From 1a33d3a0fee05d596951a0dddda6fdbc7532d2e7 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 6 Nov 2023 13:55:04 +0100 Subject: [PATCH 01/24] factories refactor doc --- modules/__docs/20231106-factories.md | 88 ++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 modules/__docs/20231106-factories.md diff --git a/modules/__docs/20231106-factories.md b/modules/__docs/20231106-factories.md new file mode 100644 index 0000000000..0fd60dc56c --- /dev/null +++ b/modules/__docs/20231106-factories.md @@ -0,0 +1,88 @@ +# Factories Refactor and Plan Forward + +**authors:** [Ludo](https://github.com/ludoo) +**last modified:** November 6, 2023 + +## Status + +Under discussion. + +## Context + +Factories evolved progressively in Fabric, from the original firewall factory module, to a semi-standardized approach to management of repeated resources. This progression happened piecemeal and it's now time to define a clear strategy for factories in both Fabric and FAST, so that we can remove guesswork from new developments and provide a predictive approach to users. + +The remainder of this section provides a summary of the current status. + +### Modules + +Several modules implement factories for repeated resources which are typically dependent from the main resource managed in the module: + +- `billing-account` provides a factory for billing alert rules tied to the billing account +- `dns-response-policy` provides a factory for rules in within the policy +- `net-firewall-policy` provides a factory for rules within the policy +- `net-vpc` provides a factory for subnets in the VPC +- `net-vpc-firewall` provides a factory for VPC firewall rules +- `organization` and `folder` provide a factory for hierarchical firewall rules within their policy +- `organization`, `folder` and `project` provide a factory for organization policies + +The common pattern for modules is management of *multiple resources* typically dependent from the single *main resource* managed by the module. + +### Blueprints + +The `factories` folder in blueprints contains a collection of factories with a fuzzier approach + +- `bigquery-factory` manages tables and views for 1-n datasets by wrapping the `bigquery-dataset` module via simple locals +- `cloud-identity-group-factory` manages Cloud Identity group members for 1-n groups by wrapping the `cloud-identity-group` via simple locals +- `net-vpc-firewall-yaml` is the original factory module managing VPC firewall rules, superseded by the factory in the `net-vpc-firewall` module +- `project-factory` combines the project, service account, and (planned) billing account and VPC modules to implement end-to-end project creation and configuration + +There's no clear common pattern for these factories, where some could be moved to the respective module and the project factory combines a collection of modules to implement a process. + +### FAST + +FAST currently leverages module-level factories (organization policies, subnets, firewalls, etc.), and also provides the project factory as a dedicated level 3 stage by wrapping the relevant blueprint and localizing a few variables for the environment (`prefix`, `labels`). + +## Proposal + +While the current approach is reasonably clear in regards to modules, it has never been formalized in a set of guidelines that can help authors define when and how new factories would made sense. + +On top of this, the `factories` blueprints folder contains code that that should really be moved to module-level factories, and the project factory which could/should be published directly as a FAST stage, since those are consumable as standalone modules. + +This proposal aims at addressing the above problems. + +### Module-level factory approach + +The current approach for module-level factories can be summarized in a single principle: + +> factories implemented in modules manage multiple resources which depend from one single main resource (or a small set of main resources) which are the main driver of the module. + +For example, the module managing a firewall policy exposes a factory for its rules, or the module managing a VPC exposes a factory for its subnets. But the project module would not expose a projects factory, as one project maps to a single module invocation. + +The proposal on factory modules then is to: + +- align all factory variables to the same standard, outlined below +- move the groups and bigquery factories from blueprints to the respective modules +- eventually add more factories when it makes sense to do so (e.g. for KMS keys, service accounts, etc.) + +The variable interface for module-level factories should use a single top-level `factory_configs` variable, whose type is an object with one or more attributes which are named according to the specific factory. This will allow composing multiple factory configurations into a single variable in FAST stages, by avoiding name overlaps. An example: + +```hcl +variable "factory_configs" { + description = "Path to folder containing budget alerts data files." + type = object({ + budgets_data_path = optional(string, "data/billing-budgets") + }) + nullable = false + default = {} +} +``` + +### Blueprint factories + +The `factories` folder in blueprints will be emptied, and a single README left in it pointing to all the module-level and FAST stage factories available. + +As outlined above, the existing factories will be moved to modules (bigquery and groups), FAST (project factory), or deleted (firewall rules). + +### FAST factories + +The only change for FAST factories will be moving the project factory from blueprints to the stage folder, and updating the path used for the environment-level wrapping stage. From d733d824824e1f1ebfe5c824e561ccc272dfb1d3 Mon Sep 17 00:00:00 2001 From: Simone Ruffilli Date: Mon, 6 Nov 2023 18:38:43 +0100 Subject: [PATCH 02/24] Adds file schema and filesystem organization --- modules/__docs/20231106-factories.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/__docs/20231106-factories.md b/modules/__docs/20231106-factories.md index 0fd60dc56c..660895af0d 100644 --- a/modules/__docs/20231106-factories.md +++ b/modules/__docs/20231106-factories.md @@ -86,3 +86,16 @@ As outlined above, the existing factories will be moved to modules (bigquery and ### FAST factories The only change for FAST factories will be moving the project factory from blueprints to the stage folder, and updating the path used for the environment-level wrapping stage. + +### File schema and filesystem organization + +Factory files schema must mimick and implement the variable interface for the module, including optionals and validation - which are implemented in code and checks. + +With notable exceptions (currently only the `cidrs.yaml` file consumed by firewall factories), the following convention for files/directory is proposed: + +- Factories should consume directories (vs single files) +- All files should contain a dictionary +- Files in a directory should be parsed together and flattened into a single dictionary + +This allows developers to implement multiple resources in a single file or to use one file per resource, as they see fit. + From 375543d6fb7c903d1312a4483006f6f874c49af7 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 16 Feb 2024 12:30:33 +0100 Subject: [PATCH 03/24] Update 20231106-factories.md --- modules/__docs/20231106-factories.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/__docs/20231106-factories.md b/modules/__docs/20231106-factories.md index 660895af0d..b9ebf45186 100644 --- a/modules/__docs/20231106-factories.md +++ b/modules/__docs/20231106-factories.md @@ -1,7 +1,7 @@ # Factories Refactor and Plan Forward **authors:** [Ludo](https://github.com/ludoo) -**last modified:** November 6, 2023 +**last modified:** February 16, 2024 ## Status @@ -94,7 +94,8 @@ Factory files schema must mimick and implement the variable interface for the mo With notable exceptions (currently only the `cidrs.yaml` file consumed by firewall factories), the following convention for files/directory is proposed: - Factories should consume directories (vs single files) -- All files should contain a dictionary +- All files should contain a dictionary of resources or a single resource +- If the factory accepts one resource per file (e.g. VPC subnets), the file name should be used for the resource name and the YAML should allow defining a `name:` override - Files in a directory should be parsed together and flattened into a single dictionary This allows developers to implement multiple resources in a single file or to use one file per resource, as they see fit. From 1791dbada21889f6d6c1628cbf4a7dc7c85020b0 Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 11:58:31 +0100 Subject: [PATCH 04/24] move factories out of blueprints and create new factories README --- blueprints/factories/README.md | 99 ++++++--- .../factories/net-vpc-firewall-yaml/README.md | 201 ------------------ .../factories/net-vpc-firewall-yaml/main.tf | 113 ---------- .../net-vpc-firewall-yaml/outputs.tf | 47 ---- .../net-vpc-firewall-yaml/variables.tf | 38 ---- .../factories/project-factory/README.md | 198 ----------------- .../factories/project-factory/factory.tf | 115 ---------- blueprints/factories/project-factory/main.tf | 78 ------- .../factories/project-factory/outputs.tf | 28 --- .../factories/project-factory/variables.tf | 95 --------- .../alloydb-instance/README.md | 0 .../alloydb-instance/main.tf | 0 .../alloydb-instance/outputs.tf | 0 .../alloydb-instance/variables.tf | 0 .../alloydb-instance/versions.tf | 0 .../bigquery-factory/README.md | 0 .../bigquery-factory/main.tf | 0 .../bigquery-factory/variables.tf | 0 .../cloud-identity-group-factory/README.md | 0 .../cloud-identity-group-factory/main.tf | 0 .../cloud-identity-group-factory/outputs.tf | 0 .../cloud-identity-group-factory/variables.tf | 0 .../net-dns-policy-address/README.md | 0 .../net-dns-policy-address/main.tf | 0 .../net-dns-policy-address/outputs.tf | 0 .../net-dns-policy-address/variables.tf | 0 .../net-neg/README.md | 0 .../net-neg/main.tf | 0 .../net-neg/outputs.tf | 0 .../net-neg/variables.tf | 0 .../net-neg/versions.tf | 0 .../project-iam-magic/versions.tf | 0 32 files changed, 67 insertions(+), 945 deletions(-) delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/README.md delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/main.tf delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/outputs.tf delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/variables.tf delete mode 100644 blueprints/factories/project-factory/README.md delete mode 100644 blueprints/factories/project-factory/factory.tf delete mode 100644 blueprints/factories/project-factory/main.tf delete mode 100644 blueprints/factories/project-factory/outputs.tf delete mode 100644 blueprints/factories/project-factory/variables.tf rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/versions.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/README.md (100%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/main.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/variables.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/README.md (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/main.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/outputs.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/versions.tf (100%) rename modules/{__experimental => __experimental_deprecated}/project-iam-magic/versions.tf (100%) diff --git a/blueprints/factories/README.md b/blueprints/factories/README.md index d2eeb0b2b4..6579786500 100644 --- a/blueprints/factories/README.md +++ b/blueprints/factories/README.md @@ -1,44 +1,79 @@ -# The why and the how of Resource Factories +# Resource Factories -Terraform modules can be designed - where it makes sense - to implement a resource factory, which is a configuration-driven approach to resource creation meant to: +This README explains the rationale and high level approach for resource factories, a pattern that is widely used in this repository across modules and in the FAST framework. It also collects pointers to all the different factories implemented in modules to simplify discovery. -- accelerate and rationalize the repetitive creation of common resources, such as firewall rules and subnets -- enable teams without Terraform specific knowledge to leverage IaC via human-friendly and machine-parseable YAML files -- make it simple to implement specific requirements and best practices (e.g. "always enable PGA for GCP subnets", or "only allow using regions `europe-west1` and `europe-west3`") -- codify and centralise business logics and policies (e.g. labels and naming conventions) -- allow to easily parse and understand sets of specific resources, for documentation purposes + +- [The why](#the-why) +- [The how](#the-how) +- [Factory implementations](#factory-implementations) + - [Module-level factory interfaces](#module-level-factory-interfaces) + - [Standalone factories](#standalone-factories) + -Generally speaking, the configurations for a resource factory consists in one or more YaML files, optionally grouped in folders, that describe resources following a well defined, validable schema, such as in the example below for the subnet factory of the [`net-vpc`](../../modules/net-vpc) module, which allows for the massive creation of subnets for a given VPC. +## The why -```yaml -region: europe-west3 -ip_cidr_range: 10.0.0.0/24 -description: Sample Subnet in project project-prod-a, vpc-alpha -secondary_ip_ranges: - secondary-range-a: 192.168.0.0/24 - secondary-range-b: 192.168.1.0/24 -``` +Managing large sets of uniform resources with Terraform usually involves different teams collaborating on the same codebase, complex authorization processes and checks managed via CI/CD approvals, or even integrating with external systems that manage digital workflows. -Terraform natively supports YaML, JSON and CSV parsing - however Fabric has decided to embrace YaML for the following reasons: +Factories are a way to simplify all above use cases, by moving repetitive resource definitions out of the Terraform codebase and into sets of files that leverage different formats. -- YaML is easier to parse for a human, and allows for comments and nested, complex structures -- JSON and CSV can't include comments, which can be used to document configurations, but are often useful to bridge from other systems in automated pipelines -- JSON is more verbose (reads: longer) and harder to parse visually for humans -- CSV isn't often expressive enough (e.g. dit doesn't allow for nested structures) +Using factories, repetive resource creation and management becomes easier -If needed, converting factories to consume JSON is a matter of switching from `yamldecode()` to `jsondecode()` in the right place on each module. +- for humans who have no direct experience with Terraform, by exposing filesystem hierarchies and YAML-based configuration data +- for connected systems, by accepting well know data exchange formats like JSON or CSV +- for external code that needs to enforce checks or policies, by eliminating the need to parse HCL code or Terraform outputs +- to implement authorization processes or workwflows in CI/CD, by removing the dependency on Terraform and HCL knowledge for the teams involved -## Resource factories in Fabric +## The how -### Fabric Modules +Fabric resource-level factories can be broadly split into two different types -- [folder](../../modules/folder/README.md#firewall-policy-factory) and [organization](../../modules/organization/README.md#firewall-policy-factory) implement factories for [hierarchical firewall policies](https://cloud.google.com/vpc/docs/firewall-policies) -- [net-vpc](../../modules/net-vpc/README.md#subnet-factory) for subnets creation -- [net-vpc-firewall](../../modules/net-vpc-firewall/README.md#rules-factory) for massive rules creation +- simple factories that manage one simple resource type (firewalls, VPC-SC policies) +- complex factories that manage a set of connected resources to implement a complex flow that is usually perceived as a single unit (project creation) -### Dedicated Factories +The first factory type is implemented at the module level, where one module exposes one or more factories for some of the resources that depend on the main module resource (e.g. firewall rules for a VPC). The main goal with this approach is to simplify resource management at scale by removing the dependency on Terraform and HCL. -- [cloud-identity-group-factory](cloud-identity-group-factory/README.md) for Cloud Identity group -- [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs -- [project-factory](project-factory/README.md) for projects - +These factories are often designed as module-level interfaces which are then exposed by any module that manages a specific type of resource. All these factories leverage a single `factory_configs` variable, that allows passing in the paths for all the different factories supported in the module. + +The second factory type is implemented as a standalone module that internally references other modules, and implements complex management of different resource sets as part of a single process implemented via the factory. The typical example is the project factory, that brings together the project, service accounts, and billing accounts modules to cover all the main aspects of project creation as a single unit. + +## Factory implementations + +### Module-level factory interfaces + +- **BigQuery Analicts Hub rules** + - `analytics-hub` +- **billing budgets** + - `billing-account` +- **Data Catalog tags** + - `data-catalog-tag` +- **Data Catalog tag templates** + - `data-catalog-tag-template` +- **Dataplex Datascan rules** + - `dataplex-datascan` +- **firewall policy rules** + - `net-firewall-policy` +- **hierarchical firewall policies** + - `folder` + - `project` +- **IAM custom roles** + - `organization` + - `project` +- **organization policies** + - `organization` + - `folder` + - `project` +- **organization policy custom constraints** + - `organization` +- **DNS response policy rules** + - `dns-response-policy` +- **VPC firewall rules** + - `net-vpc-firewall` +- **VPC subnets** + - `net-vpc` +- **VPC-SC access levels and policies** + - `vpc-sc` + +### Standalone factories + +- **projects** + - `project-factory` diff --git a/blueprints/factories/net-vpc-firewall-yaml/README.md b/blueprints/factories/net-vpc-firewall-yaml/README.md deleted file mode 100644 index e385a68e87..0000000000 --- a/blueprints/factories/net-vpc-firewall-yaml/README.md +++ /dev/null @@ -1,201 +0,0 @@ -# Google Cloud VPC Firewall Factory - -This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. - -Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL. - -Nested folder structure for yaml configurations is optionally supported, which allows better and structured code management for multiple teams and environments. - -## Example - -### Terraform code - -```hcl -module "prod-firewall" { - source = "./fabric/blueprints/factories/net-vpc-firewall-yaml" - - project_id = "my-prod-project" - network = "my-prod-network" - config_directories = [ - "./firewall/prod", - "./firewall/common" - ] - - log_config = { - metadata = "INCLUDE_ALL_METADATA" - } -} - -module "dev-firewall" { - source = "./fabric/blueprints/factories/net-vpc-firewall-yaml" - - project_id = "my-dev-project" - network = "my-dev-network" - config_directories = [ - "./firewall/dev", - "./firewall/common" - ] -} -# tftest modules=2 resources=16 files=common,dev,prod inventory=example.yaml -``` - -```yaml -# tftest-file id=common path=firewall/common/common.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# allow ingress from GCLB to all instances in the network -lb-health-checks: - allow: - - ports: [] - protocol: tcp - direction: INGRESS - priority: 1001 - source_ranges: - - 35.191.0.0/16 - - 130.211.0.0/22 - -# deny all egress -deny-all: - deny: - - ports: [] - protocol: all - direction: EGRESS - priority: 65535 - destination_ranges: - - 0.0.0.0/0 -``` - -```yaml -# tftest-file id=dev path=firewall/dev/app.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# Myapp egress -web-app-dev-egress: - allow: - - ports: [443] - protocol: tcp - direction: EGRESS - destination_ranges: - - 192.168.0.0/24 - target_service_accounts: - - myapp@myproject-dev.iam.gserviceaccount.com -# Myapp ingress -web-app-dev-ingress: - allow: - - ports: [1234] - protocol: tcp - direction: INGRESS - source_service_accounts: - - frontend-sa@myproject-dev.iam.gserviceaccount.com - target_service_accounts: - - web-app-a@myproject-dev.iam.gserviceaccount.com -``` - -```yaml -# tftest-file id=prod path=firewall/prod/app.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# Myapp egress -web-app-prod-egress: - allow: - - ports: [443] - protocol: tcp - direction: EGRESS - destination_ranges: - - 192.168.10.0/24 - target_service_accounts: - - myapp@myproject-prod.iam.gserviceaccount.com -# Myapp ingress -web-app-prod-ingress: - allow: - - ports: [1234] - protocol: tcp - direction: INGRESS - source_service_accounts: - - frontend-sa@myproject-prod.iam.gserviceaccount.com - target_service_accounts: - - web-app-a@myproject-prod.iam.gserviceaccount.com -``` - -### Configuration Structure - -```bash -├── common -│ ├── default-egress.yaml -│   ├── lb-rules.yaml -│   └── iap-ingress.yaml -├── dev -│   ├── team-a -│   │   ├── databases.yaml -│   │   └── webb-app-a.yaml -│   └── team-b -│   ├── backend.yaml -│   └── frontend.yaml -└── prod - ├── team-a - │   ├── databases.yaml - │   └── webb-app-a.yaml - └── team-b - ├── backend.yaml - └── frontend.yaml -``` - -### Rule definition format and structure - -Firewall rules configuration should be placed in a set of yaml files in a folder/s. Firewall rule entry structure is following: - -```yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -rule-name: # descriptive name, naming convention is adjusted by the module - allow: # `allow` or `deny` - - ports: ['443', '80'] # ports for a specific protocol, keep empty list `[]` for all ports - protocol: tcp # protocol, put `all` for any protocol - direction: EGRESS # EGRESS or INGRESS - disabled: false # `false` or `true`, FW rule is disabled when `true`, default value is `false` - priority: 1000 # rule priority value, default value is 1000 - source_ranges: # list of source ranges, should be specified only for `INGRESS` rule - - 0.0.0.0/0 - destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule - - 0.0.0.0/0 - source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule - source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags` - - myapp@myproject-id.iam.gserviceaccount.com - target_tags: ['some-tag'] # list of target tags - target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags` - - myapp@myproject-id.iam.gserviceaccount.com -``` - - - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [config_directories](variables.tf#L17) | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml`. | list(string) | ✓ | | -| [network](variables.tf#L30) | Name of the network this set of firewall rules applies to. | string | ✓ | | -| [project_id](variables.tf#L35) | Project Id. | string | ✓ | | -| [log_config](variables.tf#L22) | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [egress_allow_rules](outputs.tf#L17) | Egress rules with allow blocks. | | -| [egress_deny_rules](outputs.tf#L25) | Egress rules with allow blocks. | | -| [ingress_allow_rules](outputs.tf#L33) | Ingress rules with allow blocks. | | -| [ingress_deny_rules](outputs.tf#L41) | Ingress rules with deny blocks. | | - - diff --git a/blueprints/factories/net-vpc-firewall-yaml/main.tf b/blueprints/factories/net-vpc-firewall-yaml/main.tf deleted file mode 100644 index 0cfacf8a62..0000000000 --- a/blueprints/factories/net-vpc-firewall-yaml/main.tf +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - firewall_rule_files = flatten( - [ - for config_path in var.config_directories : - concat( - [ - for config_file in fileset(config_path, "**/*.yaml") : - "${config_path}/${config_file}" - ] - ) - - ] - ) - - firewall_rules = merge( - [ - for config_file in local.firewall_rule_files : - yamldecode(file(config_file)) - ]... - ) -} - -resource "time_static" "timestamp" { - for_each = local.firewall_rules - triggers = { - name = md5(jsonencode(each.value)) - } -} - -resource "google_compute_firewall" "rules" { - for_each = local.firewall_rules - project = var.project_id - name = format( - "fwr-%s-%s-%s-%s", - var.network, - (try(each.value.target_service_accounts, null) != null ? "sac" : try(each.value.target_tags, null) != null ? "vpc" : "all"), - substr(lower(each.value.direction), 0, 1), - each.key - ) - description = format( - "%s rule in network %s for %s created at %s", - each.value.direction, - var.network, - each.key, - time_static.timestamp[each.key].rfc3339 - ) - - network = var.network - direction = each.value.direction - priority = try(each.value.priority, 1000) - disabled = try(each.value.disabled, null) - - source_ranges = try(each.value.source_ranges, each.value.direction == "INGRESS" ? [] : null) - source_tags = try(each.value.source_tags, null) - source_service_accounts = try(each.value.source_service_accounts, null) - - destination_ranges = try(each.value.destination_ranges, each.value.direction == "EGRESS" ? [] : null) - target_tags = try(each.value.target_tags, null) - target_service_accounts = try(each.value.target_service_accounts, null) - - dynamic "allow" { - for_each = { for block in try(each.value.allow, []) : - "${block.protocol}-${join("-", block.ports)}" => { - ports = [for port in block.ports : tostring(port)] - protocol = block.protocol - } - } - content { - protocol = allow.value.protocol - ports = allow.value.ports - } - } - - dynamic "deny" { - for_each = { for block in try(each.value.deny, []) : - "${block.protocol}-${join("-", block.ports)}" => { - ports = [for port in block.ports : tostring(port)] - protocol = block.protocol - } - } - content { - protocol = deny.value.protocol - ports = deny.value.ports - } - } - - dynamic "log_config" { - for_each = var.log_config != null ? [""] : [] - content { - metadata = var.log_config.metadata - } - } - - lifecycle { - create_before_destroy = true - } -} diff --git a/blueprints/factories/net-vpc-firewall-yaml/outputs.tf b/blueprints/factories/net-vpc-firewall-yaml/outputs.tf deleted file mode 100644 index f60e9c92fa..0000000000 --- a/blueprints/factories/net-vpc-firewall-yaml/outputs.tf +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "egress_allow_rules" { - description = "Egress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "EGRESS" && length(rule.allow) > 0 - ] -} - -output "egress_deny_rules" { - description = "Egress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "EGRESS" && length(rule.deny) > 0 - ] -} - -output "ingress_allow_rules" { - description = "Ingress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "INGRESS" && length(rule.allow) > 0 - ] -} - -output "ingress_deny_rules" { - description = "Ingress rules with deny blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "INGRESS" && length(rule.deny) > 0 - ] -} diff --git a/blueprints/factories/net-vpc-firewall-yaml/variables.tf b/blueprints/factories/net-vpc-firewall-yaml/variables.tf deleted file mode 100644 index b41eb57ce1..0000000000 --- a/blueprints/factories/net-vpc-firewall-yaml/variables.tf +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "config_directories" { - description = "List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml`." - type = list(string) -} - -variable "log_config" { - description = "Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging." - type = object({ - metadata = string - }) - default = null -} - -variable "network" { - description = "Name of the network this set of firewall rules applies to." - type = string -} - -variable "project_id" { - description = "Project Id." - type = string -} diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md deleted file mode 100644 index 67081df2e2..0000000000 --- a/blueprints/factories/project-factory/README.md +++ /dev/null @@ -1,198 +0,0 @@ -# Project Factory - -This is a working example of how to manage project creation at scale, by wrapping the [project module](../../../modules/project/) and driving it via external data, either directly provided or parsed via YAML files. - -The wrapping layer around the project module is intentionally thin, so that - -- all the features of the project module are available -- no "magic" or hidden side effects are implemented in code -- debugging and integration of new features is simple - -The code is meant to be executed by a high level service accounts with powerful permissions: - -- Shared VPC connection if service project attachment is desired -- project creation on the nodes (folder or org) where projects will be defined - -The module also supports optional creation of specific resources that are usually part of the project creation flow: - -- service accounts used for VM instances, and associated basic roles -- KMS key encrypt/decrypt permissions for service identities in the project -- membership in VPC SC standard or bridge perimeters - -## Leveraging data defaults, merges, optionals - -In addition to the yaml files describing projects, the project factory accepts three additional sets of inputs: - -- the `data_defaults` variable allows specifying defaults for specific project attributes, which are only used if the attributes are not present in a project yaml -- the `data_overrides` variable works similarly to defaults, but the values specified here take precedence over those in yaml files -- the `data_merges` variable allows specifying additional values that are merged to sets of maps present in the yaml file, which are preserved - -Some examples on where to use each of the three sets are provided below. - -## Example - -```hcl -module "project-factory" { - source = "./fabric/blueprints/factories/project-factory" - # use a default billing account if none is specified via yaml - data_defaults = { - billing_account = "012345-67890A-ABCDEF" - } - # make sure the environment label and stackdriver service are always added - data_merges = { - labels = { - environment = "test" - } - services = [ - "stackdriver.googleapis.com" - ] - } - # always use this contaxt and prefix, regardless of what is in the yaml file - data_overrides = { - contacts = { - "admin@example.com" = ["ALL"] - } - prefix = "test-pf" - } - # location where the yaml files are read from - factory_data_path = "data" -} -# tftest modules=7 resources=33 files=prj-app-1,prj-app-2,prj-app-3 inventory=example.yaml -``` - -```yaml -billing_account: 012345-67890A-BCDEF0 -labels: - app: app-1 - team: foo -parent: folders/12345678 -service_encryption_key_ids: - compute: - - projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce -services: - - container.googleapis.com - - storage.googleapis.com -service_accounts: - app-1-be: - iam_project_roles: - - roles/logging.logWriter - - roles/monitoring.metricWriter - app-1-fe: - display_name: "Test app 1 frontend." - -# tftest-file id=prj-app-1 path=data/prj-app-1.yaml -``` - -```yaml -labels: - app: app-2 - team: foo -parent: folders/12345678 -org_policies: - "compute.restrictSharedVpcSubnetworks": - rules: - - allow: - values: - - projects/foo-host/regions/europe-west1/subnetworks/prod-default-ew1 -service_accounts: - app-2-be: {} -services: -- compute.googleapis.com -- container.googleapis.com -- run.googleapis.com -- storage.googleapis.com -shared_vpc_service_config: - host_project: foo-host - service_identity_iam: - "roles/vpcaccess.user": - - cloudrun - "roles/container.hostServiceAgentUser": - - container-engine - service_identity_subnet_iam: - europe-west1/prod-default-ew1: - - cloudservices - - container-engine - network_subnet_users: - europe-west1/prod-default-ew1: - - group:team-1@example.com - -# tftest-file id=prj-app-2 path=data/prj-app-2.yaml -``` - -```yaml -parent: folders/12345678 -services: -- run.googleapis.com -- storage.googleapis.com - -# tftest-file id=prj-app-3 path=data/prj-app-3.yaml -``` - - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [factory_data_path](variables.tf#L91) | Path to folder with YAML project description data files. | string | ✓ | | -| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | -| [data_merges](variables.tf#L49) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | -| [data_overrides](variables.tf#L69) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [projects](outputs.tf#L17) | Project module outputs. | | -| [service_accounts](outputs.tf#L22) | Service account emails. | | - - -## Tests - -These tests validate fixes to the project factory. - -```hcl -module "project-factory" { - source = "./fabric/blueprints/factories/project-factory" - data_defaults = { - billing_account = "012345-67890A-ABCDEF" - } - data_merges = { - labels = { - owner = "foo" - } - services = [ - "compute.googleapis.com" - ] - } - data_overrides = { - prefix = "foo" - } - factory_data_path = "data" -} -# tftest modules=4 resources=14 files=test-0,test-1,test-2 -``` - -```yaml -parent: folders/1234567890 -services: - - iam.googleapis.com - - contactcenteraiplatform.googleapis.com - - container.googleapis.com -# tftest-file id=test-0 path=data/test-0.yaml -``` - -```yaml -parent: folders/1234567890 -services: - - iam.googleapis.com - - contactcenteraiplatform.googleapis.com -# tftest-file id=test-1 path=data/test-1.yaml -``` - -```yaml -parent: folders/1234567890 -services: - - iam.googleapis.com - - storage.googleapis.com -# tftest-file id=test-2 path=data/test-2.yaml -``` diff --git a/blueprints/factories/project-factory/factory.tf b/blueprints/factories/project-factory/factory.tf deleted file mode 100644 index 4028186caf..0000000000 --- a/blueprints/factories/project-factory/factory.tf +++ /dev/null @@ -1,115 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - _data = ( - { - for f in fileset(local._data_path, "**/*.yaml") : - trimsuffix(f, ".yaml") => yamldecode(file("${local._data_path}/${f}")) - } - ) - _data_path = var.factory_data_path == null ? null : pathexpand( - var.factory_data_path - ) - projects = { - for k, v in local._data : k => merge(v, { - billing_account = try(coalesce( - var.data_overrides.billing_account, - try(v.billing_account, null), - var.data_defaults.billing_account - ), null) - contacts = coalesce( - var.data_overrides.contacts, - try(v.contacts, null), - var.data_defaults.contacts - ) - labels = coalesce( - try(v.labels, null), - var.data_defaults.labels - ) - metric_scopes = coalesce( - try(v.metric_scopes, null), - var.data_defaults.metric_scopes - ) - org_policies = try(v.org_policies, {}) - parent = coalesce( - var.data_overrides.parent, - try(v.parent, null), - var.data_defaults.parent - ) - prefix = coalesce( - var.data_overrides.prefix, - try(v.prefix, null), - var.data_defaults.prefix - ) - service_encryption_key_ids = coalesce( - var.data_overrides.service_encryption_key_ids, - try(v.service_encryption_key_ids, null), - var.data_defaults.service_encryption_key_ids - ) - service_perimeter_bridges = coalesce( - var.data_overrides.service_perimeter_bridges, - try(v.service_perimeter_bridges, null), - var.data_defaults.service_perimeter_bridges - ) - service_perimeter_standard = try(coalesce( - var.data_overrides.service_perimeter_standard, - try(v.service_perimeter_standard, null), - var.data_defaults.service_perimeter_standard - ), null) - services = coalesce( - var.data_overrides.services, - try(v.services, null), - var.data_defaults.services - ) - shared_vpc_service_config = ( - try(v.shared_vpc_service_config, null) != null - ? merge( - { - network_users = [] - service_identity_iam = {} - service_identity_subnet_iam = {} - service_iam_grants = [] - network_subnet_users = {} - }, - v.shared_vpc_service_config - ) - : var.data_defaults.shared_vpc_service_config - ) - tag_bindings = coalesce( - var.data_overrides.tag_bindings, - try(v.tag_bindings, null), - var.data_defaults.tag_bindings - ) - # non-project resources - service_accounts = coalesce( - var.data_overrides.service_accounts, - try(v.service_accounts, null), - var.data_defaults.service_accounts - ) - }) - } - service_accounts = flatten([ - for k, v in local.projects : [ - for name, opts in v.service_accounts : { - project = k - name = name - display_name = try(opts.display_name, "Terraform-managed.") - iam_project_roles = try(opts.iam_project_roles, null) - } - ] - ]) -} diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf deleted file mode 100644 index 1cb17be850..0000000000 --- a/blueprints/factories/project-factory/main.tf +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Copyright 2024 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -module "projects" { - source = "../../../modules/project" - for_each = local.projects - billing_account = each.value.billing_account - name = each.key - parent = try(each.value.parent, null) - prefix = each.value.prefix - auto_create_network = try(each.value.auto_create_network, false) - compute_metadata = try(each.value.compute_metadata, {}) - # TODO: concat lists for each key - contacts = merge( - each.value.contacts, var.data_merges.contacts - ) - default_service_account = try(each.value.default_service_account, "keep") - descriptive_name = try(each.value.descriptive_name, null) - iam = try(each.value.iam, {}) - iam_bindings = try(each.value.iam_bindings, {}) - iam_bindings_additive = try(each.value.iam_bindings_additive, {}) - iam_by_principals = try(each.value.iam_by_principals, {}) - labels = merge( - each.value.labels, var.data_merges.labels - ) - lien_reason = try(each.value.lien_reason, null) - logging_data_access = try(each.value.logging_data_access, {}) - logging_exclusions = try(each.value.logging_exclusions, {}) - logging_sinks = try(each.value.logging_sinks, {}) - metric_scopes = distinct(concat( - each.value.metric_scopes, var.data_merges.metric_scopes - )) - org_policies = each.value.org_policies - service_encryption_key_ids = merge( - each.value.service_encryption_key_ids, - var.data_merges.service_encryption_key_ids - ) - service_perimeter_bridges = distinct(concat( - each.value.service_perimeter_bridges, - var.data_merges.service_perimeter_bridges - )) - service_perimeter_standard = each.value.service_perimeter_standard - services = distinct(concat( - each.value.services, - var.data_merges.services - )) - shared_vpc_service_config = each.value.shared_vpc_service_config - tag_bindings = merge( - each.value.tag_bindings, - var.data_merges.tag_bindings - ) -} - -module "service-accounts" { - source = "../../../modules/iam-service-account" - for_each = { - for k in local.service_accounts : "${k.project}-${k.name}" => k - } - project_id = module.projects[each.value.project].project_id - name = each.value.name - display_name = each.value.display_name - iam_project_roles = each.value.iam_project_roles == null ? {} : { - (module.projects[each.value.project].project_id) = each.value.iam_project_roles - } -} diff --git a/blueprints/factories/project-factory/outputs.tf b/blueprints/factories/project-factory/outputs.tf deleted file mode 100644 index 99653a1550..0000000000 --- a/blueprints/factories/project-factory/outputs.tf +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "projects" { - description = "Project module outputs." - value = module.projects -} - -output "service_accounts" { - description = "Service account emails." - # TODO: group by project - value = { - for k, v in module.service-accounts : k => v.email - } -} diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf deleted file mode 100644 index d37f939928..0000000000 --- a/blueprints/factories/project-factory/variables.tf +++ /dev/null @@ -1,95 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "data_defaults" { - description = "Optional default values used when corresponding project data from files are missing." - type = object({ - billing_account = optional(string) - contacts = optional(map(list(string)), {}) - labels = optional(map(string), {}) - metric_scopes = optional(list(string), []) - parent = optional(string) - prefix = optional(string) - service_encryption_key_ids = optional(map(list(string)), {}) - service_perimeter_bridges = optional(list(string), []) - service_perimeter_standard = optional(string) - services = optional(list(string), []) - shared_vpc_service_config = optional(object({ - host_project = string - network_users = optional(list(string), []) - service_identity_iam = optional(map(list(string)), {}) - service_identity_subnet_iam = optional(map(list(string)), {}) - service_iam_grants = optional(list(string), []) - network_subnet_users = optional(map(list(string)), {}) - }), { host_project = null }) - tag_bindings = optional(map(string), {}) - # non-project resources - service_accounts = optional(map(object({ - display_name = optional(string, "Terraform-managed.") - iam_project_roles = optional(list(string)) - })), {}) - }) - nullable = false - default = {} -} - -variable "data_merges" { - description = "Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`." - type = object({ - contacts = optional(map(list(string)), {}) - labels = optional(map(string), {}) - metric_scopes = optional(list(string), []) - service_encryption_key_ids = optional(map(list(string)), {}) - service_perimeter_bridges = optional(list(string), []) - services = optional(list(string), []) - tag_bindings = optional(map(string), {}) - # non-project resources - service_accounts = optional(map(object({ - display_name = optional(string, "Terraform-managed.") - iam_project_roles = optional(list(string)) - })), {}) - }) - nullable = false - default = {} -} - -variable "data_overrides" { - description = "Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`." - type = object({ - billing_account = optional(string) - contacts = optional(map(list(string))) - parent = optional(string) - prefix = optional(string) - service_encryption_key_ids = optional(map(list(string))) - service_perimeter_bridges = optional(list(string)) - service_perimeter_standard = optional(string) - tag_bindings = optional(map(string)) - services = optional(list(string)) - # non-project resources - service_accounts = optional(map(object({ - display_name = optional(string, "Terraform-managed.") - iam_project_roles = optional(list(string)) - }))) - }) - nullable = false - default = {} -} - -variable "factory_data_path" { - description = "Path to folder with YAML project description data files." - type = string - nullable = false -} diff --git a/modules/__experimental/alloydb-instance/README.md b/modules/__experimental_deprecated/alloydb-instance/README.md similarity index 100% rename from modules/__experimental/alloydb-instance/README.md rename to modules/__experimental_deprecated/alloydb-instance/README.md diff --git a/modules/__experimental/alloydb-instance/main.tf b/modules/__experimental_deprecated/alloydb-instance/main.tf similarity index 100% rename from modules/__experimental/alloydb-instance/main.tf rename to modules/__experimental_deprecated/alloydb-instance/main.tf diff --git a/modules/__experimental/alloydb-instance/outputs.tf b/modules/__experimental_deprecated/alloydb-instance/outputs.tf similarity index 100% rename from modules/__experimental/alloydb-instance/outputs.tf rename to modules/__experimental_deprecated/alloydb-instance/outputs.tf diff --git a/modules/__experimental/alloydb-instance/variables.tf b/modules/__experimental_deprecated/alloydb-instance/variables.tf similarity index 100% rename from modules/__experimental/alloydb-instance/variables.tf rename to modules/__experimental_deprecated/alloydb-instance/variables.tf diff --git a/modules/__experimental/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf similarity index 100% rename from modules/__experimental/alloydb-instance/versions.tf rename to modules/__experimental_deprecated/alloydb-instance/versions.tf diff --git a/blueprints/factories/bigquery-factory/README.md b/modules/__experimental_deprecated/bigquery-factory/README.md similarity index 100% rename from blueprints/factories/bigquery-factory/README.md rename to modules/__experimental_deprecated/bigquery-factory/README.md diff --git a/blueprints/factories/bigquery-factory/main.tf b/modules/__experimental_deprecated/bigquery-factory/main.tf similarity index 100% rename from blueprints/factories/bigquery-factory/main.tf rename to modules/__experimental_deprecated/bigquery-factory/main.tf diff --git a/blueprints/factories/bigquery-factory/variables.tf b/modules/__experimental_deprecated/bigquery-factory/variables.tf similarity index 100% rename from blueprints/factories/bigquery-factory/variables.tf rename to modules/__experimental_deprecated/bigquery-factory/variables.tf diff --git a/blueprints/factories/cloud-identity-group-factory/README.md b/modules/__experimental_deprecated/cloud-identity-group-factory/README.md similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/README.md rename to modules/__experimental_deprecated/cloud-identity-group-factory/README.md diff --git a/blueprints/factories/cloud-identity-group-factory/main.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/main.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/main.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/main.tf diff --git a/blueprints/factories/cloud-identity-group-factory/outputs.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/outputs.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/outputs.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/outputs.tf diff --git a/blueprints/factories/cloud-identity-group-factory/variables.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/variables.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/variables.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/variables.tf diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental_deprecated/net-dns-policy-address/README.md similarity index 100% rename from modules/__experimental/net-dns-policy-address/README.md rename to modules/__experimental_deprecated/net-dns-policy-address/README.md diff --git a/modules/__experimental/net-dns-policy-address/main.tf b/modules/__experimental_deprecated/net-dns-policy-address/main.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/main.tf rename to modules/__experimental_deprecated/net-dns-policy-address/main.tf diff --git a/modules/__experimental/net-dns-policy-address/outputs.tf b/modules/__experimental_deprecated/net-dns-policy-address/outputs.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/outputs.tf rename to modules/__experimental_deprecated/net-dns-policy-address/outputs.tf diff --git a/modules/__experimental/net-dns-policy-address/variables.tf b/modules/__experimental_deprecated/net-dns-policy-address/variables.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/variables.tf rename to modules/__experimental_deprecated/net-dns-policy-address/variables.tf diff --git a/modules/__experimental/net-neg/README.md b/modules/__experimental_deprecated/net-neg/README.md similarity index 100% rename from modules/__experimental/net-neg/README.md rename to modules/__experimental_deprecated/net-neg/README.md diff --git a/modules/__experimental/net-neg/main.tf b/modules/__experimental_deprecated/net-neg/main.tf similarity index 100% rename from modules/__experimental/net-neg/main.tf rename to modules/__experimental_deprecated/net-neg/main.tf diff --git a/modules/__experimental/net-neg/outputs.tf b/modules/__experimental_deprecated/net-neg/outputs.tf similarity index 100% rename from modules/__experimental/net-neg/outputs.tf rename to modules/__experimental_deprecated/net-neg/outputs.tf diff --git a/modules/__experimental/net-neg/variables.tf b/modules/__experimental_deprecated/net-neg/variables.tf similarity index 100% rename from modules/__experimental/net-neg/variables.tf rename to modules/__experimental_deprecated/net-neg/variables.tf diff --git a/modules/__experimental/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf similarity index 100% rename from modules/__experimental/net-neg/versions.tf rename to modules/__experimental_deprecated/net-neg/versions.tf diff --git a/modules/__experimental/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf similarity index 100% rename from modules/__experimental/project-iam-magic/versions.tf rename to modules/__experimental_deprecated/project-iam-magic/versions.tf From 362104e4899a29fe3cf7fe94172c1e2e72dae378 Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:02:10 +0100 Subject: [PATCH 05/24] align factory in billing-account module --- modules/billing-account/README.md | 2 +- modules/billing-account/factory.tf | 2 +- modules/billing-account/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/billing-account/README.md b/modules/billing-account/README.md index 23a73a1336..40c9976934 100644 --- a/modules/billing-account/README.md +++ b/modules/billing-account/README.md @@ -263,7 +263,7 @@ update_rules: | [id](variables.tf#L131) | Billing account id. | string | ✓ | | | [budget_notification_channels](variables.tf#L17) | Notification channels used by budget alerts. | map(object({…})) | | {} | | [budgets](variables.tf#L47) | Billing budgets. Notification channels are either keys in corresponding variable, or external ids. | map(object({…})) | | {} | -| [factory_config](variables.tf#L121) | Path to folder containing budget alerts data files. | object({…}) | | {} | +| [factories_config](variables.tf#L121) | Path to folder containing budget alerts data files. | object({…}) | | {} | | [iam](variables-iam.tf#L17) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [iam_bindings](variables-iam.