From 6941313c7d1139dbfb0c016abb50fbef64902603 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Mon, 26 Feb 2024 11:16:52 +0100 Subject: [PATCH] Factories refactor (#1843) * factories refactor doc * Adds file schema and filesystem organization * Update 20231106-factories.md * move factories out of blueprints and create new factories README * align factory in billing-account module * align factory in dataplex-datascan module * align factory in billing-account module * align factory in net-firewall-policy module * align factory in dns-response-policy module * align factory in net-vpc-firewall module * align factory in net-vpc module * align factory variable names in FAST * remove decentralized firewall blueprint * bump terraform version * bump module versions * update top-level READMEs * move project factory to modules * fix variable names and tests * tfdoc * remove changelog link * add project factory to top-level README * fix cludrun eventarc diff * fix README * fix cludrun eventarc diff --------- Co-authored-by: Simone Ruffilli --- .github/workflows/linting.yml | 2 +- .github/workflows/tests.yml | 2 +- CHANGELOG.md | 2 +- README.md | 1 + blueprints/README.md | 4 +- .../data-solutions/shielded-folder/main.tf | 2 +- blueprints/factories/README.md | 99 ++++--- .../factories/net-vpc-firewall-yaml/README.md | 201 -------------- .../factories/net-vpc-firewall-yaml/main.tf | 113 -------- .../net-vpc-firewall-yaml/outputs.tf | 47 ---- .../net-vpc-firewall-yaml/variables.tf | 38 --- .../patterns/autopilot-cluster/versions.tf | 6 +- blueprints/gke/patterns/batch/versions.tf | 6 +- blueprints/gke/patterns/kafka/versions.tf | 6 +- blueprints/gke/patterns/mysql/versions.tf | 6 +- .../gke/patterns/redis-cluster/versions.tf | 6 +- blueprints/networking/README.md | 6 - .../decentralized-firewall/README.md | 55 ---- .../decentralized-firewall/backend.tf.sample | 20 -- .../decentralized-firewall/diagram.png | Bin 297001 -> 0 bytes .../firewall/common/common-egress.yaml | 47 ---- .../firewall/common/iap-access.yaml | 27 -- .../firewall/common/lb-access.yaml | 28 -- .../firewall/dev/app-1/app1-rules.yaml | 35 --- .../firewall/dev/app-2/app2-rules.yaml | 35 --- .../firewall/prod/app-1/app1-rules.yaml | 35 --- .../networking/decentralized-firewall/main.tf | 138 ---------- .../decentralized-firewall/outputs.tf | 53 ---- .../validator/Dockerfile | 29 -- .../validator/README.md | 80 ------ .../validator/action.yml | 44 --- .../validator/firewallSchema.yaml | 32 --- .../validator/firewallSchemaAutoApprove.yaml | 42 --- .../validator/firewallSchemaSettings.yaml | 49 ---- .../validator/requirements.txt | 16 -- .../validator/validator.py | 256 ------------------ .../decentralized-firewall/variables.tf | 57 ---- default-versions.tf | 6 +- .../2-networking-a-peering/dns-landing.tf | 4 +- fast/stages/2-networking-a-peering/main.tf | 2 +- fast/stages/2-networking-b-vpn/dns-landing.tf | 4 +- fast/stages/2-networking-b-vpn/main.tf | 2 +- fast/stages/2-networking-c-nva/dns-landing.tf | 4 +- fast/stages/2-networking-c-nva/main.tf | 2 +- .../2-networking-d-separate-envs/dns-dev.tf | 4 +- .../2-networking-d-separate-envs/dns-prod.tf | 4 +- .../2-networking-d-separate-envs/main.tf | 2 +- .../2-networking-e-nva-bgp/dns-landing.tf | 4 +- fast/stages/2-networking-e-nva-bgp/main.tf | 2 +- fast/stages/3-project-factory/dev/README.md | 6 +- fast/stages/3-project-factory/dev/main.tf | 2 +- modules/README.md | 4 + modules/__docs/20231106-factories.md | 102 +++++++ .../alloydb-instance/README.md | 0 .../alloydb-instance/main.tf | 0 .../alloydb-instance/outputs.tf | 0 .../alloydb-instance/variables.tf | 0 .../alloydb-instance/versions.tf | 6 +- .../bigquery-factory/README.md | 6 +- .../bigquery-factory/main.tf | 0 .../bigquery-factory/variables.tf | 0 .../cloud-identity-group-factory/README.md | 4 +- .../cloud-identity-group-factory/main.tf | 0 .../cloud-identity-group-factory/outputs.tf | 0 .../cloud-identity-group-factory/variables.tf | 0 .../net-dns-policy-address/README.md | 0 .../net-dns-policy-address/main.tf | 0 .../net-dns-policy-address/outputs.tf | 0 .../net-dns-policy-address/variables.tf | 0 .../net-neg/README.md | 0 .../net-neg/main.tf | 0 .../net-neg/outputs.tf | 0 .../net-neg/variables.tf | 0 .../net-neg/versions.tf | 6 +- .../project-iam-magic/versions.tf | 6 +- modules/analytics-hub/main.tf | 5 +- modules/analytics-hub/versions.tf | 6 +- modules/api-gateway/versions.tf | 6 +- modules/apigee/versions.tf | 6 +- modules/artifact-registry/versions.tf | 6 +- modules/bigquery-dataset/versions.tf | 6 +- modules/bigtable-instance/versions.tf | 6 +- modules/billing-account/README.md | 8 +- modules/billing-account/factory.tf | 2 +- modules/billing-account/variables.tf | 3 +- modules/billing-account/versions.tf | 6 +- modules/binauthz/versions.tf | 6 +- .../__need_fixing/onprem/versions.tf | 6 +- .../__need_fixing/squid/versions.tf | 6 +- .../coredns/versions.tf | 6 +- .../cos-generic-metadata/versions.tf | 6 +- .../envoy-sni-dyn-fwd-proxy/versions.tf | 6 +- .../envoy-traffic-director/versions.tf | 6 +- .../cloud-config-container/mysql/versions.tf | 6 +- .../nginx-tls/versions.tf | 6 +- .../cloud-config-container/nginx/versions.tf | 6 +- .../simple-nva/versions.tf | 6 +- modules/cloud-function-v1/versions.tf | 6 +- modules/cloud-function-v2/versions.tf | 6 +- modules/cloud-identity-group/versions.tf | 6 +- modules/cloud-run-v2/versions.tf | 6 +- modules/cloud-run/versions.tf | 6 +- modules/cloudsql-instance/versions.tf | 6 +- modules/compute-mig/versions.tf | 6 +- modules/compute-vm/versions.tf | 6 +- modules/container-registry/versions.tf | 6 +- modules/data-catalog-policy-tag/versions.tf | 6 +- modules/data-catalog-tag-template/versions.tf | 6 +- modules/data-catalog-tag/versions.tf | 6 +- modules/dataform-repository/versions.tf | 6 +- modules/datafusion/versions.tf | 6 +- modules/dataplex-datascan/README.md | 26 +- modules/dataplex-datascan/factory.tf | 150 ++++++++++ modules/dataplex-datascan/main.tf | 121 ++++++--- modules/dataplex-datascan/rules_parsing.tf | 54 ---- modules/dataplex-datascan/variables.tf | 17 +- modules/dataplex-datascan/versions.tf | 6 +- modules/dataplex/versions.tf | 6 +- modules/dataproc/versions.tf | 6 +- modules/dns-response-policy/README.md | 26 +- modules/dns-response-policy/main.tf | 7 +- modules/dns-response-policy/variables.tf | 15 +- modules/dns-response-policy/versions.tf | 6 +- modules/dns/versions.tf | 6 +- modules/endpoints/versions.tf | 6 +- modules/folder/versions.tf | 6 +- modules/gcs/versions.tf | 6 +- modules/gcve-private-cloud/versions.tf | 6 +- modules/gke-cluster-autopilot/versions.tf | 6 +- modules/gke-cluster-standard/versions.tf | 6 +- modules/gke-hub/versions.tf | 6 +- modules/gke-nodepool/versions.tf | 6 +- modules/iam-service-account/versions.tf | 6 +- modules/kms/versions.tf | 6 +- modules/logging-bucket/versions.tf | 6 +- modules/ncc-spoke-ra/versions.tf | 6 +- modules/net-address/versions.tf | 6 +- modules/net-cloudnat/versions.tf | 6 +- modules/net-firewall-policy/README.md | 12 +- modules/net-firewall-policy/factory.tf | 8 +- modules/net-firewall-policy/variables.tf | 22 +- modules/net-firewall-policy/versions.tf | 6 +- .../net-ipsec-over-interconnect/versions.tf | 6 +- modules/net-lb-app-ext-regional/versions.tf | 6 +- modules/net-lb-app-ext/versions.tf | 6 +- .../net-lb-app-int-cross-region/versions.tf | 6 +- modules/net-lb-app-int/versions.tf | 6 +- modules/net-lb-ext/versions.tf | 6 +- modules/net-lb-int/versions.tf | 6 +- modules/net-lb-proxy-int/versions.tf | 6 +- modules/net-swp/versions.tf | 6 +- modules/net-vlan-attachment/versions.tf | 6 +- modules/net-vpc-firewall/README.md | 13 +- modules/net-vpc-firewall/main.tf | 13 +- modules/net-vpc-firewall/variables.tf | 5 +- modules/net-vpc-firewall/versions.tf | 6 +- modules/net-vpc-peering/versions.tf | 6 +- modules/net-vpc/subnets.tf | 5 +- modules/net-vpc/versions.tf | 6 +- modules/net-vpn-dynamic/versions.tf | 6 +- modules/net-vpn-ha/versions.tf | 6 +- modules/net-vpn-static/versions.tf | 6 +- modules/organization/versions.tf | 6 +- .../project-factory/README.md | 33 ++- .../project-factory/factory.tf | 0 .../project-factory/main.tf | 4 +- .../project-factory/outputs.tf | 0 .../project-factory/variables.tf | 0 modules/project/versions.tf | 6 +- modules/projects-data-source/versions.tf | 6 +- modules/pubsub/versions.tf | 6 +- modules/secret-manager/versions.tf | 6 +- modules/service-directory/versions.tf | 6 +- modules/source-repository/versions.tf | 6 +- modules/vpc-sc/versions.tf | 6 +- modules/workstation-cluster/versions.tf | 6 +- .../bigquery_factory/examples/simple.yaml | 40 --- .../examples/example.yaml | 42 --- .../examples/example.yaml | 188 ------------- tests/examples_e2e/setup_module/versions.tf | 6 +- .../cloud_run/examples/audit-logs.yaml | 47 +++- .../modules/cloud_run/examples/eventarc.yaml | 42 ++- .../examples/trigger-service-account.yaml | 22 +- .../examples/additional-clusters.yaml | 1 - .../gcve_private_cloud/examples/basic.yaml | 1 - .../examples/custom-management.yaml | 1 - .../examples/network-policy.yaml | 1 - .../project_factory/examples/example.yaml | 0 188 files changed, 917 insertions(+), 2292 deletions(-) delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/README.md delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/main.tf delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/outputs.tf delete mode 100644 blueprints/factories/net-vpc-firewall-yaml/variables.tf delete mode 100644 blueprints/networking/decentralized-firewall/README.md delete mode 100644 blueprints/networking/decentralized-firewall/backend.tf.sample delete mode 100644 blueprints/networking/decentralized-firewall/diagram.png delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/common-egress.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/iap-access.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/common/lb-access.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/dev/app-1/app1-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/dev/app-2/app2-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/firewall/prod/app-1/app1-rules.yaml delete mode 100644 blueprints/networking/decentralized-firewall/main.tf delete mode 100644 blueprints/networking/decentralized-firewall/outputs.tf delete mode 100644 blueprints/networking/decentralized-firewall/validator/Dockerfile delete mode 100644 blueprints/networking/decentralized-firewall/validator/README.md delete mode 100644 blueprints/networking/decentralized-firewall/validator/action.yml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchema.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchemaAutoApprove.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/firewallSchemaSettings.yaml delete mode 100644 blueprints/networking/decentralized-firewall/validator/requirements.txt delete mode 100644 blueprints/networking/decentralized-firewall/validator/validator.py delete mode 100644 blueprints/networking/decentralized-firewall/variables.tf create mode 100644 modules/__docs/20231106-factories.md rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/alloydb-instance/versions.tf (85%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/README.md (94%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/main.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/bigquery-factory/variables.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/README.md (92%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/main.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/outputs.tf (100%) rename {blueprints/factories => modules/__experimental_deprecated}/cloud-identity-group-factory/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-dns-policy-address/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/README.md (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/main.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/outputs.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/variables.tf (100%) rename modules/{__experimental => __experimental_deprecated}/net-neg/versions.tf (85%) rename modules/{__experimental => __experimental_deprecated}/project-iam-magic/versions.tf (85%) create mode 100644 modules/dataplex-datascan/factory.tf delete mode 100644 modules/dataplex-datascan/rules_parsing.tf rename {blueprints/factories => modules}/project-factory/README.md (88%) rename {blueprints/factories => modules}/project-factory/factory.tf (100%) rename {blueprints/factories => modules}/project-factory/main.tf (96%) rename {blueprints/factories => modules}/project-factory/outputs.tf (100%) rename {blueprints/factories => modules}/project-factory/variables.tf (100%) delete mode 100644 tests/blueprints/factories/bigquery_factory/examples/simple.yaml delete mode 100644 tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml delete mode 100644 tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml rename tests/{blueprints/factories => modules}/project_factory/examples/example.yaml (100%) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 09fdc4d6..939f76a9 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -34,7 +34,7 @@ jobs: - name: Set up Terraform uses: hashicorp/setup-terraform@v2 with: - terraform_version: 1.7.0 + terraform_version: 1.7.4 - name: Install dependencies run: | diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3c83a8b1..8adef331 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -25,7 +25,7 @@ env: PYTEST_ADDOPTS: "--color=yes" PYTHON_VERSION: "3.10" TF_PLUGIN_CACHE_DIR: "/home/runner/.terraform.d/plugin-cache" - TF_VERSION: 1.7.0 + TF_VERSION: 1.7.4 TFTEST_COPY: 1 jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index f3157936..3fb9351a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1653,7 +1653,7 @@ All notable changes to this project will be documented in this file. - add support for VPC-SC perimeters in Data Foundation end to end example - fix `vpc-sc` module - new networking example showing how to use [Private Service Connect to call a Cloud Function from on-premises](./blueprints/networking/private-cloud-function-from-onprem/) -- new networking example showing how to organize [decentralized firewall](./blueprints/networking/decentralized-firewall/) management on GCP +- new networking example showing how to organize decentralized firewall management on GCP ## [5.0.0] - 2021-06-17 diff --git a/README.md b/README.md index a1d91a2d..aeb8d026 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ The current list of modules supports most of the core foundational and networkin Currently available modules: - **foundational** - [billing account](./modules/billing-account), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source) +- **process factories** - [project factory](./modules/project-factory/README.md) - **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [External Regional Application Load Balancer](./modules/net-lb-app-ext-regional/), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Cross-region Internal Application LB](./modules/net-lb-app-int-cross-region), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp) - **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud) - **data** - [Analytics Hub](./modules/analytics-hub), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Data Catalog Tag](./modules/data-catalog-tag), [Data Catalog Tag Template](./modules/data-catalog-tag-template), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub), [Dataform Repository](./modules/dataform-repository/) diff --git a/blueprints/README.md b/blueprints/README.md index 5d5a5d02..8a995fac 100644 --- a/blueprints/README.md +++ b/blueprints/README.md @@ -7,9 +7,9 @@ Currently available blueprints: - **apigee** - [Apigee Hybrid on GKE](./apigee/hybrid-gke/), [Apigee X analytics in BigQuery](./apigee/bigquery-analytics), [Apigee network patterns](./apigee/network-patterns/) - **cloud operations** - [Active Directory Federation Services](./cloud-operations/adfs), [Cloud Asset Inventory feeds for resource change tracking and remediation](./cloud-operations/asset-inventory-feed-remediation), [Fine-grained Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Cloud DNS & Shared VPC design](./cloud-operations/dns-shared-vpc), [Delegated Role Grants](./cloud-operations/iam-delegated-role-grants), [Network Quota Monitoring](./cloud-operations/network-quota-monitoring), [Managing on-prem service account keys by uploading public keys](./cloud-operations/onprem-sa-key-management), [Compute Image builder with Hashicorp Packer](./cloud-operations/packer-image-builder), [Packer example](./cloud-operations/packer-image-builder/packer), [Compute Engine quota monitoring](./cloud-operations/compute-quota-monitoring), [Scheduled Cloud Asset Inventory Export to Bigquery](./cloud-operations/scheduled-asset-inventory-export-bq), [Configuring workload identity federation with Terraform Cloud/Enterprise workflows](./cloud-operations/terraform-cloud-dynamic-credentials), [TCP healthcheck and restart for unmanaged GCE instances](./cloud-operations/unmanaged-instances-healthcheck), [Migrate for Compute Engine (v5) blueprints](./cloud-operations/vm-migration), [Configuring workload identity federation to access Google Cloud resources from apps running on Azure](./cloud-operations/workload-identity-federation) - **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Minimal Data Platform](./data-solutions/data-platform-minimal), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground), [MLOps with Vertex AI](./data-solutions/vertex-mlops), [Shielded Folder](./data-solutions/shielded-folder), [BigQuery ML and Vertex AI Pipeline](./data-solutions/bq-ml) -- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory) +- **factories** - [Fabric resource factories](./factories) - **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [GKE Autopilot](./gke/autopilot) -- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke), [VPC Connectivity Lab](./networking/vpc-connectivity-lab/) +- **networking** - [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [HA VPN over Interconnect](./networking/ha-vpn-over-interconnect/), [GLB and multi-regional daisy-chaining through hybrid NEGs](./networking/glb-hybrid-neg-internal), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke), [VPC Connectivity Lab](./networking/vpc-connectivity-lab/) - **serverless** - [Cloud Run series](./serverless/cloud-run-explore) - **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun) diff --git a/blueprints/data-solutions/shielded-folder/main.tf b/blueprints/data-solutions/shielded-folder/main.tf index 4524999a..ba111d2c 100644 --- a/blueprints/data-solutions/shielded-folder/main.tf +++ b/blueprints/data-solutions/shielded-folder/main.tf @@ -94,7 +94,7 @@ module "firewall-policy" { source = "../../../modules/net-firewall-policy" name = "default" parent_id = module.folder.id - rules_factory_config = var.data_dir == null ? {} : { + factories_config = var.data_dir == null ? {} : { cidr_file_path = "${var.data_dir}/firewall-policies/cidrs.yaml" ingress_rules_file_path = "${var.data_dir}/firewall-policies/hierarchical-ingress-rules.yaml" } diff --git a/blueprints/factories/README.md b/blueprints/factories/README.md index d2eeb0b2..65797865 100644 --- a/blueprints/factories/README.md +++ b/blueprints/factories/README.md @@ -1,44 +1,79 @@ -# The why and the how of Resource Factories +# Resource Factories -Terraform modules can be designed - where it makes sense - to implement a resource factory, which is a configuration-driven approach to resource creation meant to: +This README explains the rationale and high level approach for resource factories, a pattern that is widely used in this repository across modules and in the FAST framework. It also collects pointers to all the different factories implemented in modules to simplify discovery. -- accelerate and rationalize the repetitive creation of common resources, such as firewall rules and subnets -- enable teams without Terraform specific knowledge to leverage IaC via human-friendly and machine-parseable YAML files -- make it simple to implement specific requirements and best practices (e.g. "always enable PGA for GCP subnets", or "only allow using regions `europe-west1` and `europe-west3`") -- codify and centralise business logics and policies (e.g. labels and naming conventions) -- allow to easily parse and understand sets of specific resources, for documentation purposes + +- [The why](#the-why) +- [The how](#the-how) +- [Factory implementations](#factory-implementations) + - [Module-level factory interfaces](#module-level-factory-interfaces) + - [Standalone factories](#standalone-factories) + -Generally speaking, the configurations for a resource factory consists in one or more YaML files, optionally grouped in folders, that describe resources following a well defined, validable schema, such as in the example below for the subnet factory of the [`net-vpc`](../../modules/net-vpc) module, which allows for the massive creation of subnets for a given VPC. +## The why -```yaml -region: europe-west3 -ip_cidr_range: 10.0.0.0/24 -description: Sample Subnet in project project-prod-a, vpc-alpha -secondary_ip_ranges: - secondary-range-a: 192.168.0.0/24 - secondary-range-b: 192.168.1.0/24 -``` +Managing large sets of uniform resources with Terraform usually involves different teams collaborating on the same codebase, complex authorization processes and checks managed via CI/CD approvals, or even integrating with external systems that manage digital workflows. -Terraform natively supports YaML, JSON and CSV parsing - however Fabric has decided to embrace YaML for the following reasons: +Factories are a way to simplify all above use cases, by moving repetitive resource definitions out of the Terraform codebase and into sets of files that leverage different formats. -- YaML is easier to parse for a human, and allows for comments and nested, complex structures -- JSON and CSV can't include comments, which can be used to document configurations, but are often useful to bridge from other systems in automated pipelines -- JSON is more verbose (reads: longer) and harder to parse visually for humans -- CSV isn't often expressive enough (e.g. dit doesn't allow for nested structures) +Using factories, repetive resource creation and management becomes easier -If needed, converting factories to consume JSON is a matter of switching from `yamldecode()` to `jsondecode()` in the right place on each module. +- for humans who have no direct experience with Terraform, by exposing filesystem hierarchies and YAML-based configuration data +- for connected systems, by accepting well know data exchange formats like JSON or CSV +- for external code that needs to enforce checks or policies, by eliminating the need to parse HCL code or Terraform outputs +- to implement authorization processes or workwflows in CI/CD, by removing the dependency on Terraform and HCL knowledge for the teams involved -## Resource factories in Fabric +## The how -### Fabric Modules +Fabric resource-level factories can be broadly split into two different types -- [folder](../../modules/folder/README.md#firewall-policy-factory) and [organization](../../modules/organization/README.md#firewall-policy-factory) implement factories for [hierarchical firewall policies](https://cloud.google.com/vpc/docs/firewall-policies) -- [net-vpc](../../modules/net-vpc/README.md#subnet-factory) for subnets creation -- [net-vpc-firewall](../../modules/net-vpc-firewall/README.md#rules-factory) for massive rules creation +- simple factories that manage one simple resource type (firewalls, VPC-SC policies) +- complex factories that manage a set of connected resources to implement a complex flow that is usually perceived as a single unit (project creation) -### Dedicated Factories +The first factory type is implemented at the module level, where one module exposes one or more factories for some of the resources that depend on the main module resource (e.g. firewall rules for a VPC). The main goal with this approach is to simplify resource management at scale by removing the dependency on Terraform and HCL. -- [cloud-identity-group-factory](cloud-identity-group-factory/README.md) for Cloud Identity group -- [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs -- [project-factory](project-factory/README.md) for projects - +These factories are often designed as module-level interfaces which are then exposed by any module that manages a specific type of resource. All these factories leverage a single `factory_configs` variable, that allows passing in the paths for all the different factories supported in the module. + +The second factory type is implemented as a standalone module that internally references other modules, and implements complex management of different resource sets as part of a single process implemented via the factory. The typical example is the project factory, that brings together the project, service accounts, and billing accounts modules to cover all the main aspects of project creation as a single unit. + +## Factory implementations + +### Module-level factory interfaces + +- **BigQuery Analicts Hub rules** + - `analytics-hub` +- **billing budgets** + - `billing-account` +- **Data Catalog tags** + - `data-catalog-tag` +- **Data Catalog tag templates** + - `data-catalog-tag-template` +- **Dataplex Datascan rules** + - `dataplex-datascan` +- **firewall policy rules** + - `net-firewall-policy` +- **hierarchical firewall policies** + - `folder` + - `project` +- **IAM custom roles** + - `organization` + - `project` +- **organization policies** + - `organization` + - `folder` + - `project` +- **organization policy custom constraints** + - `organization` +- **DNS response policy rules** + - `dns-response-policy` +- **VPC firewall rules** + - `net-vpc-firewall` +- **VPC subnets** + - `net-vpc` +- **VPC-SC access levels and policies** + - `vpc-sc` + +### Standalone factories + +- **projects** + - `project-factory` diff --git a/blueprints/factories/net-vpc-firewall-yaml/README.md b/blueprints/factories/net-vpc-firewall-yaml/README.md deleted file mode 100644 index e385a68e..00000000 --- a/blueprints/factories/net-vpc-firewall-yaml/README.md +++ /dev/null @@ -1,201 +0,0 @@ -# Google Cloud VPC Firewall Factory - -This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. - -Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL. - -Nested folder structure for yaml configurations is optionally supported, which allows better and structured code management for multiple teams and environments. - -## Example - -### Terraform code - -```hcl -module "prod-firewall" { - source = "./fabric/blueprints/factories/net-vpc-firewall-yaml" - - project_id = "my-prod-project" - network = "my-prod-network" - config_directories = [ - "./firewall/prod", - "./firewall/common" - ] - - log_config = { - metadata = "INCLUDE_ALL_METADATA" - } -} - -module "dev-firewall" { - source = "./fabric/blueprints/factories/net-vpc-firewall-yaml" - - project_id = "my-dev-project" - network = "my-dev-network" - config_directories = [ - "./firewall/dev", - "./firewall/common" - ] -} -# tftest modules=2 resources=16 files=common,dev,prod inventory=example.yaml -``` - -```yaml -# tftest-file id=common path=firewall/common/common.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# allow ingress from GCLB to all instances in the network -lb-health-checks: - allow: - - ports: [] - protocol: tcp - direction: INGRESS - priority: 1001 - source_ranges: - - 35.191.0.0/16 - - 130.211.0.0/22 - -# deny all egress -deny-all: - deny: - - ports: [] - protocol: all - direction: EGRESS - priority: 65535 - destination_ranges: - - 0.0.0.0/0 -``` - -```yaml -# tftest-file id=dev path=firewall/dev/app.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# Myapp egress -web-app-dev-egress: - allow: - - ports: [443] - protocol: tcp - direction: EGRESS - destination_ranges: - - 192.168.0.0/24 - target_service_accounts: - - myapp@myproject-dev.iam.gserviceaccount.com -# Myapp ingress -web-app-dev-ingress: - allow: - - ports: [1234] - protocol: tcp - direction: INGRESS - source_service_accounts: - - frontend-sa@myproject-dev.iam.gserviceaccount.com - target_service_accounts: - - web-app-a@myproject-dev.iam.gserviceaccount.com -``` - -```yaml -# tftest-file id=prod path=firewall/prod/app.yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -# Myapp egress -web-app-prod-egress: - allow: - - ports: [443] - protocol: tcp - direction: EGRESS - destination_ranges: - - 192.168.10.0/24 - target_service_accounts: - - myapp@myproject-prod.iam.gserviceaccount.com -# Myapp ingress -web-app-prod-ingress: - allow: - - ports: [1234] - protocol: tcp - direction: INGRESS - source_service_accounts: - - frontend-sa@myproject-prod.iam.gserviceaccount.com - target_service_accounts: - - web-app-a@myproject-prod.iam.gserviceaccount.com -``` - -### Configuration Structure - -```bash -├── common -│ ├── default-egress.yaml -│   ├── lb-rules.yaml -│   └── iap-ingress.yaml -├── dev -│   ├── team-a -│   │   ├── databases.yaml -│   │   └── webb-app-a.yaml -│   └── team-b -│   ├── backend.yaml -│   └── frontend.yaml -└── prod - ├── team-a - │   ├── databases.yaml - │   └── webb-app-a.yaml - └── team-b - ├── backend.yaml - └── frontend.yaml -``` - -### Rule definition format and structure - -Firewall rules configuration should be placed in a set of yaml files in a folder/s. Firewall rule entry structure is following: - -```yaml - ---- -# Terraform will be unable to decode this file if it does not contain valid YAML -# You can retain `---` (start of the document) to indicate an empty document. - -rule-name: # descriptive name, naming convention is adjusted by the module - allow: # `allow` or `deny` - - ports: ['443', '80'] # ports for a specific protocol, keep empty list `[]` for all ports - protocol: tcp # protocol, put `all` for any protocol - direction: EGRESS # EGRESS or INGRESS - disabled: false # `false` or `true`, FW rule is disabled when `true`, default value is `false` - priority: 1000 # rule priority value, default value is 1000 - source_ranges: # list of source ranges, should be specified only for `INGRESS` rule - - 0.0.0.0/0 - destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule - - 0.0.0.0/0 - source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule - source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags` - - myapp@myproject-id.iam.gserviceaccount.com - target_tags: ['some-tag'] # list of target tags - target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags` - - myapp@myproject-id.iam.gserviceaccount.com -``` - - - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [config_directories](variables.tf#L17) | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml`. | list(string) | ✓ | | -| [network](variables.tf#L30) | Name of the network this set of firewall rules applies to. | string | ✓ | | -| [project_id](variables.tf#L35) | Project Id. | string | ✓ | | -| [log_config](variables.tf#L22) | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [egress_allow_rules](outputs.tf#L17) | Egress rules with allow blocks. | | -| [egress_deny_rules](outputs.tf#L25) | Egress rules with allow blocks. | | -| [ingress_allow_rules](outputs.tf#L33) | Ingress rules with allow blocks. | | -| [ingress_deny_rules](outputs.tf#L41) | Ingress rules with deny blocks. | | - - diff --git a/blueprints/factories/net-vpc-firewall-yaml/main.tf b/blueprints/factories/net-vpc-firewall-yaml/main.tf deleted file mode 100644 index 0cfacf8a..00000000 --- a/blueprints/factories/net-vpc-firewall-yaml/main.tf +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - firewall_rule_files = flatten( - [ - for config_path in var.config_directories : - concat( - [ - for config_file in fileset(config_path, "**/*.yaml") : - "${config_path}/${config_file}" - ] - ) - - ] - ) - - firewall_rules = merge( - [ - for config_file in local.firewall_rule_files : - yamldecode(file(config_file)) - ]... - ) -} - -resource "time_static" "timestamp" { - for_each = local.firewall_rules - triggers = { - name = md5(jsonencode(each.value)) - } -} - -resource "google_compute_firewall" "rules" { - for_each = local.firewall_rules - project = var.project_id - name = format( - "fwr-%s-%s-%s-%s", - var.network, - (try(each.value.target_service_accounts, null) != null ? "sac" : try(each.value.target_tags, null) != null ? "vpc" : "all"), - substr(lower(each.value.direction), 0, 1), - each.key - ) - description = format( - "%s rule in network %s for %s created at %s", - each.value.direction, - var.network, - each.key, - time_static.timestamp[each.key].rfc3339 - ) - - network = var.network - direction = each.value.direction - priority = try(each.value.priority, 1000) - disabled = try(each.value.disabled, null) - - source_ranges = try(each.value.source_ranges, each.value.direction == "INGRESS" ? [] : null) - source_tags = try(each.value.source_tags, null) - source_service_accounts = try(each.value.source_service_accounts, null) - - destination_ranges = try(each.value.destination_ranges, each.value.direction == "EGRESS" ? [] : null) - target_tags = try(each.value.target_tags, null) - target_service_accounts = try(each.value.target_service_accounts, null) - - dynamic "allow" { - for_each = { for block in try(each.value.allow, []) : - "${block.protocol}-${join("-", block.ports)}" => { - ports = [for port in block.ports : tostring(port)] - protocol = block.protocol - } - } - content { - protocol = allow.value.protocol - ports = allow.value.ports - } - } - - dynamic "deny" { - for_each = { for block in try(each.value.deny, []) : - "${block.protocol}-${join("-", block.ports)}" => { - ports = [for port in block.ports : tostring(port)] - protocol = block.protocol - } - } - content { - protocol = deny.value.protocol - ports = deny.value.ports - } - } - - dynamic "log_config" { - for_each = var.log_config != null ? [""] : [] - content { - metadata = var.log_config.metadata - } - } - - lifecycle { - create_before_destroy = true - } -} diff --git a/blueprints/factories/net-vpc-firewall-yaml/outputs.tf b/blueprints/factories/net-vpc-firewall-yaml/outputs.tf deleted file mode 100644 index f60e9c92..00000000 --- a/blueprints/factories/net-vpc-firewall-yaml/outputs.tf +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "egress_allow_rules" { - description = "Egress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "EGRESS" && length(rule.allow) > 0 - ] -} - -output "egress_deny_rules" { - description = "Egress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "EGRESS" && length(rule.deny) > 0 - ] -} - -output "ingress_allow_rules" { - description = "Ingress rules with allow blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "INGRESS" && length(rule.allow) > 0 - ] -} - -output "ingress_deny_rules" { - description = "Ingress rules with deny blocks." - value = [ - for rule in google_compute_firewall.rules : - rule if rule.direction == "INGRESS" && length(rule.deny) > 0 - ] -} diff --git a/blueprints/factories/net-vpc-firewall-yaml/variables.tf b/blueprints/factories/net-vpc-firewall-yaml/variables.tf deleted file mode 100644 index b41eb57c..00000000 --- a/blueprints/factories/net-vpc-firewall-yaml/variables.tf +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "config_directories" { - description = "List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml`." - type = list(string) -} - -variable "log_config" { - description = "Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging." - type = object({ - metadata = string - }) - default = null -} - -variable "network" { - description = "Name of the network this set of firewall rules applies to." - type = string -} - -variable "project_id" { - description = "Project Id." - type = string -} diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf index 3db0e207..f43fef27 100644 --- a/blueprints/gke/patterns/autopilot-cluster/versions.tf +++ b/blueprints/gke/patterns/autopilot-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf index 3db0e207..f43fef27 100644 --- a/blueprints/gke/patterns/batch/versions.tf +++ b/blueprints/gke/patterns/batch/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf index 3db0e207..f43fef27 100644 --- a/blueprints/gke/patterns/kafka/versions.tf +++ b/blueprints/gke/patterns/kafka/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf index 3db0e207..f43fef27 100644 --- a/blueprints/gke/patterns/mysql/versions.tf +++ b/blueprints/gke/patterns/mysql/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf index 3db0e207..f43fef27 100644 --- a/blueprints/gke/patterns/redis-cluster/versions.tf +++ b/blueprints/gke/patterns/redis-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/networking/README.md b/blueprints/networking/README.md index 8a4c40a0..8a4f9581 100644 --- a/blueprints/networking/README.md +++ b/blueprints/networking/README.md @@ -18,12 +18,6 @@ They are meant to be used as minimal but complete starting points to create actu
-### Decentralized firewall management - - This [blueprint](./decentralized-firewall/) shows how a decentralized firewall management can be organized using the [firewall factory](../factories/net-vpc-firewall-yaml/). - -
