HO(MuW!`S~+Qxh}(aN0iUU2(O>3vHLyh=_3`ruKRxndjMT%e2}K?u5@L?4aRGk>EVuegVml7@RavTGMP`;RjLY~FwD2P@w zDsm+C_Ra$eo45~yj;8o_#K0MaUi$pt;QRXzH$7?gB?bWR_@M|J(RJ0Khh;=CS5whx z&Yfej^0WZ#4tP@hN)-FQd9$CryER?Ut~_lRqRTa9q*_Mp-OQ?<-p#CO?q4FO@X6fF zcA)6Y;od?IwN#@f=ycR2|7Xm`mg&`%PDApX#G|W>!gg@(a>FFRRTwa=Ib0K zopWlPW7DGv5wjUPp5##o^(o$nrcJ`ct)#ZE+@Jfd(y&L>FU<#UUQFqb@mJ}6^XItX&He;-L%J{} z(<^V`X4?j6C_FqpdH4N!;YF!T4)GTnoo@p}21&;gFL!$yK!CBri8u%_H`v(L5wg3Xi6kF|rY*M3D(rWC`0N_fX`w zV~;!^R-rZmHAytD$mhzlaqg$1>%S!E&^V12i&f~ScVo&n3;X{BfyOcPQMU%QyScTMx2$4m!f>N=+@3zsu`S%Y)u0Y; z;nk;>>{2?hWE(0Q2`THTD-h@S9aJ+W3~)SaSN>8cA~~u@((8AqPE|wjxjG5=oHtR5 z|9SDzM|y<&bR2mJ{7S!czIdLF_0qW;9m|mA5sC=Y$atbs#VIgBYapcX53xq&o0^Cr zWR2Z03Wwfench{7AwUCv=#Xg`P7Fn^&-{iNx4=cta<+;YSs`6Xy*Ut$g%{7!0ST~% z3BWB&LX!z5*zP3j9cp$4ra$h*<&nXZLU^(#aKZB|Wdw@3@DmMKy>I8qmAJ`ee>%_l+8T9A>F5hX9|UI4^0m@TYD3O2f`K zGAb01*635ydbf?vRNL8KTkYd$*@Iho==+k1W~wUU$>JFQ{o?$so{0DXTFI_aH$2A! zI1>Lo3fv??L&ZZnF@;X#){Y!#>T?{ANGL7&ajhvCY4Ctv`az0P+lzB&;^Oook=#=7 z9d}g`YK<^oHdsJg)bn~AfrzicY|Y9%Dr{a!rQ`a-{itCgrz$dR;fHNa+Sn}@ZhQbc zVdU|1C>mQi`>0ML19%6{K4Qd|zaB3AU(Q~cd(z0My!@3MetwAqmgj}&bd@<7vsshk zZP7>zjhYabvD1%{5xVUCqrv+sy3OO~io8v7ot*>9LyjFANrjayt)2Mg3&E+*0FSFa~-<+i4$ICE*B7#OB=p~ zeY`cwyZcpS@mCkBPvrkKIF8`cC&9E`$Cv0(vIdy?ME;hE{By{$de}aff1k_Wpi7_2 z-+DdY2vYvCa`{W~!9;hO@$6kGMva;1LiBRZ%~>!hdCL&B6#An6Itv+ z@mhys2u@?NPMnGDr19x_>ei>{slN^MZN*dbg}*S!LW0j{7_EU%k1X1r9$DC~qem9y zCqoven1rmy7_BSrF@_n8dW`WkVvKI1W9^ePj?pUp^uQ!nV`i;nV@pf6#>0YDv^j5M zpLwx9Ah{9nU6@qY%)OY^mxJkRbIK;tJ?lU!h^O+irVvY+4y{W10T2j-lbyk4>ChnvZ@*$r*+stk49Dzh1PV~@) zACOfR9sas>r(uPrt686rG-yfdxzEOyrbnULWvV2;Y>6co z3^r2jbOhYCZkXBB6CeAKSrXKeXY_ik>(=8u`m*YZuGo>a)>hELAB^Ymfz5&hz`}t^ z*h+krJwk2M>d1ZNlqsbmslV!u(jZ_=Q?(tu&M#2E8B>a(!BUf7kwPHeDe&_+KRlv) z*^;I$QKQl{PY9Kn+GA|GIEZ*5jv2erlco)U@((o~;71&x**0J(O+r^Em(%+`+28b) zM#D_!<=c*b!7dSlnkcThNRzZQHHsc-_5r2oPF;wYn9*PNTe3SH>8yvZR|w%v`CYJ2 z&G@EV4TV&lBuZ+~V|~O_XY|#xhodX?Nm5q%@d5x+iGu5Hc1O(;bsB`kEd{s!&ln@^ z3?_Y~@aureUpOpnL>lIJm$oVG7>It^rKdX?|71->LlP1!<{^fumq1u&!8p13$zTg6G>Tc#D4c^Gt|HkXY4uytQA-pfgS!kWg;73%KRr~TG)!B z(OG9Rv7-}g)-VRq+rv>h30Ny#|JwrVHUgo&_ha#r(gtuY(#Cj7c-EUIZr-GN4|u=BQ59QWC3go zf~hGAeLOdJ!p0Z5_yIF#2uM>+C>A&>4aX3uF6+0u%g32-_LVQ2(#FIQt}&U-QC*^- z&|m%^Oqc^DnbR-jD%QOtJ7<(X4U*9M({gfgX+&VVBFw32h>5T|ej824*ub#$5=d#~Dw16}tT znye@Ee98By;#)IOZxn89N?c9VY`9c&o0+q!L@Vl4sU?!3hrBuU1yw6KBu*b9ZqhyCCymIp9(R`?E1eq$DVi z5L@_1Q%W0!lB8kqSWhW)v6LiQ2jgp6WJZkAu;XXI>2kFSz%ZmHC|dK;P?4m9z1)iXaB5J0+L zUEY#j((Mq+=x`hTL;)`wqNe+<;r=*2t$5g#fqkZ|D48XD%@U!uD zo4iHRN;+DYXG=F1<~F5C%Qm+!P0Y$&He_j;aQUGS3pyKMC7h@eRys>Ik~YsnA=;z@4^E=-eV$xx*bzHUKigm5S#Pd69NVERVd@P$DXgV}S8+zMuU>8M%qfTV9WVjIjc*_v7 zjP#5)8-q;rNxPHFBab=#=9hOA&^k_}DPs`-OVqlxbG|(+A#|A+=Y0a1b>~++&7uqt zU-2cUJqf&?F33$rfYxWn{puff2iiPY4Wmy&Y4g;1w>v=`sL z{*fdgev=&}tjKBCd;W4i3V-xVS-3eMdX)J~AqS5S8OLVPB3xawn861JNqQA*hL*T} zy2FMx)QJ;JEd?*(k-2-TF9uDaFBURG-Fnm_DjYDCTuR2fu!*gnp?=1F;%0P@~6S z<2Ph2k!Qf^e_6-rlvLca|9dxF=jr!k@mK+R*OAT1SpMAIl8VE}7-bq{7G;~ucNC72 zZe5W07yWr@DiT5NS?l0~Z^V$^F1@D&qq$4Wf35k%ny8}UKM8mWG}jSg|FdREbjcu} zF?ld<*2@Q{`!@h*)o&EB!g{?3$-!pTOhZasM^-la zX&!9Dh!Ze>*aM8Je9k@x(kL0`gWU{ZMxK$?Z2@p&#kaKss3-R88G!CkLt%;XR8su3 zIqj*)opx?ae$=jDe5g%9d8Is9*L^*r=+OgLbp&OF;ILjPfUq=1r=h;FNcLx9RWCBR znSX4}RS_Pi(s7DY?ByF8qex~z7W*HOoeY1C%0yiJ0+lRgIx7v>16vo**{c znlweu{sKmRyDL{JFb{xbXh~2X42PA^vEjOEtBg7c_4E3;r%(f{oWlJ> zF_4w!26K*1?CfMeBuvcVuxfc+bUJ6Kw5vNpt{5m)aP`>Gq<5%5;b&&XVn@or|S((`Dg z_`>97{GTk}Y_-7?_9@@Q(CINf?KRh2aSwG$KE=R#=eY))gA8b9ad=bsF`N8J3F&Ov|xl|3pI)$>9oi>~h^AiZ~*Al9PQzHC48a;!m_% zJ5(ZA>em~Sg-nGhuO-gJ@GO+oV8$-nL@cWN<{G}|NIisD$NmevWR}=OP}(9nAcH}i zP?t)ml$4BACn1CAgLJHr1c=&^;HNICx#sVutGh$`YFy3 z56yYb1H4rXf%365onl)0x!8-|`xS1*6;N@SE<2T!o(7eZjSil5_9~xAc!{(bf0nqi zOeRP03c=2%saj;=7s1V}qO>3;hX&1lu->?iTZ1JD0BQ$`F{Ft=kks=Kkmvgy_nZ^% z?$FDFXW&uR1KJq_!G%cu*VLrX1gqWE%wQ3<6)QyThf&tscYCzp{W zprf6$z_Xd96RGNO@c&^IW^AX_9?as>J6U@2g)jS$F+W1H@Zo?b#D|yg@V;dxH$2n% zN&2Ei1f~v4tMkw6G8>Ay1x*_BAN_ZA*jbz6&4IZ%!xc9q{McJO*mzNoLq7)wx0KnI zT>}pi+xWS-{wSK2^@mSY-QL%Uli?S?e-0NECU-|p!W6(fzmaf7RBs#{rD`X~hdCiQ zuPe0z0nRngIx2Z@9#W1YabE{hvrd@@*7ie5j-XsfVL&AgKI9fRN$vk&7LgPox62-x z^__U7&bwuz%_`{m)@g6|c8tIL%(-^+sq+Wnjai10CmxQMse} z!Ij-T(LTc1tj*+R2LL{YV)g85&93WYY8AkdnXTxX1FR?F?05O=o~k!z1#5m2NwB8# z>(kOQT4T-)?cXei2+@DD979avN@ZX&ZzqvULKmG&#iJ*+LQj&%wE^D{0XTQ`Do(>> zjkM~jQQ0PIBOJvZABtr-QN~|!ilJU3(F}tm(W-hRYTPA@vaYc3=G>nugY`ckEMfRt zV-8meMJlN)q|^UqSXSCnrwwhklZ^=WV8%`yaBffTg2e%ux`B<8+3lrvBxDbT%P+kd zoPjsVQTS14Bz)RIs_S7|Sm#~0{69w6disR+e%P8C99T+;et{_a0s(1|&;%ALNUAeHgXAJMzKS^|HM{m9 z9f2qkTKi)+#^QKL7I0==hx`_eEy5w>^lt7NNIdb zN{=+RX=RBf>Boky7h6Q|bo?L&P2(!7tiP`5@5uh~SO-3E&z2#v0A!s6bv4^-2(w=! zNoR7>R2*%J38e+~4|St3@>Wb&l%xtA#<^@(3juKTxX3-Fm9#*ZCLF%hUyT2js*USS zqbrBUq9OX_H!%+s7Va>~#MA>S??bFD3*7i}>6}y~RSXvVgu8PbJ0X|aW!{I?vouw? zsvM<<$SeS)?s`Baq~KHs6>*yd!-z}(dN&P05@sq~`iXJSPKlWxCPl#+aswixP#EmU zr@drb{9RM{Gi_YfH9?yTBPA`lpar$3c-b*>zjHdXF*KOw2zKZ4i<*kXrJK%<R>2xx=(>{rNdOa|~12v~wv9v>Li^UV{5G>e>_b7cJ z)YraIoW@0}Re7${{2zgA=Ftx=7|=rGTk@XhuZ!yG7q8bR@~&rd`Iq?4$ypCAqgsS| zspU#FXc>hegw7diQ_AQ!60s5`kOpp0GE89e8pV+~NnAmeKE z8kP*+hym#$@)tGhFMivLl>x^pW9@kE49j8z9V`0&-nq5z^_PaD5SGe@kl%fx(qa~K z+@@_XUKJ?Ws@1z|zx?P3B1MjGYsv9E*z5bhA9B;5&*|hne3X;AYl;dB8@)^KouuPZ zEv5DiQ-I{N<8y)Za6)XY(5>t2K_mc0x&`&ko&nTN5R^}=j>KDB8X z*gllI)t3=^8%CO6?u49T_xOCjTsdUJ>#{~Y+*Ha!n0t54#%Yg{!R!Xl`uy?5Oghkw zB(g!2lR*^AViXTMCsW$qJ(+l9U=IJSkm1&s`D5Wz>ICFQpVOx`)yRKGKXAD7dOSF| z$>djlTvW>4A@fZvpq7~GoWAYxM^8~{#n_rM1I__fHm4W(lYqj#4=Z-x!<( z_chl@>n(1|0`wRNfpEYHYHSX&RfZrgRgkO1%fEJu=}}}6joL>E*VCyaDbfvVx`nFP z%p6D~T`mpBr#)7ZzX%6POCEKSjTd^wP3Dwd1c?X!y#+VI$}xN+5zw0#%&v|!eL$@} z5Iq0$E!K}bl;%giQR_~fSQbH%EMi4dO$VXCqm!WqA3ZTm>u6e_QrXQ+RfsMuM=d+= zQ_<1p{g32@NO#?elNB4bJ|^r>r$cMx2Uy(CqD8y?or^&4Z%z#QUYlk-IUm%HY!*fv zfSnVRFwqO@VwAOLgmQ2m#e@D0iml&p0_LLLGt7bJLc-;?_`l*Ox_Qq z7;0we%oVc3f0zDCijnQby)o0^S=720g-cx5_Na@X$y$dyL;RICcVVT3mvCi^o(c*e zK(FgT6P=Y3mAa427!#Y0^htd#@t`a)9?48=Z&mx_2pHX&ymN69I2WDwghrLN6oJt- zPYCw$D0qj4c@%;7>ZnK`kC!;_&${!cTZKH?pg>@Fh!K({R#@Or$l!x7|fSA~|%Lxk#z? z7zYBv8h|;eOd1nN_y05Ikc}c1I5m}X2Y)KY&mSojn$m2@YZe>-7nod=Hb1x1Q8FM8 z#TsrEn-rJj|02cm${~B5+W$1xCsz?zzE-IYg%)c*snn=k5DTy+0?JiP2#I!!+mhj3 z)6N7h8VgLpU~XT{B`6jLdb*2~^;ffWLTa^#*o7D?jWEMED{DvT^GI-FncfAul!?PZ zOqNsO&0(n~N#|RMw@Q`&2!1*owz4HSaa=veH0a-tbUKLWa_0H0dLM*+Utqan+xJsl z%d7l-!I&`zU3^z`*q~iVq)FD=ZzY2=6MS4}m)Wu0>!iiHDifY(-r~L6=t1!~Tq}98 zNwqcX)FcYYdTO#@bN1B=W{$iSE~eK3WlI+;apLE4BA?g1nEc0+w~n>ZBQ!P1?XVfr zlUWmDv}$2S8i5um#EyYcd=yqOXNC<IFbVp zQq3q!+mA?H?JCh_a79}RhP7P&HlUpQuOv1C=8k zk^_u+?hK)4!D=*bviouz;vA*QOU1Af=-2%pvH!py$dc#w`&z&+>Wl94_{LP%) zS10yurpoiBU*;kA1JYD*dbyhHS(!m7xB&(IO7lrkgQ&u3Q2Fz%n+Yq8Yw>AgA-z(Hu zev4LIP1s@iQKVr|T6YUhDaZNR+8XizendnE3IFb~rFwWoN+P3}3+&(lH#=0`+LJ*v zL)#O3=UZ0au;x=?(sGOQnw6-jIB=-$l`d@Kyw+%#B#j&q+(OJ;WV`ZuIr&AUj<0H&A5oE179y z+VP?U5*!gtjlcbhcQ~e?tRtIZ$@S7_a=E-nRW1d9oKKWbxU%dmstMrtFQ!}JLOQ)3 zpKfJ48+=2>9jLyWa|FC^e2w}EVURKu;lJ=Tss6%bnQAZU&T-(IWcvmrfZvNKH72HI z0U9r}mq}+(NK&s*q9>7031i+YRGHhu7X-*swc8br`fs5Zq7ED&vRuPc3VDJ4)*yKl zL^|GKR4uK*5*QHU!$3cXnjktM1IGp$xCDw#l*J4E5MckLe)$Js6Uzt|ky{?fRpp(upFY;BK1Qu8Vd`5a*I_#_ z?IqCu2wR{4eYCdei)%s{~?J-oX^+Uh~Q1^QIHg`$C&GkPNa z?9^b6fE|#U*JkjdE1B;NhY^Bzu-QXo>#*vTV;>v8>kOLygSnZSPs_mD2NO{`nC@2d z#7i&rJ%Skipy3QzvNnMbwkJ0)A=G_+#$v??BDW4nq)PiVMF}RCk9r~1pO%m)v7=G3 zALeLFC$Vj?51?U&*lgL}m5UDwpgH{m4w_6DAW=tZr%)pba6z{t)F6p(rsDxxOlc2(_@b%#&;%Y{zO=PKW{)spq;0Y^hO>-6d~Y zd46MgX;s*|BY3|%5`!!D3k|2lZoTkJ==dO-J=K(j>$^hy%Tlh9;P0-f;kQ&qn(cDkHf*s5+G;==uVzUsIVeRm!*hTeV2dDc`+!5LzAA~C5dD3Q#C~-nS&RSeWWne@adxT!n$1Vrax>OKj z(I9Fz%1;EFQ#$RglN<&9f?KGAy1y(GWVj&2?U7tUY^P?AVB=}FWuDdCUr|?#v9x>`0 z$EnVdOK%i%-+*@6z@8mC7d(tj*kF-`^FuR$4DDT~iXa=FN_@`O|LR|F7IbqT)-83& zg8#(2XyCF-xF>e$3mOzBG2lIoKSJXyBwD37i%!01cJ$BNZQrpJdlX_fzfEAr%zOQ* z0Y7t2v&o59`FrO_8NVjqZIwgS;L+;vp|&4HxvNw4Aof*#J_~;xWxpQL z_(X_XSMcl(y7>-Xm(N=wGwwo@!g_xAVW!)}FR2I&c5I ztb8%-Z>KY+tzvYmqlXg1s9e^I(lWyHF(1}6m929}JQ?LKO9j^+T z_kFhwwFh#~UxdwG7T=Or;VAaXz6IZRMxA7ARG|29p*~J6&2bTa^_QL~QxfPL$2+rz zFSnqeNOSpvLRm3Xq{H4{3G(JLK2C^e63vxLDX%Savl`Ps_#jKr)5Tj;m@BftIt~C& zyT|8pzP`DehNJh{XKU@hu@;hhs3FXYO9yxmy zE$+Paph8SxJb9bjAz%zkB_d(m`nB8w(jTY9a#UUG*uie7y$g2PHwTIqGUP=sz7VN5 zn>ti|9bx*yWioS*UGPbmmcQlHpw_I<*@r^KYiNs5OxTH|F9cyK52dvU$~NIRDUxn* zS_oMNj7!M`2 z;_=4+F}pgTJAZ14#!P)Ep-}RG(-4Zf8ukW%8UpbI7Aho{3%5DNjs(zr6fT(6_R38)Pwk88gZ|SL)iyq7gBBebQ)d$|4$ty_C?7!zY z6Px|UR0e?oEV@m^`?-P-Qx?0p*i>0CuSmX7J7q=fbkJs3}0?{nMfu$8#doaNVa)A-=;_w=zo zc_zv-`HD4_Ma=Tjz5aUsl)w6_O)q}>I{x4v{Um6SwB5g`&59KNxVj@A+vwuR?~{nkpy=IJ#K&sisWO=A%)i%A?#z|S6)sp+_bmhGv@tT}o=rAQZwO0!HZ)5|mc zXJ(mua*-okv;$yzluN4pe(_FC@PS!wmgAnGxU8Gx+b1K$PPtJ3Yfqe}b4Ab5)^AcQ z!4V(HyBj+Cll}eU3bEW&v+|d@D#+j_h*7tgvBlWz>2H5ABK2DwB6- zLvaUqGhmj0ZUt*L?C#b`X~mT~1zI4|Z}Yq!-Q# z994GWbq2^r6J>?0K0%bpnW%qLkaSXR=axxdoD71H3zXzP?7F)Y*3T;K`^{1@ zuEH7qHMGQ$vW_Zj>zjs9twv_H1*O3mFU7<0C6=;ccv69D7d~GDW-9M%#v!E2hlATK zJ6A3Aqg>8&$R7cmI^6IDWp&9768+YbkRjy>S~y%r=1hpW=Wt0>I>H+WpZ-ZXV|OK( z0{58FLyg6OSTj5F_2Ekf%JDN0{6p%izWb{Mo1=OqN^&5U_=uf8h9wA=hfbwMBoIrA zqrWa@C{5k|YjiatX=!sA?Bguu_Hi`y0o6If9S5QEcMOfGgpdO#nh-f6 z|FrMGY=7ZuGoqv4M^49!9CP3z&b-mjYN{(a-j4_JX)k}v@3Ob8?J0r48zyg}bUly~ZKE(EMmDH=Y;IxijkVSbd?cJnXO=q#?k zaLR-Yr5PspwkL)dUTXV`Xyp$Idc|@&vURUPbKmAeP}_6w`yv|qnFXX&HPCZ#^Ty?M z3Y?thhbLc_7jP`W2ALi8u1}s#^m=#N5cwmyn6V{l8Z?^89Ik>)5dpNyDtPJ2DKfqd z3eLViLIC<_gG0-CDgHF+1Qw{_?@yr-oO@!x2E)f}bD4*6PigVX60%uaox0DDWvr;F zetW1{1f4(0IPIE|mhlhoL_}*DG}iiGuh7S3UZ3$uBXz++2y$UQFfm&A2o`n!sFs$` z_wr)?uZcY$<)f}KF5~Ext8u__`Oi(3rH{wRJX%Hx)(mv7r#5FA z6~&htJ5_}s915>HUmR!sU3LpQzO1hJ%e#(0Og+C=7A+;RFFs89DZW<5pCYOvd!>0| z_6x$0$J}wlFc87Ya3v|SZp`lGS_tpynhs)RNKo@=m+m0KW*{Qtbw7&QgUNndxzLoP zlwD&8;0MVtB9psjMXjXtvxvFlK~EaVRyPxkS_5r7|6{HF7~_U(yfnK4bUZS3N@O3y zm@>9Ia%J{LLb}EvyQR_Fi#+`PJ^p0Ve~Il=MIq0+t>nW|t$1-lW3iZq#$A(=#$8L2lTDAR%rg;@B4ejDvh z?wWI6%aFsu$%`$e>KZ&=MxbD@sK_p1lke7ago~ePKT9qH3O=9LftxXaG7cx%C^`L6 z-2`o^D7+B&SkNe6?mara|A*!I&}8be-Kl=)ox0jSj6WRF_R;Fet@>oAZSZ~^(V6|I zu~D7?^+6q6v~f$HFu#`D+751nW|>s@N2~E!;7V*Nv_`AX55hp3b)hg{&~%w!2&Zh3 zJd~%I8<3+w%!9%&*I()-8zR?#-HDZUSh}i7wzzSa&(3!>*)~Rt&_q_J{Cml zwxCOxeKDM<0O53u&`BuRJpHsI08iJN3_4B>iWo_h9@&5d-gVInG_q%ihnLzj{MCI_isSiBt}xS zBW9)!8d~Yx_(%E*-uAEbHHia}&i|~qTgC~;L#-`Mh23s0-Q0y9$6x#emj((w`Ev|} zHNN(bejL>JKgL&7h06%@sL6KYZJ7>XvjW1EBI9~{2U8ETU89YlW>J^JUXKGIF>%}h z^uOhhw3+>9pyAf0^nn2zsEz78cg}jYEntrHPq~IAd!;u+Rar*j^4gV`7iXGMPG^F| zi7u&p$%zSyRY;|y7~ybmDc(B>ZB^445H6V?R?Q5D{fH~b5jN#YgxzsL%`?lyq2c?P zN^osOUO1dx2DEhr4!tWpk$Z2PHp+y38Clqo{&juvk)jNO5j_&ue?0DFFXqyHuTLiU zJ6?*}zwQsSS&N@mQhi^I{ zV}8rJ@01at4cFK&-t$2$w(EFca#hcqZ(Mf@8gFDAct+~2mc38&WW_%s-{cvJem8qP(`K^ZN|A8R%$S%>PXYj-i-WexS8kVL&zU`V zyVUp2>3Y4~W9a(w9SpEPfDC6`mXVy6lTT-E&6{R}R!uE0GOh6$YG&6~em|O8oiR6g z=S5k++FC=e!H9O8S?DUpAD_G8Q^)gNO;&4Yo68$&_|Tp?9TM^RCeuVjO)->XbxUN# z{7lG^PBu^Nl+7r#+L&Eh!Bi@5scL@g%J|aJ55SctN+-BIa~UMQTjH&ZXnLHI)h_d< zkwxw`q^bs52r*>tbgJ%{$!vpSd;Y)w?PFw9KtgVPnSX6>uYAsZn8w~b4aH{ha(z!P zmeeb=@zC6lx@PbLQ*{OODg0-75mhdj0E8ppd!r@AV%ZWQc-VeNA9^KS(?~v0auR$k zcDPtRZ_aRD5s=^@tLmSuH1h21AUKgrU76Zmw9F9w32}r(_xZi*)fpbXgV3;~vEo@v zNewj{0D9o*FCnJb{8c@2jf&G~Z(5&#B=3ewkW?H^8wxvv+I^rnw=<8I2av*xc-@P= zY5iFP6!t@Q-0m`%#K@3>hCk)TigeS}20!|dAQnlN8D{W%#U%|-_-bU{>5fB#c5VIV zz_h_yZSNaT1gnhe&#eOfXPytzFSvKo5A~0Gn9scIwA``vOBsyDNIdE`?O@hRBuAvqAWe;6CQ}ruHE9V?jeRi(YOKd*XS>qm*I zCDNv*9m-Q2x{x?0R=WPHwFP|+Y-Q*6f!kydBlwf#W{U(#52fD`k!n0|I$TId4=YSz z8rHw07X2cZm8=@3-80!IZgQP36qgyE}>lmb0TiH1?dizfk3lHQe0^iY*bFgmM{ zsGZx{%>!W~_CRcdqnBt7uTAr| zp6E_SU<=I-=>AolUQnJJZShe$W?0j67G4=!6MFj-6nz*w7$HTVtX0riTHoaD64@%J9q5Z~B$R2nZrZ3Z4ZbN@le=N~Q z%b;X2j=(D_pH+pKfPenfS|f*hU6O3j`1B4~>rJiU!k!#TsP4Lx1vg7L!fPn2x=UiW#8KX_%r9Q6dC~(>GG3;7zun-OnFma;}`$)Z@TF zNXCr*SCB(kbb4LWf}}^FfGyH7JP2M}+=yn?`Y;glopy?w>Sc7SD7KoNHu|;T%0tP_ zte-RbRD0nOn+duj-9`>mu#e4b7!g7}@QH?hkkD_8&nU=2!vv8K zjZ&NTk!ffRN;?*eH&8A-5lXX?MqG;5xVc%>0e9j2ujVp=*Uux_%KeDBBfBQ^RnYch z?Zna;h;z;0v52cG?_~~jy}daqDYAxYoECRleaFcMb(45AhwT}P>eSd#4o)x72NoJT zh>Fc;t5mgoq$3*!DB$82K!KRmUZK4`xm|wbMv4XrErfKl7COEe=SuJnz(sde{6{=7 zd{sr@GvO%ln+@LXRt#FqY}we`A=9>ECO2JP{3r&NUrOL)1;O}`LHvFLFNMi zet7Di%8z9XE&lmQfcWVc)Zz22Zx`~Q3xW8>xZ93XD4U6Kr=(<8l}_E_u^?Z~b*d~L zj9^(BgQ}A-N;3QDv2dDS(HOm2LI+lz=K~Bmjb>yll7AjfV#%o_@r-l8uhD$cko#$1 zQ&g>8_Pjmry)46N>%?TdAi<`I;x-U<#w$AhUaf@pXhIM#qzr!^IKT>Zx83g`a9)-d zrGB$Bdw<`qTee>#$8Kc4WC@5nASgezgG$PlW@1^KWKY-41#t=;NE;s;C_!UwVyUzj zIWq&7T{xiC0SP>DQczLXju}+3&~L2NAezrAh(wY&Sc9LnYg`gGD@V;J96BXQC`1c=?)$M$Xe}Qee!-xmf(_%$xs0%urYq5VQS}4 z*?CIgF29i_0n7>UQG{}O0gHskJ^cOHjt~2GVcn3!eg=)B8-W7_+eVDJtr#*__cj6WpUopo?2D||EKEx=rD zx$}Eo@<^L&WbS02eEAupk>bU+W}NP=E{?XyL8O*CfG3t~aO}&#gP2r>MeG&M68Ff8X^Zs9bGQxR`BXeBH@KxLmf)d5ArS3KsQt}i`NEC^!1Ho_db4=WC z%F^#Ol@jUb3muP_Aj{As`M0@d8Hn-M!F(YyAgg!aJ9a9=P)3=XxqSs1?+_M_oJapv z%*V2vUQp8cJOz@s|8C|Fic0O&X>5hdVg4F}U|XHO9OoRpV0KrWb%5XePB=D4L}X_u zGk6cU+T=b>s|Z6`ITtO9KkH9dStKgJf~k;6jj8ta58#@Gb|_fx+}2D7SXQ)G0nO9G zjv9NTWP9iH|I;eIRTMTjG@1j{kFa254V^{v|I&)DsmOAip*4_CRcCfNQU6vEe;h-h zQ#n^Eu@>Kn`dF&QSSY9wMZWfnbcnL&#| z7t?&pNXfEv08)cu5?&Rvi(|zI_6PNC$qZ^`nIx+DW8hY7Ws(@x|B-&*qlx@a={E}1 z&1M8K)I2HJEoFL_*N^too7zE1w#|okr?4pQ(bsHUiP%4F z;0Y~H(0rB3Ah-1ly$@`k^a@@KW@R_$w3W1(#^)Q2FrrE+sQbNZDapaUkP^;~+<+cH zcIL1_YTHXLra=da+L;t~c2=>C_xC93n!uI{53BBTq*(RUxp@_Mq0_(R9vUO zZaRt2>a8NhX2cT<0`=Z-xbFkaIb!y)of;t8Zo9G`hjMBcbj2f!zhH%W7514zF z{g@%r(P`2f1ga^F!^=soue%SJm9w&l+pE$fN`ts~TmWp51*EPXD^yB(tc~ zdF0QEY6My1v4x#Kb6JHIAlqmngc(yIP8PcGrdCs zrzDyC@G+_<YVJD!fSsbyJ>or_W{H}Tn zTEF!OiGn~kbU(ylwRRVXpaudSIm&^o@xl*52lWGA8T!swv`Y0Xc@nI2r$^cKQ_)Iq~jO-nnSBxb$PFa?LQ-j$)gi`h*u4Qi>(w2VD=L=`Dl zr^w=^r6X5nPC{U+$a7-#L?QNkX2%j=&jHw`aL8EnsPjr_i=R%~$CL)(2;ZEazt>0x zo9|B*p@`!RMmzT%7$z6M4t5DhF3S3B$G15x>4xQZuMLg^WVQ`Y3F`}wmwP`kABP3k zb7K8+1tsCBvlqc~watQGGroliWV1|_M$R!L%KtxjxH(^u{@)&M!lVC}hnrKmU6ZP# z7v){b8!pb__X_L(BJCZcGi}(k%h*Z9wr$(CZQH5Xw(W{-S1Pv6ify~TyPo&$p6=q(N&W{bxvp~`d%t5jC*%*uyZB7u6`&Llaroherl_&qcGD_4pvxsA!Lc}FTsbIl zW{F2L#c+m5!5?FS&jflwh3)!)7huaofQp9CI=lWoU5nD$f5>GEs&%KsTi(7N+u6-e zNkeJC{{ItkGl}KOCeDOp8simfYPw(sLwIlnZB}(Ylwr8)9>{ zJS~@`Mj~Uwx)N1g8oPitpQwCvqg!&2r52xx?~^hkI^!~bQ|Nw8aQd1ImC(#e4r%ud z_LOb;>|9o4w5*{pFkoSwy8mA~fl~6pzd8XGG-HBs{jLA0;U<6jf6{Pkn8^&1Y2Vof zXA!=buV`ey?l;LV{bWe?Z6LNRwVim!kLfQa3lBsX)+~)3VU`tu#oJ>!24kUdiK|8` z$K&cNiM%$CDOeowBO>_+MH7q0t?=Q2MIHzrg)ur3_=e&y4ik1naC6o!Gn=X54{bghSyq`a)3CxSVW#o) zyhD%8RD&*zdS3$faIi)BQn%|1V>h&s-L}8q;)JSZ!MRQo>HEn#-m}3-O%g?an(g^O z?!h^2BTwow0{+78|8E}d6rC@HS;gOS8kBtzu7*#}{!zNi z86d50e@shw|Ts8gT{gF$%^_EG#L`Rglg zA{rV2!jRon4I_!U(H0JEe~?p6ULM@NH{5)zs-LqA*TZ`E?S!zek)fe)dXNu`|20E~ zT2(gz^#~?ponWxWvfJj_^#_f@czuw6;d^{p&b_hQBZqAs=nfYuf|=@~5b5P%)uoe* zkmhI0xgdHk^5RS5CgKesmRL5=DsYFMQvmfaCMSM7rSUMPAaPFju)i?5T{&174F=>W z@``9lbq*&F#v^5z3Spze8V1b?Mua+yFFInY9fE;Y%a||8egW*K3y#G{deQ-b@eo^?*Un|Qd^pHDY z7TyvdwRpYy!_+wQ9R&E6|S$1Hd)ykB#)mGU^Jarp-dtwgZA-?t|E_z z^}9b|FyW&Arahc;fU- zU$;eht`3V4QEDA+nhSWsdOL4d)UE|D;Y`qJ9cyc|aCANHDXR`p2S(p@RsOAirknKm zeyLJSTI^+f=<4>qb0FGBGW(`f9)k6KnU{+_)jNQAD7Ik>Fh`#+AZL%8JO+X#_nEDG z;+pPxOTVl5ok@5~-{?(cS>r9*azHA}^Sf72mvgW-s3DRUS7&F?&(2gh335dNDOIt(n9 z6DYq>Y9iIPh3Zvo62r40JbT?#a0=CdnQ*vX>g=5l{e?hocv7F*vpFd}I(TiUrj+ye zo-4A572<_tgnv7qmbXs#XX|$q{^uxg%tatI0K~b4 zuFB^RDnBW`6*M~*?1k*+DcjLpNOG58$n@V)U}4#miv^)MqovC8zR3{rPWj~!kF?By z*~yxaMUsNO4v86qe0Rz`dR?0Ai1jZb!`Y6abxjQwefRC(J6S`xhlYZ24nWDM3#*5H zLc zT+~7yu!~b}3xs3m$LEq6!ZEGyr)rB3C3s@)cxHW;2VVsp`3Y!2${VJ?x+m7vDNQO1r;+AR|y~dhIJr9U)pXJ68kkK+eeV(>=?tW)G!I$8JaZe4FPL`Obut< z8DOc8Vw&>@EoaV91uv=qipRq5{#J5OL~xhcs|z_pV3jXwxCuE=<}auk+h$M!P+(pk zW7r@0>b@~;kqI6uac(#&H0|arQgBDW!Nk44+FgHO#|saz$^3B;kj=-}w1axM zS&y=ru&7Dde^FIO(~u0g${3y~!KU(H>(=ptFFpo0NnaNGMv1Y!Q z{>ZXQtM;!gJwN4eIr&u2C z`bQuvkkoiv$d<7-*-O@z3Rp?E)>!#bVEi;CBa~33JTYcS%@mTB`f-F9-puxj$qRSZ zQhC^jmn`>`b`l~KqCx!6vLj!+$e;R?%fO;a*@#2y-~tj_Hkw}8(<=h&MkRdLj7aVP8;syua^^9w#!pUWruosPO%G}Zp-eyF3#0V+ z0e9i?^n=!|I6vRFMB(_^&geh^pyn1=R4s}X(h1H0-`9d*@vtJ3{~3fJ9z-f0KqNcz zGGK=~vlIJ&Ev$(Dmxa|?TIrMaJPQaoxM6FEq^lF-&8b;ND_~`1yK)<=C`*GSUgTj@ zeHVQ)I$R7VFzb*iSrmZfZZ5Jeyc!mwt#Ob&2)YmB_BxSyzAihz+r7^-A2vtPwRmQq zly@`H|FdhxVHJ9KOUZqJ0ck=zpmc(^jeJexe$7|E+r3$|3PpZ^y5aKgNNTXTb65PE zA~u(Unz@2Na!_F+B^`zF&EKcl+p99b(=6i&nm*kYCSi{A5v+kNPGk54P=@$faVH@S zR)0TJAR;xN{#svu5fK(%Ht>P_q84{h&7HX-| zgPbNiWGj|f_R8JlQqDCX0{?Z@hT-&Suuyv*zUn2@SVW6wDx=tA%On_g3oFAZrQ*Q>VEZXOI1iyK;6#g!%Zj!AdY;%>Fg8{lN4dJ&u+>LP{@H1jG){cfofe% zh2D{1&+Jbs3fyTlUK4yEmSLoUYER#Jk^LLMQh;>OeoN5+SKtHzrc2t)ZXzcj8>juR zz^3BganR0#D8*O}cpvmnYlspd2@I@x)pwTJ`J|bTRMgRe5iSK=9eI zhxEX4ByyK>%?M08@G($_XN+9v*d*++A5`xyaBM#r4o*Rj`GXQFb`h2g~hhF%0-=k~r7=^`89E&}Cum{fMX? zEVmkYqowCYRe4Nlskj5@>?Q?;oXM-CuYAQvL9;)m>Y2qB{>T>1l5P{_AAxdHL8I9Z zQ6pekc(@$IvdcS~4gcc7(8Z-rQgjqk$urzR7G;!D*HnOMJ+V&eAdgxeE!M3SCYmD^ zZOYIuyhn0mA|j$VVSE<)Wz&@op&xUUCeISAKSo+woy1Jg43V`wM|+`y?k9|<6RytU z``p~mTQjiMae>Km;R6m~VuOL;qLHh|c~;Hj2}_a7u>HMT9*-ZT3{j;QjU-=V0j@~> z=+eB-Zc+oKW|Ha}yzO_&cH82wssq-7Z}_1VIA9wqlZ+zsvq0uewZ=!&;NveyAqD4B z4|9@y_Z(-pQQn$VR_$dZUG9lZ{-?c&+8+CK2U;<4L6&UA#1hI5*SrPwk?)KrmQfB8 za5+jRB{Sa;e)j%xTu3%IFb2AbBZ#U;($m26(i8`CVMEJ3+TwH;NcI)6-8}_fq z!z%~puG3;J)OGGmjzL%1#w}yV0T6u=#;aZbjD>nEa6q)$31+@$a8p`BbM)4+2)9wJ z{s7M}AOS1*)2Yys69f^l>~L5wKVFUpza^$l=BR4oXO!c zC28xPOzwdcOjOCSZXIEstaT1#hiOT9r1{>t>}nd4Q<=iVhDYOfB=WT>WnyM1xJJN% zexsC7PN0Dz707A`yYqJo6rWy{U51!ED4|rZeKO*gp(U0x*Ds@IDj|M?LOsI(*ExIX zE&852kj@}Y)90eg$EaYNveni5XC(L!u2CI5&?oNQC zH!lW&>uLf9;T)x`Dqp7HjIzUkT@>taqyRzZ?E}o{9I9UI2v9YV9QzLy4(-XGDx3u; z)SA&`b)WSiSoif`Ysc+g8m<`V0^rJ6d|rQ-9TRHdh8WWXYeEwNu>l~Q2_3T-wXL*x z&}>An3eH&Qg7&Zia;^r?NV*!b!@_%W&f{&KO^Ar3KmBSeL~18ya`!35V(tnvmuG@8>y|ticEtB z8WOz8sF3h<@=UW@WZkWxhVh})^!HF7>~Ftu+bXzY?kLez)gMt3fr<9ye%4Z{1n_0X zB1VGG69QFKVUOT;%`8RZcHW(dfR9Op9;qf!v%d(qO|ipJL=tCM zdX0wZ921*zYK+CzB{h^C5JF6Lhg=?bL8^^F9HVorY|Ne*$5PFc??L3tg=nDf>`}c+ zZHQDqVUUEfxfa$5=0W~_q3w1||Gw@o;VJ`p_3cS{fV8VHo#KUK4CsaMF2P~ugoc!blJ*c*g5L{VTIE>Uwj>{LHDnzN3!+_S3W| zvocDsk#pF;m(#z>g3vGEsKG`RX66P*exPo|J>uorOXNyM#ZwmoD!^FvUld0M!be9-LT(!|u4zU$NS=4X`s{YwY2QL?TD z1(GmKG=A%Mn$*&5T_-_1aS1WVPE_7as_}7(k!2s+X?eQp`Y$30rii|9zvEQ<+CNE# zniJV>vYTtV;kAByA>Nr2si24RVGKqD4zb8rerTufOQB~hFaGfOBrgwZ41n?1R)xLa6t^5F^Axvj`ZF9sDZSOCUx16)T&_8qb33(@CYtFp` zx~%jz^I$ja2ajYWOM5m{-phq3dY5ANav^5WeR?&Dp)rq@k5^vjBf!V)0P3rAyXdpa z05>1MbB`5fwX;AH4G{RC0|Y*aVy|NfLsaGj=S?@uK!%fBUd($@J!-hlX$KId@tS_vN_DRmxj# zSwCmJzzs}l#U3s#W++PC`Ndr~i;&e%>S;bJ-%(?K`$UNs8}5S$J6KnCr7bqwREf0Uo8E8-QMoTBJ1Tq9Y@)U&}llm%y862teeG zH8{m(&KD&J5}1QNLPYBq*T<4QU<0af>fDm4;C00t4Dyokz+Q0mp=1x3zsg_JbVcrT zgXG#kqSgvqS)PvS|4jK|rZVqgxh>Ln&iA*B2COZ%>P<@4+S$#$E;9xkt+?I_7UpZ;qN%+mqVaC7L{I{7V^wp=A%x^ z$Z}b`nx#B~!(Kz;Cnsi+V)bBK{}Fs0%(64Vbb?C8o(ALs`6*So4J%?_$nqRNDz}Db5s$#?Eh@OO3SIja}>w18O8K{wevuYHPVn%Oe z94;7*u}mq^Ks{5aBe(SRV(V)QjG-$Acd@i=+AtWj`mg5mVa$N)GSfW0KX1Q}-}B+s zJnp$9v?4b;Y|Rp8FTYj6iZfYLxPDctWji{*cujg*jPwTRJ}0F>{nyRj{I4YKLMea3 ze0-G_KEBdMJ&E{=Wn1e-S@W}2CcFSe3X~=8fFjBjGs?vQ7Dz=n&+6tCG<&*Bp1RSU zEzTM{9hTMnvG3A9>?y>$Rl9M{wy@H&r`0I0V#;V#Wu-}`T~f~k5?6eZI&xG%==qp5 z2Ey0z6ie={hy~~8Gl-*jAGT_wj%f)*6q$P5t7N)I%UpM+8Kz70z!bu8N2H7jrecVX zek?{rXd9A9qpa;l9Hq){xTGS$N15srj-(Nn6&;MnLQ;Tg)=eQuuxnrC82)rdiWlEL zg(VdELS7%K68v^oK=^fpdUUr|GB;ICdDbnph$l_j)EfExuZC@==RXZw*&aZ{cDt*K zH?m8HGa`8f0V_!~@T|dSV$lEuudLhIt`Kjy@r|(R z6XS~D#RdsG5jqQ{cP8?VB3PRs>I>)OoTy|uU13fjiTceFjxkxt`;Db6&5YFrpEU2d z{mK@~AI^8~&L}x=Nj8cdf}fqCx}c=x;ehFHxRyScC&UK7N&hlV{ij zB~+0PE@L(*Owd*AIph`TFK#EHps`OrNYELVp|M(Z6y>J{*5P}oWO2|l>G@mI2=e{V z^Kg?#lt_6KyQMKpeBWp5KVv3%v)BUbp@5r}1*%>es%E zC+2gs*DX-&t;%c67f|T0-I`ca0AbDaOoW0ENyS{vVKVO%E$Iq~X6J7iP2Br@-1FpF z9m?vbXia(A_E*x^B9k_niX2JiKhA2=n3OT@sv3SDww*axomf~+RW-k>+2?E(u?URQ z9k;*Ce_z-l_hO_GBjx10w`JYj<*dU=`2g-cOyU-NaWNC+QLM!RPQctY*jsPBC?RY3 z>73r8D*Mm}2=AVG8~J~AR8BFc)Pab})in3;zR@QcVxs&gaVTi2e{d1|Sn?py>2Rmx8%mX2|^-i^>#fEHMpsGi+uuP1XLW?w^>x_+le}`>)l+z6I zkcu4t7R=O#8l{Lo`1+oG&TuJ4ty!he;HL{j|wr_{q$ErF&+d&Y_B!R-SL zwBF%nZDO@Hx}!ilZ=5k}}b<)J8@y1e|VR=`?v88kA7qGnX;iYAyE-c}F?}lc>jJAduxlF#UXb=|f<#$Tl+p5$@%CnQnxiq%s zYLq?_O)MITIp!BBU7P-7=KWY#J|m@}9MdTlnYHl%Navpc0@Vv6w0?-o!|5X+u&Ckc zt5W8T&^Aru!Lr+aKQ3>w_r)nWX+eK^ap78`hOithaesM6rKS920gCMD-=g{{&Wbk4 zX_HSPPSh)D^u>qFGT~nsel+!`bFFQ#RZ!XqytV6!ow?mUfxC0O2aPyV5?Hj zllH-rCQbp-1SliUNk!@cuA{;{E+xP11^wqWjM1Jm>n>T41d|a16AXmHE{vRdMS53J z(`GaMJ=&%BlzZLUUwxN3z+rlvW%nt4t&UW~cs(4%Hiu}^nOv4U4QiH;0ww2M&upJ5 zc<-o^C#5>boO__Kh>M8fbr?lGIcFDf<-y6r>710%MQLjA7I@6NL&Yk$G^q5HFD3Iv z$jfSVQUb_v=zm|B-<#HJ=1K-N>e}WV#%H(yA0FRR*F;5G$mteZj`ZC`;^d7cn^pRt z*qv2H$YJ#6?{OaJP+mf;H7vfH>_xQ z0E})v^5YZk#-pw$l4s2|J#awK)F>8Sw0El@7+y}jM)MY#eOA)^1seN|x1Ht(xN$3r zD?}bK0h>9N|LL2P-WM>+G{PEyka#Vf0(0=0x8C8a{<@zL313d!y53f z$NM5sRDKQ5UWL0=*iCcBGw`cAr5$#AFC8eF^M4(|&4Z?2L7BeLtw|~y6f&V5rm@?W zA>X3le~W?@`T#!vy@AuPuUZEF>jo~TNr$8p=GR43EhaA|Llz?Q}$rtOdK~quMLbQ{{2wy>)a8?q3^L1Z;<2CBP$y@M$Qcj_c}e zO6My!HYmB{OH>_>HF$n)r56PwmRvoFo`C`*VaLavJBzu|XKpLMfnH^2+L`eFq(2sS z1i4O9799NgphmOG+5wThGEH;Z6Gko1o_@EdF?k~*G!XcNMi)9~fjpFIC?n4U=?ay^ z)7!j7gsM01@HXeq8N&J207E{JrSG|5BSZ-9v*8Oyp#(P4lDD)KVmGP2r{0**{TUQ_ z(T}$<4BwOy_T!hlQF5Y7b)h~TWJdQek7M8F;Mb|bBpeOknxCmw&$pra6HXti4da+r zgD8vravP8?TEoo!EG_l3TwmlIazQQC)Zyf}1(t^vY-VeGPWUVv>q!I(Tq2=2Hl;WJ zE;pxFI$??OTdx}t`jLA@m)^5;898M0y}yyC4ZAqPxY%V{?oRD!;R@P}1f4;cOz7y( z&zLNfbFGI3QZy>2miKVc#WekjB5@}Q;N|9O$ zI&y{7LQ-JN`4lQ(9B?he5L-_>_yhp96E-uTlMt33XdIYME{<=RojK9;%R=0tS9lHi z>TJUNo?fIXUdDnFKONtUQb`xF(R1e``SVY?cNqJZ)0KcI3$%phh#GC@#Q~J%vUo*R zBu2QtwtvU{i7H#0aEW~_$@MJ;@x*bdz480oU=lBDW9Jw^Oe;$q0tdc~FXXR&HJ6W? zoB_p{m=XLsT6_crrt^mikOlV*ep?L8$D2w~U~pNh-IpnDun8KY9xLzvA5=nlm>U5X z%{CPc$U&Okcbf4$%_^6g%{<$j)Lt_QGgyklmbkJ^7eMB*kK0xHN+sA07#oKqJ@CGP z30p?)1J4B~kZe}8x?xmIB?3q^ty~0*?RN9~)&Vcy^RkP>660A%n?r^-i#57;H09%V z#zjJ2w zAND~hgWSzY0uK|n_@BZuND;w%q&qi>@E02C*xC5oRGw8SD{27v z!fkhTSlKhumEj2lv(3jSpwkmC4q5!kq}*`pkqZB`W$1Z$6(5Iih?+(1wAWO{+jF55 zIYQMdz-)C&c2m>@QUUVy6%n^*i<30g;i${&N9^KG`?&GD z-_+GZk_UrlU2ll~9lQ0m?^_Tx={&r|Emh;%p7s|u8M>NrBR^M`nnEaLk@829cs4aC zrGh^Rd-IIpD8bXfVm1fzl(XKMXkS1uiyP%;`F{R)dpHK*Ehn1qHVG!