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | | [iam_bindings_additive](variables-iam.tf#L39) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | diff --git a/modules/billing-account/factory.tf b/modules/billing-account/factory.tf index f32c7c350f..ccca93228e 100644 --- a/modules/billing-account/factory.tf +++ b/modules/billing-account/factory.tf @@ -19,7 +19,7 @@ locals { for f in fileset("${local._factory_path}", "**/*.yaml") : trimsuffix(f, ".yaml") => yamldecode(file("${local._factory_path}/${f}")) } - _factory_path = var.factory_config.budgets_data_path + _factory_path = try(pathexpand(var.factories_config.budgets_data_path), "") factory_budgets = { for k, v in local._factory_data : k => merge(v, { amount = merge( diff --git a/modules/billing-account/variables.tf b/modules/billing-account/variables.tf index 3927b05bad..a7484dcf1b 100644 --- a/modules/billing-account/variables.tf +++ b/modules/billing-account/variables.tf @@ -118,7 +118,7 @@ variable "budgets" { } } -variable "factory_config" { +variable "factories_config" { # TODO: align all other factory variable names description = "Path to folder containing budget alerts data files." type = object({ From d0b506f10c12f336f47d0b6d0551a59e531a3cac Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:02:31 +0100 Subject: [PATCH 06/24] align factory in dataplex-datascan module --- modules/dataplex-datascan/README.md | 26 ++-- modules/dataplex-datascan/factory.tf | 150 +++++++++++++++++++++ modules/dataplex-datascan/main.tf | 121 ++++++++++++----- modules/dataplex-datascan/rules_parsing.tf | 54 -------- modules/dataplex-datascan/variables.tf | 17 +-- 5 files changed, 262 insertions(+), 106 deletions(-) create mode 100644 modules/dataplex-datascan/factory.tf delete mode 100644 modules/dataplex-datascan/rules_parsing.tf diff --git a/modules/dataplex-datascan/README.md b/modules/dataplex-datascan/README.md index 4053b60699..4b9ecbccc3 100644 --- a/modules/dataplex-datascan/README.md +++ b/modules/dataplex-datascan/README.md @@ -161,8 +161,8 @@ module "dataplex-datascan" { resource = "//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations" } incremental_field = "modified_date" - data_quality_spec_file = { - path = "config/data_quality_spec.yaml" + factories_config = { + data_quality_spec = "config/data_quality_spec.yaml" } } # tftest modules=1 resources=1 files=data_quality_spec inventory=datascan_dq.yaml @@ -244,8 +244,8 @@ module "dataplex-datascan" { resource = "//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations" } incremental_field = "modified_date" - data_quality_spec_file = { - path = "config/data_quality_spec_camel_case.yaml" + factories_config = { + data_quality_spec = "config/data_quality_spec_camel_case.yaml" } } # tftest modules=1 resources=1 files=data_quality_spec_camel_case inventory=datascan_dq.yaml @@ -431,21 +431,21 @@ module "dataplex-datascan" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [data](variables.tf#L17) | The data source for DataScan. The source can be either a Dataplex `entity` or a BigQuery `resource`. | object({…}) | ✓ | | -| [name](variables.tf#L118) | Name of Dataplex Scan. | string | ✓ | | -| [project_id](variables.tf#L129) | The ID of the project where the Dataplex DataScan will be created. | string | ✓ | | -| [region](variables.tf#L134) | Region for the Dataplex DataScan. | string | ✓ | | +| [name](variables.tf#L119) | Name of Dataplex Scan. | string | ✓ | | +| [project_id](variables.tf#L130) | The ID of the project where the Dataplex DataScan will be created. | string | ✓ | | +| [region](variables.tf#L135) | Region for the Dataplex DataScan. | string | ✓ | | | [data_profile_spec](variables.tf#L29) | DataProfileScan related setting. Variable descriptions are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec. | object({…}) | | null | | [data_quality_spec](variables.tf#L38) | DataQualityScan related setting. Variable descriptions are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec. | object({…}) | | null | -| [data_quality_spec_file](variables.tf#L85) | Path to a YAML file containing DataQualityScan related setting. Input content can use either camelCase or snake_case. Variables description are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec. | object({…}) | | null | -| [description](variables.tf#L93) | Custom description for DataScan. | string | | null | -| [execution_schedule](variables.tf#L99) | Schedule DataScan to run periodically based on a cron schedule expression. If not specified, the DataScan is created with `on_demand` schedule, which means it will not run until the user calls `dataScans.run` API. | string | | null | +| [description](variables.tf#L85) | Custom description for DataScan. | string | | null | +| [execution_schedule](variables.tf#L91) | Schedule DataScan to run periodically based on a cron schedule expression. If not specified, the DataScan is created with `on_demand` schedule, which means it will not run until the user calls `dataScans.run` API. | string | | null | +| [factories_config](variables.tf#L97) | Paths to data files and folders that enable factory functionality. | object({…}) | | {} | | [iam](variables-iam.tf#L24) | Dataplex DataScan IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [iam_bindings](variables-iam.tf#L31) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | | [iam_bindings_additive](variables-iam.tf#L46) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | | [iam_by_principals](variables-iam.tf#L17) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | -| [incremental_field](variables.tf#L105) | The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table. | string | | null | -| [labels](variables.tf#L111) | Resource labels. | map(string) | | {} | -| [prefix](variables.tf#L123) | Optional prefix used to generate Dataplex DataScan ID. | string | | null | +| [incremental_field](variables.tf#L106) | The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table. | string | | null | +| [labels](variables.tf#L112) | Resource labels. | map(string) | | {} | +| [prefix](variables.tf#L124) | Optional prefix used to generate Dataplex DataScan ID. | string | | null | ## Outputs diff --git a/modules/dataplex-datascan/factory.tf b/modules/dataplex-datascan/factory.tf new file mode 100644 index 0000000000..964e232f12 --- /dev/null +++ b/modules/dataplex-datascan/factory.tf @@ -0,0 +1,150 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + _factory_data = ( + var.factories_config.data_quality_spec == null + ? null + : yamldecode(file(pathexpand(var.factories_config.data_quality_spec))) + ) + factory_data = { + post_scan_actions = try( + local._factory_data.postScanActions, + local._factory_data.post_scan_actions, + null + ) + row_filter = try( + local._factory_data.rowFilter, + local._factory_data.row_filter, + null + ) + rules = [ + for rule in try(local._factory_data.rules, []) : { + column = try(rule.column, null) + ignore_null = try(rule.ignoreNull, rule.ignore_null, null) + dimension = rule.dimension + threshold = try(rule.threshold, null) + non_null_expectation = try( + rule.nonNullExpectation, rule.non_null_expectation, null + ) + range_expectation = ( + can(rule.rangeExpectation) || can(rule.range_expectation) + ? { + min_value = try( + rule.rangeExpectation.minValue, + rule.range_expectation.min_value, + null + ) + max_value = try( + rule.rangeExpectation.maxValue, + rule.range_expectation.max_value, + null + ) + strict_min_enabled = try( + rule.rangeExpectation.strictMinEnabled, + rule.range_expectation.strict_min_enabled, + null + ) + strict_max_enabled = try( + rule.rangeExpectation.strictMaxEnabled, + rule.range_expectation.strict_max_enabled, + null + ) + } + : null + ) + regex_expectation = ( + can(rule.regexExpectation) || can(rule.regex_expectation) + ? { + regex = try( + rule.regexExpectation.regex, rule.regex_expectation.regex, null + ) + } + : null + ) + set_expectation = ( + can(rule.setExpectation) || can(rule.set_expectation) + ? { + values = try( + rule.setExpectation.values, rule.set_expectation.values, null + ) + } + : null + ) + uniqueness_expectation = try( + rule.uniquenessExpectation, rule.uniqueness_expectation, null + ) + statistic_range_expectation = ( + can(rule.statisticRangeExpectation) || can(rule.statistic_range_expectation) + ? { + statistic = try( + rule.statisticRangeExpectation.statistic, + rule.statistic_range_expectation.statistic + ) + min_value = try( + rule.statisticRangeExpectation.minValue, + rule.statistic_range_expectation.min_value, + null + ) + max_value = try( + rule.statisticRangeExpectation.maxValue, + rule.statistic_range_expectation.max_value, + null + ) + strict_min_enabled = try( + rule.statisticRangeExpectation.strictMinEnabled, + rule.statistic_range_expectation.strict_min_enabled, + null + ) + strict_max_enabled = try( + rule.statisticRangeExpectation.strictMaxEnabled, + rule.statistic_range_expectation.strict_max_enabled, + null + ) + } + : null + ) + row_condition_expectation = ( + can(rule.rowConditionExpectation) || can(rule.row_condition_expectation) + ? { + sql_expression = try( + rule.rowConditionExpectation.sqlExpression, + rule.row_condition_expectation.sql_expression, + null + ) + } + : null + ) + table_condition_expectation = ( + can(rule.tableConditionExpectation) || can(rule.table_condition_expectation) + ? { + sql_expression = try( + rule.tableConditionExpectation.sqlExpression, + rule.table_condition_expectation.sql_expression, + null + ) + } + : null + ) + } + ] + sampling_percent = try( + local._factory_data.samplingPercent, + local._factory_data.sampling_percent, + null + ) + } +} diff --git a/modules/dataplex-datascan/main.tf b/modules/dataplex-datascan/main.tf index e1b6634d5d..0d9ad82ed6 100644 --- a/modules/dataplex-datascan/main.tf +++ b/modules/dataplex-datascan/main.tf @@ -15,17 +15,31 @@ */ locals { - prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" - _file_data_quality_spec = var.data_quality_spec_file == null ? null : { - sampling_percent = try(local._file_data_quality_spec_raw.samplingPercent, local._file_data_quality_spec_raw.sampling_percent, null) - row_filter = try(local._file_data_quality_spec_raw.rowFilter, local._file_data_quality_spec_raw.row_filter, null) - rules = local._parsed_rules - post_scan_actions = try(local._file_data_quality_spec_raw.postScanActions, local._file_data_quality_spec_raw.post_scan_actions, null) + data_quality_spec = { + post_scan_actions = try( + var.data_quality_spec.post_scan_actions, + local.factory_data.post_scan_actions, + null + ) + row_filter = try( + var.data_quality_spec.row_filter, + local.factory_data.row_filter, + null + ) + rules = concat( + try(var.data_quality_spec.rules, []), + try(local.factory_data.rules, []) + ) + sampling_percent = try( + var.data_quality_spec.sampling_percent, + local.factory_data.sampling_percent, + null + ) } - data_quality_spec = ( - var.data_quality_spec != null || var.data_quality_spec_file != null ? - merge(var.data_quality_spec, local._file_data_quality_spec) : - null + prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" + use_data_quality = ( + var.data_quality_spec != null || + var.factories_config.data_quality_spec != null ) } @@ -68,7 +82,7 @@ resource "google_dataplex_datascan" "datascan" { } dynamic "data_quality_spec" { - for_each = local.data_quality_spec != null ? [""] : [] + for_each = local.use_data_quality ? [""] : [] content { sampling_percent = try(local.data_quality_spec.sampling_percent, null) row_filter = try(local.data_quality_spec.row_filter, null) @@ -76,9 +90,16 @@ resource "google_dataplex_datascan" "datascan" { for_each = local.data_quality_spec.post_scan_actions != null ? [""] : [] content { dynamic "bigquery_export" { - for_each = local.data_quality_spec.post_scan_actions.bigquery_export != null ? [""] : [] + for_each = ( + local.data_quality_spec.post_scan_actions.bigquery_export != null + ? [""] + : [] + ) content { - results_table = try(local.data_quality_spec.post_scan_actions.bigquery_export.results_table, null) + results_table = try( + local.data_quality_spec.post_scan_actions.bigquery_export.results_table, + null + ) } } } @@ -98,55 +119,85 @@ resource "google_dataplex_datascan" "datascan" { } dynamic "range_expectation" { - for_each = try(rules.value.range_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.range_expectation, null) != null ? [""] : [] + ) content { - min_value = try(rules.value.range_expectation.min_value, null) - max_value = try(rules.value.range_expectation.max_value, null) - strict_min_enabled = try(rules.value.range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rules.value.range_expectation.strict_max_enabled, null) + min_value = try( + rules.value.range_expectation.min_value, null + ) + max_value = try( + rules.value.range_expectation.max_value, null + ) + strict_min_enabled = try( + rules.value.range_expectation.strict_min_enabled, null + ) + strict_max_enabled = try( + rules.value.range_expectation.strict_max_enabled, null + ) } } dynamic "set_expectation" { - for_each = try(rules.value.set_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.set_expectation, null) != null ? [""] : [] + ) content { values = rules.value.set_expectation.values } } dynamic "uniqueness_expectation" { - for_each = try(rules.value.uniqueness_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.uniqueness_expectation, null) != null ? [""] : [] + ) content { } } dynamic "regex_expectation" { - for_each = try(rules.value.regex_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.regex_expectation, null) != null ? [""] : [] + ) content { regex = rules.value.regex_expectation.regex } } dynamic "statistic_range_expectation" { - for_each = try(rules.value.statistic_range_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.statistic_range_expectation, null) != null ? [""] : [] + ) content { - min_value = try(rules.value.statistic_range_expectation.min_value, null) - max_value = try(rules.value.statistic_range_expectation.max_value, null) - strict_min_enabled = try(rules.value.statistic_range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rules.value.statistic_range_expectation.strict_max_enabled, null) - statistic = rules.value.statistic_range_expectation.statistic + min_value = try( + rules.value.statistic_range_expectation.min_value, null + ) + max_value = try( + rules.value.statistic_range_expectation.max_value, null + ) + strict_min_enabled = try( + rules.value.statistic_range_expectation.strict_min_enabled, null + ) + strict_max_enabled = try( + rules.value.statistic_range_expectation.strict_max_enabled, null + ) + statistic = rules.value.statistic_range_expectation.statistic } } dynamic "row_condition_expectation" { - for_each = try(rules.value.row_condition_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.row_condition_expectation, null) != null ? [""] : [] + ) content { sql_expression = rules.value.row_condition_expectation.sql_expression } } dynamic "table_condition_expectation" { - for_each = try(rules.value.table_condition_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.table_condition_expectation, null) != null ? [""] : [] + ) content { sql_expression = rules.value.table_condition_expectation.sql_expression } @@ -159,8 +210,16 @@ resource "google_dataplex_datascan" "datascan" { lifecycle { precondition { - condition = length([for spec in [var.data_profile_spec, var.data_quality_spec, var.data_quality_spec_file] : spec if spec != null]) == 1 - error_message = "DataScan can only contain one of 'data_profile_spec', 'data_quality_spec', 'data_quality_spec_file'." + condition = ( + length([ + for spec in [ + var.data_profile_spec, + var.data_quality_spec, + var.factories_config.data_quality_spec + ] : spec if spec != null + ]) == 1 + ) + error_message = "DataScan can only contain one of 'data_profile_spec', 'data_quality_spec', 'factories_config.data_quality_spec'." } precondition { condition = alltrue([ diff --git a/modules/dataplex-datascan/rules_parsing.tf b/modules/dataplex-datascan/rules_parsing.tf deleted file mode 100644 index bbdc82206b..0000000000 --- a/modules/dataplex-datascan/rules_parsing.tf +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - _file_data_quality_spec_raw = var.data_quality_spec_file != null ? yamldecode(file(var.data_quality_spec_file.path)) : tomap({}) - _parsed_rules = [ - for rule in try(local._file_data_quality_spec_raw.rules, []) : { - column = try(rule.column, null) - ignore_null = try(rule.ignoreNull, rule.ignore_null, null) - dimension = rule.dimension - threshold = try(rule.threshold, null) - non_null_expectation = try(rule.nonNullExpectation, rule.non_null_expectation, null) - range_expectation = can(rule.rangeExpectation) || can(rule.range_expectation) ? { - min_value = try(rule.rangeExpectation.minValue, rule.range_expectation.min_value, null) - max_value = try(rule.rangeExpectation.maxValue, rule.range_expectation.max_value, null) - strict_min_enabled = try(rule.rangeExpectation.strictMinEnabled, rule.range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rule.rangeExpectation.strictMaxEnabled, rule.range_expectation.strict_max_enabled, null) - } : null - regex_expectation = can(rule.regexExpectation) || can(rule.regex_expectation) ? { - regex = try(rule.regexExpectation.regex, rule.regex_expectation.regex, null) - } : null - set_expectation = can(rule.setExpectation) || can(rule.set_expectation) ? { - values = try(rule.setExpectation.values, rule.set_expectation.values, null) - } : null - uniqueness_expectation = try(rule.uniquenessExpectation, rule.uniqueness_expectation, null) - statistic_range_expectation = can(rule.statisticRangeExpectation) || can(rule.statistic_range_expectation) ? { - statistic = try(rule.statisticRangeExpectation.statistic, rule.statistic_range_expectation.statistic) - min_value = try(rule.statisticRangeExpectation.minValue, rule.statistic_range_expectation.min_value, null) - max_value = try(rule.statisticRangeExpectation.maxValue, rule.statistic_range_expectation.max_value, null) - strict_min_enabled = try(rule.statisticRangeExpectation.strictMinEnabled, rule.statistic_range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rule.statisticRangeExpectation.strictMaxEnabled, rule.statistic_range_expectation.strict_max_enabled, null) - } : null - row_condition_expectation = can(rule.rowConditionExpectation) || can(rule.row_condition_expectation) ? { - sql_expression = try(rule.rowConditionExpectation.sqlExpression, rule.row_condition_expectation.sql_expression, null) - } : null - table_condition_expectation = can(rule.tableConditionExpectation) || can(rule.table_condition_expectation) ? { - sql_expression = try(rule.tableConditionExpectation.sqlExpression, rule.table_condition_expectation.sql_expression, null) - } : null - } - ] -} \ No newline at end of file diff --git a/modules/dataplex-datascan/variables.tf b/modules/dataplex-datascan/variables.tf index cab105bfed..c01774f75d 100644 --- a/modules/dataplex-datascan/variables.tf +++ b/modules/dataplex-datascan/variables.tf @@ -82,14 +82,6 @@ variable "data_quality_spec" { }) } -variable "data_quality_spec_file" { - description = "Path to a YAML file containing DataQualityScan related setting. Input content can use either camelCase or snake_case. Variables description are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec." - default = null - type = object({ - path = string - }) -} - variable "description" { description = "Custom description for DataScan." default = null @@ -102,6 +94,15 @@ variable "execution_schedule" { default = null } +variable "factories_config" { + description = "Paths to data files and folders that enable factory functionality." + type = object({ + data_quality_spec = optional(string) + }) + nullable = false + default = {} +} + variable "incremental_field" { description = "The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table." type = string From 35d6a57600ec84daeeca7b40ced5c833be79077e Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:06:58 +0100 Subject: [PATCH 07/24] align factory in billing-account module --- modules/billing-account/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/billing-account/variables.tf b/modules/billing-account/variables.tf index a7484dcf1b..e69e6963f1 100644 --- a/modules/billing-account/variables.tf +++ b/modules/billing-account/variables.tf @@ -119,7 +119,6 @@ variable "budgets" { } variable "factories_config" { - # TODO: align all other factory variable names description = "Path to folder containing budget alerts data files." type = object({ budgets_data_path = optional(string, "data/billing-budgets") From 0f93bdb5ade39e700d9d1b6aef9bb73a0587911f Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:07:13 +0100 Subject: [PATCH 08/24] align factory in net-firewall-policy module --- modules/net-firewall-policy/README.md | 12 ++++++------ modules/net-firewall-policy/factory.tf | 8 +++++--- modules/net-firewall-policy/variables.tf | 22 +++++++++++----------- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/modules/net-firewall-policy/README.md b/modules/net-firewall-policy/README.md index e4f7cfb796..17381abef6 100644 --- a/modules/net-firewall-policy/README.md +++ b/modules/net-firewall-policy/README.md @@ -194,7 +194,7 @@ module "firewall-policy" { } } } - rules_factory_config = { + factories_config = { cidr_file_path = "configs/cidrs.yaml" egress_rules_file_path = "configs/egress.yaml" ingress_rules_file_path = "configs/ingress.yaml" @@ -258,14 +258,14 @@ issue-1995: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L102) | Policy name. | string | ✓ | | -| [parent_id](variables.tf#L108) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string | ✓ | | +| [name](variables.tf#L113) | Policy name. | string | ✓ | | +| [parent_id](variables.tf#L119) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string | ✓ | | | [attachments](variables.tf#L17) | Ids of the resources to which this policy will be attached, in descriptive name => self link format. Specify folders or organization for hierarchical policy, VPCs for network policy. | map(string) | | {} | | [description](variables.tf#L24) | Policy description. | string | | null | | [egress_rules](variables.tf#L30) | List of egress rule definitions, action can be 'allow', 'deny', 'goto_next'. The match.layer4configs map is in protocol => optional [ports] format. | map(object({…})) | | {} | -| [ingress_rules](variables.tf#L66) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…})) | | {} | -| [region](variables.tf#L114) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string | | null | -| [rules_factory_config](variables.tf#L120) | Configuration for the optional rules factory. | object({…}) | | {} | +| [factories_config](variables.tf#L66) | Paths to folders for the optional factories. | object({…}) | | {} | +| [ingress_rules](variables.tf#L77) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…})) | | {} | +| [region](variables.tf#L125) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string | | null | ## Outputs diff --git a/modules/net-firewall-policy/factory.tf b/modules/net-firewall-policy/factory.tf index be065b9b68..1b678d05e9 100644 --- a/modules/net-firewall-policy/factory.tf +++ b/modules/net-firewall-policy/factory.tf @@ -16,13 +16,15 @@ locals { _factory_egress_rules = try( - yamldecode(file(var.rules_factory_config.egress_rules_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.egress_rules_file_path))), + {} ) _factory_ingress_rules = try( - yamldecode(file(var.rules_factory_config.ingress_rules_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.ingress_rules_file_path))), + {} ) factory_cidrs = try( - yamldecode(file(var.rules_factory_config.cidr_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.cidr_file_path))), {} ) factory_egress_rules = { for k, v in local._factory_egress_rules : "egress/${k}" => { diff --git a/modules/net-firewall-policy/variables.tf b/modules/net-firewall-policy/variables.tf index c419d7c027..3a8d16b70f 100644 --- a/modules/net-firewall-policy/variables.tf +++ b/modules/net-firewall-policy/variables.tf @@ -63,6 +63,17 @@ variable "egress_rules" { } } +variable "factories_config" { + description = "Paths to folders for the optional factories." + type = object({ + cidr_file_path = optional(string) + egress_rules_file_path = optional(string) + ingress_rules_file_path = optional(string) + }) + nullable = false + default = {} +} + variable "ingress_rules" { description = "List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'." type = map(object({ @@ -116,14 +127,3 @@ variable "region" { type = string default = null } - -variable "rules_factory_config" { - description = "Configuration for the optional rules factory." - type = object({ - cidr_file_path = optional(string) - egress_rules_file_path = optional(string) - ingress_rules_file_path = optional(string) - }) - nullable = false - default = {} -} From d72086623fd37c4f54071f702b7d1c3677d06413 Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:16:22 +0100 Subject: [PATCH 09/24] align factory in dns-response-policy module --- modules/dns-response-policy/README.md | 26 +++++++++++++++++------- modules/dns-response-policy/main.tf | 7 +++++-- modules/dns-response-policy/variables.tf | 15 ++++++++------ 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/modules/dns-response-policy/README.md b/modules/dns-response-policy/README.md index 9f90e8d74a..010c09c5a7 100644 --- a/modules/dns-response-policy/README.md +++ b/modules/dns-response-policy/README.md @@ -4,6 +4,16 @@ This module allows management of a [Google Cloud DNS policy and its rules](https The module also allows setting rules via a factory. An example is given below. + +- [Examples](#examples) + - [Manage policy and override resolution for specific names](#manage-policy-and-override-resolution-for-specific-names) + - [Use existing policy and override resolution via wildcard with exceptions](#use-existing-policy-and-override-resolution-via-wildcard-with-exceptions) + - [Define policy rules via a factory file](#define-policy-rules-via-a-factory-file) +- [Variables](#variables) +- [Outputs](#outputs) +- [Fixtures](#fixtures) + + ## Examples ### Manage policy and override resolution for specific names @@ -96,7 +106,9 @@ module "dns-policy" { networks = { landing = var.vpc.self_link } - rules_file = "config/rules.yaml" + factories_config = { + rules = "config/rules.yaml" + } } # tftest modules=2 resources=5 files=rules-file fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e ``` @@ -133,14 +145,14 @@ restricted: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L30) | Policy name. | string | ✓ | | -| [project_id](variables.tf#L49) | Project id for the zone. | string | ✓ | | +| [name](variables.tf#L39) | Policy name. | string | ✓ | | +| [project_id](variables.tf#L58) | Project id for the zone. | string | ✓ | | | [clusters](variables.tf#L17) | Map of GKE clusters to which this policy is applied in name => id format. | map(string) | | {} | | [description](variables.tf#L24) | Policy description. | string | | "Terraform managed." | -| [networks](variables.tf#L35) | Map of VPC self links to which this policy is applied in name => self link format. | map(string) | | {} | -| [policy_create](variables.tf#L42) | Set to false to use the existing policy matching name and only manage rules. | bool | | true | -| [rules](variables.tf#L54) | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…})) | | {} | -| [rules_file](variables.tf#L68) | Optional data file in YAML format listing rules that will be combined with those passed in via the `rules` variable. | string | | null | +| [factories_config](variables.tf#L30) | Path to folder containing rules data files for the optional factory. | object({…}) | | {} | +| [networks](variables.tf#L44) | Map of VPC self links to which this policy is applied in name => self link format. | map(string) | | {} | +| [policy_create](variables.tf#L51) | Set to false to use the existing policy matching name and only manage rules. | bool | | true | +| [rules](variables.tf#L63) | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…})) | | {} | ## Outputs diff --git a/modules/dns-response-policy/main.tf b/modules/dns-response-policy/main.tf index 5d16849777..66ca9cdf72 100644 --- a/modules/dns-response-policy/main.tf +++ b/modules/dns-response-policy/main.tf @@ -15,9 +15,12 @@ */ locals { - _factory_data = var.rules_file != null ? file(var.rules_file) : "{}" + _factory_data = ( + var.factories_config.rules != null + ? file(pathexpand(var.factories_config.rules)) + : "{}" + ) _factory_rules = yamldecode(local._factory_data) - factory_rules = { for k, v in local._factory_rules : k => { dns_name = v.dns_name diff --git a/modules/dns-response-policy/variables.tf b/modules/dns-response-policy/variables.tf index fa26c3bb47..35a113c548 100644 --- a/modules/dns-response-policy/variables.tf +++ b/modules/dns-response-policy/variables.tf @@ -27,6 +27,15 @@ variable "description" { default = "Terraform managed." } +variable "factories_config" { + description = "Path to folder containing rules data files for the optional factory." + type = object({ + rules = optional(string) + }) + nullable = false + default = {} +} + variable "name" { description = "Policy name." type = string @@ -64,9 +73,3 @@ variable "rules" { default = {} nullable = false } - -variable "rules_file" { - description = "Optional data file in YAML format listing rules that will be combined with those passed in via the `rules` variable." - type = string - default = null -} From d44ef7839bd759fe6c23e7f45e9cce36839b833a Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 12:58:48 +0100 Subject: [PATCH 10/24] align factory in net-vpc-firewall module --- modules/net-vpc-firewall/README.md | 13 +++++-------- modules/net-vpc-firewall/main.tf | 13 +++++++++---- modules/net-vpc-firewall/variables.tf | 5 +++-- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index a50570dadf..0ba7e1d3ce 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -272,20 +272,18 @@ module "firewall" { } # tftest modules=1 resources=3 files=lbs inventory=factory.yaml ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [network](variables.tf#L110) | Name of the network this set of firewall rules applies to. | string | ✓ | | -| [project_id](variables.tf#L115) | Project id of the project that holds the network. | string | ✓ | | +| [network](variables.tf#L111) | Name of the network this set of firewall rules applies to. | string | ✓ | | +| [project_id](variables.tf#L116) | Project id of the project that holds the network. | string | ✓ | | | [default_rules_config](variables.tf#L17) | Optionally created convenience rules. Set the 'disabled' attribute to true, or individual rule attributes to empty lists to disable. | object({…}) | | {} | | [egress_rules](variables.tf#L37) | List of egress rule definitions, default to deny action. Null destination ranges will be replaced with 0/0. | map(object({…})) | | {} | -| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | null | -| [ingress_rules](variables.tf#L69) | List of ingress rule definitions, default to allow action. Null source ranges will be replaced with 0/0. | map(object({…})) | | {} | -| [named_ranges](variables.tf#L93) | Define mapping of names to ranges that can be used in custom rules. | map(list(string)) | | {…} | +| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | {} | +| [ingress_rules](variables.tf#L70) | List of ingress rule definitions, default to allow action. Null source ranges will be replaced with 0/0. | map(object({…})) | | {} | +| [named_ranges](variables.tf#L94) | Define mapping of names to ranges that can be used in custom rules. | map(list(string)) | | {…} | ## Outputs @@ -293,5 +291,4 @@ module "firewall" { |---|---|:---:| | [default_rules](outputs.tf#L17) | Default rule resources. | | | [rules](outputs.tf#L27) | Custom rule resources. | | - diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf index f2b9f0b791..57e7607bda 100644 --- a/modules/net-vpc-firewall/main.tf +++ b/modules/net-vpc-firewall/main.tf @@ -15,10 +15,11 @@ */ locals { + _factory_rules_folder = try(pathexpand(var.factories_config.rules_folder), null) # define list of rule files - _factory_rule_files = [ - for f in try(fileset(var.factories_config.rules_folder, "**/*.yaml"), []) : - "${var.factories_config.rules_folder}/${f}" + _factory_rule_files = local._factory_rules_folder == null ? [] : [ + for f in try(fileset(local._factory_rules_folder, "**/*.yaml"), []) : + "${local._factory_rules_folder}/${f}" ] # decode rule files and account for optional attributes _factory_rule_list = flatten([ @@ -47,7 +48,11 @@ locals { if contains(["EGRESS", "INGRESS"], r.direction) } _named_ranges = merge( - can(var.factories_config.cidr_tpl_file) ? var.factories_config.cidr_tpl_file != null ? yamldecode(file(var.factories_config.cidr_tpl_file)) : {} : {}, + ( + var.factories_config.cidr_tpl_file != null + ? yamldecode(pathexpand(file(var.factories_config.cidr_tpl_file))) + : {} + ), var.named_ranges ) _rules = merge( diff --git a/modules/net-vpc-firewall/variables.tf b/modules/net-vpc-firewall/variables.tf index 132f00ed9e..104f87d5b5 100644 --- a/modules/net-vpc-firewall/variables.tf +++ b/modules/net-vpc-firewall/variables.tf @@ -61,9 +61,10 @@ variable "factories_config" { description = "Paths to data files and folders that enable factory functionality." type = object({ cidr_tpl_file = optional(string) - rules_folder = string + rules_folder = optional(string) }) - default = null + nullable = false + default = {} } variable "ingress_rules" { From 59e6433851a3000750528ee743596cae7b70aec9 Mon Sep 17 00:00:00 2001 From: Ludo Date: Sun, 25 Feb 2024 13:10:27 +0100 Subject: [PATCH 11/24] align factory in net-vpc module --- modules/net-vpc/subnets.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf index 1604df9b4e..93581123bc 100644 --- a/modules/net-vpc/subnets.tf +++ b/modules/net-vpc/subnets.tf @@ -18,9 +18,10 @@ locals { _factory_data = { - for f in try(fileset(var.factories_config.subnets_folder, "**/*.yaml"), []) : - trimsuffix(basename(f), ".yaml") => yamldecode(file("${var.factories_config.subnets_folder}/${f}")) + for f in try(fileset(local._factory_path, "**/*.yaml"), []) : + trimsuffix(basename(f), ".yaml") => yamldecode(file("${local._factory_path}/${f}")) } + _factory_path = try(pathexpand(var.factories_config.subnets_folder), null) _factory_subnets = { for k, v in local._factory_data : "${v.region}/${try(v.name, k)}" => { From 18dde9290529c33f3c4c1b60a7040846b66074b6 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:14:46 +0100 Subject: [PATCH 12/24] align factory variable names in FAST --- fast/stages/2-networking-a-peering/dns-landing.tf | 4 +++- fast/stages/2-networking-a-peering/main.tf | 2 +- fast/stages/2-networking-b-vpn/dns-landing.tf | 4 +++- fast/stages/2-networking-b-vpn/main.tf | 2 +- fast/stages/2-networking-c-nva/dns-landing.tf | 4 +++- fast/stages/2-networking-c-nva/main.tf | 2 +- fast/stages/2-networking-d-separate-envs/dns-dev.tf | 4 +++- fast/stages/2-networking-d-separate-envs/dns-prod.tf | 4 +++- fast/stages/2-networking-d-separate-envs/main.tf | 2 +- fast/stages/2-networking-e-nva-bgp/dns-landing.tf | 4 +++- fast/stages/2-networking-e-nva-bgp/main.tf | 2 +- fast/stages/3-project-factory/dev/README.md | 6 +++--- fast/stages/3-project-factory/dev/main.tf | 2 +- 13 files changed, 27 insertions(+), 15 deletions(-) diff --git a/fast/stages/2-networking-a-peering/dns-landing.tf b/fast/stages/2-networking-a-peering/dns-landing.tf index 2eefbc86d8..2c627122e4 100644 --- a/fast/stages/2-networking-a-peering/dns-landing.tf +++ b/fast/stages/2-networking-a-peering/dns-landing.tf @@ -82,8 +82,10 @@ module "landing-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.landing-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { landing = module.landing-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-a-peering/main.tf b/fast/stages/2-networking-a-peering/main.tf index 9637c492b4..3db74dad58 100644 --- a/fast/stages/2-networking-a-peering/main.tf +++ b/fast/stages/2-networking-a-peering/main.tf @@ -60,7 +60,7 @@ module "firewall-policy-default" { source = "../../../modules/net-firewall-policy" name = var.factories_config.firewall_policy_name parent_id = module.folder.id - rules_factory_config = { + factories_config = { cidr_file_path = "${var.factories_config.data_dir}/cidrs.yaml" ingress_rules_file_path = "${var.factories_config.data_dir}/hierarchical-ingress-rules.yaml" } diff --git a/fast/stages/2-networking-b-vpn/dns-landing.tf b/fast/stages/2-networking-b-vpn/dns-landing.tf index 2eefbc86d8..2c627122e4 100644 --- a/fast/stages/2-networking-b-vpn/dns-landing.tf +++ b/fast/stages/2-networking-b-vpn/dns-landing.tf @@ -82,8 +82,10 @@ module "landing-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.landing-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { landing = module.landing-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-b-vpn/main.tf b/fast/stages/2-networking-b-vpn/main.tf index 9637c492b4..3db74dad58 100644 --- a/fast/stages/2-networking-b-vpn/main.tf +++ b/fast/stages/2-networking-b-vpn/main.tf @@ -60,7 +60,7 @@ module "firewall-policy-default" { source = "../../../modules/net-firewall-policy" name = var.factories_config.firewall_policy_name parent_id = module.folder.id - rules_factory_config = { + factories_config = { cidr_file_path = "${var.factories_config.data_dir}/cidrs.yaml" ingress_rules_file_path = "${var.factories_config.data_dir}/hierarchical-ingress-rules.yaml" } diff --git a/fast/stages/2-networking-c-nva/dns-landing.tf b/fast/stages/2-networking-c-nva/dns-landing.tf index e18114fa7f..4b252dbd5e 100644 --- a/fast/stages/2-networking-c-nva/dns-landing.tf +++ b/fast/stages/2-networking-c-nva/dns-landing.tf @@ -91,9 +91,11 @@ module "landing-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.landing-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { landing-trusted = module.landing-trusted-vpc.self_link landing-untrusted = module.landing-untrusted-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-c-nva/main.tf b/fast/stages/2-networking-c-nva/main.tf index 2f5fead609..ee2d58d6fd 100644 --- a/fast/stages/2-networking-c-nva/main.tf +++ b/fast/stages/2-networking-c-nva/main.tf @@ -61,7 +61,7 @@ module "firewall-policy-default" { source = "../../../modules/net-firewall-policy" name = var.factories_config.firewall_policy_name parent_id = module.folder.id - rules_factory_config = { + factories_config = { cidr_file_path = "${var.factories_config.data_dir}/cidrs.yaml" ingress_rules_file_path = "${var.factories_config.data_dir}/hierarchical-ingress-rules.yaml" } diff --git a/fast/stages/2-networking-d-separate-envs/dns-dev.tf b/fast/stages/2-networking-d-separate-envs/dns-dev.tf index 018b2391b6..46d41316c3 100644 --- a/fast/stages/2-networking-d-separate-envs/dns-dev.tf +++ b/fast/stages/2-networking-d-separate-envs/dns-dev.tf @@ -77,8 +77,10 @@ module "dev-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.dev-spoke-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { dev = module.dev-spoke-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-d-separate-envs/dns-prod.tf b/fast/stages/2-networking-d-separate-envs/dns-prod.tf index 0c86e476e8..cfef28dd75 100644 --- a/fast/stages/2-networking-d-separate-envs/dns-prod.tf +++ b/fast/stages/2-networking-d-separate-envs/dns-prod.tf @@ -77,8 +77,10 @@ module "prod-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.prod-spoke-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { prod = module.prod-spoke-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-d-separate-envs/main.tf b/fast/stages/2-networking-d-separate-envs/main.tf index e9f632c98e..928969abde 100644 --- a/fast/stages/2-networking-d-separate-envs/main.tf +++ b/fast/stages/2-networking-d-separate-envs/main.tf @@ -56,7 +56,7 @@ module "firewall-policy-default" { source = "../../../modules/net-firewall-policy" name = var.factories_config.firewall_policy_name parent_id = module.folder.id - rules_factory_config = { + factories_config = { cidr_file_path = "${var.factories_config.data_dir}/cidrs.yaml" ingress_rules_file_path = "${var.factories_config.data_dir}/hierarchical-ingress-rules.yaml" } diff --git a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf index e18114fa7f..4b252dbd5e 100644 --- a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf +++ b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf @@ -91,9 +91,11 @@ module "landing-dns-policy-googleapis" { source = "../../../modules/dns-response-policy" project_id = module.landing-project.project_id name = "googleapis" + factories_config = { + rules = var.factories_config.dns_policy_rules_file + } networks = { landing-trusted = module.landing-trusted-vpc.self_link landing-untrusted = module.landing-untrusted-vpc.self_link } - rules_file = var.factories_config.dns_policy_rules_file } diff --git a/fast/stages/2-networking-e-nva-bgp/main.tf b/fast/stages/2-networking-e-nva-bgp/main.tf index 2f5fead609..ee2d58d6fd 100644 --- a/fast/stages/2-networking-e-nva-bgp/main.tf +++ b/fast/stages/2-networking-e-nva-bgp/main.tf @@ -61,7 +61,7 @@ module "firewall-policy-default" { source = "../../../modules/net-firewall-policy" name = var.factories_config.firewall_policy_name parent_id = module.folder.id - rules_factory_config = { + factories_config = { cidr_file_path = "${var.factories_config.data_dir}/cidrs.yaml" ingress_rules_file_path = "${var.factories_config.data_dir}/hierarchical-ingress-rules.yaml" } diff --git a/fast/stages/3-project-factory/dev/README.md b/fast/stages/3-project-factory/dev/README.md index 07b748c50f..09f246e5c4 100644 --- a/fast/stages/3-project-factory/dev/README.md +++ b/fast/stages/3-project-factory/dev/README.md @@ -1,7 +1,7 @@ # Project factory The Project Factory (or PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads. -It is organized in folders representing environments (e.g., "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c). +It is organized in folders representing environments (e.g., "dev", "prod"), each implemented by a stand-alone terraform [process factory](../../../../blueprints/factories/README.md). ## Design overview and choices @@ -13,7 +13,7 @@ A single factory creates projects in a well-defined context, according to your r Projects for each environment across different teams are created by dedicated service accounts, as exemplified in the diagram above. While there's no intrinsic limitation regarding where the project factory can create a projects, the IAM bindings for the service account effectively enforce boundaries (e.g., the production service account shouldn't be able to create or have any access to the development projects, and vice versa). -The project factory exposes all the features of the underlying [project module](../../../../modules/project/), including Shared VPC service project attachment, VPC SC perimeter membership, etc. +The project factory stage lightly wraps the underlying [project-factory module](../../../../modules/project-factory/), including Shared VPC service project attachment, VPC SC perimeter membership, etc. ## How to run this stage @@ -55,7 +55,7 @@ gcloud alpha storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/2-security.auto. If you're not using FAST, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning. -Besides the values above, the project factory is driven by data files which closely follow the variables exposed by the [project module](../../../../modules/project/), with one file per project. Please refer to the underlying [project factory blueprint](../../../../blueprints/factories/project-factory/) documentation for details on the format. +Besides the values above, the project factory is driven by YAML data files, with one file per project. Please refer to the underlying [project factory module](../../../../modules/project-factory/) documentation for details on the format. Once the configuration is complete, run the project factory with: diff --git a/fast/stages/3-project-factory/dev/main.tf b/fast/stages/3-project-factory/dev/main.tf index 48867a9984..0efd6ad67d 100644 --- a/fast/stages/3-project-factory/dev/main.tf +++ b/fast/stages/3-project-factory/dev/main.tf @@ -17,7 +17,7 @@ # tfdoc:file:description Project factory. module "projects" { - source = "../../../../blueprints/factories/project-factory" + source = "../../../../modules/project-factory" data_defaults = { billing_account = var.billing_account.id # more defaults are available, check the project factory variables From dfbf990da35f3b88141ed81cc616be2009d5f660 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:15:15 +0100 Subject: [PATCH 13/24] remove decentralized firewall blueprint --- .../decentralized-firewall/README.md | 55 ---- .../decentralized-firewall/backend.tf.sample | 20 -- .../decentralized-firewall/diagram.png | Bin 297001 -> 0 bytes .../firewall/common/common-egress.yaml | 47 ---- .../firewall/common/iap-access.yaml | 27 -- .../firewall/common/lb-access.yaml | 28 -- .../firewall/dev/app-1/app1-rules.yaml | 35 --- .../firewall/dev/app-2/app2-rules.yaml | 35 --- .../firewall/prod/app-1/app1-rules.yaml | 35 --- .../networking/decentralized-firewall/main.tf | 138 ---------- .../decentralized-firewall/outputs.tf | 53 ---- .../validator/Dockerfile | 29 -- .../validator/README.md | 80 ------ .../validator/action.yml | 44 --- .../validator/firewallSchema.yaml | 32 --- .../validator/firewallSchemaAutoApprove.yaml | 42 --- .../validator/firewallSchemaSettings.yaml | 49 ---- .../validator/requirements.txt | 16 -- .../validator/validator.py | 256 ------------------ .../decentralized-firewall/variables.tf | 57 ---- 20 files changed, 1078 deletions(-) delete mode 100644 blueprints/networking/decentralized-firewall/README.md delete mode 100644 blueprints/networking/decentralized-firewall/backend.tf.sample delete mode 100644 blueprints/networking/decentralized-firewall/diagram.png delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/common-egress.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/iap-access.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/lb-access.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/dev/app-1/app1-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/dev/app-2/app2-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/prod/app-1/app1-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/main.tf delete mode 100644 blueprints/networking/decentralized-firewall/outputs.tf delete mode 100644 blueprints/networking/decentralized-firewall/validator/Dockerfile delete mode 100644 blueprints/networking/decentralized-firewall/validator/README.md delete mode 100644 blueprints/networking/decentralized-firewall/validator/action.yml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchema.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchemaAutoApprove.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchemaSettings.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/requirements.txt delete mode 100644 blueprints/networking/decentralized-firewall/validator/validator.py delete mode 100644 blueprints/networking/decentralized-firewall/variables.tf diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md deleted file mode 100644 index 2fd89640c1..0000000000 --- a/blueprints/networking/decentralized-firewall/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Decentralized firewall management - -This example shows how a decentralized firewall management can be organized using the [firewall factory](../../factories/net-vpc-firewall-yaml/README.md). - -This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team -specific folders with firewall definitions in `yaml` format. - -In the current blueprint multiple teams can define their [VPC Firewall Rules](https://cloud.google.com/vpc/docs/firewalls) -for [dev](./firewall/dev) and [prod](./firewall/prod) environments using team specific subfolders. Rules defined in the -[common](./firewall/common) folder are applied to both dev and prod environments. - -> **_NOTE:_** Common rules are meant to be used for situations where [hierarchical rules](https://cloud.google.com/vpc/docs/firewall-policies) -do not map precisely to requirements (e.g. SA, etc.) - -This is the high level diagram: - -![High-level diagram](diagram.png "High-level diagram") - -The rules can be validated either using an automated process or a manual process (or a combination of -the two). There is an blueprint of a YAML-based validator using [Yamale](https://github.com/23andMe/Yamale) -in the [`validator/`](validator/) subdirectory, which can be integrated as part of a CI/CD pipeline. - - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | -| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L48) | Region used. | string | | "europe-west1" | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [fw_rules](outputs.tf#L15) | Firewall rules. | | -| [projects](outputs.tf#L33) | Project ids. | | -| [vpc](outputs.tf#L41) | Shared VPCs. | | - - - -## Test -```hcl -module "test" { - source = "./fabric/blueprints/networking/decentralized-firewall" - billing_account_id = "ABCDE-12345-ABCDE" - prefix = "prefix" - root_node = "organizations/0123456789" -} - -# tftest modules=9 resources=54 -``` diff --git a/blueprints/networking/decentralized-firewall/backend.tf.sample b/blueprints/networking/decentralized-firewall/backend.tf.sample deleted file mode 100644 index e1bb8eaf50..0000000000 --- a/blueprints/networking/decentralized-firewall/backend.tf.sample +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -terraform { - backend "gcs" { - bucket = "" - } -} diff --git a/blueprints/networking/decentralized-firewall/diagram.png b/blueprints/networking/decentralized-firewall/diagram.png deleted file mode 100644 index e96aa1c3f87f4a665410984cce7d1f658a1e766e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 297001 zcmeFZWmr|+7B&osN~n~y0-NrX?go*T*mQ?)X-O{m|>W-FG&bOq72~%pDNO+LkJCTt2?tjF1U){bx_T^?