- ### GLB and multi-regional daisy-chaining through hybrid NEGs This [blueprint](./glb-hybrid-neg-internal/) shows the experimental use of hybrid NEGs behind external Global Load Balancers (GLBs) to connect to GCP instances living in spoke VPCs and behind Network Virtual Appliances (NVAs). diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md deleted file mode 100644 index 2fd89640..00000000 --- a/blueprints/networking/decentralized-firewall/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# Decentralized firewall management - -This example shows how a decentralized firewall management can be organized using the [firewall factory](../../factories/net-vpc-firewall-yaml/README.md). - -This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team -specific folders with firewall definitions in `yaml` format. - -In the current blueprint multiple teams can define their [VPC Firewall Rules](https://cloud.google.com/vpc/docs/firewalls) -for [dev](./firewall/dev) and [prod](./firewall/prod) environments using team specific subfolders. Rules defined in the -[common](./firewall/common) folder are applied to both dev and prod environments. - -> **_NOTE:_** Common rules are meant to be used for situations where [hierarchical rules](https://cloud.google.com/vpc/docs/firewall-policies) -do not map precisely to requirements (e.g. SA, etc.) - -This is the high level diagram: - -![High-level diagram](diagram.png "High-level diagram") - -The rules can be validated either using an automated process or a manual process (or a combination of -the two). There is an blueprint of a YAML-based validator using [Yamale](https://github.com/23andMe/Yamale) -in the [`validator/`](validator/) subdirectory, which can be integrated as part of a CI/CD pipeline. - - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | -| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L48) | Region used. | string | | "europe-west1" | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [fw_rules](outputs.tf#L15) | Firewall rules. | | -| [projects](outputs.tf#L33) | Project ids. | | -| [vpc](outputs.tf#L41) | Shared VPCs. | | - - - -## Test -```hcl -module "test" { - source = "./fabric/blueprints/networking/decentralized-firewall" - billing_account_id = "ABCDE-12345-ABCDE" - prefix = "prefix" - root_node = "organizations/0123456789" -} - -# tftest modules=9 resources=54 -``` diff --git a/blueprints/networking/decentralized-firewall/backend.tf.sample b/blueprints/networking/decentralized-firewall/backend.tf.sample deleted file mode 100644 index e1bb8eaf..00000000 --- a/blueprints/networking/decentralized-firewall/backend.tf.sample +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -terraform { - backend "gcs" { - bucket = "" - } -} diff --git a/blueprints/networking/decentralized-firewall/diagram.png b/blueprints/networking/decentralized-firewall/diagram.png deleted file mode 100644 index e96aa1c3f87f4a665410984cce7d1f658a1e766e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 297001 zcmeFZWmr|+7B&osN~n~y0-NrX?go*T*mQ?)X-O{m|>W-FG&bOq72~%pDNO+LkJCTt2?tjF1U){bx_T^?-F5|k{r|_=8 zk2D)w!rKk|TY_%OiI-k0Gs13GeKn|$xlwbvZpVdu8Ce|D@-=k*1)_VmU&LC4ZFk+la5|u7S6jdpp(kvdRol z)ckO#EhLNFU+Uv!cO%j8w#b%ZTqsDE%DLo1xzfgLf)J}H-#&|^vR*;qCiwEo=j;aU zt#M*gzeovIN!_Rte&bdGD*xN2Z<3RJ-c3C%xjG-~pA&P}b;5l~z|Ebg1>$j_j_aj#Q7-`?!U2t^>84}5bKS}wR^q_Yy%jUagb)N|m^t@1B*0N}O z?;eNDk4oc+Qcn6N;&K*)nPA<9Q2u$G@BWHfPpe4{e}n%Oze2^)ofG3jmgT&WCL+cv??$WsKGD9T$qDwi_(}A?+M>u;^?`hy}DOVGCX0h=&DlmR3pWd zp5xx55J_}rbbH)H7K0>Vz4}X$Rq9s)(l5IgsW={VF5W-(@Dar%-6*V5@iijhlC?aZApuS7`P9SFX~ zi9-JoZHzj;22J%FHku@31bQhIW)G@A6`G*LHKNCKCUlJGZ6-8hSY4kSOK|R>%YWn= zKv4oEu3yfEiBS@Oo@cIl1#ye5r&(j|= zUU@EoWrJBx#vFb>-PMNU;mvdOl#o7Yo%CDZ#fGjNNIRwXb7IlAxa(5#J<0iGpLFHP zr_vpJfh(yvD=k-de5-F1A#hp_c6^S>{E4-jIp$!uCF0a>yu|AwYLh#8N3H%j*Zt*< ziW^!8W?8MbkJOcO`Gy=`;`2WKiD-XoYePRlv>ACzvLoZ<`^k69?;hV>e@MEE))EGg zPlr;-1huGf`jXhiTn~>{Y_%{UGQr}?N@DI&?2+v;d_cJ@N)&Br0@vlY$KbIYtU|H!vth$ZWmOQVd zn7ybmqM64;%oxi=Ic)RD^N|5>@PumxR)uec{-fd{%r&dEI|qVmCu>=29m7t!I5xQV zdU(%xy~(=oG2c_Mb$@ijcJSWado;Xm_eO0g2J7FRBuBk_t$F1=+9OmC$^*2D#PGMT z2F`5#Cmu}%PRQy}-c_>xQuE`1FV{InLyB0g?6B)d)TmyrR)&Y1(q{>-9#R82KJzOJ zBnuP^`?t@Tl9`&B>~e-wYIv7I4<9-hJ7jpqd8Qm1ZuSd3NRdckO;HxQDHQAerB=I^ z$AkF$)?h=fFlW5jup4vGqc20|nv~x^`D*)q@r^z>Ts0geALJjv8A)7o8f{7!H~Gl9 z!`pdp%*=TteHLl;-GPyB%FMfO=c;D(XHzSl?xeyVNgC02xHMs3jNW;^Gc`|eN#12% z5L%F@mm#QBto=;%g6M^$ru0{guXNeG**HBIR`xt`<9r|ZKHw~~?xXMXF5g`4hflDw zv!rRYtW~D#9_#j0<(5~QM^;$qTfw)=>us;<*XTwTFc&!Lwu}^wn60Ob+~p%7_acu} z&Qi`{8&5EQW36vKY2HzSU8Qe1YI5}G^=kQ|?VIch}RKcb~qKKk~qC@0jr~II2Ph|1LU&yZ3`RB!IgHgMYNO6PF zeWz@%ydw&ytk^i5{+z*;$l}Q2k5yeqq#e&+d=~8SS+d?{*cVR~u%p2I*+#YBREI z7%bFS9UXn&Zkw$t_Ry;f*sP+K{4#8IIzKqiv3|T>bn$IRdK`yl{p)Czlk;?m9gXKZ zi-iVdu{XC8Y!Vg|e>grHGiVB{$+GFLD|D+eV)9_0Zg^U)T&fHwG8(C#c0X<3H13jJ z@?tq-Ui19EsavN$PVmGy@;gjDwOD~Jkk?GOWreCdiV9;dj z24#M}dwx`YBL(t~8byrQnBJzgVSvK+KsZ^ooch-wfu)^Z8dP~QI|sX?5w5kU*pPQo z?>GYQpRdl8mYB13jCa_nCZ&wIJohZirN}dWC_YB@NR5x4*E1PQba-%a+6UL2b{b)tKtZ_s>-CQltwC+AGmdV<{qSW*-QMv=tslL#yb>@XNLPn zcZ*q#QjS}WV%I|>Lj#H}i{)nu{POn?KMJpSu}P~-$Ih-c?R6Q-sv1fKUQ0;PX>D}HF9wGjyqLR1E@ghf9@L2~nFIA!9 zYG)F_&-FMkfe&`aJ53xO!4-Fdgj=fA2y>Pqs zj!+;ps4oa@{@rbyG!kom0C1x$brr3Yl~I_%IR*+kDjCXEaE1zg#ZbxrbuNd>h;rrE z`)DXAPi#@p|M49a@CyAP!7p^pU$0l5hof8v|H22q-sx!n{Pwl7^eg{7N6!PFp#XQU zs0dy)&0Q@m9o=l4+$nzymV!4hofY72C@4g9&@ZZ@2JH^G|CsGVU3XpO2SVmf4(z5D zPG*+u-VV;teNaTag}|wUrMoGWw}ZW-n~=9C^{;OTfph3>4r;1jUvak+rPfteqmp)V zwWQ)>=Va%k7Q>>Vq7renuoBXck^9Hx;9sKDHtz1uLL3}kUS8~8JnT-c)*M`df`S~J z+#KB8Y~UMgZa$9grrvChZZv=0 zY3XhI?~xqc{_$Ag0Xd*gIJnq3IsSETaH$CNu8^9ox1~K?#?}GI42&Vh#U*%8$gk)_R*i0YPnguN;^4#LEXjvys=seF)R^|f32DrmUY{t2Uy5Ewlb;@!7ETR=m$*;{9*j-6`Z4aE1_SPD@H+)Kv9&D zeCUn3k#fEM_VD;69F(0NxPy4h7ibu~Of+*JjX_!)Mi%(ElE9fJhRqnSI3Fb{=83({^+f@!H>EXe7%_ah%;MEtiy zp>vSye;Az_R{;&b3~ih(@8y5LX9P6WEB|+@|6KzASE~OXboCpC{bXhDSsL>8tzc%Y zyrfH(WbOBKkg(ON(VMs1dRPdrp$2hS<uOg#(mK*9)Z^ukM=j+1sa=SRipTf>?ILhv`*STNv7ERcUiWPDtF=G_ zl7M{eKa9)b$zw#phVzJ#3>6Zc6KTqNI`@P!Su#tzP%pS3hdG`sxU7tuL1iRYy@fNC z=`Z6%k3~6J=zYUq7v)k|WYplh!~C8sOXl$@*Llx*(nWkyJidwp>+g@DCWB6EL8xw> z|DGCG@i9jezr)1h1=&3t+#0V)vG~Y z;<|KSN3Oy5AlW*hzDz?d5A6@<81)zkj{3U=uR8i$Jc-U`@@S6GS72>~^!V6VaMAWx z`m5xgl97h3vY!8k zmy&1$52Mv1Zzr2>f{Ck*EN&VtfG=b_OjfduRpyymeX#DYY=26wfBy5p&|5M9wdkD` zVcJb}A`YXC_Cou?%t-7L78uKBgjV|RBTAs+BavE< zQ}XB|B}CBckrhB33>Fnmvtp^eFBw!Z{SSt9!oS3n4v;V?Nol8gX6CU0{Y9c<>_#KQ zs#Fr$4YA6eJ{s~wyFA|x^1?66)5@p6_n!_W9v6&)NmWP`EJgPid2oI-TemB))AJmu zl`GoNV2EFaRTnfYgohh^M*l6WAWJDxZ?wp8zm6*}APf>mgglGvAF+yx8JLKAsZ9pP zZ82~bHrp}B_7X{`BE1idj>`(dK*%uVtAeM9f(L_I<9|#k?7oDQcE(}B1RdI6Q%gtF zXM^Q`6nfZ;2TX|(T#c0{%wivdD8Sma$@*Ppk1=HEKUp-#Hbi55q5O zwzV<(wHC7A<|RLAUR1;(;}vU}^?#4D>1vn?oy1?&eP7nwP5*7|!v; z+HD)ZtV~h=6#wsI0a4tBM3KcXd<#zjDS;ctiq6bo0y9v4!`F*zqFtbi#|X>Ut9YcX zp)oI0aJV@+i6?)@wD&bHPXdkWRW8L&EVJTV6-f9cDZqH<1@VDTP&Lla`eQv-X@Ecj zShb#GED{D&VZq<jRtZK!Wasj6QAA=tboycaq(eeRyM{WYA_Wh zJVNsgpFlK;tTubo>wXZ)a52(w56ru&z{i!4MK5qHI^`%SQyx-aN zghtT=tPGwdULpqT5WInhM8=Db)Xcm<6c`*mKIHh_^C4q_DlC~7zwe_)UPF__ zE8A(+t9H(4_%Wzd>3`zdl9X7C`6Undq&^zEZy$q4O3gbyMu7Y89pq{>0E3DO25VyW zeQDF-B~nWypfDlocNmr#3qJo*`cRP?se|syW-%ApMmdKr|CG!!nwW#Hy)%kosku9{ zw*3tT%UA)Nhy0!mvchh(Z)d1WHl<}9_?zVLWyo%+biq8Y=8JQ~$uZ%tGV{y+FlMZH zFpktFyg~_`8HTijMV}`oButEzns2^P6^ooCz>bUHdY=d4lOp!lDl$B58gpuMPj%Jy zF6thWmA(|i6gMU-#m@V)yXns%mrXSdhRb?mUDUXJ7<4RfIyv3Co`FXJJFi~zB zj*8_O?_;Ab-pbeB1*xFN>LA@Znt^~OCVcMRyrjJinD9}5o*}gwX0QPkJVL^5w8#T?6;GG*n=CyC`ex;%<4C>^2mj1N;MCplvtxha zAMSK>G?nWZ2MlW$8IV?a5zUwb6RG?ZdVO-nZ+o+Speq|=rRIL;9_>9sNO`^is6}FrUN3L)7UMojJ*oOhp3WIRrtM=!dfDTbOX+ zqsTxAHb@|W8DeQTSyZy)mvMLNWJUk3UbpEX$30&BC?4bCeJUL(q7Yo_f#cnUO%TJL zt&Phlh#}H~uUv=1Su(M9*3B-dYcl-p`_y;l!*7z$&%8TgxBHs?^kDUChmRE=JJ%bt z1Vlk~of7FUm0JfAw!G`p=gA0TvHo6R{@b(T28+;x1&S3`)glglh_R^A+5ExwcxSHC zc}@z5+(H=F=a%pWCj-#dFjBdn+WK^F^BG~vb3)~S^nji+0EJkgw? zU|2KEJe&AB?;d?#F(}3}Yc4s!;u7WPcDbSZ4jy4v2$kF~P_`4=0@rbw2?Q zw}G#X`z6n`CERnyX9XTj#CBu5Ae|ObP~3Dek?Oyv_--qbej?mEtZIC>gVM>c&a?M* z5*>`?%Zx@KG)5-{5a+mg%DSjxXO{<#&E>!K?U&-6C;+t=JAA#yie^iNRDxlvTee2v zv5Ocl9_vPkVu<9Vc)lJk)aU1%(WSDs=eVKf{eq6h;>1z9=g~;Pt9^m>fs9b>lqB0? z9!z*@V>WbmToIr{A)^eh^5Q_4jnk_6W5}=vU`W_e(F8pjA#P_pvMo^j^307~&^6Ox zs+ucLUc1<+!T#f8R5+eDvqX6}Gok=;!sfA}R{1)`GnN6=*m*j|Tdf5P&xHGgyta~E z`dI-k{_$)Na#RwYAdYsiZyRhWOKG#O+Rgqk_z4u_8xND$*wC2pJF}1nt2t>C(HxB= znw@KtRmDJWa?-$90Go&PVJZ=nr6ImsY06+PU z1lUIsj9}#cf|&_zl>yfRwhpH5F|PuJKl%+?>3b;@@W4w1sr^)S=}l7Z*24)q4iJas zkA82;vy!1Jp0KyJxxJAYGF8BA+_I*kd2P4fnaXROZ4X?^JZ zi>yg`H9c?r1Q{z#?w zxGO$a#b*8YpMn+bw(3uHV9_aZKad#PJ20Uf3iEyW@}=(AY-NYEfJ2v{y6r~4cBv!! z2|l2q_?o{g^6%~zqhUMD=%Nx60Tg!^3hUl!)_R@IC{Mg)lRim?UK5n2O4VD%{Q#b5 zW_IEirZ1DFvXLS>sspa!7cf~Hdf$hQWy+G;8j$a~Il=yr-KZVo{^yx)Z*9qfc?v$$ zW_0~p_xGoFRYf~PbBD8)$=^|IPF8uD5qW&J1nQ;qbE4{ZBrDMf(0_cfXpV2RL=+^< zTby5|5{mK6ttxE3G+)D^*tp@miV;l<>;5|Y4|SzdkRqC`F4U{&YLBIKN(=n?em~p{ zPCeVWiyDrz|0I#?=w2YhYYbZjffguK@i|V}%%z&_zFZQ=eXn0tbSi=FWWDV63b@GU zjfa1PMPxDLI_>)3&rl<&fisJ|(vyIc?QOpK*l(*Q=k&GcF4^{&l+?&AqSpjagiFW6 zh(d;q5}KPf9E|9zNa!^M2HejDu-9^`<(Tt|(}H&!tIUV(rpp;j+wI2FqC%sFi7*+J zO75A-8r3whk$3X3<+0MQ6dJ&jODXyMp=dHD!e9 zhE!MPF5fdr5ereV3?#@4o7>srkDbpqhnT-4VsZ zb6F}y;0ExoCo03bN1qjs*Lkd4F{JsIorZ{vmx|I__`H4n%Qx;|pi6c(V?XLk7Cb!L z@2}e}tzOBZfl;||tdAC_-Srq!kAHTmAc{Mb>a$D=&~_@eL((%}wQCu^m>k~iq}J6! zS@}~kT_AzMU|aeFIp79wf^}L|zzwE`@}S*k{b9(Zn~xciokQ+=e+yP5pZQ&hF{Fr0 z(Psls9ZtW6;uw%L$+WlT#Sl=MelvX#At@5W@{{phK|zmIPm(EEkjlZq!Ix54awE~_ zkQJ(k9z28s4?!jMzQxZf5M>CoPyTT9VNhU$9p+8YqPc)Plkj?G1Zxd$SuPsv8emOq zrNeKO0&~&&$?GRmF|CRT|B`F-3bF(APzl_>BFy|<_;`$1 z&|+;{C9&yO_CUx=9}qY5S2Ihl$~C=<6`KgNk{WB)WQn7NvEb=-u|VEL^xW4KRxWTjlklnvSW}0v;boND_vf?T>QKrY#v#v*>&TTpy-j=}A zu+B-Y(OGE8>8}5RQC{dFR2HHqi!b;Be!5SB6i7~jimJl)YkQyQk%9D3RD8Bd%A*pA%^0jW#{5a~3?o)(F%9RLop%dMdKV_M*0Vfl}RG?np!WuR#xMxNC> z?;A%i#J6ofyy0L^?nJ8m`d%r3Lp3g<%vjy!?<$3tX)QKQG6a9Qbh2OrZ1`04R^7Ik zezmjd{iE`z>OIM88D~Y+^H}+sIVwX1L*|2-iYlG=muAQ+b|{H8a9RsK^a*tz0_jGT zSy`kY3SvyOGX7Y;t13X7g1t&!GoY1%c}2-)&o3EyH;?gKcHJg68whGhjrj7k9`Rs4 zdjBRlUp49`%Va7?r>f8@?K%i*%~yt$I`gWHE3_dCc2%TG1Rk7X%lv3Is0qMp#&;yR zB}KJsd01fum<04=-@m-$(Zj(KKi&A?aCv^ze;i2d1x)IBMBpD-IYMFy*qm0Mf}l(~ z737W@^&2p>^z_!yb1m9;9*YMdm}NTk$}A$G%shd^cq>6Z|L!#jDeOZqMDwofTL+Mi zkrA@}@|z~O01jP6-7@#K2sl3&CB2Fti-cU3-) zt%j(~W~1R~=FR><$WZ7&2#x%+9-9d1Fd{_xe-L4dIKYTbzUt(?$H;`z!}9qD?>R;4 zkEK7(v;26)V@)R4+X?jjACi(V#l;9g9<&muj>VAj7$kjqpaz_MZH43XM4#}sNIn3| zpydW+El=ZQzZ-5nT~&$DMXZUQ|M*%6G-Z{&ad7XpUWtZG7ntbpM;-7e71;P}xWV%f zYv6re@3J80x8KXZ*@7ePPN5ga3s@&bnI_0u(m5fo>w7fq1>mg<`;-HHE`Su>w*c7}b4s!ONt@&>js=`|Z*4Px2{`SJ}W8K0IzZw6KB5i ze{YRUx>~~yNG%gYL^+`5$@v|V0}jWn*~=-r@pq%7X!9Tg2a)L7O|nIibd2>x8?&h* zQXZ=@Kpfq~;Yu~cFT75zog(C650V1MWcK#XuKx`MXJK$&d85?Xg)$_QlHI9vd7xY}sN^Cb&;j%nyp}a5w#F!_nzo>4jb}w7? z^}Wwq_4_JEr?2gbN{bBZ5{j`0A2bf}DD;FFBm&;ixjCPJBNs>fY#cfh0p(HPG}{=?KxC%DO`#@||1v&)yyq28&6|lipm-8K5X(UH_FmI_ zV|Iul92{-@1H|q@zSDnGa9AH*gBF>GT&gmzw136pxhtI7nmB|_#99(7ej$*@g(a<1 zY3z2LOTCz0`SqA%-R5#LZB{oUJ&YxyA?1yb4-BF|T`-wI94q1J7x}7nnDKB_=1WbL&&o7tjXIcc)a`WYe4_yb>kfexE*_?7GH2*i9jP=n3^SwKPtIj_ zSu8@~VV$P~|E*!M(~X7twCZrWg-F7ga}nc@)}No#6;Xgnbt$lqn%dH-(NKq6>;pz7 zCYK{ynZWjyc``-O=XhV6*PlQ0!Gy1-=W_o`LH|05g2I&9x=V!)dLZq$FviB}cC~ng zW7ZhC2zJVVA8`Q}Co6y+-9t2=o1o->kA8%B`|zgmt2LV#lc7SN{bkRcPuGRxP+JUz z0Hy4%#u~$2j|}5F{<&VPnyZeO^<7EvN|tYplcyjZb7RVov!wcfD7Yb^6{kpm@fNv6 z-XfZY8)P?9P|DGCHn`lMw!L*~Br)Hp3vv@XVyv&9d81FwL$BQ&6jPx*UGNF>ReJ)) zBz=p!p>T20lVosL*t5LSVNwrxs+1B!bky$sm&heWoBybJ?E;@fD9*BUJ2-?IS%3_K zVZQtFWA&@UkMCc!_4LTRs$n<-fSFr!ig(<*L(=3%Td=OqH?@3n_I* z(Hhn_Y2uYdCF+^6ftXLivDC*JOoa_EPd?=f5)p2#eR6tAH3NS?gJb^X@BkxCZu#KX z-_J`*sxUGYs0d-$yN>{=wiRvD#WaG5+xY%2w({cqw2o8m zJ=qo@8rI{=?ds?(HoIu2l_0`4w@WEZVj!&G;Y7BB7vSgYtSNrd{TYvUA%u@Zw}cmr zMvII>RshccQtwj(?=)RwD`Kj$T;;Vd@1CUi?|p6;pnCr-9uQ>A^KT83z*lX)P`?py zdAl%Dg zNcrq_d)y+<7p~rK#x4T{_EMHVaAAA^W{c{Irj^WwGlvBMc2?DQj)z!wg?=j$%fyWus9;1duPXTpa2x#!E`i9Gkqox$9 zib==1aqx+C(COrCa=Jz;?4BEV5+PW)CC2d4l$&Y|CsAsDKfmo@>(d3xFzC zYY!Qcrh_ie*>C3S&g_su47Kio1I zx|r(gJv{y8AU)c6PB$%;z)`GIY}8J9Ad`GcwZvp2J?LzK@(_@JWIg`IVJp~amj}f` z4kc3e&Zf5mbsF=yVJzc~EVIE@We{Pg?Xu!-jbG*(Wh@MpVE%S=YJy~LuYBR51D-;> zL~R%=$NaGii`j60EF6z5&A6lT%ZPl!>Jh0^;GR|`PLo*bxn?SYm60*)jYM`>LALT6 zJ>cUv_xr`Yw5(GtfrsNl5Qs!6sEVJLlViu8fTU!aP5wdiIyMedb~1~%#Q8~okSFy` zpANvY;D{YleIR1Wt_jPy#7*DX_<>o9=~U8*;QxBElD3Ur43iEQFpaXrkOg%N=kf6% zP(5|nZaDIs$1}3_&Qj+eOuP8O00rLZ`pbT7)f8bb&$p?@Mz16m_hnTAe4xa3|CaRk z6*AeB>KS(3l8;+J`3f-MpAQW!>V60d1Jq;r#0~e58pcv%6me9;S~FM?{|8E<$3#pz zznG3i6j*$=6~^myLtDLFh8wiQ{q5~TP?Egy`6cBm-Pk8Gii(ju8*;wx!v*lKKF&xS zXS%$~PhAx7l|XbRjHFmfOC_Uk9|J!QswNpLb^EuFZ*{ zw3w4|;*Qr@j$B%=>7ei%vrIHxMldG0Tzp$?72E?w{|TB{k@>R2_0j%5!Ie8zQ%>DK zK+^3xw<$0y?Ed|m3`^fO$W+I}h>gDY?E?yKTs3g-#ZK>(h}2LAWza?urZ@ZCc-TP8 z0j&t$A#y3R>1>Gu)X?OKA8mu=*&}3}tK*J&)6d~z&)uJ|0fjR6xve6&Y`c2lS<2dW zSPrn}#x41~9xu%SUl34*QDjhTW1KBorm-q)9Hjg~>EojtIV@V~SvtI*8d0%ZZS|Sx+AqN@eatNHNCj~`JMyLxJjG3FO zs1F#$T6+{6q=F5=6)c&ybxr~%a2?dC2tLrOrfx{RXv5FuymbVXP2!N&pxW7fEFPg* zici6SSTVDwoQTbMQ|tRF2AgH(wzrx;$aMOUly;Yal=x*Ln95%jKVrl0ya2VKyb_x} zav9RJc}zA1qt+A%7%87u26hQ}CmOg$3agS_zZILU5d3+?GC5yf`YnE>8c5g`_@~`p z>?bwruYm%WTlZN|M4va@rSXD#F>I+SN6c@tBC&rt8^PxflHqsZbLRF15ai1_n-gyq zZE2)aK%)Y;=d(0?eM#?jnSOf z@N+HSv4ErUy#slC>plb+y;hcg$~lz4t7Y^_Kh6E~W&S3Y73R59+y;d?G-6ONOHjoa zzC2qIFNCT_z~Cncbqq`a)mE6|Js-JMe|SVeeZ>ow$M+3v4i;fRs=%U={@x0vh<3j#E)mWqGs0M=QO@Rw38BL=^OVGPkOkQT zOrx@4=2u_A`S64238t`sSu2Kqy>}@=3bl(LsQTg;;TGq8c_%*!%Kmt-hT}VA31~bo zFU}nf)`nFcfExYlr+0<5K^ojzPBjXeRl@j3OrPA8bXJLktAT->QnS4{|qZ6KqoE zdpTe%MjFB^FOU^HIOo6hX$1SjzRh0OEG(A7&i=P|xQZ4d9ib-uMLo}PC^owc{qY~^vX{T8?YF%WAy;`h-Iv`u~>*+ z952+xuq=7~=n%j7lEQG|Rj=9SA;Q!Ud|bO;^a1P$6o~Bw7^R)C#Ya_FGG^Y}X|9bI zRD<{%iAXOFtD0)|U!DMNpsPKGbfKArI`G65{)CwREvej`Zsgg8p7Vrl&iH4BG=o%L zO<+d>35qZl!vLLI_j%wjBsMJCE%cPG|H^|C>D>7%_|2F2W{I))cWM{Kx+xE6o5YKo z=bVd|u7-)rICIcKh{DH$o1XG5{zCXlm2O69B1&o;Yl{R+KA*Zq zLu+>oBn@+~_u~d$26lNyjkw+r6TiU|cM_jz96^)LxO1gq5b zcJ2uy-_@+X7A%f%T_gQcU0CL^tKcZ!JI>p)0ABSenS)YN_$Y2FK90!FV|{tJw^N~R zX)~y*FJI^$p3Yv*gfVS`GC_*hj1Q|TW^tEYal^=x^{3$L6yJ*|4TuGfcKgiESX-TM zY-ieI!U3A#L$8n0fVBU>Q1)Q7_6I>{B{Gchqu6fdB1QLkg7`9CxNbislWXJKkyAHu z|1OcBspws*r51u#+Emix>Z`?%S_@_HR|H3~>zj5vW9Xfa&ovy6MNa1@pqd;%AA{yv z^K}k`eC`xLzsM&oaO#OO=)A7{%?LmRoCtXLaq7bJ2#H|)P6V=zxE~N;Y1otsV;=!R z=m|TAwGMCuohVu7`hvLT@bkxNpV~FO7$pSCPk;$G8|MQTp7KxWeDk(0y$kEcO|F;h z^?E{FHg*xOV^pfCBG?vbh2U*{y!mu=aV6SbifsO57x2$QPO+fIqtLm>$$Rq-#7cVy zyHMawa1IhMd?0)dX7SR6a^| zQX2*w439MUd8G|g1b}@PPd}ldvm=UZFyEa)&_?^JdM7pdJb;OJ3)dV;XY9&jnWV(c z(o{hmxJ-Dv{_A<`# zxN2j+Vz#aB2*n8bnEeit*AWI0dKgB#w0+oX&yZ~=kB@XkK1b`#*kP-ul=AG3%+nAf z_)?W}&FMi#yqJ5x^Zv6pzso+@0HVm&DF!ZNsroU!Ly1yvB5pRDGo>P6!5r1QnICO# zvvZoJH&gxikaphlR9!l$2}+MK6=H&9Be>ez%?fThF}5HP9UX!z$qQ1i=G5DKMaq2v zDdp5~kU)@jMm*p6%&5~W?Pa9=wQ$E9dfuTYE)P$ywF=hx%FekjX%2_tLLsAoq`UG zDv%12!0vN-&H|7u>~o)Ls^<-VzmFRt_Pv(TSS(MP|6U~MD0SG@~AtN+-u^5Y_!4ELtR3E<&eXv$tL2VnIdBLE{*NhH| zuw$gJkMBBKG~2j?cAjz6>vz807zNcfPuktCkI{C3-&$_D${qMb)u>Yn0~A|Vl1l*y zQgJo5Cg{3Bb2st;;_K1?(l~4*Hm+6+i+B`a1n{7;a;V(LXz|^cs@w1*?~cwq#&W7_ zruA-Ie z<}m{AW9$|5?cwUE=BjA!ZmWxSgR;)U%Zu4dY~zZr^+y+Grbt8q9*vxUljd5RfU);m z86|^B+%-i2o>n*NY&-_bdT={mBHIGoK80M}x_H8WkK#cMQ86=h#N#%P*mX?JBD@I0 zc)I3m`x#hLhQ}YIEGOIa`lE?Lhz=wS7VbRFp(yRbHU=DYvfSA|5Vdty^6#Rig+x6> zo)?X=2n&9I2~VfGL%J}`veHBcgFicZ-H znlb(8uqn$qE9qgE%mn2-6Z9{cD9dn#;z~l_(-v9#V@P*e zq*@AG?vN-w@d6E7i@tIIU{00)o=pO*_0Nt+9~G(>Qbg^P?dfL8EX!QEP|=3Z?{Fif zl@S-;F=jWPvwAM;@s6z2W3y?12AA8{KCuKNCB?$9;r8;KnLq}E@w}il!n}ZO&m5)Y zv9jn6)?B`WNEIj~T!htG7up_TF6wo@ZF5`ct5}yd-Ne=4T%)eWO?bhXNfL>dh#7kX z{DZIr0@FgIz$W7(22DiLCV{!ADao@32$2@^Zib>Oh^~bU1`$x%@?)Q(>fV`1cl1^< zu`mLyEy~FPUogLsWCY}b-S2ROSQz097lPG1MqES|GxYv%o%%0!JigJ3=he@iRThf8s!k&mI0h^2i#f?QK*v{Tw8a1f7}4FjTB!R*^!I z*1Mr(K*;)+bOJt{6SqLKl8?Sgu3@Q}Y|Q|mzH!iFUDiOP^E8J0nHzx1c8R5lm(+<; z??&i9x#JoEdVBgwJv#tcYsZX35*p`bi-@=G*Z!2mEklWbCF4F$))aG@p>{O&K6($t zESExam7z&Yf$2p)hZ{gym2lexCe^PwTsV{HUR(OH98=JV69ZunN?5FSjNnh?wr5qs)@4Z zp>*Fdjc8i2YP|Yt^2!W6;(PKHP_m6-PWa$egkAp1?HVe_w8P4sCBZA(4^tg*H{l63 zpa8^Jx_Ppy+U~3QC%WK(_@Dfyhx&LJcY;9*dXI>P8+Lv;8x-_L$Rm%uj(UouPiGi` zBkgT=2TR=X3BQQX0`4`|7+J*KGmxfFB`&?BWVe7l2aD(hbrVDVvMk#bqegD0ZJJlM zSww0{oSt|pbpk8oy1jV&HVj)X#^VT3Th;rY)6!D!&f{e?^@;31Ajaz9h)u>{+XrO@ zmuOO)Sm)qUeArR@6RGVu_PPyj>yMt|Z_heNGz`d_pT02=-XWv8L*2gY)+g9OS{+Jn z@#Ri)Bi_XTwpU}M0r`7=BP-CTZtikRW@H_HpK^HXyiYF-Ora8FJ zarhM!2H!ms>Iz^aC^R%ktL|vp>tb>A@7u9{W^?ia4k{HZ3=}UPm`5HF#)D3JYN66m z#m=Z+IlJH3d8$sRa9rc{kRPw}3fees83t(t@?hLLP0*ZY?x}w>d8nF2z|S8p)FS}V zXtHaZh&-tC+6MHjhud5;#?9{yY;Q5)B*U?S%Ouvv?T?kbB@qRn6K4{nBnyY3lB}~~ ztV!Q|o-0t_xDz_eZ!_>QOlD8Yl-iQf$%WwKS5uINv;VleLblNE4vLPEBQ>-w6*pRT zKvQdF|_lqv>RO9NyUD&Ooha#N>il7FbQ9)CTD7ee| zXMP|9@&mDhgf(U~R9eW#??`}jtpaqb)Zi*0K4IZ#EyryF1>y7FF|jTo6ZI`uP7|9h zjH0)I^&!)CtrWaN=DvI!Gq8_FhJRw34J)v?ae!Yo1W1bh|O&w6;`);Jiczc;f~@^Zl1}AGD8t zdM_JItjN>X?7;mH{<@wuYwzb>1-f@b^8AEZj}}^%*-qC^$_d9`q}vvH@ye+l_%REZT- z>p$H~9?-W=3#jB8NuZ>`4#v({0~Fy0C@_Ul%!4!nzX<-J{V6eM!f3lVe*4DxNnE55 zHwAIf1_!a!2-Jm+sO_xP`tjSQ4XC=}WZtevBV&25e|f5swZU(NqVN1tr|G9w4~~#` z_A5|-#pXzwY1n3bisOnqOoIK=r4Ijp)P=Dl8B^S^)CQ!Nt(P8b6C3TythbkTPb;Qib%!Z(v zMXOK@mA~v$9Zj&I!X6~{jv{!MSA`cYOkN7@e7uq(K_r%)xGi+dkZMF`ZaaRe7}`D05XOF{_g>Wg+tsQoD^v_ZcqPnYKWx2W5NzC@Cx^+P)kCyQ&@`4tmir zY=8BlMM%6w*B~r&Y&g*NqI}@qbdr>YqX9aZqLQSDD3kq9mJ<2=k9T7Di$UKa=t)-b zIlToadCYRpU;ADDg;H&y_}(j_m5gzlJoo`N97E0^_t=%}9lo5tx4 zRTIew3}lxe|3T;cOwV;z0C=3v!suTC66X20=VK3~wDAYZBY!g~bZFBYihD>N723%I zs;|J^eNfEY!hi!V&@Hsj+(3zLj+8I(%$vA!z%Mc^QNCI(jOYf#TOVkF7;k`xJHOr0 zgK<1=;{+UI@k_Pw+!TK|G7j z1cHP2m*p3I%*sE_Ve{GeZhI;ZZt^j9zR)EEn12&_qDObq; zjqOZN04_R+C`(?bu_TbRm8_n*sa zGyfp-yjgwtgRoK5_3YADIdkTr{@)@ys~0yickA(xW)8|Zt0gOI>+DT5nIygMY9xX()T{5F|UP*qImcY$Q^`A06zoo0ke|Pt>oGp(6S9q&WZMlL8rC zQPX7AkkXDqsqpziKmztaJf#qwn5cBH(=qbN0^%yuwn6e2N*Yv0P90IBx%_>9QdJ&}&6EM-9DF zgmv~RCG))1@e}|d9@q%nAitv}mjn&E3us`PZeZ2+t4aH5Cs`n}sykC+Ds2ZE=cHuM z!96@o<7*g3^R$#Q)D|)sU@R(XUG%>-1E50fNG5mRu0=>R{@Ut95v|iX0qC2;%uL#h zYoJFGBawTBDR`+naT1_ObEvokb`}NtOkio%kzi(0TM*I|`#XY&u;{D$-*Ql(v^zp- zP`{H5FO(Mq+k=IQzuEO^>i*K$?JC?8fh22;xca^1F$ZJ>(Mju3-3f|BVH+>?W<3C`UGf3vWvEy>UYDThPFzx zHY}jKsi1YZ=a%@Hv+&RF?+QWjOxQu#by0!;0(W7rL`>TkeA8h#PYc?(4(j?zZ{)hM z>%az_IxVO?v9Ku9onzT14TQY=qXLqr-v5a_xljMmc~uGelWLkKotmZvv|GM{O~y{3 zq0u=SH?gSc!naDu>;HMZShLI5A{KN zKLeiW^8xhi|F0!WVC3IC(xLXx$VcVUoy|&6(_^?7A%#3ZSXC}};Uy-)(;(idbT*R& zb+c8Cfu6CuwS6hV`T%q#j}8^UKS0n6+8tVTYr9B^y(ZJ3q`BJ;Yy@+h9@a5-0AbPv+A~UHyQMV$8oFw{DbzaE>x;?f=PGm|6ig7q&Q{}_;+vx z;1*a=TbFNT*V}^?gDT$|h#}`UIE3kMReZ-Yk-)%U%frLt9QQ{Y=<0gGS!BlI%`JoC zy*FhDr?@*EeFt>ZM}gXG0mKWBa0vIZ!aMxOG74(yV6Ko2PRV?# zDehlPo4_qF3T7#Ph^wgCWr5vtX{^d^Wwn7q_+=+46^o_PQM>l(wS|ZBxr*n97EIS- zT$6UF0)&5mr&JW=JzEg=FN$K9i%&>Tngh5+uII5acsYE9{y$o@6);Eo4uG>!@OV-V zRHW}j)G*hII$7L`x=9$aBvj(%S&iprAbbJ>~|w$+s$E zFbVWHGp|{Gd6SA;Dqoe5=c;#^xi_j-ZhW};{EcCx6G~c{wo~bJQ-#R|y78s0D5tG) z#1QiAY6BgZYn(fzUYL^^;Hjx86QcuZ|MT4}rRM4~k?uiY#Q58B_0dNroI};0YfC!8 z35e`E@X=F<3BXu7M zUakaZvdbhO4E`VessNlqh1jeW0$0Nd`GxSJ1>~bd0>wErMac|2eWAvYP;2HUZaNN; ztYnukSiaEjw^zj+=QqO8g43Mns79OVLbJxUuDu^vGBhCT)&@Yk{PpJfR}R+`@n zV0?GSX*_-z;S%wXF|_v;dW0Jz%qz$_dxYo*(yJZ#dtK-B=JlTxq4N?<{6_IGr``aS z)Wl2!LM?v9|KG{JDEe}~D%SXuQvd~+D0gOo0_X=cBv}r;M+Hxvn;G!Y4r8IbsW$jt zvS(4g3fj7P4bR;s>**ie>7o}T$S-2!p2olZ9Ozl9co2q=SqR863jpQK3i9AF zF$VX+IbV9cFs|hCDMha6nfzWEdNk)$ylp}M#l*8UDEWSmMC^siFw4DsUSO&!kjIdaqL@0neJ6f zv%*%xOX;hI|nDNnAn|VT?yp0BKtsk4tsA+&Y(~>ZPmdl-$U2`yDLD%JO_=Nn5OpFKea07eVWB0?^kRM*P zk!dZo#W#NLK3Fn)Twtt#r_*{khUsCyD73Kmu{uVX;N@(-svn)8!2h~RZt1s@9eP$g2k|7 zGneJou9QWeuJ?XW*Z$-a3NK4cyxm3XC!d<+ndp@X{)Bp~Q6A3dII5LLMRYVdFMNOK zm9q?X-0h9{KYb5qfGm?i=@7v^M2-4bNH%|`Es(!~ii09r@%XE_t~#9qv_M4qU}Jh3 zux>cYcILM~m1U;ATg#LD^uIrg#P=!q+ZOpfvL$uh2i%?%sZHM=LA=mGoXt4*{68Gd}a+$7TaXXYMXQo5umf@B-rIe{nLM@){GPS_N!X-vFtw z;3e_4mKbU*qh1juKE!HK!}AtAEEOT8a=M{S_7sedD52F z2ENpLcU0TV{qgQh3re^kZJ@{#JXWae-J@#jDk>PR-WI4*F-$jgC-fCn@OPj`e>p1p zv}uQA`vH<5R`JC*-T-`YzHt$3Eu0q3W2ut{YO&#ka7sP>8s}v3iyfs4T(==AZyLB~ z)*ZpLwtM{V#~^BcVT|i~Fsp-8?Uqe4p2z@FYp^u<(StZ|hd9TNNw?_gR-oFmHlesE z5oa`2gqv?f+0#QYe3AvZH@?s~Gh9Xv(ZFY4wD^~g_0w&(kYng~6OrP6Q%Z>A=}?Hl zy9Ym-@;u7_O3u%`7~-2x|NKAWtVZ$F6zjWE8W^7`{+g+~Qlz(YJ=-Xf~PO z_%UfkVIbB69MIq8)X4;xIY{DMAhB2*{~-hGD{i--i$>4x34K20nrS3K44638U%rxC z0$#UtDx-RE^{&w7XL|-SnK!W7+PAT;)JsW@PdJvdWatVO<@m^OA(c)yTw*(gM{34q z8@R)h2Xo%94Smcx%kYpGFA(ba?NEA-r}qB$7YHo@t*1^kzY#Hc+O2$y;C?g{5s3w5 z^=ZB!{IAm%PB;xCNEu&LU4Xd4HFhM5#-BSS33q`B8IPK*gW_!|@-;7&+hcx8LgV{6 zHW7kP?u`7*&9CZU9|y&-6uJup`D_ppC|@ezi@J>(``}R3{-oUD=iM3*ATzc(+c;Sn zH3JGqN160xFiUpB>8uqi+b9cy5p^dRQ9qBcZYsqAvt8-l`lQ?w*grnT71|?ca+Kon za>}+D`b)|uFya^uyi9=)*6HT9&x%OrtWhk9_T_G>-+4_$js2A~O~A7W;uK{17_@Wm z8IOah(e9t;rxO8R2HuP zuB2i!FO%Z8sv=mf z*rMK(FCH%R@TQ7x?>%iPSN1Hqr??V`pVyG$+nMSC>OImGpwGpA?PRO+ux?7BjSe%jcsTv z=42Xz;&_eW;ZN`bwHrPhJIvXesD`@*;1qIQCu+xeiF?grPqh{H-cA3~+h~e9iVY0{r$T4v!7NQD)2Xz${n*W=qJ@M;v`C12)Ah?Cm(+AogEr3rI<9qp?f2(! z3U=nMyTW7cp*O%tnXl*+Z$zxD!Hs4^6^aj|Z0n2d_kT5YrT@{Dl8oox#j(Cxc4weX zD>E4EeOJ59bkKY6$j650@ZALf&8`3To;lbqJE|k^k$G7S=9*jY^A{1x4UhUoTkt-= zBR}q{FkWaD1bgEK`r0x8Y#jJ3Z`4lc9nD}?uJe>E5IHaM0xmWsjIo zZ^JuDNigYS0esk7k;ZlXSKzv?GSP}N zN-#lef)Ucq>?2n1*Y-Hm-**W|pfel$s2r3Gz13Fy$XHBV$nwZfzsMXTu5ma$`w&Il zLiW$JLRmjUS2|^;n-^heMh|bA0bWS=7f>A1Y+zfBP8V?%Zu$6KLu(mg8bEGLc%k%{ zCO>WQ2&6|DdC6sRE7U24d03?S2z_wH!mOD#SuKLuO!(*Sn@%l`jtIv6w=Q6Cgk(~D z_bVdT4M4dklQ!=y2q(ND&UX)QAyJETV_otC8!_Pecy zcCH!&F29kL2nO1s9Eb0Wd;W#{n*N3F2OFDnQe=Yd&Bx2oO`jM#?RJur7z4``aM2l; zl^~+vDtjuo&Z}9NS#>5AW9I;D1fEG3=sfFqaP8qPvzARLsmT6Mu!tUuP zm)P$-AMJ<}z&oIw%^7>Bd^B7^SKYiT(qlR9IgH4Y@ooHpIfxN>1QUHL__*x96$wyM zflAzZyAqVt=1@GhXcoxCFVD1zp0RCqvhaxb%d~55%nxK0DXF1>^OKDYdBX>=qSyGr zaz+#!&1ON&4yG*b?K}yO-aTF+L~+63oq8vrrz{5DZe^jjUsBrkWibmQ@F}<(;iy~z zq*AF#_V5rKN`p*vZcmb8n$_?ikN7pXDazPZ8WcBeEj^8CYIXH-LVs*aY?9CF<2}DZ)kk6WMiTlg zVTt3ot$^m02@DoUqs#oAenUy|t4eivo>Ih=|AjBp@zi%RN7kbwNCDss@$Sn50=ia- zP>Uq!IH&(DMxIHzi;Eml+kqhuD2-%Q3=7 zG6IIPPV=d!7uPORuqq|UV>GKyq!oTs4Hdn{Xz~Tz1cQ-eP1}zif~(9p&?|I4n#r^& z&?Xf6w(CPkp2VHY%CEOFMG{RFPVJtM`!{|H+zJZ0Imct{#{6|WI$tE_>wI|gxo zCGwu-x(}TuQ{?HM{QTAtO>&fIrCUgtP8|E1=J)1H)uy>ohD@0Z$bsMasT;EyL8j8d zEI=A%bS?)e!HtgEF2|<#KDdDvyzpyQ5A>-Hs+i3*sT-$|F)o206Cr6fxP0W%HYyx{ zqnKoo%m;UmvDQ^~;Wyhk=-6!W#y!rv+ffq07GO)ijf%)qYFz_E8;9!fP3pf#hiBU# za4cFN7*GOvUz~)$ww=aAaSqV~kj3YKTJ!Aa`LRpo|4!TYx?J&8jo*CwHxRMslzy^R zfvaj)f8v8`O9RO{cmKWl0_^b4PW!pBGzdL20Y{iu(rhzbAC@WJh?ml1^-r0-I8JjNTAXaH8<#U=GxKN2vR5Qm zSE_1+Q`cy~;25(agfkJNzBc?Q^*KydWOpavk`9STT?lWJFmZg3;>oX?!#RqjKmE1- z{s*E7{)*Iq-`p8xEM8_>7ud8q)z)u}^SjkFi(^-uP(C%Kd^p5CzuAr1tXH>=xO<1= z?>P`jD(=U6+T-J%LXC=u<38>&*k_(c*oR$`c)5I^w@__}bK|o*r|&?h@@Dw1Y!Gkj zH-F(~fm{Ilu5sX^~enx86k zaq^8~R#&y5T55>$iol@yKUdsGCou5ipQw4G#3ugjM2Z z%z19r;H!=AeXrc6%z4t6t!INvt4gu{e1uTw9nCk-B)#I)ep(N?=e{yqcP<>pp2M0U3sm;h!_EY*u)nr%p8 z*`;JxciQisq|Jumo1+v+80k!lH|vpfcc|bS;L=|rte$0dq}KTh;zC?}>8|h3`C?+! zj2E|FqpCC5cO^F7-{US9XmZuG|F>m?;DhYySD6Oy5N`*Akjy+M&w=QIDbISIMMYtq zYW=N@xD9hgVcP1ibmkZ))tW~<14Nxiov02{phoaivuUNuj{>-9@t*1ZB=A05R(pLy z6#U8N4=ARcIZ-nUcM>@%KPzhj@9CKMpMnH1BuF&Bd4nFF+c6YbW;ID~SYs2YuzB=n ze{XDZE#%uEGI(pvE=OGbzG=>=m=6U2mz5HH?7s2W>G$3F>@f~3^}Op7$@_fR?+?V0e- zEa=~-lX>|f1btV210v8S+pV1Ho8jenWdBdf;Xk7|d_SZ)HkJUP=OQrH2O%8SOH2vO zsqekrR&Lua^t?TPjY()LP{HTW=>QpJ_6qdy5%HRMJ&!!O4h%?AmLq4WEFPAi3HaLP z9($(nSYrD5Rsmezz9+0U-vBK}W@wHM>)IdnmwkJg9%=IG-I?{!R#}yux{Xpx3(Ied zlsy|(az|ZPYX%Ae3So*3GXl-jKU)oT-bAp*aFx7q#$&#`)mn65Ki;Cn%1g4i9Gw4pNT2Qi_`YQ*>eaeC87M)J8k4@CYG6uN5He&gabmI ztMF3Oe(hEZ>rRWtQ=Jd^C|fRP!vFHf4$0BT3PvyhK4oqj7Q*XjuFNt!CT&R6nB8E4 zlEvd8U(4~b_|Y-Vz14PutkILZ`{m!#2YCj|o`hVpa&MXakmqn)gBa3Z1m%G)!HOEF z>Yx~!SW4(UXk0a1=B9T5dEN|&$$!6}gSVG6xgIg47n zb5zHbBA};GTfRolhgf0|IO=S{3lmMxIOb-dB}`d^-R66%IE&*?)i&GU)|i2*c+D5w zYsCh8*0d1-` z1O`egO#(<8F$d<8Y>l=Ib~f+LPx(%2B8|E7M$(@Y&ZT*jrWV+2Oa7GfYY8Y(i$EGE zC6g&Y&JgekYN3ED?={^T^qmYR-}C{mFNL=W(@0UzW>uYxSP|#gEg5X`Jq3?=*Surr zinhBM1z)*O0PVXaXz#Xj zempXOK{yCFn7x+Yse^I-H984?dU$xj-6P!PN@%r+Sl=-JL*g*ZC5u098&g06PASOS zkpcbG($w9&b>^$0ERw+8CZFeI&O>kQkhnGRe)#%TqsM1{?m)UR_^vsft~g3Fo-=MO zP&M{eJY;k`k}B`^q`kX&^n-EUPrQSWaLGs*lZ8_7kv<2xNW-NF=>)Ma`v~C{ykaT(^9oi3D5^ith#}uRm16m2$|15l-+)(9Aa~kZUEGf$@D6r z%H||F_N2A{)OEVm9hmM1^C?PKe4)~p{;S*V=KO5Kh-5YgS9VuEjNOFl**w>d^{uneNIeSE# zRGXI(C4WbK`25vWNRx9RWfhrD_o$Cq`lj>!S8UvCL`2@QX^uT5-kUf2*# zX>aYT+fHkm3F?d)BVg>hbQ~tO^?J?| zd(E;Q65t51t^EAWxe9naAwj6$=cf=U!5|#qk7uJ?7iG@PT1WKQOiH5d54{0IoFWp; zBg@7L;K#d4FV`nVL(`bq&tx`%i|@xyw2KTQ zENfW>Wi}Rc2$I@G^rk>4?c^4PKd}I@ZSJ4n%odG z-P2KLU!a`m+s4Pzfn<79%dHHFpsyD9BjTYYqQUgYZ6u?8D>U~}1vnMK%!+w$$FPk& zl=g$3VJSn8VcebxXy@58Cc=t?_ZzAMB#%B2<$15zyPx`fFw&@Zaukf{!=^D4@ZVwX zf+0ni8-Hbe15na#uCU#XYcv{F(p!_Vb=* zaqq%jv8c!eyTuoAsK}U;ESU0HUr}>5A=ywp^@4r$(9oZKvbrIfrvl-&@D{- z3ejB9e1Y&mzLbDWD#eAK{Z$&}#c$pwr$_;dwirWi7|6Yt~4 zC3H5~j`Pe01L4QLlBz-u)Kv?^`>Fy

i#9^o=Q@)_t~3Q}n3=SeV{i?25Yxh+wb*B~?mKSY;)lZgQR^k!I(XvUC++TI$TF%Ai;!A%)>{&w9}X)|wD@cl|qoc><3v{$1cOA93k`F8@#V7yfkC_9)(oM|b=8L89mF08fw@a`K3NKdDY_%>kK)dkT?UC zsr{c8-TnF1w9(j`giGdgjO&ozbm^9fe_9$B`StJSDZ?1UY3Ua(pC&u0ET+ zQl!!r=ot5AY-lDC_pMnb-I}c{r?rZBq8)!D@$HIG&qt(NkKAp#S@`_B6`JR4vE6lUvz9a1v zJM)wb&2^$oc@obkQPd^JHg#;qy~H^Nv}eF3O5rQ_UgHVIs)ll`;}xZ39GStqRYVbh z2H$Z`4}?0omBgOF=Qty-zdhTsW3`XaAL4#L0W3NBikmWE$Y*3|@iyN_6P&TWqG~K> zDszV@qx3H9V@R@(e((Wp1OEosKX9*!>3iUaG?Y2Vd&yga&*~|4(C*)r6`nY*LlHbnyCAIle#$w5kmge{7gEePL6h~KA2WDc>mLJLo3rAVK4O6~^=y$!5mHW0t zI(#Q8sUwOhbwl*j{P3BgygilBh2Qp%{l;+%JHtO?Yq?0H+nZDdU%&19g^Y6~7}-DO zKQfQ^fFNtkCe-ZUuo}vO_ckWu=FF}4yY;i=gC56At3&NXqQn_tYMx_6K>!LKxUvh& z{3^AkYE&n!^;ADtnVnmHe1~ndRU?qo9BO5{y2N%>sV5q()acp$Gt}BjaXVA<7dLGL zm`;Tvn73ijSNp35>k?`wU%B1t4x?acYa{A{(Rtia(iuiZA8YxT`ers8X*?FZVbtB8 z?Ddh+eNZ{51tM)}HfVX*|Kh-Z-AGwbW+m@?hr&mG3l3Y~o1imwEJU)Qnc(!`*t21( z>hTvLr5p0y?NitKic3si#~NUtU=a{ALG32)aBIS2HfOqYN(Zcp=j#0%wSOLVs1hSz zZfD$Xjbg{q7Mp5o{AjaC!l6%Yo-7$_+Q_Fql+NG06HZ@j8V0=$QH<&WV(SPyUClhW@hjkXTo1a{u_RyrHfo1hbRFN1Y{VEv+fX1AnTAG4t?Jo8 z;zS+9IaZOI(`$r=FjL80e{sBPt7l6ka1VG0*T&HI@kvp7*5wcWdx)|VtZSdAzP+=s z5F1CXU@t)Eb?-H)&&5oqih!_*{JZVn^=S|M=w>d5FcBRmozH(xN$@g0?swj4bCg}I zR`9IHExavc1BO4sQSO=MXOvv%@X+|fy1*Fm<~J2u7N43D+s_iGnSB#o*!4P0z&f8_ zovgm$vruh{h&NL+A8NmK8h6RiY=g^R!7!n_^hNkaS_T`_Q~L6!FDDD{N{DdQSXuFdf!ytk8N<)d zgmQf?{l{_D;R1VYbL@mY6!PW}JvA15weBGzt9~utitU11Edo0l&0Hhu@{oygoEZm0 zLIp(zc22{}$&FbzH$zYD!ugPgw-#k;+ro?3iR2I1<-d#MSwMM-5rU0Ms}12)jWUE( zdv!Q+VQ6al^@Q!)K8NatFxl$9lm)w>gC3w?uIDevhv;3kgrnh2)xh|Y-?d5_OBzl8 z_p-&v1CJ(xb=W}C3MnCL|0XWrT#epqK31L0qQwDuh#le_keZ^$D-jK_fXim7?hRy) z=}sIqK4T)!eldGgbG?T7MODEQuX0<$>$t+ASR^{U`nG0)Y0r~H_1ZC8%PObhuDU#j z!Tjf^v!RMx!>(iP&e-L)6LH_@8RqMj&c9q%UDq;h>@syqKfC?z;9^vcM&x?VXDTK^ zCK&zgH{yH<63WEOFu%IjVOUcwroAwkC2Yp>pzSTuOw&4a7{RaCiBO`iT+C$rTwEGa z{bq%F*+#-tnwNTY~4(pRP_IY;1G0S|D#*b7rI@bAu{u3q785b-pIULfF zyt5naYYGYRA(2k)^9=}MDu#YJWOG$wIzMZdVbCgVUy9w&=&>fQ0}i0>HM(n`gya5G zE#L*MO0S6lTUZ-E;lxYVhh5Q6ldY?_xkFiv9W1RXZ@=cGKV3rB(`fn?&Om2E;#1Eh zPXOb%3X%_9NE3Fgr2Fwa0FU}>-fd^W?cJMhtd{B$Uj*hy z!!+HCK7V*wPQ?HXI(OE^B`;2d^3b1_o|*VpmM_VnPrNn+t=n5>{QM^)3hbNvX~xuk zlapkV1Tjpg`TY!|GSvV1w!7r7J;f0Jaqgb~`L04?*3nCt4-zYcLc}8cZPFvtN zI)QY#N*ggx5ygFs=b${4%js_;w;-yJdN>j!dsXN$?*ng6WaAoFGYD(!=WS^eeP)Mc zN9Dk|;O<;asyn6$B3pfiy9vu|=WlaF8Q|gGq+=>GXe#^qppd-`s%xnEqa8wbVAhD> zeqV6Gp*{f5Xji8xx-tCM6Un$Fw?wzZrDF)G!gkrUR{j!QnBcw>y2Vwp4$Sfnd`Zw^ z8#*{;U((rck0voc&K9w5rI9zq(E3D+aRgTD>Wc{14;F3mFM=?DL)X=Bo0DR!KAIv= zV~q%}vW1kKDlY6aRWcZd>|;yt*>{sN=#gf>e_#FcM?W|-Z4Xv*_>0yp$O&W9 zD6d#v5->x*!o0~&P4gn8K1&21eltRTp#D%K;~g{zDk~j)?z40f_$c_(2OL8{m}|fm z>LB2Zdm{Euw5^C+DwdE+y{d`D!)zx5Blut%o(PX9q*O%pH_@p&R_4e!1*Psp-2R2+TtLlq%gofW#jB=-=Haqz{)0Wnzn+HZ>hU~d9T9cDk6MG6B(bC zrH8l6v}poC$YrM@dl(VpMqH7!s3g^Uy41=o)tBhsRi%}yf}!11BJ^Acp;eMT>?twP zwIN!tG&75GPp$sEDOtJU_4{GezKhEPo5bgIbpbl>?kDeSb=VLYxmJ>>n?$<_b)ONf z7qm{n{-z{WDiyzBB}gOM7!j`g`OH)M201@8(U09BPFIUMqnOZ4phHr3q-p4pgMmOrdQ=5@grJ|56WG)~rBkOGY!#I=mPpScJg?7W~YI-d&O<9|f` zqEy1xB2rtfM>2c7j-UAC_5d~q&dy2wij5v6JX_Jyr|nNCdaQXYgBHxN7D+q4VlCV4 zKp8-pE|^Nhk#%ub_~$(FWzQIws8`u2g17nc=P}*!Csj@_ki&=5{u)*qFK(f^T2$V> zi*7>O{;czrYoJ8Xn_tRc^S$xcm?Qqv z>ksl?#XnM4nXvAVOIwMmvc_#Fz))gCq#J*V1+vCELWH;07~SI{1zWo%I0w0`HDWh?o1R$P|+G#tE((h+Z?mNA+-})#f_xF zxhgA&a&|SlbbFx{yA`?(5yfI)00eb4b`q54mCk~$m|sE0M|IlWTL3m}@LE4||z&s^}vD1763lZSBC4hK%Y^)`b$ahzqX ziS_O(a%(Z=@l z3S%mlJ_f@|v*%Zf-uu2 zB{8Zf#x&I?S>iTebF73&JXmiQljhQZ3aS4{W`#(Y!NYOHdbQfq)VOpt<~|eSwz)*E zkF;^kXIyU0rdNa!6tI3yCF!fQv2oYo;TFpCut3h|Q=v%S4q=~l5fYA6l>zkQFWkl0 z2BeYdFI)v20$*;Sb3KyR0_hy=oQba0N0f(HK{A8$)q&i9r8_aa)TVNG!gRR<;i2he4*js7>$j)Uv%hAPT0=PJ@$q}!4J@tf)C6qA z^3U(C`?E1f`#C`{DVHlH*Y6!LwX#sB0D$0G)gPZV9dGKQUrIV@j_FhXFpT8H71Zw- z;GIJSknI^?ORribTLuB*=jYG_WLXi?IL5p%T_}63f9R3js#{hYi_!4mM#_0%{grNk z3+|Sa#{%|)i8^Kb-$TpH7K#ZGx)}e*Mb%|%-~MDT8GP=_CAF&BMttBE3&5ou%Rw$1 zrTw9E^M?vlglzBS`It1?|F+Kf>SHg+wrunRrskB&eHBg)*XMGAKRUeWBDm9%_;V&; zv)L;U8*EeO27w1)>Di8VLrUBy1W?nQh5q~Mtg~*RAC+w^uHbGNA=!{l4cBpzTXmO2 zyVTRASYZ?nRJd7_>e~s>^s((enBC|UX^Hp~| zLFRBYpKuGu;%yL7f%Am+&0_@rniZKe$;OK-BIeCMOQJ5RTJE{Uf8BfZ1_&7muO9Bc z?IG^dHG?rMvKh9hH_=0o-2~4T6*b92%=b8 z;6EiyHeTZ;m$3gYhkYAb2ZwF6o4kO|*l;yd{tl27!PXO}$GEuSS- zRQh|Q(?#RM29xIrd&rYIYgC^U_z*qDEMFOJ!4vPwW6WyhtQaN1rUPc9<)9l?Sb)#T zH~eYqAK2>lW{V0{3{7)UFG&Z|M=3!M`R2=GgOp?4gF^yc z*Mvzr8_|7!=|9d*uJ$uEp(~OHS_3Z;m@84<#FY6x=T%Xj%CAJ57$3xX!NNlxd~I(m zGb#@aM3gdLrxVRL6FflBuEAxuVn|@zc+}v;)C=&2lg9(34Wd0ii3p){wB`f{PR3B= zy_w@+n}%1bA8aS^;BCIOU?yi?$j3lv%Nb|G8%`!R{Lo@))moue7$q}?-yF8W8^wlV zMGQl$t08Tti}fm85k2Ldi8327E+}n<$$U+)-ahMH>}#?)1WeJ6)H~zHvT$pI+?$bj zx1;Eh`qB^QPPNVQziqi$oRb@nj4=D%=yRyhW&hu2UK|mFki)tPJ#w%X-t+IaJO`7NjQP*2BlCax% zAGB>Z@GX%D!t{PtbS@FQM?~)I0PbzkX^E~FN?_JwjqU+PIraq<&*AZfoyrNM#)rhL zPBg=Tx%K^7VKP=wks?`Yq7nY+jmsN%kwd5adh*#=*TiFMRCV7HprTZe@!X%4K!*js zvZ0#?oY{7)Q)=0l8*kne`VS;a2AxqqP-S{L@5i+hluR$3JpvH4EA1b8_OS-dR|w+o zaNc!gWqSbH`a*!b^~xl^S)=HtWK+aLyRMX*iVuS=F7c942iziz0r2%<0m(N^E*IL zUzp4GO_U$$#;Mq88bjl(+EwrLO$1-A9Sze$fSAutW{F;KasK<|2>-T;u$l;5h|BD1;r6>h$*n!o$H~?i=4vVoq<)xC6b1 z-QTC_;QG4CG(d|83$~Ttfdxb9q1K7&yHe%^_9D~>e;Xo#*M2jF*98&bHlkyJtQpk( z6Az)HxbX#+s5()A`)D+=%7^Bu)rERoD04!mp~4yo5GmBHmV0T;N`y>jD8X6%UJq$8 z#tQf~#Bm)>QJ1=<^E3tL6!$gQ&*o#S4x8NAGqw_yU3qh+m4*~=qb9a5qr7umON2{g zpvMyJs(^{Y21nv8niR2unN;230JY>oRB**OS6|_bwHI81^F4sRc~8rsf1AP}nGT|Z z4M0hWx=V}tbz7sQGm=f~6N{WsjH@zA%%n?nI#CcWHV@CkkYIAUVx!D@PQ;vah(Q7_ z+gH4 zoJ@8qqBV5re7xa*@uTh;z3Mg9yZOvoSo~%)^>#q5EjLwoy3x|I(@03v0awyd}f316`ah1*F*WK1BiU*XFE}cT%p@F!0;5%{G`u=iUGfTUutXVV= zi{a+6`?Mzmu(yWqw5iu5sP^QY>TbW(Wd5KF_OWWby)=9&pUSF5lB7>3AkoT|qwtQc zHHnTvE(N8%1vIp@YFo0b;!eRlsLFL&iPX>EYx9o%745m)r|+Kusodut{(UD-s6hE) zuK({O-ERv+x^SnwEDK|(GNrQVtwZ=2apQANzvUoXS!9sM#CJAce~=P8aYnC$n6gRu z%98&Bt56b3$7v0@5MA`zg1{^Qzu_7f5WQ|@0(LDp=_nh~7$mGnfC*DeqPpCwuwc$1 zmLa|`Si2{9dH$qMz`~rvBEx>F-yKxk=EQkWxr*Dc7~}tD0hE8DDzi{5*ljJp`{7fM z%CGcP`g^!ZkHQ+c zz9_l?R=SK|*rC}FcmCi^EF=%C;pmi!bgH&&SZ1aE$9DI5_x9d3@~mEbPBK2f!K_066a#2w7!gB?2fc)40Qp6Xtf^qZhqn?$&a_tH`v0YN&n5bctc##;u+$3 zd%fKAfWc@wUb8%GC)jZ6*h|#?ai8R)JlcVdzgD>dl2piK+LNtXGhZ%xq0>g)n$x^* zDKM19nJ+tL)OFWdDZE2&ym4)oZMG(eG+bkLv6+6F(Rar9a%`k6o0cz% za5|W&wLCaqXU~309-d z^Ldar=h)fxuXmf=K6p)B6#7p~#+o=~_?s2=M2jBBor|fhtA`fD8?GOF_SPtI>|(aK zrC}2Dm|G(!Z2}q18gXsXqKa=n<>ICSM7df_Qw3U+ER=Uy`ZUCtU9%2m1Z&^3!WCxbhUh zf)NKctQ;7qKByV+o^{L2`a=P8f}}(wxyF#D%v@69=nhmuKK6`A7XMU#l}D0>Oq2tW ze;S0eqhSJFVyCoUGSe!Nq&k~3T5jW1)@OaDlR2A|v1ZsxuBDC0Trn`V=W?~kesftN ze6BAoZIxoDv_n4x>(kw+-%{i`i(#6md_B`~L~G9`pznN7T1g`bi~VylH@vh{_bN~O zCJT*u`@iR-3pjwHH{Gre>HzyuTyoie$ejQr4jAef{;< zL>PL>)81AcXy*uH$SA;*C+G^Kp>HI9=NP#SKJIp&D_>Ao{1XE5;EMC0-;Mpx+*lQT zDmILN>1DJz4PYXx90#ho&U*0>a_S3e;o%Z|-}8=x%rhbCJte{OuRV!cCFnvf#iv!ZKp6oT&@m z;sRkh@wUV2<6N>%lgOKMQ$*^w1q^X&QROodX)og@>una6fFN;pj-ihWJYVJKX3UsY}w zqZcK-nB-h7O=H6=?|$5>X!Ew`N%bm))1r~Jl240))EIM?b$t<6+%rLEMqM_&D5@pe zR;_>2RAN5hhp>yz4-5X?9MnNZkoGEu6ALmM+N55jQsP%L?R16jk-#WL!?U2@+p&qr z5;L~bI_h!!;*vxR9pVbERjSVjMZVQ2QT5a>=B)#!VMU&&gJxaq9iYBCq z|2I^XRjI?-A?6FFt=zI%(9cucJ*+I`1ZzPiO5q$`BJtS@m8|nHgO3~2|2!)t-cjO( zlRVfwxPIL*71FYG^`F&sc3gD_Lewi_)}NS-&VwE&U!WfwUEGZ^-z<3Pa}n{q!DO$9 zpZNKVAU4@4Vd8Xn(tn65uwclpWI>B-$YS;;Za+c=B&Yi}j?S1K_l zYvbv@7fP=)=c{Pk1+If275cbxN=LdD+&Pso{Q?U*Tr421t(LYP7yNt1bwCKv45=@v3=uH#**&m7 z%5w#zgLvv@-`i<)1sl)YL4(jrUxeSFjmK9(*L%vRIRHJeIRMO{n>P6g=b&BB+xJ+0 zut_PEF4Z$<^uj56P|>%kuZb=lnDFz$1?NKl6mD@R^V)~L$3366Jno2o@j{G}O}h8m zy+o+PkPNrR$wL-U&v0fFTZDQX$sQfBrbhSy=IsrOcb@xAZG3flC-BlR1}ujlaGXpl zbMEuZEt!9uTLCM&ap&vtc%RYLCDZSZ!zD)o4|K=U#1lq?OZ^9%UB>$?oz}*grGs+U z`WAQ z-2MrhdZ!1p=Z=-w;fjCXDwott*#{aXZz5uu6pbe{EXQuUJ!QKI;lVdht^?@iYhzby z6$qLBD4Q!hHW=}1_t)l^dm+t*^5V`}Y2%JA!F#4vN#QSeUhGD{l=#GQbut|!hnKe= zq0(Se8e4B8W}7mm>H)Wg&+h6jzmE98^qpE}KE|grY=!F23u(zu`?p)VWmg3CTH#6d zCHemx_9Ov7Jhi9Hh#MmL)9`Hi%0S0^c9hi_gYO%*rN}aP@3-^Bs-eZ7?4R5X8Bpu3!xPJp$Hv&_G%oKtvz=iE)Wq4g1bI|Se3 zxPCc%p;>{BX6k<9SFq_=dzSR|1Jw*{-Xr|hn14x2jetvD#{hwA zpf9_r*N=S^RMX~uC-PGvtn%pgkq5|VugZ$Z{2;wvfm`hmD0o@Q^@gFS?I;?ns>y3| zHF-ZfNR>tTg^Z3ZSJKyPrwa|bpxz)G%vT1+4vk5Tr+i_$tsPyQ4!p14vyguhxf({9 z^?1a|CHC3oo4YrhCB8RwiYaJ5Vn*oltJUv<&{WmTh}+JVJu)hL6tYFeZ4)6gvPt%) zvXc?rHf4m&k{PN0`L3Sl^L>8**Q=K&y`FNv-`91W*Lfc2aURFZ!LZ9Cyf0pq%t;(| zDMgj~`~K36=6SAoW8692Ui(+cvlSCTn}c$BO&JQtuH-nstf@KUqjD$Edf5A#7jSb| zpJK_FmVSN3^AjM}vd1GZymveFul+5tU@LbWIxJ)H*zaK;)1Q<$PJ#dg(C(^k<%rzH zo@*@vk(2HCe5jt!PjM0D*b zmFT~;f5x47I;$%ANAPnKwC#T1t;qHs&V#qMZ-a*1US(HVJI&R-6=OC1?Ll=xR5?u`t;UJJ-%AJfngKTZT85T7FkBE3tDL+%psC+yJz6t$A zcYkLeT$8ZfIIrc~b5i4Y@sCN{wXiU|9){PI_}o*QcE`#_+La4Osm1p78jFea0wpbD zSXCd~L-8*IYsRr(2d6zvWL|TbS%Y*vbUy*i`z%)I*}i|UCjH+z>!gQ(RJNd-$Bw)# zHETjQg19)FMcJabu|r*>k-odrL<#=9nk{V2xL<9ic#j%bX{4E7hM?K6cm}9SEu-;X z!^Z@x;h#Tcm3~SLZ;v^^Y_SShfr?ex5%R0=24|WN&qbWk$8+0^lw_no#$PDPdqQ$yMHV!c|Idt;{V3^7j` zp4joDa%y+&y@fHD>WJ7sK95e7F;dO!{I051wbrL;Ui3c+oGyA`INbV@XpP0F%@Bfr zo0W<8*5mOn#-6LUh|W4nhU{Duy`K6CCa!O19eqaM_u%jm+rsBnijDksdKkhqkEQc; zVjj-2J2G0-{d!MMUCiHlfRnkT&4msdyMeuq4tZ?7%E@@*%%x5lPj15+zUC~jnRNvb zGy?!Xm^TEjyskl%nwcMU(WR#*7<;@ygmUh%9xSzSWe#&}(+lz5E;R|L&{_q73`Y$0 zeplA(fFuh6WIa2z3Fc%wF>O=rQ`f?_uqT-n+h|IDl#ZRoTBw`Zw2Vbu3u?~WI?^Ay z|1k8mG!@n5d^0Nl;B<>cG$ZGk^-z61tml4kR}DjlLd&n~A7ZnI4eb7b3}G3vRiPul z$Z%u}{C$!RsZ!4T$YJCUqTGN*8zO&kR-_=yV#6iS^`rNFQJA5+o3}GpUI<&ozWbE- z;(#P>dczO`m~--7RT}1-=q>3@)e*<;vp_H}X43}Qm;s8?crLw}%;LP5KuY4-ka@)S ze6YI!rgq(iX_M2$JgXpKum_Wr26;us6xA0E-$Ip+wvuTVAo{7E5cpGsX_UInUSe-& ze|vXmkraB0>ss~NpIx!T*#o&!bc0gAUlF6|OCH@W$g+jhMF>ou$IZgH4J~99Rxgk5TmKh%N;KSoQ#yvK7nzg5NUv?MhIn|+Yy#&D;(Sq? z?2kj5Te++q)h~v17SW4&uuNW!G)yDh`StAM{`WTxdqSWDnBeSN@!PUF?i6foRvG>M z|Ek<}BU4g(Y1YbwUFQxj4S@e|3-|!vd7Hp{->PaGEctYjbFywm``di`^oA$*Dw?tE zCGiii)9vl=5w+e~0W~lF{vyNL0Yqvoi+dc%twx-&i5IMMh*>13ph~TV(bAE@)==uw znnhtyM>Ap>f^;uc(njWmRO#l0;+kgEV51!*gtA#o{(4Sl`fae6pX**bhp$HL<;`t74|q`ls5%Kp9(8HM2SN^32D=P-Y+L-=YT z3V%B46M&aMcbXC48?L|@r4jl5_Uf`m$h7lZSYTd&^(lXz!@z>0yPGMcz4Ba8hwu^m zgNKe_g~Lho$1DHbS&FCIN*y9Hue;t^Zk!9C{Q^Lq0kaC^R ztZkD!L^KWZgl1rE8;bAQ@RWA0olmkcJR>Q=OZfutm1(rS93jsdPy||s-}TzQA@f=Z zy_dKwQazUP*E~z$u+fe$AUdyLX<7|Ub`g{0thfm%xsc@1)#dd!Zam%Zo5PO)YC|f? zOj_j5`1e;dB7HU2YO295!?;hZCOQWSRIci}cq~&TjqB^9G$Suw{z>k7XkMD44) z0VI^+73NsGb6#IxI}Mw^MvTBfH5Y_tH4_xW+_9cspxkm@gh*(gWl(!(ZF2JJPZSyi z$@gVH?2};Ld~llu;^1{|hIXklCD0wdvi=;DF?YTNeGX0D>(G(SqOa$!;^fvm_#xwIuD((i`Jv- z=O~4i2+~0R!xg5ePZ@BReEs>S+f$2J))zBe+cNn-o9t-=9QYf?Q4Q_f1XdK1hO}4R zN^Al}_>K86QepDkE1(}%3U_(U;%5m&xe^)B(#};mr=!H~;lAq)TCqk4&mC8v!;b7g z#tOe$AI%BTs`;E5hS@+D;Vj*t$Rm@Jy^1J@hI>Cc&TR{6f8~2siOC+3)r$8iQ!T zOQDzg7ScBTr~51{OdnC+o9}iKtl2Hzhl99bXVmE7!j9*6rDux{ku)U~mizu;XDC;d zVI0gxevC_*paZ|J$>G)@PG>Azo8Bdah*8)n_8tae&erm<4~Gt^1cCIHg{76z|FSXU z8vkEH7OhE$lVVJzlIn(}lLqZg4f;`-O2<=EdE(%mXC8UM2v}TZeGU?ROT+@$3pY23)QQ(mFpF3~dLq!80CF63y;&fwDu>Mn<=1-WTc-RMxGb1l(P-Iv zxOE!Q>lL8>iG)`>NU-f0gbz@8j#4^#YOe>6j)7%ss&sT7+ja=LRt78MW`a|4gp~Vv z;gz6gbpUkrUQxl)O1=K^ePeRFTkiBthSLND{kpbq>rVIUOefvKM(pD6$dKsaKO)*} zhN3GEs(3a|4*=EB+x@Lq9F#1iyC2B)FG=1+}<^gMG$mhQGBy= zis@*~u{+-gR`@ULz1yIEQa7Sm7pP|`B1*!@LwO}6 zaSNnV7M5B3ITo*=Zz>QeW@#6+`^e8-cK-Yh_q6NINp$LF&UD|Mf_+@&BqD>g7a6@~ zSKcFZ?>rV=Ge8?lQ@R@-8+pk#i}DlG;end=&`&2`6k4Ib5&}DLKGq}l%W`H>O&}MB zyw>5>X8>+iG_?}Cy6-~v;mg5l@%ZY!)&Jgl0@vVGvT+oUp*ijl=J6u4b(fcPRZ+7Q zO(5$r`3-S0!byczJp$j@5As`Wlyg@DBR5jUR7y|WVd!-*2|H%`b~rwix=j9=oP|OK zQ$Q)X!+OBEvtP50vXn8$Gj{&eWj7|{ZY@GGE7<%CXUBxATH;BVNYN2z#0h*{OCc$^h22%L7EJ3-<{?XaNh;LH;LgTivsy{*p?Tg$il<}k;&AIH~mRXn1hSS7s zflRU}(}Qh!b3|ZmH^;o`CxkuO3S#s4kO%Cqb`C9YplK-CRW{3+Ut}$Q+86@9L&E&U zGRBY)=t93rEnMlK>sR+WX;lxcULRLk)N0?+P_urg#FOD-y^F34^mYJO@|-8NJMbzx1p4EFgQcjr{D+hN zH`SAL1+DMLMjg_PXul$M6t$e=Ck;OFc*HguH2H;hS}*&P6UdDy0s~{eSzYd>qa)32 z;hcRi*1~Y-)ymj$b8%UqLjt9*q?L*ZmV;>2%2ITzL0_(EmNC^qcopOpqj0#5vPfcd zu#eHo+ST?(G-N?f<)8DV73HR>j5K$Ij&T43&ezS!LL@C(#)xal+%$yvLCi5hCIWRr zoCxBWyV_3Y;Oz1#lX@ITtgD#4I_JelYCUP6S7~^SR{{hENGbdlBRnqR+Q1%IOL2A2 zwfRLwl(4E6XJ+GN@mOZL$V&lNmeyEpWI}YaD6uSIR7aCmnksz0Gs8QRuYV)>(8FHW z*?QbkgrY1n#A2;6ps2g_dIjhag*+PY`0utdf@JO1@Vc4P?sI2T-W`+`Cj#YGfjTGqj<-~m+7FYr>QD-3-Z7^$`>r#xyC8r>eOo#-ItHnfs_dTg5}=4l^`I3hm{}$q74l- zFKd?>7I?@Xt^n_yr_IrMvIY^o_TknmW4ZfMQt_Q*f%HHm#bGfp6WgClFqycM=$x^R z>C9W+g&eT%VXx0@_Wayyly6jXqYOy?ZlrP$4{@b~PBJ$bYKtXGNw^6Ix`qfv4HC7k zB8h8d+g5tgqxZS0_qX^=dxS(+N*?}J98U%ItAvlxj8DeZLG-<+0=sfj+Q&=_&i^NW z;J60yLJ?Kv%1ThHa!76v0E!hz5w2Tvlwy;R0QzXYFWmvT@bAU354ba^2fYuGXAj6M zi4J65#W6?X#^Y$pkUD^OWu@UVv7rXCYFLL&$D19WRp)W!2 zR}ww(qfz{|m^p@1@)MxVg>x_*-^0hjXa3 zK6MNzNvE+99q@cae|lp!yz&E78o!-}ng<~NTx}J2N$)=afLS8%%mDAk3!ELkfcd$@ zNb?Q}?nZ+z6b>8SCIMeUfUJO8Jb1`SJcs`|TYoM73>236PVcq8+0sugH*dm$2^n`l`Ma26kJ240~FhLBQZwotHJMo_McoNRVWS7jlYgR zl`ngzH^mAYr50?zHc|UMWgv@__0b9xuzX9ptmYv&T|`!p2?we{=iugA1}$PZC42)N z7z)$%r5C{4L|a{f67qgTHrbNcw|B(kHxcY0k3G0E+=>34_`VHa`i;y|%ZI@i`7+a* z(>;gecA5OUayM4NavZu#Bjn4T7r2ho@#BckuPN>Fd~07wv9t{Lq3~;S+wGkapMint zyECWWeqVWia(|t=NtN+#SRT)b!{>xZX?UDh_db8k3@CDpP|bWh!VqqekEl_BxxjyO zv}`1EvlkttjD6vLZ`IF{rqwwDzywZ7B!!%z6&8v)#gvoleN*iaul5BxefmqdqSSDC7;DFdjqSuq{i< zYlnib_HJ8bQY$ET-e(XbL{QqKutZELhT~EU6Tx}_SMR+{MuqfX$z~THnAGm69tNs> zI%V%iMCj9~B}8%w?y@F3cj;CptGoOfN7I}K6zs=-DO@5ee)$2N(bhuMKQF_e!CI_e z*~QJa#YY|x5Yb29e{)kJWiK%<;Ht2{Tf|qwgetr7pvx}f(XKlYmp?depi7UPJo~wc zG!fmT`jw9U{)7`G1;d>pUaH?adtkarqjV47PEmTbXVc`$+Rq>IF9j?A1rPrGMoj}b zKBuf!!_3a{!}{z>(+?}gO7f)DIUrJ^SbQp ztv`+5zh4SpaeQetXYtUY3he9+wQSJVD}qA5oO0%8hS z5S)+uOsbkiqs>ejEG~6wsL9)N$GO&%a%%xfox3Wsw}S(@K1hI|G0&MmtH>)`?PfBm z;S3TVf=-_6vQ}Yvb&Z$O4@>-YvUwq19;*@J!Q9B+Yw^WmdxO$l=2P2Zgxk-pVG{tl z`hzZ};BR6r%g9?@n{0M%W3=P?v}+`$S3?xVprTBXR9R*Cz;1&LF}~L$DC9KL+L=S~ z`vjU2z@Wp*@r)3g!|9~-KZtV)BH1mzbJ)=vPVK)eAv(8vc8{aL(&@Z9lmnj-nTO73 zwz#qTA9g49;u>&wu@9JZog`lED2>zs357C%;A-1fJopf{H$Si|pet zzh%UEY3Tg*PXD8V&EmULN3<&;4|*e0rgkxalz1XXC3UGreSsyO5^t9$fl(tq+{%^G zCtQz?LgZjS-0RIbGug4=0^&5iOxL-2GK&OmZIZ}cY4*ze7}&p$R5Pof<<6I>8R7<_ zjP+riI!(!t#3&E|P?7S`aG{Y;y6$?q>qXd`p_0WthW8axbrRQWeE=Vt+9fgPC!aL#6(mhq<)9!!q~2r2DjIU=^8uSvcuF$RvvggPQqXbgO66 zQ~4KLfZEf|C_zqlIPj8%aCNh69q&hndCk1kOH#r~4W;BMF4LDTVsB1=mb!Y}09I^5 zin`l`}Ww(v;g!D}+7e!5=IpTV`S z(bKk|-2JU^@dhCUo8%^;OF7C0T_W$)zH?2a{r(XG!IREo9i~lQ-@iF0h1-Tb{GM{J z*D1y@=81yJyUUmk_$l@B2Rzu@Plzp&B!Td{&#V~j?5Znl9qQcR6))eRaEhY6@{MXe zt-=qc$~(f=muZ>a=CZO;ai~v<8}YlWqh6d8+f>u3J~iR)A6A{C4($gjCP#3pyh3-AsfhoyOBH z0XfJb=5-5L|C?wlAc^*)s%=(+D~bRj}9~ZSo#OrCi=c=EzA8YGw z@h5xh$fJIrfaqkVlBpE+GG&_}m%M4``~D9kSUjq2x<$5&KY#%f?${kj#%~FQ4*#Bf z!Bb08(Y#QDPP321_pT~L#`4-?+or!Z_v4uDpfTVS$W_&HMS+l}-{G`B)0PlwuOu^o zYsinvj`7&k>2M(|e~n$^)=+=grZJ&n>Y;Q`tPz$OL;T&A>A0LPQGjUILI4CeX~*(_ znzKTg?RlgfwdvMc+BIUzVUkW1^4QLqF$MkCv=?s+`w=_g&fLW+lzIb0r!he)fLeQjooHA-F%k7NMMJ=mZnK!My&n*$yJn~Y^ZtU zk$yd}?}qG-Hq!e4TJHgo2Qh5>y*S(Il4*3F5)f2fr+40*|s>*K{n2O8$Bv> zJWK0D#~BrsF@M1c1Pd6rl0A@Ch4y>I^59+~?!?)lhDUefh`D=hnuvA{*C(%asfaV< zhnXniwEV#iQ`>Jd0Lw@b;#YoUw9i5z(qNy$4@yc7r*rd%QR3u3O;MQS-IV}9$kK55 znK24peG&DgH^h1sArFG0WkYXbg_gQw2oh}Q$bH?ILlbe1Ye(cmuE$ZOn+L3Zw#-M! z79^9lO5D6_M4@Gl-n~%GO_F#l9@ird#+hYFd#{vs7}DVGvd!gjT|~nCPO)pg1G{q4rzKm8H>=!+`P8eork+hhO39;%VA7 zWB(BonTX@@(aL7FfN3HRW3N7x5jX%{8Ya_)9BNI*Md2+a5(W>;>;HFSltshF;JV7O z1QIZRJpLrNQILZ?48yVz1aK6WB+4k$pPj<8adKYpjC|tpC|y!Oiu(Lzv=ssl1{n4F zVjeyV1X#zTOE!vr)%BC+^4!N|i7z9+5D4hh4QH&QZl}mn-ZMm|{+I1(^H7h3tSjyE zu}Vu~0aiKHqqmd23{V*|dlMj-Ur(%LZBLu z*P!ulB*rtOEY}%Y94zSj)2klrt0zWKq(tQOwu07p+%Rj8D)K;t*Q^Bp6M;Gf5bnmx zgFMlHmvL0?&>ivf9k@q~11)r0r8s=1J-uKh+-ebokI-eGe}SX(Ei88+w|=M8XQ{7J zyBIqLsp~~?US7t>z;FuTbf6ns@8Iw+KR`d;3=47}DiwN(OxP0fOtkt9{5$MfX78I7 zi7Pge->y72s4fm`z6$!CtI(9;DG38SX295ej_Pu{Pm1r)@BGUjnHpj=PUX0}yQ^qz z%&Nc>vL0&!aYiAoyk8;eMghmig z1mj{8s;a@|^SjqU zB_Tx+oA;{0KV3Vrc$Q z<{M;k=QcLn4`58k2JvSu_cD6^xs&_l&rF%H6~Mr%K|}L(-(7WM@Vg0f{7NeCH}b;d zrI-56C)6;*;nFG3kK@qER-{T$jM>Bi;|5kWBDw0nG>ZWw>QqEM*yjDGkrI885GZPQ zfLQYYSQnn{71iJ;Gm3~w4)~&PU?}};F^CoDuNDGuh?6ibXABC;RGBApm2lv#@qRL9*HQlHV>x{7)GCc8t^CuP|K}KW^1;@kJytOP?+5G>KWsgSSZec3 zCNOZrFo|N`x@PU&TM`B@{%k)zDM)kT&l0;x|FiGFD_oNB5etM^g`4_D|NB!&f#q~A zT7nhB_slZ+D}aYo>%mq3cuy(!x5=*sE&OmjS4sT2|HLc#|9=!CrmTT@UK~(=j$iG8u`EP2Kfym6)dSnM$T`O+}}@*Wn}#NDOPn1 zF#`mei>EmK!((J+KM(c|Uft}2F>+ihRYL<(peHzfzx;`DufEeJ+3o$Qcf(60P1kAhyfy44PoAL zYUSO$lj0O)M*VNlau8?=&P$$q4pa{w&O(D~`&*nM_$bxidl!u3fO#^8*7W_us{XsKQ@pUE z&TR0JKXLg109I+;E4E|E{3svV1gpLB(5uR5hx>nPoB0No42y~e}QFYQki*AK9pQy#{xc-T3 zzc*{PEG$rd#&9HjtN~V(YG>voBrd%m<$e#r{t%bk^Ir;}Q<~YprkZ98Y?2C)^=Vzb zlhaOlpGY76jcDq_aKfxS;Dn7LhuezVX*A?j)T5A5PoFj5zY6%FBds6qDZ*woy|0caL0lWnh2sR zLSZw8pkG}JO{}zdLy=${E&mo$$wG1MkaLGu<&nRA968XA;`*Hbc~_&zX0D>A-BKbf zOL^5ALTLw?d~pKkRVKzr74jjR3&d>Jsc;2u3fTbvYNR6v-4avq&f;6@{@MhrCd6`h z96D5X&}rByocH9u-uc^Lc5xsZPL~**hJ$Z*3m;MZ{LrdFRA8Y$<5Lbkzy{D~w1pp4 z0vx)UgQ#<&L-d|2{M95@hZZ#}yuoBWrU~xNonm^LWyH@G5!HJtbaEMCC>7HtB2cn@ z^4es*T#`L7Tvx%{G-f9xJos_0a`J75#;y1RD7v-N3m-T&Qm~t-3uVz7MB%3}j!AbD1AIct%E8 z3{;v|&jGZ6M6eg(Ke7k4*|H>tOuYxJ5eO9qfV}=C33cx4Qi`rt#E!o-(Z;(?-G}uV z$LDJvupKqt`1Y*`Ob%4?LXAJ`H7A<80FF8WqL*hIlRRI-z8w3$kp3m0F7bk8&fnk{ zcZ~qwJgd+7)(CkOJ0tlEe_z7yGdGtEsq#1PAA%le`6sU+N3wnO;4n{U2uG?-aV?v@ z0amt@=j2mpZh!m<$xgkC#NKCSSg`%@PL8JV-}##lN)r{0i%$X-WP=26LokW`zSQlu z9!P~yti0YHr}Vkqm$tfBZ#~F4ER_Eer#l8LqKHm@OcCxlbCMOPAoF2Gp_}|%x3u{; zV-ZO+1u!M3o~kkH3(t%&ZxJjj!8n`>F$=6F&k1Sv0Fu=cXLU`)5jB!Ov!sFP1LEiO z^EqWDEcSyqEUDKiUp;jnC8Vg7V zZEW5RH5XWE+20J1d}36sgVI0yMJ=A#k+)fz-tbP8$Px#nwMu$tjBC$?1r*(NsVVm< zp?gTrV_?o*y$N8*rv~wd6g)-k zo@w9%Ffg`eOe*gy@}o51iX-@ligt#(zWIQ!WZbrq>p9 zcq4gjQAT|(%p67Id2DI z-YSL}+zzJetbh`G=w=DEqHKU8c(qWsG}A%g{a?yA9ELoOE7t++tyK>nY zfcsVi(=^|;m32DzAm|u{V$awCPmwa6^G4`_1^di7buBzW3p&_wzO9LQ;_H=%+k+z9TH!7MC8*{S4TrrRTT; zLwIlTyKe_>LOzxK?8&}4*evdMs4@QyRp*fNxuDy&oF7o+W^oBfh>T1G!zR9s%IV^h z*%{AdV`*f6v?E0)rHq^Jm{o2qF~>`;ejQ#8_2fl(*l=5FY7=N_fCa|wWH2eDe39oc zXX7GshDq*NUpCE=HB1C)@cR29BtMVdbAVu6Wjk6%kpBxeW;zO) z0m3S91xTG{N@g+yHpgU$&Qa>0Vh=@53De6T{`@RN_Y`abz%H24+PXjkUJamBaeNn=MFn4Sh*|C`oy8yVDoQO9b#rjxNP&0|@S;U=KetG67e^ z5bzDWQksE}=Ygt6S`$l`(WBVo4A%PS{J`uB769;_0N=1{=B())LT#bu z(!DuuTOMHqH<$f>Ni-Gr@j5CgUlxnNo0b~LbKZ?RM1Bc$!P@~u6MYsm^N3Zc2-51} zHS>ku)Jeh2l8kl7PS`b8>E7E<>gS!FGbh!7i3E?Bo#_^{cRlVnR!lSMQLt3aHsxz& z&S`|F=qCS=W5LoBuCd7@d{`X>p6d@|{!*(=xgMcjA1ZIp{vZxg2p0!Q6W7m#URZ&wqXJsmvIC>vRd}J491J&023Twa znT1c$@p0eXg2yT+0X&a?VGBpSy}fIamQLh|-o z-j}WCMqp=rDSq-p7gvSAFGzP?V_cSZywv5a#0#op^C^N z3p-CtQ^H>CdbpD@NC((EZB~w%?6@5Y3>L}DpzV1`B!TLxxs$=5i%2i|<|sVrK5`*& z6rg-_qI1sCVH|QR&B#2%IM_DN*vod^EFNsY5X1aarPJ`B|0iO{K0+Pn%p8G)bJXz^ zp6E~g@eKhF))=fn9@h7SAOX7bI048JJ@baqrlAs3X@u83LD_{+xR&YErLh+RSAo=d zIkSQFLMAXAKLMY* z59T`~b(8Dd5ul3Tv;%-@{cHp?0P8KKarjR85ru071&+dM+9G2U2CNedU*4JfVakp( z=lvGyh#n`zdCZJm!%`35$h-$7fG3TzGRrz#e^y~Mysi(i53b=z=+KSC5?Dv4o>8dO z!nMk;-(%nd?3u>BRp_eiwF;Mt{$pEb(72Kwq493;93&d1$t(fx+)`$lo^1VuTnU52 zlT&3l46~URl$OQrIZx!W&MbP8QkKa_tt?yKeepnE3QIfg`Op->e_1XGUJMyKDIq^I zO!_j2d8{#!+PHWTkJNOjsa4%q;axwuQ$YPUC1FIW@Ab}4y7XN|9nzqvnSLzBd%BZZ;6mDZoUpg~ zM_`AFz%akjah3s6v^#YllFEBRhCVq{;`nJeSGko(;~4s&?X)>x7r`(w|vh+=3bI+H-`yNtdiiabZuX3$rBFruaqLgXye0{?Ix#bs30`8|%D;bl$r6O{-1C zI#!S%hNjsJ`0*%nvGC2%>AiE)+d#b#KI6pFoW$##<6b5{_W20f0O3P~p&G9G-j?qS zWy{$?!kd~9i6i%vDFv1d6B`l~DuhWu8(8D>VjTKg$R%tcYpEKK4;FT-!NfZ$n_U_9 zpih(xUpLd;eN8hklLj!oQ{Wj)K>lncXzz_8(ql_%WiPLj>fw(`8_o*G-vWXiv_VO^ zhQtnUO2S60Ya@^Vh7Ajn!dG|3e z$dKlt$tiKiBjuL1AjBd#9I)Hh!hQqOjmTA5`LX=KZ4ti~Z^?8$l>M#B4Zf3~< zG*Y&FQT0&^L1}pId#9AvyZV9eiIB>@?*5mxw0A+I??1rn<;vv~Q*||8Nv~tU>A_%< z^TbUBU-#o@Tlf{YQJHfM3UFs^{zfToB_A5TtTAJXT+Umo9$t01p3230s+3-4SOF%SPB71@AzhEXhU>7O z+EMmy1y^lN`$NBj1X7_=@Fy7{e#-okrxW)1u`5q0oGLWwteFrQ@&sogyyv!;v}I1B zXER*vvWz-UT?M^2Y+C1SALwAe{Rrb%AROZsK)2y|5|im3-wl{tu~NSL@$3?X&g1Xj zIlD7U+R?S%!Kk4IZy~vFbXkH;?8|L{IYtn3pW;!&hqJUZq?i-3lX-AE@O&t+7f&w) zu%gb&TG<7>ca%NR1yIbm0#-paCfg9$M7D-T4bRXnes7qP4Q(wps+ZL!Guc6IMf#sO zuJEKzEi83UkS3e#@XMLR6VNWHxjX`}O@wn`**`;$++vWw4b0{~|0k5v!uO9d9;YrV z{zbARdnp(PI%ux*7968`h<#PNTwK2bOW1q)HkLKTIE$5~EQGiK-ldORmbM32@EU0) zrgvQEUEwjR8$lF@Gs{sWB|ucYP3Y@3^8=VfeL4<)@)clARfAc_>h-H!WeRge9SSC+ zn@>}N1B||bT#6r+W2C4rJSzJPO`MW^&0N`5?8id{bd@Udv!|CA*Gi*rqMGL0@A;1UMU7t{>N%AZNS@!f_07 z`Y9hE%n8zgaJJ{$hvE@u1iyuCCNaSq6Cl*+u|SS__)RV5zd2Sk3brbVY1a}MtKQn0 zR$stA{egN_D-%GSc`|>`@hKHsjz#E+lMxV+h5(Mgtkas-yo3jK)Z_(g6Rg|%r|-y2 z98#=Q+Kmh4=xS++W~pWg(U^1#zd)^N@DEU6PBc?=TvZ)ui9@m_$!i2zAF*+4f_HQ! zd1`Xzagw8$ucLR;Yd3xS{i&a=0H#2h^rMnFMI*r@vea6-{n1Rx{pdKe9VLP%jTm04M!;>(b8BON zgw(e<`08dDs^Pc*L>r&e8 zqBEmn#*iv{d*Ma@q>5#T2k;t$>OZOCAGF}lS9#nk#5Wpv*_D7nk3%O8b&pPC&G`PL zi~T651zJMa?%sR+Jxm18;xV*I-pkW{@=i*k`1(&o!IuZz5dVfo8T`__jE5##Q;$#8 z7AfI10E%RO>n#DbrjF$#&yuhTpbvIB8dBOY1-uG6f{~ko9|+GAhPX=WE{>MxsxyS) z1eb!;C9Z2n!}X3n4qH86?QOB$KQj~n75w|_sV=cv*!sl1K9~OMVC-9o zOfI4xW+Dl1wShz9V9(D!-=DKf2J38w?1fNQxx)KwFCtNBrHV1k;>wz5K2Oq^C}S}U zEn0hg`=-m{ScMhk(^h3+(p%18IXku?80SS{APoP_M;U3qZ2GRw~?o;FbyK5yg z;d@p^PS0U5b8qaB75iJ}|7j@th5w6!6)R(N06*v+G?yBYGR!Q-LwpToKE&KE zK}KuEqqpsW>bxeVZUmiAR|3tgr9q>vS4i7keo^icmBb}P<6!)DvK?mp;yN;CgeEHu zJwT>Oi^(fGeDXVF@Tbv6y3TQ$!e-$I8W(Lqd$cl?>cSYnjh2X+Va%VK9fG9v|G;s%2{#~5ZB;u7tm#5^AMeSaAXB)g$;)-{S(Mq9?=qfA^>Z5{@MGW zf5O%!_+EkeZ5hE^k7uaMkfCKv&lFviaifPG@O+!gzbP|s#stMA z>EeO_73!%rbPzz2)7$O^m77S@?SBjkKMUmhAZ^!TFt!$r3iDw7r_G`!MTk4gB#;Sp zK@|+;#l16zo-v0Q0RknXmGHMP2PPFrj?{Z~<9Y%$p9k%igKhKn@Y1$08XDceRkVXE z_~{V5ZN7*qM|3fu??T+?`kvSvA1d-GS{h?T(sDsvbqTq^ppqILjQ{o)RZ;c9!-kpF z3{cLMI87C&Foe#=9=-r^qVmeU`Q0_$k4@f2t$G%+_*P_GEwdB#gQsT7KQG%O*$TO5 zl(kl~k@Qkzv*P(*_@4z~X$}_xnp#(`Y~hV=ul_xkke)q7(CKZW6^@%PZ7+h4K=uLV1=TJq%Tp+FWme@WXa|);e%X2DCESqP zk3KYRgXgK53dscg5JY~$W*{p>sa#iuKkjo03{i5}uNDy_Kj%Q+@Bwdd=_*yI|M_wMiB*8o^${ZMAY{&LZf{o2d9~TMmUWMxlRVFDShjoLpyFnlp!HA}r-MdzoJYna^7$m+Ac*j{ z?u(6bP#>`sZ2u>qz{4`0^owDZ8v|6j2ujBx2$8}zR<2ISBc0V6yj?&Dha_q1pjv1( zENa&E#n`-o?ku%|UTnNwN(ue_HVWgfy`N*MTzjmSU3Z;=zEbz)c&~@_?D^E$y&M-G zDp7drR%qpeJM_`-OXGIRbG^!eq^hy@v8s>U6#PEo5u+O`L?5Fh>&5g4^*!nLM- z`()^N2|9e3P`NS}NAaQF^^fQ7pQPdMmG@q#P3CD;7%k z__+4?n%1F#bS3KX;dE~cC2H;x&SdRMvHI$R!W-_Ujc$(lC=oW z$&kT^tmy>B?(S@qQEC$Bje-#Xgf))I#en=z!1%~OuTk_~SSe|HapVUhD z-nr+KLYsv#H2XDXL0MRN>qz0bEY6~jH8NR2gZ>}qM;yw1%aRO+%G-OYLv0z-cFp_0 z2#MxdRk}y$4|x^ZwS;|Bz9ZGCU+(ev;K#wGANiV#&|$7MZ_K zN12|4m(9zb@1ybDdKQoUJ1g|BDYkRd36*+~CDjZngzc;*#M(lgD&(-%SKQ-4mRxr$ z>yB-yOTBJSoqI*2#WaCUrJd&~m*lM$X9MA1mkrL9yfCWv8_fUMNfPqd-^atC+9y?+ z6f-Y0X?xLTvdWt;ZSl36|4(is0Glgwp1%?zT*NH=ymV1m<>UA_iG*W44kZQ2H>!^* z>(}hvnHJLXb#>(Wwd90(%H9azg*?KF2(+1c&yAPI=;-uu_(DC zV#wgkSN*SVZ7-*>hWS=^C2N(Qsa)0%6Iw0Wqpma@Un~i8R-r_8U^L>FWkt~K-@|Hg z>-9A?8U%eucFcr`@zQhRQ!yt} z<8GWB7+k$Sg+}{b7*OL|pJS&aC|#Bt_o?R|$j9+cMIKUSVzjOUy^XsOuO!fCMNnNjnxm>$2 zeU~DY#$($D75Oo@>4a=Z_;b5_qGSjtr zt6JRq7q@}%7aAJ|VixhxH+HBWOqe?pg?)M-UUKT?N`CGlB}{SK{rLm#1%woIJVWaV}A^%%;E1dO0wt4dE9$y6UYEqUYD8&bo zj4Stl67@M=e4^0zDgM_q&F%U4dwuS`sjlhnAI-7USf!9htp0X6ne|m&uMa#0LP|F` zo%O^W>Ou=dGBab6^0zDB-@7(l8)cbMskC6@gs-?E8lt_d7MbtE^+Zr6EPL&M_XgUE zYV+Hy-2X@1dxul~|Nr9=S;?l7b&yR|%HHdcY>q7?v$8@NDSIA!L|J9i$)3?VSw*%) z3RxwqGQamHuU?