From 44021ec21e6207b2d137aed9982b94e13728c0cc Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Wed, 7 Aug 2024 14:50:01 -0400 Subject: [PATCH 01/77] feat: platform mode and global sdk configuration support --- charts/platform/README.md | 17 ++++++++----- charts/platform/templates/_helpers.tpl | 9 +++++++ charts/platform/templates/config.yaml | 11 ++++++++- charts/platform/templates/deployment.yaml | 7 ++++++ charts/platform/values.yaml | 29 ++++++++++++++++------- 5 files changed, 58 insertions(+), 15 deletions(-) diff --git a/charts/platform/README.md b/charts/platform/README.md index 9e269d4..e4d55b9 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -1,6 +1,6 @@ # platform -![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square) +![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: nightly](https://img.shields.io/badge/AppVersion-nightly-informational?style=flat-square) A Helm Chart for OpenTDF Platform @@ -285,6 +285,7 @@ realms: | logger.level | string | `"info"` | The platform log level ( debug, info, warn, error ) | | logger.output | string | `"stdout"` | The platform log output | | logger.type | string | `"json"` | The platform log format ( json, text ) | +| mode | string | `"all"` | Mode defines the set of services to run (all, core, kas). Example mode: core,kas | | nameOverride | string | `""` | Overrides the chart name | | nodeSelector | object | `{}` | Target specific nodes in the cluster | | playground | bool | `false` | | @@ -302,6 +303,13 @@ realms: | postgresql.tls.enabled | bool | `true` | | | replicaCount | int | `1` | The number of Platform pods to run | | resources | object | `{}` | Resources to allocate to the container | +| sdk_config.clientid | string | `""` | Oauth2 Client Id | +| sdk_config.clientsecret | string | `""` | Oauth2 Client Secret | +| sdk_config.endpoint | string | `""` | The core platform endpoint | +| sdk_config.existingSecret | object | `{"key":"","name":""}` | Oauth2 Client Secret Kubernetes Secret | +| sdk_config.existingSecret.key | string | `""` | The key in the secret containing the client secret | +| sdk_config.existingSecret.name | string | `""` | The kubernetes secret containing the client secret | +| sdk_config.plaintext | bool | `false` | Plaintext Insecure Connection | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | The container security context (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | server.auth.audience | string | `"http://localhost:8080"` | Audience of provided by the identity provider | | server.auth.issuer | string | `"http://platform-keycloak/realms/opentdf"` | Identity provider issuer | @@ -331,20 +339,17 @@ realms: | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| services.authorization.clientid | string | `nil` | Client id for the external entity store | +| services.authorization.clientid | string | `nil` | Deprecated Client id for the external entity store | | services.authorization.clientsecret | string | `nil` | Client secret for the external entity store | -| services.authorization.enabled | bool | `true` | Authorization service enabled | | services.authorization.ersurl | string | `"http://localhost:9000/entityresolution/resolve"` | External entity store (currently only keycloak is supported) | | services.authorization.tokenendpoint | string | `nil` | Oauth2 Server Token Endpoint | | services.entityresolution.clientid | string | `nil` | Client Id for Entity Resolver | | services.entityresolution.clientsecret | string | `nil` | Client Secret for Entity Resolver | -| services.entityresolution.enabled | bool | `false` | Entity Resolver service enabled | | services.entityresolution.realm | string | `nil` | Entity Resolver Realm | | services.entityresolution.subgroups | bool | `false` | Subgroups | | services.entityresolution.url | string | `nil` | Identity Provider Entity Resolver | | services.extraServices | object | `{}` | Additional services | -| services.kas.config | object | `{"enabled":true,"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]}` | KAS service Configuration as yaml | -| services.kas.config.enabled | bool | `true` | KAS service enabled | +| services.kas.config | object | `{"keyring":[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]}` | KAS service Configuration as yaml | | services.kas.config.keyring | list | `[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]` | Default keys for clients to use | | services.kas.privateKeysSecret | string | `"kas-private-keys"` | KAS secret containing keys kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem | | tolerations | list | `[]` | Tolerations to apply to the pod (https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl index 4e84b55..edbee58 100644 --- a/charts/platform/templates/_helpers.tpl +++ b/charts/platform/templates/_helpers.tpl @@ -73,4 +73,13 @@ Create the name of the service account to use {{- define "platform.envVarPrefix" -}} {{- printf "%s" ( .Values.configFileKey | default "opentdf" | upper ) }} +{{- end -}} + +{{- define "sdk_config.validate" -}} +{{- if and (not .Values.sdk_config.clientsecret) (not .Values.sdk_config.existingSecret.name) (not .Values.sdk_config.existingSecret.key) }} +{{- fail "You must set either clientsecret and existingSecret." }} +{{- end -}} +{{- if and ( .Values.sdk_config.clientsecret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}} +{{- fail "You cannot set both clientsecret and existingSecret." }} +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/platform/templates/config.yaml b/charts/platform/templates/config.yaml index 2e33250..2475500 100644 --- a/charts/platform/templates/config.yaml +++ b/charts/platform/templates/config.yaml @@ -1,3 +1,4 @@ +{{ include "sdk_config.validate" . }} apiVersion: v1 kind: ConfigMap metadata: @@ -12,6 +13,14 @@ data: db: {{- omit .Values.db "password" | toYaml | nindent 6 }} password: # loaded from env + mode: {{ .Values.mode | quote }} + sdk_config: + endpoint: {{ .Values.sdk_config.endpoint | quote }} + plaintext: {{ .Values.sdk_config.plaintext }} + clientid: {{ .Values.sdk_config.clientid | quote }} + {{- if .Values.sdk_config.clientsecret }} + clientsecret: {{ .Values.sdk_config.clientsecret | quote }} + {{- end }} services: entityresolution: {{- .Values.services.entityresolution | toYaml | nindent 8 }} @@ -47,4 +56,4 @@ data: enabled: true {{- .Values.server.auth | toYaml | nindent 8 }} cryptoProvider: - {{- .Values.server.cryptoProvider | toYaml | nindent 8 }} + {{- .Values.server.cryptoProvider | toYaml | nindent 8 }} \ No newline at end of file diff --git a/charts/platform/templates/deployment.yaml b/charts/platform/templates/deployment.yaml index aace93f..a47fdb4 100644 --- a/charts/platform/templates/deployment.yaml +++ b/charts/platform/templates/deployment.yaml @@ -88,6 +88,13 @@ spec: secretKeyRef: name: {{ .Values.db.password.secret.name }} key: {{ .Values.db.password.secret.key }} + {{- if and .Values.sdk_config.existingSecret.name .Values.sdk_config.existingSecret.key }} + - name: {{include "platform.envVarPrefix" .}}_SDK_CONFIG_CLIENTSECRET + valueFrom: + secretKeyRef: + name: {{ .Values.sdk_config.existingSecret.name }} + key: {{ .Values.sdk_config.existingSecret.key }} + {{- end }} {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 5049290..19f5c94 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -270,10 +270,28 @@ server: alg: ec:secp256r1 private: /etc/platform/kas/kas-ec-private.pem cert: /etc/platform/kas/kas-ec-cert.pem + +# -- Mode defines the set of services to run (all, core, kas). Example mode: core,kas +mode: all + +sdk_config: + # -- The core platform endpoint + endpoint: "" + # -- Plaintext Insecure Connection + plaintext: false + # -- Oauth2 Client Id + clientid: "" + # -- Oauth2 Client Secret + clientsecret: "" + # -- Oauth2 Client Secret Kubernetes Secret + existingSecret: + # -- The kubernetes secret containing the client secret + name: "" + # -- The key in the secret containing the client secret + key: "" + services: entityresolution: - # -- Entity Resolver service enabled - enabled: false # -- Identity Provider Entity Resolver url: # -- Client Id for Entity Resolver @@ -288,8 +306,6 @@ services: kas: # -- KAS service Configuration as yaml config: - # -- KAS service enabled - enabled: true # -- Default keys for clients to use keyring: - kid: e1 @@ -300,11 +316,9 @@ services: # kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem privateKeysSecret: kas-private-keys authorization: - # -- Authorization service enabled - enabled: true # -- External entity store (currently only keycloak is supported) ersurl: http://localhost:9000/entityresolution/resolve - # -- Client id for the external entity store + # -- Deprecated Client id for the external entity store clientid: # -- Client secret for the external entity store clientsecret: @@ -318,7 +332,6 @@ services: extraServices: {} # -- Example of extra service # myservice: - # enabled: true # url: http://localhost:8080 ############################################# From 5f1fab962598dcd56f8d2ff623e2ffa563c23458 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 10:28:30 -0400 Subject: [PATCH 02/77] add initial basic unit tests via terratest --- .github/workflows/checks.yaml | 15 ++ charts/platform/templates/_helpers.tpl | 4 +- tests/go.mod | 86 ++++++++ tests/go.sum | 272 +++++++++++++++++++++++++ tests/helm_platform_template_test.go | 95 +++++++++ tests/main_test.go | 7 + 6 files changed, 477 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/checks.yaml create mode 100644 tests/go.mod create mode 100644 tests/go.sum create mode 100644 tests/helm_platform_template_test.go create mode 100644 tests/main_test.go diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml new file mode 100644 index 0000000..d225928 --- /dev/null +++ b/.github/workflows/checks.yaml @@ -0,0 +1,15 @@ +name: Helm Chart Checks + +on: + pull_request: + branches: + - main + +jobs: + unit: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + - run: go test ./ + working-directory: tests \ No newline at end of file diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl index edbee58..8225cd1 100644 --- a/charts/platform/templates/_helpers.tpl +++ b/charts/platform/templates/_helpers.tpl @@ -77,9 +77,9 @@ Create the name of the service account to use {{- define "sdk_config.validate" -}} {{- if and (not .Values.sdk_config.clientsecret) (not .Values.sdk_config.existingSecret.name) (not .Values.sdk_config.existingSecret.key) }} -{{- fail "You must set either clientsecret and existingSecret." }} +{{- fail "You must set either clientsecret and existingSecret in sdk_config." }} {{- end -}} {{- if and ( .Values.sdk_config.clientsecret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}} -{{- fail "You cannot set both clientsecret and existingSecret." }} +{{- fail "You cannot set both clientsecret and existingSecret in sdk_config." }} {{- end -}} {{- end -}} \ No newline at end of file diff --git a/tests/go.mod b/tests/go.mod new file mode 100644 index 0000000..377cc3d --- /dev/null +++ b/tests/go.mod @@ -0,0 +1,86 @@ +module github.com/opentdf/charts/tests + +go 1.22.5 + +require ( + github.com/gruntwork-io/terratest v0.47.0 + github.com/stretchr/testify v1.9.0 +) + +require ( + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/ghodss/yaml v1.0.0 // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-logr/logr v1.2.4 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-multierror v1.1.0 // indirect + github.com/homeport/dyff v1.6.0 // indirect + github.com/imdario/mergo v0.3.11 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect + github.com/moby/spdystream v0.2.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pquerna/otp v1.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/texttheater/golang-levenshtein v1.0.1 // indirect + github.com/urfave/cli v1.22.2 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sync v0.4.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.28.4 // indirect + k8s.io/apimachinery v0.28.4 // indirect + k8s.io/client-go v0.28.4 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) diff --git a/tests/go.sum b/tests/go.sum new file mode 100644 index 0000000..7778643 --- /dev/null +++ b/tests/go.sum @@ -0,0 +1,272 @@ +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= +github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= +github.com/gruntwork-io/terratest v0.47.0 h1:xIy1pT7NbGVlMLDZEHl3+3iSnvffh8tN2pL6idn448c= +github.com/gruntwork-io/terratest v0.47.0/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= +github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= +github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= +github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= +github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/tests/helm_platform_template_test.go b/tests/helm_platform_template_test.go new file mode 100644 index 0000000..41644ae --- /dev/null +++ b/tests/helm_platform_template_test.go @@ -0,0 +1,95 @@ +package test + +import ( + "path/filepath" + "strings" + "testing" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/gruntwork-io/terratest/modules/random" + "github.com/stretchr/testify/suite" + appv1 "k8s.io/api/apps/v1" +) + +type PlatformChartTemplateSuite struct { + suite.Suite +} + +func TestPlatformChartTemplateSuite(t *testing.T) { + suite.Run(t, new(PlatformChartTemplateSuite)) +} + +func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { + + helmChartPath, err := filepath.Abs("../charts/platform") + suite.Require().NoError(err) + + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "sdk_config.clientsecret": "test", + }, + } + + output, err := helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{"templates/deployment.yaml"}) + suite.Require().NoError(err) + + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + suite.Require().Equal(deployment.Name, releaseName+"-platform") + suite.Require().Len(deployment.Spec.Template.Spec.Containers, 1) + suite.Require().Equal(deployment.Spec.Template.Spec.Containers[0].Image, "registry.opentdf.io/platform:latest") +} + +func (suite *PlatformChartTemplateSuite) Test_Empty_SDK_Config_Client_Secret_AND_Existing_Secret_Expect_Error() { + + helmChartPath, err := filepath.Abs("../charts/platform") + suite.Require().NoError(err) + + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + }, + } + + _, err = helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{}) + suite.Require().Error(err) + suite.Require().ErrorContains(err, "You must set either clientsecret and existingSecret in sdk_config.") + +} + +func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_Existing_Secret_Expect_Error() { + + helmChartPath, err := filepath.Abs("../charts/platform") + suite.Require().NoError(err) + + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "sdk_config.clientsecret": "test", + "sdk_config.existingSecret.name": "test", + "sdk_config.existingSecret.key": "test", + }, + } + + _, err = helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{}) + suite.Require().Error(err) + suite.Require().ErrorContains(err, "You cannot set both clientsecret and existingSecret in sdk_config.") +} diff --git a/tests/main_test.go b/tests/main_test.go new file mode 100644 index 0000000..232a8c6 --- /dev/null +++ b/tests/main_test.go @@ -0,0 +1,7 @@ +package test + +import "testing" + +func TestMain(m *testing.M) { + m.Run() +} From 986349ad0d5bd01b80ebd1f5aa9c863b2f46ce8b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 10:44:56 -0400 Subject: [PATCH 03/77] fix kubeconform tests --- ...tform_template_test.go => chart_platform_template_test.go} | 0 tests/kubeconform/sdk_config_clientsecret-values.yaml | 2 ++ tests/kubeconform/sdk_config_existing_secret-values.yaml | 4 ++++ 3 files changed, 6 insertions(+) rename tests/{helm_platform_template_test.go => chart_platform_template_test.go} (100%) create mode 100644 tests/kubeconform/sdk_config_clientsecret-values.yaml create mode 100644 tests/kubeconform/sdk_config_existing_secret-values.yaml diff --git a/tests/helm_platform_template_test.go b/tests/chart_platform_template_test.go similarity index 100% rename from tests/helm_platform_template_test.go rename to tests/chart_platform_template_test.go diff --git a/tests/kubeconform/sdk_config_clientsecret-values.yaml b/tests/kubeconform/sdk_config_clientsecret-values.yaml new file mode 100644 index 0000000..880f579 --- /dev/null +++ b/tests/kubeconform/sdk_config_clientsecret-values.yaml @@ -0,0 +1,2 @@ +sdk_config: + clientsecret: "clientSecret" \ No newline at end of file diff --git a/tests/kubeconform/sdk_config_existing_secret-values.yaml b/tests/kubeconform/sdk_config_existing_secret-values.yaml new file mode 100644 index 0000000..ec9a6a8 --- /dev/null +++ b/tests/kubeconform/sdk_config_existing_secret-values.yaml @@ -0,0 +1,4 @@ +sdk_config: + existingSecret: + name: "existingSecret" + key: "key" \ No newline at end of file From f0de5428a81b3dea425de913ba86a1aec07528c3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:05:12 -0400 Subject: [PATCH 04/77] setup k3d --- .github/workflows/checks.yaml | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index d225928..2c863bb 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -6,10 +6,37 @@ on: - main jobs: - unit: + platform_unit: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 - run: go test ./ - working-directory: tests \ No newline at end of file + working-directory: tests + platform_integration: + strategy: + matrix: + k3s_image: ["latest", "v1.28.12-k3s1","v1.27.16-k3s1","v1.26.15-k3s1"] + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + - name: "Install mkcert" + run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a + - name: "Download k3d" + id: "download-k3d" + env: + K3D_VERSION: "v5.7.3" + K3D_SHA256SUM: "0fe23b8c0a151e9c41d16f9d861be26df65e5ab7f35115424220aad5a83c566b" + run: + curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" + echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict + chmod +x k3d-linux-amd64 + mv ./k3d-linux-amd64 "$HOME/.local/bin/k3d" + + k3d version + - name: "Create k3d cluster" + id: "create-k3d-cluster" + run: | + echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts + k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s \ No newline at end of file From b5e5d14ff4f321db7b06747cde6f1e5c3e578e2b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:06:34 -0400 Subject: [PATCH 05/77] shell bash --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 2c863bb..6da5b7d 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -25,6 +25,7 @@ jobs: run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a - name: "Download k3d" id: "download-k3d" + shell: bash env: K3D_VERSION: "v5.7.3" K3D_SHA256SUM: "0fe23b8c0a151e9c41d16f9d861be26df65e5ab7f35115424220aad5a83c566b" From 0bd83af5d987f87df6a4bae1b246580cb05438f1 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:07:39 -0400 Subject: [PATCH 06/77] fix run cmd --- .github/workflows/checks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 6da5b7d..90d3574 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -29,7 +29,7 @@ jobs: env: K3D_VERSION: "v5.7.3" K3D_SHA256SUM: "0fe23b8c0a151e9c41d16f9d861be26df65e5ab7f35115424220aad5a83c566b" - run: + run: | curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict chmod +x k3d-linux-amd64 From 6a06e4443ce279018d9c3d2ad7b99a76173ea0aa Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:08:49 -0400 Subject: [PATCH 07/77] list files --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 90d3574..6c6bd65 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -33,6 +33,7 @@ jobs: curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict chmod +x k3d-linux-amd64 + ls -alh mv ./k3d-linux-amd64 "$HOME/.local/bin/k3d" k3d version From c1dad7e1f7b1c3d194237ad7c34696fccbaa40f8 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:10:16 -0400 Subject: [PATCH 08/77] check home dir --- .github/workflows/checks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 6c6bd65..277f06f 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -33,7 +33,7 @@ jobs: curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict chmod +x k3d-linux-amd64 - ls -alh + ls -alh $HOME/ mv ./k3d-linux-amd64 "$HOME/.local/bin/k3d" k3d version From acafd41b7ee07a8ea3f72fc8782b778d0d508e1e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:11:23 -0400 Subject: [PATCH 09/77] local dir --- .github/workflows/checks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 277f06f..93e518b 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -33,7 +33,7 @@ jobs: curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict chmod +x k3d-linux-amd64 - ls -alh $HOME/ + ls -alh $HOME/.local mv ./k3d-linux-amd64 "$HOME/.local/bin/k3d" k3d version From 3baf1fb04056e0a70052a74a89c09cd9a24ceaba Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:13:14 -0400 Subject: [PATCH 10/77] create bin dir --- .github/workflows/checks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 93e518b..38330d6 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -33,7 +33,7 @@ jobs: curl -sSLO "https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64" echo "${K3D_SHA256SUM} k3d-linux-amd64" | sha256sum -c --quiet --strict chmod +x k3d-linux-amd64 - ls -alh $HOME/.local + mkdir -p $HOME/.local/bin mv ./k3d-linux-amd64 "$HOME/.local/bin/k3d" k3d version From cce93d660576896fd82e86ad1d869ea9cbe91fe3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:14:53 -0400 Subject: [PATCH 11/77] where am i --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 38330d6..da29bd8 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -41,4 +41,5 @@ jobs: id: "create-k3d-cluster" run: | echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts + ls -alh k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s \ No newline at end of file From 3695d7beea7f6d378963f158b56dec8cddbdb5a6 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 11:15:44 -0400 Subject: [PATCH 12/77] commit k3d config --- .github/k3d-config.yaml | 48 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/k3d-config.yaml diff --git a/.github/k3d-config.yaml b/.github/k3d-config.yaml new file mode 100644 index 0000000..dad7423 --- /dev/null +++ b/.github/k3d-config.yaml @@ -0,0 +1,48 @@ +# k3d configuration file, saved as e.g. /home/me/myk3dcluster.yaml +apiVersion: k3d.io/v1alpha5 # this will change in the future as we make everything more stable +kind: Simple # internally, we also have a Cluster config, which is not yet available externally +metadata: + name: cluster # name that you want to give to your cluster (will still be prefixed with `k3d-`) +# servers: 1 # same as `--servers 1` +# agents: 2 # same as `--agents 2` +kubeAPI: # same as `--api-port myhost.my.domain:6445` (where the name would resolve to 127.0.0.1) + hostIP: "0.0.0.0" # where the Kubernetes API will be listening on + hostPort: "6445" # where the Kubernetes API listening port will be mapped to on your host system +ports: + - port: 80:80 # same as `--port '8080:80@loadbalancer'` + nodeFilters: + - loadbalancer + - port: 443:443 # same as `--port '8080:80@loadbalancer'` + nodeFilters: + - loadbalancer +hostAliases: # /etc/hosts style entries to be injected into /etc/hosts in the node containers and in the NodeHosts section in CoreDNS + - ip: 172.18.0.1 + hostnames: + - keycloak.opentdf.local +registries: # define how registries should be created or used + create: # creates a default registry to be used with the cluster; same as `--registry-create registry.localhost` + name: k3d.registry + host: "0.0.0.0" + hostPort: "5000" + # define contents of the `registries.yaml` file (or reference a file); same as `--registry-config /path/to/config.yaml` + config: | + mirrors: + "k3d.registry:5000": + endpoint: + - http://k3d.registry:5000 +options: + k3d: # k3d runtime settings + wait: true # wait for cluster to be usable before returning; same as `--wait` (default: true) + timeout: "60s" # wait timeout before aborting; same as `--timeout 60s` + k3s: # options passed on to K3s itself + extraArgs: # additional arguments passed to the `k3s server|agent` command; same as `--k3s-arg` + # - arg: "--disable=traefik" + # nodeFilters: + # - server:* + - arg: "--prefer-bundled-bin" + nodeFilters: + - server:* + - agent:* + kubeconfig: + updateDefaultKubeconfig: true # add new cluster to your default Kubeconfig; same as `--kubeconfig-update-default` (default: true) + switchCurrentContext: true # also set current-context to the new cluster's context; same as `--kubeconfig-switch-context` (default: true) \ No newline at end of file From b528cf20b5bd0f093ad201af411a495f0ba15c67 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 12:09:50 -0400 Subject: [PATCH 13/77] try spinning up plat --- .github/workflows/checks.yaml | 7 +-- tests/chart_platform_integration_test.go | 63 ++++++++++++++++++++++++ tests/chart_platform_template_test.go | 27 +++++----- 3 files changed, 79 insertions(+), 18 deletions(-) create mode 100644 tests/chart_platform_integration_test.go diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index da29bd8..60ac7f0 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -11,7 +11,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 - - run: go test ./ + - run: go test -short ./ working-directory: tests platform_integration: strategy: @@ -41,5 +41,6 @@ jobs: id: "create-k3d-cluster" run: | echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts - ls -alh - k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s \ No newline at end of file + k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s + - run: go test ./tests + working-directory: tests \ No newline at end of file diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go new file mode 100644 index 0000000..47183ea --- /dev/null +++ b/tests/chart_platform_integration_test.go @@ -0,0 +1,63 @@ +package test + +import ( + "fmt" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/gruntwork-io/terratest/modules/random" + "github.com/stretchr/testify/suite" +) + +type PlatformChartIntegrationSuite struct { + suite.Suite + chartPath string +} + +func TestPlatformChartIntegrationSuite(t *testing.T) { + if testing.Short() { + t.Skip("skipping platform integration test in short mode.") + } + suite.Run(t, new(PlatformChartIntegrationSuite)) +} + +func (suite *PlatformChartIntegrationSuite) SetupTest() { + path, err := filepath.Abs("../charts/platform") + suite.Require().NoError(err) + suite.chartPath = path +} + +func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { + namespaceName := fmt.Sprintf("opentdf-%s", strings.ToLower(random.UniqueId())) + releaseName := "basic" + + // Setup the kubectl config and context. Here we choose to use the defaults, which is: + // - HOME/.kube/config for the kubectl config file + // - Current context of the kubectl config file + kubectlOptions := k8s.NewKubectlOptions("", "", namespaceName) + + k8s.CreateNamespace(suite.T(), kubectlOptions, namespaceName) + + defer k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) + + options := &helm.Options{ + KubectlOptions: kubectlOptions, + SetValues: map[string]string{ + "sdk_config.clientsecret": "test", + "playground": "true", + }, + } + + defer helm.Delete(suite.T(), options, releaseName, true) + + helm.Install(suite.T(), options, suite.chartPath, releaseName) + + serviceName := fmt.Sprintf("%s-platform", releaseName) + + k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, serviceName, 10, 1*time.Second) + +} diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index 41644ae..d772ffd 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -14,17 +14,23 @@ import ( type PlatformChartTemplateSuite struct { suite.Suite + chartPath string } func TestPlatformChartTemplateSuite(t *testing.T) { + if !testing.Short() { + t.Skip("skipping platform template test not in short mode.") + } suite.Run(t, new(PlatformChartTemplateSuite)) } -func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { - - helmChartPath, err := filepath.Abs("../charts/platform") +func (suite *PlatformChartTemplateSuite) SetupTest() { + path, err := filepath.Abs("../charts/platform") suite.Require().NoError(err) + suite.chartPath = path +} +func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { releaseName := "basic" namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) @@ -37,8 +43,7 @@ func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { }, } - output, err := helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{"templates/deployment.yaml"}) - suite.Require().NoError(err) + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) var deployment appv1.Deployment helm.UnmarshalK8SYaml(suite.T(), output, &deployment) @@ -49,10 +54,6 @@ func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { } func (suite *PlatformChartTemplateSuite) Test_Empty_SDK_Config_Client_Secret_AND_Existing_Secret_Expect_Error() { - - helmChartPath, err := filepath.Abs("../charts/platform") - suite.Require().NoError(err) - releaseName := "basic" namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) @@ -64,17 +65,13 @@ func (suite *PlatformChartTemplateSuite) Test_Empty_SDK_Config_Client_Secret_AND }, } - _, err = helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{}) + _, err := helm.RenderTemplateE(suite.T(), options, suite.chartPath, releaseName, []string{}) suite.Require().Error(err) suite.Require().ErrorContains(err, "You must set either clientsecret and existingSecret in sdk_config.") } func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_Existing_Secret_Expect_Error() { - - helmChartPath, err := filepath.Abs("../charts/platform") - suite.Require().NoError(err) - releaseName := "basic" namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) @@ -89,7 +86,7 @@ func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_E }, } - _, err = helm.RenderTemplateE(suite.T(), options, helmChartPath, releaseName, []string{}) + _, err := helm.RenderTemplateE(suite.T(), options, suite.chartPath, releaseName, []string{}) suite.Require().Error(err) suite.Require().ErrorContains(err, "You cannot set both clientsecret and existingSecret in sdk_config.") } From a953a3b3e015e7b835fd08f46435b2adc31cfc1c Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 14:37:57 -0400 Subject: [PATCH 14/77] generate kas private keys --- .github/workflows/checks.yaml | 3 +- tests/chart_platform_integration_test.go | 17 ++++++++ tests/util.go | 54 ++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 tests/util.go diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 60ac7f0..a31bd7d 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -21,6 +21,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a - name: "Download k3d" @@ -42,5 +43,5 @@ jobs: run: | echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s - - run: go test ./tests + - run: go test ./ working-directory: tests \ No newline at end of file diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 47183ea..cc30854 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -54,6 +54,23 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { defer helm.Delete(suite.T(), options, releaseName, true) + // Generate KAS Keys + privECKey, pubECKey, err := generateKasECDHKeyPair() + suite.Require().NoError(err) + privRSAKey, pubRSAKey, err := generateKasRSAKeyPair() + suite.Require().NoError(err) + + k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "generic", "kas-private-keys", + fmt.Sprintf("--from-literal=kas-ec-private.pem=%s", string(privECKey)), + fmt.Sprintf("--from-literal=kas-ec-cert.pem=%s", string(pubECKey)), + fmt.Sprintf("--from-literal=kas-private.pem=%s", string(privRSAKey)), + fmt.Sprintf("--from-literal=kas-cert.pem=%s", string(pubRSAKey)), + ) + + kasSecret := k8s.GetSecret(suite.T(), kubectlOptions, "kas-private-keys") + + suite.Require().Equal(kasSecret.Data["kas-ec-private.pem"], privECKey) + helm.Install(suite.T(), options, suite.chartPath, releaseName) serviceName := fmt.Sprintf("%s-platform", releaseName) diff --git a/tests/util.go b/tests/util.go new file mode 100644 index 0000000..2fc9ed6 --- /dev/null +++ b/tests/util.go @@ -0,0 +1,54 @@ +package test + +import ( + "crypto/ecdh" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" +) + +func generateKasRSAKeyPair() ([]byte, []byte, error) { + privKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, nil, err + } + + pubKey := privKey.PublicKey + + privKeyPEM := pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(privKey), + }, + ) + + pubKeyPEM, err := x509.MarshalPKIXPublicKey(&pubKey) + if err != nil { + return nil, nil, err + } + + return privKeyPEM, pubKeyPEM, nil +} + +func generateKasECDHKeyPair() ([]byte, []byte, error) { + privKey, err := ecdh.P256().GenerateKey(rand.Reader) + if err != nil { + return nil, nil, err + } + + pubKey := privKey.PublicKey() + + privKeyPEM := pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: privKey.Bytes(), + } + + pubKeyPEM, err := x509.MarshalPKIXPublicKey(&pubKey) + if err != nil { + return nil, nil, err + } + + return pem.EncodeToMemory(&privKeyPEM), pubKeyPEM, nil + +} From ff79764106e9ff96a5c40b8b35d194c60ea46882 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 14:42:54 -0400 Subject: [PATCH 15/77] fix pubKey pointer --- .github/workflows/checks.yaml | 6 ++++++ tests/util.go | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index a31bd7d..ac61821 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -11,6 +11,9 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + with: + cache-dependency-path: | + tests/go.sum - run: go test -short ./ working-directory: tests platform_integration: @@ -21,6 +24,9 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 + with: + cache-dependency-path: | + tests/go.sum - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a diff --git a/tests/util.go b/tests/util.go index 2fc9ed6..30443cf 100644 --- a/tests/util.go +++ b/tests/util.go @@ -44,7 +44,7 @@ func generateKasECDHKeyPair() ([]byte, []byte, error) { Bytes: privKey.Bytes(), } - pubKeyPEM, err := x509.MarshalPKIXPublicKey(&pubKey) + pubKeyPEM, err := x509.MarshalPKIXPublicKey(pubKey) if err != nil { return nil, nil, err } From 5f102932380661a8832842f7b4246c91f671aa9e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 14:49:10 -0400 Subject: [PATCH 16/77] pem encode --- tests/util.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/util.go b/tests/util.go index 30443cf..47ed645 100644 --- a/tests/util.go +++ b/tests/util.go @@ -23,11 +23,18 @@ func generateKasRSAKeyPair() ([]byte, []byte, error) { }, ) - pubKeyPEM, err := x509.MarshalPKIXPublicKey(&pubKey) + pk, err := x509.MarshalPKIXPublicKey(&pubKey) if err != nil { return nil, nil, err } + pubKeyPEM := pem.EncodeToMemory( + &pem.Block{ + Type: "PUBLIC KEY", + Bytes: pk, + }, + ) + return privKeyPEM, pubKeyPEM, nil } @@ -44,11 +51,16 @@ func generateKasECDHKeyPair() ([]byte, []byte, error) { Bytes: privKey.Bytes(), } - pubKeyPEM, err := x509.MarshalPKIXPublicKey(pubKey) + pk, err := x509.MarshalPKIXPublicKey(pubKey) if err != nil { return nil, nil, err } + pubKeyPEM := pem.EncodeToMemory(&pem.Block{ + Type: "PUBLIC KEY", + Bytes: pk, + }) + return pem.EncodeToMemory(&privKeyPEM), pubKeyPEM, nil } From 63782bbd7929f57d96698ee988f378ea4e5150dc Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 14:56:20 -0400 Subject: [PATCH 17/77] list pods --- tests/chart_platform_integration_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index cc30854..0080a7a 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -11,6 +11,7 @@ import ( "github.com/gruntwork-io/terratest/modules/k8s" "github.com/gruntwork-io/terratest/modules/random" "github.com/stretchr/testify/suite" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type PlatformChartIntegrationSuite struct { @@ -77,4 +78,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, serviceName, 10, 1*time.Second) + pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) + //suite.Require().Len(pods,4) + for _, pod := range pods { + suite.Require().Equal(pod.Status.Phase, "Running") + } } From a81cca1c3da92da37a3d294f2f7c421d6492b3b8 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:05:25 -0400 Subject: [PATCH 18/77] check pod running --- tests/chart_platform_integration_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 0080a7a..2eab17c 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -11,6 +11,7 @@ import ( "github.com/gruntwork-io/terratest/modules/k8s" "github.com/gruntwork-io/terratest/modules/random" "github.com/stretchr/testify/suite" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -81,6 +82,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) //suite.Require().Len(pods,4) for _, pod := range pods { - suite.Require().Equal(pod.Status.Phase, "Running") + suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) } } From d3c5a73595e905895bfae21dbf2a311ae7867b09 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:12:38 -0400 Subject: [PATCH 19/77] should have 3 pods --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 2eab17c..50f2629 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -80,7 +80,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, serviceName, 10, 1*time.Second) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) - //suite.Require().Len(pods,4) + suite.Require().Len(pods, 3) for _, pod := range pods { suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) } From e6564a1d4d5fdb9915d929ba666d7e60cc32801e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:32:33 -0400 Subject: [PATCH 20/77] check otdfctl --- .github/workflows/checks.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index ac61821..b34a4de 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -23,10 +23,16 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + with: + repository: opentdf/otdfctl + path: otdfctl - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: cache-dependency-path: | tests/go.sum + otdfctl/go.sum + - run: go build -o otdfctl/otdfctl otdfctl - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a From f298e5493126dd191095de04ad7b91566c98437e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:37:16 -0400 Subject: [PATCH 21/77] build otdfctl --- .github/workflows/checks.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index b34a4de..b5a28b1 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -32,7 +32,10 @@ jobs: cache-dependency-path: | tests/go.sum otdfctl/go.sum - - run: go build -o otdfctl/otdfctl otdfctl + - run: | + mkdir -p $HOME/.local/bin + ls -alh + go build -o $HOME/.local/bin/otdfctl otdfctl - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a From 6ee81b3a5a61d422a906347cdc193e91bc3fd919 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:41:14 -0400 Subject: [PATCH 22/77] set workdir --- .github/workflows/checks.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index b5a28b1..d345c4f 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -35,7 +35,8 @@ jobs: - run: | mkdir -p $HOME/.local/bin ls -alh - go build -o $HOME/.local/bin/otdfctl otdfctl + go build -o $HOME/.local/bin/otdfctl . + working-directory: otdfctl - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a From c972bdad8acab3d7763bffe8893f6101d8edb325 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 15:55:53 -0400 Subject: [PATCH 23/77] run bats tests --- .github/workflows/checks.yaml | 8 +- tests/bats/tutorial.bats | 492 +++++++++++++++++++++++ tests/chart_platform_integration_test.go | 25 +- tests/traefik.yaml | 32 ++ 4 files changed, 553 insertions(+), 4 deletions(-) create mode 100644 tests/bats/tutorial.bats create mode 100644 tests/traefik.yaml diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index d345c4f..02dcf78 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -32,14 +32,17 @@ jobs: cache-dependency-path: | tests/go.sum otdfctl/go.sum - - run: | + - name: "Build otdfctl" + run: | mkdir -p $HOME/.local/bin - ls -alh go build -o $HOME/.local/bin/otdfctl . working-directory: otdfctl - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a + - run: + mkcert -install + mkcert -cert-file tls.crt -key-file tls.key opentdf.local keycloak.opentdf.local platform.opentdf.local tagging.opentdf.local - name: "Download k3d" id: "download-k3d" shell: bash @@ -57,6 +60,7 @@ jobs: - name: "Create k3d cluster" id: "create-k3d-cluster" run: | + echo "127.0.0.1 platform.opentdf.local keycloak.opentdf.local" | sudo tee -a /etc/hosts echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s - run: go test ./ diff --git a/tests/bats/tutorial.bats b/tests/bats/tutorial.bats new file mode 100644 index 0000000..97c7fc8 --- /dev/null +++ b/tests/bats/tutorial.bats @@ -0,0 +1,492 @@ +#!/usr/bin/env bats + +# Ensure kubectl is installed +setup() { + export BATS_LIB_PATH="${BATS_LIB_PATH}:/usr/lib" + bats_load_library bats-support + bats_load_library bats-assert + bats_load_library bats-file + bats_load_library bats-detik/detik.bash + + echo '{"clientId":"opentdf","clientSecret":"secret"}' > client_creds.json + + export OTDFCTL_CMD="otdfctl --host https://platform.opentdf.local --with-client-creds-file ./client_creds.json" + +} + +@test "List namespaces and verify demo.com exists" { + # Run the command to list namespaces + run $OTDFCTL_CMD policy attributes namespaces list --json + + echo "Command output: $output" # Debugging line + + # Assert that the command was successful + assert_success + + # Assert that the output contains demo.com + echo "$output" | jq -e '.[] | select(.name == "demo.com")' > /dev/null + assert [ "$?" -eq 0 ] +} + +@test "Create namespace and verify the output" { + # Run the command to create a namespace + run $OTDFCTL_CMD policy attributes namespaces create --name demo.com --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the namespace name + assert_output --partial '"name": "demo.com"' + + # Extract the created namespace ID from the JSON output + created_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$created_id" ] + + # Optionally, print the created ID for debugging + echo "Created Namespace ID: $created_id" + + # Save the created namespace ID to a temporary file for use in other tests + echo "$created_id" > /tmp/created_namespace_id.txt +} + +@test "List namespaces and verify the new namespace exists" { + # Read the created namespace ID from the temporary file + if [ ! -f /tmp/created_namespace_id.txt ]; then + echo "Created namespace ID file does not exist." + exit 1 + fi + created_id=$(cat /tmp/created_namespace_id.txt) + + # Run the command to list namespaces + run $OTDFCTL_CMD policy attributes namespaces list --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the newly created namespace + echo "$output" | jq -e '.[] | select(.id == "'$created_id'")' > /dev/null + assert [ "$?" -eq 0 ] +} + +@test "Get namespace by ID and verify the output" { + # Read the created namespace ID from the temporary file + if [ ! -f /tmp/created_namespace_id.txt ]; then + echo "Created namespace ID file does not exist." + exit 1 + fi + namespace_id=$(cat /tmp/created_namespace_id.txt) + + # Run the command to get the namespace by ID + run $OTDFCTL_CMD policy attributes namespaces get --id=$namespace_id --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the namespace details + assert_output --partial '"id": "'$namespace_id'"' + assert_output --partial '"name": "demo.com"' + assert_output --partial '"fqn": "https://demo.com"' + assert_output --partial '"value": true' +} + +@test "Create attribute and verify the output" { + # Read the created namespace ID from the temporary file + if [ ! -f /tmp/created_namespace_id.txt ]; then + echo "Created namespace ID file does not exist." + exit 1 + fi + namespace_id=$(cat /tmp/created_namespace_id.txt) + + # Run the command to create an attribute + run $OTDFCTL_CMD policy attributes create --name role -s $namespace_id -r ANY_OF --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the attribute details + assert_output --partial '"id": "' + assert_output --partial '"namespace": {' + assert_output --partial '"id": "'$namespace_id'"' + assert_output --partial '"name": "role"' + assert_output --partial '"fqn": "https://demo.com/attr/role"' + assert_output --partial '"value": true' + + # Extract the created attribute ID from the JSON output + attribute_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$attribute_id" ] + + # Optionally, print the created ID for debugging + echo "Created Attribute ID: $attribute_id" + + # Save the created attribute ID to a temporary file for use in other tests + echo "$attribute_id" > /tmp/created_attribute_id.txt +} + +@test "Create admin value and verify the output" { + # Read the created attribute ID from the temporary file + if [ ! -f /tmp/created_attribute_id.txt ]; then + echo "Created attribute ID file does not exist." + exit 1 + fi + attribute_id=$(cat /tmp/created_attribute_id.txt) + + # Run the command to create the admin value + run $OTDFCTL_CMD policy attributes values create -a $attribute_id --value admin --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the value details + assert_output --partial '"id": "' + assert_output --partial '"attribute": {' + assert_output --partial '"id": "'$attribute_id'"' + assert_output --partial '"value": "admin"' + assert_output --partial '"fqn": "https://demo.com/attr/role/value/admin"' + assert_output --partial '"value": true' + + # Extract the created value ID from the JSON output + admin_value_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$admin_value_id" ] + + # Optionally, print the created ID for debugging + echo "Created Admin Value ID: $admin_value_id" + + # Save the created admin value ID to a temporary file for use in other tests + echo "$admin_value_id" > /tmp/admin_value_id.txt +} + +@test "Create developer value and verify the output" { + # Read the created attribute ID from the temporary file + if [ ! -f /tmp/created_attribute_id.txt ]; then + echo "Created attribute ID file does not exist." + exit 1 + fi + attribute_id=$(cat /tmp/created_attribute_id.txt) + + # Run the command to create the developer value + run $OTDFCTL_CMD policy attributes values create -a $attribute_id --value developer --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the value details + assert_output --partial '"id": "' + assert_output --partial '"attribute": {' + assert_output --partial '"id": "'$attribute_id'"' + assert_output --partial '"value": "developer"' + assert_output --partial '"fqn": "https://demo.com/attr/role/value/developer"' + assert_output --partial '"value": true' + + # Extract the created value ID from the JSON output + developer_value_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$developer_value_id" ] + + # Optionally, print the created ID for debugging + echo "Created Developer Value ID: $developer_value_id" + + # Save the created developer value ID to a temporary file for use in other tests + echo "$developer_value_id" > /tmp/developer_value_id.txt +} + +@test "Create guest value and verify the output" { + # Read the created attribute ID from the temporary file + if [ ! -f /tmp/created_attribute_id.txt ]; then + echo "Created attribute ID file does not exist." + exit 1 + fi + attribute_id=$(cat /tmp/created_attribute_id.txt) + + # Run the command to create the guest value + run $OTDFCTL_CMD policy attributes values create -a $attribute_id --value guest --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the value details + assert_output --partial '"id": "' + assert_output --partial '"attribute": {' + assert_output --partial '"id": "'$attribute_id'"' + assert_output --partial '"value": "guest"' + assert_output --partial '"fqn": "https://demo.com/attr/role/value/guest"' + assert_output --partial '"value": true' + + # Extract the created value ID from the JSON output + guest_value_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$guest_value_id" ] + + # Optionally, print the created ID for debugging + echo "Created Guest Value ID: $guest_value_id" + + # Save the created guest value ID to a temporary file for use in other tests + echo "$guest_value_id" > /tmp/guest_value_id.txt +} + +@test "Get attribute and verify it contains the new values" { + # Read the created attribute ID from the temporary file + if [ ! -f /tmp/created_attribute_id.txt ]; then + echo "Created attribute ID file does not exist." + exit 1 + fi + attribute_id=$(cat /tmp/created_attribute_id.txt) + + # Run the command to get the attribute by ID + run $OTDFCTL_CMD policy attributes get --id=$attribute_id --tls-no-verify --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the attribute details + assert_output --partial '"id": "'$attribute_id'"' + assert_output --partial '"name": "role"' + assert_output --partial '"fqn": "https://demo.com/attr/role"' + assert_output --partial '"value": true' + + # Extract and check the values array + values=$(echo "$output" | jq -r '.values[].value') + assert [ "$(echo "$values" | grep -c 'admin')" -eq 1 ] + assert [ "$(echo "$values" | grep -c 'developer')" -eq 1 ] + assert [ "$(echo "$values" | grep -c 'guest')" -eq 1 ] +} + +@test "Create subject condition set and verify the output" { + # Run the command to create the subject condition set + run $OTDFCTL_CMD policy subject-condition-sets create -s '[ { "condition_groups": [ { "conditions": [ { "subject_external_selector_value": ".clientId", "operator": 1, "subject_external_values": [ "opentdf" ] } ], "boolean_operator": 1 } ] } ]' --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the subject condition set details + assert_output --partial '"id": "' + assert_output --partial '"subject_external_selector_value": ".clientId"' + assert_output --partial '"operator": 1' + assert_output --partial '"opentdf"' + assert_output --partial '"boolean_operator": 1' + + # Extract the created subject condition set ID from the JSON output + subject_condition_set_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$subject_condition_set_id" ] + + # Optionally, print the created ID for debugging + echo "Created Subject Condition Set ID: $subject_condition_set_id" + + # Save the created subject condition set ID to a temporary file for use in other tests + echo "$subject_condition_set_id" > /tmp/subject_condition_set_id.txt +} + +@test "Create subject mapping and verify the output" { + # Read the created developer value ID from the temporary file + if [ ! -f /tmp/developer_value_id.txt ]; then + echo "Developer value ID file does not exist." + exit 1 + fi + developer_value_id=$(cat /tmp/developer_value_id.txt) + + # Read the created subject condition set ID from the temporary file + if [ ! -f /tmp/subject_condition_set_id.txt ]; then + echo "Subject condition set ID file does not exist." + exit 1 + fi + subject_condition_set_id=$(cat /tmp/subject_condition_set_id.txt) + + # Run the command to create the subject mapping + run $OTDFCTL_CMD policy subject-mappings create --action-standard DECRYPT --attribute-value-id $developer_value_id --subject-condition-set-id $subject_condition_set_id --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the subject mapping details + assert_output --partial '"id": "' + assert_output --partial '"attribute_value": {' + assert_output --partial '"id": "'$developer_value_id'"' + assert_output --partial '"value": "developer"' + assert_output --partial '"subject_condition_set": {' + assert_output --partial '"id": "'$subject_condition_set_id'"' + assert_output --partial '"subject_external_selector_value": ".clientId"' + assert_output --partial '"operator": 1' + assert_output --partial '"opentdf"' + + # Extract the created subject mapping ID from the JSON output + subject_mapping_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$subject_mapping_id" ] + + # Optionally, print the created ID for debugging + echo "Created Subject Mapping ID: $subject_mapping_id" + + # Save the created subject mapping ID to a temporary file for use in other tests + echo "$subject_mapping_id" > /tmp/subject_mapping_id.txt +} + +@test "Create TDF3 file and verify the output" { + # Run the command to create a TDF3 file without attributes + run bash -c 'echo "my first encrypted tdf" | $OTDFCTL_CMD encrypt -o opentdf-example.tdf --tdf-type tdf3' + + # Assert that the command was successful + assert_success + + # Assert that the TDF3 file is created + [ -f opentdf-example.tdf ] + assert_success +} + +@test "Create nanoTDF file and verify the output" { + # Run the command to create a nanoTDF file without attributes + run bash -c 'echo "my first encrypted tdf" | $OTDFCTL_CMD encrypt -o opentdf-example.nano.tdf --tdf-type nano' + + # Assert that the command was successful + assert_success + + # Assert that the nanoTDF file is created + [ -f opentdf-example.nano.tdf ] + assert_success +} + +@test "Decrypt TDF3 file and verify the output" { + # Run the command to decrypt the TDF3 file + run $OTDFCTL_CMD decrypt --tdf-type tdf3 opentdf-example.tdf + + # Assert that the command was successful + assert_success + + # Assert that the decrypted output is as expected + assert_output "my first encrypted tdf" +} + +@test "Decrypt nanoTDF file and verify the output" { + # Run the command to decrypt the nanoTDF file + run $OTDFCTL_CMD decrypt --tdf-type nano opentdf-example.nano.tdf + + # Assert that the command was successful + assert_success + + # Assert that the decrypted output is as expected + assert_output "my first encrypted tdf" +} + +@test "Encrypt TDF3 file with attributes and verify the output" { + # Run the command to create a TDF3 file with attributes + run bash -c 'echo "my first encrypted tdf" | $OTDFCTL_CMD encrypt -o opentdf-example.tdf --tdf-type tdf3 --attr https://demo.com/attr/role/value/guest' + + # Assert that the command was successful + assert_success + + # Assert that the TDF3 file is created + [ -f opentdf-example.tdf ] + assert_success +} + +@test "Encrypt nanoTDF file with attributes and verify the output" { + # Run the command to create a nanoTDF file with attributes + run bash -c 'echo "my first encrypted tdf" | $OTDFCTL_CMD encrypt -o opentdf-example.nano.tdf --tdf-type nano --attr https://demo.com/attr/role/value/guest' + + # Assert that the command was successful + assert_success + + # Assert that the nanoTDF file is created + [ -f opentdf-example.nano.tdf ] + assert_success +} + +@test "Decrypt TDF3 file with attributes and expect failure" { + # Run the command to decrypt the TDF3 file + run $OTDFCTL_CMD decrypt --tdf-type tdf3 opentdf-example.tdf + + # Assert that the command failed + assert_failure + + # Assert that the output contains the expected error message + assert_output --partial 'ERROR Failed to decrypt file:' + assert_output --partial 'rpc error: code = PermissionDenied desc = forbidden' +} + +@test "Decrypt nanoTDF file with attributes and expect failure" { + # Run the command to decrypt the nanoTDF file + run $OTDFCTL_CMD decrypt --tdf-type nano opentdf-example.nano.tdf + + # Assert that the command failed + assert_failure + + # Assert that the output contains the expected error message + assert_output --partial 'ERROR Failed to decrypt file:' + assert_output --partial 'rpc error: code = PermissionDenied desc = forbidden' +} + +@test "Create subject mapping for guest access and verify the output" { + # Read the created guest value ID from the temporary file + if [ ! -f /tmp/guest_value_id.txt ]; then + echo "Guest value ID file does not exist." + exit 1 + fi + guest_value_id=$(cat /tmp/guest_value_id.txt) + + # Read the created subject condition set ID from the temporary file + if [ ! -f /tmp/subject_condition_set_id.txt ]; then + echo "Subject condition set ID file does not exist." + exit 1 + fi + subject_condition_set_id=$(cat /tmp/subject_condition_set_id.txt) + + # Run the command to create the subject mapping + run $OTDFCTL_CMD policy subject-mappings create --action-standard DECRYPT --attribute-value-id $guest_value_id --subject-condition-set-id $subject_condition_set_id --json + + # Assert that the command was successful + assert_success + + # Assert that the output contains the subject mapping details + assert_output --partial '"id": "' + assert_output --partial '"attribute_value": {' + assert_output --partial '"id": "'$guest_value_id'"' + assert_output --partial '"value": "guest"' + assert_output --partial '"subject_condition_set": {' + assert_output --partial '"id": "'$subject_condition_set_id'"' + assert_output --partial '"subject_external_selector_value": ".clientId"' + assert_output --partial '"operator": 1' + assert_output --partial '"opentdf"' + + # Extract the created subject mapping ID from the JSON output + subject_mapping_id=$(echo "$output" | jq -r '.id') + + # Assert that the created ID is not empty + assert [ -n "$subject_mapping_id" ] + + # Optionally, print the created ID for debugging + echo "Created Subject Mapping ID: $subject_mapping_id" + + # Save the created subject mapping ID to a temporary file for use in other tests + echo "$subject_mapping_id" > /tmp/guest_subject_mapping_id.txt +} + +@test "Decrypt TDF3 file with new subject mapping and verify the output" { + # Run the command to decrypt the TDF3 file + run $OTDFCTL_CMD decrypt --tdf-type tdf3 opentdf-example.tdf + + # Assert that the command was successful + assert_success + + # Assert that the decrypted output is as expected + assert_output "my first encrypted tdf" +} + +@test "Decrypt nanoTDF file with new subject mapping and verify the output" { + # Run the command to decrypt the nanoTDF file + run $OTDFCTL_CMD decrypt --tdf-type nano opentdf-example.nano.tdf + + # Assert that the command was successful + assert_success + + # Assert that the decrypted output is as expected + assert_output "my first encrypted tdf" +} \ No newline at end of file diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 50f2629..7d065c6 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -2,6 +2,7 @@ package test import ( "fmt" + "os/exec" "path/filepath" "strings" "testing" @@ -49,8 +50,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { options := &helm.Options{ KubectlOptions: kubectlOptions, SetValues: map[string]string{ - "sdk_config.clientsecret": "test", - "playground": "true", + "sdk_config.clientsecret": "test", + "playground": "true", + "keycloak.ingress.enabled": "false", }, } @@ -84,4 +86,23 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { for _, pod := range pods { suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) } + + // Get Ingress Resources + ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) + suite.Require().Len(ingresses, 0) + + // Apply tls secret + k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "tls", "platform-tls", "--cert=../tls.crt", "--key=../tls.key") + + traefikIngressCfg, err := filepath.Abs("traefik.yaml") + suite.Require().NoError(err) + + k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) + + // Run bats tests + batsTestFile, err := filepath.Abs("bats/tutorial.bats") + suite.Require().NoError(err) + + err = exec.Command("bats", batsTestFile).Run() + suite.Require().NoError(err) } diff --git a/tests/traefik.yaml b/tests/traefik.yaml new file mode 100644 index 0000000..515e424 --- /dev/null +++ b/tests/traefik.