-F5|k{r|_=8 zk2D)w!rKk|TY_%OiI-k0Gs13GeKn|$xlwbvZpVdu8Ce|D@-=k*1)_VmU&LC4ZFk+la5|u7S6jdpp(kvdRol z)ckO#EhLNFU+Uv!cO%j8w#b%ZTqsDE%DLo1xzfgLf)J}H-#&|^vR*;qCiwEo=j;aU zt#M*gzeovIN!_Rte&bdGD*xN2Z<3RJ-c3C%xjG-~pA&P}b;5l~z|Ebg1>$j_j_aj#Q7-`?!U2t^>84}5bKS}wR^q_Yy%jUagb)N|m^t@1B*0N}O z?;eNDk4oc+Qcn6N;&K*)nPA<9Q2u$G@BWHfPpe4{e}n%Oze2^)ofG3jmgT&WCL+cv??$WsKGD9T$qDwi_(}A?+M>u;^?`hy}DOVGCX0h=&DlmR3pWd zp5xx55J_}rbbH)H7K0>Vz4}X$Rq9s)(l5IgsW={VF5W-(@Dar%-6*V5@iijhlC?aZApuS7`P9SFX~ zi9-JoZHzj;22J%FHku@31bQhIW)G@A6`G*LHKNCKCUlJGZ6-8hSY4kSOK|R>%YWn= zKv4oEu3yfEiBS@Oo@cIl1#ye5r&(j|= zUU@EoWrJBx#vFb>-PMNU;mvdOl#o7Yo%CDZ#fGjNNIRwXb7IlAxa(5#J<0iGpLFHP zr_vpJfh(yvD=k-de5-F1A#hp_c6^S>{E4-jIp$!uCF0a>yu|AwYLh#8N3H%j*Zt*< ziW^!8W?8MbkJOcO`Gy=`;`2WKiD-XoYePRlv>ACzvLoZ<`^k69?;hV>e@MEE))EGg zPlr;-1huGf`jXhiTn~>{Y_%{UGQr}?N@DI&?2+v;d_cJ@N)&Br0@vlY$KbIYtU|H!vth$ZWmOQVd zn7ybmqM64;%oxi=Ic)RD^N|5>@PumxR)uec{-fd{%r&dEI|qVmCu>=29m7t!I5xQV zdU(%xy~(=oG2c_Mb$@ijcJSWado;Xm_eO0g2J7FRBuBk_t$F1=+9OmC$^*2D#PGMT z2F`5#Cmu}%PRQy}-c_>xQuE`1FV{InLyB0g?6B)d)TmyrR)&Y1(q{>-9#R82KJzOJ zBnuP^`?t@Tl9`&B>~e-wYIv7I4<9-hJ7jpqd8Qm1ZuSd3NRdckO;HxQDHQAerB=I^ z$AkF$)?h=fFlW5jup4vGqc20|nv~x^`D*)q@r^z>Ts0geALJjv8A)7o8f{7!H~Gl9 z!`pdp%*=TteHLl;-GPyB%FMfO=c;D(XHzSl?xeyVNgC02xHMs3jNW;^Gc`|eN#12% z5L%F@mm#QBto=;%g6M^$ru0{guXNeG**HBIR`xt`<9r|ZKHw~~?xXMXF5g`4hflDw zv!rRYtW~D#9_#j0<(5~QM^;$qTfw)=>us;<*XTwTFc&!Lwu}^wn60Ob+~p%7_acu} z&Qi`{8&5EQW36vKY2HzSU8Qe1YI5}G^=kQ|?VIch}RKcb~qKKk~qC@0jr~II2Ph|1LU&yZ3`RB!IgHgMYNO6PF zeWz@%ydw&ytk^i5{+z*;$l}Q2k5yeqq#e&+d=~8SS+d?{*cVR~u%p2I*+#YBREI z7%bFS9UXn&Zkw$t_Ry;f*sP+K{4#8IIzKqiv3|T>bn$IRdK`yl{p)Czlk;?m9gXKZ zi-iVdu{XC8Y!Vg|e>grHGiVB{$+GFLD|D+eV)9_0Zg^U)T&fHwG8(C#c0X<3H13jJ z@?tq-Ui19EsavN$PVmGy@;gjDwOD~Jkk?GOWreCdiV9;dj z24#M}dwx`YBL(t~8byrQnBJzgVSvK+KsZ^ooch-wfu)^Z8dP~QI|sX?5w5kU*pPQo z?>GYQpRdl8mYB13jCa_nCZ&wIJohZirN}dWC_YB@NR5x4*E1PQba-%a+6UL2b{b)tKtZ_s>-CQltwC+AGmdV<{qSW*-QMv=tslL#yb>@XNLPn zcZ*q#QjS}WV%I|>Lj#H}i{)nu{POn?KMJpSu}P~-$Ih-c?R6Q-sv1fKUQ0;PX>D}HF9wGjyqLR1E@ghf9@L2~nFIA!9 zYG)F_&-FMkfe&`aJ53xO!4-Fdgj=fA2y>Pqs zj!+;ps4oa@{@rbyG!kom0C1x$brr3Yl~I_%IR*+kDjCXEaE1zg#ZbxrbuNd>h;rrE z`)DXAPi#@p|M49a@CyAP!7p^pU$0l5hof8v|H22q-sx!n{Pwl7^eg{7N6!PFp#XQU zs0dy)&0Q@m9o=l4+$nzymV!4hofY72C@4g9&@ZZ@2JH^G|CsGVU3XpO2SVmf4(z5D zPG*+u-VV;teNaTag}|wUrMoGWw}ZW-n~=9C^{;OTfph3>4r;1jUvak+rPfteqmp)V zwWQ)>=Va%k7Q>>Vq7renuoBXck^9Hx;9sKDHtz1uLL3}kUS8~8JnT-c)*M`df`S~J z+#KB8Y~UMgZa$9grrvChZZv=0 zY3XhI?~xqc{_$Ag0Xd*gIJnq3IsSETaH$CNu8^9ox1~K?#?}GI42&Vh#U*%8$gk)_R*i0YPnguN;^4#LEXjvys=seF)R^|f32DrmUY{t2Uy5Ewlb;@!7ETR=m$*;{9*j-6`Z4aE1_SPD@H+)Kv9&D zeCUn3k#fEM_VD;69F(0NxPy4h7ibu~Of+*JjX_!)Mi%(ElE9fJhRqnSI3Fb{=83({^+f@!H>EXe7%_ah%;MEtiy zp>vSye;Az_R{;&b3~ih(@8y5LX9P6WEB|+@|6KzASE~OXboCpC{bXhDSsL>8tzc%Y zyrfH(WbOBKkg(ON(VMs1dRPdrp$2hS<uOg#(mK*9)Z^ukM=j+1sa=SRipTf>?ILhv`*STNv7ERcUiWPDtF=G_ zl7M{eKa9)b$zw#phVzJ#3>6Zc6KTqNI`@P!Su#tzP%pS3hdG`sxU7tuL1iRYy@fNC z=`Z6%k3~6J=zYUq7v)k|WYplh!~C8sOXl$@*Llx*(nWkyJidwp>+g@DCWB6EL8xw> z|DGCG@i9jezr)1h1=&3t+#0V)vG~Y z;<|KSN3Oy5AlW*hzDz?d5A6@<81)zkj{3U=uR8i$Jc-U`@@S6GS72>~^!V6VaMAWx z`m5xgl97h3vY!8k zmy&1$52Mv1Zzr2>f{Ck*EN&VtfG=b_OjfduRpyymeX#DYY=26wfBy5p&|5M9wdkD` zVcJb}A`YXC_Cou?%t-7L78uKBgjV|RBTAs+BavE< zQ}XB|B}CBckrhB33>Fnmvtp^eFBw!Z{SSt9!oS3n4v;V?Nol8gX6CU0{Y9c<>_#KQ zs#Fr$4YA6eJ{s~wyFA|x^1?66)5@p6_n!_W9v6&)NmWP`EJgPid2oI-TemB))AJmu zl`GoNV2EFaRTnfYgohh^M*l6WAWJDxZ?wp8zm6*}APf>mgglGvAF+yx8JLKAsZ9pP zZ82~bHrp}B_7X{`BE1idj>`(dK*%uVtAeM9f(L_I<9|#k?7oDQcE(}B1RdI6Q%gtF zXM^Q`6nfZ;2TX|(T#c0{%wivdD8Sma$@*Ppk1=HEKUp-#Hbi55q5O zwzV<(wHC7A<|RLAUR1;(;}vU}^?#4D>1vn?oy1?&eP7nwP5*7|!v; z+HD)ZtV~h=6#wsI0a4tBM3KcXd<#zjDS;ctiq6bo0y9v4!`F*zqFtbi#|X>Ut9YcX zp)oI0aJV@+i6?)@wD&bHPXdkWRW8L&EVJTV6-f9cDZqH<1@VDTP&Lla`eQv-X@Ecj zShb#GED{D&VZq<jRtZK!Wasj6QAA=tboycaq(eeRyM{WYA_Wh zJVNsgpFlK;tTubo>wXZ)a52(w56ru&z{i!4MK5qHI^`%SQyx-aN zghtT=tPGwdULpqT5WInhM8=Db)Xcm<6c`*mKIHh_^C4q_DlC~7zwe_)UPF__ zE8A(+t9H(4_%Wzd>3`zdl9X7C`6Undq&^zEZy$q4O3gbyMu7Y89pq{>0E3DO25VyW zeQDF-B~nWypfDlocNmr#3qJo*`cRP?se|syW-%ApMmdKr|CG!!nwW#Hy)%kosku9{ zw*3tT%UA)Nhy0!mvchh(Z)d1WHl<}9_?zVLWyo%+biq8Y=8JQ~$uZ%tGV{y+FlMZH zFpktFyg~_`8HTijMV}`oButEzns2^P6^ooCz>bUHdY=d4lOp!lDl$B58gpuMPj%Jy zF6thWmA(|i6gMU-#m@V)yXns%mrXSdhRb?mUDUXJ7<4RfIyv3Co`FXJJFi~zB zj*8_O?_;Ab-pbeB1*xFN>LA@Znt^~OCVcMRyrjJinD9}5o*}gwX0QPkJVL^5w8#T?6;GG*n=CyC`ex;%<4C>^2mj1N;MCplvtxha zAMSK>G?nWZ2MlW$8IV?a5zUwb6RG?ZdVO-nZ+o+Speq|=rRIL;9_>9sNO`^is6}FrUN3L)7UMojJ*oOhp3WIRrtM=!dfDTbOX+ zqsTxAHb@|W8DeQTSyZy)mvMLNWJUk3UbpEX$30&BC?4bCeJUL(q7Yo_f#cnUO%TJL zt&Phlh#}H~uUv=1Su(M9*3B-dYcl-p`_y;l!*7z$&%8TgxBHs?^kDUChmRE=JJ%bt z1Vlk~of7FUm0JfAw!G`p=gA0TvHo6R{@b(T28+;x1&S3`)glglh_R^A+5ExwcxSHC zc}@z5+(H=F=a%pWCj-#dFjBdn+WK^F^BG~vb3)~S^nji+0EJkgw? zU|2KEJe&AB?;d?#F(}3}Yc4s!;u7WPcDbSZ4jy4v2$kF~P_`4=0@rbw2?Q zw}G#X`z6n`CERnyX9XTj#CBu5Ae|ObP~3Dek?Oyv_--qbej?mEtZIC>gVM>c&a?M* z5*>`?%Zx@KG)5-{5a+mg%DSjxXO{<#&E>!K?U&-6C;+t=JAA#yie^iNRDxlvTee2v zv5Ocl9_vPkVu<9Vc)lJk)aU1%(WSDs=eVKf{eq6h;>1z9=g~;Pt9^m>fs9b>lqB0? z9!z*@V>WbmToIr{A)^eh^5Q_4jnk_6W5}=vU`W_e(F8pjA#P_pvMo^j^307~&^6Ox zs+ucLUc1<+!T#f8R5+eDvqX6}Gok=;!sfA}R{1)`GnN6=*m*j|Tdf5P&xHGgyta~E z`dI-k{_$)Na#RwYAdYsiZyRhWOKG#O+Rgqk_z4u_8xND$*wC2pJF}1nt2t>C(HxB= znw@KtRmDJWa?-$90Go&PVJZ=nr6ImsY06+PU z1lUIsj9}#cf|&_zl>yfRwhpH5F|PuJKl%+?>3b;@@W4w1sr^)S=}l7Z*24)q4iJas zkA82;vy!1Jp0KyJxxJAYGF8BA+_I*kd2P4fnaXROZ4X?^JZ zi>yg`H9c?r1Q{z#?w zxGO$a#b*8YpMn+bw(3uHV9_aZKad#PJ20Uf3iEyW@}=(AY-NYEfJ2v{y6r~4cBv!! z2|l2q_?o{g^6%~zqhUMD=%Nx60Tg!^3hUl!)_R@IC{Mg)lRim?UK5n2O4VD%{Q#b5 zW_IEirZ1DFvXLS>sspa!7cf~Hdf$hQWy+G;8j$a~Il=yr-KZVo{^yx)Z*9qfc?v$$ zW_0~p_xGoFRYf~PbBD8)$=^|IPF8uD5qW&J1nQ;qbE4{ZBrDMf(0_cfXpV2RL=+^< zTby5|5{mK6ttxE3G+)D^*tp@miV;l<>;5|Y4|SzdkRqC`F4U{&YLBIKN(=n?em~p{ zPCeVWiyDrz|0I#?=w2YhYYbZjffguK@i|V}%%z&_zFZQ=eXn0tbSi=FWWDV63b@GU zjfa1PMPxDLI_>)3&rl<&fisJ|(vyIc?QOpK*l(*Q=k&GcF4^{&l+?&AqSpjagiFW6 zh(d;q5}KPf9E|9zNa!^M2HejDu-9^`<(Tt|(}H&!tIUV(rpp;j+wI2FqC%sFi7*+J zO75A-8r3whk$3X3<+0MQ6dJ&jODXyMp=dHD!e9 zhE!MPF5fdr5ereV3?#@4o7>srkDbpqhnT-4VsZ zb6F}y;0ExoCo03bN1qjs*Lkd4F{JsIorZ{vmx|I__`H4n%Qx;|pi6c(V?XLk7Cb!L z@2}e}tzOBZfl;||tdAC_-Srq!kAHTmAc{Mb>a$D=&~_@eL((%}wQCu^m>k~iq}J6! zS@}~kT_AzMU|aeFIp79wf^}L|zzwE`@}S*k{b9(Zn~xciokQ+=e+yP5pZQ&hF{Fr0 z(Psls9ZtW6;uw%L$+WlT#Sl=MelvX#At@5W@{{phK|zmIPm(EEkjlZq!Ix54awE~_ zkQJ(k9z28s4?!jMzQxZf5M>CoPyTT9VNhU$9p+8YqPc)Plkj?G1Zxd$SuPsv8emOq zrNeKO0&~&&$?GRmF|CRT|B`F-3bF(APzl_>BFy|<_;`$1 z&|+;{C9&yO_CUx=9}qY5S2Ihl$~C=<6`KgNk{WB)WQn7NvEb=-u|VEL^xW4KRxWTjlklnvSW}0v;boND_vf?T>QKrY#v#v*>&TTpy-j=}A zu+B-Y(OGE8>8}5RQC{dFR2HHqi!b;Be!5SB6i7~jimJl)YkQyQk%9D3RD8Bd%A*pA%^0jW#{5a~3?o)(F%9RLop%dMdKV_M*0Vfl}RG?np!WuR#xMxNC> z?;A%i#J6ofyy0L^?nJ8m`d%r3Lp3g<%vjy!?<$3tX)QKQG6a9Qbh2OrZ1`04R^7Ik zezmjd{iE`z>OIM88D~Y+^H}+sIVwX1L*|2-iYlG=muAQ+b|{H8a9RsK^a*tz0_jGT zSy`kY3SvyOGX7Y;t13X7g1t&!GoY1%c}2-)&o3EyH;?gKcHJg68whGhjrj7k9`Rs4 zdjBRlUp49`%Va7?r>f8@?K%i*%~yt$I`gWHE3_dCc2%TG1Rk7X%lv3Is0qMp#&;yR zB}KJsd01fum<04=-@m-$(Zj(KKi&A?aCv^ze;i2d1x)IBMBpD-IYMFy*qm0Mf}l(~ z737W@^&2p>^z_!yb1m9;9*YMdm}NTk$}A$G%shd^cq>6Z|L!#jDeOZqMDwofTL+Mi zkrA@}@|z~O01jP6-7@#K2sl3&CB2Fti-cU3-) zt%j(~W~1R~=FR><$WZ7&2#x%+9-9d1Fd{_xe-L4dIKYTbzUt(?$H;`z!}9qD?>R;4 zkEK7(v;26)V@)R4+X?jjACi(V#l;9g9<&muj>VAj7$kjqpaz_MZH43XM4#}sNIn3| zpydW+El=ZQzZ-5nT~&$DMXZUQ|M*%6G-Z{&ad7XpUWtZG7ntbpM;-7e71;P}xWV%f zYv6re@3J80x8KXZ*@7ePPN5ga3s@&bnI_0u(m5fo>w7fq1>mg<`;-HHE`Su>w*c7}b4s!ONt@&>js=`|Z*4Px2{`SJ}W8K0IzZw6KB5i ze{YRUx>~~yNG%gYL^+`5$@v|V0}jWn*~=-r@pq%7X!9Tg2a)L7O|nIibd2>x8?&h* zQXZ=@Kpfq~;Yu~cFT75zog(C650V1MWcK#XuKx`MXJK$&d85?Xg)$_QlHI9vd7xY}sN^Cb&;j%nyp}a5w#F!_nzo>4jb}w7? z^}Wwq_4_JEr?2gbN{bBZ5{j`0A2bf}DD;FFBm&;ixjCPJBNs>fY#cfh0p(HPG}{=?KxC%DO`#@||1v&)yyq28&6|lipm-8K5X(UH_FmI_ zV|Iul92{-@1H|q@zSDnGa9AH*gBF>GT&gmzw136pxhtI7nmB|_#99(7ej$*@g(a<1 zY3z2LOTCz0`SqA%-R5#LZB{oUJ&YxyA?1yb4-BF|T`-wI94q1J7x}7nnDKB_=1WbL&&o7tjXIcc)a`WYe4_yb>kfexE*_?7GH2*i9jP=n3^SwKPtIj_ zSu8@~VV$P~|E*!M(~X7twCZrWg-F7ga}nc@)}No#6;Xgnbt$lqn%dH-(NKq6>;pz7 zCYK{ynZWjyc``-O=XhV6*PlQ0!Gy1-=W_o`LH|05g2I&9x=V!)dLZq$FviB}cC~ng zW7ZhC2zJVVA8`Q}Co6y+-9t2=o1o->kA8%B`|zgmt2LV#lc7SN{bkRcPuGRxP+JUz z0Hy4%#u~$2j|}5F{<&VPnyZeO^<7EvN|tYplcyjZb7RVov!wcfD7Yb^6{kpm@fNv6 z-XfZY8)P?9P|DGCHn`lMw!L*~Br)Hp3vv@XVyv&9d81FwL$BQ&6jPx*UGNF>ReJ)) zBz=p!p>T20lVosL*t5LSVNwrxs+1B!bky$sm&heWoBybJ?E;@fD9*BUJ2-?IS%3_K zVZQtFWA&@UkMCc!_4LTRs$n<-fSFr!ig(<*L(=3%Td=OqH?@3n_I* z(Hhn_Y2uYdCF+^6ftXLivDC*JOoa_EPd?=f5)p2#eR6tAH3NS?gJb^X@BkxCZu#KX z-_J`*sxUGYs0d-$yN>{=wiRvD#WaG5+xY%2w({cqw2o8m zJ=qo@8rI{=?ds?(HoIu2l_0`4w@WEZVj!&G;Y7BB7vSgYtSNrd{TYvUA%u@Zw}cmr zMvII>RshccQtwj(?=)RwD`Kj$T;;Vd@1CUi?|p6;pnCr-9uQ>A^KT83z*lX)P`?py zdAl%Dg zNcrq_d)y+<7p~rK#x4T{_EMHVaAAA^W{c{Irj^WwGlvBMc2?DQj)z!wg?=j$%fyWus9;1duPXTpa2x#!E`i9Gkqox$9 zib==1aqx+C(COrCa=Jz;?4BEV5+PW)CC2d4l$&Y|CsAsDKfmo@>(d3xFzC zYY!Qcrh_ie*>C3S&g_su47Kio1I zx|r(gJv{y8AU)c6PB$%;z)`GIY}8J9Ad`GcwZvp2J?LzK@(_@JWIg`IVJp~amj}f` z4kc3e&Zf5mbsF=yVJzc~EVIE@We{Pg?Xu!-jbG*(Wh@MpVE%S=YJy~LuYBR51D-;> zL~R%=$NaGii`j60EF6z5&A6lT%ZPl!>Jh0^;GR|`PLo*bxn?SYm60*)jYM`>LALT6 zJ>cUv_xr`Yw5(GtfrsNl5Qs!6sEVJLlViu8fTU!aP5wdiIyMedb~1~%#Q8~okSFy` zpANvY;D{YleIR1Wt_jPy#7*DX_<>o9=~U8*;QxBElD3Ur43iEQFpaXrkOg%N=kf6% zP(5|nZaDIs$1}3_&Qj+eOuP8O00rLZ`pbT7)f8bb&$p?@Mz16m_hnTAe4xa3|CaRk z6*AeB>KS(3l8;+J`3f-MpAQW!>V60d1Jq;r#0~e58pcv%6me9;S~FM?{|8E<$3#pz zznG3i6j*$=6~^myLtDLFh8wiQ{q5~TP?Egy`6cBm-Pk8Gii(ju8*;wx!v*lKKF&xS zXS%$~PhAx7l|XbRjHFmfOC_Uk9|J!QswNpLb^EuFZ*{ zw3w4|;*Qr@j$B%=>7ei%vrIHxMldG0Tzp$?72E?w{|TB{k@>R2_0j%5!Ie8zQ%>DK zK+^3xw<$0y?Ed|m3`^fO$W+I}h>gDY?E?yKTs3g-#ZK>(h}2LAWza?urZ@ZCc-TP8 z0j&t$A#y3R>1>Gu)X?OKA8mu=*&}3}tK*J&)6d~z&)uJ|0fjR6xve6&Y`c2lS<2dW zSPrn}#x41~9xu%SUl34*QDjhTW1KBorm-q)9Hjg~>EojtIV@V~SvtI*8d0%ZZS|Sx+AqN@eatNHNCj~`JMyLxJjG3FO zs1F#$T6+{6q=F5=6)c&ybxr~%a2?dC2tLrOrfx{RXv5FuymbVXP2!N&pxW7fEFPg* zici6SSTVDwoQTbMQ|tRF2AgH(wzrx;$aMOUly;Yal=x*Ln95%jKVrl0ya2VKyb_x} zav9RJc}zA1qt+A%7%87u26hQ}CmOg$3agS_zZILU5d3+?GC5yf`YnE>8c5g`_@~`p z>?bwruYm%WTlZN|M4va@rSXD#F>I+SN6c@tBC&rt8^PxflHqsZbLRF15ai1_n-gyq zZE2)aK%)Y;=d(0?eM#?jnSOf z@N+HSv4ErUy#slC>plb+y;hcg$~lz4t7Y^_Kh6E~W&S3Y73R59+y;d?G-6ONOHjoa zzC2qIFNCT_z~Cncbqq`a)mE6|Js-JMe|SVeeZ>ow$M+3v4i;fRs=%U={@x0vh<3j#E)mWqGs0M=QO@Rw38BL=^OVGPkOkQT zOrx@4=2u_A`S64238t`sSu2Kqy>}@=3bl(LsQTg;;TGq8c_%*!%Kmt-hT}VA31~bo zFU}nf)`nFcfExYlr+0<5K^ojzPBjXeRl@j3OrPA8bXJLktAT->QnS4{|qZ6KqoE zdpTe%MjFB^FOU^HIOo6hX$1SjzRh0OEG(A7&i=P|xQZ4d9ib-uMLo}PC^owc{qY~^vX{T8?YF%WAy;`h-Iv`u~>*+ z952+xuq=7~=n%j7lEQG|Rj=9SA;Q!Ud|bO;^a1P$6o~Bw7^R)C#Ya_FGG^Y}X|9bI zRD<{%iAXOFtD0)|U!DMNpsPKGbfKArI`G65{)CwREvej`Zsgg8p7Vrl&iH4BG=o%L zO<+d>35qZl!vLLI_j%wjBsMJCE%cPG|H^|C>D>7%_|2F2W{I))cWM{Kx+xE6o5YKo z=bVd|u7-)rICIcKh{DH$o1XG5{zCXlm2O69B1&o;Yl{R+KA*Zq zLu+>oBn@+~_u~d$26lNyjkw+r6TiU|cM_jz96^)LxO1gq5b zcJ2uy-_@+X7A%f%T_gQcU0CL^tKcZ!JI>p)0ABSenS)YN_$Y2FK90!FV|{tJw^N~R zX)~y*FJI^$p3Yv*gfVS`GC_*hj1Q|TW^tEYal^=x^{3$L6yJ*|4TuGfcKgiESX-TM zY-ieI!U3A#L$8n0fVBU>Q1)Q7_6I>{B{Gchqu6fdB1QLkg7`9CxNbislWXJKkyAHu z|1OcBspws*r51u#+Emix>Z`?%S_@_HR|H3~>zj5vW9Xfa&ovy6MNa1@pqd;%AA{yv z^K}k`eC`xLzsM&oaO#OO=)A7{%?LmRoCtXLaq7bJ2#H|)P6V=zxE~N;Y1otsV;=!R z=m|TAwGMCuohVu7`hvLT@bkxNpV~FO7$pSCPk;$G8|MQTp7KxWeDk(0y$kEcO|F;h z^?E{FHg*xOV^pfCBG?vbh2U*{y!mu=aV6SbifsO57x2$QPO+fIqtLm>$$Rq-#7cVy zyHMawa1IhMd?0)dX7SR6a^| zQX2*w439MUd8G|g1b}@PPd}ldvm=UZFyEa)&_?^JdM7pdJb;OJ3)dV;XY9&jnWV(c z(o{hmxJ-Dv{_A<`# zxN2j+Vz#aB2*n8bnEeit*AWI0dKgB#w0+oX&yZ~=kB@XkK1b`#*kP-ul=AG3%+nAf z_)?W}&FMi#yqJ5x^Zv6pzso+@0HVm&DF!ZNsroU!Ly1yvB5pRDGo>P6!5r1QnICO# zvvZoJH&gxikaphlR9!l$2}+MK6=H&9Be>ez%?fThF}5HP9UX!z$qQ1i=G5DKMaq2v zDdp5~kU)@jMm*p6%&5~W?Pa9=wQ$E9dfuTYE)P$ywF=hx%FekjX%2_tLLsAoq`UG zDv%12!0vN-&H|7u>~o)Ls^<-VzmFRt_Pv(TSS(MP|6U~MD0SG@~AtN+-u^5Y_!4ELtR3E<&eXv$tL2VnIdBLE{*NhH| zuw$gJkMBBKG~2j?cAjz6>vz807zNcfPuktCkI{C3-&$_D${qMb)u>Yn0~A|Vl1l*y zQgJo5Cg{3Bb2st;;_K1?(l~4*Hm+6+i+B`a1n{7;a;V(LXz|^cs@w1*?~cwq#&W7_ zruA-Ie z<}m{AW9$|5?cwUE=BjA!ZmWxSgR;)U%Zu4dY~zZr^+y+Grbt8q9*vxUljd5RfU);m z86|^B+%-i2o>n*NY&-_bdT={mBHIGoK80M}x_H8WkK#cMQ86=h#N#%P*mX?JBD@I0 zc)I3m`x#hLhQ}YIEGOIa`lE?Lhz=wS7VbRFp(yRbHU=DYvfSA|5Vdty^6#Rig+x6> zo)?X=2n&9I2~VfGL%J}`veHBcgFicZ-H znlb(8uqn$qE9qgE%mn2-6Z9{cD9dn#;z~l_(-v9#V@P*e zq*@AG?vN-w@d6E7i@tIIU{00)o=pO*_0Nt+9~G(>Qbg^P?dfL8EX!QEP|=3Z?{Fif zl@S-;F=jWPvwAM;@s6z2W3y?12AA8{KCuKNCB?$9;r8;KnLq}E@w}il!n}ZO&m5)Y zv9jn6)?B`WNEIj~T!htG7up_TF6wo@ZF5`ct5}yd-Ne=4T%)eWO?bhXNfL>dh#7kX z{DZIr0@FgIz$W7(22DiLCV{!ADao@32$2@^Zib>Oh^~bU1`$x%@?)Q(>fV`1cl1^< zu`mLyEy~FPUogLsWCY}b-S2ROSQz097lPG1MqES|GxYv%o%%0!JigJ3=he@iRThf8s!k&mI0h^2i#f?QK*v{Tw8a1f7}4FjTB!R*^!I z*1Mr(K*;)+bOJt{6SqLKl8?Sgu3@Q}Y|Q|mzH!iFUDiOP^E8J0nHzx1c8R5lm(+<; z??&i9x#JoEdVBgwJv#tcYsZX35*p`bi-@=G*Z!2mEklWbCF4F$))aG@p>{O&K6($t zESExam7z&Yf$2p)hZ{gym2lexCe^PwTsV{HUR(OH98=JV69ZunN?5FSjNnh?wr5qs)@4Z zp>*Fdjc8i2YP|Yt^2!W6;(PKHP_m6-PWa$egkAp1?HVe_w8P4sCBZA(4^tg*H{l63 zpa8^Jx_Ppy+U~3QC%WK(_@Dfyhx&LJcY;9*dXI>P8+Lv;8x-_L$Rm%uj(UouPiGi` zBkgT=2TR=X3BQQX0`4`|7+J*KGmxfFB`&?BWVe7l2aD(hbrVDVvMk#bqegD0ZJJlM zSww0{oSt|pbpk8oy1jV&HVj)X#^VT3Th;rY)6!D!&f{e?^@;31Ajaz9h)u>{+XrO@ zmuOO)Sm)qUeArR@6RGVu_PPyj>yMt|Z_heNGz`d_pT02=-XWv8L*2gY)+g9OS{+Jn z@#Ri)Bi_XTwpU}M0r`7=BP-CTZtikRW@H_HpK^HXyiYF-Ora8FJ zarhM!2H!ms>Iz^aC^R%ktL|vp>tb>A@7u9{W^?ia4k{HZ3=}UPm`5HF#)D3JYN66m z#m=Z+IlJH3d8$sRa9rc{kRPw}3fees83t(t@?hLLP0*ZY?x}w>d8nF2z|S8p)FS}V zXtHaZh&-tC+6MHjhud5;#?9{yY;Q5)B*U?S%Ouvv?T?kbB@qRn6K4{nBnyY3lB}~~ ztV!Q|o-0t_xDz_eZ!_>QOlD8Yl-iQf$%WwKS5uINv;VleLblNE4vLPEBQ>-w6*pRT zKvQdF|_lqv>RO9NyUD&Ooha#N>il7FbQ9)CTD7ee| zXMP|9@&mDhgf(U~R9eW#??`}jtpaqb)Zi*0K4IZ#EyryF1>y7FF|jTo6ZI`uP7|9h zjH0)I^&!)CtrWaN=DvI!Gq8_FhJRw34J)v?ae!Yo1W1bh|O&w6;`);Jiczc;f~@^Zl1}AGD8t zdM_JItjN>X?7;mH{<@wuYwzb>1-f@b^8AEZj}}^%*-qC^$_d9`q}vvH@ye+l_%REZT- z>p$H~9?-W=3#jB8NuZ>`4#v({0~Fy0C@_Ul%!4!nzX<-J{V6eM!f3lVe*4DxNnE55 zHwAIf1_!a!2-Jm+sO_xP`tjSQ4XC=}WZtevBV&25e|f5swZU(NqVN1tr|G9w4~~#` z_A5|-#pXzwY1n3bisOnqOoIK=r4Ijp)P=Dl8B^S^)CQ!Nt(P8b6C3TythbkTPb;Qib%!Z(v zMXOK@mA~v$9Zj&I!X6~{jv{!MSA`cYOkN7@e7uq(K_r%)xGi+dkZMF`ZaaRe7}`D05XOF{_g>Wg+tsQoD^v_ZcqPnYKWx2W5NzC@Cx^+P)kCyQ&@`4tmir zY=8BlMM%6w*B~r&Y&g*NqI}@qbdr>YqX9aZqLQSDD3kq9mJ<2=k9T7Di$UKa=t)-b zIlToadCYRpU;ADDg;H&y_}(j_m5gzlJoo`N97E0^_t=%}9lo5tx4 zRTIew3}lxe|3T;cOwV;z0C=3v!suTC66X20=VK3~wDAYZBY!g~bZFBYihD>N723%I zs;|J^eNfEY!hi!V&@Hsj+(3zLj+8I(%$vA!z%Mc^QNCI(jOYf#TOVkF7;k`xJHOr0 zgK<1=;{+UI@k_Pw+!TK|G7j z1cHP2m*p3I%*sE_Ve{GeZhI;ZZt^j9zR)EEn12&_qDObq; zjqOZN04_R+C`(?bu_TbRm8_n*sa zGyfp-yjgwtgRoK5_3YADIdkTr{@)@ys~0yickA(xW)8|Zt0gOI>+DT5nIygMY9xX()T{5F|UP*qImcY$Q^`A06zoo0ke|Pt>oGp(6S9q&WZMlL8rC zQPX7AkkXDqsqpziKmztaJf#qwn5cBH(=qbN0^%yuwn6e2N*Yv0P90IBx%_>9QdJ&}&6EM-9DF zgmv~RCG))1@e}|d9@q%nAitv}mjn&E3us`PZeZ2+t4aH5Cs`n}sykC+Ds2ZE=cHuM z!96@o<7*g3^R$#Q)D|)sU@R(XUG%>-1E50fNG5mRu0=>R{@Ut95v|iX0qC2;%uL#h zYoJFGBawTBDR`+naT1_ObEvokb`}NtOkio%kzi(0TM*I|`#XY&u;{D$-*Ql(v^zp- zP`{H5FO(Mq+k=IQzuEO^>i*K$?JC?8fh22;xca^1F$ZJ>(Mju3-3f|BVH+>?W<3C`UGf3vWvEy>UYDThPFzx zHY}jKsi1YZ=a%@Hv+&RF?+QWjOxQu#by0!;0(W7rL`>TkeA8h#PYc?(4(j?zZ{)hM z>%az_IxVO?v9Ku9onzT14TQY=qXLqr-v5a_xljMmc~uGelWLkKotmZvv|GM{O~y{3 zq0u=SH?gSc!naDu>;HMZShLI5A{KN zKLeiW^8xhi|F0!WVC3IC(xLXx$VcVUoy|&6(_^?7A%#3ZSXC}};Uy-)(;(idbT*R& zb+c8Cfu6CuwS6hV`T%q#j}8^UKS0n6+8tVTYr9B^y(ZJ3q`BJ;Yy@+h9@a5-0AbPv+A~UHyQMV$8oFw{DbzaE>x;?f=PGm|6ig7q&Q{}_;+vx z;1*a=TbFNT*V}^?gDT$|h#}`UIE3kMReZ-Yk-)%U%frLt9QQ{Y=<0gGS!BlI%`JoC zy*FhDr?@*EeFt>ZM}gXG0mKWBa0vIZ!aMxOG74(yV6Ko2PRV?# zDehlPo4_qF3T7#Ph^wgCWr5vtX{^d^Wwn7q_+=+46^o_PQM>l(wS|ZBxr*n97EIS- zT$6UF0)&5mr&JW=JzEg=FN$K9i%&>Tngh5+uII5acsYE9{y$o@6);Eo4uG>!@OV-V zRHW}j)G*hII$7L`x=9$aBvj(%S&iprAbbJ>~|w$+s$E zFbVWHGp|{Gd6SA;Dqoe5=c;#^xi_j-ZhW};{EcCx6G~c{wo~bJQ-#R|y78s0D5tG) z#1QiAY6BgZYn(fzUYL^^;Hjx86QcuZ|MT4}rRM4~k?uiY#Q58B_0dNroI};0YfC!8 z35e`E@X=F<3BXu7M zUakaZvdbhO4E`VessNlqh1jeW0$0Nd`GxSJ1>~bd0>wErMac|2eWAvYP;2HUZaNN; ztYnukSiaEjw^zj+=QqO8g43Mns79OVLbJxUuDu^vGBhCT)&@Yk{PpJfR}R+`@n zV0?GSX*_-z;S%wXF|_v;dW0Jz%qz$_dxYo*(yJZ#dtK-B=JlTxq4N?<{6_IGr``aS z)Wl2!LM?v9|KG{JDEe}~D%SXuQvd~+D0gOo0_X=cBv}r;M+Hxvn;G!Y4r8IbsW$jt zvS(4g3fj7P4bR;s>**ie>7o}T$S-2!p2olZ9Ozl9co2q=SqR863jpQK3i9AF zF$VX+IbV9cFs|hCDMha6nfzWEdNk)$ylp}M#l*8UDEWSmMC^siFw4DsUSO&!kjIdaqL@0neJ6f zv%*%xOX;hI|nDNnAn|VT?yp0BKtsk4tsA+&Y(~>ZPmdl-$U2`yDLD%JO_=Nn5OpFKea07eVWB0?^kRM*P zk!dZo#W#NLK3Fn)Twtt#r_*{khUsCyD73Kmu{uVX;N@(-svn)8!2h~RZt1s@9eP$g2k|7 zGneJou9QWeuJ?XW*Z$-a3NK4cyxm3XC!d<+ndp@X{)Bp~Q6A3dII5LLMRYVdFMNOK zm9q?X-0h9{KYb5qfGm?i=@7v^M2-4bNH%|`Es(!~ii09r@%XE_t~#9qv_M4qU}Jh3 zux>cYcILM~m1U;ATg#LD^uIrg#P=!q+ZOpfvL$uh2i%?%sZHM=LA=mGoXt4*{68Gd}a+$7TaXXYMXQo5umf@B-rIe{nLM@){GPS_N!X-vFtw z;3e_4mKbU*qh1juKE!HK!}AtAEEOT8a=M{S_7sedD52F z2ENpLcU0TV{qgQh3re^kZJ@{#JXWae-J@#jDk>PR-WI4*F-$jgC-fCn@OPj`e>p1p zv}uQA`vH<5R`JC*-T-`YzHt$3Eu0q3W2ut{YO&#ka7sP>8s}v3iyfs4T(==AZyLB~ z)*ZpLwtM{V#~^BcVT|i~Fsp-8?Uqe4p2z@FYp^u<(StZ|hd9TNNw?_gR-oFmHlesE z5oa`2gqv?f+0#QYe3AvZH@?s~Gh9Xv(ZFY4wD^~g_0w&(kYng~6OrP6Q%Z>A=}?Hl zy9Ym-@;u7_O3u%`7~-2x|NKAWtVZ$F6zjWE8W^7`{+g+~Qlz(YJ=-Xf~PO z_%UfkVIbB69MIq8)X4;xIY{DMAhB2*{~-hGD{i--i$>4x34K20nrS3K44638U%rxC z0$#UtDx-RE^{&w7XL|-SnK!W7+PAT;)JsW@PdJvdWatVO<@m^OA(c)yTw*(gM{34q z8@R)h2Xo%94Smcx%kYpGFA(ba?NEA-r}qB$7YHo@t*1^kzY#Hc+O2$y;C?g{5s3w5 z^=ZB!{IAm%PB;xCNEu&LU4Xd4HFhM5#-BSS33q`B8IPK*gW_!|@-;7&+hcx8LgV{6 zHW7kP?u`7*&9CZU9|y&-6uJup`D_ppC|@ezi@J>(``}R3{-oUD=iM3*ATzc(+c;Sn zH3JGqN160xFiUpB>8uqi+b9cy5p^dRQ9qBcZYsqAvt8-l`lQ?w*grnT71|?ca+Kon za>}+D`b)|uFya^uyi9=)*6HT9&x%OrtWhk9_T_G>-+4_$js2A~O~A7W;uK{17_@Wm z8IOah(e9t;rxO8R2HuP zuB2i!FO%Z8sv=mf z*rMK(FCH%R@TQ7x?>%iPSN1Hqr??V`pVyG$+nMSC>OImGpwGpA?PRO+ux?7BjSe%jcsTv z=42Xz;&_eW;ZN`bwHrPhJIvXesD`@*;1qIQCu+xeiF?grPqh{H-cA3~+h~e9iVY0{r$T4v!7NQD)2Xz${n*W=qJ@M;v`C12)Ah?Cm(+AogEr3rI<9qp?f2(! z3U=nMyTW7cp*O%tnXl*+Z$zxD!Hs4^6^aj|Z0n2d_kT5YrT@{Dl8oox#j(Cxc4weX zD>E4EeOJ59bkKY6$j650@ZALf&8`3To;lbqJE|k^k$G7S=9*jY^A{1x4UhUoTkt-= zBR}q{FkWaD1bgEK`r0x8Y#jJ3Z`4lc9nD}?uJe>E5IHaM0xmWsjIo zZ^JuDNigYS0esk7k;ZlXSKzv?GSP}N zN-#lef)Ucq>?2n1*Y-Hm-**W|pfel$s2r3Gz13Fy$XHBV$nwZfzsMXTu5ma$`w&Il zLiW$JLRmjUS2|^;n-^heMh|bA0bWS=7f>A1Y+zfBP8V?%Zu$6KLu(mg8bEGLc%k%{ zCO>WQ2&6|DdC6sRE7U24d03?S2z_wH!mOD#SuKLuO!(*Sn@%l`jtIv6w=Q6Cgk(~D z_bVdT4M4dklQ!=y2q(ND&UX)QAyJETV_otC8!_Pecy zcCH!&F29kL2nO1s9Eb0Wd;W#{n*N3F2OFDnQe=Yd&Bx2oO`jM#?RJur7z4``aM2l; zl^~+vDtjuo&Z}9NS#>5AW9I;D1fEG3=sfFqaP8qPvzARLsmT6Mu!tUuP zm)P$-AMJ<}z&oIw%^7>Bd^B7^SKYiT(qlR9IgH4Y@ooHpIfxN>1QUHL__*x96$wyM zflAzZyAqVt=1@GhXcoxCFVD1zp0RCqvhaxb%d~55%nxK0DXF1>^OKDYdBX>=qSyGr zaz+#!&1ON&4yG*b?K}yO-aTF+L~+63oq8vrrz{5DZe^jjUsBrkWibmQ@F}<(;iy~z zq*AF#_V5rKN`p*vZcmb8n$_?ikN7pXDazPZ8WcBeEj^8CYIXH-LVs*aY?9CF<2}DZ)kk6WMiTlg zVTt3ot$^m02@DoUqs#oAenUy|t4eivo>Ih=|AjBp@zi%RN7kbwNCDss@$Sn50=ia- zP>Uq!IH&(DMxIHzi;Eml+kqhuD2-%Q3=7 zG6IIPPV=d!7uPORuqq|UV>GKyq!oTs4Hdn{Xz~Tz1cQ-eP1}zif~(9p&?|I4n#r^& z&?Xf6w(CPkp2VHY%CEOFMG{RFPVJtM`!{|H+zJZ0Imct{#{6|WI$tE_>wI|gxo zCGwu-x(}TuQ{?HM{QTAtO>&fIrCUgtP8|E1=J)1H)uy>ohD@0Z$bsMasT;EyL8j8d zEI=A%bS?)e!HtgEF2|<#KDdDvyzpyQ5A>-Hs+i3*sT-$|F)o206Cr6fxP0W%HYyx{ zqnKoo%m;UmvDQ^~;Wyhk=-6!W#y!rv+ffq07GO)ijf%)qYFz_E8;9!fP3pf#hiBU# za4cFN7*GOvUz~)$ww=aAaSqV~kj3YKTJ!Aa`LRpo|4!TYx?J&8jo*CwHxRMslzy^R zfvaj)f8v8`O9RO{cmKWl0_^b4PW!pBGzdL20Y{iu(rhzbAC@WJh?ml1^-r0-I8JjNTAXaH8<#U=GxKN2vR5Qm zSE_1+Q`cy~;25(agfkJNzBc?Q^*KydWOpavk`9STT?lWJFmZg3;>oX?!#RqjKmE1- z{s*E7{)*Iq-`p8xEM8_>7ud8q)z)u}^SjkFi(^-uP(C%Kd^p5CzuAr1tXH>=xO<1= z?>P`jD(=U6+T-J%LXC=u<38>&*k_(c*oR$`c)5I^w@__}bK|o*r|&?h@@Dw1Y!Gkj zH-F(~fm{Ilu5sX^~enx86k zaq^8~R#&y5T55>$iol@yKUdsGCou5ipQw4G#3ugjM2Z z%z19r;H!=AeXrc6%z4t6t!INvt4gu{e1uTw9nCk-B)#I)ep(N?=e{yqcP<>pp2M0U3sm;h!_EY*u)nr%p8 z*`;JxciQisq|Jumo1+v+80k!lH|vpfcc|bS;L=|rte$0dq}KTh;zC?}>8|h3`C?+! zj2E|FqpCC5cO^F7-{US9XmZuG|F>m?;DhYySD6Oy5N`*Akjy+M&w=QIDbISIMMYtq zYW=N@xD9hgVcP1ibmkZ))tW~<14Nxiov02{phoaivuUNuj{>-9@t*1ZB=A05R(pLy z6#U8N4=ARcIZ-nUcM>@%KPzhj@9CKMpMnH1BuF&Bd4nFF+c6YbW;ID~SYs2YuzB=n ze{XDZE#%uEGI(pvE=OGbzG=>=m=6U2mz5HH?7s2W>G$3F>@f~3^}Op7$@_fR?+?V0e- zEa=~-lX>|f1btV210v8S+pV1Ho8jenWdBdf;Xk7|d_SZ)HkJUP=OQrH2O%8SOH2vO zsqekrR&Lua^t?TPjY()LP{HTW=>QpJ_6qdy5%HRMJ&!!O4h%?AmLq4WEFPAi3HaLP z9($(nSYrD5Rsmezz9+0U-vBK}W@wHM>)IdnmwkJg9%=IG-I?{!R#}yux{Xpx3(Ied zlsy|(az|ZPYX%Ae3So*3GXl-jKU)oT-bAp*aFx7q#$&#`)mn65Ki;Cn%1g4i9Gw4pNT2Qi_`YQ*>eaeC87M)J8k4@CYG6uN5He&gabmI ztMF3Oe(hEZ>rRWtQ=Jd^C|fRP!vFHf4$0BT3PvyhK4oqj7Q*XjuFNt!CT&R6nB8E4 zlEvd8U(4~b_|Y-Vz14PutkILZ`{m!#2YCj|o`hVpa&MXakmqn)gBa3Z1m%G)!HOEF z>Yx~!SW4(UXk0a1=B9T5dEN|&$$!6}gSVG6xgIg47n zb5zHbBA};GTfRolhgf0|IO=S{3lmMxIOb-dB}`d^-R66%IE&*?)i&GU)|i2*c+D5w zYsCh8*0d1-` z1O`egO#(<8F$d<8Y>l=Ib~f+LPx(%2B8|E7M$(@Y&ZT*jrWV+2Oa7GfYY8Y(i$EGE zC6g&Y&JgekYN3ED?={^T^qmYR-}C{mFNL=W(@0UzW>uYxSP|#gEg5X`Jq3?=*Surr zinhBM1z)*O0PVXaXz#Xj zempXOK{yCFn7x+Yse^I-H984?dU$xj-6P!PN@%r+Sl=-JL*g*ZC5u098&g06PASOS zkpcbG($w9&b>^$0ERw+8CZFeI&O>kQkhnGRe)#%TqsM1{?m)UR_^vsft~g3Fo-=MO zP&M{eJY;k`k}B`^q`kX&^n-EUPrQSWaLGs*lZ8_7kv<2xNW-NF=>)Ma`v~C{ykaT(^9oi3D5^ith#}uRm16m2$|15l-+)(9Aa~kZUEGf$@D6r z%H||F_N2A{)OEVm9hmM1^C?PKe4)~p{;S*V=KO5Kh-5YgS9VuEjNOFl**w>d^{uneNIeSE# zRGXI(C4WbK`25vWNRx9RWfhrD_o$Cq`lj>!S8UvCL`2@QX^uT5-kUf2*# zX>aYT+fHkm3F?d)BVg>hbQ~tO^?J?| zd(E;Q65t51t^EAWxe9naAwj6$=cf=U!5|#qk7uJ?7iG@PT1WKQOiH5d54{0IoFWp; zBg@7L;K#d4FV`nVL(`bq&tx`%i|@xyw2KTQ zENfW>Wi}Rc2$I@G^rk>4?c^4PKd}I@ZSJ4n%odG z-P2KLU!a`m+s4Pzfn<79%dHHFpsyD9BjTYYqQUgYZ6u?8D>U~}1vnMK%!+w$$FPk& zl=g$3VJSn8VcebxXy@58Cc=t?_ZzAMB#%B2<$15zyPx`fFw&@Zaukf{!=^D4@ZVwX zf+0ni8-Hbe15na#uCU#XYcv{F(p!_Vb=* zaqq%jv8c!eyTuoAsK}U;ESU0HUr}>5A=ywp^@4r$(9oZKvbrIfrvl-&@D{- z3ejB9e1Y&mzLbDWD#eAK{Z$&}#c$pwr$_;dwirWi7|6Yt~4 zC3H5~j`Pe01L4QLlBz-u)Kv?^`>Fy

i#9^o=Q@)_t~3Q}n3=SeV{i?25Yxh+wb*B~?mKSY;)lZgQR^k!I(XvUC++TI$TF%Ai;!A%)>{&w9}X)|wD@cl|qoc><3v{$1cOA93k`F8@#V7yfkC_9)(oM|b=8L89mF08fw@a`K3NKdDY_%>kK)dkT?UC zsr{c8-TnF1w9(j`giGdgjO&ozbm^9fe_9$B`StJSDZ?1UY3Ua(pC&u0ET+ zQl!!r=ot5AY-lDC_pMnb-I}c{r?rZBq8)!D@$HIG&qt(NkKAp#S@`_B6`JR4vE6lUvz9a1v zJM)wb&2^$oc@obkQPd^JHg#;qy~H^Nv}eF3O5rQ_UgHVIs)ll`;}xZ39GStqRYVbh z2H$Z`4}?0omBgOF=Qty-zdhTsW3`XaAL4#L0W3NBikmWE$Y*3|@iyN_6P&TWqG~K> zDszV@qx3H9V@R@(e((Wp1OEosKX9*!>3iUaG?Y2Vd&yga&*~|4(C*)r6`nY*LlHbnyCAIle#$w5kmge{7gEePL6h~KA2WDc>mLJLo3rAVK4O6~^=y$!5mHW0t zI(#Q8sUwOhbwl*j{P3BgygilBh2Qp%{l;+%JHtO?Yq?0H+nZDdU%&19g^Y6~7}-DO zKQfQ^fFNtkCe-ZUuo}vO_ckWu=FF}4yY;i=gC56At3&NXqQn_tYMx_6K>!LKxUvh& z{3^AkYE&n!^;ADtnVnmHe1~ndRU?qo9BO5{y2N%>sV5q()acp$Gt}BjaXVA<7dLGL zm`;Tvn73ijSNp35>k?`wU%B1t4x?acYa{A{(Rtia(iuiZA8YxT`ers8X*?FZVbtB8 z?Ddh+eNZ{51tM)}HfVX*|Kh-Z-AGwbW+m@?hr&mG3l3Y~o1imwEJU)Qnc(!`*t21( z>hTvLr5p0y?NitKic3si#~NUtU=a{ALG32)aBIS2HfOqYN(Zcp=j#0%wSOLVs1hSz zZfD$Xjbg{q7Mp5o{AjaC!l6%Yo-7$_+Q_Fql+NG06HZ@j8V0=$QH<&WV(SPyUClhW@hjkXTo1a{u_RyrHfo1hbRFN1Y{VEv+fX1AnTAG4t?Jo8 z;zS+9IaZOI(`$r=FjL80e{sBPt7l6ka1VG0*T&HI@kvp7*5wcWdx)|VtZSdAzP+=s z5F1CXU@t)Eb?-H)&&5oqih!_*{JZVn^=S|M=w>d5FcBRmozH(xN$@g0?swj4bCg}I zR`9IHExavc1BO4sQSO=MXOvv%@X+|fy1*Fm<~J2u7N43D+s_iGnSB#o*!4P0z&f8_ zovgm$vruh{h&NL+A8NmK8h6RiY=g^R!7!n_^hNkaS_T`_Q~L6!FDDD{N{DdQSXuFdf!ytk8N<)d zgmQf?{l{_D;R1VYbL@mY6!PW}JvA15weBGzt9~utitU11Edo0l&0Hhu@{oygoEZm0 zLIp(zc22{}$&FbzH$zYD!ugPgw-#k;+ro?3iR2I1<-d#MSwMM-5rU0Ms}12)jWUE( zdv!Q+VQ6al^@Q!)K8NatFxl$9lm)w>gC3w?uIDevhv;3kgrnh2)xh|Y-?d5_OBzl8 z_p-&v1CJ(xb=W}C3MnCL|0XWrT#epqK31L0qQwDuh#le_keZ^$D-jK_fXim7?hRy) z=}sIqK4T)!eldGgbG?T7MODEQuX0<$>$t+ASR^{U`nG0)Y0r~H_1ZC8%PObhuDU#j z!Tjf^v!RMx!>(iP&e-L)6LH_@8RqMj&c9q%UDq;h>@syqKfC?z;9^vcM&x?VXDTK^ zCK&zgH{yH<63WEOFu%IjVOUcwroAwkC2Yp>pzSTuOw&4a7{RaCiBO`iT+C$rTwEGa z{bq%F*+#-tnwNTY~4(pRP_IY;1G0S|D#*b7rI@bAu{u3q785b-pIULfF zyt5naYYGYRA(2k)^9=}MDu#YJWOG$wIzMZdVbCgVUy9w&=&>fQ0}i0>HM(n`gya5G zE#L*MO0S6lTUZ-E;lxYVhh5Q6ldY?_xkFiv9W1RXZ@=cGKV3rB(`fn?&Om2E;#1Eh zPXOb%3X%_9NE3Fgr2Fwa0FU}>-fd^W?cJMhtd{B$Uj*hy z!!+HCK7V*wPQ?HXI(OE^B`;2d^3b1_o|*VpmM_VnPrNn+t=n5>{QM^)3hbNvX~xuk zlapkV1Tjpg`TY!|GSvV1w!7r7J;f0Jaqgb~`L04?*3nCt4-zYcLc}8cZPFvtN zI)QY#N*ggx5ygFs=b${4%js_;w;-yJdN>j!dsXN$?*ng6WaAoFGYD(!=WS^eeP)Mc zN9Dk|;O<;asyn6$B3pfiy9vu|=WlaF8Q|gGq+=>GXe#^qppd-`s%xnEqa8wbVAhD> zeqV6Gp*{f5Xji8xx-tCM6Un$Fw?wzZrDF)G!gkrUR{j!QnBcw>y2Vwp4$Sfnd`Zw^ z8#*{;U((rck0voc&K9w5rI9zq(E3D+aRgTD>Wc{14;F3mFM=?DL)X=Bo0DR!KAIv= zV~q%}vW1kKDlY6aRWcZd>|;yt*>{sN=#gf>e_#FcM?W|-Z4Xv*_>0yp$O&W9 zD6d#v5->x*!o0~&P4gn8K1&21eltRTp#D%K;~g{zDk~j)?z40f_$c_(2OL8{m}|fm z>LB2Zdm{Euw5^C+DwdE+y{d`D!)zx5Blut%o(PX9q*O%pH_@p&R_4e!1*Psp-2R2+TtLlq%gofW#jB=-=Haqz{)0Wnzn+HZ>hU~d9T9cDk6MG6B(bC zrH8l6v}poC$YrM@dl(VpMqH7!s3g^Uy41=o)tBhsRi%}yf}!11BJ^Acp;eMT>?twP zwIN!tG&75GPp$sEDOtJU_4{GezKhEPo5bgIbpbl>?kDeSb=VLYxmJ>>n?$<_b)ONf z7qm{n{-z{WDiyzBB}gOM7!j`g`OH)M201@8(U09BPFIUMqnOZ4phHr3q-p4pgMmOrdQ=5@grJ|56WG)~rBkOGY!#I=mPpScJg?7W~YI-d&O<9|f` zqEy1xB2rtfM>2c7j-UAC_5d~q&dy2wij5v6JX_Jyr|nNCdaQXYgBHxN7D+q4VlCV4 zKp8-pE|^Nhk#%ub_~$(FWzQIws8`u2g17nc=P}*!Csj@_ki&=5{u)*qFK(f^T2$V> zi*7>O{;czrYoJ8Xn_tRc^S$xcm?Qqv z>ksl?#XnM4nXvAVOIwMmvc_#Fz))gCq#J*V1+vCELWH;07~SI{1zWo%I0w0`HDWh?o1R$P|+G#tE((h+Z?mNA+-})#f_xF zxhgA&a&|SlbbFx{yA`?(5yfI)00eb4b`q54mCk~$m|sE0M|IlWTL3m}@LE4||z&s^}vD1763lZSBC4hK%Y^)`b$ahzqX ziS_O(a%(Z=@l z3S%mlJ_f@|v*%Zf-uu2 zB{8Zf#x&I?S>iTebF73&JXmiQljhQZ3aS4{W`#(Y!NYOHdbQfq)VOpt<~|eSwz)*E zkF;^kXIyU0rdNa!6tI3yCF!fQv2oYo;TFpCut3h|Q=v%S4q=~l5fYA6l>zkQFWkl0 z2BeYdFI)v20$*;Sb3KyR0_hy=oQba0N0f(HK{A8$)q&i9r8_aa)TVNG!gRR<;i2he4*js7>$j)Uv%hAPT0=PJ@$q}!4J@tf)C6qA z^3U(C`?E1f`#C`{DVHlH*Y6!LwX#sB0D$0G)gPZV9dGKQUrIV@j_FhXFpT8H71Zw- z;GIJSknI^?ORribTLuB*=jYG_WLXi?IL5p%T_}63f9R3js#{hYi_!4mM#_0%{grNk z3+|Sa#{%|)i8^Kb-$TpH7K#ZGx)}e*Mb%|%-~MDT8GP=_CAF&BMttBE3&5ou%Rw$1 zrTw9E^M?vlglzBS`It1?|F+Kf>SHg+wrunRrskB&eHBg)*XMGAKRUeWBDm9%_;V&; zv)L;U8*EeO27w1)>Di8VLrUBy1W?nQh5q~Mtg~*RAC+w^uHbGNA=!{l4cBpzTXmO2 zyVTRASYZ?nRJd7_>e~s>^s((enBC|UX^Hp~| zLFRBYpKuGu;%yL7f%Am+&0_@rniZKe$;OK-BIeCMOQJ5RTJE{Uf8BfZ1_&7muO9Bc z?IG^dHG?rMvKh9hH_=0o-2~4T6*b92%=b8 z;6EiyHeTZ;m$3gYhkYAb2ZwF6o4kO|*l;yd{tl27!PXO}$GEuSS- zRQh|Q(?#RM29xIrd&rYIYgC^U_z*qDEMFOJ!4vPwW6WyhtQaN1rUPc9<)9l?Sb)#T zH~eYqAK2>lW{V0{3{7)UFG&Z|M=3!M`R2=GgOp?4gF^yc z*Mvzr8_|7!=|9d*uJ$uEp(~OHS_3Z;m@84<#FY6x=T%Xj%CAJ57$3xX!NNlxd~I(m zGb#@aM3gdLrxVRL6FflBuEAxuVn|@zc+}v;)C=&2lg9(34Wd0ii3p){wB`f{PR3B= zy_w@+n}%1bA8aS^;BCIOU?yi?$j3lv%Nb|G8%`!R{Lo@))moue7$q}?-yF8W8^wlV zMGQl$t08Tti}fm85k2Ldi8327E+}n<$$U+)-ahMH>}#?)1WeJ6)H~zHvT$pI+?$bj zx1;Eh`qB^QPPNVQziqi$oRb@nj4=D%=yRyhW&hu2UK|mFki)tPJ#w%X-t+IaJO`7NjQP*2BlCax% zAGB>Z@GX%D!t{PtbS@FQM?~)I0PbzkX^E~FN?_JwjqU+PIraq<&*AZfoyrNM#)rhL zPBg=Tx%K^7VKP=wks?`Yq7nY+jmsN%kwd5adh*#=*TiFMRCV7HprTZe@!X%4K!*js zvZ0#?oY{7)Q)=0l8*kne`VS;a2AxqqP-S{L@5i+hluR$3JpvH4EA1b8_OS-dR|w+o zaNc!gWqSbH`a*!b^~xl^S)=HtWK+aLyRMX*iVuS=F7c942iziz0r2%<0m(N^E*IL zUzp4GO_U$$#;Mq88bjl(+EwrLO$1-A9Sze$fSAutW{F;KasK<|2>-T;u$l;5h|BD1;r6>h$*n!o$H~?i=4vVoq<)xC6b1 z-QTC_;QG4CG(d|83$~Ttfdxb9q1K7&yHe%^_9D~>e;Xo#*M2jF*98&bHlkyJtQpk( z6Az)HxbX#+s5()A`)D+=%7^Bu)rERoD04!mp~4yo5GmBHmV0T;N`y>jD8X6%UJq$8 z#tQf~#Bm)>QJ1=<^E3tL6!$gQ&*o#S4x8NAGqw_yU3qh+m4*~=qb9a5qr7umON2{g zpvMyJs(^{Y21nv8niR2unN;230JY>oRB**OS6|_bwHI81^F4sRc~8rsf1AP}nGT|Z z4M0hWx=V}tbz7sQGm=f~6N{WsjH@zA%%n?nI#CcWHV@CkkYIAUVx!D@PQ;vah(Q7_ z+gH4 zoJ@8qqBV5re7xa*@uTh;z3Mg9yZOvoSo~%)^>#q5EjLwoy3x|I(@03v0awyd}f316`ah1*F*WK1BiU*XFE}cT%p@F!0;5%{G`u=iUGfTUutXVV= zi{a+6`?Mzmu(yWqw5iu5sP^QY>TbW(Wd5KF_OWWby)=9&pUSF5lB7>3AkoT|qwtQc zHHnTvE(N8%1vIp@YFo0b;!eRlsLFL&iPX>EYx9o%745m)r|+Kusodut{(UD-s6hE) zuK({O-ERv+x^SnwEDK|(GNrQVtwZ=2apQANzvUoXS!9sM#CJAce~=P8aYnC$n6gRu z%98&Bt56b3$7v0@5MA`zg1{^Qzu_7f5WQ|@0(LDp=_nh~7$mGnfC*DeqPpCwuwc$1 zmLa|`Si2{9dH$qMz`~rvBEx>F-yKxk=EQkWxr*Dc7~}tD0hE8DDzi{5*ljJp`{7fM z%CGcP`g^!ZkHQ+c zz9_l?R=SK|*rC}FcmCi^EF=%C;pmi!bgH&&SZ1aE$9DI5_x9d3@~mEbPBK2f!K_066a#2w7!gB?2fc)40Qp6Xtf^qZhqn?$&a_tH`v0YN&n5bctc##;u+$3 zd%fKAfWc@wUb8%GC)jZ6*h|#?ai8R)JlcVdzgD>dl2piK+LNtXGhZ%xq0>g)n$x^* zDKM19nJ+tL)OFWdDZE2&ym4)oZMG(eG+bkLv6+6F(Rar9a%`k6o0cz% za5|W&wLCaqXU~309-d z^Ldar=h)fxuXmf=K6p)B6#7p~#+o=~_?s2=M2jBBor|fhtA`fD8?GOF_SPtI>|(aK zrC}2Dm|G(!Z2}q18gXsXqKa=n<>ICSM7df_Qw3U+ER=Uy`ZUCtU9%2m1Z&^3!WCxbhUh zf)NKctQ;7qKByV+o^{L2`a=P8f}}(wxyF#D%v@69=nhmuKK6`A7XMU#l}D0>Oq2tW ze;S0eqhSJFVyCoUGSe!Nq&k~3T5jW1)@OaDlR2A|v1ZsxuBDC0Trn`V=W?~kesftN ze6BAoZIxoDv_n4x>(kw+-%{i`i(#6md_B`~L~G9`pznN7T1g`bi~VylH@vh{_bN~O zCJT*u`@iR-3pjwHH{Gre>HzyuTyoie$ejQr4jAef{;< zL>PL>)81AcXy*uH$SA;*C+G^Kp>HI9=NP#SKJIp&D_>Ao{1XE5;EMC0-;Mpx+*lQT zDmILN>1DJz4PYXx90#ho&U*0>a_S3e;o%Z|-}8=x%rhbCJte{OuRV!cCFnvf#iv!ZKp6oT&@m z;sRkh@wUV2<6N>%lgOKMQ$*^w1q^X&QROodX)og@>una6fFN;pj-ihWJYVJKX3UsY}w zqZcK-nB-h7O=H6=?|$5>X!Ew`N%bm))1r~Jl240))EIM?b$t<6+%rLEMqM_&D5@pe zR;_>2RAN5hhp>yz4-5X?9MnNZkoGEu6ALmM+N55jQsP%L?R16jk-#WL!?U2@+p&qr z5;L~bI_h!!;*vxR9pVbERjSVjMZVQ2QT5a>=B)#!VMU&&gJxaq9iYBCq z|2I^XRjI?-A?6FFt=zI%(9cucJ*+I`1ZzPiO5q$`BJtS@m8|nHgO3~2|2!)t-cjO( zlRVfwxPIL*71FYG^`F&sc3gD_Lewi_)}NS-&VwE&U!WfwUEGZ^-z<3Pa}n{q!DO$9 zpZNKVAU4@4Vd8Xn(tn65uwclpWI>B-$YS;;Za+c=B&Yi}j?S1K_l zYvbv@7fP=)=c{Pk1+If275cbxN=LdD+&Pso{Q?U*Tr421t(LYP7yNt1bwCKv45=@v3=uH#**&m7 z%5w#zgLvv@-`i<)1sl)YL4(jrUxeSFjmK9(*L%vRIRHJeIRMO{n>P6g=b&BB+xJ+0 zut_PEF4Z$<^uj56P|>%kuZb=lnDFz$1?NKl6mD@R^V)~L$3366Jno2o@j{G}O}h8m zy+o+PkPNrR$wL-U&v0fFTZDQX$sQfBrbhSy=IsrOcb@xAZG3flC-BlR1}ujlaGXpl zbMEuZEt!9uTLCM&ap&vtc%RYLCDZSZ!zD)o4|K=U#1lq?OZ^9%UB>$?oz}*grGs+U z`WAQ z-2MrhdZ!1p=Z=-w;fjCXDwott*#{aXZz5uu6pbe{EXQuUJ!QKI;lVdht^?@iYhzby z6$qLBD4Q!hHW=}1_t)l^dm+t*^5V`}Y2%JA!F#4vN#QSeUhGD{l=#GQbut|!hnKe= zq0(Se8e4B8W}7mm>H)Wg&+h6jzmE98^qpE}KE|grY=!F23u(zu`?p)VWmg3CTH#6d zCHemx_9Ov7Jhi9Hh#MmL)9`Hi%0S0^c9hi_gYO%*rN}aP@3-^Bs-eZ7?4R5X8Bpu3!xPJp$Hv&_G%oKtvz=iE)Wq4g1bI|Se3 zxPCc%p;>{BX6k<9SFq_=dzSR|1Jw*{-Xr|hn14x2jetvD#{hwA zpf9_r*N=S^RMX~uC-PGvtn%pgkq5|VugZ$Z{2;wvfm`hmD0o@Q^@gFS?I;?ns>y3| zHF-ZfNR>tTg^Z3ZSJKyPrwa|bpxz)G%vT1+4vk5Tr+i_$tsPyQ4!p14vyguhxf({9 z^?1a|CHC3oo4YrhCB8RwiYaJ5Vn*oltJUv<&{WmTh}+JVJu)hL6tYFeZ4)6gvPt%) zvXc?rHf4m&k{PN0`L3Sl^L>8**Q=K&y`FNv-`91W*Lfc2aURFZ!LZ9Cyf0pq%t;(| zDMgj~`~K36=6SAoW8692Ui(+cvlSCTn}c$BO&JQtuH-nstf@KUqjD$Edf5A#7jSb| zpJK_FmVSN3^AjM}vd1GZymveFul+5tU@LbWIxJ)H*zaK;)1Q<$PJ#dg(C(^k<%rzH zo@*@vk(2HCe5jt!PjM0D*b zmFT~;f5x47I;$%ANAPnKwC#T1t;qHs&V#qMZ-a*1US(HVJI&R-6=OC1?Ll=xR5?u`t;UJJ-%AJfngKTZT85T7FkBE3tDL+%psC+yJz6t$A zcYkLeT$8ZfIIrc~b5i4Y@sCN{wXiU|9){PI_}o*QcE`#_+La4Osm1p78jFea0wpbD zSXCd~L-8*IYsRr(2d6zvWL|TbS%Y*vbUy*i`z%)I*}i|UCjH+z>!gQ(RJNd-$Bw)# zHETjQg19)FMcJabu|r*>k-odrL<#=9nk{V2xL<9ic#j%bX{4E7hM?K6cm}9SEu-;X z!^Z@x;h#Tcm3~SLZ;v^^Y_SShfr?ex5%R0=24|WN&qbWk$8+0^lw_no#$PDPdqQ$yMHV!c|Idt;{V3^7j` zp4joDa%y+&y@fHD>WJ7sK95e7F;dO!{I051wbrL;Ui3c+oGyA`INbV@XpP0F%@Bfr zo0W<8*5mOn#-6LUh|W4nhU{Duy`K6CCa!O19eqaM_u%jm+rsBnijDksdKkhqkEQc; zVjj-2J2G0-{d!MMUCiHlfRnkT&4msdyMeuq4tZ?7%E@@*%%x5lPj15+zUC~jnRNvb zGy?!Xm^TEjyskl%nwcMU(WR#*7<;@ygmUh%9xSzSWe#&}(+lz5E;R|L&{_q73`Y$0 zeplA(fFuh6WIa2z3Fc%wF>O=rQ`f?_uqT-n+h|IDl#ZRoTBw`Zw2Vbu3u?~WI?^Ay z|1k8mG!@n5d^0Nl;B<>cG$ZGk^-z61tml4kR}DjlLd&n~A7ZnI4eb7b3}G3vRiPul z$Z%u}{C$!RsZ!4T$YJCUqTGN*8zO&kR-_=yV#6iS^`rNFQJA5+o3}GpUI<&ozWbE- z;(#P>dczO`m~--7RT}1-=q>3@)e*<;vp_H}X43}Qm;s8?crLw}%;LP5KuY4-ka@)S ze6YI!rgq(iX_M2$JgXpKum_Wr26;us6xA0E-$Ip+wvuTVAo{7E5cpGsX_UInUSe-& ze|vXmkraB0>ss~NpIx!T*#o&!bc0gAUlF6|OCH@W$g+jhMF>ou$IZgH4J~99Rxgk5TmKh%N;KSoQ#yvK7nzg5NUv?MhIn|+Yy#&D;(Sq? z?2kj5Te++q)h~v17SW4&uuNW!G)yDh`StAM{`WTxdqSWDnBeSN@!PUF?i6foRvG>M z|Ek<}BU4g(Y1YbwUFQxj4S@e|3-|!vd7Hp{->PaGEctYjbFywm``di`^oA$*Dw?tE zCGiii)9vl=5w+e~0W~lF{vyNL0Yqvoi+dc%twx-&i5IMMh*>13ph~TV(bAE@)==uw znnhtyM>Ap>f^;uc(njWmRO#l0;+kgEV51!*gtA#o{(4Sl`fae6pX**bhp$HL<;`t74|q`ls5%Kp9(8HM2SN^32D=P-Y+L-=YT z3V%B46M&aMcbXC48?L|@r4jl5_Uf`m$h7lZSYTd&^(lXz!@z>0yPGMcz4Ba8hwu^m zgNKe_g~Lho$1DHbS&FCIN*y9Hue;t^Zk!9C{Q^Lq0kaC^R ztZkD!L^KWZgl1rE8;bAQ@RWA0olmkcJR>Q=OZfutm1(rS93jsdPy||s-}TzQA@f=Z zy_dKwQazUP*E~z$u+fe$AUdyLX<7|Ub`g{0thfm%xsc@1)#dd!Zam%Zo5PO)YC|f? zOj_j5`1e;dB7HU2YO295!?;hZCOQWSRIci}cq~&TjqB^9G$Suw{z>k7XkMD44) z0VI^+73NsGb6#IxI}Mw^MvTBfH5Y_tH4_xW+_9cspxkm@gh*(gWl(!(ZF2JJPZSyi z$@gVH?2};Ld~llu;^1{|hIXklCD0wdvi=;DF?YTNeGX0D>(G(SqOa$!;^fvm_#xwIuD((i`Jv- z=O~4i2+~0R!xg5ePZ@BReEs>S+f$2J))zBe+cNn-o9t-=9QYf?Q4Q_f1XdK1hO}4R zN^Al}_>K86QepDkE1(}%3U_(U;%5m&xe^)B(#};mr=!H~;lAq)TCqk4&mC8v!;b7g z#tOe$AI%BTs`;E5hS@+D;Vj*t$Rm@Jy^1J@hI>Cc&TR{6f8~2siOC+3)r$8iQ!T zOQDzg7ScBTr~51{OdnC+o9}iKtl2Hzhl99bXVmE7!j9*6rDux{ku)U~mizu;XDC;d zVI0gxevC_*paZ|J$>G)@PG>Azo8Bdah*8)n_8tae&erm<4~Gt^1cCIHg{76z|FSXU z8vkEH7OhE$lVVJzlIn(}lLqZg4f;`-O2<=EdE(%mXC8UM2v}TZeGU?ROT+@$3pY23)QQ(mFpF3~dLq!80CF63y;&fwDu>Mn<=1-WTc-RMxGb1l(P-Iv zxOE!Q>lL8>iG)`>NU-f0gbz@8j#4^#YOe>6j)7%ss&sT7+ja=LRt78MW`a|4gp~Vv z;gz6gbpUkrUQxl)O1=K^ePeRFTkiBthSLND{kpbq>rVIUOefvKM(pD6$dKsaKO)*} zhN3GEs(3a|4*=EB+x@Lq9F#1iyC2B)FG=1+}<^gMG$mhQGBy= zis@*~u{+-gR`@ULz1yIEQa7Sm7pP|`B1*!@LwO}6 zaSNnV7M5B3ITo*=Zz>QeW@#6+`^e8-cK-Yh_q6NINp$LF&UD|Mf_+@&BqD>g7a6@~ zSKcFZ?>rV=Ge8?lQ@R@-8+pk#i}DlG;end=&`&2`6k4Ib5&}DLKGq}l%W`H>O&}MB zyw>5>X8>+iG_?}Cy6-~v;mg5l@%ZY!)&Jgl0@vVGvT+oUp*ijl=J6u4b(fcPRZ+7Q zO(5$r`3-S0!byczJp$j@5As`Wlyg@DBR5jUR7y|WVd!-*2|H%`b~rwix=j9=oP|OK zQ$Q)X!+OBEvtP50vXn8$Gj{&eWj7|{ZY@GGE7<%CXUBxATH;BVNYN2z#0h*{OCc$^h22%L7EJ3-<{?XaNh;LH;LgTivsy{*p?Tg$il<}k;&AIH~mRXn1hSS7s zflRU}(}Qh!b3|ZmH^;o`CxkuO3S#s4kO%Cqb`C9YplK-CRW{3+Ut}$Q+86@9L&E&U zGRBY)=t93rEnMlK>sR+WX;lxcULRLk)N0?+P_urg#FOD-y^F34^mYJO@|-8NJMbzx1p4EFgQcjr{D+hN zH`SAL1+DMLMjg_PXul$M6t$e=Ck;OFc*HguH2H;hS}*&P6UdDy0s~{eSzYd>qa)32 z;hcRi*1~Y-)ymj$b8%UqLjt9*q?L*ZmV;>2%2ITzL0_(EmNC^qcopOpqj0#5vPfcd zu#eHo+ST?(G-N?f<)8DV73HR>j5K$Ij&T43&ezS!LL@C(#)xal+%$yvLCi5hCIWRr zoCxBWyV_3Y;Oz1#lX@ITtgD#4I_JelYCUP6S7~^SR{{hENGbdlBRnqR+Q1%IOL2A2 zwfRLwl(4E6XJ+GN@mOZL$V&lNmeyEpWI}YaD6uSIR7aCmnksz0Gs8QRuYV)>(8FHW z*?QbkgrY1n#A2;6ps2g_dIjhag*+PY`0utdf@JO1@Vc4P?sI2T-W`+`Cj#YGfjTGqj<-~m+7FYr>QD-3-Z7^$`>r#xyC8r>eOo#-ItHnfs_dTg5}=4l^`I3hm{}$q74l- zFKd?>7I?@Xt^n_yr_IrMvIY^o_TknmW4ZfMQt_Q*f%HHm#bGfp6WgClFqycM=$x^R z>C9W+g&eT%VXx0@_Wayyly6jXqYOy?ZlrP$4{@b~PBJ$bYKtXGNw^6Ix`qfv4HC7k zB8h8d+g5tgqxZS0_qX^=dxS(+N*?}J98U%ItAvlxj8DeZLG-<+0=sfj+Q&=_&i^NW z;J60yLJ?Kv%1ThHa!76v0E!hz5w2Tvlwy;R0QzXYFWmvT@bAU354ba^2fYuGXAj6M zi4J65#W6?X#^Y$pkUD^OWu@UVv7rXCYFLL&$D19WRp)W!2 zR}ww(qfz{|m^p@1@)MxVg>x_*-^0hjXa3 zK6MNzNvE+99q@cae|lp!yz&E78o!-}ng<~NTx}J2N$)=afLS8%%mDAk3!ELkfcd$@ zNb?Q}?nZ+z6b>8SCIMeUfUJO8Jb1`SJcs`|TYoM73>236PVcq8+0sugH*dm$2^n`l`Ma26kJ240~FhLBQZwotHJMo_McoNRVWS7jlYgR zl`ngzH^mAYr50?zHc|UMWgv@__0b9xuzX9ptmYv&T|`!p2?we{=iugA1}$PZC42)N z7z)$%r5C{4L|a{f67qgTHrbNcw|B(kHxcY0k3G0E+=>34_`VHa`i;y|%ZI@i`7+a* z(>;gecA5OUayM4NavZu#Bjn4T7r2ho@#BckuPN>Fd~07wv9t{Lq3~;S+wGkapMint zyECWWeqVWia(|t=NtN+#SRT)b!{>xZX?UDh_db8k3@CDpP|bWh!VqqekEl_BxxjyO zv}`1EvlkttjD6vLZ`IF{rqwwDzywZ7B!!%z6&8v)#gvoleN*iaul5BxefmqdqSSDC7;DFdjqSuq{i< zYlnib_HJ8bQY$ET-e(XbL{QqKutZELhT~EU6Tx}_SMR+{MuqfX$z~THnAGm69tNs> zI%V%iMCj9~B}8%w?y@F3cj;CptGoOfN7I}K6zs=-DO@5ee)$2N(bhuMKQF_e!CI_e z*~QJa#YY|x5Yb29e{)kJWiK%<;Ht2{Tf|qwgetr7pvx}f(XKlYmp?depi7UPJo~wc zG!fmT`jw9U{)7`G1;d>pUaH?adtkarqjV47PEmTbXVc`$+Rq>IF9j?A1rPrGMoj}b zKBuf!!_3a{!}{z>(+?}gO7f)DIUrJ^SbQp ztv`+5zh4SpaeQetXYtUY3he9+wQSJVD}qA5oO0%8hS z5S)+uOsbkiqs>ejEG~6wsL9)N$GO&%a%%xfox3Wsw}S(@K1hI|G0&MmtH>)`?PfBm z;S3TVf=-_6vQ}Yvb&Z$O4@>-YvUwq19;*@J!Q9B+Yw^WmdxO$l=2P2Zgxk-pVG{tl z`hzZ};BR6r%g9?@n{0M%W3=P?v}+`$S3?xVprTBXR9R*Cz;1&LF}~L$DC9KL+L=S~ z`vjU2z@Wp*@r)3g!|9~-KZtV)BH1mzbJ)=vPVK)eAv(8vc8{aL(&@Z9lmnj-nTO73 zwz#qTA9g49;u>&wu@9JZog`lED2>zs357C%;A-1fJopf{H$Si|pet zzh%UEY3Tg*PXD8V&EmULN3<&;4|*e0rgkxalz1XXC3UGreSsyO5^t9$fl(tq+{%^G zCtQz?LgZjS-0RIbGug4=0^&5iOxL-2GK&OmZIZ}cY4*ze7}&p$R5Pof<<6I>8R7<_ zjP+riI!(!t#3&E|P?7S`aG{Y;y6$?q>qXd`p_0WthW8axbrRQWeE=Vt+9fgPC!aL#6(mhq<)9!!q~2r2DjIU=^8uSvcuF$RvvggPQqXbgO66 zQ~4KLfZEf|C_zqlIPj8%aCNh69q&hndCk1kOH#r~4W;BMF4LDTVsB1=mb!Y}09I^5 zin`l`}Ww(v;g!D}+7e!5=IpTV`S z(bKk|-2JU^@dhCUo8%^;OF7C0T_W$)zH?2a{r(XG!IREo9i~lQ-@iF0h1-Tb{GM{J z*D1y@=81yJyUUmk_$l@B2Rzu@Plzp&B!Td{&#V~j?5Znl9qQcR6))eRaEhY6@{MXe zt-=qc$~(f=muZ>a=CZO;ai~v<8}YlWqh6d8+f>u3J~iR)A6A{C4($gjCP#3pyh3-AsfhoyOBH z0XfJb=5-5L|C?wlAc^*)s%=(+D~bRj}9~ZSo#OrCi=c=EzA8YGw z@h5xh$fJIrfaqkVlBpE+GG&_}m%M4``~D9kSUjq2x<$5&KY#%f?${kj#%~FQ4*#Bf z!Bb08(Y#QDPP321_pT~L#`4-?+or!Z_v4uDpfTVS$W_&HMS+l}-{G`B)0PlwuOu^o zYsinvj`7&k>2M(|e~n$^)=+=grZJ&n>Y;Q`tPz$OL;T&A>A0LPQGjUILI4CeX~*(_ znzKTg?RlgfwdvMc+BIUzVUkW1^4QLqF$MkCv=?s+`w=_g&fLW+lzIb0r!he)fLeQjooHA-F%k7NMMJ=mZnK!My&n*$yJn~Y^ZtU zk$yd}?}qG-Hq!e4TJHgo2Qh5>y*S(Il4*3F5)f2fr+40*|s>*K{n2O8$Bv> zJWK0D#~BrsF@M1c1Pd6rl0A@Ch4y>I^59+~?!?)lhDUefh`D=hnuvA{*C(%asfaV< zhnXniwEV#iQ`>Jd0Lw@b;#YoUw9i5z(qNy$4@yc7r*rd%QR3u3O;MQS-IV}9$kK55 znK24peG&DgH^h1sArFG0WkYXbg_gQw2oh}Q$bH?ILlbe1Ye(cmuE$ZOn+L3Zw#-M! z79^9lO5D6_M4@Gl-n~%GO_F#l9@ird#+hYFd#{vs7}DVGvd!gjT|~nCPO)pg1G{q4rzKm8H>=!+`P8eork+hhO39;%VA7 zWB(BonTX@@(aL7FfN3HRW3N7x5jX%{8Ya_)9BNI*Md2+a5(W>;>;HFSltshF;JV7O z1QIZRJpLrNQILZ?48yVz1aK6WB+4k$pPj<8adKYpjC|tpC|y!Oiu(Lzv=ssl1{n4F zVjeyV1X#zTOE!vr)%BC+^4!N|i7z9+5D4hh4QH&QZl}mn-ZMm|{+I1(^H7h3tSjyE zu}Vu~0aiKHqqmd23{V*|dlMj-Ur(%LZBLu z*P!ulB*rtOEY}%Y94zSj)2klrt0zWKq(tQOwu07p+%Rj8D)K;t*Q^Bp6M;Gf5bnmx zgFMlHmvL0?&>ivf9k@q~11)r0r8s=1J-uKh+-ebokI-eGe}SX(Ei88+w|=M8XQ{7J zyBIqLsp~~?US7t>z;FuTbf6ns@8Iw+KR`d;3=47}DiwN(OxP0fOtkt9{5$MfX78I7 zi7Pge->y72s4fm`z6$!CtI(9;DG38SX295ej_Pu{Pm1r)@BGUjnHpj=PUX0}yQ^qz z%&Nc>vL0&!aYiAoyk8;eMghmig z1mj{8s;a@|^SjqU zB_Tx+oA;{0KV3Vrc$Q z<{M;k=QcLn4`58k2JvSu_cD6^xs&_l&rF%H6~Mr%K|}L(-(7WM@Vg0f{7NeCH}b;d zrI-56C)6;*;nFG3kK@qER-{T$jM>Bi;|5kWBDw0nG>ZWw>QqEM*yjDGkrI885GZPQ zfLQYYSQnn{71iJ;Gm3~w4)~&PU?}};F^CoDuNDGuh?6ibXABC;RGBApm2lv#@qRL9*HQlHV>x{7)GCc8t^CuP|K}KW^1;@kJytOP?+5G>KWsgSSZec3 zCNOZrFo|N`x@PU&TM`B@{%k)zDM)kT&l0;x|FiGFD_oNB5etM^g`4_D|NB!&f#q~A zT7nhB_slZ+D}aYo>%mq3cuy(!x5=*sE&OmjS4sT2|HLc#|9=!CrmTT@UK~(=j$iG8u`EP2Kfym6)dSnM$T`O+}}@*Wn}#NDOPn1 zF#`mei>EmK!((J+KM(c|Uft}2F>+ihRYL<(peHzfzx;`DufEeJ+3o$Qcf(60P1kAhyfy44PoAL zYUSO$lj0O)M*VNlau8?=&P$$q4pa{w&O(D~`&*nM_$bxidl!u3fO#^8*7W_us{XsKQ@pUE z&TR0JKXLg109I+;E4E|E{3svV1gpLB(5uR5hx>nPoB0No42y~e}QFYQki*AK9pQy#{xc-T3 zzc*{PEG$rd#&9HjtN~V(YG>voBrd%m<$e#r{t%bk^Ir;}Q<~YprkZ98Y?2C)^=Vzb zlhaOlpGY76jcDq_aKfxS;Dn7LhuezVX*A?j)T5A5PoFj5zY6%FBds6qDZ*woy|0caL0lWnh2sR zLSZw8pkG}JO{}zdLy=${E&mo$$wG1MkaLGu<&nRA968XA;`*Hbc~_&zX0D>A-BKbf zOL^5ALTLw?d~pKkRVKzr74jjR3&d>Jsc;2u3fTbvYNR6v-4avq&f;6@{@MhrCd6`h z96D5X&}rByocH9u-uc^Lc5xsZPL~**hJ$Z*3m;MZ{LrdFRA8Y$<5Lbkzy{D~w1pp4 z0vx)UgQ#<&L-d|2{M95@hZZ#}yuoBWrU~xNonm^LWyH@G5!HJtbaEMCC>7HtB2cn@ z^4es*T#`L7Tvx%{G-f9xJos_0a`J75#;y1RD7v-N3m-T&Qm~t-3uVz7MB%3}j!AbD1AIct%E8 z3{;v|&jGZ6M6eg(Ke7k4*|H>tOuYxJ5eO9qfV}=C33cx4Qi`rt#E!o-(Z;(?-G}uV z$LDJvupKqt`1Y*`Ob%4?LXAJ`H7A<80FF8WqL*hIlRRI-z8w3$kp3m0F7bk8&fnk{ zcZ~qwJgd+7)(CkOJ0tlEe_z7yGdGtEsq#1PAA%le`6sU+N3wnO;4n{U2uG?-aV?v@ z0amt@=j2mpZh!m<$xgkC#NKCSSg`%@PL8JV-}##lN)r{0i%$X-WP=26LokW`zSQlu z9!P~yti0YHr}Vkqm$tfBZ#~F4ER_Eer#l8LqKHm@OcCxlbCMOPAoF2Gp_}|%x3u{; zV-ZO+1u!M3o~kkH3(t%&ZxJjj!8n`>F$=6F&k1Sv0Fu=cXLU`)5jB!Ov!sFP1LEiO z^EqWDEcSyqEUDKiUp;jnC8Vg7V zZEW5RH5XWE+20J1d}36sgVI0yMJ=A#k+)fz-tbP8$Px#nwMu$tjBC$?1r*(NsVVm< zp?gTrV_?o*y$N8*rv~wd6g)-k zo@w9%Ffg`eOe*gy@}o51iX-@ligt#(zWIQ!WZbrq>p9 zcq4gjQAT|(%p67Id2DI z-YSL}+zzJetbh`G=w=DEqHKU8c(qWsG}A%g{a?yA9ELoOE7t++tyK>nY zfcsVi(=^|;m32DzAm|u{V$awCPmwa6^G4`_1^di7buBzW3p&_wzO9LQ;_H=%+k+z9TH!7MC8*{S4TrrRTT; zLwIlTyKe_>LOzxK?8&}4*evdMs4@QyRp*fNxuDy&oF7o+W^oBfh>T1G!zR9s%IV^h z*%{AdV`*f6v?E0)rHq^Jm{o2qF~>`;ejQ#8_2fl(*l=5FY7=N_fCa|wWH2eDe39oc zXX7GshDq*NUpCE=HB1C)@cR29BtMVdbAVu6Wjk6%kpBxeW;zO) z0m3S91xTG{N@g+yHpgU$&Qa>0Vh=@53De6T{`@RN_Y`abz%H24+PXjkUJamBaeNn=MFn4Sh*|C`oy8yVDoQO9b#rjxNP&0|@S;U=KetG67e^ z5bzDWQksE}=Ygt6S`$l`(WBVo4A%PS{J`uB769;_0N=1{=B())LT#bu z(!DuuTOMHqH<$f>Ni-Gr@j5CgUlxnNo0b~LbKZ?RM1Bc$!P@~u6MYsm^N3Zc2-51} zHS>ku)Jeh2l8kl7PS`b8>E7E<>gS!FGbh!7i3E?Bo#_^{cRlVnR!lSMQLt3aHsxz& z&S`|F=qCS=W5LoBuCd7@d{`X>p6d@|{!*(=xgMcjA1ZIp{vZxg2p0!Q6W7m#URZ&wqXJsmvIC>vRd}J491J&023Twa znT1c$@p0eXg2yT+0X&a?VGBpSy}fIamQLh|-o z-j}WCMqp=rDSq-p7gvSAFGzP?V_cSZywv5a#0#op^C^N z3p-CtQ^H>CdbpD@NC((EZB~w%?6@5Y3>L}DpzV1`B!TLxxs$=5i%2i|<|sVrK5`*& z6rg-_qI1sCVH|QR&B#2%IM_DN*vod^EFNsY5X1aarPJ`B|0iO{K0+Pn%p8G)bJXz^ zp6E~g@eKhF))=fn9@h7SAOX7bI048JJ@baqrlAs3X@u83LD_{+xR&YErLh+RSAo=d zIkSQFLMAXAKLMY* z59T`~b(8Dd5ul3Tv;%-@{cHp?0P8KKarjR85ru071&+dM+9G2U2CNedU*4JfVakp( z=lvGyh#n`zdCZJm!%`35$h-$7fG3TzGRrz#e^y~Mysi(i53b=z=+KSC5?Dv4o>8dO z!nMk;-(%nd?3u>BRp_eiwF;Mt{$pEb(72Kwq493;93&d1$t(fx+)`$lo^1VuTnU52 zlT&3l46~URl$OQrIZx!W&MbP8QkKa_tt?yKeepnE3QIfg`Op->e_1XGUJMyKDIq^I zO!_j2d8{#!+PHWTkJNOjsa4%q;axwuQ$YPUC1FIW@Ab}4y7XN|9nzqvnSLzBd%BZZ;6mDZoUpg~ zM_`AFz%akjah3s6v^#YllFEBRhCVq{;`nJeSGko(;~4s&?X)>x7r`(w|vh+=3bI+H-`yNtdiiabZuX3$rBFruaqLgXye0{?Ix#bs30`8|%D;bl$r6O{-1C zI#!S%hNjsJ`0*%nvGC2%>AiE)+d#b#KI6pFoW$##<6b5{_W20f0O3P~p&G9G-j?qS zWy{$?!kd~9i6i%vDFv1d6B`l~DuhWu8(8D>VjTKg$R%tcYpEKK4;FT-!NfZ$n_U_9 zpih(xUpLd;eN8hklLj!oQ{Wj)K>lncXzz_8(ql_%WiPLj>fw(`8_o*G-vWXiv_VO^ zhQtnUO2S60Ya@^Vh7Ajn!dG|3e z$dKlt$tiKiBjuL1AjBd#9I)Hh!hQqOjmTA5`LX=KZ4ti~Z^?8$l>M#B4Zf3~< zG*Y&FQT0&^L1}pId#9AvyZV9eiIB>@?*5mxw0A+I??1rn<;vv~Q*||8Nv~tU>A_%< z^TbUBU-#o@Tlf{YQJHfM3UFs^{zfToB_A5TtTAJXT+Umo9$t01p3230s+3-4SOF%SPB71@AzhEXhU>7O z+EMmy1y^lN`$NBj1X7_=@Fy7{e#-okrxW)1u`5q0oGLWwteFrQ@&sogyyv!;v}I1B zXER*vvWz-UT?M^2Y+C1SALwAe{Rrb%AROZsK)2y|5|im3-wl{tu~NSL@$3?X&g1Xj zIlD7U+R?S%!Kk4IZy~vFbXkH;?8|L{IYtn3pW;!&hqJUZq?i-3lX-AE@O&t+7f&w) zu%gb&TG<7>ca%NR1yIbm0#-paCfg9$M7D-T4bRXnes7qP4Q(wps+ZL!Guc6IMf#sO zuJEKzEi83UkS3e#@XMLR6VNWHxjX`}O@wn`**`;$++vWw4b0{~|0k5v!uO9d9;YrV z{zbARdnp(PI%ux*7968`h<#PNTwK2bOW1q)HkLKTIE$5~EQGiK-ldORmbM32@EU0) zrgvQEUEwjR8$lF@Gs{sWB|ucYP3Y@3^8=VfeL4<)@)clARfAc_>h-H!WeRge9SSC+ zn@>}N1B||bT#6r+W2C4rJSzJPO`MW^&0N`5?8id{bd@Udv!|CA*Gi*rqMGL0@A;1UMU7t{>N%AZNS@!f_07 z`Y9hE%n8zgaJJ{$hvE@u1iyuCCNaSq6Cl*+u|SS__)RV5zd2Sk3brbVY1a}MtKQn0 zR$stA{egN_D-%GSc`|>`@hKHsjz#E+lMxV+h5(Mgtkas-yo3jK)Z_(g6Rg|%r|-y2 z98#=Q+Kmh4=xS++W~pWg(U^1#zd)^N@DEU6PBc?=TvZ)ui9@m_$!i2zAF*+4f_HQ! zd1`Xzagw8$ucLR;Yd3xS{i&a=0H#2h^rMnFMI*r@vea6-{n1Rx{pdKe9VLP%jTm04M!;>(b8BON zgw(e<`08dDs^Pc*L>r&e8 zqBEmn#*iv{d*Ma@q>5#T2k;t$>OZOCAGF}lS9#nk#5Wpv*_D7nk3%O8b&pPC&G`PL zi~T651zJMa?%sR+Jxm18;xV*I-pkW{@=i*k`1(&o!IuZz5dVfo8T`__jE5##Q;$#8 z7AfI10E%RO>n#DbrjF$#&yuhTpbvIB8dBOY1-uG6f{~ko9|+GAhPX=WE{>MxsxyS) z1eb!;C9Z2n!}X3n4qH86?QOB$KQj~n75w|_sV=cv*!sl1K9~OMVC-9o zOfI4xW+Dl1wShz9V9(D!-=DKf2J38w?1fNQxx)KwFCtNBrHV1k;>wz5K2Oq^C}S}U zEn0hg`=-m{ScMhk(^h3+(p%18IXku?80SS{APoP_M;U3qZ2GRw~?o;FbyK5yg z;d@p^PS0U5b8qaB75iJ}|7j@th5w6!6)R(N06*v+G?yBYGR!Q-LwpToKE&KE zK}KuEqqpsW>bxeVZUmiAR|3tgr9q>vS4i7keo^icmBb}P<6!)DvK?mp;yN;CgeEHu zJwT>Oi^(fGeDXVF@Tbv6y3TQ$!e-$I8W(Lqd$cl?>cSYnjh2X+Va%VK9fG9v|G;s%2{#~5ZB;u7tm#5^AMeSaAXB)g$;)-{S(Mq9?=qfA^>Z5{@MGW zf5O%!_+EkeZ5hE^k7uaMkfCKv&lFviaifPG@O+!gzbP|s#stMA z>EeO_73!%rbPzz2)7$O^m77S@?SBjkKMUmhAZ^!TFt!$r3iDw7r_G`!MTk4gB#;Sp zK@|+;#l16zo-v0Q0RknXmGHMP2PPFrj?{Z~<9Y%$p9k%igKhKn@Y1$08XDceRkVXE z_~{V5ZN7*qM|3fu??T+?`kvSvA1d-GS{h?T(sDsvbqTq^ppqILjQ{o)RZ;c9!-kpF z3{cLMI87C&Foe#=9=-r^qVmeU`Q0_$k4@f2t$G%+_*P_GEwdB#gQsT7KQG%O*$TO5 zl(kl~k@Qkzv*P(*_@4z~X$}_xnp#(`Y~hV=ul_xkke)q7(CKZW6^@%PZ7+h4K=uLV1=TJq%Tp+FWme@WXa|);e%X2DCESqP zk3KYRgXgK53dscg5JY~$W*{p>sa#iuKkjo03{i5}uNDy_Kj%Q+@Bwdd=_*yI|M_wMiB*8o^${ZMAY{&LZf{o2d9~TMmUWMxlRVFDShjoLpyFnlp!HA}r-MdzoJYna^7$m+Ac*j{ z?u(6bP#>`sZ2u>qz{4`0^owDZ8v|6j2ujBx2$8}zR<2ISBc0V6yj?&Dha_q1pjv1( zENa&E#n`-o?ku%|UTnNwN(ue_HVWgfy`N*MTzjmSU3Z;=zEbz)c&~@_?D^E$y&M-G zDp7drR%qpeJM_`-OXGIRbG^!eq^hy@v8s>U6#PEo5u+O`L?5Fh>&5g4^*!nLM- z`()^N2|9e3P`NS}NAaQF^^fQ7pQPdMmG@q#P3CD;7%k z__+4?n%1F#bS3KX;dE~cC2H;x&SdRMvHI$R!W-_Ujc$(lC=oW z$&kT^tmy>B?(S@qQEC$Bje-#Xgf))I#en=z!1%~OuTk_~SSe|HapVUhD z-nr+KLYsv#H2XDXL0MRN>qz0bEY6~jH8NR2gZ>}qM;yw1%aRO+%G-OYLv0z-cFp_0 z2#MxdRk}y$4|x^ZwS;|Bz9ZGCU+(ev;K#wGANiV#&|$7MZ_K zN12|4m(9zb@1ybDdKQoUJ1g|BDYkRd36*+~CDjZngzc;*#M(lgD&(-%SKQ-4mRxr$ z>yB-yOTBJSoqI*2#WaCUrJd&~m*lM$X9MA1mkrL9yfCWv8_fUMNfPqd-^atC+9y?+ z6f-Y0X?xLTvdWt;ZSl36|4(is0Glgwp1%?zT*NH=ymV1m<>UA_iG*W44kZQ2H>!^* z>(}hvnHJLXb#>(Wwd90(%H9azg*?KF2(+1c&yAPI=;-uu_(DC zV#wgkSN*SVZ7-*>hWS=^C2N(Qsa)0%6Iw0Wqpma@Un~i8R-r_8U^L>FWkt~K-@|Hg z>-9A?8U%eucFcr`@zQhRQ!yt} z<8GWB7+k$Sg+}{b7*OL|pJS&aC|#Bt_o?R|$j9+cMIKUSVzjOUy^XsOuO!fCMNnNjnxm>$2 zeU~DY#$($D75Oo@>4a=Z_;b5_qGSjtr zt6JRq7q@}%7aAJ|VixhxH+HBWOqe?pg?)M-UUKT?N`CGlB}{SK{rLm#1%woIJVWaV}A^%%;E1dO0wt4dE9$y6UYEqUYD8&bo zj4Stl67@M=e4^0zDgM_q&F%U4dwuS`sjlhnAI-7USf!9htp0X6ne|m&uMa#0LP|F` zo%O^W>Ou=dGBab6^0zDB-@7(l8)cbMskC6@gs-?E8lt_d7MbtE^+Zr6EPL&M_XgUE zYV+Hy-2X@1dxul~|Nr9=S;?l7b&yR|%HHdcY>q7?v$8@NDSIA!L|J9i$)3?VSw*%) z3RxwqGQamHuU?<`@ALhBuiy3i{PVl6^KyBKbDod;Rew|lj1l^-41Ge3B} zu7UDHuXDJ$+1f&!o{>tq*OHXMbqYti$GHQ+44gQ2qNi4kZvJdYPQbghnyqY8_ zGt{+GKQ)}>#OYjkX|Zrm<$KPF^=TKRDxW(^PBd9lcb*@0y(IEwNkKsxjjP%* zp3aUxt^5(m9AyJfX{w2BLcKXxj&0enK4m>D{9zrnA|kiwsq~wTEdCG~Jt0A4sbY{x zm!Xaw!|I{sWiEL_V$S%qG+qc~`jVrMiz;@ciiiL;dwlv?hYpxgT>xIQ7~nPmYY?8F zpO1&qVQwwJ087rfow`^?BtBf@nhDL$=<7(Y;Jn}3;dLuF<-rI#p0%esYI=GJoAQB1 zVDTXra}Ep6rUu~rw7dweQ?W|(f+HP&|31+OP<3hB=tAz^ai}~C(pU1}elpyU6XqhI zW&isk)e1rhoM93cVkPvZ#qjYDd~|1cMPJnS(JO+b^woz&w$^^Eq0Et({=S!JG7lD^ zw4cp(h2a|nsaAR18VMN=&fQZIdU@V5EEv0SS&o3j$W2q>n2hR#8PTk=65PiND1pvM zc8XFO%dsh=x3S&K`EGfSO&5RvAZ&Z)*>jGChCyl(Ei|h&HeZ|+?kZ^!e&+0!Ld*RU zJRd2q{>s^Ri8L7X#vwzEr{w5mlg<+iIn|y$1}qu_m)=(KqqR<8LzW0tupB4JQAG*p ziJ^iY)C@ulSIhJQ1I>%RPSKpN2`4Hk$*t2Nj3^C3cPZ>v&ktLuJhb1+zD*!@|VPIo#93`mHVjkA4o%y%k+XRSeQ zXYO)e?ez(*F$|klruZeuf#^4XgM3ah0Hl5!&2r&xJb*3?ZAc|7jlJ3Hf!Kuu{E_Ot zD?7*iH-SQD8qiGyLtjF+0DKaE_wcS**_6RgU)4&%+1<)1GurImkt zT(|G`w?aYMH!ikrF?c5*4bA$(xUSKt+OWh#F2nA3b_|$!12w~Zol;3{Upb83#z$O0 zNH$3aJ}Zxp#C~qED7fFJ`--IF=X>~kYi>EQ*Wsl{db@zk3H)JnvBZ5n9N}c{;1F50%7ppdHVp?*2YZDf zzcDhKUpF^j;{FfshZ#JSDB3$`n2zhYzuWxmk=0RI;bi8f88AFudCJXOl?k;@!U={zTMn(=kS`toH_T>F>cKt9L9xzI{D2q zzct3u-w!W+@xa*MfaqjoD_#t1(UOI$r!#zV*YjKNWi2!367|xW)&j+@s~0AUw<}kd zx};zaxOC(R=`qAa*Y1t;;atv;x)74Z%kPqzs4zP5nbnj^FF!xr*Wl$m!NjKi=uGm5 zrb14fcD6JhGAm(mtoAZH!vDw9+smYPF^yGGu^B*2rf3e8SCGjQlJPUwvbn2X9>aWL zJ^*2H!swA+8HeF>T=C|RVCZ!uzck*&eXs*}r%-2rRP7HyD%U?hgvQf|$VmS3$IEqG z)Jd={I_J!Fk0RSLD43p?TjIU&C;iOj53dI_xo*BOiYV5XyJnZD5Gs*YtY(3?#Cp%? zcRk!Fqvc69Fz9FSORO{0Tsx(?lzgbDNLgK*yA?$-_h&{cor{697%h@~Ow>d}qO^~< zC;fYr?Ab8|++t*0;@9Q~cd_*}%jiFks6+a7RMgWCcIC;if~?VFS&t}*dd7F#8pXx+ zg$)}grsy!?N#ykFRo1WV#(Q=-11nkdP&i0BQ>F9;uFN}qO8{g@{QA|-5#XwfmUsE(lTOUwgCE#(5YX~oB*1^~?>E?yj*gBN z^a&}wOC+ss4XrFZ@xR|B`duweqiKPzx8;wV9fjoi?Y{>arBE=Xr_&(qIe&78YH zGdZQX@fJRGnu4&WJLyAwndv#rW8Wt@EjB5WJ7@;%$`dpT44gdi#}~}?+veX^;1&H> zp9EISq@x+|EPE1pT|d3uM%c|Rl&%!KJ=p`j@E$;v&@Z)_NRidS5l_)1 z8MGhI#k-FLNj6D&Q)8&bOBlNiR%Y*?yFP|FY2p4k%;$-AK0n`DmO-hxieK@!$MS^a zgr$nFNPk{#cF0OCa*D~It-XS^OE-O2m6EosU%9(o~ zubPAfuX26amWU|STWTj<-!tcK?a9yTFQPo$trm)}^>ErPJ9&O#b2F38yXEl8v3>6> z9&S1T!Kn4ENI~YKgqfh6;sXh12+ujyK|_~4v_~ii2%xdm{#)L@(D1PSw9#wf@oWwG zD0TIfciA#x{+pi7Zvo$TI&Ff&9w;SOpgnzI>v!BB@nH$zw-P(ok%nM&AN{j(|n`men@JvrIPSF`kni;Bhty1%cU6)i|)MY zaGx5ci7@Onnckks=mD(4rGA-KybnH-yiX04wa zE~^F%6i=9pdc{;%Dch}2jU+UQ=$hX8&bNM2d|*N6UByJ;<2rlw>&dcDgXe9vUxf?0 z7(cP8nsFR|L(0=-KVUnl{_2@lEQ&(!+S^h-Q$=ytam!pYyIlgiTv|Wo#M{O4$&8*E=QO`j zf}4Ms{U^1E_uNjFRUQr>3Opt_Xfb7vKk>*dYDxKMA~v0vTOMnu6a1=GPQ~bF9Dx~P zVGbdiSnLCJa2$iW3LjG25(XRX*WwpkUtZp{(*Cuv&>EnxE8uBqpwW>Pvg&1ERx}X{ z4^0?))lP;JlAjPIb^LBs)j1&etIU>rq@6|KAx&SZ`u!5&C-xxTuYCHCzx7O!us~k> z{Vx*AlUy@zmklVbD)6B7?0wv!+uKQ}~} z|6}RHlenX-(kAZ%=*{mS$+WI)8MBS=;{pJyOY~cxCmW6Ubu;`1;}+fXi`laNqq~&$ z6fz3z2B?zg3^_8f!^Dm&+9g#te1soON~tEMh@yk5I=PA~zn3OZcg}Xl8=SwTAA+XQ zYc^t$Vfyg-o`$;tnQ-+z?Rw+$Vhaz#$1ap5|Bhk8X<28N9g`8>zDBh^V?d6=>HKOt zjK&FN=TYfb`(27K(6yPH_YLHAe8}jNj6xYUhW+lV`m*Ejc9GAWf4wf7r}(kcb&X_8 z(dkJ777oJ(t+bcNn3Ek@q3!Q#$y!8&9=ci0pv+PedT7#Bh~|%MZ#<;IoL>;{@3or5 zmfP1P4?vT&onX90NsoCY zLnti^y8JG9mV?mvN8@S9e=46>g;CfI={;-^>Fw=pq424nJN44Q#bw57?=uA;W1p=N zw}XplUwlO5BY^FG*#BOpXhn5ZB~U>$fxOt2iH@DR$c_x3s!^k$p9}x>1tJ4svz!~R z7>x07kXb6f192N3&}%5bHj>w|QizgFKipk=BKVM^^da-7JFAy4IJ<~DfSn{*xZBkL zjT&pj6VOm^wfCOueJE69k^n22wi-+vZ2Qa}EI%`K+yx#3RA=OgDe_+N&(i{hN!Ps$ zJazQ>o_r?}m~+tXyvi-WewNzCo*Y$X>isQ)Z|ZI7izP>HqcdT&*&bPbR0db_%e}m6 zeo^q_bbN6MTA4%T?^o^9@8$f67jl(c@5kC*m2kV9&#K>R8dbIZR5-5CNNLnNB6)>h zufz1c9BEF{*B!r`b_T9J2VDY?ayFCo{losnjTx!z`vwSD26D`YE(l% zu73PvExNPx==xzQeRRo>5_SC(qt=9)!*wVaO*^_)P)>hU#+I3PgL6=h0sPe%jyq+O0P?L>gvC`7v*k??A=s z{jclw(~KuBF1On?_$d(VjkN~0mRhx18kL%S-l~==Zu;J^@DbRi^j{Cx3^sSV)Ognys+9{xMeR!U-wpC3+mV6Q}+KSbpZW!lR*< zoA^M|3w=G{1?2@ibT@RBZ!*#ts<%b)qLVa*>y?)SK0+50%iAWub*GUg-)EM_kkxK> zP3AXTv)y*s`55$$0C;F=T!x@mnZ+VGDJeftJ$Uz#IdIV6u20COOWi7uZEyn2f9$U6 z7L%X}yHA|zTgPneW|}<#Z?JH$WQkmYLgaO$1Uqxc?=Zc~`tnAv>Jh(jx#DBehlIwK z$_&3pOHuEsB@A=)l23hLRwU1oOfTjv;4i@o$1foy-JHR%HDuyfhX) zZ_~q@)c-|opvmA#(zVEyW``qVau+%;^DB7IzZ4as!m3i!7~Vyn!P<{AVl9iDnmA-= z+Kh?~mRoG(wn@*f`$THX9WU2YH!3zaTrY~Q?hyRt(J9;+YYsL;p70Osa`NRH;-fLB zPStyDkC9!@LUvgjMNt&Qo}+Wa#tHZ^6sREN5OMOoPwCEyyCM1mic-DnUi1ALyDO=! zL}iWa0#jeUtgA@m+mTaHBtjwi;u{f0VhPq?e*=$?)cEdG80aWT0>p-CR1Ub)qjrYQ5py^RvZXWVN zNNv955?t`gN~rRz47Ki_*LQjjRKyFU0(gG?_m;|7j-4F7x*NZsPh+9x%8Ai&z{x(# zs1=9x+P_fvc_Z-w7fxDQE2M8-9#x{l-=oI8kSg+i^}fxqr-i2LtGb78fhA-oaDXg_ z`%E3i>=M?#plu5z7Rzbf%$}TxZzq0|>DHjJhb{x61$Ss6BwiE=Ad97NxOyz)W4NHf z{cnQdr}K6FpuxRgWLH=_VIlAll8D0DM?GTk;SeWoHF)!YBW>)3-_x$rH%qV}p2X9a z`l0|;%Zv_zVn|jBlQos4csja03K2^2j zq~z!W3cOVCjs4%ejuOhluk;j-Y1j#+iDI;i@y}Qft6fCldZZl4Zll4;=m%dtGUG%5;KOjdxpLE|x^mWBMY`|Po#{Cmavp0IX`0KS;5RCjb&|GeQ zhB1cs$VHyXT>nQZj|$1Ya^aSDCA}9-6qIj{)wr(Tw)1vvrxIU&K}p|q0kvao*#Xf0 z^*D4T6{@b-xT5@4ZGhYJQ^|k~Fn;a?6kR-lds`Fh4d4Sge`dI*qWrZ*!PswyUJ_kLY8FXeJrp z{`assMhecxaom zNzdb~MNuTTfCr8P>L!aoXtS_`rl>xgy=D>MEqCoDX7&!%^j zJKo+{?EUd}_y|pZxOEL*6AtN(xrIs@hvn&nNbB_&IbNg?8&;6y22o!32AI6w{i-(W!{w6%a7oyap@dI zjvIj=2U`NFB>pZ=5{}z@+Dgm#ju?D{8!-e}}BEJ3<@YF}A2=al=Z?%>ca&G&&4l|B|udn!&Ds9C-UdCfNTP|Up$X0LI zxZh@k4+y3)sc}hXZ=iWsjSL91PQH1acA59?1LeV$>CR~cbI6n>YWo_WY-~9Y<0a~-mF@(Z7?R|44`OM+ACgZxo&?skh4}(T;R|WKokMyLqfUelgeZ&5o z`Yr=2Yj);%Jta7v!es2DH1Ez!?~OsGzq7gS1f+qJVF47_j_`}BZB(j&WW6>nGxQ4( zPBt1^T1l0aXILCV&NbfcfNuP+z)IZ z(?Lfjs{K$L8bb#gRlT1-iKp{Z1m5W?&4S;*-iC=qE zd;y|tGr+L0&L1flsQAfW3p+jjwAS_=A8zp?zYE>|dV)6Sq3$ zH!Jq1z<(@*sk@PLok1mqDrEKtNMe`1lHm|Yf|7)J-~Z&Abl;bR_5WEC)_`pigQo8B zP{fr06?E?UC-cDyD-onpki@I2SOGmXLw3_0$(sTHO_|2lMMgy>zD?v=_`~s2Wg6g8 z$p9e!y&39Tab}MJ?c!33)Q6zC`82f&*p&}+M5!WH<#{dfk<=k5P20)9$U`cOmk&!p zULE)0TBXpz{72kK;)G-81AHokb#QvXDZ7y_JW1+iIYUikKdPmx>J8 zfEl7nkGrYUy{2B0O^CU~oeNI8+-XW(unt+3P6)dEqd407K74o;UJ^>l+>s_~OVoEX z1l1YVv3iRaCml#WOb&;#Ec9N?zPCbqLxKRrMRi6cW%W(G%)f;#*;e?ujrXyb%607?bdCMG)HKpC%|^1@V(IPJ^f$@CamcdM)1e_m!LTFbs-c}x_aHF6sWU5j;43tt!G8bY zybRkTYWFv?3?d?zM}RFW&_6yOwM2JXi&y^A$K(V3)C2lyQCjkoGqXy{uh$P`kb)QF zMP%VXzIxMA8LNdgG~vQf{Z#-#oMfji-jD|j8z+(qL8foxs9etN|Fb;uUhY?43Mr~V zanZBXmkW6-c!6KJD}fxD|9qx@!rmYvcXsg053`pa1I)fxPyZd83)q)`BbEoQ{Rq( zQDg8x55WbVR40TvE6LD4qu-GtBmjryh8^4Rwf)uJeEP2gxfc26tsi8KYB$gpVb}%%{_P)r)cF z?