<`@ALhBuiy3i{PVl6^KyBKbDod;Rew|lj1l^-41Ge3B} zu7UDHuXDJ$+1f&!o{>tq*OHXMbqYti$GHQ+44gQ2qNi4kZvJdYPQbghnyqY8_ zGt{+GKQ)}>#OYjkX|Zrm<$KPF^=TKRDxW(^PBd9lcb*@0y(IEwNkKsxjjP%* zp3aUxt^5(m9AyJfX{w2BLcKXxj&0enK4m>D{9zrnA|kiwsq~wTEdCG~Jt0A4sbY{x zm!Xaw!|I{sWiEL_V$S%qG+qc~`jVrMiz;@ciiiL;dwlv?hYpxgT>xIQ7~nPmYY?8F zpO1&qVQwwJ087rfow`^?BtBf@nhDL$=<7(Y;Jn}3;dLuF<-rI#p0%esYI=GJoAQB1 zVDTXra}Ep6rUu~rw7dweQ?W|(f+HP&|31+OP<3hB=tAz^ai}~C(pU1}elpyU6XqhI zW&isk)e1rhoM93cVkPvZ#qjYDd~|1cMPJnS(JO+b^woz&w$^^Eq0Et({=S!JG7lD^ zw4cp(h2a|nsaAR18VMN=&fQZIdU@V5EEv0SS&o3j$W2q>n2hR#8PTk=65PiND1pvM zc8XFO%dsh=x3S&K`EGfSO&5RvAZ&Z)*>jGChCyl(Ei|h&HeZ|+?kZ^!e&+0!Ld*RU zJRd2q{>s^Ri8L7X#vwzEr{w5mlg<+iIn|y$1}qu_m)=(KqqR<8LzW0tupB4JQAG*p ziJ^iY)C@ulSIhJQ1I>%RPSKpN2`4Hk$*t2Nj3^C3cPZ>v&ktLuJhb1+zD*!@|VPIo#93`mHVjkA4o%y%k+XRSeQ zXYO)e?ez(*F$|klruZeuf#^4XgM3ah0Hl5!&2r&xJb*3?ZAc|7jlJ3Hf!Kuu{E_Ot zD?7*iH-SQD8qiGyLtjF+0DKaE_wcS**_6RgU)4&%+1<)1GurImkt zT(|G`w?aYMH!ikrF?c5*4bA$(xUSKt+OWh#F2nA3b_|$!12w~Zol;3{Upb83#z$O0 zNH$3aJ}Zxp#C~qED7fFJ`--IF=X>~kYi>EQ*Wsl{db@zk3H)JnvBZ5n9N}c{;1F50%7ppdHVp?*2YZDf zzcDhKUpF^j;{FfshZ#JSDB3$`n2zhYzuWxmk=0RI;bi8f88AFudCJXOl?k;@!U={zTMn(=kS`toH_T>F>cKt9L9xzI{D2q zzct3u-w!W+@xa*MfaqjoD_#t1(UOI$r!#zV*YjKNWi2!367|xW)&j+@s~0AUw<}kd zx};zaxOC(R=`qAa*Y1t;;atv;x)74Z%kPqzs4zP5nbnj^FF!xr*Wl$m!NjKi=uGm5 zrb14fcD6JhGAm(mtoAZH!vDw9+smYPF^yGGu^B*2rf3e8SCGjQlJPUwvbn2X9>aWL zJ^*2H!swA+8HeF>T=C|RVCZ!uzck*&eXs*}r%-2rRP7HyD%U?hgvQf|$VmS3$IEqG z)Jd={I_J!Fk0RSLD43p?TjIU&C;iOj53dI_xo*BOiYV5XyJnZD5Gs*YtY(3?#Cp%? zcRk!Fqvc69Fz9FSORO{0Tsx(?lzgbDNLgK*yA?$-_h&{cor{697%h@~Ow>d}qO^~< zC;fYr?Ab8|++t*0;@9Q~cd_*}%jiFks6+a7RMgWCcIC;if~?VFS&t}*dd7F#8pXx+ zg$)}grsy!?N#ykFRo1WV#(Q=-11nkdP&i0BQ>F9;uFN}qO8{g@{QA|-5#XwfmUsE(lTOUwgCE#(5YX~oB*1^~?>E?yj*gBN z^a&}wOC+ss4XrFZ@xR|B`duweqiKPzx8;wV9fjoi?Y{>arBE=Xr_&(qIe&78YH zGdZQX@fJRGnu4&WJLyAwndv#rW8Wt@EjB5WJ7@;%$`dpT44gdi#}~}?+veX^;1&H> zp9EISq@x+|EPE1pT|d3uM%c|Rl&%!KJ=p`j@E$;v&@Z)_NRidS5l_)1 z8MGhI#k-FLNj6D&Q)8&bOBlNiR%Y*?yFP|FY2p4k%;$-AK0n`DmO-hxieK@!$MS^a zgr$nFNPk{#cF0OCa*D~It-XS^OE-O2m6EosU%9(o~ zubPAfuX26amWU|STWTj<-!tcK?a9yTFQPo$trm)}^>ErPJ9&O#b2F38yXEl8v3>6> z9&S1T!Kn4ENI~YKgqfh6;sXh12+ujyK|_~4v_~ii2%xdm{#)L@(D1PSw9#wf@oWwG zD0TIfciA#x{+pi7Zvo$TI&Ff&9w;SOpgnzI>v!BB@nH$zw-P(ok%nM&AN{j(|n`men@JvrIPSF`kni;Bhty1%cU6)i|)MY zaGx5ci7@Onnckks=mD(4rGA-KybnH-yiX04wa zE~^F%6i=9pdc{;%Dch}2jU+UQ=$hX8&bNM2d|*N6UByJ;<2rlw>&dcDgXe9vUxf?0 z7(cP8nsFR|L(0=-KVUnl{_2@lEQ&(!+S^h-Q$=ytam!pYyIlgiTv|Wo#M{O4$&8*E=QO`j zf}4Ms{U^1E_uNjFRUQr>3Opt_Xfb7vKk>*dYDxKMA~v0vTOMnu6a1=GPQ~bF9Dx~P zVGbdiSnLCJa2$iW3LjG25(XRX*WwpkUtZp{(*Cuv&>EnxE8uBqpwW>Pvg&1ERx}X{ z4^0?))lP;JlAjPIb^LBs)j1&etIU>rq@6|KAx&SZ`u!5&C-xxTuYCHCzx7O!us~k> z{Vx*AlUy@zmklVbD)6B7?0wv!+uKQ}~} z|6}RHlenX-(kAZ%=*{mS$+WI)8MBS=;{pJyOY~cxCmW6Ubu;`1;}+fXi`laNqq~&$ z6fz3z2B?zg3^_8f!^Dm&+9g#te1soON~tEMh@yk5I=PA~zn3OZcg}Xl8=SwTAA+XQ zYc^t$Vfyg-o`$;tnQ-+z?Rw+$Vhaz#$1ap5|Bhk8X<28N9g`8>zDBh^V?d6=>HKOt zjK&FN=TYfb`(27K(6yPH_YLHAe8}jNj6xYUhW+lV`m*Ejc9GAWf4wf7r}(kcb&X_8 z(dkJ777oJ(t+bcNn3Ek@q3!Q#$y!8&9=ci0pv+PedT7#Bh~|%MZ#<;IoL>;{@3or5 zmfP1P4?vT&onX90NsoCY zLnti^y8JG9mV?mvN8@S9e=46>g;CfI={;-^>Fw=pq424nJN44Q#bw57?=uA;W1p=N zw}XplUwlO5BY^FG*#BOpXhn5ZB~U>$fxOt2iH@DR$c_x3s!^k$p9}x>1tJ4svz!~R z7>x07kXb6f192N3&}%5bHj>w|QizgFKipk=BKVM^^da-7JFAy4IJ<~DfSn{*xZBkL zjT&pj6VOm^wfCOueJE69k^n22wi-+vZ2Qa}EI%`K+yx#3RA=OgDe_+N&(i{hN!Ps$ zJazQ>o_r?}m~+tXyvi-WewNzCo*Y$X>isQ)Z|ZI7izP>HqcdT&*&bPbR0db_%e}m6 zeo^q_bbN6MTA4%T?^o^9@8$f67jl(c@5kC*m2kV9&#K>R8dbIZR5-5CNNLnNB6)>h zufz1c9BEF{*B!r`b_T9J2VDY?ayFCo{losnjTx!z`vwSD26D`YE(l% zu73PvExNPx==xzQeRRo>5_SC(qt=9)!*wVaO*^_)P)>hU#+I3PgL6=h0sPe%jyq+O0P?L>gvC`7v*k??A=s z{jclw(~KuBF1On?_$d(VjkN~0mRhx18kL%S-l~==Zu;J^@DbRi^j{Cx3^sSV)Ognys+9{xMeR!U-wpC3+mV6Q}+KSbpZW!lR*< zoA^M|3w=G{1?2@ibT@RBZ!*#ts<%b)qLVa*>y?)SK0+50%iAWub*GUg-)EM_kkxK> zP3AXTv)y*s`55$$0C;F=T!x@mnZ+VGDJeftJ$Uz#IdIV6u20COOWi7uZEyn2f9$U6 z7L%X}yHA|zTgPneW|}<#Z?JH$WQkmYLgaO$1Uqxc?=Zc~`tnAv>Jh(jx#DBehlIwK z$_&3pOHuEsB@A=)l23hLRwU1oOfTjv;4i@o$1foy-JHR%HDuyfhX) zZ_~q@)c-|opvmA#(zVEyW``qVau+%;^DB7IzZ4as!m3i!7~Vyn!P<{AVl9iDnmA-= z+Kh?~mRoG(wn@*f`$THX9WU2YH!3zaTrY~Q?hyRt(J9;+YYsL;p70Osa`NRH;-fLB zPStyDkC9!@LUvgjMNt&Qo}+Wa#tHZ^6sREN5OMOoPwCEyyCM1mic-DnUi1ALyDO=! zL}iWa0#jeUtgA@m+mTaHBtjwi;u{f0VhPq?e*=$?)cEdG80aWT0>p-CR1Ub)qjrYQ5py^RvZXWVN zNNv955?t`gN~rRz47Ki_*LQjjRKyFU0(gG?_m;|7j-4F7x*NZsPh+9x%8Ai&z{x(# zs1=9x+P_fvc_Z-w7fxDQE2M8-9#x{l-=oI8kSg+i^}fxqr-i2LtGb78fhA-oaDXg_ z`%E3i>=M?#plu5z7Rzbf%$}TxZzq0|>DHjJhb{x61$Ss6BwiE=Ad97NxOyz)W4NHf z{cnQdr}K6FpuxRgWLH=_VIlAll8D0DM?GTk;SeWoHF)!YBW>)3-_x$rH%qV}p2X9a z`l0|;%Zv_zVn|jBlQos4csja03K2^2j zq~z!W3cOVCjs4%ejuOhluk;j-Y1j#+iDI;i@y}Qft6fCldZZl4Zll4;=m%dtGUG%5;KOjdxpLE|x^mWBMY`|Po#{Cmavp0IX`0KS;5RCjb&|GeQ zhB1cs$VHyXT>nQZj|$1Ya^aSDCA}9-6qIj{)wr(Tw)1vvrxIU&K}p|q0kvao*#Xf0 z^*D4T6{@b-xT5@4ZGhYJQ^|k~Fn;a?6kR-lds`Fh4d4Sge`dI*qWrZ*!PswyUJ_kLY8FXeJrp z{`assMhecxaom zNzdb~MNuTTfCr8P>L!aoXtS_`rl>xgy=D>MEqCoDX7&!%^j zJKo+{?EUd}_y|pZxOEL*6AtN(xrIs@hvn&nNbB_&IbNg?8&;6y22o!32AI6w{i-(W!{w6%a7oyap@dI zjvIj=2U`NFB>pZ=5{}z@+Dgm#ju?D{8!-e}}BEJ3<@YF}A2=al=Z?%>ca&G&&4l|B|udn!&Ds9C-UdCfNTP|Up$X0LI zxZh@k4+y3)sc}hXZ=iWsjSL91PQH1acA59?1LeV$>CR~cbI6n>YWo_WY-~9Y<0a~-mF@(Z7?R|44`OM+ACgZxo&?skh4}(T;R|WKokMyLqfUelgeZ&5o z`Yr=2Yj);%Jta7v!es2DH1Ez!?~OsGzq7gS1f+qJVF47_j_`}BZB(j&WW6>nGxQ4( zPBt1^T1l0aXILCV&NbfcfNuP+z)IZ z(?Lfjs{K$L8bb#gRlT1-iKp{Z1m5W?&4S;*-iC=qE zd;y|tGr+L0&L1flsQAfW3p+jjwAS_=A8zp?zYE>|dV)6Sq3$ zH!Jq1z<(@*sk@PLok1mqDrEKtNMe`1lHm|Yf|7)J-~Z&Abl;bR_5WEC)_`pigQo8B zP{fr06?E?UC-cDyD-onpki@I2SOGmXLw3_0$(sTHO_|2lMMgy>zD?v=_`~s2Wg6g8 z$p9e!y&39Tab}MJ?c!33)Q6zC`82f&*p&}+M5!WH<#{dfk<=k5P20)9$U`cOmk&!p zULE)0TBXpz{72kK;)G-81AHokb#QvXDZ7y_JW1+iIYUikKdPmx>J8 zfEl7nkGrYUy{2B0O^CU~oeNI8+-XW(unt+3P6)dEqd407K74o;UJ^>l+>s_~OVoEX z1l1YVv3iRaCml#WOb&;#Ec9N?zPCbqLxKRrMRi6cW%W(G%)f;#*;e?ujrXyb%607?bdCMG)HKpC%|^1@V(IPJ^f$@CamcdM)1e_m!LTFbs-c}x_aHF6sWU5j;43tt!G8bY zybRkTYWFv?3?d?zM}RFW&_6yOwM2JXi&y^A$K(V3)C2lyQCjkoGqXy{uh$P`kb)QF zMP%VXzIxMA8LNdgG~vQf{Z#-#oMfji-jD|j8z+(qL8foxs9etN|Fb;uUhY?43Mr~V zanZBXmkW6-c!6KJD}fxD|9qx@!rmYvcXsg053`pa1I)fxPyZd83)q)`BbEoQ{Rq( zQDg8x55WbVR40TvE6LD4qu-GtBmjryh8^4Rwf)uJeEP2gxfc26tsi8KYB$gpVb}%%{_P)r)cF z?@a%5f)+I=)qS|Y*$)d7+KNFG8Sy^{@;|nA2-(0LYN_IT^qAO_!s02&aWF^R;DHwl z89lmo^;daEX#TgqyK4=f9gO|FG6kpC@KnFA)`5iN;m3r!pT!yxjX4%xDf3rC|7F@j z;9!@$$Ku)vsUP9_4@o1s0MVR<@TcSqJOTnJIH4*;DFgpi<^8+l;V>k2c^xc7lY^ha z9N0>0Cir#l6J#}0?F15>9VV?c>yn)=VFsetL8K7ct1opR(yZXEh zp8S-w537@;N=n#~OpAXaVJI}A|LPqy1cUZKnT5G9Nqg`)|DT@;j6F(j_jg__9$_B2 z=lXj3K(@yaYqU(@iCN{tnTtPK+)w>qOan>XBYCHE=?Q-2z4fz_fA(S0kPtY%_-_p5 z<>he;3YI=!uOvL!xhW3VNa>Hh{m+pt^!TiI@ZWB?-v>cJyJho1pm^-$6Wz z{J0Ue7T2j>$ufe}zGIIKA$6wxS6wL50x?}ZWZCHvh~nfVrbT>TQO1?d%)WSwu~LANDPprpH*Gbltej@6P;}3*f+31QAJVPeNNqQl47eOhmhVs>Nx* z(_3V3e13f(-3?B-)vcmG-J^JMP12i-Qv2(Tg7r4PzE?)}59H+E({Y32F8GKYfN)st ze}hg=qd0Bg36l zXP1?=gmQk7`L9wKlC=WqkXgUmZtDBD%i0Pq#|8_tNKG`VGb*n~HW6eLB!d(lJl?#FPYJrlgGgOa6)So>>p29j1Sw2)8b?&309R79ZgJwyQ@CFA?yUUh8 zbn>V}lK^f!RNz3W50pSdNZ3w?r0CiC+9ZvrA>z4l1dgFYbmEYi26lS=Y|zeuW?(0v zqD?#N5PJt2Mig$xQmM1~uVHszU49=^7knTyU69$S^XBE(1yxcO!qQmw;Ye=~&D5pi z+mJ(#$z~1k&i-eOO&XJHb06Fn%4$1+9QrU}cuY((wDcV@e-m;b)gH)hO?Tb&a4zA) zeU!v4G9jY82v#j+^>tU2&}00{RN=FC|L(vFoLfBPNDe3X0J(cUOzI#Qy2)`M{<9!{ z36GB-N1Y-CYhwksRFD(X17~@2Z-Gm`7&EGsBc&AsyxEBFEC*c*lcW8s;M@1x}f)})xSqpjHV8{0ud)PJq7qg z6w6^AiB{+DgMEJf2f3wkp>Fd8Dk+(&iT(#kI>cOU{Prz?3bN%1$Bo2)=Zz=9C5sdKk;?Gs|0xVIiZ;|Kk66F~Q zfByWr0?mDYQk1L}?2sBWyy_6?ZoTe*E8|{*m%RP`!J?*Qn*Fu*_80kz^*Ft!cYOIU zxymW)-js&zRtux*#GPDDGs+Q{^~Hkn`A4V&?tDAv>>giip*JO;Vm|nGo#-$NeBof9LOds}ZlbW(c*xJBM$r ztT{?#`zf+FP;1b!8manKUFY%2bNXHLbb%$ZbUUUiIz;p9a0H!L?)B0n0p@I5?z4=- zDfjsKOKyd2^i{eoJsP_nJ;70O;W{?d%gMR^J|$qn%xm3FkA#0=yXa}s_bxm6NVT&@ z#j&OQd|K})lmp%j0!gVJvtnPDd-MDPm8TURc)5+EGsH`; zd(R4y)rG<-at`eqV9CL|uP@^~{=K6TG#3k7(jZ=L?t>;|U%034qYoAiL~#lUY;q3I z_FZkXup1~eH4I&w&$eId$$!$>5tC^@o82rac~vLQjg|p(zSG;=6pln|Z<^Sx7TQ!E zyZ-09^^q-O4FU=&*N1u6od%OyEF_P}@S=9vmAAZ>7U^;TXZ7uqVZrIH?Yt^|{^`kz zs8n=u`y(src|C3<}ZBAZl#vUU_lKWzvX{*_g|LL7lgCYan(VA_}H-{}57lk*TJ3rL_Dc_D@&#&6aiIH0~NoS60>`LMz`wbjJ@%MWK@5mOb z{5~*_6vj?8-Q-N3`7xCSxKH++mP`pV{*wA~)r}u{adQ4`SNwNhc`ve4&iD6q0=n2I z8SaU(+9%8ou?6M=J7@(VI9H)@+aOyQqujN)B+nq%^Rp)OTlW+*O`0peW*L zfAPF+N-oLwj+qyGWX8mHfsXGUF+)dkqF90E9KDy%DNH@?=={hfA%QaDA*yGy{5i>| zQ`eWuUS8sMNhosBpK=)4q@=ZIZJ||XQZ{m1xWGV6i}8`cR64~h8tIV{d&t`yRW@e8Od7cH~Lq8-B|*^RVIJfqTHkQKN-)8tas;Lv9eZpqk) zGBEBV_j3FARKFuts3hdL9Rqr625mG@c=}n2;LsFr?iCe@0KJIwhJj?g-m@>gDLhDS221@I&TH9tc6kIkTY z*6Yi1mD?n;d$;CvIulB7-C7#qp%^M<2yfoy_j(lgCt$`!K`QLcMgl&(qh&xMLeQi9 zyivl_Cy{ujU@EUlo5h|yX5(SQIe3(qskLBffrWIBEDNFL2LNJ56RIPWX5sSioJO}=S^6!_f zW5Uk;?t7#x7U`SU=eJcPi=9neE*CMXG26IhmWckd%lO9u44rO?@ zX)fyZnO~TP+AIYvk;Cmz-#y%W$f`z~m(zS3EwO&@DQ$821HDz?)5|<@c3^jQx`X2| z_s0Ywf?nse1#;}w)b;KM$E0DL=Cx8QMv>lxrw&`*PO+tuEwbnJXabrgE!EE#N_Fn3 zKhFdINLq6F*n+r9%8Mh>-T%fF{|3HzDYz0%XTPwjz|LrTzI;C`cX=rIOGam?<8ay@ z=_jzU|-MK%d#P2?*^Uw2Y6tF0-QRN0{3plQfS3EQH`_|_^{fI!;@%~QN9W)kg zO=*mx;I3G=Wedbs@4e?>*)gbg=N^we6XnvjL9H1ci`Le_vbx&lYuxiQS){{IYaUJx zf2Qhe4k(OH%KcGb7{MlZaaqyNSSjC+bRq8n1XdR{dC-r6&j;9BE-;w!Z zEb;KBrJACGGDjqN=Z(ES+3+ik?2}!x)Oz6t!8#3o!`9s&0Hk$ROM@@}TvbX8I=am0 zN~y{h)hm~NrVUBpw6Z9S%aSd&HZ*P}lZ!R95$A+?X%4!@FGWQ3<*0Z#4pc>qm`|L< z5{ufuJY{rB=B8po5*N`Mu=fks1WDV3r0DEaKB_u0j4Ml4xnvg!%d!)QKokNlwN%AB z$gDA+tx5aqc>aw_)Y;=;Lsm$mGnpWfC)n#w;JC_e!+wdK`Shhd!zVq=pPr<~%CE59 zUuyh?2b(SSHu{f%@dAC|t_Mq*&fIEE;hOJwvR0+>r9R#a(qW^G64@1+*Mow4vY zw+*ZMA20|MXf!vp_~vLSrvyrsZM`$-y+)GcBU-dtigI3?B;ZHQ=N7gHoJI+m@VD@J zFcnrs7l}Dp2eMFB8>{Ga>#pi3%$v*}eO6=hGh;o$XEG=FIF2B9U9w9A%EY{?fL3g z{8Y5~BcaCu3*v3xZyC{8cN-F=(O}}Onhp6C_uQB9H0e)oL};fDTXj=hMF*%bT9&lx z_K`a>wvo>r?LK8}RBs=9&x{jyMc6UJvAn8-f2vDv{^(eyM~<68(%Ql(S(J(T^AE@^ zmf4P-lU7Nw4UMGyZ?~9Kc@oI#=Y<>h_D*a-Vjmibj8=lklF3|h4lCDR!`>5};O#nY>Ci!$nM|ty>-RJr0bd=kQ zS!*kP)3HZd!h0$|`h=Kz`-=`Dml!j|$GYd0E^Vaeo!!xlMIeC>E z13jNVw#ib*Ocec;zstUMnX1TmS?>SU1}R758`kvySPG*u z?0x^Og1}l~Q&f6*X*(@OiuPB>RQ1BjxeEq2!v#6tQ@~k$ubh_o4_vv_hOC$iVrnz-B5bltKo6GtC=N)=}ov0L5Qu$#I+UPGK zs0&4<nJS3iOaa)#+7AOyEdVsW|cD@KHA{)ja}xJiA_{#f8vv`VIv-14b7Tc zYa87s>|ML=z6j&aRaCLse6bx>O0nu;pBmijXTGG+V|8jD#$A{WTE!8v!$zWgm@HSWXmD`ozBSd^it!+ znaeaSoUrZQ>zIVm-&5Xqc zp^h!2XBHHu=xFWdHYxd+tkaGzj4O3tGPJA^M^R8U)Vgx^QqFIAzj$B?uAs5U^#XPO z^Lxe*Cua8eU9cgCGbCD04%|KNl&Nub>5?q3M`}e9u6QZ@s!~VucBEjJS?Hh6hF4YC z$CM%)14DDCzNh_ZLMQQZ`0TJg>IoYiC?WYMAcvx0So-+PSmUi%gSPV3YW>ydWIhYY z52DoP>r7mqUEsr@lLd?Nh)ayhlN_1B@;yOPE}Nu&c{>2>KJKuQfLOj@+TnkoeK1U& z7Z9KB0K+31PZ9XX8+;xMdJRg=8_skpDLb!Ub_%&S;`s|^f{Jx&N?EV0t@qD;;7{Ox zap5ZxjS$*xn=6zuAy*DXpoWmL4uu0q{CP-Lj-*qe{75cc5F(0F9U zBs4(9aYdDKzGAjeY@yrLasfnKNJ2}YNV?Phz_Pl(NsBxAt2{H-h??-)ql}8TCnb(x ziTMam+`CpaZ&w0!OHikm7%plY>t&9mzssdh%@=ri!UGPl_z%2IkbGLYLZMXKRzt-t>q5`rtp-< z6CvG+uy~y3j*pwA=ZT)~?WZ%%=V-QdnLVZ_ghE~Do)zbsmq3RXwf+4zcT=<`fJSshVm-&qZD_*HR65muFT;^zCn@#>E zk>qZGPNElTUP1W~4m^Bl?_(kDE^VmI*8?2)o%9MR4>t*y?o~zbeCQ+c$o}(WiK5E? zrm#}~k%L|DgU;2wNDo8tDJ46>MNss2cn_O3Z(eLIM`+zv8z zkj$sY)UdLSodXbxxKdjvaymXqQEo#;nzZr_#J%1~E_?`U(^v}cR(j6oA#w$!!9(i2 zcdtiyKb7AJF;~5dd{m*-LGf$`$__>?l@fkDk%DSeY|NJl%aL^F{AaIAv!Ex>CM}Zg z>q(>zx?6WsdE5QU>2p5#_y=NopWJv3Lub1ot1tbj z!&|vYf|$Nqp}{X{b?2AbybI|%4|j6})c}lkq2`Opx7%qMcbJ#T4T=)V<#Z-`jr(I< ze}>iMHD6<%S7yFp-v44>);S;p2B)bWY1U7T%b(sT5_&`V(mqU=)Rj3PKDuXJFO%DGQP-^z;<%){WqfitpM`*7?O9ImFDwND_18v6K zzNS9?3rT0|J-d3z;vMiJA^@9-3w=(2%hm%L zX{Ixier(yt^(*mGD>dRH3Xr_Yh zB?6vBW9X4CGAhgX{sG2yO+UYTcryUF>DG3?weE@TEKJ!VXM)!S4r9or{;YK<1@9-p zkaXRtu}g><{f_u3Euvnwad5~l7BBAC{l4A}8UnAd52^!pFnYrD<+RZqR#nYoxucGXMF>cfNE06Yr z_lide$*^XWC(pfKdbL|(T*0_V6%iti;6BwbbL0bo(AW|WC$$5*3ajx-w|j3Xdni~c zL{pv+QwDxZ;dnEnoOQst;{gna;4V!A0N3vjj&EnXs7SamKcE@#t8rqERLH~p6H=;{ z*9Dcu@6`Ui@FA*`<;%AeOSqBtTq9J77;nfzOgI~t!{i4N3(>vGhNMrR_stUGiA&+_ zfIv#Q1A{S4l{t1;QP_Ars-jhDixA!dm@VUY;;i-aLlM!@YrRTDv_!zfxMjr>a-URq zF)mo07cbO50NLVt7}{|Xa523(agZysGEp|OcqkH5@IZFh}RxF3do>LODFSO$pG zy|;hgwAlBoebvIX_OBDcj(J2O}894ix6#Eqt zJ_ppgjems>$|1s@hE_NB{SM)~C@5nZDqC9^38|!X9_jx)4!Q8(hj0K<2LuLE{}(=~ z#dHhMPp|HEmhX2Cx{>;**l}FB2IG-}@wpW(n`jtA%a3%u)`m+5n* zy#=B;4)q-ey=i2O&kE2VFZ2f?Jtx(r!Cmc{e0J2ie{(d8l#$w%7&bXeHAjy1NdWVePt%~vZ?MfBsc2e3*8^pmJy39)W&=w0a_xyX zq1LxoyDv-w!R{c92~_4QV%w2IZtU@U*D`?DDaEjmu88#M4$i)_s#K9B{D{)Tds+Om z*4_1rO;NisAhWB;!*xjjSrgS;U@$Bt9$o(YqIwY_z)rDHmkRfmr&hcw0}}#FkD%J4 z_AA(m3Xo`{Ps$2Bx__oJku&wU*Uk#@z5W)rEghk_ZLFHHgJehVvJ*9-aMYs2Zx4?I zt3O6Sdr!V9Dbw2>%T0+Fz7F_NQ@hWU$nf|?7)iOXKD-C39&|4ReMCre&i$+U!~;EQ zo5Ei}0M$!l0HxsfwB&mD@KRtu(*jKYIt+M5Bls?%7HUesHCN233oENCc-mx_fwt;| zkw1a}rWiy~;O2m_@7ea;<-k5&-ODoTNl3E}QW6jvpwsSB95#eMc2>HjRMZ zR8UKh0oFv*a|-P_?8Oi=D6DXVaLhC+-ad1g3H4lu9YE6YJ=Cssz~kq6?!-%mO*m|l zzUu?Va1x+CY)0K3D)GVukqbLL*e*qdkw0(1o83L$P((tHaXWcwV_%?u>z2t-xAe8o zAGwTNSyIL4;ez?iC75TAKl*%$!PLCWRPpht%O)Xf=Sd>Qs!$71Yp1pHw-S4xIhxsK zG8G$I0oiY?rj~w9pg%J^Tln^`?*mgL?j$%q6iQLEd}*w52jYzC1$E$4kLUUBG+XWqF#V>ghZWDXHnMVSb7wAmn&Fav7ue+ zN0WY(03BpYD}jhtGd_bVm^2PML%pt~o@0^bumCi{@3+7J>I2pJF(F)~1#lZ69VLVc zp@ca^G)FL@a?0`w{X44<_xk53CjhG|RD0(2H>uIPg=N6Lhe3b}MRVb*W(}T2Ddvs0 zehjvkUVbPm$xp$Y`|fJ2pmKE1-edVmh1bYDz|G&`7Xh@G#O@yRKfb40%7dU9M1(HK z)AqE|bD;#{kFQk7HNK&CR*xg$1LlB*Me%NLmaj+krW9Ut^pVf4>s)t(^6(ow0O1g- zLK|g2R3>%>x@@PdsAEFpfO}ng9EK;fgbRiXblHdesb^1EK8_-HJcRY8UMHr*3?Iv- z=`}5+gRa;7KQHc>exth2Of-lEKW776Y5DS^FAe;dyHlmL(?a*^xIZ{w5tQK^74tQA%>AZdyA57FP^!3;bUM%7C6G<9ZJLN%Oy8H@Ur|&)F zp>&hxK#rp5BkeUtCUIQ0Qy@BlCB_nAL)L=B@f{j=Hd4TOIxPh>M}j^h9S3zy1N?s*?gf{n5c+SG?j^5 zB_)~h2LuhnfC)?)SAChil!M33*7;N$0;Yn+cOw&tE*7C=&>3Lc&S(#@M{+V*DiVbT zJt6%aB}mG8AtgVb%NML3!Ybna{iB30jE(flkY0FTtxi%041p|v?t2D8w`PAI1uZ4& zXfK*N08BMa{_4V5Z3UH~s%oe<&2KOi&`xm&#UkaMg!EUz6sNu`Oc+FMy1v=Qq-9dz z%3yjIEi3DH=RnY3cYyYM1q{>l7|-iK}sfqM;r;Nlpug&F7eCueH6_k3*vvJ%{qY(gtSV}(fd)!{(c0&n>Re3 z@#NHwBpeA@JZ6EH+Wd)645sf7ZNw#8pBHi;=1 z@i7-Z6{;LZJvs)yDd%{kKsCD_=Pooh1+QVRQJ^~FuTb|If!E1c`exhYN9$e-%vD#) z&CBz8X__VJb&f=u8Ng$!8PBs5g6I&`%FTYoiK~&N@6XQC+ye)byeHHdv1iceqX}L> zRg-TOa6UqT{KEHr+)g>iBm*|Y_rb=Gi3)pY8M_it3L`Mg_sz{!s)cw{Dy(Vv@cdv| zrZo5zSF%VbJWTyzhg4zXeSz*X0SJ~A5I+oloKRPHFV;fPWx+dTx#DiC9QE`?BP>~#MW?)jK zpoW6`QaD_3>AyOKI`iJO><6&T2;9wCdN|`h@rTPt2`a)%K?6|amZu0?@V9QSLbjZtTTw+CzfH{T}Im!Kq{ba22@7T)q#sxlFwr zi5I&^R#XKn3qsGRRlJrb7239q)Srd{6G|C9GqZq2gJ&<+kXtk5T;u#w z+8bv`PK5i`{a+jdxLZD-_OVkzETofRg@SjHyEoHb@GpoFImql^iJDI14js2DASByjD#*sF0{@lpOCK73ej!cd#VYXiIJ`(BKX?W>mEEnBv28?$Guaowr6 zpM9*NTzctk!g}q*VCK#x|GH{7=lPd4ye1C2XPz+4yjGN>P7jd_zp&>oyy*MW#OIU? zv$_<$^X)al-Th7+6)2>XgcCI8`!$hFz2Ow(vL+#PW5oEB=lq@+y(=|_1SOXUf5$pS z{%LVyT{S{5gm>xSyh_+44Xf@)$%=%Q^q3<&sE95$R6LGO;wqa5MFi1J=rBGZJot6mZ=w??q^nuL&)A3D$=FhoIM$P;V&ZA=Tx;5Q?E~WbQd^8X43X%S;}##tE&!KHrPg53D%$DK_Y$_d>A_3;n+GkHzoP^aG5KGwqdKL< z#~8eBFPh7#q-3duxt;~b`6$_bh#RB^JLu~IR8DN0KJ!THJ(u59S`{}B%?q?$fURT(D(#Kn@tAg@IiZC zB8Q`j_nGh{6m0H)h&KG^vAYiMo1A~Zp~DBT?tdZp=IYm9O8}^NI3y@jIpsVp1uaEU zqb6{MbO6~I@rAMdG`}n%ADL7^e#iOnIbw9t+GY~w0cYne_vP3!SjUK;&+x_l&GQ2f zMCDzY8ay2Ge5T0%b`A+upG9>Fan8jC)M?mp&{71dUdfWVt<66ep0GmmzZiS#uqvak zTNE}ON|$s9(jd~^DBa!NEg&5VN^Ou(Qltbn9ZGjdN(j>3-ALZGJ>Pkr^SkGs@7%xe zdDP8*-?i3UV~#oInA&sPdV46~Ml3<6P?=-j99P}-`^r64t8G(Xoa?uRO<#3_5S>m; z4i>;ddIafTg!`XzXiWHT0j_Ewn)izfbM6BjY5r(ku<1NqmC_3xa5rXX25)a~17j`O zZ+5U(+VuP4xK2Q;3Dl|-e=3cKvqkBb&CN-yQa%hyX%XKy8Gs8z=wx_@UpA$>C%P0~ zK@62*f+i-?3Hux*fv{WztT%w4#*bg|?U?^1+xYSfyaA%8#+MVy3F}#vUec;_3{|+X zDDS<&NY0nK!S?orPpedn-+wddd?ej123F!nOxuF9;o98iag8!3K@2QbdTTAM6g>T> z6HWRiYyde>cyFG6rW^3H>>-9fu0#&Lg0gZl017~V2nF02T+NMD8ziiol9Iv*=ou)G zQNNOriI9<%ovyEUBLBy8OW=Z+FWKhi&Io>fb~}>fCUA@Hdv1@S{9YrM+3ja^7d#=^Di7>zyCRZ&lfBstatg7n7V<53Ae^{|TadU2rQuQL7 zZs23*unPREwaG%jOnAaP5~FIH*okseQ((jG=bk@s2vRiFI+uACz!gnG%0aU?$02v) zzYuW%uV@duv+tRxTM_Z8PwL`ATnO}SM>0S1*p5Bj_e#qU@_Xg*!inv-<8Kypx`Tfb zW?3n-n``gH9J;E0-Dl-rtNO2HbeNMZpmZe)(AlpVpaTwDI`oNTf;LUS+-LZeo}r46 zpa(`LrGUv5uK@eE2J$+uphA!7aKJ0V<-6XCVBQ5IK(LA&muoigGY`mNxFo!Aw8GU8 zR9uAlOq@QG%MfR2UUlB;$ysG;km11X#dyhiQ-HUsue;r}E!ckP1b-S{$7Xzwg1HeT zYa6^|`vBA6qplC*ji)OyyWOh*TZvLG)cM~&wO|Ob19y_m&%Bo(^T0&tlQBh3B1=ap z|1Ch&{e=5B-iX-@l7b$8BRg`l++5nB6_7o67k6{vu0PMmFMi8U|bZ1;n zdh_qNc7hY4ZnaF<^VU{oo%You&-{5{tgTV+u}&x0=|Lf}px${s7QDCWD#LlixGoZ6h)*cNd0tw+r>2 zg((y7eu6PjdEnu%>zz}GCfQ|m%oDtPME|Qdb(ozFD|`9*#3JayL!sMEN~6Z2E74iC zD=G?VYx~D*zoxJ7J7@W+CSCy3drvnI^XMPs5(W{b>U68Z`QPOL0Vj%3Utp-tb&&(! z3TO=&VS`^yVBVe(OL2v2J5X{Dz%wQ=M<5jm?eW$QZ3J`}aSXG_o+c8W|7jY}NLoE* z0`8!os{&X%jP1+jVMI`W?Ex0y95|w9YH^?363|9?WnM2!sR9y^_?_TE-y?;#P-NWg z51YWk#~*pbuWtz?Hv_=p>s%y8-~r439$X=4S{(5pBi>XS7wp`-#9r@&|gZJXQn_9bfD-N#D;uPU2rih#* zJg_CvT>gXok>Cx0@&q$B_bFTe4+iuhZ?}rw9!Y0HU=^ya6lhXgU@UGboR^=ebz}mk zj4*GzGc^KOyxK1`)xU6@R02fYw^jwh*W@P#rVb9pW*mZfUu8fqXZSz9wgs+R2YtHJ z6eTi3-Jq?~&OC}!zV&AQ5S$i9!Gm7#0^TEoSv}u0-KhjUWCmbhP{mKsU6wok{T?hr zDrlayX^>DO4b1Cf!TxYi4#L!(z7k$&1P6d*zqVqdh;+FK3u0>aifqkiHkVxCMR^Pl#&_-U3Cgnw3^xpG}<~fPk|TZr)j0Xn0nNZq6<7ls7Gi|pL`xa-3DWNQb2xh04+GI z?4|k$m`#%r?zf!i1#4QmLGjKzoLl?guUUTB#nm^X;!tIMTtk z0+j;q2atFPHL&n^!SvdM*4uSX&^#T5pZfL#!mx4E>uM-~k>J`kC;Wp7LKr9hpC3WZ z{m33FEJc2X14R=TxcWeH{>)x`hu}hsvE@mt=Qa=pt;W=6c%DvA6^Q^Tg^Do@{0{45j?eSh2nJYdr7Mjd>IG{X2QJuz+gs~IDl_e;SM)hQ<$T~zM@@524FzPI0&jIoC-reXItu-8aT|o zHiMsN;q)g-E#Bt{ze<=XCgAay@$m4%aF{2`eT#?6kQD<1sNdu!~JwTfh`bIr+TL zt7a5j{Q4k7eOPNop?k!_>2fnp44jSA z|EjVVeTopg)z3TxuY9zhc%3m5ovF4e;rLfGxo#Xaz41aydFh9&#KEW z(*5~r9G{tZ2GTT94CmJ!H<21@dn#7#Vg`W`IA^wPgsz1%;}{ov@%4d}buU^>eK#d_^(H>wldhZt`8Dq}WB8n^Vdkb$F5olX~VI$;^)Wa2;`O_=N}^-6CWF`6G04-luqB(#3~tId7LY6E-k zeA79As>cT-K(5EuG@$JA!6}$c@a4VFbrP}h_M-zhe#`okCzmWWkv{(kfqJs@VUj=qR{$`P+gNPA=e0#S?6j4*~5a{v* zJ;Aw8-v&EK_F?xS%Mf<=_Bt|$SoQz06aK^(awStOEaccVP!2!v`(_9#LM zEYIMaas`wq!`-(&QAn`GO3TO;3xKDF#~63R=032Y6L6vNC!jH3P*6Bb2W;^JmTv{XkT@)MNE$XzjbL{I{=$StlYGFFlr>JzLRi#eJqu8pN= z=Y%Kt_;?!lkTT_TzH5pKOnf(xuNF~}P@v6%8FB_w^*)CtfLP@mQ-C)GH9VkV_K@P^ zZbp;&WMBzw9z7kaK`eTf@R-0#H80*26-422IQ4ioWwp^tnmR0Ks* zD{$&i_+!Xt;x@4&Sb7NVdah`_nX<~wYy-L2uQYi#Nny!KFtI|LD#>}~WU6!RXqS3H3uKX{$W06V7z z)Umd)!t^4sj-WD730)(1S;o&1e=F{979Sk&!Y*GL(ezSxNq#Y{z1w#U{`hdy`Y=9* zR9^m#8h-;YSwsrlM!u0D?QcD!FeiS)9j=y%2ncegK5w$hbio_{O&_jP<0#ri%>Izj zbr2eT%H}c;8_W>Y#A4*?FIxkHn~hI5hQ^Bs!M6#%VZfY;4Kn1s#d-2V0kqwTv7>T5 zeydHx#l=K6CTJ1I5f#_hr!XHZGZVsz+zogAu|}W#4B4)>A7>04hEr$P160FgPT|J~ zps%8^{8A!y-eJ$NA|W z@&DIVtTzA*Uw#fOciFkxNk&BJ+iB?VUPf(V^dMP~-*RmLqb%RH&F3?(K$A<%_y3X| zn2}=x{39I(=g1jw4IqAa`n|t5my<*>G-Lx!ALC#RoY7bOs%x-|mrKyD3DEan2Ko#Z zins=1qY9~4qygK#<+J*8iU`ba)Q)x^85vcX#CW-uPxE{SM4Lw|@U8L-(0f=4$EoQG zdl3>L@d6cdY#wB?Bo*#CjR3gn%S-~R98ORM4PR&llVbi=;yB&Zaq+1CkdX8p-(R*N z;n)dU$dG-N!W|07T8X+2Q|Nqq0jgNq1CJgybxL$fy|hS?(J*H&K-<#xH;%q{p!TXB z&2JPS?+-@BduHBat24sqGXaC6PF-tvpmJ>Q4w9h?6_3C{#=PbSvv1h3m8J1AQPdG~ zNEHk|?Vor=kI)MofRD+U{RIr%Bx}ff&<_o9DR7-h31q@0onj~i$9&ND#Di{qMeCqX zaQOs$juy~fM!18iC2xr{aJBT}wGx1(>?x`T^4+^n?Ul6ee-X=g<&;Ce;zmOy|MU=M zXyUrzeltUzMl(mH4PT|l$G(%M6xhTivkFp(u#^ZA1BQ0j@^S+FzvQEy#b6DSPvHCv zTL%~86x|2~`MIU&@Zb4HAIF!GeA3rnn|g4!8H-Lv&rF(;8 zFXldnMjfCgK1Fi`LkVolaD?hz-C|&1<{%T}CP9_qbJXJmcE|Fgy>=&+qxl1ZB=4>| zPYFDAB&p~`X)q%=d$30YkKP@1oZ@=Td_+Iv?0r zA1!dYKzt9l=t_RbhxYP=nDbwhjf5S>k}$Fu!5Smo?x*X3tR~0E>rvahq(?Y7*Q=$! zF1{SW_tuq?zU4B&$}BPkKkULxu~z92IpivTq=tNMg^+~0Ex)51Xtvycn*}r=rdE=4 zx1hK91dIr@uMCTxf}(y}L`A7WOJI#kYDWoDU;)**=(QhPmvCPbu&GA7HjXS5Utq32_{cUArU)ZnE zKB*@{nr;CyFCKa<1athLR4D^2_ta5^(9Z`JJvzRPZzg+v+WO9}T!y3xL;OM)I7tWo03cHtk)gwC> zl5C-mu0tT)&A{;UPNdVb-n2F7O+XBS%nOPvo~>0dR**Iv4QDc@f-}q3H1IsRj6_{W z*TgTMibTdm(w8ofcJ0YmKH$m+d-{BB1(aP9t%F`nL`o%ihax?E|Nm&Me?|olNAeRm z1Rs4|rszs;UG+bIDEuw!uk``;b$wt43wSZ;EW1tAF419gWYElGb6i#YNJR)Tj_2&S zI_H(qk>oV0PbKueadAMoM?^0(RJbwp!|c-kRg)>A81iCa@Vc+b$Q{Z?6qQt7UJg^%|MUXT z27<{b&b$lhHQb&@&oR_J@A2eXUj3#V9EtEe0F{I(eC$n%tZeA>f)F$-!ZBs3FLaoP zIKfxpoL{jwvDV0j?G^Z7;YXoPQiw>bXqx5qZ?QX$6Qpns&vEsk{5nC?`>s1b0Tbog zS~`wO$MU!cC!ubX0_Q8%$Q0a^WWZ1+6BIqF@KG!ypDA%kAk#-w+w=dSdwv2pqZ+Zz z!|eJ)H-?Eqhc)uFqSFzzhp_jpNY5^s2J?bj=OY816>gx*k)WF)C}(HH|HFMa=P7U@ORk|e2}~_wB-GELEbI_7nAX_LH~Q)M z)|h=43*L+%6%iYa1guLT&Ts(4S$Ql=$_xdHFyUd7?ax!d7`BW41ftHUAiiPBRrq-9 z{qhR8$)>cvn^WF}lnjc?so~1X3i7E6K+L;dE>RI3vbLV)6z6oWkUaHiuQ8Yx;U4`m ze;$Af+o%*W^DzkL=6YBr1fUqCNSPmobq@`Tf*y1J#nZc_Y$R5d z$%`(%@1qmJ!M!^L6DW2!5v|Y|9&ZdwA(P0Ug5jwsUzxAe(ddF{G~C2MT^WmnV?qkm zQxLR%VTMDi3UFVXe>RL#%<#n3f@?V9mcs0~@gi)5Gd%71HRhHxq?5=ah%kpqGH~p~ z|K!X=MWgT|WTcJt-r1FdGBrA$ZInufC(G0-8iXZ1oyabMzUN9A=1(I>dIEY-UMr5t;~Xs}F0DC-ZiETI^*YjoyE>QRCl zYOo@d{>jI*YF4+ zo8sR)87-RImsXJfh+~rPBs~&!6N$rXRf?UC{)DBE#tk^!OK8M=Q(I3RiGlXNW)H@hs!ZWo`7Ossm? zjbCGo_PVEaP2P$&_Q}pWSVxm2DVh-s&GdG;Lu}Y`?n%O1YO*h2(Q{g(oWk6sx-x>> z1)p1Vp^GwJnb~48pwq!<=xN`?z_@nZvCQ9ccV1aiJw?Zo;gTejGP(tYwBI*$D3n%@ zyWTVVs(eu%;=+x z8K+y~$Ut>-v)b}-is4O|x8&Iar&-{WA&8@JUqyWi?~@XeVUwp$P{CCy9g(jgy0H{K zLmZ*blZiOv9U+(5&54hi2*2%Y@_qI&ve4W%EA;z@n%c>!SXt|!<~=T8$b_VxdEu$# zYxUQX8$X_p_t^2)pv)ZaeyX11C8)*mk}maIRFpGtv;JZ=WFr9oXSB_PRF78 zNuJF#$I`_=<@K9JBLP{*F~^jaVk5pm*~d4JXcRL;yXfNt=pu=0C_}s`)gE&x25$E| z4xQt9BqHJ_|2GIb}P3H5qj29)B}AO42RA!4PkgRTTZW)oE$! z987sd1SE+rQq1QDC3dhE3A|MlSPUn>M#YBg!7VaK<#YYgvN1$Jf)I)#Qe#*R=W%At$(Hj5QA6EndguNlxAWsu&dp79P7da>Bvb`URG$ErIhvP#H>-ijTSsmuWlaam*9k{y2#*zPolE6ht39ZoN)KcFXVN&$ zZBWP1#rJCdJKgD}Q@hfF@{K-sCVp?_CJH9`{HGchlFMbUvyWng4}Mr)#8qwR(UabS z)GoXE=b5^7nqfO%D_N`IO?}Go3xbwP%D(G`%a+t~v^ca<1{%dhRvJZdbm;H0b&J^w zR$Lm#Kk!xL{NGnmLZ^hW()x-J9ja}aj@(zQK1e&lA~6Z&S0gNELa`C*69V>yRo~IW zU#z-$TAU^JSmtr`ril0tAzgXo+5}vPEp$0jEdNLlt3GMf%(<cCl>pw$6#-3$2!s2@M@hgC&-HKdzHm9i%+UcN*S3Z83r9{wGN9FSo~)o4G*rEk zglZYaqf|-YnqhxJ)D+4G|AX^VFi@>=$5SGvB4|HxF&%0M!Eyh0cwG=`pkLfT6}rFr5grY$#4c|A=1u%5AbwOJ1mqgy zKoOL7PPC)ycSi+#x&9`9F32(V%}LPBuusd!cmh=1trgkrOFFXhldY4+$I#!#t5dQS^KdaSr zGx1$;bh?Br3F6yJ;i)9XWQJ(+LYl!cwQ7>|m%3CZqS%=)P-bU-4}ICVUuXEvVEuN7 zPKMG|u)>iIic)-Z0@m(4HnH40qb5Cwg)K*{m*-n%WcED1`>Y-ZcpmUR0hTL~64CatT3j09DS6#dYe+Flr( zQk{+w4>{{xTpozDRo$~Y)m~H|kf=Tj(fQmi*;?BZ0Q+qHh%E={uE2P9qFrpq1^YAy zC-7N#6M}y12cLTinv!Zh&3*EzU+C-tzYUzPQ}`t&&zxt!>BEEN_kY2X=|7GcmkSqe z*Aso-4?=nRD1A@H-o3YoRRm#loZ9MGOc1CZ@eixlQw%vesdD~?V9AMImS^9tF$o4x ztk!ecqgZj@BB4w!FH?5%yz?0biA(mQ)tJ>21Oo&f^W})J)!*a8!uh(;r(F~ybmlmV zHw%|GhZI?y!vmTxr^(jezFKY8mLOK3!Fbf0+kM=Rlm`RmPV}@VYlv4(o1%w57kI%q z^Z`1Wl91dJ4%H($v8Odl^5WO(>7E)K7?DQ(3bCT*{x>LGf*mkLrRLnUU3ywwQ(l&}BLUgDUjum1t|FarLC z8Q|me#~UP4T97*stRym^?_7O5$)69hw3VF+E@?OJdNy@@V9E+Yrz#2;!YKJRXOg&j zjx}>sA$YYE?)kt%Gw7=l%%?^y7w^)Y`}4T}*#wOM#^cj|$j)uc%u@rz(i+q?Ut&xY zL4zpSK!TW6BBmPJEo8<4X)sIWuE?c+}tj8aYRFVZJ$IxJ5rN_kNFiZzFR z4k@-`LwW0+aczT*z>3B@;$=&Ps?iXV=E3*DZ*abgUpkSAfg}9;4|=uX-q4uyHNsY|J)4TRdWyp(^#q|eg<^z<1q3>t1HHHWduxykv-xxKp;z4${fjf5H$qSEYJ zdZfj?jOT}gk>4Zmcra9+`u-@AXJTaAn00iBZVHb4G!YzLHtNS}2nq3KAaJaS z<{b@T&T?uh=KEt7ZX`x~(nb+N&{nyDzn>)C`m0O|@dV-I`)i^!d|3V8jr8h`4xBNh zq!KKvWU<25Os}z*^&`%@Z{?6boC(szeV+hn#Aiety?iG_r^;@HKE+wsc3vwpPetYZ z^{%b+Z`n^0cdxQ9ZZ{TU7$8A((;}z_D*DZjJW0=JVo* z#TdSGLlVX_XIFp2ujOk-1c>@4YAR2d8}o+CI7Rj%z9UB)Q!|`TEeeMMb#v+iO5cvg zH?o%WMQz{!{B8j6ceWK+b7c>tu5Ia1HM1TT5VmW#k$|x4{|upMKo~*O$DVBBY&py4 zv|bg4LcShZm^*FMcDWrk`x1qlbYv$ZW1^4thFgPq8-sGb?|c!Ex9Y(=sYXms$RttC zoznc->0eGW@J6mlJ>q`Vx|?3%8UH&Et}t_IJ#}$wq(&G9G8a)i3D>|e4SqSB2^(k$ z8|v0Dr4l_s?0_NV$0Xj8J^1lW7cy``b)%odfZ5lyaA|-%&Jw~4`?E4gBCNCf1}npp zDoaEp3W0n1Fk+Kn2KvsMp~pZil%Hy=bKt!X!PRm=%{eX_dRQ6&V)|x}%kw;k1(~GL zC6qGTC}^KV)9Nik>}m#fO)eW?;`54-`Utc&knG#Fd%%9Z`x5<{*KA!oe`IXX5AoIh zhHIcp^$_2H^MUVv{@@EV#WQW^vW06AiTvhT@ruI5Uo8xmf5Ctg?r>`F{Pdu590#9G z6z_8sw~7d3t>M@2{-8WA}i#Qq$^>*uvSk}o#2S z-PvdnR>Syo;f>^f3M_MRbOI!oxJz2QoqWVrD9G!EsUD3G!FG-ZTE&^?iLqe#EDtEC$l zr<)*#6cAQz7b=wGZ3SQ=wBC4WGNb%7fw6IfRTL z#I)pl6%wvL$Jf-Vbt~o*MI0hmXIMBx!@aB;rn_gt_Je58P!s%)i>entxrGm%v-gI) z3^D~q*j6sC=P4l)Zz#QfN&fXw(Y#Y{mK+=jJn*b9lZq4DoXnwAmD$)+7PQD3TU@*p|2^T*nuJTNs|+4AK4Yz5ZM%n z^y9KIdojUHX1-s!l1{6ZmJt=u3sHlP8CJC0`{psU1hNtgNyXneZc?#wM>QU>G@i1c z(TjEdO>->!+^p&=q0kTG7ru1-UR)N*>NgXq1ts<%AJ;5UlFfRxqn za%bOH=!JuX_-6imQ~ymVo)x0>nI|^a1iDs(;HKS8((CbyrpY$SHxS32{>Be+O*Oak zO*S9zYLdAkLeRP7SktzdP6B&{7ZOCB5S|=WjDA!N*07z~r4FGq##DMzve)#crdcE; zf9!Dx?U3&Ug6*{ty+BgAWpX1$N$bqU+zXDhU1^Yy%_DLyy{gYN75|dH`g``UNAUOi zpc-=aZRxXAv{FU%pFLt@+rCe*W|@_iUK9DwdX9+laIx*S@ly9Hln)ur+80ne^0cCv z1TW>k&WT+_V&8s-oVyru%3N5-qILq_$!Vv(_l_R5nSf~6wt>wdkL!hNds zc0vh+G>&vTLm8GxRzn$eS(vAU85s-0p_)3;Op()Y+_~&^5IM2nE%HS@4 zwgI&zqH*jafA(SOBe>~p9`}uLhhWIrymNSGgZmb*m3#y`R=L*xg%d~43DwEZ%QA`6 zFJ^N-kl4uVldek^4ffenZZ($l3G}D^mrD^sNah#XHb^-=BK<9Q0X{C?YSd~dP_>1i zUEN_tX`xZI#_!{=?(9(~o? zT=JFTeox)$Z08N;@9*WBTq8beY6y*fdT1Vi1Lch=eI8(a(uf`pTXszSZ15F9pQm;` zcOggO8Q1i`AP0X<|9z0Fme5hnq<@_?iW%Z8HIeCmQ2+Cdb|i&|f{9@)zYZc>hYTj= zGqx2pv7^wvX(TSWv`-L(k0c1TvDG}o0`&e8&7jOV;u!0Vw8W?rR^;Oq0xO!b`KZ2v zp#L%FO-40*6@-|pw=Qlgc3 zAbwjs_R~SEde;>C)mIdxVyxhyC>dX8abq5>G4FoW&mBxtBX_Ehe5~Bdvjci3l%<9- z6m9QVcl|^45cPW&Wj{=P;cW)f-})&gkBUpm`qc)mwS@O;G%sS(cNR2Pb-$e^fah=| zSQIG(zq7YCO7&wo_`|`>QrQia@(m@gxag0g!(@JUpI#-a@@d69uiM#FW!211!@tKF z5;ct^B598Wj~C7gg>Ouu-6ftQCLWbuXNaC-EUa2GtQsIgnJ56Cr^EbzgCaU1uq+{^ zJrPSn1nmgIrme5hV?goqdCC|+OT||bI^ZMnu5SMIY|RkgYz&N@&k}h@TGn30Fv~^! zdNlsziLMlSSX6o7zT@~@z2^;nLnV$jnQsbW6)MNyBoXrv81uB#c-=3=ss_gy1by&h zm$_2+*{^0eXs*Tlzkz1Nsy91am8UV9Z8K^o|K(3CQ)iHEV<^%C{@9*SLni(&Vb-y(MjblIWbRMCA#AIF{ z71RC~@PZz9yl{RDC88-QQtZmkX^Vhw2Nv+X|N9&qd~?mn_nEdCkV%J?r)TgvNc#K( zwkA?d)u0>oV~X+X>D$W~f&v^O8>`EP{kmCvGjt<%z>(`)nv>J#nc0paS$R(~w)p+e zT!PUQ9IW|T$q*R$ah~*tm2k@he$)(5`W${U)M00X7v|vf5ioKe1lQoXjm-T4gFp zqJ-!uQlVre;PJ_3&qTFFz~=Vo9uCw2z{LlGq>o0SS(1)`Q(YdB6~{QOt6Z9-(Nj?M~FsGPL4!0d}$e8{`Uu}t+QkB z0aR5)N3Kn6Grivk1+g3k95!DTfT9o2R3HGoN~*!vU=X?*Kw2~I z8hkU`ggO99sZ-;}ntrys_k-#Dobc8!d+??e;h^LH$Ctm4)D-#~b~D~_FD$tZVK?E< z<#+n-^=51=mUOqWYT-fcRpH%PsMkmsB5v(YQgw0FUhV#v{j{~gz*y!RaE@>>Yv5qB zgyp|~+iqY`&DyW9j$P5y&m&5pJIqwIS9Lw}EpZcQ)g9|5G0iYJ3M0wWZQjw=tQS(h z0FV|P#Rdjmu#MCBrPeWmzUWUP;Y)q^7R4CEVztaYS(rCpU5IAV3i9q-R$uQ!*{P6@ zO;;3blE(x)>l$F)-^JGd{UN$-eYkuWLm@GOs)(LXobB0)3kRNj%-;LAcY(=uIzX;X zMn1cilyA0jz}K=&xl53zdTA0b)?g=)1SHT;%e$2&_o2Y@=2Lv_h~CZXK8t=Ao2xwX zM^DBrlC?vL71`9g1K+>!!nEUeE@-_mN_;(Tb6qu(P!I{8tUzA)qLCP}>blfzZ7~{h zpyVUoq{SIIQFnNPv+&s_|9zvtU*-A{F^%Rw(g(pyp*3dhclP(qr{l$rm={8jSb{=eh!~WG+poYv8vi5|{vThz z5&rd`KKlRh^%1#KjXYk$P57a3!|xZMc*qebuR27I*gA5#sE_lMl!A@Jl zje%d0Gl7@$uP}w%aU2ee^xI?Id@D(_FSFqXxcMsSGSAh59_M#xTWQ+&b==HSq zIIGF=hqKD~Kqny`|Ng1>@+q|su(!Qf$3S-G*|73~^?6$$An{UfjzFuw@cJ$p(Z6(J zl%PQ!oN0cRZn1C;@Q1@!<1o#gr+PE3in?(JbH+o3G4Ye(u7r5N;CEr4uKWq_?(iO(u6c`?409>%jW*Y5@% zXOnC!cDGi5N!o!q+QSReTif#VJPFXwS!*9MBjL9ceER}*o1%$`CNL;TjlBgkbvDNx zO-|Dg^mA`jz^v{ZY;gqkZLnPSLK~kfPei@I2)@Tq-Vd)o{!OlY2My~Hy%u%5sVxs= z*Cz)B3#&S%;9-zbi#MozH$t*f{!W}ZbAHS~YFOFYN2Ld?@4W3s%jnxVc*~d ztWpEi|MdbTKqXjy7g6pvS)HYAIZQCnk3{b41$^B%&XrwS{%%m4Gzp2RbhQ62`!c2#i}r@w#ZM`c?Eh2UK_YJ zpPvXZbRt)S%;7gZUADOzpn3)o^<(dp8?ym7vc33lw>Vy6a$cMzISE=bZ}AkCuGx*! zYa_F+x|sN~3Q|T6%$L%C;vDD>uP$gIeDp8(uW$y@+lV9lC$5Gd@!+#Xf7gs}%YU9% zcC;zn=RVzi%bk`EJ^o74{LK-X|G0nWez#>aNY{%eG`CV|fA}!qa?VqgqvWROW(ADf z@}SBT*`8S+AL4uSjI~tBO?~+F%h?je&kVVD$#3JHGMA{OoK$C9*2D)UXFrZD+AH6; z`MxN^04yTQNxEjO-z*9HI-t$;THV4+24Di>?r?%dg9 z2{Ez5A!e^aV3md|q2P{tNJAT!qH!dIpje1n=Ih(v{Z8$ZDB-qU+Tss3`sC8IpMc%{ zq;63Lm1xbgKIu*AVclDeawhQVhIuU9hR_8NF77yldY!m`>k(`8sV`;3G1MhOh z$$os7k!$s`RYobNAItCThj^z3FQJuRlsH>4E^$6m!S>f%j#MAcRR10UWX9@0eR~`q zJou3T+abxZw05%plFJ%FC?csE2WK&sZ{}HQ`LW4L)|&q&LdTq|oFbrkFC~5{3&?vf zk#&Iv=+U7WtA)G$`>6~HoG^@dCRmPl)|~Ww$#yfi#Wz-ex6U6A{q;V*WdA;w2xbNL zWMtpk&y*?Gir&qU0B-?v7$vIO%O3I`D#p=Yf5di>6iPv?^9xSn4=Z2c{x+Yf**H41 zMq*IJQyO$$Vrs1%LmSa;WSy)n6gC0w{hI5E1ty8f371yMWHE`!FG+EyUb*06anUL^ zTLkb5v3Ib%M=Y3{NQ#}?vGVN0=CF!?v)Oiy3`)q8Q5;{d{%)MS!~5INUXeyB{%|kd zD5}fijoG|ZCqCi*>ec7$3tCvzFSiF-sg(-v_Cmc5!-i3c-bvUOJta|;r{rQPtuflY zs_3QbJ^+jU3l7{-x$lp;|ATnJChxOAx6p&c!ElycQ43x0JMk=Y$c7D_Yqe*9XGrzv zx6z|1Ww8tMuIJ&mRbUqDazH>`>FipD>YK5TRmTZvA)ilTQOjLUi#%Hq^u3G8{FLj! z-3YPr#;SrP)Ph^t_Rne%1oq>yz7+vQViJJAR1-iQZu-j!A8}{hKjyl-_})5XzD!Ds zBeeBJM6ff>wBt5Z`+$`uj<@9XjD6u+(DH5Bl=#i`2tIo6?397&LMSv*sp_ct{9{N( ze9&3$dP&_OSa;kW(Ia>bRYG3SkA5^RwF-kCUf{e=4gQ-d;)nEu`KOpjd<(dC3gJOm z-;+ROjy$mNfac?BsUhmdL_(6T|M+}f3KEV8S9rCJ8mfk|@ABLCj0p2NkyL4Xvrg4> z@-@lNPjAO{t}$F$_E!WJcU3`gNb!I_zt!$=Tt%4OF+XU>mAo_tt?rLSG3gyL^?TE?^ zl0MOdgA$G|<7b{SU#`0mRVsy3c|`rD1{+i@aC=3ESCc>162C;+F7EPxbi3?OJ(WQr5siUfCd8 z=O->F%(MO09r7nF)_&;b^7Ifv|4xhlgsSF$?tzxSL#{TQPpJ6II!zcwe+-*~>BQ5g z#Di}}{1-lg*^cQsN|blgLh@96kAaFeAYODS1gVPu(@n+=VFl8Ci2lRv$U{cf&D>^z zGT$^qaBs;Ln)sFEH7MmKioT5#yWZL>{Y?rPz1tozz4rjgbx@M1KP>l!!49!i{bd*z z9DBWUYok7-zkI%lWH+rfhLaJc2Agl$5s!1#T;v_WNOcR}4lHFfk5l z1?SxlA)x8!6I$b+g;PG8BD=8aG3LUIM5Y=9t&Tgs9Y)m!^X$7lTTjZ^aIxd}s#cF` z(NqN_Fe5Y<;KdR_r%FDg%cRUHqN}SO{uXZkWWl(p6yClNS?9y19%>2VHoosWh9VVv zj$a>#6zngaq$YD1#wLFZh_yXRtI}>E{6C1Fns$v3``eIV?!kT=JlUTwfR$Dan3iqx z31#nxZM`nxC!WtV16Gfh4_l67UGpC94Ks1U-}8)0-GVDeylM>)WQwUuTEfhJM5JxzI#y!(y^^#JxFOd-3ETz#cmRHjB<=T$@SmiG~`7UWOR z!V1sA+ zR1aNrdnKAv#q@TCbr~x4wZ#Xl(F=;um9tRIiJaGvp|8{8?LEh^j^&-~bF>u9BBB0;qErgFKC+~J zfaRxIOG4NXutVULmeb?@ocTv4wReV#*OPOHEg*%+2g9Jnf(uNllxr9Rv1{w+j{+m_r#;MaO4Z*bOKmK*jW@~ILH#PXh+t8f z7cK%?A@TsWY)rJXu+oVP-<*aG#K&dM;Y!2KcMMtb3%g1)##j1OV)J2a<{K%dL4WsX zEh%9h)Mlh!t(EtL-^@CYBoOVAt*Eb$&vL9iA+`w2<`Bge>uirbv75b*EvK1>R%&18 zMAGNb(k?lB{j!yy=fGNRUCp0{=+kLCP7qh5s8f?`y|_W=z_tFD-yp&NYyw7`$Jg+y ztz`wZqmWp|vp1ycL5M?jteeY&e4nM0dak@@vKe8{vV=<~s;3Cm7?{(K!r=*JHPfHg z``uO>gKNGPcMZ4#rGLLSE6qS2#mxzF07wOr zrMXV9J@3IG7d>>1LG;CN{Q)L`#lb>Ro%jlX7Q{hmWCUDuwvCg9bSrV~QY$yPcvmu_ zG-mLrzbI%D);-3N&YpZR9rU@$L}yh6tHd)~8?bKsK&*2aS0y)T@w-Y-QO8@z;X%;8 zd)*@Tzq#(-AzFR@JQUSO&>wD)`924FJQ%YLr$$GD4wHg0n7haaln&?utw zLw7O{18gs%>^X3MFbrnyo&fPlOF-+h8w9?X$kwZF&ao!H)BcSFp9SMdH3Ptc39G32 zj;Ajqg~tC1`=ZaEro`AcW|~C6hN1yG-nyUuG*@!o4BDQi1e2)a=`QshV_zbWa`JzX zOaI*0jx}_-6i0%K41tt+L)h2(v$&Yw>XOB?RgmauyUhAVhkh*g8*;>l{{9rA$c2qe zKsVYsi#=b%F_LF%MGC2^#L@5@izO1M?Bc_9 z`9r@%%7Ut2zotRYGsLPVhBj}4;7QDE?ExTNiw#HnTH9lvt{EcdQFM?44U4QHul46wha_F zMq=yD-1+CK06u&mE6C$Esneci8@U$3li*V)ys<|x1iu}nRYd)^ zZaH%2B5njgPqD3WS-22>_u{`{e`iOv$Ea3YuD!y&)~$|h*z5qNhP6Nt4i zvRY73SmO#Dnu)tS#BYG=693ty5Xp&125k&R|pJ?vx#fO#b#+o-omH`HIhrqCfMgy2g>LA5xePlH6v`p4#VaZ zqVm4#8sX$z(^)`6D^BF#2-JRgJfl&qx(=_?~<73qy1KSs9h z_seZxiIn&FUw+Plz$e>*N<8Xog{Y4(2QRA0id20-i{tW=8sjbeM_&MIu#x>=6vSnF zSXQCrfK~OZq8j(iI?XuI?)BMaL40WnLN1St(DhcXyvV11$)>J2piIU735Wh?0F;yl z{JyvYO-8CQ8#Dx*CGmlKmd=-}qi0!{O-$uPKd~_O)JIfaHv6TQ0u_m0>9?wEF<(IE zZA=ciM;~4)~%x6x*IkKvByH ztJb6dXjyDVVOj_w?U~0>9Znk=5cjoBOJ<~c-WcOeUDU&}M|-JjnTvvTpn7_knXO~& zpII~JP%_1=zeWUD!W;>9_}NSTe=P0lY9Z%u3H#5@R}xiiV~MzYgJvIGPya$mo$~ZYjIQTvfc~0?^?&N3P}?Guq|bx ziMAbmoy`B)-`$`b7{ETlP!(rrC(zCO8Rch8z(w@0_~j3e#Zx^do-E za3S}pIgTXr6NrYCVwm6Xqq5_E2m-mZC&ZchZcG03+LW;!{SK{)$km0wWew{?XbobO zoMY%!895x*=W6V&3fbXH<*AvG!WA#rrMTAcV$BJEii9}$N=(z)~00#rRlE!ZBD1ylIz?3UndX#Ttx%x(` z&_8_l+D^?{gk~4?0!d$Jp&BOLX=Yz*y>p*TV_8Q`gFRU7b5QAchq5(L1m7NS$M6g* z04qXoRQ)9rK_9_ZT>mqqzY&Y93qD>al;tIYo*QfL85ln*T%d&eie-EBGfz8W#1LJN z28>6P^oW&eGg9`W@ z%wg9?^s(Kb|MgX`6(f#k3*nX^{!OPW1HuY{y6XnTZo?BA$BmlHim4Y8lNI09k~l%N zrl17Q;v4e)$K9dC*Jm*SsS3K8U7XY_nS_O~p$?5o5SMf1G+bwfusObdBm^pnH7o8d zL7?>Icpc7miI%hAyF%#tEb9frFdU6F8^Xm=o4;Jkj+?v?*cW(EF%vPcP5<`mKDVn9 zBf5Gz0ShdR_WiA`YwgN3C2zvl@qkF;T>v)u^5xve|A(#fj;H#6|NpT!MfOfs$fh_} zLNX)c*s{0m?Fgw5*?Wd;j=f3t-ceTe-emutr_XnM-rwKn5A|Q&ob!CWp4W9f?vKX> zA=y%8Z>aiGH1Rz{9!qr zkXZJ1U`t~TByw&5{@#Di0VzBpxk=|+H8~NywXe6nd*1VXj*4^+o_)HbR5nGQrCF>a zJ_M27>s4zYbr4Q3F7GJB?-vE~#L+W~OhV@C=HqkJpEDotQio`QFHHKUfV4&#_!mTxkpA?JL^w%e9w`<6~230hO8`2hI5qI(W8} z{39`5CoZ>cZi&IQYPj{x>PQ z^5f2=mq-yt$2geO`Wh!3%QQd>qX43lY>SXTW%&ulV*JaHa`*$|-Bv0(^$w=cE|THz zg$isfQ65^p*IR}|I`-Am=9CPvdy;o-q()TgL5F=L@=~C@nyL5LAbZ=V zWtkZR6Ghxe<3JJ3%i}W&ADD_99hNs{Rf4*K<~R5jQ;R;cS28)U@BDa_--ql@rSD$g zE9UQkmg%ScnN0PDH0Y6PoYuRM1Tl)tH&GotCAJ=7zA_qgO&nHi&4YD5l+Gk`2pu-2 z&**21I6+}67Sl!GR87y^dL~5{QRW#NlIk@2X;OgfVw3`-wu&whp>Xl=`eYu}K|%kw zuQezLY^*ECOyl{0`cNa8(t?D3!mV9yt}K~fnQeM(Pk7eMH0Q5A$bn7tc{{5St{iN- zJ9(My8xU|aA;q%rzXclq|9!~RNIQi)Yx$O%J2zK~DAp-b=1xl7!|P?^hTk@}_bRT} z_qDZl;X%4z{{ZD##DCY`prerJM%Xh_yl!Gkdra(b-|?LsQR`t$9+X)cb7~5xQBS<7 z4hm3x9vJ^_1{pTyOD)45jV`UIXX33`wGd3VAI2e-pif!d_jE-I_*;{0_L8iDPTH>? zH01nc3yaHXolGHEvDcDZk%V8OEYWHqk9TdD15BEoBbHM2jNb1lof@gGonTx5(vR4H;XC;d*@8T$_6vHXIk+Dej@cpI`8ez(pRy= zLCg_{;&&r4u=BBK!7k4y9qs)|i41Xv0xXd`y&R?ebCyOa;@NtqCy9d@6G+E|*q8OJ z-Gv`+qz_Wrx)Eu~ymup?o9M**Z3<^ZY@y9a&G;M*j3MFowmI!gGU_eL^bk4lHMNhC zwd+NJzkiAFm)dG~&k}J9vXdI#w26)t9d`!}?Fg^XU3N=!3Y=+?$dPf@N({8P`{}su zxQ@OkEEZpM{sqKziN@7{%Cd)#BFFb$B~p$mCv&F8<-fxo;M@x6mAd_AC=s*ko#EOv zHPfe&>hr6hNy2=Cy-TI+yQGCYQbX|>jblROV%lzWZktx5G` z@~o*b#xx6z(DZ%yEQ{pFt^}9v&2l zj*KJE-%B&%NXhI#Ql`m&W%6RzPH5_y4Uc`LRk^Q&X56^x5g+g(>ROUK?EalBf=Di_K ztxAr3H(0C;U0KJ+1=fd8=b~MZ(u*XXxW=56TjYq7&i`v^H5%zk+fkoTT5u~vlPw3M z;Lq6dH`LrhJTF_Ee7@u(d943Ke+8n${F|@iDvfT$tYQVHN?5-4E34y}&N|;_Z!D0k z=7o?Ec9K~4SpPYl_Felzy2{y%-92h>#_1tIdm4T@y5nCs-#PM2g{<_)gxZATg~a@0 z*5X=Qnacaf2i)#&70CCG2OM-@zr&er3E|@r-xoSnttJt}>Zzl^;{7??EKJoUUzC@S z52}M_dNRQ(-d8wv2ncbF@*n;QNRJNyekCsGRZ*}}Fz^Ex$e+JlP?8vYG6IdA7Q-=m zX}*BoZ;dWTBG#qdg{CfWG+2S_aX1%l-@98&ysA1q(ROgHyg>QG?sfm>`kH<*;N{>WGrvkFid?lkb#$(+NQh8&geM##iW+vk1!x`nuZ~-#C+gl$uA$S> z-d3B9sRtCjW0bcqE#M4E@o=c$DUk{QV~Y{2LHR;XdWOQG0lMiS9&j^N33>eEB0~yvP&3^b8BQ~2EIPxpO@pyUqs7JP2A%4S;S*CTLq*a z6%{Xnf(rbTpe|9d;CzR7=bHuEN8^w?y&D=V+KQNujkhxs-DMr>J@+~xCEM_bCFXa> zuNCQ4sNKB7j;IXx-_bY5t)M-h?4L7 zredMU*;G3d(M&2a6Ll%)mO76gZ{tL4O8lZNKokZ;5gb$hHq}AS)lVw?W#-h?QI@be z=RhzpW5`pN`M=II4yK@azssHYDRLWhHT8s(1i?Lh4k~LjLeUdS3!d+}|!>F9pHe300S$TP1Qd3l8bDE5ykdBrq zUNs{XS%+%i{G-lqham7D6mKv#W|aAv(T0l@SkV$12Nf~$#x1^h(#mP`YQO)X&DZgl zgo^}}BL-kTyB4YHx;$+|2LuES&Qp5xe;tU`8%nce8jN4cg#&ITn;^H(~~lx;5$SDY438FFVqQ#=!`Ty!^yuqnR9;8lV`YRBF1qd zm(%T9z|QkL(zTD?Ua_V5H>=5u`ho}ihv$=%Vc502$$EhBL?SbJr)9{n&N=at5R;WZuUOvL@yW~%e0izW_?y%!m{hZyC^LMGW_%3-3se&s*WtHf*)Me=hW`)v~JRrBNiq*6r$bi_0vx z-=w;XmfxoO=*&d@xHHGsiLzJY_dW4ZO>x%T7s?|7ill%jx(r?jZyZv`-h>yOrTG|E z$!hxEwII7&xky9@Q_#r7kZ74tsdS>B>J|Y~OGVQvQjVUHo>fYu};o~$N7VU0e*_^sR}CYRaY7My9pbJf1*@Vuqz;_!`zQ$BP2b7zhWGqK`4anCxLLkje6 zoqg3R^9iCo6+902BC6H(M`|~2{{02_6L)X3%tlkpbfl9WdF=0P*pN#^?&dG(%&TJ{ z;=Wo=Cc9~ih@ImUo8@m^fzxw2nxB_8qwbb51-gW&2+y0N^mIFMkbM3$cfb1i`Eqi$wkjNPX(T%BI->Cy`v=tI(mh+TU=HNOTW_6(8tq zdR|Ek>erw)a`^%OYTlTNgqXK3jo+U|*YwwxN60d1REAtXW~+Itq#-wuNZiA+j|u}1 z%o4!NZM~>9Lvj)@S0{tPUk{Q;GPL>cY>`GO3GBJ86_#&))?nkwMU6%o@)EN+@SwK) zy#lVl#`$ZZS;qlV6Kl~)LY3k;YDnc|!Q_|@;&74`t~Wdk_#<9(Jv6zq*V_xK`U%d-eTa%nip4dgn;oN=IiS*iEDMQxudlBcAQUG zxf4J7p8#>rm4oVBDHj!N)Nmio^E5xG-fu`}$1%MH0C2)q^PtGq^2wR`i`ne7zeuej zD@HDLcapUo|FmOq@)0>?YIoYCV1srgRRlN2V#bZZwtRE?axZkCck$5I&o&)4;k<8> zPCvi8XYDPc-NyeXKJ$MG3XTbuponwb-)^Uxa#$V!zyhz+3r(s)`Qu5s`6zHFr;;+nfN zXLpq91lK^KWkO#iR@hbKd)x4AC?J~oa`2+8XN@XY7z3aTV>0}o>Z>0Q{6m!^*QPE}r-Hh=B+G+`)_QqGrt z*Y;{RI$PINlZRH+X2pg9v1y2>UIjg66=a12OocaUvY*0n74Ml|1MIV(Bu7bh4m5$( z70Muh&g#Y+jEz-T2)s_~!K>yliUg3S-azfBBAcG4kISwF;cfTn?g&6gqD_!2i6qrtMZS)qGlYE=ux4X*}kcpmj}WQ_nI>oq~Wt z@nH$4RV5G2*56RjS(z`>j>@ z8i0End;|}XS2(ZlZ<6$GfA3Ya@uV?u=fp0~AjdY%K%eJ6JOMoH(J}q)0X?ND*P+Zw z$hr(NN#Na!f%$OEz(=(UZ!3{kzcft?m^}&8&zMr%w zWYHxj5GUvrkn_nyiyc%Rp*-20IgqcM2T&+S)A*5I1Gmkp;@&rN#ex@!Lq04j)(*dR zD?a2*!q8SPQjwJeF#Z4A+xq`=fMFsq$Me#>tm&YB{{dF7I3^T39?sWGP3zr7Sq4Ll zAtFgSPD&Fo0Y!lrTb1C1FR7lWczIT28L;<-MTi%t&(psA{%$25K!y<{&M}ARjAw=k zkL$b(cKIcYV)op0cF@k(|D(zJYw%Kb(llfFT=jOQP8bb_3DPY~fCA&`Hu8Y{ zi84KIm@XJP@spV1M7#kg%HQh5u4+PaBbeLA*e}6RKY15~p@obgN1q#{r5-YV*g|9c zYHU25xY+SbdSS3adDtU4^{LdV9{;bc-VMu5Qv{%mHDtyT+t@Y4pyp!QS zPVv2d92q#Nl|?O^iTc<0w>P4h`{We1t= z@(@Gp8k3DY#~BW53eRtSb1X)J0AU3;Fq^2~K(dfsv9}ilh?KQ(2OpEur)WNU)GuZ) z2@st>H7l3j0GZ|>Xg141&|aOae_mCq=2x?yMhgI(ZXkQ*KLRB2z9M0jq-Xj0aD z*Eu~|q{EB;nIX;i6X<%H>m=+v^WGf~Kybw&g+QrP@j(*Yu>4lAs4sD9Z%oD0;yf8E zzx=K1U5d9e#TdNionsy$pj|-HMbq#O4?#^-x;D<}w8kOyh^cac#O*zxa=PJtKc^;z z^LPP@yzBJhyuR>}!maz*?Wvb`*EM{tc`N_j?PswvjXCD}wq`Ctt=t&<4 zrbX;{4LsdHS0*N&ql#6_c8|ufZY+Fpu`1k>C{223E*yvIRn&L9%qmg09rdDC+~lDR z3ps@;E%y*MvC>R&DRY1N67%_J?iatnB7nvE_oNxE_=N9Wqr*t73PT^&TRu~t!P%Nm z!F|AQ|8T2Na8G?|9(f)A2cJ$<#U`fd2WDHhh+r9s{Q#m$u5ziM#9K@%gB@aWkAtMP z66LKUxPDZbASik2k#jwMDYDX0Bm_Ur|3NsaBhm9N=gVR%p4l;wlbMnUDdh|mNhbZe z`?u9@z5iqPy7NwF{5K=NCF=R-PZuDAlirpB-|-ddSSx72b>6uAprV{o3Jk4UTr}*W z<64UjaU<$WObdPUAh0S0DoSO^0I9b{hWh8xE?Wb_${Cdrw73Svu(m=$O;{b@1$P=s zoW*as0xb!t$s0KdOavrf*((3x?_G{+J&`8+;d`7a#rd$sfZ$HkWXB^_2`20l!nof!xXrEx*!AL8c zz?QeN*%inPZ)M9t}tdAu+zpV%hX56?#r0ZfZxf_1dluD%F=W0}}(A46w zBy*5pV?$W1Befs>oKw@u-7KSz%=s!D);BL)p?Wrz>OBeKG@ zN!q>4F^kew)0V@BYlk(Lx$Zp&2D34lPj2mRG*_KU47PT)yY7Yi*mE}QV7@YmZF(tu zNjCdYXf9dMvE)$9&X;>SmtYwdwfC{vOxKh9JcjRw{k+;cgkhe0SNzS=uU@syg(m$5 z;Z==Z4kFLkr46CU^6+z)qq>wnPs{ta%4=*VhmT^f`#f#W9`5Wo=er*@e`3EJOROH; z`r(vv@xrC7iMRAhCgirL!_lKE7oy@=5e^1RxPq3E8ZTPczg^NXU@UlxO!|eapZa;TZaBfO zsf)$Wu2a4dx!0eP(&_Xb*UL?+P291nSrf-Z#1)APe|p|l7|q=%;k)KU2Ma`lUGDv$ zGfjONP;`6VgJyNZMhBxb)u4mPY0<$7i+CPKPEhO?S2}x=r>U&BbdD2rdv)@seP)sp zpwkjR62K}5+NC96ff4mBe_kzf{zeG)+;&j909&zP-}D@4XrF|omi5C)B2RL-ec5*^ z$CNjIm_!U*!i^@IMjet-wAgi*8cu?X%XKGniQ~#F+xQh~52L_+A<1ZyTdnZ-rNH53 zBmELH&cJJ9JGEoX4s0;qDHu7k1MdXpf0pR>@JU`r=Ph(DYpA}d;0N4<0rfDA!s2Qj zAUE6djGz5ZXllNV9(V)wcqxAe}jdf8ZX!K6{>_La>d_qXVIeeN8;@Czmdy6mO{7Yp1RbccuDJSL%Qnf1 zy7%NIyPsq+g^TfwY5#Q7xm0S{?CUk9-x;Ybo&R{D^FzmbOv+CHjRE>z_{MzOfzvW2 z!><`sSumP4@e&m)6*@8J)mMveAEISm!ON9Fea31=H!lujD2$PucPwU8EwtTRZPFt; zX7_bt3G&#HjrZGLIs<7O^u4laOMhpS@$vd8_AM)`C82dXW)H}P9K$s<3%>mn6T-=! zZSzw{L6B+WQsstwm?{ZIo{Xj6xQq|K4V^qLZ>dLt{dKGRUv>Fc(%APu;CsrQKh3fI zC0h9fvad+nOYKzH%>+2|*_ad-ZA{vEzXi)yIv$7p6KoUZ^c|BOE(LjtE|_pFuYeJI z#N`Dj0~4ku1nIV8%u%}wvWtUyRwq_Ku8xVroNe6kg1*)izf@1l7(miA%|L_kzp+3c zuznb$z%XMB)Q;8=T>jImElx}Oa~sad?Ot=Ht-1y~g!a&yJ<-^_+4Ac-O-W5&HQseW zR#hB$lsG`BKH*j*McAFyNW}zbvHmaI-xn%<%V17lk9qMkFx`h@YXCPUo`9sCEdC57=(_(XMjAx)T_-fo^>XHVca48YN7vUVoboo1@E{#< zeCX(mZ~_ssA?ii$WfPRG)n}zhUjo2LT6!1xXtMn_Z4U#yv0J6*g_|~%U?EW<&a+@5 z>`4Hb^5>VAdXm&z+DdvBg2YcfPxC`gqf!)LAc47_M)~t9FGLtoKZ?1$r}_rmK)CV@bQ`;Pt{0PZZYh*sfoa`|hE{3PyR5 zUO8b(^ME8@&48`SFdjbeF`lQVG>Df0)^1ItCq#2*2N@)?W61DTJTs!OG_hwhV>_yO zJL#bc(Q4TJnfz7-qRp8wmYI&dXVXYn*#bV2KabVjd-&;M-ZZeN^IJfEtAl53^H{A) z-jE-;Unqw4hRx?q_0|&*7U%0Ft4yMfoU#|B8zkIZ_Sw<$^-N@Z0QwB6WWqPt$N>9mjHO z`{`|F%&pJh0x(lkX%Os@+ww-v2gbnUR|FA?^8i_m-~3FNt>|n3aDvNfqJ??FNhzRU z>msNsDC5&WE~95-7hd0tZfEA?l(jOnj_~mU{Ik4c+MBSS;X7ekVkDGD^86^K6C;|H ze6qi3kq(Bn9*OE$)9s@k6+b?2`&hecFC^au2FU+{)E8h@l{gu*aUSK?kfQ{Rte;G| zi+*614CPEV?$=(H3TJ%B*sqj)@I5>*GeSCl|G5M_}t4o*H?llZ}dZ^);cM0!&K}hBwRq=lr z{Sw4h88Q6+^HUViUL`$Yz?cK?_EvnEo-`|}8tr33m7lD{(CFmEbX;Q|^M_8fr%va5%Y(mN zh=KmXn6;JHKfJxp)uy_18cmYK!#GM<_@QM|$4qIYx}(Sl#|ibiWCJ1IRN zjXW{DJu&RLKaUJ3os_9fTKz&WD~v?!EtHBP_H%I`jLMz2GHpr5G#AYI(VIbYZgsPz z=11I_uN5xWyTWKMf~zr5PVibkVkLMBWqkFudYxjl!?9ne5BvMR%94}XHm0ctliizDSz@~qGgL6V!Uf1vytLDb5otWl z_6C6lT&~C6f(T4N9ZDx)v%=JWiD;QHFR=?{byfn&W*O&cr&%lM4>NpQ{CW^Px}qOm z6;|;Vf4egPt@N;H0(J&qa=Z%r8HP7Kpjb)rbog-LP6vdALh~rd+!E{m=J5op*9fJf`F+N}!MV^-%RN2@UX-TQ##63!V%q`}5!Do8j%` z#T69)!4VSgqX3KPQZ!p}v^P6Aq+CF)-c}C_NgdSfI<=S7d=gR53&ofIJHNxS37aqr z7+-Z_FGUHSJ|Pig6I!G7C;G3d*lFiC>5>=TeK`K>5i}f=fFh({1&zSq!RZR@chWXp zd-ovPMANsh=RA2M73ke4qsZk@c_5@fIPhUB29IO7`<_VoTRo^D{9acL8WG7k278Tn z_9X*BjQnf^3XClD2B{702{QbRXrYgs&4Z#JyvxZ+OrpP9z>@ohUq63{tLASC4;K3O#m8+rE(BoZg0*ZC={3B2s1~!- zCl;659BoZ1-f-hhEMnC6Plc&0c&vRu&{%IPZcL1XB!?9@-E<|7!J8Hg3Oh8HSrZhF zeWI%@0tdksb_P|^N(B_eOg>`0+86^Co`bI1%E?30YGJx1NEw2r>$f%+9>C;U3b%O% zELkTX#V!kxI0tEbO8jo)l1klE4yfIVfO}3}ZeHne<#CYNjEd1_^{SuxH6{#??!`t- zC`Ym^2E1U*RdHd2#fIy1T7|ONa)G#Tu3X`g-%Sfqp5dSgk=0eML^^rtV9Q8S#puyw zp)IqLS-I>~slDH0eb=#X$E|^>Lxuzsqr??zUMCVm%6(#)?9qcECszYVAIM#zJgGp= zU_qf{&f!`=jnY^iOrF){VE^^ZkX$eX7L5oECgSV~dh~NvE?i$mZC|gI|Lc>+%nyo_ zNm0P_N?#Q&!c)Z1w=7Jj5_RDHfhtn?YDr?~_BakXxm_#YmS}#FUA(6uryF}D(BeJk zsVgWto^BVisn_^tQx96|Fb#|so_Cx{h~3`5`Qo8l$9TpR@C^SIT@uOz zS=!7viV~Mx)HKlR%J&i_rM&5+oc=S0T_G!Ka1$nP-`o3bzlTAf26srkH3@NyXMKW- zkS)YA`H^A#**S?;4?lHa#RmVw9}r63biVb+n+gffuEL8tcl#o(Pm={tTEojFCy~G- zD_yN}a%MNhp2)V}_jWSQySs$_D0UPFeN7p6O+6v6%jO+gu4PZ(a2pM~b4P|?u~jgm zL`TV)OtW6VEX5h+$D61lbBc@z7hX@YG`0GDuoz&D*NYNIW@~KK?MYFdF`vEWmrBLs zylBM|kIXbqq%0ti#P2%9NBxo{MP?V&qK=snAyH>$nq47d7k)pNr%gkMPl%6ZVm1T?}N!6Q#+@fJdp{R zEU|B(n|T^)&JKt}b}Qhlw|fXLl2J(EQ^cI4wCjBkxa!+^(E#DPzK4B!89t6orb(^( z;DA|*d^m=<#f6J2XOgTsG^P~$po<@@&aw6sE7WA(u_OS27oHwcm?i%4bvP=5tZyL? zLGr4@d7H)jIKIbnV2HZ0 zK8!J(TFJ-SLW>x658!Zp=S0zRWEmEU4?a9JA~tq@=ruiu*PZlS_W*JD%e3e>tW+Oq zARP0*S@T~lRfO1_zO`}h_ox99pvI$r0&1urIe5PoRqdDR0EPK7q6z=LhSfOA2>RAG z%ifCl?yON;n5k?NNR%-TRH-q(jfs|e?n@yrRcx=$F2^2v2-oRdG#_B=6m30o%@dI% zTS`EAhan5nVTu}l%`R(!0M~N$=ihrEjwSv z9U0Wk5?%HEiNo~+1G%T4;jrCl_-DUdedcQ%MdHZ_t@sPUKu*^cm`u%~<51xHDa||_ zoE%%p94y<65$PtZ?$Puq|an^`ZRhmi-&El@fXfnw5m zxw2Qq-GuXm!>IaL46fQOOEirn1e~Z*ji8Ho-D+CCw0{KKVYirF+odhTBSo-x#B)yg zkHURzzVJ+hAaUf%TPUfNriqdVkI+-DjM}MXceAT4k?ov$S)ErXV8P+m^UPLoBN_j? z-ZzPs#?(*CM@JN-+bL%=q~ASO_q~E$w^srU~Q4dmR}UFadY~}h0$A1{u?Ekqgu5m`KMV0gnvbs z&q3Lc=&RerZH>kwJL-YL9{%7rd8VA!KEISu`(C_vk1kU*vWi!ftf-DR{T9>nF}#OD z+Z5s&2}agn6f3I)<&P`-6>es8%tAuihF;;911h23|A}Skz~mi?lCf-iAtkJW$@Pw! ze{}1`N&sFfaTfNoyM*0JGfzTa=9Cs{(d)P<*quybSo z#iP!Vkxw>fw1E`TEKG$?32ltIysbGtt~nx-aZ(uI6f)eO&C_3fPpZaedj4~h1uGcgnnC5vz9C{FIWE=`--J-F^bOAHY= z!>odT>9=Sq?b06it!0G_T@do*BQ#Lc5d@HpB5gzP_&}p~x=u)|X zJv&5)=+CCreeCYsouCo4h9Lbne)HacUdg3R_m2Ef?tRtyh*dL9VP;&r<0d1@MCtLH z2+Sp_rZ2LED%|swTJVskVi$_sb53DbH<}KZDD`7;Lg6jED^oQmv7WJ0vGaIkawIJn zcm{Y8+t)~kyHEjzg}_@*1LuoCA#%S?-{`nge`G|cV1)s*%CothNt~YmH2kRv2DZ8| zvgyYYQj_;%^KbSWrc_SE_DV>bSWFgCt3)Upy#|~M_6$pu)SKvD-fUz-z7jLocvXU^ zx(?Go&Y1&E@?8}~bN<2CgRC`vAs&(vj}e8mpW9<8tvpMxo@az3gh}Z*ijuzr42gM; zfuXGO>dB!!F-13Xoj;XHLVpKKS0Emo&z`&IN8`w&QEa=U0L2!mxPyWoD;5SXaXys6 zgmE`B;ayGq25baSlROfcHrX8|2eyV zGx_SJ;_#p*IFCCioPm8LtZ0uHf4?Bw#r|1Xa~R)K6SM}_je17 zh=`;gIq8#?bZ>iTQRHE&_)?7wf2)EnNyaeV%p$n)l z1~pu`TwM%?ThV@M&)I;3y19!&_TJ_=%e7_Hy}!uRcGa^IB#y0xIL!MlGtu`Dt?sUw z+r*uezo-k~AsTs_F%Fu%uFm z#)wZO40%YPm4wkYW**DPVywNi$ix~LcfDS+GH)EM6(=7!aoribY&t$0wP@qoS^0yC zIBo#R#6}0`CQzPc6zi%F;+gdFK#pZS3>3Krj?J1JdQtoOfFfBzJ!k4n%|w~m+9B<9 zr7$+tKJTR}*CLa=v9l6|#m|DNIxf~z%zqPbHqBx=jCvJ< zWivSren-iksL^{Ka+L1EtR~LJgVV2nVTB(-9Ryj=aHB_pHnw7*CQqgY5x z*#iX;F)a_4Y=-VLQxf5=JvzZfu#9S^u|m6IF3X%K(*?XTy*u|6*D16AgOL5jK62&v zpyi7B;JUea4fW=$=N(3Ucg)}MXQ!h)<%Lug2G%ETa2|j1np!!};0&`5duE>O?ZMqS z;kL4Ft_#Aql8^AW#4)+eAM=U}Q9n{hq{Q)^+PFj*HmWqE@>806zBm4E!EkIe_9$Sp zM5V-VM^dZ7q_^6ssHMxf(I$3_t&}wIN<_T|T+q-z5Y(`JIxmkih>axrQWK?L2@c(A ze;N&eDb5L|X&ssH9EnE?b~#JR`;%Y@BhmZtPR(=NF|1DlDsB+G{%tfZ544E5PBg^$ zKoh>{5kzlPn*nbbvH*R51VPQBie3ty=UBv&LxZ)3l?8(X=#a)anxN7!M7J(QrTT8p z%&x@kawb>F9k^n)pLBSr607h};T#;JuoL;wJ&v8djy-K0ju}9Y>U5iMKPEE1IlgP4 z*cv&XDl}dbEGCd2n5VVm*>~P`N%#;Yoi)Yr>8bhB_4njKj{!xU>+bW)(4I#*zj|$H zoR&Y!nX5=m;VfZYvX#y=a|?A6d0qW%xz-hG76|0j+1&cX#h_p*<$GUp(nGiE=*<|V zso>O%L;YP_L8|klGcdB9FSdE=8PLbiT$fIcHlvvDJnrm)q{MWtnp<+@(s}ZdU{xMu zrVoS3Xy(XL=$NT7BW2{L)}oa~*i{7hjK7ARh~Xu)niWsW?wy;T%#w%KeHnRrN|~Gp zheeePVMfi{39wY}8{JVl1p9n(rzt0phD+zUHF*hXPsCODO>HRV7ob#Myrs%=Y9W(u(ojqnNm-X{NS$g=-VB}3ynEekr)nJ&@ zn>FHoh^GCrAX(iWjMBy9G1<)b@HE|1Oa2wB?pCuq3_h>)KfHNiA>0tyW|!58NF+qm zTagDcbxKr>RQY~c)G%TRXYgM^w-83%=df?TvT}MCJ?xNi5cxICW~vvx$0A zt8W8wsfTlNgcyRIQ12jYy?)lF`iTCzt@hbtQj>c-m>0Gn;FEF&p0Z#gKhxvTU;fFt z@pQ~Wl55WE;)ygIYeR(G)y<%Fn?LnM1(iz-vIbWX<)3&Ro?uljg*BSkM7 zxB%D4(sW#@A9N?V?#)`A?)X2)i`N(DN~w6NV_%L1yih-M@6bh4v`taHc)UeR23x;O-~80cSOdUh&V>YLA8_IvH7*gv8HIbeF)Thzq3I ze+AXLPIrQ|iUK==Ulf)UNuAUWODOdF@03Ftu5zVEM}8#~U8~}U?`*Ef;`wQZwr~4* zjVDs1Q5Vr6GNHJ+3r*tD|c?xEFHLDqLfGy25F+>CI; zeos6Q$f^eR$R?