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: platform +spec: + entryPoints: + - websecure + routes: + - match: Host(`keycloak.opentdf.local`) + kind: Rule + services: + - name: platform-keycloak + port: 80 + scheme: http + passHostHeader: true + - match: Host(`platform.opentdf.local`) + kind: Rule + services: + - name: dsp-platform + port: 9000 + scheme: h2c + passHostHeader: true + - match: Host(`tagging.opentdf.local`) + kind: Rule + services: + - name: tagging-pdp + port: 9000 + scheme: h2c + passHostHeader: true + tls: + secretName: platform-tls \ No newline at end of file From 220887357cb2f08df7a68e1755fbf8a0f5432eb3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:00:17 -0400 Subject: [PATCH 24/77] where are certs --- .github/workflows/checks.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 02dcf78..66eff34 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -43,6 +43,8 @@ jobs: - run: mkcert -install mkcert -cert-file tls.crt -key-file tls.key opentdf.local keycloak.opentdf.local platform.opentdf.local tagging.opentdf.local + pwd + ls -alh - name: "Download k3d" id: "download-k3d" shell: bash From 3064db35788b4817902a8f339378cf5839a3a7ff Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:01:27 -0400 Subject: [PATCH 25/77] fix mkcert creation --- .github/workflows/checks.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 66eff34..c17c409 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -40,11 +40,9 @@ jobs: - uses: bats-core/bats-action@472edde1138d59aca53ff162fb8d996666d21e4a - name: "Install mkcert" run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a - - run: + - run: | mkcert -install mkcert -cert-file tls.crt -key-file tls.key opentdf.local keycloak.opentdf.local platform.opentdf.local tagging.opentdf.local - pwd - ls -alh - name: "Download k3d" id: "download-k3d" shell: bash From 621c7fc829ab62cb1aebba8689cf174d76a93bd1 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:07:58 -0400 Subject: [PATCH 26/77] get output of bats command --- tests/chart_platform_integration_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 7d065c6..c41fe53 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -103,6 +103,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) - err = exec.Command("bats", batsTestFile).Run() - suite.Require().NoError(err) + cmd := exec.Command("bats", batsTestFile) + output, err := cmd.CombinedOutput() + suite.Require().NoError(err, string(output)) } From 8f5bdf44a47c29da5bac7dcbaaaa7fdaca6fb3e3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:16:33 -0400 Subject: [PATCH 27/77] fix ingress route --- .github/workflows/checks.yaml | 2 +- tests/chart_platform_integration_test.go | 2 +- tests/traefik.yaml | 11 ++--------- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index c17c409..a17e82f 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -42,7 +42,7 @@ jobs: run: go install filippo.io/mkcert@2a46726cebac0ff4e1f133d90b4e4c42f1edf44a - run: | mkcert -install - mkcert -cert-file tls.crt -key-file tls.key opentdf.local keycloak.opentdf.local platform.opentdf.local tagging.opentdf.local + mkcert -cert-file tls.crt -key-file tls.key opentdf.local keycloak.opentdf.local platform.opentdf.local - name: "Download k3d" id: "download-k3d" shell: bash diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index c41fe53..356f72a 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -36,7 +36,7 @@ func (suite *PlatformChartIntegrationSuite) SetupTest() { func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { namespaceName := fmt.Sprintf("opentdf-%s", strings.ToLower(random.UniqueId())) - releaseName := "basic" + releaseName := "opentdf" // Setup the kubectl config and context. Here we choose to use the defaults, which is: // - HOME/.kube/config for the kubectl config file diff --git a/tests/traefik.yaml b/tests/traefik.yaml index 515e424..7a56f58 100644 --- a/tests/traefik.yaml +++ b/tests/traefik.yaml @@ -10,21 +10,14 @@ spec: - match: Host(`keycloak.opentdf.local`) kind: Rule services: - - name: platform-keycloak + - name: opentdf-keycloak port: 80 scheme: http passHostHeader: true - match: Host(`platform.opentdf.local`) kind: Rule services: - - name: dsp-platform - port: 9000 - scheme: h2c - passHostHeader: true - - match: Host(`tagging.opentdf.local`) - kind: Rule - services: - - name: tagging-pdp + - name: opentdf-platform port: 9000 scheme: h2c passHostHeader: true From 28d4628324454bd8e121a31f5c2f8e6e9b961637 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:49:43 -0400 Subject: [PATCH 28/77] fix kc service name --- tests/chart_platform_integration_test.go | 8 ++++++-- tests/traefik.yaml | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 356f72a..b0a73d3 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -77,9 +77,13 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { helm.Install(suite.T(), options, suite.chartPath, releaseName) - serviceName := fmt.Sprintf("%s-platform", releaseName) + kcServiceName := "platform-keycloak" - k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, serviceName, 10, 1*time.Second) + k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) + + platServiceName := fmt.Sprintf("%s-platform", releaseName) + + k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, platServiceName, 10, 1*time.Second) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(pods, 3) diff --git a/tests/traefik.yaml b/tests/traefik.yaml index 7a56f58..4b1f9cb 100644 --- a/tests/traefik.yaml +++ b/tests/traefik.yaml @@ -10,7 +10,7 @@ spec: - match: Host(`keycloak.opentdf.local`) kind: Rule services: - - name: opentdf-keycloak + - name: platform-keycloak port: 80 scheme: http passHostHeader: true From 14e4640e0efc2f8177223df8fbf0999b78b7655b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:51:42 -0400 Subject: [PATCH 29/77] set docker network --- .github/k3d-config.yaml | 3 ++- .github/workflows/checks.yaml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/k3d-config.yaml b/.github/k3d-config.yaml index dad7423..bc6930a 100644 --- a/.github/k3d-config.yaml +++ b/.github/k3d-config.yaml @@ -5,6 +5,7 @@ metadata: name: cluster # name that you want to give to your cluster (will still be prefixed with `k3d-`) # servers: 1 # same as `--servers 1` # agents: 2 # same as `--agents 2` +network: platform-k3d kubeAPI: # same as `--api-port myhost.my.domain:6445` (where the name would resolve to 127.0.0.1) hostIP: "0.0.0.0" # where the Kubernetes API will be listening on hostPort: "6445" # where the Kubernetes API listening port will be mapped to on your host system @@ -16,7 +17,7 @@ ports: nodeFilters: - loadbalancer hostAliases: # /etc/hosts style entries to be injected into /etc/hosts in the node containers and in the NodeHosts section in CoreDNS - - ip: 172.18.0.1 + - ip: 10.255.127.1 hostnames: - keycloak.opentdf.local registries: # define how registries should be created or used diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index a17e82f..6588662 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -62,6 +62,7 @@ jobs: run: | echo "127.0.0.1 platform.opentdf.local keycloak.opentdf.local" | sudo tee -a /etc/hosts echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts + docker network create platform-k3d --subnet 10.255.127.0/24 --ip-range 10.255.127.192/26 --gateway 10.255.127.1 k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s - run: go test ./ working-directory: tests \ No newline at end of file From de2ba4d29a1e351008287a5cdeb6855d6adb45ca Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 16:54:36 -0400 Subject: [PATCH 30/77] set right issuer in test --- tests/chart_platform_integration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index b0a73d3..481ce62 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -53,6 +53,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { "sdk_config.clientsecret": "test", "playground": "true", "keycloak.ingress.enabled": "false", + "server.auth.issuer": "https://keycloak.opentdf.local/realms/opentdf", }, } From f3de78aec6ac1feffc6221164a318448082c4bd8 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 17:14:04 -0400 Subject: [PATCH 31/77] try rolling out platform again --- tests/chart_platform_integration_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 481ce62..271f3e4 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -84,6 +84,8 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { platServiceName := fmt.Sprintf("%s-platform", releaseName) + k8s.RunKubectl(suite.T(), kubectlOptions, "rollout", "status", "deployment", platServiceName) + k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, platServiceName, 10, 1*time.Second) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) From 1101096203174c6efbac286119e0394df4959393 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Sat, 10 Aug 2024 17:26:55 -0400 Subject: [PATCH 32/77] restart not status --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 271f3e4..0e93c65 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -84,7 +84,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { platServiceName := fmt.Sprintf("%s-platform", releaseName) - k8s.RunKubectl(suite.T(), kubectlOptions, "rollout", "status", "deployment", platServiceName) + k8s.RunKubectl(suite.T(), kubectlOptions, "rollout", "restart", "deployment", platServiceName) k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, platServiceName, 10, 1*time.Second) From 8ef0259bfabef3a85d2a946671f05bf6748ce463 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:13:14 -0400 Subject: [PATCH 33/77] mount platform-tls secret to integration test --- charts/platform/templates/_helpers.tpl | 3 --- tests/chart_platform_integration_test.go | 22 +++++++++++++--------- tests/chart_platform_template_test.go | 18 ------------------ 3 files changed, 13 insertions(+), 30 deletions(-) diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl index 8225cd1..088f105 100644 --- a/charts/platform/templates/_helpers.tpl +++ b/charts/platform/templates/_helpers.tpl @@ -76,9 +76,6 @@ Create the name of the service account to use {{- end -}} {{- define "sdk_config.validate" -}} -{{- if and (not .Values.sdk_config.clientsecret) (not .Values.sdk_config.existingSecret.name) (not .Values.sdk_config.existingSecret.key) }} -{{- fail "You must set either clientsecret and existingSecret in sdk_config." }} -{{- end -}} {{- if and ( .Values.sdk_config.clientsecret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}} {{- fail "You cannot set both clientsecret and existingSecret in sdk_config." }} {{- end -}} diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 0e93c65..4d38a51 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -50,10 +50,13 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { options := &helm.Options{ KubectlOptions: kubectlOptions, SetValues: map[string]string{ - "sdk_config.clientsecret": "test", "playground": "true", "keycloak.ingress.enabled": "false", "server.auth.issuer": "https://keycloak.opentdf.local/realms/opentdf", + "server.tls.additionalTrustedCerts[0].secret.name": "platform-tls", + "server.tls.additionalTrustedCerts[0].secret.optional": "false", + "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", + "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traeffik.crt", }, } @@ -76,6 +79,15 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { suite.Require().Equal(kasSecret.Data["kas-ec-private.pem"], privECKey) + // Apply tls secret + k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "tls", "platform-tls", "--cert=../tls.crt", "--key=../tls.key") + + traefikIngressCfg, err := filepath.Abs("traefik.yaml") + suite.Require().NoError(err) + + k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) + + // Install the chart helm.Install(suite.T(), options, suite.chartPath, releaseName) kcServiceName := "platform-keycloak" @@ -98,14 +110,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) - // Apply tls secret - k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "tls", "platform-tls", "--cert=../tls.crt", "--key=../tls.key") - - traefikIngressCfg, err := filepath.Abs("traefik.yaml") - suite.Require().NoError(err) - - k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) - // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index d772ffd..920be91 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -53,24 +53,6 @@ func (suite *PlatformChartTemplateSuite) TestBasicDeploymentTemplateRender() { suite.Require().Equal(deployment.Spec.Template.Spec.Containers[0].Image, "registry.opentdf.io/platform:latest") } -func (suite *PlatformChartTemplateSuite) Test_Empty_SDK_Config_Client_Secret_AND_Existing_Secret_Expect_Error() { - releaseName := "basic" - - namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) - - options := &helm.Options{ - KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), - SetValues: map[string]string{ - "image.tag": "latest", - }, - } - - _, err := helm.RenderTemplateE(suite.T(), options, suite.chartPath, releaseName, []string{}) - suite.Require().Error(err) - suite.Require().ErrorContains(err, "You must set either clientsecret and existingSecret in sdk_config.") - -} - func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_Existing_Secret_Expect_Error() { releaseName := "basic" From b3aed68ad88816623d6b67ffd32189a25769b9ed Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:21:39 -0400 Subject: [PATCH 34/77] apply ingress route at end --- tests/chart_platform_integration_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 4d38a51..17a61c5 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -82,11 +82,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Apply tls secret k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "tls", "platform-tls", "--cert=../tls.crt", "--key=../tls.key") - traefikIngressCfg, err := filepath.Abs("traefik.yaml") - suite.Require().NoError(err) - - k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) - // Install the chart helm.Install(suite.T(), options, suite.chartPath, releaseName) @@ -110,6 +105,11 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) + traefikIngressCfg, err := filepath.Abs("traefik.yaml") + suite.Require().NoError(err) + + k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) + // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) From c4275b52c836fb3aa1cd51690f92e8292d860310 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:25:39 -0400 Subject: [PATCH 35/77] remove length check --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 17a61c5..49a3995 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -96,7 +96,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, platServiceName, 10, 1*time.Second) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) - suite.Require().Len(pods, 3) + // suite.Require().Len(pods, 3) for _, pod := range pods { suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) } From cdeed1c69fa7ac51aa187f37e6725ed7a1d99f31 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:38:56 -0400 Subject: [PATCH 36/77] try provisioning keycloak --- .github/workflows/checks.yaml | 6 ++++++ tests/chart_platform_integration_test.go | 9 +++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 6588662..cb762d5 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -27,6 +27,12 @@ jobs: with: repository: opentdf/otdfctl path: otdfctl + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + with: + repository: opentdf/platform + path: platform + sparse-checkout: | + service/cmd/keycloak_data.yaml - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: cache-dependency-path: | diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 49a3995..9841ef4 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -60,8 +60,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { }, } - defer helm.Delete(suite.T(), options, releaseName, true) - // Generate KAS Keys privECKey, pubECKey, err := generateKasECDHKeyPair() suite.Require().NoError(err) @@ -85,6 +83,8 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Install the chart helm.Install(suite.T(), options, suite.chartPath, releaseName) + defer helm.Delete(suite.T(), options, releaseName, true) + kcServiceName := "platform-keycloak" k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) @@ -110,6 +110,11 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) + // Provision Keycloak + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRunOutput, err := dockerRun.CombinedOutput() + suite.Require().NoError(err, string(dockerRunOutput)) + // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) From 5521ac988a57854f7cb973adec28c1bbf322da60 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:49:42 -0400 Subject: [PATCH 37/77] wait for pod is available --- tests/chart_platform_integration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 9841ef4..b95e366 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -98,6 +98,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) // suite.Require().Len(pods, 3) for _, pod := range pods { + k8s.WaitUntilPodAvailable(suite.T(), kubectlOptions, pod.Name, 30, 1*time.Second) suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) } From e09fb93330f7d3bf1ae291d99f53b8d6b438d93f Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:56:50 -0400 Subject: [PATCH 38/77] try to capture why things are failing --- tests/chart_platform_integration_test.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index b95e366..e8449b8 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -35,6 +35,7 @@ func (suite *PlatformChartIntegrationSuite) SetupTest() { } func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { + namespaceName := fmt.Sprintf("opentdf-%s", strings.ToLower(random.UniqueId())) releaseName := "opentdf" @@ -45,8 +46,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.CreateNamespace(suite.T(), kubectlOptions, namespaceName) - defer k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) - options := &helm.Options{ KubectlOptions: kubectlOptions, SetValues: map[string]string{ @@ -83,7 +82,16 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Install the chart helm.Install(suite.T(), options, suite.chartPath, releaseName) - defer helm.Delete(suite.T(), options, releaseName, true) + defer func() { + pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) + for _, pod := range pods { + fmt.Println("Pod Name: ", pod.Name) + fmt.Println("Pod Status: ", pod.Status.Phase) + fmt.Println("Pod Logs: ", k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform")) + } + helm.Delete(suite.T(), options, releaseName, true) + k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) + }() kcServiceName := "platform-keycloak" From 99711020f4065805d43154b59baba35402afd05b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 08:57:46 -0400 Subject: [PATCH 39/77] add reason --- tests/chart_platform_integration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index e8449b8..86035c1 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -87,6 +87,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { for _, pod := range pods { fmt.Println("Pod Name: ", pod.Name) fmt.Println("Pod Status: ", pod.Status.Phase) + fmt.Println("Pod Reason: ", pod.Status.Reason) fmt.Println("Pod Logs: ", k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform")) } helm.Delete(suite.T(), options, releaseName, true) From beeaadb4e8dda70c56aad3d104fbde99e65ff902 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 10:54:19 -0400 Subject: [PATCH 40/77] more debugging --- tests/chart_platform_integration_test.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 86035c1..ecc896b 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -1,6 +1,7 @@ package test import ( + "encoding/json" "fmt" "os/exec" "path/filepath" @@ -55,7 +56,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { "server.tls.additionalTrustedCerts[0].secret.name": "platform-tls", "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", - "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traeffik.crt", + "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traefik.crt", }, } @@ -83,12 +84,16 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { helm.Install(suite.T(), options, suite.chartPath, releaseName) defer func() { + secret := k8s.GetSecret(suite.T(), kubectlOptions, "platform-tls") + secretJson, _ := json.MarshalIndent(secret, "", " ") + fmt.Println("TLS Secret: ", string(secretJson)) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) for _, pod := range pods { fmt.Println("Pod Name: ", pod.Name) fmt.Println("Pod Status: ", pod.Status.Phase) fmt.Println("Pod Reason: ", pod.Status.Reason) - fmt.Println("Pod Logs: ", k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform")) + podJson, _ := json.MarshalIndent(pod, "", " ") + fmt.Println("Pod: ", string(podJson)) } helm.Delete(suite.T(), options, releaseName, true) k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) From 15392527068aecde299a59b9941bf24d441d0934 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 11:20:45 -0400 Subject: [PATCH 41/77] add logs back --- tests/chart_platform_integration_test.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index ecc896b..1f30258 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -89,11 +89,15 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { fmt.Println("TLS Secret: ", string(secretJson)) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) for _, pod := range pods { - fmt.Println("Pod Name: ", pod.Name) - fmt.Println("Pod Status: ", pod.Status.Phase) - fmt.Println("Pod Reason: ", pod.Status.Reason) - podJson, _ := json.MarshalIndent(pod, "", " ") - fmt.Println("Pod: ", string(podJson)) + if strings.Contains(pod.Name, "opentdf-platform") { + fmt.Println("Pod Name: ", pod.Name) + fmt.Println("Pod Status: ", pod.Status.Phase) + fmt.Println("Pod Reason: ", pod.Status.Reason) + podJson, _ := json.MarshalIndent(pod, "", " ") + fmt.Println("Pod: ", string(podJson)) + platLogs := k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform") + fmt.Println("Platform Logs: ", platLogs) + } } helm.Delete(suite.T(), options, releaseName, true) k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) From e9fa30fff3360b58be85028eb678fdf0747de1b3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 11:26:13 -0400 Subject: [PATCH 42/77] only log extra info on failure --- tests/chart_platform_integration_test.go | 28 +++++++++++++----------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 1f30258..c3d90e8 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -84,19 +84,21 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { helm.Install(suite.T(), options, suite.chartPath, releaseName) defer func() { - secret := k8s.GetSecret(suite.T(), kubectlOptions, "platform-tls") - secretJson, _ := json.MarshalIndent(secret, "", " ") - fmt.Println("TLS Secret: ", string(secretJson)) - pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) - for _, pod := range pods { - if strings.Contains(pod.Name, "opentdf-platform") { - fmt.Println("Pod Name: ", pod.Name) - fmt.Println("Pod Status: ", pod.Status.Phase) - fmt.Println("Pod Reason: ", pod.Status.Reason) - podJson, _ := json.MarshalIndent(pod, "", " ") - fmt.Println("Pod: ", string(podJson)) - platLogs := k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform") - fmt.Println("Platform Logs: ", platLogs) + if suite.T().Failed() { + secret := k8s.GetSecret(suite.T(), kubectlOptions, "platform-tls") + secretJson, _ := json.MarshalIndent(secret, "", " ") + fmt.Println("TLS Secret: ", string(secretJson)) + pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) + for _, pod := range pods { + if strings.Contains(pod.Name, "opentdf-platform") { + fmt.Println("Pod Name: ", pod.Name) + fmt.Println("Pod Status: ", pod.Status.Phase) + fmt.Println("Pod Reason: ", pod.Status.Reason) + podJson, _ := json.MarshalIndent(pod, "", " ") + fmt.Println("Pod: ", string(podJson)) + platLogs := k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform") + fmt.Println("Platform Logs: ", platLogs) + } } } helm.Delete(suite.T(), options, releaseName, true) From 55463dceb73e44c0401661a89affff2fa8278fe8 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 11:54:13 -0400 Subject: [PATCH 43/77] template traefik --- tests/chart_platform_integration_test.go | 39 ++++++++++++++++++++++++ tests/traefik.yaml | 25 --------------- 2 files changed, 39 insertions(+), 25 deletions(-) delete mode 100644 tests/traefik.yaml diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index c3d90e8..db26ca5 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -3,6 +3,8 @@ package test import ( "encoding/json" "fmt" + "html/template" + "os" "os/exec" "path/filepath" "strings" @@ -17,6 +19,36 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +var traefikIngress = ` + --- + apiVersion: traefik.containo.us/v1alpha1 + kind: IngressRoute + metadata: + name: platform + spec: + entryPoints: + - websecure + routes: + - match: Host('keycloak.opentdf.local') + kind: Rule + services: + - name: platform-keycloak + namespace: {{ .Namespace }} + port: 80 + scheme: http + passHostHeader: true + - match: Host('platform.opentdf.local') + kind: Rule + services: + - name: opentdf-platform + namespace: {{ .Namespace }} + port: 9000 + scheme: h2c + passHostHeader: true + tls: + secretName: platform-tls +` + type PlatformChartIntegrationSuite struct { suite.Suite chartPath string @@ -126,6 +158,13 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) + ingFile, err := os.Create("traefik.yaml") + suite.Require().NoError(err) + ingTmpl, err := template.New("traefik").Parse(traefikIngress) + suite.Require().NoError(err) + err = ingTmpl.Execute(ingFile, map[string]string{"Namespace": namespaceName}) + suite.Require().NoError(err) + traefikIngressCfg, err := filepath.Abs("traefik.yaml") suite.Require().NoError(err) diff --git a/tests/traefik.yaml b/tests/traefik.yaml deleted file mode 100644 index 4b1f9cb..0000000 --- a/tests/traefik.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: platform -spec: - entryPoints: - - websecure - routes: - - match: Host(`keycloak.opentdf.local`) - kind: Rule - services: - - name: platform-keycloak - port: 80 - scheme: http - passHostHeader: true - - match: Host(`platform.opentdf.local`) - kind: Rule - services: - - name: opentdf-platform - port: 9000 - scheme: h2c - passHostHeader: true - tls: - secretName: platform-tls \ No newline at end of file From b516bcc870bbec8f4b11e2980aaba53cbe83de7a Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 12:28:12 -0400 Subject: [PATCH 44/77] fix rendered ingress --- tests/chart_platform_integration_test.go | 84 ++++++++++++------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index db26ca5..9b1b6d4 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -1,6 +1,7 @@ package test import ( + "bytes" "encoding/json" "fmt" "html/template" @@ -19,35 +20,33 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var traefikIngress = ` - --- - apiVersion: traefik.containo.us/v1alpha1 - kind: IngressRoute - metadata: - name: platform - spec: - entryPoints: - - websecure - routes: - - match: Host('keycloak.opentdf.local') - kind: Rule - services: - - name: platform-keycloak - namespace: {{ .Namespace }} - port: 80 - scheme: http - passHostHeader: true - - match: Host('platform.opentdf.local') - kind: Rule - services: - - name: opentdf-platform - namespace: {{ .Namespace }} - port: 9000 - scheme: h2c - passHostHeader: true - tls: - secretName: platform-tls -` +var traefikIngress = `--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: platform +spec: + entryPoints: + - websecure + routes: + - match: Host('keycloak.opentdf.local') + kind: Rule + services: + - name: platform-keycloak + namespace: {{ .Namespace }} + port: 80 + scheme: http + passHostHeader: true + - match: Host('platform.opentdf.local') + kind: Rule + services: + - name: opentdf-platform + namespace: {{ .Namespace }} + port: 9000 + scheme: h2c + passHostHeader: true + tls: + secretName: platform-tls` type PlatformChartIntegrationSuite struct { suite.Suite @@ -84,7 +83,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { SetValues: map[string]string{ "playground": "true", "keycloak.ingress.enabled": "false", - "server.auth.issuer": "https://keycloak.opentdf.local/realms/opentdf", + "server.auth.issuer": "https://keycloak.dsp.local:9443/realms/opentdf", "server.tls.additionalTrustedCerts[0].secret.name": "platform-tls", "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", @@ -112,6 +111,19 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Apply tls secret k8s.RunKubectl(suite.T(), kubectlOptions, "create", "secret", "tls", "platform-tls", "--cert=../tls.crt", "--key=../tls.key") + var ingRendered bytes.Buffer + ingTmpl, err := template.New("traefik").Parse(traefikIngress) + suite.Require().NoError(err) + err = ingTmpl.Execute(&ingRendered, map[string]string{"Namespace": namespaceName}) + suite.Require().NoError(err) + err = os.WriteFile("traefik.yaml", ingRendered.Bytes(), 0644) + suite.Require().NoError(err) + + traefikIngressCfg, err := filepath.Abs("traefik.yaml") + suite.Require().NoError(err) + + k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) + // Install the chart helm.Install(suite.T(), options, suite.chartPath, releaseName) @@ -158,18 +170,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) - ingFile, err := os.Create("traefik.yaml") - suite.Require().NoError(err) - ingTmpl, err := template.New("traefik").Parse(traefikIngress) - suite.Require().NoError(err) - err = ingTmpl.Execute(ingFile, map[string]string{"Namespace": namespaceName}) - suite.Require().NoError(err) - - traefikIngressCfg, err := filepath.Abs("traefik.yaml") - suite.Require().NoError(err) - - k8s.KubectlApply(suite.T(), kubectlOptions, traefikIngressCfg) - // Provision Keycloak dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() From 56ec2e79af4c7c2b0ea3f63f0ff8269df0cb862e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 12:40:50 -0400 Subject: [PATCH 45/77] wrong host --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 9b1b6d4..22eefcc 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -83,7 +83,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { SetValues: map[string]string{ "playground": "true", "keycloak.ingress.enabled": "false", - "server.auth.issuer": "https://keycloak.dsp.local:9443/realms/opentdf", + "server.auth.issuer": "https://keycloak.opentdf.local/realms/opentdf", "server.tls.additionalTrustedCerts[0].secret.name": "platform-tls", "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", From 8bc6fd492c8df675ef04a12f8b69b8a1a44d232f Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 12:57:37 -0400 Subject: [PATCH 46/77] add a sleep --- tests/chart_platform_integration_test.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 22eefcc..c99430d 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -134,10 +134,10 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { fmt.Println("TLS Secret: ", string(secretJson)) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) for _, pod := range pods { + fmt.Println("Pod Name: ", pod.Name) + fmt.Println("Pod Status: ", pod.Status.Phase) + fmt.Println("Pod Reason: ", pod.Status.Reason) if strings.Contains(pod.Name, "opentdf-platform") { - fmt.Println("Pod Name: ", pod.Name) - fmt.Println("Pod Status: ", pod.Status.Phase) - fmt.Println("Pod Reason: ", pod.Status.Reason) podJson, _ := json.MarshalIndent(pod, "", " ") fmt.Println("Pod: ", string(podJson)) platLogs := k8s.GetPodLogs(suite.T(), kubectlOptions, &pod, "platform") @@ -149,6 +149,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.DeleteNamespace(suite.T(), kubectlOptions, namespaceName) }() + // Wait for Keycloak and Platform to be available + time.Sleep(30 * time.Second) + kcServiceName := "platform-keycloak" k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) From 82e5bc2fc0cd52ab16b00e53be34b6d78b3a2a5b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 13:09:44 -0400 Subject: [PATCH 47/77] number of running pods --- tests/chart_platform_integration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index c99430d..82a3ee6 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -133,6 +133,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { secretJson, _ := json.MarshalIndent(secret, "", " ") fmt.Println("TLS Secret: ", string(secretJson)) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) + fmt.Println("Number of Pods: ", len(pods)) for _, pod := range pods { fmt.Println("Pod Name: ", pod.Name) fmt.Println("Pod Status: ", pod.Status.Phase) From b500bc4a8ddf9ee5428dd4c74b2731fe53f1fe9e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 13:16:38 -0400 Subject: [PATCH 48/77] increase sleep --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 82a3ee6..a3df8d3 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -151,7 +151,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { }() // Wait for Keycloak and Platform to be available - time.Sleep(30 * time.Second) + time.Sleep(60 * time.Second) kcServiceName := "platform-keycloak" From b8dd40f1df14cd2422c531433bcf96862937279e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 13:25:36 -0400 Subject: [PATCH 49/77] try setting default values file --- tests/chart_platform_integration_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index a3df8d3..3406121 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -80,6 +80,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { options := &helm.Options{ KubectlOptions: kubectlOptions, + ValuesFiles: []string{"../charts/platform/values.yaml"}, SetValues: map[string]string{ "playground": "true", "keycloak.ingress.enabled": "false", From 9b60c7cb1a905dec3ba561f7133db4a93f85a47a Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 13:26:17 -0400 Subject: [PATCH 50/77] remove sleep --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 3406121..e5a1943 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -152,7 +152,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { }() // Wait for Keycloak and Platform to be available - time.Sleep(60 * time.Second) + // time.Sleep(30 * time.Second) kcServiceName := "platform-keycloak" From e965b18a00c1c01e5f966ce61ce7869436c4306a Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 13:37:40 -0400 Subject: [PATCH 51/77] try to provision keycloak --- tests/chart_platform_integration_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index e5a1943..1225df8 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -158,6 +158,11 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) + // Provision Keycloak + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRunOutput, err := dockerRun.CombinedOutput() + suite.Require().NoError(err, string(dockerRunOutput)) + platServiceName := fmt.Sprintf("%s-platform", releaseName) k8s.RunKubectl(suite.T(), kubectlOptions, "rollout", "restart", "deployment", platServiceName) @@ -175,11 +180,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) - // Provision Keycloak - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") - dockerRunOutput, err := dockerRun.CombinedOutput() - suite.Require().NoError(err, string(dockerRunOutput)) - // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) From e6fb19227a78c85be26251a8950865b83da553de Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 14:30:14 -0400 Subject: [PATCH 52/77] keycloak from config --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 1225df8..53679a4 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -159,7 +159,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) // Provision Keycloak - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From 808eb8b914a9e4a737d9277f6837ba926c48c4ed Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 14:44:22 -0400 Subject: [PATCH 53/77] checkout single file --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index cb762d5..75d9d7c 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -33,6 +33,7 @@ jobs: path: platform sparse-checkout: | service/cmd/keycloak_data.yaml + sparse-checkout-cone-mode: false - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: cache-dependency-path: | From fc005075b103fffdac81b998e48074cf759af05f Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 14:49:39 -0400 Subject: [PATCH 54/77] cat keycloak_data --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 75d9d7c..65a22c2 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -34,6 +34,7 @@ jobs: sparse-checkout: | service/cmd/keycloak_data.yaml sparse-checkout-cone-mode: false + - run: cat platform/service/cmd/keycloak_data.yaml - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: cache-dependency-path: | From 6a7ad3d2e31770358544714e30a3357038e66ce0 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 14:54:22 -0400 Subject: [PATCH 55/77] replace baseUrl --- .github/workflows/checks.yaml | 4 +++- tests/chart_platform_integration_test.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 65a22c2..180a8ea 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -34,7 +34,9 @@ jobs: sparse-checkout: | service/cmd/keycloak_data.yaml sparse-checkout-cone-mode: false - - run: cat platform/service/cmd/keycloak_data.yaml + - run: | + sed -e "s/http://localhost:8888/https://keycloak.opentdf.local/g" platform/service/cmd/keycloak_data.yaml -i + cat platform/service/cmd/keycloak_data.yaml - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: cache-dependency-path: | diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 53679a4..4afb364 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -159,7 +159,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) // Provision Keycloak - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "./platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "../platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From 805aa36d44f951cf0421866a1c25461b2e4af13a Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 14:57:08 -0400 Subject: [PATCH 56/77] escape http --- .github/workflows/checks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 180a8ea..6088457 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -35,7 +35,7 @@ jobs: service/cmd/keycloak_data.yaml sparse-checkout-cone-mode: false - run: | - sed -e "s/http://localhost:8888/https://keycloak.opentdf.local/g" platform/service/cmd/keycloak_data.yaml -i + sed -e "s/http:\/\/localhost:8888/https:\/\/keycloak.opentdf.local/g" platform/service/cmd/keycloak_data.yaml -i cat platform/service/cmd/keycloak_data.yaml - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: From 2faed84fc82437e50e65493eb42974b26eed53ee Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:06:57 -0400 Subject: [PATCH 57/77] get absolute path of data file --- tests/chart_platform_integration_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 4afb364..07839f0 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -159,7 +159,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) // Provision Keycloak - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", "../platform/service/cmd/keycloak_data.yaml:/keycloak_data.yaml", "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml") + suite.Require().NoError(err) + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From d765a522bef8274e95e67a38a72d2f2ed332a8df Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:13:40 -0400 Subject: [PATCH 58/77] try localhost --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 07839f0..053f42e 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -161,7 +161,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Provision Keycloak kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml") suite.Require().NoError(err) - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://localhost", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From c5c02a02e0c89cc1735ef99a9672cf30443e0db8 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:24:25 -0400 Subject: [PATCH 59/77] fix kc host resolution --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 053f42e..2b39596 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -161,7 +161,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Provision Keycloak kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml") suite.Require().NoError(err) - dockerRun := exec.Command("docker", "run", "--rm", "--network=host", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://localhost", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From 250fe985f17a5df128716115862b17dda28f6ef2 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:38:19 -0400 Subject: [PATCH 60/77] fix host backticks --- tests/chart_platform_integration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 2b39596..99529e5 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -29,7 +29,7 @@ spec: entryPoints: - websecure routes: - - match: Host('keycloak.opentdf.local') + - match: Host(` + "`" + "keycloak.opentdf.local" + "`" + `) kind: Rule services: - name: platform-keycloak @@ -37,7 +37,7 @@ spec: port: 80 scheme: http passHostHeader: true - - match: Host('platform.opentdf.local') + - match: Host(` + "`" + "platform.opentdf.local" + "`" + `) kind: Rule services: - name: opentdf-platform From 7da2032b0c07d70a600026c876efc110cda7f2d5 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:46:18 -0400 Subject: [PATCH 61/77] set kc admin password --- tests/chart_platform_integration_test.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 99529e5..56b78a5 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -159,9 +159,12 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, kcServiceName, 10, 1*time.Second) // Provision Keycloak + kcSecret := k8s.GetSecret(suite.T(), kubectlOptions, "platform-keycloak") + kcAdminPass := string(kcSecret.Data["admin-password"]) + kcDataPath, err := filepath.Abs("../platform/service/cmd/keycloak_data.yaml") suite.Require().NoError(err) - dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") + dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) From c169bf155af2ce9bd95596876c283387aff1d2e4 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 15:53:14 -0400 Subject: [PATCH 62/77] don't list pods --- tests/chart_platform_integration_test.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 56b78a5..3878abc 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -16,7 +16,6 @@ import ( "github.com/gruntwork-io/terratest/modules/k8s" "github.com/gruntwork-io/terratest/modules/random" "github.com/stretchr/testify/suite" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -174,12 +173,12 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { k8s.WaitUntilServiceAvailable(suite.T(), kubectlOptions, platServiceName, 10, 1*time.Second) - pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) - // suite.Require().Len(pods, 3) - for _, pod := range pods { - k8s.WaitUntilPodAvailable(suite.T(), kubectlOptions, pod.Name, 30, 1*time.Second) - suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) - } + // pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) + // // suite.Require().Len(pods, 3) + // for _, pod := range pods { + // k8s.WaitUntilPodAvailable(suite.T(), kubectlOptions, pod.Name, 30, 1*time.Second) + // suite.Require().Equal(pod.Status.Phase, corev1.PodRunning, fmt.Sprintf("Pod %s is not running", pod.Name)) + // } // Get Ingress Resources ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) From b13be18ab8a09cc9a7900d966224ae229a3085f2 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:04:58 -0400 Subject: [PATCH 63/77] fix ec generation --- tests/chart_platform_integration_test.go | 3 --- tests/util.go | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 3878abc..61a1842 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -129,9 +129,6 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { defer func() { if suite.T().Failed() { - secret := k8s.GetSecret(suite.T(), kubectlOptions, "platform-tls") - secretJson, _ := json.MarshalIndent(secret, "", " ") - fmt.Println("TLS Secret: ", string(secretJson)) pods := k8s.ListPods(suite.T(), kubectlOptions, metav1.ListOptions{}) fmt.Println("Number of Pods: ", len(pods)) for _, pod := range pods { diff --git a/tests/util.go b/tests/util.go index 47ed645..546baf3 100644 --- a/tests/util.go +++ b/tests/util.go @@ -61,6 +61,6 @@ func generateKasECDHKeyPair() ([]byte, []byte, error) { Bytes: pk, }) - return pem.EncodeToMemory(&privKeyPEM), pubKeyPEM, nil + return privKeyPEM.Bytes, pubKeyPEM, nil } From 2af03a0a174af8ae1ea6bfa5d59dd001b17cac0b Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:17:44 -0400 Subject: [PATCH 64/77] fix ec privkey --- tests/chart_platform_integration_test.go | 2 ++ tests/util.go | 15 ++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 61a1842..273cd2b 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -93,6 +93,8 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { // Generate KAS Keys privECKey, pubECKey, err := generateKasECDHKeyPair() + fmt.Println("EC Key: ", string(privECKey)) + fmt.Println("EC Cert: ", string(pubECKey)) suite.Require().NoError(err) privRSAKey, pubRSAKey, err := generateKasRSAKeyPair() suite.Require().NoError(err) diff --git a/tests/util.go b/tests/util.go index 546baf3..2de4188 100644 --- a/tests/util.go +++ b/tests/util.go @@ -43,14 +43,19 @@ func generateKasECDHKeyPair() ([]byte, []byte, error) { if err != nil { return nil, nil, err } - pubKey := privKey.PublicKey() - privKeyPEM := pem.Block{ - Type: "EC PRIVATE KEY", - Bytes: privKey.Bytes(), + privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey) + if err != nil { + return nil, nil, err } + // Encode the private key in PEM format + privKeyPEM := pem.EncodeToMemory(&pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: privKeyBytes, + }) + pk, err := x509.MarshalPKIXPublicKey(pubKey) if err != nil { return nil, nil, err @@ -61,6 +66,6 @@ func generateKasECDHKeyPair() ([]byte, []byte, error) { Bytes: pk, }) - return privKeyPEM.Bytes, pubKeyPEM, nil + return privKeyPEM, pubKeyPEM, nil } From c0536808fc4f4b9547b4aff986f56779e193d6a6 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:27:25 -0400 Subject: [PATCH 65/77] set ers config --- charts/platform/README.md | 5 +---- charts/platform/values.yaml | 10 +--------- tests/chart_platform_integration_test.go | 4 ++++ 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/charts/platform/README.md b/charts/platform/README.md index e4d55b9..92675eb 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -339,10 +339,7 @@ realms: | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| services.authorization.clientid | string | `nil` | Deprecated Client id for the external entity store | -| services.authorization.clientsecret | string | `nil` | Client secret for the external entity store | -| services.authorization.ersurl | string | `"http://localhost:9000/entityresolution/resolve"` | External entity store (currently only keycloak is supported) | -| services.authorization.tokenendpoint | string | `nil` | Oauth2 Server Token Endpoint | +| services.authorization | object | `{}` | | | services.entityresolution.clientid | string | `nil` | Client Id for Entity Resolver | | services.entityresolution.clientsecret | string | `nil` | Client Secret for Entity Resolver | | services.entityresolution.realm | string | `nil` | Entity Resolver Realm | diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 19f5c94..5d1f255 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -315,15 +315,7 @@ services: # -- KAS secret containing keys # kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem privateKeysSecret: kas-private-keys - authorization: - # -- External entity store (currently only keycloak is supported) - ersurl: http://localhost:9000/entityresolution/resolve - # -- Deprecated Client id for the external entity store - clientid: - # -- Client secret for the external entity store - clientsecret: - # -- Oauth2 Server Token Endpoint - tokenendpoint: + authorization: {} # -- Overide embedded rego policy # rego: # path: /etc/platform/entitlements.rego diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 273cd2b..14ecbab 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -88,6 +88,10 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traefik.crt", + "services.entityresolution.url": "https://keycloak.opentdf.localrealms/opentdf", + "services.entityresolution.clientId": "tdf-entity-resolution", + "services.entityresolution.clientSecret": "secret", + "services.entityresolution.realm": "opentdf", }, } From ae937f9bf9a4944115debef63688b636e4d18a86 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:33:58 -0400 Subject: [PATCH 66/77] fix kc url for ers --- tests/chart_platform_integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 14ecbab..6ffc62c 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -88,7 +88,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traefik.crt", - "services.entityresolution.url": "https://keycloak.opentdf.localrealms/opentdf", + "services.entityresolution.url": "https://keycloak.opentdf.local/realms/opentdf", "services.entityresolution.clientId": "tdf-entity-resolution", "services.entityresolution.clientSecret": "secret", "services.entityresolution.realm": "opentdf", From 7d31e32a38270dd03ca329e9a538d63c28e28fdb Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:37:16 -0400 Subject: [PATCH 67/77] fix: add auth skew configuration resolves: #71 --- charts/platform/README.md | 2 ++ charts/platform/values.yaml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/charts/platform/README.md b/charts/platform/README.md index 92675eb..19e6fe3 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -312,11 +312,13 @@ realms: | sdk_config.plaintext | bool | `false` | Plaintext Insecure Connection | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | The container security context (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | | server.auth.audience | string | `"http://localhost:8080"` | Audience of provided by the identity provider | +| server.auth.dpopskew | string | `"1h"` | The amount of drift allowed between the server and the client for the DPoP Proof Token | | server.auth.issuer | string | `"http://platform-keycloak/realms/opentdf"` | Identity provider issuer | | server.auth.policy.claim | string | `nil` | | | server.auth.policy.csv | string | `nil` | | | server.auth.policy.default | string | `nil` | | | server.auth.policy.map | string | `nil` | | +| server.auth.skew | string | `"1m"` | The amount of drift allowed between the server and the client for the Access Token | | server.cors.allowcredentials | bool | `true` | Allow credentials | | server.cors.allowedheaders | list | `["Accept","Authorization","Content-Type","X-CSRF-Token","X-Request-ID"]` | The allowed request headers | | server.cors.allowedmethods | list | `["GET","POST","PUT","DELETE","OPTIONS"]` | The allowed request methods | diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 5d1f255..fa13419 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -258,6 +258,10 @@ server: # p, role:org-admin, policy:subject-mappings, *, *, allow # p, role:org-admin, policy:resource-mappings, *, *, allow # p, role:org-admin, policy:kas-registry, *, *, allow + # -- The amount of drift allowed between the server and the client for the DPoP Proof Token + dpopskew: 1h + # -- The amount of drift allowed between the server and the client for the Access Token + skew: 1m cryptoProvider: standard: # -- List of key pairs to load into the platform. (Currently only leveraged by KAS) From 9696f476126534316f65d18714d0c254b91b5d49 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:41:54 -0400 Subject: [PATCH 68/77] fix bats test --- tests/bats/tutorial.bats | 7 ++----- tests/chart_platform_integration_test.go | 6 +++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/bats/tutorial.bats b/tests/bats/tutorial.bats index 97c7fc8..8941a3b 100644 --- a/tests/bats/tutorial.bats +++ b/tests/bats/tutorial.bats @@ -9,12 +9,12 @@ setup() { bats_load_library bats-detik/detik.bash echo '{"clientId":"opentdf","clientSecret":"secret"}' > client_creds.json - + export OTDFCTL_CMD="otdfctl --host https://platform.opentdf.local --with-client-creds-file ./client_creds.json" } -@test "List namespaces and verify demo.com exists" { +@test "List namespaces" { # Run the command to list namespaces run $OTDFCTL_CMD policy attributes namespaces list --json @@ -23,9 +23,6 @@ setup() { # Assert that the command was successful assert_success - # Assert that the output contains demo.com - echo "$output" | jq -e '.[] | select(.name == "demo.com")' > /dev/null - assert [ "$?" -eq 0 ] } @test "Create namespace and verify the output" { diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 6ffc62c..3af7ba9 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -88,9 +88,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { "server.tls.additionalTrustedCerts[0].secret.optional": "false", "server.tls.additionalTrustedCerts[0].secret.items[0].key": "tls.crt", "server.tls.additionalTrustedCerts[0].secret.items[0].path": "traefik.crt", - "services.entityresolution.url": "https://keycloak.opentdf.local/realms/opentdf", - "services.entityresolution.clientId": "tdf-entity-resolution", - "services.entityresolution.clientSecret": "secret", + "services.entityresolution.url": "https://keycloak.opentdf.local", + "services.entityresolution.clientid": "tdf-entity-resolution", + "services.entityresolution.clientsecret": "secret", "services.entityresolution.realm": "opentdf", }, } From 43078bbaf961482cd144b55c8cc5138d508ba53c Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 16:49:38 -0400 Subject: [PATCH 69/77] try to sleep for tests --- tests/chart_platform_integration_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 3af7ba9..e911dfa 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -187,6 +187,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { ingresses := k8s.ListIngresses(suite.T(), kubectlOptions, metav1.ListOptions{}) suite.Require().Len(ingresses, 0) + // Give everything time to settle + time.Sleep(30 * time.Second) + // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") suite.Require().NoError(err) From 5bfe9a0001ca4f0f16cc446241f2c65c2d11002f Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 18:04:20 -0400 Subject: [PATCH 70/77] fix: upgrade keycloak chart to 22.1.1 --- charts/platform/Chart.lock | 6 +++--- charts/platform/Chart.yaml | 2 +- charts/platform/README.md | 4 ++-- charts/platform/charts/keycloak-21.0.3.tgz | Bin 130618 -> 0 bytes charts/platform/charts/keycloak-22.1.1.tgz | Bin 0 -> 135159 bytes charts/platform/values.yaml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 charts/platform/charts/keycloak-21.0.3.tgz create mode 100644 charts/platform/charts/keycloak-22.1.1.tgz diff --git a/charts/platform/Chart.lock b/charts/platform/Chart.lock index 660d540..6f08592 100644 --- a/charts/platform/Chart.lock +++ b/charts/platform/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 15.2.4 - name: keycloak repository: oci://registry-1.docker.io/bitnamicharts - version: 21.0.3 -digest: sha256:6ef4a57275edd84099476b12b23bcb5cda473f35d7d63921671b29ce9028f132 -generated: "2024-04-25T08:22:33.368962-04:00" + version: 22.1.1 +digest: sha256:1334154e9055bbe4b12fc773e9dd1358a3f7faf95a88b948cd21786a00937a30 +generated: "2024-08-13T18:01:42.452278-04:00" diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index 2d30e90..fc9f39f 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -32,6 +32,6 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: playground - name: keycloak - version: 21.0.3 + version: 22.1.1 repository: oci://registry-1.docker.io/bitnamicharts condition: playground diff --git a/charts/platform/README.md b/charts/platform/README.md index 19e6fe3..1d24f0f 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -230,7 +230,7 @@ realms: | Repository | Name | Version | |------------|------|---------| -| oci://registry-1.docker.io/bitnamicharts | keycloak | 21.0.3 | +| oci://registry-1.docker.io/bitnamicharts | keycloak | 22.1.1 | | oci://registry-1.docker.io/bitnamicharts | postgresql | 15.2.4 | ## Values @@ -279,7 +279,7 @@ realms: | keycloak.keycloakConfigCli.configuration."opentdf.json" | string | `"{\n \"realm\":\"opentdf\",\n \"enabled\": true,\n \"clients\": []\n}\n"` | | | keycloak.keycloakConfigCli.enabled | bool | `true` | | | keycloak.postgresql.enabled | bool | `false` | | -| keycloak.proxy | string | `"edge"` | | +| keycloak.proxyheaders | string | `"forwarded"` | | | keycloak.tls.autoGenerated | bool | `true` | | | keycloak.tls.enabled | bool | `true` | | | logger.level | string | `"info"` | The platform log level ( debug, info, warn, error ) | diff --git a/charts/platform/charts/keycloak-21.0.3.tgz b/charts/platform/charts/keycloak-21.0.3.tgz deleted file mode 100644 index edf891af709806bf5e5671117f1f536096bbfdc1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 130618 zcmV)cK&ZbTiwFP!00000|Lnc%dgDftDA>RG6xq`BO6nGP(XDLm={ZN1WLslZl~$DP z>C?ww2_hj1Es$UXq*Q8;=i3L^7ua{%r`Z?SSJ=4Z9RLYZD!JSves+ljG9w~0BO@at zBO~sj$9|HAcdg%jx=*{k*M76VFWT*P=gocx|KdmerSF}+gHC5}r?ayI&pSH@J8ym` z_CFy_`ZLR?VFo02;JMe6Xq1kh z!Uju^|4yg<=5_pEJ}Zp>eVD|9a2luMn!K?5 z`0wwv4_?RrB|dY;{|PhR{VYHJ?cL7)>-fLKr`GsSvUn6`kE`;*^5ee)k6y?BB|f#r zKa0Y_6NJDD`X6WjujBs`pIYO89ro{Lla)DOY5UJkXaC?;|9g>-KmJeO?G-=E+y6lS zd)@!N$fsibpH26}&+_B{X0QD^|6k;@aQv6v?G-;O$p1H;*Ztp%eDwG~>x_3lOO1c$ z4W9oT?7qtX7y0P%Z{9}9C?1Z}EP8Gn*tZ9JdzItAzxzgxe`kMpXAj5!4cdR(&rL|# z=fC*)uZ#0=I*qb%E~csA@fQ!b(O6v1;$#qyhhhTSe>jZtW@BAk-p0AeXOl?^i-pL6 zXA&_?(rYmar~O+fy)Ci`#7KM}LA~j%^*kI80KhmJ(qbYuCs}k8e~bp=A%=3l-)f5Y zkrqOir~;1QIIM?-OwCW9zzz}Hse*B;)5A3gtJou9!NKZc{^xpB;$|DFAv zHmnWq{NHb*|Hte6|MVZ61(QdZD7RDb!`p{2i?+q-xQ}zacYgfu!CBmo#(5N+4x;fi zzKNr(D-O>OkG?$#cAD)*V|`uxj~wO#PU&wz5QGWL-YgtNFoAP?D<2-G{X3Y=@dzY| zSK>U0!W__!(`h88x8W520V(qkgKSCfqb!4229KgbfsFwUph<2L_1pCw5z z>SqxMM38YJ2QdYYkCHIQ=5ZGh5DC8NKq>8@OunqBYom0ltBNA0*J2E$16fF!2(v6K zfoRjKp!Mu$H)$r$q4@w9d+UcZnT?{&d5Tt-&+Ebfi znG4i*;n65pX!>?dq^<_M_rP`eZG1D8#pzF~9x@OD$rP5( zyeZDpJSRGMx#@~<29$1wlL;*Sv1-LMLW&UY80R+3abP`|8@Zu;Ya9E&AAuebWrP{4 zn&AQT58-1D#RhSXb9*2*2Pw)Jp(>cdTY8-2m$GqSS{;EW6$nS1+4KDlxa|j=IZ)_p zq88SgA#|C=hWGOQ<}AmyehXT-=!cV#cmsqP_6ky+M^l<{7EEG#gAM2UdnGS>FsuL$ zIu~9}V;GD_BTRXd-z4GCyn%^@-w?PB!h^1gm0-YEb)fqoO6bo)*<2QduBTey0P&D; z&9m@2N^&9p0Q_)3D+P3uoJ7Dc=`|{OG^Tc~uK4*E3t%)x?&?L^J*<>x@%Rpu#2Xwf zB0EfQWs@vu4|~oPP`!m3@t9{(3d_eN>Ld7z=%y=fr_)K^ZME)n#b%tg25CQUO@SFR z7}vZdL80wtJO+vboK10`rBoo_w${TwltCT~0F`=-jVrdGE2bGQkxs82j)4)S@Uy?y z?LVuI*NKC1ex3r&kK*`UPspz*U!g~^Shk=upymB&GBte>!25?ZyMyMo0C)g!bWb$Y zvIKuM;;uMiDf2aKDW(nUxx+s2{D^c5BJ@bA87y&LfL2D>ZP2=zPPi)@aur3^?