@a%5f)+I=)qS|Y*$)d7+KNFG8Sy^{@;|nA2-(0LYN_IT^qAO_!s02&aWF^R;DHwl z89lmo^;daEX#TgqyK4=f9gO|FG6kpC@KnFA)`5iN;m3r!pT!yxjX4%xDf3rC|7F@j z;9!@$$Ku)vsUP9_4@o1s0MVR<@TcSqJOTnJIH4*;DFgpi<^8+l;V>k2c^xc7lY^ha z9N0>0Cir#l6J#}0?F15>9VV?c>yn)=VFsetL8K7ct1opR(yZXEh zp8S-w537@;N=n#~OpAXaVJI}A|LPqy1cUZKnT5G9Nqg`)|DT@;j6F(j_jg__9$_B2 z=lXj3K(@yaYqU(@iCN{tnTtPK+)w>qOan>XBYCHE=?Q-2z4fz_fA(S0kPtY%_-_p5 z<>he;3YI=!uOvL!xhW3VNa>Hh{m+pt^!TiI@ZWB?-v>cJyJho1pm^-$6Wz z{J0Ue7T2j>$ufe}zGIIKA$6wxS6wL50x?}ZWZCHvh~nfVrbT>TQO1?d%)WSwu~LANDPprpH*Gbltej@6P;}3*f+31QAJVPeNNqQl47eOhmhVs>Nx* z(_3V3e13f(-3?B-)vcmG-J^JMP12i-Qv2(Tg7r4PzE?)}59H+E({Y32F8GKYfN)st ze}hg=qd0Bg36l zXP1?=gmQk7`L9wKlC=WqkXgUmZtDBD%i0Pq#|8_tNKG`VGb*n~HW6eLB!d(lJl?#FPYJrlgGgOa6)So>>p29j1Sw2)8b?&309R79ZgJwyQ@CFA?yUUh8 zbn>V}lK^f!RNz3W50pSdNZ3w?r0CiC+9ZvrA>z4l1dgFYbmEYi26lS=Y|zeuW?(0v zqD?#N5PJt2Mig$xQmM1~uVHszU49=^7knTyU69$S^XBE(1yxcO!qQmw;Ye=~&D5pi z+mJ(#$z~1k&i-eOO&XJHb06Fn%4$1+9QrU}cuY((wDcV@e-m;b)gH)hO?Tb&a4zA) zeU!v4G9jY82v#j+^>tU2&}00{RN=FC|L(vFoLfBPNDe3X0J(cUOzI#Qy2)`M{<9!{ z36GB-N1Y-CYhwksRFD(X17~@2Z-Gm`7&EGsBc&AsyxEBFEC*c*lcW8s;M@1x}f)})xSqpjHV8{0ud)PJq7qg z6w6^AiB{+DgMEJf2f3wkp>Fd8Dk+(&iT(#kI>cOU{Prz?3bN%1$Bo2)=Zz=9C5sdKk;?Gs|0xVIiZ;|Kk66F~Q zfByWr0?mDYQk1L}?2sBWyy_6?ZoTe*E8|{*m%RP`!J?*Qn*Fu*_80kz^*Ft!cYOIU zxymW)-js&zRtux*#GPDDGs+Q{^~Hkn`A4V&?tDAv>>giip*JO;Vm|nGo#-$NeBof9LOds}ZlbW(c*xJBM$r ztT{?#`zf+FP;1b!8manKUFY%2bNXHLbb%$ZbUUUiIz;p9a0H!L?)B0n0p@I5?z4=- zDfjsKOKyd2^i{eoJsP_nJ;70O;W{?d%gMR^J|$qn%xm3FkA#0=yXa}s_bxm6NVT&@ z#j&OQd|K})lmp%j0!gVJvtnPDd-MDPm8TURc)5+EGsH`; zd(R4y)rG<-at`eqV9CL|uP@^~{=K6TG#3k7(jZ=L?t>;|U%034qYoAiL~#lUY;q3I z_FZkXup1~eH4I&w&$eId$$!$>5tC^@o82rac~vLQjg|p(zSG;=6pln|Z<^Sx7TQ!E zyZ-09^^q-O4FU=&*N1u6od%OyEF_P}@S=9vmAAZ>7U^;TXZ7uqVZrIH?Yt^|{^`kz zs8n=u`y(src|C3<}ZBAZl#vUU_lKWzvX{*_g|LL7lgCYan(VA_}H-{}57lk*TJ3rL_Dc_D@&#&6aiIH0~NoS60>`LMz`wbjJ@%MWK@5mOb z{5~*_6vj?8-Q-N3`7xCSxKH++mP`pV{*wA~)r}u{adQ4`SNwNhc`ve4&iD6q0=n2I z8SaU(+9%8ou?6M=J7@(VI9H)@+aOyQqujN)B+nq%^Rp)OTlW+*O`0peW*L zfAPF+N-oLwj+qyGWX8mHfsXGUF+)dkqF90E9KDy%DNH@?=={hfA%QaDA*yGy{5i>| zQ`eWuUS8sMNhosBpK=)4q@=ZIZJ||XQZ{m1xWGV6i}8`cR64~h8tIV{d&t`yRW@e8Od7cH~Lq8-B|*^RVIJfqTHkQKN-)8tas;Lv9eZpqk) zGBEBV_j3FARKFuts3hdL9Rqr625mG@c=}n2;LsFr?iCe@0KJIwhJj?g-m@>gDLhDS221@I&TH9tc6kIkTY z*6Yi1mD?n;d$;CvIulB7-C7#qp%^M<2yfoy_j(lgCt$`!K`QLcMgl&(qh&xMLeQi9 zyivl_Cy{ujU@EUlo5h|yX5(SQIe3(qskLBffrWIBEDNFL2LNJ56RIPWX5sSioJO}=S^6!_f zW5Uk;?t7#x7U`SU=eJcPi=9neE*CMXG26IhmWckd%lO9u44rO?@ zX)fyZnO~TP+AIYvk;Cmz-#y%W$f`z~m(zS3EwO&@DQ$821HDz?)5|<@c3^jQx`X2| z_s0Ywf?nse1#;}w)b;KM$E0DL=Cx8QMv>lxrw&`*PO+tuEwbnJXabrgE!EE#N_Fn3 zKhFdINLq6F*n+r9%8Mh>-T%fF{|3HzDYz0%XTPwjz|LrTzI;C`cX=rIOGam?<8ay@ z=_jzU|-MK%d#P2?*^Uw2Y6tF0-QRN0{3plQfS3EQH`_|_^{fI!;@%~QN9W)kg zO=*mx;I3G=Wedbs@4e?>*)gbg=N^we6XnvjL9H1ci`Le_vbx&lYuxiQS){{IYaUJx zf2Qhe4k(OH%KcGb7{MlZaaqyNSSjC+bRq8n1XdR{dC-r6&j;9BE-;w!Z zEb;KBrJACGGDjqN=Z(ES+3+ik?2}!x)Oz6t!8#3o!`9s&0Hk$ROM@@}TvbX8I=am0 zN~y{h)hm~NrVUBpw6Z9S%aSd&HZ*P}lZ!R95$A+?X%4!@FGWQ3<*0Z#4pc>qm`|L< z5{ufuJY{rB=B8po5*N`Mu=fks1WDV3r0DEaKB_u0j4Ml4xnvg!%d!)QKokNlwN%AB z$gDA+tx5aqc>aw_)Y;=;Lsm$mGnpWfC)n#w;JC_e!+wdK`Shhd!zVq=pPr<~%CE59 zUuyh?2b(SSHu{f%@dAC|t_Mq*&fIEE;hOJwvR0+>r9R#a(qW^G64@1+*Mow4vY zw+*ZMA20|MXf!vp_~vLSrvyrsZM`$-y+)GcBU-dtigI3?B;ZHQ=N7gHoJI+m@VD@J zFcnrs7l}Dp2eMFB8>{Ga>#pi3%$v*}eO6=hGh;o$XEG=FIF2B9U9w9A%EY{?fL3g z{8Y5~BcaCu3*v3xZyC{8cN-F=(O}}Onhp6C_uQB9H0e)oL};fDTXj=hMF*%bT9&lx z_K`a>wvo>r?LK8}RBs=9&x{jyMc6UJvAn8-f2vDv{^(eyM~<68(%Ql(S(J(T^AE@^ zmf4P-lU7Nw4UMGyZ?~9Kc@oI#=Y<>h_D*a-Vjmibj8=lklF3|h4lCDR!`>5};O#nY>Ci!$nM|ty>-RJr0bd=kQ zS!*kP)3HZd!h0$|`h=Kz`-=`Dml!j|$GYd0E^Vaeo!!xlMIeC>E z13jNVw#ib*Ocec;zstUMnX1TmS?>SU1}R758`kvySPG*u z?0x^Og1}l~Q&f6*X*(@OiuPB>RQ1BjxeEq2!v#6tQ@~k$ubh_o4_vv_hOC$iVrnz-B5bltKo6GtC=N)=}ov0L5Qu$#I+UPGK zs0&4<nJS3iOaa)#+7AOyEdVsW|cD@KHA{)ja}xJiA_{#f8vv`VIv-14b7Tc zYa87s>|ML=z6j&aRaCLse6bx>O0nu;pBmijXTGG+V|8jD#$A{WTE!8v!$zWgm@HSWXmD`ozBSd^it!+ znaeaSoUrZQ>zIVm-&5Xqc zp^h!2XBHHu=xFWdHYxd+tkaGzj4O3tGPJA^M^R8U)Vgx^QqFIAzj$B?uAs5U^#XPO z^Lxe*Cua8eU9cgCGbCD04%|KNl&Nub>5?q3M`}e9u6QZ@s!~VucBEjJS?Hh6hF4YC z$CM%)14DDCzNh_ZLMQQZ`0TJg>IoYiC?WYMAcvx0So-+PSmUi%gSPV3YW>ydWIhYY z52DoP>r7mqUEsr@lLd?Nh)ayhlN_1B@;yOPE}Nu&c{>2>KJKuQfLOj@+TnkoeK1U& z7Z9KB0K+31PZ9XX8+;xMdJRg=8_skpDLb!Ub_%&S;`s|^f{Jx&N?EV0t@qD;;7{Ox zap5ZxjS$*xn=6zuAy*DXpoWmL4uu0q{CP-Lj-*qe{75cc5F(0F9U zBs4(9aYdDKzGAjeY@yrLasfnKNJ2}YNV?Phz_Pl(NsBxAt2{H-h??-)ql}8TCnb(x ziTMam+`CpaZ&w0!OHikm7%plY>t&9mzssdh%@=ri!UGPl_z%2IkbGLYLZMXKRzt-t>q5`rtp-< z6CvG+uy~y3j*pwA=ZT)~?WZ%%=V-QdnLVZ_ghE~Do)zbsmq3RXwf+4zcT=<`fJSshVm-&qZD_*HR65muFT;^zCn@#>E zk>qZGPNElTUP1W~4m^Bl?_(kDE^VmI*8?2)o%9MR4>t*y?o~zbeCQ+c$o}(WiK5E? zrm#}~k%L|DgU;2wNDo8tDJ46>MNss2cn_O3Z(eLIM`+zv8z zkj$sY)UdLSodXbxxKdjvaymXqQEo#;nzZr_#J%1~E_?`U(^v}cR(j6oA#w$!!9(i2 zcdtiyKb7AJF;~5dd{m*-LGf$`$__>?l@fkDk%DSeY|NJl%aL^F{AaIAv!Ex>CM}Zg z>q(>zx?6WsdE5QU>2p5#_y=NopWJv3Lub1ot1tbj z!&|vYf|$Nqp}{X{b?2AbybI|%4|j6})c}lkq2`Opx7%qMcbJ#T4T=)V<#Z-`jr(I< ze}>iMHD6<%S7yFp-v44>);S;p2B)bWY1U7T%b(sT5_&`V(mqU=)Rj3PKDuXJFO%DGQP-^z;<%){WqfitpM`*7?O9ImFDwND_18v6K zzNS9?3rT0|J-d3z;vMiJA^@9-3w=(2%hm%L zX{Ixier(yt^(*mGD>dRH3Xr_Yh zB?6vBW9X4CGAhgX{sG2yO+UYTcryUF>DG3?weE@TEKJ!VXM)!S4r9or{;YK<1@9-p zkaXRtu}g><{f_u3Euvnwad5~l7BBAC{l4A}8UnAd52^!pFnYrD<+RZqR#nYoxucGXMF>cfNE06Yr z_lide$*^XWC(pfKdbL|(T*0_V6%iti;6BwbbL0bo(AW|WC$$5*3ajx-w|j3Xdni~c zL{pv+QwDxZ;dnEnoOQst;{gna;4V!A0N3vjj&EnXs7SamKcE@#t8rqERLH~p6H=;{ z*9Dcu@6`Ui@FA*`<;%AeOSqBtTq9J77;nfzOgI~t!{i4N3(>vGhNMrR_stUGiA&+_ zfIv#Q1A{S4l{t1;QP_Ars-jhDixA!dm@VUY;;i-aLlM!@YrRTDv_!zfxMjr>a-URq zF)mo07cbO50NLVt7}{|Xa523(agZysGEp|OcqkH5@IZFh}RxF3do>LODFSO$pG zy|;hgwAlBoebvIX_OBDcj(J2O}894ix6#Eqt zJ_ppgjems>$|1s@hE_NB{SM)~C@5nZDqC9^38|!X9_jx)4!Q8(hj0K<2LuLE{}(=~ z#dHhMPp|HEmhX2Cx{>;**l}FB2IG-}@wpW(n`jtA%a3%u)`m+5n* zy#=B;4)q-ey=i2O&kE2VFZ2f?Jtx(r!Cmc{e0J2ie{(d8l#$w%7&bXeHAjy1NdWVePt%~vZ?MfBsc2e3*8^pmJy39)W&=w0a_xyX zq1LxoyDv-w!R{c92~_4QV%w2IZtU@U*D`?DDaEjmu88#M4$i)_s#K9B{D{)Tds+Om z*4_1rO;NisAhWB;!*xjjSrgS;U@$Bt9$o(YqIwY_z)rDHmkRfmr&hcw0}}#FkD%J4 z_AA(m3Xo`{Ps$2Bx__oJku&wU*Uk#@z5W)rEghk_ZLFHHgJehVvJ*9-aMYs2Zx4?I zt3O6Sdr!V9Dbw2>%T0+Fz7F_NQ@hWU$nf|?7)iOXKD-C39&|4ReMCre&i$+U!~;EQ zo5Ei}0M$!l0HxsfwB&mD@KRtu(*jKYIt+M5Bls?%7HUesHCN233oENCc-mx_fwt;| zkw1a}rWiy~;O2m_@7ea;<-k5&-ODoTNl3E}QW6jvpwsSB95#eMc2>HjRMZ zR8UKh0oFv*a|-P_?8Oi=D6DXVaLhC+-ad1g3H4lu9YE6YJ=Cssz~kq6?!-%mO*m|l zzUu?Va1x+CY)0K3D)GVukqbLL*e*qdkw0(1o83L$P((tHaXWcwV_%?u>z2t-xAe8o zAGwTNSyIL4;ez?iC75TAKl*%$!PLCWRPpht%O)Xf=Sd>Qs!$71Yp1pHw-S4xIhxsK zG8G$I0oiY?rj~w9pg%J^Tln^`?*mgL?j$%q6iQLEd}*w52jYzC1$E$4kLUUBG+XWqF#V>ghZWDXHnMVSb7wAmn&Fav7ue+ zN0WY(03BpYD}jhtGd_bVm^2PML%pt~o@0^bumCi{@3+7J>I2pJF(F)~1#lZ69VLVc zp@ca^G)FL@a?0`w{X44<_xk53CjhG|RD0(2H>uIPg=N6Lhe3b}MRVb*W(}T2Ddvs0 zehjvkUVbPm$xp$Y`|fJ2pmKE1-edVmh1bYDz|G&`7Xh@G#O@yRKfb40%7dU9M1(HK z)AqE|bD;#{kFQk7HNK&CR*xg$1LlB*Me%NLmaj+krW9Ut^pVf4>s)t(^6(ow0O1g- zLK|g2R3>%>x@@PdsAEFpfO}ng9EK;fgbRiXblHdesb^1EK8_-HJcRY8UMHr*3?Iv- z=`}5+gRa;7KQHc>exth2Of-lEKW776Y5DS^FAe;dyHlmL(?a*^xIZ{w5tQK^74tQA%>AZdyA57FP^!3;bUM%7C6G<9ZJLN%Oy8H@Ur|&)F zp>&hxK#rp5BkeUtCUIQ0Qy@BlCB_nAL)L=B@f{j=Hd4TOIxPh>M}j^h9S3zy1N?s*?gf{n5c+SG?j^5 zB_)~h2LuhnfC)?)SAChil!M33*7;N$0;Yn+cOw&tE*7C=&>3Lc&S(#@M{+V*DiVbT zJt6%aB}mG8AtgVb%NML3!Ybna{iB30jE(flkY0FTtxi%041p|v?t2D8w`PAI1uZ4& zXfK*N08BMa{_4V5Z3UH~s%oe<&2KOi&`xm&#UkaMg!EUz6sNu`Oc+FMy1v=Qq-9dz z%3yjIEi3DH=RnY3cYyYM1q{>l7|-iK}sfqM;r;Nlpug&F7eCueH6_k3*vvJ%{qY(gtSV}(fd)!{(c0&n>Re3 z@#NHwBpeA@JZ6EH+Wd)645sf7ZNw#8pBHi;=1 z@i7-Z6{;LZJvs)yDd%{kKsCD_=Pooh1+QVRQJ^~FuTb|If!E1c`exhYN9$e-%vD#) z&CBz8X__VJb&f=u8Ng$!8PBs5g6I&`%FTYoiK~&N@6XQC+ye)byeHHdv1iceqX}L> zRg-TOa6UqT{KEHr+)g>iBm*|Y_rb=Gi3)pY8M_it3L`Mg_sz{!s)cw{Dy(Vv@cdv| zrZo5zSF%VbJWTyzhg4zXeSz*X0SJ~A5I+oloKRPHFV;fPWx+dTx#DiC9QE`?BP>~#MW?)jK zpoW6`QaD_3>AyOKI`iJO><6&T2;9wCdN|`h@rTPt2`a)%K?6|amZu0?@V9QSLbjZtTTw+CzfH{T}Im!Kq{ba22@7T)q#sxlFwr zi5I&^R#XKn3qsGRRlJrb7239q)Srd{6G|C9GqZq2gJ&<+kXtk5T;u#w z+8bv`PK5i`{a+jdxLZD-_OVkzETofRg@SjHyEoHb@GpoFImql^iJDI14js2DASByjD#*sF0{@lpOCK73ej!cd#VYXiIJ`(BKX?W>mEEnBv28?$Guaowr6 zpM9*NTzctk!g}q*VCK#x|GH{7=lPd4ye1C2XPz+4yjGN>P7jd_zp&>oyy*MW#OIU? zv$_<$^X)al-Th7+6)2>XgcCI8`!$hFz2Ow(vL+#PW5oEB=lq@+y(=|_1SOXUf5$pS z{%LVyT{S{5gm>xSyh_+44Xf@)$%=%Q^q3<&sE95$R6LGO;wqa5MFi1J=rBGZJot6mZ=w??q^nuL&)A3D$=FhoIM$P;V&ZA=Tx;5Q?E~WbQd^8X43X%S;}##tE&!KHrPg53D%$DK_Y$_d>A_3;n+GkHzoP^aG5KGwqdKL< z#~8eBFPh7#q-3duxt;~b`6$_bh#RB^JLu~IR8DN0KJ!THJ(u59S`{}B%?q?$fURT(D(#Kn@tAg@IiZC zB8Q`j_nGh{6m0H)h&KG^vAYiMo1A~Zp~DBT?tdZp=IYm9O8}^NI3y@jIpsVp1uaEU zqb6{MbO6~I@rAMdG`}n%ADL7^e#iOnIbw9t+GY~w0cYne_vP3!SjUK;&+x_l&GQ2f zMCDzY8ay2Ge5T0%b`A+upG9>Fan8jC)M?mp&{71dUdfWVt<66ep0GmmzZiS#uqvak zTNE}ON|$s9(jd~^DBa!NEg&5VN^Ou(Qltbn9ZGjdN(j>3-ALZGJ>Pkr^SkGs@7%xe zdDP8*-?i3UV~#oInA&sPdV46~Ml3<6P?=-j99P}-`^r64t8G(Xoa?uRO<#3_5S>m; z4i>;ddIafTg!`XzXiWHT0j_Ewn)izfbM6BjY5r(ku<1NqmC_3xa5rXX25)a~17j`O zZ+5U(+VuP4xK2Q;3Dl|-e=3cKvqkBb&CN-yQa%hyX%XKy8Gs8z=wx_@UpA$>C%P0~ zK@62*f+i-?3Hux*fv{WztT%w4#*bg|?U?^1+xYSfyaA%8#+MVy3F}#vUec;_3{|+X zDDS<&NY0nK!S?orPpedn-+wddd?ej123F!nOxuF9;o98iag8!3K@2QbdTTAM6g>T> z6HWRiYyde>cyFG6rW^3H>>-9fu0#&Lg0gZl017~V2nF02T+NMD8ziiol9Iv*=ou)G zQNNOriI9<%ovyEUBLBy8OW=Z+FWKhi&Io>fb~}>fCUA@Hdv1@S{9YrM+3ja^7d#=^Di7>zyCRZ&lfBstatg7n7V<53Ae^{|TadU2rQuQL7 zZs23*unPREwaG%jOnAaP5~FIH*okseQ((jG=bk@s2vRiFI+uACz!gnG%0aU?$02v) zzYuW%uV@duv+tRxTM_Z8PwL`ATnO}SM>0S1*p5Bj_e#qU@_Xg*!inv-<8Kypx`Tfb zW?3n-n``gH9J;E0-Dl-rtNO2HbeNMZpmZe)(AlpVpaTwDI`oNTf;LUS+-LZeo}r46 zpa(`LrGUv5uK@eE2J$+uphA!7aKJ0V<-6XCVBQ5IK(LA&muoigGY`mNxFo!Aw8GU8 zR9uAlOq@QG%MfR2UUlB;$ysG;km11X#dyhiQ-HUsue;r}E!ckP1b-S{$7Xzwg1HeT zYa6^|`vBA6qplC*ji)OyyWOh*TZvLG)cM~&wO|Ob19y_m&%Bo(^T0&tlQBh3B1=ap z|1Ch&{e=5B-iX-@l7b$8BRg`l++5nB6_7o67k6{vu0PMmFMi8U|bZ1;n zdh_qNc7hY4ZnaF<^VU{oo%You&-{5{tgTV+u}&x0=|Lf}px${s7QDCWD#LlixGoZ6h)*cNd0tw+r>2 zg((y7eu6PjdEnu%>zz}GCfQ|m%oDtPME|Qdb(ozFD|`9*#3JayL!sMEN~6Z2E74iC zD=G?VYx~D*zoxJ7J7@W+CSCy3drvnI^XMPs5(W{b>U68Z`QPOL0Vj%3Utp-tb&&(! z3TO=&VS`^yVBVe(OL2v2J5X{Dz%wQ=M<5jm?eW$QZ3J`}aSXG_o+c8W|7jY}NLoE* z0`8!os{&X%jP1+jVMI`W?Ex0y95|w9YH^?363|9?WnM2!sR9y^_?_TE-y?;#P-NWg z51YWk#~*pbuWtz?Hv_=p>s%y8-~r439$X=4S{(5pBi>XS7wp`-#9r@&|gZJXQn_9bfD-N#D;uPU2rih#* zJg_CvT>gXok>Cx0@&q$B_bFTe4+iuhZ?}rw9!Y0HU=^ya6lhXgU@UGboR^=ebz}mk zj4*GzGc^KOyxK1`)xU6@R02fYw^jwh*W@P#rVb9pW*mZfUu8fqXZSz9wgs+R2YtHJ z6eTi3-Jq?~&OC}!zV&AQ5S$i9!Gm7#0^TEoSv}u0-KhjUWCmbhP{mKsU6wok{T?hr zDrlayX^>DO4b1Cf!TxYi4#L!(z7k$&1P6d*zqVqdh;+FK3u0>aifqkiHkVxCMR^Pl#&_-U3Cgnw3^xpG}<~fPk|TZr)j0Xn0nNZq6<7ls7Gi|pL`xa-3DWNQb2xh04+GI z?4|k$m`#%r?zf!i1#4QmLGjKzoLl?guUUTB#nm^X;!tIMTtk z0+j;q2atFPHL&n^!SvdM*4uSX&^#T5pZfL#!mx4E>uM-~k>J`kC;Wp7LKr9hpC3WZ z{m33FEJc2X14R=TxcWeH{>)x`hu}hsvE@mt=Qa=pt;W=6c%DvA6^Q^Tg^Do@{0{45j?eSh2nJYdr7Mjd>IG{X2QJuz+gs~IDl_e;SM)hQ<$T~zM@@524FzPI0&jIoC-reXItu-8aT|o zHiMsN;q)g-E#Bt{ze<=XCgAay@$m4%aF{2`eT#?6kQD<1sNdu!~JwTfh`bIr+TL zt7a5j{Q4k7eOPNop?k!_>2fnp44jSA z|EjVVeTopg)z3TxuY9zhc%3m5ovF4e;rLfGxo#Xaz41aydFh9&#KEW z(*5~r9G{tZ2GTT94CmJ!H<21@dn#7#Vg`W`IA^wPgsz1%;}{ov@%4d}buU^>eK#d_^(H>wldhZt`8Dq}WB8n^Vdkb$F5olX~VI$;^)Wa2;`O_=N}^-6CWF`6G04-luqB(#3~tId7LY6E-k zeA79As>cT-K(5EuG@$JA!6}$c@a4VFbrP}h_M-zhe#`okCzmWWkv{(kfqJs@VUj=qR{$`P+gNPA=e0#S?6j4*~5a{v* zJ;Aw8-v&EK_F?xS%Mf<=_Bt|$SoQz06aK^(awStOEaccVP!2!v`(_9#LM zEYIMaas`wq!`-(&QAn`GO3TO;3xKDF#~63R=032Y6L6vNC!jH3P*6Bb2W;^JmTv{XkT@)MNE$XzjbL{I{=$StlYGFFlr>JzLRi#eJqu8pN= z=Y%Kt_;?!lkTT_TzH5pKOnf(xuNF~}P@v6%8FB_w^*)CtfLP@mQ-C)GH9VkV_K@P^ zZbp;&WMBzw9z7kaK`eTf@R-0#H80*26-422IQ4ioWwp^tnmR0Ks* zD{$&i_+!Xt;x@4&Sb7NVdah`_nX<~wYy-L2uQYi#Nny!KFtI|LD#>}~WU6!RXqS3H3uKX{$W06V7z z)Umd)!t^4sj-WD730)(1S;o&1e=F{979Sk&!Y*GL(ezSxNq#Y{z1w#U{`hdy`Y=9* zR9^m#8h-;YSwsrlM!u0D?QcD!FeiS)9j=y%2ncegK5w$hbio_{O&_jP<0#ri%>Izj zbr2eT%H}c;8_W>Y#A4*?FIxkHn~hI5hQ^Bs!M6#%VZfY;4Kn1s#d-2V0kqwTv7>T5 zeydHx#l=K6CTJ1I5f#_hr!XHZGZVsz+zogAu|}W#4B4)>A7>04hEr$P160FgPT|J~ zps%8^{8A!y-eJ$NA|W z@&DIVtTzA*Uw#fOciFkxNk&BJ+iB?VUPf(V^dMP~-*RmLqb%RH&F3?(K$A<%_y3X| zn2}=x{39I(=g1jw4IqAa`n|t5my<*>G-Lx!ALC#RoY7bOs%x-|mrKyD3DEan2Ko#Z zins=1qY9~4qygK#<+J*8iU`ba)Q)x^85vcX#CW-uPxE{SM4Lw|@U8L-(0f=4$EoQG zdl3>L@d6cdY#wB?Bo*#CjR3gn%S-~R98ORM4PR&llVbi=;yB&Zaq+1CkdX8p-(R*N z;n)dU$dG-N!W|07T8X+2Q|Nqq0jgNq1CJgybxL$fy|hS?(J*H&K-<#xH;%q{p!TXB z&2JPS?+-@BduHBat24sqGXaC6PF-tvpmJ>Q4w9h?6_3C{#=PbSvv1h3m8J1AQPdG~ zNEHk|?Vor=kI)MofRD+U{RIr%Bx}ff&<_o9DR7-h31q@0onj~i$9&ND#Di{qMeCqX zaQOs$juy~fM!18iC2xr{aJBT}wGx1(>?x`T^4+^n?Ul6ee-X=g<&;Ce;zmOy|MU=M zXyUrzeltUzMl(mH4PT|l$G(%M6xhTivkFp(u#^ZA1BQ0j@^S+FzvQEy#b6DSPvHCv zTL%~86x|2~`MIU&@Zb4HAIF!GeA3rnn|g4!8H-Lv&rF(;8 zFXldnMjfCgK1Fi`LkVolaD?hz-C|&1<{%T}CP9_qbJXJmcE|Fgy>=&+qxl1ZB=4>| zPYFDAB&p~`X)q%=d$30YkKP@1oZ@=Td_+Iv?0r zA1!dYKzt9l=t_RbhxYP=nDbwhjf5S>k}$Fu!5Smo?x*X3tR~0E>rvahq(?Y7*Q=$! zF1{SW_tuq?zU4B&$}BPkKkULxu~z92IpivTq=tNMg^+~0Ex)51Xtvycn*}r=rdE=4 zx1hK91dIr@uMCTxf}(y}L`A7WOJI#kYDWoDU;)**=(QhPmvCPbu&GA7HjXS5Utq32_{cUArU)ZnE zKB*@{nr;CyFCKa<1athLR4D^2_ta5^(9Z`JJvzRPZzg+v+WO9}T!y3xL;OM)I7tWo03cHtk)gwC> zl5C-mu0tT)&A{;UPNdVb-n2F7O+XBS%nOPvo~>0dR**Iv4QDc@f-}q3H1IsRj6_{W z*TgTMibTdm(w8ofcJ0YmKH$m+d-{BB1(aP9t%F`nL`o%ihax?E|Nm&Me?|olNAeRm z1Rs4|rszs;UG+bIDEuw!uk``;b$wt43wSZ;EW1tAF419gWYElGb6i#YNJR)Tj_2&S zI_H(qk>oV0PbKueadAMoM?^0(RJbwp!|c-kRg)>A81iCa@Vc+b$Q{Z?6qQt7UJg^%|MUXT z27<{b&b$lhHQb&@&oR_J@A2eXUj3#V9EtEe0F{I(eC$n%tZeA>f)F$-!ZBs3FLaoP zIKfxpoL{jwvDV0j?G^Z7;YXoPQiw>bXqx5qZ?QX$6Qpns&vEsk{5nC?`>s1b0Tbog zS~`wO$MU!cC!ubX0_Q8%$Q0a^WWZ1+6BIqF@KG!ypDA%kAk#-w+w=dSdwv2pqZ+Zz z!|eJ)H-?Eqhc)uFqSFzzhp_jpNY5^s2J?bj=OY816>gx*k)WF)C}(HH|HFMa=P7U@ORk|e2}~_wB-GELEbI_7nAX_LH~Q)M z)|h=43*L+%6%iYa1guLT&Ts(4S$Ql=$_xdHFyUd7?ax!d7`BW41ftHUAiiPBRrq-9 z{qhR8$)>cvn^WF}lnjc?so~1X3i7E6K+L;dE>RI3vbLV)6z6oWkUaHiuQ8Yx;U4`m ze;$Af+o%*W^DzkL=6YBr1fUqCNSPmobq@`Tf*y1J#nZc_Y$R5d z$%`(%@1qmJ!M!^L6DW2!5v|Y|9&ZdwA(P0Ug5jwsUzxAe(ddF{G~C2MT^WmnV?qkm zQxLR%VTMDi3UFVXe>RL#%<#n3f@?V9mcs0~@gi)5Gd%71HRhHxq?5=ah%kpqGH~p~ z|K!X=MWgT|WTcJt-r1FdGBrA$ZInufC(G0-8iXZ1oyabMzUN9A=1(I>dIEY-UMr5t;~Xs}F0DC-ZiETI^*YjoyE>QRCl zYOo@d{>jI*YF4+ zo8sR)87-RImsXJfh+~rPBs~&!6N$rXRf?UC{)DBE#tk^!OK8M=Q(I3RiGlXNW)H@hs!ZWo`7Ossm? zjbCGo_PVEaP2P$&_Q}pWSVxm2DVh-s&GdG;Lu}Y`?n%O1YO*h2(Q{g(oWk6sx-x>> z1)p1Vp^GwJnb~48pwq!<=xN`?z_@nZvCQ9ccV1aiJw?Zo;gTejGP(tYwBI*$D3n%@ zyWTVVs(eu%;=+x z8K+y~$Ut>-v)b}-is4O|x8&Iar&-{WA&8@JUqyWi?~@XeVUwp$P{CCy9g(jgy0H{K zLmZ*blZiOv9U+(5&54hi2*2%Y@_qI&ve4W%EA;z@n%c>!SXt|!<~=T8$b_VxdEu$# zYxUQX8$X_p_t^2)pv)ZaeyX11C8)*mk}maIRFpGtv;JZ=WFr9oXSB_PRF78 zNuJF#$I`_=<@K9JBLP{*F~^jaVk5pm*~d4JXcRL;yXfNt=pu=0C_}s`)gE&x25$E| z4xQt9BqHJ_|2GIb}P3H5qj29)B}AO42RA!4PkgRTTZW)oE$! z987sd1SE+rQq1QDC3dhE3A|MlSPUn>M#YBg!7VaK<#YYgvN1$Jf)I)#Qe#*R=W%At$(Hj5QA6EndguNlxAWsu&dp79P7da>Bvb`URG$ErIhvP#H>-ijTSsmuWlaam*9k{y2#*zPolE6ht39ZoN)KcFXVN&$ zZBWP1#rJCdJKgD}Q@hfF@{K-sCVp?_CJH9`{HGchlFMbUvyWng4}Mr)#8qwR(UabS z)GoXE=b5^7nqfO%D_N`IO?}Go3xbwP%D(G`%a+t~v^ca<1{%dhRvJZdbm;H0b&J^w zR$Lm#Kk!xL{NGnmLZ^hW()x-J9ja}aj@(zQK1e&lA~6Z&S0gNELa`C*69V>yRo~IW zU#z-$TAU^JSmtr`ril0tAzgXo+5}vPEp$0jEdNLlt3GMf%(<cCl>pw$6#-3$2!s2@M@hgC&-HKdzHm9i%+UcN*S3Z83r9{wGN9FSo~)o4G*rEk zglZYaqf|-YnqhxJ)D+4G|AX^VFi@>=$5SGvB4|HxF&%0M!Eyh0cwG=`pkLfT6}rFr5grY$#4c|A=1u%5AbwOJ1mqgy zKoOL7PPC)ycSi+#x&9`9F32(V%}LPBuusd!cmh=1trgkrOFFXhldY4+$I#!#t5dQS^KdaSr zGx1$;bh?Br3F6yJ;i)9XWQJ(+LYl!cwQ7>|m%3CZqS%=)P-bU-4}ICVUuXEvVEuN7 zPKMG|u)>iIic)-Z0@m(4HnH40qb5Cwg)K*{m*-n%WcED1`>Y-ZcpmUR0hTL~64CatT3j09DS6#dYe+Flr( zQk{+w4>{{xTpozDRo$~Y)m~H|kf=Tj(fQmi*;?BZ0Q+qHh%E={uE2P9qFrpq1^YAy zC-7N#6M}y12cLTinv!Zh&3*EzU+C-tzYUzPQ}`t&&zxt!>BEEN_kY2X=|7GcmkSqe z*Aso-4?=nRD1A@H-o3YoRRm#loZ9MGOc1CZ@eixlQw%vesdD~?V9AMImS^9tF$o4x ztk!ecqgZj@BB4w!FH?5%yz?0biA(mQ)tJ>21Oo&f^W})J)!*a8!uh(;r(F~ybmlmV zHw%|GhZI?y!vmTxr^(jezFKY8mLOK3!Fbf0+kM=Rlm`RmPV}@VYlv4(o1%w57kI%q z^Z`1Wl91dJ4%H($v8Odl^5WO(>7E)K7?DQ(3bCT*{x>LGf*mkLrRLnUU3ywwQ(l&}BLUgDUjum1t|FarLC z8Q|me#~UP4T97*stRym^?_7O5$)69hw3VF+E@?OJdNy@@V9E+Yrz#2;!YKJRXOg&j zjx}>sA$YYE?)kt%Gw7=l%%?^y7w^)Y`}4T}*#wOM#^cj|$j)uc%u@rz(i+q?Ut&xY zL4zpSK!TW6BBmPJEo8<4X)sIWuE?c+}tj8aYRFVZJ$IxJ5rN_kNFiZzFR z4k@-`LwW0+aczT*z>3B@;$=&Ps?iXV=E3*DZ*abgUpkSAfg}9;4|=uX-q4uyHNsY|J)4TRdWyp(^#q|eg<^z<1q3>t1HHHWduxykv-xxKp;z4${fjf5H$qSEYJ zdZfj?jOT}gk>4Zmcra9+`u-@AXJTaAn00iBZVHb4G!YzLHtNS}2nq3KAaJaS z<{b@T&T?uh=KEt7ZX`x~(nb+N&{nyDzn>)C`m0O|@dV-I`)i^!d|3V8jr8h`4xBNh zq!KKvWU<25Os}z*^&`%@Z{?6boC(szeV+hn#Aiety?iG_r^;@HKE+wsc3vwpPetYZ z^{%b+Z`n^0cdxQ9ZZ{TU7$8A((;}z_D*DZjJW0=JVo* z#TdSGLlVX_XIFp2ujOk-1c>@4YAR2d8}o+CI7Rj%z9UB)Q!|`TEeeMMb#v+iO5cvg zH?o%WMQz{!{B8j6ceWK+b7c>tu5Ia1HM1TT5VmW#k$|x4{|upMKo~*O$DVBBY&py4 zv|bg4LcShZm^*FMcDWrk`x1qlbYv$ZW1^4thFgPq8-sGb?|c!Ex9Y(=sYXms$RttC zoznc->0eGW@J6mlJ>q`Vx|?3%8UH&Et}t_IJ#}$wq(&G9G8a)i3D>|e4SqSB2^(k$ z8|v0Dr4l_s?0_NV$0Xj8J^1lW7cy``b)%odfZ5lyaA|-%&Jw~4`?E4gBCNCf1}npp zDoaEp3W0n1Fk+Kn2KvsMp~pZil%Hy=bKt!X!PRm=%{eX_dRQ6&V)|x}%kw;k1(~GL zC6qGTC}^KV)9Nik>}m#fO)eW?;`54-`Utc&knG#Fd%%9Z`x5<{*KA!oe`IXX5AoIh zhHIcp^$_2H^MUVv{@@EV#WQW^vW06AiTvhT@ruI5Uo8xmf5Ctg?r>`F{Pdu590#9G z6z_8sw~7d3t>M@2{-8WA}i#Qq$^>*uvSk}o#2S z-PvdnR>Syo;f>^f3M_MRbOI!oxJz2QoqWVrD9G!EsUD3G!FG-ZTE&^?iLqe#EDtEC$l zr<)*#6cAQz7b=wGZ3SQ=wBC4WGNb%7fw6IfRTL z#I)pl6%wvL$Jf-Vbt~o*MI0hmXIMBx!@aB;rn_gt_Je58P!s%)i>entxrGm%v-gI) z3^D~q*j6sC=P4l)Zz#QfN&fXw(Y#Y{mK+=jJn*b9lZq4DoXnwAmD$)+7PQD3TU@*p|2^T*nuJTNs|+4AK4Yz5ZM%n z^y9KIdojUHX1-s!l1{6ZmJt=u3sHlP8CJC0`{psU1hNtgNyXneZc?#wM>QU>G@i1c z(TjEdO>->!+^p&=q0kTG7ru1-UR)N*>NgXq1ts<%AJ;5UlFfRxqn za%bOH=!JuX_-6imQ~ymVo)x0>nI|^a1iDs(;HKS8((CbyrpY$SHxS32{>Be+O*Oak zO*S9zYLdAkLeRP7SktzdP6B&{7ZOCB5S|=WjDA!N*07z~r4FGq##DMzve)#crdcE; zf9!Dx?U3&Ug6*{ty+BgAWpX1$N$bqU+zXDhU1^Yy%_DLyy{gYN75|dH`g``UNAUOi zpc-=aZRxXAv{FU%pFLt@+rCe*W|@_iUK9DwdX9+laIx*S@ly9Hln)ur+80ne^0cCv z1TW>k&WT+_V&8s-oVyru%3N5-qILq_$!Vv(_l_R5nSf~6wt>wdkL!hNds zc0vh+G>&vTLm8GxRzn$eS(vAU85s-0p_)3;Op()Y+_~&^5IM2nE%HS@4 zwgI&zqH*jafA(SOBe>~p9`}uLhhWIrymNSGgZmb*m3#y`R=L*xg%d~43DwEZ%QA`6 zFJ^N-kl4uVldek^4ffenZZ($l3G}D^mrD^sNah#XHb^-=BK<9Q0X{C?YSd~dP_>1i zUEN_tX`xZI#_!{=?(9(~o? zT=JFTeox)$Z08N;@9*WBTq8beY6y*fdT1Vi1Lch=eI8(a(uf`pTXszSZ15F9pQm;` zcOggO8Q1i`AP0X<|9z0Fme5hnq<@_?iW%Z8HIeCmQ2+Cdb|i&|f{9@)zYZc>hYTj= zGqx2pv7^wvX(TSWv`-L(k0c1TvDG}o0`&e8&7jOV;u!0Vw8W?rR^;Oq0xO!b`KZ2v zp#L%FO-40*6@-|pw=Qlgc3 zAbwjs_R~SEde;>C)mIdxVyxhyC>dX8abq5>G4FoW&mBxtBX_Ehe5~Bdvjci3l%<9- z6m9QVcl|^45cPW&Wj{=P;cW)f-})&gkBUpm`qc)mwS@O;G%sS(cNR2Pb-$e^fah=| zSQIG(zq7YCO7&wo_`|`>QrQia@(m@gxag0g!(@JUpI#-a@@d69uiM#FW!211!@tKF z5;ct^B598Wj~C7gg>Ouu-6ftQCLWbuXNaC-EUa2GtQsIgnJ56Cr^EbzgCaU1uq+{^ zJrPSn1nmgIrme5hV?goqdCC|+OT||bI^ZMnu5SMIY|RkgYz&N@&k}h@TGn30Fv~^! zdNlsziLMlSSX6o7zT@~@z2^;nLnV$jnQsbW6)MNyBoXrv81uB#c-=3=ss_gy1by&h zm$_2+*{^0eXs*Tlzkz1Nsy91am8UV9Z8K^o|K(3CQ)iHEV<^%C{@9*SLni(&Vb-y(MjblIWbRMCA#AIF{ z71RC~@PZz9yl{RDC88-QQtZmkX^Vhw2Nv+X|N9&qd~?mn_nEdCkV%J?r)TgvNc#K( zwkA?d)u0>oV~X+X>D$W~f&v^O8>`EP{kmCvGjt<%z>(`)nv>J#nc0paS$R(~w)p+e zT!PUQ9IW|T$q*R$ah~*tm2k@he$)(5`W${U)M00X7v|vf5ioKe1lQoXjm-T4gFp zqJ-!uQlVre;PJ_3&qTFFz~=Vo9uCw2z{LlGq>o0SS(1)`Q(YdB6~{QOt6Z9-(Nj?M~FsGPL4!0d}$e8{`Uu}t+QkB z0aR5)N3Kn6Grivk1+g3k95!DTfT9o2R3HGoN~*!vU=X?*Kw2~I z8hkU`ggO99sZ-;}ntrys_k-#Dobc8!d+??e;h^LH$Ctm4)D-#~b~D~_FD$tZVK?E< z<#+n-^=51=mUOqWYT-fcRpH%PsMkmsB5v(YQgw0FUhV#v{j{~gz*y!RaE@>>Yv5qB zgyp|~+iqY`&DyW9j$P5y&m&5pJIqwIS9Lw}EpZcQ)g9|5G0iYJ3M0wWZQjw=tQS(h z0FV|P#Rdjmu#MCBrPeWmzUWUP;Y)q^7R4CEVztaYS(rCpU5IAV3i9q-R$uQ!*{P6@ zO;;3blE(x)>l$F)-^JGd{UN$-eYkuWLm@GOs)(LXobB0)3kRNj%-;LAcY(=uIzX;X zMn1cilyA0jz}K=&xl53zdTA0b)?g=)1SHT;%e$2&_o2Y@=2Lv_h~CZXK8t=Ao2xwX zM^DBrlC?vL71`9g1K+>!!nEUeE@-_mN_;(Tb6qu(P!I{8tUzA)qLCP}>blfzZ7~{h zpyVUoq{SIIQFnNPv+&s_|9zvtU*-A{F^%Rw(g(pyp*3dhclP(qr{l$rm={8jSb{=eh!~WG+poYv8vi5|{vThz z5&rd`KKlRh^%1#KjXYk$P57a3!|xZMc*qebuR27I*gA5#sE_lMl!A@Jl zje%d0Gl7@$uP}w%aU2ee^xI?Id@D(_FSFqXxcMsSGSAh59_M#xTWQ+&b==HSq zIIGF=hqKD~Kqny`|Ng1>@+q|su(!Qf$3S-G*|73~^?6$$An{UfjzFuw@cJ$p(Z6(J zl%PQ!oN0cRZn1C;@Q1@!<1o#gr+PE3in?(JbH+o3G4Ye(u7r5N;CEr4uKWq_?(iO(u6c`?409>%jW*Y5@% zXOnC!cDGi5N!o!q+QSReTif#VJPFXwS!*9MBjL9ceER}*o1%$`CNL;TjlBgkbvDNx zO-|Dg^mA`jz^v{ZY;gqkZLnPSLK~kfPei@I2)@Tq-Vd)o{!OlY2My~Hy%u%5sVxs= z*Cz)B3#&S%;9-zbi#MozH$t*f{!W}ZbAHS~YFOFYN2Ld?@4W3s%jnxVc*~d ztWpEi|MdbTKqXjy7g6pvS)HYAIZQCnk3{b41$^B%&XrwS{%%m4Gzp2RbhQ62`!c2#i}r@w#ZM`c?Eh2UK_YJ zpPvXZbRt)S%;7gZUADOzpn3)o^<(dp8?ym7vc33lw>Vy6a$cMzISE=bZ}AkCuGx*! zYa_F+x|sN~3Q|T6%$L%C;vDD>uP$gIeDp8(uW$y@+lV9lC$5Gd@!+#Xf7gs}%YU9% zcC;zn=RVzi%bk`EJ^o74{LK-X|G0nWez#>aNY{%eG`CV|fA}!qa?VqgqvWROW(ADf z@}SBT*`8S+AL4uSjI~tBO?~+F%h?je&kVVD$#3JHGMA{OoK$C9*2D)UXFrZD+AH6; z`MxN^04yTQNxEjO-z*9HI-t$;THV4+24Di>?r?%dg9 z2{Ez5A!e^aV3md|q2P{tNJAT!qH!dIpje1n=Ih(v{Z8$ZDB-qU+Tss3`sC8IpMc%{ zq;63Lm1xbgKIu*AVclDeawhQVhIuU9hR_8NF77yldY!m`>k(`8sV`;3G1MhOh z$$os7k!$s`RYobNAItCThj^z3FQJuRlsH>4E^$6m!S>f%j#MAcRR10UWX9@0eR~`q zJou3T+abxZw05%plFJ%FC?csE2WK&sZ{}HQ`LW4L)|&q&LdTq|oFbrkFC~5{3&?vf zk#&Iv=+U7WtA)G$`>6~HoG^@dCRmPl)|~Ww$#yfi#Wz-ex6U6A{q;V*WdA;w2xbNL zWMtpk&y*?Gir&qU0B-?v7$vIO%O3I`D#p=Yf5di>6iPv?^9xSn4=Z2c{x+Yf**H41 zMq*IJQyO$$Vrs1%LmSa;WSy)n6gC0w{hI5E1ty8f371yMWHE`!FG+EyUb*06anUL^ zTLkb5v3Ib%M=Y3{NQ#}?vGVN0=CF!?v)Oiy3`)q8Q5;{d{%)MS!~5INUXeyB{%|kd zD5}fijoG|ZCqCi*>ec7$3tCvzFSiF-sg(-v_Cmc5!-i3c-bvUOJta|;r{rQPtuflY zs_3QbJ^+jU3l7{-x$lp;|ATnJChxOAx6p&c!ElycQ43x0JMk=Y$c7D_Yqe*9XGrzv zx6z|1Ww8tMuIJ&mRbUqDazH>`>FipD>YK5TRmTZvA)ilTQOjLUi#%Hq^u3G8{FLj! z-3YPr#;SrP)Ph^t_Rne%1oq>yz7+vQViJJAR1-iQZu-j!A8}{hKjyl-_})5XzD!Ds zBeeBJM6ff>wBt5Z`+$`uj<@9XjD6u+(DH5Bl=#i`2tIo6?397&LMSv*sp_ct{9{N( ze9&3$dP&_OSa;kW(Ia>bRYG3SkA5^RwF-kCUf{e=4gQ-d;)nEu`KOpjd<(dC3gJOm z-;+ROjy$mNfac?BsUhmdL_(6T|M+}f3KEV8S9rCJ8mfk|@ABLCj0p2NkyL4Xvrg4> z@-@lNPjAO{t}$F$_E!WJcU3`gNb!I_zt!$=Tt%4OF+XU>mAo_tt?rLSG3gyL^?TE?^ zl0MOdgA$G|<7b{SU#`0mRVsy3c|`rD1{+i@aC=3ESCc>162C;+F7EPxbi3?OJ(WQr5siUfCd8 z=O->F%(MO09r7nF)_&;b^7Ifv|4xhlgsSF$?tzxSL#{TQPpJ6II!zcwe+-*~>BQ5g z#Di}}{1-lg*^cQsN|blgLh@96kAaFeAYODS1gVPu(@n+=VFl8Ci2lRv$U{cf&D>^z zGT$^qaBs;Ln)sFEH7MmKioT5#yWZL>{Y?rPz1tozz4rjgbx@M1KP>l!!49!i{bd*z z9DBWUYok7-zkI%lWH+rfhLaJc2Agl$5s!1#T;v_WNOcR}4lHFfk5l z1?SxlA)x8!6I$b+g;PG8BD=8aG3LUIM5Y=9t&Tgs9Y)m!^X$7lTTjZ^aIxd}s#cF` z(NqN_Fe5Y<;KdR_r%FDg%cRUHqN}SO{uXZkWWl(p6yClNS?9y19%>2VHoosWh9VVv zj$a>#6zngaq$YD1#wLFZh_yXRtI}>E{6C1Fns$v3``eIV?!kT=JlUTwfR$Dan3iqx z31#nxZM`nxC!WtV16Gfh4_l67UGpC94Ks1U-}8)0-GVDeylM>)WQwUuTEfhJM5JxzI#y!(y^^#JxFOd-3ETz#cmRHjB<=T$@SmiG~`7UWOR z!V1sA+ zR1aNrdnKAv#q@TCbr~x4wZ#Xl(F=;um9tRIiJaGvp|8{8?LEh^j^&-~bF>u9BBB0;qErgFKC+~J zfaRxIOG4NXutVULmeb?@ocTv4wReV#*OPOHEg*%+2g9Jnf(uNllxr9Rv1{w+j{+m_r#;MaO4Z*bOKmK*jW@~ILH#PXh+t8f z7cK%?A@TsWY)rJXu+oVP-<*aG#K&dM;Y!2KcMMtb3%g1)##j1OV)J2a<{K%dL4WsX zEh%9h)Mlh!t(EtL-^@CYBoOVAt*Eb$&vL9iA+`w2<`Bge>uirbv75b*EvK1>R%&18 zMAGNb(k?lB{j!yy=fGNRUCp0{=+kLCP7qh5s8f?`y|_W=z_tFD-yp&NYyw7`$Jg+y ztz`wZqmWp|vp1ycL5M?jteeY&e4nM0dak@@vKe8{vV=<~s;3Cm7?{(K!r=*JHPfHg z``uO>gKNGPcMZ4#rGLLSE6qS2#mxzF07wOr zrMXV9J@3IG7d>>1LG;CN{Q)L`#lb>Ro%jlX7Q{hmWCUDuwvCg9bSrV~QY$yPcvmu_ zG-mLrzbI%D);-3N&YpZR9rU@$L}yh6tHd)~8?bKsK&*2aS0y)T@w-Y-QO8@z;X%;8 zd)*@Tzq#(-AzFR@JQUSO&>wD)`924FJQ%YLr$$GD4wHg0n7haaln&?utw zLw7O{18gs%>^X3MFbrnyo&fPlOF-+h8w9?X$kwZF&ao!H)BcSFp9SMdH3Ptc39G32 zj;Ajqg~tC1`=ZaEro`AcW|~C6hN1yG-nyUuG*@!o4BDQi1e2)a=`QshV_zbWa`JzX zOaI*0jx}_-6i0%K41tt+L)h2(v$&Yw>XOB?RgmauyUhAVhkh*g8*;>l{{9rA$c2qe zKsVYsi#=b%F_LF%MGC2^#L@5@izO1M?Bc_9 z`9r@%%7Ut2zotRYGsLPVhBj}4;7QDE?ExTNiw#HnTH9lvt{EcdQFM?44U4QHul46wha_F zMq=yD-1+CK06u&mE6C$Esneci8@U$3li*V)ys<|x1iu}nRYd)^ zZaH%2B5njgPqD3WS-22>_u{`{e`iOv$Ea3YuD!y&)~$|h*z5qNhP6Nt4i zvRY73SmO#Dnu)tS#BYG=693ty5Xp&125k&R|pJ?vx#fO#b#+o-omH`HIhrqCfMgy2g>LA5xePlH6v`p4#VaZ zqVm4#8sX$z(^)`6D^BF#2-JRgJfl&qx(=_?~<73qy1KSs9h z_seZxiIn&FUw+Plz$e>*N<8Xog{Y4(2QRA0id20-i{tW=8sjbeM_&MIu#x>=6vSnF zSXQCrfK~OZq8j(iI?XuI?)BMaL40WnLN1St(DhcXyvV11$)>J2piIU735Wh?0F;yl z{JyvYO-8CQ8#Dx*CGmlKmd=-}qi0!{O-$uPKd~_O)JIfaHv6TQ0u_m0>9?wEF<(IE zZA=ciM;~4)~%x6x*IkKvByH ztJb6dXjyDVVOj_w?U~0>9Znk=5cjoBOJ<~c-WcOeUDU&}M|-JjnTvvTpn7_knXO~& zpII~JP%_1=zeWUD!W;>9_}NSTe=P0lY9Z%u3H#5@R}xiiV~MzYgJvIGPya$mo$~ZYjIQTvfc~0?^?&N3P}?Guq|bx ziMAbmoy`B)-`$`b7{ETlP!(rrC(zCO8Rch8z(w@0_~j3e#Zx^do-E za3S}pIgTXr6NrYCVwm6Xqq5_E2m-mZC&ZchZcG03+LW;!{SK{)$km0wWew{?XbobO zoMY%!895x*=W6V&3fbXH<*AvG!WA#rrMTAcV$BJEii9}$N=(z)~00#rRlE!ZBD1ylIz?3UndX#Ttx%x(` z&_8_l+D^?{gk~4?0!d$Jp&BOLX=Yz*y>p*TV_8Q`gFRU7b5QAchq5(L1m7NS$M6g* z04qXoRQ)9rK_9_ZT>mqqzY&Y93qD>al;tIYo*QfL85ln*T%d&eie-EBGfz8W#1LJN z28>6P^oW&eGg9`W@ z%wg9?^s(Kb|MgX`6(f#k3*nX^{!OPW1HuY{y6XnTZo?BA$BmlHim4Y8lNI09k~l%N zrl17Q;v4e)$K9dC*Jm*SsS3K8U7XY_nS_O~p$?5o5SMf1G+bwfusObdBm^pnH7o8d zL7?>Icpc7miI%hAyF%#tEb9frFdU6F8^Xm=o4;Jkj+?v?*cW(EF%vPcP5<`mKDVn9 zBf5Gz0ShdR_WiA`YwgN3C2zvl@qkF;T>v)u^5xve|A(#fj;H#6|NpT!MfOfs$fh_} zLNX)c*s{0m?Fgw5*?Wd;j=f3t-ceTe-emutr_XnM-rwKn5A|Q&ob!CWp4W9f?vKX> zA=y%8Z>aiGH1Rz{9!qr zkXZJ1U`t~TByw&5{@#Di0VzBpxk=|+H8~NywXe6nd*1VXj*4^+o_)HbR5nGQrCF>a zJ_M27>s4zYbr4Q3F7GJB?-vE~#L+W~OhV@C=HqkJpEDotQio`QFHHKUfV4&#_!mTxkpA?JL^w%e9w`<6~230hO8`2hI5qI(W8} z{39`5CoZ>cZi&IQYPj{x>PQ z^5f2=mq-yt$2geO`Wh!3%QQd>qX43lY>SXTW%&ulV*JaHa`*$|-Bv0(^$w=cE|THz zg$isfQ65^p*IR}|I`-Am=9CPvdy;o-q()TgL5F=L@=~C@nyL5LAbZ=V zWtkZR6Ghxe<3JJ3%i}W&ADD_99hNs{Rf4*K<~R5jQ;R;cS28)U@BDa_--ql@rSD$g zE9UQkmg%ScnN0PDH0Y6PoYuRM1Tl)tH&GotCAJ=7zA_qgO&nHi&4YD5l+Gk`2pu-2 z&**21I6+}67Sl!GR87y^dL~5{QRW#NlIk@2X;OgfVw3`-wu&whp>Xl=`eYu}K|%kw zuQezLY^*ECOyl{0`cNa8(t?D3!mV9yt}K~fnQeM(Pk7eMH0Q5A$bn7tc{{5St{iN- zJ9(My8xU|aA;q%rzXclq|9!~RNIQi)Yx$O%J2zK~DAp-b=1xl7!|P?^hTk@}_bRT} z_qDZl;X%4z{{ZD##DCY`prerJM%Xh_yl!Gkdra(b-|?LsQR`t$9+X)cb7~5xQBS<7 z4hm3x9vJ^_1{pTyOD)45jV`UIXX33`wGd3VAI2e-pif!d_jE-I_*;{0_L8iDPTH>? zH01nc3yaHXolGHEvDcDZk%V8OEYWHqk9TdD15BEoBbHM2jNb1lof@gGonTx5(vR4H;XC;d*@8T$_6vHXIk+Dej@cpI`8ez(pRy= zLCg_{;&&r4u=BBK!7k4y9qs)|i41Xv0xXd`y&R?ebCyOa;@NtqCy9d@6G+E|*q8OJ z-Gv`+qz_Wrx)Eu~ymup?o9M**Z3<^ZY@y9a&G;M*j3MFowmI!gGU_eL^bk4lHMNhC zwd+NJzkiAFm)dG~&k}J9vXdI#w26)t9d`!}?Fg^XU3N=!3Y=+?$dPf@N({8P`{}su zxQ@OkEEZpM{sqKziN@7{%Cd)#BFFb$B~p$mCv&F8<-fxo;M@x6mAd_AC=s*ko#EOv zHPfe&>hr6hNy2=Cy-TI+yQGCYQbX|>jblROV%lzWZktx5G` z@~o*b#xx6z(DZ%yEQ{pFt^}9v&2l zj*KJE-%B&%NXhI#Ql`m&W%6RzPH5_y4Uc`LRk^Q&X56^x5g+g(>ROUK?EalBf=Di_K ztxAr3H(0C;U0KJ+1=fd8=b~MZ(u*XXxW=56TjYq7&i`v^H5%zk+fkoTT5u~vlPw3M z;Lq6dH`LrhJTF_Ee7@u(d943Ke+8n${F|@iDvfT$tYQVHN?5-4E34y}&N|;_Z!D0k z=7o?Ec9K~4SpPYl_Felzy2{y%-92h>#_1tIdm4T@y5nCs-#PM2g{<_)gxZATg~a@0 z*5X=Qnacaf2i)#&70CCG2OM-@zr&er3E|@r-xoSnttJt}>Zzl^;{7??EKJoUUzC@S z52}M_dNRQ(-d8wv2ncbF@*n;QNRJNyekCsGRZ*}}Fz^Ex$e+JlP?8vYG6IdA7Q-=m zX}*BoZ;dWTBG#qdg{CfWG+2S_aX1%l-@98&ysA1q(ROgHyg>QG?sfm>`kH<*;N{>WGrvkFid?lkb#$(+NQh8&geM##iW+vk1!x`nuZ~-#C+gl$uA$S> z-d3B9sRtCjW0bcqE#M4E@o=c$DUk{QV~Y{2LHR;XdWOQG0lMiS9&j^N33>eEB0~yvP&3^b8BQ~2EIPxpO@pyUqs7JP2A%4S;S*CTLq*a z6%{Xnf(rbTpe|9d;CzR7=bHuEN8^w?y&D=V+KQNujkhxs-DMr>J@+~xCEM_bCFXa> zuNCQ4sNKB7j;IXx-_bY5t)M-h?4L7 zredMU*;G3d(M&2a6Ll%)mO76gZ{tL4O8lZNKokZ;5gb$hHq}AS)lVw?W#-h?QI@be z=RhzpW5`pN`M=II4yK@azssHYDRLWhHT8s(1i?Lh4k~LjLeUdS3!d+}|!>F9pHe300S$TP1Qd3l8bDE5ykdBrq zUNs{XS%+%i{G-lqham7D6mKv#W|aAv(T0l@SkV$12Nf~$#x1^h(#mP`YQO)X&DZgl zgo^}}BL-kTyB4YHx;$+|2LuES&Qp5xe;tU`8%nce8jN4cg#&ITn;^H(~~lx;5$SDY438FFVqQ#=!`Ty!^yuqnR9;8lV`YRBF1qd zm(%T9z|QkL(zTD?Ua_V5H>=5u`ho}ihv$=%Vc502$$EhBL?SbJr)9{n&N=at5R;WZuUOvL@yW~%e0izW_?y%!m{hZyC^LMGW_%3-3se&s*WtHf*)Me=hW`)v~JRrBNiq*6r$bi_0vx z-=w;XmfxoO=*&d@xHHGsiLzJY_dW4ZO>x%T7s?|7ill%jx(r?jZyZv`-h>yOrTG|E z$!hxEwII7&xky9@Q_#r7kZ74tsdS>B>J|Y~OGVQvQjVUHo>fYu};o~$N7VU0e*_^sR}CYRaY7My9pbJf1*@Vuqz;_!`zQ$BP2b7zhWGqK`4anCxLLkje6 zoqg3R^9iCo6+902BC6H(M`|~2{{02_6L)X3%tlkpbfl9WdF=0P*pN#^?&dG(%&TJ{ z;=Wo=Cc9~ih@ImUo8@m^fzxw2nxB_8qwbb51-gW&2+y0N^mIFMkbM3$cfb1i`Eqi$wkjNPX(T%BI->Cy`v=tI(mh+TU=HNOTW_6(8tq zdR|Ek>erw)a`^%OYTlTNgqXK3jo+U|*YwwxN60d1REAtXW~+Itq#-wuNZiA+j|u}1 z%o4!NZM~>9Lvj)@S0{tPUk{Q;GPL>cY>`GO3GBJ86_#&))?nkwMU6%o@)EN+@SwK) zy#lVl#`$ZZS;qlV6Kl~)LY3k;YDnc|!Q_|@;&74`t~Wdk_#<9(Jv6zq*V_xK`U%d-eTa%nip4dgn;oN=IiS*iEDMQxudlBcAQUG zxf4J7p8#>rm4oVBDHj!N)Nmio^E5xG-fu`}$1%MH0C2)q^PtGq^2wR`i`ne7zeuej zD@HDLcapUo|FmOq@)0>?YIoYCV1srgRRlN2V#bZZwtRE?axZkCck$5I&o&)4;k<8> zPCvi8XYDPc-NyeXKJ$MG3XTbuponwb-)^Uxa#$V!zyhz+3r(s)`Qu5s`6zHFr;;+nfN zXLpq91lK^KWkO#iR@hbKd)x4AC?J~oa`2+8XN@XY7z3aTV>0}o>Z>0Q{6m!^*QPE}r-Hh=B+G+`)_QqGrt z*Y;{RI$PINlZRH+X2pg9v1y2>UIjg66=a12OocaUvY*0n74Ml|1MIV(Bu7bh4m5$( z70Muh&g#Y+jEz-T2)s_~!K>yliUg3S-azfBBAcG4kISwF;cfTn?g&6gqD_!2i6qrtMZS)qGlYE=ux4X*}kcpmj}WQ_nI>oq~Wt z@nH$4RV5G2*56RjS(z`>j>@ z8i0End;|}XS2(ZlZ<6$GfA3Ya@uV?u=fp0~AjdY%K%eJ6JOMoH(J}q)0X?ND*P+Zw z$hr(NN#Na!f%$OEz(=(UZ!3{kzcft?m^}&8&zMr%w zWYHxj5GUvrkn_nyiyc%Rp*-20IgqcM2T&+S)A*5I1Gmkp;@&rN#ex@!Lq04j)(*dR zD?a2*!q8SPQjwJeF#Z4A+xq`=fMFsq$Me#>tm&YB{{dF7I3^T39?sWGP3zr7Sq4Ll zAtFgSPD&Fo0Y!lrTb1C1FR7lWczIT28L;<-MTi%t&(psA{%$25K!y<{&M}ARjAw=k zkL$b(cKIcYV)op0cF@k(|D(zJYw%Kb(llfFT=jOQP8bb_3DPY~fCA&`Hu8Y{ zi84KIm@XJP@spV1M7#kg%HQh5u4+PaBbeLA*e}6RKY15~p@obgN1q#{r5-YV*g|9c zYHU25xY+SbdSS3adDtU4^{LdV9{;bc-VMu5Qv{%mHDtyT+t@Y4pyp!QS zPVv2d92q#Nl|?O^iTc<0w>P4h`{We1t= z@(@Gp8k3DY#~BW53eRtSb1X)J0AU3;Fq^2~K(dfsv9}ilh?KQ(2OpEur)WNU)GuZ) z2@st>H7l3j0GZ|>Xg141&|aOae_mCq=2x?yMhgI(ZXkQ*KLRB2z9M0jq-Xj0aD z*Eu~|q{EB;nIX;i6X<%H>m=+v^WGf~Kybw&g+QrP@j(*Yu>4lAs4sD9Z%oD0;yf8E zzx=K1U5d9e#TdNionsy$pj|-HMbq#O4?#^-x;D<}w8kOyh^cac#O*zxa=PJtKc^;z z^LPP@yzBJhyuR>}!maz*?Wvb`*EM{tc`N_j?PswvjXCD}wq`Ctt=t&<4 zrbX;{4LsdHS0*N&ql#6_c8|ufZY+Fpu`1k>C{223E*yvIRn&L9%qmg09rdDC+~lDR z3ps@;E%y*MvC>R&DRY1N67%_J?iatnB7nvE_oNxE_=N9Wqr*t73PT^&TRu~t!P%Nm z!F|AQ|8T2Na8G?|9(f)A2cJ$<#U`fd2WDHhh+r9s{Q#m$u5ziM#9K@%gB@aWkAtMP z66LKUxPDZbASik2k#jwMDYDX0Bm_Ur|3NsaBhm9N=gVR%p4l;wlbMnUDdh|mNhbZe z`?u9@z5iqPy7NwF{5K=NCF=R-PZuDAlirpB-|-ddSSx72b>6uAprV{o3Jk4UTr}*W z<64UjaU<$WObdPUAh0S0DoSO^0I9b{hWh8xE?Wb_${Cdrw73Svu(m=$O;{b@1$P=s zoW*as0xb!t$s0KdOavrf*((3x?_G{+J&`8+;d`7a#rd$sfZ$HkWXB^_2`20l!nof!xXrEx*!AL8c zz?QeN*%inPZ)M9t}tdAu+zpV%hX56?#r0ZfZxf_1dluD%F=W0}}(A46w zBy*5pV?$W1Befs>oKw@u-7KSz%=s!D);BL)p?Wrz>OBeKG@ zN!q>4F^kew)0V@BYlk(Lx$Zp&2D34lPj2mRG*_KU47PT)yY7Yi*mE}QV7@YmZF(tu zNjCdYXf9dMvE)$9&X;>SmtYwdwfC{vOxKh9JcjRw{k+;cgkhe0SNzS=uU@syg(m$5 z;Z==Z4kFLkr46CU^6+z)qq>wnPs{ta%4=*VhmT^f`#f#W9`5Wo=er*@e`3EJOROH; z`r(vv@xrC7iMRAhCgirL!_lKE7oy@=5e^1RxPq3E8ZTPczg^NXU@UlxO!|eapZa;TZaBfO zsf)$Wu2a4dx!0eP(&_Xb*UL?+P291nSrf-Z#1)APe|p|l7|q=%;k)KU2Ma`lUGDv$ zGfjONP;`6VgJyNZMhBxb)u4mPY0<$7i+CPKPEhO?S2}x=r>U&BbdD2rdv)@seP)sp zpwkjR62K}5+NC96ff4mBe_kzf{zeG)+;&j909&zP-}D@4XrF|omi5C)B2RL-ec5*^ z$CNjIm_!U*!i^@IMjet-wAgi*8cu?X%XKGniQ~#F+xQh~52L_+A<1ZyTdnZ-rNH53 zBmELH&cJJ9JGEoX4s0;qDHu7k1MdXpf0pR>@JU`r=Ph(DYpA}d;0N4<0rfDA!s2Qj zAUE6djGz5ZXllNV9(V)wcqxAe}jdf8ZX!K6{>_La>d_qXVIeeN8;@Czmdy6mO{7Yp1RbccuDJSL%Qnf1 zy7%NIyPsq+g^TfwY5#Q7xm0S{?CUk9-x;Ybo&R{D^FzmbOv+CHjRE>z_{MzOfzvW2 z!><`sSumP4@e&m)6*@8J)mMveAEISm!ON9Fea31=H!lujD2$PucPwU8EwtTRZPFt; zX7_bt3G&#HjrZGLIs<7O^u4laOMhpS@$vd8_AM)`C82dXW)H}P9K$s<3%>mn6T-=! zZSzw{L6B+WQsstwm?{ZIo{Xj6xQq|K4V^qLZ>dLt{dKGRUv>Fc(%APu;CsrQKh3fI zC0h9fvad+nOYKzH%>+2|*_ad-ZA{vEzXi)yIv$7p6KoUZ^c|BOE(LjtE|_pFuYeJI z#N`Dj0~4ku1nIV8%u%}wvWtUyRwq_Ku8xVroNe6kg1*)izf@1l7(miA%|L_kzp+3c zuznb$z%XMB)Q;8=T>jImElx}Oa~sad?Ot=Ht-1y~g!a&yJ<-^_+4Ac-O-W5&HQseW zR#hB$lsG`BKH*j*McAFyNW}zbvHmaI-xn%<%V17lk9qMkFx`h@YXCPUo`9sCEdC57=(_(XMjAx)T_-fo^>XHVca48YN7vUVoboo1@E{#< zeCX(mZ~_ssA?ii$WfPRG)n}zhUjo2LT6!1xXtMn_Z4U#yv0J6*g_|~%U?EW<&a+@5 z>`4Hb^5>VAdXm&z+DdvBg2YcfPxC`gqf!)LAc47_M)~t9FGLtoKZ?1$r}_rmK)CV@bQ`;Pt{0PZZYh*sfoa`|hE{3PyR5 zUO8b(^ME8@&48`SFdjbeF`lQVG>Df0)^1ItCq#2*2N@)?W61DTJTs!OG_hwhV>_yO zJL#bc(Q4TJnfz7-qRp8wmYI&dXVXYn*#bV2KabVjd-&;M-ZZeN^IJfEtAl53^H{A) z-jE-;Unqw4hRx?q_0|&*7U%0Ft4yMfoU#|B8zkIZ_Sw<$^-N@Z0QwB6WWqPt$N>9mjHO z`{`|F%&pJh0x(lkX%Os@+ww-v2gbnUR|FA?^8i_m-~3FNt>|n3aDvNfqJ??FNhzRU z>msNsDC5&WE~95-7hd0tZfEA?l(jOnj_~mU{Ik4c+MBSS;X7ekVkDGD^86^K6C;|H ze6qi3kq(Bn9*OE$)9s@k6+b?2`&hecFC^au2FU+{)E8h@l{gu*aUSK?kfQ{Rte;G| zi+*614CPEV?$=(H3TJ%B*sqj)@I5>*GeSCl|G5M_}t4o*H?llZ}dZ^);cM0!&K}hBwRq=lr z{Sw4h88Q6+^HUViUL`$Yz?cK?_EvnEo-`|}8tr33m7lD{(CFmEbX;Q|^M_8fr%va5%Y(mN zh=KmXn6;JHKfJxp)uy_18cmYK!#GM<_@QM|$4qIYx}(Sl#|ibiWCJ1IRN zjXW{DJu&RLKaUJ3os_9fTKz&WD~v?!EtHBP_H%I`jLMz2GHpr5G#AYI(VIbYZgsPz z=11I_uN5xWyTWKMf~zr5PVibkVkLMBWqkFudYxjl!?9ne5BvMR%94}XHm0ctliizDSz@~qGgL6V!Uf1vytLDb5otWl z_6C6lT&~C6f(T4N9ZDx)v%=JWiD;QHFR=?{byfn&W*O&cr&%lM4>NpQ{CW^Px}qOm z6;|;Vf4egPt@N;H0(J&qa=Z%r8HP7Kpjb)rbog-LP6vdALh~rd+!E{m=J5op*9fJf`F+N}!MV^-%RN2@UX-TQ##63!V%q`}5!Do8j%` z#T69)!4VSgqX3KPQZ!p}v^P6Aq+CF)-c}C_NgdSfI<=S7d=gR53&ofIJHNxS37aqr z7+-Z_FGUHSJ|Pig6I!G7C;G3d*lFiC>5>=TeK`K>5i}f=fFh({1&zSq!RZR@chWXp zd-ovPMANsh=RA2M73ke4qsZk@c_5@fIPhUB29IO7`<_VoTRo^D{9acL8WG7k278Tn z_9X*BjQnf^3XClD2B{702{QbRXrYgs&4Z#JyvxZ+OrpP9z>@ohUq63{tLASC4;K3O#m8+rE(BoZg0*ZC={3B2s1~!- zCl;659BoZ1-f-hhEMnC6Plc&0c&vRu&{%IPZcL1XB!?9@-E<|7!J8Hg3Oh8HSrZhF zeWI%@0tdksb_P|^N(B_eOg>`0+86^Co`bI1%E?30YGJx1NEw2r>$f%+9>C;U3b%O% zELkTX#V!kxI0tEbO8jo)l1klE4yfIVfO}3}ZeHne<#CYNjEd1_^{SuxH6{#??!`t- zC`Ym^2E1U*RdHd2#fIy1T7|ONa)G#Tu3X`g-%Sfqp5dSgk=0eML^^rtV9Q8S#puyw zp)IqLS-I>~slDH0eb=#X$E|^>Lxuzsqr??zUMCVm%6(#)?9qcECszYVAIM#zJgGp= zU_qf{&f!`=jnY^iOrF){VE^^ZkX$eX7L5oECgSV~dh~NvE?i$mZC|gI|Lc>+%nyo_ zNm0P_N?#Q&!c)Z1w=7Jj5_RDHfhtn?YDr?~_BakXxm_#YmS}#FUA(6uryF}D(BeJk zsVgWto^BVisn_^tQx96|Fb#|so_Cx{h~3`5`Qo8l$9TpR@C^SIT@uOz zS=!7viV~Mx)HKlR%J&i_rM&5+oc=S0T_G!Ka1$nP-`o3bzlTAf26srkH3@NyXMKW- zkS)YA`H^A#**S?;4?lHa#RmVw9}r63biVb+n+gffuEL8tcl#o(Pm={tTEojFCy~G- zD_yN}a%MNhp2)V}_jWSQySs$_D0UPFeN7p6O+6v6%jO+gu4PZ(a2pM~b4P|?u~jgm zL`TV)OtW6VEX5h+$D61lbBc@z7hX@YG`0GDuoz&D*NYNIW@~KK?MYFdF`vEWmrBLs zylBM|kIXbqq%0ti#P2%9NBxo{MP?V&qK=snAyH>$nq47d7k)pNr%gkMPl%6ZVm1T?}N!6Q#+@fJdp{R zEU|B(n|T^)&JKt}b}Qhlw|fXLl2J(EQ^cI4wCjBkxa!+^(E#DPzK4B!89t6orb(^( z;DA|*d^m=<#f6J2XOgTsG^P~$po<@@&aw6sE7WA(u_OS27oHwcm?i%4bvP=5tZyL? zLGr4@d7H)jIKIbnV2HZ0 zK8!J(TFJ-SLW>x658!Zp=S0zRWEmEU4?a9JA~tq@=ruiu*PZlS_W*JD%e3e>tW+Oq zARP0*S@T~lRfO1_zO`}h_ox99pvI$r0&1urIe5PoRqdDR0EPK7q6z=LhSfOA2>RAG z%ifCl?yON;n5k?NNR%-TRH-q(jfs|e?n@yrRcx=$F2^2v2-oRdG#_B=6m30o%@dI% zTS`EAhan5nVTu}l%`R(!0M~N$=ihrEjwSv z9U0Wk5?%HEiNo~+1G%T4;jrCl_-DUdedcQ%MdHZ_t@sPUKu*^cm`u%~<51xHDa||_ zoE%%p94y<65$PtZ?$Puq|an^`ZRhmi-&El@fXfnw5m zxw2Qq-GuXm!>IaL46fQOOEirn1e~Z*ji8Ho-D+CCw0{KKVYirF+odhTBSo-x#B)yg zkHURzzVJ+hAaUf%TPUfNriqdVkI+-DjM}MXceAT4k?ov$S)ErXV8P+m^UPLoBN_j? z-ZzPs#?(*CM@JN-+bL%=q~ASO_q~E$w^srU~Q4dmR}UFadY~}h0$A1{u?Ekqgu5m`KMV0gnvbs z&q3Lc=&RerZH>kwJL-YL9{%7rd8VA!KEISu`(C_vk1kU*vWi!ftf-DR{T9>nF}#OD z+Z5s&2}agn6f3I)<&P`-6>es8%tAuihF;;911h23|A}Skz~mi?lCf-iAtkJW$@Pw! ze{}1`N&sFfaTfNoyM*0JGfzTa=9Cs{(d)P<*quybSo z#iP!Vkxw>fw1E`TEKG$?32ltIysbGtt~nx-aZ(uI6f)eO&C_3fPpZaedj4~h1uGcgnnC5vz9C{FIWE=`--J-F^bOAHY= z!>odT>9=Sq?b06it!0G_T@do*BQ#Lc5d@HpB5gzP_&}p~x=u)|X zJv&5)=+CCreeCYsouCo4h9Lbne)HacUdg3R_m2Ef?tRtyh*dL9VP;&r<0d1@MCtLH z2+Sp_rZ2LED%|swTJVskVi$_sb53DbH<}KZDD`7;Lg6jED^oQmv7WJ0vGaIkawIJn zcm{Y8+t)~kyHEjzg}_@*1LuoCA#%S?-{`nge`G|cV1)s*%CothNt~YmH2kRv2DZ8| zvgyYYQj_;%^KbSWrc_SE_DV>bSWFgCt3)Upy#|~M_6$pu)SKvD-fUz-z7jLocvXU^ zx(?Go&Y1&E@?8}~bN<2CgRC`vAs&(vj}e8mpW9<8tvpMxo@az3gh}Z*ijuzr42gM; zfuXGO>dB!!F-13Xoj;XHLVpKKS0Emo&z`&IN8`w&QEa=U0L2!mxPyWoD;5SXaXys6 zgmE`B;ayGq25baSlROfcHrX8|2eyV zGx_SJ;_#p*IFCCioPm8LtZ0uHf4?Bw#r|1Xa~R)K6SM}_je17 zh=`;gIq8#?bZ>iTQRHE&_)?7wf2)EnNyaeV%p$n)l z1~pu`TwM%?ThV@M&)I;3y19!&_TJ_=%e7_Hy}!uRcGa^IB#y0xIL!MlGtu`Dt?sUw z+r*uezo-k~AsTs_F%Fu%uFm z#)wZO40%YPm4wkYW**DPVywNi$ix~LcfDS+GH)EM6(=7!aoribY&t$0wP@qoS^0yC zIBo#R#6}0`CQzPc6zi%F;+gdFK#pZS3>3Krj?J1JdQtoOfFfBzJ!k4n%|w~m+9B<9 zr7$+tKJTR}*CLa=v9l6|#m|DNIxf~z%zqPbHqBx=jCvJ< zWivSren-iksL^{Ka+L1EtR~LJgVV2nVTB(-9Ryj=aHB_pHnw7*CQqgY5x z*#iX;F)a_4Y=-VLQxf5=JvzZfu#9S^u|m6IF3X%K(*?XTy*u|6*D16AgOL5jK62&v zpyi7B;JUea4fW=$=N(3Ucg)}MXQ!h)<%Lug2G%ETa2|j1np!!};0&`5duE>O?ZMqS z;kL4Ft_#Aql8^AW#4)+eAM=U}Q9n{hq{Q)^+PFj*HmWqE@>806zBm4E!EkIe_9$Sp zM5V-VM^dZ7q_^6ssHMxf(I$3_t&}wIN<_T|T+q-z5Y(`JIxmkih>axrQWK?L2@c(A ze;N&eDb5L|X&ssH9EnE?b~#JR`;%Y@BhmZtPR(=NF|1DlDsB+G{%tfZ544E5PBg^$ zKoh>{5kzlPn*nbbvH*R51VPQBie3ty=UBv&LxZ)3l?8(X=#a)anxN7!M7J(QrTT8p z%&x@kawb>F9k^n)pLBSr607h};T#;JuoL;wJ&v8djy-K0ju}9Y>U5iMKPEE1IlgP4 z*cv&XDl}dbEGCd2n5VVm*>~P`N%#;Yoi)Yr>8bhB_4njKj{!xU>+bW)(4I#*zj|$H zoR&Y!nX5=m;VfZYvX#y=a|?A6d0qW%xz-hG76|0j+1&cX#h_p*<$GUp(nGiE=*<|V zso>O%L;YP_L8|klGcdB9FSdE=8PLbiT$fIcHlvvDJnrm)q{MWtnp<+@(s}ZdU{xMu zrVoS3Xy(XL=$NT7BW2{L)}oa~*i{7hjK7ARh~Xu)niWsW?wy;T%#w%KeHnRrN|~Gp zheeePVMfi{39wY}8{JVl1p9n(rzt0phD+zUHF*hXPsCODO>HRV7ob#Myrs%=Y9W(u(ojqnNm-X{NS$g=-VB}3ynEekr)nJ&@ zn>FHoh^GCrAX(iWjMBy9G1<)b@HE|1Oa2wB?pCuq3_h>)KfHNiA>0tyW|!58NF+qm zTagDcbxKr>RQY~c)G%TRXYgM^w-83%=df?TvT}MCJ?xNi5cxICW~vvx$0A zt8W8wsfTlNgcyRIQ12jYy?)lF`iTCzt@hbtQj>c-m>0Gn;FEF&p0Z#gKhxvTU;fFt z@pQ~Wl55WE;)ygIYeR(G)y<%Fn?LnM1(iz-vIbWX<)3&Ro?uljg*BSkM7 zxB%D4(sW#@A9N?V?#)`A?)X2)i`N(DN~w6NV_%L1yih-M@6bh4v`taHc)UeR23x;O-~80cSOdUh&V>YLA8_IvH7*gv8HIbeF)Thzq3I ze+AXLPIrQ|iUK==Ulf)UNuAUWODOdF@03Ftu5zVEM}8#~U8~}U?`*Ef;`wQZwr~4* zjVDs1Q5Vr6GNHJ+3r*tD|c?xEFHLDqLfGy25F+>CI; zeos6Q$f^eR$R?+2MT0l^CgpGNX@6lA1)DWE^Hz@qg%GQ7nemB^h5dB1W8>z3F>APt zQoCUz)2FPn&i@qqQ2A&&3HNF2x=CY&q=qpD_11tRYHw19^&wtUTM;6{M_K%Q`IlAz zbO&f+>Uj9}mx>s$0o+SFp|@Nud-l=u?gzPNbGtP^>gKL+|guR^UvG^LTy2c@<KVQcYYjsAXN2r*pXeWeFR zc=fDfex(bw+o7si+Mf*qqMS>tO4|~It$M6kqL3M75ZRkgsz&u-3{qGH!gT*lS(^37?hI;Q3_Nm+31=tLXj-)Nl_xrxX%Xo^dH^m8o%Mns^@Q1p`jMvJN zWgH@RDS6l4(=N3odqYMv>!mo^qei#zWopaW+1qUC1%?6D)-Dxc5>C!H1^M>`uJJEs zfijJ0=dm5eTAASmOPJ{sQ~L2ezG>Uc^L5DKzN%9yx<*i%vqS-)$9%i`2snvzU;4JC z6K`sr_Xlw5MK{G?ID|B$0k`L}iKopvd9TASG;>J3bx;Ev!M`OUC9-wDX5*`vDsoAuCZG@`b5^Su zUF;wCQ?E+!Nt~W7k$g(_L1sJP=R)o7_aE(W>rM%iBBv81CqPkH)RGy7%+ks&0)1i< z-`q!MuHdOj%NHlN4Il_^$^$XfYS{%D93wG`)H9^~BgNE8V}v3~u|?V8nT{=C>_5eH z=bZ(aHp-Q@3eI=be0UMqn#}8c!{ei)M`_8n$U!AV7WqwkPke#ja?y)nJM9o)X9SZ< z1?@cC_D%H-rE&HA+lQKJ?sLY-bTa4Jjc>pbMXQ~J-R(qw3!+w{8E27kY&3ojV2@TG z3HvhMRRG#PJA62ef#++S58tRgk=ySWf(8fk?FK;#lMnruIyd9TpW!TN zZbmV~-V0g7jh}LIb{O*Nr*GnF8ktp;hj%Yhh68}whX+j$qF?UG^WPACN__YY^(##~ zTJPD)Ro$K2KPo@&UMsH4*B69#G&jJo>yKTpL2$-+Yaw#AK+~#VY0rukbgj`^A2afd ziT?aKruPEPp8|*V!i+C&Cy*;3tciHDqh@uI_?dtmJAR>u3pjGwQI^ZXSxQ&c9&o{T za5P4%AKDR4+lroG5rLb+mR5=I%ES(ZE;x04u5TU!7D~PDB-d~n3kMNbyEZ6rIkY3C z`O>Yt!y*S38$U@r!N2}mL3~%xu-V~E96Rzayn^;AF`dqbLcm7rqgM@=Mj|FiGdJUh zUUWsWrNd#rcQGPzrBxb*XWg`J@qYiRh}YqyZMsdVJUm1}Y}&1K+vOsI&#JJH;dK9- z!u|oyi6&W*HE_q`LE<1z>+5cQ(T4s`hZ1h-F(SZCL(!TIB_qm17VSW+g%U?m*;D7c zveyms454>JjU(kIE$Ni9$(*`dOn(Su&vF`;JsMpGG`P)SCH;6JC70(HI7&%r)K*wa zFd|jd-CpPuzvf#xNsJ5#SuG}S+GP`N&FT!!YZPqHRlAj{B?`yZCn=$^}y3DG9B9O4vm1L z4$IUwg5T-P&A9nd-EtKESBlS4d|Q(FqFkPaXg0k#84%dFc|i~(_~@I|DY4F-#-*MI z_;V}qhG_wG`ksAtw}+_i5@;8d6QKsjSyvC&Feg2n12j5Wka5tMI-hbv{fxI!qfmIr zEFYzLTwprn@DD-xw@Ur7dADi1QR~-H%%>mq(tb^H1J`LSughj7<)a2sPNM zq@USJ&aPWw&{w@Kv@6?pJVeWwcE2XYxd2T6Hj6v-u<(WtcfEKuN7rzNQSI|ygUlpS zU9jKHGlOBv!C$H3_OPp@L$C3o>1dSL&#_W~EwV}iB$q8nP98XH;Ufr95W6&Yx^)n! zFsy$0!XohHRr*oP2ctG2uRx9R|5o}yL|C{T-`&U#wsw*}TNlizjT9FVq89UGcRp?2 zaULO@op$ZXQd6M{)e!twO-PW@pqDT9Y+{Nsj`C)PdEWhP>dt9|-4YVz_~VlNLXP+S zk@#;$G^+5}D;6aGZn2m8dL64A!g%(uMG4cnMP*JA|IgD>T98@dNe>BHBU`^u&yWY_ zG@gMo!O;?o70u9%X)ss`q5G{q4qt61Z_VQMfLN6)*WEL%eFQeBqI_j7IL{E8Ms+-O`<=(8O2degf zs_uil5IYW7HEmMxm8BchH@g3RP45#*Sy0WrUd6;2W>rO9ort~!c@Krft4b~59$)G( zLHSM!v^!`+tv}sx^zNOiCLcWe5?q#ik?%+FnDWebQ$4*GLag_@JXh%ii}CRZlbwtq zBh^aBrugi%RW%HkrB zhjfd6Dv+G~)&?({o={!>QxidmxDkLvn)wz@qaczR^sZ=e$FqR9U6b9MVo~aYP(|*VKuFC*OBL?GCx6O^C{ZGlG z3Lfo+9mJbo&{2XUmukCw%KZmnH18KKE^enqi5|0mtR$M+jdH%%laclM8Lvf{(X)=C zgxz~$?UaKl*R$Y{p)vJ?LHK$9$M*>pY4_Lj-UqNr@!@SBPN-|!>?scI_S+BH4)wRV zY$Wb(;@)m1?&jysofUH(IKnl^qK|ClwfFWt(Q_fM6KY%4FxG=LI8;%2WawCA%KH~7 z){yj&216*$O{R2+ChT~aWfyO`emdpwR&Wk(jC{@Y1#D`OD^u>G1^XJWuM3h@@xyW$P#uaJCg`|QvpNBUeF z^(B@nbLz9pvPwt^B&RIvsq>7YM1Y(hjg`W1R)}-{SbAs-FeZQu97&uvXv(hBQ>jsXZ%52RXC36!6xQY3|B(Yp*^&$#ZI#4-|HZ3zXJ}S z#Bmh-l~4IgtQP36vs3k`V*J-ThgrNj6=8wr<>@I3$YXK*ilAY6ZH zaQg($M)!v}ggQO*)kScsy5%K0B8&26bI2d@CGUv6ff?d?6i#J`B}NOijc94+r=vQh zJfOLXPw495E)$yy-kgw+nV$YXzP>x2%K!cUASu$aii`%rAtT8?DwSE*agM!ZuaHd= zlBgV88VKjuBa)fDl0CCRnVDtfcirBf@9**be1D(s@6We)>b_t1^}5FMdS1^f%JZ;Z zXGv&LhxMY~u|X-g}ySmtz4Kp`-;8XI8=dSm{$5%6$PFWUl`ca zMaAyzh!as?q-#{je%v zCS@Jr0QN_!_QIdPbv@h;6v`K<+;O%HuSt=_Jo4fW%~zKT3W*=(sB`pdI7c0JhRfTj zD1=YqWP`uRw<%U5Dj&zn*zoV%jscguX)nvU)Mpmgmio?%CsW<#Q2)pgx+)%F6Z|oQ z>B04pfybBpwM~K$8d`P&&L!!=MCj4P-d=~n*&$Y2mtRsV9hG`(oVXkVZEXw(@gv*1 zPlF{xEFqh~m~8oKEnSY`_x(ya6j_@kUqcS&$6yBX&jd(e464jfkbzLP%bC(!o?dM_iJp4I9I!CC&?}#)b{sYg==$IS2Jjdh6 z$?;9<)MlJEZ>5(tFdTd}LMIxVm6f@ks|TRj9^=DXXRWwG^5YygU*6%Msrr1tQRu?N z(=n5i+6IaP$e;Hb%>1rJokEV6Lt)c(mTmp#s({7a=Hot@d4kXAH5FZ53F{{iW*U}0 zri3ODMD&knq!0GIH>~0&mGp1LYQVTx@BpCuBho=$veD{_LGS!A*o}H&4L<%?OPim! z1nm_#`0UTWcq{Fn%JG!^_Hu$_YLL3^u2&`PcUKQ}dfk#TzhHx-&T^QY zpr#jTH0g}$SN%QWp6p^1>?L8unEj{Zi%P6u^{?y5$dap5Zm*%=E>2gZTV`;%QBL{t z#EU$RiI;a|oUq^gi7@uiS?4<`DyWv>NPoPs`7h2yp5|1&4f&{HQL2p3)~SlFPke2I zD>D-%7_5M%YR)qP&TOdeAc1ebx5B{6uplBUuS1?^j~-{0Rn)?d(KTvttgfL<8)CMJ z6BzO8E<4{cKb3obQ*o}s(VU>BS5A}l#$R12Qb&wW$o%a5p~&KnheZqw1KifRjlx6G z7QMX0(D0$u3zR9C``{lqZFv5l)1k~4?g|^mpp6&>O6*IgqCbVmM|xc9lKmVgjp;=O zwEu=S<5l1^t(||UFw%n(*0EOLds@HpoaJ!=ZCS~%3wn37O20K-OLF2p>0XG7SxE|_ zjCOBoaG}Vi4CQ_-SzR4SRdz}#=!c0=-y~VpIW|TC*1TWS0ZcIuapiWf1G?1y*=$Py zd_D2wn;&@n8y@x->TT@vqGcn%ENn6c#Qs&@e$xORQXTyVGsIuPVy**Xc*}=r$M|-}dwdFHJRFo0X<)7^A;=s5`vnRhwXUs{2H;BuTY~)uE7}GI z4M5G*{>6*XrW5CHni1n4Uee|ujs=%gOE#L#Fd2FqqjX?mtt`x=;gLli2&|!EN~;L4 zDSq%*+~+A)p-g{Vf}a<&#u`P8hBJLqO-SPK>IY>z(6c|t1W^~&1`I}k=n)u)>~TIn+S zE4IJxZO|4Ed~zv<19neZA8m;?{MNEdk%j(-`=lfIJHWZ6+vf#XuBO^>Ekl|PxqWVl#+oO~t* z`{y>Pu$M>(V;roMXEfkH{6#aTyjQv5TBiDT10!y#IGlWpnwWl0sgx2gi;onQJQ)g0A>CQ(XX%m@Nh&jjK>}_Gv`W! zFX74KK281fjCkiK5c*B?+xt5W3g7LY{LhJ-wkL{DZ!cAfO*TY`jeK+!fqKT~`I_EH z6gl!y0=PpGk0Y5z515TgM;gdx0$ z5YA~%7Q9{1D_(z%w~7#m4JU0&f!lOGoFCu5^YyZhAa@4s&&7*H0+H}C{PDUm;g!0z z%W)?g6}9E3UXrVG2q5k?;t>X$&oxLV3x;*>3>`R|T6zfEIq}Z2%e8a|iSgr~gZrYg zE=Cv=4p{H~nT%+Q6*5f}?M39iBnqDW^CkT0L*9T*3Z03+Vh+WU(FdXOz8LKzPDvM#gfcF#lKcLn2|SSIfvpJv3Z)>J7n#-*WshC97f_ zPoz?0k6Hb(wB?%8)1tYBp+VaGSiGTl-?OupG-g2|Z}s84Y7O8Ud_N0s(|f~f;yw7z zN2ce%NyLJ;_(|aX4T635*t~zqx&L_^Cg5zprasl<%X2)f3bx(siHEEMni&^BK?St> zQZBTv+PtYe&)o-c`WebKJtpU~&Ivrp)8>Zz*60AovSPZErW`kcF7yS0dB;Kb`Tnn^ z%&ooTDJJCj+7Fp}CT|En*%>iCgm5)2Yknt`b{fxeB&mmiQCo2x%kds+AG59pUvr9z zOS_+C6?`&jWf>?jE4mOs(mBv+38=jPd>WwgofKsEiJ|-sTl&8;_zY&B2+tkM$pU zt-jSn={OwZWYiHS645%1^5VstIIMsiw(I9;!p*Shpyo&04L85p89k;cIgo#ivqu#< zfo$XiP>26}?1K|{dwSsDl@o5FFWxF(2JaL!h42q8i(dWp`B(xhDXj`1!K$)h5=eAbT6XXu zo&)SP73?+dOf)k~P??+_O98DCPM%H@WUYG-N$S1#2|ARI6);>JBZRpZ-7}v4i2Lo7 zy5WAqss(%0Xn_4@T+ADh*%XYbTyLR5+SiFurncz*Qx@U2pNRR>jJRG3?AGW!gPXCy z>RBZc=h#G@QY$%)W?5EV^v}-nTSOiD;mfUuq(cdB-{zAr!x(II znQm^~9%xHF{$m38+Z8Id2S(K!1;x(}Lw4A)_Oq*P;lrqX{WI1%Z0H{7-$j+Rk4}Bv ze?yEd1k@)B9o_wcpVW=wf`YJ_-8qJ`RE0W4)&yRq!EGAY4iUk?z({}ffq7QWQ?k&M zICK?CkATY2!L{&}9#+;U`B5-MZ>F-_9+i!=#}-;!?hVGe@x{aoYxsTPhD5-SiB}EW z*F56UNqPVMEx?-`s(b381|ET(L-f*lxJ$k&2~^yc>?8{b7ik+O}?@$|i{Y)966yj_ou*Orj$;rpCYd+j(- zN<3^xElP+U!da>4VqHJ^Y@P`q@rtfpgJ&{9>I#qA|KX_RFIu#QoosxviIVUClvA;l zImYk&c<(d&I>%j0SpHb8* z6@qTJj6+m$zMnr|DUGsHv7Ti!XQSeL0tWl`oaZHofI<+22vUPkOvK;2vjb`T6Gvt6 z=ky}e@>9U@n&^~?pZJB%32D*mXa+7#>s*(S~IdJN50MVKEtw-Gv2DWpCe`N z4irzBMXjSeV2d7WqT+r2A8)$n2MXGLkNPeBMVTl+CClAf`)TUAK5PEbZDIBs#cO{H zlHhw8bVaQH`C}b?LTWO{!%pdcs$ZA_>2`XL-0fP=b%Xt{y@Y)2?L&XR`Etdebo{e& z3xUwq>+xJoCVMxJV%GF)I?U6`tm47uBd3LHk>>o-NGAuB_XunioGzVtB?6O8Nv9?5r*C_6 z8PMZGggo3q13T^+t7N=f;K4Xx;|>=(jLHZRzbXBbzhEGg`JbZv^@5UP_?VOUsc78y z>Q#Ii4?7HG=sQlLdLM3DxqhiD-D=y)ybx66u0zSA(GK^zx%7MHUF2xT;EO9(9Ea5K zzb7R7cK$@Nky+e1#RK$qlxgM^zenrZI}ODuF%L}}6M8EB{47t?4c+W5Fs>udcbpS5 zZ>C=btvCrHUsVri;LiPx?XSsyGD*j!EGS~xep&zHeFczu@mYJmZA+HoxcQ;_AWJNp zwCB|yl%$EPe2saF%t9uQ;GkU-%^CgYKy5_K`%2zl3CJYcK)U%SN=HFKq34jgSn>!o zqI*m4Ap22Tv&$A|QMy`O<&pmcoeSV6UR>Y_VFew*S7n!iUDFIJeeIoY_vdMDPaMhT zo&F-mmsgc9lxwZT*#^EAo0T|Mb<##9J1QBmu$hvK9j>dH;?zH zuh_;W+>Izrv^JpNyNl+av3Z|o+7J&gQwQo|fC6ZOL=4y#v<)BnB`9gpdddZK>m`}| zOQO~o@yg!D8LnU)ai9>_P@M_WI<045M?kwghnNPYcR&5`{Bd^XCbBh46cp|Y@E{PR zw;3V55lexGEd5QO9zf3VfjZTHv{Cu6D!%q9oAe-o_Q>3~^0GJHod3k9+gT79t?gEJ z4>5M&EWuMeN3@3e-*osm9l$eG@!13vJ2y>qT+v>z?e32nkiW{w&tH|l_>{0>2u8KT zetjKDEq62#KREoq*vFGnZ^|yI3H10%ePE>b0xr*=1iMVd53SeGTsmbi3OmIt!uX2? zv*w>zbatjHvHD9aeOhh(vplKt<&`uM!|0Ta(!yl>?QM@*z}q?6OM|O`_<5j$T7_Sr(@U;2UF=DzMW5TX1Mn6HY*%+ zpwI3eEo;n|kbwUnib~$>U7!`%a*jiZ`)qHx+V427;`%Pz4PJHuNu~stl4n6`U}3u%uQH&e0W&Bvaa(_(Nn|l>-Tpc zcX$2TWj3GK-b+icca}GCC3Xu^JF?d~Gk>87&G1;Ao`%&nD#J-@GDkUxCf}rN0z^Mx zX-F@o`IUK4L=|0AcI=C-x2&5vU}S$I-gqL#lrNHvNZJ3VP;%I;&fDL)LyAicWVk$; zK8&}Dd}*~IqPc#6fRd;s&t;DlGp21GwQCa!u8<^GGrm?$3k^N5ew;Z~_h8<);!$6( z0?_}BKYRUgikFVM%!DD?b6EJt*OjF!#uQB5Pp@2+4Z@(+pJ1<@fG>dxU&2|-$*~lm z2}=7#fi@)aJIb)|CpFOEhb!pM#=d(d(QGak7)r+-4<|Hq_gFSf&ZiZ{E~54&szZ1y zUpQ?E8(5>me7W)X-gSk44$d0EUfsf}&rj6Ge&EPsZWrY!c z{?@b03-isRfk!1SD#)QUt*kPtCmOG3q$u;aIUe=9&^&hO<)b;7sxHuSH-^~yvMHly zWu{8JmzUDj?9@!7gR^KB_y?3?4ZbYsm)S{q&r-6C1u5x{JEGKWtd zq#;`yf0FA0iw>1095)Xre|8;Hx>Ww1l#3g$gz>>Rn75FKY*cjF3ZuDBD*rSj=T}jT zq@ZLx$B_)YL?Gy64CPhXzkf{Cf9IBPJvPtmhVG&B_%+J_tx`w1OpDUp)ZUfMZgO;8 zWu{u%Ly3!#T6aHZv?ICPEu@+}7XAOt|D+l{p^{0Ilrp)&$;IXCuZBri&dR*n_xVzL z+nV>vr0}714ffp6GaInl!yS8H+H*}1WJbg19CC9s-mAJsyTL4XG=(CY8Gqr+yBMW! z6mJ~$i=Yf*e%KnED$MekTuInpyCc*3l`Hon^FAnQ>}23wTzc`A;$ja=Y+zwAOsPrvWo{H=sYowBK}@p{UYnW%uQSpO@n)G@uTBSXxYfN-a`_h z*RztGhD5n~eQ3g+Jg0fENQ`p>e=DN|f-i6OGS&g=#gK^opmX*=1)YijvgSvEudnlXmHr3q^_D@SZD4sTOdg9dTq z^{41z9?!@iLJ#bFU6`;Q*ZEaTcjvxSKC)6iWg2=*jpvG)FnlFHpF5zCeqp`9rY{>Q z6cx5z$nvp+mXE1fD2UGAaun97+@p%^O-+r8Vkoh9qhPanq?Q>)_M#$~5DOBwgRlJ$ zZ0eCo{ik$qDAgFa9^5{E^Qj{vhfvJbrG#5YkfHsy^}tg)sFx*aCS-WXFz(w^82YSh z72N-+?gE^VSlCKfi#HIuf=l#)d~`ZWL)FPC)6w*Y93zU_h6mLR>6?QaC{nuo84s3h zA=NrjK5mN_ZKE8#77tAGGXTJ{~tep_~*sEg` zm!^`i)m2FNC-=~SkC`d|np~#U$9?U`R|V->&Sh9VgR}F)%0-t~YPY^J=be7ku(U$U zWB0W)s(8sraY5vvx)T&XTEmk$NJiJ;h};C5|CpkJ4SfFujmNg>1P6f-!aEz92M=IM zqht^f`oig&Gte}W-#}(|rlI31n(VukAr7L;XCieVr8-l)1uL$P2vCygdDjOhu$c)h z*SYV2irg3m>)}xvi1UB{t=voUN8!D%=a~HFK;lV=be#JNBkCniCp5I5?T*Z53Rz~J zbz(0)4uEfax_=wWKE%(UP8rD!)idTMXlsb`MI*v0Ji)U`{GIRL<}wOv4& zpIem~Ye&|*Vy@-NS#i;-cbJTnUu;Kr?5EFj2pL)_6gl?D+mG%0fq?(y2R0Aon+RCR zT{%W1HNE6+7-Xgy52G|Q4ia^mxIy*Kv8d^LuRz(nN%4@qBvn4}ghZ(FAEej4eR4_* z@^6QtWiPOSHb4X?{ZBFKf(HFdmxkL?Xw2#3a{z;g)OOdLb4ai&c6!aXOrCt%>cwdh zi>C!qwRUG+*B6HRkmSq)@->y#?EQBI5Ht)fYtbRi1Hs(Nv15zXq5306fwaRW0voqz z^YzZ4ZGyB)?-`pERaQE5c1I1A=$rRaD=APPKrTz>o4)-68%7E*Qqg~U+y7hjKA|)l zmpC3Pj}Aw&JZ~`7_Gaos@@M$aM1KwM7>ZB*h@6bY?s{KNrweSyeylZ`xCdBFEP~~h za((yyTasZ9J%@I}i9B(@XVlw@USA4vL$!y5$?N0nc42neaaroB;lCoBFjDl2lv9iT zhFMkF)#V0uZdV5|vdeHb`1`P+>P&r*QMmnq7UsD8qpVmmQfFt%6{}z{{7%t*Oyu4v zH_P^oJp()VEb;eA&&NI(akl6waJg zBK~AqmAnFViaNYLL3j|#V!-dR5r4e(Kf01n?zYAhN`Uwrq^liomjj+Z4E6?tI2U)m-VKrcUD|J09czO(X^kmOx(xt>~7li3t*q_E1E zMl$8r7|hg?kmtSg9C0AunfyN@)qEggROs^m&8S{W-TMZsIIKdZ1RcjPNOTju7Z!HH z?Ce!Rnp1VfBvLEh#5kN_Uz7Pnwwc38z^~+#=D+Z~VI;ZJEuS=C`91UX-7S_^1A(F2 zYpPc&I0byVRQR%p#(Iaa?MW}UqB?~&dNW=Y)F>t?+)BZ?f<Z{SdA)s`FZ@rB z7lg{M4`;DNk~$HS+K^bHen}e(l%GhQRh^}GJoI)wOpXy)0VNnxqS?)zM>4h47vC`srlR??ZM)tf*Q~WyI{`78cA*p zz9uN+t0PiJCf*rC zR+s5kp-YuJ`3g_N!pMQ z*S@{ILhNnuKiL~$iG#-D3xKkghcA2oaqKE{Uy9|+o;KHj0>w6ym=Dx08+$}U4?d(m+ltTi9$Md#?qq2?sV7rukfE8rjfX_K0` ze+(DlOck*j|0xPzL*c`iF4;TAxCyaOAGBkmb561)QDRJs^?`3L`r|Iq`Cp(Y0!SRX zfgU^e&3D`GbBdOrs7-Hc=_%VG*iD`Ei~(zvP%Lm18!D}>K;5kke|C#EeRco&T@l}d z7yBRWyAw}NufC-wGpo~^cx%tL+yc3Y!24?0T5g31A&_Q;pl(=&*cK0hz17It^65mE z_9kl|UcGFaDM-bDZ}%dmH)4~ zJOgI+)q{z{1rSs%pA!}q(YV|y^{6S-i9q~#yp1n@ ziNO{#v>R;7?ykK&E$w-~h zohhLO2Gx}^Vv?LZkvY_;(MoVNt5B(zy`BkX^SoE##yRO$Ah8Yji=)q|Nf>`CqV4N+ zT0-uh@55|B#(v)B$Cz|$$62o%gRetJeQmNU){kmK?=Gct`ja46Ry~Nr^)M6S>=&?g z_0%>utjadho)^{R7ibv=7u})0@fLITAt`lgs+U-6B6jIqBtw(=+iOUyd5GNoxBqtc z$;|li`L$V#4V<_LHfiNDx0QEnZ))={J_&UoU3IL!>39!oPfy-hlXa$V0ianXnxvkP zZfZd+bX(rKNcO*#59>bNB}E>~DbNRE^mYf2oHBw8DgW}9);(LKjcD5N%++TUvIkne zEyBJVQ|H(NyJ)TyvI${~*%R(U=V5x=ON;Vf$VUqS(yyn>%UK5gNk0A3F^8#* zYFaV<%6_A2@Rv?i6fuEkCY98AWEn2<@Ccckn;)Fx8`DBC@`h)uNvDO`&pn%QImbrl zS3)R*@_x0Hk8*UQE{rJw%B@kKh9hULb|iva>H4Aw@p=8z)26V@N$7eUvSgyXr8S29 z@9)aJIM{dBv+e^Ot!dEeZI4MKCjDc_#}U`f@z{Wi=Wf%1?QR~6&BX3SZtk{tJBfAO zq5HF)oIkx6BFP8tzP^iLTs;F7fkml)|C}5n&4nRX{K%S~OP1~J_rm)gY+c=`=F#DH z0!KC_l-TC4^=P7dl=@1Nhe@Q)%a`;|{I?HIW*Re{-K{9+S~s;>LZwDKUvmeZ3F(>ss20Ee`>x$;?3)J>M?UG5FWHQh}e{7B#HDjIG9fF?wom@gAvOAbaJzj zp|N>Sh`#a3gCk^E<)bEXb?m)3lIqE-C%7L6FFs2+Eq2A;5ry`9r}U{w6w`Gs)gHvegXFe52I6I z`Vw}TJjpWr=9jqIUYSh&wSPI(c*dA)@+t2M zB{%G#U5e4u-y_5sFwx0pxE&_WBxA6e=R1E*9WoQ$Io17v@^698sIwwEeOz3*iFb_s z`=5tvIh@LW`KsEU%G&$?y&3x;uw~C6ld3Kqaz3X361(5dS7@Cy*9la;U4kVd&c~MP z9xM>QfQ`~WgI5d^iB?-nsZo70spwd@<1t=0fWw7LJ){3#Cai6P47GZ$91sDZDzj zW2my^%0Lt!>Pu{nA+Jk8t-AUy9u28`c>gs67KcI?moS(;mv}kpn|;aY)g2C^V>UB_ z4l4za(BW@pJZ*R9&|0Y`F6k(-%X=}Ot+fdBjkg1wChOy%6Nk17;}0O!P~nGz_2$WK zIHi1d9=Jf%EBy^y`~t)QTu9QT^n31MqrvuFBlUHU&}it6;MgrPU0-x}RIaAQi$K{y zdEeQ!b*@)){0Reh46q$})_rCEV{#T5NoU?jZT;|j+THuC*3;T+X=$c=Vd&A#?mN2a zmzHncu`{170W19qDHcOg^rk^){y+h1t&SCU>t}VyLDE{Ukxp*!w(UN}#eu#vDVpK; z!;;gG>keolH~q_P^cbbta$<2SIT2_zZR#`y{bLbZLCV; zw&(N;>JPG5XxJm^Am%wwm4k@yyXA%@O|KP6u-LF;V3>>BS9zvXh9zYV;x9SIv7nOh%AJ+4O-LBpvOav9W&4Im z{)^oIarXmro8b+8+eoj8sl03aM_L6pF?!PIvWpQ^e~+?C#6s23WoP5!A#VCO{JOAf zW}I+ccGQQLtUDn_>s|o8t88y9_=sc{Bb}MrqzlW}1AUbfuYO&FVmGNP&-B)QS6|pE zCM2vI2tkr1np(FHT=F+lez4*Zcf~H=hHm*JvO%<yNyx@Wy+tEtMT2v&C&81 zJz=)&9jp~y(4HS@J>U=)dv*F#FKI{Gw?y}K;e(7g5%*_!n@N?o(YPs~z1^*)esGbp zafRl%bnApWr{9k6Pl+q>X1t};FUe-9aDgNSdpK*>0&2Xd@h+cutOBenj(znctw z8|LiiNS{CJHbo6mSW17|wlRZw7g3}iryJVdESj9_Np4gQ_{&jf&5AS-svjLVwu9rO zh2UcgTX&9fQGPLZHU$iJ8n8px?=A9%*jg0ESfK>O7|R%3D!vJs*2f;E&~{9a zQDYj9aTqaw%mN0wRrTanq5KSjp8W&B*5$hg>Hk92X66cc)Tp1Q$%%KJvscXGJG;mk zY6XDQ;-kI8bdrCeEjxedP ztfFmO8->#Lv;=vcoMxy3UpF%R;t0$7P_i=C>_ssy#^>jcPL@@>5CICdFXnRIfjX7(ol)q;?ld`LKeR1Sgq%6C!jKnOB}#TM5oFcOfWA8GJt-7#$Z(N+u3*qf4dEP;ihHTn#Q(eI+%} z^M$cW^uaG9mnniacFLWyXPJGF+TROQBwGO#Tq0GW{JT{u$?osavdaw513qK{R*+?? zBB26}pe-bTv#+mg53j_Dw5ogE$<_GzhSh4&+_j5jBW7xuKD^6)#LU>d^=*iebzgSU z0CaZG>(ZY<>*l1QsOgy-GauqN2AatDX)>^+Tr7@2M8ky5_q@F_er8hcm-}Jp#)-Jh zy=mQiz>5%cJ(S#cJSA9@%_48gJ=O1vQ!+QnB!DESwc-L%$M>0TZV%9&Md5qiCVO8+ zcSmZRbmf`E>_yA7XYtfX2MfHf@)<#=;4m4kS(u=+ojK_M%|qvo3@sv7i^(J5irtYV zGKIh6$$_xqv9cAwy~W`zR;St%7Rf#vP6A|26c|s~TFd&QW`xb2KTowr{_NqfOz3ET z+kq{!Vu1%~oqru};bXhz*!3Gg3ziD^i*qoJhA zZp#JFQ;iclpu63&1AT#>Cxd1$Ra!xCRl_d%+ij@kAd?N^B69R(o*I{u)f)UV#LI`? z9;~?Y2$xt;Q=hL}axXMa+$L?nsKu@yadH6DE0gVcMQ2fAeF4GR_NmByLYZHq+4RMS z9KR`UUyY?PqwMLh0sBuR#|aBAKTQziA`qx=k(n@`*uHo#ixY7(_#?U_zj(E37Dj7=Xxc!*M2yPCaVB{EME08Z8GdxdpY{?ce2?@R01B8g0R8VX zt#9@84ntiVb98IWGg8(>Z+Vg|3{5J86kpg<%XQePLA;{~e&-_>Sw89>f+*R1CZjqt zHldbuzf<9;KXd@ry6)_A36X-q17rY)ZK_yySEBVZwzP+Qx%B-Vap6LTDM&T(Pm4vw z1Bvy({2lNHr15Cy2|rRAgHKV<`$C0p<=^bEyHv3W338$wRhrGEVu4b2Fs~H zma=#w4X$-d>U^MseaEI##9#dlq;I$E=v>d0!}|Ub7)SJ5Ty?wX<2t6p3m2(A2z_HO zl?^_81lvH@McYrAE&(#xXXYpLFug#FxBBL{=i>tIqSSPrsy^>n?t!b5Wz_xhZ0O>@ z%MpH8!*ZwF5?+pkvo2J%8JkQ{(dvk(HC+)RoAvj=8L6>tl6kKM^y3R1Na3=Nb>&dZ z=8?C+3k2*##gbVpAJbNTcC~g|X?