+2MT0l^CgpGNX@6lA1)DWE^Hz@qg%GQ7nemB^h5dB1W8>z3F>APt zQoCUz)2FPn&i@qqQ2A&&3HNF2x=CY&q=qpD_11tRYHw19^&wtUTM;6{M_K%Q`IlAz zbO&f+>Uj9}mx>s$0o+SFp|@Nud-l=u?gzPNbGtP^>gKL+|guR^UvG^LTy2c@<KVQcYYjsAXN2r*pXeWeFR zc=fDfex(bw+o7si+Mf*qqMS>tO4|~It$M6kqL3M75ZRkgsz&u-3{qGH!gT*lS(^37?hI;Q3_Nm+31=tLXj-)Nl_xrxX%Xo^dH^m8o%Mns^@Q1p`jMvJN zWgH@RDS6l4(=N3odqYMv>!mo^qei#zWopaW+1qUC1%?6D)-Dxc5>C!H1^M>`uJJEs zfijJ0=dm5eTAASmOPJ{sQ~L2ezG>Uc^L5DKzN%9yx<*i%vqS-)$9%i`2snvzU;4JC z6K`sr_Xlw5MK{G?ID|B$0k`L}iKopvd9TASG;>J3bx;Ev!M`OUC9-wDX5*`vDsoAuCZG@`b5^Su zUF;wCQ?E+!Nt~W7k$g(_L1sJP=R)o7_aE(W>rM%iBBv81CqPkH)RGy7%+ks&0)1i< z-`q!MuHdOj%NHlN4Il_^$^$XfYS{%D93wG`)H9^~BgNE8V}v3~u|?V8nT{=C>_5eH z=bZ(aHp-Q@3eI=be0UMqn#}8c!{ei)M`_8n$U!AV7WqwkPke#ja?y)nJM9o)X9SZ< z1?@cC_D%H-rE&HA+lQKJ?sLY-bTa4Jjc>pbMXQ~J-R(qw3!+w{8E27kY&3ojV2@TG z3HvhMRRG#PJA62ef#++S58tRgk=ySWf(8fk?FK;#lMnruIyd9TpW!TN zZbmV~-V0g7jh}LIb{O*Nr*GnF8ktp;hj%Yhh68}whX+j$qF?UG^WPACN__YY^(##~ zTJPD)Ro$K2KPo@&UMsH4*B69#G&jJo>yKTpL2$-+Yaw#AK+~#VY0rukbgj`^A2afd ziT?aKruPEPp8|*V!i+C&Cy*;3tciHDqh@uI_?dtmJAR>u3pjGwQI^ZXSxQ&c9&o{T za5P4%AKDR4+lroG5rLb+mR5=I%ES(ZE;x04u5TU!7D~PDB-d~n3kMNbyEZ6rIkY3C z`O>Yt!y*S38$U@r!N2}mL3~%xu-V~E96Rzayn^;AF`dqbLcm7rqgM@=Mj|FiGdJUh zUUWsWrNd#rcQGPzrBxb*XWg`J@qYiRh}YqyZMsdVJUm1}Y}&1K+vOsI&#JJH;dK9- z!u|oyi6&W*HE_q`LE<1z>+5cQ(T4s`hZ1h-F(SZCL(!TIB_qm17VSW+g%U?m*;D7c zveyms454>JjU(kIE$Ni9$(*`dOn(Su&vF`;JsMpGG`P)SCH;6JC70(HI7&%r)K*wa zFd|jd-CpPuzvf#xNsJ5#SuG}S+GP`N&FT!!YZPqHRlAj{B?`yZCn=$^}y3DG9B9O4vm1L z4$IUwg5T-P&A9nd-EtKESBlS4d|Q(FqFkPaXg0k#84%dFc|i~(_~@I|DY4F-#-*MI z_;V}qhG_wG`ksAtw}+_i5@;8d6QKsjSyvC&Feg2n12j5Wka5tMI-hbv{fxI!qfmIr zEFYzLTwprn@DD-xw@Ur7dADi1QR~-H%%>mq(tb^H1J`LSughj7<)a2sPNM zq@USJ&aPWw&{w@Kv@6?pJVeWwcE2XYxd2T6Hj6v-u<(WtcfEKuN7rzNQSI|ygUlpS zU9jKHGlOBv!C$H3_OPp@L$C3o>1dSL&#_W~EwV}iB$q8nP98XH;Ufr95W6&Yx^)n! zFsy$0!XohHRr*oP2ctG2uRx9R|5o}yL|C{T-`&U#wsw*}TNlizjT9FVq89UGcRp?2 zaULO@op$ZXQd6M{)e!twO-PW@pqDT9Y+{Nsj`C)PdEWhP>dt9|-4YVz_~VlNLXP+S zk@#;$G^+5}D;6aGZn2m8dL64A!g%(uMG4cnMP*JA|IgD>T98@dNe>BHBU`^u&yWY_ zG@gMo!O;?o70u9%X)ss`q5G{q4qt61Z_VQMfLN6)*WEL%eFQeBqI_j7IL{E8Ms+-O`<=(8O2degf zs_uil5IYW7HEmMxm8BchH@g3RP45#*Sy0WrUd6;2W>rO9ort~!c@Krft4b~59$)G( zLHSM!v^!`+tv}sx^zNOiCLcWe5?q#ik?%+FnDWebQ$4*GLag_@JXh%ii}CRZlbwtq zBh^aBrugi%RW%HkrB zhjfd6Dv+G~)&?({o={!>QxidmxDkLvn)wz@qaczR^sZ=e$FqR9U6b9MVo~aYP(|*VKuFC*OBL?GCx6O^C{ZGlG z3Lfo+9mJbo&{2XUmukCw%KZmnH18KKE^enqi5|0mtR$M+jdH%%laclM8Lvf{(X)=C zgxz~$?UaKl*R$Y{p)vJ?LHK$9$M*>pY4_Lj-UqNr@!@SBPN-|!>?scI_S+BH4)wRV zY$Wb(;@)m1?&jysofUH(IKnl^qK|ClwfFWt(Q_fM6KY%4FxG=LI8;%2WawCA%KH~7 z){yj&216*$O{R2+ChT~aWfyO`emdpwR&Wk(jC{@Y1#D`OD^u>G1^XJWuM3h@@xyW$P#uaJCg`|QvpNBUeF z^(B@nbLz9pvPwt^B&RIvsq>7YM1Y(hjg`W1R)}-{SbAs-FeZQu97&uvXv(hBQ>jsXZ%52RXC36!6xQY3|B(Yp*^&$#ZI#4-|HZ3zXJ}S z#Bmh-l~4IgtQP36vs3k`V*J-ThgrNj6=8wr<>@I3$YXK*ilAY6ZH zaQg($M)!v}ggQO*)kScsy5%K0B8&26bI2d@CGUv6ff?d?6i#J`B}NOijc94+r=vQh zJfOLXPw495E)$yy-kgw+nV$YXzP>x2%K!cUASu$aii`%rAtT8?DwSE*agM!ZuaHd= zlBgV88VKjuBa)fDl0CCRnVDtfcirBf@9**be1D(s@6We)>b_t1^}5FMdS1^f%JZ;Z zXGv&LhxMY~u|X-g}ySmtz4Kp`-;8XI8=dSm{$5%6$PFWUl`ca zMaAyzh!as?q-#{je%v zCS@Jr0QN_!_QIdPbv@h;6v`K<+;O%HuSt=_Jo4fW%~zKT3W*=(sB`pdI7c0JhRfTj zD1=YqWP`uRw<%U5Dj&zn*zoV%jscguX)nvU)Mpmgmio?%CsW<#Q2)pgx+)%F6Z|oQ z>B04pfybBpwM~K$8d`P&&L!!=MCj4P-d=~n*&$Y2mtRsV9hG`(oVXkVZEXw(@gv*1 zPlF{xEFqh~m~8oKEnSY`_x(ya6j_@kUqcS&$6yBX&jd(e464jfkbzLP%bC(!o?dM_iJp4I9I!CC&?}#)b{sYg==$IS2Jjdh6 z$?;9<)MlJEZ>5(tFdTd}LMIxVm6f@ks|TRj9^=DXXRWwG^5YygU*6%Msrr1tQRu?N z(=n5i+6IaP$e;Hb%>1rJokEV6Lt)c(mTmp#s({7a=Hot@d4kXAH5FZ53F{{iW*U}0 zri3ODMD&knq!0GIH>~0&mGp1LYQVTx@BpCuBho=$veD{_LGS!A*o}H&4L<%?OPim! z1nm_#`0UTWcq{Fn%JG!^_Hu$_YLL3^u2&`PcUKQ}dfk#TzhHx-&T^QY zpr#jTH0g}$SN%QWp6p^1>?L8unEj{Zi%P6u^{?y5$dap5Zm*%=E>2gZTV`;%QBL{t z#EU$RiI;a|oUq^gi7@uiS?4<`DyWv>NPoPs`7h2yp5|1&4f&{HQL2p3)~SlFPke2I zD>D-%7_5M%YR)qP&TOdeAc1ebx5B{6uplBUuS1?^j~-{0Rn)?d(KTvttgfL<8)CMJ z6BzO8E<4{cKb3obQ*o}s(VU>BS5A}l#$R12Qb&wW$o%a5p~&KnheZqw1KifRjlx6G z7QMX0(D0$u3zR9C``{lqZFv5l)1k~4?g|^mpp6&>O6*IgqCbVmM|xc9lKmVgjp;=O zwEu=S<5l1^t(||UFw%n(*0EOLds@HpoaJ!=ZCS~%3wn37O20K-OLF2p>0XG7SxE|_ zjCOBoaG}Vi4CQ_-SzR4SRdz}#=!c0=-y~VpIW|TC*1TWS0ZcIuapiWf1G?1y*=$Py zd_D2wn;&@n8y@x->TT@vqGcn%ENn6c#Qs&@e$xORQXTyVGsIuPVy**Xc*}=r$M|-}dwdFHJRFo0X<)7^A;=s5`vnRhwXUs{2H;BuTY~)uE7}GI z4M5G*{>6*XrW5CHni1n4Uee|ujs=%gOE#L#Fd2FqqjX?mtt`x=;gLli2&|!EN~;L4 zDSq%*+~+A)p-g{Vf}a<&#u`P8hBJLqO-SPK>IY>z(6c|t1W^~&1`I}k=n)u)>~TIn+S zE4IJxZO|4Ed~zv<19neZA8m;?{MNEdk%j(-`=lfIJHWZ6+vf#XuBO^>Ekl|PxqWVl#+oO~t* z`{y>Pu$M>(V;roMXEfkH{6#aTyjQv5TBiDT10!y#IGlWpnwWl0sgx2gi;onQJQ)g0A>CQ(XX%m@Nh&jjK>}_Gv`W! zFX74KK281fjCkiK5c*B?+xt5W3g7LY{LhJ-wkL{DZ!cAfO*TY`jeK+!fqKT~`I_EH z6gl!y0=PpGk0Y5z515TgM;gdx0$ z5YA~%7Q9{1D_(z%w~7#m4JU0&f!lOGoFCu5^YyZhAa@4s&&7*H0+H}C{PDUm;g!0z z%W)?g6}9E3UXrVG2q5k?;t>X$&oxLV3x;*>3>`R|T6zfEIq}Z2%e8a|iSgr~gZrYg zE=Cv=4p{H~nT%+Q6*5f}?M39iBnqDW^CkT0L*9T*3Z03+Vh+WU(FdXOz8LKzPDvM#gfcF#lKcLn2|SSIfvpJv3Z)>J7n#-*WshC97f_ zPoz?0k6Hb(wB?%8)1tYBp+VaGSiGTl-?OupG-g2|Z}s84Y7O8Ud_N0s(|f~f;yw7z zN2ce%NyLJ;_(|aX4T635*t~zqx&L_^Cg5zprasl<%X2)f3bx(siHEEMni&^BK?St> zQZBTv+PtYe&)o-c`WebKJtpU~&Ivrp)8>Zz*60AovSPZErW`kcF7yS0dB;Kb`Tnn^ z%&ooTDJJCj+7Fp}CT|En*%>iCgm5)2Yknt`b{fxeB&mmiQCo2x%kds+AG59pUvr9z zOS_+C6?`&jWf>?jE4mOs(mBv+38=jPd>WwgofKsEiJ|-sTl&8;_zY&B2+tkM$pU zt-jSn={OwZWYiHS645%1^5VstIIMsiw(I9;!p*Shpyo&04L85p89k;cIgo#ivqu#< zfo$XiP>26}?1K|{dwSsDl@o5FFWxF(2JaL!h42q8i(dWp`B(xhDXj`1!K$)h5=eAbT6XXu zo&)SP73?+dOf)k~P??+_O98DCPM%H@WUYG-N$S1#2|ARI6);>JBZRpZ-7}v4i2Lo7 zy5WAqss(%0Xn_4@T+ADh*%XYbTyLR5+SiFurncz*Qx@U2pNRR>jJRG3?AGW!gPXCy z>RBZc=h#G@QY$%)W?5EV^v}-nTSOiD;mfUuq(cdB-{zAr!x(II znQm^~9%xHF{$m38+Z8Id2S(K!1;x(}Lw4A)_Oq*P;lrqX{WI1%Z0H{7-$j+Rk4}Bv ze?yEd1k@)B9o_wcpVW=wf`YJ_-8qJ`RE0W4)&yRq!EGAY4iUk?z({}ffq7QWQ?k&M zICK?CkATY2!L{&}9#+;U`B5-MZ>F-_9+i!=#}-;!?hVGe@x{aoYxsTPhD5-SiB}EW z*F56UNqPVMEx?-`s(b381|ET(L-f*lxJ$k&2~^yc>?8{b7ik+O}?@$|i{Y)966yj_ou*Orj$;rpCYd+j(- zN<3^xElP+U!da>4VqHJ^Y@P`q@rtfpgJ&{9>I#qA|KX_RFIu#QoosxviIVUClvA;l zImYk&c<(d&I>%j0SpHb8* z6@qTJj6+m$zMnr|DUGsHv7Ti!XQSeL0tWl`oaZHofI<+22vUPkOvK;2vjb`T6Gvt6 z=ky}e@>9U@n&^~?pZJB%32D*mXa+7#>s*(S~IdJN50MVKEtw-Gv2DWpCe`N z4irzBMXjSeV2d7WqT+r2A8)$n2MXGLkNPeBMVTl+CClAf`)TUAK5PEbZDIBs#cO{H zlHhw8bVaQH`C}b?LTWO{!%pdcs$ZA_>2`XL-0fP=b%Xt{y@Y)2?L&XR`Etdebo{e& z3xUwq>+xJoCVMxJV%GF)I?U6`tm47uBd3LHk>>o-NGAuB_XunioGzVtB?6O8Nv9?5r*C_6 z8PMZGggo3q13T^+t7N=f;K4Xx;|>=(jLHZRzbXBbzhEGg`JbZv^@5UP_?VOUsc78y z>Q#Ii4?7HG=sQlLdLM3DxqhiD-D=y)ybx66u0zSA(GK^zx%7MHUF2xT;EO9(9Ea5K zzb7R7cK$@Nky+e1#RK$qlxgM^zenrZI}ODuF%L}}6M8EB{47t?4c+W5Fs>udcbpS5 zZ>C=btvCrHUsVri;LiPx?XSsyGD*j!EGS~xep&zHeFczu@mYJmZA+HoxcQ;_AWJNp zwCB|yl%$EPe2saF%t9uQ;GkU-%^CgYKy5_K`%2zl3CJYcK)U%SN=HFKq34jgSn>!o zqI*m4Ap22Tv&$A|QMy`O<&pmcoeSV6UR>Y_VFew*S7n!iUDFIJeeIoY_vdMDPaMhT zo&F-mmsgc9lxwZT*#^EAo0T|Mb<##9J1QBmu$hvK9j>dH;?zH zuh_;W+>Izrv^JpNyNl+av3Z|o+7J&gQwQo|fC6ZOL=4y#v<)BnB`9gpdddZK>m`}| zOQO~o@yg!D8LnU)ai9>_P@M_WI<045M?kwghnNPYcR&5`{Bd^XCbBh46cp|Y@E{PR zw;3V55lexGEd5QO9zf3VfjZTHv{Cu6D!%q9oAe-o_Q>3~^0GJHod3k9+gT79t?gEJ z4>5M&EWuMeN3@3e-*osm9l$eG@!13vJ2y>qT+v>z?e32nkiW{w&tH|l_>{0>2u8KT zetjKDEq62#KREoq*vFGnZ^|yI3H10%ePE>b0xr*=1iMVd53SeGTsmbi3OmIt!uX2? zv*w>zbatjHvHD9aeOhh(vplKt<&`uM!|0Ta(!yl>?QM@*z}q?6OM|O`_<5j$T7_Sr(@U;2UF=DzMW5TX1Mn6HY*%+ zpwI3eEo;n|kbwUnib~$>U7!`%a*jiZ`)qHx+V427;`%Pz4PJHuNu~stl4n6`U}3u%uQH&e0W&Bvaa(_(Nn|l>-Tpc zcX$2TWj3GK-b+icca}GCC3Xu^JF?d~Gk>87&G1;Ao`%&nD#J-@GDkUxCf}rN0z^Mx zX-F@o`IUK4L=|0AcI=C-x2&5vU}S$I-gqL#lrNHvNZJ3VP;%I;&fDL)LyAicWVk$; zK8&}Dd}*~IqPc#6fRd;s&t;DlGp21GwQCa!u8<^GGrm?$3k^N5ew;Z~_h8<);!$6( z0?_}BKYRUgikFVM%!DD?b6EJt*OjF!#uQB5Pp@2+4Z@(+pJ1<@fG>dxU&2|-$*~lm z2}=7#fi@)aJIb)|CpFOEhb!pM#=d(d(QGak7)r+-4<|Hq_gFSf&ZiZ{E~54&szZ1y zUpQ?E8(5>me7W)X-gSk44$d0EUfsf}&rj6Ge&EPsZWrY!c z{?@b03-isRfk!1SD#)QUt*kPtCmOG3q$u;aIUe=9&^&hO<)b;7sxHuSH-^~yvMHly zWu{8JmzUDj?9@!7gR^KB_y?3?4ZbYsm)S{q&r-6C1u5x{JEGKWtd zq#;`yf0FA0iw>1095)Xre|8;Hx>Ww1l#3g$gz>>Rn75FKY*cjF3ZuDBD*rSj=T}jT zq@ZLx$B_)YL?Gy64CPhXzkf{Cf9IBPJvPtmhVG&B_%+J_tx`w1OpDUp)ZUfMZgO;8 zWu{u%Ly3!#T6aHZv?ICPEu@+}7XAOt|D+l{p^{0Ilrp)&$;IXCuZBri&dR*n_xVzL z+nV>vr0}714ffp6GaInl!yS8H+H*}1WJbg19CC9s-mAJsyTL4XG=(CY8Gqr+yBMW! z6mJ~$i=Yf*e%KnED$MekTuInpyCc*3l`Hon^FAnQ>}23wTzc`A;$ja=Y+zwAOsPrvWo{H=sYowBK}@p{UYnW%uQSpO@n)G@uTBSXxYfN-a`_h z*RztGhD5n~eQ3g+Jg0fENQ`p>e=DN|f-i6OGS&g=#gK^opmX*=1)YijvgSvEudnlXmHr3q^_D@SZD4sTOdg9dTq z^{41z9?!@iLJ#bFU6`;Q*ZEaTcjvxSKC)6iWg2=*jpvG)FnlFHpF5zCeqp`9rY{>Q z6cx5z$nvp+mXE1fD2UGAaun97+@p%^O-+r8Vkoh9qhPanq?Q>)_M#$~5DOBwgRlJ$ zZ0eCo{ik$qDAgFa9^5{E^Qj{vhfvJbrG#5YkfHsy^}tg)sFx*aCS-WXFz(w^82YSh z72N-+?gE^VSlCKfi#HIuf=l#)d~`ZWL)FPC)6w*Y93zU_h6mLR>6?QaC{nuo84s3h zA=NrjK5mN_ZKE8#77tAGGXTJ{~tep_~*sEg` zm!^`i)m2FNC-=~SkC`d|np~#U$9?U`R|V->&Sh9VgR}F)%0-t~YPY^J=be7ku(U$U zWB0W)s(8sraY5vvx)T&XTEmk$NJiJ;h};C5|CpkJ4SfFujmNg>1P6f-!aEz92M=IM zqht^f`oig&Gte}W-#}(|rlI31n(VukAr7L;XCieVr8-l)1uL$P2vCygdDjOhu$c)h z*SYV2irg3m>)}xvi1UB{t=voUN8!D%=a~HFK;lV=be#JNBkCniCp5I5?T*Z53Rz~J zbz(0)4uEfax_=wWKE%(UP8rD!)idTMXlsb`MI*v0Ji)U`{GIRL<}wOv4& zpIem~Ye&|*Vy@-NS#i;-cbJTnUu;Kr?5EFj2pL)_6gl?D+mG%0fq?(y2R0Aon+RCR zT{%W1HNE6+7-Xgy52G|Q4ia^mxIy*Kv8d^LuRz(nN%4@qBvn4}ghZ(FAEej4eR4_* z@^6QtWiPOSHb4X?{ZBFKf(HFdmxkL?Xw2#3a{z;g)OOdLb4ai&c6!aXOrCt%>cwdh zi>C!qwRUG+*B6HRkmSq)@->y#?EQBI5Ht)fYtbRi1Hs(Nv15zXq5306fwaRW0voqz z^YzZ4ZGyB)?-`pERaQE5c1I1A=$rRaD=APPKrTz>o4)-68%7E*Qqg~U+y7hjKA|)l zmpC3Pj}Aw&JZ~`7_Gaos@@M$aM1KwM7>ZB*h@6bY?s{KNrweSyeylZ`xCdBFEP~~h za((yyTasZ9J%@I}i9B(@XVlw@USA4vL$!y5$?N0nc42neaaroB;lCoBFjDl2lv9iT zhFMkF)#V0uZdV5|vdeHb`1`P+>P&r*QMmnq7UsD8qpVmmQfFt%6{}z{{7%t*Oyu4v zH_P^oJp()VEb;eA&&NI(akl6waJg zBK~AqmAnFViaNYLL3j|#V!-dR5r4e(Kf01n?zYAhN`Uwrq^liomjj+Z4E6?tI2U)m-VKrcUD|J09czO(X^kmOx(xt>~7li3t*q_E1E zMl$8r7|hg?kmtSg9C0AunfyN@)qEggROs^m&8S{W-TMZsIIKdZ1RcjPNOTju7Z!HH z?Ce!Rnp1VfBvLEh#5kN_Uz7Pnwwc38z^~+#=D+Z~VI;ZJEuS=C`91UX-7S_^1A(F2 zYpPc&I0byVRQR%p#(Iaa?MW}UqB?~&dNW=Y)F>t?+)BZ?f<Z{SdA)s`FZ@rB z7lg{M4`;DNk~$HS+K^bHen}e(l%GhQRh^}GJoI)wOpXy)0VNnxqS?)zM>4h47vC`srlR??ZM)tf*Q~WyI{`78cA*p zz9uN+t0PiJCf*rC zR+s5kp-YuJ`3g_N!pMQ z*S@{ILhNnuKiL~$iG#-D3xKkghcA2oaqKE{Uy9|+o;KHj0>w6ym=Dx08+$}U4?d(m+ltTi9$Md#?qq2?sV7rukfE8rjfX_K0` ze+(DlOck*j|0xPzL*c`iF4;TAxCyaOAGBkmb561)QDRJs^?`3L`r|Iq`Cp(Y0!SRX zfgU^e&3D`GbBdOrs7-Hc=_%VG*iD`Ei~(zvP%Lm18!D}>K;5kke|C#EeRco&T@l}d z7yBRWyAw}NufC-wGpo~^cx%tL+yc3Y!24?0T5g31A&_Q;pl(=&*cK0hz17It^65mE z_9kl|UcGFaDM-bDZ}%dmH)4~ zJOgI+)q{z{1rSs%pA!}q(YV|y^{6S-i9q~#yp1n@ ziNO{#v>R;7?ykK&E$w-~h zohhLO2Gx}^Vv?LZkvY_;(MoVNt5B(zy`BkX^SoE##yRO$Ah8Yji=)q|Nf>`CqV4N+ zT0-uh@55|B#(v)B$Cz|$$62o%gRetJeQmNU){kmK?=Gct`ja46Ry~Nr^)M6S>=&?g z_0%>utjadho)^{R7ibv=7u})0@fLITAt`lgs+U-6B6jIqBtw(=+iOUyd5GNoxBqtc z$;|li`L$V#4V<_LHfiNDx0QEnZ))={J_&UoU3IL!>39!oPfy-hlXa$V0ianXnxvkP zZfZd+bX(rKNcO*#59>bNB}E>~DbNRE^mYf2oHBw8DgW}9);(LKjcD5N%++TUvIkne zEyBJVQ|H(NyJ)TyvI${~*%R(U=V5x=ON;Vf$VUqS(yyn>%UK5gNk0A3F^8#* zYFaV<%6_A2@Rv?i6fuEkCY98AWEn2<@Ccckn;)Fx8`DBC@`h)uNvDO`&pn%QImbrl zS3)R*@_x0Hk8*UQE{rJw%B@kKh9hULb|iva>H4Aw@p=8z)26V@N$7eUvSgyXr8S29 z@9)aJIM{dBv+e^Ot!dEeZI4MKCjDc_#}U`f@z{Wi=Wf%1?QR~6&BX3SZtk{tJBfAO zq5HF)oIkx6BFP8tzP^iLTs;F7fkml)|C}5n&4nRX{K%S~OP1~J_rm)gY+c=`=F#DH z0!KC_l-TC4^=P7dl=@1Nhe@Q)%a`;|{I?HIW*Re{-K{9+S~s;>LZwDKUvmeZ3F(>ss20Ee`>x$;?3)J>M?UG5FWHQh}e{7B#HDjIG9fF?wom@gAvOAbaJzj zp|N>Sh`#a3gCk^E<)bEXb?m)3lIqE-C%7L6FFs2+Eq2A;5ry`9r}U{w6w`Gs)gHvegXFe52I6I z`Vw}TJjpWr=9jqIUYSh&wSPI(c*dA)@+t2M zB{%G#U5e4u-y_5sFwx0pxE&_WBxA6e=R1E*9WoQ$Io17v@^698sIwwEeOz3*iFb_s z`=5tvIh@LW`KsEU%G&$?y&3x;uw~C6ld3Kqaz3X361(5dS7@Cy*9la;U4kVd&c~MP z9xM>QfQ`~WgI5d^iB?-nsZo70spwd@<1t=0fWw7LJ){3#Cai6P47GZ$91sDZDzj zW2my^%0Lt!>Pu{nA+Jk8t-AUy9u28`c>gs67KcI?moS(;mv}kpn|;aY)g2C^V>UB_ z4l4za(BW@pJZ*R9&|0Y`F6k(-%X=}Ot+fdBjkg1wChOy%6Nk17;}0O!P~nGz_2$WK zIHi1d9=Jf%EBy^y`~t)QTu9QT^n31MqrvuFBlUHU&}it6;MgrPU0-x}RIaAQi$K{y zdEeQ!b*@)){0Reh46q$})_rCEV{#T5NoU?jZT;|j+THuC*3;T+X=$c=Vd&A#?mN2a zmzHncu`{170W19qDHcOg^rk^){y+h1t&SCU>t}VyLDE{Ukxp*!w(UN}#eu#vDVpK; z!;;gG>keolH~q_P^cbbta$<2SIT2_zZR#`y{bLbZLCV; zw&(N;>JPG5XxJm^Am%wwm4k@yyXA%@O|KP6u-LF;V3>>BS9zvXh9zYV;x9SIv7nOh%AJ+4O-LBpvOav9W&4Im z{)^oIarXmro8b+8+eoj8sl03aM_L6pF?!PIvWpQ^e~+?C#6s23WoP5!A#VCO{JOAf zW}I+ccGQQLtUDn_>s|o8t88y9_=sc{Bb}MrqzlW}1AUbfuYO&FVmGNP&-B)QS6|pE zCM2vI2tkr1np(FHT=F+lez4*Zcf~H=hHm*JvO%<yNyx@Wy+tEtMT2v&C&81 zJz=)&9jp~y(4HS@J>U=)dv*F#FKI{Gw?y}K;e(7g5%*_!n@N?o(YPs~z1^*)esGbp zafRl%bnApWr{9k6Pl+q>X1t};FUe-9aDgNSdpK*>0&2Xd@h+cutOBenj(znctw z8|LiiNS{CJHbo6mSW17|wlRZw7g3}iryJVdESj9_Np4gQ_{&jf&5AS-svjLVwu9rO zh2UcgTX&9fQGPLZHU$iJ8n8px?=A9%*jg0ESfK>O7|R%3D!vJs*2f;E&~{9a zQDYj9aTqaw%mN0wRrTanq5KSjp8W&B*5$hg>Hk92X66cc)Tp1Q$%%KJvscXGJG;mk zY6XDQ;-kI8bdrCeEjxedP ztfFmO8->#Lv;=vcoMxy3UpF%R;t0$7P_i=C>_ssy#^>jcPL@@>5CICdFXnRIfjX7(ol)q;?ld`LKeR1Sgq%6C!jKnOB}#TM5oFcOfWA8GJt-7#$Z(N+u3*qf4dEP;ihHTn#Q(eI+%} z^M$cW^uaG9mnniacFLWyXPJGF+TROQBwGO#Tq0GW{JT{u$?osavdaw513qK{R*+?? zBB26}pe-bTv#+mg53j_Dw5ogE$<_GzhSh4&+_j5jBW7xuKD^6)#LU>d^=*iebzgSU z0CaZG>(ZY<>*l1QsOgy-GauqN2AatDX)>^+Tr7@2M8ky5_q@F_er8hcm-}Jp#)-Jh zy=mQiz>5%cJ(S#cJSA9@%_48gJ=O1vQ!+QnB!DESwc-L%$M>0TZV%9&Md5qiCVO8+ zcSmZRbmf`E>_yA7XYtfX2MfHf@)<#=;4m4kS(u=+ojK_M%|qvo3@sv7i^(J5irtYV zGKIh6$$_xqv9cAwy~W`zR;St%7Rf#vP6A|26c|s~TFd&QW`xb2KTowr{_NqfOz3ET z+kq{!Vu1%~oqru};bXhz*!3Gg3ziD^i*qoJhA zZp#JFQ;iclpu63&1AT#>Cxd1$Ra!xCRl_d%+ij@kAd?N^B69R(o*I{u)f)UV#LI`? z9;~?Y2$xt;Q=hL}axXMa+$L?nsKu@yadH6DE0gVcMQ2fAeF4GR_NmByLYZHq+4RMS z9KR`UUyY?PqwMLh0sBuR#|aBAKTQziA`qx=k(n@`*uHo#ixY7(_#?U_zj(E37Dj7=Xxc!*M2yPCaVB{EME08Z8GdxdpY{?ce2?@R01B8g0R8VX zt#9@84ntiVb98IWGg8(>Z+Vg|3{5J86kpg<%XQePLA;{~e&-_>Sw89>f+*R1CZjqt zHldbuzf<9;KXd@ry6)_A36X-q17rY)ZK_yySEBVZwzP+Qx%B-Vap6LTDM&T(Pm4vw z1Bvy({2lNHr15Cy2|rRAgHKV<`$C0p<=^bEyHv3W338$wRhrGEVu4b2Fs~H zma=#w4X$-d>U^MseaEI##9#dlq;I$E=v>d0!}|Ub7)SJ5Ty?wX<2t6p3m2(A2z_HO zl?^_81lvH@McYrAE&(#xXXYpLFug#FxBBL{=i>tIqSSPrsy^>n?t!b5Wz_xhZ0O>@ z%MpH8!*ZwF5?+pkvo2J%8JkQ{(dvk(HC+)RoAvj=8L6>tl6kKM^y3R1Na3=Nb>&dZ z=8?C+3k2*##gbVpAJbNTcC~g|X?#vlQ@4)ChkZ*+(x#Da|Lw*bhE^Rr9ZPw-x)6vJ zr~X1V*iB7;u5pEV8Ncc`KUs9Ax~~?h?t6K0#`=%!3)?ni!u~nmM*2e!c@4IISNDl( zaUpQjrYq3TE9?14MdWzn%zMfExju@4!;SHEK&bb`@xx}PS1b2+zu-@gAiTN1JDZOm zoC-Z0@~BKoZ;YTTcC%EuyL`lLC=Q(IsNK7CNsUNR%l0#?AR#FJ+XGVFyn&_~9`uWo zXT@HgEE)am9C}I}{B(Apa$%e)=ECKJJ4ONWcOAx#$CDQrKu1TcG^FKPRaB)68NP(y zjD+-$-&2}Hk(Xy*^E}pI=LAbw1+=kL+C|TqGCyUwwOgCdEbA-vUR$Y(r+sOp>_ebY z&(T3Kj0EX)-p2`-8=tZbvqVvXVZuoL-}fF`xS#9Rtb0lLq7u{4sh{OY)(DU)LwTAL zUtXtgglQ0=nPBuTIxCT{`X-rsX{gVbFIe=1jHu_@J@+pwGbRL4v&Q2-IbL#w;mQHm z4&n_i9Lw72UHYy2icC9z6ld|yjxzs~z#tN;%gNb{)SQ30+KILmg$Y?IZ}kein7^mf zKN@aK!*0WOp8eSuyTNMB*nIDM)=5LqBenc#;_?=QwS9bz_W3@bZAiv7=@e97TY0C> z{`opE`y~0|H?BOcuV-(et5ivq?FLhRE`nQKZ91Z{Q_S3J31#M+!Yye_#OD2>@k^_!Gm#1ssmr2OI5Rz zl~C4Nw*-qWV9p9sk(LqA@kF=#sj z;l;4hZ1Ce=89-ksk`>&1{yQ5zMSbIu4uNWd(Pn1{m#BVLm<#8<%Gm1>+ezN<`wrwc z2D=LSRo6;eL6kYN*lELa*Mag0nORWi_vCQ#X+4~77%6VUBeU=0T-=p_SU2Mt>wVki zpraHf!)7!mSu+U>6fWM8belJd9~uR1NXa`Kd_4@Wcb$;Ffa<$9#So7Hr>RX3Qfmm8qG1)agsGISa8*`qTjw z**p8nUAL}xw~kSTU%h!+<}pLnECkY{l=#|oaz=g7%163Pt|y^WOZ*JIkN80hBcoAH z`9^%$z@tvC1U|(#IeAk1gOImv7=dB6 z1(0PV#~Wxu<@*eP-R8V8aZ)yy_CwBaW?k)v(#mu;S_!I(RA&4DOX5#aG3Dfr8OP|m zDZHnidQNV|cbCM$cQMkdH$OYU^2;mJ_+l%|k3*+2!|6TlqbOA>i6Z;XZdk`ZvMUwqLOHR$}eD7<}LPEqD(ej}3! z<3lZyMyH~&GR6uwNl`#;=q^2eM(RPX%_yV;ll705UL7MGo78_hw)AYQ z_Cvcti4ZNuKi{&m@IU?0&11fgScZ+xxuI#q!Pja6w3X#Ns%Jm)_^)-AfaQSvEmW38 zmQI3s@6=c`fyfvrpZcMB{{pAHLsc%%=Qx&)<>%oom_*%*1t|0Ctxd~QFXvUVyxY=$ zrK;;3cZ-8B#+sP@5owQVPu>3qaKX_3;+O-F^}axF$ZFu6-0*t_&wnuhK0l@vu}t=H zd*eQUKgJ6E%7c6<2*(EjlzFm<$0@>6GBn=DBP`}mkZvswRwX4z7&Fk@LNy~W&5&2_ zkMk{J&Kp4HoT#z{KK;5j!`7i|GQJYgukpQl*Qgl7xNsnzQ^z!KbQd>H)#Bhce_jQu zN)-zLNsAWyf4)z)hmE8xmRj{r&7P1YB-Ql-mC5=bEi7nP+7m z&|b2RcWpbvn@W>kk{o_oBu(d-*ZS<#B3X~yY&d;-Fkl|UiF5&X#$QUU-Zr!fi685f zV*0PTwy2m>a?lX|fn-WGU)M&7^18r~dRX-02j_&|Ea0$jGe+?2SfFbGqYQbc^S}p& zIzI_%MWkT9Qwx?#wHz!lTOf5FAP%{hGLUiG zR3#V8R3(01uneuG5I1_PAcLZ3RGj}@bdpg6mMnsp|A3_myG^L;+Sgkw6LKEEAGY8W zYy#*7gRg4Wo;)kV;2N2G&l6bx`f(tdWT=PcWy3_{w1r=CsR+Y%zsD|1jkRZ|$Ol7c zZq`g0(KF(+bC2wuoo4!V)aG*45bz+UP;5dqxxe0)mz?>&x)QjaQ~}?utY1$qCiFBm zV;;%8)FAVcpl15q)oiIOru1I*upQp&Wm-EmG0)XlHzrD;@vZHmN>`c+5lb89llx8U z1-TkjFGY&-uVe%8QVs(Am)wsNYbt(+Mf@4&-Jc|Le&ZjkiPIPP$6VX70)xAZZF5r2pJ{ zqXrnR^Lm2hZcs_c7QmuB$^HXtHO_}yQV>VCxP$Z@^sfWt>8{-bCE|~EN*y&ZM!zbK z2?Mg;tL{60mMuzM&m(=hID{dB7hAsm_AD?y*lmPJjUA9UZwLpoy2W zJ!`)-9Wcwo1b7(;j_bI+RJn3^Ki*hEpz@7*W~uT@j&DA??wU82GS|27Rt^I3XOZt5 zbro#++q;e;MxJGyr8b+|VAilh+FnH1+l%J8dzpF+dnEU3h6cCGavhUopNo9g=DDBu zj+-GMgPu#9sC=i(6rYA>;~dmCX*bq>MC~K!p)i#74T0 zAEPFslTi}Db}aUQHDYHR$=$|ZMFx9UaObMlSRX#_3WCy(^#c15 zl`a8dFl+NYLoSZ6he+vX=`_z*?VPl2D){QHY+4q5qb8X7>=Ta%Qy+RF_DOW=93QBE zNs9f685(pk1Sb2UsCIZ9GDA>mA#t6WK8YLw%}`jf2v05!8Y8vac?D0to}(f1k@w54 zwu($c4s)OGKIx%(&}jiWq%Yz&>~zc0hyIMs3aTQu+caoPY}9)a#mG+U&y<_6if|7< z=p<1cN&a(m6H2y3S8nr;gTC~r!eZFxL{)*{GgQsF?d0}q?Lgt4o27W2C;S&S_+>jg zDJt`i4MI&ep?AT#9f(<0Y#!fF^s%*53ir6@KX0N(YZwCk@jX-Su{lu;TlN8@U29qH z*1+l>3#|FkQY9(a28j@{NLt%}$vd#r-;w_6nUKU(-e${o$7q~!UCb35`*>YG(oMU; zN387+4AVGlpbKIDMn3l(IzP8n{RR0ta1MzT)U)1@ydV{q1Hq#dQ zIfm_Gq(CFHn0?}Dr0FhXa-+J04Gm(Gku^c=f`@6&>3tWq$S>|E!UQpc9)Q z=noW~oN+qZ5#r*ngUTB#m1$>OZ+j&@M5y*)mAEgsV4Fzy`fh1>D8`$A<(K0%JWeL> zSj)v(uAC1i-<{cjHB%_3sJyC!)H9+B)y?SsXGVs?9x5z{WS(Iwya!d$=-CG0Fw-B` zJ_$bi%6E-0VaTSO&4egM z7i66L&SIlq(5L4>I9b=aJM%BjJQA$sQ&XCo(%|Q()5G|(RmQLy@W;e}`=ye3Ii@Q}oyRK6Le|u>E~Y zey>8$4*E0c`tUslMW1Lqqb|dsLbUQ8sNF7@cejmTOS78kx%RBbK|75jY%nA!guz*G zSvOZZ$Dmr@lb=!;TE2XyP4^!nnHAhH1^8>whlwWV5sImbc-#ZYpD8bgAF;pB9o&ND z9x67Su>UzK3&l_ZJHA_ML+OZ~Zg71iUuzXzzm$SGLVugdY@F?A7zxJqn4S`wAjuUf z+37y8ZygtqGdpLhN{zSRw~o;XDay}3mr(&Vvx{Ttp?9NwairNw7Ults+pkVOwRT;Ea$`F3`q7NyI}RzB>wI9c)<4`V-uVI%B0ck; zHe4ytboqYA_oddSYWQBMt)*59mvj?u^IE&i+1n|mn<2mvR*ZNr0o4=-CdN`gsNCi1 zXxDwZuDBz{rE1f&5A;Nmiz39D0vQSBWAGN8XM$S<%34dKesrdWh4smuIYQo@>^YlZ z6&-0ffUE{DImLxc;%vftrYOVk2nCy4;mqc*e7CG-JToC*wdhPy5U`+$_TKr^HnRp{ zE*2PfGcHWs8~)^K0qE>7K*VQyQlL99cCAC{pBsr(p-a`o+*ysgF8`$kU~daJmyn;q zz3T}8@5Z~~rPpv#l5-%ldgqnxH+UIql>x|TR7NX&hzngTJdvSr)N$#lpTI;AuB{4E zOJ!s?KSR90<)}m%pO50;6!ld}R)_2(ybjlv!FFdP0qVNQS(y)!-r>`q=gLxN^`09Q ziQVhqK;{_Au6+@oIU{0J<-euXfw8<~@Tp(VV~TLl$f-w5`>=&*$JHD9cA6Yv3OBes z9i>ZPzTw75D=CUQlE8r1O5ZO8W{{)STPftz6LNSJ7OYiDlKPqW;%2y=6zNr(!uEzj zLw?@7Y>u$l$l7wwXYcNyXHAUX!Br;0+qi0}&g^F^2*v?snU&t$@)$9w^eu4D@u28Y zU-y~(<_;|7oqnMt;ADwl1s1T*Q|VpQPV>1)t;%H+=bc$%j$2S7%q2c%NT|h899Z50 zKrF|QlJ>zBe|ta!rU8$>??>BDuf+--3V-w%SL92Z9he9ep3C}Ra3ib59{Sn?J=&@J zUd1^TI(gYq?IgD0LldfkXi@8dW;qhvkD8;F=7#!mjNzxjwZ=)fT5FXdvbPB`P!=+UjX6;331i!> zk!P>ZI(r5tety&qPL9@R6v2EU26u8S+)e%G7TiTfmS^7^ezzPNy&IOrS3Ol=8N@hJ za=k%oIk&m_T7;#Ir4ObT$kKK)AQND%f=GX>z(n;wR|;VU{^U*d{@0bVL#|X-Zga#n zxKcWrJHRk#1wz`Kv$5Le2!@l4Iymd+*`?FWRC2=!k$$;@ydQkWA-ek&K#Cey344c+ z8U>lTjs=$JDyMU$r8g^}`zm2c^-vqMNESvP+eciTI8@MQ;HAYn*}ySV4$e|*`=sIh zA05@lO-Vp*4-Fpndi|~O`FYw7K{O#M>S~`itek!th^dxBN{`kk9*yCWv5ga9k*7so zP~4`7LR4(TR7d^x%2_D5M(F5VX;~$@&)n~j3k~k{tpvJKAOoYIJtQHQxnDhaEBPDp zJtv7@2wZ&yZqltmbKZCKjcMeyI}{eX@OcHEu~e1gPI4qtQhG-Sp6JOjtTg%gvFy?~ zZ|D-K*luW=U++>pnZ_+7)*&Se^HkH%YHBYBr{!EmfkRmz@O}1aKWFu?N0@uTsWW~# z0*JIp5m$Ek#vnqG%G&q!AK^Bn5~EiBb@7W4M5DNdSC$$M-&*a2_QR#hJzvolX4SJB zCj@%`2o*v?8xH~{!sZHW7`uwiX{6yK3iA!F(br&5L>w22B0g*iL=VS~ zFCL{u7%By@EI3xUtcFfWsM7f)O&-FnHsY_VI*I9vaQum5lLChu7er z5ni;bn##;RQkH_bg7~(_nY<#_$Y;7s&liNuX|?A+ZfXMo63rIc5LDDJii5-pRSLKj zR5SbMLF(7fWA{Le@5(W$U;ZtRhs4q4gH+_~x3r!)+)^33Z(_E5eG%d0^Bs%{0m^L@ z#ocOWr{qINY6q#sp8B&6&u`vH2Eh{%Nmvz_86dEdyK;gR35|+MN=ckr9jQrF_zJ1| zi%#d5W1j9%YMi3~T+|OR_Dnt*>la8d#(1nMxnz#tMLD`5JcUp%zZHZ%bu*lK>YD+m zGxZF!Zb=O)2I%qmE8UeLVsKS9S4>LC;(SWIwQK8kIgZn~r>rF{A(0y2uv4_heS>nh$V`3~{KF$|aoB zr9jL!%Y?|1_JpVMUum8a+#p*XqVqe*-iZfAojly3<|;c=b(rM)@F$Q2gli?vk)?$= zF+@K^QU9i6(sK*|>YD-%yNU=Gz_#~hR@1jJhYge8@;1b1cNJfWl-J`S)uS|V(ZKun z=)0i+gMVSO+b@VL^bW+kY}d+VW=qL4~Fm21b`10GcC zSzne>+1gqPwp&RkJZdUJW~Uj zsy_3^F8-d6Y7e^}+JwK2cNh98l6(`I9;;Te_Tl)bRbo-(YeVJ2lQDEHw}I!U81Uo? z_2&Y*FK9hknY`B_GuqkjuGVkTH?ExTLFsPmg)#Kz6Z+CEC0FdkS+eyqAq zi7z=n9mf-!`$K^1Lu+-#oa-)Fa%Qrx#J`k7-Xd&O34Sg04dmx?y8d+07~^Qs#QFm# zoC;$9)QCwqUO-clb<>Is8#$J1Ypg8JIC{AMAI9E18tVU#ADyu;g|Q6T4aPRs5?Kc` z_B}MVvX&BAQnK&HZip;NM3G4dp$J(fEu^AE)~schUHA3w^Zng(|GM{{(;u3{IrDzK zU$5uuxjYsy7_znZ1(C)qXy3gdnhZ@*?X5}0U(YIc=jc4*FjwucZ-g|0SVDF~2FF6o zViX^#sxZ{~zFgCf4Sij6{f+n?Rc?o)yEQx>{IA7@vqwyaTm> zBqQAs>iZ_9U54)BmzIW}6p0IECxiZ*2p0vQB@RVTJ39#@eb_1Nlqogg8z_!!47oj| z$@0G7vS@QpZyMj+=yF|COeiaBq_MSd4po>1$F(9;1l*9%XV9800$D5Ly%JyO~dmStHX_+H3{>C#0MLdu+iZ+E}wTJO3fK zLAjZkBkO7Fdm9SrmKz}ADu9J(Q}1K_0}>)(uaVk5(f8E=`>as?l2e zD5VJE=1n<48*#uG9jt*oXV-Yt8kri=Er`Y%C z+=FOO(mVhCa$7z)J@P%%MJKBdKqsbqm+D@;xSRj((gZZqNcqH-D=+jX{9vtjd9RmO z@ngBWR{aGZr*bS%t}rWz1Qbu-Nvz!127?EqhrgMUeZMY9htN#~S5u-vQH{&&H>$T! zxn%5kF!kRXyt#vvzx3^c%yq1lt4bZ|=Q8##Ty=ix`3Pf(C@q-^_)v5cqm%iR*_mI| zT$S*Z?w5lG@cYx78K4bf;2s|YZ_5iNyzR@D&d}2!m+5~Ku!$d+cr_RozXHIOwp zM6&K4fMFD1ZvG#rMii%)7YNY2Av89TYX9EKGC_3MCt zQV7Y0NEOmsF7!CN+3tWI^K@T_XYqwCUfVN9$B%up;-hqi3;J#8a9mCZ1N&TwR6SRJzfZFGDCO-z_^w8Dcpi@^qCk27| z3=0%PBcuIy3!sr7^*faB3B^~p*Uv^b0f3~h(ku55#yN1i^qNX%h>-;KhKGArFV{;SLKHu@}j2A&(`F1|1 z*f&(^eXkg|e+F?5okBMKl45bB8ij!kfhu9at#0+!`yAU`Y%UgA+~owS9N73aLC~!v z93Tktfw+Tq)dd;=vCMhy!hET;_|mCr`+G@7n9uNwwHCrlB{2f~*VSjITK2;i2@b>&DIWEpAEq0Y+HE)06$fz zoBp|NDOsjk0W^>88d3$Z5b^3sLiG)WnfHKb`S{%sftFW|> zg4Em=G@WU`)QDDWfJTQ8WH>qykcaEIk`#R0pVmI=^hic%hv_HRM1hMSiz_y@I1BWA z@~Qk`_H8Fk*PjA-$dS*`b1M68+B(1d(?IuSjw&}Pgls~5LJ3NIJ6wRNqx2to0UFN- zO<`pB`$CnQ+d5NplMd3DYE+OM5cRO)(%xno5@6197q1Mh0Zt`m_s;_l!p^Jlx0l8vfv}Au9BuCf5ooH+z4#tR3g%s@sh7LK*IkpDj z;38nMVv{L>AV6j;6IUu4g|Fyc2A)EY%0KHGq0L;hbQ=`o6H$^atyVpU- zduZOFrbM=Gp8ik-K1Rr~KRacx2@Hf6(X$L}Y07u9IK3okr$AOZ2;)9y%8O@g0W4m6 z53?e*FWsj^SaP2?%^oG&D&C)n=RWU;>};AasUM{k&ZK8h{?@}p#Tm@=y0r?l;#iE~ z^)NB5HD^|ZiIWLiYY={_uOlWDFy<7){_f*WG?mjz!!Cz8_)4TVvzmj%yjgrE5IYuy zz|zfqq(5SJwPEv^?908xwbv2I9C`crFBdpVvCN1Nx$w`Yn@FK1?e5lIgVuSf}0eU%aPk)pb4 z$!CfchVcxI-8C6s$j~nKU)|au-wBSWAz!~hJyHRP?mq$*&HcmQ(cEz-%_l!<0p!N;wd;?5x8tr;>nkp&@`X=0Rnza8{Dt^E^feG3@7(F%uG%RH z6xL%!s{Wmj*49ttZWUL+YcR6UEzut!O6kai)Duny$xAEn<}>{%MIh zpDka+_MhhzhB&AG#X%S7i(i8~c=**9JEk(IrQ)C@mHl7h`@haNS$YxDwTOu$J9L9G zBL2F&gH;z`5&lB+?I5TRn5t9%z>>q7*gM0|KkgFihjbCpGJa>SPsVfGd8R$S`+bzCEC?Im0N!*8HNTIA@yd`Otxi4$j8 z{S7I!Al>WfcW`H-Se8{F=@3U8BmkgJne0CvgSpR|O>P<}AKN@(a_K(L)}&JKzeIL+$(Ip!f$<*i9X8{bX&(~i5=a2=q<3V?*d z<36>w&xIHgwp7A7X}8C)tXMj&O)W^=*dB(<5kym)hVL1N^6%$ z`R~mlrOPtY=@&PPwD`j}KUQCLIWf$hy^$*0&siV66thNs+cm#oJYxS$6-JBNNqzo} z(4i1u4pO`8Wb%C06|QR18Bz*u#Q+MNr)S+sLnVt`u^8B?lkPY5&cq zxtNDTu~voTGaO6{{q?#ra{18!3XQ45N5UMh+6mFS}J1}aO@u3M&x{<0rEXgqsGa|1N zU-dOn&udVozQriIo9~=RVUtFlK zbiEUQd9=Fq@{ebCz$#s^2F>wM6SupVwg)xqfON0`fn=(!`~Hc10k#n|+4;^?bsz~{ zq?RA4`O!`_JWSQO<`jqDvK(q;!;5ZGh{j+TKA&9L?U0hBfL8H)^xD`FbJx#;UIP_x z9}8;ChJ;7Ku~pjW=Z5v!Z@5N2Fs(!V-9uA0_>cLM*(XgW6kR)6RneJwUanISR|uc^-Gga5%=43N+}v ztA(24-_6kf+MO$2L0jc>&V;zzzRKdHG*InQ)eVR*@;Lm1e*3+pV*m|-(9y%h{SV-L zobwcU*E$QX1`jcU4L*PRh^BcqK^kYKahG!2D8vC zx4=3q)6RMB%Y64qWWV6u-fgL2k^Z{`Z-HAgq%RswJB@W*6lvW|&!=y@hnT!~f7vqs ziW#PUT39{QeQK%giVk+FR`u1~1~MLx44>K0Ub$FIkZhkb0`&JP5a(KqrT(Gfz(5f~ zk6)D`uRpMi8t+=DD=1i$snuo*W_i2RHN!6BWkmL)<@d}Y26oL*ambmD?$~w?*cE*cqdk?!?_Me% zEC=@E-GRR@ZUJi%>fc`DL>PY$9OqU&(v(Td$9m|>`GR4RC=AVUu}K}(=73HzI)$Dz zlqkBM75M)4n_d5RDM5P9ZV$U_<+}$ThEdror!f}mO>MgxEy-$o_w_6OL&0NNs+pa> zxz)bbObLDZO343d2xy~@&1i2=<5Dn!*I;ynfy|ug`_~w*dwx2tqibuZe0I#|o^`)Qg&U}||Awc+oW4>e!$R6t?!KMkA5{z}?nUvbgkpl%k}lEi zVeN1Cm$Hx(qf9mESAhvRw;xG+ug8C{zqvl;lKiNCz%PK?yqWv)c18m)a{wgE^1`1! z#`V@u9Yl~){`(DP&-GvI*O`BRC)|-8W{To$kMqX2vyU4QEO)!UuD)Y@_uBaQaHYoI z0VI3BD^_ac%?7RArK5sr^+JF8>xy=%>b~?JM`JPf`dKtLEiXyY$AtlSQ&A2#(i=Ml zqVrhTY6ty?tm8xmN$M-*4wj-2Kd-7Y;66a=Yun!{42voXmD^D)mr8M7=TI2{R-Ax)_sZWTa(cy!!y6$zWt)$gp9T{H#TF300+T zmbx06*-$|lB$8hYjs6KcMi||prBAw5w^*Pg;;1QT|2 zlki>PLNX^XfiXz?8MrRcPmE7AQN!f#R8v26S;GsAQp0sd`(dc0?X{K|%mht8Ggd^H zcI&JPvlL7brsgC#cp9k>^VTS128|LHsvy7O#73>Pv9wT(mO8=3-8O!UtzT^P(`6M) z2JVQqmHNb`=s6k}M0oENVrawj*(p_|{e1Kn~y3$5Os_FCqMN}EIV6di1KTnJ269_C-WHP1cGQZW;#rcqqPAW}4T%ajy8Ls}Zg}xQ48O+`8A_E*;U%BTJ zh_=nYZkmXWk7uFH%u)n3%^r+n=ns#=M%G&qIe0t5UCbzXZ)GBE5bxsyDUk5$-~1vC zVO=t*-hjRJf6JoNyHCM6vGi4Z>>Qk3IG1ik4pl7Q6soKMJ8`$7uY_#M&T+15(*-Zj zAr2~SXVZCbPjoE0pmPU{#HKXRpY!j!2Pw_T{LG+A74jc5%evZQxN*s7Ld11U5?czHzhR+yM)+;-6{;|rXvR6J zbO#ID=_n@ zY=R_0h`FLWV&u3-nLL3R-qEBFx13?6Qq{hZ${gNaumE7jfp(YpANWp)yC(&)3#ZR9 zRm&_+@6s@zJWt)Ya}1}sdrSW!er~_2D+DCN=O-qi0V(pApR->Yy=><|ZUme$ z`m9&Xa;myZivL`JJL1^1`Ku;DP0EzUC{w`uKv_3`04=O_sg!+2Y@T}-78wL{sgdrSD(V-i{^NI!fsH!El@uqgX7|gB z$*^OOp^5kwi$xB30IL{g_b4ByV*W?Rsy&NqQmNWX1j1?Ps3HfF0|yX5Hj4)3{UWA4)jNgbr; zWDY8iz%b#yMY|0!=M2!)#gyy!|1OXOK;Ewsu{l?i59QC5Zb1|wuBhb4ch#=zJOTqq z%XTJCuv}NzR-=}Lpm#NCy$qy8{j+~TUND2UAH)PAlO`mj+$k)Pa*28OS^3<7fcv7Taiy@UdLQcKQ2o%QS*6 zmX=)LB{~PA0g?qvr=iRL#TLEk3^VC5Pjw98uh$%Cwf-6+^O`9)( zdXTdaxC@RpGVr|FPYItxm{s@m$Kl#AiM=1a4*Kxh18l=LuyT9p-Y-Fll8_KF(Zj6L zO~6|r?et#Km%9FrS4QUg!3126%WV>U=-MAdcFoaLmph1oc~l^wuq4~UDfYa93vY;< zKsQoGWsjchK6PUF&8B=G?n3R27eLakC`iQj5s>mS7?y9BJbc*SWWG5p=1{`1Y!zLz znW#vQay!wlY;a*9-kVPWo!M~ZbCX@|0iW8}mIc8&gWGzSnND~-ske)0Vt3NIXe{SLMj4A`Q7}$|h#Z4fM!*yf>goJXu*UO?)dleR zVwDT;oB{29(Bn-*%cOu`z?Vf8Q!X}WWp|rya=THvAfC~Av$eyJ{8aYxXJn3Ja{aE^ z5gASH$~=8J*a3Hwqhg4H3z8Kpfu9hVFD$OJ$xs|U;2JeoC&SQMNgXu5V0oFU+;2rN zjWA?;UIBJUap(%;L|m0CIq>vXm)P4`)IVxkM2-+Y&#J6)u}v+})gug;ybA#dBa=xb z0Q>lUJYO-~t=#o6E@%+yEA1t|C4-4+@0I{T_xr+&oB8;0cuCXW2P;X!Dbt&972?(C zON8!PAz0#fZ7k1P0?fERDPqbYFVN54aQq+8K9s1FlmfC5X921@$#H5Cr&U){cN6^Z zB^R$xM=4`#O>Un|)G`Y@E3}LZV#j-@M47A+vvHuCX~grLie~B>uGap=biP zop1XmFm!&wW7n}1rKXy=B7OfI#Fn6M2@~9;J{kjEa+d2r^jiyrzE|F) z$y_N&bdj~S!^MJc!2~ni(GO_P4-W*w5=uczYX;b|&Bk!#1rOen&lf#fCDp)tO7^9E zas7u+`=35|g)1CGXi5zjpR&ij-&TJo`YQ!i6sMQ(O0uQYR{UN@UJw}s_@e=-Yx|cBKvJD=Dx)8c+>@Kiiuov zS2S`;krX9P=z&H0Jxla7GZRkPR~?|6!1JqI+nr%D*`a5kj-%dW`@}HNGb6cn$|wp! zPWk{aYAWfb?}j``@!z#r9|ZsAI1B~(Ymsfoz0l9m{@e?j+$KuJ6@~tfRtWlQC)&$V#j(OOo4e73&+vMhs9VfR z?KVD)J~bg>U_My%78fOii03YgundopP zrp~TX0s#0Eum5#+)xMJwdC)<2YQrqt29_CSflJ0UB-(-a+)`l0^imY{kEh7z4Om+ny zcWBpSsjt@a`l6QFtDTRDsuv*m5f{+)WA>KWV|iH;Zouy!_v{$ey#Z}3i!co~U_gid zOqHx43mp3cmC|Gkt}6lmGMLw9Y}+R~5Jt5y88vLB7VSd!Srv}u86HRrbNN1x!f&3C zNdWE|;{v?}i(u?bPL|dC3&++MwIRljZQlXTHh~;nsq|}&K%Z=mjJd47ygiUXgYDE5 zK{{jW!CmmaJG;{%#-FYluCSmj$I>iUleK|#uFf1k>i8lO4wo)f@vnq=$I`R1Tx1S6 z)6`*>#)^f%ww(rkg|j0mKeS3@r+b3Ba{VQixfNgX+}w+s#RAg>*!5KPmiy`saFr!q z(Ucnl7e>;|wOnNrW%PP-zB)FkZ!(%ihyLjMxY7@-B4on5@7NPl)pfkj6>kdfI`aHDN%f){>=WY=8i^ zLR6s|`2vg@D|w#*snIUb4#UDG;&YA(6Th04(J~`d@4u!wqgY2g*X8eWY?$HaBoj+i zR1jY~Jx_9qR$uSoT?-g&1gk|RMsZ+|JN!x0%~%Lo;bBrovpORtbq#x0xk3_;^SI}5sp@|S*gm5C22JMoo4$hT;wzCTH)VHYLoWkk{1-+H^WVJ^QL{uZ}x zMBRC;y1!}}$4q6sQsF{d>#9eqgD;Ib?&!vPBUWF5H;wnf+B0!>63^kzsoX9v90HFO zA=1(^6WBVUgj<=Ij1gN-+rp~x2^nICKRU_ z3KeT*9^$k}0j!g;?WOfNo;`DC2J~L~yk4K55TY6X!b{uA8K;S;tpOUG9P*nd z8vSqsY_z?v4FYdnRB)4(MU~8JD<$2q;?Z6dZAssAF?jLSyu^3!F95;XJ7~v=Prc`^ zj&0YK?qGgHo8nQfgi2ZZcn)>cMBi*s!MZ?v8LLy{hw+(KPq>}9S?E8dYMp~18JzkI zQT`K-^IhEL*iW)s8h%=A)L7`-QrU@0F_h~m+$>n#jvxN4S0X$5tj$jdb+l_5d=zm( zt603QQAhp8h42@C(fiA9zZkJ%E`J&M;`;-&(B?KmxrEtq&P;1t(@gRD6Hl>xb+2Un z;U$EjJ{Bc&g3E^kj$nf$Bx&GDWL-;;nzLt8`flf?bHfpaDX^vTRqd_A{q3iN*@u^d z8k2>@NVaw!<-FFY#=KOtng`Ggu4FmBrPW1~{l#=%QR=;zsufof0#&k%qe~N&PTBO+ z2pg#nsolC@_$C3SQ_aSxH}VQVmv5iXH?q(Yz1ts4Jb_+HYSh&d=};{WN+J5WbqeX| za5h>5_I5Y1ATE^E>WLxV;7=XjLc!RMaO1)`F(fB)_RP{HGpT9|2kfG_aq?|n1{ChN zj~<=KkfC??{%-AN_}z@MlBYO(1S8(Df)CN%K%fV$+r$$2`u^efK~48E_#do%j&>?p zF%)GAA3uXE(R(3TUmUoga(RVVrmG~PM>v`CXOI>3^()f!H~q=QIQ2QvhJ&yEm{F3| z=Uz2Jy)2>W`P|>{>om{NlXBKyv5X&Y)!#YY8Sg(Ef^$$j zZ>YW3mxpNRIqdbv75Ha#6tpRsFL3t2I(n2Vt1R)Ts<8F(UM*%mcXsc$VB?u|h*sHF zEgQR85gOdK%{h(baL7oG)s;l~Fm95$EuN+kk41Sq#?@b-!C`4|!WU@7>elfNTQ&)> zzx^i;tUU2gZDs#x(;f&sL{XuHsq~|i&jEgdrpYkQBg#0KQ2}9G#`x;U;KL|@uuS?~ z&2`Le($CGH7~3AN1LN~I-`9r*+^kckiKnGj@@#@;+=Wmn_1;>2F>3iX1{X8%8aif;(~WG6&PgYQB8uRQ>!x}5uvNRN6Ni*JsiK+ zP%>Z6@UMI~->>8oL8L~k^;%wgto=(h-CNi|HJ3Apq17f{OJrbP{r61p;_6_GcW2_! zGfn&PZ;1rm7C+4q*8Pbf>xSs1*HN_(gzLi8t&4iKMhuD+w%6GbOi$CF@Lf{l`exC( znNI{INXVPuXUIDilX;5;3LD$}Pg}1tuY0OHP2?@Lm0j`X`D5fEE)*|Y`#F!C*bual zfw*x*S!^)5s!1-W?bowm8mIr3PSKU#ppJJD3IEmD<`~<%6m*Kw&;uVh`o$YMWelR= zlqsYqkK8tl+GRKze_jV(V;xOU8v`+lfs+`8v%83}UpV#&0FEw_XW+y9{P!`jx~l7#w?73M~X zZ%d|2v%DRF(j(gw%7Y7mZr_>1Biupct$0F7-FxVo3wu?FDU(6v>a9186qI!~=hF_|McdM=wm4xf z@IW@#>n;AcVz>XsZBM>-GH}*3rN`~?o=3cUa9Nf! zE`W_zkGJ;f9RQXGl3l(_Eo70dt``@cUv}*Ee#L+*f)#&*$mD~&BDIG5hFA0kC0T&N zzqK{pCjX1V2#M67~>80p(B8$SvLYPu(;m#93H$S+uL_PK*2B?B_d492`A-zcruAc zW;?5lT|YZ`*3gPl;B*_%7nBwhDRP56)=hRTo?r^Md@XX{u_f^Z!2kDKv#gWB*|F4u z4+#}2c_x<&dp@b$t=+0*>wtt{)Il6bxgpT9o-}hQ12+_TrWcjomWFo?e;#6My(%v2 z*gPWZfF9$HPitng_Y>6&^mA@L?K9FOny!jsGW^nO%$7-cOrudG4INKFivi1O-(8vV z6WTZF?TdBLr3eW{-vEHh z;WQxW1189UC&nL|QaDQRWx2@=M65j(kqnq0!)8GF6!J+LObG&z`Jm;|Z$lJo-uAk8 zb+vdD7*%zQT&<*e9(GvVFf-L;m+~ZuJEimSmnQ$w*^1UTIscf6jxTQbNPU1(j~s52 zb4ccS+&%DBXRg8F;4H934}j-kdT&`FA_cy4dDH`E=mFSh!DGdPQ}Dx)_!vkew2d}A z9!wfBM!yh@Jn--Ba>O%xUlOS&n3&*ca1#bpKo3dD2()ajIHo)TmOIrz#<|+{b%Mj& zMFUg&NUk8#Ryd~o=X2&ZKSvc`$=8h`zuB`1%1guY&*ZQ01&G%XL{l2-!dzu_PzwKl zwsUkU0~{O3?vN@5Nu^by{Gtp z8=DDi?5fO7+nX)mL=K9VPlL@aZQB0GVCie^gBPHmEE6VBl*dOk-WAbpHq#DSy;S;T z+FMBh0P-^m=S_MEg(y&F~!1h5(^z^x-gyO-z`?RaP<# zy=q~qct2p*CQ}JN$3I z)idI(Jbav9QhXe0HKZPZ!`70O`y^{QWxdBK33GH$xK5Km$PNIA<>S7C-Uy;7_^OF| z*ZvC?OkjPhqE>B#MxYhdFQ*0zEv*+76xMQc<$S)${3t&{n0Emr#W%<+?Qtfx4~I<> zGH!=L1 zC|JwmcX=Qd^iZzH{JZI&oWdPGrB!L{`Cf7OovzrOs-+D8Iu7zuFeLgz| zuwU6z^HU>1Ky~rV5P(J2T+FlJqMTfMROzAb0`_ihOIH8a(dNK0$byP3MqFI{@&&Iy zzrHO4qD25;`~(4-vmdUrl8F7v2q`7|k7xTH_n&wR@@^N>E8r)wQCRnfpO(}h-dH`I zKzpI-Nnzw|aY2{&AzRKy;G*X}5%y{)@WJL?6B7Q4&ho7b1od@*9@xINg`x5U50;}- zdK|1b_(zKZTU&Vb@o7=;^d}|*RkgO$1#2^GRgjtJgv_h&&3Aespx+i~yHGOyQ;jjWM{> zb4mx8p&W!Qnu;TnBE1T$*sF&wn|LGoBxp0PfodoD9>t-?CEBs&dLZ9mI9xo( zE_P;zC|c)o07$0a)viV!Z4^7dia1naw};?vn4g|NhshM?1hnnWcvZ?tQGFAyx%y3M z8@#3#px^*#>4X$N;BJMkBU+Lu#>LwSc;>O$9GR@UmhXpNKhBBfu?QeheEQ1&32PT> z+zQ}7Yu%Ui_#B=l3(8RR@!$U!c6314Vf$=*=^=O@O5zWvp|FFGGI|2Ij$;s>XBo1C z0xIZFK5tzQ_z5MO79Re?nN*cu@yKx%iWo|pa3@(i#G1<*o<-*aw$Kd?gg4N5$7seg z4s0zAe?J1pqPs5G_GW|kaN~vVftZz8@qCI~>+QX*r58c94Zc9fMBSTjsp9r<8;*p> z{bO1BOoV-y4n1|})y|{w&G^%wuBmp!hur!MfZwLqkI%Jd(f5AR(vCi+*XS>Znb*sF zc8Q{DDKy;^>tA*pta1H@E5w)l{<=8(_obmTu_t{V%D>zWhm3y)+s-{a?)S%g_~WHT zN%;WAg!<#=qmdfyEB-sR#q>UjXNG4w){^3zHudgIo z|D*lMJ|9JqewLK29q3&Rvu9m;(cs<3@7!wV18#oz16w80iC2kA>N2elfIgG=-)g!H z{gGwxlpSUuh?awOHny6N|8L(%g9YUZhS`KW(Cqvj^9ZEBT*R+h;qWVxX-C}@Bp_HC zYjzj6T|mmMcZd4dU^LTPu5n&H&;pAxK~)h%>t_3lR}3Fe;=;Z+`iudy!pwE*cwzhI zfbwaLbP3w~+_;1MScW{{Nd090S=eqsHbK^*zGkZmC@p#Dq6s=mq@d4M2H%3Tc4s(x z3v><;L%`T6;Cmv)EsRJ}`+589Xn(|?lPc~##|&%)vLAjPFVUkfl$5myrul9|8s4P7 z6`d(On6TncqYo@Doq&q0S%BD)Vv>iwfa53nd&Cn%I5)n^*^5B7^n0f0W|0?d^&JA_ zv)cPCf-kHxw%!@Xfx1|5+ULqI$kXk`2X>J?58 zD^ul*Pb`agqHd$Bxf2YV4oT7H>`-`7I zRL()71;jx9Y(@p4XPv73fKzWwHXxhSMDrqW6HF zzGpZH@)?Y^R~cnTGHOBrbwZ$WlI;>F>Xu8?JXV(^M_LIGOO)UI4FR#U-Mqy`sv-5G z=Wg9h-|0@~p;$;MHR?dH`N?nGrClX(@2h~e>2r{-7Gg>x%8m`|EBI^aE&vF%wAr`3 zCv6=0xbX#*!$-bHUi!&)jn25cIL^=JFgD9fdX(iFf}}aiU(gH3GDmpYwa?i zqrJelvC($Vi0Q(NuyIV457N)f^4tU-EcwJKR`Pv{TM_1!7E(9S3-w2okxi4~pM+7V zO;YC?EeX=A{hl!(ydEzpT%B=DFIYIfNpPBI`W-;P4;OMmW?MKU%&$X!aZ+`l`aL5* zLZpGxWxO*&Dgmbs^m2`tL=Pu{@%AXhuFH6U(jJ z=Tl};YK$jhv1Kbn^oO7Mh9y8b;6vQGI*MFmtLeSV65$396^}LnjpT=jAF&`t`w&$Z z4C3$Gnf0H7CS@EPlN6ikNWix%6vN%1W6oY1<>NQm2W)PKlp(!iokw7G8bb3z(?S!7 zs!bv@O_z95fD_fgvh3bZ(Z`TJj!9aA!i<)i`tK;^EQEbec(mkn+gyQxP^=`c zMyrC8=&!n||F5xdKMF);CWZ^PkIbU}{x$t0+FvifI!>MApm5er?L71=y1M@bT>L*( zPmV)ezJiX$XXCo08-J~EOu}-(8b>?R=yN-w3z0{2k*0kL&3_BW4|)z~B(xPfx^LmG zhzLOHi6+l_Mq72-9HHwU}2w4D1fp@4TvK z5F0%Ek-pT+kk#Pxv8_Sh(tzr=y(>3?VWEd?8rNm`wWdkBY!u}r7=6lT&3^)`<`T02 zI>Ze(LUJjbLoU-i_mXCH*8TazCEVZ$-Eo8)PUY6+pHDmX0r!1O6|5}@ot7Do6F^9H z1tqoUy@OOcPRrqVJs)K1X0>e`5(#B13@1@_nU|mhMIeB^xo0O+T7@rOvSPRPb1sx+ z{l3>UUz%ciTl`N-=p3*jYn+$0<`1y&zYq`^XaS^@sz<)iC zlcLJ&>UF1fIODZq z;wfTr$E>5>5oQ!=^g%3Y31FA&h@z-qRXTWQoOC5^BCC+EZqyP)eTZmX5lwkX(X|v7 zCu*R0kJaJ|RK?f^(>A`YEcN#cb4nc?lwm%qQrJ+Rfsl~dV|<>7d8Q4}eoFcM;E4{Y zTbZb@S0OyPGyTa#BMzAAy>#QBr?%3Ka8|-0sgfY7%q_GXTQCkUl5P0f;IqIKsiFdS zn|&&ss{44ewAxFB#6{%a`;a$)97(@FtuuZi8$wm?o&VO-e2Eym2T=^HqHyibK(+u~ zdC<`M3uMkOuD-8PFgl(h?fAG^?e~p< z2DdCnadnyi*}8|O`EE*TUmcEqPrlH@)3AdmE6)Bg^uOd<7v!wcoVUIdGJ=Z0)N6t8 zukWV|j_^k=d)(PfxeQ6cGBY=w^9s9WGj!RJyBH#B@STW{bb&NPXgc}EA2sebxSe)pxtpi;yoHC zsk;CXXuvL3N1Flxi>bk-4XU-N;pyb>h)}(*6K=%Y;YlKUcM~bm^m80(xbXV?h}U-- zIVxjKn}MQ-$)~rpc%*K8g?MRbj5pEWr}S|Xz5Sh}wwu6^$a?3aISx6kPs5Ec09KEw zOX|P%cGv{)i!Y1+9?YHYY0Ic5xwGkMuro)}e7afY;wFaBP5L9k+x&My{d=&VGit(1 zy^~%F_qXYMBf84y4KXgB+3IYnW?jw_hi&|UUYY+2m}2{&$;9~w3R;`oZ;b!mQt+)G zdn(&=nC3EdPan3oHO+Pww^Q48VnH=>?-RJbUDbi}(th=QSq8JcbVHm5tH z#$e=MQP7hit*V_qJ>Fx@81a1eEl?)2t!gfUE@5T&?N`Qs7*==13zW~r_hYO|L6N04 zeo`8h3ALO^#2+dDUBJoU0xqFc{V)XumZz>s@4pKe0To!)|Aa%01kj7SvBI@G%F%|E zy|`d4W-8`ped!j!A+ON26)nkxhP*;cy+}5U~_YT|vd9eKzZ6U^= z{Xg?JlEQTLYvefj*)$js=S5eV{s3a3*Lwfk{`-^|k#KE*mY5O~{-^_rmIg1uE;cKl z)Wo@1%2dZboSN=yE8A7Rr=%=HP8|Q`9b(=_yno3Gt|c4*?;-*hPR69x&h9Zh>CzoP zlhL-JY4jMshaY#<9e)L+=}cZEUM*Ys#{SQH8&8kg&NRfCBhFCft^= z0KQUq`P0MhhNP8-iM>dF^)2)uxR6nr2a7ME+$#=x^%V(vX;O*chchnq_F%pgNwZU~ z%@Ie|E6s|80s*JJX_x5fOi5E;dWnuhXUdEgN&45Nb@}WV-0GZPn#Zt3kfs>N!mgom zqQ+xGohCNt0HB`m6&LpOeCz0k+Mx8j`vw6bg=`!+M#NeygDaJgYdltuMZrG9REKaK zYENG>PE{)@#=TihC)|+tsXIV-KI(==l2SX6e+t`u53f z)|iAg(TO_Qx*<@eRvxg`Y`y}*WJsT$Iig_&B%V;p3{1EQ9L^nHtRv<&3|3LVAH8l( zn4MG)bPfz147G%an9>CntsR#oEmX=@1JAh`QG_FB6MK2Qq$l6U3pFBFQuzZGxazAh(PXE?SC=-S<1#v8oP9j5Ua z;I3)FlQ0&#{r`2m;?bbwnnze3E`Ywiabi|FXlPSTz>!6ls8WqO0W(tm($;+EPtb=+ zen?rboFy<y%|{=HXpQT_7Kr#~Iw{21O9KQpaQ8c}?}2y{ zPYD5SI}<$8N}p4{ZeAUgLagu7J%waFx{vojH2-8iSWquzCEXzas`)jNAxOwK;u-Km zI8pYD3Yq0sg0-93L@k_P_+M~7jrTv~c{+j|w6xA8IaT)}sWY=edXOpLmC{hzu4sXD z(`l~toFi1Z%bT45t!>%6J6G3NTYV%>YCXCJ~@-gcFyYYt|Vq8tRfqn~4 zQTh2dYEwSvEm1NBs1&|fMomFiS;|vWT7uh!yvdx(!w=nHnM)Z+0AwCb|1MbBzWa}^87?lDMi=#E^s~Y1?tvPnnmu0 zRlNm<8WGzs#`AxzTN!CJ2BJzo;xeashP;`O9>{Q0WIR^r@>38|=R}q> zO`W()i0#7Gsa{Is77;}37;fA0+AV;?s6n3vIJoK3HbYs%>j;t?gW{g~UPqC;RUju0 z$-0-GDn@(W%{3e|$jojPe^n$)jxevjKzmCJx%WY+b8~Dv$vrcls641~1DKkYe&JCO z%hhK2rq^dU#4z3VCZ6K(GPu^cct1v0+ekw7#xH_NzR|v6x#6kYYuvrHzFa5u>*9kZNR+7oJ+xW0AR72f7C*yGXiPPk1IfuN>&5`#7FS3TT z`)11MFT0mB&Nz6iwdP8G*wwl;h6Cv|7@_1C;#U4Q_W?8hD$5z$YiOulSW@l|J`T{0 zdSf{hOX})l{NZ!n1|`#i@-9>{K=7{u>|7JTYkjE|WFKTWgYDw%jJs|@j>mf#19jao z(Bbe!=oxaC2JMJm{#NJND982Dh zuP_~j+Kh_FkW+h{Fz>raAyA!&)fdkfI{G$um(fne>=DU&G_^&WemGh2KK{iif{@7E z((E_p%&rP`6bbT-`RG+P@#0|pt=aM}XP8sUX;zS;4=Uaha(rE>LBbcv&hQ?h(jLg; zOf>%9J#*gyj#V&_O%9Y$k z-i9{(J~42&9HA(`9}o&KUHd4QgLK4y5An3@^Nb*_PUI>nhtpa%Kz7-GklxtiM6S<~ z1Ru(KI;-3F)4He8lJx%pB`1|(NT9$XtfN01RB7<4uRDH=iuNM@|04W&?#nes#= z`tXri;YIHN&DD15+$-sCB1_L@!pZb;PN)VUZ*P)A8l#nUtL%lg(P|wJ)_vjuO2FCD zgVf1(8QWUMjZ0<|(7R$V_!0rf@gl9=pSS}a40NMuW)Y*Dt9&~v_Z-N)}fp6C1h-S=}G*B`Eq z#C$&QkNDMI&TZ+>WzT$$2t(+f+L!fn?db=MmmEyy`d@ltf15N;m@aB!QS?O zwUk?M$APfN87Y%DTJrmJ%IUbtK0EoR-)tY6IUKlAu3hD@@2cd$z2qL5G%pGv@mKgv z&%#E{HV#>9ych-QAsn_A$W$aJxKGfZC zdwvbcz>5XI-j$>q1|M=SF|hEKIAX`gJ`=UM0!OunXpHEeU`@w z!)MiIM``DL9N4oWa-DATy-_XFq^^_ssdwyObI)x!u6x#r*h>?TG*;nSgg2Z2s z2}PKcKgqT}ho5NQ)Wu;mi<;lA;1pBawEV)2O}}XRl2T%mwwb}<-v#^6S|mv@$L9^{ z8qodfQk~dE4je6|oaJIOyW|AMs7joP3y;Qx27mY0_aEB+Jfd;M$)56gqZH+0lF-KX zmJ=+Vp@8YxAEo`E=`ssN=x^x;NALH^NzQSWq!rBXZTf&ZpY+LIwT6c1L7dGl={TEN z6ER>nUAi64vh*w>N7144Tep7zn!N;nedmu}HLDQ3>f&T_Z$=WV09E;3X*3hW!cGQQ z<7I_*#u!mPrfvECRRds1$Dx6|Pp!0chkZSp<@bAfD=q5r1cF%n#VrD^8DCGkbY#f# zTHQReeU_}3lNEk~np1Ygj%%Z(egkJlrbX*6zj%hB>aWfyniM_=oB2EtdjeT+#%Doi z-6zQ*H=A~>PRxsVq}gE~?H+C-ZV9tVXN+r76j3@z>}NJmtb3vz4abT%y#xP=VN`1} zB~<_1$ZdIoC^51Dd;GM%hWIa{AFH_}7gMVGlaFSX1aTMZGB_z-MGj@H)F_NKLvd-8 z9hcY{rQJ*uj)>F5TFzhlfo*TpXb_Kvqd_=RsdOt_48}0VimzK5m&g)f^3qTF%_3wC z*uidxIrhqf2k|~)J~&+5q*FjUfp=qL*3#IchT#j}G+6{ffKz+*CoW;L=kvW+EMml2 zHFJo2rwP3;_E_>Qids4{OeD9<35TZU#fT5vWRn#EE=x{Q=$Gw(NY>LeNs{t8FOaL( zl-ag*@}9VX!l7r<^t#lAb5QF>{CTycI#A$b)hub7tQccX#s09ac()NgX0TvwPg>E(58);F@cRE zTGTl12t4&**0EfjP`boyJX=tgig@zTVzEMuE2}^U2VI1he!}e1`1sNBCTm%f;xGn=*c1AFMd#{Mc!ybnk{J6GjddaPCr7SI(c4r`P0{eaEY< zA$jQVy@CBjVHS!7Bf0vzcwR~>`Ny$OziVsSyua_MP2q(N>5*I!rhqo03$!XcU)nAE z{;h$*Si z^(V)3M<0iL)pP9ATMopEDI6{;m6a|R&rM_de4}k9QncG}C#5`rEQU+>*nmCOdBd*$ zlnEjClVNUt#+b@d(m_L~H$fA(Bgk?ogdbujjzL2*%Yl8SWiii1iRB+kJ&3EQy!*|$ z_y&|$f_AL@OBRC^$(8#jW2-mRYf1GZs-k*udr-IcIccq`bTrw4)pQpC<)jmiTLZ<|9MQ|O_w`|vd(R?&kEP~G~3JiWUf3W|KR+lv7F^3|DFc$PM;Ba={2`ka6 z=OcSL*OgFAU2vIm+22oa4w~NzcxbS)`n0O_>5JHahm;mSr~P90$94tcgrkR|+{XB( zj-5T7tcd58+Z?ZDboWhg%IJG*PI+0n-I4gfSH~{y8OrweJW%v|o7cqrGno?I!QkHX zsb^*J(%T{8hCp5!;;TPR+)Ewe?4uM;e~f4nU3sdZ>f|_>di=Cb#!-c@eb2<`8jZ{g zO$7FIYQekG?E7!;&U#f!)mCcU-3ONgdwlH6&Ae2BMXUb1RoU-v7># z8V2sDs3o!Rw$0bZ7gE$>;#pIYkQ|fV@^_;nTwYJkuTLqB87CIHp2&P(Z%v>A;X3wen+R~hE1a*7)~?4E9)tsJcIXoLIVz?=% zV4_vpnN+y9>8iI+Z)u5WaB-8(i_4t2mN8xnQe)HCzF7ADVCSO!U5bbA`Dh=$Z~B(@ zyHw>5^Q<^M?M;U3B>ScpP@-{FTy#C1>tuos*??xJy{LYQDh7~wGYUa(f!|K*Hq{5g z4jA#ZU5l+Ac=t{Rdu-nWNX@B6c8xucPCUNX0FL0P>cB~NuY?kjt7i60u^9Wo=B5*9_H18YWO1Ru z=Ap}^ix1xsqXSYp=+{OUCQj@9Brqx8qI9h_7Qud;`R=H{H^%?)EZ1Yn>(<^cYyX!C z*BmyCP3f_xOc{2_6?|{l{OJb{jUD$JyUNTeQ2e~r1kg2Jl5Dv<&ZxA!zUoMmGFnF$ z5#ahb)mIUmEU0c}_LO_~fjUCh<%jj<#6nSxQ}S;MfS2reBS^dI>cT{3&%Ld&QfVBN z*z=KqKMreEgBf3?(Kby<-)k^D#b2IYt4`qoBR=K}VxDk5Jm5Rj+YxII`0q#@Tlwl; zBNOJ>v#e+SWhdW#rI_y8)0X=p)KNmdadBW#+brVY82{)Yl8;kahY$Hqc+$YY@vBE3 zMQ%9EX)a?YvBC4m7hG@JE~fBu%)Y7}2lg&lJM!RdIc@TB{~dqr*un(p8EQhOA-JrB z%w`orxT6Ri%&QyP-LJA#o(IC@Svd0NC(H5bCAl@m8$rw&H%Za!AJ$NEzI|R!zm&( z^9nq|Q$R|V-4m6)>qKvK54eZQha5>LTMxHQ07_#=8AvVHfvU;tb@;`+7nJkUh$dP0 z4U!s)fOmO3rF|3n%`s8mxnwUf3Tz)#-{C9-p6*Za{MgGyYW#AU3X%|VL>F!SIr&KU zBg9pG9h|UdhPw5#FZ18;{GS%aMyd11svwA`a4YcU^Cux3!JzL@VdgpTXz^{mB!@=m zzA)PfLZ;azL1h;8?rk|!kn^K7c@}{S5M|f8{q{dxxlb|&St&NPw3Pc?=2CW#oNB*s zuwqZvufx%QK0XNs`F@??ruMRO5y+0vAG7@L{W16TCxC5_VI1I?3KrH5QVcnpP_iCH z5e%VB&Jjn11M=(79`WmrF? z8hwLwZqK&k+dAPXMn!WnDi{Sl$5=A#-g&)~_o%lCb!VQHqLa_$s(aZw4ug{=_hIuz z^X(aV^%O?JlJL#dwOcO)ou?-hJJV<38pv!jKD)NUIM@0-oZs!k#TiE`d;<}`4=8;8 zh@%K*?$`Go{(eSlA1p-^=2`+15_+SJ4DOHLNfdVJIs1Ka$L2pTv$#*7S`Lo`H zRAM}sB(Q7yWZn&!7Z!o(`sdu6d*RzQil-@47P`e3t9xG^;ijb)l+L1$OH?3+Jv}xK zDfC{2Wu4JP+#d&=!feI)b!Y+Wd!P^NF58*L4L{QAN&618h{#N+{)#V@GQV62smhfP z>sNa_MsA#b#%7jzW$3~xIFR-A!i-^`Kl1K-42dU-8&4!0Dm8}>v=05u97uj(n%{5Z zo~U1k@1h@n(N8nY7`pn(;o$>^vV^|7yW3GsHw9WbgoKG%z|VfBCV0|36uxMcxIMLY zmSN$Ev~$|iv;~0#(pT!4At5+9l&BoERZxx07|03TEk##7ad#K~CI-H1vq9~|yKH4j zSgtN=<)+V5=T=403CSUBe5`iyf86J<(A%I6@ z$(h7L7*ACqQs4voM@?9JHAn+*7F|bc)doiEQ6MXteft5hMwM`Ie>;Q$RGxfSkmADrl;A^$o4fIr7(?BV{Kuj{uF#h|@0|wy)zO_gCpf z!iLv8wPQ6rXa$T`=ng46xoPFd~cJl6)Jc`SR0kYpKhibes{qBKWU#vYKtl95M z;POd4dHc^+Aq{ZHFU!DKXbttsGW|j_2+`LzwU@)=3*pGB2GeKVZQX!7eFI)mDsYdv ze9-e0Ik&I|Ts(scLcs!37cT)Z=e~|=?+&=0&6q4a+OBK9mA+)u^F;o=Y<%GmpS{zn zSjmU*xqZ6<9_6w@u7?qqqh}ErN%iTwno$44w~doKv{BZ~F8g^PA8Abskh*{->!a7f zE>H$!(rQE|D)Sxa6%UDyb-vdI0pBRb2&i+65$?$YmMo*Ys+xbn_n&pF1*^!qc!i14 zkcKWG2Ja&ULJkA96?Ix(Tmh6o{RU6}|(G1J!{Kw$e_J ztV;La&_WPNN%@;q@6K!c`vQ_!$xl*Yg+!8W9sbP4xWb@rT)WYXw1U2R{IPBD>AXfn zV~+Xn_vhBuojg3JTY}rv?{0@LKA&%QN5?T%Z1XVi*B`NchuKIQb;q;r)`D)_+5^Jt zq2%&uWTh$uR;osu#gC-zgDN2Dv8Qs?2xl<3;`Wh_z`{3M6sIC%&tQ~5rDphD?AgzE znrGs*fV+7D>x39qEpq2nx#C14<|#s8ulPWK4g|5pW7KK5#fl;E zI5<;eclHK8SYAa7oKk zopljsGc0Id*^O$lV zwWph$d0-(dLtWb{I$7X&NSDxs(pdDmzSs1Y`%M0e==Kq61FrwQHeeNAPo-yllrFns z76gx*r=GF-gB%q1et?_gnC2m!?$Pj>M!D`F!x6D(Ky>xxvIpXCFbbzZ9K(2d5}zs} z=AA)&NQvGFu(J!^d-jK#Ct(0=XWodR%(BdBXt)Mcb$iUs` zb|TdR|A=>E5Tp=k;$G)niEg+cm!9Gl?+*ODhw(K5MGsLaMmK_UMSFYViu^Bbdo%|W zrG(rqoD2b8EMkg5Aw94G?J_Z@TX16WT)lPB$O=s$*PA?EyJk1TPFWm_>nSm4e_o^XnVt|_SK9zw&*Y{mo`K){n^ryvpKv%U-OuREB z`J-_Vr7n$Fj7*OwTvrN?-Fnbs78+j5n4L^$zX$}mq5xsVt|{sYN`4?5M+{Qw9&)c0 znx2ZnZL(Za)T;jZ5DXY!aHxfU8q{4~Ifz|{59ghbKGR~d^Z4y)coJT2ui%iz z(TVHdKMp?SbqG44;j7O_#Mt||jyCq%)A;7Of*2w({N0Et|6o_6;303LGd>?`diH{* zjrRtjl#8A;f1W$n;XBk{r;RRd@w<2ZOoAzGu1#;S7LK=a5#FK1(inVfNu-FS8$NDk zG8i!6$IA7~9bnJh)^MbF2GP&+N&&OB<34;km(L!>=n}$8_KW88MBExIJqO|{--*ur zpe-F7x9)(-E=>>4(qC>zGrd~xF@^@2S6|J<*6*@ow<0kA8>#~uqyJ$n4Gc4B%y9~# zRhxR=?n1oBEs~`s5ldp_j2XLSv6;(VN7hlhXW`J%ROeF?0V$9;ZB>#n@iXAZae2TG z*o_PC$1+@#^K2hDNbNKE2^ZAWBt!WU+s*@#vs_*saP|&R35j2qfvGKMzPiqUQ@ko< zdD8ihY6(Q`=$W?#gX=|46}b?U8`mr(R&Ii7lIbM4mGeH0?LYax_!hxK{4sGaafBQ9 z;-0t^E-A1ah8k5JDl;{9Z3*hNs5_m!@M}uvETu7q1pY+>4RPO;8$Y&NVkVN?vJ$$Hc-9b%MNKxy!%R8Xs!a`44D@;|H5`_?kx8laV=f85yv%Bar+EP zw^g6RSR_Ll*F}vHp!Mvq&x(^`dMSv=BCpj8qN#&Yti`&?snvO$TesOu+*YKMi*ZWZ z<)$&bpLwL~R5R^X9j=?_Gk%ek8(8zdg}gRyu_j^TH6oS*%qN>^{Q@Vhf7-U^BmXnz7nG+6QOtLi-#`1_>&Vy!p@e+QdCTku^VU%f-* zUU}6z%C^4_Vwt zNJ*7GGP=1Zwtvo(1#w|b1n@}0L4Sm*O@=|KEi87sBZumjP{Yg8SM*~1) zU_bE;?#n8#qN=+VowhgyG(BVNfH(AYR?1Pxe$@^$|JdR zuOWls65hkEGt`TD>bhRE*Ak7Q6yvoJH(-029pA=vK?mtY^MHJ}JHuXgXtU`8%473( zSCV5E>>l0Tp@oYV2^$kn%mQVP*;hBMZ?z2SxA{2kL>RW!#B04CEOxmdu>vpjY4pZ& zSm>|)S(X0ZH307)4U6l0RJQTy#dyHjyu#HQgMwD-VMa|M273W z`@oreMlFVU{Rk>Rx!h?=H88VRnuyN;&7%vK2YlO^OnZs@RO@l=p;Pl??OlhvRwtm| znCvaPUy==q7a_v)IbI)bgmR3*YDjo(_x4cJ@24!H0eE+SAzK#4+MkPOV(e>9b{`i8ChaRX0)a1+O83 zFY}p8M82l~7rT*m-~)fvUH$3C$`05BW?R%(2C^XZK zn|GW=&f-gn6YDHXi81LdD83YxTp+x106O?n3o2OR2p88onh4Di=6L1qS5mhbC5iW4 z+$KDMVtIFazb`Iil@g_>BPW1meCbTKxG?TF<~;E};xf1YK{WK=^P;FKMm{9U-wGU# z=n{A*4G~k_FVD`I4oV%rzIo|tSP4|^9}`t;DeH0T)&@zzZ$FWe}J@t)0z^>+J#-4IjMYxRfmn9F>fSQ1BcyJyYdf(3mE%iX zMb`41+;7xgTNT;dx9xK3JwQT|)Tv&mgB~7@3zI)Iw%e17ateR{>1F})b%3X9-!%%l z!GT?&@m6N-G=Q79Rd24q&J8}hKJCiwnlgVsJo28SJ>1NPBLy zU!^3j6qhMBbPq&DpRdp4zQW^B;Wo0ZSt2Lxm_cafS0<;6emh3Rp8)b;6DFHZ)+kB! z^0_a3N9N0~*l&7J&$oO!pc4mC zgbtgX|2Vb%XJ`lAVTtNNAzK91h+Y_)W;Cb0XLN_lKWzbM!FYOavDrMIRifua{IEA4 zpA=U+^}*3gE{s3S_WuCj|C1qsP3jY{d_Cp$Ct$pzaVumbOa$Isr*xSizb?RL4Qc+D z5rcgx-;0VhqH|xdi;-L#h~3@~KJX zaD!W$GJ$D80H9*klY{m3UQi8Yel@BSQley@8Y=k5U84`4E`49=o`+XXQPjicJt`nz z#44*W|2+gaf@T-{AJG_C8mL2}MA_~}jl)ecJa?X%kM1R2zj*D3K{fz7b)_i-z!m!C z?p?Q9a#E&3XQ9wL{BVuqt)B%;FV<77^YScwk!fPww+6N0m;qk;stZ%7L=x%*`vKd< zb@&G!`U^**`3KCpzLbl?4}tdWG}LDalbxXQ7Fcxp?~b&nf1zi{j{<7w!6|4fu@eyi zk6TF}0MQg~dw2hEg-L*C-YC3rn;UQ%*oZz|F4Y^vO@f7&Kb+>tll{n99x`09=paSD zA6JKqQ1L|8=SR!W&${z2o(X8ze>m2y`}0RxM$!0R5x!qe3rBY?PTCt1pqA5(pB?oRdt#OatR zZ{rAsqfs}DdgXWKa_^oY2*wnu0Jn?amnzMb@Yi_jIEBSgRUl{h5fPjR_?*K(RR>Ot zRR>PPCtNGtM~OuwHwSV(M(mWzA00$`vP0YV0t6AYVJW_5#8{os01CoIj?7MV?!E==t2^ zK(2-sbrF~3BNp9^24%w^$y>N_9Z1R9>elA({4v9~JL=mJKT#=qg89x}DWi*W6s&!2 zVnNI^>HJ~)2ZSV8k`ek?`!4GR@ z6Iv8;sQ}P@1q1vyxPxZ(M&-T(6EH&Fg%Cci7*VVw@zt5ntyLiHsDgR016H`_;!&J} z5T-WCOspN})tJD8W{UA1=13rY$1D?9K2C5)#m7s(!~eLcq$31Mv)?V$HonlV!}_mJ z4N^CWZ!hIn(>#RdZMUNx42O=(*yW5eu9)tMzrOpFcwS*FqkkU3`Vpej{_{r^iwbBs5%@2^CUAm~X_kjTPge|Gz$jJ7iiE|Pl^hc$Mv@79bx8nN2{MExtz>M^HyLx=#b&FCdnJBP1 zrbZ(I7x|*tZ4Rxmn`ECbN;d3X)qh!DVWLJ57`JWFF2@F^a9Pdf%Gx=H)Vi!JN}Kk* zwx$r6F_T+VvRjtyFCofWmx3G|MMZMI-{;N;Z#OE~jo)w%Uoy=*{(+puWwdukZq13&J< zwRs&QxQdRCJ-Ofaw{kH>cpmpxmA(0RTMNGe)itmJfr8(Y?G+ua#{ zl+9E)9E5t0y*M5^`$pwmX)4+&c)Gpf zrm?yXgLv*VAn1?O4mr7RY$Q7264~ry1gDTqK?|lgBO>~ezl81BE-zp4gYS*&p-S+X zwE7iT5j|@B5rIN9(chPqoj>^W&>MT(Bn%78GUe9*cc3P#m6)8n5IZNf>LEHs6E3s? zF@{pcu>-olXm?%$rvhw4=EQH*tuA?S`4(0Y`Y^ujn|<7LFwS3}+wI&|{F&tw-ntX6 zG?)G~Qqphnxa~to&5{watTI(KqdWX^6)J4?