~*&pfdNlp|v z+PBop=KIDT+I4ti_i&4gQJyGz?d4nPyV?>OV%h9!GdJiH5BBkcyykyIzaJ6=*abiVGyPa>9InYIE6#Xy*Hj*8N)gC?{d9fj zepfRMlSrx5feU_bdo7Ax*N+v>Ue&Xo$X?Zki-3TreDM=R4U6qUDtl(7haBC&SbO~7 zf504!T1aIXW{KytAuuB?S!WE!#P*a)skgMzeOdkSwZ)$9R7zDaHVa2|$J*!FQAZ6N z4pPpFjKd}_o(SztoWP{Nu<(Ihpf~^FIh>3aAAhcT1=1}-??f*D5ZDw##|+cXrtGdI z&5_;u)#Wxt{C!4jU(Qr3Q?pOEU`d4u(YTJj{)+ySeXXqSYok4YA(?8U$6wgs^SR0C zmd)JcXW&_H0Fd3hdH`ZYNwwxsV4UPyS1~sE?+FV#U#&8|I&Mz z=GLf9&oyH6?N|)LP|3UVn|>z4g;O@d15P~uktWQ}UE3EOR4<%5X>d{5#E?+R+2)W3u_m|KT$DbOJ(pI3yOG`Kmmj?SgI*vyj}Kt2R#$w1 zLnEpZbV~6`O(4Q+s(X*nFUL}jDWN|xhf?%9h2{?&@@J}aZ_z>zjegI}7#tcqpw~}* zC-HQ@L~~xBuV*M)tK>?d;n-SP?A`$?RT0Cl%RmH{-^H~rCoIi|32lX5tH|nt7TfeY zlkox6T`hsmb<&Znn^ja-DQz?IdppNc|A2So+`=TQ_qwPsU(u&qB$}=66a53;Fhq|A zl*U<~)AG_fT~kE&*a|WAz*{J@31*Y^cQxN+fN)(TMQe3lTJ2*&fM9@3Ixe@W-hEX> zR~)JV86&W3SN9F(>U)=aO(bQ3vO+a_XSf}7upqKvHjAn4nE>9VlwZm^Sy{EmB=28{ z()1W@U{mEOl*8sOC8cVz?I1Fq6@hA)St6&okFe5)ZZVIJAWxZp_y9 zCqP!!UL$2BDWv7s$DwJH58*ElQl^ znE)0iuC!OOz8+t^Z)ds5UVO#q;&hHQCwP78lrt({XxV+YM5D$n${p}bK{-(%r)}bU zB^H!0=CPO;`qORMyo=w*YjNxCp}b3CtHi>$mKg&|^N1SF7TltOND_}?*(FuXXWk?U zKiRb_1V0&*?V6pV<+}B#d|W4XQw)t@cn%Evo(yi^eh2rHDOaS9<^*Uq(O zkIJ{|v|hVx@Z{Hc5TLRbVOI$}qR!=Cs77m5;I!}-@y1Tc6;k}_8-HeWyxnhe zY_v2E5RTU?GB7q^8*U!h89n$fJBZ|HY6=e=m68+JAEwu8K?te_kC&=mT9FGTMu?F* zeX6Cxx2I^CI(=+U$oacuQt}K^$r!7xto}CY`SegskFZf*G06oNEleqaR>O92vcRcarxH^Y0v^7A0_Ymx>=5Dns zTG0IH%r=Jr&3^}4ehajExNAEJmV5Ex!@~-QX&RU^F{j%U#|Y-}E3kL6H6LjS57|U!7OXIG!3Nnfc!p8LA2WneLTP&&>cJ z5l*r*CUMpONe4qk|8#Kk$SF9b%RNlX$e{5xiSzznx^%q6V<*&lVB|S`{Cw``4Lb2# ztuT#t)bNrgyxns0o8ZTA`XcatfBwKpF)@NEc|cKGjFP}>9rQP=P&3rK9Cm1G2Rj}d z$Y-FGWEoK70d2#cFs`^<&V0x;c((I*HZ-)s?NE1GoypfFC*EU&pJk?Z^6!W*TB?#F zVCort{9=tt4Zn*yQC;8%&`>JPM8G{&NI=D`EdSf61zenaeZyY>`q9p^hq1z@tK z6e#xM6dICV{h@KTU(}$|sU;FxeNf?klvpeL2Tkih+yS7HOnCiw4}rA{kf!Dd2-F6K z7i}?oiEg1$1ZX4pc$J65`Vg-6<5b$%0n6kmM_~ll`}6Uq5Fi?;p-plM!t8m;Z?H&U z3ZVY<;lvxd#vX?u^_IJG=wPlL(i%=gZ1Z0v1!KD~6O@_u?bV6L;in6rRdlutPziin z8EG@oqfxbuM}(=?KFw9TD_90Kn(Smd&MT;WS%AE(yaI-PagRe>HaBbT>D`R9I zTSs)IAr&3t+&(*%EIoK>k@;M?eU`$V@K9Svu|!rCB$Q9$<3^;1A_H>%N_-eAE$1@w zI(qcO%@F7I`))iuL~o==eGst)?8JURh`->{l#23^la#Gpklxis++S6_3Sk~&;Rd4=#SyzCg+DUe2+2S@|k3ZW|{v2 z(z3o8Z01OI`(H>*&-E`P#sVZL-XQE%b;vwxPI%b3Sr#(4bI)?(6WlpBGef*UM1H0D zZQbO+E?`W3!m|8&GpV3l6eqY90va;b0&8-!B$e|Oh8q()>EtYs5s$&_@&XXz%KCY} zbh~@H+=EuF)&-RycQ{y?iX|EGa(ZPpkbC5%=uLNu6&Td*r#&C(_Wywti(-LpsU7vO zMl(z3&FQF}BE_5L`AK4j>DyR`JEsv>p6?D2a<^9W<%$E&nm#E@c3)zy>j7+kQgl6J z+z!XdFgom^L9`S2o?}&B*4rIqhP%!XA16I#d_3wy@?P1kf9f1~hx8f0Up&!+|T=pTp;5@`V>Svqo<8s=J94V@aGF!2+BaMfOW~YXR zPPvHBS+m6ZA_l_MhWKnLDjAT7v>*ia%j3_2L@7c-2Xe+jM98tFsjs=l@N}y}Q6!Y; zshHEZ=xV^c4c*P`enDtTwfz~>TW^jPKej!~i;@-??g|D7@gbF2**D1P-)&o!;PY9@ ziXaA?k}S<}QDpTLE@`d3^^-V+^0NB1#FA?Q` zER10zHH>4ikoB$Qo;4L$L1>&n5fbc9E%iTF;KtS4fYkCEJCj-eDr8W%kSPvpttvV- z!7bPRmJjec2IfVw>|`QPQo0r(%oNxy>$h9Wp+&9cgmYMy^KZeo%hJ5JC}$D*I;p^b zYMv~|T2K(78$Iuagv2(Kb=ZAWY_3T45GI)7yQ{)|t8%vxc}9LM*;rNJ!!jscCA&g$ zglc6RRMF%1ZwPUL{|mHj2;?3UMx_Pa5pLg#tjc3de=Feczq6#rAf+vOJ$v25EF^cl z5~oIZe|mBkZ3r(iz8;O|eA8AhA~rXRN!$u@dYy(3I(h2RB$>SWjJ^JO%y_r#YgNT# z8NzUPcYy=n;#8``HcDv{jB>OUVz32(*i_l&|3YlwlI^$5Pl?!t$J}(P_Ei|$FHWfR zhFwPM7ZH&UxK22T_~I|chsfXxNyPjAeJVg;;bJ%J-yPWH&EDrdhVZ-$SntwtKmDCo(#b({4&7P z8RA@qWlj9xfV_*^)pChaCA8?1&^hn;I|CZ|CXH@C7~%=|ux}eHvCq^B63Aq#XzaqPw}(gT_Rn0 z)`5Vd^a<*BuPy`$X6x1R6-j=sEwX~3^m zLU>{Irr&B2+jYNdVK=LY=o&#qZDzjED3~rh*7y9voRE&&b<57|Q_PXVrXEe__Yk*3f22g!Lg9S!yB@nQ=4Du7Q_&+QMv4f zU3KgCPYLZiENanse`N9KRM>wyaSpPCa`Q(3Z z&hEw}JxGNUR{rAE!sw-OUs>kC=8*NCKC0n*4S2HXZv}0!M4)hx;D{Qi39pbY5lR(% z=HCf@&y*3_g}5*>ekAp{e9rj>*v{(Q+^>1OMPvaq+zMS1E-i9hf-X4Pitw*DgjxCu zMe*p9&ooyJ2qSb|PrB~=yj{DE;Pu|qotLLlaYVXaN%yJAIeAS0IXC{)qvaKigv-WZ zHI4zOt)WJ({HzGZjnNWZR70ZcK57%)sx1?OT3laX^Ewa7@erVBU-&*j!fq6eS0y<- zKA>)=>SBZqlgs%$`dWZ2(n1T;<86f~%L65GGye!$Hy&FA|BZe#-hx+l%iLPc^Jm?? zm0exG2(0~ji*3gGz@{VPnZiN6yk;dHe9w#qfUU!vr!qXx(LVkWYbng?IqY}gDXWQf zu+%K2;&Cef@vCm5zta=X>eIPNM_g)80VL+vEvFB;(qM*HlE7m%G82bAqCWneMrDpg zu)jD@4ZIDii;=TA}> zVSR^bMVJk{3pb8ysk8AtiYXULMe8gz8Jh9I%jdDG=B-MA*%?0a(~(n^+qcaHd78fV z-+cdkCL-RL<8f7y7GJ=O0MGHliX{YH`+C{O-wM+W0sDoHaPT3I_2YCUDA{-Ubh7KV zM+d2=U`jliHv@v75&D9xLM|O8^Xy$TCg=YB8Z#cF+B}cthQAb(od7O0&C0a{2E>-# zQJnG9XziQ8ex+l`RWsvds|6R`YTfqC_ zLSecXe%b5;$mDc5?w&&PH=3=KU03U~!HG(H0;wc;-`tv05afj3+a3s?gc}8ZT0-r@ z$r}SSgm<4>=aYyaoCMH_r4u>*A0}m)BGzYg{j;KruoWtq0op4PzufLa7bqbcat2U# z+2Y>5vEcJZ28s}eqISoE9&`_(FX-t0(O>McB)_BIxrHnAIKeRgadq9~r=+~s^V->R z0oQ@|x-4#<8V@^!YBXGZcxscD6-Lvi?^ zG;uCh@4Rd(kf{R(%0n%Bu5{`_)B%(4K5NyJ%Si~=rfi(*$&f(O7 zs)iJwR;XBL+qP(!*D^~WE9Qu2vH#}Os<`nB)}OFTKDZzV;sKnRAiE5r953mXL1A(} z)TQ~EOF&sU0jXNQw#q#A-et!_FzUCFu6-Aay}b`&rAa~Bw_0lV4yB-qZ}MZ11j%WT z@Y$O}XWInbK2A*hzTSRJ})WxBHl!fqxDoog_a&S&>4N0CVn0 zPryX}jdSuW2=4T(FBhj)xRQ#A6y7BX#sA?|9Y=>IK&+33alkU@73TBc&ip~BCIty34k3ny z-4uUhXq4`$>eIvaTHXLcAi-k=k4l;9!pAi&Unvc=+)6L4l3MSDO-b`u0UD_3VIfr0 zF0YflueH6WDO)9d>MSa~MEVT~NI`~LO&($(OwuSF)Cx%}j+P2m9|G}|xKmYw&;~ZR zpx#X#tDjPypzAJVr~Rhq&U?Y!Vcj;v-C@1j&Kl9d43}#S$qNbf?p~Nl7-hXU6Mt$^ zzDt6oMNVff#;P=O8Fj=QIM>|I$}u&z1U!bJ3K@+tJRaRU?c@+LBu(5!WCIj+?>AxT zfKA+s&DoLi0=j@niu?L%U~G*E-2^>@o|}nXI{)uC)%8WcPu6w5${H^()eY8X{H41l ze2F%3JcPg<*Bo2xUkuG=b9qC?(qlDS({yh@O+rBv+eQdw*@bv&Z4}SBo&j&Qqz`z!<`tV z99tP|)9#)>-7O|d(^Bj|i<{S8k=MbjDii2(2)PHFv(r5pz$F(K^R8s_7T8W?@{aR= z9=u}6o-YF}lrebPZ!S*qu9!N2CXr0Wnfk9(ilkiFv`K}xvN>!gjd!!Uk>A`u1?bQW zq?^gs=Z}h>vgSq%fFtcg6Z75DQW>}nBkK4c)1Ua7bCeZt0;Ys6+L%I&j zB<1&XC7bML49{01`Qn>{QeAesfwf*<+@9J{xAObS4LJnkYa`M}7A&@GT|DIvT+OpL3;%o6nu1iJ@(E#3*b~<9kHm8PdztY5d6}#z?(%^7bVx^1T9W4 z!c%Mk@JD$P^dk4D*gs1l?*=k%osTN|muTdlPyg zO;ycC{_gL4DizBqzi@{>Rb}A;a z(N_WntoyC=T!(sdn8llmf6iB63;n078*esVF2`=?mSgC(0A2JM>CNCJEN>bcF?BfA z*+HA_XE8jUM(PU=C`c*oQe9vSFRHC~f!R@u%>&S|0oPM%OS8aH5_<3m*#U-80d7NS zv)+f6#pQCqKkhH40p*Q~l+p0Jec#APX2Su;<~i*2ewwjfeN9>ZS+&;yS%@X2WWU^1 z2P|*Z*)y&cBkDLlZq*4iw(oN7?63nv+M-jFhP!~lV~*)TPV%{J{rQ@vs=MIC>U{@p zfGtVnVG2rAkCD-Ee=--JJ6sFCXJ}W9bL)TT@5meRqV< zNtX3AYsK(LCw49EPWv|4dbS`<-Zt2qU8GX}HkdVkuo0H;)p9p=5kX+__8@XJZ_jUv(6YzIc4MaM{(EW@^&OY%8nVmClI#c5{{hrME5Gtr zZI+DssG;6zwSL;Y(`s$gT}2HUeJx|SjkPYCfftl=ZNXeY+^iWol5OG30zSf?o8?1heB5Q$yrV zMqVWnUW)R%jsO(v0U|-0VSYR2yC@n2HFgy?34SHP=tRThKX-XC-`|- z7COSF9qRvjtl9-=Y&2~KdcKZ@FC{{>v};K`W;Cl{<}QuJvscjANH9a!0fgHaf4Gg} z8NBghP5<-i`0#XVR&gs8CIVm+xvOd=1`-#3wmVsCXYuK3KP9c9<&&pKOZuTrHy@u~ zKB#(n`Jid;UpXZ+mJcLKw!#ppnURht1&M~CbRE;p>7mXDS!C`bi@t&UoA7gwoe-Rxv zV10MZ)#5BR;cDfQX#w`!Eq?xM;BGA$+p2@oGq*i+YcTDexvg!w8|K!SuT_`)+v9Cp zn@rswsh)J*jPq3}Uc3e@G>uR>oK>Qh&{uV+bpw5_0JZZr3`Bu?Khv~AqhHQmao99& z*sXikvxkHtaoCt5B7KTh^9fbW1@ahqhl7_;x*2`(GGFq_`nli@0sWtFv zPF5J`mN)~R-GGAP2I^o8nr7;StH#uRh;_BfYxRxP=Qab2NxAGs3eZqJ)d2GY#<+Fk z*$LqDF!5o>!`fK8-1hub?&qXl5J>V0J0*sO6}q#bdx?Ar7b((;bZHJk0f&~~OzG|I z?TBKq;G|K-H$UP?Qdu2^n1nG#sS1YSJ2wcT+xKFPFuV6RzWbg-VjK5j5=F4m>Leho z_dPHBz0uGSXPZ<5j4~E85tZ54f9le6Qz}a&fXT3bfpzMZv5%Ajy@+XXax1;?#*d?L zfz{cl8rW*NjN%k;3050_4Q>1(8~_0O-AD+MVX{9EQM~R1-IT&?Iyv-CG@x}GJT<>@ zHc*|M+Is1lB=QRBTDVk^%*-XN1k4#cKfhCwwX94h#c39R2VBA7<}o%EP7)lCE2|M^ zCC>(9l-~yYnPhc&>3<}me(9ytE4%|TpqHxQ@dU7no(g`%`aDGozR%2$&^}UVoN^<> z57kDM85DkYXMY311lt)%Bj21QWKDvN{J&dn^{+Gv(9u3w%DmT?dJF_JS z4cN_NlSRtXo??;eCRScAja0xcdOqqkoWafhfY^qc$8bTlQlUy>rZ+W{Y33rdI^2~n z>z3F8#Aa4uNFr^`E8gUamyHYpoE8AaMGf1gw(J;CR^|KLwNHpGK#oqhJeA+InXG7XDm3S9Dvx%&Zj%iiaz`iRMr=!k|L=agz6vx-G>I!vVzL121FW*nsc zhu$D8VERVx=QN=M7DWu4Bv8{fNqmn&Dy&`_6F zlm{W+Pn$0LgX!SqBFF1iw9dw0rmv=E_P?C}UPY-V3t#g?Jd86Im5A?Y#j&-2e(DPB zpY|zk#TX;~DHYau2Ao24haBzb&RqoSf8!B6PY(|8zx&UgJktM*|J?un`~5%d9~?Z} zf4cwdG5-E||MC98pPWbCEwlasuE>oY=T8ejvv8_v+qJ#_LZ1>&K|KF<$s`4@hgM1) zndM{*2!PA5AFK0mPcO)9eckWbUhlx2c!5AlH2>NUaZCKnznl;zjhy`f4}u-Z&Lx+g z9rr`!Bb;#C%xPHrY8w3wZbjYD0=dY-(}L?xczxoF;>RPBnW$$BXcs~KS04$)-7A0L zr-d%%2HaITf%61`Z=YVh(%{qvDcSv11;n267bIp7UntbzF2Qpd%}Rj8rv%Iffc_=x zrU8|I2y(02WPN|psYca0xKp0Cw9mLSXT1t}=`;QU_<>Wn80SKGRpS)jYy`D@B*mNd zyISs`ZY}NRDve0!ugcM+pWOU7Bh@cI*COOeed4Egz-FW{HGLhq7aPIkDoWBfUV0nF z*SRTczh{jFKbxyWKFpBb=;+FgQ^H*3^O9R#Qn$3m6QpAy#>~TuPbnk3R;*ui%kA#Tdl998`I{rFvPOG|(fUJr86D z)_K0b`};8am94jmLTGP*U&oZ7Qa6uU`P#R#ItyPdtr=`H>;Rg5wI5+8V)rnfClB+J zcHyVzP;(wpYroii$T?2!}-~K_BF6H zm_YuBw$8)?CTq;;bd_ASOk@d7*8jN4LC*qkj{@{nD9t2m0APU@`gw2cZ1QykFlvln zdui-Xt5^dK7_#wjL9K_(wCM9`AI=aY0$o)?L%b`%p|VHq*J3xEd(OX6Aoai9;2_TP zADj|utT{`fM`>~}BODT5;N+@W)!p5E?+s2?=|?o&6!i4NjP9Sp+Z;iItAUO&-byh! zBQpIICgmuni|5Y8(P`lwGZ1`AlEMUYYy$!MMR=1R-V1NK;}J^VRBEYwy9#Yp7oX1G zwb*?Z1*?Vk8kxny1a7o9MfxjeP&<;<%&O*fq&UH1_sWlJ%{8{PURo%9bQUJ8ZOdAy zpITO*bv5IN>$gE$D?>jgU)BRXvG{WC?1jA7b2ZCgO-+ zy8TWX1zuc~jkO=U{@OAMqWRtV5>1D27EmAT=Pp!jlZ|Jhoup;#Mu&Hg=zl@{p7}|{N%f4|@V{&BDW-NjS9pV91C z?fH+q=bBwfR|Zphp}R~Sd|K|hnO=CfoK5b10^P7w(;0wf;fIGet{)(P`1|@Vc?4$E zJ%>L{Cg6VjC3Fi@$o5`;YSY zfB)IDgWmqPlc#`VXwQYS$FP9#=^Z+E03-GrF{z{Lza;3)1vFr7r63azs(_)(`TVm` zfn{$QCv8SnG7V6MW7kn;76?;K?;Lf?;nfaERlEvV02?~6Q!lCb2@g1|7{-rSM_-WJ zhtda=l$gmt{wOqxmG9)(;$^W<-D}hh=6<{J;z>3QAV;bxrczRW+#=B#Y`)IAc@=&i zv(ruOYmf)s!2b+`Ebao1kCut~h*EllrgNZD-B544_on|NL*of%R9# z(efu}wZy2MtYg!8Q66)wd^J2e?lk5ixa7H}oelV1$BBj4m+rN;ar2r%WNdEs3pv5f z?f}R5)6Q>9JsKeOrO2L^O(t_E-~Jppm|)>9ce36M0L!x_QmOtd9K#tf45p{ja8KAD zvueiKRBVPPpYBQs6qeRF`At!9riS*G6mm{OCUq71I3gC8)SAK+lVN^>addW5FRVI0r z3BX5WTapL9Vb?ZWu0{@uUMyvjP+00lo0P05{z#xWgP|I|d~Jhocx`!yV7rT=0dBK{ z%Wjp@tFn9ow{J~qRMD9V!LkKSvsUWTPC%PTYojk&Pf~9dN2gJQaeex}*L{XIs8vR9 zmKnwR);xm}oqq90(H8aP@YlvG&LgEtBq6cQuCP^=^+OCk;Z2tzQP_HoGEl?|4L`pjZMI9{y$HjeqZqadGzGb_r3jh z7f%*%Q{m1mJ%8jY;hwDAoNGLT6!sI?eM8KbIYob>Fwva~4ah(X{(toB;Bf)}0|9u_ zL3Q< zdZN@njbbmt$j-(1W`B_1BC(^no$3H>HXk2%HuE{>Vum%#(Q$2^{^is#LYdA!K z$y3P>8jqzsN!!oIqULs9{!~s;Y;cuiQcj`c;d8D>qxzVt@x~3BfF;{V;>RM*g}?Bk zRoc`s*HHGpibA>kroLLUHaaf5@VWpZ*b9|uvSaB*RcvEE4Gq9=>X}!zPYY_k`1#X>!o)vU+EAS4*Fz(W&+2DJD{M}DPcwR&QA;y= z%X$CM)1d#o;aXU5*rbrKrV6;l{`2JVv!ea~@soqz{5p*VD2fl;Y&F&YEMvy4Kl#pLJ-<4b52+5x*%ME-VWn}P$d z0u#{V*KX*}y}0BoQPl>xnv?LKM26dwOcSwRh@P-spL!0b?huPV)bY}P{4riH)xNf7 z@gvMbIu8%zzKpcZstXFJbQXgJ{k_st>>sq)?3h8*zYlKqCvZ&m#mi`^vSQ&VM`te% zFJ27xoWU=r$KqedFJ8TXfBi#{N$Gb+U(H2Y{6jDu5sCo(3>5TcIQ?>AgF;aQ`(gxZ zYcZq%!i5avCKQu=CPP0O3Xl!8)#9m=SGG{mfnbb)(;WBzo@hdnV)wP zO%(l>zj`W?U+{J?gyUSgez1zYiY)Q+^ygaif@|kbgZw8A6MFUIZRCGMX|E{%J$v%B zm;ZM0G!ZA30XL;t`0s`wnj)3TLT9pL*Nt_0iaC(y{9ZM}Mda^%mdZlKY6o9hQ^>)J&fLHW5I z)f23%ohPTEy;pr~YY=Li&`mAE>hX+f5^B47zKhy~P2~p5Ws+;Bn|vGe?h=G1jP!d52*2cB#Y;R-Z#XS4W+s_ir?m4zc+d2Wzi{l+6z(l>Vow<1YS z<7nccUOe`wm|N9X3ysTPtYLxz_#YQ$GOJ&)YSIY0mVqko4*u9&a!ro@g_d5ktg>cx zglPOVs;wDLVa@NAkx2ez=7DjQrpuRJ0UJBzxOL-GPQBR#fNk%7%e})ASH2q@dx3kW zbo7rO<=QO0*eAM|Y4GJ!OL;y;y}Aq}yQ*7PSBWko)`&in!fp_=aY|caimQ44?(A(C z0A;JF5?g`CTB_(ZD6BTBnpda~R}Ts%eR;5Lsx~qOhz1KYIILaBPL8$ff_Cz|yDDra zzqi{0ciC4zk3x4DxmvT}oxuQI`12a*|2D1z*Ove3;BnFa^We$TKK_3vkG=ixvnmm% z&geEv#dT`ltEn#61YL_Nb9Td2xhWZqWLI_0cBq2=XgB)G?4zIhO78SA!2iNiYm51x z_MaB;|NgV5ef`g!Jni`ZK^UbbP9P79*k6k;B_Fb{z(~}E69;$f(3Z53h1}@=Zx16h2=95EBfaPc}n;_&$Oi_v0sFJrEz@hll``-a~`PU>4@T_fIud9&OCy<7mS?ax6Yfl z7tV|0lZ(;Ad-wjw-!Dk3;4aCN9udz!9>_(&sz%9`?*%hbrcB(~+#6&2q1JrphnG>j za5)#uZ_i)d-wk3{OsL<+=2HD{&OsRy76DhH1^3f?ELHAzlQkm|H}X5 z{zZSmXv(YUUrt2j1>qkbe*fbG{0E0|3YkzXn+xIgU(O_o0&I$!SZsX0^rrr$4=V*; z2^JeWuA{}tXL}xNTSJF|Mx2eRzE&M+RGz8+Hs!kw|H;C!s>aTogw0m2+&2H^U=coS z{P%w}HZHgcTJ9?R^Q$Sv#kbhD^RXsmxs zTnhd}l*-M50i5J2S_QKVy`qN#)hA3g6J-xKFey*N71cj*k~1 z@G1#^E{IqSxL z*uU`uZ|=QFrf$G`uZqiQGTzi(x)VPDstIeD#nJNbkN%P0oWobIYImnNnv5Vhi=y-= z)O+2*C0kTnBBQ}p;bHP73URPahWG_;zJ3HAJu>YMf1`u~mjab|qm*R}4K~2zVfry4 zZ8U(X)|g^SB=MvwmPU+Y@+lR1Tn6Bwe3w*>4j;YtLVy~{ZCSW5UKDJ;tft!4Ry;F7 zr#J&M#MxjGD+BihzIDXwjiDP>lUWpg>6HLg8L~)_M$XBlgFcXn$1<*f6$tnUq&)x# z4FZ2>DydZ>Wq2vHsB{RG6V`)eOxW%EFqi7ydJ4-%cATx92yc%dj)#gA2`u9)G%r>G zNOTp)UWv5iQFpjnOi-k{)H_JU7E2j`%kdrJqN1h({)YRGS_Kz2fbs~cuM2n(GgYy} zuyY9wkkg?h%!2@~NKq&d77C&NbjZw*WXcV92{aqHv4U8C!**DnNIXkgutnAm#<*b} zUQYfw*-oHzM_M&^oi3|a%H~& z>{XaFHh4>UJxTO2KwV++D2TkEQKOosQ@zYAOgJfM#Q@oiKR~m$EUtXOL1y_ua1|lk zP?j*&y)JPU0-7}!0J&{o%Kp(cBJ&R4nksNY18Nw?qw&GSXCuqnb5N zhAO6Zosy{%$y969t}$9iMbx=Ys7VQgbdcUV_+C;y{8gsh@Dp9ns}gTeBftMe59zq2itLt4HJYI3PVUuR}+8aoU*DPS@xHH`q$MY)BZS?ChN4OuX09GX~w3&uWQ`1)?Dj+R;$`C+nS;2LP(56$;>}#swy|mr$Q<09 z#FW|c@W^?AJK*@zn#g`PFwUZCCUtz6#RRx0gW+czIW&Wh zE|FI=U+GTtm!+?5TVu%|+>MTsz9Oa}Iwh9IOFk#`c|a<2bl@rsNLox3j&Y0YCeos9 zY*iC}@p?h32{6;Wk4=SAG5-koHrUHDGok(m9O7JYEeJWIDXD z=5#|<>1Mjob(EpD+Rx6^o!iuJ?p&d{0}bX@RhFN>j=#LrW#8>DmpI=|mg5wv0^uKcC zE?)>KlIPD$B`D(tAfBxUz3qT453fpajZz;or$lE_|}pPGM=7C?zMWVGHY%kX9L}1sa(O4w06DHx)aQ{36`F5Fb)Cq|!Gq z?_O@?ak^NJDRJGPa#Af7x@w3Zyao0Kjua6KF{}ETU789-k``HNi?BZGokq@K;sg;) z+fC?JT)8)1X>8}{(2?_W1VR>Gt0e8Xx!D0#SuJs}Sbpz*f+L7Iph}6D%*kDT0dNB| zUc0!oJhu%i^yPf&U|TAAQb~YV2b|M3iFs-jWfbukHGi#^t2mNGX<9KTaofbYqZcr% z{#rq?O5o42Hr%**YO3r<899RBBRp{bdj*&Uc1AUR;E!OGP+HZsBgTnZOy#dCT!iy8?2!B&%iRXjG z-H^u`(24kob;Y^O7fc?W*KCXS#4*RlJV1Al;5oJfL9et@-qycHw|uh&)uBtx)>OEp zH0POq9{+#;pZ_l!QH%#PP-Db3b!G5GO(>v zPe*=?vKYJ5eqOpU$q%y|mz%n2ahVGB*CT*7eKhV(9;_S}$J3GGFn$+9=~A4LFghZx zP5?(tub6)?jr2gUF!1%nTe`@v2X_yN1IZy~+H+PHslAjy$?fTdI_AzS02in8yb{!K*4*`xu6?O<`(Rs+ogLW; z8RRNP)DmRjckB zTeogCXWQ!3%4LwUYIAE>%||{%t5;S1ibfXOO6C2j^L-Sb`ur~=&Z*JCH(KkzKYmio z|McwpgFgSuE*{MC_HQI`o?)Jl=RY`u_Ou`aO7}-yqj*l8N}@3}`MR^q{QkQ_9nOH& z{7Aii#5^yYp0J{Yi2cwSRSq=E(qYI}E$LmbARF$+AAit4vpt2r%_&l{p5uy{WC@$Q z%jVMfnYz?2jh(C)@dc%OX@-_b?w59m>?RRR)qS8is&jT@7Zdu_NbwtbN(gl7kGuW` z)%bYwq&EK}JVgHw9zA{X_|a3K{|8SFp8d&r()C2Do^PD~SM5L2(4mNLT)*l|_O#{y zd{nIewg2qtL7)G5Cl8ls#`OE{{JDcW-(%lz>8Z&7p1}Wh`VD*h|K$7qr#=4P#Z$BY z@82h(yG*X4^!@vd4}<;wKYR9Mzu*5|JSO{(rr-CO3jRGdA;w^YjoQD_LjMmQKP}e( zeEO)*|GS$<=!7W=h9mbJ)vnSff%!n>5cZ!t|DqBCdYuP%xlFLYC;rX_A2O#KuGpv* ze85L9z`%noM|mTVj81;;oV|GU;_&>%@Xg`t7Y!ZQGif%Q+&y>x3W9G#Q!Y7Cs`Wq) zPT2`>7~uck-n%ZhjjIcy>vx`l<;<=mQ4QOFA@QolI;Yj+Iw{@00ce&-~Dot7r3AVzIjg+xQFSS zm1YfJ(0lVD^vw+nSESXtz+tDy<3k3FDx!oSZ=N zoz=CEKxqrKrB&`z)1B(L)*dd5ehxIDG6t2)pu9sPP_2A>VGXL5kQd2$qx ziVlOpG?@)#Qn!I}<^TEFqOq?uvkY+4KX1ODWbNRB?`{SI~|7t#q$w#F- z&j3yOKR-ujg~o1kUxeBGucF&Qr5g)Sp0Ur^^9th7W;xD%*`9m4|5~LlU&(bhkXv3l zt-7Q9j&ZTB#(meTZdF^oPFK;&9uD<2pqBrYpVfcxJg$j1!WpjqYWiKRxq1iyz$nN9 z5x($4adnFEvopYdPwIPH`bj_zKiuP4r9;IyU0>unyZ>{K%>A|gx_Q58%V_a$`a7Q0 z`1R}BFU@xT8Y+>UHFN%^E@-t!dhoaoud;Q%X{B7ZuWY2(x@m5lbr{vlIvL>Fn`W85 zsb<9gcW3>nwebHx9MtMRKZ6dA|KCM({689{*ALhczyHni_qUs$zbXEGFenmY{(M_F z%eBDac7v>?%r)C)#Q!C;v>WHgZ6p8pkdN<>&b?c((2z>d5vFAf)yYF&cpd=-kMG=pNE zG3^-uSiyQG|9(*e*uX0?BmobCy4FJs^Q{B*&oqvX>12lL0kCI3jKvf!fRYx=#%nTu zRXt%Q@GynH{v$A7wxZ1AyuS3G|NY_rAYav=f8N7jqpQ6~|H2TGR6fh|cZi#HW%yz#`ew@+zC^w$C%g9LAPh91Z8CbZ7ghl_2~7FVp*! zt7xzWMkb60X&?Uk<>?=K^7x0CFbHHYfFH(@4(0#mvB8fhCaN+BZW1d&GR+TL5ZEwO zU++qO_xOCd>O~4uc@u%li)Ef7x%aE4<1J2V%@IrBVUkia&?v~LG-tk^=QPo4fy+P9 z6PjQsSpA-GTZpg6#rb)48Mrm-k-eQ+(w%W_IKxT5y{m2GIj85Cz0AXR~>1oKgDd zg<0>)_Hm{8CM&Q&8~;33DXRy;%2I zc#;HShD+f=&wcMR-R#dQvyN11&}b@z!I`k~;rn?$!wIY>k7(BDsLEhL#Y7C@WBVYm z!RpOBSB?NV1sJb_rvZk^m3q~c_xu1$4FPK=r5TB-xl+n$yeLYAq`9EM9VIoE07b~b z2PoA}in;#f&&a|e17->-Y}WS`TV(O{8sVi!n^#~28{wQGz`iHMwd`a&tl8Ep z+|-8M$b?@r%$p>o-b_6WnYw+z+24nif2;G)<;JM~S)OmpAloQLG_|sAqX%SHPEb(8 zdYN{|gkEW@i~%_%e?!It9m(xC_K^6NNjV}?9aWhj)aGer)+vQ6SIcFnEke?Y^4C-e zj4dKav6=;_ov|2FV*q)E9I#9yKEuqPG1pSCP=%(}B=J}SF@QiySq{T+@Fj{bBRy>| z&gc)%0o*62W6W#!>hRe6C==ayM>9O14AYYOQY_2&nL}7Cmt3z+>1uRUXnO-Ge_;i* zjyOyW6G>vstMrb@OWcJ+=ywO9E6%|jUISX|cIbuOY6iJTW7u7j9}GrVt=)>5FI~73 zrT?b%K8h)#T)L93DV~}W_;GUDTmZEbn6d3tZhV*Xd1E<^DiK&Cl{K44UmL*Y_7nKA(}qI~>*pO^gdOAfv%txBdWL-UF5BUsUhXK3Zqe(!<*KKEsgDY+F(fhF_Ue zBsc`Kz3n&zvl|3+EE2JBSjKwy4$IiX%VC-C3Cmb?H|{zWzpSEJv(vcVO2>5k^34dn z27Y`B&vY8266$d5O=uz(o&d120EK3klLo7DNfNT~v$pW8WX4n0Xb=A{P*(8Y-n~0M z&7%WKsb5J6$N7#EOkAvehO4U9R)!(PzjOMPAM@oZ*HIKKQlUN{>s&K#oVfuQxN4 z(rQbkH36UtaPk{SSJOEsCDj|%ra_RW4HmU|{U@S~L>Q#X*5*sycHjDEpruBtRt zm<~)Hl_A+NTil@LnAFx?cLLhb*Jzc1G$&%x=&Yz(nR(~_b}n6V%wZU>X1#iJ8MqKN ztzJ1pv07JXc0H>714oA1P!aa(`IIE-Mld%oSl2O&b6jth!;_(Va&kJ}hQc`xW>bX+ z$4R3PcT=p{;}~W64O`1h14|zAgQUhAm_ONPieZ-X4cF9M*7HtMX;^Tc5KvAk*VY$Q(+X=MlZI`h7*%wu82Loj_`GMogt^hRwow^8;IHH=~ zsqYuTu2?#92-6J3Li`m+R4xi;9KfOm=a`a$gIy6EgYy-DZKR+N&>cX};XGS}_u2A# zg@4l)ur4Oj7R=cGyll*Uxe?mUN)G@b-;GB1b|b)EmX^B;Hq<7!)u z*SoX+{M#NqU}nZ#?Am%%R7Mq z>}XE^H9mQ(<^JJEQdL#45GvAi)yircuX{~i&5cW!l3lLA;&m%YT&BsJ6rQ7$yGYMz z)bcSiuQBB@mP#-g44@zbA6{5FM`m;DS(C~)xTTYX;k8w%f2|V#%Z0f*75o4G!A_-$ zV>~3`{b$zNZCWba$PiG43ip6+@`hs~(rK_1A&oQgGqqtyIA!6Hk(gZ>^X3|d({Q)c@O1cA7PSPPIy>BVZe+%%=}0o*R!AVKl>#l`Uodyv0$dGdV6X{ z`S-%yhnYRkqr#-OjA!1%)b~9hW&`-gAdo#DwOO*w1sAJ>z#*007>rPMO~WC^7g|B1 zoo_8&prbQy0S8MosCEP>2iH$wAH5bRqr8>^8uLpQSiWa5*xWSVBoG&)wVaxb7HrG| zRFRV}(dgWiWUhLSeM%r!cKq+zes5v7??f5Q?DV|^Q}$|?-%&{AUE~sOF6_{lgHUwT zE`pi|y(nvoln}zda@ziARxZQPlZwR{u*8DAPeQBhu{P@_^0Aw064kb@t0g=WUpBtP z5?FqP&iaW9sT?E{g%u)#DRO-yjzV9GAlanlHKkGO3Sa2W5H;Hgug0RQCAKHIPQzU>ddd59J0{DzE=OH;yCPJyXLsqtv`NR)03FRaY**N;Zc zObQONP)y9l;2?V~CU$Z#5BVUHKukhEy?L3p;v&b(9W10s-ryuB)Fzau)29{6N*e7J z??m~hx^X_m_zgm?OAqa&-0f}0@e#K|%C#}mnPwr`8Nn??9??jAIoY!$zrC5@R+iQ` z%vxQsD^>^(b{Tpvw9BSdYzIP4xhr;Tk!#74VsysA#9S4B^oyM$9{b;dY^j|%54-}n zezhanwNL(I7n=8F;MDGpA?XG$$B;ONq_NpBBx&CaiPS{c`qxMeoh(m*$M7zA92l?qnjfV)TVi!#Q>bYH9eZbSY{MdRfoxr3ZQX&a_`h=us7 zdAN87ZQX;&rn^Ke4GoJTZY}+4`B{UEyMpr4nU|BHN;X)28b;u*@bO!Ql0Po1dP~XB3Reb(pnO*G@&f&xW()%>eLbuPt*kvGlK+kg7wIT%=2yVEt z8*^E#_}{4dHdu8=q0! zBc;oI7whFPiNhq{5+<>gnl!G$a72NrdbclOV#TQucBrRooaUHMPUHP?c=STXe-YL4ilpL}8QEq6E}M@xWDhN(KspplP4Ri~@D+bAs{$_MP4B4r<0 zzPV8B;S-zrz%S=T@L1@Q-Y-o;g$mdeyePP2{91WYPPBBQ<@UDYM9bSFS|VXI?81Vq2uFOZXzkE7n<>cdt+BH|g<_dXp=%Mc_T+Kp@>AWM9|gbNHjsf3JN8$=Jfr z=CKLXb{q+LSOjvCD~!I6Dm5y2KI+emVAp+i*()|jHyqt?bYpwQjq9<&C39|_4bEXL zSz!&q>Ns^h8(hUf4*NLlZ=INTYFSGb>*W68S5%lxtAYCB%Tgq29dimRF)V~DnBS&%CBWN9tH^$aiiQE31_ z)66H_cf<;<3fUST}Q{ZME$TY(X`MH*0 z`Exnjpz!csl7>wNl71#V`)5S=h$(XQkj+!S-Qk)3*JY5jQ#O{&}knuxOpjJYZ`|&{ZHEdWRbSm}zW+ z&~Rl1x7om|3(~>X3Gvi+{GEn`W9xu-uyw>e#ZWu^gUyz+#kTt}acrG|(}~-~_RVm- z*gAsGK6D(LRrq+ZIt%f>TTpwKG7p`W*U3N&l0YBES>*NY?XvLk?b>8JTVz?Gi@PFm zX1z8y7ig}p(cQ7tRg+_Ky%Vx)^w?8#9aJIa8L6H&OMuR5>hw?B+m6#e-8rkN)hf*L z@T#^hAFqj$tAXoe99Z~gsk58aF26ij8^1Mdwm6Td?r|5Upnzi^yg@T)4OxU@DYuYQ z7*~?qR7Gn(;SG)QnIeoJ?cnqzp;lzw#jV+p%f$oSc9@N0h7OGSpU}WX95`5M}sctJu+{4RvWlJ(o80TgB$LD{ZK)P@9Wf zhW!m=W2{yk&cxDM{Cy3Bj09hdW<+?8@DG=9GJ{`&MAPrRelb4YnRiDgl{W&Y54pB! zrv?%&etvth?9N>f^LwCZCV_^3ys*G+|b_ptfR zRrX!mSEaO)^5{`(dCR?FW-1ta_9-Cj#e1_LWIE#vA1pv(*x;--XD3! z;h>Q2p_42-D)U#odv|<__#%s^afkum@Y7Nx0QHQs&jj))kxgBOz`W9!do=d?+Uk*-qT*eow6u%ZX^~v=>7-H`OKNd&J^8Z4H8Uf?K`D`kZt^-37WOG&e)B7z}s+yd?yAV{JO zXsnRLFQ)b4L-8Xq3H_Nwy@=X|dA)+m%gZ5!vcSzn&|x`(Sv*ZgD$NXuL!-oBhEg=T zFTyas{3Q1XtNU~jh);9cgV7mH;uvRjOPu*4 zqdZa)$b2R*ql}UOQle+Tm9%Mf#C~)UByqIxWywFZc*RMEuMcMO-awyVAoIQrr7|x{ z5B7%M8%(SvCg^++70bb+1eX4c+zCi)*m^vEzP?d0QJb#N_z|0EOB*zv(t(2XnKXww z3kKWoA9AgyFU!9xRVOPW_c;H~#S`o*O_hFh9z^grytr{xWOv&ep>VawpGj9|XTeuu zL#Sd4z8Sq>OOZ7$&STCnF;dlD7BD*}Wl)Mw%AH2=L&M%6jHuz?L7Mo8c%hZCsU$(t zhXR07y1qdgheX+HSSR%XF@Utq88?VRA%JE9NFV@Lf0oyW*Pc05D5IL|o-criNz^5; zu$C-bUT6OTAhr_39y3~;Uga9?Yu<2e%HA+chuS+2q&y+7dBL`Og6j(8e6Y^ysw=KG zOq(70Uj?9ee>ja7&;S19@#DSzu9kc%?OT&pj*BNYK=>dZq69+zvKybPMylZS{Q#91 z-rmK*9WmsdR^a<3;tgN4CUTVRXgC zyfHE2T8M0^ZL;zc8X}2Z)(%G-^6+OGN2W15<@7u-Fqh8Zg{_i^X+^(J$M}FHH)#df zQ^|p%vJHiJG{H*dGesnp76n_CkdN+1g-fjLjeOMEDw0xMO0<*dCOWGDrxg(bgaPLP z2)HJ1+|Ya0&SGtDjIEh4bL+CofvNV!mS%89ox2TCmq|iZL?$Bwr$(S6Lf5+WAkLKecrQcf7x}u%=rgq z&ARWpt}#XeXrQBqYbi0Td)1ziSw#s-^;IWyEe$a08x2&TKKZS>G23b%pnR2gQfh64 zgpaLxj+=67x1>2z1COoF!UJ=(3Ja}GxfSi2Cc57frbi=DCxppYQ&B22LHcm>6(u6X9IEBZs30boE ztsT6z@_S!jAhSrzVpxi_7b}rW;4+7mlMm%AMI<-FDMS>^FAr736j@8pQd;n+$s5U8 zrq)4i72&cH>J*CCxavH6Nz^wiDAs;rU5)=2JTq!)5fCNG<&%%~P z6lW)aCw||59SGbDAV`r*4_i$b;?|-sm;K1{2HOsM<{+9iL~kNhZNNzkmF$N5KTM@6 zErw^rz442r`>)~c%J=II!B-qn?8oZ~-@|nGy7xmJk^b4}TrNA_<9gN7i){mH5+N+2 zBCFrNgD+$kg6+1+LCF!C0zs4f{hz3yU)i}=m1%M(U&6_8IP=D={QPe>LzY8v7r%fy zTN=d~x_pz8TEE$b6xQN%BvkhCx_dM4Z+fe{iSRI6kU;`r0FFNH;z9Il`16o4+|bBrF&fP>o{SS!Bf4Y zJ}iCk6V@Zmr?`}uG0ldJ5I4tVI_3SAD5FXFI}ZQDzs?h_=!fQ<+ji~=ar|DrBe#12 z9t|3zLT+q@s9pmm;5RbjEZ>6&;+78lh!ZaG#mN@%k7?%;h4FA$D})D#|>jR3I4ihDH!Qx5xV*`qe$SEZe^`{YCd# zfp!o1DP0H7ov1`~^3gi`Sc5_f#0oN}=@CW?b503UgCG^71m*z?+!Xp1@<;Ko39{$h zxQi(-^zJBVqe zf5I_v)3uMUP;ddjjZ55}`yMdv?(zD34GXoHXED?jaccGBq309(k}teiRM*tkv=e}c zbU_iLx}Eo%XcX8P&c~#zT%sPrli8?Jme33bYP%M5*mipJeIn1;T}`09a#|CDdWX#m zt~ic@`nxz0Qk8h74c#L-UjDpY`9Sx&i!by(v(Mi6>-oXOZ|}YKgny!bN%^l~6MFm< zK==PXI~Sw1P^2syWiIxFpTRYm#|dZu2-~#3YR{RZQUQLWjD`5mrJ8M)XaMYczM$EV zn+t6O_J(1aF%+a@V~yI7G>nz{el7rt?&A=*XCG)N9b|_&&g4Yqcj+sM?fq3h9Q$QO zY@xnr)yx;vW1kqQk%FV)jg*a+hA`K+t zWahw-+Y?eiQf~8|iEQu;51NQ(lmWfGkK`a}7*jHXiPs%k7?JB<=u_wbkEj??g#82| zhjcT6wk+u)^G$5S^bQjCwcf8(t!PR5&g}dE1gXUcv;3q|*1l%n|qBPem#@8X8IGJwn z_b-hykl4t}6@1UwXKBXg4FMFowm4Zdi-%!L%8Hq`PzpwoodHD{IWKlPmc0|uv=F#_ zqymgkt!jq$9JJit%9Ewfoav#9?i3J9uinSLT| z>LQTY&|lO~abH$;T~>BV|0-aYzku#;2Vtn~mo`<0FR;fjaqsGnLbjA~oeBAvZ$n;- z%&047pnQFlE-kl-G0w&Q;*rUs@kocB{_94~(L43p-H;vXOydf-blwPT6FcYb(@O%g zad3|%+07yo7W^+Yl*7;&YLo~w%;2X^-I_4nc)ItrKKk(rFSQ{oZHRdXC3Q`X(!1@l zmE-~Y<+egHabr+;8lozdwe291&C7XEJFRhrH>-a%=oFCb8&ljOI-v45vbERg>4jPI zPtQq(KwIKn3&5`TQKtpddvM!cMiDfczf&ZnW$BaS?f$2_{ODL|^C?XvUzl^f^Md|2 z&Kq_Ovcjc^4EFB~6`H2E&7E0bnbQTUEo;(E^M8Au`HXg8mWC+u;(~?~-+1 zLA=2)U_Ude`*a6)8tf`^CxOl3)Y{-*hcWWorCN+w_GO(oPm!`rZ19o@dnpu)E-iw^ zE@F>vxB8?fL)mmNY%Vb^wLyR@5bK%DUXDUOvMd)7LxuS+7%+DjXWnweydEKSGI!_1!Q#a9HTnX$lql4o> zmP?aV${U%=QJgK|zb`kUo9PPbFN~w9TvsNO3!6_h_rSyJ=bz%;Yr zY0%rRtrodFFl*suR*gscjYS7*iw=9xyF!T@~e zUZOgFtz^jxKCeX=hD|N6t+n%!<#lCaB$Z6pCx-YJ{IKmmKq5F|VSr;h{0ZGfY? zPd~Y4;o)}PYCAU0Y-G+eCA{Xu_OOns&m-yo;IlaDtmHJZ06cg`tB&q`zUu;=OA^{P zLg}|;MNCFx1Qr40@yE-Pk2$|z5&VM_n(TR0-=%zPMIYXKFTq^LKkTf-5^JtItm4}H z=Z|$0Cq(GYZw1iLvPP(e2MJSgGiDU_^uU5=>YdNzDOvuW#L_ zH3DIr-f(qVQK?i)t&%(FV|oSKt*#MLL)F134cezu5kkU7X;%0ygp;s?8>fG`v!BRq z?ua>>#%b69foe4p0wv7!s{z6?-6#NUX9x_r#3=24IXIfOIeNh}dg2lIsASCoc{FK3 z7;J&^8zsV%#CG-UhPU_oZFda?