#vlQ@4)ChkZ*+(x#Da|Lw*bhE^Rr9ZPw-x)6vJ zr~X1V*iB7;u5pEV8Ncc`KUs9Ax~~?h?t6K0#`=%!3)?ni!u~nmM*2e!c@4IISNDl( zaUpQjrYq3TE9?14MdWzn%zMfExju@4!;SHEK&bb`@xx}PS1b2+zu-@gAiTN1JDZOm zoC-Z0@~BKoZ;YTTcC%EuyL`lLC=Q(IsNK7CNsUNR%l0#?AR#FJ+XGVFyn&_~9`uWo zXT@HgEE)am9C}I}{B(Apa$%e)=ECKJJ4ONWcOAx#$CDQrKu1TcG^FKPRaB)68NP(y zjD+-$-&2}Hk(Xy*^E}pI=LAbw1+=kL+C|TqGCyUwwOgCdEbA-vUR$Y(r+sOp>_ebY z&(T3Kj0EX)-p2`-8=tZbvqVvXVZuoL-}fF`xS#9Rtb0lLq7u{4sh{OY)(DU)LwTAL zUtXtgglQ0=nPBuTIxCT{`X-rsX{gVbFIe=1jHu_@J@+pwGbRL4v&Q2-IbL#w;mQHm z4&n_i9Lw72UHYy2icC9z6ld|yjxzs~z#tN;%gNb{)SQ30+KILmg$Y?IZ}kein7^mf zKN@aK!*0WOp8eSuyTNMB*nIDM)=5LqBenc#;_?=QwS9bz_W3@bZAiv7=@e97TY0C> z{`opE`y~0|H?BOcuV-(et5ivq?FLhRE`nQKZ91Z{Q_S3J31#M+!Yye_#OD2>@k^_!Gm#1ssmr2OI5Rz zl~C4Nw*-qWV9p9sk(LqA@kF=#sj z;l;4hZ1Ce=89-ksk`>&1{yQ5zMSbIu4uNWd(Pn1{m#BVLm<#8<%Gm1>+ezN<`wrwc z2D=LSRo6;eL6kYN*lELa*Mag0nORWi_vCQ#X+4~77%6VUBeU=0T-=p_SU2Mt>wVki zpraHf!)7!mSu+U>6fWM8belJd9~uR1NXa`Kd_4@Wcb$;Ffa<$9#So7Hr>RX3Qfmm8qG1)agsGISa8*`qTjw z**p8nUAL}xw~kSTU%h!+<}pLnECkY{l=#|oaz=g7%163Pt|y^WOZ*JIkN80hBcoAH z`9^%$z@tvC1U|(#IeAk1gOImv7=dB6 z1(0PV#~Wxu<@*eP-R8V8aZ)yy_CwBaW?k)v(#mu;S_!I(RA&4DOX5#aG3Dfr8OP|m zDZHnidQNV|cbCM$cQMkdH$OYU^2;mJ_+l%|k3*+2!|6TlqbOA>i6Z;XZdk`ZvMUwqLOHR$}eD7<}LPEqD(ej}3! z<3lZyMyH~&GR6uwNl`#;=q^2eM(RPX%_yV;ll705UL7MGo78_hw)AYQ z_Cvcti4ZNuKi{&m@IU?0&11fgScZ+xxuI#q!Pja6w3X#Ns%Jm)_^)-AfaQSvEmW38 zmQI3s@6=c`fyfvrpZcMB{{pAHLsc%%=Qx&)<>%oom_*%*1t|0Ctxd~QFXvUVyxY=$ zrK;;3cZ-8B#+sP@5owQVPu>3qaKX_3;+O-F^}axF$ZFu6-0*t_&wnuhK0l@vu}t=H zd*eQUKgJ6E%7c6<2*(EjlzFm<$0@>6GBn=DBP`}mkZvswRwX4z7&Fk@LNy~W&5&2_ zkMk{J&Kp4HoT#z{KK;5j!`7i|GQJYgukpQl*Qgl7xNsnzQ^z!KbQd>H)#Bhce_jQu zN)-zLNsAWyf4)z)hmE8xmRj{r&7P1YB-Ql-mC5=bEi7nP+7m z&|b2RcWpbvn@W>kk{o_oBu(d-*ZS<#B3X~yY&d;-Fkl|UiF5&X#$QUU-Zr!fi685f zV*0PTwy2m>a?lX|fn-WGU)M&7^18r~dRX-02j_&|Ea0$jGe+?2SfFbGqYQbc^S}p& zIzI_%MWkT9Qwx?#wHz!lTOf5FAP%{hGLUiG zR3#V8R3(01uneuG5I1_PAcLZ3RGj}@bdpg6mMnsp|A3_myG^L;+Sgkw6LKEEAGY8W zYy#*7gRg4Wo;)kV;2N2G&l6bx`f(tdWT=PcWy3_{w1r=CsR+Y%zsD|1jkRZ|$Ol7c zZq`g0(KF(+bC2wuoo4!V)aG*45bz+UP;5dqxxe0)mz?>&x)QjaQ~}?utY1$qCiFBm zV;;%8)FAVcpl15q)oiIOru1I*upQp&Wm-EmG0)XlHzrD;@vZHmN>`c+5lb89llx8U z1-TkjFGY&-uVe%8QVs(Am)wsNYbt(+Mf@4&-Jc|Le&ZjkiPIPP$6VX70)xAZZF5r2pJ{ zqXrnR^Lm2hZcs_c7QmuB$^HXtHO_}yQV>VCxP$Z@^sfWt>8{-bCE|~EN*y&ZM!zbK z2?Mg;tL{60mMuzM&m(=hID{dB7hAsm_AD?y*lmPJjUA9UZwLpoy2W zJ!`)-9Wcwo1b7(;j_bI+RJn3^Ki*hEpz@7*W~uT@j&DA??wU82GS|27Rt^I3XOZt5 zbro#++q;e;MxJGyr8b+|VAilh+FnH1+l%J8dzpF+dnEU3h6cCGavhUopNo9g=DDBu zj+-GMgPu#9sC=i(6rYA>;~dmCX*bq>MC~K!p)i#74T0 zAEPFslTi}Db}aUQHDYHR$=$|ZMFx9UaObMlSRX#_3WCy(^#c15 zl`a8dFl+NYLoSZ6he+vX=`_z*?VPl2D){QHY+4q5qb8X7>=Ta%Qy+RF_DOW=93QBE zNs9f685(pk1Sb2UsCIZ9GDA>mA#t6WK8YLw%}`jf2v05!8Y8vac?D0to}(f1k@w54 zwu($c4s)OGKIx%(&}jiWq%Yz&>~zc0hyIMs3aTQu+caoPY}9)a#mG+U&y<_6if|7< z=p<1cN&a(m6H2y3S8nr;gTC~r!eZFxL{)*{GgQsF?d0}q?Lgt4o27W2C;S&S_+>jg zDJt`i4MI&ep?AT#9f(<0Y#!fF^s%*53ir6@KX0N(YZwCk@jX-Su{lu;TlN8@U29qH z*1+l>3#|FkQY9(a28j@{NLt%}$vd#r-;w_6nUKU(-e${o$7q~!UCb35`*>YG(oMU; zN387+4AVGlpbKIDMn3l(IzP8n{RR0ta1MzT)U)1@ydV{q1Hq#dQ zIfm_Gq(CFHn0?}Dr0FhXa-+J04Gm(Gku^c=f`@6&>3tWq$S>|E!UQpc9)Q z=noW~oN+qZ5#r*ngUTB#m1$>OZ+j&@M5y*)mAEgsV4Fzy`fh1>D8`$A<(K0%JWeL> zSj)v(uAC1i-<{cjHB%_3sJyC!)H9+B)y?SsXGVs?9x5z{WS(Iwya!d$=-CG0Fw-B` zJ_$bi%6E-0VaTSO&4egM z7i66L&SIlq(5L4>I9b=aJM%BjJQA$sQ&XCo(%|Q()5G|(RmQLy@W;e}`=ye3Ii@Q}oyRK6Le|u>E~Y zey>8$4*E0c`tUslMW1Lqqb|dsLbUQ8sNF7@cejmTOS78kx%RBbK|75jY%nA!guz*G zSvOZZ$Dmr@lb=!;TE2XyP4^!nnHAhH1^8>whlwWV5sImbc-#ZYpD8bgAF;pB9o&ND z9x67Su>UzK3&l_ZJHA_ML+OZ~Zg71iUuzXzzm$SGLVugdY@F?A7zxJqn4S`wAjuUf z+37y8ZygtqGdpLhN{zSRw~o;XDay}3mr(&Vvx{Ttp?9NwairNw7Ults+pkVOwRT;Ea$`F3`q7NyI}RzB>wI9c)<4`V-uVI%B0ck; zHe4ytboqYA_oddSYWQBMt)*59mvj?u^IE&i+1n|mn<2mvR*ZNr0o4=-CdN`gsNCi1 zXxDwZuDBz{rE1f&5A;Nmiz39D0vQSBWAGN8XM$S<%34dKesrdWh4smuIYQo@>^YlZ z6&-0ffUE{DImLxc;%vftrYOVk2nCy4;mqc*e7CG-JToC*wdhPy5U`+$_TKr^HnRp{ zE*2PfGcHWs8~)^K0qE>7K*VQyQlL99cCAC{pBsr(p-a`o+*ysgF8`$kU~daJmyn;q zz3T}8@5Z~~rPpv#l5-%ldgqnxH+UIql>x|TR7NX&hzngTJdvSr)N$#lpTI;AuB{4E zOJ!s?KSR90<)}m%pO50;6!ld}R)_2(ybjlv!FFdP0qVNQS(y)!-r>`q=gLxN^`09Q ziQVhqK;{_Au6+@oIU{0J<-euXfw8<~@Tp(VV~TLl$f-w5`>=&*$JHD9cA6Yv3OBes z9i>ZPzTw75D=CUQlE8r1O5ZO8W{{)STPftz6LNSJ7OYiDlKPqW;%2y=6zNr(!uEzj zLw?@7Y>u$l$l7wwXYcNyXHAUX!Br;0+qi0}&g^F^2*v?snU&t$@)$9w^eu4D@u28Y zU-y~(<_;|7oqnMt;ADwl1s1T*Q|VpQPV>1)t;%H+=bc$%j$2S7%q2c%NT|h899Z50 zKrF|QlJ>zBe|ta!rU8$>??>BDuf+--3V-w%SL92Z9he9ep3C}Ra3ib59{Sn?J=&@J zUd1^TI(gYq?IgD0LldfkXi@8dW;qhvkD8;F=7#!mjNzxjwZ=)fT5FXdvbPB`P!=+UjX6;331i!> zk!P>ZI(r5tety&qPL9@R6v2EU26u8S+)e%G7TiTfmS^7^ezzPNy&IOrS3Ol=8N@hJ za=k%oIk&m_T7;#Ir4ObT$kKK)AQND%f=GX>z(n;wR|;VU{^U*d{@0bVL#|X-Zga#n zxKcWrJHRk#1wz`Kv$5Le2!@l4Iymd+*`?FWRC2=!k$$;@ydQkWA-ek&K#Cey344c+ z8U>lTjs=$JDyMU$r8g^}`zm2c^-vqMNESvP+eciTI8@MQ;HAYn*}ySV4$e|*`=sIh zA05@lO-Vp*4-Fpndi|~O`FYw7K{O#M>S~`itek!th^dxBN{`kk9*yCWv5ga9k*7so zP~4`7LR4(TR7d^x%2_D5M(F5VX;~$@&)n~j3k~k{tpvJKAOoYIJtQHQxnDhaEBPDp zJtv7@2wZ&yZqltmbKZCKjcMeyI}{eX@OcHEu~e1gPI4qtQhG-Sp6JOjtTg%gvFy?~ zZ|D-K*luW=U++>pnZ_+7)*&Se^HkH%YHBYBr{!EmfkRmz@O}1aKWFu?N0@uTsWW~# z0*JIp5m$Ek#vnqG%G&q!AK^Bn5~EiBb@7W4M5DNdSC$$M-&*a2_QR#hJzvolX4SJB zCj@%`2o*v?8xH~{!sZHW7`uwiX{6yK3iA!F(br&5L>w22B0g*iL=VS~ zFCL{u7%By@EI3xUtcFfWsM7f)O&-FnHsY_VI*I9vaQum5lLChu7er z5ni;bn##;RQkH_bg7~(_nY<#_$Y;7s&liNuX|?A+ZfXMo63rIc5LDDJii5-pRSLKj zR5SbMLF(7fWA{Le@5(W$U;ZtRhs4q4gH+_~x3r!)+)^33Z(_E5eG%d0^Bs%{0m^L@ z#ocOWr{qINY6q#sp8B&6&u`vH2Eh{%Nmvz_86dEdyK;gR35|+MN=ckr9jQrF_zJ1| zi%#d5W1j9%YMi3~T+|OR_Dnt*>la8d#(1nMxnz#tMLD`5JcUp%zZHZ%bu*lK>YD+m zGxZF!Zb=O)2I%qmE8UeLVsKS9S4>LC;(SWIwQK8kIgZn~r>rF{A(0y2uv4_heS>nh$V`3~{KF$|aoB zr9jL!%Y?|1_JpVMUum8a+#p*XqVqe*-iZfAojly3<|;c=b(rM)@F$Q2gli?vk)?$= zF+@K^QU9i6(sK*|>YD-%yNU=Gz_#~hR@1jJhYge8@;1b1cNJfWl-J`S)uS|V(ZKun z=)0i+gMVSO+b@VL^bW+kY}d+VW=qL4~Fm21b`10GcC zSzne>+1gqPwp&RkJZdUJW~Uj zsy_3^F8-d6Y7e^}+JwK2cNh98l6(`I9;;Te_Tl)bRbo-(YeVJ2lQDEHw}I!U81Uo? z_2&Y*FK9hknY`B_GuqkjuGVkTH?ExTLFsPmg)#Kz6Z+CEC0FdkS+eyqAq zi7z=n9mf-!`$K^1Lu+-#oa-)Fa%Qrx#J`k7-Xd&O34Sg04dmx?y8d+07~^Qs#QFm# zoC;$9)QCwqUO-clb<>Is8#$J1Ypg8JIC{AMAI9E18tVU#ADyu;g|Q6T4aPRs5?Kc` z_B}MVvX&BAQnK&HZip;NM3G4dp$J(fEu^AE)~schUHA3w^Zng(|GM{{(;u3{IrDzK zU$5uuxjYsy7_znZ1(C)qXy3gdnhZ@*?X5}0U(YIc=jc4*FjwucZ-g|0SVDF~2FF6o zViX^#sxZ{~zFgCf4Sij6{f+n?Rc?o)yEQx>{IA7@vqwyaTm> zBqQAs>iZ_9U54)BmzIW}6p0IECxiZ*2p0vQB@RVTJ39#@eb_1Nlqogg8z_!!47oj| z$@0G7vS@QpZyMj+=yF|COeiaBq_MSd4po>1$F(9;1l*9%XV9800$D5Ly%JyO~dmStHX_+H3{>C#0MLdu+iZ+E}wTJO3fK zLAjZkBkO7Fdm9SrmKz}ADu9J(Q}1K_0}>)(uaVk5(f8E=`>as?l2e zD5VJE=1n<48*#uG9jt*oXV-Yt8kri=Er`Y%C z+=FOO(mVhCa$7z)J@P%%MJKBdKqsbqm+D@;xSRj((gZZqNcqH-D=+jX{9vtjd9RmO z@ngBWR{aGZr*bS%t}rWz1Qbu-Nvz!127?EqhrgMUeZMY9htN#~S5u-vQH{&&H>$T! zxn%5kF!kRXyt#vvzx3^c%yq1lt4bZ|=Q8##Ty=ix`3Pf(C@q-^_)v5cqm%iR*_mI| zT$S*Z?w5lG@cYx78K4bf;2s|YZ_5iNyzR@D&d}2!m+5~Ku!$d+cr_RozXHIOwp zM6&K4fMFD1ZvG#rMii%)7YNY2Av89TYX9EKGC_3MCt zQV7Y0NEOmsF7!CN+3tWI^K@T_XYqwCUfVN9$B%up;-hqi3;J#8a9mCZ1N&TwR6SRJzfZFGDCO-z_^w8Dcpi@^qCk27| z3=0%PBcuIy3!sr7^*faB3B^~p*Uv^b0f3~h(ku55#yN1i^qNX%h>-;KhKGArFV{;SLKHu@}j2A&(`F1|1 z*f&(^eXkg|e+F?5okBMKl45bB8ij!kfhu9at#0+!`yAU`Y%UgA+~owS9N73aLC~!v z93Tktfw+Tq)dd;=vCMhy!hET;_|mCr`+G@7n9uNwwHCrlB{2f~*VSjITK2;i2@b>&DIWEpAEq0Y+HE)06$fz zoBp|NDOsjk0W^>88d3$Z5b^3sLiG)WnfHKb`S{%sftFW|> zg4Em=G@WU`)QDDWfJTQ8WH>qykcaEIk`#R0pVmI=^hic%hv_HRM1hMSiz_y@I1BWA z@~Qk`_H8Fk*PjA-$dS*`b1M68+B(1d(?IuSjw&}Pgls~5LJ3NIJ6wRNqx2to0UFN- zO<`pB`$CnQ+d5NplMd3DYE+OM5cRO)(%xno5@6197q1Mh0Zt`m_s;_l!p^Jlx0l8vfv}Au9BuCf5ooH+z4#tR3g%s@sh7LK*IkpDj z;38nMVv{L>AV6j;6IUu4g|Fyc2A)EY%0KHGq0L;hbQ=`o6H$^atyVpU- zduZOFrbM=Gp8ik-K1Rr~KRacx2@Hf6(X$L}Y07u9IK3okr$AOZ2;)9y%8O@g0W4m6 z53?e*FWsj^SaP2?%^oG&D&C)n=RWU;>};AasUM{k&ZK8h{?@}p#Tm@=y0r?l;#iE~ z^)NB5HD^|ZiIWLiYY={_uOlWDFy<7){_f*WG?mjz!!Cz8_)4TVvzmj%yjgrE5IYuy zz|zfqq(5SJwPEv^?908xwbv2I9C`crFBdpVvCN1Nx$w`Yn@FK1?e5lIgVuSf}0eU%aPk)pb4 z$!CfchVcxI-8C6s$j~nKU)|au-wBSWAz!~hJyHRP?mq$*&HcmQ(cEz-%_l!<0p!N;wd;?5x8tr;>nkp&@`X=0Rnza8{Dt^E^feG3@7(F%uG%RH z6xL%!s{Wmj*49ttZWUL+YcR6UEzut!O6kai)Duny$xAEn<}>{%MIh zpDka+_MhhzhB&AG#X%S7i(i8~c=**9JEk(IrQ)C@mHl7h`@haNS$YxDwTOu$J9L9G zBL2F&gH;z`5&lB+?I5TRn5t9%z>>q7*gM0|KkgFihjbCpGJa>SPsVfGd8R$S`+bzCEC?Im0N!*8HNTIA@yd`Otxi4$j8 z{S7I!Al>WfcW`H-Se8{F=@3U8BmkgJne0CvgSpR|O>P<}AKN@(a_K(L)}&JKzeIL+$(Ip!f$<*i9X8{bX&(~i5=a2=q<3V?*d z<36>w&xIHgwp7A7X}8C)tXMj&O)W^=*dB(<5kym)hVL1N^6%$ z`R~mlrOPtY=@&PPwD`j}KUQCLIWf$hy^$*0&siV66thNs+cm#oJYxS$6-JBNNqzo} z(4i1u4pO`8Wb%C06|QR18Bz*u#Q+MNr)S+sLnVt`u^8B?lkPY5&cq zxtNDTu~voTGaO6{{q?#ra{18!3XQ45N5UMh+6mFS}J1}aO@u3M&x{<0rEXgqsGa|1N zU-dOn&udVozQriIo9~=RVUtFlK zbiEUQd9=Fq@{ebCz$#s^2F>wM6SupVwg)xqfON0`fn=(!`~Hc10k#n|+4;^?bsz~{ zq?RA4`O!`_JWSQO<`jqDvK(q;!;5ZGh{j+TKA&9L?U0hBfL8H)^xD`FbJx#;UIP_x z9}8;ChJ;7Ku~pjW=Z5v!Z@5N2Fs(!V-9uA0_>cLM*(XgW6kR)6RneJwUanISR|uc^-Gga5%=43N+}v ztA(24-_6kf+MO$2L0jc>&V;zzzRKdHG*InQ)eVR*@;Lm1e*3+pV*m|-(9y%h{SV-L zobwcU*E$QX1`jcU4L*PRh^BcqK^kYKahG!2D8vC zx4=3q)6RMB%Y64qWWV6u-fgL2k^Z{`Z-HAgq%RswJB@W*6lvW|&!=y@hnT!~f7vqs ziW#PUT39{QeQK%giVk+FR`u1~1~MLx44>K0Ub$FIkZhkb0`&JP5a(KqrT(Gfz(5f~ zk6)D`uRpMi8t+=DD=1i$snuo*W_i2RHN!6BWkmL)<@d}Y26oL*ambmD?$~w?*cE*cqdk?!?_Me% zEC=@E-GRR@ZUJi%>fc`DL>PY$9OqU&(v(Td$9m|>`GR4RC=AVUu}K}(=73HzI)$Dz zlqkBM75M)4n_d5RDM5P9ZV$U_<+}$ThEdror!f}mO>MgxEy-$o_w_6OL&0NNs+pa> zxz)bbObLDZO343d2xy~@&1i2=<5Dn!*I;ynfy|ug`_~w*dwx2tqibuZe0I#|o^`)Qg&U}||Awc+oW4>e!$R6t?!KMkA5{z}?nUvbgkpl%k}lEi zVeN1Cm$Hx(qf9mESAhvRw;xG+ug8C{zqvl;lKiNCz%PK?yqWv)c18m)a{wgE^1`1! z#`V@u9Yl~){`(DP&-GvI*O`BRC)|-8W{To$kMqX2vyU4QEO)!UuD)Y@_uBaQaHYoI z0VI3BD^_ac%?7RArK5sr^+JF8>xy=%>b~?JM`JPf`dKtLEiXyY$AtlSQ&A2#(i=Ml zqVrhTY6ty?tm8xmN$M-*4wj-2Kd-7Y;66a=Yun!{42voXmD^D)mr8M7=TI2{R-Ax)_sZWTa(cy!!y6$zWt)$gp9T{H#TF300+T zmbx06*-$|lB$8hYjs6KcMi||prBAw5w^*Pg;;1QT|2 zlki>PLNX^XfiXz?8MrRcPmE7AQN!f#R8v26S;GsAQp0sd`(dc0?X{K|%mht8Ggd^H zcI&JPvlL7brsgC#cp9k>^VTS128|LHsvy7O#73>Pv9wT(mO8=3-8O!UtzT^P(`6M) z2JVQqmHNb`=s6k}M0oENVrawj*(p_|{e1Kn~y3$5Os_FCqMN}EIV6di1KTnJ269_C-WHP1cGQZW;#rcqqPAW}4T%ajy8Ls}Zg}xQ48O+`8A_E*;U%BTJ zh_=nYZkmXWk7uFH%u)n3%^r+n=ns#=M%G&qIe0t5UCbzXZ)GBE5bxsyDUk5$-~1vC zVO=t*-hjRJf6JoNyHCM6vGi4Z>>Qk3IG1ik4pl7Q6soKMJ8`$7uY_#M&T+15(*-Zj zAr2~SXVZCbPjoE0pmPU{#HKXRpY!j!2Pw_T{LG+A74jc5%evZQxN*s7Ld11U5?czHzhR+yM)+;-6{;|rXvR6J zbO#ID=_n@ zY=R_0h`FLWV&u3-nLL3R-qEBFx13?6Qq{hZ${gNaumE7jfp(YpANWp)yC(&)3#ZR9 zRm&_+@6s@zJWt)Ya}1}sdrSW!er~_2D+DCN=O-qi0V(pApR->Yy=><|ZUme$ z`m9&Xa;myZivL`JJL1^1`Ku;DP0EzUC{w`uKv_3`04=O_sg!+2Y@T}-78wL{sgdrSD(V-i{^NI!fsH!El@uqgX7|gB z$*^OOp^5kwi$xB30IL{g_b4ByV*W?Rsy&NqQmNWX1j1?Ps3HfF0|yX5Hj4)3{UWA4)jNgbr; zWDY8iz%b#yMY|0!=M2!)#gyy!|1OXOK;Ewsu{l?i59QC5Zb1|wuBhb4ch#=zJOTqq z%XTJCuv}NzR-=}Lpm#NCy$qy8{j+~TUND2UAH)PAlO`mj+$k)Pa*28OS^3<7fcv7Taiy@UdLQcKQ2o%QS*6 zmX=)LB{~PA0g?qvr=iRL#TLEk3^VC5Pjw98uh$%Cwf-6+^O`9)( zdXTdaxC@RpGVr|FPYItxm{s@m$Kl#AiM=1a4*Kxh18l=LuyT9p-Y-Fll8_KF(Zj6L zO~6|r?et#Km%9FrS4QUg!3126%WV>U=-MAdcFoaLmph1oc~l^wuq4~UDfYa93vY;< zKsQoGWsjchK6PUF&8B=G?n3R27eLakC`iQj5s>mS7?y9BJbc*SWWG5p=1{`1Y!zLz znW#vQay!wlY;a*9-kVPWo!M~ZbCX@|0iW8}mIc8&gWGzSnND~-ske)0Vt3NIXe{SLMj4A`Q7}$|h#Z4fM!*yf>goJXu*UO?)dleR zVwDT;oB{29(Bn-*%cOu`z?Vf8Q!X}WWp|rya=THvAfC~Av$eyJ{8aYxXJn3Ja{aE^ z5gASH$~=8J*a3Hwqhg4H3z8Kpfu9hVFD$OJ$xs|U;2JeoC&SQMNgXu5V0oFU+;2rN zjWA?;UIBJUap(%;L|m0CIq>vXm)P4`)IVxkM2-+Y&#J6)u}v+})gug;ybA#dBa=xb z0Q>lUJYO-~t=#o6E@%+yEA1t|C4-4+@0I{T_xr+&oB8;0cuCXW2P;X!Dbt&972?(C zON8!PAz0#fZ7k1P0?fERDPqbYFVN54aQq+8K9s1FlmfC5X921@$#H5Cr&U){cN6^Z zB^R$xM=4`#O>Un|)G`Y@E3}LZV#j-@M47A+vvHuCX~grLie~B>uGap=biP zop1XmFm!&wW7n}1rKXy=B7OfI#Fn6M2@~9;J{kjEa+d2r^jiyrzE|F) z$y_N&bdj~S!^MJc!2~ni(GO_P4-W*w5=uczYX;b|&Bk!#1rOen&lf#fCDp)tO7^9E zas7u+`=35|g)1CGXi5zjpR&ij-&TJo`YQ!i6sMQ(O0uQYR{UN@UJw}s_@e=-Yx|cBKvJD=Dx)8c+>@Kiiuov zS2S`;krX9P=z&H0Jxla7GZRkPR~?|6!1JqI+nr%D*`a5kj-%dW`@}HNGb6cn$|wp! zPWk{aYAWfb?}j``@!z#r9|ZsAI1B~(Ymsfoz0l9m{@e?j+$KuJ6@~tfRtWlQC)&$V#j(OOo4e73&+vMhs9VfR z?KVD)J~bg>U_My%78fOii03YgundopP zrp~TX0s#0Eum5#+)xMJwdC)<2YQrqt29_CSflJ0UB-(-a+)`l0^imY{kEh7z4Om+ny zcWBpSsjt@a`l6QFtDTRDsuv*m5f{+)WA>KWV|iH;Zouy!_v{$ey#Z}3i!co~U_gid zOqHx43mp3cmC|Gkt}6lmGMLw9Y}+R~5Jt5y88vLB7VSd!Srv}u86HRrbNN1x!f&3C zNdWE|;{v?}i(u?bPL|dC3&++MwIRljZQlXTHh~;nsq|}&K%Z=mjJd47ygiUXgYDE5 zK{{jW!CmmaJG;{%#-FYluCSmj$I>iUleK|#uFf1k>i8lO4wo)f@vnq=$I`R1Tx1S6 z)6`*>#)^f%ww(rkg|j0mKeS3@r+b3Ba{VQixfNgX+}w+s#RAg>*!5KPmiy`saFr!q z(Ucnl7e>;|wOnNrW%PP-zB)FkZ!(%ihyLjMxY7@-B4on5@7NPl)pfkj6>kdfI`aHDN%f){>=WY=8i^ zLR6s|`2vg@D|w#*snIUb4#UDG;&YA(6Th04(J~`d@4u!wqgY2g*X8eWY?$HaBoj+i zR1jY~Jx_9qR$uSoT?-g&1gk|RMsZ+|JN!x0%~%Lo;bBrovpORtbq#x0xk3_;^SI}5sp@|S*gm5C22JMoo4$hT;wzCTH)VHYLoWkk{1-+H^WVJ^QL{uZ}x zMBRC;y1!}}$4q6sQsF{d>#9eqgD;Ib?&!vPBUWF5H;wnf+B0!>63^kzsoX9v90HFO zA=1(^6WBVUgj<=Ij1gN-+rp~x2^nICKRU_ z3KeT*9^$k}0j!g;?WOfNo;`DC2J~L~yk4K55TY6X!b{uA8K;S;tpOUG9P*nd z8vSqsY_z?v4FYdnRB)4(MU~8JD<$2q;?Z6dZAssAF?jLSyu^3!F95;XJ7~v=Prc`^ zj&0YK?qGgHo8nQfgi2ZZcn)>cMBi*s!MZ?v8LLy{hw+(KPq>}9S?E8dYMp~18JzkI zQT`K-^IhEL*iW)s8h%=A)L7`-QrU@0F_h~m+$>n#jvxN4S0X$5tj$jdb+l_5d=zm( zt603QQAhp8h42@C(fiA9zZkJ%E`J&M;`;-&(B?KmxrEtq&P;1t(@gRD6Hl>xb+2Un z;U$EjJ{Bc&g3E^kj$nf$Bx&GDWL-;;nzLt8`flf?bHfpaDX^vTRqd_A{q3iN*@u^d z8k2>@NVaw!<-FFY#=KOtng`Ggu4FmBrPW1~{l#=%QR=;zsufof0#&k%qe~N&PTBO+ z2pg#nsolC@_$C3SQ_aSxH}VQVmv5iXH?q(Yz1ts4Jb_+HYSh&d=};{WN+J5WbqeX| za5h>5_I5Y1ATE^E>WLxV;7=XjLc!RMaO1)`F(fB)_RP{HGpT9|2kfG_aq?|n1{ChN zj~<=KkfC??{%-AN_}z@MlBYO(1S8(Df)CN%K%fV$+r$$2`u^efK~48E_#do%j&>?p zF%)GAA3uXE(R(3TUmUoga(RVVrmG~PM>v`CXOI>3^()f!H~q=QIQ2QvhJ&yEm{F3| z=Uz2Jy)2>W`P|>{>om{NlXBKyv5X&Y)!#YY8Sg(Ef^$$j zZ>YW3mxpNRIqdbv75Ha#6tpRsFL3t2I(n2Vt1R)Ts<8F(UM*%mcXsc$VB?u|h*sHF zEgQR85gOdK%{h(baL7oG)s;l~Fm95$EuN+kk41Sq#?@b-!C`4|!WU@7>elfNTQ&)> zzx^i;tUU2gZDs#x(;f&sL{XuHsq~|i&jEgdrpYkQBg#0KQ2}9G#`x;U;KL|@uuS?~ z&2`Le($CGH7~3AN1LN~I-`9r*+^kckiKnGj@@#@;+=Wmn_1;>2F>3iX1{X8%8aif;(~WG6&PgYQB8uRQ>!x}5uvNRN6Ni*JsiK+ zP%>Z6@UMI~->>8oL8L~k^;%wgto=(h-CNi|HJ3Apq17f{OJrbP{r61p;_6_GcW2_! zGfn&PZ;1rm7C+4q*8Pbf>xSs1*HN_(gzLi8t&4iKMhuD+w%6GbOi$CF@Lf{l`exC( znNI{INXVPuXUIDilX;5;3LD$}Pg}1tuY0OHP2?@Lm0j`X`D5fEE)*|Y`#F!C*bual zfw*x*S!^)5s!1-W?bowm8mIr3PSKU#ppJJD3IEmD<`~<%6m*Kw&;uVh`o$YMWelR= zlqsYqkK8tl+GRKze_jV(V;xOU8v`+lfs+`8v%83}UpV#&0FEw_XW+y9{P!`jx~l7#w?73M~X zZ%d|2v%DRF(j(gw%7Y7mZr_>1Biupct$0F7-FxVo3wu?FDU(6v>a9186qI!~=hF_|McdM=wm4xf z@IW@#>n;AcVz>XsZBM>-GH}*3rN`~?o=3cUa9Nf! zE`W_zkGJ;f9RQXGl3l(_Eo70dt``@cUv}*Ee#L+*f)#&*$mD~&BDIG5hFA0kC0T&N zzqK{pCjX1V2#M67~>80p(B8$SvLYPu(;m#93H$S+uL_PK*2B?B_d492`A-zcruAc zW;?5lT|YZ`*3gPl;B*_%7nBwhDRP56)=hRTo?r^Md@XX{u_f^Z!2kDKv#gWB*|F4u z4+#}2c_x<&dp@b$t=+0*>wtt{)Il6bxgpT9o-}hQ12+_TrWcjomWFo?e;#6My(%v2 z*gPWZfF9$HPitng_Y>6&^mA@L?K9FOny!jsGW^nO%$7-cOrudG4INKFivi1O-(8vV z6WTZF?TdBLr3eW{-vEHh z;WQxW1189UC&nL|QaDQRWx2@=M65j(kqnq0!)8GF6!J+LObG&z`Jm;|Z$lJo-uAk8 zb+vdD7*%zQT&<*e9(GvVFf-L;m+~ZuJEimSmnQ$w*^1UTIscf6jxTQbNPU1(j~s52 zb4ccS+&%DBXRg8F;4H934}j-kdT&`FA_cy4dDH`E=mFSh!DGdPQ}Dx)_!vkew2d}A z9!wfBM!yh@Jn--Ba>O%xUlOS&n3&*ca1#bpKo3dD2()ajIHo)TmOIrz#<|+{b%Mj& zMFUg&NUk8#Ryd~o=X2&ZKSvc`$=8h`zuB`1%1guY&*ZQ01&G%XL{l2-!dzu_PzwKl zwsUkU0~{O3?vN@5Nu^by{Gtp z8=DDi?5fO7+nX)mL=K9VPlL@aZQB0GVCie^gBPHmEE6VBl*dOk-WAbpHq#DSy;S;T z+FMBh0P-^m=S_MEg(y&F~!1h5(^z^x-gyO-z`?RaP<# zy=q~qct2p*CQ}JN$3I z)idI(Jbav9QhXe0HKZPZ!`70O`y^{QWxdBK33GH$xK5Km$PNIA<>S7C-Uy;7_^OF| z*ZvC?OkjPhqE>B#MxYhdFQ*0zEv*+76xMQc<$S)${3t&{n0Emr#W%<+?Qtfx4~I<> zGH!=L1 zC|JwmcX=Qd^iZzH{JZI&oWdPGrB!L{`Cf7OovzrOs-+D8Iu7zuFeLgz| zuwU6z^HU>1Ky~rV5P(J2T+FlJqMTfMROzAb0`_ihOIH8a(dNK0$byP3MqFI{@&&Iy zzrHO4qD25;`~(4-vmdUrl8F7v2q`7|k7xTH_n&wR@@^N>E8r)wQCRnfpO(}h-dH`I zKzpI-Nnzw|aY2{&AzRKy;G*X}5%y{)@WJL?6B7Q4&ho7b1od@*9@xINg`x5U50;}- zdK|1b_(zKZTU&Vb@o7=;^d}|*RkgO$1#2^GRgjtJgv_h&&3Aespx+i~yHGOyQ;jjWM{> zb4mx8p&W!Qnu;TnBE1T$*sF&wn|LGoBxp0PfodoD9>t-?CEBs&dLZ9mI9xo( zE_P;zC|c)o07$0a)viV!Z4^7dia1naw};?vn4g|NhshM?1hnnWcvZ?tQGFAyx%y3M z8@#3#px^*#>4X$N;BJMkBU+Lu#>LwSc;>O$9GR@UmhXpNKhBBfu?QeheEQ1&32PT> z+zQ}7Yu%Ui_#B=l3(8RR@!$U!c6314Vf$=*=^=O@O5zWvp|FFGGI|2Ij$;s>XBo1C z0xIZFK5tzQ_z5MO79Re?nN*cu@yKx%iWo|pa3@(i#G1<*o<-*aw$Kd?gg4N5$7seg z4s0zAe?J1pqPs5G_GW|kaN~vVftZz8@qCI~>+QX*r58c94Zc9fMBSTjsp9r<8;*p> z{bO1BOoV-y4n1|})y|{w&G^%wuBmp!hur!MfZwLqkI%Jd(f5AR(vCi+*XS>Znb*sF zc8Q{DDKy;^>tA*pta1H@E5w)l{<=8(_obmTu_t{V%D>zWhm3y)+s-{a?)S%g_~WHT zN%;WAg!<#=qmdfyEB-sR#q>UjXNG4w){^3zHudgIo z|D*lMJ|9JqewLK29q3&Rvu9m;(cs<3@7!wV18#oz16w80iC2kA>N2elfIgG=-)g!H z{gGwxlpSUuh?awOHny6N|8L(%g9YUZhS`KW(Cqvj^9ZEBT*R+h;qWVxX-C}@Bp_HC zYjzj6T|mmMcZd4dU^LTPu5n&H&;pAxK~)h%>t_3lR}3Fe;=;Z+`iudy!pwE*cwzhI zfbwaLbP3w~+_;1MScW{{Nd090S=eqsHbK^*zGkZmC@p#Dq6s=mq@d4M2H%3Tc4s(x z3v><;L%`T6;Cmv)EsRJ}`+589Xn(|?lPc~##|&%)vLAjPFVUkfl$5myrul9|8s4P7 z6`d(On6TncqYo@Doq&q0S%BD)Vv>iwfa53nd&Cn%I5)n^*^5B7^n0f0W|0?d^&JA_ zv)cPCf-kHxw%!@Xfx1|5+ULqI$kXk`2X>J?58 zD^ul*Pb`agqHd$Bxf2YV4oT7H>`-`7I zRL()71;jx9Y(@p4XPv73fKzWwHXxhSMDrqW6HF zzGpZH@)?Y^R~cnTGHOBrbwZ$WlI;>F>Xu8?JXV(^M_LIGOO)UI4FR#U-Mqy`sv-5G z=Wg9h-|0@~p;$;MHR?dH`N?nGrClX(@2h~e>2r{-7Gg>x%8m`|EBI^aE&vF%wAr`3 zCv6=0xbX#*!$-bHUi!&)jn25cIL^=JFgD9fdX(iFf}}aiU(gH3GDmpYwa?i zqrJelvC($Vi0Q(NuyIV457N)f^4tU-EcwJKR`Pv{TM_1!7E(9S3-w2okxi4~pM+7V zO;YC?EeX=A{hl!(ydEzpT%B=DFIYIfNpPBI`W-;P4;OMmW?MKU%&$X!aZ+`l`aL5* zLZpGxWxO*&Dgmbs^m2`tL=Pu{@%AXhuFH6U(jJ z=Tl};YK$jhv1Kbn^oO7Mh9y8b;6vQGI*MFmtLeSV65$396^}LnjpT=jAF&`t`w&$Z z4C3$Gnf0H7CS@EPlN6ikNWix%6vN%1W6oY1<>NQm2W)PKlp(!iokw7G8bb3z(?S!7 zs!bv@O_z95fD_fgvh3bZ(Z`TJj!9aA!i<)i`tK;^EQEbec(mkn+gyQxP^=`c zMyrC8=&!n||F5xdKMF);CWZ^PkIbU}{x$t0+FvifI!>MApm5er?L71=y1M@bT>L*( zPmV)ezJiX$XXCo08-J~EOu}-(8b>?R=yN-w3z0{2k*0kL&3_BW4|)z~B(xPfx^LmG zhzLOHi6+l_Mq72-9HHwU}2w4D1fp@4TvK z5F0%Ek-pT+kk#Pxv8_Sh(tzr=y(>3?VWEd?8rNm`wWdkBY!u}r7=6lT&3^)`<`T02 zI>Ze(LUJjbLoU-i_mXCH*8TazCEVZ$-Eo8)PUY6+pHDmX0r!1O6|5}@ot7Do6F^9H z1tqoUy@OOcPRrqVJs)K1X0>e`5(#B13@1@_nU|mhMIeB^xo0O+T7@rOvSPRPb1sx+ z{l3>UUz%ciTl`N-=p3*jYn+$0<`1y&zYq`^XaS^@sz<)iC zlcLJ&>UF1fIODZq z;wfTr$E>5>5oQ!=^g%3Y31FA&h@z-qRXTWQoOC5^BCC+EZqyP)eTZmX5lwkX(X|v7 zCu*R0kJaJ|RK?f^(>A`YEcN#cb4nc?lwm%qQrJ+Rfsl~dV|<>7d8Q4}eoFcM;E4{Y zTbZb@S0OyPGyTa#BMzAAy>#QBr?%3Ka8|-0sgfY7%q_GXTQCkUl5P0f;IqIKsiFdS zn|&&ss{44ewAxFB#6{%a`;a$)97(@FtuuZi8$wm?o&VO-e2Eym2T=^HqHyibK(+u~ zdC<`M3uMkOuD-8PFgl(h?fAG^?e~p< z2DdCnadnyi*}8|O`EE*TUmcEqPrlH@)3AdmE6)Bg^uOd<7v!wcoVUIdGJ=Z0)N6t8 zukWV|j_^k=d)(PfxeQ6cGBY=w^9s9WGj!RJyBH#B@STW{bb&NPXgc}EA2sebxSe)pxtpi;yoHC zsk;CXXuvL3N1Flxi>bk-4XU-N;pyb>h)}(*6K=%Y;YlKUcM~bm^m80(xbXV?h}U-- zIVxjKn}MQ-$)~rpc%*K8g?MRbj5pEWr}S|Xz5Sh}wwu6^$a?3aISx6kPs5Ec09KEw zOX|P%cGv{)i!Y1+9?YHYY0Ic5xwGkMuro)}e7afY;wFaBP5L9k+x&My{d=&VGit(1 zy^~%F_qXYMBf84y4KXgB+3IYnW?jw_hi&|UUYY+2m}2{&$;9~w3R;`oZ;b!mQt+)G zdn(&=nC3EdPan3oHO+Pww^Q48VnH=>?-RJbUDbi}(th=QSq8JcbVHm5tH z#$e=MQP7hit*V_qJ>Fx@81a1eEl?)2t!gfUE@5T&?N`Qs7*==13zW~r_hYO|L6N04 zeo`8h3ALO^#2+dDUBJoU0xqFc{V)XumZz>s@4pKe0To!)|Aa%01kj7SvBI@G%F%|E zy|`d4W-8`ped!j!A+ON26)nkxhP*;cy+}5U~_YT|vd9eKzZ6U^= z{Xg?JlEQTLYvefj*)$js=S5eV{s3a3*Lwfk{`-^|k#KE*mY5O~{-^_rmIg1uE;cKl z)Wo@1%2dZboSN=yE8A7Rr=%=HP8|Q`9b(=_yno3Gt|c4*?;-*hPR69x&h9Zh>CzoP zlhL-JY4jMshaY#<9e)L+=}cZEUM*Ys#{SQH8&8kg&NRfCBhFCft^= z0KQUq`P0MhhNP8-iM>dF^)2)uxR6nr2a7ME+$#=x^%V(vX;O*chchnq_F%pgNwZU~ z%@Ie|E6s|80s*JJX_x5fOi5E;dWnuhXUdEgN&45Nb@}WV-0GZPn#Zt3kfs>N!mgom zqQ+xGohCNt0HB`m6&LpOeCz0k+Mx8j`vw6bg=`!+M#NeygDaJgYdltuMZrG9REKaK zYENG>PE{)@#=TihC)|+tsXIV-KI(==l2SX6e+t`u53f z)|iAg(TO_Qx*<@eRvxg`Y`y}*WJsT$Iig_&B%V;p3{1EQ9L^nHtRv<&3|3LVAH8l( zn4MG)bPfz147G%an9>CntsR#oEmX=@1JAh`QG_FB6MK2Qq$l6U3pFBFQuzZGxazAh(PXE?SC=-S<1#v8oP9j5Ua z;I3)FlQ0&#{r`2m;?bbwnnze3E`Ywiabi|FXlPSTz>!6ls8WqO0W(tm($;+EPtb=+ zen?rboFy<y%|{=HXpQT_7Kr#~Iw{21O9KQpaQ8c}?}2y{ zPYD5SI}<$8N}p4{ZeAUgLagu7J%waFx{vojH2-8iSWquzCEXzas`)jNAxOwK;u-Km zI8pYD3Yq0sg0-93L@k_P_+M~7jrTv~c{+j|w6xA8IaT)}sWY=edXOpLmC{hzu4sXD z(`l~toFi1Z%bT45t!>%6J6G3NTYV%>YCXCJ~@-gcFyYYt|Vq8tRfqn~4 zQTh2dYEwSvEm1NBs1&|fMomFiS;|vWT7uh!yvdx(!w=nHnM)Z+0AwCb|1MbBzWa}^87?lDMi=#E^s~Y1?tvPnnmu0 zRlNm<8WGzs#`AxzTN!CJ2BJzo;xeashP;`O9>{Q0WIR^r@>38|=R}q> zO`W()i0#7Gsa{Is77;}37;fA0+AV;?s6n3vIJoK3HbYs%>j;t?gW{g~UPqC;RUju0 z$-0-GDn@(W%{3e|$jojPe^n$)jxevjKzmCJx%WY+b8~Dv$vrcls641~1DKkYe&JCO z%hhK2rq^dU#4z3VCZ6K(GPu^cct1v0+ekw7#xH_NzR|v6x#6kYYuvrHzFa5u>*9kZNR+7oJ+xW0AR72f7C*yGXiPPk1IfuN>&5`#7FS3TT z`)11MFT0mB&Nz6iwdP8G*wwl;h6Cv|7@_1C;#U4Q_W?8hD$5z$YiOulSW@l|J`T{0 zdSf{hOX})l{NZ!n1|`#i@-9>{K=7{u>|7JTYkjE|WFKTWgYDw%jJs|@j>mf#19jao z(Bbe!=oxaC2JMJm{#NJND982Dh zuP_~j+Kh_FkW+h{Fz>raAyA!&)fdkfI{G$um(fne>=DU&G_^&WemGh2KK{iif{@7E z((E_p%&rP`6bbT-`RG+P@#0|pt=aM}XP8sUX;zS;4=Uaha(rE>LBbcv&hQ?h(jLg; zOf>%9J#*gyj#V&_O%9Y$k z-i9{(J~42&9HA(`9}o&KUHd4QgLK4y5An3@^Nb*_PUI>nhtpa%Kz7-GklxtiM6S<~ z1Ru(KI;-3F)4He8lJx%pB`1|(NT9$XtfN01RB7<4uRDH=iuNM@|04W&?#nes#= z`tXri;YIHN&DD15+$-sCB1_L@!pZb;PN)VUZ*P)A8l#nUtL%lg(P|wJ)_vjuO2FCD zgVf1(8QWUMjZ0<|(7R$V_!0rf@gl9=pSS}a40NMuW)Y*Dt9&~v_Z-N)}fp6C1h-S=}G*B`Eq z#C$&QkNDMI&TZ+>WzT$$2t(+f+L!fn?db=MmmEyy`d@ltf15N;m@aB!QS?O zwUk?M$APfN87Y%DTJrmJ%IUbtK0EoR-)tY6IUKlAu3hD@@2cd$z2qL5G%pGv@mKgv z&%#E{HV#>9ych-QAsn_A$W$aJxKGfZC zdwvbcz>5XI-j$>q1|M=SF|hEKIAX`gJ`=UM0!OunXpHEeU`@w z!)MiIM``DL9N4oWa-DATy-_XFq^^_ssdwyObI)x!u6x#r*h>?TG*;nSgg2Z2s z2}PKcKgqT}ho5NQ)Wu;mi<;lA;1pBawEV)2O}}XRl2T%mwwb}<-v#^6S|mv@$L9^{ z8qodfQk~dE4je6|oaJIOyW|AMs7joP3y;Qx27mY0_aEB+Jfd;M$)56gqZH+0lF-KX zmJ=+Vp@8YxAEo`E=`ssN=x^x;NALH^NzQSWq!rBXZTf&ZpY+LIwT6c1L7dGl={TEN z6ER>nUAi64vh*w>N7144Tep7zn!N;nedmu}HLDQ3>f&T_Z$=WV09E;3X*3hW!cGQQ z<7I_*#u!mPrfvECRRds1$Dx6|Pp!0chkZSp<@bAfD=q5r1cF%n#VrD^8DCGkbY#f# zTHQReeU_}3lNEk~np1Ygj%%Z(egkJlrbX*6zj%hB>aWfyniM_=oB2EtdjeT+#%Doi z-6zQ*H=A~>PRxsVq}gE~?H+C-ZV9tVXN+r76j3@z>}NJmtb3vz4abT%y#xP=VN`1} zB~<_1$ZdIoC^51Dd;GM%hWIa{AFH_}7gMVGlaFSX1aTMZGB_z-MGj@H)F_NKLvd-8 z9hcY{rQJ*uj)>F5TFzhlfo*TpXb_Kvqd_=RsdOt_48}0VimzK5m&g)f^3qTF%_3wC z*uidxIrhqf2k|~)J~&+5q*FjUfp=qL*3#IchT#j}G+6{ffKz+*CoW;L=kvW+EMml2 zHFJo2rwP3;_E_>Qids4{OeD9<35TZU#fT5vWRn#EE=x{Q=$Gw(NY>LeNs{t8FOaL( zl-ag*@}9VX!l7r<^t#lAb5QF>{CTycI#A$b)hub7tQccX#s09ac()NgX0TvwPg>E(58);F@cRE zTGTl12t4&**0EfjP`boyJX=tgig@zTVzEMuE2}^U2VI1he!}e1`1sNBCTm%f;xGn=*c1AFMd#{Mc!ybnk{J6GjddaPCr7SI(c4r`P0{eaEY< zA$jQVy@CBjVHS!7Bf0vzcwR~>`Ny$OziVsSyua_MP2q(N>5*I!rhqo03$!XcU)nAE z{;h$*Si z^(V)3M<0iL)pP9ATMopEDI6{;m6a|R&rM_de4}k9QncG}C#5`rEQU+>*nmCOdBd*$ zlnEjClVNUt#+b@d(m_L~H$fA(Bgk?ogdbujjzL2*%Yl8SWiii1iRB+kJ&3EQy!*|$ z_y&|$f_AL@OBRC^$(8#jW2-mRYf1GZs-k*udr-IcIccq`bTrw4)pQpC<)jmiTLZ<|9MQ|O_w`|vd(R?&kEP~G~3JiWUf3W|KR+lv7F^3|DFc$PM;Ba={2`ka6 z=OcSL*OgFAU2vIm+22oa4w~NzcxbS)`n0O_>5JHahm;mSr~P90$94tcgrkR|+{XB( zj-5T7tcd58+Z?ZDboWhg%IJG*PI+0n-I4gfSH~{y8OrweJW%v|o7cqrGno?I!QkHX zsb^*J(%T{8hCp5!;;TPR+)Ewe?4uM;e~f4nU3sdZ>f|_>di=Cb#!-c@eb2<`8jZ{g zO$7FIYQekG?E7!;&U#f!)mCcU-3ONgdwlH6&Ae2BMXUb1RoU-v7># z8V2sDs3o!Rw$0bZ7gE$>;#pIYkQ|fV@^_;nTwYJkuTLqB87CIHp2&P(Z%v>A;X3wen+R~hE1a*7)~?4E9)tsJcIXoLIVz?=% zV4_vpnN+y9>8iI+Z)u5WaB-8(i_4t2mN8xnQe)HCzF7ADVCSO!U5bbA`Dh=$Z~B(@ zyHw>5^Q<^M?M;U3B>ScpP@-{FTy#C1>tuos*??xJy{LYQDh7~wGYUa(f!|K*Hq{5g z4jA#ZU5l+Ac=t{Rdu-nWNX@B6c8xucPCUNX0FL0P>cB~NuY?kjt7i60u^9Wo=B5*9_H18YWO1Ru z=Ap}^ix1xsqXSYp=+{OUCQj@9Brqx8qI9h_7Qud;`R=H{H^%?)EZ1Yn>(<^cYyX!C z*BmyCP3f_xOc{2_6?|{l{OJb{jUD$JyUNTeQ2e~r1kg2Jl5Dv<&ZxA!zUoMmGFnF$ z5#ahb)mIUmEU0c}_LO_~fjUCh<%jj<#6nSxQ}S;MfS2reBS^dI>cT{3&%Ld&QfVBN z*z=KqKMreEgBf3?(Kby<-)k^D#b2IYt4`qoBR=K}VxDk5Jm5Rj+YxII`0q#@Tlwl; zBNOJ>v#e+SWhdW#rI_y8)0X=p)KNmdadBW#+brVY82{)Yl8;kahY$Hqc+$YY@vBE3 zMQ%9EX)a?YvBC4m7hG@JE~fBu%)Y7}2lg&lJM!RdIc@TB{~dqr*un(p8EQhOA-JrB z%w`orxT6Ri%&QyP-LJA#o(IC@Svd0NC(H5bCAl@m8$rw&H%Za!AJ$NEzI|R!zm&( z^9nq|Q$R|V-4m6)>qKvK54eZQha5>LTMxHQ07_#=8AvVHfvU;tb@;`+7nJkUh$dP0 z4U!s)fOmO3rF|3n%`s8mxnwUf3Tz)#-{C9-p6*Za{MgGyYW#AU3X%|VL>F!SIr&KU zBg9pG9h|UdhPw5#FZ18;{GS%aMyd11svwA`a4YcU^Cux3!JzL@VdgpTXz^{mB!@=m zzA)PfLZ;azL1h;8?rk|!kn^K7c@}{S5M|f8{q{dxxlb|&St&NPw3Pc?=2CW#oNB*s zuwqZvufx%QK0XNs`F@??ruMRO5y+0vAG7@L{W16TCxC5_VI1I?3KrH5QVcnpP_iCH z5e%VB&Jjn11M=(79`WmrF? z8hwLwZqK&k+dAPXMn!WnDi{Sl$5=A#-g&)~_o%lCb!VQHqLa_$s(aZw4ug{=_hIuz z^X(aV^%O?JlJL#dwOcO)ou?-hJJV<38pv!jKD)NUIM@0-oZs!k#TiE`d;<}`4=8;8 zh@%K*?$`Go{(eSlA1p-^=2`+15_+SJ4DOHLNfdVJIs1Ka$L2pTv$#*7S`Lo`H zRAM}sB(Q7yWZn&!7Z!o(`sdu6d*RzQil-@47P`e3t9xG^;ijb)l+L1$OH?3+Jv}xK zDfC{2Wu4JP+#d&=!feI)b!Y+Wd!P^NF58*L4L{QAN&618h{#N+{)#V@GQV62smhfP z>sNa_MsA#b#%7jzW$3~xIFR-A!i-^`Kl1K-42dU-8&4!0Dm8}>v=05u97uj(n%{5Z zo~U1k@1h@n(N8nY7`pn(;o$>^vV^|7yW3GsHw9WbgoKG%z|VfBCV0|36uxMcxIMLY zmSN$Ev~$|iv;~0#(pT!4At5+9l&BoERZxx07|03TEk##7ad#K~CI-H1vq9~|yKH4j zSgtN=<)+V5=T=403CSUBe5`iyf86J<(A%I6@ z$(h7L7*ACqQs4voM@?9JHAn+*7F|bc)doiEQ6MXteft5hMwM`Ie>;Q$RGxfSkmADrl;A^$o4fIr7(?BV{Kuj{uF#h|@0|wy)zO_gCpf z!iLv8wPQ6rXa$T`=ng46xoPFd~cJl6)Jc`SR0kYpKhibes{qBKWU#vYKtl95M z;POd4dHc^+Aq{ZHFU!DKXbttsGW|j_2+`LzwU@)=3*pGB2GeKVZQX!7eFI)mDsYdv ze9-e0Ik&I|Ts(scLcs!37cT)Z=e~|=?+&=0&6q4a+OBK9mA+)u^F;o=Y<%GmpS{zn zSjmU*xqZ6<9_6w@u7?qqqh}ErN%iTwno$44w~doKv{BZ~F8g^PA8Abskh*{->!a7f zE>H$!(rQE|D)Sxa6%UDyb-vdI0pBRb2&i+65$?$YmMo*Ys+xbn_n&pF1*^!qc!i14 zkcKWG2Ja&ULJkA96?Ix(Tmh6o{RU6}|(G1J!{Kw$e_J ztV;La&_WPNN%@;q@6K!c`vQ_!$xl*Yg+!8W9sbP4xWb@rT)WYXw1U2R{IPBD>AXfn zV~+Xn_vhBuojg3JTY}rv?{0@LKA&%QN5?T%Z1XVi*B`NchuKIQb;q;r)`D)_+5^Jt zq2%&uWTh$uR;osu#gC-zgDN2Dv8Qs?2xl<3;`Wh_z`{3M6sIC%&tQ~5rDphD?AgzE znrGs*fV+7D>x39qEpq2nx#C14<|#s8ulPWK4g|5pW7KK5#fl;E zI5<;eclHK8SYAa7oKk zopljsGc0Id*^O$lV zwWph$d0-(dLtWb{I$7X&NSDxs(pdDmzSs1Y`%M0e==Kq61FrwQHeeNAPo-yllrFns z76gx*r=GF-gB%q1et?_gnC2m!?$Pj>M!D`F!x6D(Ky>xxvIpXCFbbzZ9K(2d5}zs} z=AA)&NQvGFu(J!^d-jK#Ct(0=XWodR%(BdBXt)Mcb$iUs` zb|TdR|A=>E5Tp=k;$G)niEg+cm!9Gl?+*ODhw(K5MGsLaMmK_UMSFYViu^Bbdo%|W zrG(rqoD2b8EMkg5Aw94G?J_Z@TX16WT)lPB$O=s$*PA?EyJk1TPFWm_>nSm4e_o^XnVt|_SK9zw&*Y{mo`K){n^ryvpKv%U-OuREB z`J-_Vr7n$Fj7*OwTvrN?-Fnbs78+j5n4L^$zX$}mq5xsVt|{sYN`4?5M+{Qw9&)c0 znx2ZnZL(Za)T;jZ5DXY!aHxfU8q{4~Ifz|{59ghbKGR~d^Z4y)coJT2ui%iz z(TVHdKMp?SbqG44;j7O_#Mt||jyCq%)A;7Of*2w({N0Et|6o_6;303LGd>?`diH{* zjrRtjl#8A;f1W$n;XBk{r;RRd@w<2ZOoAzGu1#;S7LK=a5#FK1(inVfNu-FS8$NDk zG8i!6$IA7~9bnJh)^MbF2GP&+N&&OB<34;km(L!>=n}$8_KW88MBExIJqO|{--*ur zpe-F7x9)(-E=>>4(qC>zGrd~xF@^@2S6|J<*6*@ow<0kA8>#~uqyJ$n4Gc4B%y9~# zRhxR=?n1oBEs~`s5ldp_j2XLSv6;(VN7hlhXW`J%ROeF?0V$9;ZB>#n@iXAZae2TG z*o_PC$1+@#^K2hDNbNKE2^ZAWBt!WU+s*@#vs_*saP|&R35j2qfvGKMzPiqUQ@ko< zdD8ihY6(Q`=$W?#gX=|46}b?U8`mr(R&Ii7lIbM4mGeH0?LYax_!hxK{4sGaafBQ9 z;-0t^E-A1ah8k5JDl;{9Z3*hNs5_m!@M}uvETu7q1pY+>4RPO;8$Y&NVkVN?vJ$$Hc-9b%MNKxy!%R8Xs!a`44D@;|H5`_?kx8laV=f85yv%Bar+EP zw^g6RSR_Ll*F}vHp!Mvq&x(^`dMSv=BCpj8qN#&Yti`&?snvO$TesOu+*YKMi*ZWZ z<)$&bpLwL~R5R^X9j=?_Gk%ek8(8zdg}gRyu_j^TH6oS*%qN>^{Q@Vhf7-U^BmXnz7nG+6QOtLi-#`1_>&Vy!p@e+QdCTku^VU%f-* zUU}6z%C^4_Vwt zNJ*7GGP=1Zwtvo(1#w|b1n@}0L4Sm*O@=|KEi87sBZumjP{Yg8SM*~1) zU_bE;?#n8#qN=+VowhgyG(BVNfH(AYR?1Pxe$@^$|JdR zuOWls65hkEGt`TD>bhRE*Ak7Q6yvoJH(-029pA=vK?mtY^MHJ}JHuXgXtU`8%473( zSCV5E>>l0Tp@oYV2^$kn%mQVP*;hBMZ?z2SxA{2kL>RW!#B04CEOxmdu>vpjY4pZ& zSm>|)S(X0ZH307)4U6l0RJQTy#dyHjyu#HQgMwD-VMa|M273W z`@oreMlFVU{Rk>Rx!h?=H88VRnuyN;&7%vK2YlO^OnZs@RO@l=p;Pl??OlhvRwtm| znCvaPUy==q7a_v)IbI)bgmR3*YDjo(_x4cJ@24!H0eE+SAzK#4+MkPOV(e>9b{`i8ChaRX0)a1+O83 zFY}p8M82l~7rT*m-~)fvUH$3C$`05BW?R%(2C^XZK zn|GW=&f-gn6YDHXi81LdD83YxTp+x106O?n3o2OR2p88onh4Di=6L1qS5mhbC5iW4 z+$KDMVtIFazb`Iil@g_>BPW1meCbTKxG?TF<~;E};xf1YK{WK=^P;FKMm{9U-wGU# z=n{A*4G~k_FVD`I4oV%rzIo|tSP4|^9}`t;DeH0T)&@zzZ$FWe}J@t)0z^>+J#-4IjMYxRfmn9F>fSQ1BcyJyYdf(3mE%iX zMb`41+;7xgTNT;dx9xK3JwQT|)Tv&mgB~7@3zI)Iw%e17ateR{>1F})b%3X9-!%%l z!GT?&@m6N-G=Q79Rd24q&J8}hKJCiwnlgVsJo28SJ>1NPBLy zU!^3j6qhMBbPq&DpRdp4zQW^B;Wo0ZSt2Lxm_cafS0<;6emh3Rp8)b;6DFHZ)+kB! z^0_a3N9N0~*l&7J&$oO!pc4mC zgbtgX|2Vb%XJ`lAVTtNNAzK91h+Y_)W;Cb0XLN_lKWzbM!FYOavDrMIRifua{IEA4 zpA=U+^}*3gE{s3S_WuCj|C1qsP3jY{d_Cp$Ct$pzaVumbOa$Isr*xSizb?RL4Qc+D z5rcgx-;0VhqH|xdi;-L#h~3@~KJX zaD!W$GJ$D80H9*klY{m3UQi8Yel@BSQley@8Y=k5U84`4E`49=o`+XXQPjicJt`nz z#44*W|2+gaf@T-{AJG_C8mL2}MA_~}jl)ecJa?X%kM1R2zj*D3K{fz7b)_i-z!m!C z?p?Q9a#E&3XQ9wL{BVuqt)B%;FV<77^YScwk!fPww+6N0m;qk;stZ%7L=x%*`vKd< zb@&G!`U^**`3KCpzLbl?4}tdWG}LDalbxXQ7Fcxp?~b&nf1zi{j{<7w!6|4fu@eyi zk6TF}0MQg~dw2hEg-L*C-YC3rn;UQ%*oZz|F4Y^vO@f7&Kb+>tll{n99x`09=paSD zA6JKqQ1L|8=SR!W&${z2o(X8ze>m2y`}0RxM$!0R5x!qe3rBY?PTCt1pqA5(pB?oRdt#OatR zZ{rAsqfs}DdgXWKa_^oY2*wnu0Jn?amnzMb@Yi_jIEBSgRUl{h5fPjR_?*K(RR>Ot zRR>PPCtNGtM~OuwHwSV(M(mWzA00$`vP0YV0t6AYVJW_5#8{os01CoIj?7MV?!E==t2^ zK(2-sbrF~3BNp9^24%w^$y>N_9Z1R9>elA({4v9~JL=mJKT#=qg89x}DWi*W6s&!2 zVnNI^>HJ~)2ZSV8k`ek?`!4GR@ z6Iv8;sQ}P@1q1vyxPxZ(M&-T(6EH&Fg%Cci7*VVw@zt5ntyLiHsDgR016H`_;!&J} z5T-WCOspN})tJD8W{UA1=13rY$1D?9K2C5)#m7s(!~eLcq$31Mv)?V$HonlV!}_mJ z4N^CWZ!hIn(>#RdZMUNx42O=(*yW5eu9)tMzrOpFcwS*FqkkU3`Vpej{_{r^iwbBs5%@2^CUAm~X_kjTPge|Gz$jJ7iiE|Pl^hc$Mv@79bx8nN2{MExtz>M^HyLx=#b&FCdnJBP1 zrbZ(I7x|*tZ4Rxmn`ECbN;d3X)qh!DVWLJ57`JWFF2@F^a9Pdf%Gx=H)Vi!JN}Kk* zwx$r6F_T+VvRjtyFCofWmx3G|MMZMI-{;N;Z#OE~jo)w%Uoy=*{(+puWwdukZq13&J< zwRs&QxQdRCJ-Ofaw{kH>cpmpxmA(0RTMNGe)itmJfr8(Y?G+ua#{ zl+9E)9E5t0y*M5^`$pwmX)4+&c)Gpf zrm?yXgLv*VAn1?O4mr7RY$Q7264~ry1gDTqK?|lgBO>~ezl81BE-zp4gYS*&p-S+X zwE7iT5j|@B5rIN9(chPqoj>^W&>MT(Bn%78GUe9*cc3P#m6)8n5IZNf>LEHs6E3s? zF@{pcu>-olXm?%$rvhw4=EQH*tuA?S`4(0Y`Y^ujn|<7LFwS3}+wI&|{F&tw-ntX6 zG?)G~Qqphnxa~to&5{watTI(KqdWX^6)J4?{7QhL-9C0#P#?m<9+1eZq{?Qt_c~ur zUCvjZOh)T|$x*L=Td>nCAlXXxV4dvu`(}d$`1t5Q@G&k8iH_slgdgrQB{e1%PVm6} z<;i5R|BFURcE{FKqhU$<&^mQy8+R%L*YO4Jx-zu`(9I}au+!g<*h?vw4v=Gy89aFj ztc0$7!*DSna@Z0ymp;2w5QIJeAj>yYf#`JRNZ9c1a2x|s<&fPY_MWFJEKg(gU0xM| zVM_J%z~gIr9S7WY8qJi*G(aJ*F?wLc$)=Lk9<-z%a}W)-?(M&^eCr1zMrAY-lF|zQ zIPpFemfN(O#+9DP$xexVZ`8RqF#)9+>Q+-0JOtG|j*YUeUYIv@#SSoMKx%e18uH+U zs1!d$Y<&0JPNMSXbAelIdL-WAZ9<}+v3W)Z2SP`0NCWSftk@t*@k&z3Z`z~mN||vn z{EcP{FnTKUXXzWuH7A8~R_Vck^4j>@@)dn5fp?L8THi# znju7q_?2>~7=Mb43qdo1f#{9w7J}GNV{V?IO_qR)2*wpppwanYUG0PVk+xSQ2w*A` z(lowiTH9Qe77g30j8&b4%$kwqj77uuW~p>?T`dghrlE>c`xGmNziNqzW|hej3m|tS z#4-$vRs1YAo4z)GtX%n#sTPueke?WuO&sVUlushJKcOkRzs4{YO`F6O1--h z#lve=DN!~K)Fk3^A_Cp5YVVWIRio7_OxwQo7!XgQQDd( zb%Tn^nGxdI{Ubc-?%+7en`u|*;J{o9q`MUw>DBv3@UK_^^8wBYodCHr8 zjIB}T8@0W%0_RJ-6_;n&u@-TO>^UNS|4=s=OO;v>X(ts@Hg4$PYBD7Ks(ZUbQgj*X zUAi@t+hV|^UK(;Xpqmy*BtAyUsf2`;w3sAqdJ03KNf>J~L1dPE33BdGAygB5SZc1S z%E8zJ&t|Vn!L{R6dq-I!C?T~29PBXMP&zb#P z%bIm79)|jJ{kKzfPv*}N%^CjGOpG*HnHv35L)UXu_5L4soTKmU`HgIMV zF7fynS%@E!?IG}{C(G_+?u7(qi}33}0kL;Y(fbnf{g9aYbkpF1BV1fcH^d@t zMa+ZQxpR4*it6 zg}vXs8{d!hQ$o4H+HlxZAfBJFPIVf1x_fXOZQ9>-hF_}Se_$gB@&LZw*+4 zNmiq9uglJQ+GPLG5@edw~#)Bgj$gCzAKfroYO~9sGmL5=lZ+CW_*jY0FOE zF)cwb!?mA3xHDnhj>1=jd2As@1%HQ9ohGZ$6;Ji04FJ06t@Pj+o*S3sAw_K>4<+1T z;Ci>T%!9b=xfN5oD#nydoEv9xF`_X$#%m0}*jgvHhhmqcxk9?m@86U&iob>$h$dlo zMr-bOyjV4!HNnD2Gp31`|Ck?_Eyf3Kxau!%TRbiT-3VkBr<*~p@P{1YM* z7R@Bscttp<<7~5TE)GfB>3Jzpno>L@rT=i*WA<50>;lUpzhPXimMooID1i7GM%)%p z;|@l#SQ-&!8<+<#KXk03-{8~TX-6l;KagweHN$`1snW7!Mb1G44pwB`r<4vW-H&yf zB;TlzRzM!$&7rrJIJxcdXDFAa0mv;L6SHck6z#m)FeFI?^|a6NqdQ^_|A^jl`wu>; zUBl|Tco6206G{9|NGcIGF%#>dD%k_~jJKr|QK;8QTa!1Qc~_AHjh8NM_mLPQVCllB zwM$TZ{rtT|D=OT~o%VfLTPlVc>+wyM1-|6Ld=rT69*?sP^iZAT{hk!+5 zMej*q%zFUekLh_XXiQ8%`og~F_RJZnimfy5xBjZ;A%vDdpfF)n ztUBQdG9BBW*4nnqB@=^Pfbq~ z2KJP{0c8Q)TQqT}$a`>iMDu@vocPOuBR89GG7O2998*$CH?ElD%{NNi2ydiqA#IgT zxvdOrjKx#O_u`Iw$Uv_82C`}lS2);_bYV+OmUN_#MYNcc+M)NYX}6MoCUooa$}*lx zX`--7?`d`*sc6ugB?CqCw|xUn2G^zeEAhw6-y-s7pVhuIuYN_7-1?#E_rfLl#cBTD zIn6L{S^>CU&7OB3DHO}Djpy|-*l|Yq^wEQobe)+YD8_hlU8FnHwon>tFRD94Xw@Lh3~r913iQ;0QbBCxdsBEmc1H2 zJF3KRJ4jlAD!XgPdyFYzp2IMvG-_V%tie?jI$o}9SPWyBp5XY9eI!1L2T?ieEXYZ9 zNn7&S*d^#tQ0ZFXao+UA!VnV@6jT!?)NS!gxXlSOZvFg+aKL&lIF8%g^W~u>wTL*t z&@H8OUfv#u$A9UWB!)JlZwT}N4y8dw3c%>nUi7zM`lm$=320LW1;{LHr90@N65GGX~$JU zpYqqfXk4O)p!8$=+?X*z=QPV*?k{(KirOQQ5FddFCG+Dv(u`^G+Eb-(aUB4A+nr;V zdk=F#RtiBrA1pt!@!}nc-ir--H$R_U%t zL&J_8%!zs_)%IuEG)>evCym-UK5$GA$4aDnbC|stg3&Z)bZyA;kYbp|C^-i10yFxX z#Fgd}7}SU)mO|Om3_aHi5o}$r{8OUjs=6TeH0WvxF}&;m>l z2WAnub*7I(pniS~orp1`ZO!ixh+rDitlBUNp65cG)0vmgLyV`{@yDg_Gf|w{io|Xrua)q7J?G_ z7*pb&&D~Nf#|MvvZAicPo0_Ayu)2@U_SMKZ>U+ft_Q6$*Coidb?;~D2VP{AHT%Fp>Gy|=90mNg zd-;o%V>aW3RG#LtVeKJzzBEE2XFd!sBQBjLM%#v;*8%6`%f>0(VTIW-mA&-ii4ShX z>KN9D?RBW|_2G>5xc~XZmB-*WXm2fa-JWYaibZ56oAF6qYT*Zf)7&gZ`gjgIe$on_ z_MTLk(VZm+Qqw#{&n=fcxMk>I)Kxc2SAa!NAgmB~P^awb$B}8&m}J)|j?OCgTr`-w zV?sO~X^IgO9uZ@;*Db*7or3$4K24ni|rODrbhl~cv7q|O_g<1 zO!9%F!~#8OWr}8@4S^dwPJ=o1amoRP2=m7DlU4E|V+)>Z) zx?Y;%*0T5`?Y_Nuz4$Q04;TRgsjGKDZXTmCzaig5jUVf!d(;_TjHMl`V&x-SKBnaP za56rGvj01f9_g#k1*-5dhkndo$l0)>FSrfN253UA;}Fd*_eMRD+pw#BcT+|k=fEcR z-b=NZU$On9DFr*#PcJLyOm;OtPt@4uo}?`&qYRnULcx-q082YVe$}4a)9{h;_|vC_ zQ$_an;sv|ELrJwA8v(+jy+Y1OHGufxGWoW`zP^G2Gl_KmTb*aei3g6zsO zYynLR#MfimFY4$!h&K>#$8{R=iWgwa$a11pjeEXdkTf`r9WXj+7{lRu2hIg+ zso98g;s1{Y4d4vm78W+_N?j0;qPy<1URX0_V8EM*^?tIsy}!h*xf-l5c!$W0quGil zsJXHNBH0X%BjUIOhFI4v!;ff+9J6iw3x=DU*$F`3eXinnqvd+D<|QXK-7>J|m}QN6 zf+v9vLMeeOlyK=a0Dt>@#Y)I$+-j9J8?wkXkfc2)i5YQe`rwt3wn9!n*;SZbrXnj# z6ekxBEz`D2o=k`==J2`g+iP-FyTeAjVNZSPOM{`blx?BSVa}x+LgPHBxvYY(4@hF< zSWH95*s;#|^(E(SXa#!j<9q#y-H_Z#{%Uk>&u-i%jXJSKj4EwEN%3QI=s3G7nV~u& zLcRNKnpLhB^I)fKXY3`~;P%9Dg*@+A39n19dX?z1U=R>j#&e7J0mhHzaPOuPiX*1Vy1jKM*G|hgB-GUaEnB*bjKBR5f5va+;2=z!U4Nf(!VMvzLcVB3ugPl@ zJpVWcyF=v;@{i%Gt(}0G=Sw(OM#>nG{Ju%W7AO~*FjgP};Qx+Z{Pl%YklbJsyam-0KrMINae#|b$k7R1VGUdqErzfpXa29WO_4rQ z6L@d2;2MtvTMn!pLx#k1E=If^6Jrp{GgWElZRA8TOZR`f|MkAXVd2K-p%fR|%VBH~ zV~3;@Zu6)NZW8%XFpA}E3hc~`M~+8sjA|@)mr-+W*Wzw`p>XEGU8FXg8SOPQd`%EVzo`w(<8T`=`l2 zHc4F`OpTD8`7+jauXzmK3)R29i^$ZU3UkA7(!En`9oN)~|F_ai@5;gcCG)SV2iBj9 zTbqRI_hQ5r_!}Qy$S$ex=02eW)|9{_RR7B(6l019mR;tat{JTiyloAmzzHZx2f4n>_1JNI0R;?4 zpz|z*eA-6Fa4xPQ*K2*$%1#4Fm=ZPwlYr)O4iTL_hg-Bj>~pO~4=&1q`SG{6yAGu# z7v_#g6m$DnVO)Dq(1jcK474433vgf}8-bgnH0`JV5Wf~;-X~PVBi`u^X=Eiv5 zNwqTvHeUvgl=e@nwp}P)<>I!Q>c5u%Y2475nLZVHn*o?N_dR)#3ljO56kGRtyb;S_ z0}=j9^;s$5B?Su4AIp(2q{1M?)c~EUDyLX1Jz+9EFd0EpmiF!PZd)aPh|7Nl2g{^# z^PE0lTe~qOl6UZ++!|_enjK75=xPbX9yFx@?m;z(9d;%iwYoNk##9_)wLZ-0;`B;U zC8wG_uFT*hzs1}}u*6bX712|hwpM8=B47lUhDX0|jOgt{=A=eeS^*Hu2|8*Vy52hPBIOVA=Dg{l2^^na!P!zq$tO{2e5@Hy7WHA1H>kjc~X z9-5#>+II|FMa6-#zc_TxJx+fWF_tI5d&us1>!p^!75dJ_!#=^~n*`;e9{kHU_*1U7cmf%`_Eq}1bqXWTV<^ov%?}YJv(|z?Vlv@%+L`Pq znc9DmF?6aBXzs=Vr7%bq>XG6_}-Yd`^! z4LR%k!bRr`ph=NyV}bx>f5}ZFLhBRD+s4_~TNQc>ZZ1f<)%W>6eg(Wb#mP>53X*QA zpX_8zK}pfHl6O1hOkpCD0sto#QM|e+=H8Dp#OXhUydd%cE9?VY@%z^KR{!;*ItFer zzQ1Nar>H+gV@5PcN&7+j{%RHKlkJJc5`k167&mVdKIsTzlH4=xw(Y&wBl=LhCUSX4 zbZ;&@qN47yX<#YD#wG4?I|6dfN1~wWLddNkyscXT1vCvc0JG|)fFUT-{td34YPcNm zh)jV_oKUwSk$>nQsqmO*-#1UZgn}EF9|kY8BWGR5g}@ZDM~l)cM}BcJHQk>dH|&O7 z50iqbYp3colLll1t_ifE1lANGoseSl?#?jOLTQhr8EwySe@gdg$L$8|e`GOI4b@Q< z@Xt36cKvm%L4@gpTMu^#LVHja@jGZYY#g#~MpG5k;Ml%-+#IZ~;~%o_H=_?D#?*p- zTb&;zT95Fyg~S38I3G)8&NmFjsd~TPnb=_(xBnct;rYVSLaYzoY&F*ga=@5v)Y8sl zPu5igPTB^87X9(-8`^whSphxqv7>{bqryUq2-a8_e=Bpe`tm6~yScB3<^jUB)2y%b z{w%*u>49O5BfKG>GnBIDFlNp?b+lJplQ}C12}lQEtfr)X5~`}BP`>%Rsu(GiEqiU& z`W`0ZT3!0fFfyVGBE4Ug5y#%nqB*FoPWT*%lL1(3XTr=kBXH~W43{~Ov%S3viKbBM z38EUI<@-{|f5Gl=EglMYTY9su?TO2b1Rm3OAhk*R!JPHI4yY@RAkyrR$0-~obiwhs z-OI7$rk3XdmFLH&z0|L&4@gvoE0aHD4*0@9?K?Bnhy?A@rOWtp*{a8p-cZ=!toLdYqh13<5mcSUJA)P6ePlXC;$zW5iK~^1mY6 zC|yW9xR7NLHVmuT4~cc&p(_+ASGRfedHS2JnRkBmYW4yYn(+qbB7HH2?QfRug;rK z@$}rle&*M4ctM7_#6nP{zC{vgq%f7{y&n29D3}TiN?9AX~^&ZMgdiTtly0BINCU(wX(-vk?pP(LelAxGfb? z4>Ft5+yf(31Dn7#qg^sUHe8Box5M{cmcu2+pY51Xp;SV+g!#9I z7*|+(`#g}QxWqS28M#mOL49;Io>OXB`r7h6kx1f;W?k-y1--A|Qa`JN)I4NVG*&c= zauvS)HYuukk*G2;zcAZd(VUy1Mdw@ky6CpI6o$!NBir-2OqKZ*=X<(E`=@gc9sXY9 zJ<9*uT<^@J^604Dpzfe(x#jzu8x^(KpK%c`O~2&69@txWijRZRSd}-J%f6$EXHY|= zM_JqGkM4q{a%_aoDJuDP&h@ap9(Lxtj21C_5cIiaV z^g`1`y`N;^IS_L5PS{Odhp3L)nQ;R*4>pR$Id~^@Z`}V$2}l>f}8REBJ>I36mbh9ZQ=6!-ng? zvAp!KLnK>g1w>>0plBX|i`Hk#MYQV^q-k6hzR=Hb+9NY{Z+~RkBi*Ch7yNXlKG!&f z|J2GVyfej`i)ada!Sk?OdA0(0@R7T{v@Jd7g++SUed0vDTCwk%LVs;YcdKC?2`t{} zVs8D0LvQ(5M$5{Q{?9W<6q0qHWszkXG<|Rh%8c)@+bb99vtVzR7 zfw-cWZDc3?fcv#w1QMbJQ;V}+nuuYuqtn2&)m+mas;q99UMdPS(qw*TTuqgIf_ODC z$F@@8M(q4x^jb_fE6e-s-Q)*)v8TUpl%t;s#I+!3}O}QezG}FW9QGIvmYuiX)BB>+^{MsfD;9viC551H>_%5%RDSGp~%O;VxfdI%`6Hu z;o(qF&Sjl$-LYA~q)6t+J-vImk<}_UBZ`N6kH84g?_X3Pgp4I&ijqB)P(;Q)V<}`QRA|VarHIIAA+nSxM93B)d;jzHJn!C_ z_c$ESp&sJC@9Vy<^ZcE^Mab-Bsz|H#!&u@j`V__3k05(?p-U|Nwv*g854^ilZ~f%P z@L&}F2k`8^3Vh`&0-u9i^J*}Xjrf}K>gxKsP0lAZs5#b;E{~7>%KBpaUu?L_H)%Kq z5Nn{eD4<3PCl^ecTM|Sbk#^T`NzA9HE2*lldUkM(6{O4v2-5# z_!=gd6NnL>?#_bdJW0Cm5Jl%5Fz9!C9ifJh58~v-cK1n}16hI{_Ms|`$-E@FE@CbI z_4&>mYLM}9%{$AG594q-Wa6nRW=csB9u3+rWjYKH= zXX`zG7ovtXpZKHGo>7y)Yo=4d(x$ig2_$8s@Scw&)S4K5y{_k(Unf|69swhLHYY}* zY=XXjgk>i3z%Q$I(9lYYL^X#6KoJV*s`9qn?^ViDy+VN0FbL)xc0dIh=sD#epyI^3 z|5)-T5CNLJLJ36g3YVvg{)KandNXqRW`#55aJ(kTW*U;)e34GUKEX>b1PL2FR9xby zReTD=ZR}`FFKAp4Id!*pmT4ZLlJqkEoDNGsGUTvV708wcJqj*cl!1TR=!WTf6Av3{ z^uIWN2)k${oObT!BS6`5AojeIxd~x^V;sL&mm|n_?-BTJI$SqK;f?tdqxbB+{zJG$ zuoH`@@eK>6og?yfb_v(AS#T0qoo-Y{urU!O=-E5fG3FxNxV;g=XnX#g$Z-t6h%>^E z5e!~5U)u}B};F)4VyfmOOd(&GkN*C%Xa~X9XVF~fYKr4v< za)Vq%ZGe}rAN`JW5ex!K4xv8`-PB$Ko{>pm3**R5o}UL^c9%OU zXAlp}{>BW5uzp}Vya(F7f!kAqfD8iO%_#r3Q2kgD zt4H{sUHx^4R-aQaC)RDZl}m>AO>7)uicvg%PcKrvfATT@i>aV^S=hnoWjpjE*8%hS zd_t65$d{T^D^26{4rflZU4-P%?BCH@+=t5B@_+qV=A+rJ(p^pQDt;sQ`^l`&wA-n; zC{P!rFuqccgmJG8hj0-mM_nV+2PHqX9t`(%D!)Ew$*nzMC&ZVLbCaPBg$I|D<25jl zNh68$7YH**gGIg#L0%@DU3aHQ1QjhV=o7(Yj`kp(Ig)sc^`kC^W0DqSo+mFBAG<^>QBaAs!(-MH3p462}-C%#NcQKVC@Oz@sbN=Z%E9un0jtRF6>59C;n=SKbNl zE#qm3=NP%()_~z|f4in-JS%$B$t+r?jLkfcDvFLeBqFaL%S%oPQF>A(a)We)%AM0h ze5W%(zy3lK5$4}lz<88s<4-Ma9^qX`;|SB7TaJ+3cwM(A_u@YoOi3xU{=_x9Y$Uq;?XfbXUKgUx(w9 z(6s}FBk(z~Nl@Y>7BT2tA%ZR`gXDcH(c5Nre;GvL6Rrmg6KO6MP z)gxfU@Q<6m{fQJWROVscU8j+khg5~YVYoIN=S_^|f`Tl>chZtQ;@dnW-j?%>GId2P zMUn7Paup9jQ#hM^(zKK@&pM+n9}4#4AX_kitaAm#HiLJc;-Q?%1fncDeMLgkhjwq+ zG?V@t;WlekX0w|WIiC>&if~rHvN#nm+NS0~`i%0F1tW*Kq~?4x2lvNIkbsK+M4W9q z%`96+Y;qEKfFLSeJ)IurUs2+tEOu4~na^kJ^VykwDmJua%H&7o(a})D#tkd)f zO`<+#*P}1sqKI!KS_I38xGHGbZ8x_D7}443q$#yth}AGXhQ$C0^56|1*0pn;1w}14 zL#s*z$tg}TPxk9Bo)9RNYGEvUC-q^%;%>9Z4`SwzVS04vT&%#wXVj5j99Bxg?6HPk z7>Ujx>akItU+=c9U7#@GK6;bt0=x(uvC?Kt4R;2#*zK!3%B^x0 z^YXE?kN%=CZYycvb52AY+^BY55qUm1Te>K2yzzx3-Pop4^`r)wD9Pv5iq<91%`^7b z2o@=owyzmd+4Bq?qqEp5I_FL+D(d z7a?eK%TAQ?0)jI_j`3lNcQ3!)T7N*4(^AG>OQy=G*I8&N=-_h88(jSR$&|@}o$GoxJWsQ%Qx*s0T4!RTmLwF`Dq1f># zVrru~qQ;x_fHmqx`U#?<7#4`t7q!4npjpRU#3U%{A$8#w0|wPl4&%uuuG!P**H0Lj zUZ{t{Az7u88HQ$&*85_rHcTJ0^|N(UqOAH5nF9P3RkUodFK(g6 zxJ(F$9hKT=H~>(PIuN#5qaTF1h3WlGcF9yiuh#mRV{SEYFQq1FL$M`o71g{LvGfaf z68sGQI(fHYHuMR^6Q1E~-ZSJb-#tN3ROf?fli4Fq@F-01u~YXidSPvcDW9`s}4u5CMi;r$|SFN=&2 zt@WH3YJ>}LOw?-M-5h5l!}Z=YMSaoe{iQo01d(U#ctQXDhG5x?4RaSUPGo**cy)UY8_EQktwJqI1S*M6=uWJ_SCO(*dKYDzPOCOv zv&;jkbfs+gyxR~K1sQB_XAa^&k;5^wpf+piJywfI2e5)Utvq=<&^yR)0#Cp(_T-=+ z)OQv3PV!~AII4{;#&paQA;2S3N;qM_D7u6^t6$E7y{4N8nlnfh=} z&m4(D>`hu2Kes7OU^6qJ2&H6G(ZLd(Y#5`?dQfAhS?ku1S-S3IkMW-Fx*t8 zvO-G3lb~TEJ}5PRC@yVNQ2(`#NPFO13Zj{GM|MLgW?FRF%LJi0#C>4u73ckUi~t8X z*UKoGUqD5@YuxNMp4o;fSS(%M(a`* zz5o6-3Imq!Nbgk07CsxwYDAEzOw4lU>8^E?47E;rVK?lU zWEn9l5cXAfbXo{IlTNaQ*V|&(KI!1mT1S(E&6dzs%MUstW9$sJbU17h)HrEz(KvIl zvfjM|Q5Lz+xoA}(0V~NXcISCIn2WkiTT!eXe|3!HaT9U`^)C8U872s`yUX97b^cHnQv+3C@p4qblF_wQ@jN0_f;6L!_Oh(1F z#w|}i)H+5^A~vmATwrgfYeAOHe)pYL0=`f%I)f2an00B*3#pT8T|!%8%60F}|YZIQbQ@L9@0c9R*`|mW5sT za51sBLMS_Mc8S8ei^RipBcCk_C$_bMxX+nRmf+Oi1$anjNUI5}Jw@ncxiww+8EF=ZL3aA~P;>q&%F? zY)6SY61nlF)8J)HMdSus5qB^8uaV7a=1>-SqUl*y#~%)Ct&D;Hzj798juXbcQblL_ zPb=S>vChHXy3I&|dPDbm$*siOLYQgNxp*P-K~zx>*f7a8(o9%`>C8~eo{=z|F#Rs~ zJkqNYC_m!6Z`3P&j9C$}x%ll(8n&AeSvZehtOjQU$j zk~x(?i;m^7BQEP%lv(XFPsBOqiMxrQKfJmn@AmfF>9`|j>k_Ce%aU>(0AMPcx4FBN zVR~VrF$fquTK)K|UZvMxiS2*o82_UxYEFZyD1-J<;C5ByM~8*PCF0tmOTlM@%H#CH z&oSsuGZ%GPGIiug-UQ68lia{ZOY6u8>Z2c^^|nY6 zrA=1Yzn<=Z+POK-FiEpl?`7!J&SAaumVshgF|G^}$xf9~ORXs_Ih=C*<{PoyvQrOH zjo4^C^DVQddOObj!wW#QwbN7RZNvn`t0%}k6WMf*HGG0g?&&T#Dep5=_^7xn@Z)W_ zVZf+L4~dp7$RcW7`}Y{;CJ72KO(~+cKln=;5$3O&ik&Z6{N5ugyLPDBzT-b?C?7<9 z+=j75HW%SsMoufje9;z|!F&k!1rSI%Iz@e-2OafP9v%D6&~OVWSCJeBZ|$`wFo3cC z{w7S&Xq1htmT`xX|GSfIf%$zozMWAzGNyv%*EF&>$x3;&qnpzO>L{S9fw0}B2bGMi zkE8OAb^%H?vvHb$O2HCXH*;q6x{1GlVG)$KjvMc_@{%?KM%%vs8+c=n+hF}s)CMwWrt?OM1+Mj z)aQ$#-KRLwHf6^t505o;v!ZZVI!0D{`ox=BO>BG^M{#rEcRNORjbjppeJ^J@>?4`* zx9)M*um8a@*VKH#DN-m)^bMQ(YNaao%t#PU1pV-I@RH?KQyX1$F0;?vPv!P<{c{YT zcAsn~Pq+zlUo!7>9+s*KReCP5?CML zT~#m$*Kto&2{;93@Pzj%tIY}475q1D4iH2j4Q38D* zvdE9JpFf_*DZShC*^*Vv4i@GDI;*0=5hTnp-s^q-cR~~e$`9KM?}d+bmF*D4-w?hovnBX7e#l(ii z*46{C@*1(o0e_KKy;X>lo3qIs4pTLeKF*u>roGY+0;AhxhjRNM?iLk|m76-SgJnuS zam3<3YCd5kPH^==mmu;O*$&X<<;&pI3sW;oXt=N(_`HUDMc{;>puM|)`}?{gY21wV zPaZ-1QlK=AdF3>?ALhJ{HIX~}){bRoMb^RmcUZ6iQ>h8fP36?L_RM{qCR;C~s~$Ku zn+9%sYy5M){OQvzvVBoEIj9O{NHV%K8@?`*lUN|}Svjb>I~WGxY8=97H;@YX3yCFG zf%yQED_sn<;cbG%&ySYDW-xlHSrIyw7l{8GQJMWGwQB9KM_Vy~q{b z0~dVdd8aM%dytsuL7{MMbIQR39RI6s0-aW{mJ68 zLjIb{OJ`gxXJ6YLyfPd)OVVTYMmnjAu;}JjsYcoYpp<3{eFw7~=1n$6oWtmhzh#@ar4w+txnigSR#MTu73uYsoO>$ z79ogBB_J@w1N8#N-=8DrHR7R=QwEc`Z#ci)fAnEsB1GnT(0S~%EsUXq&xr z9*+5%8?5S5z!3P?i?MyqV!(}?D>J5Qdo0_;C1__NO00 zC|Dpq0N%*|_0-_5!e|MPvC1(;m}nYb5L?1S7e5RE6LJ{Z+j00OMiHPd|J=lp{bD6< zeG0$8<+&EIGngMf{lIwdsWO7$sT@ocZx+^ayT`f!o6oVg-iDP{;zrwZQIo7Ahv^KU zYT#IV;?Uf-^!NL(i#T!-{&?_h`)*K}f&fARKFiJY@HLoh@I1NDBctlrM1QKz-yNu< ztu?@#NPlxo*Z0z~?Gi-_9$xqe>kQc1m#xHxe2r5@SA!6-Tfm1Z^8b0(y2q~@CWTR+ zh?BY2?p3jps)z?uFrQQ|et3t7zl)LSKw666Q47WGV>SR@v6}Kujo;!VxorVg4b1yC z8+L!(q~Bl!7#lBW z-lxD?tX^5>gEhJo+-ip|UmUEhoa%e*@MDG_DnlP(rm-Es>tVga2V_Au#6N#OUD~%E zI2kwBzx?(GgSrd!g9u#>SU&&j77*2DwUyhPaBPiD$}A_`@1@p*;~m{e7Gg@!qkvVm zx-DZ6l_V08h(`hmSh(f9K$hI`s~RRg0PgyLGW^jec%z+l3t;pd?+!$s@=vvXkJe$P zA|Mov*j9k&h96k3yz<8Xh`aE8h!>p+W6$wwp&#kpAsb#_z;!0Cr$e*zJ7VTBlM3D% zhqF$8coMX_U^Ncpb@JDNkU!iF%y)b;cEH&#g6*Fa`t^;jTsV33VXt_VKdj*60xz!` zP|=-5`w`RsI?;q9%KzJ|YgAgbAjBnMu(}F`21TK&ApFkt+ozzGf9RZ;Ce$E5aP;KV z$rKu8uyQa%A{Lf89{Zn*rt0b<6oJtp7`hMPCT}F$l%I>+6s{(j25F?X^np2wFo(HL zL9=%^OyHSMm7g;SfUWe7wyqiyqvbwO-8s7stEE8$nrnMFA`vf|vYYW8^m%;~b^kj4NLsK|H}-N}*rWJ3)ouXDSkn(raJh~rOFSnW=w#bq^KKL?Cs-ZZgP+)k zuw-ifU{w;=wY=5 zA<=sGf&(vgQJ{p6V5B9`BN9Kb%45rwTJ+lj=3-2Qn?(l1bB{E+a*i#%s;P zk-9g#;^$7S~qRjMGg#>C0B%cXsCX#tJ}GNgU!l z-sYp}KwRNNG|V2I%h$GkX5YF=T8nBQNxwWC!7~6u-3#tys`B(2Fl>eO7%!81zE&(3 zyYwYF_q&Pp&ID+A_#sSe_a<4R2UG;Inqf((e;*|B08Wzs`z}otk<_C-fBbPu{3w&s z@S8kU6mQ-FbMd{TtfN+s&Esg!e?tb~F;8_WI3EI=5X~i=^AKW;xO-mCDJ9tgE7)7{ z*<#{VI3_O&$ci}v|ES!2WB%%K8{N^q{=q5R{Y(*F7dmqy4CR`+oc7H(i!KFrnjF)U z(1u;i{ZC%QBM_ViTX}hy-!jcQ@{t_qy0$nOZ}@R*bN!PhQKtV*4e`f!@C=z6tb2k@ zT>Xi-cOwwpQ5f@@7BIy8+;d7gidHV&T%(v+QXIwC9MF7<=P*w--3%`uUF`m@#N;!1B(Viuc#p8x4cT%6 zNz$6`_TKF?*j_kE-G0e;^`BK_v^DQub#0!WYyGJrWP#Bvl?sG-jp!g5a~24lWnkg1 zMl{rZ5Zl|E|0AWW14Pnp=l4ZjghE)Q|sf_fcK&*LttuJCvP zsLC24^_$DKt>IIkA9Vc1s#vSG42BlUdzV1d_kqtI3DQ`)0`@yqRlO#vgM`Ulhz~@P zB_?96%xCNvBCiTSRLU7A!Erm+0LoZnVeNzR=K~N8SVhd|R+@pF$kjriCR-uD`n_K|II-8zWe&t-av-&h3+V zmPZVMVeUVP!P@8yl@zmgYQo?O*V$S;mjZr zDo_0i4)bK2l>V>#q`igQBo~XJqfe<$%H#<+vFLJH2IFJ*hlN(Y<0Ny{4zply)YMyZ z1`Rhw0AS&WQg#FKt;fW>dsX#_^L@;qkc8zSkAVrcgP)#wCfEo`FRX|}6y7#B3y3Wv zZ$=Svgv;_DDn;xmgx&ctf!%>!>H?^EbBe$bLz6?ZQDt{j;o04C;T-0!5WFXmjHD>~ z*(kzn9Wlj6Mj`T<7kgQ2j)+9ZtCX+}QA)8G`{j|`!c-EJHbwV^ft`2X`3>-1-2=d~ z18<{)u>z0e>8-C*!WZ1Ypcv`=xGV1y<&Ntk$5xs))Yu&QH7mi!52zzCGDsktm1NE|NgXj?CB?}h>HIKteL-pGL<=H3LUQqABsO!x5AtE~wbG%JY~odM(E@;P`))JG^$ zeFBzH8uAhf9eFfMLDUgF_#P!*GPYs>=uZQHEj%Pr_z9Idu;~uMCEQAkK3hCd&#ZMQG#k|t( zVrUUWU50bm2XbqC5LpxwiB+^)znP!o3;^UY8Ze1B$s%hiNi9R$c-Dg)^=CoX{TwVutYxdmAT+O1zuC)7dO$MY`KX;9Tb z<>=!9d&8n-9U>S-P}VNS#E>7z7GBxrs^R88kKmo#yz;5e+(?1BJz1)rSy$m`lb0WX z#4tJXSmOks7Q&*4NT6AXr!EN|Opw{l-+C*$7o0U8|L36OpBugi+479Vy)R~H*+son zWdY*ZXl-?DFlSd^0fwCsHlReO-7@Gx;DwC7x~(`Dvbl8X2~^L&;J2xTyyE^ty?N>* zL{WaBTlFxfFIC`Sc_!M5VLBwq~U%t3TBGWc3Y z_ifwzfb!k?leJJxt)yv&t2Aozea(2*6g10hsLHYRyRcCMeLxl3rpZG&^OMJwvAxqD z%Lf5-C{wp8b;25nW>o4N|M#N|KKDU@i$s zNh_r<@E>T%U%dbc`Raj>oNEG*Xf4VzLkrRtf!gE?YF$jy<^|^Bh|?u!ojc|6K``!m z6iLmrrj|OX%0$S(GY#)R++}p5a0P(V*_fU+-_;s^n9^8GTYU2LnBm*<^~j;q1xYHRxlvaGpFEdjK! z6+8xM}{smVt798a7?o{_Ku91SC3DlM~~{|AI}Yh04<`2l8+4L|tFpT#u2BQsD9ZtI!%)-+e9s_C|IG|(uwhCUo7<#r7><5Ms z!N9gNyaUy@YsW1qv!?I)KnT|W=Gn{u#-?d$9l+lfF>2gb$0m?oIgE=x~m>j4lZaE))}aGxOFoB%k}!u-$gm} zE)`uiNj4DlhJq--Sd45%y1D`}hiBcK=XvKwTDpc*AxceOlq+MhvZ$l+Q4HqpA4iZs56 zCG-OaT861>%2;mcyZE^-9`n5cQ@wBhj~WYz1x9jD*TH=yV4D5o0+M%tbPBf)d4UIA z)RD?|t_W=pbWBU{UzgB?s5Az?-p=oZu94h(86-J)d+|(fFaRh!J+%$>{9BbW3y;Xh z<>W*F{Fpeoik(m>`%kdwbQ*Z|s=%)pvfcYLgEIjXp*{$_h3ItP*r-7ktUZKQ z9Jm>(F0A3Ry9o!WTKyS$`>a%>eS(*J;IsR8dr%cTZ6kKS&n0(3^5#Tw={b%v<6sfe{K0Gl8 zu1d_O@&j%GDEOm=GEdQfKxd7B*-J1ZND_zi5ng_z;<-3UzU>^~Rz%zf#^|jS56fg;It~A6FT^AP zEFt}Y;_nRyfa#kkKkn_~A~Y2c-Dv6diXyqRf7v0Q`IKw02f*JpF!cS883-u}UM5os z>}NFDl5pvs#tF3SB|YvZI}`!vMwd1{o#iB--5}%;k9IJ1P1aDANPO%FoU`R8*1Kd0{$1`JoRA2 z+N65!g7+mlMhdW-&t0_mh>X4=er5o2KJ7tbH)wgvo=YHk8-xdl^&tGTWWlWD^LB88 z0|jLeASF@jA5U6AvMW$(vW)@%TR-~e1U8Rq3-Qdc3YT^sBSd&mqX*7lAj;5p032N% zM%B$%wY$*hGVm4FfER*|=Nq*w$Ln0@5)cAv;JrEATTl%wiWu{__&=*S9AZ%}wnrOh znhpKSmt;W9V}$))Nk6Ox0jcW$#3Dx#Z|x*Q@)M|B_u5aeLghM0;wosQW1zUk1(w>Ic~2OatJ`^WWbHp`uHT3_R5cL#{?pAT^y{*^ICW)OJMGIEzdv zfEt;t0flm2beWoatNA_sDmq+S?V+pnpp#0 z5gEV5_v;$(G}MtHC*xa@igW(OxZqi!O_${>2pXPBJ#}yQwT=16$_W2bt#LU7+fLfF zUVb>kxjeQC2@v058h2JJ<0pW+3jH^7i!ys}Sg_z;*g%$-)NfUPY1qXGc$YTbw0||Cl zVLhgrOv63dOvh0VWyl>fy?~wF2Ob5+ue+nu&}G%Fh=KQP9Wq2f(g>Nd5s4Mdu--vM4t< z#+kCYDl)5t;}D1$CI&vpq)FqZXBi9?`@f6Yk3e-Z2@^l=pO>O=%JjX_T(Z*#k`JNU zUXFKz-LzA-B~Asl^?#U{mt>~=j`=YbNk~QptU&El9qERiy|RN$jQbz^VeHza+~NdKv*sT#Fgzz62TZ50h=KGkyx1EA8SmJn{+#)N3=_eo zP#=SvuL*q$pWO=13Ib@J+py(X=DKn=7nI#TNFwnghlY^m(t$5Ep6!79HD)O8Um4L7 zBCdU1LB{wa*7eU2seC$S#E313>4qY~BL76A<|FH`+p4u-*Z2Ed`M;*CdP1y%n@hIa z){&Mgqk{AB?tW68Tzxj=8>4lXEga)4vV|D?Cb>q>%CVjokfp-{I%s*xKkbrO_F))L z1cg8#fH++MXjyY~5vPX*{f;(t%f7j0UsysQJCk6iAoUxt~HC)@!ky3CjP z{8rP=sCCfdsfD_j3>1LWW&agq{7{E5*AdH6O`ese=g_@)l8KFqvL)ww5sRC!7%ldo z;qvgxqeQ3C@`w(`VwODC92Y?3;~5ou*VWdi%Zog&HGESa3D_-C3$S6`@1GG&-zB4? zr6dU_U>lQL+hd4bmqP5*;ZNzoH&^`8B;v#fZ~v>BQ(!=WWYIf3p8#Lyx|ym^P77BW zUAX92{UJR&)t$isR}u`}?*W>IBt-jKuSy;R1;=|Ji}_UxLOz{R-Nbz074HxXLJ>le1!_$q`|E zd55IRjo^-{!$}#&i-@(hMDrDsJZqhpgm+F(KS2^yIUzS{r3~Ax^5oP2noWZa-u@M3 z+Jz{?gE_Z7AS}*E+~}BS9tY}i{g0LiI3oKn=1O$jQ9l8cuo-=ic!&LRuD5%xnRjng zuw#68m>X2(@r<&BJrP71i8&;pG+-o3(uQ7aA+>|EYZu5C`r?GNKIeEmuA5aiayAUq zeg&c5XXg+?Lotk6Br*@T!UT6xb93>eMhB!kpQB^>h}nlzTmkggrO5s)7uURy=Hpc1 zaoa`QAVPSlw{9F4HFkkfIs*K~uzfvn0q{QTkt9~2DoC-yaX<3zb%rw(I4kBmvrjfQ z-QHn%{6G2KB*g0L=_=>S+?hMU z`@W>Rge7@`*9)6IR-Um4j_ptM`M)Kuc_minFL95lMNx827;Wq~RzGmKT}<8W3^?NW zBlk9Jb6J;Yp%37$H%_?ugh$J@Dg=DprtyNYVLp?%IUD+U^&XD-C1}s9VcOY>E^Y@5 zd!3G6H%eEg5kkPM52ha1qBaYltS|(WiQjAaC)Rl%usrsJ88rLtFskldxPpDP0dpSb z71kkbl`ghB44J7E#lV=$vj#X=pL{Xgn+s%nD?Dmz_$Q31zEt?ttOSXFFN6-Y*PmWw z1gz;S_9n(JwXQrp);oR@RhzGe5tfIu?S6~W%V!*Lns5A`2HVe=3DNARycO_9`g_fA z2lm|0LCj0V+0%MHC5*w|k{!%`3(wm(B%_u}R{S?$ID0}aYV6Tj^Z0I_kdZFWjwv#e zR=bw>2*&o#eKqB`*^yB?AAoAxlfx90F8w@8eUSGHVvm_MVwEZ1Le|yY1$bv~A=zE~+D$H5K*=#vs?_?e%F_|c z{Y6+(Wu{?kN%0p{42T0qO}v1HjaahQPCJr%-cQj@;VFVWa3hLmW{HZ-(;-`{E>FNG zVg2Hw196DA{)cug9*~^KLW2ZBZt<7uah#Z5FgKeX*mHD|q%lP)zo^lPuZWbAYToO1 zQl#!fWWKVwFgxny?fp^}WPdhn%CjGP4enUa$@Gsi=ft}n>NgCYe&M3&hn{d1a=TJm z#Y-1gn|~6hQ^MZJuF$If#$}{FlcG|#@&>4@cJ!L&3kwlC|7)l7AdEVq<)XRoi%=MjLKD*d+OXxaV;$*2$HpuvpFl8%0o(e&bOeG%M3cxbP<@I)GYC3x;t0b7R8$V> zax7MwLPZze<_v*q?D1enl={f0uf*Il!}SRRV#-k}d0Sh*8txFBgg)z`$=|r~SbA>r z7|v>Asf8>15$`)=%n^|XkoJ7B2XWKf;f(M`?@WxuAx3$i(^afzU|MTs9x{jJD;0MA8R@Ml*rWU>bR+(004ay z1;f#?9z-dc)16 zi-`s6Rd-f_>0ftO=i1djM$Ush3SwYQ<>UC`5zZ5Y-=lmrTJq%_kU*Z)9v1Qwt*@4F z)d)f=8@k6ZRl=iR8)UBfZUfQvuy{vatJ+@}&&o0;V+-vx{|FX|Q^ZVcwuYBA|osQd|LNe}j zTMDRODlu#sSdQuQN8H)v?VcIOCTYe-eTPvv*X)@Y0S-FH+r-B1FraeybV3%kM2Zlh z{CZ{KAmt&^n?6WIH&RjDe2CBFW2q?$bfr21qcwKpvQ7}(<%Ja&8 zB8{#-qCkzWtRWVTJsaY)VwA0?L75PMc=eIc`D6HnJm2m5D`Y<;P!_h)F_8Ju+|dlK zt%G<=_airgkXjsfc01Sk&b5RNzv6iyhP+03(w(+8cW)D!>N% z$kAx+Fn})pG>y4PZsEf>PI%NGX&f&+c8*{1Rtjh?Yi2m@D9!N zwqxZajJ|)c;~2=;HA#sL@Y6FGww>5;iSf)FPwCy$`J&%CPblVWpxzfriR84)qqZwx z==9?b$FdYTMXCEr79+W(nG3$zMu`h0wTo7<4D24cl0=Z~TSwM}^?Hy;2W)U!g^l%A z1JSiN(&p*q(tSvDa6Hbx`ks?cX@th1t2t= z=2K5G+}WKJUo6IYxk*Tm(L1L$EZaTkaQHzYWsm*^L-UxFRyF&n~vYK8e0BT#yv@W$|_I8>eT4kz!zA&HgSA5d2|o z;Uc6-M0Z^^2=qjoW20eL;JX+#m|q&6`a$JF&iM_c;Zw7hrmtJ2&yM50eFU#sq8A!4$zY!l9Z5lt-Lj9*0OWM*=N?w& z4E%MOE_iW0t64ICHrfXaiZ=|l_ZU&NdVAIe=Rzd!KFZhTUb-99;LEQ4YW<7@yN7Is zRrtZtpI`{3BP=+s!+r&EhvT<}Mjk?z7tKiGuO@^n@2+s2AX#ptyEsSb+>qNk_4T*t zZN{X}fL;Bv%Km9g%YeVqJKS$)sm*nQ!6Fp?OXAAk*eh+PW2H|xl5EJU-CN@L;tha7 zEV}r!C07!;IId8Rw+JlFH`#gj9i19qG2uN|XsTTa_&viyM|K#+c*$uaC{^2qJx%E} z#W7d3S7&=Ac9ES2P&Ox&jTZK}g+P^U*gHt~lvdqaypMuE*{kLl zOhL@l0FSZbr-s)B!w!Mr+4((D&OG20+zw8-9Vt0pSNyHt3CH*y_ExXMRNL$JUU+q! zfs-)i(%|;Ul6L#fg_&vVSSi)Ilvyy~_gWlqCAAPlg;|Ie$x&@JpeB}=ppFP(BqAMP zdF4=Uj=s%Y*V*{_Q1}tG&Wic@W(lmuZ|YUSXgl++UoZ{T<6VdwU*) zpuL`NSZPtDUs2LA2n0ZR*YG}wwfquPu2u`YJdvr>NEZf!tjGd5G=e$Tz0m&I@3M)o8d3WjtT+Z(SqZUFu~ORy(!0mPvMjB%N>jifVXoZAg8zvk(DLHnp9gaC zIcP9h2NM4cuX5N7idP430igI4F8Nd8WoBqF8|cpzULiS2G(O|_Du1p zryc;ODR1B5u0Ke_-_b|puE)CQ%F>2G#+1|v3e5D)w@4y-Z=jZ8OBH32AEk8K17Cc|bo%Ma2I|&dsXs@=7ed#eI*5_H;U2`Q6K$@PZvtceyGJFPO*LkK!I{ z&;j}aZb_)4*!=!$4F#tDdF|I_NMUr$W#(-1gh;q!XCmo$m#wt!GT;uV{8=l-9?)7o z%M|dlj_Fu~k5|P0f>Rbtca0^E*Jxxhb&QyPr@qPXst?YK-m$#O(3g%GZSB_i;z{VdpVF0q+lU&e*WX#sl9Z-4jti_m1n_ zuHH-ctM^xWQ&5O#tSbWLoR4KElDXlDmQlE4@Q(64?jFoyq1GAzEpOL z*{x9NJg@Bj8nEzGOb6(Ulj)5UT{2rF;`&BuVSglut+dy%T6;xTf{?}9CZK{kVVzQ+ zhfn!~rkTYstT0G3Ozt{o!`r%mxmyh5_(wOQjw&$H;Ht|n|49E5kqz?mbnU}j3k;P{Cd@zr+xWbm7;cXI%UfD_R&$yc-r?r-(R)=wA7u= z!DBMFWl@KUoS9K0dl@T=)R?cPF3WPRX|l;? zr%n>A9?k?Bw5zl)GfDi$+ayXV1yXbi z4nxQ~VL`!aYoPKsfSTzr$mC(NaBfO8#Pps&50fg&1%Z}~-{z0}W7pj=_NBX~#jFuMF9c5UcT}VW=JG6|r*j@Xl+6ylOkloS z6SRbfN6vf-p8qi4q@aF#fR1{ZHIEOp5DfN>HQ~Qq4vsy9d$LgerLw2+`t}RfD0Np@ zmUr*~zA%ikt8niQ5_Up-CrSB3MHr>ptt4T$Ko7WaRtKc}_Nfm)^cqx}ygk|6EUE1d z*vJE@FVfoU-)(RbxMaxFN|3;fSCr(=7w+brny2rKjH=ZBCBw{MEg7|Q5-7yU`%iF= zi6y$!-=JU)b_K)A)aIh@fVFv6Pm#f)^{xOO(=L4QvC)8bQy?jQ;UpZjs~_k3FZ^}X zo`G$HD|R+b&Qix}N6)T5sOZs7Dp~ZbJo_wj2VsPD5oSHF>~9>oI+v565UC+B{`QXK zR5TlR^fkT%Dfv4C=6}t7ap)BqHhno_%3Q{LivI~$`yJpLTlLmTZ!ivuW^;N8vlv*B z40WtX-`zfL-yVV~{1R#Jm2dkp^AX+x-UHH$5^X2`rvl5!#wUIJx*Wn4$vDwF1 zATRe_Mr1do&-r%dmd*`?kw|?Ta{4@CyjuPH)RkX7eKq&tw;K3<+&%8Ev!og+S!TBk z^Zc31*v+IHgPUl|R>osnzO^O@c@i753M$L4TY<-cD)ROtKDZp_^!Zi5iueisYp-nZ zOajTzO=0G@ADYqw(6f-1?AX=BzSfOuP|;$-&eP!>ro_oABu8PQ*zu18ni~gS?2>^s zcEjm{)t~n%AATd6mX4ep*ovx4z0O|Yh?n!|exG~|xuFf3ecb=Jp%38;hblTO+Te!X z&wDGmOE~7+i39-+f2s{0svV_C1=rYhB+}w0+Zh0q6H7v(s4umm0Vz@iEH-iH33-7? zUZpstF!&ZuQcJCoPIam4Rak#;Y5LmStj`dOQ}XcL^?W)e+2{R%Fj&lQZ0iFmL3o1E zSpx=qLH>hQIDfCpuxY|Njd*;#$vXG0&h{AfmTIX!x7*qCue6ZT#v$7+<{zcaNqGId z`dtbMuyoA3zHxAqut_VDyFUQCUrLXW<@3YD>jt3FQGS@|pMD;+71#3!3-<;U-L>z~o1x3=ty)`V7VH=53$=|It`|@qBg}rjGgf8~ zfZg+IPE7j|^rR2K{|Sq?%U?ijnVVH!&-nr*Hugltf~))0_7fw8!&N4-$tDDVhgj*Y zdC=2}2A+Xki+vOAlw04%f;={?s+;Ivk4-lR78~gjhOY-o*qfI-BX8~|m}z~-;IwqD z*^&f^^zWQB9JijD$_sP7BkGtzIerp?7v2Mp?<7!*!(TAzyN!H4$({7z^=-x5b!@7h zpXHY5s?2yik6w3ej(R8<&Q6FE&tQk%J+Wk;BT*!~NSH;k2L{LYZ5g>HZ`)a`F7}p$ zhA>Z7*_oe#%6x(Zf2YoYNAE{)xZ1Bl@W*Jft_<{a2@88$4y@4`T!e#0X z9=%s!2X*As4`ACFOdu!R>KEDn?lMt?8g;rvufs6v)<47U=0aOJkZ$R*Da~)KCd>yj zr0;!?6^Do&$|)=3sFEsBSG^F30&+$Q8<9qSXZiK>&~38?VBmer(^M-{#wT3*#Bq)k zQD0rKk!bs=P))aLHRbUqi%?^!p%6XBfOHR=+DiokdlBEu*Zo&1uTvDyZ*8oWg^0L6 z92`Iu8*aB%7cJo(s#><2@6~`M3VI;Did~)vynQka}>X&mo<-3&K`;p|z?w2vsuLP|N#v0U#o@seWsoE9$;(k0NUR!Vc& z^XdG}aOJ0Cw`|L-ZWClpT}4947Ycu=AoA+T!=D{Ay<)VOr*EYum`cLab=hkw|%IDzj}uc)2E0 zAWQITg#?AGQLu=7hv>d0p#?jBiqIydX!