{7QhL-9C0#P#?m<9+1eZq{?Qt_c~ur zUCvjZOh)T|$x*L=Td>nCAlXXxV4dvu`(}d$`1t5Q@G&k8iH_slgdgrQB{e1%PVm6} z<;i5R|BFURcE{FKqhU$<&^mQy8+R%L*YO4Jx-zu`(9I}au+!g<*h?vw4v=Gy89aFj ztc0$7!*DSna@Z0ymp;2w5QIJeAj>yYf#`JRNZ9c1a2x|s<&fPY_MWFJEKg(gU0xM| zVM_J%z~gIr9S7WY8qJi*G(aJ*F?wLc$)=Lk9<-z%a}W)-?(M&^eCr1zMrAY-lF|zQ zIPpFemfN(O#+9DP$xexVZ`8RqF#)9+>Q+-0JOtG|j*YUeUYIv@#SSoMKx%e18uH+U zs1!d$Y<&0JPNMSXbAelIdL-WAZ9<}+v3W)Z2SP`0NCWSftk@t*@k&z3Z`z~mN||vn z{EcP{FnTKUXXzWuH7A8~R_Vck^4j>@@)dn5fp?L8THi# znju7q_?2>~7=Mb43qdo1f#{9w7J}GNV{V?IO_qR)2*wpppwanYUG0PVk+xSQ2w*A` z(lowiTH9Qe77g30j8&b4%$kwqj77uuW~p>?T`dghrlE>c`xGmNziNqzW|hej3m|tS z#4-$vRs1YAo4z)GtX%n#sTPueke?WuO&sVUlushJKcOkRzs4{YO`F6O1--h z#lve=DN!~K)Fk3^A_Cp5YVVWIRio7_OxwQo7!XgQQDd( zb%Tn^nGxdI{Ubc-?%+7en`u|*;J{o9q`MUw>DBv3@UK_^^8wBYodCHr8 zjIB}T8@0W%0_RJ-6_;n&u@-TO>^UNS|4=s=OO;v>X(ts@Hg4$PYBD7Ks(ZUbQgj*X zUAi@t+hV|^UK(;Xpqmy*BtAyUsf2`;w3sAqdJ03KNf>J~L1dPE33BdGAygB5SZc1S z%E8zJ&t|Vn!L{R6dq-I!C?T~29PBXMP&zb#P z%bIm79)|jJ{kKzfPv*}N%^CjGOpG*HnHv35L)UXu_5L4soTKmU`HgIMV zF7fynS%@E!?IG}{C(G_+?u7(qi}33}0kL;Y(fbnf{g9aYbkpF1BV1fcH^d@t zMa+ZQxpR4*it6 zg}vXs8{d!hQ$o4H+HlxZAfBJFPIVf1x_fXOZQ9>-hF_}Se_$gB@&LZw*+4 zNmiq9uglJQ+GPLG5@edw~#)Bgj$gCzAKfroYO~9sGmL5=lZ+CW_*jY0FOE zF)cwb!?mA3xHDnhj>1=jd2As@1%HQ9ohGZ$6;Ji04FJ06t@Pj+o*S3sAw_K>4<+1T z;Ci>T%!9b=xfN5oD#nydoEv9xF`_X$#%m0}*jgvHhhmqcxk9?m@86U&iob>$h$dlo zMr-bOyjV4!HNnD2Gp31`|Ck?_Eyf3Kxau!%TRbiT-3VkBr<*~p@P{1YM* z7R@Bscttp<<7~5TE)GfB>3Jzpno>L@rT=i*WA<50>;lUpzhPXimMooID1i7GM%)%p z;|@l#SQ-&!8<+<#KXk03-{8~TX-6l;KagweHN$`1snW7!Mb1G44pwB`r<4vW-H&yf zB;TlzRzM!$&7rrJIJxcdXDFAa0mv;L6SHck6z#m)FeFI?^|a6NqdQ^_|A^jl`wu>; zUBl|Tco6206G{9|NGcIGF%#>dD%k_~jJKr|QK;8QTa!1Qc~_AHjh8NM_mLPQVCllB zwM$TZ{rtT|D=OT~o%VfLTPlVc>+wyM1-|6Ld=rT69*?sP^iZAT{hk!+5 zMej*q%zFUekLh_XXiQ8%`og~F_RJZnimfy5xBjZ;A%vDdpfF)n ztUBQdG9BBW*4nnqB@=^Pfbq~ z2KJP{0c8Q)TQqT}$a`>iMDu@vocPOuBR89GG7O2998*$CH?ElD%{NNi2ydiqA#IgT zxvdOrjKx#O_u`Iw$Uv_82C`}lS2);_bYV+OmUN_#MYNcc+M)NYX}6MoCUooa$}*lx zX`--7?`d`*sc6ugB?CqCw|xUn2G^zeEAhw6-y-s7pVhuIuYN_7-1?#E_rfLl#cBTD zIn6L{S^>CU&7OB3DHO}Djpy|-*l|Yq^wEQobe)+YD8_hlU8FnHwon>tFRD94Xw@Lh3~r913iQ;0QbBCxdsBEmc1H2 zJF3KRJ4jlAD!XgPdyFYzp2IMvG-_V%tie?jI$o}9SPWyBp5XY9eI!1L2T?ieEXYZ9 zNn7&S*d^#tQ0ZFXao+UA!VnV@6jT!?)NS!gxXlSOZvFg+aKL&lIF8%g^W~u>wTL*t z&@H8OUfv#u$A9UWB!)JlZwT}N4y8dw3c%>nUi7zM`lm$=320LW1;{LHr90@N65GGX~$JU zpYqqfXk4O)p!8$=+?X*z=QPV*?k{(KirOQQ5FddFCG+Dv(u`^G+Eb-(aUB4A+nr;V zdk=F#RtiBrA1pt!@!}nc-ir--H$R_U%t zL&J_8%!zs_)%IuEG)>evCym-UK5$GA$4aDnbC|stg3&Z)bZyA;kYbp|C^-i10yFxX z#Fgd}7}SU)mO|Om3_aHi5o}$r{8OUjs=6TeH0WvxF}&;m>l z2WAnub*7I(pniS~orp1`ZO!ixh+rDitlBUNp65cG)0vmgLyV`{@yDg_Gf|w{io|Xrua)q7J?G_ z7*pb&&D~Nf#|MvvZAicPo0_Ayu)2@U_SMKZ>U+ft_Q6$*Coidb?;~D2VP{AHT%Fp>Gy|=90mNg zd-;o%V>aW3RG#LtVeKJzzBEE2XFd!sBQBjLM%#v;*8%6`%f>0(VTIW-mA&-ii4ShX z>KN9D?RBW|_2G>5xc~XZmB-*WXm2fa-JWYaibZ56oAF6qYT*Zf)7&gZ`gjgIe$on_ z_MTLk(VZm+Qqw#{&n=fcxMk>I)Kxc2SAa!NAgmB~P^awb$B}8&m}J)|j?OCgTr`-w zV?sO~X^IgO9uZ@;*Db*7or3$4K24ni|rODrbhl~cv7q|O_g<1 zO!9%F!~#8OWr}8@4S^dwPJ=o1amoRP2=m7DlU4E|V+)>Z) zx?Y;%*0T5`?Y_Nuz4$Q04;TRgsjGKDZXTmCzaig5jUVf!d(;_TjHMl`V&x-SKBnaP za56rGvj01f9_g#k1*-5dhkndo$l0)>FSrfN253UA;}Fd*_eMRD+pw#BcT+|k=fEcR z-b=NZU$On9DFr*#PcJLyOm;OtPt@4uo}?`&qYRnULcx-q082YVe$}4a)9{h;_|vC_ zQ$_an;sv|ELrJwA8v(+jy+Y1OHGufxGWoW`zP^G2Gl_KmTb*aei3g6zsO zYynLR#MfimFY4$!h&K>#$8{R=iWgwa$a11pjeEXdkTf`r9WXj+7{lRu2hIg+ zso98g;s1{Y4d4vm78W+_N?j0;qPy<1URX0_V8EM*^?tIsy}!h*xf-l5c!$W0quGil zsJXHNBH0X%BjUIOhFI4v!;ff+9J6iw3x=DU*$F`3eXinnqvd+D<|QXK-7>J|m}QN6 zf+v9vLMeeOlyK=a0Dt>@#Y)I$+-j9J8?wkXkfc2)i5YQe`rwt3wn9!n*;SZbrXnj# z6ekxBEz`D2o=k`==J2`g+iP-FyTeAjVNZSPOM{`blx?BSVa}x+LgPHBxvYY(4@hF< zSWH95*s;#|^(E(SXa#!j<9q#y-H_Z#{%Uk>&u-i%jXJSKj4EwEN%3QI=s3G7nV~u& zLcRNKnpLhB^I)fKXY3`~;P%9Dg*@+A39n19dX?z1U=R>j#&e7J0mhHzaPOuPiX*1Vy1jKM*G|hgB-GUaEnB*bjKBR5f5va+;2=z!U4Nf(!VMvzLcVB3ugPl@ zJpVWcyF=v;@{i%Gt(}0G=Sw(OM#>nG{Ju%W7AO~*FjgP};Qx+Z{Pl%YklbJsyam-0KrMINae#|b$k7R1VGUdqErzfpXa29WO_4rQ z6L@d2;2MtvTMn!pLx#k1E=If^6Jrp{GgWElZRA8TOZR`f|MkAXVd2K-p%fR|%VBH~ zV~3;@Zu6)NZW8%XFpA}E3hc~`M~+8sjA|@)mr-+W*Wzw`p>XEGU8FXg8SOPQd`%EVzo`w(<8T`=`l2 zHc4F`OpTD8`7+jauXzmK3)R29i^$ZU3UkA7(!En`9oN)~|F_ai@5;gcCG)SV2iBj9 zTbqRI_hQ5r_!}Qy$S$ex=02eW)|9{_RR7B(6l019mR;tat{JTiyloAmzzHZx2f4n>_1JNI0R;?4 zpz|z*eA-6Fa4xPQ*K2*$%1#4Fm=ZPwlYr)O4iTL_hg-Bj>~pO~4=&1q`SG{6yAGu# z7v_#g6m$DnVO)Dq(1jcK474433vgf}8-bgnH0`JV5Wf~;-X~PVBi`u^X=Eiv5 zNwqTvHeUvgl=e@nwp}P)<>I!Q>c5u%Y2475nLZVHn*o?N_dR)#3ljO56kGRtyb;S_ z0}=j9^;s$5B?Su4AIp(2q{1M?)c~EUDyLX1Jz+9EFd0EpmiF!PZd)aPh|7Nl2g{^# z^PE0lTe~qOl6UZ++!|_enjK75=xPbX9yFx@?m;z(9d;%iwYoNk##9_)wLZ-0;`B;U zC8wG_uFT*hzs1}}u*6bX712|hwpM8=B47lUhDX0|jOgt{=A=eeS^*Hu2|8*Vy52hPBIOVA=Dg{l2^^na!P!zq$tO{2e5@Hy7WHA1H>kjc~X z9-5#>+II|FMa6-#zc_TxJx+fWF_tI5d&us1>!p^!75dJ_!#=^~n*`;e9{kHU_*1U7cmf%`_Eq}1bqXWTV<^ov%?}YJv(|z?Vlv@%+L`Pq znc9DmF?6aBXzs=Vr7%bq>XG6_}-Yd`^! z4LR%k!bRr`ph=NyV}bx>f5}ZFLhBRD+s4_~TNQc>ZZ1f<)%W>6eg(Wb#mP>53X*QA zpX_8zK}pfHl6O1hOkpCD0sto#QM|e+=H8Dp#OXhUydd%cE9?VY@%z^KR{!;*ItFer zzQ1Nar>H+gV@5PcN&7+j{%RHKlkJJc5`k167&mVdKIsTzlH4=xw(Y&wBl=LhCUSX4 zbZ;&@qN47yX<#YD#wG4?I|6dfN1~wWLddNkyscXT1vCvc0JG|)fFUT-{td34YPcNm zh)jV_oKUwSk$>nQsqmO*-#1UZgn}EF9|kY8BWGR5g}@ZDM~l)cM}BcJHQk>dH|&O7 z50iqbYp3colLll1t_ifE1lANGoseSl?#?jOLTQhr8EwySe@gdg$L$8|e`GOI4b@Q< z@Xt36cKvm%L4@gpTMu^#LVHja@jGZYY#g#~MpG5k;Ml%-+#IZ~;~%o_H=_?D#?*p- zTb&;zT95Fyg~S38I3G)8&NmFjsd~TPnb=_(xBnct;rYVSLaYzoY&F*ga=@5v)Y8sl zPu5igPTB^87X9(-8`^whSphxqv7>{bqryUq2-a8_e=Bpe`tm6~yScB3<^jUB)2y%b z{w%*u>49O5BfKG>GnBIDFlNp?b+lJplQ}C12}lQEtfr)X5~`}BP`>%Rsu(GiEqiU& z`W`0ZT3!0fFfyVGBE4Ug5y#%nqB*FoPWT*%lL1(3XTr=kBXH~W43{~Ov%S3viKbBM z38EUI<@-{|f5Gl=EglMYTY9su?TO2b1Rm3OAhk*R!JPHI4yY@RAkyrR$0-~obiwhs z-OI7$rk3XdmFLH&z0|L&4@gvoE0aHD4*0@9?K?Bnhy?A@rOWtp*{a8p-cZ=!toLdYqh13<5mcSUJA)P6ePlXC;$zW5iK~^1mY6 zC|yW9xR7NLHVmuT4~cc&p(_+ASGRfedHS2JnRkBmYW4yYn(+qbB7HH2?QfRug;rK z@$}rle&*M4ctM7_#6nP{zC{vgq%f7{y&n29D3}TiN?9AX~^&ZMgdiTtly0BINCU(wX(-vk?pP(LelAxGfb? z4>Ft5+yf(31Dn7#qg^sUHe8Box5M{cmcu2+pY51Xp;SV+g!#9I z7*|+(`#g}QxWqS28M#mOL49;Io>OXB`r7h6kx1f;W?k-y1--A|Qa`JN)I4NVG*&c= zauvS)HYuukk*G2;zcAZd(VUy1Mdw@ky6CpI6o$!NBir-2OqKZ*=X<(E`=@gc9sXY9 zJ<9*uT<^@J^604Dpzfe(x#jzu8x^(KpK%c`O~2&69@txWijRZRSd}-J%f6$EXHY|= zM_JqGkM4q{a%_aoDJuDP&h@ap9(Lxtj21C_5cIiaV z^g`1`y`N;^IS_L5PS{Odhp3L)nQ;R*4>pR$Id~^@Z`}V$2}l>f}8REBJ>I36mbh9ZQ=6!-ng? zvAp!KLnK>g1w>>0plBX|i`Hk#MYQV^q-k6hzR=Hb+9NY{Z+~RkBi*Ch7yNXlKG!&f z|J2GVyfej`i)ada!Sk?OdA0(0@R7T{v@Jd7g++SUed0vDTCwk%LVs;YcdKC?2`t{} zVs8D0LvQ(5M$5{Q{?9W<6q0qHWszkXG<|Rh%8c)@+bb99vtVzR7 zfw-cWZDc3?fcv#w1QMbJQ;V}+nuuYuqtn2&)m+mas;q99UMdPS(qw*TTuqgIf_ODC z$F@@8M(q4x^jb_fE6e-s-Q)*)v8TUpl%t;s#I+!3}O}QezG}FW9QGIvmYuiX)BB>+^{MsfD;9viC551H>_%5%RDSGp~%O;VxfdI%`6Hu z;o(qF&Sjl$-LYA~q)6t+J-vImk<}_UBZ`N6kH84g?_X3Pgp4I&ijqB)P(;Q)V<}`QRA|VarHIIAA+nSxM93B)d;jzHJn!C_ z_c$ESp&sJC@9Vy<^ZcE^Mab-Bsz|H#!&u@j`V__3k05(?p-U|Nwv*g854^ilZ~f%P z@L&}F2k`8^3Vh`&0-u9i^J*}Xjrf}K>gxKsP0lAZs5#b;E{~7>%KBpaUu?L_H)%Kq z5Nn{eD4<3PCl^ecTM|Sbk#^T`NzA9HE2*lldUkM(6{O4v2-5# z_!=gd6NnL>?#_bdJW0Cm5Jl%5Fz9!C9ifJh58~v-cK1n}16hI{_Ms|`$-E@FE@CbI z_4&>mYLM}9%{$AG594q-Wa6nRW=csB9u3+rWjYKH= zXX`zG7ovtXpZKHGo>7y)Yo=4d(x$ig2_$8s@Scw&)S4K5y{_k(Unf|69swhLHYY}* zY=XXjgk>i3z%Q$I(9lYYL^X#6KoJV*s`9qn?^ViDy+VN0FbL)xc0dIh=sD#epyI^3 z|5)-T5CNLJLJ36g3YVvg{)KandNXqRW`#55aJ(kTW*U;)e34GUKEX>b1PL2FR9xby zReTD=ZR}`FFKAp4Id!*pmT4ZLlJqkEoDNGsGUTvV708wcJqj*cl!1TR=!WTf6Av3{ z^uIWN2)k${oObT!BS6`5AojeIxd~x^V;sL&mm|n_?-BTJI$SqK;f?tdqxbB+{zJG$ zuoH`@@eK>6og?yfb_v(AS#T0qoo-Y{urU!O=-E5fG3FxNxV;g=XnX#g$Z-t6h%>^E z5e!~5U)u}B};F)4VyfmOOd(&GkN*C%Xa~X9XVF~fYKr4v< za)Vq%ZGe}rAN`JW5ex!K4xv8`-PB$Ko{>pm3**R5o}UL^c9%OU zXAlp}{>BW5uzp}Vya(F7f!kAqfD8iO%_#r3Q2kgD zt4H{sUHx^4R-aQaC)RDZl}m>AO>7)uicvg%PcKrvfATT@i>aV^S=hnoWjpjE*8%hS zd_t65$d{T^D^26{4rflZU4-P%?BCH@+=t5B@_+qV=A+rJ(p^pQDt;sQ`^l`&wA-n; zC{P!rFuqccgmJG8hj0-mM_nV+2PHqX9t`(%D!)Ew$*nzMC&ZVLbCaPBg$I|D<25jl zNh68$7YH**gGIg#L0%@DU3aHQ1QjhV=o7(Yj`kp(Ig)sc^`kC^W0DqSo+mFBAG<^>QBaAs!(-MH3p462}-C%#NcQKVC@Oz@sbN=Z%E9un0jtRF6>59C;n=SKbNl zE#qm3=NP%()_~z|f4in-JS%$B$t+r?jLkfcDvFLeBqFaL%S%oPQF>A(a)We)%AM0h ze5W%(zy3lK5$4}lz<88s<4-Ma9^qX`;|SB7TaJ+3cwM(A_u@YoOi3xU{=_x9Y$Uq;?XfbXUKgUx(w9 z(6s}FBk(z~Nl@Y>7BT2tA%ZR`gXDcH(c5Nre;GvL6Rrmg6KO6MP z)gxfU@Q<6m{fQJWROVscU8j+khg5~YVYoIN=S_^|f`Tl>chZtQ;@dnW-j?%>GId2P zMUn7Paup9jQ#hM^(zKK@&pM+n9}4#4AX_kitaAm#HiLJc;-Q?%1fncDeMLgkhjwq+ zG?V@t;WlekX0w|WIiC>&if~rHvN#nm+NS0~`i%0F1tW*Kq~?4x2lvNIkbsK+M4W9q z%`96+Y;qEKfFLSeJ)IurUs2+tEOu4~na^kJ^VykwDmJua%H&7o(a})D#tkd)f zO`<+#*P}1sqKI!KS_I38xGHGbZ8x_D7}443q$#yth}AGXhQ$C0^56|1*0pn;1w}14 zL#s*z$tg}TPxk9Bo)9RNYGEvUC-q^%;%>9Z4`SwzVS04vT&%#wXVj5j99Bxg?6HPk z7>Ujx>akItU+=c9U7#@GK6;bt0=x(uvC?Kt4R;2#*zK!3%B^x0 z^YXE?kN%=CZYycvb52AY+^BY55qUm1Te>K2yzzx3-Pop4^`r)wD9Pv5iq<91%`^7b z2o@=owyzmd+4Bq?qqEp5I_FL+D(d z7a?eK%TAQ?0)jI_j`3lNcQ3!)T7N*4(^AG>OQy=G*I8&N=-_h88(jSR$&|@}o$GoxJWsQ%Qx*s0T4!RTmLwF`Dq1f># zVrru~qQ;x_fHmqx`U#?<7#4`t7q!4npjpRU#3U%{A$8#w0|wPl4&%uuuG!P**H0Lj zUZ{t{Az7u88HQ$&*85_rHcTJ0^|N(UqOAH5nF9P3RkUodFK(g6 zxJ(F$9hKT=H~>(PIuN#5qaTF1h3WlGcF9yiuh#mRV{SEYFQq1FL$M`o71g{LvGfaf z68sGQI(fHYHuMR^6Q1E~-ZSJb-#tN3ROf?fli4Fq@F-01u~YXidSPvcDW9`s}4u5CMi;r$|SFN=&2 zt@WH3YJ>}LOw?-M-5h5l!}Z=YMSaoe{iQo01d(U#ctQXDhG5x?4RaSUPGo**cy)UY8_EQktwJqI1S*M6=uWJ_SCO(*dKYDzPOCOv zv&;jkbfs+gyxR~K1sQB_XAa^&k;5^wpf+piJywfI2e5)Utvq=<&^yR)0#Cp(_T-=+ z)OQv3PV!~AII4{;#&paQA;2S3N;qM_D7u6^t6$E7y{4N8nlnfh=} z&m4(D>`hu2Kes7OU^6qJ2&H6G(ZLd(Y#5`?dQfAhS?ku1S-S3IkMW-Fx*t8 zvO-G3lb~TEJ}5PRC@yVNQ2(`#NPFO13Zj{GM|MLgW?FRF%LJi0#C>4u73ckUi~t8X z*UKoGUqD5@YuxNMp4o;fSS(%M(a`* zz5o6-3Imq!Nbgk07CsxwYDAEzOw4lU>8^E?47E;rVK?lU zWEn9l5cXAfbXo{IlTNaQ*V|&(KI!1mT1S(E&6dzs%MUstW9$sJbU17h)HrEz(KvIl zvfjM|Q5Lz+xoA}(0V~NXcISCIn2WkiTT!eXe|3!HaT9U`^)C8U872s`yUX97b^cHnQv+3C@p4qblF_wQ@jN0_f;6L!_Oh(1F z#w|}i)H+5^A~vmATwrgfYeAOHe)pYL0=`f%I)f2an00B*3#pT8T|!%8%60F}|YZIQbQ@L9@0c9R*`|mW5sT za51sBLMS_Mc8S8ei^RipBcCk_C$_bMxX+nRmf+Oi1$anjNUI5}Jw@ncxiww+8EF=ZL3aA~P;>q&%F? zY)6SY61nlF)8J)HMdSus5qB^8uaV7a=1>-SqUl*y#~%)Ct&D;Hzj798juXbcQblL_ zPb=S>vChHXy3I&|dPDbm$*siOLYQgNxp*P-K~zx>*f7a8(o9%`>C8~eo{=z|F#Rs~ zJkqNYC_m!6Z`3P&j9C$}x%ll(8n&AeSvZehtOjQU$j zk~x(?i;m^7BQEP%lv(XFPsBOqiMxrQKfJmn@AmfF>9`|j>k_Ce%aU>(0AMPcx4FBN zVR~VrF$fquTK)K|UZvMxiS2*o82_UxYEFZyD1-J<;C5ByM~8*PCF0tmOTlM@%H#CH z&oSsuGZ%GPGIiug-UQ68lia{ZOY6u8>Z2c^^|nY6 zrA=1Yzn<=Z+POK-FiEpl?`7!J&SAaumVshgF|G^}$xf9~ORXs_Ih=C*<{PoyvQrOH zjo4^C^DVQddOObj!wW#QwbN7RZNvn`t0%}k6WMf*HGG0g?&&T#Dep5=_^7xn@Z)W_ zVZf+L4~dp7$RcW7`}Y{;CJ72KO(~+cKln=;5$3O&ik&Z6{N5ugyLPDBzT-b?C?7<9 z+=j75HW%SsMoufje9;z|!F&k!1rSI%Iz@e-2OafP9v%D6&~OVWSCJeBZ|$`wFo3cC z{w7S&Xq1htmT`xX|GSfIf%$zozMWAzGNyv%*EF&>$x3;&qnpzO>L{S9fw0}B2bGMi zkE8OAb^%H?vvHb$O2HCXH*;q6x{1GlVG)$KjvMc_@{%?KM%%vs8+c=n+hF}s)CMwWrt?OM1+Mj z)aQ$#-KRLwHf6^t505o;v!ZZVI!0D{`ox=BO>BG^M{#rEcRNORjbjppeJ^J@>?4`* zx9)M*um8a@*VKH#DN-m)^bMQ(YNaao%t#PU1pV-I@RH?KQyX1$F0;?vPv!P<{c{YT zcAsn~Pq+zlUo!7>9+s*KReCP5?CML zT~#m$*Kto&2{;93@Pzj%tIY}475q1D4iH2j4Q38D* zvdE9JpFf_*DZShC*^*Vv4i@GDI;*0=5hTnp-s^q-cR~~e$`9KM?}d+bmF*D4-w?hovnBX7e#l(ii z*46{C@*1(o0e_KKy;X>lo3qIs4pTLeKF*u>roGY+0;AhxhjRNM?iLk|m76-SgJnuS zam3<3YCd5kPH^==mmu;O*$&X<<;&pI3sW;oXt=N(_`HUDMc{;>puM|)`}?{gY21wV zPaZ-1QlK=AdF3>?ALhJ{HIX~}){bRoMb^RmcUZ6iQ>h8fP36?L_RM{qCR;C~s~$Ku zn+9%sYy5M){OQvzvVBoEIj9O{NHV%K8@?`*lUN|}Svjb>I~WGxY8=97H;@YX3yCFG zf%yQED_sn<;cbG%&ySYDW-xlHSrIyw7l{8GQJMWGwQB9KM_Vy~q{b z0~dVdd8aM%dytsuL7{MMbIQR39RI6s0-aW{mJ68 zLjIb{OJ`gxXJ6YLyfPd)OVVTYMmnjAu;}JjsYcoYpp<3{eFw7~=1n$6oWtmhzh#@ar4w+txnigSR#MTu73uYsoO>$ z79ogBB_J@w1N8#N-=8DrHR7R=QwEc`Z#ci)fAnEsB1GnT(0S~%EsUXq&xr z9*+5%8?5S5z!3P?i?MyqV!(}?D>J5Qdo0_;C1__NO00 zC|Dpq0N%*|_0-_5!e|MPvC1(;m}nYb5L?1S7e5RE6LJ{Z+j00OMiHPd|J=lp{bD6< zeG0$8<+&EIGngMf{lIwdsWO7$sT@ocZx+^ayT`f!o6oVg-iDP{;zrwZQIo7Ahv^KU zYT#IV;?Uf-^!NL(i#T!-{&?_h`)*K}f&fARKFiJY@HLoh@I1NDBctlrM1QKz-yNu< ztu?@#NPlxo*Z0z~?Gi-_9$xqe>kQc1m#xHxe2r5@SA!6-Tfm1Z^8b0(y2q~@CWTR+ zh?BY2?p3jps)z?uFrQQ|et3t7zl)LSKw666Q47WGV>SR@v6}Kujo;!VxorVg4b1yC z8+L!(q~Bl!7#lBW z-lxD?tX^5>gEhJo+-ip|UmUEhoa%e*@MDG_DnlP(rm-Es>tVga2V_Au#6N#OUD~%E zI2kwBzx?(GgSrd!g9u#>SU&&j77*2DwUyhPaBPiD$}A_`@1@p*;~m{e7Gg@!qkvVm zx-DZ6l_V08h(`hmSh(f9K$hI`s~RRg0PgyLGW^jec%z+l3t;pd?+!$s@=vvXkJe$P zA|Mov*j9k&h96k3yz<8Xh`aE8h!>p+W6$wwp&#kpAsb#_z;!0Cr$e*zJ7VTBlM3D% zhqF$8coMX_U^Ncpb@JDNkU!iF%y)b;cEH&#g6*Fa`t^;jTsV33VXt_VKdj*60xz!` zP|=-5`w`RsI?;q9%KzJ|YgAgbAjBnMu(}F`21TK&ApFkt+ozzGf9RZ;Ce$E5aP;KV z$rKu8uyQa%A{Lf89{Zn*rt0b<6oJtp7`hMPCT}F$l%I>+6s{(j25F?X^np2wFo(HL zL9=%^OyHSMm7g;SfUWe7wyqiyqvbwO-8s7stEE8$nrnMFA`vf|vYYW8^m%;~b^kj4NLsK|H}-N}*rWJ3)ouXDSkn(raJh~rOFSnW=w#bq^KKL?Cs-ZZgP+)k zuw-ifU{w;=wY=5 zA<=sGf&(vgQJ{p6V5B9`BN9Kb%45rwTJ+lj=3-2Qn?(l1bB{E+a*i#%s;P zk-9g#;^$7S~qRjMGg#>C0B%cXsCX#tJ}GNgU!l z-sYp}KwRNNG|V2I%h$GkX5YF=T8nBQNxwWC!7~6u-3#tys`B(2Fl>eO7%!81zE&(3 zyYwYF_q&Pp&ID+A_#sSe_a<4R2UG;Inqf((e;*|B08Wzs`z}otk<_C-fBbPu{3w&s z@S8kU6mQ-FbMd{TtfN+s&Esg!e?tb~F;8_WI3EI=5X~i=^AKW;xO-mCDJ9tgE7)7{ z*<#{VI3_O&$ci}v|ES!2WB%%K8{N^q{=q5R{Y(*F7dmqy4CR`+oc7H(i!KFrnjF)U z(1u;i{ZC%QBM_ViTX}hy-!jcQ@{t_qy0$nOZ}@R*bN!PhQKtV*4e`f!@C=z6tb2k@ zT>Xi-cOwwpQ5f@@7BIy8+;d7gidHV&T%(v+QXIwC9MF7<=P*w--3%`uUF`m@#N;!1B(Viuc#p8x4cT%6 zNz$6`_TKF?*j_kE-G0e;^`BK_v^DQub#0!WYyGJrWP#Bvl?sG-jp!g5a~24lWnkg1 zMl{rZ5Zl|E|0AWW14Pnp=l4ZjghE)Q|sf_fcK&*LttuJCvP zsLC24^_$DKt>IIkA9Vc1s#vSG42BlUdzV1d_kqtI3DQ`)0`@yqRlO#vgM`Ulhz~@P zB_?96%xCNvBCiTSRLU7A!Erm+0LoZnVeNzR=K~N8SVhd|R+@pF$kjriCR-uD`n_K|II-8zWe&t-av-&h3+V zmPZVMVeUVP!P@8yl@zmgYQo?O*V$S;mjZr zDo_0i4)bK2l>V>#q`igQBo~XJqfe<$%H#<+vFLJH2IFJ*hlN(Y<0Ny{4zply)YMyZ z1`Rhw0AS&WQg#FKt;fW>dsX#_^L@;qkc8zSkAVrcgP)#wCfEo`FRX|}6y7#B3y3Wv zZ$=Svgv;_DDn;xmgx&ctf!%>!>H?^EbBe$bLz6?ZQDt{j;o04C;T-0!5WFXmjHD>~ z*(kzn9Wlj6Mj`T<7kgQ2j)+9ZtCX+}QA)8G`{j|`!c-EJHbwV^ft`2X`3>-1-2=d~ z18<{)u>z0e>8-C*!WZ1Ypcv`=xGV1y<&Ntk$5xs))Yu&QH7mi!52zzCGDsktm1NE|NgXj?CB?}h>HIKteL-pGL<=H3LUQqABsO!x5AtE~wbG%JY~odM(E@;P`))JG^$ zeFBzH8uAhf9eFfMLDUgF_#P!*GPYs>=uZQHEj%Pr_z9Idu;~uMCEQAkK3hCd&#ZMQG#k|t( zVrUUWU50bm2XbqC5LpxwiB+^)znP!o3;^UY8Ze1B$s%hiNi9R$c-Dg)^=CoX{TwVutYxdmAT+O1zuC)7dO$MY`KX;9Tb z<>=!9d&8n-9U>S-P}VNS#E>7z7GBxrs^R88kKmo#yz;5e+(?1BJz1)rSy$m`lb0WX z#4tJXSmOks7Q&*4NT6AXr!EN|Opw{l-+C*$7o0U8|L36OpBugi+479Vy)R~H*+son zWdY*ZXl-?DFlSd^0fwCsHlReO-7@Gx;DwC7x~(`Dvbl8X2~^L&;J2xTyyE^ty?N>* zL{WaBTlFxfFIC`Sc_!M5VLBwq~U%t3TBGWc3Y z_ifwzfb!k?leJJxt)yv&t2Aozea(2*6g10hsLHYRyRcCMeLxl3rpZG&^OMJwvAxqD z%Lf5-C{wp8b;25nW>o4N|M#N|KKDU@i$s zNh_r<@E>T%U%dbc`Raj>oNEG*Xf4VzLkrRtf!gE?YF$jy<^|^Bh|?u!ojc|6K``!m z6iLmrrj|OX%0$S(GY#)R++}p5a0P(V*_fU+-_;s^n9^8GTYU2LnBm*<^~j;q1xYHRxlvaGpFEdjK! z6+8xM}{smVt798a7?o{_Ku91SC3DlM~~{|AI}Yh04<`2l8+4L|tFpT#u2BQsD9ZtI!%)-+e9s_C|IG|(uwhCUo7<#r7><5Ms z!N9gNyaUy@YsW1qv!?I)KnT|W=Gn{u#-?d$9l+lfF>2gb$0m?oIgE=x~m>j4lZaE))}aGxOFoB%k}!u-$gm} zE)`uiNj4DlhJq--Sd45%y1D`}hiBcK=XvKwTDpc*AxceOlq+MhvZ$l+Q4HqpA4iZs56 zCG-OaT861>%2;mcyZE^-9`n5cQ@wBhj~WYz1x9jD*TH=yV4D5o0+M%tbPBf)d4UIA z)RD?|t_W=pbWBU{UzgB?s5Az?-p=oZu94h(86-J)d+|(fFaRh!J+%$>{9BbW3y;Xh z<>W*F{Fpeoik(m>`%kdwbQ*Z|s=%)pvfcYLgEIjXp*{$_h3ItP*r-7ktUZKQ z9Jm>(F0A3Ry9o!WTKyS$`>a%>eS(*J;IsR8dr%cTZ6kKS&n0(3^5#Tw={b%v<6sfe{K0Gl8 zu1d_O@&j%GDEOm=GEdQfKxd7B*-J1ZND_zi5ng_z;<-3UzU>^~Rz%zf#^|jS56fg;It~A6FT^AP zEFt}Y;_nRyfa#kkKkn_~A~Y2c-Dv6diXyqRf7v0Q`IKw02f*JpF!cS883-u}UM5os z>}NFDl5pvs#tF3SB|YvZI}`!vMwd1{o#iB--5}%;k9IJ1P1aDANPO%FoU`R8*1Kd0{$1`JoRA2 z+N65!g7+mlMhdW-&t0_mh>X4=er5o2KJ7tbH)wgvo=YHk8-xdl^&tGTWWlWD^LB88 z0|jLeASF@jA5U6AvMW$(vW)@%TR-~e1U8Rq3-Qdc3YT^sBSd&mqX*7lAj;5p032N% zM%B$%wY$*hGVm4FfER*|=Nq*w$Ln0@5)cAv;JrEATTl%wiWu{__&=*S9AZ%}wnrOh znhpKSmt;W9V}$))Nk6Ox0jcW$#3Dx#Z|x*Q@)M|B_u5aeLghM0;wosQW1zUk1(w>Ic~2OatJ`^WWbHp`uHT3_R5cL#{?pAT^y{*^ICW)OJMGIEzdv zfEt;t0flm2beWoatNA_sDmq+S?V+pnpp#0 z5gEV5_v;$(G}MtHC*xa@igW(OxZqi!O_${>2pXPBJ#}yQwT=16$_W2bt#LU7+fLfF zUVb>kxjeQC2@v058h2JJ<0pW+3jH^7i!ys}Sg_z;*g%$-)NfUPY1qXGc$YTbw0||Cl zVLhgrOv63dOvh0VWyl>fy?~wF2Ob5+ue+nu&}G%Fh=KQP9Wq2f(g>Nd5s4Mdu--vM4t< z#+kCYDl)5t;}D1$CI&vpq)FqZXBi9?`@f6Yk3e-Z2@^l=pO>O=%JjX_T(Z*#k`JNU zUXFKz-LzA-B~Asl^?#U{mt>~=j`=YbNk~QptU&El9qERiy|RN$jQbz^VeHza+~NdKv*sT#Fgzz62TZ50h=KGkyx1EA8SmJn{+#)N3=_eo zP#=SvuL*q$pWO=13Ib@J+py(X=DKn=7nI#TNFwnghlY^m(t$5Ep6!79HD)O8Um4L7 zBCdU1LB{wa*7eU2seC$S#E313>4qY~BL76A<|FH`+p4u-*Z2Ed`M;*CdP1y%n@hIa z){&Mgqk{AB?tW68Tzxj=8>4lXEga)4vV|D?Cb>q>%CVjokfp-{I%s*xKkbrO_F))L z1cg8#fH++MXjyY~5vPX*{f;(t%f7j0UsysQJCk6iAoUxt~HC)@!ky3CjP z{8rP=sCCfdsfD_j3>1LWW&agq{7{E5*AdH6O`ese=g_@)l8KFqvL)ww5sRC!7%ldo z;qvgxqeQ3C@`w(`VwODC92Y?3;~5ou*VWdi%Zog&HGESa3D_-C3$S6`@1GG&-zB4? zr6dU_U>lQL+hd4bmqP5*;ZNzoH&^`8B;v#fZ~v>BQ(!=WWYIf3p8#Lyx|ym^P77BW zUAX92{UJR&)t$isR}u`}?*W>IBt-jKuSy;R1;=|Ji}_UxLOz{R-Nbz074HxXLJ>le1!_$q`|E zd55IRjo^-{!$}#&i-@(hMDrDsJZqhpgm+F(KS2^yIUzS{r3~Ax^5oP2noWZa-u@M3 z+Jz{?gE_Z7AS}*E+~}BS9tY}i{g0LiI3oKn=1O$jQ9l8cuo-=ic!&LRuD5%xnRjng zuw#68m>X2(@r<&BJrP71i8&;pG+-o3(uQ7aA+>|EYZu5C`r?GNKIeEmuA5aiayAUq zeg&c5XXg+?Lotk6Br*@T!UT6xb93>eMhB!kpQB^>h}nlzTmkggrO5s)7uURy=Hpc1 zaoa`QAVPSlw{9F4HFkkfIs*K~uzfvn0q{QTkt9~2DoC-yaX<3zb%rw(I4kBmvrjfQ z-QHn%{6G2KB*g0L=_=>S+?hMU z`@W>Rge7@`*9)6IR-Um4j_ptM`M)Kuc_minFL95lMNx827;Wq~RzGmKT}<8W3^?NW zBlk9Jb6J;Yp%37$H%_?ugh$J@Dg=DprtyNYVLp?%IUD+U^&XD-C1}s9VcOY>E^Y@5 zd!3G6H%eEg5kkPM52ha1qBaYltS|(WiQjAaC)Rl%usrsJ88rLtFskldxPpDP0dpSb z71kkbl`ghB44J7E#lV=$vj#X=pL{Xgn+s%nD?Dmz_$Q31zEt?ttOSXFFN6-Y*PmWw z1gz;S_9n(JwXQrp);oR@RhzGe5tfIu?S6~W%V!*Lns5A`2HVe=3DNARycO_9`g_fA z2lm|0LCj0V+0%MHC5*w|k{!%`3(wm(B%_u}R{S?$ID0}aYV6Tj^Z0I_kdZFWjwv#e zR=bw>2*&o#eKqB`*^yB?AAoAxlfx90F8w@8eUSGHVvm_MVwEZ1Le|yY1$bv~A=zE~+D$H5K*=#vs?_?e%F_|c z{Y6+(Wu{?kN%0p{42T0qO}v1HjaahQPCJr%-cQj@;VFVWa3hLmW{HZ-(;-`{E>FNG zVg2Hw196DA{)cug9*~^KLW2ZBZt<7uah#Z5FgKeX*mHD|q%lP)zo^lPuZWbAYToO1 zQl#!fWWKVwFgxny?fp^}WPdhn%CjGP4enUa$@Gsi=ft}n>NgCYe&M3&hn{d1a=TJm z#Y-1gn|~6hQ^MZJuF$If#$}{FlcG|#@&>4@cJ!L&3kwlC|7)l7AdEVq<)XRoi%=MjLKD*d+OXxaV;$*2$HpuvpFl8%0o(e&bOeG%M3cxbP<@I)GYC3x;t0b7R8$V> zax7MwLPZze<_v*q?D1enl={f0uf*Il!}SRRV#-k}d0Sh*8txFBgg)z`$=|r~SbA>r z7|v>Asf8>15$`)=%n^|XkoJ7B2XWKf;f(M`?@WxuAx3$i(^afzU|MTs9x{jJD;0MA8R@Ml*rWU>bR+(004ay z1;f#?9z-dc)16 zi-`s6Rd-f_>0ftO=i1djM$Ush3SwYQ<>UC`5zZ5Y-=lmrTJq%_kU*Z)9v1Qwt*@4F z)d)f=8@k6ZRl=iR8)UBfZUfQvuy{vatJ+@}&&o0;V+-vx{|FX|Q^ZVcwuYBA|osQd|LNe}j zTMDRODlu#sSdQuQN8H)v?VcIOCTYe-eTPvv*X)@Y0S-FH+r-B1FraeybV3%kM2Zlh z{CZ{KAmt&^n?6WIH&RjDe2CBFW2q?$bfr21qcwKpvQ7}(<%Ja&8 zB8{#-qCkzWtRWVTJsaY)VwA0?L75PMc=eIc`D6HnJm2m5D`Y<;P!_h)F_8Ju+|dlK zt%G<=_airgkXjsfc01Sk&b5RNzv6iyhP+03(w(+8cW)D!>N% z$kAx+Fn})pG>y4PZsEf>PI%NGX&f&+c8*{1Rtjh?Yi2m@D9!N zwqxZajJ|)c;~2=;HA#sL@Y6FGww>5;iSf)FPwCy$`J&%CPblVWpxzfriR84)qqZwx z==9?b$FdYTMXCEr79+W(nG3$zMu`h0wTo7<4D24cl0=Z~TSwM}^?Hy;2W)U!g^l%A z1JSiN(&p*q(tSvDa6Hbx`ks?cX@th1t2t= z=2K5G+}WKJUo6IYxk*Tm(L1L$EZaTkaQHzYWsm*^L-UxFRyF&n~vYK8e0BT#yv@W$|_I8>eT4kz!zA&HgSA5d2|o z;Uc6-M0Z^^2=qjoW20eL;JX+#m|q&6`a$JF&iM_c;Zw7hrmtJ2&yM50eFU#sq8A!4$zY!l9Z5lt-Lj9*0OWM*=N?w& z4E%MOE_iW0t64ICHrfXaiZ=|l_ZU&NdVAIe=Rzd!KFZhTUb-99;LEQ4YW<7@yN7Is zRrtZtpI`{3BP=+s!+r&EhvT<}Mjk?z7tKiGuO@^n@2+s2AX#ptyEsSb+>qNk_4T*t zZN{X}fL;Bv%Km9g%YeVqJKS$)sm*nQ!6Fp?OXAAk*eh+PW2H|xl5EJU-CN@L;tha7 zEV}r!C07!;IId8Rw+JlFH`#gj9i19qG2uN|XsTTa_&viyM|K#+c*$uaC{^2qJx%E} z#W7d3S7&=Ac9ES2P&Ox&jTZK}g+P^U*gHt~lvdqaypMuE*{kLl zOhL@l0FSZbr-s)B!w!Mr+4((D&OG20+zw8-9Vt0pSNyHt3CH*y_ExXMRNL$JUU+q! zfs-)i(%|;Ul6L#fg_&vVSSi)Ilvyy~_gWlqCAAPlg;|Ie$x&@JpeB}=ppFP(BqAMP zdF4=Uj=s%Y*V*{_Q1}tG&Wic@W(lmuZ|YUSXgl++UoZ{T<6VdwU*) zpuL`NSZPtDUs2LA2n0ZR*YG}wwfquPu2u`YJdvr>NEZf!tjGd5G=e$Tz0m&I@3M)o8d3WjtT+Z(SqZUFu~ORy(!0mPvMjB%N>jifVXoZAg8zvk(DLHnp9gaC zIcP9h2NM4cuX5N7idP430igI4F8Nd8WoBqF8|cpzULiS2G(O|_Du1p zryc;ODR1B5u0Ke_-_b|puE)CQ%F>2G#+1|v3e5D)w@4y-Z=jZ8OBH32AEk8K17Cc|bo%Ma2I|&dsXs@=7ed#eI*5_H;U2`Q6K$@PZvtceyGJFPO*LkK!I{ z&;j}aZb_)4*!=!$4F#tDdF|I_NMUr$W#(-1gh;q!XCmo$m#wt!GT;uV{8=l-9?)7o z%M|dlj_Fu~k5|P0f>Rbtca0^E*Jxxhb&QyPr@qPXst?YK-m$#O(3g%GZSB_i;z{VdpVF0q+lU&e*WX#sl9Z-4jti_m1n_ zuHH-ctM^xWQ&5O#tSbWLoR4KElDXlDmQlE4@Q(64?jFoyq1GAzEpOL z*{x9NJg@Bj8nEzGOb6(Ulj)5UT{2rF;`&BuVSglut+dy%T6;xTf{?}9CZK{kVVzQ+ zhfn!~rkTYstT0G3Ozt{o!`r%mxmyh5_(wOQjw&$H;Ht|n|49E5kqz?mbnU}j3k;P{Cd@zr+xWbm7;cXI%UfD_R&$yc-r?r-(R)=wA7u= z!DBMFWl@KUoS9K0dl@T=)R?cPF3WPRX|l;? zr%n>A9?k?Bw5zl)GfDi$+ayXV1yXbi z4nxQ~VL`!aYoPKsfSTzr$mC(NaBfO8#Pps&50fg&1%Z}~-{z0}W7pj=_NBX~#jFuMF9c5UcT}VW=JG6|r*j@Xl+6ylOkloS z6SRbfN6vf-p8qi4q@aF#fR1{ZHIEOp5DfN>HQ~Qq4vsy9d$LgerLw2+`t}RfD0Np@ zmUr*~zA%ikt8niQ5_Up-CrSB3MHr>ptt4T$Ko7WaRtKc}_Nfm)^cqx}ygk|6EUE1d z*vJE@FVfoU-)(RbxMaxFN|3;fSCr(=7w+brny2rKjH=ZBCBw{MEg7|Q5-7yU`%iF= zi6y$!-=JU)b_K)A)aIh@fVFv6Pm#f)^{xOO(=L4QvC)8bQy?jQ;UpZjs~_k3FZ^}X zo`G$HD|R+b&Qix}N6)T5sOZs7Dp~ZbJo_wj2VsPD5oSHF>~9>oI+v565UC+B{`QXK zR5TlR^fkT%Dfv4C=6}t7ap)BqHhno_%3Q{LivI~$`yJpLTlLmTZ!ivuW^;N8vlv*B z40WtX-`zfL-yVV~{1R#Jm2dkp^AX+x-UHH$5^X2`rvl5!#wUIJx*Wn4$vDwF1 zATRe_Mr1do&-r%dmd*`?kw|?Ta{4@CyjuPH)RkX7eKq&tw;K3<+&%8Ev!og+S!TBk z^Zc31*v+IHgPUl|R>osnzO^O@c@i753M$L4TY<-cD)ROtKDZp_^!Zi5iueisYp-nZ zOajTzO=0G@ADYqw(6f-1?AX=BzSfOuP|;$-&eP!>ro_oABu8PQ*zu18ni~gS?2>^s zcEjm{)t~n%AATd6mX4ep*ovx4z0O|Yh?n!|exG~|xuFf3ecb=Jp%38;hblTO+Te!X z&wDGmOE~7+i39-+f2s{0svV_C1=rYhB+}w0+Zh0q6H7v(s4umm0Vz@iEH-iH33-7? zUZpstF!&ZuQcJCoPIam4Rak#;Y5LmStj`dOQ}XcL^?W)e+2{R%Fj&lQZ0iFmL3o1E zSpx=qLH>hQIDfCpuxY|Njd*;#$vXG0&h{AfmTIX!x7*qCue6ZT#v$7+<{zcaNqGId z`dtbMuyoA3zHxAqut_VDyFUQCUrLXW<@3YD>jt3FQGS@|pMD;+71#3!3-<;U-L>z~o1x3=ty)`V7VH=53$=|It`|@qBg}rjGgf8~ zfZg+IPE7j|^rR2K{|Sq?%U?ijnVVH!&-nr*Hugltf~))0_7fw8!&N4-$tDDVhgj*Y zdC=2}2A+Xki+vOAlw04%f;={?s+;Ivk4-lR78~gjhOY-o*qfI-BX8~|m}z~-;IwqD z*^&f^^zWQB9JijD$_sP7BkGtzIerp?7v2Mp?<7!*!(TAzyN!H4$({7z^=-x5b!@7h zpXHY5s?2yik6w3ej(R8<&Q6FE&tQk%J+Wk;BT*!~NSH;k2L{LYZ5g>HZ`)a`F7}p$ zhA>Z7*_oe#%6x(Zf2YoYNAE{)xZ1Bl@W*Jft_<{a2@88$4y@4`T!e#0X z9=%s!2X*As4`ACFOdu!R>KEDn?lMt?8g;rvufs6v)<47U=0aOJkZ$R*Da~)KCd>yj zr0;!?6^Do&$|)=3sFEsBSG^F30&+$Q8<9qSXZiK>&~38?VBmer(^M-{#wT3*#Bq)k zQD0rKk!bs=P))aLHRbUqi%?^!p%6XBfOHR=+DiokdlBEu*Zo&1uTvDyZ*8oWg^0L6 z92`Iu8*aB%7cJo(s#><2@6~`M3VI;Did~)vynQka}>X&mo<-3&K`;p|z?w2vsuLP|N#v0U#o@seWsoE9$;(k0NUR!Vc& z^XdG}aOJ0Cw`|L-ZWClpT}4947Ycu=AoA+T!=D{Ay<)VOr*EYum`cLab=hkw|%IDzj}uc)2E0 zAWQITg#?AGQLu=7hv>d0p#?jBiqIydX!`)r=3R$!k$iObSH z_|8qbmfhRdqD;HnMmquGp0f2_9@de1iKt)#ga-4ON5kk;2fS_=mmtwF=YRuzUd2%7 zR+!ulHr8Qa2oa4^RYcx1tKR(vB^p+aF<8}dMKwiFf3s>z{CBSn+s&}7(>nPyCFwR!SN zN2a$ZdaMe4No>!nD9c+8tFq2Qz%O{C$$K}X$^JlO%*!4Y%J5fv80_s z28UP3aI^=|p2?Ak2;5_wI#TOgWY~LjwD>nPQ0njBzTfb{(H7fUzg}$kz3E9yb(#jR z&pz-g>Dl;xszDi`!QJ*TT!e^XBVGJGI1&23gLAK8ID#Xz?UnSxyjV232d9~g1$t2D z&ng^hom99wWr?$A_DWM<-CcywrOrLa+Z)C8s{X?ZAb6?A{08`KbzPe3ohj+3Da#7{ zF0FT&1Y*H7FcO(93I5;({Oz{PEt*1W(s!5!@;tG8s&wACSi!FPgf3l{R})kH*-3ra zw{fRo6K5{tRe{Om0mQN!?A_ugL1(cFD!r_YGcu!$#VCZC45lR_SF?cfStfW^B=Y{! zJS1zr*(nrsW^3v3wYHjR7}AsW2{2~o8*&lv(>O9P85{;iap>b|RbZ8s13wgh<0nv7 z4nW@!>v#FgCoTemMDYJ(>@CBh-u|%PnL%1WKtO3kLb^MK5`z*HN$HXrT6!oE2|+|! zQbGo#85-#hrMpwQq|cgt{?GI3yg2XozOKE8^;_#3_x-uGDQJZ{O(Pe6$t)=EAHEu9GJhn zH79X2Htjp0Y;8M!1$xoLKWW#)<=`@@|MjMG2$X;zB;e!~GR%)Q7**0tCvjaK z?InSzcwe_akrNs4K}Oq-D7sRa@2?BV)uo1pe;UozJ~djy9MgmBtct|{>X|%P2BsTh zuVE^D#@_ktc|&Iqg}KsZOy4fzX$;0(^ansgT9OuNb%Q@_&eqpD&2xGwuT_3r>+}NP z>Ru3r+Ezl*Q_2#sMeOh=T#SNqR1KUZqhDOMLGNb77`|TuIOk>F zrw)mEyjnRC`MPB}x&RJ)1`H0AV_?uJvv!7YPw^DM)322*8ZRfB6lE)ZtyM#gkZQ@vJd)^8jBa+DxY`4|pOq z{p2j?8b9FZifQYteKCn#8kUM7@EwRgOIQj*K z2g|Eun_882y7(9RV404#=;#^S6`XvmE0$!p)`3=(-0*0=eBp7P zTGts{DR^DyyLw_}6vf=jmy{uCU!-4El&@2gx&G_iCPKBHcHz?y^BXUaJKQ#-EQ>iH z6ppCiE5Qb~h^2J0Iggam+148}fD7Mq_&w%{DF&oAtnG9DS2VL@nvahTPYTEgN`HUm zJuqe^N~kmboDa@-L+rB{<@H*-S4bI4*oUVNSpQtI(iu)oo138A3UrvmE7-hFcj#RD z(iBHKowuC$@Bg^DEqQz_&OpIDoqc&bsDY|m zhxJ02#2VCiWP!XA<%|$$Lest!1e>@W;{2}=K>y{1REl4Mlw zw{`V;8wIeQVNvJ3gSCUeWPBGw;8kkm8t+R7hv?ML42Hd8gZ!=AgJd4cdPu=z&KZER zG6xj3q?4Y9PgjN0BTIACQaO&7Ebn!P715Xlc_Eky5wQ(hgBd~Pp$7@pxU=Fj)jP($ z88mxg62R=K*nX!&fZm$-3Sg2S4%Gpz%xBSK6Uo>WYn*6e(P8LFFTO|XCq_VY~SktGKD#P0k|ox!oJ;NM|4z}#%m z(gd`5Y97XYsq#%q*FaHBBcU9Z0KyMp7Aph9UsBLBbihnxfSpE{CdNgY{2IcQe!B^p zhr#&jw@V>Yi(^n3Ea`z&)H~xFMK;j==0!9p0F2J!xF+B*Y%i1YVmCEP5 zin1(ErLpFzKhksou7&V2k|rg;h_1P-9S?#24fS(JFw}tYK`S5EGruxxhS9PXM1j@yP%NXxVg7S8Rx8D-HQu<9a66gRCX+=LNRmDypE zofA9jL22n+e}=u?!r#0LweQGx0g)~gK3|{nBJO|&q8l@K=10=OpMZIog?yU(qP8v? zks)S=*1C=m?Ee7KP2oNBWw|>Hn8Vo5%7HXD9dE4!1mE0q5Sg#?0E!YARf=DVRecl+ ztQNyKKj1&7)kQ}eG@At366h?ri43X3vma^YJi&we)k2>R6W&|e`MV3mztCQ1PcJ#j zDWr^80v-#V4)k#h?>x3D@_z8J8~(QS1z4uv`T&W@lVto@iKUpwV83>8>!njzrOP(- zmNziE-bz_egAF_R{xauL<7K3BCM4Jh>`Uef{H;ps<>zIn`mw@oYN^!0H)QgC%>uI+r4Zd61b%f z0D*C4*s=m;%rawU)}xLf>&xFnYf&J zbNM;QaGJ#rEZF{SXMz?i<@J1`)i=^ytVR|LZ#)o1i>r&yhcMmz>yTac2|4WCqK7Hg zgB|ZGrV^@1f(XnG2BxGT+91+mjf=BT4g?fC4;sAqW1;=FfgHxg>^l&i;vEno76Bm# zLc|JWd~*W=^sa&!S7=HVzFd#fmp*aYgciMsG~biNFHfZdUhNpHW9vdFWwNe=i>N$sRNZnGWQ#osWXC^~fj?UBq=hb+uq!Uop(zQo zeLBe9M)E-D!;_aG}bgGp@04 zx=rOpgD2xMN3egF%WSfwPrBTKYqeo&K*yP@$-2X0Y|KhF|D^_NL+6H2X9bep!+?Ar zOI<~;huM|GN>Z|j4IzC7KQT%gfy#9%*DOPHQD+ut1y(^2e1QSOP={ElL+!T6{rCv2 zc1Z`RQKSNI(RUr?=p~5FI@aGzM?|pGQnZm~^moP{M+5UEk%k+&K(2* z&#t>~>IK1F;m*lgtN4iuvndmKdS8|MS|yso;%N*gCU6>b`(&w8q4)ZE62aTKaGYnq`;xnb=2X)GQ zSFDZfy3cBmU~F#6d!F`eQ|{ZKzOp0Q@6#2u|~lHvKGE}vNRLSLQ|3U+=RW2Mzq zG031H&-V)(NW5oW{{<5|LttJ3i*S;6=Wid0iMxmba|+A*^DG%Fh`&-m-sl{3 zYfX@B?ZGsM%C!qmq`SFOgSkCx6Mop7x-r%ot4z!HkOJ%{5cYEb_kXm;E_0gmQjT)1 z3v3Xd>cVNKpYu36s6hvz3V5=ejvfp&nb9r}y9i4mikCTmWSV{;AC==&qeYr|MFlz_m5gcQLP;M9e-V21c35OvBF*|Hw7>Ukpep^A=+0E_l*+yRs7FTmA2)^^H3F3>t{i-Wyx!A>i%^7i$HR!nOyHWD|-r=?F>U@A>uZ;rFBQ(#^l=ni4jb-0~QjTH#w;VNJ z!|(z1taW>n?Zb7iO>aS@<%LlCryjYz%CJ18yz$)vP}`sLq?FP zV@*YkLdldY1fPLbA^~A)8iG$rukx8+_w#L)%%bW2KDsrP6TU}r)|vFTjW=N$W}5Hu zWj24AGfd4WT4Z{%))-X=q7*0BMkg~JtI3UGIihqRk9?rhjvl3rs>)SOBN?SG>aC@U)^z56ESMMa=CBL-+*w4L1WGGE?ApZ(2>qYapHR2HXQ%|6BVLR$TKS1$6H{?G-)jhKcltJjvpj>xM;1+)u??XZ zI|0KhOnT>$Y$^Unc?Jy4DKfJa&sa+xQ4=3@F7g> zwf}jD2%lemkPDfXh+8hN6B~39t>z?J4~a%=r~6dy`+7hIS5kKb)%fAGX3L-=pwhu! z$NIehdzdm0_z!Fj{EQ4~)r!70RAy02P+f;!ew=lWcG^2hez`Z>u`7KLgoV34Kp8ELQ}JKIc-=HPKLgK1%UKhf^13!~mUxt&$zEr{CXKHC>CfA+~OVl~e=2j8oF9EBE zq%RA!fTd8bii)C(kNU%x9P!}{*-!3(+n5Z=zn>_fD@v}@9DjTgdE+;<( z^+2#3q=bhZb^+5XyF(OEv2`oDvrcuLh2e(HEt~uM57F&Go*ZG_3mc8w^9Xh~6JY36 zz^k&34xtPVFq47|)G>yO?9s20Ah0`IvYFQ?crp=>u_Ev&aD_UBI$5I3*;~g~($ElM1CNG8iI)=4(JwcUu-d-6SP3C;hz(f{sb~*4@k( z{z3&7p0t>R6UH2hT!qjFTPR{7$+y^r%SAsxzO1JKFli4Fd-+u}A@32kZh6q5b3#qr+6BxHdLAAF2OekRBTRQ=u!Tqs4v#p@qlvX{ zbAr2`Q;a`O(^5W9-J&kfn(LS-?nURD25?Qg`8F86R*}=@kp9=gPf+SN_+ZLtzqaX= ztFyIwtg!Zp^uHNQz*HdW^H;iP7})nDNzc9?o@%tJ+K}Fpa-y}@scp8KLjMx7o}GL{ zNNY06rEgwoXJ9p;#iAN7liMRh>oK4Fvu|^SurJ5Ww%3m)vp8E?Hm*QpV%TxI7c>AL z42hrn+=$rg*jG+o;@j(#F304&jnrGjlLTFadnBrgd9-t~a^-oM$%wO7p}XOnl!sqM z->73ozPSS1sN*nKX5G)zUBP5g6#tanlcsHbkuJ|lgSPG*xj$cX9&ewQ@-jN^Pj5IE z7Ta9CwNdDk=;*fkJC)~2<5};%qFH9P#p+`BM?1%Kr4tXQ)?=HmAl}cUXTrMS%qy)v zv9dh><;d)Z5ma3MOBMl@>H^;F{1+EGWp6iNL#C%u+p7tsD=LvS$Er(Tw^g4OxS2d6 zXXK2NF(@-FnLs;KOq99QivK>*r6}+{mN-`JdnkNt%iy^?UD+mNW3Ny+SyF1*mZ?xP z*?@XG=2DxTBebd{ltA$D~O0k*T6q977n&7wDs@mez{eybsInjE& ze*Wrt-}y*S-|S4S-N{^{zzRpgL;JZ)@U1@yL|5J;}&}VFdf;?RK>HN>cCVs@W=Y7TRZldy?I*q@+*;~?%W8rq{8lWg^0+}vv zm~$f9Ec14H+e6w|xqMdE#5{&r4V7j7uUmF5^KqKSZYY+&uae^4-)Q`P94In!(JsnOwT*|OH zuM}?DfiwK|!A5_7CzgHj4(EpEid!$)Z<|BkLex}rO8rQi*tHi^K5e}}{&am()!22e z4t9g2d<#*~aty(1vGNi4XY&y^^XsO*599w4&l5LYwZ3D$&0NGe`VO`?UoT z`!U;j$Q{F!aPgm#jJKL#NBiRNFSubf=s}-pF+m`=aI%N)fplFxKAyT2zB9R0apKN) zVeAa5diY>%qj#Uv`tv8slaX1G6~*^>BcAtv0)qxG#dQ_ds*O`+dQU|^Go90L;qqx6 zCI)%wOp5g9a$mKk@DQsWo}Kered1Op7YjkR>olX|pri_)vFDilr~*}dJOVa(_G<}> zM}eLNXcbeKx2(51H?QiMZHLzWa3|7Vb~?5~_G9kJq*eP*@nf^HM!nzOj_T>inLcO)JEO!aZx6!3w}0}J&wM6Z z@uIO+{+W(0C!E=rroZi9cA^XxuE-$uzI(UAf9{QbBdI%4alP}KT)&G`XNA3tvo9hd z5vI~KYEF&V50_+p%I3v(3DckEl9Qx9U+w$XYgY^bDTEE!cOrZnCmSYuQ}`x*Y=3e; z8&7`Q9rx4xWM{&rp=^xNz>0pXUcL1?+5TR~L~J{O@q}50*$g*iRIVtFm_B-u^Yu@Q znj?umeTuoUjX>1PbHvGV2_+kyNLEND3VW=Tfdy@*EjpAom2lxIL(Tu>i813CQ0lt-`|Q@_}%e^!n$2}E=D;{ zz|iYdbcOrYaZX{fXu?EVBx!<`kYY*ci!wALbRg6iU!|;V@HA_C% zx+F=4R%=PdhJ{n`s3o|v`rsOKk7P4)HaMe8Xh9T_hMcxf{n4NKyH6<07Y0q5?{T1MxA#I3o?^C(;-z>dp;-9yZRmxRdz?@cBps5zx%Ucuq{5gHd~m|jy=xO3 z5imR5hJ8UVuzX_?Wtq(D6QB1ov^?w6zm&Z|jHn8pCNuiV z6}Z`+Ul`WU2>P~)S7*3=d?D(P&g3NhSVsm^xL}dDiIjog+uN zQNbio3#vP(vxfs9t5)&oOzJ9Yw!yzsyA8rqC_=lP;r$c&Rviyrf2|D7S3xd>AB1d< zE^=HGona61sJ3~JuY^MwhR3VTk`wu_%?L|~le9bB_$xlyKM);8e4D*op%(N%e^|;- zr~cRW$B3Bg%nF?HkQqXaRKcElb8b47bDW7q%m7JndHU%mrC}>=46l+k#Cp z@z0)UH4;chhsYc$g%;Hl&?3CK{+;=pD+YNN_LoGe*7i%Y5Q5ngZ<8K*Exkc1PT#T@ zv4;LEOmxh@i3iDcCrVMQC&VRZVzMvSw`yz3nyv#Y;u>Ph)W>_g!9g zPrd-bh)50%G+5UYjIsaq#^}dMEWkwb6GbdN7-)Ra5StA_3hIoQ4txw_+A#nw@&c)M zeb~=j7hwrqlB_;x@|19t3fs;kju6>{u&yT!x4Kw?pM|r1`N2*N2;vl4?MF{KyIo}@ zM2?cke~15I497>v+m*7aR|Zb{Ky@MaQxpKxp)SP(h&Lnx?w~`U)F`=II>s}MWQ-We zUEG+8&|;@)AT3*z%ix`yucy|X)gSkZ0bbQf4{C(2{YE2Jhd+3WYvEqMG*Zw31^MB$ zvql|w_&`*5ueQ^>J=ev2U%y*IbGl-{ku8d4Q*A;l8SKzmw|o}%m{NH0twIONaoD-F zBwyGTRXU077vLvwAaFOlEu{iW7!GmWOlCKe=f2hNZ(6MSQ)$}Xhf z-^}yJuP7OBO1XAgl_OX{k;)+gn&~8!fjjiomS~AjV5nuAd@IozqK584TmxyMW|2$h5@zmt?)6h)@T;E{?T}16t?f9Fgy{)o zsXFxTi;oGSb|14_xmwXqyHD8*IB4N>KasTNJ$}pXv`#Yg!B1QNr!)l(PnM$*>3T?BfmLRFXN%2eX|kBl_JGS)loEuLrD8h$YDaQdGW=k=Fx`-LDc0= zp&@tCp__VZ>aLS^&;{D9hUTk3-c8~MC0M$38}0}9DSy+}ym0|Y=F%pvL{Tk>LC;C* zjOCmaZmEy#(FEv}^N$wZ(lk585Vh!xNlZ-YDJP5aMMC z#BqD9swZuTqn})VcVuy9O79`|H;2 zvlYEX2H|Frl2PoS0q>F}d(K!v6&WS-C$ z8o{g~@1QDpX&uy$9~#K1h>*ScbVyc2FJo26#d>jHHaM^)ppS?hk_M_zgLB#@_&@P@ z2xK_m3L*xy6qFtmcOZER^wV*3KmdwQr91-=_>2xr1~0z!^)Z4RgRfVwb=O4pA`b5l zln34MDJL>k{0Fa;jBXRgX{?G+Zf9AO*$iMN%q88Chu>%X6zmXOoVAS(hOm^=MJpxS zNFJ}Ql1~N;ekk_*65x%OCy$}H)EJD-8$T%LtwCHX%NDtzokCprc39;_VKoMsst_|{ zn#pLn`#QOOKM1DAiABvad>lapfPcry> zwhWxbxc`&?rCH+)b7h9)nq-PCT+-m}5&xAs`tkX%zT&l?l$wZ{=bJSo{zJHE4Z zL$jAh6XPHD@6W9Lm7S3IjRp2hYlBv30{ZD7dTk&d{GAycn52V^C1&l`d{XG8V!}yo2JH&A-1M$zqHL$2LU& z3Le12CB$=f;Mv3(PA_WWqtz+0ODEfbmSfosxijK=LSG>qUhp2^QZ9HkXAmOg)F&e< znno@MZ_IK|#}vy#N;X8%+i(o_mm5+4YI zoFAo~K>Z*F=$SlR`~Bw|NUnn{l}Y5*Cl`hl{>KpS*^?UI{0n`@dX_P{^5hzc?EpQX z{3O*0>mjtCV5pi*mkToIngybhM?qY)AH+rwEMA8D{lZW55v}`l&S6e?mn%{`M;>Vu zYh{6`#g~%aJ*KyDw}GRDn@2tVAGbM?BBnTX3P2^f(In^{)7-_2c%CQE;@w{^`dN_; zw-mF_DDoVZS~TkyRp}*vTr|*h_(0~cVZwYYusL$sIKc(d7KG2^YAC@Ne(r0!6`GYh zaBA!4xka(%W-`x6{nl>k;CnCy>Q!UR#^6e}&IBcT3NJ`mObWNul&&L5|4(}qJA{c} zu#!P6+HErW`Em{GXhV}6V+NLP{t46BPrdUHRC0TgF-rec$y>Kt935%=_}7zBj~qEv zw00YIz^Alrf3J0NE>zAnt=cMA+Uy+dP)`V_%%HwFkLb#GFD$3i7u83+t9+y{bFj)3 z&≫(QuQ5dOg}xgr)p($0ZtXREc>{ z6#hTn6Y!T}eWXK9@UDe!p*kf2ViFksGF>;tHq|xoOR&_K@EkAvCV&MmtG@EZui^Kkslngnhu7RL&cy95XotiPlO-v zH6hqcdv$A+2Md=`Q`qZ41^5~Y)e+Ec?028pM19b~G#|Z|IIyCfZ(A%8WbLGMKtzIf zvmBZjr(d8m5qk*xU;E2XXW?8a8gPzoOG$f3L`*!D21G#Y>&eg39q0j8-r$>gDoC`8 zggtIjOqz>f3{}{<7B2mCcHoIhW;6-o$MZ}IV)05(y5H816Tb}X!@1Xn-H+jdQA)O~ zLG@u~uP3}}%>qFCMdtfyb^Sxj$1PIFsrs{YEZX=zz%TnUqnM9Kn4WgYprh=OE>ELv>)ye ztgFa*e*0a|KQmba?ITjNFO|R5!yaz72-BUv(AEHcCyj2a*VR7pK%oaQDU= z9&bx%`1VniPRO{2EFTxseYpMf3` zN}>CEvyj_`XBu7Srt9xV*jpbxW!HplomH=w8*`kG^>Uv7{6hfO-Vm@Llo#{*lqj|- zoo{7C`1P4?({g-*BMkXF%FpUr(LHSE@aOjU&2W^jyu*3O=c85q%;1r%?S0lEr$y;h>mjyoS6qd;pi}XCW_JeIRyE(8) z6R6w;BW_b%y)aO##s(vpUGKreg^A0Aq5Mc12obAb02L%s2huX7)~^I1N{8L7J9DiG zzKQMpZ=Lh#$Q-eKhm3&_}L1ip=^@s+!9Kz_p&>gwr?tc7`1W9(` zOwWZNkdiUS1OS5YId=xLTB*p3~{dNWf~r0QVhlo8m>`))UxI>O978>eOmj@))QqU{;Oza{V;7}h=>a=^Ox;f-VG z@m<@OCE65-tQUtOmi30QZ?BKSa!d|KbChbyryWQKjEeMa76yayfH7r6v&?vPIl=bv z!X3TKvk2H4)%_@jv#7JlqKsjWy-zDi4>P0hVa{5pT;$b7Z!SZFjiLQ3)l)w#v*owF zw`)(xY-6gAQ&N~YpF}HJXl*DoKHizA_=7U4e>oa?F6%ArEdNtWb!4-`Vys!{xMv^$ z#ag&cWKtM)IMs$StZwz;xBX}{Tv})|yZX+X$Q9l!)eh4o{M)eg_rC$a+u+-NtE!VU%`^yhi7KYUgLH90X#r~Z2@@~&njWthHsf2X9r;H(Nhu(+2*Ay0HXD^ zHt)(+?)i?qCDg0@(T`Sh?X~_?3;PK3ZlJG?(97R_p2yih4#);kQknx#KfT1hqyQT- z=v(~zxZ_sasf%i1fhYiudeZ#mg)GlK+ChS)8ly1lPVui@{$zmC_vA>&BPz;`HtkT? zBX~zCI|ght77T78fgtogzr4F+qc+ zg(Md+__bAO>*<(U)p6rdIemAw_S=e})Hz=?yolS!2;4eiLDh1t$#~oey*E*_X2)(P z9MO@Cw!ctal()Hr?d|i*YedZTTo)xpw*SOfc2xFZL#%!pN?K=P8(VO`B-_*a{r-En znoD7eO_rO4rvjnFMEPt{;c-}4h2?PXfDFIBXwfH#E-@U9@Ecn3v1b~l^j5K_p&V2V zt{!w&p4xNuVFMpsyidheDPL(8`{abu^|ZdLy*eJ}-&c%U z$k>~<-V5WQStsyun~xi~I`{b&QbNP^#eS|LKHu=CiL1y-PJWQ(#b_jH(_gJEflJGq zH~9AJRXMc%RW}nfpMQ)=EvK{nd08%r5~#r#TYP|-bcOS|w*AZKxL-TZsLa9o)W7?z zIPgvN&+1j`KLF3On*)$t?4*V3eaYOW|{rI^7)Usgm}QF>S@e_idMeC#rz+VRUmoW*J8`K$(iy7^(mU zmKdbKJT5jugS7k8F3}xAq>_$eGj!JVk1E+>OmSe6Kmm~Q_iiQ@REI##Nmpau2m zY0N~meR#f&+!HY7BCK>NCj8Z5%iB3=mHLVtMfm@)IzFHv~uH4Cjz)C&#Fgh5fV9e;*#_@;haDClqr4rEqZZBmCzkR_AV(l zzf0?@o^0*uy`_5-%VN&B*DLq5QD&~jGYC2IS()AZc9QYUj;8ImuETTgTtoPe~8R9w)o)39ZD#Ch$tvGq`ES z62Xu7)aq4{_MeyeZ~o90F9cOh@_AjLE`Ip5aftLz+mP}oAe+mbn9b`Sq&yn29V?5< z%W9>o*eb9eWf~dusTTPiqXZ>(n797%){rx)KN&X(&4idg#Ar)8$Zoh+53@O zgk@31wvR@HUfB+dc)M@&O^Nv1%RjTF{zFtB|#xsDZAFjBezrsy4RTMF(C zJG7O&hI~CJ9icf|&zFxLVZE!GYUXUlr~kLQ)ncro1E+LTuOz`Yld|}WYdPmI)fo39 zAqh0L%qT%ZL=Y!2k($Jna^--(PAJE>oM9%3>V_h)2Sqn_fBk8Ffi4O*oGEn*ny?@1 zFpd0CRF4aGt|Y(Oo8goe5XD?y3HkGHHLnYFJ63g@qsAgB-#Wz9cvLP`1YY&B$VRtW z@u;kla>bh*=D)0XPj^^r@z>ve%rk3;4rLa;zxlfv%!`sN!h2t6(==0kt+MU)t#B(l z>wX&=UeI=Gn^%41sirNtTXK#;RhVK{qLm^O2jDZmeewmIiq;6+($27ubq2qGCT`{| zY_@Nt8v}g|GJj*zl!3m9ry0STM24-4aW2TQ zH@x%oSRa%_YIj71akJ9%@?NP>bXsBqu?9CDU8U!tr4~St|Ec%(_yg>=y3Cx3(H|yI z3Ql8ydEvzQEp-K493Y2Hu7Bzcwz~945w}*w50BV}ek|-#3iBahc%qVvRi~G3Q9(kT zRc3>IE`84M(D#|uK&#Q)dgg4$&}Va#-*16EV+Bu?{qJU>w?nf&2eUn-QCu>($P!jE zlWhZu?jom&>|-bQ?FK%lj-xs|-V;fY*rP zZ`u>XaojchE$id;A?6_kSJ_vLxp)5oQ}``oU=31DVE~zBe86%m08#;?&f}lR?qm@Ln+j9N>?~1 zXhgd2>T%h|?G!T+KtUMVE7kSs4+WOHJ9My4GU>;gRW0AbxwB!^8jZid4LbNyNF(Nv zA#4{c=IIR4dy=dEbJqhBC6(bzxnKGkeL}iL{u(}NG*qbKj+41Xusv0)pQ1^Dy67j- z^P)-0%K_8oxw16WeI@$Z!q}bUpQpNmFPHfKt#dOEjd^o3g5^;z>gw6OU(W6`B8_)R z-qc(Lpah}{%Zlsh^g}j~1@@;!+oSd9Ia>Qhwg_^Auzk(U$+jK^SuHS3VgQb(;~>h3 z^Jjpi;jJd8?QF`?`Am&>X37Z4x~{8*yc3i3GQga|_=+0YkAdWaNZ4MMc!SS&lmWZy z{{*JPh-gG2HYUA50M%_0-oHt*{tbyzo~361QPVawj&?G05?j2kx!9@wZV0^M!oV5i z{mi~K1U4xD8ncoCY!-}f{i7a0Ey@C_LmoNU#zfpH2lJyGz^^2oI#S)?jNWGCJoSE} zuaiRXF95a3HK#vXw?S@ESQW)~A}suNAu_ZT+RbnW~;FLl#Qq{i1;>X z-$IyAFuPk1ymJ9p|`p;_q0b?}3*Sx-phYik-`|hm044^H1@Nxrq zPaz;UFimdg@&%>yiXVe5A^B@Y6-L{|yi;@Os+}twB~)tMJ6l(EAY{hN0{{2TCxVzR-{xHTk^${x)Z^$R$`3BP&TrYs*_&>RvCySwa3h<@M6SCT<9_%HDauAMpuP}kw4)8VB$7j=dKlp4PnqLzJ-}gVGd$0`sDkn4t8*@}Q_v zI>ZE5SN6kT5QysymZFm5PqLuogmfl?j1)*RFjFUkxJAxz{aAw$`~orW6FVEpZA;&% zb&#aV5cZtY%Ufc%dXI6Mk(k?%$YFuOEN8s{ z5WU?C{cQVxbTDe+XQTa@Gk#k^_2-)fmjCt^W?MA9X6ig$ zz*d?jF?&fD118FYC1L~xITU?;m*5y_oPgYPQ4k7Y7|@9_nE>$vfv4vW{;$oymmV9# z2)N#@b?h7Z{;BKRGh0>6xi|~Jr zslaFkKFikc`35ZPgY8BlSWS2vs(fIa?;jaLl0JrM*vtC^)sbUTRgf zV5mWwApm<9V5Jf`C?=H>)$b0%}4{r58;s$HlVhKme)j8TyP!vc`pNH_wH zPXUlH5G(odllbaAEfAg|^fo;d=Q~ngA^ZS%-FC7&)odq$ZoPUfMM1TP2>mn%? zgx_gh2F%IWM#2DELMU9Ap__%EN90vJ^alEyN$L_`Z^;fq%ALaf5FD8fp zJj7830}y~P0kX2uWC1l8;}iyXr2=g5s$pa-0(wuugB>SmB?x|qW>TVQw|wv;tY*im zIXfPUt7C2tHoC&T|HE?#0oR=T5RuI*K&H?;P@+#E?)=#MbS}gY{6HqV8LgYR5$5&} zckVT=ee))hd~(|T2%PCQTwR4wVqj`=jF<5+fqAymW#=QX(LBbb2S6DUThWPuA_%_Q zo6m-if&f%@HB6TB{br*#PHhw+R4DH}7?g7lK;yd|ao2Q>|0VF7^|}m5TRAkGS-OCT z3A}_?(G&=_6`Or<9r6|zd+o)`F!x$p z+DX+;#q#X_U~{D`YxZCK*1IRXuZvPpajo8yYV@?qQ$vG49TAp?^QLjQ=NMT7qk69I zi}xXJ+v)ugMD2KP-&IB>4sE?9u8{o^vY-Em>FLMIQfKln#W*!#rPkrs4@LXtNgjWn z9hUVniZb)xgv&d=5u6=QyMF9)N|*kZfP$m*WW9v;s>M$R}ADZ7kif@L7DL z?*BVxS_WgL1W9s&BxlT>P(AU}uh0}mjQcTX8dEv?M8|E{M@@YmR8^TJzb-DW$WNG_ z2E-|}(AG!+TmK`-?XVtNcoQ&rE@SdUdpsM!^^gND?)OihKmtUa4DW1rn))&xEL5!& z{A~CfUJUAj``w2H42)ZVD=sWnipPx!W=%RfTuTPgHqWNm8v)NqGgPOkML+lDo7%19 z5JIXXfDa|Gh8oiXL%VZ5mZE~0BMc-m5=%n`(f`KVTekuB;nsVI@?@pGE#Cffzaap7 za@eNB0?ZP7bM7Ku6YSuERiw#fznc?i%QjuW`ARW2QC zfff0c*NA5+av#}V!ZSPs=~xDV3g)OxT(`r~&}&oFUOIOZd%GS8bi8dlrNnlEOZge8 z4Z?tgK;{J>V0gxuAtJd9YhHFQ*N!y!dgq%Rji0U-{P&a+>je}eQJ^B~I_=zm4vz`n zNu@qJL@{#upX=%W_@9*((?SRC2D#dT=hYBfx}!FX9$T0Gh4ayOU?JTe&$Hx*Ui27U zYqCDqRS177uloNY$8dB}s=$556~Ky#aS9d;7Y&RDTxC|31jZfG6Il>oh+R4lhtgwc z`IbOJ2eU--A))Dask8uLQ2^BTabdo%0i56k6(9>T598-y&HvhH@rnVw`IzG}9k#Zu zq63LiBtH081tIjtSj0^9v|#0ru1DTYgy{{Z9nz5(VW2F(ym+SbuoR)LkPMwu!uj2+ z$ZY#Rx$2@zfAyY*Q}K#`6sJn)wQ916s?d_lLHag|5QCz`yLSMK0S{!)Z3Y>GQ8TPB zP&I4GtAG=9DC8NyP<_QWF7J9d)s<*Mh)+D-#kqAD%p zEDeSP$6~8rLLz~+kNgBF1?hm#jQHu1`p9SShh{e*=t}CgrG)fdb8(g<@!JH!*yj5e zc;)V4b25Hx!eFQYp4EcJii-bUqdeFzj5k^5O7KMupv~s}^QHd}J=0kR5Euu<-5SR- z=j+UZcH?}BV%JLyH|*r`_q+AV@G+1RXBzV>K!Fiv@YxGcp_BnII2hd`QT_f>2MzMi z-1Uj*VSMAI(mW(87vnDXBSAiE!meCshqm)|eNw<6TVP}e6=){9=>S;Rx=c$MsBRZg zrH5lFq3a+5C^}aRwY8;fBvwH8b>}ZKR>=VNWfH}fM~c#KM^TT`Z;LIg{dGQLIaFzA ziU!!kj^b~GMVREqCt`3$91W7eUz3LLa!^ZBnUh#!UDh9TbK)3I;O5@pBb>)>m6v3E z4PLD_`}Z`z2wSc%*JP71An@|HBhR|C`^x_x%HBJk>i_>AKF8iOBJ0S?mc1P$WM&_G z?=36Qp@T#mgbEo^_R7vm%0X6ykX`o3C?mR_uRfpe@Av!bcU{*Xy>I1@w{xE3@qCQ? z$a6!|_u}o3{P;EFcUg9MbxWYcgih3*!^e$H!=C0m@ne^QwV^NG6||&%7iW1g=7ur z5`-a~5e%Z!*$Q(Ja>a9+VSOFym@%m*IYzbmuCg@b& zov<6P&UN^OaHoSlbw}PGeb0VTD14gV_wxF0_>6%>vT9D<3h(^D`{TQ>EA2-q?9O0} z&Dg5xn>z=!kl#FyRghYGfO%`&WnHtDttmTIGv5al;5wqvT~HDf^Fmv#Ga*FA5-yD< zx1RuFt_c5Favr2KGHK7d6X^fAh;uysfVrkGY>$_RZvtf4*vBeR5&>7jRT+cd-3|si z6A1%EQv?W@Cy-_6q_-gIIRPR&&Oqs6v5b3f%e?b6!`cbbE5n;algd{64=z~T1xyM; z#%~~TcLic>cyVOnTFZo0CbK2YC1^JwwzSLRCt2W)_yUeNm)J6J3TGfL7o?g}wa}Oz zlz0vix36be2PVMiV3!apkN^@QPC7+#{~_#h7BS5xAYRhs`k((<(^R2z$I~UqPZd2U zeA==Y$D#`=IYQT#<*{(0w9$|alKLWcP{UrDr1iNEPN7Qk% z5%A%Z`!Bc>g8&?87qC!s9~AgKk%2&lTkDz>^0UGHQ)5(hznq2tDohDY)|CxJ0SxRJ z=r3%sM_|zNh>L=l+8(Y+L0?vpa0omW$Y@~C6+uMD>o1`u)nv@a++b2b;MvDEyoEU+ zQ=nfI$eQJ$ntMIkgx8nz$n0dx7nFt?w6L`N3WDVEF07qZpxX^48Wx z+2tjA8hn$*W2l0;lfTWE;~!K1xD3C}{}juSzty@~mEMS-;_tj@dl%HXge41)PJgD{ z7s?kLbRAfft#enP;_YJg%3cg96d7lexr9h*9OJ{l4j;(&O~hV*KS+;MLeM&Ju^9%2 z!{0Xd;dS-g=F>8=mm z-dXGYu&jr^990cNjFMU@??unoxF;(2ZqK$DA1;I`zgDaYJ*EI{#1VW=y5|87%#;8k z`$9;JYHEq{o#x!1xTR^xJheXes1EJIjbuE(ITOv-T-E0DnhKT&UdvlK*2tS(i8_ar zXRx@E`*#YJL`<9{F@=xEsrTL=yZH!B>)%fm-86y+S{PHVGS-YXD7EI8%qhrlcHV|c zm?Yx`o^7{t!3B}ctcfVCzrNGatVqPpWIEVM(erAC;w(SAEH@iMH zI|koLm`?BOYa|dT1qwn2Ik$Add8VPstuATj8>5q7w$al%eaD#DZ_+kD4JyE)@H zdFg2jfZ+9ze!!?uWdSv+K1(B*qS|M8(O19zC;Z~t1~@4+Lk-a?`3~o-)%ZY5v2`w* z5XL-23DVk3ntPxuP6BEKQmi6Kb+y`-o(BAU;!tWN8RDaI1-V9`mvaCGmW+up7j54~ z!HW!txE-4Hw7&R0JWv)^NZ$)XkR-0jMEC#1nDn&2?-4{&cj42h(l4-u+Xa6y#jAs< zBRQ+N5|5sP)M-5yjg~qjdI5`zI>?@XNItZVk6U_o2JwYIs@*vc7=rVbDg-w#JrX1f zDX?=_II;z1$nQda$Lu911x)X(#^i6au1@QhXiRJ5EqXfU3QZ@oP)}*iwC4|Ir1wj7 z>S2fp#^I^{`n5Ni=Z(8l3&_tC4yYF}UZ1R_3s|E4EAj}n3U}59r=5|)FxImgUly9Q zqdKiaLS%+G({EW4ZFdD=+7do2jgVN*Y*;}L9m4$wc3)8uqOKNPfMf_1i#d76`r-5r zPA4K>{T$F^Y+&c5^FNO8^!ZYVP4um$j?tCK5 zFW_9wL4|B60A7Q$$~H0d25rNH-bWt*w5R&S0-p12MpA4n7X?gn3W>13bJdSkS~dwy z0h7yGlgW{jef^@zVWE(I+Q>XdZd87GgHw@9pEaL!5APViBHv)L+D;T3KMd0vkG}pO z0tjY+#0hjwn!2dWiT76}y2+O?PUp3dypNhv9d$447L+^(U6ZHHq?Ms@`FtO|)@YxK zVnS|bw%WCx<8C%h+3K}Er!HzA;(BB4@$Q?`j+PUN3FvjxGt>+2dM$fN{$=1mdAK3ij?QX)uNd5l{)^vkT zfh?Mt^EPYR&M)5*6(N-$2&q-VSuDt}F%~&0q(|vSMSNpVxRa%j8EGu{g8Y)TG%U`f z(=I3L*^}PUZj6${U)Xhw3)g+#6}yOSsQ~V8pqLg%QP;^pd|9uhl$0hZltSI=N1FjR%ajfY5NrqwPkT4)Zx4jnj}AoVy3 z;QtfLNk;r&Q4okS^ z#Cn4-#{$MWt>4*#@$z^VL-;ww+8ljlBRM-sEUP}Z!N=mkqo1mIE>}QZ7nO(BzNa~g z4un-F*)1?f>aD3vFW6+0b=`=FHafhV&&Y&p*5KstfgZ}3A&rMd7g>?BCjD~Hv|FL`=wVXwfq-# z!C@eiQSC#{!8{5nhEm*pUOWP^Cq??GG{r!NA4*@xyZ_3 zK$k)?904Cd^H*>Z7D2DZyTvVa3ngoHMabO^E(kgkS&`Q6stZ(`Dx;Ze1O)iru!JdM z&8IT(H~!y78`m&a@rkNxn?I*{x`~!Dua0vfY2DSn1^jBhu&2wc3;1p5D}*JiDBNzQ zY)h}lwBlow{Bj*->D?6;iCHX3v;fg1f4d6@baZYsM*OW&W?UqMzv#+z4;Atu?mv+e zTjQGySv9%pXU}U-sb|&b%`YPJk&I@bfi0fpykEjWFcEBe7}sB*>}1*>36f+&cJWtC z1{H&`BF(kd?IkLkX0*O^hOsZnVI)0;k1-6+tYXO{wyKPe7+!Q(v~?@)t-85rer$WS zWr{w?o!?arXnH7hr8kM0{|?KadH?#bHCE$$#_OFtBli^Tg{D;ODJmcazPr z-)Xse?F4ZBKdFWc5B$AoUnGn?c-~zKu2_ZtFRdS5A1skDIt0P0$4(3%D~loFwcs&5 znLc@~dj_bNWK)E99K=%-xzSYi55)}8tgK?tgt+7y{mXkp5@MvG6oxpU^h3V#fV=_> zsR(=VM~^AQRKt`I1ioT9FF+oECE)uSd)d}~r(x)NJ|T7gdlWGVxX}5?ME9ra%3I{) z3Hns%FjcCvg&V-+a%DKoS+Td_>QC9G)Jyu zLoPPEs}K?=h?5#8$=1q)C*>qVJapMU3mvj4b0%DOd)%vL#AteO=h~S2xAx$k+K*SP z-I2NOD)t$Z+@~u*7*2KzNVo`cN-;m^LPaYkz#kWtSQDTO^Y zD)2JD#XV-6!$i=9RsH`2p^aB?108(48~zEtn8Na-8NHh#-H8e}~iC?)T0&LXtw#DxU7i#jEd6@NWcmVH0(Bub^Pp zyMK@V0xlg1(&M>`B{IH3^#qULt^V<;Fw`M+P5el#yTQy!j=Z7fDcK|)npW%K#X2vN z8j*-igBf&R`5e;EQ_nGyc5x5%L&>ZSAVZlOEY;)R50`QJ(`Cy_m2HZzmOz3u{HxUh%2(kEZ;Jn=a$O|hA5fumC3Dsit1yvTmxE& zWEt1ILO`f=eB287nAg-~)X=R*v|P#~GICIG%-Oc|`LEv!k_4LTb?a-_-TGHm&h7lG zF|G1|PDSN~(4z^l)ZP_I`en@hM7^k`QzDETat$hldW&2mbgr3g7>$$P) zThQn)r0Zo^#926zK8$`(+Z}Et6-GQl9Ip?$pk&DgM}(_#2*gOrjSkGO_xwajs>b;wh~%R}bP!Bsny?2bDoN&d zz>+wC^c|fgtqh}=7d#Pd)ZAx*Pv-t34Igy~UwF{ayC#F=JW^*t(+9&G{m0NUcM1mh zzPbTrs4cvlQE4Pw4dE)&9@T61U?77d?Q4c`<~}VxmJ630rk^(RU1HV0#Jhv)BsE0SmjMm)C3naZX+=WZ`7^!!`@4o+1o`Bb z4Te%R9tv2a&@o^NMC!gM!TY^M1SSrzgLEtdDB;a$1o!@Qty6p#X+A+0JRiR#U|r?! zNeZUYNlz3(nSP-Q%q;vjM|fvZ0Ib0<)h)3*rdLm%kAF#(YZf2LJ2B9$q0R<+`fmQo zaH3LjUjc+2z?5p}An0M#u%IEiRg#6mc6TxizN^pII*nQVF1bT4f+8KX5Q2jyscs~r z(U@`i=h-86v^p_ywEH^m#!U;0=^=@()W&5`JjKzFeD2_aZ43!_J*N+G^XuW{;K~UaP*tit3W^U77-Ov_o2-<+Es(v|ZYolwGptsUu`fEc2SDa=9kf zU~c5*C&82K;i}tr*y*-jZ=Ry32Q`4A%;x|c`{B(!wuMkb;|oY7`~TLF2U0Q*Ql2AAs|;>SL1E3(c} zff0)gS$FsC161Bvz2Ceof*S1srdD`F%{%t@S>?ess6$>-iBBF71Xt!^MEuBoBsGjq z4D;*P&Nr)mLamxcCM2eDVb)QJ-#!)}g>mV5_9%IcxDBr-^)iw~h9(8fn-g`0zR+Ve znpIiJWW&(bK<$WbPt&$bP5FHSq1Mu|F3-n)+08DlE$%AiY5j2Y<^Gp>qj>=jvXfgu zi*Gsf0B?xg&s}xGLr|zb--|qW(W3h@o?}2GXj%m0F?>^=bF;QO_%WC+^{Iqqk%qba ziRL-X_wce)dWQ=I+z=I%DD{1cs)sv=3!6ajaGB{NKmE2lW&KrW#5u0k9d?Yrb9?p1 z1ZVfpn^8%89mMNJOL!ZnKCxlKr0yENbr^5$<6+tO<&h-` zH7Y=bC591+b=^?%y~27+cOi%(y!GC&)mz< zo6P&7>eb1wzf^x!nx_N|DG2#-0z|2a%@CCJk_CWHeV_<80~78!Rg|HUn&UT!L9u?e z@PPW!drtDQ+#pjBc!O*#S126|UmPeQ2x;EMUV_1qBX#fLv_`yG>dW53`YJDMb! zP?noagRW2IE(fs?Od3f%t<&DV5FP2Bg@0>Kst$%SP&#_j9FFF%&prQ|b=q47Mjkc* zoPZZFk`!{Vbtf_S-W>&_@ZHnw#<5Ao!hs;4&=J0jKu0$9In3$%+Yc3dffL>jppW!q zFK+Z`Z{WSc(3*@N+q&p}Xyp2~L1$ZchcFHH`we~vxa+f5@#u-$rn6>|R0Vjz=mk^$ zz3D?S82CPXGuA%2Itw*Ac7E438bV2Xv^SK)Hy)ZqO&WvsI0F-g|8r5=|GMoeb`_Nk z{r$Tmvh_J)*9I<#xJBE8H%0EQ>zK%M<*^j+FYdo9+LD8rQ&AJ{74A14Tyun*7}C+UDvRj`_&t8;RB2OXkw7La#2A&OdY4{dXr zKOJ3O7*o*|Tq=D{_0mJ4y1gG|6>?Z9FvDT_k*sK`Dns-&90GHOO>`Y3zw=d7psRwS zeIq+dMzn?Mq(EC_{3YiM(~mG);`+~4S(RU85?&&&MhgXA+gI74*fmj$FXMq)xoQ8a zmCM}<{z=y!UmpcU>Ey}imuYH80SI529Ix)HTnPA@BST%F^tsx5* zGW096?OouEjsMt_K=0#zbKfX6{js$Xs7=Z8hk>Asnqru zc{8pq*zPmMcpi3*L5mx!v7^vEE{|`Ru5(*B9BMc!{!haZF$#g=)|85lAUs1r8x??6 z-2Ox$3h;h0p;$8mhLR%isRj6-?7Si~xeZ60gCdWIVjRy2>Z-_Xl)Us-uI^_%0#bVe z5X%ve8&iSV_5gql2}G3m{SHEqi&j8@YkmFXSPPKSW`QK`7O)iX5fPb}t|1b%wL)xW znA@hNwNYM`8z|y-GmRC#RXT6evodn4&)sgZqg8!S5UYjoIz3!hqf)E}MZwSo@^{tP z?|0Bt%m2*G>eatnI1j$o_a=6op;H0eBd1P5+@qIINo@f*m|!;_ZIYsBxlw8QCbtw( z?t1j)bGkXa?a?un6>yjVJs}Nfh#E$hI$2gH?Kh{$VpI)=yn$fatTX&VNf7!PPT1Vl zJ|HKH+QxZ(pPmEr`oNQxdov?fO2T|%D(W^?{iMYPV3k`O{bm{w=|-L9KSwr%(?AgXXJD1@O*m*<+JIfy0=fyJ1`~*k-j+ox$FYqMsWArj?${CW{$rSCj^+t#O#yeX>Z~xo;-OX zAeH3A|FX5$eBGI}@lDhA+7DY&vq4PR5GNd^A06XE(k?Mt9|IBdU;dP z_$FPz+o}o_Asy*I=d!yMcdZm%KQWcw5>W+!>p945Yu_%<w`> z@%;txZ~w;`4nHF4gX-$9e^8jGi^XOVWWc~yJL-55$VdAZ(6o91n4474RbkWrl=1mD z8DxtP0}U1aDR9eYzj!ph`ueQ6+|<RNEI3<!U1r1K1p@VS^^NgT`rgkCB{z)F%0qp9 zsldh>K%yQj^6kH+0-b7f4*`n!34foBu-eqS z*#=^>n|HJ3ro-HrsVj-vxqQ9^6PH3^katWsPg$u*L$?h0*4yFa&uOfoo=uZqgUi3U z*0CPg!l=#Kl?sr($o^6QaUvHqUC6rWUfmLYN+x#vEngMiW3(`KyxiPioJ;WOc}_`X zpj^Ga%K4qaykKnZAu#*x0|-TzZVah-)Ss}H^ItR6bvKk0-O0q(S{y%+_4W6sfs3s@ z)93@;IaRM$jhYO5?RW`Pb^QcGR&H(enJoD(U1mb%Gj-$Y19+9=77-hb0@t8m1K>$FC zQ2=aqXn+2fK}%b^7ENbJ+Uz;@>anEHw8`hOF&-&XVx~Xy?=L*wfjP3f(!=BA7GN?_ z3`RE>rT1dKn1Ik5tc7Rxy1ChcJ!0!R3K;MLnM7k4F3hGJlHqpbUtqyD*foNf`BB~L zSzmF3KqEFdnS6HYUjah5bA601d%cGz5WUIMw4Y6=T%@_pm83m64Yx z3Xp{Ku2b;(uwnUF5Qt7`E)n+N*)B#Bwsq5&gD^NDm`Ic6ZEj5HsRLK6L!&S+n6EqD z@X3|Nu4>=JHiYil_I>(P&wewE@o0B`9`6Jh;?H{JL;E>2<_E@zBR_7x1>>6);0cqY z-e-vcm$=6m-Wgp{*SP8@&Ta{-WN<0J+EF^@tTH0bNo>5SIjdoARskI=&oiJ09BXo= zdLE3hV*g*i&cS;U`;4qCH+2fU+Q6WoSnLDu<>DU(gfP=Eo5e^|z~*4FeN=qc>Ew+{ z!$cX{7{LtaZm z?J-Kh8Q>eR-Xgq5UYFy3Vny*u94V+UR+-SI>t%o7ma3`qS@M&Ib82C=o+MT(VClwL z#ORl&q(Na9Wjv50SK7n+D-e2zXDrK@*Z(<@os9; z6J0h)z-WbqfUfpFlu^v7_LIu|dc89q8=qNGA%tqb+i+)XWr(g26u1|U!0RTt` z1mPt{5ipzp7(Y}>1!Q;fi`8qQqSn@DmVBf_CrgBk;Jt!@N;zIb3DO>!IaXo+`sawH zZ~jDJY8oE2W*;!kz9Ta$(8=6vyw+(miMiILl=P4}!BN8XQ_XKNzetgeW5-?1NDg}_ z;z8KY|7YGaUdc795!PxCLFnBT2G|>jQ62wE-70OWfGvk^F~&FmP?_ zfc<8+lNYd7m?%$NmIe60iNGm`ckow{fC^SC1f4BGN3 z!`H7!y4!Ce!){I^&*enJH$jd@PYaWe3@!yJnbb?<0x~nbbmZQ!Y`!TgdDqi5IOSdD zd>1vUS4| z?0q-^bPxPZ48|J&X~uXP9%(Ar^}dS$W^1K#7BT&V4>j-&~Il zJuSZkZCrrEVi-(_2V%)34HR*p`?KG*LdB}X=g4xOif?IwR)x_*JCEn@|BckL!*Y@P zIW;W&1BgUc2>%09cZou8zK#J;DBxM}g#Pu~1Wz|2pN!^_9;exd+-$%G6%`$hc?DQb z{i}KReWQ&M8HJsJqhH`g>FYRaL8ZHgHRwmGlGWy4fJwPvn=E^E5qLVZz>`?1`59Q} z3VB-s>n6%t;-qe?e##zzroRQ@0#AS$r^6(EBoQ^cw>qIO$f_Yw8iZb^Bt0&-JHK`M zYuihyZS5U^QJR6C727jF1*#MbZ{I`TJ^7v$dmt~$pU>3g1$>c1zJWfyufy~^JRagY z$O4J;kdxgz>>m8n2(g~Z*_MO?O>AvDgADTierD1q06}a{K@ca}P{!=zb7950~{J>97+x z^++3#$d#bIfDi@@MbE2SQ?u68d0u(+3-8)DKvHHbgJ6Gn#_Y@z6RHQJBU1er>27P9O20)I-{rJ-goS`bEVX9IfyDd>7Oe1oZ)7BxQ4s&PN z^7rBrG2RGn2(RaUY235jS1&#a)C|R+B9^3hAKd{QB`C`_fwJsv3!lvYWZ3{uok^`A zOj-_5zoZH_*%jcD_f>WQbvtelZ^(akYny3YayF%?123&`PAfp_3)P$emba(+Z#XvR zx|mjpYFjBFTU-U8{R{}sp|AM!##?ek(mf+22+Niz*hhSlj{#vcc%2=m8-gqXSei(x zOQ1!3cTWGsNa7v|!6f48{7XJ+DVKzNe^Rth*a0=8JXn1yoS3a-w^ zJv1t+1CsM(>{+A?0i&vZQobC+#*~iR;MzSmM}(_RzT4VJ<>mC)$tGHDJ3QZVBsyb>H@Px2}G00)dVG_tL3PTW5e|8Eid5ce*uK8%>s>wD%~7Qa)h|RmL-@QvJvt(doj#d_m{etj?5nvz0$o|q1pH- zYrd78(?P!|V=AKnn?I+MosH}cIcESvnJzqFl?>^&L_Y^zjR|<9PN3Pt6(-Tjw#U$_ zW~Ge|g}KA))A%lVg7D9KmnLM=Yc>VPRmyk|$}u`q8e;#GV`xALuo?3k@21@L6k%4_LON2jDx6 zKLyvZU&ku#?KFnXnm4Vf{HXn~i->$(MXkR+g-pp)iqQ z`b8Y3I9n2}4oeHOFjZxoGY(UR44)IYYMf+zB>4CV3sRxw-VZ`4Vrkb z;;!~wF9^*I;8;@r|8z1+@Hoj9Dr2+gPMF7IN@0k^KSmg0?)Wc&J>_+vuHm)a5qaiq z%isMS08k7dgS|}#2LAiKFO(t(WVOPS)QIJ&CHHF=DL*u5T$BLb3u$;MEaC}32;Xf1 z3^R1IVw>kRsHgFlk*7>T#UL=;%= zK`od+$`g$LXmtyh!9txBzfODm0@PM-|27=`yBe5lFkP4{{7P6Up#dBqH%~~+wW!L$ z$J7Vp!z&F1Xny1%Tj;FAdwdWnOrV#XS<2Id`O~635piFthDaIcuzY2;99rH0n4HGG ztv(dt3OrxVs>wI^)6?tfF93mLF;Xu^D0HYyhz)nOjdQ!;g1q-MJzWh_3gWQCw2?{eGWs_=yscbFTD~#rjlLEbEpO{L)$A zjuEP}R1p!ps<^c0E57iMos^Kv=G&c8vg7~VM-XZ!`d3C75~}?ZJCGEze0cTUY0bTp z!0@F6J`D2$cb3Y@O1iL#Bav*L6&U`4LZ&g{N8jN0q;t3_V00!!Gg~T!EwQt!tn)*; z3fl-)PCQan7_cp$@d4R?U3@w&3QUXl0YMREPz89h(?MzX$*DyGorNvyadAuptho_8 zE#h|%-6PmK_PWXAS)CW(5qaZ(8ue8i0tJPu>I9Gq$IRNTSh7faKZUZ5kWPSNm0bs4 z1#Cq=*op@;mmiRcw z*ADu!dzVP$ah_B8FAg^*Ix3dQ$P!%+GTG`P0WlQ6F*!$k%iUx073%9R^`jq#F%^J| z!}a!;YhUpGw*~#w z#@<{&z7coqd5C?s0#>&MK{70)*op>}{)d=fzy0C5$??SrbbNdT_)+vHLANt)Rppjg}Yg3 zD>_U=y^Vw8`iREC5;yGhk5qmZp|5To<0<+vl4*=Onl zKGoX{@pR65e-?DeokSG9nk6alQEOPAZt^(%s_BW|T))X3p=Yw+b;z+I@@G9IFAT!; zh5M}e&Z##AdfC1WuhiDK|EgtZFv}_> zI@`|SE=TXrZk<@ zx~ppdVHoSLb6!hq_(LIAo-&X-1_+s%n0N=}x-c0C|Eo@+(P&xKGxpoiX(@{wJWBe{ z;u^vCnZE^3+AvzqhR#Rgtr;FP;l;+rG74O;A;xvTA=@*)jpwGAx~B{NZcixY33NF~ z+8z}pJ#b(h2*-UOL~%jRq_L9gh1c3@Y-ocGpHiLxb_@EI z(SrHz)qQylvu!ZTmh1Z1Iu7?ET5SXGr+E(%i4px6QhK$+?XlM>SP3KHDKc&e+^OR) zM^s1PgCyAtlJ(JsN^hCP#SXj1oAROVJZ#gA*jSxO+%%;Xk7#EXrgqb7GDvFW$8-Pj zfyw@j;B23cSFORHb*V~k23ia!e{R>ADY^XVN99}R!BZdJ-p|tHsOfBMoQ*<5hHvi7 z!-4aaK=5d+3;-6TjuZXI9gFlJ{#i2eN6tTTcqSx<&vl9ZM+?AXul7g8uv6C)Q?Dl6 zO?tI}7mqe3-eFcY?Oz1w@ZF6(_j%=^^P*y=c`)wNreoXVjj7f7OU%m6 zdBOo>nKpIaAMU0*m4T@PZZ+6dww6mXc;iAzvAEJQY1Zy>op|A%c=*8a1)` zK6%q^|7wHGU#^q=3!tF?d(Qi9rN=T6<1P5x8ZO;yZ&lCKzkX#n`&(iC2KDNG%SaR+ zqm-}7@ZFOdJi`XhZP&A}(G}k!>b`GNyJ~x-$FF}fPMNXmkJgB?Eoj>xIt(nJeTF^y zxq3h;G~*CTgkfM>)7asy(98-EU&37cI=4!9>z|91`_=xNI)C$Xz{{<&??keZ*CSF7 zH@~6Ux+==#S5~u6^>ch@#;WwlvsVS)!z$#7@LXN8qIR)<8*SIsKNU4j&FP|e#}_f$ zc{;6q0U`Z}tzHOr8pp(L%^{?HPeyj)F4=l8B3PU#d?<+-)BB;!;QZ4 z!tuX1xcMkbWQ*2`iFkd**?nJAC|JsedYitIdf{39tR^O`*v2_9D*V6%6vbC<=!w-R zsje^b=`;u_Jp0#YX@(lSJ87QLQcx;%g~l}Tzp@$s67K&@uBX8a+-%!Jn1_(aoi=a; zRvBY7{J`DKpwtb?$ZmN=$Hf`|;4aT3+@@Jm^)wYpCs&lC;9 z%#U_PN8_08u<%Ch6>m+a^IX2Nw+zdiVI*}n)g&gayB0cfyM5*1d-cwgCZBn(bmbQ| zBCPr4n#X}(sabU0KYZY1cilR8zoEDP)qH-&@Zsynvb-x|#C2tXdTsKc;u21Xe@@=V zWK@X%k|gGzY0nCE21(G0=!ekHVYzBkMxV_1g%pi9NP` zpF)HCSI>X~64FggEv1FN<2P|F-_$Y{LbuaHmH+ftDKKHBR^M`Xy-w=)_?j=xSYlt@6g*igxMB9%Q3y2r%*^C9x1tOg=+GM zK+Q?`sZu$IPqzFXtxAx&_}%i;dLTV7N5SZ`gxb4&1+y&h(bqsnxbz3W)0hTL zd-nZ%h`BR>pp-4;6-g|h#+wAW^O){>IsL-~$ku}>EMI?`weklMlVvvdYKlSI&qtl= zmE;%nIQLYtkjbCF*g+Mi|OrO*6b4_j`$KpJU_Q^5iWn8{Jte z1zMpl?-F#3WJyaujF&)x&cs&O`rnaRxo!V3iFto1QFJT*ilcHCb-%E&s~7YkJdqWO`?5P`sJ6_hP?P zw%$%fEW?key9e!}prH3HRyDJ=jcz*~qWF0?rTzRu=&Mhl&G}T=H5cb`%2M+RYEwAs z%NJ0`fROo&CN5QJtc5b6lzTVF!TmE6Y!dg7XxJ5*4U(nC)!LDzdkA6%=6|}%m!HoP_HRnvjQ`H5X>)bJS7)y?uC{9y&|ST(i3zui`Z=@WGh3P zBa#iTuH$LDMP~J^J^Tuyvd)YFtMTm1XaO&1YdKW6pFMkWDa(Sog8$=zPx;RmS0X;c zK#3XN^240idHZX&)2YKN=c36B2?J(sy`=a&2)i_%105lKD`B}PXrb~lEz`hHp$C_c z4Ay!n&=g?==Gp*FU18OvZ&qQ!smT`no2f(bDzgm?!^%12wZIQP+k=P;RuE=?KI9inS)w1i5L|B)9} zj=$%1!N?L=!yOU6RaP`Hvs>W8YtH0X8D>=&BQz}sa2yf~FRUh3er?YT0F8_R<<0B` z0Fc;3=9v-HHG0no8^0Q6xL%km{>OcNWCwX6dr_?-Vd(NL$?TlCRDDVwq-fg;cF9rv{t{tfUAuO@@d*W7nqpd$c%1R1PDp&Qmp%=uH%(;ctxs;#Z$oq5w*YV9|Ayr9jdO_I)*f=xHpM^EXMs`)C z$FcHb_$XxdUq-qj9i#h#8Tp4Tk1tM9V4eEG8(H4Q+sgYBdMaX-!@-!-WwAT<*FzwJ zGOZ|PDr+4|S%Zhc15G)zaYkT#V+gg8SlBUNGlF#st)xuB8{7;!u+B#tUw-{v04ilV zjX(ITBRawK4}zap(F821F;MW%zbkT*XcpHs7 z*N>)-(!MDF$x3sMp)5zD#F#L)9(5h4Em_Ohe{ISEo%wU5e@GJlbL^;r`@U;N9IGU< z+;?E@%rt=fua&KZ$%pq|cYXupKtHsdL!&^BT5dT>qW|Bfc75|Re+REI$`RsvkA*|s1vaj?@n}<5N%CD^fesW>=_rX^dL{r``A|g^Nwrn+@LenI$gay1MbN-(@^i?H`S&d zvfWq5Zta$P*IJ9JayP5$y6ugD?elhzOz zO`g~GpeGW(*w1?F^AF$)WBgo3ltZCaymwQ%3~k4Nc=8QO%D8SOVF9`Bq=7lQG_(#~ z0i=|s_Y&r#&ML)9VSdO=McBzZ0M-=>8;%5%!p{H~1W?9Fl?r0-cQZ3GT-x#AvuJrD zZ_u9K{_Xmq_yPc5GJ!gbC-AKb_*JG zi<sGaaGZunI0tB2M$_jmU**47Kt6LMoYc*Z>h7;O=a1GbpT>n*w`?mqEzmZEoKJ|a;jOKWcVqxvhR&nI=|(35 z517S-x(A;oEu_4C@X~Qq>FZ-xMxClzB@f@ z@c25;KKThPQ62C?bX6q7MNoPwK`BheMn1|!7yIF->1Y9%FdZFFueIXBp2K(0cSg4W zmPt?|=nF6Ed5c-&^N#&1a$|cv3Kg1s>z}prxZ0=JB24oIK;$fYWZAk~U<9fOo{T(c zpXYz(|DN07=DJAs9}$d39hKW@11R_7fvE2p=0vp#0Y2%Mox#{7;5&@ZQpBpUf&wFM z7$17;Z3yw-2Z~jcquo#l_PC_Qh}B>hQ*;I15o`+4=m?qg+Z&Ujd3>C-3isDP7w-cR z$N|V=9AuaE3rd>b9xOa-aO$P{hm-(FkL#RwAFTkHtOhJE?O8$NX1&jh^a+^5tPIM` zUqW*X(*ja*DnvJ5c=zD@M;5;)A0M+!hBVNf-UD6K)`&v$s%u`I@tLG@7EjnBRo?Iv z+nT4IwtuP%`gHE-qYHNRUmD*$j^ER;2vlks(?w_9Y>0HALCfyZ723`GQ9LZP3+%F-hIQXc8A2-@jv8!Zih^Grb;YZ+ExKi<{0*S?Y=u zhsyq9=xd}w-=93J4>5#4py{;T`S?EnDbSM`wTVA|{p=~O-ST%8f-gWAv|wqRrf{0$ zDbgn}NEUm8K{N{88!Z_Iu&ZuAqR8LSdemb2zd5pflc6JFuPXG<15wj7q7zj5B@X_L^B8ugN{cQp%VSKuXEGsQJ}(~?$R;i z0HlZIdoRSfi@Ez)gUg0%nQHWua4`0}h@U!c@&AgxcF>mvrVmj*MzF6^{umN;QlVU? zy#^{-f?7K$`SfVmsRX7{;eU|W;rAfju>QJ)2*q({;_qen-_d;dhpGGDC%&~AM(E)> z4CPoW+{Z|zfe62rh)V!vgQfF~=dNo!{oW@1>kE{5PDTdBcu`g;{U5GBEPdqLLP|=D z(P7$jodSVL=;t4KJ!two1x2yQxVo{QZpN>g9_CTFXC9!sqk{Gq+8X3%DV-xpHaQn> zG-sQ9Wj*DVXQ|ZM#4D6Z`M`D&Fj#o~T)F91UA)7V#?^-#jJl+oYQ*wu1dGffX@c7@ zobIFq`y!1L*B@_UY>M3jW_-df(p)}&5?Rk+qhWEnRS+29p!DS3V%u!>E2*!Rb*}|e z--e`u$00M5P$-8!#{GE|Yjp)%Mbu*M7Nk>2&_4az8O_X z0n@8KR%OzU7(+TRzDBc+RR1b(T&TgOXTFbO#;Zd4iUB4@?mkjEUCM2CI>Z2j?PD2= zH?V9SNHCDvA+T5O_H_k^6hBBj+JESeuOARns^!r%c`mE$yw!+Y*_~^gi{Ly&P=tB) z#8dbcj%HFg_XpB}InL)Ta-F!Y8;6>{fJ@(-$|CUNlO`#PN)s>MI+&dCfLE~fdzN1l z{Si!*)o2&r<;=c~ltO49qc@m?RA?Ac&3DXh2#si8WEv6vy59FlO^uKW&Ao2i%%N3I5BZBYX zS+EVbhz!X@N?D5QrdU?puEBfH?l?gbA!1F&pnjTC#D@eRIV?r>C{Qb5+M!@Jx7(Ht zghgMu*YsBAC$gn{-1ojAY4Q~UQmqRol;!uEoh1TaIw@UZU82c3HaTynE?W-Qk_7ez zSyY z%;-#Yw*S*%DkiB@-dm>fn>3KW4)G2jM22=CWxSblnEt|)l_E4{l1eG6XDTmkiO zQyN7!<}20#*HLh;H%&P;SJua2rUfkxgNr3i537(al1^abh*?qh(;F~JK7MWiNVn^F z{aQhz5Y}@Jg3I4Pq&ZGH5tAKN5uiMN9}s}+LOWfzJXb9?U-{=-0F>!+u1#145o!g0 z8x(D9<_o|9Yma~5mbQWk9NatkJO2tU<44S0U7Y9}lIlg+;g|;W%>x?TsU^NH76OtD zAx3<}c;&@IexuV9$WTL}v6sve>rl#h0SI+#AB2hS;ggIQ>WqARBtJ$Q`l?4|L^z)i zA~1gjF+<)weB|{PN)I*2100O!svlN=etU0jqH@*mMwsK>t9U2Rx?oiCa;O5Y5PCO< zAhJ&n$eMpCJWpT?@xyCcZr5Sxl!A~zV*BAvcx%hDOBh`_fLW-5w#+JN{p|*?J&YJ# zc&5Pb2u%o4kv_)vwmv{*;A&w_V33efXSCRz@~TT;sNE4Fh0LRYPU22ua0aEYR@_I& z#7nzvXA8CKV^dBVKLSUuI|VOTey`_y(IfK#p7jsdo*PG**BY$9!j{scjs#IBIJ!83 zZ-k!tqDTmauxK^JaZNJ}2p_(O3mBxq!}$A0>MYHkcF6i2>7~S#5=uJ(W6w>(8R>Bl zHTwlj2hEKf+x>qp=>Fe!J>1ZHyvlf&5OxeWouy}q98ViPvC>B#B@IMt+7nNiksN|J zQIfD((e%&1JX-7Mmu$vtcP7glV0b9rT+>gMNyf4Z;%)nnLQf2>3vr6>)ujYA06Uzk zG@O>zXhdcMApZ)kPzYvU2Rw15&i238!Jmqm@w~&%J}u5fsQ3%+JPJFvzjc)E3*&f$ zkF8>n^ZWq3o3qM_4FzDy^eap`8(~J-=;lJDZ`wgT0K`!$kF2(EoYq!j)zJ7M_fW4R zo>WxIuRfUbMGRDNJNg-J^;HA@W2Ag}SEru2)$ zf9{tWKKl3YZ9`NJN}y_<;j8Uk3XuIAz=|L2=0ZM|*dy+Q?fHT|uZBGzLXRNa+eGrU zA_?RA4_foQ1gqjBwD+<*CEzqm1XgMa5M~6)-m~Xj66(^c&}7-S@Lb_SROW!6|wn3wjiD>02$~S zeZm>dC7N`!d=&x&CD8#b<621O(9gw``3gBb-T)mt*Z%g=))^RtPMwmqykUwOm|&9m z61XLjx*UkL%81Qq379esY{(D`M|rAox{)KIlraj#fJ7JgnXVB`Cn1wE<|RYtF4D66~9nmw;jG>WIL$LhBrE7@+qyA+9 zXb6$DIC?ic2eGD;+{HgUI8PpsVk5UY5lqW3(GEwk1W(|DubwF$MoLXmJA7&-_bm}#CLn|cKfFYZ8C*pU54YOYju-lz?_^8 z3-{UY8^kBaL3Yl?Coul%vm^7SleJ}8yo6-pvxSVQh$BavyjES$naM=YKeJt1eZJJ= z+3X#h{-FsBO*~WNhx@yYiw%Xi_xbaU(Q=3P6rq$}Y`vTe`w}BbXX0mYJfByalvMJ_ zM*&YBq~=;d1De5NwHwVUKNfcQtYBKVEg;ky01s*kiSE}^-IM9+rsw%7s*IzHTfE#H zE82%KT83OA6a(_uVN_WQicrOKL4SHqMl+<&emW**J zMY`Oo}s%Q7x;OVCpYNz#z(yC@sr_2erXJhcB1nh$F>p-pG zdy40FJLUhXVoW11VoSpf;|u$M6@g)z!dt}9DL~{`l*C{a*fnI+OFu+FX8$D(=J3Y` z$*1yFOm6lyM$ALNdTr9}hxQsoda|_S#jxx~WoMiX1kr z&MMI0BX6l6z_vOQolTRDy$`n{q9v_?*aSpC$9S_7=#Y{;&mkN0Ud*@IuwOv9CvtB0@6mX+NVHW$-S3? znYflQb6ccjKK z*=5ZA-s&4S!!bDOHvmGSKE;DJKfJ?5c<2Oe;IDdq@qIYZi;@OAyv%L9!@sz)+bNI zm!a%$g(O0GRlfCz7t*6+8HPbWv135KamDanna?LTng~I>FX-ZKkfHp^-^1UjnOjcG z>N9wH{pisjOJwhAq%u1nX*I0^PKD_&;k>7Fds(pdW@ct)Dn5LMOANzTYLOtyWQZee z1Bm*32TPEG13a!YQ6Dpf7GG)p8>pE>;aJuhgq*aB=kU{v{ze*9#0|>DM+ovwzE#6W z<#S+Qqvs<3Am;C^|DwyN7yL{cL2;01rI40cc3kmh_}P4?4cRsC~INEbp0|_g^mj8=I$!qvZMIC_L&SkfvEk^E!qF zrJ~x&wxAjf@rxA>kUtQN#%~@h>h~eFG>ZQE)^!B`*R72lTa^(Kg4Gaf-Kww4?*XsMH ztttP!uSNAW-5YdMyKwcN3dK$CeMD#FyDYyemVyTuo-MUnKl%~$@B)K3y53iHi}<&o zC}ThrxAzA(RDa!-OqM!+>2qH2>xL zw6SC6#bRrkvFvlh3^1mr&$H2uQKokw561t(kvZ&Y>uoQZ#Pq5=MOoaTSR$t{%pzxK z)&ZTsFh69&vq%Ff;ABiKlywu^Y8;08f~1XYAF4>Tqq=dgF6s`=E?rm|o!#==KC6#Y z^bipE@pibV8+jwjYN*T(k=b<%GnbGFz^$pRjoB9#e0sLoRlsh-4I!gPY_>-mr(@q( zFbeYF3&j84dO0x>Y(0oz;kHFyZ)mb(I0obCvD19nZ;X1$UvF zo=OZo%kDw=dIKU4A+^GXB>KurFO46A!-WZ%?H+cgaQkKiecnF!uA&&HhB2M%gGj-> zgteNL8SF|vm2nFGDJJhJbHS+B(Q9uj>SQU)aPpgVjgWM$F%XCOTmXF0f&QJ=kR54q zN7{k4g*8Iz&IEjsu8;C5#c+;Yw~wlf#YX-p4qJX8#1$+!6B+IAMV#4AcyPG#A5G*c zuFfDG$>7xIUFc|^-q74I{NrU=4bx7sCEBZdtoQeJ0&*V++b?x(;+kU604HVmh86I^6U29b&n>AiwMs)R+E`^l&1PQENL4r8%hfB)T&V93 zb#cMxQ9_5VCI^cx-uS=PJ6{(qMY~`R>4_20Z5h8fcawvuo4+U+*m+s$8SO3k5 z7yE`Gu!X+3j359yZwct0=63{_Xu??cPYyvH`sKK8B`6S_eBFZS=f7GgEkE9NG%UOz zBHu{r$BpJROe%*gCIn2agc5bq150u=zPjNF$|l?&wz#|(+%d2HrVJwIyT9-w zXb|FA;$oSOdj~5IBGF342nI7&H*P`9A-eOy2lMvmbg4gQ9e-)|hAkdJq#$&Kalwqw zL?A4!Xjkw&$u}Idva3COfA5v6lcEaB@Cz72ZS|Z-JeJP}r$3H)CeELOS1=KN1g#q( zzV-yRiK+r2!;lYAVe-{jUxc6)%QGEr9Bz~ zZ=M&ZZw5pOLYPA}Wt3+7*5LUcokXaNAzA_T)vT3*`;t(*&$mfN1qx~0I&+gY2`*U3 zH445dwhn+|s*sxf4KyApxE-lUYq?@UmlIi*etV@*5zGU5&m#jpyQHw|#BWC!XAxdiV&O2KBJkLZ}xE$COoyZ>KRr8D+SG~f?cq|IM_=B z^dax1vHn>qZ56Bff@G?FHJ&6-OD{3NfMd5IRr`_wiA62m`DKZP7Wk!-UPioj+Cb1s zOuy)79e#{$=jARv-3<|2uHXn%Q7bK~z_^6A1&~v)Kp%8o!p0Z9tFKqSTySC`B#W_y zSIkKJsdnNi%KRrf%MuJ7j+nE5$y(&fg1Qp|3Dbpb#Tb)PQBU7XE%QwG1+@3+nutfyE4Yf78xB%XAar$I zM{()?5Q=U*EVFJBCve5jboUD6<9ce`dF0s(@zePCJ_7+P0|d1)^MM~u3@7-td`>{} z8F&VQ!BUsdM{gMyEweU*TZxCDK3Tp*N*(<{hLPgE5eV#>#wUT89N!Y9oL29^mOS7p zT0D?X!l}vATn0#eK(c5-uhb1Im_PJ9br#>t(_b-o>@1d)RgtcA)i!Zd(E9kXqJE+0 zSy*BHJXiBzis|`Eor7MUJ2ER!TgN$mDhGd}Q=`3cV>p*iPyC$feD48q7N)oSy3Tiy+*e?&@#(bm)H)4oRS{u#$xLZ2|6M^a@Z~oe{sqc?D#;0!)8C-kEV{s~my-68kns!qFURf<;TnjvCr61a?vaRqtvw zM&$A1!u|h}Ni>a>2h?ID34vj@d^Wg=cJHMPMR0;gC>WVZqA>+@Ekm(M(k7E6eN}KyPf`_{Gf# ze0}NFgwX<5DE818oxDF}0u}tdBm8fTBbf*anD5h1C|3gHQDD6KcN(o9 z9g8#MDblMy%fLE3?}66nUS&uVEu=gbdS!2KZ<;2wO|*5ikVJ-Ow_HDbMFLmjRf2y< zLa_(riN;b-SGZ%&sC4;gQQfy$(YP`_Xhv*iy-gFmq3*ete}gX|>8Ku#3ruZLH%fOb z%jz_O>L)D3!UD?mNyRB>7s38Il5y1WSn`UrNmGuNdOWc ztX=S5d^N|>P5n74SxF)=YU{6EH@KVfx^NT*SB*Kh~2^9nq zPh2ZLh}rg<>~j?oQK=KK5Ntv3Ky*-!$6zo05hZP8pDST6cyzKjDjF6@wKZO;D}tC}k`JVz6iLx*66fi*)kY7@{bo9EAk%-I`v< zHI4r8`B^%l)SBB0>i`bJ9(y!N&!-O{64QS9F;p7KrLw&eqt?#j{e)thOcbA)qmOEH z$@1>Binp{J5EH7)e8$8THL&QSj$q5@kodeL&(sl#T=MW}zTVG*^DcwmamhsT6_EbS zqY_{2vmZM6gg1u*i)~4+oNvjlErMl~;|~2wbK)k;@v&l5VLt{N(&3{}$kbBEFq&|D zi`DekvllO%eIh7UGQu1WNgx?6Zvl#yFjQ+n{4mWcR0g|3Y&_8sKc6gc?+MkbY5c;? z3I_i>HA29JX`W_W*%lHGNz8k@QJ!9h1tvL-&4v`&+&n{8UK;+-G)v>C-%F-6-Iq5$ zWchrCl;Ghvki1zA#ES_SVRFwdQ~8U3RenFFA8)tg72aU1Y-G}rL7oTY{?#z&PUWCv z+?$gzT;`Y@!SAgtbA-iYb-1jtRj`f)XD?kUDDWO}%wXd2lxZ)QO+k;H{*UdcWH0hgz#eQ;0ukMpeaXJ* zpZ=wgN22wiWff>ce~vAAQ;u=Oq|*~MF(X5aF>uL*2Ok+fsEbDkE^#gY1p+VYi2nOw zhg88LSS66)>5(-e9uG)V6P_rXt`B03W?fkrsqW-J_JU*~HwEwC?)U=``n|R@OVB4z zJ8@lEApFqHL{KRNpkbA8!gv z8ery^bJnnQRUEftkd1=5~w4=9B(9fJ(g6_VB79HcHS~@A37lUZG*tczI&YolFkmI@m;s z4_wXd`K!{lm;3Pcq`YOf+q|arR+w_m0b8#60_7dBdnb&|4tox*&3V{oMPL;*rn-lJo6DmrAd_lxEuQVg zgL^XE$wA`rsy_~7Y#}gPa3tiyE2fuO?)wge2)l)pQ9-bmVx6iB6v?Y-PoLU+28c~3 z%$8O{RuK{h6NR4454qqKLLS2sV_cFPsiG8MOXRaRUMd`-I2(kAOdK47ZgTz^1Jij2 zX)49>TXV9rVr7n=2_f9{*bx;eelh2t(>6eI+BEcb1x<1TMAA7IBP!&I#hRI!IsN+r zZI37$xaXjiJZoG|+mBU~Lk<<~I--MMc|usdI=&pm1T&q{?b#zqRQ^JXMH{fAn%G3G zV}Lz-#S*I+%K}mkv6*)S(|q>`*!c&D4w6s4G0%}YU#^oqUnl@lq?nhxiCrOyxDO1! zf_C0*3?z0B@WycN3nLiLgh%?@p3|M#&-N(9SqRK0IgaEx7bpjiF8`TG@$)3xU>$J{ z-!Fa|1vRZB(Z%O2a(DVH%VM{h*E&Y`@T0&Oab=Yj=E19xWliI`K!)Ky9-qqSWC&FW z{po+a9vBnW$C=drev$Ct%MsyK>f}Ujm?P8KflGu5vlK{DGa^& z%C6@~fb}pl)ZKR-&lxztwc1R5+!F9=<{9)!P&KS(c&>(aUw%HkedP4r*?hdha3PhB zN2K!L@6+e~X2Z;oYR4wxSi;fKV?;6Wsei z;22$NP2T4Mvw_Oce?XhH4jg1L>?%ZYM@!pu_P8ut1{-Z7?i5$ZyvG|JK1Q+ z?4B{QXIqNqyTSsjo#Nc1N4yI9WqYkivD3mJrVT4Jf4aVS{0%kZQ;)qrME6E?2ToJ6B=9>+1MLk=qzg^0Ohdin`2{R%43F zpWh)6i#H}i$M3uI$e|yS9&>bj!^Ax8JjB6ak7j))jkKT_CG?DaPinmbv{tVB8P7la zKrXA5)}b$2k&)z)^5&jl-m(uv4!+o5>Pip13%m0UzQ{pkP2h#PqFxRAbrWI-eGm4L z!K;^Hn}4G3^c3~o(n{>3J99e4pN9;z%Ca<%uD&4QQZpYJUdw)Wmn`}R2aIis(am#r zgSjr|Nc>>9{dOxsYoV#+)Rb89bTzB-x)uj`Cf=%Y*H1v}I96XPs88 zF?EZc2iR3cmRlfB!@^D;5!tCcDRv&WgRez;vp7u@!A9jj zMpG#{o8}N;>sf9v*(8kSxVy1Q1eBz0W>14V5)oPYH|jlIfb-Pc-YA0Ujk(tk5Gp(< zxN1Ky@tYOR$eKIvF%emWsEH7~{yXu{X)9wu)U>D>xBVv}%o5i$VL{al6VSWfOiJLq z+8PJ)qLrqVX-7AR7R7b3JG*l-2a}zKpuBjI_a6|G|~&Nxv?XEsne|kBuge z9hn#4{BhO>Vx8KKo?_KOUOP#+krmicruhU8F12=w%8!|PTUybPS4t%xt!8}ry9=^5 zT`h(31zH1d6@AC{)P6L+KS77o?)VfebCsGU_|v~p(JZi~{XhN#ypML*#^dXH)?J%@jOG($JXw$L{=LiiWDBRw#1n`LxH`ibrGWV4^;-%y) z?-`54IbCc8fg>bAEEeoBb}bSLEbT!(8s(O4vq5H0B-l5Bf`iGcK($Sr*-ngppT|d6 z8cACT;ASk_C6lOgmM3pK;d<(#amsW^0tB&bco;!oIIKAoX})lBio6Q9V8|=DVumF( zbev5`h2FpVptQN6;8sXV+RNg4KAyU1anB=bZ@E@#iN&{@DtU)xETWIfGVqR6;zr84 z8~)Xoq`zbriE?o}U;G3^+8UWdA02^xup}@g$`h|WtpuyaB3D20O#3Ca*%w)N-yZJf z+C+#MPj*&QO$3q&nC0R)t45t&hEiKZ(NoB zJB|(WEnTJ5D_O-97iV3^`pnJOY&>30drD(>UR3b3Ez4bS*~(W-jEwW`{Tuk^dXTg< zoWhcCL*O9&%4bLHpWWmGR;Dr1(;CA~Kk@5w5ugwP7mNW)Hsi@@!GI_Y_QzWTFIzY- z@{I18XAW0X+&QNAk}A4%1hVIC+VY*&`?Bo)f63850?{1?W;@Aw0Fz9jJzlohTi7?;{NDc>>k=J{r>q%>D5sIjs5xW?(Zd~Sc-auLn4ew^|sqYZ{dz< zgme}rjLz&r)ZXVGoV_YbBFma?m*7qUN`K8`!~~jS6}J$~SOTt&YyXwwC5T;tDyMM{ zrtM@242a=@K!x=4NO63K{l=# zNc%1Q#okiDuj}#;n%lGiWLz$7EVrI)!7)%}kOita{K&{9^BdLoc+5pso9v`vR7xv5 z{8~)wS_LSXM^jmgTMuo!VYCeUg59K)VWKZH*plQ;EqA`YO@gt=O#r0VrAb6#grEvO zEzQg9{y0-BgptOolwRcn0k*SrBg_;tvZOP=TtGe1`)$Qwgo_m|T;PQ&j2}g`{hhVU z52ztyu9NAIiN><^V|EHL|GBfw)bNh9+!O`(`KAxta_PQ+5~Wi&77jqs^)U_seiQ@g z=`L)c#~H1F(CQ7!>p^f}e3QlIqKauEqq@M1QF79~~ZSc6senMQ!tV;flHHiQ9vMZM}B1DzKp4vf2^AuH`4ayQQG9c;g+GGM4EGQ)yup z;_!%=OIrH=%erljl$Z6|cMj@}Fel0hB3HB8X=EAmM`IDyuRD|V?0Da{p9k4-ml|h9 zmK9%TqwfMW>-oFVx;Ot>UrP`tG@hNMKp!tP!MI?#Gga9rngp!|(6)+;nBY{q1{p+> zF_6#5n;)0|yU&ssBFf8eQd-O!#V4vn>Syc*0|yi6_LXP%68>)+-w zq!qSsdbIEg6Tk*wBBvE!&lC;eyl~=pLkj~}p8c#KTWEDntxs{_+}_tZ`&$L4sYd3Q zXRoZYg@*VoAVU8Ut`K2h`1#h-6wi*^CqNn3RJna6>YEfGnf|=(mhfNC9Y9Ms;~G_1 z@U8uP34A;!D2_+Q@+oXkkksA)Sc!8D2ZCmU|JwJ37?;(6_8S2XUQb>`R;h-LcKgAI znRRO&XfTeuH_ENl$drGCnmx4Fyyp`bK2Vn)D(Cl$7nsFu0JwPRK5isI&EetEU6~<^ zesKzHvxa@XVRK)!3K-=38>C91&+?Z$!q& z{l8CofO#iEPGFCn0q=rktWNFgohD@_zbenUi0>2&nZ=XO>|KcL`%AE9>MLoO&}0yb#h|!H!7ODa*qlbk!6nXEc7!H`lgZ-^{aj&IY?d z-}U|d+4{jXzJ8&d8^=G#i{jcwz#3}Yph(~WSZJ^5T-r$zpf#j*5|ZKN#TlBVR;v-2 z6bm#=D+ix1D32&-TJ>jVgL+kxe? zFX#hsLEVPRk8bbg~sc7wr`>{dtYhMHo4!3QBYp!x!)5L+sW8dEinI_4r3ct&*Io z3x>p_{kF3vrd9|znLoTfK@Et)OWl9S5!C=X_s46pKhq`vJ@-qp{68B$lHW6(C_s6V z?|q&P{wGcv!YXeOypAi^fOo$@)+=l1@dG9!FCZqLeD+>FiT0^`SgYt5Ssq5T$_z?? z2*$0&D(fga2ZxufG_sScF!)bL&JYSqUyLW=-$sI|9ddku9O<&z)T{KCRS>PWI`DED|9T6DwsSBcoJYQ@2}eJixi|MES9yVFZ_+)l6jN z+hSf#MoCxr2sR}Wd+k~hDHwj5J8AYmj|4AxB$A2`0vfG=%7l!Nj$nx} z(QTo1CdlRrD6KL;2M2{-{#@>;1MD5cu+|o-9{6kAg8`0Kt90*>;a9h&B1!PP@L}|D zu(X}}HiE&yO>j(KTnB{1Yz*mnMDfy<*eT>km5gEj-%Svv-VeI+g2k2q(|R)Y=I=fj zJ~N2h#m6*x$vsq|E`kfNx3Dh@WNg6)33K%78UdBzT1T5tk(_nH?Myi7+e^m6?}mvI zEw{CGs#Icw<`{a;lyOXDWt;6;!KxM+@cnTvSSfg`0I2%+{i8Y?98}nd*eUxRYb#ni+0lD!4mr69PJW$aHbv~Z0 zb9T#XpB(8btxO3NtZ>iNnG_p{cuG*x-ZyWs#a;;b*`aY z1E8QMUnL!>OKfkPrWL=Q+k3L=qaLaeII=}{k-M5_hPT^(b&XbAY8dn7bJ3k4WHAFSi}HLZ%L1f96DMrrz^<3-Pbs z^5z2_LfYjwzWnS}9R#p}VoBkSs0wWv+(=l>DShRc-$OKN`>AJ(OU%Co$K?12vqXZ} zeFC9rK+I=)^*PAy#b(&qT#sVh=C9{+e>Oh)ScU3-*Z&`_6mF?fz2yJggtye_$g=-- zSsHK4bnL4AMs#nlZ*H2WO9md=w{N0FRyMU=0h;!Om_vbe;|GJ}9O*17en0R70oZ90RV7?Jfz_vhd0_Q7hS9nI(vu+5k+MSH-()0Q!w@G&IaWg5r_*#(C!(bEloX$JB#_7D5i0;= znDgAa!a^JVw&+$ep3|_S_bm#JG;vmtf87KI(LdFvRW6<%sSRdoFnwgY(4#y3k~CV% z?)F~($tvTUYl|COKY-mT-6ak4AXKwWv9V@Yh=BHLx8z{;G5!=}-HU_;7%xuoo6h9? zE~*W{4KE7Xr?E4<->4=(-~k_W&Uw~$pLR5ttL={3*yJ$BeHqV79i5ldZ~Y}K%{J`2 z$x65@Ft0|VN1X$>E99=Y@fMvD(9u1lVE)G+`$}g_V|?lLK5fOc_P2i=%Ta_^HedZ| z2S4YG^-k)=Q8?qSzlR~Ume?c6TYZ;O@8^5}&fv&@l|!6bgdNoMk5(Y4F@z9M0?ZMT z77L<^RwHf%pK1W`uFdg^0$MSsbWoLyVpU<{+tC{w_~U=hkK9Z<8LV`H#NKWVl`&aM zBC`tPJ^W0jG<_AJ938rfPbsoQn!X8e^Hm_G($JFkCNROgknws$5<%dE#anJt-5taU zmF6w-*&Oknc%V5`71T-X2%(<+3*N%H79drgqHO@V2H(2L8Uc(1{q@Z*gx0Z+MYk5P z>E^;lK8u51xd;Qf*)l?c5{pk5() z@p30M4Db2yOUc1*u?04tAu;c6!W&w^9b_TK4kn-M-Ud5SfFRhPm5$%MUmsm&ftv|9 zlP_^Ee#|BuZ*zUEHpE2?J~z%=m;qqddN~8#7I#Hza72)!F4>X&HvlES%o~wVwnrG9 zF6=&SbS%30;n8Au8F~>%c^oi@|69QJ>-ziTf6gW!uqbGN&l0zX-JetxQi!A5xf6pA z7jgCGNMV%J!Kn643$YDW@J9fi)}<{B)z>2>UkD0OcPL)I)W|a;-h)-Pzb5x&*Qs}$ z)n0TGAL_S(X|}li05!1}Qa!*IdgB9KpU=WhWrtJ~FYw68+l=DEyORjDG&<5(liN+fQOm-|4)`+uJ_9h;yNc&)RLy%WJ8Qrl zn!F{3Pag_g<>ie`SIPHcab~eJ6=AQgr;gt=@LZT}2PF2Rp;Mnq7vUj5rbUZ5qMDHHly62nnm(?dG$4MdiO2K%8F$_3s! zKkI$^K;(zwDEP`CX0zErRMzbo*;yKV3RLnU7#dHoA%oJ1#*1!CYwBe{{|;51=; z?*@V-Unu&C50c0Vk`8Yi+ZrztiZ-)X`LtXfb%Vw#=@2T^ir)Zvg=FgFI`mdJ=%Jb< zCfaAk4?!wFC*kTYB_{U+rIRV|I=_ZYr@4Fcml0a7=y@Q$5khwr!Aw;41Pbv^UMoDm z+oTACs5A#iwjJ~`9fCJ z1OerM2Gd*MMndgn{6i(oDbm${pl*Olj;$YDXAume3kEu0LHe(a9UR`tpHAD-hP~$Q zBoGmBgw%lp>d51Oui7_ezrUAxx!y zWBM06SbJ`3um6a)>gDanUHsaEkGS>pwtiUbg?gDua0G=TVlD=#gT%oJ`hO=VJiM(s3^LD9fujaIA9*qWwJ7k z;|fLnE1dy8)qM1=aunXoH!L6eoDh(7RUSvTc@8YG4zJU(bx7?FI`Kl@kVY3{%R!$& zI0CN8ZT7+JymomP4@R$BVLB>*lspf(&a}~(Y&ma0E6$$l`xIGoAkzXikaB-=YpR3U z?jvHYIN3Bl`R@>25We)H{MOPJ;u_>bCrNw)NTSR}`6|lPWJ3 zBtjV>Y(@T>{NM@pHl$yMHa+G&Lvsh12(uZd(2_&GdN@WySrd1a=d_BZ4FibrL4>+B^b}`H!)3VD=3!G z>vZR47FXhjcw7MuXf<7r3KfW9|E>R4d$Xx#%J1xY|1#Co(Z6AFZ{gREGw!~Tc5sRv z-rUV^JepbDU!G+rPnk$+a@SH+JA1uPEZl^6?}tMd@*(WcL0|ovN(ogft0(hUIvd!u z2F{dF<2;8JjVu7Gx1BPm(Vj-#_iUj`6ttbB3@=9MyD8EL`Xd{528eS=30sGn~qzv`(Bn%d2bCLWU)qIAd{^J8$dkT{Wq zJ)AW<{_f9Ma#+{Gl(t;%Z@UpYCxzcRH8 zy*}Uc1`jI+uTmc^k=i$X<4#WDTN1S;V9_r60?&ab!Xn9@lFpBU(uC!^9W(I^PDa#@ zih-UuXN@PR+SeoBjDNSV)OJg%>@EW|vF!P4`#vrN78iL2B80=G)OB$hUPEM{Myqb5 zR@bobB76N=h~wIpulXYg{`-9rhTD8M@#0iNdA0UgDteQ%`kq1v)4?wU@eN2uOg%E) zeZ=I9m!5Equ$Xw#UWNLO9I^Wf8LPa>AXV|h+nAfXe4m-11MI%Kn)u2V2kpLSq`=8|m5%)?MEx48186vE1C;*A-p3o0=C0HC^Qzc-sP? zy)eORfT_6nEjdmu`_@=L0HxN=2ZK`8H`qep0->W;ETERC0K7OxYCTZ*Nk-6y`$)(Z zxJGd$cdr4}eeqB$A>Ku`XG-C0e)ay(criF7(F0Gd9sEH21n`9kIKnwhwk%>Hx*Fl> z!A(-}E%p2~T&aC7%s#QrsyJEfHRx-#=Zy4lN*D(*$I+N7+4maCL*kF(>^1OjKb0dSJRP6Ydui!$#@2iZDxE(GB!4!XYMTxGN6m5D4R-HSG z^wphy@(PVMATM<9hs?bClKUfR$0;WA*&DgUGU^EX#(#G=2GPplG8fDC);8``C4&aH zY}jAlZYCtshMtwP#s=BLgZV1(YiypN%%oaHvkv}+!M!4PJ<+SYsXEo;)31d#^TizL zZQH<}VU<6Hh5Nc!n%nr&`xNDoPl8NF`5Cw$WW@L|aqNJ~d~96XWR%aWYgn(CDw@3e z1QBbMBH+_Ctc4<1V`aD50ot^-R7LTxWGZ{}AY()>lYI@BBRm3e><86d&->XGoE+;6@T=D96i))1g|{2eWthi!Ibj6o#^8If$JP;CWRIRBIm| zz-!3w#vUWdZLE;8nosCBNa3a#S>)p6-lSJdxVDj27vLwC>r3;P+gb0ykH~kU4J@_X z;^S{7lT9V>L<~i`M)s&Y&woJvFm^||hrR;)fy?ixTOuO&J8p=2(BGPL`TWw_WS{7P zqeDi_D*VbbOf>3OG)jDyQ-y?&VG%@13u%G-JBu(+6igIctw(7JKwJNco7ycW0yr{U z34p>ozbq$VZN$$YUu`GUx))ih4w^Qy2V}1|ir7z#}K(`d{0Dirq#7Jw=vgWiwBx0C~z12rkb1vHzw<9Bbt)~iuosa#B(YnLV1lK8sh#d zhF>GJm69lwq0i=4#wvRUISH*$DBDF^J(sE-`xh29TD>lHf%ti4vrdq2wN>Y1;zKCj zXF;BUJ02t1lpl8C%rbrxWMHzKNBQ05u0gx~ZT8uGY#rq!UM$Hh<5`%Mv~j>Rmo5=6 zqoM}kDwgFCu*`^w7aXGDn80KqwYAgYa7-486LGQIk#l6FTZ+(d5N~$3*qeNYJut-_ zU1+sTj);$9B-_cW@e*)H` z3eNb!(JtK=I0U+O+>n&Ge>(&v_=_pKo}KCc&oi8kAR++Q=vByJznu6s2$PAIQ_<=U z2VI!Rl`{I9KDG(|#-ixl@{!)~sS@CIT=Q zN98xlvlvjcoc928eG`!3zapi0K$Y$xLpyHR`=(AyAYQ8+9A(riV>B{oobhZHH8W^# zm1fP?$b#F(b{!mh{AMFk@(dGFRgu{KaQ^`xemGbKwr^zl*4513RC8wEE#wsa?t1*J zT3r-u)>a%L_b|)!Pj*Cx{ra5@d;4z2ONv5N&0?OX+J9DX1Qs7W-8}LpVV2uL0L8P4ST`k)j$K4fV~k+fM~EVw^KwM3n5Z zg+ca`B}?{w2^s5H!`Ml-LY64|IvBDgnu%eMv1E&sWo(J;RQ6>=5m`dtdwR|}-{0?f zdamztUFwfh=W6Ejx$pP-TCP5l33+#{O%DG41s}dB|+w9k` zQ1IL#`m)=dfOObOBFGSXz_Zt*^8#o4g(6g+$K9yl?pfB&MwNK&KDN>JNSU|&4%n$E zd^1oqA!VmL8S5(CCps#3Y8Tj`tzKI>KWJgWe3p*-dxT^J(IUq=_WVfflKTyJmA)j| zT7C=2;ziqVZN7M^F|mSF4}r(`=C#b>D@qJ77C9fci+BBKVSD+}v8H}1aDgyG*4C;1 zpAHjuN4>xk*LB4Rl)IuoWxwQKzvaE@bVP?>U6BFd!X1rsol!x1#5vB7T+ENGZ% z&c=Rf0L*oNN+q5*{4fX=<{JQUUlbMLy7l6dxxIZM)5Tb`Hx^+3K9j{3n7nD9B!C)u z`vc&iFV&yMW<_aZiODa(lFJG7L{G=M-bitYmtBQWN#}4^6U{(Ge|&>J_!1!*86qeu zx>G4!cdLy=g>($K2G!<8%21jDk%ux3>LD4`cJ4)<(Ohx3L5btdm@2LV%1GME0X&q9gYsV;?=bv3MuN3_kUPG&6#1de0`3!qBg+ z5m<@sN}G4QTHnsRrtXT-7LBPCB5bzgJvrw_UfrbW)q6SuJaLksZ!E-2he{ykKuPfH zjK>$P2aw({zc;jqe^sC0Pah~ZYB1e?thzGeJP)w;m3$=dC~l?Hi{1d@5XsVm_ zkGQrWJ4M5*2Up2^dL@=UHbISAw*AU2F$0vix}}gh;R0DC)u5Vo(q1=z!Ac3FM$Lpy zow=w;EbQf!Xcx!5yu6^L>>;3O-)1SAL<{TOr`><#S~pScvgYU5m+BSkPI4Wq0!oL4 z3%pZ6lHxLPC*~9Qnn(Q|pxRfE(Wx^n41u9yneo}vl4m#Jz=I^1y7)$R5f4|YJMG*m zVBC#(II;{4%J_rfvfRNM5KtKQOYnaL)F_7Cn5&MN+nL8z;VLw9QV|WDiXrvM&K{oX zOiNVOukrP6Dc?nGn=S5y;T0*aHB;Z@;%sA*ex0-((^(52dIp29zcegBoj-a)erZ+F zE_fA<+U=+Qp!GV?5cM??bDh5BM8xO*B@#g|^~#(z`iZ;4VN^JJ5*E_O4 zS~bhQ8lHPxQL;Xv912ra5h(92LE!||nW!6DFPjPb9~GP7`I z6TR#M@0-g{erm_OJBLYQ^P|3~M+{!wmq761)BUf(>%mG1Q4$f%f)^j0qD}=*QD&+7 z7Dw4gSWAPN=|{9`%5sQ-C@xA$6%=0Eh); z0WU$T-Ya-&tf>>jw7lwp+_XhF&;;`zPOC~zAM6Y~1Vdr)_n~JYlxK_1kj;^(p2Cr> z{s0EPPV7aTv_WLqMCHAF==rqMBxexU>+LD4qUP@$s*rOmC^5~e@-h$Y6KyTE9;%3Q z6S@Rag&&{C%0`uNW8-Q;%w=mLBRONF59qeTj-7rC+Yt;gv9Xa)-v*@y(+E;BLS`o0=gWNj)`L!3NlfD3= z?${Be_JS?d1^&*&+=M}*quNsq)(Ub@@!AUz;gR`bysp&j@Q=@V>P*_)LX6^{t-)x! zBwQHSlvJ@)(2la88mhHFC#+4TO|E{r!;(hj zk)N8Y@@3_jr z-bBL%FF7*q*P0lRkWLGZL?SmrG3eGN-OWZ@`;mWFTmM#ET>k_!Y3_am+SpP#Y z^kC)3QY@#~>yQg>-^4iU4W3dsj9w|iH~2Pu;^4l2M1%ADvA)Nr`fTie&(KX;RCivo9kkd7wyf;1&$M9d(OV=T^R z{^07B$K>jZ_J@xR#U7fFNQ=E?pE)J{WB$OWJeKe#qB*bHO&W4jM+ zm94H_lWs~wE)dGgNV1}xE8+WkLWXTE#y6fe#EBdxpR*OFYUO`13JEjhZ<0~C9;S2M z!j27nA53f%I?_Mt5vtjs*_yIXJJz4$-F=MTQC&Jo_u>qA4{Pe6_WEPpCBb*1ko084 zP6B|+NYX?h4I&;~Retw$=DZ4?Jx^)!0$1@J_AoJLJo6!{ai&wEo%+#v%Eu}>8f@O; zol$=Cnwvmugsbw^j~piTa4`4?fSbH9IUAtZC()TqGMWlo@_8uu4zV$&TvCNgCbcAq zSh|E0bBUF-c@-S+dfT2u9(7LN)Msz{{t$HqJr=`QzGuy0GO5CdMz?3mq+J;=%Ku#P zQxNw>PJ*2oOd0(6LFmZ0|6?KkyBv3gkkk*JYkO4NN&}11ZvF){B;*=P!+#z7j@jH> z4S3V1S{fJK^8rjP+I61F#*3)es@BaE%92hra+yfKf~l9w%;}bOdVK32y@#$nTcmug2gK zx77$LlP|w- zo!Wo7b;O=to%BT=!zdq+M_Tr8yo`c+0$IDWoQl>&Va?Url0J`6sX?(IOVG@aQb?L3 zq5`&QkYu#p4A|;>V88UpT6)kmJzguOQWfVuCV;6`VgH0HDgM?l89OjybEbR)T3||7 z8|vq-j2OvtP9IYRS6zo#D^+X!ml#hB73wFXBc(mZxj?G>ux1rN7}g;NB+U_xSQ5gC*%KwZfaTr!lYV2b?%$IIZ6yg|XcuK${;bvj&0$@M8tr^+kgy_B zNoOgiTSkUOYakdu^hPHAuG&_KpG5n=RBfPedm2YEqbWVwIoT501g=-O2#CoZ{bF=w zahIZs`675}UEe{TQ=0PzP({0u6IV1uZ~^u-thOa>)&hp zR5LOMMg-k|-tbaJATbhMKItdUz~zWH@a%u-eEzOrQkB!rNV*`%OaPYTgOal+z!J)J z+|r3VH}qp<3{&$^NVm7zmOa3#@9o*9b-!9u@v^evGFMSMv$YrN;y&aWW|!WvcHICk zo1NHaxga3DJ&&Y*@PPZ$DmxoXd=&rxpEM9t5=3SWKqi5McW`n6I4h!!QKwC=ZPFLJ zl*JEOj?tjeq~;=M#isN?RZKRTD* zL)DpH0Pd_h;Ly=3zc4IN6bBNi;43Nm1nZeT8Z{JxdOQSE^{eNrKEcLmFzB&i0{eF# z{Sg{Suho8eyg+ZJyZQM|naSr~0>4YCZ;}Tgfrk4bikrU+sr1rPcb}#*G`87VZg*Ns z&VOTK#qY(b-y?}@;CToe{r5;noK1kqg?L0JFHZhqiow--;5cz2o}9x!^$T!{JsEH} zY!3SqmiMIpplen%A*iGUJ1Ph5T_!*j&3`^l(Q{FY6){}gg_^uHDHxsi z^SgZvu+==bCkbGjf1CKABvk*02bHGI^xg{?^!17WTScOe{lV^6?~0ySFRhQx-CMVr z$7CkAn? zRg4Uyf^0}bZ1M6Ha1m1)N4 zzFj(6xFcsX3)mL#0bpYwyIQY_(dHj&6CGjfs^PnY*On zCrww=d-*f;lE~M5fM-}|9X=pVKFBMs=E~jpw{RTIxCP-yH|LY`)Pj4@!?+9rHl{se zzv0St&OuK{RNd1FDNr?{d$hneY>s-!g)1!^)mzKiN906(T=rWi z-F|q^!+oSQwmgth!z|E}0X92v=lmH-W@2W}M*Y{!{8xVFrFX?Zs4j3<(PT4~#OvuI~a1S@3d

d><6E+(+nH%rbA4ICjG|GTJ|!B-Zy40! zrl#JekhOU+QM$5~OPv`oacysCX{)d}8 zq``D2IvoaNl@YW&n!MTdubTXV>q;aaS+OmE(nL^D7qaSlSzDC9Jv07`@526?dvh(+ zq)C#m`1Zd_DZ=}5M`-qv1KjZ&>UmifpPP)ouFZwq4 z!_8Dw=2o}TB!CYI&JrWyJCmtE!;DLxr178o{P zEEo(*N=$)|j8p z!kH|IxLY7KUu?(vvb{VwMJCh<@=5$?e-)Y+Ud%v zo7MK5kUjeDzNreA3T_{~j)#)C_0a}FOGs8CsXDjbrMY8Ds6VA2E~mO)=yg-`MGKrC zumDLmO#}3Ax@rH*XA`Dz<;@Nlw~x^QJY16VGZOmBdZMCrcXQ$94LA{up>!6WA<$Il zt-HCMkIOD&M>S9)M*tI62g6P)NrIIk;=>%FU6K+)|qljK7aPWF*Mm41I3&w!~Klw8kD(`%fdLO%`T>)NOyWsp%E65v1E^O` zWNUpmFwZ=yV7!odZ0zIZH^*0=?*itg}I#BSgi6N-buUY5CdwD&$MNGrb1C%9R`nm|4;&RoFy;OY}s@!onS^UMbF+u-m?W)kO% zT>oXhNZerj{^13chS?Wo9yF`^mDrw0Q1CP9IgoOhaN*<{?3lD(Ns+vp_IUM{&lDCq zGHHHaC%^htkh$s<_;97}8lNn!MK5|kjHSHS2GjlVWvZW#{D-ewq0?>hpzU?bl*9T# z9!p*ggu{~K{Kvar5N`MHb*HHvz^yt-xOc;I<+qN4D^13t$J|%Ckc+8^Q`Kl*I|X}C zv1$`fl(6pqyBGv3guMt&U8&elfZ0_X#WXtT5SQ|R8z{7X)Gn0P zBDO`>*23UY92WZ0u;Q`B<=TK9OVub+v`{s2Th>dv!upQq6FTLHD)&^aDP*iEd&TIff5HJTjrs$KFokxa zA@QX!6FFEwRq^NpP%6K0-$~-oDIpe1z2TN-`t`>t40AD^x#qU1R(Pnmw73p@y>z>K zk-i7r`ApsHk#;G27XC4JkZ+q$P+ECie*ps*?#a)3-RD=ZgMyUL(AyqoJtzcFGV=TH zty#_^7#BF#GVnPKC7Q?5m6kmpJD1tkST=pgA!|l_xW*bZ9!KYJ?hG%nIqymSQ%FrT z%p!bn|9D^ut-g&OHs4^n+DQ(nCm@`*Zky59)GRxi06pq1LT9p6lqx0yt<) z7DPC}b3)<_@9#l6?|&Y2<=#st;?SgK{RB?b))5B!(jGZ%-h{UOsO)oVWFb$!+kFhS z6>~QIuuYAx>;=kRYB5tk$=vYo@g7YSxETz}SHE1oawUsV*vz$%5hJUf$z2Pn_2~Y2 z7GVmNuq&aaRlR=|*jy4;uqK3JuEJa)LsX@ECX1Qc&(X@3}Ih-RJO zHG5?!#2muQ=&i`pvaXa+X;A)+-Gr+qufvPi8?OVEcfitF5gxWu_c{2R(FiH>{j1VD zNjI(rj!4jzDB$PfURVn(J7V)8BTu<&QX^9rnMtDY2k7VaYx6Jdkdp)Q3~vpY|d+@U?;zrdb064C_m&?YTLhm z&%ftb0VnF%CWZYpheRsfM~^-G>wNI-Umwp z)QcDImEIG1EzeREOACk`3SzPGOYyp=I%^Y0XBPG(oZW%PGVQX?k%8nx%q_~2;N%ZdNQEgu&sA7A zK<|DTr!{sl*pX&KWpdX6OEm|%3R%g>Hx$YEEkUdAvx&?_wihAQjXN9sHurxZOI^}oLWBVjaG@UJ{)EDo*)=tc(k2+Z#tgFZ%*<;Az z@|(E#=POQ)JzUc@4f?tMauN96AOP&JJA(Y803VmiP~&lCrg zTLG=Q#E(F6Uy0~~ci@mE0)v1KVbgApNSr?0+dSBBkE3@22>#>HyW_EvcdsX2fjNRb zb=n`gGFMsBVScEcSCWb7u}OK{4mMD_lIrKVVb`1NvJFtNLv}&du+ArVk)60Jd&ZtM z2K5Dh&$6CQ&;dN+=i%F*TWr9_m{(i2{{HU9W5dMZhZg2kO7;6wKr8)mN`Fmss$d(W z%pkPE;|H7Zd}GEtg@YA=@*f;cogvmB#XY_fe~un<2MBlffCV?}SXHWR>VN>z_0IEC zGYoiRF9PW!#%Z|cDqq@JF!AjwdkFR%=l>L>q90V2LQ7lngpuA#SDxs5&}CYjh?c7M zhmYzk>khuSYAsRL(HtLG_}3+%0qr4nT!ycS@wTs;`)n~_;Z0nrQxjNYDcOhSGD+*f!Gs0jVk|8R#7&v4OE(XEvQLH9Qj z<|bZP>R=Tb6j^@7Qzv>b7N6WF4_9-Yttu@QDmsUQ=A%V1dnPTf(Z9R zJdO|duf}0--J}^76%=*-wnMH|jHkTh(7Fuzd08-Z{P#(_>krZpf?8vy#aBbdfdj^* z_;$+Z#gx9tKDkw_g4=09T%_!#>|gn_hIqYxWc#Fa&1YExauMUpsr-yK7S-NBN%bu5 zCL9iz=KBQhPbY$FR;>IoT?cE)`)MTJI2KytK4q)r%B|arT-@5#Lo8|y&Pk_n<1FRd zxlS;^RFpmUKu0Pk_=m&L52Q(}rWr5A)rt!uEZSZlB4GS^q8dE!n9SFx-O&pS6>049 zClvYr&QdQpKyI1Rj|*46es3cKY<>5_dwP41ex^0d`ZkzMzG6Rmn9JQZ)h*9#>rHdl zw$fZFda`0Cu%m1$u)TN^T?!YB8`0Nr4OpKr=XwdMn;_Gn)7nZ=#=lVUh`}pqvhXOF zJG0~Kz>o_!n*iPdKBV{|sz#;o4CmXw01F*+}wS+V%Ui4BeFE+Qd z6e3DYY%GHbb6p-4BY+mA0o8SwmLH&D4rX2p52|Gq?VaEvHH2S)t0%> z_d%(46rP0n@aZiZTw|l$KA>a3H|IL!770Pi`Ng{tY!F)`;S^xEeNg{(_h?wcHAq+vk?hJ0CI>it)H2P@nzB zajGK);HMl5!Ps_6vi=Ckhg}62_^9lhsykx{D;(6>|C*_~5}QVGmq|pa=g%MO$DGrt z&N|c)*VeChhlNh+{ZhOD=*mRXOWg}j;U&{RkyJ-C1^z&ie7da={(zwNIM+P#&*VIKNwus z2MQX`JKljU0F~E{i)l9rlSOARC@_h$2nD=*C*Z?s+jkwxWIsz|@R8_P-FZ_7lvSJEfN(%c_?P9nOY_GO|00fdK5!3$(z@)`aGfOln9dD-i0_@B| zE=aJ00-qYhli$u0$v(gK2g0|%-t|+cBf22GddE7ddLsbD1G?vbc!`;$gf(~c!BiAf z@w?zAR!^VTOsqZ{kCpFM`oSQ05fmaKI}!N^Sli>hyuT8OB`Ju)efiGnoXVcul&4aV zNaO*(UuDUv)|1?H(WBsdrb;#_{k1obPG?XfOwAV4JuV^j%J~&&VV9AizHjy%+^oKw zrGecvZ~CaX|2+YT3wTM{tLxLY`_I|5YP&rm2ttt zz|M3HFHn4djdtbNe!-`gxgsa|CMOWA`J2B0j+3Ue@0Y5s9$+j-H0l{5X>WBL=p3(d z4B!k52HCn7on_1V9`*dWCbi<;Elhbi^7G-6G;qdwxwkt2=Bz{&a}J~I++5)pcHh`9 zwPUuH7r80R8yhXPu73>wb#%NYMxD(25QH;8gym_vyFOH`)@};;WTZz$C`&k>ocV<* zAil?+nk+yQ5!?Qz8A9R>$SRE&p|^W71c%DZuN=vn{sLuC_djJ2TflpYzqJ7VFHTib zjfB9KK{yq8f3O((qvtKuu1*-U=AdzEsZThg`I)9*b^z#o{O#dplDDS+ZYlaxL4o)^ z*JPSq8kM=}I&5lcD%DD5u*F#GVI%UfsV?iuM>*}LYaKqjPpA>KWkdY){F!?CqD8H9 z7agX_1zPzHZH*!8+_)Rv?5SoiOyaOg@>blr#7VZyz1wwa7he@wG}iQcBBFF2JO%sM z>kBX5Qh%U3B`BR#bC22jPK1cX3*{G?9|4PR!MybV8U6`~_ZE{eK>Yw?)PxAv{H2J; zFx!O~?UJuLZO5EW{iIzUgBN4)d{*8tlP4qHBV5@Gc}RYKbSl+Ei{0l@1`@gIWB5dV zg3~7Yw6+_?X0(3^xN$F=0aoNdX1>5AK_qV(T(VIkR~p4YPS&v}?g-?Hbp#)zLhP$H zPi)Cm3fX7!0Q+J2X4di!wY8QI73ktF|Dlun&inLOU?+1UwP)Z{TF-<8Ds1;hO}B`; zvn*viu~RxHUiK;tme}Y1q*B6`@vjW|h}d49z9CWGdCs$XI&xfffvl)WRbfsuNSx~U zxV_&A+Z)B{IQ6T95b}=QwDJeWtJvMDs>!6z^H4DR?ThV^MjP^pG7pc{iQ4>{+ei!E z%t5zC_0dK84Ez>K3%*z?P{LoCB!UYwc!+;vX|u`%15%V(x6Xk;Smn$9L4675zW0Ns z!7&FefQc_>Y9AKXq8kK5e-5|E!hn>eNq=={$39dPE9Hde!p=vziZFk!kx<*NSi9s1OQ$87@?f3H`+EpgsMCHITfzW?S`#%cFRCfg6WF(e@<8; zmh_ZA-u$-lX@aZT`PHSJMYrTWAt6NbTf=GkY_u;nx7B$f1oOS;Uwt0`Bb`RvBQmy6_-l zP6|Fz7+m9iIXAS&BD~v`tqgAoNVGoMuX!K|sh#IZ&aGLf9GuST&z1f;R-}5MggU7n z@sz08%cU^`^0f$&dGqV0Ha$Ka_!jCH^G*Y`gG_s8qieUPWkd^!B+MW{%R1`n#Mv`R z0GpY518-M$@Q8K*MJ`7FRhBMdPSl)RBXc zIqyCvcuF__@T8n?D2Kw$sif}T;}Ku;V$7DZ(QsbZ_J*6;S1p{oc)8=*06jBLb|+Ktzcgpds?~ z@M2@4b~YnFytDsUW~g*zl28FmR#kQrv~QrQ)E4+2(T|RTzNZ)tZ1T3o9aC1XrQWjG zrKHW7g|r<$G+_fSucK=LEFQ+(qJ?cF2pEyD(i&8%!GyZmmCSLpEa8oU!lj%mUbFet z`z;&n{1h#RsdxGcEbcw$i0hTRiH{ z$mjab_O1ruaKPrVmgtqYng%EzVr3HHtOph!69!(IwiW`2+TeY0Sk;%_M-^SOcdo?> z^MTPYGN0qZy3>Yax;oP+x{X3F_sEGySWmxY~r zFMF596w+zQkgf$Ngutr&Z>LXq!1IASk?(-Qt_84rypGLcFg%k?2?)FKhwI+q>C@BJ z`v7dVGY>p=c>v}nfBWlaJK&+J&~^X=3ut6yB+09!I*a>jZ>X-AOf2Q&?##Y$&(-{5M{nq38$>i9GCZ0NWX88_~@w;?}=^Oc2Juzsh&Sx*d|F*3I? zoqYXH!NH&dsRJo1HCsRina&xxk*$45wY({6dTE(GpI@V4l#O6oyR+3<#470L_ycNn zM~Tx>b}iOgu-p3y!~;NrNFrzrRZvLTNN|G!#Qj%pek6n7Xr%lB^BB+O-CXE2nk4Ac%WN$1@$Wl%seyg$tzB)HVx8}R^Wx|;13Kks| ziv=UNmA3$Pq1$PF(kv*bAvyUzAitCOxm?!167)HAcNH({7b;W-8bOmktOvx?Pw-|Q z_`|M#Rl@{^;)c!5bvGwk5k>REsuc!1f+E8&%S`SUG(melhr*^g2T~7uaNC;Bi_E&8 z2KlA2*<{&hrAkYs8t0`)cZUBN_&9?W%$ariwmV6o`sfxq!D;4Ah8$8L3G$eubutgoN6m`y+Dz%*vfJ%uiKS|-cU|1S2TRQ^)qC1wR zn|Z<@Ys^A$U|zyaOt!^DeATv``QW>x+{bOJ=VQ*XT>@~BL4ek`R=KP4SlRg;Xb0{Q zhaJ5MS6T#!LS95#shlbm!m{<}$FJKd`^{jz!-&mYyxZgip45mS>F%V*6+e1WTi;)B6BnLg~aFw@t1~6*FZ+T^oOkMO!qAq<HfQYv zrj!k_#L0jD4Oo(w5lb~Le)zf~@n zK{QnZLW7R}^Wp01nH(BSP#FgWF$UC@u#nJJ%EY)bFH7LF!_AcN3{V{njq@Q!cfkqW zH)N+GN+ABLlk;|7$+@McDNqP03vhx3yl5nPzJ8l)WI@q287rlnI#5cytJlRdn}&?{0TPrFKR6s(X$?QKzDL_{}K|WUS&f^UC37 zG0|5w4@h&9RW{lGIiosYyoof)`+`M~s>WfR^p<)%YlQ;_$lUeElC@b%pyYKLOAmN6 z!8z4w_Pom&scf7eqV8dzB!sow0if?_>oTGC7pF=ScPdi1yth{dw?HA|?iK(*fCp3D z8Z-7W9G5H#RzZl&(z+O=UOif$JH?o_lHgs}%`M$Qo?(_HDdh5}StRpm^B}i}-iVx|Aub-0zwXzloPU zx9r9iquf7Dt)}!r)5>SseV~$uH+*VU;F-EHc!2c#jfCQT?+I4(Qn?sUCT2Qacxd%E z2|SKb;Y%Zsxeu)3*R<;Y1gB7PT#m?5~p$lTw3QOBXKGO%snx&uP1SgM@#3ghiU{Ksm96nk8XT4x^T3| z2~gu~n=gdzKe2YbaTPU_fGK$Ys>?hVTh;#FFyvHq-EDV76s-*y1jv2ltOJ^r6;br+ zNYi85+n{;Q}`uUVTc##Bud>wb1H1e)`0 zsCm#{|GJ^HRF_)*o3esI-W5}ThtkdbLpj7lu_q+leza)q)4E#}c&&n3xGFIrqR+Q( zRUqnFxM-BtS!Nd>VMp_sX9g1W{Nf(Tx)Lh}b~!3X>q;D;yG(<*Na96YC}x>t929x} zp5@?AfRw}{rX%Va3+R6O*XR@iLyw(sZ!V(pQe;MyW{>^HLQ7g|`Y5OLw(i~%f!Ql+ z?hSJdA03u}WkO+!Nm%7OY6#V!N^DIIfMgMZ*$n8>>ZO&oIV#(J=fV z{ZrJ6fVvJ@R!$D!WE@X&4lWw?6yWI$?ziwMu2qRo8O3rT2=>cbPc0ZFMt_ z7dcDf0k=QYj1buhl}8 zw!FY>VF*lF!fk|zNA^$I{fqtygvD)bY|vcTFQ-jU3-s~0c|p5_fTeToSD`5Wr1VIh z7`@D%BhIVh9-SYcKiB1b7MNmruA7I)msOS-Et~t6d1eipo32#n7_)SWCC2L4^r^x} zU-+R`c#+OD9?rAruD~89S%!Cm_wProO#(6&uQHrjhv!5g)G{l*=6G&ZARU5pA3oYO z%p4KQMvF_Uzqo0zvm0EH3>#|I%hYh5tzTqQz&Ym{>cwjxwZFY;Vx`R=@?>S?li<(0 z_oPA+#iSm!TQ-ddmt6xp9s1+Q_lB8`&mDjCB2;&-3Yd0)cQY3KdBFJj4O$ebHBcr? zo>oy9eWm*79qx{yK}zy`RhFBFKP?JK+zZN{ki2NLZ?tJ3J-`fS@8ZG zJMk2*911~7tt3`H;vmJu%&Z55+AH3#b~0NNo-@I2?N54Cb_3hWGM=i$2>VbW^&IZn zLd4~(fS}pJDq$Ymr)u&M#4(=763+nKjSwq}*G-fdAs+R||9RA3kCKKU7thhHJ;cnx zT2+5>vkg3`?IVoaXvila4|xnyv1xUM=gq?({B-v~EnP=4sfymoHyyGhn3gKpb==-O zY&LNJ<&7Dx*t2ZT4WqM5y6(?;X4E}93XipSM7y?+gV{KDH4*UhuOD$Fn6o^8XZ@XB zn&GsD*>;0yz|V!At{!xqS?D#2uc7S#ZSWyxp=ZBq3A6sX@+mj#T8CkoQztWl%E#!D z#Wt;mTOnBnekG#8clBF{51EEjP&33^qyjO!{g6xrz6ie#f5X@@gfYFzZxo%n z+C&>w3j~)0Z?3KYITW6HpNR}~O^u0JrEPgvT2DZ3T4<8?{7az1IDvCYV7iC7aNlu> za-L{@;=ev=3Mvr?*iVrO`Mx6~c($9Q=O0>u@$?hzX|!=@zENGiDu;x2$`&rsYOq~@ zL;ntnfV~A9_S%CQmbp_oaxVDDs$mnI^&HL)g=HHItWlXDtUI6S&i(U~F~*4rQXLi$ z&5$IoW$iT***NQqR42s#{O8$us(}4I(}&k8Ux?F_DLs30^l!L?Q~=@YFA7ct-;6bx zqi^yJGxhHwYx{;7cuR|qsn5mwv=YZP85&I0c#(9lhrWxxu_AmUeQ0Wkhfz|qT&rad zPpk;UG#H)X${6im`Xblq7|R;heMM|8e)o^vz2!-lvB~hc7~Jm5vGmf zqw~?koI}Z+%^0PbACE6R{AP+dnB(CnXG8~0H*v@|q=iqfLgjt)>L<%2$@lzw{z>Yo zKEyfq?Vg;S2ZA_PU{oE-O}~tx|amUBVeC zN}6}Z(845;_=C^Q7t}N3@xdk<@Bjc9Wt=LDD%a+^1|qJR!5`KoKOj$^6_g^|4@{=N zw(velDx*&ZZ%vFxyiCOzBUK%56_wmasrdfTI<%;Ks$R3lHkY^dvuH-Jp$(Kb*M~B3 z5MeG5q?Md8XS93`FQVzp61b=RS1x5C?*AR1muj5NfC$&QJ;xW}&Kh9j%;*M1GIj;Bd1ZifYHd_A}Z5qJbU0<5U?(?BbJho6O*iX^IzX z-yyHOVSRPESdDrG!56dLJxXh|^eL3`hk4l=d_t~rpQ!ZSdyU5SG{b_FxU|o?r zjV*Rx5$H8}s10)%uTVn+yiB0_1N8tREu;d0EZui#6-_7N>puOVD$L1zKpRIE7iALK zRJXD@vt(FG3Bl=JZq}hpxhR;NH{EV9Z#wAc_Zb<_lHSqe;o%V4ekVgo9LO=NI|n$! z&CX7bKl&>^=MaGs#sen?ye~ay#pBh+hBJc=nV zg{~1A|BW%AeE5J-F<$*ZCX(XPV#@aUx_+{*GJByo#)k9XuO>|-%Va7ze$!;3y4+TH z$aoP^nhI9CTtUPaCGw{)mi*xOQ3<4KDU6G;(va!%yMDo>cJa%@h{d$g`Cmn&csZ3& zsBw@Aogm=@=Kdf*823M$`?%=`QD_fHqz4sm;!U^H176w^7Y^fOD?W`s{(GCxH3I%g zsQ%-lF0~WBQ4nFdt7^6p<~2o&hNn8=W(XDcBA>rZ?)Ik(~4I>@=sHU_a{TO;z~6UE5ZtYdIj3bGfV_yOzmQ7= zuPCPx--F5@dUaF^XpLGXSzpzebmR`id-opHoZZ2d@c-+V5( zCW{)xs{}!5940>H$RScPORt<9MRmbt^W8;Gsip8;3-$yblqMeh|47O|43Y?El=qY! zM6-oAc5N93I!E+{suHR0!W&RCdlDm-Fc;msF%?1@1#~K%=CnzggBM38Z53a}_Z@tm zcT4FT5*NO%MH!tk#Zx_;13M7TIAnFIahnhO`wdHhH*7-h{A&{=toS4|7}7B8r%A)G zVBwUBjdzL?`@fB^^EUIGwMl%XY5sN^C() za$ji%&Mh6~etchd(zN}vR;1P;T{ap%8s~D9<}B8B{I9F<8${&`{z1MNp8Gn0F9v`$ z8vx+RNZ*ToZV*a)W#?Gi*ChJ8j(L{$PX|8Sjn5itx@}NC-0k2x)oWjMkCg9hOtZ(_ zxL_w@GkFu<@x$F-m@YPn_!8*<^b#n(=)5ZC8zndHsJ=)iyu;Z(*T5wjIm|C@{`Clb zXAcGqT!=F{3iH8X5tARi(56+8HwCQeX@CS&3-whPj1#zkoBsWb@`Np zc<*E8f9eH#ki6U>-{ift!4c=KvJm3Nb*jNfMvM7g-Kscn-CU@h)fnZ>z#jy;5R{a- zF>1dznqXvA#{kP@J}s>Ml$IF5zx^TALN#BT!wMl)CUPpGRc0vtFTB1g)G@}mT^50L z?=WrEZlQr61szR(G4Olqg71pb-WNZpHy(6x@|Nc}_4_Evd?`= zu;z|lKgN+TGQWu*Ew>7=D%O4Txxvq+*9RaOGrqR|vZYo!yyFH~r%vI|O@~KDy5B@m z?bM#VAoi4-^1VMT5$-}DxZ42Cu7{w2HW%dmFsHN{{dlcMmWiq9YJQ*%BNJ2f?Z*q2 zK!{;)#u7kFY#RL$w?8)O7#SI*4ZPU^_4pTEP#IT9d=T#f^v|hgHMotUN}PycFa!s{ zcXedzkD6IL(KgnlVD;aW6fyGFo@zP5OiM2*US@^=G8iofmbFeTsE9@ji3z#c(Dw zuR5IwR3p$c-Ermeykz)o3_Uvu4&`?Fi?e}U!g=#Smu4QkNN{e|nEHbqP zJR=f5d^;G;Nv+=ycb@>g-KwcufAnX8G;hcxb`pmV9X;tL_nnMHeFx{5OnHW<8&*snweif9#=9E?lWq?6YVl&V2ZsYo!*Y0lP3+3`a5C z>~SnNU$s2?I?7>G5_7N}z*jw#NlG|hT~zLSa)@z4P+f2efQw7`@kpmy$f&Jh!`OtyL3vW(Y^ z;Md4MPvSriONn=RE94VE5G3R26wKZc_F-a*q0t~1R~{^^P1KqSIS-hKubsnG3h3v) ze_JcFmB9NoHa(+H?xl+J1edsQ4(N}59rIVV9yf-|fkA?qEbzuU8c1)ba_(mh0!oJg zS-?#K2@G9?vp=r2q?&Dj5d#v8kB*w{TEjBG!*lSurZBGZ;AwSAz|VIBQZOT1Z#*G5TkfSLL7p(MFBy{9 zZARSeSwCS|#I%0aS8ESx7%51VP^`@Sh{Q;{YfDB{<%OD5)CkrXYLe5_-A+^P1Qh_z zfa4F5af>4G6|`zb4GfoMH*Ztlz#yB`QO}DXYm7Gj`fv(Q7}BHEvgIOsi0l)hs9rh; zslMywkqRs5yNQ4~xuwG{psHV}Z$;;gb5+avpW~i}z7@Bw98@QA2X7Q8+7K0XWPv{F z;;^w{Emn}R;%nfVIo5)kC_k`czdrSHw^%aqWr6ED5tQoPvj5zcXAMXwW&jN*GWIk# zh_KBx2^Zh24uB>A!<2;)bGs3qcfGyofE}+@nS^|#cZ(TReJt9bV?4!Q&T^hb2vu{r zSf}E}?`?d~St;C%!lD|hcZy-$bGh1Mr`r0DBTzHj%lY>=csS&CJr`Ki2`1l+^=;H7 zGXY18s>Q?X@fuC>gu}Y5Fyzg2tq}Jk>77#%_%|15kjQ-GR`1do?WY>V_R2u|4-a$x z%#87q^K>4We|JTuBtECNNy&_1T;b>V}A zgUv6~5Jt{c45ZqbfEO9L`O8jPlg;$K3oaoUfFxPvZ^UaAj4dEw;Njvbm7w8wX~h{} z2xq~dpF?~&nnm)UIA5TP)eQu@bDI-x84@20P~H)qe~yKnzYy*QmfCBAOC3OjXZ&9@ zqd$ZZRxRaT)&i4vKb3o2Zv1W*5aLN}@a<<{gtgYpS}SIXb=rEsvJ*Sp);uu%8A8E zF@W;^d;7rULy~GCL|5i}90OH6(%D>}Ec&Ti7poKUpo%j)7O(nMPP{DOzTn0CNet{^ z%`(@ik?gYp z@XRXb(UtEVBNgdA9BDbzyTB?rG9c2j)*a|+@mc<0sZJF_M1AKL4TmXxcq37k!2+?$!FY3Y zQHMuUMTJ4@Jw*If7P6ytV4d+TXXSn2!^PTEylkJNh7c4R+NnxXMf3V=6M;am$ibZ> z>JVy}_0WDNCH71-zuOWbJn7%mnv?-qsw(5oJ|CS&LfREK3tHK#K}`iAARd|QgRQPl z%CP=+AL)F@^&xM(mW)7VOQU7}-8;L9F6iKmT#8=Z(!Mt``Kd6i6f+O!BxCV1KZ@CC zv(2npkFg$rQxr~M5~ZxSC$I7&g62w$o^797)X%-vtuOr%Wq4v%B4}&jLHg{aJz%zk zUHeA<7RX|q`oU&+$MMc67PbYpB$V%fdf{!yEZ}5fS@8W4y+Nu$e#Q$4#u~f&JB1Yy z>c624*KX?q8}8ZXnMGqOaw|_C9tPAa=24Le&I88LB_KXq-3;uNiL0iy+|BW^=lX2f zKxEEN#y&4qNg(zeG0gAOZKeQO$l$9R04+@fq&WTfGJy+NGkb=q&*1&&QV>bm{O*pcL+Gs^ zQ{KG*x+73q>)sZlKz0Z)y}bPS{%I|W&lD#e_4Sj81nf`Yze0g~LM7ERB0hr%5ASFH zIzZe=0;$TU_v`{^qYk9pYP|a90oruC@wO%>(P<~MG!Seke|o4metA3J!EA>`FA&jz z04^Ck2GnxVKmcLMIddK0L$ru+4x7&aZ`0p1gg1#8W4FC80N6K~L`&it>CJu+m^GIM z3M#M5e0lK}4#Xf1nwZ2OJ^6xzbE#UT)fim(x0>V`i!qoOg z6sOLFhvABU;&u_B3?$Zm#=m_mOL z9OsVV&bp9l-s|R+(aDG+qvd!#jWnrCVCTn7M0vIda=0zgxcPv3&s8VF-$S5Ko#{3c zPdph}m;BN8hv2Eh^N^N{;fFr0kHo)9c&l|<-<@#so%ZS4F9Y_rf|bo%@xOvlNklUZ z%L^=CeQ#EY+aso{K$iN2@^jKGfKME}lH5naS8vGfvH@@ml}KQ7LUHha+I#PKETi{v zJhCF8kQ5%2%t}UO?~FubJcRHdBPv-*R5_xt1PANT8i?sLv{u6AM4v9)9hTzKW^kP1=KAvb$jhUK#2V!Kc*hRB^YxIuyf_j- zu697~AcY^UFCTbQG++`U|Z7m;Chn5#`E6<59bu z^&VGWlM%B~z4I3iH@x`?XQ?iZgrmbZu1OoSxgXAIlsGMa$e}^rXzZb=LVvxLDia~y zrBxOC-b59r%JE@N&T90?8QFaN1D-^ruZGr;(h@oxkL&V2DDiq>%BlBF_I+z9^n2^rMkyil<}J0Wt@&*1rEF)7L|q;_9d>l;#&cKjZ)$1-L|M z^O}$?Ia(o%vz6)4$a|sT2bEM(hqmDKYvNCIoW6~M^8ybkt0wp1Z#XVZ7+F4@D?npn zKreW(vi|6c8YKM2?E*CoYY#||dE=m_^;Ty3mmH5;7r-$|+t2kynHJ9!eLZYJK$%LOVQ7R1|Xrv5M1sSnSIT_S$5h%n*X53&S$ zw)rb;Wy3R#EQCV@w`{k?+qS~I7uVG4uiyn>*Gj5(Qk&PzHKmJn7e`plxH8TZqos|- zjjM{NLk-ZgOR`Hj(mCdpaZ;}zsXtvc2xz`4oUnANPf_cmcTrq&9gn9zwH_!5Gl3ENKCCFzSK8DI>!fbIQ#9^dgyW5g z@d&#vd(55hnw1bf8O_*<^4o$9SucC_f|aKF*OW%t{%H!`82AG&!z>y-jI<0Hd>rxs5-X)J?T zW!Zc@E?tDWV|=H^Rt_ICN7yK}n18I>jo&Blz!{nbs4SgQ()V^bQ?{r==iuGpFXLYN zcCt$L^sU!bTNppifc_JK5A&WP`~2R&{n4TKhZVjmt;@mKOId&_15~Z z@GOtyyYqUzAU;WQ@-T7R1S9PkbQNb#zzUA8BdnlCy@PYHZjJkOJbGhW3*|Q6mv~g% z3staMsEtfPm$?hT;n^MTYJ8RL&g22p0$=lElWZb?`4fIHa^`( zDIsofR`RpU49*>{0z_g7JyYFTaTSM-lP}78nw6F-6A}btIN@Lux9vms0y%joEH9jb z$SEnI#Tt^Gc^I%4T|KaaWM}ut(2t~55y_X#_fyF5e+mZt+7pH9$Lq)%EM7`aSd4U) zo1XZdTG=LCD%Ij0on1$czF5I?TIpWUMY&$x2iB6;)p0!+ECxAC=+~n=GUTsa4=WxR z&hD0He3`RAJp2?LEcWJ_rBo>j7x( zi!Zjp_6f2}LvH)OLhbUQH`%xIY66!lwwAKi*etQkF?tCG)aYB@qPJcXkiUG#6lyOO z)~b|3`LJ3UskA(MR!~;Rd z6)TJCPp-pJk*3&gFMe4y-+Vs_Dmb=XfN`zv##6SO#!Z9cvm`zzDHH01AiJ?-o8sEo z?a^^RIrc$X;;~Gedw7SBeG2q1vgb1D&rL1g|*A#jw72^ zdEU>9N5ix?+HhJ8e#RJ5_sVDs4Zk8v2+uaAnQ&SEJXlY0`GmV7_2G|@_4q0A`Uouk z2{sYbz>??3ogB8we_2aFiQrCDry&a&{LW8dYoh8W?e7v4c|V zZ@B$fqv7tlabusa@0wg+eUgTow@4_AWu=d13<;F4O>p#cUSuaRC1T7Bm_5(Pbl{2H z6XLIIC)qJ+*QS_q8YKukW*-aAoO|@$RZ70R0(R-FUBWx9TllE91UWdLR@ik!__*s@ zdmJW1KGhpJHV^&MckwaaHUf_92~iiPPXpv$UMqg{(c1UONl6#EPWAj8|qZCZ<4Z13zYad z6u4ntcn3kM2o8w!xX~o(BB`m|tN*#aLe78#HNIoz9HTsORI|&9^K|AT zU2;@t>5PPFn-$p^5$}^{a?;qVGA@RfE$W@hq3v3eV-dMw)$GQc(1~9WI@K&3QtQWs z&%{Ja&ZvS$r+Rya=)YsDtPDKD)DV2u*9Yr+&KIaT!fV(&r2iDx-cct5$vW{H>Eu5xbLD}}{M+q~0(Bj1BoYN9}_dvax?~B9hT8Wd?Dgo6haC?==cCicG>PKBGPU*v6 zd$(34!03KoBVm z*K@8>o>V@i z;+IovvnNAqC+L4%?8c&B;UBK{XXW%E`0?QKyKa4#L%#TtUSI?(3HS98U3e*Yr+xe9 zNKiPOeQ-nJxh7sPcWku}mQnIiEwWMMRk}~mybl(x-ZHH_oGsao?2ywa-(1$#F%07Y zKgIYS^XSv>G9;Vi zR!-{5%ZFN*NlZ6`jn9U8q$GezJr|$qp!;OGCHOH;;1#7irB8Y(%w@e4_L~YwSq11#z;%Zu`tysfNMGKn=nGcV z2?r#>LH%;EPu3Og58!I$`A+uayw4%eTW}4s)Q{JRkY4VkRsZ&^nmH%4bV2?Y6bP=) z`FuWGI_L4tT}G4S;DwLZrcgPJhV7p6a}3rWf-V`+7r)$?w&Bjn-3BCEElu@`fu$!*1NrH?*MmEEQ z61#s1E~%VMzDPZLz#2y>fg>PM3?uFo>5s;c!qIb<#p5hLEF1V=vM^R0SM~6UL}TC} z(&x-w2GsMxH)TFBw4psnv%)AD_MB ztc2PY90OQyv#=kIT&X0Pw>a_WHQk}luKlmi){+He#hpbR!}C$3ai=C>JgNWoe6{=1 zzFeYgqUl_l6>R_JLinqR)X164@w7~A{pd3a9vz)fhlS@YXVVRf%dM}{FIU?o%vQw+Is0}Ek=AKu4$VlVQ$P`rV=)!Tzy7GM3eeaFww zAJ)?5_tqfQu@8H)){lE*B5P~HkaSqU$?1J@yrfo zto1u}xMHm{>x}hDh1o6_rNoGAN<;q);UTTH@0(dtKONwd{ZS=OYRvSYwNX$pX%5Tj z(?1dgn5F#B@k?ZM9jt+RRe{ZR(M{EX7erZ*&-k!$cYVP>3r;vy-SFj_;iA&N)pwM$ zGLFc!I5IKf!abjgUQcX<4i!(e!0lt_#5FOO-RXfJ&<)jKqs)RMt{$28;w+q>Dkm14 z|GL)$>%|hw7Uzaacj9Yh#>FGLe>S+OK5FaRZPWGBqQS;9>vH^tDcj--D=}I<6q^Tg zWUAGZ`IH1W=$4j66<>|?2tN>hU}!kM>1FNjPgXMG;) zuwdP$AHEf5+GMCSndUmpz$CgkuB4QW`FyW%d3|M3fH{5h21I!+?cLx9I;G~lu~Y7= zNO$%>RcSz=+4%aRJ%?d1)e4T^Iu4gz2}J*GCL%u~omPmtv>5e|d0;gUpR08Lq&w$v zl+!^e)yeyiYn5{-tnY=-Qmk;TRh@NtBKr6g%SisHrR(;JYn)}#XqeLq+W{aJ)oYG%hKtLZHdgIb~K~K`BP-owze;PR@|oqL1SE>jsw#fpJS7oUDFmbVFZG z@EzNgOkSJz)9uSj+bvUDnuL#d8Y~h=EYp?N5_#{oMz;c2+;Hpoh(9DU=NvRja*) z=LyhRu$0jb>9xLrrpH0s%U0X`Rl=?YC5vqe?Hs!EejD@e#MK*(O`8_#>@>e-Et4l~ z?%(pX)5+APV3^t-)!Q)Z za5XIKJ+OXMSL_aurv$p8%=Ovu(IkpOsv;mWt7b1R;}Ma6S43&gSQ@W)@!EVontN{Y zm8tFex7E4$LIQ8c>lL2ZJTuM=m*L#DFX5ZETGqpL4W%0D%M_9YA3inDx^UdyoO4y; zA=|)aC2?10AGs7zEE%AFm{*98aWAK!;vq@zL19qUbl8%?Xm1{U1aSG65)1I3+3 zjt|PtIltQ`a|&`*NqV}8iREed$`&T?GltnV^}IWvUP{y=Uc)<$8_mG z4xO(U-;tv}?Wu)^vwGhm!v->hYyHZ!#0T0gPr07LeNS}A(0@gt)XE?_Hn!QMDBsw| z_J=jsfIoNi`6)yH$onlW%eg;lwwO@0_eeuPm#HP0eJ8=eRXj|N;ldW6%wPDL)Sm_k z(^FjZ*@uH$MuK4|ZN6fu*lyPs%#yXKXKGpV)#+`k?XMlO{v16l{eHo9$Hy=8NVkqQQ~t+drwyKv{V9cHt+&@6+O4 z5aK-5A)vrit#1De+P)|}E~hjB_B($W#ms4FtG>aUo-cjw@XCHau9?pr<-FSF zam!iYLzc9|nFKMS`F*JLXW9>C?&?U1k!y2~Q8&D$GxHy@EL-Yw`qtc=PdHGL;Vh#U zz?bjCps)Qs|dhEt%~ZL(_4iuq(xG+Vd49Jc=EGb(-4xd6892%USpZbxTU0y*|}gw`9nc7%lSgoNk@ zxGyP;fAhWQ#(O8z>Wka6TQjrYR^FQ}oqBGV+V-iK+rss1^}VE7$HDc5xN8}<&bJG| z^7Jg7{rnvtZIte_MUMJNi6h=sDNm9^9c7>7gzJG_=#&Z~B1gSG?`~n-HPwNM+L{P7 z{d{_xKe1nMo%SsjYuzAP442gRo`5^5G8~2@O*i^967zeyTlspte-J)I_tX&Q_T2L* zu}vD!>JLfUUR5=nbrx-ojh>D+q&J}3ev?-;79{`sEPyW?7ZT>jN>d8gZS${HFF3=M zKI>y~4sZf_%y5g!XSkbcAyQ`kos&5jg0*J5@@L+B$YBqDWFNMtTDCZmtAR4UQ9G3( zt_FB_aiW7R+bLa-Ar)!0wmG=Hx$$|M&)z72lmb?xB~5z3Q1h~n>DT*m;JUr zTnYX}y^az!wyioJoJ}_&xvJzmp~|+ES8!Ea{etE89NBiTW%=s2(jH%5U!hu|r4Ci? zWc1>s=+=m65|IKEx&5@cUi3@bY3;^%-(cnfP5$$lo^UW!v2*x-de>17y*iWA`J(7* z)Fdch1%}ny%L|s}Kda8h+Bt$YjUD(|eWAe4b!$Fudo?cEUhl)walXgd)zmAA54v(= z`6~288SWp)R27XlQ+F#`KsH3)g-*&jymz?x@y%Ip(G7k2>*Y%sR*ELi?^bWj07uMM z9v_%{1ovPbZJM>7^Q^0@+tBiL#8gpt8{%D^{xa*jHRk&5%dN>zSC=!Kx0dv_`N+n! zW~<=hy>nFuFCBLe1O7Pm#rzl^9@;3yLj?Fk3gM5m|KyK*?iT8ArxveAZLKMquGeg_ zG#Rbf`;l3tNigU8|y2bG*B%Y7`o{7KzztfKm0c!V!y17S6_yI9};DOjO-B zuS?J?dnRK{6=y+}@#+WX3Im7t>a`!uQUb)gV82;J3%Q?&OqrIbDD%flu;-&HIgYJ@r$&H~IsUb=} z|50(!?>GC}*(Dmf3N(YMvbdH-g2wD-`XVb#!0t1AC|oV**eo`Xt5!