@9+EeJ3#$5Bu@e3wQR@}@z?84-G>Pg@te3l#^y(L zgS)LSgmEMsrpt=k-&Gm~&H`O8nyuraCgB~$-y-FSH3x;h4@RZQ#9EU0)6e=h+E=?mAHKRgB;xxymHRU#vBufwURe!7Hxi%;3p1q$=T5b;h4HIO%{(DM1DpeQQ z!aM5hi0ZzZA#-D5P^9RP?21<7Jr&h7uY5uJN|`DLE>ffp+Da;1_+fwHeg9>Da?j-F z#u?{;|FA!ru={uC7N#uC4ktp_w#DRo47VJxu}C0#(BHbUkbTy}KP!ZNAT-}wedl!L z<77-dC|2w?vlkPde6~AfD77B@^-+e-e@6^4!gO0R{6Iaa0Nar)%$E#Ix_zy%I0>;C z^S!~`0G)-=v2Lrhe7C$+V^`l-^W!j~!z^=9-+|9Pe}*rO(n%yG=;)GmU@n%krUR&N zZ^q}LBPhxR8@3sx=~_evKtOUT1nELdX%$$W6@pS?g}1C`?|~45%Ih*^>>)@`iG)*^ z7t-Z?8F8aGrae+$Rmi21kfxknH8ow~WQ)p^La|M<^OL{%_jND0`8UV8-8eR;H?6vg z8>3W7E(0wCOM4%Hw%f>*R4t?Q?7k9EwK*M&QEr}6%hl295Mb56DjGW|EPi&=GPG(t zvuC~G%ju(QzeCh(mZb?9l`*&g@XUTofczFHGH1G5Bs_4wnz>5}NoDU@9ey%y$;S#s zrJm}}b6`V_G$4wG)zGjr5S!Tj+a5$je}h2%&=k3Q^CbQ3fdE#p5{b)xcgo}6Ff3tH zCEF|DSuar1f>EQ-2F^d@-zlx9+MXYNnp?%!!ZK*0zpnMy zw-M-KK6E0(B<24iEY^RUY6_6p#T#utaMVQaUkbz&%#{Y=Wox(jS=V&w*j{kh=}CWN8@&BvjURV7NB7A1`Khge)kER>y{!aArtQriIzQ6-T9KN z1ksAd+f2$EO{Nfg|8?`ApOa*|$7x`7d7Z8z!_|g?TA@uO3vvPW=@w!xgO55Bz>&G; z(vv{~>W#i2{`0f0xh3H&g}J-Dcl!gweaHU`!!`9DI8m{X2W?Xk&Wb6|^e#XMozx#l z={4;D4`}Nq9Fz4covA*Jf+wHIP6xIB;ozN%Tpd#_)@kXw zqL%V|gNX>@`V-94#k+(sBf~nd@QtfRMih|u@d!#K+1uUI+K%wMNAT!Mr1lO7h*l_4 zOJ{)JfFBI5rc&7z)ZdQTH^I>_*&#Q%weE&X;7C)fgX7&{d24eo3>)Iu*rceOb%2tC zjSmM9xW2J)c_HTTF5MnFn8&D?!lRMGue4|0GUO5ToD8%)5V|#Q)H4&az@KorD#wPN~8gjen+(H%% z5*;xDJT!2ZEFquXDRu^=y$XZhh)f2GGv^(^kO(E6p7q);w~tx-V7BtnX=B?!voOAY z_ZTl@muENHdNs0~EP?g}-v!%)fi1OqM^JgvXS}-4Z?ioxyt(W8L-adf-kWMJu5O<_ zz#TrV#2c+QelZNI&-h*9HM=4ZXI-gTz8z4a2pv)wgZ?qB!h0;pH0*BxKdhDRAFvX= zMmBLXds$kLwZ=)%4bbRLo{(rOh10vcIvXc3PCNm@>>VaZa<-30f9)sDSEWZg>MOPhIPcl!%YBKu22BN1>6OxgeI|SPlpB&eV!ROS zn7ql=G`q-DX(NWqhU;N2R^9>fZIs*G{6*gbAWF0EM3~1^4rt;8dswJ#UjqTL1Kh#i zjp*X2){*-mzpj~qDT)DJ5ou8Aq(EQkH-&n{esqM^DedCrKd~#AhV)AI$Ry2_<6nr! z1|w9TN&7L%zqpY%>h(l7@n--d`trVg1bHlJnU5;~tL1FkGn0vb6n?WznL`XKUG6U< z_olGuSKi6?9Jy)1X*0MRjX&@{of3Mu%JoW5xHPZ@{c`238p< z(^)!Lu5F#y%8s;XUn^NY@o#>LEF1q-778kfnPK-AMh^A>djn7vN2h+qVgGT`_YFKa zf2M<~d}3@@UzgUpFzR$)FI5&#S$5OR(GsDYCWv&`IE*~soAOzNmE@*!$CEF(b0QS+ zmaJ_Hc>v$FBIFLsV{etW;1CP*Ji$qkMGB5sLd8}(N#(NB8$@@O!|Ov}{`BS-$DF3irqLBUyW*lVb8{gs$Vp1yYTx@e1MZ652?^ z^SzB|@nCQANk|FGTztJu`a4%$7gED;=q9_T4;)Hm4!mYCmZ;Ikl#?r%yueq~oFOnR zNo%i_eamNB2MRJ(F(9qwW-JM^pA5Y>9M{7(l5Dz>ULU5GH(gd7H+SqEtuzO!G1UvB zE~xNCxu*I|9Q7xWDsLAfb-PU6k3_)~kMr7)&!rMby|AF^aXD*#9~1j?S1=&IASqBj z2kOH)`(Hy<3cDL4kQy4%J%yiqT(he-V!sb0>U;VflH zny;eKc-uhmpmb=FpoH7~)<+9wU7>X|71|6g0l}W7ZvG{ZPqr}&URKACSaPNTiSQXFKO)i2|Ho%p7S)`{CY1t!H_YIbGvw!rc^=zafU(pgooyM9UGsh+nziq_e0EYKPLxFV99jNjdDgae zpV?L*I$jkcw^29x$6zH*i}-d9E-_mLm&GBxlZ7{+n~pSDO9zAJU(hnOKzYe7vE>V> zrz|P@q&*CSmn`>RJo8K=i_Gw^)szoF1=OdsA-=0WHRJL(&@(y497wxD>kNUld-{~cCsBQ2BAD1f$I6CDjiyT z_AdQ|D2Mp&08Xg`g?rIte@a_NQVQ$=xN!pl%dDb;+fp7zHv~Bsz1XL~saK`wbeL7@02#GXCLK#^u3{6`XYHsJ3?KvE~t4k^b(b&P5L;$keU<6`W! zhikoGwL=-dwq;WVKb$T*Kt& z-dr+^G^jqy2==ZgdXrXUhZW^C4VhsC2%|{Xz0bP5KLuNG?{BZ*I<{?vkz6gC8RICF zPqkZvV?C1XLAo%OS$b#$$77AT=0-5uM)6UdblJaX$qDV+W#{(Nk2KQlQtw(Ht7fX2 zvrx4)gqv4AAxIuJaKYc?)n1ucPH@k{9?|<-kNTtUMDPUD#(C-hoIEQ;QBhnT z?|Qcf^JYa+i=#e`oPT{{&m?yS!z+erTJ4#kId#KbSy4?(g)s7x)`Da1!*?p2Lymz+ zM;-zXk!e^qaH24M?iWEfQK|vY6G>bfyA_>m=jx2)N{XT(df4m}k>$p|>6AoVA`M zTbrKuub^NjC4agVFgtJ2u!qg!ayy^eR1t18nlm~*hw9GYiO{KUQTYo{T-HTtUH_DY zW%iPf5I17tg{lX+DtFGB>Bm*?e|#4f11kI=)-FQwW@66w{`-%=oRCBnYbKc1+oeo_~DK(n0PQtRvJHUX}WVB*M~;+sIqR zX70a|HSBJ5sS(h{9LWdx#6NPfiQV1->$w&TM+=-@5EjrlZsx5RVuc5A${aAtW`fLjlG%@` znO$Pdp(@wP?#RhhIOQp_$?U?qs6pBGs}_eK9cA=sjQ%>lXE+jDhIyIZx8w%XG^9k| zuj4FyxhuNOQVd_8unEq{*Q*K45P&wzYnJ5STgo$-0d+N9{EwbqiVVpfhJ+_p%@&4q z4JFo$FC2LH!pw&ZGh4L1U~{wU4==I61cc-ZRBqMZ1gAkdob2iu>tcTeLz^Pf?&?G) z+de5$m`v#a0fXsKyULXTZhj}|nD@|$;*T}hgr-Ses=rw941osBB7g$CtFkoDN_vGk z%cN$CO(88@4F)3IL88+Sb#t|%!umi5NRP*k$5P_-2`^~GsMbWTM&8Rs$;-#19AU>2 z0MmAy<^B6XOn8@i<$WUAtyQX$VTBbofQojPzIdb*Kbm708AOFsI7vVeQf@*=m+0nGsMvT+($gb~KWf{h+hJ^A)_ zKafrVU=sQY|#$gx*<_)HMmrX2tu+H8%a&jXtI?TSVEpcDWaRisJKR+J8y z3Jj5<7E0PljZ(tpY*@Dv(qMfqgc9S?Hmxd71o^kiH2-1|a&&J)A5b}fE%I}8tchEy z-j!N-V>!!HOTgiCpE;ugym%Ds9YVvqlKY$A>GLdQeBflF{BH1dCij0&fjd9_aBIgH zw{VZ=e7lhl%oyY!$K&ta0(zd^`-dA6*rl}c%|=AovFq~5n2gs2ZgHn{MH}~l$M>|f z>DY@%5%Y1xA)QI@1>l;ox96F){F)WD*QzN*G^lQ|$Q-sRl(F9B#)3qjuv=Q2u}ag& zua-q7{J#ii%pz){7s9@B%?a6%VT_Sq%)b;$lq4fmIu%V-J8Az>p`B(g}*$4Z7ip+1X?Uz~g*e-yJeysN!f;V( z?l(7^bzXBQpqM0F#oE*<1?_-DEa|*Nh|~>RsCPNn;kJ#$Wft_EK>ojm_qqo6^w?@J zJ=dur>pF+bm-guvOIFK!GPE@#JFAT25;vl&xWUg*-ws$5EH7jdte@K#7zYPAo(V2W zo+N+X;;pmXtOytOPueJ^u6XUG{18xQNbBPv)up}qd+FiWDa^UJrWB8B0;jcRm5K{d z$h{aKn}}-rsUF(IhLr}$dD_NonS2WZO?Ik<&G1H){FX}gveqCya9(gMfzFz0Gh?et z0lqLlZ$bP1FKKz`ZI>v8v+`b;eblo-sr3}id( z1_$BUjQxUi7vW?~g>f?3HwkL}&HTTzSsA7gZ3k)gKs0j3tY)~eJ-=q+^R`2vg0OP4 zuLz6G!3ezkMfOsfInl8FPlJzE1G@$PcDaw0g?}`8V2AyNFPN(;GZN7J7aI;>21^t* zz9W(tCk6tl&X_hafhZcp>`l`fVA1iA#7#?VbpG|cF6RJd=Dtd96OabYmGP6-61Voj zDBIUilWyXs6Pc@=){+~GG7j=J+Dus(Xz^JIRlq?$6&uuXu&#&WTkfuY_YuPwFN z=PwRaw;ygid7C{xbS7ClTs;qA0vGoTWU%scYR|8s-Aq?tug$GMt9{VWr{a_Ma0_!F zX6kjL`v;zal=NiQ{~acSY`P`)(0AdRwbU^MZ%Km*nR6YZFWosPc=B@vQoUAGc+m43 zc#?736{jg$8j>J;VF}H-H+_H+%c`sqL$wvuzm7@-HtYJ29Cxae4B=2zxT0~n==iNg zaBb>`N$mzIr{@Pk_>(bl4E5PGMKy3 zcI-|@g?H3I9B_nbH~%9Sk(l2VM4G}>qdtc<5zZa*&Nc0fp`)hOWKOG~ z`W} z_!lML-y}`aVX!TXA|oy`ClS`FM~@F5-y)+zcHh8T6842^RtxcB81ge-3wT#_*w!6^ z!%U=?K2uzg4(?zybZ;HW%l%(&DYJ6f2!lmYIO3us&pk+!0Pl|s7gslQAF|S;>A6y8 z9~SC@VNGO)Ll6UBM||8kSL!N!4qz64r6^gVg^mp>zjC(BznFvJ*k5>HBXQvvT5I`I zTpYfXK$ImHIK_?Db8^Rz&F$h*+Li<{3Z=WyADeCYf8$87MB zT_c1gNFL4^qEB!-jt=F;z6vS@@A57|)g<0=LqxkEfanl8}a+&*YCC zKTH8$Qf2QyQXJYT`hTUkT@xAD0Zs`&_aSpx(|$=_YcwEf?H6!}2MS4h`3oYU!v}nK z`Rj(gQ@e=cAgo;n(NOTe=|;m+S|A-QzUbX&3KN_~!Kx??Fj>k0={0^$(8FiUQZr}F zur64%u5J5?#G?BR;9m_u%4hJOqfzJ9aW-`ggQt;Ep2kM!4Tx(>hiU&r*l_<3XHK#2 zNF?z8>dYvp`$M`imt2wY4tkooU0uQbv3=lG9 zEh>RqT6`|v(^yEa$*WEcU$>C*7C@w7h_@ewEDrkInf*3a-zLE0Fgkm^jd}6a0G*mV z85#v0W?-5&7e2&c+&P8OoRm%@Jkm0--}8vh`S)%I4Wo-81K3 zh>}LT?3DzW?%?glvh+doR)cQMhl|~UKhVpe(B8R{C*8Y7Ix$^A)K4NC_H}w2_Xt*( z{(QP%@=DvGe6id+ue_0Bsv~3?aTLIi^ioxlf0HThngG9~K!G&BXfH+_AGTZkN6ERk zriE+qSVDWXRt~z{ZblLqUX^`lykPPgQ}s#?+TtHbeUNe%K>-H$?y4(IiveTm5?Z$czo{yacR6%;iT7XUkPU;d*q%rkKUZP(h#MV_FoRnr z6rf@-g%3sOw9dJKX`lw?_A$6@!{t=Vw3UGU)hbKXh(xeC$A)QZ6mr2Sfqmz6fZWjG zU>Y;0!3s<>=r=gHbnaq!A{d%{xOlo_wK&#AEnK|~&r*d(q$DClR;=$9HbP57NecY| zD;znISj#JJV(RfUa7-~~(3)1@yjT1S=7hN2zfA29uj!ZY|Ig@)8O~D7>3kmFf}4l$ zSyQkL?Zcp?&igU?{^HXvwrZgK$LO>CG5UPW$!kDlFyOmVJC?@fs9ql#YvoXQI$ zF6`S@19c;WrvbC{e!+!4vD(nAhr?fIXDQ#5EJWkP@ELG$O9TqCi~t?V42535{!=^? z1*HD2{Ri{z+_fIcz!oy@n#yL93^nq1{(-+PR|dQ}0PApaNL^d$Xq$B_C)T=qbY%WV z5w2-W9~{f798sT0oEA`r`2+OIXo>6qVLgNlxoz+V=|g~k7b1A=<(^gwvb`cN=4ykn zPjBeKXq}UYdLE*Q@YOS!E|ug%Jtr*R&)NUYG+$&aFOLq}n@%A#vlKL1fErTp&k z#Q1+ZX|&n6*)4Fk|Ps~+th?Ofn-xuMy(JWyExBZc&edZ+I2 zp4DETQ1`0GbCj3=HpEgv?NO&bnuQfl&Y0!X${hW{q4a0^BwNaMCXr`L33jGlpKxwv zulLuxHqGF7al{;TgN9b|9>=VnYT00~hw%XvfNJbjz-44Q>pNCe$cP_8*+w_Egm&FdqXrBz;`}?`h`z+@Qjf{8P!a zLwsH0tH{K#g7^su23g;j2<)43Wv*~mjucBKaFLLJ-#Go8-Kgrk=34n?I8IBMFF-+gMPpFB;hl&G+1!J!Xzfy>_~2mWw0Re)b`b~^7Cmd0>d)YT=-mrbMP zS9S|2@@c8Do|(wg2MUHATCv8G)7mU?rMJxT(0ZlJ16uI%IG;h-zHka`w$hMt5l9w# zp3g}QZ|!i>T@g99W~LW5)l4uOgT3r{=~h{5D{QpZ_n%AcW2s%5`z-fIdI#{T0yP8$ zZ-V!QQ^J_PSqef z?^f>ft@T|5S?=l!=7JktDAjx1Uv(5Kaau6n&xdP5Dc?LEZ^O6#JeFi%bHR^YJk_}e z|LjuRn#_-JpO4$ydfVG@3|8&1)7&jDPW_psz4JddwNAeW1`a6D-o9UU#l^qf7o{Eu z;Co8X0{UVOw+IoswopDb2aTV|K!tcs2D&#wD_mw?JEb&&ayFa`=pZ{Lfh5Uie zlB`b$4PBC{T`H_2d!bg?W(U@AzF+r9x~fj!Gz=;oZ01(>F3^f`8EiqRUG=(m>1)Fg zad5r28+KYWl-J0DW?@X0y2i`x)@Wn6ByVa)D-3nhlKs5t3uDnNJ@069zwu~YUBNpI z@_&u;huFu6_8^DUn1V<-Oqp~uJOpkscaaKd1Gx2pa`+&LZ+y?vN>Q<*Gfue)pcbD^ z%FBH;?Rg^CrNR-A#KC0HIAIRA0t$CDhN{Jv2HYCiFf1L}plFYkHo%sZK?2B*<*#|Lbr^9oOF~&uCb;8%kK#bUZk?JnMH0N~o!Qaz4P3-Bi?LmQ>X_ zz}S9wr8KTQsdPJ6yk#pISPb~G5|ku`SU0L^k5TK^)Y9`mRn~vpc4bl$6{^_3UoDq& z-ko$`bFwH6gNfpd{3^C6YA6Nm8O>T~eVC(G#RY$;8Bl?(kKEToS)S!{7e}9~-osq6 zqJKGQS&xE%^{JAt3_AZ+`zVul$2cRFCPmjf;tSmN0;EK6s- z`>{$xW_n+~7QNHoL_3z8(!(m3cpuX&On_ebqDN%hIi$ry;`uuTMjFe5mYwQJ!8eP% ztx2@69SL{&pu=JSK>jUIFu{&fk9+=LC^AnX1h>qN^hp_xpZX=SDz0iwFJQ(xCO5P3 zW**|ICJoqow4BP8Nfw<=3Od78q>sZta?|k2yB?;`KrEFoI82Mttw2j4jO&RhN0%Qh zFR#ffL?^?eg;#z!x|s|L4AE%r1T|)89&=hj^^@`?(jA`|tyvu+qE6H1+4lkU2N zmkH}5cxu14G3YJFe|92g?U30~J@dPkYze% zUffmBy6(?&|zvwUTRbEhWwuPK=Py_X|3O)V?^;X%dFm$W6y^ zKP!U$OKy!L6nxxeKCJD7>z?5`sw>gHwpY@lKy7oOaEyRUp>(4ozcV?923N6A>FMkw zFpu5Lp<>dk=STs((0<00Jh(vXnP(;zqkWR%jz;$Y4#VbI+{h&wo!pY5X5OhizHFSZ zz5;T;Gkx1v%9waspnsNU@)YDLJ%~wpT7@{To@j1p)Qle6p? zz>TS{MND+?V0cZ!P-PXuesLDubDzP-P6&gcgs!)v-?R7>e4>eTCisTH&DcV1)936MO zSjXx89FgH&^?^qz&K2<{xp{@muA1v2z$(x=DRru zu$hmt$XTLWEs=8%tyu1a0MRs!8<87(>TB5$H%;#l6q?L*m@rO?swhNfG8CpQhsf~c z)1nuGB*IKbH5o}FxY!3h{78Cn={1*sH3@au{IG)kRC_xFif#7xF7)G4pUe9V z4kkC&SO=K8HC~)-p+00!da!wcmV&sY^$T7l))%kYG(I+Dw_Sg?*=?(d{XK=3K1&d*9Zoaw}n(4`B>W%cTfaRv4=G zoGgJV%c56r?+y7l8Pt!beH}{T80hf^zfLKF;j}f#Je@fj(MG{^DR{{n8_Elfd+s1- z6WHT$3`VAAY6FrKj#t%JT~i%G`Sg*HZocEBFlpR@Kn-WmS{sv}N;+8!RD8-HzUL_s zZW&YMXRG<4>Gk8_K9YfVs@-?=;C(h^7O4VR+cc&og0!{e+N$FnWogMPJBhfv6`PeR zh{l=WC3Q6#CCtM1QLF?cFyzE2C532Z#9r~Y1qOkCVay6T5E=Ale8_oq-y*ZY@GqN; zj#mYDS<&-ahW=RI{{2{^c$pD^>8)gK>jy`vzt5R9-kqYZ?#s>?0a-%donw}!FUmh+ zCcUmy0rCts&Wl$>Q}cnB2mQ$r3LKrH;KTKOTof$cSqP;|O(}m^igf<9DNejY9<2Dd z;2*k4(pjhIV6EOB=tI>vm672A*&iE+Y0;p>xrvemYVq~G;=}z~6@S$~eFkr^|2`7@ zO0l<1c)H}rAw#cp{)`RrdYS6F0Pae7&(`n@AI^JK<` z)L+4rf!?rsZdJ**QwFS?fQa+JXbE(N14jNnZe3z32rS>%%-!CpBv>6NW&GlxP4dqhA{DTD>`jkw|Y+J(=a zSxJ%6l}m8;Ow`9t-+WmvhvKLxVoXY9^1qE|Cc5W$iBtb0I3RTeS!w*A=EjKWsA3Gw z-^dl-i%QLk?NwbeI8bg*g%!!_5v+vlW5b@L$XM@pqRm19~LHc`n>3Dflr2QD!es%sBa=N-?9^mK7;fu{#5de@<%x&$Y2U?B* z7mh%iHCUx|G*R7nQ&=adg!* z7${c@tJ7{%MJAU~UdJ!ti0`?zP#H3c#IfkiG4&+SNp-u%$#~H*?ac7NoCy)B zlBD4bDb?b@6#n3E*dP{y*Aa2(cf9ktW_wDDBZ@S*YXVMZKFDV-qMNIS3 zou=>m?{E9&UfQ5T>b%lu+zeRscFWH9neFF4;DbHk(}3<7He_EpcUD6z=km=dD;ZaQ z0>Xb4`sV8C?aoIq!c(sH=vUOg0dg+yhIhoLyYZhK9ji>(6K= z$p^$#O%}bB#UNA3C?`tZo7SXA^V!FkRKjg$*hrn(WEKO&?o`thvP@OxXfBexl^<%g zH6$YzuU9MI5M*5eA6vHN_L*p$$JE)K$YVM&fE$G?HVPSa7IKRY9um0D%iw3jeHx?K zzLPo)YAoxFZwrv_l>%7Sg}d@8^Oc!P3eTI(8+92|(~l$o>T%zB;z|b4QGX(m!_Z&X z(Edf%PO5s&2r(oI`NkPsj~Uuk=57@T(;%UG(@f*UxyeM|y7X1*kJ_D8G9p*!hz_8XaXdXH*ypNC8G+A0E%1DR>E6l6Bb7W|ef z5LHh6$ eGovXft}|?_I?n(99&T%24BVpj>p(BCK>rW4ZUJ)u diff --git a/golang-external-secrets/charts/external-secrets-0.9.5.tgz b/golang-external-secrets/charts/external-secrets-0.9.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f40bed88db4266e6bf9882d70ba5991c949f7414 GIT binary patch literal 83210 zcmV)OK(@ahiwFP!000001MK~4cH2m{C=BLrj{=u@YT3Rml9DakdEGb9IZDatQl%eS zlG47ls%zOn5+acT0TuvKR%T_do<5gF{noyL8~pU}uyX&OK6^&{ z|M=kXqh|;3`@z$F_{rICZ3Z>ZH@^RD;k|RC*b9T_&g#)UwpgTp?hpRg;K{v-8;>Jz zkadGA>U{iPQ28nYOM$RwG5xjO2H@-Iu=k9Z7mL!Y#`EWS(lG$=J7>Dy= z;l$;CxaW=WQ?hHsZU(&jGIk?)mB81`MjFnU7Ytb()5|#Q`{5M+hecC&un4C2uHD<4 zFq*{A@AaK)HT8aBLVZX63tK4w-T%)YorA%_{~GM~_wV1sZzb^m@D|5&;cx%BbM5-R z7tF_O72f{$6o131-*cRRA$<6Y>wEmK!iSUF1^f(~;(KF;J8*9$Kh8I2ad;;GsHH*YUrTnv&=$)?|E!2bvPhX*rR|_IUc)le6{rb+y8Oz-f7?f&U7Ou38CTC3!G)_1ye;DF8Dxu z&TY7KZam+20vASs)_{hc<-%bOZ*q}@k$VrQ#<35Z;6~c7P6XI`8I4`%0g@H>6N5wP z?m44d2igE8gzquu{)#RABfUa1TSEmWjt^LHu3=&eP{;oja-h^of{Sfu%_qt{?oaHnO^y9 z>U=Er`{;PFBm2QHIAenF2q88PS1wHt7aPFF!f(FIVs`-K=8XR3%)My@U2%U+VE^&{(=7gf zw14eff_&@Kx__RP&LU;ohQN)b+?=hjZd;fC?*y@iz`ha<^fW38k`7<-X zPCY_uq8Z|4i5B1Bh!PiK%eTP8M&87A{_P~uG8j8gAJad*`Ni_;%KPN>`aMUC#c>d# zRG8*5qJ9?;zx)D`BQDF1BH=5l`j=wMU%?+CV=;2HO_y~BA)+fzO(5Z6*%}HgL6TW zsIQ!7=10rPEg}%RuAJUq;{IRaUT!S@QS)1-^q@KS-tbffo*ykeo7ST9dlk8b%u@?>3bmPz)%0Y*^Wf-ympPhG4u3IERKe!7g(^HmM-{*61D zh2izq0k1yPZ9pkp`oN4w-Z*;$)(2?Ga{2hrou25}+sX3AZj|&9O-G^cyV3T~S^k6F zd8>tw{kby&aNYUK4bb8_1cGxRW@Aor^7HSPPM@n#YmX@BpemM+qAv@^Zg%f=K1Ewm zBevecoaNYCn|sr_X=4q!Z)~=flq<`NE<&y0u<c?CQxzt(FS&mNQ} z1MLW;#cOEsN3w>|w+f4YV_` zOu{+7xyZD;46ogw?snuD5j9M9DGl2O09r;~a*MyBVOCpp=EX)3oP}}n#!YU*=(=t} zTC=pTP}7s|lAJZhisqGk5eIG#BDeLM+2+7NT8tEe81DEN=%biHIA_?7mip+>Ws zh0u`o*<=#^SaV`D&keC+Kmt)x9B}3`Kbif`2dvvBHi63-$7fMEatGKN{-{5-xjx13 zb1xMjjOhr`Bo-`RiAzquFnc^~1j8TYHppElY>O9G_7zRY2dANW0bbx5) zw=mA4$$pBs&%&sd%QHHY^qDA3!g1(7cP@|5a_@xGD!&HWyX;}h&Jq21U%EN`&R6r? z`C!(~U(Vgv$n50iv(nx?zgIpX(}6AKZ9Hdf zx_qh`fyH=+u_5Etw5vflah26W_0oUci0^CqJiEHWo1TN@k1fK zoO5c!1&KGQ;_$54wOtKje=!+-30g#{ZE3&_C6JtZ!O@C&KEjhvPyeMBLl}*gL0@Z3 zkA3jZQ18?+t6vctLjolO58amBpD%8f>8V?c~O`ETEg(?4zy z{i(l}3xJ-h{#?kHrE{Iky%;ANxl<1rUu}1)=DcFQH=)=op;ePnQf!wqubLeo=|za_ zd)YiP-_|E}v(~3pZpC-_Mc8a1;!y4goZ~QzCSG8&|HL*m&MOCk^11Z;{S7e1Pw)er z!aIR5V7lk-6^}nsj%U$4w2H<1Q6t5QwB@ z-9c*PFeVF4enfS8!9s|5xeJlj5Qrl;mGq?Ney^lSJdPOV5a}h+(k*MSSkrEl!RcA6 zS3xy?y9A>w>8SJk5jU;guUH)i)Pyb$JV2R$tPd za^%od!Q4Gx^kYx|h5xz*8_=ZxKX{bO|MKX`L8t%O&9kZgr#!46uL;W2YRUB5k!%~O z+l>RG0N9pzQg4WajM+c7{=jH!L&kno%Z##K%@(=~z`u_3xNnDKjDVjGl^(+}Q z&V|zWL>V+PB)*iuWGNQ9pcV*IH6gk1xV;!?Jz9GHgwJNB zWqLh$JlI!ESoYG#1L%uhTVYi0pex1hDOYbdv=+P>KLD7ZX&Ode>Y>-qeO=QSA03|` z(Thv<0<9pwl)QWezjF!MUq;L?EQ#L5Gmxv_uzADBF;CvoXHk9-l&;4iY8uqmP3}1| zBapI=aFDJJn7^1Y>FgQc z6&_1>VCS40_HG@TtCP%F;)pzkl&A>vDlV4s3>G)U-~&u)MWG1szx9!y+V6=ruWxXv=rMp$vA=%{p?88}J;fr&zv=xaJ8T;z?G zh!}WuL^Tc4jhlDF$j^4eVsG2jpX7%9ZIK}~5<`v^XBVCO?LvmH3JGOzT|!-|`b zL2(z*Ufl?ho>fp7o?}5^8;<7O!E_*7p@kJ!$CChJs?-_qa88sWM#O{zCw9vdl^dae z@52>J)$UCmVpaHna02u#{#xIMfXx#WoeDHs-Y5so*V#U}X~beL?c*De7g&cwW7V$rS456z*gh}-?x`G{!zBTs^=T^gWo zm@8FgWr`I8!W$ydgO-9(bm1Ceer)&x5JWGLuaV4ou)R$X!N=e#rVlaK>%c|N%#(u! zOc>8-Wm?ocA8&{+9cx z_`{(1Sw3FNplL+1^5K_~@7$XA`dAyHyW8E}ZgJY(-L7ofc()Cj$s<<{;eN`Puho4=4p9GKiX^N+_=8qzYb8F zm1?qSM3PQV&o7S9-|pq{S=o`8k+KeD9Jw}?JDx32pO#8JzEpBnKOpYU4JeTHEoM=~ zZfjebVDARZtslk>Fu3vJj4}6}#@dG9XvVSlaP{_P*u0@h?Q1t!c~KZ({P2?k9Hx+RA&jKYKxz77p`Ne5s!pHPTic52oSwuMVC((gD2Z{Ce>cRb$jd{B%6?0w(_b(v9XUpg;1OGrq6O zdHKofH|!&}D15u3T{@wP2HGquPiDnUl4{2CBdMJ=Doqt4kTd8HO%_U3NrdAn3`el1 zycX7g_F)`l6XY1pj2o?*rqw&)`DlsIk%dLlL|x&!$ESt{q#;_9BSJM(uO>Eq z8nfhQ2{kjjL&?v`y}=i;T#6)MsDq^3ar$q|QAzq8RA4SKFK03Ba)qM-S>)5-`A`&j z=}vD!aL|nS!k{m|mUcRK(bDiPV_@dcSV_Y&*NbqStTtV~Q95|-BP5Es)NBL4_#+ZL z38Q31O6Sk*7xS$=P5xhk3(Y2YYc>D#(?^dU7@ZSUM_v4SfbIb_Y zd-zY$s^rV?zW#I47jFbOW>Z(Z(qn{D1}U$&vz8Q@$`6wRpV1lR&V{UVA?sYoavj!j zAuGL_8Amcwy0|e(vWQMd?NZt;FUi)KCbC%gb;Y_0(?tcI1cEZ?ilH2dE4bB`^Iv7k zs3wz1X$^#26OHgR+h5vnnaUSb_`LI}*EDDL_DzL#qt>EPzo(@de%ZB}udx6^kx4LG z0$w*o$+9!p{8(09kitw(@N($aSL)S6^dV1fT$ejPXhod`NxpV(V@KAvKI8hwh(28L z-3FssW?ETzY&1#d0WnuNvBCd_zyI@L`K+rAJZ5Io$eo9Y+h7;YE%RLV$(beiSmHp_ zbmi)~v#ogXK=2?#F~i&8VDJ#fxN?*6tlnZ}?n#qMYZp?l)@b=u)}a&r4}%UGSbi1W zj-qxO)286aIkahfodEBI0TpYk?+tK(8!k?MeJe{da)Qdt?-%!0vfFrj$ooKeK*{^E zhc43-j74g7u98@b;vRO>7F9kFq0;FmPLWOHAt#2M>08JPFG$56+`BmTFehrb;2Hxo z@BNGe?9tv1HP%#rP z7nlR3)`i=8O{;R5YV9S-i(k5;Z7svhOpjtV+>zQghVEJXK>pHnTXTLzqECi4;-!WA z$_a%amO}Z&y}^a}ir^CgV_v2wQPR{^++cN$0OfL;9c{djeH?~H_?Qfoa6-@o9l;6U zCR8o}(&bK9%nv)+LD6=IW;JL~PY>tplg17^`SKar$DDYosLjU37Xa{5>#FewEFII~ z`A$AB^*8SUXyg4m^wImi3!#iJyvUm`;`$Tae?LkDXfeEqQN(^q)wf&METoMN4< zhZ#QXqxR(4n^Z?GpdJ7U?#?#U=I{Tl%M#X9(BPrFA-`tqiHIgrB3BQ zJTfH=^`}7#V}=hXrPjD1LMW@*mkhq>nywdCGvo~0f_agE6h@c|B?tFTdm*|_LYMpX z3Z_40EeDEULJU&!GyYNL6luG7d^(*-&H6f>NPBbbbRvdp?Q|kvolfMck=raMG1yNT zgGLO0#Y{PH@EsCL$dd#J5gLlgMMTh;pRr#@U^)V`>C()khs*@=?8POAR>;I9^R<*k z&c#6KDUiw3WPlCDh28QXu*JgnWNsCo-MWz!y_^SEAjwduhtJ~VVeN{HVo7aoxB1)H83%tM&;Yc^5X(?nN)EJ47E8+fz{FGr=kCI1WA_LeDae{=GVO4hG&7jB zttSv%Et_AvT-4w=oG(1g{cQLtOYIZl3y|y^GjN!$gpYg2*73=QF8q2ZKQIVR* zTvyf?YcocYMpVTTvo%F+Z)W|{EkChTkfu6zt`rva>Lq0sE}&FEKF!DmCxbgc0>&DL z^O2}e#&5b*u)vT+6e#FU3=_)xtOO8ExjAs&V{m<3I^lGl`SHCBmn{%$#&#f6aEh!} zAfe$T_>?+Rp4HUx=}dWLPiM;OOnIFt&wM?dDenup2%o`}*Mf0PggD74rfM6Tpgjl0 z7oXD@32lU9|>bQ zc<){i_x7CLGVVDK;IQ}p@Bb_AJ%k_T^fUd>9RFw5b6)ejZm~;p;qPt~YQ{piRHDX@ z2NMp)IUV~!r895i3CqT-85uRVjgtHCUd7@%Hm zmDjrR<8%iA48q#wyuAr34cR!H@9M43F(pV9+guY~aLL7E-HEaoNstXHxuo1DLN^o! z{w>dmEaYrAa_Xa<1Z&}$Ij98c4!bLRN~1{i~(>dIw&A8 zX9OG^rV~!mXmEj>bCYc&A!c1ToqX0a-fSa@vl~nSNQTNDg^pH_jJ|I$RdP!+b6C-k zA*rL=n?iMvaQ6GvT!A=qGTvC7Jrz?-*D6-$Pn8QS-4t!&1#UbFc+Gvbe7#&`X(w#=!HVwaCB z=cwVlcg?1ZlJBlJVLKa~e41Uk$|h%s4zit^Qy-^~xk@h`-vVN`uOelaRo>Akuc$4M}VPl51^6Dv*yDM01QM37e>!hiaqCM7RDTZDt&hk{_5=&PIm7! z=HbW%7JG!L_Pc6I6xDE?mLBi#@W~S zh0>QsH@6%guaV92MWKsi!Kw{$v9fiIZrjUadBxziPg1F%aq2%)2OSMC;a{cwMC>CU znvgi~j>zCTjdQIzs5ARZpgQ&@>)~*COvO{_Nlox4KS@xvGR|0Ch29N?2p!< zs^*Wr5>BYg3jV|u1%I^O_u8-aqr4xbw>9cg;JVHi1?qnE@=7u$Svf&7tJOz7$GL|aD;D_V1IyY_^iYqF;l!#d7 zzVo8IGAf9HtzBR)4iI@i%4oZf!pW|y=hM~m>FW8kT+c_l&&^eQ^oV~uJ*FUjjRNxh zT)s1|myRO*_lt|Sx{mq*?0azi9Cm1m`u~CW@3GI~7zxTlQgi1zQQ`ww4{QVJ&WPvH zavEq&N%e+T^2+m(_P|hjP9_*hCY37-ps1CzWjtXcI3zSwEnxzP>^^Yb%BUk1p*U9& zh9zSgBt@8eK~s~)a!A+itq(h4Wb8i@jkD#F0l2Y@E{t!3u}V+0M4lk+^o}aJ%f(lG z&%{bD=lt^h(Zc)n{FQN3f||<9_gHhz`8D$Mndq}6i6~goARE1rB@+uc^Gn$fm7bk5 zmXg-sO<_a2c?^d|Of@Et1iB+~ooz%?q-HIgiIsc47L!*qNmPk101ZgWB8q7rjmH!W z%*&wD0aGbF@wQuqjo2(0A6~uv^u)xIs!+sUEiAYGJ`jXiI1z*QJ(IKuRxVdS>`>)Z zWyPqScskcU(@z{{p$NSK@a59_FJT{VjJ)-%RuG$9kJ9&FH-=1z zXy%Ol?foTB5qp)rPuMSeq0sGu32?+(0%vT6Nq2eSa)&=Pn#}(p^TBCw0TP#4_ zb`^E;rPiBS6760-!}?oZ$pIr2J(fW!sFDh5;59xZZpQeI-5^G}U5`F4UO|p7`uU7Q0lu){z)O6@AH*vamiYiT$MU z>3HhKr{k%=4fJirQ}YXdX%Os%Pd-(A7L6%g@qLUnAtXiFzjNnh53LDt=E8sw4_!WT zTZp^}{PuJLc!w<3UqXj0jG9{`i!&Cn#`GQdbQq(<7zQxvFvi!2F$|j;H5;>^mchg# zciq{G*F&^QKRtwNHx5x5bA05CXb@G6a)r^ZC{d->N^Wc+zc@rq@TagQb4}S*#_S}m zq7MGQC#|r5y}UfTKpc~V8lts~LA$8lJ%I*clPjIW;wf~`fY!e@y5&(NbRDK4l9XIM?v2$h!3 zScdj!#rp`{URAnR4_49x9G|$1>SiuW8oJ`9$&Q zI}I^RX+!ntcEDw(k~2^S*2EU-6RIT#CW)H!jw^Ldb!U-^c8#+Fgf?QM%AAT>Mwqv? zbL|m*j{R^sX~nar!NsI(#?nECt0xY-0(Xj=-q7l~xfhtZ<@l=k|*e(qVuO18iXl9R@IJz9nam zESF%@Er()usK1QdDeQl}XGN)ucupO)i>~x)4KiRlwT+7&A?B=kE!VcT=zL=s67&AT zPGpAm0#Arw=$*^W_eo;bW5+OV4t2ET>hI#YWYKNG!$(Q4ummqv9|NSEcyi7C40({B z#*g#(np;38Ktonu6b6*ECwAR5P;U~B;{gmaU~~3+7!1bYd-wiRo`QjX8A#nKrt4hkt z2{XkyhLN!5a14r><21_Bsk-#16LcG&PSE`}kg;V1TLukncKh=`ftUVubpA%m4Z;t7UTwn#I2OmtT9(#mt|b{t zYo{xuBc;sYbCr^-NO3hvJ^0e%@74KerAZch!4%#lJB~w}H%Ab}rg#0wt zG!SrFTSfT$GIFn1W@^V0jn~WdG5l_ z97;a)l8q(?CujW>V1(PaB5q9J5Lum0)ue(|_0i)#JDHyIKuq)@CW;hw)v{;^7@`M> z8!+TT_7p#|mqCILad6IVPo!0;Cr1>&r{*Tisy7W%lhPubI1ggibr_rU;g7y2T0X3^ zl9~wu#=ytsxfL|DmUc9Q=0*oquDYIA%p8)_D`yUyN3@~l>@xSTiMC8GV_j|76}zsyO}Qd;*RH;sOen#KbYS*!Z;V{lkVm>w9nuXnUS$c` z^~V5hnhSYGBAx{XCJ?kg;%l}r@CdLfLA%yutn3u4@=6gKOu*D zp6GQi>2$n^D|z|MEd`$C;kx2V(p!1Z=CZfxAHvn&lU@ zj5hC_@V^1Yi+nmK{Em8j>rVJKag#aPVcx?aQHAE+lcL`p8m<;5L?vHrocEA@MOE=w z#f*y_S(|Bsnk7Up@!7~sMD&tZY-A@R@-FXKYHhAH6s^E?hsD@F;2y~1i9!I=WM;;`QlYMhz6i41N~ zJ6$zxuAy!N4SXTt!^h$}2|a_P1@E8dBOgIJ&wgQyj2J;wTZ7dwBC z&fh~loxewiiCYHK=lAz8Zkm`_q%(U+1*~{92*(g*1;<-N-6NMpZnUQ5yyI&-zP1!b z9bbEAu<2*ZnKlm-_l?O8sZG^Z^TQpLxtm?}QT1yy-t)1s>QSb)*SmD@Ry)fyO4Da zu-X8NaUY{_ImKkMKt>a9l?k10GcVp1911r=sM#w_e@^>Ke-UjsNi&bmPH|UOs5Jl< zp_8LKIePsibaJ#&b3tTMr`DsJ%h!6x+0B*T4j1NHsJ71B9nVVABzSOgrkxp+rmX}AnMJLp96$xUmd?8UL0P}<_}ma^`L_3!9*{ zqsXq~G#HKCAN0BBDM!k8QG3pet+O`U_2JXu_{OKh@g0sYJnOTc8FOKg{Zz0OEU1Pc zb(~nue&+E>hedpD zdwO!bbyh2NGs?!#tQS-8cEPJJI3q=8%liK4zk#&k*5hPGUHz6c{s^j`z26eeYXXez*Cf(P$oA-U+s zZ00ZK;Q1r%lL(CaNV?>Yh^q1SD>aJg_5Jd~&D>85FQU5ys5}fN8}4a3oRfG&2a!R+ zalgFnJ=n**AxrcqG+eXv|Mr69>7mtzKo7U6xVC)ON;!^CX;pEBMCgubyj-G@a;D+E z9Ii5jjV%(v#~P6oR{0Hvtm0#dNAOt#m!#dy@d-XQ+$BD{4P#ALWeE&xjkalD+n1L#G+j6BpN>H67gxF?~Oe(F@M*@UU>2p zKvB0wr0}Hy5VCfA8sEk^HSqK}HEa?t6V6WTIUnhweUy%(;s8@`EOajrsp`JRBbedM z2qvQhSe!bX2j7h{I-ZVy==g{Am(cMKM$L^a#haEg)UZ}d%Ec=En~t#dN?QoT$+-l? zh#A##GiEFwlP6_XNN>4V_}UDlT$cG1q5_v~1=Dru{48~&U!HxXOXv4(VdT%B&d)|r zRHBVRTZ5Pd<5~I>wy+W>UqJ^WK@uat5T--?;U8s5g?n& ziDfG@kPz|H?aPKcbxTuwE$JD7f&wrbLL}Na82EHDOw-fJFt+RXMkuD03?tFIHCFjm zbmYdP6hF{!rAQ)&8Fpqv+Ctcdgj!qVo5Ta-3U%4bndw?j(&4=0JJN>HC)?EOZjzqx zZeicu=QnHx7`OIG!mudL=67r<=F+^{UjWRJ_fzQs|AYy!U@lO;fZZS_Hf|?(@1?(7i1*^ zSU4sSLZt_(eq5fEGromgoP+QaX5zwl3ERR-um=X1X#>{4$}pX*(QccikuBU>l_XPg z&gnLZw3$X5Rr5(xoNR!PKX0m7<4b3PLbshB)@rgwh_n5au*P#VNd>#JG_YnVV2#ti znx}qkIq^;-KiHV+)re*QUb$h>F%h% zgg*z>FYlCw&lM$hrCN_G;Ceg<$m$U`6(%z`n0f*Hh6gkZ(kxKDAqp%#{+W1rb>)2` zwt%V(;N8%R45ZnmLKV-030d+s9FMb8LYAX=5aoz~9~x{7RlNFt2af$c-uqf6BbR(d z?*>4L>6m(P=o8f~V3gQ}OAnGN&lo^d1%Wd0fWrq^x)W88SG&Sg{f6q@IxYjkBhZpK zs#-E$actccKxxT{CFLk@e5*9J8=hos$c?dwWsQjYf^QecIc1L>#`A6~{!?c$-Uyjh!uO68$`klC7V$tfxmR>`R)W8nA9t!+U zZ*|Zk_GI-4F0vd?7bWRU&4ik{mAXzJ63b>k7=h7L!lIS%uA~)`67KYbG zIpE&&ww6`7r*7azm`l-xvq|_ve6!+{CQ{KToYaa$nQ8w7jW?GewFfO;XoH(HeP_t7RZ0nwV%7r&s8F1YAr&$O$@3JrMAk z?xlejqq(Ki%%E2=i7Bh3%m=N3rg1b2`;>*BP|4Pz)lA<#tuRmHaCR;`#tu7Qfx+0? zg~QxcXBUn-YfRq4N$1WRkJqWgXW|rM>bGL#^JLLt zHSkI~4d{bMVa$Ag`y1Cy)PT{k;ne9N)nZd)`(RSi+>tU*+G?ksmLnv*u_W>{5Pn{HUH(<{> z4V*Z0?e|3e2eQd$BkwzJ+78WCPrE~Nl}+0~bK5QdT>F}Qoi2FMoYJeE51gR;rdVzA zIiNu>q8Rq>ig~_UruS?@AanNVoDWk41ufy`<0>O`bAnA;@F_Y%0Q#@`RKqE#foSzs z_N%0f%F)nWWLW@5iRSA9C7lauonh0%5fQTqcRb0W5bBe^5p|n{iCal+U%EjxYRYEP z;j=ioj2M-r4g-{>t8aol1xUF2D5h7-@Xc3wj*`o?=4(b`GmGooMGS^0-)O5L>P=>i z12kcvzL;a>>q^s+5ppV1##D4H`I#T`=S~tS0|UzbxUqnb{8;_C97zhK0b2my`Qy)f zd?~tl3NcA^9Qw<-e(d|HRm2(0-Gm`KGC-eDd46Hgxo+Ph+V32_d{I~lp5yX?`NRh4 zz5B<1J^1ed_WJS19(t_Z_8$Ioz>iNlc)Jd?ulgW!k0_SO3lb?h5TYalBx=mQgcourZCPMyURZ4juB}9=4R%8j=Bll3`wugK@hvvKMrgX;!;alhhP^zAn8F%fsKFyIFQxQ6CSr*ND|sYa--zcSOCY( zy(HFM-Uo1NF((U2Ns9@UaYfni7_N+e%wl)zphk$seFUF5uq9f}1H77B0g z+W-wo7FLYXR+ywJUK*Cqa35J2>Olpzl=xHs^8p}5-(4~2MJ`Uzs@T_#Piw$|$8u?+ z;fNCds0E`Vw5m%no`qrT>VEg|BfyOcPQMU%QySbojyOvfFGcxs(XE-YR5Q2`*_^6* zr0nu@3sAnDJ{!5d9ISFIGi?d*vE$i`Pk7QPejIrh&S2trkn!o$)toxERY5PNSSIJx!f}&nWg3U z1m*b5sw_%U5)0~w>*rpJ!mCd$nNd2icpEAk2`THTD-dV+9aJ;M9N>7?X5K<5B6(Dg zq}T6IovMc5=jt@rbKZmr{^!Lf59tx^(@E&Y@GJe&`r`R?te4Ka(XkA;JVFs+8X1pO zsyGEEXbprE{vp<=d{bjFgsia}ghAh(FOu8RF$8Gf4;?Z!!-=8D^_jonjGNDpvz#m= zj;xTbB<>Ul$J~vk=zs)R!vx?Ksnga<@L`fN%_j8)oKS;S66EdZ^-R}7sQMKmf+nk` zwOgbG^o!JkPl@Bd>G@{_l5N{G- zJ3{v`dY)#XXoN%-(IZ#T!vH<_tG8FUA-&U}#|c58e!nrqY;#X>RzLrs;fV5hln#Q|rbf%il{@Q9EN6Q}E$V1k-s*{nAE1@&8g;`{Jb(l7-(#P}F&Zi!(uv7+BDZ$rKogJ0@rZ=dk{{Qal92`v z=#}RuD7C$~a7GNL7mDPTg73I3i%_eD`J%=G+Mu4-;|N524Q6Xr=22nuic1~W=j@Y) ziJY>?u(=mBHECkE7~FUtcEZTx=SVcRa`sW3LnS0X6sl0qo z4nMy}K9}c(=rl{6jJa8p;%(7L3yta!m$B22krBG+{iDHq7T#p>b4lJNxz1Jsg%lP& zYH(UAOufGFfZB|fY7ew2c(5_b%BLsRd@RmREiAYGJ`ZLPgZI7G3*KD+5My-9n{_PR z>0J9vKXJm#jPU}3a%ugSu#Y!Jd3V2xEdJ_3b&34H2FDS6x+Ivk>$r;!C2N4GOXP2v z$UlP|%ZKf9`FFYe4Z3u>{H@pXjUeT_mCIj>4<@?PlxJ^CF>1_2=c1Q0Zq9;9$y$au zFAM+nH*oisijPu=)*JoUGMzO8s_e&H_-vXJ2O z1x9P&(;*$b0@kx=z873j?Fh=8wJB(olqYh(yjTocd=vezCjYG6bKRq&wCPwK-*z5ob|3tXE~cYc-3Z z^$Nbml#A%w&pn?wwev8d;|7(mLWf=ISKVc5{N^(?8pRyv5PDrx-L<5mUE{0({f*eD z5b`0PEZfZ6+BpJ=K0MJw8-74mS#PALAl0Gm(P^U_3ablQBZk%( z8iF>yP##8jwlgAq^LfRf$x{|}b2LsGLw2ao2+8CMVlUk#{(b5uso1!loCCC%KTpH# zE7ArE;`wol0h~c1WeV$~h@3Hj3Qklw#gd_Gi`Qsm#s4$(kg6rnpdBdHf*rY%-@@on zTL1Rsi&n(A&*rp5)3MmcH12n{+^V%8{;#lz|G&ecZd1UlP6aB*CP)`<@YY>!v2TS| zJT~VTv*>1B#&;Y&4zW`^Lz?nXI)Xl+n+$ZLO6Y^pPpz<#d&k)DqsU3{13lu$!E}}+ zW_!72N*npxQ1cR(_CA9LU2Xu~%E~aOli?&QSdQFe;UrUc>LnU{qaJ%AXXmA1LiGq+ zfFbDh>`z=U^-i0A111Z0ZJfJdLih0ZB@*kT$_R+~OQER&>Wsg;PE-`B=T}xp)Bq1q5cEtjwJa zzR{HV05s<2)t^%b%`iYt==u;6XY`-kjsXn+k|M)wt?%pQ?NctSvh$5wOe0{c!_qi@ z{u(X{IuyZ@%=xQQAo{v5F}UlD$PFrxow= z4L}vnyip)xm>7z}agp8aNaxuH1`w38wd(H0C~rvcn}Y|zO_4j}affUWu+3?5Ls`j~ z@N!VrLgoaTSaaRGW)3xr-F($n6i@4N7fQ;yYHfCmeoq@$_QeIpQ;^4$D0k)u**sv3 z2h@39&3DguaM1g;GWxVR+8A5Y7KJjGLR&q;j24;hK02ZoPZQIVk=DNMCZ=aYJaCWO zKM%w=wEOt7x?INMh@h2Yl(a^6fX>+ulPn>w=xR?zfly^JY`x{oB$z=z?W=Fy{YJ`^8vv>yMjlxzWM&%}E2opAN7yI&{Wk?l7@ zlp%fzv?R3b?6;&pg6&~sJ41kwaRy8Z5T5GFSop-1vF9u>!$Md(s&;bFcp-s)I4-em ze>~KN(#N}9ekrFK6Su>=a@z&Os5bi{#sxTS%gaz0lJJ#*dK)z?Pq%o$bSkKF3D@TaHogv z_HnvDh=V`nK3GiBu3yVsr<mO zDY0D zhgdG@gT^B`rSw4xVHCZh(gqlVao#Z!QWF*E%_!-WI6hq!zlJk0i=qQqVn=)2v|j7z#uehktn2SlS` z*Y@zgf`eyCM@-msMBSQL;;5vws2UvMZtMvrxAj-8zc#h%#W#$U#O_#;EiOaQOB+Ho z*$ECu4uMlp`SEE#j4CzK4f2m%nJ# z$_-p(F*Q{#wJDdVaT8OQ<4lQ{=2uEU`bs?p6mhh|^e%H@`%-yve6R1S2##*BeUDu+ zq^hEaD-Jc#y8?i}v*s1>I2+RLe15NYCcdJ!7OD+P8jbwW<$MxTHCXr4Z%5m5=*ab@ z=}*CkEDl3Jo!>)v%2x&${b1K7v!-w$k(<>wrHor8TzdM$W%q-=Jbom9m1krm`TZim z1#1Z!LbEl%{2~|>R`d?~hO=gOg>{o1<&Ba;r~mjkP_CuY4vh@f(RwGO(0XW5Wg+9z zZP=Y|Y)}Ql?yQ2~oIUbza&42;84dY_+Z3^1w~Sv$u=2~Kg6p%+D^V43?D0rA<-gVw zXu0p64h|oi4@!Z=8BX^MlcRG7P%&$g+MYzpGA?yasy5#;Z{?VJ{bWR$Hbo~jR;|xe zJz65ogWXtAtHMIj=d!7?oN&oLviQss1C#A0Kr=%!9;6BgQ_hKeN>2RRXDL*b^kHm( zoxA&2d*c#SRudXsg?}7*?vHH3P{i4%fi#d+3eFuPQGFtQodv&YZM!>S^oa#5gZ>%2$ zE8Ml69|$F_60LRz#WE*m`hbRU!Oe!S2uQz1&j}bC7lY}D?$g&*PVwsxZW3axvNh_h z_y9E=Ub8mXQ!Q(>&(mO-SEUXG4Qc?wZ6k4jlko?H) zD4~m+qt(@#c%~b&zvwEw+RT_kBxcf$-gU^{Hv2VCcDQPq(Elx7X#Gh zu#}~(u8}1!?thy?kJLPi7k=L+kEIafGn#StUhQDzlV7!dCnF3$Syr_^uMlU~V;B^J z$}Yw=?S;M^yn@(Ja@K|uXt``{@WTO%DJKw=pmYvc|5D5X2bWiF*p-G_rY7)=m=iT6 zEKKV*B;vwIaPuHj&b&u6060;)nhOcnGz2nrJW!N2A3B^-H*BJNZ^%V>CBN1(`~FG4 zWr4K4AaG#VEO$yl%q_84DE?TahI6s#)|lKazWe3t2+TWm9%1Lf#>pj1P`l!0ztKkN zxZcj~sfxUA3t*t3KvjQk?>7qD_xJ!KU44v)$liDgJ1k!kW=u zmU+4A7$9lQ9h^2jYn`trA;aMKiHxfWvh|cTrE7rd@XtZ^F{SWQ=XO?;TxQGyN4eDn zXsJw$5_gzDU`t3*5!fCwfUp*k*GtDYa|atDe!b_gN$~UtNF7DzR5OOnLBktVf_$CJ z%yFRHnr2|USDu#ZrK%CKg0=H(hD5KV&!$d+_3(j6IkEWXE}DUlAh|3jGD~oSpguvnAXgw7`Ydu-vj<{j8-50P+?V{1N(dW;mX#pJ{Cd1Cv>J)`u5($W%6nfNO?NP=f}7y z?%9ohiIP%v0qHm=5-9g>385Ytoo?@7I zmdqmCCZND(8Lq_9UlS+20;+o?4#*j#$FfE5d^-8DWG|tcI}d^Y9Y;cTFNUa zv6wYx+x79$N@;MUHOs{s`|+;Bd|=;*6orh5CR$xY>ogdc`4L7j&TI9QKT`C+otLJ|hf@=NcZkGYsqCa3YO4duMtQnPVF*HLH?syR` z!|=0Phf7EXjfAocGlXlJzffYWSXT5#gw^pAQ|>iRf>=WEbfg}wl?qi+R!5(;X02-M zC^N-wnh7QZX3^tjjyd*nMj-G3XYYQcOYMy^d6DtOAr;lWjI2Ug7svwSnTx#tC@li^ z<*g7y)>48G86LN>Oi>5C2r%skrzVFXPk?H2BLm>QJOW%=?=p?^YTxayfo@2ZTD`u5 zYu|6t4iBuRN4N7#O8Ot_!D5If?LVdXG>@e8#CP$iOfLX-MgQ+NVz@&GJ$w z=U*MObPJo3j;AG2=|7WVF-QcnwS6$5{?bD${&5AykKDP!xj>2U7kYa(-4saiR`GN~ zPiN$wqB9aXv4zW%9R=qv?`P!g@l?u?qD7;3Idhi`;K|Un(t+mmw}jw7|J0^XM=@guYfkd7>0Vn){)0#!G@EZG!4WPXtyky2 zthax20Y$}C#A+7e7MXGcH&zT^BHYm#ezU{)Fho*x8Tx9U+U3nuX+NNZ92@*h1$9jf z?M~`v+=R?ywEfGfxVtM7J3%h%)-4vQKLeSD;hFx|p-WZ$EV#`vC=8fX7-Hw7l^hX}Vy ztRlQU%!I(1oRu|9ZVkgdXmc-%pdwGK>EbH@HmSdE7YB_TkLqP;O$RcUMxD@qY5$@h z(%4d*_-h8OG*tyK3~k-49`u9Vbd`HbC1nCL|7!F~cRA` zfo`IglAeUAdJL8@DRSk?p>mD`sTwHz3H0YVcY~~S$$XEvr)sEh)u;{3#M0@=Om2)|Pu|>Wnj*iz_qeB;OPrOZ1IlY;$VMXjQG$T;#kw zW&viihV08XgfwOtdnb5$9?sbk}1Gnq*if2)jkz7aM{6- zMJ;2D42SfbUZP9tj6Oo)(bY-GtC~SfWz}-{#Kaptj&weq&H&x4*Xijiu+|@n(fmq= zLIB-$V7I}u3|F1TZ;KU*^l^VBZJh!XK=wZ5ES6Kyxh8;OurbX^9dj0UHU@LP%+$9F&Uc?wm1J&^E} z*tvezN{6o5&+hzqbqQ2^mLnCf6;d_oxxEzQmFU#@Ssmy&HAJzn{Y9o-ECX#Lu&a8} z5GKy*>wCQ@HgNtG65?T!Nj}G{cvzLRgtT;lb6@=1J>UsvRG{lPH_)KCdVCI=L2ySo zQwR9-AY76?Hk>~hUOmTO9%ypfKTl`R^I|jFjKkFQbZI-oIG#yxoA`M4XK?hVz1)QN z`l-`CNVB+kuw5?eHAA*qpc||yV8qV2+rwqnvrb@j1z>&Oe(%NTXF=s#;K@s;M9&@L zAr@uIy831(jMOy(?2gV<(-Dd@bSba^w;ayt7af1dc2d^4wehys$8}!qQ8W_k?_Id< zb&L3U9FR@`ZG~e*B@X-tpbx=E4Vv*mB&NugIffyi0sUHQ7k>mTuUBXQQw2df;OLC) z2b*Z4D-hks<0QYl6a%O#$CF47CIdj{cnD?gbD3fWj|odJNTTLnM$6qtml4>anWwO0 z*E1N?Ca@I*R=t71_Yy74A!*wU&lj4{k zIP4w}mfEd{N|rYhlSDir$ty~P>oG#KF*cqlRcpaiDdZ=qc_tx6*`JIC+W#5+TIp^>aG6gxyzX2Kbi5x{%Qz?It^ZnTqr$M`C%y&|fU04KYW-VZ5`)JQY z)fHxgZ!e@zxAsI_yw4uaio$ote3jxrK0iV1q9O|xfl{-8pI>3r5banN2mi~T6hxA$ zz_@L%K{N-ISQe(LwXO}1@3YB3qj!{mqGK{6K)LX0Ub?@AEqf(Bmvi31#4}~$Vz`sT z!m~9~swX^@H`h&5=o>J!yNnsj-R)CP=k3lF&}$X)_HYKE9nmbP77RwdZ`^d}kCRcx zk|E5&MHDBJ#=`36Ejz+YSCu ze`1G~N^MZ@$32?bz!7g>o8}?Rw;8Ac5-MjSI#J!;6R+?#@+*=MI|BWyU47` zzm%9V&(UI|v8;@$4)tUQ#IgOQ2bU)PAHs_sfXGf3!VtQa2|+#{#V=$~uR^d~-Bp>B zabj1)xi@jN>!PO{B=B_4umCEAA3#j3=58h&awTdiOeySfuS-FcV)-5p=ez#rpz<|P z-r?|ijOjT-S-q0z*dX~`N>tsmh{_np<^U0nz|?tWI<3xI3g-_^6!MfB6;e0DKWUO7 z2T?STW;Xu@_75K>QYs?-yAii}XnYGGsU~$nez$`}Kp}z^%mxM#7ISVfuRbJ&{SA^6 z9U}4UB7h!;*7*7g^pQ|z_xa-J%=&T%a~X?^>p0{ zcx1h^3t=H%Q57Oms8&br?D%JW$~fm|eG2dH&OpThZY$zKN?06~Hy-Vxs1ttyLVus$ zjB!6cA~bQbOV%4|&GJUrAYCGIdg=yMHIRqCtC3Y7rn-3R`;4_>OSH&|)zqwTG4B2b zUoz!5069jcEh5c_b*ns6E)!7!_&`IFSt%Bxw6@F@wS}i{JPTh+#-L_QdH$G1t66zy zDY|(jk=ggJF^yT+J#e|}FS5l8%+N`UfF~9UgF34B13m| zmaL}@lm{ucgtT_XUg-v@?yxzb`VfNLi$#w|&}^&q$}`o?uXFCd2JP_4;PhwBzgJPpVF%4u7$PIPsp9_a9~#GcDXF;0N9Y}&Y_els9%b6D6ab^Z!gkt`d0o-zpe|^10IK)K)AbL= zq9KHV!rC1Z?k5WOCb;l^C?QS^fa!YWfdLJo znmbHGhtp~E^NQ-_j&#FtE27Gn0w{G~y8?TjaWB28Boirki(P>7hMc9k*zdyCQ0OGC z`-?%+15sA+Dgyb^-0<@Nsq-S@*0HW31`oqpgPl6l^!Wc^Y`XmzqSoVaHC;gDG#Cu^ z*vBz;DWv8@N!2hN41e~1&3@2B(duEJCTEO(pac9-cc|hNqKs?QCZ@69^ELEu)R{K8 z{|FQN`?qH%F1{V|c?u!3e}!mCqz?&Anp$&vebK5s0dw78O^7FUNekyGoJWHvFp7F? zi3RYf)KqZhx8$w{4l_%+)`P8N>jSXDLVf~5hl5xXeRu7oTE$x=>d%z@m6*I= zk3IonLTu5H%|lzhIGTVU0O=`n0L`0Y*{{knKk=FqJx8***_Br+!1aGHZglkj#kiT$ zBbyy$LOz7V7$4qLg|MCNE^`ip7*!q;AIS@^tE*){LiQa#1P)~2A)y`Dfk=pT9^6ZQD zwvq*Y-%~(m+THCn4P_!`fzfBZq%^g~kRO%HOy)2H%uZO_*Kk}KJ8!x{tilXc{r?L4gJVqPogsKcJINo%V0fvFGB z$;c@Tqum>7#5gh{Iv=Gl)vDhx#ID2+0=8&z1DlO{BkT})N%OHCMCDRVj81{mYE^g+ zu^@Lo7$i9jQiNWq|MhfJB0ztQk3B$j@@AWXC4z*T-6VJFonAS!T=~FV`(R;HJ17KI zyVc^HJ~^cAL|-Xq+$X7Ci4D^;mj-H|jJ`;re;KH0Rvcq5%7vM|anpSxn(LIDQr4>1)R@lLAt$eU0RC8P(K6gqZ(tNK zQ{Go^y5Yg4WG)+lg}g~n?H>S7Z|olcZ;rAUsJ$U$HYC~n;K z4t6{FV1OOS5U@;FlxUp4mG8S-tc?JP0I)s;n4?Dp%;KHp)Hv_Q%%+y>MO28^ykVXI zZnO(b8sH^ixpW*M{p>?1I{S7A7d`fvhO~Cxk%tJK_3~G6in(3$otO2J132Bc?<_3O zQH6be@Aor9yncs5gB#~|S zi`lO}$sSY$qTGn9)ES>gyQ`tcr#tv>ue+;>-Y>oP(}AY4T^wxQ4L|R@*M%nF*UyFh z{i31U?9Xc&E+79FvxGx$wwF<+c9wtZ8OXwzBvzk443!ER=@gA3ea(CKE9Y2-r1dLPsi#lKdjPHO_avw9%SG5;K%M{R!6P-Y-*Ccp_Qo#fB3PuVAY zH-u9KpVpgBKO!~k=XFYLgrS$VcXoZhxfi(+kv$?0=?A?+mNSk+9Ft5_skjt#Mm1C^G_YcXX(&eHs}bnRPoc#igb41nX5kpMz#m7y$9Sn^BM=5 z%|k^RZaL-CK6?BL%*S{3CoDTC)jZw;AK--$Vc`Tk6TVCu{vPazyLzNq>h$OBF*fhs zD_n_dBHUg#f5s%1Q8J8aW{^t7xxOL!DG6-Fl)s8%X6WFh@X25I^hJGblGwe`!ucCSe0^`dJL z9?K&||ZCzF)B_|qL=_<>6`klJo|6fa5x}2|%0G4U-FY$cXTQ2^v_Bnz{*}rQ`$pZlCM7}<`pEM{^ z&^#_-qCk)IH(Es`#}i9g#3PQC+GJG4xOe4(Aymbvng(M=#gG-2-L{5uI&~=aHuKoB zji3t*wPutwhQMuO>+=h!!6ftA4fP!f1-0BBX>Ko&TsdmMNtB@Qfx(mF^I#`87d~k) zOtFvCX&s%X0b4Va2w`T1AuVs8ib^3Tp-!C>gDB5`FlSLs2!hg@C#^MydjBT<-Yw0> zz-Y-Q>}eG+Ok}>bQ}uFtl3VuN*3^wjs&sRETDoa83u86hHgR=|> z&39pNKM08a99m_g(iTkei*RLD2BUR$cN*xQ8iFa#ciFRTdE;`=0 zPRB}~Tit>OyV+U?KL$y?Yse?kF+Jqu;NBreQg-! zl9~13e*z?9e%-x$@#Ce=v+1BL(SShjaEb@CN~wU6;z}bbXE7xmeT?*SnK++OPN6_^ zCjfoad`_TDav1zxm~SVhkFNuVmw&eq^X+nF7V1$cx?o|VGLVuC{!;0byC5@|6IhdQ z-mx+9HPo{vr4T>^c7sM&hf+!llEBI5B*w1c;~&Kt(U=z$H&q#T`! zKh1YWv60&zRw{}sD|qM$uuN`}>|4$mK|NSU&aJR6I8oR%ymn`m74Q}9m*zi*(?|*?EcxLj|~|>5+(nJoKpEWzkiam} zhgUn!rv??CMNPqw$(0|CdLek~?qGyX0FiPe+$X4J9m7dbIv0;KQj>7mQON!k6O0IR zyAAd8`7LRU@|*&ya=!I_*R_L#SFn}ko%@}<@-^i?W@b55yegc1+=v#0+6Rn{P^OvF z2SI?VuigtYQQ=Nk*O+Tu$H>h0#ZuUr;!4Yfg=I1UQI?gIA53T2n`by{b4np5MpeKo zdc6La9aBkZmq&fl0k6caXT~Bin0N9yg*-((!XD1+*aF_6w9nTyy}XdXmOGYP zGFr?2L3{vykZ4BdwRNMlIodk=l3iGZc=?=uNWRJK`-X!)8SO$asN;%M+!GyU(8ZqS z`EfZz##!6qVk*`QnolL>)u^-C2=is2mKQ0tYCGw_LD=rcYZqB2%&ba^qP_RrQ)VG~ zTud=4`OS4WW~g@-$7bK^$7`n4E=&4l3%YTCcFe~1z4za4=0A^O(+&!&2oxK@)}aALbA&i(`&2C|)E&T92y94zDD7NoEG&I! z?=AQyFiMdzJHB!<>J*qh%~xd>@$s!@c`cw^FQT?*d-}T@JPb!0s=wEu?YkP4Ljf&P zWo*m_@D33*J{qW(g5xYA3Z5#|mQ!TL_j*mZn8$AJ$GXK+QH-ti7f-|b%S!|jNU7o- zY-_o`FV1KEKHK$H-t3xWHEjNHJ%V^zahR@o;F-DbkifL_=Xe=pbT!@>#&+uiMcFQ+ zeGG3|)Iyfu9KjA4MhBodij>(iAS^6xsC(l!>nZ@XLj<8i6}`Cl#5f+%J-WB6TEaSe z_Sd65xuJJO5#xqZX$N>Qbwdz2OWhVx8RP}=;3nQ~+XWU=FBRA5f z@fq-eV{XggQOvmJkg|Kwv#Nx~lszc(?JWJurg=XIB;Nmxg|_LY!8MiTtijcm)S`p| zUpXsuf@@_{V&T91N**a!>?r%bNO6o7)lsN*WLK!GO-G^mE37=RE-QOT|NL)p-IC6) zsH(cfn_VE+3~{j&OcDvz3B6UQS7bLp`H1ybO+v12=L0OoZv(a=S3$kn`6-pJb>zQ+ zey*{#HJqKb&pkkl@l+u%&v{9(%|vYHA7)(N8lNJkd|PjGth!R~)~9@bN#5p4d)1tE zkZlhR#bqPW8=}Voe&o3MlLgKP7_eY)DNur^hFTwI?7{?_jy!h$=r;A}Z!30_TIz%o zo^64N6_9>_M*?TaNCt*W?&C2M*`wrjL<1RD=O}E#9WeP=e1`yD&3+nT1*16E-i2$r zqip9$ItSFDZn9-c?)Q7M4j{S4QrHST#q7^LSoUr(bW2I)nD&%>y2=%Qo={e-WWsxx z%9PL=dER-$*czO$XenYqtzAL7rdVRL&5EHiYZLKwA5t{@rQ;%8^95LJ7+WJV5g1Z_ zUcg~p(*e2`TTC0%bNAWwz!D|hjjB3GOWXDe)VxVj8gpfz!aoMISBvnFXwGGJ9c|^A zDcu_s2+%d`XQD=_#s8jV# z)ho3FZ~R(h)Uz-v-kXTu)1~cu&+kVuU_4yxo_~y2iX@;C5L` z&3wzZIO<|zI`hlvD9J0|V1Y4W*4sxJh^zFIpc~FoYvD}!j-==RF~dT4IzSP8!B}%r zaFlNmJA0_I3=o%9Z}Q(0yI)HAj`CGH0k|^ykv+OG`axA)8GqRcob**5|DIIf`;$IoeKMxAmC=|_QLJkBJ;EF8CM{NH+w_YdofpbvjnaOcIU3|wqLISQZo@@ibW}m-L zttAOC($O;Zhy|INyu65=DJF|N*fOje{DFu{!ia8Nh~i!gUS)9xM@6TS%X=v-g)UTI zuX21gZCsHxDdqkX-qvx7Rv(Z?>Lzx5g&2oX!N=!N(1FHzvB}A-6y^|W)RFA^(t<5Y zx<~O#4@5|p!{g5VnL&lxO+vZycD)o;q;|m723(U1$T?$us&{0GvE3_WTe{L+1&Ukb zNQI}?eW!z279Ld$6(FP^GHFy-6z4!%LeK7k%8S`1GB3v8C^l(wa6EmQAD-xhb%?r} z?s%RIfsXY+)>^K{ZFWYigC%aw>4Ancg|KXTon8y*IYylB`TaMxAhv7}ugg1;M#P1s zv#rjKVW9@RL3y*}UAs0L`w=ps(mP?i-+u$mw&4=d$3TCrBM*iyn&ScJ=9fsD3MIV0 zxZrPd>x7};2U*Hc9i?8F>=*SYYT6uo&bg0Q-B2x*ar&aNQN#S-`{4!%((#7&h~APp zZ)FeX(|oVaCwa3UOBsHgk8_zze-EblbQsHNF_hDwFS4Y-M(Rw?#~dTlEE%a}w0Bpu za=XZ>m~$3s-WsG1 z8fpDJPOYz+SpSvA*m~N{L~K2d^i*5vEhStyzx6IxfA8kHZRuPr9Buy4+&up+;{8Rd zgp85rtI6a~=Do8Z)ckz0z=C|x9%&=8-tjWo1dGRp6t~L*_|&rT9*W638rE(bHp+dD)H*Z z9%g_4)A;pMECT&=#b2G=i4su|hzG+a--VK9L?8O}lL;;Rx8ns^c;CSJKX?2&5hZ|s z@AzV5>6FON|J?Bt^kLyGa?`(-VZg>mV^eea_L~yicQvlzU~%F8+)5xvr}5%0bA|3C zRh*aplnpU=Bt#aBv>JuHSfE>E+vfF3_}x7|HGM3-92}uNFHyZl`Rcw(ExX-UI1aKv z6&=aECrsxv#G5?L`_cMEju9m4fjS%OsA5pA+O=JA&+0mjCJWpdcQ_a|>%e6%4c{{u zf+-!9*VFF<$H2<;Cjju@A9+p3d2C}#PoM49Z>hJ-bS2TwnWmXFO*L&e=E`*UChI7L zXvOb@?9MQTb#q$qicG~APJU`1G0%OWh`ipSq1io4>%-{>1zn!jqbNZOVupX?1_2-u z<$8%5pmxY2BLYqFCkN{O5{_vxhpVCRP}$q=diVf|TkT4M;t@s;O=LJX@l4mmsGStI zwJorL-@a^0w)|T@U(VEd9Hl7UwaKw8TDCsnlk@xKm|Nyy*BP4u(piFj-h@Y@UiXX3 z-T9TA?wiN+&yfV#PrKClQJ?G=)wth=RG*au{a+UuQtu3i&MAqojWkdWhPGnKh=!xX ziYs;Z4krr6E=dT>Cu*3z?Tn$a)A^5fZ}RLrlTnsd5MS_g9uV$6PkLiA23JHQG6q{( zhSdpg_j}Be9wPJP4pyf$(BD03UG42P2N$_1(d))yC++Q|ysN`0k#K_!3v@TvB1`EZ zCAySuCM@Ej6s2`-%Lk@RTHesvJ&;Jl#3X~z;T@zZwAa~nU;hXp!%mBSDec`uwIjEy z5NK*j4C5NTM)G@g?`MNkL7rky>pIL&xX+;MFQnBsI&zdl z<;O%=$WSetJm$=LEA3XMjqfuqojqs%b-&xsAUTGbQD``Qi1}Ce)PSkUZ^}n$nT*_5 zm3^`q7#7&BYLxWM<1ozHQPT40LOYmrP165RWt{FjbVtjwn+;}c$+WtOTv$Fk*P1(D zUK^lw(B2G7*)7>+-Ec8Z3VH?oAt=tFdDQV>KMb=+#>qMCMKQvGf=-86G=Y*k*uxu?yVm9zD$0EKQm#;3Oi39`yjcYvHot<;raMu#3AH$ zp=K7Oz7f=37Fl)^$sf7K&y~0Wr3ROHv8FytDD}3db?0?Aw)M4XlJ

HS(Vpq_lUB z-&?;QWVV~%MV?x511fxa%7sQZntK~fXhj0i1&&%MQOvKU;ao=Y9L^H+Rwy}r{K{_o zF6ENG{0J0vZ4Q7}_r9N@zsAqM;c|IzKKfiAoZr7?zxC$7r+!|fnZA$O(nr1}KgpKQ zhtt4ZJ((WGp}aTo%B?luoeovKTG6#rE(C17Y90JtlSGHd_A8RPDM%Z_bl5jzcfbjI z;M3dvMCb2@RJ3`wAPdGVr%|R*2#$gta)e1CYxTjF8r$C(Ae=$`X7J`4A<{dJ$D&~A z8M`3~Tt-xIQOx!OE(t^6B5OsOQoySk+-_*JRWsBl+6;ZnA-<-I;RLaZfajV4!Geis zU(w*B$D|R+RmxnFD#wVK?)AGRmKoKDs4P3FpECPX3;i@UvuJ zXCxRfgGFS13J83`q>ot&9i+oFONq=n-szh(?#}DY2Wllw2&iB!gVvZsiwc*gn8AIt zs46$%tf$9;lZp%a$wgC96lzO|e&|CwYqAl~1QB+pMe}^B!05y7CR|6bu%DpJ1UZOo z8Bhm=H76@$6S6D#X!@MD7f!Qd3#XqV*l(ITl957^I}dYd-SDT4OU=%isW%&=OXc4h zqfB3xJ}~k0^?GAa-G!VpjNpDBmjlB(`tVS!x$+*i%QyS1s} z1z<$S^PZRmPgtFb;yHcYn&Lg=l%bA97MXa@qw+6B;3e^f`|M9?kJL3^G_XNTg#i|t ziW!aQNp$@%S#*%e?`OwRKzuF+LVqf=qa9>{jJ-#0eZn4jLo^anBdme0% zd7a~@73BNcY$}c}l|`~H%N4Od^&E;g6y2mLV#S{>Q!8Q?R#+_xD!+6kK7nxg(~?pU zVjShLHKq!r2Y1Q87qUqXGvA{!GI~vw?*}qG>vJ4;&WtBj$j+@L_E4B={~$9w_9?oo zU-}3;s<70^l2)K+e;kS~1e06{#w3EjEuL)D$6bo20S%K|q%-Nott5a9C6>H^TEP*Rd@S4LS3vU_}E!}!^y z3B}QAxED|iEp4iuRXo^qtlUHrwK=D#uGcAj-Kv@~c9rT|`fdt_9^W{lCm$GEzZ|OA znArwJEBM~#m8=tc>YiUy^6tW*<}p7{_$H*T134NElMnSpSTkWI!1bWhQSP6}W-H;E zinub}LEV4(RoW*nQdh)ACId(#n!Cv%_V*&<*M?~CenSFd8hF|kf9p^<9_>NFQ9JyE zXSu^sBER?;++kpSLj21#J6+N8awtUw(^T(Cfs(fA$nzl_vzct$aH2=S`FcMeHeQwW z1ft@qk{bT3@j%GiZX8Gdef3OtNO{1N6TSpRR$63|(4CVD<`p20#2p_UuLrrv0dG#Q zEp*=^T@78X+?eNiA$zV^LzghuL~|L$?mhpg3OT)i6};a*o?%P|r5F1!wmfd*KlbzO zpY)3cN5~)SYo0)fDH}af^8SuZdpl4>k#yErBFS`dIfTTkVGmL>V6=qg`5{iE(rpUl z^kie$=0YK>nD3S1!DMUF2e*Z1}#u{Okj~P>a*vZ&2f& ze;pJ%Hd8}?^~o);WGQR_L7)6LllhS%G2#w!ziaSK0>j)wHP2q-V7if=id-eQ-}4_x zwqiHTr$5S#Thlr6%0ZA@&u2PzK8$O!3G&`o56X{ayyO)LMiY;Qjc4=}I+nl&nN&74 zbWX!8)#@VfjYJ!4rvuM$4dfPI@*+J2k~1CUijL_b+G+tDWJOAubfqgQ!*+IxFx3<{ z)dj96{9%X-z-SR6-AN3t;zD)m*-8S27;LwbHDz6*=R;XWg_f||Ll%~lHyRbYl^AWa zIHY7jDXrutZ!}OS$`%O~4M8ekqmdP$o3Oh|fVbZKA67g*51Sr$R;S+7Vly(lIW|3D z-5xt1=Ze>M94o#fv{j!y!8;v1s$`SSSuv!WB~RaqO7CS`TAuJT8){ghYr%!A>jkY= z5sYhO=$b{EEn*uMT+=p+Tg{RhX`zg*(l%qPCKh5$X_hn8%BVn91u2!FTq>6eAEc|4 zOkODj-PKkjJ1|u%qpnm;t9_fUCIDZdU?eU^&H?eKr-H}!#nn2%vCjbx2?r!==THu@ z-|3zT_$;I~ed}zgXNZ9&JNt7A2xE-Mg-(07*soouQtp`_-y?Iup{pF>6 zyy;!K)IEO9(OV%gPaMvgY}BbT=^1~zGltlYk(ZOVq|iNNBh=G=3IU6I3yA>EsKdmCu7x8go@6mFI7pMJmtR0W%9zAlahl~Z`*b?VuMR_HW-^~g zZM1k@4#}ct%*6>GT8BrIHB&hw&N~Uf!@+NW;SFP@HL)bLjFnN9^TUIHT z)7fYIH zv>0Y(sHs|hc)tdzv%?4e>LyL%;886>z;h{kvXH#e{y*jAm_A?CYV+#c1&&{fK9ZYi z9pIVvq=z?2o32N*>$^L8scE9|CHTuBf^Kr8{RyV=`^6O6q>CeOL^+#ri~7{v4<4=Q z{V5pfDsKDu;C7<)cqTgYXIat{GAeM;`bJLc_YBU_wEmwrDGu>*B}G*lf%lT=Et)$9 zMI`7X*mOE$I#S%dr0LN!b+76vH1TpM2a~2Rbo%weTw?!Gi?fzfqUHYwcWZcx6i$p1 zR}kYe9dGbf-~XVv-$^tiStbUVo%4lh2$*UOyo#=3PqtlWQ=SpvMZE`pRX-%jVh8$a z4v*HVe2>?W2ut1qP5Qaw^TwzUHa5`@KC|ZXDtgnKSKeR2)X;1PUg0b`ia4`VjDtKl z=%RjIj~%bT%7DmuyAno~#6F7|hCfT@*DzUlbLMvbBLTMq_R+du{utC-eQzt1^P!{(Sh?gS7(W?*#AxqEng{J(VH+_VQQT2Gm# z*I-h>p_O_$9R$1bKAkxBEy|3otdr__^P?&z|F`Qqy^WgaN7vBtC!F^mR;Br1V`f6K)#Q|@zL0Z!;{)qqL~tV~ z#xGY$27x+z`Ae>@MbHaC^H{;iGEJ?HI|f#jbNnoR&)Cl6X|R)zkLhNeMi&j`INv#E z>dWj2bW?4hyoABRhIBbJrW)sLv(xJ!%n74l2xwDHAR;&x+wb^#iDa3YlVlMlo&|mJ z3$%yst@=C_ao*zSH8FM1Mo4VN%(bCaXk@3Qj$~_XZRai~_%IJ&Lkeb*pZ*l0vA0tP zhp(hee`<}fI6}C!9Piz(b(pizvXi9$-=uE=_Ww@$?)~3O--;3VzVqbYF)mHPwY+@V zOJy0fV0RpI344a71xvLp%HzimZAT&6ErRk*jW<*)SixzrchZnj~(S4bRX^T>zIQGFE zSz-P~7ZA+e{_X)-`k$S2rx4C6XC`$D(2NEfRTK_#T!j-n949Efm*v@KTsjVDfjf^z z1k7y>JO*n`t^C&Heagzrs@Uj6=8$Ps=_<>6gOgr~XW2Vm3N}KkhmW`{fm#qL5o5<0 z*IE+;8`Zw0|4#bO<=q6{ZC=%d#R0s5R5d#XgqZC%7#VffHXHEYTi;!?n1Z{%)Xa+` zH&E6g0ZiRgbHsG=AhIjM7oo^cFCls38nIt7968+uAob&oPRDFJndLBdG4!8M}Us;mex;kJvYb`eIGsf5pD< zb?X0*u!u zu>d_TCtAwD|1<1cT1>g_W*-5EWgJEL;ISOxVrzx`t#a)bf=$m-YRBqfy91JjHTxD_ z$gfSdvCefyYLamJlMIhL@=N>pMS$dCR`&r_Nq`i)sXJU56bT3l&z1E)E<>2LlWW?~ z6;W;Sl-erxvv6JYt)ht=-{9aETjty^By;|&7nj!=z(k|m1Gwy7QUMzwchr(HL zq2~VnFkjANp3>>ydBK(__3gN@X?O<9+NRdhQ5o+wPxiW&nrh=cPNB<2#RgG3FUT^Z zF&)SlvRey#>UBDrl+?T7`%5pwHD*|{$&Qs@TD^5SoLwL&8+zJte&VgRy1Tl*wwK`b z7uT<^SM62RZdw1b#Qlio;IizHBPH#5lunGX$`nA_vm-XpjzZW#_%%b@U1HkcaTNH8 zK&iJs&$Z*Wu&3?T*Bq8HF^hOh02xNjdYOgxelcU;$Vg1Rx?o=yau#uVFL@ex1rq+> zaNpO<{}=Zy`Tr^RO?~?h_x%s|{SWv35BL2K_x%s|{SWv35BL2K_x%s|{SWv35BL2K z_x%s|{r^|)yF|R~xNEo*y%m>+D-$Sv!{^?%_Ue(h^^g>EiC=`#p7({x$Vg0%=my~d zrSE9idPOG;wuGcISi65o-x73x%tB=3ItS1ck@(Fd(V^kPrT!&-n*gP63-Fz=f0Mq? z=xJ#8{!RLZ1xnv7jLe8+qTxX48*H7V`@2a4Ns11^zf0e4Ky3)B8r z>3d`rOE>D@rElebN#C4Am(&_zWPhb^?0-q$4u7R@jK9)1-@l~qaaEx7Jw^DR(s%0& zYE_dCH;R?;P4>R221x5)>Dzk~%3hZV8!k*D0%p-pEcXiQBK*Hd-~4~2Z#giJl~k#J zm%gFZ@aEK7@~O%HC4HwkO_<`~-{%}^g};>UJ%iNbURGh#lQAjvqbRLajEe_GG04~|eBKP~+Epxv<`Kr`;@YL0Y%LiJa9 zhEs(jmlI2Otis-GMgqBNh$2BDV64pZ8#9q;$LJE<0h)n=8HuQoKP$B0n9APB0X_C8 zZDl_N<*@mZp`vTN#&-c70XKED3oonD$eYl?^_fLUNlgV^f6o5P93Q4bkl}jvTMS|F z(S8roPM;7@6}B$|>czcTx8$<_+Sf|P*k{WNa|G+3q%2`h7aMmvZ$(9$_CO%RLd=i2 zS2zw(0k^e81y^5d#Sap3B8W{KHi_V0F1+G4lB0MK ztRuID%-*uXiII@jg%Y%y5kMaI>UVbbA)I7F^2tNPx(O>H><0X;R`aK^ta;~)XTMlR zkMs8wGfc^#Om#Y-b}QB2Hb%mV3Et4#~OflL}Nm!M_sg5m)WjlI%F&kA41%F9-vKG%~#rMvU`NtnbZzqKqSR)XjU>j zy+?;yFl$h8&XMa4h*DJJ=c_$5c5t;aY`uTJsg7ATzWvGO9=Sbl+T8$LwB3J`5-dx$dTRs;Yo4a-=yi6E*4@%vOfke|1{)y^=ADSRfKAIC)yJMZV~GX~ z2A>eAVss?ic5@QrLmo5sU?k5Ng5)1+J0gra!mw{TQksRVO^syseJsBkCXR(3Ehx4h zOT#S_ffp&SyE2iqHZ_VJ;r4^1KVrImV`;#2-(`baS%}h#%TO)Zt-$|h zo~m4cCx<9aW&b-u{lhNkm69qSfQ2GU$7$rcfHa-8-#E<{6#EZ4Zf<@CIYuvvGdPx6 z&*9l4V^6w`2v+Uagj0q7ol`#wj9!t2Yg6zXRP>aKF^ zDPeLnmS(^q(W|F{tUMu5yY$+qUaW6GbQlCw*-M{$U=kzz(^VvH7w!=9y-DF$Alm6w}&a<=+q z2ac^R4rewqW7aGXGtUh_12iINbNfMnr7k8AO@&e3_K*AS=}TX3mBq;;t})n+DOHky zKwDo8UB<}oJh`{(QEP$o`O6|%Zmv%>BQ6Y5VcT;276D#8xdJ_aS84>>QuNb1sGAc; z)%kft>U9_ARIAA%@kx^+Tikh2XcuP1N^r_>M_ou^K3)fq!PsGGC*7T)xvu$m_^rnI zwI;TJR~BrAu!Zx2(3EgDkxrhFgCZyNaGt#rSoDOs(A!q&`|J^Gereq)D$tay)bc}- zNyL)5XV!n!Ymvq1UoO-NoRVXROE^2t4#@QOl{xJ(Q!wY~e^H1;?~yXjn294hDOrh% z($ydrhW&65y_GJWY?Xe66sxP8F&2qaR&+Ey=o4*Mru&R(K=6;(rjOClk<4yR4WwOAolucm7XAf-SMj$ga` z+kv8YPQv8d^@;Rd62ER(7Y~t-hTo9J*>+0&pX4Q|i=qwNh zW922x+NmRmi@wD69Yjqua4OU9M)r;$>R^%fxatE@FnHg_f0Up-)s*pz%bHQlI}wD2 z@eed?=i!NBAb^V85jlVd>x^XWN<1)2UJ)ZsnJ$LiS)Ys|4_=n`!ySIlf-F@Y|6j_u z^Y!Ucv;SGf&Ekcej6y6sgf;hSn@T46jjNoKcirn5_bxw0CS8|_^-{ufG)iq$3*TSJ zD2l8ea|Bs_nMk&|kN2q1>^K+NIUi^7X^Fg>At6C=s@=icuX_BtgMgSi1qvb5WRx{6 z&c76PYb<+l$&KZnMJ3O!9WA-4FpniKB8!7iLL(ncB7lc*GyxZUN`aCYyjHf?%lh`Q z*qb21o%0CLXV43#;m9N3E#6DRWW2siv1K&}eXl(MWnb6-p_!^I^6K1&fY7-3!?W+8 zvkG{=sQCVldJz;238oA+qQ&GZpA6NapV|eelUi|ygv^>Ki~1OIr_q}7_@wTscc=$~ z)2aAeWa4Hcueg>duDx zOWM8=+gh7x=R$3U4#@buX>iz|pZ?a#LYINfL7!Dy^hPJCeZ2b}&Bgo+X z)toD-%`m_iMYqrggUvudSkmC9BbQ1gGiYS{cJgBoNPc^+0blA$LAls(5GPA>azbPS z09GFq1WS1jcCEq)A9o_^}NZP$ZUw;bP3Z6Mp0veH{m3w_tE$|4HISl#usGbz1uK4xwFg;Eb7kjX-le2dEUjV7p&_* zNOb-OP)gOUuhc);q|QS>+|;Nc$1#$1t8=N>VTPfM>L0$kVkP07Jf)NYM%n<4{9q-=N$XM;3)XoCz9~Rc8qrRY z!ZKo=-l#FuOX(bZpKt6N6$fDTP0@yLc8w`C>a27U}5!}E&sTaB2$LEPq* zy@8Vh@ar^PaBt-f7?4Q1%;3PAxs!rkC&K-kjF@P#BGIo}5TsOSDQ5K8LzZq>Q+1Sh zXaDHUowy^b?>kbCnef#yD zANcog@ERTWM?=rQg4a3Z70ID=V%_IRD*0w`sCn^RdExL>l`{xtBC%_{oPK%X?`B## zW-zldUhK@M$esJ>xT~X~9pgN?bCKQ9;EdTuzVxCCD5#7Hs3}ImxCC}XC>h?fG53)@ z5|+QYU+pMBT~W5zWR5Lb6mQwd1eMoIq-quFMK?;Xt>^+$mOjDHVSi=KlN~)dyL;uy z8r9xzPq=BG-JA)vDZtt(&{I|M;QdVN5bVD+EcM%Zt(ZnY^yX7n!Wz*57O44i-Hr3l zSYcBl=236o+8M;4h^03#!WN*wzOfSEFAv6_>NtAJoP2fvz3>Bf=h~E)K08} zpvFwPX*c8KhZ^NOP08MR)GO4*F zgS^uTwBOhU)EuVRTJrw;Yu)p>^)kc+q=g&yB9;S-{Yy}rPAL775O?bZU2V1+n=t=R zPf}%1BSDD^&i5K=6f1-XwG+{lX=i+UEWNxw!_*xp1APEm@Ed^b2}x;q--|T_#;5p-QH^VJ%#%!B0ufs#DxBD7apgbJhdV|lDcAHCwvIqt)&lM9KY%b z#~~=lO5-uEem8UOn_$IppSIG&fL5mU!GpUM;sns=rKNl2@NLDPhVW4({(19hhmLwhp=MS$Fzj->fvIz%o zy6m=T^glP?Tuuad` zF=1U3Id*`PG=Aj{IXy=EXhVsYwmO&Qtx87TDha?1k1HWX{+Y3r*ZOR}wqmQl{NsJ5mqm%Sv;?+Lei z4cyWphop#eDD?JusjbZYP9PdNx?bY(dIC2VE6Ia5cr;=bVf}24rL7Vs^=e|F#)h63 zDt#@3Vp|5E!~5R2GQ%H0{8@uZdeM+La7#5P3Q#qth8vk>}6uIMz^RRZWb^u=e z`hIsqLL`soe0a5y4LiNjp4GWzvUyIC+C;{2U&Pub!ZLRo^;$!zXE2XGY4cCgLx%^2 zKnZ%2_j^8h3On9euyU?bop?1?2t@3uGntafz}iuJY=a@i7Qj@^u@^jtQ<9iTG|Fgd7**-C{(&t& z^eS0F7Hq#okevmcfbI}(iP5?wTwfeXvB24j4z)D$lbA0L!HlSZ_Cga{+r2rI{nV zAcBJr(Mq7~s3OISNxR%)tcTu$n{`LkR3leo#I(3qfe&06hpVU$S|)vUUi7ubwC6~x z+kB+}{@;y-sc+1Fh+Faj2R%b>0|6bUH5P8V|0gu@r&}V0P{1R&6gwmOT2Y{OQ5p*a zvX{Ul3q{eToc%+yecgdQGXwFPcm}jr!%ZMgh!EaOx_;^taeYNDmIZV>pyzFmyO<$A zNQ+tFaoWWvY)LJihe3B>K)01&DU`Dvkpl~i9bX?@I68jk(F?;HL-wUR#J~NzOhvFx ztPgEAKmQnCjKPCD9LTvv=iMHa7axl^sZil9HYnb?pb{$^J~u+hairF+WYXu4frWBy zl&@)H>o;C{>BVs6nAn@5hz59IatX$+v1$|9@nUpm1@sMXtY<-@WsO+RPBD zxM$Z<-JBF6W6vxo+GMsykX>}Tccsu%<~8? zpgHkq1+n$Qo(bOsM$+7S=V5Wuq<7pc$?31;!p$7av_@b|WeXzh4Qsz+(m%c5ww)no zmd``V9P4BPEq!i5obs(}OBgbk(^u16GM0B@etauno@~Jcm?vX9AS}n>tYG>~Ztc$+ zq^)$4ye*g&Q#`y`49Y)YFruvpQDkhn*Wt+j!}xG#fsz%FZt9HpJWXWH_@ksbLw{^WPAwT}9trz#gX6{8_J->Py%oke6B-o~3^$SP^ z(WvFEW4!!8?K?zjO;IW2wP zxbeMvbEQ54vm@C>>cU=+2mRKl9TX#L3-WNPh>xSdGKdWgkDi)YDPxOkU3J?y>8ZmD z{kIyJ^Rou2a7ql@$xM41nRrSJ!sdXvTi9HEdEJ*_HafbB^QyUdHX*YrrnneGFi~&u zU@$)$tgc$khN&SKQn^&0xT)O>n6mE;mRkebHRkM)NQv|TEEtW5S%2h5dRFvOr^t-H z?>s9giyUxbl94(wI#!R2`ads|$^#PHs zWI`-+l&=KSCpB=-9fbGUZ*uk0P|%^aSfV(nDnrL07`x5woCrcPNb?g(s8@1OG&gMx&joBTNde!|jeF?v~^!W%Fi zmJ~xvgub|ZZA1A)E1yzl5clcaewFD)f$OS)!=0DoA@Pg8kn)lEz^Ljy|63f0)36N2 zul6KXtkNh@@Mc&7jEMOV#FAS4xl_dQ2GCFSE=iEy{R8IRAR37HXWTupz39tbj8*d6 zbQ1JJD+#bVieg!`$m)o+?ia|G;g0}IGcjlkh%^6C?`EDM@DX=k5>#s7o)e4mdSL;{jC!^O( zQCgO>2^I97ot~j~n7a?j@X7T?`>+Ma4=^TSExuHE?3NHFVB&X5!Kq#aanl|NF{wkQ zxb%ff$pG3pWkD%AvR{*w`(qa~t+HPZe{W+#ejjD5L;a6^qTs}<~ih}$4avLQ9R z-UWZ|kkhaW0>&`0Ug^H6o9O25N<7y>Nm#XprhsNNS~9h>boX-O~BeJKv)}mMh7TvZBjHOsmx*9pG1$Jjy&)D9*hCm5xVS8ySBRJdWd` z7t71nu-13@3*=-z+Vc5ZOvN#^HKJ13kOT`t_o2O!x#z`S@>`R>9QF31;$+p9{rwxx zhu5JE@;w~hN70h~{?2)T_fG#h%$+XHM2ZB|wsZk{+c#E07>bM_sIw8?%2Cp>RcsI1 zwu;);JtyiS>}Q^38GGG*?W4O6;BTN}^ZdhXlAFn=@lpeWLfyFnepE7LnBrjvjr2&7 zi|GRUlEK3?a`N6`NONRW-g>enstxwS)q@;X(#;drE+kl=#BsGfH#T1>@Di0=!P$W&gXau_csaW}=3E2wN&cXhVR z66Ce0Kc^(xEC>tTvN?Mec;I!yBvl{ztb**sRZ8@9_yODisNYe{(z(&T$4?=^+dRB3`0wpCd>R-H$}K~VVQ??WSo!ZlIDf;)$y z1du9e6zf7Qrwlkdm~gJ7II-Wl#<%Q0PS8CFt#TB-Z)hJwPLe~oVBHO6+0L)9y{*oh zhpc!$+Hb=xqe-FXns$*vn)!9sY6s|B9`e>^-ZBj-G4A3yYzIa-Cz=&+H<^DAc{K~e z<6qh={+RI5f<%qD5iw`b182t#DRCCycNAaHKA#E)Qgm+OZZ$LYw}^mde_xsk;?gD@ zoG_!oyqU>^gH?!ce@O8{KKw$ymWTgbkyp|GCR}&r-|?Mr5h6?;1TKUt0VYJ2HBn{D zWmmgJ&4~iGUslOP&$YP*<;;IIsS(uLfNb+aqFHK_9VfG%i3c^wC(;c{v5fX>fyIwD zxsJ2?Rq;iyxx`Q$q-mwRG)GxR7rw^&l5-EStuLBZu-1GZ&@pai+goi<%k?g84x)cuV19egD@0lpn^C0nF zj2fF*tt{H9)A@(|%kHn{2^pAXSX@25iuhn*&rAE~tpZIL;rh})xS%XQlBI>m|8|u~p(v;Bq47wnpK>%!d z1qQL|^XcPBlrRC>{lojaT3fNdpXHXU@LUNKc+=4+BG)qyjM(dFSV{XPu}aFiWm(r{3E3RbPym!X!nZ`W?Jpfst-lAbUtg z%{XOZP&Y3ksOh0WI<45Q@!wTK=YO$7i`?%BX4fM`1pm={E(kp=L};sAaf3{=aWI0;rl5V{mP>| zI$)9H2Q{9dJ8!!P6f6APSZ62kST5g3+P@uNBi|j98)AtGXSnryDyIZQ!1TNcqr*qC z&D~^S6PR}e1}FCkC;cS$DPhl>gD!Kw|3m~^{@L-^NGnzK7Q2PuhceG}zdJ)=q}xMT z3ztG*0;{JJPy!2Py6f);SrbSvY~<8H1D`;#g|c*R6b$O0JfL_FHpOTp;`3t@UC?qg z)c=6e&a0eN2sg{bW+V#uSHGaRnHh^^$2c<{~AAN&y&Jn`HJ zG2%#ockTD3jZff!YKeaI%$F*HH2Rm!76YT%)1hQNk*I|p#CC#H2f)^8j>OsMDYA|U zS5_5F4hI{m)uGzU)M-ws&}O`wa$OQ(XgFk4E<>!|ujug)3d<3MN<2z8?iz&oAP&Vy*Y&I~!&Rt3Y ze8`|AIVFiy#KD<^P!fA|B(&0uHH!Jwi3)gAnZNwdrHL1P+|t%NE5ceDaTVhiu|wIn zBn6ZCd;6dMOvy=j{eQ?=0&+P~msMgJyxsumaKZ@-{bOiypBN$jQfS8PQdrJPDAXI_ zrfBwn&8aw!HO}57Z178AdxsK9;a+r?v0wfX$h`xWD4bL)c`!T(oJf^%60KU0!g*m~ zW)7Y~K5#vQUjhL+{R`lr)hBv51LUc=b(0hJ5D`Vp>~NN1P;z?~7_O{vp8@feBKgH# zKeZf}hjz}qKqL7;yI=)CWY%k1zxL4cf&i~R1>Jwr)Vynhj;vhRSs`rIsM|n(9nW<9^IOa|IJza4QX3 zeUpNFmkXLSKi|^bnv^!Lgzk1nqw&P0(Q!-cSNeVu-`xylOqjEBKJ*`ax%H)q zBfIR+31I5Nx4%LF0;x$Z3OEkdz$LD7AF-| z4*DAmDncKgJ@RM8pwypKISXZ96x|0ZI6Ml&p3#SK9 zn(_*?DJzkY*&ZE-=;ySF!!G}M}6euI%*yR{M@34e# zzM0#KIO%<0VcQOHIk)yhI2$`d<8uZjOr9hn#FgTZXIlR?iLv+n01HpDypzRVZvu0a zuC4pb3AJgZHr}MdYo#u#j6qf;7ZsD9i!jlsBv>rRjRE18CDabI9@Dhj_y%SA)i%JJ z`>0>VrbsR6$RSC=+6kRN%YL(}uwRAXFg-xg``fE(pVEQFv3D1(U;aR>Jg7G20yl|G zAW7aR>cw!@U|^w;o=XO+865kKSG5&f`Jqe2{rH3}@=z_u4HMY#!46C9x1oiEw^EA2 z&{o%gtDD$vr4wH3H7+7Qy9Vf^UuMouc3 zCFiTTC|(=pTib6oaFIK6CdDIov0e!nVK!uxGUydd$}Ulv9H$6<4S2J<0WI>=?}-L0 z9ltTPih3949&0tHv3u@b#RT3G%lrHxkE&w)y#o?WUz%^LO`%t!F&GG8w;Y4LG+}zb z_E&wpDSsZh{SkO}flq2*MB)g6>Xx-NyxB_Sz}~29wY!h^o<9=+oJdB3id=E4i~a!?SQ$TT|*fO|D%ufrn99QJaH{Z#7_~IJq-Za zt*CU7zuQo2s?V81)WU1EMp(}e$)ZO5OW+f)D#FUqPxATfF9nu*=+$ud29q5%P&H-c zYk%clD3mPwnBr-@}IUSNwz9;g;V% z<+4?@l19*x8#j>rT5rL7Dd9z-RU?UXZcJV!>vEnIp1&5R#GmWWNvi z+L}tz!gRt_H6hoaX?#%UIhPu?pB7|D)o?;?pHZ%+&tvKRIJ9=9_Q^&=YB|p9EqK9Q zJtLWR|Bc3;*~I@#W0R8;?rDx5%#KzBu@T52=gV&fl{bNv%2GRj?CvVj;0GFDD)N+B z0>E%VA?%3+>=Xthom|puXyRJrybvAD|H{~;5Q)a%Z1g1x+C=>VxqU~&_KfewqB84{ zY{IM;Bu^9mmGg;4AHXDlgupJUsxp|2Zfx)nDVz zM)SVH<~r>83hxc{lG#-R8?7JAIq4|gbBx2-*Am%wt+kC`G|)Q0 zSl}g6t7E5Ph{(zwP;{)U{T5fgkC78sQn+V}xdyX28@jL`=6P$f{GRT^t<@T(Pcl85 zkT_K@b(^esjJOTHF<8aEeOL?=oo}%JI}_XSi!!IZ+I`k*gD!&$=TJSf*Ak^ySEI>) zvFoQcjsK-Wh7W>;jiy>M$)D~Yqzmk$+z;*N55aojoi{Lj&-p%ee@Dt!N)4(p-$p5? zI68gM8DKOtFHjYhr|k)izHfj@-SgrO8IZ!}O`{m}*!}W4A8aOk=0Xz!}iSmXL1> z)cX?jR`)$}CeYQQNQ5P6{$fVfbY7g*INdUjX|PsPusBU0N5|CI5_E5TOcY{bCx0+& z(DNBIw{Ui2<^d$goo2wN|T(;=7UAtvN#HVrNyPfaCNY-+*W73a2mK!WpC6M zh;j|F8qY#pT$=0@X?)X+$=A+D3=y>FmS-vJuEj|1FYbpmRR}>pJ=`*c*fS$2ms3v$ z{R6~(u0_hd5XcQz4gQwxgtf{5D;bb;5B}ZR1f5F>7bU-&24SUeA5OwDNd#p71RaNa zGE2)xm8S0=;3WsJh&$9#S;k&Je7G79m+8j-@RG5tuP1AOnNuOw<`ilOwd7#9)q{>L zDdF2p;w`qGN#dR6*B!m(k^Qp-GJnM2VY{&~!K-d=2Odu{5pCkTTqc5cX3gOc(ZuGq z7CY9#=pw&eJPF#Y7R)f7YQT^jHfPCA{1sC)k|OkOq%$wa@lZd37sWBFu#&2p$_u8i z@>a0z&eWOGhLUgwnUi{7@5wW1*&l2)VQ~hvpdFjfNGaGt0f~SR0 z3+XSVW!L(3-#Gk=eh_@fl_3;vcp$BS1wL?$;1hOp^s@ZP-~D;=U6mu7#dOY#Vf+I$ z(q#$M#?Zs$R}c%MCsiaPThtWJU{wY;gRyrW=v5auyLopAD8?Oj7C|S0qum|xlC$@J zomM3|J^iiICCshh7Xe41vcMKEqH^VC;+K~EjHkp&53HaBDc6Nm6o7rNj#1{kIDV4C9<)Mx;B2`=^blJL;gl?IK~9*6mL=80T^vS0+uOF27SN zd*pHI;Z)+=r+U^<=Ga(8TF$(iN0@CSau;`u1DgjKFF^kV_T9-UDd=}F@Lh>+HglE= zV5sv{+a;)&TG7^|sWZs|kn7!cP5)VmQ{C|iu#YV;4Tou&kvZA=j1%WSlH)hxl+CF6 zrG^noyQ}0U$@cc^Eg!r{#en5N>v~3=3bBO=c#MnUpy7l_ zovVFr+%r#Zj3oRS<_9k-D56bCBd&wMZ*BxtbK4Q+Wa6l1UnhF`XJ!mwZp-K(6kPd=7{auL3l!>Z}G z5g@fw6OOaymF*D~lgB`!%44WNSM{rPQcO=%Tf*{Qr42Xf8 ziSWTTbOm@>g-(o)l!=PTf6WE4p{wo*7S%9g8D;3U)s^&+IS-ssi22|XBTlX1NCs6T z?p`6)AqPxcauJ>YPn{Cz@5U-!GTM`&sBAu#pm$;Snj~%)n{LdaljG}N9(w|RiMQ#k zE>Mb2DrKt$`D-bash;FG@7JrZ2@?s)k0Q65I#*3+&Zj@#mx4l!v&KeBz>=OMUtTrXXc)@w`tp z7wcm&KRH~S@O3Opp1&mHRb75G@&G(6zLIgEIuDh@y}&Kgho@H_7NKa9sX0l`t$zdO zw(&IH_h*NVaRSq8*r}BIB&T-JE-+3f42;wDTasD9c&mnJam<**e&?|R*GDUPRFb1% zeYt-_|C%vG_xk5wld9!^n^eh{X<@7Ih;G1%zQ7T}$r=DhRWPC;aKT&&9{v+h^wmZv zzx&wIcoebB;^T+VEHpJ>9(vA-*8I@zwp{5 zkXcYIgUv50ml}mB5^<=Tq)jPtYYOCc8RWYJ?wQZ4YO@-Wfh=zK3huWs3w=GLeYT|fRAqd-|G6JK3 zK_o7QoIGeYR4o(_fy&UDY17e>kpP8*w|>0(3KbJ;MXcP*8SFEPUV$XdTp<_qGcP~| z%g$ll*sklURs+YrV@^-jeE#ov3Obag!ywYsSvN9;6h87$O-M^Py*i5~oTLkDYF=|KrK5iHCHdAf}`D= zq}Y0hOqq-o)1qD#{uQMY1xv+yV5pJb{B{$ol!M7cCvRJbThT!Yf2ffeRpw8J8Nn!h zm2A*>y*xAYrymrg<~L#>5%vHSAM)V1IPj^fV16{mEe|wmeY@-#Vcx%Ne_=>Qogywp za=EWC+{8?8PPzvWaFpUEU6-76QouP0u}x6DUGuj|m+&QKIB5}jKHeNSp|bnW300oY z0r?*G7AW?N%;MG4mzwY_Sf7CxUJtmg;WWZr?}8c51My(OvPfzc%C`w}U#Q*#zO6sf z4@BzpB9~x(p(mW44#%j(bOsSCnZ`jaObV0=i6Ed%*McLUPePc)_nd3@`-_WIPN@-! zvtS1nWS_B${lRbUZ5qvXqoJ0-uB2Ca0|{=HhRsML6S#zyS%{kb{O(GTEX~k`u_FH< z*=b}BZ=IuILy7-u7$~eOQ`g7y*O-ULpMMCGR6S;=oMD8)n>g{8AJRhADkcX5Z_TeEQhl4z+O)*Ho=M(uuBBngJSqbb6U-FCI|_Ob%DMIU+J zBN0%>nu!}=)u2<2UMn#=Szm@Hvz=zT(<6mSeIhrPzLN5*a7Q+~?#0)lfD}wFz2-a@ zZb(NnF&xc3$n;JaRT(*)S0!0s1VDrfA zUt(MT^S=<=pB})LR<9dWh{6M5e|Hvs&t(jvUnKAuySaJd6sqOh-)C$m!Fu~L>UFlx z?tBH%VxlbH_H9y#>JT+)ytD&%XlTC_LjlF3y)3=h)t9#4^_^S%xUF4+(yX6jU$2v& z(tLS9WpTJ(MfjmzNqJIqJUusJ5@YNq){Er(*VGfPF70W`f-y$KFtRXo+$NSOx+r~k z$~cT@YXD1ShNVGm$B zvbDfn=>#T#5nWS()I;V76l}8Q+z`G^oGx*}2pliu{rJGc(oCP@o$u4RKivzOc6Zta zpV}7IfzDNpO7N{mZm2^>vrE6Us10bVY={^qB{l4(0xldsyRv^r_P6%l>qs#e!-`#x(F*!1Ev@q# zt7P}9lBdB5?nOheSygTF_drR?NIp^WnH`TEm%gGaDk`;5RRTH;C5*S*X}u2`cav$x zhbwk)RsJpEPFi`KW26}XR2}%TOP65BU;b9x2HkXK3nV+bRIpH2_A zwE;2k$9VCmKL2s!@`ceVT)$mvKWbb9909A&!B@WW74SZDG|vklmi*F29Te=I5+Gt3 zGgd7|o7y(z`yJ%ox56Ij=s89nluZplHk;4Lm5PiA!(i`dT3L2s+w=%YQGP{&^TYAw z*+=?udfO&Ar*}~>1k0^76#$y%<(S}@SU>1=bn`^}7|nw8mN?J~W3~bbb{AoggujKL zc76>VWJm3y(xe-fTo$EZeyKIE74!l85)e0I;_y#;AXo4`fTxzIOV?cOh(@PKz0`Yg zsB9fdR+E7Xijn`7YP~v#aatU_SgbqAxqE6evow~Q9Y<5{PoV9^<@E5&ephd#$81sd z(}iTK`-;!iZ-|J zngxX=vIp@fo8-@WVWk~a#8EZZvxQbVUbYu~q<#uLJi1X%HZA$0i}dhq&-crZ-uwUx zuJ_BmfB^H%4>wGOkF4MX)W#!$Yrf?(={DxnIk?TD)9rer<;lCg_dyfqOP1r{!nP?8 zRwo8dEv9J+kn77o-6qIsijVLFY-u2`ch)_Q$|G+}ykYUg%=0TvW?b(pM_us0x0M4v z^O14wES~oi0^To2jeDN4-+ZsmR`&uBKQDJjcd*u+cFty}iM>2Srto`W-{mJx|91B> zTm2v_D)IIQ0;mm+Z}>koOZw)T@hEJ>)s*DEhZ`>|S{*_wi(SIIjBPJsNUAp6wGu74 z85HX&U8C|Fbemu??6F28k41@}u=?SZ z7Ntr{y*mVm7B@e0mmem*dXHqsd{CbIbW@5RNhO7wi8Et>NGLw z*>rKz_vRN^@_vSld`ZDS``($x%>eR)X70dPLy(}YWn;o`G>B!NRCA1|$_cTshh!{kJ+<i(kk;<@VXZ~) zImfAf`|{aWlB{(XZ@Ew^TStxR7cAx6PS62T zWYP0=4f6L@qbYvCIej=}%OoPbTXo`A(jaP!x3yAb_>>BCGMzC zyk{pTH=;=7pZUkmQhPuOCvDOF9u$S{x_fJxOMl*#KkGNOzLV79 zHc4GG{uh>~4ah(P{@;Ig_$Y_}fdD+}@c%BJd@Nx$TDQUzD39PJ`)-NnYuNbDfayy^ zbu-YQu!d};Ry{T>!H0F@w}^a=(M9w9pN9d42XF2E9~=MzDBS;NPrCcRi$~LLK5z!d zY{5pJ?_nO>!O_{NOaL_aD<%>ZCjkY_aTvKF1{2PQm?G?9{z$(Thei_aCJb_SSwthw zMzR|}?EkR;xj2Zt_M&<_vs)v!GP6T1z^$C{$aBLc6OU(WOz~|ozOJd$znuyes?{@A zKAAu}aVmX6?QxVRY5SR6)Z8wLpUSA14X%((=P9&9{G99YtR5zLTrs~6Sh9^In_L*W z^yY53OzJvj8p__YFp$fy>#H?u;s9h9zAk_W_ChtB>{xhF79CmKh=OF%G=Zr2>1d;m zB38&#IZ6R?S=;6H}%{t+ouH;U;OfELT=(;Ds9M5^Xs7z#%J{lqZKwMzM~l(&8Vaq zoz4BLdTR8)D_#o=j*MjW*Hi&F*ngfpdX~5UKYH@Gv;XYmv6B7Ki9W`EM()(3jPhkZ zPw&*Z5vk^n_4+_1yrSj_-xr6@&9NILE=EJ(TNYt}wU`_|VSE8OLOWo3@+jQSY?E^U zR$v0E`kDo7>P7`;iLy4po16x}5ixB}GEF3VE_%XxJ?hyXvpyDosN#tK{ByWos(o$E z;zyW=bRO=>eHmz*RTUIa>MRBe`bVj!*gt8p=`n+*|LCm_MsQ3H#LIA@vSZ;W$LBAO zE?@NaoZhczC*ofxFJ8TXfBjPsJLz{uU(G~X{8O+FAu{s(=_%+X1Z#^PgHq4Txt%u~ z0C^I`dG+vG1Z%CHgDS3O3qua#)fk2avbc035m;B654&>zR9A!gRF#8F1ar*$$-nps zuZg8L|3Ksh?#)l`l`4p#{m}Rs4%_w5Q%CT(`WVpvjq3n5`2X%dJ1F@7KYiTgf8NPs zr~lnb{l71RK3Af{-PZ+_UtXg=VA^#%bpnl?($=dNC`bOH>IT-Hocj8K+In_TM^Jul zNA(1&YUjymXzx`Y+Zu%0VQZ%rVflDQH3_xdyx2u;!n$&U#q!9N(~ZBBVuP9ESzUB6 z+pN9fgV}MbiV)`O`SnXcjpe7%edWiJ(TnAuur~}s=DP3a|xD|1H z7KI}h_2H3A#oWrinrmGAVg>W#!~Zat$)tM4s!1*A8U`x8JNRRL$u&9p9WA|PS!K=Y z2+{a!R9iEg!kXVJB9ZLL%mQPUB#W1B4jVhgcy;4bPQAJ6AKTvko_U8Qt~}Sine;e0elc?1Ayzu5FIY|wb-%aqS>zzFfHFK!TkJ>PS>aIC; zO4V+q8v7dAU~@rWtC?26%*UMmub&6DN&mBdn5X}b51)1Z-#dBi^*_5z5o_WB@>zL@ z8ZLjksbi~LS-udlqI>ShQ^5ZNz;bhM8iY}6xUNb6^K}1N7XKeSebnXu-Ocm8bH)-p z0x@6(hwr;{GjjuHwDf!|CgT7Sy=GIuIrqMIE@xis#LES-=1vR{@tvt3j<{kLTJKS& znZ#SUHe{V4QJsQ&g${%LaA^wm2GhPM5bf6Ke zZ@F-;Jl~D){m(&svw;5{v1|C>WRCw1VVrya^ZyM!-m%CFm$7qt@&djK+$u)Y-Wzxm zmkoJy`03tY6_3M-JG_VAI6raDUmTsheleI&?xoDtIGV)6^u=e}|HA!Ob87D!_4ohq z;K|ed-2H!Y_^7-8J9)l$UWgMQ)U@%vd;fdkFdy#9k3HYLN_zkKzrFd?iKFq4J@ieA zpAUx-yTSW5TaK2%fS~6TMu%V`xx#rW{4i%;Fl2E|FXOQ9hg0|;6d(tSVA=z8FiB=V z_73*@*`^Rwj&*#qf&I5Hk9Z{SV5Xk7(nTBxp{DE`w)_L>x(s^-m zdO3J_@819T$0cbM*n&Li5%K)z9u7Z;he~2Nf&*Qh zUzQ_y?E*>xYyn-9u82AqJttCX<4m%aQXOqhD=liB~>?7r-3> zL|+)7akFtIG_O-W1d@|v<~robd+#z-L*tJ$4NeX4&xkYf#NRs~^CN$Jo?YeUa|B!s zxFDQ6=h98=-cPsE`FJlgL-ApGOwAAf#?|KKoAE}yAob0OUR+ZlzSk4;e%i;XW9?%2EXV5Pt-!D1ta zIa-{2y62I$HFOwg#L1xSYvqwf#hL1F6MnbhKWR8t+1RPGu-VF$`{utLEW(G4|MAb- z#yNLEt6pXur1{|O%8er6xu98`U?x-S*6USu(?U_SoxH-_7TD!{8Sq1#=>>c!{feD| zX%)STgBJn{GIKh;dJ`sRksHIVRL-vu5|J5VIvZ15d?Oxf7@x;dn82$LL1eNwb=HEC z6RdKy%Ag=8)1i5MsW~s%&=>RywOY5~(g6kq#t!L@rnzt7!i0$B07IWC?Ks{dZgZin z7oRkljWDu!0j&}9|Kdbmivi>ksa5)ol5y8K-5Ix1v%8&(uroz4XW^t`w7geOcF3OC ztKM_kqP?E(h}3(2K%d0HQ!hh@yBRut;&J9ElTO?Ox*#xJ#kgE63WYah5{_dmdpdR( za6RzC`XK`;3nmy3)3M`W#VS;~U_%(@6%7W_Jk`;5Sl?VK?-Brd3wXp~r!O6~-Z zmdG7*%0v9i$QATnkn#P&v%&rz-Ii=JS>kkDR=)L>=EmGj*v{vv{;may#`?#^rQknA zsoXRuz=>z!(w{UD>52%X;wB!6H+X_oC$w;lO0Rxd7>5qW1EN)#MjWBw_;?X~x0LW_ zf{4|C2UW*2a{sk-m#zv}%B<_jyb=wiU^Kf1r2)$6^!Bqmi0GK{5Y6z)nNc5a4B()( zT_BOV{z2{Fwd*dN2lj{}W!eB=C~j)_{TTSzpub%7xj*Z}vi0O*DF?trhc{=DxAJ^< z>b{7_%;$QqlFMl_-dL~9HHpH-KlcBb-JGLWuPS#ZKbnjrIS<3+XViP$!X=xRTq2{v zmcdc{CJb<}O@{atZoYm5_V-P@!`~>Oz@GWzw}Cgst8#mNCW5e%0VB<*yS>=fE5V%2&6p#2n_;%rz)vsEM<5p zw5W6lr4!bJW=z=a>Ts9x-g*klT6UaUI}zS4K^zYiDH6Dhuh6_$1t8I76uAY`l11IY zay~+l>Pqh*6i|m_wk*=5=5*SG zTT~8a#eT40ekjEuMI94y2x5S|ws%nRA^w&?vCda?P!>LMwv1=?3&38vNn?Yzl-H9) z9|P1C*Ym0b9MlLf1Vj1UySj1-vGbv>e6|8o z0mny*`g^b)*Vr&dh@miq)O0!W2F@8*^&`vv(o6oj9HrX-5RW4w05wDYC(I`nUy0xx zrmA|HsrC`x4^{xH5*OM`!=oh?fzKU>S88GLksyqft+ccQ;6 zd~MqrOa8&#=qTwcVj7}TY-zmY=Y&2FNM(u+T)6>Bi;2Q9ZgJH_8nlg#YQj6O7o?g1 z6W#mRR47F*Dnu8!NQ%M}RO^ruCkj^{vglgOJ{(m)SDxuy#!_rn4O4p2IFuZuL28lI=r#wbVF6?X1dXJ zl%clT&(_qP+thFFT%oxG4dzx=mS4V(vbnHovm&u%oEkD;+$&h0SPRRQrd70rc+)ZB z=P}j|(z$<~-><3bSu&GX07y;iftyL%Bjgs`$p?pfFVpnG;0kaceY$$lUa3Lt@je&P zmANgIENZ4+tS_3EU%AvGi+<7+y(vGHiv{3n{0xJw20)K^UUwMAjj1A&^AFKG{Xpu{ zn2kRrf|>p_B-iF-IMz!x<^KAfPyU0L+6OVUhh^&wYKUn1?uJwlC>P!^ej%hto;@$6 zpp0sOc)lL=wga{-yh_29t#X?I*`p`?oXMBK!^`tEX2Jc0bGPt=yW&g-@_zvd|4w>x z;ggMa3QNO8AxT*UTUecpw9G&)(8ySDh_np6so0U^7vb)O_>ih06~2M__c9|7llfvu z3G8~MlWM5YRY3&dEwDFmq=;CESyk8U(o`stw8&Chg!NJHG;oe$#}8rJET&sAV=K2X zwsU;s$ay*fAq%fnl6F{Tc0g5@3mhzx-@6~<2x1PXQX(dEbemlO+`yFA&Mz&?ZNmyZ zIiD)n7D}F!5+JSv&S;y&Jhh54ig*m_zgEdr9801!E*X@#ZDQTg3z)0^8bPs);m@Hq z+^~LXs_aJ*IfCFLJaGTD1k3_EqZ&W(2C!z|yK?bXJd|vO1{#B@0_{Up@7Nu(h1aK_ zzAx7C8EAvzjjUgeUJ6B5T1~O`Tkm-hV-;`P6d2fE(=VSHgMEuNk z#hJ|)Odg)sbc^=HF~`Pyfc7B4=hzGcz0yi?TmKr~@S82D4qa+)O@&KJbDrqu@&EV# z`TwFZb>T(Xdnwsn`kF!wTi^aS7=)Y5SfbaD(OB;(?MlQ|xHUPHfo&bTI`ZQvi(_}% z&np&@{4iND-jpTzWh&HPjR2bT(YQBRu=2P#J{>6z<99KXF2NZIqa)(#7;waR#`*Wc zNDl-H17DBb1w($_zkNs?NCq*}o^y4P+Di$P%${DVWA02sAd4s~NH!_+W#pv+(eE{% zf-Kx@q%S$c8k1{%@r^Z2uf@dK4ctb(NwO|ku37VjmYLdzS$yy_yy}(1H!a(qG6x0u zmg|FZ9FXGeCz+9WpX*b7xc zXp8$~Vn3`Xpkr%CtjX5t+yQ%HvFuJWxD4%!nfy|ks`k;7eR;q6cIR0Wyq_+KY?)y; zHCNUol-gbhKvPnwZTbGI-2OW;s5R6ZvG?|`tJbiVn}0fBy~V9q6QSXB-+2pMb)rpE zR48rV*}*omQdJFPX|1Xn#?ES0If{Yxs+SV+C6i6FewW_|cb?a7rwyjpJ zTm~ttHn(hp z;=wF$|3L!hIpzs@{-e`tP7Bhbbbr(}jHcA7AR1GXuRFWUAAcy+;q}F3PaYpU>hS+Ao{Ihd@F5P^BA$iG zhYuSc2K)Vg_U!OUxBt6%O!gm5zaLT+{0D48jKKgK{r}s0*XFiyZ9#N@&aYrOb1KP{ zCB=Dk@A0j!8MWh1dv_i#JDtp_UHc}GL`&>YBri$Xai2L=_ixPKn_n_(Ej$Q5Bmy)g z+i9TcoZYbi5Lf`#`_cZ57Wxk-|EyB~;fJSA|FfGWbi$Mb!;@!@YFFu#!1+Mr5DpH# z|3xJP^g0hLNir<(iGSw>9}1@%Ua?Ut_<&6>z`!R@5XPB zHw@sONwdM^`q29o1m6u^dC7@dtp{>&DsK3O2`*KE3rgUtdZNHR%obc}*6;6FS|Qtd(X<(g1#kfQ{}2GAJ8UMt14d@r>d3hSvs%$jsG3Dxn`HV z!(cE?X9JOAZXhEIetNlV>?^E30|e?%o1aU${QLT8=<)niemnL4IOom3s%A0ysPHZt zpohUvhv+-e*lppnFkk#xbUUbYVBsr2 zWY^~y&N~Bi{H(sW#7_hAKjJ;A=TNbg*B80Y4dKuu?}J)@-P@pP%jkg6^mja~@tZfb zUz*(xYN$kX*1QWgbwMWrBu`K4@G3hCG_91E5iI)*Xx%ig(mIUlRi+GZ`E7G>H)}@x ze|OfOS_}XG{CTbZ>q`(A9sj?J=J&E%AFKM`=P!SF;rPE@w43vP z0VSiwe`Uk3f9C{H=Lfl)mGrWLH&3#095r%>wQ{xC3i)F&_ah>4D+o6^^Yu$PU&QZ@&Rzqei(}>S^y<2lg4W@eqB9b zPElbBfBi>bzI;WQ$NBoQfByH!|ATy0fBI<;gN?5Dp8N|#NHXy(tDilm2^zo5UH7%0 zig>RY7r`gHJYZq6U^;)90d8HgGME7D(fIV_M(FY8F*RGA0}6^Fj>T`d5~OFvGP{scC5a*6mw!W zb8s5sY~t?p9X-OW^S+3RQG-dol;YZ9VgLdQkB|tmV%vOwG1hb!Q5!?bgoHsR0^198 zK#2zDQShglO{GfVDT#RQAA}oG0jl8(qyjS(QZ&da(q@ne@!#@*#K;sEumC&)4PZjqEigd^CiB5r{AiZM z7%fHKvqU<)Y&8M-J(Jm6@Jxo@5m81;=a|fR?9NF9e_i_F5&G6{8|(<#Y=9uN2Yi!= zUmnOISC=O$;&0=LX>Xs>jOecgItD4;?i@Xi;Z10rs}C33rpJq|;6$2#uU@9#GhRi5 zYhXmeco47QzmLz~>&fFEW5OU1dH{YHM>-V$t73znP)t;15ZolL1j#i&Y(`+iP<_2C z`Q795dM`hPzF`(FX#(_^%g>K4qG*#(Q zd90cm^pO~H36KrnG+Dd8{@0(zN$~sGo6Wt~?dA0+4~Uibdm3`Q#;GU|+vEFyeZk3H z_#k7zsbi<6$EUZ}%ci!l%0;SbpviXYhmra@EaIzjN^6`NG2oQ4;nUladv064=>cFX zbceX2_WqS^Xu%m97K~9$37`^5y~_GS5tK@oP~{v(j4_j;&?;S;!SZZ2kBw)PK6z!< zyRv;;soG=(7HCvo#4=^|Aeb3`!1(gX21FJGK2k|_*+jAK0n=|KXXSVdYoxY0cn#-! z#jdxto6Ph%HSUF1ttkrZ5SJ{Kv3UKMeoU2n_>WH?cqYM%^82G?Mx_Ucp}$3Vub_B> z1Y(9u=0VSW?+e}RFEX=^P-@U%%j!cs%Pnh9w}U}|0|Nl3l9d>SHk`+#SEA6EV?&tJ)nQT?-gzAb}nqZrZD%Ep8qkX<=JK@IEW z+8twhrL8gspX?lDKk}B%!tlK`Y8%lO-^= zh#=W&7NB;0wdQG6BYX?t-- ze>ewlpPi2}uifjTQ}2^VbmN`O@O*MiOX>@;Ozl%am?a6X*Cur}x+=82ft0_r0$N8L zCWo;!HRe@%N8}~$!XfnggU}`CU=FVVt#v!}!frJKCDIsn*W?F-5msxrV&+R1?o8^x zDZP(miYS+^plgz+<_Y|Ga#|&T+6m0qb}Bc1P<-B4Oe0GK)<|W|CeqgiusJ^8@%fG{ zY>&_9Na6zy>w+f6g&B~eL8V)N1TXKAO!UvHcWEE3Gg;|j?R#Hf$QN!~k`IQzGN(vz z2xfcRaR_EN2y-Vxie}AT+IlM;)9LZs5qb^$ z@B*IcG)5)V(b${NL|k|Rz={GCnq5v9tjZ-x$imOHg%>3=p0q}L_1eU8{da1J8f~9 zXgq`unxll$P!`9)bK{yHM4zT?Gb+%C{mHqFT&)0yV?_j+5Lxb&5<~ON?ejXhMPb`L zjsy3olktNxe6ps=hPfN!@jz_((H#d~h zYD=Xx0iX+T@;8vJrVDi5l-FY)74Cc7H~TG1_Dpu*M=L|7ZXhVJVQ00Be!*z2sx(xX z4on`EA=xoo+@R)|)Ye^h0@~2mXqA98Cv4K_tSDQVdFTD@T)M=VqcC30diCfsa3N}1 zy>y1+YF(z;^{Dm_92sguS=g)RQ<`QQ!Q8xHUB}GkxZYgBlSB9H?0mcpg>xLtrV8OSIQ8dnKiWNO8s*?K z8mu7+rK2>EbBkrRo~*GhVb#K}57d5dtU9=|2nG9eZl^MU{sQNS0_C@=H+V!E13lIf zV^2{>P9ZBk-e(3BrRo)?BzD+NpjB_Xg5A%)%3?bhD67d2Jg)2-P!rIp%OH&-s_C8i zei7`7r6Y$h&5$kGpK(OxqF}}WENU>vloUMJ6~Qr>uK;W#34MU>0D2A=`7(USEw9)3 zH*EpyVj^w9jO~xB#$=Nlq1~+X01)!K(deGM6{)KqxA~gAdyS*6^B;HqTT_H#wgBBl8vg1n;jo2B7eqW(I8KGdjbq{PxaVRiA>Ik`4zX`D(zArZZjLdkIMHDZhcz75_^zP?lw@R#w}1-D~n{Zd|&M?34nFuUksuB2C_;@EoPwMS4!7 zmXDcvjY*HOOn}K?00kNN@WRSDGMih^npA#+TRI6C-dL6T=PLETUYe^@vHx!$?Nq8b z#zPX`e`c-SrlrD-3;|Wha1ZDvZa5|)odyXDX`GRtsSP{AQx={WiP?40i{LM(kQ6~a z!i29pT$8|}-DTT$FW4;Ds_%rQvL>cBtkiDUs7_n3VxPVX*2xk~RxA^L#Qa2WfD4Ya zX&gRq_`uyW#^jiOm;#Kdf;z_9knJ6_IQ|F;^7}wE!=?-b>;N1^yWVlNbgv z%{7LV9RjzzS6$Ga_gF0U2`0Ja2@fkM44ARUxgRm)diE9nvtL4@PjGTB7R;noZ%@uB z{$7~-Ftg`8DolDwJo6rBzV9(M8^AvXf#~_9&5~^{xL6$o4yo+MV1%@58V)hO&=MN$ zd~4|fom_ZJI9Q@VwIe_|xPA)z=(Ru@<+T*hm|wEM@;!^e=BD{3fw&m0<#L45C*~jC5?8A zccT1L-8i3O{01S{rH6J>?)J9h_=r0p<=U9(OtX;ejNld`4{Id8JlV4#zrC5@R+iQ` z%vxQsD^>^(b{TrFw9BSdYzIP4xhr;Tk!#74VsysA#9S4B^0S>H9{b;cY^j|%54-}n zez_yjwNL(I7n=7ZaB6qQkaUBWV@MoB(%5VmlB{orL}(&x{cD7VPL!v>V>pgxNgTkj z;@`+MvZ&WPm4_!{{gl~Qs$eA!xPJt{C}V6)_qE#ZHsrrlG+sQCd&mitwqdG=Sh8=L zhl_X6);)-9x?4s2K}T!H#|0C)Ww?9$5zIlUW%xgl17I>m4e=Me-1Js#Z}R*7*pFP1 zF30q2gqLG_{z^=bS70=UU#xfU@QXdX9DeyL;TOvsg1U{>nr9 zXPpm_^8spY&IhQrD~Hv$3$nZA17y`bH}x{sj2jnu&{dcA(r_!E?|FBU|pV6oED!vU_3@P@vFGmSvCoM}^ zSNtS2SU3>(Wf;Vx%csK^!-El0%hAKe4hJku7VKbnG?vR~%Q}N?*QvSi!tJc! zIJVo%tkqNT@y?s*o?GifiC*BUI~F4EwD#N}HPzZ>)B3hllpLFRVRCF%#mV^qn*!z7 zEWv9Vo?t8_85JzYX2lQ~xB+5QB)hPU56!4IAH4fa4=zh-5VnyQ^a3u8pCTl?DWZQV#!DX}ZAwYE z$EPQFT9>Fr0hYz-5}Yn!d)slkgl+l;h-chYXgTG>g}<~!*6^ATMVtro2w_aWM&9Z1 zTOnQUyI3!WNgO8mo-m26)TD70h9e40)w_KO6Dv-QutPmv<5XcjF^%{B=;W1%|02${ z2)*t-?I+G}z3kt`qF5v%c=?K}ZsEfEevA1yP5tUgwC2D!=!r1vPj7BrJ4w_{5_g7A zAZ`oK>ur8r?6P%Qt@5K>3fD%$KOTu|BC8+B+rk&UCfC4@g9VKW0bRD}Jd6&%6`~E$ zw2}LNW!WOQrvm>+m7c!eSVER0X9lIf>O0}%nwHC#%0W(oZIXDZuebE43l;_0a=+MI zO20-kdDrO>Ne@wqp{OuC+Yt2=)_$S|JcRZSV2C^D!s(JX1tJpI!zhJXwUvPG_;!m}0;+FIb%rnX7x9yj*%x8X1>E%}m zr=e>=BjB+$1A&zes}6#)|H)S_zA1+jaxt$WOcflyN%QWqI|$zQ-tgz z$~PB^J$zy_ANXZe1dj_{!uzF3sE`4>j4ui<8Go&OQBJgUqUH9s<3!85BU&P1H0;Xh zgkfiMam2PrS(ord90Z*g6E_DoDuB0&n|n#=IDl_8;)*l&$w|jHn?QYt+T-j z)`At*5Uh?<*R#P@9OST%!#)oCd@tC?s{0>T_6*=Zt{VA2j#@OPPid_F@#%wzgeedY z{B899q5Ez}Wh(d-fsXeO*#NczK23p}Dv)W07xGIj z!Sa`Kwn66My(A5r2qgVNdiF1f?h#Wc^^na|zuV!N{CFL2h@)8#=Uhzbn zz%*Q0!EH9M>VkBzbwWI~9sfl`!m)M0JJ>qno?@sS{=sI;*<#y$m^il1!0E*8V*745 zUTht~XCFF_%_@AnSe=D<-z})UOPPmG%j;yI1xcU}<1F&}_I6qL_;ziwoh`Clp^LjB zab~?XR|zyX*XZup>Z-{xO7Dd18a?*RTnAN%c}A+I%@UxqnmYZ{_O|2nPxsDhYPAZp zJiM~4%g1Y?ti>VNv zSv9b1+Anevje$BaPWR?IL1hI|mq3rr#4hnF=WNTq_k|wh7wJ?iE;o&iBVQt8HGH3E z2!LNEuoxwX@NgnnAmV>v#>@hRKej^k6dYo+g_jIM_1dQ!5k(>>})ZojdIK(?F% zK`dHQxwm7}<~ex+dW9%gNfK%+kTPTGQ;0HrwpHxt(uTUUp`J?{`n_WFyOlQ7R;X1X zmtlXy*chu-hclK~i@$GRkdfev(ToW15&q#SPG|5-kZSt9H?PL0JM-@7r1C}p^&!_b z?bJY`#m{d~mfg7vqPho?W)fH^5V<8Rr>{$c&B<9#&T^D_t01$Mvm~kLgo%C^gSjED zz$x^%M#NIVCOfysZ82;}Lb7jGfy5cBN~YyUT^hcbeSo)tzmW!zKD!N#_f1ow-al-9 zd%0A5!{9s4q8 z91aTU9y*D#qauIBhYzRch%fSZ8iyG04L>C;1*qpd`%EB?64}%w1m=~-s3FMGMgRaz z3Wf?EQhE72L2z~rC%Xh;EiT0}@-pkSo!|%ziqs}-ftN)JY~x#Cp8C4>%2lFX$e(Y1S#6iD zdP|A4jCfU}^wh?*32@aFOJ^rQY2cXyzHU!QTTVn&<#lsH;Ldi%7SGA=mm~4y_QxOQm=$@oCumVWf2U4<7RNr06`LM zKx2gP6HxRP_q3uC9g@$^thRL5JlCX7Mx|$uu)04vkVj3596% zkcDA<^;zr@R`>ZbV4oMX2ct8Z#4+r6b22Pr#8K9}z0>d=PyeMR8W#Lq#zjTpEpg$q zobpHsAoDXhj&e!@NQs^SSJI~C5&O|)kjBx{7bXAD;uWVkzCM`AdkcMnfynzd6w16P zJJ=g~Z!xhJo1pVSR4fON5?J~Rawj0IVe9euYJH<(qBdQj@gp|TmNsZSg#!iYGieTa z794E9eNMx|4g>JxCp)x z8$uOZ@XhE2TZ*i4v5Gmv#7I?pS-{yjA%jwUl5!fs4-I>RFrtQk2WjFH;)Pbmrji6n z9|{1<==ug(91>-(VV%qe!~oJZ&$vMp3IQ|=Kmq}{`ZHA@UVG+Lp^R#-dp-jqCQz5S z!dkL$ah?53fY^!=d(6?|^jc}OZ+OGCDSN{(9cu4967qz&<^|jCF7-pEH?tRf-BWkfqU-9%?K;Itw_fG}Vl zfPicA#tpq^?JU;j#@Lz(Q(2c~4txz%Ml)L46D|G98jck$p8CmZ1=ftFw0H5ca`5_2 z90EGI_Sm_0?aHyM<3=oNXUf8Gw;C?aEVXok)!kIVbm>eWtmgW68uf;cvQl>O zk)9mdXC0IzI2KkBtE1*C8Xkr5YDUHFq;17}OkqTiVB+Bve;smQ4I@84eDUJ>qbGgc z&Tb`K0JjB^2&vNT36YPbpD@>3)p3)}v9Lp4IfNd0YW!N927mgq-~8(vxH~RYI;$ut{>-I5WB>tr|hrph-MON$#9Rl*EmALIicjot(-jipDg(vbICTMAl?x zS$m)@s$nzo6|yYE}R!fiKaJ8&HtwCW0^M*@5XUJ*|(I;BI4VZjcwFwhXpR$eX!9l;FD+jI^)dT2A8>gvfz#7n^|I;0U$XLX1A2_crzanupEvxto&ca* zEBEN-Zr|jj?SIQLR5s*JBr@?1USG|5cwbcB5Dtu52?0i~R^&kbh4h73L4dRFwTye4 z@H$I^kL&$4%kHPR^}<_H5i{XyiPVh1q67)GZN5KDDiw)`JQN;fnU^i%70*I-iKU)W ze;UstQd{xa6h}%1!<<+Qf*YAh_sNeMg^|=Jmz-6k%|Kl;&1Lvdx&6+AeE9Y68G8Fp zk$09xA-j`)>iy)4{|v!a}UTE2GKJj?X`6xjXR)grib%0Smw*&;TZ6UJittI+rGe z`j&i*dD$*Np35N5^!Sk>JabGMMdD;KqnhR@P#?j23XfRkZyoFi*=&FyvE_*)Qb6o{-xIf9Z9L6IKQoPed`1Z01d-)X5JB(1$C5#)(5FZDFQr(fLTNTlEEnQ z*@Is7vE7)@O1;YJq(^d_qT_@zn5oTUWPvJDG+o4T=Ia42@JE0ns`b5Nfp?_`N5Bzp zBM_u+WWCI5#xkpwoQqU-n;E+@C@Py#PR}8m_@SI|<9z07DPYv6i{o#IEV4~kYRy`! z!#UEz>~DC{X~9LdKEatTIad0x@JoLoKi~1YS0<_@<9u-ywc+{&$p9_!OS!H$rz-n0 zdn*zkq-y|TraGrScLmB9Mg3SojqZ>hk+LRbg1RCsxa+QPXI0y0lut3+rjATPuhTXZ z=u3PS>V7kR5O^0CK_axnJnT;L1|L!1t)}4j?j+jx-o-io&+)ea=^dWmtJu%ruk@F# z0fH~96BzhVy1Ee;v?!EQV;M4)LsNkadIQmh{}B6Cj@y}-LKdKp;%MM6ll;1I4gn_k zhYqC;(}}4lW`O^~8OD$ycRO399LXV#%KbSIp{1YB(JKxxj4ALf^GJ5iG-R4T(l+l7 z++f3=@+kUMwA$>CQ2!f5A|__;PX54_Cse0Qe0dzVFIj@G<3A9E(*^xc?s17p&qb|0 z{WoD;(Wk)~Ft{1c6gp89c8o6%uqKfZn7v95QJh0!j%b!!Szv-a_}AWk?M3aKM0=dL z)ZUPyM8t#b(QkV``H^iH!iuX*PqDq?DsU}dJG{7E($MvZuh3(e6;98r#7T$<$Y%C zy-;^U)6QWLUzO=VL!vsl=UyZI6s8^uzlJRP}a+`zKaK2Z@Nz=cp(k|)& zy6P_LkKq1#C}DG1hh5fTSKVb-)m=&mwRu`s;KdbqaRpu~yK)G9yCA#Y1zw~`W2$Q| zDRZE)Nam5A0S1B^bpLWQ-^{WtpayA-$O=2G1DmqegK zING}FE<+po8m$sg?1W7kLz!eNv--ThodcK{!?VHk>HlS&x{I$wx=wK=Fw?AnNRG6O zoqZCQG|e`Gxp~1&8N?(!Idsp?&d1wOPshP*D$(aSZLP>5n|<^Ke1}S`{t|?~X-?oy zU&1o<+uTXUJ+*Dzs4Tx>Ysaaap~a}ui5QL(@HOnMLF?`qjWh&NRQz4U;Y?*9R+%OW=S(_ZxkDunn9L>9Z^E#vZ7Zm66t7-$?VIuU9{Yfqs!(2+Ot(VVWUZvOnVpYnzT>#sMs9Fpo!< z2RykDUa-M@1xKffOal}L&~v!Rm*GQh`Nq1}18o6q>55se+6c(r965v*0l9Yu!SLX|;5r zUQ<>CzHX@w6}2HIMfe0I@Y56fwS3IX8Cp6*X97$H11QqYNB{B-Deq;o03qiQ*!nVI zveho=`G<39cfuPa=kjuxtRJJ39T_(!;Fj2q(%o)hX1mJaX1SRMe6@z=ync&@ixORz zKHMf?5pRB>iWy6H3u{7%7*C48SOPf=66l|T&4ckOLJ2__W$jpow**zcqmKspW}762~u$*+NDG?EyxU(@|p$-@EMfj(j@fB zs*Eia%Q-Q^Aax})!Cy`xxkpI}6Tb3rO)9na;6dBHU~}bZTbnCSdr!qIOE6i9SNsw4 z6TJa0IMSwZ_`u-DYqn67H+VdWZ#XiAu3!EUHK z#P~vM?vz%y?{qZ@gDC|BTV1^4^7ksPbCM0lFk{`(Q&y$SWT-ra`HI{bc(1SuTT^mj zE)D#AEf=rb3A^fzQs%GT*P4*U*Uws8c?WZmn;a`B*Yq|VTJ`(d=C>y zl!{$0RueL^&@x8z7?bM*%FFW6B#bAcB@3dF`V)zHBW>5&a2`K=bMW$+4(xsJ_w(2B zrJqt4@u#Cj5Ha!Jul;n%BKk*P7u@`;v3G5K24jj17Ot>dD7^kSxzB3elv%=cgLIz4M-&0Teybd9}ZaAtAa?U|%wI~{k}$sOD3*tTuk zwmY_M+qT`YZQn^I&vWLjIj5$kYCi0}KkwQf_Vr)ucdgYhWL7mSP#{WmWL#BhB~G&V zKwGg|Da-M1yym&)V#acJWFwr9@qXiyY(l!mr=4ru*^$uwa6|IKKqp_uF2M!6>gC(~ z%PKn%eW~e;!lB10VqE2+#EAx#jC#2?H*4alUg(N`Q!9RRYOBgP8{Y+fs##B(s8r*L zZB{WK0^vGj0t|&g5_;uS7y7PoZqJwRYI?_g?`u5a01o0(*TLxs8TTFzIEKB;`70&g@usWDS`ef`Av#OB(^m!7A(QJ{S9Qx2?MX$#W zH#xXr2DZSX?SE)K*{bV$G9-l-ahonqGtT|2kJ%gfV7^Er`>i#j6lip7}#R9z>4viBUu4 zt}OJ6Yk-L*?ySdt7Ah1%;^6KX13XL0dZ}n6kCsu2$2Cx}NA`aU%G9u~Bl)=n{u_!w zD(bBaM*oup3~j0fqwBi*I@kk>Hk&kGKmMmeIvp7$i$?VuI%e>=Uml5$$sU-x!Y5!6 zRKb=2Z0L}P;K*MOT_awU))TDGcb_CoVyYo2)UiM>z159aS_BX6h9dD32_1jizI6Vsi_+K+cpxHQD&BkENcwY%OPPD&gT2mRcYt5<`)q?_CN&2W;kx!zw zGqVw$lJtttDZNI(TZ=#XUtm!z2fJ~S_Bwuocum$Mt$FWSzMRRf7S?Ql{6iwnmr)am z+N4Q89lJ0K3Z~nsjXuoN&26Anq$h%jzlqCRct?NjMp+3Yr50m5{LOGE5zk}A#hr3o znEFa139rqo+!Ul}3EGz~TyGRd>mSP|cC@I^@L?Kw$}bt#K--GjhxQAnZQ35O*jB-J;H0n2=xSSq0}e>OGgxYSbp3VHW|*<;EdAq$@73 zzw}X#`qqX(O5Xb>lIq?(ToZO}Ri{(?HcW}dxZYst@)=igai0Uz2Qua>)$|<^i`o6bWP~x@e~nZB-&Qzml7q`T zqwNrfADwG0IWLAuJkSxdgcCO-J^(2I08sLZ&t!qxKs*x;)Z(vhYa zSOyeP30cwU>v%b*i#KNMANMgbBBC{kYfSe9IU&3gUfH11&+dC4V~1nUq6@i+8&(g< z%?L(@y^#MXm}l?1hTQYeuTmy@9f|nA?99dmL@O4ta0d1&_J7)`NtBVn4U}Bw9X~oV8!rnlGn_F1 z_8S*z{YpWdwa~7KizzRL4p#{E#Du9Jjgv*hA1Q@2a@{NMBWS*l-o1bQ##PNDce}xR zw#`=CewyG@sA6w1O;~9soXHgWH{_{?IGu6j$}WdzaP<|ravt1CKZD{J0_;#i{l1fl z*fjZjtu?m%HU34*KU(aS#OK(GAR9ARg{bA3so;!W_wy`Tegg>>9i4(22q$LID45ju zHVWL^U(Uy_pZ6V)6dJbNHE1#t$g-&0J_cuC z3pjuVU7n%37rTcy6S^=xYUOLrJyMq0RTMfSXVu3DWUZWKgH_tcR`^$6XVXu~F;7`F zwQYgkv1Q1fE|sp7C@rAmngs=UKe{jglhWSSl2Ad1e8L2v@gxk8TDQiFO5Mav7jCS9gqj~hRZ0yZO_COoJUI9McvA&6Ye;mE{JaJS9I?ZN z_rhxuOa4z)RI1|Q=%H6}w=U!+3IEt&Y2Z1kH3g(ozJ!Kl_x}Qw^Z_0ehUFPH_H`}5K$oKfGt33sg+PFJ-LBW zA`Aph&)GCL(Jc5?cNAIowPBQ?IZk^({LC=kBG~TR;@#@wafZ=s5SlPaE|OuzhBRd0 zr#aOb6HP=%Qkid|Fy2{>l}35#=jCQDc=UR}6f>_|;++C^I7LQ~@ae0&V3gqUsRnGl zkMdy{R^sO)E{<}c3eEB`BqKt)&7%B`b!_M5Vbt3^Z#SD5h{iP5!L(;jD7No9g0sMg z+@~C0{MiL&S-}DI)11`iO3}M;s<|&Oy@D2TIWv8Mm;G|!`)}5WmTWPJSp0#JRLgCr z5iw2j(TOpq=!PU$ZVS$bW%8qoYD>-&!fl;~=XKg<(xTX^T|GhRNVl{DBakxW2CTMa zTHOU!cBzGbDFbNySNA%>Z9-iMr9HEk>U*4rd*;aM{w6spvnw5KH3aBd<67%GR9uno z5qe1imP&3dy8So`;B}si!-=*b(O~JYW59^krd;n+3_7E#=ZX`V9lbmPN}R*%f85x| zOgUK{eZS=Dq;`4OP5YZ1PfgG~8u3zSkTlXJM~> z(TJo{0i;L?h%DTV9b`dK6Whe>K4Cf4bIml55L^&?=qWqMkyby^WwVmC#04t!)}Zb(S!YO+nhkh@z4pe)laonu*t9! z5bhk{{@XS3FO-!y|xYo#QPcFkui+h zqp+>QvW^HheqZdg`OBXUT0wQ*TCi?3ALu;Sf~hJ>2g6`ZgfwbLGpeV<{e2jn)x&Do zOHH<$-O}0~x*(51rYR&5Rqdu=cT36tNW>4_+1EL^tXxninCouZuccb9Wx|R{uB@j} zTsOSg_jIgTn?b|dqdHXLbOCR}&n%-$QCBVZmJYfk0`> zWNR2zP+cb7B6Vlh1P9y+w`L2ZJZhQ`8iX=-+_S{g8FlGYuof4@8cpPz?x1bjV78sM zRK?xRVz^;iJTICoy=^w*MGb3l1Q$}=qYKq!nt%<{3C=doyG;|3IxJRd2+6+ zsj-$Cw7M23L*UvxODmdh3lNb3R&Bagv_-lFX-X-xL=p6oH2*69#I*EjlTB7CL5GI+ zHh~EK6Tp)AI7!qON5P=i3P{3?WYS-#;Vq|+G{6AC4|w1;VdH#w8U#E^5$D&b-;=U; zU<>MQklUOdDBIsB(KcK6pgU42)ouZHVS8C}QEpaoWJBJsaa^5Ml35ddZnPGVB0N~s zvFSlr#j7mZYzvQ>?y9t)QM_7nr-E6*2v;VdvSsE(X+fYlO2XHY;`OP~ELMVg7J7}d z?W>(M|HU{KZ4@h3Czbuslr@u*d+G=tpLDKS#p855napdb3b2~U?i=02bzyNuZqjlt z0e*1n`)V(~-5mW}cwoWCj2}9o@5Iq!D>}D&dK?90f8``OaW2jL^6YxJ50>ZY#7_ZZ z2LQ0+j6pYbdPe{peF%Z|4}L zaZ~kj!B$zL@w|(jcEMK7jo2GDaO$JW*z8#+EX~&;CWhzGyj)drR+!=1k4x&%6xs@A zYH0;*Yf1h_u=iZ^PTcAO=4UPk6;_d~Mg==5!!-6G#Y^@tMrj5H+cqZQ!VUz;&$$a}<21KFXj8O1u=BYaXI(co;|e|R z8}uVk%DVQJsEzMNXSDUyvp3_S3}v7C#5!=WieB3WZn^#%L=^xu&LSmq(8-?BM-MO~ zF0e}_7=tw0jBV5%3x%Rs zPU#PN2B1`h#^rK%kISt7J(j;VV|9DrgDO1v=@-TeqQtV(fY2%yMtQCj<7B(bM4cqm z>g+%x)jBUkoJ3&&h$95jU=jG^d=ga)M-WGmDR)u_8Xzj+0? z;v%dWeduk5+HUmjC;Ub=o3E$74*^C>X@Kwny$D!$sZ)m`vHfZNh(Jo*{7J&!0X{%8 zL}ptqz4}LPMgGf;R5PGL(@=Pt&z7|S{2n$kkFK>JikASepu-xG#p0FZX&zs zflcCIK~tE=C`&w-{pjd+7lCYMkX1yHa@2>24zT+YA*1DH+NCq$tbgx!kVWQn$wAAN z0F?0(Y~_^_SVcU+dtR3A_8tZRp^z{fHP%Zkj&PB8wy1>$iOk&kfKtial$XRdw{YvV z=kD1+ATbZe&|&eM{eh%WWyrN69ncsoQa*s47XM20q=alJWnU35r@rfwo!7V{ZwUXf z;+$SvR$|$?T@-)plI~irdraPBG51P85Fc(I#mwmN>K9`;7!+*K9W7%^%`SFw_TqOMeM! z|9>NA-g!Yr+m(N8@P`z97K?T>)}Y*QUvSMqP8+JzV=9Ulyy3o|@~(p1elLgUFYK1^ zHyuCSe$4Gwi$S!u^A>`^pswe3Ir&YzWEcIA?8`k3;Mnbjf#Ox6`A>qA=Ps z3Tzf+yy7(GtI1C@4sTi5Z}Gz@VZdRE8Quyqkt=Z>>(>kUUBWebg54Lo^-j@=iCOYz zA1SLAsF4dBcij~xYT z_@d*2Fk^RGWUnPLJ}ue0;u1hY-_gOU57%ilI(EQm%cZg3!ERiVuaUlFPUMknyo`=d z7lZH=Zm%i=wQ{G9`^Q==7Z=8{ud0vrLFqpK>K?+~FOib<;ynyjr^{G;<}qt(>{z6J zOt%7S7#;7B!AE{+Y&W2}-p=sPTC0alm0eNEo5ZPme*;$lTKH{~r8!+`)ORJvk59fm zQu)P8p|6gu7V)f(i@4?h`&kQHV3QFQywh|iPxl!QY{Zr#meq_Alusk01W%MwfbVc^ zgN8_tUSrw1h0q-2!(%rEwq7$;^0bT}t*|->8^9uZh!+2u?(tUVDm2fCZRcRO#Lx7wHU=j5E*_^5HsX< z$+S*XZS#1-&-3yBCA^0&Y(B`=zBX-E4o{Jz{;yHMOp;|WD+BiHWQ>>g$#*7mW(^d@8XdTXkeWo$a0P$L5A+1)zQEl6p~6+7JT69p05Nv* z4x~m5Co274Oxzt39kbB?V&YoCTlPNWm?hLj16W zm+OpmH$eRQyf|Ix`m9cN16*pN;ml2#vhu%B5afddc&tUwD3d7Lz4`cgP}yGJ>BX+* zPMF^89D22f1pc2~oZj{!@t+uiR-_Rn^6o}z`1!FNrJ6O*lfu|RY?M)Hsy zb}=v40aIz?UU6o{zn^=fc3D*nWmr2-QJ#k(k`rVvx9&|ZMSA1-{n(&{9i7*$3 z_HbURUUT6f5dB_m5YUx_Xx!oLRSv4u3^~hX^Fz5`q|EsLh35Eayk)||GjMXW_8Pu80uDQ%!+!uerVR}tmVPxU;eSHU zZ-TUm`BiOlup8e0RCP=}^UyJE61Wt^Q|y2)kMr!-u2!m4d{xwMu^>6z04;4mjWHpd zqR}@xckS&@q}$3S$|0B%$?5oiz;g~ZL`*@q5C1^|DJeR43);n?97+?Q%}!fLP{IW5 z6!^ELDF)D773Ff`kGx^bh0?b$=>f$-tUjg4G5pYG&qQaqg@*Q zEm$h|`y;~*YAF%H|6Z`DLg?E6)7-4>W5N%dmaW zOQ3JHH;I~7V+pA2%L@n~n=uy>4~Y0Z_+1xNDT;kwjZkaFwMZ$sN(vn)J<@FxExNus zFOk4L5g;BWZ_SG&K7sDYPeM7Y*PQ&Tk${v}dTmx2JB03RMtGo9oH3eLgWW#zm~h|CPZ>% z4K13c74-+eEq(T8K4&Ku{;m)zP<8%n>Zu|B8(5YZ%g*%8^WFDtYXu&ClXJ47?8ty# z`Iy`8f|;C#FtRn`X+B?q@EiY`mxY^jngOCuv(M;~Ss%Asu&?Kxkrdg-uc4>A5mVVO zmz%xAg=46hoDVk;U*D&_HKdu(Bc9Ez=1539fF#eg?Sx+Yji9e}PxJP*c_4{SJZZ8l zRyMa|VddW{l4}JIVW`lpul$k0zx+ad_y!aftf&l@x`EJJCscee`<78G#eB3MnR#{; z+xnyAKBZj}sd{RQ1ifYwlr#h$rX#j7BgZ3wuKO(`xR7>O>1%op(bNBS9RyWTA3M*A z2$cqU&VCrj<-5K*y=;fjDa*E^P3SlOl*Xc-!Zlg;ypKK4z-g>3L_X)f@bTf~-Sgvr z3=GPH4uGh1$^CS|-m&mSKo->Lfk_6fyxckc5iacx6TF9f^0KWYQ#`Qd1ljg*vy`mV z#wP7rvX4`BH5+{uzo}i{C3|SezpZh|Al$%)QB$KJ9*uq+~u*x3hy z1`Bk$d03k$iRPQhxANnEA3J$NTCyfINm&?%k$rq_yk|aTd+;cskI9@{%=w{&VXJ=lW4sK)ES-!hVuJgD7cZ;X zx9HWuYD-|ll-?BtR(s7HM;1rT4E;;@J$hJV9D6s~F65jq!zU%T49W;f-f!!p1{kM3 z0rtGr@V3R@3%i$gCeL#OzhDdg`iRmCLo4DPpE$VBj6fSWoAW-hmKYp0k^7z9bcW}V zLBaJS%{EJq&*#4Q39cVf&~s*w{R?8bH_*y5Ovp(`c>h8hPybk2n|=ddC#1yL4V1t5 zmeIeV6FNOGwav>8k{!WlLN!yk%&8-4U}@er(yiw93hNN63!zj{XTrHhVs_D`J*)wk zm7_a!y7I=5B+1>yL`Li-$->;_6YN#~cJ;cwt$s^1lfK%GI#L3`>vQ~1#~E-D$;KK( zPo;%ve6k`uY!?5O-Q)F{PyEH>dHZk7m&<$&Fe>j4b}X4H zw6Z+|D=s6vv#UrTHzP3TDECk(dFMxqavkwEG%s$fPAd5oXN7U6V0!4+{6D4QA#`Mn z7#M4i{hJ8wdyWP$tiAEr#r{xcn^d#PWY)@N^sg_?q{r*bP<~o33L@r0UyRO2zMM}> zHTA5RHT(T_QAu3ORV95I4E-FIX*<`*YOnT2r^)YHQi4#}*aZhX7<#d$-CHXHQd_vM)e-)=R{_J!YCjz-eyUZ*>mUoa z!TrbLYEyEDy1~VwgRNa?dCqdIoKLR%oN-wwX;Sh~iYR=N)qSOIrhi1B@8?U+o68f9 z(XpwgB^!m2OhT5wQy4ZDP?;6|U(-MQMw*MO(4$Rdbm-ZqtKeXL{I36Z8-bE4L{#@kKE-sKtL}mVbCc_w{MWoN9-#+XF_)su zYR=2=-2>x@>cVyJQg1Wph7}a$Tb7P7J#FcPK2Fr%`L}z<7%;ad&806w z;EN%~7oX?tUfaM|hZ*N5R_Il@;EI_4Gk@_*$o9}o28FLnP$&QN%Y#rVN?CPq zrMBNAg3wn>zNb8FVTASsJ{)(=ODDNbYpt$@nA^@}_!7h%-i`O!h}fUxf{DN`6ZB5K zwFbBr~zjKy-rw*UV*-e-}`PkiVfg^yguYp*o@79(4(-+<1aNQap8jr=3&Ig-M z{F(2{zQi-#W&D#s-^T`DP_ZY3gwb7BIc!OCO5S`lOufSF8bd zoSMHOvGF5WqZr)q1{>yc@-6zyXlHs{Yw3}Vodn>R_hX{7^a)QCtTTCCQ6c6!77dMJ zf>738x+KpU@!$}jy)W1Kdw(6Gn?-(U7cP)jsv3{3)MzMag$bPzSkH77@P97h!qi%e zs+bN%$2OGw*gz0zZeI@_W=n4+QD&4?`FB9q`Ft)ntQ1=B@+5xCQqV_iaO%M?9t62= zP}Lf((y6YY<9nj0`?w{|pfJQwcHdCRkVUx@;kxEvRvZc!$sYchYqn5l@}r|KW3KsO z2B3@w@le&5h)^4GrGvJll7~tXX}W9&Z^?oMJZ@T#goO7hku48AefTb@xS7sewyrpC z-m-Ypt)@92xD;%f`cCkg(dFg(^>H0(I^*m0w%^dh!}GHHdQbSD?jLDVB=*0Z{ehud zdOKN>fIaRslzoW#eK=bI7>Ix}*Wu7C!}*;W-x*TY_p|r#XZHI@hqc32PCz10bU|58 zZanD0GrbAZ<|aEX#-F#7UGxb9B$csWL=gWHpe&hixp(4MkSOr~WacFutP>;R4wIel zSHX~{Uc~b59a_=;Rlj??R=}q`w=!%bgv5Ydn29ra;a484!?~nxjWfSDYmbc69pFbG-ogLCEXULt-re}^`;)CjHIhMtBO4sU z!TKJ|{^Ui@x^)$ZAP~dC=Ais^){P)xMyb}S)!3?IXF#!znAp=6hI-}tQjh0q7!%$T zNfNANZb)vLuv=eHZZ54t`%+WSyuuu`MhYH4DbY4Q`{1W66z1s@yw3UZ@BN|B$l9_r@8Qh5iD6mzD7 zKzMVFzkf{noWHHfBHp&MCycx&{L2%$c-2F#9Sxg~S!$HNZ_?b{52~7D60ZI=_hmsI z8eZ{r?N{rv7a`MrG4CIoXaPTQjIE$KPRG&NT3SIJq1-6;iQONWxS>5od=qF)pkT!0 zfQqQdu;Nrwc_YtYd*ajWN@xzBUPX^?sy}f{yxaW+@vpiZs{rrNrcjc*!0Zoh-aBY0 zb7$%y+o2Rf)P9&`F~0yjl}g}`A;amHaDBShk~5c~yW2qH8*m5XM4LDpto6H7-V%l* zD_yqZSuVsnR_D0;tIlMO=>|MrWJ9(*!1=YKtJHnX8T90fA&ddzJ;Jh`R#H~0#?FxR zu3h;J6{Z|Lh+Fgv1}Nj;*M8SYlZlT6Rfk6ZhJcqpn|l&!8O;FR3zq#v13f)&G=gTITh6MZ2%!E97E0P^>IFTw}tW3O3R%qgPc7W z3r@Eh!N2FUQ#BCE&r1$#&61fAM)NHYGSatWti$GHd1_<6bkktmhFOo#YV_-V_MK-> zN_HA;py1m9_({M$6pB|Pc1CI-opru^8M>uW;Znpj8%!URQjHoYQL4YJbgB@vAf13w zZAUNX6(}mvdw*XljzLg2s%IeRR9Q)$N|77=Sm!;NO+DA&&^dlu2 zEtkwWDc=qE;Vm?7_9%x=J81!h*o#bly1l-}4`)n}Bq;5WBPGvNFdT07DtbCTK{R z(JXu%2VcomXgW8szvnVS`39&dc8n~vAsc8dIM{Vg4qw65rz4S<52VFCM}#S_z`ic3 zolieF*5_BE{^u9*?3W}-uO6!YtA;P}(!JNO>}7otUT$)w06OG42m>C>c$g`wf8C&O z_M=TOIGliNj=!Ef1N!(pNn0|->`I-aL)0A;$mm+9!q;aSuk)%9 zc8UOVa=C)dwojNbwoh#8r)oFo4s5wGrNJkb6Y)LquJCeP)3tvsx;6UM8SMgOKvt?5 z;6RxeA#934krL*x{~1jE7o!#rvbt<-AmGRDWtY}fRT^UuOC5w3yzpumv!#tSGaVkM zl-#-0am^hpR_k~5=WCE0IL{~e4w&o?3i3# z*!t8d;@#Yg7Zbr!LuC*n*!pACO&{4xL4v;nLcix}_8c}pqdd$a=R{t5v5?{{A7G(? z>8yaoLK#)5EV3bwV{Sn*Q=w=PV-}<;oTT0t?#u^Gr%C4I=}tzLH##gUs{+bfBxWI+ zb|VOe{j+x3sjo#ncG+&$FzH876 zHhSM>PJ!)V7<-oY!Db@NU#nKK=Lw=xm*T@ARP}Im*!H3yL*46PR9Gi2A6RCoyIx2?cOJ07BB|cf&yZ`v;V#XARR~saU zJL)^zy+KOS}62hT})y>vd9bxy~}O;6P(E)Jh2I3J}dmY6A4Wh)e)%OWsql7Y3x%3bE6STJS#+{ zMU<`1){wK)m$X}xIzImLyO?s)cZsZu2{gi=jASRI?i}8~$lOU$&mJ|JIHug9m*XZ~ zz1rBV41O6hP;Y{{gfxdG4dS%M*l<{5;n$bg5O*v2cD}fhl_Ikh2W)egk9D+%HrnO7 z5v`Wt;{GNLb@){CAi}bc$Efi@o?3wkcOsJ+q|j?gJxX0>zgt0oe93F{t2)~`uDLr^ zPcbua+R1Zc+3T^q#o_FCiO+ieTN%=Frxhoqeuc=rc)_3bx)-npPJ%Dbqg&gIp%Q=B z$blX@>hAqH{8$}e*<^ugYY|-oh35?A5Ei#1jVKP#LCA)+y0X=>y6q_a|NGXm`AJu5 MquU1Z0uS Date: Mon, 25 Sep 2023 10:35:09 +0200 Subject: [PATCH 12/24] Release 0.0.3 golang-external-secrets --- golang-external-secrets/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/golang-external-secrets/Chart.yaml b/golang-external-secrets/Chart.yaml index c8ef35ae..9b2c3b6d 100644 --- a/golang-external-secrets/Chart.yaml +++ b/golang-external-secrets/Chart.yaml @@ -3,7 +3,7 @@ description: A Helm chart to configure the golang-based external-secrets. keywords: - pattern name: golang-external-secrets -version: 0.0.2 +version: 0.0.3 dependencies: - name: external-secrets version: "0.9.5" From fc06ec7368ff7493821f4de0f6d34dfde45d24d4 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 27 Sep 2023 07:59:57 +0200 Subject: [PATCH 13/24] Release 0.0.3 clustergroup --- clustergroup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clustergroup/Chart.yaml b/clustergroup/Chart.yaml index 031b6ff0..98e44d9d 100644 --- a/clustergroup/Chart.yaml +++ b/clustergroup/Chart.yaml @@ -3,4 +3,4 @@ description: A Helm chart to create per-clustergroup ArgoCD applications and any keywords: - pattern name: clustergroup -version: 0.0.2 +version: 0.0.3 From edab5060c1605227e6be8e0d274c31063166d825 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 08:17:28 +0000 Subject: [PATCH 14/24] Allow custom templating in .extraValueFiles --- clustergroup/templates/plumbing/applications.yaml | 6 +++--- clustergroup/values.yaml | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/clustergroup/templates/plumbing/applications.yaml b/clustergroup/templates/plumbing/applications.yaml index c09e3c8c..227efab3 100644 --- a/clustergroup/templates/plumbing/applications.yaml +++ b/clustergroup/templates/plumbing/applications.yaml @@ -59,8 +59,8 @@ spec: ignoreMissingValueFiles: true valueFiles: {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 12 }} - {{- range .extraValueFiles }} - - {{ . | quote }} + {{- range $valueFile := .extraValueFiles }} + - {{ tpl $valueFile $.Values.global | quote }} {{- end }} {{- if .useGeneratorValues }} values: |- @@ -212,7 +212,7 @@ spec: valueFiles: {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 6 }} {{- range $valueFile := .extraValueFiles }} - - {{ $valueFile | quote }} + - {{ tpl $valueFile $.Values.global | quote }} {{- end }} parameters: {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }} diff --git a/clustergroup/values.yaml b/clustergroup/values.yaml index b63e8cc2..71ad088d 100644 --- a/clustergroup/values.yaml +++ b/clustergroup/values.yaml @@ -8,6 +8,11 @@ global: installPlanApproval: Automatic applicationRetryLimit: 20 + # This is deeply unpleasant but makes values files easier to template + Template: + BasePath: "global-vars.yml" + Name: "global-vars" + enabled: "all" # Note that sometimes changing helm values might require a hard refresh (https://github.com/helm/helm/issues/3486) From ba686e2a6b58920b658d81b16a92d340eff9555b Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 09:05:10 +0000 Subject: [PATCH 15/24] Support pattern-wide templated value files --- clustergroup/templates/plumbing/applications.yaml | 15 ++++++++++++--- clustergroup/values.schema.json | 4 ++++ clustergroup/values.yaml | 1 + 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/clustergroup/templates/plumbing/applications.yaml b/clustergroup/templates/plumbing/applications.yaml index 227efab3..a54ed99f 100644 --- a/clustergroup/templates/plumbing/applications.yaml +++ b/clustergroup/templates/plumbing/applications.yaml @@ -59,8 +59,11 @@ spec: ignoreMissingValueFiles: true valueFiles: {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 12 }} + {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }} + - {{ tpl $valueFile $ | quote }} + {{- end }} {{- range $valueFile := .extraValueFiles }} - - {{ tpl $valueFile $.Values.global | quote }} + - {{ tpl $valueFile $ | quote }} {{- end }} {{- if .useGeneratorValues }} values: |- @@ -147,8 +150,11 @@ spec: ignoreMissingValueFiles: true valueFiles: {{- include "clustergroup.app.globalvalues.prefixedvaluefiles" $ | nindent 8 }} + {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }} + - {{ tpl $valueFile $ | quote }} + {{- end }} {{- range $valueFile := .extraValueFiles }} - - {{ $valueFile | quote }} + - {{ tpl $valueFile $ | quote }} {{- end }} parameters: {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }} @@ -211,8 +217,11 @@ spec: ignoreMissingValueFiles: true valueFiles: {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 6 }} + {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }} + - {{ tpl $valueFile $ | quote }} + {{- end }} {{- range $valueFile := .extraValueFiles }} - - {{ tpl $valueFile $.Values.global | quote }} + - {{ tpl $valueFile $ | quote }} {{- end }} parameters: {{- include "clustergroup.app.globalvalues.helmparameters" $ | nindent 8 }} diff --git a/clustergroup/values.schema.json b/clustergroup/values.schema.json index 07f8e717..4b94bf26 100644 --- a/clustergroup/values.schema.json +++ b/clustergroup/values.schema.json @@ -234,6 +234,10 @@ "type": "boolean", "description": "If set to true the values is used to identify whether this is the hub cluster or an edge/spoke cluster configuration." }, + "sharedValueFiles": { + "type": "array", + "description": "Templated value file paths." + }, "namespaces": { "type": "array", "description": "This is the array of namespaces that the VP framework will create. In addition, operator groups will also be created for each namespace.", diff --git a/clustergroup/values.yaml b/clustergroup/values.yaml index 71ad088d..36e02636 100644 --- a/clustergroup/values.yaml +++ b/clustergroup/values.yaml @@ -20,6 +20,7 @@ clusterGroup: name: example isHubCluster: true targetCluster: in-cluster + sharedValueFiles: [] imperative: jobs: [] From 79453fd6cc09c6be22ff0b682095cd3d804aa979 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 08:25:07 +0000 Subject: [PATCH 16/24] Update tests --- tests/clustergroup-industrial-edge-factory.expected.yaml | 3 +++ tests/clustergroup-industrial-edge-hub.expected.yaml | 3 +++ tests/clustergroup-medical-diagnosis-hub.expected.yaml | 3 +++ tests/clustergroup-naked.expected.yaml | 3 +++ tests/clustergroup-normal.expected.yaml | 3 +++ 5 files changed, 15 insertions(+) diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 6ff3a848..dfed17f2 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -135,6 +135,9 @@ data: targetCluster: in-cluster enabled: all global: + Template: + BasePath: global-vars.yml + Name: global-vars clusterDomain: region.example.com extraValueFiles: [] git: diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 3f5207ab..75683c47 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -296,6 +296,9 @@ data: targetCluster: in-cluster enabled: all global: + Template: + BasePath: global-vars.yml + Name: global-vars clusterDomain: region.example.com extraValueFiles: [] git: diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 4ffbd77d..561feb8c 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -283,6 +283,9 @@ data: targetCluster: in-cluster enabled: all global: + Template: + BasePath: global-vars.yml + Name: global-vars clusterDomain: region.example.com extraValueFiles: [] git: diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 7f167c74..95a8a410 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -65,6 +65,9 @@ data: targetCluster: in-cluster enabled: all global: + Template: + BasePath: global-vars.yml + Name: global-vars extraValueFiles: [] options: applicationRetryLimit: 20 diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 4767db6c..5780ef8b 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -192,6 +192,9 @@ data: targetCluster: in-cluster enabled: all global: + Template: + BasePath: global-vars.yml + Name: global-vars clusterDomain: region.example.com extraValueFiles: [] git: From 2c5974c61f8691d7b676525194674426be30e878 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 08:35:39 +0000 Subject: [PATCH 17/24] Pass in platform and ocp version as charts would expect --- Makefile | 16 ++- tests/acm-industrial-edge-hub.expected.yaml | 2 +- tests/acm-medical-diagnosis-hub.expected.yaml | 2 +- tests/acm-normal.expected.yaml | 4 +- ...roup-industrial-edge-factory.expected.yaml | 12 +- ...tergroup-industrial-edge-hub.expected.yaml | 72 +++++++--- ...rgroup-medical-diagnosis-hub.expected.yaml | 132 ++++++++++++------ tests/clustergroup-normal.expected.yaml | 22 ++- 8 files changed, 185 insertions(+), 77 deletions(-) diff --git a/Makefile b/Makefile index ad61cafe..f0593552 100644 --- a/Makefile +++ b/Makefile @@ -150,10 +150,18 @@ argo-healthcheck: ## Checks if all argo applications are synced CHARTS=$(shell find . -type f -iname 'Chart.yaml' -exec dirname "{}" \; | grep -v examples | sed -e 's/.\///') # Section related to tests and linting -TEST_OPTS= -f values-global.yaml --set global.repoURL="https://github.com/pattern-clone/mypattern" \ - --set main.git.repoURL="https://github.com/pattern-clone/mypattern" --set main.git.revision=main --set global.pattern="mypattern" \ - --set global.namespace="pattern-namespace" --set global.hubClusterDomain=apps.hub.example.com --set global.localClusterDomain=apps.region.example.com --set global.clusterDomain=region.example.com\ - --set "clusterGroup.imperative.jobs[0].name"="test" --set "clusterGroup.imperative.jobs[0].playbook"="ansible/test.yml" +TEST_OPTS= -f values-global.yaml \ + --set global.repoURL="https://github.com/pattern-clone/mypattern" \ + --set main.git.repoURL="https://github.com/pattern-clone/mypattern" \ + --set main.git.revision=main --set global.pattern="mypattern" \ + --set global.namespace="pattern-namespace" \ + --set global.hubClusterDomain=apps.hub.example.com \ + --set global.localClusterDomain=apps.region.example.com \ + --set global.clusterDomain=region.example.com \ + --set global.clusterVersion="4.12" \ + --set global.clusterPlatform=aws \ + --set "clusterGroup.imperative.jobs[0].name"="test" \ + --set "clusterGroup.imperative.jobs[0].playbook"="ansible/test.yml" PATTERN_OPTS=-f common/examples/values-example.yaml EXECUTABLES=git helm oc ansible diff --git a/tests/acm-industrial-edge-hub.expected.yaml b/tests/acm-industrial-edge-hub.expected.yaml index 444b833c..a474b4e3 100644 --- a/tests/acm-industrial-edge-hub.expected.yaml +++ b/tests/acm-industrial-edge-hub.expected.yaml @@ -234,7 +234,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: factory - name: clusterGroup.isHubCluster diff --git a/tests/acm-medical-diagnosis-hub.expected.yaml b/tests/acm-medical-diagnosis-hub.expected.yaml index f79e013b..f54648fe 100644 --- a/tests/acm-medical-diagnosis-hub.expected.yaml +++ b/tests/acm-medical-diagnosis-hub.expected.yaml @@ -225,7 +225,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: region-one - name: clusterGroup.isHubCluster diff --git a/tests/acm-normal.expected.yaml b/tests/acm-normal.expected.yaml index 900cc291..0429824d 100644 --- a/tests/acm-normal.expected.yaml +++ b/tests/acm-normal.expected.yaml @@ -628,7 +628,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: acm-edge - name: clusterGroup.isHubCluster @@ -722,7 +722,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: acm-provision-edge - name: clusterGroup.isHubCluster diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index dfed17f2..42d0c975 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -139,6 +139,8 @@ data: BasePath: global-vars.yml Name: global-vars clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: hybrid-cloud-patterns @@ -415,7 +417,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-factory.yaml" + - "/values-factory.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-factory.yaml" + - "/values-4.12-factory.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -428,9 +434,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 75683c47..5a112b6e 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -300,6 +300,8 @@ data: BasePath: global-vars.yml Name: global-vars clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: hybrid-cloud-patterns @@ -688,7 +690,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -701,9 +707,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -745,7 +751,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -758,9 +768,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -793,7 +803,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -806,9 +820,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -841,7 +855,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -854,9 +872,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -919,7 +937,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -932,9 +954,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -967,7 +989,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -980,9 +1006,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1042,7 +1068,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1055,9 +1085,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 561feb8c..0f754109 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -287,6 +287,8 @@ data: BasePath: global-vars.yml Name: global-vars clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: hybrid-cloud-patterns @@ -633,7 +635,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -646,9 +652,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -681,7 +687,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -694,9 +704,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -729,7 +739,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -742,9 +756,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -777,7 +791,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -790,9 +808,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -825,7 +843,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -838,9 +860,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -873,7 +895,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -886,9 +912,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -921,7 +947,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -934,9 +964,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -969,7 +999,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -982,9 +1016,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1035,7 +1069,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1048,9 +1086,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1083,7 +1121,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1096,9 +1138,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1131,7 +1173,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1144,9 +1190,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1188,7 +1234,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1201,9 +1251,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1245,7 +1295,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1258,9 +1312,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 5780ef8b..551af959 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -196,6 +196,8 @@ data: BasePath: global-vars.yml Name: global-vars clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: hybrid-cloud-patterns @@ -543,7 +545,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-example.yaml" + - "/values-example.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-example.yaml" + - "/values-4.12-example.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -556,9 +562,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -600,7 +606,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-example.yaml" + - "/values-example.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-example.yaml" + - "/values-4.12-example.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -613,9 +623,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain From 491d5218221a2deada15299bbe0f839c40d4a211 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 09:04:43 +0000 Subject: [PATCH 18/24] Add test for value file template expansion --- examples/values-example.yaml | 5 +++++ .../clustergroup-industrial-edge-factory.expected.yaml | 1 + tests/clustergroup-industrial-edge-hub.expected.yaml | 1 + tests/clustergroup-medical-diagnosis-hub.expected.yaml | 1 + tests/clustergroup-naked.expected.yaml | 1 + tests/clustergroup-normal.expected.yaml | 10 ++++++++++ 6 files changed, 19 insertions(+) diff --git a/examples/values-example.yaml b/examples/values-example.yaml index 4035c431..2a224b62 100644 --- a/examples/values-example.yaml +++ b/examples/values-example.yaml @@ -11,6 +11,9 @@ clusterGroup: name: example #insecureUnsealVaultInsideCluster: false isHubCluster: true + sharedValueFiles: + - /values/{{ .Values.global.clusterPlatform }}.yaml + - /values/{{ .Values.global.clusterVersion }}.yaml namespaces: - open-cluster-management: @@ -63,6 +66,8 @@ clusterGroup: namespace: application-ci project: datacenter path: charts/datacenter/pipelines + extraValueFiles: + - /values/{{ .Values.global.clusterVersion }}/{{ .Values.global.clusterPlatform }}.yaml imperative: namespace: imperative diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 42d0c975..8c37450e 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -115,6 +115,7 @@ data: - manuela-factory-ml-workspace projects: - factory + sharedValueFiles: [] subscriptions: - channel: stable name: opendatahub-operator diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 5a112b6e..24f37053 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -257,6 +257,7 @@ data: - production-datalake - golang-external-secrets - vault + sharedValueFiles: [] subscriptions: acm: channel: release-2.6 diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index 0f754109..eb367bce 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -260,6 +260,7 @@ data: projects: - hub - medical-diagnosis + sharedValueFiles: [] subscriptions: amq-streams: channel: stable diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 95a8a410..1ec01860 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -61,6 +61,7 @@ data: name: example namespaces: [] projects: [] + sharedValueFiles: [] subscriptions: {} targetCluster: in-cluster enabled: all diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index 551af959..f96708a9 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -81,6 +81,8 @@ data: path: common/acm project: datacenter pipe: + extraValueFiles: + - /values/4.12/aws.yaml name: pipelines namespace: application-ci path: charts/datacenter/pipelines @@ -175,6 +177,9 @@ data: - excludes-ci projects: - datacenter + sharedValueFiles: + - /values/aws.yaml + - /values/4.12.yaml subscriptions: acm: channel: release-2.4 @@ -550,6 +555,8 @@ spec: - "/values-aws-4.12.yaml" - "/values-aws-example.yaml" - "/values-4.12-example.yaml" + - "/values/aws.yaml" + - "/values/4.12.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -611,6 +618,9 @@ spec: - "/values-aws-4.12.yaml" - "/values-aws-example.yaml" - "/values-4.12-example.yaml" + - "/values/aws.yaml" + - "/values/4.12.yaml" + - "/values/4.12/aws.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL From 7cda9c48f9861563dada519de40d89134e0eb683 Mon Sep 17 00:00:00 2001 From: Andrew Beekhof Date: Fri, 29 Sep 2023 09:29:38 +0000 Subject: [PATCH 19/24] Drop the Template.{Name,BasePath} hack due to problems with the imperative configmap --- clustergroup/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/clustergroup/values.yaml b/clustergroup/values.yaml index 36e02636..e9720d20 100644 --- a/clustergroup/values.yaml +++ b/clustergroup/values.yaml @@ -8,10 +8,6 @@ global: installPlanApproval: Automatic applicationRetryLimit: 20 - # This is deeply unpleasant but makes values files easier to template - Template: - BasePath: "global-vars.yml" - Name: "global-vars" enabled: "all" From 8d84b0abaa14a11d9aa5df87d0ecdbee2f513925 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 2 Oct 2023 11:30:55 +0200 Subject: [PATCH 20/24] Fix up tests after last PR --- tests/clustergroup-industrial-edge-factory.expected.yaml | 3 --- tests/clustergroup-industrial-edge-hub.expected.yaml | 3 --- tests/clustergroup-medical-diagnosis-hub.expected.yaml | 3 --- tests/clustergroup-naked.expected.yaml | 3 --- tests/clustergroup-normal.expected.yaml | 3 --- 5 files changed, 15 deletions(-) diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml index 8c37450e..3eed3296 100644 --- a/tests/clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/clustergroup-industrial-edge-factory.expected.yaml @@ -136,9 +136,6 @@ data: targetCluster: in-cluster enabled: all global: - Template: - BasePath: global-vars.yml - Name: global-vars clusterDomain: region.example.com clusterPlatform: aws clusterVersion: "4.12" diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml index 24f37053..12e1ee28 100644 --- a/tests/clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/clustergroup-industrial-edge-hub.expected.yaml @@ -297,9 +297,6 @@ data: targetCluster: in-cluster enabled: all global: - Template: - BasePath: global-vars.yml - Name: global-vars clusterDomain: region.example.com clusterPlatform: aws clusterVersion: "4.12" diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml index eb367bce..9efc2431 100644 --- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml @@ -284,9 +284,6 @@ data: targetCluster: in-cluster enabled: all global: - Template: - BasePath: global-vars.yml - Name: global-vars clusterDomain: region.example.com clusterPlatform: aws clusterVersion: "4.12" diff --git a/tests/clustergroup-naked.expected.yaml b/tests/clustergroup-naked.expected.yaml index 1ec01860..75359902 100644 --- a/tests/clustergroup-naked.expected.yaml +++ b/tests/clustergroup-naked.expected.yaml @@ -66,9 +66,6 @@ data: targetCluster: in-cluster enabled: all global: - Template: - BasePath: global-vars.yml - Name: global-vars extraValueFiles: [] options: applicationRetryLimit: 20 diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml index f96708a9..d6886bed 100644 --- a/tests/clustergroup-normal.expected.yaml +++ b/tests/clustergroup-normal.expected.yaml @@ -197,9 +197,6 @@ data: targetCluster: in-cluster enabled: all global: - Template: - BasePath: global-vars.yml - Name: global-vars clusterDomain: region.example.com clusterPlatform: aws clusterVersion: "4.12" From 61dd6e7af45581131e4bfe6c928158639bb6ea09 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 2 Oct 2023 14:10:19 +0200 Subject: [PATCH 21/24] Release clustergroup v0.0.4 --- clustergroup/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clustergroup/Chart.yaml b/clustergroup/Chart.yaml index 98e44d9d..1256786b 100644 --- a/clustergroup/Chart.yaml +++ b/clustergroup/Chart.yaml @@ -3,4 +3,4 @@ description: A Helm chart to create per-clustergroup ArgoCD applications and any keywords: - pattern name: clustergroup -version: 0.0.3 +version: 0.0.4 From 2c34456e40e1e1f423d3ceced05554ff98452b05 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 2 Feb 2023 11:06:30 +0100 Subject: [PATCH 22/24] Add --pull=newer when running the container From https://docs.podman.io/en/latest/markdown/podman-run.1.html#pull-policy Pull image policy. The default is missing. always: Always pull the image and throw an error if the pull fails. missing: Pull the image only if it could not be found in the local containers storage. Throw an error if no image could be found and the pull fails. never: Never pull the image but use the one from the local containers storage. Throw an error if no image could be found. newer: Pull if the image on the registry is newer than the one in the local containers storage. An image is considered to be newer when the digests are different. Comparing the time stamps is prone to errors. Pull errors are suppressed if a local image was found. Switching to pull=newer will allow us to keep this image uptodate for users without erroring out if podman cannot check or pull a new image (i.e. we'd keep running the local one) --- scripts/pattern-util.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/pattern-util.sh b/scripts/pattern-util.sh index e02776df..bc833866 100755 --- a/scripts/pattern-util.sh +++ b/scripts/pattern-util.sh @@ -27,7 +27,7 @@ fi # Do not quote the ${KUBECONF_ENV} below, otherwise we will pass '' to podman # which will be confused -podman run -it --rm \ +podman run -it --rm --pull=newer \ --security-opt label=disable \ -e EXTRA_HELM_OPTS \ -e KUBECONFIG \ From c641fded5f60481271559b5cfb6bf29abac507f1 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 2 Oct 2023 19:46:17 +0200 Subject: [PATCH 23/24] Allow imperative to be nil Tested by commenting out the whole `imperative` section in values-hub and deploying MCG. --- clustergroup/templates/imperative/job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clustergroup/templates/imperative/job.yaml b/clustergroup/templates/imperative/job.yaml index b9437c3f..cb092649 100644 --- a/clustergroup/templates/imperative/job.yaml +++ b/clustergroup/templates/imperative/job.yaml @@ -1,6 +1,6 @@ {{- if not (eq .Values.enabled "plumbing") }} {{/* Define this if needed (jobs defined */}} -{{- if (gt (len $.Values.clusterGroup.imperative.jobs) 0) -}} +{{- if (and $.Values.clusterGroup.imperative (gt (len $.Values.clusterGroup.imperative.jobs) 0)) -}} --- apiVersion: batch/v1 kind: CronJob @@ -66,4 +66,4 @@ spec: name: {{ $.Values.clusterGroup.imperative.valuesConfigMap }}-{{ $.Values.clusterGroup.name }} restartPolicy: Never {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 3fffa2937d552c5b1d9816f0e58a782dc806da56 Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Mon, 16 Oct 2023 10:06:10 -0500 Subject: [PATCH 24/24] Update tests for new common --- ...mmon-acm-industrial-edge-hub.expected.yaml | 2 +- ...on-acm-medical-diagnosis-hub.expected.yaml | 2 +- tests/common-acm-normal.expected.yaml | 4 +- ...roup-industrial-edge-factory.expected.yaml | 54 +++-- ...tergroup-industrial-edge-hub.expected.yaml | 126 +++++++---- ...rgroup-medical-diagnosis-hub.expected.yaml | 196 +++++++++++++----- tests/common-clustergroup-naked.expected.yaml | 38 ++-- .../common-clustergroup-normal.expected.yaml | 73 ++++--- ...rets-industrial-edge-factory.expected.yaml | 114 +++++----- ...-secrets-industrial-edge-hub.expected.yaml | 114 +++++----- ...ecrets-medical-diagnosis-hub.expected.yaml | 114 +++++----- ...olang-external-secrets-naked.expected.yaml | 114 +++++----- ...lang-external-secrets-normal.expected.yaml | 114 +++++----- 13 files changed, 662 insertions(+), 403 deletions(-) diff --git a/tests/common-acm-industrial-edge-hub.expected.yaml b/tests/common-acm-industrial-edge-hub.expected.yaml index 444b833c..a474b4e3 100644 --- a/tests/common-acm-industrial-edge-hub.expected.yaml +++ b/tests/common-acm-industrial-edge-hub.expected.yaml @@ -234,7 +234,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: factory - name: clusterGroup.isHubCluster diff --git a/tests/common-acm-medical-diagnosis-hub.expected.yaml b/tests/common-acm-medical-diagnosis-hub.expected.yaml index f79e013b..f54648fe 100644 --- a/tests/common-acm-medical-diagnosis-hub.expected.yaml +++ b/tests/common-acm-medical-diagnosis-hub.expected.yaml @@ -225,7 +225,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: region-one - name: clusterGroup.isHubCluster diff --git a/tests/common-acm-normal.expected.yaml b/tests/common-acm-normal.expected.yaml index 900cc291..0429824d 100644 --- a/tests/common-acm-normal.expected.yaml +++ b/tests/common-acm-normal.expected.yaml @@ -628,7 +628,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: acm-edge - name: clusterGroup.isHubCluster @@ -722,7 +722,7 @@ spec: - name: global.clusterVersion value: '{{ printf "%d.%d" ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Major) ((semver (lookup "operator.openshift.io/v1" "OpenShiftControllerManager" "" "cluster").status.version).Minor) }}' - name: global.clusterPlatform - value: + value: aws - name: clusterGroup.name value: acm-provision-edge - name: clusterGroup.isHubCluster diff --git a/tests/common-clustergroup-industrial-edge-factory.expected.yaml b/tests/common-clustergroup-industrial-edge-factory.expected.yaml index 86e8d51d..7349d26b 100644 --- a/tests/common-clustergroup-industrial-edge-factory.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-factory.expected.yaml @@ -115,6 +115,7 @@ data: - manuela-factory-ml-workspace projects: - factory + sharedValueFiles: [] subscriptions: - channel: stable name: opendatahub-operator @@ -138,6 +139,8 @@ data: cicd: namespace: devsecops-ci clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: PLAINTEXT @@ -383,6 +386,8 @@ kind: Application metadata: name: stormshift namespace: mypattern-factory + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -408,6 +413,8 @@ kind: Application metadata: name: odh namespace: mypattern-factory + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -423,7 +430,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-factory.yaml" + - "/values-factory.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-factory.yaml" + - "/values-4.12-factory.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -436,9 +447,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -463,26 +474,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-industrial-edge-hub.expected.yaml b/tests/common-clustergroup-industrial-edge-hub.expected.yaml index 7787a1a6..c0d078aa 100644 --- a/tests/common-clustergroup-industrial-edge-hub.expected.yaml +++ b/tests/common-clustergroup-industrial-edge-hub.expected.yaml @@ -257,6 +257,7 @@ data: - production-datalake - golang-external-secrets - vault + sharedValueFiles: [] subscriptions: acm: channel: release-2.6 @@ -299,6 +300,8 @@ data: cicd: namespace: devsecops-ci clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: PLAINTEXT @@ -683,6 +686,8 @@ kind: Application metadata: name: acm namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -698,7 +703,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -711,9 +720,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -738,6 +747,8 @@ kind: Application metadata: name: odh namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -753,7 +764,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -766,9 +781,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -784,6 +799,8 @@ kind: Application metadata: name: pipelines namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -799,7 +816,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -812,9 +833,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -830,6 +851,8 @@ kind: Application metadata: name: production-data-lake namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -845,7 +868,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -858,9 +885,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -906,6 +933,8 @@ kind: Application metadata: name: external-secrets namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -921,7 +950,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -934,9 +967,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -952,6 +985,8 @@ kind: Application metadata: name: golang-external-secrets namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -967,7 +1002,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -980,9 +1019,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -998,6 +1037,8 @@ kind: Application metadata: name: manuela-test namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1023,6 +1064,8 @@ kind: Application metadata: name: vault namespace: mypattern-datacenter + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1038,7 +1081,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-datacenter.yaml" + - "/values-datacenter.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-datacenter.yaml" + - "/values-4.12-datacenter.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1051,9 +1098,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1096,26 +1143,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml index 035b7149..1b14514b 100644 --- a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml +++ b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml @@ -260,6 +260,7 @@ data: projects: - hub - medical-diagnosis + sharedValueFiles: [] subscriptions: amq-streams: channel: stable @@ -286,6 +287,8 @@ data: cicd: namespace: devsecops-ci clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: PLAINTEXT @@ -628,6 +631,8 @@ kind: Application metadata: name: golang-external-secrets namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -643,7 +648,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -656,9 +665,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -674,6 +683,8 @@ kind: Application metadata: name: kafdrop namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -689,7 +700,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -702,9 +717,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -720,6 +735,8 @@ kind: Application metadata: name: kafka namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -735,7 +752,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -748,9 +769,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -766,6 +787,8 @@ kind: Application metadata: name: odh namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -781,7 +804,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -794,9 +821,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -812,6 +839,8 @@ kind: Application metadata: name: odf namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -827,7 +856,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -840,9 +873,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -858,6 +891,8 @@ kind: Application metadata: name: serverless namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -873,7 +908,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -886,9 +925,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -904,6 +943,8 @@ kind: Application metadata: name: xraylab-service-account namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -919,7 +960,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -932,9 +977,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -950,6 +995,8 @@ kind: Application metadata: name: vault namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -965,7 +1012,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -978,9 +1029,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1014,6 +1065,8 @@ kind: Application metadata: name: xraylab-database namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1029,7 +1082,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1042,9 +1099,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1060,6 +1117,8 @@ kind: Application metadata: name: xraylab-grafana-dashboards namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1075,7 +1134,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1088,9 +1151,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1106,6 +1169,8 @@ kind: Application metadata: name: xraylab-image-generator namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1121,7 +1186,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1134,9 +1203,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1161,6 +1230,8 @@ kind: Application metadata: name: xraylab-image-server namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1176,7 +1247,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1189,9 +1264,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1216,6 +1291,8 @@ kind: Application metadata: name: xraylab-init namespace: mypattern-hub + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -1231,7 +1308,11 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-hub.yaml" + - "/values-hub.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-hub.yaml" + - "/values-4.12-hub.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -1244,9 +1325,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -1271,26 +1352,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-naked.expected.yaml b/tests/common-clustergroup-naked.expected.yaml index 9499eb5d..75359902 100644 --- a/tests/common-clustergroup-naked.expected.yaml +++ b/tests/common-clustergroup-naked.expected.yaml @@ -61,6 +61,7 @@ data: name: example namespaces: [] projects: [] + sharedValueFiles: [] subscriptions: {} targetCluster: in-cluster enabled: all @@ -270,26 +271,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-clustergroup-normal.expected.yaml b/tests/common-clustergroup-normal.expected.yaml index 7770d9ca..0f4e676b 100644 --- a/tests/common-clustergroup-normal.expected.yaml +++ b/tests/common-clustergroup-normal.expected.yaml @@ -81,6 +81,8 @@ data: path: common/acm project: datacenter pipe: + extraValueFiles: + - /values/4.12/aws.yaml name: pipelines namespace: application-ci path: charts/datacenter/pipelines @@ -175,6 +177,9 @@ data: - excludes-ci projects: - datacenter + sharedValueFiles: + - /values/aws.yaml + - /values/4.12.yaml subscriptions: acm: channel: release-2.4 @@ -195,6 +200,8 @@ data: cicd: namespace: devsecops-ci clusterDomain: region.example.com + clusterPlatform: aws + clusterVersion: "4.12" extraValueFiles: [] git: account: PLAINTEXT @@ -538,6 +545,8 @@ kind: Application metadata: name: acm namespace: mypattern-example + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -553,7 +562,13 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-example.yaml" + - "/values-example.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-example.yaml" + - "/values-4.12-example.yaml" + - "/values/aws.yaml" + - "/values/4.12.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -566,9 +581,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -593,6 +608,8 @@ kind: Application metadata: name: pipelines namespace: mypattern-example + labels: + validatedpatterns.io/pattern: mypattern finalizers: - resources-finalizer.argocd.argoproj.io/foreground spec: @@ -608,7 +625,14 @@ spec: ignoreMissingValueFiles: true valueFiles: - "/values-global.yaml" - - "/values-example.yaml" + - "/values-example.yaml" + - "/values-aws.yaml" + - "/values-aws-4.12.yaml" + - "/values-aws-example.yaml" + - "/values-4.12-example.yaml" + - "/values/aws.yaml" + - "/values/4.12.yaml" + - "/values/4.12/aws.yaml" parameters: - name: global.repoURL value: $ARGOCD_APP_SOURCE_REPO_URL @@ -621,9 +645,9 @@ spec: - name: global.clusterDomain value: region.example.com - name: global.clusterVersion - value: "" + value: "4.12" - name: global.clusterPlatform - value: "" + value: "aws" - name: global.hubClusterDomain value: apps.hub.example.com - name: global.localClusterDomain @@ -888,26 +912,27 @@ metadata: spec: # Adding health checks to argocd to prevent pvc resources # that aren't bound state from blocking deployments - resourceCustomizations: | - PersistentVolumeClaim: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.phase ~= nil then - if obj.status.phase == "Pending" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - elseif obj.status.phase == "Bound" then - hs.status = "Healthy" - hs.message = obj.status.phase - return hs - end + resourceHealthChecks: + - kind: PersistentVolumeClaim + check: | + hs = {} + if obj.status ~= nil then + if obj.status.phase ~= nil then + if obj.status.phase == "Pending" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs + elseif obj.status.phase == "Bound" then + hs.status = "Healthy" + hs.message = obj.status.phase + return hs end end - hs.status = "Progressing" - hs.message = "Waiting for PVC" - return hs + end + hs.status = "Progressing" + hs.message = "Waiting for PVC" + return hs + applicationInstanceLabelKey: argocd.argoproj.io/instance # Not the greatest way to pass git/quay info to sub-applications, but it will do until # we can support helmChart with kustomize diff --git a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml index ce2f17c3..1f2e2925 100644 --- a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -208,7 +208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -632,6 +632,9 @@ spec: - type type: object type: array + externalSecretName: + description: ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret + type: string failedNamespaces: description: Failed namespaces are the namespaces that failed to apply an ExternalSecret items: @@ -674,7 +677,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -3550,7 +3553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -3678,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -4315,7 +4318,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4376,7 +4379,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4484,7 +4487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4562,7 +4565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -4623,6 +4626,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4751,6 +4757,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4782,7 +4791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7658,7 +7667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -8115,10 +8124,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8182,10 +8191,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8291,10 +8300,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -8331,10 +8340,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -8375,10 +8384,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8396,10 +8405,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8416,10 +8425,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8452,10 +8461,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8491,10 +8500,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8512,10 +8521,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -8536,10 +8545,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8551,8 +8560,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller automountServiceAccountToken: true @@ -8566,7 +8578,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - certcontroller @@ -8596,10 +8608,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8611,8 +8623,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets automountServiceAccountToken: true @@ -8626,7 +8641,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -8642,10 +8657,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8657,8 +8672,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: hostNetwork: false serviceAccountName: external-secrets-webhook @@ -8672,7 +8690,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml index c106cd42..7b2b7171 100644 --- a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml +++ b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -208,7 +208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -632,6 +632,9 @@ spec: - type type: object type: array + externalSecretName: + description: ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret + type: string failedNamespaces: description: Failed namespaces are the namespaces that failed to apply an ExternalSecret items: @@ -674,7 +677,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -3550,7 +3553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -3678,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -4315,7 +4318,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4376,7 +4379,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4484,7 +4487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4562,7 +4565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -4623,6 +4626,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4751,6 +4757,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4782,7 +4791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7658,7 +7667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -8115,10 +8124,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8182,10 +8191,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8291,10 +8300,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -8331,10 +8340,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -8375,10 +8384,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8396,10 +8405,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8416,10 +8425,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8452,10 +8461,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8491,10 +8500,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8512,10 +8521,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -8536,10 +8545,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8551,8 +8560,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller automountServiceAccountToken: true @@ -8566,7 +8578,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - certcontroller @@ -8596,10 +8608,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8611,8 +8623,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets automountServiceAccountToken: true @@ -8626,7 +8641,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -8642,10 +8657,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8657,8 +8672,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: hostNetwork: false serviceAccountName: external-secrets-webhook @@ -8672,7 +8690,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml index c106cd42..7b2b7171 100644 --- a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml +++ b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -208,7 +208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -632,6 +632,9 @@ spec: - type type: object type: array + externalSecretName: + description: ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret + type: string failedNamespaces: description: Failed namespaces are the namespaces that failed to apply an ExternalSecret items: @@ -674,7 +677,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -3550,7 +3553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -3678,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -4315,7 +4318,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4376,7 +4379,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4484,7 +4487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4562,7 +4565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -4623,6 +4626,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4751,6 +4757,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4782,7 +4791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7658,7 +7667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -8115,10 +8124,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8182,10 +8191,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8291,10 +8300,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -8331,10 +8340,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -8375,10 +8384,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8396,10 +8405,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8416,10 +8425,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8452,10 +8461,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8491,10 +8500,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8512,10 +8521,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -8536,10 +8545,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8551,8 +8560,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller automountServiceAccountToken: true @@ -8566,7 +8578,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - certcontroller @@ -8596,10 +8608,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8611,8 +8623,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets automountServiceAccountToken: true @@ -8626,7 +8641,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -8642,10 +8657,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8657,8 +8672,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: hostNetwork: false serviceAccountName: external-secrets-webhook @@ -8672,7 +8690,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-naked.expected.yaml b/tests/common-golang-external-secrets-naked.expected.yaml index 01cb5e98..0e02057e 100644 --- a/tests/common-golang-external-secrets-naked.expected.yaml +++ b/tests/common-golang-external-secrets-naked.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -208,7 +208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -632,6 +632,9 @@ spec: - type type: object type: array + externalSecretName: + description: ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret + type: string failedNamespaces: description: Failed namespaces are the namespaces that failed to apply an ExternalSecret items: @@ -674,7 +677,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -3550,7 +3553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -3678,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -4315,7 +4318,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4376,7 +4379,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4484,7 +4487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4562,7 +4565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -4623,6 +4626,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4751,6 +4757,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4782,7 +4791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7658,7 +7667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -8115,10 +8124,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8182,10 +8191,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8291,10 +8300,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -8331,10 +8340,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -8375,10 +8384,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8396,10 +8405,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8416,10 +8425,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8452,10 +8461,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8491,10 +8500,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8512,10 +8521,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -8536,10 +8545,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8551,8 +8560,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller automountServiceAccountToken: true @@ -8566,7 +8578,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - certcontroller @@ -8596,10 +8608,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8611,8 +8623,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets automountServiceAccountToken: true @@ -8626,7 +8641,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -8642,10 +8657,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8657,8 +8672,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: hostNetwork: false serviceAccountName: external-secrets-webhook @@ -8672,7 +8690,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - webhook diff --git a/tests/common-golang-external-secrets-normal.expected.yaml b/tests/common-golang-external-secrets-normal.expected.yaml index c106cd42..7b2b7171 100644 --- a/tests/common-golang-external-secrets-normal.expected.yaml +++ b/tests/common-golang-external-secrets-normal.expected.yaml @@ -6,10 +6,10 @@ metadata: name: external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml @@ -19,10 +19,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml @@ -32,10 +32,10 @@ metadata: name: external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm --- # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml @@ -45,10 +45,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook --- @@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -208,7 +208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -632,6 +632,9 @@ spec: - type type: object type: array + externalSecretName: + description: ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret + type: string failedNamespaces: description: Failed namespaces are the namespaces that failed to apply an ExternalSecret items: @@ -674,7 +677,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -3550,7 +3553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -3678,7 +3681,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -4315,7 +4318,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4376,7 +4379,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4484,7 +4487,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -4562,7 +4565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -4623,6 +4626,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4751,6 +4757,9 @@ spec: - remoteRef - secretKey type: object + metadata: + description: Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. + x-kubernetes-preserve-unknown-fields: true required: - match type: object @@ -4782,7 +4791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7658,7 +7667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -8115,10 +8124,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8182,10 +8191,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8291,10 +8300,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-view labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -8331,10 +8340,10 @@ kind: ClusterRole metadata: name: common-golang-external-secrets-edit labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -8375,10 +8384,10 @@ metadata: name: common-golang-external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8396,10 +8405,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8416,10 +8425,10 @@ kind: ClusterRoleBinding metadata: name: common-golang-external-secrets-controller labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8452,10 +8461,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm rules: - apiGroups: @@ -8491,10 +8500,10 @@ metadata: name: common-golang-external-secrets-leaderelection namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -8512,10 +8521,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: @@ -8536,10 +8545,10 @@ metadata: name: common-golang-external-secrets-cert-controller namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8551,8 +8560,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller automountServiceAccountToken: true @@ -8566,7 +8578,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - certcontroller @@ -8596,10 +8608,10 @@ metadata: name: common-golang-external-secrets namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8611,8 +8623,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: common-golang-external-secrets automountServiceAccountToken: true @@ -8626,7 +8641,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - --concurrent=1 @@ -8642,10 +8657,10 @@ metadata: name: common-golang-external-secrets-webhook namespace: "default" labels: - helm.sh/chart: external-secrets-0.9.4 + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets - app.kubernetes.io/version: "v0.9.4" + app.kubernetes.io/version: "v0.9.5" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -8657,8 +8672,11 @@ spec: template: metadata: labels: + helm.sh/chart: external-secrets-0.9.5 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: common-golang-external-secrets + app.kubernetes.io/version: "v0.9.5" + app.kubernetes.io/managed-by: Helm spec: hostNetwork: false serviceAccountName: external-secrets-webhook @@ -8672,7 +8690,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "ghcr.io/external-secrets/external-secrets:v0.9.4-ubi" + image: "ghcr.io/external-secrets/external-secrets:v0.9.5-ubi" imagePullPolicy: IfNotPresent args: - webhook