`)r=3R$!k$iObSH z_|8qbmfhRdqD;HnMmquGp0f2_9@de1iKt)#ga-4ON5kk;2fS_=mmtwF=YRuzUd2%7 zR+!ulHr8Qa2oa4^RYcx1tKR(vB^p+aF<8}dMKwiFf3s>z{CBSn+s&}7(>nPyCFwR!SN zN2a$ZdaMe4No>!nD9c+8tFq2Qz%O{C$$K}X$^JlO%*!4Y%J5fv80_s z28UP3aI^=|p2?Ak2;5_wI#TOgWY~LjwD>nPQ0njBzTfb{(H7fUzg}$kz3E9yb(#jR z&pz-g>Dl;xszDi`!QJ*TT!e^XBVGJGI1&23gLAK8ID#Xz?UnSxyjV232d9~g1$t2D z&ng^hom99wWr?$A_DWM<-CcywrOrLa+Z)C8s{X?ZAb6?A{08`KbzPe3ohj+3Da#7{ zF0FT&1Y*H7FcO(93I5;({Oz{PEt*1W(s!5!@;tG8s&wACSi!FPgf3l{R})kH*-3ra zw{fRo6K5{tRe{Om0mQN!?A_ugL1(cFD!r_YGcu!$#VCZC45lR_SF?cfStfW^B=Y{! zJS1zr*(nrsW^3v3wYHjR7}AsW2{2~o8*&lv(>O9P85{;iap>b|RbZ8s13wgh<0nv7 z4nW@!>v#FgCoTemMDYJ(>@CBh-u|%PnL%1WKtO3kLb^MK5`z*HN$HXrT6!oE2|+|! zQbGo#85-#hrMpwQq|cgt{?GI3yg2XozOKE8^;_#3_x-uGDQJZ{O(Pe6$t)=EAHEu9GJhn zH79X2Htjp0Y;8M!1$xoLKWW#)<=`@@|MjMG2$X;zB;e!~GR%)Q7**0tCvjaK z?InSzcwe_akrNs4K}Oq-D7sRa@2?BV)uo1pe;UozJ~djy9MgmBtct|{>X|%P2BsTh zuVE^D#@_ktc|&Iqg}KsZOy4fzX$;0(^ansgT9OuNb%Q@_&eqpD&2xGwuT_3r>+}NP z>Ru3r+Ezl*Q_2#sMeOh=T#SNqR1KUZqhDOMLGNb77`|TuIOk>F zrw)mEyjnRC`MPB}x&RJ)1`H0AV_?uJvv!7YPw^DM)322*8ZRfB6lE)ZtyM#gkZQ@vJd)^8jBa+DxY`4|pOq z{p2j?8b9FZifQYteKCn#8kUM7@EwRgOIQj*K z2g|Eun_882y7(9RV404#=;#^S6`XvmE0$!p)`3=(-0*0=eBp7P zTGts{DR^DyyLw_}6vf=jmy{uCU!-4El&@2gx&G_iCPKBHcHz?y^BXUaJKQ#-EQ>iH z6ppCiE5Qb~h^2J0Iggam+148}fD7Mq_&w%{DF&oAtnG9DS2VL@nvahTPYTEgN`HUm zJuqe^N~kmboDa@-L+rB{<@H*-S4bI4*oUVNSpQtI(iu)oo138A3UrvmE7-hFcj#RD z(iBHKowuC$@Bg^DEqQz_&OpIDoqc&bsDY|m zhxJ02#2VCiWP!XA<%|$$Lest!1e>@W;{2}=K>y{1REl4Mlw zw{`V;8wIeQVNvJ3gSCUeWPBGw;8kkm8t+R7hv?ML42Hd8gZ!=AgJd4cdPu=z&KZER zG6xj3q?4Y9PgjN0BTIACQaO&7Ebn!P715Xlc_Eky5wQ(hgBd~Pp$7@pxU=Fj)jP($ z88mxg62R=K*nX!&fZm$-3Sg2S4%Gpz%xBSK6Uo>WYn*6e(P8LFFTO|XCq_VY~SktGKD#P0k|ox!oJ;NM|4z}#%m z(gd`5Y97XYsq#%q*FaHBBcU9Z0KyMp7Aph9UsBLBbihnxfSpE{CdNgY{2IcQe!B^p zhr#&jw@V>Yi(^n3Ea`z&)H~xFMK;j==0!9p0F2J!xF+B*Y%i1YVmCEP5 zin1(ErLpFzKhksou7&V2k|rg;h_1P-9S?#24fS(JFw}tYK`S5EGruxxhS9PXM1j@yP%NXxVg7S8Rx8D-HQu<9a66gRCX+=LNRmDypE zofA9jL22n+e}=u?!r#0LweQGx0g)~gK3|{nBJO|&q8l@K=10=OpMZIog?yU(qP8v? zks)S=*1C=m?Ee7KP2oNBWw|>Hn8Vo5%7HXD9dE4!1mE0q5Sg#?0E!YARf=DVRecl+ ztQNyKKj1&7)kQ}eG@At366h?ri43X3vma^YJi&we)k2>R6W&|e`MV3mztCQ1PcJ#j zDWr^80v-#V4)k#h?>x3D@_z8J8~(QS1z4uv`T&W@lVto@iKUpwV83>8>!njzrOP(- zmNziE-bz_egAF_R{xauL<7K3BCM4Jh>`Uef{H;ps<>zIn`mw@oYN^!0H)QgC%>uI+r4Zd61b%f z0D*C4*s=m;%rawU)}xLf>&xFnYf&J zbNM;QaGJ#rEZF{SXMz?i<@J1`)i=^ytVR|LZ#)o1i>r&yhcMmz>yTac2|4WCqK7Hg zgB|ZGrV^@1f(XnG2BxGT+91+mjf=BT4g?fC4;sAqW1;=FfgHxg>^l&i;vEno76Bm# zLc|JWd~*W=^sa&!S7=HVzFd#fmp*aYgciMsG~biNFHfZdUhNpHW9vdFWwNe=i>N$sRNZnGWQ#osWXC^~fj?UBq=hb+uq!Uop(zQo zeLBe9M)E-D!;_aG}bgGp@04 zx=rOpgD2xMN3egF%WSfwPrBTKYqeo&K*yP@$-2X0Y|KhF|D^_NL+6H2X9bep!+?Ar zOI<~;huM|GN>Z|j4IzC7KQT%gfy#9%*DOPHQD+ut1y(^2e1QSOP={ElL+!T6{rCv2 zc1Z`RQKSNI(RUr?=p~5FI@aGzM?|pGQnZm~^moP{M+5UEk%k+&K(2* z&#t>~>IK1F;m*lgtN4iuvndmKdS8|MS|yso;%N*gCU6>b`(&w8q4)ZE62aTKaGYnq`;xnb=2X)GQ zSFDZfy3cBmU~F#6d!F`eQ|{ZKzOp0Q@6#2u|~lHvKGE}vNRLSLQ|3U+=RW2Mzq zG031H&-V)(NW5oW{{<5|LttJ3i*S;6=Wid0iMxmba|+A*^DG%Fh`&-m-sl{3 zYfX@B?ZGsM%C!qmq`SFOgSkCx6Mop7x-r%ot4z!HkOJ%{5cYEb_kXm;E_0gmQjT)1 z3v3Xd>cVNKpYu36s6hvz3V5=ejvfp&nb9r}y9i4mikCTmWSV{;AC==&qeYr|MFlz_m5gcQLP;M9e-V21c35OvBF*|Hw7>Ukpep^A=+0E_l*+yRs7FTmA2)^^H3F3>t{i-Wyx!A>i%^7i$HR!nOyHWD|-r=?F>U@A>uZ;rFBQ(#^l=ni4jb-0~QjTH#w;VNJ z!|(z1taW>n?Zb7iO>aS@<%LlCryjYz%CJ18yz$)vP}`sLq?FP zV@*YkLdldY1fPLbA^~A)8iG$rukx8+_w#L)%%bW2KDsrP6TU}r)|vFTjW=N$W}5Hu zWj24AGfd4WT4Z{%))-X=q7*0BMkg~JtI3UGIihqRk9?rhjvl3rs>)SOBN?SG>aC@U)^z56ESMMa=CBL-+*w4L1WGGE?ApZ(2>qYapHR2HXQ%|6BVLR$TKS1$6H{?G-)jhKcltJjvpj>xM;1+)u??XZ zI|0KhOnT>$Y$^Unc?Jy4DKfJa&sa+xQ4=3@F7g> zwf}jD2%lemkPDfXh+8hN6B~39t>z?J4~a%=r~6dy`+7hIS5kKb)%fAGX3L-=pwhu! z$NIehdzdm0_z!Fj{EQ4~)r!70RAy02P+f;!ew=lWcG^2hez`Z>u`7KLgoV34Kp8ELQ}JKIc-=HPKLgK1%UKhf^13!~mUxt&$zEr{CXKHC>CfA+~OVl~e=2j8oF9EBE zq%RA!fTd8bii)C(kNU%x9P!}{*-!3(+n5Z=zn>_fD@v}@9DjTgdE+;<( z^+2#3q=bhZb^+5XyF(OEv2`oDvrcuLh2e(HEt~uM57F&Go*ZG_3mc8w^9Xh~6JY36 zz^k&34xtPVFq47|)G>yO?9s20Ah0`IvYFQ?crp=>u_Ev&aD_UBI$5I3*;~g~($ElM1CNG8iI)=4(JwcUu-d-6SP3C;hz(f{sb~*4@k( z{z3&7p0t>R6UH2hT!qjFTPR{7$+y^r%SAsxzO1JKFli4Fd-+u}A@32kZh6q5b3#qr+6BxHdLAAF2OekRBTRQ=u!Tqs4v#p@qlvX{ zbAr2`Q;a`O(^5W9-J&kfn(LS-?nURD25?Qg`8F86R*}=@kp9=gPf+SN_+ZLtzqaX= ztFyIwtg!Zp^uHNQz*HdW^H;iP7})nDNzc9?o@%tJ+K}Fpa-y}@scp8KLjMx7o}GL{ zNNY06rEgwoXJ9p;#iAN7liMRh>oK4Fvu|^SurJ5Ww%3m)vp8E?Hm*QpV%TxI7c>AL z42hrn+=$rg*jG+o;@j(#F304&jnrGjlLTFadnBrgd9-t~a^-oM$%wO7p}XOnl!sqM z->73ozPSS1sN*nKX5G)zUBP5g6#tanlcsHbkuJ|lgSPG*xj$cX9&ewQ@-jN^Pj5IE z7Ta9CwNdDk=;*fkJC)~2<5};%qFH9P#p+`BM?1%Kr4tXQ)?=HmAl}cUXTrMS%qy)v zv9dh><;d)Z5ma3MOBMl@>H^;F{1+EGWp6iNL#C%u+p7tsD=LvS$Er(Tw^g4OxS2d6 zXXK2NF(@-FnLs;KOq99QivK>*r6}+{mN-`JdnkNt%iy^?UD+mNW3Ny+SyF1*mZ?xP z*?@XG=2DxTBebd{ltA$D~O0k*T6q977n&7wDs@mez{eybsInjE& ze*Wrt-}y*S-|S4S-N{^{zzRpgL;JZ)@U1@yL|5J;}&}VFdf;?RK>HN>cCVs@W=Y7TRZldy?I*q@+*;~?%W8rq{8lWg^0+}vv zm~$f9Ec14H+e6w|xqMdE#5{&r4V7j7uUmF5^KqKSZYY+&uae^4-)Q`P94In!(JsnOwT*|OH zuM}?DfiwK|!A5_7CzgHj4(EpEid!$)Z<|BkLex}rO8rQi*tHi^K5e}}{&am()!22e z4t9g2d<#*~aty(1vGNi4XY&y^^XsO*599w4&l5LYwZ3D$&0NGe`VO`?UoT z`!U;j$Q{F!aPgm#jJKL#NBiRNFSubf=s}-pF+m`=aI%N)fplFxKAyT2zB9R0apKN) zVeAa5diY>%qj#Uv`tv8slaX1G6~*^>BcAtv0)qxG#dQ_ds*O`+dQU|^Go90L;qqx6 zCI)%wOp5g9a$mKk@DQsWo}Kered1Op7YjkR>olX|pri_)vFDilr~*}dJOVa(_G<}> zM}eLNXcbeKx2(51H?QiMZHLzWa3|7Vb~?5~_G9kJq*eP*@nf^HM!nzOj_T>inLcO)JEO!aZx6!3w}0}J&wM6Z z@uIO+{+W(0C!E=rroZi9cA^XxuE-$uzI(UAf9{QbBdI%4alP}KT)&G`XNA3tvo9hd z5vI~KYEF&V50_+p%I3v(3DckEl9Qx9U+w$XYgY^bDTEE!cOrZnCmSYuQ}`x*Y=3e; z8&7`Q9rx4xWM{&rp=^xNz>0pXUcL1?+5TR~L~J{O@q}50*$g*iRIVtFm_B-u^Yu@Q znj?umeTuoUjX>1PbHvGV2_+kyNLEND3VW=Tfdy@*EjpAom2lxIL(Tu>i813CQ0lt-`|Q@_}%e^!n$2}E=D;{ zz|iYdbcOrYaZX{fXu?EVBx!<`kYY*ci!wALbRg6iU!|;V@HA_C% zx+F=4R%=PdhJ{n`s3o|v`rsOKk7P4)HaMe8Xh9T_hMcxf{n4NKyH6<07Y0q5?{T1MxA#I3o?^C(;-z>dp;-9yZRmxRdz?@cBps5zx%Ucuq{5gHd~m|jy=xO3 z5imR5hJ8UVuzX_?Wtq(D6QB1ov^?w6zm&Z|jHn8pCNuiV z6}Z`+Ul`WU2>P~)S7*3=d?D(P&g3NhSVsm^xL}dDiIjog+uN zQNbio3#vP(vxfs9t5)&oOzJ9Yw!yzsyA8rqC_=lP;r$c&Rviyrf2|D7S3xd>AB1d< zE^=HGona61sJ3~JuY^MwhR3VTk`wu_%?L|~le9bB_$xlyKM);8e4D*op%(N%e^|;- zr~cRW$B3Bg%nF?HkQqXaRKcElb8b47bDW7q%m7JndHU%mrC}>=46l+k#Cp z@z0)UH4;chhsYc$g%;Hl&?3CK{+;=pD+YNN_LoGe*7i%Y5Q5ngZ<8K*Exkc1PT#T@ zv4;LEOmxh@i3iDcCrVMQC&VRZVzMvSw`yz3nyv#Y;u>Ph)W>_g!9g zPrd-bh)50%G+5UYjIsaq#^}dMEWkwb6GbdN7-)Ra5StA_3hIoQ4txw_+A#nw@&c)M zeb~=j7hwrqlB_;x@|19t3fs;kju6>{u&yT!x4Kw?pM|r1`N2*N2;vl4?MF{KyIo}@ zM2?cke~15I497>v+m*7aR|Zb{Ky@MaQxpKxp)SP(h&Lnx?w~`U)F`=II>s}MWQ-We zUEG+8&|;@)AT3*z%ix`yucy|X)gSkZ0bbQf4{C(2{YE2Jhd+3WYvEqMG*Zw31^MB$ zvql|w_&`*5ueQ^>J=ev2U%y*IbGl-{ku8d4Q*A;l8SKzmw|o}%m{NH0twIONaoD-F zBwyGTRXU077vLvwAaFOlEu{iW7!GmWOlCKe=f2hNZ(6MSQ)$}Xhf z-^}yJuP7OBO1XAgl_OX{k;)+gn&~8!fjjiomS~AjV5nuAd@IozqK584TmxyMW|2$h5@zmt?)6h)@T;E{?T}16t?f9Fgy{)o zsXFxTi;oGSb|14_xmwXqyHD8*IB4N>KasTNJ$}pXv`#Yg!B1QNr!)l(PnM$*>3T?BfmLRFXN%2eX|kBl_JGS)loEuLrD8h$YDaQdGW=k=Fx`-LDc0= zp&@tCp__VZ>aLS^&;{D9hUTk3-c8~MC0M$38}0}9DSy+}ym0|Y=F%pvL{Tk>LC;C* zjOCmaZmEy#(FEv}^N$wZ(lk585Vh!xNlZ-YDJP5aMMC z#BqD9swZuTqn})VcVuy9O79`|H;2 zvlYEX2H|Frl2PoS0q>F}d(K!v6&WS-C$ z8o{g~@1QDpX&uy$9~#K1h>*ScbVyc2FJo26#d>jHHaM^)ppS?hk_M_zgLB#@_&@P@ z2xK_m3L*xy6qFtmcOZER^wV*3KmdwQr91-=_>2xr1~0z!^)Z4RgRfVwb=O4pA`b5l zln34MDJL>k{0Fa;jBXRgX{?G+Zf9AO*$iMN%q88Chu>%X6zmXOoVAS(hOm^=MJpxS zNFJ}Ql1~N;ekk_*65x%OCy$}H)EJD-8$T%LtwCHX%NDtzokCprc39;_VKoMsst_|{ zn#pLn`#QOOKM1DAiABvad>lapfPcry> zwhWxbxc`&?rCH+)b7h9)nq-PCT+-m}5&xAs`tkX%zT&l?l$wZ{=bJSo{zJHE4Z zL$jAh6XPHD@6W9Lm7S3IjRp2hYlBv30{ZD7dTk&d{GAycn52V^C1&l`d{XG8V!}yo2JH&A-1M$zqHL$2LU& z3Le12CB$=f;Mv3(PA_WWqtz+0ODEfbmSfosxijK=LSG>qUhp2^QZ9HkXAmOg)F&e< znno@MZ_IK|#}vy#N;X8%+i(o_mm5+4YI zoFAo~K>Z*F=$SlR`~Bw|NUnn{l}Y5*Cl`hl{>KpS*^?UI{0n`@dX_P{^5hzc?EpQX z{3O*0>mjtCV5pi*mkToIngybhM?qY)AH+rwEMA8D{lZW55v}`l&S6e?mn%{`M;>Vu zYh{6`#g~%aJ*KyDw}GRDn@2tVAGbM?BBnTX3P2^f(In^{)7-_2c%CQE;@w{^`dN_; zw-mF_DDoVZS~TkyRp}*vTr|*h_(0~cVZwYYusL$sIKc(d7KG2^YAC@Ne(r0!6`GYh zaBA!4xka(%W-`x6{nl>k;CnCy>Q!UR#^6e}&IBcT3NJ`mObWNul&&L5|4(}qJA{c} zu#!P6+HErW`Em{GXhV}6V+NLP{t46BPrdUHRC0TgF-rec$y>Kt935%=_}7zBj~qEv zw00YIz^Alrf3J0NE>zAnt=cMA+Uy+dP)`V_%%HwFkLb#GFD$3i7u83+t9+y{bFj)3 z&≫(QuQ5dOg}xgr)p($0ZtXREc>{ z6#hTn6Y!T}eWXK9@UDe!p*kf2ViFksGF>;tHq|xoOR&_K@EkAvCV&MmtG@EZui^Kkslngnhu7RL&cy95XotiPlO-v zH6hqcdv$A+2Md=`Q`qZ41^5~Y)e+Ec?028pM19b~G#|Z|IIyCfZ(A%8WbLGMKtzIf zvmBZjr(d8m5qk*xU;E2XXW?8a8gPzoOG$f3L`*!D21G#Y>&eg39q0j8-r$>gDoC`8 zggtIjOqz>f3{}{<7B2mCcHoIhW;6-o$MZ}IV)05(y5H816Tb}X!@1Xn-H+jdQA)O~ zLG@u~uP3}}%>qFCMdtfyb^Sxj$1PIFsrs{YEZX=zz%TnUqnM9Kn4WgYprh=OE>ELv>)ye ztgFa*e*0a|KQmba?ITjNFO|R5!yaz72-BUv(AEHcCyj2a*VR7pK%oaQDU= z9&bx%`1VniPRO{2EFTxseYpMf3` zN}>CEvyj_`XBu7Srt9xV*jpbxW!HplomH=w8*`kG^>Uv7{6hfO-Vm@Llo#{*lqj|- zoo{7C`1P4?({g-*BMkXF%FpUr(LHSE@aOjU&2W^jyu*3O=c85q%;1r%?S0lEr$y;h>mjyoS6qd;pi}XCW_JeIRyE(8) z6R6w;BW_b%y)aO##s(vpUGKreg^A0Aq5Mc12obAb02L%s2huX7)~^I1N{8L7J9DiG zzKQMpZ=Lh#$Q-eKhm3&_}L1ip=^@s+!9Kz_p&>gwr?tc7`1W9(` zOwWZNkdiUS1OS5YId=xLTB*p3~{dNWf~r0QVhlo8m>`))UxI>O978>eOmj@))QqU{;Oza{V;7}h=>a=^Ox;f-VG z@m<@OCE65-tQUtOmi30QZ?BKSa!d|KbChbyryWQKjEeMa76yayfH7r6v&?vPIl=bv z!X3TKvk2H4)%_@jv#7JlqKsjWy-zDi4>P0hVa{5pT;$b7Z!SZFjiLQ3)l)w#v*owF zw`)(xY-6gAQ&N~YpF}HJXl*DoKHizA_=7U4e>oa?F6%ArEdNtWb!4-`Vys!{xMv^$ z#ag&cWKtM)IMs$StZwz;xBX}{Tv})|yZX+X$Q9l!)eh4o{M)eg_rC$a+u+-NtE!VU%`^yhi7KYUgLH90X#r~Z2@@~&njWthHsf2X9r;H(Nhu(+2*Ay0HXD^ zHt)(+?)i?qCDg0@(T`Sh?X~_?3;PK3ZlJG?(97R_p2yih4#);kQknx#KfT1hqyQT- z=v(~zxZ_sasf%i1fhYiudeZ#mg)GlK+ChS)8ly1lPVui@{$zmC_vA>&BPz;`HtkT? zBX~zCI|ght77T78fgtogzr4F+qc+ zg(Md+__bAO>*<(U)p6rdIemAw_S=e})Hz=?yolS!2;4eiLDh1t$#~oey*E*_X2)(P z9MO@Cw!ctal()Hr?d|i*YedZTTo)xpw*SOfc2xFZL#%!pN?K=P8(VO`B-_*a{r-En znoD7eO_rO4rvjnFMEPt{;c-}4h2?PXfDFIBXwfH#E-@U9@Ecn3v1b~l^j5K_p&V2V zt{!w&p4xNuVFMpsyidheDPL(8`{abu^|ZdLy*eJ}-&c%U z$k>~<-V5WQStsyun~xi~I`{b&QbNP^#eS|LKHu=CiL1y-PJWQ(#b_jH(_gJEflJGq zH~9AJRXMc%RW}nfpMQ)=EvK{nd08%r5~#r#TYP|-bcOS|w*AZKxL-TZsLa9o)W7?z zIPgvN&+1j`KLF3On*)$t?4*V3eaYOW|{rI^7)Usgm}QF>S@e_idMeC#rz+VRUmoW*J8`K$(iy7^(mU zmKdbKJT5jugS7k8F3}xAq>_$eGj!JVk1E+>OmSe6Kmm~Q_iiQ@REI##Nmpau2m zY0N~meR#f&+!HY7BCK>NCj8Z5%iB3=mHLVtMfm@)IzFHv~uH4Cjz)C&#Fgh5fV9e;*#_@;haDClqr4rEqZZBmCzkR_AV(l zzf0?@o^0*uy`_5-%VN&B*DLq5QD&~jGYC2IS()AZc9QYUj;8ImuETTgTtoPe~8R9w)o)39ZD#Ch$tvGq`ES z62Xu7)aq4{_MeyeZ~o90F9cOh@_AjLE`Ip5aftLz+mP}oAe+mbn9b`Sq&yn29V?5< z%W9>o*eb9eWf~dusTTPiqXZ>(n797%){rx)KN&X(&4idg#Ar)8$Zoh+53@O zgk@31wvR@HUfB+dc)M@&O^Nv1%RjTF{zFtB|#xsDZAFjBezrsy4RTMF(C zJG7O&hI~CJ9icf|&zFxLVZE!GYUXUlr~kLQ)ncro1E+LTuOz`Yld|}WYdPmI)fo39 zAqh0L%qT%ZL=Y!2k($Jna^--(PAJE>oM9%3>V_h)2Sqn_fBk8Ffi4O*oGEn*ny?@1 zFpd0CRF4aGt|Y(Oo8goe5XD?y3HkGHHLnYFJ63g@qsAgB-#Wz9cvLP`1YY&B$VRtW z@u;kla>bh*=D)0XPj^^r@z>ve%rk3;4rLa;zxlfv%!`sN!h2t6(==0kt+MU)t#B(l z>wX&=UeI=Gn^%41sirNtTXK#;RhVK{qLm^O2jDZmeewmIiq;6+($27ubq2qGCT`{| zY_@Nt8v}g|GJj*zl!3m9ry0STM24-4aW2TQ zH@x%oSRa%_YIj71akJ9%@?NP>bXsBqu?9CDU8U!tr4~St|Ec%(_yg>=y3Cx3(H|yI z3Ql8ydEvzQEp-K493Y2Hu7Bzcwz~945w}*w50BV}ek|-#3iBahc%qVvRi~G3Q9(kT zRc3>IE`84M(D#|uK&#Q)dgg4$&}Va#-*16EV+Bu?{qJU>w?nf&2eUn-QCu>($P!jE zlWhZu?jom&>|-bQ?FK%lj-xs|-V;fY*rP zZ`u>XaojchE$id;A?6_kSJ_vLxp)5oQ}``oU=31DVE~zBe86%m08#;?&f}lR?qm@Ln+j9N>?~1 zXhgd2>T%h|?G!T+KtUMVE7kSs4+WOHJ9My4GU>;gRW0AbxwB!^8jZid4LbNyNF(Nv zA#4{c=IIR4dy=dEbJqhBC6(bzxnKGkeL}iL{u(}NG*qbKj+41Xusv0)pQ1^Dy67j- z^P)-0%K_8oxw16WeI@$Z!q}bUpQpNmFPHfKt#dOEjd^o3g5^;z>gw6OU(W6`B8_)R z-qc(Lpah}{%Zlsh^g}j~1@@;!+oSd9Ia>Qhwg_^Auzk(U$+jK^SuHS3VgQb(;~>h3 z^Jjpi;jJd8?QF`?`Am&>X37Z4x~{8*yc3i3GQga|_=+0YkAdWaNZ4MMc!SS&lmWZy z{{*JPh-gG2HYUA50M%_0-oHt*{tbyzo~361QPVawj&?G05?j2kx!9@wZV0^M!oV5i z{mi~K1U4xD8ncoCY!-}f{i7a0Ey@C_LmoNU#zfpH2lJyGz^^2oI#S)?jNWGCJoSE} zuaiRXF95a3HK#vXw?S@ESQW)~A}suNAu_ZT+RbnW~;FLl#Qq{i1;>X z-$IyAFuPk1ymJ9p|`p;_q0b?}3*Sx-phYik-`|hm044^H1@Nxrq zPaz;UFimdg@&%>yiXVe5A^B@Y6-L{|yi;@Os+}twB~)tMJ6l(EAY{hN0{{2TCxVzR-{xHTk^${x)Z^$R$`3BP&TrYs*_&>RvCySwa3h<@M6SCT<9_%HDauAMpuP}kw4)8VB$7j=dKlp4PnqLzJ-}gVGd$0`sDkn4t8*@}Q_v zI>ZE5SN6kT5QysymZFm5PqLuogmfl?j1)*RFjFUkxJAxz{aAw$`~orW6FVEpZA;&% zb&#aV5cZtY%Ufc%dXI6Mk(k?%$YFuOEN8s{ z5WU?C{cQVxbTDe+XQTa@Gk#k^_2-)fmjCt^W?MA9X6ig$ zz*d?jF?&fD118FYC1L~xITU?;m*5y_oPgYPQ4k7Y7|@9_nE>$vfv4vW{;$oymmV9# z2)N#@b?h7Z{;BKRGh0>6xi|~Jr zslaFkKFikc`35ZPgY8BlSWS2vs(fIa?;jaLl0JrM*vtC^)sbUTRgf zV5mWwApm<9V5Jf`C?=H>)$b0%}4{r58;s$HlVhKme)j8TyP!vc`pNH_wH zPXUlH5G(odllbaAEfAg|^fo;d=Q~ngA^ZS%-FC7&)odq$ZoPUfMM1TP2>mn%? zgx_gh2F%IWM#2DELMU9Ap__%EN90vJ^alEyN$L_`Z^;fq%ALaf5FD8fp zJj7830}y~P0kX2uWC1l8;}iyXr2=g5s$pa-0(wuugB>SmB?x|qW>TVQw|wv;tY*im zIXfPUt7C2tHoC&T|HE?#0oR=T5RuI*K&H?;P@+#E?)=#MbS}gY{6HqV8LgYR5$5&} zckVT=ee))hd~(|T2%PCQTwR4wVqj`=jF<5+fqAymW#=QX(LBbb2S6DUThWPuA_%_Q zo6m-if&f%@HB6TB{br*#PHhw+R4DH}7?g7lK;yd|ao2Q>|0VF7^|}m5TRAkGS-OCT z3A}_?(G&=_6`Or<9r6|zd+o)`F!x$p z+DX+;#q#X_U~{D`YxZCK*1IRXuZvPpajo8yYV@?qQ$vG49TAp?^QLjQ=NMT7qk69I zi}xXJ+v)ugMD2KP-&IB>4sE?9u8{o^vY-Em>FLMIQfKln#W*!#rPkrs4@LXtNgjWn z9hUVniZb)xgv&d=5u6=QyMF9)N|*kZfP$m*WW9v;s>M$R}ADZ7kif@L7DL z?*BVxS_WgL1W9s&BxlT>P(AU}uh0}mjQcTX8dEv?M8|E{M@@YmR8^TJzb-DW$WNG_ z2E-|}(AG!+TmK`-?XVtNcoQ&rE@SdUdpsM!^^gND?)OihKmtUa4DW1rn))&xEL5!& z{A~CfUJUAj``w2H42)ZVD=sWnipPx!W=%RfTuTPgHqWNm8v)NqGgPOkML+lDo7%19 z5JIXXfDa|Gh8oiXL%VZ5mZE~0BMc-m5=%n`(f`KVTekuB;nsVI@?@pGE#Cffzaap7 za@eNB0?ZP7bM7Ku6YSuERiw#fznc?i%QjuW`ARW2QC zfff0c*NA5+av#}V!ZSPs=~xDV3g)OxT(`r~&}&oFUOIOZd%GS8bi8dlrNnlEOZge8 z4Z?tgK;{J>V0gxuAtJd9YhHFQ*N!y!dgq%Rji0U-{P&a+>je}eQJ^B~I_=zm4vz`n zNu@qJL@{#upX=%W_@9*((?SRC2D#dT=hYBfx}!FX9$T0Gh4ayOU?JTe&$Hx*Ui27U zYqCDqRS177uloNY$8dB}s=$556~Ky#aS9d;7Y&RDTxC|31jZfG6Il>oh+R4lhtgwc z`IbOJ2eU--A))Dask8uLQ2^BTabdo%0i56k6(9>T598-y&HvhH@rnVw`IzG}9k#Zu zq63LiBtH081tIjtSj0^9v|#0ru1DTYgy{{Z9nz5(VW2F(ym+SbuoR)LkPMwu!uj2+ z$ZY#Rx$2@zfAyY*Q}K#`6sJn)wQ916s?d_lLHag|5QCz`yLSMK0S{!)Z3Y>GQ8TPB zP&I4GtAG=9DC8NyP<_QWF7J9d)s<*Mh)+D-#kqAD%p zEDeSP$6~8rLLz~+kNgBF1?hm#jQHu1`p9SShh{e*=t}CgrG)fdb8(g<@!JH!*yj5e zc;)V4b25Hx!eFQYp4EcJii-bUqdeFzj5k^5O7KMupv~s}^QHd}J=0kR5Euu<-5SR- z=j+UZcH?}BV%JLyH|*r`_q+AV@G+1RXBzV>K!Fiv@YxGcp_BnII2hd`QT_f>2MzMi z-1Uj*VSMAI(mW(87vnDXBSAiE!meCshqm)|eNw<6TVP}e6=){9=>S;Rx=c$MsBRZg zrH5lFq3a+5C^}aRwY8;fBvwH8b>}ZKR>=VNWfH}fM~c#KM^TT`Z;LIg{dGQLIaFzA ziU!!kj^b~GMVREqCt`3$91W7eUz3LLa!^ZBnUh#!UDh9TbK)3I;O5@pBb>)>m6v3E z4PLD_`}Z`z2wSc%*JP71An@|HBhR|C`^x_x%HBJk>i_>AKF8iOBJ0S?mc1P$WM&_G z?=36Qp@T#mgbEo^_R7vm%0X6ykX`o3C?mR_uRfpe@Av!bcU{*Xy>I1@w{xE3@qCQ? z$a6!|_u}o3{P;EFcUg9MbxWYcgih3*!^e$H!=C0m@ne^QwV^NG6||&%7iW1g=7ur z5`-a~5e%Z!*$Q(Ja>a9+VSOFym@%m*IYzbmuCg@b& zov<6P&UN^OaHoSlbw}PGeb0VTD14gV_wxF0_>6%>vT9D<3h(^D`{TQ>EA2-q?9O0} z&Dg5xn>z=!kl#FyRghYGfO%`&WnHtDttmTIGv5al;5wqvT~HDf^Fmv#Ga*FA5-yD< zx1RuFt_c5Favr2KGHK7d6X^fAh;uysfVrkGY>$_RZvtf4*vBeR5&>7jRT+cd-3|si z6A1%EQv?W@Cy-_6q_-gIIRPR&&Oqs6v5b3f%e?b6!`cbbE5n;algd{64=z~T1xyM; z#%~~TcLic>cyVOnTFZo0CbK2YC1^JwwzSLRCt2W)_yUeNm)J6J3TGfL7o?g}wa}Oz zlz0vix36be2PVMiV3!apkN^@QPC7+#{~_#h7BS5xAYRhs`k((<(^R2z$I~UqPZd2U zeA==Y$D#`=IYQT#<*{(0w9$|alKLWcP{UrDr1iNEPN7Qk% z5%A%Z`!Bc>g8&?87qC!s9~AgKk%2&lTkDz>^0UGHQ)5(hznq2tDohDY)|CxJ0SxRJ z=r3%sM_|zNh>L=l+8(Y+L0?vpa0omW$Y@~C6+uMD>o1`u)nv@a++b2b;MvDEyoEU+ zQ=nfI$eQJ$ntMIkgx8nz$n0dx7nFt?w6L`N3WDVEF07qZpxX^48Wx z+2tjA8hn$*W2l0;lfTWE;~!K1xD3C}{}juSzty@~mEMS-;_tj@dl%HXge41)PJgD{ z7s?kLbRAfft#enP;_YJg%3cg96d7lexr9h*9OJ{l4j;(&O~hV*KS+;MLeM&Ju^9%2 z!{0Xd;dS-g=F>8=mm z-dXGYu&jr^990cNjFMU@??unoxF;(2ZqK$DA1;I`zgDaYJ*EI{#1VW=y5|87%#;8k z`$9;JYHEq{o#x!1xTR^xJheXes1EJIjbuE(ITOv-T-E0DnhKT&UdvlK*2tS(i8_ar zXRx@E`*#YJL`<9{F@=xEsrTL=yZH!B>)%fm-86y+S{PHVGS-YXD7EI8%qhrlcHV|c zm?Yx`o^7{t!3B}ctcfVCzrNGatVqPpWIEVM(erAC;w(SAEH@iMH zI|koLm`?BOYa|dT1qwn2Ik$Add8VPstuATj8>5q7w$al%eaD#DZ_+kD4JyE)@H zdFg2jfZ+9ze!!?uWdSv+K1(B*qS|M8(O19zC;Z~t1~@4+Lk-a?`3~o-)%ZY5v2`w* z5XL-23DVk3ntPxuP6BEKQmi6Kb+y`-o(BAU;!tWN8RDaI1-V9`mvaCGmW+up7j54~ z!HW!txE-4Hw7&R0JWv)^NZ$)XkR-0jMEC#1nDn&2?-4{&cj42h(l4-u+Xa6y#jAs< zBRQ+N5|5sP)M-5yjg~qjdI5`zI>?@XNItZVk6U_o2JwYIs@*vc7=rVbDg-w#JrX1f zDX?=_II;z1$nQda$Lu911x)X(#^i6au1@QhXiRJ5EqXfU3QZ@oP)}*iwC4|Ir1wj7 z>S2fp#^I^{`n5Ni=Z(8l3&_tC4yYF}UZ1R_3s|E4EAj}n3U}59r=5|)FxImgUly9Q zqdKiaLS%+G({EW4ZFdD=+7do2jgVN*Y*;}L9m4$wc3)8uqOKNPfMf_1i#d76`r-5r zPA4K>{T$F^Y+&c5^FNO8^!ZYVP4um$j?tCK5 zFW_9wL4|B60A7Q$$~H0d25rNH-bWt*w5R&S0-p12MpA4n7X?gn3W>13bJdSkS~dwy z0h7yGlgW{jef^@zVWE(I+Q>XdZd87GgHw@9pEaL!5APViBHv)L+D;T3KMd0vkG}pO z0tjY+#0hjwn!2dWiT76}y2+O?PUp3dypNhv9d$447L+^(U6ZHHq?Ms@`FtO|)@YxK zVnS|bw%WCx<8C%h+3K}Er!HzA;(BB4@$Q?`j+PUN3FvjxGt>+2dM$fN{$=1mdAK3ij?QX)uNd5l{)^vkT zfh?Mt^EPYR&M)5*6(N-$2&q-VSuDt}F%~&0q(|vSMSNpVxRa%j8EGu{g8Y)TG%U`f z(=I3L*^}PUZj6${U)Xhw3)g+#6}yOSsQ~V8pqLg%QP;^pd|9uhl$0hZltSI=N1FjR%ajfY5NrqwPkT4)Zx4jnj}AoVy3 z;QtfLNk;r&Q4okS^ z#Cn4-#{$MWt>4*#@$z^VL-;ww+8ljlBRM-sEUP}Z!N=mkqo1mIE>}QZ7nO(BzNa~g z4un-F*)1?f>aD3vFW6+0b=`=FHafhV&&Y&p*5KstfgZ}3A&rMd7g>?BCjD~Hv|FL`=wVXwfq-# z!C@eiQSC#{!8{5nhEm*pUOWP^Cq??GG{r!NA4*@xyZ_3 zK$k)?904Cd^H*>Z7D2DZyTvVa3ngoHMabO^E(kgkS&`Q6stZ(`Dx;Ze1O)iru!JdM z&8IT(H~!y78`m&a@rkNxn?I*{x`~!Dua0vfY2DSn1^jBhu&2wc3;1p5D}*JiDBNzQ zY)h}lwBlow{Bj*->D?6;iCHX3v;fg1f4d6@baZYsM*OW&W?UqMzv#+z4;Atu?mv+e zTjQGySv9%pXU}U-sb|&b%`YPJk&I@bfi0fpykEjWFcEBe7}sB*>}1*>36f+&cJWtC z1{H&`BF(kd?IkLkX0*O^hOsZnVI)0;k1-6+tYXO{wyKPe7+!Q(v~?@)t-85rer$WS zWr{w?o!?arXnH7hr8kM0{|?KadH?#bHCE$$#_OFtBli^Tg{D;ODJmcazPr z-)Xse?F4ZBKdFWc5B$AoUnGn?c-~zKu2_ZtFRdS5A1skDIt0P0$4(3%D~loFwcs&5 znLc@~dj_bNWK)E99K=%-xzSYi55)}8tgK?tgt+7y{mXkp5@MvG6oxpU^h3V#fV=_> zsR(=VM~^AQRKt`I1ioT9FF+oECE)uSd)d}~r(x)NJ|T7gdlWGVxX}5?ME9ra%3I{) z3Hns%FjcCvg&V-+a%DKoS+Td_>QC9G)Jyu zLoPPEs}K?=h?5#8$=1q)C*>qVJapMU3mvj4b0%DOd)%vL#AteO=h~S2xAx$k+K*SP z-I2NOD)t$Z+@~u*7*2KzNVo`cN-;m^LPaYkz#kWtSQDTO^Y zD)2JD#XV-6!$i=9RsH`2p^aB?108(48~zEtn8Na-8NHh#-H8e}~iC?)T0&LXtw#DxU7i#jEd6@NWcmVH0(Bub^Pp zyMK@V0xlg1(&M>`B{IH3^#qULt^V<;Fw`M+P5el#yTQy!j=Z7fDcK|)npW%K#X2vN z8j*-igBf&R`5e;EQ_nGyc5x5%L&>ZSAVZlOEY;)R50`QJ(`Cy_m2HZzmOz3u{HxUh%2(kEZ;Jn=a$O|hA5fumC3Dsit1yvTmxE& zWEt1ILO`f=eB287nAg-~)X=R*v|P#~GICIG%-Oc|`LEv!k_4LTb?a-_-TGHm&h7lG zF|G1|PDSN~(4z^l)ZP_I`en@hM7^k`QzDETat$hldW&2mbgr3g7>$$P) zThQn)r0Zo^#926zK8$`(+Z}Et6-GQl9Ip?$pk&DgM}(_#2*gOrjSkGO_xwajs>b;wh~%R}bP!Bsny?2bDoN&d zz>+wC^c|fgtqh}=7d#Pd)ZAx*Pv-t34Igy~UwF{ayC#F=JW^*t(+9&G{m0NUcM1mh zzPbTrs4cvlQE4Pw4dE)&9@T61U?77d?Q4c`<~}VxmJ630rk^(RU1HV0#Jhv)BsE0SmjMm)C3naZX+=WZ`7^!!`@4o+1o`Bb z4Te%R9tv2a&@o^NMC!gM!TY^M1SSrzgLEtdDB;a$1o!@Qty6p#X+A+0JRiR#U|r?! zNeZUYNlz3(nSP-Q%q;vjM|fvZ0Ib0<)h)3*rdLm%kAF#(YZf2LJ2B9$q0R<+`fmQo zaH3LjUjc+2z?5p}An0M#u%IEiRg#6mc6TxizN^pII*nQVF1bT4f+8KX5Q2jyscs~r z(U@`i=h-86v^p_ywEH^m#!U;0=^=@()W&5`JjKzFeD2_aZ43!_J*N+G^XuW{;K~UaP*tit3W^U77-Ov_o2-<+Es(v|ZYolwGptsUu`fEc2SDa=9kf zU~c5*C&82K;i}tr*y*-jZ=Ry32Q`4A%;x|c`{B(!wuMkb;|oY7`~TLF2U0Q*Ql2AAs|;>SL1E3(c} zff0)gS$FsC161Bvz2Ceof*S1srdD`F%{%t@S>?ess6$>-iBBF71Xt!^MEuBoBsGjq z4D;*P&Nr)mLamxcCM2eDVb)QJ-#!)}g>mV5_9%IcxDBr-^)iw~h9(8fn-g`0zR+Ve znpIiJWW&(bK<$WbPt&$bP5FHSq1Mu|F3-n)+08DlE$%AiY5j2Y<^Gp>qj>=jvXfgu zi*Gsf0B?xg&s}xGLr|zb--|qW(W3h@o?}2GXj%m0F?>^=bF;QO_%WC+^{Iqqk%qba ziRL-X_wce)dWQ=I+z=I%DD{1cs)sv=3!6ajaGB{NKmE2lW&KrW#5u0k9d?Yrb9?p1 z1ZVfpn^8%89mMNJOL!ZnKCxlKr0yENbr^5$<6+tO<&h-` zH7Y=bC591+b=^?%y~27+cOi%(y!GC&)mz< zo6P&7>eb1wzf^x!nx_N|DG2#-0z|2a%@CCJk_CWHeV_<80~78!Rg|HUn&UT!L9u?e z@PPW!drtDQ+#pjBc!O*#S126|UmPeQ2x;EMUV_1qBX#fLv_`yG>dW53`YJDMb! zP?noagRW2IE(fs?Od3f%t<&DV5FP2Bg@0>Kst$%SP&#_j9FFF%&prQ|b=q47Mjkc* zoPZZFk`!{Vbtf_S-W>&_@ZHnw#<5Ao!hs;4&=J0jKu0$9In3$%+Yc3dffL>jppW!q zFK+Z`Z{WSc(3*@N+q&p}Xyp2~L1$ZchcFHH`we~vxa+f5@#u-$rn6>|R0Vjz=mk^$ zz3D?S82CPXGuA%2Itw*Ac7E438bV2Xv^SK)Hy)ZqO&WvsI0F-g|8r5=|GMoeb`_Nk z{r$Tmvh_J)*9I<#xJBE8H%0EQ>zK%M<*^j+FYdo9+LD8rQ&AJ{74A14Tyun*7}C+UDvRj`_&t8;RB2OXkw7La#2A&OdY4{dXr zKOJ3O7*o*|Tq=D{_0mJ4y1gG|6>?Z9FvDT_k*sK`Dns-&90GHOO>`Y3zw=d7psRwS zeIq+dMzn?Mq(EC_{3YiM(~mG);`+~4S(RU85?&&&MhgXA+gI74*fmj$FXMq)xoQ8a zmCM}<{z=y!UmpcU>Ey}imuYH80SI529Ix)HTnPA@BST%F^tsx5* zGW096?OouEjsMt_K=0#zbKfX6{js$Xs7=Z8hk>Asnqru zc{8pq*zPmMcpi3*L5mx!v7^vEE{|`Ru5(*B9BMc!{!haZF$#g=)|85lAUs1r8x??6 z-2Ox$3h;h0p;$8mhLR%isRj6-?7Si~xeZ60gCdWIVjRy2>Z-_Xl)Us-uI^_%0#bVe z5X%ve8&iSV_5gql2}G3m{SHEqi&j8@YkmFXSPPKSW`QK`7O)iX5fPb}t|1b%wL)xW znA@hNwNYM`8z|y-GmRC#RXT6evodn4&)sgZqg8!S5UYjoIz3!hqf)E}MZwSo@^{tP z?|0Bt%m2*G>eatnI1j$o_a=6op;H0eBd1P5+@qIINo@f*m|!;_ZIYsBxlw8QCbtw( z?t1j)bGkXa?a?un6>yjVJs}Nfh#E$hI$2gH?Kh{$VpI)=yn$fatTX&VNf7!PPT1Vl zJ|HKH+QxZ(pPmEr`oNQxdov?fO2T|%D(W^?{iMYPV3k`O{bm{w=|-L9KSwr%(?AgXXJD1@O*m*<+JIfy0=fyJ1`~*k-j+ox$FYqMsWArj?${CW{$rSCj^+t#O#yeX>Z~xo;-OX zAeH3A|FX5$eBGI}@lDhA+7DY&vq4PR5GNd^A06XE(k?Mt9|IBdU;dP z_$FPz+o}o_Asy*I=d!yMcdZm%KQWcw5>W+!>p945Yu_%<w`> z@%;txZ~w;`4nHF4gX-$9e^8jGi^XOVWWc~yJL-55$VdAZ(6o91n4474RbkWrl=1mD z8DxtP0}U1aDR9eYzj!ph`ueQ6+|<RNEI3<!U1r1K1p@VS^^NgT`rgkCB{z)F%0qp9 zsldh>K%yQj^6kH+0-b7f4*`n!34foBu-eqS z*#=^>n|HJ3ro-HrsVj-vxqQ9^6PH3^katWsPg$u*L$?h0*4yFa&uOfoo=uZqgUi3U z*0CPg!l=#Kl?sr($o^6QaUvHqUC6rWUfmLYN+x#vEngMiW3(`KyxiPioJ;WOc}_`X zpj^Ga%K4qaykKnZAu#*x0|-TzZVah-)Ss}H^ItR6bvKk0-O0q(S{y%+_4W6sfs3s@ z)93@;IaRM$jhYO5?RW`Pb^QcGR&H(enJoD(U1mb%Gj-$Y19+9=77-hb0@t8m1K>$FC zQ2=aqXn+2fK}%b^7ENbJ+Uz;@>anEHw8`hOF&-&XVx~Xy?=L*wfjP3f(!=BA7GN?_ z3`RE>rT1dKn1Ik5tc7Rxy1ChcJ!0!R3K;MLnM7k4F3hGJlHqpbUtqyD*foNf`BB~L zSzmF3KqEFdnS6HYUjah5bA601d%cGz5WUIMw4Y6=T%@_pm83m64Yx z3Xp{Ku2b;(uwnUF5Qt7`E)n+N*)B#Bwsq5&gD^NDm`Ic6ZEj5HsRLK6L!&S+n6EqD z@X3|Nu4>=JHiYil_I>(P&wewE@o0B`9`6Jh;?H{JL;E>2<_E@zBR_7x1>>6);0cqY z-e-vcm$=6m-Wgp{*SP8@&Ta{-WN<0J+EF^@tTH0bNo>5SIjdoARskI=&oiJ09BXo= zdLE3hV*g*i&cS;U`;4qCH+2fU+Q6WoSnLDu<>DU(gfP=Eo5e^|z~*4FeN=qc>Ew+{ z!$cX{7{LtaZm z?J-Kh8Q>eR-Xgq5UYFy3Vny*u94V+UR+-SI>t%o7ma3`qS@M&Ib82C=o+MT(VClwL z#ORl&q(Na9Wjv50SK7n+D-e2zXDrK@*Z(<@os9; z6J0h)z-WbqfUfpFlu^v7_LIu|dc89q8=qNGA%tqb+i+)XWr(g26u1|U!0RTt` z1mPt{5ipzp7(Y}>1!Q;fi`8qQqSn@DmVBf_CrgBk;Jt!@N;zIb3DO>!IaXo+`sawH zZ~jDJY8oE2W*;!kz9Ta$(8=6vyw+(miMiILl=P4}!BN8XQ_XKNzetgeW5-?1NDg}_ z;z8KY|7YGaUdc795!PxCLFnBT2G|>jQ62wE-70OWfGvk^F~&FmP?_ zfc<8+lNYd7m?%$NmIe60iNGm`ckow{fC^SC1f4BGN3 z!`H7!y4!Ce!){I^&*enJH$jd@PYaWe3@!yJnbb?<0x~nbbmZQ!Y`!TgdDqi5IOSdD zd>1vUS4| z?0q-^bPxPZ48|J&X~uXP9%(Ar^}dS$W^1K#7BT&V4>j-&~Il zJuSZkZCrrEVi-(_2V%)34HR*p`?KG*LdB}X=g4xOif?IwR)x_*JCEn@|BckL!*Y@P zIW;W&1BgUc2>%09cZou8zK#J;DBxM}g#Pu~1Wz|2pN!^_9;exd+-$%G6%`$hc?DQb z{i}KReWQ&M8HJsJqhH`g>FYRaL8ZHgHRwmGlGWy4fJwPvn=E^E5qLVZz>`?1`59Q} z3VB-s>n6%t;-qe?e##zzroRQ@0#AS$r^6(EBoQ^cw>qIO$f_Yw8iZb^Bt0&-JHK`M zYuihyZS5U^QJR6C727jF1*#MbZ{I`TJ^7v$dmt~$pU>3g1$>c1zJWfyufy~^JRagY z$O4J;kdxgz>>m8n2(g~Z*_MO?O>AvDgADTierD1q06}a{K@ca}P{!=zb7950~{J>97+x z^++3#$d#bIfDi@@MbE2SQ?u68d0u(+3-8)DKvHHbgJ6Gn#_Y@z6RHQJBU1er>27P9O20)I-{rJ-goS`bEVX9IfyDd>7Oe1oZ)7BxQ4s&PN z^7rBrG2RGn2(RaUY235jS1&#a)C|R+B9^3hAKd{QB`C`_fwJsv3!lvYWZ3{uok^`A zOj-_5zoZH_*%jcD_f>WQbvtelZ^(akYny3YayF%?123&`PAfp_3)P$emba(+Z#XvR zx|mjpYFjBFTU-U8{R{}sp|AM!##?ek(mf+22+Niz*hhSlj{#vcc%2=m8-gqXSei(x zOQ1!3cTWGsNa7v|!6f48{7XJ+DVKzNe^Rth*a0=8JXn1yoS3a-w^ zJv1t+1CsM(>{+A?0i&vZQobC+#*~iR;MzSmM}(_RzT4VJ<>mC)$tGHDJ3QZVBsyb>H@Px2}G00)dVG_tL3PTW5e|8Eid5ce*uK8%>s>wD%~7Qa)h|RmL-@QvJvt(doj#d_m{etj?5nvz0$o|q1pH- zYrd78(?P!|V=AKnn?I+MosH}cIcESvnJzqFl?>^&L_Y^zjR|<9PN3Pt6(-Tjw#U$_ zW~Ge|g}KA))A%lVg7D9KmnLM=Yc>VPRmyk|$}u`q8e;#GV`xALuo?3k@21@L6k%4_LON2jDx6 zKLyvZU&ku#?KFnXnm4Vf{HXn~i->$(MXkR+g-pp)iqQ z`b8Y3I9n2}4oeHOFjZxoGY(UR44)IYYMf+zB>4CV3sRxw-VZ`4Vrkb z;;!~wF9^*I;8;@r|8z1+@Hoj9Dr2+gPMF7IN@0k^KSmg0?)Wc&J>_+vuHm)a5qaiq z%isMS08k7dgS|}#2LAiKFO(t(WVOPS)QIJ&CHHF=DL*u5T$BLb3u$;MEaC}32;Xf1 z3^R1IVw>kRsHgFlk*7>T#UL=;%= zK`od+$`g$LXmtyh!9txBzfODm0@PM-|27=`yBe5lFkP4{{7P6Up#dBqH%~~+wW!L$ z$J7Vp!z&F1Xny1%Tj;FAdwdWnOrV#XS<2Id`O~635piFthDaIcuzY2;99rH0n4HGG ztv(dt3OrxVs>wI^)6?tfF93mLF;Xu^D0HYyhz)nOjdQ!;g1q-MJzWh_3gWQCw2?{eGWs_=yscbFTD~#rjlLEbEpO{L)$A zjuEP}R1p!ps<^c0E57iMos^Kv=G&c8vg7~VM-XZ!`d3C75~}?ZJCGEze0cTUY0bTp z!0@F6J`D2$cb3Y@O1iL#Bav*L6&U`4LZ&g{N8jN0q;t3_V00!!Gg~T!EwQt!tn)*; z3fl-)PCQan7_cp$@d4R?U3@w&3QUXl0YMREPz89h(?MzX$*DyGorNvyadAuptho_8 zE#h|%-6PmK_PWXAS)CW(5qaZ(8ue8i0tJPu>I9Gq$IRNTSh7faKZUZ5kWPSNm0bs4 z1#Cq=*op@;mmiRcw z*ADu!dzVP$ah_B8FAg^*Ix3dQ$P!%+GTG`P0WlQ6F*!$k%iUx073%9R^`jq#F%^J| z!}a!;YhUpGw*~#w z#@<{&z7coqd5C?s0#>&MK{70)*op>}{)d=fzy0C5$??SrbbNdT_)+vHLANt)Rppjg}Yg3 zD>_U=y^Vw8`iREC5;yGhk5qmZp|5To<0<+vl4*=Onl zKGoX{@pR65e-?DeokSG9nk6alQEOPAZt^(%s_BW|T))X3p=Yw+b;z+I@@G9IFAT!; zh5M}e&Z##AdfC1WuhiDK|EgtZFv}_> zI@`|SE=TXrZk<@ zx~ppdVHoSLb6!hq_(LIAo-&X-1_+s%n0N=}x-c0C|Eo@+(P&xKGxpoiX(@{wJWBe{ z;u^vCnZE^3+AvzqhR#Rgtr;FP;l;+rG74O;A;xvTA=@*)jpwGAx~B{NZcixY33NF~ z+8z}pJ#b(h2*-UOL~%jRq_L9gh1c3@Y-ocGpHiLxb_@EI z(SrHz)qQylvu!ZTmh1Z1Iu7?ET5SXGr+E(%i4px6QhK$+?XlM>SP3KHDKc&e+^OR) zM^s1PgCyAtlJ(JsN^hCP#SXj1oAROVJZ#gA*jSxO+%%;Xk7#EXrgqb7GDvFW$8-Pj zfyw@j;B23cSFORHb*V~k23ia!e{R>ADY^XVN99}R!BZdJ-p|tHsOfBMoQ*<5hHvi7 z!-4aaK=5d+3;-6TjuZXI9gFlJ{#i2eN6tTTcqSx<&vl9ZM+?AXul7g8uv6C)Q?Dl6 zO?tI}7mqe3-eFcY?Oz1w@ZF6(_j%=^^P*y=c`)wNreoXVjj7f7OU%m6 zdBOo>nKpIaAMU0*m4T@PZZ+6dww6mXc;iAzvAEJQY1Zy>op|A%c=*8a1)` zK6%q^|7wHGU#^q=3!tF?d(Qi9rN=T6<1P5x8ZO;yZ&lCKzkX#n`&(iC2KDNG%SaR+ zqm-}7@ZFOdJi`XhZP&A}(G}k!>b`GNyJ~x-$FF}fPMNXmkJgB?Eoj>xIt(nJeTF^y zxq3h;G~*CTgkfM>)7asy(98-EU&37cI=4!9>z|91`_=xNI)C$Xz{{<&??keZ*CSF7 zH@~6Ux+==#S5~u6^>ch@#;WwlvsVS)!z$#7@LXN8qIR)<8*SIsKNU4j&FP|e#}_f$ zc{;6q0U`Z}tzHOr8pp(L%^{?HPeyj)F4=l8B3PU#d?<+-)BB;!;QZ4 z!tuX1xcMkbWQ*2`iFkd**?nJAC|JsedYitIdf{39tR^O`*v2_9D*V6%6vbC<=!w-R zsje^b=`;u_Jp0#YX@(lSJ87QLQcx;%g~l}Tzp@$s67K&@uBX8a+-%!Jn1_(aoi=a; zRvBY7{J`DKpwtb?$ZmN=$Hf`|;4aT3+@@Jm^)wYpCs&lC;9 z%#U_PN8_08u<%Ch6>m+a^IX2Nw+zdiVI*}n)g&gayB0cfyM5*1d-cwgCZBn(bmbQ| zBCPr4n#X}(sabU0KYZY1cilR8zoEDP)qH-&@Zsynvb-x|#C2tXdTsKc;u21Xe@@=V zWK@X%k|gGzY0nCE21(G0=!ekHVYzBkMxV_1g%pi9NP` zpF)HCSI>X~64FggEv1FN<2P|F-_$Y{LbuaHmH+ftDKKHBR^M`Xy-w=)_?j=xSYlt@6g*igxMB9%Q3y2r%*^C9x1tOg=+GM zK+Q?`sZu$IPqzFXtxAx&_}%i;dLTV7N5SZ`gxb4&1+y&h(bqsnxbz3W)0hTL zd-nZ%h`BR>pp-4;6-g|h#+wAW^O){>IsL-~$ku}>EMI?`weklMlVvvdYKlSI&qtl= zmE;%nIQLYtkjbCF*g+Mi|OrO*6b4_j`$KpJU_Q^5iWn8{Jte z1zMpl?-F#3WJyaujF&)x&cs&O`rnaRxo!V3iFto1QFJT*ilcHCb-%E&s~7YkJdqWO`?5P`sJ6_hP?P zw%$%fEW?key9e!}prH3HRyDJ=jcz*~qWF0?rTzRu=&Mhl&G}T=H5cb`%2M+RYEwAs z%NJ0`fROo&CN5QJtc5b6lzTVF!TmE6Y!dg7XxJ5*4U(nC)!LDzdkA6%=6|}%m!HoP_HRnvjQ`H5X>)bJS7)y?uC{9y&|ST(i3zui`Z=@WGh3P zBa#iTuH$LDMP~J^J^Tuyvd)YFtMTm1XaO&1YdKW6pFMkWDa(Sog8$=zPx;RmS0X;c zK#3XN^240idHZX&)2YKN=c36B2?J(sy`=a&2)i_%105lKD`B}PXrb~lEz`hHp$C_c z4Ay!n&=g?==Gp*FU18OvZ&qQ!smT`no2f(bDzgm?!^%12wZIQP+k=P;RuE=?KI9inS)w1i5L|B)9} zj=$%1!N?L=!yOU6RaP`Hvs>W8YtH0X8D>=&BQz}sa2yf~FRUh3er?YT0F8_R<<0B` z0Fc;3=9v-HHG0no8^0Q6xL%km{>OcNWCwX6dr_?-Vd(NL$?TlCRDDVwq-fg;cF9rv{t{tfUAuO@@d*W7nqpd$c%1R1PDp&Qmp%=uH%(;ctxs;#Z$oq5w*YV9|Ayr9jdO_I)*f=xHpM^EXMs`)C z$FcHb_$XxdUq-qj9i#h#8Tp4Tk1tM9V4eEG8(H4Q+sgYBdMaX-!@-!-WwAT<*FzwJ zGOZ|PDr+4|S%Zhc15G)zaYkT#V+gg8SlBUNGlF#st)xuB8{7;!u+B#tUw-{v04ilV zjX(ITBRawK4}zap(F821F;MW%zbkT*XcpHs7 z*N>)-(!MDF$x3sMp)5zD#F#L)9(5h4Em_Ohe{ISEo%wU5e@GJlbL^;r`@U;N9IGU< z+;?E@%rt=fua&KZ$%pq|cYXupKtHsdL!&^BT5dT>qW|Bfc75|Re+REI$`RsvkA*|s1vaj?@n}<5N%CD^fesW>=_rX^dL{r``A|g^Nwrn+@LenI$gay1MbN-(@^i?H`S&d zvfWq5Zta$P*IJ9JayP5$y6ugD?elhzOz zO`g~GpeGW(*w1?F^AF$)WBgo3ltZCaymwQ%3~k4Nc=8QO%D8SOVF9`Bq=7lQG_(#~ z0i=|s_Y&r#&ML)9VSdO=McBzZ0M-=>8;%5%!p{H~1W?9Fl?r0-cQZ3GT-x#AvuJrD zZ_u9K{_Xmq_yPc5GJ!gbC-AKb_*JG zi<sGaaGZunI0tB2M$_jmU**47Kt6LMoYc*Z>h7;O=a1GbpT>n*w`?mqEzmZEoKJ|a;jOKWcVqxvhR&nI=|(35 z517S-x(A;oEu_4C@X~Qq>FZ-xMxClzB@f@ z@c25;KKThPQ62C?bX6q7MNoPwK`BheMn1|!7yIF->1Y9%FdZFFueIXBp2K(0cSg4W zmPt?|=nF6Ed5c-&^N#&1a$|cv3Kg1s>z}prxZ0=JB24oIK;$fYWZAk~U<9fOo{T(c zpXYz(|DN07=DJAs9}$d39hKW@11R_7fvE2p=0vp#0Y2%Mox#{7;5&@ZQpBpUf&wFM z7$17;Z3yw-2Z~jcquo#l_PC_Qh}B>hQ*;I15o`+4=m?qg+Z&Ujd3>C-3isDP7w-cR z$N|V=9AuaE3rd>b9xOa-aO$P{hm-(FkL#RwAFTkHtOhJE?O8$NX1&jh^a+^5tPIM` zUqW*X(*ja*DnvJ5c=zD@M;5;)A0M+!hBVNf-UD6K)`&v$s%u`I@tLG@7EjnBRo?Iv z+nT4IwtuP%`gHE-qYHNRUmD*$j^ER;2vlks(?w_9Y>0HALCfyZ723`GQ9LZP3+%F-hIQXc8A2-@jv8!Zih^Grb;YZ+ExKi<{0*S?Y=u zhsyq9=xd}w-=93J4>5#4py{;T`S?EnDbSM`wTVA|{p=~O-ST%8f-gWAv|wqRrf{0$ zDbgn}NEUm8K{N{88!Z_Iu&ZuAqR8LSdemb2zd5pflc6JFuPXG<15wj7q7zj5B@X_L^B8ugN{cQp%VSKuXEGsQJ}(~?$R;i z0HlZIdoRSfi@Ez)gUg0%nQHWua4`0}h@U!c@&AgxcF>mvrVmj*MzF6^{umN;QlVU? zy#^{-f?7K$`SfVmsRX7{;eU|W;rAfju>QJ)2*q({;_qen-_d;dhpGGDC%&~AM(E)> z4CPoW+{Z|zfe62rh)V!vgQfF~=dNo!{oW@1>kE{5PDTdBcu`g;{U5GBEPdqLLP|=D z(P7$jodSVL=;t4KJ!two1x2yQxVo{QZpN>g9_CTFXC9!sqk{Gq+8X3%DV-xpHaQn> zG-sQ9Wj*DVXQ|ZM#4D6Z`M`D&Fj#o~T)F91UA)7V#?^-#jJl+oYQ*wu1dGffX@c7@ zobIFq`y!1L*B@_UY>M3jW_-df(p)}&5?Rk+qhWEnRS+29p!DS3V%u!>E2*!Rb*}|e z--e`u$00M5P$-8!#{GE|Yjp)%Mbu*M7Nk>2&_4az8O_X z0n@8KR%OzU7(+TRzDBc+RR1b(T&TgOXTFbO#;Zd4iUB4@?mkjEUCM2CI>Z2j?PD2= zH?V9SNHCDvA+T5O_H_k^6hBBj+JESeuOARns^!r%c`mE$yw!+Y*_~^gi{Ly&P=tB) z#8dbcj%HFg_XpB}InL)Ta-F!Y8;6>{fJ@(-$|CUNlO`#PN)s>MI+&dCfLE~fdzN1l z{Si!*)o2&r<;=c~ltO49qc@m?RA?Ac&3DXh2#si8WEv6vy59FlO^uKW&Ao2i%%N3I5BZBYX zS+EVbhz!X@N?D5QrdU?puEBfH?l?gbA!1F&pnjTC#D@eRIV?r>C{Qb5+M!@Jx7(Ht zghgMu*YsBAC$gn{-1ojAY4Q~UQmqRol;!uEoh1TaIw@UZU82c3HaTynE?W-Qk_7ez zSyY z%;-#Yw*S*%DkiB@-dm>fn>3KW4)G2jM22=CWxSblnEt|)l_E4{l1eG6XDTmkiO zQyN7!<}20#*HLh;H%&P;SJua2rUfkxgNr3i537(al1^abh*?qh(;F~JK7MWiNVn^F z{aQhz5Y}@Jg3I4Pq&ZGH5tAKN5uiMN9}s}+LOWfzJXb9?U-{=-0F>!+u1#145o!g0 z8x(D9<_o|9Yma~5mbQWk9NatkJO2tU<44S0U7Y9}lIlg+;g|;W%>x?TsU^NH76OtD zAx3<}c;&@IexuV9$WTL}v6sve>rl#h0SI+#AB2hS;ggIQ>WqARBtJ$Q`l?4|L^z)i zA~1gjF+<)weB|{PN)I*2100O!svlN=etU0jqH@*mMwsK>t9U2Rx?oiCa;O5Y5PCO< zAhJ&n$eMpCJWpT?@xyCcZr5Sxl!A~zV*BAvcx%hDOBh`_fLW-5w#+JN{p|*?J&YJ# zc&5Pb2u%o4kv_)vwmv{*;A&w_V33efXSCRz@~TT;sNE4Fh0LRYPU22ua0aEYR@_I& z#7nzvXA8CKV^dBVKLSUuI|VOTey`_y(IfK#p7jsdo*PG**BY$9!j{scjs#IBIJ!83 zZ-k!tqDTmauxK^JaZNJ}2p_(O3mBxq!}$A0>MYHkcF6i2>7~S#5=uJ(W6w>(8R>Bl zHTwlj2hEKf+x>qp=>Fe!J>1ZHyvlf&5OxeWouy}q98ViPvC>B#B@IMt+7nNiksN|J zQIfD((e%&1JX-7Mmu$vtcP7glV0b9rT+>gMNyf4Z;%)nnLQf2>3vr6>)ujYA06Uzk zG@O>zXhdcMApZ)kPzYvU2Rw15&i238!Jmqm@w~&%J}u5fsQ3%+JPJFvzjc)E3*&f$ zkF8>n^ZWq3o3qM_4FzDy^eap`8(~J-=;lJDZ`wgT0K`!$kF2(EoYq!j)zJ7M_fW4R zo>WxIuRfUbMGRDNJNg-J^;HA@W2Ag}SEru2)$ zf9{tWKKl3YZ9`NJN}y_<;j8Uk3XuIAz=|L2=0ZM|*dy+Q?fHT|uZBGzLXRNa+eGrU zA_?RA4_foQ1gqjBwD+<*CEzqm1XgMa5M~6)-m~Xj66(^c&}7-S@Lb_SROW!6|wn3wjiD>02$~S zeZm>dC7N`!d=&x&CD8#b<621O(9gw``3gBb-T)mt*Z%g=))^RtPMwmqykUwOm|&9m z61XLjx*UkL%81Qq379esY{(D`M|rAox{)KIlraj#fJ7JgnXVB`Cn1wE<|RYtF4D66~9nmw;jG>WIL$LhBrE7@+qyA+9 zXb6$DIC?ic2eGD;+{HgUI8PpsVk5UY5lqW3(GEwk1W(|DubwF$MoLXmJA7&-_bm}#CLn|cKfFYZ8C*pU54YOYju-lz?_^8 z3-{UY8^kBaL3Yl?Coul%vm^7SleJ}8yo6-pvxSVQh$BavyjES$naM=YKeJt1eZJJ= z+3X#h{-FsBO*~WNhx@yYiw%Xi_xbaU(Q=3P6rq$}Y`vTe`w}BbXX0mYJfByalvMJ_ zM*&YBq~=;d1De5NwHwVUKNfcQtYBKVEg;ky01s*kiSE}^-IM9+rsw%7s*IzHTfE#H zE82%KT83OA6a(_uVN_WQicrOKL4SHqMl+<&emW**J zMY`Oo}s%Q7x;OVCpYNz#z(yC@sr_2erXJhcB1nh$F>p-pG zdy40FJLUhXVoW11VoSpf;|u$M6@g)z!dt}9DL~{`l*C{a*fnI+OFu+FX8$D(=J3Y` z$*1yFOm6lyM$ALNdTr9}hxQsoda|_S#jxx~WoMiX1kr z&MMI0BX6l6z_vOQolTRDy$`n{q9v_?*aSpC$9S_7=#Y{;&mkN0Ud*@IuwOv9CvtB0@6mX+NVHW$-S3? znYflQb6ccjKK z*=5ZA-s&4S!!bDOHvmGSKE;DJKfJ?5c<2Oe;IDdq@qIYZi;@OAyv%L9!@sz)+bNI zm!a%$g(O0GRlfCz7t*6+8HPbWv135KamDanna?LTng~I>FX-ZKkfHp^-^1UjnOjcG z>N9wH{pisjOJwhAq%u1nX*I0^PKD_&;k>7Fds(pdW@ct)Dn5LMOANzTYLOtyWQZee z1Bm*32TPEG13a!YQ6Dpf7GG)p8>pE>;aJuhgq*aB=kU{v{ze*9#0|>DM+ovwzE#6W z<#S+Qqvs<3Am;C^|DwyN7yL{cL2;01rI40cc3kmh_}P4?4cRsC~INEbp0|_g^mj8=I$!qvZMIC_L&SkfvEk^E!qF zrJ~x&wxAjf@rxA>kUtQN#%~@h>h~eFG>ZQE)^!B`*R72lTa^(Kg4Gaf-Kww4?*XsMH ztttP!uSNAW-5YdMyKwcN3dK$CeMD#FyDYyemVyTuo-MUnKl%~$@B)K3y53iHi}<&o zC}ThrxAzA(RDa!-OqM!+>2qH2>xL zw6SC6#bRrkvFvlh3^1mr&$H2uQKokw561t(kvZ&Y>uoQZ#Pq5=MOoaTSR$t{%pzxK z)&ZTsFh69&vq%Ff;ABiKlywu^Y8;08f~1XYAF4>Tqq=dgF6s`=E?rm|o!#==KC6#Y z^bipE@pibV8+jwjYN*T(k=b<%GnbGFz^$pRjoB9#e0sLoRlsh-4I!gPY_>-mr(@q( zFbeYF3&j84dO0x>Y(0oz;kHFyZ)mb(I0obCvD19nZ;X1$UvF zo=OZo%kDw=dIKU4A+^GXB>KurFO46A!-WZ%?H+cgaQkKiecnF!uA&&HhB2M%gGj-> zgteNL8SF|vm2nFGDJJhJbHS+B(Q9uj>SQU)aPpgVjgWM$F%XCOTmXF0f&QJ=kR54q zN7{k4g*8Iz&IEjsu8;C5#c+;Yw~wlf#YX-p4qJX8#1$+!6B+IAMV#4AcyPG#A5G*c zuFfDG$>7xIUFc|^-q74I{NrU=4bx7sCEBZdtoQeJ0&*V++b?x(;+kU604HVmh86I^6U29b&n>AiwMs)R+E`^l&1PQENL4r8%hfB)T&V93 zb#cMxQ9_5VCI^cx-uS=PJ6{(qMY~`R>4_20Z5h8fcawvuo4+U+*m+s$8SO3k5 z7yE`Gu!X+3j359yZwct0=63{_Xu??cPYyvH`sKK8B`6S_eBFZS=f7GgEkE9NG%UOz zBHu{r$BpJROe%*gCIn2agc5bq150u=zPjNF$|l?&wz#|(+%d2HrVJwIyT9-w zXb|FA;$oSOdj~5IBGF342nI7&H*P`9A-eOy2lMvmbg4gQ9e-)|hAkdJq#$&Kalwqw zL?A4!Xjkw&$u}Idva3COfA5v6lcEaB@Cz72ZS|Z-JeJP}r$3H)CeELOS1=KN1g#q( zzV-yRiK+r2!;lYAVe-{jUxc6)%QGEr9Bz~ zZ=M&ZZw5pOLYPA}Wt3+7*5LUcokXaNAzA_T)vT3*`;t(*&$mfN1qx~0I&+gY2`*U3 zH445dwhn+|s*sxf4KyApxE-lUYq?@UmlIi*etV@*5zGU5&m#jpyQHw|#BWC!XAxdiV&O2KBJkLZ}xE$COoyZ>KRr8D+SG~f?cq|IM_=B z^dax1vHn>qZ56Bff@G?FHJ&6-OD{3NfMd5IRr`_wiA62m`DKZP7Wk!-UPioj+Cb1s zOuy)79e#{$=jARv-3<|2uHXn%Q7bK~z_^6A1&~v)Kp%8o!p0Z9tFKqSTySC`B#W_y zSIkKJsdnNi%KRrf%MuJ7j+nE5$y(&fg1Qp|3Dbpb#Tb)PQBU7XE%QwG1+@3+nutfyE4Yf78xB%XAar$I zM{()?5Q=U*EVFJBCve5jboUD6<9ce`dF0s(@zePCJ_7+P0|d1)^MM~u3@7-td`>{} z8F&VQ!BUsdM{gMyEweU*TZxCDK3Tp*N*(<{hLPgE5eV#>#wUT89N!Y9oL29^mOS7p zT0D?X!l}vATn0#eK(c5-uhb1Im_PJ9br#>t(_b-o>@1d)RgtcA)i!Zd(E9kXqJE+0 zSy*BHJXiBzis|`Eor7MUJ2ER!TgN$mDhGd}Q=`3cV>p*iPyC$feD48q7N)oSy3Tiy+*e?&@#(bm)H)4oRS{u#$xLZ2|6M^a@Z~oe{sqc?D#;0!)8C-kEV{s~my-68kns!qFURf<;TnjvCr61a?vaRqtvw zM&$A1!u|h}Ni>a>2h?ID34vj@d^Wg=cJHMPMR0;gC>WVZqA>+@Ekm(M(k7E6eN}KyPf`_{Gf# ze0}NFgwX<5DE818oxDF}0u}tdBm8fTBbf*anD5h1C|3gHQDD6KcN(o9 z9g8#MDblMy%fLE3?}66nUS&uVEu=gbdS!2KZ<;2wO|*5ikVJ-Ow_HDbMFLmjRf2y< zLa_(riN;b-SGZ%&sC4;gQQfy$(YP`_Xhv*iy-gFmq3*ete}gX|>8Ku#3ruZLH%fOb z%jz_O>L)D3!UD?mNyRB>7s38Il5y1WSn`UrNmGuNdOWc ztX=S5d^N|>P5n74SxF)=YU{6EH@KVfx^NT*SB*Kh~2^9nq zPh2ZLh}rg<>~j?oQK=KK5Ntv3Ky*-!$6zo05hZP8pDST6cyzKjDjF6@wKZO;D}tC}k`JVz6iLx*66fi*)kY7@{bo9EAk%-I`v< zHI4r8`B^%l)SBB0>i`bJ9(y!N&!-O{64QS9F;p7KrLw&eqt?#j{e)thOcbA)qmOEH z$@1>Binp{J5EH7)e8$8THL&QSj$q5@kodeL&(sl#T=MW}zTVG*^DcwmamhsT6_EbS zqY_{2vmZM6gg1u*i)~4+oNvjlErMl~;|~2wbK)k;@v&l5VLt{N(&3{}$kbBEFq&|D zi`DekvllO%eIh7UGQu1WNgx?6Zvl#yFjQ+n{4mWcR0g|3Y&_8sKc6gc?+MkbY5c;? z3I_i>HA29JX`W_W*%lHGNz8k@QJ!9h1tvL-&4v`&+&n{8UK;+-G)v>C-%F-6-Iq5$ zWchrCl;Ghvki1zA#ES_SVRFwdQ~8U3RenFFA8)tg72aU1Y-G}rL7oTY{?#z&PUWCv z+?$gzT;`Y@!SAgtbA-iYb-1jtRj`f)XD?kUDDWO}%wXd2lxZ)QO+k;H{*UdcWH0hgz#eQ;0ukMpeaXJ* zpZ=wgN22wiWff>ce~vAAQ;u=Oq|*~MF(X5aF>uL*2Ok+fsEbDkE^#gY1p+VYi2nOw zhg88LSS66)>5(-e9uG)V6P_rXt`B03W?fkrsqW-J_JU*~HwEwC?)U=``n|R@OVB4z zJ8@lEApFqHL{KRNpkbA8!gv z8ery^bJnnQRUEftkd1=5~w4=9B(9fJ(g6_VB79HcHS~@A37lUZG*tczI&YolFkmI@m;s z4_wXd`K!{lm;3Pcq`YOf+q|arR+w_m0b8#60_7dBdnb&|4tox*&3V{oMPL;*rn-lJo6DmrAd_lxEuQVg zgL^XE$wA`rsy_~7Y#}gPa3tiyE2fuO?)wge2)l)pQ9-bmVx6iB6v?Y-PoLU+28c~3 z%$8O{RuK{h6NR4454qqKLLS2sV_cFPsiG8MOXRaRUMd`-I2(kAOdK47ZgTz^1Jij2 zX)49>TXV9rVr7n=2_f9{*bx;eelh2t(>6eI+BEcb1x<1TMAA7IBP!&I#hRI!IsN+r zZI37$xaXjiJZoG|+mBU~Lk<<~I--MMc|usdI=&pm1T&q{?b#zqRQ^JXMH{fAn%G3G zV}Lz-#S*I+%K}mkv6*)S(|q>`*!c&D4w6s4G0%}YU#^oqUnl@lq?nhxiCrOyxDO1! zf_C0*3?z0B@WycN3nLiLgh%?@p3|M#&-N(9SqRK0IgaEx7bpjiF8`TG@$)3xU>$J{ z-!Fa|1vRZB(Z%O2a(DVH%VM{h*E&Y`@T0&Oab=Yj=E19xWliI`K!)Ky9-qqSWC&FW z{po+a9vBnW$C=drev$Ct%MsyK>f}Ujm?P8KflGu5vlK{DGa^& z%C6@~fb}pl)ZKR-&lxztwc1R5+!F9=<{9)!P&KS(c&>(aUw%HkedP4r*?hdha3PhB zN2K!L@6+e~X2Z;oYR4wxSi;fKV?;6Wsei z;22$NP2T4Mvw_Oce?XhH4jg1L>?%ZYM@!pu_P8ut1{-Z7?i5$ZyvG|JK1Q+ z?4B{QXIqNqyTSsjo#Nc1N4yI9WqYkivD3mJrVT4Jf4aVS{0%kZQ;)qrME6E?2ToJ6B=9>+1MLk=qzg^0Ohdin`2{R%43F zpWh)6i#H}i$M3uI$e|yS9&>bj!^Ax8JjB6ak7j))jkKT_CG?DaPinmbv{tVB8P7la zKrXA5)}b$2k&)z)^5&jl-m(uv4!+o5>Pip13%m0UzQ{pkP2h#PqFxRAbrWI-eGm4L z!K;^Hn}4G3^c3~o(n{>3J99e4pN9;z%Ca<%uD&4QQZpYJUdw)Wmn`}R2aIis(am#r zgSjr|Nc>>9{dOxsYoV#+)Rb89bTzB-x)uj`Cf=%Y*H1v}I96XPs88 zF?EZc2iR3cmRlfB!@^D;5!tCcDRv&WgRez;vp7u@!A9jj zMpG#{o8}N;>sf9v*(8kSxVy1Q1eBz0W>14V5)oPYH|jlIfb-Pc-YA0Ujk(tk5Gp(< zxN1Ky@tYOR$eKIvF%emWsEH7~{yXu{X)9wu)U>D>xBVv}%o5i$VL{al6VSWfOiJLq z+8PJ)qLrqVX-7AR7R7b3JG*l-2a}zKpuBjI_a6|G|~&Nxv?XEsne|kBuge z9hn#4{BhO>Vx8KKo?_KOUOP#+krmicruhU8F12=w%8!|PTUybPS4t%xt!8}ry9=^5 zT`h(31zH1d6@AC{)P6L+KS77o?)VfebCsGU_|v~p(JZi~{XhN#ypML*#^dXH)?J%@jOG($JXw$L{=LiiWDBRw#1n`LxH`ibrGWV4^;-%y) z?-`54IbCc8fg>bAEEeoBb}bSLEbT!(8s(O4vq5H0B-l5Bf`iGcK($Sr*-ngppT|d6 z8cACT;ASk_C6lOgmM3pK;d<(#amsW^0tB&bco;!oIIKAoX})lBio6Q9V8|=DVumF( zbev5`h2FpVptQN6;8sXV+RNg4KAyU1anB=bZ@E@#iN&{@DtU)xETWIfGVqR6;zr84 z8~)Xoq`zbriE?o}U;G3^+8UWdA02^xup}@g$`h|WtpuyaB3D20O#3Ca*%w)N-yZJf z+C+#MPj*&QO$3q&nC0R)t45t&hEiKZ(NoB zJB|(WEnTJ5D_O-97iV3^`pnJOY&>30drD(>UR3b3Ez4bS*~(W-jEwW`{Tuk^dXTg< zoWhcCL*O9&%4bLHpWWmGR;Dr1(;CA~Kk@5w5ugwP7mNW)Hsi@@!GI_Y_QzWTFIzY- z@{I18XAW0X+&QNAk}A4%1hVIC+VY*&`?Bo)f63850?{1?W;@Aw0Fz9jJzlohTi7?;{NDc>>k=J{r>q%>D5sIjs5xW?(Zd~Sc-auLn4ew^|sqYZ{dz< zgme}rjLz&r)ZXVGoV_YbBFma?m*7qUN`K8`!~~jS6}J$~SOTt&YyXwwC5T;tDyMM{ zrtM@242a=@K!x=4NO63K{l=# zNc%1Q#okiDuj}#;n%lGiWLz$7EVrI)!7)%}kOita{K&{9^BdLoc+5pso9v`vR7xv5 z{8~)wS_LSXM^jmgTMuo!VYCeUg59K)VWKZH*plQ;EqA`YO@gt=O#r0VrAb6#grEvO zEzQg9{y0-BgptOolwRcn0k*SrBg_;tvZOP=TtGe1`)$Qwgo_m|T;PQ&j2}g`{hhVU z52ztyu9NAIiN><^V|EHL|GBfw)bNh9+!O`(`KAxta_PQ+5~Wi&77jqs^)U_seiQ@g z=`L)c#~H1F(CQ7!>p^f}e3QlIqKauEqq@M1QF79~~ZSc6senMQ!tV;flHHiQ9vMZM}B1DzKp4vf2^AuH`4ayQQG9c;g+GGM4EGQ)yup z;_!%=OIrH=%erljl$Z6|cMj@}Fel0hB3HB8X=EAmM`IDyuRD|V?0Da{p9k4-ml|h9 zmK9%TqwfMW>-oFVx;Ot>UrP`tG@hNMKp!tP!MI?#Gga9rngp!|(6)+;nBY{q1{p+> zF_6#5n;)0|yU&ssBFf8eQd-O!#V4vn>Syc*0|yi6_LXP%68>)+-w zq!qSsdbIEg6Tk*wBBvE!&lC;eyl~=pLkj~}p8c#KTWEDntxs{_+}_tZ`&$L4sYd3Q zXRoZYg@*VoAVU8Ut`K2h`1#h-6wi*^CqNn3RJna6>YEfGnf|=(mhfNC9Y9Ms;~G_1 z@U8uP34A;!D2_+Q@+oXkkksA)Sc!8D2ZCmU|JwJ37?;(6_8S2XUQb>`R;h-LcKgAI znRRO&XfTeuH_ENl$drGCnmx4Fyyp`bK2Vn)D(Cl$7nsFu0JwPRK5isI&EetEU6~<^ zesKzHvxa@XVRK)!3K-=38>C91&+?Z$!q& z{l8CofO#iEPGFCn0q=rktWNFgohD@_zbenUi0>2&nZ=XO>|KcL`%AE9>MLoO&}0yb#h|!H!7ODa*qlbk!6nXEc7!H`lgZ-^{aj&IY?d z-}U|d+4{jXzJ8&d8^=G#i{jcwz#3}Yph(~WSZJ^5T-r$zpf#j*5|ZKN#TlBVR;v-2 z6bm#=D+ix1D32&-TJ>jVgL+kxe? zFX#hsLEVPRk8bbg~sc7wr`>{dtYhMHo4!3QBYp!x!)5L+sW8dEinI_4r3ct&*Io z3x>p_{kF3vrd9|znLoTfK@Et)OWl9S5!C=X_s46pKhq`vJ@-qp{68B$lHW6(C_s6V z?|q&P{wGcv!YXeOypAi^fOo$@)+=l1@dG9!FCZqLeD+>FiT0^`SgYt5Ssq5T$_z?? z2*$0&D(fga2ZxufG_sScF!)bL&JYSqUyLW=-$sI|9ddku9O<&z)T{KCRS>PWI`DED|9T6DwsSBcoJYQ@2}eJixi|MES9yVFZ_+)l6jN z+hSf#MoCxr2sR}Wd+k~hDHwj5J8AYmj|4AxB$A2`0vfG=%7l!Nj$nx} z(QTo1CdlRrD6KL;2M2{-{#@>;1MD5cu+|o-9{6kAg8`0Kt90*>;a9h&B1!PP@L}|D zu(X}}HiE&yO>j(KTnB{1Yz*mnMDfy<*eT>km5gEj-%Svv-VeI+g2k2q(|R)Y=I=fj zJ~N2h#m6*x$vsq|E`kfNx3Dh@WNg6)33K%78UdBzT1T5tk(_nH?Myi7+e^m6?}mvI zEw{CGs#Icw<`{a;lyOXDWt;6;!KxM+@cnTvSSfg`0I2%+{i8Y?98}nd*eUxRYb#ni+0lD!4mr69PJW$aHbv~Z0 zb9T#XpB(8btxO3NtZ>iNnG_p{cuG*x-ZyWs#a;;b*`aY z1E8QMUnL!>OKfkPrWL=Q+k3L=qaLaeII=}{k-M5_hPT^(b&XbAY8dn7bJ3k4WHAFSi}HLZ%L1f96DMrrz^<3-Pbs z^5z2_LfYjwzWnS}9R#p}VoBkSs0wWv+(=l>DShRc-$OKN`>AJ(OU%Co$K?12vqXZ} zeFC9rK+I=)^*PAy#b(&qT#sVh=C9{+e>Oh)ScU3-*Z&`_6mF?fz2yJggtye_$g=-- zSsHK4bnL4AMs#nlZ*H2WO9md=w{N0FRyMU=0h;!Om_vbe;|GJ}9O*17en0R70oZ90RV7?Jfz_vhd0_Q7hS9nI(vu+5k+MSH-()0Q!w@G&IaWg5r_*#(C!(bEloX$JB#_7D5i0;= znDgAa!a^JVw&+$ep3|_S_bm#JG;vmtf87KI(LdFvRW6<%sSRdoFnwgY(4#y3k~CV% z?)F~($tvTUYl|COKY-mT-6ak4AXKwWv9V@Yh=BHLx8z{;G5!=}-HU_;7%xuoo6h9? zE~*W{4KE7Xr?E4<->4=(-~k_W&Uw~$pLR5ttL={3*yJ$BeHqV79i5ldZ~Y}K%{J`2 z$x65@Ft0|VN1X$>E99=Y@fMvD(9u1lVE)G+`$}g_V|?lLK5fOc_P2i=%Ta_^HedZ| z2S4YG^-k)=Q8?qSzlR~Ume?c6TYZ;O@8^5}&fv&@l|!6bgdNoMk5(Y4F@z9M0?ZMT z77L<^RwHf%pK1W`uFdg^0$MSsbWoLyVpU<{+tC{w_~U=hkK9Z<8LV`H#NKWVl`&aM zBC`tPJ^W0jG<_AJ938rfPbsoQn!X8e^Hm_G($JFkCNROgknws$5<%dE#anJt-5taU zmF6w-*&Oknc%V5`71T-X2%(<+3*N%H79drgqHO@V2H(2L8Uc(1{q@Z*gx0Z+MYk5P z>E^;lK8u51xd;Qf*)l?c5{pk5() z@p30M4Db2yOUc1*u?04tAu;c6!W&w^9b_TK4kn-M-Ud5SfFRhPm5$%MUmsm&ftv|9 zlP_^Ee#|BuZ*zUEHpE2?J~z%=m;qqddN~8#7I#Hza72)!F4>X&HvlES%o~wVwnrG9 zF6=&SbS%30;n8Au8F~>%c^oi@|69QJ>-ziTf6gW!uqbGN&l0zX-JetxQi!A5xf6pA z7jgCGNMV%J!Kn643$YDW@J9fi)}<{B)z>2>UkD0OcPL)I)W|a;-h)-Pzb5x&*Qs}$ z)n0TGAL_S(X|}li05!1}Qa!*IdgB9KpU=WhWrtJ~FYw68+l=DEyORjDG&<5(liN+fQOm-|4)`+uJ_9h;yNc&)RLy%WJ8Qrl zn!F{3Pag_g<>ie`SIPHcab~eJ6=AQgr;gt=@LZT}2PF2Rp;Mnq7vUj5rbUZ5qMDHHly62nnm(?dG$4MdiO2K%8F$_3s! zKkI$^K;(zwDEP`CX0zErRMzbo*;yKV3RLnU7#dHoA%oJ1#*1!CYwBe{{|;51=; z?*@V-Unu&C50c0Vk`8Yi+ZrztiZ-)X`LtXfb%Vw#=@2T^ir)Zvg=FgFI`mdJ=%Jb< zCfaAk4?!wFC*kTYB_{U+rIRV|I=_ZYr@4Fcml0a7=y@Q$5khwr!Aw;41Pbv^UMoDm z+oTACs5A#iwjJ~`9fCJ z1OerM2Gd*MMndgn{6i(oDbm${pl*Olj;$YDXAume3kEu0LHe(a9UR`tpHAD-hP~$Q zBoGmBgw%lp>d51Oui7_ezrUAxx!y zWBM06SbJ`3um6a)>gDanUHsaEkGS>pwtiUbg?gDua0G=TVlD=#gT%oJ`hO=VJiM(s3^LD9fujaIA9*qWwJ7k z;|fLnE1dy8)qM1=aunXoH!L6eoDh(7RUSvTc@8YG4zJU(bx7?FI`Kl@kVY3{%R!$& zI0CN8ZT7+JymomP4@R$BVLB>*lspf(&a}~(Y&ma0E6$$l`xIGoAkzXikaB-=YpR3U z?jvHYIN3Bl`R@>25We)H{MOPJ;u_>bCrNw)NTSR}`6|lPWJ3 zBtjV>Y(@T>{NM@pHl$yMHa+G&Lvsh12(uZd(2_&GdN@WySrd1a=d_BZ4FibrL4>+B^b}`H!)3VD=3!G z>vZR47FXhjcw7MuXf<7r3KfW9|E>R4d$Xx#%J1xY|1#Co(Z6AFZ{gREGw!~Tc5sRv z-rUV^JepbDU!G+rPnk$+a@SH+JA1uPEZl^6?}tMd@*(WcL0|ovN(ogft0(hUIvd!u z2F{dF<2;8JjVu7Gx1BPm(Vj-#_iUj`6ttbB3@=9MyD8EL`Xd{528eS=30sGn~qzv`(Bn%d2bCLWU)qIAd{^J8$dkT{Wq zJ)AW<{_f9Ma#+{Gl(t;%Z@UpYCxzcRH8 zy*}Uc1`jI+uTmc^k=i$X<4#WDTN1S;V9_r60?&ab!Xn9@lFpBU(uC!^9W(I^PDa#@ zih-UuXN@PR+SeoBjDNSV)OJg%>@EW|vF!P4`#vrN78iL2B80=G)OB$hUPEM{Myqb5 zR@bobB76N=h~wIpulXYg{`-9rhTD8M@#0iNdA0UgDteQ%`kq1v)4?wU@eN2uOg%E) zeZ=I9m!5Equ$Xw#UWNLO9I^Wf8LPa>AXV|h+nAfXe4m-11MI%Kn)u2V2kpLSq`=8|m5%)?MEx48186vE1C;*A-p3o0=C0HC^Qzc-sP? zy)eORfT_6nEjdmu`_@=L0HxN=2ZK`8H`qep0->W;ETERC0K7OxYCTZ*Nk-6y`$)(Z zxJGd$cdr4}eeqB$A>Ku`XG-C0e)ay(criF7(F0Gd9sEH21n`9kIKnwhwk%>Hx*Fl> z!A(-}E%p2~T&aC7%s#QrsyJEfHRx-#=Zy4lN*D(*$I+N7+4maCL*kF(>^1OjKb0dSJRP6Ydui!$#@2iZDxE(GB!4!XYMTxGN6m5D4R-HSG z^wphy@(PVMATM<9hs?bClKUfR$0;WA*&DgUGU^EX#(#G=2GPplG8fDC);8``C4&aH zY}jAlZYCtshMtwP#s=BLgZV1(YiypN%%oaHvkv}+!M!4PJ<+SYsXEo;)31d#^TizL zZQH<}VU<6Hh5Nc!n%nr&`xNDoPl8NF`5Cw$WW@L|aqNJ~d~96XWR%aWYgn(CDw@3e z1QBbMBH+_Ctc4<1V`aD50ot^-R7LTxWGZ{}AY()>lYI@BBRm3e><86d&->XGoE+;6@T=D96i))1g|{2eWthi!Ibj6o#^8If$JP;CWRIRBIm| zz-!3w#vUWdZLE;8nosCBNa3a#S>)p6-lSJdxVDj27vLwC>r3;P+gb0ykH~kU4J@_X z;^S{7lT9V>L<~i`M)s&Y&woJvFm^||hrR;)fy?ixTOuO&J8p=2(BGPL`TWw_WS{7P zqeDi_D*VbbOf>3OG)jDyQ-y?&VG%@13u%G-JBu(+6igIctw(7JKwJNco7ycW0yr{U z34p>ozbq$VZN$$YUu`GUx))ih4w^Qy2V}1|ir7z#}K(`d{0Dirq#7Jw=vgWiwBx0C~z12rkb1vHzw<9Bbt)~iuosa#B(YnLV1lK8sh#d zhF>GJm69lwq0i=4#wvRUISH*$DBDF^J(sE-`xh29TD>lHf%ti4vrdq2wN>Y1;zKCj zXF;BUJ02t1lpl8C%rbrxWMHzKNBQ05u0gx~ZT8uGY#rq!UM$Hh<5`%Mv~j>Rmo5=6 zqoM}kDwgFCu*`^w7aXGDn80KqwYAgYa7-486LGQIk#l6FTZ+(d5N~$3*qeNYJut-_ zU1+sTj);$9B-_cW@e*)H` z3eNb!(JtK=I0U+O+>n&Ge>(&v_=_pKo}KCc&oi8kAR++Q=vByJznu6s2$PAIQ_<=U z2VI!Rl`{I9KDG(|#-ixl@{!)~sS@CIT=Q zN98xlvlvjcoc928eG`!3zapi0K$Y$xLpyHR`=(AyAYQ8+9A(riV>B{oobhZHH8W^# zm1fP?$b#F(b{!mh{AMFk@(dGFRgu{KaQ^`xemGbKwr^zl*4513RC8wEE#wsa?t1*J zT3r-u)>a%L_b|)!Pj*Cx{ra5@d;4z2ONv5N&0?OX+J9DX1Qs7W-8}LpVV2uL0L8P4ST`k)j$K4fV~k+fM~EVw^KwM3n5Z zg+ca`B}?{w2^s5H!`Ml-LY64|IvBDgnu%eMv1E&sWo(J;RQ6>=5m`dtdwR|}-{0?f zdamztUFwfh=W6Ejx$pP-TCP5l33+#{O%DG41s}dB|+w9k` zQ1IL#`m)=dfOObOBFGSXz_Zt*^8#o4g(6g+$K9yl?pfB&MwNK&KDN>JNSU|&4%n$E zd^1oqA!VmL8S5(CCps#3Y8Tj`tzKI>KWJgWe3p*-dxT^J(IUq=_WVfflKTyJmA)j| zT7C=2;ziqVZN7M^F|mSF4}r(`=C#b>D@qJ77C9fci+BBKVSD+}v8H}1aDgyG*4C;1 zpAHjuN4>xk*LB4Rl)IuoWxwQKzvaE@bVP?>U6BFd!X1rsol!x1#5vB7T+ENGZ% z&c=Rf0L*oNN+q5*{4fX=<{JQUUlbMLy7l6dxxIZM)5Tb`Hx^+3K9j{3n7nD9B!C)u z`vc&iFV&yMW<_aZiODa(lFJG7L{G=M-bitYmtBQWN#}4^6U{(Ge|&>J_!1!*86qeu zx>G4!cdLy=g>($K2G!<8%21jDk%ux3>LD4`cJ4)<(Ohx3L5btdm@2LV%1GME0X&q9gYsV;?=bv3MuN3_kUPG&6#1de0`3!qBg+ z5m<@sN}G4QTHnsRrtXT-7LBPCB5bzgJvrw_UfrbW)q6SuJaLksZ!E-2he{ykKuPfH zjK>$P2aw({zc;jqe^sC0Pah~ZYB1e?thzGeJP)w;m3$=dC~l?Hi{1d@5XsVm_ zkGQrWJ4M5*2Up2^dL@=UHbISAw*AU2F$0vix}}gh;R0DC)u5Vo(q1=z!Ac3FM$Lpy zow=w;EbQf!Xcx!5yu6^L>>;3O-)1SAL<{TOr`><#S~pScvgYU5m+BSkPI4Wq0!oL4 z3%pZ6lHxLPC*~9Qnn(Q|pxRfE(Wx^n41u9yneo}vl4m#Jz=I^1y7)$R5f4|YJMG*m zVBC#(II;{4%J_rfvfRNM5KtKQOYnaL)F_7Cn5&MN+nL8z;VLw9QV|WDiXrvM&K{oX zOiNVOukrP6Dc?nGn=S5y;T0*aHB;Z@;%sA*ex0-((^(52dIp29zcegBoj-a)erZ+F zE_fA<+U=+Qp!GV?5cM??bDh5BM8xO*B@#g|^~#(z`iZ;4VN^JJ5*E_O4 zS~bhQ8lHPxQL;Xv912ra5h(92LE!||nW!6DFPjPb9~GP7`I z6TR#M@0-g{erm_OJBLYQ^P|3~M+{!wmq761)BUf(>%mG1Q4$f%f)^j0qD}=*QD&+7 z7Dw4gSWAPN=|{9`%5sQ-C@xA$6%=0Eh); z0WU$T-Ya-&tf>>jw7lwp+_XhF&;;`zPOC~zAM6Y~1Vdr)_n~JYlxK_1kj;^(p2Cr> z{s0EPPV7aTv_WLqMCHAF==rqMBxexU>+LD4qUP@$s*rOmC^5~e@-h$Y6KyTE9;%3Q z6S@Rag&&{C%0`uNW8-Q;%w=mLBRONF59qeTj-7rC+Yt;gv9Xa)-v*@y(+E;BLS`o0=gWNj)`L!3NlfD3= z?${Be_JS?d1^&*&+=M}*quNsq)(Ub@@!AUz;gR`bysp&j@Q=@V>P*_)LX6^{t-)x! zBwQHSlvJ@)(2la88mhHFC#+4TO|E{r!;(hj zk)N8Y@@3_jr z-bBL%FF7*q*P0lRkWLGZL?SmrG3eGN-OWZ@`;mWFTmM#ET>k_!Y3_am+SpP#Y z^kC)3QY@#~>yQg>-^4iU4W3dsj9w|iH~2Pu;^4l2M1%ADvA)Nr`fTie&(KX;RCivo9kkd7wyf;1&$M9d(OV=T^R z{^07B$K>jZ_J@xR#U7fFNQ=E?pE)J{WB$OWJeKe#qB*bHO&W4jM+ zm94H_lWs~wE)dGgNV1}xE8+WkLWXTE#y6fe#EBdxpR*OFYUO`13JEjhZ<0~C9;S2M z!j27nA53f%I?_Mt5vtjs*_yIXJJz4$-F=MTQC&Jo_u>qA4{Pe6_WEPpCBb*1ko084 zP6B|+NYX?h4I&;~Retw$=DZ4?Jx^)!0$1@J_AoJLJo6!{ai&wEo%+#v%Eu}>8f@O; zol$=Cnwvmugsbw^j~piTa4`4?fSbH9IUAtZC()TqGMWlo@_8uu4zV$&TvCNgCbcAq zSh|E0bBUF-c@-S+dfT2u9(7LN)Msz{{t$HqJr=`QzGuy0GO5CdMz?3mq+J;=%Ku#P zQxNw>PJ*2oOd0(6LFmZ0|6?KkyBv3gkkk*JYkO4NN&}11ZvF){B;*=P!+#z7j@jH> z4S3V1S{fJK^8rjP+I61F#*3)es@BaE%92hra+yfKf~l9w%;}bOdVK32y@#$nTcmug2gK zx77$LlP|w- zo!Wo7b;O=to%BT=!zdq+M_Tr8yo`c+0$IDWoQl>&Va?Url0J`6sX?(IOVG@aQb?L3 zq5`&QkYu#p4A|;>V88UpT6)kmJzguOQWfVuCV;6`VgH0HDgM?l89OjybEbR)T3||7 z8|vq-j2OvtP9IYRS6zo#D^+X!ml#hB73wFXBc(mZxj?G>ux1rN7}g;NB+U_xSQ5gC*%KwZfaTr!lYV2b?%$IIZ6yg|XcuK${;bvj&0$@M8tr^+kgy_B zNoOgiTSkUOYakdu^hPHAuG&_KpG5n=RBfPedm2YEqbWVwIoT501g=-O2#CoZ{bF=w zahIZs`675}UEe{TQ=0PzP({0u6IV1uZ~^u-thOa>)&hp zR5LOMMg-k|-tbaJATbhMKItdUz~zWH@a%u-eEzOrQkB!rNV*`%OaPYTgOal+z!J)J z+|r3VH}qp<3{&$^NVm7zmOa3#@9o*9b-!9u@v^evGFMSMv$YrN;y&aWW|!WvcHICk zo1NHaxga3DJ&&Y*@PPZ$DmxoXd=&rxpEM9t5=3SWKqi5McW`n6I4h!!QKwC=ZPFLJ zl*JEOj?tjeq~;=M#isN?RZKRTD* zL)DpH0Pd_h;Ly=3zc4IN6bBNi;43Nm1nZeT8Z{JxdOQSE^{eNrKEcLmFzB&i0{eF# z{Sg{Suho8eyg+ZJyZQM|naSr~0>4YCZ;}Tgfrk4bikrU+sr1rPcb}#*G`87VZg*Ns z&VOTK#qY(b-y?}@;CToe{r5;noK1kqg?L0JFHZhqiow--;5cz2o}9x!^$T!{JsEH} zY!3SqmiMIpplen%A*iGUJ1Ph5T_!*j&3`^l(Q{FY6){}gg_^uHDHxsi z^SgZvu+==bCkbGjf1CKABvk*02bHGI^xg{?^!17WTScOe{lV^6?~0ySFRhQx-CMVr z$7CkAn? zRg4Uyf^0}bZ1M6Ha1m1)N4 zzFj(6xFcsX3)mL#0bpYwyIQY_(dHj&6CGjfs^PnY*On zCrww=d-*f;lE~M5fM-}|9X=pVKFBMs=E~jpw{RTIxCP-yH|LY`)Pj4@!?+9rHl{se zzv0St&OuK{RNd1FDNr?{d$hneY>s-!g)1!^)mzKiN906(T=rWi z-F|q^!+oSQwmgth!z|E}0X92v=lmH-W@2W}M*Y{!{8xVFrFX?Zs4j3<(PT4~#OvuI~a1S@3d