$R2v$3f4R2Zd z-`?Ju-HzQ_%i4ahwdUt&Ugh{>DDt5{-DJ@>q7ROjGR2R(pC=;9saM8#Mv2Ayg7)xI zJBs1roxidQ3^bbVOHTpsMR9w)`EpBar=lZ6z0hjWk!qM=s@paEPw}-(mwI{6hjHOt zC}wvwKGRf%jVg0&yI~xjb2EJj$JXU7@wVTO$Mnt;QE%oHO*fwZX#3u4LxNkZt3<(2 zy4}jK*}BnoxAiLL-R06T;j>l3Pnd44f)NivT+Y=|ypeJlz4hMi1yx&+A@RFb(GizA zdxs@w-mG*UiTnA1@{7VlA&N}oqOKpCevXoxoqC&{FBzr^y;WPknI^}CF$wvR4KV+F z&_Ai$Eubc{emKAfh`ubZ zSaGbl;A(|kZ8j#W6!oZ3_o2*+v2MOJo~q<*Mvp7wm>rlP*UjFr(T z-A7{Q9twRzj;32U#mc;BRz}bB08t8~gW=q@evhT!9BCNOFVHOJHYUw?amkCdat@^3 z0`GAdN0g_y$WAjo#M0CApRaLs_CCgnpA(4`8jfb)GBrbUA8DyJ= zec2m>*0DdHuZ|3hI|fsAe?03l@4p(yJ-=xkx8Aqmd}8_oHuL8(N*uKLB!;p^>RfMB z5mn7|`(fX4DD85gkE&kJv2m_CnAt`Br891$F77K&vsTNhJPMd4)AKxd<@MJ|of*aA zb=Ep0@BpYb4|)3-II)OSZo>#w?N9J8y52pWWBHe-(&E$bQq0!o`R%XbWK2S)ai)}p zf$>Qx8Qmz3wIdCub)A-I|OzapMT{d#q@uS8zXy zxJ09{R;A+Xe|uV7y;N`5`ABa2u=9xqxdP+ue1_w*p>VRm#kh>ltqql+5tDZrg#%H9 zW1_2dO4R*aE(Ox(s8`zj;!OB){gDV&b-wR4NXGl8cDlHDQD;!KTK4$x`d>foqpLen zZqn)Yj_K~?I`eJDCPgbz)XDGL2Q&r@=sd7Ak{0Wd*zj5H%DL7tjm*6JBzI@iA{>sa zB>Rm{4NDHZIoiwqC-b&0CK$q#B8WG?cmYQL zH%{jU1*2%G@T}04ThV!*+0^ngbK;@giNly_vTVN?U$sW*S87PohWa}t#zv$q9gpBF zs+P92i02F!bkxm7V% z_*_8&0ZE-o8&=~HqCXi-PtL^M`^cFTW7i*9;Jo2%I;*sm9^!rj@9wM17WK2feDfRO zq!uh)#I81||G~=+~60W-dA^LM}Pg#xdvaf0Te2~sLOC@rY*v(J4 zP+Ge3qlKJ>g=OJX>WE9tJdOkBaR%4kLard8VET<7yY}qp$8sZ+-HF+qOE+-Df;)9> zf*RN%t}{1U^asRAAHeYB8W&g%95wFW80Rfn-BKYCe`Vg4goJVe6Srq|dGUHz`>hhE z8C+d^tygpsCtbnm|7F3w29KntG)R>Ik~AL!1un@iv-yL=$r<`Fh&;tGINy3Klb0`_ z`9RK%5j>(0G?FnB_>YVkh8=a`Fg?!WHCq%jR+&mm)?vMLIx}MKtdAB_L z+lt%cV)4;;vr?T`qRqZcInNF7(rs?9HJL8Ia8!+oVUvyzU2$!fGaWXvx-!xtEE<@p zn|qTVZGN!)FnBBzfXOtC*XYfo7{2rYBZk{C9@w79qCCfz8A|c4#l>c!T7l(+_NH3) zb?FpWJX-dT#5u!TZ|}|;^5m!-#_%mRDQD}GpunhQxxBrUo<4ivLWnP<9qD- zBYM1P5_kG%)q0EdyidF|UyU45@D{tC zo0=qFk~0b;W2GkpGqne8jvqonzoEd`YH4BR#5p(i8y!wj2&S4%k1WeIZHW~&9m{m) z$ze%OYD+qzq!4}eV$qeaYZAaLH--pBe~NF}Kqb@<1(L^sfoQEenXwHl1!vZ6(v92K zTEDm$cTD(am4OC&U~Nr_gNrx8h#*|3joO&h%2=Hqm(JyW?_AD>MAC|dHr`^F_ic<_ zr7qOQ)1RK$_N|WcI`pfVek+eV$Q9tfl~wP89=tPLC&xCSE_Ixjr;uHEG_pcP-Z6$rEWQXARu`_qBD0bJ zl!d9_p}CpOVbzq)1FP0kRx|<^r8WuY^zx-`Y6h!KuSw71qdT)+P#`Q{h07Doa86(f&BgiN8rv=}_W! zx{?rIVBAVCuS=JI+xHLp>w;qxfDSXxIdGn=#yuG}Zi-aG$%|ZNBXqMV^S4MdcKJqk zGfOg5Ry@65uWap>V&{XCNeXOmK+v*fI`>7%w!S(A^{n()xAf4cuO z+Ep||aHPVhV)3zYvhbX%gw53DWrew!l8W$x8>@ru0}QTbC)bB&Rzg=cAFAd=YNCCX zrjE{#WFK17yFs@;BMmwb!7d7@=zdPH?mYekq~QAnpDknDJIdEF)1QtS8}Z~CJW>}r zy7JM_d0~iyB#WswDl)PzoVl;m$o#=ns*+C9^M2^%&MkL!H>xk!oqp1-yz}ePpwN{L zrqUZxn%vUN)_bUP_r|)hjCzSoK11}Ae`y=9gxj<2(^qgQI?~2DYOV5eTi@3(cP}(^ z&vx65m4>4U?{$~Lcniiq#8&f^m|yO_*Xh`nX|-YPSL4}R4RiXz*j4?W&_-*FQOpf6 zhF45Uj{uzA__>z7yIs zP%nvf=E>E1*UcPVnD8uaEa~b2whY{8H4d@s>B{|>kxHj)lRZn7pufRX;m{F=Ce{d za<=$lN#XUN20zU9E9=jJ-5AC`(WIW+L5nRI->?N&%DB0ooF5+azv9W}|JIPinO%~6 z0B8gv&qzX)^XSIDWKpqrNNSW8GS&JWQ!iPWBFSYc?Ty^@y~!bg)f71wMqxpgWALc! zag1R5doru5$)HR3J2^>051~YPgy;-3I^!G%E;hoKYOscIB%?=@n|X3bG1%s{tWCvH zj9Q^>Ml4B=)?q}0y1f-~|EU-H>~q^mdL6X`-jgnkP*ZPgXG}ldq7e6wO=OsU< zQ|dvIT1@WC$JFL8R;G4gu|LU$wxrzhHGMi=EYgp7V8f)ADu{E^^d!aAm&|YBA?fD| zF@7F%{`JIrHQko-+M-+A33-ktFZ9*vF=b2rrW;eBB1_-h0@nXoonbn8dLZ1GeoJ~= zk^VOKcFo*Qvf@m`x?r)3B>2Q{ZSqJ2iyrOLBo=J8aQmg#``iWa(end-qPge@ss=)t zTlp8ZFpTOC)#jZy>TK&)8dj9h-$U_lsP-IwNGA02j=-jA#SOO{mILIs(!@3f2G-h% zb9?t^*!QhH+kRY8Yk_@z1k*W2d>Erv5$1uN=>A9q(^d`;+c+Q9Z*I1hej(|$hTgUB zjaW^sxz`squF|@0HMD;(o*$@wws}uzb=185>zGK0ae+{W_Hplv?AwGht)~-wNd`lz zw+q7)T9<^Em&nKF&m;7J+>k4z>bDj1Kb44qfmFUlmTPR1n@GT1TEF!QEo2$zOSPU~ z&|i{^;#hC7UJ;#B78q&NGZmiZfab8rzM`h2>3)xGwUA&XjDwTTC!1e?1=laQ+BN*-dPNesJrw z2li+C)(s(Dvm+R;Q>tZSAkXPN?}Vu_bezMENdFg=huk93=!pE}?S_NZq9q27+6jkSB^$Ae0A%d04!0yR@Ss*-t6ofyRNVI zsWJU4HyUL~BtwA_CT8tylk3c(U%(Z2f+@NX;$d*#WQk&*Nw`Vis?SDlSi*y$f zrn|Q)OfAhE_1?dv5!;ZwH~e&)S@HRLJ#Vr8$ijOp*2=o4?bPRrxmI4Ak(zeUzvatZ z+uoM+24%PPe5lM#7={^2s*Zj*2F!wJB1_=4S zZLK@^%mn&Z#HcaCs==N2=0o?nZxQE7q~FS4db6~oY~qKSd=ck*_O`&c@4V$MI<(sT zBf@25HZK_~w%$(NH8swRH8gJ}1_ji)$zGdgIlcHC)P^TjM6_Zq+Kta)eaUp9n4`UK zd5ciy)n)qVL+kn5f*Fnzx$WPh^1TlQFn#FFJw3fPP}o*rE)ooBN=FhGaoq!LTjZ0i zk(xbar4KbZC~P=)IG-jKyjT0>=2GSO8FBS>AF@NQ0qcRs&}djUtrZxRGfB>$>?+h< z2n7(FsWdI`*v!c>6mO52PI}sniFd8pnB$`f_p5z(6j%51%a_u?M=QLwk3!TOHASt* zt4NFL_708mh$PE;W6|3VDYNfdKOIO;@KxB(%9~kCPHtTqQ6RjG)-$%7zEa|PN27OZ zl`L6!dnv=oxQnT5W<2$$_YCZ!N$}Mu?Yx4G#iN7OP3XJ+6gcu4!cha!EHGdvxYnuT zbmQ;5>90i6aTdh#H_lmI|)$A2*-qnrvGP7l|>xAQ}OYjq`CAdKCEnw4$?Zc{2e# z?P;(0joiCFl%Lv{^I4^-sX3`AMzHM)^~>qCEUV=4ET=QmWn+%n>T-h;`K4r+>Ec+< zJg}xVDC0cElf9;{M+(VAU?P3+Odp+^Ek$Bvm8iNfLfBHO(Oc?ZF2Z46li72>BWa|4 zpp3_qf4#5_u^jKoHTk0Y-#c1x_PfsZkEbvnQmU~O5TJAURBh4qJ&KpMkT&HDh=Bez z^NT0N)k*!$WB~=Nx~S;L{Lv@K%46FiSDa#QP+xZ;Ion#S(t1nftL&Y;^=gmll5da_ z^W<_~)-pA1#+VVkQ zCfjt_qoM8RrHUw-ZsW;C6NQ7lyP`Y+PDPsDdx1a*(z2qmONU~oS`g3SenI0tyH(hjnG>L|4~zkLfXgNSlOI3XQn>sWUCrb}GT0 zKNa>Nh*4)bmpl5U(%3iyYtm0gw|!H`W}^Sj=qrJJX@b#^E`^b z^lLu2-j%!pckR78Y!Gb%^VZA+?Ng+(d>m>_%*pGU#S!6dpn!$g%XK2}smU> zASuN}9~!aK+Bt{`vU%URlg%K@Jrv=)G)0tcz@l!;aOU_pim!r7of z0WIX2G|4A-JnH>WT0t7n>l?-hxeX+cfI;qWcdQybdOrpIdFAb4V6G5%Qyo?$NG4S8MUu| zl-bdaL>;;yj_Zdt%-kS04OK7!S54U*@RHG>9sTY=j+v_beh3xB>hPEvdyAM!axLXQ zXO=U;vZyz`@hD^0Z%3)cL5^0ZM5N?&mu%h8eeYj1W0iouAExm;Qjuep*vBp+bo^cj zGCKIOmt*%g#5KGbCk891Z6590Prc9#&a=uUNY_sw{P%Zd4%}W?Mf>Dm4c(PN0?>f8 z*QbaNss*dLGmSF=DrjMW-c0rdhsYIi^(vB-br^=VOpM-m`bxWAnf~B;PsxZ#D#otb zYUcK8jS4Qsjrs;vS~|WX>5E4nANqyhEkN+vWNLmW^sfGG?A8vbNX3$Cm=^n0n8x#r zFa*^2Q{?(xk5hS_YnDvclea~hrXx;#I`0W#)v54g-?7U+`SL!UY5rLN0(>kE{t5wA z39cj+MlD_z?x)`8{s@+iXjQ)Zk*Nl&&Ermp0Ql_8&}YXoufzJ$_6{43#G>hF60+Q7 zZ_RB-Y6Be%i@MPnYC1@%08%%P0wxEq`SGgQ2TdOGk!& z9r3o$A}X>kEXi_RBC7a{p{eC0GdhB=jbebfX}EDmksL=a)o*G(sug z24>Bl)F=eMc|!f#2*Rv3$W$_Po;^5IYo?MPh-i>gMWy2- zryoV#os88vc_Nw`{mz-=^W-vp(E3MncUzr1lI|MXb{L@*c}gkp)WRuj=RQQwB)>zr zqz$-4K0J#%1`=;c9Rx^rbAht;!eccneqG8J*>c08_^(f$dJ3 zH>o%mc=d!ai+Wtct4qI-N(e}$OVfFZZ6OgKwb(3f9Y^|A0OyE;M2o-sR z0?+3hBLb@u5k;NtR^CGAA32rS>?2D33`oHW?nuY)qzMhoQ9ng+Oa=ZYVuV0ZgPV$I zZLPl52cX55UVfuNhGv!7$pwWtFfu*%Cp}bGcoU|A@Jev4QX;e$N%G#ie&o zS`F3`k*qX=zy;{EKK!-%esWA_+H(RVc$WtOVb>|IzONhH8KH8V6%jM0a~HymlM9k# z2DfCQN_LsCZzF$ceUU3qgUfXg_>d7Gc z#*?W|XDy*+J@KqP>X|EBApPAdv^u$6!r8RW*)(vgBn+a7xYrI>muUmw|GDO7$Xnvz zdIO5+dTZ(5gWQu=5IopX0(5xamZz>-m)Is0l{w~?$sit);pVvpX&$ zbovcQ_Jfi>1fW;*VET@WjPn)OgY&2a6)=oi%2N>}?>mm$b1-9n!ILNZ%a;&;072=H zGN4rQfP-@|{1-P9Jc_)(j|gkqycQZ78>K${CEmLY+{EaM;>;I5EW;hpwjC)FWAB_AqoI#=7aA|!_crwM@ZqH27EAn zXG#PgjUOtVK$;g18gxiOgJ%+5PBb3asH30e5ZL$HpiYU0rN>`^uFk7T>cLMREdY+( zNxjfkh_O}JHh)>{U4Y#8vJ>zTPD&K=BNRtM#v=RDt+&t#j;A2qU*JP-223ZPy|u{= zE#Qv4Kn-N@o3G)^cMk-$t>FJa-wEkGXpjdgn1Nb~Ch2$ZhH#|$rC`T#RIhVMmvHQ2>H z#JWEM$)$C{39#GR>y z{OCRdoZlaP$zTqlMzkRFUiZkuK~13B%{$4H;6Y8)j_jx?ns|^pw@+6)a{*ct0m2=x z;CCxAHAGxeuk)<2?dd)>sIOIfA-~27rGbAlotxM+jGce>ZXy9|ZQAvs`$%FsAH=w` zxHSLRb5uHiA}{$r2-1`X_6Z3X^WL>C$k1;M0Pw2oLK^%qsUG&1qW_ZF4&DyR@x8$X z(h|>|0E>Y{+@M86RSogMgCX|l{1vnRmWGhaz-6&o-{s^zI5lvPd4)*Bn=twBmrp}q zr|GhO>kNd6-Nd+H!uhO*w+R?)(-hfAA4313z*B1F4+CicK@>*(vVYHk7qXO{Q)}V3 z7d@~!YErHU&2B)y*5-PNPe9hLb2$FL>%V_IG&W zpgPb@)5>I$6KFOyvZMKFo&(M9bTxOB07!O%m;a@iG)#et?Yd+!&`kCP=`-kt3ZWVJ zVG(%fGf49J58YDApo`^GnH~G^(V^_&&4^y?0ywn73;8`ExtJ6}u%nOn+9&{)!=BD> zoP$x`E88Ki5xM3SAY_E!SUn3kV%pM+yI$}v4c0(#Cj?UoG(bqSaAGBQyvZyWqx_y3 z_Afl_P1}6|sWMU}5tfq+9%V;*anC{Cs2te*j^rT{Mt-I9;D?z$7nSp|43B_sXeOF>u(4Zo zaH9tZ`KvheuR+8H0dnWlokPU%E5}=F#El?YR0C$$xElC39`@QO(*s94n7ug72J5-_ z2qKiJ;SHMo1w#z<5p%zEH}2Zyy?kKF&X)oC#~$u!hU-W~wtAS~V4nw8CZq?2Fv=bc zb}d)|Sg?9^icQ2Zvj!NOGMqzY&eW!<*7vr7N1SH)oi^)I~VQ!GdjtRK~GzX!iq{4#XW8~#RRKP5&j?S=qYcy}#eL^GX%-h)?z z)uL5siGBgH+lCX;cUtn*Ki&hPNG1C(?ZCqgFdDGOazq1+7F4Yai1h6Z@*PnJvk9~} z+=0ya_J?+qOF0tX)u(3vjfcH9^+@ET#I<-5aTs<`T@Mi@yTYl(R|wBPd)&SEDe@3c z4Rg>6$>#S2+WpcD?)8YjsaGj;5O~Aq{PCT@>^DeJP$pq!yV=11U{9Cdf^0^5QGQli zE&k48_P?r23Hp!ybmDq2e1y_$LVgtMhIg5DC(hx))X6`_Anx~{NfUtF(qap9Z4k;X z&$A=H9fYWr@1nWMgbsjI62tsA8;Qj;L3e(XX^j1p7`}v$kAR}?#J~>h$|rTMfP=VW zB7VdFf0!fq1Ce_ou)0E>z00oGe;R>@6SSh%l`3l^Wba7^(;9f`e@(#|Q3o;CJvo5P z8T(pZAanbu0g|J4iBJ76JnXd*bAT~MQ@vsnPS)O|LO>P!?U(NQskDD}51IkVH~63L zGA7^C49X7B|ER(z9~|&Ft{Hp&?GB3NB2ty<+9PvzPnS1=h2<+;R--LKrOS7=Y5YY1 z$ZNp%fX*Y)p2Q$!JHFo|!*5qH0dW;6d(Qzym2qGS_fVDAdzyhAYLC*K4jkv+C$7$1ZxQ_W9B%zbp+8bZ0R?|u9~f9GBY7H+n|wRrh7RDZn8o@nIq;XHn4SDTRHnfKl3ouqcR`s> zXHU&euI1cC5Xm8IOe*4)&DuWxn~nCl`yo=LlJe+2EbjzM9A^O(u>(7#i9NZ`4JHCv zaos}?O4$**m{z!vibI^ku68B{ctR`#*d+gq)op^)d#>1@HetYRT&G4>^$}J6V&*yW z%j*b$k(;U|R1r9S*RcN?WD!vZc5tgQ64K%ddG9C}Js87zv_tc6JnRiJ3i>@Xnfk%g zr>F+C9r73gpa`WRN&it^ zO`x;*O16xSLy~D%m-8YSt-f9j)2|*_b~OdPe^nRauqs&`VwZ*KkzzyUzCElMO~vAO+$OG*q=6U zcXJ@32Z3+Sb;KZ^DIPUwMXsdbq8#AJUBkYo>h`&p1LSL0)80`L9ptGMFj#y-wb-|# zB9$+=Pg{E@MiylklTNzLW3~CByMktfhb|3XM?&e02jg7O`CrsWA~Z+}c^!a`*e#T4 zS#}6|3NRF!cTVTNLU1R3n9jfWjsoE@>&nP1qsDaR=Tz@Rv__B!3C(8jUy=*%j0rFM zw}A&VAg0c!)`13Z-aOiIcoGqr5m)^JVFm_D6v57ABw`S^1wFi&c3vr;^OMB>TkbBIy#2|mIx;K=-p0|v*wm^ z;BV5Avm%-Ez9mzwSv<62`kQ$~a^Ic<$$H;0+fsy&-n`pE{1351AkI}A9_D>*4q0gG z{$PYkH*WzZUbL=Ee*o2e&FpuA>zCH8|5fuC)pJ%{ooCXrV+W)Y0Meblbq95Eby2?j zfAblM2pi;Z22O{d(z6pU+(F>ol|g5bL{xf9eAK@R{a1nYGnN%#gRc|E1$VFnR+8`5 z{8pS&aHp#(*FQ!Q)*bNBr#NKamoV3w{lvfda|a}407T+8W2%#!y0}K{L3$!eA#@mmR(*QDGU8e z|I>ovF_nM890?n#jebG;OHTFH67{(sbU$k53@-96kT5pI-r1aSG3Y z9KWZXXZGfbJcP&qM?|T7mjz$!-m#s5-G8|pIvtUCXz4n$@IT0b2J(nw3=69#L3)c0 z?m!9)d*HU@o|(7;r5Kp}9h12?heX6MBvA@H1ub@i;Qylk|Dyl@az7F||9`7|{%Dx{ z5KK?_H8k%DEb^c%4N8Y9J*nl-TPWu)BL3416vb}b{%PNyelr7Ok!Gq-iWJEIX}JuZ z%CffouhJW&hj@8Vf&Zfu2ODj6o1eQ6O8uik{4b^b`>k>wD7aht(?|AnBrBrA0@Bs@ z;Mf^N3I;h$CApJ=|JC+BWK$<_8#4cZhD=ovrph;&)cxlz1R{UK55C*4R3N|D?^(G= zLGHjzOY{97U;%3PO&D^M8rkc&3v9|$fc1Zj3;$sAAb8+>i-*7egEt~dh|SowG?BII z-5&iwnNp3U?Jjcd4#N5b29c`zNc9^!99$jnJc{4uAoYcNZHca{0-AO!1$N(xhnfFI z>o1UZ9amChZ^%y5_#~K96m{3@Km7nOH!HxYuJA&RCfJ264KjfLW2y=D2MkFF>PgG+ z1b$=aS957#5kKlKWaax;kM0IwQmWpV{hPUxN79VfxbGti(Z4;4f2u*$zy?|&oY|My}_foW=N3`x0M{8u{t?LGYJ>guqP$*1dqmE|`5#wq51l&?-~U=B_=gqtK67UTtUtn=&HKaF|1s3xdF%iF z*}0R5!#)&)Eb{#KFT~>iN~Hd#@4}5}-+lXV`sAd0zh!KLG_Y@mJdEe}J6^6q>p0+|_@5ynm+o@vl6{|2C1|*!*4U z@sGm(jfh`u{tnE4H~VK8v753W`i$=c|BYt factories implemented in modules manage multiple resources which depend from one single main resource (or a small set of main resources) which are the main driver of the module. + +For example, the module managing a firewall policy exposes a factory for its rules, or the module managing a VPC exposes a factory for its subnets. But the project module would not expose a projects factory, as one project maps to a single module invocation. + +The proposal on factory modules then is to: + +- align all factory variables to the same standard, outlined below +- move the groups and bigquery factories from blueprints to the respective modules +- eventually add more factories when it makes sense to do so (e.g. for KMS keys, service accounts, etc.) + +The variable interface for module-level factories should use a single top-level `factory_configs` variable, whose type is an object with one or more attributes which are named according to the specific factory. This will allow composing multiple factory configurations into a single variable in FAST stages, by avoiding name overlaps. An example: + +```hcl +variable "factory_configs" { + description = "Path to folder containing budget alerts data files." + type = object({ + budgets_data_path = optional(string, "data/billing-budgets") + }) + nullable = false + default = {} +} +``` + +### Blueprint factories + +The `factories` folder in blueprints will be emptied, and a single README left in it pointing to all the module-level and FAST stage factories available. + +As outlined above, the existing factories will be moved to modules (bigquery and groups), FAST (project factory), or deleted (firewall rules). + +### FAST factories + +The only change for FAST factories will be moving the project factory from blueprints to the stage folder, and updating the path used for the environment-level wrapping stage. + +### File schema and filesystem organization + +Factory files schema must mimick and implement the variable interface for the module, including optionals and validation - which are implemented in code and checks. + +With notable exceptions (currently only the `cidrs.yaml` file consumed by firewall factories), the following convention for files/directory is proposed: + +- Factories should consume directories (vs single files) +- All files should contain a dictionary of resources or a single resource +- If the factory accepts one resource per file (e.g. VPC subnets), the file name should be used for the resource name and the YAML should allow defining a `name:` override +- Files in a directory should be parsed together and flattened into a single dictionary + +This allows developers to implement multiple resources in a single file or to use one file per resource, as they see fit. + diff --git a/modules/__experimental/alloydb-instance/README.md b/modules/__experimental_deprecated/alloydb-instance/README.md similarity index 100% rename from modules/__experimental/alloydb-instance/README.md rename to modules/__experimental_deprecated/alloydb-instance/README.md diff --git a/modules/__experimental/alloydb-instance/main.tf b/modules/__experimental_deprecated/alloydb-instance/main.tf similarity index 100% rename from modules/__experimental/alloydb-instance/main.tf rename to modules/__experimental_deprecated/alloydb-instance/main.tf diff --git a/modules/__experimental/alloydb-instance/outputs.tf b/modules/__experimental_deprecated/alloydb-instance/outputs.tf similarity index 100% rename from modules/__experimental/alloydb-instance/outputs.tf rename to modules/__experimental_deprecated/alloydb-instance/outputs.tf diff --git a/modules/__experimental/alloydb-instance/variables.tf b/modules/__experimental_deprecated/alloydb-instance/variables.tf similarity index 100% rename from modules/__experimental/alloydb-instance/variables.tf rename to modules/__experimental_deprecated/alloydb-instance/variables.tf diff --git a/modules/__experimental/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf similarity index 85% rename from modules/__experimental/alloydb-instance/versions.tf rename to modules/__experimental_deprecated/alloydb-instance/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/__experimental/alloydb-instance/versions.tf +++ b/modules/__experimental_deprecated/alloydb-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/factories/bigquery-factory/README.md b/modules/__experimental_deprecated/bigquery-factory/README.md similarity index 94% rename from blueprints/factories/bigquery-factory/README.md rename to modules/__experimental_deprecated/bigquery-factory/README.md index baf2f6d2..78362c5e 100644 --- a/blueprints/factories/bigquery-factory/README.md +++ b/modules/__experimental_deprecated/bigquery-factory/README.md @@ -11,6 +11,7 @@ You can create as many files as you like, the code will loop through it and crea ### Terraform code In this section we show how to create tables and views from a file structure similar to the one shown below. + ```bash bigquery │ @@ -53,12 +54,12 @@ With this file structure, we can use the factory as follows: ```hcl module "bq" { - source = "./fabric/blueprints/factories/bigquery-factory" + source = "./fabric/modules/__experimental_deprecated/bigquery-factory" project_id = var.project_id tables_path = "bigquery/tables" views_path = "bigquery/views" } -# tftest modules=2 resources=3 files=table,view inventory=simple.yaml +# tftest modules=2 resources=3 files=table,view ``` @@ -76,4 +77,3 @@ module "bq" { - [ ] add external table support - [ ] add materialized view support - diff --git a/blueprints/factories/bigquery-factory/main.tf b/modules/__experimental_deprecated/bigquery-factory/main.tf similarity index 100% rename from blueprints/factories/bigquery-factory/main.tf rename to modules/__experimental_deprecated/bigquery-factory/main.tf diff --git a/blueprints/factories/bigquery-factory/variables.tf b/modules/__experimental_deprecated/bigquery-factory/variables.tf similarity index 100% rename from blueprints/factories/bigquery-factory/variables.tf rename to modules/__experimental_deprecated/bigquery-factory/variables.tf diff --git a/blueprints/factories/cloud-identity-group-factory/README.md b/modules/__experimental_deprecated/cloud-identity-group-factory/README.md similarity index 92% rename from blueprints/factories/cloud-identity-group-factory/README.md rename to modules/__experimental_deprecated/cloud-identity-group-factory/README.md index 318eea25..51e611a8 100644 --- a/blueprints/factories/cloud-identity-group-factory/README.md +++ b/modules/__experimental_deprecated/cloud-identity-group-factory/README.md @@ -10,11 +10,11 @@ Yaml abstraction for Groups can simplify groups creation and members management. ```hcl module "groups" { - source = "./fabric/blueprints/factories/cloud-identity-group-factory" + source = "./fabric/modules/__experimental_deprecated/cloud-identity-group-factory" customer_id = "customers/C0xxxxxxx" data_dir = "data" } -# tftest modules=2 resources=3 files=group1 inventory=example.yaml +# tftest modules=2 resources=3 files=group1 ``` ```yaml diff --git a/blueprints/factories/cloud-identity-group-factory/main.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/main.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/main.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/main.tf diff --git a/blueprints/factories/cloud-identity-group-factory/outputs.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/outputs.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/outputs.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/outputs.tf diff --git a/blueprints/factories/cloud-identity-group-factory/variables.tf b/modules/__experimental_deprecated/cloud-identity-group-factory/variables.tf similarity index 100% rename from blueprints/factories/cloud-identity-group-factory/variables.tf rename to modules/__experimental_deprecated/cloud-identity-group-factory/variables.tf diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental_deprecated/net-dns-policy-address/README.md similarity index 100% rename from modules/__experimental/net-dns-policy-address/README.md rename to modules/__experimental_deprecated/net-dns-policy-address/README.md diff --git a/modules/__experimental/net-dns-policy-address/main.tf b/modules/__experimental_deprecated/net-dns-policy-address/main.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/main.tf rename to modules/__experimental_deprecated/net-dns-policy-address/main.tf diff --git a/modules/__experimental/net-dns-policy-address/outputs.tf b/modules/__experimental_deprecated/net-dns-policy-address/outputs.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/outputs.tf rename to modules/__experimental_deprecated/net-dns-policy-address/outputs.tf diff --git a/modules/__experimental/net-dns-policy-address/variables.tf b/modules/__experimental_deprecated/net-dns-policy-address/variables.tf similarity index 100% rename from modules/__experimental/net-dns-policy-address/variables.tf rename to modules/__experimental_deprecated/net-dns-policy-address/variables.tf diff --git a/modules/__experimental/net-neg/README.md b/modules/__experimental_deprecated/net-neg/README.md similarity index 100% rename from modules/__experimental/net-neg/README.md rename to modules/__experimental_deprecated/net-neg/README.md diff --git a/modules/__experimental/net-neg/main.tf b/modules/__experimental_deprecated/net-neg/main.tf similarity index 100% rename from modules/__experimental/net-neg/main.tf rename to modules/__experimental_deprecated/net-neg/main.tf diff --git a/modules/__experimental/net-neg/outputs.tf b/modules/__experimental_deprecated/net-neg/outputs.tf similarity index 100% rename from modules/__experimental/net-neg/outputs.tf rename to modules/__experimental_deprecated/net-neg/outputs.tf diff --git a/modules/__experimental/net-neg/variables.tf b/modules/__experimental_deprecated/net-neg/variables.tf similarity index 100% rename from modules/__experimental/net-neg/variables.tf rename to modules/__experimental_deprecated/net-neg/variables.tf diff --git a/modules/__experimental/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf similarity index 85% rename from modules/__experimental/net-neg/versions.tf rename to modules/__experimental_deprecated/net-neg/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/__experimental/net-neg/versions.tf +++ b/modules/__experimental_deprecated/net-neg/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/__experimental/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf similarity index 85% rename from modules/__experimental/project-iam-magic/versions.tf rename to modules/__experimental_deprecated/project-iam-magic/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/__experimental/project-iam-magic/versions.tf +++ b/modules/__experimental_deprecated/project-iam-magic/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/analytics-hub/main.tf b/modules/analytics-hub/main.tf index e82798c1..0480dea6 100644 --- a/modules/analytics-hub/main.tf +++ b/modules/analytics-hub/main.tf @@ -18,9 +18,10 @@ locals { prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}_" _factory_listings = { for f in try(fileset(var.factories_config.listings, "*.yaml"), []) : - trimsuffix(f, ".yaml") => yamldecode(file("${var.factories_config.listings}/${f}")) + trimsuffix(f, ".yaml") => yamldecode( + file("${var.factories_config.listings}/${f}") + ) } - factory_listings = merge(local._factory_listings, var.listings) } diff --git a/modules/analytics-hub/versions.tf b/modules/analytics-hub/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/analytics-hub/versions.tf +++ b/modules/analytics-hub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/api-gateway/versions.tf +++ b/modules/api-gateway/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/apigee/versions.tf +++ b/modules/apigee/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/artifact-registry/versions.tf +++ b/modules/artifact-registry/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/bigquery-dataset/versions.tf +++ b/modules/bigquery-dataset/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/bigtable-instance/versions.tf +++ b/modules/bigtable-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/billing-account/README.md b/modules/billing-account/README.md index 23a73a13..427fa2b9 100644 --- a/modules/billing-account/README.md +++ b/modules/billing-account/README.md @@ -260,16 +260,16 @@ update_rules: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [id](variables.tf#L131) | Billing account id. | string | ✓ | | +| [id](variables.tf#L130) | Billing account id. | string | ✓ | | | [budget_notification_channels](variables.tf#L17) | Notification channels used by budget alerts. | map(object({…})) | | {} | | [budgets](variables.tf#L47) | Billing budgets. Notification channels are either keys in corresponding variable, or external ids. | map(object({…})) | | {} | -| [factory_config](variables.tf#L121) | Path to folder containing budget alerts data files. | object({…}) | | {} | +| [factories_config](variables.tf#L121) | Path to folder containing budget alerts data files. | object({…}) | | {} | | [iam](variables-iam.tf#L17) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [iam_bindings](variables-iam.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | | [iam_bindings_additive](variables-iam.tf#L39) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | | [iam_by_principals](variables-iam.tf#L54) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | -| [logging_sinks](variables.tf#L136) | Logging sinks to create for the organization. | map(object({…})) | | {} | -| [projects](variables.tf#L169) | Projects associated with this billing account. | list(string) | | [] | +| [logging_sinks](variables.tf#L135) | Logging sinks to create for the organization. | map(object({…})) | | {} | +| [projects](variables.tf#L168) | Projects associated with this billing account. | list(string) | | [] | ## Outputs diff --git a/modules/billing-account/factory.tf b/modules/billing-account/factory.tf index f32c7c35..ccca9322 100644 --- a/modules/billing-account/factory.tf +++ b/modules/billing-account/factory.tf @@ -19,7 +19,7 @@ locals { for f in fileset("${local._factory_path}", "**/*.yaml") : trimsuffix(f, ".yaml") => yamldecode(file("${local._factory_path}/${f}")) } - _factory_path = var.factory_config.budgets_data_path + _factory_path = try(pathexpand(var.factories_config.budgets_data_path), "") factory_budgets = { for k, v in local._factory_data : k => merge(v, { amount = merge( diff --git a/modules/billing-account/variables.tf b/modules/billing-account/variables.tf index 3927b05b..e69e6963 100644 --- a/modules/billing-account/variables.tf +++ b/modules/billing-account/variables.tf @@ -118,8 +118,7 @@ variable "budgets" { } } -variable "factory_config" { - # TODO: align all other factory variable names +variable "factories_config" { description = "Path to folder containing budget alerts data files." type = object({ budgets_data_path = optional(string, "data/billing-budgets") diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/billing-account/versions.tf +++ b/modules/billing-account/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/binauthz/versions.tf +++ b/modules/binauthz/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf +++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/__need_fixing/squid/versions.tf +++ b/modules/cloud-config-container/__need_fixing/squid/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/coredns/versions.tf +++ b/modules/cloud-config-container/coredns/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/cos-generic-metadata/versions.tf +++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf +++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/envoy-traffic-director/versions.tf +++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/mysql/versions.tf +++ b/modules/cloud-config-container/mysql/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/nginx-tls/versions.tf +++ b/modules/cloud-config-container/nginx-tls/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/nginx/versions.tf +++ b/modules/cloud-config-container/nginx/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-config-container/simple-nva/versions.tf +++ b/modules/cloud-config-container/simple-nva/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-function-v1/versions.tf +++ b/modules/cloud-function-v1/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-function-v2/versions.tf +++ b/modules/cloud-function-v2/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-identity-group/versions.tf +++ b/modules/cloud-identity-group/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run-v2/versions.tf b/modules/cloud-run-v2/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-run-v2/versions.tf +++ b/modules/cloud-run-v2/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloud-run/versions.tf +++ b/modules/cloud-run/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/cloudsql-instance/versions.tf +++ b/modules/cloudsql-instance/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/compute-mig/versions.tf +++ b/modules/compute-mig/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/compute-vm/versions.tf +++ b/modules/compute-vm/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/container-registry/versions.tf +++ b/modules/container-registry/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/data-catalog-policy-tag/versions.tf +++ b/modules/data-catalog-policy-tag/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag-template/versions.tf b/modules/data-catalog-tag-template/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/data-catalog-tag-template/versions.tf +++ b/modules/data-catalog-tag-template/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/data-catalog-tag/versions.tf b/modules/data-catalog-tag/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/data-catalog-tag/versions.tf +++ b/modules/data-catalog-tag/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataform-repository/versions.tf b/modules/dataform-repository/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dataform-repository/versions.tf +++ b/modules/dataform-repository/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/datafusion/versions.tf +++ b/modules/datafusion/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex-datascan/README.md b/modules/dataplex-datascan/README.md index 4053b606..4b9ecbcc 100644 --- a/modules/dataplex-datascan/README.md +++ b/modules/dataplex-datascan/README.md @@ -161,8 +161,8 @@ module "dataplex-datascan" { resource = "//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations" } incremental_field = "modified_date" - data_quality_spec_file = { - path = "config/data_quality_spec.yaml" + factories_config = { + data_quality_spec = "config/data_quality_spec.yaml" } } # tftest modules=1 resources=1 files=data_quality_spec inventory=datascan_dq.yaml @@ -244,8 +244,8 @@ module "dataplex-datascan" { resource = "//bigquery.googleapis.com/projects/bigquery-public-data/datasets/austin_bikeshare/tables/bikeshare_stations" } incremental_field = "modified_date" - data_quality_spec_file = { - path = "config/data_quality_spec_camel_case.yaml" + factories_config = { + data_quality_spec = "config/data_quality_spec_camel_case.yaml" } } # tftest modules=1 resources=1 files=data_quality_spec_camel_case inventory=datascan_dq.yaml @@ -431,21 +431,21 @@ module "dataplex-datascan" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [data](variables.tf#L17) | The data source for DataScan. The source can be either a Dataplex `entity` or a BigQuery `resource`. | object({…}) | ✓ | | -| [name](variables.tf#L118) | Name of Dataplex Scan. | string | ✓ | | -| [project_id](variables.tf#L129) | The ID of the project where the Dataplex DataScan will be created. | string | ✓ | | -| [region](variables.tf#L134) | Region for the Dataplex DataScan. | string | ✓ | | +| [name](variables.tf#L119) | Name of Dataplex Scan. | string | ✓ | | +| [project_id](variables.tf#L130) | The ID of the project where the Dataplex DataScan will be created. | string | ✓ | | +| [region](variables.tf#L135) | Region for the Dataplex DataScan. | string | ✓ | | | [data_profile_spec](variables.tf#L29) | DataProfileScan related setting. Variable descriptions are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataProfileSpec. | object({…}) | | null | | [data_quality_spec](variables.tf#L38) | DataQualityScan related setting. Variable descriptions are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec. | object({…}) | | null | -| [data_quality_spec_file](variables.tf#L85) | Path to a YAML file containing DataQualityScan related setting. Input content can use either camelCase or snake_case. Variables description are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec. | object({…}) | | null | -| [description](variables.tf#L93) | Custom description for DataScan. | string | | null | -| [execution_schedule](variables.tf#L99) | Schedule DataScan to run periodically based on a cron schedule expression. If not specified, the DataScan is created with `on_demand` schedule, which means it will not run until the user calls `dataScans.run` API. | string | | null | +| [description](variables.tf#L85) | Custom description for DataScan. | string | | null | +| [execution_schedule](variables.tf#L91) | Schedule DataScan to run periodically based on a cron schedule expression. If not specified, the DataScan is created with `on_demand` schedule, which means it will not run until the user calls `dataScans.run` API. | string | | null | +| [factories_config](variables.tf#L97) | Paths to data files and folders that enable factory functionality. | object({…}) | | {} | | [iam](variables-iam.tf#L24) | Dataplex DataScan IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [iam_bindings](variables-iam.tf#L31) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} | | [iam_bindings_additive](variables-iam.tf#L46) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} | | [iam_by_principals](variables-iam.tf#L17) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | -| [incremental_field](variables.tf#L105) | The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table. | string | | null | -| [labels](variables.tf#L111) | Resource labels. | map(string) | | {} | -| [prefix](variables.tf#L123) | Optional prefix used to generate Dataplex DataScan ID. | string | | null | +| [incremental_field](variables.tf#L106) | The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table. | string | | null | +| [labels](variables.tf#L112) | Resource labels. | map(string) | | {} | +| [prefix](variables.tf#L124) | Optional prefix used to generate Dataplex DataScan ID. | string | | null | ## Outputs diff --git a/modules/dataplex-datascan/factory.tf b/modules/dataplex-datascan/factory.tf new file mode 100644 index 00000000..964e232f --- /dev/null +++ b/modules/dataplex-datascan/factory.tf @@ -0,0 +1,150 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + _factory_data = ( + var.factories_config.data_quality_spec == null + ? null + : yamldecode(file(pathexpand(var.factories_config.data_quality_spec))) + ) + factory_data = { + post_scan_actions = try( + local._factory_data.postScanActions, + local._factory_data.post_scan_actions, + null + ) + row_filter = try( + local._factory_data.rowFilter, + local._factory_data.row_filter, + null + ) + rules = [ + for rule in try(local._factory_data.rules, []) : { + column = try(rule.column, null) + ignore_null = try(rule.ignoreNull, rule.ignore_null, null) + dimension = rule.dimension + threshold = try(rule.threshold, null) + non_null_expectation = try( + rule.nonNullExpectation, rule.non_null_expectation, null + ) + range_expectation = ( + can(rule.rangeExpectation) || can(rule.range_expectation) + ? { + min_value = try( + rule.rangeExpectation.minValue, + rule.range_expectation.min_value, + null + ) + max_value = try( + rule.rangeExpectation.maxValue, + rule.range_expectation.max_value, + null + ) + strict_min_enabled = try( + rule.rangeExpectation.strictMinEnabled, + rule.range_expectation.strict_min_enabled, + null + ) + strict_max_enabled = try( + rule.rangeExpectation.strictMaxEnabled, + rule.range_expectation.strict_max_enabled, + null + ) + } + : null + ) + regex_expectation = ( + can(rule.regexExpectation) || can(rule.regex_expectation) + ? { + regex = try( + rule.regexExpectation.regex, rule.regex_expectation.regex, null + ) + } + : null + ) + set_expectation = ( + can(rule.setExpectation) || can(rule.set_expectation) + ? { + values = try( + rule.setExpectation.values, rule.set_expectation.values, null + ) + } + : null + ) + uniqueness_expectation = try( + rule.uniquenessExpectation, rule.uniqueness_expectation, null + ) + statistic_range_expectation = ( + can(rule.statisticRangeExpectation) || can(rule.statistic_range_expectation) + ? { + statistic = try( + rule.statisticRangeExpectation.statistic, + rule.statistic_range_expectation.statistic + ) + min_value = try( + rule.statisticRangeExpectation.minValue, + rule.statistic_range_expectation.min_value, + null + ) + max_value = try( + rule.statisticRangeExpectation.maxValue, + rule.statistic_range_expectation.max_value, + null + ) + strict_min_enabled = try( + rule.statisticRangeExpectation.strictMinEnabled, + rule.statistic_range_expectation.strict_min_enabled, + null + ) + strict_max_enabled = try( + rule.statisticRangeExpectation.strictMaxEnabled, + rule.statistic_range_expectation.strict_max_enabled, + null + ) + } + : null + ) + row_condition_expectation = ( + can(rule.rowConditionExpectation) || can(rule.row_condition_expectation) + ? { + sql_expression = try( + rule.rowConditionExpectation.sqlExpression, + rule.row_condition_expectation.sql_expression, + null + ) + } + : null + ) + table_condition_expectation = ( + can(rule.tableConditionExpectation) || can(rule.table_condition_expectation) + ? { + sql_expression = try( + rule.tableConditionExpectation.sqlExpression, + rule.table_condition_expectation.sql_expression, + null + ) + } + : null + ) + } + ] + sampling_percent = try( + local._factory_data.samplingPercent, + local._factory_data.sampling_percent, + null + ) + } +} diff --git a/modules/dataplex-datascan/main.tf b/modules/dataplex-datascan/main.tf index e1b6634d..0d9ad82e 100644 --- a/modules/dataplex-datascan/main.tf +++ b/modules/dataplex-datascan/main.tf @@ -15,17 +15,31 @@ */ locals { - prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" - _file_data_quality_spec = var.data_quality_spec_file == null ? null : { - sampling_percent = try(local._file_data_quality_spec_raw.samplingPercent, local._file_data_quality_spec_raw.sampling_percent, null) - row_filter = try(local._file_data_quality_spec_raw.rowFilter, local._file_data_quality_spec_raw.row_filter, null) - rules = local._parsed_rules - post_scan_actions = try(local._file_data_quality_spec_raw.postScanActions, local._file_data_quality_spec_raw.post_scan_actions, null) + data_quality_spec = { + post_scan_actions = try( + var.data_quality_spec.post_scan_actions, + local.factory_data.post_scan_actions, + null + ) + row_filter = try( + var.data_quality_spec.row_filter, + local.factory_data.row_filter, + null + ) + rules = concat( + try(var.data_quality_spec.rules, []), + try(local.factory_data.rules, []) + ) + sampling_percent = try( + var.data_quality_spec.sampling_percent, + local.factory_data.sampling_percent, + null + ) } - data_quality_spec = ( - var.data_quality_spec != null || var.data_quality_spec_file != null ? - merge(var.data_quality_spec, local._file_data_quality_spec) : - null + prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" + use_data_quality = ( + var.data_quality_spec != null || + var.factories_config.data_quality_spec != null ) } @@ -68,7 +82,7 @@ resource "google_dataplex_datascan" "datascan" { } dynamic "data_quality_spec" { - for_each = local.data_quality_spec != null ? [""] : [] + for_each = local.use_data_quality ? [""] : [] content { sampling_percent = try(local.data_quality_spec.sampling_percent, null) row_filter = try(local.data_quality_spec.row_filter, null) @@ -76,9 +90,16 @@ resource "google_dataplex_datascan" "datascan" { for_each = local.data_quality_spec.post_scan_actions != null ? [""] : [] content { dynamic "bigquery_export" { - for_each = local.data_quality_spec.post_scan_actions.bigquery_export != null ? [""] : [] + for_each = ( + local.data_quality_spec.post_scan_actions.bigquery_export != null + ? [""] + : [] + ) content { - results_table = try(local.data_quality_spec.post_scan_actions.bigquery_export.results_table, null) + results_table = try( + local.data_quality_spec.post_scan_actions.bigquery_export.results_table, + null + ) } } } @@ -98,55 +119,85 @@ resource "google_dataplex_datascan" "datascan" { } dynamic "range_expectation" { - for_each = try(rules.value.range_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.range_expectation, null) != null ? [""] : [] + ) content { - min_value = try(rules.value.range_expectation.min_value, null) - max_value = try(rules.value.range_expectation.max_value, null) - strict_min_enabled = try(rules.value.range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rules.value.range_expectation.strict_max_enabled, null) + min_value = try( + rules.value.range_expectation.min_value, null + ) + max_value = try( + rules.value.range_expectation.max_value, null + ) + strict_min_enabled = try( + rules.value.range_expectation.strict_min_enabled, null + ) + strict_max_enabled = try( + rules.value.range_expectation.strict_max_enabled, null + ) } } dynamic "set_expectation" { - for_each = try(rules.value.set_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.set_expectation, null) != null ? [""] : [] + ) content { values = rules.value.set_expectation.values } } dynamic "uniqueness_expectation" { - for_each = try(rules.value.uniqueness_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.uniqueness_expectation, null) != null ? [""] : [] + ) content { } } dynamic "regex_expectation" { - for_each = try(rules.value.regex_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.regex_expectation, null) != null ? [""] : [] + ) content { regex = rules.value.regex_expectation.regex } } dynamic "statistic_range_expectation" { - for_each = try(rules.value.statistic_range_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.statistic_range_expectation, null) != null ? [""] : [] + ) content { - min_value = try(rules.value.statistic_range_expectation.min_value, null) - max_value = try(rules.value.statistic_range_expectation.max_value, null) - strict_min_enabled = try(rules.value.statistic_range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rules.value.statistic_range_expectation.strict_max_enabled, null) - statistic = rules.value.statistic_range_expectation.statistic + min_value = try( + rules.value.statistic_range_expectation.min_value, null + ) + max_value = try( + rules.value.statistic_range_expectation.max_value, null + ) + strict_min_enabled = try( + rules.value.statistic_range_expectation.strict_min_enabled, null + ) + strict_max_enabled = try( + rules.value.statistic_range_expectation.strict_max_enabled, null + ) + statistic = rules.value.statistic_range_expectation.statistic } } dynamic "row_condition_expectation" { - for_each = try(rules.value.row_condition_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.row_condition_expectation, null) != null ? [""] : [] + ) content { sql_expression = rules.value.row_condition_expectation.sql_expression } } dynamic "table_condition_expectation" { - for_each = try(rules.value.table_condition_expectation, null) != null ? [""] : [] + for_each = ( + try(rules.value.table_condition_expectation, null) != null ? [""] : [] + ) content { sql_expression = rules.value.table_condition_expectation.sql_expression } @@ -159,8 +210,16 @@ resource "google_dataplex_datascan" "datascan" { lifecycle { precondition { - condition = length([for spec in [var.data_profile_spec, var.data_quality_spec, var.data_quality_spec_file] : spec if spec != null]) == 1 - error_message = "DataScan can only contain one of 'data_profile_spec', 'data_quality_spec', 'data_quality_spec_file'." + condition = ( + length([ + for spec in [ + var.data_profile_spec, + var.data_quality_spec, + var.factories_config.data_quality_spec + ] : spec if spec != null + ]) == 1 + ) + error_message = "DataScan can only contain one of 'data_profile_spec', 'data_quality_spec', 'factories_config.data_quality_spec'." } precondition { condition = alltrue([ diff --git a/modules/dataplex-datascan/rules_parsing.tf b/modules/dataplex-datascan/rules_parsing.tf deleted file mode 100644 index bbdc8220..00000000 --- a/modules/dataplex-datascan/rules_parsing.tf +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - _file_data_quality_spec_raw = var.data_quality_spec_file != null ? yamldecode(file(var.data_quality_spec_file.path)) : tomap({}) - _parsed_rules = [ - for rule in try(local._file_data_quality_spec_raw.rules, []) : { - column = try(rule.column, null) - ignore_null = try(rule.ignoreNull, rule.ignore_null, null) - dimension = rule.dimension - threshold = try(rule.threshold, null) - non_null_expectation = try(rule.nonNullExpectation, rule.non_null_expectation, null) - range_expectation = can(rule.rangeExpectation) || can(rule.range_expectation) ? { - min_value = try(rule.rangeExpectation.minValue, rule.range_expectation.min_value, null) - max_value = try(rule.rangeExpectation.maxValue, rule.range_expectation.max_value, null) - strict_min_enabled = try(rule.rangeExpectation.strictMinEnabled, rule.range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rule.rangeExpectation.strictMaxEnabled, rule.range_expectation.strict_max_enabled, null) - } : null - regex_expectation = can(rule.regexExpectation) || can(rule.regex_expectation) ? { - regex = try(rule.regexExpectation.regex, rule.regex_expectation.regex, null) - } : null - set_expectation = can(rule.setExpectation) || can(rule.set_expectation) ? { - values = try(rule.setExpectation.values, rule.set_expectation.values, null) - } : null - uniqueness_expectation = try(rule.uniquenessExpectation, rule.uniqueness_expectation, null) - statistic_range_expectation = can(rule.statisticRangeExpectation) || can(rule.statistic_range_expectation) ? { - statistic = try(rule.statisticRangeExpectation.statistic, rule.statistic_range_expectation.statistic) - min_value = try(rule.statisticRangeExpectation.minValue, rule.statistic_range_expectation.min_value, null) - max_value = try(rule.statisticRangeExpectation.maxValue, rule.statistic_range_expectation.max_value, null) - strict_min_enabled = try(rule.statisticRangeExpectation.strictMinEnabled, rule.statistic_range_expectation.strict_min_enabled, null) - strict_max_enabled = try(rule.statisticRangeExpectation.strictMaxEnabled, rule.statistic_range_expectation.strict_max_enabled, null) - } : null - row_condition_expectation = can(rule.rowConditionExpectation) || can(rule.row_condition_expectation) ? { - sql_expression = try(rule.rowConditionExpectation.sqlExpression, rule.row_condition_expectation.sql_expression, null) - } : null - table_condition_expectation = can(rule.tableConditionExpectation) || can(rule.table_condition_expectation) ? { - sql_expression = try(rule.tableConditionExpectation.sqlExpression, rule.table_condition_expectation.sql_expression, null) - } : null - } - ] -} \ No newline at end of file diff --git a/modules/dataplex-datascan/variables.tf b/modules/dataplex-datascan/variables.tf index cab105bf..c01774f7 100644 --- a/modules/dataplex-datascan/variables.tf +++ b/modules/dataplex-datascan/variables.tf @@ -82,14 +82,6 @@ variable "data_quality_spec" { }) } -variable "data_quality_spec_file" { - description = "Path to a YAML file containing DataQualityScan related setting. Input content can use either camelCase or snake_case. Variables description are provided in https://cloud.google.com/dataplex/docs/reference/rest/v1/DataQualitySpec." - default = null - type = object({ - path = string - }) -} - variable "description" { description = "Custom description for DataScan." default = null @@ -102,6 +94,15 @@ variable "execution_schedule" { default = null } +variable "factories_config" { + description = "Paths to data files and folders that enable factory functionality." + type = object({ + data_quality_spec = optional(string) + }) + nullable = false + default = {} +} + variable "incremental_field" { description = "The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table." type = string diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dataplex-datascan/versions.tf +++ b/modules/dataplex-datascan/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dataplex/versions.tf +++ b/modules/dataplex/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dataproc/versions.tf +++ b/modules/dataproc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dns-response-policy/README.md b/modules/dns-response-policy/README.md index 9f90e8d7..010c09c5 100644 --- a/modules/dns-response-policy/README.md +++ b/modules/dns-response-policy/README.md @@ -4,6 +4,16 @@ This module allows management of a [Google Cloud DNS policy and its rules](https The module also allows setting rules via a factory. An example is given below. + +- [Examples](#examples) + - [Manage policy and override resolution for specific names](#manage-policy-and-override-resolution-for-specific-names) + - [Use existing policy and override resolution via wildcard with exceptions](#use-existing-policy-and-override-resolution-via-wildcard-with-exceptions) + - [Define policy rules via a factory file](#define-policy-rules-via-a-factory-file) +- [Variables](#variables) +- [Outputs](#outputs) +- [Fixtures](#fixtures) + + ## Examples ### Manage policy and override resolution for specific names @@ -96,7 +106,9 @@ module "dns-policy" { networks = { landing = var.vpc.self_link } - rules_file = "config/rules.yaml" + factories_config = { + rules = "config/rules.yaml" + } } # tftest modules=2 resources=5 files=rules-file fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e ``` @@ -133,14 +145,14 @@ restricted: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L30) | Policy name. | string | ✓ | | -| [project_id](variables.tf#L49) | Project id for the zone. | string | ✓ | | +| [name](variables.tf#L39) | Policy name. | string | ✓ | | +| [project_id](variables.tf#L58) | Project id for the zone. | string | ✓ | | | [clusters](variables.tf#L17) | Map of GKE clusters to which this policy is applied in name => id format. | map(string) | | {} | | [description](variables.tf#L24) | Policy description. | string | | "Terraform managed." | -| [networks](variables.tf#L35) | Map of VPC self links to which this policy is applied in name => self link format. | map(string) | | {} | -| [policy_create](variables.tf#L42) | Set to false to use the existing policy matching name and only manage rules. | bool | | true | -| [rules](variables.tf#L54) | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…})) | | {} | -| [rules_file](variables.tf#L68) | Optional data file in YAML format listing rules that will be combined with those passed in via the `rules` variable. | string | | null | +| [factories_config](variables.tf#L30) | Path to folder containing rules data files for the optional factory. | object({…}) | | {} | +| [networks](variables.tf#L44) | Map of VPC self links to which this policy is applied in name => self link format. | map(string) | | {} | +| [policy_create](variables.tf#L51) | Set to false to use the existing policy matching name and only manage rules. | bool | | true | +| [rules](variables.tf#L63) | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…})) | | {} | ## Outputs diff --git a/modules/dns-response-policy/main.tf b/modules/dns-response-policy/main.tf index 5d168497..66ca9cdf 100644 --- a/modules/dns-response-policy/main.tf +++ b/modules/dns-response-policy/main.tf @@ -15,9 +15,12 @@ */ locals { - _factory_data = var.rules_file != null ? file(var.rules_file) : "{}" + _factory_data = ( + var.factories_config.rules != null + ? file(pathexpand(var.factories_config.rules)) + : "{}" + ) _factory_rules = yamldecode(local._factory_data) - factory_rules = { for k, v in local._factory_rules : k => { dns_name = v.dns_name diff --git a/modules/dns-response-policy/variables.tf b/modules/dns-response-policy/variables.tf index fa26c3bb..35a113c5 100644 --- a/modules/dns-response-policy/variables.tf +++ b/modules/dns-response-policy/variables.tf @@ -27,6 +27,15 @@ variable "description" { default = "Terraform managed." } +variable "factories_config" { + description = "Path to folder containing rules data files for the optional factory." + type = object({ + rules = optional(string) + }) + nullable = false + default = {} +} + variable "name" { description = "Policy name." type = string @@ -64,9 +73,3 @@ variable "rules" { default = {} nullable = false } - -variable "rules_file" { - description = "Optional data file in YAML format listing rules that will be combined with those passed in via the `rules` variable." - type = string - default = null -} diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dns-response-policy/versions.tf +++ b/modules/dns-response-policy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/dns/versions.tf +++ b/modules/dns/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/endpoints/versions.tf +++ b/modules/endpoints/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/folder/versions.tf +++ b/modules/folder/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gcs/versions.tf +++ b/modules/gcs/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gcve-private-cloud/versions.tf +++ b/modules/gcve-private-cloud/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gke-cluster-autopilot/versions.tf +++ b/modules/gke-cluster-autopilot/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gke-cluster-standard/versions.tf +++ b/modules/gke-cluster-standard/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gke-hub/versions.tf +++ b/modules/gke-hub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/gke-nodepool/versions.tf +++ b/modules/gke-nodepool/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/iam-service-account/versions.tf +++ b/modules/iam-service-account/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/kms/versions.tf +++ b/modules/kms/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/logging-bucket/versions.tf +++ b/modules/logging-bucket/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/ncc-spoke-ra/versions.tf +++ b/modules/ncc-spoke-ra/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-address/versions.tf +++ b/modules/net-address/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-cloudnat/versions.tf +++ b/modules/net-cloudnat/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-firewall-policy/README.md b/modules/net-firewall-policy/README.md index e4f7cfb7..17381abe 100644 --- a/modules/net-firewall-policy/README.md +++ b/modules/net-firewall-policy/README.md @@ -194,7 +194,7 @@ module "firewall-policy" { } } } - rules_factory_config = { + factories_config = { cidr_file_path = "configs/cidrs.yaml" egress_rules_file_path = "configs/egress.yaml" ingress_rules_file_path = "configs/ingress.yaml" @@ -258,14 +258,14 @@ issue-1995: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [name](variables.tf#L102) | Policy name. | string | ✓ | | -| [parent_id](variables.tf#L108) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string | ✓ | | +| [name](variables.tf#L113) | Policy name. | string | ✓ | | +| [parent_id](variables.tf#L119) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string | ✓ | | | [attachments](variables.tf#L17) | Ids of the resources to which this policy will be attached, in descriptive name => self link format. Specify folders or organization for hierarchical policy, VPCs for network policy. | map(string) | | {} | | [description](variables.tf#L24) | Policy description. | string | | null | | [egress_rules](variables.tf#L30) | List of egress rule definitions, action can be 'allow', 'deny', 'goto_next'. The match.layer4configs map is in protocol => optional [ports] format. | map(object({…})) | | {} | -| [ingress_rules](variables.tf#L66) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…})) | | {} | -| [region](variables.tf#L114) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string | | null | -| [rules_factory_config](variables.tf#L120) | Configuration for the optional rules factory. | object({…}) | | {} | +| [factories_config](variables.tf#L66) | Paths to folders for the optional factories. | object({…}) | | {} | +| [ingress_rules](variables.tf#L77) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…})) | | {} | +| [region](variables.tf#L125) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string | | null | ## Outputs diff --git a/modules/net-firewall-policy/factory.tf b/modules/net-firewall-policy/factory.tf index be065b9b..1b678d05 100644 --- a/modules/net-firewall-policy/factory.tf +++ b/modules/net-firewall-policy/factory.tf @@ -16,13 +16,15 @@ locals { _factory_egress_rules = try( - yamldecode(file(var.rules_factory_config.egress_rules_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.egress_rules_file_path))), + {} ) _factory_ingress_rules = try( - yamldecode(file(var.rules_factory_config.ingress_rules_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.ingress_rules_file_path))), + {} ) factory_cidrs = try( - yamldecode(file(var.rules_factory_config.cidr_file_path)), {} + yamldecode(pathexpand(file(var.factories_config.cidr_file_path))), {} ) factory_egress_rules = { for k, v in local._factory_egress_rules : "egress/${k}" => { diff --git a/modules/net-firewall-policy/variables.tf b/modules/net-firewall-policy/variables.tf index c419d7c0..3a8d16b7 100644 --- a/modules/net-firewall-policy/variables.tf +++ b/modules/net-firewall-policy/variables.tf @@ -63,6 +63,17 @@ variable "egress_rules" { } } +variable "factories_config" { + description = "Paths to folders for the optional factories." + type = object({ + cidr_file_path = optional(string) + egress_rules_file_path = optional(string) + ingress_rules_file_path = optional(string) + }) + nullable = false + default = {} +} + variable "ingress_rules" { description = "List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'." type = map(object({ @@ -116,14 +127,3 @@ variable "region" { type = string default = null } - -variable "rules_factory_config" { - description = "Configuration for the optional rules factory." - type = object({ - cidr_file_path = optional(string) - egress_rules_file_path = optional(string) - ingress_rules_file_path = optional(string) - }) - nullable = false - default = {} -} diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-firewall-policy/versions.tf +++ b/modules/net-firewall-policy/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-ipsec-over-interconnect/versions.tf +++ b/modules/net-ipsec-over-interconnect/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext-regional/versions.tf b/modules/net-lb-app-ext-regional/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-app-ext-regional/versions.tf +++ b/modules/net-lb-app-ext-regional/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-app-ext/versions.tf +++ b/modules/net-lb-app-ext/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int-cross-region/versions.tf b/modules/net-lb-app-int-cross-region/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-app-int-cross-region/versions.tf +++ b/modules/net-lb-app-int-cross-region/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-app-int/versions.tf +++ b/modules/net-lb-app-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-ext/versions.tf +++ b/modules/net-lb-ext/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-int/versions.tf +++ b/modules/net-lb-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-lb-proxy-int/versions.tf +++ b/modules/net-lb-proxy-int/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-swp/versions.tf +++ b/modules/net-swp/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vlan-attachment/versions.tf +++ b/modules/net-vlan-attachment/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index a50570da..0ba7e1d3 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -272,20 +272,18 @@ module "firewall" { } # tftest modules=1 resources=3 files=lbs inventory=factory.yaml ``` - - ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [network](variables.tf#L110) | Name of the network this set of firewall rules applies to. | string | ✓ | | -| [project_id](variables.tf#L115) | Project id of the project that holds the network. | string | ✓ | | +| [network](variables.tf#L111) | Name of the network this set of firewall rules applies to. | string | ✓ | | +| [project_id](variables.tf#L116) | Project id of the project that holds the network. | string | ✓ | | | [default_rules_config](variables.tf#L17) | Optionally created convenience rules. Set the 'disabled' attribute to true, or individual rule attributes to empty lists to disable. | object({…}) | | {} | | [egress_rules](variables.tf#L37) | List of egress rule definitions, default to deny action. Null destination ranges will be replaced with 0/0. | map(object({…})) | | {} | -| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | null | -| [ingress_rules](variables.tf#L69) | List of ingress rule definitions, default to allow action. Null source ranges will be replaced with 0/0. | map(object({…})) | | {} | -| [named_ranges](variables.tf#L93) | Define mapping of names to ranges that can be used in custom rules. | map(list(string)) | | {…} | +| [factories_config](variables.tf#L60) | Paths to data files and folders that enable factory functionality. | object({…}) | | {} | +| [ingress_rules](variables.tf#L70) | List of ingress rule definitions, default to allow action. Null source ranges will be replaced with 0/0. | map(object({…})) | | {} | +| [named_ranges](variables.tf#L94) | Define mapping of names to ranges that can be used in custom rules. | map(list(string)) | | {…} | ## Outputs @@ -293,5 +291,4 @@ module "firewall" { |---|---|:---:| | [default_rules](outputs.tf#L17) | Default rule resources. | | | [rules](outputs.tf#L27) | Custom rule resources. | | - diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf index f2b9f0b7..57e7607b 100644 --- a/modules/net-vpc-firewall/main.tf +++ b/modules/net-vpc-firewall/main.tf @@ -15,10 +15,11 @@ */ locals { + _factory_rules_folder = try(pathexpand(var.factories_config.rules_folder), null) # define list of rule files - _factory_rule_files = [ - for f in try(fileset(var.factories_config.rules_folder, "**/*.yaml"), []) : - "${var.factories_config.rules_folder}/${f}" + _factory_rule_files = local._factory_rules_folder == null ? [] : [ + for f in try(fileset(local._factory_rules_folder, "**/*.yaml"), []) : + "${local._factory_rules_folder}/${f}" ] # decode rule files and account for optional attributes _factory_rule_list = flatten([ @@ -47,7 +48,11 @@ locals { if contains(["EGRESS", "INGRESS"], r.direction) } _named_ranges = merge( - can(var.factories_config.cidr_tpl_file) ? var.factories_config.cidr_tpl_file != null ? yamldecode(file(var.factories_config.cidr_tpl_file)) : {} : {}, + ( + var.factories_config.cidr_tpl_file != null + ? yamldecode(pathexpand(file(var.factories_config.cidr_tpl_file))) + : {} + ), var.named_ranges ) _rules = merge( diff --git a/modules/net-vpc-firewall/variables.tf b/modules/net-vpc-firewall/variables.tf index 132f00ed..104f87d5 100644 --- a/modules/net-vpc-firewall/variables.tf +++ b/modules/net-vpc-firewall/variables.tf @@ -61,9 +61,10 @@ variable "factories_config" { description = "Paths to data files and folders that enable factory functionality." type = object({ cidr_tpl_file = optional(string) - rules_folder = string + rules_folder = optional(string) }) - default = null + nullable = false + default = {} } variable "ingress_rules" { diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpc-firewall/versions.tf +++ b/modules/net-vpc-firewall/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpc-peering/versions.tf +++ b/modules/net-vpc-peering/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf index 1604df9b..93581123 100644 --- a/modules/net-vpc/subnets.tf +++ b/modules/net-vpc/subnets.tf @@ -18,9 +18,10 @@ locals { _factory_data = { - for f in try(fileset(var.factories_config.subnets_folder, "**/*.yaml"), []) : - trimsuffix(basename(f), ".yaml") => yamldecode(file("${var.factories_config.subnets_folder}/${f}")) + for f in try(fileset(local._factory_path, "**/*.yaml"), []) : + trimsuffix(basename(f), ".yaml") => yamldecode(file("${local._factory_path}/${f}")) } + _factory_path = try(pathexpand(var.factories_config.subnets_folder), null) _factory_subnets = { for k, v in local._factory_data : "${v.region}/${try(v.name, k)}" => { diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpc/versions.tf +++ b/modules/net-vpc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpn-dynamic/versions.tf +++ b/modules/net-vpn-dynamic/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpn-ha/versions.tf +++ b/modules/net-vpn-ha/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/net-vpn-static/versions.tf +++ b/modules/net-vpn-static/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/organization/versions.tf +++ b/modules/organization/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/blueprints/factories/project-factory/README.md b/modules/project-factory/README.md similarity index 88% rename from blueprints/factories/project-factory/README.md rename to modules/project-factory/README.md index 67081df2..37c62446 100644 --- a/blueprints/factories/project-factory/README.md +++ b/modules/project-factory/README.md @@ -1,31 +1,30 @@ # Project Factory -This is a working example of how to manage project creation at scale, by wrapping the [project module](../../../modules/project/) and driving it via external data, either directly provided or parsed via YAML files. +This module implements in code the end-to-end project creation process for multiple projects via YAML data configurations. -The wrapping layer around the project module is intentionally thin, so that +It supports -- all the features of the project module are available -- no "magic" or hidden side effects are implemented in code -- debugging and integration of new features is simple +- all project-level attributes exposed by the [project module](../project/), including Shared VPC host/service configuration +- optional service account creation in the project, including basic IAM grants +- KMS key encrypt/decrypt permissions for service identities in the project +- membership in VPC SC standard or bridge perimeters +- billing budgets (TODO) +- per-project IaC configuration (TODO) + +The factory is implemented as a thin wrapping layer, so that no "magic" or hidden side effects are implemented in code, and debugging or integration of new features are simple. The code is meant to be executed by a high level service accounts with powerful permissions: - Shared VPC connection if service project attachment is desired - project creation on the nodes (folder or org) where projects will be defined -The module also supports optional creation of specific resources that are usually part of the project creation flow: - -- service accounts used for VM instances, and associated basic roles -- KMS key encrypt/decrypt permissions for service identities in the project -- membership in VPC SC standard or bridge perimeters - ## Leveraging data defaults, merges, optionals -In addition to the yaml files describing projects, the project factory accepts three additional sets of inputs: +In addition to the YAML-based project configurations, the factory accepts three additional sets of inputs via Terraform variables: -- the `data_defaults` variable allows specifying defaults for specific project attributes, which are only used if the attributes are not present in a project yaml -- the `data_overrides` variable works similarly to defaults, but the values specified here take precedence over those in yaml files -- the `data_merges` variable allows specifying additional values that are merged to sets of maps present in the yaml file, which are preserved +- the `data_defaults` variable allows defining defaults for specific project attributes, which are only used if the attributes are not passed in via YAML +- the `data_overrides` variable works similarly to defaults, but the values specified here take precedence over those in YAML files +- the `data_merges` variable allows specifying additional values for map or set based variables, which are merged with the data coming from YAML Some examples on where to use each of the three sets are provided below. @@ -33,7 +32,7 @@ Some examples on where to use each of the three sets are provided below. ```hcl module "project-factory" { - source = "./fabric/blueprints/factories/project-factory" + source = "./fabric/modules/project-factory" # use a default billing account if none is specified via yaml data_defaults = { billing_account = "012345-67890A-ABCDEF" @@ -152,7 +151,7 @@ These tests validate fixes to the project factory. ```hcl module "project-factory" { - source = "./fabric/blueprints/factories/project-factory" + source = "./fabric/modules/project-factory" data_defaults = { billing_account = "012345-67890A-ABCDEF" } diff --git a/blueprints/factories/project-factory/factory.tf b/modules/project-factory/factory.tf similarity index 100% rename from blueprints/factories/project-factory/factory.tf rename to modules/project-factory/factory.tf diff --git a/blueprints/factories/project-factory/main.tf b/modules/project-factory/main.tf similarity index 96% rename from blueprints/factories/project-factory/main.tf rename to modules/project-factory/main.tf index 1cb17be8..80cc80df 100644 --- a/blueprints/factories/project-factory/main.tf +++ b/modules/project-factory/main.tf @@ -15,7 +15,7 @@ */ module "projects" { - source = "../../../modules/project" + source = "../project" for_each = local.projects billing_account = each.value.billing_account name = each.key @@ -65,7 +65,7 @@ module "projects" { } module "service-accounts" { - source = "../../../modules/iam-service-account" + source = "../iam-service-account" for_each = { for k in local.service_accounts : "${k.project}-${k.name}" => k } diff --git a/blueprints/factories/project-factory/outputs.tf b/modules/project-factory/outputs.tf similarity index 100% rename from blueprints/factories/project-factory/outputs.tf rename to modules/project-factory/outputs.tf diff --git a/blueprints/factories/project-factory/variables.tf b/modules/project-factory/variables.tf similarity index 100% rename from blueprints/factories/project-factory/variables.tf rename to modules/project-factory/variables.tf diff --git a/modules/project/versions.tf b/modules/project/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/project/versions.tf +++ b/modules/project/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/projects-data-source/versions.tf +++ b/modules/projects-data-source/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/pubsub/versions.tf +++ b/modules/pubsub/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/secret-manager/versions.tf +++ b/modules/secret-manager/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/service-directory/versions.tf +++ b/modules/service-directory/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/source-repository/versions.tf +++ b/modules/source-repository/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/vpc-sc/versions.tf +++ b/modules/vpc-sc/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf index 3db0e207..f43fef27 100644 --- a/modules/workstation-cluster/versions.tf +++ b/modules/workstation-cluster/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/tests/blueprints/factories/bigquery_factory/examples/simple.yaml b/tests/blueprints/factories/bigquery_factory/examples/simple.yaml deleted file mode 100644 index d32492d6..00000000 --- a/tests/blueprints/factories/bigquery_factory/examples/simple.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.bq.module.bq["my_dataset"].google_bigquery_dataset.default: - dataset_id: my_dataset - project: project-id - module.bq.module.bq["my_dataset"].google_bigquery_table.default["countries"]: - dataset_id: my_dataset - friendly_name: countries - labels: - env: prod - project: project-id - schema: '[{"name":"country","type":"STRING"},{"name":"population","type":"INT64"}]' - table_id: countries - module.bq.module.bq["my_dataset"].google_bigquery_table.views["department"]: - dataset_id: my_dataset - friendly_name: department - labels: - env: prod - project: project-id - table_id: department - view: - - query: SELECT SUM(population) from my_dataset.countries - use_legacy_sql: false - -counts: - google_bigquery_dataset: 1 - google_bigquery_table: 2 diff --git a/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml b/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml deleted file mode 100644 index 1a8db1b5..00000000 --- a/tests/blueprints/factories/cloud_identity_group_factory/examples/example.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.groups.module.group["group1@example.com"].google_cloud_identity_group.group: - description: Group 1 - display_name: Group 1 - group_key: - - id: group1@example.com - namespace: null - initial_group_config: EMPTY - labels: - cloudidentity.googleapis.com/groups.discussion_forum: '' - parent: customers/C0xxxxxxx - module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.managers["user2@example.com"]: - preferred_member_key: - - id: user2@example.com - namespace: null - roles: - - name: MANAGER - - name: MEMBER - module.groups.module.group["group1@example.com"].google_cloud_identity_group_membership.members["user1@example.com"]: - preferred_member_key: - - id: user1@example.com - namespace: null - roles: - - name: MEMBER - -counts: - google_cloud_identity_group: 1 - google_cloud_identity_group_membership: 2 diff --git a/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml b/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml deleted file mode 100644 index c2375ae5..00000000 --- a/tests/blueprints/factories/net_vpc_firewall_yaml/examples/example.yaml +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -values: - module.dev-firewall.google_compute_firewall.rules["deny-all"]: - allow: [] - deny: - - ports: [] - protocol: all - destination_ranges: - - 0.0.0.0/0 - direction: EGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-all-e-deny-all - network: my-dev-network - priority: 65535 - project: my-dev-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["lb-health-checks"]: - allow: - - ports: [] - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-all-i-lb-health-checks - network: my-dev-network - priority: 1001 - project: my-dev-project - source_ranges: - - 130.211.0.0/22 - - 35.191.0.0/16 - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["web-app-dev-egress"]: - allow: - - ports: - - '443' - protocol: tcp - deny: [] - destination_ranges: - - 192.168.0.0/24 - direction: EGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-sac-e-web-app-dev-egress - network: my-dev-network - priority: 1000 - project: my-dev-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: - - myapp@myproject-dev.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.dev-firewall.google_compute_firewall.rules["web-app-dev-ingress"]: - allow: - - ports: - - '1234' - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: [] - name: fwr-my-dev-network-sac-i-web-app-dev-ingress - network: my-dev-network - priority: 1000 - project: my-dev-project - source_ranges: null - source_service_accounts: - - frontend-sa@myproject-dev.iam.gserviceaccount.com - source_tags: null - target_service_accounts: - - web-app-a@myproject-dev.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["deny-all"]: - allow: [] - deny: - - ports: [] - protocol: all - destination_ranges: - - 0.0.0.0/0 - direction: EGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-all-e-deny-all - network: my-prod-network - priority: 65535 - project: my-prod-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["lb-health-checks"]: - allow: - - ports: [] - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-all-i-lb-health-checks - network: my-prod-network - priority: 1001 - project: my-prod-project - source_ranges: - - 130.211.0.0/22 - - 35.191.0.0/16 - source_service_accounts: null - source_tags: null - target_service_accounts: null - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["web-app-prod-egress"]: - allow: - - ports: - - '443' - protocol: tcp - deny: [] - destination_ranges: - - 192.168.10.0/24 - direction: EGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-sac-e-web-app-prod-egress - network: my-prod-network - priority: 1000 - project: my-prod-project - source_ranges: null - source_service_accounts: null - source_tags: null - target_service_accounts: - - myapp@myproject-prod.iam.gserviceaccount.com - target_tags: null - timeouts: null - module.prod-firewall.google_compute_firewall.rules["web-app-prod-ingress"]: - allow: - - ports: - - '1234' - protocol: tcp - deny: [] - direction: INGRESS - disabled: null - log_config: - - metadata: INCLUDE_ALL_METADATA - name: fwr-my-prod-network-sac-i-web-app-prod-ingress - network: my-prod-network - priority: 1000 - project: my-prod-project - source_ranges: null - source_service_accounts: - - frontend-sa@myproject-prod.iam.gserviceaccount.com - source_tags: null - target_service_accounts: - - web-app-a@myproject-prod.iam.gserviceaccount.com - target_tags: null - timeouts: null - -counts: - google_compute_firewall: 8 diff --git a/tests/examples_e2e/setup_module/versions.tf b/tests/examples_e2e/setup_module/versions.tf index 3db0e207..f43fef27 100644 --- a/tests/examples_e2e/setup_module/versions.tf +++ b/tests/examples_e2e/setup_module/versions.tf @@ -13,15 +13,15 @@ # limitations under the License. terraform { - required_version = ">= 1.7.0" + required_version = ">= 1.7.4" required_providers { google = { source = "hashicorp/google" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.11.0, < 6.0.0" # tftest + version = ">= 5.12.0, < 6.0.0" # tftest } } } diff --git a/tests/modules/cloud_run/examples/audit-logs.yaml b/tests/modules/cloud_run/examples/audit-logs.yaml index 3b1d964d..3f8635cf 100644 --- a/tests/modules/cloud_run/examples/audit-logs.yaml +++ b/tests/modules/cloud_run/examples/audit-logs.yaml @@ -14,31 +14,45 @@ values: module.cloud_run.google_cloud_run_service.service: + autogenerate_revision_name: false + location: europe-west8 + metadata: + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: - - spec: - - containers: - - image: us-docker.pkg.dev/cloudrun/container/hello - + - metadata: + - {} + spec: + - containers: + - args: null + command: null + env: [] + env_from: [] + image: us-docker.pkg.dev/cloudrun/container/hello + liveness_probe: [] + volume_mounts: [] + working_dir: null + volumes: [] + timeouts: null module.cloud_run.google_cloud_run_service_iam_binding.binding["roles/run.invoker"]: condition: [] location: europe-west8 members: - - serviceAccount:eventarc-trigger@project-id.iam.gserviceaccount.com + - serviceAccount:eventarc-trigger@project-id.iam.gserviceaccount.com project: project-id role: roles/run.invoker service: hello - module.cloud_run.google_eventarc_trigger.audit_log_triggers["setiampolicy"]: + channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello - gke: [] - workflow: null + labels: null location: europe-west8 matching_criteria: - attribute: methodName @@ -52,15 +66,20 @@ values: value: google.cloud.audit.log.v1.written name: audit-log-setiampolicy project: project-id - + service_account: eventarc-trigger@project-id.iam.gserviceaccount.com + timeouts: null module.sa.google_project_iam_member.project-roles["project-id-roles/eventarc.eventReceiver"]: condition: [] project: project-id role: roles/eventarc.eventReceiver - module.sa.google_service_account.service_account[0]: account_id: eventarc-trigger + create_ignore_already_exists: null + description: null + disabled: false + display_name: Terraform-managed. project: project-id + timeouts: null counts: google_cloud_run_service: 1 @@ -68,3 +87,7 @@ counts: google_eventarc_trigger: 1 google_project_iam_member: 1 google_service_account: 1 + modules: 2 + resources: 5 + +outputs: {} diff --git a/tests/modules/cloud_run/examples/eventarc.yaml b/tests/modules/cloud_run/examples/eventarc.yaml index 961add60..d7c8ef9e 100644 --- a/tests/modules/cloud_run/examples/eventarc.yaml +++ b/tests/modules/cloud_run/examples/eventarc.yaml @@ -14,21 +14,37 @@ values: module.cloud_run.google_cloud_run_service.service: + autogenerate_revision_name: false + location: europe-west8 + metadata: + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: - - spec: - - containers: - - image: us-docker.pkg.dev/cloudrun/container/hello + - metadata: + - {} + spec: + - containers: + - args: null + command: null + env: [] + env_from: [] + image: us-docker.pkg.dev/cloudrun/container/hello + liveness_probe: [] + volume_mounts: [] + working_dir: null + volumes: [] + timeouts: null module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-1"]: + channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello - gke: [] - workflow: null + labels: null location: europe-west8 matching_criteria: - attribute: type @@ -36,16 +52,24 @@ values: value: google.cloud.pubsub.topic.v1.messagePublished name: pubsub-topic-1 project: project-id + service_account: null + timeouts: null transport: - pubsub: - topic: projects/project-id/topics/pubsub_sink - module.pubsub.google_pubsub_topic.default: + kms_key_name: null + labels: null + message_retention_duration: null name: pubsub_sink project: project-id - + timeouts: null counts: google_cloud_run_service: 1 google_eventarc_trigger: 1 google_pubsub_topic: 1 + modules: 2 + resources: 3 + +outputs: {} diff --git a/tests/modules/cloud_run/examples/trigger-service-account.yaml b/tests/modules/cloud_run/examples/trigger-service-account.yaml index 3877a71e..ca15d9fb 100644 --- a/tests/modules/cloud_run/examples/trigger-service-account.yaml +++ b/tests/modules/cloud_run/examples/trigger-service-account.yaml @@ -17,7 +17,9 @@ values: autogenerate_revision_name: false location: europe-west8 metadata: - - {} + - annotations: null + generation: 0 + labels: null name: hello project: project-id template: @@ -35,24 +37,19 @@ values: working_dir: null volumes: [] timeouts: null - module.cloud_run.google_cloud_run_service_iam_member.default[0]: condition: [] location: europe-west8 project: project-id role: roles/run.invoker service: hello - module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-1"]: channel: null destination: - - cloud_function: null - cloud_run_service: + - cloud_run_service: - path: null region: europe-west8 service: hello - gke: [] - workflow: null labels: null location: europe-west8 matching_criteria: @@ -65,17 +62,21 @@ values: transport: - pubsub: - topic: projects/project-id/topics/pubsub_sink - module.cloud_run.google_service_account.trigger_service_account[0]: account_id: tf-cr-trigger-hello + create_ignore_already_exists: null + description: null + disabled: false + display_name: Terraform trigger for Cloud Run hello. project: project-id - + timeouts: null module.pubsub.google_pubsub_topic.default: kms_key_name: null labels: null message_retention_duration: null name: pubsub_sink project: project-id + timeouts: null counts: google_cloud_run_service: 1 @@ -83,6 +84,7 @@ counts: google_eventarc_trigger: 1 google_pubsub_topic: 1 google_service_account: 1 + modules: 2 + resources: 5 outputs: {} - diff --git a/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml b/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml index 1df21f49..841b4095 100644 --- a/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml +++ b/tests/modules/gcve_private_cloud/examples/additional-clusters.yaml @@ -54,7 +54,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_cluster: 2 diff --git a/tests/modules/gcve_private_cloud/examples/basic.yaml b/tests/modules/gcve_private_cloud/examples/basic.yaml index 08d7d7d3..40803f02 100644 --- a/tests/modules/gcve_private_cloud/examples/basic.yaml +++ b/tests/modules/gcve_private_cloud/examples/basic.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 diff --git a/tests/modules/gcve_private_cloud/examples/custom-management.yaml b/tests/modules/gcve_private_cloud/examples/custom-management.yaml index 444474ce..6c7d7268 100644 --- a/tests/modules/gcve_private_cloud/examples/custom-management.yaml +++ b/tests/modules/gcve_private_cloud/examples/custom-management.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 diff --git a/tests/modules/gcve_private_cloud/examples/network-policy.yaml b/tests/modules/gcve_private_cloud/examples/network-policy.yaml index a35a753a..bfd3133d 100644 --- a/tests/modules/gcve_private_cloud/examples/network-policy.yaml +++ b/tests/modules/gcve_private_cloud/examples/network-policy.yaml @@ -42,7 +42,6 @@ values: network_config: - management_cidr: 192.168.0.0/24 project: gcve-test-project - type: STANDARD counts: google_vmwareengine_network: 1 diff --git a/tests/blueprints/factories/project_factory/examples/example.yaml b/tests/modules/project_factory/examples/example.yaml similarity index 100% rename from tests/blueprints/factories/project_factory/examples/example.yaml rename to tests/modules/project_factory/examples/example.yaml