~3st zr9LM)Mp71Eg}{Z!QdnD@s-*9LO3-N9Rl2G`GfDelV$Y0^(=0qD zZV-p4d*Cuf4;5=5%P_m}x`cB8wvVU|5@Q+wwB%!75U;|73SldkPvgEAr63RF`~g*d z8iA;Q*@yK_skcx_>Kkexop(*11A{8~o5*jZI(`m1qSm3L83QQcE_pA-eC9*KNZfDoc0qMQiU9GHj&GlQx zs2L9Pmc^0;uc?*fze?StD=tpHIqh9u{N=;D!?!0t`2>`x;|kIw&0`S6F0AwSz0=G0 z5}Kx_1gxsfy>k~&BwV1|FN}{iojL7-(I3n6^B%e14FmL$qI|vt)pCRZdKl8dMG0H`ALL$z*X#Pt~Ax zh0kyB8hW8CcJ`X>=57F(;&2>vc7m)8uejUIPDRlanhg&36~C6EnC9WeA!)N4NWWnR z7?}++*-tmN1!yLbQad(IZ{DTTb5QPKE3m=fYA;J>nzsm5-ddkzQGkO2y99ouX1W>Q zuCQ@3%J;NDk?NVNw#s3`rNH0T$$g?4`4OxtI5Z%=W&{Hshqx_}e5*CRX1xYZ!~Bj~ z$Cd$FW_4Rz*b;7BFv;S3K%{xCC3mtP!_g#B%gAJvjqIebho$z?n4!jn!~2-d!~?Nq z665|Yg+YzvvI)WzHZH7fz<BZ@@AuPclQBjmC z#hT@MGNcpN~p$VLPd;50(K?vjg7np76Il@^8g2sc~^Bzhtr1KfMbDHEqH121QB#n?Y;fc$c@W9sq zFVA|y)M~cO zJRXjr2$Il`GPJt(QOY-!!IDl%u&_FZIX`*pl+?X!qpYH|o-BRL+OEz>a|2s4z5`IOk1)NB}3{y~Q|VsnJwQ7VdX zsyXH1;i0KUznNx37XQ3Z(xxlQKETwNLWdIvw$?vLuKO^Xe8}^J)pfD61*49uOo0>- z%2yhLdEWfnU4A84hQX>nh;MEpGB6VmRF)pHc&b`Ydo!_tLtsFB4ei3x8*)+Gb!kxT z&s`GKIZA zq_oA!1(k{akn>6F#%2z5-)+!K`qj^-8)#LX;8y28N*C{En$*Z_M~Jobqx1QAx{>Sk8!*Cm3oca|BG;2(ytEoBH&W| z3P3IwpI+&jqelbT(&7(YyP(eG)+9p}`}~v^u1e*iuw?Kup`}M)+Jg#2K8alg0v;^6 zj_O%ybu3OuBvsmRNy`T+STkxt1D>+3)>z5{Y{nCpGZ%!vp6vVv){~N6sJ*5v7V|Ff zm!EazornsH`O`j+Tpvuz=FH>1=GjLd$fM6>{es0%lI8b}P|GH0m((@Bt$L`1tteXfTZMP@!SqS;hlH#>Yp1h4xp_ zNaz=t!?89xddUsaHueAXHcMy2TND`MbR5-|u@XKZlN5b~4zWO5Bq6X1>0ow_{$)LN z0F6Ji>lxa>S{o!#=_Cc(4eAkyzCLcFK)>f9(EV&_3IoacfZxb(^F!)@HZ z6%Qz&xC=L0xUp?*EN-HN3wsQWA(*DY-)CWVH_O*QNSpD8J|8iEz*c+!J#9Q>TcqDy z;FH#xW8RU+cH%hB`zVqhKfw-K9`FPXn<07j0in%-nmXrz3?>ciM}wi>17C+Z9uvYU z2P2qSrYYuEI`t;IVNAWD4W`sv<0%cV(NY0bLu>VyMGqoHqGP1dBt+x;I7`RmJ8>Uo zF>VE5gJ~R$rZ9Wiz;DizibcJ0@8kW^7@ncOvJP_7oa8e zpGE!KRIDARB2Qs-&=0w}MrS+@aQ8smd1v_En*rpH=yb2xd-p6A2Y@8A1=4;HmstG-MJ5TaiN@=7T zgbm4k3`cLv#Fl(1HQWN8qUJjviMzus9<5vF^8PWqq)HlVkJ1?o$h+C-8pa$b@{PHc zmj=>c*XoLn1MfaYh3VTE)%3@+c!Yw>1&+Q&r85l|m4fvN zru+>%M$Usdn}Bphu^c8uaqg4Jd_lzKwc1Po?9SWB3!SI@h-uGPfYh}Q)JWwKqNGE+ zf;}V99h|#HIfoY-C0|G&C{NlQhf9qLQ$Er!%&g85=*zA}jJv2Ui{Rzx2s-=7@*x+0 z<5tMAV=bM8porp8JsyZ(9taIY~NxlAqDT;R}&a)JyVsrX9i553RRzfox)^fCn8q&_4 zg0!p(GY_Qv5*7oyk0jq|aE4*bVO;s}>MB(uVF1{@${wHCsUT_B4$sckNDeza$7Qhl zKykeQwJsj1ZLVw9Qc4C{GNW8xtx8ZGEE={Jc(WP11MEu2=;4JF&B((`+5{~*?I^VJ zHF>pp6W+W!LMi#&qmuK z!D}Mh;-mb#!(XkPA_zKff1-Z=2*(qB+t2{^Y76XJ&H!? zp1T?4IeVvhy&%x_9(Zm*TUlqXsR7E3rXr!Mwwe9OtSffZFUHgr`<pxKUEHZYNajT3c&i7#P`t{nz~JMJI1f_QX*T%*oXb;+KhRwFa{c7 zAdv-(thH_d(dgx9tJ>%I!uP>)UY45&s$oe}({Yr9=!uz*2e~-qXRw=1LUJLdr`VZJ z-Ab5~D2qu`rF!S|YXvYU_0ri?!MWt0D*(C);{>|(@)j89HcbZNYkmNm0QICkuzW`6 zjs{q7rVb+K0c$u9$`-Pck$_py#%;6Hp=eEj#lh(um`$j&d+o$YgetyEuy2i!>{!ZL z?%Tz@O(rXVYq(FAV6ze~YnQNDXIVC*BMzd0 zcinOBIF6;X6qoS{ylNL`5=rUGUX&8Gl$Gswiy7I0v>Y4TRjVK_WZ^nMYOrq|Fg01X z4yc-J>w#+6za5rU`g3ib-LK8E2knKTkq!7~4*MOkQC~e&m)&edgElb5s{VaKDskb; zR|)+hk}8RWUWDw{D+S%N`CS6;IqFRX)pkV>auVM}eJCG&o2GX;^n&wKPG-w6>z-zY z`s9(Dg3kjyE2FQ0#Dx2+hDDWU zr-s_{QZ}C%CH%wDchMHR)E*FB0Pf@Hp(ROXs^lHi7NclMGi2!zYbOSz$3}=zbn3H8(JB;WFC6*04WbeHZ`p+ zq6VGbi5QXw@Pxq@6;-=9dC+l#3DPpQWYIwH)%?v3j-ouo-ReC$ndD{=${ zU=ao=NF~1!{7TsGid2i7ONIR`1$B>{&Q%;kO<3E9FQNR?T2}{x4S}#7Mvp2bnH!6FhsIfoD}t!j4oZ;Y$Q# zqnW8dinlP!*%D<$CSGmAJKzb%cO>_G^?Dn9;+kR&{XXv2n)OYT>as67s4|OL*2&Q< znZ}bO3N#*8r5vg}iU9&Zq?Uh^h5hK<+0&}Oc87~`6!Fep)s4gut5Vpar8>UI!mV|S zpdh_5>^YB4uT8Vb0Ep`0jp%6j$ct~Ot57bB(8^g20DX8s0DezT%OS}kvSyV7=yLk9 z>7BlIBm#kKu(sA2T_D>L)83}xQs32z!G+xnJP@;g`+=TtL&CxDmhpJM*M+ervsksPyQsRcF=p=VU@*|vIGcT{& zGj$t!4chS^HI(pnrBo7V3AZ zpgjnA%?K=W%}6><9YQ1}+HSU{-)=hXo^;dwD_^qZIR?E;$9ki3#0!VKaoA5{K020% z%fobAP179p6DO(ofIt@9#98zJ zG_=-LG}=Id!OfW61A#4}y?{(r&9zJ&opzJ|Yqxgx%6ikOrvo&3{R-+5?p=~g4*w$e zdvZOI@0TYo;E4$~FPI1T6`jPH62Z{{ppg{Ey#p;q*9?7|s2@05?AfA|O$|bGP zD`;uMR}2E=t*U6nz;V#1N}W_e_^3JJv~T88MTZkvnRv@x$}q(V~K zS_hb6+i$%(csMq}E6gT7kOHfNUHcl7YFjwx^n-3qd$^hnE1Yt1#OLBF9sDIaM&tEZ zVcl{sgxNtNaK&wCncS8jTfAYQ@2)y4ANm@oA_e{QvVo8{Mp2P=PB9n9m{RcNUt=0N zwH~n0SG;~rtV}@%;*oThr}30k#HOWocbc6q{v=m8<%TFDQ1Nu}%Sx99c@tgUw!RJT zBSB%CfRZtJOFHz8!t9Q1fE)^(FQs8uI7Y<98s~MA4qH3zop!6e*J|&yVocF-PfetA zN)(Q=t3b@g@I5d90&IZR!2BL9EV-)d@%r{9?p97Uf8kX@YoDS@bj7Laa2o8M)F4X1 z0(ou}aRvVH{M5t`cLRy(AnJDba3z8@yvmm7FbFCjFr5~w>F)9DW@OuLmE~5WQ?R<` zk~D`3uIfVZ*PH@>|D>_g)77v~_}cu>KZ_P)%!MU>GjuKd+I7*(x$jfrP#0| zSdb@z5jMEAg?$v{nT!#GWdpWgXEq`^^S;juH=m`O1P5`Jv)-rBhPsWBElcLHT}I2^ zSq?w7kX_e;C$KR1`vQC6QCgrYBveQDIfuk}7>_^djgCi#ih>a5`3(K<-QR4MsiEU2 zl=3Xf8cpkTs&pXz=5cx5GSC&x4Aa`Jac3wa0VqVXF(@Id9#_7Q zxH3#2mj^#cpi!>SPXyH~in9^Qs7!S8m9AB@oVfb==K#+*#?u?I_6HExNxmjFr;|j_ z;ewoMZoxF>V_)$XSZDg-*wXyJmlF7e2iszNQeagZCMA9_uD{EtkRFZ)(I>K{zlPh2`(_$l1H2VFuRW7UG_*&rBXJ6hT=JrY!MXa z?{;fuV+>4#PbgYH_Jb4)pcnv6ydkE5B!_2T>1yV%L`h~mVkN5uP?OCPjy(nn*?^90 zdc89!IDm3w(rsFuM(vTE7N}17qw1z>UL`HtkX-0kZOZc`P;d)HcrAqW)Dr3Lu8vU8 z?d?mDXV`d@YeivJ!a;dC{}h(J6Z!v+et z>b1+Hy3eE(#E6lw=5J(?jOvIyKuSRRFm@)lvje7XQn^2Fqe8e!3B94*Vsr#erGm)t z>*PDhJs;rbtCMd|--)A>i_6omPjTN)Pem#h7pu%g?@*jyoc;i1#CIoup*O1WP?8n~ zi3HOKikS@F5h8=gfD5Ry+{`kH$}^K{nCTB0@xswsrgHN$8{>4vfT0+hQ|_wt5)#>B z6n8!tx_zo6`xCwNK8SmlnIi|Qh?pY$cx>a&ZZQkjiQyImPzS@@Rk-smZAJH zg!skD;qlv(=7?RDN8YtBUqY6PL(N@+9hhugNz&9c;@%5%UN&JbW=Z5ILD?*+Jt?2T z+N$TI+6of>(&d6kb!KW;gmHG0q!0dDp-zt0)hU|2c*sXZQEACS@2QZ3A<+f-ecvyD z+Hj$ks;4&?N+@t!e5(kD6JO0Xg7MUY;S6}uv4jxF(=v02{l>S6xP&~}GUA|mHIKZw zdBo}eXSR_zuwT$n;^3WcEh**Z=dhU+`gMWfWEDbIFrPSN{c1K8moZ)qDgSha6lZ{c zRcnev$!aE*QgQMt*j38KT214MH}U@&EG%A=mNK(c)cp)>Ew1kMJO-Dt#pOlKF2zPY zkL|^6*sBGmM#sOJVQQIS%H-v%E#}o0^K!PB;?#XL$o%>SnRnbBDi5;nE&a3(mR|$9 zkrc}d+47_(TG>e_NF!pa^F&wHqV#c~D_w&{YDl=~D@N z35+7F@=#~fExk*2x^cNqKas{0e5Ui0n*=3DRYs9ZLE_O~9;G9v0N2#y<%BTkh2$V} zAD*A~sE?%oI%%js>A-$kNWs{@)5mObH~2mBB0yS zh^6c`rb3S>*Jl^@`Q;_Nd(ZwSu!(p2*IzPA#`a|8p?xeJ+LKjBcACD9>zr{l%k4>> zv6Z9uuJ_jTld&Gk-|8AZ$wd~F>`^T<$aksC7#~ zp`;0Yw#fclj>f91IK9Zu#PXRAE?UaW8SEZh7RD!vaetJM+*fYwO?WwP2C5m0jox3 z_D)BOmG@p&Bz0p{Ph%8*$8ny`=<1dDYBm^hc-ZB(Mtr*_n~m+OHFlKK!8J!U7+kx< z2@hN`)EdbAKVcPZQba8tO@s~m@WcBsrs(S8Z9I-gGgu%fZ$=9i!9E^>DouMJt(KA# zvxrQQDx`s)$~H)j7U!W1KYl+B4bt#q9i(U~y+-TjAQCfET_bgXswf0{7*Q%=9BH!T z_=9J~NRwp>jsaG6FUVV2ZRmjumBhsD)6zsIRZzl@28z>3%Rrf81m`IRCBCF@6rXrD zjg$Bva@(dmd@h8y9M4z+k-sY8G%Nt65eTg=Vji(t3lAtFtD;=4M>ZXW{4;OyB&wg6 zOl9?^aQS=0FWmViANmYHSAb$WgBu2az!W#ExVK8{Ag7azvS>xK+)GocTCKO>Hf7%7 zF%hc)p|@Ts5d5LKkA2LTohGKWY}*u-APjY2kPT)K9Bgs~ib%?9YP!5Fnb(0c+F zW=``|eGH6{*F(urRN!MfQio>18#G`t6|}#j8rW`1^`Ov5%aYW_9k4bz^v8Q!w|gpG zZ%AE~GlTpn^VF9=%70}bv)8gCgBeGgJjeN_P9Lh!e>PjlWRpU_WT*<_Lgj(;UlbJw zvs?wrX0>iT^X0keb2~m@t!814V<4Ht&INzxs2aIG;vfey+Wuh{_!~T3RI=U1Z9$TY zQw{X|_`)LMt^K41DKSP@@cW?vwmwC-={U{g{@?!IzfDsNdu$Yxja;!NdKh7-FU~*6 zrzxyZJN!U@ESO8Ja(_#&sTM6kc1m$RMUt8IBw8I#hrA(`e=mTL)}yhl5ZTlzEXGz; zre1_elue}>x>UC?(D5X)O1E%J`MSlq^Y*253y-ExzdCpbmlA(o7d@-^^XTGieS*zA z+jd@2a%wURq1eeb8OilxsBJ{roTGdZEcbiM)T8Z8jyXPHbf(g&6vOY*>7ivn@ND>n zje}?5hoQPBTnNTtaMkjp>Ir(IoX@k`6xLzH*j-z`&x9KWl3Kyk={4 zoK%TvH59XIw?;$CJojhbIsGF3h*D(}z;6kSh#UMfeEsu(Rzp{IXa*kqum3gp)7rLJ zg|1(=#P9zs+QmM&!BuX5RD5APZwtMaM=&cW=v5#7#O%|d`O-HcDlJ$pw;21z-hgA- zqk=bDNu`1z(b5FML7L@{d8@oyLp^3ZM@j5jH43k_47E(e(#O24H6ZQhnIXPnZKSj+ zhX*WbIoPm4+P{l3YF}2cg;+pZ({Px#7PN@dm}k*2&ZpU<_^Z66(iImc-<AnbxP*7^3MB5PV*c_zi?|Y}0?7U-y2P@!C{ zwhdxbnreZRMdi`X1152~4R`hrx?$Lak8(o;LFZpQ*has&JeqFv!j!7i;H;t)9b;0+fr(|vTw)0~{1`;UjxXw{BoiyXsEt`6E(uo~Di8DY#TCVS8kdRm_$dQie!okXG4-+G0j)^$Nu3 z@j_Mu#iXZwg#E7TRXAl9dB2vKcHVmNNivd@9M$rMDN07o{I&)AuRGxU31)vG#Vkp- z>Bnp`%)&v$KhP`wI_%%A73#ulN`OfARK$}8dPu2_$kmtklL0+dhixTL9-?@7i&Joa zZ9zAqUW10cBl(vyk;#1mJKHJYvMDE=x`1ij9c*%pb7FGz=vCb$f!7)B3^ve*nGDnU zYy=?KI@q6>p{SN0LBRo|NQa%d=-*%;Tu50&)n6)Uk!+QpxX3;H;fW`X&Q9m&uU%Ry zFPXu1e#d6NiLADB=+=2|7nGTs`Ih?V<#OLD=ZC8Nw>5|CSICK5=1o%Y3^AE;^%hR% z#?`;w?6~r=%8%>T+AY?SIdc7OG`>M|mBEt4@AW3(e0@QA3ezKi*;Kx~Up-vM` zTJ$I3BwN{%NU6?~u*yX3OX8KaR>f?x!Pm!Y>a5(}(tPtvw7j(bs?=1ax35o66@*nO z>W7o?I!&lWM-wykF~%Kdi7Jfq3xKa?}U0&5u6J~}989;;f_Xxc#RaZrc(I1r!>t{tA8 zt^Fk1W%sQrCv(wVfEpZ+BDu|9t6si1lhbFha4E&Un$PGq!19aLyf!X_>xOyb=oarI zN&6FW^No=*WHiS6n0RBUmdU9E55Vf@DtrTF0gChRZT>XhM`O;qTc zgpY9i=I{*@wuGPw(W)wk!Hk)Bi3F@L{Z?u-@r}`W07}jwHN^$~~ z{LbRS246r`#QOfarGqLDy3zeOva;nqtHnoU$2BAFTpL+H;k>N5f8$O4C$~?PWX)Z0 zBttiZ#`izStWN4&HyYo^S<3kh@53xc9#_es%eF~2oI<>duiw8nyByj=!_sgaW;#FU zJPMb|Y`I+b*2--uDJxQu4&=^t;BA@(h@UFD|`An8F>i#l|wb_|aQ= zy7)Gfp$&Lama>f^!Ua&c@G~EyjGEB1;`}U$lB?E5tCHVwS_YNYPDPzamCK5Q$WCon z8->hTXX6nge&%9x_nIzFE0^7Zlcgu+x06OcxoDQj0YBTFCkg!2Zdxi7le@XEO47UO z0%bQwy%cZGVY_bNxqGd&A$;-|_vaHb;w|n>lOOLl){RcSyoGx<%SoY3J!8k-5?3zq z?)~LSSBzuIVQm70DHR7zp|M=H;t@GwQ>cvOv8=Nl_?EE`kawDY%W-S;AEpC-w)-z>pwIOV z(RWzY^R{XE^8(Lx*4!z(G?J=Ao{-Z-CX91xJd45&u*pCAMgrAqei@D4mc{J#bCu8T zpxt)-jE=);c#S?3o^#Q8nooyW)cZfqIPA}Y>xs*pF-#bA{`aKC=PfihoE+4ufQiup ze9KqFrAHB+4CML_wMDKKs;CrXIGf%!)$eoA&K@v0o&KUcJgG+ za#laC^aK-E3P3QCuqlzfOcghnLmXl<*S0Cln7Vb0ugulkc@3;=*s_oYibIOj=vQ^% zxE-ahq^rj&td;Z{Mm#nTLZ9>TPF{f`>)*y0{T6eaSrwh?!E*%FM9ysVJQ*o2Fh_iBjj8}%Kr-Rl3^%IqdxTq$XMpZsl7GT6MltA@7#3<9MaME}$*GAMTpMa5W*VRUb2KXl+Lr$oVOg(-A z!X>*>vhWiS)?}LHLSm@u292bIOuXxH9EJVcg4Sj>pY(RV&i3%|(A1YL z(~Q&gVp3M9i`T0R9}u+Kx|qIVJV3v}_|ZNz15s|VzhW;&ZrW>X!zp3WJj z4|u1<&e;H^g)GVbN5~Smr-W8p_gHC6!v%k9o zYMjh%VrP`#b^-fNV2Rw6&$XAn)$Lvq|FhX!NaR6Ci5 zdl@3_#~>4xSA5WE>U$H)RKX^UhEVxdx}vk++-dG>*z7L(3~+avoiCf6hPq-QZ@EPM zgWW;c?(g61eYvyK|8jTli|C7;H*flH_HO!7AKt-#2YcUVCS^eemU*Keczd?e^MlTPo`L zFHKLDp{a>hA$G}q8jgkYfA@_$|99GZ2RpCx|0O=_81DoX6+RN6(PlmIdKM=G)}Q)! zc=ZP~MK)|pg%ZPFL`fosNqWuUD53N=g%zNLJrqI2JP*eM05Fb*e5|oK0W~ZBsG^Dg zeyb_aJBvKcCrlECvZ7$|%|`RM_n`-(0+dC%o&f-UIO>763`$*d7*AXDFO%PBUjHL& z(ZA}!?XZRasGs@$xMcvL-v!#c@m!?w$7cR8fq$=IH}uEmbOhi36N>&2W^p>p#p&@0 zAe>|=ZN{4MAPQSt4jw_dc!Yt;k^$^};cM&jmko2~zh!8C8jiX1e`oh#AHI9@f4{T$ zI{#ndgR@}rnBf&E@x$APFpFTnFz(}A@0}n2dvF%_qj4Sur)285iP4;Jcz$^F?MblH zY&V>p*Eb*tFm{$5`b}Op-B$Na!zo`nE#5FS)wbnTa}++dezL8%YMh;ACKC@0887iG z?q~S7d-Ix~@hwtyJ5LdOOu9zdmE(pyBfil0L_JRl8?1Ge(SxinLrYr@r#uOBeI2r) z?iR|6DLy>ww7dFpp&|Et&h0`;aSp;1N^({~No~)5Mu!QgYGLqt;0^Mr*vxfQbQ^%S zJlW>}B}kv?L`iHa#>wS@k`L%=s~!QhPmPKwRn@wvmONZ4Y2%V@Tj~s|h)$KMi|)CO zs*03&r-fV1dIT{-m?Sc*S((Kb&AV~Y>bnAwbFf`0)yA9@UDfKuD|vjhe1nmfUaY+y zvR|RO)`{ecwYnVVvo)Unn4{AWsn^K)@ZN*|li$WSPF&1XJyetyI?+MZ)a9E5-gDX)hxkzC$#UN0 zDi4i}T?Xn{l0I@GWXwTuM;h2jw~T^X!FEnljc2bIp9(XK-tUOs(Gj|DjbNC}HJ@$k zb`M=;y|KP0G83xmOr`b3nNT;7l}Y{dIBz0na6TAyFBxy5i%pJ37pqptoWJUFy-ElZ z=Z5mFZR~%H@(SBf!pzwK)$jm%bQXkS@*rm*HU}wP!&end;VnH*4KbmGbz#(xxpIl*Td&O=ODdGZO}avO`zyQ3hcgU3iIN5clNjWogVPox1?@ z5`k8aj!Sr8Dihesa5GSloJDM89vuo`2`%`lHXVq@hvlJ?1Ad%R=ya>YjwC1W8#_xt_j`0b%EYCeE2zt!{Io^sM?gAOT}}+ zm}n6U9Nwn@D5lg~DCBPE+;@JIa34O#DnKW)Yb#~0p0p@r*q5B6ey9SH*+3c4d!9Kt z<~@S^P$C#YK`}29WBEXrG~O&16f%TFMj-MeiYD`rn!q6|p`!pH5*MG`P9Gg%ui#b6Dm%bq<<-C@+lP;Y9LUpC89-{duE!`BUZ@ zVtDZlsOtD#>nla?T3<1CSB(ZfDRS4kf3ab*ifOGhW|wrrL2nftUQ90gAd}qQMSM9h z(%Im2pc#zQnWRHK62#VB<0ESvq*X6}!y7!INZS8X%q~qWw z&M-LFte)F?O^h6+3s8oE+Ks*_F5IR12pejXZDbE`&uOifLXN|c9MY{snDN?{C+{y+ z_`Oq7qlXx+-?-(OMk;59QZcU4-6B$!KulwtTUXf%1eCn_P0 z(fJuA4VUsMS8ko+DuJ!OeV^qfuDZO?7cen!$hk@0y23L8bkZP933xM9^Owck2#t1P(Ia~oW7 zEl{;6?v9KiX&c(f=D`Ng7CALP_(YnLm#Ex6mW$EJq7N%+bTFr?f$b$7ud&dM?9VaRp7<#ulPd z@_|gF)^E&U6ya|&ab2<4OmA+kD#;noMm>XDC(E+~uE+Z{zV>&b)!Sf9MNQ!M77|$9s#0EN$ZUE`sS!I)f2D zCm%p@sSXg3tqE3)UV!{^vn0lG89Yo}^$+wO)L(Ss4uFU=93<^%lJlMqDj~00oMNoH zE;l&O-H|n~Ot&gu7{8y5cqnvZS43Gxsc)Qak&vvWsY49X9}CNjx-EjLq-PMP3es&8 ziyohxUz{8rUY;Ct@mZFLQz@AFbdC%)uqMxNq1qM`wjlBqBd!r|=v;0da=sxWPR}v= z2WAzgyvEkXhRLB)O}{c7rQ*O;zX2SBDs3zR?*!UR(@^xTl?Z%xlq{HqZH$f{26FE9=K8Z!~hA!=QQ( zbPCJ=@BjI~3S9@ql^Ct;Ijam%qYc64n&;(N55D%Z$BD{zjP*)0F|%xQF7fhLdof@+ zB!BRXQ9p?Jtsj#IRmUA(=P3`5dPLo-vOKGlOmhxB)k?s^`TL7Ap0YBr8u14CLC^^O zHU9~Z`(U;GYZsgMQ;X@pYKqevZAjYIN6RVYLn6q={_Pt@q`rT#jJ}V&6%gsD=IecA z7JEJd1_oY7K8~H8I$HMd`hoKHcfw%E@?BAOn29w@vGh=H8o=6*0d3CW>nx-omHZgl z0H1?uq+V>&`EZa&2ndf>k~p7w0XfQHVpfhJ=|I%p-ZaddQ^iR-*vz*`g~ME<6s29N zoVdlf9m%-tw0M8@s2yh@nJl%|vn*dLCpa{_zWq1I6K!U&1 z0T%|djkW<*VM9rcv9D2%AH|bflvh?>H+5Zs1wHgBA)|7FtHMeF^BQp6DpLm?anOEY z!yMZd(Ufou5@fezag-EJSZSND%X*>+vtU?OsJ~YC{Eti>efi&prwUd=`Yw7b1%}4e zGJsb3N|;B72IOHiiSFWLO|d%Tp%Ckeh)Ko*5ZLOW3NuY##8s zg(*JMLGCPFZfnXLoF%%o6rRBfY7#n)zliQrX-mT3^BRW%P>8r-b;@}bk3bH4jzJTC z>P~d|uvs|vk}u4$+GaFV54Qy;Gv5}Vt_|>Sv)R=0Q(j)?qNT{((26C5lRuzaio@;4 zMs&Q2`<~I!9ZolNp*NbUC6nQ|*WuBk=18-Xt4^22EnKAy#E_F= zaC=RuO>RspXmOCSfQy87#eW3K>w;{|r1O#9m(3*038At*@f#{fPl{zmkD66Rk2!5m zI$!QII|pAh+s$@sXHSd1{j%m9~Aa&M881qKk(Xu7SWGZu2iiBoHJ?oilkut_PQ3%Q{{sA<~iIGzr! z7s`XDI2p0)7&_v_ge(ZNAw{b(`8eshe`Qd$ncuQ+tL<{gl(T1*4bohmp?r6ROC}y% zL+X!Vf=avb>yzFciCPYob;zOukdO0_SHUD5+UR}2i%H4*Sv&!?;h5vDBX6Le9XC|I zR1g%E1E;Klz$+FkF(SmA5gEGTak3y=b7$S1t62FfM~@#6=Lde%%y0dS*6Y8AfgZzd z#(5g`Z&R^$oQj;%kYl`}HM>6)qGAH`@@_B_$D2Ym8(A5M_o^JlD1)jc?^Op@C12S**H4UUeM8HJ>cC8t86|kx{4{i zNuqthaG&}y>XTvdHY(@rhVn+JF?E&MwgRv1rB@Gc(F06LT68oc-ACR3*vPe>Y7Ql? zBjsB^9$f1exHz)WLtY(W(1tZ>O#=-(&2xPd$v)F1`w4GByi&LE@K$B2=bK&(`!DE* zilE04FVWg@wnYEYeybth>XNnuGA-OhA-P8oC$p|rMxko%L>2%3Uh34ayzwxY(Y|-?^I3}={t;8uUmky3P!0FKHl6Wv%9(Y5jmR1I&wi=;l zhlP8dvS%eUAqVb7$s(*g3neNGX8y>1E6~%@oy<+VQPz;7w?(Hxvr<^wTir@*UG5v; zicM-P%*s(lPL&^{eExj&RM=e1PJ%BS={t0mQZ6m7s>tSyeM#sDhEM*b%EQ+L^tQSx zb+N)py4f6r^u9JWH&3w1?VXUh>Z;fs`4!E^k3&zfF^Y z_?jPpuvSl20ZYls^W1>#@q>k68^V29l~=7~hGcJ`NIQr4BuoR$Ab8mOFybc$!9px7a&(N|rmbVYE5BuOsn3s;6q+@54#2DuAx z0rs9f4<&AAZZ3n_23CnTiEpC*V?T+$P1C!)%=lLj0JLf1qh&9Syvj6+UfY;^NYQTA zdK;OcsRWzOWg(9iS*N9Q`DHVIIwZD0#mD=z7|CTu_h)552TRYbST|%rx;@Np36^_@ zdW&}-(`+E!C(%7u#Sq|Xo1u3}VGL!qVf#2vx5X&#XYeN7d zKAEhK^i=)zcvF|3&!Gdy*iuezUC4QK7LR8i-%I1pUpZpZ_IQ>gi0UU|gWd@h(k38w z)Ufiu)<&lzkGbNpq!}hi*$Nm;iuJ`POkVZnaJ);$b^G9eQ~Qw>n(?y6pwR7_(|Rm6IR+5Vy~*X9R7Yd;nSNKCh{Ol zC**jAR%H8)JYT~1lVy7s<~^!)pzxw7ZB8F2(c;F*O1R3?wKQ!EE=N)&FWsrFkAL;N z($Y^@6TyEd`PKq!7|q_Um9v9Yt!l(A+F0N=%9d*zx3rp!@Qp-0cD!z2## z$nmRC=Tv|pR~}eYh=J6~AniD*NzY9<*=(@C(W^5T)+x7?rd>eh)L%) zLW7xy$R=N6^P?RuhtdyxScUh7W9-R&b9t|cP?nPWWH&5}9t~MY$Ac(d`OnjvDZ7Ed zUUYD^q^SU}1`TEjx^YGK>~qu#DI5~bWjw8Ht&_e_zZE?J>@(s2X{?{v-Q={t+R+s| zbQ;&}EgRQAVV4y;qAQTfN^22f@mc6ov;+Sw5R4B!Y8&MqJ;jo&q?C+uS&L}dea2zd z4ncA`uX02xAscTbR8dVbjP5MxdzH0FR@hHCKLmZhqX^pWxJ5fK2LA}qh zJ*N>ezT*6L$U>?qHM_s8EpjB(PxKn$rgVyrcI<|!A*}LCP+X##H*a+k%+n(s|8PY! zYGG-(P?qaI-X}u{T6$;w`!=xp1b-dZm{3!pWDtwL7zNo6m>-;{Q%n6HMsw9e%d!TD~ifLu`s zl6jFfUI19Bz({V6GC~V`UW%itvcn4fdYcjei8aiubGNosTvQ74g_(M?Kn|&8102B? zG@c|;pfQ;ZmP1=*3jiL#CqDfq3;WTzbJVPloXb@*bV21HHxdd)a{?d~(tXLPRb-{s zxd-lMdoQ#<1|V))`?STNfLLM7K3vOINzE8^$&n`$?sQCc{2oaem9UkW1nZ zv-Llb*0IneQ@^(>);X%RFJ1eX=ewVB$yLakOPO~O+`?2zP96`UKDqQ_e13yXKDUFu z%gyV2yy9!hKW`u0DHH{NUR*t7z-4n&mK-K11h@6xdv$KboYto%vVhLLB7Yln_{POU zhB`a+SXXp*cK5VgQ-oJ_9;!P>rh~jL#J9`$pFH$bG{6%VOQ9DBX`pY*6uR(wmOoyn zAI)>)hPyFHH@3xwuDkJ*!s#KL%gN^;3W0O0Iaw80j%{TvGt-rEj)q+ck^1UGnK@B@ z4JHz#(FXa2*JW`Kkd?hG8BP8I~$}Y~mG*u?iMC4iMTTym0n(U|#|pkWk8A_MzlTb1PdE`1zXyGb0- zHXK7A(>c8Yvgy+*26UTVE`315mYXok?$T9<;$%oM%g9ckY<|?Y+yO{sMn~r$q-uM~j)ClXjHtUSNTX7b(!l58`s#$w<5vw=E0Zz}ixQ0 zAjkP#@2%-W>LuZeDh4F-^iCk42ydyZuF)~o`RqLl(kQv z7+26R*I82K2J9CuxHr7ae@ zvMceCagJAKy7vm@G<);C;r?w3&v@y&hGC9ik^XPHn6x_B-Fb8H=3f_(juy8YjWCdwu9*GXMEqqiHJZo=VfVYEfSe8iqo{tYPK>nLA}H+1n@_Bq(PU zjb&0*SM5?on@H=`LXws|UzODyrK4~PIS(IN0=^0p3@DAwKEqIR*YY<;a-}p;hVdzK z`I%Km9h=CgWRb96x>bQK>DUXkUerpTmqiq43JMaaCfFV0HnqlBL{f9RWH}~vZt15f zBkV}0Z0IRElFIIts8LO;VZk66e)4}r!jQcp7&R|Z(lbnueUu@ z_?mrsMC^(aMw{!D|Fkl*cs0!SyabS?cJ^iGI-00|8wr;AISrC9t<~aNZ^=V%zzIf+ zb2~<@jKy@ses`#n?gD3eL*5Awy(LdCy$iTrQ&iz*RA$1$#FS{fsL~Uy0#&-ARmAt> zFTqH$V{NqTIe-4c(Xs|58!sD~-|1+2sD5+8GGr=#Yr{9?VF^T%s+K{gaVo-C62_y_ zfLG88d6wpiA*lpB&ZagP@2d;bf8`tZoto5=`ga! zSsJ^y2GRNKT9XXlS%jq=p2?yfH%Zc^QvsEkJwUn-qI)|k2jA8~CG`9Unhfed&(}kF zN;3g9`xws}p%3^76o;P-|R>KYSoc8%C%sv ztlAnpeYlNbFDbM2=3?-OW6~G2%%kkGOpX9=HkMR~P3sEa7A{E=72YY>hW$bT9T~qt zLowo$+$(6eq%O9oD}@?6=1CKq!^sX_4nF*`w=MGmWjJ64(l_6oY~yS3zfpd1*k$zZ z+${7KF*S#dl^IO@%OiKl=1F|uk6Ur_Ta}f}4g}uF{1KD?ydU@LNE`|vY%|RTui%T( zW6iGkf`SDvZ0DSv5a~g#*sQnhu@OkS#hGzvDFK_f#)t(SqdaA_%Zv%6Z;MJ*Wh(fr z51AHJWU?qxez>Zn;94apSi!2SYoIz~?jKa4T?N4LoLST`ocOHHs!O;y{3H$>!#({m zh3Brn#a`gWHm^IhM~Pk6kAdJIsUNwvi0n0pt>2Z;6Bo|(^h-yEt8C9Rg@-F^Sz}>< zxJs&?D@t4qvMS=lIi$U0us8?tXAm*YbfJAY_qP}`>2e1ILy1M_n|}6+dnciYEk- zn*;Spk>uvUeR4RtIk5lfW6F6t#ma%@mgDG86<=;1lBWcjn+Nx4k>=(>etNjMdC>p) zW6n9PUor69a(w+M;?GqhSUm_`HO!|(qN|4b)NpjwkpJmp(z!b1%Lk?_!T-|H=}Jg= zxe#@pa<|EefMV)tIk_=ehUHX%1PEy>#AS>Mnl(CH0U*c-DefQ&KadA z2C-WN>lq^1Ekf}O;p`ToSUsj)%?^4EY_|;4RtCvhIl5gv@Xs6Kt{%=O$GKYq&C`P2 zErICi5%20Ddxo%gHCy%RV&Byx;1dVHt4G9>qu|w@hOeRUKATW@?wP=^6A#a!p&}@r z+0lIdVety>d7jvKWxY{1I$nXKUn4}GyJ=oBPTt(sS47HlnY-R~4wun1OV5cX=j({I zqvp+RQgz%sAKwbW^A=&A7e23mzA`GD)0O{qqv#dKYhEZluhU+G>6M(ef5zeTT;HF? zG4+Q{c?H*7)Rtm|z0&4i(k zSI0hE#671KHN)QpQ|IkbQr%m*k5D${R*-C z>W;^+7tn7WzrIHGTLHso8`W(=RKG=x@EY202@Ibt6VwXrH-{BoAiiH6?7xv9f7Whn zg)o1vV*aeL{z^grh64VT(*N6!`d8Yl&mi<)DP2n+7%v?GuoUfU7{CP`^j|g>;6iqJ z4G8#50RgM{ZrP}Sb7jNaxPYY;yaoq+dT_ux9eea&EJ9#upFCrj!18IJ30oW}(6W_1 zAylAy6jm! z<>wI&a5cJry_kSs!E%7{ql`NUo%)f-CYOju@;W6=cf6MadTx>qp@oSU%tjN@2c_X} z>9y)b6}_*iK}qik^k1+J+s1PCK8oQC(1Th9?-h(0UuzlySq2XL2O<^7$j9L%zlE=e zXF$Fp$a4>{__eN~MfgSFh4cFe)Szo>BY}D19L1If(A2!uV4!Y{Ly5?nFW4TZzr21D zYgsg$C1I94;^JGF7P5Q&c`T91x7vqHTe#Gy=%LlFTr6ef4_Na5#~_Ru_Z;}RAN!xE z5LUxiMc5QAf0U>c9%StES(YIuShuOmQ54Fu71Mv(4$#SAf>CbH}yhWhv#9T#uqb=L~cE3d(fSpIG?8EB1z7A)jRryPNFo^-|gv5es} zAK&7z1?Pnlw9*~{02u2Q%krg>tQ^l^IW#NBG*}YNvT+So>a1dH133r;uqwDgnJHv( zfP-R)gSkNtieV0@h1|5c_lfJ8D3^?RunxmaHh=#O*|$Seb>TAcECCW$LGc_x5>~;x zVxWYTQLPdzVP#~i225B5;mSc1R%+dI2ToXph))tcVHHAF44|;uG<}vJ3X38rl#B6- zC<^6q6e=PqRK`-Mil$H_oPJF=(rsO;}pu~IcyLI@C$q3&;RoC`8UVkzdiqOe0uRq%is+D zWs|O6Z2ajDe+m9D3jQz%{_t(^hqoJB&B+kUEa)6*3iMS^emvg}=s~hgmp(Y_T@AaX z2e|HqKsmNjOY$zEJ&)pH?gi%Ll|#PUj!#an#ImTEPIiU{Cl&+=T+ZazUm;B3{H@7v zAXH!#(K=Y*yaEft1ybj{WWYepNYz0D>kQbl1`bp>t*C&-n0%5^tw@2=0B^?%)HZpF z``59b`0)be3llNWt-DiJS4Ryjy+<)mygch&3hQvaBnlFrA1x$Fmh<=KyoC+L)p?oG z_XQLewm7lX;k#nk3MHFXxDJFUOGan@;AP%m!3>o%GE1s{6X8F|W zV*zq)M)!SWuvYKv{5qYDivv-5USFftilvRkf|?rhsqS4AP1eW@_&$x%7CcJtrPDwz z2B6c?VBJQ^NLtOM<8_R8O3tG2Ucv&QFn#0}$Z`aMW6;tniekmFyjzWPXzk#YGE)gHuR5iNHI<-(yzwC<@m@D+!ia(wfj=K$MkBr##rbV zdcYJ}%yWYwC|?8Hi|LG#=OCDSBY!WI#^D1hD`Qw{VS~%6oAduedHW9d3Ht$W%&E)8 z&<%7fH^9RVC<+@ZQXV%c?11Ill%#!gCwa@J?9)Q;MbSKU8`N=Bn)*>|7>!YyM+2)^ z5KiLOeW$t8ZmshsMRrMW-w8$$Oe7j+T(|~!P@3cxYW;PNcY-$@pWs@$zeBe5(yE*2 z^(cJWZSG_T(pT2qd6jVhtNX z5(-jHv=dmvNgUgV&)@e>FW*bltuzmEP}7oSXi#7!75QB}sU%_=4r@ckvYYW}G@J6l zemKnO3W2p(-Ky2{K|I98ye?i@T)NUfU^uKLS{jk>_J;hHUfA z7*Lo#r;43{s5Bj-wr_c_ji+y*lzVn~Gk9Vmox zDxWLv=n7>4P&`Hjpj+_LX)uVc<8U0nx2*F8z2RZd%lpI%KXH2VE}fD=z*w_N1S*F0 zp?rogiFF7I*>G*uP#vLmS9({awpo%7^fg9Z^J(@oY>$k?fyU;LEK}Tx+8pIr8sN7z zaL$F^(c^`z`d#$M1>S|O`=wn~2bJ&!|FcQdQDofTh6!#C-P#Jbpv-SHZ^yh=y(aId zNZ#R2zpDHKeB*(QAE2Gs{%p_%$$+DE43ODb=U;HR-O$@D^zI{lGQz9d#UZQ`v0Ra;1khre6gcaS2(s6!bR-#ZfIyIZx~a_gq7RkTWsHmNe+ zzPmYd-!)mm(zmAZ7mfwUH#ca1N%(ioUIaqh?<-MJ2J}m*#cBU@7mMm3Wkp5lh$}Wq zN=YinS&n@aG9dV^O&^w59j~o~G;d-&MJnt>?rf-B>RzxzkM6nI5Xk8^r&I^ho>u5O zE|`wxeNm^q=BNhHAMx#6JHQkwG!$J*H7w435QCI@2}4P$u$|w1k&DCgQ`N|2^Dy}B zU+UgxaZoiGo&^#(nwRnGVetb~k#U%pavU55IS`3idH*e9r! z;Jj}jl&;0HCAkR@4@dZsw`wlFIy^Ele{_^_lT)4ESyAc2Ni6*njXFY}8EfWuQ4``a zIzlHKMWgK6FELaEs0V1P()taNA}vl%S~BUXyUg~1H?tI`R=Y9EXV$<>@`)OkALYp; zYC!xXwEcJGiKh7R@Z#O+yKlP1cYL7(wh4W;>9a1eqZzY*yYd0;e8k<(x61I z_w{QWY@n<-*7kz)Hp0*Yxwqtu_^B&3GFRzHLLC%qm+VH z*A!*R-E)KRL?WDLhw?Gius*5FxPfX=ZTw|6D3<`VCe;GAwAsnUBdtgNMdTNo*C^!?KON!J}8J2aFV{?{k^=epqAO3R-QI zNIs^sbNl>7svENSvor^xkB7lHdI%&~a*HJQd>DLkbPUXTB%5l}sauNT}K-XR3Q5+>=ec^l>$+6V0fyQ!;hi;biA z@7@8(jV*EMRkkSkfal?++Lkyu18i+^^6nTZz_%Z+A8~E{`r`fD3Lt{Q1Z8CFAlgyc zgvqtJp>*jsM$uJ2I`~6%^~RQ^@{GJLW9@|$aQhK{W;w;~T{}Dc>f~(Ae>;fseil#I z?6&sK+Ds^#*IXQ?p_Q1vIsE>clLeT1=%C`UxJ{+HXefa&^<%hQ?mlvl;J>A)428RB{U7hYm2e_7e^ZTGip3qEgD0x(ufaaew0ErVH^uIj?Dr z>Ghh@^w&>mdZfg+^yX1=%rjvwT0xTdJ{m`PzD=!-#~h%1z?ZydG+x(H%`@4$)?9@% z&?p0mE?{)6bqk0^fXAT<&N&wG-EW+if(yb2GBqk6ImSQ+HNfbGp> z>VO4c8^V29B|u6>t}FN+$iz(!)Zz0VKVBi1^_$-nY#8wA=Q|h0R%^~Lh6jcIN3am~CLyc-6G# zVE!X@95r7UsA9&OOUB}NcMVoBer0(RUv|EDQ_GO@**GDZRphtedRU-VI~gu<#?Xh@9OGfK#394hj9>3 zf{+s%*v*`m+rw{}A4FfBo$+ahAM1VylEDsdkI@`ZPsRJa0Z4fh74ruvT2v5y)lbjb zBX*LLV8M^l+&t&p)h^*f%rc`ZT)L*_Y&#fb|L8U03G_LqB-7JU5`fZb;Z7jb(m3E9S z?Xkz=3?tI!sn1y^KL`sAD0Ka3al1`kWmKQ4K38{pt;rLQF@{4w(ic|kut9UW+EbvW zSroYnRLLN$J4dRnEU_eW<;B^GW@QnPOc5e4_&Zy(bDf5iybww8$yLw^C0A_R7Nn9} zu@&g~@r6aiTl+~3QewQs>GwkcY<-GuQ_!wuV0h){WIwY4qRNwUGu6tbfmL@Yf%>=f znramsnECFv^zNPF-e78yYq2|S$eTrswZtCFV|$^qsZ&^tOR@^>uFGFwz+-tt#Q`R` zAkwucVm)kbK#jRENBP?v5rC@UTpmP|h(Z8}rV{>8xOs#Vqh#M#OI)q>E)N7YhN+9UH>rL;#EyG?rtT@K)V zZg_`zTrzcgDxYQ`fB9mRlWvt`UQey;f@-oEJwdr+%k5eq!X!dP^4r-kl5y%0`B^wL zh0x(-0&;pX{E(RC2ko}_S2xzw4K5Fzk^LwsOWT@9FgB##_u&slR=3|5)NNhQ@nN#sMqCR`T1Y(* z?>N%Jrac@EQEvq{0RY%9|H2{!nu(=Bh08W`6SGVir~z8x9VXOkHdMx%*@Ux?QZNrO zOkj^exu>A?Hthi^b0?+tGta~E004}mA+Nlf6VU48kC+e^Q`P)_t0~a8i_T9bOcI_% z3e0HHY&4I1A238))Id)wI$inUsE0{F^F|YP1TFfP$!|2T|B+lZ#osQu9e>Tv*n#Cz-^ry!sfDjZ;G+s8E@gNFYTn-*J zn)jg14kCmdkB0J&egnR?K3geNd;as`Rr4_%CClPiH2-%F4hr-C;NW%szr+V;!Q>Gp z%I#GA@b)3hV0(T#?&DnVoge>ua0a`OaUKPyIyQG#9G)K@eR~q@G~0Al-aYZ7Kw>hj zm%J1Un)T6X>*yFHOq%cs9ZZ)#<%e$aC(Q$7b;moA_HU(<1jLk|?QHt(eQMAD zi<86SwpwTbI!`VfJ_p$Or6 zO_D8_XaD>0MWbLXB~2`0wHp?_;yX7nkAqA2V@iN{b`DlV=86b`F_c zBRs5{WN{vCu`Sm;5D^;#(NL|%vjlEa#+#gKf*K7{Ejh}w41t1HWXUPYn2eF6F(RWp z;>-o^SuPVg2uM%;D+ULEe$5TEJNcvu z=v&O_z$Z!iNVn>6wPWz~6Z(bb(-FhRTTbjgAQ}EVi)h^heg$n5Hsn??f=+X1_fPPM z0Kg`<+5QvPF`)z~91NaVgqYiFf{u;-+h`Qh8|ZPoLriysG|%d**$s8S0ey6z{ISu% z`{4_~>P!AMm`<~E(Cp|dqBK(6KuC%pOs-u&hklsOI;SIn^N#JS(D6OO)4GwZvu=+|{C z48Gq1>sCzqbuz$uBtkhtt@Rj4;uFZ3bvSsQYz& zSn|160~sbrD3m-y9 zdemL1okEeY8A_@j(SY_4(YT>dAA=M^lb8(Mh`AkLW#u?jMM1BBrz>+HdS(gXnb!claK)g z4tu>H-(MW-7cy?Z*I7F1S`UTnXkZEq^5?vn(_LzGxW$`;xIYzZkuxpVbPL_*2!k%> zu8Duy;$F5tz`=7d!uzEWQk^x`(QAYi`wx28vJFzVdNazM{EKE2`m)Bjw_-yOPq26I zFHd^S>Bp(FC;R#5fDUU-aolXd=DYi6)jA^WJ4yQVwmD6k^r+p2C%J60{PK>*VeKZ4 zU{ht98bH}C5kPY*@OA3o>nwqDz(29f>mXgUE|pX%fZ%KYMTg-?oh;jQ{Sx zf?uV3v0F=yowr_Yvv;nOcKvK#e0JL2J?TCbEm1NXO4O2)9q+pT`*+>|0wgFwvg}x{ z@Y!u-5*Px5!OUPVn1PC@{Q@QM#;@5#C8RV_FB^^R5-wkgkIKVR)rTCK38TfR9&HCB z_Ip7;t%vRpe5DrpuLweUeQ^H6R`4Ok_;;2k2=Br-^s3`KEP(;$5uP+!MpT48o(|(*nPYm>^<6hw9Q-S z^F4Kx1#*_W&j++U>PhPIVvBG1oFVawY4ib5@ED!WdK8XDPKC%O0z11w_#397VS!2k zMA5G(%IWG>PyP}MxynO91{=0z;QPW-AZv`{(xu20(hNEtj#-HCm6vQ9`cpCj*iq(D(!)(vDEFFF4M5rJ_itLlm47yKXk0|(iOD7% z6$`D5hyO&A2JEKJ=`>9q=8O-hYYZ4|SZ!M)X`|Z{aSg)5=_Tx_p!?KlkH+^{A>ROm zQ_IFW8ov#5uL_f`D*JbJdoOaUeXjYpV1rq;0K$Uupc>J zWE<)bhF`O15Q_V+>DV+l!>oI#yu&IbXTC5Qoq^UzE@R0hYq)3WAVtRwoOz6bNO~|z z0061XZia14XzV~z8Hp8>(-*1L&I={hl!VlED5eI{oVjjPt{L<)j3bLfV_L*>XQ2dT z>ywqUP4M`R!0;g;1zA@(#K56Bh(G^NvW_n6NC-9Wz+NwlQ)CbncbI2Nj4o#DZW`tI zdBw8SdW4?fL>ApBMnU_8(qc1*#)}5KolonxjSP_`lmkjJs*h=}7n9MEs&&o#0n-=H z`QESRkAEG+eYvaoK>ut42WWQSQ~8!G6M2ORzHsu?7@!a5kA+%by}%vFfCfP<0u;h4fU+SGei@s zp3%uJ&iM{3J-i{APflTR#Xx{~61yRv>rx&;Ho)wIpoV|s&2}IxD%fj1;v9nwdDYnZ zj}4^00jz8!WaQsOMZ_SY&v?CzgL=VEEapwP5f9K|J{ef*C)aIjLo`n2SzmPPtds6N8f5niD%~ZK~EgIZYn&rGMv`>fc=kBywCp& znLqb8X88Z?KH7U+_WuDTeSQ9a8>QsKj|X^tIxjgK_OcK-+Jq7nqZLnh>kE+yW#ZR<1crh>+cV&_RodXW}jLk*kZz(!R;vdON-}0Qx2x#htBrU40@9xA8t3*5H|3N zpM=#Z+^sFgt00(UiN}?}4a@aGhaqTsw6r!98)awhFHMr`a*M^A{~Lik*q)D3Jp8^f zga1F-eNyKCPxtoL{@=G!{`Ie&uQzI3Kz$rQzusXx_0HG9Ip&o|+ahZG$YNfiB@#u& zi=e2sVK}tlVO%%Ny6Vcb!`v;jrfO>Awgh^jx5b$SHC_3d;qx8V`fn&( zf83)D^5$8X|1G)~FfxHzo)DDtX zW^FThYqYC=R~>{F)zsbF7MWokP1uR4+dRE=G*U5V)Yxfjr)#n9xUZFi0!6; zvK(I)0fmQxsv%w&=HG>Dn8E_^C3P?oW&Pr0jUTGhkd`@>`t#<|M}a`~QS{Kkue#@P z%DJX-rfJRLlqPBx1LybD{P7{EHFeJV#pKy7)Vx{KR+%m*NUb&?JoC8Ko*(ybW(9(L z@~%T0xlX+zcE^0uIYT=b>vk>N-|83)ExK7E5HQTidB?6Wg_{^nXE2me+O6Xz8$U;w zd-35|+x?O>9dRml$r~Z}p#gW%P}$K3I--y2XC9+5BpyE`i`yl+M`4%)G_J>ExhkDS z;U~jqAm7$OkG6wo49xnk=>=Za-DW`X0BwZQFYFQ;G}vlTV!FuW@G*K8Y;a9ZL<2pA zIZ@~S>b5t}OluY|wJ^L4b{f!H4mL+|=TnvO6-z!t|J=-8^NrGCcP;TNvMK&AY;T?X zk{9qaM!Kawd0i$yKeNW(k5laXQaRPUT&HfWe`ytGU8a;p^nWXmpT{?5=>LzO@0IU= zJ$?TC`C9+KjdJ_?|8X>)WN6zj$NStNo3wcB(IGz@(#iQvMbm6;d^m%Dk@=ZLnvsQzn~=v4yYlKDW`8Isvwvn0*dgMMuJm@;ytf} z{XtK%hz5On89aUTr(jbKO`;LV;wTG~rnrI9@Hiysj)Vp!kI#Hdcj+sIAGP<`2&C^a z9`V~~sLvOA&}ag~gw-&Be>mnO{=N6@+Zg_>^aY+heFU$z6hIzc8QjwnxPRZP1;_C% z86f_rK_OB-`@L8C(B9K$*Xj4;=T9wgkH3B5-*1ZP>e=t7C45t8(8c@xyo845&+4bI zif;-+yI{u!+R}Os5}|$uD_y6x;7j7IM;4_#dU8DyZ#}gr<pT(&rivknVQ0^v`%^`uX1{+5EQYHY)hp=GXnuti&y zFixg!ul?o!BKjXlSUi*VHUQ7E|AMwx*8iS7S>OM?m2&&~-wzVIhvIG^!2;Y&nLBdw z4++QdX(Ik1=pkm9jQ5WYwcB88W8+6krRY-R6p_kTH0uzviTGa2Tlq`gVHEq~o%~hu zh~A(}mvRZ&fC+z{(3P2%z9bV4%?lZ9Zxh&NYy6IGy>mDmw*q=ZH(oYD#T`!2iFHf4 z!>AB+7;Qm?(;H{uFi(`LW8ue#$M$l08GC`35DD3#-0va(mmx)=rE9R*Eg3NUdWDE< z2FKz)!`?>fwQ@euW>~p4NdAO%Dsp9Vv_ZHyP$sAP@~m3f)D)DWjcG_RtWMCy&FCK% z@CMYuYdJthJLkKn(Ktk>`%0}M3U=$$w`}&*mGJ|{%(GF%B!%MrQ7X3HmO0sF;bFvP zAJzfnsOo&hL`H{8?Jx)GrKxOGzG2-#alO=?5L79EKn^yvt>Rq|gvR*Ulk$7@IU?2S z2d|LCtk1&wpJ^sOLV+qVyOp^T`2aeJe?VbLM#-RvOcZrJ7=wypbRNSgGtIZ5T z+svZ@aHj+0VIa;Mf8K5Fe%pNHF#cJDj8?XSg15G8RRWNWw@n*Uv<-!v*(P`1edqdC zE?wZ}q0#L^;x^a9=V1xjoOrD^H}Ja@^ximjHF7&qHf~C6fx`PREJeKk@CMT&_c5q0 zHb4(P)U!w-L~$x!*Mb!>i?8Tdz=L}Pu&8Tjh#>YwC z3_F9Uv1PJ1B825A>Nivt(f?&rwJiOAckg*Q{^!#tdym)p|811p)c;KuDR&bvUbh{J zz{Q0W!F8}g!FY^F32w$?R0tXvrZ7yD{$9s=N}m$e4vMLH1s_#Y6L`ydX~?S z8k;<>HdB}Bs$YCLz0nl0L|^>M(Mstopz}7G4ZF&g(H+yKQH=}nOXHVD!+=QQ)3Ys_ zJL-B?JDNMgI`2hUg#SlbmS)TI{{xm^vH$F?&;M?x+&cgNaF(T${#igoRKCu~H{|#x zxw`e6>ucs{A*x(%HjO~V?R-$tUgHNi7J$bcdi-$Z2EF4lzv|Vs;|J&-?%q@n7l}CF z5Wce7<#M0~pI3Wg4omylIcB7af@;Kp4P|Z8bii3x#Nt-|nl_wScB(hnfwX7T7JHY9 zS&)%3vRxR&nDo%=iafijRFUezM+2bp zRIy+Rc047nwy(Gl9p*pEy-!n__=@@{IE8OEei^E({U?E(Y|w2zT#pj34{x7lMYasR ze#>`u>C~G)-l+fROWAx|51|`Dxx8b4HDC@A`U!9ftSnO3x^e8=0cOmF70~4*k2&2k z1OgaFQCHoyg&m$e{Umo4wTd?m&N(&|sD<$$UrM*XpJa5y&%6#U;RgBoBlc??)Lvla z82HJ~S$feN!v+-CDu(4c13AUFNcrlwTwQ%o48FNUSFEhg`6Sw#N>6#?&*dTW3)^uK3MpYN9Szh}Ga_}{luZe9QTnTbcP z^s~a3rAb1PA?&xN7$Y^^N&OFDzsBIG!kkXq={upBduH-gmJGvr&`@{i;FCpM$*o`$ zmC?->hVw+X0AX`i7(6BV{5^)*Xf(55e(8Sm)s5^(^Yi}kyTf-syaWbX&o~S2h}oKTRnnn%MVH|v?+y^7kW{J)Qh)Kjx&!H=^RJxV!jG{Jz7a8f_$t&$WrYy z3|oZ9lk(ououhx?B?MEQ0S0$~E3SxpTqG117<8g8`QwoJY+_6qyzpBJ_DEs0P`GX} zUoMvIAHz)cAr6EJQ_G44&s z{z4Ru28~^v5CiJ4Uq$dp1w9y39#T%YI^>#{I;x(9FJz1&^v|fgYMw zgTFvWR%KEuxR&Vbh-uJwF*0I2R;)nv0B1m$zp`Lk6akL2d1ee*Sc*U z)o3qar;}zX{2SSv&_@eHcF^+4Ul{VeIvIqjCf`~$5CuPNb=N-MCua)KMDRui{V0-e z%jMdpMuegE?%dsze=ZB1|4S6%<(&WTK7S1F%IE)&*ZcolDYw4=*Y3X(4;FpAraJP@ z6(!rW0+a(-i(JGrkdsNT7k|df1DE>eGzZ@jsAeg6{*FF-P)Rn}M|LF102~qOHB&WW zXUj#m)63#QHZpnZ`dU7YfX#^uu#)tkNy~Kt_9%H=5J`N7e!DZe@pJq zbw0t=cMAt>3N6p!(TOp7ge2MleI(jJoqoqo3im*bp1(^ttxSh`hEw2?bID1F01PEc zQK-+t^N6!khe;WuIl3?wdy1R)X0|C*?@!5<(&fZliFI%JENkBp2ZAinFU`#0XOHP;Jdo$;_Tlug;5ZOvsxMRt+J030j*CN1Zcp7Q_t_Q0qvUisqpI1_ z0t0IJZpX|r*8#ET#dLfE@3@}{}e zG>QPwIz?YIm#t&f*xUBXy0Kf>MxH9fR*_DjY)`X_FB^i z_+(>%K?B?7aLce!PGASyy~Ly0kTT_XtjXfIoE2}=&T2Y4G$m+ z{u8?np9-`IH4z0oyfzuTSU8L)kds7 z7{Zy}%=S-#pJfLXY=Won?}zWAi@ISeONr!iYZV0+lPA=w zrXwO;L!<9FSI_JZ(}&D2V^6k$pPE94Zo!FfnB<56=-K6Htd;|Q^S>!h)pb5ek*;!m z>5elkgjqU~993!!;i8~`_!Lo^lBaP*YzYf0?nk-K{#4|~f!^+-6f^ zlc9q@;J2t(MTBS4k<`Lgr28$2G2nGyIRRHVc6>&kk%q)cbXafx77R&y*aQ!u z!qm@<&mx0U=)@2u5-Rwengm8=)W!SVd+3R!oW|5p&*QMnfePfIG%9#ut~#yIV>803 z{ijQn#Qiis3{C!OYGsJhvrrl!ZI#9y2?Nwfm5RmCtNq`6rj~P4e8@})>{Zc zV*A!5E~WN5JRm<5!si!Ii+^cQmJR|dOi}As{Qj3=Lm@%+t?d0KU8|Y-nvvJkHat?? zCj=fJTj*2fO^{+bOGo)FIo`7drI+=Xy3rq_LJldIU6Lv7=HQLz(vsbFFZuW)G9EPr@p|8%{AYOVoVe@Ea$TPY|`r` zQHh~V8z5*;s>hO2vpLUP^xAPaZ6Ea3lPsIM3cxEs&%1etaJfoC10QI6jP-JR>z7}*f+h`Q^zvE|UbMr&ap}0FEZZ-5 zjI~_d2bqR6S37veE|;5~TRZ*2WxLP?K=U}tB6LTX1q97!7*m=2bu2)V(;)t5)HR~V zO$BB&X&DJd4AVmCAQu3F);PrEWt*kVT4@}Oa56qCoxfrjp&6~J4KNy=V`vAPT^;rC!Q8H!#q8R^dp{B0Yl+1GKV-B;S zJJrd|7&{=O_a~p@B*wK-oXn-LHaR8(hM?AFKEcfqjy zY+8lbbQtpgbl#|#q8X?fNbQ9u8wjn^8l(2|@XQjA4I;`vkw@>1X>@l}f>WtNTIrFs zHdX7nWi6y$?AK2-w=w5zI_eM3qRywn1i)9ox+<;c!(3rBH?t-RtO_Wy_}=j6ZNEPeZL z5ape*0Tg|zHv|-Qu4fG}zI8Ju0XKq8yFg{{T%I-qgi__o{`H=Q1_z|+)&^bQ+(OKT zN=lSG)mr_`ZyfWDSvnh^XAJnYtZ3{0-k04mR;xKNTe~@PRIlHmIo3vFR%g97X^vjl z+hM_wF_Cjop*f3<(#?Jezv}u#c|N8f`?yLbo_Kc^GEfT9Yy1z z^je9q5)-c#D$_?`@A66;?3$R$&RWKIN;Vz2B{Q>?cyct8B zlVTP#!A${lO*@=9S$EMGSKwZ`I8{`_Ij5jTt-L`q-Ey}F-XppZ?om|zF~`#!+qI^S zgOILVU7AzqHZa%NsG>3!Qo#;3Gp%NQV6BQ2a)0p#IEksOF2+i1b$5lS*g2l%aW@mu zb8@=s*~L^)OXhdx*G7x8Jm=nag~_FMOfyKPh9pL%Wp2{Lw0iRzx36pe?ZEfLVK)n> z_<+su|9ZN+_oQt9-Fv*Y|K3XZa`xW?MLA11{}wcPXRN=)U~7%Py4TmU{T5%k8Pl&5 zxpP^53kcUV{8j-u?Y`YpR1NEW%qn1zm2;yy>#kvCGeY|nmN5I9w(fZ+TztH)%~gh5 zZyT%+_%HfDC)LyaygxdlvKTQw$^X*zTnq&J`? zTWgA;%s2Oo*=p+HTyry10A3MG4bS&nI5$PX4Q@_ucJ-Nqm@((&Rpy#b`_0;$W~Iw@ z_kV*hi^J~e)EhuE_J7ZxKYm=k|MPt9|8qO#%kBT(BIUgLZt1%}MUi)A@23V@yYr(v z%h%iWsc+oOp3i~OxpsW2y?}FFkMZ90m0-EId|}o(i!qbVBy%1xlsjZpFGGU9)^8n4 za8S^)f2?!ch#84$wvL(cs$qTA0Y{y5lweHs0mzK@v$wC)+t>J;SV8U`hR`z9JGvz< z&r6c)>vqyiBr7f-LcgJdo$!1TkHtCHmYy;JuI)Tu#?CWS<}J_4vn;_syU&a4 zJPGJ(+jlN!-KTQvC3D(#oG`9y*|}VS3sl~AoqE;nCink0v%Ict(cyKq;`SW38ohF} z>2Jx=-0-ICIE$8R+ketwKfRX!&+enAPj)N*KYNeX_Mh7*U(o)8l=JGln+X7{$nx$O zg3Qs@+k?2<*R%+kpSmH#P!+xNnTDkOQj9}3tQzysbhC~PqQ^w{eNz&4h#@0F5w91{_TnHHImAJS9TYJT?@w7qc&;FWVl* zmI<>9chXQMtnLqBD&q#`BD>C4HJsT7I!g3n54qHro43=IB-)*_)a4XreU_oFU`w-1 zbW+oU=(#>f_i^)+N-MrZ%bav%ZIkm=HkN0VBjxLKDO*jCelKD{5U{Ilo0CDzG4G4o z=W3u_*Fq;?@3@W5+oDsaLEofJXUY4V+A+*B?idSd0rSp{nog%}Nmh4iu5U$EQ+D%q z)Guw|nNhB5|1-6QIvd~&|F0*{A3rO{e|fgI_W!z-^5yJ*Vg$oFWaq=!qGeMb@13YV zt-OPD*aO^RYQeHD-oX4At#QgcqETn))4^;-VQoHoBwK)*uk9}PYrFbuJ_>l9-o43* zo?Wf_#e?6L}Zl7+*56tuK)+!RT3Cl#;Ia7#~geJ*q!wn07f#Xr_mCUK9ZulCtv zsvS$Cd_{HUk{nz%&ANpWWc*w&n%iA8B@MFzy_Eb`R~?^)V{?4QITDU=L>gzWK9%jv zwNthX5^@AG|aqntwy2gZYd``@K0*o4ZDh%85QRcj#1dNtS{AJjT(JOUk}fJ3XPy!wcRKz`@x4|m(<}Z zOxiDg8U8XBc@^;7hMnsqxp-?|d~@|4;%b^JO% zV_?mPjqSsXgC!@Ui$0H1Sne=T4dD0RUw*auX>uBM#t9)uiTtKclO8w_Q=3U$n`D3g z9os2x4SzM$;I}*-qIUAK@h>{_ZD9@OD0pGQNOPy#Y@B1=f&S#;`YGpD8m%8=Xi2DOKiQ4*76&GE+@+(6BDWETbEI5UU(HWaUj2ACW{jaPnSmz5W!$m`#ZW6@6K|9CMc#;A4?!_5QfWje; z029LiRq@1jg}TyAYKrnsO9++6BmtZbn^N0{SGY3UQwpbQ_sU%Z2;{Mxk zw5?oW@Z@8X(`I>;c46BAYms+tu%Y~nctT)ET!UyFq9hA8^C$`)?0)(3*!7a^A(8n!$lwt5R)v9T$brczZ}2h^4< zgX(}5YrY4;nqi{7D@*}B>;%sq)6aNtGU=iBC#wB!yY)d9p|D~z40RLxtWti5a-e;B zS#&)}!qX_3H2^UzR|RR4Y(VBf__wfa=r_8I;jXXoO@kEug$EUC#PudgatZswFu{54 z;zoo9+uHa!V(22V;TzcVJb?XZh!QwYp^JZm?P)fQfF&@BX!pZj?MV#6C+f1HE6#&W zLDj2wCs-H7bUunYAd(MzFf!Jc35aL~xruv_V;3=~iKmfvBnYYV(%b1c$BH)Lpqqfu ziF&DNMb)XT;DvYPKR~iwSp>Z4)##^22SaHcGp@L??yL25?hclz(1OO_orl<_p9sw) z!fu4S;b_>oTuEB2S239yi{TlBsXWr~GjdE-)N9gXWyPXDev%EN4rE`d?5&qh>65uw zjE_!PF;iDW*LX z9XK0?M4101y&QmiCvybQ#wl&wSpoDB%3^J-NM>`~{4JB=(Ua>->9AIi;pvOo5~9U9 zOcL5JKFkXg`HBzMI7`!AIbSLZpw?Dh9n)mHH5V$bssAma|AXc)r=)&+fEoJ#-qWWQ z{r~y%=WG4{Hp;E*|Hmk5vcl?2XZM;{Ydg^>%Fe=3&bGw7la32&JPf8?o!uPx1`P>srUBoYDzB>_tlGN~^M^SACGQD! zvW$#GJPG8%X7Pf|KU;xAb~gU?FBsG~{XaQuLRw-F{@wDorRlJa>!FvyW(O^O_!rIK zS11aA_nt>5RKJPmO48?sVrTFS7~~+z`jJwJtX2*A+Lp^{g5%aG03u!j|I#u{o4dw~3a=S&3Bpd~PXj5`r(UqsZ4v7~Za&smuIz&uanZ4>RxRa@#c8iirU_ z5F7nda4Gr|@A@}+21ox^!mULv&(m~D{bi>wA3rJGAyHboYquV zFO5U(2z^Q6868-^Fuu!NpLQ)JIODKS%tm=h8vAt_=kJ!6o;(!@s?SPrR|omBriIHj zuKXK6SM;K7RN{19t5`qicLD(!rNe-4S<^$f`^Oxkqgi9Tu==oI^cPETz*XW4iJTU2h9 z(?&T8$!(0F+ zj%@c-0D*_9sB{m)k?p?f=tJT0V?HGlKnbu#T=T#x!(lD9>d;zoB+?^ioLZDEZ$_() z2e)Uh0}&WGz>IKe0Nx^UEK|jc5~i%KTm_S1{12XmCJDP2)i^QsMrr@ZgWZz zN>tyswwAQW=I@bLZ{}I5Uz%sFCuODiC+`;2={}&YpTZ7U9-|j0KHmW?N}aF7!(JNv z8{Sz@PQ%V8@?htKH<$}KvY)0uohxUo`L;9SJ;3M3Ub`6mA-$iV7aw5j;IWz5L3g}< z^m)Xt!Dx!gU+nCN{RzIb^R_Tc?c~t_KDToUyl`jlaqsDFH+uYS_~_eb&pJ<|-lNlA z=gHpba?>>5d`ux$O9qC}JpFVi=WViX|$&)}2Dem#---hGPSn&{YjaR*|+6Jzy-HD68# z#N32vzRmGWYMH3(Wa;p?^wbk+s`hQt)+x$rKUArz%R^5$jG(`{_u4D! zd!uOg$*q$V3^-pdnzVb9FP@49e<(zOupURfN#ajYW{cZIl??q$APHCDuxMTWAt+967BL4Wh{R4gJ&v#X2r(tIf zesg`bh(93;i_5Ac#+je&(W>n-2IrjysD^#`$_O=9!Ef z-StUs1GZ11&LoS+m%MjJm(F}L!uT#x*V96hk6OCPEZjd`jIW4`Y*rHyV)`KWyMs7K zaC}35!c1j>k%mq{euMwZ%S9+};nB~OBJQDF3lBHA0$tK22cZTWfA|gyiXMQT` zqQvOc4L>PY(|CD&)mY$*%=D|t;gTAHui&y@RE;$qt2(A+81F?A%vi>S=ya+;QeGcjuTx0V6`5x@4s#1 zM=*lH?cm}p?wl1D4Z}~UbagR{2I)C;^x`by#n}l#$4vVV^I#AU|L9P-1hB#|r&y9KXj0X>EM2^{OmxZurl`7=P{3rRDUhooU(-kC zl8XD1AgdL8cc~AC<1ylH0Ac|}1G9K~)`Ce5QcBOE8s4BQPuflFPf{`545X0NDG}SL9 zvRdhJqnH1HpKJt;Y%<)>G2@>4EianCmpo4?nNvYF@bgVPoP6eR=XrUkhdo)`pzX0w zWqSG>u+42_*+K>K)syvyfgXTgC}(G-uR$&Pk?Vl)q&ek?ss%@HcfCATKgZGXZ}*pU z1}=Tm@-FF9t5z1#|H2+HPH*qOnf`x!PoF+2>wmkC*7rYerF=2}zc9$t9tO?tM*B=p zmn@NK7rWtbo;Ju1Tfy!v?O6d}f!%)p{(Yl-hrRLL{&55U`+pl-(^Y_)FJO~V7WH6j z8g*YyaDR6Kqv}r3QheASruy;g&miou|C|(r8{yUd7s3n&xR-qW8ADf)8u>yy_BV0U z%s%b7d;Yy}`40m0QpXE}FJNAb$2`mz#uMw(gUCJ$5`Kr==8JgXmFC86v5N?);zh7q zZ!il3U=!VI%_9Q1*?HtIU=x)~$A20T!by~XpiQ$6Q8o~SH&8E_RHp zPpjodX0Vjy4^>h8sQRX<0{d|dGatLMY!*e4a6KWRs8+~%Hvs$j>8s~ILS`cc|dWVVC9L72=>cF?fI z_EGImhaj3X$#p>Jq=PpYj?)N{2QB##IpAa=8THDQ%5PkVmG(!)aEK|CfRtbRZ$sUq z)%#98UNbaagLX*jMN!wlgjtD$4(N`?sUP$&54k+ai zN0kp7E9-?TmB~CD&#bXk)m^L+y6Nus-|r|DeRUtmsLC%^kBm?(@^3>T?#?IgNmE{) zAhh)6doKtJ9sZ9Z2muBt!zqFmVu1vB2AHUvz_4ajZ z(7oVn0^51WQX7eu_8xMl- zVzlza!6@u}!Z0N42B~UoY#1#z<#)a%$CP*!97sYhKCEnJ5yxN;6G{b*nI(fy!}Nmv zE8%S%%Aq(OI#Uua^b_lon?A<7XERXnx z?8bu!!G|~h@#=VEqup*}IN~&kHqOw;PD1DhgUhChgp+n+K#q!_*xYS(DHa)uHN*;sblsan=5oUKI_eAX8e+D12%itp)O9dao;XfzA{s?Bj!@WOXZ$O?V z3{E3orRX#f`WJ%UkVjkFDh;DN2qN~DL@X%+cfe(I9E!grNk-*Mi6MASfhXXlnh|DOQg3Y)5;l;D{=qJ?+smLB>I87M|Xxha}YrmLdJs!XQ;qc_c@&Eq%ZvX9T`0MEX$>E3h>hJPW z{7di-G}jlw|E7~*7;&bYd~ym5Y&;o9%G0b9ouvsy?r&S*+cXF5(ns1V38+2+MW~k` z2^haTY8^QjK@?$9TLF?{^f?5E6>TeAcS2@rLPOgKP4^dhh~2N3E~ez}>`RMPwOhEx zb#`{4w%lY<;(uolk6L%qSGC9QSWf=L^*uW8gossJg&aU^ zH_kioj5IEGeI10Ce8GUS1kp@Y=Ls1JAmRHM1xlK6jK6FkI?}M9$%2Fpxg*Q|Bj{>z z2Z_gE4ZwURScyQ@2<{!Igq~KwCr9LRWh}-W{!UZlscC2sTP5GQvF*H_-7gyUbNBx`U!Vv3PX9YS!1C34QDiI8dNDN#EfF`3ZM!43g zr!{#~Xuej#l_+_el9nM%`-Ln!fOLzKMH2NuXkJS%mU`%k&+P4K4mBejoJHL8xV7NP-dd(jezs=Ym&xii5VuWn*K1 z%)!;tQINnYN{G2+lwCvvk=>YZ5w^cD>(F08{&$)JI?Ek8<}c?grn^yuF*G|e0_ubM zBC=-tg9ca*z*!nA+F)>i-S|B2PH?t`Qb>#tp&+rPDrp!35#JbDgL>HIq2?(IQRjC> zvclXJq@&t%pRg)XS5ZNP{^3y`?2sSL5$;1_lbYnIrL|zMFOV?YV@~DMWPnm|Sid21 z)k;~!5cH>PPOf~NQ)J)gq#Xlkz-rF5@?p9|4f(u^E7 zI5krzLP-8cT7O0F4fRR|0VIi;LX}H(EmQB$)MBKq19e|*%C?24Us}*hiY2`-Wfn-v~OPRAHk*<{;RhTLUQ8Htm%a}mX~T2`Wp$z ztybGq31RI5r|n=8JWir6Y>lV7m*R>chEg;s6c$5=B!WS=G+?dV8~UQvS+jR7+&F#x zHFZdOkDBIdZfZ7b1+Q2UCaP@rK-5H_UhCGNypoQJO@2In1O4j9!yzlQ^gX%?L_`0W z{~biwpOw$iUtatfKk%1!3pOuG-OdfrXjjs($;kBTU2R?9H{D@T8+Cx`wMQ3r?NONL zpqzAT+vG`_ewvKz9`UofHp4vs6%EaFkpX_vp&wpt$TbvxM&=&a;etAprsM5lo^-k< zmMM{uZj(o0){&HIb)Oz5IjCj-=tS9AxBKwsL~fA6GU9vI0ahTHhgyscYs1*W@zxd3 zf;LQ|dD+0rQH>2n3NIV@3zJ=4{))eT<*!Hu#MsM5xARhf{<00f)2y#v(;U8RbcQeS z((jO7*H;}~ylhZC^-Lz{Wh0%uB#bxHPg7vjPtMB*&cZJ|4N{ws{jvd@YI$HF7{(Og zKC{7_@ppiwZJ>-ku7H#lfx#IC?*{7`!8X1Pk|-#kF~ZDLV*CmgXl4GiRBs8(lqidRkqLBi+^8!56F5R9Y#uV<$r z|An66lzM>K&)aY$_O!FYC=jCb)J9#rPA#fMRK|v-_YmwB88JG19ooDSUE9iFjwV(` z5>n`)E?qt;+O&7tmRNLGG9l9~YtF}q+5sivL$hsixs3xZ~bnjB?cf>uFfmdjNb`+%6ZIL`w|c^kFqce->2~yq@%##+Zm%0p?jW zb7l0Z%v>&d9`4}MVMG#8w&$f8VaqxL9)u&at3=aE%Zo)pv2?}p1#3rfI?2@#gmMq@ zP%li7&cdJvB+R$rLr`kiAoNk~A(n0EWo^XPa3`!bD#aT3brz3!J;e1LrDM$ugTV%2rRp@~+S;z-H3B&HC{=yQ-125ju zRJi-6Hi6KsA*g@xxotbhCupY0QBUi#WhqC+T4@Z%jNp_{84_nguvaFMCD9FV=ORoR zsrKzwe%9W`e^5Y>*%N=Z`u}VT!SlsT#AAjBLLHfV5cB{Tr2T@5D#*55)ll5+zeSfdZP7!erhQ2@YX;xPSq@4^htp}Z5rD>{PbE5$9tCsj7aQasVVp?d zpJ>zSj1vV(p!6f)fk0j+E}Afcro3-9@ycow;l6C`V69dsb3VpFl^%y!SM>!412hHf zN3A6nb-DX~o+gt)bcER~_&SePQ&CH051ypvVUC4z{ z=Cq{L3j1hRCcRB^ldO^fTA(jMP(UZp@Jwo4^m#;qDijL^!O;n`9E4x5IFB+FPs5Uk zn%-nci%R$uSujT_Y1XD2MbrX4(T?c@qzh|^LGbv55GHT^r-dEx>{iEo)c}2ijhm%JYLpOiQaTa!G z$2!*8k#Cu`o5l&xH>%YRHjlAQKpengT)s#>wSo4Z1B^-3~=U)C`oLi1gR)4cnTIegH|kk#pZb%H5@bquy`{Z!q{>t`$m4G z*QDOb)NBY8qcF^uXgqD9xs?WEe(! zUt4UaX1>bZ*3;nM@SkUfd5I1^=)xV$l|7!)@r4+lUq!=9BG-Hr(t3t%wD=73F>P^P z5e+FSqlx)n0oA{v9Z5SuX;8M;xU$a*e4}1*gBr#~xfn{9ENv{l{MRoH$vX8*;|2Z! z@TtS_=PwOoRKGNS|6Pu@f5zo%V?$89t&bp-m?Dp076HE@M#;$V^vUBrnF69$^g6=3 z9NedE*BsI&`?Z`qy%Yx&Uf_KCGennA;>?6U%~Hr{&E9o%N;;MMEjU44<^9QrAC6z2{QBd`>*MX>&sX0We;nd zGAp%{PG+`Y6a7pO6S8!LthJ4w*euQq8l6dhO2vb*U5YHs$Aj!bn=4hTI2T|AkyS1^ zupI_%Je)jG7D-rB`*h@V3d^P!OE}dyFCFy9x#5Bdy%F_UM>>Y)xYo0rM{zbZP~?8VUt*LsI^OXK1*pZtFW@Hn0jWl5@T9f- zXgf%vvEB~I=ncGVTOSyc+m1eKpq@)W*pl-yOjz+bQrzNPpJk3vSLspMW|0ya|AmLl z3&T;42Q^e=C4M!38(TH8W{s4^M=Vt@f6Yb{}6aw;iOMe#k&(L(B@K{u#6*C)G zEqyB`(j+6cOmzZLngXSOV%X`ph+>^r5M7;5?BZlp;8tw%-7?aor!R+-B+)2#)Pt^} z0rMzJ$uWuIVIE_uhe0IbarOjh9NAy1txtmND2vbGi~Z;|<}#v%=SvXuy?5#G7&r@^ zaL#VBjA7czSF?2V^5et(H*X&PePNmu{|45xj?(VKJdkVqm(~SN+vf&})bzPgO-!el z|M{Q)Q4s)4H{Z>CtM2khc#83*?M~=3icd?tCj#OZBxw^9prD8N&I9$eCf@4^VNROr z2_8o5bJ~!?4q|(v2;1SCKsF!GRSs}Ho^4s1#wS><#*P%DE{qQ%1U}l=f)=}E%55JM zaT&J6PdWHdm>Y$U)BG7RFy!LUcJaaph@oG?Xz9HfD^p!LDmIdG#Z>L8Z^>VqlnE4{OL}Xf;MPu zTMIWXzU>c9R3!Ev4qk5u`#+yB$>2r~iN3X=4!LGunPj!x5EVy19pJ3d{RrmzqhelK z`nWz!@O)PelqA+b5Sw=|dO)$n8!m?(ae5ebPcMnE%^QmYyurAwj<{$QWoqkBW9Z;Y zpw(2|7c(!Fsk;M9p$)B*oA+bKXKBu()OWl)=>0a<1~O>MI@f@d{IG{smbQ7HjU&FgYA$)@8NIHk##$zLUQ$ODQl#jYc~NsQ2!LH}Wv-qv8`ZZO+sjMx}IUB9lly~u(E#)%Oo(8A7wse@jDRZSkujk66 zc+Hl&T%_)OIpL_wNR^vNyydsg@I4-;a(F$=pX^I&F`b62CIQSlTPTGblXcUxRsQTBbF${1 zEyK0InzS39t(wpN(I#!yY)PP>7F}g(nMVs{IHi~tF*!74V`~y>p{;ccui~7oc~bSZ z6`XyJnRiyrNi7F3+DpOkm>lbHhta@HYfT;+MeF>3n?$Ben`eWaybY#F}T!aB^^0@mz;WZcuylM`PO#8 zo_L$1D5Eb^OcX?w9Q@MVKBy)~P~BitQV^>KMP*EpfLtd9Rwg0gIMkx&Ny-hMljsA2 z;>nbgf*U>usDft-$3sI&&)&8>|6av-Fg-UVBG?jeBg@RfO&hHZ>bq^L`pGzxo3${x zD0_hLbQB6nGCqac-gWcG&RWBT^wI=GSL z^eV-Hw9V?q1Rcnl<63^-o7o%XaGs={FllpdDA~s=VqA7tgMG52)AkCg=(u-ys?67m zDq)*9BV;S&H%h@#6uKNDOPiWYxFNK2+L5+ZeZSjf2UF^S3Yx+_iMl#2X}&0K{`GrZ zZ}zo6vg#7|rtni6Ode zScMQ!fu2+@V875DR->5A%2JY=63>X67UE8^BXqOAIbwF|&9OI4QJujg<9SReQ=x6HsN zFLV`bbk8PeYSs%a#cxuV81r!rU(RE2g@-xI-F5|=3;VZ)pD$Ue zdjR`&F*hR}7^kkfV{WjKx(v52a~44TVeef!K4QPrcKNkEH`AS!U@IvhC5?$;8|q?P zl0SH=$t!ZIh`KZ_U$PQoVycP0&YBIb2|R40N^lgOn?| ztX=n7&&?7Y!&-slWXAR7JWl6(jOlrd=~Di%#YY!dq8r${%u&4OW{FN;>viK-yys?l zE?(>6S-j`Qa3c7zhP@ST41B0i#8LPoN$};BD@+kLN`9TV6t9}OsZ$3WJgq!IYj!qA z@m@DK>j>GZ(+0Q8;*PJUPN5g2eyg-RSbY?eCO#RdSY_n-gI(irC(_M9+&`1JL00^D z^k$;`N6kX&0&Q{jpIpVyX-Rr0%xv@P$frN$&J;PcC@{bG+}w)WW7W&*9{E(wT>$lp zR+|o0%sDqV=j6Da8?)ftOwo>=b8~YpjqABFi|7J^>dMlw_MU1YF!_SZ-gyeTMFHQux@emce{Am)3VN4jDC5OY})q5J|i$21)FV(-Vi3~ z5FlVs4}&1qUZph!P;a8G@_NHwSS^f{aR!v0PVxf^i_tb=onSDiqJ~7yAa5OtrbZ5% z$~ChM)3S}w(a8BLxo8@HUt}<|__sK7k#?5$deuJO+j2F1z?HcfP6j6h@>O1ow!nI) z12L=g7aXpQ^hgSkV$Pfu0+6Fr9*{#As+@f?BH%6wW5rqN@}%7XGSK!tmO6m?N9`%E z%X4F-w|!SO4P0q&NHYm8=XUxrN3Sim=XB383tZRQnCd`s>!J&wesKA#fy=i2nq41_ zbSqPCGhErOZYrV=U1wOA`3s;P1HHEEUbCLojmNDd?f+Hs0oT;N3f`oB6~R^I4qmT> zg^S<0r_9X(2g)_PhD)%}g;+(`P5VvQ;$U{a!k-uoAn<~e>Kh!?Jt=d|&8s-?Oqrg_ z+@uo>JieZt1&jaOjQacdFR-nex-vKRT;MzuK`I4CkrDKUMs+`mpRLoLn}cu++o9?d ziM-*rG9zj>)@AG=4bHg7QRt)b+FCQM z`13SC^@n&6{nKgN5m>5%KKI1=!3fX!I2?@D>hyfYEPZ2mCQZ|JY}>ZAv9qzYvAr>` z*tTsa8{4*>jqT)$olU;n&-c!snXaCynLcKwrqAxKvn=dRITQ`-v!G;|dgcT2WoGJ_ zqOgbsVveCq(7E;C$emA+ASWVbIAol03&)nKipaCy9&jSa#OXK!xIm*o7=3h)>u0$mh+&q-}m@ z^wWH64zUS{P_ z7&1NCWnR||w^eKsT9=1N$oaJFTE9?+z3fJ$1t;x-oW-=AISc$Ki-2KV)HjVudNl`| zQyN{ioJkBd6()UT%3lY!_$&FeFL_c}k$)xQ1&{qk4=b$%KVQIN5dC&gAF~&jDlP~& zc!{tqvZ=--*3S|FpWRL1uT@zC^~dVmNCv}?ccs}oRrnU^qD`HG^;*TcJdJ%BGaM_%|G$aZvbGC=`_vb<&RWnLMQqC2j7~*|m!H<`_SH z@{laoXI8nnQa00ODo1cdIB;T^jeIH&%i1>9&LmFwKq|bW43phfJ*+l|se6Q3xja5* zPv!Z`v!qrQZ}!y-V1q$9_c2Z;5l1FT*dbghG!s5AyO87&|o z`W#t{8{p^8f3_d|zHH~A$|xS=X3U$P03!0SXg)f?iM_@p-? zh1phfWiF!XaxoIJjVW484IG)T!*@L)>Hf3Z%#j&WApbNR-Em0~gl)y1^Eg%M+4^@^ z*X4PAU{CE$CmFcJQ4I#_xrfwv=b{*8Dy;7?jq<*vzhD5G3>(U6I2XnK*Ep{*=>;wo^3+bIPYIn#<6dl& z>U^qgCmd1LBewN&^p>Y`=9JRqgyM?7?GJ2<4!Fi`Cz^%o-o}~QyYmw1*H)t?CibIl zgRz^b3%DI3aEb!O4`Nf@l7^EI?%OEQww z>!@O?$6e%Jfpw&VT#FibXdfM_R$~wnWw)WZ2=gF87e0{o!ngjSRl$b6HNGR+XdeRy zJUu@p#s@T!x(o1s(YkPhEcGARbWoUki0#2eOhlM=4*etGYcg8z9+aHd_(7ZX+YxZH zqPzjwiniUQ^b$RY8T0F>h5pl7=LUCn7O<;{j~e)Muai0)p5L+T9(@*E!$N_pN*Zlf zsYHG|+W|zT<6)3A&h%P#Z5-HvU9p;(GwNTsr_fJ0pyN6OncF67Xu=VF_W`r$@NVU? z{stp^y)#WJ2@GdF2OWTOPMZ^5Mjki#Q>57|njb-a!%d)e zRF642NgB(Cd$RC@L4Gs(n(ig{PyeyV`4-J@&DzvIoaJ7ZCQ*K_m1f?)I~fkjUm}TzKzme_~|R}&RFyD zsn2Mi>hA3~=QTT=H0QWZuDu6x(CRy_4CJi3wMhJDb$a%?tEI8|JEx%$vg3)0%DLnB ziPb5M&xioqRp*PYK$|`LDci0;F^JE?UBIeoAw3)UVZ2!`ofK)JqRiS~w|Ar_n}j-* z8AUOO8V(vNr$F?(KI8Fj>GW@(=HKS9FWdQ7wQ zE->x|F}1rH!59$XU?hGc)ZiS2 zOjk-3b`|{GmBc)_0VK{rmC|X_r8T6`J(evbC`albzdKO1z}`YTeq0-9>Ga2f35!=i zoS%&m);;$q!2sQ)`zAb{SR%n-f9btEmeKX!d!h)V-hfd5vU>g8-H&5AI7J~h4>p7MteJ&R{gHa5v0w>JK_cxHePP{uz#mC z^82wq8F6Q^cRvk|4=hn0>OJQQ-ulDwHdk=$D?vh^lA>-Jx(F=xkXROQsTZFb!#fp~ zIinNFYONApqBo#fg(p3YERIYWu$c4Uuz^%X%4h}5dg&;TsdJhId`})^=Q^yasYHQ!>xgsvEZ>65^~R_NMN* z7tmRFTOIB4I((5`l?yDad-qM(B|G!3b!~Usl?2R;w8jO7Og^5*+7L-b`s$zLuq1FJ z5VifW{(!8j(`+Z&a{a#r_px`sxMblI9ETG+7xWER65yLOotqkD)v-4UYv@l`h$SQta!=4*yni-PuC=D+ouqbmM1 z`UGy>-ST~ry5`>v_$&G|D z&<9q^+%`Z44;t|z(YGX?IXp*6V4kzR?wn)oH0E+SCvLlRkQY}o^-JFlZ+&JLmpNL@ zUHXXSa{)aCTwb~!1h#4xl>?PP#k*6ghhtSu3c<C#`CTIE8gofX5> zVIqCUe8+dfPTNJ2#^3+C!SgVuNthZmBtVpaeT&=HzP*MAQ$QIv%We^eSV%;PLRo!EOVKsUE&YUf_hE({g7n8%u zFfR`eAm=`#+~ojWL_8$6uP0<`M9rJ&Qxa`lvY=O<`EQsdvg2nAoIAz?s+)b_`0KAi z_dPqd^MSt#Bk2Kkemu^K{SJhmSEXxA*p^MTnxAcUMY~#xnH0BmU*x3a)wzoOddI(& z0{FlIU=)UbOW?sIX0G^jyIe5t)()o{T;7ffDs&+)HAl`^hd*X|@*)T}L$~av)G2lPe!-Ynzs6zCiL4T5A2q1;~vKyo;&r>1;7Toc9}TmmW7jx z-1m^4OQ1ccV%M44C^t!?--Fu>bANb2Xv0pL(H63-ddBtofTTIC`#9c&Ty8j#j><;dk#m`UE#5X5<5Z0c6&gJ79 zu^4c6R}CoGf^MR&@)E3&$PbEZ^&>DHcZhH%2(O1LIltBbdyHGE9CmABx8d5HckRTV zYL6N~fDoA13fueAVljh#>NgU65H|rxHQM?kxa&6}Gv;T)qI)K6@!lA2zb60Kfb#rt zgr1OKd~*=m_(4DiB>(*WJR9#z(?G=s|7{#%*!vqRcpiPUcTk~QfFcmqS-szs+X@2q zkV=g0ifOG^K@er!Fsx=(9zQYq<`${rp4U@Om^Sx3))I(653{4|)OpX^xrS$tnc6Pe zXqu3Ku%1G$U|UcE#M?%?a6gZ-B@UQF z3zePfXiuKuSv%c1!u4CWIB@t0FNAki6>Dy2qOoHsvy~3)DSM_(P}HNkg(rc{!W-{Y zx{Xhz&;bVF)*yxOgvLN9xIHMDgAvf``@y0SL_|+%NS0t9JB?hg-Pj~^^-Q=;pMxsV z;Z)_)eYAXhq67Jq_QR@$3I1eEctGMH4TBY<_PEYG=HC= zTm<0c42Cl0MMZf?c8303njgkixNQeTOBo6Ri5rNB)Q8j(vMC$eOG;l*mG)_T4pC*XNIi;Qc|An97~B6|@iN9q1$65)p(OwTP9#(wze54fLcM)*F%z zWJ~eSU)+<)QU?*^E4y{aLE0x=o(wYZz#E9HkDiXXPp@$^gZ7Y@HpA)a;CI zSO58|LMaYHm78oD~a*Y3D)+*7{- zG{xxsz_k0Fp~Lmm^;I*Ab4|ToJ{8lsdF_k54%TMuIACez33teCST<(p9G#GTmW#Vy zLiT(W(RoPlgA1rc*Kjp6KM_oSyP2>pl^FSWPn7cNz-5kCATaD0jO?Goqc<7(&qlT&SXCExTTD~v30P>)s_}4_BoP%_aXWhzZS#WUx04&o3gv6*j{~v4{LAgKS2da6 z1EJt8D*)sq;&(TsGjUO8BBV;o)Q#3b$$9{LdU3*;M{1nGrHRhDrHEQuHcG~`wUSf5 zYvJS^GI!`E?fQVrL( zPHl!@f&?EWDJ4Yx>W6onPb}^;4hhBZn{O=XhJPJNyLv@WCBi$Bq)N|2U!;U&4@6wP z#FOv_kkoILOv+ZqTAbo?SDyUGDx-=)ZGWE6oSTQ`y0kqrv(G@b2sgdyy3;nW_~2LZ z%cvOtwrWOLRV5(Op$yM=qI_y#b?`p#!=9p_iGOlna+i!KFJjQ1gFmh@`8qW(Oe(cNn6kCY&mG}dgt9aUF3ee6yaR4qw)98RvUDOu0Jcrw3_P5Wb@%u8S+-nvbt(z? z+E1hVgy)}nyC2TT4v+~3_}$=41DbXN1 zwerZfz1$9S`oT#4fT8Aj6yjDI(&NXS{4EgqPf!x!W)aa-+cwmRX}fxlTmCSCrF%@DF~jTFI{}$B(k5`3Mg^wsK4YfAtA1D1Chb0>XZ)XBpSu5=kxqcJjRKHo z0~VwciWfs`On1$o`+n&F@%QtS*Vb9SvQkG5YS7 z-Db3p?^{(qTL?AJU$BPPr|-XJrrW4FS#BicrExdWCeuZ<-QAD1+F&00L!VLs=3Uz%(@sbVIoWE!qF4}PbV9B_;2W_tDK*8rL;&3w=I7`d;S?c;Xa=&!b|z2 zA?c@|{GwvdtpXt_4;+;^&J z<5s`>u3tfY;gMD=!;RW~WD8`ukwwg$7VPT?vb2$*N)~)Lp@S}bI72xIpX1O^nvg(Ct?N7fx$U%XLud6%<4wMZM9_zGAuZ%Bo4 z-0A|;Y0Do(j0x$^wpA5KX_DMgWWz7*HZR0+J5VtR6~Ci79ULCW(GE%Qb{R+IqoLV~ zw~_>6K?X;SToRZ)?SP6YgkqeM@vWt_aqvLK4?W)Y8A>nX_K$(D$A}XJ29$FfB`r(`p$eD zUSzDrpGi_Y^hhV?iq5y^k1%Kg{~El|)Gz*+>Oclx7UXU-U>h^ITqTIW10sr?|%Sg3#6I zqzb3xIAG+CNb|=QbuCXXh`#AU+Ee^X(}KSGU8d~+L-N^B??O~L!9Bo_ZOG(G!<%L<^<>$L&+>T0x;1g%uvhGs=zlOs zr$__z=xR|KwHP*@vPne!pS~^mKkOH+%(&+y?x}wZY4LJ&bp5%CB>jc>+9dKH!H z3dZhYc_NED@tE?&ch=IpB$gj^)7*#8Sb6saDuI9Bc`=vh#YD>Y_Zrbfz9Emohbv31 zk_FT5;wP4c7l$t5y2pA@EXajrUdWp6^Jkj=M-c{!dhCJ691mg&NTo;bjYkQuimyK6 zTCy8CejK~%z;ZqsY07va+rKJKrhgR+0TYVzOI4(*%HyxrprWYaOUQA67G3xhIn3A< zycY&FHi#H`gNCjovse}iqBU!}zG@22M;Xc!-+XR`KRO?j+zSg41_--gFMRU;jcO0e zqoqQ0qgH5U_dqv6jF?ZD@(11B1D9kftFJrL;5cLuo&$#HuthXqQo45KzG|={+;^!$ zeKiu+6Kx}E*?ayrIqD1<8r-!^0dw`2xg8lBhFLT zEbP#+AVP@}iI}2JZ6s(#D5g(vnG5Gpy%4i}7Rmsyi)G{(gbzt!U2cSdU?)njW=on4 zk)`w2K&aA-m!-BMQIDE$uOvJ|LWH*SP72RAKYwW*>)tYmefJw6Fi3Om)Zz+C4CxcR zokcMo*pC}=pg0#=483#qlMS$l|E8P@BSX)oV&!H7NF@tUee<18&4nE1Pb_}^N=7%4f&ry z+04QVWdUfD^LrtUW(Y_I+aI-W|+ZuuHEEqU=i3`g3|pp z5ba~X8?h-%Y>C00+2)_76u|pbufD8=$C6UI+DoO;$q>(S7*-mP8O8)V(GjcyEQ zy9MK1Q;T?jvG)1KIP3LyX0+wrF?JX;Ak8i=`OKHQM&!``FkxvT607&ZktX`i9U^eT zL3Y8)y=&=B+8g8I%F+ba4w^w?hy=q(?4#)yP-{O2?#X?pn|t=Xay*7&zum%;CP*H5 z3Vq8#O{%yuZMp~G4r|u*_a>(cr>GBFsBHGCcPKOgNq?gYN-;$|3%tA_9N(XFinely z)pCgHQmm{t=xaQErf2+|&+@4?*VRdi;(#w(r$~+TQRNyvKaCv-HB}HJXq!7B{@+=% z*2)ogSUx`@5mr?F@iSYSEIfRO;Ylvfl19C*ChoP>_QwwrhfW z%tpnBT>Ds+Ngc$tpmLPAjUcdxE^+-8l`7#+F%RR+Gl)~1+p0V}Dl1ER_sx9kgG4NQ z;FBEwW=Ln|BZwUBs{Mu*PH|K;i9J-zhQ8v08mhPfx@F|ik*_iO8mf<=jtzq_^*i!P z%Z+YkTjQ|E0Ikcbb9NDjsl;ArF)r4pt@Th#I3xy$D3T?zA zMFY6y*Sk^*m^-J8#F@*{u2M5b_mC)wgXPK36w5Ou^F+=i-Q%iOB-%Tooqg57B97`9 zo&^XtZV0mJHi&FPx0(Kja|$j4p(3B5CSFHCSwsHAIWgX6kSL+u_8PhGg^7)@zt-Vz zd=7LaLu^z+@BhO&r_*V#lx+)80!?J_DTzId3>A{v?Ygf=f}@DADPCO%_(nbPy9yje zV0(T3bf_b-zPxP#j@zOcp9%@3L>{M zsl!U+C!zMN1+_)hpajb8vtiNSIA%s-m}12nzqEfMvv*^wPo- zK1!zzcjFyJ6$JTp>f%7p84LLukvy&@hPkLy;%72_I^>{Xkg`uaKMbE@IV*4$95_wi zYzIG-BVn=UfnZ5K$$U2(ErjA=$e_H3NymzUOG$95zzf(iK(Uwlc^bUIBw#?0QtK}i z3!Ap6H2&)m6~y9XvH(6r59*N;h25`0^5{E$^*fYzV5V$*tnIPBo|H54!uLr%8PMSF zl7|E+#Ui0cE2aPCApN6OFVGA`tD>Qh+#JhO=Fj%(=LH2m<$8h;l@)QiBbp0!Py!lX zIZsZg2L?w&xsdb#L%VJUJCQ{N`Zb^{{eEkFVbA`oqK9iU7aReSZ8!pxBxGz3JKWv| z!Jrsq{qqn0$T+`<08rR*noGj;UvG`rB&}iTR4W+3#N>snWG2;PG|IY%@2rk}obB(U zzQX-feV<&$HC$U3@iJpF{Zw~yG4>VnR>Etfbq_0x)Y3npGpo;4oLO3?9mBVlCp8w; z;|)Y$>IlH(sFEt|f{%Ph6*5^O>Cn0?@8_~ggJQc1o!@JLAR=Bf5VHSN z^u9NBJ-tVPoBI>B&9(cjsb}XNhc|EJ_h)C7`%4eePr2EQRmR+FBOjr%u-X6ZPwHlK znM3)XkUuIa{E(scOxL4Co3bYyDHvC{Y7ySKtN+PMZuJFW^O=Lb83WtNEsk}Hd3|8w ze0!+TslQn{XO6R)i{$w1;Wc<+P60n6?QiBDyFK?H|J=4UFZ@Q{6=1oUa@!|mdzACF8lhpeSV5ddWsu-io4zrBKp^~ znW1ltYbxIHnoD2gvAq)zw(8R`i{4N>o#G}SwBvMBTK2+U@M^~!Ms0Dw-^Y-~b(s*6<_#=@sK#S7wy1*Biv|op+t>{3&G4=ATBx%x+P&fkqZ9zxHJPG%cY2X}6%rc7V zC3;{l+8jGz2E-Po7}1GnL6vtW?=p*aiYrD0eNmTG@GY}ZUFboAoNK@=$7tobMz>+( z-5->k8VE6{DiC-ATYY^(A%XQ@b8a;)T!GMKpA}PP)1-Nx9b*W2-?__nW{5o=8q2tM z+(a0x*o(14R`Yr3j6&s-J`W&ul(RA{iie4 zYG&%Pj&L?Vc51Z?WJrHjg^kGdvJ7^KY*lxAdpOe(Gkr|HbMCykYQkM;h1vN`F8zd^ zuwKoW@g4!c83~2yGmuIvs}Ie=rzW`9ZhTvsGy`EEYPt`%JHyr&Mm%TUnlTHj*qf3& z2*YWK(eT=ZdqLknd8i>~k0;pcXsRpnBfVURI508C`>ox51c34Zo*tUM+SQb_+>36R zw8!5C1L0-vZM{s{X1#^hD@tdJa_sRW)50)-?ejxLS{?hPCg;9>sIF_Ocp9w{r_FI3 zi5CNkXKlE|Cf?#?=b5A?i>jn@n$-2=c;;Ed4dJwdaP~Jpav>YJv2}fOu=YoUV#}7E z*ZsBZ2juS3Sa!?V;O4NM@(YuH{LPg?2yc=485M(km&Jej*zpC-_j7xDe|3De{7Sm3 zCum$`c~atgE4Jso>L+R}9Ofgq=@!6f>`waZUxOXJ`i;|iP=67{VL~;9B%nEhr7!f9 zZpIjCTE&I*2FH!Bv%wd;7!da0jV&e%Z4?MvE?`xwXXKHYgy~is{98G=Ecvg(zV5aF zUh@IdyqYX4U(Rcfyc&zwl=1gMd~cL|prH!^)zUS?n89AvfXxo!PrHyib@WD7>pP?{ zZ$-rl4!b@Z0j|EVb5KpTnkCq}!l@5mfA#e0zKU;B+t>B(q2L3N{eavGq|kh3>}?iz zlF}j-_yo|#M^PVdKV`wci!|oVB0qXi@My*0;*wQyb5Fs`b>2-sxRK58_vkqi%6j0J zIOEp5^TU~c!-QW$b>3UHKGwMSl4h>%fCkE5yEw@nz&@4$84Y#4HB*PCdNelDpX(R^ zxEwa9eZFp2h?}jKH`N0!Pa&5o#O^gBO4=ugrlWxOJdvv#O{H-@%=QLMrnq9h{0K~t z)ED%)N?r(ZQM*vgPqi*^FGjbQ*>`pZuZUXqDg#%hoJ1tqV#-!j!Cd_g04Z}Jf%0+W zVY(+8`D6B5iw8jm0KQ>+29Z+^Cuo;`f4i59ORzy+YX6jr$C(k{%9Yb~)arPxU0uH1 z**K}wlj?^?Hfom(A*ZA<{2_ST&sR_(3gulpqRydg_*@D>2Ia%=W7Y;UE~8>z#mI5y zbbBrt!#(*ThrmfkEcEAlj_5>c@~aI<3l$cvYw!4HGFYu{gp7Bv48`5xx(8tv`jWxo zEf13GVYH;Um!C?`Alzm_u^Yy(J_|+*Pakp5WJY(ixlgD%t7?c;wzKc<%)dBZ%N0Ll zkY5^9JmuE2uW$9=HV1*UL`U_bGu;aPha?Xf7xg~bVay!s+8A#`@`F235?BGBqylcS zV{}v%zC**$6O~k3N6FDlx?T{;pS@aKZBK>q z!w4O2WXNYpbd~-_ACj~3#9_NUtLMH7zY9Dr2YCM)-MuSdvm)ntD-7j(U5ehW_8kJU z_VXR(d|SuCGY^w?0GgjXHX^g2*UgGa9IrlMiS~(9z1JjHZboaiN8{H#AMJX5&X7qx zfGa3F0`L(ghQYOxZ~vpmk5xN|%-(;7G_rlk4xOjQ8bPF)dvM*}<2XN<+){|Cu_#jVb>XGA>B} z)Wm9)Ag$C-@ta(~dzx>nbGbwD_kFI(^^DPi`90G{r}LOk(=35ETbOj#v`!~L2ovMZ zBDS0Ff5l#a5ThECLK0_ItJSryOk4Kv|mk`Z1rOSpvS;Kxz7Boo_q;nN^n4uGk9gezz)cQWmr-al?NGmIccWnKt8? zj(ls`Zg%G3Q3uqyk4C1LO4q~Ir*k0 z@K5`}IE&@c7TTkdmVM_FQV|<8ma)&oR5!N3AjK_IAbm3sb`~iZ=c6)A0VNwzHj`fk zi&gKRIuUk3L-I(OHe*u1t*GaQ%VE236ihTFbbl`$Ag$?nGjKbJCnC#CACjSGH?nP* zt)ic*n}$}x*Hy;yLtZG#Brzs$gBX#~>`6M+J#jD5j-`n+vRiJ~r)zdUy%^Sl?ns(e z82L}%U^gGA$^iou#fXvb@Z$T%>Eq-x8I6l0J^M`914GZjY0}%FS3>ADWI7$dKOjR> zK44??A4BZ;SV?#vjP;0H&u&XViEtHxN1EJShQdD`ywb4@xm&W+5csTwEZe=f%Zvjk zOQfXBM=M&v-W!~sPcIKFqk|@$?{y?pqedtaVMkMJQ9L9mGh{l&&xwtUr?*mv`&zoW z9~SN+tg0)bta8M%(Iez*l$OsjD(p~EYhhNWx8zN;zdZvmY)|(hWSlRz)*KWpdaAz; z?eOm9Dsol{h?}rfKc_^Jc;sgO92_dW37m8D$Z^st9@o7u9gP!E*^2(~9Y3%no#~j=k*sblK_wCOZ>;-_74_) z&gV-t>;vp#>z`aneo9HnH({C))65(o?a;~8X(RT9_iGdlZ1~ODe7uc(!0s`dy9c&t z4<9Saa>8$6f3I&tOHW-iuR3!8@b8QqM^^SrJa%wsi?lb49j%Qi#uIIpNtj>O95yQR z$78@wK0O5Q(h>Qey*(L0iNDmEzsGUhqQ^?88EvAvAy*`}58RZO7pNl8?oUNb;4g5X&E*s6C~^PoU?P;|YHa)3f*p_afopZH3#( zS;AoZ_W>m4xX}rns9Fi>t0!Ze&|$#QBfKFAVf8TJ12>FiTGG2NeWKHF$)Sj3E#hNS zrd_jsKm_TD{B`(@6zfd)@LdRf1%#sSO0#6$9O2EQf(dVj7dxu(`LE~seNIP!;ryKy zI^Z!36mx07MeQ=kb{Mz;dzPr;=hR1N4m6cW+EXBZUWYeQjW5+@n8Bw$9+WiVhqFkV zV)}{AUY3Ex12a^L0Zv#%jasTx<{zD7Jw)I`E38YJy+CuSpV%U&(+!&3M}Gom`Z*8N z^bcuG45qFM^*Wd8zD&h(UZz^VQ>*2aiIc6~g8L+ArW`A$XDI z5xhxCb+o!Rum14X zn`O>~h?c%web}J6+f{+%mHFkoRGUj71a&FNbpNjn@@?mnm5i5JghtfRh^XtStj`a2 zF*t>M&G~_ZV`SJ1&Zg9#HJ!YUT_peF!NCp3X()F+s~Npdd;-bbcP`06fclvcz>jKj@m6Xb^S1j;3mvg40J>WH-JHky?FOi z++=@lAoPWFlNe%hVZ)-zW(Kr$&QlnfyZu*?w+~xZ{NML9*)2Mn3-BJ8;5@^RS@&b3 z=*u*lgYQnQ&e4#oI~3@+ya^WH>5&tt^QW{EwPWZ^vLcI~p;Tp?CddJczpPM~gLif< zEeax{kmCkynH@@8xAHvF|QHL9h{gxIVU6 zrx$q7*t$a8?kl79S-UQ`H^+O!LPnA@I=Ou+;$bA4@h^Cyah-;z{x9>OPaZ+TWS;)} zAc&;*&@t-m(P+PS7Io#`Sw7aCIE*Lpnl<~i-8z! zP$A)O3E{NHu@t3$6XCx-e!$bfvpUgMg9^PwJJi|(1P>Ja>GOWQlM}>rfp#$O3F6d? zqgs5N9Uqq_u`Vm%=&7VOcl31gqU)BiEBKEt5C-))E#@|e*l@6h%L|5AmqOL6{|IL^ zL%Fa)Q8Nv43`ac-UU(3I^B;4?#pjW{nVruJpSO|1F1HD39=st9M*jP^f`h1YwGB1= z@f5Ow%^%_#AxsH-kpdJoP8WKds+5m!EFxM?IT_JA8ZuMm_u(DE4Xe6F8vzLx$xb&# zJt!dXeoS7HdMe-qO#mAWJNkRj8uh^m_%n!=#X@G$36t)!KwH#fSU&xYI=6B70KAu{ zY%rNm==!jrzyF;{2#w*_=@i)YY{m;w-XvME*pUjT8#FpMgziOxwx&^}pm0iCQHG)q zKF`h`S}MCuSlumSP#4lm@Ln*NNWVqYhvZutd5hkJWFW{I?neeEg=ZXQwaAh$?JFH4 zJ5cCB7%F#Gp`bCC z12d776xw{enGkq)=zcUvL=s{gLI4e~WYP!^L!4C@-g)Cr+vHx2e>D1ICN0~Nb()FG zq24|tHbcxtS-RxzxoZ7THmQw2szUiJBM(V-EBhURc{?MGg80o}XWnrPWAtI?eWm^B z(%_6Mh4bglp{qL)mcr4DHgCT@jBTVt?8}P;c6AH8FK5v$dEC2ODXzb^-(LG9X2ln@E80 zr_w}?k<{VGwcnSQT|of^$YgXud_fETv!kMimyXHfg5K$VYJz%I)wY`p-l%n@AbP(A+{C5nZviTm%Qg)yhA<53eZO2+)4DEam} zC&a%x@3%=0c^1D=OsSekROR`Xi`vr_ zZO;ee^U+u)IB>Q60(@^DWtV>qGP=|Bs^T+Y7H1gFCgmuV1#2ExolNqrwS!GYG$c~e zb~-?5G}6vMG~zlaE4Ju8(#3)8 z8h+9QXBw{ERmuloTrhTuOL$WMYXp?ND?N9uUOoHq@oahB?;kB+f<5u(u|Okb;xuk4 z%hKgew035BMp$!#@LcB``RWjL)4aP6x1d z6UDd0Wg4H*$zQJA4yf-HJX2lRQ3j&+pn6ImamxC=$V?uL-C?JAFg{ji(PWq47mNy*Pb10 zJdJS3%g8Z(T+@}{vPt|>SUN-&yl~|%`SK^%t7$c@D#)~a zsU-6CF-(c30~G^AbZhiOo%~>OvBT#+WH~|OAmYrTNm_rz2x`BT0Hvv%oA?|uvxx*b z4Fh902^iFeuu~L2!N}8}E=@SA&Mt^ZO#ft(idiDwoSDR*de(khS{v(HJEu1PVh9Mn zoJ7a6xV|8}z->p`D~gWEMI^)~itAZF{2VvMxzYxRMij;zPh2KbNpdpro1Pk$=@9bQVA@VdNVq_PAxR9FD*&t!_U0M4`>qekaMp4&%0q~ zRe8C9ORmipK;atcj25XJA;i==*Z-+8<%IF=sl;PB%3&c;Qbb+1ZDvinPJxUv_k_~n zKNL;pn>hFEYKqBa6o1n<*wEU!?Ane$#aH~iHTH`g@cZW2DiWm5NPmfj}J zNf2833j0_PxF7|`6H}?&-z&M^eK4F$=!wd$nDM8HMsl%4Mx6vDfh{>=+yEUP*h+6nm zugTM-#~$CP?^N7#cP$Oym_$^`Oxt;|;)O%7^W{Yuh>({iUjYi&R2)3;Vbw zs!Nimo-v{(Vn<2}Rz=1|!cdK_l)UX(cKdQO?v{}?gXQEp1K zX9wy@hW8967s0SxvW}~+#`A;3*%bQYBoJwa7U?gaWsU5=gkUIV1xn@$*H9{sl<-Jj z?lxWvAPr5zT;mJHq;?5R;+dA7=W!)LdZp4rC}<&j3Y6m}Yt%AIu?NGE2#cmlcTVo5 zutls8As;pqUaKQv;XAseY7z?R$P6nc6`QY%O~NdIjrYvK5JV*ZUV)$sP=fab{!Ahw^fWFoXiSOqA2o}Y{h_Z8i`$eg(luB8auIWXp>cwKow(=q z81^vB881lZVAnOZ%J~&6naJI4j9?k;L1}(17Hupvv8}UX75n~wOlqoMX`Z!zb{jC&~>%~SJZsp?z@B|K7{dH0Hr{;I{XZ%XpSvnVI{ zV^(8w*}URMx7KfYPT7A~Yjo=7DR6n!DmxMC=i741^4clKY;PEfNA!$>EvZCX#Y@d= zN{@W@RkS%dWp>pW_CA|ATA_d3{n+0b5mjIg6>71OxK^NlR z?FZo3HsJjc3a47X9A;aNek1J`=E# z@(3@V$H!^c1bDXjxcRtwLJfN3fw$L(t3e0dnERd&`XDUtFh--WSxWaV78SFrNvFDP zANO8%;5f<-JYv|-vRyVrH(8!b)mgcDkb{(XDakq=aD!(bN3ZQsCllR-F9pt&Q(Ftu z4O9G`hQ!tv*47(YS*EtOw*MYict4}!UI5^NiI3A)kB`%j)f#x5_{S2)2aei0!E`5|sno_cKEe`qH9ks$8&A#c_=KQODm)UD*_^mHJmYks#V8Cg^Z zt%9Zqwlw>EXu&%FaI`et3m2)BmnHaeR#E1Nj@729>&i-EK<`S4p) z_$HNj?^YwdXT3B{L@PZ(O}Yba0RJ+y#3fKZSr4rkjY!>$MdpC=ZP!f-@N8Ji__Q8u zm3|2lK-Ao^ZRS5uv5$E-i&9*I8NBUmzsqG~oR+r4gGbn09z;tdkF-geYvYzWLTao` zbCHPaGmgJ2{KMea+Hk(Q=D#5NkSmWQ*)xkQEK7TvDxYol=Cur{G+7Yx7()Mh>IAhX z@J|ewK%q6RvtyW#ebD%{8x>~7nPla`QS!|#jdD{6?sRcqPOt;Yy%Mm9d%oPiKx2*Q zG!?wSM@W^!h1O%OSw&~X@y}WN)X}~zDg|iuIG%T!ov+nZ{a(+MjjvS$`&xnPujktj zd~Uf5$gG1EBr8WsD2vW%3!-M6rxRpG(~0Usw{v5y7UnuYU#v*3BtC`rE7z8R&Rxma zL$w-lO44rPip6#JP#JM?jI!O>;>PJQnyB{#lddn>C6enzf>5(1 zxq$}vW}|6UkOp2YoV`YSVA}R{QSU^+N`6d_MJv)!Y4mDl@->0k};wL#0{22NEv~Io^%xr`R<}Dct zTH?a0K_i;g>VU7AsBCPD(*vah#nO_;O(QjAiL(^MPza!P)$;$bbq?H-ZH>B)la4z! zJGSkP?Nn^5W81cE+w9o3ZQIGs-rqTAoICEVpHMZ&sx{x|#Wu8w4+QpUC(<~nH5fEK zC=~I7+|&=YQZ{Qsxp6k_k%|Gk&w`1>$ZNGQjMQ>6oS~9R_}`s?UlGY?f8t#4ZkFMQ z#pf&7EPpnZ=IW`+lo=1JnSActIxsf;bUVY;iZ&dBm7Kj`}Rwhqe$mArlz*!CYyLgy}q&0-aaR zoImNIpsBt_uf>rwwwkx~%_@7}>_EuVmrh%iV_o~}d^79*pu$iF)EK`?mFgK--BkyH z`2C9NNK)9guoi$Xs<#P&k&0P_C0djM2O}co;GWmzM1pAouyURzB`FL}KB*P-nL78tgRX_IQx*3FDF*^_4Mo1pB)PvaPm zKLaQ+&W(H4da=1lM@ zn)xw!)#wS_o`xh{e|4{>nn|8}hjOLrKM%Q}+9VJ(ag8`+)&I47+bW+}ItuOqik;>+wk{t{@3)ede`vdip(yI8=iQB~FDcmqh4Rt4Au z_(({DSHv3MAWg?G>$QncNe}#knj3g&{iNNhzfS=C1B?&?5yaO$>Boxcz9(s=6GYCL z0gi6z-RNXpSx?RNlOIz>DBROFsRj}SGjiA8b&6Q)b27PLSB}Aby01>>jG=nljY-j~ z@_xoGS9`H~ZGxMJ9OBpcUCZ+^_HuP2pAIge*dUZE7!Afing9l#(#gO^Mf8-UmY2|3 zSq3MHCT$jGb%lHRZIrlO9dAwB|yOTel2M%>8~gbfIg=-*kZ2J3hyWp5pUb$bZhrQ zC7rFu0CdP72}dmp2)%@GhDFF1N2!R3gHw9`$=6i~gMBd_gC{)sAq^K$(0NS4n*%>x zTY>EhP>uQZz$a>R*c6H3c~rN?c7n;!ZmG~ZRI5M4QYsEt+l~lrFRe^ymz8Dp%D`$! z$i6xiRbXC#?mE3NDTqRWgZOc}NvQ}SS%Oz)b)zl~9}xnSvkYXqy4j(mumPGaH{+Y+ zf)!v7TypE#;GmRio(FAoFw$7ig{!Q<7w&d1R?clHG48+o3l43yO5F3VPX#+pVN~3+ z`G^pE{pw5}Zt)rIH>g#&1KHgEVo9zMk+O*^CiIt?GUMB#I&HR~kime_e6216)HPnE>Cq{RXnu^4(^HgS$e%|a3ypu%!F zOJiNbu+TErMWYa}RJ=|jp<{9h6ABRVeU&ySfGTO)psVNoE#Q4DB|L2l4td`fhz>gi z!<6Zjwn<=aB*Ks0$O02%({uNm(j`c(GSVn^n&yFl#HH=NM`4DpQoHQ#sJB14!B%uw zVZ1&X>Q9^4>z%IbuwL37*uYI@0YJE7P;rH~Q;&}tKrnbKIY6M4M^*{s1SOlA@j5MYq3KI+4N>~E- z#B_D~)QW-hP@pB>-Hd%Lreqsh%oc;Mg|VL-;6}PJ_hgtXmvKTI)P+8)eq#${X|G~a zf^J$`ZvdS_CVs5ULl~VC;99M;lnu14st zkQYggQsZt|r#;aQx|C2x{qVDA&t5hE_v2<-N5(96s*HPCV{#f+?Yela zTe@nO1@O&zO*8{`z-Va3g>Cg3G6x&Ya70;lC_YSMBl(GzueBRuG3`UyE;LIrDr)<6 zW7yD9doE7hvgoIDnK2!Ij#&`PJw{IMH5oFjh+)rueZOUU#cWOf z)JH4 zQ5k1@-owds9brW+>dXk*lht$?QVbQ?MIbGIOamCOSWxMZ>&{2O3_~&ajVXv3@_{fp zvUFPCG(mw<_hskGt60O z*upR1dmAQn8p5!;0ud`h>R&)C6jY-o!3qlMDoSW;2Yi0f8+{0Go*-X1=Z*}Q>yvyS z>#1{;I>)~Owhz%BhD7NuPN?atP4ra28{EdRvfMvIP~$0eQ~v5znQ7k_S)JV6?a7Yr6|MfSH_(n6<%^II}=gR*c4q<@!ml z9{LF8d#CsMbL5~EM{0MIg)97H;)xTZ(KexI z1v-i!bBhTKa1VV7`xsOQltN}wPO4VPFZ>uK=;Yi1UhkhQ-D-Z%2AW6DYQbhP0_J*L zSK2eoz191VsQJNoE8TX_M?&oLT{;<8P8LWmPcq^j+e&gRJQBAh8y7_>nfMyT!H+4N zJj{7!h%ex}hd8N4g;+tq3Pd>qJczw;OuRCj4~DG-gcanSh!~7Kq;D3{IEu6r&fg9; z`wnfu0CYT-@4c38b>DzeSRrD zR|tWs_J3`xYi6jUc_xBE&wont5t@!0JbTcB0qz&tdHi0Vl41SQ!UTDMAD&xHdnM`DxsD{?62qBW5rWqQg~JI9XN%2IPx7 zTukBUJllCG?7_p{VIhIMv6#amNGijKfv*yup)@JxxI!R3*GSXWNXo-c8A*b~WY|<{ zff3%fJ}F_QnGYw{OV0Fjn+5cDM{Vl8zLnALMNbH1ER*9@M`*Z6XG7iXDg=QLm%U(M z?10{9NhVDtWv8YsK;yp5rQZC+crv$kskjXojdx>$J{)m*KKQnKGgLq5*Uo7+1f>!+pBijth=^it zr0zm{t=+fomw;lB?q2Fldbav|w#|xFgoGk7os#lr@kQQ;$;X2Id$YSM*5McFT6Acn z{hc%kGWrZ=Hsx291rmkn8Y2~}*fK6zH@+OQ?|YLgvF~gtreS5G?#+b+W`@88L%JP( z5TO_rwd$New7Qz zuWnOh9PKg-!%tEwJ}Y09as-TO52%cOM`d+uw|_ru2O;GsKmqSEBk8(%j5z5BB=8E0e6pTIcullGDCXOfZ?99;GVObOnVUKgUnnOT+o`cq!*DW|((T3LvE zr_f?)lTc%mfn=Pjfs}JYZxA_GdY*@Z z9@0v5Y&=B=d(1aEKnvX|;v4f6v~4niXm%W& z-26cSkqpE^8UzQU6@Czl5ys3yiwp*loXR2c<15JJ$a%?m_c;YpVHfAumw0=4BC{@x z5NzGHErflEimJB7n+g>rTBbTvB&Iru1pgJ0i4Ud*H=>j#|E*lsMV-F-Gc|To7L|Ik z_ROZy9UYgsZ9ysceLx5fc1|8dn}$q8Ytn((}BD1Zj$RmmLQhJXtj-n^LOGEzKkk<*qn_ zZaULq7r$$lQ$OCy#@hUpR3Wjg4^w=?I!6EIo_+ zKPjvKcyUMQOtZ6HrZoK4qSp32ISwM7Nyw9!I(42}5p)ln2uL0%PO;406Sm4x|vN6=t+4wg5b zYJ0l1Bv9F^nux57Q*~N&t}ysV<7+P{Fw?UojK@UNUs0$ps705|Los(hO+9G7#T}cY z`seiMprGP(gWpya%SEvca-3L=zhV-jGuds6ZZPUcMyoxKPxwTqdk_&!K5wizKnSxl zj~PiXLaL`9%}Bg!wC~ymuOdO0t4?PT>?*E1VD;7Y=!ci8b>bIt-Qm_o3@0z=#VV!4 zdbbRxY6;3;^U2rDF5~A9eb&cwjuz!3thV+7ED{%OcM}16<83CZnRa1X6zwWP%#id= zK>M*@(kw$^8*x2FX$35ubfgl>A%h+`18pZjRBddmy5CulmA1bJHN#^En6rP}xu7K2 zKMZPtFd!_h)b;D$SohWAEV_O!A;ql#7Y1tmcEDx&?U~;vShRCBL69ocH*HS~`nQ{n z9XdGZfzA>fCe!JVbJuDSOM=$OGKh3h>5l%$y~U&>e{-6Awv=cVXwZxc&cCdo6Dn_G zTb<6}zv1uIMfb-w?a&1U{rM&G6w_L7PANfBG!8zK#qgr~piR)_zvG+<=BwYeHK!!<Zz2vV!peu@IjR<9bW0O{B33MZmHyAkl0i3ghRtn+w0Q zPn0~4lWRykH#3K%23sR;ws29=hjjcyx>4iZ&(|**kjMQjs~6AIF_$F}qv{6Mthc0y zR66HTS!C+Z?@8=L+E64I*U;a8-RLh3SS1pY;C`KWU0v%YA3AXIajr1!5hjKjY_*Ey zy6oyorRQB|1^-pRQYN6-FhhYS)cbb!GLE_*OW~gQR$)bn1S)2NsJwOKUv=^EaPYoN^KJ2PaB{L!=_osSuF(=s zbS|#a=lFj^s7V zkG*A26wVJaCWjn?G;z0?YA?Pj`&n+$jYm2LJh|9!6BR8{O>*7sh;T;!QM8$cGb%-l zY~FKqm4$adnZl_rEP;kQ5$rMPY%ZWx)tI=g?VzH%cwGOnY^>=R7@SY5HFves{9yYV z|NY6GfMU(-RBZ@$Be$}G6@md$Kas@htL5#{_NzlqiAr!|cc4xM@lb(WRZOZ?T(Rsp zT;g$*xzzYF&_s`{BbN zI^Vngh7dRQ#0=eN7! zV$u*AjEqfEYPJ7vEJ@W-3RL7oGvS zG0Wl)f3W-cdZbGL^w{v7-q)<>YoI4!xZnh@0mPfechV&a^(IX~RECEk0G z=AnK9E_wuns3)sHYAre#vnwBrNdjI^7FK0VVf8$wrEFWh#@z6K=j)t2- zm!*#yXWJlM4M8fF?vzfc3taYPfHNMsQ)d6o#NT&*8KiZUGX9lsCdtRk#mC9c%eQ*< z)PD77g+B22X`O)M){mGiDpRs~QsTV(`>Vbp^u^C|c=B1@%5suLpl+L7*7rXDeTg`{ zfsnbA>->`=)+DG$7d3aM{L%j`T1JT;o^|JUQz7*!Juf%4F-6}9yK|chRe9@i}2weC` zEj)S`-S~u|h?t1OFd(uxZ=^Y?E$|+hOu~3h8%2BnibPBY>vo>{aoMLkAGWxM&SfXI zL&-Yi*o~A%Zwt_5f_iyG{j4KGlGffGG3fB*y^{Qxb8Y8a@3Ke=B3hJuq#Y3(Z7u!= z8msVaL2!hCBzF5_?&5p48wp@e`b%(6Yi!n#pb+TaUmHy)>898~M(usDse&%+m=l5B zAm$Ex_tI7m@ue}f(bA|n!73Qhh5i^HhU#WF%<-^u!ySXu2s zsxI{A_~i=o@=yu`bkj z*EU_TWMeAesU|n6v%WR7u_aE8tH6P=Y_dr z#nis+p=)uP1X|r}C~-pSqC_N3K_}C(T^Ezl%dA8}#7|or;9BBnz&Z0Z&gS0Ou~1lR z`hih_7I!U~eYak}yZsIiN>5L5`s>=pw@`%1ISSarUl(I4SAx<+v=0`dP)gVB<+HbT z583fqXwFh^#y=uDPS?%^Qb~d=JVW6?ByU70TeLF`8asOwh$wI2)%SNonj>gf0YCv? zn?IIvx~tEJ2!XUIsDJt1)hRswxE>6z4H3u4qc3FzPzBn?p6tu%J-L3277+3aA3kY} zX<)ynX`I^5PcpgVFKU;dHWbo|s{xM+1X&%BlgbMbaXmr*Q^j6`8zf!n*?P_S1xR2G zk=kisO(xMbw+v^@wgAu^bb(M@4E-<|K5_F7?7TZUST;RFGFux7ym-26>9EI%MW`6< z$9JHE_wv^3v7XGe!i|k@siq=ux*VyX~Zv}|ga@fu7 z@0@lA`zI-IG)Jo3eO3`X0$l2?_b$_w<#GLH!F!|T=*q}XR?Fuq&G3c`y2I~=i73Wz z3wt|x!H$8G2*oh*`ER|vwYan!G5M#iw`(zqlRv(9U^Ay5?ghtgS!cfpF{R#2NhEGN zbR|am`Q=#iioU~|mn_$jXyN=S#Gsc|LLX9Ef+A}}jI60^<8iApoS;>N5 zH}NTda!2f?4Ouoe&ch|f1AkP}^_6mXmRV%6{N-5sV_9o=v9~OU?CgbOaa>!JTC|Fm z?3UpsPa+a)%MCEu0S8Y{JG%tV$dR;IT zKP>HD18q_dwt$J+ngCURL0H6Di_&0Xt$_bEr*|~#U@@_?JGAH|x@bQMfbYm(oilV# z(K;ho)1UR(Tj{y(wdPh9Ekg6XIwE5^uD8i!eY005&TdQ>II%5#`4BPl=;9#**L2z( z$5#i0%O&nAF8Cp-bm1GwuUMX=s$ooc@aZacXxgMEX8B`J{#A67gP{KtylGh{6tymn zkqALN`Wn&c-5QKn_KSm%`6EXyftpf9TsWxPuGVZwDfJ4t+5*X)h5 z3i7!u!6+5jGnSAD)w3^;%}iLK8+<6mfT9f0HYy-6I93`?NB^6Er%zd+v9t%#oyp0c zXDL{=@0KC)frf=hB)s|+bV#QGuo%Q_@0V3w?`Gnogb!fDR!C?6Hiv`=$6rBd?%!jr}WTI3)5!LjB$jeJ<}|4Ebe|#+p%@o0~^w) z>f5B@BVL(x)o%YZVqKdAx}U;`yllPSJLhjksRSrHb~aNy98by|3Q^CRWSfuL4V+uu zK_$6mBKcWtNy7pz zp$l^S|C(0}toB#{TkG07Tbf&Ljlc)2tj#)BpMez{JuWa)u+izCbwTu1$%)~;^b~Jd z*eGTw!|m=dZ7SZ{t8m55vCbSa!$bMlWOl0mn2V?%+}*ux@ZCV!LN*?O6-Y`xgLe9@kJLI;Ry0?5N4skO=EyLQJBWFCi1L|~XDx72Tjqp8w^F#oGG#hd8KYaH z_@tmYci5tSJoW-XUm)_f<-v}<9v_lqx*Fni@@k&v=>I~JM4mHWW>#vaK(46g7^vpr zR&*i8>RiqIARkZHo~avy_~XjkWt)cYQ^fZszkVTe_s-p4y!eT)gK&EBeqOr#)!ekG zeen3Dn!dI+_4eh-Eq(E|irX>OLHF?1{6YE=@ML=Oy%G?PHp$k?WYJ?Pprv}y%w;3d z6c>uUQweTFCIA=ooRgvEXbu5*Ts@9CDEbwNj>a0l>qROB_C@4Zn5J+w0|%-4@L1d~M};=7kEJZZWQ$Gjwbdtqu(5@1uuzJwo5 zN?_lWN2ja@5vJHM*WatSa^L9?QzXI6@%$Cpx4jm1ms5)4lJ~f*csteYa|Qy6cCH zg@MHx;Hy3QsOQw%)B>^L@wX#CfG*DYN90hZ?!n1vz2eZXDzBwiJ?Y^FYA+dLQ@D$o z8ip@^-oK045uIvj@Ib!oeYv7vGJ?-9$J-gLiBr$r=mD3U^1c2TY;YgISPY0NbL=yBsL| z-L>6~vuIk>M~WJ*rYO9)R(EM9+yrQK-pAdXgVc7X#pb^kqYwEkEmU?}+t^Uo3aM3H zyv^0d=kNTw-++4bf27X&1HI-Wg5^slbLU%*n7 zBoMmEPjxa8U_*V&H|8v>(^c+fKH|-B<)$I(1O0;VyE`)Dy}9$n?hf+=`yaH$fosWjHWkuDM~+?JF|B97ii)}z|2Cz3xozX5asjN zg~c56jMw}ZY}wHz58avGGoI43&<^#~N7b-Pi_JzmfQ?gdT+ z5KSnCuSPmAH5!xYwZ3#uuU`{oxBgbI&BucFV2s72qq)K?4aiHiqw8G(W4$*cE$9%WVDcF+C=`p zlr)B8<6N+Qm8!2BdNP43a~CQFg-~*xj$VKl7|tOQH~1Iqhj(B{&Y3X04+p*!MOF3nl0=t(-Ed;XpZED+EV ze4Yi4dGzRSSEwVuhF|RbVxY95NB57U`CS_qfin%1Y!}p54a(JC*x5VVl&t_U7t)4@S#I+Yd;O&?9qNCN(0}(@V{gv&&NEBcs)Vca`Iox zKK4DxMIYx)?*>hLy9D!bdUuv*Pal++Atr!S&+x@%7&7gOY#!+c?bVTGdkwvF4Ystg z>Rk0x%};4sQnDw~-=wHv$BI2gljHeW;LilK`K1ZdL9QRZ11I-Z8gVFkWiSG zn~2y7+Lz2XQDdD|&OCrhzY-j^NZ3NIFR)&6_3wSPr*j}|x*05*bM3pU4%&fVL?g^= z_h5N*SetoyMSw?iA;+a>`1)YNI2I$G3mbnVEh?RZ*6P#dHlXPsq;Y97@Fxr!)RMIr zSB9<-pz~;q%;+5cq*w`SoGH36#!d4>uX|Ab25~R?R`Coi=DiUA0dd%q1trd-7T7+p z7vn#a_h%^}qv%#P3X)-}tirY7x(3%^5F$Hy7vO5HPppFg0o#)hT=4$%qieGNP2q-g zC5zAfE@xA#l+1u!1Sw-X-|5t}J_rz%AG?<<&R(8ntDCY8zT90e5^Y1Rmmu&{j-hNH9*^fHO=vN#`%9rnd^z+MXtRud673*_S=~M6PiwAYW z&#S|;#(#lU-}_crXt*$?NmHUxr~akk$#CH$$N)8nN*i_;%CecgY zNJJ;GHhnnWowc|o?Vag=mHYUssIkUy9e zkjap2hJ+0)B#u~-*1`=>2QL1*_$Hxag5f&S!IZSXh!;pnlXGRZ^pvrz49`E891c#& z;$)Ok*PSEL(Og2=Yb+BznIjFig_J=mrkyvQ?=qpNV+ zC>B`DJVl^U3c{busI0|ti2gjF40R@}k-XT%e8*s1z;dCs1n*p@1kDt+>a?@DDBrfK zR7$C@>>o{s(6qqSJNppyqJFXRKNCNx&}0N8}?t!stW>`B1j8C zt7D%5GmM#25E%n58vS=Y;??}QzBUs}zWz?Ut0J{oAsRCSR8}9RRMl$G?J8`bdb{mP z9UgAWOg{{HWM_DW@0z_{hzlqMY!D+&0xFY``HEX->Nu^~1tSuLHf{6*h?}4ABSMaR z{VEOFs^%C4oRI$sm1N0buI_n!bZ~07ey5qXcXIswoH!>lB4g40a^sO*}Wsrqr@#3`YZ(Jd9r+Sc6Koc-6Dg$0Qu_VXz1{Kxl3oEUg-w>ry!YGcE^Pf~+g?ckjvGEuP99HH`&1 zc9oU85xI)ANCw6F8Cw3{X-jm&iDmPQ_0#xjHo$!@qD1L(0kH-oeBS4c%=O3IqU`l9 z!Mj-z;of7cHVPSmP2)7yGNlt6Mlc)j%RZdA`=eR#=Nr5ndkRSb&o7#19ruQtkqQ}c zAqiK1FS)W2$&0P|j)CPauMGwe)p@38aL1B`;h5Y0fT?|G7Zx*F3+I|J?$XnU02R62 zzDv9trr1~9-JKv;0!xi=UNs=f6ZexoVAU$_5$t6c#jB!kYx29x79U+2iDhVcRjoD> z8woW>gyx6!fdLtOh8Z`!FWi6eDhwpVsmyO)wF3D+ylVfOS25Kd!nF-{0~gn5Jr{mk zvvLW_Q}ZP`&5`y>$w2Lv`!5n>+jM{lrSLWd|`E+Cu@isI0p20*R9If z25V3359)zz87@Xexb>rHPQ^H@s-v9?h!emOG(fKV-im=t#q0;_R{SM(u~{4i0}!)> z%Ru^;12q|^w>Kz8!iO}n0a2Z60&=~p_~D*^>6g>snMnKo#KSYS@?!l-Axu4x`>~!b z>WV8V?AhMGs}gcG8;~kA{12>3`C(&=0uRS6fPsz1={4clzgEG5Vm->R9oD$Sy}fFE z=?Wp2Yl`xrBxDBt)KD9=L*rBfHTn;%virYbRWp@bh)Y%rxow^XUQ$|v>96i2{X3&| z(_`&%S}J3w6_g^izw=xt*_~V)-*JE)*Q@>e^Y`bznY9l^V%yZSdJ2g)&u`lUJm2?F z_7$#@vk4(N=4&Hras-kp^mBXXC7>B;78co^0Q}Nb9#a?V<^XawlfCM5u&X%XB`NAwNMm=cS@oF%lEN8-g0|JbrxX}^y0rcl9&%Ydt z_MyV72cY6rwZ2w|#tc2ZVj*b_|WEskx8MogV9_^X>iT_hZ8;{vVag&QfnI;``tM=XhSn*%#Sa&hDM|)5hb-X`$;B zV7UKKB~EZ`POj70uFXCh13pJ4P!(sBe5k}N2Z?xB?8Rk-{qq`~Li`JS=PkU;>?28Y z#{rFw>uKoTq{VBq=2;r4LL>*EMb|5bFZ93Ywz<*QQn z29VqDB?+`<6G+jwudDqQh=~GRW}vJ4IHV^%7c+w|_y5H|bP$$rH+}sx9glqVm&9?l zV8;>mfAv@uLMLqW`G4%y-{pfMEFgYM78bZaK?7J;nS* zkZp74zp#;QFNQ?ZGO?`Xb0Ttv+P@5*yq<0k$rxtplQYILT4DQ_eIPz!*EdjQs;RG! zMRQ1b&DhDdi!K-~Tiy8qy27@wnqsJHpu+VG~5XyqV4qM`SvWrcwTxFCd|}NQt2C&AODAYbea~>NoP@^wOgG! z$OJ9h)^%Q|Xj5iM4_=CgKW(Wunb3Z74{lKr4y-3<5obdGDC*&BB+ z7uIj5+nqpTs+iAbllfRC=@z2W^;4k7-J(|h)<~!oRl}d9nv}sjrkZX3obxzLeHvnt z-AOdjO^dy){8N>B)<)4(Dp+}xE*()3@JFOImWO^al#Suxd>#itk3C82F9_G%)MX_e z*(i4Z;&$n`WIq;j=1%Nv%XPi+eJoIq4xm3PdxW#kY<{wh+PDSw6`94~d0|9IX>ra` zz$Lq)eumZ9O)OQ zLDDbL=)7i6+GfoFGJv;sXp*TjIVvVi4<{LXY;5?Zz7tH*r9bD3=7V_Vfr1)_v<5o`)vKpM zqiBUQ$${c0d=3z3?VO?cBeps&Da#n^#n{Mk{=c9@*%oXkMzFLm1LWRtYb6bxB$U-Oj}jgVry?)((F^x9 zrwe}B)6x2ON{EsAj zvGVbEUif@TH%nc`wl88+tttBz(D#4gk)PC;K3kMHA4wcN&?= z2G1#$1@`1CX5@*6seefVJo$e}LNL&ONCIsAsR8RVfSgM~&Qds+!dKCNq{`xr@tY*L zN_>-q{Dgl1)eLCCe(`4Cv?c9uJ{T*fN<{Ym zaSb7zRLXx-l2s*fuKg~EH!8^=VXkYvZ!%wodvp$$Q@-+Q~7CRpE_Vg)^hLBYs(s&r-IqvkLy-H0?%PbrsrVcOp4_GWrx6%U~KoM z`YIqVLPNRAFwZ#CE5?on3GLh;n22|3uMZchA!^2k{toNy+H+8K<$_EzQ!*rLwh;gq zu&793>Qk+72~<)BGZ1dsQOb{)Hd~w|`p6nVB#Kj3Ie982h4=YQ0jpJF3X;Kkq9Dr4Iwzs+V32Ya-Tow1y=8 z@JlHSLajxtq8VT?b5@vStBk_AvxA~4XLlA*@DI9Ns;o+l0ZHqD!75T0S_VpXn+hqx zz+!6*X&Cl(#`|E&5LcAoV*pP_Av49arPOfrzf20c+2&Ao7v~qaI~u1>+7hGpzl2?1 zkzXe)t_XmIcWYW-J@A|Ck>e^mV4*qS3pJOV{U=(8=5q0pFQ8w13@VxaYC2O$DReKy z#G-Ni_@1=d!U71S>77hM zb+(Exet&dqD)+jdL%f@JzJ^~9A75V&Ul+^a$eU|#+&s_d46QEZ7hH@@|9p*M^|olM z&_eeWoV#1g7044@T?$~Sf4G{lWo(LU9c8@IITg7 z1?4oh)^LBn^IX1tJc^iDog69Wbdz+QZtyXoa$-evf-SC5+c8*KVl@V?{;>lAL56dI zI3NMQmgK&p?=@^k|3d*JxdI=q{zCy?R6$=3nAkiklw-}j6m7B7sqb)l;_iUXgeGaL z*dTB0U;NmAd*bc?Be$zv_D4>)i^+S&to_7yN%5RA-Zn~i4z^8n!PApgp43(oGe`$t zr2LJ_jFz;IegIkk2r_c?6J4sPn&*Vg+|d|v)9MbYto5xsj0+MOnKg&7> zveQk7>o^giq=8UPpCDNmJ85qd6%|aNh(<{$)6p2LrNQfb77S5~a3~I@qC-Oud+Fd_^<-{!F)NO zn679i21Z93h6OOD4v?i9NGNaAY{+0A(WTxO>vW)iD+f-k`|)t|;<_(O^U=){#OJZB zdx{A{dHgxgYC!#2KO1)?Ne$w`MraK;yx4qw&W&7EXvmHn?BDxQ3 z1H-1hj}Y; zAiZ<-BSse_i|;hRJYm(i>c7-> zl5u{jQk|{7nc1v^iy>;8wJ~pw=FU*2#zYXR{qBc}B@K=j8;iGx)%tg5{BPu$9k_=* z_~hhU@pu=N*85Y23hNS@j=R&AoMY$UIN_~e@+|%-pkOFNYlz^9#%ovqGDjZ+$sYw7 z$FBj&^}fxXew9#X^)B3v?fGl}CJ>;d@^QO-W;D3m> zd2SC0rjq@}INdGGhm~yA`WK-f{33=B5rUKRwVpXvoy)trYa(%{QZ;UFj~P1N7V(v9 zzfXIr>3GFj_Jk*c1bqiKL`KF4M4e{}Um0Geb304Cq$!4&_=Z_brqN~O)fl48MS?;~ zL_U(o7eXf{q)0q_Wk_P8@5nl&C;hBhOuC_<1Ai|>_5w!L|ht8gGWL#ku3!?%^ z);a=%#D1o3m=QokO~veVWS%!Zf96vV(tZUcO_jCOay7Hx)J zftGb0W)97BVP_T2eTnaVNa9QOy=5XFf7~8C=k(p%{Y+Wr%e%3)^QGdSaD(ilj`1xI za&y0;bV!-;3aY(fR2+q~&ygJ6!>j$KlB5O}`*Lp~_PLW0)GBDPu+R9cU0$6GIyH0l zVpz%zTm1(S6`gv3qV96*fi^qviG=anDWrUcWbf6B9{W=u`=n6mlwA3Z$2I|1pBs(J zvm$*lQ1&F6a$%|VyMol}R3^T`J6}a8!vmufdTlY0DThUYFDbNbg08dIaGF^IP`TOc zA*9168q;~P;f2T#9V5>xM%&<&K|xA%m#*K0EvL4CG%YXNi!*5(Mgte_V20=s!NCj~ zyDluR47~0d%Z|{+2nsL|KGCgsMtl3xs0_f?^t~$rpsowz!KhT4IS}hm zpv+R~-jn^OeK(wAz**`0y<|W?2XX(ol~deTVP%#TY};jZb`&%R4Ok7_&z|vi?O4-EBYj*jiuGj2mxH}>UPe+IDM@P!vthGf}>D{1yeW&kke+*wB zB<05O!zvfNOkL&MwF1~t72{%^-NSCcg=;^Sa^+6Ho(AK%>xVf}QYPI`^5|DT6H{5s zb2Wl;<6pDjuSZya!kYQ3(WG!c0PJIi@*OgBewN31mhUVQKC_@iC3Z+c3gtHWoKD3e zlk7?h1y@x3lpGmK_i6#kz3iyLo0FYOH}Z_O5d$7`x;PnRq`?mM2$a$GaA}=nsqE69 zLr8tKtDT87Or|m^YKFF6-$mij%78sEgjAuRxRBy5^&C1MRV}&&U>anh_HZeH$rep! zGqEjvJ_CihBRlKq+RU{iOPSE26#YJi@IP$$fD z=opFAS)nQu&3aRW#~Atb*gTz$u1RS!YvizC-Fy{f(Xe+04A0xyaXl__85Vh6+O4Y? z%}R388@>#jY(|f!&26!u1d6I4vZTbafG&YcoPtzF_sc;{>#JyU z;1f_hsX6X|<{F0X5tNd-fbzt}H~6&`{k*jR8>9~jD{m}?g5J^Fc;)qS%ihV3KSlNI z3O?29x6mPo22-n!_O~#Hv_oOh`*A`rgIsHx@BaXRK!3kVOZmrKj-(7wc_Ekg{oVOI zJU`iEW&gi$23ND`>U7QskX8O4>#x`H{vR8g&+#Ab~3X%)=fQgfQ8^aZyktPs64|YRm=CLy4i0 z6OC)k6o`hdKk3BdRq?ewErz|cYcS^}Yx3e3_la_m%QHXUie5Dl%XP8JmF{!VyYq3o zbrHJ_y%*zk>l_;FV_ECFF-Nj~7B3&-Q%C+2Q(adEtnmNXT7OlD{{??P%YXOrG%Wua zWWPn+HDt-|0&haBWSoQwWj%t;3JUgRwiD`HT=5&6&1e zUQ%mu%#}^NiTf{@C2o_0U;ht&mB|ok4YQyELmSK@z{22G6Mj6`UZF5+W8`?iEnr2* z?>&?!Zj0%}at-Ngu-4)kmA7D_*J;sQ%LcVHeKTmLd+2QK1$Z1D218CwhL7dKTSwJQ=oc?w;nBXPmyY!XN-3tQ&BDd9M1h{(tt(`Mx)=6V z%&}|F=j3a1T8@%7c`uyBB6X>nlqshIs#_;)oR@A7_Dyz}6SK$_`s6uPG>3tx`%IHX-#^WL%*}O)vm?npbjq^apqh5Gzz^D*g~OaW7hX-USLKz?&;j`9b^HBa z4i5KAAQa~~RjH+aEXf_3ck<2W4XwghHh~E6ZzrdFdVqgXuH|P>>dtoRj&$FvMQ>wH zTlp#6^{B)`jk(Tn@cyKKRx)ArJlKthJ~^GElf19Hk)*SZ_C6f-&i4-T%Tn&F!a9`Z z6|Y<%hV;TJNB~p6e|UOwa<;p#!GWepbenp|y{0q`r$fQC@vC@SCthWDX|#=3GmUgf zX6^kbo$u4TO7M2Kiwr5?C7k!%JJK57~$N3)d7 zn9+@4o|>WPVsF;8ZA4-D_)>`uB->fU(&k`)Cc28%V*2%rIs%C2H2T~v$3U)q*<(F@ zRTD;g}(JBlQ>s-sJV#BhmY|7&<<3_*ZS)_EwM@{RVMHRrS zgj3@x*TYv-Q%n-t9f011Dqb?tn%7lZbuJyf+Md-GTwuiud5f0yV{amRb|QS7Po4AM zc_Tnq`2THetiR63e}1+7od5Y=o^S5|_ZWgb*FH0T8X=!`K6#Jg62sjEelE(uPc`(j zGWnVS&}qnLHD0qR=JMvN4M|>5Ln%KC4Bzgt+W)Cc*v5r$7ykci8-@HouU@S^@BjDm zG`at)POy|{_S~r-Qu77g4Akt5l_tV_kBIesJ$CtDLO;C=*nIrg^{w^1|L3c%wP*j& zdwK52|1$zXiAMy}dkHtDlu z97f*1C_J63zoL-36wfaH3F0%AGTTJS9NZlY@W6;ln$_M2a+REow+?|k>J7I&4Z5-5JAN?lw{LKAW>wohGfBuWb{=c2K|7?Ix_`Lt$$8+EM-?QTPv=qM| z2=WCVqd5(|7$rEmk?pVww7Dg=vtsc&)5zrT;w(N(2v6~`+W(JF&i4DAh zO4AbUc4ivUOJ85VlD4lg6LTvgQUOhd z3}0G8m3ZWT<0>I1zmT){`=ocW_g_$zC^!1zLF7$UCJIQ4K*oTLwG)pClnhocoOryn zbO3}D!K5IRBIq<<3&PQ#T^OHD32&DV0!zV45fryXg^`+YRFsZpK?i}99d#d4!WDBS zKo-m2Hc^T(PfBT85kpRt(xf8lf@%w_U<>=4g8@RavJq_QHbfTaTnV=?lXmxrn;shfo%xbQ$%={J-&GBdLDL6e2QlL z<88w#8aO`aD5tJ7T>T9;ELX};pKhzx>0v4$HRrXi4=te5zbybOCQjBO7fCT}xTGwFV&bkjTOpS?TX@1J+~jt-8`#f9rPFJ8)3QR1E#?KKK0kHUuiUEfMI)+w1>+I_KoPsUBt&m%y@ag7|G>o zF(ZWUi%pP{blxP9)#E}Z5qoDV%T`k>mcb(14Jjqs9Q|^}f|3_y#%XkHKyZ$Qr$Ux= zL8q{l;WvSHY{E9A{lKSMP`e#X;6Dirxb5LDcJuGePsc838b4VIsBIeC!!BM3l!krr zO)Cop@#aN=mRjT=!pzkcng|HIQ)mwUrP0Of?pvh&f!L5b%%4EERcfLVK-7ZLx=lll zWW+(*(^@-zN))Mx{P-y04(9lg&0UZ!;{PIO>DnO&BdSC?nO>RcWV0Cg0_t!pWa3=8 zBt~f|89NEBBUH53oQh!!EfuL^=v;>$vqHF0L}d<40YI3ngc}tVD#^i~d{0-*i}6xB zP-a(bN?*w^beR-Qm4;S1hopimh~u$0zT-c> zww4PZU}%>d5c718?gNx6X@3Dn32bE?2XXE7w_LVW;U|gdw{%=zUi>dOy5ToVB$1B& zfwS@gYo@nOEJyZ@A(mto9t$B`G>4%xeCzmV3yZ844rgcy@TyyqAir|R$h{#Tf5CE% zsrZR&R&JO8T43d)MttpfK2lF7y}a`q-a?{P*ot8$Q1X)^cV63?)oyCj_fHBt=a{C{@w;U(HgKNG=8diHM?#z zya)oXWy*N$i+j=GKVS~9%QoDDp5?wN76lHk4XgdeiH3G71D4Qg?bT5S&pWjy?l-?=lGSLl}?% zwn2KZ4$L7^yB9N8#*}?TDC>Ldd)w zau6`J0NY$4p+6+OkGl*Idfey)^rZlCg<3RYH$lTa@shM<+UgC>ElM|VcQk?(-64Aj z0hY}IqlmaV&Sl1tmdo~3v-hrRZ6wK}=zpFf zx7@P~-Ke z0^^~+nYNI!G9x1+BO@Z?qKhj_@7M-bUnb_&Kr6R4TjLM8(X$nnzc%leTK*q$TlyR- zGwb+|wI{1t|If|!^@sXjxAM%%|I-bwvOM-mii0}QTa%>b7!$>HpL{*7>)s6NCa5pP zH_EduvT!443Ik2Q;>}%(CLdmL7JyGjVXs5trQf~)2`u#%9)Wlr zrb2pV!v~;}oYCyK4N1`HAkwgRhOcnjX{@rUCfzy@9H5Q&O+JIBBtl61j43x_N8Uj~1{JN+YBq5rBc z&d*lxKkCo)GFmYmaZVr6#YFE5-+JlQ0RDUGU%-Dck?yzu2b#X~6H*5DclThxK@wvG z@`4w30)K_u!B-33W!jEA0rnmC&(IDIY-|BOu6(g9qGbO|Mtt*_AN#4y|MK){ZvQ`f z_OSnNmbBk_W_uR0A6!qWu3c*u)?VPRXm{{ih!&e#83JRc4R>DJ1M zs=?Zc+v&R-zO77bXGUMzl&lU}F6Kpe#J1>zROxKSDiytelT+J!Sk>!$IG{ZDZMi}{{8zBuut zKSpBPv=%!sAgqpAXo(z3z5pjdkPMPA4VISKIYECRf=);s#9h6f1^x2k?ngrn(82ag5Bl?X5VS+T2YnAl zLnnf63}U z64vqydnMo}p1OpH_%80NLsKBz>?|3XR*9#d&oNa;q5^NNV%wgL1jOUQf=sc$gY~(q zX!8}__~F@M00b$Yt~kW8tk+FFEu+huq`gM7u`KLiIG28-A$hJ0kV{49nvP56)_CY) zjvgCg=xJfW6g{s3SB7z6Y@T*YDTUh^2xA5)z~L<|09HD$+_zW_z5WQ_zY1X&V*Q+o zeyOexJI|^MEClXNUOE7IXbf8;C&|2^8Og#cF zgeEcCi%8qPEh4}id$P2K*ceh;oB_PB`VS}O=WE%9+qUk^B_#pEH+TI zP^NSJ)v$eD)jj_war$%< zc&B~2<4n3U=$RRNo^ot+DqiZsdig?$B_$Ha6-O*Zms%a3vAnf*L-)+3QYPFldnxS> znJc208Igh{CmfL8F|i#qD&h~YYgr2kt(hI=ZvLv>B;MIR2y%nz3OtlGZt&q+9cx!dWTbp3KH91~U z!elu-c}A$4JdiTO0jAKys2RPm%KoPO9||#5G@ZQ51Fa2+2v>A6xAEkRL0aYU<#ER$ zJIJ%h>jY#wVr71hs{Q3uY3X?*Q2GT*V8yT5L?I-zP|q8U*j`ivc_B_??b;Ts*)xYNLO^E>LDQasQsMqPDnb`B0XTT+q8t#bcRnsw1(K%bB5t z!oVtv3bPSTMJQOi5en996s*k#1#5Fa!CDptl4*#a24{&+iG_)U0K9AH=C-i#{%s`Q z#Fs%Iv}m!mu`JeC*H@QWg}z)@S6SrIMJfoYM_pO0+^G0xp!$!f)F#;uq_Ol7d-^ux zZWA!ml(#}lGB&yI{{{!WG)JMThu8x>0w*j57;Pbk{-QIqcc7_+Z5jBxu@oqOY*Y~N zo-S&~2>`BA26V!1H=t$d20n)GrnuIe_JXIn!4eepg8NX4ykyhRL&+I{Mwte^E-F=i z(vfn7M%mum15a}0pUJ&V!hVJJfKZxrc<4MH{u50ahsw21ewi{ppsh7wv|+VeiKK-t z*6go`csRWVjS9f0m)2>18w&YWN4T_XtfTq6eXi&GWa|orATN1nIZA@@_D*HzL>hq3 z<)oU#)|W`_MJo~zRR?q%!jVyS{Zou>NAy~7wFJHE0jhpNEU*|P&8n>&OqUy;16J4n zedUpC&G#iuN#+&M;D9GCH6a|S7_j=QgzaxR!wVkw-_o_Il^X>km(XI+8=QmGhvE9T zqe#L%kNfdi5CypMSN=82!FU2dm&)vB*~TP|?I5vsuq-f93SCW))NbdE5^739>XN}* zN^<75LAE7FGWo{M6YrfRB`8~;+&RnCUwV!z13F=Lk#+geHTzSh^@n5`UG5`EsA(H? zy(ElPDg&MMjEpY!+Zd;X!z-4h_9H-o3u(YGvmiYov)Sya@uoqr({XUS$dG4A5_CC6 z4F`E2ce^1O9jO_R;i#_?hmGGnm+K!cH$L>kGhX18NBUzEI6xD9XVWFQP2^92Ls~pF z2Y}&nLsARu7tkTlY2bpar+-yr6O3PJ=U2`;R~m|_-uvS1WlX?joG|hZw_PmaRc7OV@=+^E?E9~|Ivnzf5BsHQ@luG zzXOx;Xxk2hq%Ruky9TciEv)*EZgz3aS77Uf=)f^Lh0PTL0pd;Uf*h_RMiB)dLZ{ns zP-A!y|FSGpPN#KmRV-qIhWx3q^p^#sK8!O$LPq{gR74CS_}C5x#6U3PZ!cseTpd2L z3vb~U*+G1Y(GFz(A6%=`QnnI4C;^02!0FZ1mFE+PUYwk*^teg7agjFb5%vsM_joy zlP69u?1##gE;k+T;e!3&={%? z0bxz$dC-&>)9^u=8sTGi6!GPDQ%zx^59b<3<&%gdP zo9LgFZ^dQU-=a%ol=zXwJV#3;9u-@{G+VG7T2w%dydf$wcjrTIZW4LJ=5zuAZTOv_ z3mmw73>~;Av&^0QDJF~bGQ%!8zsSL?n*wFt+=h#aIDjjV!^FHQRY zrWJU@pN(r+d5BXc!ifW%?4{JhJCREofp#!{lY-ca*0G}Uv%J%E)^N-#Y86G{cxwIf zp>4(O&EmOlsC9Fettf$W>8fylMfK3~Yh^w&E0D-1?>e-R_xqzENpRBcn2y@#f?};v zw&P?usjQuBmqSMF7;{NF4aRU2x03QWhEiBhSzgZl9Ec7@Wh=X1FOCP49a?Z_lC7bw zA&8V6y{~L$8qPFCV@NoBOcu9ma*yg=bL@CHl#%O6;9poi1L?BP5VS0UAu#J7;wwxN zw#*%ceY6ouxKzUGK&5T5nJzLp{2DzA7Pw{1E&I48>fT=!mg1H1s(7h`;aRX#L3>#& z4#M_Dp7B*?x^^~u(H8$iHpO2+;VtBsyn)9t(j_(Iv`l_-W{uDfV}yOCoN7|8Q?}Rd zTEuyH#yr*XzfP=hV-=u6{@-}Eo~{48zOlCYAphUSbNllDQ7{}OXxmqWMRxfh9j=f~ zT6*l!B|jU|$@wkfOUR*zRUXnn{sm`i!uD@y9=6Gu1kYJKX3!|q59AT3eE6Lph$0EW zP&<#HPZFFEoB)v@#f|amM7|5=h=8IKDw@y_CE&^j0HDTD0L+q*^7X`%)jx?vd1(?1 z;4BUjzt@y*pftUYJs%Flm397?JU-JU4bnFXKT7vl5E6DdAL+NzP{SKJXfT3l!fxm{ zFk?zTrZg#Q>)*c);olrA@ZFPD_-RRX$kWSq_axKZpVv#fTU%YQANuA(_QtB$ z_0Rum`A?>{+h<*OQ0%-&=WZU;cX)L;*Q2V%`lTSjvPg%^g(M2+M<^ z6^N`+=pkmAjJFT>wcDV#u<%m~yL+ohkW*wUN3pWPk=aE0UdvzQU-CE3O09mAe`P$P z7bxgb1|eI0!e7S}GUMqW89%ZEGT7cG`?lZ4arE0O`_a%7^c6+CVEvwGgifqW${j}K zO2ljnD!bt@@uRe-Tpf)cA713k;AKiK*hRxqi1D=?-$VW{7#=eWC=3?Ck`sncyNEcf z%);(7o=UPvKP%@GZHAR$gXB+GCL-q+#}q`;7s}*RKekG!>cy!Ls|_iZ)d@hP+DumG z4QPX5IY34$musiN&_}2HTq_{Dt2n{9YVYEEHhb#EIDobCY!tCc!TgR3>HJPBn>{?_ zZ%&9!wnIUQT%CFpxYhPkpk7+aMs5rz2BqjnJJBqnN_7b2;P$p;e(S=aF?_n2{ap=5 zq?#Y_6O!1Nte(YY;zK-8K?6(Blqb!V$Oq6#`~(k6GD-@QnJDPgU<@jY(V^@`TD_`B zHvgJMXp3pk2kx|kJPd0n{dLV-`@XqaVEl6k8Le!Ff|r(DQ38;S(WZ?t(uP7#waJ~e z?^H+SQUEtkjiL*Q+f0Se{Y-BY;x+%eh2NQ=ckbBL$ZZG7uqks381F+niyd;$lY?VW z-_IhzGQNNwd?ugC>ebmDd51RjCUDH#1-c5i-L9d+{drJ;T`7 zDw?~d@nJ7*`t5$uShCq05yET)^*KG&^1oD}<|qHJtv_4O$^RRh5Ay$QJhv(T+bmMX zCd8QH&q+m4#Dx?Iwy}X>JXWTJV#Z@N5DhM)spR)E){_~ksdC$XV~60QXli%vIX_zG zm8{)KUs)2HD(RVfO$F2CM|?j1r7_16=gTj6OUW!C^ER3dx5<(Pj&0M(=Y{yS@oS@D z^=K!auX-2F9c7S}&gP3@onOUM&Ht(L)I9zFfaT}xKTjX-|8D2Gb^d=Ms~T`YvrIT2 zN62v`xr+Ktb(lF?h;qTrwh_og=Yxp0hXZgffEqFMIB+h4z95)iK{a*$01e^Vydb->HK$+}RU~@w)c}Y* zc`VomJKhrK-_N-a?WaG62$`S^uxK^@sf5xANS&{P#1HlMLx+flt1h7QKdN@r|B2=X6wx4t85DIsTevK(&Uv~lJ&|xOy`Mi0g}yq!sIEz$CsF9 zqtQ%${k8MmH=ojTfBnhREiPAXN|qg&*#nG2PJFkBS0`p1SuKx-`TTiFXJLr+*~jt= zh&M5aiPtbZP7|G>JEo9u4%;bb<}faCm5_$bhAM#bmK-|mA$m~s+>Kg)?b`hkRl#0L+UAP6Ar7A`D z(JV<9!D8m1FQ{{0=IgY%znj0RH=x0ottBC#XlPRcD{pkugv5*2L5eGn4e1_7X))jU zR3$Iy982V53qqE9pNqD7YH?iIIrtre5NvS<7~GC54yZjhCD=mtK{x7*aXc-=BIcCA zfZt5AM@plG$L$jHMawcs%tZPeNfa~;dX`+7EH}mHGSsBtr$z?Jx)TSB&&`cR)~aY( z_r@UwFRfHQx;%zbu}DdWfHEU7A$GnYKPU_r8}xwLH9Qp$ra}1`qi6z|6w6d)G;R<* z%ny$FE`}g*`biRA>KsBAmyxh~Dy!#~@V!&7ZOAkOms))QO|6-YK&CT>-ZiS~H=ipv zGxdd6vIK>6qFyQ_6p5OBz8A!AMkTjeesou&4~te{xukx0D;XVp|lgi|a*Ej20Wg zfSXKzOu(p+V%{5{{e>tS4H~=JJ|@&*zY4Lck{%4Ht{&;H?7oA(<0_KU!Iv`jpB2)L z1sD5hEMcYUf(5agioXFM_hnIXxR%-3Wp!4}j2I3TD^O4xww1%>941*~ibdQY!=Ot7 zFYyk@>HBl0YHq^3+de1s>}{^Bq%%+aMAD>r;ZR09NZPa|P;_%JLZ&BPI)6J=cvCIg zra_7Hf^|p}mHv%vPUxeBDLZKUq+8bco?i??Ra3|!?6zF$io5RpJ~>l>B!Uqc^nof2 zbCxgm8E9%mSYq$WmwWTiPmTM3nKO7^_y2g;znQ!L-+a*jZ{@jl{a?HP%6zcs<2BZi zccLuWwiO_oz*?S*cn5Mk>UP7A7(8&TKaO+o&2-hwB+p;bcMqz_2K&ekWHEq(4E36+ zTDh}jpxf!S3CKn!?}V?V!vNTvbOBZ;JxJ0roPa&bLKX8Cvv;Vv8(I7ft@Tn6RLEbF z@pJ79So)4}z^2sloF1JRV~vzVDqD=5>ixJBU}soC?mgwxz|*mpPvk6cSmrU<}P zqLhW23aFr^||_ zHlPLrYWl^FnOUv_$6hU_QzudWIG)2v^WndA^ZLM8ZiBI4q*dW{uwAvpsvV+AhE#2D zT1!o%*a2FnXf%7<7VH{VZO`o+_YK#`lkd?p4 zcf-pGA6{^&F1IUHs0;5?IvtT-_fN5&t(k)l?@9gz2S)?;ya)t8CH}*mz?o7ZBNOj z@)(uNCwZ#ODy}Me06O@G#|~p=fXu)+Hv?X!Y?VLLjpx0F4BgNgN;3IIF}}>#hR(zCe^6%Ok>S4@bKvr*Cc>nFg$qRYi`QqhZ)fy)&u>hGoL=$kYM~(iT9H zIae*|AeVA5H!Qs~cHnoaLfMa&?m{w9;T*<}&dallRqIfZ?ZxrMXdoJwC>tp?XiQ!+ zs`6v&w{pFgsIHHdgTWrimY1z76!kO7uFeIfA`kl(&1p?F;W|Ovbgk}bNFK+#UULW% z+joMvl-OI~0eNB$pI<>N{I;dO86t#TCzyBIF6cQ9{S?@OqTFJ_n%)F$v<&jc+ zLr`O|8x3Vgf|%vZT;+T6de51Z-qz3Uy_|zy0j8oV4=pB-=jzwt)S-T7HH^Gorrz%!UVu8RS&6wz6Ec$dRc$W@vyF-T!Mv-m(m zdM1mQASDrtcv5X+MIo`aw8VeD8TErCY{M5~aWoj@TYZvl(jOXSdxqMl?J&%p1Z6Lv zOV<%d-@w(jd%Xj4Hs}Fk`1NNC7ozcBc!`RoRbVPl>UM6FYmSOyOqdpqb6I*m>UMiU zhM|p{C*lQgRt!yv(r+0pJWE>79-qV$a`iWh`|>Oa{PX9$RbgNge9kaf+*GBWtrMON zI#p_kSzH7v%8HlEB1T2;D&$+plxpSh8zj#uF+nPzHEb4qa!zWgkmJ0QNlYcz>|Zm- zy{A?Mdr~F6+_g1fLM^&dx>c+1dbdfzRew2OVawWt6c}QSwpb!&E!oEogIp?OWhDyF zUFLj0ZUcwANe)ux#&D^-%<%;Gr|K*iSJI+m)q%_DPQI;#r*$?vx2)RiceZ;cr0y!> zR&s8F@C84W{vVdGin)M0;pCnmRq-F2tJ(a&8_(7r{6B8xnT`L) zBn}{|yf^S1Ag2ESq53Z-H;xG!L}xUVJaa+5b<`=QQ{7n^D^_XWw63SFaa`71k2AaX zi^?QT+?c?z^E@&;Rx%6y+|eu2&<;Zdw~X4wOHo!S;yFy_2n{c51I`4twx$A~4;U zZOrvZQDxs`9RsMV>;h2&mL>J0+>ferC)6Wr7jk1_OuLc6&`l_)5Zgs`l<{*w_|?!> z#x={oK}{e>Z8?iyFO)P1)nv?aYOn&cVR5OG z${agzNN@<z?0hv?a~sX_U!P?CmtI_lz$@6zBZ=O-Ax^wN)*yUkKAix zrJh@sLduW*@@3|C>@^#Y`knKjePK)h90Jx+WknyS3ZtoAH7Wc{~^=T@jnh` zuKrtO`o-7)3{2&Q0MlkVYk)P@d`tqx2)6A4Io&zCY*rUal*{_p*EBQ~^fcbupxfIj zM0KwuM9FWpR9`v95l76@-S{MPz|j)(Zt-|`t1;%A6=JqjIV)&huAvp|jYbu)wUo31 zC|q?|V#r#^iKx(C#YQHwU#4Fz8X~(MV~~B6CzG0ZFCflZD_~8jP-&jkiWJT4{;ScQ zppDt`l;$Br%mN{k1xq-`oq2g;119gO49B)ajsI=N-KP3&+__d7IP;R~0dVAxf|eac z!$?A{j<5_9FFjPo&%o94G75G{PUXT@);JlPj*OD2d`o)i85fiKarZYerMOW$lMzAo z1f5K;tnSY`=onF@mgWfvG&@MyUaPY1D5spo?3!AzWKKf4tV`~6#u$G}$C$L^85`cL zDNaZ+H#5PF>1awjoV{3IqA||kUb#5sM8XM|phT>kqnU2D>Ot)p&4qiIraz^4o8!9H zlyMM}mGfJ34BZNQj}3Anqd67aWHaMhmM7NAokGPU&ViHI!s^Xfi7W2jV=6A3&+NFH zjpzwEUHR_NKG=V6<+(fi?~bCSnVWwNm3}eSUo+WK>6TpR>(Dd^4=;jxr~#cvt8Ei zXvWqWGnL8K{${qC@_wdNW=zNT#8SiSJrU0BqhOB8$$WR8J&B4n&+f9K<#c~}@TR%f z&t&>v-%monb2?!JP=)^Y?Ab=v|7Uak!T;xWp1afkUL!5-zL>f8r)czx(f!m!OEo`= zS)NYoQ)A3W=PN+zL>ixZUv^g%9#dQC%k)*O^7%>oJj6;mqonYHAq$YzJlhk%TCO@~ z`oV*i{bLK&MyyCwqB}JMh95smv*8PSioU&e~G~lRizi{)7%}yuTV~$WaN8`;Lx0^GCY4(|Y zB2BWfO5U5XVGj521S@OA?0dPY2K_1O)@n0Ly zo~}RGe{SQsL;KJ5JVL+R{BL(}`=LqB)$&6l%*pPPMdoBypKHrKYC4WELL> zm>b)Bt}`BA57wRsYmcjF(~f?y^~~MY<8aOgOHY;nAM8ALW9O+n^JZt|nbpBx4f9Pj zPwMo3+jp+3;;D+|k_l})g?&tG*}1+40aUf^I_09KYQx#7I*I5&MJwEx7>Sv+I^pS9H|n`=4$pN+K#`_FAWcWD1XTH1Xvp9H{)P`?~Q zkUiUSdk}*?rA5ddYEFisJbEWH4axUsVjOb&Dlrd@H|w}vlo)m@O-z|dl^dD9G!qe) zalnF!nfE*L>)SFh9aGh`V&fA3R@oD#0JPF9S^a3bC^1aY*JCm?O=3f_p{Nc4^S9GwPP8w|QkPPi^(sT1VM|pe zI@z)Y(Q|t^-G|K!RaSh4mN^N?gH5ikurWKU90^~iGf_2bzW!$kg)D6r#b2XigQ%Uac(oAnfRZBL1 zJL+8e5P~Qev;s3SyY$IF$>&e>2ga6m9Ja=dRlSVLXLv}vQEt)m;vF=3e zY3J?4Q5SHFr3JIHcmwNWc*B@^M5D~mr<2)Afwj51Dpi1z(bi@=+L|7%jsRXJcQ10G z=OWw`O<^g=(=*G!RZ%66SFkPMPB~kF z_Oaq2%JbgV(6Y>VlK9bCAUtgxw~wTWi;CxH*wYJLUJIS4ZBfr;`HwY~$-GD7cYF1m zO6StZhNxC<$^LcIZfk@f>*K?wx!p~ZkuY<;XNuqIro(f8XwT2ON5UBnNaF04m$I$g zJ6TKf4Q+VVjw`d>(HMGSR*kww!>&8$HH@UYq@3`qZyWM83I5ApMo0~9c zZ~Yqm8Yz?7pVD8Wf=Wj`I75yrCo$l;rgD?0)z!zj`^SGuALrTHvH*sT23Eh*5s#Z_ z=o46O>G?Oa|4k|vG$u%D{@kDvi$zB(fKs2?L2lOFGi<9d)Oo7s3X6r%cP3}#FSQ2*CyG|pYc7# zt>Ld`EPhMl2&I$fjepUduZJy|kAMFBxdHFuUD4A`(d;Z02zf6?A+!vlOIWx>5cp@| zWe~xFQYV!QnL!G#VxgQ?xip!staF=wLFwUm&7Nb>@_i@$=qCj*Zue@A2tzo@PN80f1>2LVMHyNv* zZYEb#kK`B_NtiPI6bT0M=ud*nFu0-ELBkqJVaeg5f9u?%fR&SOA4XoBy5lEq>>Vy z@iZ-6Fb&G-3i+pOsxKG1@aCxtJUry&q9Ka5br^ToHUZ+#1>O5;%ir`sZ$uEMj|{$N?T z!r;xvC?#ci5O+ZBfW63C8z__?5l`3|5?4PM`goFw#WV=SqqXlho;_WvmMGd1;1db0 z#w$bI0O=TE>iYvy(I;hU`R+Br#LSWuSgh%pYX|j)_rk~8;;_9u1Zl}W-;sU)0#GUQ zV%!I=PaQY>LHJJ9hHYE`+rV>Gq6m-oVN5T666v|W{^Thx+5Ni3czAC5RO^2%Q_fNU z+kCc~_5WVmc((DN|J}xO>-yi`#{t@lkV{9FEsw~r+(Ks*8^bh}sN(I=yJQ(u7qr;& zEgY-~7TWuSC7`3Wc)CF!!~XH8i{76o_7~f&cai`PD>lOrmvM0iyCEEtL(Pa#^zQ%VA67+98DPJS5JL>hWK`-=sxUL;kL};?! z!p{NsE>CP210hcZ=%YTKz-bI1{s`)65(U5{7)7N0uvdF8gu^H3u%RnV#iB&j?wez5 zi^p_22-kDRbO{ID1SFlPA2qG0 zHl+<};a&L;(Almm0=4PYf>Wb|d-0AKSNyVu)%kW}0JBu+^v2^(LTux2ger-!6QDL6 zMD6Q)NsHwoCR3xCo<*3-BMpa<*HormlfG6~Ec)Y}R2X$4`%L57a_JbD?9E~gI%da= zZ8d{!qtW9IRd?$sS-N-&75+N)Rx0du)>~@3*NfTAU{f#K2)Sl!%;5NOKW59WVYwcW7!OkzM1}%_Dc^kynRtBAzGaMUXS#} z$EiV4-Q%NZo|)y&-7jSiAaALxjcu}Bng|tB%74}JKS=)aPV}ZaK!yCj{^Utk{$Jl% zTYZrKZ{xXj`Tq!yn#5S0>F!?hYHcSP1j)HSNZFQ{w&Ov7Je_X+`HvKKUyuS!#5CB%~k;m?l0EiH$0T@O%-#Wq^{@Gn}yZ}2Dp z-g_AwQ~M^~D@m9eik-oCz##iUauz6&$a$+FM_Vd#nxJ#oGG`(XasX{4b1a+o`R#f| z;5!zVEj)W(6O=xiu|bEG-i#&G>~{hAg4awQNPSQC0c6|`Q2HXGhIdow65SXGap%L~ zU~6Ti@56Tq2&~>r(PJZq;LS8tstgS?|j(rJtEvSaof?ST04VUW++#i(n|?= zt^B9;rTpfpCTIzUrsqyN)FD^y#f)^(ahv8Xo-y>^)v*Y`pIrQh|_Qwmo!&D zT9?`Z`jWzTbYZ<^jmuo0w3bXiL;sAJjq;MT^mRGU&yJU#{8sj$U{(irev;2i-Y9a7 z%YMe;45Xb9FgkP&Su=U``6_Qbyq;%trK1vwq6uU*Yr!JlI*?0&lD!-MI zq8#|-=~K2D2c~&uOO6#BsKwfH`EMvW6z|zOTh@Wfa)YqG*Svh{{VkaQG95d_HA!FDeprglJGAB;iS*1Frw(PyUk3LZ z55=Cn1&F}R0d|H{tK%gi$1GKBWiaJ{@=1)M@ONH?CLMNLrlJW5zwNygOD<%`>S;iNN+uaJA$k`7o)tpR* z5(WFx(u_9QpWAFq)#$t(6sNe}a)#UK_L2N*eTGxRq1jg)8eD-6w0EVB>p#_4}t!+fRb->S?#V zxqiCQeYWwW{cK}x_1WpO)zuXVpm!EOI@nxm9&Bz3J*BYA!@u^2?Q_xk-;3{8n}7c2 zcT0=Edh*kM+8>+r`*!nx{N^9OHvjpZ{LOr^^z9P9@m;NU-?S`TIogS$6ZAi(DVH?V zia^Js|26ch-fRCil>YUfVPyY#Nb?=9V8|;_Z(Gybc>SSN|F5?HwEcm98ur3rcvCA- zMgGqxPgggy_dn0ppFG%qZsWO4`%jMl0_HKc#d6+|dtgj$bBh=;KIUDP!&%Nf#byv! zX0!UR8;)t^9Dtbshd_A0%LC)$W5fBQd0RVlsR2rRws)}{Wi}(!wlTn22IpfE(glY0 zASMrjLEPztX)>a?+|yC#EEwav=d9Tv?uG4Z&-O^RR*o6!PTU`$=T76VYu@@=bG6`R zy_^m_lg)uSWrK%Yxm-I9hW^?(&kd{XcqfcWa0P^Y6(<*R;`Oj3-#MHRSyyx_B}#{97Rk4(nmi9rfx{l>NqSqDoHvE|3JQ4wS<&UUAMm zRO=Gts54qN8}pOZgKkx$38Cc92)20OKTkby(Wx_&!|DNRw|&GPz1ZH-L4S33RdVXL zC*U{Ji$y%(Xm}nc;U9EeHxUZQy*@is?i}sbMPNJWOn|@XNe{*{WIqw=O5U6u*0vA# zkAvhg9Ont_OcmZ&FVsij>MT$wFRCY}ztVSShsGa}w9)UaCl2F|*d7hzwC(qTq$XC+ z2mS~N)5W-aSd2*) zBSm+8I=2Da$3c6Pgu`pr-O;5p9StzQOVFulAxQ_Gex(ZcPj1Fnq>F4)k`ZG3B)2>L zFvadTLVv_eY5!yI>D(dm-Hp#~g+QyiEh!tV{v z>xrm0CB|A{)H~%$UY;FawKn)oR(eqO`faW?0D;LI2?|4dcf0U4VX9@pt<}>_xI5AY z1%3Vy^!oa~82H|XxAC2~ur03qYrYB&+7~6Qul$r!2m!1~+!?ju_fa$qd%6Mi<*l;s zziZ>iZX^bm#npM(J~x2|eng>eGD~LTUl?5>IK$c~0m1eJ178`eFtx{~@Kx)URXYD+ zL<3%5cgtbG++ivNmwLu~W4mO4-8PKGUtwaX=#6?DW$23rz!4-}j0!}IbmI{wCJB-x zMmgo%6AE2Sf_{7nfL@&kygA!G$e8ij<5cv+DD01-qSg5J+nV+(K59}6R%icNm}&fL z@sjSEm%e@fzd!%;+s~iB0h)KvW8a`#ktvl2&0XIA)wut~ojwd{lGiu70Iu-=-@rRx z_x^VSK0e(4-o|t5_rF4)v=&$G1XxS~)Aj<<0Tb!tK7KoZfzQM4(9Q>+J7gT{3{(A* za^))J1LZH;YKg=Cwh#9umjG7ir<6;Q51LrLojqM@OPT1D1x!(a)uV*TN>U(KMGn(P z<`PTyC5bFgytvjE!{HEd*N0;Pj|OJ(^qmKbDqH{-yN^q67l9df)gRe*iPvv0O?GSPlgh`-(cFSz1ZWHw?kaclFy?NHF+)!cIJz zP7ZZIBWV8*lZjkoa zr!qeM4cO+gwQZpR`Rd92hlw75Unpm1C9gp%`jF~`@FY2*^g_BT;! zW}kM{oJRmRKt{ znE3)2M`x;a#17`WjywXsqH5{XUq%7YF3j0f-E}awnLOW`sntL9nLpN7k$ux=458{p@vlaXdhsoq*2QOyW zK8pQu1V@u5xi%a+asL3*aat+z;7$ID9B>k!jC$Ed*fI!vNt|E}N4A)(;STpRc8-0bZxkQ1mbat&{O)Ve(> zMoL*(756sWwQoS*qRpC9M(M@W>)T|aqP1KKbJ3hH>?D>jiA;pa`eAX_R$Vr2X@V+H zPOs!rwyBOO@&^OY-HiIBEkQ{Q3_0Y6v(ESIIfL2Um#th4ndG!SoM2#b8W~a~XDE~at40L}>mztgGZ=Fk3n*UwfdCMMc|3BK>-hI92 z^*gg4W32su{n_TzCr@4bKYZAD_F(_NjpwibtJ!R#$77Ros{APFK{T6xTUdA`UW91l z3B|x~Utkgv^zc$`78Z1CypT&vW?-vd&+Z_H-`#!*y+N; zK^&7uAgm99Y6vC5tUDbp{raEcB)Jyv`O-<8_|YFDv2E5-?69w&St2)9dl008 zG+0_zMHb~3B4A%g#E>H3f_@nl`_dbd&biiHU+vfpcN#&j9!6`#jxS`FtdPR}4Ta!z2h+aBBKTwa`me zWHrP6-T-d8cZ9ViJ)u#mDl@!C1e^9qh+cZWq*)HLiNwn-P8*nls>4D%p2o+BUw3r; z#shw`vXqGjrzNqt5ReNk_73-twJ;dklu6|fQ$WFbrXeQHTWHz~g|6A(!B^D5hWEX< z`kf>%+EQw=)HN(mtoNEJA!T_^SygCSW;3?7CfKq^d$0D7PmX^1@Min<9{hFq_IUr~ zt@_*Dt$!15KzQ8}zr-T}bWO!_($Oh!xZ!9RC}*>Fa31$4d4J34yhV6yWrk>}I-vRz z6nnjnM{-B;oOSYC?80P9^~6hLTOWPkXu+~#lx?56o}`0i>`lXqY{rG_c@ftt2KKqb z%UZO7f>f7iPt{KK4JWe>9OaN#ux};gO6hOAK?8vJZ@)bW2j70XC8&-quB2SXRBn+L zEi)cBEg~p4>INrcmo`CHNk4L=@atrBBq-hZk*svS6IX5mAtD)W5_b&pj7X>|&v_h;q zS+-_q^87oqImEgYLpi5Z`Rb$B8>rJ5lm}-;iXu)H32DF+0P!eJI`Z`Fgk9P`L#}r* zOg*uq;tSG1eTj7To*dXT2S;Uv0Ugik`Shl=Z4R5ydjgp-?ct#J=wR&$tjrJb6&A2v zb`N%I4I~k(cNKB~v7In&!*?V(v6E^aPDKg@phK2cD!)#+-vJ3PL*(6Y!rAzezTSwM zCJhN&EMD%%_aJkHZ6qFR&jODaVI%6Q}){pQr2c%;c=Q8PfhC_UGjKK zzCVijG`LK~e!o8=5(h#*vkomB!?R@_;KFeN(55RRs-7|g%5EmyQ4`;_MgpmIpWFn2 z^Tp8_ATkMXEzzM>Gs@5znd336KU^UFHR2BDL~EfA znkKP9ePU9)4DUT((tpQvka7S!O`BRKqexa_=0ePFQ|MlCd>Yf%wSYcibge~RxlHa~ z#MTBpoAmddCml9hHeZiLs|(~D@M+9@TUOIdf)4ZbREHDgux&|?E%oEB{LTB;8VSJr zAxHw{HOtsxDGF_q3wbb~6I=_qUeVj(dH-5{kALPHq31C)!hiBV4*WC)zSw~V>SMl< znjtjOq?PXp^x5Z6HaFI_^!D~-Z%e$5V9OPekz7MNLKiu10TDCj!2N7mo{rFaBTdP- z8deTy#Sk-ZV~dPmA3H;9nYJ6FctO<``7lp;8L*IcZiZ;6MhtI>Mn9#+;gv&X*nr;< zvMsT;xv>F%Ahx%J7HEYY-1(9=Fl;2eE8|;z-jhd=d`^AEqQIQ#7}mjTR6YJsL5a+ z@8@bhe|gL+j~r>gkJzBiiwfpP{THf=y*@Q^TB+|**hdvAq@UFHXnIgGAnmUo_kP(q zc)R`MhrRzkIokfPee~+MMNy8-QMpmG$-OkG57^bo*+^O&==dOJt_FgSt#7^G(l}}f zI?qIFB_0fO3g!yVeTCm@5u#HSu;`QK15jLOaXdxS6GF3~&vxfP7w>_U24l=Uyb^M} zJ;LLo523=_2mb>N`vI39{^*1W-KkuI5CoW9KuqGE=`kB)XaSe~7~?w$@0W28z!8CW z=JCE@rG!j7F`g@_+$HwbP#_{@(h<2OvUu7e`D_Rccm(aCxYCQ^JX^t3!Yjjgh2T$D zx}?NyRia#z*dwu*rz%A~OmKQphUZB>Zg5T9;#+4vK84J_bg_mmqDHJK&KE0 zhRZB>lS%O+imxKGjo+V+&I+Yj4Zr@t;S4M58-ISbin7;>Yx~f+XnW~7NZfGdgN%7y zJQrFcg47c)fQyb2;(xTF@?4_!j8Hny1z}u%GoMxDLG>!~pS)Hlc$8!K4f+;xX_20i zc-0AiVTmD9PA1iR6fwBKYt9!4J!*Q*CeXT2pT$ZSRm3^#c1s_R&-d-YpJ|*TEIiG4g(&g{RDPOI+XQh zV5>p1B#d!iE0H*k0y^f|(ACF8_8mnQw)tQ`VwQmFIV<3LY~_U7lF8hM*N$0`Cdh=S z2V&d2?qS$VZP7IIHr_qp+b0LduJJ|+rvMdp3==k*Fb8S%(%2E3XvUaz^_2L_QO{&fZuG!9I( zVicNLZ4^%*@jslL93BghkLA@CwsNeis^Gfr z6j?QK{msn{reVK59Kl(Ku%xnLgbeqjZO3J>)rj(XO&un-5vxmGkiCO=+Ok6|Xh=yq zMwp>cQcmBYFu|j*jQG-_`@MA=?I9cv8CI?_n^@LqN2`ENe_N#Xj&`ETR@RCXO6#A*?@d?e`{}Pr=t=szUcRc=TZe>EdqBcUgG#tTRUM6g=`#m zz28$Jin;+n^{XjfDgM;PTzY6P90nQ^c4|-tcH7LJ%5gN{8bw+JplWERj zcXktT8TyWSMKS^Osk#V2T7dfg@(MKjeV__kU4r0m)gh)sGeb7MzKI!ubsZpH$0|sk( zgP@P909y1>s>)gKkSN^#Q3u&FvIVa%+Fwtz0+;<3+oomj&Mz?85HIJHk+6x+i@jI- zZ^X{t(aHYH{hjTTJ^FUx_5S|u)03T@?cuAl?W_G4+h_ZK-`@9kuENWU;Kh@@*W0VF zc8-64b-aJNvHOp`7dux!ZNGl`%g3ERw*UU(?9ICc&+`_3J8mbJ7vYPyPoKQpeEMS; z?;QO3{K;_lGVXVNTJwJ&?62&+_~ZQYf1i?W{zkfD-^^c?P-~9OO@)<+7_hvT_ z8*R%v2*hZ`!s#9zZ;QjD{ddr%_;K$SJ>|Xl45qsMq%eraEizVB|N7o(%= zpU#5d%^=vl{N=^YZu{)_?+((R{lU{ePXGH!_xt$Z_rWGj`6~Hs{c87gXLsjizx#W1 z{P*uVKkjc_zC7sd{js^3Zom8fxBp(b=xqM-^nXtNao#&P{iXffOtla$nr;(SK34SU zmKpVR-eN??HhJqkOxN3b2QLFV7+lNiHEHrAQxly{RuA$f8Iae~ra`oli?a~z8m(`2 zVs6PbTIiyZTzd>8frW6|98T5-4SLswLT;OPtZ$1N#0=R}VE@glqrKzf4?ny;KEYe< zCh0a(B+LHDbZ=ejXHPgsji3SW%tbldGNhPETAG-`<&vDLb5U_lCcGPRt|gRQnk=`- ztENC+^5`o*x)M**5xJnr6U1KlW!6|?8+c0=Zt(>nNP6gf6|0Opwo8i*k(Sd&nA}DQ zWGjy}pKMxvvjd9rx=pdAoS4_0gbt)?*1u0elXExsL*V}KlU+ul#dvjv_dI%dIS-?LI^p}Kq`}=o0uA`6U0kj?3LklVN zDzqn)O5QJt=N}k*W7gg&e#JYICh6^?;W_1Mj1JWuS;-u;FPUwhf3pAy*6Y^IpZTae zDZ*9pyLi_Od<}Swr>>ZGdVbh{?xIzlPTP^biE{HBo;v!?vB{E#_wDrFYU1)H(cdCv7;@eQ0>%7eGBJ{;`5+jFkacK2TV^osGi-6Qds9Wh-9e5sVY_6LGa z=VJ@&>^533e|4*!0-GqD$Ik1Pkb152y;>w$Y}0VsW7zI(KjD3|j~Lt0t_#F!tpuKy zQ-hJ1m2HfiDF$&zEGql7^(N3o61GzWtrwq>c)`|nbPOS5hPIEgqTaC&^Hjpvk}9S{ zYHG1mqpbzCOn68%=~jcB$judp`9Xb$kliwMf;8d>M|&hsr_Y8Rg$r}X02PxhEdDqQ9?HHZOa@W zJ0?qj?%STU{+4DfZ@AYs*48+Bh)U%hTHiWX|8!znZk2wI{e)%kN~&;Vla{i}946?w zavqFQLo0fwte3JEo^*+nm_xT`C6xHa9N20$+0xOJwD_E44hxCC?Hef2Wk%Ye4f&bI zQkEc1t&6%`j7|>9`b^v@x|WNapQD%ES;VSpZLiABf?b&{Y_sK3mlGlc_dS~e^82WG zCym=n)^6h4!-5?(c30)>mGARtt!J;)K7bf#maZ%j=X;-7fg5#&eH8iDAzKZ7y72Nv z7Y=AnXpDy!Ur4=I&SkUog6HbI`n&h2=nUiq1spVgW_=N*R&g zH%FUtnacE^q0i3gG5_G~zmx(wy#hlp&@5lYn}NvKOY)Xwg)&E~BfRLTu^~$WB|Qky z;}dN#S^p9TPTjGypU^p7UEQcFX6=ekpokt8FWu)1b_oMvvyu=-lu4`g2!dz5aH z{jimf#}oX)aYfa-D(Pdh!3DOxqUkPCHey~fpul<{#W-jUDfA{@>S&yAkK9W_Z} z`xbPu%^_>&`Qi;Swl7tJpKSrr(S||auKz%yzsXW>ms42Batd22>ATK1zbs6;d6Eyi z*5{s-(R7IoY1a%BtthD|)%{&i+76ZPqD)Oo_ibX)Cl~i@-45kltixWd@*PX$;)6a5 zGB%rSq10!8FEPLM?;@(5-w<$a$ltG&nzjPYXHbn=#VP z`~;eO&rH%*1+JD0_e)wGwlLc9kSdOD(YjB!%O|PaO(3)vvK_sp9E`N^V0kOG_m(F#uI)w04vO!iMT1jBMNP0kZkF?N&TPw3J|^6QykIZDpJ9zBv}M z+Nd%d%;YJd5deg3TZMqQ*$HL?O9@8gS+g6XxuRt^-<9WBK|Y2KwZ1tZvLBCPa$1sD zZOfR`e4FHEIPx7Ep=CSFrTnN32uqbNMmnK?7RBi>Y`=~>fr-obq+AkB1JOs*(IS%T zAc;={InY4+zMP>n zP1W#BDx7~HDYbKavXWTcflcF6F6mC@cY6*hjZUsneh#YXt<9l04^b;Khfa6~`c4-9 z!Z~nLwP7){R(kHQKY6<4`yM>vP$pA~hbp6s6-dQxJP*`XXa3BP6FXn-a&F0bMtl$NckhMbPk>1bd;4= zvU31Jpl0YclUnJ5&P1B*M+ zI>_5@C#Wg|HZalCfMzp)L0RiRrP?!9(>;%7C7FQ6#_OSUdfs@?DT${?#}knE`B~fIojVj zX;jX+)+|ht(BhV##F3pI(9H^qHfOIOPfVB!RqF_-4V^FT{FM|!_#C4LtCy{ov>{^> z$8?fluwhD}5g)JFRF2~>!w*s#UnXKw+0K9~Md;f+lLsL*edpn%IiM%!QP3mL(nEik zYxap;ayg<5RGdUMMK<+#SCBP z8(*Qe$V>Hj1r;jjA0S*AgJE^IW)VR_>rdIF9x89P*an57X{B>fk=*ROYz*v7Ms!E5 zQw&YA4%PcX$NUk1eRN#Ubn-@SW6ef0&hvI&SZhzr=BYUc&>@e9eli>lw$%-Z)5)H6 zOXq8~l$&Cb$C;=I6;Hi6kiIN0{`NDWIf8Fd=*CS=A{z-b_c>&4mkZ{QiP$LUWH%&6 zib2FcQQTg~e$4x+W!Wf;<}jUP$X~^cSQA;~Vg$+=BF$oE3Lm#xw4|>qOFL1Z*?IkC zGDUS;ssd=OgG`0XqEUJZN4;8>Z@*w4*Pa7y?D;i69V#zZi4HVeG7jU$K2 z%1KWBOgsmS8P0by=6tZESskm5Go0OCuYW#d;+rexkQc}2G=W-kaPQyk>-_0sNWR7h zl7c(`8%Az?jd2?VbK-p>&AmIAAGlQ)({D!oQw+H4=FG;npU{1J026Di%vX$_%MjIu zA41f|uMe=4Oa-oN^jO(vR8NGViy#=xbv`qG5Iw6c_baIlnTYJvLj|u@*n!=ZrWrJV zS%(|tJGhq*VB-7L?;Qk{p{FW#B7>geuK_=Zp3TjTmi?7Jqjww}wMx1$UA-OfH7VY+ zNk0farm0|S>|{=$?EaXd8A~^~m#8z8siu7jWHL6snKM7{%Ujl!g&vbG$G%FIx#Mhs zLMKrDBA)^kjxAzwClk#w_IjGT+LNv^#<4N(q>qK_NT|@4`|}iN>1F7Vku^J1Kd8XT zi|ubz1>!m#27PfxfjF{C(ye)V&GZ3GaGsHt`KkmxFzNQNSH8g*Js0Sm-O~kOtPBAB zJ|*x?x|0Mp+~HHkdy3G5g+eH8ncpKi%3vx-Jou4Z5POiVp?1iIHrV#A?7aSd&> z71~kid=Z2#2lr-A>4(Azw+{{)Ms%){d)k;o;xLI(eej0Y11p-mihAVB=yF4a-M;t- zBg(JhkULPi0dkHTST90|0o4k{oDJAPLFBQH&VX)gd+eD)1tovTHyWJ;=J_(QrI|K8X`<_7&j=F!7|7`6`c|t{?VB zNpNzGd4l6!S+v+oZYGAR-MvQ;Zmw45t2}zr5xLw~q33v{JoCRI^pxDOW6hC?jxK$2 zx$oZVqpR%X%Alvt(KYVm%3$o?Jalrk+^-7IQ|IU^Jh|>GUgT5ep^-sPoujMxcI)0V+>nU|XpqU;yB1@~V2dgWIo}++Y zQs}v-sKIAEdXBAq(JFl3=}MwUzV#Il&lppDH)z9@f*<1eqTY1{UIW@MsiH$}fki9S z);A%oU+Pna9?GnQF%&XY@^-t8f1Sh^K}moFJPuK<=V0;*y-vjoDo_mtUt zFpa`?FT@&Nt&&&sUG19G{D=zdL-^du>>D*KG%0uR~&QM<9y%_%R&F|*#dq$ z&ls=xy1@dbtL?H>bN3ZHW6_hT+*RF`T_jFkpnGE9+;&@~-}t&apW~#J#@!)R-))`y z*-VnR{}hCu8tTbaJ*(*IFk9#C-s9+#g2noZY98bYzuCSjC0)I7>fK5I3w-U~;-`#y z3ea;AjIX{W(LmatwcLRZSI{B{zjsVtW(E13BG7_)J)^|8tI zOj1wmAxoodSeS8L41+!v`kJGWZH!X!+K>D*3U4b;f1mFP<(|HNOT|a3q~C?9JHGG- zFoAVzd%Zw=U&`cjVNCwISjF#6CP!>pSD6soL)nMmQh+xreS5c0*}S?D7dRa?vlzrNV}NREavv0SA5*- zh0)nhgpgJ-dXh|=;;stOBVQHVW5%9piaYF)u+vK$(h-1ir57b-j0 zE%cBDxmM}g$kNb?FLiA96y1kEsI2}=z>YL=G`vUUNjVTp3LHamx_bKDXfFOyP@6M_O zj88>HNpDx60AP1maoj&_Wqz_}g88&+q?8cYj0%G8mse%@$}R z_>?>C7BhlidOOpb4HDgbOI8JYRXo(US<#^fY3W!R|1mu#$zw8{!_ z5c{1Me$S8EXa$KnWRatW_SU*#ZvO(Auy7`6kYeV+?Gghkr8mYjg|diNyBBgOqzslk zig+yosageUh0;wx+LBMoVXCQfrZUd1|1`W>RZS z+9eE5caz&E`V9g9yM?DfU)4X^GwE3*UND_c!fl|J<9HMfgPo(-+NonPmU8zp%rzc$ zRQ~(+wBqwkW^znnz(<(*%qpMV=_KqQ=ntvVfQq7~eA8;7!qnaNGkgjpvBH^vx`I}v z-U-)P%UU$`$tbtFO#cUqL)VkZ<^0nxm@_^%9cLzEiso@Q6BN#y&(U9Z$CCrk-3BOHyO9C&7F{NwuEhT#@H;*9jm*u+o=I9Vm2>&_{MMw_OcWR;WR~}gp*lAi z*yn1YtxH{cCdFiS57q?E>VzgRK8{B7F4>-vNhBR1E2|*inzv7BLA*=hOys|1wwA`8agYX?!0%{d^^D?HRP|j!ja9>vrT69Z-b^=)sE$ni&o?ti= zJ73*3QRTLZo04sXYh;i!sA683U9%Y2SFq{=c1HHfPgeQHUJO_>pysHnWESpBh`R1* zCbiZ?a!zEwMXf)H7k>L9h&r0Zs?#1e`)nYsdOmR(u0rUXeKLXEl@+*bKBW@sc;Y0M zg~{z|a8zd3uHN$ey6Q3uUM)^OxW zV4^8^=W_;TyF#;5G}tP+b}fDgdiC<|)tw2;!hpRpseU^GO)>GWxpI_sF`!V6*F&7{ zt&L?tQJXY1rksi1?5Qnxk>Cg%wtObnHvE2a8p0dNHL+zWzw}|EcuOy51kL%gJ)2R4 z_4x1`bORzh)Z17S&E%wXvwRXKSnU+{d47`=tWR3JIypL=ggMlm2~+-Dfd7>ab{Ak zq?G6vVE0)lB2GYSr_Xkw>*>jYf`SH+yni@-6y3=%019eoSBp>Dfd7>ab{Ak zq})V5DPblzRZ=E88OxQFd!V1V(n_h4GM#=>$l@k_CX>5Lm6YlA6L&T@&{8I!NuiQ* z5A>7FJ}FaD?ty-iUz0*5qjS&aF`873I!^?%4O_g?7v7W;c!=v!hCw1SGS-WH?w7Hw$c^C}{J!Kc8ocnd}jj zv}89F>r1qb-Ze=2oQcQ>o|aJgwYbZ|7&;L_M{r7F)nX-V-11B=K)D0ea)Sx6FKm;~UImFF%pVW-=eQsL5s`fqZlP8snU;Y#%^fEC8z* zXxb^fb=cEIbd$I*V&ZCaI1c>wOjDp#$-*TwIm7@%Ycd=?*t^TwjGYO2cOSjj-Z7%~ znyMuL zP2^N4%ix*DO-jx1*>P1$I~s(JjJl8E_>!5tr3uuI6PY?Rq%H%QhFcV}j6vtLWMvh9 zSm}f*UlGtLup6eyi0AoY)H%b7HHvrSk!mj{js)7v_N5>8u)mho@O2o4{ZU^;REvIP z5CC~ZLthD!9jOmXNk0il$yFi99UMvKjWi?qAAgGc>{u|8|FOLXO9F}JPHPIWc#=;ve?6k=s^b>fj;Q<0>W8HvA`d@y?? zVjZu8VG_2}8wQz)88DM6o|_6XQ}d-Mo-9l2^8(aJajrKh`Iq7jbwaU0H^haU7p9&4 zt$?nMvHGMb?DnIpK4DxHMOGC8J@$qpBl6JdAj$`zHK4pON-awQSu*7`jY@uFplx9$ z3v{`sdoDUw`y(TG>M~Blsg`3g^a4-XXK7Xbyt=wN>7|)1k>r7X9Y^6XPKroeTlW7T^TdFtiB6tEX12E*K4-zrr_u3Qt(GX);ddotljpurQD6sd)tkm`+lts{VdzFO4 zVGwyW$)n&FxD3PRL23$ zW6L50E%~AyC#ngui*`<)0%^|lB4VDaV$KZc8kjD)doI#+Ns5;{hkSq1ILi^0cM#|| z>R#mZ+NP|UK#w_GG^X>Z@IE;-3>yf;?}TcorZJzV9?(fZKp+ol=@*aqOO9pb6MHb| zQ6|jPN0*@#Pzpy(V9uD?0bPUT@z+N-=!)gl2R+0%%9%*t^?*K)qd0L5IiG~}rD&hW zF($`0V$tJNkqAK9##})uiB^2G$12TDX{g>Y{#$%X(6#Ir@kER)^B!Ms#cWfPVCh(L zcGU5CTF@Q8iBgl^8TIdqO1OvV3U5ls3QUJi)4LRyGC<#t6EOqy6nr|f5cA~I8KBRS zcr?fY{ffR^RylE~N;NuQ^a7Ah$<8>hn97`4Qt2E`7B-vhUU+jm!`OlEJk`yeJY(|f zxa}sr<*Bw^{Choh=gqrSkv$*XJH4=G`MS*7TK5vtcd}?d;X(8@J!5?D+;+v74*ULD z0J7j&m=2SA>8?K&;?)$kr!Ix+a_R|wF%RJHXz$hj@yXFIAKq-g-fNY$8;@x;MGoUy zxUP$7)#VH)d#4X!`ta@X{>fX3>y-jTw8mq)6QY#gsykvGOmmm&4*3d8LZ18UPo8f1 zz6XyuWUs*}9!j@CeRwZp;6oY=ms#9FIVTA_fs~tPrbJErjPccX+l|BYVASi?%Tq1t zVj8$ zkADZr!`8Yg+7)BE9rw{tUZVqR#2tQ#%Q#Clm^_U%T`y8in;1hkC=kjDIrBKvIfWQN z2lb*GzJzC5noiDY6SE$1JCXV7{(aCarpNR{J;A!q7%y+PT`{I_RGRSbz=OY%nuHTP zQ_{5d=&M_$jxL%4D-pNl6o~Ga35DJO?}#JhDE&Tq<8UpqML$z$EP^)6BJ!hnS@gqp z0{^6aXas)+op97&7Cp2(FN=@z-*x@~Oz4CnVBmkIG}V~N$y!xnv7!xz()9a$Ge(7H zlDIRXz>X!lxFzVSa8!lqIyf%Fw9J%B*UT8vz)ZXocDq5sxm49`df`PtK3MR3pB1!rQ#TU3k8zshG`Gz|jWb_ya{L3&fdbS-+;oy>mT zxBsB4>gsB?8ht^#n_!x5l(JnLLXI^}I zkc5|EFE}eoJy09drjxnM{dS)z?_A1hI`BJhquw==<4eF+dYuk~eoIV7(}kVPA1QNr z=0($_WgIG++{54jvfi~O!E{+Cw}6+~Kl7sLwm;B*{iMv3Mc4?gnXj*oHiXZkecVx`)%#2tNA}uT1|^E zJsPO2i@jHQU&K63bDj)#Tb#=rzl>-0nC=!U;ns*{Cn9wAIL-6u?$@D^PpOTc`t6Ij z+dV+Da%CTC#5X#cI6=2urJ74-q zh=Mlhi+FAKbv;v_h*$ygI3JWYenhMWX=jo_diGPy5=t2VN}uVu$4T6i8F}k+59W_MnCK=hOfW&2OK%ahhs4x`HG$?y?Sj-v$ttwUnoyg-r;{IG>h3_ z`d!=`^=rF)sN#8-{Fcs48|yI3uk)D&_h3wuw_Pp&X&cjmy!x{E{u&(;ro=SXGu}~X zsVz^tnOLw7gIk@GMW^p!eO*X>eY)x1;WH(sQF(6Hm!)~c45notUpum=#I%$ArA9ZR zEczk|{9ZqsOZ}^Qrq&TLEmw5L-}L=*6P`6WhKBer@?gf4{8f;_omzThB z)AOKHalfT*w^FggFO&A7UPcSv*CyZbGwt1Y5vJ1sNU~F2p5z$gv5*gwBQz!47-H-f zzU1^YV6?GPJe>6Pz)Zd4G znqI|8CY_A>R%csosP+w+6>yXWi6{0=)Ip27RY#jrsnuC!0B8>Mh!{LfMM^mTZJyB= zLXIPsrRSF0f(o~&MAg{d%Hurq2S7ZHJ}8dZ8i(@&T$^5UIG;QG^>N;jJg6A*JkC}7 zdEp %3<`&_aA6sDn1-$6_u>d%1^8Pst1(IS(}cBP*pJn<1$iJVtf-TU!qy7mrjtm~2F0h{ z##4^-9OMOwJxwp>B*vtkGJ*8GA%C*DvF<`t4Ed-i^g;FVCXSj3`hP3tImcqC8uAjZ zn8$fJTP)y;(Y&WJ0kw=_i=PZgni)njNo+M1@)E9?gM18IG+fb-a*R>M)nzk@={eqv zM^1oq7jmqz2Z(M}Lykg78PLRuZnio%h8)v1PY?MN>4k3$ImSm#5BcckQC2sGTzyT@ z-x%^Kw(-rWMY6%^AfG~jnE>)J$wlfEl2QE`u;t9+)89bInH2D1W1ZBkHILr$+vn99 z_Dt32jDB3G8P8Px&2+}A*T#w4%51gTsO>d)DNeH(RIkZtUhXu2%=>B zg3F(?pJEtw(bzKplIFgs#l)qM(Kw|6Xyr!4V4;c;(KVH}c+H_RJ0nY32l3e%)d(0* zTQj%N*yL42TQj$;*c~$7dpvb79t{VWog1qz(%v4Df8_8g2sq1_O0NPh2yRR%Rs126 z-ftU6Q?g{oX?<_@UPX2iZT--d6o4NSFyOs=djcILe`5q9k?a#USm<>S63}-pZ2fNoo`^(R^><<1fK#nN zSWhH_8Ak-ZQ`W^HAPL$d*nt9FQ6*?>eTpWs^Dg{$ZIUzX9y1UHKm_6-!`wNxd+&o9 z4V65iQTl0L=^&dF5Oj7Iaii&p<6Rpq95*y!;3XnEcSsHo5OP2>;`y$Cwp{8!0r!3v zcEDf=ouM<|*`Y+i;p5!ISDX(L&HufPNmK$L`wet@F~Znw4Fk z(2yY2DitZI7@mgjk_krx){I@pMlT!2PCR`iNj;h-Ku9hxYi7H3qmM(u9T+~q*m^!j zvhilbmSXQ_W;QVCMm1PQGf3g_+yrHP$K;fXydPcg>!3Pbz`g8-B*rqsoR@*QE zm^o+0BfYCeX3rGwKTK?}L}-YADnz_FcMGkfreq9#Z-K|Hx1NV)Or`S10UAwd4gv;gsai1{8+4d-fdy8wec$sjY>`Vy2}KxtfvAWWm4sLMKy#g|tr|BAn9&(@ zxUpw|w%Y&%%+PDd)lHnyCTYNQf&h4+MtgQS2YO9NpHL$NY1(Sm_v(ANdXW4%KV#fE zHvJd#2~mp_1$*RMGpdPWgrk}L86&fjdb>vJp#BB^2Xjnhvi`7`1GCuHROmQ_c2T!J zfBszO!0VoWL;Bf3ngwBF!O?}Gp4eaNx8cD4 z2b6YnFVWG_V#;qW(q3K@#F^zvFCwv785~tArtwjZGeXzH*$tm3ANM|zg_K#$BL$8L*hI>~Ih38f?k^`n{%79_cS=3Ypbc=sMy(ME{`3pzF1d4fUc4RK_nwo5=) zbs!GGI#LPhM)#VkHBKOwfn8a3;S!lGzl`>C-@bFa1+upR7N&U@pQ59tZ(v$C_c6EIJzF8KGsG{`Z^#se^?-0O z9d4pWG5SiKev#Q}KIAN$%J6<}GuAxytjTN3#e70OWzP=HRNw89Kdn2@!FH_)w24d# z9GXmkIB|R!7@8gj+atGkXUu_{W+^jRCVC0yR!IZZDu19_4>nLqc^zMv1XWpYX(>LX zJ~qGq$YX==Qf-k_-NVG{sG)oiAlRw`^&V!SYJMLrR2J$8b7GFTJQN3`3<Nll0JEHa z#*dCWc>^;VIQbfc0J(Ade+$e1w1CPqi;&>=fG%1n5_sP*7$i|H`u5brw02PaV*~Zr zkCFb(#nPCEb;87gP^Tj%6nBf4ye*Mx(Q-%VNw>F|wde;3V&L4&z|tI}A`s0_0ZNu$ zK<{V6I4>#VU>`r6@h^xFBYm_JEF+Q8zQDMlH1rDvw?2y|7h9d4T~L-AJIy943p<>{ z*zpRiTX$#_$RkN&MJ(ocEEjD$ZjWzm+{&gZI@Oyoe?m~wve3k30VB!HBlL9c^;<-gmb7h7JJ04F+-UgoYo{ z1%)QZMuKcFO*|v;c9|)_*60W`XbfL(tJVVBP{50X^l}icXjp^~F-^f17(1Nhb_m17 zi_pwtJ8ZV^)IcsY>&6A8A(`Ov78e7+w#=@1zk{4!gAUH((UOLbl&v7tSb*hzIQgk_ zdeQ#js@EP2e!S=(zuMYHTN(q7&}4Ju_{%gSthtC1mZIsAeR334ud2Ti#{{|yEZpsW zuNuD@c${{40H7xJ*qhijjzaHZFnrrTftj!d5@y7fT706<%Omx^6T@eIH#STcH#O?g zfs^Akcpl1E9If4C8SKNW2%TLYM&s4occzwqA4eTbyJ_%Y@86h~(IWl8+P_z8bl0tk zDQAh0ic1s_!uIvTCE=D~wv%*$D8K0m&yHz=2{eW|_lme(?@;kd$*i&o?>5_1l>i5I z=v!dKKClv~3b8{gXFThG{f-5s8{&$?ILv-aB)4(!_+-D2euE!s?p zZP*$Asu<~qCR>SFDV3L8^=QtL(7JiGmF$?lisB3UYD+Ws^!3C}`Z)3q=(v_MRbjmE z=r~ij2}r|(p}Hc;21=LAvm}QP^WC(_R}lM|jENVgv_nVn;id*%nm=63jC1eKCO&k{ z{avHA*V@~qn{{_BzJ?l~t$?2W;U2^_yA7aSHgV9|n)wa(V-c9%wFx~lK?6g_ff~~; zRb`ZIM*yZM%9vos_~H)wH4B9U_fBnbBa&d*;rhY|kAmn?j58a1J|J!}sz(9Ixr&RM zwA2!#UEQYxK%kIVG4!Z}=0N35u^ymiV!Ie(=Eh>-<#`Dp*~!HzU+8}%87Ud=pKYQJ zs77F%4*!EnagQ(2>?K?1oIvg{*`l}R&U-eujl1SYW1Agl5IT(RjS=Yev{H-oZ=Vxi z0)#_LwJ~}oroe0^VUnu*z=iI8En!yU=+}c=s@R6!+<||X0`(2@003v5GOr!mofJ2t zCA`2!z`Cf&pW)FT==&HVe>T2X>Iy?*hw%|A!}MTahjY*lp#gmd;K*eck%MH12rvmc zCDRTbU9pO;HwLwa9AN=f>FzXf!%#hch(M+a6*>p=%{gUfO~sM`28@O(_hP>Tn!jKs zl7q>eptzv5Ho{YVkZdH&spZaZt&xpq1THn(EYOsu9%77*f2P?}Fw7_c$+qn!KH)sw zVS$wR0mdz~B1{)bR!49ya&z~ZjPYlSp07(9u3S<&@C2@7TpEn+ndLhk-?@!6dXni^ zsy*>+rHGh~*6bdcsvaT2*x8<_Nt}9^3%{~PImL4tJOBK!}R>;u7w6H z{kdNw=Rc>Q^34LfQt5c}d*8Xa4UNBz;pczhT6bW)_C0F?{i~C?2J?SvRQbCq9Y-?! z{2dr=<2rIi1Gk@nHSloPnK%}P8v{DC<|f7hqy{~^ZqJEd6Z^7jFga$l>U-3xs2BKd1i2-0{DBADyd%mQyQic^) zD*uf%W!nN4L6K|$&IczZp!xSo<#Oht7lT-nVJToonYb{x)@M9}ut3+K z>j<>`*>{i~cfq#24nJGIU6DQ2BJyyYoIr79BfB|9wLLJpgR1emJ?IX0D?fIJ?=CKf z=p)o`pAWky1LLA^bS}=1yF<|Q;IB7E`}`;4hwl0Du3e82z|lJbNJ!bErKe<}SDXWWs%FTIVu z=HA}n!GW>2x7U36qKW_F!~bpV!MEnYVY7MAe6bJHXRmqi;;{J_W3O~fG|vJ=xBr(t z#Ic!G4lgETeUEj@C>6*BnPif?4 zngE8&p(7?gQ4Up9?G*l;i$5u{6``+zI6i_!1aC1DSLY+yh-03%&*2f{T_Ah? zZ@p|DzKE^=@apAe{eO(-*Iyeuk`<%Kp+WEXpC(g1%`Oq>*N*MO;@N9=-Vr6fveWqe z_ezC8>D%GL=Q|K6$ED?h9|c)v|_+)nRHB5V?=hDsk+o%^t2UK`cF20$SYN=pISstFWq zJVDU|HZ|lhMNg`@W2ufCIY_BrFI;y=W+VI)r{zrV1FBYQ+*egiH#iWR=Y`gGjO z4GDqOiMk^V3hHMW^knHk(o3j3gU4aZ3{OoN4?>vYWQ?ZkF;R4lE}0U2?z7HfdLkbN zd2**0rKXq2qo1rk8UwykL!P+!Cvj^~MN-a8u3;<0E2XONtkUxiKeXWow8((>#xD!Y zMbSJ#otQ|ddgVtO$vGR7@}Y6KPdp`Y4|i^LAIU}pKNkUY zf1BOsI6fa>S>oI~x5u?C;UF1D(M(ArE}c=)*0@xKQI}}0RH{@X&{g(?&RVY;BNn-k-18sBcm!sDynkE z)}?o~1FP&FNE za@d)H@^7GTcwv&$($Q7oYZSmcRjO#Pk@#OK$ga^yIshwIq%3jckt^^@W6yH!U~K19 z75&i83#EV=LrW2H@`vRiu~A8dycE;~i^fH9DmN*hmgjW5@mPRkFmO##jxmd}Oq^Qz zJfj=AqD&)#UZo9+D6lruq(fSVX%bLZXBu+Pbv1?o)4{(d7wotnUIF%@cHA;z=aHEx zw^l5uPyz@CB(GP+AZ=+8(()Ytm^5CNTS)UTs_9XZm^XK7JT8ib=how)l{+~FDw3AX zC+cJbP4}6%KTexGO-PSN_Uy(`|EW2%xRNX>7xYR-;n^<5-CAYR6RH?hE@Z0dgjB4e zY`SC!i{eqlwEQkxTx){NoL7u2laZ-XX6c!b1t^VgVmy?~0xZN}b;aRg)%B<^N9#DK z0%W-rc32)s@+JZeSGXz_SoJcf5C>I+IfRL`CKXud!&Rxks+U29IH<>@f)qw^RZ2)8 z%Akf0Txk?Z-xI^g2a}PAeNbdmj8+-Y8l5xkqN0`&c|X$j#tKx++Ze;DChJDo`(n4^ zwo%MEU5#^7L=z7*8u(W9(l~l0h>@o5GE&R6GWQ(ig2i?ji_z~ldhmirF8I@#^4(gq zx)N?gSi$%w3rMOK`|in_BJg>kb|uBlYxhzxjZxy+qWEqy$Us(J@9!BJA`ta5VH@uqXUHG)^VK3n7h0|`RoLD%uF z6?_5;W7w-KuK=*q9lZ3$59|d)vAO}W6LFx>ezE50At1fe?3JiZ2pw0EZtDUCl9mcD ziX4^>mPa>=URIOz!-7A1pc7R81)!p$!YamT$jkD|hL}kIn!RtIUY-mL_@{f^#w##K z|C-^v6qSB6t}VySXBdoAOuER!Wq8+-I5MN1o1(lT4P zHK9cwz}Q@)!zu1Sh@O)Ph?lE)z&1_r5*mMygpr##6M7?&#U>^(;#o*_IpY-ktP{{D z^s*8QyP67nJ8>bM(d`uqhT1NH<@qGsp2ae{@ykugnC|4%lY!Jy`qi6@3+iRTqU#m_ zDq`%W0T#FJU$^@;j&MAJep+R9xCn^)TC9x=0T%QcxR;M$i$bMAlcAMCwU z?|-!RUcT7d-2Zrt2d8BjH$c>|A(c4y zGmObM3ylMAh$Vwr;hlVM28EP+wru4A^+s){EoIw@dGppeh2;!Bv|VC3$Zx@Vh<6+8 zaTWr7YWw7#3hVYAGvT%k#o;}()pVp~7x=ot3{?4ovUW@&*sfVyu_CK#Lo@42G^$7lK6 zn=n~a!W@r)X{DWZE(f-2k3lue6s}V%9N%(Ds+X@)PfC)iPrVF3*`v|_#960l&+g1S z%MaGn0CV)e!-Kup{ohuz)q1hf{~qIcQ2kGwROf1doYRVFfPW$_FI`(INjpk!Ag3$R z0>npF1lDXHpLNd_H6x0{iS8}xScq!4MRC=;=nr$%C4K!~|KguNDRt@QioW#8dHeP0 z$<<)k9(D)AZf8Jhidz!6a#oEhiMtw+2^iUT#zEpTgdhow*%CX$-0w@p?6^H_zitms zuHIb?hAMlfT*s*=5fRG4@>p>{tQ4%o2&H31Z=Tdk!AAA~O2G(oMCD*a4=>B56Zh0g z!Rm5w($B$)-do7RN@nik%MLk?F$yrMv>BPn{$yLQ2kb+S6dg6P0l}xDz~EJt^Aw()>u^MHgW*M=V<@f7S>Rx|>FV9@K*o<SleFb;`~kbZA8zsx*4thqy4^pbS>gXUq({%+4ets-&z?$zIAuwTq`F2A6AF zv&EdG8hFDpX{Z`k7-Fm{Z#D^(LOG~t;RY0rM)BiI2t5gtr!haUDE9~=iSR0i68Mxb zbqkzHd?&}0SYgsqM=K>>b3|HT5RH#%fmm?$nv537XBI4`4J8VVA`j_>U}LL3WaC|b zjXORxKv8BKJ)%NXYeaAcw^r-LA+!{a%psk|X-?#{W1f&lQq>iY=5pIf5dq(2bcYKA z@;ebHjBRI7lIBDdt4FOUoy>@7SC^1HjH>%K>OUbhDUXbE%zIZUPWf0W;`j-)Are5d z0{SVYW;><>6N4^;$%b-?Zz!KbtyE{{)`al_jq4&w2<%rI#s;3IJz%H6Q8oE(**#KPe26Xqs|`I@WUmnw!{}w%eTp?H zEo!Cp3a^cJ_{OZ%EA{=+1IgN0>njY~Sc7AJiUHC?nr1*Rj8lSlDiT=$LHWxCYo@TE zndauAxC$#@{R47a>Z)lN>}A=k$JLqw}+MXT@HbKU;q6m3Gfk z8cN-}x(Y_4W)vW^<=+Hq6?{`Rfk`XNPfpce zz3EZxgJFmp=Y9J+`BmE8Nh+{%Jb-!}HTpo=%*y1Zd!lZUoewnvXU3jZB3fw*4ZCM} z>PgNE23MyS^vGwRA1G#dHFgqcC-_-2NbUFS?rHmV_q03wsq^ln!_RrOqjtoOO?3py z>UHQ_C$qcvmLF)TTbe9XS}Hj4v!!C@u*=PL&I%TkPYU@1awa(;mZB>(pBU*e_omX$ zrsP~ImHdE^G5|$rzGRo_I}F$k6-Anr5Z)h`(_gbIpc8ZC-LZq4 zQi&0Hc;S^NxP(HW%IyrTIt@_~$-kaClFLcF2i%KST3MMX*$e6CQ=i5^{-g2#0CvRN zL*?ay&Ab1x|Kc#7|E;yx+W3Dw#`8e_ADo9$ygoD<``DUWWdF#Ksz-I0Xrf*sUHVz? zDU!PhQ--exIm~uTJIUt#b(cN7F5}?ZeenCqVmP1HqhvWWo~0iNqpciug!hX5+i|TR zATF;MWQ4iJCw3-zrC>29mzTRzWxiL*x*UhAY$c{Pp6;CNFI=vEr3ek~^UN8~BqyGv zT_wtRqI|uU+{`4qwL%ZT>{N=Gn8XC;O`Z%s7!)Z(R~cP($29U z>9_JWENIf6qP&598d4i40d3B{X_mg?(r@7y^e}SrDB$=cIE{U+b`qgTh`R85_oST`Q#EEVLYikiI3|&T9Kt5-w ze8TS0KBRZMrV0pUpJJu;FFHtz`%#l{bGZPQXL2zRC9?R?U4g+j_I>`NvH!~o`z4+{ z`@gl{O6Gsx-2Zr#r!4z_`S@Rvchy50>d*U9hSpl<^Y4kR<>kRtw7p zC0buf$I$f73Z}ZmBnn%8Ux=)doUO4JsblHb+YNoW1gg{Z2&gSVE14z46 zt4Uh}{F9c$)OxW)ICgwrK*Z`=n}NEJJkrazSe6Z!SYU`XQ8)2zZ|Q*!p4&(Vs}6PW zEXG<15BV@bCs&BsNOZPMNXAV_#wUF=_CHOmRiYO_p8bE=Y{lb$w+{C=_Wxr%4|M)d zc&Pilod8UN5Y^#@S;_{7^BE8y}h_c}Bi8A{il#62JzgH?P46o^F~1@x8H z_ZCp4Tyd9yw0ckAH=v;M9GnLd2tBW}<5Uj<1@DsG2$KA=@g;aB{E+TTP>dm#cPL0Q zLupCFlWvwY~}I=l?(yC-nRhHUM(${}-)hBLCNmmmB;4QJ#|Re_8UyL*>Wc zGd??Ge3r6Hz}OI@xQ;#F_J~2&h`SgtAZ2*C}jFC^+C*-)fGyas*icy^teYOf! z;DhDD&tU9Zb9?AaZEt~}e47k6rU8e)D4f3X?$(=mK4%VTE!+}_B04;X|8}m3V3lgd zHkkoziAJ*^nW7_B84Ka5mwMopRXAyoNoeajgMA@W7Uoof>_VRsXNsa8Jq%80ORHP= z66AD~p0R0EmXCB)gujWQn=F`i={KsQ@Q$Pr%CBS1q*TdoOXAC@l=O1d4LWTDDXQP$ zG6*N8PEH__jg`>_X{Jm24$;fl*lLSso$87uR0IknWysMa8Wh4pF<05d50XGn z^H;+H=b}qF4<07ynVna_3~h2|2@X@Q0Kpk&Dxi31!$1dim~<>aU~F4~6&u(gdAl_0Or2TZp1aQ2 zQazL9i6NC?m8>uMm7+4N5?w|0r=?Ow>SfsJT}GA&^^fnf_(Vcarhi5|zAOsOd?DVj zW&(S9XZsxt{^*1MQ&Rc44wc%qCmO93B(wwe2UkwD`~P@I zWAck2=46f3Pvptb|C)y{llh;UFE{$%V>}PA|GzC~P@Q{0h-YQLxLgmcsReRUtk%-O z#mdFhOX-9FzvpM5W_V0SAnE#G@**x#!a-FPR0`0I{WVm-RW!d8ZAtaBOVD-+U%MsL zK7L9OJETy~C{{zIR-nsFIMW57iLSyE?c zfhx;+lfx-B5^1k$RHbI&FV~*k;Qn-TCQ@6MUnllKadstM|d>b1n?ZMh3ls{DVv z_;1aZt!DE6_eTCd%2TrZmt{2xGoMVTyM~bd3e)_RB-_{WwkF~JpG@)>Z+=~APcN>N zF7VgpI7;z@@b0Ov)vSijv%FbD*BWs(xuQf6SSl<)oG6;`0JszO z%>T!E9?<_^O>%hx9IpoK-NEfhaIkP9}Z-uC^51OD-~xApcS5A137g%T4~5M|sMU|E2k0CH=29VtlFSu@Q0G54z`{6FqiWG-^vM z2(gP+u|p@F<0-mJX&md=%MQwE&21{*zH^W@-$Bnj|NhjOI$^ASvVa5(Y=3&08)F%0 zVyW%5zSabQZRl!_=||V5)`o&Hd5ZdqFC^B4hfD_Ik>`{83=@N4h*w zbk1|p$Iz9eBY`5#WZ~X6zO~1ng2l8U(*2qC?9RNi{6LY5^wi7Pst;Kk_19KFQjZ%| zOb@$aSgUiW52pHDyCLJK16x7mM?!l7d6g$po{XEhgl5LUUh9$B$85 zRC1;u>w6%dDc=WF-_VHySj9+6V%72(dY|m1Z);k?)XQWTOrz~Oz=g_HJ@InAIL$Kj zd~Qj*SSUKEM5QLQkz!e|VUP;I1#wh7lm!lg-*B2_BF3sXbV>y&*@Go8JX3Lzd7#7* zQbLE3=^Hv_;U(IRO*$>U=LI7r;q zl;5t&&q@R9&%4lbZ9l$}NH5ou5i)d1AzK;Ox#xN}_k%es))QE(15iI5CEI#xk#+l# z*7Ewj0=2>OF~GfumnaG03uumw1(qNC|UjG7Ds*4j=JKp`NB-0oZcB z1qQo}JPQ%z)p#B%GAC_jyGI*)w~79;u%J|!wI z13Jml3V1M;Wg(Haz2Kw>q4l;GVo+DwUP!zcXUIgw_NULIO2HUaUFX^!LsRxU&-)ac zTjJY#3wo@H5@o`lR1{7e>t^N!p))=Mqf6gezSym&im44Tm`inq308SC+=_Rv6kJz9 zt^_(0O`%L8BfxbiOzM}6;?g+932V>p^efX3m#}1eucTQsK1i|Hv z?@f9eAYd`>a_=hA20gH#py#&Bz~~(Q)rY- zS0e2%^GL~wwTC}YHnZ{%WaBHhbI0vr`*nM8^0@t*u$!)fb^56S;rFBT{f^sL+1Ji7 zzCOSyPP}&)gW=aoIM&$|qG{slFGowf39u9`dl&t$mX@ru4@Jw%!1kA-<>la{|FzPR zb@riX$zLx;Ph2IxR(eVuUYe$|W3QY$b6avf!uQZLy29987%Lyety?K(M<&_d4TrtK z75sTM7+&-rd5Hpydn&^DqfmuPCZ|Dk)As=g4cbi*mQLzn|8g+=s)!xYVQq2;b0_YZ zB2yhdXHXqKFHQA9uS;qE1SAK9mnS(?TAAcpp1bOwoVJJE_t^R2yHu@Sco&4>977j} z&K>okNzvhxOM!0q^LD~Q)1Y?p&tboP)$YF?-oqN{lrnxGw9WPBLcpY}}v1 z>+h_FH%Ipz&u;|&xG{y!G=8@3;I)4fK@?>;MnN45eRF!aXOKG~I!aEQVC>!5$|1Cd znlHcG+shRj9fi)NuOcz<>n$c4N9ZEE+wt=j;%diKjh^p~Vmd}3eOYriKiSe6d*U)) zDQ80o%)O}-Y5^Ek2BC^q8mJh}8V{TvZ`EM3_=w~xshVYS%BnFo@`qcc<|zQ4fgYt9 zI9L8u#>lB{tub^8X8N(yAg>IbtK#yNj$YrkCQi!m`O3F4#xK^|8Uv`}rXN8a{>l*g zF?1en4549n8o&~Sv3J%Q(67&JL+h=C3VvFH=*WTJ%WqZkk;-aZ=S5OV`?!yp)i8cf zz-7}|+QCsS=}4Nqd z{!vkk<&oANCuDAEv*e6t#DG3%?Jd!ZY++SEP!;GDt?1r8xB~A zpxl7K%7XYO4-5R2hV|mZt7sQT#&2eYOHsY{6NC9xiQ8xQXypIg_h9zj+Ka$nxFv*t z&yD{M|BuK2dhv39BmW=cDOvu@?lkcj@bUK%pY@T?3KqM;@P9#U0h!WN#TfKy?D@7w z1XDvSD?J57nE}O^`kl7^$SX-LuVxd#nBi00i~7t~ZL1s@2;(#z_RGl~}5kKmMRAW=j13 z@{&LPr9k}u{h0i39v&QS?7v5O9?3>(cwSPf)l zUZ!1lU1wgR)68aG{;B6>3hNP2DR++(9#gAKia)4%pZjR^Kj1i^*{3-PURTCOK(_wZ z+-t(SnErRrda=>}9^)xl|Krn;@emDwC_8=9_269oyp+MO0^V5uf6%2u&hYf~34%y; z@UJRI5Eb4-Sa3z2au&sb{dL0s$eg&A>w2G0SQsT*h2mn9-yHO>$^Cb=K9|AfG}5=->tZ}{&D~-% z%J06VCTCALDD!T@u+D&a@Zco$jGh;SK%Bw?hc2 zD^5|>9{nK5B&8vN(}qzcESmx6gR=;MWo0BFRt%BMObN#>jXle?gRz}9 zu_qG;6&TCyle5VTanFIutI2h&!F5&|71A=R%Aa*t?dy3o`+xFn&h;EW*^}%4+1!im z|FxQX8~>k2c^=UJN4-6)93JWK9hY%0P-foEwZN}&>yM7^I@cmp#!I;d(W2|qpM7~s z@&75y^@lt;^8fJgWh;LF`>?t3|9_O{fzE%NWB}uo5-e*wFG1D+j6zHM7c4Kt;xUem z)fS1Z(ie%XRaOaZ4m`N<&uC#;9|3hu1A!#m1#qur9N!)wd=!57;=m-H53>76;Qu}zNR@`~0-bBN6<^Iayw*Q?uo zO&Z%ebCyZ=y6btL7IQhZpO0~<<-w$x+^Y;4{9>1{-!t)pd|4;Fm<-{aHKA8Sf&S8= z@Pj)283tpkL>f?Fn)WR{0W#%HYRr})527W5NtZDMqkTd`^ zxKzz@32%@cU%L23Go}vz2e9x@HG-eyca?=}F$h^zYtgp|BmMF%3gR*yVJ$7h8#(^0 z9?u@M&*0#oDFc{!tcfN-uw$x1g1laA6^DW-%H^~En0^6r8{NgAMB?O+-IT4*BX0xU zCje5bRE8d-fFTG&dg?7gj9W{|N!vE;FZOs5+A#`^X{zSnsK~ZWrCB%L+93fU8ocbE z5;N5b0&nb~HSL6fAxyZ?QwVPGM2tqaM~QELA^qu`UJiyQ{i|;8)z6nc+zr% z4Pk7^H^TzO-SDoXk-D{TPT4bq2XMf7;~6AcH2$za?Yh3UeVmRH%BtHE6YKMT0Uy@+ zboTA3Jq5iHfi30}i*egW;7N?yFuC;IkLZy(hxP0pQ6pbzK>v^AuAnu$rz2Q1NVtFC zR3G>W0pdwFtL)wz+W}Chf6_iaJ0WF29N1qhShhgXVSJ^IIHgI-xGP;NF!*{>EXM&E zFf!OcUiD=!+tjH!x;OmAY=(0kzCq#SjAx!mpiZBA6YfqLlR2nAlXi?~%950Q=NHE` zOD{}YJ}GYi5z~xfm=zV9hUpnU2i^>`LA8=1Wjq4D)kQ=K3}%4+baw_ubADiG=whii0QXXi!Q| zlhS~9C?OCCPps0Vf=DS{|MpidEnI14aD52{hco~ETfNMPdLYDxJW8uejwIkgD&%bW z(V;qNx3|O+yO~nYe@by&5r_%0{j=pyR+hkxq7z5Q55xFcdL7l#?I~}$b;Vrc( zz(DpjujTvm`=Tj?-Nw&O5VC-NcyYpWZK-i-y8vuP^!%{UVY|Xefeng7kQ99AML;aw z6Ib7=zy=A8Xp&EN)W6LzQScx9H>6qAZ;%H}VJ?V;&gnxq& zBW*vJjF65L845*@70H2|+;cGGldqW6i0u{VsY^Ewlo_7{*x+cA`Ft_AVdRaG?|sHe zK(@(ZQ(V(l+N@6)|4Gihvs?%FUEZ?`&*JPePBR!8WRsxo1Lwhyp>-oUg-op*d!?Gm zV4($J@hEBXNeMaQt1?HCY65iCs8(xF(Te>AVG9GTG&7=YOJQJsCDpr8l{-tzL#-=R#cu zbj1`a5@JM6KpTTBDI$3~3-zv)-j=Ywu7r(t)h*#RjipzjvUMnH0X&Gvt5a&|eX?h2 joXl8PGwQ|mET39pZJy1uc{b1HDdYM7SjYfg0QL<4?T3bs diff --git a/charts/platform/charts/keycloak-22.1.1.tgz b/charts/platform/charts/keycloak-22.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..01c53d62407984fbf86dc7b52500e8788a12fce4 GIT binary patch literal 135159 zcmZsiQ>-vN)TNJY+qUiV9^1BU+qP}nwr$(CJ>UGvB$LVPCcS8~n_jKG+pY&c3IgDN z;_tf0PwPmuk)qr0OUeA;8uXO_8$+MW_cr$oi2zwP9aC4j(d=%QC&(JINTjtpaRw$U z>1ku{bEW1s)p#nDaDvV^aUiv`s*v`z%?CoWM z?sp{aQ)|;p?cnEj_u%*7t~-ccJn47((IOr&qU(OI+fgG^_N>PZ>x7pw zLGRY7Y}C&l+j!|as(#?{sITwK^3LQt@8~G@k7TB7h-UIHmj{=chW*!z;Ww;Kw`cm# z>|+}9k30!tD(>%Us3+~?k0x*Ah+kZ+$oU(CP2Kie&x6~mtE;O{cl3{wFJ{aSD~3#h zAx0J9eql#m+$;`Qei|U`QW1Z^xsj;{OHx^rXG~Y4ACX{vk5&{?hdP-raP2 zw)`>u&OKPL{3g-hfo=>{de?uy-w6)ady*-$noqFdV8^iq@yL+9?JGt@8|LeK_%R5nG{*^2JIxzcq@ayS&WBPBU z$^JWS_a=p(di-y#4(@+W?)jbPJi3*KI_n4bruXVM_qcGh*Bg_lz=Kn!@x07YZ)YH2 zHTJjPg7v5N6;=mt{}cA-dv?RaN~n_O_wbGP?u6o*XGrn(Rnz)rkj>+Mk#0#Ou}d=9O@b$Oqxx0+*1!(B2{6n^ ztFQ|{#!DaF)V+c?x&-$#b=w1s>!rX`N1|`tl^v}_97Yheq;Z>*lMOT|k@`!EC9QSC5giDZ79=K5hX>n}#R6GW4XOt@ zVZ(qYD#2xq>*w|Sdvoy-)^?+?{#i1nm^5XMakg}A zkmaX4omh+x+X&GK|1U2s=s9p~Od{UssXYoJ+}}=1o{F0yDUH=dCfU_RWnt=~g&k}$ zfTnmFx{;>bA48OVfF|P=rV&-%<3!`mc5%APe;0sf-Gje)!WzZqRLf-CRL-5e3_Y!E zOiZneTn8(jbNz_XA5Q3+hi=8j!*$KAr-juW3`1^fh|SN*t8^-kckWFTzVgs*0l3c> z9#m<@YKm+;07T^x}-pdzzPr8KTM`A@7Oi2Hlu|dAY<%2CC>~)UG-8Vb7Y~ifJEg0V7 z@^}_I>qfY zpALOGU`f`1F;J&?wI*XsJkc<>Xa&$Bs5+vliLQKaOUw^{xIjY$(_pkp)B)ggUSJqb zWQaqoBIz^R5K2i_85K%M+cU>RTBU=&CanTBRt%}QjD!>T_A9WgBE>VT0(8_KLg%#p zke5dv=Tt+@-e7A#Hb|1cJMb{YE0ki6m{RsOEif6QPXKJmG&pI67eh4w92dH-tPw_Z zm{4@nN`Z`Fg%7Y2Tpyu5axkzCYE{2~U8aDWpz?fP&}$bBl#X0WKhPn;LFSntzoetw zFTgiJF)LK31R3JJ)TUTX(&%#a%8T#k1^`A(LYHT~?huv_Ufi94RnNczQDYFunzDhQ z)4Efw|K}_2q-L%NC5?8Hx&JuL~SvLN0QV2WpS40T)nl?=0Pc8xAK7BF$-J#!!X4S!MWQp5pA zpLoD2_}#J3Tv8o{UV&J>dTTy&{z;HI6Yb|<*jwJ>HC*Nv;67jf0`Gz%G}`w{c-JnY zREC{?9J3AP9PMks*;w%kLcv(!e*Lfqm?ow{n+UZf*FmlI#Ajsn-pirp)bTJK! zfnSZva%-1v@RbA?ls~lGKXvTv%3?clQgfCWDjk*loZ=t?Mzhf~3$$zmc6YJzmwhG? zcvLHbDTc25&R{2i*QWAtBqKBcam@Z+0^JZu)c#$jyis7gZfio${(B8Om0TD-syjKT}|5C};ZmRd-B#uUJFO75f*6vVLSM}4~U{Xok zZEAA=RGgD)-8?>DtKD2a(&Fyoc5{Buk>nc?<>SdL@PY_h4RpNEb98(V%ri5g>MPma zW_5TF+XdRRFz{_gix#XUaUyAhVnqo!2HUTo+9aPt9uQD?(35#m1VLCQrtE@xf`)7n znh%Jz1Y3|nYNX(o*er<|7PnBpg!0RS{eY%g#ht>yyn&IB^;A|Bv8(WC!X9RV#*VJ( zo0<~o!ath|z<`gRf=F-+1!;3g31?L@(kWQWu^R14+c*b}9VF#e@?Ch-_V!tyh1RyX z&F`Auy!%nWjr`o^=3ec|g?DtXl~H5_8(t2257&qyE%0n{64<%|p3$!Xh?@k>AeLfm z;8~KyD{!&R*zcAuKq=npQP=hDW70|tGu@aADEQ}r zL@Lc{H>rk#r2@JRl5mT$J`k&^I9LdJOhJJ0z}smNdRH=ayEK5y1bxM7jIuyzn>uT7 zts&WG^Nb&O2^PCo6L@dW^jRd9nV2+8qPQtJ8c)`IL&;(W}}G|K#evPHw!bR8cgvL+8(7xNMD4az_ns_cO?E<*mH-lD}#&C}`s z!G9{LgF6)N770mYBl}PlDac2DSP(_>0dvUDyFdG*zn38iFUq|SlL-;8VfllWV`Wqh znE(&~jVJ|1liI*SC4>KjmkTZN$|h?=o{f{W*KjV1sK_YjTmBkgJaxZFDl4;V{=9Q3yky0i0x3lrC-^?Jwg&Wa~_RD&Rp^H3hF95!>nKn|rB= zsFZZXEN)AdI<@c+0wIKSA$HM_7@@%el% zt1_45mL-u|NZZyn1_GQ5{hHqxe&-W*9 z&GrYc<@0sfeTvkyS;zVFK|8`A=pwABmoy!KWl?l`#ZkdV%%?r0eZ_HU{1hd_L#YSW zZ7Dn+ojW?fh$MhyI|@I@gj=Yu=PK>u@G(nS=CLcRE~@It7d&;1C?w{YdC0HK#}&9P zoMtJWgRIX&k#UAXyFMVJ5ZF(M9=latV63Mx(H*E{LD!f60M9w`$RhrZwMs^pzWT^R zGg8$urt|)%#O%y55j6WLcF-BuG%>~_=l*njV>3{Gl&MDqnmTS3Q{cY)yQSlM^AIVt z^nOZK7z73sSb0@OlUupEB)hTIPe>u)4SX}Wh+Syd-Dn|yGiQUee3Swy51{@0FZ`|wotXZ?HH{UNIsw`Apg5O~`ycDBtrBojx{sA*YTBbVH z{N;yeEBwhipbMrQp$9l_@^G<2sXT(De;-z>qe$nZ)pD+ry)dX!rA<@D)bc1{O^tA` zKjET0Cs}0VAVgGQs8Ys@EE3u$6lYS{48|DYSNJ2 z7Qp{kU4@rNPv}DZ*&r>+3@GsAw&8JC*eT<*jk&KtMqkO$H>@ZghX;{DrE-r01$6FW z#7H)W$z`ExHfbex_Xjj}vza$HD;FC_CwK34clmhzZYi^*9=FH&P{8|YfJ+0pdg&(;(4VHNv2oI#C5F8Gz-cK_wN~?%_|>#cN)p0P`Jej1>PYzA7hd@?i=C7y0)SzR>i<`sCNVZvd5Eu{J|bm)d*u? zn!)_Bm_QG*k!@@ldvjX0hc$Qc9&M8)-|}K-Ol9LpCc!-8l?8I)oo{xL(PMiXTq9Zw zZ5;v~&Os@j**f*E=^t@R9-L*ZdKk@lzXu-8it3j=*i~1JT}G(YyX}kn+LxW4Y^2>{ zGxR#s#|HfG!iketRXc0NGSzSqD-@X~-{nh$UQdu(GcDySADoo<+n)w~WyiE!mSA;i zqm#q<*)SX_sbrbPe3sDI9GP>YhvcgBNqX`VHdpKN*sQ1nI+l&}iSwy7j$B-nlLF_B zYW&0T5(gXU26-*P>^yAp#vPj^8HH)QlwJT>;4U}3w{oJFf)@l8#st+DM~%+AgEEq; zT-qy!*Jmd_))aMK)Yr=0r_OAcQSiD2L% zLBwA`AjAFG0(l;dsL`Wd!~2$Hn!9K;9^c_noU|P`xX1h6q~M^|AMZYJwxDlSo=DKv zvKF^Q4^PN~pxfswRt}72zYROomCnH1EDXV)MwM63%v(O2EAL5dvez0~`Be>)DQweV z3#5zt4PVK+{97YkBj?e`v^?=J&un&UNw({}lYlmTGG8#VIUJPd9t2+pHkI18s+qg-E9gtWt4BNwMrA z!`?j({Wck%>yzAP3UUkmrIQ)1IAWgoR}8!l_*KmNOT~^H78eO;n2Lc8G*1!aOaE|J z<{jfiEJho(F}g26jOQ`z#7`#bZzH@6sB}4dI$8Hg*U+wHb1(g3Mrf4ez$b{(f0}G@ zHjphN&{?Pshg8VnHeuXLVE80zv7!m2v(XanfZk$)*p0IjW|pVHcf70jG41EY zBXw>#7st}yqeNA_t+oKxh_di$2qc&#=I9Vsz_=Xg8h4P~`eJx5$UZW0Dw3FGfAe?6g91tIhepExP2~zc` zQ-phZF~W_ms?r59$VJwh-(uB|LFD0dMkKXR*;)>tY~e6eoRlTffL1EXoZ#k~QhcgX zZ5lX1FL$8-mH2=gwpKs=aK7Ht-6f?nfdU}CXVQ0Yy@J4EEp~QpO&m^(cg&>zOTeKA zq=gQz!lu?{RZ$WwL#jx-7Kp4IE)`Y_+M58n3;0@c>>NEDWoDdS-a0TeyA?&#L#8)= zHkf|*a6l+C#IX;w&H(fUjo z^-bgV_93l?ZL0+;3v!bIn#+)_&013qrp~Z8te|F6>v-o`w!<@=`|w+bZ;b1L++uI{ zAgwUZo94P^NutrW*Q@`sXQikgWcj|OQkLGuEdsHecjQ4sA&I9ZmcCa^>4gHTU~J7a z`Rsb>{5dcToz4GDsMo>bmX%dt!<-7K(=v-QeY$fu_j4q@b9dl&w<{f=DaZ9g&Gus_ zr^lyK-Z}2ISZOl2(}uC)eujCijifhjbbi?;bBob8MXK2v^C$~GZp}3E463LO@iTDR z%s9sdI9!yzsK!!nA9_t~+Ec>@uRM&jv^0qVa^8;}H>|^LbWWc=3*^{cR<41$rn7~C zTmdbqRPu%Hd<{xp{<5U0BG74sUk$(+c^K09YK4|z)+RG}m;D=n4e(OJN&h2yRt#Fd zCxeS22fW&Zw_J0aN)*U+0M0h622R8Zhz3setlwHFXUBqEmPq-*CQ!#JxZa4=YQqlw zDHYg;^R$tAO;~4KR|b$(zrHjdt5IFa9yX&Iq}GIABXEYQ-MTDr#x>1^nd^`M%Y6;^ zEHy|=Qpy1}ufHniQJRQSXDf9(q+SV>;Aem2U>-d4jku z%+v%N(W9h@S8MhrPX7v^uXd3;p6qU1y;k=51XX{`t)VkzI}^OnnJavjQA`5oIDu=i z_z1l_H?~ecO6;zFv=Tk1K+D@dV*m}o2U}h)x)d0H;EXRfWkF4k;o!H@ME+#GqM%j# z@5TKOWeF#A~6|P1PEwZe_}9gERG~uJ-BKRI)d6t^NtRF3nP#uRUfElP=EJ zdG2f`hhR(!W0>TKC7SEXxTth55({5d=-m(NioEhh^+{We>^jRrdj*uNocuaW!~nNf zn?HGT<0YPtQoW&AL1e1nfZS-AS@${{T@^9I)5hxeYbpLJi6-!RB1ef=@j6Jm@45&UL7=<`# z-@|)~SueHH&51S@hB0Ni*D+3AVH`*i$`6f(!wV;x#O|wX!UB+wnvw=m+98q62%l0g8I6dWSMm4#jVh# zC%Qk01Q9dA6bKu*v$sFu((cp@)>HAP5R^L(;4SZ%jb=(xJu#}}JJP_qxhYk`AfYE)vudY?|wEbDPD+vRjLxy#*UE{P6T%?DVM>U;$gQcb4xUrtZ2pP!{T^wTZVsJ-hp; zBRYA6<2;5~UfGuJ`0ThePU1!Wxo7DVat?sK^Y}@3_-%>oifW08P|aiXkyohNvFml{chE&o$8`a%}_TC~;;gM)~RLU@Xg1wuw=Fos~blYka zG_iN2d-3=cLK_z!G`0>S=ge04~)M)%s5mOD!b`*@^nmrx;1GH6~1nkf@yPAA(mblm~ah9 zky|yeMS}zT3TyP!h9T<1n8@~UB^b=|H|<>TVM^vsek~O2XU+oqIgS!f?Lo}2zMcQ| zw{p&M*2vQN`(qB8URFi*(3U@OPRM2My#Ce18DQcvdZKcdH4`>#t(Yxr+IgDXQUh>Po;|LBpK;#4& z+OD${S%Pp-0 z%1pXhAl=$`j6hZM_$kCov{%Y1;NJ2|u=#cpE8>2yMo2stL?YCN$RJlG>+b%p3>mYG z*y7F`8IIf|nmDK$q5SlJRatEhHRmCzJUE>VCJyXHw%l2 zRh@Wsae4=~C(=*ox+*NMl$HP1xRr2agLaT%3z2Bz&Bl7w_T%VgBg@}h`&n^6_h3Bh z{?&)7Z6ywN3%6CFCSk>WB$tP8mj<=!Oy%n=z3ah)FSJz8BgXpZr}jJGmY@i(iR81P zB88{y>l;OCvDwARQD0iz$njrLu~k}Ez(p4Txh{2dBU#U0Z%0d0cQhtk#j4bIj<`6( zo$$gt#3|#s|JC`C9Zoha6#+1qLJ5BD{ z7vuf+?A$__X^#??=li(X9cGm#r1|~r^pcHGA-AU=x>+C&N+{t9 zekU${>wcn*hvuLQGfy*DdE(#jcxlsJ5Ya)EPC1cc<+Rl$X>vY2Pk)S|RLxs{0RpVO z#tc~#Y~sTwKOy~Z5Pt8hB}`q2sQ&TH5%ue z=dHn;Y!b}^ff*7Y8tIWV(sh2H6Jx|}56`1oU%=J761}H3vg8rDL!<_~yMY!oSF?Ho zHy9vBM#S$uB=engrEDRIy{#K=`XD6K6x99x%l+XcuiF%tBPf;stm%+~iH8s(FVg9% zlGRs&B{r;})J?yYtEgdNM6D9D@KSz|BYy@lfx~)rSJ76KDcGz8+`kp>nn3C3$6G+K z2-We*RYInf&QB3XxN)9Mf?~q{@sO`FNZ(j4vp>;lI8va*MINZ@l5AHf5iq6~`x25v zbJY-Qim(v0y8>5{w)g8x;Yoi6RpSqJT?gbx#_|P*9#T=!1|ELzSkG8TJ0#vimf#Hd zA~XPa63q|4A};R7&i>aV9{yuGI>4k|5|Ck&;xNWPKO@XZfAKt%k1t|3!XYeLD(79a z=)Fwlue7~fxX4|Gc!Gxt%H)+$llI&>17CpbP3LEiBigjD}t`ZE`o>)z0$;IO)EZ^Bb~TJ}NAsi2(vhX7*x=Bt<3wmhg^W-nc!@ z1ck(!Wp1MODGXGvt~sUrI@rW0tEL>zSX^V>_=1F#VTi&$nC@p-2`q!!0FH>y3!ac3 zs7tA_8(9L-6_b$G#hD{R*-99)DomT?n14_r7)tXY&Hz7naW zawzYVHumdWT1&#>0_|{TY*n6FpVmaun4E8&%95K5EdwMqEn$L5@SQRRnqWDzT#G)u zA(QCqxCZ4C-(Cx+GBYBKmm*R^2%S@w3lp0E^z;>=1<-P!NUI`e$B-<)-`Xz91UKED zSpkzI^ge`nUuc3s9B-zw%J>vxMbrf8(OfVs^kPWsUHD|}u zl*zppsLJV)HyEpGSOn@?r~;ueplO`&5|t5s?Qw6&{#n+9tpWTUg%w95soF%K5}Bme zAFWKginW=T9q~7(FYlPyoUBq&dRy1uY+RKoXQWrDshztrscgHvl%9DV+Jlje<@_DB zQjxGyA*tJ&o~tV@H)rNaCAWkAwM1{{=Q+1i;JDW128y>f@VHX;<=+r293OW0UyToc zk=!a7enwDu1jwulAkr$QdnA;4ok-NFbWZ6P72)eBJ1oA)DL#s+(Bvj{i_#V=y@{8t zPNt4hD*l9jiXb7uAx}Ckm~n6#rW5E~U?bNVo}vih6OJs=B%$>t(Hf^C1-a_xt7fRj z6|NlS)RBo~$YmQEWI_1{)as{|LYxm_#>9$E{K>QXa2P)ZVz^X-^ooQrq-EO*_)FU( z)!OOMA zwM+ODMcC$-&2DBNSoKpz^d}D9wMwK6sd;T-MW-UkzZDwI71@hXBm&2uge~>S*{EEh zUVazR#WZ!M^?UaEyWS+}Zwajk3t*&~Y;Un%mbYNW-F6Ml1{A5{uU@I^h1dB4<~;FZ zt*tW{!L{$}o#bBSw?o=wXf2oLZZ4;WyJ7LkRO>X_qHZgf6C>Z#S`RF&at<^SBSxv@@u0BVBJzROgjM794stO--AC8?$ZBM=e3l*9l7@lGw^^Nz zxv30fgPpLOKTa3Ou3}g*Y2pL#eubPhnt6x-RCl)Ig=-@uj;oe~&1pOfdm@riD~i*1 zrK-1@FFv3uO|P-`LdDD8sz^4%XWfow3N9?e7+h02Ds+6WP)g#;Qp`s9Q10mm_)>s#6GO7w0 zLS!zQnAo3s5xIAtgxV0M(~*ZRCqR1HMH;%W?CXzJZ>em0>)fpVv42dW^j7l1B6{G4 zbhZ)QQ`MInA`Ca%y}cTKmuk|~;L$K0&4}~LSt`EX7KV(sZdi^i`C5}7%Z8``9ReR1 zYV*F}gP>#ye5b<`E5@vjPhlYgzS<9n_dzAXjZ##?V2GALsyKqYz`OyXkw_BE{QmvJ zK~WEum!&VFWPx9kXK*|dd5Kj8syqU)Fchu`S=63HdS(H3$2N25w-5Uh9FztbIv!nw zhhi>OiwY(pyF6OCi9#UUh_rE}oY7GZCwbrDZ}{@XBwvb==o6_hTK8WshLb0AMDiPU z4f2998*(2DoD7Zdp#oiI0#FV^Y3Ym@2EnQc4No!LSg4J$R9v*bVn-j_oeMLwhIrj> zWa8#+D7)}5&_LSTJad;tae)7#wTJreb6L29i)K0TVUejBGpDw)8S>*T$(64J1#El6 zFLun}Q$j3vWF91war(U}8`&A@c!{XLm!@VEDn+qWuW@5%6r<9O6-Z(Z-3cnOSctB{ zTwfR|3Y?2k0k>)z%iPUF8r%ZKGAe|(PT(Sq6~fqQgiPHQ2(O;l+|KR{UUEcu3oLwL zC`TLhm9%se)Tz(2+Nta21|=?A|3B{x>Q90x18S}s|8{%cmO@E1-(6vR{8?p3qlZR+ zIDpr7dzoDRJ^es5HNwX+Oa~7vHA6{+F`iaoTGsthRSs0BG3@l|=#Hl8u|5hLyCHPu zeNp9>KfcyT?iOJZKU$7rn{;^vO0RHTsGx2ES|xi40~fKc!Ikafyw1l3lZ*A~;Ru6n zI*dcS8Vxgb8IB6!rVqIH%BIDoq>$?Yor-f1-|9jbvdT>j#LUxdfQ9Jk0*>Lob%#Wl z*&)Rnqm%1*=k`wt(GU3|4O{i(3w0ferZL2b@D+dimpO0^fd^HEDcvfX!BFO< zA{$x12D`0pQ|z=C8Q}aRVFj(f+e=Y5W?L~E2Q~tuPc?3CZY|TJsQ}znMx)NlQFudY zC9NH|3y$2!g>XhO>)8Y*Xbf@5iw|Nr8n|4k6o!by`6G^fjw;i}i6R0u1uNG199UTM z!dlDemCxfE1*;X0KrA(F^JS&6I>BU!E~!nt53$knlISZ!iZ+`&m?4@yqhlOMtl^8` zd9Z|ejbQ?eBg+ap0=XiGty>a8DH(th;6^~4nTbJSI~jabBd>%=);ic}8krsS0;*^a zrb+J6WvhJJAuzj53`#r{$mUw-iN5L!c~l3nNCz|cRnRB(fJITI z#=i&lRom!_P>C8-Bgq8pI2r9uSEt~H`yf-8XK>?a&41>okt10vJSzBUbKRJdp@oT> z=?e2KQoH*P7)pYx!j%Cxr7XHCT+wG5`ZA9HZt8d0ZgMrpWEF3XYv)UXd0a>nA7f#T zv_0sa@uMABCYrRlvz`l}uB;nFNRZy1r9vwS=#A>z=d>a9o;xtV zIux23!^O!2ohSA<4K-@v=OtuFj|^*pqNptF4%rAYv{F9KKORa1hq<35fE5j+wNGA! zA+4PvZI>J}BV0DV`PyZcc$idDW3(H{KI;rI)MjaC%wDXu8r}nbF&NS`-+ohHE70sF zql=(k72>NW0#(DPNc6m1G{6MLH-^`h6QnOuQU}SDO6>PXEvdq?Q#M5baeuTgn_;_> zt8BE@?ee6y?9D$PtAc{;DId<97m_0R!{}y*uOA2pTQit*U$;PoDO{Q0NsN0iE|DR8 z)bn|EqPwg|1q1m;>fyY6MAekJkQu-Ea_}%uEzW}5n^V-==Hd*>9ieEuOoykDKH!i` z_d({vYyCbiu$&3*_S&(xUZ?W>O4Hf^yRcu2%&$>R-CP7x@*j=?V#=7CjcZdZ0)ME) zAOC8J*v^eCCuEv~eY1-X#I`MFALCGdKFDQe@>ZpJ zM|$Cw=uR;n!h@pV_UEPZg0bp#iYZIdr=Fl4L1k(=(s*e$ow4@e{0v2!US6ae~e|dyP)M;Q>R8JP9O=-fh(MW^4DTv-oNv2KNsE% zAP1_s6@9lJ&ZmG$p*iQCp;z0ldH5nNe0+nOo+lRUHkaStBkOn( zdT|l+z>>c+-wPF+a@gJGG`hX)p6$t&`DxG3peSuuo~(F(CaZSFZ8>e)-U-G|i|L7} zp=nf`A2#5vdT#w6$kNwho*IePOK}^<>7WL~{P&Y8{21FcDVKxRlK$eZL1WBjp5hwR z7kH3%v2$9~Y zeO}+77^)+95m6*APUorBF1x3JOrPo8hZWlYP*bYV`)6NkYRO9bd=p=7mhj)C{_~%n z=EP-2zd9#Y=iT8^{5pK%1tYmE5Dh4^OyO1|IVngD{pXCC=fRufYeFh}iM?SorwjiUI~>`iL`@9uG}n8>+YwiPh;>vS zVj7$;j>xTjq{ud=(n6wK@jzL9yLe}kDU&)((X28Q{b7?WB;=fCAJ$sd=;%>E@Wmj9 z7yn=fpz<3Rw4_^jocyd(6oy_8v0SF)+NoD5XXJH3P%SY>kRG1{U&3!5qRBa@c0R@K zxQMzVuZjZ=r%)!MYkUSPKl@gR!KO=bnCRaOiPeg!<`P8Je3M2jlG*ZPE85=Mpv_${ zcEX>OX6Q$Yw#>y*W{y*+v1O4VIOQl`^1*?a2m7DDP2XhK44YmO{5#q8{7&MogfuTdxJ(w_pJ z1iE!7x#4VCg0dZ9MJ7X}%4K*z*w+}V4q#B6y^~hf_6AW!*c65vkWK^nlbr0kHVH6U zm)D;cG<-0PM$zpq1WrfB@WuIKGZxN-Ea7{vR%6zvh})%K92I**Mzu=hr&f> zY$FDec$HjRfp!>Q03WtrcAT~`zg_44dDFe>MT%BBAB|nDHa#cNaUYrs*zX@3LJe!a z5TX$wfw^ucEe5Q{=2#eZBCv~DG@tG_Mm)#l#0Uqm40VhQs&D+5%{R=?phMaa3}LZC z9QYL&^Scg6pho}A6W?H`W^hq#mo-srK)|(b!L>t`xlJ-td1&pO0jon#+S!-Im+{2M zED2g7sxjmW?SO0@VtWwsJ*R35=hhmLJ-)iysLk}eIUq~)VMJV*<1YSiLE6M{x}@X!Y&|wr zd+7N&K7-?BpHYtST1q0T$Eh%)>vmpdBMq~xf{N0!mt!rt`nxSa`*I+!thvYHXuI}s z4&fEykV1?!D&o-ID#I@6YyF#{w9u5wIEtmBeU?CDw-mT{|9Djykw+{r9@2Rrd}hbE zJzyiP?XitWJf!ihl$&$ybc@7HFi0*qIz`bsQ>pL9m)5jUA_Rk)>9VFy@v#S;rcDTL z(2Bt7u3pCQW5Q?MnTIJWJLS4g)=zHWk~B@dI&~Ma(P-U~dScg+cR;F2_2;f$Y##oMySGW5kSTCIZs78^~RVf_S@XGLbm_| zeY_ug3St;ORxBc?@5mtUS>qU}ygIVf;^E=|K8d)35|7qXyNJias8fWz?DVhr5Isfg ziw76(0?%v4o&3?a1u<B&)SQ;OwaGn zb*rnBhl_9LHFmaOIn1tiU>5y-{YN?>LoO`d6;kxdjXv*$FVcZ)ti5e8e$7oT*2v7w z?9AS8Z);;?!^fvS%I~4*_x8Ha_vYpn9}fqwcaz`SXaA-@F6U>@gIi8kV#F+T;nJ@y zh~;*cI&AW&`%Si}o1FA<%4g6#@HfmTwpVc-ZiTPFWRFE0oKYO-#Od~~^`!*F1VSHJ za7rm-pmXV=p4`CkPv7?l)_w2jci&v!6Xe z@WMgXj=5buI_~YA=)rB)@9e;>%>C*9%uLqW7kHN*ELc!hkoo)~A)BE6-OcsQ7q{Ja z&QR6P&+V5ivtJR%wNzN_v`oG z7N`4vpwg4Z*ga7>Sp7hbXjV)8FO96wsw|kBdjr@r0~_`gix;Q8_#tdk^ISr3!86;= zMwzx1N^X%mUbHX(Lu{zGc|9i}DcNr|lHj**)lI=2a#)RFB11Fs$%lE{CV5XBZ#+tV zD!SkAVd$=d}eeRTn&Hg zlN|DU8@yKxf9wAb*IHC9!wplIKXANeO70mulhZwjsp4#trb2(b9SNv-!PL>#Bn zK7&yooY;;hKRZ7^GrKyLKfNB`|AT0a-vcGSxuk*-R?p_g#ev&2QtBQ;M;{7$MIwj@ z+#MeGeLuM)#5|4j6MqfLM0>p#MHL;{$^G!EC)V7|YQ@823{1lGld18vt>DT-(l;>L61}(iY-Qv<%*eQq$|8CTVTrG>?xo^P z>t1$c#CionuD0`^3#_8Y|0e`Qbq36PmMH{hrY%WJQBz9OATB}`gQo`cfs6{mRFUF$ zXD4E<8-0Zxa?bw8HdLuIC*R|s&OIy9{-a_4Op+@tm6WA&NmZI1CR%A-j+I5rCRs$@ zl*yG$B(sMGYFwEEF$ksQB0N=1_C>60wb>qP1&(p7*Cf}d;6iJ$T@G9R6Wl%h;}SEg zx}a-x^I8Xh59^xR(GTO8GX4>Xi|i)Fr)Fh-D%_+@Ro|cT#dP{yxW!qbf7Mf~q7GyQ zw>mCzD#J=tZppYiP3{J8=_whTI1QbXYpTJr)Oc0MVk?@9&5M9v80(B9&R4)o$zaG& z-KX3($)nYaO3gcH9n#a8o-x_*cfjVlA2!}bBO}r)!Xg$G$h68fI=wRcxcEMI5crkZ zQL9+9n##3|F9dzQZyv z>3SsT(9S?lw6@m&FiuckM}jk$rz-y=w$8C3Mvk}1{=>DBZFj1mL=I?qWocQnCXf1? zH7C2TGo}`jQ`S)Jx8SYwpZF+vcl8AscNGW<3(NV43>0*zugT}-Am_wLF*`xh0s@b*4T+r23z*At}B_usKqT#sF zWcS&fkxbB5GUiCNN?fM1K*?EnyNOX3f_v&tn1I5}@`1R}^DlE}AU0AAGxkIOv71QE zx}lom9!O>i{>YOoGCIl_$o3hI64h04FD_FQ74qS+8sKe&Ew45>3!mSTLOa(UG|e)= zg&v_4St=EZq4t6j=Zi4dyZZp;qm=9l5_%C^^f?s;cil6x0DeZl#5`YlE*8cctU16v z7C=EX1u*3|L8*$YSCWm#-~=KfqdXBYhE6$&97UZ35(USP-}mrD6i)CIi)6>A%q#F9 z42*!cEP+d5Xy7TZI!b`zFi$?l_QwB%EsDV`WrSl=ZSJxVXh1^Ttd0Iv%LE+=au0% z7`5HX$9KKYYx%m^tdQoe3j_St87nB)q08MCu&T`r96vD_&bRmG(^mlMc#P zFU@Pxc?NstW^-gyZtPbk+kmE4gPHy%6oZojJs-xq1=~keyIsl!v2~fOE1tKTx2#1s z7)K1BvrsCW;i!dHu9kYGy+bLmTaIya$6<;&MtK&d#PE6Hk61CapTi7aLTZBnvK%7m zCFJK`M$OAds&NtSAbxrKOShkk4W=z*3R6zadSe@n_H3Z;w8h5BK>#Z>;jZR4ai;ZQ z_b@urQ^)gNA+2&qY3{%4+sbD>kc!Jz-lX<+EjQr0>&&S$2^~E3c=u|PA}H?AVNyC7 zMXs7rqHbofv}RUeJ9Gvy*F3PJVu|J1WYkiZtbUc9u3pE(e{=yI2P5ze`KEU1PTbhR zm;|z?wxPR93?rfh-o^Dz$|6ZG{(E)VO$F?xocJa>6JMQxL6vnoEw+sm zdZlK{tJalG4(OV@Z6I|WXeC<6MnZldwt!81r4$ZW?B(}4A z^l4n{5#jbrZGptrx{$IYU!ukGdkkhY(YFj)trc3<#mtNgE$7ijx!V4!hT_aS)nm9e zymY0TwYkC5_FJ&rhc%djQp1yAW-`B^XFZjK;?<4rT-5i~Zj8izkakX<2 zl!ld^g%X7K6iAKoO-2QZwJgjqGnhfIX=?;csWvFS;utQrV>)X`KCC&K zt~>{op4)m6bVau?P1ly%8?gR1S#x3J(WSulmzOg62VfA(uI;5FHtU*uBq&PdvkUp! zprss)O*d5)4%smym-PTJxe8!AZ-l+3!}8<^>b zz7Q3B83A{^w`j=HCT{26m+qu<7~ukza0Bgfy;#hiR(*f$og@ zi%!!45OIcsq#aFi-t$2v#E%q<77jsNe3m8NnFwY+og+gHtjRN6sJ6WcTM+q1 z5!Z+}w6lT+ZMQNV<6ackS5;ahqYmw}coaN2FEar! z+Zg9q8F{a%c}81BqK4Eew8^OHbMl@-DaPY+lV&$IP>`Xkz;rtvH-}JSxxU9r;n?c_ z5?sKyJY1;M0IuGmtN?!Usg`TFRUU;tl}?L>>a-$4y-81K>h8G2^h`fiCgqVC1s~#H zrQ*LsjR@SBn_0_(o^^ zcuz4H;+}TuFuOH6)leC=?3H;C`H5_RXugCg?~L&Mzf-3NmI1T`dT<-bZA1V=o9Fym zLBzr8RrTYPHySz5VNkt8ov^Z^=b*HbqO~1olmTM29k{sEd3D}{uY>GiqLLkBJ?mPd zT0vN}Syy)XtGO1i7?K}6Vbl-eedEXEld5BnuJx2hM?Ioml^;`;e`(H{r&CKX#b@>$Z1xqwPrB`eZq!ybhsmA6P*zqLHBbf&U4u5cJ_A<=hZH#G`~vSSBD4t*qcBL z`&rxDas9ZIqI@)&J|MeDoH|@oRHIyb5BGG*y`W^~FOcQ&KO&A^O41K)eucORJbW!Z zDS8uPosK3q60M0h*7O34ib6&Oya7klQ?g!n$wsac1Q6twa+B8)*o366xBFIyZ~mhGet{Hk$PGP(P zW$B<34%#kk6sNXjG!-0!1eq;a9214JQ<~Q6s-7srEZLP6>TlGo{^O#KzUptnQw3`w zeHT4c0z=zs6+okWEzIMi0_0IWiT2`TOkG-u3^j%LwA1UItKf5(xKq+#$X;NCM@9vr zB}`RcwGVmS!hD`-m|IJi-J0qKXNhht1!FKmm;_eiFQfZZOi37OUgIbLl;SHGopO=I zBap+6U(ke~+7n$Kwo9j8@}f9Z+l+?l;WntFIk~NXx)$Q!cDt?Rr(CAyqLs+(K#CQF zlRKbYii7LN3pR3Wiw$p&r`Xb_zjh#C*?Au z2hA#@hn#jNyI<|KcMspRciKChy?t*K>V!L0>(Wxq;pVyqJ`Hki`>F8%{XN zI`Rg(*>OYVrGlWS46U*X04D=XwGuG2+aGQE-C#jcH&T))Rv}X2)LR8LHUfm7F#Bruj!$#JI-My~HcU?iO z#@u-DDgv-Cpx4_(g#*{F*wDUnJiVc)4u;d>cR_3!|BSlc){&|c8dRXyNb z46AKEExL*+ok^ly!Em4YIU0~%@iwaF?3QvyXfSn^)wTw&>7>^TZ`lFtB8z+#@BIsj z$j*8?E<9O%439A7T^>s3lUl*33)BdXi6Xt3=%COdWnPtpD9~R^Nf1E(v{GcT_$c*9 ztpsshQ1UYJM4ZgIK`%K;b;P!PIIqFI%mrR zZ+WVvwSn1O7PE$ororAADe>!?kJ&_SN>*q&OW(^Wo-3TbM(GPWpV4*J4Il;qPM0b;7g)qSDX?C8H6}6L5e?wu z;v2*MElPq1NlrnV=9mKXB*BBq3BjIAX59wRCs7tt!aRa-LBAda5KW5dY^oq$@y|zr zl+1Kjx1g-vrb+01!w*1Mt0${~&1ZBIrU2XH2MfWrJo{l?e!+^7>w2$tcxf>E9n%KV zQ@iuJ-T^&z+u!vLSuJuJ;O6I3&DQK*$*}g@)i~C{upGf3 zr6r)OZR=;XD)-~%>uwE??j9_~q^v8QTPy#um~O3ybiQ4L2Qovi<0THI(v`uLl7-o* zFKrnvxE;y9400Rb0_;6=9tv)2ZZ3n_1XhbTiEpC8!yt*iP1C!)$}Ca zf-*4Sbq37ArD!kKdJ|beQw27i(?t&5S*InBm1Q&FS|oNr#m9@~7~*I~7t1BmiJ|A# ztQ%60uGO={j^X&E-r}X;Gz-PA82#2&a1E}u8929h#!zM(wvXd<+Z)A$4F2RJC<`a@iffV ztK~Q2KIo`8ICf)IUC&5v$T(q<-`#r`tH(^U zTkBQ1*6z;U{=2x;cjnXzpC`wBA8?Qr@d4r1F@N>XCK}PsF(4Qa={5IcA{muO10Yh^<;EE)>HMD<4s+DK8J>uv89^arjYaKJRZ+Je-Pu&UpbW6_IQ>g zi0VgTgWf3>(k38wVKVX{H%6yJ^4a3Cq8UZ>z7;Sq!!<)eWmmxQJ{{9l5(~>lUV}wS zFNX(1&A<#ClK1}tEJfKR+XBiUUIa(#zA2{r;#O7GTMjoV9v6!6(|iylth6n}URQHD z{DWY^r#CT7GO+Bx)^z)2~;64<-HNX~(W^UK2*}10rJL^SHJ@JE*_gJ*E}#) zF5C(|`V<}|agaxr$B{ax0t~tGO{78$q{+5ILe1tryhptdw1Q3$hCVETcr63H*>G8k zrUM@lAb}Tk+r7}Smr%rGDE0wnn`(Hgiup!Sowwm>;#It-~xQhBt(!b z>eRD~;}RYC>`7<}ZG_#U>&A^#XF2@>n(j4mq z%&bx4&KI|Zm~>tvG?;maO!5Vr8wPYalx{@OI=nX=d{Xw!)xG8gQcCv8cDy1z8d69H zN-4*}$kUrCyF|cVG`wEYRDhS}!dZe2j?q24)N}%h6Gn3xPb)j?r0>&jMUM~rO!$8q z>nCP6S?#ZP0mlxV#tnPR#Pv_uWu=bjdPrrhwFt4eEc7MXf&Z2W#)l5It!gi!a!FQF zDn_}gMYQZb;V=vRdO5FiZmJ*~@9NZ1O)`vb^XLo5jYwA5PdQ}^eZQm7^7gnzdoTw7 z@X_PKa!S3c3`0Ms5fXTGemkU)YD&ZIuWE~og!+kIBixkT@}oVoVQL8L{1OzGsOHUE zojm60kq!*Hq8YU`H5N>4xvE&ZE^N;igxlgBRyUTV@M`3L5l=U0IP{V%b!wL@1l)@f z*p#Q3NnJ6)-1UC-9&I9WOd+Evt0jM$COVqTmGS)<_yIRdQyTk%2u-{}S1lJ$(@C17 z!-w7kcQ>%x%BLB^#Fp?Ik6(G_JF?H>f~Z^J{&orSuN>ScfFF*64HNL4r*7iwlFT&rHcB`1kiM+Hf z&8kv3ieSgXJYH%A$vg*`6?7*<)5J^gx{a&mcVm~!fFZK;646#ovh zWo5n$sbK>g!4@>0B$2N%6&oyzw%Qf|Jb+Jp`Zfy&(S>!?tdE?lRWfuz<>*fW1;d;H z5XyD1G(qw9 zJw06nT?%^)!#P&v!rNlBIt9>ok6ybH9hw9F8(LqiZs>?9T^`9JiDjML4jiuC! zVe0D}Af+zs&+>BhFVq3dq^sBk(6b?fo8^CZr*8F8)m^(-7li?93C zt~c3i>>J?~%>$>fU%mc@{kG)b2s4apmu^f~en5hGj{(QRI}`c<3L2}khx`*BcU2|hQ$G726zDFEonv!Z(2 zN|$iGOF@$R>GamPrsA~Ay(L{D>6+4MP%su99e1McnR164=5G_U-V)jX=X<-uP@!$J zUizs5%ZWOvRjdxmpi81cEj-Ot&MFhMeDx;+ve-fJ3z157yJWLa5exM zH<1{B$wM2j<&0Hs4ze(BdntxyCbrgLE(d9rVUlWrXW=XY-YUDhBm&U3Q%dhGx1w@d zDWfsVK7xiJafuAc0chAlh$pxLFX z4#nw^0zi^&N!f|1Z@B}I%8cACNKRx^n${Tc!JsX#CyT)^K^)DhvoTZkSITDcBQ0_& zM+d*jW^&gDNwyeQVKMJOnm{dUjgd{zSh^?Xs;uAOs8tjV^&Z}S$M4C)B$oX0doBZd zCI&an@HlcDu7u(AGujh#+K$(uA!8cisxIJ3;94|BoQ>cG0%bbaFipA6k#T4ib#c zpRp139AkI(znXPmclC5S|Znc<>OKt*R=<*oJw44$-L zQ}hg~kP<*uU2C;S^S#}jHvfmQ>FRjQs#~wp7~F=&0$iw0NsDzBEfrp&nY1gQH9(!S zVyKUjd;HrzTQ-(_skco5OJMuIhLU{^*M_xY;=!{EJ-5zojECE(d7!5@1xAu7q%Uq1 zd3`eu)TrFL=twIKpH^Vp$JulSb1I(Xbc87{kdZ#ewjSp6kF}CD?9*dnSDY}~l&$U- zD07liqcB5M05a6;fpo5=al1G5K%JS>Ac1MDir+d*J9^4aFvh6eF-ij{=dgFXLzT1_ z@}f5+UP9n3?OMfH!1bD<8W+4OQypeAMk7s~K5P`Ijo?%iaqqZPV5ErSCR)B#a`D6Q zvW7DgFCW0X*D+Xeo55Kwk*WBt3BM>0OCXX|8{WuloQg}C1o5acOd_;G&Y5j7WYn7% zO3A=Q9={jC^p-4olRzw95{p|22`YuB_eH!oayF?A#o;D9wisFCtc>{HfarYI*CfMt z7GWtz<}#?q&7inDE1;4N3Z#1&-J20>_$C`F+ZR93WKf6QuD;Dvnh9vw$9N78eZZP6 z4qcBQh{Hfl1QKFki=$AyhY?5-46SSeW&Zl#=A-{G>WD3N&0njkwgyi>-NvwImV=bs z3m`bBia?JOJC}` zt;UYYHNDN@WDhUSAN{$vEy?6E9Iyh?+wV@d@wNBAybqIT47;hp-Ig_K1~CnXj+GhA z7SAJh#AaB0;Er2)@*9N_x1=!?9U`lRCP{9x@&uFq z>lIC^R3C~GwBPk^@Q!{O*n_JXKs9BMRI?zcbb2~0SM?DEJGJl=~_fb_qeym=P%}n2EWDK3x z9opNVgs^j zVklaqJ!c?A3-PZYnqtv~=Ee2jVmw8wXIBoYSk)g*(L7ab#W^S*5nyo+)JH{GoCEjK zp%&-B{-=+(=;#zH2VGo_qrX(_#d$~`6M%6Z+{Z;>oCo>wp%~{u|L2d#XtjRDpp47$ z^_PgvSdU=!0FCu99}}gq9_nL5HP%D^r;pcY>yXbMw6OyJb4PBhAmRDKH#*9}q8N@9 z^5Tm|aWwbczmhnP&Z6^M2keRk0ndQF>&6$3?K7Aj;z+ z6i*Q9aUqJ;<2^R)pqHSJ%P?(i0J)VTKQ;sZwBa9{;e2!q$R*G`E)e7rh#nsevKg`` z2npG+RbMVHWHSQ3aB#?GL_9h|WYcN*5+?Fj6DHC=6ZmCfMOrk}1dJ?pG{63kk)`%L zP29+;-e?**vP9A^5kAu1G%p!La&GHuqDb1z-R#{N~Z}gkttV?OlfN$D}|?=uPrVNP-!32{$`_8+B~^zs7hO{`^^Nav>Lr2 zVr9|9W-%-0!LAKlS&ihMIdo;&ll6^VJ8pXq$!wSz36tfBT-$-OkV{5-cY)pHX_oM+bD?$H;qGVRm|Jx6hS=p>#LA=aL zx|a4nSUPNGCE9=1*qI9(`>!5Av$BK!Wus^=WS5svnokr;vyShUji)(R5YCOLSxLc5 zSk1?W)ojwS$NyrnH7on%2?K0aPXkTZ;t-pLVek<_Hf?KZqezX9@tVjQaVqw-I z{M84B9P{~tW7dw~^G3+5XQU?&lUd*5r;L?Zi{)_vGwb{5 zpCM{yZR?&gbmpZNHvg2tGpqaX=_6jM5gJEH`+kYP0}H>F!93KXyOe(Y4}^(SG}m>UbZzT@jF7#ALC?kEVK8) z8_obds8#S@!I<%dz#))Tz=8ijqyicFIGE(O@D=fd(t6VMK8z*$)qH%51AbhTO3+Gs3;rnQZ><8?tW)Mb(AN#FK;;Sp~&Ygcn%_?}{NtRz|f-n30u{tr}`%6@)8?8(FD! zPaSe(6(YV!*pXETSuym;YSZ*d!jCM9JyI>kYvPYoM)K@a5w~3E zA?o{sBnrmxH@@-7-j&05I;Dm!tv^9!l@4q(6iUAT_gOlPe5mQiA@0U+V!ZO;`{NYK z<~eK-L->U~@TY(K>Ei9l_wOz~o}69&+$nJS|F%h&mNx$V4}bChF!KKp`hWP=|HHeD zt@dPyWfpXfm;znZlONBw13HjQ)1?c}c-O#g=>Tqel~%@9v?S;H=F=!1#f{pWT#(37 z-Eu(c)ms+bEl9JwwdGdjD>Q4#E4GDeTj`purRmA=>JIW21Ppx)t<6G)&fjeP2EvBc z5v>D<&MUAWbSQPsa|RF9d{iGmw8?-yX%JC`(})mSj?XEKYD5i{BLy>Vs6J(&7@)i6 z6E}9KyeOiF+I9D;>gouhmDgbA3Ct(G3S+nnR76DM6S0LPNjcZrz?<^GyS}J0V_)O> zkBA!MP}W;aRuf9B!~YBRl(NpL>WJd3PvwM9f8xW@1jNDhRzZe&c8n)Rqgg&R`q%@x zHlyoW61ds%2I!}=ad{vrJrEkSTCsFtgQ2Fzd`^8AMUyph;=WH~x}TTciyK7lg`lO< zVBJQ^NX`MoZ$8E=LFZ9$FR z)X;hnwX5mQb+&4Rp>P_ae+n0y!tF*pg$!Jl*AKz%@OGeaUy8#|uYt3VfqtP+PnpFW z#~y<64Y0j8olzn!1an`=-z%kYxPYq46fCu{!By1@kA@?;JPG`S{eTx9RiFXr20CaA z@%RRc!d8)#$4v@BVt8vM>7a;Duw_#AWufNqM*gQzo%#wg9B&?x2ylelxg z+uqyhtn;=@y2QWV^+yp*BpPO1xI#SoO>zUZ{yN9s!WoV)5Te4}^P75UT~vx@6h1C8 zMMJunB=bOBj_@xq77Jf|vk%u>So+Kfq)?RT;%g?x0MYgMbbv@pKT#4ln9F=DBNKn( zx@BzUTPy=6DQqP17x3#wVU3bwf(`T^qliGbMMetC=v!u&mtMPyqa7xKT^IQ5C|{}p zE$Q*niTFHP$jK5^sUd)Z`TAE`NxRD#m3)#YD4zCU_*`lB-h0?3~j!$y!i1*sw0 z39R8Hj!ncDA9`n39|UzL&HWtIv}73?6j-4mzl$feL`;KWW5`%`Gaij*Q+8DdhB;k| zF!rijjanYYLtM<8;+5iZIp7nfM!F654i39P(1wq9kwoYj0c$eyd~D2+ZNBRR3KOZY zD&q^m0rDFWJJBIm8WW6Fs&XLAL%~TR^W|{lTuJdh$2^g3Fmob?M;Y9KLKvs=TyaO& zQx*WlV{9i1hInV#52Jn@jD7f)?Quda9tOR1*YznKE2fnD!!b*q> zrv>`Q@R6|wI4#Cb@j%X_jVJmjx;QGH zmyp6f`?WSkAIPkIQQ8Yhw}}nnYu-W^dx~QYi^ggZr*@PJeR{Wj`WX{5vNO~cg0#Y2 zNpUHS%cyZ#l5XI3kQ4`hx4iElMTSuak|M)74&>WtjU0`ermt4C3PzJu$-QB3&g^$~ zP&pkm4&|Gjz@s7+gk~>0Bw8&hRNm+c+F0)Dk%PL8MRky}qM~%f6&od`kP32^Lstb1 z2!3nRhv6s4Ybznm+ZbDw3R_Wp;h%9;v{#4jxtUSOjX0;YCt^=4bsZN>$8rPKYHx8= z1L%+WzOfk}3>6wWG*%6Za~DLIQZHdxSrx+fyEnOabaAE{xol1rxBW}qWGxS>Cd09y zVvDKyIR*Ej+D^@armPInIotQEh@nh=-K(R$e^8fAUA z#845S9-ysC>o-J-Se&dBh2ng?%=UpdvlOygJ7&r=V_+uvM2*XzHYcW^8MNSx83qPzM=x#gn`=h8Q1dBjJbX)qR}j;a0c15Sas(Zr4+QLrYJ-1UK9vV1>rn9 zl#8i>^+{bX_Em!#=dUT{wWjC)Z8CSdXNsCY`#q=+Y^-^^EnJP6S~pz$W_i_{t0M z7BZ=!M?GT9ZSVM~ck2E5+tc?50k8x~I&9wtxrX*pyY+7B>f7GN@rU>C0p!M(cjZ(z zDEWxz;YGDA@AMq7?Rcl}Pmlt9`?3FkYwI_cAKujf@hI?7Mz#*39hFU(T$>w8m)^mM z+UmzH{!m@Lv1O<{Bd5z)dm#nfe1xA_PI0`~&X2x6JzsO*hEYDq;t8AG*4`VN2}Sdo zjiYF2EvC0e-@iRwfT@QL3hvcR=m~IWCeBT*JE$vY7o$ ziVSYmi-)CkfY^^7Ga(ETd`$vFE(f~z%r>ZJDn9$g+mEOJb@Acy>h$vC$yx8{>+{o( zC#T;WeSd!S@!jdw<=JshcQ%=Up?`5#r@PStZUkeW*9Q%92LFOLm#PH!Q|Cfn2>EGk zehbk(IsY z0mLA{;ZOzV0*korH`Ys!g48tZlm@u)2qF%WlPC!uRCs_heugf?xaF3oI2=~p2GA!~ zt}V`A^(cUL6hZHbe?AJNWRknO1>Nd4O+rsD_k-f7o~!~^!Zs9Odo#)WumEh!vme$8 zkcyG(dVCLLVkZjQ2XI=-}a@=cIZUTQH z|1J-*0S7M+v>^{K54a&0R{(B#&eLBxAB)_sXSURTslv$i2&fYrwh7 z0c^;%%K>f3u_d4_&wA!?YoP^Iva4`rGk)Ez;a9oD*OXz|a&c}c2XY2xYYgPCt1RHT zbsdF+I~j%$3)}+Z-=!_v1-B#dmqBg=T!6i2&Pl;-&C_Kto51Svs%g!+7)I(iYQ8W~ z#R_jONu^-#8jM^D%JSxYwfp9EBSXrs#tE@lMScsehb3yY!(ru{->92mxh*fwg*DEF z${lF1L^2z_2wBNy<_iaXgxDzij4Kc3VSj8+m8XejudY7&lq5C%H1^|(A8@J$vzhZ! zv$!pD(*mfoGd}HbqxTO%GMEATF+K(Asd&HF2Pt2~`TRjdi%JWi`sqn~#B6kv`2B9< zO|KoD6RMP(reH8UhL}xLKa6vVnMoa?coHNS-5@fFGM#;d?TSMP^06Ca!NfHCmy2*N zv$dao^4i>~?fG-#=buGT8H9h3)L?2VzDvh=$US#PN|^-{Q%bphhz_1hwUUyKh;7Ej zNl`4(@XO?yT{$-lZVgfT*qZ|5^Ebykt3=^uXe3p|f|n7yLue3ISa6ME@my0>QP4hE zdSOE%UqGYci`A+}iYNxmAYt{ny|Mhkf*+;1dBmmC!KtN?va6h=gBf{%k{$xX&>n^B zRh+AcY~C!URBd0>U%oHTts}8Pr6@u+uK3U0EQ`qIZIfUl*kgHYE_5b!3QOUVtb*0+@|PIGS&pbUzyudWx)#OYhs_PB zF*n6g{x(MhplUdm!)Ovw2mr6Ggg+E+ALGQR*!MLOSL?hZR@yNU9jg!v9HicAT-~y3 zmvWcg!0jSOfmwNBbM?a;+;(+)zL19+bs++k*#Ox>Q! zry0gJ<3Rjowp@xR93CbN?wrjo@BoQi--_C}SMBYc_=fSWjgbpVYkkgal z$E+ywF$so03H(2y9y-Z@svB?Z54rLfTk|&KF>E`+$XlztaAgbpoN?Ia!CJrc*x?#|BP{=T=fv$Om9U>E=5NB!M-1@CtE4-XCxU+o{h zKJa$-cJ>bUf9LHyNedTzW@w!L-44>YJFgr@E1mb=X_WV*M1Hvst18iWK+Yq|?~sL9 z%XVi^2Qers%1ztfZEMeWrQtIVwdlr8PLgu3y|>doXen=Yxh8PX|LV=_uXbPWzYccy z-}Ju<_rE$g?7!LV_um}8I=I>YD%c64H?MZz9DWtP-q{Hc_M(H`{r;Pqa5vc7-#=*S zn`*GO1GDV=JForS!>irB?(Sjt)j|99tJepIul{{!ue-Ce_9D^deCEu5c_L=-Hb%T- zBmJ^C7R~>|on2@CzuG%^^)mmT4rSM98s%3ixWBm0v-Ae6Dqb_Dr3=X z!r5mj^oci2U`Ix|$Ds5!?U*TZE2VZUo(JO)0F0v{>nWQP*aO9%F(ELfD*F9a+e1${ zI&GRTNqBDSVMdd7t9{b@hym@Q7W$>pS=0~5Jxl_dx7x6O>d?PTeyiR8N7kW#)q~q% z2met&^ZRk90MzFYRFt`*^~ZMpX#)TDgFE7N@ZPIXgK8grJ_IskhaR z!zk!*Ie64+--GTSMhH6|4JD#M3%(LIip-Rx!`AV)NAKUBo_~1T9)-WOaB4jN`KYh` z5R8&#aV%W_cMsh8|7z#(W&S_M2WP?L0Vc}r)cZP1gAj)M|7Y*b_uDp-h0*`@6n*K; zv6zU^<|U&up7SY^ljz2ajwCy0K4(4?B0&l<32*>XvL^D2+`sO#-6y%Vb)y>#2}+bK zDZ+0i7J*)?tE;N3YgtiyQO84{Y;}MiP=|)cH`F3OQiuDy|I>N}N4Y2sT6-pB`IdGZ znj5|fj}t#RSFEgD+EyQa#!$!3>whk5)g=mrUV0+d+3_fZe+FFiqu|dYEYl=C356k~ zoXy-9W$RPN!T2lyfkO|3>v=>(j$Zxe?!nShyWK{{v*eyuGCwJEUU7~dpS{nb!@tBK z2D+qvQH>T4f+Y#~Ed8IW$p}+Um|`?Me-ysg-Jh;6eF`Hups=?8wLe0acpp99aO6Dh znu?<(U2Ax*y}V#i2C@1zP6piu58_oEe-euw)RxDSg!5Q-eB*wU8G-zlIzsRD_pi^; z9sJ0T{ykCKS!uPy9*o&S3vftD9pKg8C<)V`xnhEZ1W5;NO#)V(YPG&uQ}KwDsGMUn zkfkLODLEFl1d2gjyI_b`xnsO-j9V!efwn3Z=GzTUL9iNuaCs)!BUi$Ny9I1*YLQm4 z9aRFua*@yJfaKE;7(xNynP#nhk~bc7zsd*>_%Vpj$@dW188=Tq0UorEcDQ}?1!E%% zLG=A3AjSxI3Q{N>#I2AG>)yuZckqfD*z~^l*1qF9S-=GfnuGT`KIU{Aq4{U$BpCYi z1t5-|*5pZLaMd`lFKI6j_{EoBj;?c;_J{Fz7rPFMl0<&;sBet5W3P5?w4CCXtlc-G ztAi}A0z!}5kJy#lw5-L7s2@h3mzL0renzt<6oTE%y0`w!TQ`pPYpvwj=F*boW@k^;jUTTlj3%su)jYO+`ycaoESGm45P9{( zFTj+csHvxobk5KKYT3EW_IW%}XJm~)R%#Ud zMY|MPHhGHqL254&Unn7NZ%5g+^qH78Y%M)14a4xLGzbIZ%OeTWS+@F*s-rACQap7T z5z$-RS0*_^C&+e|z7LxPCmrX7%V%ME`4YwefeiAOoFMcwaPy}V5aKwfUNN(_lMP^{ zPSE~3G5ehnLrY6bSxoy`!8-W&0c+XM=Qln3hZB|jx4%h?Lx$1tiI z1dpGM@umWsMKCkeN6H>7MWc}PV_0Zk{{AI6H=s18vpBE`QmS83adsBax*<`IfC`~1 zOafeDwi!!AfI0Xwa5O2vxN0Hg?#7rp9L24VwOOJ|*!%$~TN;wP=Q(#Pk=nu}%|io4 z3%$CJGD^NGu%h>^R;yfW6{uWZW_2%M0j~9{@)Eus`Tv4lpnK0&!?I*F8R9O~@v|pD zJK+yXD2L5BlkScN*^E6;r(g)8Q#<8`gk9J^JpA?T!LIor(G`A7;^CI{QVE~|DKHeG z^JNOS^y=`8m%CwStQvu{EgNQr?t5&5+?N~bn zY)7PwtVPn|5t>Lb6h!G4Fo6$#triL)xrKVsXsqO5`9dst9_NZa<^Wb0Q%8?zMUB`x z2(8&3mv``u-sm5(32ht0c`rS66l0V?$6kg{-%DoKv8Ru+ntAcfGM)=Dw>F!w(I#rO zGJ_}W?3CexYQ^gJG>&k1FB*SfpdsJ0u<%O*$s5e&*%Q_3HkZmkuzo2JtlJ=1UknJ= zuK@(>c@PNEQ13?l1fA3ROhRD1>)skFpg+8g)SLJ;7{V!9t#7WVjkS%n6+S|rZs;p4 z;Im|-KcwSPPg2%rM|{gN50O_?qK^QB$7q_@qo6f%8$`MgIN1&T-!WMaGgJz*iq=;_ zN)B#4`6ViFovniuHLT0P@0q4R_83R+i;*bA2@KpHvk;s40`&qP)32qt)*QBtr@E;m zt?O~XIdoX$C7p)pN@f5j$}|}C@KEK8_m?gKAba`tl_ymBS3A?lSwQxxtkTgDy@PM+`gi&|Zb|sQF8ix_pAUGVK!-)!pPn9-kew!NjRztY7tfZs) zyKQb1+hpyE!n}4(4>djj ztF5T62cUX~P+&1g)T!;lm`*o6XIMS|U#pL#G+&6c1kGoR20J`*u?feKvb$eo0zH1q z7D34FzoqL^b%MDGQFw=4N+yr~U~~df9~ssS&RN1eiH9*7Y~adctVoiBkpo!zK}$C# zIJP4RpG14fNuKm>=Zz8?OhWA16IFvq&RjOgmsGt3qwV6<7#H!rSujEC`ef&Wq2%jmL?1X0rtob{40Mgl?6nR%r|>0;OJ#zBhRYm%k+Ba8$W zG8;xV3pyv{Hk&;)-ZVJublSLGUw2SHXZTtFUX)1vQ-)z4NZ{HnZtmlL6H%EIf57pZPwe$AP?%vVf+c)s*N45RtAL^IA zH@hn;2w9)_8R>S40}O{GS9nX9{?6`P>)BW%9ClzvQGbGZ!9E(VQ_evu+vn>OTbCv;0S(nBlK(Ss`3-f%E@s>dL zv_iRBm)J{T$BqMGUvGEgvxwp&timYbRDWv?{p6E3f}!wB&*s{xG>Q zTB#M&r?7+$krIR`Gq?+ zT;Zur|E;hmtk=hwC-wT6LI0nuKhN8LJ>7V^_CWt{;`!r`)o+*PGXbq*0Q&7JtFc$V zRj1)_i|&|Fsz*xl0u`0WLAF#@Y{{~B!MnPypLDg~d5Jb$P*9gNx^Ib=MPIWk4Xz}v z&W?^7we2(rRPnPTaCIO0Dj@99`FZ)oPk#x{m6z+b>3osStcwJ#{oHz?c+kK#JvV}h z+zgdpmdQn#wA@q;eM+PaTUkxMTJ?(k>U+|xn08?HNK0E%g>9U=t>g2ON;+_lo;w}i zOeq#Aw~fq@f#@Rw2XV##tE6Y)LwIMXE27sm|D9QmX(#}>()T7o($6m5_@%xq@$98E z-P<=K831*sXuyNLmapTKYftOS(^LjPFo|Zt~ZNS~8tP6KxitUFLaZyjir=f$$>8siM8CmPcXdQ<3mxTRuUv-NfDV zjofB0+u|3ba{LFJdQ0ggZ{TT!w5hwiDv_U`SmWr&F^+wqlxkk8Q?=K>w&e5h;By)I z-wAtIqmLQ#|K{_}wVeF_3<^HT|2Og68u|Yq7*7(^-{*s-u9Dta4Eo3hfR*KB8>d5( zdP_$q@UQ&hBzLG+g5qI^Y)z2Q>O|4QKvDx2H*Nm|4IG$_by%|UPEdf9mT>?(uaeE!sFZu9#mH3v;0acd6xX%5m9 zS@rURex8HD^JmoymxD9~@V(@yIkM~GhQ0oDvwH2^aTEU6MQd-(L6Eg4S3_&>se>SE z&+DS~=PQhQYBzQ8+HLOH`jfhNz40}N{mgA{ePiSMdZ?Y9KIC{|h$AN)GRG6V%g=u_ zl65ODTH_BL-|FST!P|o^CBe4QZ2j?H&=)8o<4cdTUYju5MEn1Or%dW%`S%#uQey?? z3pGm`A!Zpw z+-QO}u1#(7qT~2sv;`fLaGdy2I?$GonVBEn=8I1=jskrY3D~~4|B#JKM4^1iOBRPE z6NbNb5pXR)3^tKriz5A58<-e1taufYxnY%vTv!~V5YFzI$>u)4s!mEe-AY!+R-{;3 zCm7;#@GqzF29!as9YCYi)Ai$E?4wP7p;Q)1-23!Bt36F&?7&)iR*KlDkbU2eMc3=u zi=F2vR)G7cszDA-&mJf;JKSn}DPS)xWuwrC7Ac{HN!v3GBCf-LbD}m3ox)SLC+K?Y12PLJX$^sSz-5P{J2RGW6Rz&MH z3uTMdEJRyQgCS6-9i(Bv;~Rfl_tw8}t(7SM97IMfTZX~SrYm0nu+bT{F+~K?z?rRb z=hJs;oOa2-o2N$3heU0z1kb%(YjeW2Slxo}Lcn|N&^5sA1j)E1p$9SxLqC@`;OG_R zmhNL@Vyu8xdMJL8l!)w9jIsqVcJ-wLJG!vlo5_wq37c01$g7Xcg0}2tW-l(b{hFIT zU}+zKu5UH7maK~taX*2PXLQ<{c(V>pl=Ujt0Ya+ug@N64BM%4(z`!=UiG9y7wc3p0 zu4;TdNLzkq7&MwTc_TzvgaAW8yub8*_2)A3znrHQCI7E)Y!>DJ2m6nkd2WsTFEmno z7clC%8>*m;3~5B{V1bPCSdkRUDUVe^H86akKhOev746A&Wdu{(L!U%bkK1c{&X)`0 z^JaHmRVHgh-W-;fYdBoc9ZQSojTS&afNiuIZjq*x(NsxmEs8N9erx>Rd4c|KZal<)ypiV?(0>}j(Mb|d`X`ETEAQ>c z4s`5juAPEY~B~yqo>Y>#YS$2&9Sf|4_+w2YKY-ew1*2=$x8l zDM!ry&Aar{tv7exsP6QI9KM~GFbtJ{-mtwI5QhNm1UQda5@@e)ocoHxw8O9ix|}I9 zB~L;?fG7yM+7%a0c=Gm>_#+w#Zmdo@bQDO1;V@muuz#E+@c5%dUjg{ly zYJ0D6X#BzINqp8C!vPe?Dn{)(0rth7qU;&Yj;gDVvdOm?{aR-yK&M+~U8KCMOnQka z{v}sQL`A1q5h1NRu4-BFYje-L|6E4?JM+mww6+8|BmVFD`bNS3ahENPlk)zGeT&}9~O zvZRqe&9ZuiFQ2_TK!or4F*$ z!x+aL7jGG_PO^TW!WO>4GGD$lO^}Aj@IIDbK)i`TOgwjTWn-ql(>UxFp`CKz4l8GL z5S@n51lpK;OWz@HQr8h-f!xZ;61^qEY2k3PwB~kb1;YtSb?z=gVTLT9qSGJ_q#Q^B zB@XDlA4dM57J?1qE~0vu!s%v)D53tz9wgH+uPD*Z#KU~2*_~*wM@YdRP#UBD&3EFn zuY(llgk8~=45JZPr#-tCm8xi*>6Q2z(9V~AYDvuz0k~lIZOGr`j>Qz ztXxb;VH=?lm7A`>N;}DHxLg;xX*g>3JcM3|%SGYCrA8-xI8c6(srIKUxKLf^)I_}f z|NfuI*yz|29Hvw4xjC3@gb0a!;wkH>%lfEqlQ}}_0*vrAlVa;XlqR* zOpRYl3}P-u0O}c<0~-2+ zk4yVmU=euNDAGi>hfd8Mr^J zjJfaGuh}9*1~FUDGs%%#W*GGdcZQjV0{jBu7viiJ$0er0ztD}!K9GTkwu3T57TDbk zTS*&a6C`OwQG8m)pjj9wAQ#P+;soNRY_eo$S)&jU7gI_BK_dfCj;0o-Sft$MQzHlD z8id&;%_UbFWkA7ecS9%(5CR@TQPlu5BQ+;Fa#tEa;jZzie>MoF2mTD@Ot3s~ZdO>(?uq30RfqHJAUJFs%F z*Z>CDy=knR&kz!_{x}KRnTZXAM9nED->8LsHcElym&9$ckFMY$=FU1>c zTx@05RBJ`BzzFT4>hCa+yRs++SWEf|gfxgs82U9FYf_*`nUSpmEU#gbHKtfb4RQo} z9!c5=&qqYR$tuhmpP9W)m9=!{sdpqnW)=3uUrTV)K0~9SR(4GG)Q`?@WhcgG=y?8EV|0U7n7i0gm{(SR!KK|QN`1PRwy@}_x=zop-hlC498{esp9CIa6 zuyt|y{01Ubpf>4n((8qv(Vgtv{5j3RBiB?bms@4k+&$|YOza~ul3Xz*2}}%2vQjIE zqx1237LWs3q~pGvjssv4;sT=OBshnNj~QDOhuY^kX72!fH@^Hk-qwm3t%2VZ|LM*r zIL>x62OP>g!r3#3t<(rfR~cCDk)A#GOE4`ghkb{i!I5)`N{ASYG)+kgNH3ORz!QIv zhiHoG!t6wL{oX7thMLoTB%0BRz#mpB6vt;p3p-v3fSjg{&J~2R78&2s>ymmGD1}8G z^=y;=42SX_Ed@)|Svn3-9_uqfj1F%Fzmv?!h3nIB@?$QG;gmDFpHb8vXa)g2{c`nO zp6UQMtVML{jIfVw^E z&EB>pyT(;|6!wii$Sq0S~Y?W@Dzo$Bn%GNJnEc|Js>|C6?pwE6v5yOVj$e`)UW8w zN^!n=VS?6WI{T?O1k3&uZ+adouZe1r1}USKIA;DLGwlm*cJXlCjfVzs+zc-#{P6>4 za&(*0c^vURz1vmk`S2L?nah-CG;PqKOw7rxM@J_}>9Xxy>WAGd2r`Q{qBFyLLHaV= zJ`w)R8z^EGw7z;9y$Q~$rmgi%lIqj5Qb`ipuP9F6&gNVI8Jrtt=p}_QlqzPcBUnSF zA2^lU?2f4;yJsB93eZ!V>5vz+*ak}qA!t20AC2{Pz&`(*;uKz`ONw-u8mDVc#N#LN zL{b>)J#<872VJu9liZq|^+2LUi}`74k^^R`(_pmg$a$GM8UPkZ08{^E7^Gi9AFwYP zRTjmcWF)<@HR?W2rDnF(bczr&R?g4pk4w5SSN1+p5|g@t`+_MM3rqDF3QX;0d=glc z!sHFgp-@Ke^dc}QgDwXB*g#8MZ8WT>dK&t93X}m4xlu+7Q$1)69+wbK9X~nM6ZJFn z(6{NUEtMfiPkgC>xRslCAOz3=RSK3)dec(}M0enfl#!wwxMarLv^|AP6(K6iCp1+o z19ZYC00)0~>=0%iP}VWdEgRlU*{aCXjnwgt85x=(H?(B(jV64#*BPC~&{vuNl$U)l z*RRsBun4O>uy#+TpWW3m4pt`8S#mZOAyrQ&akyw7eQlqm=b!8gI zU7Vd{Ttf&?E=Qe7nQi^T-phs2>w#&n`hAN?CG;97+(YZH=Vpw-)Qg_vcVXUmW)WvskJ;knCPY{xC&P&c6< zRYoAErpW?La6iqCf^;St9V<;};q2twhw!w{X6KT#Hv3oGy>nvsEacX+&EfH4akzL^ z$T-(63bJ#HpG(+(SaK@Hg71d2EJ0?(e|Yv}^J&ih<2k%~u>ZJ;=UVMQ<}m<~vqAtJ z0Y?1?2-W|Y#YW4V#?h1yCC@^ThdRe8Mpn~U6)DzXKh0TBU*ou>xgKS9?-#X7ny4`i z#}59>}BsPWqX_dnOBj&8StZfYC@xrpDn2o0fXUt$HOLVcvqF zJRMek1!*taI+(dYWyJN_K(dS029Gn!cWJOaVRi3(>uFp9W)+7$xIfo0-IyI1>zBNW zzsVa0P*eE@qL^Jx{ZaO#ZrpK{$?Jt&kD{#HB!kdpFsKyTWq6dcbHMTIuC0ihmVJYs zKmpqd8ozS9tkn7CNN{Dx8RRls`Qo>Vah4feWb>cR)U;DlPA#W9D^VMkr@ESMYR^o1 zd-6FPgt#}do4FXyM&cVrB7~?=09!TIF@c@NtIL^!j`Ls7VY<8x$Iiyf*k*|$|1YPF zf-0ID)f1_77jqk-U0R{kUL2g6sb>4t z%glA`HJc9los*#RDN_Nk16@~Vn|_>Xh^BVdyzt)={&iVo2KDzBaHMJ0UWrn%;|lm+ z+MazuVinLt-DO{et%RHezeoY4~~Ud*1f%BYk2B^?Zep( zJXbycXXUGv0JGx%JkRHU-duaSx$$uRzlrCz_2K5cTBYO6kCYFFJ%99Q*-$i$WYn64<%oDC zQ<**k_mr1AU<;V?UNWVntbTGj9r2QxSxc<+G82>fQ421mN^!k*=0k!!2c7R+IlDcJ z(J`PZHO+G%XugxGy*5j`ljT&%t*JGZ94C}zZMxH$qWr1sW8Q`rta!7gI48zjP6aom zp)2a)?8Ul`%D4>n+Qg|K63)2<6=LNzs_7PcJg7aRYoQ)l(RV4{=D4OcRTP9|<>J7>i5ivpDKz1A0zMSG>EJ z+SG#So!#5$@+7bHYVG@Xksoyve~Jy*4EwLA z>rXfH`rnOb5BlF5d2XHlcSj@C!qvYSs@@vyZ#LOV<*ym_)pWmEPuHXREd}men%}I2 zD=L1A4VCJByT>RRR@;~rnn6;|m8!J6mX^&5jF@S{+&*2|^H!Mn)N-3EOt)G$SVZ0h zDQ8PnvNx>d`+6##nOmj&*nSD|XrW|d=CEss(Rm>^Ym@g@h00}`44rSXc0&u+)?`ze zZ|yIqtEq11iier3;X9(K;q{&i<~A$1#>2_=?ml}GGuAx6%gUD1{qpCurn!61RnLDz z%&pNqp6UTK$8rxEqmoc;7fD^GspvwXEv zpYG#&&U_^xo$JJ>>q~QG?lH9weYv*Ek9>a8ISDb@&m<|mV8{>1DxPl%##()J%(a7z zmhEFpkByiYtm5dHSf3hBuO;p1n~q!?6LSGFqyFsU>-72+_9jk>fD%P$zSUcLB+jo= zwQq@Cu=;2$IMTu;UhwJI8G$<+8l;UVSMlUA?Npd!TQ_GMQHioByJMJU$+RFPgogAr zSR~amJ`!s#hx#<^`=cp9nAeD_tb7e5yjH`l+itG)^%OaEIN-u`ISUj9>Wupm${gKn zNqd)3-FpRuAgl`LB^`~6Hc+?Dk|=Tlw3=$WPed6xJ8+IaqS zZS6t-a}&?))Bl`bhwGOc|LyDRerS@{s`;TFu1W8c2j+ZQpL5GR>S{Wl^D;~0`7}Px zU@ooiInP;qJ!pF#v_0-Yn|AbruIJiyJr3o3(DdXH@IlY>b@V(ldEVl*Jd0xdv&Vdy zlP5KLxAi;cv;3*b<&rsdJEd)0RkL$`2OOws>vgI{x9dFrU(fcsvPOsZ)g9O8l#9`K zZZ+#`att-RvL5HM&z1E*anz5mWdF0i_VoE$!T#sT^9TLUO+2?x|APp%`@{7F0M^)g zdlW(TY^(J_JnSoKgzT=aNikFe?|iBuslO2AklR*;dT6>@$8DlQu`^S}l$%twlIgao zh%k)>=DrMVXMgKY^-@E7+UtD!rO^W-I6@(Th9f+*qz(PnY9pw@Oo&QkeBwin@#} z%~H`x$r?z{<$=48Tc31V@daw;WFQYZxw^u};t?3s99s&m(d_dvv*rJCzF_C z-7l-3t7zq_8aiqAmh0$hYjmn4=etr$=;x~XKU+Mg(gDt}|9bNL+0%UdmuF8O?7wd0xpn$KQG#I^((_?#(Y&gU z&rVdHcHT}L^#J6US}-q*H!wejH;$P`G^!MRCYY@VtgW>*IRaGlw!YZj)=h791n?@k zdzlkGm%*lN3e5sd&n*LIMHL#aXIZY{TwHF}3T0}>O)8bC<^5W@J6G$Q+0hcs?w^Y} z>1-A1$I82?j(c0 z`|LSY&ZUueQJuLZhvzN3Y$gO*e?DxQo82@y3A508F8Qq~IzI8o_WZ1SB%I-hB+g!S zD%+WRC$DL~qz=#8aaFoI>cdRT%2C&7*m>u?MkeVtwGp26#!)bnUYW=3s8>&YqXxz8 zAgs(O0@K-OWcnYm5B`Nw}r9~a5miUNX;3Rb_{ zRgYV!=u?<(>BTo#T&Mt!0$}H17N!g}vemcVX#f@=QTy<53Hkpc!)LnBhyBco|G4)2 zS?>P->H5=$_#Zd&+!pzNA9oLsfpnZqI-E;Q6dk^15zOkR$ORSqc6z>b&G_Xl)oGdd zb@h~i6&+j0hZz@3rGzf{Jc?nv!$eI3U%tHfX8F_PIOvQA1RTxsTP97qDgjJoCUv8d z{qhCtX=)9>TCw^)jU$v!UNruoJ6{h=FdhH$Gnsq8gLY zC`fi-=06sy+V`ZHpq}r;;iOfqW!E}YC6*O^0c0r?y6LC-Jq9VO@v%|eN~wJQQve%Y z%jP{0S(IqFcm-#!+*E1DoRRt0TwAQru-Rg?YH}ZEtsn|SpXAERmD3tlW#Vh&x5vNZ zhi`IPJyT3p)AZyh7)hAQ+9?wZg!L!EX&9Ulr$^G6$Poa9SCSd%&IGeeiqwyXE6z32 z^TR>ON;?AR3qT7_VPXx&#SrVm3tRrn3k%Nug3fT!(6^h^qAJ0igJ3*KfO_}B1QtNU z5NCjiVF0UmVY`A|aUvx}c&9Cd!Xt2=D2`fEx(>?0njl`_!rK^^YQ2b!cMHEN z_D3t)6b5fTCMg}3M{yU99k3Vq)CLF2&j=@M43TRXjD6%}YB>!8^=SS3&F9aWvn7g- z4ERV!Yv9TwZh(l4V;cG+I-<`@)QZg;go&9X>0$9nFS~ZoHM}2u%q)f!7Pe3-1uL_8ey^mw6c%jl0f8*&hT(Vnwi}CPW_PNaY zkHyJ_o&TOZ-^|;8KV4s6e>nf$#B*EDe=k3eP+x>pI= zG=utr7E8Vb#+qQFy$ehM9d*>RP5Lt&9!`2_{fT0Kx!!sw36NQ_8it06W7a9ZeYwy+ zKF@}(2L5p{m^A@WEEgGRi*!KtMEGwZ+c0i48N*XwpMzI>3_mdN4DVm#Gnv3Q`;Pz{k!)K+xmB7!vq2cp2?i3fGoPr;N$o zELNvecFfdL3)nUWJZ@KYw~m&j%ePSJ*DG(O(pDF}rGR(GtY)yWmvw}kvo&V$z!K9L ziY}ZjMIx;KAU+=ge+*vNH!<0qaSm4a|ytyx%;L)3_b7{Ylk>Tx&J`$qF z*&ht(y!bfHKvb7~l+81@+=ct4JOlEYRb_0IZF4SA)Rq4(BmaZsFV~^<&Hyvy|BYvB zdHMet6nv2XZ{oQv^8W#{nk3UY)7`zH)kaS=3X&6ll(H@{?Zl%1X*%8d^N$pEAB;2_ zPvf~60w>fh>`~i^Bjcc2MF<`6E1QL~?(F)SZ_t#`GY#n0RDNCTu&D1w$nT}lC|OVF zn`I;cfgA=&KhPqPQ>!7pHOq`9h!0!pOdN!CV3cHzX4B^1 zu2lrqv8Ze*?|Dt5^jVD!XIQajtiWc!2f$anX2Ot$p0ojI+zC+nBBX}8DKv>@3`>tH}(4Pesb)E@oEYTsK1JkO1+cuaPWv=*TQW_f7RLDahjxfe5HqT?1VYRXGCr@J>x)#PR`YE-ins~3uKlR7NQ zW&GY~Q*W6D^)mcF90K~xp#Yo}{}Y&gUjMi8?CAslzlrDe@PE8EBu+j`V!YQTEF*!u zj8F*<(mxrMqMzvJTh3#-$%f7tu8Z*R=@iNB&$`j;13gU6-{eoFW+a|2qL!DXr>1IRZ&@Q_zCh=iTsvdGPvl73QSwSL+s;aLLzwT_ zVS!m^(AWRUnFQMXy(noY*JJ+dikFWLFiS4b|B|kvu^inmI%V^4vqtKSt8h3k_Q1{0 z-(ux4yolJlapx2Kvq#9NkwA%$Bpr$Iz8(2LnyhZo-KL9$%(?dA0LisdI>rV*+2K@e zl~Gnaw_&ETbt_9^O$ zjc_$({}wj=!gp~^?Qr#YX76A5s>Nz#Ox7tZx4XY_4Y6)+vlp~+GY<{9cprM?&E^6~ z#{8qHF_LK;?rT$?>j3}N=+~l`;C@p<7PIxWIKZwS!--N}qxmDgUj+e2UrdBiFINA7 z&fbG#zw?Pqzxl=r7DMj3r-?SF+KOqubAVjC^Tlf|@!xc0#BBO-1QPX38JiA6Ahrgd zM{HAzI-GQCbyXBM(9`PcOrNuw21Dp>^%#iW>c(d8>3TQV{N7*t{@Jt6)1bF@-0M8q zINt0%-+bD6zPY~k{P_9W+NuoD>&K5?Jy~zPf>XDdQrP3}U;E?EiE96!)*e%{`sAJ%U(3UZDNh@YL)w@ZNbVpIA}aU!(EzkML{E@ zcRl)F!&LQN`@f@LZhnT5{d1q@J6-mdyF+i=;M;W3{%arG7xr96|I_hD{&6@6$6-A! z(2V$>&z=|Wf1YeU-2dFja|`r81vUZ;g1#-5@rG>WDY?xpj70yK_jy9C6*J43xs6@t zm#mI4uF{;tYOjfB&YU#re4eQT0EPxkG6_ljZ|raB{(Tg8yJ4D4$gA~u((MOREZ>|N zkK#etIrnUP-pn378(x{=cs1laTQ@_&2yOAho^=!LsgZK;#KRHV)-?XM?rp5M)*5a( z_kvtCc-X6_>&L;^U!P_>VU?Y31~Cu30kzKJmS$$<#VslPJq|mUUC`5q z1-s`_2S7nle}{G^#=d*JIL zPt7sax@4%;(q)(&;um=a{~Qd4#x?>d_@=k{owu~D&ir#Wdk8w8DoUUEDaDzBu_keM z(t+=jXdDhq0cguxV+RrUdJCHo@U5t`ldyA=d87Cd`9n%5)y5y_f}=PL-z0&v$`N`; z^RU9y?wfp^EsFxNK}EM0G}Y);j{yVBX+Ldh8Equ&yb^ZVFj9YmiJ=Z*GGJF!Uo~JH zLDEClQG`e@o?!HvAW32r`My0O|JEcJ#-}jQvy*@~c*h5kKkh$H)i8|0;Up?sjc>oL zsZwO7nOb9Y+@meXH2zpVCA*5|w;%q`mw$fy<;yn>wd{b$widD6mu51&tKR=!>i!@1 z=QyOHpVu$|nBo7iS>pfs>>>W=%{;f|{$CkJY!S?EfXOs4Y%^dU(1#&z(YGV$_$2I& z?R)?Q9_gTHn3_tONmg$0>WcQk%b{%B`+GtFfXewP#Sʚ@M|#!*|4MdL!CcY0U@ z3Ye`02|8eMm^&O3$JzrfLv=3Nk>e zGfhiPbC^SNwV%Y3k>ldnjfotiHd)0J6V&fG{>)s7qYs*B`;mb}akmY*>0>`6gp|IiEg8Ta-9mHZvr$ zPeS@^^{+w_8g3;w?hFxWgav58vUey+BuQwCY87<@jgsI7({^W>y)ux81I9mSDccD( zkPw8042^RbNh@y55OXW{LIUOGUN?H_PuO8YHIhlRonit-{kME*eQ|8jDKl4w1Mugo zFq(Yk*!8J9$-SQJQ;^A6K#q@p2MV}i?La6%)}ykOFlGmAeXVWMQWcbPyTf*8S#G!N{+%tM#NeT&LMb0@o`SxgbhV@gz>IWw4zqtLx?>Wa0uSj^qBlS% z+p;w`V9zR>4Xy5EZ8@(|KKJ}g%NsIj;f(w5qUE=%K9`aI{2oxq+SZ>l?LRl3KF|CA zK3jjV|Gb&!w#a{4{PR^B_b_QfH`r!0J7v*u@)T6;@&tHa{9-&ZyWg- z28|!K4;uL2|J`U#7Xd1Iz$&98=)tKo=P}D>zSoap^ZMmy;EXtaP71@7 zFto##c!Lb_nE3KDhAts7a?3cVwD3I4t{HeR{*t+_D22`z=#shxi)Fp$X>M6>9OoTj zl}=084|#uN@!$*9jW>t_ZiG0orPizUX}$vL(Y?|-VguK^j@$!Q(YciBFC(^a7z}_r z$H`HU35R__W6XVwfiJF-vOE!VPwxh#(;w_>NdPg@eJM>RZKkP)S2)+*!6 zJgssKZ-#i3gZ(%j#e=wijzQ*YgWjr?Er9)wpj;cgPE{VSvR?vrnV9gOjG;arb5B5m zaAO5lOp^%xDDG-BTgAVDnaq!NP%%gL@stopz?uxob%5!_!&exN)e4aaHTe};Z6!YG z>+*&2U&;V0_4l*s5K+iAlK)))7+OACbM7?rwS!PJ=s2Z6WMwT#*u@ES7(~hbZfX^P zP*Sr{#;skLz1;*-0^LNR;N@AZ+ma@v6qQ#~?~J+*v!QR%W-XjtsbcC4Z8XtNhc1S> zU@j*1QcVmZ6k)OkSe*4WmrPrSM}1XdR1AzS3XEsnT8AHOF_d2x);k(=*5Bg|y@KMNzA|E$s~CskjM-FLjX!KwXl{)h154F0Yv|)#Yek4Ie5P*PTF!sr>2|BSZ}rv@q^-GlzffX#r<{>nydn zqrb(MW}W=Mw)%IP{{P_R_U`MK-mrVsKBnsbpFV%Gk3NE&?qM~$7n?z5SG7vPj-7_u6mTk!~p&kD^DuYmccd#Ji`AZCLA zHH0esA7~W-kS>J*=s=9(Bn{YkdFjz3b@b{#cMq19+U+*RosI{=(h1thNv;GnJa6g9 zO>rj#;OJnSt#z+U5%7@z9`jrabOoDTT6z`7Wc4?WX|NU&(M2zs7~=5$OC2TW>cjij z1l1!y`u9X_k6`sXJo+8B=;LL=U`o;}MNOeY!9s=3NeSI0>ZtfDQB`Iv#HX}OZ4 zMGth41wzR>aAcjP0$zlXqX3rr=KKTNC1&Mu0loC3X}0mukKmsKX8I#~L~WbY1s3QV^2uVGhjIN z*phRH+sAAr43Lypavx)j!KowtP`BX14_-% zcA9U~8nknrv~`wObH$0Ro&yJ9`0}hxNMvjxi?r)0M8)8<4}>aM(Xj6LOw0s_RMNa7a|!!#&PKf>;k>TWXUgF|f0cNAEist3Jec93y|C_8<2B1lAUD z@}J9(M&?Ho4f==_4Jh$1f!%zS%mKV#bgP&Siw^lt_8JdY^xJQb!qKdZNgR8qX_41w}}>*emF?6=p!@%U{;QMDZs&Ec}k>}7WTML>4(x_Onfkz zQkC{L4mG2YI0#JslWi0$Tn2&@mK_;_Rjh4%%-fPeWSNcD4KURhjd7ZuIy8flu>h?L zQcN0xoPk0y8M;qqWFR1SdBkJtIz5RegDx(K82lI{M}{2s!VU**#vDhq@rVAWfYXeT z(2+uaei{bJiZ#P5J%lrxeN1OEmN})`dLJ$8;1rG?kHFK@V4SbkHfZH{I&sn!UfT_O zv@ge;CS{y@YDaquTTtV7p=3fp;Wnv2E+nKWFCvN&`hJRa_?|BmjgTLu4p%!m%im zp~yy&Wq@W-*y1~~?LUBw7Lr(Dkp>_>6D&kcRWR;VD1;VPKqp6JYGrN4Rqm%{;MB4t zh^EI|^20&QjOP8J+8YihgyMkceT$P~AKvK@B`6V#R#~2Ekv!G1!UEo&#?O zL`z_1>FQ7KK=dZY2lOH8wi52Sg`HVLYf<`f$~yv#e~-)=fgHzC9~L1ANCbJWd_z)ste{vqYp!+!0y16_vtq1+fs0GBRq|;1n7w zWM}5n$p8vwP9l^XUY34`6l~$Yv40S9hrZ#bJ~35XQ>E9D;VN%&(hjOEEp3lE@?Jbr z1K5EBB1{RTo-vKc2~H>wD`%MOm|l=}9>)OA{D2O)=agA|HwZ9JY)585W6(V!S$8|M zn&lv~xw)c(1}E4JPs8p6S6eWJSP&r!BAaBpV{RdaGqQipwDVI9$bBb$9ZyP~CC8aomXj`|D{qkPV>bWPeR-44q}gsw)Q3%CW- zmCFUR-E@qk|CA(aKn>W~sS#Xk(`vHU<;4pldt{ygT;i^Geko~iV`PU`f+Jj-sS6<} z|Bm)wHhN1mlby!gHijbS+NIN+74>GMV+RdiALv$uADla_=Qb|~4bBc&Z6*^yOxl)= z0V}kM;*8afmA9i%JNsreBC~z9yS)zwW%#c-ehA8mS+T(vK9rv8S(rWs!1KJeEl$GT z1xnk&42h&t&}5C5x)8Su=b>-`gG>e6*;ZT1}%a%Ct?2sogh~Wr5ywqpUQ_57SGJ&fL-?KTScf=~mWB2XXvq zGIB@6@2cuVY5Ebh(Bu>Wf6|R0x=Ey_6@Eu5A~+p`C>6)!l_(u_x;B(4%ay5<27c0! ze0x=0j|VA;bpPrE$=K98dUYtCqp*$GM_XY5;&~_mxos_3$3H&y;ziMtjWjPB=sDF` z(x~vFfq!8pwDXVn*GKL}3LwN@G`gJ^(&%q1@OPZ_^=Dec7mZHz0-b#$`dnRfboQb_ z<@7sQpcjpJ@`51Via$+hqk3^(G;kGu<7JT21nd_LIFQQ=3&1d^0MDomKFGfTD6Ify z^l=BovVG^r_W2i@jZ=~gCO@zJ zk?7)1GKGSV+|ww6(T!R}iy#jTNA97vJyL*l*bUltg|4h+5l0)U!U-vgRF|AUvO4Y6 zw!;?73)wA`cQq$#MCpLCG@`0^aK3^Q)Op{rYh13RLixZN5Q%tugqM*amXPV2+50*WImj?Y*+3gbztry!WShc|xy0P)OMJwRdh zg7-nFVP(<>eTG=Hl9;6tSHhjJ*r)|-pw~$_;{6a-50o816ZA8Mf&tl$1d>vf>SxQP zrKDW@CFp_ub&owM;Rr|;UOQ-VIjk@fW3-SCYa)g_O4Gvv&;wohXer9arw@TJtO&%v z@YK~iq!U!}q$sC#Su2&IV67zvYejI$r%Z{neYiUl(UR~6sB;$ajzs&mm!7m&@E>Fl zq%y@nz5c)3g7EC(iEvEt5~(9=4~!lf25x^zK^1u0jmoL^Q0=j8p_odek&(BJjA~UW z6;X9XTfPzSZ&B(eJVy{h%hh1YS)p>NVR0nY5|Y)&j{qQ)YN7R=tOC(R%1d5Z@t5Gd zqAr@RRMgLjW-aw&n4}KD*9vm{~Bj-dZB#3F|fkf1*CDGal%cq?LXE zG!W3shD8fz(30=17COPUu-zBlDwgs(N$G2xRPMEpW%XEaGJsP+e)L`{!>;nNpT>j9 zFxbb8E$r)K#8i}0*}P{^@v?{~Ac&UFw&7ILi^s)rD(-h{eWeH*-(=HOisd-MXx!uP z^RsZQ0L0obrKLcUHOdOISg$D<3u?=Tc)6IBHc1^ZX1y6~p$T0Lp^-q;>cv?SCD`Dhmwy-j?R zw2}(7*XO_}U=XOZCNVDfJfbKTnuG%5==ezr%&(W-W!ZwKrAb6dZxYd_5;{d1%u!5| zwQYJ4cpxXbv3vk^VGj}OfWtu_2L)rnKyOJiVa)EgU>i z0mQ`Dj309CNxYfm7t)xMz(?EFH<+Z+hcvPufV0Af6F9?Wdp3KAb_vX`O>HmjkX`r`Frh(P%ps0dMO8!jI5Uh*9Pv56GbBL6NM1O_D zaNv^=%Gb3hCmm-3$_HU_YTrx)MK(Cey2p=F8kJ4m{!^~Pa5$^ZmC&m6WtVPQw?pT{ zK~uyv19p-3@qo+hQY3K=8G?mH0T3bvgf;&^L$rc>LT~klya(n2QN7F+dtD+^Y?#c)1?)sOroyds%qJ z`~k_%_yjkI*mE2QXwSi0#YCF&`A&;QE2wN;;-`~isk~0~WP`8d-?qF`}(DhifDlr&`^QLYr` zK)Nn8aykVTOotz|B0&9@7*pu|DBSr6zw>D_l1pkbvbOhQW~!0WEiGnxRk`9tZK-WG zXtjV8C_7)cHi5cfqEL8;3$hnp=hC??&7x!&KfDhH zL1J0Qp3-kL>4Bq_Z=ZdR2`a04isLvQuvjNHY&4W{FiNw_`$41y~5oNQpx`O7AF zBJ|=ala5C0P!*3=6K$C`n>eB>igk{e!EB4fEUA=(=e~jGdjaS2{(Csu)1A7QrMvda zR+rL6u?GViG&zIbf^G}?gNAhjB?HA)c3225tWkBXjHuH&T5kWXs<`1+oLzu`lK6&Cm|fGVW+XaIX4Vh%fN&^q>ERa7Pfi9*0EMAv~qwO2WUG>CM#s&gaR@M$k=h{($yr!0_|8hBd3-8ehK1 zjrgy)%Ux&)h*!+bh30N#gv^}dcZ4YECZ0ao+>j+8d_`lWFx8+~DO*E2o4=InsuyCn z!gPTzjUu!{C4x@yGn9yQ-E5S{SMua#TPY$-L~bsmC(#Yl(ZD~qyoM&@5r@0<@j3}@ zj(d}V-Yv4{cEv^sP4{3S&VnE+W5IIQ2&nsEmn`blTd{Yw{7c~IFXr}0NIsgAzg$&{ znqB1@D0XAaIQ9LEHd-VU6_qIpIpoP?eY8zQjl{Jg=&YqRv3_B_6s<^EEi12vW@`Cy z3rtYNd3$*D)4|KbkM9m&9;{?PcYm;c>~9|){`&S{*Lt=0X76bChmYF_KOGj|{<{5Y zckh5;zW>wi_R%)S;$udFm%^mXEgd=;P-^pLQN>m*swb;bx#*;wi&|)&f{>7{D`;)5 z28hh!x}dI_#I9HjAKSTT#eA#Cmba;v(6Z|UmMd9OlY8Dswee1KM=LU6Pi@mp)iG?F zUMLY=!!&0f5T=&pCX7a;ZWBEjs^eZy{LYvxS4r=P=J^30YP(wT?(j|AW#c3~o^a?^ z8Xv{(FpVPh1NssouQ4%{4=F+}-kAY4F)v7>iq#WueQiYzg0VS8$m}h+tT-Kv$=b(U zQP9XGDs9f@85S(-j^w>CHCLb`6mfbK3R<{?fq!OLvt`+Lx>qFnPK)T=ie+C?exu?R zuf8|q@9D{q#Y^{n0fYcN)&!h{{S(wUXgFp?XvfTkm1i7b0)sN50@W86xh2qYD~7TT zv&h(K0no+u#34>b8Ei$B-^~L}M*1R}3z3tz;jp zARFc*%$B~}@i(=XQ+ECouU35+zaeWgI>4rRJuA8B3$3&lPT<}yX%MFZyi?ZQi~?qr z=@-N-LG29uaL7^(DH%}P8w9M4;I2DK4AP)=+Rd!LIIsXz(ZS$<+IhL6wtqcjl)-}> zBE7ey@5W|(X|h;uv5NioJGg4(R>4$%l&y-7a2T3znBfDxq4WXKIdU6S|@3wW6amgvJj+sa)nIYk}< zdxm8L*(aU3U}m+nUe&J5>hio$1xJYMpWpp@O7~Ve$1<6Ac3!g4M8Dqn!;Y(b zYOR*GhGOGaUQ`lQI*KG8#r)od7R!iFj zwWqaH+*>Ao>#ynEBt&lW zQ){&t?!N@*DPxE(yu} zEEzkCP}$mpj8W?;U9EXCJGXT^+Z}j%W&32yf z4a^h1rBfgqTLm$L5ql2XwgZEU$~~;f9WR!+VPe7`XpPz4Zt5ZCr8Ex7xkv^gY8fMl zofi_)>m0=<{;QRjzPX~HSqT=T6>v3bUDyyAV&!Q9&J;NR*%9=4sWgne58Y-F1` zuxX>VLHFBsiXV;>ai508McxC5XF`ognhDaqdl=G`B1P+Xs%n|8knxh1ob=gHFbgT& ztQw7ODL*26G#o&+?ntfz8`(~~F;1jy7q=E@NA?_-s@LDl(P*!NLEP~NZ5|D!d)Xzz z_b+F>%ANxSs^Q5ih!fRRl>5&#Xt@=1a?k5({_q)ce`v3 zOe4^dad;#_*95LjFAJMLzEq87+gOk5A@OK3tMUa8sbVzU(CgpLHR3&;)t!LVsY!*u=&tP2SG4u2>O(b#!vdZR*1#@^m>M(M-xVD!9)WR{^f*Kn}?MZdw4L| zSmaaW3^pFjGZy>IfG2Ns9Z`0cVa7$#%>Tg>;|kA3Av1>i*oWRN;uW2^u*tI`fSVhJ$TfbeCU3*Xj*VQ=~tIj&e~uo4JfYT{b%7c=ac*Y z+)wdD=zdjX<8i z<^+2@K#NXoaDh2c(A45j@?3~(ebr~PHVZTi^OR)e#{E@#oz7mT@o9)TasISV9a&(3 zW?&D`98c}FS)kF^!@jBa)Lxs#nRq=sHJ{pRV;K>=s~~Tg83SJ`WKl2vOdNc1&jscX z91T8B$^@^9wW$&ZN@!YsfgZ@&98c|ibG?R;UX?Vsl4p19Ogsf&wD_%aFJbXfNRs$u zqyy5C5Et)r6jBbjJgzt0j_S^O==TqK>vyemst3I=w)(ywr zAnyMxNuMi9U#M4cU&q_k38Ei%!lj>j_nxvgI~>;7vKr2{g(k#07INHg!4U^jIA-?5 zr~rWvBvfDHr0&Tx*V^ocX=lpv6xJr5V08J1)w$$Te{DwnZTuI=Rz+D^8+R>m9kP(3 z(ngl{^_pgNKc0HJPIql2NkXBP@EiUrE23B9;hF!bbH3rVVOsS%j9v$6>i0{uHWx}h z(QX+8ryP7gJ;9ix#*ydYo~`bKo>NH@m))z;XNTXs0-1O}33}n@(&88DNc)xbIE|?q zVD8ZoRZ+{@gEQ=L&VXS2psktq)Te0x>Z5QN{JT`QBW>vd=H3(62jg+4V}Ce$5U1yR z>Z}dj<{9_4X>Ez)8(j$MR2mP@WuH278m$e+CMY#2u-n?($0V(o(gu~yk!9Jz%SCP6 zV-471pW6Ed_dsJ8gFO>Pr@ubE;%KSc>M~-uB$0c_UPw6w~+WZ(|E~kp}7h=E4?1f5dlQa?m zx-r|T;rH)oC!uu}T1&~r^uyyk_1C6z5=`}s(snkOWfp6sZM`r^$PO1f>_5d*du_&p zbe7%**M_9#WJ3Q+{^O%phwx`7Ie&BVv{s4e!% z&T2O}U4@qNUIe4K`;a}T{HYUPAX}R>{CDsw99AtP%W3F%l}Q4=!b+U5UhAfDiN?cG z@8Pm->Qjf`)DY36t(Tc(Hcl`ZZ0F&M?eb3@IStnaqagnjL;-P&s=`W_$mK#$gF&x_ z(NuuZ;JS5!WE}SJ#Q9+MIpwLlHY3VFdq{U=JK+e#+A=$vUrz#(cukhrK(5sur@Sas zQ*mRMJ~vgclqcFa4Pv)LIGuI{`dVN0$hkkN?+1Tr)L%9Fp z*sDUMUoDyapCVj()f`2i$mrdSo>v`Ut z&}C&1YP;`k*a0!^h5boV;ZMeg4WVVW#SFS^B!iB$iOG8A6un(!a4x)i>A-L*{#_RD^fKKA1gr%+ z%*xX}&XNJuYS#|2PxU4J6|^$J@I`lD6*Ld*vMbPE{XzBZw6v?kteeQH1AV^HwuKgS z0jN>xlM6PvRNaYZ9@z0Yp&shNxgsP`;6{XH%&UWoA5YgqEs2MKAktc#5Jk zS_$1cPCF0mDnjK}w5#b|jP7tKACN*-0S&46qv| z!5&O)cMf)u=M~UI3&C@zfHUK%#VZQ1o6Rl?yrKZSjP~8t=W=*An_alP;vND{)r1`d zggid4Wk+M$wafy<(y22^64aweR^G>{(d+rCl0LLYE*<9Bl2&KqMyKjqCCpTrQIx_? zeq#i)eEDL#=xTu_t>BDwY|!u$8)X+hcj}o7@8tLXY)@~29l3k|xnW0#_?OY?d%whJ zr>b4ffKB9%l>lX7j5+ypmn4=Ftx6PkZ?XBvMMavmO4#kZE-78sZXqQ>#(1p@Q3F;4 zXPURez1=XJ8}DkJ$Vy=+jQ5@ZPSu2+$tgZhyKi-pQA-0XK}mJ0^W_N#jU`7t4pS!j zD#|E$+bzFq?b&&ho~GR?u*3H5I^a}I*bTzdAPUlSKZ%cL`4^aW#a!B{i}vf~*B3hb z{9SsgOfjdx4i5;SKiCZh{yEUFIO>)l<%QbgVt{r7%r49YITo4&&b#{ngf`3KVNZeG zC`iJ%TM0GY?miW}mq3#TAhbRw>@YlAJQ+_19*1^=V)qz$7*4uf_P!c+JwF^wlHlkh z3DT2zP)_(R)Q?;Y4i8f9-a!u_^sHU>z8ZGvgi_JYg54n(yWg-|ZM+`Ad^QKpJNwk4cRASAVYH=u_Pzj3o?3i12fI3qww%x2FW_AU z@9HqxDn5IkpjV5}=3rNc(N^)B&CI?hhz zvko}#@KftN>%gwoakiY#-WQClw3wZO>yIRNDN5);au>GkPrAc=kruDtXLAaJQaXwmb~G z14lF~spGaQu*(T__X&7&!0yo6ZY4GH?F#IiO?saoR}*%FuoraBJA>foIQ~@ER=dQS zy&w#eRRBk433474#{o1DpaGBHLu(6JgT>DNYELcL0kMxK2~hrh_^Zanwo(%EDFc#e zLiwFeoOC6+I$|5%){>nHwyl=^Tz1?D%B-l!kKz?I3_A(@lMbN}{0h3^WVoURe$s~` zpXJ{T{-f!sBaAqO|Kr$$m{+GTCCLk}mP@}R0gjHnWe^!gN!*=~O(rxC5W-;E-M;`5&LyuPX2_)|-7TmrjZ`co25Mmr~d z)DQOKLD+E}a2f9?xBGcI4u-0a#Z`yOs}WVWsX1QP0}$FCocZVZ?Klf|0FlmkFzq~x zu=^AwQ837I5ogH?xxNaawWQ~F?i`QBrHQu&5vyV&Py^bQJ~ zf*8^-vWpt9%PQZgVgILamF$(INDy^Q+65gU&NB5JG)iQ zgXfCI_N!No+~K0GeAns3LsSam>B}3RkMttcz&ojo3MH(4<5R!#0}wixM0n@A%gXPz zym$O7P_-LFF$@PCc7kn~H2gY>KLu5xjV{z{ETW`_k}80BPzPn?dvHRlwP!JR%=RGk z)B4&^CoYe6T?BZg3L67jN3AV(E;s$u(gomj-vnb+(UuggXjjKt2zv~!h#OGpNjw>J zk?hH7xFivVTFznsX~^F`KcCuox3|BOFEhQ}JnW!>djvOpYQb*c9|u$PoaODJvnQ}w zu4}o;lIC;lkI|WoFInygs0vRlU4S1&@z^iuN~X8FomDDemreif?o;=!=hd93Hy!T? zXm=OkuK_ z+qoO>b{h9!7(ff!Cw{#!OACMM#g;+58;A42uNrpHQ0smG@IntD|K5oW9d`p4aQ5-5 zqTLeMVLN%mQ`pko1YRw?D}mjo;Jl=k-EI}^hb6ME&%9m6$?M{as z*Eis+i+H!{sTXU(%wdjpHL#}&cYcc5yeQnv-Fs^BS;UvaU=Vc1aoxa+7wU~cvgxw% z-34DQ*p1^skj#6oILa#BU)aswv*UOa590p$;Rx>-b^sdV#1Ers@fQ(xTuE^)WmRJv zIuuwkxTRdm?<8@Ws`Ge~1=#Y3anx7ho6zdU7`8n1)Jvq9zGNTp)i@ZA253KeV^2MM zlq8HvT|9uvzNwYW;sOn1W7ZR6Eu9??p%(bSTkn*{r2MHD!>w}?bSJO{>%ooNeFu>8 zBjpdq7+4nY!L+iX0MhfKfQ{$E~&pDo2u!GqT!-#0tPl?|N_Gi14QOrv6g{nAT zL_yFcY}Abhs*i2=CYVt3PCT_>HyL$dZii#c8rnafd8XiYOYGZiwOuN$(Ya#r^SX%# z?|S0FAdLF&2taN9ehTc8vI>QEXTVMxQQUUUK_JUlbwgmd)Kg1FA)8Ik22HnLwc;DI zVHu~i74PUK6?!e$rC~Sd z)Q|Pa?QVCwHh82B+reFQpmzgMB~LBb;kk6j%(;l`pOBOuYQ_nXAUf00VRmi^7Earx2UIcN7(tF-$j0H z=;2+@=Q^+(`saApJ@mVQnq(b#O6+53ccXuF*i*;x_+;9OqOaQ2LHkLd;MhApU&vvm z7VL;W!j{9U{+UqI?N;(xY3PnI)sm;4{*Fya*lnzCtW>tCK%=`eiHh&5H+Dmog#{DS zJF!u%rxv|)VMq3wnC1CEZu1tXDGbZ=C~DpbgmNeW+b|ojEPJ^qpBNV0B%;7-UaQ-C16KXYcHw*nrRp1 zJ0@@;msQC`g5M)R-R*lPpIY)=3GAxyEo=7yb|tVAP`o*OjkkjpMm`tnl`-PsOIX~s zyp0pQcLP3~#6wA6fl0U0k>9ynmY|p5vj%n`Y*d2pf{qb`dkw!@uuIwCx|Y(@wEN5C z7`?W~L23-P@2;A&^Z^L%@O9MQe%pRu20P@6sg(}2UD2q@={}`CbJhFv0EC`C+1zLs z-j~4+@3{Bt!B6hC30k?^*?aTUyC)Oab;>Zbs@+4hSnMcM2d$OfU@RE~}M|6&0%+3%idV;=*>8vCikJYZkH0lgOGB=@E zPY6OX_e@Ujs+BaMTAem3^q z$gCIh)Vn9k@D6pLNsS9yz&kq2l1RvTdO@xUbSA-j!8qoE9UxH(J8ip$87SJLP+`~p z(>iQOqbsW8W28XUKmn$Kl1yWV_W9m^zPYN(GqP9LC=AmeLN|pYhp}o1Csc z211y%DWTo=-|t+*1h4U_cRy>vj!j2q8Zk;POH?|MT`X-?u6tcmx$y@eglNz%ysyMN zN$Uycif~w{X0@yHfC48lsX!66#CY}|JoWCjE!a`ag?)c~Qc}rj7xNyEpq!0yXW?K# zH`&+-8d=|Il@vf|^*9_y{xDp%6-$+{ODD&(A*W#ng}Y%wei`S8gBBQ3mn@MhZepI- z@yv~PXkhL4gBhv-)P2JKJmkV+>RyqXmsrPLB!zRsj&E6CV=m&7YF4`lyKTOb#nO4m z-9=#K9*WC@QSN_D!g25xpu-V*s_`!TcRf2O8}AM{GW0!zA3*5)pTc(WeI?%2(|;Cq zpLC49Ya-m#XKvZJX1ot`KYKsHM$g=^OY8YFqAq|7X1BABq^Fx4D>edG%VUgOPkyzi zmkP?g#cq>f+1#*0uE@H(l3I4VlD`7+jX0@jKkv~qAMD1ABXp)X2=E1vvr@CX>^z$x zn6QRKSJYwMiGzs1a%j1)-1etdOru(`LuK$`#~1Kj=&hJR>Nq&@PeXtcsg02aCcy}* z`ijH5iR`SQhw<|$gG6`Ixt(T>=o1y7-F`dw{!*~p1sXRd;7x-a>)=NKH#Q25%3#*z zroIMD>OR%5TYB{9ku8joYj7M5&JDU)USG@f0nYex8PWEW&It&No$(|Ibf^Tfx|Yfm z6|}juBsznuO<^}kJ4raY`?p6m9zaTBr-kzaf7Q1m-k?bSDjD3eUx~%zX|h@#-BjI_=oLxMfxC#$QUM8IW}SdzXRJaV--3 z!w9eUbfz_@=&eHBsfwRGC=>r>bo#!&2PT}tlf*w)XW{rnjHQF$ zts{6P2fx3dY?r++-tEvu!7E!6QC87yT+A_D{RLTd#d1}VlI4cJufV7rclDWSm{|hK z14kq*spvK?pv(!9_Y;=$g7VPXnzPc zx_DO$P()nBTXD3-=Im|Del8_j1Z7rKW2z~|Ka57v`13&3QkB_mIS7ZLqy*@Oyby&RV@9!Nx|CwCqSL+@d9k*|7h zULPw*bh>d;y3aa^XJ>Go&%Go0-0$O4UyEJ>%3k_Y5>G}uCm39&BtQ>iWiK2A>3KR1 zhN_RnRfo!J$BKLN0Km2fXa0G9+tval0H`yb;%3I6{DiSltdJjU&q6^zsJ;rJwWR0Y zb@!k8hAw5GoQy_;0Bt4x0pVvM8fXqH*=mh&^NwoLraV^yrEKt$>bi0IuJ(3~RD|)Q z@99IDp|#@KvCJq?7;$~(quEZ^QtLiey1v@EUp%Nj+o=R)8oUal$!E?!;B0Z;;D;~i zyNbC02Ib1+qkHtsad4~xWipAj(|2h}M8TX~S%#6O^7T*kx}ODXaDqlD(X0zfrl@!Q zSrjPW#L+<<=Z=#(P(Ds8Kq-}PXv)|1EPz&ylJFGdoqmz?)Bt5x`9`LDolpH6$7-yE zQg5TdIU?4NMuu#wdRSRn`R3uUfM)?%Nm`tJja@I(jz17jvl^hRs{9o|an)x5SlRJM z{&6@6$NxWj@7mrrjwA}tXa5R5>h$Tjk0sxo8J{e0>|;|TC2>rV zY?89$ne=~uQMix*36P*f$(CcxZpR`Cpin4O6$*ta*NHoJ6lBupn{h_d9rE9RU2WhP z@MZV{)^%ENRH5$KSu3~Ysijw1Rxkk*IcyR6R0$eXNh^cJ3~DcZ{0$bkz(4ijSeqs{ zyQR;I_jbU{4cBgIdWf!t<2_slcaG}T=r;rBDNPef&?<;5Q5{g#U(_~Ie}RvKIO%$> z8S5K=zsV0GaMC(x4slA{Ub91bs-kbsfU(njLXz(ljrVB+J9kKMN0ZHPS=i_fzK|IJ zvbM`6;`!b$t4Ecmy`%hx<&Ec2i5k#EV-~`ZMcsYANF+rcm73AS#Kz&aG7{if0wa3u z8ykMPSVSvEfYPFG&Zv>pBWt`Qxkrw7u70U?Or}UXR?>JGRbmXj1ahRM7Am_n2{T0{ zABX(K;8`)KvRr;qw~%h^vMI0~5s#JW^c1LsmhxnYGySYK zF7>HWg33FmG;2sHDoO5N)It_TR1c5Ow#BrT-a)FsPjS!#qK(a2s? zXk18QqgE%{=h8ox*huu4T=eQfHZG6_5xJQ~q}1>kirfGj&mq4XRk1g5;AKQVNfL9G~lA@1F*h?R!D3DZ3RPr{pCdY)OecnqL(Ol7PGrH=lo5`ljQ8I79xgo^j~pBYovHCF z<^)sYKmt%{e*Ns5+Q@`svadR*oS2U|x20)2#x(1oV^BvX%nBd|fIBn>K{BqKWw=CH z4L&4JN1OKKv60P|J}PO#avK~jDv`(E? zi)KY7=6I*R0*7hipjQ&+=#p=ZXiD>M0Di@_zT!n+uauxtMU7eGuc)j>CB@7|{~Qio z6@FQ1y3zEg8Z7uTPr9ZrI$QcHUh0b-h%)uT^i1D!BJ3z2shu`{hCVh1 z^lL<%;8)-dQ{-V0y z<1~<%<+<1;h~#BQ7{#u>(f#V1&bg8)L$~5{Evh7m?ytZuArIz_HjbdlJJiGrwpJDd z5NCE{6pDzGr_H4dz3Ecp#4)2vFabvz2jMtTE82f!RTOqP&R3*BIdJDzY3^NJ8B`yY zh{R&FEV~*`z~D24KNh`zxh)WFbi=Sr2>WTYKvQag%G5f-OyRWGTF}TFF9=}({cYj7 zE-Fdp)k1yRc$Yf^XW{MG8APt31rK!brM@!66l)CyQ$Qt6b!p}_%~Vfc`Q={YHklK} zE|O2arJIc-li*S`L9%s&Yn4W0?0q>}z&MvsYMg`fsHE9|k&5n43U#^0S^8ka3DXS1 zfGg_$`=UyXb8rroIEF^gOvaL$LgUwPs)N46%#rw484s@K;ZtvD1f0lUh@l7}Y;)iy zzBzF>c}q_@D&y&(8j%c@=wsWB@FkT;pimC0U=F5%NtQ9##g^Hq5**0QkyEh+2YV%2 z%zg4P_3T#~H8AU>C|=1j8!E{W>^USqm(=AN2UK>+c`baMN8~DFu268uCP)nNYvd-* zCBhR4-c&)A?!WZhuXw7wB2m#_EIJXw{`}FsEj}-&Ns>bRFv8DO3mml z>EZ25$09DXp)%IHHVS)i@?my#D`=Rk$;2Q|?#9~$GCts|&0sBZA)aC1gQ$oPzgaBadH-W zYCU(?OSnzuz=eg|-1FH{d5rjDf^k`fN@7(HQRBpq)t8~rCQUsBV(J$)D%XDa;RoY` zY28gj?uOjj8nsc(+wHLvTag>Sq{E%kg2)OB(-kYQq}p>AqlrdVs;uaU2@4(IRj+IR zm68n;?Z6+sV1$^lXV}w8$ixn4P6IP`j8^1~rk)vjk1KP=BP}ZN{>%$M-&Pd({|p9c zjD_18&ETNVFtN0eOk||Dv=%moCn*SR|IapEuTB7@XHaDG4biLrTXtw!(oD&Gv*s2y zh9@a1Tjnz_viY_G-3l$~x| ze4kdTugRNR)(96=UeJ6;4qlSFx*Be#WWI&w7CV|H7KFA-{}&Q2^7g5L(J!+3o+ll5 zuTU2sogAU2k@ViA_S_dxRDO8RylBq%YtHa|`KHJl{>+Q!e7`0(&llC5glArK=leDL zdak_e`JN#~JQdkX9LrM6H%02>XI>Qc)Ym-rRpkZgYb8lh&s=}{l|+pbI6C3y{S*A& z2*?L;n=ozbsRp>HqVgPj=B3trswm+smDKa`5x9cj)l@=>+~eHOb=hwy49I)RpqC~z>MX4Sl^Zz zngiE!6W575b`)f4+c)Ek=HTGJfy+??$AB-x7sAHVf-jJE&(2z_Wn`X6*>JEA960(;#u$sAk)>;TF`;h2${pwjZEx9$CS;p1G8L?*%d7>Xug|H%3Pf97m%6x1)YCK z4he}6_aK6+mg1Sy&yBPRNXUY84eaL<7;viyG&qP0fZI0SviPPrR7HGf_~@Gr!#Dk4 z!;-8-^dRl)FdRnQj82f!`+vC z5IF#=?uyngE~WK10Z#f^PEcQeBbIfQ7YX_rX(tWa6S|8n-=JB#v7M zCq%{hibuP9iSw-&v=ldE^rGP2MJhTUR!TMLZ*dSG96#mOjI6PnpuNB}a^A-Y;{T=x zcafiGXsN8cp!+3kzL|*CxM+gqH=bh`NBwNwIZoKZ>7ecd7bj>%3#gAjZxMoNvvTrMMYI+)|j4 zm%+dD)|J`_vF=l~R7L7p@;S zWArt`^}nR4e}VeieYR)5rU92@Ma1WCMwe!QN0J*R98$uQ`q-<TjLSs6)2l#7yG_5T=h-d*&PP7sSu;-A-a4Ifr$rVMqUFkV{6U2bqYlY4wrb5%s8J zo0;V|y64)?D|M@K0qF&uk8$&@dt@@pe6Q?OT9pStUDnl`4Jj$R2lW@n{g_llr-25IR=DVG+2v`5AsP0csZYZJndg! z{dRNFJwLe>UY27v3}P2{N4N5((;oCO%UWFEfR|P$4llJdUSePB-W zxiiIKpzX;tb~=lKy)Y7LMUaieoF)N2;}=1^4(=Qr?F6T`K|6qH>I+bq75pvQZ;|-I z;z%34pixd;dh<{cqCyQYEKEO z`zyVx1TGY0dQ3jVKD`2E{Mx;`IKB9ISbRqk!iJG!;RS>ChJT$7AdGi{uyViM+1ZAz zHMn*}8^+W(?@iaEMO3`nSUpY$9!V9Bd0?Tn48_w4-h>{nh?dt{O5-?fse316SDOtS?nI{aH zFW`i*^guBCN`^_j^FZ2*CMH+-L{M@77?MH9ZMOVwWth}G|D(Ndn0$$+eTJ@Ussxj| z=Y6ynEt*{E6Ti{}zU(VGCUwsDXfJ*0VfPY`@<`EhuM;q71s-ud){pb>4M*3D0?%;L zbO)@Fd7ytzMb8mg#3bGyQT4sDD(&Ui8M?m1yLr<6E^T$rVLXE}117Nx?1_K>#nh(C zZ-^s;->l=`yHP+w2Hl&H3-pOMstCjIkDQyXhT=KX>V8dPA}M-d9rQ5yeWwSRg-^aF z-jEf&)C)B*`Q4_pXdIK@ZL)|a`Q-PVhG7O<&})JNX=#!szwgumP15A|9h6@$48N{E z`8|ib*9&kjVA6B%9p8y#gt38UIJ?w+L8uGI;uZVDOmSMk*qbdg@JSJq;DP0u-m&AE zkBHC$->PwHTmoXqjGMV9Gb2-jhyRoIiSS?0#9OoS!Cjgttm|za(7FAiHyz)Dhk)+5N&W zSyy();J`NxYizqS+0EB|QIdNmtD1mGt!;Oy>=ux_!es`DBVbZ%+bx&fF9n6P%!^5_ zZMQ;pzbsVF%O|zA-AdX0l5h!_tX6~6nAF;KD`odf!{lxCS4Cg7Gv4@6)k1m!NHkgC zC|}Gcm&Ez9iRB(g^;oSkv)A91pbA#BkYX~YK)xhY&Wy=Ew=k>gGfWE0`6c0TJ`bxN zQlI0_M8hRj1!3qf+kbv{Tk(~+TYND|4+}#|106}SmaE?nXa7!GnK1`FK zZM(6B^9KMznJ`D}Jq+Ac$gVs)pF9tIxU8vpwn)P@^o6>{6_qPw>u5!02vVG3k)&DR zaDIuC;04dq6@3=_q=-ofmJ)}iRn`QFSb)FEhwCUH^)1!TW47L}9C8^nZQ^-^9?X~7 z`6R<6T6*Y#>6JACmR|A|WOjKNyVf|RyezpcCQ8R%Qka^i%lw!mp%=Eo#XI8&)lashfs1sd+%^nn_uF+yS-DWaMB(K!i1AJKsQTz*k7E9J(W-`GleO zh{F__lMpU~4jd$moJ@qTSefAlXbzL)@l`24ztI>(`uKDq$HS`KeV7xIH1vvOvc z#T?+i&LUf+_mVRav^p9&EA#7<{|p8gGi5Cl!}O8FXf%>t0(P$?HDi#NeUOG8UZVC% zP1on54Lv_qX$IMy4d-g=>H1F|r7_Qh+WDR1v);v&mlhsjy@I60Jlk9(XPCY#hJ zbJ%_9`eY81I-wfB<#A*?*cA7YvH|PL?lmTS9TV;IGO0`KHLwV8+if@jxpN-h<3pFf zZ=`>s4vJ;ZOo6#^XU@{!fxa3voj>=rGxWQ-(656Za`}(ydbGP0-v}+ofv{XVSb&Ri`+6y-r|!wh$zb@15c^30!MBH5hOaO7d$#P8ZZ9s2dK3mj$QD6gt((PFB%2`lxo+)*4v-(At9U} zpss9kSQT%e=|l8uf}zoguwVj1I0FQ|Cj<>M(J`+1wqv1nzENrdAz%WLZ-67A18RZ) zSWL+l8*h7G;&sA^5s$?)h{sCix=k8FgWUkwVE&3j8%$jAY=0$Foz#95H}1; zX&7`jNn6IPJ|L8!N9G;U`G-Ta+wU0100DffL_h8ev6*{&)ad5gfZeCBeZg-gAN+SCS4etWMypPuj5Vld>tz=6WGhyPJ(73UR&#W36L91 zk@tuOWBk@VKQr*PVvGiou+*g<7Ua-6)q}FUm`sKvVRr9=aqVI3;z+o7q8KN}AkDy5 z+e6xO=h2*auMD#hh6#)B+6{mHnIHuwkgaIuNb`3N>pHZSM2@pLFkxj!U*VZ}& zK{l?@LV>_t;~;(kPd7| z3BeLY9b!e5D`kjuL7X84#B`6`1uQzK94vf%u>C)P)$?Z;9ZPHV>k5;+Qmp0OzJLjZN@!8K618<=jb3 z+YIRh;{^t!3X26{91URP1q0KA`3e!y;P4ZVogj4lcUV*;uLB7EHfx(kLE}R6Wi-tE32LD77DQ$UzmMS;| zfk2{b2t4k5+eGR|2eHow_$sFd+N{sPM|c`ayh) zX4PT2>S;uE)S?SFKO!{MVL$@rBkIRH8H6INRUt(tNP|!g(nWzOE{*VxW*$un<_tJ( zHYP*1jIv>@tsRXW>rRwjtjAQYfsTREj%r4TE~k;hp?X(|YJN2{C<`%iF|8qf@DRBY)%>1>5LP^W3j}* zkDRopY!Ew53}TNCV!x?D>{kt9Ul_zT83b0@&^Xu#a!P6X927v{x`d6~0QfgxO@wGR zMi)`p25E=jgDD?Kuw!jJcJ4tCu=VKr{AK_M-n4C07t$mlA|5&>kWGvwJJJ&gnSv_o zdk_mWrPRowIpAZwU7>maTYyx0acTodf}6-mN5{;8Hyk||5*G~3do&`{%Z(XXW5k>> zP4iW-vIpA|%qt#()IaftEFKT>n;Se#zVn+-9vT?D=g=d;VujAscYmL<_wfy{LYi1F zWngz8frC$XJzNVLWTTIuN}S=;!@iA_?@$fPwA%p^eCtSGNBBg;2_F1{&zAAO(!We5 zb}=9EePCzk&$J=ddo1i4Snao*uhKf<{s%?AJWGu`-!Pvzep zn~6C<)Co@o^rANM&%&$)JRQzgq%xxMlAy}M6yP1sz(IINiX|u-hEu07+LrXaf z!bL`V(2Yj1hz|1nSJOLoG2y!Scb_Ovg$Dvog*TL#)5oxw=q!^5={l++ayB$ljgY%I zmUHv#5#bXc)^f|0{*`@j20qNW)r-L^{p8vT|LPze3+~~>%r~g)6U5z0ULS#_OMDM5 zt`4Z8)L({TiyO*lJTR}ENpSC=4FvFqQg)4oWZeAiZ-2`zG|&LhG9xG?sO`pmkSQM? zYph-@g$9p=tYT4>r;w|Ht<_mbVU`4l)!q=6nY@RM950bJQ)D^H_V6f$D_9)Ia=C|y zIO7__6Px5lmTNaZ9u+9*2Qs+Glrt-rMV{)Y1ozL%ZavkD50-{|k(T66u z-Z(a;C#tU00x-@gIUI0&g9I>{Uq46wQcfhj3y?9ST(-4T55(X|lFFT99-u)j(jEA{=6IhV(PCVU5Q#Bvk)a}54O~5eQ$?*FZ)Gs`KE81$P1rPLhY{SKh zG*RqnvJ>o-5c8b%X8kZbS0Fi2HnJpT1Jk;jhA-7zi)z*UGK22gX0+zz@x2{J!#v!m%;MoCSp#5CL_Hf8J>B6Njyq_4vB4vbL$PEAa-9~MCUaNbNILG%bWvmCVGAN#wD`&g zhY-pZ#IYTHzPdWOxW4&va@9Y*yx=C$`RZ8mkz}1?aAwh>ZPOjwwr$(#IO*87ZQHhO z+h)hMZ5!Xqxu;&ey7hkU-@Epz+H1@?W^*fongFU{p*1Ey=Q0Pwwiict&uLEXc2bm<@T>*G2Z#sleFM1wBlB5-S}5|ZEt^p(&lM$XMV z9$puSEIl0ktYuW85hGQQZaoxatY60FSJC}?e&}L0@!&31z5gP0e_5yc{;~iSipX6w zh0m5XjV`RI=Et|W!ne6`dIlI|>3lkvW8CZj!1re8WG&4|bDZs)e{75CP`Irgm2!QpS5 zV8G|Y`t4x6g8>&&a0kM*bbhi{Z_$I4ctF!4g%?rMgWG@{^KBSGxChM>K3 z!9TWGxth+>SqhA{x@*HuM3)8Mp=U#^w(&1?XJP7^tg9kgB2 zWzWddA>ZD|Xy_(2axxg%G4t73=SaD_l{_RF9j?16DPa`}`)^{63_=u_sCve35?BvLTjh7_^4LS!bk zi5)|ILn07%iT{c(HP{=|0&%l1#mD4b!=nbO`x^52kjsDJ`ilMmI@TG*9&q_rlzO{{ z4q;55YP#yRZP>w&OQamKl?IND-;$aC5qwTE^7UMOm*Sq&XEyr?{~H9PrYSIg)0pBA zD*!ShgpE4~ZDW(NCA{()Yc*(#@%tN6pFC4GZBUkn42KL-2pt2K(+lv+1c_A^dbm|Zkz|)-2XXTZ}WkWlt~r+X8KkvSpk^gk3*mD;OQ>d zfgg|Xlyf~l(nkNL-c+Pzb{?cOX;lHbnk)MdE+`9<7h0~7dL@V`6K|!|j8-tPBBJCb zL%^vVh$TT4;8H10V z)!vLN6W5u%9zwuuj;p~yw`0G6-3lg^`Zq5v2fZgvp3_C;C%;7 zW9?X-%93E;()l`LDxY7|Q(xCpL%4`uw%>8zYhp$4*c{|KrIwjJ0mKq%T5Mnp1D6eJ zA2@;Q@EtGOFo_SYVmT{{B(DfToPe~CabTndwK9(H<5b7jr5?5~Uzv?9X=Y1&!n^Rr z6d5!!edheB;Y@t~T)fu)?!iviI_xR9?;E;phNi|ngw_nUeeG%00{&laFuL}%EXK*l}>VZJk8vfPlTxt$kFWYx6o5|)wd=3hrk1_1<|b8S zvPZ_?;U3{mHKvw8hLP;%`n|zBo?9 zM*CbP%J#O()|Z1>+Oza4U=;))PlB>{9BkL;uEcdLh~7WaDLPJ<6>^Oajz2KQ0YZHx|`++>FTCIcN*t zfW8~ZGSG;q*fq9#?AL8E@jJd2 zzDL$;OILE~_;s;+U21DO&{s;yy$|mHaddQX@OATbcM0_RFm|B#V*2uSb8IubUE=k)og0SG$`ay138IP!vMEPU!UqI_?(|*=Q0g+hy*vyL(^VibaBeK9FdV|}x zE+p{aVM!b1@d(qV+!sE;Zm*6_UJ)h^+hCk$?_xz#2l90?D{7@$ppL%eCb5dM;1Hl` zj{c5tfeTv3*lJd{x~edNMultTva^i4F?^Ys=kuuz;{3R``^amgZs}-@tYC)o5hsPW zyJfvAgZhG5$Sq25e!K;PY#3w(!)VV8*OJz}CYoSrA|Jkc;)vs4X)}6?myOq&t|l{Pl90u`i>yA1`-b2|w9W91Nib{%oadSi{)jzZ zIS26}AIOjXEF6q1JyE|0)YQlZ2NY?gJG~{Q?MRDJb~r`W&fgTS((6oK$Lq?p@6&Pz zewCeFUCZ6+nLUeNO^9J1_A8A)rl9B#@}&Q2`^k_FilK{jo}FOp!xUF0(QadmKS=`io(3mgiUW_WApQ3*Jbk} zJ?VX}jzBD;Yi1hms`2FNpZ3q4ZI9N@%tQdUrshZOy)Wj`PFQl&b{wY-E*5QvuK$|N zLV74H^xH!y8pDywJqFh;Z9McLropJVGq@wM$Ac}6uIA^~_#>q%{xjh>#0vS$*3ck5 zM?XnZybq)->Zx#BTrS^%2zJxl)KPTX)V1+8)?tP7zj#~Cws?Lvip>Qhn!r@-S_oU! zw(?Y+y}{mp{waB|{N$;~Y4RZ(as!@lWr7H9G3n04LSoF&--W}=Py8ArvoLU(#47)Y z5v~Tr`0%wuat5ifkh`#nO_BV%Lx!&O_07R{MTHbicX?eAA>bs=4)`1B=WEi-C4*CN ztdCA3qr%=Ycn%Wx>b?p2}9iP&CG1(>vm2I&YxsP13jAVUTh6dvlSubESL0v7(R+AH{ zFqsz9z1vtWU~E8iW5D1^x5or$3Y<#I9K2aN=o}~r4t&Kb0}l3bu?tXYB)lE^Aq>bl zkQcx+(R_=wIH~sDR-5OR8Q6gyaUvO*z{m!I!0wt1<4Gg5t`qqyW>;|dvr$u_3$w`k z?yvy#iqvh2$hcQR#aIF;`D-SW(0R|G;PTAxvq@;{M0FY>ZP4(aXu}$ZYwgf(TPfX) zy#txmwBwyKVeUem_**KV-}9$p%}$NfCepo&-hQ5czyl@J)Ra1pIlpK12q6X~3}U2hQqN z{L1>Lhy}aYw{k9#0aPTYC3wj{3ke@e0-~4fl;01W5?vRST{J*GB`gNd#v-nRGl%sF z!1p*_Mf%X)mlg^`!n7S2M(%SVhcxAcrfCISUEkQEU;2XIY`WBK5kkhH(WC9k1)8p| zcQiA~tuFp?0_38ETR(lESXb3k7h#4B#nQKqpZ-l%JQrwxt^|%8Y_+otx37!*;_1&F zW$Ire2J4;ZErDZel5vQKtPwJZ1$JSEx8B;BADbRU_kKm&>4n9$>=p)lyYX$6;BY5r zmi@YRzHa5deCC1yxsi@$`@*x<$l8gXMmNwqN$;kpvj;8(=DIM4he6_5v<2by!+2fDek>i#|5!3>W(LBAFMx2&R&_~He!3di zah$FrY1nMcw31zjlYYfd#haOQ=f?l2MVe3|IEgFi7TEW! z9DGmOx4OLJsMIiqaEBI-4?;-|rp*~R9!SelG96e?4opMqWQUUc%Xm-Oq{GVcNqSM( zXBqYZ`Ego(r2#p=zK1?!VN*;U{J26?AKf^5_|oy$7f2d$0Ush#U}@4XX!#gVjScF6 zw((|vY$9Eedah`r%N=V)qZZ3me`gK>4CQJ%I@0h`(lBd(q(-gJ9SJ#}1b?1r4Nrr& zNI{EL$v_Q(>UJ#2`gc2-Iac-xdeG*0`%&OoGZ@roFuv3i%8Xwst%0VPN#5 z&)-iCS8%jU@lQoj5mfT0W3hok1kCr46g=TszYJ_pQTG@tp9rqmMe!CyhVw58EdcXl ziH&CXTr6C>Zz3LU;sseUQ;e6(-^7d|pl-)}h7~1LBGWVVQhZ}!tcagwaXZcEM=E%? zUGp-cV8_B9zc1U&H>OfH^~Ux7>|9P=>sYlz%jtS-0cj+=pyG5zW#^kBki#t6NM zw&0qwIQD)EdROWvWDx!=-?hOi$t+0|$}dD{zGk4jXsAMK2JGJG`}}ff;`XuxEjbxV zQ5200)`!%l-l@PdH<0QKb%XNyms5)uM!4VG5#J0P^V&A~9)F#(M zqm-ypv@2oVHn~L!4Z{*$ti>W06KKBj$$sqTd$eLUA{+(9*+mClX|;u7&hCN22WsXa z?u*pO1igLPHOE5Z(5TvuHnv}6eK8a|b-oTh7VB;DILqNjH|i-01|^hYn5jY7H?n^< z?Z;afBsqZ$;O~k*Cg~qRyAu8#X)O6y13XDxLpv#|-HApd z8VykC&IQXJ>#o7>D(3Za##50o&G%I)2~7Ourmujxe%v^*=_|qnm>s(&D7sJ0E?}G6 zV3X!1mQ3x9B;XCL*r$%MM*JZ@u{VFP8eEyTFhcW~fPm$uY$zKt&?EF#7>I^Iv2&_v z(3zt0x3o~s_=tbhqHtJm*Hokd*jnG6`_Z4>A;pVeHHqDiA$-^0Lyk&*XcCccpa&$Axgh=>kZ7NhRIMhcRCmWS}2_RrU^@3bRp?`oO<v#O0%&0ATF&%uyxG49h+29(hp&N%d6ie8@@cq!Ef} z@8^^+x2(b+I|QgWU6UO2p#_N$;|AN8*`PRyj!DPyTA?xm;R~&j6h6T>kxuayHwIEt zex)dz?BC;mr(Um}B=-1!bMjsbCG`&az7nJ_Q0?4`nA<(kI~md3c)DQYZ6Ff*f}r6o zj4^AWJ)_O*3doCb-}*|LT~oGQ2MR-v$R_A1{BDPGzW5vIfrh%FHm8)!Pl3=Q6sSgz z*hLbG)VO6TfLB7X%FqU15A+p%n46!PAu*Dr`TRx;_Lx%XXgMoC%E4!~A3y~@6&E%_ z@b^X=JL_74$URF%*l2pb20{p6i`Rb(5S&s>G6Bs91(fRU;_#>? zzCaWz#<-_ts{6br^9x_&b-$4JjBz!u`p664qPBIc%B z(oc6z9g4`uD}hK1l|jD6gjWto56|4RcDbLO;WWIuj=>*Nro z$dIQt8e@#(wq9% z&kx-LxU27cRhz5?_#{`6h`UrI1=Bw0_Fobhp-f%y;vvDvp5;yJN}r#**<-NSvKku* zM1nNYenmAGQX&ImWl=c~ocn~*Nd#GKyEwDAQWS+0WI}rFGK8U*F!F~u4q@VKr|Fc~ z>vEQ$7U4~~%waX57J;IZEcckz-`Q78_c6~KXBdl35>&Y2*1qvhI4P;5ei3P>qBRvR zs%iFFzl{>UBFaZ(!dKBq>3<04MJhIW*9m_nBG*sysO32;>6 zy(%NS=9fB%Mgx~`Oc;iFapubvLR;R&it%511m&lDL6f27pWetjnx>H@EX&rg8q87Q z>1qd!76}JEiVE6n;!94rbvDfs@Pw$LY2lDe8>_5wLwh!+x)NFksNw;;!iWQwU=W@K z%xA;v149>qh??=3Tr1Z@zl04n)ZMCp;|j7d^8@@I%)aZc=&S$nW;v=`K2o_cOP!gF z)CTqH83;xAUjX@%K8w+5%q)aRN!8riu+!qvAPjP8QPeSi{M zE8(YnbeEp;TQ6M1bMDpG%B!yw<-{IF?GLVKQ95Qf~O|pYv1w=iq$w@N=<9tlQgJ}YS zteT-NvyrbDZq2;#{kde3iLJJr^1`bJR0h0Jq`4^Nvy|?_xz#WEqcw@Yj0*{Xo=pku5Fgk zm1bB#tjxCBx`0rl@q}#mg!ebI(X(Hs=N+vA2vsQTn#d&L`VR%G@D>%h4 zNZ!OGL_R~0c1if#aXJ4vkMj>HgtTJSN|G!Wew_S8KWn^71xQ3D01b;!3oa%A zlIF@ep}Y$e(r8QrU@~OrXbJ#&ni*8GBdz3A<7_YvObNZpaDHrGMhgYg?ub7*nctqG z%vjOzRd5x!{)H?|S}3F~VnSc{ak`MDxtG<#pMQj@g&iqa^-ryk=1}<$W1f~?wh&Qz zOu(=lVr9_shmh_{fA#@%sZ;sBf`Z`Lz&KSbVx0DjD73)snlwI}VcwDF-^saLsble9 zos?PC2AlTejSs@vEwzviSO+3Nq}pP2kCJU$eNx9!M;rB@Ko~tmoUi2~pc>gVrBHTipF)|{l z*)<2@hwmqrj1&h5*h{kwQq1-K8p`LmpXBJt^GBfsAMZ_&tWN-Q(hrNLGn1RciC79A zo$ncr2oNn@mKF|S!$+PS9cv;m%#1`q1}9uQHtoD*ru52ywVXk%i5v{UiGMr6eWI8j zfR0NXMD~vjjBN@GUUjW``73Ni>pdGHaCE)5$}xaLy?z>Wb|T6r-%x~L)z8w9 zrS{3?t!05WLFFjqQ@TnIy?e@iPL{@WL@ZOG3?=QuSX$ekP2`dQB}%b!;DLI%f4sur z!{Fm=hQokW*3TfQwAq=%OeC0U-lDKV&iNBgb*V5Vs#YD}PnkYe%A-_P$K{!)$Ozpe zR@2P{UfGEnZ7;PR{m1)8_9-?M3YpvPH4NxcwafdV(OF>xnG~eu(R#TsD~zGa1T;4_?$2I>oc_59?n@ z<%SMsgeWl#dcQMff$&H}JvMI6DO*~PN|G&lW_oyFDyw2MU5(D#i{b-mG8J{c z=`WZXx}p_fA%hyL2cKW-pSlJUm({tC`hTLH^j6cNkE-nD@3gE0bvff4)96$zN zEyM~}&HgwAx71R-1wLn_vi7jR<#kp_>E5;r-E)Om1m_F(c)m=pHf4K~$dWO;kc+|F zDxmrxr56gSJpK7gW}YHp!7NZ?GRu7PH_4jbexNvWS#Li@U4PMYriptGrBlJRI>Zc2 z&*|3~F+jpK26aB6k1V5zw0ovhQn_rz31_(D42Zfzl`T)r)On3-uvq)>=o4nVts4)7 zG|NYs1}LKcyfdZjvIn+3VroVt!wT=%6H0o3`wSaRglj8;)yH8|sxKehaw6Dt zuruKt1z);?zV)z>d5{R7%YWR)3l_5JUEqGKi7>zM;ca~C&fMAc2rITg z3by-CIcxE*56`uZYvrEQsIL{-aXof&KgnM)ABGM^ai7H5s=EgJzH+8@UW)m-iTf2* z0uUyDc`p4m)zj_DhGmpbeTftghz5Mssb`tmjT?Z6yR+BB#MxRnQnqsZw}h4}(uJ-u z3)5Bj1@rD0oJ<77T8lDd3(UT5!Oy6+r~d5hL)i|sshXGOl_tL9-6N@{6vfZ)mO3;N zh?#;usz!&YX=?9wR@O_6FZJ*w;gPn?W4i3{i4UY^!byOpF;j@8-3~J<`lxPTSZ>64 zHCL;qaX@{X?NNM))=MM#-U5eUAzA-jDQh(dq!skdO(a?dGV zNUbd_p7L=5epF?Z$J=YItcPjoAC8&bskftgEckNSpF$lk#m{)RK?Z8_3y)RCdKr*J zc@ZK9NNDNImUD}u@)t0ao@RtU}$xSCzq&svz*r}=i9lm@0cJ- z@k6ZYTEChK8)v>Q5-T%pYFz_ecAppwLe6%Wh`V#J5}+ltnskA7c!udGLLEHpJ-k2n zN<5$HvFaOSO_9(dz#3WaD$n{$S}pJ>ZhKv3&aK{+yIDDt%0LKnkuJa|dJ!w4u)<4Ef*c_$YQ0ag;(V2QGp#~d@0>=e{cI+npmr&vS__XQe z?9jqQ&!2RlonO43m>nl@G=%Tvw_S{E+<=lr7R5_VVimHeoG4c|V+lWo~=V0ysROM-b|oWZ@We{JN(#lk}(pr@-$kl7p@whudo!9Ew17}qu`c57y|bOoq| ztV!$PVQpe)8xg$odiwWpe0o|ARvLcP1jvviD#ahuQgZYa_LEX{_7n0ipO=I1>w-F- zmAgd86@J(KRUA%d6$60c%lRP&#OGy$XH?nOpz_PPQsG4u?enO~;cD1scVE-Yrl65n z4Hj5%HArYJ*WFET+TVVI)u7hI*`AUW#rDATLlw%M@j3T1OQf%gU3q1tf2_B`9aPdy z!~4NfPj1D7F7Ay_le)@-pbX$(0$)~05%-9e7E ziX0ewk&4ei%fp_{7L)$^yPavpa|)8|IAS=Sw{=DA`Y#|mJDjmgxuu?YQP@pU&lpoD zozrOVJ1*BF)yEdof1ibp_2|3?KKj5;>L(j*6@9Cc9m|if|>|3P*b_5;!Bg z+4^un#g8uQ{rkt>3d!M)lLdR2##F)H0x%9yh1x53M)`%B`@9W_ePl zyE7XXxa#Y0EMO~0J7t8?;@5Znv2|?IM2YO+DFdk+Cs6@+$(;M}7x6*#$(O!ShO z{Oumi_0I3YxjysFTNrNIXV7J1HCNqpX2*F#J=)_B6`vh+nHCr1+Cr!gs_RrPMzs+w zmZN(U$dbK%?o=xTKHv^&c{1fma10YmN$F$@{@iDe5v3&E!5R};^~i3RDdLtrd@P3J z#UsTZ7M>`0m!w&$r>2XR@H<4Y*A1{ou}6u(?O4Vp_d(M5;av5Mk4?hwa-MNiZ~Jq9 zG1anqGepZM;chag>2k-jHhEIt#`~N|(?IyCMfWF(AG3>Ns~RSn zagd_J3Nd^fObU5#v<4ena|#uL*V>lJ6)`AoO*6$PsrknPCtWf}XH+7I6}mGPg@tNr zz$@7aDl#Ux?Z}QO3hKnIE9IGe%mUQ%`Tdu+5$}wXY`mI2eiW5N4th|UGzv&@VR<-( z?)12~dM@nbgJRaE)JKkag+3j>Bw5BPG8*^S1Xn7}Rr4<>w+u%K_nVnyh@4UVSt@K! z)>ef8LT$PycMeihP3P)#C=OGuOInp0?^R7RgT2u12s}#-)(RQba{fw7?v!@F(-HH* z#$i@6DGj7SwU>MniOm1~jlPr@_jYIo78R^mgT?WpNy!bJYeZ1-UPSnL>+f(J4+J za(HoC9y3QPUK^R!I*vFiclt4f62PN9>Yq z_Y&^-d}}fO(8tUm7_?UU{q=x9N5B6-o@T-zo~e*gyyK}B`DHmqai$RAF)O{9-nz9r z?EV5t8v3(JRK~>$VSqmp<9q3Lnyk%N($Lc`wraNbcZaFlJ(JYhj(PO-jjz%*I_~_} z1(~n~w#liFKiqG?Y}-!BYOmv-NC)|aTQu$AP*5i+=J*uj5>^jeN$lwi$sT%J#^!;^ zW`weLg_VjXGgY=0dk&|7(UdBYTn0YEm3d435TUO`UlR>^%pL-1YE@2_X=(v$B~{G} zTM6Ep`l?kJ==-JN1h_7v=Q>Y7JDw?N+T_?PJ&kao4akfLwVdWRN@?#dw<_!L+qGs`0-f(19|=?XKV_3 znrr6rYLHWS7d5ZpXlB#R)FNJBxA=FFW=l(J3*7T_RCRUrmFvgGEj`Nf&GhoOe|@)W zov&S8r|YfF&g%M_uio5S3{!AoFTeG#s14&CQNg&R?itvBW+-FBs02|{xhpXN zw~P*d4u)P4Kue;>90xg`s$=G!cn+X+hDMSD12xyPoBzY4ub5XHK3C0ie`n{*qz0mC zx32KMJI!yOSyg{^g_~JN(;ZMf;a}Y%;jZM1*Kl-8ePA@Z-JF6gs50u!&+M_eWaJw$} zBfp8?MR42HLB@pn$MSKpoSsH#P@WZLu4tRgX&iEI8vN%HH4PzhHg(x)n?BaNvUP#~c@aMwd3u%GT zzK9*Ha2!b;IU`Tg*6g_wEYpqZ0^@S#Jj=G3nqb6z6ee^Zp&(vQZVW6R!jK!Cd&1+# zGNuMUzVysbUIoHaNmaQG!U~*6R1<~X?i~BA#1%JvFyB(*y7zD+ei;E$*I2lQA5TKy z+DkOHQb-z3RnI*SBOkq}?>+#h$W9L=1l9!B{@kP`HB}}IuOgqjY7??)sQKa1O$?EIA>pF&W*yns zgr{dR7^{k5)-rtKXvrthav>#~u9EY!A?Yf{1<@lcD)s`C$NAFjqOO$SCnHtD;YkyH&k7bdVjK(X z=AQjC;v|mtqr`5pmi>`F1S;UeHKU+etS#dvcU4E-82(C;X;6q?k3h&0V{*q$FxZDE z*4~hq`C3Fxd4lJ3{;cA$5m^?=VDCBk#j(3s8DfaEv6f+Gy2c>F-0l1-l4S5mR|xI2 zyT;wY;3z|~dAK8gq>n-D&>y11ff*Fu#5-dXz{lQI0r4d(aRmo(m9Umv5yu5W{*NhHbud;|M)?@^>+7mXD0%{JwH7E zCq2cP4M4x%VmSnlBi>LA^+R=mfVj@4aInWA^b*^)xsKEFk*Go$TH?p59R?tB@`B81 zi*I@~v->HZ^mb~x18Tnlw^RYO#YsoEfKP?OASEYv@~W=@Us^j~pTMzzn)Li|;+pm{ z;QGBPvL$kKyZtP1@ZPJUou+%)!CIkw&ipPNP-4R$_7y zV73E?ymQh9@!$2qIF$AC1QJX8WE-BCWmQQEm;@DdQ z-v^&SJ#38Lm-Ls6*jJ%=PyY~5Ysu$*{j-@*rn#y5mWN1a#hG8)4I%2c2uLQrMaoRp zk}ykzDGC*Xwlbn!+WdDXHGW>;ny)fSc>ih5o zBU%0BYX*&|=uY;(Ic1L%r*roQnZ!dJZ>j<+gceacqX7Bu(#y)Q@RSU^O- z1{d)-#}(bu55CG)UQHG&JCUvXmit2Px--#HM0o7KuDj1XUhPmeW~Gn<8MOdgVfYv^H)b(S;QY(ptes8{lZnp-tQMBqjElDEw^9Mq>_KK zd+QV9fb8n6tN%F|ao%FTswa-Pi0a+20z?Pv@BA(QLC#{g*9bWIPkmhdLb}^Xhw5u6 znSBU!02N@^s6D=FP);fj18n`=c?Prz2`@zUCyIv!ue13`0!M!h<;3OLpUIg&=0DOx z&n0=|fdWJV`s??`F&Mc#rjrDL;N?93><4b2**_Cxyl-L56CqF(QjX2$*6fY!cIeARt|N9}jEG2LD?<+jgANWVe#^J7>+S7~ z#e+56)KQ$OPa9DUd)Q0MkA+x54v8p5)2c0wFCYc@Be9ix;%U6m8J(Bs!z+yex_Nm|;zK|?Bs zAZi}g$J%q|rp;EMbrdz?E6N_g8{86)p%HT*Qj81~T)Ntxz_{|6Ieaw*0Yx0(lQMJs zfxkv@%tO8sav)QdQKrF%zL-mzU$-r6Y-{}}qU%cJ?53`-8wIC3J7?zb2WVs)XtGeH z9{f+IxGbP}cja`~kh9b2msN1VRAtgo)AJp#WV7`C4cDXMT>urCnTnMWfy;63zizf; zzt~MTSI<@M*NpdX3KPfH8UfREX-qOiBG6dX{in43`9}F7AKFl44RK2`J?Rt`1cF`iXU(JpnLLJ-auGoDJrvQQpy=o`h@A zEI~8>F|HngWKvx?kp{}#rAkZ?jUIy6MBx;o6~2kH-`{eeCRYr!inFK{%Mtl@EAA(Z z>E2JWZhW2*wJsi{+Rq@fw3A;{FV~h=g@eyfu%@u=qVX?$k5)wvz}m)+ zPc)!0sR8G^c6exw$Xhst0jB}FBWEnSlu=7SB3A4CHSRvC%8ulypq1ua-fUd9DBxdb z2RS#hm3DAEz41=PrTs8l^<_X|T`n@%pI(lD%T+7WpjLO~aNM_GqUf_^Mdcu!QbLVb zS^n@@-#g)y4bEU5}K* zuyuGl+E`#>BJ4=)w@3&NIrNT0f(8RwU8*|WxW@m46!a^Op-nVjH^}bnpH@}lDHWk6!tq@@xAl8Qm`9x=r}(xXTd4_ns25-pjv7le$a*P62wrZ>wg%+ z;p82X7Z2D=6FHBoZ=>8tnf1^;z2Itd^lCPusVwG!Le&7;S*SV5s3*qpD}g_Wyso~K zWHk1rOK)iSn-(yIb&%NT#t!1U9!_>^J_PwI$EmpgoCY*Og%ExIlEx8V?M+IB$GS1p zY*xa~P{gE3kJyOltcWyaQ5~F7Rbn%^Z@RgY;gxW@jqUcf9_`Vq62uAX{BzoUvG#Xs zv!bzVE7F?|>#oKHgvJdzlg_;yww9cbDJ*jk$!!(|y=HqTEL`AC#ogZ^fAlE44?-R> zD21pZyf(KxLj|w-QwU`}79O3V3{bmLuoH4bM-p_M@?ZlA>gK%g_K{ld*|3Z|B{)tD5H8MbNn)35s@(7z%E_wQ$V(^ z?;Fuya@{aacQn#0YVSxQ7DITIF4t6*30Ff8xLV?VcU06wBIh5fqx*!IZ`hAbD|?$ zPAXusx({k#wB<-dBCAJ8Pg;%7JXlEg5?B@S8Q5Gn?^TM)lJbA3*8MJxF*My&2Cd3? zg1PE?MFSd#s6i>jFRA-|ZqzFV*y%s#nw2P3p9ONd#5!=+rxbeaHY=54@$hzmfmIv+ z0L6gB=+1btibdG)+J{xT;7mH@A-7yc_6J0^eiil%!zv( zg3iBDsW12C$0B$`yPdP};rGa1@ys?{3bjVvT;Wnmg<-s}t$A?cTu+trnJl@O@ELL) zLhZtihK_ixj@31m<=M2hp8v_yWJFOYs#S!=+dIb*Tk~vK*KKq+JgY8mvk+4)d6I(A z^bN4?e%f@2E-cIK?i0K#$_Pu|#p|H3$Mr1zw$%Iou~zS=}+HYKY- zfdQz+y5WA>uFIhw%#j12dcp7dP>=T=VF*Z=6Ip1VBdLcfixR0 z?A#Os7%P0PyJex3XSgE$)-4!v>ts{mc0QOuMZZJBOmw2Xm_3Tj zDWlM04p)$@dV;XmruDcg($<`nGk$|9{NBpHsi2{J z|MG6<`S9{_aP-pH$_^&c0EaDDbr8S@gJMW$R2s+ z@mI;p)r)U;7gx{Q(c`5^xU9>OVliPnM&aFYEUBuXjOYG43`c`=B9Tx_qjCUk;43;| zB^)(~$l^^hGfhvmOF8)y^mK#QkLYAVBaT2I5vp=_o|n7x^Xd4o%k@i>(gbSU`S_GM zJ7VSw32c}iiZ|tUa~$J()_X=t3&$6h$cKuo^?cJN8PY_yrS$6+{D7(xLo;TkGI4wD z?C;C_EuWFS_VzCvZ6)@1G|;3e?c{yXKUF?R7=;UYRWw5>CDz@7Yf^YMW!5=qwOp+~uC*k6BG#5e%zYe!o*A20vg%|s*?OQOpxP}d#=@{2mdd_BPX z(ua?)8?25s|0tst+{*nXEKu9k)PH|WT3QZv5`M(^w?Q#fQeoplV&p~UgJMxt?&HT+ zEO|#{KoJU`>z5;W%#YF5l=PY3xmGsDzi)=Fb2Mz7U+d?IwPSkKz}HGFCVFfOTKZ!W zSH$G7LZ5;;I^lBT`wN|!isB<$eLYx~h4%Vr6o;zUtf#c_;oNr2`XNBQx9sp@AHi88 z&yU41!O1bs2G+z(GgfpFix)`Rh1gMu+E$CRJUFx+<{E@)-rFG9`plmJPU^qp|;} zdOXI@jo5AEqy8h8*RS|qr&`%j9%FT)?eSgjOlLUE5FRh(k<6-V_k;VS{{6w}BZ)CA zWe%_K%xh&$2(U5To?=ONixbYy2AcJm4WG;44?Sug>Dp|ARI0JrouQf2{t^@0L=D;b z_^KNHAXR@*f>8q0m}SVuP=%Co7Cz{4l)fL}ZJYsZkWtIy=+5&1#p{47&5X3oI?d{+ z%|6T~T6W~s7#^R@FipYUU^>FNM^=)RT|o?OGRR3JAGWvL0?$%jj~3peGn4(`VT0+w z>w2mdn{wg>70}61t2*lnOZTqj`_T56?+g_#yF_{V!=GQt**t_0F10<(M@kH8>z^3+ z%wK-jHNv8umC$tDb9TM%eS^IDk0PwN6N9u0aE1kI&ClEz-icF|X#;e(4H7Bp7!`^C za*EAQ_ii6$>%Ff5#--u)r{J7p#vi(oG$TFeJq{r-=?q$YFNR>*{5?gGZ?c6gWX_j# z;>uYD)pT>KGuzmSK`d8F?EiKnRw)y#eezO{%uAG>9i@pa770~h@Sc-$$FJO2)^+-u zoz&(%HMcfK)`m|vn@Wx$eMYxKpYL-{mUICix^W9RFz>k$?T=Ttk;|1MGW}qoeK8$a z(=Z4R(FLSBaKR1V1hai|-onwi(3%7?v1!zNC2u^G1XT=*n<=%Cdo$E^h@+gqkbwF` zX(6cdct}aYc{$~tMCH(HoK=wWxC(@>`@L3Pb&?LF9*+79d@(I?ze$u-3`JW!F)yJr zy(jlyUV!r^{{MJ^)yjW(L4#rH^EwbHPxO<<_J<>Bz==M*mN9ht$hBYOG0i2AiePSwlKa(rS&M$dn4N=I$>B^A2X@7p-Op3peas_%S|RO9!0({h9c1 z0UTwu=S>|Rs=f>TOc^Ns9{`s?Xus5BsAZ~!l5jLE@C)L?LJ##hv4q66!;7mw{EGf^ z{n3$Ux)UkUi03tF-GmGT*Apqof=4NLK&Yw<#hYxrsX`E_@_v?wq*ja~M;xN9PU{ef zAO4jC58w_jK3fps(5XT2_b_(+W5+|UY>o4$G61-i7&72d-!i>M+9nNgv&2aBKC8!) zQ&O#=ZSd)(@3-k>kW|q)k4w_L7;MHB zDf;BNY**+96l)y|lC-5Tas5_9X0%3LFfhIBOY&QyD{wQ+{rRWYvYc|~JX&60-fdcA z6GB__USCWIZo)KgLY8(oy{+HJ*7nxc!QP&+wY9bVZhss8g~I+l*gbe>Z0{ZH9~|uN z9lYB&wsv;j?eG1`*lK>b#WIBxia%`ujN4`3MM031z0VEGXcWlB6n1G^NcHa5gS(y9E3Y|XRY5m{#*OZwH!Zo+NZFZ(dO4dT&~;e z9(_7#?{v1-e%?gOc#Seo=l9GK5m{q5L2PRpIgmCsjoO0EVL3gEXjn9Z@*1yA)v%!y zn3I$C$QGmU)U`?shWigU>E5x2jR6 zhJscJExzHO9=}dLy{{g#s^+s9E>4*%8z+8I zZ-BVUvl-cGPd2R6UcE7$_R0rT+7MzMNO6TWG{=3!DzK%Nwonaq)|nFE()zK3Q(Lf9 zH#=wh@IRjn@dL1BAh`V;jRD!mUBg*t~O$V2J+?ARwX9 z%QP$8g>&!t#=t?9aGQ@mp?`7cj141p!Ez4|aeJiO0DWx0i7@<`nBE=y>zLMQLWh(bxZSZjKW()YSqj^uO)> zoxPm?xBqT?>s9|-Mp=&jr{O;c@x2{HZ6|quSLRPBRSl1rGoxHNOa`825e|TtoYtOFg)o=qZg>yv(qdxyfB=itO zcOmhlt78DDI{)8$SK$9!?_T%+ODWH6|6gW`r36^?QzfF{f`2VY3x4CkLRgrgiQ`we zPQKx+Cfz>*oZK|U(}nX ziPYNp@C0pYUfAE|d`H75NCGSH4vo*pJ>5^Qk9tDy!892JQ$%!pDw8BIX#S{jaOws3 zOaifm92v3FAUW0ICEI%$sH~Jy7>}YFG6Bc1;E1M4olxCXB?m1W*QGyPUm)v7XrW$Q zt3nU@(KZUs*|cBfeV3A@o;5NQ;>Ik8m^FB#NWz+67r%Ai^V(yHz=)^MqiFjA^EEQM*azUpx8mwQP;fBzragT?s&@4VYB`v33j zzV82*QI@m+$KGt3R)BTIb_$Unu@L8t!ByM)P_eJ4*Ea+E*o~uU2)%!p+9M}ihm=Uf7AgQ1d;6A#N8DC{|ICat@v2y6>ZmAM@;~w7HjNfFiwaQX|MzZd zCnx`R_qSf}|1G6F?fEYe=+`XRPP*9e>dzwe!1CvgaxL)ec`LV{=Z|V}OO^>Oj2!={ z%R|t%%$Bixu%CX%D$CeSq4~5{M5KBq)L|=E6!j@E#1rf|n3%55Z~Md->~m@f`$V1L zs4wJ29!hzJdWq*F1=+OgwOHX#Nt^;bJX@GsW7hkYP1?_$A7l7Gs0pEoGfWq;Cn9J) zYoviD3UHKQcXr5{X|w>VYSLy0boLfA?5AYyLv7*mGoEQzA7piNC!yWFK|Azyh|pF9zpd4F9`0YA)f~TGkAXTT6YkB zyG2_=e^HI_3w6Q;lImbG5?pXGv{0!K=zA^@$X_xL{^~qRAV7?;IUJD2B>kIm1TwnujTL)VO`_I;^|Ho3w67;_}V?`GUpClxcz$t6QB#f{Q1)P8a@LD=?AtwX*n7Bv1}_ut#Edrg;;d-9Eyv1j4(W5>XEGDSfXW^-;b{@N8E4jDpHNdLdFuqxf@49ldLhjD;#FJ%i zSYI#1uuc%&!t!YSqt!w`2M2q$V{uMQ*ysr+l>$|*i|~e;tgj{%W7z6u}Kqc-v8^O!a{C(=AyFWUBqHLlrjO1w=KAh~?3m;=5bbPBi zu28n-Ne5!PGqfiYX7~f{MGkyf6^$P89Zx&(e@YCrK!f(k@tp{cFwc&=y>uivzOCUV zKgIY2hVcNyjEx7V4p%(sb<32uWy5J&HlT%pp5(?a$cpNb=lXSbM5!@RT<`+dUi|W<=?-8%URUtz3Z8KVi|H9P7Gkw7081fNs*CGCd#9mJ zlrHEWxuyJLF4bfPD8G=)`+m7TkFO;wTK4~eY28i3&2YvD&{h5)JKK5x&)uDOJFoWt zWt8Rle=;#dh^dg|g+8{T!2f43NQ2O)n;G6WP4z9Gh-DqextA&(@{ApIoId487VU6k zPbZ;?;|xBj>t_x@tLyw3j&3rP7F`;1Z}f9&sX=i`6uZSTGM ze=MaeNB>jke)G6%@S5EKeC#)~piqcT|1%i8YIG~1(LG#~{YY$$9eYYI z+z^^miC_Aq)Z&=?HgPA;ztAjEn;iP}-{@DF4w2SSD=KJc)-*y`upTApM{?~IJ|=Ap zO&4(sw4&orF6a}F#jLEkhU7I!Yw;B8TWF!zX;EEE2elw$U}t&^&epCE$Kio*Q)*JY zELYx2+7s}PzGlfRiE_v%Ev%r2#G~zYhlvyY;`$`u>>p{+5%~wD6jRk^;bQs!&)&N& zw2@?qqUTv(5nHYvBNs{#7~4a)djTM-b3bK%ts!Rz?wS7M1Je_Yl zUvkzZu6a?WKwzjL_nvC3jEu{Q73&u3GI3^4kyn|bnzusU(q+@

uZFd@e=NUET_1 zsZaslt!WoWon~m_;8BULpx?F$LI8G@>%76nYp8yCyz(b+(EKd7rj3K-^|G- zqQC+0IM`~pf7sjKoiRgoJ+%^zCoA&m&sHp@qaNK-6}gS2eV5Z!<;x&uHV`NL^Si^H z{0aZyWE(P%_R>2H`g!lmH44X@FmFro$%L?!LSc@*HZb_{UHfRphRx@gUkK=ThgTRR z?ZRJ((q^EY_iqk9?d+wGr9D`Q(Q6n@N0S48a$0&oFfu47Za$BGfEckVM3kiUV>&qRg zh^XYeK>p>AdJE-hvd=<}mPs_nRo&mVXQ+K+5{1;Ry6;?0tUAdriv2QPCvm z3`S>1tBl))Ae_BEEzyC%K8?9%9*$RpSBcv!|2(7W1JWjC-MN$yNcC?!;_IL0oMUz1 zTnRM#UM2mRxp1K#Cebhca8TY$=>%ngyHTM9NB4CAe+97q5h$4TlIf*4N52N1j=kue zK+mhfJxC3G1#rW6XsIZ-{5TEgQL88eUj-~qnP9+Sh;>WgIM-goDIo>$W(<2L^F8-_mWRfLd zgygvJl;_VctELo5Xg4tRMX2I4Hah3$GFDB$?}TWwnP=}UrkEkc*K&fLHBNQQ-=D`f za-RF&t5$$0%m28Zt^e?}_3YvP_corp>i>5iiapGIXZ+_V`H<(6cQ1k%Zm#e{R#^PA zmVR(HKc@hMF8ScrYbdI@@N|96VyxLx3QptMRTnBW#aa&coL?{csl@+DN@^m;--Q4F z>UyUB-}?I6#smMqjpr8lzv~1`xU>_D2NCJ{7#Wzu8B1+xHQ2SAjth-NR{Y6NYHSsPJ?L@PY1z*{r^|jRyWf5zn`wR9`b+R%5(enpL8{{^zR1Q z4iVWb(~r#@fLMf}Dx*Zwjp868I%Prt4xCOF$P`r3f}FEovXD_e7g=zeK*8YmH(o$4 z=$uBELY^P(O;NO7;bk^-clt_v6S;{GtPhv&*qW&Q7}$)EqPa{k}S#Q&|e z9_oMJ&T~ifzX!$d&!zZ15=brvn9ZpdCRFeVxy>ejK;6}tvzdiaa@g6G+>)`EOvh;B z4|?PguI7qw3|=9xRVt&tb!dvmd|&aHen>^o%lAFyCqzwQOm2K0#K(5SX%e`-5T=+0 z)iE!VR3Lp?m`R)0S1yZbIxE`7wOQN9a(H$ZA0&i({Z!)rZ{Hp5w!O*cnGCS_DT)7o z{=C&n^MCl@f&bsev;E`N;gNW|^=6k@-!`Iwr)ul)+Yh^k?Y(zz?FN$dVw^|@qP%j{wGf|GDI)*Pey>H zVHZ=T*!F=V-O;I!Jq07vQ3!wQ55*9_B-sX3qGKS5r~Y{$zhHLNBX&enlMx5H&j`4| z1@MRo{CyElPB&|{1;sj~mR1t$Ai1s|pIkF=Ff}Z8ICIR}>tI5lA!j<}4b z;=+f?P9oU<E@9?Q`V%(B$9FAQg3P6iN zm;esyC8q*fj#iHS3~*`<08pR&Y`j#??sbm~$Q_ zt>fv)!%5n%t9PlgN^!|QPTF6!B1&OFl$rHI3W}f1tRCVXsHTDn_OL4{7y!i7N3b%B z6(s*xZpZAkor*?v-Zi-3Np=g$B3PHMT(6;_@8mJK0c)VxD@APjdF$})-rLt$fSEpO z|6|{fSb$YOJekJO7Ab5rrTpoqsAzH$_GLZ;A!kgF14IapS&Duf4QVC7 zhJZZ9LYC8$hj(5VL$8QVQE5NfH=LrbKLBOq5UaQU3=E4%%P1hgXtr9p4ot~Ri|b&| zKU)Ch;4(8=wQ;t(c%51z)k3&yM-g!_;x6joAd*=*yMbKFoeVw`-WDbZv^g zJ}HsD(JPHkHcgN&pbobzhW=R~5|oxEr~ZV#Q7T&fii%+!EfrcZ^v|P^tq?&Rlgxp+ z{sqfQ$f!uD6ni^%)9@V!G|92AH@Ncddq1S%LNqL4eQy@sim3`wGTQZBx4qy(=e&qLF`2)0t#gz_@ zBxn<$RhMFd^vW0g;6i}>1;;fZ@e|Li-LU|$z{y9A_}mW%h&`T;r}-Jfjp!3TF>C@A zj~%)5ysBC4Vs89??2v=@?%{{M?Hr0wc?$FMx2C!nA-Ns@k0TtG&_?=MC`vN0AnE}z zL`ou78-xfFALL%6dR<@axixT62tJo7n{HeQ-Ez|xO)c``KCG)xV$Eu_6tAm zRXZ7QgjVK09rM6>bFNMKw?!V1*4lG#75-oAj-&duRg(14uoiyL7L;3AQc3UHnta5< zy0RXd5}V;*fE+D68AbRa8i^6GLAqEP49Lofl6Mz{Tq?&oj)U_s0{&*%iDNz{;=)e= zV+H}{ZkwFO(e#8lB9@*|GOs80MywWKpUWZ|^u)o3ZJr2SH~J&`QB84~ESgC$LBqWW zC%R|q^@56s5(5wVeK^sc*ufcKTazk8WttI72Op9KkCjA&bC%1)B$)yyuQ_*x?gpIu zgAlee_#nNDJ$+S?)?p|4RNJ@>u#D6SL^}kJiR|rvAg)#zXzDTX}BR|I-bwvOM+*ii0}QTl1vm zm=VQwpL{*7Ti_Jv=BO{l7tM<;vT&u@$A;odqK&5nOtyGrmhn zCExmNS9#L(pMk#Oq0qsy()GtE%m46fHRb;Yt)4x^|J};-NF4YRytzxzDRpDKjIboulnKiWCj1D{+XPQR!m2nyhrpg^?B`ymt2hDzsLR={1;QpKKZ|) z=?6b1Wngb-7X}>15r!Jqys#JeE8Gr#s(I&0H|ho0cQ`yjJ2=p*8vIG4ouZX!5S^e` z<=fZ0`|n<9`fR^)waaPAJP8g{QS?Q)5&CMm@qd z4Z3KeXlQjW3}XQ^47=hum|URKrZV1zkgA>qZ;>%{sgPEV<1x=(b>v?z_lEwvn zBEbMfvcl={FU53>b~4?JrkAV5Zj&|gjX%CdgrfRtcqvOd)L~Nwk@z`^2faE^Vn2$` z5Vj!3O_M<2wY@*qE}RKkH;rHHe~2U4%#R=5T=*dG9r>d_ree#q7TYi&?2g%J2^`9@ z03<(%$8nehjb$Ao5yailABdnAQU_6=-snB${&-XOMiV`eT8%_X4%>kForidn?<)+^ zS8V`(G;?CeNcU7Z>`u{Hm%RMXL9iN=MVGfvx@i#ZX0WxPL|TweNAN!}Ov^<+X8@8< zKmIg54gj8s>FrGZ;=%AMjNlw@g3iXo&bWK}C%}Ww(Kh#wre?m#k%)c}2gDcwPeBT; zHN{Ul07A69we|1eC+c9`d*Q8q&)@hlpa}Ls|7?!~+JbO2o=&Jn;LxWx0C6-K9s&h3 zxT=l-q7_~kZ3_4o#zzQP1^cTI9`Dfk5UM%q2C+0JlXVg{58Y8FK@XEYGH>1#`c&0w z*6Ax5>QJ{N=yCse3hbVhSTQ;YN1to8iGNboE%yTr?QU9L>zUVT_JZTkA2nO6&G^}R zt!8RPm32zM?!!dW6{yfIPj^YAP(9unT=XU+5-{jWa&-6~O&9&sm#mFenjVktlxLv?BV zL?6JU0eDK$G-e{lAh!knC<7W^%OsxC)g^`FMAJbJRJpSN-y}gGC=DQ>Dx8`jlN{y; ziM>gEA7Decy)_al21s^x9BhIxs#wg}oE-ikB{DMD!NV z)q$yiZBCYqNGpZY&!?D+BUX{MRyA$U1_HvdR+Gu*x3K_s8E(F&n?B?jW`YyJS!dL+cYLP7eFRhpO<{Bv5x0F?M1VE;a^i6E zB3K|6)J?Dh6~B0bU$aCPs|d#=kyUnhSd#fpgD_6g&_K~b?d~ICU*{35=y%M&T5$P7 zP`OT44S9E>ay(W4l(+ER*#8|)fg0WHhVARB?)Sfl<7ZEScG|Z$&Z2wcfmyNVDTg+v z_M&8@7oe`{K*|iqm?ICP zW%R}>1DozDq*>%`05%6=~JiTuuM1Q5m?IA%-}+9K$V4s>By!$5VWoYf|d<} z)?z@=x&aWh(jbsTL%biK#6D#XCK3YkZJ~Qxt@iQVNW6{CgCS_qqP4y()>hY6msy2A zUsG3DnO{-32dooh2yh1<#=rdC8`shmtD*jWP)aeN?LaxF_Wb4YJ*L`<|rAKa*RVocjgZ z143!i;i0o|_zyH`94MDM`D4QHfVS3x(RS5wC6W%hRN1GBOR^Z?Q<>LCtFu2^tj=n?lj=jVj4scSMAW1Ux?UVcDusbgYeq&F`)iEP!r>LkQs)t7 zf*Wb3VOBwULh7*DOXEX>(@tj1+XaT?C2`Q_*fbpEW7O}5WOSrvfQHkd$_zI9@SLxG zI$!@Z3{QB2S03pl9NA`-5cV_4~aY497%Y+9s}NjsCmdM7Oi1 znLDFKlOjR9)5&n~cY88b0FnE_F;0uy1Wg12jov(8Yfd8h=Q@0e98uoP)-0F4f9t}Z ze?<=XRNwJ>bmAvLJQQ{HTb(zTa64;($ zq0=qk@fcCWZ&!;JRQGBv8;3mn+{@(WP+cw=_ z10>&%256MBFRSHk3bKoVe}TSv{z)7#cY%>HB@{WjBvF5Y7*^|{X)-*XP8{&4Il(&Z z2FMgfqQ2D@d+oY-wbkBhFV}wFJNoh6`y=u5*5TpS+oQeRws?0aw%@(o**n^M_qL7M zh_>GTB7WL?yR$5UknM?|#}sRX8#W}l!mG7|z!_ZG+1Mf+c40-MlPTH-PcXgJNV=6P zPh@i58HB@7x!Glw<2_uy-^-`q{@-x=1&mSV|J_<$Py7F@Z#>-p-^ydV-(ng&U@#|i zZ?ZS)$3Bp!DWwBKYn~*Oo07njqmL_8!#~F#%>DZs=wdb3)UW*rEJ3~8GvGMo86bpp zX)FaOwyP>(o;4Y-2C^rJ&^edbwXlm5%Ddj~MHeFs-b_|t7Ez+!HHUtD=8ZwsgfoL` zDFCdgJP(@kf*Sr%CP(nSbTOo zB6N=1X8D&Z6X0emIKh>a@0O#8)Xq~o{H;;=;km|BK>v;1{F97wn2fK?3QFkz)7JBJ z{g>9pvxofexAOe!UpE^4v+_iohr>;}V@9bSDalJTR3Zo26sB3t@^?`IHSz)}&l;W$ zy}3%{4O`o35@_P@1$`jQ#bfArMwxu>)K4&nq?a1D;k=Q9Sr-Y)`nma1#<67coywb` z;(EcbHraDS)RmSO%5PtJE}LLUyN z6B6vCSu&Y+PX&cwqsYfObP`!R*)E5S8Zf4qbQ;W{CT=C=Sp+4wp0d2V`#BIj3f5L; z!9f&_DQUFe&LmkwdqOZ$X7-^nsp)wpAsRfw$zw9eU6S|I;F3ei!-))Nj|2bAaw$lb zb>g695lp&X?Z@Z>bB8T+N8u1nh;m*kk9DB3x!6P(i5&injt4bv8F9-Y?ul{>P=%#< zXS_06>OgoAdzK}9r3tW|!=87?aY$W8jrfjo;$iWJB#{3C-Ws!w8=8k*@-;y|i);pM zMZ-X{K;`1^#75*v2<8y*2%3}Nf`9{z{83b&txjaSV2TJJI-*(%!%$9Kxd_0lF;W1t zBqV$Vv9bCWu_P}>f-&&oAod4M=_N|b`#kW0A+D_P|B^#!($G`-PQgd%9yKB7F4rU7 zI_he8BL|JAuuM24!#XBX8Ag;nrM33rO$h&+nG5{3u?nvmszY90y1R{3cmKXt*xlM| z*&F_+J`B5Y)k&|VMp@fzTt;!E3j>XRW7I@p|oBPWzeLU2ARaMK#nm+J{sxG;!nvdM0}nW_3)x)RJ{GEn4G0 z#&I~B^hJI5@bKLs79++_$!-1dUoaMEM9!DQUO_$UDSt|&{eM9%lZIIOEdsVwUxxL< zmx-Q1gR~Mq9L&_DtMdPH`A?>Mgq?OEFX`~3OC{ok!TcSinu9gG6}jt;uU31Xzm`LC42bd6#%Wo)w5C;Y2T5jCEUq47s{yawCbWZ(AJIF9~$Wp6a`1pPz- zF<91TG({iRhH`mPDHJi=f=YTgiTzPBP@a&+%@6PQWlS^W9PFcEDa7zw4*ww^7mS{n z1QaEU(~=8@zjhFCSg?g%WIUC7kzOkY6K#f-QHA7gSR^86HpkRS()Y~db3e06sOrV3 z5UUL-memQSNF|%B&g;+yqjms|R?b_;!NfTnnCisov&MopNs&?_yKz9p+H7bBC=EIlq~^ce_q32H0|$UkA{?roKL5?Zz~eW zE06SsHtlZ8Hy8VU!(AV;v~RNWSv^@7Co=p5W^U-TlOnJJPUMX$uLC5hQWpkpX2296 zWC8~E*^TXchMAw0Gp$i4zto;?PX2GLt!L%`2mg=T zdG3t-FKMKVU5GICpOdN}j|?f)>|z5$d8|wd`IN_MAnIIRQwi`zv?n!`7EJ93eG*M& zxz2{?y!oPI-t57P+L%t{FYWwxb%zVOb7|UnWKn>vH|uVbhHRs#lCoN4b3puB|5XlU zNrhEEMvF$#)XMw;zV+$&^FQVEpDIt?r2pUg+Vc$kf42UR|M6CyJ3#+w3P-Zo0oOT8 zMf-689S54Lpx{JDp`(Q;6Z>o%flTl|h-kYw0H+G55Mqx5X9DbVV*S;uuAN>$&#-k< zGrUSdf*jr}$%2d>)ZHi9nb^zHes(!Kk_ACFAwf-9n@nYov1M^fkERW0j-6^>maR9f zrM*j~G>AzSSvCeSMm_Yp;xZh7tQU-`X`|S-{>zMa;FGmYIq4M27-b+ed@~Iy5!1MRNiQD3Ddm+I0%-iz7ujGMocdS00(gHyQn!7pFj{n|fbld$}{o6_)sy)JIZO zbed%m(z@d+mKDD>_q_j4x%{U~+gw=!EXn`dYOST?Kh|1LAN;>=<+&^J-_ML?GUA^F zK3N_LQ#N`tjFB_TNjU~bl?8Q{qMzHFH02s!WmAt&h04K@ChcTHmNEA*+b8-8NHX^Y zbE^cOf50pp^=AC*uf6ZT`;wgcYa7otxr(`|WOis)4|AMwUc4o|Ix*wOB6>8;*RKto zq+z6aAImQw-b5fKUc&H{t9R7nt3a+VoPl=2i93u-9HvPNp$qge_iEoGZxT0=VS&QR z$rHUPr_;pgG<7LsJGDYyEjVLycM%FeHt;Ds4He?zL=q@*!00F8$RAWfu(^tR%zBmpzpqUZ~wpl=l>P$-R<{>dq=+rO$Xk|1)3V<3D*y##5;T=kCt&Q5s0~%0i+j@+JU7IxokOCh6rMkhezFDSscey zZHX7DGGFn+C}Ra03k<=6#R7>zA=sV7AWGnX`yx+Luf;rLRRiAqC90(h!XwC z0*^8)7`r-4=Vqk3gMl5-Q;qMHmp(*d)RNYKHBjo6!pbyArZL^Tc7?@m5+1P97kg6s zi=_h%{gExN2nuVKCbB0v;LWK zv&NBYfCUgRE6)T}Wo=RK1DSYqP>l!po%}eb*Oik^X4M0gLY4+}A zkpA+e@}5;ccm-RKizn)%Tttze*;8I`+!Pbi$t2n@`Pf7;34g$%wy{p%%hhGki)a`{ z=m6$=-Hw$^UGSTU$gZ7f=ugtKR*jvua@uN+gq7ClS2_Zg_+pbBuaOzKdpuIkEHu|M(`U~xv8uAUOsFy_S>V_K5u;z!wWk9wb;Eg* zi#OK1*vqUTRjmQh`W-Sto+cQBAdFs6+Dpwj7_i;%sZni>$6 z9=`H$XaA>oD)@iN-0?T%|J8c_bfcAx|5$&p|K7%PSM0w!{6nS-M<3srfgE!cQLt@s z>G}pzsz7T}d)n`ZpD~>5QvW$Cz$4XFGgVtq6=ZK>N)ZO^fZ+KfP#b^cmhK!%?o`E{s zGXXeMd4#KH5L>B`lCChZ+#|Jm9+zO6*$(>--@uV;iOLi)m}#1d6p&pk!GtINAPvz3 z&4orIyZLAq7elpnKa!Twg2W$IDHJDWMF~4z4uG7lwapcTvL-p-(a$;GeL*Q~)D_Rx z>CbQ|e@9Qj9CMb+1C+*kBZ!gmmWewtPA>dCO(#9)yc|v`r~8to_CyT?)bjJqb7`sr z+^`bSsZvK}7R}+BD)3+Oym=rjw?SAi{5IDe$S!JSm6lQ!rOJ*s?WM+1>;P?hG@5;E zb54zG^vIkW_Y2oVmhI6q)ppX>7@Ui;#LW2WJ3Z-Q4XpIAsV>UTns(qK3k@t9$Tnx= z?+bqb`hV{dU2}XYq*mcf8h0sHTWl+}?d;Z+Nt@g=DC*Ki-233bK4mmLPnGvXG|7Tws3p#s-^i7oNZjn9a@~uD8gSeVZzufmiYqy~ zU8y>bc%R`b!Mr)QOtB(z@^T)v&%xd1Y_HmuM~24iTItyV{{hL2ux zDYx>0X&`%KoXIlKQ=92f6twgWmL-Is_xN%=QO5zt{0HSJyv~r6=`hhj*IbClkE5w9 zVW`f~5xE`o$j49C*5s-OGF!BCKTULTKvOymX4^u}%hXW=Fhc^E`Y*vG{T%v$W6`Wk z7JrhF)WKG$`#6zbnxm#lgy^|)eMWzhGmO5n_lc6|(hWQoEJ=G8mZ3AxKYs`2pfqYTbb(fEuW>VeX>WJ#k2M2XrJuic;W`E8e2xDalk8qH_BrO_iPj zs^AlVgI_#$2s2N}42)|t(<_y&vOHZ&9pCAhp&N2tNhaSZ!k7Bl&{<41Ldw^=IFdVJ6O~d71==)olVE0evYz{QiEpXwWK0&wtg%3yFq2& zti(L_K(@SWT|lYVB)dA-zY0C#7b&qf#{>Sz zFrQyREdI4lMVzQxNffnw#qWO|)fEub+)BKkE!6_MHOsZ(RDdQ0U@B;Bxi7kaN~t5R zH-jf{IEAZ<=+pVqK9V^qN9Im=)^^CwRVe*|MH$lZF!{)?R0OpLDintHqOK-gx8|R7 zKGJGedOGCTex<0M?8;I@jm?f_!a_LQCVw(+Hwz2#DV|R*SxKv$sqOcq_?^Kdz)HQq zCCsE1izVbFZm=iBKph{G=YAeN@%akkYL89MW+F7m+&*h*g{-7w7XhvHAr z)%TDcPqzkxeRAO#0Kxe6XA4B4{-1a?O@4f_*r?vUQM)<9mf>MqIBv(u>9pS;xF^jz z!v*U_2m$np=49%4t zU5DJ}Y(H)ThvG>JQsgpnuDi_81ou^W&ZG-z|FMdSW;89|R@sv(hn-uN9rkZ_dgsLM zGUQgPP2urkaX7147}j-%Qu5sDQ|kX=38$C~z8B8#2~v{(;n~ymjgQ(3G>)!(C`)FNJXF!D7=3kTMZ{I5{nTooy2f#d zZ8ci!-Y+VXG|^X@j-C9M39OPr=yg-iwkc=H<0(Bf&tUE8D+wM!IZF76`3@6@MiWn2 zwl{f=g>Z!Mmp?mqj0DEv-Eeo1B@W^M-4V(i!ke$d!DR{Q$F(<}8iV z5jKRi4bG?6vJs{|81l{S-ww#ttp#(=i5&m5>VD0 z&fvjZ({yuoV6I<^D*i6*7(iX6H;8g}HPlOa9#!W~piJ5{!F&S3_GFH**Ya8EnfK|MKy&(EOJo!G!}G$QfVx?7M<_<~dxL^_Md>6_k{+%BjI} ztcUrfu4cR1Gn3w$ehvpAo(*#|7lF1TW5Y;$ZYOj~3+&;GgEMnHHgPEbL|%PmNTa)(Vw_48(n60s zYcr*uTb4qK*?#dh^EdXM%?ADUY0y10N<9bA^;EU#$BBYyVpq)z|B&flm!!-f{{9kF znnvZF$Q3)Tf&aPvH7yQpHBdy|WnUQudxp%_U|v`+kiBq#4?67iD!d~-+u7m==fcbz z-afGvBK5zua&`;PeER=5N+y_t`S-y*Mu4*XKhHDupEp*YKE!|A%5zuZKeYOPz$n)K z$Ns|Ae+zr>j19odsn`%;+FZ{XV2yP%CV_ka+jfDB?wsB>s|zK{rTyzG8X9tXnr&^+ z?QIpJyjK#UX{L z)#zT(#cZic^N=BCf#6*5>YjQQ&&whk5P44}xVI&0{BJYrH`TjYe628W<_D?=!;wE~ zw(KYxj^wNr3ri94LZ&i%1+JEtQm`eM(or(Gt*mh}K2Q`TQ~H(k(lbsY#W6DrF{QXs zJM$qynuE@#SC;o@F**iRp{02a1WgZ8bk@qOJEo>WYEP}Xq&T76)`q*B8OEQ&G3M=f z!GKZiIT6rtcHH z&2gP&iYN%l%Gski18;?W#>N?u(RH@W`zYJ8I4xO*3+0b^1C+!TR)F^Y!8K4zJ2kd*UBMb=%*%4Q`-G?p-TOjq{26D~fL zBIq*9Ew&A2k#|AH*<6$CEnE4%or$OPsN}2dR}haDN;XQTT|taa3%RCGK3fGQmsv7& zy35KPE!bLPmNMVoU(Hri+|M&joXv72Ke5a0BD0`d)UI7amht=}YyMuk!hE_cX*}Khrq(f+0O2t9iO7 zm}{}>nCb@^E&Ipjs*P9|tUz^)tygtt)SQ0QO-HJaslEUy`Mz9zo&9}*zll>KAjc4z z?)8qU#OYlsjxDhp7OTb*N1C|B3)YUE8Mv#VN!o~Vok$+tPk}qOb#ulke5i`DJBL}G zObaqXC`jLcM^ZKCBk9fMP@lSee>4LK^Ez?mwXcALH|n@`*WIF+9roQmBn*o>nVF~`1N(S%df%QX!+s@pqmzOl*aJZH=i>Tb|@bA!jt zS;BSBnaz>rIameXE!Z%J=XZ{sHDdO?+*LFEk{z|FWZsV1zn7Zf=CuD@&KdeePnrGa zStkDL>1wO>VE?&|=kD2mE^i|A%gyNa?QK7_$Q!l%&RJrC9%R{)PdaKF)}6a8T8xp7;MLpdKTJ!u4du=9KyJ5MRk zTbz|=QH;NQ&R5Yqsnh#y-?=P{r^=U0=CtkP_HkXy&gDG_psH-wDHh#sQvbi1<8^I| z4xg)gZqLaVqwn2rR=4D6YItos&Q+f|?LX1zBwDclPiuAK`D(`h=h^Cm{pU8GyJ!DF z6x(@qGYNnd{@xu!kiFVsdk|0inie5@s2eg2Wx+e2X-Iy*5aW>BSAltGwpqvRqQJ0I zYGO()s@TYM*GxoMm;nnWroQjVpKr^=)TXLw`Nk!FSK1S%0JPF9S^a3dC@@UX&oeSK z&0|BcXHg!EzG!3Bz6A-OlACmeaNmes_v)UKu4up+$E>xa`Se&6i2&L zmb!$}td|+;3|T5O(aDw-ke=HEcb_!RR9W!_TIS?L9&B<|g^k5oks(r4Ym+M;SWVd(RMpxOQQzSv(q)lhRdQRaQ%8WbKfx3cu=SEGZ zvs9A%yEWIhqN**sc{}R2w)?1OKKq|73{%#XbycbW1*5eV zJ6cPRRz(0WlDn6<)^i?g@|MuZ(Dc+caGg_0|352JO<2Fm0yS8`+hdsT~#bwcX*%tQ9 zm;YE}naq1M`?Qy@sc7!I&np|I~qeT%&JjWuiJI!yt3+Fz1iM>&;_cyOLM?wo{x=bFk*qE=TQ=k6c>C3&1B zYs&%%IvQC0UQax3qM=VG z=EHu<@;|OVf0mN};a?B=KW^o@EAsyVo*p0r$t0e3xt5wVboh!zFsq*-7ZjY^*%j0k zsqD7je5C3L~(aRkR57OFe=`t{{^OJ~#LpgS25a1_gL>cZzD z2QY=T(X~nT>sS0vQET{DGZMcg(FmoJm-T6fb!G8wdV|tKdprn-?R!!qsHewpIB8LD=31wy#gd>mfGl}JH~mxm7J-yi|5PvT zC09Ow9l(KCvUwjw79lNMyo04XH&fctIx_!jt|OM|SRXOkHF+Or?H~$7XY$I+mDB3h z$HeI-?~Z@N7vH6opAk;j86wv(nE1%a#8MIj;!*3x z`txUva*3iVCwwGltKrHsu7l8wa~k?%QqkunYT52J!bD7x)U;UBGuIC43-6VWwZ-9h zc{rtp&EJuH{{pj8=EZ0TRG&Jo`{VF~stsE|1G0g9Re}iF`y`?dzlh}2U)y+wTXsip zF&>_)KIQr!3y(Lb|2=)ap7#H4JzZOS(Eo1ZxhwkL?&mSui;zl>EL$F7WwC|MC^m*@ zDpAGTrf(zb^xOd61VGNvkB0wMYkpm|YOz|gBPvcPlw1YuJ+7ElR4?H1H{{vMW8aiTJzN4;9k5#h82IT=j!}A_XN{e==8?p z&Vy{TZ-h#buos{<9E`e`_YxP2MNGyU;XE{DM1$s7T=aZHLkONv#Pva~j4IJ3QO9?K?p^vm_Rv|q@` z@b*QiglKX02LsX#x~hD<^n}k`LA652gzSveqL1v zD3Slyo~@?k|F!k?hxpH1dG3n*e~7FmHdbf4yVtZ@+lj_OeCm%Awk0OrXdEC-r(1vi zM*^o0W;&Y8;<*N;V;UCDs2#*%IH)oa!T|h}%|h9Bc5~g=X-OEF26SsCzs?SrwRa=r z_Y&xoyeHJnG7=K$Ng#h%GB3#d(-1klv;MDt!J;P7eQ zpp9gXWz**0u2%$pV^P^$-t&fL>9ZLdbXe)lSb)ubAAm1-&m=<{da@5d<8FY`7a=u# zn?RT7#z25OolM4?D=R}Eev3g^?Iqp`{60PQ!e}J{26VE5kV?GM$#C$9VAsTBM}Jj1 z8Pqa`x!ROoh`_DlS8I*z;VDOGISq}^y=0<8uH1_m>7wH{&05NH4ySuIbIs)XEGks9 z469!R<0cK5mCN{dZB4yn7SwY79}WRou4Mo$%l`>XKW+cpc>e5x|KG-QclbYE8xkiU z#}VFZ6W)-`x#L+kdM7{+3q-s>*?KW@R}kSift}ny)Fxn)HFP0OGo8 z0&?N?CW^m9f1Kk;YL8|-Z|q-56?gqV2Tq`T)qXNQq?vnl*UO*bf1R*t&SVK&*|OYOo7Uo%NH>ng}*b{o5Wu>$@fjn+Ly&0 z?EvLW%hx_ZTd@|mW}M&5pAQ|(|rov2S9k_2zd2Ryy*P~yH-hw|j6=X46U5f+kPNEnPiGN1-NBn&S z1RQlS5svzi_%{sp9vu7KGjjdr8!OlhdDlHlv^iH^O!Mgh^4gs*UMq?JdLS)k(~BdJ zs7qyRQiecm4L*z$6G~B>QD{qWFXC(=SFx<*95WSVP_5Mby7p%YVS6@7P z*4+sDtH=HB)3xLE{`2*X?(_B5>ht60tE($=g5F8=X#Z)exer>mUQ*cS;ota^?y2bf zpQVqh&42&r_l>1rJ^9yv*nc+Z{Z{k8{pKIPHvjp(d}n@WJZaz;-&bn)UB`lzqc|u$ zLC0NMazR5aqxU@e|8@PT_s0JX1#|t+aAg1UfYv)(_Lp~u-j>F<*`ocoR@)c$l-qy0 z{@6bb2jL{Vsuidt|L3#k+54a88xQwCxANQp`%i|Az=mLKi{-o_kMfM#<`#}(e9VV5 zp;m^OCF5>mfAf?1Mmtw2&SCY}K%FxsjXJMOZ2-W~fJw$7ng6x_E#1G5qh2pe;weS7 z9#4BG!3@tgXT{@a5Oyy;+n?9?qnqjFIgS@Y&a-VZl#I|8KkQXE(4QJ9_jWWKqi;?9 zZ!K@F)m*K+?c57;QRiu|oVSjHiQk&#J7Kk*?FKOqyaBZ?qWDY#uNtJ~HwSkR;Ll6p z4KgU4S<2*63FdOKAi#KMFA}_2S|s?paWwiZI<5$K)%s3>yaJ9NqwrA;+^Xr~K-}{K zSbtKPj+pj$3e2si3rB4LTC!MBYiFsdur?n&0DDeggZMBB`qM#m%(lO{Z{U{T`xbx( z(hr*Z3|~J7E~@nn0$595a;%0mm~NM9lh=fx_s!17)dv3e(t-0B_ComlHBjjA)z-ES z->ZsA@v+~%W9PJ7yy8huC#O*y{z2D+bM3;c&lh*1w-0x!ZbCQi-LX9=KLIdbbNc22 zf5DfFgZ$RPUK=#%aF%be13LI#eQ>w7VYSLO$P4=U&q3k0i`$AH@ra=}-as5gJ+U>N zL`l~l1aZZkIUW0p-V${Sc0GM$y?AHPy91%WmVviiJ&^yE^EGNxvO$>-ingZoqIgJ|O11tk48akc zhHn~!u5yIY(LAj%vB#zuXUn5N`k-Ri3%Y9bi|2p|=2V$0+V|$BO;Y+0q z@4END74HA>G)_XA=;f6h07~LN*0b@S>#c|UpSSbemHU688L>q$djS^Hz_iVPi$EWS zctqcgVc^rSKe6ipWO$^5v|*w@QcSY&h!=loD_#y|+d9~j1OTX#I?XsL z3$o~32=q=(Yd{IJl^{V1CZ}mYx)Dh)JP9mMyt>qW58(u1Hw220RG+Cg{pP_=i-^jz zs1Fk{2+sloXmO!vsqPMINUog3(RA#DIQAkU$7oF!(Nrh(JB~gxSK@307=nu1+B|QG z_V#x5ePmzDwhI6|!K?mBT>(fgm-)zbcCL;P1vAj1o8R-tu(EB-zu8PnZ7knpEG?zW z$0&~yXUK*@B3lzuy4CNQA~f7fYTgDBX@(hSz_xd(NF+&Ui|Q3^1NEHb2D46Qp1(4X zheO6c=*gUf3P=dTfiKI=uQb0ST^3G<|1Mg7yY5pi|M`8Ohu84_ zEcO3f+jyRi|6P0f;Qx6$&s~xKl=$b1BJ5V zN;&<*yLa_;4ukrut;0J0_rL3n*&;x}2>8i34*H;V2ECmrs%~vqRd0&6@V%2!q<`N1 z44e_?&qZPQBTVhEDWgG#s3z`y#?&PwMsDf=l_u)L9GZcO@mCYNA_N9oU`XmFY?k#i zFLTrS#R=Y#tkUTT$D!yClMg=gxsC=Az>N?mHbtx0p5_anC%tR!BX)4J`^Y2UC#sfG z^=-r++Q9(0a}*y1@lXQ1d7t)j#_nBX>%AmJCG8S}2IYPH^}*J~%CsFOOSUYNEPB<$t{ zI!vNuzt>-7fROWLrj7e`X7zR#NC{LInTA(qwQf&}kWyA&MZFDm9h#|c(qYYLuJmEz z4Q(`0L5D7exnRx~_7V+DA~eEc4X`<_RhLX#%A>j}(L32lH`SqW{&?)Uhf#mDDJX4* zL5Iw67JpCk8O-LtY~>QmB13vc-!X&Rl+|lEp;!(($_#9stj)YqHuF$CyG0`_yErS% z$Gfjz?)`eKUM0U|jbCA!hQcJB$z&SkS__&+RDx zJkkPme@mBIoa%4!r83R`TbqB4{r_-xYv;|bH|#BbjG6ZT_0^4yXHQ-Gf9q*$W8=a8 ze;d!={#UcvM9;@2=K%Ui;)7^5|6Z#-60bru=7eJGch4|s4ti;+Hno~=jdzyf6vSZ6 z(2YI>J|-^yFaO+cVv*3E2KK@|8>v&OTm45%gg~6R%eLh(!gc_+r%8 zi}>e~%ENPUap9@s;6?GtN~2agiv3+!qB|0}V3=i~OQ1*nKIebNexr+#sUc)_K=LpMS*k- z9F7MFVfa6wMuU(61v>`hCW@1Q!;@=|9*LvzOT*BT}xU06hSK{Ub74YvGo6A z5bQ}$Mq+F=-GmmyQ9=k2oLCqB!?h%W(Ft&*0Hkc#1=<(*(RQjqd;Q|NCHSWqNS2LLWGotpC2#DrGI zK(R22YK&*|V;0}7yi*dcD`r9~lQ;-gaB2Fb+Tey2?9TK4XeMsDccig~UeGjAcl#d^ zz@|MSpqHFBG^t_o5PO-;=>joOg?8wq)A$(t?2eAVctA&18mSO{+7gTU0GiNdZ*%`x z?1X2VFsdA2sxsKmB*YYrwWhsM=r;X5{6rnBdoR4z?v3ea1|UFv~T{ zDl^nEhp@9b$5B1peZAK{I{f9++pRad@UMe+?Y*OS>fi1u{kwPz(&?u7C7KGrYpRBn zOpk%GO{SATd6RX6(`Z1|89Gkq9fD&gHAF`hdeyg_*z099l_!eVtg|9x7be-RCw@S3 z_1OnX7Az|Q+4Y&)NjzA_-t>HtytwmvnMbYiC;QT&VI4X^fy}oH?GtrUeM7-4Mx#9L za?Y)sxzg&pZqNV#{>hW0aQx)Srl3N_xRY`l6L~~Bw9Uw7I)qSe><=!+u3dw^l72Wy zu<0Ybtmks6h_(UN6UO#b@+!$3C!Y!hCBcOFSv=!YIz~8Ei*UgtuuPA^W-GCUU|=Ho zvYK^tG$^Nl?1U0*l9E! z^pILe*Bp(D$XLUE*yZ%fSdEBI=g>b3xF8txOi~Jw?s(Z+p(*6xtmXgdh#_K_UgGzCX( zgeN+i)HBzn^nwnV&w2ov=>5rf@Myoa0Xy?!bb%F$mtBT#?SVvM^{oO90JawDemsnr8=NO%Z#bM1iUXpbSWFAY z@Xm)Q4M`Dag=M2A$wo~}Hfl=QXeHqgabVbhXfdoTS$X|_Z>Kq>dO8z03eA{DZsK6p z)S6T%oGOHXq`OCshd?!>(Ftrq9FRCQ>KP&%I`*7WyMKYdGMP#46;l=nGPhP(Xt&sOXvXl4nP~ z+>!6RC)P+Xy&r=(P=2@!9hSh*a9PVv^CiuzmgyB;AzltI)$jPvY$NnyhDP{5*_UHK zNr0yIpn>``+eobt8fnzZ_5?cc%Z;b&Yg+PqceJ}H-i_eM<)M+>Lp#P8sdWw#Gv&bZ zY+4>q(X}H<$WI$~4sgXFGaq9Mjo-ALp|w2Rk5DwBQk*OZB)kn+Wj(V(v|=NKH${Dz z(B|;YAtkNDJDl03XgytDhkqcnH-#34g&y4bkq$B5u~5?FO`*0RsgWgkcXa;2kCRO+ zh4N3^pLSk}N2;`9pd8b+%Qi9&@`NNqBE8)dk7>e>)BSvUf4J{7`>l7}-Gr9BH(38E zz0gfu-(S^YFys77wVuB|=AB21v^PX((BVbp^t1jKs+of!HF8?1-%(LO^(&-T>UT6( zDEX1j*H62@Z12C@`svf||2{h0`m}ZUy4|7ZMy9CTsM+LRn$!oJ>iA?TEfmB)h?uK^ z;Lpwz@3$lxbp)|C(OHSclZpt%ZXQ`2&RBMgX- zKuUudCL-PmIo>Y8@zJMH!R?d(iH7}z+YkTfg)v>YT!H`vkgOpj@yraEjPYy%mct0+ zItlLQ(Ez3+0`J7*bHNG?nS&zaD~UWM_R&yNM9d@>xhc|c+9cU-0u6Ws?Y_7&h=8B1 zV7ly;Nwh-qPgeS*0B)9oT%*_{v75yzg*}XLdQ&E+aWp;QBM-6*5f4>R7s-ljj%OC@ zC&*yVXsnYU1e0Z!*~tufHi|Ar<`{oGo}T1N!g~Jt4-Sx6SzG`2=c_2Uy}GoS##z@( zPC;4+o)7ZrW&T=dk7%Zzcm-5+8Wa7a9hH2E+A~0jp9_Mx{N-kLkq6bg$p7TMIzm>C zfjsDV$dzpdN?KMN{>&0Xq>N2!`*g(91zK}jBk-u@HJgCzLX8Xm6 z{E*`CrFDdH&jP8m_QKKU)*T5nDQ77SIS_lC`OPthfv9>86j}2#k`!b^D?u3s;o#nq z{DqWGw!o#MAWgbG>D|EQB3GaSS!RkVUm`xDq40B4e%v%4SJBC`rnjQr8Yql?#DBvq zuGY2uxSk3d$(%`6@*L`d{9Qk@4f9m_)+su-kw!a5R*c^#FKPs?{G)nPEC zG`+wVeptuX~sb5?eA&eT~-@`1R3#+qL^h*%W4l9m9f+63tOxgCugKCR#D+ zx+Kl3wUhYV_q(WT_>(}2(asu4KKT*aIul(&b?4j<2V`DR^TyR`kxMT*QJS}m^auJ7 z$Npss5;P7hv}6=oS!EDWr!m(Dlg(_>R0wA`3i@u$Mgy(!7KmNBGCl6t?DV#L|l01scFC+4zzgWV?e+MAr9_ zP{e$18B&#SlF!eyy<$aC3Zfgz#)A}!%@{~bn_s^X z8Y0xj(Re!Wx{#GcQOT5hjU3}Q4|?DO2>{%q^l9-jhtd8w*9M5U68qh zXxg%aENDlGdq$R_s8r6{p&-Gdv$BDJ`nVtX@rchoAypngtC^{kaj0ohe6D1nIs{K+NN12kY5yyj*(s*gZ{H@!Ap`h#eoTxIQo}w!^qFW*W+m=o@W8a z$G5L+mu<5JAAZK}4vP%1m>(3SRXk+b@HdH7S{>y@i|zeAn_=Z?p~kX{2-{I&QIn== zt6?3@cHOdyw zzplSl4pU!^)@ra5kBzEigt#zOR)ajj&v42_S&MviJ8YkRr=tRbzvK@lr&3vAeFG0Q zUKROLuRCI5h7=zOgg;QyjJjt)MXf1bD^k|Q#D!>CoCJC%>@uOu__k#VzT9OQOPN1F zcQi!G>WtdHAtRnc8SN(GJoFtyjHDOnnspX{UW^FgQOwwC^u-Pf)r_QB-P>=7(UQ12H!HK!?1uxJe#rxA<*%bAn4&W z0crj*DO{XH1P1GP<6wwd1Kt~;0G6@yAyT;gqqeeX#1P(JwA3D_Wi$ILwqncPoj0)9 z5U&80IkAb)tKHXoZ^icR;nCg?d)r$_yYy@A&EDS5v!m_pt;y??t&6=^TPJ(}wYBGO zUxepp!K;nkH(RT(x7)wJZtoqh@BCx;)%L~vtv5gX@_GA@t^ay;^7cc`^Ss(`?QVR2 z7QTA-Y~zQg&wdJ{?frj0-I(m0N5kIxmjC;BZ)N+{AE)R4J!*AV|NE%_;`!wDKMr5K z{ptDnbDrJq+nwy(=vY<(AO=0=F88p#B@PbvK0ue^r`=!ll6RvMSnAeK+gtzG-8$d@ zrF%Jj(O*x_riYjBPlDj>IM_M=<<<61_vH8Q_miLf@v}dU|My1!MYR9>_$e*o5IN=w!z>sS03*2iS=!%goq*gBka9> zeYo3hfBNxV`v~vOo1_Lw=`H<|@!oPCNV7vnutAd3EVUd#r2-QNNEj!#I<6dmpH~+_@YZ18yRM3EGJxQ*D`LIH_}yIRPZf&zC%Q z&^ys%OSY%b9%pS#_xUy<$*V8?%fvd>`YYnu9Kb?98lwYsw5jb4M&9ImMR|pyAx~K^eMC_ z`%2coiB}jH+hf}HDSpNKk|rtf)5$62YaAV@`?7*nSRYx}c;-+2ecod8zr~AVAU!}1 zJau2RJ@CWfOBXJRfozTRwUR?)vv`5RnY^vEuc0goDA64>YiTpF?%;uG#34$Gti6#7 z6&@dTzwFQcNGyT8+MlwMjo&**a@Uht3P}AY36X<51UkM;yLi&bYFZupw#-=FJm)Si z|2j?W;{LnWpZ0e@>^k>hJG-ymzh<~@4M>7zk4$$4zSJAu_+vo~v~5A1Eb@8lS69>t zoaEefY`^IUsiiumw*>>*iCS1gXn}L0JfDwU+gEVt(~lP_iTQf$T@bTis+!4+AP&*v!=EQ>3EZ_ zD9DT4+*gNl)U%UQlR#nu4Ht-P9b_8otaJqZJh1HQpsTYt)%zSmb?UJA7G5`poW zdR?~uVMVfNCsF`i3Iwv`f()OEQx?>;t!mlOQn@`!4kprSsrRyD(#Lh*_M-K#v}$=> z-CA$8I8KO)A|6=3I`{a*)GYr>f4~mIGE5~=FtSlgSy>KZbVE4}risB7y;4>k*&R>% zMoP$`|Fe=Cd}G|}G@ER1Xi8jsNn(KoMBjE26zKmVt;z=dOk>IJNtx=Sx)q_vg0dwO zbsAmDP0p^-OP?$vRh5oc>0!aH%n`Q9a-shSA%gpzjRDznlz);U11-2PIgFEL!Yj%e9;F6%~^?&dGYnqN98HD zNOyQHCrxg&>Ig4-X>4nflalU$==zCflC-mkGf&;IbDq#k zU0uYe3uEnKLsAo#6_2KB_VO~3wj>}qM;7+MNp$cUUn0y7yLU7B(3imUwY1`q%}H8( z(>{7V`)f|sn5a8o3q%r)aKY-*^l_59_rj`n(J+vGS>#drJPyNd9BKO;(LR8q>WOXdo`x zM?-yLkEMQdupr;{mx&aN4KUSRDR(qT!4*~r4kqK~Z zs7o*-B3nM3I*?epd@u8lRz$IW0juoTiN=(ZxNY#J_#6FiMz+_KjMi#at9=pZ>?Y=Z zz5oeeGKIMG@Z8Mvg>5JB2W(XHDv!A0cMs1zkA^aBR7WO#Ci&)2##D96_gWs$9rjdY z=}5K+>Mf9 zf$d3zVNlxx5G^{hx{w>Cq6zKqxIB?ELQcd7as*uhCjIct_2izYq}mSYE_QYg4tMd6 zbZ3*KyyE@V<#HaLIiK8(nx`;92fEneAj8vaJq;O+nJ5X}HdX2P&|qknH+Jct|HK0F~6W$jSuGdSOB?MPf<%%&8AdV@&VV!I=QK zmH!So!c-L7Z%#7T(x~}mhFE%Yl4rJOMro_qS;w9C541aM3brFyRrKPL<(ps^F;MBW zK)cH23;IYo5b2-<@J^apI!<$0sS58JK@$wg4M`hhWJV;CA3QWNj4G>U1rt%7q$guf zgoB3{F^Lk0BxApuo=Me-=-VW9mmmeU>rs?6IL$pGHZ!$AZbu9U}h|%r)Nz>_J9-F zmYo3zG%d^I{-9w=ibDTdpnQ1Z%OO%v20<{cOTgq!1Xvs&VBDIMWZ|<=6A4FbdZf8X zIYoPh&uL)1v$n*nz>|7k!76uW4RB=>WAx%o5pkgr>x-45>`oc1zGRXvrQX}CQ)!ek zjk2p#O>buvMbDQ^Mkal)+M)Mmb-nNe^r}v7C#ltOQ$-js=UQ^=uWdZr^nDK=aUj!d zMH7|l$BGl{b3AeOjuDfQ%)Po4UrxO@s~hXP{B--w>aZ#BYZ4>A%WaAbZaxp z?o4WR`8G)qoaIF}2evowiWM@;xKr;f%nXjFX&Fm(qE-iJMa|GFE3wj2NzQ*WYbbuQ z(m?8cjg@!lR*5EyY*Py}sTJ-UhQUy<_D#;d?18yYb7!pHyQ@=9pKklY)hQ26?LUQn zzPGsKN>qhbmv$U=I@wKmp;}%F?!wK2Z{w-HIyEg`-A{o%Bl{WdiLn(Ai(fc-8XKe%FVBC2FaXF zGj%!xd%l=mNaHGoKEdx-U&O4{Rl`i+QU@3SncoR|sb@fr85&39=|taG!NENEsoh#z z`LCbaOgFEwFIAq(dpC)J8qka|`jex@OeaVBEroQFIk=eK-|Uj?*_$|WYXRPG+K#GL z2dxU$Ci&gnTbsK&wE(lWoYm#YVqb*%mF%{hJRaAjKH_|Y;pB0mS$lIFNAkw&Mpswu z+?kEduCH))=A&=3zRIi9AxpV(X1j=k^U{$2T1Qj&b<@dYRvetpTyh%Gm|K@$dybP1Ic+3{3=KodAqCAS?JuXlP%b)L z72pCbQ;fWiSI|TQ{m)$8%8bP+{|D>9amxKniYI+PCgcDdFdeCZ}nt7jZ*LF4#*9&%;{t&B<6<6 zIRHPoy$;y?c26a1ZBcNh=_GZ`R2ZnW#3e2=q+I5bG|X%klG#IJNa>E}=qx04yGBhvCMmL@8$&P^(k*U9dT^d_8*3jKtl zk;59~@^A2&dv%yigF{Whpgb$*vhnBsPlSzT70z4fJuDywrn$ZUtS z>xZk}SqHOgJUPB;R}2!pvmR>KcyiXnCrDl}z$MSV0u(H8p<)TwP5rocyV0@$NS@474S?#z#NnOz-e@Q%4 zj61m<*j;IyK|{60Dk-(ny?g)?FIHbT04f4cS@d5DJncUNd=NZOpRRZ8pEUR0c3{*g z=)!dMZp;oVc)u@w;+TO`75KXDgbZGl2(UcZx1j(W*9#;BKy$DHXf!(Hu4H%Vhyje5yrp*j*Oc=P@|Iktr& z@W|NEZK^w%<0Q;>OR64qnM{JAIH6EdSzYlCcnV+P0Z4F4vySnWQSM@YKzNjbR0eyP_7DzzTjS!@pE?wrPW>gnfq{=Oc0$+SJlAt zr=~r$!ne`rFp4r(LI*r~blLv+HdlG&XKvavj>B`{-6vVF2h~L`ZuN%?1Oz!Do7NmnXLiNF$T#l`LC}r3q zKSmcR{QBE0d7cMjm9cW)P`NU6l&x9%0;%++Rl0J(W88_*%QlL8GLsAym6A!5I8W@7 zpK@bF=c;8f@<-7!=LlXF$q*XBzk*&k9WILjW(!&tpXL9q@gEJ7lsP;ZaqwH;ng^Fv z7E8`ASj=z;nq*IgDH+GT28Bn_$kzH@@Kgaz5qN%w#mY)91GMF{Rj?QKsWRronmE;^ z*gklVo@c{gh#_7}L4pCwp+88?TIjUmH=ix9NNOHnIVYIl0p|87wS>v8WDJ?}ZT>~} zebL~HIF}0^nO}S-82Fb!P@+*U2dloQH1MK_?U2x5L)v>6V)y3(NUX2AH#s@r83%Dl z7LI(tsICsE*`ER~@+rCobisq9JDN^r!{>`Q;%0v$_y8m}I;o$s;OYC}U>XNUr&y98 z8WhE^{=m(|M76v30K&u7N&S=sPco$dm@@FRrz%e7PXwNVJ9exE!lcbtS=b81P35Jogkd_{;`R z+d3DW-0z*PBzWXke*)y0VT$huU071^V-%fLyRN`%K>H(A-_Wh)Y=s;9CV2O*K1JZ6 zjBXf1A(Q=Yb-Vblqv$LsNc8|+y}>3zej(&10Hw2l3MMZs1^(?lMfM&{L$Wmpv0P}U z;L~hZJEph{f&%*xK6kSCncvDY!}T&-t)i?ej^G?{MGJ@Ip#S$`Cw@E646pdA!2+hM zt)ir#_Z2!b!ILTyTHcjik5*owdt%Src3V|u`MNusC8(1`eHaT1m7e|BpCeb(=L?@T+G2X*$ z!-7E|4o9;BZV^2Ek>Ia{^;sUc5^m*p<0wfmiCL^`aQVXsvzW2Myzxi=35B=imru!dg>uhOf2HChRWXO$)E#&H0Z1J9u|F6D+WS(b z^9v*L*TsUfZ&Nv=i@HjM*dE9}1Xr!SO4^cd{S-0wqn8yu8hby3z?y1=oqNQ{D@M*@)Q zG7u-&BUj42<4+NIrsEzgq>V*kf|JWqg@U`vr7nr=gS3kqTE&e$=oKFg2I1)BJprVX z51u&HCcmp(@W@XE_n5M$TG=V@BT+$Lv^l34io4 zyYpGdkmDjnpC`+rH;pY&e)|U?k-7!6QjBmZ`>Jx`d?`lGx$iq}HY<{QEbx$ly;5!Z z`N6||7bIX=x`m*L(lzCSC(Py;E$?cp*Rvsz&OwUY%N7ss9Ij-a!UQ#8FX$FzO)Tsx z1s>VQeTGmjcqo0}?&oooOesD7RZ{ldfi!(HD!$HBcH#+z{A~lZyeCsU_XYlXC^CU)d`e&(1Dq%X@PAlv?f< z6Q+H^3~;%VD_TiGuG!p`v~O`KFxgbDHuK6}3ECrPq---4OG#*yjg<{s8AQ)3oKSqHK^2su(z#*&^y%Zg=R|)Y;Q!yklcUb-SN2K<7K-OA=ZkO~=M2K-d+t`=mdi0v0OBoYH=)jS3U@*e~$Ok;HOW0_qAH-3CWo z7&C3~)tpftb(tLzHivF+k0OZsw@)dNZuQ>WL>6vY4SLA0A?a zKyCvRt=+(hn-*Q>z^>TG(mn%p9nGxBUP)50lvDZj&Fx90m8fYHpjp;&h{|ZC=6<6F z?5fzMSCWrr_h3(eSI4w~*)$^2txclBK1!yw;2Fuf!zFIHOt#mU%iV)*JOoxE|EEu+GC| z_Y|NA3))h6=(sEK$KeMqFxAQL=7)$_p4X^`N5CIq6os>YKF^-Q}#6sJes&!=aUki>{E@ zuOh>#^S>0>ckSw?eLVE8bPS2@fxJ>_MXh8o+riygiRImuzla-os;*>KKJEX%y>I_+8`lxupYvDfc)B}D zPwYIK&dq+kyKa)U*~!CeyPcgg_nt^LJj1k>*F+uO=3~*uFu$$N;5ukyvv?@<>#ngU#x@BA?~2Q z@KnF76Brv!pZP3kID%|O1XE?O$Wn4B-dXRQiV0h*_Jr9dK)pOmtL=mJ9@=*-5u0*Y zBS?-%cI=pVh#9BR!cS7RX&s&IsjLf=G7l0qzbAJp{&qNUp+5q6S76vyi#V91X8Ql8XG(gGf*b%Av413HTJ{r+DX!FI6_=Kx;PFQP9x>GO5b3l{A z;nb^4^(r`4d&+u3DW8u^4M!=3S&Ha~upG-|m)4Vf!|@T=j9O3f4aY}dGip7_Hyj^< z&8YPx-*9{cHlx;)e8VxvW;D+Kd$Ll>Y{twy$@W6;iDqdnxhK`RE8pCD1eTUQ<8#fe zM__4bJ;^t>9)YE$^(5cin#Iz}5hk;mTea5sd~@p&SX#Q?m1}OzXK5KlT-~Rh2AOMa z&2MSxy_vz@s^1f%x%CJvt<*fpGq)arrIj5Mqq+46EG@7aFa|vHB*-_lgjW=%c(}cG zfV{v})|pz_imrpHH=^#5oLg{UlQN$>y(i?sam3vvE;KNQf&U|OgK|TMbQb6gyQz$m z1*VVh4B5JWKhGRJIU+8(;9%&YJ@GpFZXxTlFkpB?BBb1h!6j41P>TmZuu5VwaiMH1 zxhJ2%Oa&vVM-*3&vXfjQlOT#*TbPe5_U}0|I`~?rKWMFf^2X zd~OaT@F2xz9Tsl)uJ*pXa7QjHeJi9K9s{Gl>kIHxBayxpsGhF#tD9%WGRf2p5+jk=oi4iEO#V#}eKXo`VDItv!Xe&cN<;Xx^a zhGnm6CGywQZo%0*wM*jy4atUK$xbzyTUYEHnA$CllLmqXzBk7#4%)RNcMa@xY&5a3 zY3*|R#n^7)IcgP`Lh@fVPykgxs=pxNdQ-b3By(eX6`A5?)K0Y<4(wqGH>q`h;ffjv zh#|K;{Sm3kG)I$^L4b{~r3XyWnc59=4;0evig=RL2rU^^pG4wwVRB9#nC%vlxq*AV znKXy|S)4Sg1)j%A7!4}(Ri?{Kd~J-F3k--YT%-=&D4a4Xzn+e+Fq@SSZ8gDb5)Kgs z)2n@ByB@Yy1Klsysq4Gr>Dcn8n79y>j*5}s6-eUvErGGXqqdX~QW2%g z;}cMp?1~r1^`S>HN*qHDXf8x~tl})9_UD?2YD0eyh%!twh{l)`FFxqJuYxA+Hc>y*pV(2HWFX{Pi?Zngf4U>Kt#pm~B*l!RNV_=n+jP;d z0-_YHD=(T5LsUf8VG;>SQu0rfO0+4;!9!Q*6x*ImygPoIM#aiZQJ4eO5ETt)kz|nG zb=tB$iDV@#stvu=RSFS33~v3x!N0$uAK`}S7nwS*5~2lzzo4NftmYYdLbPb`s|S)YMZ49fPCU71f8lF+Z!)de1s)#kP4g88!eFG#IJ0&`lX+1TE%{8^t(~_eE(< zqY+4#-xmKOIc)j&#J}JTak?XJM7r=aJ!M|g=+KM|gE88s(@5F1rc*QC&1Cy`W~5ca zIgNDwoxMz)4|%f+(G!jz5>GK4t8U9_@v}f0mA`FnZq{|sNUbO-q)!9ijX?q$SX`bg z_q3u`ms|KO8^|!UCrEsOJ3C?S$e}o&;E8fj^K`tJrv=gzliSFH@-&}j#gyhuc%f9p z6;OOg9kueUG<^_S79Kp~<>9f7OE)N?E$i5i@iwlvZt?s;EU`0g4taEhF|>VL*zuU~ z7S`I>@mm$y!{Bk0M`dZ{6*tom_Qgvz!C*TH}2=DhIHr<5-5W%WW_Ff$)a+w6`PcL zO!Z=;qirPO?a4J}aY$DXdF*vpMO}!z>ZrRI5n>_QcQvH113w7$LxV4t^3ob!2SMbh zYSE98U=hG_h(RGEQmvR53ESqFm4~V=c*;^1cN0TX=&7tQm@IXv$_`!qrJ;+lKDNrvr--(`S z@8bJAgc=|1q>x~EfYY?U)`?x$~>Pq+|$OHYBHw_eUnX?JX2IiL$(xlvr{ zlm%Nf(NzXVwFsmoK+fI4ujT>zb&uX2_xjymKc2Nuk1q1c6;m3wBIBwjTGc2mKrXPe z5BdOx-~}Cv-;+*P9n+MAd!@?uF^)iYPsqdS11JBvw^QBS?|0ZNH|LcfcwUm4z8hUagX^S1Ea6VDU@H>P77qOKC&b*#JPbn{;2pGcQkvSCyGr zw%87NOdZrxI{{u4k8%aK0<0*;KHav2|0g*}3p&S>l3J@JWu$MG!xo`Q7>uTLiExb$ZV9_G8kJGH z3XSt9&11gPF*DwtV?uo7US2vOiwZA#O`oXy0(|F{>f0NIB@iZuK?FdvdL!fq|bR~Y4Ko;Nc{D^r-8%9Kuk+)Lk= z`^7X@hd?xGH* z^MEXYE{lKei>HV7gs#KHt`oIJVUR40NhlDt3=f-wB^U2F`BgkuNHs}d4W8ye(C|Yj_fCv^eefJ{>Z67EkF*vk|Ven71MVupgtWjK2If4Dvax@qs=36kJ}O;I?up4AJ75yzLyKTW;cq zFYYp{5`!@#Gc2sd`A14Xhe!i_!)nPW z=z+Xu`E5RnkRFWEJ;5)PaWxE?{hvhrte_7?WB2;gw(C2lfU@%@SJhyZYp! z9?9$o9R{uUzbDo;raT*7+j9nsGagZ=F}J7jbxZu+v7_iV2vgx?#9JBJzah#ucvQe? zHLmt-&`=m@#_%veoMrKz5s?j_gUb~orcN&`4<1Z>&YH4fr0>iM4Y%lPkD&T*? zp26G@*fW8Wti%}9lLxrI zZ_Hop?riHAnK7T5u09ATXMx`g(f?Zr&wETEE-}xMidmZHi$#M}^zXYXHMpffEPhE) zlETnmNMNf%%yXn-2J-^3m`Fw2&j?0wuPz-)O!jd$8CiqoI_8+q6$pJ%jyWnJc}SBa znr(Du#vH>n&yV>W;e}_$9PdZXkNI@=TUIk;E?yJ%Gh;r-G@hMXxEP!d^Enil8kiRZ z7pao8Ou$Rf<~<7rzk`xf7jg4u9k;Eej6Sf3*X0)WLe1!ueQdOh7i#{dfU(gVV#ifu zw%lx$QR7D#{LCFpG0`5uVPRpW19YQ}9hUxGwMUf}L6sbSIwLcV`6;^oC2saifTbBM zDj_uS8dSYV5V**+h?j**T13}Wn&K6kPR)!oXPpFBSCk{5n701 zdd>|+_2oH*WvB&oz8nR^DW2D3g!nh@e*0wII_h@MyX)33?e5vSb$s^beBC-cdj09Ves3!{Q1udu-vW) z6=byw+5(~|+MajOvfhv=q@d30D=QZl7wAbEc+QGi&Kln}Lx)9VV=a-EXp|JPfdx~h1jz4_y)YSI5kVv|0Cnn!San0B0xXKJnGU>;&?LS% zlXbja3E<7G7VyL;Cv3Ta8QE7{ttO1b~nWnvqB! z2(%Sa2MTz1>%eorwogw;&hre3G8eo&i%4>sCURTEc$RyXEIAdQiZXZ^mKr++cr4N4F+^0 z4jpF$6KTp1Vh}bINNX!AN}5AF4PU1T#{$+2J=Z}m8_rH5RWYTx&J!S%-_Q0PuZ8M` z)enOyo>5*00qXuMD{ou?JZ6Fa*;9abQmnUXT}@#cBvgapiCUa2M7t};cS76S00f$Gu%T9O;xuSd15G!I zfN*Q9XYVIhp*^BLp&A7uXnU)*+1f;rOG#&b$6#%I&P*pG(j_#lbP(D;Q(rMGknh}L zI8&;(Zf)v-(_Fm|tS$ownlb#r^Sx!K%YBYDC~Gm#OpkV8=`>F8#rql4*KT=!$Wyd=cA zxyNqra8{1?S5}(Vg&LfLEh7GvV6KbJ3tD~Xb_^BHxr@)EL}6J{-&xsIfUFF3pZ0~h zXU&*rD2?2IITTijhw?|!fs_N$f;WMdR8usoECAQVRS zgmW^9D4gslZh*C*16N)!usvkV2@DQh#lC9=6UUFP-OIQ|l~Y%&44veL(1=kIBjGW1 z01Hw=oJkO~b|9sZ zdm+a7n#E~937s1^m||WHN8zunzvWIO=_)jMXWx;0g;JL)SR%w{{Rt%lhpd zEMhgpJj{kreoD?~et>DcwSx)K?)b8DSs;G7Qb1GK^<&~2--v@1rE(-4IH^43=GRDgYD6k zSD$-5v(#SJv5$mMS!;Vi1GT;Qf!e;efy&D3^ui>m%6rR7i79ol^|uQVPx=`;1qanHHgKciB2ij}SQ?60NSKWe z>Kw=kC49*h7e%C6vfL3p*`6>rvBC&J^xP{S%(EdX0?GW8pj7Dv^!{oX=Otqt?Bj2z z;tL|gNuO+=sz?;HFEQTG8v28Qo1aCqi>*n|t|-f`=UZE-EIbz+#?K^R-MT@eKpja6 zurQtASyr-Bw>rFbaQ~O7=uB_Mqyy1{mW3@`7BD>PfY3^>3CtW(4H8)O60IG`6i9U* zpgbqyJ!kXb`5yHf6+D?FafD%DLnql8?0h&_6}un+0IhO)ScBQdNEeiv93KhVlNo_s zAFOjzfUnUBX3!YEUe&DyZiVCRJ9eW+%<`5+)^ovf&xv8uMOeD7=X|z5Ujwi~ceDv$V$$9(dkDYd}_seQjiZT=H;8QRnjto>JGjcrwJVV+hJQfY|-LfE;S zdK9A=W;^BBL;1~)MV>dCU;+(c&b=aE<>ySiGBWFIBD&3YA{D?<3;GsWDNv>X$pDcj ztl6Q<4zcX&doCu3x1~r;Ld)RHQ)s{!alJbS@4MZjv;N1<+m9cPy1nD`Gi7L<&(6?< zRdW;YLQc81nnUYHXLuc0&t4z*&)TQQACFJlZ;u49AJ^Evq>yOIW=d+8%lgNPm4DLk zEHf*W@``^OOY{-jSFfIBJ7%t;IZ(cOW|({CdUE@Dm>j7ec(yy%VSG3+ai%<5SB3}U zTP2bWlrEKLDe(<=c(my&i2Xvw#M?&3p=0<6Q-dwdzn%NmS#aZ!u$Ei8fx9z5j!x$J%~&0LT_9)anSji`2+T28a0E zBbI3Xk}q^_q;{D0we5-ffzNI0X6wRQ<);8dhryjS0KJ}7+NS>P2;wV%aA=t}#txD+ znA=&HRCNcq(7Rj9nAJG?t>~I5wsA0V;UBI*{eV0Gzx z@w^Q5eT*yb5AU?P(vW!0`3RL^wwwN3aL{w20ec7F=!S?)-0_?Qm;#-V={cVF@QPkA z1ht0FeSoTLcba?`baxpN$V{O^k6N)gr|qoiSQ22ssIPM`_B&!h|9zQJOYH>11+BFK z9)*Ksqtu|bH@UV44y=AOgYlFLG^KHX7-QqNEaeEs<|L4O+g{-l!P5sk`Ve=oxxI!~ zr0K%Q>PpT(DfJZni((?0ihj zv>)WpCNL4|8xCmvY?eq9j&Z)|1K@D8BTbJ8*A+12{7(@M&TnF%`_niG0mIbU%gy-K z2I`?;cl?bHr}$U1Z~On6HrvVRY4ZT|F)z5<;5&$bJ_i?VynTOs*u))m@5Z4cnr-^; z4y{bhq&sXQx0%?!YlxnpS5%8kN!8bYRkrE?ab=~QCK8LC9o=lB@ymYhtkK!g3G~K~ zoRyV>U~(6_SJ$!iA4B;0pSVu$TCc;v9szM$G*3ZxjID-v*I+zAtRvom!8dFnS8d?d zHLw+)rn)27#`s<^M!dO^H3c%T!{YXY9Etdsb&JbDYrD0{EV2gw)L8q^73A+ROl6-r zGc!IViQs%5I+K`fa)8<9QeJhrx^WP#m0vjkZo;DNKe-djF)wA=@yg2oLz?m}1)ET$ z4F!)Ci8fA-501`yM@>NU?<*_seGlCRRt)>nQx?!P;K-$$pMZu_i%eAKhf zyVk+^+2L^?v_$ypjnzK;)%yAP>~P(3T-w(FBM3L9>40TS+DB`p=Qvv9;$WYj`VXN; z{?!!I#9d*^LRtnuYa9cQlh6bPSfLyvT!?16)B3ls=#j_K$uhI>Ha535H}`gTt(+y%&3XJG*-?Us#*)$L7m_vo;rwiQ$>Tf)W1PCgQkNR1WVD z6n#&1%33Ir_xC8?wEJKW;Rf(k5Z>*BS##rf0WfwSU1Z=B8DY`B^<@Q}*_yOVvoCFt z73N__h4wA!d698@*x$zEs_o{;8Gx8-Zf!TiZ6iSCqIy->N|pV+)>dmzZDkXn2m!Xw z1uqJ)6$Pb@UUI-=|gSc;d+K6lkI`KfGZ z9w|^w*!FnH_qp|XMG%R3WXuj1OlcbKrZCu>5~6H!n_3(tUZ(rWkpl>1P%&Y}M9D`= zIj%VWW8c_K+-L&*mp1ic=HkQs%AgPoAnHcY45$pWk=?S6W6MKdxRGEuGT%_bqYaN> zxC@zQ-$|{@4OIuPh!#75D!d4sOF#;=TF`=lT0%omd`(u|A$G{{Wy6ke(`SR6d!xi% z#~oiKj7A@u+uNI;w|9116aQ)jK9NTp@`s!gP2TmU(sgtO;!#ER<#-AeVx8#_ZBW#^ zsEE%YGQJC2W)H}f2Ea#F}7iDZLK`C4%s?}dv4X?6@emBweI=?TOz(-UKbwR8; z31KC@v>N{&0fj(T)dKWvO`_o7agG^q(?E`<>`4Q+PxW!5Q=Qi3)bo7mW=m;?lRTgN z;nX2l^n}FX4qI|AEWLlt3AO7D3Bfu@x}yvV>TLz|=eMCJEJA`NctU`a>!oTYEd?wuu|cLmM}hBG8zv zpXEU=JLl&+)98muI~(GV2F!p}ek0@XtcPXE(|Fa zkRtSv;Wtd;(01t(P2}0pwRU%8pSrVQHUAF(SyjEw(y-T9Ni;O6H2%OU8fIzM3pV|E_Rwrd(sAv1YAa+fi?NdFg(} zzjF(hYXGSjmzib1po`^e{ERF5%!!#MFvoj6F0Gf?qz;p=j z=(eA53ar3B%#N!gc9zUUrL|IFfige@Aa%W}2I-j*AtTR;k6GiT-a=Z2(V7`0g?US- z#&S`tJhzsIR_WxFs3=;tn5d%xG~MM_4{+L)X+mZ^if1(9-4C6r`ExnTE0D$jN$ za@H)9o~U9qgpg_E6H>E^is@1yEUL!=GxED?am@*`a9(k;j0R1eGPP$y5uiN2N%2rA z3-BO;jTwiFS2v?xkJf2W707Ze?XWVEluZN{aBx;C@al`8LK;*R=8z`NoK)b!3umPQ zuf7N>q(N1n!c?lib5cPGgg7fD6cCG`h6!8+iimENQzd_23_~%D1~M2!m5ni0rN?R< zoEjGvy^PG>k+(lqp<3DI7*=iaZY+9l>{?!bN_orc(Q2w_rNf0n$o_FqY2T{Fo!&>VhoU<){V;TwXGBO|Juq?oL!!PAC%K12BtlZo8TbwZPra2F*tEl= ztkjw1^ynZMPw*-V-Z8ti=~e_q#R;J6c=-!H0fjLRSCMA`*y=9c!V`z~lA(Cr2-%68 zD2!k133>@A?+p7TdK0ZgAylN>yg-4Z3x$`2GRp@m!Yw5)8(I2c!QTVW2^#+ZP)Si~ z8RIk*WkqF6PNaYMAKEAHk9rpTb9~swdo}z2@Nr(sN?)u?+x5yB2BQsA7e)Mz;4%?M z&1CncDzCJ3&0d)r8nb72Z`RUBsfNQkD3gJdo0g&sU}~UxOO9V#I8v42*VWVod-r&^G3nX7J)uuH=ua%)LhuBnH%z)Zm&=) zSQ{4tA)+gDH%XKVGCw2PHNn4DN%AMWs6ZyN9rHWKO00M24GYO?dr=_cvhsLLd>}Kl z&YFaY3fNCnz#t?5yd~^OQ@Mn#s4DXfNGAytISxin{lQVibIuqk!6>sspb4T?)o&sU zKHpglXLRK>Kv1kY<4Js{e|_iJ822hIMUwXN1}@cW!yxj4QdK8NNgNV3Eq_#c@FR7Z zjXjo{W#s8Pciw0|w6pv-_!#bgTmwttjov2r`J4MvXvzK0o!y;1{r<=H=F68)_dl2N z;Pkr38z6cNla)`dKiao?jIUNiu%~@_XY$WKRijNX;{5g+*)uZY618K7D9Zpy>Cr^B zJ$nEK=04l?PSs`KS}ffiZaA%4+%=gzL{I2*va7{vvA3!dvW1=SF-U?RTf4#t%SP71 zOa6fmg|zFpeANNfMsKIByA8HD4`M!cLb|8IyM4pW zw^d7XcrR=?v#57e)bU*o$8@R1Cd zi&v+`?|n?4hq@0QLPh)9?Phexemq<&$8wB(VQA!vHrKUy}OmV z|GT}l{bKV;|69iM5c;1yr7qO~1p`*o0KX$GFJD_)kam>cKuK4W1xSpnjPlt&JUu?s z)Qlu3D7v@kV#@Asmy}E9!Db&Gps?)hM%hJAvaaT@d_oLhTk)St@?Ll8gA+xy0nyw zhR+)uLfYesy?v$G;fBKM=HBc?dsa*!b&eEG7&m9GxYee~Y!k%&y5>fvuN9|-d+#&C zopCalFsm>R-0x-zni zsU+oN#V&ug7J`lHgqwpAlZ=HJG2fxZ(n&Z==V0}|choJxid`Kn!b;WN4&NV;H$(+K zRgMD9>MrMgI(MrAP~GA)F}+ln$xJ!0k8~G9*7(84e)oN^-|L@ufsNYzchGcWBbdb5 z#FY$Ab7(h8BuZxQQPb#ql~nquz$WP7IDYILofc7PRatBip(#uOXIykfZlYmLAVy>l zj=KHhH^&F<{?W%b$0tYm1a>GC9{@$a%wjz7e_6iw2PxZxO8~-lOJrD=&rUsOT7GiJ_QS+&(xV^G1Mq-3dH*n3g@g&apbh zu%pSM`r)X{1{7onOpBA_gI~3YQPNTc8D(g`0-e!qGD~a3#z5;*vJNSdv{@n?;KtF% z{;wV6WH*}ljlB94d-E)-hcgJEGaUS^3zbx@(q+a_5&LLt?%@3F&GFlWoOyNg8~va5 zhxW(wPQUlD-RT^i9crV}JpBC%bF)URksr1Gm^$IzE9GFc_3tnkH^Wxd>jyby)a|e& zDg{5!It(xzsG$Q{5u%Nu7YuE$Y=!WGt1I*c(czq&zx{arzTbJTuMWI$E11TUX`CZc zu?(U}d|F^expZ5Qk^4#zxM-qg>>RG`6Py06HiNXH_gVM7C1KU11j+7oL=wa5g+HQ8lsyS`kn-j^b2z`}a zBm>Y7g3HSj463LtSlM2xMU88zAqJ=C*#2}vd5_-kv|hUU6~`E>GVn){R;UCOBix9= zF=#kqWnrE$>NHNa$`betl$v4EQZ+q|gSJ^|xL;Bs7Hn%x zMT?TFM$_?z7KKiehb$n7^{mzBlM??RWhlOqCtD(H?72J|}8NcEmJ2L0fZ;d}+eP<5mc?H#n)O6m zIYY9woy9%bKuY7Lyu#7>-M+C?ubRKxVd|A}15+7F)4P@q#-L_YAhR7_MS2x{vuFZS zD|M(_yB~6DlrG-*JkSE3hvZzOar~P!&oPN0cNO1vPqYFSyZxqZL2&;LWqWr2-$#{q zW{bVrparFjF{XDh{=K7aZU?IP;uXLa`Ls>&--N+}%kHB59r3)9f$UjfAhf(BO`SeCJVKeDo*@j zsaQDdYI6st6$`4zhT;J^lbsN?=nBneMtUf`sg1KKJC_zpen80NbX3BgwfbzLB=(!l z=7;Ds$EbG4XXe1!1y4zbJ_O!$?3|(rnwqmW$`|wENZyFeksGGSPv$KyOCYo2@g(&% znhw}E_>`&qAVQd{gRH{^ePQJm$KLt0zZZF_H8;P|tgl~UnsCZQsn?UQnF<*PzuM!X zR9*>~3g!hmjTNO>lE6Cf3#YUn_^NBD0m1aJ$j_|_!H~m(H$;m@CDnFKt+kZgkvnpR zsikE%&_VCRR}(XIBfbGb_Gmgj@})*xG9wxk^2{3Wr9m81iIWV(5mwgm6?26 zg(F!{;@#t3yw=LhOvzs;KOg##{vIEL|A+9~URW;plK3BcyPMhkuiM*C{vXSDmh1mv zxMQGteHb+Mp*^u_|HxIUCv~`JVqPNr+LGB*q;wNz5xyRDnC&g>BwO^?t9y98h=XhI z-s6+V;e1$+l6q)-m3|}zx7ql=2c8{8U`@%SfhtYc0E(NxQXD55U_~nwgs?w0SwOyIseHihu|DK?drcP*+CIfh>tAw^miD8jP_v}~>od6=hy}8E z-@nE?iwgTGpECP@dv7aa|8G6r|5(a%&-Q=)_@9Y))qNW3U-zX9qqQui zrjvnTS5cQXe&F38IjU^Qpya(Lgk0Tu>4BNeK>WXg2|wwTl&%EVsE6 zn6j^J&-Ot9Cu9E=kSPLBp=gsy$F;gm?mu)HQ$Z74{7S9u|Z?S8Cqn= zGsbq=r}IUPgOyC|40SFL3%-Asya0ceu=_L)8;f4Tw)h4%6$U4&kzqobp7hsWl(eh3t`Dxy4d9TyljWHbmXV zx1HJp9er&h9nCt_(N{6nT6pOD2|7JP%x2Qroz6**B-<@ zpcsQ$d;|*OS?4MjF$^&Y@)pj!OtRR8bOc_4$(*L8NB>p`I5yi8j4Uta4tBjiGzah5E|Ex`=<>-SB_KmUi`yKxXMU<07U{(rH( zo5}yV_vHV-oM$=qzbg6Car)EmIs2V*_RHBN;M|EpU57#F1Z0qHq+JX+kVSeL2yLWR zEZv;G$-?)tWsuY8x3qasvN7;=q`^v=;w8iLdoUoXF)-pU%@(RuQ(Ic#$0Trl^?dUg zXXGRP2{~@!4nLK&Vl^hD&o-b6e6T(E84W{w;`H6I6HM__=+JP(+=QWTFgRW9-F4sx zpsMRY_&|J70v!7HsS(;9XoTwPR5LkM z%G*--GAX6JoOOfF*g%fzw^s+@%+yKBWmh<3VhQ1|YD$0aXoX4~&Yh(sCDO~1xdruD9 z%Xkd--}S^^obNY2rS{*8?Ueub-pCx%jnSF%5sS4zt8N^BK1pOz{WnU~=~=Y3*{F#q^2 zk544^WcFvW;cK zYF|0;W2o`3B>sG*PDw2!6?B#rR1dva=aoj3Z}uWEsOp}Wg?8$UgYa&~aT-(QuXU*O zu07Cb(TDwr^ZilTk7q2Dd&~^DsSud=<*SpCqNJG4Z){Iv2Iedm+Eb zqysSxEu+ydAn1Zyo)sjQV1{P$p{NHvXfqhDnUuj+>M0u`ykmN}@w8J#MdBDDL{*=k zC8Nh_{(iDBibE6kL~n##joP({t6F+j_aZ zn>zp7+TMAx|CaJB@BD97P2W5Tq8QK0|L}wzxTY5<$?v?D4=zW9qDkfgTN-6FZ7-gK%Ut4Y@N+OBBK_UEfwZ!wNKb&Z`nmS))js4XdFv z3x9cze}(5$Tbov65(YQ!$Qgamh}6hXM^<0U9Nx^hQs&D4<;8!5cbnPx4|`AYe;Lnm z$U}@`*<+PU%mNxr9HdPws3(zH`mE^K}WFK(vT!; z>CCkz800_SIczR04p52w-_Gj)n|m*IpXC2Cp5>nZq<#PL<$ghgAVufm@TyJ4Z}#j) z9GIJ=eCqK2p|91=hR#=cvyQDbGBm-87D1#|SdcVP4B z3+!t2n-O2bfjt!Oq!(8gIPx{)$XdQ)1T5pu^W^*WZTNnnoZ`-2Fvf4gU^>~i*pN@- zYjpf0kgZQYVTV_Q4;M01{gIERgWo~(BlW&%X;v!d8(}vrWp>yLRYrcb?1>xO^J9gt#{cHgR7})+Sm;=T#F*s)# zzKh)l8G|If6Do4fFX$|6I)SO>^uSb$ovXY3x%Yx}cvZ$!-KIi^XnS<0xwoZW>K9~9 z6*4YnU(s&TqOX@#*j`euXH}IdLb!5t75Ph06j>o1GKbgB@KZD$Z^(qAO~=1!-q>NJ zNnUoYW<6{5c^j?QcI0&Ema3sH=_QRdlFQMxz5QYj+DJR@RycQ7t4LJ&VPJLqRELQ& zq|Av^lQ}E3MP>uZ1h8p8>l9&mO4%7`ItSJY>t|LDrQnPrBLy{Q%eXk5>mouIlusoM zhpLkaW^tigNOkD_}$}^eXc}i&UlsC#2~cyNkk20ks(XFn)Mta_&L<;O=!!x%Gp>`s3$E^Z z6IiTAuvSN);HqIj5c8ZO^Y$aJ<@tLBYC{lW3Jn>NRXJ!*ebVigOvOy>lCriV&}&9h z7$d!1?X{j@z+9oUkHH9*!fD7dg&@7sX&)#mom#*=V7RygKhY+}9Urt5WYvjGzRE{r z0dr{NN9o%;@|8wCL%|BL)r>A2_98O5B#>w4;naP`zrV7!T3b6a-)Cez!Bw0S*Z-v3 znc2@ZWQP-inM$JQZD5=-9`-3qJZ6#roY#3<|(}|YC>70g&Pe>IULaDEzA?AIda2D7J(*Fxy@6T>7%A0%POc38|DOk zYfa=wy(Y2`7!2wiR77)Q;QAW_JGxfh+u>D|F4uI1sW)G=zb(LYBbdYh4+C4e8__Uy zCvmjlxdV{*EodNB-t{j7tAYEsVAfhlAf&8?G=jy)VqvY|uSTlg57w~{gAVf%i=m-B zfTiS<6<<4O!{GiGvXXT<^@sSwMgeEtI+pK%kc28@`;%iu!Pv-&# z)*b@FmK)D3tm}NmS&^r_^PI7FGeVsfRKi|Gi3hGSzI++(k!;&M2qiwpdXQ@j@ zimIM_=?tMM=UotdO7XhxH*A1v$Ab-a;`u%th!n;h8!RGBSD;_xUrWH%!F`nV5B z9)CPMdj0;b2}>@+S)5p&d7^P?!w5A}(s|?zrdQbwi4<{;emyujZ~y$UeRz6&_Oa9M z^?o_;9#*FhI|};QxyzwZHWQVyu`hz)XVxC^K-t2|Khut5Y3B~x{r2m2?`XOG8}Uob zy?Oen0})r>%>7QAoW&6ZFm(#RsZP9i=e_=8B^>W;4$%xLQ|i$YFL~6WW#_#6Xlcni zdtbDC4;E=HTE6ccbssA&d1vp7mg03Sdg3biSm~*BxHe5ypKUcQ@~W~^i0`3k^m1~9 zFxEcG3)M>-RgokMQTmUjMwi(IW4?uE2xIW3D(##|`^4!Pn(Mh|1 z`~f@Pf0wJ(OSg_Vo?uk^*u7!SOF24xb}0z$UTlZ)bkfdPXa>}d{;%I{e{6T(_DWI8 zz%D?ke9@vP4qeCg#<@5i5Zf@LqOo%?CTo5N{sSR)bs7 z#LYKyvvZ_rG2gaRdt#g+#wcIhudqfSfl72cIL!`eMeG(qUTEH&<6~AnNW%5#ePS}{ z{yW6muidGqlZJ}hMoI{SWOOs348$Y1UOOVTL1t67lf*K}tTCpr1;+7GwW1smi7iC) zpqG(xW%%XHoQ>xex#QSCau?70MgqJ2jg2cezMc*!Rhc|cls^VuFxVJ6KRJKfelgs# zM}He!zO;9?e%c&u?fz}g+4^bAb{u=t9=y2x$=+Z`ib1#$g~N?8bY|ms`vzWzR|!N} zMqm`Ru+R@Ddz%*B&oNPQ#v7r_Ie$v2mc$dEu)_3jBPFiNR&O%64@6 zfP|b9xo*%2gF#9uh?FmLZog++nqw1N#VhA9Cxdw~c4H#|tHB{O@OlXoqebI^)8nlk z*c%_2=qgtg%uZQ7-bwjz>(o2}z`hejhJo|cPm35iy{$QhPQ%PRb_V3N!Si%n>WyAJ zob-a>C&T#7HyC(@$ITgyQ2Vxs;YhVM$9U+tnFqv#zcwOa3Z11*s1QwtXv1ttd`XgV zk8O;5)R=b)R`+!%b9T_Y9pZ6XSBa(r_6 z@oDb%akH_gVWVSI*56RO!lbP5Y+puRfyz_;1UgLyr=SzYVUvHgiUu*iP&F&6f(naC zzA>RaUc#@EQniT1&(#+p^M8Ok6PX&nyb}&AE1TN=E7fA@&_-GOzn$Go{LdF#n@{ndmhrGH>-&!XS3SOkF&wxQyrlubHHGFo4-5WC z!}^Kg)wIKX>q~P*tQ}_UH3jo&k*V|;R*AZ2%Ufg(}rADIvR*Y1{4&# zk)x{|Dw^-LB{B;_-2VPVU18ujXiGFwEXCGR_4^+Yfz#>ev=XcbP8yxT9sKJnHF!+b04S2K9L!ZpD z(rLgeWNuPo=;7b1&suK)K-7Bc1%m{swN_h1AWFb&XO?R1kH@}Z=H&laT=Lg{E0_Nu z_fz|SdoQ-0?7yWv%eVh#%>VI}_~U7ZP$d2UYbM&yB2A-CAC;A8Rs-VEYH(uvRBi0Qt_u{qkeL5gD+8rF$s|I znztT+(^U71HQ3vAfJ3x#%~%sD6bzS+B@%|axEVAI^-B?9nHV+0#&BEO09l)td3U1c znV0A)^fWKO>v@^OdIT!xf_lbJY?ev!*vM%A~phw^}j7l_nFrJ zcAxTpF6UW}{wJm(XDt>bQ+3*9>%p1&xt77N1AemnztN>a&G7c{>ANU)|D(#_#bkOP z7F@p9(1clj6*^JG|2h(X6i!^*^MczW9&3wLVYoQ-TY&yEyZ^2iNJSg?0i{iFi}?g- zuf&@oe<(iH>}uhQ9mQKZxugI7uv4|DdYxZ60Kq!yafjY%q;I=(jM4rL_t`~@c*sF; z^4+pUH(^+PhhnQ^6!cCI#Xy|i|DKqMqco5o^$XEr5(sr(l--SgH1N)->nj+g#&*J5 zj{fkn*C^sZ#~{V<;!zo2`(R>C9@1a7T3W%S;00X%wz_};hIZq}NP1SKZL8pWHi*qoVZ9r$FOA#XXK^nu|yP~ueWW|tV=1MqrX&Bg^6Ahibi9H&*EFDjm z&L#`Qy#T7NCYPxO=UHiVNOe|~Z+=(p@jQn8KlQTee2$;|Df9o?-FcbX|J&Z$-Fn*p zTgJ0|{~!I%w03x8zHPmTdx0uXKV1uaj9Y(fbmzGip)+32HHdAtK7BXKQ;z@7qFjII zDUttsFSobS_rLdcp8Wrp@+|lKhim4lS)5aXF<>N0F!jHnP;LK$`a%q=rUce3i^Q{q zFA~pYStW!yaPPvupoO|V0{WT;a!R@j;9koxy**xeWR*BH8JxI-fN;NQWm0ccZiVu_ z=R!BQ-{gDZhzSsTkzrDJmp%8&Po~$iBzO*5n7YSXBLm<%h+>~@uCwYx8>?M8{y{rA zb7&6jhPAWzA}Qst(-SDinm@o7t3a3h7GUZ1UC&yjqqwr7Yt$TKGs}EeiST%JyT_!l z%`<1YWN&#v@M$_x^FM|d`&=DN`>i(kI}z{L;pWs7(*8#caZLeGW*`(;Am zXMOr}42JdsX~2LP+PBRFD3mw3Fq{eO1eKkBvO&xPi0ou|bAbLU0+{?FFl)BXP?JqPdF-M)o64%vzH!LC3-Hwt%d|TkQ;GIuq7+(r{@m)26tV^m#-YcPSL^oL^&Bg{cB~=RvD^s0 zg640HK-dO%V8J|pzOwSO@X#6BKGwE}L$D0sV|*P3)2nL&a2eo(OdUhuzk# z8(+gZeiuwbiwn&C6@DI7Nn*FEE!R*GWwv^#pHd`1K%-w6l*kdN#a&u`UF7M zR#y4}r+_61Lp=?qF$NfB(&&Asc+(Jt2G4 zj-p`bqS@@mktJ=lIM4`giL{*7afcD#`Aq#eIC9N%iXF#l+SY~>4>zz#lo=k%#BiJ) zqdtrceY0%P(5>Jy8L4X<=al1HB2oj+o4}&5-uS}?{p#}432{1(7^|+Pb3YtsHwM;P zVmgP;*cpR@h`^?kkL)7SNjr0;1baT-5@7OS}S(Kpy z*f|8I!&dR!o44TIS*sC{v3t}$JUyZ^ATylLHmq%+_HgFY*@6)+hdH$VSKtscz3Q<^ z0gM7(QFQ>-=Qel#4(_aQ>iZ}V;2RXqiUsbM1j_YUFcQwCDZzx=G__+T^O~|eo}C}E z#Lh6c#mv0|M4HVcqFGhhYBdAv_bBi&fyt}JpDpwQXVUVw|62WTD*fu!k2rikuKly+ zb7X;B9LuPxv|lqh>KPoll#ccusHf4wx~jOO@P1K`NGhxSArIMw^vVToGx}}wpJ=tl zQ)KxOa=SzC_#b~Y);Lqql))~;gnRZU$L+8EXMgH^#%EZS(UTA(6Ud$!W@dJ2Gvp+& zN3U%U{glJPS%T{IzI7a1WBbmE?N1=OtxMUdQn=e7Tv6{D4nd`@_Jm?*DKO7%CkVu#;Q5-y2N27)G zG%F26hcW_zcw&|=RYXeb`j3AKY2hg|Lnu`!INZr!KbmDm(gP_r)KQvUa%2Jbav>MX zj{~N-9(QUiu}@R#>z`5rR|L`o*?wz>qnRb}M%9U9VsazrTSl%m^Ro3H2`?)V)xP!~ z{zqm8W+cSc_RH2L{BLWK(jg7BqGZUN$E<9(tai%cpGI77w}Js(9T=fb-!h#Q+tc`( z*%V+!hlbbcZTcPA6vA%fXE%y@ct5;G5qOT$xU#1Jh9&xe*yz5!!byP*$|I2+eAu-> zEZvb8_fxA3%j+`tLL-l{k_}h0IKVT3Rzc05ag(<77c?4EgLUE;Ukn1!n59jRS4QX8~>qG-*DcPaGI|YY+yv zI0J3_Snin>)~UaM2{)Z$HT12o@%{->?2O#Y`A zFLs{R|7ASOUH{Fozw_O>)zW1Px?-fO)y}@7Wjz})TR0%Pn zFT5$piXu{`voP;UEBQ{{e=+4od)R4gen>jZFXm literal 0 HcmV?d00001 diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index fa13419..ae3f241 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -378,7 +378,7 @@ keycloak: "enabled": true, "clients": [] } - proxy: edge + proxyheaders: forwarded ingress: enabled: true tls: true From c202b5ef5072ef8046e0c8c962c9b3dcea8529c9 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 18:06:03 -0400 Subject: [PATCH 71/77] log bats output on success --- tests/chart_platform_integration_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index e911dfa..43defb9 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -197,4 +197,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { cmd := exec.Command("bats", batsTestFile) output, err := cmd.CombinedOutput() suite.Require().NoError(err, string(output)) + if err == nil { + suite.T().Log(string(output)) + } } From 0e38c0e5ec3c64447e9c1cf34c19b90d7190ce85 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 18:07:54 -0400 Subject: [PATCH 72/77] give k3d time to settle --- .github/workflows/checks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index 6088457..6c9ffb6 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -74,5 +74,6 @@ jobs: echo "127.0.0.1 k3d.registry" | sudo tee -a /etc/hosts docker network create platform-k3d --subnet 10.255.127.0/24 --ip-range 10.255.127.192/26 --gateway 10.255.127.1 k3d cluster create --config ".github/k3d-config.yaml" --image "rancher/k3s:${{ matrix.k3s_image }}" --wait --timeout 60s + sleep 30 # wait for the cluster to be ready - run: go test ./ working-directory: tests \ No newline at end of file From 11c66504b8202db1670b5241e9eeb08b656510b3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 18:16:56 -0400 Subject: [PATCH 73/77] log kc provision output on non failure --- tests/chart_platform_integration_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 43defb9..0cf8b3e 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -169,6 +169,9 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { dockerRun := exec.Command("docker", "run", "--rm", "--network=platform-k3d", "--add-host=keycloak.opentdf.local:10.255.127.1", "-v", fmt.Sprintf("%s:/keycloak_data.yaml", kcDataPath), "registry.opentdf.io/platform:nightly", "provision", "keycloak-from-config", "-p", kcAdminPass, "-e", "https://keycloak.opentdf.local", "-f", "/keycloak_data.yaml") dockerRunOutput, err := dockerRun.CombinedOutput() suite.Require().NoError(err, string(dockerRunOutput)) + if err == nil { + suite.T().Log(string(dockerRunOutput)) + } platServiceName := fmt.Sprintf("%s-platform", releaseName) From e6df25b7841ba1af4a8ca0a316843bb59146a216 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Tue, 13 Aug 2024 19:36:33 -0400 Subject: [PATCH 74/77] fix: upgrade postgresql chart to 15.5.21 --- charts/platform/Chart.lock | 6 +++--- charts/platform/Chart.yaml | 2 +- charts/platform/README.md | 4 ++-- charts/platform/charts/postgresql-15.2.4.tgz | Bin 74194 -> 0 bytes charts/platform/charts/postgresql-15.5.21.tgz | Bin 0 -> 75989 bytes charts/platform/values.yaml | 2 +- tests/chart_platform_integration_test.go | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 charts/platform/charts/postgresql-15.2.4.tgz create mode 100644 charts/platform/charts/postgresql-15.5.21.tgz diff --git a/charts/platform/Chart.lock b/charts/platform/Chart.lock index 6f08592..d91e570 100644 --- a/charts/platform/Chart.lock +++ b/charts/platform/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.4 + version: 15.5.21 - name: keycloak repository: oci://registry-1.docker.io/bitnamicharts version: 22.1.1 -digest: sha256:1334154e9055bbe4b12fc773e9dd1358a3f7faf95a88b948cd21786a00937a30 -generated: "2024-08-13T18:01:42.452278-04:00" +digest: sha256:7741275ddf6e8a40e63aea3765e9b5cc083f97886bb3cde6280b206ea6726d86 +generated: "2024-08-13T18:33:44.875096-04:00" diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index fc9f39f..a01ba04 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -28,7 +28,7 @@ maintainers: dependencies: - name: postgresql - version: 15.2.4 + version: 15.5.21 repository: oci://registry-1.docker.io/bitnamicharts condition: playground - name: keycloak diff --git a/charts/platform/README.md b/charts/platform/README.md index 1d24f0f..da7c4fc 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -231,7 +231,7 @@ realms: | Repository | Name | Version | |------------|------|---------| | oci://registry-1.docker.io/bitnamicharts | keycloak | 22.1.1 | -| oci://registry-1.docker.io/bitnamicharts | postgresql | 15.2.4 | +| oci://registry-1.docker.io/bitnamicharts | postgresql | 15.5.21 | ## Values @@ -279,7 +279,7 @@ realms: | keycloak.keycloakConfigCli.configuration."opentdf.json" | string | `"{\n \"realm\":\"opentdf\",\n \"enabled\": true,\n \"clients\": []\n}\n"` | | | keycloak.keycloakConfigCli.enabled | bool | `true` | | | keycloak.postgresql.enabled | bool | `false` | | -| keycloak.proxyheaders | string | `"forwarded"` | | +| keycloak.proxyHeaders | string | `"xforwarded"` | | | keycloak.tls.autoGenerated | bool | `true` | | | keycloak.tls.enabled | bool | `true` | | | logger.level | string | `"info"` | The platform log level ( debug, info, warn, error ) | diff --git a/charts/platform/charts/postgresql-15.2.4.tgz b/charts/platform/charts/postgresql-15.2.4.tgz deleted file mode 100644 index 429cf4704e33781c6a6e741af5a026ff79e90bd9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 74194 zcmV)TK(W6ciwFP!00000|Lnc{UL!}6D7=5`DRR~J0v@V_xV6nr&n~91&2e8?!0ny2 zeYy*&5M?Blrb>clY@a9i9_f3h^9m;}d9AyIpu1<#&u*lu%!tUy$jHdZ$jC{YP6tVt z{%zR#m;3r`Y;12l-PsWv8ynrHJ6-&XAN7~Mcei(;)Yf*l3(vb-n_CU7XGzya2Wy!(({lELP+kNc+ zhxiose-Z}$B`Sdh`oFvV*#8gmDeV9Apm#N!EKLFy=>P4fkM`e#e60TWFT>#|8jRy4 zTrLje?e6w=Y5(tRJ(c~x`E={)4$lAEX#a04myF`iKY9N@5y!!F8YbgZOk=^lFK#Zw zu{fVa!+ta#hzV$eU=XH$>xnqKj8c)#CX*PJ3L*uG8H&L$J{O~4+Pj3(>mmt3iA2{S z)SF&f&x3Iv0F1){EhWV2BndB~_hDb$L{RQu*L?AMJiHb0m}(+PViG1|7>z@}~A--;)mgs~%hqI{1(JnO=`O1`umIaS;u} zwDpCb-b~=%^WX~posQu9|AC@!f+UJ(sW^Im2nZ)h{A<{ow*06c1|2R3kDy#M8i=x7f0pz-`v{W(fZ$v|E-qYwsgif@mHVUPmQaXbyh^fH*jKcGWyBG4T1b(kbDhTu_XRa+O) zxHp`U^67_@a16M6Q3%g_@%SPd%o5NVpsi*p*Bmfjl3zgC;@^8MA&@$PE6ez>t{H?U z;UG$<$*m&zdEC1KO+)WMeep}G4gWYb_C&i~3ifz59G-@~Bm~XqLRK(EO0UHj8k&j# z{u_%RNdiVDLVw`%w=6u_79l(_x>dw{AKvooR{+i-*RCmk`lX2C6qG5HJQxP4ruNi+ zb`dAy7&-$`LC=df@o+W@SJO3x$Oa(UVsr`8TY%IQ@Ppa(QvW^%7&md!7y1ig$F6Ow zB5e`$N6{GjJQ1r(a8mKE5YW4|W&|KK>XBXfV6863xwOX9A1ueJ)F@YlOzK?xC{<)Vn&eBV0c|~U zNw8j+b}IBjWX0Ml&Lot*E9R6gQq|D_^%@KipOzce3%kQ)8G&V-9xJP?HCl_CN~H{& zld08cYf95oKP($yffAiZ!)SU7YzZb)-W?%P`hIo}y#aPiD$tt(k4CAQGkbPTJx5l< zdkywadKq0zZK7lKP*Iv=qJzrU<$VGV{XI+I`9VCMhVQ3hA0N_OlxE&Y(=Nqfgzv!| z8^*UIv$gb^%P?3biVN%eFl5RUGnLgB!F)Cx#y2p``r$<|8%|+ymij0eDbc~pnLQjtu~-cz z6Bw0|YQ;1}iV*J@H3C?hVCEz^1~uht>&Sl)tW{Ws5@xJwx(CqT1h**^>qlt-82e(i zAETWsR0UIbP4`nvji!7*Fs+VBEtjZ{NzFz#_x2S?+Z(jfpwMe&OWNVd-6>@SR^rnTIu52mgknm)ghK9e&VA>HV;+Dd@K=%CNfMuja^ZO%nn8<7hRkpv z8o#RoQrN&4&}$xvW=~vzbr4n&q<|gBzrZpryhsczWO0bVa4c%PnJ%z0>v&J3!!Vpw zAq|oNbQb=z5IU@`a7D1r9)o6bl#y*EmFcCgqbUr#$S%w4YNLrjRxb9$<#akp_d1=+ z*}31RWim3YlXT7*LdV{j2nK1#5>bNa>s9qnast>BCx_o2ot~Zi_3f+umxsUPiO`Gt zJS;#L!IIX6cKrJE=r70$A_!YXf&IW#9|Af0}u?d7F{0w zwH%fGXaKWm9+-SCyB208kzNLyJG*;9;KN7yV3Z36COO@2>o_HX46GM8WPqj|1rt!K z$1#|5w|Oe?9T-gbvap`=jhs%xUUYG5*J67!%{MqapAAff3&9U~YKKO~vtb{{s?-=% z2}L;3{u(J-QA|%&7ww6>ltBS#@t)}J`kVfS2biK@>~%N2q`M98n8(HnR73^F<-&~N z*UwpqXeh4ilclhN4KTeA-LOL2ZPS%?0cx09LB)?QUd7X6APUT^6$a-FnJYbALAyH8 zLJZm&_reK9@2HX9AyjGS$s`FqpsOPjJxF{GY0}N_Q1bZCOW? z^jxV<9>FY$Jp&4CMljgV&{slAQ}-kQ^SoIDr$Kr}tz-Y6H;Mb6Zfgfy!j1DLNpuZ} zJS74hhJW}zfEiWIB9ld2Ym*|c+9~(hG?|6iy|?j9+>lfbqbu^Sq+uw{0MMym6te9I z{|)1T?gDeOUP6B9vE68IP*NssUIMpg~b}Dv`ECV48$s2kn*ut@;GS4HthN zpz_eW?Wskh7mvM*C`qRt*vHGnNHTyZ15d3+9~2j^QnLtKYLRVp4=>MYu9r%VmMLN% zRu%&o0(x~#JzwUf^u=pH60pF}i3aeFw4M?6TGG+&&tzXZt~(f%2b6Dw0YC8nb1@!b%X`dYWX zLw3G+zJH9|lj{ke%lPNfxc_$2gq|!hJgdUb9tfMSHAs%1-V;9AdZaQV4F)%pfwEX2!rHl8|;cJg^p z00!_XorXalSvO0OVPJHIb3eFpS6HI|04&&T8B{a>Ll=_k<~qs7@^Hsf<+mg)bdNY5}3%v+*Jp3$1IFSTFqa zcHFxJj>NMRJq*#5>`?0|EzsdHx<7oeFCC@ICHfAUw2m!AqvS2QMy=mB2@r_C$;I`K z)n4 z&Qu@{?=U`9VNv7n0EOyZ(Q4x6=EmMrh?9X_GtH6&B&q{;;4~VA9`~Df6Ab;!>1g=m z+aC_R)4#qt`0nKOtJgoAdIzsxzC1e9BQ4tnpkIMWsA7xRu_rc48HimVzmwijUP$XX zt(bfP6aK|)$o5D7I)GJQ- z3_$E`Z*B5|rXNiWaqwgbCVqfG0iHe9@sSTptM8x~8B{M~bni!~Ixgk2w5Y;CJRYmf z4s>|RI`GB=^&L;b#CSh(YKIr3v5H_lkJ4T_xOfKZ<2e9M2E;vV2tsmeVlCE_v`NB6 zalsjmQ@4M!zz)DR#oELm`JExjGP%0khL_R!B`jjlks#z3qGA|cheKNNUZNvQyST|F zEnw0M=;33E0TgFy0|CXFU_}@O$S+sb_712|)CM3#Yen$RU=05qqX+dDW!fS{9O0m8 zN0XG-d{7Bx)shtB)pe!8dG7YCd1ctDVqvm;HtHeA#yt@xNt`eS!xjn2YMR=_Ap0>l z%}9ojDVcGIQw15eiAA3u9-kZ@?4KPz=i;+uD2}9J=G{4R)WDoP!-;BLOxS~nCd-Pf z5v{1XI*S~)R6#==9fOMMC%E8+ju=}D8zzTJ`Ps^}jf=Vj)hJCL<7^#TXK^nGxnE`j zV6n0Gu@Z_QQ{#-5ibM^WRp^sZ!{_-cEQDrwu1T{C7bxh^MPOzbkBdVnF(2=-Qh)5Q zKL;1^%?}qUHGr#^C<}m}+>}ZUw@RGEFvca*!hzbY2+?lR1De z8}0E=f%Cxt*R<1&usgj|43$yKwK8`iKamR{8ZZ5rS4Q~$PsH@Vae(GP_bx*~FMY4H zcuwCbh}c=DMSPs{LL=od45oKK1l7<(uk`=@|Np-n>!7$&qotg)$^bRm5e$F%sW^La z3SWE4?L@Yth4uD|_7YjQ=}^iBWYc4 zEyw6RWyr?=opp*xd;eq}dmm-XBht~#*Xzh6%ESm57|&q}e;zq2b@c4v@dFj@4={4& z_e9ZVCe|#(a*B3SALjmH9Q0pA=LxKI!N%gpC(0F)g)K>Y-7h(m2Z|7lVS*2uuoTkw;cX!>bgmWww91#lJlHoN_sdCiCnsy@ z(oAI8DI}+z)6*BS!%}g63ySA&ph~84F)+eCBZFuTU)5LsF3(#q4PM6m)S0^6))Y55 z8S2*J7uC-12Ta@GM|7u(B(rvx9ufgm~FMy zaG)NpgFTv3+zOa$ef;bDzSf^ioh(|2%+WtZgi}1ATZ&d9V9)%@F{5BY9?<)j!DIn% zBL-eYy^Pb*?M@qet~XUnCWG(JgM+%}NVk(~PG_|6!fhadoD96n^MKl6T0xV;6B%of zBXm#v?y0B?@-dUmM|NK_lOhMN&{WiKs2n}Xml@q^Q5oH)v^?p4wdr?vzw|f!jn3w_ z81;9w_ADT$gvClha_LbpDb$`?7}(`i)CqZZzj}RkxF_Bfily|pmv?k-YcRXvrwOiT z+LU6# zh(^1K>yyzPLp2>L?~p|WARngz&w|5vV583ht|uk!CD8=ThUXChMA^VNJ8r0asURpS z`%YN}foCk3Vgy)p6zn9<<5-;_QIvi$Yy7Sl-@5{0HRi^hC#`Jx zrwP4c6%7uYyCTc_PI3E&vM5+lgKGtC>w&VliIXdVJII65#?g*;4Wo-VkU1Gv+I*UH zl~85|iH-%sb?W=DM~=nIuvoHNDjK1|&{b~R61;YlUNgM;2r#8-G0==`A9em?CDnGS z*_1dBRc!sZf39EP%iFp`$xyE27IbZ`Vz>sa1jO+9zl}KwptN|Dv+sg!j$aLt9olm zEK!y7mi)C2H)(!#_({7<@w5`R{Ed5k+CNP1cY$ZA8Z!P=MO=AZc4Rn5mu3Sy0rFgO~ZBK{HcW%Uj(_Y+aglz~!5iA?Dy^ zBfgf!G0Nx5qo>5@VpbA-;7FgLvy5`-aaBcDXBKsy8w~%dC zfso!e#>RG=LS+=NJWDq*M`MduDbg%m5kr_h$6=ac^mWjW@GGfOO!zXLP2_>F0&{on z;|J!s!s%(0o3=Fu-#U@wlJT z(g2=8cMbzeTtZJNK*O%v0Qw|MqPVZ%9@DQo0Yt}1Jew+rXZ-U{ATMAFg)TX}1dIJL z9`?mI`~Z}-da?-EbVdRH2J9(6s09oEI1e*(g7o(C+9}g>dtz&Yrv{tvd!oxvUFPkH z9eSE=|DM=oGceNt08`j(E$)Q^>%Lt~Vlx=#6Ir)%6Zo}4J3q(C5m*49`_L1i0F2kU69qH?Vifff_>+#H z5c~@J(QLFXhOktCBJbtjP5!dxvug$aGY2nn)XI}Hn1{6Bjdcv4x*kmR{)}9$YtqT_ z68qC~&Q*KM`D%spVSMg-%5#@3ywzm*)5-A3i>}_d%J3OhfXJKTRiJ50wl{JzL(S_) z7ZiRlwfc(=FdrQMfI=&yKUQJ1@{yekQ^*C0yD)MYmpN{&foi{iB1Aucu{oLTiB0pH zal$0u-Fz9T$4qm!)>gh&cVlz=Wt8KcJ+v@nkMr*cnSf^*YeAJki5>yW;z2W^iNj9* zle0V&Z9SW|dN49~(!pgg9)vPg0}27{i`}LmX<|Uhm3mY{C2VL29U$~DjuIhWA!CO6 zP=|F4flI;Y09AJp^or;4BIvUT2n~9of+4jc&63Ve0BS(7xmC^)!T%mT*SZ|aDgnt? zD>GUP_`4@K!2?g|%pvK)5F+0u{YrvDVcqCzcZVFRA5J!P`DzL6JI%LSk@wNQJZuhyyhk;C$$G<}p`27Bs^oDO&&o3tTf4RCWOz zui`O9%sW_C(h@AP^n7?QqXvw?0mV4iU@>LqYzr8Jc-|GM`^F6S`c@Uzn-4b`9>UlXtYwmfZJ2fK)K(e@Y}QaDjdrr((;Xv zuRsLw9q2u4=Bffy6sW4uW8~ESFbdMpiK|fiRDdB>5m;1+fiziG$c&n)2k+4?1goGE z^!px6ff#&_F*`Udh0~sg2vQF>qv)$AadlMVEFw#HAF#|T#$;!TBHASdR;DO5hvnn2 zVI^RWyh`9}HX#y89aE2v4{~(iv!&1gfU5Az^nbVm2I|8~2H4j})vUyCmDq+RH(;Uk z+W7&k@7Xq4;-n=ulNYeWjC)bv7825`Mrbfqh-~sDwrsY;`A}vPAC}?0;2e8$-CWEy z5y(<3k6RBmZf9G3782Sc~@G&FLz@qe1=I5W~2_YmPbU1e6Ym#xm|! zcAk*EPrnsC9;`Fr|7oP3*lcpzUmoa+44p;|xn<+}2V_}}5qkouEcF&4maGWfM?3J} z9KrZ7Lv5=#q9681at&*FrrTOm>|6>tdQZ9Fp( zbioLNN987!*QZq1sV@$TlTtI8Cr$aGeZw8(EB@oDHhD}F`lA%(ohSKc9<;`@O~_K7 zlyVXN#sUS!eBX_gkSh#8GuK(;Ie?`GjFjduA+)gOr97&5?s|+HMf&wR zT>vE7c(cw`d#=2wl;#U>>PbA=rIrtH1WV9pG7LS9$t9w6cQ#|WAxXl?N z%Cxcv`*SB%1dorAq8S~KGIWP>$ zun^zQ&p)~8sc3*FE|we@`?04_%j8&iK1*-U)p~#&mzj_l1(pZE1LP}WKipMTw^0!di(bIk- z4=4nRbh(XcJa{shxxE(2d%o)slP?+%=OtshDsa3qrG4=zQ8@zSN(=elGg-$Ja6W24 zlwq33p-f9Py!G*j#aN}2CvV}ph%uWe8MZnzTQ5!$yv9_*b8wm*jmn2Ab60CW7+nA> zPq?I{^};dBF+syDjzk9XV_lWx^DaH?S-VM`&^8zYk7=J?0a?w`D*AMqUQT^L!PBOW?6rcTeZ3xY-|>6$7D%sb z{ymogn*sCjCAhUT?k|Ml@ICs5Qd(M-p&`cz;wmm6WUfVASRReb%H+Hk*^lQo#NoUO z1!yD#hYO3qZK((x-c16g@niqb+5c+3u(;n;3S>XOI(=z)sDdSa5ij%>3HuiLnkLj? zGItIsSw4BDuir@LLkyF9A#RMO8r}sz{V8gn-Z3trp)y!f-3{2w9dK`DZvHDUujTcD zwEnYh2veJ~a;cZ`70b-MN5?f#o8D+>V{q;!%w^e?_{cfOvooE0g>qWF`P^{tGKOb7 zb)7>uhcHS1c?&PC_O>>k?mqoX4e97{%jF2xXfr-F1*^I5ufW`s&tR<&JSO*FmNlBD zBKDNJzEz8Qs?#tP8r~Xa9+10J=90Y(gZ>cptfH|zX$_osWM6t# zc5dU$qxFWT2yxp+H#`xo@-iPL$zzhdXp)(B@@>&-YYrhfCFmz;2-ETzb#o{aykq`n z70!LbOA+pWkQ!Sq6uLXHM*BH?!+6&B!Js!8o1z%#6^tIB zs;sqosC%Nj;q!l(WvEQXoVw*xy(Mk9h(-l|NY-6OnX4n@&9s1l)&O|k7u6>f>kE7um^7Mej6$gxV*Qxkv!#dn!052FDmm@Up_jG7tq*AZvgp-Q?FoZ*H%6CPxy zJU#W+NWG@0B+RJDg@qSWqVuB6PP7V?*@{+?Y#e_9M#>#)qvgo?<2MKMI+Sd@>|}nW zv+1Gv%@>xTQ1M$Ez9|n=Ad*xz4LXfe8ODY|G%8GZ1+9>KX|5Ww>Qzj+HZF>4JPxLp z`S=8eq zNrrSPpz>x9(C+>4+RnJ$^%jL2c+|?NA=lOh7{(<6a~1fVV)g>rVNB+!QUz zvOogtNEE8~eh69wlVsXJS-$>kKl+PRNBSt+Uc0DT8=l@=MzEHYxAmr?e~W$66Ew}E z?y_8t0B<&yRESmU2;dq{NfH&FDOiW~LJl1{zrjK=>XX7NXtkscwx}b88av*TCRPWN zO*|aD|KsVpyca0J4l|Ix{r+$rUyFaE`^90E(YtbQp|^->*mZ2o;Kje(bNlR`#0S}a z%MX65veMa}z!RB2;^jZD$Gs*RhY|?eLUY11cs+WoxhKA)WWlxVtXK(=9ptLbX3HKM zf%IFvFaa$EV27?VqJ}XlQbvc&m_+)vs#H~`g7^ARXu(7#j}qMvS9U45HVJZGurlu& zn9g|j51P=f0pLW=)HMtTKAW@Z5H5Bd_XZ~BdkXzeqYEUgl{CKd@T$cIc3SG4t}_+sKU#A=+q;V*kRoSd`rchT85 zpk=R#v+hPKxKcFG_l2cyhGov|5MYkwbQoNRMX8msdO0@xCN}Hxw<>n%h!VSQHV1-( zqXhqQ-G7Uv-T z2r|YQ7TSk%KgFDJ4rdom99P7Trf8OxKdu7B9g@gZK)q8YxeB;@Hy#R8}i{3(-q)<=sk& zOgf)J!n$ITb=JD_*Pm$Wx{?Mx=CAvx^4B@NbjKuib+DF@$*vB?64Ke#qF6kqT|)*v zCbpYLXiJl1Eu7u18TjR`C$F;gC7JSE;cj-E!xc0w(iQpSvNmGlta+79D$kpj#kWB6ygJNP>GN{vOS8f` zto-NAqL=Tls#JOzradOpE7)!Sh|}r0u|M@W^{N~8&{_5BsL!O<%Mkx@CD*HKOFqM1 zVRJs-9DDBUR+nfmV?aHo+AB!4mlK&L`SzB@*rjFMb6U|b?cV)J$HIyCGEI2QzPEVx zJ=gkJCXB0I}*5~SJU?ByM$pP=49Iy#v z5B|wA1QzmSiD?3hhk+)nK2f0ME4xFgKzA#wQNBQf`0g14%hBIcM!!;oAAMTCQp!K# z+E9cWcLhirP)-5vu z;E7f?|BxvFi+Q;GJb*@LFOmsxekwnXbbyP|{o!%~eht$B=8rPrAhhd85u02h8p-37 zG~DrA4%oTFcmORNivDag5j`*(evQu+7ghE?UxSj-6Bxf>ZMKc&=)Dz#8K4KV3f?Oi zGd|Wd0J01m_zzSnkdcmqNqPxi5l^3DMNsB$VDjsnLyPc>zys&kA(%nu)J6hx$1#d6 z^`NO~r^P_s9ETE7X1ri~9DZf^B-%+hm<@wuc#D&7Zdge6X2-EaCg189GVS3~y`sBT zhjOu&l|Nw0|IdC9G42ZZxE}i-GziP#t0L@*mOlziiVS4r`7B9L60FnI#VB%R*^8Nd zy2qQU)p#+mG3@^@=*{mUG=gql;34=51DQiOaN@*#sAq~sIcl81>oepK$eN6T74F)b=%Hysjl2=@V1+n;D zJsIeYgBH}vq*IPSI#2e*>#@w?Q;n}aZNYJ_1kJPu008>B!@7KKBn#&=m=DduISuAS zGjCplg_xDkZ6G^=0G1^;C~}3=CpgHbIH*i=kWX_!E##(Eo+obVqMS45!4v3a^7&`q zkbgTcRcoh-r6fpL1jRCvBrJk=!9)oQqgo_c!otWFO_;C*=rU$>1$6xiDzb^LoQD7{lM_ z!XtlI3g2m$8kV%)1dUbNuuV`YdEVb<@ig?HrWf^bHGUCc;I`+DV48Amx6(?=970=;;bG1NrWBP!vD;2e&S`;XQ3;)7 zh6X2Uk_67@^6M>-Ca`*G@(H90EF)Sc3#=+olP-{$^N3(#0g%+s|^t`xx^t@X0B6E4qcHk1~g+O^H2x z&BRzB_5}OViM05JE^dOc%$pc;;7_ta46ErH>wrldji>kv#X7E9u4P>e%@(G=W0Mpay++xTty3oB!Ve508lVqf08rlo;W%D_UQEN z^-?g?hV#&%z)C98 zt7uY6#55Q*hKyxbqtR$K<&FJdkkSzXYpuH0sO9}=fRlMsyt23qrN6=JP%eYbo!z}4 z@Zlqlhatuhz?_USA6X-0olnMq!9*sky5)i30QrrGo#-?RjS0poMS0JwQ1HcY>3ld+ zuB2q2^Bl-!FiRq)MCe_CK^VpIxsr}Op*#Re#;5?W1rMEi{qQ^r#vXi2x?j>8?gl-* zPptG4M;EW+DLDj;H>*IQVp<=%&kzQ&PGKP%uDu$H5o&d%S5<16CFMXLW7IY8=0C&s z$UGeAY!1jX#Z1)hD96(PzpajQ4)l(0Ph{2a!&@%!DsaOu?W#JdM5gmUnu|K}g8ON> z;40|WUbvbvpXj|ERjqowyrbmu4tMyK-7ml=9@zN-)`=a@1}qr%Ia@~`g`I8wn$7K& zUT$G@AK8;39^KA&VN+P8GH|au{0kvATm1Bo6;a|EhIfKr60@>I3~Dpq`LSF)MZ3F2 z&nmFC>b7?4Q{iuz2Xgn;dZIUO&Bkg~5_)&1)L9t4Cb#x+ZY?C)CVdcJ^Ag&uDGta) zkY*8I=O&N8>DBh(d%TQ|Lx=FrZZ}_&EG|pqG-@3!r1PpBBqf7?FTd^}LxxcYGA({) zOOVfQH44jZdS$JmRbsSBmHGDF#hLrgX9G*0n#Nz)7ogwVr2Pfy-?exV2<^WwMMXED zpGhlD$Dg}c6oZr(6}2PI*r+Kbsi0>$_ff!r;J0>tSW$I6w-VCS$9#%Z*vZ`4Qg^9m zk{xE~uDlI_f^Ji~>OlI_a;)Qm@mQW0b=qsTY5@HKpU$-tOrb$T*`-v&qBIMl9}|}_ zm844B`Tduv*grl}jhy!$hHU%iI`^6HR82<4gNiMt=BJb$hH7VO8k&;xpr?dYj`$O- zgo1%zzE)#hruvfi6`UR;PtYpCao<8HdzQ!++)aRZIKz)TRde$7{(;H)qqB^gJJso( zm6a}-L^3|nm?IRK(Kf&HmJpZG89Lc18Ybu25(7nmdVszvZQl?n(&OY@OD02g=UG1R zVwTd>>M%z6%<7m)I#K=dquiN93y7ZtcKoi~(G)-KpS(JH_3d8%9Utg`WkOFa`m96j z=*H}#5sKp%R{67Wa2-TL=}@BAJNh+tHc*!DYkR_Z8Di>zG&ALl_^GQkF|FtHM4GoQ%XT=>WZ@T?y*65C=piqp|Y47c%Rf^Tu(KqG5#VSluH15 zlNte=+wJ7yk=~>1LF5PWD!H^+zNAJ?FLNa2p(?M5zQ1MJPNJMB7;n*r-`(*y9FNiN zqsQoBJVqIT=;28%+@DEl%?fj=zO%=?DsUZHo(iMJ&_6VqVSWkS`)^h6Ke-sfI4oM& z8$5cpy1`75`aG9;pG|A5TS2p}QpwM0@7&&hk>-XhzLe%5^zpzOhc})COJR`|o)4W* zfsUS;k7QGAI(2I?08*Z9v*v5s5rm-ti|E6HGttL0yJUv$pORp%i-Y~sL-FHxhp!L< zUsPM;^>o+H_UzPw7lqM)4UkA~S#wHA|)fHt+Z(tT(^`nbF6suR(ER$!HVHsO5WPsa` z@H0y(cW?W}{?~^u+S#}LFzqGLgxzlKSJq-e(cE@%n1+^O`gZ?^Zx3rQonnAO_8=p0 zf*`l`YRHj~GHK_$gyZWsn1Y(K2wABp#C4EF9A{!~Z7QBT9IFG=et4GwVUgfz5*Ttm zxwWv{pq{Cm%*WrpJ^b(E*C%I(CvTr0o$i1A;_&VB!*BL~cyadj<>A@M(ZQ)^Ho1X; zzqqQ?Y;=HY%~#EX2KR)1z;ixDihJ4jpVmTNuFtO)-JNeeZHD1)7oIl5are7UYw;}M zn$!BW+}{nSwYcy3a?@J;cfQxO!SH&#()7b$X?md4w~XdddMx9@teZiG(RDZu({!C$ z8;v9YR5}n8BI!`Ph76BOvRd9~6NH+Y&c_}EROGBnK zz=c~7Q80WS4ue~DnEr^LVaPBpx#d&r4ySGd=o9CD9lo>XP5|AUd*Y0L-U+0O0oU!?lSCPnool5s`apIrFTAX4J3CyfDNT~KA;UHHV3pNoM#znHC9le zxJt=vCa>KRd6kFwnhGp?E?zjsf!qUgEe49$RUYuvIgY}qkSs@t1FpvTcjD@Hi94h5 z=RxiQtigV2k4cH!8K?7LwtVEmO zkt5}!2|_fp$fpo`n4?w)92UO$M8gd8ZFvkXED0`D;Xu7PZbQ+NkaJr}wQ|r~h>fl< z$?AhD?03DCV>!9s)zL?fE=G)R#$Gh>0>0S5Zf4cp9@&;So0Q}KMS2U^}_#e5@Gi%O!e__S1x*o|(I?LOOhJ8DN?DwMn2#0VH}L(HbJ*N;-l zFiDJ1G6@=tP7v8d*}*jKh_jgl;RGiURaRGFJMve!D_`3lf{4qq+h&m zZ%uzN;fHZ*Z*i&n#MD$scac1gdozjvW;sMQZ<|bQW5xZcYscu&9!D(BFe7amXC=$r55h_V3Z36t(r%Min$@R_ z=jv>)HF%;i=5XkR`oOB4HmHKt83SsXgrRFd6?DQAXG_)9C6;C`Jvdv^tRy6oDMRE5 ze`jxYs;?oXC`2-RQk8T<=@lEd1*zavYzcaPd}0yt(tgr_ln4)TX8Di<+nl1y7_4iV z7+%FW+0U$msB)*=47H+RVAY*Vq5c}5Q>|P8GoSsI(Y;e#8%)jRS{#lW@L~~jEpf#1 z*q-QY>J%0elB`m@>+&a<@K|n9ae@ghh;-FutcS%7m@yY-D}S9c0#G#^%l&W?QVIa! zE9DP`{R12r1?#>>>goxvh?R9rL`N#c0;hC$8do;$x}~zyZjfbB#(-IPV$GnfnpiUw z+~>rap=vHIogs6nS~^1)hfQY?x)Q+a+~5lDaY@wasdSov{^f&F&ULGt^LlFCE~o~Z zu@h7{wp^}xA{d5fNPagPgfdS(B7YGKOd$+7nSh?24BjTD$lGBs_)WrphIZ&A0je%U z`}0&qjJ3sTG=^nIKNRi4BL{8auc2l7hvi z--ADxS>1l0Gq-g;Cx*#t8%ZrRsg`;m-U+0IMSCz9pxp{$0sxRNpRo#oW@2eD;gZ$V z7hrIvGC;l-q-64hR598j|l5uQwH#T;+x5dWBM)&DX z7ysf%{oUBw-W1*K-Hq*y&8J&Wcf>|_r@OQJFJfcKbQFGO=x+U&4WzMKRSvUNR=v+O zN-UMg`}^?Z8;*Mv4xu9Hcv!aF0PVOJ!St&FkG-z1W4V>h%C>Ba&XA-u_BZ|RSAMsp z;K#X-Hop{cQ^6(mtXCC)epNn=i6JG{oYQn z**}M$Tm4P=XE)es>9bcbTWxM^ZhIT>-{x8O%f0O__|N}xcVlb!%bm@w|7m~nBlLbh z*7%nz5$U+~F=rdQneU3DZv5};Y`Eip6Ewi)~A--;)mgs~%hqI{1(JnO=`O2GBVtRic{@2E53bW4vx%fX|Te+|}bKSbEkXdut%x8Q5%qt!yCGAXb_Flj$WSoZHkgqK7lwVt{(ri)vGX|oAL8>w ze9gmG&4w?c^8{ARg57Veeeu(Gn7r3{{L89x#-Wkur6p`=+!w;4^uqqa}05?Hb}{)g+11aE*Pr=79*=8HkQ*)t?1$eVK1^stIbf z$h71v&oTuHdXc51C}%QelE#dTa*NA$GD5ri;dMBSCtzgWNGXz=og~9Ksa;d1t>6fu z1jurQ&_O_U>Q9&)0Qj03Xjk%y59m8A=pZM<_?Ax9;cUm?=_l}o#?t}A$5T!mJ|G4D zI0wZx%DS_L;zrs>u>yt>zGsmlnw@WECRgSYl4A|y~}VE&>P@5 zo*||)LRx0^(d?Ew-vGaOTgUO@J*RP^PjbtM1d>Bb+`DCs!WvX3 zCSw3{kKvE`kg|rXtd8*@8ozI~@O*d;SbfOf2GjMsyM9+6Dc|st-K|#3IzV0nRBaCh z=G3@KIq}?bz_0K?tUmz(X z>42@Gbk0NXV%6Et(Q#aBAg92snZ@pNFzdo#oMR2Q1w$>c*|+gb+|WKd#a~fc6Lna| ziZ&BGFQj%S@m2}S_WsyxxZcQ3`@Pna!UO|P3eyX)ygZTVCyRRjNqPQ&CxV+UDI&d# z<4ULf?}cV$shyrWKB){QT;3#{ge-C(r$QlXUb= zve7#f1Ef~VWNWV@SEhU)sf*2NcdLwU2a%ily+s+>>&7jft8R_~)4R9Op-~4{C0su@ z9ocsvshPA=oZa&UPqIn%fv-=jH27HtJh5`pKOr}ag;vY#p}Y`+$GZ_*bvVANmG=2} zefb5a|8N>Rk{KpiSK%#KKxq5zWnszZ+6-ivprKInKt0~Rrpu`^yWsdT8kZ5l^mCY5 zC9~NS)1*ETHnEgvL0&_Jg^uO-@55WoN*xr6gw0S>{fG{PEar z#WE3~4S^&aH_I_&SVVU?W40L1Pd32XY}qBeu@9Opjp!ibEu)n=$f6|8asy2Z)w@rO zChtgI(R0u9ip^KamBnpWcWaUEqHkK2yYTfS_#2D@h28Xq6{Dwb3j1B0?{0(cgfDcl z7=m#c-Jc9ii+x{RE)b5d?aL%&LV^9$(;r`-Jl8K|-hgkCc(i9d6q3;(6qw}Cc~ikI z)jQnc)qd2QigxG>%eHQz`y64=!Q8g^Y>l~We?WpOF~a+~5mKGDVsx9ZBL9H9mamZ5 zni)~<;IA7^7|R;r+KL@PJiuPPK07@1r|+lEn(VjVJld=^#c{C(i|@T>s&z!#_mcGK zr9X{*dbF_tPg2=r`Q;V$L;E5MVNqq8>Ot8x;X!jt@O7Ku>i|_is=v;GuPgDj3c66D zrxc!&@9M@3pDxkS9jp9r@PMusDCAU8bJlXwMSTM%!VS&L7-R&dg^b}*XV>KoJ~Flg zZ97tB6bF&!m(rw)p&(knAPKzi^E@;{G9C4--Cob|@|lcLS;-V#;nYl+Ek;qaE+!oJ zf^k|a#RxuA1N|+6P*ERz|Di9=V$6T%M1t@tyroASpJ5Rem}j4@;<^y;Smxj?8bqFF zLV46N9wQ6Fi^Z>LJVx@KwSU7DI)QIV;U8^OZ_t+AZQ=FTT171AF2sVa&4TW7SkS!( z7Id>LkV-@RFc~Cx>}tR&1nBMh8|a_@>GfE=im$^FtfEDCYhB>p!a6UZuQ%0J7R<90 zeLkY)(S^La+$`~}m@^b!=_-8!5O+HMSA5hk6F#53GxfaPg40|H2L3}vBg%uT$Pn9;QeOrq879i|ecGgk* zU6`ABnCx8toC;*KPSon0GEyONUg8YvKPHbAXI(6^u}K72Im;HjqJ7P zdMBu^53KqDxxi+SbgRD0(R97#J7ir1f9pJvrFp-^lVV;&4I(^qr3vXs`5@a^r!f42 zBZY9f|AMwn#U2tv`)wjHoIv&Xpro*if)$~axS4epp>HeDZaRf$mvMM`u6#N>cMlp`SyD2 z?I;?^vzkxzR}VCR*8^1Pnj9wb6<+X#ou}FWG+b{Dx~1 z=?vCpKr!BC1y;#*=plKV^zW93+hU#}g?qa57aL-e))ZDaAI5_YmkB*=3E}jvH@#^r zzivTIoYv&-YpZ28Y5%PUU;iDav2F2n5(j-~j8DUM8YUyrR?phpL)5YA8SU(1pLbyB z;R(rfb`FCp0s+LG*p@`sr+Wn10kaPiHT;op)`e72V$`A86c>#q_(e2&LD$^AdkcgV?7cz0Zjmn}qx0F+VUMB-a|l}nP_vIkd;e4%owmi-`=>{z>#ZM;&c1v7!x^R`KG}bD zc64|uUZ04A*RP%*ogKY?1;4%#`>*~gzCU{Pd|iYQI|bjP@=cMzXhg<=-@@D3Y~;#W z#%|rH2Q3;8X6W1-U~DyAiD%#IgONCN+*In+Tyy-#4fcPQPwD=@nd9$_qbB~RyRo^I z-T!~O-F@8ue~3>eh95WZ2DD#tG`>gz&}cKds2II?Qn&8OIf3GTTw@x3PTpige;pUU zjw7%P^!mtv^Gsxb5Y}d~G@RI?L2~6!V2ODZ-r{nU;-zKefhRYn;fucQ!4ns=F>h{rstGMT;wRJUm~d++@JfhT zGHh^Uu;qk4=rjaggPP8QqLmHS{?H=%_<6ujss6VTcd-8+vvw?oqelO4cegY8e{-|D z{TToKAfMlU>wM8F2?1>q0QyCT{nVW=#5LY4kG@5;_)*0?Lr)}56??)IYgqv;xEa?E zlD;}JUEuDPvZqRF=eA7rL~qTW1y_=%bR8!)y3>gW^x^Xv)^Z%m*B@Qb0(tc^NWTwn zg`YvY=Dd-}tepbo-rRd8m}rAoF`e}; z(GSM9osa8VorA%rlO+-Yra8Ipxdke;iB+{mp-kd_nKo(t7~pJPtx(KJB ztiOwI@UZSW1ByoIBb0O@N$AjEuR%uXqLRbM7+KKbl6(;jPzrsb_WjjqZ|)htPM10y zUWPgqG?vBcB`15JHQy5o2h$|+FA z@H>YfiYx>p>x@CqB-o&~%uHFmoXCS$lFXe;!_4w}rMnJ^kg z@P~6w;_uBbUqfXpPAi=;$>IEGOP)UutvP%i7!cL*;8aJUMxNvL|HnXbe_g`5aFGjVa{P z=Ube0T4-EZ`&Q=ep}ZR?umCqv?v9k=LxO2^K9unx7$Ii4jQ5X^bl9NZ zYW+Z0DHa)WN@yh(tvaOJM8;mrxAK>Khgs~+JNYXU5#6Fgm+}y@1rvUq(vcZoACd{i z_JIucw@KJ`ZN#H%caFwWU(h2u@v;gg?s$eltZOP9Mx~&`Yzr!#-ZTlu=}?6_nm9h( z#+QeekqSJ7NX!o8`5uaY8B-QoItGhm$p*u>=g2ruoXGGQjy6)SRq%;+!^&fW6i--Y zBIi0sJA}=KG6mIVd)2v3O+hhrY)6XabpjGs!@oJe+fW9N<$xGqG{B(yTq%wVN3?OG!=OZSvbvV?HQjlKi%61Ni za|Wg8r6xkMN&y6MaG|Z4cNfDrnC@<8-z#(^s(FOJqlh_ZVf@#+iH~tYl{veWyAt&P z28o~HWJyj*VKNhi{RWCbWidLIP^8zZPGs}dEJ0gM!x3nw1Jq$Kowxto^}Ans8wJik zN08CWW+ZrR%{3)}*?8KtU14n~=G42~dG(#@Q@M12o0~?b3rXADiJwOqXmj#4U)|#G zQrLU%+||tOg~`;Dxdlx0VUWpqfA#{eMIK;MU95l+d}w!(L5S0-jJlSLv8%UE?8LY> zHl5g??i%h$CU>6b4)ts>^_`2bUoz+uw(WuGYFE=hvNlfS`4XVq=xM9rYfWUL2&>!< zkg7^;7}%iOSw_eV3mnCp*!v8X)oO~nuJP$G^@83gY_HksjRavihWb5yn%Mtx5p`eo ze|PigX3qZK-hQ|?QLb2kp3WzqQDGY|n zelJr!8B|iWgJEhP!AH~72JSmAt@+Alr1Z$L*yQ7UHFcOSkMUV`rHW~ZFn(50OW7=7 z^R~UVTV%~5$M$LD^FsXG{<+<@Aky^Nur9hg$|x&s%}1j;{~&l?pIs*LY;Y+^sItfT_=FsvBv+??Q+>=FJw&;~&9)QBoX!Um?GO=g zE`SDS=n--51bx9_enr)t^9N`OyZ1%mA{hq?CSN)F<>5dLKFw2NH%rIa74%4+1^J8v zE#+;}a=^E)NRL| zPXTB9=dn84e=6k82A$T!@hJ24;px-F+?JuoZ}!YC?Rqovb~(~#a`Ejv1TsYS^NQou zKskgMC%{)=C80Xjjcs2Scw;V%fIeUHn9?aj5P)$Q_SIQiSmDX1SMsc)Hu0w7nsY;e zSs0DdrI7v2ETI#A_Hl5TZjg^ZB3)BadVrO4;14^O@r^fy1t_RhOv`l%^Aw*V<)h#7 z=;{;Gc#p-;ySW5C?dg7z&L3pDZbOeJafImPkDhfTYevUn*4|TG_n7{B)~JI z3tNCS_TTQ#({9%O+u3@||NS7J2ekZSICOr8?H{|3`+w7ul# zpZkCM?00$lNqdbfoFDg3ULC#qc2As`)&q@GPJFkDTPFq&RM^8OSmuvE)^rwzv7YgP;^Q(RU8jjhkBqS6aZOUNffo_VB zdGRt#vFEWM?c=Cb%xA&H1&yRr$$Tt9%u@9eOk0H8lk&Y|JBNS6LkPAx0}Ac{N1Vxf zY%Ua+Fla|z-XDj`XBBhG;DO&vvPVjzg_G?X>qW~mNXkUU97z_m4SUvHn=IGFXY!~? z!K-$L$r^~m#b;*6BI{MOyn9tl!A&cbk1o%lRIF0cA&|_mn3Fr7Q5+N=7n=-0*|mLj z9!!(+Bc7rOWl}8mGPudHhL|55^Ic5A;0%%^y4E>_EG;8x_4QTnBJj`so^|!SOPA_> zAWij|%|Mnjrrvd`>YC3~n3;Oumvlj)oTy5Lf+AUSq+&+6DCTRDIcA^nu)%A^`Chz( z82IySV_o!PLZcKN@LadsS!1g0F++$1?U13XWT{q#owAZ_MI%Y2g?*tRuxc(+v{jD3 zmcv{#EQ{q2R7PX+5|l#{Y^0y7Ja()wpLcwnJ<1IYtmFWmZu%0 zY}ytmhB+7`(-+@3zlH6pNwsa8h9%ZZ(CfvCO8-VaCydd;lpQpD(miW_&vyo~%Hvb3 z7Ng*+Ywo)H`xHz8mI$86pfBd~ZF#uX(~Pjp-p;27D7ybPcqL%mk2R_<(h(Cz%z9LPo`?;KxCry;0083L?kda$JBaRQDg zi`1F7n4?40-pJ~&=&hHApkn@-JU`dFg0AnI0BlMv&*{-gF*Zm^)B$@W?4V8GaW92? zqFT>*iKn^lu=j8bANejhnIZsFiBcBo%iucX+o^+LmZK?#Fq$>R{YNvq5~|my6iQhX z#GK1@@5C(Y*pUJTIiR1}H-l3s1wAgP_dD7V)LKYOImcX_6?vO6PFWeE64kULO_9 zLnszJX;ru#Y~Na9-5sK?45=I5)R$UD5deCp2%9}@3r3B*Y|o7ww}$KF$wTzbbqZO3 z0@9*<2^FU|l0!cyvGCOv*%j`|72~NgZa2+i+5?CazI3Q`EMy=T3| zS*4_QdDWt=Kq;+@&>!rf2?mP~&Ed8$e#FB}l;`ClN-(-WU2i83gvs$K4^A?v+$X{# zABfSGNHf2YE!7vtL40k7d`I@ilazUw!x^O?G-xula=p65}l})Yzt;M0p z%*pgePi4UGbL>PKM17O(l1&@w^}!U*^rk*O1-@njRIm!}zP}#73UA7qtvn_2E;rx0 zD~!Z`UGVk2yqyo6!M5QQjO6l!Qu*tMh}Tf*YrdX5a)kUo~pZ`q)b<-K6J-7Ed)tClXq09F@%GH65>-vX}Ua(Gh)lMpfda@ z)we&HyK#WpF3!BH9W?`UDuA{BDi9eI=m*3_RGAFVWFx78tweVvl{L*!Q#s%@t$YDj zFfBl%_ecZMBs#4(I7zG*vIqTn;40ug2q%+ zucIKVfeiC-HZr;}RYWWHxQeinemYc1+E44lz}By}Rfa6R3}gkAtxUT^sQ@)oWx>Km zZ~5Yc^bV|%j4H~oOSX8QhNo0hd5+5NlR8yq6<0TU06X}_ildmBAcGj&X2`3xt@3la ziM-d8VHjFlStg$;#g}<(^em=6QAq`Hk)>bg4MYi8P7zjlnA&~We6!ogGGJX*#b&3^QvVXGu1xcC?vXTYy9)oY!oI@4<3ls*<_M0 z^}7s{e%me^GgLn9MNw`hD64=WT_<3DgI3!g4qs5P!4MR~&p%qc5bgiOO;o&E1)8$c z6u4Pj^QkE2gelNrwX7MFZAkg)v-fkU5>;zN*iHaU(rC);(~! zwNqd(!qX;$olDjY_766C=alX`;a089$nkPzIKNgfGuOwTWZ@(JG>HGO%vH<<+>hps z1gSg!vAvPa|GT}l`56E4AfM&Lf6NmAqOSJ_odcruZ(vmayUC4X4h>>38d{#YL%vOx zQ!J$#SeYtTY2Wl(Pi^D4s=1kFcJ~*ROPaJXkz?n1WOb};7JBVzYCTCM<5P>zB8RoF zw6n*xm@kqS?QaQZDR|7<#C*Z7>-Z} z1l?ztQ<>s*96<6;gXr&J-^w0W3CybETNjL2u7%7-E&v3pag3Ljt!5T$nRc{;+4M5A z|B7jZYHH;xU^cpfrg1u|HOoEYR=tytFdM;8d>u-*2Wc$ZKA5>!rOowvCfP+Bv&W(G zhcw)uvAcJ^{?tM3b;V%}9?wOlduAJRJ<_SN&$5951S;D>lz?STy_Dlo0e6miWc@r#(gRN}5E`W=PVMFKnP)t9 zh^Y8PZhd1;W4N1|IF%`+jUGAHDy^OewnECM{qk<+I(DB`v;N>R>|Gfb03QMCt7}D9 zQpM5KzBMWOyG;MLsxC+W%QINJtTpb5LbKxz@?Qwg-XO6GD5dUBU%BOYh0V3bb78y0 z_Cf@2^uf(V=8i12)#e8$HY-AJk67yr&7+4P`aAXR%Cba{ITQ4f`jDEU-d^|d%o_{1#jjnC5t#Fm)4#rQt#iZNfTkh7(W zvx4H~E3|^K(XJ!5(ITyY3U@gyIb?O@TvBNFVmouPU#4FzLXqu{3TB_=#iSwM3xu;# z4_HkqTr@AMM~YhZ=`W-EVGpzAsg;L3VipRSELhT6HRt7p4V1jEG923$HU8_x7oK`o zHLsN(ocV_C1K^WCidqg7jmDB{HHBrAc7E5$vvGoKJ-XVCf9mG$tfiH;dn>S>-sK(k27##)_sM+N1qX8Y8lB{LJs zZe4SmQ{nt6#W647B|F}%CeA4_i@D$`0Nv3KXLr`e=!`SGS0PS0lW@*1C^0MV(M`A9 z=4a%n<`t6aTf--OT3y+3D^)`hOqf^Wprz2TGEb?*270`q6lQ zO=C-)znbd1`F;(i`*HmiGIuV|uYqt!$8R1`q2ITEj;3LGj9Cs0s&cMW=H0ctY*uPN z;|X(dy0+&>5#rP6*j%o;<-WnZ@Gi+YTj-K~U@zZ?bMe#;mEvXl0_M?D)kZDZ4b14Q zk!xV`*eY?kRN2s3kc|N?*;`|pGGE^>=Bp`(bH~Mu0sM)0YPi4W;<-H)+~eZpen+3( zh?+jnjGpKfL2f3|lY<9{CJ^WoNiFHw@7 zf4%h8pOVmzX6>gMTDtP1Gs|~d^(h?pv*s&c>0B#5RbPTDIv&$_(U*Z$yyOd#-erV0 z>CBSC4Tda1R`Dz(ptXGIn1O>6Eyu?eE*tSiqLQU!V!diRSPS5&osJBQnce`Ysb9Z* zt*&1ZZ{j4mFK~orp?;)G;%qOKpDnQqmM@K^jCk0^OI{s26u7M+B5gsr%Sj#$rz9NP z+BxHlN_2~+OG8y8(~_JJiqrQHk<={sNJeux+NW*rA5}16-XN}`@(qOWUIVv2_HeBa z=g4U?11`;%vqWQ{3Ec}ga}?MDc#Al48iHA}8%H%_j(%Uzg;NIQjt(3J_9J)S*y?ni zG3FR`_vpO2$KmEQ;V$FMo{{DmSS9tA?3lyxJ4eqNGy9Y5RYQJFkJ?(YsK@N*i@M?F z_W#_@b@Yoqb^f2--1)EVt*4uh{-1~Vd_e!t?R^~ma`V4^c;62-@?JeZgyEk2K3QhY z=k>X@!lUly^SLdGG@j4n;}Em3zvng+@%8BKdGz+U3vC+FkG`IJ_w_iM^U>3j6~IS7 z&xi5z)XsU!^YScf;;*N9k(DO_{j~i%w{_>KitUm)eLICP?&{gO{R9qBHTLV2n{M~H z{=c8$b!U$bkE>7IpHpl`e{#Lq+>@iV;eGjW7X8fa|B1(gc&YI}-Hn~?ZZ7_3yZh+> zd5F&k^#7nFJ^%WC5&$bP{dgQfc5BQ1K}_}?Jwi6BdvXlr**l+WNY-D9bI65N;vTAY z>$o6F96Plxrc9&ColGB_iwLiAzzY*I_51SiL%Env>DIJj=MulGg@h>ptu#v(94!|m zjwyOvk)dfGABs&y{bBTF`@`5XVUzGtI?AM~`zLUfaRqyj-36RqX8#h2)rlY~6_S@pZnG zrDg-V7x5rSu%EVXPBvnWeqYo-R|4g(9y$s3BlpoY_UM#Z(D&)nS@Jrkv<-F69cw@> z;NH1c*J;&~uPLG4Dd3$dzCMGF5*p56V`G%J<|<*E2`A-s+Gka&gI?BTH;JKvq`Bl zwHU8;cW0-0m>qRdJ$^3cTxToLKUR#QJnwCTRhF4gl3+Xtg|D6C_LMaDrQ$gm_H{>> z--XW2wxnmi{Ks0#WZt9d(O%!C(zdj-M^tNvLUk+6jmvN$iwud=NjJ6TWjf<8QJ#FhE(2#0Q%bw^#hZQncRw~eK{rh@RS zCys-e{K`zX<6gZEv>OzMgPh8oBG8ms$X+0N(j{3zHEI)BDyl#lRdV?z;GB zVE?~mHqCeD!~WFee}ol4#{S>j*nZ6a@gScExBriE^ne;jr^&3xcd1E7N1&z%p6V;? zf|7Atec!s8_~lcofXMzsXg#_eqVRp2gwJq-D^|woX}zRY7k+Sc;5p`YC>m z!OCjCZI?qSw9mf{r>VBhFTi9G(!<3)Sle@z){b5y^RKyvSPrlrV$^GLKhEkwG>ER` zmX~X%wXMoDp-o?(|B5d@%Xsy4G1;3MljC3{W6HoOG7RL@pM=*@ctbNis?J0%0l;`A zn}POB@Rmtw_2c4-?;5!XqG3T#I|k@85DUJ-#3II(5bMP=+y2WM3(o$6y5XX&b~g#4 zD3G0#a5_ssdtXEebb#U^wg4}N0jc7S?Mvy36IoIk?=*zacpMIar(;i+ZX$BfCny)# z@wUXJ$}eIIUe}ew&34`wQY(oLJ}paEEQ7N7h~K<}t`CzGO*aawkUwQ9SIX?7OIl?V zt=EOMzQAiU3zh@epl5sqdbvgE2n@=s9CSqz!Z)nWMj#8yniPTTp0+^3f@q8@yg+=x z>#Z+5_~49)qG`&+h7|bO`~8!OZ0h_S{}R>n3z?PB8yjgX4^s4 z@V^f5ZgCi1K9aO%&+n+d{|Zzo_hLK(txtg4!6bU4?uKn&f!e@%Rk8@D_i0QOe;4Ux zu(`8~UG{11Vmy8p{WMwsu~m6*>%Z-%8`=2p&5ez%$MxSsd>(xLcldsS{vy=UW6PIE z!dLF0GYcD|G?l61A5dNL45|%UEcqHH)&wuw`yH=<9{0rV7JZFIr?U%;{zS9C*l&H1 zgg9BT8-~b4n$?xxf!xqOzcr+bVQ?M}>lz>(%lV1aBOj365dJRJHqebBW4P*T|EW!e z{=$t4G~+I2!{IHg3xgr{YabUP)L6guW603uj14%D@>IZjG{6}+je*4PVR@R2Lr@XS zB3k`$RQoW3$tUcyqbo|qs$|vkSEpDOr|EPO_Fzgrx`39ky-Yx)Rgl`ehk5KK0yFVE z)PV#65ihB&<~bI01qZ_fq@1XiT2@q<(gKb6uHpx1ZdV?G#`0>>soB9${1fICSJt#T zPv<5uD}@d;#ygL&RqqJZ3SmFQ)o?iO-F}j?SZ-pnG@9mFf~g|X5RKfXGUYsath`wC zO}UL!j0|H3YzS}Vj-;<( zZU$R=*+TvT;recQy!{Ov=*Rn46jHb~7$p z;n9=3&(cBZM25RBYDtJ5=U_Ob_2NouSk!d-C~9Y>yL0uT*MnuN(^FiF{$ znD*jHh&r8i{rN`rm8vDNNz%CVT{^`ILr*HT!estAK6nV`_AqUe4CntC(}T0 zRnFIWgn55Aa{ed`cA8HCCta%#0DwzZ<5 z37Us3cP0`c5ojlwsVU0aPE0YR0izEhBd5=W-O8B-~yO0xX-6uNG?8WM{fZ7Fu8pt zSEatDz*n#A!Z56&Xo2Bq)*vkoS5R7Az5iSP>Jq(`8%{6ipOk|A?r|Og+W-) zb?nX`c6@BXc#)QdJpgPTx#6h*0ykCB=pF?VH+;2#1{3jPKP4AH2CySs^T5i&VJkKt z(3%S*(k*A6I+88lOg?Qs6i48XtLX* zK)h_f6fRNjt_4Cgdac0!6dl*v#H$$UIsLHo0pHM7T~1H^P?v9&jgRxFwIsBnVlu}( z%k)BVxd%}bIsakpGAEOvMA5#swxmHeKShnGnP;eeXr1-gDWA0dcPAb#>X$#Qt^VxGZ~tL`_2~V+_dkL6_n*CA{v_X-2WwxfVU0gED)-qt zi&xI-M9B%pA5)V{3hISG->3iDx~l&&_!X^x{WBWdKaZ)s)e8){1?ul>d8=MOl&=4q z_=OO(+IsFTq$FnU~@P-@%6?dCk zqKM~X-efhL72H$o261gR3x-{=qLecMW;PE@h>uO@_olWE=u!wuA={%^Vp$G`#y$p^ z%V2&?BHF;v5yTWhFp2y9C{1Q`F86%aAA}XLdrqHC;$hUg_3emctLIpu9>k*wM((u# z-1RrR-bTUBdbu3>3ZrD%tc8!6Z<1 zU@lig#X0RzrAwHj=4e^0;*|wKmugUiSn|OHwixkOcSc+^>nvrmdgR(ePw^*T?;q$x ze@#bKavt>N&^LECix}Z-dKo9t-)XyUE*4f*UmhzDPM$YqU@z&GJ1xq3MX<}lp1=4GdowM@;h$hplNuO#K5?>g6;RHTNvxe8@$t*yMg?tt&psJCcm zTt9ZkJe`qZxIWF>!0pqpH%p@FEw9}%q%)mOFuzOKZ|EUOC%&#y$NQbd^ok6TO-eFC zR5xtW*|gX;28LS>ylmY!S&@xb?NONO4o{#D{wvfkm@R3X>XW2u^We zrifrTxol>lE-H+T$Y?gpl~i7yUbP1JB0W7RtNxIE4MbovN20>W-iPh@hBP(u;5LG^ zh;~QWphKVEg~O5FF9yB06;*>6hc6268C34ct0CYqoFPU zu>1{<{dax*2u5;nUEEwoy-Rb@AQ;n8H<=}~{TrUH5S(FcmVjY1@0dt3`Be(<^_l@l<1MITVSo|3ph6}yfkWU!~q78I}$pxMYM2=j< zGfYepCP|ET$`@yJbTJ7>@ih>7a~bmB>;+(B#)FkqjG}QgnvIKkd51mr4!U(RrFNqEko$j)_J47#Pa|sP?E)LX zHSzyjTbsH4-<_Su`yU_V^Z(d;`@S}Eq*3(z?N6agW}kssY(idUc6pxcxgN-5xJw8J zNM`qB=7$?wHoa+gd%D{YcA4*f>qSzl-)z|!f*thRo#1Y%S}K*QN~KcOy`TRIBWW$J z+LM?}0mJqJ$pI4?;yQjef)8K#{nU;JUlKAo+Vm6CNV{^?@`3t>_O>L){@O?Tic0`1 z^b(3C$$}=*t&7sdS<6JHEMSVdTLA@3)|vvjD)KdbWG<0%UsA|wi65`c!LXkq?uH;1 zP&6=$r)MpgR1r~n4&5*jf&WQnh!$6x;Tmw5LvU*lN8?fMid!!to{fe<5sghyxAW*T zi!Q#6j#m(ITAP>K;$(N%eID6I?Ie!?JHV%Tq;23z6qXw0{Y%{mqNWFW_P+6Y-Uvpv zYq^wW-O5o=wXbOIYu2vBu|-C3s;y~_i3H{EGXiPRa7w5H8tGC-K}u1$D5$v2UaPnX zKWQmfdn5ukIc9PNSlPmHpjl8rGO8~SFcFC5ZCRM=S1Phv;qh8Od4r!^6KnA}Y$up; zPyel6H2)}go>DTWjBMb~13w&p=5Xgpaj5%!wYWjsW1q_C{9nK}H?3t0706dltv?L( z0Q^EbJ8OLnYSABw2?$S`Q-Y|PbM*PH7su-6I9mL>`b#DQm$_;Ako2i#D=zw<*9S&9 zxA)&v|G#H1Up_7Be@~x1-v7Lp^2PlBJds3w44U7QZKkhlmdLb=ZB#fVD}dF za{*w1-Tw6M-CFSu``VA~<2C&6|6SXdtOC@00h^3s*@vyE?Cp(le|G|->W$G-ygvvd z^Z4~=5O&yqP71<}@M`~#VunN9OTPY$p({v@+%b;*P24oIPdo0O|Hxeag+MQLyfC-} z^I|>bVeVK@a+e;I?8`yI?~vPk77x7C+`27xC6Ow2#CE;G%oD&idbgTK1aPS;3D!oNY7%uaUDu)y|F?TSvB|0xa%Wgw_CO3*z&7C4|G-~A+qiM7w zD5yb34yDgo^1Uc$Fq-?O6-%m248rYR zi1zOOUK1HSR14EhJjv8PT-YA;^AK&X$tGn)gnuvvAN-TX{$N01rvWJExyI-(UC^jv zymr+1h;isCUtiR>hWFdL3c!1Hb=At&N-K&78;!@V!Ua5KiDxVTbow0vPuipr z;vp}eXb(j%lFH=}u!dNL{{ssH1k$lDARTyA6ep5z$Tprl5vK?Ly?5MbbUGajM;ryR zae+Q|DulimUN?0loT%#qa&!d6=60(`vB*#?pYvGNsbYpZ1lwpFL=kxmrV(}4A|lN0 zM(&B&z5gvv<7@GekEO(^7yf%J+9R0#F86+yy#aZeFgT6+Dn+M}=wAqWLn1debs9$X zKuGqML@a3nuYk+w*jN6NBpJ0YC5GTR2cCeJYDVZq`LRefg;+VNXIsWoCD}@2DYwv7 z$GptYv|-&_Mu#8xKo%z>`#??=+7KYBFd`4&ROdbTh`x0>)FHy+L;wJ|?qZgd{wZM;OBiHdTp_QSTZ}JM;+pR{t3u5rF5dzqFp> zucHr0jT{0B@T!=NUYlcd5(=(qrHB34GcLD^ZfL#enV?Pq{X}LVW!a-FrztA|O($Dv zot+uhvg){oycc=d7 zyYF@cWyeJ#Q52FW*3cme!cTRGR`YjxaNIUbbkOwtAi=6n#IerNiEBw>XR$uzSxQQ4 z+@tI?iA+fz#uJ*-+QzPC91=T$xnZ(}V#Q`abi%ZwV6dun%w^(^$}q9cj_(GUB1H$H zjg~kuol<=PUMCaGDdB^5LUC>k-zT@RAo6brX1hq$m=b*h0Db9Tla5#YK(;3`EjH^I zvhup!DDEkl+w=RhE>q5;ktQv%t8XnNQa?m;{zz_dMt0#Ah&$>c5hxg3P9l`Oi?Yk# z=_q(|u>BHd=I7`N)8cOCl>uuG6cOvT8aaU2o}YB#8EIVX`a1Nk`GNsu38I-Q&l55d zK*CQx3X~}37=Q6l=}2KllNkwHaz`!ukD#mhT_hfhH30J&V3PrY_xbuemss?(0n)%`@`XwNE`@#U`bN^M$6WZfW1dC^fuWdIR?u; z>@{Ns)Wo*dmq2*$lk*|4)F>PPB4dejiEgrn1N*rz^DPf+`ebfbyU zmRL7BE6@=dX!2yP6TzT}#K46BXgum+glm&}+K@Me=4)kKiITTzY3aeVU#VqB5Qvwi zNsa^cRW*IXM0tuLRcG}!MFLw7q$Jpus9wV&r5Hv&-^9Hf2T(D)EJFFe)%5L>4bA^I zejoJHp=V^GM}iUcQjzejbA?y+6bGFnmqw$Va&Wb1Bm!7P0Wp`DvWplXYB#312-{zn zb(pUp|2vNWoy86v^OqAA(>*CMhGtidfcl`nh^#sPK?^Jg;4F+4Z7?{%o`320#yH!G zQb>#tp&+qEI%yaJQNA&14VqyWhnhqzL@U3mBrD8qMmoAZ_X(>Kb!8Ql(BD5w#1{F{ z9N|6`HmN}p<+K*;^%W9E^_U~|X)-`*IIQ0gxf-QRG6eIfJSW$_&JnWjOVW;kG+;F+ zM)|Pap>cB5Qx)`7aOH)WfOr(frw7ZxuERLwR?9cB~2OgfgH05i0ODv1ThO5RXvoxQVw zsL>wmwU1!a3;#7+2t{(ro!QU}Z!E9%D9kqkkXx;etrEi81y0+=BzT-eU9mNu>VAYP zh8RlLBvV){9g+wJ-O_-ya&PF1xz5_XYvIP}yYHw&s`sdAzUHQOvzFLnMVP3v(+5!_ zLA^GuL3t$|6`Q<2K7f7={4ivNmcB<TUR^_YS={cY7H+(tu-_$yjsJ*Fxl1h8UA&~ zUr`khW3SeF-B$|eubc396c6-kn!{IX-S8D&`VHxIebv#`t2L^ppQ#CYwHA$E5yqR* zrwK6XC+F1~&cd%e4XQRF`_&q3s?`Gv!7wI?`^+`oj2{A)Hi0q*xB?P_It!9Iu=x1Sv*m*+`MafM6UA&MwY9{)L|5lzM>K&s%S#>}eO7QNTm#X^gsf zom#0DvWShG-b1ikWW?z5b!huabZsk(IoeoNl8{0V_2}|R)~2)7$%)14N;YJ=WzG5c zP&=SRd}y`}t~YUjI<>blQTlO>0fDU?x^KBxXtXdxM+DON73y+RP%+BU;OBF%uJ-_V zKf7J7Xc8?keA9>36!TeBQSf@wXBuOm%nC5iN;B6+uhPsVO3%X`Tog)@fNFbQm=U(D zGvJ{&vb#z&t+hN~DJVHzF}-5#$dAT}9)hCWeLU3j0;Drf^nrx=HoON)4I6|$>OI7w z4ZW<5scQ5>%|U#$e3|PWgl(aVCWP%0#jxx&iK-g-IjTzSBxBI-B?p3J5ZL;-9U-zdMTH z`C=yGF~$R-u9|xg^Z*#7{hW#_$hLdcQ|+$WecM4bm3pIk-Z46=)ud8I)eUX^MxlR) z66)YSf(Tk2^Cg^Xr;z;N~x5QJJSK;O+85MQL!)3pu%F0X6aqK8UN`+{oL z6hHZK0!l}h(`mC2fW~7^CA!j#g1PlhgZv|`6AAo@Hmz)TkD2Au{*$jC zZ@v8Cug{)u;K`83#_Fs}uD8kvuTQ!=b@%^U<}!ANIV~x*ihXoSline@NmfaL7U*jb z6wnDYJd+wHKaVI-g=V23IJ#b(fbi>Q=TWu*$3Qs0;%QkDQPUfTw5SxHA`9jyBF)-% zqmV7o6Z0{BfOKIEk?4TU!2ml2eZeqk@kS;>dJ&qrE`5(#aiY4{QEb$fg(vI|pj@w5 z)i5^h+*v{KsLRws&flWF-L*Fi8c)a`SkTdxENiHL(F0NUYR5|DgWqqG9z=d9MB(() zew97NtU(-LZwK`0EAKj?ceG{D*Yg-KJ~9xqzN7hUM{GZP{-V0u%DS2~Y)$_GcAmHZ zQsP^t4|Q}&vYGW4vY3;?N6XbSl%&arEV3U#vciiC*u!RPHhYG?1uU*jYuH0a7;tNy z1n*zB|MCMl{h-kvA){T6P7&$QKrfrj0;}Pms)9yJeoe6pti!xde@O~14GDFL{_=-@ z;E@u_N3N(Roo5QlMujlS*|nS23D5N~ z*ih=4LA%oTaf8d^QfcBEGlUC^10Y%cJ_bpOn#75enNPvD32-v@xyOar;e*sr%Xpdx z6m__vRG8sD)E-V*n7E1~036D|Y+259^C#H5aL^3pRa5o43B0H2H5tJqq}gSIj?~m4 zvSk1U&aINPTzavOJUO9#1XU+DFZmfJ4cK+;M+pVGz|*`7@3JV~afe0bdkT^x!>*5@ zwAo2il|MIg<t4P^8h)>4ns_{1QlV^Oau1=<4y@zG<3(eTkdtAIn*uI&;|mkfj=gExxQ}s%jLSo8rm(FYV^)0e7CM< z`K!g6M3?(~7#EI*ASi9-jZVF4;gDH6CeNi!?UJNT4VLSiWjkPV1qctRoBHIhfQNW~ z7i3^dw9zhQtgxWnE26Q^SZ#9+YaT^Gh2+iDWD}5zh&6q_Ybutfr>0^hM#)kJ8s%nb z3}ov}>O=#&<-V2VQZvbEH9 z{j(q-2g>#rdA~jlm^c)k;ezgk$GNm`OR`v3$|a}Z8S14NeumwkaeqpF99A8k*pDA% zAY;qJ^^$(0TMlfkJbUkRPFUH}LrkM6V6{&9p;1>-IZCp_`*A{U42o3jG1x1O+6zmJRZ<38+qSIXJC7+TlI?F|3j+=@) zwqTzQ+e6rrGrT5u^~t%!dm>F(a7}VI*x(xz$oD(>w0qiYOom~!_jQ!*)XrDA-Fhkh z3;+4vGB44g2VJ;>xyp~HaD1VR&wDbwCUQ+i9<68CMk}9TKBmpiD`ZGf8Ewp;0jkf? zj%1vm45+-Oa4(sjO4KuI=CtfKMHUpTDkIqxyC2 zk3ZDW_Aj_x^Vm=*-ZV!LT1=5gFpGeHAx6o_@bbm;XKD(FUeW6a?{aXTHml~4HrcP$ zxzj7EXE$Iso^_fnF_Y&Fv{?BlN+8iMWz7tdgbb&=5%X;~u%Ui+9TT)Vk~edwAvhjtt?< zY~j_Jqq3Ka0)X;oj6bG6Xwlw>M54;}iP{QXFS1_RKA%Q)+EnDM)h^}6!UiUqk*Zc! zdI>F^iv3nNL0#qD$?2Qp*C%K1PhKByW@J3Xz5Rc#vIa6Rm1x=K`!CvdX0nY(vq(!^vH3k%TqX zrX#0wST=oMg;VvD!a={EST2~*8>K#*NXO6|*Lv)AQ*uEi10wp$OWd9Iv;{pU0CAP2 zv41}1n5oo1inC#WBKHIS;-joF@s3X@KrJ4A0XH!ZNHvPYi`MqjO%ce{YzNfnExc^z zK9G{zjyY?fo~wYc1?Od$u+M)K9`55V|+axr8*G5@@TLO>pG=`Z}j1)2^t9oV>Ot4gfO!;0C!_fBfSgIs$<0=DVJ3 z)LkC&&N04pz7yt*;?n}}iGcV8N!r8&DCi-+^+bQIiT64@n3JY{f`<`pP8*WhLGqp` zitX@CpgbQ>bPjMco=vqjtxvF8jUCBGof#jL5crtC7Bt@_Q*Qeti_5T~{FKFMW^Pn` zoaWDpfuSxAZDud5fEeZ_jF#Tpu`>0QqiiFou9)gw^*yMI@gete6NpImX3YbxFeAIlMCemVYv@8&way2 z(vkJ}hCQa{D>tx1X8$*w=Erh3lsM$KP+OnCvs7%4u;SLA1(xq~3l}=RE?;~}x+Npx0 zUz!YtYr5H*ptA+KI3?EgZGl8|s)0YwWo>bqEqzelnFNOvO47acR-I-ibEPZIlL7lU zKaRz1ZPl--3{GinInLSWaZNcFr`ggjBb`Zb%4^Gn>6KIO?a<*nk)!Wf<+8i_QqMVaj z9l#hb1Br_~y!LI|-%DCZc?tDHW!xi|1F??5rLIfq$l<%>)MLVXT3N|AHU)d)t&e0(U#6HS zh$?mPOLzOAnmU5&iFK8NSU1QjV~PaiIuWok6%vj^Ejpg0-0?YyIUvZMOgJgH<8y#A zc&2bXG*s!?JNeGP(=i@w&rKB(Yyr4Y%PfbR4q6-ZcRRW2Cuyv1*23hX>;b|vQ7BZB z0kY<{Fk&SI0@mR"I>g?{y^(>1RyiwO14XM~8yEhyk)3qnJ!Hrr@dl3$#V^_B( zXjiQ{uI2W7D!$X3X2 zl!BvZbXABfV`?tohS1JwM>@Ic?Ou-^OsNMtXbSg4_Do#TWM16-=a0JHw2eQq?h^MV z^HW}Mmuh;`^Swa`dVt@38}(%7pnanQdt?v*OEZW(V8Nks@{0ls`C9uNE%Tc+TX7rG8MI_;?c zrtCQWc(#9wa#KotkbiB@O%@2Y4pzn7n8>n^W!7?2%IT1EY_#U4=MP}R*_jBdeEo$Q zX+a6QI+0v>&t87N<9RJ8;z()W9A1uc{wPtmiCapLsGC*6=Dfju;pa=1@*W`nI-8r3 z35-)$y<%>#k-iM~SY|AM`u+Z4lpe8PYNz-*KR1(|m0&BWLP}Z_!#33Uwj^J9Den*S zuPvS?&&PxMnj$wh7-a#f>rn7nq{Z3v{;#`~cZB)ZjT?QaO8Zis7LUTvm0`8%;s)l* z(4G>?X}r=2sU_aw4fZQPk(*>H#ar`qm(=WF&ja)k)D9Pz9s^x1zLIjIE^F7lHgmH; z$FP=AIhk>NRUW7FJ;vzL$8;%QZE?{B7U%}{SY{~BbF)CFug7)cR-ET%aV}nu#j!Zg zjpan}zJ|SJZVY^=ki}8>nk4w*$_=K78wF?MD#fd2ZtB#53Z7P+phtE#Lvda=ck2k* zs?!EHi{g&2r%s?3t$ypYJXn3?lO{eM=~!jt`GZ~Ka3`vpLw|6g;s)j7$D=nB zQWt28v;QPIeojlJhr-M@XCs&X6g!jU(4xTn&U14wZjWUzs}=I8nz;b#HLW%)RI$pr zxjQGv$GNc!&dmhvxN>gp&ZY5jZtS9T0fp+)(#h>T^+aIug(`dJjd&Z4F+nf9uf!#=~cPM&;7epaIz@Q!$ zK|Feu))YX!jkeP3Mt)(nFjB?^PrgZ`a@f?anH`vx zO@xj{&NFh+w0>X3FthkuIdhSA7WMn(KCW!JnLOaq+=S!dNrrr#*P^3f9hyMQI{gKQ zYa>09LZsL;mkR;NQ7U)IAq-W{0T~f+mxQt6a_RC^yIo|UofVckfcmGM39pNDW2Lt} zESd&xj5nm61ebF=y-(0i1(LhIV)wzQoSHj%I?c7t% z%`OMZwY-K4u+W8AN7s!8P1xdKcE8M@7!4rsf|Tkz9Mp=GndWBCPr4JPr!+Uw7z2+# z&d!|0eQrjBHvS82tER4+oBUkhJY+#C6^tw+=pBt}HHw?9Ge0-GUJBcx@)Rj~!*A7$ z=-GHIvlo~B4bKhps<(dlRwjuzsIc1H2=$6qOCT>foO^PCQ7p|xp2u@G*Mc{v;y9{0 zSEJWCd2;|d@lh=M{^!c-H{w*^E9-NHOA%mN$`LgY>-q+#-{&awGJUkxOe*d?4N!gR z59PlrZ9586f89An9OrwaZ(C-ULMPo z;yyR^IzR@?x*#8Oj!L!NB;}0O5glh@35$T!VFdoik}J-0lZ^Yb%#AmCoSNGf z=ea@W%wAYulVD-m4vlR&(AT;po`D+Gjpk`F;S^T9xX%qx_SCt7X(4X_mMydx;9n9s zk7edE)7*@%>T8Nhzs|>LxpQeb7?0No?gg4oHkyT?*l zW}KU!e9R71Q~yT!ud;Zdn%X6eRDfQ@zH0dX&$N=zy9&Lf)WP&)$rbmx>0Zc*H>0$l z4dyMy7D-1>3^KBl#diCvD9&?}2FWzL4bBZ|&GDH2RT*_p4^H6EZhZY1=VrFzY_l21 zeoY+<7K!@z#|NxIQ}90}Stw#3LHd~dhRIclL9#)jXvlzL8Sm-O|HO%o4`Gfop^ zEA4c_JAWnZKrZVhbFA6(Qg6?%mp8@yW<5W~6r#Py6PtO;O=T9iEyQd`l;-9HkI8yR zu?!-wci^ALUhHRwY{1j#JsNDVf(UdCu}*Q(nhB?c0PWg<1**h6z~{0aJOQuM1GL2y*B7_HoYKef+q3rW99sgNVetgp)$r+=$%_-Q-mp&Yw5;vCK3#f0x%2rzbx*cpvw1er{7{ znVa4A~+8oq4a8ENm zioG02uZRD(TCJt9Wn~!Z#zc~Ammxx_@ z|JEBVey|HJb*wRmyV2n1b8mMh1Xkis-Ha<7Xy=i+M8yerdb`Nz8+xOP1|_&v+s%xo z=+;dYdY1^1j<`!@*ps~(Nbg3xR*j}(Xq|mAWsjX?@FHz&vYzFtJ}fpk6WzVe;cz1T z%}aNBnwEh8op6U)d3xtrG9V|oc8GmyuhL%ulre@cT7FZ|EV#>#K!5Rq`qOCzSBF_Q zkyQh|ztO&h7Ip!tVdBvhY`Rjl6lE6N@jk(g^k84%6Dn{a!pc>or$8)p2w$w+l+v21 z=k>TVOsk@q1-HQ4G}c(5i^rkxQqlKg*kYffllT&rIp}Uez)%}5S93$$I_k{0-|#I{ zd4jj>Q~wfGXY>+!aFTWw+|`82t%0lgU4gUd@a=S}{aJR&fA>Nzoi~4&g03;)Ema0@xUZGD(gw4Y!+?XIw9HZP6FD z+7zlYSuazmbL*ObJKO>IUa%(v?;3bm6!t2J@o*#^3 zd3q7c;ZQDFvz+; zo1isvHs5xo1g(>tE#S^Y&`y%G1#~WLapHFc+_?zaN;$hKNK?g0&K7XzB514S>}nxz z9=dZ8v~_ZJm9Xa|XA8J<5wvx3cExZvUCt({7pLRV4BOdE&f0BPO3J#QS7f+z+Rjdt zvpIAwadFzu=5XhxA~`wt&y_E^UYRmlEK>i#>pIrSuD?DRM z$}o8aaHI!W@XkJ$06?MxkJm?U3pEFe9sTW!6YhZ7N8=bc{}KG-P%3ilRtX)|xO2f; z9qxVyOr!~=5vABWtnu~yK1HcWE$jyVCnUYDjp5mUlOldoNCQ;|kpMlQ(fR9_?Ou;Xocm zf#1zv=3}~}Jki%lDu-f#)kT-;ixD-ruQA?L0SvW+EAP6v9H-$9Fw#wfN&8vE-6t7` zGRX3pW{J5A-1oXmCu6ZV`BYTlZaf+V5`F2sfGDtl#uDAJ&l6GKl9`%n%e=T# zYqp}LhD-0o{+>}*0LtBs<4Y8>qdYBd%Zhi8SzNkH3@s~qmSyu>q1%hyRS+CbvZ5Au zi9GPb@#lA=QZ7zjvnQ|Vy@j*cxt89G#D44t4j_%0jairQZ2a!1=ehe8XxfdS8itnj zyRr>~hF_=ACs`LJU)wVCSrciazLY@)p;#o`V@lZ!+Bx(w3LtRB^>!dq&bTxU*<> z)ez{6yM7-XKCfL*x9fBi;VD4sEW0K4vxDc1NvKL4b@JR2?ZSz7CyDyd4d4Zx3(qZN z%fgG(y=|hq)Sm@^^|%8-&DB8QjqX74c`nXu)RTF{+1sxgxD~iVI7Pw}2x&Qy=R|iE zxcelpD_Yrb>u^WHg97K9G_G!ldvIl5-0{p;G&FE0E8o35>yAg+m$R_K?%ZolI+@(<<<5~9=r&*)b#ohEZ zn?|E3hz8duBRpf+1#G0T=ZBL*eFOsYQ{cvsIX*sOSqQTjiV$H*U>l&u;mS- za3Iv(gk~?o5XebOyhfhssYvFYNab)8p#SK-6*qsB*pJ9u9Kc`?odV%GK!T-ccE(b7on6rqDBo|iUGpzk1;vlQWPiLjYmBg z+ewNU2nW|w_Y@4b!oS@%+a(Gb?JE{PuKOr>))NJR9}eCVf;#&71l+|{4N7pQ;7$P% z47+eaz{+I zX3Q0}tKb%JhcH$NablJ=djwhuti6i5)o^RqtOB%T3$&uR*#h`jny;X^#$Dv|S#;pJ zQW3U2acBdwPHVfcA4`|cxyQ+eERQ?#{lfG!uw4jB4GrAADEv01dt`pBGaf7B9a0=D z-%xhhRIsGwwzzwZ+tJFHm1G|`7c20HjPJmE;kAhAW)#R;%Dj%(^8l#mNet%8rk7>d zsm*~q;#&J*4blu;loib2e6B0vu?nP(2(_2*^6o39%Zduz)zMo9cLv-o$^Nxi=D?jo z#o@_YJZY$L7`PD!#vy26v!r)S?gf zvpvh9Viob{gu8^DH=PV92JYX-=Xe7YbJA<)&*e3lR2IO{E}ORZk2?1AD%_z|Osq6z zof@E`U`J8yS*os10Svu-@%&k*^t=jpcwTnohCg*qM%XHx^sG#Av$-qWb*m_}4(ftA*FaErq8S*o1(hq4rA z1$0w%J&c?s)=&tqp)_9GrFFi4w01{>UQhuHVV^st=MK2zq*0EV{C{WSE3{+4YVsl{C~KA(;`jXS8^^JDT;rflyP8qprAZgStpIPap&On2yT z=nW(}b5^v=;Nto`;mXSOvnE$1iH>Dtg)`%hPYT~+ZqABk7F@(#n~xQ-b`f*Sh^#`P zI29Q6`Ip#FlPWgE)-MQKD%Jw_j#x9!* zH?hpD8#~^AH)o8ii8d-T<1TT#--EUQu9%%L<}^JGG8OC;Db`br&@LsbZ%;fV z=ct)+hfCG8^tvrV-jx97}uv?5xtYEZfg!1g1notQ+bu z$0R|N!g6A{b3gRr6yw7QcW4Yg>3Rx%H+m^%m^zmi-lY$CBC|2_z*vr;sV6wxkYREA#W1y*aklWys=|rScS75gZdIUaV_<@ zYdm@K#8$@Ws$3KX*M?lITM+B?0`~aoFrwqd-3w3{yXiQV`sy%BjgD$eQSvq#4P`U9 z-4OO<(vAJm@}C|#6d+0xr={nB%H}PLxIKs^Ds`h}zJcU^%(R-cLg%}H);wur7;{)y zJc{%alKDzHnBipCzMEFn)CT@qHJXCS{C&4|kaXON6n{U&<2{{u zC|C7C5$;68PZ5=|_d2}%;C>?scHwdCU5hI}y-*InGQ9NTi0_tPda;j6s~w%G66NSH z_V6ip;`wqdDtF&jG^qlvd8OG)GEHNwD|JT+9~vwpc1w23WkKnDRCyx1u|trn3RH5- z)x)Eh1(lc%$_r4*tFuI}DlYMEMW^cd6jVB8jjl@?y_(1b zgni$sdOih}PD!Nea!9W%DjoOW`P9ZvBHT#uLR#e26yfd?ynsp<5k5(R7qGhm#hq6c zQ0XGVD<$~q;ZPNK30^>@iwLil;H!$uxvA1cgx5*%)kLPd1TUb{MTFN$@RdcSqXbvU z-DlW>XA<0QyQ1=YifckWDxJ3A6D4>KyDL%L_ux5HI&HzLCHU&$P!)Fxo{R%t_1Q0cS>Ss~)6 zH>NO}@F74LcCdt)38-{IVjU{!-cv#$C>j;Gf*i^r z-f~>WcpxF|p7P@m7(Nc8i+s^@b9bs7(e5Uf;&|FlJllio{Kj3C-*^>^yA{0xmHp&R z9F0f27Z_ZoB0vvQWj{;bKEUdtOZD}|ij^sVuy%0eT^E`pi1^yBidY2OWK5TD^#il zUeR0wr}tui&uB#}kjlKSkY(s;dGA=|6sQETyYSIsr)QaUzZJT@*j+6dQ7t&I|nHHN6)RSHPfLnSQiFWrmGo9V+8-*iPOj6%hpsdSw+wn#OlO)VnSV zSm1<>N~YXXJPxSL z8sE!s@3Od`IM!1o)Or^N*GO1D86C1C+^Dj$@%`gr0c8PHNmiUAOP+O4S%GX4v}P$G^aW7x>2^9&7LMp+HAHFW=iiGdEtlRVfbI zU5fW`8hw&=w?=OSb1IMm%;#AbH0e+&Au=#z)ol2NuWfD_6_)>Ix%wk+M5fAr%*=$s~f3#by zI2m{ml>opIjmwt|+8vdS(Zuq=@wPGu@GJ?By7o^Tk`Z8KaW`kokeDI^J|RIx zfp;!{ndz9UCUw>X;FGA5Ft`fjsLD*JY|luT29|LD->Xjkk>3I0; zM9>oZ*@?di=H;2p1$^4y;%twWt3fA;`p^+z9i0m=p6TBI!i#&90;0;)p9P(hPzj)# ztA)=S-I3z+a>%BrC-Zomni8%Cl?bUwmXzsdxpC=El@+M`BqwGKnTSfxUkebjD57q7 ze6ZzKsAQ_BXl;N`LnT8n*mNb!2U%taL*kIVrUX2f#HL=U0 zI{NuERK``UO2DV0Qh^Z+y>QdS3Z%UR#a$U9k6n(TPUnaYD$$K#PeBhCYog93*z-3~ z2jpIs81T}9?Rep5{UL=CbeG^3D%}Ir&W_3{SOot1pzvoEcT^^RPj=no{4(%%uV-UR z!LVaHC=>9q;jN;$qZ0Shy9NanO{#zwP>C>B6OUr%1%3qT4=mJ*2Gzi87q|knw5z$I z%wW!7Z-B~NGPS_@99(7d0F=Q7P#oHTtW)tWeC~ng^_W=PodWZyBxkFvZ)g35!QMryKL=P`mzvIzD75S$^f-=bYL#*;9(;Nfbha=5!3ZN zkm8uvoNkZ;P|=eZ^_z`J%e9@H7nQ{E_QM(+8sI2)m^u1fSHxo#o*(gRuk|J0>&zl{ zDo|NRjT!J6P`P9~?sAzIl?pS5CvWjgrp9fTC&76oxIraoHMQ8pJ$TRZa#?M3x}!2-*Ig%*kOBVp@i|^$PGw?Tf0y3`R8s(9 zyKM5`KkC@eYf*{v7JW6c4Av8XTbj3O&+>W|3n1*}i|5ZerRTM%#FNJ(H*~5KM?zlV zkZc9Z36vljq9K&h@kFCl-l%j~F}!DZFaRaGzj zB`>p!9SlPAqZfE#cPeRuG6a>yxvDLID*e8}9LXO)5uF1I;zW24yUb3NQtcK`S(T{> zUv!zlik?v=+AU*;!yQUK2%ARIpHMZIpF!$Nyhm1Rqg-Cb zIXfzW#1dGRZ3o9TJO`)Bd5<Qs4BwP(TCkT80S5d8N%Dys8ks)DV2Mvtp!}C!~{-gvSK2x zluO%6l^HIZSg53X;YVJ2QPDC7{1lHOpdK+t_8AaYeh{FDAt2}&xgypLK-ku~pN8Jh z-?GgUlTn$B&!;0&qY^6j{FofCuXV0)g;lg+s>}BGG1$8;^HC)_MS25C{-+g-EhhA>XlnsSRJQq$5o;F_xy+a=6$(Rw!Onk){ZzgK zJaIshDOBnI+r^Ter^;iF^t-a?1cd$Njo&FhpG=i*hPJYijrNPns_jfE^XZk25ev+T zQqz}fjStU_UrL466t%wFnI*?98giTKg$ej1Og zTOW;vvQgajvwJe>#{OuP4tFLNAS)84OIC16HE&(SB7iJaS<(?R3q7Y*?`r?8BpWT- zkv|5}0GM$gdgI|piyhRQ&b>s6wO9_uffonYOLN9kS?a|5126V`cjGAhS9EUf4R>Y$ zLxD_jVik}~WS9%YcQ%GEQUGoLZ_o3CS%P{zfKoNz7?Jh=RvlVS05f5}HMlz)!xt%a zw#)}!s^+^Jh23!+!>;#wl4nj1%!K(afxG)r-9x#-+)F`p)%nsLnXOdKHwFfgz5g#d zPk#3CoZ|Wb)3eW0vczd=32k zF%@@KzMA=d%ok4OYmncMNzJpeLjFvTnb#f4*RZ}H)5B-wYgpfpIqb7?QYC zTrcTs!hpc65+HlX?;#R+%LFAl-V^6!*Xv#(gLMdXHbv-#(WV&s(4|e0451SIl0APs z+ytVE2TGgh$Z$_hCP5q2|nYfH>T_&@G(Fe zcG3ko52;L??~Xf|(tJ}4nuKzN1n6tdtG?&=`!dF5onbccKS{BB^d1974&@NTQ!PPR zq4oWk#K@tnkbObO~F> zT$rJ{NnfX+E)-9rX!ziEzr ziUPUzNy^b0<+Qns{2oZ_A&>*dGEGEp95WZVkik&JOA*mXC6;fA1L<8VSaLW@uQ_a| zsz(sKKHXfw{ojQbr(YoE$_mc6V+>0IQxnG$XJj?_cd@MCd^-l(Brq`FxmcSkU+MyG zKJYSeeY-^iB`~!SL05H!*F^<=;AP_ao+URB&iAU@Q0=lp`)@tpj*-y`j5wmm=q7M? z7R-B9LZTN6MMx*SZSm<-=S%mSOWwvKNRRMUDnh3x* zqOHB9TWx0^DLiYu&`F1@rnPKQ}E zno}W6SZA>#3bW0zED~Z^(G@<%vtW*Mq4d{LDQ^67l!?CAHJJ5>Y?2?qfa9rAfNsQo z9;FPhIkFfKK@=L|!Uy?93VOZ1ezSjadi>9`!}iorlkGrEzHE8n%cg$*t zcR1jCD}>pjcPIO&?-XvgqNJHz$UvtVtHW&1hh^;G_2Z6NhNzRVUU}#%;5~c!{f_6g zpopVDVrc0wN-+SnZ^_zC&eNQ3@{tm5i()*bL^!E8xO+5Kj(fsRbs}a*;~;Q}3g(Vk zgt$84g8+5={lh3Fzq7D-g>xEaPh>ZiQ#M~SVm4urcR1vGDigKw8qCh-2KZ1t04I#g zH~~(nGru3;G|W!HX&q*7mZwkut3CNQEuKiWWfK(@yQnc`#cHUr`Zx>Z?HQ;xStc6mgRe0rAyfcb?tt zY*#vOM8)H;0KpUQbSg{ZJMyJIx`lD^VObJ0``*mPyoY7E%X-6$0OZ-F-<3b|;oB6` z*^SsGA9%HcAX--dvg5ngpJChKb5O}URk^YiZjYqhrNn|Q_SUZ+hh_7lYDi&GAJirr zLh*hVUg)~Jkti?is*!}SZtBK?Z80r6)-kyh^TUAc$vBa%yXt#sB+80VH4<-}Ms&uX z@8W6nNmBF+N_7G|fU)rfD9sAhh5Z)Co6V1Op%*kJQ`cmtCKyR}?A7H&tzJb!=E6+f zQOWdT&P;jkb*HQjyRBOB$59|@YleUPsMk7f+Wc5;AdgOtkl1j)bw}&IFefyUcpNzG zI8Daf;~(3*f?8p3zfkVh%yK~^86_js-idCQZ;hoy?#O>r9|FS{X=>O3hXZ!q6(oWjBz#nBL#<2VuW z^C*hbmC^Ryf-~hXIotW5`iiAw9c9RTt&zC`CxjCZ1hZOIm~=Z2R9|t#Pqp7wP;WVm2T zn=XgqIoIlbOlnb4+`>AzVe;!v7cmc?d`!epRop`H&w$CVHpRihG5OUd4_G9h{JO*P z&tVIC40vBz7DqQeAK5a0wXtzB9d6JtmVeMO2%H$rG-&+L(06B$&e_?neCC zgtw91`L-)1yyuYJ1x&gK?@6+|fZU}mbMVOmCS8PgrR-i66sj_Z>@Hx^MR-@s?$tu& z?P=0Qc-P79Rl?;Qvb%su7vWteyH^a8v&!xS9r(th8MfV-?6%vkl;obvs+Pl~)3$q} z?9L%~iOU=kCx=O=ZFjZoUKJFoa$8I~ZM$n^_iCZ?wtUiQ+g&TWR|%Jh$?0lPJtm#D z-LMHra>?lfbu2_it?p>ayiadk1h8U)nmEJ++KgjIaP291cS+f z0=Y`4oEwuT*20|LUSl%1oL32txAU+%0`)m*4INxk>-@}(3a0xO|CeTskn+2pftj44Z4(l+vdLfSHSl#L>b!+6jxToJD(NPGN zZcS%pj@7L(*$qI7$aw!~N@M!U3Eo2Q3eyHD>=0Ko64eDr^Z>O@1$qhW73DI=%_fb> zL{cc2cE68ijENVVvRfoq7qEH(p*}BRwa5p+?to8HoC3W3jPWDT=oXE`UK8ZJzXXm} zfFUG}&XihJn4Br?OS=#p!CK;Y^Nf63m z`ZzI~ie#6f-77U_4361{Y3T7Kz~`2JXhj=(c&gGIvO62j@i=hxpWHPu&vLDcJI4pT zi1ps3*x3w@TT7U1fJe3t#EM zJ};BHY_GvZ*l9NL1mu&venp2aA2-dP@Bxr1V+te!OSW?%gCQ&ELC|T5pJ2Vq&!h!y zHX5By2Xk>ofo$0I#PGTqt9AZs13Sgv^Tz2#ONZS$@{;5#ihHj(7STxkr0P-E-`U#A zg+AM=3*Ys7fZb>`{w5BiRPKm>Mq?35Nl{Od@j0kx={V)6S)%~>4Z1?0LtQbl8Xm3` zV}x~JsihYnF=9z4Ei7WMfwhUBalG9NjOAxS%pr&@N?IOSIs#Z1kpiOpM?VE#>u(}7 z(_a+c`F_39z?<8xUex_0=VMJLy8AJj3`9ZjV>UXEFcf>nF2p+jHA~-r|5M9e2jF*0g5kQNQ#7FN(j5|ts z(WnckRQp}B-hNAmgm``cpX%{pRk8`w2lVTqp;5*pn9vZeI|A>Spm8Qz;?#znpgR}|r z@AZbjlVCRC%_X8Ef)4q8VdA8=0JYzJ_lp;YFtG2w!*jqChv;Q9qIthQ;e_FZ@=C8f z9xsMkK{BIcxT9EJ`Vj~PYs&TFyz&w?d{oBcXgpxM5G`g!GcB9it}^rdy|u zTzHp=IeMtOxG5B+QP=&{KqjbHfD(A*eFB}o--q3POYC6}ux>5->07{NE*ZUkl8j{w zREa+CB|g#v@$BjM+rO<}r0FOD?lFLsJ3ep0D7MtX*y5G3MYWSHtiC}C%nJ_aWX+Bz5ccHa3mU3(8`Js7{ zO~aN2YXgHIi&I!A7`W>qif}S08i2%xyuN{_k5kxMUm*&55_Ctx zx^k z4Z%Jo`o_QBPwX@rP0_If{;(JdF;+?+bV16Hg7S-E;!x$9_#w(41nbi6Gp<{3fGI%_ z>3~!1YLKrF$3v0$|CZ!dL97q>A`pIx@jsKXk1?{>S#VZ@M^QPHp2{F#xoM0O54~K@ zVa_|2JBioxMrwj-fg!2lVgZc900u#H?gcnsBOn?IKXKiPMlwt;{C?V^#)S|J6@!Ew zhT2&pcJM%z^$M&=M=+x(Wyu;`i*rEmCz7M=(&qnLrAUZ5s|m;APFR=%a;VptBnCm# zXKlhy%*x-iH3q#170*?;Hv$eOBxz;z^`b;ymndIw{ovsF8;3H*=~Cg%qw{}(L^6EOTEIT9uv$z9C?3!dGJoKl425Q~Gm8D8hf#Qu0nrnr!edGL zLDGR)l{#0wil`0{eZ2V*!&HwV4ww(rPdgbv5ouMR$V4Ux<+)iDL~$mmr*v1Mq~Fvc0c8%m;R!WYp7!o+M#6(bUBWth3eoz_JPJeDK| zJ(A{2*&v=RVh}IXAYLwN5HF_<;$?0S+dK$T*i(o1!> zTbRHhRJ$Gv!X|I@p;xKwj|1{;RD4HiSYEFgf#BN!eI4)#!-=lKlFyd-FY}kD#V+xY zFhq6+e;Ppg>q&0cpj)q7zDgU+{d+#>z+;pWgr1Djj|$d+vrYT$d$sY)Kdr92=cV2` zP$xdkp%-8jpN%pIG#&CYsEjaP4yv4+0@~r6OTarQmZ)d|`M~IuL(v(UG|pgoj9O%< z&witnL#cp_6ZbVEWT=-?VYKfL@RkeKM)9fV5xDwDFEOtN0x-r24U{DZl=Egrp1mx$ z1>sZ&k3FMFrXJT(ydsWVyjeq-nRLp(FHGF78UzzP&cxv7bFcKYYd_$(Z@p1|=3akJ z$^8IdXETyL%bHoUF>P$!QvcM8>V9S@VM^c%L)Fy`U#3%bYwB?k!s}dRgjB#FUS#Z@ zx8p&QM+ZOu#S8X)B3z$-pRn>&dXU3u?u{a5^B5PCnq_`q*3mQ~*F)oGOz!!yy!Afs zGM_-PR#>j;udKoW`Y;z(FLiHXmDBF%?-Fz@yoZx$-=IlVfV)k2y^EHv{Cjk9m8gm; ze;I`>Ybb+@bMIIVqe}@J2;>hF*)&@IUtNy}fftOT*DYKkfcr?n~6)cNm`PM@q&SZw+ z-leLRG(b%C(iN%TL{BJlC@P#Ufz-Txjob3Lm6B0?;l=^uC9#H?pVb zNvSI{bucL?IacRvfZVYvzkZASD>+f+U4V=s6|$`vJ&?LnkyP$2@c;*EsZ0`B54SE^ z-5G1@PsGn`yRr0mt&wXD{xtXYj31xzF5_(bDd_2BV$VDwd+3WF%j}Tn=)>;1HeCY< zx&m4-{r5m;LJKnO#LYfhsrh76??nPP0sU+zWA9(!yZCrLZ>v!jJk;OGhD(YxEA}ec z2{|PsHfKHC*vZZnI48wX%Ka3(^lHQo|;tO1u&S8%A)J2~qu-y#!7?@mtN9KVLPXGiUmlV9E) z@4fnF{nPjyWL+TGfrAobHk;=B-E1^79EoNm{*^@G$V)F?t^KEk{jfHTO|8}bu_kT= z;^+Gp0I?^#QBQ7E_2t8Ep&O&iu4o3hQ*3=QiQQU$w52`tUS*%#jA4YY^gg4|HP}xL zlaEh-L%%DJ`iTSkV{L;?&)drAFN>(n?P0S9~kG7m@hp$Nkg8_S^ll{kQEm zuQj-DH~7>+vma|k2T@ehTLBceG%2MMSq5FU@L}8Ify~KT$mun$yPp*M#1t29%XJ-$s zR;yuA*VDi3Jbk&d{jBx!uVVl3r*}fUdi6Kp9cVKyOdXkzG#T}XNh2`)zdr6F;Zl-e zd_s~4cPifOUX>iV14DI_`24_*T+*FPo2z|Q*GjFp;R+VXSK%E zC*Tu`^&y4vHws2Y7t#d6^H!~ZAI$zBjFl|W~ zb;(nNK0Do*sbpozqG`@x%ZFUp=T>fYEiY}OXG@vBx1a88zi9pN%%X2R`Nxa>1q%P} zyT-Gp&z?1(!vD6drq5r9H*ZhH$L-(5Pwmt8!H&o@Bs{j}jVTb6ItvPvtrZnl8Bc|| z_xiNGk3iADMY>PVkI7B{n(W6aaFhRU<%U*XIosQt>e7ii<|_6iXRC(KZ>u${t=dmn zC;s>@6o;@_hcF>x`}wATu0P%6L(R))u&_p?;$WwUj?i+3USP?E>{TAtqMTDFwNH@M zkCSH9ZvweDM{$IQI2$?px9*`jpMoi**b061OXW1yrvg6siWHx(y$|VLT zCWelCN-kyBy0yg|?dZHC;h{cf8AVWVSty?gV?d``Y6NKRl|di3Q=YnnuWJCxUcWma z^ZAk1{nZeaGVCXIx9PCm8~GoUP9iS1J7QgXp5SO;`p+Zi1T}g_y?m}wXaT|r8jpJV zcsdXBSs5lZeJ;p^-4Y*v2JB?hiF4RWE||ll(a1+e!-wxra3%q`8dS6I%b>SG%n#4@ z`x6e=$xANlS4U7=++@B*X#x90H136%64`1?yEEFTDr!LH$Orsqnhwqg2mB1cwaFhz z?_kbI^Rl2bn$T3D8wOGL(;2&?phiMx@oAQ|DyK-AvpRF;nmaJf_mTiZk52P6h~rK; zRzqm=SlWZ&zLmdonQW-FtzO}gBu=g#0~%qT>)CsspxTeR_ooCW z=c6Xi(=iA>=-~wam{e6sw$NK6xRm4-^Njxcob>-@);r}TgP+i2PG%Zv*7QeEh{{dR z;prCFmQ5Tm`{-OgYo?L<^ZCYfv((dSv(!`DEcMq%tJEZ`RP<<-`bw-)_hyP(q*ZAy zqfhx%eyYXC)zVWnDYM#aX!~6>)=Zq8Rkzm6w?6L9ETgt~f35dh>Y6=+kM7tKy^c2+?B}|x7d23K{WZn2JMVaBDz319H+D!(H??i2pUE`bOi75 zeOBNGqN*#+-luK`RbmIfX#WjooN;9s7feRQy*L{`_w=q`nY8#*xE^GSP z8gJBTf3Kg3{jl3Yg4jYIPY{ZDd&uwkUd-Z5ea?2^Xu}$Vf7F{zq0DRIS?eiFi#7FX zZR5WiIOjv}n#>h^I0LeQj7{=0dgXFTaS$m!1&=Z2PX(gY_@@F8F_-rQ4py^sRZDnj zqwzneEU1GEkGe>Q76DgDwhs1pUmu>lZbCQz)@ZyB$!*pce9y1-=?kS+^sdn7)q`na zQ2}4RihW#5=-}B;LHx@`5AP`X=i@Yo9^EJOR<)n?m|@F94W*jD5!m z8Nq=0s{HuFzT^La~7^92(056+|>ZTsKb<_D-*lSQ!Qf28X4X5?L9?M-6 z>n2%dj$QCKo^C&V`u&R+;_1_;+dsVA#(%Nsf1klivHjxvr!Ss9`{DTyFU8aCm)k!) z|6k(ig8NZf#u)zke?7%MZcnNgM^QTIePK{yp`EYlA4h-Vxdr9v+g9 zM6x4p_!>TGv^ye7nh7W&L4!jEP^BGVu1lJ`in<<1AkY`jfzLMKuXy_}IcS;=n>uLr zG_a)xJ5O799WeKe?<>FY`_w*XHFvhZZ#^qOeF4oiTi;RQ2-$ige+C6VN9HGkX_!+P zkZwB--7&s&2~e{ODLd*qZq-fHt=yecXqI{dn!Tph{+b4&)*V4Qer|nkSPuU?w%}ja z4%QoVH7pc(%TK8IE4*KA(q&K%Gh#MLpTg)0Kf@`VK#1}sLDKMOD}zxQ2k3*_67Ajn zy{4A6Deo}(0D+ELr9TKUnnbcG{uP0?w28g<rd0Eb!ohUa{3N35w$49ygB|EEo70uw&5Y(FO@`{zLM0 z&At?Ao?7j3a}o}yJwNx;fL>UFDF?&UL~jYGh&S!cGfT7~jCLU*L?^p&*%5q)+HmB~ z8UguZQ}uhCUR3qh8gIV8?c5bSb2pEEP409B+UPmoI?zHHuQlb~Tb(+OqCk4tXYxH$ zDFc69)9d`#HI5)d@o@5uiU@?Q*&wvT#;61K8eloM#aIp_G~#eT9vyGy9Nj}yP7K{&tSJP`wN;oa@06u83cqQQo|SHkg7 z#;^hA4q>Do@|=+AY~$7n#eCzn%vzlD$AFtO!b2-!WTBmQ93xvDsCwgA8!xw$H1p4SVXORty>2%s*U}PKJQct!H#SvMnF#fXa1>rml~Lu8RT+c>E7& zRaiXy{emdP0_jdJgdlyaGxS0sYe$uPe&P3EYgiZnJSP#xW6&Zj2au+nL{?tp zT2=m-hQ7t|(|K`uXO!~=aNMx})oO)xl;WaY)Tss-9%#N<$|9qEpvY+A1VK5WEk>(F zOrHqQAu->IpS|@FuiI5`ywCXN>C=jL?}2$D+&BK(6#SX6MKkGU$J)YvY?{}pjJqbL zg8r1rs574yXIj@xSE19BV9`5H##MSgnE)ou>-4$JBl9h113Tt%l`G~5;c4A#qK0Qr zU;L$}f+mT#{#vfWAB6?k9gV*rE-*pbVi57Pu7XCyuz-gdn2yDQU6xH1bz4g*W9NGu z>2Nx`Qun8CwSBQZJga_?Ic?YVfGm_nj%Ip5F;onQhc03`;^k4MUfxE~%rkR!I4RC3 z#wVd1W^DYNs2J>K!P}xMJdjuVxssBsi>W4bvPM>4@O_MGvD!_ds zEMq4|_?QG^>R`ixyJMg z4TK^t{oxJ;!9@28B>GoFL~i#&?ue{f!(>pi041pve)^8;#hDudtgqQVyre zeX{Y3#8nV>30f+?e@ve#nOUKJ4_cSoEq(tS2SQs=(Ny(ecOrimtq*Kjx4C*=GE)Ow zyVwZ8g=t@`{V8ewDOtmdY~5hogBE=5!g7Jw#oo`cZQ-0QoJv0*%Wpwj8&8BTv$7n zz_j$uPt<zM8}X?%z$#xZauJU6k=T)aw&Fl=F-Y4bJMm%Q>%?><1TG57KDKsxVOf|9{J3O zeFAo@L&kGdLrx#$M6yS)dbm+CZK!NP$ThHsjXwk2wd9Gpni8g9X9K@Yk?q#RH`7sK zB(7I&*Pn(7a~5N(H~D$7BX&?IAKfOWW6aW~Qb{oiRdw}R#bhEf?4vC=gqRbW84zN= zQmyd;b-

83@dJ4oTMc=lEJZ>{^Vzk$n5coDuV7lc_R}s~yfrP5BVJw?bh7)HFoS z^JSOs)Bti`lG1Xaf!^ZGPGJ7k7>Z3zVWMa$Yj^J zmH*PT^}^MdrnB#V!+J8Fsfe9dVmh5>EsIWjx%NuI;XY#osp!*qWHwES>V=C!wDyTe z*_CCjDfuE7myrO}(t_keISnCFNvrI|(HYKlFv7Ys(JVXEr)L%D7Lcny}{RV$SR}6aI zNCyqi;ecM8`(f{_G}GqQ=n7G5GXh%F&Md&b1+NmR;2Gld-B=b0-Elvb3!ZMhaNOum zY(8<%UkDRF0m2<2D`%cvBE(fi(w_%=S`Vu@PslmG3zJoZj4jTG1YMo$q}Do6n`gys zUtZtbZFkVl@Dn1rfs zP8NWN+H%+cR1k(y6M5VEoO)a0ROnhUF#T>-X;x17DN~5XfaR$8J@U1xk znTOsoLL+ZP9alIXR>+-{2uO|scHh=nujZA&Gip_i`w`9K3s<9b_TCwJIp>UPsn!J? z6#HMOY`!#;EUg3LC`qw-Q#HP81@ZLY1YLafOx}xh;0-?KB=={0wo(@;8c4%r^TL1Zpy@p~nD)!XFMX7?A^$&l0ok za--YY%9`RvW4(@KvLojf9rz2Ct!HrNC)lTJ(R`m{dB&cR>(h<+eT?^W|M){Rd%zdZ zDejo<)KL3bY*Scy_Ef;zBni4QPA7na2D=h>%q>;_lf0f@oekB{LeJ(Oe*nfW#P+iv zFnnceTQo;FcHJ%G?s8PzycR^?cQ0_X>V}(Qt%e-7povl}8cAC~7KR zCgkkN0(6N4y38pfF{6O!dwwug`dmT>Fo6OO+gjubUV=-Ue0nP1cq0t?V?C=|+xhPh zm&-}&w=%tmdO0DnkPnTLQ9V%9UohT%_HeC?0j!8Id&JtWuuaOUs@Wk*GIe!hEiQiz zKeP|tzdjN0&;DK;StS9Ju-iH8Pz|JiCfbwk^y`K*D1j2g28ZSTU&r zh6(IN;kT*EXoPo7DA-*h)09XFZz?moxKddveyv z9fN{RVO1mn`cKYkqHff39+r---l2|mtTr8?g6~qq($q&)4#9AYU6iPoeh(eNIXyY0 z>&WGh`p8baG^?QpZ2GcP*7(KTe})Mk1gUR=1Z< zMtVn-+c?MPURS*+&tTSQQ&<%VlQq5eOT+V3o)z8 zIV}9sYwAS8P4(;vPE-{8|Av*s&wQCUYPsZGh8uDYK7vA&E|^SZ+eV&N>=jTzV~*7~ zCi6{|B3~!Pun)-=!sy!YOB(_c+;a^(f?+Umma+3XNVTa!nO#Ve4~5af?cU-yf6^^) z9J~0ZWR~OODole8G849o?iGth_$M2F&gfB%?7yr2&xdemeZM&0ZO=&H?K>s$t~Z6k z-BD6R?QYv(c7ALfAGl-c_@EX|-8d+9X3mjSK$^jjg!E{KkY9)&$7zrhT{#LOs7xw3 zNu;MtttkcVHpkSrCHs@f-otLBj|X|Nqi0FY0<{ZAcY&zpl2&980?xEmE{{I@U|gv zL!=$?LMYZbAtmmPzKz!?d7W}++F8VE24{z`uIzn=Q5D`LkJ7aXADA){%OZtWJ9o-` zu9=;GMdySx2BUxN*p@n{mR1J@NT7gH>h2g>_f2xyJ-BO1)1RGz)`S>(>Hpu}w|2LU zBZ?d5ny#Y+tTE}KLB+8|A~Kjw>>5Vm zFgLSO64z+OAVHLw5RGewNb<&H((|>si8n_h8in@UxpHR?81>T1+-nnr6zx>R3L=Z6 z`NMX$v?}v*$z^Q-mGfqm(oMy#k=FxR2XmiR)6F~vE9>ku@Pm*p#k4B((uA_4ZE*Oc z+v5ok(BXdnSz%> zS5OusXtEgWZy3G$(ei(~MK>V|%@TQ`it;}l&$ij7nAO(7Fc zqBDN4{JX44B&Th&tXLsow`_4gz$OCrZT&_94yYPssg+>)?TYK1LhVtTav+8wk~B!J zrd}UgSaAHE_T3$9Jx@A)rX`e>?$ctOQ38vUPXE*b5-M@J629M+m@vq~l9(`vZ9@Zs zToX&eWTk2u;+zvF?#nDAn6&1>xIXJs>cX5hYHn{zEn~}?nlj+aEoj=A=NC(i_W!Di zAAO4Szx^X||NpSRzuEuS@;u}D4_R908B>dx-rX9*X+k-qF#9|F7ezlmC~$^&&8RNmR{|JtsM3AsswR zk6At15LGB?k)ac>!Wp1wYpD5bKf&tt9_A;4ZaK|0>GxVRRvEBYrl}?|s!yyvtnFZ} z?ZS}c`54nJsj!ihUChC)eHepV-Gu72{5#TrVSiUt*LCg1s*tt2FBI#PrtS;bVoUaN ziY>zk;i=3F;i-eQ6nFXO44`qRnS*KwX;sjGc!)3sWZBd7PB4h5;)P5+|hm3{Cli6S#MiclulZo(5BW0m)u4w{qb6V1N9It zVuisBmi9JDN!ow_@?@?5%ZjG<{^1dV&*GGGB`Dch`C!XBEf3pKwf916s~ZMWx{>GS zFxKW2%^R&hsXGYsBH4yCy+R;DyB~~)sHospvg9Ek*K!5dmV6Kk9cz?@yl5#pBm^*Eel04M?Y)k zNP)Y}+1BycF_!t|u}<4JL^-`r&Y_YnBUpM`{Ad+Wbx_$Xa{$gDCSA$2xjv#YC&ulN zZLtAa%5brU+2+f3Yj2lb{Fq_HZrzwOO|BAqKNvg4s6*i*+}Q>R;w>mB1RvFuhAVZc zfND^l6jk-mbg4kYiN9P{n0;H%lHuUgx6)Z5+13@4;%C^f@m%4$_= zK?jX5ASXoN*a$0ZpnIakD74H*a!y|rBUEMmfsk?G#BhgQI*QD9zEZE>QC2|Ta^o3< ze9T`q-V5j6m`~h8i){;0gOvrPQ8t-O;MMhlA>1Wg^v{4`k2@to7aOag@%X(w|>d=@g z^ir&4!&dR&dd`FdU8LE{T%Y7@9NCdmJQHcXLKe4nHm5>ODax9RBaK*g!n}g@wR7wG zJJD2l+jK_4n}2bCqvqxo4%0*~xc{gOyuqd)f0Z~I&FoAw5W zr>oGTCRA+VNID=L-8C4LxsR>Lx98CmvdOZqJp}3B?ht@69M1ghc{ze*eY3+!WHm#& zLYsp^{$RZ3WsR?m1DLLA?FTkixG00DRv7B!@$s>>Gj<-(b~397j*rw@rzrd^dyWBF zmG6aar&%YdRlr=$peySr%C^@y;ZmhFn7KMDj9T|h!EvY9g|cfgMir1TML-<+Y*)Wl&>c?4xu;y_Gy`k1Y$BIY|BaYjt8C9uALKH|r{2{? z`@DB^+WmC>S>W~<8FKfD=9z6k&{QOr-`O5y)?lr*gx`#v+r^|{KDXtpD8s3LIlTHj z=nnt$?52M?xVpKxKL6AmD3Qw?qE&e!%;9~#Ji9*c-kkP|!RaL)1xN$AM=3R>=zczJ zU$u+zOZ$In$M&fk>Tr?>BX6ws0ul|xG;6G^A2Xrb(c8N+&Ou&4NU2RiZ7!_?Ix4od_Q+E6pf9 zaPIP7i+$@OCU&tzwS?#1dD68Y8302nEE<;f+1cfN=>&47b!@u@vjlZX+NvZBTy z%TBM6Gt#A?$!wqVlZ1<1w@*cel(heYZvU*;!8x67&M!~Zh#l1d+@n8%aIF*_!y(_CV=1ME=+ISsA5Y1+C7mEF?0a6#Zdm(Cc3j zb;O923;3!c^j|kFX(UM?j$hi-(L_(nZhY! z9aDe?V4AiJ#AVj*Tth=jygOgI2AqoE zJ(@c5O-`fq~aaREX z=!Q3^7bQs_6vNYt{JXJl47Yc2S^=)>k8^O*yRoli5bE@_Q1K?&c651cq2T;++nC;P z-(IfH0exyF{a%Lthu!v|^W~;}b*1K5@_CFL(D`rdI1XhW+UUJ|yC|_v2qs8Rz0z<` zEiQMihxRYor(ejIrA#_+ERhMR_gE#n(r>Y>dx_Z&Yv7Q=V29Ac91jU9WS6?>^!i`A zgUZMPON4WO*u^^Td2#66q%}^MWV$zj^ylthmjR^K+{Hwod}30=VQ5#z zt*saabB`uA;iw_HgR{!`LJrj>jjnJII(FkizH<2)3;sqLm<=tqykG+2zRpIc0Mxm> zxafAkR#mKWr?5JK?>i$BE1(>>)84QW#8WpK6$8!LA!+S1*LV6v3^GIWtas5h6|!Vd zmeStS1|h}RKLg)%Y_EFf-T%70C_ytRfEw_fPcU(x1rrl*jL+@s)7}-JZHO(?{Brg( z9y;P+SM4fTbnMvn)X2QCE@RkMicsmC^|}{VH|M>JoAd5)*#6u#T@)kFb^Q3;_0OFs zvL{ZNl{oy;9&}HEz|St*r-<4=4cddA0qBe^4yShLj1jqefjvHRZ$mqD)i@}uA~<|i z*MInGhdJY59o|k{`-WamdIvMftx^_9=Un?aOJ$rj?D!9Pq1<4+5UAWlkCJ%dQaN7f zu&r;loB^+>yMQK97pmhZZ&x{OxtC00hzuzLIUXSeMdnxw59b$V=rJZEA~s}%iKn8< zw-&pF3}ZWt7xR7?+=}-Sm@hSXYUUx<;P1%dsqhP4x+m|s8zM5uRwJ?RY@4$R=UW#1 zFQXF4-CsguvirZ}OLLTaxx`sKX%mpM=93#Yg2+ctR`c3oQaWeubqWU~d~s@g3+v*e zS~OZL}1v!eK>`2QM|yIPD3_-#bsm#Zw(9;|2|@IYsk%+}cI|+Y@fw8m?x6 zvR5((ON}Q?;L69e!Cp{zGDjX}4cw8#RL&l2=!~2{ zdVFU#406LDHw^MSVvqwg591|G@dDrb^)^heGmL!mz}j7>s-89DD% zxqq?U=@2aVfX#bHhLmSYj++Q_OI~=(cI-Q6^fdCEFF|l0iDCl%R?lJ{)NH zn>4Muq8#{lDvG4#0ESpS-8*3u5oq`{4_rTPQYhn{9QLK1*C=?E^-GCwli0)d zZWO!zB$u2*)m0`UfRI>1-PN)&o$!CE&0Z;Qb*3*;KL(?Pl=!7rJohX(IA37^1|mgW z`rZ>_so}z@(1B+NhOr4%QaC#jW-!t+f%)Xit!>69%J7G}*}}318DAN}WMv0b9FS#B zsf3(rWoYB3#X~0Y%a*sV^^}ND*p(z%w03fYmlL zppuDtJAZ_GelXUF`(&w$*<~*Kzb_x}!zkc~sTj{r1h`Arch58#McGQw+{O?QlHu~~ z_eFJmQ;Xdk(d%v>8yo#i*zl@ci=^!@=USw3N14X)yqOo$;88oH_JU_?T zx)gS$sfM}yESYFxAX)A7uj}Mc3$+Fcc%G9(IrNuG1TW*b<~3Vw4Ru5AWI(>_vv^8Q zpURqN6?j%Uj?GsteH@!>V&%uN3Wz1mG{v^K)Z^40J0p7q@rToft3@6rOIi|TShkY! zyHgjkrsg`lc1yB}6*={b=ebppYQ%Q{!Ifx9>ZxDt0b8lVwI%!Sh=`OL2V;(H#;pk( z<~x$GH~Dpgb2iExIC&RHORm|P96W$@zAHSzE3*XOe0Be;ni?td&@RU+F)ib zq34IJ-W3{D4_G(pQq!{M?pFX1_$SuG9v%IA7mj56GQeBOLXK@Xpvg#XiK#YlHnDv~ ze>S;L&(vgI*W)Ovf~m4`>{b(4STLS_i^!U-MBdcjAquHlU*L!`n{9i9^v?*4?n3%; za-gdn)~qVO-kX?uWM?PU1{UaZh&5%lV)nNF0cIdpC78@qz}XLeLm)*17Lpyp!~sU@ zXNC4b)uAgAnEA@a9Ga%AxN zQ~eL?QJwJc9g6Tys`O*ui^?!|_jY%W4i2o{-QB(8!#(&Hp5)*C-Th;0@8D?n0R8xI zd}!_N?;Rc<{>j>{v7gFk0mn^$+65ft4>0aYRu%|T1F-EVikbesFF-K`&Y5M^%BMPH;W zAbk)~SZYK`bOu3MAaX)#SJ+~u0-3JDS=Xv)Ebvz}w?~xe4G_byBd2wdyyn@QZXYGz zNMKMq9A`QtJ-)-AvsF)Oo#i%APK7*3c#%Dyx9%6WPUs^sEo!;J4*2Z_J}Pu#(ca}{ zSOTLhN;*|!9JxN62T;%xhNUIbs@ODmyD1T@vpI#YCp1%dEgC%!&b$}uO)qcRC7qbu zOmFS_J0O8)-iy`lG@IuoKHB|1dKfLY^OL7w|35t3{UGfB=;!ff|6j*b*Zwcv!H2~A zQoetiZ_?lK9?cxCni*9ccTHtmP&|oYNDJMoi)hM%G z8!cN2O0^Bw(q{xw$Z=418_>=9~NSzC@ziv^5i(u@4 zA7X=!3!Ev2zU^Iw_T8O3l3W)N+mY7b314M#F5e$XKxVO`$5bH(iUHVZqQp~K^Df>X2?Q< z&cum{ue7vjb{QG5K!&50U3X>+&!+&`U@+`8h~&GLvSf{9O|XYiCDxS;2Or5SY^#|S zv4C{(Nis%}t56eZGOg?BQL^6N&Vw-(eQFdcvPPvsmQ;$++lQ%4H?!l>G!fwBVja_? zdW5;>7U7qAiuAwc)Un4N;%!SPf(82Dhl2xA|J&a?KHBJi>v&$Q{s*>)g!aBu9gx+F z*j+;6ahI_2bTyi(V+>bcwSHIej8DMKHn~4sKK>|kh=|odj}&H1vAHbAZsnMf;;QaDW#pzT5!7| zI@#Hoxbbvx3!}f2kt6%ljUqIzJBL3X9qn(CLs+Wqd-JI+&~O}hPKfr0=EBEu3Y%yc zaRimL_rA#4GfzdF{VjpoKi1A;c?2zm#DHAExj+%3GJ6T|3F?FT%F zZU~b?hC7)DG-`K2h+Bi2k$vyLkihQ%g3nw1Oya{JoCh?Dw+^a=+kAS5{>8od$%AzJK|y z=+Vl5f;W9tM}PwP4~c&Jg8cX4!{+>dJoemL0h|8+by^M7%v zQ3}dC$P?Cn!G7krKWiXJVwBl)8wV(J5dgm7tR|IyS8(DiqJzJ-(lQOv#dxzR)VC=l zdgaT~SWul|qO{FSnjQk2I=c(4&^I;)G^sjF6htYCIdVBELrAN}F zDm~c7zY`FWTQ+QgH&z?kvBroZz)Rg*0Cmv1LR_FGRfP{fFdpmkFo=Uu;GJ04r+w3+ zSDiiwJy^uI!2(emn_>~^^q|Z)LuZaUY)5*e$|W+01HJ`;l#-`Lk}Abb_6{;slSfNs zFi^UqE@3CYp`#d*sY$d`Ln&mNxudW257+1Dxt8fK7pXJ{!92cI?m7d7E4z26S>9Rw zJ1zv#0=>O|@YS#a;>zGz? z2il4jbC779F*dlSTmyX}_F>T!O!StWhrL^*)+c7+KCpWdWSrU$^h!Ucw!cpA^4F-c zqrKq4^_&SrA-J=V2Dl|e+G<+w(y%1&k~bv8O!}uZRzdnT3Fwd&4}*W;BXxK)MI4UW znKBIEWv}1iU-WyY*^6-Dw<8F;ORx+VkTdGt0N%F!r+4_k^33%Y-_+j`m3z(%A#Hn~ z!(cIwxT5EX9B^@hc1Rqf={DZ9W-cQ9y>z3W+22mAqr<}whv?N^gxjmDxg=uV0I@h6 zk?IKz^(+~R&F=d>Khpgl2x5o&6d(rRLVWur*H$_kQ8=6VT%3{ z+~ScV%_M(GZGzgGoP8kT%q5uCqK8p^hbsz<(s(T91Xr&$G3(^AXDb5zWgd}?tymgu z+HBTQQ|JY2eNEn&%zVDK${1WUVWZHVJ6G<^2^LJ$JMOg!LW*`OVih`g$`QwB>~74< zCD*nARE4kc(b8QbuLrUY=02^an|TaY*4b&`2cc*`WnP+4mb48HAB8O)vkSaSXS!0M z0pL4QiPZ9c!rGP(0#RiDJKo(B<3D}a-N^rIdDbZZR}}2cZWEP>T&oc1za!UAxmauz zY(ikL>j^fY1Nth1O|VyAbeG`8jw>(0tG7|{(!Ttre?g_9o9Ge=R_T+#UPh6)B(PUf zgl6k^?_!pE^nKh)!ArV60i<~UUp@$A(fyAPAC5%(-@)OB&HlfR=NavPd>H#>r33R@ zB7X$=;58Y-lDU$k`z4niVN3l@op~u@4?>QhX1eQ zshR&9G4W)PvYBmJSudYEnK^PPb4i3H;oKDws#Ioo%~y3ORJ29Ze8$6xys!6Ur-JIr z^?WUQs}kZXQ(BV?4xB#6b&i(kK<>pvGs0?KQ5qywLw;MN@nK@Cad~^@i7T7uBFH>HV&QQ7ucH z@PbX5qw61y`!^n<^1`89#mIu{<|~{I(ha0N8o{PgoVijg&G81VS3)|-nLTm(h@p^l zgb}%^D`RmB#3`WlAqVRUA}^_TMqMrCQ7G2}_@1^s*NzvO%$Zgqom54>RVG@Qe0Bp^j-*8>+Xwoi&8 zwf0bjM$P?2qFDfUYC4eDjL)c;`=s6!HLaAwCPISec!4IDZ-aZS#)7Y%yKGsG4xDi2 z`k2N(hxW+nJE)6r11a#wEG_7YsWCNdz1&P@7o<9bMDmx*Bffx~V1fN3)Ua9Yi4v{Q za!SLf!St0OR#hmNyVRo^RHhJL6W{#N)j|bwV+^_-d%VTw)PB$2rYE1weR9dpv-^LVs5+QG;mqG`l4>lk z>r{a}3|vLXF-{u-!C#VDL(xWSo)(v1&ekosG{+`iB}=_oXsgOvU<8T%JO*j@n-g0Xe9yQ^8+h_7@|-9KZ2o$m@+vFD&$M`C{n zH^KKnn`1W=0AuYOEKesGd*N%exFz4vr(ETv>Ck?}e9FCpLo6rKL)Z~nTGmk3UDNh- zL(H3uC{tML79->8u#YtHY&XGfw_)uY)?POw(#pLO0_JdG8gPEI-lJ(7#&B^E{Z!MC za{EXxid#tDYJfGckq0-L29Lh=cXw6u7*fN;2>?g-fykIA<9s(W&W7((ebt>z5)$Q=E#hko1NlHasnI7w86zBQp@6E-9) zK;1PMyt$99$hYUwG(c>SeeEGg|8@r<0pZ-~Z_mpWyT`}J*3Q^@KwHtQA~;qf&I4LTZhn@n%7DPi_d>TfJrB`U z=!2SvS5|G5ZLe|ar3!B_b9JU2waS`;;|}c$<=$e9Dj;KufH?Tis&ER5lhA4nLY0a1 zOfk(jkaocY5oIfi;sCR{;=hvs728DMv9@ zq`mqPmx5XI41hvW>+oX@rLM8Zjn#~A9>6j~?)VRKk>gYE>Y{z#yE*NCy8bNe3K%1r zCoc5u@QH?{wi-B+UxTyx5^gkhZWoh+ncY@}DNbe!P#h9%e-u(Fd=@;G8sRgfU*(Al z+AcX^#QcEWOD+U_`Z>sPUlur}pAm48&uEOA0?k#{S7L5om~Z^%J12f=`l>C;)3)`j z+@n&lTN?JDgoskc>O$*K7-Hj$i;aP+8Tev~*szaYwpA8+`o6RKsoU3Nf<2p#| z9(z~%FY3s%F)!d3ZuQCZW0Gk0SF9)ra;5VuQ#ZOihh1>mbz%`de|`H;Hl}0_F+l3u zVYpuFPk3z62V-l!u*P0&fq1&Z8omhvHCl&VjKYss_H8F3#D=Wj^qQ~E#s+`j-eWcqx8LQX*!IUFb{npgiHz;UEfO82)M za5){0fWInW ziT%wN6A9PZ>Z8+sJS!vrAI*_1B`(^nU2rF}I96noXdP4GH9xudLtomcea?dl(Hcus z9r;kKk0hFl94EH0W~t?3m>dlRjK%?~PP7>`ANk6rnhW5#M9XKo+IdRnSQq=M_fvp2!+ zh;KKa*tL1}^p?l<`~ozptMxwZ^(v$Dsa=QO{F%~nzy2IBMkL$spa%A&Xz>C=9^jTd z`r$c}yq&dr&VG&m#~kejOTy*y>s?uf|1t+Fa>qM!G~FswxEZ6R_Ulh^J04|3TKoF9 z2#BSc){>UD(UiAsXP@q7!`_W)b4@1w)e&97lUf=S@B!`nHzX9;6WKD|okh5-wZ<^p zR-BB4>H|gKP$kw^H}#SYG0iyou;tht-_Dxf@MhuR$OI^AP&9oUJ8<;oL` z&+YrMkU0|FWVlS=BNw}0B7L*NHNm~-T|L($WGaWjFNG{!00!1JRe@Z1-WUgfZ!EQwJp!YKq%fSo-cj3maTX2lGR((@Gr~7$`ri$1Q=@Xcc%FBGF zq=gQ6(&quo{x$kX3xuTp)dCr)f3=_=^qhkph%knMiNytFt-$WQL7LK3k*U9dPz8qCLpm`r*bkGbXhHr%Lulid-* zF3lFtJdzlk(;hLN5JEL4_IKrp2c>N2#C7z&xnNaQiL@gfXhhVtfhjLZDmds`xsToM zt#)zF(u`W7nNG*qTts?TZ;=OAWJMZ{7;UDOjVIJV09%4^bsJlne}jE{`Q=};n0Y)7 z8sNC%6IoRHZ6Y!zP&6t4YYbq497C#LuS@t68QAt#w)>v-EAhQtYZ(YKkoVquqmcAg zr->F7v&0Urfqqp=VSS&iIHC1p^`*u_bgkwU!L{s=d=LALB8C*`#VFpx{zviu!v0?O z91Q64Z&qAe|D^p*jjALTHq6xEsQ1AcyQxa(sK;WI)ulO${xqB(4Zf+Dc=0bZS1&=)L$&KsxA% zQFFlclf>$jc9_$ib<()|$X>h2q@6r`Hpaf?3R@E9(f20#q*IQ;m=MFb>;)>u5dDwu z3BQh+P1e&>MHS}hOFGvzxfB2~rK#WCVZVIN7U&B6bF|g7`kwNOO00(kZGU_dmxkD$ zlarlOoLx``2}v|+RF+~Y1l4vEul>isc3O4DXdsrCzw^a@-* zfxE4k$yc#FJ$))A7m?H#51L;kc~FPUiUAZ7D1|2}lBj1_$r{DhUcC;LTiP~Pe?Pk; zf;S0_@26a|QOFa@UE&tkXgsN$ok*JC*WBTtL!uG*!fpsy5z;i?Zru&G675_PnUqP3 z?p+nsPHB85Z-0{9jN7_AYgALsy?p3%R;izugSN>-L_!njXk90ho!$rRU_JPlZ5H^? z*RE&dh61rGo}pSA#0L5&sH>B0oj2HHs|K{g`AvlV9I4{T_w*cTs)Fk@QccsmuxyEK z7LZAd8(KAY*=mOiou=h;rJ{FTNEX_qG%?9e1dg~uz^r%9mn`9(qqH&AnT_1`{DG?9 z(`LW^?q4xdbo%7%oLH%_R|u^b0Twu~J@Iod)aEx;0r~~#Gy1)H7@ywXlg|o-XAq?* z7oqnD0#i_sKa{iMS>{7)(ST|wg@vGHbCo4IJK2V$SI6pGu}B;7Xm2Xzg>@4{xp#Lv zKQ(^9K8RV1=^bK=Zknx+1wO; zbgKnJmahGEpCz+EI4Q3b&QKtM373VcB?JVhclw!%F0PJ9GG zhF~*R9bDpj5abs^3S4fcG@gc~eI>&WRtf(8M#j!%>m&#L?B5YxjIcx@eIbB$K^~`v zH$iq9!qzc@asiU8fCEZ9hPaw});I9F?;h_E$Okc&Dm_$?%GntKF@hvSRyS#y{T$A( z53~%a_JywUu$3g(lDne@Z~Y}X5zZsIRJ1~M;m2*F z@b{DJ#SiIjx$2iQzgh()^^;NM{k>z>Xw6_hFZcb42*z-_q}ZgYSI}DR9yel>#>D`H z$_B+zb)SoG_wvYh=GIhT?}4s!lx z?ZIp!kgKSgt5~AhErkxhK+K?oLg6P*svox42e-|e?OBg#L_H~{E$k-&iimz&P<`Vv zT~q{MQgqBihs;-Wqdfv)6n5$-3A`NjmDc3ddk(!gXGZM*=t=r2>-CN<7XL(Gd+* z3igOPna>vLJ-viPC6!tXpTk)8irT_P{t4bk+6fGp2u)eugLf6#sp_mgZIk&KwtG;r zD96^QZ}dvA;0>MAd+>fEq(z)uJ_#SiF#3`*4s`5hV@ftgo93OrA+)NU|5U6TWBaz| zcX-Tr%5EZEo4pvUC*m+8K#QL2*$J0I^AfuZI7m@URfpWHupP!M%z??kN83q-|16r#X zYD7vF3@79z=^Yv4j#)_CaW{!&NKni3E`8A=daA;#E4`jVnm7f!>f*NV$%Z-^P>J1} zvHbZvnZyIBSG+ANiFvWHI;mPsCsw>Wvw9m+ms+D*lhId6p5q*`8KRn6eBeG7qqnB1!FO*@vxlVE)VkSz!9xTbc=ZcmPVC#r%=P zOcXqnbo4n%gKVf_a}y)6@~ohMv~sF&mgwqhBisi?+(wwz01Vh zQCW{3ILp$2&rOrN3TO2(rql?avf)HCQIeM4>>CU2(qd$|+X2Ia&*}7g2z~uljveVV5#Lk0~6@;~HFEt2w zDmUf1N3H{>TQR0-%^5-qx@dgO<5Z7ys)sF2OS54pnC~w2+MlcRmmkWCr)i~;yYg^> zG`ne@Cwfu+68uDna3c`!_tEpg$Xq2nL6RkbHL1o2CfKz_+OK{RjnGU2>1e!)NNPY3 zXD9^1(L4i#o`X9)Oh^H0nDdf6N5+`2X}j(~qReLy>#3(b#jfg)fb$im+IQ9mo@|iL z^hvpfzXAN@+@~W7oq7~$>Vl-NjDq^|Kb{^{tvLONbmS|I!uFKt>Z~=Vt+t@`JaHYJ z4^xe4<4RGXpnu~6Y&Mhd9eK%o0NQgA7>GG)Ys2DcN-yd0rxPlX(?;X4aHbt4@jS8| zjlSuZtI^xEBNQcHM+szj1I+N&Z%~l)Dyc^vq49}BL^wbk1r|ct>r5ifuWh4O zp{cDe5c(*9F~fo{vR7O_ZgiVOsn2(qdTk-l;{LuCi{@Pm7QC=O5K;X+6Ave$D=8Bk zH|ES%cd4hIjB3JqwkKdJ3I3YWGs1Ufu7+g!N}4Gbam@!3Et9ABH&H@E|G>w=t)_5<-# zH%}D8t=^&s*NNgH>Gci0gvb+T_NujY4-6!+zYDYN(X@k7;O*CYlT-!-uYQx~f&^p* zL=~j=sxQKdmV(f>{#Nw-DP7{%7OHO1JsR?oE!dQ(woyMRHs9iF^;%GIv4Ut3>Uyy%+TI!w*cQ7r1sfR;pl z)=W|-f<3!|nGY)a9S?hzV>TMQ+GZTzoR(X&SAY-(<_q^XhCzj{t8)89(xA^GqkXdB zG6HLA(BcCW&Mg6iqT8H5)cZT60Hvs;#x-gD57i#J^zL*H8m$Z0jT8Gm zF>x=g5c#)}nbbiZ~JRgQL4Ilv1Xk@=Xf=xT^W>)LVt%>qX6W?nI!r zI()-xwFfE%)lE}_rJUvoiZtsy(ed}9UG5k;J7IFf-nm#5a^?^llju@T`0SoJV6mdq zI9Z%9@1GZ3IAxkRuiv>+4(4R2#$L414t|JUIgpLqir@FBv<&){i+3~*`8U%+CB@e% z8QyZ|eXNtenM$6D^~T|J&KNyfVC@0I)StF9*h$_ArPJbIY^+sV@x?h^dUrm`JSCY_ z3aRLY`c&j~X|k7v0-wPeJen-J5S<*6+2-e?%&_N6T2;`e-~u7xW820G8P;Q!;Mf!o z47eHmNYVw^^zLQZK76)P{cR0?gwJfVTv30G?}X6^0OX-KLX8HMMZa>G?rVXC=TW?j5|qv4#u(X{$Uv|M_Xb z)grgzrgR>1g7Wsl81@P|(ujj}`gQ)(aCr?fgsd?IZf5TM8G@16{=ipJM;ZbbC0LKE z2`$(n=hY0d6cPe??HqzT@!1dDytd-%O8r7v{YQ^b9#&n6UuRY+(u;Vv_|EiiE@S4Qqt+kyYct{Kd>MzaC`>XZ`9Mbtg>HUQl(Aqzintu z#_AqcXor{@nS6<=dCc|d=M6%+fKXDBAwNSlz}N3zq0@6uvlK@9gy**$E7+o1qH%^F z$H;H)9f4eD#wNA!M+s=wtFPT4Sw9I|6zA8+(uHBanlGn%TLkF-NA4#yYGHSHj&NVt z1f@-r%M;UFg#{3upZLo5G_^0&8deUtXwBu23#yrAfjjZ+jZ z0J;Z`jqiIz+x<$+^^94VtQ#T+x}8%2+ac-d=iX~vOk}&~(&Yw*?|d9!C!2EYw!8bk zmpXH)S;$6|d!XdoPoPM!{VwSm5iQ)XFABkX4OUV-EFYvL7CDL}mbjB|fW@l@f?hq) z{xaD9Jlph~Spi9?GFXrAw!>?`6|!)BDE@$&92X+6sKeK!@iFLdF`?YhP+V4#ItQ?=cU9$EcQoe@z{* zfyBHIN`=$JB&R~!adbKee80m;n9TpEMbPY$2UkBZk4~m5BSAYN$&y zZ{SA)3@l>YG159^k<=+c6~Wi>?S;b+K<_yT@k`@%I>H~4-2u}sU&FcId(IA8s%mV^ zUTIPM>8w;G1>Pv9c0$T~UL@`>e?byTxoOD~FhB?1xugO6Zb*dJ#n|_)om<%09!=j7 z!!KgLB;f!y29g#|Nz_j&e4wbANF_1$W9W;`DIlbuZe4qwT;SiDu6DW zf*tiP$g9^{C5m!;OA5%WS-ZLdz`*8c$ZweOrI>||ex1*_aYQoq~9fBk9>%Z6WRVJ8X4Q70{A9&L@G2yKR~k1W8#_Sv9I>!HAfhjUE% zJep^1wEV7vAA^iW&hlGv@nMo)lH88>UP5KP(tw~me|qio5ncK!lVr61V8lPrD(OT8>QQjc)}Cl3v!||xE!w?|k;j5oMuo;NuE%brzdq8$ zG+uJ%r620?c7L&0Zm=E7O4hey3wHwlTUQ&x&cJEcDQL*r6;h2VwyVQkwa!-^BpyQlHUJV zb27q#;j|v}K9BWVx%g#dNY=gNF4FRF`he6ab8YP?Rv6 zH(-Hi%nUJ1L*WlM6d_5m4W94n*^55&HnbcgQ?CM25S7N;6~?OMD2VK}koJ-tQA{4` zWUoHNZGu{T8Aa)=TY#)mM{n)QuMKnJ;sx~)Ope6#y1BNwukyIuV;>R>lC}bXQ97RE zBJgNMP6R~sG1Zn`mqGE($RMUGifE$?c`(fRp5eMawInoV^I^%cXSZg>u8!|#>XW+Y z#7ChzTcY62k-f13E3z27qV%d1io1Nb$QgKBx>Y@M!{D%EeWS-ppH-8RZY3?CK<1-ApmO23t%S$)iPDn=!uyz#Elwm9PR`{~dGGwWq zOqSNsrOm(>bwIG>cyn)+;1^NMnr!<1PA=tI72^oZ#xhK&D?`JK?`&m>r5nTlNthmN i!R@H3WQ?Yq?ur(iK3EaUt?0XjK~-!9D(%mBH;TVXVAXhW$3JUxPr~dQCQWw}~p@j?z@JDIhcJyYP;_ zIcD7Qj)#eBo#j$O^UpA!*J72E(c#n4(b3`2(Kurl#d*OOd*C(v+iPY{PG(OVx3%lr z+t&PBHb?s3<$cdRJxy(0T|HebT|Y9`t!-_tZ@&btcQHg)%(CQyKqRdPeVQkU9J$k; zc^1hUR0(fym{|{ZdY}^|J>YEVe&24cZmqeae}sG=4|k(OhCEti*wd`P-1pr*Z5=I7 zEWhv%l(>JA960cSlIyF-dKNO@5>l}R|W_#fs!b3XvZNPXMd}!udhvI z4}RfstiRIP54UE&FZdt(7T@@X${fE(Bv@b*H;wNGzYlv}uPlG~r~e&FVmzl(fS_Uc z?fd`FJ^6!ox4_%53wH|~hQ0T@gZDdI-U~nY$A;0pJ}B^^a{kC9`wotJyEj)?sWHE| z46MH#v$;(hoj*4=w?6{5G- zgy*4UyXx?$DhkvKXP(#r6$DEAX@O^O2XUAn$u}q|yKoW^LL}WV1v^I*UU)HH00yWp zW2x{K2P8c){Gr_Ti2UuonyKYelJm!;5k{VnGZx-wX0~qxW{??*M;t zq4z(3LJMtzNFz%s**LhsgAPc4NUr3t{FfnuQBwoN6zH&DhfH|SgT;XQkQ1s5mtjHe zdmP`d`!7*PX?A+=LwZNbab2GpPx#l}l+lki3^+9CW78jfElo`wE3-3x%YV72e?NZq zXwi0tg*vjsYmzw6{oi{C~7Ar|R6VZ11SXJz7lM?KM<2NbY9NqQWa zB58{0*HJ-BK|^+NJ+yvJ3mTe;e<_0~0~xjHhKc>lf#L^!MHGn2Tes}D_0+$fAG)F-lOYn1pzR7Zl+M@T0+dlw6;kyAUM`9ysyN_3E z0JDT^wUoZ!9pQ(1?wB&*$S5re2lfcXndTo-9Cvg_BH4rM0Hy{Y4{UfcVFy~ByW@g# zHg@~?3(gLn*@Vg{II!;@52 z5v%*9N|Z}86T_CxEyWfkz}Fb{>4kDE;bd*|v;*#gTdc!Ud$QaNSowk_Ks(&`=INCy z%~os6R>#)vb^=dQb%j$Avd-0bR8mek=lPE=9(nyk?()d)z8G<22V)T&{b9{$B^m5W z6*3N32VM#w;14$lDe&ohL;JuNzQQ|=g5$3xrC4J4&Bf*1kY2klsT}+~+hO9u7-R`D z;@}r=^MBaiFQQ06x)82a?ajULLZvb;rHkyu8gpPl?_i}FN-1)&O8A__q+IL0n`4qF zQ7r~Mp_-T#YBEB_5D&2mME<$Zmhyp43d+5`0YC83Enu#UhNG3H?f^fs_E|y=ddXn^ z4dknyjF#&{sth4(FC47P){}9-OP3T+i>9v0AE6~TJ^;2}QBZ^^o<+~@QJ{4nxT}qk zNc7kQ6x_}yP8hW3i091i5k?3(AeW?eYM;fNUupS!iI2rR8AdVJ5rzmcWcU0p>PU$v zf*cC6HtXX|&J_Nj&HGiG&IFk>)i6|?`{Im9R&MJB#~{8z@!5r6m8JaQT?74r5Jzbs z;w-$wfLh4aKmEdpZu35Zc=);eJmS~4n$QWlz{ip-63)uyQ#A9&5*jo4zV4XLLK-!2 zo($UW)CPe8O{O%Dp6R2?`({RjU5CBzFK;;0L5K{ED8djN^}cJtwgCzhvEm$x27@3! zh!U&i)S-+pWydKfQeh1C^)N&z%9p4pjeK&k!u!j5B-+mIy_TaYuwqJ+Yh z90)Ocs(=&L`7qVgAG8bCQPT5pgPI_e24Ro%&Kah9Bw#Y;*+dMuQCN1V(ACpSyT}&= zFk?;eV3PP?(0`f`xN7R{MD_RL1Q|Gn##WLhju%(vKudIuQ;ni_B#8HuC%x^NGNTv1 zRW7VI@4QU&4NF>*RYM3`uWFL>^4e%oNFw@MPyCah2Kw2!eH@&99A8^qYv6UUezV90 zJ5U}P{&YY|t0AtRr{BkiF~MevDiB(N`+Q#rF{IY{eEK-}wW31@&O$g*w84M^4C^iD z))zHr<=3J<8nRFQ$4;Eh^;8khRO_2NTkt^me2ZU2+5Gk67YTk%0+oyN`*o&cO=k*rW;zC>Z+i zZ_s^wMtFr8?VbXWgH(%lVEAH&DXo8GRoFnq46K2Xc{;tZ<7vPq-+;}|>+fUBg+UrQR+3a$K zRszSAaORBPM{$5O<(7z;^oL8>=p9e99@AtKEW-yqF=dCL>5d3K1aDGUp-RvI2~b>w zRk8Pb1h-cS1hr~aPy)OFUGO#vY?(~8I%QR#`4avBq7xMyn??bWNTIYU+EBrlQ1#fG zzIgeM^INx+Sqo9(yC%uS$neWYCPpN90?7eo(F@=sA!3$jhQb@`V$bz1a?(A?4#p+n zzzj5>44};pvc&qQ#m^(y?rGa1=dR*W;Kp|Ipr8}w1UZ0ELxvbas`w zYqe9Pz>AMj-gnPw%`G)=aAqjWTV-K)&J|2NCp3wots3}f`Bb)Fjol-@8({rnt5$N{ zhmVGU8Fw$$(Z*d3?;M4Yky|U0Jjarg#UF=(JERh)@vl$**%}s`lrB_Uczf{ui))Q9 zysl?cMM28fycTlrI-_?YMY~-NxSox}_mxomUH#U*sRW|CJ<}Z9Wl21DkTv&SsY|Wa zey>Q9UF3UDKqzdFzFXaMYO*LZ2{A%%HBYV60amZw3f) zo&yAUA$OqBlU`L0cN5V6()Q3xISRR&ip!LgF3@|OK`KCl#pXt%G-#S@)r@-Xm$nq& zpgc)(OV16$$%@0Yx{ldmo?xLzAva+zfqzUCd7fmzCAnjG4pZg_QV0iJ^@5nIT)sqekPDb9s zc0cy?@O`~rPhYa`=6Z(M>-2JT&NEVRf#U1tB`J)ey8h`~r@9ir1$@gn3UdCb6)mMGQHM!_8WFgWgN&f&D>sZ`6GUALSIHOmjy@^x+YVuKR= zH|Dpk=U<2-3*+!;21eo&DEOPrxp*H3S-jAq5QkivMDPAUh>oRrr=qEHM2i!*tOfka zX@c*%6Z9TAq+^_s)7{($lBgk87g5}#21S(_;LictZRc2a^sX) zKM9f^t41kDE3ch^opo?Go~B%=p+Y6ym=WVS?zGbnl0+bn8gz;ZHD;E+GD!GM(=s;- zOQcM{4^;%h5RVj+;e|)ZCk1dM1ZJ?GjVl6MJ))pj!ZMnI6IIewHHtM?{tICmr*x%7 zBrhW<^n}FfW1wBtR)}7FWSm?j}4i0Yqq<-rP5FzW3clj=!W`r&N%xASdRr~uQk zDWn1L^;Vu_-KKIt8^TG;L3>>>6%F@H%AH@{QH;IF@U51aBxZ)<8}1wD7eyUq_t0*y zwryokuXY;7|*UL2w@f6egPCox6h;Oqg z8M=|PKp8q&UQ#n1G%jBZDDqT--eeMd_a~Br#{oBwbAGD|ab9wl5`FgE6Br)kqPHA} z%*LXWJCyJFCWHX1`z(e2jFYUU)ZBbj%_I>03OuCmOGT%bJG5r&$elW4ZqV~nm?MH_ z!xhh@`1-l72dx1!fzM;O41efzHTEvH;vl}}Fi|6m{Wu7nLM^BfdG0J;lf+kJ;$pXXZnsw8Nhz zz9YW+81B6M*n*iMk^un-d<3C(Uo_6RywDIZFq8S^o@w znE%FfNn&sw7&#J`0DI4AE_OMBbpz*R5$JPmdv&^wD*p3xR2$6T3x_Vn@=kg9~*OJgvuKJ#%!kw$O0yS>zL9+;iAM<89~7ferV@{lw)7oH`s zZ?%!6WG7Uebnu=?D`cUu1WiMQ%0vZF1Qe8Dsae-$%$fo`8;?yTrRN$>W})A#FS5zU zChwtDKr?+=4NGY%BW;u5X&rn{0x9t5(gLTA8yDcuka;P}0p;OaZiiwV@@22PyA1=L zhG%;%fLO>Va~}*^3q2ay3YcOjEQw2YMluFp^nf~9gCn9<%9{|D@kC9%d>%{8dN99C z2<>KUQ@IH$P3VKZiv}dTXNf3Ki7EQz7uG2Pjy=|yLi%C+CDHL(1zAm?m+fex%A$2&y`wR zoYs$z6$Y4}HW65!uPkRA4+))k0lOVRhyU53OaC!=U0D<2^I{LYypUX|CZKzDpuhLl z@@;%+ydY#8`%OudT?n|NWE}3#_XI5-9SG(jai=;D>!qIKziFr?7&R0L(=v|ON$>llG7s93E_p`WL!Tj) z8l+xMb;+(0n|nM3W5-$rW2f9Gx9PY0xaFn)k@ah8WhD;d)urW$7O%WGA|>E>VaPz2 zoSTWcex%9*@p0?>b9(5m-%W2UePK_Jf4)6y;MymT%u{569LeB>d9J}%V+|sz?4;O; zuppRe&N@%osn@UX=J0VS7h3i`zDx4TRS-65v;JhSyj&zp64xvPpQaFLn~>}QhOlVf zS(DF9)p599(ZbBiOaKrC;C z^3CIApwN=B=V)AoYd@asWRL>8h?6s5u=fi1$*D3+7zHK3 zCk3nr`Y_xP!Ux@+ncSQu@=pOfmIx@kJHXI&Tj4`VP(kH2yAcYgPNRMpV*Z?BRnqxT zBL`nGll$scNAwS^oj;gk?*W^?2gt!@_i)cIC;%^j^@sI$DS`j!yBA~c3&@D|bTf#&#rmTRuEz)#6;7v%Ncv08;Vm?g zOG7Z|3e@H*u)ZTA2_A?&{;MRW2=*p2mhLiOx}$#abg8f^orzh}nF3?80)L3^1GR3@ zXx6seAQ($o-NQ!uepAr%<^B}7UoI*Bc$GJDd{v5vDWMwAR6M;tC2aAdT!rBhh&1qD zwL~2`7e$jqt~&PtDH%n;Z>Dr0z~hNjg5^WPRh$xJ;tl4~_U9mR*v(IOATfA>fa|oV zMFz!q(xpVuqpz1f6{MP4@S-3CP*OFJ3!NqF3R?C?%~kN_^hEjE0=Y+bnZQZQ*YUL~W2c!Z>m~%$FTTUQE6?A$1*BVRt{%Jm3ys zo@=rmn`5VLDBuX}0!IU?vPePXJ+%s{iJQ4!+JEzC`Q%qB8&mc!$;{G){HALRIkUsm zUOS{*7R&R9$hG}@$1tVOCtNI7zXkhSV6hVuzx^{QQ+FaPBw@AKIi}e`t_c|Fz{B~c zO?>g=G+qpORf?#hnfGgrc(ro=blhRCbBgA#B6gI^rhgCWUbn~6{A1iwk$4-DcABZ~(g&GIIH$L2mHrfv_sP@Ag7RSu3mY5$@RFG{ zt&{4lXgQIUGF)R}k0e|~!YDvq-U1xC3tyeJ#<*ohK>Y67=qOr@kO@dV&p$3U@zJOo zw~CnRNI;6zA_mz94Wap{d+G?KMc&eX9tw>DQyE`6u^zSdo>(R13m(z6Ek=M15aZ4j zfliU4johHK(u#*jOSp=_e005t>vjhO{lJ0`t0&n#QNJ`H1*ilu-6rS%(`JJ6V` zK3y1NrVP_#jkYIT_tY7#zVWQnS+g`0ZHRT=@N&*Y4M<9lX9b} zN84Rew1cW@Kr@!Oi7A=@Pmd^e5r)dM`tzJ2LiW|yqe_Qh83B|5BfXRT+TN!+=W0>E z=dvXx6{+Kr4F~rF+0{Iuusju3yp$hFYNg4?sBz?{Y)bcH)U0ED?glDcq(@@fx8%Cq#Uh#8%<7B9h3RewUA2nNL z%HqZ0-pETZ(5@>tOZjvqwxTz4<(sPLx$ucQ4Iz@xb#4LxWGyU#*1qqvM zTU)w>O5#HLnL?F0Km*TyeKNJfH-wWh`6K<_0^@M8panN_Xd@i=>a~Gzjgga zld~IW3SbWe97=C78MiAnRMqVGwn{v5s0U*f>=^ZnY7srvr{3>f1LV*mTkd#aD!Z%R@61pO=z4 zv@0A@a735`MoLu)CO6C9p zP4`pH>FvN^heJ|{8%t&!HNoM`4X`q^(?Yi`Po`RXO*W0|l1|oS`lb4hQ$vj!NNrS zXg581ORD~1r=ClIU>u=qI7&-U6!I7|CfhaEHSxXjeW<*6>lycdB#ZLbwvL4s);v|pVyqJkTr)-RIBP_jhWw}4+UH;3lQeg++U=nK?&0By>9X^e;X^df z%~*s^adURyG$mL|OyAI3L}PsuEk z0~s1fzs2sU4f}}yXz0Q_QHf5J0K*V=N0pHU(P0=Zn5qEIPK+vvtCmUceBSqU6N%ZaJQ+J3U+hu>wXHy$8ob(M%H6qEwRh$6h z1VUoPfESc8VggSU)HH(v!0#jH^-2WVx?fteUeTTzrN9U)aDF8P2U^SmKp9s)+T-CbCqI%{e$ zL{HBax`4SX^opdx9SV%r-?yq^6p(A9XZVY>v3{l2I-9ab`!KyGDM8A{`tW`KMb4d} zlbo8~{Rw!E^;1Q)hffO-PCwO}HxMb(%0`l6hBIMnS>=%F zY(H5oGq+wmqYx6|I!KI{d#YTiThEc>2#ni{0}3L2*8rblXg`q#6p+u&yzF(-9sFV= zmAoBJqP|L(D%IUkUgS*NU9!PSjutf=!>w{E-9AYD+5)SQ6++*?Hh06IdbUZG=2tb~ zQzW;_SP|rOmQ*PZDeIloJPu6N?`Z(Bpn>ouEK$lxu|{Xws4u^1=XN57ZvlyP?s&27 z?tL_c*z%pZOI0B({ekAW%#J=ETwAydHli#PG0{m_<$U#9E4EkZ|8R#=4CQnJXBykv zUmg3$N$kQ7?vc(e5?zrIQR9+1Wt&anF5VJ+w$B1-m$Ij;2a@ko=G@iBgPO7^g&C{y zipU}pA#H5nXI-A?Emj#tY{eeY6a-Fu{x9-IL14A9ITG)LEa4JqzW!E^&)n^zP}pI+ z3?%+oTglhxQu`L5n5n=XIuUsyxRlk@yWU)SYQpH=2|>K+(s)?qN1`p`TP7;IvnXhf zMA>5%T+$Uo-LPR!U{e6sF2*Gzzr{K3Mpd(KK#`habBV3{D|Rm_Ow#l5>8=CjJR^OZ zW#DF9(T)&i41XanJ&{u{G&I{HysF(lKEi4N(}9VKI_b&XggPBlrr-W)!~4VC4-Rz1-_j(+cz}U1xNoc7X-eMgGDy!ctKk7KowRo5ktYEwk3j!H7qNnTIQDLHm~_Jzj#ocEIp!@%`7 zIH#PR(alVp4`}lNQ@7h}J&!KP-D1VNZ~H*3kViC7oMfGLdO@d1|Avd9+m`r1@CGe+ zire=l%~mztx0y70lh<-@>INHh(}}C1+RO4mhk|t(I(2QaHJ)*ri9U;`9)MSLt7W1E zsiM+?6=%Cxe2WkK=$x!;QaQNYrpO8~Ld^phC+V0`QjcYprtYKF{DB8NDI58jS>=7A zCD=-V!Ux#AwyFq@-P-ZtUA$rl9cm}1Q>@FRGsu1O$rvdD#4Z%t&OdTBva@wF$-ur0 zG^@}|As`u`a#E{GG?RQYi|;S2<6_c%xHRpO?RUsb~J~#0{n718cZ^MwesD@)M89xgYgu@g`1sHiOR^m11V!IMR5o9mSwH`iM=7Pu21B z)n0EbBPNaAK<^5t+T8S>Hf>zxdo|Qfa)2^K{X5qfQlo9oK(W5bKruH5Z*E5^8SS20#}@SZwxpegVdVWP!LbYNfFL zWqZwNY?@VM%da~${4D;reJ>$>lC*t4OfmW%uHC-X!`TfCFyn6 zXE0H5&jjk$tIT)SAdCD@iy&U8{_?;%mr}K1&FGwNmZNKvAd_?lf>|W9}ay!|h23#VwXqhA)i7Dji z*L_Y)#X>IwIG>vFJUT*iU4TmOY|`@N-B7i}`Jt)py=`=M+on&Z`wBv>H3*pTp<)0(NOc5;{ zUbNP)Vu~H6C-e+0bu-huw3fQ%n)dK6`SckwJKf*eFC_ib-xmb!a8XE)|6UxeUte-o zV+xu&g~hcuT$(-vaY$aCa?TQXOZetoPaGY|GIM>;t0PKoG?gxg3sYIClE_n)TB>0p zS;wg+3eMwS<0DXThvNvc3NM7d_CL?k#+GwJi2=;hUk7&;SzCSQ>R_W7| z9r${CDIr7B2dYxZZ9QVXvV*%6=!py%4+_(K4_hP@x34V-Yewzy62q)q;2c`+X zfutm~YQ6Gv5>hSR&r2RwEk2yXEV7ytDsMrAFPkahCcnRQ9O-OMA&Fr@lR1{h#I%-s zavVc*8Pl0T>_p-d`J7O@z+(nCkx@fGL3F|7*7J{=uE-)aH^GXrig^0gQUtCOE;lm zk)=Uzc2cum8d)8U_`^(2HzUrtr|mlhbZgnkq@IS@#lnInM^lA8p@iD+HgTpA;ipf8 zPr3~LE_1oD9XoGP>vT!0GwRLJQTx^Q*V!hGxSxCngES)FXK;E+ zGXG(9`U%Ti3KsK_gZu;|J{_m&1q7dU=(MAlmS^VlBN{!kx+!I97wI(3U725Kbw){z zw&~?GGp+S6Ws(`%+rcBVIaWrG1l-I=g*Q$F3wqJllF8CHRx0pxw<%DCni_{;AQd9) ziJ)=jt$QKt^S0o27#f_29T!d%9R+OPFz!ke)m=%Q;6yud^ml_Rnz-ZZZsae@e2^CC z9cnZsKEyS!CK%i|I1%c&g!lkQPheemnYg0bxD$K*dkfb*(Kiu;>W~YBr9#-IguyL` zctZ&u3#$z)MtK&l3en^=x^>)=eugj749T@TxFA#e$Ot<-t?`@bS%V1K-sQRU&4E%; zVVK&OV|{W8zrn;`ogM#32*==Hz@j1N(qzR zYo>z1G$CliTmYIw$O%2X6j6=(Vi^+W1c1( z)>w|^$rMDhyy;O>@R$Ihzpv^M^7nc(A?fO#qC7&%x0y2FB5{&3AjaW;e27&J7) z`*(x=cn?lyWzximvO*M1up#=HC~9AqVPt%;98HqBk)cskIff?C{=k_Sy2W;bQv5%V zthX3TBQzdZA&!<+DlN&cl;Tya5uJ97PdO`~lo(XZ0xhYDmxz@iad|>SIV+}=99K+3 zJQ1Bu!aSD9oPWfCN~3tmY7hP#je{Ngx@J41Mvm38Nd2>Qby+v#@Q0hJgF$%du_K5P zy>I7yk9x5xbIPfFWd3w7YVzZ3?i)D@8q~W+|C*lr^QuGaa#+EEG?numdT;MgK-) zDjV-Jr@Ep9Dqu6>(cQ*<$Lu!2iMg%r9Qvg%1GY=*6!C%8G!ROoUzuL(+} z6sB~>WBjNvBYpxYas{)lloU>ttrj}(?JGA?uC}VsQDSfgyV3=d4BTwPKXD3|LND{G z&~~e)sGB3$e2+0r6VS0-#GuwLASlMNi&#Y>nL6c(y-oo?{Ix{H{_3^;mryvmnT)z( zyizc{@y&lCL1~s(8BNjqLg{y~(AldXFFd17V9u(&LK;#h7TQYrOZ`Jip*|S z2*~x|oQxkn2oa1`qef%n&9J;2{#L;se9$f_xV`2ea`tp+g$b4riDzEHqM?3ZK=B4> zyzLz<9;g>O&=M?4zSj=gh$Fb~y_u=(3 zwR@B1RqEpU)g-Lg?x6pVU^~XkYmYCgz#y&HJ+F86er~g@4#R!Lz-*{jPMWp`UD1qn zCu2aZg&{qk@N+D9J-r?qlhXLWvCtR7Hfknd(}xn+ch(BzOXHmSpXVb@D&#dG#U8*` z)I>7fq7cKH*smT%3^8pupc{C2^Lr?rLr}-`7L(&)T$3TD)dkm- zzXMDt$uE$vF6%BuhirZ1!@p!i2wCG|hPYlsH;-EvH3#P<5&LtXJKPc{)_g)Qo;G5> zC^V=>5YZ&(nA92BV^8o5*$fKzOtW0G6$w3((y{Z08s`hQs+?JuAxr=6?jH{ z3-ja5LVNVqBLWk^_Y!N&oF@qgqs~m6T)7Lu0UnK0A(W>dM%}W7NLDXxjE7p) zgOQ^C)jeY~r4{W9_%G+Ru7iAKYYAf9kqV zf$D+V3RLK-lBZ9={1$aIlh3v1g+beb?QBA;E1oj<44J7_<LZ+`jZr7@X&g>|_av-=u0{#JZ8be86fQdt^z(0I zygl+DXFpBkfCe!LO5Wa=23>x^*JYszQv+KyYh`84$T}0;k$=;(u&r=L?V%c)a=S-= zjKNdb_GT%YmZVGelc3iWd2<~lEE_Fmg{XH^5$}9y_4Pr#J3S$&U=^`A=~fCYt;7Md z1x|VqavLo%aiA}+jawqYa5EU^62#w6qx68MSE=(=Rk7p7DNa&9Zh%#^&)h@k#j_d0EPSmmOiUccc;YEtvpM zZk}WgGRMcq-du_80vp`85g~ixeRfg-GnyFF!D1OPlGP$}&qFqR>fE~L8U;2|>v60#irW_?`O)d3gVpkd1L4yd#6nx5v z%FtJFEV@^vV9NvgN4^fwe3lCI`nD}OdfYRfNt_ygy!u4R$Rp{BrDp~)CA_MK?6a=i zlq=GS#(;Yi+s|ulpM_U+>)-b=qbEk3Vklv!`zy?wnNp*sA??bWTZTGlE%B7H;V{N$ zSg7)JdV%;~4%Sb~6yWp_(a`SxLe&Z^+2=C(^7NN=q|*+RmQ9KTUty1v*Pm!5cH_HJ zX3)I2j~&XcI}#13=VAabhBwsC^Ry>PmgQ1~b`)XGV{>kc-cl@q3@Afk96Y@UygXqN zmZ!a3bO#|E{A}C^{2pGP7=%A5#<0&Hl>}?E8&|cPtoj~8RhXS#A6R_V)gh7cM&U8; zZCIA&)!{p-!4}F`U0ghn_gAe`l+_ixnVnt=0Alhx1))CpLhK}&Ol^y5iL{-On9WO3 z48MwcU9C3N9K(`Hbx%ByE&t#gO9{{JOd7a8exJ4J-s|B1_!6#Ntoquc!G#?chYYZ^ zBhQEXU+80~>9dRigkCJjo`D4HEv(1);+SntS`!N|+A`vE9tqXQScm^Pn6b=^?Cq%Z zc(JR1M*Q7V!SxdNERZmqdFOiTHVShpzOPH@cd>tG&odh%4;x)YNl!s_`gncZT)(IL zUuo!fdbs-8IXJmjvt;ZH&-7X@o!GehYD}-1J_<*(`||FN6%zLJUv$S(<5Mpms)b!o zu;VWb+c%F#o*cKncmKV&NOe4Pc2d8(ZrYLFc=eriBK~IGaMsfG~q8%8*E;W$;^fg`(k#R3~<{i&k+qX5WSxE+29L}Fn42AU6?$(0_;>giXW z4VXA>hRsj^`hjP5e$I^Uv1T<}f4u8SFVXJ|Tr()>3|uQI>EI+1&qeb{+2jI6F=j@Fv1+6HFTx zZF#&dsoCn$nk!`Aq_DROW-2c_J?@FXZ9oSW@W>Svy!$1N_`$JUD)BI&`oTB1lS$Wb zPQv>Wfg7Nj0e{wPAi_hB=)_N}v_1h8rctT-LkO zSCv@{4rLq}#6mSup76P0tQM}l#``HVEc0~R31xddNxMP_u*+Hdv>3h6tO;{dNYJiO zwab@`8s7Av?;5viYSN4zuFvy%;_|!cvFJbg{VJ?$)7j2U(yhkp768k;XgBW0jjt~P z%!e zG=qENRRhZ^-l%c*NnWSX$tF}}r8Frq!qfYl%G8t>;p?V4*(f7S*uJ?sUDRf!1GI!v zc3#Rx-oL34vy+PLt4(yOBY|dwVZ!DJa$5E=g`TyPl@u2EG(86K0HnMip#%7@YLOi3h?;$xG8Ihv%ldru zb2Y>bf+ZBfY_;$3J2YYApEgMop4ILAE><|Wn@8azl&9;mM>J*`*zy|Y0tK@*BR6aw zB_5HJpE@}=EoAa6gE(+I3iui=$b>WJm(f71l7sWA`A}enBO6LCCK03=((tpXEYy$@ z#*-c%qk9`!IhWeTlu!vMc`Bqi3XUVAHiA?fsM>+K_<5Ql-Hmz61f+w)*&Dv&0X6aq zsxX@^GA?z8+1F-jk?I}FwxwDNEcKVOqzZl!+$z-Q{nKWBCeC*tHbD^`bkRc&z-(xY zYe?cWan~WUrE-RhgcDSnJ#>Ddl-Va}sO0JUffDMfaJ~$-0x=yd+8@~2i2juaI=3N5 z@k#&?`jCDU*Z7CS6!l-05ml(I;VG^%BH~mdK;#u}Sn93Uoh6M^w(&QG(Lhc2gPDTd zR)#YQ_Ic1&p_LuQ&Y{yKQWr3~IBYqB=Z*kd9RuLq8DxrOW&aV>ju{TbJ|As5vxi)b zG~vn#(`OLWSlSs@d5|Ck)Cs$?9|hB0@nia+UdmuV@_+G5N55UeC?4z(pM6sAbBge| zoG#jHPDbg~t%z$vNmLc!hdBaT44Xl|_%CV($N>I7kDyTq=47d0 zsC1grva?JZ{ulNb`775tTmQ~8@EPiyxQ>6|<@5YX;t&C8wer3Nw}0x5ak6e^W_ogP z8#+2Rd|S6h``#7(*xTG%MZC=H+}ym*Hk#PF?e1FNTK^}Tlo3BLi`>27w7RCzNgo#h$}+Bc4}N$!=YHbvf@+deD5an@`9}7CA}n zTX|*2rpngMLq6x-@^szUxO)DtMGZ1DENg0U>F99Vfb-g!y?uS1%?q-vbMn9hxse0# zV{3bT_4I>lZQJtF?vbl2h^rhp>}~02IkNFRvHATldfM>yGV`;V+uPdwd1|U_ZQK0o z`XHG%^{xJ(hh@Jwdu1HK^*XtWEVBH)vuWM==mSMEIJ5ZWA2tJJt~}uFFUEOvcao}^ zWx<-qL!el|zZVnjE2yQ(jQ#l3ob)031ZJ2xe`KWS5hP>Q-H~$R&O93^2L}){%tK9S zVZ;zz5bs9BxTE@PbI~`Tz_DSE$spNoM|CfW*t?IL-7^&Hst*XTXvTbby~nW&kj3W1 zP@w%xo3MM&@gt%AROfBKY`e#QVeY|efyswE%P*{=#`1e!%3}Q9g5>M(OCt3C>w|R` zCs%|4o1a)hOV6TEKiEk>dXe>odU|CnmVIi&qGg%?r}f+|Lz6Fg%6ohL z-ZJ25r;eR`>FdeL`P0st`!Dho_Wr*jPlI>%;feCAqXKJ(Q2P0Z&{yov1oh#Mi-kXT z`hisJk^;9vr`EgwQ+I0IJ@}V**-2fjAG_E+nlrAGhmqF|5hL(C_`h))qPbk`+ULck zA8v?W7#H+F^JrTBsbxlrcYjr!EuOto=KPtBfs5D03JUGuj$ME3?OL@pef~Aw%KG%+s5=zjntN$OA<8A^)%d zovKdyPvbyXESZUps=Y$av3Eoc94vr1@Z^I`h)Vl&a9%a<_WQ#_FATM+Ne@!m)N_!D zi~AM77}oC(2TTq||1p0cupW<|L;9;pkA0Yh)Quj89$nB5`R&|!M~LYcFm(H?GKe-i z1m<}RO=jL<pDg_aT*KWN^e)X1=;M?Ft?-c1{<-2nLLR(#_J%L z>CQS@btzedf-9Etr%C(30V&S=4d+D3=T`>43GzM!{zPNuxE~|vEg1@H&t`Q0g!~bF zI*&g%GGvHtjF0xs3~pus$_qq;3T;nmD!8$;`Gdqm^tbt=_Ir}o88g<&ujXuTK;AF0 z{TKartrs%nzbg=Tq-ez@RpOzVXJA+UkKjJatq;fS3~>hDXI~f0RUwmviy{tgOe5!7 z)eO5v`2p7IRW+ZBIRdr*4dXX_&e3XIss`hwXkknYIBr4Rf29M#n!%>8=dA5z;!Bo( zW6PGM+UXTlV1-W00B)^n8b^GUZ-h#pp)JzEhKwBed4p;sURI4Aq!d|g!&2>L=%-31 z&gC=*vhd%}Jv4_2#m{mRMGiB&zlKw5k8}GL*FEL)>hk3++_{Y*!=wvr8z`|-{YKk^ z%C-UrP)LR1E4oYRIMgI^H(v28!9y(4VG2I97}B;tg2w)&@Qu&udi>Lx zewue!XJeHCRgVj9QvxqIl9s?(W3xAmQK{Ek!1FcKt5$z&@M?{UFZJ;sqk!F|;Vo!BsPpY-VaexO{bQIQp-}Qb zJ>KP~TgfuP0{Ai-l@Y=8b2Q$}&Sn)%le!{oVksSkynhS}oyzaug}1sZb?ht>HbqJG z13J!bLK-&|>LZXs=n9h=F7dhP5nbMmNp(1lTOVt)Mwf8>14y*m{S(Oof;ye0dJo_n5GthUNtSzKpzcVMAk>sRF=d@~OI4zoaE zH=|*NGU_YheiNO&9gv;yg>IBXFixX;D@^RwWV!!_C z(Vn&`jz$(3-TTi~>xi`PB$(&w;Nk@ihvDP@<!@%&odEE>a>&L1>wcwmoy$BdC!}_Vy2h|8W6gQnxT)Jh-s{>4`4SygdC8}tQOOp7MVW?!OEjtidHhS2fG#_J^U{}6`3L)| zk(-bLR@tSaQpRQb;Xl!(0oK$t?V`ztDfb7IwHl1RtM{%(@*bnZNNP|&bZ)_-0`jTS z7PW6%b-o1%hnAgm)P5J{RvspMR|H;cx9+3oC<$l#IhB7Cc>sXRMtLOG*U9WfFA^|S zkM9PujoqMw!R^?+7G3WJ)%BsPzQwd}ETw4&{wc(tF9bJgM2v6D87|gxqx^T@6xm=CWb7q_|8l-7Yqb zc@g)UB_}9fpPV@x1doqWj8>sjP;><&%&(fl@>d@v>*#VGNk&b(VCyAOi~@qvGxJDE zr;A;?7l$dLS0YQzN1y};(vV?VL3ToBve`}JNrPmkv*>m^L#`!sRhAM|KgO4r5jh>H zSkFF2F?;e{Z@s(Tem9Kz@<{87{_24Q@VbC1U6<2DzQTLZaPU+cfQIXB$t^Hnz=ptJ zfe++8{foklIQ{D(y1AwAy2Va!kDT6~<@ENX(_0@IYfYwL$3g4T){E~?j_922;5ziM zJzMnewuk#?o}ryt!-H8Ce)O*#ulV3!umT0DcAPCGC!Bj8=! zrEN%bJ-VrpeK!ZN#={@^W8)Tz*?H#awaKqUHc(r*p8NZNXN za(Mjuoc6DwC%+%jK}>tITJEM$?w{ZWL;8b$BJ+g<<{Jzs#z2=ezMLS3HG1fpj5^ba z(>;nN%+hQXz(rvsng{3NmJnjEK$R~5; z0XOpcv~O}Ux=aEPPgA9TQf47C;nsBmuY{N;gBk}f8%{)oPUhe( zbYxRPaSV}0Hn{s!v+&dB4xdu_Z{;~*KRzZoSqw*o{NHIm%fx?eZMApXPxAjEKEM9j z`eS3h5YRdSpnq(!8@u&KaUBi!X^$DTdXyy3(NT#j$i6Ve8dkgu?$z~zq^Ay^7kI-Z zORAFE_bt<9(Oa{n!Ik7$XUE5l-gY7aUHp6!xEzPt3WzSreqOr@((l4s;b+jUJ8vX1 zYa>BZs(n&ZOr2o%$xB;M zg=3t0Ugx%;lFHnp+D_)1F2yS5fz}yJ7rn#IL7vf_Re)KpL%3(CD&nzg{%#`2R4;(| zQu`)h(l;A#{7`L{`1Vk0^!Cn(=|F`P19%W?@i@-d_O!MEud`Fylt zbtVg+4xC5`m@MYH>lTo>lQZ}7)={FT4>mOJz-LGh?du_n0As+*#Rp{5ql=(epn-h5uED@oLa4SZp_zYxly-t}3lq4ZFx^pXbH@_5Xa$_VM!&)3B z!N8MIqSQQ2tlE+ZRw*DfUDqUiq54PJ9t|OBm+g^Z9ZiMa=t1KtG!rJt5dLuHPW-*~ z)vE~p=4gRuyPNQ8T><3gWx?%c!2Nlv6x`Me2@U^gQkL18L~muVZ0+vdh3M^PyAHVR zuXbt@O*wIE61|)0X-ciSIML5Ceei6reBd%YO&NR_q?%K^E|2W??soauxpWi%*JW#e z(_xU!ox8EMzw0o_=CitN{qYV|&qPy)uU&9^?VY-Oz4a-{-gCjVx3<2j$J)mFkmiLJ zj(p>gHcxObKl@T^)?QY%#vdxd)$!Tco3ni(vu$J8`s$Z>7HCAlmp)&6t@CJ;?Eez2 zOhU2tOAO0Wa|7B7HB(K&I$0$_G?-~g*IobX=zp+u;)e3V4&W;P@7~s4R{z`Hd)ohd zkk6yh|6a(HK9r6FxftLk%H5Gt3`j7EIs+L4f&pZf%lP2*L`N0+jmGzMA!U&wr+8Un z(ZWQ!O=M`cd@Fy+cX$_oc_)8m0;U^uCR3hGwqU}qb2?Gu>oYXL$Ud*Z{x%8Qu8nwf z?bgX?;tP622V&Mh#T`vC#&unVyr@Kem~BBNC7dL|C>^LsNE7CVyZiD?Gg5(P6sfZV zdHjcBTt<}3mrltdS+c?K?Fc*01IFMG8ICAYuT_AFcEie3g%oaBrXuGCM>~YgJ~PGK zXGhh!lTJY~b!NFe0!< zo}D5#E137EvGn!&_F!jM6f491s0<+IrsoqVvUNDsPEz1r8p>u4hjT=w=%pq?c9jAM z?BGIMH}5V7aWL82$-Yce-0y~m(6hS`ns!M zKxgA&)aDEoM0HNJ%bl(7R3F-<^WEGuI($gd=1%>2l7Tj7zvio3{kxRzz4zYLo!bqQ zi6>JJmVuz7q+qK>k;V2=9cW_ z)`}ib&jwRHxCr|dgFa(zA39y_Y8pt^#)&+B0+bs$Z8dzo4o?(emD>SQRH+RE8+0?< z5i$V-$LuEdKEupv6~$fG_+*fJL3bE7*KP4ejIa#t{qCPS`oFZF?o0n~gSMa3|DWPN z9_I6C^nWQM<=F*Hd+w$xC=x@8F}qm6NFFPbLb2qr3Wz4AFAN4sfiIIi8B|&^wNL1i zYU(q*b>DgOn?CbqBQGmsfXFB3#pRmLD(KSUk-Sj~2q>^kujv+9mt~YxQeKOE4v3$c zKS@-UR#>+(dNj&NtBMEs)U)HC|5Hc)he;AA_ZR=Sz4a_7|F^cD@;^Sv=Ml(%BH`jH ziKqQ5LA;hd?Z*e`_@KEu6rAc)=;$HJoqe{QK<4m1sA$KCfKvt3IAV{8a|i4T&iX5= z?wnpgQ`o*Q3KvO8P_Xt&p&-u=YVc{E61!PC&aPlY@?DTmNYGH;Cd~(Yca8M8WwB|; znd7H=i3G%#R%z+)QYj4*(nU6mLyTDuqpm2jYXZ!A!>pQhiXG~22H$Bw-ZmAaQ>tTB zb*Wi5vt3212k#ev#*^;_TNl7x;(YyF2+>LUy*w7`S(eKeM5F9ez}ft1q)z^y3%T7v zC-QJU%5;8sI5jbMj_CQDJL}0(qhY!fvcH)obc)YD zEiSVW@)1X*Ya*QUt@h~^PK`fkUBx%v1Po9RtC+Rx3YITEDat3q`JifR#Wdby_VaG8 zKu&vlTx5AUGU)WfPg(vV=$AMgRTk7)hJGP5>B=>+ z%JQD(R5aC5IY4RBPOghJR7Tf)%=U?~0#eNVhPhS3kKbSxj;5FV^i%IoU;HL7MQN^+ zhV#S0+3Sg9Vo<-{GZRtehgzJxPv-L;HdnZK|c0mHGfC@*{w> zF}eR-E%s~X&bQW=={`ld=#;`XLnAA%y9z7KBt79WC^F4(-0ayNdM=M#Cv`EQip5dVHqI8qUg{KUWG-qMvXw zG3Jg8b(X=+D0K$|`#ev*bx%bWThT0Cx$(v_iM#-9=?&Ndqh1-TEQ4ek(|sB5wm6z@ z8lAGym-y29OJo2IePMIy)Fc*xXU)7!*?{Uh!vS5#;)1h+t;ET%`Bj~U@r89^k zYS7I;C%{4JEx%I1Nrju(3W>+*9Y-tpA3U0e=L7D3zSVJhQ8gS-F%-K6%PC1oV7zDirXF9N^gcMY3n z=u)E(q^U8pJ5WkWqTbyM(lwu}=vno^FByVDK2enl8AW!@iHdsTqL`3QCeeP*(I^TEAAG%gQ0IS@R)(orH0wL0*-j3oLT6u=S80*!^Eb_<}#uCsQKdU z5tqEx+n!E;sU6OKA>UYZag^D**vxkeP-qtwe+5E5mqE$(wY+`;dm27lqgVC z8nKn@%X?^KjV2aJgN%TlN0Zjd^99LoiVCyn)2+9qveM3c@jYpfroyQ_uO)fYwxKal z%b3Z&_{RAyY-e+-t@AW2(O!aXH%?T3OY)jylqu#SqUn#tl z5j;~yUoNBmROTY&s3%W%gk^`fp7!kjDL%F0zhw6K`-%T*Kik>O-v7F_{dE8H!+ai# z|5qRXkmE&hg5s#DI>aVj7cw|6%nY&e5dhc1? z!Ng}I#`3P1f(uOal4M=2AP+isZcRcCTq2$0%jqP9MM53{QF;>CA@YnFM-)fu%yZ1A z1JvI5+Ap|UE7fS#`RnrhboT?8vpsVFhi)F>+cRicsgaVdG_l-@YCYqnKFtk>y@zl5 zk?#_fDPl0wG+k0aez6o2o&%;+$Dg%8p;q zK@Mo`a|NZ$qu@JwTu|>f)WSwxvA0cMqoI6`k%9&8ER_c+%k@SPBjYW1?!*MSaD5^t zOLI{Ur%cd&MNykj(*vsc#qPPR)B#(zme8qlkIF2W!*{B{zZ7}%Bv>9ou;B6A!f+t_ zQY-6fDRrY%)%2#Z)I5p+(6>j}>}gvtYh0&CZr->xTo+j$qHk{7$$Ddu7UhYVQR@p$ zbh!mqIoTA5>ba%^xX42TjRvvJ+4wI-FaZ0%cZ;Dp0bQh4V@{fIDK=YdFSQ-)=E_N=_BsFb@IXG;^*20F?HxsZw|sye{$6n?M)iP7{`!ZP)*`iiN^Up^YEyg`ZOQ7D;5gw#vZZq&1G!)_U}d+X-~q0W`HgI8 zU-D)Tjq6@K)E&oQcsSw9*L;(s3rgMNi2Lcio=9(p9lXz6Hn{?{W``m*Co>*hbwNsx zW9QN!>X{_StlCJQ8SV?xo9g&P_?it+#3~ql^=9-syeVt8@-xY+K7H#dNn-mA!PmEQ zI2ZH`wheFSC5JJT%HLK;eGQeq=BwPQ5fdUCGg7hv^3+~*=oGY!4VG630rcc{JW|xT6EsVrfLBp!4*HMs_K&JC> zH8Qd=RYa@qaRuQ_`sq+TNk1(Q16#h@S{ZifRUj)MZ)MsYN&%=lRTeC4^tLa~NbZ1* zWJFP>yJU+GXnIO9mG4nGd{U;$$N+WW6Lbf^Sak$56J!u$+YEV?x>bHn*ILIHnlcPS zZYs^>3nln6kBywg)K}*Gly6?>?N#C(4TLfi_OSOLoziq=XfNy< z&}x^9^l{uNH;W*NeJ8p|sl5de@E2zB`3cnGpPF=u6M>aNQR`Ry{-;q>b%LU;BKp}f zEfB0}uH8>1Y*NxqC8e$KMYp3e=7<~3;L9CO;hG|Pc0RYKWP!<%+Y_EO91^%XN`Goe zhU|HmVrEw+f*J#L6o$s4sfcb`^cT#Jtl5<%hXUIdI@ObJSq9bEj9Bhi2p_j8CdLJ` zv?D&{^c0GftjU=feqXBJIZgtu)D2w2Oj?Op!`15mFQF6d^>zOFdO8e~s0$Co+H^e5 zm-)62_&JJYN=T+&|bA?Up_nym4v+@r-g>|45hcCjV-le^5h z7?yA8>%ae=_d$&9S(0-j78g~C%IhTa01GU&lrp|iaFkU>H#pkyCgL66lx|Ps8l?Rx zr9zskH9Q==&d%%Cka*t8l-E)`4{uqzf2KYNyHO=jKDF;*PMf<@7gnS1MiNRj*W@F( zSJlj#gmjG1!nRhTl-a@DlH^j2%$cv&UWXj!JRG-xBk`mJDGM37)*y2-!F^SoGwDY9 zf2>PIbCyoJR6?3cBX83ryJe;>I%+mFUQt~|Lr$+pTrJiCg z_+B(`BuGX6hrONc-Aw$)&i3}+Q~bw6eC{>=W1avIX)1((2srHDL3#cUlN-$(8plvR z)FpFC9_mEtT2|B7kkDr)5`U^dc%rg1vLbzu#IQ}s?h!fXUX@pV|)5u~|nyJP0+Dy@K5 zcamMScK0|`exHU1Q+D^xH=g=PKvi*=gQs(m>E`UfT)%Xx_={{{0D;O55asMzS1;v! zRKT5sGFjJE{5U6+4yGJEO6w1dELx;u^FgpNa=Ag7YNPL5`Xye z`k7Zec5$fqL~ecUp2l!DwQwp`NGm;ZuFceX9#{)0U-rv~nd{hNHoNN&ufpyJW7P8j zx}LgidNox&n%cMKMgNfLU)QA0ApZIsOq%uDBT=Y!+=2fK;d#~yZ52>L-Ce$N2KEe{ zYn|7^W{K{F2;S;ruZyf5S!!piADj!b2)#XHYn;^o)W+EZeCD-{Rdz;{z}>l{*4VnY(!dEL`{F5-9Fq+b@u_ zowLJcfl#VkHom^5qoDxOY;S`uZ<`R+P)UiBPqkKGiQ_EPX;Y5pX#-+QOx3aD_+VcA30K+eU5_9!+pc@bpB?jjV~@tD!sXL&ZM z+3y9+S!)EWCKVdZ%NmiQmVN$abT8~;wp3+#$RlQ<;9T%(pL*7smuEH*^1e!NZ)?=} zuNPl>>fNk$t@Pl`H*_BipZrnOa-e85l2ofDEF;8A7nRv9aIL(Ifi1f!drGFTl!Yf3 z14XA~Dr?CoJrguier9GVt`zsw&U{ReT|wuwE34sI3mtb3x9doBb zW=t(wGAp4R)^)czGn_xAIOYYsWXGG;#5p-;F&EqnKzH=R*@N{MopGk`RnSsSC7g2z zO4Q1Gbki-@JgD8GdyyWd==Uk^=D5K!WfFvR<^0r~!MDPmW8<94=muLBRmztvPfM0t zg^DrWgCwz))x|`KtL}crTwK_mn?p&h2^qzg++vjCx5hM+{g+{MT-KcRTC_m^ZyuDRvD!94RW$vIo-l6_z=-=}l&R8Ey*vwZ>eXsKeO zlI$94bXLhVFnMm3xLjuG&{>eR0WH~EW12GG*e~X*DTi}MW5xjfOguF_-gEW2y%gM| zadN-2&u&D;m}h5M(QvwN{xzd%KEKbr_TLci(&%;OIssH+|2=!QmyQ3~*?Wrrd6>_m zv;STpgB^Xnbn8zs?xV5&R6|QGKRShcH>*$KxF4IZpiAen_*8ufuIPA7ZKE#(tJvfV zlI~T6m;FqW!VQKjL00iBB%rn2bj-lPg_h%E3(ZEn7p%l|OsrQ;2WtTwwbPM-G1VI& z74@sl*V*+;;!T_@0ty_VS*VZHB+iaf`PmY?V7X~5dBnpZUb1!UP~f(Ph_o5yE+=_3 zoRV;CYv+tp_|PrNE)BCHnU>^)P(6JQ5lQuek7P8LBYm3o{?Uw1m^X;4sC*43yw||3 z#~!Zr=^QzAR=}nCa+atJ)S-I;XO03}0B;dTPE9aNcH^i<%rWi@x^T*%+|hxfz&>*K zjV(^+nPZMpcaP4Sdz@}g6Yet4>=kLAiB(c>$&NXkzjKVNQL{hGQ8naOjHoRoi$=_T zUg?IL+y8Sr*U>NfRQZ4Qa_7Hxb~f8j{-1~VJU;)=?R^~max=PpdfyK<@?JeZgyEk2 zKH1Kk&+Bt*g-6}Z=W|;WX*{3D$0256f6r|u;_J!V^W^Pu4Q-myPrjae_w_iE^U2eb zWxyvt&!_S8RIYi;^YScf;jgB75zCW+e%}6_+p6$o6F96OaRrc9&ColK9-MT8eK;Dw2q`aSvhpLJ#}qxDk)dfGABs&y^&?t)drsdmuO)h%w5 zGql{lpDweaJt|LKN@>=s9Cb!4Rk`S7$r?=0k$tgDZ0Cn`@f?=T)+LYL!ZfmvO=iT7jplbB^hv&_+_li5mz z)!W>ZCO`?c_HwbcHMTkmc$wb4#&&ejSx@tVK0Is2mHF-nhi;g4M_sdN-#h0wji$S< zg7B;-j)R%}%1pQ8UcC;q8x*I5T*{mx(450*f>->$RqbxNMWmZiNe(G7j6ci4RMu-$ z=^{QJUB3;iq+6wA7|*`AFji8Ri!f{N|1|n(q+DuWraz4eZaQM*OgWC6>;d0(m77GZ zu077+SHDbG^I~m7fIvqFYtZY7RSz9~0m@&@rWVqidJ!@4sU`C9UC?7mHugc!b)?^X9L#=j&q$mgB$w{(BSZ z;$G3-j_`Wx1xnu6(+En2qiYzrL=gG?=sFz1fD(|(fy{IYk7A*oRyi~oP}aIlZ%}(U z9}gm0SyTM-5)G-Q*K`*ysxcjp!{iWJ{!Ol`y-#Ws^(+o&B`t$ywsp!%tO}%gbA;7^Gi@!g!FLn2v&~VOl?Qo$oy-rDV77Qrx=Zz+>f(H z5EY^ia?8ur)0$RgTIVKjI=|qHFEU;|T}+Oq#^g8{NtrTmiWCF6^e5qU6yDHEkD@b? zCIBd}q%+W-3Ena(wSF|N_^y%5AQ}{mw4;DN2e#lVOe|tt4zXT5xAniQvf%75s2eVt zYIl<$iUQs_3n$YAr1xc%zyPQ|#1`PiFu+wjusz9LaUx4f<(;MwDvz-8jN*|eOV?pJ z7!%|R9C(}KQso!18L#c~;Z`&63#sHp2cPDp56pwI`H0`VgP{+T6je70tB^lsDVNLa zqD!(eitKe^*%x?iW`Q|?4SLR3pqFcu4#ObN%1KwmA$-H?bO^klluQxG;b{saEQm&E z;RWK4Y;XM$x+;yQ39N2w=(>vfuY&Q03WdR)k7-KA@;L5+*#UErtu`ndtKhwLEyuFfofHMHX9n zX4^s4@V^f5ZgH4iK9aOiNcA=M?%pxU6tl5b#PP4J?<-|!0PQCIA3)7NNtKE1@~PgMJh z{nm#`h>I1wVTeqmSzY-Z$PMkztsz|uf=)Q7YJhYs=ND3sd_ZMkEe?aT~!ZhtAe0Qu`>Wo(!2`dnR6 zSO2S{|AXc)w?7xN0V?$Wt-Z~h{{L+2>HOz|d>)Jbe}+p`P3$@i;`8PP_j6BZb)ql#V8|)?CBT3895KY9Hb-E2wf20s?+yFQM!^yFc(vY7(AI z1GzPGz0M=d`@6B{Pf`F%(GzNC83l=qB#;l*%nNe=tc!xRv-#_<(5OlLzfv$leCZJW z-HErQ;c&L=fl9H~MNc38q7nQ8mjaNz*Wo#p_i$fH(%e+y44#329EM3hR4S2Et0}Rq z7X?kwI&8T!kqC)EJINf+roDc^h^e7&3Lr6zfjaJLG8yl;TEhUIC7`VKQoj$+ryW0vTPZ9+{TB9A>R(NU zgB9vK52qb{t2HyIWQKFKE4`F~+vTse*7K96nxQ2bnxA{=L?5|wH)dprj$1VEDKD6u z?%XVNlk2&tSj}>*{wA0=31MC@xQ-O^B0(j2lKvPeML+SJZ}A$-Ae-vOa8-nV&z49oK5Iv> z5Ara%eVw&RH6^|(BG%Rt4+QZKD-?+~L+;Tdgd?^~4dxdwlsricd%Hccc8dpPX9q zjSbeNV^(_?Y;j?m7ie{H?5rEhlIaLMt8eENwE(a4IA=$HKhsqXEx(EBDEd2hyGQHG zKE=L?S>v+2sU4!8X~o*7=quLB){Oa^oAgVc#WlUd<@8j~U-?$4)wnQOR#;|sf8hpV zJ=|o^dE+XLhD^Q>Mfv*r5=6%Q)YPD4)`a`ilIK3U|8DYY*+cNpEd^Q4R@>sxcl{VF zO!*kYAMtq$6dbiN5sfZm@$Y!pd(a8GA1L&jcdTGAy`26w9;@0=vo~RdabSP%iVS_ z-2N)q{AzEnyBl6^b}qX+Tb=F8XWP5oXWQ+~XPsx8n=MJ8-;Y;b?zFv^V0G&zMVE~J zRWRvZiTD3!?Z-{;&p-cZeeEY-e)~`Rt4Hq-y#F0||M(=SC%25ifZ*8{D|karb$P>0lH}zS^@nbvb?vw4YC=!ymp-7da?6`Hm` zAItKU@>FFZ^gi4CnD4`XoBH7@hP@Cze}^G-_G4>5yS`^TlH!izKC*c_UA*E-kJ5e= z`@hri;7q+Rsrce%^#0j_Z6~;~_sIHS`V4^j=Cf}m_-jfo4*AyU(K+m({YkdP1?Zr> zF7UXzVaKK$)B*kM^Pslu;=1BzoMLE=7l_ly6RlAiC9V_5*s^E(Lub)lqEEr@wjX&> z-!o|4f#^RU!&|i;mjCUm=agki2aOe|>zb*B7uTimcj~+IcIeephdy+NCU}{FL?P(0 zbLoy^KfPhS3L3m7qak{~k)EXnEEzVlA`4$5F$zaTmsR%I%jzCe*2i&;vyI6JwY-6! zAT4%&FyfVQ4w#%uLZ1UUng&(_es27xGURG7?u6u{V$_pXkDS?(T0d^G4~v}JI>E5N zn2k%_l(4FXoxo62cya8-Sfl0{EyKFv%Qjx1A?WdwT9VI!&pUW5>tuDvU`1&jCWqsT zZU+A>gF$8+0W0{6=8L~J*IMG*xnZ*h>3*!qeeERVXA0^XN8ZSV_oFcNgDeBkYVPm_ zk>c?dl2Pz&iR-@a_Ve2)PDuA5l`GZtKky2UU^jfD81^a`csrV_5j8uQJ`#4 z@!AWTYIN)CfDY#LJ#C_lHWFrB2{W%BivNLzp$=gb@KsbttV2Cy+{LS-h)6dYq4ydY z#}SHr-(1lB)>sarE2!voU-ATZ9T54W-q(p3_@O@-g;l-r%{P`RMP{0bQP;xtXakw` zKQ^w&u440>5C7kvzkc)QpI@zujRHKTwTN+jX)43J>-n$M`9IFb)TgT6%wYg9<^IQu z@%x`IUOxH%e3Zo)lNd|`-8REWg!N&7Q}pc+KHT@asTmJoj7JuRte<3s zG?T2I;`Ig1jaOl1Yn>jc1prn#Cm~;=%tInwy39DN1z9vMg!N8WDEJbcq>lg; zmm4coGDpSd?r{7LJ$`6VO$!K z)Z>{MVyWj|DMxvw$LrnXHGXhitjD9Um0$ox{kMA2__JV(PLa9tF#vxa`{C#l`>s!l zjXdhAc?vQa3&>IDKd=IB88Z+vkoBmVO6ao#roPrTX{icw(H}|X+n?l{1VNgs-NkAb zTUl+lT>LxlLgj;px(cOyw0V*}C-$_Y24IHTJx4Zw$-86hUjYy4QJ^;%PNrpRslrVo zZ(cRq#+q{8dUe~&Ev+V$g@wzm|1Mg7yKAzM|C}zYh;v(iPPPAh{_^|s{ofZmPxhY= zlOBuwr^P=T<7Fv=buege*j_2-~4TnJq|?5W!z z1KcJaenQtJBu4IK7gQR!ALgqWxH0}Szq%p>Ubet1se8~_#$#^gp7Eq`c}KCz0ww$o z-Tuh^!H*TsZi5KmMmQ$+#BRMl%@MGgcz5bYByhj|$X~!BI+l`sHzI{|831>V;tLrM z6yS|z>dOhecZZJ4`V1#KvQL^V_tJx99D$iZG7{ z_7a=uL@2~y4bVBeJH=(%*gWc^lB_2;%UQFlan5kqEKbI((4HW-8ToJ+`<%hw%X|jC z`EMD%#Ks3hxkg_xgWFTlYuKS!1v?u1uragtszTY!vf`OJHpgX`LJO;Ve`x`Ge`7DT zxUIjzm!|FfKezhV)c>CywhrDLHV59KzcEq&|ML59pO@pm?tc67<;y4i|3jqz`M(;C z23kHg*ay%lkB9UBeJmP{zpt%56F>T>&hf?2aX+Hl95#p4xz^T<5*zC8WK$ht;sLQx zk=ytvvk^;nw(kTK^BY5mijQG*&32aX*5{+Q8!{H8Xl-cg)gyZf(b_*cXy8f?*}`-S z&pEXn7M2G=JVYgHvPGdU;UA2(2>+z9-|LZoaUjY8&Cy$t3!+nux6;-=V88(i%oufz z=KZ>%JS|^eUpMo)(v0HX=Gxjt?09nE#2 z6uCZtqn&X!cAFk~z(fAq;kK$%#T+{%yS8>5MP&7tMpRj25Ya&|niyjB{%>&+--r+I z-w>)7PWbysw1&|8F4umaE&8~d(3z6@DtS|qXd?&$LLxV}vdG#pc6}Iok}V#!J%AqM z%0iG~I8wHb#QL-yB)W>~z*>O!lZI#k`Jp^oN|{HQrQAkaoa|)|&!%ye z94&g_1GyuV`~wA9XHx(#LeEivr9L_TfOd&_e(bB+0@&C(rv8syvp z#;MDeocl~4qm?iq3HRhF`Wk~>Q{tnK#kGd%TL$f({|b+Yz>DS&%^m!8`W{CiyD9@* z)gq(kRf*YFQVK;U%b6GWRXrAbvpi05`iLwclhX*sPqKpVb?R zhIWB`oBE(#`bb+xdCiVEk?IX_0LGVFow-Ct61k_{rof>nKRK{a$t{hw>+oWx#?Tg0 z%j%13N3mY7surW_%DyTrQSBzqab6^d_0VWb%%w>g*cpRI&pTCDy@_`VM*g(ge>inw z=vy3)vUem-L{pOnsfB4NedxF9r z;~-HZBvDI4n??|Rs!e0Hc%um0ZPG*wOveur%=!#X0GO5IT#{H>%uj)|lCe4NQ23!l zro;#12}NmcV^#AN5-WkhfAWc9xXVB|q1%xm7}?s{9rLydA+o_n>lv6LMPr=JrZ~?k zrRoA}olG!j2yzB;#gwi4WJVT5j>k1l>C;I+8U-G9i8A=f201chzw5i~v>9U@(ZnA( zA0>wwBcUUK?>UJt<1M3wd3cCIYfdqoNvhhEXzP8ntb<)R-gpF_p2)OZtep)j$91FF zQ@qymyEHFT4wI55O|h?U93)ad#Nqsb%;YlOg?k*Xs0~LTr-cQMFm6?p`vgdb!L#Gt zm(VjmN7oqlc&jJ`7=54yu`a8@0bo5pap4(BT5Q`oaBlc=0EK~~o*M5bTu1tolX08B z)5vgY7!t&0lc(f|vxphZ`*U$L7>sC$!$9vDoD{#&yc(bcrNp9bmZusdPc;mAs-fhm z?SwC$18;|c7DLOD?bq)>^d`m!>qF=@V*YXiKW0>|LE*_-&V@0E+MD7O(NThsy`pnYAT%0! z=wLmIOP);)azEM3S2T+3r#Y!lRJS=&pC;{; zro*xk4cAPdlT0D|RFMm4yXgp*{wtEKVQ9d_PBOv8G_59kUG6+TG;7w(fQyU$UG7S% zT#D?_2yld5GqEGokbg(>FR#5JnyHz_+%|$NH~LCvwpY}Xk+vOFeZ8UEQvBeiK)p11 z*=caT!D{m|0gFl7kTIZ#wo#lh=ooQ3#!Bb!3?izv#|N!b*eJt)v+ai(a>}eY8!x;m zz0s}6z7YV=Yqm{s66P+fv@S+SB$a|**0`&?5zZJ|Q1T+Vuw%%dG+@wX4VG4}4Slgt zS+jOc+;n~O4OK|h9;MVnE@~EQiUSs+X;ikmzYFd`Z5=BJa+Qpt_-Ii*F-W5>Dx*z`se_Z+ys+MQVV)c1hsn8z z*TvjJCrLoC@oLK?K@@!)4U0A6XLV)5B)LQ_G+l~-Kj}meuSp~s6@Er4BG?^+C>2HN zR+t2?XQE6|uCg+TbYfS<+pGI@8YCdn{pQLz&B|RIpR1drFpc<*w!jR;^H2gR(podN zf4uF*gQ7Ka(7am5n^Ws+dMLbF$Gz?~c5&icT{2j$T{hIpl z)w&zL!ppuPy{^wXyneM#`Sdf@L9f=M(JMl{5q+FMqrP)qtz$3zo4Y~fCa_oOW&-VoyXX1&S%*3{BPBckwoJ?%nwr$(CZR^JN zjXBZ0e7^6u-utglpQ>Kfy{fuu*EzNK_jxiVfJAU-{R3j+P5_4;iJs+ef>_ep+?MS; z;L>RJ_ei*Xi^y>U2jx z<4ywg^ptwQ@DBKu$Ee0_#46${R0OUW=*g2$)euqMb5_kO2%y2oaaM!%S$4|C@J0qj zyyqPLU|6Pm>w^zM*4`uIoSceAh;0KGQ{IY7g%*9Mrv2fuHd1ZoCcd-Ikg_zG~Pa?puEtj9rp?kEqEFK zT6hR;BjCoOyH#QYeZ(B*Q_MRp6DA{}U?H&%X5faU{)=Q7@7%l4KlKm3)U&E1z9aiq z+Z{7U#RIUvtAhcEgQHyce%h|W-cfPkg9%;e&o>-K@3l&auB;?ue4mqdy!XNdF5J}7 zd=V_tanHreQT(!fs+SBMZF_eN-|s*WZI*R#Jy}hq4o+n`7}NogTBV;8KkU&RP@mTl zPp>;1pKO)DLt@;G`zs%n5Gg-i2zV;~?HRTsPkWr$vAX;(rJmWg&)<)ooL(S?S0oPH zkp_ITD!i9B&vuO?^4wI7ORIY^c|L%i__AK!7JY}Tx=85q5s3-D42q^&Iw~5(27~tB%%;{( zdzk)p)&xaM{fIjRA67MAQ`!1SWtzS?_WqkJE?C+2bxKVJnepW!u4GC z8SIea9Kdm`R^nt!m2Ibcg|8gin9hV}`@l)iZ|QwJ z+<^gga69!+4hZ>(grWANcK(4?xGE#7xLEZ1>Cn3Tav2#1o^0+;oB_bb?3d)Q*!{k6cWmmFzjuK*(UyldIAnFiHn>Qzx$@p4hEa+7_Zl(B` zw8IbogGb?d*tGepBi|}i@vHR?Klm4J|9hgc%rCbWpscoPa+#Z3^V2H4`X^7!GO)0@ zf{1GMtYse+i%ne|aO1UP-sXY0nL@;`27U5o;9iEco+e1(IrI*mn%xwOF1F_AM7HjD zqcYAX$L&=j-mEIR#x(>^i#{-~Ea?YoaYRl@ zFieqQMvvEhS1=kf4MbWu?ub!UyULq{Ptx?b6{T|H&pCwP{2s9*bM)n6GVei}oc&mK zo!hMv@9h&T_et)i06&M_SUA0!S>Dg1+pZ&m^`uk>w`{nb>Pha;We0h@R7o!!>=>9n zs_9{TB>&~1pUqCc018^`S=5eHNts)?9gqMuu=}`6 z*VoLyLBuv<)=Kc4{e8?wUiq6+e22}7C;Cmf;ehGRZq&z(5fT@FrC#j;U(Vx? zZDb!M7`QlCL~gMMK}kwe;H=yPGv6wZ<&^M+A?_#2~Rzp@D96U&)d5@E$| z$GNx`d!`(L66P?^=;ogmVS^MJm4SP4Q>L?VIl!_W=MQ+rIms2OOo!2ER7kvw<8Rl>m@$Ri`T>oW=C@ETnCV2DQoX3BI{LK#4_ z)z|xhq<35r1~^ftY#6OEWleF2qSEwAFBIhz6zgZj@^{Q@C8U3{AniqwDy)Iqu-`H& zgaRvHt4MEUWFU{t1FJAN{yM-kM7l7?6|Hb23g9jWSr1Y)!{<8%f#xlsjYuKbKVzG;UGGEicIL z09??#O7y$~IGQ3!)RP!&u#~(WM|)RQf7JTcUhkpgDPV@={?p~ue7t@X{HH>>-@8l4 zSdjl?dqSRp&6SkY=$PQ2u$VOG?cE0UtSa`Lo46sl;Jl)h>f_JLX_RIAWm@CbfeQ#? zykN6n83dla)M~M!3zI@VfrL`6mS&QMyRqqXCsIB^T$q_?drPw<S};l}f#H_PR>oB*k^^2!ir7dD|u zx+jG53TaS8(w<@GVRf1U=Gq;{JesCYR-Xg8ti^d2Cx$iO;^u0^uQX+Pp7Qg)rnA?H z!phtv5ajz%-Dc1_RXOi{4&tzV&1g(!!V%3G;XI$-e#y#W#52UskVeXgkLgg2R=Lk% zCn;$}C2VyW?UO5TFJ z4BFZz@=Vjyx_3vi>%Y=2P&{I&rLr}7n5knovtN8>h;K9dsNn*O1(!PEB#?Fww1FiSuQUYE!Z7yY0%dsT{0awQp!BiPV_b<49I0WVQdh+g zrCZD9zv1!O7L=W#IN%W!IhTHU*V$rwUk5Xtn0UI!NHR1K`|%|Q)rfm+2#I|^E;bE+ zr;FERIpewOQHr!fv{7&3(r29S{$Q7Lc0yfDInMp}Uiw7yM-$eTEYtZ}H4C|;jR8Qy zyZ+MFS4rLH-KX(^bBC;^*@I0{qJW|u;O9ai{k~O3muqv6YIeZDiei*bmJHeau{2zNzvO>Uc3Oba+ag}y zy2Nlt0AzK-9}^f~LZ0-Hy-=MVsA6D5P^}AY`}b50sL0Y9N8C!9=jP($=iRi`As_<9 zSE=mWYlsb(vKdx@s_P9MAKz36b6YDMan%+a{jM0_EL_R zsh5rMCqCtas>Ew~EnR}D?HRt&tAidnq4$9mr~{YQECPT5?U`E7K<91S_%|+$@7QQr zE9&hFONgKji*}#(C%Q;TK4axrzGAvUnO-+Z=LQpbMM~~~d{IRi){)tBXKGR$!KT)= z#)4^hE_ysG-`5x$8%?h02fr81nLlr8vFCm)@K|fwQfKy4Y^hmhzzQ4lkdKlJq~{Ks z=c8Mc^N-^I${Siu!aOvlbgW}URQIBaa{AZwXlAu4*21aoj2W_Z^sDR zWQSQvqv>=myg@sbz|AR!57r~falGm&y5ArI=s5(J98~RZXbAL2U0MHxp3m=pfoK8a_opp=Ipng7az!G(e;q^{QNp{xJiB@> z@f{I4P1{V)D0VvZku1)kttLc4)jF$f)H}GaEp<~t)yeujjy|nSB*GVSvtoK+Vx;%R zsIGpDZDumE)|3h8#xkpJl@UOx;B=|vlA%9x*_QqoWXH*@af==QNeR8f8My{ri!tXUt*{nS3(Ti~tlh zPLhGMR$DPtOo!@`(%cz8hCnWB^fh=y?R^if$#(2{gW3ZU)`A*#?m`q?p5S?o*cr7J zYU^Zeq&MqY6Jkrkgl*Y8bCqbet?XTJ>FtO9ZF7Ce_)M8vt}@0ejE=dG%jLD8Ybkf; z=0D@oTSEQY$MtFfm16Jmm{h4Am{IfQ(+ngSvH29ViJ{(wZ{^h61(^Ysg7I2KG~%n@ zobEX{`duKJPM2V?aUh}P=zHRvDr;6&yJuca{6qBR@(Uae-YfXzPqa$slVh3fdw@oy z2y}CZAnNJ3sy7pV2|b1T5eALt>HS|_ISIxMSNMZryE@Z%DVfYS`65@3`?CAHk+Q8g zqINjiF%?j?89n9burw=84zT?6rmSQa?vA}7ann5Jc9m0CFD$n~w*|wtgr0DXDBcM} zlA@P!F?7Cl7N9H%Rma`u*NI8xpHg6&tV(f}5;M;FR`y|~VxGJf6*zxzdQKh8lye=7 z?}W@Ty!$(BiH1P-n-dnnRuv}lVBJKO(eO%D4YpUaW4GnDQ$gOW!aOyg%r{nZuXB7> zY7L<`Zn|e>{p)gG2vRGRGhW-_OtT<{csbYvv+MqT=7-=OsnI2eimep>KNrNV4GX2i zHan7?T}piBp2~crObFr89DmpC0;r(iPXmT=zAFHV+2Qgy_3=Hs0a@yD50(p|@kG%H z-VO!}9Ol`D7d3pLca9<}Jcn;Fh#bx4Cior32<3$d_X)q)qIXuAALu>-Bidxy;#*g4 zglZgH@-{c>J3)p0?#MmJx(k3Nc^2CZo)I|SRZ{K*g7q|hH9O##fcW$H4@B`9B5G8- z)S#RXcxF`9c5iK=4caMZu-ELTpw*)uW&@nuBvr`PboL_LvouJzZrM4D$VcvN%#hc6 zc>Kkw%N^wjG$FyZcD6bzY`w;_LR4kb0qc;Bg7VC#Ua?i&oCOeEo@8s+WydOAsk_fQ zV!`$-&8ef@m6kohV^gmV;g45yim7bS48Q6Qs8P#s(4tKYK`yMB@vv;wj~+S1Zt5~z z2^@k^s;p;JqFO4W+!pzLD0`0I&>KB^uJc{_dMX|CW&*U_>#eg|K2-Hq1|fh#H;c;( z;zPZ=O99mq4U5iLZxYbbIJCttNWH531)c}g(>Yd8oSU3ofbQEtP8R7b-QbmDK$#kw z7KHoo%yXi^E5S6w9bb0i8bud3=BUzgJ6<=#O{QU7xPsx@qoAruFDCY@u14x$S_GJ3 zEOL1maE_DfgJBdg?kuszXqKeuA8!n{baJeDpKovREr&8%`p0_d$o7iP>H7yHlhms)u zNcKPkLkNz z)rrkk63^++qTlKhSwtCFL|BPu1I4#+cbX1@D9~!S7qkv?qlPTkY$?KrZlgYwE(U^vMuF_n+l2!#tYJbY-|-Kz ztKD)zPzl<-QO(zA-J)ioO=={ZdGokx!ZVWhx5<(6+Lz-eFtiW>R-N@-$hmkqb zf*Kt2j383Uwt7c6^iF)~oiy}ST#ctI-5ajdMze#$+V^|Z8`cuujgNX7rXuv&A9@R2VkbqF-UqP^aO9%*sJI8SCj` z|FA_hnz?^e&Rx632jM%Gt?DGtTx0NHKEvJCNbWt|E`rh%to|ZFguB8~wl}q7zHx6F zsp8KNAH7h2b(4Q_oamjUKu$N}=khOALX)%1kCnr8Nbg0D44z2Y6>oId#T2%@U=23q z{LH!F8lFV8cpfA!7?Y-#kt+3!bxz~ei_&^QyZuae?^-p0{^M5tYP(dg7SkK!fR2X_ zezHJ(sG(zoW$(EFvyLIPNc%wp(%K?Q>rkKc*t5eALX>~j9GSBDlM|>G*twa&euMQ# z&%(C-Z43Ub2y*{|3XHJ&y||mfe|8U~l&EhHpV6$^UWV9N=P4r)E`!^%gr>d}V6^qh zoCh+n>*7qQR2urFt&xa3eYgM&oIDST6N75>{hW*Z`qI$-R-2s#4f)GAU)rUMAC z(Lo_ZAX={g2uhMEZT1I@@L-O;#^R0oI+JsEewVcZRi&vsEzJ!!3%a@CLPf6f(^qDz zdR{ZKo*?rWd(M9SGU?RDHSkt{7S=0HFHzN;UHZ4BUXgj+>L4P*(roBXJhgUqr$-Mp z&9$aC7oO!$GM$E<%Sq#`CDz-Bvz&RP4t8L=@Q)rSP)I#rKndYgAHzf!gcRHNoMH%5 znTCB#L!g`~wqch6VwcyY)(YEBTjmTyM3(`yKY9uWhI;|p5T+Z;K^b?0_D;d)Re^fM{WLEvzwYKd6+m+{t10Z zA^fk>uHLvJ#ke_vbIBIt*eQ+UnTSS{UadgS-26!@^>Vs_d>=CBw;ptYvA%YHb~^a( z2w`{H7%qIoPOw4*M~SCkfS;o~`j3Z#3F4=(FU|5qT8qUl_ng#FO=d;|F4Dg*Mb!H8K-?`2+YP`tS%5suNkOel2(J`mIXod(r)2% z#tBN!OKNFd!dpHu>!(#g0C^+nw#rVWe*BpC8$By%4n7YYZuztshv!uX6)GXp{-b_3 zwy&cPa`>ARm=ym#=0c*rw5#&KY;aMtL0Nd+V31mT6zS(|%C~H$bu`GG=)GJcu=L&3 zhxhqEvQYAyfpob`y|aH~r%T#|VwGP6pZLSL-O-l2guKVVU#mXOq$ zxIJ9U;r4kV1Ph2eXYFzbI?Dg=xFhvzu@|)%8iByr~8tzU?@&`0iXVVEzhMHT5$-QO% zWaNkH9|AyE0amBjf4QiO8++>S+BuCUp%1!ZS;BRd(Bv(2-VGax%lg={1Ax1l^9&8? zo=QANjlDP9qmQD_X$=dXqXE-M!rF+*bS%FuX$*t3BA0L*@Xp#qJdnyBti`3l;?@f9 zm>sl%lx>!d`kz#6pSTnT0gdd$5-5$?d0t8m9ZQx5zZdwkBnE z*|u7BTSDU6R1WNxyX*@INEP^ltIG6kL}yC%C|*?@Od0jp{!E_}sBhWPB7Bbge~w(W z_!&2Ag_dog*5(MCt|zeA@O*T{h>f!?3$<=x8o#NEl#wvqo;=dS={*bloblX5#r@>&U zok%`ydS2v~9)+Tj0##9ORE%IZz$BB+tTS%ZQQb8MJY`w!J(6oN!*{Z`C9!1r>fPZv>TaO`zo5i;EarR3@I3m?g`1 zZAdQ#Tl8tpUGciuq+sQMye4&Ccv~>LM?gMO3#}dVNr!Liyw%|c= z^6tBEMNL_|8quBbAc2X@h~E@jJfJXl#kxqkhXz8sScd6H!e=k>{-`S>P@5M_?q#2+ z%J|Hx$Vv$AsYM+nysLb`eAn34)EzmkK;*%ZHq3$?sn%#@>pmI2QKIp|QSdB$CmXyG z-$l<4J*Z+Zx?_;I62@pR%Qja z24WxffS5cPeUu#GGnE1Wg)d-zq%2o2fc8gc546UIjR{vG%OFM(YJR-vj5ZAZqAfyw zq3PnUlF=bVO_zMbW%=Ei<(}{*TKYRS6_;q@(NCC>wyUCKd>7#XeJGyS-||{~1i(An zD*AA?sDacZ0p_U;-wtmph`xoiCnQISaAXo7Wytqdz2kq0eTFuvp1ZbuATIS+AGiyc zD(!Wpw=54wNusW8M9ks=*WRkK2s^{;_y-hE0YLH|N*zzV++VFn?i73xA@2P;XF{ov zWf4Zfgjcf9jT~x+H3eD&G1{WF-|Yqf98WxQ*h8P1Gm7G=m(i{Kg895O$bE<5kb>co z1g1Bm@vEYZ2t}R0u=v~?Ix``F{)j6b0oJGx%qg7_SNJ&Qf%8H^g~E~}8=|s@+UDs?%eI*7qF=41_o$52!l+)mq}grl+Cz`*!o!!NAoeYkPdLcg^z7svkm@AB2BYlUFg6r zZTbbSv?uMhNpCoR4V9 zKf`@pU|>+5*xoqRjf|ZD2uvmTyuL*?rj*)8o!Io59+>3~sQsC%HacyaG=}4W&7H1; z)Gx&9(OQ>)qK(eQbb-Uy)}rQT?f8e|e6!+0lQ{Lq(|tKB8SeY~$w67+V$0tyc;3T^ za8%?b9Z{7er`!rY$K_>dzqv_UJwDr5{@MZL**1mC8)egtAi$ZEi*dphcly9gHD126 z)9k##Jf;S26M#opkL8=O9*?eHms-4T2K&q}R(;OEt@`Bd`kYDG43mA#(|^a3ly)L& zBTfc7N=${Gi0R^zM5~i zDw#lplo^`MTO6lk1yatN@y#GF{+~fcSGaogl?_0t_NWC0fn1KO8Mr9c%_X(B(_ntw zh`HZqTuPT^I#Eh)r2H`YFX@HX!kXP_My~QHvAj$EBUrFaOjl-%vLru8&!F2S&ZPoq z`?*X8kYSV{SgVcoVIrQWlG@GwnOkvS%+v4joKh=R6@oR!Buu>uOy3tSK6+X_1fcy0 za<+-(Z|#c-go?pbb-gw;mDq2=R(A%^pdqfFI)tYur{1LJ3d zl_@XPFlgq6+eSslOk>(C1;3q=;fLqNKmM*P0?WUQ$qkw5+u^{JZ3dDT&Nv;ixx}sA z8+N4H2O7@#p*oLGI1Y<8-3u&C9UvoBW#?oSzzc0rPR%;bRQ=krG`L5*P#-C_GXcFM zJtB>e)KHnsiGwt~$RgV($LLAbi^Y80=O#ZG>vJbs{g6FR%ZXh-uU%XekK1?+XXj`` zh<`i`TK4jPcDZb>oe7RQ=Qc&_aG=^4WN2`-JUqu|&(=^_C7Fyc)OXH?b%4#J<<4M{ z@yoGbT0t>z{C?0@c(zbtB(JoMg?SB`4Xy>!xyHLlX zt}ACrdx1@A6l>`AUaoXyL>566hm#3 zfz)9Ip*De3Y*hnOhQD(m(Kl3Lx7Hg?XMgEO)xb#V+a)4lAFQmxbo=r5@I;yM)^EW2 z&&x^HFV&!pooixJ)aGScTFRK(wNem_4Ml(K-Q^N#kl`c^$&cnhCPnj7*t??1CY@_e zUcewfvl3NGvo`g-Sv@2ILT=$N+&s3)hW>p~k=@0E%7LMEV%Fhgb~T47W*nKZ(qs+N z@O4kXduA%kZ*OB3BMqylg86Sm-;Rr*&8d-$MiwrM#=N1aZchnGc`h?u?JFZPhEP=V zsim;4pKZWO4}O!qy!|A)K9jNxu8OtTl~;LB%8$w(ygBdwK>7s?9<6sIt@&uGjVd;F zI~qlOTWI^rxCsU<;_Hwfnpr)+NL~%yA8ArO@2FsulhmwESTT+p;(5Q7^QONriQ>)^ zE-Eu16x~NpIG&AQ$$!w~9VS$U7N$YVAo`vJvAX+rV%n-2NjsJ+3+rR>*MqY#etV~T zywj-QsSdH0R1o--b>vx7u%o=1K2~#uPm;2Aw!>%?()d4~dEEgAvt78!qaPu*2j zf2Eq?HYEryQ`z^NxWA1(uM-UA*IgF9F91HV=Ts{0lqI?bAP`Mf6w8I3NE+Ny7`X#z z+qE!4$abYJ)OZL$%N&K%v3!X3%Zs1g7RS>F*_SxxsB=N5liSp@=4fxZVC|P4|Cs zt+z`SBO%lt>{h~+@WV0+n-30LaJ@{3n2+}-E`=}7+lA1(&Gb(<&`$K0rco@3nm0q| zj`bs))`&Ii1Y+kktp}(%-YgF)l6xZS`Yl)>=nnq(Q0`TkN_sbX*stcIPSBW}!6yN< zZZwg5Iuu(fb7FHZ=Y;#~%friP)X8e5m?K{i8qOn@l*C0+@L#(ix*g~&GtAO7z>hS9 z$*QQnisaG3B~*qVRVn7+J2n=mr?&+(Fcqqyk7?u~zSlU}ZVG)8h!b0X@T#@3R>zHx z^FWG{#_~2_Oa1sczc74e@C{>`Iucr+d7MaQ7vIP=2M7aa)aZNP#X;)7O;rdSY}6D& z9VN+$D5U3*wB4|i`MD-C)<`Zw8Pzh>=W6&ui7Q0$LeB5Y21N5mfBrE^`FQR4Y1l~3 za6gPJ^PT14|M_#YVVG-jtSC6D4HLS<&P&pvlm0_(7_M>%ILS4vPCP!lr9HngbP0|&zm_?bcA+LjOO?(= zeOZH;X{#C}wIbCA2agLWrWEZ9&V}F=WA>3|Au@G1$rVf%Q*{r4t-k(nj5o0&d@F$d z>Gku!FWrPHjt9+Jm_!9f3B93_r-fCW>>jjK^5$5IBAEXAaK?%%dgazdA5hnl((CYE zl=W(#+W=xQ#W@}_SX%OVEvrNUwFWiQKO3ri`4R8zL$j)2yuFja@;|H+7#z)k#F2=8 zN*k3t`?uSSnbs;q*;lEo@)WuuXy4Qa(mL&ybX|!V!?Hm6O%D_RvY6InfBzHksHJAx z-|u)mVJTK%018j%5kz5rhkf(_&!m-^BL!B%#N{BuOd+p@GBPMNeXa^N^rUKBSQD7y zvrsSN+bkrRqoM7UvOHZJw3w&RSqUgP`=s0#)0wU;ItTFFCr<9)CHfX~@&ybkP$@Ak zJK?4s&tEaq>ta6%VrgfX6i zIt~|ZNSr)V*@pF-Q7$|OEk!c=O{ktof9Du_g_bkhVcaUKN{I(6GHZVqI|G~56;ajn zZaCQu-$>p5c3epq_3NDw>?CLajtW2$l@c|P5;v`@TxHl66MGSxL_M1X%7Y+7W1MiWuj4Y;fqN~(>%^f!uO;+;S#!;#IQO+qS-U3 z^kM~C{V4&+@+)H5a&K9vdDe7F2! zFlFI-k!rrY0m?!0Vib=Juy!IX#n9iVcLRp ztu|SlYFrbWRBVXpctpl@2&LfWB8h?Vt-eTc!;d0YeAf-igy;*BrOW1GK^*;Dmsa)2 zD{1TpNf2qG*M(wJcA+wF^%k?U%9}ew77QewuH-fkPZl#~V9RLU#th&gvhGu<-R++` z>Y~P~ydw>@a;>KFtxYClDy~G2WWAs#E#|9?Wo7mDi>~5zR?%&mxhzF1XPtOOQKt3v zADI0hF_6MBp~2<3YS09qo$P0&60Rs0zfa-d?8k;E@?32XQN5E+)tVXIkGa%fqu&}Lkhs{8S3Wg1vr>Q0Z_Hj$?;0(k~j)_Q;W zFZgd=3)C<0CAjhgm`OIvKWa#0;-&Q2rzY~6*WfzLM2y~q1cYj8q!{;J%}Untv%V5* z7O->_KFAds8wnp+9t+XA@@WlOF#a3bf+14{g${$eVx17Znf{V=V+vw#z#p0l*Y>4r zlErXGNg7|jHj0;ueX3*s-xbl%(6Ygp^0kQj6Y**IFGgrX_G{ouERWH(DSFN}McO!D zp&zYi8DuBl5RY&R)9pHYF=<^IOvZD~W^|zlP>CcJqP(M(fYc&(wh5R0lq7kDpJ8O6 z9sCmfn=P8SeJZJ-KN$J#jCFN~tGoLgNO9o1>>te*x+uSSlQ0(SYTs!3IFb%>ZP+cJ z2Tv{&7K=5KmE%M!`ZLdYpl}n2=g|@9;Rk%%sRi@`%x|O zBF_IDr5*mn^XxV6Q3{7Slvj{n3n=VCqqyfb1*Cj5%OGj;U=GQq9|tDH{@M9+b05(F zV;|HoeA1lOiFn9D%9%1|j1Cj>LjI)u7t7AzL{3?v_+MxC-(+r@Ss?A}!~mS%$IZHJ ztY9u5&81Vy!K=(VBSU2qEBQ2~nx=>AII^u8p}5Swa5_*2f0&=kbSl;c0j-209iGDh z8=qRjE3b08j6Pv`^@^y}e#1+Vq}3Q&OI#_j4IVA9FrKSvLA}N(19Bos^82OJ44Hsm zaoqxdX@~20P{BT39ee2(#i{I9O4LkrCI4gss9R4%IQ(_faaGA|``kSfay8!jWC9i_ zbsu?QIz{{)B&HaCgD2y(F4eEm75@g5W4z@^A3{L5T)6)_;p_LvOio8BJg)ip^SdeU zN*%mNth6`s9}|T~#TtIkr(f@tAorqSM5kR89nQJJF)r#s(GZl# zHYvwZr7X+!&yqP)pDqVf?+Q!fUUW^SKSbqo>kTpEvy6>eo35&na>>E1{>7fW^wS~7 z5eZkE+dk-i_*Nj(Q^uvw?PP3rH}5qT@#q|rDyV*3O62oK7y=)+e>F@||K~P5yy{g& ziL+sr*ZHo~D(EV1BCGllEuU2M{7)kL(3E(V+9rm1$=H)59qvO%?#h4N)%L7~V*8O) zA^AOXFljJmsbiM%?po6U1vnE->31pq=BQ@yq_VbygS&>}32RonAL>wmKq+qW+gB~o zvkYrnS@Y*-c8ULaB9_F+=Qzqok)V4nhmvk3#j_%PS80>T2cc|6LQ4Z){8!_k9iBHb zV1I#aY}`<~V6S~{Cf9$xgLkUkW~rg^*{Kn+6y)?aTA<_*?VxGlx{H%U}%!m;x);%AOxf>|QZnDllB1n*xy1 z&HRq>2t<+01zKwBi=RBczsGGyhOzEi4@9k;SnPTi^Gw!D=9rw@!smW6l(%hK%sr6bT3!J0zV2>iE=~p(HVU@h+j8`*=l#*r`}fHB&*I&9?j>^dWpXyUx9hJ* zBR5E&NIRn9b>q&*uKv;36ZWXw&3F<1Y}LdLHX|PQ!gkSpk){Om{91gJ7cki+z(hNo zrnB(Xr@Bw`rVc*3A>z~3PTzS`KxjX?#ZhVi0jAOd*tl?rV-O86YwcnXwwU=)p+4YY zEx@@?xp7tT2Fm{*7KYMThyQ=kJp`=yHdqaTa^Kv0;!HVve+I@I-)^P|e=?Y!3UgeO z!dZoh@3K{ui2Qlt{j~>U_)33>UU2$ClAFL!n2WhJHNtk-~RkZZB6O&<^%8PuSBOuPF?j+ z-p@6jxYV+ouX^qSZEGiESW}zr=ck-EC~Y=h900$Y=$$`2}b*!4l z80dc&OInbhaGklY&Z8EA6%1p{SxrN%WY^)O4EOxzO(`!J7@Lg=vX#v(7AqOCrG6T- zsM9Qtd0@{v5YcOPP1SjI+bm0mKI=M4iJ{&+p>AX)<_ZUTy&hPn| z*-c?Ps3C_gc3Pr<>3N8MgQ+=tWfN($w@J=aZO>aHfol;uSHGLbo1zmwF$^JH0YxVopF z<#!~7ZhdJP_Xt~+a4j5oP_CP6GpvOAn*xY~hwxnqBV&I6|E~s`CO2`908cO1+v<_@ z#k79sjRQ-=Al0qC>rxFxws${~hTJU?{`;TsIDT(WAE#S@ekUP$bP*#YA)p3XV>Z;> zO8?O?mQH!8-?f&o3DYj8_uXdJJ|k|({KtH<8&2`5-6p5oCD!PXeCvx8T&p;9&To?J zrL!%;sN~C>I_2yzkR1jThwd&YUOb}mfB`;__bW4%dM!Knh_-Vvjz86guGFf>M2tf} z;Td=cD}!Eqi)UoY3h7ma<%hnWj0-M5&e}`3%Vt#iM>7u`~M;{<^x%?HwA7?-sdsfvtyJ>wJ-y3Y$2Uf_e3Nx@yW( zJEOCUgAdLxSLbiddpyccN!g6eu)tbhB_UL_v-l6e9^QAT4dmSHu58IMOjDo;za~ixK-+rXJp);64`IW* z(+sO6DEjf(Zf)eL3l*qchQ}rTVr_oQpQ|d&6db zK7PUB{*bq7&y43{f&7%A!aj@9ba5$xxB6zrGK`fc*5UJMcI>4DeU_#xG^)4Aj>;ek zj7|QSGXp&xf3)7F8TlA_-RtPy1HZaK^$s@uKejKiO0ZjQrG693HurxSY^vv*NVm}n z=h_|Kg$U#4E>hPnL~_4h_>wLHT@!hk|2YH_CsNr7jx&6}AXGpjPNi}X9IuJyyM*CW zIf0}0h`dccz@XS>ih(};29|(sH zaIc{uyPSbsR-=p8-be3`fb9Fp$zy(cwpt^y@bs?WJuKvasqhw5ZEgXb&~oB^P75$} zC|7u=Ai6nfuZVBr-ci=$R>N|sbW0i?pXsXcE5e7i^02x-*-PoV7*_gWgmoo^-Y$Dd ztlYpV#y}$dMoQkJKwr`0@T1d*N{&^bc}G>{8W<%RcPy0f>(76QMlp|NUBQ^BmnQ$) zfbK->_}YLTrL6Mq!!d`HSIJNV68Kn+874 z$Wb&r5dUrvC{E{){oXLhG?kCw0dJ?6j>S#U3z`FuBuLb2QTE~Gd~dlsOa)zS&-8nP zkN5Q^=TL+Gn{&N9Yd??wC2^=^ zjhAqeW!)U#6h@#Sgyu^6X*I=rur=I3JKS}$yG2fBo%T$&tpnj|zDRIk1SgGutTW!J z1}&0&{Qo*#*{^l!sjdYmtkYZxuXV}k{;$%11~ZxI(H0!uO>_vWRj1>&b&3x441X%1 z+OKH2#gpWk!LM`3963f=Xu)DbXZn8+y^8p9b%wasVkNoiP*%5WHFtR?*NKspMhZVl zX{4kpqv}Yb7NvoFRzg-Oy^a?@opAYryxEj&4GnUYMq^VCW32w)ZBIr zUo5JT50U_(zwQ3;eS1o-;%;$ef*y`FDRXpG`DOuO4y%#0!LSa=)pKz)$Lv;DshdOV z$vyoRiS|OUbaOgSbIfjyq#FPik@3;#l*06tbG(J_imVKduoIlkIH>x-(F2q=73n3= zSB$4QZZ>Ho6G^UMTHP+HF(zJc%5RZe_hI$|pgvDwHOYIh+`&3YehTpNGy0D}rCT%# zy$0}ke+dk&03jS2?J2pcken&(ORMA@!I*Sj##LJqNXN$^R!+D{sI8%Iuw~lV?43Ud#6gkX-f%#hsf)_nbQ}lWClSL%aSxPc= z+({(ZV*%wVyXzPObwf$#iJtFgk}rd1Bp!$B!E%~^ozzIe)Po03Fo_6idN~(HcDe5R zZa*7&d2n4Cl+t@3H#Lh+cSn-juk?>Klydzf2cBdsiNR256nk0VUEXweBq`v`RC&^H z(8C3kyLTtV(Kt!~#3U-uc)GuhR=~R|-G@6O*^j~~KAyZ-<~|3E+_`6q>|S!tf|f@j*Xi!^xSKu>jHW!{$&DSIR!Z+A!79K5&d!(n$-m*c({d#Lw7Xw~xO3G8c15BKMM31WS7Wa}g9^-=1#t&wcgNgaBW)tx~jpx8f17odK7akwYm5+Hcw#z3%l&>*^z9<-N!hY?VVlEg>r zNAx>NanYy>C{+6{X>Y%#Lqa@1fKPdRSe0x+_rdseP|+x3VoazA*A;>HJfN{Bn&QHw zofN2>M3oAJtBHer3k?Y+iUr}#cu2NHY@EJNHhCe2HI{mi+RA<1U_#K?Evy^%-+0qH zBR@zR(EpA%fHetv6W&}Q91&E=?~2S%Y7?OS=9^!fIE03M^9`N@rr1O$?-9NB>l03B zUMR2i%;WZ=s}&q(6byG5%PT(ureJiro}AZCqMDDwcpQy-tQVrmtj0`J9EF-GB`}WB zk_f}CQ$_mD6(UCubrrXS8fjE@Kg}o;)oXwR9yuRD=I?f4x8D>8SOd&k3qO4emYFMt z*H4m>Y=S7!<-NoQdLW+fe7F1SMn6r539KGHn7N})6I!vYCdM|;jBU!DY-9FK5?}_n zm-A!_y^yS}wSp9f8+K7}1C0^?YP~rYbgh_R;DDvRvasMo>r4*H<6>$a4$SPzN9Ede z-zQJF)KPjRrYg;`tTwvp%gq~S5IilI3t2F6@?H4DZ@ytrumkms)`m164AgDLS{h5a zJ#hRmdy#j;wn1wXogj+~m?-GDs~<%;A=cJ@@}b@XRyDv78}R&wHGP!A*7_PD@Fd8N zgt{`Tka3I-=}>o+GD-?MSc>vaAcssJXz@;qUlqL(jMuzzfMU{AwWlWbWC%N?U>hpX zNTY4Dcmv04gFevUX|~y6Z zG!4NzCHls{-cRhUtu;j3boj$;C`4Z=U62JSLJIOP@`*#4Yy5{Odl1Y^x6e3l$pB`I zdPoPHYFC5n`d~B=iT}GKvkF@JU|ocPpQ8WIWaOid>qr^cg zmk#uK+b}0_JZGpnm?jtwRh%q(u<{u;udA@>tE&1fjYr0;jrCKWEZV5n#$ z>@d{M8qvW6RhBC-BOSpEqm(&oa3eYZ@JHgKY|`fcu0kZl9Myzq%t4T6v%sX2reccJHi_|b&r^BS|obb#W(7{bLLR!*iuz1SYc{=h*mytn|-6C8zS zlH`M=4ZSLLta{~99Vq&E^CO0?9!BgiA4WgzWB?+Psz8v5GAERsY*NsO%RIb8&qJrs z%0OYWX&CBhls98-ZND$wk45gKznJkglrac)C>g`J9L3Ur`b90&=4{rr9P^P&V-41W zPgw8W@0y>G6X49JVjrSz*LTr;3He~mlOoC2r|awMX1=I4qqs*)*7ojq+atZ|H2W#6 zvBWXxk<7l7H{$ss8u6`a#LGoB;^nkPyeu?gmm5JM8?-~Wpd^%L&rtxxRhO5MORWAS zY7^0$jcCCr+hRJ5hZa77v6D2O$SY(7dOrH0xf#F#?|2@R#V|=Qh`Z9kVUrMN2RV_4 zDT=aTfWAPpks3=C13sbcijo8L1XSG15F3yaT*fkMomK~48sm8^a6#9(f)>G7E}huz z!{SV1+AKoC9&Sr$t+5yEitKGx^4x!rh7!>VAY(eW<6H;{gMVu|or;$pPWK zkq=KVk8MGiYUi<+)X7xix)HAiN5S80HZXJURD56RxP8?K9`x7~y`MYI*i+Yhz;E9; z!(z`JeoD#w0AJ@ll0VCf8ND&BZSGk8)QjqR=8*76;0yy*)f}&^Qf6tYahbwlAv01c zA&3_ly-q9cB}F*+`7cgz;M2hM>GwGcPh$@Xm=@ls!JIwD$)tLjA7t}r+920W<6=DA zi*0%1eA?%A0@+$=x~jkO49950T$;U9y@^>a+~GeY$XIv}C(*V+ld{0-HsSR?YPyQ= z(Zp4vD5~sb6k0}8di{=bCI``#gbf6)4-=PbXp*@6=Rf~hnrJ8iz%*kB8QNBIjy&bZ zn;B*=aiPu)538go%Bz~!Ia`}$A`SB(K)Uo+VVYHcVXL&3RFWBAa%$;OD+^b!j1|i_ z9>U;EW@uiKq|vex-Ew>Cs*+`>suy>;)^fT0)V{|HCC9&5Cd{7;%^gnZgS1D0u}d7i z>!9h4^wfA#;>t`FOiDtIQ8|+!SFFme-x&UtD^cZLfP6tJMO(|{K&nnfP`Nj>23U-i z${>ODbnAlEU9zP9O#IBc8$*uQ61kS(FA8rj`SB(1GA?&_Ku#wWdu|Eop)Gza^FyA~ z_xl@Kbqyrw3TR37?}5yO8f4muXZvU+=95m{iv(^0y7^AV+`qtg@$p7cSEDp|D8G{q zmjr1R>{YN6GD=9ymGyFSFF#k{m?&F$kg|^BejE+4Cs=2oL_KYW6OY1>)a2ofvXa09 z0JUXaTib1lw;fznSgT+j280ZWI$Y>#+!A}#V3kr=aH!II1??^0A`_=?&o5q|9YWd5 z)7JUAZk#-_2M zrP@E&#jQYmzWWv^deV(Nxmi`0_xq)446j_#2ymy^{FnuHYx>c)w$OW(e{L&=7QWK^ zj8fHLKQ%}`?EH#$R}R$^8}{e=Caa!zmC|39p)KrT!YC!97RbU*c^vtlh&J~ z%cD1~*N2+i*PDFmpqC$`VdFY%I^Ugiy8Bhd;5Q0Yu(n(V4;+6`B=COUD9gccQm6Oo zs}dp^+Nj3Q52{F8o(((wnR2k!Y*B!nn>ikRyqlvp#d>AJOtA1y8hS{xrc1JV{^Wxs${z0&#xmofPj!651-JVsDhTKh`qI^YXYn&gp}*w6CuTsXET=RmOn zKnc^?mxpGvxn_*6ogemgUheHaZ@&DSI6C?1tq`wX{TVQ#qm(*$Zh=HT*=a521>(=q8v~Y%|=DFsoTe%KG zov#)Zm?kHTT(T6Q&rVlnDqcCJ(ag?Z#}B!%&dtK?THdjZmM!Dsdv|AV_uJ<8&yDeo zC;xb{zcj+X`DX3;&hzJu9r)j_QS`;P;`N&g@nQE@@l)%fb-X8X2?>v_d1DF#N}UA- zO4o{ltBj}8JUF~)9U)OvaFOie`7xR4-;n-TId1ZQS7vDAGiP^qOIsQS(pA8KAbhlw>L5eF+p;|MipXa$z^rB``a zi+oO<)IP(dev~w#ZUcsUV;Dzxh_hMHf9o2m^C{>;@~zNSzf??PeOf>>lBXEHr&{jQ zL}s)6p)$)ag z&>(~zG#YyPc)CdQ`8Z7~`a+NjyD2{W4Cv(DiGA2i`n&YelPJ2+9F#mQB|kRs_&t#ds)#lv3FKo(=*@vxIdMS+8+L`-sZ{8_8W$^q_Olf z^V7y~>Izm33nf~YXhsKOAFjp7zq!QrGfkqw4>oC6bso{>%fTq6os70FBqh=y^3aIf zzu z+9yu?#Az!y?X1(|J{hezhUpZ-SYF$YhBvX_>!;$sT=?_9Q3?C4_%V(g54ch@*VwG< zXY0JlC*6R4CXPb4i34IA?L&bn;>{!9^PQO4nfjb*{Lz9r2LGrxTSBSk#PjA3bBlHL zYJKy+*RanA&JC$L_+STk11YNHC$#A0aOA*Jd~!UKsZJG%=Gwm$frwXmM_^<1a;|a- zCtX|n9~2hUp@&0NqyvwDvn1QcNBf5-=Z6ib=HJ)W-i2gxn<|?Au zcG!Sa+s(CeHJ|jy^>qPtN6v*7g}o7)$M^7}dZ=#skx4k6y@lQyc{Ej8va#kg|JPHx zV=^wBJG3^T^?!FMa-+uS<<%@5>|9%(V@4npq z{>A?iI}5HyWg4NE?Ekfcb=;klFOH&g()&`Q#6l~1f64Huxd;3mt=oE0e6uIC#XLMD zQ;K9y-12RG5?=R2lr$2MH-a_xEI^s|M0Tq(yV9uh0kZ+oumekK1OAGie_x=c$6-VJ z)}BUotiaw*6K@Tg-+1x2%5VHOwa$6Yz1{Dc-xjIvKxw^z?%~_yfogtjWlvq&t-7zeUAUPF#Zsq7o!8KEUL&KZr9|L^pPHZ6jB5dV zCX3(DX4so_fh-hw7f>iKExa>r(3MekMv`rZK8DdXeue`-0lVa@ge1$+rUiXD_Rvzd zDO&qS2Mx_tQ{GGRF#{dQO1~GP&xvG9{3imrXbWra%WL=z?5fuz6KXW)A~RGxz;vaD z=bz2BeuOCMZMkt7b_1~fgNO3K zS%nzILEf<18^&v617BSb#n0XCe)3v2v|!e~Y(C#z``k;}Q<@`SS_bBaG)z@fmvA(UsO}*?2AN`tK=?d8BIbTlD zTp4da72X?_>O@f>o%}P!nyJWw|6bSg{NL;BXolS86bqFBgk4xKG`-8HbNCu!1?$FG z4kFaou-_i-mZpPNBr0?U?YYM*VSto9{xi>!eOjxk>R>62trguhGWT6 zIc;A?YB`YgMzPjY?j~t&^ru`rbPZW^wq|SRP77-G)K0BvGM1UYxhm=m5uwY`XrW{( zIn-H{Z5K_Q9}ArqB?!3vk7!mHYxuhbjTD2V{cs_G^a;+u2~nqIUMa6_RpEKx_h4^W zY5+VZ7RGJREUZ9~x}8{7k>wg${+tHi;?~o7vAnmD^BFK+Gym0Mg>hg+9IY;1ZcNdEXB{>_=xLn)f?v%zS-HSc=rw#Po(?WU!Q_s z=G|x}+3ZX!)6cTvbt2<_=6XSYDhs?bpA?ssuIa8)r6R!`mc)s)P4>cL|ka**-7c%@=nvm{r^ck_hIBJUlVy7;H24Yac zVTMJ=Sb}Y)P1Wc&rc%C~AFxBj>C2V6W__pai}B%E<%8U|yRHVLqAagySq;e5N=D+b zvlw=ad76utcVRU1^jsY#T^D`c{b z7fle|W;$HNS>R;--;0+o$Ik!0|88gJN&oi{>5o6QzcH*fYz`mJPY?dtP$%$>BQkC4 z`Y_Q%>$J81Gubk%eY5@NpKEJKTwM8sJ#wLm1{OFMUJVd)w=efZo^36Qzo6};*tgYh zBiLAzDWo$TvK?P(lX0p{PL%=W+Ak6(N9Yo@RDAb>>^#w)$92%yBSE{%e`E$WiY8xV z!mE&EaiDMJ!Pb34d3HWHImf(o|8^+d%_cYUk3SmhPG089so#R;)oxSYUdM*e&Qvs1 ze%Q3g-$e60E8NY+zR0kt08VKv1mwcBE7t##H2#vT<25)p77nwc|9x;$##tM0mwo?DMOiWA5@^;FB)M{%`kR%Q^#c>LX|oK#yElj` zhT=n^Wsa~rAyz$9=R)mF!lI?`jiOLA?)em{Piq?G)ZZ9eYuNlmXWH<5HwCF3f1$7D z^=zi__tx3BasHTpZ;II)pan7ehG-8|i)m1S+MOGgw?b@a{VsW4&W&1Gl5UvlX)3ij zt=(h$js+o5L-)>D9FQ%II3i+a+TlF=MC9N@Rzvm_W)BxirZtrn3xxt^v+-wuo0;NZ zt{w?f(AmUqlV7}b@zr!lGLGw1tNW)RksZ;P;!Uw%On)Eb2uPPH$QZMfsT5K&fvP%t ztza?{4D-ax4v_5NW(GjAuT)EXFgjo>W=#Zoy#SK&{W-o?PrDY;*OKqwWJkw*-DE0{ z<7_80j;5l6-aA29A~g-jdA@A(omxT`f}?%!7+a0(Di50AS%@NI=SKgKH-#>PDKs0@ zwzy6o4m^mULPcoU%{hvZnv|MY}symj?eAAS1l{u+VMjx*`3Mm>~Uy` zwm7Cpg{18E-1L9HC_G321W1sgWIGYFJ8hA86o5j#P^gkYtP=+_ZI{Hp>adlDBo}iM zm+mTP1N^=m)JWXrLzI;M`D&P>9A^ucwznCXVQ$(RK5r`W17?n*)R)gAqaCul? zfE;Ou@5X`cInmfD!pF?8gs!z;b*-sep>MZW1r};JrBmD*6LQ2aI!AT3CDoH7sBm=y z?p@<%Ya^}O1k5ZZiFGp0wAQ;6p6n1&qX_$TW5g3sY`fnkeXxSw#GbQ|ztq zxz4O~@@f7EQ_B+qys3>z0DljjreT4j#bRwNjiYX;j|rjIxetbles1+#onHzvpVPvM zCQC5SzM_d!#o@0qdrS^foF@qW@K%zO1RGn74++LBQ;OC)pv}@^rkCrhn`!4w(e1z7 zfkg#wo=k|Aq3h0flKboe#KsGO8&77Zk)iS&aZ~2o$$ZTw-PtCzxo~Onh$365%4o|H z`qYEJj-2tw7>_f#f~w(jwi!dbW{|HK!4)fkov$cUt!X*r6jr)5sbLlghG-?``G|v>ihEXF`@GV6&?4-z|5{rR_ z%uxw9B49xGOlQ5S%7IHtRfhUVaxN4)P3hJY%l})Ny*l7adUDgE4MyAZ`Xz?}3Y)o^%E* zJF3B!#;ShoMa)Eym8$Puf6|YVTMeR-0M*Cj*9>rqJt>O3T_Mo7V4a)^#Y89`CoXbA?6oD&1YX5y13hHLnErlGu&} zn0~i@Tfi0RZ{Muu1o5C79OaF7AklUUb)=ogF9rGrS3 zCx-&423yT<-_VRtt@hp#1Pg7ot>zrY&cI4siw3emfycdCCNY0PV2W2hDUEbimYWpZ z1j9pG9PLRKghg_BYo%d>$W;Ef)x5QKf_bb6+p-hS<~uDuE6e{_zyD6FD2j_kW$+{) z%3wB!AbOCr;nBwN+;EIqxX(%QTw6$Pix9{pxhLd)ux@SFE95>82mnZRL59t3a@t-5 zTO9jODZkir2)o3+)9r1sA57&0sp!m!r@=&E618+RkLLPDK~{v!1nJ90b_Spz#7(jq z|3E5fT9mF1#-yYytIXKtKm0G9)2rUdLjUwnIuPaW_#ZxS=A_E+c%cla`WHGfmiIlq z4Ug@JkUs)5k45NNE(?1L=`SEC<0SCk#x(a7T=&7D1tTYpF)9IHg}UXiMZby~HC8m$ z%LfHQDKv=f9L7s>C^6f83gmGz1wUF`LCipZA^B(MrDl>b=T}zzR}AQ{T%BJn8tNFw zhmBnj<)9f7(HJ=DgF6AIdy+^VCsq-%jDw&;s+_T8H_)VMwk|keX<~RF+r;v?F&GVa zQEK?H)8*7B_BsxNl1PAen9gny&6)No7%9RVdrUuMS1_&gqs0}(GpT{v%?!__8F7f= z0ey=}PPUu{5kte0wFrEOS_)yzAdN5jXVPRTpPTgEcd$@F=>7}sB=XL6B10(`JMw|? zgT#LUCW>dF2a zg}>T_quT48^KPdkf_GMm;$yo2!_B8ep4x6Fnc3>IH9R$+so|-1n#Q4*0jA=}6fKo7 z+5tZD0sCw5nYr{L*=k9Qwpca}b~;_9tB3X?D~t0bvBj(N*eYe%gMqJSU;@F}sbqmGL?zz;x0;=A=13vbhra zbVg~^A8|?>IUN*?gtL;t)!ySQ%$n8tXK;fjjWol49rM;hqnaE57UGH?PRM+m@ZUGl z!}xU7n8vy-foqmEv*Ypfv>4^Ma$2lQ2dP`GL)NV^>Y+)+A!Z^nnN92(NCI&;(^3l8 zc+Dh1@SzaRYYGT^W3uSk+QPz{gAt8Gd+uDiGY1TfNoC=+2|${5DnbPj=h6CM+h0(@&#i5bcL)8E?pH?%>ECeeX>@@I$kZ#4KD)-U^vy^QJ@FZ+?B+xrd zDKKw7rnQ>5yDZ!0xG~r8a|>uIesbl1(RHAiIJA`11PbK;_Cb43lK&45cMmr5|2m%a z%l~Ts4z+ur#s_3u)&>%}KPjRX`RnlyQD_7CfGJ}>v_u4XIfHOC7+h-j9Fi#bn-K|BdL<0E8+Wn%!ENUmcoQVY#TXUkZXc0 zOj@FrA%c46!~>OO1f$kGnAB%|N*uD2M$PR_iDhhAQ&ZacavPcsW{qM=F8`-4>dUHt zh5Fy#p~U~+@9%B+|5~2s)BiFzDAX#T{-Q-4THtb*FkX)!@#jg!FMktLBKnG`+GBf8 za?QIArm6{=ruAq;)SyUU_>PQU;_sU3c|&`#CdAs^*NSb5 zrtWL$W@9X#Ldy|Ccq$V^c zt!^4j@kX7W%UGM!G;g&3l$XFWloISA#AY$$xCsuh8gqaht=NYH$NsAv0FFfT$8JW-VY{@G3ZdZ2zI_f0(c7w zO2Nl-O2akpL_jqtPm1bBXu4IPVdgKL7Utj9vt@*S>f7mY;5nhp5xJN30MGYQC+zdU z3+|pqa|n2Z_Xu5sxg&>WLh7$y2QfH)Lg&yJ#V8c2~+5c!jmi{&(6 z3PXfs!N~%xp;%pbt?XN@C|Gn#tu$n4^DzQ_3hgmuY;%!d;-E>M@T;9yObMT1!^Ufc z>*BB>U9$eXqaK|!v49#8fnp=5uz~K0BBRtYpUEM4RSZy-{RcwExf4TN73C~)-^EJ( zL04M=eap;e5Q;JX`50t^Z$mb5A1$^mWew04R7TmR3DF&Y>|{>YqUr1lZj9?n@$WO*>5@a{*)nrR8wc~JCXVlre6mO?$~+-ln}xE)_dy#1k$Zq+;|Oc4X`?ky zif8FS&Xz*31&eU(L}KaWb*@<~t;{j`y==cMfTQo|n_$9}k0hx^E->MdZW< zf{@hXb`k8N@@rY&SwA~84j2v8VA;Sb9$e44BSDvGwo=z8Ih)6JH2t)0y2 zK+}q{Ci6(6XdZK~V1Mo0xc*KwmEJa;vGnG5;Wuh-ZsE{@B`BCI?nsuUD1<3UTy0VUI{K(Co9aWS!0B zBumTr6;e@qGYE1h{cEuRXa;NUTB5W2*5q0uHD8NsiIv&`xs9Ej=rU%A@7P^6Uc=`@k1>W5kGVa@XndPA*~junv_ zW*oOuGpIt_%S^Q6Kd5DlkNwN@&RPHZr1$aalSJ(?Fy!tN%`@MCK;B3!zqLKc_QYFj z3B8#(H;cQ1_1spIq7g;20s0A){h}PvUGVkxp#p%^q z@A{-)++DuJqv_H>?$Jt33Amq5I+vYd_>%FT*s*=$hIue4gpu#8&H|F(#58NXY8-H? zjI;+$I(k+9`hp38Odu3bSoRgFdllANfIlqBQV&7)qoUQm9&|>dpD%_d*FW`7d)nzN ziu6z7x|3M{I-`+2nYlg#j%aAgiBPGnTCi0R{}cwZW9frML(ijrht6&GYq4*A#KqHB zsFv{DJ5PBnC?>!V3yY?ub9#F5^L6iRaQRE_%p6nNRY#x6Qe2I4$dWo2+-pW-xCZxU z#^UVwOCa%c5xLh+?Orp&EJ^lCy)Km%G-tv=w)of?=~2X}mvW+pC`}{?AC9MP?2Kbb z1=pbW1#w#Yta})~zIF4YGnag44b$rR;~(}0r~NL@GkAS=aiX7xL?(_r`vHXFnGG?` zvckIzo1ru+K$6R81PZ~;(-pn8yi)eVL%BX0!;P{oN~0RcYa%w zkEdba2a5>O8M{bV4Q_8Ur#hKg9sP3N{XD!lzqlG*cQ4M)`j`2;%B*kGErc{j0Rp#feAEEF=K68uqj z*dJUHb;Jmj3_7Yd`IPRIf;wMo%b9!DSuJy3C_s!zf&6iub?~14jD8yrhxJTQyhWC@-g)QaY418yR4GC|!NszMAEd&Qkm%SW5Lt41I zpL+(BioiXdI%+1Dqx9gK+zG0Q^230;Jk>C=M%&1Mq@B`X@2CFX4JS2pZr!h?r}gS5 z;~t{LZG|2{H@rSMFNyk~7@nMG-%Whue*5Pq75a7kNv2=)ZsKbRgg#|DRJ>+vCoi`; z6r4Y98{-=u+soBCU`$Om?q%?Q)awkppRYTYmwJk&UdPA*YrwS~$D!&&2fcT17A5ux zfduKPmpRlk7nWPsL;Oqi=_m4KDU;53mP~~7JXTAt@>wkJUSh^!4IEN9=nz<#;vqqW zaH;EVfAG0CtPCuWL^$^cF4lGDQ}Ea@r(OU~w}%9#T;oK(cb#INXnOiv@0Vpd(rfN= za%wSIw&65%D#O;%OoO>c6Q2az5ZvKuWq2X4_mW0eI0&7%aUor~_=E+2BMr=k7F%9$ z2jYI7jZV{1_u~A#*9BWuvC5tF)eU^#8IxE6<+?lRk1F+e;zr}*PBV5$TKm-XodFSp z%)mVDpZ83KELAT{X_85UkYe&*fp0pum;JNee_foHz?r0j8sMGZVdOpy?o7NfK6S26 z`j-H{NlGYsa>y2j)BLA_lfn1WNa`-#fp&KI@-fpY=wg&ZnN~ zrWkv!;S!`n${-_YwR-@#0AtCa7gdzSl|M8C>7RAq&7gZV;T zWfpqO;)N^ac&)>BezWDwUq!BXirf7-gzo6p6Ea+HE3AP zDO%5?)-L+5E#0^^+|3eZuVf9Dnon53mCtE|znWU-oEnkxT+(>zJ~%#-juf=f<3H6& z9K}9sppF8hYVugaVAS-{69=;)kQ)NIA&`F{0y#ue?rJDxD157vL`uEZKqEz1)kLz6 z@u;a}D2?ZZkx2+Jqo$oY_b+}pT>^y|u(^F`hyxQQUQ(ZXjarpdI^qVtM=vFmaz5Pm`d$hQy&elj% zpGk>Fa|SvI#`jLxL>Lo3%>&nuS>4G^YqFCWiMc&01G3I2l?Ql}Sgb0;uc%(=z^-vt zD_kS7T){XiuTC9HBSLDlF3T=Ttt;XP**RzsCq*eYie3LMlgmRlR4#yml!rq<)UqM4 z@c&d>y;9Eo+*p)uA4b%Ux$##3*1*qTh4Ctg(0So|PlyAB3#Y;Wo*{O~CbCQ6>L`f8 zIF|^_?>^tyW^|$qeW;r(EPL+rg_Gk}cAh76vdp2LG!i*wFISRHJuSjDTo`YKwOT&z zicqs`{FNlB?8}S4QUuzcF#gJm2}QyYHg#I!>>_$3--#+>NgmzMCc@_HG_59;fm**U zobU+=5wRRSm&!BQT+61!EVTVQ$9e-h{735zLy_YT#$zRL0tp~TyKho7^8y$ z;7-5FYt7t@qK(1=mu{~|7gxh>@A_)kmsmsU(7~=wCf3N~?If?@A{Ft#giPQIBx!Yx9WSLU2q>e_diPy+ADM-wp$Ct@n~@{0h@*!A6F zWwWS4oSeHJGC(R=p8Ymz-q`d~s(|o$cbkom6ilersvMV;?JwuJl;i9&jpKPUE7QQE zcXi3IZ*pESQ&I4G{9Qy=u?~NioF11rtzfOL-`_>mbER{Ncsw70Q6-jX!5pKB2BAzO zHF3(5$MXiuh-jcO zByTFO=kllaW+(O)mr(+*`WhCU<(E3guef?j7z~%L=)~9{O+t0jf%+WjsE7G6wU%$1 ztsr-{R=@lpG+s@HNC4+uedRMdW0AN}94^{W%xe36#477!46<3cU3i{PmUz3|Hp_Jb z(6|63_#g~m=1knh?ASVUW5^r8Y_8sVu|9 zJI{7!s%fj}=a7_%$zXB&;#`m6RX)Sf0{SMMh(whMvcAU!DIk{|qeN1~V}>IC41QjQ z4!nSXlK2Q)1l6Plnb^mvc&1#X0 zn?sxi_-gE3{nMB9w$yHu0HU+hLhLY#5@@(?b78U?cV2K~dubu^TOm1e@cc!1c-MJG zes^eJJBj@TdyV|1>a*M4-90=wuy%KM+eh!)@Gm^<-@V=UhgSRG@csM!gQKH1`o7nG ze|Yd0YqxTbC7uPG{QYGYU~K1=3xgoe`z{U2sujr9J%AWHKWue_`BUiLO=Ih07}yhp zo_j9kg*V^6s zVF%&b7Tv~0;y=>x5aK0fE~W)Y{GV|C#8R-u^Ldr_A=p2w=pgVbn%iSa#)gOl*pbsZ zXRk%VmB$&$Hxd}u4kxKrNDo-?=X4*FTBjM7C@6&ojJnwKdFy_0*_o!Q3oX$O2-~{`$`3akHjy&)zrjUfV%jY8-plRs0lT>*7NaEvESazg9(-5YLt)C zMwRlSQXtAVUQ_XOX2;_xlSS1MDmS8fQZ~=Zo+ACfId$xbhbaFNhJYgb|Izzh zN&ny5+uh&j|Lb^OoBj_bDTb1NP#XZR7xS!D;X}#zU$RNf)Nzg#uG&6O5;7%UtY`!; zVI9b^4W!r*e20uI2qm5d!(MCahH$re)@zjA_hOu+I@J3FI^iykUKREE- z4J~^zL1>MnX=}c?L6bLiCf02b;?|&MWZyehaEt#AAXS1jNQFAwh4bL}){TQI;WnS% zqJMFW&>yYHg@a*uiQ6OH2B@$FZbk5CYNg_XQX*U~|CcT{RCNR>;Q#ISi06y^e}Dh|`wjnJ$McfT|1%3Nc%beS)l&Bg2;ld*>f95Tys$eV#8@oDo?K9 z#90Ohe{CgY8nV;yhAGs?6qu&=vUC7cXT;P1JoB8qzXrX43qWtU<+PmL&5ikh?!Qc&5Gi)AoTdFMkCC&0nIIFzYLwA1%eNH#O)Mad7>7x1~3<=2N* zQ{7<8^k5!=EOSAD_N%%{m$SXo`nN)my!D{20W}m6)(|WS!Emd~T_&o^{-PXbTattuhE3&>kw-BS||Iv~+zQw1A|F?G!ME>7CJlfye z@c(r@>*4>{-#VYKBb194bFgSQ6MW#BPy+NtEh`XNVCSKIgIIh!6#-b*6ncJ;F8~N; z``3B9>^1UKME@RK&$)xRLbtXTfhUm=3$s;7m2nrN=?21l1 zD`hKyO)?~17s(AwcT&g?1*7-ZVqnm8{(9{VbU;md`uG|JB+WUXv_$_5Zt%>JX4o&~ znP6^B;e0^UpE0gQ599iDdksWMgf(-7t5>^E2f3_vFX11WS)629I4f4>12J25)D(Kb zpT4p;CM%z6(1hbTF2=Hjm(lNQfTsqa23Jn0SQ6!o;S&xM-10ShAXLNEN zX8p*?0Gy}z4Z*u{KjI$5t-8W?z+{~cR7XOSMs1?WX|cOa)k8(C-N-P-w^qErZZ&bm zldcsHlw%w$+BjPJC3>#7u(IlLBXw`su`S!S9)gWGn83nRa_ z|DB*np{^*PipGGOSxUEg;wWX`{%T4ak1w#e!6-0l-+yabaM#*z*lN;h=v|h=S5+HT zt5m^ohb#9)kq5QQ80e8)2fHcr2miev{n?4BaM}G73RAGL?(niG!BsA||J;sjK7P{$#4-WJ3 zJ4r)$PHX<$tl`eD`9KlDUx`fd3yS#=-OL%|n&8^wIAz$L{F8;uM;ADuVW6{dxFkI! z!7)hj9jVD%ie`Aj%4IKVAlzy;llze!N22{h2P9|jtI=jH%kI68$GhM*mKB3|7G#UM z?D~oyQJVxOOu7!Xm)mlK09I5m|LT=)dnyM~;C02L$`m+Ln>XI{E(cm1+0aAZa3pbJ ziF7sjqQA<$N4y1AUp8J=uJ}}Z)=QCj1W$ER0F`LKv57yHrj3|Kb*N}nHf)PB5^|Qq z(JRiVVDRHAF1JOP132vsH9zA4=7N~j7s@5eGfBI`MwkRniW`A)41m2zK~T7u9;Am1k% z#nA-Wi|C@1(yPqmkgW*N;V76NxM8g1HlP~l{lMZ58)UrwC7G+|bi)rcw}ad__*^95 zGbEtQMZsZ9QPLrwHGk_!vKS-(FIQ-3$^-@$Gvn3Y2>>?*p6(6F3vOpy|mCPv`kch`>oX0ZD{{^ishZS(CLF@;|~(lf2;t=R@XqGg?x)h6~2S z(1M#Aa4^-O1?PtOkOEe&1(4ATg}dghU3OC|Ss z(B4)!?3r8aw_}?7Odk-uL_``J3Bn%1lUa_)8D?Byp>5Sl1^gYGjY>C!Jq zyAEPPC<9orFuFcV4H z%jpS~O6cXfUV@e5-M`#Q`pvo?*#b&;-cZtq@~jXm6ql}<0M7sIke11~oW?#? zYYXnSl-*Dkoz?M@kGMLBPY|98FQYFCQI4=zmT-?wt&$gUt)Pq^sF*lgZAcHH;9L`i2DsFn zH4LY|XfzdIdauU7wAIxT4o5yPa_+Fy(Ee|3=}KVa?%~7B(x1^SWq7@_*Q&_`qpj`K z$c4(rtp}OjHa>6>nT6W&wxZ-Vv_7G17e>C|xDqzUfTBKht|@SN(jFgkSFBqM#`8FM zu8RIXOHNg~XF6`!Kx>;qdy=)g+*Wuq$Z`y|2p0NCmZd2;Ylc21?g*klhk!vPtm?Oi zJT|-!9~S=h&vL)D1x4!4yYj?1>8Lr2>F~@-cVqt{Q#)ItOiiQse*g;x zqnCC{dO%LfxJ~STC9EiYzb}!Btbe)Zxjb_ugMG_QV5WqsJPFDU8zBzcW%| zFsF46cuQO#)FkoWDc9H|I}}z~Qd$^Z zP$aSVbAMnzN2|5)M;rR-0rzA1QH@hh+0mUULitmHnm~v)QJwo&Pa~s}l*Fsbb=UoE zlRHD|_p=Bkhu!>LXvE^(1)Ea*G+CZ6-dG7VyryQ?4}<$90(5x`oar_+{TfQ0;g?Hq z`e8e-eBiLeolVjDP9JAG4$;!z_X)u<@&!JspC(xePu=sH2n=AZ+uqsB)|}}XA)ores5<@3 z;vXkNvwJyyQ~CFiN8V>Sn5m?#(`;rRRdM#bp=ApQP!#EjNfROkc;7A7qr{W&1VH4Q z;wkghxoUnaPRY>*^7%)(5XT-X9Qrf!4}?p+L|u?)}wqSDReJ?(_+Wo8VM3~f_ zm9$ki6K*USJq z>X(}N|EKZw3!O>k-%{hC3biVGAMJmtPF(coU<;xv&qu2*tm8KrTcdy(<5GUG@ za$k^SyY)Swr9wp%V29oKlWOPv5^KxRK_B$RV`(fkspn5y{7p}0Ot)uHf9##go7WV7js7>)O)NUTUvw(WGYZSA zNXen{uxdJU_3aHGhl*3q02NGF@;`+_64N)4{=C5yT;6g-U+K`Eu(XUvU|D#0#m}wc ztUZC0j%Y@z|9LCi)QUy37;buaazor!$t;1w2|ml%N^ z7pwn40po6sr%%=R9n)2C{l?%aVZNOL9(X)qq%635Gi~E|D1a<9=%0z=84y;5s*U&B zFBHK0VMB-dt8gQntwj^_mC~|XXBNAmz0q;9QrlZj+Y6mbKE5nz%!5jdz3~`sv(%#< zt~?Ugl$1h@K%pXDeSST{a0RCd(TH9h8vB7~Uc|Uzd|h*oM>g*EPJF z>9xsu;O|PsHumDHtKy4GCRDUey*6&`?)3I>Fu1(BYKh%y-PQM4?G1ekmHMB(eoIhP z=+o$uaohE_@i%%z?*&-YWtWp7%8=)Fv50mvSbGQb;|2g(chle#qr-h+^%V!|5ke(^ zxVlHkPMdJ1G317{Aq0sah%a$@*}~!O>8PB~?S0Jh(U6P$a7E;M4cm!}&{KwY^=37( z+bri+!O+4BL$i3$emOpQLo*DaG=8SIZT}Io41f#`YdWuMSWb=7hUO19!wvaYwx7Ta z35#0$Pqyb&7V~{sR3Ns(G|3P$5MQU5%h5{w*b*HINRDiiE>93i^*sCKq$%eVgXWp+Du|IH9-1eH-coKBWG0YU~w!sqQt< z$@mQU4mxQag^WnrA(#_kbkh`bRYOjPCWQA=9^S$3W30cNL94=1RmDpiA-Eyg)Q~h3 zLpE%z6c01s2PI0TW2Ytw|H=^Xo`4{Z#G|EK;6!S84+syBOl-jRMb5Z~kGa!aYo~0f zQR>{Y$Gu~Wzwl;(tI&~M-(@H>^StwWUhnTB>!3U>XtU!-%XS}P|tXJCp z>f@Mn=U6NADaoo;s)CcP-pcu&|Mu~?B_}qnD!ih@=wGC72WP-(+Sfs`zpgxD!v3GV zUpa>94Cs9s_|YBx*&A~_lLri>j5NF>o`dSM9^@BW2&Okip#HOImcc#hy=+8G1Dlh8 zs?HDkUwJ&Nj5w=sX}v)ElGt`JA^H)=$OTnK|5}TDvGLzDZZqu9(M(L>aUGH(kWPXi zg;vX6Z&N!K%reBtJqeW1N+}Y! zpyQD@Pr{RA$l92)--HwsP{uBr&HJZ19DN*c?fMCc;>G^DZgXqQ?<;GQ196{`MSbj{ z4fT~C-AzA(WasK8vv8LNNRKCJ^4VN3tIyV+p%aKG&qF1zbU%kAwnh4xxl;zQxIG*O zW`|d*KGu!TpUhlUYJ>1S7_(}VSk6v`MAJt}x^mHH+D#EaB#wd5Qmh~L#DungfzA9( z^1vCkVb!3i*K#xs2Y??|8)Pka9SYXt#>g$5o|GMTwaii|W;@{+$!=|Rkv!G#WJvhp zka$|cCzz|?KN($+|0&D26-poue!#rpB#1*#a9U01v;!bFp2G|`if-I&m;gtC8m-Q}ptOjo5@X1%+V=qJ z9ULrz`9)gvv(9ftdFlHd2chTi7C+z_lOnB?Py6}TBu98MA1k}B6B?HmB<+IRSk6Vv zz}ILB>PWTFCidk`#m6|Y2{I_|<*2r+Ut02{-2{2%L?*Y`22`bjN$cT}?60y*iL1Fh z;6d4{LF-JG^K2FI$WA?Elrm^|&7KAo4Dcb)89bKa@?vl&1FbL-YSWbp%r2fGaR&Qk5hHy56zExD6Y&27c?hzuJ%zO92|vjppi*1(%zsxj&s@tN}XGSzVo4@u>L z-%?ECps};J*%OW3M1EI zl`N6ocoON51MpQ7_8B5Lws?3CrJA0zM!r_r>iYB_DwiY2Aq~RkTjb5=t7L9&&^OYV=kAK{@<90h5 z9N%%<5sx?mVqzERQThTvVK2JaKrM}V%!(5xBIpcfH+gVKDCiBJJJoN%A~Gza*^Hs*d}0@_oo|v{DWl!cn-6`ESJDH1z3?_x68xi!=gV@90pYOt z0{uk^{S~&Tf=-N+c2+wv&Ck!EfS9i_Nw9ean+kET4;YDpCgringZ-O2cn+73N8K#Keo&>$34}fUZ<81 z2slj|!C~+Ih4=FyBHCFE+Z)RZyWfV!({umCRD-s6Mg7$MNWVV&F&D9(h`UQC)B0bz z5kcDFD6GpOCodnmyb;8R`1`}TxWi1qZl;l}6&t#e(e_;D-Ep~(QbzRkNp*AZnB zcKzwcbgxUxnKK~AngpxEM9b&x1TNS^?TKH7eCDiAY|E8XsR_SCXKg}A8SIDl| zD69ghHFPI8TQ`bJ8r8d9M^Ce%5ZEDRr58QRwo(3uhe6(07qQV13ILM506 zRHodA@kHP%9wQw%*0W!i-!@{oTD9s6Dy|B>RjvP0R4e^b9L6DUgB^%1*c zMn2aK7k+gJCphJkC=-9TaVk}CyO>UY5{w_<%=;)O_l+S&_0MWH4^XsH+}7!2#V=pq zlT}<*jHxUyKN_1fBltFv>?3UPX9=_A{<0ftvoIg;>qP+nZPN6_H;$qj5uHdZtu0af zZu!Vp9V#_=ekk?@bcYtVU))H@@36yE)1yAS45b2wpDLCqQwcDkKJx=$K4AiDcE_A< z1G##+5Lq875QHk&W5a0$oNU;W#-Lt4_umq~J2M<8C}#c)0o<+}C1X%pIx!>-lYn=n zt*fenN-T%t9A~o$`y>(^iBmWw^FkY<0z^7O;>qI4WDb}sD6@@zrY=!eIdDPdpjV`1 zy(yo!JtL*!YM?<&hMCM&i518aM~Qh>?}Dk4Jr1-^5v|-9^E1dyzVQ){doZMku7${PyCg7Sam1CmcmE^@_s*jBaV2ZB-)h! zSElQ42%!4RyIzvi3L3@LrxA zoY^@1non(|+}8G=v&N!-_b?b;7(fK$3dC@16purZFPuBQ+1qPaSDW%Lkhy_+6VL9) zK%^G?6K;M_*cOCw8Am5NF%lUr*+9AQ*mJyrb%RO&w`Cm^tncc9wsRg8a~OI@zeT7# zxpI!PnScS^BF4m3C=gOJ#OPb+a{k9^P`Q(RKQXh|V7$kKL!^Fp#6kOxvOGLR*yvY! z4YVy+0Ml8Fw&ZKFfE)Ex_HD>%7@Dyy znEQD+$8)$E156ry<3$Hvaef)(<1p{`O}gI(<2N;v;vMd-iv^`N>`m8vjsK!+@TufO zpQ?(@3o2ZSN~HsYAUJ)Bqt@>a&ewm?n&@|guLT1*X2cCi_(vKWvDmU01fZ%e1Fpc+ zNoy*=!GdC0cD?+!A+E;JCa;Tg;gN@Pa;cPC$jA+EdLFwL*hXBIwR<~WPgO=i;;aUU z7h#15K$Pw$cD>d6=MZF~LVELYno$S_(;-CWN^JY#b?iQVy8EZDCRA9#bL?CCJF@rN zW#RP8HE&Mp8Sn`&K_E$x?bEo(NBQNTJ39>N%31+RWR%Y&xHpY z>G6qsBtxN?1OqVBVW5oR#M9;E`{Swb0I2oN3M`~{5a{PFln6v-1+jbn`nQwg#%~T5 zYkxVM?Fp>vcyL-6(wx4jxSEk{Irm&;)DOAqAYuD#zqe(ZxNBy}Z*zOdPk*xUCvXM@ zR#p$gooo^rwPnr&q?p2ULrVtK7hTAt8jTAD&FgngjcahQNTobOlgS+REj!GnpP`4& zlOH6hE1k~9J9_wx)`X4Dg%^*Y-c{77LqmY+z@D*pPlO2qLm)|QASvysP(s=qX9jO1 zjh+V};sc1l<&yUAT2b0suTYZBBzg^NRI`Rg~0O();0_Dxq9C=PFKSgTOFoL9w^tu6o{OLx4 zSJbCq4gIjPGC0JkbSPB`T*7>RVH$q#W!MH<6JLI9D6Bp9Bz@hMynQpK_1)GM7UT~* zVs|9}I;-0@%~Jk5bDb=Ufe;4?DKmGRA)~cmn84;80O1|PrnM^PdsK7ZX~JcH_wr20Nhw-F!SkO=fkEnOXCjH zjY(ZevQTqPM{?4xGpTXl3=^Ywp~gE$>TbFa$0Yoy zF{^PGhZ+!7!|hOHveuB1szp|pAR5UL@VXu2ns7<%Zo)joqdt9I_D^q@H5A+li}Eoy zT=Vo+kgij@xM^JB5sx0*AI8IP7Y!!G9N>H4E$njWkLmVucHqKGA-=ylUTC|Qu`|xu zlyIUnr#)O|F8#%L1X+Rhx4Q6&t2A`reYWBZfq5_%fP_Dvlk6J-)d6M>XM^A&<94wJ zeRHb@B6bdSJdbz0Z!|(-Qv+ivbOs1pEeJa9x%aL+@@3%TnfI>Xb?6G zgpA1*gp^2xFa*Y5fToJeBNGb4MV*6L#JAaA@4F9>+A*R&CNI#|X*FaXBp0!Pi7%ZkIQ@Ha#Bgr3 zIzLC7wHDhF?KZdi7{|&QWOF4%9uh1QdA$=Zvs&Rulm;gK;8`~*7FjayJpnR_6{Crr zI!tnotq>wgJL+q^uZ^b!?`X^wA}4tj3Z%50mrv*A&7O~DI)SeP}+vzc7sS$cu1CeB}^y{zH5~= zy;8qVtG6(&S#QCx@kP=8YNYZPE3&9!XTPJRz%q&FCTd5os6xAqR#U({VB=LR;)MHd z!T|_`-HRi2hvXmEQPhNIq^7nO)82X+mbvZ_io?l{4Lr`UMUM9*^>oMjc)9}ig)4M{ zAUc9QVG+E?d_FI)0)B(^D^ieDxFGw2;m|qy31*`WO`H&j7e8&g5mg2#5zN__l?nE~ zY|oxb_R5TenOrbsC7DaJ^}rZ$H<*W{C2Cu^{B~K$f_gkCy!2wTTfxPsY4I{Q$0l%=Me6sWnIhSmM`@=E>VbzU!0Dx9& zTr;+O_oa&qRIz_9-d0zJFh-fUZ>8d+>38CL7i!YwI<3} z>@Jn=DahDN1FQrf&TsKqT^0b>m*J2 zkhwFwkD+f!Zy1Q{MSSWGJXa@R6P|E_^s-`{iFlFiem~=zQzMOY))QUA7)BinU$l7O zK}GTnpprg7Bzo#a(Kw4Pi}>h4(wyw>!?W+C89B zqYfi%w0BGJb(m&@Kqzw}Vh)f^Yh6R>7ue2gVt62nGrAXA_;bIcIB3u?_61(HTkvEv zEq1mg6R3}Q(HD>l0(Nkrc1WDuEw_s?!Y%TWD-uw@F47C>gRCWA(=ybZ$_*9b9I%s< z!7@FATK~;HndZUKH<6uIy(?DY&XeqfiqmKS*5i;U2$DUp*N_{~$cd{xH)hK8^PLl1 zWBA^$7zn)?!r2bqc=kqo`Sj0BbFw)CG$x$!`VbnPRL>gCq2eiX@UE1%i1|9wR6D+s z$OoBHQX}q5>oluppAalNOT(1GugM4*))!GI9iiohyTR9k0;5P|r6?ft&GV|e+mmzV U=nuc=3=o>%Sq%cD1qS5*0n_~|0ssI2 literal 0 HcmV?d00001 diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index ae3f241..7adb01d 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -378,7 +378,7 @@ keycloak: "enabled": true, "clients": [] } - proxyheaders: forwarded + proxyHeaders: xforwarded ingress: enabled: true tls: true diff --git a/tests/chart_platform_integration_test.go b/tests/chart_platform_integration_test.go index 0cf8b3e..1f0b174 100644 --- a/tests/chart_platform_integration_test.go +++ b/tests/chart_platform_integration_test.go @@ -191,7 +191,7 @@ func (suite *PlatformChartIntegrationSuite) TestBasicDeployment() { suite.Require().Len(ingresses, 0) // Give everything time to settle - time.Sleep(30 * time.Second) + time.Sleep(60 * time.Second) // Run bats tests batsTestFile, err := filepath.Abs("bats/tutorial.bats") From 0a2d6dfd21d2c3683800eb21bb95b3c58226ce77 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Wed, 14 Aug 2024 12:48:51 -0400 Subject: [PATCH 75/77] feat: add ability to merge custom volumes and volumeMount templates --- charts/platform/README.md | 2 + charts/platform/templates/_helpers.tpl | 27 ++++++ charts/platform/templates/_volume.tpl | 64 ++++++++++++++ charts/platform/templates/config.yaml | 6 ++ charts/platform/templates/deployment.yaml | 52 +---------- charts/platform/values.yaml | 4 + tests/chart_platform_template_test.go | 98 +++++++++++++++++++++ tests/kubeconform/extra_volumes-values.yaml | 9 ++ tests/kubeconform/mode_all-values.yaml | 1 + tests/kubeconform/mode_combo-values.yaml | 1 + tests/kubeconform/mode_core-values.yaml | 1 + tests/kubeconform/mode_kas-values.yaml | 1 + tests/kubeconform/mode_test-values.yaml | 1 + tests/traefik.yaml | 27 ++++++ 14 files changed, 246 insertions(+), 48 deletions(-) create mode 100644 charts/platform/templates/_volume.tpl create mode 100644 tests/kubeconform/extra_volumes-values.yaml create mode 100644 tests/kubeconform/mode_all-values.yaml create mode 100644 tests/kubeconform/mode_combo-values.yaml create mode 100644 tests/kubeconform/mode_core-values.yaml create mode 100644 tests/kubeconform/mode_kas-values.yaml create mode 100644 tests/kubeconform/mode_test-values.yaml create mode 100644 tests/traefik.yaml diff --git a/charts/platform/README.md b/charts/platform/README.md index da7c4fc..a8af6c6 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -352,5 +352,7 @@ realms: | services.kas.config.keyring | list | `[{"alg":"ec:secp256r1","kid":"e1"},{"alg":"rsa:2048","kid":"r1"}]` | Default keys for clients to use | | services.kas.privateKeysSecret | string | `"kas-private-keys"` | KAS secret containing keys kas-private.pem , kas-cert.pem , kas-ec-private.pem , kas-ec-cert.pem | | tolerations | list | `[]` | Tolerations to apply to the pod (https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| volumeMountTemplate | string | `"platform.volumeMountsEmpty.tpl"` | Add ability for downstream chart to merge additional volumeMounts | | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. | +| volumeTemplate | string | `"platform.volumesEmpty.tpl"` | Add ability for downstream chart to merge additional volumes | | volumes | list | `[]` | Additional volumes on the output Deployment definition. | \ No newline at end of file diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl index 088f105..b689f66 100644 --- a/charts/platform/templates/_helpers.tpl +++ b/charts/platform/templates/_helpers.tpl @@ -79,4 +79,31 @@ Create the name of the service account to use {{- if and ( .Values.sdk_config.clientsecret) ( .Values.sdk_config.existingSecret.name) ( .Values.sdk_config.existingSecret.key)}} {{- fail "You cannot set both clientsecret and existingSecret in sdk_config." }} {{- end -}} +{{- end -}} + +{{- /* +platform.util.merge will merge two YAML templates and output the result. +This takes an array of three values: +- the top context +- the template name of the overrides (destination) +- the template name of the base (source) +*/ -}} +{{- define "platform.util.merge.list" -}} +{{- $top := first . -}} +{{- $filterKey := (index . 1) }} +{{- $overrides := fromYaml (include (index . 2) $top) | default (dict) -}} +{{- $tpl := fromYaml (include (index . 3) $top) | default (dict) -}} + +{{- $mergedList := index $tpl $filterKey | default (list) -}} + +{{- range $key, $values := $overrides -}} + {{- if kindIs "slice" $values }} + {{- range $key2, $value := $values }} + {{- $mergedList = append $mergedList $value -}} + {{- end }} + {{- end -}} +{{- end -}} + +{{- (dict $filterKey $mergedList) | toYaml }} + {{- end -}} \ No newline at end of file diff --git a/charts/platform/templates/_volume.tpl b/charts/platform/templates/_volume.tpl new file mode 100644 index 0000000..abe509f --- /dev/null +++ b/charts/platform/templates/_volume.tpl @@ -0,0 +1,64 @@ +{{ define "platform.volumesEmpty.tpl" }} +{{ end }} +{{ define "platform.volumes.tpl" }} +volumes: + - name: config + configMap: + name: {{ include "chart.fullname" . }} + {{- if or (contains .Values.mode "all") (contains .Values.mode "core") (contains .Values.mode "kas") }} + - name: kas-private-keys + secret: + secretName: {{ .Values.services.kas.privateKeysSecret }} + {{- if .Values.server.tls.enabled }} + {{- end }} + - name: tls + secret: + secretName: {{ .Values.server.tls.secret | default (printf "%s-tls" (include "chart.fullname" .)) }} + {{- end }} + {{- if or (and .Values.playground .Values.keycloak.ingress.enabled .Values.keycloak.ingress.tls) .Values.server.tls.additionalTrustedCerts }} + - name: trusted-certs + projected: + sources: + {{- if and .Values.playground .Values.keycloak.ingress.enabled .Values.keycloak.ingress.tls }} + - secret: + name: {{ .Values.keycloak.ingress.hostname }}-tls # If the fullnameOverride is set, this will break + optional: false + items: + - key: ca.crt + path: kc-ca.crt + {{- end -}} + {{- with .Values.server.tls.additionalTrustedCerts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{ end }} + + +{{ define "platform.volumeMountsEmpty.tpl" }} +{{ end }} + +{{ define "platform.volumeMounts.tpl" }} +volumeMounts: + - name: config + readOnly: true + mountPath: /etc/platform/config + {{- if or (contains .Values.mode "all") (contains .Values.mode "core") (contains .Values.mode "kas") }} + - name: kas-private-keys + readOnly: true + mountPath: /etc/platform/kas + {{- end }} + - name: trusted-certs + readOnly: true + mountPath: /etc/ssl/certs/platform + {{- if .Values.server.tls.enabled }} + - name: tls + readOnly: true + mountPath: /etc/platform/certs + {{- end -}} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/platform/templates/config.yaml b/charts/platform/templates/config.yaml index 2475500..0aa4026 100644 --- a/charts/platform/templates/config.yaml +++ b/charts/platform/templates/config.yaml @@ -22,12 +22,18 @@ data: clientsecret: {{ .Values.sdk_config.clientsecret | quote }} {{- end }} services: + {{- if or (contains .Values.mode "all") (contains .Values.mode "core") }} entityresolution: {{- .Values.services.entityresolution | toYaml | nindent 8 }} + {{- end }} + {{- if or (contains .Values.mode "all") (contains .Values.mode "core") (contains .Values.mode "kas") }} kas: {{- .Values.services.kas.config | toYaml | nindent 8 }} + {{- end }} + {{- if or (contains .Values.mode "all") (contains .Values.mode "core") }} authorization: {{- .Values.services.authorization | toYaml | nindent 8 }} + {{- end }} {{- with .Values.services.extraServices }} {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/platform/templates/deployment.yaml b/charts/platform/templates/deployment.yaml index a47fdb4..f9c0cd6 100644 --- a/charts/platform/templates/deployment.yaml +++ b/charts/platform/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{ $data := dict "Release" $.Release "Chart" $.Chart "Values" $.Values "Files" $.Files "Capabilities" .Capabilities }} apiVersion: apps/v1 kind: Deployment metadata: @@ -33,7 +34,8 @@ spec: {{- if .Values.hostAliases }} hostAliases: {{- toYaml .Values.hostAliases | nindent 8 }} - {{- end }} + {{- end -}} + {{ include "platform.util.merge.list" (list $data "volumes" .Values.volumeTemplate "platform.volumes.tpl" ) | nindent 6 }} containers: - name: {{ .Chart.Name }} args: @@ -62,24 +64,7 @@ spec: {{ end }} resources: {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: config - readOnly: true - mountPath: /etc/platform/config - - name: kas-private-keys - readOnly: true - mountPath: /etc/platform/kas - - name: trusted-certs - readOnly: true - mountPath: /etc/ssl/certs/platform - {{- if .Values.server.tls.enabled }} - - name: tls - readOnly: true - mountPath: /etc/platform/certs - {{- end -}} - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} + {{ include "platform.util.merge.list" (list $data "volumeMounts" .Values.volumeMountTemplate "platform.volumeMounts.tpl" ) | nindent 10}} env: - name: SSL_CERT_DIR value: '/etc/ssl/certs:/etc/ssl/certs/platform' @@ -102,35 +87,6 @@ spec: envFrom: {{- toYaml . | nindent 10 }} {{- end }} - volumes: - - name: config - configMap: - name: {{ include "chart.fullname" . }} - - name: kas-private-keys - secret: - secretName: {{ .Values.services.kas.privateKeysSecret }} - {{- if .Values.server.tls.enabled }} - - name: tls - secret: - secretName: {{ .Values.server.tls.secret | default (printf "%s-tls" (include "chart.fullname" .)) }} - {{- end }} - - name: trusted-certs - projected: - sources: - {{- if and .Values.playground .Values.keycloak.ingress.enabled .Values.keycloak.ingress.tls }} - - secret: - name: {{ .Values.keycloak.ingress.hostname }}-tls # If the fullnameOverride is set, this will break - optional: false - items: - - key: ca.crt - path: kc-ca.crt - {{- end -}} - {{- with .Values.server.tls.additionalTrustedCerts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 7adb01d..586a577 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -119,6 +119,8 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# -- Add ability for downstream chart to merge additional volumes +volumeTemplate: "platform.volumesEmpty.tpl" # -- Additional volumes on the output Deployment definition. volumes: [] # - name: foo @@ -126,6 +128,8 @@ volumes: [] # secretName: mysecret # optional: false +# -- Add ability for downstream chart to merge additional volumeMounts +volumeMountTemplate: "platform.volumeMountsEmpty.tpl" # -- Additional volumeMounts on the output Deployment definition. volumeMounts: [] # - name: foo diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index 920be91..722af65 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -72,3 +72,101 @@ func (suite *PlatformChartTemplateSuite) Test_SDK_Config_Set_Client_Secret_AND_E suite.Require().Error(err) suite.Require().ErrorContains(err, "You cannot set both clientsecret and existingSecret in sdk_config.") } + +func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_Ing_Enabled_Trusted_Cert_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "playground": "true", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + found := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Projected != nil { + for _, source := range volume.Projected.Sources { + suite.T().Log("Secret Name: ", source.Secret.Name) + if source.Secret != nil && source.Secret.Name == "keycloak.local-tls" { + suite.Require().Equal("ca.crt", source.Secret.Items[0].Key) + suite.Require().Equal("kc-ca.crt", source.Secret.Items[0].Path) + } + } + } + } + suite.Require().True(found) +} + +func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_Ing_Disabled_Trusted_Cert_Not_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "playground": "true", + "keycloak.ingress.enabled": "false", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + found := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Projected != nil { + for _, source := range volume.Projected.Sources { + if source.Secret != nil && source.Secret.Name == "keycloak.local-tls" { + found = true + } + } + } + } + suite.Require().False(found) +} + +func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_Ing_Enabled_AND_TLS_Disabled_Trusted_Cert_Not_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "playground": "true", + "keycloak.ingress.enabled": "true", + "keycloak.ingress.tls": "false", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + found := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Projected != nil { + for _, source := range volume.Projected.Sources { + if source.Secret != nil && source.Secret.Name == "keycloak.local-tls" { + found = true + } + } + } + } + suite.Require().False(found) +} diff --git a/tests/kubeconform/extra_volumes-values.yaml b/tests/kubeconform/extra_volumes-values.yaml new file mode 100644 index 0000000..f8b7d84 --- /dev/null +++ b/tests/kubeconform/extra_volumes-values.yaml @@ -0,0 +1,9 @@ +volumeMounts: + - name: test + mountPath: /extra-config + readOnly: true +volumes: + - name: test + secret: + secretName: mysecret + optional: false \ No newline at end of file diff --git a/tests/kubeconform/mode_all-values.yaml b/tests/kubeconform/mode_all-values.yaml new file mode 100644 index 0000000..f52409a --- /dev/null +++ b/tests/kubeconform/mode_all-values.yaml @@ -0,0 +1 @@ +mode: all \ No newline at end of file diff --git a/tests/kubeconform/mode_combo-values.yaml b/tests/kubeconform/mode_combo-values.yaml new file mode 100644 index 0000000..14f6d37 --- /dev/null +++ b/tests/kubeconform/mode_combo-values.yaml @@ -0,0 +1 @@ +mode: test,kas \ No newline at end of file diff --git a/tests/kubeconform/mode_core-values.yaml b/tests/kubeconform/mode_core-values.yaml new file mode 100644 index 0000000..ec09534 --- /dev/null +++ b/tests/kubeconform/mode_core-values.yaml @@ -0,0 +1 @@ +mode: core \ No newline at end of file diff --git a/tests/kubeconform/mode_kas-values.yaml b/tests/kubeconform/mode_kas-values.yaml new file mode 100644 index 0000000..5ce5733 --- /dev/null +++ b/tests/kubeconform/mode_kas-values.yaml @@ -0,0 +1 @@ +mode: kas \ No newline at end of file diff --git a/tests/kubeconform/mode_test-values.yaml b/tests/kubeconform/mode_test-values.yaml new file mode 100644 index 0000000..6ccc2ac --- /dev/null +++ b/tests/kubeconform/mode_test-values.yaml @@ -0,0 +1 @@ +mode: test \ No newline at end of file diff --git a/tests/traefik.yaml b/tests/traefik.yaml new file mode 100644 index 0000000..6a6fdd7 --- /dev/null +++ b/tests/traefik.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: platform +spec: + entryPoints: + - websecure + routes: + - match: Host(`keycloak.opentdf.local`) + kind: Rule + services: + - name: platform-keycloak + namespace: opentdf-sd1jsk + port: 80 + scheme: http + passHostHeader: true + - match: Host(`platform.opentdf.local`) + kind: Rule + services: + - name: opentdf-platform + namespace: opentdf-sd1jsk + port: 9000 + scheme: h2c + passHostHeader: true + tls: + secretName: platform-tls \ No newline at end of file From c8b6ec9db8a51c12f9e69cecfe3bd37cd5fca54e Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Wed, 14 Aug 2024 12:59:52 -0400 Subject: [PATCH 76/77] fix unit test --- tests/chart_platform_template_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index 722af65..bdc811e 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -99,6 +99,7 @@ func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_In if source.Secret != nil && source.Secret.Name == "keycloak.local-tls" { suite.Require().Equal("ca.crt", source.Secret.Items[0].Key) suite.Require().Equal("kc-ca.crt", source.Secret.Items[0].Path) + found = true } } } From 1787719677ac84434f7aba109eb1fcf0a0d9a0a3 Mon Sep 17 00:00:00 2001 From: Sean Trantalis Date: Wed, 14 Aug 2024 18:06:46 -0400 Subject: [PATCH 77/77] fix kas volume mounts --- charts/platform/templates/_volume.tpl | 4 +- tests/chart_platform_template_test.go | 156 ++++++++++++++++++++++++++ 2 files changed, 158 insertions(+), 2 deletions(-) diff --git a/charts/platform/templates/_volume.tpl b/charts/platform/templates/_volume.tpl index abe509f..5250248 100644 --- a/charts/platform/templates/_volume.tpl +++ b/charts/platform/templates/_volume.tpl @@ -5,7 +5,7 @@ volumes: - name: config configMap: name: {{ include "chart.fullname" . }} - {{- if or (contains .Values.mode "all") (contains .Values.mode "core") (contains .Values.mode "kas") }} + {{- if or (contains "all" .Values.mode) (contains "kas" .Values.mode) }} - name: kas-private-keys secret: secretName: {{ .Values.services.kas.privateKeysSecret }} @@ -45,7 +45,7 @@ volumeMounts: - name: config readOnly: true mountPath: /etc/platform/config - {{- if or (contains .Values.mode "all") (contains .Values.mode "core") (contains .Values.mode "kas") }} + {{- if or (contains "all" .Values.mode ) (contains "kas" .Values.mode) }} - name: kas-private-keys readOnly: true mountPath: /etc/platform/kas diff --git a/tests/chart_platform_template_test.go b/tests/chart_platform_template_test.go index bdc811e..84f5f7f 100644 --- a/tests/chart_platform_template_test.go +++ b/tests/chart_platform_template_test.go @@ -171,3 +171,159 @@ func (suite *PlatformChartTemplateSuite) Test_Playground_Enabled_AND_Keycloak_In } suite.Require().False(found) } + +func (suite *PlatformChartTemplateSuite) Test_Mode_Core_No_Kas_Volumes_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "mode": "core", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + volumeFound := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Secret != nil { + if volume.Secret.SecretName == "kas-private-keys" { + volumeFound = true + } + } + } + suite.Require().False(volumeFound) + + volumeMountFound := false + for _, container := range deployment.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + if volumeMount.Name == "kas-private-keys" { + volumeMountFound = true + } + } + } + suite.Require().False(volumeMountFound) +} + +func (suite *PlatformChartTemplateSuite) Test_Mode_Core_And_Kas_Volumes_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "mode": "core\\,kas", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + volumeFound := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Secret != nil { + if volume.Secret.SecretName == "kas-private-keys" { + volumeFound = true + } + } + } + suite.Require().True(volumeFound) + + volumeMountFound := false + for _, container := range deployment.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + if volumeMount.Name == "kas-private-keys" { + volumeMountFound = true + } + } + } + suite.Require().True(volumeMountFound) +} + +func (suite *PlatformChartTemplateSuite) Test_Mode_All_Kas_Volumes_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "mode": "all", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + volumeFound := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Secret != nil { + if volume.Secret.SecretName == "kas-private-keys" { + volumeFound = true + } + } + } + suite.Require().True(volumeFound) + + volumeMountFound := false + for _, container := range deployment.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + if volumeMount.Name == "kas-private-keys" { + volumeMountFound = true + } + } + } + suite.Require().True(volumeMountFound) +} + +func (suite *PlatformChartTemplateSuite) Test_Mode_Kas_Expect_Volumes_Mounted() { + releaseName := "basic" + + namespaceName := "opentdf-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + SetValues: map[string]string{ + "image.tag": "latest", + "mode": "kas", + }, + } + + output := helm.RenderTemplate(suite.T(), options, suite.chartPath, releaseName, []string{"templates/deployment.yaml"}) + var deployment appv1.Deployment + helm.UnmarshalK8SYaml(suite.T(), output, &deployment) + + // Find projected volume trusted-certs and check if keycloak cert is mounted + volumeFound := false + for _, volume := range deployment.Spec.Template.Spec.Volumes { + if volume.Secret != nil { + if volume.Secret.SecretName == "kas-private-keys" { + volumeFound = true + } + } + } + suite.Require().True(volumeFound) + + volumeMountFound := false + for _, container := range deployment.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + if volumeMount.Name == "kas-private-keys" { + volumeMountFound = true + } + } + } + suite.Require().True(volumeMountFound) +}