d><6E+(+nH%rbA4ICjG|GTJ|!B-Zy40! zrl#JekhOU+QM$5~OPv`oacysCX{)d}8 zq``D2IvoaNl@YW&n!MTdubTXV>q;aaS+OmE(nL^D7qaSlSzDC9Jv07`@526?dvh(+ zq)C#m`1Zd_DZ=}5M`-qv1KjZ&>UmifpPP)ouFZwq4 z!_8Dw=2o}TB!CYI&JrWyJCmtE!;DLxr178o{P zEEo(*N=$)|j8p z!kH|IxLY7KUu?(vvb{VwMJCh<@=5$?e-)Y+Ud%v zo7MK5kUjeDzNreA3T_{~j)#)C_0a}FOGs8CsXDjbrMY8Ds6VA2E~mO)=yg-`MGKrC zumDLmO#}3Ax@rH*XA`Dz<;@Nlw~x^QJY16VGZOmBdZMCrcXQ$94LA{up>!6WA<$Il zt-HCMkIOD&M>S9)M*tI62g6P)NrIIk;=>%FU6K+)|qljK7aPWF*Mm41I3&w!~Klw8kD(`%fdLO%`T>)NOyWsp%E65v1E^O` zWNUpmFwZ=yV7!odZ0zIZH^*0=?*itg}I#BSgi6N-buUY5CdwD&$MNGrb1C%9R`nm|4;&RoFy;OY}s@!onS^UMbF+u-m?W)kO% zT>oXhNZerj{^13chS?Wo9yF`^mDrw0Q1CP9IgoOhaN*<{?3lD(Ns+vp_IUM{&lDCq zGHHHaC%^htkh$s<_;97}8lNn!MK5|kjHSHS2GjlVWvZW#{D-ewq0?>hpzU?bl*9T# z9!p*ggu{~K{Kvar5N`MHb*HHvz^yt-xOc;I<+qN4D^13t$J|%Ckc+8^Q`Kl*I|X}C zv1$`fl(6pqyBGv3guMt&U8&elfZ0_X#WXtT5SQ|R8z{7X)Gn0P zBDO`>*23UY92WZ0u;Q`B<=TK9OVub+v`{s2Th>dv!upQq6FTLHD)&^aDP*iEd&TIff5HJTjrs$KFokxa zA@QX!6FFEwRq^NpP%6K0-$~-oDIpe1z2TN-`t`>t40AD^x#qU1R(Pnmw73p@y>z>K zk-i7r`ApsHk#;G27XC4JkZ+q$P+ECie*ps*?#a)3-RD=ZgMyUL(AyqoJtzcFGV=TH zty#_^7#BF#GVnPKC7Q?5m6kmpJD1tkST=pgA!|l_xW*bZ9!KYJ?hG%nIqymSQ%FrT z%p!bn|9D^ut-g&OHs4^n+DQ(nCm@`*Zky59)GRxi06pq1LT9p6lqx0yt<) z7DPC}b3)<_@9#l6?|&Y2<=#st;?SgK{RB?b))5B!(jGZ%-h{UOsO)oVWFb$!+kFhS z6>~QIuuYAx>;=kRYB5tk$=vYo@g7YSxETz}SHE1oawUsV*vz$%5hJUf$z2Pn_2~Y2 z7GVmNuq&aaRlR=|*jy4;uqK3JuEJa)LsX@ECX1Qc&(X@3}Ih-RJO zHG5?!#2muQ=&i`pvaXa+X;A)+-Gr+qufvPi8?OVEcfitF5gxWu_c{2R(FiH>{j1VD zNjI(rj!4jzDB$PfURVn(J7V)8BTu<&QX^9rnMtDY2k7VaYx6Jdkdp)Q3~vpY|d+@U?;zrdb064C_m&?YTLhm z&%ftb0VnF%CWZYpheRsfM~^-G>wNI-Umwp z)QcDImEIG1EzeREOACk`3SzPGOYyp=I%^Y0XBPG(oZW%PGVQX?k%8nx%q_~2;N%ZdNQEgu&sA7A zK<|DTr!{sl*pX&KWpdX6OEm|%3R%g>Hx$YEEkUdAvx&?_wihAQjXN9sHurxZOI^}oLWBVjaG@UJ{)EDo*)=tc(k2+Z#tgFZ%*<;Az z@|(E#=POQ)JzUc@4f?tMauN96AOP&JJA(Y803VmiP~&lCrg zTLG=Q#E(F6Uy0~~ci@mE0)v1KVbgApNSr?0+dSBBkE3@22>#>HyW_EvcdsX2fjNRb zb=n`gGFMsBVScEcSCWb7u}OK{4mMD_lIrKVVb`1NvJFtNLv}&du+ArVk)60Jd&ZtM z2K5Dh&$6CQ&;dN+=i%F*TWr9_m{(i2{{HU9W5dMZhZg2kO7;6wKr8)mN`Fmss$d(W z%pkPE;|H7Zd}GEtg@YA=@*f;cogvmB#XY_fe~un<2MBlffCV?}SXHWR>VN>z_0IEC zGYoiRF9PW!#%Z|cDqq@JF!AjwdkFR%=l>L>q90V2LQ7lngpuA#SDxs5&}CYjh?c7M zhmYzk>khuSYAsRL(HtLG_}3+%0qr4nT!ycS@wTs;`)n~_;Z0nrQxjNYDcOhSGD+*f!Gs0jVk|8R#7&v4OE(XEvQLH9Qj z<|bZP>R=Tb6j^@7Qzv>b7N6WF4_9-Yttu@QDmsUQ=A%V1dnPTf(Z9R zJdO|duf}0--J}^76%=*-wnMH|jHkTh(7Fuzd08-Z{P#(_>krZpf?8vy#aBbdfdj^* z_;$+Z#gx9tKDkw_g4=09T%_!#>|gn_hIqYxWc#Fa&1YExauMUpsr-yK7S-NBN%bu5 zCL9iz=KBQhPbY$FR;>IoT?cE)`)MTJI2KytK4q)r%B|arT-@5#Lo8|y&Pk_n<1FRd zxlS;^RFpmUKu0Pk_=m&L52Q(}rWr5A)rt!uEZSZlB4GS^q8dE!n9SFx-O&pS6>049 zClvYr&QdQpKyI1Rj|*46es3cKY<>5_dwP41ex^0d`ZkzMzG6Rmn9JQZ)h*9#>rHdl zw$fZFda`0Cu%m1$u)TN^T?!YB8`0Nr4OpKr=XwdMn;_Gn)7nZ=#=lVUh`}pqvhXOF zJG0~Kz>o_!n*iPdKBV{|sz#;o4CmXw01F*+}wS+V%Ui4BeFE+Qd z6e3DYY%GHbb6p-4BY+mA0o8SwmLH&D4rX2p52|Gq?VaEvHH2S)t0%> z_d%(46rP0n@aZiZTw|l$KA>a3H|IL!770Pi`Ng{tY!F)`;S^xEeNg{(_h?wcHAq+vk?hJ0CI>it)H2P@nzB zajGK);HMl5!Ps_6vi=Ckhg}62_^9lhsykx{D;(6>|C*_~5}QVGmq|pa=g%MO$DGrt z&N|c)*VeChhlNh+{ZhOD=*mRXOWg}j;U&{RkyJ-C1^z&ie7da={(zwNIM+P#&*VIKNwus z2MQX`JKljU0F~E{i)l9rlSOARC@_h$2nD=*C*Z?s+jkwxWIsz|@R8_P-FZ_7lvSJEfN(%c_?P9nOY_GO|00fdK5!3$(z@)`aGfOln9dD-i0_@B| zE=aJ00-qYhli$u0$v(gK2g0|%-t|+cBf22GddE7ddLsbD1G?vbc!`;$gf(~c!BiAf z@w?zAR!^VTOsqZ{kCpFM`oSQ05fmaKI}!N^Sli>hyuT8OB`Ju)efiGnoXVcul&4aV zNaO*(UuDUv)|1?H(WBsdrb;#_{k1obPG?XfOwAV4JuV^j%J~&&VV9AizHjy%+^oKw zrGecvZ~CaX|2+YT3wTM{tLxLY`_I|5YP&rm2ttt zz|M3HFHn4djdtbNe!-`gxgsa|CMOWA`J2B0j+3Ue@0Y5s9$+j-H0l{5X>WBL=p3(d z4B!k52HCn7on_1V9`*dWCbi<;Elhbi^7G-6G;qdwxwkt2=Bz{&a}J~I++5)pcHh`9 zwPUuH7r80R8yhXPu73>wb#%NYMxD(25QH;8gym_vyFOH`)@};;WTZz$C`&k>ocV<* zAil?+nk+yQ5!?Qz8A9R>$SRE&p|^W71c%DZuN=vn{sLuC_djJ2TflpYzqJ7VFHTib zjfB9KK{yq8f3O((qvtKuu1*-U=AdzEsZThg`I)9*b^z#o{O#dplDDS+ZYlaxL4o)^ z*JPSq8kM=}I&5lcD%DD5u*F#GVI%UfsV?iuM>*}LYaKqjPpA>KWkdY){F!?CqD8H9 z7agX_1zPzHZH*!8+_)Rv?5SoiOyaOg@>blr#7VZyz1wwa7he@wG}iQcBBFF2JO%sM z>kBX5Qh%U3B`BR#bC22jPK1cX3*{G?9|4PR!MybV8U6`~_ZE{eK>Yw?)PxAv{H2J; zFx!O~?UJuLZO5EW{iIzUgBN4)d{*8tlP4qHBV5@Gc}RYKbSl+Ei{0l@1`@gIWB5dV zg3~7Yw6+_?X0(3^xN$F=0aoNdX1>5AK_qV(T(VIkR~p4YPS&v}?g-?Hbp#)zLhP$H zPi)Cm3fX7!0Q+J2X4di!wY8QI73ktF|Dlun&inLOU?+1UwP)Z{TF-<8Ds1;hO}B`; zvn*viu~RxHUiK;tme}Y1q*B6`@vjW|h}d49z9CWGdCs$XI&xfffvl)WRbfsuNSx~U zxV_&A+Z)B{IQ6T95b}=QwDJeWtJvMDs>!6z^H4DR?ThV^MjP^pG7pc{iQ4>{+ei!E z%t5zC_0dK84Ez>K3%*z?P{LoCB!UYwc!+;vX|u`%15%V(x6Xk;Smn$9L4675zW0Ns z!7&FefQc_>Y9AKXq8kK5e-5|E!hn>eNq=={$39dPE9Hde!p=vziZFk!kx<*NSi9s1OQ$87@?f3H`+EpgsMCHITfzW?S`#%cFRCfg6WF(e@<8; zmh_ZA-u$-lX@aZT`PHSJMYrTWAt6NbTf=GkY_u;nx7B$f1oOS;Uwt0`Bb`RvBQmy6_-l zP6|Fz7+m9iIXAS&BD~v`tqgAoNVGoMuX!K|sh#IZ&aGLf9GuST&z1f;R-}5MggU7n z@sz08%cU^`^0f$&dGqV0Ha$Ka_!jCH^G*Y`gG_s8qieUPWkd^!B+MW{%R1`n#Mv`R z0GpY518-M$@Q8K*MJ`7FRhBMdPSl)RBXc zIqyCvcuF__@T8n?D2Kw$sif}T;}Ku;V$7DZ(QsbZ_J*6;S1p{oc)8=*06jBLb|+Ktzcgpds?~ z@M2@4b~YnFytDsUW~g*zl28FmR#kQrv~QrQ)E4+2(T|RTzNZ)tZ1T3o9aC1XrQWjG zrKHW7g|r<$G+_fSucK=LEFQ+(qJ?cF2pEyD(i&8%!GyZmmCSLpEa8oU!lj%mUbFet z`z;&n{1h#RsdxGcEbcw$i0hTRiH{ z$mjab_O1ruaKPrVmgtqYng%EzVr3HHtOph!69!(IwiW`2+TeY0Sk;%_M-^SOcdo?> z^MTPYGN0qZy3>Yax;oP+x{X3F_sEGySWmxY~r zFMF596w+zQkgf$Ngutr&Z>LXq!1IASk?(-Qt_84rypGLcFg%k?2?)FKhwI+q>C@BJ z`v7dVGY>p=c>v}nfBWlaJK&+J&~^X=3ut6yB+09!I*a>jZ>X-AOf2Q&?##Y$&(-{5M{nq38$>i9GCZ0NWX88_~@w;?}=^Oc2Juzsh&Sx*d|F*3I? zoqYXH!NH&dsRJo1HCsRina&xxk*$45wY({6dTE(GpI@V4l#O6oyR+3<#470L_ycNn zM~Tx>b}iOgu-p3y!~;NrNFrzrRZvLTNN|G!#Qj%pek6n7Xr%lB^BB+O-CXE2nk4Ac%WN$1@$Wl%seyg$tzB)HVx8}R^Wx|;13Kks| ziv=UNmA3$Pq1$PF(kv*bAvyUzAitCOxm?!167)HAcNH({7b;W-8bOmktOvx?Pw-|Q z_`|M#Rl@{^;)c!5bvGwk5k>REsuc!1f+E8&%S`SUG(melhr*^g2T~7uaNC;Bi_E&8 z2KlA2*<{&hrAkYs8t0`)cZUBN_&9?W%$ariwmV6o`sfxq!D;4Ah8$8L3G$eubutgoN6m`y+Dz%*vfJ%uiKS|-cU|1S2TRQ^)qC1wR zn|Z<@Ys^A$U|zyaOt!^DeATv``QW>x+{bOJ=VQ*XT>@~BL4ek`R=KP4SlRg;Xb0{Q zhaJ5MS6T#!LS95#shlbm!m{<}$FJKd`^{jz!-&mYyxZgip45mS>F%V*6+e1WTi;)B6BnLg~aFw@t1~6*FZ+T^oOkMO!qAq<HfQYv zrj!k_#L0jD4Oo(w5lb~Le)zf~@n zK{QnZLW7R}^Wp01nH(BSP#FgWF$UC@u#nJJ%EY)bFH7LF!_AcN3{V{njq@Q!cfkqW zH)N+GN+ABLlk;|7$+@McDNqP03vhx3yl5nPzJ8l)WI@q287rlnI#5cytJlRdn}&?{0TPrFKR6s(X$?QKzDL_{}K|WUS&f^UC37 zG0|5w4@h&9RW{lGIiosYyoof)`+`M~s>WfR^p<)%YlQ;_$lUeElC@b%pyYKLOAmN6 z!8z4w_Pom&scf7eqV8dzB!sow0if?_>oTGC7pF=ScPdi1yth{dw?HA|?iK(*fCp3D z8Z-7W9G5H#RzZl&(z+O=UOif$JH?o_lHgs}%`M$Qo?(_HDdh5}StRpm^B}i}-iVx|Aub-0zwXzloPU zx9r9iquf7Dt)}!r)5>SseV~$uH+*VU;F-EHc!2c#jfCQT?+I4(Qn?sUCT2Qacxd%E z2|SKb;Y%Zsxeu)3*R<;Y1gB7PT#m?5~p$lTw3QOBXKGO%snx&uP1SgM@#3ghiU{Ksm96nk8XT4x^T3| z2~gu~n=gdzKe2YbaTPU_fGK$Ys>?hVTh;#FFyvHq-EDV76s-*y1jv2ltOJ^r6;br+ zNYi85+n{;Q}`uUVTc##Bud>wb1H1e)`0 zsCm#{|GJ^HRF_)*o3esI-W5}ThtkdbLpj7lu_q+leza)q)4E#}c&&n3xGFIrqR+Q( zRUqnFxM-BtS!Nd>VMp_sX9g1W{Nf(Tx)Lh}b~!3X>q;D;yG(<*Na96YC}x>t929x} zp5@?AfRw}{rX%Va3+R6O*XR@iLyw(sZ!V(pQe;MyW{>^HLQ7g|`Y5OLw(i~%f!Ql+ z?hSJdA03u}WkO+!Nm%7OY6#V!N^DIIfMgMZ*$n8>>ZO&oIV#(J=fV z{ZrJ6fVvJ@R!$D!WE@X&4lWw?6yWI$?ziwMu2qRo8O3rT2=>cbPc0ZFMt_ z7dcDf0k=QYj1buhl}8 zw!FY>VF*lF!fk|zNA^$I{fqtygvD)bY|vcTFQ-jU3-s~0c|p5_fTeToSD`5Wr1VIh z7`@D%BhIVh9-SYcKiB1b7MNmruA7I)msOS-Et~t6d1eipo32#n7_)SWCC2L4^r^x} zU-+R`c#+OD9?rAruD~89S%!Cm_wProO#(6&uQHrjhv!5g)G{l*=6G&ZARU5pA3oYO z%p4KQMvF_Uzqo0zvm0EH3>#|I%hYh5tzTqQz&Ym{>cwjxwZFY;Vx`R=@?>S?li<(0 z_oPA+#iSm!TQ-ddmt6xp9s1+Q_lB8`&mDjCB2;&-3Yd0)cQY3KdBFJj4O$ebHBcr? zo>oy9eWm*79qx{yK}zy`RhFBFKP?JK+zZN{ki2NLZ?tJ3J-`fS@8ZG zJMk2*911~7tt3`H;vmJu%&Z55+AH3#b~0NNo-@I2?N54Cb_3hWGM=i$2>VbW^&IZn zLd4~(fS}pJDq$Ymr)u&M#4(=763+nKjSwq}*G-fdAs+R||9RA3kCKKU7thhHJ;cnx zT2+5>vkg3`?IVoaXvila4|xnyv1xUM=gq?({B-v~EnP=4sfymoHyyGhn3gKpb==-O zY&LNJ<&7Dx*t2ZT4WqM5y6(?;X4E}93XipSM7y?+gV{KDH4*UhuOD$Fn6o^8XZ@XB zn&GsD*>;0yz|V!At{!xqS?D#2uc7S#ZSWyxp=ZBq3A6sX@+mj#T8CkoQztWl%E#!D z#Wt;mTOnBnekG#8clBF{51EEjP&33^qyjO!{g6xrz6ie#f5X@@gfYFzZxo%n z+C&>w3j~)0Z?3KYITW6HpNR}~O^u0JrEPgvT2DZ3T4<8?{7az1IDvCYV7iC7aNlu> za-L{@;=ev=3Mvr?*iVrO`Mx6~c($9Q=O0>u@$?hzX|!=@zENGiDu;x2$`&rsYOq~@ zL;ntnfV~A9_S%CQmbp_oaxVDDs$mnI^&HL)g=HHItWlXDtUI6S&i(U~F~*4rQXLi$ z&5$IoW$iT***NQqR42s#{O8$us(}4I(}&k8Ux?F_DLs30^l!L?Q~=@YFA7ct-;6bx zqi^yJGxhHwYx{;7cuR|qsn5mwv=YZP85&I0c#(9lhrWxxu_AmUeQ0Wkhfz|qT&rad zPpk;UG#H)X${6im`Xblq7|R;heMM|8e)o^vz2!-lvB~hc7~Jm5vGmf zqw~?koI}Z+%^0PbACE6R{AP+dnB(CnXG8~0H*v@|q=iqfLgjt)>L<%2$@lzw{z>Yo zKEyfq?Vg;S2ZA_PU{oE-O}~tx|amUBVeC zN}6}Z(845;_=C^Q7t}N3@xdk<@Bjc9Wt=LDD%a+^1|qJR!5`KoKOj$^6_g^|4@{=N zw(velDx*&ZZ%vFxyiCOzBUK%56_wmasrdfTI<%;Ks$R3lHkY^dvuH-Jp$(Kb*M~B3 z5MeG5q?Md8XS93`FQVzp61b=RS1x5C?*AR1muj5NfC$&QJ;xW}&Kh9j%;*M1GIj;Bd1ZifYHd_A}Z5qJbU0<5U?(?BbJho6O*iX^IzX z-yyHOVSRPESdDrG!56dLJxXh|^eL3`hk4l=d_t~rpQ!ZSdyU5SG{b_FxU|o?r zjV*Rx5$H8}s10)%uTVn+yiB0_1N8tREu;d0EZui#6-_7N>puOVD$L1zKpRIE7iALK zRJXD@vt(FG3Bl=JZq}hpxhR;NH{EV9Z#wAc_Zb<_lHSqe;o%V4ekVgo9LO=NI|n$! z&CX7bKl&>^=MaGs#sen?ye~ay#pBh+hBJc=nV zg{~1A|BW%AeE5J-F<$*ZCX(XPV#@aUx_+{*GJByo#)k9XuO>|-%Va7ze$!;3y4+TH z$aoP^nhI9CTtUPaCGw{)mi*xOQ3<4KDU6G;(va!%yMDo>cJa%@h{d$g`Cmn&csZ3& zsBw@Aogm=@=Kdf*823M$`?%=`QD_fHqz4sm;!U^H176w^7Y^fOD?W`s{(GCxH3I%g zsQ%-lF0~WBQ4nFdt7^6p<~2o&hNn8=W(XDcBA>rZ?)Ik(~4I>@=sHU_a{TO;z~6UE5ZtYdIj3bGfV_yOzmQ7= zuPCPx--F5@dUaF^XpLGXSzpzebmR`id-opHoZZ2d@c-+V5( zCW{)xs{}!5940>H$RScPORt<9MRmbt^W8;Gsip8;3-$yblqMeh|47O|43Y?El=qY! zM6-oAc5N93I!E+{suHR0!W&RCdlDm-Fc;msF%?1@1#~K%=CnzggBM38Z53a}_Z@tm zcT4FT5*NO%MH!tk#Zx_;13M7TIAnFIahnhO`wdHhH*7-h{A&{=toS4|7}7B8r%A)G zVBwUBjdzL?`@fB^^EUIGwMl%XY5sN^C() za$ji%&Mh6~etchd(zN}vR;1P;T{ap%8s~D9<}B8B{I9F<8${&`{z1MNp8Gn0F9v`$ z8vx+RNZ*ToZV*a)W#?Gi*ChJ8j(L{$PX|8Sjn5itx@}NC-0k2x)oWjMkCg9hOtZ(_ zxL_w@GkFu<@x$F-m@YPn_!8*<^b#n(=)5ZC8zndHsJ=)iyu;Z(*T5wjIm|C@{`Clb zXAcGqT!=F{3iH8X5tARi(56+8HwCQeX@CS&3-whPj1#zkoBsWb@`Np zc<*E8f9eH#ki6U>-{ift!4c=KvJm3Nb*jNfMvM7g-Kscn-CU@h)fnZ>z#jy;5R{a- zF>1dznqXvA#{kP@J}s>Ml$IF5zx^TALN#BT!wMl)CUPpGRc0vtFTB1g)G@}mT^50L z?=WrEZlQr61szR(G4Olqg71pb-WNZpHy(6x@|Nc}_4_Evd?`= zu;z|lKgN+TGQWu*Ew>7=D%O4Txxvq+*9RaOGrqR|vZYo!yyFH~r%vI|O@~KDy5B@m z?bM#VAoi4-^1VMT5$-}DxZ42Cu7{w2HW%dmFsHN{{dlcMmWiq9YJQ*%BNJ2f?Z*q2 zK!{;)#u7kFY#RL$w?8)O7#SI*4ZPU^_4pTEP#IT9d=T#f^v|hgHMotUN}PycFa!s{ zcXedzkD6IL(KgnlVD;aW6fyGFo@zP5OiM2*US@^=G8iofmbFeTsE9@ji3z#c(Dw zuR5IwR3p$c-Ermeykz)o3_Uvu4&`?Fi?e}U!g=#Smu4QkNN{e|nEHbqP zJR=f5d^;G;Nv+=ycb@>g-KwcufAnX8G;hcxb`pmV9X;tL_nnMHeFx{5OnHW<8&*snweif9#=9E?lWq?6YVl&V2ZsYo!*Y0lP3+3`a5C z>~SnNU$s2?I?7>G5_7N}z*jw#NlG|hT~zLSa)@z4P+f2efQw7`@kpmy$f&Jh!`OtyL3vW(Y^ z;Md4MPvSriONn=RE94VE5G3R26wKZc_F-a*q0t~1R~{^^P1KqSIS-hKubsnG3h3v) ze_JcFmB9NoHa(+H?xl+J1edsQ4(N}59rIVV9yf-|fkA?qEbzuU8c1)ba_(mh0!oJg zS-?#K2@G9?vp=r2q?&Dj5d#v8kB*w{TEjBG!*lSurZBGZ;AwSAz|VIBQZOT1Z#*G5TkfSLL7p(MFBy{9 zZARSeSwCS|#I%0aS8ESx7%51VP^`@Sh{Q;{YfDB{<%OD5)CkrXYLe5_-A+^P1Qh_z zfa4F5af>4G6|`zb4GfoMH*Ztlz#yB`QO}DXYm7Gj`fv(Q7}BHEvgIOsi0l)hs9rh; zslMywkqRs5yNQ4~xuwG{psHV}Z$;;gb5+avpW~i}z7@Bw98@QA2X7Q8+7K0XWPv{F z;;^w{Emn}R;%nfVIo5)kC_k`czdrSHw^%aqWr6ED5tQoPvj5zcXAMXwW&jN*GWIk# zh_KBx2^Zh24uB>A!<2;)bGs3qcfGyofE}+@nS^|#cZ(TReJt9bV?4!Q&T^hb2vu{r zSf}E}?`?d~St;C%!lD|hcZy-$bGh1Mr`r0DBTzHj%lY>=csS&CJr`Ki2`1l+^=;H7 zGXY18s>Q?X@fuC>gu}Y5Fyzg2tq}Jk>77#%_%|15kjQ-GR`1do?WY>V_R2u|4-a$x z%#87q^K>4We|JTuBtECNNy&_1T;b>V}A zgUv6~5Jt{c45ZqbfEO9L`O8jPlg;$K3oaoUfFxPvZ^UaAj4dEw;Njvbm7w8wX~h{} z2xq~dpF?~&nnm)UIA5TP)eQu@bDI-x84@20P~H)qe~yKnzYy*QmfCBAOC3OjXZ&9@ zqd$ZZRxRaT)&i4vKb3o2Zv1W*5aLN}@a<<{gtgYpS}SIXb=rEsvJ*Sp);uu%8A8E zF@W;^d;7rULy~GCL|5i}90OH6(%D>}Ec&Ti7poKUpo%j)7O(nMPP{DOzTn0CNet{^ z%`(@ik?gYp z@XRXb(UtEVBNgdA9BDbzyTB?rG9c2j)*a|+@mc<0sZJF_M1AKL4TmXxcq37k!2+?$!FY3Y zQHMuUMTJ4@Jw*If7P6ytV4d+TXXSn2!^PTEylkJNh7c4R+NnxXMf3V=6M;am$ibZ> z>JVy}_0WDNCH71-zuOWbJn7%mnv?-qsw(5oJ|CS&LfREK3tHK#K}`iAARd|QgRQPl z%CP=+AL)F@^&xM(mW)7VOQU7}-8;L9F6iKmT#8=Z(!Mt``Kd6i6f+O!BxCV1KZ@CC zv(2npkFg$rQxr~M5~ZxSC$I7&g62w$o^797)X%-vtuOr%Wq4v%B4}&jLHg{aJz%zk zUHeA<7RX|q`oU&+$MMc67PbYpB$V%fdf{!yEZ}5fS@8W4y+Nu$e#Q$4#u~f&JB1Yy z>c624*KX?q8}8ZXnMGqOaw|_C9tPAa=24Le&I88LB_KXq-3;uNiL0iy+|BW^=lX2f zKxEEN#y&4qNg(zeG0gAOZKeQO$l$9R04+@fq&WTfGJy+NGkb=q&*1&&QV>bm{O*pcL+Gs^ zQ{KG*x+73q>)sZlKz0Z)y}bPS{%I|W&lD#e_4Sj81nf`Yze0g~LM7ERB0hr%5ASFH zIzZe=0;$TU_v`{^qYk9pYP|a90oruC@wO%>(P<~MG!Seke|o4metA3J!EA>`FA&jz z04^Ck2GnxVKmcLMIddK0L$ru+4x7&aZ`0p1gg1#8W4FC80N6K~L`&it>CJu+m^GIM z3M#M5e0lK}4#Xf1nwZ2OJ^6xzbE#UT)fim(x0>V`i!qoOg z6sOLFhvABU;&u_B3?$Zm#=m_mOL z9OsVV&bp9l-s|R+(aDG+qvd!#jWnrCVCTn7M0vIda=0zgxcPv3&s8VF-$S5Ko#{3c zPdph}m;BN8hv2Eh^N^N{;fFr0kHo)9c&l|<-<@#so%ZS4F9Y_rf|bo%@xOvlNklUZ z%L^=CeQ#EY+aso{K$iN2@^jKGfKME}lH5naS8vGfvH@@ml}KQ7LUHha+I#PKETi{v zJhCF8kQ5%2%t}UO?~FubJcRHdBPv-*R5_xt1PANT8i?sLv{u6AM4v9)9hTzKW^kP1=KAvb$jhUK#2V!Kc*hRB^YxIuyf_j- zu697~AcY^UFCTbQG++`U|Z7m;Chn5#`E6<59bu z^&VGWlM%B~z4I3iH@x`?XQ?iZgrmbZu1OoSxgXAIlsGMa$e}^rXzZb=LVvxLDia~y zrBxOC-b59r%JE@N&T90?8QFaN1D-^ruZGr;(h@oxkL&V2DDiq>%BlBF_I+z9^n2^rMkyil<}J0Wt@&*1rEF)7L|q;_9d>l;#&cKjZ)$1-L|M z^O}$?Ia(o%vz6)4$a|sT2bEM(hqmDKYvNCIoW6~M^8ybkt0wp1Z#XVZ7+F4@D?npn zKreW(vi|6c8YKM2?E*CoYY#||dE=m_^;Ty3mmH5;7r-$|+t2kynHJ9!eLZYJK$%LOVQ7R1|Xrv5M1sSnSIT_S$5h%n*X53&S$ zw)rb;Wy3R#EQCV@w`{k?+qS~I7uVG4uiyn>*Gj5(Qk&PzHKmJn7e`plxH8TZqos|- zjjM{NLk-ZgOR`Hj(mCdpaZ;}zsXtvc2xz`4oUnANPf_cmcTrq&9gn9zwH_!5Gl3ENKCCFzSK8DI>!fbIQ#9^dgyW5g z@d&#vd(55hnw1bf8O_*<^4o$9SucC_f|aKF*OW%t{%H!`82AG&!z>y-jI<0Hd>rxs5-X)J?T zW!Zc@E?tDWV|=H^Rt_ICN7yK}n18I>jo&Blz!{nbs4SgQ()V^bQ?{r==iuGpFXLYN zcCt$L^sU!bTNppifc_JK5A&WP`~2R&{n4TKhZVjmt;@mKOId&_15~Z z@GOtyyYqUzAU;WQ@-T7R1S9PkbQNb#zzUA8BdnlCy@PYHZjJkOJbGhW3*|Q6mv~g% z3staMsEtfPm$?hT;n^MTYJ8RL&g22p0$=lElWZb?`4fIHa^`( zDIsofR`RpU49*>{0z_g7JyYFTaTSM-lP}78nw6F-6A}btIN@Lux9vms0y%joEH9jb z$SEnI#Tt^Gc^I%4T|KaaWM}ut(2t~55y_X#_fyF5e+mZt+7pH9$Lq)%EM7`aSd4U) zo1XZdTG=LCD%Ij0on1$czF5I?TIpWUMY&$x2iB6;)p0!+ECxAC=+~n=GUTsa4=WxR z&hD0He3`RAJp2?LEcWJ_rBo>j7x( zi!Zjp_6f2}LvH)OLhbUQH`%xIY66!lwwAKi*etQkF?tCG)aYB@qPJcXkiUG#6lyOO z)~b|3`LJ3UskA(MR!~;Rd z6)TJCPp-pJk*3&gFMe4y-+Vs_Dmb=XfN`zv##6SO#!Z9cvm`zzDHH01AiJ?-o8sEo z?a^^RIrc$X;;~Gedw7SBeG2q1vgb1D&rL1g|*A#jw72^ zdEU>9N5ix?+HhJ8e#RJ5_sVDs4Zk8v2+uaAnQ&SEJXlY0`GmV7_2G|@_4q0A`Uouk z2{sYbz>??3ogB8we_2aFiQrCDry&a&{LW8dYoh8W?e7v4c|V zZ@B$fqv7tlabusa@0wg+eUgTow@4_AWu=d13<;F4O>p#cUSuaRC1T7Bm_5(Pbl{2H z6XLIIC)qJ+*QS_q8YKukW*-aAoO|@$RZ70R0(R-FUBWx9TllE91UWdLR@ik!__*s@ zdmJW1KGhpJHV^&MckwaaHUf_92~iiPPXpv$UMqg{(c1UONl6#EPWAj8|qZCZ<4Z13zYad z6u4ntcn3kM2o8w!xX~o(BB`m|tN*#aLe78#HNIoz9HTsORI|&9^K|AT zU2;@t>5PPFn-$p^5$}^{a?;qVGA@RfE$W@hq3v3eV-dMw)$GQc(1~9WI@K&3QtQWs z&%{Ja&ZvS$r+Rya=)YsDtPDKD)DV2u*9Yr+&KIaT!fV(&r2iDx-cct5$vW{H>Eu5xbLD}}{M+q~0(Bj1BoYN9}_dvax?~B9hT8Wd?Dgo6haC?==cCicG>PKBGPU*v6 zd$(34!03KoBVm z*K@8>o>V@i z;+IovvnNAqC+L4%?8c&B;UBK{XXW%E`0?QKyKa4#L%#TtUSI?(3HS98U3e*Yr+xe9 zNKiPOeQ-nJxh7sPcWku}mQnIiEwWMMRk}~mybl(x-ZHH_oGsao?2ywa-(1$#F%07Y zKgIYS^XSv>G9;Vi zR!-{5%ZFN*NlZ6`jn9U8q$GezJr|$qp!;OGCHOH;;1#7irB8Y(%w@e4_L~YwSq11#z;%Zu`tysfNMGKn=nGcV z2?r#>LH%;EPu3Og58!I$`A+uayw4%eTW}4s)Q{JRkY4VkRsZ&^nmH%4bV2?Y6bP=) z`FuWGI_L4tT}G4S;DwLZrcgPJhV7p6a}3rWf-V`+7r)$?w&Bjn-3BCEElu@`fu$!*1NrH?*MmEEQ z61#s1E~%VMzDPZLz#2y>fg>PM3?uFo>5s;c!qIb<#p5hLEF1V=vM^R0SM~6UL}TC} z(&x-w2GsMxH)TFBw4psnv%)AD_MB ztc2PY90OQyv#=kIT&X0Pw>a_WHQk}luKlmi){+He#hpbR!}C$3ai=C>JgNWoe6{=1 zzFeYgqUl_l6>R_JLinqR)X164@w7~A{pd3a9vz)fhlS@YXVVRf%dM}{FIU?o%vQw+Is0}Ek=AKu4$VlVQ$P`rV=)!Tzy7GM3eeaFww zAJ)?5_tqfQu@8H)){lE*B5P~HkaSqU$?1J@yrfo zto1u}xMHm{>x}hDh1o6_rNoGAN<;q);UTTH@0(dtKONwd{ZS=OYRvSYwNX$pX%5Tj z(?1dgn5F#B@k?ZM9jt+RRe{ZR(M{EX7erZ*&-k!$cYVP>3r;vy-SFj_;iA&N)pwM$ zGLFc!I5IKf!abjgUQcX<4i!(e!0lt_#5FOO-RXfJ&<)jKqs)RMt{$28;w+q>Dkm14 z|GL)$>%|hw7Uzaacj9Yh#>FGLe>S+OK5FaRZPWGBqQS;9>vH^tDcj--D=}I<6q^Tg zWUAGZ`IH1W=$4j66<>|?2tN>hU}!kM>1FNjPgXMG;) zuwdP$AHEf5+GMCSndUmpz$CgkuB4QW`FyW%d3|M3fH{5h21I!+?cLx9I;G~lu~Y7= zNO$%>RcSz=+4%aRJ%?d1)e4T^Iu4gz2}J*GCL%u~omPmtv>5e|d0;gUpR08Lq&w$v zl+!^e)yeyiYn5{-tnY=-Qmk;TRh@NtBKr6g%SisHrR(;JYn)}#XqeLq+W{aJ)oYG%hKtLZHdgIb~K~K`BP-owze;PR@|oqL1SE>jsw#fpJS7oUDFmbVFZG z@EzNgOkSJz)9uSj+bvUDnuL#d8Y~h=EYp?N5_#{oMz;c2+;Hpoh(9DU=NvRja*) z=LyhRu$0jb>9xLrrpH0s%U0X`Rl=?YC5vqe?Hs!EejD@e#MK*(O`8_#>@>e-Et4l~ z?%(pX)5+APV3^t-)!Q)Z za5XIKJ+OXMSL_aurv$p8%=Ovu(IkpOsv;mWt7b1R;}Ma6S43&gSQ@W)@!EVontN{Y zm8tFex7E4$LIQ8c>lL2ZJTuM=m*L#DFX5ZETGqpL4W%0D%M_9YA3inDx^UdyoO4y; zA=|)aC2?10AGs7zEE%AFm{*98aWAK!;vq@zL19qUbl8%?Xm1{U1aSG65)1I3+3 zjt|PtIltQ`a|&`*NqV}8iREed$`&T?GltnV^}IWvUP{y=Uc)<$8_mG z4xO(U-;tv}?Wu)^vwGhm!v->hYyHZ!#0T0gPr07LeNS}A(0@gt)XE?_Hn!QMDBsw| z_J=jsfIoNi`6)yH$onlW%eg;lwwO@0_eeuPm#HP0eJ8=eRXj|N;ldW6%wPDL)Sm_k z(^FjZ*@uH$MuK4|ZN6fu*lyPs%#yXKXKGpV)#+`k?XMlO{v16l{eHo9$Hy=8NVkqQQ~t+drwyKv{V9cHt+&@6+O4 z5aK-5A)vrit#1De+P)|}E~hjB_B($W#ms4FtG>aUo-cjw@XCHau9?pr<-FSF zam!iYLzc9|nFKMS`F*JLXW9>C?&?U1k!y2~Q8&D$GxHy@EL-Yw`qtc=PdHGL;Vh#U zz?bjCps)Qs|dhEt%~ZL(_4iuq(xG+Vd49Jc=EGb(-4xd6892%USpZbxTU0y*|}gw`9nc7%lSgoNk@ zxGyP;fAhWQ#(O8z>Wka6TQjrYR^FQ}oqBGV+V-iK+rss1^}VE7$HDc5xN8}<&bJG| z^7Jg7{rnvtZIte_MUMJNi6h=sDNm9^9c7>7gzJG_=#&Z~B1gSG?`~n-HPwNM+L{P7 z{d{_xKe1nMo%SsjYuzAP442gRo`5^5G8~2@O*i^967zeyTlspte-J)I_tX&Q_T2L* zu}vD!>JLfUUR5=nbrx-ojh>D+q&J}3ev?-;79{`sEPyW?7ZT>jN>d8gZS${HFF3=M zKI>y~4sZf_%y5g!XSkbcAyQ`kos&5jg0*J5@@L+B$YBqDWFNMtTDCZmtAR4UQ9G3( zt_FB_aiW7R+bLa-Ar)!0wmG=Hx$$|M&)z72lmb?xB~5z3Q1h~n>DT*m;JUr zTnYX}y^az!wyioJoJ}_&xvJzmp~|+ES8!Ea{etE89NBiTW%=s2(jH%5U!hu|r4Ci? zWc1>s=+=m65|IKEx&5@cUi3@bY3;^%-(cnfP5$$lo^UW!v2*x-de>17y*iWA`J(7* z)Fdch1%}ny%L|s}Kda8h+Bt$YjUD(|eWAe4b!$Fudo?cEUhl)walXgd)zmAA54v(= z`6~288SWp)R27XlQ+F#`KsH3)g-*&jymz?x@y%Ip(G7k2>*Y%sR*ELi?^bWj07uMM z9v_%{1ovPbZJM>7^Q^0@+tBiL#8gpt8{%D^{xa*jHRk&5%dN>zSC=!Kx0dv_`N+n! zW~<=hy>nFuFCBLe1O7Pm#rzl^9@;3yLj?Fk3gM5m|KyK*?iT8ArxveAZLKMquGeg_ zG#Rbf`;l3tNigU8|y2bG*B%Y7`o{7KzztfKm0c!V!y17S6_yI9};DOjO-B zuS?J?dnRK{6=y+}@#+WX3Im7t>a`!uQUb)gV82;J3%Q?&OqrIbDD%flu;-&HIgYJ@r$&H~IsUb=} z|50(!?>GC}*(Dmf3N(YMvbdH-g2wD-`XVb#!0t1AC|oV**eo`Xt5!$R2v$3f4R2Zd z-`?Ju-HzQ_%i4ahwdUt&Ugh{>DDt5{-DJ@>q7ROjGR2R(pC=;9saM8#Mv2Ayg7)xI zJBs1roxidQ3^bbVOHTpsMR9w)`EpBar=lZ6z0hjWk!qM=s@paEPw}-(mwI{6hjHOt zC}wvwKGRf%jVg0&yI~xjb2EJj$JXU7@wVTO$Mnt;QE%oHO*fwZX#3u4LxNkZt3<(2 zy4}jK*}BnoxAiLL-R06T;j>l3Pnd44f)NivT+Y=|ypeJlz4hMi1yx&+A@RFb(GizA zdxs@w-mG*UiTnA1@{7VlA&N}oqOKpCevXoxoqC&{FBzr^y;WPknI^}CF$wvR4KV+F z&_Ai$Eubc{emKAfh`ubZ zSaGbl;A(|kZ8j#W6!oZ3_o2*+v2MOJo~q<*Mvp7wm>rlP*UjFr(T z-A7{Q9twRzj;32U#mc;BRz}bB08t8~gW=q@evhT!9BCNOFVHOJHYUw?amkCdat@^3 z0`GAdN0g_y$WAjo#M0CApRaLs_CCgnpA(4`8jfb)GBrbUA8DyJ= zec2m>*0DdHuZ|3hI|fsAe?03l@4p(yJ-=xkx8Aqmd}8_oHuL8(N*uKLB!;p^>RfMB z5mn7|`(fX4DD85gkE&kJv2m_CnAt`Br891$F77K&vsTNhJPMd4)AKxd<@MJ|of*aA zb=Ep0@BpYb4|)3-II)OSZo>#w?N9J8y52pWWBHe-(&E$bQq0!o`R%XbWK2S)ai)}p zf$>Qx8Qmz3wIdCub)A-I|OzapMT{d#q@uS8zXy zxJ09{R;A+Xe|uV7y;N`5`ABa2u=9xqxdP+ue1_w*p>VRm#kh>ltqql+5tDZrg#%H9 zW1_2dO4R*aE(Ox(s8`zj;!OB){gDV&b-wR4NXGl8cDlHDQD;!KTK4$x`d>foqpLen zZqn)Yj_K~?I`eJDCPgbz)XDGL2Q&r@=sd7Ak{0Wd*zj5H%DL7tjm*6JBzI@iA{>sa zB>Rm{4NDHZIoiwqC-b&0CK$q#B8WG?cmYQL zH%{jU1*2%G@T}04ThV!*+0^ngbK;@giNly_vTVN?U$sW*S87PohWa}t#zv$q9gpBF zs+P92i02F!bkxm7V% z_*_8&0ZE-o8&=~HqCXi-PtL^M`^cFTW7i*9;Jo2%I;*sm9^!rj@9wM17WK2feDfRO zq!uh)#I81||G~=+~60W-dA^LM}Pg#xdvaf0Te2~sLOC@rY*v(J4 zP+Ge3qlKJ>g=OJX>WE9tJdOkBaR%4kLard8VET<7yY}qp$8sZ+-HF+qOE+-Df;)9> zf*RN%t}{1U^asRAAHeYB8W&g%95wFW80Rfn-BKYCe`Vg4goJVe6Srq|dGUHz`>hhE z8C+d^tygpsCtbnm|7F3w29KntG)R>Ik~AL!1un@iv-yL=$r<`Fh&;tGINy3Klb0`_ z`9RK%5j>(0G?FnB_>YVkh8=a`Fg?!WHCq%jR+&mm)?vMLIx}MKtdAB_L z+lt%cV)4;;vr?T`qRqZcInNF7(rs?9HJL8Ia8!+oVUvyzU2$!fGaWXvx-!xtEE<@p zn|qTVZGN!)FnBBzfXOtC*XYfo7{2rYBZk{C9@w79qCCfz8A|c4#l>c!T7l(+_NH3) zb?FpWJX-dT#5u!TZ|}|;^5m!-#_%mRDQD}GpunhQxxBrUo<4ivLWnP<9qD- zBYM1P5_kG%)q0EdyidF|UyU45@D{tC zo0=qFk~0b;W2GkpGqne8jvqonzoEd`YH4BR#5p(i8y!wj2&S4%k1WeIZHW~&9m{m) z$ze%OYD+qzq!4}eV$qeaYZAaLH--pBe~NF}Kqb@<1(L^sfoQEenXwHl1!vZ6(v92K zTEDm$cTD(am4OC&U~Nr_gNrx8h#*|3joO&h%2=Hqm(JyW?_AD>MAC|dHr`^F_ic<_ zr7qOQ)1RK$_N|WcI`pfVek+eV$Q9tfl~wP89=tPLC&xCSE_Ixjr;uHEG_pcP-Z6$rEWQXARu`_qBD0bJ zl!d9_p}CpOVbzq)1FP0kRx|<^r8WuY^zx-`Y6h!KuSw71qdT)+P#`Q{h07Doa86(f&BgiN8rv=}_W! zx{?rIVBAVCuS=JI+xHLp>w;qxfDSXxIdGn=#yuG}Zi-aG$%|ZNBXqMV^S4MdcKJqk zGfOg5Ry@65uWap>V&{XCNeXOmK+v*fI`>7%w!S(A^{n()xAf4cuO z+Ep||aHPVhV)3zYvhbX%gw53DWrew!l8W$x8>@ru0}QTbC)bB&Rzg=cAFAd=YNCCX zrjE{#WFK17yFs@;BMmwb!7d7@=zdPH?mYekq~QAnpDknDJIdEF)1QtS8}Z~CJW>}r zy7JM_d0~iyB#WswDl)PzoVl;m$o#=ns*+C9^M2^%&MkL!H>xk!oqp1-yz}ePpwN{L zrqUZxn%vUN)_bUP_r|)hjCzSoK11}Ae`y=9gxj<2(^qgQI?~2DYOV5eTi@3(cP}(^ z&vx65m4>4U?{$~Lcniiq#8&f^m|yO_*Xh`nX|-YPSL4}R4RiXz*j4?W&_-*FQOpf6 zhF45Uj{uzA__>z7yIs zP%nvf=E>E1*UcPVnD8uaEa~b2whY{8H4d@s>B{|>kxHj)lRZn7pufRX;m{F=Ce{d za<=$lN#XUN20zU9E9=jJ-5AC`(WIW+L5nRI->?N&%DB0ooF5+azv9W}|JIPinO%~6 z0B8gv&qzX)^XSIDWKpqrNNSW8GS&JWQ!iPWBFSYc?Ty^@y~!bg)f71wMqxpgWALc! zag1R5doru5$)HR3J2^>051~YPgy;-3I^!G%E;hoKYOscIB%?=@n|X3bG1%s{tWCvH zj9Q^>Ml4B=)?q}0y1f-~|EU-H>~q^mdL6X`-jgnkP*ZPgXG}ldq7e6wO=OsU< zQ|dvIT1@WC$JFL8R;G4gu|LU$wxrzhHGMi=EYgp7V8f)ADu{E^^d!aAm&|YBA?fD| zF@7F%{`JIrHQko-+M-+A33-ktFZ9*vF=b2rrW;eBB1_-h0@nXoonbn8dLZ1GeoJ~= zk^VOKcFo*Qvf@m`x?r)3B>2Q{ZSqJ2iyrOLBo=J8aQmg#``iWa(end-qPge@ss=)t zTlp8ZFpTOC)#jZy>TK&)8dj9h-$U_lsP-IwNGA02j=-jA#SOO{mILIs(!@3f2G-h% zb9?t^*!QhH+kRY8Yk_@z1k*W2d>Erv5$1uN=>A9q(^d`;+c+Q9Z*I1hej(|$hTgUB zjaW^sxz`squF|@0HMD;(o*$@wws}uzb=185>zGK0ae+{W_Hplv?AwGht)~-wNd`lz zw+q7)T9<^Em&nKF&m;7J+>k4z>bDj1Kb44qfmFUlmTPR1n@GT1TEF!QEo2$zOSPU~ z&|i{^;#hC7UJ;#B78q&NGZmiZfab8rzM`h2>3)xGwUA&XjDwTTC!1e?1=laQ+BN*-dPNesJrw z2li+C)(s(Dvm+R;Q>tZSAkXPN?}Vu_bezMENdFg=huk93=!pE}?S_NZq9q27+6jkSB^$Ae0A%d04!0yR@Ss*-t6ofyRNVI zsWJU4HyUL~BtwA_CT8tylk3c(U%(Z2f+@NX;$d*#WQk&*Nw`Vis?SDlSi*y$f zrn|Q)OfAhE_1?dv5!;ZwH~e&)S@HRLJ#Vr8$ijOp*2=o4?bPRrxmI4Ak(zeUzvatZ z+uoM+24%PPe5lM#7={^2s*Zj*2F!wJB1_=4S zZLK@^%mn&Z#HcaCs==N2=0o?nZxQE7q~FS4db6~oY~qKSd=ck*_O`&c@4V$MI<(sT zBf@25HZK_~w%$(NH8swRH8gJ}1_ji)$zGdgIlcHC)P^TjM6_Zq+Kta)eaUp9n4`UK zd5ciy)n)qVL+kn5f*Fnzx$WPh^1TlQFn#FFJw3fPP}o*rE)ooBN=FhGaoq!LTjZ0i zk(xbar4KbZC~P=)IG-jKyjT0>=2GSO8FBS>AF@NQ0qcRs&}djUtrZxRGfB>$>?+h< z2n7(FsWdI`*v!c>6mO52PI}sniFd8pnB$`f_p5z(6j%51%a_u?M=QLwk3!TOHASt* zt4NFL_708mh$PE;W6|3VDYNfdKOIO;@KxB(%9~kCPHtTqQ6RjG)-$%7zEa|PN27OZ zl`L6!dnv=oxQnT5W<2$$_YCZ!N$}Mu?Yx4G#iN7OP3XJ+6gcu4!cha!EHGdvxYnuT zbmQ;5>90i6aTdh#H_lmI|)$A2*-qnrvGP7l|>xAQ}OYjq`CAdKCEnw4$?Zc{2e# z?P;(0joiCFl%Lv{^I4^-sX3`AMzHM)^~>qCEUV=4ET=QmWn+%n>T-h;`K4r+>Ec+< zJg}xVDC0cElf9;{M+(VAU?P3+Odp+^Ek$Bvm8iNfLfBHO(Oc?ZF2Z46li72>BWa|4 zpp3_qf4#5_u^jKoHTk0Y-#c1x_PfsZkEbvnQmU~O5TJAURBh4qJ&KpMkT&HDh=Bez z^NT0N)k*!$WB~=Nx~S;L{Lv@K%46FiSDa#QP+xZ;Ion#S(t1nftL&Y;^=gmll5da_ z^W<_~)-pA1#+VVkQ zCfjt_qoM8RrHUw-ZsW;C6NQ7lyP`Y+PDPsDdx1a*(z2qmONU~oS`g3SenI0tyH(hjnG>L|4~zkLfXgNSlOI3XQn>sWUCrb}GT0 zKNa>Nh*4)bmpl5U(%3iyYtm0gw|!H`W}^Sj=qrJJX@b#^E`^b z^lLu2-j%!pckR78Y!Gb%^VZA+?Ng+(d>m>_%*pGU#S!6dpn!$g%XK2}smU> zASuN}9~!aK+Bt{`vU%URlg%K@Jrv=)G)0tcz@l!;aOU_pim!r7of z0WIX2G|4A-JnH>WT0t7n>l?-hxeX+cfI;qWcdQybdOrpIdFAb4V6G5%Qyo?$NG4S8MUu| zl-bdaL>;;yj_Zdt%-kS04OK7!S54U*@RHG>9sTY=j+v_beh3xB>hPEvdyAM!axLXQ zXO=U;vZyz`@hD^0Z%3)cL5^0ZM5N?&mu%h8eeYj1W0iouAExm;Qjuep*vBp+bo^cj zGCKIOmt*%g#5KGbCk891Z6590Prc9#&a=uUNY_sw{P%Zd4%}W?Mf>Dm4c(PN0?>f8 z*QbaNss*dLGmSF=DrjMW-c0rdhsYIi^(vB-br^=VOpM-m`bxWAnf~B;PsxZ#D#otb zYUcK8jS4Qsjrs;vS~|WX>5E4nANqyhEkN+vWNLmW^sfGG?A8vbNX3$Cm=^n0n8x#r zFa*^2Q{?(xk5hS_YnDvclea~hrXx;#I`0W#)v54g-?7U+`SL!UY5rLN0(>kE{t5wA z39cj+MlD_z?x)`8{s@+iXjQ)Zk*Nl&&Ermp0Ql_8&}YXoufzJ$_6{43#G>hF60+Q7 zZ_RB-Y6Be%i@MPnYC1@%08%%P0wxEq`SGgQ2TdOGk!& z9r3o$A}X>kEXi_RBC7a{p{eC0GdhB=jbebfX}EDmksL=a)o*G(sug z24>Bl)F=eMc|!f#2*Rv3$W$_Po;^5IYo?MPh-i>gMWy2- zryoV#os88vc_Nw`{mz-=^W-vp(E3MncUzr1lI|MXb{L@*c}gkp)WRuj=RQQwB)>zr zqz$-4K0J#%1`=;c9Rx^rbAht;!eccneqG8J*>c08_^(f$dJ3 zH>o%mc=d!ai+Wtct4qI-N(e}$OVfFZZ6OgKwb(3f9Y^|A0OyE;M2o-sR z0?+3hBLb@u5k;NtR^CGAA32rS>?2D33`oHW?nuY)qzMhoQ9ng+Oa=ZYVuV0ZgPV$I zZLPl52cX55UVfuNhGv!7$pwWtFfu*%Cp}bGcoU|A@Jev4QX;e$N%G#ie&o zS`F3`k*qX=zy;{EKK!-%esWA_+H(RVc$WtOVb>|IzONhH8KH8V6%jM0a~HymlM9k# z2DfCQN_LsCZzF$ceUU3qgUfXg_>d7Gc z#*?W|XDy*+J@KqP>X|EBApPAdv^u$6!r8RW*)(vgBn+a7xYrI>muUmw|GDO7$Xnvz zdIO5+dTZ(5gWQu=5IopX0(5xamZz>-m)Is0l{w~?$sit);pVvpX&$ zbovcQ_Jfi>1fW;*VET@WjPn)OgY&2a6)=oi%2N>}?>mm$b1-9n!ILNZ%a;&;072=H zGN4rQfP-@|{1-P9Jc_)(j|gkqycQZ78>K${CEmLY+{EaM;>;I5EW;hpwjC)FWAB_AqoI#=7aA|!_crwM@ZqH27EAn zXG#PgjUOtVK$;g18gxiOgJ%+5PBb3asH30e5ZL$HpiYU0rN>`^uFk7T>cLMREdY+( zNxjfkh_O}JHh)>{U4Y#8vJ>zTPD&K=BNRtM#v=RDt+&t#j;A2qU*JP-223ZPy|u{= zE#Qv4Kn-N@o3G)^cMk-$t>FJa-wEkGXpjdgn1Nb~Ch2$ZhH#|$rC`T#RIhVMmvHQ2>H z#JWEM$)$C{39#GR>y z{OCRdoZlaP$zTqlMzkRFUiZkuK~13B%{$4H;6Y8)j_jx?ns|^pw@+6)a{*ct0m2=x z;CCxAHAGxeuk)<2?dd)>sIOIfA-~27rGbAlotxM+jGce>ZXy9|ZQAvs`$%FsAH=w` zxHSLRb5uHiA}{$r2-1`X_6Z3X^WL>C$k1;M0Pw2oLK^%qsUG&1qW_ZF4&DyR@x8$X z(h|>|0E>Y{+@M86RSogMgCX|l{1vnRmWGhaz-6&o-{s^zI5lvPd4)*Bn=twBmrp}q zr|GhO>kNd6-Nd+H!uhO*w+R?)(-hfAA4313z*B1F4+CicK@>*(vVYHk7qXO{Q)}V3 z7d@~!YErHU&2B)y*5-PNPe9hLb2$FL>%V_IG&W zpgPb@)5>I$6KFOyvZMKFo&(M9bTxOB07!O%m;a@iG)#et?Yd+!&`kCP=`-kt3ZWVJ zVG(%fGf49J58YDApo`^GnH~G^(V^_&&4^y?0ywn73;8`ExtJ6}u%nOn+9&{)!=BD> zoP$x`E88Ki5xM3SAY_E!SUn3kV%pM+yI$}v4c0(#Cj?UoG(bqSaAGBQyvZyWqx_y3 z_Afl_P1}6|sWMU}5tfq+9%V;*anC{Cs2te*j^rT{Mt-I9;D?z$7nSp|43B_sXeOF>u(4Zo zaH9tZ`KvheuR+8H0dnWlokPU%E5}=F#El?YR0C$$xElC39`@QO(*s94n7ug72J5-_ z2qKiJ;SHMo1w#z<5p%zEH}2Zyy?kKF&X)oC#~$u!hU-W~wtAS~V4nw8CZq?2Fv=bc zb}d)|Sg?9^icQ2Zvj!NOGMqzY&eW!<*7vr7N1SH)oi^)I~VQ!GdjtRK~GzX!iq{4#XW8~#RRKP5&j?S=qYcy}#eL^GX%-h)?z z)uL5siGBgH+lCX;cUtn*Ki&hPNG1C(?ZCqgFdDGOazq1+7F4Yai1h6Z@*PnJvk9~} z+=0ya_J?+qOF0tX)u(3vjfcH9^+@ET#I<-5aTs<`T@Mi@yTYl(R|wBPd)&SEDe@3c z4Rg>6$>#S2+WpcD?)8YjsaGj;5O~Aq{PCT@>^DeJP$pq!yV=11U{9Cdf^0^5QGQli zE&k48_P?r23Hp!ybmDq2e1y_$LVgtMhIg5DC(hx))X6`_Anx~{NfUtF(qap9Z4k;X z&$A=H9fYWr@1nWMgbsjI62tsA8;Qj;L3e(XX^j1p7`}v$kAR}?#J~>h$|rTMfP=VW zB7VdFf0!fq1Ce_ou)0E>z00oGe;R>@6SSh%l`3l^Wba7^(;9f`e@(#|Q3o;CJvo5P z8T(pZAanbu0g|J4iBJ76JnXd*bAT~MQ@vsnPS)O|LO>P!?U(NQskDD}51IkVH~63L zGA7^C49X7B|ER(z9~|&Ft{Hp&?GB3NB2ty<+9PvzPnS1=h2<+;R--LKrOS7=Y5YY1 z$ZNp%fX*Y)p2Q$!JHFo|!*5qH0dW;6d(Qzym2qGS_fVDAdzyhAYLC*K4jkv+C$7$1ZxQ_W9B%zbp+8bZ0R?|u9~f9GBY7H+n|wRrh7RDZn8o@nIq;XHn4SDTRHnfKl3ouqcR`s> zXHU&euI1cC5Xm8IOe*4)&DuWxn~nCl`yo=LlJe+2EbjzM9A^O(u>(7#i9NZ`4JHCv zaos}?O4$**m{z!vibI^ku68B{ctR`#*d+gq)op^)d#>1@HetYRT&G4>^$}J6V&*yW z%j*b$k(;U|R1r9S*RcN?WD!vZc5tgQ64K%ddG9C}Js87zv_tc6JnRiJ3i>@Xnfk%g zr>F+C9r73gpa`WRN&it^ zO`x;*O16xSLy~D%m-8YSt-f9j)2|*_b~OdPe^nRauqs&`VwZ*KkzzyUzCElMO~vAO+$OG*q=6U zcXJ@32Z3+Sb;KZ^DIPUwMXsdbq8#AJUBkYo>h`&p1LSL0)80`L9ptGMFj#y-wb-|# zB9$+=Pg{E@MiylklTNzLW3~CByMktfhb|3XM?&e02jg7O`CrsWA~Z+}c^!a`*e#T4 zS#}6|3NRF!cTVTNLU1R3n9jfWjsoE@>&nP1qsDaR=Tz@Rv__B!3C(8jUy=*%j0rFM zw}A&VAg0c!)`13Z-aOiIcoGqr5m)^JVFm_D6v57ABw`S^1wFi&c3vr;^OMB>TkbBIy#2|mIx;K=-p0|v*wm^ z;BV5Avm%-Ez9mzwSv<62`kQ$~a^Ic<$$H;0+fsy&-n`pE{1351AkI}A9_D>*4q0gG z{$PYkH*WzZUbL=Ee*o2e&FpuA>zCH8|5fuC)pJ%{ooCXrV+W)Y0Meblbq95Eby2?j zfAblM2pi;Z22O{d(z6pU+(F>ol|g5bL{xf9eAK@R{a1nYGnN%#gRc|E1$VFnR+8`5 z{8pS&aHp#(*FQ!Q)*bNBr#NKamoV3w{lvfda|a}407T+8W2%#!y0}K{L3$!eA#@mmR(*QDGU8e z|I>ovF_nM890?n#jebG;OHTFH67{(sbU$k53@-96kT5pI-r1aSG3Y z9KWZXXZGfbJcP&qM?|T7mjz$!-m#s5-G8|pIvtUCXz4n$@IT0b2J(nw3=69#L3)c0 z?m!9)d*HU@o|(7;r5Kp}9h12?heX6MBvA@H1ub@i;Qylk|Dyl@az7F||9`7|{%Dx{ z5KK?_H8k%DEb^c%4N8Y9J*nl-TPWu)BL3416vb}b{%PNyelr7Ok!Gq-iWJEIX}JuZ z%CffouhJW&hj@8Vf&Zfu2ODj6o1eQ6O8uik{4b^b`>k>wD7aht(?|AnBrBrA0@Bs@ z;Mf^N3I;h$CApJ=|JC+BWK$<_8#4cZhD=ovrph;&)cxlz1R{UK55C*4R3N|D?^(G= zLGHjzOY{97U;%3PO&D^M8rkc&3v9|$fc1Zj3;$sAAb8+>i-*7egEt~dh|SowG?BII z-5&iwnNp3U?Jjcd4#N5b29c`zNc9^!99$jnJc{4uAoYcNZHca{0-AO!1$N(xhnfFI z>o1UZ9amChZ^%y5_#~K96m{3@Km7nOH!HxYuJA&RCfJ264KjfLW2y=D2MkFF>PgG+ z1b$=aS957#5kKlKWaax;kM0IwQmWpV{hPUxN79VfxbGti(Z4;4f2u*$zy?|&oY|My}_foW=N3`x0M{8u{t?LGYJ>guqP$*1dqmE|`5#wq51l&?-~U=B_=gqtK67UTtUtn=&HKaF|1s3xdF%iF z*}0R5!#)&)Eb{#KFT~>iN~Hd#@4}5}-+lXV`sAd0zh!KLG_Y@mJdEe}J6^6q>p0+|_@5ynm+o@vl6{|2C1|*!*4U z@sGm(jfh`u{tnE4H~VK8v753W`i$=c|BYt Date: Mon, 26 Feb 2024 10:15:44 +0100 Subject: [PATCH 14/24] bump terraform version --- .github/workflows/linting.yml | 2 +- .github/workflows/tests.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 09fdc4d6b9..939f76a9ec 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -34,7 +34,7 @@ jobs: - name: Set up Terraform uses: hashicorp/setup-terraform@v2 with: - terraform_version: 1.7.0 + terraform_version: 1.7.4 - name: Install dependencies run: | diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3c83a8b1a2..8adef331ca 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -25,7 +25,7 @@ env: PYTEST_ADDOPTS: "--color=yes" PYTHON_VERSION: "3.10" TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache" - TF_VERSION: 1.7.0 + TF_VERSION: 1.7.4 TFTEST_COPY: 1 jobs: From 57ece653ad0fd9daebcf261df22c8d558047e247 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:18:57 +0100 Subject: [PATCH 15/24] bump module versions --- blueprints/gke/patterns/autopilot-cluster/versions.tf | 6 +++--- blueprints/gke/patterns/batch/versions.tf | 6 +++--- blueprints/gke/patterns/kafka/versions.tf | 6 +++--- blueprints/gke/patterns/mysql/versions.tf | 6 +++--- blueprints/gke/patterns/redis-cluster/versions.tf | 6 +++--- default-versions.tf | 6 +++--- .../__experimental_deprecated/alloydb-instance/versions.tf | 6 +++--- modules/__experimental_deprecated/net-neg/versions.tf | 6 +++--- .../__experimental_deprecated/project-iam-magic/versions.tf | 6 +++--- modules/analytics-hub/versions.tf | 6 +++--- modules/api-gateway/versions.tf | 6 +++--- modules/apigee/versions.tf | 6 +++--- modules/artifact-registry/versions.tf | 6 +++--- modules/bigquery-dataset/versions.tf | 6 +++--- modules/bigtable-instance/versions.tf | 6 +++--- modules/billing-account/versions.tf | 6 +++--- modules/binauthz/versions.tf | 6 +++--- .../cloud-config-container/__need_fixing/onprem/versions.tf | 6 +++--- .../cloud-config-container/__need_fixing/squid/versions.tf | 6 +++--- modules/cloud-config-container/coredns/versions.tf | 6 +++--- .../cloud-config-container/cos-generic-metadata/versions.tf | 6 +++--- .../envoy-sni-dyn-fwd-proxy/versions.tf | 6 +++--- .../envoy-traffic-director/versions.tf | 6 +++--- modules/cloud-config-container/mysql/versions.tf | 6 +++--- modules/cloud-config-container/nginx-tls/versions.tf | 6 +++--- modules/cloud-config-container/nginx/versions.tf | 6 +++--- modules/cloud-config-container/simple-nva/versions.tf | 6 +++--- modules/cloud-function-v1/versions.tf | 6 +++--- modules/cloud-function-v2/versions.tf | 6 +++--- modules/cloud-identity-group/versions.tf | 6 +++--- modules/cloud-run-v2/versions.tf | 6 +++--- modules/cloud-run/versions.tf | 6 +++--- modules/cloudsql-instance/versions.tf | 6 +++--- modules/compute-mig/versions.tf | 6 +++--- modules/compute-vm/versions.tf | 6 +++--- modules/container-registry/versions.tf | 6 +++--- modules/data-catalog-policy-tag/versions.tf | 6 +++--- modules/data-catalog-tag-template/versions.tf | 6 +++--- modules/data-catalog-tag/versions.tf | 6 +++--- modules/dataform-repository/versions.tf | 6 +++--- modules/datafusion/versions.tf | 6 +++--- modules/dataplex-datascan/versions.tf | 6 +++--- modules/dataplex/versions.tf | 6 +++--- modules/dataproc/versions.tf | 6 +++--- modules/dns-response-policy/versions.tf | 6 +++--- modules/dns/versions.tf | 6 +++--- modules/endpoints/versions.tf | 6 +++--- modules/folder/versions.tf | 6 +++--- modules/gcs/versions.tf | 6 +++--- modules/gcve-private-cloud/versions.tf | 6 +++--- modules/gke-cluster-autopilot/versions.tf | 6 +++--- modules/gke-cluster-standard/versions.tf | 6 +++--- modules/gke-hub/versions.tf | 6 +++--- modules/gke-nodepool/versions.tf | 6 +++--- modules/iam-service-account/versions.tf | 6 +++--- modules/kms/versions.tf | 6 +++--- modules/logging-bucket/versions.tf | 6 +++--- modules/ncc-spoke-ra/versions.tf | 6 +++--- modules/net-address/versions.tf | 6 +++--- modules/net-cloudnat/versions.tf | 6 +++--- modules/net-firewall-policy/versions.tf | 6 +++--- modules/net-ipsec-over-interconnect/versions.tf | 6 +++--- modules/net-lb-app-ext-regional/versions.tf | 6 +++--- modules/net-lb-app-ext/versions.tf | 6 +++--- modules/net-lb-app-int-cross-region/versions.tf | 6 +++--- modules/net-lb-app-int/versions.tf | 6 +++--- modules/net-lb-ext/versions.tf | 6 +++--- modules/net-lb-int/versions.tf | 6 +++--- modules/net-lb-proxy-int/versions.tf | 6 +++--- modules/net-swp/versions.tf | 6 +++--- modules/net-vlan-attachment/versions.tf | 6 +++--- modules/net-vpc-firewall/versions.tf | 6 +++--- modules/net-vpc-peering/versions.tf | 6 +++--- modules/net-vpc/versions.tf | 6 +++--- modules/net-vpn-dynamic/versions.tf | 6 +++--- modules/net-vpn-ha/versions.tf | 6 +++--- modules/net-vpn-static/versions.tf | 6 +++--- modules/organization/versions.tf | 6 +++--- modules/project/versions.tf | 6 +++--- modules/projects-data-source/versions.tf | 6 +++--- modules/pubsub/versions.tf | 6 +++--- modules/secret-manager/versions.tf | 6 +++--- modules/service-directory/versions.tf | 6 +++--- modules/source-repository/versions.tf | 6 +++--- modules/vpc-sc/versions.tf | 6 +++--- modules/workstation-cluster/versions.tf | 6 +++--- tests/examples_e2e/setup_module/versions.tf | 6 +++--- 87 files changed, 261 insertions(+), 261 deletions(-) diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/blueprints/gke/patterns/autopilot-cluster/versions.tf +++ b/blueprints/gke/patterns/autopilot-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/blueprints/gke/patterns/batch/versions.tf +++ b/blueprints/gke/patterns/batch/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/blueprints/gke/patterns/kafka/versions.tf +++ b/blueprints/gke/patterns/kafka/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/blueprints/gke/patterns/mysql/versions.tf +++ b/blueprints/gke/patterns/mysql/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/blueprints/gke/patterns/redis-cluster/versions.tf +++ b/blueprints/gke/patterns/redis-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/default-versions.tf b/default-versions.tf index 3db0e2076e..f43fef270d 100644 --- a/default-versions.tf +++ b/default-versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental_deprecated/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/__experimental_deprecated/alloydb-instance/versions.tf +++ b/modules/__experimental_deprecated/alloydb-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental_deprecated/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/__experimental_deprecated/net-neg/versions.tf +++ b/modules/__experimental_deprecated/net-neg/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental_deprecated/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/__experimental_deprecated/project-iam-magic/versions.tf +++ b/modules/__experimental_deprecated/project-iam-magic/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/analytics-hub/versions.tf b/modules/analytics-hub/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/analytics-hub/versions.tf +++ b/modules/analytics-hub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/api-gateway/versions.tf +++ b/modules/api-gateway/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/apigee/versions.tf +++ b/modules/apigee/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/artifact-registry/versions.tf +++ b/modules/artifact-registry/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/bigquery-dataset/versions.tf +++ b/modules/bigquery-dataset/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/bigtable-instance/versions.tf +++ b/modules/bigtable-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/billing-account/versions.tf +++ b/modules/billing-account/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/binauthz/versions.tf +++ b/modules/binauthz/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf +++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/__need_fixing/squid/versions.tf +++ b/modules/cloud-config-container/__need_fixing/squid/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/coredns/versions.tf +++ b/modules/cloud-config-container/coredns/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/cos-generic-metadata/versions.tf +++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf +++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/envoy-traffic-director/versions.tf +++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/mysql/versions.tf +++ b/modules/cloud-config-container/mysql/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/nginx-tls/versions.tf +++ b/modules/cloud-config-container/nginx-tls/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/nginx/versions.tf +++ b/modules/cloud-config-container/nginx/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-config-container/simple-nva/versions.tf +++ b/modules/cloud-config-container/simple-nva/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-function-v1/versions.tf +++ b/modules/cloud-function-v1/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-function-v2/versions.tf +++ b/modules/cloud-function-v2/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-identity-group/versions.tf +++ b/modules/cloud-identity-group/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run-v2/versions.tf b/modules/cloud-run-v2/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-run-v2/versions.tf +++ b/modules/cloud-run-v2/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloud-run/versions.tf +++ b/modules/cloud-run/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/cloudsql-instance/versions.tf +++ b/modules/cloudsql-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/compute-mig/versions.tf +++ b/modules/compute-mig/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/compute-vm/versions.tf +++ b/modules/compute-vm/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/container-registry/versions.tf +++ b/modules/container-registry/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/data-catalog-policy-tag/versions.tf +++ b/modules/data-catalog-policy-tag/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag-template/versions.tf b/modules/data-catalog-tag-template/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/data-catalog-tag-template/versions.tf +++ b/modules/data-catalog-tag-template/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag/versions.tf b/modules/data-catalog-tag/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/data-catalog-tag/versions.tf +++ b/modules/data-catalog-tag/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataform-repository/versions.tf b/modules/dataform-repository/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dataform-repository/versions.tf +++ b/modules/dataform-repository/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/datafusion/versions.tf +++ b/modules/datafusion/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dataplex-datascan/versions.tf +++ b/modules/dataplex-datascan/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dataplex/versions.tf +++ b/modules/dataplex/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dataproc/versions.tf +++ b/modules/dataproc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dns-response-policy/versions.tf +++ b/modules/dns-response-policy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/dns/versions.tf +++ b/modules/dns/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/endpoints/versions.tf +++ b/modules/endpoints/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/folder/versions.tf +++ b/modules/folder/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gcs/versions.tf +++ b/modules/gcs/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gcve-private-cloud/versions.tf +++ b/modules/gcve-private-cloud/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gke-cluster-autopilot/versions.tf +++ b/modules/gke-cluster-autopilot/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gke-cluster-standard/versions.tf +++ b/modules/gke-cluster-standard/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gke-hub/versions.tf +++ b/modules/gke-hub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/gke-nodepool/versions.tf +++ b/modules/gke-nodepool/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/iam-service-account/versions.tf +++ b/modules/iam-service-account/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/kms/versions.tf +++ b/modules/kms/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/logging-bucket/versions.tf +++ b/modules/logging-bucket/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/ncc-spoke-ra/versions.tf +++ b/modules/ncc-spoke-ra/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-address/versions.tf +++ b/modules/net-address/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-cloudnat/versions.tf +++ b/modules/net-cloudnat/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-firewall-policy/versions.tf +++ b/modules/net-firewall-policy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-ipsec-over-interconnect/versions.tf +++ b/modules/net-ipsec-over-interconnect/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext-regional/versions.tf b/modules/net-lb-app-ext-regional/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-app-ext-regional/versions.tf +++ b/modules/net-lb-app-ext-regional/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-app-ext/versions.tf +++ b/modules/net-lb-app-ext/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int-cross-region/versions.tf b/modules/net-lb-app-int-cross-region/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-app-int-cross-region/versions.tf +++ b/modules/net-lb-app-int-cross-region/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-app-int/versions.tf +++ b/modules/net-lb-app-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-ext/versions.tf +++ b/modules/net-lb-ext/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-int/versions.tf +++ b/modules/net-lb-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-lb-proxy-int/versions.tf +++ b/modules/net-lb-proxy-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-swp/versions.tf +++ b/modules/net-swp/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vlan-attachment/versions.tf +++ b/modules/net-vlan-attachment/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpc-firewall/versions.tf +++ b/modules/net-vpc-firewall/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpc-peering/versions.tf +++ b/modules/net-vpc-peering/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpc/versions.tf +++ b/modules/net-vpc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpn-dynamic/versions.tf +++ b/modules/net-vpn-dynamic/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpn-ha/versions.tf +++ b/modules/net-vpn-ha/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/net-vpn-static/versions.tf +++ b/modules/net-vpn-static/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/organization/versions.tf +++ b/modules/organization/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/project/versions.tf b/modules/project/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/project/versions.tf +++ b/modules/project/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/projects-data-source/versions.tf +++ b/modules/projects-data-source/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/pubsub/versions.tf +++ b/modules/pubsub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/secret-manager/versions.tf +++ b/modules/secret-manager/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/service-directory/versions.tf +++ b/modules/service-directory/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/source-repository/versions.tf +++ b/modules/source-repository/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/vpc-sc/versions.tf +++ b/modules/vpc-sc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/modules/workstation-cluster/versions.tf +++ b/modules/workstation-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/tests/examples_e2e/setup_module/versions.tf b/tests/examples_e2e/setup_module/versions.tf index 3db0e2076e..f43fef270d 100644 --- a/tests/examples_e2e/setup_module/versions.tf +++ b/tests/examples_e2e/setup_module/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } From e2f2c35adc8914f562579068cc312eb29e0917bf Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:20:10 +0100 Subject: [PATCH 16/24] update top-level READMEs --- README.md | 1 + blueprints/README.md | 4 ++-- modules/README.md | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a1d91a2d2b..e82e8bcbf3 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ The current list of modules supports most of the core foundational and networkin Currently available modules: - **foundational** - [billing account](./modules/billing-account), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source) +- **proces factories** - [project factory](./modules/project-factory/) - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) - **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) diff --git a/blueprints/README.md b/blueprints/README.md index 5d5a5d02a1..8a995facad 100644 --- a/blueprints/README.md +++ b/blueprints/README.md @@ -7,9 +7,9 @@ Currently available blueprints: - **apigee** - [Apigee Hybrid on GKE](./apigee/hybrid-gke/), [Apigee X analytics in BigQuery](./apigee/bigquery-analytics), [Apigee network patterns](./apigee/network-patterns/) - **cloud operations** - [Active Directory Federation Services](./cloud-operations/adfs), [Cloud Asset Inventory feeds for resource change tracking and remediation](./cloud-operations/asset-inventory-feed-remediation), [Fine-grained Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Cloud DNS & Shared VPC design](./cloud-operations/dns-shared-vpc), [Delegated Role Grants](./cloud-operations/iam-delegated-role-grants), [Network Quota Monitoring](./cloud-operations/network-quota-monitoring), [Managing on-prem service account keys by uploading public keys](./cloud-operations/onprem-sa-key-management), [Compute Image builder with Hashicorp Packer](./cloud-operations/packer-image-builder), [Packer example](./cloud-operations/packer-image-builder/packer), [Compute Engine quota monitoring](./cloud-operations/compute-quota-monitoring), [Scheduled Cloud Asset Inventory Export to Bigquery](./cloud-operations/scheduled-asset-inventory-export-bq), [Configuring workload identity federation with Terraform Cloud/Enterprise workflows](./cloud-operations/terraform-cloud-dynamic-credentials), [TCP healthcheck and restart for unmanaged GCE instances](./cloud-operations/unmanaged-instances-healthcheck), [Migrate for Compute Engine (v5) blueprints](./cloud-operations/vm-migration), [Configuring workload identity federation to access Google Cloud resources from apps running on Azure](./cloud-operations/workload-identity-federation) - **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Minimal Data Platform](./data-solutions/data-platform-minimal), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground), [MLOps with Vertex AI](./data-solutions/vertex-mlops), [Shielded Folder](./data-solutions/shielded-folder), [BigQuery ML and Vertex AI Pipeline](./data-solutions/bq-ml) -- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory) +- **factories** - [Fabric resource factories](./factories) - **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot) -- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke), [VPC Connectivity Lab](./networking/vpc-connectivity-lab/) +- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke), [VPC Connectivity Lab](./networking/vpc-connectivity-lab/) - **serverless** - [Cloud Run series](./serverless/cloud-run-explore) - **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun) diff --git a/modules/README.md b/modules/README.md index fc12865ee4..f8c30b7035 100644 --- a/modules/README.md +++ b/modules/README.md @@ -39,6 +39,10 @@ These modules are used in the examples included in this repository. If you are u - [Project](./project) - [Projects (data source)](./projects-data-source) +## Process factories + +- [Project factory](./project-factory/) + ## Networking modules - [Address reservation](./net-address) From 2d4f87b9c95c7441d4e288eb1d9817b6aa736f73 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:20:35 +0100 Subject: [PATCH 17/24] move project factory to modules --- modules/project-factory/README.md | 197 ++++++++++++++ modules/project-factory/factory.tf | 115 ++++++++ modules/project-factory/main.tf | 78 ++++++ modules/project-factory/outputs.tf | 28 ++ modules/project-factory/variables.tf | 95 +++++++ .../project_factory/examples/example.yaml | 257 ++++++++++++++++++ 6 files changed, 770 insertions(+) create mode 100644 modules/project-factory/README.md create mode 100644 modules/project-factory/factory.tf create mode 100644 modules/project-factory/main.tf create mode 100644 modules/project-factory/outputs.tf create mode 100644 modules/project-factory/variables.tf create mode 100644 tests/modules/project_factory/examples/example.yaml diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md new file mode 100644 index 0000000000..37c6244659 --- /dev/null +++ b/modules/project-factory/README.md @@ -0,0 +1,197 @@ +# Project Factory + +This module implements in code the end-to-end project creation process for multiple projects via YAML data configurations. + +It supports + +- all project-level attributes exposed by the [project module](../project/), including Shared VPC host/service configuration +- optional service account creation in the project, including basic IAM grants +- KMS key encrypt/decrypt permissions for service identities in the project +- membership in VPC SC standard or bridge perimeters +- billing budgets (TODO) +- per-project IaC configuration (TODO) + +The factory is implemented as a thin wrapping layer, so that no "magic" or hidden side effects are implemented in code, and debugging or integration of new features are simple. + +The code is meant to be executed by a high level service accounts with powerful permissions: + +- Shared VPC connection if service project attachment is desired +- project creation on the nodes (folder or org) where projects will be defined + +## Leveraging data defaults, merges, optionals + +In addition to the YAML-based project configurations, the factory accepts three additional sets of inputs via Terraform variables: + +- the `data_defaults` variable allows defining defaults for specific project attributes, which are only used if the attributes are not passed in via YAML +- the `data_overrides` variable works similarly to defaults, but the values specified here take precedence over those in YAML files +- the `data_merges` variable allows specifying additional values for map or set based variables, which are merged with the data coming from YAML + +Some examples on where to use each of the three sets are provided below. + +## Example + +```hcl +module "project-factory" { + source = "./fabric/modules/project-factory" + # use a default billing account if none is specified via yaml + data_defaults = { + billing_account = "012345-67890A-ABCDEF" + } + # make sure the environment label and stackdriver service are always added + data_merges = { + labels = { + environment = "test" + } + services = [ + "stackdriver.googleapis.com" + ] + } + # always use this contaxt and prefix, regardless of what is in the yaml file + data_overrides = { + contacts = { + "admin@example.com" = ["ALL"] + } + prefix = "test-pf" + } + # location where the yaml files are read from + factory_data_path = "data" +} +# tftest modules=7 resources=33 files=prj-app-1,prj-app-2,prj-app-3 inventory=example.yaml +``` + +```yaml +billing_account: 012345-67890A-BCDEF0 +labels: + app: app-1 + team: foo +parent: folders/12345678 +service_encryption_key_ids: + compute: + - projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce +services: + - container.googleapis.com + - storage.googleapis.com +service_accounts: + app-1-be: + iam_project_roles: + - roles/logging.logWriter + - roles/monitoring.metricWriter + app-1-fe: + display_name: "Test app 1 frontend." + +# tftest-file id=prj-app-1 path=data/prj-app-1.yaml +``` + +```yaml +labels: + app: app-2 + team: foo +parent: folders/12345678 +org_policies: + "compute.restrictSharedVpcSubnetworks": + rules: + - allow: + values: + - projects/foo-host/regions/europe-west1/subnetworks/prod-default-ew1 +service_accounts: + app-2-be: {} +services: +- compute.googleapis.com +- container.googleapis.com +- run.googleapis.com +- storage.googleapis.com +shared_vpc_service_config: + host_project: foo-host + service_identity_iam: + "roles/vpcaccess.user": + - cloudrun + "roles/container.hostServiceAgentUser": + - container-engine + service_identity_subnet_iam: + europe-west1/prod-default-ew1: + - cloudservices + - container-engine + network_subnet_users: + europe-west1/prod-default-ew1: + - group:team-1@example.com + +# tftest-file id=prj-app-2 path=data/prj-app-2.yaml +``` + +```yaml +parent: folders/12345678 +services: +- run.googleapis.com +- storage.googleapis.com + +# tftest-file id=prj-app-3 path=data/prj-app-3.yaml +``` + + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [factory_data_path](variables.tf#L91) | Path to folder with YAML project description data files. | string | ✓ | | +| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | +| [data_merges](variables.tf#L49) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | +| [data_overrides](variables.tf#L69) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [projects](outputs.tf#L17) | Project module outputs. | | +| [service_accounts](outputs.tf#L22) | Service account emails. | | + + +## Tests + +These tests validate fixes to the project factory. + +```hcl +module "project-factory" { + source = "./fabric/modules/project-factory" + data_defaults = { + billing_account = "012345-67890A-ABCDEF" + } + data_merges = { + labels = { + owner = "foo" + } + services = [ + "compute.googleapis.com" + ] + } + data_overrides = { + prefix = "foo" + } + factory_data_path = "data" +} +# tftest modules=4 resources=14 files=test-0,test-1,test-2 +``` + +```yaml +parent: folders/1234567890 +services: + - iam.googleapis.com + - contactcenteraiplatform.googleapis.com + - container.googleapis.com +# tftest-file id=test-0 path=data/test-0.yaml +``` + +```yaml +parent: folders/1234567890 +services: + - iam.googleapis.com + - contactcenteraiplatform.googleapis.com +# tftest-file id=test-1 path=data/test-1.yaml +``` + +```yaml +parent: folders/1234567890 +services: + - iam.googleapis.com + - storage.googleapis.com +# tftest-file id=test-2 path=data/test-2.yaml +``` diff --git a/modules/project-factory/factory.tf b/modules/project-factory/factory.tf new file mode 100644 index 0000000000..4028186caf --- /dev/null +++ b/modules/project-factory/factory.tf @@ -0,0 +1,115 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + _data = ( + { + for f in fileset(local._data_path, "**/*.yaml") : + trimsuffix(f, ".yaml") => yamldecode(file("${local._data_path}/${f}")) + } + ) + _data_path = var.factory_data_path == null ? null : pathexpand( + var.factory_data_path + ) + projects = { + for k, v in local._data : k => merge(v, { + billing_account = try(coalesce( + var.data_overrides.billing_account, + try(v.billing_account, null), + var.data_defaults.billing_account + ), null) + contacts = coalesce( + var.data_overrides.contacts, + try(v.contacts, null), + var.data_defaults.contacts + ) + labels = coalesce( + try(v.labels, null), + var.data_defaults.labels + ) + metric_scopes = coalesce( + try(v.metric_scopes, null), + var.data_defaults.metric_scopes + ) + org_policies = try(v.org_policies, {}) + parent = coalesce( + var.data_overrides.parent, + try(v.parent, null), + var.data_defaults.parent + ) + prefix = coalesce( + var.data_overrides.prefix, + try(v.prefix, null), + var.data_defaults.prefix + ) + service_encryption_key_ids = coalesce( + var.data_overrides.service_encryption_key_ids, + try(v.service_encryption_key_ids, null), + var.data_defaults.service_encryption_key_ids + ) + service_perimeter_bridges = coalesce( + var.data_overrides.service_perimeter_bridges, + try(v.service_perimeter_bridges, null), + var.data_defaults.service_perimeter_bridges + ) + service_perimeter_standard = try(coalesce( + var.data_overrides.service_perimeter_standard, + try(v.service_perimeter_standard, null), + var.data_defaults.service_perimeter_standard + ), null) + services = coalesce( + var.data_overrides.services, + try(v.services, null), + var.data_defaults.services + ) + shared_vpc_service_config = ( + try(v.shared_vpc_service_config, null) != null + ? merge( + { + network_users = [] + service_identity_iam = {} + service_identity_subnet_iam = {} + service_iam_grants = [] + network_subnet_users = {} + }, + v.shared_vpc_service_config + ) + : var.data_defaults.shared_vpc_service_config + ) + tag_bindings = coalesce( + var.data_overrides.tag_bindings, + try(v.tag_bindings, null), + var.data_defaults.tag_bindings + ) + # non-project resources + service_accounts = coalesce( + var.data_overrides.service_accounts, + try(v.service_accounts, null), + var.data_defaults.service_accounts + ) + }) + } + service_accounts = flatten([ + for k, v in local.projects : [ + for name, opts in v.service_accounts : { + project = k + name = name + display_name = try(opts.display_name, "Terraform-managed.") + iam_project_roles = try(opts.iam_project_roles, null) + } + ] + ]) +} diff --git a/modules/project-factory/main.tf b/modules/project-factory/main.tf new file mode 100644 index 0000000000..80cc80df4d --- /dev/null +++ b/modules/project-factory/main.tf @@ -0,0 +1,78 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "projects" { + source = "../project" + for_each = local.projects + billing_account = each.value.billing_account + name = each.key + parent = try(each.value.parent, null) + prefix = each.value.prefix + auto_create_network = try(each.value.auto_create_network, false) + compute_metadata = try(each.value.compute_metadata, {}) + # TODO: concat lists for each key + contacts = merge( + each.value.contacts, var.data_merges.contacts + ) + default_service_account = try(each.value.default_service_account, "keep") + descriptive_name = try(each.value.descriptive_name, null) + iam = try(each.value.iam, {}) + iam_bindings = try(each.value.iam_bindings, {}) + iam_bindings_additive = try(each.value.iam_bindings_additive, {}) + iam_by_principals = try(each.value.iam_by_principals, {}) + labels = merge( + each.value.labels, var.data_merges.labels + ) + lien_reason = try(each.value.lien_reason, null) + logging_data_access = try(each.value.logging_data_access, {}) + logging_exclusions = try(each.value.logging_exclusions, {}) + logging_sinks = try(each.value.logging_sinks, {}) + metric_scopes = distinct(concat( + each.value.metric_scopes, var.data_merges.metric_scopes + )) + org_policies = each.value.org_policies + service_encryption_key_ids = merge( + each.value.service_encryption_key_ids, + var.data_merges.service_encryption_key_ids + ) + service_perimeter_bridges = distinct(concat( + each.value.service_perimeter_bridges, + var.data_merges.service_perimeter_bridges + )) + service_perimeter_standard = each.value.service_perimeter_standard + services = distinct(concat( + each.value.services, + var.data_merges.services + )) + shared_vpc_service_config = each.value.shared_vpc_service_config + tag_bindings = merge( + each.value.tag_bindings, + var.data_merges.tag_bindings + ) +} + +module "service-accounts" { + source = "../iam-service-account" + for_each = { + for k in local.service_accounts : "${k.project}-${k.name}" => k + } + project_id = module.projects[each.value.project].project_id + name = each.value.name + display_name = each.value.display_name + iam_project_roles = each.value.iam_project_roles == null ? {} : { + (module.projects[each.value.project].project_id) = each.value.iam_project_roles + } +} diff --git a/modules/project-factory/outputs.tf b/modules/project-factory/outputs.tf new file mode 100644 index 0000000000..99653a1550 --- /dev/null +++ b/modules/project-factory/outputs.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "projects" { + description = "Project module outputs." + value = module.projects +} + +output "service_accounts" { + description = "Service account emails." + # TODO: group by project + value = { + for k, v in module.service-accounts : k => v.email + } +} diff --git a/modules/project-factory/variables.tf b/modules/project-factory/variables.tf new file mode 100644 index 0000000000..d37f939928 --- /dev/null +++ b/modules/project-factory/variables.tf @@ -0,0 +1,95 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "data_defaults" { + description = "Optional default values used when corresponding project data from files are missing." + type = object({ + billing_account = optional(string) + contacts = optional(map(list(string)), {}) + labels = optional(map(string), {}) + metric_scopes = optional(list(string), []) + parent = optional(string) + prefix = optional(string) + service_encryption_key_ids = optional(map(list(string)), {}) + service_perimeter_bridges = optional(list(string), []) + service_perimeter_standard = optional(string) + services = optional(list(string), []) + shared_vpc_service_config = optional(object({ + host_project = string + network_users = optional(list(string), []) + service_identity_iam = optional(map(list(string)), {}) + service_identity_subnet_iam = optional(map(list(string)), {}) + service_iam_grants = optional(list(string), []) + network_subnet_users = optional(map(list(string)), {}) + }), { host_project = null }) + tag_bindings = optional(map(string), {}) + # non-project resources + service_accounts = optional(map(object({ + display_name = optional(string, "Terraform-managed.") + iam_project_roles = optional(list(string)) + })), {}) + }) + nullable = false + default = {} +} + +variable "data_merges" { + description = "Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`." + type = object({ + contacts = optional(map(list(string)), {}) + labels = optional(map(string), {}) + metric_scopes = optional(list(string), []) + service_encryption_key_ids = optional(map(list(string)), {}) + service_perimeter_bridges = optional(list(string), []) + services = optional(list(string), []) + tag_bindings = optional(map(string), {}) + # non-project resources + service_accounts = optional(map(object({ + display_name = optional(string, "Terraform-managed.") + iam_project_roles = optional(list(string)) + })), {}) + }) + nullable = false + default = {} +} + +variable "data_overrides" { + description = "Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`." + type = object({ + billing_account = optional(string) + contacts = optional(map(list(string))) + parent = optional(string) + prefix = optional(string) + service_encryption_key_ids = optional(map(list(string))) + service_perimeter_bridges = optional(list(string)) + service_perimeter_standard = optional(string) + tag_bindings = optional(map(string)) + services = optional(list(string)) + # non-project resources + service_accounts = optional(map(object({ + display_name = optional(string, "Terraform-managed.") + iam_project_roles = optional(list(string)) + }))) + }) + nullable = false + default = {} +} + +variable "factory_data_path" { + description = "Path to folder with YAML project description data files." + type = string + nullable = false +} diff --git a/tests/modules/project_factory/examples/example.yaml b/tests/modules/project_factory/examples/example.yaml new file mode 100644 index 0000000000..5595a729f4 --- /dev/null +++ b/tests/modules/project_factory/examples/example.yaml @@ -0,0 +1,257 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.project-factory.module.projects["prj-app-1"].data.google_storage_project_service_account.gcs_sa[0]: + project: test-pf-prj-app-1 + user_project: null + module.project-factory.module.projects["prj-app-1"].google_essential_contacts_contact.contact["admin@example.com"]: + email: admin@example.com + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-prj-app-1 + timeouts: null + ? module.project-factory.module.projects["prj-app-1"].google_kms_crypto_key_iam_member.service_identity_cmek["compute.projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce"] + : condition: [] + crypto_key_id: projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce + role: roles/cloudkms.cryptoKeyEncrypterDecrypter + module.project-factory.module.projects["prj-app-1"].google_project.project[0]: + auto_create_network: false + billing_account: 012345-67890A-BCDEF0 + effective_labels: + app: app-1 + environment: test + team: foo + folder_id: '12345678' + labels: + app: app-1 + environment: test + team: foo + name: test-pf-prj-app-1 + org_id: null + project_id: test-pf-prj-app-1 + skip_delete: false + terraform_labels: + app: app-1 + environment: test + team: foo + timeouts: null + module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["container.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-1 + service: container.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["stackdriver.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-1 + service: stackdriver.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["storage.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-1 + service: storage.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].data.google_storage_project_service_account.gcs_sa[0]: + project: test-pf-prj-app-2 + user_project: null + module.project-factory.module.projects["prj-app-2"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: + deletion_policy: null + host_project: foo-host + service_project: test-pf-prj-app-2 + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_essential_contacts_contact.contact["admin@example.com"]: + email: admin@example.com + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-prj-app-2 + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_project.project[0]: + auto_create_network: false + billing_account: 012345-67890A-ABCDEF + effective_labels: + app: app-2 + environment: test + team: foo + folder_id: '12345678' + labels: + app: app-2 + environment: test + team: foo + name: test-pf-prj-app-2 + org_id: null + project_id: test-pf-prj-app-2 + skip_delete: false + terraform_labels: + app: app-2 + environment: test + team: foo + timeouts: null + ? module.project-factory.module.projects["prj-app-2"].google_project_iam_member.shared_vpc_host_robots["roles/container.hostServiceAgentUser:container-engine"] + : condition: [] + project: foo-host + role: roles/container.hostServiceAgentUser + ? module.project-factory.module.projects["prj-app-2"].google_project_iam_member.shared_vpc_host_robots["roles/vpcaccess.user:cloudrun"] + : condition: [] + project: foo-host + role: roles/vpcaccess.user + ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_robots["europe-west1:prod-default-ew1:cloudservices"] + : condition: [ ] + project: foo-host + role: roles/compute.networkUser + ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_robots["europe-west1:prod-default-ew1:container-engine"] + : condition: [ ] + project: foo-host + role: roles/compute.networkUser + ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_subnets_iam["europe-west1:prod-default-ew1:group:team-1@example.com"] + : condition: [ ] + project: foo-host + role: roles/compute.networkUser + module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["compute.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-2 + service: compute.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["container.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-2 + service: container.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["run.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-2 + service: run.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["stackdriver.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-2 + service: stackdriver.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["storage.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-2 + service: storage.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-2"].google_org_policy_policy.default["compute.restrictSharedVpcSubnetworks"]: + name: projects/test-pf-prj-app-2/policies/compute.restrictSharedVpcSubnetworks + parent: projects/test-pf-prj-app-2 + spec: + - inherit_from_parent: null + reset: null + rules: + - allow_all: null + condition: [ ] + deny_all: null + enforce: null + values: + - allowed_values: + - projects/foo-host/regions/europe-west1/subnetworks/prod-default-ew1 + denied_values: null + module.project-factory.module.projects["prj-app-3"].data.google_storage_project_service_account.gcs_sa[0]: + project: test-pf-prj-app-3 + user_project: null + module.project-factory.module.projects["prj-app-3"].google_essential_contacts_contact.contact["admin@example.com"]: + email: admin@example.com + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-prj-app-3 + timeouts: null + module.project-factory.module.projects["prj-app-3"].google_project.project[0]: + auto_create_network: false + billing_account: 012345-67890A-ABCDEF + effective_labels: + environment: test + folder_id: '12345678' + labels: + environment: test + name: test-pf-prj-app-3 + org_id: null + project_id: test-pf-prj-app-3 + skip_delete: false + terraform_labels: + environment: test + timeouts: null + module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["run.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-3 + service: run.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["stackdriver.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-3 + service: stackdriver.googleapis.com + timeouts: null + module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["storage.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prj-app-3 + service: storage.googleapis.com + timeouts: null + ? module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_project_iam_member.project-roles["test-pf-prj-app-1-roles/logging.logWriter"] + : condition: [] + project: test-pf-prj-app-1 + role: roles/logging.logWriter + ? module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_project_iam_member.project-roles["test-pf-prj-app-1-roles/monitoring.metricWriter"] + : condition: [] + project: test-pf-prj-app-1 + role: roles/monitoring.metricWriter + module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_service_account.service_account[0]: + account_id: app-1-be + description: null + disabled: false + display_name: null + project: test-pf-prj-app-1 + timeouts: null + module.project-factory.module.service-accounts["prj-app-1-app-1-fe"].google_service_account.service_account[0]: + account_id: app-1-fe + description: null + disabled: false + display_name: Test app 1 frontend. + project: test-pf-prj-app-1 + timeouts: null + module.project-factory.module.service-accounts["prj-app-2-app-2-be"].google_service_account.service_account[0]: + account_id: app-2-be + description: null + disabled: false + display_name: null + project: test-pf-prj-app-2 + timeouts: null + +counts: + google_compute_shared_vpc_service_project: 1 + google_compute_subnetwork_iam_member: 3 + google_essential_contacts_contact: 3 + google_kms_crypto_key_iam_member: 1 + google_project: 3 + google_project_iam_member: 4 + google_project_service: 11 + google_service_account: 3 + google_storage_project_service_account: 3 + google_org_policy_policy: 1 + modules: 7 + resources: 33 + +outputs: {} From b760a290b121ab58f9f491a9ccc03e453cac1765 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:20:51 +0100 Subject: [PATCH 18/24] fix variable names and tests --- .../data-solutions/shielded-folder/main.tf | 2 +- blueprints/networking/README.md | 6 - .../bigquery-factory/README.md | 6 +- .../cloud-identity-group-factory/README.md | 4 +- modules/analytics-hub/main.tf | 5 +- .../bigquery_factory/examples/simple.yaml | 40 --- .../examples/example.yaml | 42 --- .../examples/example.yaml | 188 ------------- .../project_factory/examples/example.yaml | 257 ------------------ .../cloud_run/examples/audit-logs.yaml | 47 +++- .../modules/cloud_run/examples/eventarc.yaml | 42 ++- .../examples/trigger-service-account.yaml | 22 +- .../examples/additional-clusters.yaml | 1 - .../gcve_private_cloud/examples/basic.yaml | 1 - .../examples/custom-management.yaml | 1 - .../examples/network-policy.yaml | 1 - 16 files changed, 95 insertions(+), 570 deletions(-) delete mode 100644 tests/blueprints/factories/bigquery_factory/examples/simple.yaml delete mode 100644 tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml delete mode 100644 tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml delete mode 100644 tests/blueprints/factories/project_factory/examples/example.yaml diff --git a/blueprints/data-solutions/shielded-folder/main.tf b/blueprints/data-solutions/shielded-folder/main.tf index 4524999adb..ba111d2c79 100644 --- a/blueprints/data-solutions/shielded-folder/main.tf +++ b/blueprints/data-solutions/shielded-folder/main.tf @@ -94,7 +94,7 @@ module "firewall-policy" { source = "../../../modules/net-firewall-policy" name = "default" parent_id = module.folder.id - rules_factory_config = var.data_dir == null ? {} : { + factories_config = var.data_dir == null ? {} : { cidr_file_path = "${var.data_dir}/firewall-policies/cidrs.yaml" ingress_rules_file_path = "${var.data_dir}/firewall-policies/hierarchical-ingress-rules.yaml" } diff --git a/blueprints/networking/README.md b/blueprints/networking/README.md index 8a4c40a08b..8a4f958129 100644 --- a/blueprints/networking/README.md +++ b/blueprints/networking/README.md @@ -18,12 +18,6 @@ They are meant to be used as minimal but complete starting points to create actu
-### Decentralized firewall management - -
This [blueprint](./decentralized-firewall/) shows how a decentralized firewall management can be organized using the [firewall factory](../factories/net-vpc-firewall-yaml/). - -
- ### GLB and multi-regional daisy-chaining through hybrid NEGs This [blueprint](./glb-hybrid-neg-internal/) shows the experimental use of hybrid NEGs behind external Global Load Balancers (GLBs) to connect to GCP instances living in spoke VPCs and behind Network Virtual Appliances (NVAs). diff --git a/modules/__experimental_deprecated/bigquery-factory/README.md b/modules/__experimental_deprecated/bigquery-factory/README.md index baf2f6d269..78362c5e9d 100644 --- a/modules/__experimental_deprecated/bigquery-factory/README.md +++ b/modules/__experimental_deprecated/bigquery-factory/README.md @@ -11,6 +11,7 @@ You can create as many files as you like, the code will loop through it and crea ### Terraform code In this section we show how to create tables and views from a file structure similar to the one shown below. + ```bash bigquery │ @@ -53,12 +54,12 @@ With this file structure, we can use the factory as follows: ```hcl module "bq" { - source = "./fabric/blueprints/factories/bigquery-factory" + source = "./fabric/modules/__experimental_deprecated/bigquery-factory" project_id = var.project_id tables_path = "bigquery/tables" views_path = "bigquery/views" } -# tftest modules=2 resources=3 files=table,view inventory=simple.yaml +# tftest modules=2 resources=3 files=table,view ``` @@ -76,4 +77,3 @@ module "bq" { - [ ] add external table support - [ ] add materialized view support - diff --git a/modules/__experimental_deprecated/cloud-identity-group-factory/README.md b/modules/__experimental_deprecated/cloud-identity-group-factory/README.md index 318eea2578..51e611a83e 100644 --- a/modules/__experimental_deprecated/cloud-identity-group-factory/README.md +++ b/modules/__experimental_deprecated/cloud-identity-group-factory/README.md @@ -10,11 +10,11 @@ Yaml abstraction for Groups can simplify groups creation and members management. ```hcl module "groups" { - source = "./fabric/blueprints/factories/cloud-identity-group-factory" + source = "./fabric/modules/__experimental_deprecated/cloud-identity-group-factory" customer_id = "customers/C0xxxxxxx" data_dir = "data" } -# tftest modules=2 resources=3 files=group1 inventory=example.yaml +# tftest modules=2 resources=3 files=group1 ``` ```yaml diff --git a/modules/analytics-hub/main.tf b/modules/analytics-hub/main.tf index e82798c175..0480dea636 100644 --- a/modules/analytics-hub/main.tf +++ b/modules/analytics-hub/main.tf @@ -18,9 +18,10 @@ locals { prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}_" _factory_listings = { for f in try(fileset(var.factories_config.listings, "*.yaml"), []) : - trimsuffix(f, ".yaml") => yamldecode(file("${var.factories_config.listings}/${f}")) + trimsuffix(f, ".yaml") => yamldecode( + file("${var.factories_config.listings}/${f}") + ) } - factory_listings = merge(local._factory_listings, var.listings) } diff --git a/tests/blueprints/factories/bigquery_factory/examples/simple.yaml b/tests/blueprints/factories/bigquery_factory/examples/simple.yaml deleted file mode 100644 index d32492d6c5..0000000000 --- a/tests/blueprints/factories/bigquery_factory/examples/simple.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.bq.module.bq["my_dataset"].google_bigquery_dataset.default: - dataset_id: my_dataset - project: project-id - module.bq.module.bq["my_dataset"].google_bigquery_table.default["countries"]: - dataset_id: my_dataset - friendly_name: countries - labels: - env: prod - project: project-id - schema: '[{"name":"country","type":"STRING"},{"name":"population","type":"INT64"}]' - table_id: countries - module.bq.module.bq["my_dataset"].google_bigquery_table.views["department"]: - dataset_id: my_dataset - friendly_name: department - labels: - env: prod - project: project-id - table_id: department - view: - - query: SELECT SUM(population) from my_dataset.countries - use_legacy_sql: false - -counts: - google_bigquery_dataset: 1 - google_bigquery_table: 2 diff --git a/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml b/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml deleted file mode 100644 index 1a8db1b593..0000000000 --- a/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.groups.module.group["group1@example.com"].google_cloud_identity_group.group: - description: Group 1 - display_name: Group 1 - group_key: - - id: group1@example.com - namespace: null - initial_group_config: EMPTY - labels: - cloudidentity.googleapis.com/groups.discussion_forum: '' - parent: customers/C0xxxxxxx - module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.managers["user2@example.com"]: - preferred_member_key: - - id: user2@example.com - namespace: null - roles: - - name: MANAGER - - name: MEMBER - module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.members["user1@example.com"]: - preferred_member_key: - - id: user1@example.com - namespace: null - roles: - - name: MEMBER - -counts: - google_cloud_identity_group: 1 - google_cloud_identity_group_membership: 2 diff --git a/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml b/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml deleted file mode 100644 index c2375ae574..0000000000 --- a/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.dev-firewall.google_compute_firewall.rules["deny-all"]: - allow: [] - deny: - - ports: [] - protocol: all - destination_ranges: - - 0.0.0.0/0 - direction: EGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-all-e-deny-all - network: my-dev-network - priority: 65535 - project: my-dev-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["lb-health-checks"]: - allow: - - ports: [] - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-all-i-lb-health-checks - network: my-dev-network - priority: 1001 - project: my-dev-project - source_ranges: - - 130.211.0.0/22 - - 35.191.0.0/16 - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["web-app-dev-egress"]: - allow: - - ports: - - '443' - protocol: tcp - deny: [] - destination_ranges: - - 192.168.0.0/24 - direction: EGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-sac-e-web-app-dev-egress - network: my-dev-network - priority: 1000 - project: my-dev-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: - - myapp@myproject-dev.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["web-app-dev-ingress"]: - allow: - - ports: - - '1234' - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-sac-i-web-app-dev-ingress - network: my-dev-network - priority: 1000 - project: my-dev-project - source_ranges: null - source_service_accounts: - - frontend-sa@myproject-dev.iam.gserviceaccount.com - source_tags: null - target_service_accounts: - - web-app-a@myproject-dev.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["deny-all"]: - allow: [] - deny: - - ports: [] - protocol: all - destination_ranges: - - 0.0.0.0/0 - direction: EGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-all-e-deny-all - network: my-prod-network - priority: 65535 - project: my-prod-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["lb-health-checks"]: - allow: - - ports: [] - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-all-i-lb-health-checks - network: my-prod-network - priority: 1001 - project: my-prod-project - source_ranges: - - 130.211.0.0/22 - - 35.191.0.0/16 - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["web-app-prod-egress"]: - allow: - - ports: - - '443' - protocol: tcp - deny: [] - destination_ranges: - - 192.168.10.0/24 - direction: EGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-sac-e-web-app-prod-egress - network: my-prod-network - priority: 1000 - project: my-prod-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: - - myapp@myproject-prod.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["web-app-prod-ingress"]: - allow: - - ports: - - '1234' - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-sac-i-web-app-prod-ingress - network: my-prod-network - priority: 1000 - project: my-prod-project - source_ranges: null - source_service_accounts: - - frontend-sa@myproject-prod.iam.gserviceaccount.com - source_tags: null - target_service_accounts: - - web-app-a@myproject-prod.iam.gserviceaccount.com - target_tags: null - timeouts: null - -counts: - google_compute_firewall: 8 diff --git a/tests/blueprints/factories/project_factory/examples/example.yaml b/tests/blueprints/factories/project_factory/examples/example.yaml deleted file mode 100644 index 5595a729f4..0000000000 --- a/tests/blueprints/factories/project_factory/examples/example.yaml +++ /dev/null @@ -1,257 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.project-factory.module.projects["prj-app-1"].data.google_storage_project_service_account.gcs_sa[0]: - project: test-pf-prj-app-1 - user_project: null - module.project-factory.module.projects["prj-app-1"].google_essential_contacts_contact.contact["admin@example.com"]: - email: admin@example.com - language_tag: en - notification_category_subscriptions: - - ALL - parent: projects/test-pf-prj-app-1 - timeouts: null - ? module.project-factory.module.projects["prj-app-1"].google_kms_crypto_key_iam_member.service_identity_cmek["compute.projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce"] - : condition: [] - crypto_key_id: projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce - role: roles/cloudkms.cryptoKeyEncrypterDecrypter - module.project-factory.module.projects["prj-app-1"].google_project.project[0]: - auto_create_network: false - billing_account: 012345-67890A-BCDEF0 - effective_labels: - app: app-1 - environment: test - team: foo - folder_id: '12345678' - labels: - app: app-1 - environment: test - team: foo - name: test-pf-prj-app-1 - org_id: null - project_id: test-pf-prj-app-1 - skip_delete: false - terraform_labels: - app: app-1 - environment: test - team: foo - timeouts: null - module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["container.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-1 - service: container.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["stackdriver.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-1 - service: stackdriver.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-1"].google_project_service.project_services["storage.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-1 - service: storage.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].data.google_storage_project_service_account.gcs_sa[0]: - project: test-pf-prj-app-2 - user_project: null - module.project-factory.module.projects["prj-app-2"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: - deletion_policy: null - host_project: foo-host - service_project: test-pf-prj-app-2 - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_essential_contacts_contact.contact["admin@example.com"]: - email: admin@example.com - language_tag: en - notification_category_subscriptions: - - ALL - parent: projects/test-pf-prj-app-2 - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_project.project[0]: - auto_create_network: false - billing_account: 012345-67890A-ABCDEF - effective_labels: - app: app-2 - environment: test - team: foo - folder_id: '12345678' - labels: - app: app-2 - environment: test - team: foo - name: test-pf-prj-app-2 - org_id: null - project_id: test-pf-prj-app-2 - skip_delete: false - terraform_labels: - app: app-2 - environment: test - team: foo - timeouts: null - ? module.project-factory.module.projects["prj-app-2"].google_project_iam_member.shared_vpc_host_robots["roles/container.hostServiceAgentUser:container-engine"] - : condition: [] - project: foo-host - role: roles/container.hostServiceAgentUser - ? module.project-factory.module.projects["prj-app-2"].google_project_iam_member.shared_vpc_host_robots["roles/vpcaccess.user:cloudrun"] - : condition: [] - project: foo-host - role: roles/vpcaccess.user - ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_robots["europe-west1:prod-default-ew1:cloudservices"] - : condition: [ ] - project: foo-host - role: roles/compute.networkUser - ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_robots["europe-west1:prod-default-ew1:container-engine"] - : condition: [ ] - project: foo-host - role: roles/compute.networkUser - ? module.project-factory.module.projects["prj-app-2"].google_compute_subnetwork_iam_member.shared_vpc_host_subnets_iam["europe-west1:prod-default-ew1:group:team-1@example.com"] - : condition: [ ] - project: foo-host - role: roles/compute.networkUser - module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["compute.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-2 - service: compute.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["container.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-2 - service: container.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["run.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-2 - service: run.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["stackdriver.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-2 - service: stackdriver.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_project_service.project_services["storage.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-2 - service: storage.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-2"].google_org_policy_policy.default["compute.restrictSharedVpcSubnetworks"]: - name: projects/test-pf-prj-app-2/policies/compute.restrictSharedVpcSubnetworks - parent: projects/test-pf-prj-app-2 - spec: - - inherit_from_parent: null - reset: null - rules: - - allow_all: null - condition: [ ] - deny_all: null - enforce: null - values: - - allowed_values: - - projects/foo-host/regions/europe-west1/subnetworks/prod-default-ew1 - denied_values: null - module.project-factory.module.projects["prj-app-3"].data.google_storage_project_service_account.gcs_sa[0]: - project: test-pf-prj-app-3 - user_project: null - module.project-factory.module.projects["prj-app-3"].google_essential_contacts_contact.contact["admin@example.com"]: - email: admin@example.com - language_tag: en - notification_category_subscriptions: - - ALL - parent: projects/test-pf-prj-app-3 - timeouts: null - module.project-factory.module.projects["prj-app-3"].google_project.project[0]: - auto_create_network: false - billing_account: 012345-67890A-ABCDEF - effective_labels: - environment: test - folder_id: '12345678' - labels: - environment: test - name: test-pf-prj-app-3 - org_id: null - project_id: test-pf-prj-app-3 - skip_delete: false - terraform_labels: - environment: test - timeouts: null - module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["run.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-3 - service: run.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["stackdriver.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-3 - service: stackdriver.googleapis.com - timeouts: null - module.project-factory.module.projects["prj-app-3"].google_project_service.project_services["storage.googleapis.com"]: - disable_dependent_services: false - disable_on_destroy: false - project: test-pf-prj-app-3 - service: storage.googleapis.com - timeouts: null - ? module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_project_iam_member.project-roles["test-pf-prj-app-1-roles/logging.logWriter"] - : condition: [] - project: test-pf-prj-app-1 - role: roles/logging.logWriter - ? module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_project_iam_member.project-roles["test-pf-prj-app-1-roles/monitoring.metricWriter"] - : condition: [] - project: test-pf-prj-app-1 - role: roles/monitoring.metricWriter - module.project-factory.module.service-accounts["prj-app-1-app-1-be"].google_service_account.service_account[0]: - account_id: app-1-be - description: null - disabled: false - display_name: null - project: test-pf-prj-app-1 - timeouts: null - module.project-factory.module.service-accounts["prj-app-1-app-1-fe"].google_service_account.service_account[0]: - account_id: app-1-fe - description: null - disabled: false - display_name: Test app 1 frontend. - project: test-pf-prj-app-1 - timeouts: null - module.project-factory.module.service-accounts["prj-app-2-app-2-be"].google_service_account.service_account[0]: - account_id: app-2-be - description: null - disabled: false - display_name: null - project: test-pf-prj-app-2 - timeouts: null - -counts: - google_compute_shared_vpc_service_project: 1 - google_compute_subnetwork_iam_member: 3 - google_essential_contacts_contact: 3 - google_kms_crypto_key_iam_member: 1 - google_project: 3 - google_project_iam_member: 4 - google_project_service: 11 - google_service_account: 3 - google_storage_project_service_account: 3 - google_org_policy_policy: 1 - modules: 7 - resources: 33 - -outputs: {} diff --git a/tests/modules/cloud_run/examples/audit-logs.yaml b/tests/modules/cloud_run/examples/audit-logs.yaml index 3b1d964dcf..87da2f2d24 100644 --- a/tests/modules/cloud_run/examples/audit-logs.yaml +++ b/tests/modules/cloud_run/examples/audit-logs.yaml @@ -14,31 +14,49 @@ values: module.cloud_run.google_cloud_run_service.service: + autogenerate_revision_name: false + location: europe-west8 + metadata: + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: - - spec: - - containers: - - image: us-docker.pkg.dev/cloudrun/container/hello - + - metadata: + - {} + spec: + - containers: + - args: null + command: null + env: [] + env_from: [] + image: us-docker.pkg.dev/cloudrun/container/hello + liveness_probe: [] + volume_mounts: [] + working_dir: null + volumes: [] + timeouts: null module.cloud_run.google_cloud_run_service_iam_binding.binding["roles/run.invoker"]: condition: [] location: europe-west8 members: - - serviceAccount:eventarc-trigger@project-id.iam.gserviceaccount.com + - serviceAccount:eventarc-trigger@project-id.iam.gserviceaccount.com project: project-id role: roles/run.invoker service: hello - module.cloud_run.google_eventarc_trigger.audit_log_triggers["setiampolicy"]: + channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello gke: [] + http_endpoint: [] + network_config: [] workflow: null + labels: null location: europe-west8 matching_criteria: - attribute: methodName @@ -52,15 +70,20 @@ values: value: google.cloud.audit.log.v1.written name: audit-log-setiampolicy project: project-id - + service_account: eventarc-trigger@project-id.iam.gserviceaccount.com + timeouts: null module.sa.google_project_iam_member.project-roles["project-id-roles/eventarc.eventReceiver"]: condition: [] project: project-id role: roles/eventarc.eventReceiver - module.sa.google_service_account.service_account[0]: account_id: eventarc-trigger + create_ignore_already_exists: null + description: null + disabled: false + display_name: Terraform-managed. project: project-id + timeouts: null counts: google_cloud_run_service: 1 @@ -68,3 +91,7 @@ counts: google_eventarc_trigger: 1 google_project_iam_member: 1 google_service_account: 1 + modules: 2 + resources: 5 + +outputs: {} diff --git a/tests/modules/cloud_run/examples/eventarc.yaml b/tests/modules/cloud_run/examples/eventarc.yaml index 961add60e2..96cd028f50 100644 --- a/tests/modules/cloud_run/examples/eventarc.yaml +++ b/tests/modules/cloud_run/examples/eventarc.yaml @@ -14,21 +14,41 @@ values: module.cloud_run.google_cloud_run_service.service: + autogenerate_revision_name: false + location: europe-west8 + metadata: + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: - - spec: - - containers: - - image: us-docker.pkg.dev/cloudrun/container/hello + - metadata: + - {} + spec: + - containers: + - args: null + command: null + env: [] + env_from: [] + image: us-docker.pkg.dev/cloudrun/container/hello + liveness_probe: [] + volume_mounts: [] + working_dir: null + volumes: [] + timeouts: null module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-1"]: + channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello gke: [] + http_endpoint: [] + network_config: [] workflow: null + labels: null location: europe-west8 matching_criteria: - attribute: type @@ -36,16 +56,24 @@ values: value: google.cloud.pubsub.topic.v1.messagePublished name: pubsub-topic-1 project: project-id + service_account: null + timeouts: null transport: - pubsub: - topic: projects/project-id/topics/pubsub_sink - module.pubsub.google_pubsub_topic.default: + kms_key_name: null + labels: null + message_retention_duration: null name: pubsub_sink project: project-id - + timeouts: null counts: google_cloud_run_service: 1 google_eventarc_trigger: 1 google_pubsub_topic: 1 + modules: 2 + resources: 3 + +outputs: {} diff --git a/tests/modules/cloud_run/examples/trigger-service-account.yaml b/tests/modules/cloud_run/examples/trigger-service-account.yaml index 3877a71e0e..4e442ca83b 100644 --- a/tests/modules/cloud_run/examples/trigger-service-account.yaml +++ b/tests/modules/cloud_run/examples/trigger-service-account.yaml @@ -17,7 +17,9 @@ values: autogenerate_revision_name: false location: europe-west8 metadata: - - {} + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: @@ -35,23 +37,22 @@ values: working_dir: null volumes: [] timeouts: null - module.cloud_run.google_cloud_run_service_iam_member.default[0]: condition: [] location: europe-west8 project: project-id role: roles/run.invoker service: hello - module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-1"]: channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello gke: [] + http_endpoint: [] + network_config: [] workflow: null labels: null location: europe-west8 @@ -65,17 +66,21 @@ values: transport: - pubsub: - topic: projects/project-id/topics/pubsub_sink - module.cloud_run.google_service_account.trigger_service_account[0]: account_id: tf-cr-trigger-hello + create_ignore_already_exists: null + description: null + disabled: false + display_name: Terraform trigger for Cloud Run hello. project: project-id - + timeouts: null module.pubsub.google_pubsub_topic.default: kms_key_name: null labels: null message_retention_duration: null name: pubsub_sink project: project-id + timeouts: null counts: google_cloud_run_service: 1 @@ -83,6 +88,7 @@ counts: google_eventarc_trigger: 1 google_pubsub_topic: 1 google_service_account: 1 + modules: 2 + resources: 5 outputs: {} - diff --git a/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml b/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml index 1df21f49a0..841b4095d5 100644 --- a/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml +++ b/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml @@ -54,7 +54,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_cluster: 2 diff --git a/tests/modules/gcve_private_cloud/examples/basic.yaml b/tests/modules/gcve_private_cloud/examples/basic.yaml index 08d7d7d377..40803f0209 100644 --- a/tests/modules/gcve_private_cloud/examples/basic.yaml +++ b/tests/modules/gcve_private_cloud/examples/basic.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 diff --git a/tests/modules/gcve_private_cloud/examples/custom-management.yaml b/tests/modules/gcve_private_cloud/examples/custom-management.yaml index 444474ce7f..6c7d7268a0 100644 --- a/tests/modules/gcve_private_cloud/examples/custom-management.yaml +++ b/tests/modules/gcve_private_cloud/examples/custom-management.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 diff --git a/tests/modules/gcve_private_cloud/examples/network-policy.yaml b/tests/modules/gcve_private_cloud/examples/network-policy.yaml index a35a753af3..bfd3133de1 100644 --- a/tests/modules/gcve_private_cloud/examples/network-policy.yaml +++ b/tests/modules/gcve_private_cloud/examples/network-policy.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 From b7382b3dba0dc7a9eceb9c652b162c30675fe15c Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:26:04 +0100 Subject: [PATCH 19/24] tfdoc --- modules/billing-account/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/billing-account/README.md b/modules/billing-account/README.md index 40c9976934..427fa2b917 100644 --- a/modules/billing-account/README.md +++ b/modules/billing-account/README.md @@ -260,7 +260,7 @@ update_rules: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [id](variables.tf#L131) | Billing account id. | string | ✓ | | +| [id](variables.tf#L130) | Billing account id. | string | ✓ | | | [budget_notification_channels](variables.tf#L17) | Notification channels used by budget alerts. | map(object({…})) | | {} | | [budgets](variables.tf#L47) | Billing budgets. Notification channels are either keys in corresponding variable, or external ids. | map(object({…})) | | {} | | [factories_config](variables.tf#L121) | Path to folder containing budget alerts data files. | object({…}) | | {} | @@ -268,8 +268,8 @@ update_rules: | [iam_bindings](variables-iam.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | | [iam_bindings_additive](variables-iam.tf#L39) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | | [iam_by_principals](variables-iam.tf#L54) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | -| [logging_sinks](variables.tf#L136) | Logging sinks to create for the organization. | map(object({…})) | | {} | -| [projects](variables.tf#L169) | Projects associated with this billing account. | list(string) | | [] | +| [logging_sinks](variables.tf#L135) | Logging sinks to create for the organization. | map(object({…})) | | {} | +| [projects](variables.tf#L168) | Projects associated with this billing account. | list(string) | | [] | ## Outputs From 9b7edbbb3b6849dcd91e5266ae87d0b26500614d Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:28:33 +0100 Subject: [PATCH 20/24] remove changelog link --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f3157936cd..3fb9351ad1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1653,7 +1653,7 @@ All notable changes to this project will be documented in this file. - add support for VPC-SC perimeters in Data Foundation end to end example - fix `vpc-sc` module - new networking example showing how to use [Private Service Connect to call a Cloud Function from on-premises](./blueprints/networking/private-cloud-function-from-onprem/) -- new networking example showing how to organize [decentralized firewall](./blueprints/networking/decentralized-firewall/) management on GCP +- new networking example showing how to organize decentralized firewall management on GCP ## [5.0.0] - 2021-06-17 From 7d548b60db5ce814668135a0e52348d9b38edb00 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:48:36 +0100 Subject: [PATCH 21/24] add project factory to top-level README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e82e8bcbf3..1f360759da 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ The current list of modules supports most of the core foundational and networkin Currently available modules: - **foundational** - [billing account](./modules/billing-account), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source) -- **proces factories** - [project factory](./modules/project-factory/) +- **process factories** - [project factory](./modules/project-factory/`) - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) - **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) From 60e6490806932d96b59d2a1843f20a897e866dd5 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:48:47 +0100 Subject: [PATCH 22/24] fix cludrun eventarc diff --- tests/modules/cloud_run/examples/audit-logs.yaml | 1 - tests/modules/cloud_run/examples/eventarc.yaml | 1 - tests/modules/cloud_run/examples/trigger-service-account.yaml | 1 - 3 files changed, 3 deletions(-) diff --git a/tests/modules/cloud_run/examples/audit-logs.yaml b/tests/modules/cloud_run/examples/audit-logs.yaml index 87da2f2d24..ed7d3b7779 100644 --- a/tests/modules/cloud_run/examples/audit-logs.yaml +++ b/tests/modules/cloud_run/examples/audit-logs.yaml @@ -53,7 +53,6 @@ values: region: europe-west8 service: hello gke: [] - http_endpoint: [] network_config: [] workflow: null labels: null diff --git a/tests/modules/cloud_run/examples/eventarc.yaml b/tests/modules/cloud_run/examples/eventarc.yaml index 96cd028f50..a757d9db6d 100644 --- a/tests/modules/cloud_run/examples/eventarc.yaml +++ b/tests/modules/cloud_run/examples/eventarc.yaml @@ -45,7 +45,6 @@ values: region: europe-west8 service: hello gke: [] - http_endpoint: [] network_config: [] workflow: null labels: null diff --git a/tests/modules/cloud_run/examples/trigger-service-account.yaml b/tests/modules/cloud_run/examples/trigger-service-account.yaml index 4e442ca83b..20d2464beb 100644 --- a/tests/modules/cloud_run/examples/trigger-service-account.yaml +++ b/tests/modules/cloud_run/examples/trigger-service-account.yaml @@ -51,7 +51,6 @@ values: region: europe-west8 service: hello gke: [] - http_endpoint: [] network_config: [] workflow: null labels: null From ef209ea402cb404a204a1c47da69d7718db746c7 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 10:50:55 +0100 Subject: [PATCH 23/24] fix README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1f360759da..aeb8d026fa 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ The current list of modules supports most of the core foundational and networkin Currently available modules: - **foundational** - [billing account](./modules/billing-account), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source) -- **process factories** - [project factory](./modules/project-factory/`) +- **process factories** - [project factory](./modules/project-factory/README.md) - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) - **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) From 5f44b6f08c9e9fb47e24118eaf1b1546a85c45f1 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 26 Feb 2024 11:06:27 +0100 Subject: [PATCH 24/24] fix cludrun eventarc diff --- tests/modules/cloud_run/examples/audit-logs.yaml | 3 --- tests/modules/cloud_run/examples/eventarc.yaml | 3 --- tests/modules/cloud_run/examples/trigger-service-account.yaml | 3 --- 3 files changed, 9 deletions(-) diff --git a/tests/modules/cloud_run/examples/audit-logs.yaml b/tests/modules/cloud_run/examples/audit-logs.yaml index ed7d3b7779..3f8635cf39 100644 --- a/tests/modules/cloud_run/examples/audit-logs.yaml +++ b/tests/modules/cloud_run/examples/audit-logs.yaml @@ -52,9 +52,6 @@ values: - path: null region: europe-west8 service: hello - gke: [] - network_config: [] - workflow: null labels: null location: europe-west8 matching_criteria: diff --git a/tests/modules/cloud_run/examples/eventarc.yaml b/tests/modules/cloud_run/examples/eventarc.yaml index a757d9db6d..d7c8ef9e21 100644 --- a/tests/modules/cloud_run/examples/eventarc.yaml +++ b/tests/modules/cloud_run/examples/eventarc.yaml @@ -44,9 +44,6 @@ values: - path: null region: europe-west8 service: hello - gke: [] - network_config: [] - workflow: null labels: null location: europe-west8 matching_criteria: diff --git a/tests/modules/cloud_run/examples/trigger-service-account.yaml b/tests/modules/cloud_run/examples/trigger-service-account.yaml index 20d2464beb..ca15d9fbe4 100644 --- a/tests/modules/cloud_run/examples/trigger-service-account.yaml +++ b/tests/modules/cloud_run/examples/trigger-service-account.yaml @@ -50,9 +50,6 @@ values: - path: null region: europe-west8 service: hello - gke: [] - network_config: [] - workflow: null labels: null location: europe-west8 matching_criteria: