From 5ae489f50d29126772ad056727763717f299fb24 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Sat, 29 Aug 2020 10:12:30 +0200
Subject: [PATCH 01/25] Add alias IP support in `compute-vm` (#127)

* Add alias IP support in `compute-vm`

* Fix tests

* add end to end tests for data solutions examples and fix example errors

* update changelog

* add missing boilerplate

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 CHANGELOG.md                                  |  5 ++
 .../asset-inventory-feed-remediation/main.tf  |  7 +--
 cloud-operations/dns-fine-grained-iam/main.tf | 14 +++---
 .../cmek-via-centralized-kms/main.tf          |  2 +-
 .../cmek-via-centralized-kms/variables.tf     |  6 ---
 .../gcs-to-bq-with-dataflow/main.tf           | 50 +++++++++----------
 .../gcs-to-bq-with-dataflow/variables.tf      |  6 ---
 modules/compute-vm/README.md                  | 30 ++++++-----
 modules/compute-vm/main.tf                    |  8 +++
 modules/compute-vm/variables.tf               |  6 ++-
 networking/hub-and-spoke-peering/main.tf      | 10 ++--
 networking/hub-and-spoke-vpn/main.tf          | 12 +++--
 networking/ilb-next-hop/gateways.tf           |  6 ++-
 networking/ilb-next-hop/vms.tf                | 10 ++--
 networking/onprem-google-access-dns/main.tf   |  8 +--
 networking/shared-vpc-gke/main.tf             |  7 +--
 .../cmek_via_centralized_kms/__init__.py      | 13 +++++
 .../cmek_via_centralized_kms/fixture/main.tf  | 21 ++++++++
 .../fixture/variables.tf                      | 26 ++++++++++
 .../cmek_via_centralized_kms/test_plan.py     | 27 ++++++++++
 .../gc_to_bq_with_dataflow/__init__.py        | 13 +++++
 .../gc_to_bq_with_dataflow/fixture/main.tf    | 23 +++++++++
 .../fixture/variables.tf                      | 36 +++++++++++++
 .../gc_to_bq_with_dataflow/test_plan.py       | 27 ++++++++++
 tests/modules/compute_vm/fixture/variables.tf |  5 ++
 .../compute_vm/test_plan_interfaces.py        |  4 ++
 26 files changed, 300 insertions(+), 82 deletions(-)
 create mode 100644 tests/data_solutions/cmek_via_centralized_kms/__init__.py
 create mode 100644 tests/data_solutions/cmek_via_centralized_kms/fixture/main.tf
 create mode 100644 tests/data_solutions/cmek_via_centralized_kms/fixture/variables.tf
 create mode 100644 tests/data_solutions/cmek_via_centralized_kms/test_plan.py
 create mode 100644 tests/data_solutions/gc_to_bq_with_dataflow/__init__.py
 create mode 100644 tests/data_solutions/gc_to_bq_with_dataflow/fixture/main.tf
 create mode 100644 tests/data_solutions/gc_to_bq_with_dataflow/fixture/variables.tf
 create mode 100644 tests/data_solutions/gc_to_bq_with_dataflow/test_plan.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfc68935..10798c4a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- add alias IP support in `cloud-vm` module
+- add tests for `data-solutions` examples
+- fix apply errors on dynamic resources in dataflow example
+
 ## [3.1.1] - 2020-08-26
+
 - fix error in `project` module
 
 ## [3.1.0] - 2020-08-16
diff --git a/cloud-operations/asset-inventory-feed-remediation/main.tf b/cloud-operations/asset-inventory-feed-remediation/main.tf
index 5c845086..0d6b29ef 100644
--- a/cloud-operations/asset-inventory-feed-remediation/main.tf
+++ b/cloud-operations/asset-inventory-feed-remediation/main.tf
@@ -108,10 +108,11 @@ module "simple-vm-example" {
   region     = var.region
   name       = var.name
   network_interfaces = [{
-    network    = module.vpc.self_link,
-    subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], ""),
-    nat        = false,
+    network    = module.vpc.self_link
+    subnetwork = try(module.vpc.subnet_self_links["${var.region}/${var.name}-default"], "")
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   tags           = ["${var.project_id}-test-feed", "shared-test-feed"]
   instance_count = 1
diff --git a/cloud-operations/dns-fine-grained-iam/main.tf b/cloud-operations/dns-fine-grained-iam/main.tf
index 2bc0bbdf..35e59dc0 100644
--- a/cloud-operations/dns-fine-grained-iam/main.tf
+++ b/cloud-operations/dns-fine-grained-iam/main.tf
@@ -111,10 +111,11 @@ module "vm-ns-editor" {
   region     = var.region
   name       = "${var.name}-ns"
   network_interfaces = [{
-    network    = module.vpc.self_link,
-    subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"],
-    nat        = false,
+    network    = module.vpc.self_link
+    subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"]
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   metadata               = { startup-script = local.startup-script }
   service_account_create = true
@@ -128,10 +129,11 @@ module "vm-svc-editor" {
   region     = var.region
   name       = "${var.name}-svc"
   network_interfaces = [{
-    network    = module.vpc.self_link,
-    subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"],
-    nat        = false,
+    network    = module.vpc.self_link
+    subnetwork = module.vpc.subnet_self_links["${var.region}/${var.name}-default"]
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   metadata               = { startup-script = local.startup-script }
   service_account_create = true
diff --git a/data-solutions/cmek-via-centralized-kms/main.tf b/data-solutions/cmek-via-centralized-kms/main.tf
index 464f208f..08b7b7de 100644
--- a/data-solutions/cmek-via-centralized-kms/main.tf
+++ b/data-solutions/cmek-via-centralized-kms/main.tf
@@ -104,13 +104,13 @@ module "kms_vm_example" {
   source     = "../../modules/compute-vm"
   project_id = module.project-service.project_id
   region     = var.region
-  zone       = var.zone
   name       = "kms-vm"
   network_interfaces = [{
     network    = module.vpc.self_link,
     subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"],
     nat        = false,
     addresses  = null
+    alias_ips  = null
   }]
   attached_disks = [
     {
diff --git a/data-solutions/cmek-via-centralized-kms/variables.tf b/data-solutions/cmek-via-centralized-kms/variables.tf
index fdc0ac94..04b70784 100644
--- a/data-solutions/cmek-via-centralized-kms/variables.tf
+++ b/data-solutions/cmek-via-centralized-kms/variables.tf
@@ -64,9 +64,3 @@ variable "vpc_ip_cidr_range" {
   type        = string
   default     = "10.0.0.0/20"
 }
-
-variable "zone" {
-  description = "The zone where resources will be deployed."
-  type        = string
-  default     = "europe-west1-b"
-}
diff --git a/data-solutions/gcs-to-bq-with-dataflow/main.tf b/data-solutions/gcs-to-bq-with-dataflow/main.tf
index 84521c03..c573c7e7 100644
--- a/data-solutions/gcs-to-bq-with-dataflow/main.tf
+++ b/data-solutions/gcs-to-bq-with-dataflow/main.tf
@@ -61,9 +61,9 @@ module "service-account-bq" {
   project_id = module.project-service.project_id
   names      = ["bq-test"]
   iam_project_roles = {
-    (module.project-service.project_id) = [
+    (var.project_service_name) = [
       "roles/logging.logWriter",
-      "roles/monitoring.metricWriter",      
+      "roles/monitoring.metricWriter",
       "roles/bigquery.admin"
     ]
   }
@@ -74,12 +74,12 @@ module "service-account-gce" {
   project_id = module.project-service.project_id
   names      = ["gce-test"]
   iam_project_roles = {
-    (module.project-service.project_id) = [
+    (var.project_service_name) = [
       "roles/logging.logWriter",
       "roles/monitoring.metricWriter",
       "roles/dataflow.admin",
       "roles/iam.serviceAccountUser",
-      "roles/bigquery.dataOwner", 
+      "roles/bigquery.dataOwner",
       "roles/bigquery.jobUser" # Needed to import data using 'bq' command
     ]
   }
@@ -90,7 +90,7 @@ module "service-account-df" {
   project_id = module.project-service.project_id
   names      = ["df-test"]
   iam_project_roles = {
-    (module.project-service.project_id) = [
+    (var.project_service_name) = [
       "roles/dataflow.worker",
       "roles/bigquery.dataOwner",
       "roles/bigquery.metadataViewer",
@@ -143,7 +143,7 @@ module "kms" {
         #"serviceAccount:${module.project-service.service_accounts.default.bq}",
         "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}",
       ]
-    },     
+    },
   }
 }
 
@@ -156,7 +156,7 @@ module "kms-regional" {
   }
   keys = { key-df = null }
   key_iam_roles = {
-    key-df  = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
+    key-df = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
   }
   key_iam_members = {
     key-df = {
@@ -164,7 +164,7 @@ module "kms-regional" {
         "serviceAccount:${module.project-service.service_accounts.robots.dataflow}",
         "serviceAccount:${module.project-service.service_accounts.robots.compute}",
       ]
-    }      
+    }
   }
 }
 
@@ -210,13 +210,13 @@ module "vm_example" {
   source     = "../../modules/compute-vm"
   project_id = module.project-service.project_id
   region     = var.region
-  zone       = var.zone
   name       = "vm-example"
   network_interfaces = [{
     network    = module.vpc.self_link,
     subnetwork = module.vpc.subnet_self_links["${var.region}/${var.vpc_subnet_name}"],
     nat        = false,
     addresses  = null
+    alias_ips  = null
   }]
   attached_disks = [
     {
@@ -259,9 +259,9 @@ module "kms-gcs" {
   prefix     = module.project-service.project_id
   names      = ["data", "df-tmplocation"]
   iam_roles = {
-    data           = ["roles/storage.admin","roles/storage.objectViewer"],
+    data           = ["roles/storage.admin", "roles/storage.objectViewer"],
     df-tmplocation = ["roles/storage.admin"]
-  }   
+  }
   iam_members = {
     data = {
       "roles/storage.admin" = [
@@ -269,22 +269,22 @@ module "kms-gcs" {
       ],
       "roles/storage.viewer" = [
         "serviceAccount:${module.service-account-df.email}",
-      ],      
+      ],
     },
     df-tmplocation = {
       "roles/storage.admin" = [
         "serviceAccount:${module.service-account-gce.email}",
         "serviceAccount:${module.service-account-df.email}",
       ]
-    }    
-  } 
+    }
+  }
   encryption_keys = {
     data           = module.kms.keys.key-gcs.self_link,
     df-tmplocation = module.kms.keys.key-gcs.self_link,
   }
   force_destroy = {
     data           = true,
-    df-tmplocation = true,    
+    df-tmplocation = true,
   }
 }
 
@@ -293,9 +293,9 @@ module "kms-gcs" {
 ###############################################################################
 
 module "bigquery-dataset" {
-  source         = "../../modules/bigquery-dataset"
-  project_id     = module.project-service.project_id
-  id             = "bq_dataset"
+  source     = "../../modules/bigquery-dataset"
+  project_id = module.project-service.project_id
+  id         = "bq_dataset"
   access_roles = {
     reader-group = { role = "READER", type = "domain" }
     owner        = { role = "OWNER", type = "user_by_email" }
@@ -315,11 +315,11 @@ module "bigquery-dataset" {
         range = null # use start/end/interval for range
         time  = null
       }
-      schema = file("schema_bq_import.json")
+      schema = file("${path.module}/schema_bq_import.json")
       options = {
-        clustering = null
-        expiration_time = null        
-        encryption_key = module.kms.keys.key-bq.self_link
+        clustering      = null
+        expiration_time = null
+        encryption_key  = module.kms.keys.key-bq.self_link
       }
     },
     df_import = {
@@ -331,11 +331,11 @@ module "bigquery-dataset" {
         range = null # use start/end/interval for range
         time  = null
       }
-      schema = file("schema_df_import.json")
+      schema = file("${path.module}/schema_df_import.json")
       options = {
-        clustering = null
+        clustering      = null
         expiration_time = null
-        encryption_key = module.kms.keys.key-bq.self_link
+        encryption_key  = module.kms.keys.key-bq.self_link
       }
     }
   }
diff --git a/data-solutions/gcs-to-bq-with-dataflow/variables.tf b/data-solutions/gcs-to-bq-with-dataflow/variables.tf
index a44f874a..be76a0e5 100644
--- a/data-solutions/gcs-to-bq-with-dataflow/variables.tf
+++ b/data-solutions/gcs-to-bq-with-dataflow/variables.tf
@@ -63,12 +63,6 @@ variable "vpc_ip_cidr_range" {
   default     = "10.0.0.0/20"
 }
 
-variable "zone" {
-  description = "The zone where resources will be deployed."
-  type        = string
-  default     = "europe-west1-b"
-}
-
 variable "ssh_source_ranges" {
   description = "IP CIDR ranges that will be allowed to connect via SSH to the onprem instance."
   type        = list(string)
diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md
index 128087c0..ed6513d9 100644
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -20,10 +20,11 @@ module "simple-vm-example" {
   region     = "europe-west1"
   name       = "test"
   network_interfaces = [{
-    network    = local.network_self_link,
-    subnetwork = local.subnet_self_link,
-    nat        = false,
+    network    = local.network_self_link
+    subnetwork = local.subnet_self_link
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   service_account_create = true
   instance_count = 1
@@ -41,10 +42,11 @@ module "kms-vm-example" {
   region     = local.region
   name       = "kms-test"
   network_interfaces = [{
-    network    = local.network_self_link,
-    subnetwork = local.subnet_self_link,
-    nat        = false,
+    network    = local.network_self_link
+    subnetwork = local.subnet_self_link
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   attached_disks = [
     {
@@ -85,10 +87,11 @@ module "cos-test" {
   region     = "europe-west1"
   name       = "test"
   network_interfaces = [{
-    network    = local.network_self_link,
-    subnetwork = local.subnet_self_link,
-    nat        = false,
+    network    = local.network_self_link
+    subnetwork = local.subnet_self_link
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   instance_count = 1
   boot_disk      = {
@@ -115,10 +118,11 @@ module "instance-group" {
   region     = "europe-west1"
   name       = "ilb-test"
   network_interfaces = [{
-    network    = local.network_self_link,
-    subnetwork = local.subnetwork_self_link,
-    nat        = false,
+    network    = local.network_self_link
+    subnetwork = local.subnetwork_self_link
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   boot_disk = {
     image = "projects/cos-cloud/global/images/family/cos-stable"
@@ -141,7 +145,7 @@ module "instance-group" {
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
 | name | Instances base name. | <code title="">string</code> | ✓ |  |
-| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list&#40;object&#40;&#123;&#10;nat        &#61; bool&#10;network    &#61; string&#10;subnetwork &#61; string&#10;addresses &#61; object&#40;&#123;&#10;internal &#61; list&#40;string&#41;&#10;external &#61; list&#40;string&#41;&#10;&#125;&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> | ✓ |  |
+| network_interfaces | Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed. | <code title="list&#40;object&#40;&#123;&#10;nat        &#61; bool&#10;network    &#61; string&#10;subnetwork &#61; string&#10;addresses &#61; object&#40;&#123;&#10;internal &#61; list&#40;string&#41;&#10;external &#61; list&#40;string&#41;&#10;&#125;&#41;&#10;alias_ips &#61; list&#40;object&#40;&#123;&#10;ip_cidr_range         &#61; string&#10;subnetwork_range_name &#61; string&#10;&#125;&#41;&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> | ✓ |  |
 | project_id | Project id. | <code title="">string</code> | ✓ |  |
 | region | Compute region. | <code title="">string</code> | ✓ |  |
 | *attached_disk_defaults* | Defaults for attached disks options. | <code title="object&#40;&#123;&#10;auto_delete &#61; bool&#10;mode        &#61; string&#10;type &#61; string&#10;source      &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;auto_delete &#61; true&#10;source      &#61; null&#10;mode        &#61; &#34;READ_WRITE&#34;&#10;type &#61; &#34;pd-ssd&#34;&#10;&#125;">...</code> |
diff --git a/modules/compute-vm/main.tf b/modules/compute-vm/main.tf
index 834a1a60..90b88c0c 100644
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -145,6 +145,14 @@ resource "google_compute_instance" "default" {
           )
         }
       }
+      dynamic alias_ip_range {
+        for_each = config.value.alias_ips != null ? config.value.alias_ips : []
+        iterator = alias_ips
+        content {
+          ip_cidr_range         = alias_ips.value.ip_cidr_range
+          subnetwork_range_name = alias_ips.value.subnetwork_range_name
+        }
+      }
     }
   }
 
diff --git a/modules/compute-vm/variables.tf b/modules/compute-vm/variables.tf
index 61b3508d..709a7548 100644
--- a/modules/compute-vm/variables.tf
+++ b/modules/compute-vm/variables.tf
@@ -144,7 +144,7 @@ variable "name" {
 }
 
 variable "network_interfaces" {
-  description = "Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed."
+  description = "Network interfaces configuration. Use self links for Shared VPC, set addresses and alias_ips to null if not needed."
   type = list(object({
     nat        = bool
     network    = string
@@ -153,6 +153,10 @@ variable "network_interfaces" {
       internal = list(string)
       external = list(string)
     })
+    alias_ips = list(object({
+      ip_cidr_range         = string
+      subnetwork_range_name = string
+    }))
   }))
 }
 
diff --git a/networking/hub-and-spoke-peering/main.tf b/networking/hub-and-spoke-peering/main.tf
index 686ef547..f77d49f6 100644
--- a/networking/hub-and-spoke-peering/main.tf
+++ b/networking/hub-and-spoke-peering/main.tf
@@ -149,10 +149,11 @@ module "vm-spoke-1" {
   region     = var.region
   name       = "spoke-1-test"
   network_interfaces = [{
-    network    = module.vpc-spoke-1.self_link,
+    network    = module.vpc-spoke-1.self_link
     subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/spoke-1-default"]
-    nat        = false,
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   metadata               = { startup-script = local.vm-startup-script }
   service_account        = module.service-account-gce.email
@@ -166,10 +167,11 @@ module "vm-spoke-2" {
   region     = var.region
   name       = "spoke-2-test"
   network_interfaces = [{
-    network    = module.vpc-spoke-2.self_link,
+    network    = module.vpc-spoke-2.self_link
     subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/spoke-2-default"]
-    nat        = false,
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   metadata               = { startup-script = local.vm-startup-script }
   service_account        = module.service-account-gce.email
diff --git a/networking/hub-and-spoke-vpn/main.tf b/networking/hub-and-spoke-vpn/main.tf
index 1cad68be..78eea3aa 100644
--- a/networking/hub-and-spoke-vpn/main.tf
+++ b/networking/hub-and-spoke-vpn/main.tf
@@ -249,10 +249,11 @@ module "vm-spoke-1" {
   region     = var.regions.b
   name       = "spoke-1-test"
   network_interfaces = [{
-    network    = module.vpc-spoke-1.self_link,
+    network    = module.vpc-spoke-1.self_link
     subnetwork = module.vpc-spoke-1.subnet_self_links["${var.regions.b}/spoke-1-b"]
-    nat        = false,
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   tags     = ["ssh"]
   metadata = { startup-script = local.vm-startup-script }
@@ -264,10 +265,11 @@ module "vm-spoke-2" {
   region     = var.regions.b
   name       = "spoke-2-test"
   network_interfaces = [{
-    network    = module.vpc-spoke-2.self_link,
-    subnetwork = module.vpc-spoke-2.subnet_self_links["${var.regions.b}/spoke-2-b"],
-    nat        = false,
+    network    = module.vpc-spoke-2.self_link
+    subnetwork = module.vpc-spoke-2.subnet_self_links["${var.regions.b}/spoke-2-b"]
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   tags     = ["ssh"]
   metadata = { startup-script = local.vm-startup-script }
diff --git a/networking/ilb-next-hop/gateways.tf b/networking/ilb-next-hop/gateways.tf
index 7684e130..9a0da360 100644
--- a/networking/ilb-next-hop/gateways.tf
+++ b/networking/ilb-next-hop/gateways.tf
@@ -32,13 +32,15 @@ module "gw" {
       network    = module.vpc-left.self_link
       subnetwork = values(module.vpc-left.subnet_self_links)[0],
       nat        = false,
-      addresses  = null
+      addresses  = null,
+      alias_ips  = null
     },
     {
       network    = module.vpc-right.self_link
       subnetwork = values(module.vpc-right.subnet_self_links)[0],
       nat        = false,
-      addresses  = null
+      addresses  = null,
+      alias_ips  = null
     }
   ]
   tags           = ["ssh"]
diff --git a/networking/ilb-next-hop/vms.tf b/networking/ilb-next-hop/vms.tf
index 6a8f22a0..d3fbc0f8 100644
--- a/networking/ilb-next-hop/vms.tf
+++ b/networking/ilb-next-hop/vms.tf
@@ -31,9 +31,10 @@ module "vm-left" {
   network_interfaces = [
     {
       network    = module.vpc-left.self_link
-      subnetwork = values(module.vpc-left.subnet_self_links)[0],
-      nat        = false,
+      subnetwork = values(module.vpc-left.subnet_self_links)[0]
+      nat        = false
       addresses  = null
+      alias_ips  = null
     }
   ]
   tags = ["ssh"]
@@ -56,9 +57,10 @@ module "vm-right" {
   network_interfaces = [
     {
       network    = module.vpc-right.self_link
-      subnetwork = values(module.vpc-right.subnet_self_links)[0],
-      nat        = false,
+      subnetwork = values(module.vpc-right.subnet_self_links)[0]
+      nat        = false
       addresses  = null
+      alias_ips  = null
     }
   ]
   tags = ["ssh"]
diff --git a/networking/onprem-google-access-dns/main.tf b/networking/onprem-google-access-dns/main.tf
index 1e29defa..2d803673 100644
--- a/networking/onprem-google-access-dns/main.tf
+++ b/networking/onprem-google-access-dns/main.tf
@@ -187,10 +187,11 @@ module "vm-test" {
   region     = var.region
   name       = "test"
   network_interfaces = [{
-    network    = module.vpc.self_link,
+    network    = module.vpc.self_link
     subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"]
-    nat        = false,
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   metadata               = { startup-script = local.vm-startup-script }
   service_account        = module.service-account-gce.email
@@ -250,8 +251,9 @@ module "vm-onprem" {
   network_interfaces = [{
     network    = module.vpc.name
     subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"]
-    nat        = true,
+    nat        = true
     addresses  = null
+    alias_ips  = null
   }]
   service_account        = module.service-account-onprem.email
   service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf
index 00bd89cc..9beef9aa 100644
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@@ -182,10 +182,11 @@ module "vm-bastion" {
   region     = var.region
   name       = "bastion"
   network_interfaces = [{
-    network    = module.vpc-shared.self_link,
-    subnetwork = lookup(module.vpc-shared.subnet_self_links, "${var.region}/gce", null),
-    nat        = false,
+    network    = module.vpc-shared.self_link
+    subnetwork = lookup(module.vpc-shared.subnet_self_links, "${var.region}/gce", null)
+    nat        = false
     addresses  = null
+    alias_ips  = null
   }]
   instance_count = 1
   tags           = ["ssh"]
diff --git a/tests/data_solutions/cmek_via_centralized_kms/__init__.py b/tests/data_solutions/cmek_via_centralized_kms/__init__.py
new file mode 100644
index 00000000..6913f02e
--- /dev/null
+++ b/tests/data_solutions/cmek_via_centralized_kms/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/data_solutions/cmek_via_centralized_kms/fixture/main.tf b/tests/data_solutions/cmek_via_centralized_kms/fixture/main.tf
new file mode 100644
index 00000000..374460dc
--- /dev/null
+++ b/tests/data_solutions/cmek_via_centralized_kms/fixture/main.tf
@@ -0,0 +1,21 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source          = "../../../../data-solutions/cmek-via-centralized-kms/"
+  billing_account = var.billing_account
+  root_node       = var.root_node
+}
diff --git a/tests/data_solutions/cmek_via_centralized_kms/fixture/variables.tf b/tests/data_solutions/cmek_via_centralized_kms/fixture/variables.tf
new file mode 100644
index 00000000..764f047d
--- /dev/null
+++ b/tests/data_solutions/cmek_via_centralized_kms/fixture/variables.tf
@@ -0,0 +1,26 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "billing_account" {
+  type    = string
+  default = "123456-123456-123456"
+}
+
+variable "root_node" {
+  description = "The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id."
+  type        = string
+  default     = "folders/12345678"
+}
diff --git a/tests/data_solutions/cmek_via_centralized_kms/test_plan.py b/tests/data_solutions/cmek_via_centralized_kms/test_plan.py
new file mode 100644
index 00000000..21514522
--- /dev/null
+++ b/tests/data_solutions/cmek_via_centralized_kms/test_plan.py
@@ -0,0 +1,27 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+  "Test that plan works and the numbers of resources is as expected."
+  modules, resources = e2e_plan_runner(FIXTURES_DIR)
+  assert len(modules) == 7
+  assert len(resources) == 22
diff --git a/tests/data_solutions/gc_to_bq_with_dataflow/__init__.py b/tests/data_solutions/gc_to_bq_with_dataflow/__init__.py
new file mode 100644
index 00000000..6913f02e
--- /dev/null
+++ b/tests/data_solutions/gc_to_bq_with_dataflow/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/data_solutions/gc_to_bq_with_dataflow/fixture/main.tf b/tests/data_solutions/gc_to_bq_with_dataflow/fixture/main.tf
new file mode 100644
index 00000000..cf6ce48f
--- /dev/null
+++ b/tests/data_solutions/gc_to_bq_with_dataflow/fixture/main.tf
@@ -0,0 +1,23 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source               = "../../../../data-solutions/gcs-to-bq-with-dataflow/"
+  billing_account      = var.billing_account
+  project_kms_name     = var.project_kms_name
+  project_service_name = var.project_service_name
+  root_node            = var.root_node
+}
diff --git a/tests/data_solutions/gc_to_bq_with_dataflow/fixture/variables.tf b/tests/data_solutions/gc_to_bq_with_dataflow/fixture/variables.tf
new file mode 100644
index 00000000..0a2696ba
--- /dev/null
+++ b/tests/data_solutions/gc_to_bq_with_dataflow/fixture/variables.tf
@@ -0,0 +1,36 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "billing_account" {
+  type    = string
+  default = "123456-123456-123456"
+}
+
+variable "root_node" {
+  description = "The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id."
+  type        = string
+  default     = "folders/12345678"
+}
+
+variable "project_service_name" {
+  type    = string
+  default = "project-srv"
+}
+
+variable "project_kms_name" {
+  type    = string
+  default = "project-kms"
+}
diff --git a/tests/data_solutions/gc_to_bq_with_dataflow/test_plan.py b/tests/data_solutions/gc_to_bq_with_dataflow/test_plan.py
new file mode 100644
index 00000000..1828f7f4
--- /dev/null
+++ b/tests/data_solutions/gc_to_bq_with_dataflow/test_plan.py
@@ -0,0 +1,27 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+  "Test that plan works and the numbers of resources is as expected."
+  modules, resources = e2e_plan_runner(FIXTURES_DIR)
+  assert len(modules) == 13
+  assert len(resources) == 61
diff --git a/tests/modules/compute_vm/fixture/variables.tf b/tests/modules/compute_vm/fixture/variables.tf
index b2a5c6ed..21603452 100644
--- a/tests/modules/compute_vm/fixture/variables.tf
+++ b/tests/modules/compute_vm/fixture/variables.tf
@@ -53,12 +53,17 @@ variable "network_interfaces" {
       internal = list(string)
       external = list(string)
     })
+    alias_ips = list(object({
+      ip_cidr_range         = string
+      subnetwork_range_name = string
+    }))
   }))
   default = [{
     network    = "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default",
     subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
     nat        = false,
     addresses  = null
+    alias_ips  = null
   }]
 }
 
diff --git a/tests/modules/compute_vm/test_plan_interfaces.py b/tests/modules/compute_vm/test_plan_interfaces.py
index 560be3cb..3711b481 100644
--- a/tests/modules/compute_vm/test_plan_interfaces.py
+++ b/tests/modules/compute_vm/test_plan_interfaces.py
@@ -26,6 +26,7 @@ def test_no_addresses(plan_runner):
     subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
     nat        = false,
     addresses  = {external=[], internal=[]}
+    alias_ips  = null
   }]
   '''
   _, resources = plan_runner(
@@ -39,6 +40,7 @@ def test_internal_addresses(plan_runner):
     subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
     nat        = false,
     addresses  = {external=[], internal=["1.1.1.2", "1.1.1.3"]}
+    alias_ips  = null
   }]
   '''
   _, resources = plan_runner(
@@ -53,6 +55,7 @@ def test_internal_addresses_nat(plan_runner):
     subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
     nat        = true,
     addresses  = {external=[], internal=["1.1.1.2", "1.1.1.3"]}
+    alias_ips  = null
   }]
   '''
   _, resources = plan_runner(
@@ -67,6 +70,7 @@ def test_all_addresses(plan_runner):
     subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/default-default",
     nat        = true,
     addresses  = {external=["2.2.2.2", "2.2.2.3"], internal=["1.1.1.2", "1.1.1.3"]}
+    alias_ips  = null
   }]
   '''
   _, resources = plan_runner(

From 9c59a030522bc3c0ce3b8275e913ef120dbde22a Mon Sep 17 00:00:00 2001
From: vanessabodard-voi <63779321+vanessabodard-voi@users.noreply.github.com>
Date: Sat, 29 Aug 2020 11:09:57 +0200
Subject: [PATCH 02/25] Add the option to not create a DNS managed zone (#126)

* Add zone_create variable

* Update readme

* Update dns_keys
---
 modules/dns/README.md           |  1 +
 modules/dns/main.tf             | 25 +++++++++++++++++--------
 modules/dns/variables.tf        |  8 ++++++++
 modules/organization/outputs.tf |  2 +-
 4 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/modules/dns/README.md b/modules/dns/README.md
index d391c4cf..1d0c4e0e 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -38,6 +38,7 @@ module "private-dns" {
 | *recordsets* | List of DNS record objects to manage. | <code title="list&#40;object&#40;&#123;&#10;name    &#61; string&#10;type &#61; string&#10;ttl     &#61; number&#10;records &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
 | *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> |  | <code title="">null</code> |
 | *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> |  | <code title="">private</code> |
+| *zone_create* | Create zone. When set to false, uses a data source to reference existing project. | <code title="">bool</code> |  | <code title="">true</code> |
 
 ## Outputs
 
diff --git a/modules/dns/main.tf b/modules/dns/main.tf
index f29d2768..d7e98b52 100644
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@@ -19,10 +19,14 @@ locals {
     for record in var.recordsets :
     join("/", [record.name, record.type]) => record
   }
-  zone = try(
-    google_dns_managed_zone.non-public.0, try(
-      google_dns_managed_zone.public.0, null
-    )
+  zone = (
+    var.zone_create
+    ? try(
+    	google_dns_managed_zone.non-public.0, try(
+      	  google_dns_managed_zone.public.0, null
+    	)
+      )
+    : try(data.google_dns_managed_zone.public.0, null)
   )
   dns_keys = try(
     data.google_dns_keys.dns_keys.0, null
@@ -30,7 +34,7 @@ locals {
 }
 
 resource "google_dns_managed_zone" "non-public" {
-  count       = var.type != "public" ? 1 : 0
+  count      = (var.zone_create && var.type != "public" ) ? 1 : 0
   provider    = google-beta
   project     = var.project_id
   name        = var.name
@@ -89,8 +93,13 @@ resource "google_dns_managed_zone" "non-public" {
 
 }
 
+data "google_dns_managed_zone" "public" {
+  count      = var.zone_create ? 0 : 1
+  name = var.name
+}
+
 resource "google_dns_managed_zone" "public" {
-  count       = var.type == "public" ? 1 : 0
+  count      = (var.zone_create && var.type == "public" ) ? 1 : 0
   project     = var.project_id
   name        = var.name
   dns_name    = var.domain
@@ -123,8 +132,8 @@ resource "google_dns_managed_zone" "public" {
 }
 
 data "google_dns_keys" "dns_keys" {
-  count        = var.dnssec_config == {} || var.type != "public" ? 0 : 1
-  managed_zone = google_dns_managed_zone.public.0.id
+  count        = var.zone_create && ( var.dnssec_config == {} || var.type != "public" ) ? 0 : 1
+  managed_zone = local.zone.id
 }
 
 resource "google_dns_record_set" "cloud-static-records" {
diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
index f38fb36a..43aad86b 100644
--- a/modules/dns/variables.tf
+++ b/modules/dns/variables.tf
@@ -98,3 +98,11 @@ variable "type" {
   type        = string
   default     = "private"
 }
+
+variable "zone_create" {
+  description = "Create zone. When set to false, uses a data source to reference existing zone."
+  type        = bool
+  default     = true
+}
+
+
diff --git a/modules/organization/outputs.tf b/modules/organization/outputs.tf
index 2a829c4d..f33d54f1 100644
--- a/modules/organization/outputs.tf
+++ b/modules/organization/outputs.tf
@@ -18,7 +18,7 @@ output "org_id" {
   description = "Organization id dependent on module resources."
   value       = var.org_id
   depends_on = [
-    google_organization_iam_audit_config,
+    google_organization_iam_audit_config.config,
     google_organization_iam_binding.authoritative,
     google_organization_iam_custom_role.roles,
     google_organization_iam_member.additive,

From 0389af7310e0646475810f4a7d1d16e2609b00b7 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:10:37 +0200
Subject: [PATCH 03/25] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 10798c4a..901af3d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
 - add alias IP support in `cloud-vm` module
 - add tests for `data-solutions` examples
 - fix apply errors on dynamic resources in dataflow example
+- make zone creation optional in `dns` module
 
 ## [3.1.1] - 2020-08-26
 

From 60c068ffea8b031f5837c09d5a1938f7e4c5dcb2 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:15:42 +0200
Subject: [PATCH 04/25] update input variable tables in data solutions examples

---
 data-solutions/cmek-via-centralized-kms/README.md | 1 -
 data-solutions/gcs-to-bq-with-dataflow/README.md  | 1 -
 2 files changed, 2 deletions(-)

diff --git a/data-solutions/cmek-via-centralized-kms/README.md b/data-solutions/cmek-via-centralized-kms/README.md
index 62b42210..03c32f27 100644
--- a/data-solutions/cmek-via-centralized-kms/README.md
+++ b/data-solutions/cmek-via-centralized-kms/README.md
@@ -44,7 +44,6 @@ This sample creates several distinct groups of resources:
 | *vpc_ip_cidr_range* | Ip range used in the subnet deployef in the Service Project. | <code title="">string</code> |  | <code title="">10.0.0.0/20</code> |
 | *vpc_name* | Name of the VPC created in the Service Project. | <code title="">string</code> |  | <code title="">local</code> |
 | *vpc_subnet_name* | Name of the subnet created in the Service Project. | <code title="">string</code> |  | <code title="">subnet</code> |
-| *zone* | The zone where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1-b</code> |
 
 ## Outputs
 
diff --git a/data-solutions/gcs-to-bq-with-dataflow/README.md b/data-solutions/gcs-to-bq-with-dataflow/README.md
index 23a4470d..da3c35c5 100644
--- a/data-solutions/gcs-to-bq-with-dataflow/README.md
+++ b/data-solutions/gcs-to-bq-with-dataflow/README.md
@@ -125,7 +125,6 @@ You can check data imported into Google BigQuery from the Google Cloud Console U
 | *vpc_ip_cidr_range* | Ip range used in the subnet deployef in the Service Project. | <code title="">string</code> |  | <code title="">10.0.0.0/20</code> |
 | *vpc_name* | Name of the VPC created in the Service Project. | <code title="">string</code> |  | <code title="">local</code> |
 | *vpc_subnet_name* | Name of the subnet created in the Service Project. | <code title="">string</code> |  | <code title="">subnet</code> |
-| *zone* | The zone where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1-b</code> |
 
 ## Outputs
 

From 86bee0ff707fc0370d875b5516c70106ae889c1c Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:16:42 +0200
Subject: [PATCH 05/25] update input variable table in dns module README

---
 modules/dns/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/dns/README.md b/modules/dns/README.md
index 1d0c4e0e..2c00ebb1 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -38,7 +38,7 @@ module "private-dns" {
 | *recordsets* | List of DNS record objects to manage. | <code title="list&#40;object&#40;&#123;&#10;name    &#61; string&#10;type &#61; string&#10;ttl     &#61; number&#10;records &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
 | *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> |  | <code title="">null</code> |
 | *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> |  | <code title="">private</code> |
-| *zone_create* | Create zone. When set to false, uses a data source to reference existing project. | <code title="">bool</code> |  | <code title="">true</code> |
+| *zone_create* | Create zone. When set to false, uses a data source to reference existing zone. | <code title="">bool</code> |  | <code title="">true</code> |
 
 ## Outputs
 

From 088a7c569f32d7b561ef93655c07c1fb04ad52d1 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:29:46 +0200
Subject: [PATCH 06/25] Quota monitor end to end example (#125)

* working example, README missing

* add missing boilerplate to outputs file

* README

* fix dynamic resources in IAM binding for_each

* add tests

* update input/output table in README

* add example to READMEs
---
 README.md                                     |   2 +-
 cloud-operations/README.md                    |   5 +
 cloud-operations/quota-monitoring/README.md   |  42 ++++
 .../quota-monitoring/backend.tf.sample        |  23 ++
 cloud-operations/quota-monitoring/cf/main.py  | 201 ++++++++++++++++++
 .../quota-monitoring/cf/requirements.txt      |   3 +
 .../quota-monitoring/cloud-shell-readme.txt   |   9 +
 cloud-operations/quota-monitoring/diagram.png | Bin 0 -> 48087 bytes
 .../quota-monitoring/explorer.png             | Bin 0 -> 52935 bytes
 cloud-operations/quota-monitoring/main.tf     | 142 +++++++++++++
 cloud-operations/quota-monitoring/outputs.tf  |  16 ++
 .../quota-monitoring/variables.tf             |  64 ++++++
 .../quota_monitoring/__init__.py              |  13 ++
 .../quota_monitoring/fixture/cf/README        |   0
 .../quota_monitoring/fixture/main.tf          |  22 ++
 .../quota_monitoring/fixture/variables.tf     |  38 ++++
 .../quota_monitoring/test_plan.py             |  27 +++
 17 files changed, 606 insertions(+), 1 deletion(-)
 create mode 100644 cloud-operations/quota-monitoring/README.md
 create mode 100644 cloud-operations/quota-monitoring/backend.tf.sample
 create mode 100755 cloud-operations/quota-monitoring/cf/main.py
 create mode 100644 cloud-operations/quota-monitoring/cf/requirements.txt
 create mode 100644 cloud-operations/quota-monitoring/cloud-shell-readme.txt
 create mode 100644 cloud-operations/quota-monitoring/diagram.png
 create mode 100644 cloud-operations/quota-monitoring/explorer.png
 create mode 100644 cloud-operations/quota-monitoring/main.tf
 create mode 100644 cloud-operations/quota-monitoring/outputs.tf
 create mode 100644 cloud-operations/quota-monitoring/variables.tf
 create mode 100644 tests/cloud_operations/quota_monitoring/__init__.py
 create mode 100644 tests/cloud_operations/quota_monitoring/fixture/cf/README
 create mode 100644 tests/cloud_operations/quota_monitoring/fixture/main.tf
 create mode 100644 tests/cloud_operations/quota_monitoring/fixture/variables.tf
 create mode 100644 tests/cloud_operations/quota_monitoring/test_plan.py

diff --git a/README.md b/README.md
index b541bfcf..811bc844 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Currently available examples:
 - **foundations** - [single level hierarchy](./foundations/environments/) (environments), [multiple level hierarchy](./foundations/business-units/) (business units + environments)
 - **networking** - [hub and spoke via peering](./networking/hub-and-spoke-peering/), [hub and spoke via VPN](./networking/hub-and-spoke-vpn/), [DNS and Google Private Access for on-premises](./networking/onprem-google-access-dns/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [ILB as next hop](./networking/ilb-next-hop)
 - **data solutions** - [GCE/GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms/), [Cloud Storage to Bigquery with Cloud Dataflow](./data-solutions/gcs-to-bq-with-dataflow/)
-- **cloud operations** - [Resource tracking and remediation via Cloud Asset feeds](.//cloud-operations/asset-inventory-feed-remediation), [Granular Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam)
+- **cloud operations** - [Resource tracking and remediation via Cloud Asset feeds](.//cloud-operations/asset-inventory-feed-remediation), [Granular Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Compute Engine quota monitoring](./cloud-operations/quota-monitoring)
 
 For more information see the README files in the [foundations](./foundations/), [networking](./networking/), [data solutions](./data-solutions/) and [cloud operations](./cloud-operations/) folders.
 
diff --git a/cloud-operations/README.md b/cloud-operations/README.md
index 016a5f86..e887b417 100644
--- a/cloud-operations/README.md
+++ b/cloud-operations/README.md
@@ -16,3 +16,8 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
 
 <br clear="left">
 
+## Compute Engine quota monitoring
+
+<a href="./quota-monitoring" title="Compute Engine quota monitoring"><img src="./quota-monitoring/diagram.png" align="left" width="280px"></a> This [example](./quota-monitoring) shows a practical way of collecting and monitoring [Compute Engine resource quotas](https://cloud.google.com/compute/quotas) via Cloud Monitoring metrics as an alternative to the recently released [built-in quota metrics](https://cloud.google.com/monitoring/alerts/using-quota-metrics). A simple alert on quota thresholds is also part of the example.
+
+<br clear="left">
diff --git a/cloud-operations/quota-monitoring/README.md b/cloud-operations/quota-monitoring/README.md
new file mode 100644
index 00000000..a92abf68
--- /dev/null
+++ b/cloud-operations/quota-monitoring/README.md
@@ -0,0 +1,42 @@
+# Compute Engine quota monitoring
+
+This example improves on the [GCE quota exporter tool](https://github.com/GoogleCloudPlatform/professional-services/tree/master/tools/gce-quota-sync) (by the same author of this example), and shows a practical way of collecting and monitoring [Compute Engine resource quotas](https://cloud.google.com/compute/quotas) via Cloud Monitoring metrics as an alternative to the recently released [built-in quota metrics](https://cloud.google.com/monitoring/alerts/using-quota-metrics).
+
+Compared to the built-in metrics, it offers a simpler representation of quotas and quota ratios which is especially useful in charts, it allows filtering or combining quotas between different projects regardless of their monitoring workspace, and it creates a default alerting policy without the need to interact directly with the monitoring API.
+
+Regardless of its specific purpose, this example is also useful in showing how to manipulate and write time series to cloud monitoring. The resources it creates are shown in the high level diagram below:
+
+<img src="diagram.png" width="640px" alt="GCP resource diagram">
+
+The solution is designed so that the Cloud Function arguments that control function execution (eg to set which project quotas to monitor) are defined in the Cloud Scheduler payload set in the PubSub message, so that a single function can be used for different configurations by creating more schedules.
+
+Quota time series are stored using a [custom metric](https://cloud.google.com/monitoring/custom-metrics) with the `custom.googleapis.com/quota/gce` type and [gauge kind](https://cloud.google.com/monitoring/api/v3/kinds-and-types#metric-kinds), tracking the ratio between quota and limit as double to aid in visualization and alerting. Labels are set with the quota name, project id (which may differ from the monitoring workspace projects), value, and limit. This is how they look like in the metrics explorer.
+
+<img src="explorer.png" width="640px" alt="GCP resource diagram">
+
+The solution also creates a basic monitoring alert policy, to demonstrate how to raise alerts when any of the tracked quota ratios go over a predefined threshold.
+
+## Running the example
+
+Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fcloud-foundation-fabric&cloudshell_print=cloud-shell-readme.txt&cloudshell_working_dir=cloud-operations%2Fquota-monitoring), then go through the following steps to create resources:
+
+- `terraform init`
+- `terraform apply -var project_id=my-project-id`
+
+<!-- BEGIN TFDOC -->
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---: |:---:|:---:|
+| project_id | Project id that references existing project. | <code title="">string</code> | ✓ |  |
+| *bundle_path* | Path used to write the intermediate Cloud Function code bundle. | <code title="">string</code> |  | <code title="">./bundle.zip</code> |
+| *name* | Arbitrary string used to name created resources. | <code title="">string</code> |  | <code title="">quota-monitor</code> |
+| *project_create* | Create project instead ofusing an existing one. | <code title="">bool</code> |  | <code title="">false</code> |
+| *quota_config* | Cloud function configuration. | <code title="object&#40;&#123;&#10;filters  &#61; list&#40;string&#41;&#10;projects &#61; list&#40;string&#41;&#10;regions  &#61; list&#40;string&#41;&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;filters  &#61; null&#10;projects &#61; null&#10;regions  &#61; null&#10;&#125;">...</code> |
+| *region* | Compute region used in the example. | <code title="">string</code> |  | <code title="">europe-west1</code> |
+| *schedule_config* | Schedule timer configuration in crontab format | <code title="">string</code> |  | <code title="">0 * * * *</code> |
+
+## Outputs
+
+<!-- END TFDOC -->
+
diff --git a/cloud-operations/quota-monitoring/backend.tf.sample b/cloud-operations/quota-monitoring/backend.tf.sample
new file mode 100644
index 00000000..528c4eb2
--- /dev/null
+++ b/cloud-operations/quota-monitoring/backend.tf.sample
@@ -0,0 +1,23 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# set a valid bucket below and rename this file to backend.tf
+
+terraform {
+  backend "gcs" {
+    bucket = ""
+    prefix = "fabric/operations/quota-monitoring"
+  }
+}
+
diff --git a/cloud-operations/quota-monitoring/cf/main.py b/cloud-operations/quota-monitoring/cf/main.py
new file mode 100755
index 00000000..a3ff4a09
--- /dev/null
+++ b/cloud-operations/quota-monitoring/cf/main.py
@@ -0,0 +1,201 @@
+#! /usr/bin/env python3
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Sync GCE quota usage to Stackdriver for multiple projects.
+
+This tool fetches global and/or regional quotas from the GCE API for
+multiple projects, and sends them to Stackdriver as custom metrics, where they
+can be used to set alert policies or create charts.
+"""
+
+import base64
+import datetime
+import json
+import logging
+import os
+import warnings
+
+import click
+
+from google.api_core.exceptions import GoogleAPIError
+from google.cloud import monitoring_v3
+
+import googleapiclient.discovery
+import googleapiclient.errors
+
+
+_BATCH_SIZE = 5
+_METRIC_KIND = monitoring_v3.enums.MetricDescriptor.MetricKind.GAUGE
+_METRIC_TYPE = 'custom.googleapis.com/quota/gce'
+
+
+def _add_series(project_id, series, client=None):
+  """Write metrics series to Stackdriver.
+
+  Args:
+    project_id: series will be written to this project id's account
+    series: the time series to be written, as a list of
+        monitoring_v3.types.TimeSeries instances
+    client: optional monitoring_v3.MetricServiceClient will be used
+        instead of obtaining a new one
+  """
+  client = client or monitoring_v3.MetricServiceClient()
+  project_name = client.project_path(project_id)
+  if isinstance(series, monitoring_v3.types.TimeSeries):
+    series = [series]
+  try:
+    client.create_time_series(project_name, series)
+  except GoogleAPIError as e:
+    raise RuntimeError('Error from monitoring API: %s' % e)
+
+
+def _configure_logging(verbose=True):
+  """Basic logging configuration.
+
+  Args:
+    verbose: enable verbose logging
+  """
+  level = logging.DEBUG if verbose else logging.INFO
+  logging.basicConfig(level=level)
+  warnings.filterwarnings('ignore', r'.*end user credentials.*', UserWarning)
+
+
+def _fetch_quotas(project, region='global', compute=None):
+  """Fetch GCE per - project or per - region quotas from the API.
+
+  Args:
+    project: fetch global or regional quotas for this project id
+    region: which quotas to fetch, 'global' or region name
+    compute: optional instance of googleapiclient.discovery.build will be used
+        instead of obtaining a new one
+  """
+  compute = compute or googleapiclient.discovery.build('compute', 'v1')
+  try:
+    if region != 'global':
+      req = compute.regions().get(project=project, region=region)
+    else:
+      req = compute.projects().get(project=project)
+    resp = req.execute()
+    return resp['quotas']
+  except (GoogleAPIError, googleapiclient.errors.HttpError) as e:
+    logging.debug('API Error: %s', e, exc_info=True)
+    raise RuntimeError('Error fetching quota (project: %s, region: %s)' %
+                       (project, region))
+
+
+def _get_series(metric_labels, value, metric_type=_METRIC_TYPE, dt=None):
+  """Create a Stackdriver monitoring time series from value and labels.
+
+  Args:
+    metric_labels: dict with labels that will be used in the time series
+    value: time series value
+    metric_type: which metric is this series for
+    dt: datetime.datetime instance used for the series end time
+  """
+  series = monitoring_v3.types.TimeSeries()
+  series.metric.type = metric_type
+  series.resource.type = 'global'
+  for label in metric_labels:
+    series.metric.labels[label] = metric_labels[label]
+  point = series.points.add()
+  point.value.double_value = value
+  point.interval.end_time.FromDatetime(dt or datetime.datetime.utcnow())
+  return series
+
+
+def _quota_to_series(project, region, quota):
+  """Convert API quota objects to Stackdriver monitoring time series.
+
+  Args:
+    project: set in converted time series labels
+    region: set in converted time series labels
+    quota: quota object received from the GCE API
+  """
+  labels = dict((k, str(v)) for k, v in quota.items())
+  labels['project'] = project
+  labels['region'] = region
+  try:
+    value = quota['usage'] / float(quota['limit'])
+  except ZeroDivisionError:
+    value = 0
+  return _get_series(labels, value)
+
+
+@click.command()
+@click.option('--monitoring-project', required=True,
+              help='monitoring project id')
+@click.option('--gce-project', multiple=True,
+              help='project ids (multiple), defaults to monitoring project')
+@click.option('--gce-region', multiple=True,
+              help='regions (multiple), defaults to "global"')
+@click.option('--verbose', is_flag=True, help='Verbose output')
+@click.argument('keywords', nargs=-1)
+def main_cli(monitoring_project=None, gce_project=None, gce_region=None,
+             verbose=False, keywords=None):
+  """Fetch GCE quotas and writes them as custom metrics to Stackdriver.
+
+  If KEYWORDS are specified as arguments, only quotas matching one of the
+  keywords will be stored in Stackdriver.
+  """
+  try:
+    _main(monitoring_project, gce_project, gce_region, verbose, keywords)
+  except RuntimeError:
+    logging.exception('exception raised')
+
+
+def main(event, context):
+  """Cloud Function entry point."""
+  try:
+    data = json.loads(base64.b64decode(event['data']).decode('utf-8'))
+    _main(os.environ.get('GCP_PROJECT'), **data)
+  # uncomment once https://issuetracker.google.com/issues/155215191 is fixed
+  # except RuntimeError:
+  #  raise
+  except Exception:
+    logging.exception('exception in cloud function entry point')
+
+
+def _main(monitoring_project, gce_project=None, gce_region=None, verbose=False,
+          keywords=None):
+  """Module entry point used by cli and cloud function wrappers."""
+  _configure_logging(verbose=verbose)
+  gce_projects = gce_project or [monitoring_project]
+  gce_regions = gce_region or ['global']
+  keywords = set(keywords or [])
+  logging.debug('monitoring project %s', monitoring_project)
+  logging.debug('projects %s regions %s', gce_projects, gce_regions)
+  logging.debug('keywords %s', keywords)
+  quotas = []
+  compute = googleapiclient.discovery.build(
+      'compute', 'v1', cache_discovery=False)
+  for project in gce_projects:
+    logging.debug('project %s', project)
+    for region in gce_regions:
+      logging.debug('region %s', region)
+      for quota in _fetch_quotas(project, region, compute=compute):
+        if keywords and not any(k in quota['metric'] for k in keywords):
+          # logging.debug('skipping %s', quota)
+          continue
+        logging.debug('quota %s', quota)
+        quotas.append((project, region, quota))
+  client, i = monitoring_v3.MetricServiceClient(), 0
+  while i < len(quotas):
+    series = [_quota_to_series(*q) for q in quotas[i:i + _BATCH_SIZE]]
+    _add_series(monitoring_project, series, client)
+    i += _BATCH_SIZE
+
+
+if __name__ == '__main__':
+  main_cli()
diff --git a/cloud-operations/quota-monitoring/cf/requirements.txt b/cloud-operations/quota-monitoring/cf/requirements.txt
new file mode 100644
index 00000000..b9c9e011
--- /dev/null
+++ b/cloud-operations/quota-monitoring/cf/requirements.txt
@@ -0,0 +1,3 @@
+Click>=7.0
+google-api-python-client>=1.10.1
+google-cloud-monitoring>=1.1.0
diff --git a/cloud-operations/quota-monitoring/cloud-shell-readme.txt b/cloud-operations/quota-monitoring/cloud-shell-readme.txt
new file mode 100644
index 00000000..62e65af9
--- /dev/null
+++ b/cloud-operations/quota-monitoring/cloud-shell-readme.txt
@@ -0,0 +1,9 @@
+
+
+################################# Quickstart #################################
+
+- terraform init
+- terraform apply -var project_id=$GOOGLE_CLOUD_PROJECT
+
+Refer to the README.md file for more info and testing flow.
+
diff --git a/cloud-operations/quota-monitoring/diagram.png b/cloud-operations/quota-monitoring/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..c68131f210b61aee798a6be9102845564d788e71
GIT binary patch
literal 48087
zcmeFZcT|&I_co{~79vs%pddv+rK3PVK#CyJq!W5adhZ<`P+Aa>F1?2m2!swHAkw>(
z(5v(oq$721-&ybPdwHIB{+WMf&CIv52n$ZuxzE{Wmup{V?}RGKOA-=L5?s4>jZj+Z
zt@5>NHzlrJyZ-6UE#N;t64LHpyGD0S`t2K4cfHN&+s?Y`o-^kwI{Pzs|GFt%%7>zm
zR^4{t;il~W+(vWMqE9Nw5!!t+we`wX$4JnDbh5KWr2&;!5YEFAo6o_EI+7>8d6)Rw
zz-cS{tS6s4Gx5!i8zdBU*DlQ1*)>}V8htW$Joa&JUOqlP1Liy|yf=wOuU)_LX25dS
z9fQFPNHKE7r6rn4{B0Qc^DWbN*}tyg-J!ekrlS0p;s=@gf<)o}82UtCf8%eTzC-uo
zDgGS^_+shakADn_GJO}kGWWke@xLGN9|Hg1BKkjt@&9Qp`f{8p#p8Lv<Ux}i^be!D
zGgTq_J&=AtQEGint)fz5U|AN%!zZ0eT_$p*th{Kl(!t6UtFFq%St6=u3XhHT9wJWp
zr!B+dMSp&xAIPU??}eoZXLjr`z*6`Nq?#opyy~8UWQvSh3g1S@EajT9yeL-n_W;FJ
zxF_N{QFL^7CqzfXM^<+#{$ahpLh(uI!J)TK!Tb)Y^O037-ivdh4+pW#2S-Goo{01H
zJ3$$`dXzJ)>+odNnLHMz33?Krb3(Qr7~9kR-KpGpPwlTD1P*m|W3E3J51g4S`jr?1
zb9I%P|MknT!+s$;g`V@dq<@#ky5H_2lOmmh*oxQ!?ts_K|Cq>|-d_O%MisowWZ!1l
zKaqu{6h}ip-_w5Nm@T>Y8oSs#gr@RU>ZZ}kJ#f0wC50JyW4yO#&Qoarsz{2FrGGCr
zC1vrV@1MsI%KobWI0Xa6`Dwx7%RwTru!AbWt>A>Rzvdk~43s_w5~Jo?o{hY%XH4xb
z9JV4;u+m>kE&Q5@$Q$+0f^@5RJ|=j#dD3Lin53=cd~t@KS}dF=E7!Zev7tgotmvzU
zH0>+;v8l-oDb9JDnD_|S|9sH2e{5m|J~F}^_}!3<f{cZe&rK(-8A%=b_Hja>EUNKY
zH0=@Ws=mB<c~iJjk<t4k=Oq2yEbwSku>yUnRh+|!zq`96#~S0fx1{+ItJp|i%zi^i
zQec7%=3dyBmR;SQ{sS2;h)vVVuK+7hEqi!cR`U2I<t@J4#8{F&2~S9JK5LPte&sH8
za1g$ZTT}A$Ydrnp=3@{O9hVk`%*qmD*Lk7OnlPL7XsA2RNJ#NnhiQN9LbmS2#Q=wk
zi_4n-={7bA${L%NMw9UT1seDT;j1nzE|wGW@qxYlE+a3mrluATBOr)PNXUzgU1Wv6
z5)#62)Z9HhC@9TW9M{ymtDZSDI8oRa!I7Jn$1F07^ZQwU!{L#+{8b4se*Kn53VVBc
zGJJXFHr%*oB4N`x-PEgEEI=nHDJ^TOG#3w*Nvc-VGmO%9X`?K8mqba%@AdBd^r&#%
zJCb*0I(u4z3LCGM6GHI?8Ur?!P1jsnyU0x=C|kVPH01*kSaJ+oo<>AE?~mQB<f-mp
zfjX9zLlreLdOqI^6g$T?&j^ofiO*hG@B9q(T+F=9gQ?#%wKJTGs5bLinI_slL~kQ7
z+2ZM5>vwJH&()4z8)GyxR9y~J<WpYdt|w7K`1lZ<51q;0s2Rq@B^C@0S|o|MA>%o8
za{>bJ@Lwxnv5*OrQv%1x=*ETD_CRziC@$6jL1Z(DQn^h;J<<bvROiwxKt>M!453{S
zzv>5S?)ob{1>dEeD4DBng#SW`M~`xHLg;hfE=s&+Mrd?W(I^hKor1r<)YelQ5v4OS
zc{q@tRYfnSUlKrJc`$&|6LRwn>bnWjp(CA)#v6nYtc6j%W>3U1FFiv@Y~DEk+3Jbe
zo4GAu|Ep9$Krk*L0fA*z&v!gzTUuUX5n}H>Ah)pFwx?YO7OEsJo;^~eS#W#1QT=Ia
zE8ola3tp@4f%E_%IWZrl*&0Xd9~=;_69vY`CC(R$DXXYp$FaF1BWedn!Lczh#rS*6
z>qtSqLZdckiY#l-J$62ywJ`nT`jHat1r}*i3$KF%zWw=;Eu_)vKrpSU=32$uIw2hX
z6$JEk7jJ<E_O|)Sf!`i2c;=u!I!|A5_p`0XBSVkt2=uR<*!TEdqfE-bO(eo_amoa@
zFT6X*2?JF}NwM9xZ+KpQ%BxC4xOH^@+K+LQa^u{M^@x#E-&#1wj?Ox($ZU#Fp9D@h
zjZ$mX*f${3N(llroUrz<vKkE1Idt-&W@ZTpV&+7(EHKFRSqCpoW(f47_pf<go9TvT
z=rmvj7F$W!B#2WG7Z(>;ihyaD))C6*b%Yy@GHy4?<tGwyPPd&b)q||`ZB)wH6|P%X
zru`nIs4zUQ`vj8k-Cy6pJ=zlTI2#Ct>Zu95nYm{B;OgEf@fN6ny({lAOH^G%MSIRb
zGcpwPlJM!{y>#wNuw9exQsk+88?~uT#(pj>;WQ$1J-N=o<rQg!RB)f<!4xw8zV4TR
z%*fm9bJ9d?acO!R7Vk2jpROpBX~uQTXSeU~vX-FR3VGue{7-QMg=E!C+}utr!sKcP
z#Nlss^goA=m_ueVLsI=_FFsD39ir<rW;5{jR@QNX+droG%j4qXk>4_!%HEZXm@PK5
zPwKRG1RYqFsKSV0-qCzX#(x8|MtBPpu(tubb&(y2^E$k6k!T8=XdRahm#Q2#32t&`
z<&$z4SePRhtoz`z^PvnUE_^-wqf(`Ftx*80wjMmsi$a!&J&uJyL~{s=ApPCs#A!L2
zhT)j2F<!8#JB<iOMy+eGVXQEc0Zkd6UZ>#Dcd_wF>y$||`65BoW~?(~4po}m{S_4z
zRJUGaDoTyyREP|h49AXD-h$I;T2XjCvvTyzPNOHc-rqm0^Q!jhl~QmEe|!FQOf`p(
zw=w(tHj(8>4}s9x+<6k8TSPJ!_mpW<tekAwKxG?(_r7E#O`~mY$2XQYZ`>kXOI+<9
ztvzbyNVGn^|N8XX9?|p^OfsQ*-dEUQBHO_4@|z16S8Pgbj=J7t4pEi0(~wy{cwWEm
zO7s@}dH1sd6DeW$hCse(Gas3`FO-0H%&6{yr~ZRPxf+x5AqbGyv!^TiE-5}GwnAjs
zBN13(p%Uz#jKt<1?{o2qSF=Mgh}XR=vG33VxZ0$>lcsXcRcEXwv@fkdlGZ~ijDkbe
za=o{Nad2?3upEm;YGoA{Py5uHt$aY#<aa<;DrmssAMrrq>r|AwSlIb=AroLQ@jdJ;
z9D`@IPO2Ij_HwU`+Q(zl)|2)ut?P4eI9v5KWi73rC#lZP&V>lHw$qAgVNHz`t#_%*
z*gJ$;t>L+drKRPRkDIFtnl7W1ZdQ)9F#qd3UUbxV5;W09_wGruT|s3oR6+P6f23F!
zvL0uHq=1dV_|5v%5J+4W5SMk`Kgcp@XAg}DX%T%LbKN|auB@mqpQs?MR{k*ub=~yc
z;27Buvq`l&vE2R(pSx<@eLQ_qP+4E!uXXs0yeGXx7ky;eT?LrD0btOLv#y6?S3GbV
z)WBOTszCss!&lB<b~c8hD9)NPe7iS>D}m|tf;t&<sUqW15`zNY+k;~E!HcAPvF4OI
zy6&Ou?p#UR9o3YD)9<$JHj^TQ8+O(sxp33!dfY;!(57%ou<yQh<zGIG`Xz@?nThS8
z_p4G11Q63+hifebL+j?-U#MxJ`;J(NAh-hO=t-s3R3XdZ8@uE!V<DcZ?XjhZ?RA`^
zpXm^+i0cUhceBs_tlN=p62uA~U9_;d)QhZi8l}OGU<=TBqtK6x__rdMJGz}P%0&T-
zq3tvyg;3TCn@P#hPxR!zDZ(mCo(R?24L7tIFX(i<BARr%c87Pm%z7=(i>A=Vu;-N4
z7JD1`>46al{XS+$dTCr&LJ-rmLdgt9eKR|n@tN@Z^@YtD#-8x_4r6T^!%%m3rQtNC
zTjcoojrq2tbe|^n@_J9K%(TO4F$>f2EBEq+;zyhD#gkAyy~1Fc8U>Tw+`jYSHSUSJ
zbB0tQ?P45`CXj(-{9#^ho|XI(o0${5FiG))bED(t)dco)vgnz3l)04NhPI5rrTVVG
zk<`GOa1rm<raYB8QEQD^QadZTv80`7SLQ?zyOPhIxW&qN{z))DrZWGlK8ugV$2@HL
z>)i0Hj)gdNzBLR{RgJ|%EA^7W>_{CnEX3zbYtDXg)nVK@d7hVZuC{=_iU%R*F@83J
zMtbB!A!EY{kB0KlrbR1O8^hz{Yht$$<Q{Xr+P1Dy$|}k_(C<{qvm;U2?NgF95RXb9
zYfs6oR(~0MknVDC@vw@*YxsD%S*<pzK*X+buR(AI2N4nJhn!b1GppGc`I(ZD9F9_?
zUlgGM^>NdC0Mmek;lB+gqJ_FCL?Y_Ha+_6wRQj;PH7hL4%p*hTKFVPfgpF@;x$tM0
z28;5;O~DL7z8U1{Hd^+#hllXYCxqK04)Dv<;z?KY(>`5GTU!VJL3Y^$CRRb&t*xzz
zI-fj*<ID0>T&=8Z0-GcB$?Wk+<LZwnhB}vXfoZ?(X<JKGYtXIJX#y_0#?!P7likGU
zG)}!vR(<;RLQ2*>HfL<+DEoHGEgB(LojiH<g6e8XAD=hHIu4*X`fM7*`&Y?~pPa;(
zii}gpoISq+(Pk0Zb2)X9sDvEzHarPfni`K+F&L+qu_l2(F_R!x41>qBDDP0gz&`Ra
z96v-QN38g)N-di@4pj!d+H)tW^6AA*S3cxPM<Rdix5y|w&CVzHSd%PSKPReYez-YA
z36coX)WR0t)tjssFU}dnVuie!etKw?nP<}Y9$!y=?a>95si<_TdFr#>V3lp!o3aM4
z*Pz?QdC{)V%`*@Li`AVX1*dL%zk62)#OY@~6;9QjrzcaA$90ufsyeExg({R(9Dw>%
zueNlmAlHqW>nc50{k^6!^=IqP00`azc~NN@a$u#7Ci2ss&OOly2Z{9Q=ex{zg=BWv
zRIm3|&$wRq52W1~Ep{C(E#OmwIP4$aJ$g?V9*!hvhPP@+^#16LXRU%)2H&T}G7t&P
zr3szxI>!#w<3@w%t#pYEGsA_3wyJG^P*>Y2Iyj&<7>vU0wq|_yyPl;AI{~hiZS?$T
zdI2xO&gT@JO&|dP;7XH8S3bxyc8DC2h;w>8hvsIyNfl~!bJZD6yEU;j6AVG9lfpim
z+K*FQfgul{`_}~1>-Aeag`UIftK5)jybDiRqs!k!4W_H}Y~%cM-HKs3D;0PNY0wO-
z>MZ<7qMOeOhHN_wF>eJtb3U$QdwQfh|1?rP{|Fz{sO;F<6Y}}3rV!V<i=pgAZ~Nu<
z+F=&rgLEq$bJN`SpHzEq&h?62x5}@zyS%Rc=B0Z%nTnRSwh7s7wZu}#R!53Ej|F|d
z2VPJ2*nL^7S33ofuIvrCo1C>fv0+zN0KxzL`(!ZEM_wW@@Z`dYv(AEMq-GC*m-fBV
z#aS)9=-YzZR(95|=kHAWlXCM!E+1*CsGu*~WaVrr+l?b%=hQl_)U5GVjh8jiT92>e
zX5q=7!7#Q)lY%tA9TV!;&Wl|K#XrBpe`st+U{3GXbWsSV%ZYd_hw1+)%MB}8voZ3K
zvM$gPjD%=Z=7t*&Y1qE%_~`nO^3N2BRelvJ+kU03_z(r*o&06hzJ~RaD05Y`+qMg#
zR<U}RuHV{V>j~~CjS9+Sq^rq3#_s}`ahvu)dj(};ISy0$g^#i#YAyI#??}AkuGtK`
zl2(3>5uFkzL7d!Cy=?k6ocKnYC)eFT>wPD;vSnvGqD!MOD(%6pSg-Plx5RX8;ymly
zAa2X;(DmNtLDti3OY=t0$frw#+|?dhdh^UK8I|pXe2Dte7vGXBv>qA?@fAH<o5LDT
ztus+mBU!$|Gw#h4&3=Lsj`754$FnPWXeQpL7RZ_iqtKNIlyfS`|LTi<NzS9e`2g|I
z!pd$`-S4a$=Xv<jj!<YDv%)d$*FTNST%YS@d3Es{J?nP8wSp9Mi$=x9CRKQ<u2-(w
zW4*Jza_5lHc0$g&+^c$xhVy(Ca`ai`@ONHNs&GtlGJ=n<altdXNW(X51gW=1`E|mv
zwbF$GiyhA$u23Z-BR8L!s>MCd9g;z=kqr({Wy#q!ES(fs*V}y5o*9GheRidyg!QEJ
zsoP=p(l(y|gfC5bRqyU1w?tHCe`J{HyLaMC63zIPp!?0zPcyd_TRbx~oW^Mz_F>7q
zA1>>?e{)q^{+R2X`ADJfE1_NOvk2cQJ?Sx*{CZCEpI*=Z7}O#HMy<Vo_&qB*9fK-7
zs9Y|H^D8u;5gI+b8+s@^5CSe`xpV0sqWg_2G!?4kW9FrrM|C?sG2Esc_IgzPL$eOE
z(=k@RgrvHG>T(xj=JM-@;nMQ*Y7>Cig9tZ1s4xZDeoU~fOdl6%Je|3XGsYm$lGW37
zefXs0cX)X820tFnF2L<IARTkPp59~okCHizGusq=4p?nv+61?KG9vo!k8TdZv12f9
z@oK<X2qIsazwu3@@tzZgKp<#lzL5t@&;5QrD%Pz0nY2!5_3-37k>6rcO#~P=R>)1O
zhkS;@I&g6fVW+WM0dycpk-m({5*xJV>pXn_gNX^+f>oRkKz65w9QgS7Cue5q&MF~i
zY)gX2I^yC{U0vhI*{+Kl!8(v0UAL)awb4g)n%F)k&W0l6cKI6nHKd@eTV}#60LyL1
zV7zKuMp#}2;lmJecCFQ<n)}miZ_8dL^V!|clsdcAZ6mvqari6!k$vs{4SdTBF}?m!
zge^x>rOZ6PAJQCWlijdJMO|90b#ge8FFzt#qLt<L&OeZTaBJ_iiElmqhKqvPWvkz0
zL@KhbDalRify(J>RoAC687_v@Z}E;kOO<j0&c`8K+*}94F_E>tbmVt5mO8eokwe);
zB8%|>)b;ou->7dHc8~D#@YKD?78xt)wQFQRRJa2N=e(`!c3=B02}q*ItOIa4`6nmu
zY$kW25SGU~W)1n3R%*J50uRv3oho?;KV?gF_`oQ$%7V8e`NM^3o9SlIo*x0f_jtSx
z-yhxM=jTV3w9T<3W%81P6N3*7P-b2~cO;!BgIu~Es$v|ocPi6~2ql(#3Wk&IFxft*
zM0)qbgSMeY{%z&`jjL)AC`(dpo8?-HclRZVlnS8}8kLc96lF4*RaN&jOCEWVZ=@Ox
zWf={9y)}D^C~3?*5*aJRXY1TBlN!H$HAcAoD@Jr9WCV_$@7CSdr-tS9s@3c&fZ5&O
z5*)v0^8WSdyONF2Qy)7?Rjl|)T_1B)Lw(aw9e>)OBnnSX)(W9_F<`}!UrIFp8%Qw$
z$XaU~_z`kYVWQ)<HS=6>2Cg`^Po`~SIz(l+)-!I&hgs|vIjlG}r>P$&U@xgZ4BAjK
zN)`0`$*S)du9WUI|1`Cra1cPz2OZ)^h@ztX!otX;y-LrE)&!k$sFmZ%{)%w+`Z^_r
zsk5`I<#`<hNg=&f5$RQ-abr-(>&R+|D%s>opOlaUIlE2<h3|3MMxc@G_C#$whhEP2
zEHRUuJoJ|q`1#HHzXrJnrw1z-Y>JC*JQs?qr(r^BTL4mG)6jTrT}mt%T)QP`-+}+K
zs;hfv;rX;PJ;K&wSyunY&(<&<J8-h=ha;0F?2ppUJ~9Lhwf2^rqgbnUioMfoZqBe+
z8!baL?U%0o<~fkM>S%kIo*t&!=2D|a4g4B?j|UNjX!il=Um8P`nVAvApZ2D=MM^NI
zN9eV8@6&g7y1O~9<dffC{jrC&sqCEcOF&-KyqSv&?Xq3UIg7He*mDt>DcfV$g6RP*
zjdJWne7@cogAM;9=t>6GK}f-te};3Gg`MRn_BBkCUya@I=b{DXV%ap6-)Thd;Hxm^
z{l-Yqz~EC*Tuds1w&UpXx<<2#cBjb-4ufR2l$6Y~VmztMOS5Nf+&?(1EsUWSbYmT!
zEvd9p-@pm->ERkl>}5~1niZ1^ji7{8GBBUHm1R@3-b3=(oV?tP2Cr>LC~YnO4cWD^
zc61;u`e@VTT)fCH6#8<E3qxL-QXsIwB8$VE$^)Vk<L4iTePZCa;{lw7^Zx2x&A=`x
z0CG`{pqH}*g(ubmz5*Z_K545f@?*4RPe*|Sq+V!c`9V&zSYKx3#gO`@UhmNNI3QeX
zslf`qDk0IhseB0#Ig_BEwzTwhGwbWI#hXL+1=5q%ev2&ci|AWC{l|D7f)b1}J0>8A
zY4BIR8ShDa(MaL_41hb!-7I?V#({>{);Fxl@nJgPlVdzN{Bh+vxg8Oyf{^O6LH1f}
zAofqR!e0WoZKT-TX?@sYG!`4bSP8EIf)g_N7R1XmP&=w4UZl!^$+aJSxH*)ZJnK4?
zqv2y((b%~ec@+gj{y_l;qpWM2+pItKqrs2rb&B(()}3{`F6)za(-awVb^O0o3Nd|d
z3VYTW_MsDGCOa^Hgc8lcNKUxQoUFcA?bWTbT>lJF!`Pwr_XQM&K(9Tr_bcI9Rdq1-
zX3M4!{5vD+Ii>lc9{ja3vI;7%9xJJv<st4_SlBpSmv(T7(oX%bwGO@U=4}gQG7Vry
zvktWT78V7zT5Ui&sm^SOXjO%(cY7v+$-y-yE?e0G5J+zzUh=H(DE{3l$KE1MG9-PA
zaEp}{=lW)?6UQf%i7C4j%Af@gq|I`KIjXKXEhBFBbdQabcY5NV3Z(kQ$$G|<A+ozO
zz6eW8jv5%Lwo5A>Q8F*L@w-~^!BhpMV8X#`)H?(Kx<XjY!lzhUUKd}s-`1|K^{Vz|
z-&^T(U|k2;1d-^OG~v{eVwX71mA+KBexo?*qgkhf<gO2f5^Uh{Qr}d7ec10qZ(D6&
zeC+D!`2ld{5Wktn0M(6ViT`+;NKo9Vir92|0?VOVW|}_|*@ElrvqLOvyc(LB!S$KU
z$A<?83X#J!9!wgyE7a+|9C05J1Eb@iUp0=6?vsBV12cOmY^JEfKJQXQOkc$j4#XjT
zOr&c{8S{b!!xyRbGli^JdU7M3&mT6zJGiz8+0^|q6s2c=`3KWKlELW}EaI>PpKh}-
z1li7q=$Lfm$`>HE*F{?n*}M1l_qEoL5^0WuB8f#%hm>OEKvQ$DZgyXrY=RE45food
z$S{sxP1iuSQOkhKYUF+OW5hv9Y2>yBw~}Badpg>9g+sl`5KCP3wrB-^O0ohvJO-vX
zHLs4e0o~m^tD4&K7Z0xVX_v>Qh-?dg+j_<NZ4Gpbtdt=B(U8l^R<&j8t_eWE^J>eF
zMT}Q^m7vYg@|Kn`v>Qm3ZEh8yIGQ>R#7M%T*;GquSg|X8%wPiao>Uro+n*rGaWt<P
zDWbzY(X=ZhBxEZPhEJ5IknS*A&GLDFpU1=hFGLP%uI+vAH~5&wH-pT`gEt;NLs)>d
z-B49ecTzFGPb-8=V}CB#4YeOTudJ*@H$1O$?5lG@Ob=psT@yGU7JGu*7PAdE`iAlL
zN{;vcT?;_zROx`Sc&Rq)jKXDEeYMOC!B<Mv)wS*F9kH2oK{X5nzR-M>XuG*pySwY8
zyG;)ACg(^|VA}2UU3x`uB~FGQ0RDpHG-p#FCkNz*5bdT?b~i|!YO_z$!=)DRedLBx
zbSkw_d4%gAh@~wWwF{_^n2A{)leY-#*epE)X$RRdOQ-Sn(dLsDu*FBed+B1jTDvJe
zE*1o$uykptk`E^g$EDlwPl+lIiXKQA`ge89=;BLRtnpO;?D>I(ZZ`i0m@)bE0>>d6
zEv*S~#3x;dw1-7O^2kfC5w;_L8Y>-3+TY}#QxFA8P-vy#4AO=S43G)7GX3@ZPE#^3
zG!yc|$Id4mswzsLH7Q5|L|t7Nu6bH`(Wdet=vq-(ljn!Cv7vM<keS+N0>^Wx(`~1@
zd}5KKgQGG!vRWx?oa7;A=<n`S^6*GR?3WUdB0lVtXMKin*;rZ*)+T|FMy+@R2-mxT
z;<ky}UPz1Fr?^DZ_vy%~djHZU7E5d9d3ZdzdLXyg$a{*%<HuuV=;sQl4sq;iLPq{l
zK(=m;O{tA5hq&P$lYtlYEn=-Q!!)&?ehFkzBQtsfJMcyY)k$}D_O+?)*P5&;^ATDY
zunD-p3$^m()75NrG07(%Mp2^Oo~12)R#-8V0UNThH|6n_BNR1I#akeTNfEfQ{@AU<
zbGc+Hu__S|Hx!ywDNsK(E#QbQ_(2#y?UE@qiILf=(f3yz$fx<?nr20)W_M6g<>*YP
zCRwLgWcLaG)-<5R6M=GZsAt(~{Dwo2&4n>|eangQJvR<PI66;#8qhH)C4x&zR!&LH
zG#;T?>O@FLehW$Mm>DE@7e(ZNm@8cqB>$vw&6svyJQ5^Hk4%@|e1)!(W9aPa8vG5S
z(3y>LTCv=3<@A=PvYVW<9Zl;;n)MrzJw^%Bx)!D8m3Jd&S6H++SJWJg-h`!&D$tQ~
zqt@>soYx>>X*Bq!0Z1bTX8ul1Q_~!DBav`PAZ=B>-7B!NscC$25O|X9bLnZ>a*=B~
zId3jw9#eB6Kgae4i`Olis>M?Fm)7S})~~l#4qu}zlYtu*kg>JStzcF1nz6DLHGU%w
zQ#=1JwePY>+&DlngF{<2$x;jN&PSZCgfqIozJ=dxdk#iv1t=!t^_JwL50g)PRTA{p
zm{r6X#SLkvg@i4bjAk+A1i73=M-{#ic||<Qt1n%Xp;B*kEo6oRZ@ao$ty=p3HLGYa
z_n5>@#g(A3ee&Se1*LmhR782CBjWg#{jU&5$Fd6FX{|W0b}5g22{~o`Q4_gOsY&u_
zW8?Au%2XGZnh@8o_c!{vozW*J1FZd<N43FJfl+-P7_WzGW;fDaGWZ?2Vb0IB?or<s
z#F@Tt!`UpozXHFm;fdq7F@qh_^Of_V6iKe@`h8o&Rq+Cqx6okNC)-yn*@P0-CW$Hc
zEF5a{ZpX`Xv);msDyY#ESJvKYi+><5CyNC@OzqkW-rjZ=Ci!$>#F5BUR?;3tg~7#Z
zp`BH6Ta$PVNQ)}ZLgJOsas4Jd=-aCx`WqQOnKV#0z2OG<g214sjLUSmCCHWe;e9Pk
z>#y~Bwp?dxRhf2bf={5J>2~;+F#_(|HKn*^53Sd_TD;RL5}C2K7}31d5n2L^BOJ!_
zbovNzd`;{`)<UvHZlQAH1toUQK75<$+n7@h^{3GZg5KPd%rYIu3|DK1-Yfe%5J~jB
zd`yTaZ`78<6kBfEC~23f_{{sKQ8xG5?a(t5+{{Ba*027OZ6B)$1a7)L9x0KT$l@p7
zz&@#P__9&#@aq@J*0Fi@29?p9(1V^*3qkU?aj~)H(@9v{+{ejU;&B~}=Qb;-E7{=n
zn@G}QRk5fs>QC7uf%JwH(QmU4{e=gYJHwvI9*(-y1>CInCuZcAF1rL6_v=;$TI%X0
zPLLJotYQfgM>BfOS<3;%!UDHC*<VA7eG>gted}*tq417(VP=Qw8~NCk3Nkh8O7JP`
z;|QiX58FU0t3rV(7$nqjcIx)uOCffM>A<1EEGuuX+(7_K_y0se2bMm5^7Gc;j+0oF
zjt1`&{f^>N%HI_14&9euz{p*Zw^MX~f6kp2@xK%qX$n)WUNQb5D@gT#k@?^ds(-G*
z{SGm#MLf=l{^}vp{U!PxL=0m*BX;=sk2MezT^EaT&v%r+Qpomads6Pe$R}EQTjHyt
z1IB(n5oIDJg7$^}&HAt5-Q^TzivA_uLio=$yuNuy;%8<T|33vZ4^*>}`i9iJ`NtYU
zg0E#ty;kLa{tp2$)&nEoiAeZD{;`JteMtYZrJql}*k?*9FiM{f{FSxiuJvC|D;*|U
zMggs(P>W7@rGIvp0_GeTgQbw82me;pQ{uQ<1p;W1_f6&c5Uv|fG+#wCQDsVHeZG0*
z|2OG>V<e{o@4T#0g&m6;QT+WppMAZS84`J&0leeiay8urrg{J3x)=%Vjdx5xZ-nap
z%^MJZH2_RS_||8|mfNK0|ET5rm!`jH0#wWU-owlgB1YFYe=|*kfV;%7<A*PRxurG(
z{=VFs5B@CI0GRvB*ws=7z^3m$6J`2o{0*3!4h8zV20nQImtsr%UnKv3+URbrthP$F
z^59@>R2+Lh==e2kx=khnlPk?!U?J1r)8bd8$WQd2f_ks<=S;=<l*FUbkn*`Xa2Ecj
z*mjjRzl4)LY@MQu@(}Ba#l(Ih0prv5%d7?aK$LUDr)Gj%r?Jt|g*l6;qgwmJ94)F1
z2*$BtH!P3j^XKN%rl<d@9CQwV^YH%Ms}V?_cYh1&WIPQ~e=pmu=rDdS?tOZ}@cuno
zH|GUitz=4P+#-p|(z4aNCA?fS)9K@kSGWP}Okqs$Artp=1@09NRZln+=I&7c^Ejoh
zHd7vw7r|UzI)+bZ!N>1giOqA_nR*o0n}isARNnsj;o2H5785Mp$()2SC@6DuY`+ad
zT-D3FOn<aTv5f`HUwST7$)o2?Tc4O9^6sP1^t!oCJd_F?*ZZT#BW!v&I(d52o5HFv
zHZe6jYjDk2kKKrN6x&XO-s}5XK38{SjU~#vzYX=WDqrT%Lk2{bNt1+(J#?w6E}ZwS
zEZf_KzAB!o-jni`J8-cqY|OA2GGi{u|Im|~HIVOh8xcXPD*c;HE?sE!NN9Fbuyf~1
z3=qxwmw7~??nwwtCRN%mc`i{T)Uj$C5U&%h_e9;WtaVljQ$xCuG4M^=F;Ir*i#$}N
z`?6R_*jC4qjmVahJhE1|v`kv&(9YeQIwN_i&57M;X_{tXMkuyU1<FXv9%Tx@bPav`
zodExoOo}oUSmwN<RHkBMw2E>pIB!j2-hM1x*RNDzFTPmS)_0)g+cL+M2;u+ok4L#K
z0MC^23X3ml=!MDxw;7{t;|sST#(iQ(337gGIBU0|mz&#aa$HtT%4Fb#I=bA<!;}re
z`4fel+}f^yvn&gBxHiCM<<GE4IPOlpL|uRnSHde-hNtWYbcI=;E98=u$HgVPL5YW^
z+?9F>E7#2})Eq4fVemLaP0@F`ZIoAKdZmt~eWt9QA*#!)AH6Q{F@39N;JnP2elMX|
z&A}rOWNvh1HuNewI(m3~pfIgZ-mUmi`3h@Z#;>mPv4ay&bX;O8qOXcv)7}8fJnn(d
zp=eno$eG+`#K9|<Z*7`;IvyVIG<k4HQJVo|vss5PF{DEm7az6M2i5kG!A$G2q(l0D
zkC6+uA&tpi9q!3e^s`oH9Cz(aqSzDGbvv-wnPqq(I6n4dm)i|Z>lKu8mc=U18$s@@
z87FDyR!y~+Devmnm(?&rO);5=sqEDJ3fy@2*Q!XmT=d-S)h-hoVlkcl(bZmZ_iqmN
zf&3p&_a$7CNm<`XEiV%1M%zs0L{U4Jd2yy0D1Of2UMlkmzk9T9E_;3KI#&Nx-sc|c
zT$2xl)d-a)gA#auT1lCvQ*2T^5*gu|`l@uuCtv$71J;NdW~%4+5t!f68*7GdLIc^?
z9wjEBo#Pxqw^(ki_oWW}9%`S4Y@Lyd?K`{FtUckyv<vsJtD-KL)OrnuUU!-GVpw8B
zQCgz*?xW;^C#R6hcx+cE=i@sR9JBgvl4#|jL7h30(0AAw$Ieuzrd`OND=k0sm0(MY
zntV~^Z*m8vK4zRc%edaOcHC12)^@16hPhF%$qKu6ZvFRY63J0DLw>KbF9AM6>SABg
z`dpXD6r3=;o8B(iJgC#j*Nv^0K7DvkpXb$Bh?0Nn(JdPcyqB=vhb~~MQs@~!2}luf
zno7*eHLDYC|Ng*=!^%H_S|mC>kc^^GzQ&RsRA(g5+h&oND5KCH3-#3aVW^V5%&zN$
zt<m(0kz&j#O7WH;gO=t=PA9b6_WfMqxLICY{5x8HbC&-Fe2)U{7DRXjmVLGS6CmHc
zp2?IdS_ujSc+w)LrjEqy+f#m>)$90Ha~5%T$v<c`-aSq9>CqxKq%G$q{4NX^)Y9hh
z8)qSllT&vy3r?n2dR5#L$X1mOwH{7I3>JBW=^Cr!zlMyC))F0CB#5jx&wn}9xF7r-
zXUzYcQ$I>dwaT(HcY>0FSL4Od_yAl5aHdb6%9T@axWth*%MGDkEOp>)I39mRe`t-<
zV?nJkOjFwchnx$8%O$+-hjwU`kRpT&biBhr&x<HzjdjDl?jtOv<+|<3h}1d_pZo<a
zc%S^TJMfjMqR&~zUcuLD_p!D-HC@M_-;k_WzQfleR?TNr9I6P%0j{{d{8-JDit`Dr
zR0O{|wa6mN+ak;M?>U)<YIMZ*IPy<DdZj&qqPz{frsT(LT9r+K52<a~n@`3cYSLA@
z9~83`=d1QGkBzc|Ae(wN<#R2bZ9R=9;oNImYpx5X3wpKoiOFdu{U7>`7pzo1+){8V
zGvlw{6Q|(n)hzodqw#ZL)c-1M@t0=!69Jgoxxf~f;f&pJr;?%*!%MQp@?xl3tpV+>
z6ZzzAOQbyQ_=<4ER`%#&wI#`9#OB0$;munt%y2-F4tK0no)y8G3Mq<`nuR@Y2h$(=
z`&sw9y3v4mtvy3+)S4X3S8gK-z6(bb!xno`H<I|>2IAK5O!f=+6+5<mCqM`TacUQ<
z!g#2ZuCJPvxR;=Fm)XeA_Q<%O6hVh7jLr6{M&y-?gVgS+wrMaK35TiMDJreqJL(~~
z))+H75>X^m-b`x;D#?sz54tt#lnc}}N!A;=y2#-gPO2bh0(hL&NQM^-ssMh^>eLh^
zM`medJKT8#J-wgQK$Bb*jjRn**Rco?-~po!obPW<{6sd+#Y5ENF<V<W)zXrFNKPd|
zbd)EorOn42cs#jquGzgJ`VZITu>&_aUWCb23;38vf`ZxZ!JxihCwI<iJJnuMK8B46
zI@z~-A-6w6=~@dvd7lZCUd3lGEdGTEmo$RtNBq9yg^o!g0?7&r);P>d3nTW69&1)M
z{fIP1%OzhpIv-W}8#KeSbnf$Rn%#(dq81f3|DAC1Rxmwp@#13BH0&LHS0AVS6De!7
zsy-q%R#m;#U`SwUKb&ks7hlYpYN7^vl5%WOVJXBh)$ZB4$x6nG`eKr^z+PI)%tU@~
z3``1=5D4Bk3e}xe8%K$@z<XMFH(ZRGLh)%vCYuA&#!RuCQBo~(VW@R7P==A5IeSN`
zF-W!xsj8sCfCZV!*I9-&H0br}*U6Yv8Fia9W@d&=2cK&mbY>F-pT@<g=Lh_>=;CCC
znyMiYrnNJBkzm+8<S}X?Sg(5iJ3k+F2b@VWP<k^FIZ8aLgBF~uFvk|-&W*1YGQ*Sp
zAafGhZpD_1ZVW(3VRXg~5~^t^)r4NSpLCXHN~z~XY>pSkE)H9%c{{{Wp{wg6T@ZIl
zBY!pl{OS!gX(N9bd0&6Lk7~T3pTuP36x?L-Cu2WPl;`P)8u_<KCC_5bjN%A*ml%1&
zSKeiI{4k^C00S}!xQB2owV*@w!Vwy)AD|EP=rZgtGi0KA*!Xf6r#cys+wZI`KDb%)
zth2~%dL!p8J%dh-LFPp)*^MIkPZK^;3U1raf6^T-RJV@HjBoRFsi@9JV|ovcN`s1d
zvF&|=6Eaa$f%IyvPKU>a>^i8CKzh{HpXZl$wwK)aTcnG5_b1XRMwl@DJYsOJQEVwB
zzmIdD^>HRj-8CRoiQGEvI0*V$eoU@T`0^Fd5JB61xMeRV!@A7oEGKi@PA%0)<t;~w
z&{9$YM@_3RQUnP`Wi*|rF+P8ehRPWU$=X&hmOvdfz8K3MYDE%mgga&{wy<a=ty@j+
zKiYtB=`a}y30kv6L5wOdXhxi!YgR(#1S!wT$A)7D6XRHt`B##1?buVw;Ki=Ch(6RB
zH%3Sos7j8PD-M-&0E+z{b*R(ZrdTIM7T+{}^11k}F`+6u9p#2%OFdf+ikX+ZVJe@#
z6*r(`Q#Uwwt47$D`fn-ESDrsHB#28%j0BAx3O=g!B^~)x;k`V?D!Vly>2}b`P^jY^
zrXAQO{1b3R04XT+YSVZssg^wMe$l2;GSo>USH{y6UbNB~3V486qS5#Jjv)Z)$Gg;0
zC~3{|Igrg4-ro}N81VI(mevO`8cYWB{?iK9xeq~4BDSXI;lDLR$Pg0`Il!oeO^+f<
z<AE-hgoG1ncN%Tp(fB60?v9791)3Y`jvxAY)g_F4M2ybgZ)$)NilUoOLN$n0T{bfi
zX($W6a~~gD<_{b5FQ?%@a_+s4dsJ`vMQ#IitJVX*wd_YLi)4|XWbfJn$3xVM?(c97
z4W5eil^FSS6xOE5O-ju*jfH}<k(6{?hL4<UTt?!f7pw(tq&YOvL}>5xf8}XR=mY5w
zoBX^l<<%>d1dQVycf+O}Ysq6jd@!xeHF6?=Ayw&H;JO;ChUY?s5u0vrU~=pzpgu!j
z!hI(|P~D>S@o4|z@Vro+s@t2u+$9!{)cK^KiQhJsp~c^o6_uCc%PM6EtB0*yttsL)
z=135V4|_a69H~*@X-J5%orMI_SJ8(Re^OBv9ts49S3)dp>+{D!@io7ia9)5K_t~8*
z$Wu?)l<Q5wghq^8DMz*Z2(^7o-YuP3u^4T>0;v|QNZMefO;(oBR@&}{=aOvTvTH3D
zJwS=b>s^p6kJY>~{_B4HcPO)$lR<kcNCKdo9W}!Nu=H|vTjSPC54DZP3*V6!>ujH~
zu?bW-h1E@JL%EDc$V9Yf+-k69wmd#<Vssm=Mu>e4KVndfb-i_`L9&3!5nx84flmPd
zY=nfE%I)nWf4j;Hd|M>_lc1*=lfhD6*T_z%rrKIysfrJkoR(`S`_f%5v9s*zULNH{
zo~LtF>24J~Xd)XB7u(I!r=G>@O#z`At1pg?C*U#~bM~m^&w{~$cSmGf)G#PT25!Mg
zsG3GxXJDa<B}R2yc-5w{X!CJ3WjN$XrD7{C8+lSusPNd~bc|cG@gC@9knO<=0_yYg
ziz%nZIvyDPZu5feap{Xz_*ab@<9;rice#j`(x)NC-%S|#PFL-$EbZeStIZqA-p<Q`
z*DRUIn)N+eO?C9Zrez*|II_O}ncZOuJAlJ=vdF^a(hGi;5tzB-hDoZqfQ(R9RnbUx
z-jm})zM$I#`y1;Sau!XK5cZGOnAb&lvXWLYed?*IKpu{8N0mP3W^I?lGP9-n<}z=J
zijOe#O~wyE8pBrl^&mL%Z>rRSbDlrOeiuJM+K`XkYe1gYLJKr5AAnv5U@*w8_5k|H
zQM}ToOsU?2>_S8pEPDy*CsXti5vhOsZ$!$o@IL_}^D#oPMc9{NJ|sEKu<82&FL0Ac
zK&bts^+X#;$|#?VO=cUE_RH;*5@`wMu~S%O2G}$MhOt7<IEHey1<LF^DvgWNJLZUt
z-Od~IMxDgcVpF1*#coWBR0RgSIeKGvnqy+h%r4|Jw#MShp$&P?%Gb|MVSWA{NUac+
z8mk6zlvSjW(~aj--{Z#4b^3e7$UxTsR}l#dd^EE1p|n-1Z)C3-*BkJZS>VOea#?kt
zFt0>MKz!4JNxvnOi`;okXwrRx-}<xB(Pji>K^UFqzvJL5-ZqUCnHw#s_<UVNo8IkL
z&E$?NQiFTutMukfNrUaM?hvk>Ehaj83dQ@h9q?oVvC|)gO5}XFtUwY*DoNgFEPsa|
z1^<E{D*!1W%mFb)-`l@6p8Iq6k$Uk7mnp@=)=)O@TKnZsh=9^}8N6}LcG)9JI;LIQ
zmMYGG-MvHJ@Ru8duBMa-<krfn*U<1BI%(^699CM0@rGOGSSB$O5&RF0^@|xab}3?Z
z*~mkM7bE?xL7KEcITeUulaMGe62!gyk^;wbaqIQ=vn51{_q|j1;ToVQi)iH6P$6g0
zd?AGSU??AA%g1w9!CJ+^db9XvE4=S(E#?OAlEvY76QpupWx*S$BoRwq#*aXgHF32k
zNuStWlm46GdGQ2aU~<yA;36PP?fUEQvA^#AHkjIvCBJicJ1$N;Bg<mx?$GELU^T4#
zz-p2w9Doo!y78UTGajnS!oWKDhX|rb<}&tqQPdxLP*bYMKpvr?07@Qda&^KZ57D$E
z0|{HpMA_8h2ePm+t9z<d0p)O*w?NCKOcyIaLB%NE-Rcz*lKh`bix}BC<#UPLx1K!3
zFGLK5X`Uy%P}sA$<6KdV$Sl?#4;+e3q?;`OV%*H9P%unqEs!LF=_z|};QdhLBrs4i
zw4^+u(t2WaZ+}wiQ58jKWTs)l6TFd+jNnc6SESL;%jH}~P;TE?T&(MQe$a4<{x6Q3
zF<x|`RbUDJmM6RD?b_N}sEgASAzr#-2GEXYwviMYrM^jiBK0X8kOkBG9N>N7s>U$Z
z0Bm*u5pnfVD4;oKC=Z}%OG#UrQHfV9>g}VuxEuc~*Yhs`$agMCn@6G0Q=lP&<T-d}
zrA6;QIh_~M044Tp?VJ2gJ3V;k2oIn?os2mDlZ*YD0|fdQXM?<BV}QT(x(+;&A4T!+
zWBtRazE=jwe`$eIl`|ADh`IKO{vu@z^uJbd9jF<;mf68bJ;r>Y0SxM06C?4H-wga8
z#RMjaQ3bl%qwjBm{n&s(PQZVNJipSt;V;bsY(@IED@=qO*a`&zzS19fJ^7E@i*Jl%
zbl}9C8-lI0VTvuYARwRW55@c^|7Q?QKn#07=%4yCQiAE{Ha-w7PUgdK|E>l2e@Han
z0GS-vC_ySD!S|j%Q#Opx+r?8@W7ad8p>u;Q1H!+My8B;b?hgoCZ<=Bd{_)&$OXhtJ
z;a>E9tqXIK5^$;Vm4WBb4cKCT?0=Ke!!X4~ugTMcvp!$l^^j*dgF>>=2SaYT=B^HO
zPqrhIDZKz9)(`&wreplSb98`JyQjrQ{bXjBAdt+#8K`Fd>TND(-0r24uiyskfa>Lc
zQ&Tz;v8Wy%1=+mY6_&2iUAscLPrYDovn|)6BXsUqxj{90b(JKt)2)f`NC+oRz7>W6
zs<;Xm&Ofax-IOUB{EG)YHk8d8QwisiZXHikjuFyq4YA3zS55U99B&KJn;tE}m@%vq
zL<m2A0w_1<whPT4<^KBMzs{(}6dlc2jC?<6Hj-oRAt9={mWG$m{3Ubv+_2yz8lT|_
z#*Zy09yt*A`HvkWBq%PzZ^r{~clobhG3XEe3JhSB%$L@o8=lKms>P`>IiH8AKw6Pe
zd%Yw+=NMlfXMv)IFP8?N6c^hXVr+<5B+kN_{+rGIviL-=X_408tqr5mPAm$r1||;C
zVX$oqIiUD`a{4B<{^8EFF(bf4>FcLQPz%C=PGAHa{%!~^H`EqR1@XJ^&dtr0Tjgs{
zTlqELjMHRcWsOTo@y70H9G9B)(?EE6^$u1Jr>YvM6XN1rmdsFl?AlfDxy|}MCldk-
z()w>_XizT}b@pCi>GyTAC3lu?qSYo7=_Ee(3{eB;Qq1`v{KgY%poU_|+)|stay_IA
zKK8kyl^bkfZvLaX@!STp*C$AD>tk16pPH8!8qfc)H20r(eRjh1RXsd@uhKYzz1qd@
zf}YscE|CM}+z~%lskToVFOM!qK%Dg%r#Q5N{`tB(#OGumalf#zaM16(<Pr+hI;lxZ
zhl2b)y}V2~2Fz7i)rx*JUW{I9g^{y6wqwo@C;v6a`ikGhip%Bs(d_Xp;dvUsMCbmS
zKlXPIrng{DQ|rIKdWhdy$hPxgUg}+8UW&6-;Yp|Bq*vBDE=IsByKameD`_S+;lNS^
z@0(99ZQ}<2roCM7TdiG58`5=~&JCvZ9mBst4)fmjnjM<Kcpda`_pgHVj{^umAd&Ir
znYnxorl|Dv?SLSDr{&M%E^K4RnAuYyoAI*Nz$bpk!G5bO2Dj{<E2Ir?UtVmpLLg9)
z-!UQuK&uohX=q2G*^Kv|9OmL=L#xpj1A4bPqvx?ic7AkuF?+z;xXbE!w$t9esTZ6U
zqS!*q{@=8VxL=Wx8$0A98#A@eRUUSu>@UX7p*XCGZ9ETY6oS}dD`K^{`3a_sGv}nr
z>SGkp;0!cmjHF-wP6z6SdwljeHOpG$I8lljb#+>oYa-{*b?e;+0&i7MyC#DO*4Ni#
zfmV3<SPOil<zfn+2nK_7AQG(sq4DwLfnrbira#y}4Uv=JcV7K+F;9EZbpAW?@;K6J
zy3R#CwfVdM-bz2~<NIh4TJLG9-<Q9FMPi|_G4NNFJo&Y5{fjb?`z?jw&_H_fle6`b
zi$ZcX4f~}EIXStLu*PE$^(%YP#y!EtY{BjN7)3^6<+7DV+P?6%RZ~BCCdcxC$5%>2
zA866(WlDY9a~}Q4=;I&`TTa0Lfaq<pDp%+kLFW5b@GZvUY^)<Kf0>!pi;;ltHC!B&
zY>fJDjqca>`}9F&TX;e58g|0%R<&nO;(c)|zI}mr6F79Eq4A4LOS%PxrRVITD3R)d
zX9_|Gv8T28Pu2X5;>gH3##F(lPUybuNa1xBg^NAEi~fmvk8+^Y_l>NQQWQEql|e{o
zn)-6Wszf)j3%KjZ^1{_h>i_Oi_deJ={wQ*MgIdH_=W==Wj7sQqvm8g``#Zt!cbDoz
z^w9>82<$apY&5z;x&8Jf{T6Y_GJxX+dhRn=Q;HhQ2ceDMc1|d6uU!4woS$Sc4U>-k
zsnjg(m8Z1?Q9EOOe3A#3J`acE9~d6o6p4@kK5=$Za#?4^b<*y4){Z1FT0Lx|vRk#g
zShkzuiAp~XO}C#9f`;EKE)2m3smU4n2(nEb_qjD>Z~Gphfo{p54LKw1qhwwiM<@lk
zrN%GAm2$s}iP45-772h_fESK|X(mU-k^?~$>rs+44(*f9@x|KJ>t=q3W(SKg3VP6;
zm-{otcuNWwiwYIqza1$mG_W1roQ*|(m)n;Z8t-3CtXMWa0*RhBT<gWfw;M#nFhyp^
zb3Za-*yr{}mfBnYcGO=U;^lD$9kk8(VtFM=7lLZSn3=zTw}#Yh3D+WWJ&<*CG1jw_
zGbJl-ha1Z6?QdGtdEx6$8`01dAz}ZJ>1w&$apxB~+cq2OHr?%w>N^AyzH14-($D2n
z>}k))&F@jLjrE)MCgtj%wdy;o7@U2g=f$=b@)Q}aHJ+$ncFBdJWQdb*8LK#M_WSMe
z`Khp~BOjxb7pC22u}vRu>uMMiYHYc0IPB*6o#Z9)*`-}fH=erLx_ph|wF)}<NPG4z
zkdC}i<9PRvWH_9EuccpD0Bz@W;*tas)|Qcw^m9NLC`Qdk@EElnf@DZoB!KqEhhk9*
zyCnt@|8sBu4F2sj7(g<I8J?$EU7f$cAq)Efq0BA1k-?&{lYQ*u_d2KXu|WFqwKU(~
zQL59JSNzB!)1bX^FIR)kne0ju&3=+e;bKKb@`oBR${-20&0j!s=GPr{zXNro$438I
zPruGxI%}Cek&6Y9x;3W8^U207N^}HR#@W@ijv4rp3?XDz3tk)$Z)#vf+ILOOFC&}c
zM}imKfTA&7&Y0Qb@LBu$F#MOU+paXH<yeHeJ{fF`hYBQO)ReSkcVr;+&UZb}SB8q$
z+FpbK`~-MCiu5aYBK$W3H^947?~<V}GDR|6$S*xn!ziI?v2dh6{QMeG^(%Qi8#%(H
zI9lu!EbAo#%-nypFH4kXc|P^wX}DwObh6Lp0~Znsn8qtoZ8)D^W{2M~(d8SUo!tdW
z-3<7m-SR4(EzHr(Mj<PkHL!2%*@o%jA4dKiD<YS_5pAtv;f<&0MyDZb>)P3gi3!7g
zi_w#dqsEfz8P9HL=!Xv<@)3ycgFCfAa4MmK)n8tmo^&^!$*Pa<B=&p1t11h(;cPh0
zN+vM&k=X1nR<dS`MO|x28=|aj<FyjCV(n8^Rn_shB}M|gqLR<6AGiOn-0UqKIcy5U
zCP7ppuVi}*$Q>R{+&y@>v&zhs{cVU-I0f$F6x}8S=J$A+RnkZ?oaS&x;$qV8)DC&Q
zK+eQt6V;B?g0$%ctfc$tT>^edfx^IhO;(@s<+q0uDvUs#whB~Rsg1Izt!j+lMk@^e
zf!g^?ogcgXmuLOB6SrBP>SVE)n3x61x`}g*^ym#hR<M^NLoJl;S|!n<26W?Pxk1Uv
z$-0Vrc9&a?F5TO0xaq@kk@7f8qhxBkUR|N>1;1(%;L8#Kl$C!OI%oRtOKSgP-~zp+
zKc4%PB1DqO==yBQ>m;}!#WQA)l)OOdR}>>6n9&jjithyN9w(onhGXk2yqFd>bJWZe
zfb&LbWGhd$vq;l;u0G*AXo-hc5`<kI(_Ut4e;=&^h<<$Pk<(^)zJ>xxvhRb*i*CQ)
zoSp|*^=bZMhc&4ov!dYOK)OS>jT=TyZQ)5-6ObZ`kU+MPuUN5!ra0QeJv-mMWZY|B
zpOpwf+%K2DCOd}AJHRXC(odxPe@d!e6#PjS4}Qsi4GxoJBK?&^+sFV-*G(?^UbKVw
ziy$!DbHiR^c6_8H34Y9{Rmsdit_OIu+b5f5A{%O7Q4N&5F0FrBlL)o(jwpQRDW*tk
znhbs%ER-%6sTCLw$rT+1;S;JQ?f^KWrjRsw-KcvDH-nj^rqUK_qfEHin!PAS2T?b=
z?-*f6M>nc{H>!2wy5=%k;fG^guSTd^kj5%zMx&bLroAC?^qlp-0<>wy;J7ia?}>?t
z>X>d$%zpI6#rEY)afmULjiET7dk{!9|7^44)9>`#w%~s!tsx~qj_vKkj~4NF|3vS)
zlqhli|KRSu<C<!Nby2|}0R#htCZG^n=uPQGdhab%>5)!AdXq?RihzJLMT#iBBRx{2
zD@yNOAT;UyF223bzI%V?ckln_{2R#1TJO9w@67W&GwX6uuE@kRJ+H5d_hROU26kka
zVq|QVc%%8_QWbOA%x43y@kj51&W{?{ISlcvzx4ke8EN=|G5k~k!N?L#ab27Mfsk$N
z`3RcKDa<i6+#qp$xUPc5&m}+YW{18KZ#8%?{}GU88#G)!5Yp%@=;$c5YmdZZ{bE?+
zp=T=OI{gRz?)tFxDwW6_D>gGTv;6>2if+AKuVLsk%%^EG_KG#AMC3rv8xJ4QNE~(^
zxjcL3-fglHZSY}SG%}+_4(?I%B!)_dRqe0EwQwc?vo6lPp!+Y`){USlkwC~Y>A-sl
zI7DBLoWEt=jIAqprm4cP-K_BSEZ5)8O<8*SSJ_$Zr`(5SBy@EnNNh?ug;ntcFqf&;
zx#V!BoWUCCuGmIW0uc_n*<h7X^2b_ws>Ugmh+}mS=;nz17J0AnH3kjN_-bvyB6Qh_
zAth2Q=I8{-e)GoB@cS=0MKrU-^2aO!1`J#f22mQR6_Cz^nOc{OMz&2R>u!^IE5`n%
zSJJ@)Z<@T_Mk70L?|spvk#J!<I-3%_{G%l8L2R1izrjv5jJQ3D#X3u#%)c};?4?;B
z>x>g}o5dE8b3bj7aBVd(Eb*)@RiW|g?Cl>+nDSEev<8GnCjV2{mBxGnd)P9to!E46
zLiyibaB2DQsE?9=NqStz3`xBLhAlj*RXW(NC>Np!H#i7ZSimYiM2~F<zKonjzfMRX
zF=DZ94?UbY=@M>P@PB?WS$6r32&cI6TW$NfNxhZYh{+!->AH}F$3ivx9ULmfl^wzM
z3olDp1%0b7fu86YvL?e4GVw?}PRgi*<KsrB@gXiqMM&-IuKOQIX0fx}>gAhLEfpJY
zKa|zae97v*-!>@~oDiMGbcFT38von8cR~T+IfWaCM@NcVc&f?q+RQqN==1;TU|j^X
zmt-L}rS3MNz7eq6KT(g(OSnj$En#eDgrwhBHdPQQO$Ovvc71+GcW+Z$1Cc8Bkubb0
zXmt;)5MeQbOOUZ`O~EWwV%LtwGr}a$z9I~mF1`V6Wd2oeLGXcnCGy^*7iifOgjQr!
z2z@aew_H%Rsx8cQ)|zn0#+`kC%Kfov^OMBk9iWO%_}n1)dDOM2O#1V8aN)%xS<-+!
zM81-<!=#QBYvWwl&2LEj|NMqHlqOKF0w@ELier|OT;B#E+C$*EU;HEEp0{XmLQnIC
zx>3Twvo8(-SmXZykUC@ltt`o>Opo8VOEfWYXRBR*ZpkL{qcfirGD7!+Z-A@+j%qQG
z0Q&>=WF`3{AUUFWOoOj}>jpJ>DgQ6jX^{a~XncK5QAc1QbdpeQAV3zpC#?K``Q`o#
zox06f^ISnG=yFfQ@>>&gP;gL;J=AvzC0d$z>jv7o6Z-#c1^{m~dltQ6?Ihp+;}fqm
z4?c9o_nk4dw&F&;SwbxH3t%s_$^eV`KfoW<jq3U~M<HF!4X(BjWgEh>LAjfk_hMNG
z{^pb1qt#;o7kl+@T<pIYANbX{vs}6tPcng{?gHmuKuf5|jcytzMK8ew04#so((&Qk
zfUv}5|0++ZnL?LptjwJg;ADvjnfILL(qB^!Di2qt_ms}bsALz4=BxCo77m8QeHR@d
z2Cm?%!20p#d30F*^*lDryGNn#XDbcF#6E6pz4|OnZD3MaSgp@K@8@sp6|-%coja`#
z>{Hm<qnq)cdfEUmI`{tHcg;^Gf?_OoYo013ud#CYv5`M|OF(eo7q3KS0Wp!DnVzx`
zs7vmJYT};u>is2dz&*4w|7DlB#3y`E;K0NF8nwA}J=Oh!U*X(w)shEOdD<+jvEP@}
z^~W*uPADxP9-khMl4Q-kc^ZB|z573`V*}qk%YJV$OQUZSaPV1sxzDFy<AXs_Z;$0h
zKedPFXIfx&cVpBQZ(Ql4>c3p6OZ$DTXl_~a#FuX)Rtn9b9Em_sZrxS>YB;1}_(I+G
zZjI<jJg}Co%pF5)x&N%@|Ni@s1m(HFMxz~ilA=Ohj!m}8V5`cO=SuJFDSiQ0C=yKp
zH10R*Ux9^x>`L=*yV`_uE1e%s*S_a@q%fTxa(4BoZbMy>!wzPnKCtczI6H<@faYfB
z#B=;_U&S$fbG-9(XXNVhYkMf(f#<zEr-@=_qsN$tHeUdljw=)zyU%;`=)?bt4wi9v
zFr9UL)3bxsmf$g^<@G5&0}Egh1i$_2b1C3H0nKq=*o`__*!ExF1j1CKR^-7&t(0UF
zhXHMB9y~n7cj<jUyBqTpxCawsuoUS(H+vtr*+Q%17)3xRA{!%rXSKbOk<S<e2rr@F
z-KQH72}lt-LtyG)u1@e8TVLa#r!o%j`{dvH!E2FzG}vQFD4|Ns-_IR7?;CkP`;aKq
z_(l}^+4W~cGu4QDdFWPRL)Ii$;pPf6z7>WJKc!Mqp&Z=Y+_T@>PD!b$aEKHfGsIKO
zMKp{jM3+1UXw8{BW8s1T=#eUNJ*5iw_^8u3I5cHy`a8Ht6Gs86yeRE74PuF8ef<Og
z4Tn7m4YYL&e*gXr`dX!RZRqIq8A@;jf1EydtQGR8{$&N(pY3%63sl2j!kCk}N|{gX
zmfFNrpH~#nsw$cfI9&$?(NFYJ3;XrinOIO)Im<mF2w-qWb9;GAA4hUlhA_>;J#uM1
zWI&?{uX%E=70cfBSctU}i8>d~`CR2eu>=KFOV1G<7IecDC6>BZp5>~LFShm|ax+Wc
z7f`Hl#=lZ}__2?NT;_dEiAMZZP%jUcj-vgjeEkZlvD>pSp{NON#G-(=<gLLI_M{1K
zFssY}E~?iM&Z4@ybWP~vW0WeEv7v96TsWPH^}Y8kSvus=hKhy$@92(WgYu14a^xU;
z)q8z__S$P62Z=XM9N?crYY5#xKVu#LgKA_V81Ii*UQQ1COal1AUW;a)cHW0=^xt0+
z18~j{{e#`(m3<wMXATZO8zKztmMJ&|W3_E}KaFHcmG=I%PDy>M9@oCiL%Pf8{`IrT
z%undbGF8KMVYJJW_g|{?nqA`GnOo#uG?^hFX;54t;)5R*da6C_FlaiIsaKAHZ|`Pr
z#sNNbqqS#900KVK5?M^gUgy&996&_$efJ;?mNUuO6TSrKpUITWG=Y&&EjQoc`%kI-
zBJjB^oUD5+R*&udO{T7l+wyi=Hxu}uMNppu>65lPz|Ze-{D)xw2_3MPfxn#iqc%WL
z2B4T$X&ZZE8j}Ph^O=^S+_>PA8-1`0a01-44MYJE7q}wbQ(n!i7r?y%{WT{h9%?8+
zMG#HSRR};!bHJxkpZ@VLB3#rzSBzfT>?|S&qHLHpGtN^rS9VR{e^BTZU_R@-DG+<{
zDgN8j0)Gi?7V*LboEzw=nRn{p?o<J?49)UPN*qui5GqgJ16kTle?y1PKUYjBqbk&V
z0)znBL{K1iL%zsOy-4u(7wp9gx0|@6{~t+esK`H8?ASY8{Cy)GmxaH1QN~gSWxGkX
z+C5A_klmXg{t_S`ZdxE9O8;C@q{Sjr4CkLEBHOK5e!B>S05Ud&CNONK1^6^j`~T!c
z|9(sN5r-H4#|;8inxdoB!WV0|-Jy*K;kg?dNxE<H`t`L`LUri+OOp%%1MC5fy2o-x
zbJugT8B%qqRljU$=38%a;cs%~6Tj}9SF_9=Z+T4cG=BZuScnv_og0vMcE;vZ@(NiC
z+t(Jdd4K*|fc+bkQ)xR<X-8k{H8-k}^_x2p^m_b6LR%H09z#GtfNndEe$9=eB{h_k
z)8Dbbe0)l8EFQw*#6IV23y5kJJEp7XIQMqsM`r(sRcwNoWA4VoF`m;Iy(ZJK#;{yu
z9a~C`vylBEfuNRWQ?|cg5<GY62}s`Z6M-_60ENdKvkXcUObwh08LlHT8hE!cVDIHW
zI=Y;qPHpv}`n=w)kjHjL)?rm-sH@I@J6|=w7WiI~vkvnTatq-zO5%0yT_k)Qkht4F
zso3S*Ri9S#$e&En@tl<B49gOe{1m#-AQ>=G_f*raq+-^&mwM>_ri~$oM$%E)k)6vB
z!JIBlm4l7sF)gE2-k<J|8ziscx?ZXJY|Oad5?;tBLQ;!I6-eiXCezi7rvfl_zo@F-
z9t~`e*?WpD33(N-T|G$FpTt_bjq)7Ymay5q9ZWlw67Mut>#!Mp-M_^k93N#I)Xwv}
zqN-&}B;wB-uh{ZcMT<`mMQg)U_zZ@tgT*L?kcmMj&qIL}l*lwQ;e>V=y}-s-RQ{U&
zNmn(Im0hDsT~uE9xiXSTC$A|NynnFnMEkIRAK?It;p-Me&K1>Ap~0Kz+l7JR9zss*
z>Z4sXzCw-Pstm&tb=i4Sf=r#B--f(~=bFm>zf10D43&Y1`Y|43Uh<(CWQ(-AoVR_4
zSnF1}L<h}#MnrwZjCN$T1_xME2Ai2HW>r}G@4w-9a<s&ssOqut;8nZG!W)m?Z*dXd
z5Z@0V1RjZ$KSPvfl}iz#sPC8rtXeOH0?(1HOZU$>dg+{+{+hYSi=SdRUQKHj<r{~0
z$5w9#(jvKa@&a?go{wa~o+s<EqMRgz8PxrIzb1Fgs2heeYJ%8;#QonAlTRZ(Tq|8P
z_}Sv(+Bft|AJy&U>31`dDSTcM+u)M76d`{NCtKVY`3%S8hU1YHlp;%wqd@ftIODT&
z@}~7CU6(QvC|PCJ&0;ykv!9CPsJQR#t`J;hOssK`0Gt1`<YQM(d*AJyw5=<TULV$4
z=*Fv0!Wq(13tWnS%FI?aM!vjNXXQ@(E*Rc0dJ3?5*n{<7LI9OVEAH)V9C7gNo^*Zi
zAJ5;PbnMovbj1?kx(&HtYgS4N@JETA@Xpvy=ic$mTa)^{R#m#$MXC=Y<rDu#!6d3?
zQa$!B*jG=T(8@o=G2qflADE*xMdf~)TV!L<rpDSRo{W_wpSOO$aW?FA@-OQ!(QIiZ
zrG)CUv$KpBPwU;=gRf4JPHt{>>%R)GH_qYNIUki?O%7&>yUaHE3883*nWX-g7GSXh
z{`J$i5KD|cHveav{Cj)wjoTGD89>)t<l|n&#qN<Jq8L=;-1dsAMm*6yUAJkbd|=2K
z(%%H32mTacZ*++HGk$JQ#L%EJ9(8%*_9t%BV!$b={PbUmo5H=+Ohx*=-aE4{rnSzf
zTqU6lFQNj4Sjq`ZIMK`;I{>9u-^M2yC)bi#pj2Ohmo*=~+l-Lvj;A$B;NdK|7Y$3{
zjG>cGt;sTvf?d7H1shs<LKN;Z$LROV87$mRgp)PH(VMjU7cEJ~;$A<mQy4H8)4kK;
zQm#wyY<M((Y(eEAtIxR<5S+`6<3As43DgaBq!jS`TY>f#x*vvA12~PTn_F4u5-LN&
zuX4t7NKz>H!gpU{NHbf);bGuzXvW;m4Q}jty_Fd<Zd2<z<M=e_Fh%kdsJNST)D&`+
zxy@a&zJT>vaiU?2rD`QHFw<8j-t+paU)j0Q-@^>K#QO2%X9CCTN<CW+^IZ`yUnFHc
zv<OB_#}#+W3$6BV@aNbGr>8N7<EqX)7MxT_TB`N+m_8eBXp1+}3++_yXRTc^^M>f;
za?Azp$Co^9odqBhmyO>=qd$JkQ)-%<o7V!=N+UqF&Mf}fACj&EaJdP=AqkrsUf5AY
zxaJ&yxF@0?4N09Bdp&=ioIj+xE}yHs5(8V~L1s<S!W<U*G`GXq?5o5iGNcAQS5G)#
zkO;s<pD84^+1bzasPh;iLc_t$f|2B7MD4i3_2TJ%=fkU`L=Bc(t(1!6*fwihL#1j;
zCSYW6&10ug1dynbOO%5eeD`u)0GM4dj@s&mOw)Mxs0WxlZROT_S(`EU(03lk$<dL}
zb81$Ho=dOgWRa+@6j5p0LtpcFn&d59V7fG|ixYQ5=}E3~l#|Jq-0!R3XsDQ&5nLLM
zeOm{v<2e;BN`kIdNe|^-_%dSe@V>(uBh~uzf7{`I-?ttNzazcU0u|Rap7Lhi@=oPF
zn&!*5Ga}qS3r~^=c&3SISfG=7siryFNtG@#S>+c6W7@WL5Zc8<9{&M6_IWOT?EAq%
z%{rSfKki21D5e{Dbs$^P6u6hQf@A|=_m#piZf&KdaYXN<90IM{xm|ze)z=6swca-C
z4bXHU<_31d&ls3((v)XY2ob6OYJ(kl?njn2R?`^c)W^4QMvm!_+t)Q^^t2oon*Hlh
zQ-8o_4&@-b1SC($a-xzmFmz{-n>9<5mZ!ow#*)H+F6ek7UoDk6CV7tySP>elFPx;1
z(BOX#NSoiE;b>#-JxTC8v9J90OdHlmOYLSC5Kv+pFZGA8g9grmwaTB>kGe8r`!rhG
zi$9fiQpwmZ`1U(ExEZCotxbr2rOZRgXHA&vksq~T>tnTtcqm;GTgsSZkJHOquO^M7
zEx&&C-CNACjxK+>zmod&Yv*tb1!vsX@VBtgdji|S05vq&X}3O{Ke))eYjg#0f7A4l
zqOPW<8Rz2SMjb>8f|L%>$;o=u$8(Zj7E*Hna|%qm{jR(Gjz}*`sgCtC-E3W7LHt9f
zCGp8fY+wbhxcg+C95N6|+T|uU9os-fYqpf@9Y9-2Zq%Jf3dHj)xa_2PSTuQk7bPMJ
z#3P9CUf{^cF)xKu(OTtgayf(qiKhzh;JZ{M%36A%1*>p$3He!{oqtbcI=VXFnW}d9
zh5ZoupmKF}b+a%GjK+g!!0LZms^~srM}I;q5NzTUtCe$Ex!PwVT?_b9mx9m7ZC;t@
z44pQ)Zx?c}p14faHXLI9{QQ{pxEH{4v4DmkDPNi0Rj7s$7si0A034@exQ0L|NE@@x
zZ-?DMS#M>>1+@y>AbHo+pAx)}QX{hdj)_Lmj>&FJ?~1Ed$BGXmd~7M1%BX#bbd_)J
z?zKHVsF!@iwyo|vAtTGhSmMS`rE;2@lSa?=4&Y|zW~$RZkc`3r2-=f~m68X{e3}b}
zb$vGYVwRc6u2&#(oFNxUB8pnt>wf4H`U^ZhnM0)hp@%Cd=xn|42w-4E1T7}Tyf%`_
zmHCcS&eeHJV^tHLKy$%EBDpMYA0mQCwdM^ca>n<YCo^guHx6$L<NoyYZ$xTwtB&`h
z_GF$GE03s{%*9H!^eI06z-`a;Mn`h}t7pXRn_V9btM6RI4QMzX3rZfgvwwdc*KmDu
z>cp>DTEg~sGr^J1RD#8INzu<IlTf79+}b<vXaeb~X;JH(UIij1EG=3a%Be$et*)K|
z0qjB*+Wy8C5XkU=Ie3cuNBa9ZnEU{eWkwMn(>qz?v^8S%v{_{wo_TJ}%MhcU#@AjG
z`CZnue(PdM`s$;6;=(RdK7Y&$us+32bml<<Cc(MiztlRJSUVy<Jm|;-k++YFomko@
zAMEh94brUtQ<f=`^Vq`QM5!y2LM6DocDgUQ!Th6^P@x$^Z5vDESFL`n@t0LgJU<+N
zmnn0ZjMMvHovzKut{CR?6@VM%xYD-2Zt~QPV+59aQ#duJcZ23m*?-wn>ns=M1bg5T
zHELZHefi=^RB${SFm#`mmL&%8f&$a3<XkZ21Mx<IZDVN<A!PFi0(mr_88#!x6x`=4
zB~kbAD!H<5tS}Cl-PUt`;hq)ChS}bKg6DZQR9oP3O)%GaAJgl+4jp=so?3pSQ%5tw
z-?8)cv%b)O*yCK&)~uGMvU7!Mb?=ni<E?qVM|wjFpGP$?Q7Yn4CfK2PO_;%zejuMh
zA<Zbg@M-Yrii|=eCJhE=t)DGd2~Fuq<G0D2BE~U2-QWFouTcn9L$3~%@%1~N@tFx6
zL?KeFMgIb1xTqSrkUdl{uQDX(kr)u3Hh{d9x#Mw(olaOPvv>0BRI&%oF#1VMeUC&H
z+=__JUnuu#6x}IKJA5>9R2{IuSh8JNgfe~9<H=g-)styQAT!R_dcC|>-RJvFlZ;pQ
zV1KbPY#;;j>e1%iIvM^@bs~ktv8N$3#-0#Q&@VGeNhqbrT=01bxj+=_Lq({JayuSA
zxyfSc56VUaomygk6qmx^kXlvt7zX>mCQ&<S`hK$zt3}Ohfzc|ex2(?X9ib&s0>)MM
zgz~Y6J9^$1fuq|QG<6|<#e?>9vd{&)XDdf>K~>^gmAasO7u)`9^UU%9WLMVwXWamx
zs7cm>?o}D5+9im<oS&;xn?K-xlV<hsBH5#*2K>IgOI1G?2sF9M)IUFHL)&9sGJHa$
zm!F23a)zHU*Dpg}Q&fPgZ1{A-`n?gw+Bx%Eh(uk8(I2^OLD4a53Q`CTDV*(Q4?i2L
zgv&}K4%OLW8zt8_Lw|M&bz&RxRT=|K24!u_jox0nY4pxcrFo#_z6-p};bT2~)gL<*
zRJADNZ(B+nm{IqjXS~pKn5T_Xe5ihDUUvTglNYQ0(C&2e>Gj6&E^rRVYL3?%utOCf
zTwrK~rHpFpd+67$Fj56-{Hp;(@w^myvbB5$T$EU0im+OY?@%`y27YgvaB|fCik*s<
zIf_PpNFs8GS7n^ZlYG0gsMSL}_xsPPmgX8MJMn~>a>z%Q;>n$y^zya0%*7w=cIVPQ
z)U%BstAPbP7&`u&uQuv=m8?NO=UT!oY;6tod`!r#plPw|(#JRlRDDO00ZEG5haS*i
z<W&yu85WyT%$<cb4)D~Zjs`-7x!p={$_M#KS)DLql12Z^RpHhOU=prH_sj6^r&oWe
zkUvikereIZ&3+jT>wficN4PJpatK?q{E2^5!X#H2NTCmb0PZe$v(Vd7CKL+ebu84T
zmMm|`*{zSJ7sDhagk8BoGDIKrK)K*OIW$I%l8C{gdYqI5^s2Af*tAB_#mRfsI#s*t
zQ72Yf0<l)C>q<C#e{qsRZv`Opyk&kv6#i04R-^tdt589R=d3{F-kE=GV(u~{rW0<?
z@Jq&WNS;A%RJwfP9|h9lHleFGC>}oZHCG|zn&_HnkcSMW^MpMGj`kX#8_jo~Bbc-M
z)XVFm6+7jY%3?NJ#Mdg=DY5z4^b}Z5dA1m=<N|F-6io!f-zA*6ue_&6C+NK9udsD4
zu|A!Xtkb%Y=0Smys?I9AUyBhb)O+9Da~7&}rOpG6uobVQ&b~L~lRe6MQY1rwn?r`Q
zy}CFZynHPE186}OH-F)^YA5g;l;7Ambt7z}(gJakStlq%*{`;Bj?x#?*TI1Q50e4s
zAo?cgMln2f?rUga&@LBYT-jFhVKJ{wZ=$xV%Nx&uV{pK99W<xs=WmYs7sFzOF&U(d
zN;}T#jgNBTLj6I`fsQg5;}m%Vh<y1iMpkgT<zFiGwCOkLtLeyWlq+9a{c0>M4YT+c
z?WOcuCISVkW+-Sn7*^AKCL_Uk!hs>eF=h{MGy<XQ>IjVJD3QsQ!ZCOm)5vA1r0cuM
zy}DsSK0c>MJf$9m7n>9BPcro<c)8TZFRRFeDqF7EAboFuygjSwbxlhgFo8Wy!!g$Q
z7q@`2_HkA``;>>slGz{ho49UlVgn+I#aX?B(mMY_(n>fT<0<a=`;)lqJE~G!fpuKz
zRs8U~Q|?9G<h66Uzmwp@(w(}9nDU9x4375XI(ivMkBNZQ(e8BErMK}go)M2y`@r_x
z*wMu3H=0e2bg$Yj=ULDY!H1~ad`gA#w!qDjIx{YanLgP4J``On__S&r1?VKNRiW#E
zkk3flYUV}X=HHdRnXjRifRe)UF&W6yZt!|)?rODIC9RdzEJ{oE))D>#-!{p)%M!d^
z6fsBsO`+w%@`!}=lQ}M#f~?s&u={}ueXC|ikH>|ll-u^DueHqdgDj&=5q`j`@7c6B
zLjvLJl>?8MZMIkb{2FjL_cxlft9Y;OG?acgc;9F;>*GbAmWc!<#|gNqK3x!*5I}0h
z-$6pkehf}i{e3EXOj9{nep|t$nSoGJ>iZX?GH)I}Es4D_qW%b9^dVTP2c&CLAx{r_
z%djZn!cQ`3O$YL}i6pWrsH)P-jlwONJ@{gvs<UkUYND?3*U{l%b%4&|I@1z)W9<-E
zT;n+GHlF_AiR~-?#@`tO4K1Am#z~320q<vKXZ1((Pp$%;CKIyy^8e=Z44qb~y%BN?
zT-QUdeq+*L9kK|Pxy!Q4=+NNjKzMN}r%s`Ghm&wf+$D@1%e7S7O$6;;E<9pw6W|Y@
zoSHJn;#6wktv7$G4iaA?_~k0Pp$v^Sgc{fJZgqgsg-fj)e*BFg_R|*dk8s($O!A55
z<}H2hku~?zOQS@OI?%Q~B^^-%ova{KOWG^Hg02Mm&1r+N64Nz-RtA&u(00LeH+IZU
z8=#G}=}w^c%<Vzr5oO{r8GbCLhZx%f^N9t%ms7qE3L`@o!7_I<t4L+f`?snGOm6Fh
z4fVJl1M1nvV$WVFrsH&vi>}Z20I$sWr)W?DiUy4AN(nK$xO=Zpve-MDqsA2#QwhIa
zXvQf5pIl)h$)1->V{&dL<GHv3R);k4YT%(R4<~Vc5#y?S;>xd>P4SME<|4v&U1L5*
z_3{^s;bHW5JEAQ2FpHmn1Mbc3eG_zXMH>uEo9>Ljy3_F*1$MbY4Ovg1RZbl|d^x||
zUSnR>);dots=H6<<dR^Nfim2*P4e$|Ce5^>d|kC|!JzeGB99n?(-NR9bF39ek#a$<
zuJtwZ!^24e$JVmNI2MK*o_n`K3`!5|v%;x(5qWznD_xy;KE+Nf*QTkB#UCnJeULU=
zCGkPJ_!xC{(mOt+01z|On46sW33RS*U&6AXQw_X&AYq!^m&)5nMVtMNVH}0vjJIC8
zdOe(!$|Qf!qWWZjQLgLfN2QsB$2N-%O7$`fJz6{TtAVlfT4_Rk28D0s6Z<4Zama8`
z3_tnjEeO>T<M9QK)`!@|1H0<fk0PF_xG#SoQxK6pZY1sds_}ZROnI_+(6`6j-fy*h
zW4hexB{>W&`rw#Kh_ih5$#-}h`|$7I%ThKkmw$YabDdokMmMC#L(sW`g-ow4*)epQ
zA0D{Yff@RzLi5>%M25s*L^e<26n1UNS=AZFJtQMnHk97NR$wK;@=ri_U^f|9v(A@X
zu&ZERuWfglKu9jKj7w|sH-D$G(_Pk>A4gctp{rkdUam^_eP}GYt`0PET*T5)_7{g8
z0;tdjOSkX%-$k+GmtfQg#A}*fFz9QSLl(3=J*&v!@Vqsfy>Dy8#KhZz@(_zzQ4*`L
z83ylQ{*U*(Gx(?M7`ql@mW;J4#;sAExpAG;;X9wYaigUsysS|Q;?-1fHb2Nezagw)
z2JoHDsYdAoW38Nt#UcVzk<O}$F<i)zkEj}Z%nvD9yonrtUD4Qk#dQ##^Vqd-ytip=
zA=***Uc6rl=03UCIK+=;?Q*tnM3PT71uIZ|wimEB(lbUTDmHyMTOKHC{P;DVl-Re+
z-Hiy%xgYnJ#?U<K1DI4I#7eaS)&bOS)3Kx&b`+tn@i*v0P66)<KOI=U@Ub)v&j~Tc
zgqV~?o!wi)YLd$+%Y;lJ_=?4avo3GCs`j}*hEjvxH=8pYE<0U1BviQ7U(+C2Um(XF
z16q3W;xh6)iD$|Hit0%FlKw4yE!~Nf3COO8NQEHmX-TN3Ho?dQ`zyPkHdOyk|Gq>{
z|5X1H9TjvGa$!YM=(6#HZC}_cy_FQ_S*+N_>JQ2womVw-<&^NTeWBl%%21jO&i7Xe
zPk>`StRCOd0O}WH-kUzmq^<qnT~hfRmkJ`l6Lr;PB~R+zd3}uB#O~n{u)WZZ;zZL(
zi}zr&B_-HghqyGqW-WU_DHWiU0x~f(e3zANR_L{Q2A8J`sNV~Akz#d|;r4eAG{igO
z82d#c^==-YBxi8EHRz{PKx1HPQISK~#54hrus^oiXS+VLEBc+Q%zuox*u%>fg#781
zU&g2JSjsYOHL2(ykwG`)I*yR<j9c>FgxzP*Zu#5G$&+ud?JE^6`GP>QBIrbTPt+aR
z_lhR$oH%^QZ|_6%llf(YMLk5Z0=M0yc-NRM0*BWg5t3NL5ycyJt`R(`WzkhGYm-VV
zOq(4E@A7P<`zTThIOC3YJ~rO%9D5L69Pb!sJoPDU02?*+HyxGnSjv^yOL(<OHwwmC
zSD4jjQocZH)(RwxY+@-w$Ikn7NiIA(uhUpldL~n5Gr=)-2!Yh1qpqst9^;pcwQmeq
z)9Vv8IOc*_uc>j%u9q%VOhwr5>oEU`U5oKcTdN#DO<Buay7O*n{pB3-#<XJs@@}Ys
zV}(uBVgv1G0A9UI;djW13xnLC1B(`)6m&X<?6+D&vMPzs1qbs|{$}K>Q0aw<;B+SQ
z<${SyLxSP!)1KfKRpS~ammHU#E&B@7YU?`_@LnoVX_}}0%rk=Dx$w#@?Nu@TVs41C
z;;Wd6rf5{7lRu`wXWoLW>H}0E>QwH%q5uNaN`5&*(4;&-^RNz}GLT-n>~;(~VN?$m
zQ4F%L(fj@Bf|mt9xT-tm=Q^(2H$Y>e7BMHn;sYRyeyxfDo=2sEAUl?$TjITGD>kGU
zwcj@?cu*Qc1i18hlSuhT^<DevUGPPmfr|FFtwf541{#H(_W7P*p={!5ni21!S)aOo
z;qf<cR2K;79T~j$wIkc+smhi?cXXB48uND1!P_R5I=DVmzg+d>aCMfyubWY_hRK;Z
zfTd<<7bh-MfQM3?W=+`R8u2_$(EA%fp#YH}$?TonBWm$<%9>uCI2oly1*3Pg%)X0}
z0}O;j2H#{OPh4J5)yJ6@dhv{!>Kw07J%X102Av2KX!M5v=b1&|6lBj%Pq-<pZooQ5
z-_cw+#(J%_q!-T^fFT554aPRk<d%0HR~<>Ws7wT840}uQvbcqGw+8xP()+z@S8H=e
zx0ocKO=@NiaesfS5kIBov!?s}^KVKV`NZo=0lO)!-&4|(qt9Xsrkm&+JUnwsrjlyU
zSDCk3L~WHDP_MEjcBalZ&!>@EJb>EyZN^ScYw7yqji%>XSsFWkT4z$Xi>?iFOz*9#
z&sNOC?Q(XmemFgJQ=gb{!htjlV=HxijTa@}(b^2=+xJw5#n(K=UY**w{5>&KkMnqI
zgAAHN^|wBNoEipcIqsX;N9zzTgh=N~rC!OChP@uh5N;gD0aGGS5F2<g7{GUN!7@4%
zIIOgII8YUw7&UbU4~TDK{q1{_2d}Gi3Dl3GHRQEd+VEa^M|nPxK(`T>@s0Sj6-nzb
zV|{b&&7IFTYadjNjdr`JPr(DOO2szeCo|U%pB_%`dD5IW;%~UvuMG@s6-pmXOlCO*
zxCakEc$ezVUxY?~=|xHx6n`A4TH98o9N}rDh)TKM{azMwZ+ltz&r|8mijgT@p4)1W
zWRdblS#7$B*W^B3ua2B&Pm%{*w`%RGx+l{{SFJ0)o>?i7cI3M#35?A+L*#uUXo$jh
z>K-0$^|Q=fDlQzM`(pc;k)o;f+>t@z!92&8X$5B9>9wpwF3**r4JCa>DflYTqTasG
zNo1i`3OAs0pFwOcIC1{EMjL9JSgo`cL8TD&cy}o@uDO}f1t?`RJ*uR!yfazPS*t*%
z`NaTscP~T{+LOL5rnAfgY$(@>&tK5+zab%sl_ln0M?+ddlW&TIl`bwW3Z-o74nzIC
zj^?Ms0;0ja(VoTuNb|A)et&<5;pV$5snTWJ736Dy0V^#}Tg~vcT0BB7%g&|)fyjK3
zS=srEjAd(oYbRhUNrSyEBmO>h#~*iOav@v){hf(R&m<wnmbvZpF;{XiOlLZLWkAN=
z09RnY_@1F}DV2Kt9_A6^(j)LyRJlzz$=VrN#~o`_0-t~t281jL^}@#}B6Px*2nwRa
z@8ZS27M=_Ig{Kh&Xw1!?B68=m<#M8U0x6-^gpjgZj1kfu!ZLh}Q+OCcuUJwAOk5#d
zaqQMoWJx#HjaGtIuwWwF*wDvx$R(r|zumKM=Sf8?{)M5lXj;Yf$@qWTw>5Cm#;LZj
zc;_8_QU1sHfJ{UM<u?=C)9PdmR|%W_!kVc+Zvh^{GqtLg1)>1V=zX%v<ZMB%0Pbx%
z{9bcc$XIv7pXUf+sj(rSC`Uu(7Nv*bj#xq!+GwW2b+LLn&4&Q1wNo>a9^K~7c#{gH
zd{)p2Q<wnWW`v{-?lGIo54JMKWT)j&Kl;Jm{b2pbWu>+{sBX+BWM{pR^2Huy({*a(
zCN^b7c=(b`Yxx(qL+VeoIg9SmqLkp(yJuvJ!$qnokSEZI!1>(M!xABfX=Pd+%aZ2{
zs-w+mOo6*>(yn+Y-a&JW+jMcmUW9|si`9OGIXueF<m_8Hr!3D>cL>j!mk76+PJX6V
z4rM9*Iw~wXa~`V5Ofd`=GgV)&cw;QWlKP;|E)R)(wOwhPH0g2yiGrE01x}%U`xx8Y
z;Y{l80DR#@qw(k^J^A7BrCrVkE!;0KYfyViEGc6-34wt656alf){7P1L6$p2WL#3;
zeQzNANdUk%+nB@DgQ{glY0T`w<I2T}Ktp2VI18PecV;<EBW+K9;M99^u4d=8m$~Zr
zr=K>(C8DQa5ENF~Q&++F&}(nUsXDJ7{9xM?^lji>ar@Cbzz%HV98z1+r*{EH*tmUK
zl8MSRY)v}5!FqzT(0MY<+bJFaUGO1wDqmWw+&)fH*R@gdds}axCTF?4w1#?RHO-&#
zXws9v8(j|rId%>2|1q}qNy}&yH|eovIZmJQWBq(e9Ss`^^zw3r@k#u{Q)W5pKymt>
zwyI4`N&?05nuV`>mY*wXm>Z1G!G*4+8ypXy{k47F^k~sY0?}S}e(lTSpvA3jrX_cF
zRghdVnU3OZOoK@CiI0U;gj(Qln$8(Xg_^{%S6;enLaidxoS|xkEY6ONNSBWiRDm@-
z*=qU5+i9?Eg`%mtMB==e_=!OqM(dak8==A^-`o7+p8T6;&miw2#Qr#jOdu^E<n@wd
z$BC0Fl#BfXu~~<L(rs>_jCPN(=UFl`SOyY;oOn9X;UGHO4*#Wi;Y{tni?O_4pM0s~
zj5!d_R=vRc)cNF#(%>>{-};h-smNnjA~v>S&+4`5706RRi(Z;%DHXd-Nd_^-t))4|
z+F+(YEyi$PhBVNz{;uTX>El`A4@PfcDJRRs18IQrg4pMf1Aw?*-Y6G*<N#>qscWCY
zr*5~j%6SvjS@z4kWtQ)YMMNz(Y(?JRnE>3)*G>i3jMPKeU97aU0kTiIXEXh<pz>&~
zhJETptt%hT4!NGLfC_kSvG}#sBg#Iqn2`1K<S%*B3;H$P)G3E+fF@CF!d)bPO<*IE
zVnVKPRsDIalj{2%W0x(x+FJ}XMJEadQpgJ_Zc$Fmi0h7<?*pk%`?mR%y8N1w3<y@i
z`2Tv_CnXmV9qh^xMr%#bPyf&--BIdHbfs9~L0U>Vz~~)I>@Uux3LO{k>vs0(L5oC)
zB89czk6`?#>fC&aJbJ({iHLCVdH6!{lr3q<Y;*ho%)YE~2-L0zFesb4JC!GFZ2+UH
zm$jl4yfJVCefeq<yuY6ZCh3x$Lc}w~K-}{5mk2siRnH|qJ=U>39IYl2$acf)^3;V3
zB+EjLn{RXWCucQ0-!~`=OK!TLjB`4|K761&iHXwvYdG0FJLe1GW$$44YH;*!!JWsd
z3$DX_mt}+$hcxQVjUk=`Tsxy-TgIlI_wIAo<CwHtt&QRiv8<#)R}nQ}UV+B10!I^X
z<H-3TO5^5)rq4D{Sy1QSf_gS(^pCT4x8e`kr$PkAgd0~vnuM)53v5)#YF8FFf%n4=
z3ptNl0`K1Q7Ow>f*^a$UO||ZbPvJEB>U%41lv&%lsBf!UON|ci@Bh*Qn1z+Kob_f0
z{#7xpceg5vggOKO^_f}IyPB%h%56J%NTe@ATRs2|3r91#W9d+`{RE5>ZXln_72DBZ
zfRmN%7UW4`Yp1+kZx?F}F`ULTk$5h)iOWez$t7!_u+NqB_&mp{LQ1Xi1wj@!zo~?%
z>+xV*qkfjrIYhx@O|qb;YLB~ti{f-!F2AJ*69dcJ3R=tZF+0-?i$6N@riu-#uD_64
zj)mD~FyigxD#T8^tK<h@$N7P7%eA{!pfBX;VlvB=khQ`E`RWeby!`x5yS#NQ_Iaxu
z;&tHpRviy5@hA&eApgErevA9a8#qSrl>)P;RSN|o<T!v`J~4;H9-A}(U?MTaI>OmN
z+n>U?DkJ^g7fv!EPcsL-zhraB!;O(`KWy1FAQc$QBL3<5i3pb+1|JH5<UIS-4Yj)_
zQ^?KxQVY~(n43f&tqb@V*YH)P5WqL|8aq8=9>_LMb|1YjbKtid)F|$<<E%Wjz0@$X
zXqvx@y(jD-cD?db?ASy8t7hP<35_nVh)!6zen?2j(_wp`W!!27o$(LmHI6A+;y#0R
zFB!6L@h(Ntf`kKs{$V*@O{wb(PhijIOzq{D+&Etd1Jw)NSKKj2jw;ZF(*??V0XeAv
zPR_A>z%mD6CY5v#@LZQ6Ms;A<<Y>-MEqQ{$OEy&JJKGwQZf{pBFB#$>(toflp6kLY
zNin-JU4+5BzBo+eBLz=Ac>EA(h|PTa1S-{lsnwE3$U(h7e^&t#|0l7oJQs`s<$_?~
zSf6PphzdbeFOeFAGwg`xX$#idhu5O%&$RjYX)wU!Wu*`pGKQwfyfElUxsZKr5SEw|
zeAbhXqsS){wQ#SMsj2$sLzg4r2Np-*yBWO0cZIUy*<-rZ#%e&J*`&%CQyyIbD0qU!
zUiWc*bBkZ=bp9ltnAI(?U3bSSc@BjBEG@;mfZG^xNq_en1VzqS^7X4&oiV8`nlM3O
zUOsC1lm`juIJC@soLfLLsS}wC6AF1f_d3i5Q7Kit(Xf@gk`@3&Is1pk3c3MNWWOU#
zb!#1!x}pSz7HwyJhb%0zpYw8t`ib+3hFsMS)zTjlUoTh_HhynyWpfzfRzaBR@r-mO
z0{ll6|B5xmj|Z1h4GdOVyiJCMX(Tb9Vh{0(MEpV-f892OVZXah)eejT&|m+mUj@6F
z^5IzLRurYe-4WNqplDbp<bjlz8cPg=K2~gXYQc4`p>mlDM2^c5+(;zz&3Qq7=s|X>
z``ZUL86K=x7Z&qJUB^xH9g<ad%-l*FFb8=aIB8>BYE#Dn0=3t+qpKQG6T|E%r~7+O
z3%5VurAo?EOvdCgIPS)+A#-RxJv1{MZ&>M!$+Ar#0FiNt`zGc}66WG9a=^Mj>3qyQ
zY3Glkd>C?3Q3Yd^<mE+%hui##l#U9$nEj#X<n#r2<C^)s-bo<nxl!YLeT!q8Q)MA+
z@fj|VPrO=Bk%dkK(Z%x4C3vslvgCaIV+wmv6}iTW?QDFb+0Ug!U>)NumCP?No7ikW
zcv4R^?mzZuNX#^sQ~`IaMs|#UH4yzE^}GSDo=+SwjfBYcXd6&RHPDR}Oa}oKoiOT<
z4Hu@Ze3QTj<QgiFS~x>krA~mgzq3313z13=zoAG+yQVSg)>@;TWPV7w-cB+CrZ|S@
z>dy|b6D$N&W;GvKsN~)Qn#2)tfm(m$<dz}6!^M@m+i>#>(md|ZvJ7(5_7(s~no%sy
z*I>8yHfsTB@^4I~opy%Ml*6nRFx%X#+ZPW#51v#5Z#zvmJUFNq!QpE2CGDO2uoxca
zi&xzVi;^1WhOH`Djt=&bdX38z@T&ju<F{cGEtj{#&yc-KZt)%-&M$vPu7JKG4IWQf
zRCvW-Y14(v|Lo-+gqln+*bGfAC#uG690TpE(a%*rUNQ3@*p9vIzN2DS$rHZ1EHp%^
z!TRholIcxnL!Bkc<4SduB>S(+x6nAhisG8M-816)Ubl{7lA(s#c||?;aAXA1vz&^8
z@-&L+l-KxzGE+KaHkuX@KfSRMYqNiT|I>C>T%m5-kub?W41a)@?X+2ZEFJ&1+J^%o
zq00*mDr;S0AJl1Pl}FC6gGV-pk2D{seVwZ(YE!?+%TJQrj8cZSZx9NLWPihu)sOQ5
z1J#E4x&<EI+4r=ZY0vcAotL4KyNd(NgI&F}+z&g=Xz)4So^j>o^FR2rxp_-!uF@{n
z)JGd4IFbC}>2x6cbd>4f8lcp^qO=Le=-bD8+&fJ|Pv7|kP1mCa^LY_Q%Vpx_&umI_
zfG&2^Z+BA+V&oH5uO5$%%fA=;kF*gua&d?!Y^1J4T{e&GupVxM&e@jkymMLAE5AIp
zd9bkknU<uM<~nwl&9aeZ3X{b*<xF13)%8xi;{;uk%O7)Gqxirqw#|MK#lna;@`#qx
zRob=dA@rSJN0z8I+jz_NK4Kzz?-!(!h!+eG%9CDxxqHpl2wL3?Yz@Bjulp|ZWF8?;
zZ1Ft!d}>b2DlDAfa%-}tFMr*(F1?dNyfbZy{8^${b@;PTW8PTW4#>vOrwsE=N0Uwo
zchPuW|G7Ctki|A45s&h?2FF8JB_J;#Hc@gI+*r?ri-*A{Rz3+UTx1G&3d}hGs0V71
z;Jb>?ku>Q6!)w=Z8}olT`cgl;vGKz6DDsw|4|=U~<P(5g{9|1}FW?O5UK_rEWLdUR
zdfom<-2q91<~4LHKhldYpXMA*rnCUO>!Pu#-XKRDHE^_gJyNn^_u$lFcCTPB)_ax}
z?S-EK1C#fUAnY04`HaZ!ri*5K-A*r1E{y-v_6}Wxi-B*~J0~*~6a(FmCB);u+f-8;
zvPC7OvxI^elNpMC2+7{ri#?IfVA3m4M`f_o<Nst`LOS=afdvkRzDD?E*R&nah3u?8
z-(ZO2<2mbs35_GzyCoq9j5>Ll)g!6ks3#%+V57W%lGUm`taYa`W0+^20~cJzCfMb7
zgk209$eC}5qlTitWH-%E)iSlj(muKDYZk5Y_YP9}y>bz5jO9uvtBd~V2GV7|)878e
z`24x&q&Hok$bL}50t*nW$Z9REr#BWEc}D5=Ww0k_n`K$bp^w3_cPSrovHl%!Hcqn?
z#b}bpQhUc6YrA8I^VM8BV<;lV+Y(4(A?SCom|Zt{2<YAhqjULG$6`4B{WJO9wx(cA
z7=dPB8!TK53`Mx}kx=sG1RbT5BN2h9z>w9taG3H!>x9c0Aj2?!igm4kSXbOAni>@*
zZZNqn<#{DaU99E8owjY0hM-cG7<t|pi0O+*lQOkMm<P?&p*oUG=lWKPaZ`TSa>DcV
z_dC-bC+6#A5O-21Qm)_nj<G;G3g}M{F#C~2#1$bAGIHDvGgshIFlY3<yRi3fV&R5Q
z3Zz27`{DM@tw_1b^V%wJTQL^HWpCMy;`Hx<v=!$W&Y`0ZipdeYT)@PUhS_1>{i6Wj
zb*Uh-QG76Y9=4#os69~K6qu269h?NmH1%f=Nc6u8^TOX3bZvER+C2r*)6#BrtE&R;
zjynPdjLCdFAiBl-!1#=50>OH+1@G>9U@sBxhcv{>Cwh<@g#d!9@PBO02G|<sUd64J
ziLBbP+Wf79{OKt*0awNQ=I9Rt8EJwa?@<~xVa>4oRFTV=l;T6X%D21LLY3{sUh@50
z0^}0>Q7UL-DH#)^o&Nf?J9Jt!##B|^R2^A4f~++<I}}x%-_YRJkYX|1FT|AGTu|I3
z1SKE#Rt2^7Pnq_wxAhFdh^6Ehtb8KGLcb6gQgb;Yo>b7jWFe5nLxYLPDMh*Njwi}K
ze<C6CzFig67tf%Fw<Hg@T8nxS15|qDU>Jf4Mv_Z(S=AT*{x*KsATEhc7(H{P9VE~j
z4g{~zqEvvZUYkz;nX@&AN0M~JlC(5BYxWMANW~8_GTV=m(?#5W(~t%upK4N`S&di>
zHq3bmNS}43bi%U7o7(;+)mtIrmXT?+7mgH9Uur-r`$!K`G+qbxRoxhr(%q)L7Y2{Q
z>wC)$%q#vD1FKKI0tO(oZoAStOYjv6b_;e_zHNK+Qk0TPWYvvJ2_b0d(90?pl5zhu
zr{aMxz({8Xa9b-`cE+%<I}r*AB6uMm;mXHZ(odOUejv*&ESK=qbUW?~J$sh=n0Sjn
z`^uW0A|yOkTsBu3)ue9<l7D}2V?;}n&0KI)`K<5Oc{2U_pvBXs*PlJ7Kc&qGb6Oqu
z$2C$jonr6|S-Gmw=9ZL_*{M~J2ndNj61UnqZ*5msI6=WMF1j~+Y0Z@q4)+FBL_8-w
zD7-axzpdQEfOY1Lxtew{M6P>nxi9H+7`}Zw^i-)>vUB|q{#rXN2*AHn!wF;IVaXQ?
zU^FQ9ftd}&<gCy7R}Q;dOA+@Hb-!*HzjXsyJs#d#yPwTt+3U1f-B+Ezo=A<a)brfL
zSu-Hct{ryx%@HK$tqcso!XJ;vp&Fd|qA2n?5cxmmdiGoTyvd=#obFla6X~8=?B=iX
z?>9_FzXN>kiXavC!?ERDJ(w4POejWvdudr%@jZ-m6a;$SwemJT2@~g~6AP>V0($`&
zV}tjvBdo1UXbhoNnjtGGM!_sGpnaCNY5nHK^yL!7gid#b7!aK0H2i6B3@VO*h?GnA
zug!<@1k0D8h48&d8gWA=L``|ilgtm2#nu(}I_im^LMDE<08umlMzXQk`@0gph^+Dk
z1Y+-wBQI%?jKja%N;S71hhJNHi2F1lkNcy<fB9D`b}R|UK0Hk$RV_WTi>JP`8PYSJ
z@R5e;I}_@TZ^ck2oWF58sRocVA9bI<5j{?)%@AWOH9;ASv&h_%xog=D#WF0k#&+Vf
zeg?!4=lkvW59`C#KfvG2*@R435h^4CYU27@lzF?eaBI0>$6}b6PBbho(VWY>=FY}L
zH3}dpo>5yVy*b}d`*#-=<=#?T$L?0ja<~e#y-q~GD6CUW?5T<`@423ESWPG9!kjIU
zbqKzf4!#XhIgO_oqpOPkD4BY6Y}lQeQFF%m@IOw!wNlFu3sXHr4Ssdn)K;2o-jMCm
z{95V{tu||cNEX>2E3z_SHF%eU>;0WP9CkEt3+3R4ogGjbb!fZS9U`4#9#Z-{999a6
zSJoc_4}L0XLO<N=hzA&*O)eqn@-!I`hC8wbT!C?4x7sh9Rsg74*3v7W${_rQme;z`
z@`|)C;?<?|*5z-FHxzf;tWt91{pb%dZpYRFs<UWV2hKu%K?5N4eIr_hpp;5md)nma
zeFoz-r$KsQa<PsaY+;}kU9HhA{eASKJ8H@41Ocup)7-<V%}<EVIyAyM@x+y6_$uec
z)olS;@ysUC9d#{Z?Q$>yZUXExL=dEd=R;$reWwcA9uzTi-`iLDCyi}JI|tq-@l`w=
zolm$ec<S|+N|r16d#2n4sdpaV?Si}Z?6U74Pa_`$VEOBu-nyyMWd{6+;8Kvi(7vma
zq8kIt#6>GU6?1AX%1oi6Tt!5_K3z9Ne^0T%ty%RB2^hBjNNZE;`v#fR<*WIJ`qS>z
zlaLFkU7xddfpBWsx(&A|_b*cdfbe%%`VXL++0D#qNG4}JBUeNZkXT2i=u$6;BI!}{
z`qyaikhp_yg{l*+@w;&aE6}T}jrlvVUkJCWk};xGj5qqa$2j}K6%y_l#DqCaxbtLv
z@2r3iiQnAl2<gB1ht7Y3j?(vE1`e_kZ$`AslP;q9%kX99Ctg_XM-JQ@jP!P8nU_C2
zQG-Uu6i-s%kb>2KQUk18!w~~{bQoJgbG~QU1t_h&uRMT;pLa8lAG=m{2YBzQkES={
zi%W7n8>d;t`&^MAy^1RU%hSeByp0nUb&QCaSITTvdsG>k`l+5?YH8{fzQ>dicRZq?
z!|Z|#x3MxH%v7U@XtlUwy-fg@Tvr~Kk~oSbZ;{FJzBPd%1@;qQHGW(@!!RhN=;mmN
z=e6P!M2+Lfd!P;{v?eMQ<Z9t7>-38720N?1Fx-GZiK`HSVW)ISMrYj@Lf@snq3<My
z?~yWrTAy`2IZBhh+I!`y9u6Z|Q=H<80`GR6{*Ye7q=BJSAd?ih?uK~j^Q{yUD1jm+
zIK?WAfUDQgRcp#8p!`f=|1z_)yF*C8fW=ucAW%E>+j=g@gXeO|Tx{I2$Qg+5fF|vS
zz#`jQV64!&_Xc|BD(fjkvHZ+-n+1NB<*NMS>VselxjZgs^~IGhc0yYwsv!w$Soc-t
z8zKhcd@vw9_uQ4YzX3$gGDy8A^LK3;a4Q%7ZtHd#Q(Hfq%Qky_G}yrdkiIlf?SZ~%
zgvH#z-okh$cH}Rm=_0+@GpK2WU7v?M%V@|MhXESE4qhe_f(&@EQTYqItk6H-_H4U}
zgbaI+$~~p+1!}$4EYuS2+YEf1>Yb=LBf|kinE!Mm(0(vfNIVwKcOEE>Gyl_L>~Ru2
ziYIxoRhg&Zb_|e8Zr;dg7=F@eVCYLKT1tb{9pR<}ZMHd%4gz)*m%25N_jf>Yp=tg-
zA7|DR<|*l^5rn~pPM`w(b%rOE6!u4<CljzZKAEaNPq?g(!_BkX<|x~7aBx3_`3Ju8
z!iU|7rNFHZk7k$UBGug>9lIThzIyiRcT*H|J0>i-0r8x{q8uU1U{#^;Lx@WbBA7rY
zx+pMQ{^z54u{y%pYDG5U9l!vpKU>eiyC2IqSr9_$Zrk#~T%Mv~DC{JW8p8p^*v`!1
zpRRMWCyaLDug*0g1caFH`)XuIf11KPtMo`i%Wo{n8S_JIpC1);WJa#|cj;_ba^G|Q
z!PHNWbDUS{`=~@<@Lq@vD3xY<|NEm6F#)mE2EbPPFi)P*?2g~o7WPXo{c;+l(mcOK
z!P@B_f_MwLCmDsnXfT?{MF78wM%HTEu7$PSF*uWNHLzH7eA?0+bD<>x5#n{<w3`Y2
zadWaYB{UK{5pLjblAN)+QU?icdr$$G&Hs$10H+IE9hxg}o@uGB+MV}`p#R9W%I4h8
zJk&|qHvE#lV8*;<ODwzM8?usTNqr$fFC<Em*M5LFt+(s{Y419NqS}_VVblRc85kHq
zkQ@aB$w|_T5{DoNNX{Zz1XMr;5r-@&NrK1$lqeY#K|qp3MHop2K*>SLl6*aSkJo!o
zsQd5Lt9Pwk)~;diwR@#rtGmCimos=D!Y)RAP~P0N4l$|T$Wj-1<umVLXG<_%s4vct
z<qoA@>mRWRQ>-7k(YTYyknpHjnB3IVD2>&&u%$kT_O?Eq6q2r|E-E2~CB1DQgNaly
z@-yLZ4=zYi^FA{j&)TYWin7I~0<tEQUYQwjfPA~guW7AN=)OOlT8|RbeU_$h-t$vE
zeB&d}pGhBWYD`#@<eIo=CK7~-wDM?VSw9$g|BCP!Z{I;;)~@^mnh&XexG$@<9OEBn
z6%NUY&IR>6OdYJ7WA;~&gViO(9Q^`w!rk||jF`bKGIFPA>GrPQ+-CRs<W}wfa-)L=
ziyB+pq^@j-ZX}|s_$aip=S|0|=H^^6yv$!%l+vHoZ?^iiB!``?^<%1xU+{@^aLtq-
zbK2G-BksxD9k`PHe6x{-h-iP)AZSxSxqi~mYR>+EgJ{q)Vl?9=i_?wGm9GbKX$LIj
zsq$p^$|!W+@U)(-GcrE<nPD2!)L=Au^HS<O%CyxCpwvl~>ogFU=Ol&f<aHqqYedC)
zyg&K;uEylfN_m;1b3v%?`MsXpVa%ph!Z&AY?v&ABiVL=jN{lg5U(Q<)k0qKC8Aifx
zor!1Wv5xwXE0;BSCiLBtB#g?8kypyH3(zsPF7VoDEsOY`v#O87zaTrNOV@y+!wAS2
zl@`)7o{d(N=k}x%{7R8mKd}%lc^303=*d?XJ%vI%!`b^MEbdr3@F-mNujRNZw?xyx
zb6;!VpnwVa2K_|UhsEtCrcdI$&L-(CwWUXt(Ea_N22G|<bzaUZl#@^xHhteDf!i30
zTfCxg@e20m-3p_64QM`R>D%I%W~Z(YQ|^bBHXMnB{-qUDBA==C{719I1eJaG4WTwB
zr@iE}Y~_}hLT@0y1o3AJUp=Oc>3mZm+GNu4tQ2EUNwuV5)|wJ|Wa75>TxtHGRm|0J
zY_u%b!%=WX&)p#f8W1E>pH@;BSN*Qw%ES2)sa!N$4zYE`K{xdIRX*r@DlvZb75Yun
z^@~caLHi_GIsu0~-YTRuzhhp#)TfANdYkG*5bjhBE6tC<Czu!g=`FFxOME1j`q#G@
zFroy*!>O0LFMJz*mm!!!{mibgm;bSr7b6$+B#F!^UsM+$tQ<OX3gf?MEv>}a!t28m
zh@34sph(|;wbe(7Xv}g!%vU1!wWm^Izm#q^35$Aebzr(3m!|jKZNmjvC$g87m}IJC
zeH<bk;B6VjIMfx611T#mZ)?J5<x?S4B*8CGHFuZJXM_-nM61C1d<hq=NYB=U6bbBm
znjkDQmM1o^PxZJauH~-hy}I=MlE!)1bnisIvD8y<?}M|~cA_uW0g#eRBwWZ`&>0L)
znN^P#MIbd{D;<uWS;%ch>|S+D2^Gf%dd?$a`PCkL_)^xXQ5ALg*jF6tGEfX39Cbn{
za3u{X#wAzydRmIaXgo{ts@KST+&(mSX|hrlzVoqjZSpL9N0tZ1IYI?K#+n_9#FCts
zpTgL~U)p7}KfjY`Mai;gYezS1quZ;cfo5RTZIExaD?A{0lEq-_ntuNafGreL<h(`&
zSbg_;hH*n#oCc@>BusgR!|AF)71!<-h(JRI<I&kgCRz_nc7p!auf@Hj!lpHS-*xT=
z!skvk11zgDJO;Y`qHp#jIdmED1oym)W7NZv6h7i~2QX=ZxJk0|{~{{^8;x{3DsC14
z4*~DGc2G|xlmIP7sLe5k%Dsf2gA}=b5ehh)!?T%LM{ZriqC(hdFPfZFMUhBdC?jza
zJc?uvQ9Xp0u4Modkq!EQ8pr;$y63_kuua%?Gj_RYQ1Y>ZpzOPH?O|jqlL)@MV&SD*
zFeKQ2h#gcBf44yKdu{YTxMZ{8u+XSj%icV&an8ce%4sq1QcMm(G3dM4A)i<DUeiJY
zLT$*O3W{eCV7P@K^X`(icv|o-QXgJYB#nX}Vx!)fpL?<kS`Qe#0Tr3SXcP#F3NR=E
zcf@^CqXwwMOR72SyHMZ7=Byvo&@yEGUK{?;<vq99NzhF8!gHq)SXMF8K+{qCKi>(x
z?$kK^1?D1D|M6*h*@3C)X_e#@XyZ>bifCz%`^|ToFBpxsWVN!mGn`y&D{vu7KY20G
z94=(@Xi6QC&gDMQBGN{TDvlEw6^Pb6G1xDBZVMP8-oqbJ)AX;MJG9mXnNGyxRjT*w
ze81|lx~(FS;~!X78bO;Yx2xZoSYTdlJ*ls5icQNwiiMvowLRuoWR%C=3Be*ln{YBV
z8jgk={3^;L5Vzd1IKtM6H^8PXkS#4Q_Y-t~%lFc(+SqCESn0#k3n2}QYUfl#hTEY9
z5y(4%iu|$O>}Ov;v=6&v&UZI2RHA#b)a#y{{gs?IavmW|cMne#l$h~MxtuY%r^Pbp
z;Pu5hW2@JD)VOUewXEEykI)od7Lop8rYl9>22-Vd#!SvW1gq?fP2)!{EiD=46}%c~
zil_(<M$vlUNyz))Vb0LB@(1hd0!hm%$%#1xfUevs!=`tRgkT$aTVs_Y<2e;>OL*Vb
z$EKY_Hdx1La(0Ai3>|%%m92m8Yocba>6E&Bw79I_#>G=jhwqN}+fa-Wdvvln@*_Ri
z78);&ajm?)prp+_U%Yp^EV9Uj$V%~fs<PjU&U?H5()3h~t(MCuf732gXthJ0QZO*_
zCk?<p{du`6eQ3LPYGv-A|H@i=hJ1;D<8LQg7_}uezml<rit+d-_4T__QtFMhUft7U
zgGO}TQ*hh&q_d9@S41>oD@Y?%(eWSZgK!P`<I*RC8DMap?dDfUP+DUco#*rMpa$F}
zPvkv#z!P>zH52_iKLG%HKQ2NlJTbwLd$SIv8$)vRx%~<-vFpu5L)eF<vg7_yGO2t;
z1WAAGFwmkS&E!`t7ixuBVe$>(KnFzLJ{R)46!0uo5uQNk^xD3HSI`lf`}XhtUMT1P
zlR~q{e!ID2$02Jqtdjo!^QQQ}SbYeI+m_g8YZBMH?Ki8f)!PLaqKwVz+rtdnABx>N
zMgk-pD292JtgrFU35{jl1!J83S`K#@w+^|kZF5n0{@awI+nC}p!vtQvd&0i%-t}=>
z%XvlkR@GOMEyD6JM=B|JbUB%LdcT{+zt6~PFe8y^IWN-502K3eV!YJ9Ox^`ka5{!P
zMg<j?D42|{FpT4IKA&VL#=<O2vPsB%-oi>hnsEk}&7T*FB<D_jabvLnfNHzBsP^AY
zajfb#ys&B~Z3#5wt51(QiZ-jE`6xb<Prx3fG7M((-^hYR8{aDyui`gEClcrS-)o@x
z*5A>0?jwDD`R~3CItj<|dgpUewcIgk>8eur9Ik(g$xgKso<J!Y+{V#7yr3I2Ba$Cs
zAMe`%zR+3k^tcwijEO<(J{FRu;kxs8nugyPovq#A+!$U7gkRU@uCEYvZi>9O8iwCE
zqWd2gVt`g_uqnR~3M_5azMi5~Gc7yPmN@@ibonVv366{d412>z=4D}+qi5Ko3&+On
zSHEqm_g%(WJayXl@`_AKIf~=NeyQL=7g?zSCjX&H`o*Yt5F4WQe=}ZObsNGGJMPg}
z=u+Bm;Mcsz^oX0g?j>M{X676{e4Wkfxx-hIV_PPoMZyyMS2vCcz3!OQ7-n`%r^b2D
z4%mSMGNsX4#CIzDfpd3;+SbCisoY1-;KPz|84&XYgosOff(XvyfeCY=eFq~6+9JQw
zXCvXienBHsFPK-y!om%*o``i-E#}FR0%gpy-t8pxQqnOyb+u*|oDHl9y0L%R_!%69
zjur!ep_a&eTk-^<S6`bsl-?2;;^FJ<Q4gG`@~s3n3ui5pH`3qMcZ{a?13lUIvQ<5I
z`K1*S5V(TRZn4RCWwSdY;-RQX6^~7>cSgQ!hA?$3?*gRa7{plkSwZ^R6{yodv0d90
zyX-n2Qu>Qo$n#4lc*gekoE%GdT(UIK@d1_H1q?7JI3l4O!eBDd!6I<z!#j_wBpll~
zAWSx6!eo5pDz7lY1c}V~>yBX#__ppCH7j@5<1`&b7UxU>1LPVQVF*;Q;)5;?OVnbT
z?f2B6Cb?W+R2sVtIM0*44`HgR@|)IhaM{Lok+CBg2BX$inhx>}`bpUca#*h<*{S)+
zjTd?QG!f_2OjbYDnK`D@;X0G0Z8YMAyiTKMXJ;kZ%qv_|{DF$-J<>qN!@I;2$|}Km
z`-M`z%--`>lhf0lbD~DU4Wk}!Fv{(~IhYODcepSsD=Vofi0j3tw)m7P%I5w03mc36
z-?EOAM-4NbjZ)Z(rN9VP7Jc#O6ENKC+XF0$6TGX{e_Qj#>fDvBf>N5pCnOq@dt1UI
zD+N<h3vs7LiE<;s%c_sD(OK&W@@2xV2RqgJV&CPtNY4z0d!*8+BU3|7G-Xn}0t_BR
zg$<TJXYln^X(b^@W6edev7M*8%xh$=w1qS)6W9stNPdT-?+0SJ&*>tRIFdRBpugQb
z$2+U9VA%Ot@wUepWUp*idU<=l;|!hYD|%iiA$@5fL-xwj#4B%Tpuunk(d0%l<>!z;
z$n0qhG@<k=ErKdfiInkryeY620=x=+z&e|K=R5E9?R}}^?cA^rBIkN|eTQ#gNa;a>
zg_W)v#l1WX&N^w&nN;7oqVjSH$+<Ma28t%l6rR+J^<|hP5s#6Eq$!arO=k=Z9bn>n
z6Zw`jh8JNB5)Uv*St5^&Hb?om=t&s@_y^SCNrOMpaREoK;QOnl*PZ*rgWgK=SaD3d
z&5lvkQT5oyQm?J{R+oRZl=1O?vlJNoBw4DPh%RAB@h}k)buDRXp0!@}aKf)k6qUSX
zWMp&=YXL_{xxL{)!4jq48t}tcdg_BT9&J2uJHO0RdU-|rAh!$fT$$T+P}=3pFZwK=
zY5!ornknpYU{iLERv3!EK;+!??d=2}{t=h)NBafBv4Wujrj;+NmuN&0MeI}vDwgBh
zYc?iD);DO_sVH}8L|6N+G8UbnVku;;>)wr_#U2#E7cSIt?bY35wX<l?&VbqiCBK-H
zEdD)@i~Rr>DwNd%*>gtMYYiMmn<DUXY)vgOTpG!R#pinYSD9x&OV5&ET3Ps%sip{F
zWs~VQk9>$+w|TU^g`}1u8Z}<-v!R%>Vz^!yxZ`?@=L&GsCo|)nS7!Qyd4qgkrONvb
zJwx3nv>uj2#Q=uL&L>qDcDBP0)zM_lYGpt7*l@$n`uWpXGH>_mc(1CjT!b6+b-cYF
z-8tRIl!*mPc4n5{X_m%y`w%kBx{z?JDWR<5qQtW;IPc(%bLSnAXc(WEMd*MVc4UX%
zQ<oUXzFw*Da+K|!mDPxoep6HBvzJa_Z0IbwcwMGf9RU6EO}Y6_Q7Xhut)e<LjG81#
zY~Cw<@kO47>pqzw;O!USyEuFm(ubt9C_-v5zqP`R{Z3@$>By1iRr58|0@%Y>H$5C0
z12U1{#^@V%Bck5DGv^7lR0=#B&=Sx~=0!LZXh*KBS;MRR9#R&OFblH7yQiax#M82H
zrig6h{PiyP-@c9|xg{sm(W4w{HWxHDAbUv)?LHA5!pXpw_2W0vTjB&whNLh8Mj!GN
z)()c(hV1KUUD^s;Jt6!?zp<9G-ucXsS7;f{d#v=CFt|J7o?XWLZY)p*+~qEuuXH=K
znw7U<y(YjYPN~Vma(71o4^QU?9!=J8%P%0K=(xQn&*gIK)7>(M@crQuC44kZai-|H
zPj=mByHYJ;+>4aGnU-h81r#G~fwI6xk!YV4{$*y{*kk%^NPpIDhK<Q<ZkWq^BWVL)
z9;39f#R18MrXrWG<dM%<&>afHt6Oq7!BETl0aX-rS|}QKmOAp?!@GUp?2JndA!sBE
zbQ;pFdO2?6fbM-ju9}$uI>f`-ayfuEP?plzDX@=~K)$g$@8h!P^r5eTxT_*K_vih<
zA9cbMaS*0G07JC_Y9od9JglnHU-mjt51hzjD>=Yragl7jVStN%w-=R-)HrJ#+17A@
z%DqySQUj^&my+HnT01`K1Hhd7<1+sgZ9dy^=7}(iBf>xX#Q^)~NB5Qonzp2S*{D=v
z$V3GMPPeP~4M8HC*E5g%*fCXAd1XSrC+9>P5NtG>+^1Mo8?1>vR3(x2U7Z#k1NUks
zOWeFs9Gr(PE?0`MpBIjM64c*#xFpyA`aW%(=A`o%NScsPy3e6mFjhj=Uj&m^RwzdF
zm8j`0X$r6jeMh7O?DlXb3noVL-NomRZ+zGeR0Zg0o+`Iyg5~_v#YmbIDirVTJ<2%Y
zTH2cuY7Yi2s<#oL5XFmBnz;xF;p9Hl9YsZ}aHLpe=f?`#o<n)sQ?#KX8ApWB_;ng1
zSBh;`U;+J^8id`ca5xeXaGGJEK_pc$g|4FU6pchducxbM!y~exGIiA1-qnuHnGWTX
z*V@7wlMl5gDP+u&ki?#jmUYjK%h7cV9Kn;bsatQW)f^m;o!{~5y2uBK3mp^p35Q+H
z#4XTluKNmjD^o2Ql!x{UD7b6X@$dH79Ssr7kC1-M)0OAh*ABO2JJoC~DJpJSG0<{w
z?;#|Ek{miHnUsP<pmL1$Gu0_u)__b~4Cf=ZKUXTCSAtOi-?r_dC`_N&o*Uwh_>x!l
zq68ASJ%5s32%B~`mG<r1H6=t|0Rj_=Wm5Rw=iAXTE8uO5HeV{gkmKOOA<uIK9rsF0
z#6&{e)#k4Hq4r80G+QUcrHW)AGsL*SQ9@?j`$ZheI`k<VcZ3&H60VI14jkOSj6Bmi
zeg|Zg^_eS$ozKkWr%|k4LW$=Hn7~^lq~l@20m_IJI*z#AxIA7^HFsX<#2vrklOnj_
zm7BQqmX`~L^FK|5A2%o}DK9pRwynNR`_xF0$r)9W*|8|;ztUJ<YBo1JZd+{cpO~z%
zUrF~jUV?mtmx#v2OWVqqm^-FE&sZGJFL^wgt@A{WHx!|yQ$)vxZwWhEGZC0Vtq9#Q
zIWgg0Ail|Fj_h}$+FzK*+O*G_JdP(Ifx2M=X&t(MtW|jm&fA=I6Y?h8sm-wai=6u~
zTbYoDc8h?@MrEbWK~!)T^3EB6CZL}tOV$~@s8z{g>RyjoiC?ICzl9Gtt>Gj4?z9Fq
z&XpqRz^_IWI5!^B?aHLWZBMtFZ+w1GYBrUv$xmSWHYn;<?yjehb<9WjBXCx;+>_XZ
zkRGyutT_Q;>K~3@=RN<al{WrB{L&Kw4U)fsNlA{Cir;IuNG344$_v+O$q`l~kS@tf
zM4NtJJp~<8#&)J<rt&p|;%=&gnL6%dpZ9Y&=sbcfM&q9$LsTCryVBYhNOUBS=%sq3
zoj%ro?0{<xH8a0%29~uq{1^8MxKC<7bLueaW&n*#PZN7<;Y+AGTB%R*CF>`_Y$ra*
z4mKw`bgFQsmVCDlqp1x+P}!{EW}47xW~S?w*9P~$U%V<H8#qd(5m+u2d69wXx;XiJ
z+U+D6<iXMu{Db`J>bDV5$Jde-{O~MDOh-q@o8}%16RV9Gx2H=gNrlR30ThYuYvF7B
z02K`RctS@r+TDoj4>lzX7z6b*bb8CTO(8qCM_qe#^BWdghAOunMG+sT<?(;wxTad{
z`c{S`n4Bm?kgx0_o#inndTcSASym!uCuoJ6f7~2_R?x{rfYHq)GYZJ+ZtodqVhh$&
zmg`f}>|ASKVw+@8EbKLDj-5GV^X3!<rq{dORQ<y~`(_u2E%uI&_~qOQ*&!s;zzYE4
zs1jAk3{_I%(Dmfm=ozeBEbH32?3<im*n-{mZw@VzPb-$17l`LO47%r5GCPVZ90j^>
zw+=YHf8g9)bSOvN!KwX9mB3_i+fuxN{YwpMQH&q06{qolJNtF-eDWa*<8f{k_csLv
zLYR{X!;}yj9!3uXDz$WeFqfkLXfA<cOrMWri)SjTc;CIcA!C<x(5^sI(&Iuq;G$DH
zlH8NhRr&U2Nz5he@W8>jZYipPc1UaF7lU*_pw_?os}dnC!e*YajLn<ZOXibpus+O|
zxZGUCMoV;EsgQFlksYC1ZO^1@8oB-~mr$Ee3IO?Bh5!C-rvyqZ=T5B-r1a^sa{(9_
zGuHt%37*Iqskoxo@vfC!pcTg|E6XC=8_|w=lD_Ay>Khpz3;NvUuMU>Uw;)9i<_bvm
z)W3QHf7BTy>@@EjSmCHic`{KY#TmrT#;wMEls5#^*0>8mOlSt!er1Ab(NFDpnuDKR
zm<n71!*i5>(Pi}fx`?)0kb$HdXPc{pWQYzoR#rNdyW}eH))9tSv)&)}-#>;}usS+h
zFIgs^oJ3+Ay73p%!lw-`TRCl(f>Wbv=N~;A-{%1MZeq>*7!?FTMAsdEAtwa(GBM>%
z+Tc2`JOpq2o8#k$P!L3#ypjLqHF#0y_WoC-|F+VftEvBJEaAPG#UHJvmsOM*`TP6F
zre@-EiAdJa<i|Y@f}`AhEm^v>9_ud>+#<{esEeF&;Ww2a)R>@gKLDobuh;%P0jar$
zvwo|Ni=upsa&ElAX~%JC9}(S&;o=hFgAe0g#i??tzuTS_0}39ZtSvEU*?#o2^b=iz
zQf}zKltid4<hs>iFPMT)oZoo9!X)O7nut<lk1o9^XD;FnldBT_kBH#Uh{VqudV5mP
zv(oav5B!Jike%mHbBXO-&cAiRkG_TY7nSIH>Y}_$arp^s&6h7<F0Pq3Y`=E?tTnCZ
zVM^>Tp6s7tsx&mBn0B??!UNVN;atjpIH-Si(2pDXaB%F_At!zR?9Tx?B+LT;(OkUx
zpMAhm7<}e?IWp!U0{yGm{^LG}MC;6XnkU2er$yJnQpON|tLC5P=}$Wqc7N(na?V2W
zRK_36g<tlP01Cp&>*jy*S%@iuPyI(0gI`MgS?&K;_}5nX-|XRU3UA)t9zEislCcB+
Nsp0V00%gm<{{aHpFWvwE

literal 0
HcmV?d00001

diff --git a/cloud-operations/quota-monitoring/explorer.png b/cloud-operations/quota-monitoring/explorer.png
new file mode 100644
index 0000000000000000000000000000000000000000..80f50254146dcfca7970879cd704e76a114f388b
GIT binary patch
literal 52935
zcmd?Rc{r5+`!-&p#Jf<W$Wl@vlq@k>QkF2bAz20$Wr$=MB5NrTNlB5NVaSr5u|$P7
zVywfU#Xgp@W__;Pcz-_c&-eHI@q3=<_dAZ~c%FYc#LRua?$>f%=XIXvbwAM8)!4zp
z!?J19rXA-s&lzsov<1Iu6N4i2R`?BGZS>iuO@f=wpF3mZX-T7QuV}xry7o(twC7$h
zOPo>a@n<2=IejCAQ!m%0ZZ-Y*Y;Tn2IUEaD+VPLN=Zl}(CmU&+9^|xVxg;v2<-Mrf
z+u>JLveZKzlb>H)smiHOxvwzqQI<0_t0+I2Ghlvos4)&Du4`K6lE%fw^&WM%iCtyW
zW=2EyhPuA2ER)<~`?gHeKfedEbzVq`v`UnnZM(O12hX9?3uC#}#f)pQ54^%AtJiv0
z=Sr%(W=6<Yd{>8**Seg_2KJ!-{Cwj0{oMoEtDpCdwPi)e-K^Uui)%R)d*aGH#pS8D
zdwj)LRs&fj@|>vUT~@2VxxIhA=cX#US$LkGducaI>&Q)L%P@GGQ}J8NgPL#q$!uwE
zoa(b}=YBhJ^Wws;f@|H=P0BZfG{OtVyGy#|hhAQJq&WB7IM<TO=lwxAy0hzAg5!_+
zM<pe_UZ42AhLbLjGv|)os9w36ZC+9wZRzy^-{<4uVUaIe?(u4g*w=awKThe=Q(mzV
z@Lfovx;80Jv<uvx3Q%0=zcbh5w|es1Np@fV`1cC#qp5B?w+Z=gVqiXWME{<3^nOl_
z1Mt6*UCf4gOM|gDbZUg!B6adu*?jwam$I>5BWX#38OmZ6==jsOqOG}a#d}y(SaXlP
zZ18gG%74%FiQCe%W{%<@X<mH&#g4tl-)v>$w>XwDdWwlK6z|>mOwwv1FgB1F*q&*e
zb$xAR-XqCky!3mB*!7Q3MNZtIHYu-NAByvcul!ZVo3s6~d&srjlfLEck;2-vcJmuW
zj@`vw83rjd|1CS6=k?=mRQyuseuxoaDci>HX)T)We2jrv&|f8zfsu45>C|7F8QC?X
zRU!hZeyh_0-4(Z7Ke`dOqWJoX989?VE1Z9<$h*vlpH5YaA2OEiay>XkeB82=PvPSG
z5U#V1?F~d#^PkMA>T|lMf1TrA<z$cv%=o>!G}$fm==5bT-C`%IeUzwi2rsSumFbVh
zIC<Brt=8O4hkI8lwz^IBQdg($E0;QtMoqnWp*1v7-0f5h)0gJLQh#uLszp@tw0C8G
zWg|b03FDQc<W{eat`4}@hw}-?@Ed3Bj9E?bTglN+3N$7fzF+zHZl+LmHmSFZ3)Y0p
zS!Lz>N7%MsbqAj1vLmJNH4&2@qpDMwIP8NyqeDJs^6KI@RZO;7QBPkJ%vTX=qV#Qy
ztfM`PV>5&Osf@q^!e#qW;>122w`AvgQo=-%Nc7r5y|Trd{Zcl;e7C1+CfcohW}|pN
zkb|#?+QKe$KJY9MwufMZ@8&@4B6@l>B!;2LiK@_@cj;_mphdE-eg?TZd9rLM-f4xE
zDd0K_qe$m1%!=Wx_*3ij{!AHrGs*NfhB+4Uq(6hP)Ti%1NsvCHZ7mAz9<y3L7Q)BM
zI_8J-q0Gi9MO5avkkwykhq0M!Xwz06QhL1CM*=!_kE<x55yLl8z2@uDXB3F7SRzhJ
zSI&M9l`Nhe>*$8FJJH@YGTBt-Iz;&-S$+NN{her{L!}5oB<@`eY=}(^=eM)dA}@=6
zzB6<7&T3J~Azp6ItD%_OB43r}!`q_7OmtUl8dVbSGMr(-A8b*U!0}xaP16sIqoh90
z`ZGP$U3&9}Mc(41-`bdZnbP90P?l){fz>PK<6g&;dmUF>G7N-B!^xqlr*kWQhbS%%
zr$`)%zcu(mLVtv^xUKvm??*e#v$s1@pR>EQg*!(GuP5dy4!K>gObdFX4Zr->Zy;|y
zel5=ZSs1?}#c?JXZ5AoMcwbsxe?4?b3900Ldg#!YYZfVx>S8&v|AN23DVJb@H|E>K
zJBguOveI#nBKHNn59KB`ORs!%Yp#=IdCqcsk#zD!vdsM$d#y7N|JWN|ZmN-REtV(c
z6WU*4NwU}GC0ltXE9ZNiybd!3=&&-L=oD!c=`oNx^0nH}&!H_dD$eDj$P3bg7h!y;
zcJ!qV&M!8hs@R2lQXk^$Z>~@22UeKU6479xqF_tXSEi(l?1bCDANWAjBg73G%~3t9
zP(LHi(t?G;j~3rNlh04d7Qg-Wj!n~#Q;dcj%$M_~Z$C#ze0&l~c^#8UG}$#XK}8kq
z#+))sai6DpB#<<u#-4N?6K1m5sRj?AB@$6=ogQ85rAA`2pZQVxBfLO)Wkiprbn&CE
z)_@z+{_Je+v|+1enY61lflP!ooPgWcGZO=)qo`avZ71>7>ha?4$a1&LdJRkI=0A%y
z7rSG|?!U8BBi|{MP0PqQN?i2XhRcqtJphxz!YJSQ!5DR7bW&u+C&kLFTJ6_;|8}O)
z*}oRks`ZL?pJ0LsRS`rn;CA3CHCgAM9G>uNN$^`O>)!dN$F)g(4|_iO6|GOrT*<-Q
z&T(5@Rx;o5S*d=bkif@#-i=v#6$x4f*e%YCOr({vc$>B6Mjo|G<N3U+?L_a&%-LTj
zn@&F&-Ze2@y*isKav$aBn<$`rl-Wj0aJWVSlVib++<Q}iAZw~jC!g!*6G_~!L~V}#
z9JU&Bs`yn`A$5To`9d{PD{cBfCk|ylUiVC^x$!E?`M3AkAkeB^(hC@#ddtSf)OLG2
zKE{_w{dPI5Rjn9%#yI5>Q75-m_XcUQ%3Ji|{!kSyh@nqQPwid5-)6>0_J)gj<VslL
z^Yc3e9N*HoDw{NfRK4aO5gg(n6}H0>(NFy9eG>`r>N<rNv?iyCW<{Ax%PaGJC33x<
zZ-cliC5P8mC)ZRjox_}Yd&k!1Ys*l1d|-fj%8b;-D39J-^_7AbB)=N_=qk<{E&UK!
z8&(Q6>2U6z!euO$k1mg9<(7|URXR|8=BW}o_SnGijt*n)%I6mx*k@GDnhrEq-rvD{
zRYSn1FwU*z{QL5S`vShs<QPK{Y`NRb+_U;tFaQ*;Ez=nPc86T4qy{VAYjbWR*{3MY
z13&}T&#PX}q5ZS?vo)9?YH??WrFV9mbM5wtX#v0G=4>X@Qs<-*?D<hryrOrxQn0(S
z50<R9Hk<1glqo9bD3YUO+-%ovpuuPR<cQu*z7!>6Y@|3#fSH5F89@w8rOpQzEV6Q&
z83V;4nyu&GY+);XlR7_>VP`-1mQ9()&|b4mfJSieU778`lhJZzi3G=(>ZJ)(NmfT)
z81MLaNgsZ4z+mBGxf{_t_ffkJ&MUF8jZFhf!WZ4!!CRj9^k^q>r-C}kb%dY7zxd!t
zyt6y*Yhr-U@~`@dRcg7rEBXA7Hkswe28vt?GCK?>*$q`N5#-95aDi-Z5@cozc5=C-
zB(vysyL0Ei83yP~DzxN0eDJc+v_WZ!_M_I&^RaE_<SWdn3yKwqykq7Eq&h2?CP+Db
z(wXUbvNw89FU^qksGsa(<!(#_CWfdQ$0@j5d~GY}uY6~6K#w=!rE8=7M5TI@($Xu|
z5wCenh4nmqfpo1-jKzgY^6;26GW_K`$)xCmo}X+bVp{qJyh`F4lLR9~Am<Ql$|R7)
zzKNlROVc5b%=X6&lg_a>=up`3@V47w)<nB6&r};_IxK#u|K#kIUUXX=NhgiJC^9Z+
zAHm|gY$rU!8gX7pIYif@?kjy&KGYdq@hSmny9n>H8DkS{lu;f=u(j}X?omzqpZWn>
zDLAiy9Ks=fzvW*}t;a2~LIN)uI8?*baYmU|)xNSG6BgXpTb-D;GNDXG@-pp=Fx?uT
z&Rafsd08=M@zRO5UHdwJ9x%`K<b80CKi!(pT=!u2k#e=)JU+C}*D0*M_N4HRL3x%!
zQ63z5IH8fu>QuyUFeLJHEM7rZ=mwd9cCD|EStJgr&9g{amXbR-r)tl}RS`H&g>5Am
z8dBYaqa0k1F)*UyH%=zIW{HZ~9jwj3PQ@90ImM=KuCcl98y=S=^6lOYFHbj>0JbC@
zzevJ6&TpwEh<Qm$8xI2#j`tSHG=WFFxq;IJiPqdo$>|Pu_cg*=Z*3N<uzWDe({-=G
zI{o<kN3q<_HWMqylUF}GA28T#m~!TEN+?e@W|L9k>B)-eV{P8v?jq;&$iXoLcl%Vd
zT8)X&J<As-uj#fXrajg`-!dwl3!$Vt4>B!IVWo?<^y1Rv1}W+O>2asH2Bll}RS8+X
zTDmpgpq_W-odnhIi*u#s=0LtCM*5O7r<x09*W~!FEVk#{YReg>>8FhUmZ1zrnct{v
zbJR*2@%W~O`NcVC<d#Fww9iaa|H8R*M!QD0gN^MH3tnL`95r$DW*%8uC#b0*QV09C
z>A_!ko)ye6t~ogfM@d%Ct-v2)!4rGCv+k>B8d7B~B%d31w#O(i@nnm&vNpEyXNQGy
z(>R&mcIeql8`tRO9thrllPn`6HO55ZSM=(<mf$m}eof{(VX2;!&{20?=Y8v#!d#!<
znwwwlO+`jkSStRl^rOGAR13kK2!>o+ov%JSHe_@Y-Aul>pGDTpoRBQzXqiDSRLbU?
zmSy?_rN>Bnwn!;1gc>8`&|{>t(m#%V-)eLwJF6u)IxrzHBt$i#{r0U~f#AO|mOh+s
zAgTNSaA$NrKz(dc+8x=tsDqT8=P{$iyfh*)M#8Mb3F~3@(?}=i;`mHPf4boF29fr&
z`jH-;IF^iw>}G8yyIea?BcZU@fpLVW%o~Swp7#@s>|2{-L*!k4Hr&OWkn!p$#F4)S
zC$wL(-yM5S2;bFtI>@6dZ7FwO4mW_>A1{y?homSsR-0p;B6(qZPt-aFC&?I#_L@nJ
z-_96`rs!N*UH;=VuNfrbn3z;_i$#utHc%dR@K6n6p0o%Ox-rd}{p+`^p1~C6>(}6<
z+8DwD@f|CkQgN1~V1JSu{h?JeDd*;&foRfk!q?qdIgk00WZYPUGfBPM(q-=Uy6J=&
z+H>j(UAD|4`*B?_#66VN>neB8ip?bQsqB`2PdTj?Z<Y&rQIo=DV)0G&m3pf*)!1R5
zmG`(zmSI{5I!5{fR>Fl**ZqQu;`d;oo<R|cih6vrtX{L1%%2RaiZ7VLGhyoHk`+^`
z+?}&!A7gJ+jRbnXlEIr<rTaD)MT+q3X!l<9q@Iy7+y6uy!dG!>8QVtq;(#o=J4vom
z*CDe4eX0<5&)3t6gwKwBM$}K_6Xo)fzD#f&l?hC<PGe8U9<HPc$e5+La#>1$Pv2ou
z;YcgGs-2=yo)dUi{V}KXcP3Pu0ZCreU*xEr(4K60%teC-CLIkL=TdBW{uoY8$$B=E
z+NJr(=BS~#6qQtwM3&=bLPxiuP1|D5<-Q|%yz1by<HQ6gv>nt73;%dVQZzc75H2cR
z@4ez*+lSFp90*KYG{Km0*;fi?m~b?xV2-(?9bYDol!>woP&Q+}>GFOUzCBx6TS>S&
z_?u}U<{q)?{}HdtxV|<OFaEI<zAbCvnSGfrrOU;#S?Ao2(p1BiJv75IoPPMq?@y9w
zjG@dy0!Pi1HFw!#?Q$K?{DU50IvqvRBMN}kYNXm5;?zeur7%=#B<}g2)=#V1tTm0*
zKH8t?8C5)S^L{3UAXHF+-M2=Rx}k#Z$u6VXYTdj~DMOkM%q9EUpXyXjeu=#|;%-I=
zj8j*T$(CYP+k7D<KPD!V1H%=zjI+;H$6{Xij@-f(>iejl5qyH=>`@m-`oVP(>JKZu
zbxHTkmsrK&Hq8`w(O$ck9uKROd=_W)8^q4D?tLxxz--r$-N{|q(PWAEUNPPZa<b#k
z$alg|l+KYwibzL=Wi~tZq$s5bM&OW)7F4E0-x6Kinuj}sIz&%@9<d1Py;Y-^;;Hlg
zv#-G50AEqDc-Ic~-}#$ObDk2Myii3~|Fri=_%ob=!>~VOy(IJZ7hsew5NoI97~P>h
zKXIkUJD#h*R^#`Kx6dAVN_4{`4$?VQrsXo(l;-d!D36I_{TFPCM`I3Vp<N4$!vj@{
z83Xsw+H<WEexqay+PHhR(a)|CW1&L@e)7=;!|nKQNfMNzWb_XmBfUWE!6b$?3&~?0
zg*ri}wQg<>k{@6E5Tg+P@H#7_c&BZ5^b$fHK&8kUFhz{|)&5zH)xFn9XEMrK*z|@*
z-Y2!(q5gQUfKplBX1`f8My4vku%9>^-OV|wK`awirktZQT7R)Hl(7qT4yeX?uUE=~
z5w|u672A#dtl&7sR65nclcC=GRD03_{bhz=M=-n+h!r*49||{3J>zd3z4e?#05Sj=
z#d}6({AqUhQRNvEGv0LT5PtpF%#14j*4+NOga<H8D_G^_Q8xQK>)(O7WXAgrt5M+F
zOu{O8Vi^<3`SdSw-rZD_BUt`G>!81X0`jR*G=;tZD!$C@wBIQL8B7e!jGA!i#6|*<
z{w169Fd|_)C*<m$NXBORR~mq7jGAo02D7ax2tku$y+~URn(VY)!K1>xymC&3R(>lo
z5t4Jd^IN#@j*Zw34}6ODkUX0UF={C-*MQynUHCP6tli8g1;Y(Ju+)8{8baOJ^|$wS
z5S%s6B&IU3xC7!XP@L}}e|#ox-tx&g{t@He*V6{qS~%&0`F#$?oF*jeNU?Efe|6yN
zz=yM=(e_9C5wc3uB!?D#xH)_m3p-7VxgJM<EJ1b*eC14vK{*sXFEq9WJlt;gbArup
z;cQ(_Q_!>(JoK8+xg8wqiQuR-?DmU~aC}rskppWs8}Y_w78<?o6n+k~Z#{>~R$qUL
z^&_`7;?!HwwK|=!X44Ymz@6tG|42{i&%3IH@2uvPUPTTcs+J}k?(cUA=DYch14tE8
zT2J}PTzBrdp|smVx(z6}S+DzcF4grbCiXKyknx%w9XQ^oymlKN&-BFe`Cjj)!@4hr
zt7L5&A_|jt2q^W0D~ujRjif%&a>uUZ<rKM}5e3Nq8tXxIM+m+w%StaxImKxAHnwjV
zg3is@k#k}(W>DT=GczzS(7I>lknXIxJswun(?>Uy{?rYHDwI1^K=jw6t$c62_EP@c
zAT&1+ZAI8mi}#+8U+TZZ_Wj-&tO=Q-wOglf%b;A}?I*ag)LdojH=7Vb@ym;oM@C$=
zToP4Z`@Y#Pd;Q{hUCCy7VMlX`(afzMhhAKZKcAWHw=!mh+3B%uzq3Cu7!t%W*9bq@
znyVw)W*b|xiW#cJkxDEIPs;<eBva_Cnaf%_mP6`c%k3_9)W*G&u*}2k)$VBjHP(?^
zf&h{~Ek`c2Og+)s^0TAL$9s%YlojVQ*F}73mU%_HrP!j)m@HWz#>?%RDzQsd$Rpaq
z<-8VIY?f^oQa2KH<jbaD1VJ6wTIqFTz-?~8>kh3MkInC-CPFoJq_nsi)@u$a=8807
z|J-_QU1HaKFjmQ@d<6;ur`GX@CmZvi;vr2}5aak03C^Pq<>9{ltAJ@8r}}Fq9P0PG
zK3o})^xJM)J>7_!16Ht0vU>S@j`t`rog%QdpdlyaKGUo*Ddji~6<{8)tEoLEl2r@I
zVFJp%l{{yJB)P3_zmB{8`vd;_gCk~R?b*N$IJtH_{OhFIC%Mb-n3slA9`%I2l5w8}
zmd1Tjo?Q0rJ#SI0f_tVSaKMCe*hXXpj|p0Zky|(+8R*_No6NkgB##^3(_iG`avA2;
zxUoM8AG`*T%C~xLWpb`XTQUf5*SfS=_i*18s1Nb8Ei<*q@;U8zL5a-3mgAGX)QiXK
z1^fyPQq;R@gIFDb9nO*To}-N{iW^|p{xta^#1?I}xgRFUBjshxv$3-JQ30&UI1dW{
z%G|^h;63U0N3m?R&^_;I+{Z5Vhfiz45@Qoax-bR_W4^zChr|~(5F38+AIttiHbZIU
z!9vxH-Y`Q#C&Wlu#ugsh%-J&hGov@dy_KY_wc+NJ?91;%E)?0fT_%fGFOG_NFMPX?
z)hExOgQ|e9q&St29PW0=t+Ws{TKLNO0r=*!#Ni-CYWjt2Glbp622#Jj4;@EJ(T?j-
zisBsGJ^FmEA+@N`y(L;flLT4Tz0b%>Rmpqqx|~#3Ar3P?7ADv0OhyZM_HQN)#yEW6
zO3KP9|JdpqWDum6eG_BHbILifa;laU!j<&UO{kU4@9*TJQ9b(HC19~jU7yR{i1&f&
zPu6W%-=Vjn3}rH@iGmX4l~$A};jwPiSvJL1AHwV<m)r0m>|TTBGBcBmH7~Wz7Mm9v
zgdP<F>E2EqDriz-EfO}!(>7|dbHpUJ5e^N#bPZ>Hj#RHQxR!UTzaIJB9p%c-$*r7=
zVVz^4)$@70{1S)icyTL0!E)`W%Et?vb$rtOnDtQuDPL(^E2d5NOl;DJ%$f>A=Dj6{
zM;zQoTVLzODG0ArX8DrkpIQSw8Q9iWxQCv8uQR7AcD7}iGzC4W@>wchWaE);P{7md
zK0Ol`+e4F<O0`a6PvwXP;<%hcCamHmP<0bM4aDaxcpk1+H@Vz%;hhN2@5DF-{5>8c
zGpnnR-K4O(@MFA?tQ%^dDUfd{&T@@MG4}YSKwfG~M%-wc^K9ppNAGvwdA4Iv6P5Fp
z9_CC2XeQ%M{RjKMVHQkZUk>W_Cm5z_IlVI^P+px)!LnGel*RncOm0?Sx)OF#q(Rhe
zZnCd$HYnUU&p@$l>y1{uA*A%q(Q^|Bx*2xap7A5A_JcqyY;=d%cKuBB4qjQe6?~K8
ze5t{SAoHk;?v)?{(3U2vC9fuXdAWymD3@0)S~Mjt>SAunP%?{>fX3Ob$l}Fs%V$~P
zoSrMvA9P>A2QB2xb5kcRwR}WNv}3SynG=x1wQ7AadTwJe6&$b8B_D?kpo<!NRnT+v
zxq9g0?AQ?D%Do$RU6#g6NXNNNr9-}>_dVQ0JD84D--<%NC2L|A*oGe{WE`r|-E1VJ
z&0`yS>;XfBdK$<s2jns{9-lz>8O2rZ+DGGLlo`;g`7Fkg!*Voc@%gZCuV&2RnQs^T
zss^5!_ej@Gc@T-{-#e=H7K(OLj~FPXFrk7@2FZst+WQbpDnv3~k7lZ5;)-66^5pu>
zT(?h^&L18FMESuUDTJFn(v_8ubp9!@!g0|NO&O=AcOH3075#dq{S}V!tk8kS2hilb
zMYy|!{vd92Jvrt`ROD6^)8Xth+QoLQ!l#W6xyA?HA^f_PV)Je25Q~b!g?S^-=7t!C
z81*HI${9nC7j`we2M(V;XMfIUNaWO!ax0rW60kbdqsE>`TYR{lanfohpV;Sxn!q_2
zYfiZzyOr3i8g>u&<vX0Vy%Y}V3)t>L+>hleZ8EU!d+hm=Eoa#+?OQXx)fSuNpWwp4
zL7%MllX|qjegUx2P)cK}2pvTHe4wHp7}tIb$CDU>w`^6&Ylt9-+|9a>?c(sW5EmTM
zUVAGkCl#vrwi)fP3Oi9kFFM^@0N;7Z$?ce#$Ojayuu5x4B-oSuhx2#g=K6-mLR7oR
zc7LLs8`|Mbg~8Em0Zj0(_RCbyA7M^D&sAeW)K3?UJn*O>WZ8$kB>31<l2r@jxG?it
z!kxG$T-m0rZfDTue@VvlW_&pp4`~VhMrMDTE+?w<-oa#j)2cpWh~bu!iOdMQ(TdM*
zduVL3awTB7vfO^gWOkZxxo%7#yNT?jSy}g{yYyV_s$JzZ&kuEjA{Cz`^i~glc9Ho{
z3@Rv8qnmQ3S2JXO^iG3yiOq*yC1Oc<<<=Q(bXcsiUsZRd!2umLvfS*Js@h1x2N6Nx
zm=I#vsY35mU(Jpgbw@(7eyU)i<8+E+e6qKLkBO))q$Q^i;%JV@3pk&SE#=1?ALk~{
zA@XH*r8h)MYFcF?fkS@$B2grrr`hOKtAbdVTc+KXJwc~}<d`_o7^6+?6HlQ!PPuJ=
zZDCO47yjE{0<Xz~qA^>SfB-5DyHFcia^L~MClmXaH}YuddxvNSp9<tStA7E~*9mmL
zqyoc)tOku)T_cklDbWq(FegmvZ5Scj7^TcOd3P&nmhGo!2X--;E2b>o53~tUkChqC
zR6-X|mEW;RTXx@H(`dDF-eJ9_V{h0N@Q@KDqr<Chw-SL*F?uiuL9C3-Hs#Qf<4%_1
zGArC3+=yuoeyAGh`=-71Y}nu-V0-jP@}t{)R#b9E+$o#RB^_-a+gWH%P-n%6Q*6#v
zb87B9J*6TSXE@uTeu5{U#Z7zMhG?*lNm;T}WWnCXU^9CD0##bLIW{sq%uxD!hR3GS
zMHUtote)cRQ(l8^$X-+<Oc3ye>NL)0g$Ewg+S)Y7Xa;F#SCYkcaeBGwNlG8KkIv!F
zjbA*S??~}i7kbX(k#E>Nv$!eytWkzmQBF)Cap;`zg|*?6VZoyUo22buIj4QGnF+i(
z*)@G#Y9-KRwoLuDNX;(6PNuACoH+g5cd=`l=Y3MQJ$Z|biO|5ue)3ke1=f7CxsZz&
zm#UPol=NX&-SY4UCMIE3q7S`uZ+smS;(YbCLzIxkzj(kRK!#pD=hLg_k<p}D($1Qk
zsl|sp>#DC{#3bPGwb=;ud(vKKMI<6VS##$~O1m45vC3p-%=6nn)x(I&e2lh#qeW=q
zT9jEacK9V7`6{_t4gIGr*g=#mS-B+gbktbjX+M(1I)(~2u%8YHM74KiW(~gi|0bza
zZACdg(=fiU`nMMVAn~K;?JXnolrM%T2Ycy!_K<cjfDT3MnOb}&p(^^cNi_N#y)@{D
z5e9Fw2Iz49#xstoYxf7E^;Ix(m2uYEp4)ZBoB{R+cnG#>&_B%v^`3!(TCV2Tdq*ic
zcLP<*84FK@%1$>^6twc-Z#5HsW{>Ew=P;n46GpSOF6d824Jm^9W>C^rQtrsOr$x=w
z|6xS=%?M@F2`xdS?Az{jR&q;6-M+<KOLXF!dQD3u#o9k6++m+Z-i$<Xcr}w$<1CNq
zoq4lcu=Ce3qzFZzRXN;pWY2&X@-qVvn~#|3%L>FMluAwpIrrgn>@?4<^o_3~_z9l&
z*d13CBr$)EfAYNlt{VSY`{f^tFv|Pn5?9Ix*X{QXNKQ_ESbTGKv<)UxM$D?J0(UmS
zjXO+1*6ynyHF|v<$iVbf1Mb%3-0c{UMv`T~eyH(Wf}6583YY-6*S6uFT>wZL3gKsR
zt%U#`oGioU95C_I=Y_8cio;L~kGpVe<Xd%rYm?(xH8r?Mz)yJW59T)y(I3_qYWhD(
z+_)|9U-kn~@;=^}){Afj>sh&MwM_y3FbfPV&C<K+H(G=3<jILliU5r5b|+DKJN*x*
z5K5H|Zu#au{3L)EMbqm&f9v{_$ec53Lw)*cl~6=aHODX0f4!g&8R)HU+WG(d_5UHC
zUby;hqQlCs2=RyPId;)n%p}K6(cH+$=1YuB0hIn`zypjRbe7<8nDIAmGCL4m73OgJ
zp}+9cgI@~3IHNJZBj@z8jfklSTZm1;wWeYgF45;6%gcYJv(>|ROfRhhYQH`+++2M1
zOH9T*MzP#u(g{##qn1zUc39X52RMj1-u_D)fdw0odWV{oTV)SeR`LP~%KmQA3$N@D
z!T)2F7^&$p6KZmdm0O}`Kp_p6uS)gbyhSxy-*cMbr4m^(w+G+tc$d^-?F!lt=R@FM
ztjj|});XaCO>6M*6kqR>>PT+SHrH@8eRU;LUXI_mrADHQqg02H#D~IPEOQya<L(oz
z=0?azqzyY>U(q1va*16iy#ghl161;_kHmY{u9ymW+}Xx<)r|0{>Xsb~1M@j<IJ-9V
zvm4<P0L6cqO1iU2weLy>!Yvk&Zz2T@7kaSg;Z{<EAh$RI)N?QLJykDp?7j-@LayT4
z^7O=f`b(D(s(S|(iD+Ll5(s*_FHbd7iX9zR7H7ND_`W5f1;9y=BJop%Mm+jX<g@!Y
zMaIo3S^`V^e6s1YucWI6vR0u;D7fspfoDHohXS&(hL?!Z=asT)kdW83n)?0NLq}@p
zu&TstFjlH&0^pV$x`qZ=4IQV@#v^;(Ze?k{1QA!k=VSwhmHggHZ*y30G+DUPA>Ma!
zWa1?h`1R7`C-d!Ct}YmTYG?wOiYB)z9))w_p8%)WcLGbfhlGrXM-0S!CwJh{2};zk
z&NMHl!nq@Sw8DEi;HFA)ush2Y^x7scPM5{%ib>V&TP5ZLpln`;=XdF7<xyhFVN+f{
z?ndh=bIpcY@x;<Nl*L7`d(>AfQhdsbWsRHbBrKaJp7V62Ak*)=ry<?C#C`07GKMS*
zGD_d=lVm7p1s12PmShU-+vYTwH#6QolsIsy`B^aW0r6hJi7R!Th_s|WX{cCYR5KC8
zZJAd&M-g)iQ=IF3>lkPlX`SA|;WqrW#<BE!kXm+1cfM_?xLIL?((1yMlHJ#m-F-m!
zC~23FY9;<Q&NO=c`bz!c@ULV9vcAb-_```Xr8gE)@qzw*Oue^;)R%5ixs$HS;=D+0
z8O`q|zYu(w8MRbQRbw^O#fWzcru0oB^)F^xbBozT9qPon?hcZ4w0C*4c^hX|v}Hn~
zNX!RD(nZV(q}YX<-Y(IZJgoEnuhx0~Fg3wE<aP|*+oks-hg49X;TuNmt)IXH_I;x>
zxAKSTwxGR4uj1}df$?+X#=1Q=cQ7fwZt6fOBzE_l+uS6!XhMamSP>D&oZ=%tKY2SS
z^5N*szu+X5!%6z;9kIB6MmdxHRbv4iw>PSFA9~N*HBA|E%-c2AW5bufho<!B=Wf(|
zkE>&Ah5-R>usApFaPnGXVZfGc<=HBT6QG3S<HD~WPj=!T=c1-~vfpHU9}ge#iR<7y
zv~<yV|9`!gU_^{cdmwdgyc?Zjo8Y@hgm~ax>^h`dA~g8(!xJ>?7<i2?%DEe2PF|^G
zl{6zCw9?PH0x`l;Kc4corWsOJDIAB|ag=>HvK#$X&NJ@XN{Y0Q?jAbYgG=Ge&I-LC
zZJ3UgDyj-c7%)a)gt_lp62j;Ke_5hG)H;38&WvE`kSKGT@=`4g$Qvi|1WWJ4j{S(+
zCLj?qP+$wW@b3&H*&l1IaeqDLEK5Mr!u?;Ev<~fmZC>UgthGLgxIITjMYX26LaoBB
zqYW%2HWs3H`ynox)XEmkUZVa1WWU~FSlm{ivsS5<_sM#j3l4q-$>ujC;OP5ts!@=2
z`XF=r%}ZvVr9(DuSXhe;S3O2{W&~|~rRx3I03yNgU!hkPoNx?+#bF6X=u3d;i|n)(
z@sG2}x-lY%U;~7J$O>QCVAmm*|MfQx`=<;bgg?E7zAFSHoFHkHtCjJ?mU<J+*R;O1
z;2#@P7_F_d6N1kEh7ic5M)nAHrkOt-LzIq(|0|aloV-H?;`d6W_k8iS_*+-GV>}at
ze=K}Bl2AJ43(m-5u%L8-M0qKUM@9-ePl$EO2cL$-i%-sQj0GbiHwocIZr(hOoCFx+
zp#u>G)^az$pNo~U4GG(KvJNus-h#{*EO?*+3&e6OS|qBMT~KqKSH{y5eDkUJ?k~X6
zT{zac0v-X`D|LU3b-uo`>*apr;2eTS6qfzYOkXy3O*GIb5-$u2<4_(HNNLxQ1TKLs
zzX*I(0Y42Wc@*i}Jzg4EREwl+KXQ`%7J{)j^~u)828Z-^#r<Ir%z>Es^V$Trn?Bky
zu7>k@=3oFsEN_j9^A_IVMSJD9wt654c%e=h3A)}W+pH}{8h06SL|_j8@Y&N?3RSW<
z_*tl&pUjHvO*?Y1*=O!-O**Tzw(QCa#Gqqe6;;$I!y2BioHe@lsh;F#go1)ceiRgr
zcy<xdfY7YOR4eZ~h`<AI;9ZqSTm{3=1W$Q8P}mLt1&TpyA1uCKhGJm;83#LQvivR!
zUDeW`VvygC2P;*{Xj_&!2|xbIdwv388ndvZ;<rH4KX(K&IH!D6bp9GsIbyq5t6Ta!
z_5dj8QV07{8<@81Eve@vPLJ|`6LvWyaXa-yb1)SsNkn;h4NPh~)7!^F8fE}6#ut7(
z@^F|2E$1ra&&!25{nd(gn;2ej2zJ`mMP<>IF?O4PLM9U6Hk1Zhc}Bf<X6Q)5?fmDH
zz;I!wc#d29BNXC9)sj;dCOsS&#}AwzC8`!KBW|B{=k3s~0EeE^n<tc6`!3po^;E(Q
z5q-i4Bik~}oyy+FdyNtc8Bu6~w(<&?=Q6J>ySw@hOo-=J7Q6ko$8JXr!Sir-BK7yL
zqXXE5=UG$5J8yaD6xKQY{`o=Hbx=ock&ry{ki{=1hNyxE7NVQ1r#!A|>X`?#y>!`k
zPuUd$;im5M<28lhy5z%tK*?e8ZO2A}<4R=pgxtTW%~k@*za4*G*=v8WiZfEYjeDDI
zL>&TSK0i%56A0=|EQMTfO%FAik<yd#QuSqfUC=hvjdv21Yu{>|0PHxOL&p~E2fLg^
zkD51D_57VUxy)1ctw-hJq${3YO^MQRKi&Za$THMz16B$8LiCN#f)&iFaT;k!b7C0;
zF8>B>QjZ2*hj!oPUm9cGCAqBbJeSB>%+lGI6c3&@jA!Wl3y%|(@hT2I6XjzPVxpoh
z4m8W#ztlW@7j{N{*h+%sAVn-7&M(3A$MV@ku$88;Mj$}rk<wyA)#{=HP}cH7_@Gt3
zGb<bofw1{l8+sTJ0070&cHo5HPm>j-9Umqqa#~ic%$bwJp9rZx%mXaV-OV-qZnxfF
zOa%?t6K|DSt9!vjMV0qbj+Z_0LdM}4>(g(Sq`Iurorx;MkvJa5(@=d=&EEX_QQr;V
zo~j$i5<%fA0DhN|<nObk*@98)An2bDc!vHCo~Hv|ZAF!@kL67dL3eRmlFptlvKbe$
zW1=Ljl!Q<-nLEDaKK@{1UMl-{K>BwO5zL10Ug+X-Vk4j&KM7UvW+aH&!v1+yQ-)No
zuzfZ|k;s(z1a}aQUNk&?_2L~0eE|L2HV4KDcs-VdtbYdTLY7QY#=6%Vlv=1J#e$uZ
zBcb>`0-s9odQwdPQiK59c6oT4JxIcv5lSVa04GYnlPUbyc6&@W@<EX9!mn*!pXJSr
zEs$fhOOAFRd1)6?m7iNrU69hKa51+~7e#o6zY9&|+otfCw)<Xo|JQWzkE$O6^}n;t
zKc4uX+2)^Iz(2E%=^jndPTMlwo}DnjsY(@)9M!u^y=Lu!Dn+Kg7i{xS=DcyOui=Q|
zswKGTjLD{eNTjY4CLO!B9=m=TLNe3#nSf9XGp#ZQ2dPVLC>;5@4u0NuWN<4zjr@#)
zdCx7s^AUNr5ePSF^^ddY)2V+HW<YgBWb^@CBozo6?aiTQ=~;RT=z_*=ahki4o%&Dn
z)<2jmMnq_i2q(N)ztJt>yxV_V5bs$Q2I{dZ?dW=9D^!VYpC9f!sal;2M!VNdk+?%O
z68nV15p|qJ2e<`mK6Ur?JKjF<6+X;8%sIi?csYm!$e;GR%p*sT8DHhO-wtt(>3hM}
z8rf0CKwoeov!{@g<@1fgDf(-Nj3GDwvUH%F&!QXL-(0lh82*?LUYPLX94xS)A56-h
zZn;*Zg+S#^0>g)`s3N7`7gtPEZufGcnJT7mF&~0CXpsir_reDf-!T3b>4e~4^kybw
z!>QQJ1jq8)B3JfPuy^E^ktb!0Pg3lxDtr%g{%S?yw-P5(-}tV0b-%uHpDhZvYkg(D
zGG-bPFGHEC<DC~;Vf_mCl980Cc(V|EzYLNQdNmSLahvIDD9Bjb@j=+^B)5Yofna@D
zL2l1sA$)-6XFFhA7|}4-h5YH2>vR1_Fj3@bbNdIi@Hc8(QEgO|iNlyKYFxU#bKvZK
z!)?g(cEHkF%x{|CV9-c_Y-~GXNyy$YMRHEii&*+5h>(L%R*bNSA~+#c4|bK3cFtY;
zhz`JcVM&V45P~O(NQQl+c6=xOf{AZnKACz0j1Uef_%Oh@vj0~|+VD0f7-CJl$FfVV
zgRi^TWkAaVZ(#6P2AsNP#n*8FV9>up_9OWq74aSTVse7%V^Lx~#7FD(Tl3*nx?PIY
zcwm2U0BlhR_FXf`2-BH98>GkmQKKYPrYz&EXWrcJ5Of1XiP%ja<t5rlUPZ6MY}10n
zqcR|ATmqYF2?*2C3;ZvUo1~tF8}3xgq5Dl#zA*y?9&Adu;kVS?M@tTsSnp|gA!U1g
zw3R3exyBn5$8mrnUt;%o*Gzz&vItNFly56nk!}m>&3eAMdgayTAaW#UQ2FL9Tkq-`
z|0fd?Dd@TrZVO8rEvqH5G3RHH+ad_6+iz`U92^J7+B2ZSCw-l%WtF70bZ!tK`QiPb
zJsE^0-Wo`Yw#)}rkpkK*6&gI$$dXGlBfEKsn9{a&dgN1Uws{9Z=f!2c)4%R66-=N!
zr>qIKguu_QVO1}{p)!*%+e<%Gw<IHucaGfOf-boYiu?G_Cwda?iD}x=<&RP5o428j
zr-xG$t@iTN&17iYX-9-N_0OEl^^XK51DgZ3@ehaN`l>2P7YYRjeH_2l2F?8$N+69v
zVI4OI+;ArtMzYbdvIuRNWkhU|c=Ice+PAjqA(uZGrcwoBHy-q8lEdeh@?-?sBI-Le
zrfg~#KV`<<G(()lTa@J{iz^tUcf_@)X>+5dKcAdl-JBQ*c|s5Jgz{3<1v;){*A~2#
zhbb-Z4`j8Nk{?dIb6LwPU=)P*62#vL_U9{*`AZNZBP{<A;RLK^0}x=g&}LEueMfJY
z3T^Jh1%5B;upCoo_6EC&YU^x=RRXw*H&rf<W>IGvfR*VB`hs*UwC7+^<cyS%)g`cl
zP*Tr7!Iu$6`IXwFe*1$KH{bG92RJD3Pr*D(w3Z#A&vV&s&Aqf<-zCSAVhI=fD>hM;
z{)h`1ft^d9fREc#&+nFFGVGZ8m|fCq&+-t|d9RilU7<jLQwgNIf!~m(m~xX>UPd_<
zUD-^nPro9Nl$gqsgy{D@A|Py(@H)2cjArpdlx$W%a7g@;=%|=!(RTb%7iQpnKIIWY
z<HTluj#osvJ;c|yHt-`|5Dh_a%DG2-HtOXbB<E0eOhZNCaex+acIQnQMNrPK16h}3
z*7V|JeV85YqmAdLRxepTUU^Eo18!y<@SuC{j^NXh6r;~mW4gdBp@&+fzl3m!?IBM$
zwv{Ufl|tE3UT!Zs)T{xG2lsZk);n-cf=k3%$j!XOsR(5BvXN9C+{0sklQ$#FqQ;p>
z5#icV(6bK$C**Wiw|TNBM7m7@n^<6w%Bu@0-WuH?8=iHjLkbw~drAxaTgc@_Q$@}|
z%izd_F7T6MM#28PudGp`oreT-(v1FQ^n9ka-}G9X?U9$xfvkQoPil74Pa1{<+l_S4
zN7~FtQ&g!+*B2rC-b@~jd8on<Smk%d$qZyskyy$O3u$z}8hSgN%+l0rYCWFnNaqtq
zLP6XkM)Pn?Ypt!WP&MOZh5tYSKs8%$oEVoNCcAs`2(z+1B<j9@_);O$dT2akWW1e7
zjN~yUClqadsNSC()$j!qIl?WgcV7L$6^Q8n*>vz51OD#x=3|bD$<!0jrKDA|CDqqX
z|7Z)(>1_8UD1ba(7!nUVjHXy_Nt|!MacYxgi@JhkPc#pT@XB7#+aqpP${lRw-ex=p
zK$wJkqW$cc$R1iFoQ<!8B63u>CrF{?^yFE?u5m?t44!x#+#KYuMmlln&9Y&g2u|ts
zo>c6H){T@o!=Gb2EAF)J<htRZGdWf<A*d{Xw+~W@0Da}ms3Rq0J%Ib08rJCQdtF1m
zG9-&K_}cubx~L#ky?ln{&P9x1(X9vcvY|5bjW_iSm_Srlz25uFo-{48kLtcv;6B#w
zB==>CgT(7pT7&4h+;xT1gz!i6<y$7d^MsMFN|@=Tm)nn<do~j!ylJoNB_@YMZ=XUK
zr=}|i<J4HP2SBJ9#M&|b{?+xxW41979I=k3+OPPQTnsqDH)}9_y(>S>TRcFWZ8ujC
z%JFHk^S*4mRNdHeJDW%(KmLun_>2NNo~>FdPafm8_YL(CGmRVdW{kRn7ec&=47}?^
zTgg>@6n@m?=S0lw#WN{UUfBWayJbR%$wdJ%gTxO0VVP}+Veemwnl1T_8m2n$(Wm9L
z4pHLii+-U+rxyGL4ZmK6QyHLQeTRDKKHp$(X!=N+2A{jp&fzj)B(BIqTp7GxCPm+l
ze~w1X*GLF7XCP(yx(s-G^1vuUcmOW+f|NZn`_mrz*%C7Q?_}N#1Xv;480sY3uozw>
ze0Cu}H^rdnp)`UG;KA)-rcw9{b1K51T-BG@xL`aGHoq(GWFSO~{w^5E`PNe#e$!em
z!A>rxJ_A?e5eb0D?{7hX*QS7f7-JZqB4O3kAnPE1*vz<k1W<$l^3(03DtXhF(pwJE
z|L`3_?Wd8?{HJV$v=ksu#(oTLowpd<PA{S(oZmSOe2hA}KK@kGL}&*4Vsgw^J`k&Z
ztLzm0d2by-6t)>Q!CUF7LCCQFVi^|rEVVK(S|f3XuOV%NsyYi7=Et)bgBs-r&$>*l
zE<{i}eBJ`a<dW2=$e|+m6(&f<Lpf{%X$ir9ALh9jz{doO;lb1C5B|SnA@V<1=LA%+
z;rnh+hs{n<yOC~4tlf8?XAK5Jy>4Xm9Q4V(SCsDhaZu8*WqMazY!in{;uI6OsF#&e
zndqnOXRJzNAobmY-HuS=AYIp47hhl2;SR)BDN41%zR?ncx-VOBh^{sHtE7VE5-XKr
z2QKGAusAj%j#lsty$0=T7tK=^rv5*LFF^-{%?aHjp5L6J(GAV34!}Xh&rbF!xAy<{
zNvIP*LP->FkWk~0(@XwAL%r7*O4q7Ws7K`hERY39TQ~F^@Okvyl!&;Hp<h!B;t*mV
z17~MFQW$_L=bEqrf%iOm_OqFuD^Ly%ys&?I-I%z}K)sAo^80{yvg9tm+I2@aKi|6@
zJ*HTSz%BqQM{1lFroLUM^l}F;M4US`8{gZ>XJ6#dfp<qpC{{fatb5c_0Ye-^)GF`f
z$=m=avu<`E-A6?@a@}Ec%+K1C2@cEJJJ<@>+B;OhTi2A=mJ6tWa`3GN8eL4>7S?Qv
zGZ6rN>vAgR%(!RN!}sGLq!#^nq#SQuKM&>lIXJPutN}>{h&R2whVolD+FHso6jtD}
zE$(MiU5h9@4r+s)BGuty27vX)HW=Lc{ozQcj2B2?5}y4by;FaC0gyg%K*QG%Ao92T
z$Z`?!X(FBL#cQie>vmAUBB6gw7wSa8(CU093nWP=MzpdD)#a1;Tq{QJ{a^TBjSq^q
zhXf|8k05dvm~YFLaw&<)kCn4|p*@m!JO0*uDdqs<Zv?vwtf+{uhZ6RwCn}V{xciZI
zVN?(z90xzYaGF7@VfJ#ZO3PpZXp3XHCBP|Cg7T-VVTAMVmyfyB>!5$U1p6GMCl9C0
zp8(^FKjp+c4iImbZw{n_>+=Q)e6HA|l|YQD9%w(QPen{<z)n<Q>{uCaK!>JrJkh2H
zO@II04PJR<O~f>b|2ElGkRIEc!GQ`ol^w>)hVKo=7B;~$4StEG9*vQ`CO`Q6ibZMY
zT>0IpH+v>udJ5rzw8YQy$=E-QHRG}Lq;BrJglrQaDGL7f!jJ4}u+KAx*1_1oTfi)L
zLo(*G4{ax|0Lo}DxnadUDqV{oh%zb1#qm^<GvaH_E1D`oaXTzZoT#)M(nNl8^1+h2
ziTB)AZbQ)`n8R*OQ~g|%FX5@%!zzky^z|0jO~7Q|bfASRE!v?#0Hwy1Blg7OrfFJS
zh@qB-ykG$y;pFA$iS($k1O2-Jg6k<nUfn1wH5hPg_+J!4(KX6mwG`YpwQod|TuWK7
z<7QcuxxB`nfNJEO{_)Tru9M3JQ)7s@8J9Bu1GvAB0L2FwY(1Yp+;0%-9<CaTA3qIV
zKiU_$z8+f>oov?q%Dxp}5|sPKDa7MM><KaB%yZBfvMnxCFhUQ>R--#ckz@^Gr!r$c
z4{iC3x)>6(TL8Lg4b^wiqmf`<780Ei0<0k)K<}sibw&n0w+Ui9!`Bbe93XJOq(@t=
zoN?UPR(F6EVXM^S1%@CI&<#@?)@Z}w83;@l*Eu<Z^FZo6flujGo;Rm|X#xAUwmlyN
zyhMF!^G#9ka<K9}p_RRs(8~L99$|R$kAXi%>Qu>we4@=j8L<k`{f2bOop>A9yNCS`
zh=jXn`K>Q{w!)A#4*^?q=-m+gSvce00LfyJR{2<gsp!Djd$bmIA1siqAfCJaARfPL
z;@R|<jQXYk29UzJJhvJ8&=YGibLy_fgOAVy7V0$5Wn_v@b1<9bL7a1lZ@}!Je@N?y
zJ~aB1bM1tqoYnKhu*%K|9~i-nG_4>WbErpu1}R3-tN%o4288_ttiOw<b*G^WSpzGi
zBW1beM&Skm@MNI0xj<tZ%!M55nvYb9H}NHJ*3MV2fBgCHPsDhOcT@mF{Jg@QhA^Xp
z>6bITUN@qPM;S>rX{V5MtO@fifsU|1<^>tXzZ&%Z>AQj7GYCS`XZ7ELUcZf~zLC+>
z=A~@QN(!9PtI&#30#ZlniX}_>4jyUECHFExI#ytQssq)eSeLClD{=$DXxL&FqpmmT
zH_MlVb*qy1K&~kTisGkJC*<gJA(#t0<W?J>(fWElf-x$FTda4QZwgQa3WiHd&j92x
z6+tG*5-b<@Z@^?W_?FV}xfld*odcVU=VAIbVtxi!xVVCLfV?LNL-2Q#{({_;U8Ua-
z5zCNPl>cI%5e$bNUXM)sR1$2-`*B)N=-2vNMEeJshn(8K#V;j9+sVVw39Ntr`u~_u
z+m7s8fO>u$YU_L^);*n&zNy&IkPt*YLRwO@00lg=uZ2S|$P6<rI3wk_G1DFaPXnn4
z!vh3V9`XVR{#!pe_CMiV_@|BL8mQ}UH;gp8zeCowly`^;<t{xmvL8dP@>1TF7O5@q
z8r~d30Ym#bBOzG`0reVG$HhUc+-49Y$dto$>L`aeHOO?zhhSw{2F(r39=Nul%gl@>
zKnnI$r4Ot}ff`Otk<M9K7a3k;GFqz%#uJN%Pext9MIy~4m}p5nwPh>mqI=uSC+Kp!
zt3HYt&=-p?zi07S16hjlR0Kmqto?rN4b=XcJ1?HSh_W0y%)9`ewxP+@G<SNaImZGt
zob2^ZYlK$-LxNAS=da5MQ{xEw(EFTu02F4Ey_M_j?PK*4rTq*f(0k4bUHS#0-gFZ+
z;|1Z+Ka4X4$opTwHsAoSiK$px5lMe}8M<_$fd>3SMKvqJL)f3a_t$GSrG+<qeo)m>
z#7lZEgYtFLF9)*8YuRH~RXx%JGeDCSg7iVs$M*+pEB8VY7~dFEO+&f*_j~tcedZuv
zm5=??my^jb4Lvs>o*;+rsTL5?qDs2-uBF6&#>ky`mJ2LK2zu;Z{;}Slfxgf0WtY)x
zV&zlB>H`jnM@Wl_#7}Y4{6n0y?>-YuC~S$wBmQDQgr&rIaOilDmA29SIW8U7p>F{i
zleH=w?B7iSr&gTuNQnY(cTkrLGV1s<lAb^V^3Z(<_`dlZ-|`_4da^IQy@#YqXc~JN
zs|qj35sC%PX9u4`D?fNk9DpG@+NstqlRxk7`)`BK4CR8e-fk|4^A!+Y2GAz@8v=U%
z!3eiJ5;R$iBX8N+tf7`P2-1>Uij^pfHs#yR&b&+bxvp!ZToHEUWk3?Aq5u#~3|Z#I
zqC9fia<JWTYd|-Zy7K!jTtZ$XvJ}JcBCrYk;?Jkzf!B7c`3>Dq#mdXy*d}g=N!#D0
zJ<(Izj=uF*LI}LI$=0DI^}+0TcZWpzaI*f99<Q<N96p53Ito3KGG;f3<M50RDUW%^
zF|mcjkF>6Wv-Nf!I$<;eBp<avD%MJ=NAd_P6lc7OVT}{8xlY=v_59wSgXE)-?i$!~
z69g<cmV1HKutDB6#HtIutGoE0SHbIPN)x<moRIcpujG(gq`5@rl6H;0+E^F3&Av~h
z<DUGQAcpC?^?^=Xu1~;4#55A8-^yui&mDrzeGO?7`2u|8PKDt_{YRo-vEJiFbFgCN
zCVT8CcAi+wc6_fHsX;&8!3f^#Qy0!>?y0v6NwpP-snXa(|AjyE?U{DJ>*RamN$vbD
zZtmTr3j_Xz@mCM}tK=|6vfyI^GajEp2hD`ECy5-wxt%BTo#dbuO6VTYj19FbJYHcJ
z_EMb+oxx$gaUkD1l@HrSW3PgxKbJMsZ*8d$vl9=yp}--h>~NYjq8yy&l6vd$X@*i~
z^x48s+u4tC8RWES4ds@Q+Fg68LtB>SvSyRC*0Lu#@C_$MsE(w(a~WVuwpr(sc4+IK
z`gRwKuc?5U!(MC&eh#+zF><5A*s+d#c9;`aeE1#Tfyc(Z9eR68J_Iwwn;;G<q*tug
z+ZV`5gbnrn5hmBO^QmYr@P8brFa>)`S``6U4}=kemq@TsF%B!>>TwV1WwuJ@Ag$9}
z7ym_bJ%%**m_31B1olgUrF8;nyMlLV^^N=Q`@=8}Vt3<2>5rY>0Mw~GvNz6Yk4;IJ
zr#q(_$Vi@hzjWFxZ+B5`3PEk>{!?E^J92M8yJ2c~#5vT3%y%S$QU`0Bv0r7(8M2hI
z6_9_Y5Sf5<Z`5<5Y^Z!B%?x$w_JXsVR>qaKtCiJy-;mcsNfzJIO19?y14L7EbCFR6
z^+aXvbomxPAJ=9cMi=Oi|CFXQztQoy#IXHNoUDeyakA07hTkw|5}#;gvv{RfKbSpS
zNEhwnsOOKw{ghQ|e)<t<;jD}iY#%Zs?Qx`1kZM5p8Ot-T`|*}0i6ResTR)$hhrSEt
z)n9D$6Q{CYkQTm&Qtt^<$}mE%qTMAoJSGP)e1&7_?SI*Gy42p?UJM?*ui%dF)f4XG
zK=JYZ33TxhzmWHXX`pLuYkxTNf-wa0j`%d}Mj+<~=F%{LOgQun<}Z`*xcHIsYA5z^
z^ANG;6H0b>$FcK@-{Vr8(~lF~-J3(yM+>#D{tUJ&AFBa_jvzR8N&Pc2;&jWY3i9S0
zMejK`jFimpxrDXldbCWdL=20E=mRCm^U*fnV}yws$*$7km|U5!!|Cd5#)T7l4$QNZ
zEsis)h!)ra-LBfvhdSt8vx&!%-ZjpP(&Gjgt|G^^eb-)oBUp~kBUjsQdN{{4(#siy
zlmCkLRR)>hYf@I&2_#quMu5ZgZ><rakurd!wHaY?<QD%zi12eD+?w@*AK46?N{BT{
zkPm&5PX8<<0DRIwbmV`*r{9+SW5%(LW5s={v#(53l8v*>lqSc}OdKk2K$`xSxjY0a
z4NpP#hN?H8OZ*BGe0%xJZ-yTBHv8fuW?Ox*2MP-Y*f*>;C1g9eI0>-Xq@vCe9h)6R
zY-tY=2>HK8gZ-^V_XCL)$A*eJOfOCKV>n2F2N>2>wTP>Tw_Mul^}+y1#sdT2>09Gx
zoJuVRiixDNwkgs>)CgRe><x)3va6QDowj*f%B1PI_!h8qpWf;wfsd^J2Hc~1DY|`w
zGyJ#M!3cya_wYpeFZz{jKr)WzxFCU~-FKj~|8k>4qW>>E^~)kt6tjYalC|FAJ>D^G
zU0)I$(~Myo06HcukL|VxeN72a*q@3!I7@3L1)s}vA9AbZ)@sgv;haF6vCuII8oK@<
zKl1Z)1UdgtS_lBqBkeQbrE+z=0kP8P&c*uA&rb-s-3FQj>J2ZEeY<Fe-@jV}Vo#i5
z2$H^B0vHOEkGOFltq=|DK2NT!wB6UlnY|VpV-VOrGurm)?^hy7w4dnhcz-5uy7}xG
z4D9V{h9FMbU}GHbXfUKeAS#zGwn)L%Hw757{97g0e4SONpq}DMPS*n#pggK{&%@5B
z=i$3yw}ZI=6767}>Ba^qP{9SpHMSj1V2BT4;K!VpE-NAO!m?Xmg{lumn$|}@B2z&s
z;JVVOPL66}L`i-X`8+azrS4&uZJ{KGwV68Y8NfHF4-1i&Pvp%sNbkZ92+M%42PW2l
zK%m5V^y0vObkF$J#byP!Ve1a8N1V@Wo5{^4#L9~Ro^`*?7vTOn5$FegXRTHVC4_6$
z63=t~rV1U8sy$=Uj+9ownt@LzxC;N4;5D?=_di4efxn6p3zD4&Ubt-|HH@jn*1c#D
za;%v^`jQbn5P1;}_;oVS;ODMr^@5j4bwdB~WyJYC;x`qI#lJxCBvZBL(Ci4g9_-(?
z$ji6<A>I{&d>EUffrOO&1MHGLQHNTIjW9!9!$&4IROB2c5cS`Ks6V#%1|sV}bF0Lf
zfm`YB0-}xf6V{OS`0>;^prr2O^#NUUTn9Xc$jjWc<hYVcZ?_@<suIM}c6d2ohaT&m
zV|j=i{8)KiRum7g`<9cM1m4YT%O6Vg)w8iu!5mG=e!?mc5bFML-W^?k8rno%3hHz*
zC*E#}S?wuyG+%;ubU4Cm5%C{I(w|pd0KGgtYrJ4>c}Te%B+Se4M<U>TA@0$*=ooV5
zG-8)lk!7lVi^Zw()kwrv)>YDD6?3?Xx;m{E9_MoUII1!ZOVEw8M_%?8wqIWAY93;T
zLL7R?+oa$Hdsm&k?mh$9)5~(SXG9>*5R2jN5+qz6bmYct_=s382>z(il``W^-(gh9
z5we;kgGb<85%dLI&6{o{$DDS2mk-FV6M55KLm$*|R(btKh@txLiWV7ZIaB^F8fRmn
z81%|kjmVy9-Wk)I^ZYfzIWvi;h};mbz5vw2HSl2O1G&=mScCtC)3)`N9UDZ6m$7%+
zP~xo_TXxYHQq&MjOn@{X(H8#(VfursBq9M~+yDRMQ3D&01HLm`ieLzv;EXb~c1d&n
zH{RYls>-!{7ghu*r9(tIq*Ka8w}jFl5)x99qKidIi<E={l7b*1-6D;Yq|E}P1tcT|
z6al~ap!+@V`+mPO&N%;^F&umE<$hK?_jAXb*SxN4!u`TaK6qJ)J8%R|0d1qZ>gd#i
zfBZY2l@RtcY1TjU;y;M7aLCa8!71RAptezYYVaF!Z-4~-OSbfH1gTavHgpuNU@c(A
zBVc&o2+=>L;KmVDl2!I+FOX-xf&d=x$PEB-2xik!XG2%`gk7giUr2<fj)d>`fT%9C
z7hwvP8?gw=v80vy2d9(Igwfs1Wh*!dOcymcG18m!p8cK7no#FVF6nh=f}3XM!ckFC
zp>tURXc@}aPDUU~;058w=vt>ifAzy#3dq2~&cFdIhQy_%^rPh;2f(EHWo$k7pJPi3
zp#(-}(jx(83R3DCOyd0$Y=Rg9z{3^lCFJ=(0)CaThWzD!=q~Vk@jh7@AZ~r?Ac{(k
zrs)22bWJhA*%z>vkc7NsftnO4qKJb3{x`S;_dl3Y1pCP2%0Y(YzZ6Uzkhg7MkT?Gq
z1oPJ%jQM|QtB^VHkCyDeV4r{f`u}uwuWyhG6JJ$ETJ621tIgAgM(8Ipo6QpjWXJ!N
zGZ4YI{GIASE5y#2>y-yP1EX(Zip+eTC(3;fTrmzs!HQ;v%3{z8`Ygf=MvmB~a7Rm7
zqQ;FwjcYBA*9x2lNJ<=Qb_<hY4WC_xXyM-@lA}AT6m&mWPpSQ$_WPcz-@=Xartek7
zsw~M@AxH@VEDEo3%n^c)ALbCi?lOWV<7nim5J*M&e;6zeWX>a}cp#!1lwC1M{j;E9
z#oEK{Ap18Y4S9L}uj|Ucg1kRV{GY%6*VS7}*XMfaYF(BEvwJ@j-$^$t>hcAj7%%XN
zIi$VbG5FhGix{xEK$t|w&=<7_>swn6KMvg8TT9T9F-@1mI(>A?-15;yegG^4finkM
zym0w-xIFNV<iJrNP0%Qx6+8~vv6EZVb`rlyd8<*W+2X~Pf`T64Fxw%%!hlttJPbMp
zKm4D(4tYlKGJzW6`M>ZHiFp|mvW<$2_>rt1{DfWe<dSpue@*_b1#-m*B-th4&%;q4
zis~+!1apcKuv8H)+XA}x2$)2;Kq*T%woo_c9#V+{0h!s%OLt&!GRFxb3uKXSiJU!%
z|GivwMvL<)v3kX=dq%5){=v%f*WiA_aW3IE08H``FCU<t6h#BzKYT;#Ev4oSNiX*P
zD#en2>;uE*k3MWy_di)tdfNo&p^h$#Yzf)41xjylKbgzEL;LNx6pS=X`c@b^-*tF%
z#z7FO@#;{%mk2oYdtZ=btQvjB3d{%65qdGVu|Ke%VeIN34Mm|9pOT}rTUH?KamX#T
z>3)!B$!k>Xo?LXTu2efkq%#vUL%3^S;{jeIT76oYYwm!W^dO{3<IT^1%{f04Jd(sB
zFaSbJk{GQ4o0|IgMyRe0BTR(dU;3A&IuV92P&iE;UgqXq{EKic%MMcwt+)OFQrJic
zsjLIoJ$osv0AKj_dp5}6nBM&a2iluWKHHUblXu5}R%UZP<8}gKKJ7{+jL>J^<V8t?
zrfhZeFZXGhEf%SOf~BaagiO2n|Nmg(Vh*CfKXTcHgq9Jh)0laRi2<EC<mBl}u*|p$
z*j$PC)_h)J%tXN`02!__KHtj`y;u_8)k@9s_gqup`}w*0HI(8IKU?RoZ?bpb2b;iy
z`|J;eql;cw{F~r|R`;OL8cDZuyJWpEDc+xwAM2Q!SE`AGLPU^g8W+f@HT^jkxKiXJ
zg2&%I)BFaa^J;{6qFWDs$DQB!3gfF_!0J;Sv@_e^BK`wJXwQYg8lZ_a3^kQ6#9$qp
z%pY=U7rRY1qu;8~hM9T-ZSdtABvyhN#d0xldH{(OLV@+jxbW!QCfEl*pj$zF5XN3?
z?1uGEYn?r9;9pZ1Dekcm`7eqSmjRpy**oX9|KfeNFk?|JxAgL~=-%&1YNtp8yjKEj
z)mi{q8rDB$E8*9XM?TPfi})&f<T!$p(1t*cXMCIM#!M%AP-@|E9)=OTX|q3Z{V#M#
zw;7W05hVPu&?jRgv(fI1re0~RLC0rb9{!*{1xzMQ&R!(gmS;q!c@|~CUsmf?D)oz4
z#1940iqsoZet>6yoj;EleFKI;A9v2Z^?2v=vODgnPwDD21xBt*fNu(7tYTLF{*gvW
z9oP|f0?@LUVS1Cc`C6W_N1nCa2H_VYSiIzL+o~q@Tz^g{Z(hIzk>XpU$^_M=5@Y?=
ztzO{sjo-Jhz5jk8-tztJOW;iSL9=Ockk_;!pEmL)C6!D1Er4KCKh0#^`E+%aOgp>r
zOM+&?gfvG==Jl;dwvQyC(y@t9M24D_#{cZ1>Mio7!5Po*06^T}_~-;aNi}@Q7yyKe
zs@UpRH$=b>;?1a3%pSs)Ts6PtIp6QmU<54BgX{r)fD3@M<Q*yQs7tmFu&Fi3Glv;4
zp)X4#>ri>ScPzZ(4#T5);r#hG_A?x+U-Xz={)hzB`d>dhKL*j>cu#7cl#`QPW!vTD
zO{Dfs$*ENi_4RueURm3|78~%dn@bG0Q&YVmdhI@iz9<O(cYCJA*Sm>(J%38xf?|(4
z!e2K}FvABOG`jh)JaOdZ&t1v~4mZ$m;$K?^vLS0xj{ulx&t9M{GM>AG;Xrk%fazQH
z3^e!~vLJ;YuG`4W+hyJsR1V4*7ON4FD<d}aUzl{Q63M^K-I1qb57)>Cwc?_-WAbh|
zX=kF}n1N5rvOvt<A~liEw;&5od1Qg@166xVN$}lY6Uqcy0)ukR%&?=M&<<HOHTt*i
zuXZYo<44nLbuPXIo991b-!B=Bmk7}-fgBtVZU|<EZx|r5es!ojYC3n2gLXY@u2274
zmG+oovVZa7^ru>drrVSEj#N>)aE?l!`S%m`(JoG%>~MFj!A~iJq1ro#P9+a63jaYu
znEi43l8XXGiT~jO2-bl~L_IN-B`*5YUY-F(0(+b!E;1g7m00%nneFY6*3(6YE|$(e
z{f+y_ZZbM(7a43Ry?1~}ik<r(Uif#S7tZ%kpiar?fO2@CJPX9XM1^$)MV7c|zr%!Y
zpZ9;2KE6SE@pbR&)nUPb90r*4^4CFM+X+sCoA*x9C5TA`n|~^(Cr6Gl8Tjg*;(AJ)
z%+^#E{*wM!O-1I!-<t)7GJDQ}5NZB<iLH_wc-pSORTy!;xU0x)kMjgwKZKqvzj*t1
zrTK3s{PgYa^pD{XQOfV(A#x?)h(oflHb9NciB{q-`sJ{dtT~U>PI?iY@>@7IbuH+l
z{axo@r3X#kMQ#&AJ2Gx^leNkBSjd!v&WbsiK#~j0xfQ=rB!2y($ovGTqoYH>HG*eP
z)>9jZ?nnoBEeOR2+5?`H_>^}ETzhw9^w)!Mw4<<}iQqc;>feM=748bVNR8JBN6fB(
zCWtgx;O74$00U-$8q_xtMPMKd>oJ`FXNo{3r$(A#=qk{EP!IRwp?ll;2aeyG`K616
zke6LGPiN|w*xKWXukkXo4S3$dIux^0!#rx2GZ4Q<6Lseb1MP&@^kmL!zbAG%{0jAI
zBK|bXXV#V@nk^3;E|qWDl)dAG!9w)w7G773c=DOf)Oe=ez5l&E1AQgRsL>|;6dlFh
z3n(IGGs%bic%^A{k$Z(Rvu;mgq9XXkp1~X#EAi6Q-f4~;4&Q5gPfQ-6=wCawRQK!k
z$g;$N?EWvV#*(+qL+wL=iLJd>&l_r76Du>Cn0)d&J*_Fp_V;DnhLto#@=fppp2-wx
zV9Kv-*?oMKgDIv%rGOu#za~D7Of1x6B=q8Z`7A6|UWVeYuFHNH7MoeZlU)mchhY)!
znO}7F{j!_1>%ZWlR(5xzJ+PUEasR`WcovzAJF}*5@e;m?uKDuq|1eoN*_nEs_EBbD
z2F&a~eE!IELv|pV{J1T&hOc=bA^pP<m(_UfQZJq91J`uta$-4w{cue~l*oD~QJ|F5
z(=xX-E%o(dPq)*8pGZ(&{8aF=?6~Kf7Y2J;0TTCqpCD{=1xxLXJwAH5z%NrN(@Dqz
z9K@~M*yU-ko-g)&_|iiJzy-DW_5c$?Cdd2Y{(OZ*?mF*q;{B<mp3j<d`Q1K$D_89x
zUq=Y!84@_Tzn8*wsq?Hk$Ei6k3i;i>@b>#~4`A%Ee9`4e1;l!?+=;SVd1AhTIOnnC
zD|&aQBoQ2pD+UtC3qFUE5-GY_>$({jxj5BBp(WDneJ2(0x0%k#x8QGDr?t2l^Buz`
zZNU__Tj<5tCa~qt&^)5kD8#Vl%bhYHEi#!f^_gWv_Mv+5+fC*jI(^}gEg3~kh+Y5Y
zuTsVL>hjd&esrI`L;SmqQyQz1S@f1E@BWQa(T5ukc23w<-;tY6D`Ib8bDB4$iRSgq
zc}6rE0oIslk&7|792X_dq>eb=fcfYhEs=WG?Ta+3X6Tza0lI#BVHH-JJWR=BC>f21
zP1?HO<9A=>++}k4z`S{LqJEnGR#vK1kn+UaJ-$({U<ntkWsVTZ)VO-aNdLL@w+1l}
zeAsd$+Fz8OS^jKR&8EJql{eHLOUT3!yS<(DgZv+%^Cps?N|-CC{5gWxVblgC%r7ZH
zDyIWGf7m<y4}a<1?FbFwvZby*pwJO;)p>?XqJQ4h!xmJ1vH_U?N9`AoE(qX;R%bBq
zx!Jz~&dosx4{ty!&hhdSR1F*uJDqLF9F!M45z$K=A>1OTK|SZ6P@|0o+-@4SKV5T~
zX!J(+3wL9q1e?$JcsL1oQ(qX8oQ-ZQ&=g>JApv{ce`~}L!Wl?IOaQFmvv~Z@9y+Pi
zAsGx{RK=ie6TjYi43Uz2egcjSt_ar*F?jDR&Dla~+X!h+20YRblmJna0=38~`PU*A
zn0uq(zU~Sh3i*h>b9@0Xpb7{~vA`@u0$u^XrHe=#4n#A_poE;b?RYc-W)2WE+>d$(
zm9GX67U%`DVV`w${^>>m_Z*5a&b-Q$fu-+&@VDOc)%dU9Cub{$Q1Vl~r#)@6h0h`f
z;@jj!2)0K0JY~&$PQIYBKzh))7ESg1@@`v&I&1V<5s+`#Kq^r={VMz#V00z+Lz&>l
zZ-Yp36Q*X!U{6VvZ*&JMg7b30=5I1tNB>&>&EwsoSo!{dFcFIBpMlEle67+pf?nqR
z6S1fHzwhDK_N>z^OPY&XltZ775XAPb<T!wh*+s8{@raAP)+Tnk=-q5B(onFr6^N9H
zy*N(a!EFfk!!7s+@fVDHf1Q@GeI~5ZKy?mkl6bv;Q9|I`Rzbsx1%G>81=w{n<S{RJ
zwF}s=bETy9qJL(=T^g<**B8RXw3`g%!G2rZ^|OQ8Igik>FVBGPb$8VmF{Gd)(|PfJ
zQmU}DFshhHUs&{wlo{ez14mgPF_m9AIFmgbi`ar<|AhnIm*T44P_@=pSc5RzgTA;Q
zc$i=*DJKEt#U&_8u8CWYfcc*@xM&HSvIscXJ{~~j02aNr2&IeParKWwth_reku0{b
zi0TXCkq0oQxj@tPI<PQU2Ft{;JNooB)y^aDE;u19!4W9T!+g2(3Ci(x-hD7>=+Z6n
z0jG-7hxvZ_XT8*)J8ec>-L{@l#2_X%@1RPe$;O%d$I#~3afIZofE?uiMff^~zy`NP
zfSVNb?|wW}ziYf0b@Zsl=v&f)I3jybWM<hCCRA}TGb_AiRd^ckJ;?ePm4N{n8}p@8
zxoRhM*(29jSeZ4F*qMpAp0c;8jpB*_9x}d3+N3?CwY$>45?VIs-F+jk0Y>Qg!bjuX
zPc9V9K|0LxR<uMpJ+g7f2yv-{bjZ;_Z&_#BeS{nTrH|F|b&88>XJp4bWyI@cIeIJw
zVO-!40W*F(Ja7&X5j~E^Dm^`Y{W*95dW{$l-emlJvFuMz0`VDxPwHXArm`wE+2wJ9
zw3!V;%|SioM|yEFxaT<uYk;$m+wzkb6-F~o3gb7twbGFG>cLX=1`Pb%_Q6Is(>vhC
z@U5Xb?MbEA0|B&9GY?lb<5C|@Oixdr^DjgsAABa|@_ARDl+t7aF*p1a!$pHsahK<-
z;B9{23DQRY1eBL+A}#`{FS&i#g=%imFG@<vXRvpO-1?$^Bd6J<hJLpd%}yB=71gKL
z4PVIaHqm&s`Be+Z%kvYW$APaP;IiF&3>U*e#t0S}5rH3p#Tw6lGnP??2O+Ikn}Sm(
zFmAna-KX0}o{O5eHs4-M=zk(-d6MK@fmW9&H0}}Grb`%Mq03CP-f=dq7t|>eJ}kw3
zo{{ZrTrQVPh0c~njYz<A2xOPHvbQmjb>X{ZowH2Oyn3;$PPg#qv-6kJ<DdXiU_1+`
zj*7Ll^@lK{&<vxTk#=VwL-2TR!FKrQnDRI<W#T~yuMT_0$D7{et=~QrK4fQS?*YRe
zo-iWn1RzViZuH)=g~W9e2&3F(9biyej5`BF&%#iqNQQ=tZ8f(Ri;kIXd8p#(2Hyrm
zLcnEU2W}oO;P7X@G+0n-d@a3JClK{!x8pms_#tYX0DHrD=vH-U0CgV~ko^7o?KzGu
zdtq7q^H(wr_`pHZt?yI-Au2%lX?c~{zHGguPNwD+l$zB7x736h4onP2imdV~g4HSK
zc)?$$4KF(R;v@Zw&6mIMV7eYK$q8U9kcJn}0J5+kM;G7|??TB1WqMCCq;3uPpav7E
zu-85hYvTN1*Z(*h*CIzX#ujSfOEM*<j$^eYr<i2T&R%fHlC89<Gq(y~-Y5kV++WX!
zaqBC^uC0em*<lj(^z^=fVp;;@{w*~CEPLksK^9oHnXvk~Uf<i1<%|qBuq=Lmuxs0$
z3@Ga&@H}ZD+@wAnb#i|kRE2XHDr4ZrK-ox(0TZQ7s3cu-b}qiX_)aAg+*F?2Zw9+1
zN$D{_H4;Ilc=1pMq<4#xEiETbICtjZJA;(1Wb-TZ-MUId#pV7guMa@7M{2*|dBg)=
zQnWyv4!d&6{5p*EhkFCC2b~9x`d}Z1PvB$o1;864dUlf!uh^pO-;=Nr=o=TKZhvKt
zmEOF++4xGI<an7(%Z~wXFwy<ckPP%8PVgk~P{zTC&|+d2a2pTId|V?Iy!5c%gAcqC
zj=`c<!{u7xv#y#cdH<Z}Zds4g<#sWC@q9ud0u*1I96Wkw;)dK@_L}nj>2RiVjN%57
zcrr9ICd#|3<JWG@^**C{3)D{!lc+bEeAX;`<!{hND_9p}tU^a49R0ly2^a^RYwk<3
z3vAs>{t7$kE!a^DD^!AB1QrAeZR7$Om~t~VU|%T=4R>o4QGxh0QPGoWV7klDMl@-p
zXVw5CyB4zxdwO06!_o#?Smbsm)nr?d3>Z{!tY-S}T;<k%8XA2@m^G^W)lURx;En$T
zjltUH38cp~lLZV}20#Vy$YZvPTOmwVF_*35Ofc~f!%~L0OX|xjlxQP5mg3RGawVBF
z^aMtsX{?XDK;=fn`$O@oEC>yI>E&*I;v+)2U6G91_Wo60jV(47%qidExoo70OygBT
z9c;aQZt0J#EcH#5o3yjh<AGbBO2z7l+KDYrtbBbU<7>qKa=NqUiCjRfqHx7S(&;->
ztwDSx)?SR65*Ugp!gg!dw@+1;oXJ;Otx2O!rPp~<XW9+BYGdh!ux&IL^5}&%X02&Q
zM0{yI-ER~SzUeLf#^S|W`u0IB?AIaZQDI7(+fYA!4IuDGIvI=!iz~B^S;XlBFGoj5
zJz!$Z3G*2hKX!uTYP)x<4wSd3d6So)O3U9PV4Bg~z&(3SOVZGcoiU;{i9=Tqa{6@X
zxRW;CAqyp_?+Sp~Q`nv}U8DS?>TQu@BDuIsapgU8vJI?s`&Q`AMuR8xxVhmtNuh4>
z#Smx0PoT-^aZE4QigWACGZ-HBsna-AXd3QOa&!fr@=1$wlZ}{U7H>ku;qsi=U_2Iz
z1Q2cWUuz#s=_ZNLi<8G=#PbizKQ@8OS6LxhX3_ML`DY}0V#uN1yg|&$Uh8De$D3x@
z)|}(n#6u4%zPfa>N|{AUgfigDiIWP|a;;<UtbV>qc&Y)9{@A+e;=}1LeaTn6pBG1-
zPG<_m%H94Nm-7?6*bQY)018`oGhu9boDhZiJoQoaDnv|`N@G*Uih%H^9>HQGLslm_
z6d8H}vol3FOmS`+)o&kaYF&kQ03c+`hpsSjlG4x&URAWo@|dLmUiAfts;d2EPGCu<
zU(Z}a#=-w);npbk%B@K0F^=OD1lN#Z2%or;{TREbhJnCvq4LbVDh+kB;5c>Ll@PB}
z#41$#F>knMQ@E<W;F~Bb{$Nhm;zf+S8SGcwEl4uSwHvKGV&V`XEq8-^rg}gZ$wCa-
zCp@<h-i8c9GA}DPAK@(i+i}NEX5TG!u91AM5Rd{RGgzh2$o8GWzLWVYRMb1^Lz}5h
z*7vdm2w3>DNmiBG>5HCr_S+!!=DEU;iYH63*4t;j+AmwiZkXCLqC$-z=urxDR{W}X
zVX-Oes||!f&w%f^Bs~UxQHkBB2%}qDuD1o(%An7(vC~xcn*OHG_FkE460LPh<S5%>
zJnkl&JW<tap-qL}!E88DFdwJr5kF3ZiXu38B#p;nuWq&hA^F9@$~IygmXp(96jxU$
ziZYR&H9JRwo!x`;nmgOZEcC3>5_2T;=W_L~t7kE1-81nov8}HG)LIz!6|CkSy?Awp
z%nMxZj95}lOl&G5y?j~B^iil#yi(o<Hda=xhkjUc^jCUiZknu~2aCN%Q8{P7CwnVl
zkK?p&FrRc!I{lQyLflqyJ2&eAK=$SXS1=*dF?+);htH&&*K21^(TNkt9(>pD{wbU@
zOk=+yVD=(w(7;;s#1?s`Fae7jEvDC<k!0vxyV^!${U+<|Rb@Mq{oxThR622oT{n>8
zKU765d;tqJgES%2wymc(3RO1GP_Y}fNtvYUcWh$>YD8fdn%-^Wxj8#e+FnYo5w#<1
z)RR=?P1iJ#v0Z<DYGC1=|ILY(;P$~^T36W!AzpiN6f*>yY>eIz^&paV!z8wXz$Up<
z$hIr=F+Frd8a+_MvRN1gDsz%a5<I)WDdv$>>Id3v9^sH3MpShe86Q>XMX)MauJo{(
zzsUecevZhm>0-)v#j|3BWVci8=M#-B;$eg5j?Lz6h>w7Mt1DP5&~B|lNe}<N+N`ya
zrb=wNF2NQ1+R-x~vzk9>VHH-C2o&zmy0NzhmA7iv2?y8>rh6+rsoA~3AnRw+q<FlY
z&Vv35QR4vCwzXcTpO9TA=<%zclF_t8UDUtPoTgJHt>@GfnJ{_ehxdowuTPA8OG}i^
za_#>Kek(=M<)xtv6pd4cl#<5bcNM-kG722{V=k9R1n-fJMv`4>bR%0((nY*iII^a)
zqhe!?pS1ag3oD{EFvB&)kL+ewqR9szo8EANRc7DWAsY2YAGUGZyI1K>Sa`A_^Hi!W
zxn1CVL6tUyWaXSlNcLkRcr)=^MoS;b)6#FZ%9^r1-@DQH2v@z86t{7XC9IIF8GHRL
zvC9E!X=*%#Ygqj1{u>!_1sn^G>zA<JH7b8j2zF);&7|+#c;~)%|EehWjER$WqrLwg
zGzXXl(}isozO7d0_$ptKvifJK>d$0H?s{eXzSx?i9*8T=GR1EdZY<T>_dv%H(^ZW_
zD%rRoSr+Lv*2bGbDHypMdU}oJINR~M_6I$1Is6HZmG2>Jn4-rq)q<TD4`+e`t)B3-
ziIlXA`Yq8Q`^-7+%0O0jnx`aXjMrI$uEP|fjm}X`y994;Jq@e!GC8t9;SYfzY**7_
z6D$0Laq^GJvdW1c2H8m<*TJ7DH~63FM9A(=77Ve2qPxz>vvVAQIx@Dh%1--;il>0z
zIUTvSpFjueVFA-MPM!ebJ>ql)Z4HeCfQ1XaK2B#~_}VTVE8P6O_WSV4%iD{rK(I%<
zquV1swp~;U`M4UFD!rm5PY!P@n9dSDI!qYgn<u6nYG{n34k29A%)gxRfj9^0K2T)1
z`SKVWS#P_5$$|s=8_AsT>GJOI`5zI-!ZM!7SJ5GNwSFG%ak;vNtN}V{DhXILauE^|
z>eV<IasxjJnkgEs>&-xzN!+X^g;~#<;+O<euPTr~tKM1|EU};|4O;|TB_#pN=3<N7
zXj%idSBw_-qm%idL)5`@l19Os;6t&*(f6ZKCtLB;>G?z{#nv>|)-#_{GK8*tvuF&Z
z-#R_Q6yH4QoQZSJLjFPWQ(7<wfuJW(Q4_)xe&92_7Eu$n-)MQN5~TrFCLeDetFB#t
z{t$dM3+zv%a00RH=1r|?pLLNtA1G;Q^WifV+O7tqkJwa?U2Pf2lsfQ?S|5co{dxam
zKK3bX91P(Bd{m`D#Mc;L>W+O{fFbj`NfVZFO}X*!e1Xx~7Jg5&(uHEKU0>y;;*)0i
z44qTi5ryN_vo0>Oz$Xx3C3)>Z$f}+2@F5<t%Oj}Wy+-=5su4_r^~4-#$sR>VpW2qe
zWnDT1;|r^C2a827oCzv)*UL)%I*&uy?GO4I1t|mXp~2#7D4r&VF(_(Q)Mt^3nwMV>
zYTV!Kd$3HVDh*^IVP7NWA4bI{EYv&(<<gvX+pY7^??DlApj_v-M0=in{B<v?)re!w
zK^yMaA_rUYdwY_#()Y<A>N8!JqoG*mgeUCw&er^Ba^8c<Sxow}wkK4LB$zl#iJ*j4
zCGsdMf}lp1co_T-d%<YyX(PmjG5QPh?rVUXKf=ddYjFbm#ShO7H79(Q`D<Qu&HR8C
z!kgf7$!#S8>0^y1@fG|*$8XpQCGZIu64G9Nm1tvZr{+f&vlCX1$OS+8h0v}5P*87`
zsrUw>Pc0XX>#HuGU+4~4<&?iV7Z&&GB;Ndmd5MW_#9FI{?)cj<@pWrA%x~sYB!Qrl
z#+1)hyxohnw*`Hui1()LT<5)*^}w9dC35S0?fTQbjNh$5Z36vDbLjUDATEEtFtn1w
ztCJNtTdz`ZVYL0XiF#`q+<xPwhj-$U<#z^2w`9L|sqDZ6$pwQp64JCCw@@c5mMF4R
zV8d|<<GYPhUXf;jz19mO9X&zne_)bT>o#c-(E!0pFPNa+0Pz-&AIXy{T!A2YT6F60
zQftr&p5nKXS0Mk$3OzT!0c+*lgaq8-XIId(&c1|=ub?XX#K}`}2#sN5#c@a#yx!&@
zfvc9rs3w(;22NF3Um41j(f&0KuC7->*SIK(U*=Q5*-;^Vrt!@J+=1VN$ES}r5C=-+
z4w_dR&yVgBjJ4NG+O$2TiMrtu^i>0E)fR*2014R*z|=m)d`XnL%xn@m4v7OV6xm+}
z(TY>9GlY^z5AGd)UErJNl)gK9XWc~UL-wHWYW?{rvdu>k8?q&*rRgQB@@cPO=8Lgg
zh`HBF-H7Ny;enJaouj-CvJX9<ep+!fvoOfaij6R|8V1=AQq1RlrjeKciJEcPvuQ0d
zn#T1Bq<bvSFOI<vi?n%rd!Px)ZSN!tzSqguNKRn$N`~OX4MH<mB*&q;tZQM(KB@47
zMOp(C$J<{GiBucP?<-d_%}T307Lx8#C#nXUsBO9Q^P)a0)l!k7o-gbm*X5}oYL^E4
zhDAdweBpaS{a~Hc15Gn?+eP9ZtNh-Fd_hr0bah3cp!#YHi|JdnDtkm!_+SAI`r#nd
zPlu~IFrdUs(>WW+EyZme-BOUDRe0w#^dUC5g`eK76imf;u|lZZnri0MC8N08DwIBw
zeYV9dkexm!v89mqoR2npdHWK-Yef%oH+vqT$LPRmhhmdVLsFlRH2KiY#+t-`2#oFW
z6;J5v>wlD%M{6`bJnh-<I&K%NpJvnL9l3Q2y!Q-UW>(G*Mx}CGX|uy?^aWT^|0+*T
zPL3g`$>(L~_w9oX2N%*Hk~1*6%+Aq1(z3lgTx8#UhSBjOqy0hGh)I<_$+_wUnt)e1
z4}_fmH`@S%6@FPS0J9%hX)iI7-HRA1msfG%pvY$SM|GHjE3iQVk<9^_r}}&#ndtpi
zkV?4=JNm!4wW4t#$@=yrF8QFbVr$zkyM21rSB7mr`$2Y8<e8+dx(N|u;l*#CTsT*l
z&kf8kf}X_SQ%{as>~rU0>|>#O6gGp<Ut5pERN)pAJ7rKENturOZm|i&xe~@kBHT;b
z>wGLfiKHX#4l0~ttM1P3z8MkCm#HHgS-%cS>tQDe3<IGFD+D8il!B~BXS2I%VEY5l
z5IC~ck6qFL9ye};!4${6f}l4_Kc2}&)wP?}RC$wy0-NZiTtjQEdaDTRiG2ka79?zp
z3#2<9K!8d&w_<@)9t<2>v@TtW$6`&WHBMa-wO9`Fdi%3#>LcE|L05M-aU(jDsxg{j
zVxzkH!nXC6-_K2NJtXFMLK!F_DJ(3ki6U@Q{o0%{w9)v2*H57yrMRDY6o<qG%0cRp
zSOMRNOBw`>*&cegMwVZ@YsnNG8U^d!h>gw~!}`5$k}_BM`wmd}#9ezH^1_BCNS<9j
z)|~kPkqdIOLCkRHw8|kW`hP+X#iV0l<~=0*sH4>TkVW2Vfoae=>?kS;#5IE@I=lZT
zfa#$*PSoH$Jv)HRZ6r{+jf?3L_<Aq;<U?c-d?AilrQ0C-C*0wH*Vz|RSBQ}@+Si5w
z)(`sosqInlotPL2UrqQFPFN)Ewpk+(A|5@9A8E(J81iwDcZD*;H<Fz*Ku7%Zb0BP*
z{f=B0M219K!6Cf@$X1N(#>@l_L$SHN;SCSxhNBksxC9hUlOmH??#!}Zsa7wHrTDVp
zR3TDq;Y_0+^TbUqk#o&iJK===dk#yp&}wc5{#Q$#msTC(<0m;^w})_VzRL0D5YYId
z@m#$o;JkVr%Es0pN78UDH{<nEz?g4$-#|T^YwPA_9{W{yW))f2<ZDY*F)!O_zJ=g;
zu%7-+$3OHj=3&B5(dEV6PQ#z8u@^?(o-g|{d}p?Pd-zM$6TKTYv6y;(%lVqsQEo#a
zJ=wK%wOcBd5^X)!@7EkRS9jQ@z8k-!>SbWj*0igXAA9l1gs3ZGWhqT@)3@>;E`UUz
zm)(I-8gJ=~Ss#DjuU2mx$=~fiaG*0oUEY+cP`kO19B^aQ_FMq3i|O<ir-_Z^AY8>1
z7<jH&fnP@t8y=zr#d=h?>+<Uhi_M$QZ<n3P!5!bwT-^MW#J;_Y<*er;Y>)}a(@dT-
z&V4JFlk5A;L@FgtV78XyQVpxFNWQk~RsRcyCrg?*H7|aNKdZueV|LB)o!7P@x4Dqs
zC-lH9nPrQ)R`Q+k88>DRe#6|=&$#vJeDAW&svE~H44-Z<H6L+UG!j-le38x~y2IXA
z*m3*n1h+*5ir{{J^GnXz)cJ%5b0XANHD0QJ8zI!oc7H?>#bq?wcBhG_yQil?6t9po
z^TI~eH`~<jCU*=?lOH6J%vpaK>d?v*J0$1$?V53IBeZ0yB=K<pK_U8P?kvjwKq%Ow
z+q_Eqrl6AY-95{fja3|%QYRSsAEwPEFyy~G_ffWS#))Rki8kh?)qY9s;)90`-rY>N
z6a+Vr*)08Xh5l%=9V7e_SN`j|ab@&aCZF$~`L5jnDvs3`8n_(4(P@Jpi=F=ctZ#31
zgMuMtB>sk6es5e^+3Oi}{WIGj^+E{=UDXTsAKvxq<jOvAW#o71jh<SIja!<T1chQK
z-PCbLem99`fyWovP0h(PEq^ERjQPwNPH>7^g$*$uOXJgewAY#QrD?vNom)G1Fda8Y
zC*>`Ven*L1CTHwj55t<_XNq|}mG3V5MXOs!a<z?qt<@UJ&V0*ORNA}Paf-u4tR<)G
zM;hbCt)XCLebRyo#;Ut#^6#To?b=V>iT=TP$%x@neAB_EUEw?D;+Q8_UEVXC_u6_O
zN5D?j3oBL8`!<5FAFb4K?iB%!sC^G^bDoL)x&)EW0qbTj_eBG2linza_WT-prkVfD
zICrT;cN4R1Qom5k74g<EBJ9BCqqVI=MsaY_=jvq^AH&}nS<-%M7n)Zup}fSDmijLl
zu%xfsjW;msdarYe^>L8$)w2$`#U_o&vG*0I*5~@fb8R0y=B&^4^fr&4ojmDf?qMjv
zVb4XXAJu7Wdpk#RQFrlWcb`_=DGM)c@pD%USsri+I%_37lY7=PD4X(>%<A#_7ne1E
zb9Ph5e7D3iBYv#fgO+`9zh%z}66AcSv-DOCuI8m>bNlR>K`VX3agkLwp7ohFX2$cr
zJnzAq*lg<6y$wy;cpKVxH(FDR666FFlkW6?Pjc#vEUy~PLtS2-X9$4Kg^vKm4BPx#
z>GpTKysnQ`2;Ki-oXY2vws6t|Uw7DLj=El-*6u6O`h?v38|@F++eU=azbQ)2JruM4
zC?!%QYGrC}`h%r((Nav+q9DM$KiB^Lqm)$U6VJPQJ@44u_&PjnfSugD?43KmqI`8!
zI96-yAs^lhYp&G>7c~!I>=U%W<(sqE&Qp#rxpeP+ibxC+vwrsRyfM4DhOJ8e^3x8j
zxK>_Cf49h~^fN@Gss${KaiotTjI18VXe#%0*riy1xQrrjasE9*UB9;D;N7BPRF)@7
znr|UZ*KMs4W%ll+L3Lrd=*}yyj?W$v^esGf$~+`Dh;EEim9wrCN7op|@?QQLUi3e&
zA1oC*74yo)$75l|lQ-~pV*(2=Nq%oG!zCU*il_Kdx6?J34LNRZQW4N=W80$M&phZC
z^)`JgjUF0~NenQIP3)A*<0_+Tbg`-9;Jz~24X-@HeUpEmS{sR3Se_V3<<s9~?^_Dr
zRFBw?7rEnAsWp=La}7moPef^-S-Rb=e`9x&5oLy7cD+80HPKz=OrC7|J6F{Eo!p+W
zYY!jEEA|w2;aF&}pMUGS5^dezQ)PRo&QVaZqf|6R<aO{vMeY9QvrJa0>0NYcIod{J
zA25=$x%SrLYsLM>7D_m68i9~At35y?2P1Me+T(uaydoSadEvyB4BeG_r{=NVBE1%q
zN79DNFWq0!6(@%4+fL@pUnP%WJ+@GKcaPUx{QG^cP!9pQbRL3mvk&5RANXlFTFlgw
z?U*ceN6zz3QaqD3Z!z!Hv7cVQnt1IgZYHn)C2d+qAwgYciWrqAtsPvlWO>gAvDAI0
z3mqA+H{X`pI_im-qMuxPI3P32A)?sv5Iq&I{4OPA;T=1R%DMK^-KC;i7g>}(N&AiG
z+~2aLM6>tZTitlq(?ti{<{J}}>D9py2da#&Q;+TJS3bwo95ULce;z;$G15(_;It{U
zGPRdNf4#dQ@#$#81ieyqQ`P5AqCBjoGuE5x&Ia=-b~JEm(-Y?A<@G}M>s-vnjKGFT
z)1XO2{%#7L=Ugv!J!a#nvZ|^^JgW-d>3oT?x(`{gf<!fkKhDq=Nw7>AVW%0JUc6rt
zA|AS}dWO~YbvBiE9=h0|UQFXqt6%4}Hd$U>xr-f*npYX>jR=Q07bAxZZ+Guv=<T`0
zB8=yw=SsZlalxV7ZWHw9&DZ*+*}`pEdu)GdypmkhpWCaK@~hi1c`ki8d9!zRIJaZl
z_*|<jL8nWTsO6Ka8>!0TuV<4*Z1*y4r4GD|`cXt?0e5hkZ#D|))<k)Ryjs3-@4={}
z+R%)$;=O9q^v5dLZ?X>sGLp@8M^H?B^f@N27U_cN<6Y9ccDBl)ANJKg6+bTB%igGN
zA0KNUd?-F3S)b;$uL9*`&M8tWW1!DIVQWlEU?%ozW^FmF8Llot5g8}0)>u3=6TV6*
zHX^(NRFODHwA5y1X4t`W9t=Er5uUq2fewqN81#}Te<WyWVF4N_z9;s!wur}~AjqBK
zIy#gK4GI&Y&q?W-N4<nRi5mh)<K5i+{60uLIWAr_MXczgJZ3_3T>PH_I`R;ToX^*g
zW(S3!?%g}PEwkQwqSAhdvAacV46=tWgQ&GfK(5gIHd>Rx>i*F(r^(J`?|IAA>0i2U
zRBzp?JWE+pY+9pHF<IyK<jY{jwbhp2cj>^0X>ZJOZhiXICYW8l29K#Z_})ZF_9UWW
z&@1u`NHzGJ)Gg(hVeoTc0|$p%{jjl{16}V|IE#kq*0#Sl1HAJZYK<SO0)s0`!R~jj
z7@V$`q^k9#T_!cgr95Ibehw1Sw>N1ANGCVjI$y%J1+IizwqFa=QDdhGYHd%Eu=VZm
zmTJ5*7+D^2de1AZvs+cYNbjvk<K6TxA02A~O6oZ+4^w&4d^$8YS|;hk*R?_&OIOm>
zc<3qGzW*LF9J$4+U3;eTx>MPe$L^K_iJ6uG4^F+-I=e4wdhbI7WmCcXlh6A$iz>Hn
zr|#EjGEyf+Sm!h3^n4U?T#~cgy_On1naQp;n6EkAGHDaOyW}{X)OCrHp8M9<isH2j
z&tcLM60grq{K!UnHBA)`l?*|!FV)78LW=+6{R2b26~DiEMo`X_S{`gLvJDH8urvZT
z%nh}e8a}Xe)jf}k5X~PkBjUe~4zu5KnNawB4d_y$PKf;%5c(%AzR&N2`Y1OLI*e(o
zc0uCR3;EGUF_0m?RQR!o$|fvtSbeF<{GIu8e`p5hxrYe}wovfe1if1ySZ?G(1I#=v
zv+d!?@-4%F82@2n69O3mZh|0S6<tzP3~mH_Pd%8AbYQ;JZR57v1s~39HQwawg%nbA
zf%v`&eh_2OTY3_JilE_!D^Fw*K&Y@D&tqZ0+VBVL4i0H`t0?cyT<dI?K$9C&j=zkS
zhf80r;Ydd`3s9k(IaiwR!t-4%S>Gq>YbVi`|C}w^m#|n**ZA-#V*tEHQ33mH&p(E5
z4An)EL}K_P`E1>|+oGvgls-lWaU4OqpU>)HzCeMzR9Xy{)r$*m6Q4KC|5m?A%FZ?e
z3R1F}p2(%!&a%Qh&wR-I&b4XV=uS&f7<Y4sF%hFO-ysW+86j#Q3#5<gpq0-W72)j?
z-#(~eUGe*9*;LYXmsOe6q6Et8JjX+EDrBIc0LS{iE;Hw}VesjSiVBS^C4*8h&p~ei
zl%t;sL$u2?v;rx9;x5uqr*^shG-xpNaVWLQg~F0)EzD;zP|`J2jb-FV>~WWrz}w>s
zv__!PHo5cljRMjTxX`S=QVWXVg!YdBX5<$94l+zu;Goes>$Kjz5=Pxvm8yn@y8JtE
zhVO2{CuQVAj5gfm>B+X%waNgu_5ObSS`ZGNtHWeUMuXQ{64d&8k=l7)|39^JKOmwD
zi~ti%qb6!&q}C<v#Z3Ng|MG(1;Ys8Dyw)O8!3(&4pp`IS+Gq&Y4hBfq93ZQs(mCdf
zOzNq|*ETp4cLij`+36)lDbOPh;dMyu{21YnczG@Y6z{~v(~I9E#yMieA5W269n4VK
zn?Y~l0vcbW(eMX+7W^`z&~acA2qKLBJ(BEX69=a#|D5Bd<NEoR6QO^RA`s0UcRrlI
zjJ2wego-o5ar$Vz4?T7yLamo*A2~1)?}0J+>pbl=E$<ggWhkqKzQd&$u`RRjP>1)H
zVo{#r-tr16hbG4_H+if)9!TM|1^v8Umwxe%29S_t#oR7fom4n!HFGJ*;TUEAL(oug
zx83Ai5egrAA}0vQd+nx=EHqfq_$=l!YC!lHAkj;JLEivc+)_GyV+)28JQd19ZQ!9B
zj<2f<n!o&DV`ZOiznXahb8|zwUG+OTJtuhB_q=Q7MNMzG0KaUB372~BNkYQYy@g1I
z(O0Sw=u9lNoN+tJHuDNiF!gjE_Vd+dzxuOFFh2^**PwHTs`uVT<IU_(nf-VZvr@<1
z<dQS5&HT)uLT6UZW*nvQ<;WUoI-IOcc$DgGH)8&pnn6&o#%ys_BwtYtm7f=82F-yj
z%CE(4Lb;7A76<(c(8VH}FW4ry&6dr$)}nd7&{M=le5oG%iX0VZ?%`kNHGT2ykdLm>
zANzJ#5KSI@f6E^GQzElMlnAx5pF@J-?vHHNwh4ervE`1jTTx1RNH~6!MQG2=DVi?a
zDC>aG9>-dsMqUp4^7Narg|`ag=TDt_v+gk={lSaTLQ*p!i7CV2@PV)V@8;D^O;a~J
z+IUThO@u$<Dtb-3bg72jWo)A-oW?zl-}W7_q)V?8I1=lq0$%w>|C}rA9z^Q&C$C&=
ztX_Afli*GtiD;f-#4NuNjAl8!R%NHHx#Hf!aCfll*mkSxeT*}KgH8BkQW|vhJsI1W
z;oW+(>Pl<c(2bpvjpCC;sG%1d0!ThY;D9sDxia%~_J*=}XvW>?`zwBAXfjfQVa0Y5
zcHdT4IU<@G_1t%0)K%~IvvPB0AKc}x4vy1>je&y2u!malb-8}5kR+8?CeeTZ-$|CG
zDgMRbGRved+^SaLcoK>Y#h8`rA<Zphd|i9rqYNx}hBM0F2av{|Y!o2lG0FN>bUl6g
zbf;e+=3dVaFb8sxh<&5xOqL}}h4~Hrn2S47#)FHIrnu-2b6N&d636M!fPc%a3mZ^+
ze_kJb8vo$Mt4yR$?_!q)9y?b#A{DR#;#^ZwVp{~JHRBoOA@*ce&$$2_)fIP2JMS|V
zy)9X#zkEXaHi3Q^KI06v{q>UaR|n`H^%Us6HE=5C*G|14%z%<P@m-TRs;2kx@W@fg
z_3rXSeMtKt>fF^MTnLvcNQVq9MIKprdIrw?;=wP@far(0vf%1jx=#=j>g%k_4DLIm
z@NUp4ekbz@v*q!LC8W8jelHl0GZJvso0FK?)6_4+w><ZXAFHw;Ey<}xh|>Baucny>
zOlP-AiD0-ZFlud+1eEUw1Aabl@wpZQCHT`b{j80erZZ;=s6uO{D9fAgGJ9AMS)ZUY
z_(qfdF_=r`E5~4@!kZ?r3F%d`t7}~jQI;ymL5lLyXt4a%$?hibyx_AUq&7{h)ME{d
z+7Ds`_MvCqHbw<~sqnmU{&D-PQJt&#B6J$NICO7-zG$WTR}ABo7$(J%5+db;&!42x
z>l1X{gR9b0+ehOf^6L}E=tNkC{bvj<vIXK^I2xBkX*@>0P(|xqni10Y4>&AdsmZ4o
zgxu%x6&JuWNq;(Mz1?a$%JUKd^@l+gx+-g@sEd4g6=c<HD^ncptFkl&cI_nSS8N2N
zY=avPWh6qE4Q$f(4riiCJI>RT1I3M;ol^d{W+KnCQ0mCCy=4vTG%8d<(d5(_A^8ZD
zQ0R*^8Q)sVCn^L4m`di)ZGCk1UaBnTNIj1&d}dzSoa<ZgxOc@_kvWBM(Bm#xEd+<M
z4-R6@U$`qo=%y#*YGUSvo^0E%2<<>#U^t<3-zk)@)TBaj;6%Sm_3^f~!tz(1L7u*t
z()CDuY5lI#L@`XGf&S_zLw{dH*(~&4E)nRz(I|dmLXH2!C=cpGkSN-2f4#reGj<Cj
zxqM$c@rvBRhuf#3(`X3JciEA4k?gYN@DE|@eSQ3Pn<SoSPF`JXv?FRr&l(gzD#msr
z+uZSZ>N0aQMSj-lSt*G|TEszuhnTtYciZwkujEBy5gWyQW<Jt|4^tc=S+7W>WxIbC
zLAgFfz^|fQ*-p`xDb)Sl;O^pbxKN1t1p#!$_3-?*5#N>ag3uD5wd|Dg_jQG9f|YmL
z*-m)eud*SlA~R6W%O<>LxlKEx(DGO!Q|i^vF6cvO?yakfkOR8ZQG)ZcYQ4HL(n-LS
zI_3Vo+F`A)y<tOW60|lsjpCV9m@FY$^3^CICH|_Xx|lY$pb8aMMvN`_%>Au2Y)4=+
z-7ah2`FWwxM|Pz1;*HNFZNlSpLtU*8t*hEnm?4U+j;c`hEf@wa)@A}elb_Buv8P$p
z09MW(Jrm7KWMPAI9B<9e&#!T>p9f{O9L+T74N6bFfh$zs@qUAGjjC1tP-KMr&CtxV
zVGMWAGq+b12Dik^6X4LNiJb9jd>Yn?!fpI%=F`pUTcd*=ne8k>#+sRnAT+Z46>%@^
z3T9-nVTF0g=L2I#3GE~N&Ojdr_I4f*P7O<Do(f5OLI#|@-Qu=~_rh8@14EjUGkx#|
z_F{6?dd@zlRm|=ez;<WujGYIl{t4aM5$qdyo{Xpc@`;%8e((`BzHEN+xhzj=OSM5u
z$+PaYQsN)SbA#Bgha8jcAb1}pK~5Mz_I&AEa>kfYcTuvBCU#nkbY1!t<*A{^Mv5sJ
z#`wXBcz6IYXPx0ZdkMj`cL+jL%d3WcEwpi_Rjvc)bxHbMr5S56<x`TyEv0OXCYGfw
zdPi2;w(+9|R~2#ChCR~?AmmluQN~EBFRz1?^&_pG#{b29ro;d?v`~5-iPZR+-Jx=i
zH)!&P;xB%-jt^CY03ADe<mxGVxb*JH!Fl9T<mzz1kLK2om3t#sufxwoS?b(4I<XP#
z{RLogI9|>UbjWUj(F$xIw7K0F{}(0?P5_u!hlD<c6T#_*;ZjMZe?GPmeni+Xrm7CU
z)JhR>3ayi=<LpOx9&=C&e5VHw0$Kdw7PKkcNdEiAR^%64COtap6yT?_NEWOBefcP0
zgEx^Jy$OR<^vX8u-2T!U0vS<*M;}e_-*0(i(=ByWMwnKC-_Y2V)&z{MBUsUAMH2sL
z0B{ii?Jwo|Xgp&X7LL9ylop=Z`dPP~q`&w3wPN<%(d-~&hxB<E3iM>`-Tx{KxFaly
zL64k|N5h-|WfX)vEqO$?IQj|4kztTO8El8#L!bnFt@lID<v*1n=Ac%XezZSql!=da
z5rk+p)`L0m_s(&}km<uHd-e)4eddvo7X6<`dJ4i$3MM8&=utyKPCmVD@f#TS?V@Ol
z?p~t5qt$AILtbS!(7XP_bwVBaJa#f2T;>@hw};|=oV53*x~(mHn7MomSqzk#jz(*e
z?7rmPeaWy4H*BR5@>lDq;{*-xT}8j!uHjoPL@CB*2o_Xc{&O|Odb+%_wKZ#4#=<`4
z{Lw)}b({e8Eufj=&Q~G$<kP5seR71lhQ`zKS>-<i%Qh9|dB;Z?p1Zgemf`5rg0jw&
z#iyrhS<!xf)pPXx0|Q{}ekMy?WBdE-ykI~+lh5oPJw6->q<WKk^s@m9YDMZ$CbJ4R
zj~+G`vNk$}-m3rkXdzZIk1svs_pI-|4Xi4Hw@)i&DMwJqF7t(D485te{^xe?AG6e1
zB^RGiMusa$dkTazidM8(8|CGHrtN=J>;sYY85fjA_vZ((Pn|~=9nOFqa&_wyTt#gx
z!>`TUbJu(|1kN=T3(@dpTyb^N)pB*S`0&JJga)DX165uL+N&VIiI-#D$K~imjL(x4
zVbH<H0hL$-?D6J6lT+R?lJ@PI)0=MEY`MRb`|fW3iai|;xa;R^eRrX36)J}41Gotb
zH^&Q_ZlNc=-)}U|l`6hl|M;BZp~UFyMwj&x7=*;Xcp(`P8JPft`rd19O&l;6dh`|`
z7Uu(_)nw2%^Y<;#(a|CPYJH$SVHXzGg%%I&Y-$e-hR@PwE-o&LxKGJPJa~`<HatkD
z)oF)omWzMs`AZGp>81?O$+Kp0f&K5bv*TfimIonwI}Mk9dlX)Dn9Bbs=KmJbA<QfT
zR*LZiI6(7>k5-(xBMpv~x8RA2S%B5^11bSC>}6`#vKk)0Vv7ZSE3d_O94XM)-G@d;
z=o9ep^`97)m>SB28%5@$uN9)smu8pu5iVUF``+!j*k_@K{h1)JjO=Ye=UCx5aDDYA
z<JL|%u>iN?XEDZW?`_`gb+UvGgNR}dqT3{hKBT~h1e_jYC~N`pihun0Ot%*hiyngN
zf;Za;gce9c351HV34KR;0YORZwAuVWz#;STmw<K!Me{xo8u5YHIvz-gsUjX9EqU7q
zjSs|j%-8Az--N^klL15fzoi4-(mQB3XP^ad7TjK&Fo$Mx+=Y72BBc+$zegA84tuR&
zbxo@sSpKC4;J=S@qbX|dUb+MHv#y=XnbL(OFShu6iu@a*HyX(3=p1*&$A<N>BdYV;
z^!poTKI0DNVStb1_PsnhkHZN<gUgkE%sucTHDxvNRac=-UA!bLATq7s{Uu(_7Lw8j
zOH=WvyZbLTKS+bj>s_O_XSWx`wF!ijoRW=BKc0dCMX%>QT=CTP;Kw09Levor+Q)-Z
znh!rnEVwab6+glY+&NY*gh1O~HYxY1K&QT9$f&8U7K#p+T*P*^0C(ywy0bo|0Gu}F
zT6;ubkSRyh!QQA*&LS>uM0optFR*0BTo1vqptlMD2aCCs@p{kvO<B-L45H0nOhcNa
zaXpxjCU1R{HGN1j6Xd3e037y#LB_MaH_*cd@lRKwG-9}TTgNI6eA$vfu+BRjU3qg@
zU@q(so@_3N34%`(Vb=<oL%oc)dH`TC_Ssok{ILrjt<Mnt4vE7FYsQIXNIiLC8J&Uq
z(|Y<Fs>%~+`R~989Pxi0ee@Gj|1Z!zH_om3XBS5UFt-ZP!m@~R!Fc~WOWEGfsFpVB
z7Vh<>SH!1}Pi85c_^7sDdi~)PAQj2L<9iJl$eGB+xB77hX&@Z1n`HeZ29c9}7wTvq
zoFarLh3E!O&Lr{RJ==KE@2=9I(juv?t(_P_dH#9l1bEAyGgRnlE5a!SNTtbdy$yc}
z6>4FfUC6%^<8t%Pm5hsqh!4lr7w%RxS5i?xKA8dMgD>DnVi>gn@`)Q#AvS0^n(qM3
zBmna{<td=HUhRX)2OsHg&ewk(Z>Zb6rFg$pe|`<e${2j~=M39t&UxYnpV(@1mAbR^
z=raI7P7_(ccNQU_yh5aW;_>xNtu%3MLJLu=a4EmTeQ$4YuS^`?s_16apD6`YM58sD
zUgEN8ohv_(aT0+r#<eDx8G)z@rm>(ZFqCL~3vlkX36^dlrD5UNgsF6FIk|twJ?J9F
zR$0B)dl};gSy#axzCzexer|5TVZC+uPPs0Q8*3!*U7)ZoDPZ|=dE2!s>Z_n{nxQ?A
z+zqh1;OvnjeSn$p?izfU&-`l_^Q*qUS!L%Y#A`#*UPtjtD<uJ*RbAt&lb7lfoFeXM
z`Bhh2j$+@{*v)97Z1Vs2z=v7_K1O}Y(33{-9v&~vzzdq}1d~&*PUKVbf7S~~IyE7?
z@^zWEfk2_-r|8Q5vJ%w*O$YX;8pFEYV`~4juEUp<=;jrGoA60VX_^S)JL&kM328bH
z3F6;7BTWm4UaO2DGEqMmMxG19uELb!nVbX1X!}oN5~r+0eWEV3#U~}@DfGJi{D%u5
z?XgZo!<)1?uKHB~xWEN(h$%5_Ea}Ws%#YV6dJ{M_dEB@U@9m!1>eG+SFt^IDJDqtO
z<2XGc;;JWEMd{xu1Lho-XO#BqV1_1Pr|+Wn(_@Y=1;v0Sf$U8eNee%;v3Y-*(Ys+Q
za@amLP~u77%GH^l<NtvowO_{0MI`O?Nz<bD!e(Is;<l5_9G^B-#|GJwV!x>YwJgE_
zm~x!Sf|f=W>0tgL+*gmvaaXF93pHbTbPBai5TfL<Q21u0-J0wv$wUHBtEAB12Ufd-
z>9fs^q|xOHla>TDHZ&>+tRIsP?wnuwKKUx=co}gh5zW^_o-_6sC1ED!OcoKO<>}Y}
z8=z;n1*CY4NE1+A54$>mtX08*XQiMorQiqni6(Y0zsXj5z=<?b6HBg`&SLVyZoN?=
zEgU%YXdq3ZNLiRbzw0EPbiN&<LQ!o4C3^i7s}}VQz><1ZUAC0n(kdA3(N6w>;Urei
z*IShuXHFGUqhCyt033Ju_c(y-&w!knXOnLqc-PUY!ia9`;x8mu8g&~-c|nL7&UO<C
z;(`KM$%ud>ttechun#_VA5+o+rFs5_KU98+c+i){iioJWJB5kglS5YNKBHn;oR-R(
zaGUk%*E;2`$`w2-?%#k0l&!eye)lr*N0EjA=%LDEOC_E{UFBPS*sc`fX}hjxz40Kp
zg`6`l<M*avz;^9fC1G;$`=U|n0*(<knRUoU=e1h*_JTURx$mF0)v3AWZbbZ)Dmz({
z_oTuu_`vXxri|m1ky6ZMJ%I3HbQ23eq(T@YTmRdy6~MbRKE)CRE#P#9nbXOwmA3>=
zCUg%bW?UzVz4k9*1HHIgapn6}2_I>(y9710JY?IR*S4^2zV_!(4O@Z3_D_x`)V0~G
zr(r^Q%>H4TzCrT!IfG3qOgR}*#P~H^Ib}WK(9ez*;_0tiQ<w-cz&S`e48NT?JWOzq
zgT+7x6>i%fS;)Us{<ur=&4cogWP*lYCRwS3DD3H2X6b0j?wqEJt&+MiE=#|nL}kgI
zn6#46i73Zu9Xk*-eEx{Sh^u+2jMplBjqD_$l`yEGIaXWAW?XkxM(+C4urN=(4tB>E
zv`+`b&Rx3yc)DjuL0_`qlWscM3c?^;PRZ_{Kp7>XNRUL?culwCaj1G&Q1DHsyz=|>
zq~aBpmfzICTZ!d4dFB1xek;c7t~sX(0ETDCBu*cD<r!uyJ(Y56r&*@@_^-HA1i$Z~
zyI=@MO|A>f*3hlXI%R({8p$R}uMnLLw?CQbo8JBEs+#k2Kj@j4XLJ2?wY;RTxUUfU
z1rwbM>~-VsXB*a<ewytKYAlH9W9M-1)E?!wvYar_NbVP7zEwVy#B(__R6pJ10KVw@
zSC7RXkXlGIHfUMK(NWIeTX{?7pA@9SWk64DNDW%TLLR(59TmnQLdp7zIrJgA`HH1n
zD4p_CkBTTfl=NvItNiiUVV3K<gx9twltiua-Sj6dZI?sUPR@|ocQf0u6vSyMQPwsu
z33h}SMMqisJ=lsth;*AzpMrEvEhZjq(cc~WD8~oGCoE2OX6mcs+lk~buUV^RXw<Cg
z?IO*+E^j5k`kB`1o~fNm&U&yKj!l%Z^m-3#2l;|TMZ|GI(N&eCEB#gk+yjjLE*MRZ
zE)td;g7J?1PP>pq+N`u~!f)1mZyA^FaIC~NegVa^!9n}EVQ0~up_B~C*~sAG$MW)R
z4RlOQWwKShB*PbH!#y*3jY|!-DDnK;{=eSNJRZuv{reKK#gMGomz1(iSwhw<CEBDB
zvM&)yjgbhAHCsiNEJ;$5J<=!{yJRWKQg#W05g}X8aSmPgb=}wfyPntc{C>~VtAFa8
zIhXJGotg9aeBYnXQSq+&xrf_Ck&Vb_-t;VxV*40EFS=&;y91~HruGqYEq|Vq^$ZKe
zlT%P{x%Xe59C}9TbP-ZJQ={IL$C9*4=*wWyr}h)HBbsve1$e{q4=0Dc=L$W%rx~La
z;=iWmLVjpHkjKz(HJzDdsafPFI>uHQJRWomREGJ2tkroatp5Cr5T5@*Lv+u!UxbVM
zG<{FyU$*?wd%(EQf{VOaf3v|Gx=pxHwnt3vBJ68Ir#gCMR7$O*Ol5xD&98D1==ZMu
zsR7Oh_C`|q0aVT&NqU{nGXo>cXO`Ype5VVl+;@9@<xDN$*f#8xPm`3s&@~29PpNTA
zi1yth_$ylN!oGfz9PSJ%VhL@%At4c^W(@Y&blEl14K?a6POOak;oG!ZP7DtL?PSz8
z!OGYq`Q!N4=G}(_lx_w8inu#EUTe^>!WPx?%sgZIHg=VyP&Sg<Q&{rpN{vaE-|nLV
zd7M(f;yE~<dzxXDT%Y^e`)I|7+<^Lyp6z_%mwW>B$Gl7<E<ZtKNLMYGsdW3^^E1BV
zRl2hwz2bf5u_=0IGkLS%j+=K@5;4y(l&a1hYS5M7q^-X>K@C*>-F(8`-6y=<0?my$
z$Bs#x^<GFy<i$v#)F&HtkCcYXeXko~PAu4oF%p0D_Pfyxi-+R~FWUOkqsztRpH{B=
zRGe#$@!=B7KJtUeGU=6<u&ef%%>$8#-Op|n4xLIGDhe?*H^H9&)FI8AiN80GIgwQF
z2<%aK)f4&Y%FplfabFj%T9^I}TD$D+a^!aVqF(F@;mVXhw=1tE)c*(J<cW?sT_-mR
zUaA0B2EqnVwo7jIhx?PlXQq}7S+hnwHLNsNcY?xBRN!K@V=-m5lBC025wU$TnQu#a
zz2kPG><63eFur0YQI`5GBBTh*{YBP_v#)v7kLa_Nxi|ze=kiM#e{7ng8=vsA>o8GH
zNf34+d}Vtl__H$Cj;B-&^LmU;=2w%~mm>{NC}!i=VCNZiA?BoQh%nSQHA?XOT7oj-
zj`hP1We;lxrQ}~8Po8^x`HPB!L;_tNL4q$TEBm58htwzTpfA5nB5#cV8F$~T;C<1F
zi2fL%@+-h=?3PLFwOu&#oSVmN)cwa!V6O&ImS(S-@hRBp=lgE`T)t!9RAQIdEg!$H
zLT!nTAl0HDg9Yd>(kHi+mhk@lyB_8oXAMMC(24{R>~W;zvNlCZ(V)&{P{OBl+2^un
z?;s=yALSBnY&}pQpRb!!yfhr%zo$Fg$a{xLB7+2d-k8tH9SvqV=C&MIl-n2&PvH-{
zr1Px5Cd<aNUB|Y|T=^>YQq@*5^N_T&#qI+~yiyocRu7R&)s{<3n+;=<Iw~6|1Eh>7
zTUqr*7901jo`+h1iQrWt@wQ#9p>Qc(^@PavhlXEL_MF7puPrwdZ)GbsmwQY^XEnMh
z3aG5^cOd3^201ye&20Z^9Iq<xYg~9>bc=h^>!T}Q3e1b=vM;F}ECwt|Z}HLTJowuE
zLRiudXU|BxQZL$ZGhtzCVBt^xHjFA(8U4^T4!K7<AWktM9|=TVET_kDgeN9Rzqhh{
zkW9$#jg85i%ibX>I^E2yw~z7Bk!~J>&2j3M#15AxJb$4j)(m^7v5!MsiZ!eL;n%W}
z*S9fulFs~iP^MzLrLEJ+FR*<#uQ=MwUP4Q*_k+(5m_9MWE&{Ko3aWVs3@W$nwHI)^
zn$g&SA9e+$Vlh=Pt1scGI#oARw8cb!J)+xW!71;RiciDmI&3oy!Y1-|Xe5ltaLM0E
zsy<{NF1T0f>&y|J#v)i<%1Q9zs5g|b8R2y#y3IuI`cAABD^vEuyH4@QwB5qc#vd%o
zJgv75+C2JnRB8&(pL?$yt&G-u+b3W!q(*3Ycx2Sx^c1#r%iG%eF?>@_LPxj`gXOz7
zTF6vc1G0G3xZCyS#>Bpq3TK!5>w0eE-EGc=H8HfFKiW?56wfCazL1G$zr5sCIk4)n
zb&Y4Q_IP!e#P~kzEbEKdNHklpVceBbG5wZCIr;M5NJ}l>Wi$SQTOuI>Z<pk;QbZO@
z0%3Hge#UiODff&nwF$o?cV>F-4A=j>ylZ8_heYl@xYyIMnN@Kw2xjzLpi>RVzb8>N
zJ1AZ3*va~xYyy<=)38EJ2c((wE5B8(3-Ib*iN+<$ou)#RwKqboG`}@7(SXp1hzLIP
z{lzvag+r7NN53!f4#!5`4J8s{XW&iWzqKkLZz9Klr75Hz_nUpC*#)Af5WiB=QRL0J
zuzwFfq@04k8h=)RiFib7g=|A2UV=b*27#9c7{jN6To=ko@yTDHUPEE+8)FMDaJg>?
zgK#{=H`jO3{uy#TF&W5Y;ZWz>xuGdmz}3#GTvDJYq_07o9rdYo{Y{orgE!4WD3b01
zMIV&`IeL~||Mc%~08K>b)u#)0pd1@9zG0na%r?e_-Vgp=sUA$)gj~sI4FJ~f1a3@$
z{};eIQ11VQoGlWyL;1EQ^ZMOP*IO4p+kq#LfRUQPtmY(aoR<C@fq>BAVLL_@pC;UX
z<h1c>aBK3@sA(v|wiwC^29MfR!-)miNV6F>T5*eaZ-~oAu#xCo++|9+$?P!bG68n`
z*AFY!kMR4J)D7n;lPDQkHTd9El()XM5=KXwTQ^Jr8A!;^C70&k^CcBG{hW*-mBrlG
zKP8o5y7YOCb<Cnr-~U#+vKUH<24p2xXJ`pZ>Z|C>JPu!3rw7M;9cpu6MG$&@Nd250
zjR#{IkzL2V#Qlk;;5q!7>IP~iSXw=<9fy3IN9|drOxS~B{W8{G!r~?eTn`HIHCxI~
z9vwQ%*jPvx_t46)xb9WW|9|0BPe-R764-Y^o_Rcyx;c#K*B#Nm%ku_+*^GcV8xM_W
z8bDke`6zHvE5H{Xz3%{hg@HVsE4xlS3`H6WM`0^7fk=_RI_Fe#LPqwp+=tq#dKy@1
z=U*jXQNFgAj|6H4ehT{x;_7$Mp|ZV)3^XaQ+&F9P1RVYrB+&Yti2LA^!zlRlllPHM
zh&VL>LtS1fZ7fWbCw~Fup7$W2+}0oqqhl@IkJM9-oSVN5I?!c|B4sK`Zo1AusO6il
zul3}zIDvn0_PV=Cw7~>d2+9)e*c=Pb@MaM7Gz|Swb3jHq9CKkkP-RCS6wk(-GL|`b
zGe}1n`4egO1b^GI6={c3=(~))auik?-B5l@MoteVAq|xs;4ww`9qUMojTM7#Xr@{&
z&B@9q3TzIYlt7uF#Lt}a8gDmXXJ;RVXplIqAVvd-!%ex0i@5m>3bD5da<;>u_(IkP
z7XqBQb{99aL5#nOi7!ZVcc6tM`p7G6!kEfHBer;Y;{9u1pONEZ5KN>BPD-%EZ}*03
zO6`0JWZJ%eaEJ-2_h|O&gtI8G-aV&-qB|za#Yqv9DPTG(xHyWLJH3qM8S)aAmw!KX
zp(HOWzbLY4LUD1ZZ0=>-OU7NKYX<RGDC>ct?Bo#8UG4i))G;DTPfvUQU+S)24CjeV
zHY|gzB9kA_x|=Kz%#IDI;NJIZRu2k3Ajai?U<PMg^e`Zt*?WsF%?utI5k3HRTlQ^|
zs9dx|Qw(_6+6(ime8Jv%XKu2`6cVE(At%rzklkhrZR$&?b|j~>3erv|@=SW!t5iRc
zVWN>OKitpB$M=-xK=m+0gkMnfK>}U6!0wv&{hAg{mF-K&pzOIa5DX)>D<I6Hn#f^k
ziJ#>uI|pQ1<hm+LrMU)Kqu~-c(2n3fQ3wvR=gv;!(>8+kfIKxat%7o{KlVP8mX9O9
z@1!Pui&Xh#GWIX3Y)7#F=~g-gq5hine3!}+YFft6t*_B4lr)#Ie<0E->4K#EmbUI#
z^$gz-WHVY&WU@m>zZdO2nu=d*gncd_4I$F1>X>14Y9Og^cyd&JnX@Y|fY^Kx-3w3O
zus~`ISaWlDsS#hOkGr%GAFt`Gllk1u5AE%z5+OUpjD&<99~Z>$DBq33{#}iwbNWA0
zV;cw6(A^ybFZU6->IatFY+lrct0kF^0OfkPSd;8u2g^#5v`n0*27<^rn&kscrvSz*
zYIliCL{CSed(?QZ@hPUKfr@TwDZZy!PESZlR*-ZTShxmQg~|FFDbXZUFJ!2?3$>M7
zZyi><<%Ym&a&8E!##;)_01U$j0K@Ixgm(L^<oxC3b0h>R=p%9YrX#g2{eRGEy|=KU
zQ}sGS5871ORfn=+y1ndoezk=*<R-s_9=HCAjpgW2Hzl<SC>-uTs^d}9f<(gLq=n9~
zxj_aVtX@4m03G2owc^sezw(TX)y={qVyY@_S4CY9@Kt*Y&jAtR>rf89JbxNuD)KN<
zInviy)4uOWjz{g(HA3*+-2L0mbtg*i9X`JT!2(~d#tQl^YI<|z_gtSRVV(=sO{v{h
zeWOjCmxN{u{Hs#C%A-7q#x3V(<eejlxU!Fq=FjFC=USBr)i$e-`^OV80i`rd`uKZ;
zs@s-AXeCq?YiBQ9^_lBSR|k3Sv=;a3jgW1FEY>+FNmL;@LI{7<J!`u|v#SPp$ETu?
zl_5bIG3Ml}&^L4#2sD%QGVIO7{F!~ubT})wH&1C;@3ozM$Pfi4z>%;Uruoplx6uwi
zMeJd=&gGII>uM=!zR{E&@Rq?8KKxD|bjL-@RjB^x?AngK+9TW2pAzKw_QkHDCZoCS
z3vbSb_*pa0^ufA<nN7&@B-vAe?(r4{t!i6s4L+5XlF!gmSP?fo*(_z5riP@b6gfgx
z(aAruiZnXe>GxTi3LQ8sU0l(VF(bQ{rcB%dq$>`U8zd&GKkxs=k7LjITl$%heIDrP
zK>ioH#;0mZU#2C=gB@q13mI%anZDPllJ9TI?b57U?wdC%RIGHItMorF-#ygU$yv^i
zdP#P=ufYMyMPJ4v1|8FUA04b3?CLa@YRa*@r1R=(&+`)1BpOb4qEZ!K_)n@zrdu<h
zj-D-FUb08Eb_!|uN|M)*WSTHEf!1+{aQ^d`$zhDio_MQ+NF+@d{LY%Zvv*bcmiX^j
zTY@}|TKTJg)^y(_A4=G*N=D@=ZFULbpDL|_nfu|o*V3G`GjtFc>m1{`f6nYoj!A8K
z^Fc)VnLoSG%#Xw<)SFQrmvZPAwL3?2Bp)e+!Y@zJ5Q$r>6h-|+Mkym0ze{paz|pU`
zDQ=Nj_$vJ?E&1)Q>S%867t^k!-d2;HU-ca6;llW(>ZkJFQ*TLYpdmkrIo@e^8Wk8a
zd!5|wWMGxwsh7a5iaQ;YQUYw=`8Ze+(%nzXcPoWG-GNN)Y@MpB@=PAxJ>7_Xs`c?K
z>+a?wnyx}SI@~HTd+D8V3LdAK16g{FaP=fkoNtWemMcOWAEWBr;8WW;6fUcmQODxR
zVJU~-gT&NW+_<P4%Jz=HtuLTriVfVQ>ZY`%J4284O6t~oil@7r7x>gtdDZb|XSatg
z&44|J{Et){em@vx3CV|3siXO|goVvxR#66fQJ1p3yDqY9cJxENr)1T{=;8+Q$u(tS
zp`w#JZp%qMDtTOG!^@<p0wt3OY05U>yadTgQ8kb(JGg_DIGem3&tY@xAVsjXVy))4
zJZojrneK*b$X7aqHRQlQ8*F+H?)YSJw$Oq!Yy!`6f73iT@0Ujs@&5ihnTY(356nHV
z_9)_v?3RnoTOU9c#kJi$H+Ry8X~s0s4CKK#O8Q~_K~lsQupz{9*I@J_)KxtbT9(jQ
zBqR=ClkAzG1l@X(UbJcUsa^X^+vsY$Pg;kJQjgA)%?Gx#;vSj5Q|Sz`(^$+aLSu7D
z?FoaJT3wp*XtT%9O|XwQJCd3fAuA}=2bWin81S2Gn<KJZ5uxF|r^c=FIhsaC)poSu
zWPgg!-(f3%nze&FA9y=oW2g@QB&`y5(uy#X%%^IEQ|BwB5?K~3cf)xlz7|4DV5iyc
zhM;tC4MN|9E|LGH>=x!HzAD;EWEN?A(ODD7pGx;C|HD+>1Zo3r>sl1Tvx~5F?V*rs
zOE+J47U;cwL~nct>&BG0Dgeund-68PGE#XpC3jH;3^ZY%`JQXmYv1ZFT1!X08GF^N
zc)@<)3ogMORY&f|o#+oBn(MrfAu>O23fG+?>uW5Evau3(QMfj4JzS!POyM;f7Hxg!
zc`LW7s+(vmJ<p+U5?^H$_;P~Z@h%5p<$kqpNV+thjDHezH-`t#rlF3J-N0=9v?Zso
z>Us0xz_n56OWJ`B3Vhw)=P=kUNt(mRvAIPeaWz%bG&)KOI%LJ$0-9E~=q*E0WJk_v
z6#1*?82?RDhnBTtG*=#lqhcq+tC<>mu9x;vn6|r$Imy7Zg?#rHQB!Z$8Dr8B=N#RW
zuC4JabwBQXKKYZ5PyWLDlX>?s6}RT-G1@=0BxAd1mpecBEkof&LJ#pH#T06uW(Dxq
zkcfQ475A1Pnjap|1HC(ZCRBaBEIL_*HsLw`B<7ZX1TnW|mlaR|xObZ^hx}&)$Pv!s
zv0WqW2?bx0MK!GBJxN{ilwxo1rt3_E`?QCu3?NzutQT3$Rl;w@i3fzoV-BiwgqK3{
zPm|Mhm3HmfXLxzSG4AX0l>$%#`joF%k}>{*+Hwr{{-`v0VVg@bZacE?82>0LHEc4=
zMyZH8gH)L=s!m%e2mT9DCx+5Rs!XT+E)z<X2_AA4_gi*q8*lAjPoMeYYZI!>j*CS_
z>svLEDwCcrOoCEn-bdK7Vz%^+w+<M=#?Ova%M|iT0KlGEDqi>BSd<_zU$esIrzr|W
zI%3B=rFVCA9qFP!jTHI^E)`QQ?h=R_7A!=^4;yD>1sXxrhxNk$&A-uJi?JYt7|#@5
zLN0~=DC{O(IhV9PBpPG{GwUtL7(sRvV+&V(iCK+redY*lItedM=3YNW2_oj}*76}g
z6$p2f1+Tpp9v??38Jv*ayz{WnTi+TO52pvAg?kbCBVdOp6$NkG;gYs>!&?Yi5FkZ$
zJe22EF{^uUV@ht#&~1nsWRPl9(gy7*CxuFa18I4hcS%vU2J|B=Qn{_(TM8pm2POUp
z_f-XmIiiRMkKn~ha_eW|isXbuMkpfp9=ZL-2<OEiBSkr>R>X;)G}LIhuCUX{fXdL%
zuVQ9|>_{1s6{PE0i>x<JNESKSus=>VDCL4(`ET*&8r-MmEF4A|IS3wNX9%r3Oy|QX
zgCvAQ6shUXHp<x7%fWCe2dDlX1b^f*jhNSu(E}&$Dmt`v{W8S*k)c0W^R|(4mHS{f
zL0?}KnyzoHJOZbOtBblz8T%-hVsGW<Tz~5;hVWt!oArzCMAEDHc>YkS(vTUp%knhk
zD$@;MH~Z@1UTw@UOE_dDG;5;-HeHH<TNst@ShaCNR&be7+b9pU`Y^-bQ`&A(Bz~o3
zhk^QYy)Ir%agvVdv}jw0PftmTVvNQM6u?R94<X>G@cJ*mc#D#&DFy7t(`d8<WRuEc
zNoN|sg%PjfB0@#QqHCa|c?u%wxb6nm{~LaG=ch`Y7Bv>Gs7t(dVqNE}b|+4C)0UOw
z-+1`zWo7KuVg5*Q(*=8xGRCW_yU!SYf%G$WF0P$`ES@NF#dt$H^h2n-G2_<&_RfUl
zitpVndG<e5MMbrt&4e!|-zq>%LgFyQw%85V-x@a?BBIsQEFij7vaPKRNl9%0f@Q~r
z2`P&b*Tms>_e^~kz_g?f-KW|=)dr>Y&WDE5mqE)JdkE+`0ZFj&svv|tSSoPuJJ<k;
z*`Fa3N*;QY`~;}$bN6N=$$a2Eu2S4+@ITUr!a0!e)P^?c7trrd1I$s+&WzIrt2lJy
zxD)RSIF@7xzLpMQ6}$^gPmQ7=aTaMxR}S3-&iCR@KycOLT29*wCiR^c>axiNFvh;d
z(}a!mSv4lfhK7a{Ncb!U=(G+`r%YV;>$sPmgS?C?3+*!`HK5zZy{IZYH{iC#U_J}A
zbE$r#y)Tm?VNQCq&Yu&RMjEYb<oJAoLQ%m(!JcooquISyKl(Hst5Cv|laxIlU4umH
zLZ>zny%dxcgk~QPbOi?{`?hUE0ECu%7eZ%4@%C^o8EHT#3JlW@TD)HQendQWF7PWn
z-^4<m_fr>u)vw$jfAG@Ub^+=AY__8PB9TGm*&2k6Vk-Pzv77w?ss%g_l&pO463WBd
zF)>0Apq<UJ`;`9D!t``|m94oBJOp8YK^JvwPQE2=@v<ILk?f#3Zj^%8)aNJTAgSC#
zU<J(h^D4tW2Gf!Z-*fSZy)XJOuu>yWvQlpYf>{5-Sp5P4L&gE36env5O&QNdCr#3=
zy{@E;a49~e;1%crhe08B^(42u5mf)ovX$vUG^^fzQ^4{v6mFC6F?(dm<fh6PS9rQ(
ztjsm7xwwZkq>!&Cp~uM6w(yF)H|E?Ca~qYW+uwM7_gGB0d4#9*>j`-4AWghqa0rw^
z%OEM^ckp4728GJ&+9$}KPL#C{ta=(O(_M1msj8#+;n<7xyrIgW>Y>FzTAF;BK5rd9
z-EVMX3)@ZZP)6W7&>*uMybZlq9+xyRVxJa#@CBspxujOW#S}T)V5Gm$U8on9Ay4)p
zL?#z{4Cy|B)=2EJC>2R^yG7ZhL*D9<tHq5?P8Cu;!bZLrA^!mr>Qcyx5pNZi0HO_s
z3-@><M)$6k_?P_`Nu6@yvT{*p7Kz(JFCG+KfOPh3kDudD^G*p0)kBD~K^xu#oIJ4$
z`Ec)%SS#`Q<4}BNmbX@{e7_khZDE$Lxv8Z%i^!O2D(heB`Df2xjsi__phEtpO)^s;
zS;pzHmTZ?i)*n2d(pBcO;I`iwIK*@X``620!5j$U8isIiHd7K*9GTrU60{1E<})AM
z`@f}~T-lntcr?IN&^H(rpvXsCA=N3i2z`b#p-o|-!#mz!n*)ht#Mn6N1|5@j+fWS!
z>Th<9`gZf_=-Us|pVe*zd{+yyxF10?iL3xXJ`FJ3jx}eqgm0FwS~mQ6?ET`AO3qS^
z^ZE1HhRI6D_s%~uOdNc%U5kZK^`AtS3(o&-(WTpaZzy}H0=)nk2j8Wc;QQHa$e6l6
zR53X*8zSiMUVSF-iIr|joSdpvCiG?eo93drH<eM;*5`jpW?7ze>#eMc7-ds<5Zx)u
zBWI&?ciy5a>?h=KYj>#A@17GR@~(Q;uuNKK&<Kcdn67{mwf)8@^}pPJ*+nq3cAxqQ
zUD}VQ`l(K<+B&Z3K=){hiSdWe%|J&K9}jBIq2^2ZCG1-J*_O<#3Z|~IXri>r98QMv
zW4sF~+@$ijI1FAoMPAGeygizUB=VYP2C3Q<<o*|+9B1dN-=Lg?)-lCDb8@~t-HzmW
zYrS(7FEl#Enp><#&!w4Hx+3lW+BeAr6$M(j>=6Q$Xx8wXAZG&kGj~hr*ks%FkhOho
zpU*H@&#?*^g{t5SY|?3knOf+zI_I!v)?b_G=IRnB*XZNcAv)T;e_017oM&pO*;T<d
z_{yJR8|2J`B;UquTc&jjY-(Z~=)VM&@(|4{>Vp*7i44>%febA^h-ol{Yr{0SiVaHX
zRcJ!v91&=)@t>hN(Z51-#-k>WdmR<r&BgDf=QDLAzCqw`_&LDEX}n<|yr91ASWO$f
z<g}uG9nY%OsYw<xXEM-@A#Eb8N}g#Kxpf#i%+icD_1FA_9QUGR0-8|~my5a-bWEPq
zF3QYOGfv!GzF`+kv(@V(`R#eZ)}5(7{gsiqd^6d~sx3Ok_$i^2jMex?%m|=9ehvCE
zJw=D7`OYUUG2e8wRevU1bi0A=$M}U$-QS(q&y+I^F}q8C-Ap5+Q#+b=-EC%yPiFQM
z_m~TjM~~jM^HIS^PQucXM+tr4PlTWALG0rce$J7_xL%u8?V$qt7_=$PVXqM~<Ovk$
zwM0kXH$lN7tm+N=Qf*2q@bMniwjPI^y2KPSL0Lz(M~tkh)l$uG%&aN;l{kQXDF=Pc
zlJ+^<9Kc?s`xej1=@RE5X&Dl^(>2H0lixEPFxK-Yt8&h)`tI+Yh#ZyATKr%ee{#4>
z8W~p_If~3cU(+5u3>Sb+=GXqlsU`G-*0DWCmX@|}s44nx8GD+r4r{up{-XyA304Kc
zc9LhT&fmQFRBJp^vG<s;zLI)Y(D}r@8WKm79%|`Y-@#}?==QJ5lNsUxl{SLbHspTH
zbG@^6@a%H9F?Lr*Qeb4gQP?pwE}&S}I3s0UNGF&GPduw*8O;<@Kt+vHW}u~@SYzcN
zXL>$%-AE{4idW`U!zN^q!-ee%pcBYAFCMKGk-(s*!u***#n+<NCB>U$-W9gg?@^`P
z3Za6JXI(qX3mT0Gecxu<7lqrqvo+eIqrVp1SZG$lVsXK5pDPW8%4z6OHJ`C*7ClUr
zYR^b8gvZf=@B8x8kSEaoL&%z|GGZ-M!E0%~5Ly;y85JEink^hi-qO4x^l%cf779mh
zSPM~l-O6INrwuP052@M58HmNk4*bnpD5Tng(bN~_9D`WGV}mU78lMNA)1D6E9}kXa
zzIoEFPDitIck`YvU>L`+^Kvgcha?uTHoHQMcL|r{i`i@;3S3v0C}|3G-SAfH5QP|S
z8Uu0E+7gn&_-9k$mFmSRbjZ&fbz4Qddeknn;>Wz_LY?t@2Gu;_sq=&<-vz52wdaB@
zw9S(PWm?%+RZr%A<tJ&&3sItjO|j>P{2h7t*#3&tZRNvF4ZNy#pi?kG5{W;^wKA!+
zhoPKY=dDN=)!9)q5h=4fw^-*aPFDXs7WxvNd!LBua$q6t%+LL&8ZzNx{I?-v>eRh1
zz_ikFnk}I%$V$Rn)&5O_iTY;=ru?5J7?j9=kYGajJtseN$}bDYRjlo&(%sY_m5AmO
zl1=W)eLg)A!r7}Ev6Y67)MPYsikqhgzlG70ZQwOMx?Nt1cOs;2Gf^-MhcXI7=_U77
zD-qvD_}m)V=E<$aXeq`4EFBJ5x^(vqmaZcolkv`pYnF8~-4Yz<4M$|NT4kC%-YMAr
z0t+?zzNFGGhE24_#(#DbdLeE?wUd(HnAR>x<VF&W(zb6K_(-p|pHXGSNCR)HO>-Sc
zHyQ;6PuVH@>n!mPUe&Qo$5v18Q;3r_{t>Z{6RXfXw^IJY{A+bWt8M(Y_AUv^CtMlU
zCRHlIU|8%0Y@PV{)jcgAnHq0glQd6?o?B7cmMMdZJCj_5XW6vs^ReHcig<3@WM%IW
zcj?0ajT9q6T9W{CVf&XN@zr*L9|m@9=h-b@MI+wA<xOJ#F(Oo~a>UC6M|FsT_)om&
zx_9L8&r`TMGVhjTR=lI36u1`8)FoqmK%Z###I6TX5byd|1X*+jI@B4wp$>pG;U}{f
z>o0|o_k|vK*uok#2${q*=<a25%*<)z{T#JvzWI9aegPS9A|fAJ@&X~D*f5la0;nMW
zLCKc9<j3qpp%rNOH(ezKy45?$Ql_IuC_;qHY;stj=nGtkzMvU*1(8vZ$%;gPsyf!G
sPzqvKq#&MbEgC}hszJT!aR0AOMIX4Sf~r22Q^6mDLq<BeT2_Jo3+wgKA^-pY

literal 0
HcmV?d00001

diff --git a/cloud-operations/quota-monitoring/main.tf b/cloud-operations/quota-monitoring/main.tf
new file mode 100644
index 00000000..ca27b933
--- /dev/null
+++ b/cloud-operations/quota-monitoring/main.tf
@@ -0,0 +1,142 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  projects = (
+    var.quota_config.projects == null
+    ? [var.project_id]
+    : var.quota_config.projects
+  )
+}
+
+module "project" {
+  source         = "../../modules/project"
+  name           = var.project_id
+  project_create = var.project_create
+  services = [
+    "compute.googleapis.com",
+    "cloudfunctions.googleapis.com"
+  ]
+  service_config = {
+    disable_on_destroy         = false,
+    disable_dependent_services = false
+  }
+  iam_roles = [
+    "roles/monitoring.metricWriter",
+  ]
+  iam_members = {
+    "roles/monitoring.metricWriter" = [module.cf.service_account_iam_email]
+  }
+}
+
+module "pubsub" {
+  source     = "../../modules/pubsub"
+  project_id = module.project.project_id
+  name       = var.name
+  subscriptions = {
+    "${var.name}-default" = null
+  }
+  # the Cloud Scheduler robot service account already has pubsub.topics.publish
+  # at the project level via roles/cloudscheduler.serviceAgent
+}
+
+module "cf" {
+  source      = "../../modules/cloud-function"
+  project_id  = module.project.project_id
+  name        = var.name
+  bucket_name = "${var.name}-${random_pet.random.id}"
+  bucket_config = {
+    location             = var.region
+    lifecycle_delete_age = null
+  }
+  bundle_config = {
+    source_dir  = "cf"
+    output_path = var.bundle_path
+  }
+  service_account_create = true
+  trigger_config = {
+    event    = "google.pubsub.topic.publish"
+    resource = module.pubsub.topic.id
+    retry    = null
+  }
+}
+
+resource "google_cloud_scheduler_job" "job" {
+  project   = var.project_id
+  region    = var.region
+  name      = var.name
+  schedule  = var.schedule_config
+  time_zone = "UTC"
+
+  pubsub_target {
+    attributes = {}
+    topic_name = module.pubsub.topic.id
+    data = base64encode(jsonencode({
+      gce_project = var.quota_config.projects
+      gce_region  = var.quota_config.regions
+      keywords    = var.quota_config.filters
+    }))
+  }
+}
+
+resource "google_project_iam_member" "network_viewer" {
+  for_each = toset(local.projects)
+  project  = each.key
+  role     = "roles/compute.networkViewer"
+  member   = module.cf.service_account_iam_email
+}
+
+resource "google_project_iam_member" "quota_viewer" {
+  for_each = toset(local.projects)
+  project  = each.key
+  role     = "roles/servicemanagement.quotaViewer"
+  member   = module.cf.service_account_iam_email
+}
+
+resource "google_monitoring_alert_policy" "alert_policy" {
+  project      = module.project.project_id
+  display_name = "Quota monitor"
+  combiner     = "OR"
+  conditions {
+    display_name = "simple quota threshold"
+    condition_threshold {
+      filter          = "metric.type=\"custom.googleapis.com/quota/gce\" resource.type=\"global\""
+      threshold_value = 0.75
+      comparison      = "COMPARISON_GT"
+      duration        = "0s"
+      aggregations {
+        alignment_period   = "60s"
+        group_by_fields    = []
+        per_series_aligner = "ALIGN_MEAN"
+      }
+      trigger {
+        count   = 1
+        percent = 0
+      }
+    }
+  }
+  enabled = false
+  user_labels = {
+    name = var.name
+  }
+  documentation {
+    content = "GCE quota over threshold."
+  }
+}
+
+resource "random_pet" "random" {
+  length = 1
+}
diff --git a/cloud-operations/quota-monitoring/outputs.tf b/cloud-operations/quota-monitoring/outputs.tf
new file mode 100644
index 00000000..264a34bf
--- /dev/null
+++ b/cloud-operations/quota-monitoring/outputs.tf
@@ -0,0 +1,16 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
diff --git a/cloud-operations/quota-monitoring/variables.tf b/cloud-operations/quota-monitoring/variables.tf
new file mode 100644
index 00000000..c54a44bb
--- /dev/null
+++ b/cloud-operations/quota-monitoring/variables.tf
@@ -0,0 +1,64 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "bundle_path" {
+  description = "Path used to write the intermediate Cloud Function code bundle."
+  type        = string
+  default     = "./bundle.zip"
+}
+
+variable "name" {
+  description = "Arbitrary string used to name created resources."
+  type        = string
+  default     = "quota-monitor"
+}
+
+variable "project_create" {
+  description = "Create project instead ofusing an existing one."
+  type        = bool
+  default     = false
+}
+
+variable "project_id" {
+  description = "Project id that references existing project."
+  type        = string
+}
+
+variable "quota_config" {
+  description = "Cloud function configuration."
+  type = object({
+    filters  = list(string)
+    projects = list(string)
+    regions  = list(string)
+  })
+  default = {
+    filters  = null
+    projects = null
+    regions  = null
+  }
+}
+
+variable "region" {
+  description = "Compute region used in the example."
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "schedule_config" {
+  description = "Schedule timer configuration in crontab format"
+  type        = string
+  default     = "0 * * * *"
+}
diff --git a/tests/cloud_operations/quota_monitoring/__init__.py b/tests/cloud_operations/quota_monitoring/__init__.py
new file mode 100644
index 00000000..6913f02e
--- /dev/null
+++ b/tests/cloud_operations/quota_monitoring/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/cloud_operations/quota_monitoring/fixture/cf/README b/tests/cloud_operations/quota_monitoring/fixture/cf/README
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/cloud_operations/quota_monitoring/fixture/main.tf b/tests/cloud_operations/quota_monitoring/fixture/main.tf
new file mode 100644
index 00000000..3f2810ae
--- /dev/null
+++ b/tests/cloud_operations/quota_monitoring/fixture/main.tf
@@ -0,0 +1,22 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source         = "../../../../cloud-operations/quota-monitoring"
+  name           = var.name
+  project_create = var.project_create
+  project_id     = var.project_id
+}
diff --git a/tests/cloud_operations/quota_monitoring/fixture/variables.tf b/tests/cloud_operations/quota_monitoring/fixture/variables.tf
new file mode 100644
index 00000000..ce52e598
--- /dev/null
+++ b/tests/cloud_operations/quota_monitoring/fixture/variables.tf
@@ -0,0 +1,38 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "name" {
+  type    = string
+  default = "dns-sd-test"
+}
+
+variable "project_create" {
+  type    = bool
+  default = true
+}
+
+variable "project_id" {
+  type    = string
+  default = "test"
+}
+
+variable "region" {
+  type    = string
+  default = "europe-west1"
+}
+
+variable "zone_domain" {
+  type    = string
+  default = "svc.example.org."
+}
diff --git a/tests/cloud_operations/quota_monitoring/test_plan.py b/tests/cloud_operations/quota_monitoring/test_plan.py
new file mode 100644
index 00000000..7b195b5c
--- /dev/null
+++ b/tests/cloud_operations/quota_monitoring/test_plan.py
@@ -0,0 +1,27 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+  "Test that plan works and the numbers of resources is as expected."
+  modules, resources = e2e_plan_runner(FIXTURES_DIR)
+  assert len(modules) == 3
+  assert len(resources) == 10

From a468cd89bc73ec970a55ad46e8027d61b0d5eab1 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:31:22 +0200
Subject: [PATCH 07/25] Update CHANGELOG.md

---
 CHANGELOG.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 901af3d5..fac96d1c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,10 +4,13 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-- add alias IP support in `cloud-vm` module
+## [3.2.0] - 2020-08-29
+
+- **incompatible change** aadd alias IP support in `cloud-vm` module
 - add tests for `data-solutions` examples
 - fix apply errors on dynamic resources in dataflow example
 - make zone creation optional in `dns` module
+- new `quota-monitoring` end-to-end example in `cloud-operations`
 
 ## [3.1.1] - 2020-08-26
 
@@ -176,7 +179,8 @@ All notable changes to this project will be documented in this file.
 
 - merge development branch with suite of new modules and end-to-end examples
 
-[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.1...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.2.0...HEAD
+[3.2.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.1...v3.2.0
 [3.1.1]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.0...v3.1.1
 [3.1.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.0.0...v3.1.0
 [3.0.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v2.8.0...v3.0.0

From 887348da48460c10e818f6b2a2eee35b95692157 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 29 Aug 2020 11:31:48 +0200
Subject: [PATCH 08/25] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fac96d1c..a09919bd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file.
 
 ## [3.2.0] - 2020-08-29
 
-- **incompatible change** aadd alias IP support in `cloud-vm` module
+- **incompatible change** add alias IP support in `cloud-vm` module
 - add tests for `data-solutions` examples
 - fix apply errors on dynamic resources in dataflow example
 - make zone creation optional in `dns` module

From 534662a41c4a642158442431e9b59be9e448d3c6 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lcaggioni@google.com>
Date: Mon, 31 Aug 2020 10:48:14 +0200
Subject: [PATCH 09/25] - Fix issue 128

---
 CHANGELOG.md                                   | 1 +
 data-solutions/gcs-to-bq-with-dataflow/main.tf | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a09919bd..1291c2f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+- Fix GCS2BQ (issue: 128)
 
 ## [3.2.0] - 2020-08-29
 
diff --git a/data-solutions/gcs-to-bq-with-dataflow/main.tf b/data-solutions/gcs-to-bq-with-dataflow/main.tf
index c573c7e7..39a9ffd3 100644
--- a/data-solutions/gcs-to-bq-with-dataflow/main.tf
+++ b/data-solutions/gcs-to-bq-with-dataflow/main.tf
@@ -301,7 +301,6 @@ module "bigquery-dataset" {
     owner        = { role = "OWNER", type = "user_by_email" }
   }
   access_identities = {
-    reader-group = "caggioland.com"
     owner        = module.service-account-bq.email
   }
   encryption_key = module.kms.keys.key-bq.self_link

From 067f072c2626edc661dfa481a9f02fa1695692c5 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Mon, 31 Aug 2020 14:09:28 +0200
Subject: [PATCH 10/25] Make VPC creation optional in `net-vpc` module

---
 CHANGELOG.md                 |  1 +
 modules/net-vpc/README.md    |  1 +
 modules/net-vpc/main.tf      | 34 +++++++++++++++++++++++-----------
 modules/net-vpc/outputs.tf   |  6 +++---
 modules/net-vpc/variables.tf |  6 ++++++
 5 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1291c2f1..28b20425 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 - Fix GCS2BQ (issue: 128)
+- make VPC creation optional in `net-vpc` module to allow managing a pre-existing VPC
 
 ## [3.2.0] - 2020-08-29
 
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 334c7fbb..29085729 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -127,6 +127,7 @@ module "vpc-host" {
 | *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *subnets* | The list of subnets being created | <code title="list&#40;object&#40;&#123;&#10;name               &#61; string&#10;ip_cidr_range      &#61; string&#10;name               &#61; string&#10;region             &#61; string&#10;secondary_ip_range &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
+| *vpc_create* | Create VPC. When set to false, uses a data source to reference existing VPC. | <code title="">bool</code> |  | <code title="">true</code> |
 
 ## Outputs
 
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index 3c21f467..a3cfd72c 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -66,9 +66,21 @@ locals {
     for subnet in var.subnets :
     "${subnet.region}/${subnet.name}" => subnet
   }
+  network = (
+    var.vpc_create
+    ? try(google_compute_network.network.0, null)
+    : try(data.google_compute_network.network.0, null)
+  )
+}
+
+data "google_compute_network" "network" {
+  count   = var.vpc_create ? 0 : 1
+  project = var.project_id
+  name    = var.name
 }
 
 resource "google_compute_network" "network" {
+  count                           = var.vpc_create ? 1 : 0
   project                         = var.project_id
   name                            = var.name
   description                     = var.description
@@ -80,8 +92,8 @@ resource "google_compute_network" "network" {
 resource "google_compute_network_peering" "local" {
   provider             = google-beta
   count                = var.peering_config == null ? 0 : 1
-  name                 = "${google_compute_network.network.name}-${local.peer_network}"
-  network              = google_compute_network.network.self_link
+  name                 = "${local.network.name}-${local.peer_network}"
+  network              = local.network.self_link
   peer_network         = var.peering_config.peer_vpc_self_link
   export_custom_routes = var.peering_config.export_routes
   import_custom_routes = var.peering_config.import_routes
@@ -90,9 +102,9 @@ resource "google_compute_network_peering" "local" {
 resource "google_compute_network_peering" "remote" {
   provider             = google-beta
   count                = var.peering_config == null ? 0 : 1
-  name                 = "${local.peer_network}-${google_compute_network.network.name}"
+  name                 = "${local.peer_network}-${local.network.name}"
   network              = var.peering_config.peer_vpc_self_link
-  peer_network         = google_compute_network.network.self_link
+  peer_network         = local.network.self_link
   export_custom_routes = var.peering_config.import_routes
   import_custom_routes = var.peering_config.export_routes
   depends_on           = [google_compute_network_peering.local]
@@ -101,7 +113,7 @@ resource "google_compute_network_peering" "remote" {
 resource "google_compute_shared_vpc_host_project" "shared_vpc_host" {
   count      = var.shared_vpc_host ? 1 : 0
   project    = var.project_id
-  depends_on = [google_compute_network.network]
+  depends_on = [local.network]
 }
 
 resource "google_compute_shared_vpc_service_project" "service_projects" {
@@ -118,7 +130,7 @@ resource "google_compute_shared_vpc_service_project" "service_projects" {
 resource "google_compute_subnetwork" "subnetwork" {
   for_each      = local.subnets
   project       = var.project_id
-  network       = google_compute_network.network.name
+  network       = local.network.name
   region        = each.value.region
   name          = each.value.name
   ip_cidr_range = each.value.ip_cidr_range
@@ -153,7 +165,7 @@ resource "google_compute_subnetwork_iam_binding" "binding" {
 resource "google_compute_route" "gateway" {
   for_each         = local.routes_gateway
   project          = var.project_id
-  network          = google_compute_network.network.name
+  network          = local.network.name
   name             = "${var.name}-${each.key}"
   description      = "Terraform-managed."
   dest_range       = each.value.dest_range
@@ -165,7 +177,7 @@ resource "google_compute_route" "gateway" {
 resource "google_compute_route" "ilb" {
   for_each     = local.routes_ilb
   project      = var.project_id
-  network      = google_compute_network.network.name
+  network      = local.network.name
   name         = "${var.name}-${each.key}"
   description  = "Terraform-managed."
   dest_range   = each.value.dest_range
@@ -177,7 +189,7 @@ resource "google_compute_route" "ilb" {
 resource "google_compute_route" "instance" {
   for_each          = local.routes_instance
   project           = var.project_id
-  network           = google_compute_network.network.name
+  network           = local.network.name
   name              = "${var.name}-${each.key}"
   description       = "Terraform-managed."
   dest_range        = each.value.dest_range
@@ -191,7 +203,7 @@ resource "google_compute_route" "instance" {
 resource "google_compute_route" "ip" {
   for_each    = local.routes_ip
   project     = var.project_id
-  network     = google_compute_network.network.name
+  network     = local.network.name
   name        = "${var.name}-${each.key}"
   description = "Terraform-managed."
   dest_range  = each.value.dest_range
@@ -203,7 +215,7 @@ resource "google_compute_route" "ip" {
 resource "google_compute_route" "vpn_tunnel" {
   for_each            = local.routes_vpn_tunnel
   project             = var.project_id
-  network             = google_compute_network.network.name
+  network             = local.network.name
   name                = "${var.name}-${each.key}"
   description         = "Terraform-managed."
   dest_range          = each.value.dest_range
diff --git a/modules/net-vpc/outputs.tf b/modules/net-vpc/outputs.tf
index 64649135..5dfe4066 100644
--- a/modules/net-vpc/outputs.tf
+++ b/modules/net-vpc/outputs.tf
@@ -16,17 +16,17 @@
 
 output "network" {
   description = "Network resource."
-  value       = google_compute_network.network
+  value       = local.network
 }
 
 output "name" {
   description = "The name of the VPC being created."
-  value       = google_compute_network.network.name
+  value       = local.network.name
 }
 
 output "self_link" {
   description = "The URI of the VPC being created."
-  value       = google_compute_network.network.self_link
+  value       = local.network.self_link
 }
 
 output "project_id" {
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index d06eb401..d9ea1ee2 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -143,3 +143,9 @@ variable "subnet_private_access" {
   type        = map(bool)
   default     = {}
 }
+
+variable "vpc_create" {
+  description = "Create VPC. When set to false, uses a data source to reference existing VPC."
+  type        = bool
+  default     = true
+}

From 21aee6f0aa1721cde154ceeeff915226d39a8392 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Mon, 31 Aug 2020 14:54:05 +0200
Subject: [PATCH 11/25] Reference VPC name from module variable

---
 modules/net-vpc/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index a3cfd72c..67bd102d 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -92,7 +92,7 @@ resource "google_compute_network" "network" {
 resource "google_compute_network_peering" "local" {
   provider             = google-beta
   count                = var.peering_config == null ? 0 : 1
-  name                 = "${local.network.name}-${local.peer_network}"
+  name                 = "${var.name}-${local.peer_network}"
   network              = local.network.self_link
   peer_network         = var.peering_config.peer_vpc_self_link
   export_custom_routes = var.peering_config.export_routes
@@ -102,7 +102,7 @@ resource "google_compute_network_peering" "local" {
 resource "google_compute_network_peering" "remote" {
   provider             = google-beta
   count                = var.peering_config == null ? 0 : 1
-  name                 = "${local.peer_network}-${local.network.name}"
+  name                 = "${local.peer_network}-${var.name}"
   network              = var.peering_config.peer_vpc_self_link
   peer_network         = local.network.self_link
   export_custom_routes = var.peering_config.import_routes

From 263c767a0a7beca697edecfac65e7f21825a4b33 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Mon, 31 Aug 2020 15:13:28 +0200
Subject: [PATCH 12/25] Update README.md

---
 cloud-operations/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloud-operations/README.md b/cloud-operations/README.md
index e887b417..e1fa1382 100644
--- a/cloud-operations/README.md
+++ b/cloud-operations/README.md
@@ -12,7 +12,7 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
 
 ## Granular Cloud DNS IAM via Service Directory
 
-<a href="./dns-fine-grained-iam" title="Fine-grained Cloud DNS IAM with Service Directory"><img src="./dns-fine-grained-iam/diagram.png" align="left" width="280px"></a> This [example](./dns-fine-grained-iam) shows how to leverage Service Directory](https://cloud.google.com/blog/products/networking/introducing-service-directory) and Cloud DNS Service Directory private zones, to implement fine-grained IAM controls on DNS. The example creates a Service Directory namespace, a Cloud DNS private zone that uses it as its authoritative source, service accounts with different levels of permissions, and VMs to test them.
+<a href="./dns-fine-grained-iam" title="Fine-grained Cloud DNS IAM with Service Directory"><img src="./dns-fine-grained-iam/diagram.png" align="left" width="280px"></a> This [example](./dns-fine-grained-iam) shows how to leverage [Service Directory](https://cloud.google.com/blog/products/networking/introducing-service-directory) and Cloud DNS Service Directory private zones, to implement fine-grained IAM controls on DNS. The example creates a Service Directory namespace, a Cloud DNS private zone that uses it as its authoritative source, service accounts with different levels of permissions, and VMs to test them.
 
 <br clear="left">
 

From 707e56763771f5da7db784255681e7634197689c Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Sep 2020 07:50:04 +0200
Subject: [PATCH 13/25] implement cf fix for
 https://issuetracker.google.com/issues/155215191

---
 cloud-operations/quota-monitoring/main.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cloud-operations/quota-monitoring/main.tf b/cloud-operations/quota-monitoring/main.tf
index ca27b933..4369f761 100644
--- a/cloud-operations/quota-monitoring/main.tf
+++ b/cloud-operations/quota-monitoring/main.tf
@@ -66,6 +66,10 @@ module "cf" {
     source_dir  = "cf"
     output_path = var.bundle_path
   }
+  environment_variables = {
+    USE_WORKER_V2                         = "true"
+    PYTHON37_DRAIN_LOGS_ON_CRASH_WAIT_SEC = "5"
+  }
   service_account_create = true
   trigger_config = {
     event    = "google.pubsub.topic.publish"

From fe857ee96f31b86edb318b5b3a3eabe3b2e0bf7d Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Sep 2020 07:52:48 +0200
Subject: [PATCH 14/25] implement cf fix for
 https://issuetracker.google.com/issues/155215191

---
 cloud-operations/quota-monitoring/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cloud-operations/quota-monitoring/main.tf b/cloud-operations/quota-monitoring/main.tf
index 4369f761..0727ae4b 100644
--- a/cloud-operations/quota-monitoring/main.tf
+++ b/cloud-operations/quota-monitoring/main.tf
@@ -66,6 +66,8 @@ module "cf" {
     source_dir  = "cf"
     output_path = var.bundle_path
   }
+  # https://github.com/hashicorp/terraform-provider-archive/issues/40
+  # https://issuetracker.google.com/issues/155215191
   environment_variables = {
     USE_WORKER_V2                         = "true"
     PYTHON37_DRAIN_LOGS_ON_CRASH_WAIT_SEC = "5"

From 4626dafcc8409e46c44d7c1ace82bd3484facabe Mon Sep 17 00:00:00 2001
From: Aleksandr Averbukh <averbukh@google.com>
Date: Tue, 1 Sep 2020 12:38:25 +0200
Subject: [PATCH 15/25] Make VPN Gateway creation optional for the  module.

---
 CHANGELOG.md                    |  2 ++
 modules/net-vpn-ha/README.md    | 10 ++++++----
 modules/net-vpn-ha/main.tf      | 20 ++++++++++++--------
 modules/net-vpn-ha/outputs.tf   | 25 ++++++++++++++++++-------
 modules/net-vpn-ha/variables.tf | 16 ++++++++++++++--
 5 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07a5a7bf..b4e2805b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- **incompatible change** make HA VPN Gateway creation optional for `net-vpn-ha` module. Now an existing HA VPN Gateway can be used. Updating to the new version of the module will cause VPN Gateway recreation which can be handled by `terraform state rm/terraform import` operations.  
+
 ## [3.1.0] - 2020-08-16
 
 - **incompatible change** add support for specifying a different project id in the GKE cluster module; if using the `peering_config` variable, `peering_config.project_id` now needs to be explicitly set, a `null` value will reuse the `project_id` variable for the peering
diff --git a/modules/net-vpn-ha/README.md b/modules/net-vpn-ha/README.md
index 2357fb6b..959f7fa7 100644
--- a/modules/net-vpn-ha/README.md
+++ b/modules/net-vpn-ha/README.md
@@ -136,7 +136,7 @@ module "vpn_ha" {
 
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
-| name | VPN gateway name, and prefix used for dependent resources. | <code title="">string</code> | ✓ |  |
+| name | VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources. | <code title="">string</code> | ✓ |  |
 | network | VPC used for the gateway and routes. | <code title="">string</code> | ✓ |  |
 | project_id | Project where resources will be created. | <code title="">string</code> | ✓ |  |
 | region | Region used for resources. | <code title="">string</code> | ✓ |  |
@@ -146,16 +146,18 @@ module "vpn_ha" {
 | *router_advertise_config* | Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. | <code title="object&#40;&#123;&#10;groups    &#61; list&#40;string&#41;&#10;ip_ranges &#61; map&#40;string&#41;&#10;mode      &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
 | *router_asn* | Router ASN used for auto-created router. | <code title="">number</code> |  | <code title="">64514</code> |
 | *router_create* | Create router. | <code title="">bool</code> |  | <code title="">true</code> |
-| *router_name* | Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. | <code title="">string</code> |  | <code title=""></code> |
+| *router_name* | Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router. | <code title="">string</code> |  | <code title=""></code> |
 | *tunnels* | VPN tunnel configurations, bgp_peer_options is usually null. | <code title="map&#40;object&#40;&#123;&#10;bgp_peer &#61; object&#40;&#123;&#10;address &#61; string&#10;asn     &#61; number&#10;&#125;&#41;&#10;bgp_peer_options &#61; object&#40;&#123;&#10;advertise_groups    &#61; list&#40;string&#41;&#10;advertise_ip_ranges &#61; map&#40;string&#41;&#10;advertise_mode      &#61; string&#10;route_priority      &#61; number&#10;&#125;&#41;&#10;bgp_session_range               &#61; string&#10;ike_version                     &#61; number&#10;vpn_gateway_interface           &#61; number&#10;peer_external_gateway_interface &#61; number&#10;shared_secret                   &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
+| *vpn_gateway* | HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`. | <code title="">string</code> |  | <code title="">null</code> |
+| *vpn_gateway_create* | Create HA VPN Gateway. | <code title="">bool</code> |  | <code title="">true</code> |
 
 ## Outputs
 
 | name | description | sensitive |
 |---|---|:---:|
 | external_gateway | External VPN gateway resource. |  |
-| gateway | HA VPN gateway resource. |  |
-| name | VPN gateway name. |  |
+| gateway | VPN gateway resource (only if auto-created). |  |
+| name | VPN gateway name (only if auto-created).  |  |
 | random_secret | Generated secret. | ✓ |
 | router | Router resource (only if auto-created). |  |
 | router_name | Router name. |  |
diff --git a/modules/net-vpn-ha/main.tf b/modules/net-vpn-ha/main.tf
index 141bffc7..7f6e4fa0 100644
--- a/modules/net-vpn-ha/main.tf
+++ b/modules/net-vpn-ha/main.tf
@@ -27,11 +27,17 @@ locals {
     ? try(google_compute_router.router[0].name, null)
     : var.router_name
   )
+  vpn_gateway = (
+    var.vpn_gateway_create
+    ? try(google_compute_ha_vpn_gateway.ha_gateway[0].self_link, null)
+    : var.vpn_gateway
+  )
   secret = random_id.secret.b64_url
 }
 
 resource "google_compute_ha_vpn_gateway" "ha_gateway" {
   provider = google-beta
+  count    = var.vpn_gateway_create ? 1 : 0
   name     = var.name
   project  = var.project_id
   region   = var.region
@@ -55,12 +61,11 @@ resource "google_compute_external_vpn_gateway" "external_gateway" {
 }
 
 resource "google_compute_router" "router" {
-  provider = google-beta
-  count    = var.router_create ? 1 : 0
-  name     = var.router_name == "" ? "vpn-${var.name}" : var.router_name
-  project  = var.project_id
-  region   = var.region
-  network  = var.network
+  count   = var.router_create ? 1 : 0
+  name    = var.router_name == "" ? "vpn-${var.name}" : var.router_name
+  project = var.project_id
+  region  = var.region
+  network = var.network
   bgp {
     advertise_mode = (
       var.router_advertise_config == null
@@ -135,7 +140,6 @@ resource "google_compute_router_peer" "bgp_peer" {
 }
 
 resource "google_compute_router_interface" "router_interface" {
-  provider   = google-beta
   for_each   = var.tunnels
   project    = var.project_id
   region     = var.region
@@ -162,7 +166,7 @@ resource "google_compute_vpn_tunnel" "tunnels" {
     ? local.secret
     : each.value.shared_secret
   )
-  vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.self_link
+  vpn_gateway = local.vpn_gateway
 }
 
 resource "random_id" "secret" {
diff --git a/modules/net-vpn-ha/outputs.tf b/modules/net-vpn-ha/outputs.tf
index 94269377..7227e8f3 100644
--- a/modules/net-vpn-ha/outputs.tf
+++ b/modules/net-vpn-ha/outputs.tf
@@ -1,4 +1,3 @@
-
 /**
  * Copyright 2019 Google LLC
  *
@@ -16,8 +15,12 @@
  */
 
 output "gateway" {
-  description = "HA VPN gateway resource."
-  value       = google_compute_ha_vpn_gateway.ha_gateway
+  description = "VPN gateway resource (only if auto-created)."
+  value = (
+    var.vpn_gateway_create
+    ? google_compute_ha_vpn_gateway.ha_gateway[0]
+    : null
+  )
 }
 
 output "external_gateway" {
@@ -30,13 +33,21 @@ output "external_gateway" {
 }
 
 output "name" {
-  description = "VPN gateway name."
-  value       = google_compute_ha_vpn_gateway.ha_gateway.name
+  description = "VPN gateway name (only if auto-created). "
+  value = (
+    var.vpn_gateway_create
+    ? google_compute_ha_vpn_gateway.ha_gateway[0].name
+    : null
+  )
 }
 
 output "router" {
   description = "Router resource (only if auto-created)."
-  value       = var.router_name == "" ? google_compute_router.router[0] : null
+  value = (
+    var.router_name == ""
+    ? google_compute_router.router[0]
+    : null
+  )
 }
 
 output "router_name" {
@@ -46,7 +57,7 @@ output "router_name" {
 
 output "self_link" {
   description = "HA VPN gateway self link."
-  value       = google_compute_ha_vpn_gateway.ha_gateway.self_link
+  value       = local.vpn_gateway
 }
 
 output "tunnels" {
diff --git a/modules/net-vpn-ha/variables.tf b/modules/net-vpn-ha/variables.tf
index 55f4ec89..81016add 100644
--- a/modules/net-vpn-ha/variables.tf
+++ b/modules/net-vpn-ha/variables.tf
@@ -15,10 +15,22 @@
  */
 
 variable "name" {
-  description = "VPN gateway name, and prefix used for dependent resources."
+  description = "VPN Gateway name (if an existing VPN Gateway is not used), and prefix used for dependent resources."
   type        = string
 }
 
+variable "vpn_gateway_create" {
+  description = "Create HA VPN Gateway."
+  type        = bool
+  default     = true
+}
+
+variable "vpn_gateway" {
+  description = "HA VPN Gateway Self Link for using an existing HA VPN Gateway, leave empty if `vpn_gateway_create` is set to `true`."
+  type        = string
+  default     = null
+}
+
 variable "network" {
   description = "VPC used for the gateway and routes."
   type        = string
@@ -81,7 +93,7 @@ variable "router_create" {
 }
 
 variable "router_name" {
-  description = "Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router."
+  description = "Router name used for auto created router, or to specify an existing router to use if `router_create` is set to `true`. Leave blank to use VPN name for auto created router."
   type        = string
   default     = ""
 }

From 931af3e94359f5a7ffdf522043eeddb00a612062 Mon Sep 17 00:00:00 2001
From: Aleksandr Averbukh <averbukh@google.com>
Date: Tue, 1 Sep 2020 14:18:37 +0200
Subject: [PATCH 16/25] Fix subnet logging test

---
 tests/modules/net_vpc/test_plan_subnets.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/modules/net_vpc/test_plan_subnets.py b/tests/modules/net_vpc/test_plan_subnets.py
index 473a1c34..37be4e5c 100644
--- a/tests/modules/net_vpc/test_plan_subnets.py
+++ b/tests/modules/net_vpc/test_plan_subnets.py
@@ -58,7 +58,8 @@ def test_subnet_log_configs(plan_runner):
   for r in resources:
     if r['type'] != 'google_compute_subnetwork':
       continue
-    flow_logs[r['values']['name']] = r['values']['log_config']
+    flow_logs[r['values']['name']] = {key: r['values']['log_config'][key] for key in r['values']['log_config'].keys()
+                             & {'aggregation_interval', 'flow_sampling', 'metadata'}}
   assert flow_logs == {
       # enable, override one default option
       'a': [{

From aacb570ac8b14cff12efc6f3802fe2e37b91d4bc Mon Sep 17 00:00:00 2001
From: Aleksandr Averbukh <averbukh@google.com>
Date: Tue, 1 Sep 2020 15:00:16 +0200
Subject: [PATCH 17/25] Fix list of log config attributes to be tested

---
 tests/modules/net_vpc/test_plan_subnets.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/modules/net_vpc/test_plan_subnets.py b/tests/modules/net_vpc/test_plan_subnets.py
index 37be4e5c..2d14f6f5 100644
--- a/tests/modules/net_vpc/test_plan_subnets.py
+++ b/tests/modules/net_vpc/test_plan_subnets.py
@@ -58,8 +58,9 @@ def test_subnet_log_configs(plan_runner):
   for r in resources:
     if r['type'] != 'google_compute_subnetwork':
       continue
-    flow_logs[r['values']['name']] = {key: r['values']['log_config'][key] for key in r['values']['log_config'].keys()
-                             & {'aggregation_interval', 'flow_sampling', 'metadata'}}
+    flow_logs[r['values']['name']] = [{key: config[key] for key in config.keys() 
+                               & {'aggregation_interval', 'flow_sampling', 'metadata'}} 
+                               for config in r['values']['log_config']]
   assert flow_logs == {
       # enable, override one default option
       'a': [{

From daf3dc41e7e314676214fccec9bf5a14631df060 Mon Sep 17 00:00:00 2001
From: vanessabodard-voi <63779321+vanessabodard-voi@users.noreply.github.com>
Date: Tue, 1 Sep 2020 17:48:02 +0200
Subject: [PATCH 18/25] Add retention policy (#133)

---
 CHANGELOG.md             |  1 +
 modules/gcs/README.md    | 30 +++++++++++++++++++++++++++++-
 modules/gcs/main.tf      |  9 +++++++++
 modules/gcs/variables.tf |  6 ++++++
 4 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 946e8116..e13d944b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [Unreleased]
 - Fix GCS2BQ (issue: 128)
 - make VPC creation optional in `net-vpc` module to allow managing a pre-existing VPC
+- add retention_policy in `gcs` module
 
 ## [3.2.0] - 2020-08-29
 
diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 839faadd..1f31a40f 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -45,12 +45,39 @@ module "buckets" {
   iam_roles = {
     bucket-two = ["roles/storage.admin"]
   }
-  kms_keys = {
+  encryption_keys = {
     bucket-two = local.kms_key.self_link,
   }
 }
 ```
 
+### Example with retention policy
+
+```hcl
+module "buckets" {
+  source     = "./modules/gcs"
+  project_id = "myproject"
+  prefix     = "test"
+  names      = ["bucket-one", "bucket-two"]
+  bucket_policy_only = {
+    bucket-one = false
+  }
+  iam_members = {
+    bucket-two = {
+      "roles/storage.admin" = ["group:storage@example.com"]
+    }
+  }
+  iam_roles = {
+    bucket-two = ["roles/storage.admin"]
+  }
+
+  retention_policies = {
+    bucket-one = { retention_period = 100 , is_locked = true}
+    bucket-two = { retention_period = 900 }
+  }
+}
+```
+
 <!-- BEGIN TFDOC -->
 ## Variables
 
@@ -68,6 +95,7 @@ module "buckets" {
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
 | *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
 | *versioning* | Optional map to set versioning keyed by name, defaults to false. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
+| *retention_policies* | Optional map to set up retention policy keyed by bucket name. | <code title="map&#40;bool&#41;">map(map(string))</code> |  | <code title="">{}</code> |
 
 ## Outputs
 
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index f345ed3b..d2d8616a 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -37,6 +37,7 @@ locals {
     : join("-", [var.prefix, lower(var.location), ""])
   )
   kms_keys = { for name in var.names : name => lookup(var.encryption_keys, name, null) }
+  retention_policy = { for name in var.names : name => lookup(var.retention_policies, name, null) }
 }
 
 resource "google_storage_bucket" "buckets" {
@@ -63,6 +64,14 @@ resource "google_storage_bucket" "buckets" {
       default_kms_key_name = local.kms_keys[each.key]
     }
   }
+
+  dynamic retention_policy {
+    for_each = local.retention_policy[each.key] == null ? [] : [""]
+    content {
+      retention_period = local.retention_policy[each.key]["retention_period"]
+      is_locked = lookup(local.retention_policy[each.key], "is_locked", false)
+    }
+  }
 }
 
 resource "google_storage_bucket_iam_binding" "bindings" {
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index cdc63ecc..c3e3360f 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -83,3 +83,9 @@ variable "versioning" {
   type        = map(bool)
   default     = {}
 }
+
+variable "retention_policies" {
+  description = "Per-bucket retention policy."
+  type        = map(map(string))
+  default     = {}
+}

From 0265ba0951471513b36508c04f22a0aadc2e841e Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Sep 2020 18:49:21 +0200
Subject: [PATCH 19/25] Refactor net-address variables, add support for
 internal address purpose

* add support for internal address purpose
* update gcs module README
* refactor net address module interface and add tests
* add more examples in net-address README
---
 modules/gcs/README.md                         |  2 +-
 modules/net-address/README.md                 | 41 +++++++++--
 modules/net-address/main.tf                   |  6 +-
 modules/net-address/outputs.tf                |  1 -
 modules/net-address/variables.tf              | 18 +++--
 modules/net-address/versions.tf               |  3 +
 tests/modules/net_address/__init__.py         | 13 ++++
 tests/modules/net_address/fixture/main.tf     | 24 +++++++
 tests/modules/net_address/fixture/outputs.tf  | 19 +++++
 .../modules/net_address/fixture/variables.tf  | 47 +++++++++++++
 tests/modules/net_address/test_plan.py        | 70 +++++++++++++++++++
 11 files changed, 225 insertions(+), 19 deletions(-)
 create mode 100644 tests/modules/net_address/__init__.py
 create mode 100644 tests/modules/net_address/fixture/main.tf
 create mode 100644 tests/modules/net_address/fixture/outputs.tf
 create mode 100644 tests/modules/net_address/fixture/variables.tf
 create mode 100644 tests/modules/net_address/test_plan.py

diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 1f31a40f..d5f793f5 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -93,9 +93,9 @@ module "buckets" {
 | *labels* | Labels to be attached to all buckets. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *location* | Bucket location. | <code title="">string</code> |  | <code title="">EU</code> |
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
+| *retention_policies* | Per-bucket retention policy. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> |  | <code title="">{}</code> |
 | *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
 | *versioning* | Optional map to set versioning keyed by name, defaults to false. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
-| *retention_policies* | Optional map to set up retention policy keyed by bucket name. | <code title="map&#40;bool&#41;">map(map(string))</code> |  | <code title="">{}</code> |
 
 ## Outputs
 
diff --git a/modules/net-address/README.md b/modules/net-address/README.md
index 9c1169b5..eb3e1168 100644
--- a/modules/net-address/README.md
+++ b/modules/net-address/README.md
@@ -1,14 +1,46 @@
 # Net Address Reservation Module
 
-## Example
+This module allows reserving Compute Engine external, global, and internal addresses.
+
+## Examples
+
+### External and global addresses
 
 ```hcl
 module "addresses" {
   source     = "./modules/net-address"
   project_id = local.projects.host
   external_addresses = {
-    nat-1      = module.vpc.subnet_regions["default"],
-    vpn-remote = module.vpc.subnet_regions["default"],
+    nat-1      = var.region
+    vpn-remote = var.region
+  }
+  global_addresses = ["app-1", "app-2"]
+}
+```
+
+### Internal addresses
+
+```hcl
+module "addresses" {
+  source     = "./modules/net-address"
+  project_id = local.projects.host
+  internal_addresses = {
+    ilb-1      = {
+      region = var.region
+      subnetwork = module.vpc.subnet_self_links["${var.region}-test"]
+    }
+    ilb-2      = {
+      region = var.region
+      subnetwork = module.vpc.subnet_self_links["${var.region}-test"]
+    }
+  }
+  # optional configuration
+  internal_addresses_config = {
+    ilb-1 = {
+      address = null
+      purpose = "SHARED_LOADBALANCER_VIP"
+      tier = null
+    }
   }
 }
 ```
@@ -21,9 +53,8 @@ module "addresses" {
 | project_id | Project where the addresses will be created. | <code title="">string</code> | ✓ |  |
 | *external_addresses* | Map of external address regions, keyed by name. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *global_addresses* | List of global addresses to create. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
-| *internal_address_addresses* | Optional explicit addresses for internal addresses, keyed by name. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
-| *internal_address_tiers* | Optional network tiers for internal addresses, keyed by name. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *internal_addresses* | Map of internal addresses to create, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;region     &#61; string&#10;subnetwork &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
+| *internal_addresses_config* | Optional configuration for internal addresses, keyed by name. Unused options can be set to null. | <code title="map&#40;object&#40;&#123;&#10;address &#61; string&#10;purpose &#61; string&#10;tier    &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
 
 ## Outputs
 
diff --git a/modules/net-address/main.tf b/modules/net-address/main.tf
index b752f2aa..ae43174e 100644
--- a/modules/net-address/main.tf
+++ b/modules/net-address/main.tf
@@ -31,6 +31,7 @@ resource "google_compute_address" "external" {
 }
 
 resource "google_compute_address" "internal" {
+  provider     = google-beta
   for_each     = var.internal_addresses
   project      = var.project_id
   name         = each.key
@@ -38,7 +39,8 @@ resource "google_compute_address" "internal" {
   address_type = "INTERNAL"
   region       = each.value.region
   subnetwork   = each.value.subnetwork
-  address      = lookup(var.internal_address_addresses, each.key, null)
-  network_tier = lookup(var.internal_address_tiers, each.key, null)
+  address      = try(var.internal_addresses_config[each.key].address, null)
+  network_tier = try(var.internal_addresses_config[each.key].tier, null)
+  purpose      = try(var.internal_addresses_config[each.key].purpose, null)
   # labels       = lookup(var.internal_address_labels, each.key, {})
 }
diff --git a/modules/net-address/outputs.tf b/modules/net-address/outputs.tf
index 7d26158a..188e88c1 100644
--- a/modules/net-address/outputs.tf
+++ b/modules/net-address/outputs.tf
@@ -31,7 +31,6 @@ output "global_addresses" {
     address.name => {
       address   = address.address
       self_link = address.self_link
-      status    = address.status
     }
   }
 }
diff --git a/modules/net-address/variables.tf b/modules/net-address/variables.tf
index 02b85f68..e5eda945 100644
--- a/modules/net-address/variables.tf
+++ b/modules/net-address/variables.tf
@@ -41,16 +41,14 @@ variable "internal_addresses" {
   default = {}
 }
 
-variable "internal_address_addresses" {
-  description = "Optional explicit addresses for internal addresses, keyed by name."
-  type        = map(string)
-  default     = {}
-}
-
-variable "internal_address_tiers" {
-  description = "Optional network tiers for internal addresses, keyed by name."
-  type        = map(string)
-  default     = {}
+variable "internal_addresses_config" {
+  description = "Optional configuration for internal addresses, keyed by name. Unused options can be set to null."
+  type = map(object({
+    address = string
+    purpose = string
+    tier    = string
+  }))
+  default = {}
 }
 
 # variable "internal_address_labels" {
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index ce6918e0..ef2d3464 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -16,4 +16,7 @@
 
 terraform {
   required_version = ">= 0.12.6"
+  required_providers {
+    google-beta = "~> 3.28.0"
+  }
 }
diff --git a/tests/modules/net_address/__init__.py b/tests/modules/net_address/__init__.py
new file mode 100644
index 00000000..6913f02e
--- /dev/null
+++ b/tests/modules/net_address/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/modules/net_address/fixture/main.tf b/tests/modules/net_address/fixture/main.tf
new file mode 100644
index 00000000..e10bf7d2
--- /dev/null
+++ b/tests/modules/net_address/fixture/main.tf
@@ -0,0 +1,24 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source                    = "../../../../modules/net-address"
+  external_addresses        = var.external_addresses
+  global_addresses          = var.global_addresses
+  internal_addresses        = var.internal_addresses
+  internal_addresses_config = var.internal_addresses_config
+  project_id                = var.project_id
+}
diff --git a/tests/modules/net_address/fixture/outputs.tf b/tests/modules/net_address/fixture/outputs.tf
new file mode 100644
index 00000000..77b8211f
--- /dev/null
+++ b/tests/modules/net_address/fixture/outputs.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "module" {
+  value = module.test
+}
diff --git a/tests/modules/net_address/fixture/variables.tf b/tests/modules/net_address/fixture/variables.tf
new file mode 100644
index 00000000..9d350819
--- /dev/null
+++ b/tests/modules/net_address/fixture/variables.tf
@@ -0,0 +1,47 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "external_addresses" {
+  type    = map(string)
+  default = {}
+}
+
+variable "global_addresses" {
+  type    = list(string)
+  default = []
+}
+
+variable "internal_addresses" {
+  type = map(object({
+    region     = string
+    subnetwork = string
+  }))
+  default = {}
+}
+
+variable "internal_addresses_config" {
+  type = map(object({
+    address = string
+    purpose = string
+    tier    = string
+  }))
+  default = {}
+}
+
+variable "project_id" {
+  type    = string
+  default = "my-project"
+}
diff --git a/tests/modules/net_address/test_plan.py b/tests/modules/net_address/test_plan.py
new file mode 100644
index 00000000..968f05dc
--- /dev/null
+++ b/tests/modules/net_address/test_plan.py
@@ -0,0 +1,70 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_external_addresses(plan_runner):
+  addresses = '{one = "europe-west1", two = "europe-west2"}'
+  _, resources = plan_runner(FIXTURES_DIR, external_addresses=addresses)
+  assert [r['values']['name'] for r in resources] == ['one', 'two']
+  assert set(r['values']['address_type']
+             for r in resources) == set(['EXTERNAL'])
+  assert [r['values']['region']
+          for r in resources] == ['europe-west1', 'europe-west2']
+
+
+def test_global_addresses(plan_runner):
+  _, resources = plan_runner(FIXTURES_DIR, global_addresses='["one", "two"]')
+  assert [r['values']['name'] for r in resources] == ['one', 'two']
+  assert set(r['values']['address_type'] for r in resources) == set([None])
+
+
+def test_internal_addresses(plan_runner):
+  addresses = (
+      '{one = {region = "europe-west1", subnetwork = "foobar"}, '
+      'two = {region = "europe-west2", subnetwork = "foobarz"}}'
+  )
+  _, resources = plan_runner(FIXTURES_DIR, internal_addresses=addresses)
+  assert [r['values']['name'] for r in resources] == ['one', 'two']
+  assert set(r['values']['address_type']
+             for r in resources) == set(['INTERNAL'])
+  assert [r['values']['region']
+          for r in resources] == ['europe-west1', 'europe-west2']
+
+
+def test_internal_addresses_config(plan_runner):
+  addresses = (
+      '{one = {region = "europe-west1", subnetwork = "foobar"}, '
+      'two = {region = "europe-west2", subnetwork = "foobarz"}}'
+  )
+  config = (
+      '{one = {address = "10.0.0.2", purpose = "SHARED_LOADBALANCER_VIP", '
+      'tier=null}}'
+  )
+  _, resources = plan_runner(FIXTURES_DIR,
+                             internal_addresses=addresses,
+                             internal_addresses_config=config)
+  assert [r['values']['name'] for r in resources] == ['one', 'two']
+  assert set(r['values']['address_type']
+             for r in resources) == set(['INTERNAL'])
+  assert [r['values'].get('address')
+          for r in resources] == ['10.0.0.2', None]
+  assert [r['values'].get('purpose')
+          for r in resources] == ['SHARED_LOADBALANCER_VIP', None]

From c1b3459fd7bbd600314b858ef5f96e885e0cb51f Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Sep 2020 18:52:15 +0200
Subject: [PATCH 20/25] Update CHANGELOG.md

---
 CHANGELOG.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e13d944b..69d95ec9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,9 +3,14 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
-- Fix GCS2BQ (issue: 128)
+
+## [3.3.0] - 2020-09-01
+
+- remove extra readers in `gcs-to-bq-with-dataflow` example (issue: 128)
 - make VPC creation optional in `net-vpc` module to allow managing a pre-existing VPC
+- make HA VPN gateway creation optional in `net-vpn-ha` module
 - add retention_policy in `gcs` module
+- refactor `net-address` module variables, and add support for internal address `purpose`
 
 ## [3.2.0] - 2020-08-29
 
@@ -184,7 +189,8 @@ All notable changes to this project will be documented in this file.
 
 - merge development branch with suite of new modules and end-to-end examples
 
-[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.2.0...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.3.0...HEAD
+[3.3.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.2.0...v3.3.0
 [3.2.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.1...v3.2.0
 [3.1.1]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.1.0...v3.1.1
 [3.1.0]: https://github.com/terraform-google-modules/cloud-foundation-fabric/compare/v3.0.0...v3.1.0

From e8c227fdd616a125df48ffbf1d68d9820b3de5e9 Mon Sep 17 00:00:00 2001
From: vanessabodard-voi <63779321+vanessabodard-voi@users.noreply.github.com>
Date: Thu, 3 Sep 2020 19:06:35 +0200
Subject: [PATCH 21/25] Add bucket logging (#134)

* Add logging

* Improve syntax

* Add example

* Improve type for retention policy
---
 modules/gcs/README.md    | 10 ++++++++--
 modules/gcs/main.tf      | 11 ++++++++++-
 modules/gcs/variables.tf | 14 +++++++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index d5f793f5..fdba89e6 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -73,7 +73,12 @@ module "buckets" {
 
   retention_policies = {
     bucket-one = { retention_period = 100 , is_locked = true}
-    bucket-two = { retention_period = 900 }
+    bucket-two = { retention_period = 900 , is_locked = false}
+  }
+
+  logging_config = {
+    bucket-one = { log_bucket = bucket_name_for_logging , log_object_prefix = null}
+    bucket-two = { log_bucket = bucket_name_for_logging , log_object_prefix = "logs_for_bucket_two"}
   }
 }
 ```
@@ -92,8 +97,9 @@ module "buckets" {
 | *iam_roles* | IAM roles keyed by bucket name. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *labels* | Labels to be attached to all buckets. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *location* | Bucket location. | <code title="">string</code> |  | <code title="">EU</code> |
+| *logging* | Per-bucket logging. | <code title="map&#40;map&#40;string&#41;&#41;">map(object)</code> |  | <code title="">{}</code> |
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
-| *retention_policies* | Per-bucket retention policy. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> |  | <code title="">{}</code> |
+| *retention_policies* | Per-bucket retention policy. | <code title="map&#40;map&#40;string&#41;&#41;">map(object)</code> |  | <code title="">{}</code> |
 | *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
 | *versioning* | Optional map to set versioning keyed by name, defaults to false. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index d2d8616a..44feda5f 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -38,6 +38,7 @@ locals {
   )
   kms_keys = { for name in var.names : name => lookup(var.encryption_keys, name, null) }
   retention_policy = { for name in var.names : name => lookup(var.retention_policies, name, null) }
+  logging_config = { for name in var.names : name => lookup(var.logging_config, name, null) }
 }
 
 resource "google_storage_bucket" "buckets" {
@@ -69,7 +70,15 @@ resource "google_storage_bucket" "buckets" {
     for_each = local.retention_policy[each.key] == null ? [] : [""]
     content {
       retention_period = local.retention_policy[each.key]["retention_period"]
-      is_locked = lookup(local.retention_policy[each.key], "is_locked", false)
+      is_locked = local.retention_policy[each.key]["is_locked"]
+    }
+  }
+
+  dynamic logging {
+    for_each = local.logging_config[each.key] == null ? [] : [""]
+    content {
+      log_bucket = local.logging_config[each.key]["log_bucket"]
+      log_object_prefix = local.logging_config[each.key]["log_object_prefix"]
     }
   }
 }
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index c3e3360f..79038165 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -86,6 +86,18 @@ variable "versioning" {
 
 variable "retention_policies" {
   description = "Per-bucket retention policy."
-  type        = map(map(string))
+  type = map(object({
+  		retention_period = number
+		is_locked        = bool
+	}))
+  default     = {}
+}
+
+variable "logging_config" {
+  description = "Per-bucket logging."
+  type = map(object({
+  		log_bucket = string
+  		log_object_prefix = string
+	}))
   default     = {}
 }

From 9e32b32b3db6f5b8833af9d2606fb1a2d7f7ad40 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 3 Sep 2020 19:08:29 +0200
Subject: [PATCH 22/25] reformat GCS module and update README

---
 modules/gcs/README.md    |  4 ++--
 modules/gcs/main.tf      | 16 +++++++++++-----
 modules/gcs/variables.tf | 16 ++++++++--------
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index fdba89e6..627ce93a 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -97,9 +97,9 @@ module "buckets" {
 | *iam_roles* | IAM roles keyed by bucket name. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *labels* | Labels to be attached to all buckets. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *location* | Bucket location. | <code title="">string</code> |  | <code title="">EU</code> |
-| *logging* | Per-bucket logging. | <code title="map&#40;map&#40;string&#41;&#41;">map(object)</code> |  | <code title="">{}</code> |
+| *logging_config* | Per-bucket logging. | <code title="map&#40;object&#40;&#123;&#10;log_bucket        &#61; string&#10;log_object_prefix &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
-| *retention_policies* | Per-bucket retention policy. | <code title="map&#40;map&#40;string&#41;&#41;">map(object)</code> |  | <code title="">{}</code> |
+| *retention_policies* | Per-bucket retention policy. | <code title="map&#40;object&#40;&#123;&#10;retention_period &#61; number&#10;is_locked        &#61; bool&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
 | *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
 | *versioning* | Optional map to set versioning keyed by name, defaults to false. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index 44feda5f..92a84107 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -36,9 +36,15 @@ locals {
     ? ""
     : join("-", [var.prefix, lower(var.location), ""])
   )
-  kms_keys = { for name in var.names : name => lookup(var.encryption_keys, name, null) }
-  retention_policy = { for name in var.names : name => lookup(var.retention_policies, name, null) }
-  logging_config = { for name in var.names : name => lookup(var.logging_config, name, null) }
+  kms_keys = {
+    for name in var.names : name => lookup(var.encryption_keys, name, null)
+  }
+  retention_policy = {
+    for name in var.names : name => lookup(var.retention_policies, name, null)
+  }
+  logging_config = {
+    for name in var.names : name => lookup(var.logging_config, name, null)
+  }
 }
 
 resource "google_storage_bucket" "buckets" {
@@ -70,14 +76,14 @@ resource "google_storage_bucket" "buckets" {
     for_each = local.retention_policy[each.key] == null ? [] : [""]
     content {
       retention_period = local.retention_policy[each.key]["retention_period"]
-      is_locked = local.retention_policy[each.key]["is_locked"]
+      is_locked        = local.retention_policy[each.key]["is_locked"]
     }
   }
 
   dynamic logging {
     for_each = local.logging_config[each.key] == null ? [] : [""]
     content {
-      log_bucket = local.logging_config[each.key]["log_bucket"]
+      log_bucket        = local.logging_config[each.key]["log_bucket"]
       log_object_prefix = local.logging_config[each.key]["log_object_prefix"]
     }
   }
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index 79038165..5ea231b2 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -87,17 +87,17 @@ variable "versioning" {
 variable "retention_policies" {
   description = "Per-bucket retention policy."
   type = map(object({
-  		retention_period = number
-		is_locked        = bool
-	}))
-  default     = {}
+    retention_period = number
+    is_locked        = bool
+  }))
+  default = {}
 }
 
 variable "logging_config" {
   description = "Per-bucket logging."
   type = map(object({
-  		log_bucket = string
-  		log_object_prefix = string
-	}))
-  default     = {}
+    log_bucket        = string
+    log_object_prefix = string
+  }))
+  default = {}
 }

From 120e1be1d9c13b3af4f8922a3109201ac2d811cf Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 3 Sep 2020 19:19:41 +0200
Subject: [PATCH 23/25] extend gcs module tests to cover new variables

---
 modules/gcs/variables.tf               | 36 +++++++++++++-------------
 tests/modules/gcs/fixture/main.tf      | 10 ++++---
 tests/modules/gcs/fixture/variables.tf | 25 ++++++++++++++++++
 tests/modules/gcs/test_plan.py         | 12 +++++++++
 4 files changed, 61 insertions(+), 22 deletions(-)

diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index 5ea231b2..bd84dfc7 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -56,6 +56,15 @@ variable "location" {
   default     = "EU"
 }
 
+variable "logging_config" {
+  description = "Per-bucket logging."
+  type = map(object({
+    log_bucket        = string
+    log_object_prefix = string
+  }))
+  default = {}
+}
+
 variable "names" {
   description = "Bucket name suffixes."
   type        = list(string)
@@ -72,6 +81,15 @@ variable "project_id" {
   type        = string
 }
 
+variable "retention_policies" {
+  description = "Per-bucket retention policy."
+  type = map(object({
+    retention_period = number
+    is_locked        = bool
+  }))
+  default = {}
+}
+
 variable "storage_class" {
   description = "Bucket storage class."
   type        = string
@@ -83,21 +101,3 @@ variable "versioning" {
   type        = map(bool)
   default     = {}
 }
-
-variable "retention_policies" {
-  description = "Per-bucket retention policy."
-  type = map(object({
-    retention_period = number
-    is_locked        = bool
-  }))
-  default = {}
-}
-
-variable "logging_config" {
-  description = "Per-bucket logging."
-  type = map(object({
-    log_bucket        = string
-    log_object_prefix = string
-  }))
-  default = {}
-}
diff --git a/tests/modules/gcs/fixture/main.tf b/tests/modules/gcs/fixture/main.tf
index c0f4b4cb..00303368 100644
--- a/tests/modules/gcs/fixture/main.tf
+++ b/tests/modules/gcs/fixture/main.tf
@@ -17,12 +17,14 @@
 module "test" {
   source             = "../../../../modules/gcs"
   project_id         = "my-project"
-  names              = ["bucket-a", "bucket-b"]
-  prefix             = var.prefix
+  bucket_policy_only = var.bucket_policy_only
+  force_destroy      = var.force_destroy
   iam_members        = var.iam_members
   iam_roles          = var.iam_roles
   labels             = var.labels
-  bucket_policy_only = var.bucket_policy_only
-  force_destroy      = var.force_destroy
+  logging_config     = var.logging_config
+  names              = ["bucket-a", "bucket-b"]
+  prefix             = var.prefix
+  retention_policies = var.retention_policies
   versioning         = var.versioning
 }
diff --git a/tests/modules/gcs/fixture/variables.tf b/tests/modules/gcs/fixture/variables.tf
index 08e95396..ac8da00b 100644
--- a/tests/modules/gcs/fixture/variables.tf
+++ b/tests/modules/gcs/fixture/variables.tf
@@ -39,11 +39,36 @@ variable "labels" {
   default = { environment = "test" }
 }
 
+variable "logging_config" {
+  type = map(object({
+    log_bucket        = string
+    log_object_prefix = string
+  }))
+  default = {
+    bucket-a = { log_bucket = "foo", log_object_prefix = null }
+  }
+}
+
 variable "prefix" {
   type    = string
   default = null
 }
 
+variable "project_id" {
+  type    = string
+  default = "my-project"
+}
+
+variable "retention_policies" {
+  type = map(object({
+    retention_period = number
+    is_locked        = bool
+  }))
+  default = {
+    bucket-b = { retention_period = 5, is_locked = false }
+  }
+}
+
 variable "storage_class" {
   type    = string
   default = "MULTI_REGIONAL"
diff --git a/tests/modules/gcs/test_plan.py b/tests/modules/gcs/test_plan.py
index c2a59343..536aae97 100644
--- a/tests/modules/gcs/test_plan.py
+++ b/tests/modules/gcs/test_plan.py
@@ -55,6 +55,18 @@ def test_map_values(plan_runner):
   assert versioning == {
       'bucket-a': [{'enabled': True}], 'bucket-b': [{'enabled': False}]
   }
+  logging_config = dict((r['values']['name'], r['values']['logging'])
+                        for r in resources)
+  assert logging_config == {
+      'bucket-a': [{'log_bucket': 'foo'}],
+      'bucket-b': []
+  }
+  retention_policies = dict((r['values']['name'], r['values']['retention_policy'])
+                            for r in resources)
+  assert retention_policies == {
+      'bucket-a': [],
+      'bucket-b': [{'is_locked': False, 'retention_period': 5}]
+  }
   for r in resources:
     assert r['values']['labels'] == {
         'environment': 'test', 'location': 'eu',

From 0eaeea6251e2b9583998f5de9b558e39ff6cc6ad Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 3 Sep 2020 19:23:09 +0200
Subject: [PATCH 24/25] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69d95ec9..2e8f9949 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- add support for logging and better type for the `retention_policies` variable in `gcs` module
+
 ## [3.3.0] - 2020-09-01
 
 - remove extra readers in `gcs-to-bq-with-dataflow` example (issue: 128)

From 435d64d81a105a1aecfa5db01c01641715f7e71a Mon Sep 17 00:00:00 2001
From: vanessabodard-voi <63779321+vanessabodard-voi@users.noreply.github.com>
Date: Tue, 15 Sep 2020 19:33:40 +0200
Subject: [PATCH 25/25] Change bucket_policy_only into
 uniform_bucket_level_access in GCS module (#135)

* Change bucket_policy_only into bucket_policy_only

* Update changelog
---
 CHANGELOG.md                           | 1 +
 modules/folders-unit/main.tf           | 2 +-
 modules/gcs/README.md                  | 2 +-
 modules/gcs/main.tf                    | 2 +-
 modules/gcs/variables.tf               | 4 ++--
 tests/modules/gcs/fixture/main.tf      | 2 +-
 tests/modules/gcs/fixture/variables.tf | 2 +-
 tests/modules/gcs/test_plan.py         | 2 +-
 8 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e8f9949..674d323e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [Unreleased]
 
 - add support for logging and better type for the `retention_policies` variable in `gcs` module
+- **incompatible change** deprecate bucket_policy_only in favor of uniform_bucket_level_access in `gcs` module
 
 ## [3.3.0] - 2020-09-01
 
diff --git a/modules/folders-unit/main.tf b/modules/folders-unit/main.tf
index ac012ab3..3034d20f 100644
--- a/modules/folders-unit/main.tf
+++ b/modules/folders-unit/main.tf
@@ -95,7 +95,7 @@ resource "google_storage_bucket" "tfstate" {
   location           = var.gcs_defaults.location
   storage_class      = var.gcs_defaults.storage_class
   force_destroy      = false
-  bucket_policy_only = true
+  uniform_bucket_level_access = true
   versioning {
     enabled = true
   }
diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 627ce93a..672ec12e 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -90,7 +90,7 @@ module "buckets" {
 |---|---|:---: |:---:|:---:|
 | names | Bucket name suffixes. | <code title="list&#40;string&#41;">list(string)</code> | ✓ |  |
 | project_id | Bucket project id. | <code title="">string</code> | ✓ |  |
-| *bucket_policy_only* | Optional map to disable object ACLS keyed by name, defaults to true. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
+| *uniform_bucket_level_access* | Optional map to enable object ACLs keyed by name, defaults to true. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *encryption_keys* | Per-bucket KMS keys that will be used for encryption. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *force_destroy* | Optional map to set force destroy keyed by name, defaults to false. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *iam_members* | IAM members keyed by bucket name and role. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index 92a84107..c93734a6 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -54,7 +54,7 @@ resource "google_storage_bucket" "buckets" {
   location           = var.location
   storage_class      = var.storage_class
   force_destroy      = lookup(var.force_destroy, each.key, false)
-  bucket_policy_only = lookup(var.bucket_policy_only, each.key, true)
+  uniform_bucket_level_access = lookup(var.uniform_bucket_level_access, each.key, true)
   versioning {
     enabled = lookup(var.versioning, each.key, false)
   }
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index bd84dfc7..19ada263 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-variable "bucket_policy_only" {
-  description = "Optional map to disable object ACLS keyed by name, defaults to true."
+variable "uniform_bucket_level_access" {
+  description = "Optional map to allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API)."
   type        = map(bool)
   default     = {}
 }
diff --git a/tests/modules/gcs/fixture/main.tf b/tests/modules/gcs/fixture/main.tf
index 00303368..6275c616 100644
--- a/tests/modules/gcs/fixture/main.tf
+++ b/tests/modules/gcs/fixture/main.tf
@@ -17,7 +17,7 @@
 module "test" {
   source             = "../../../../modules/gcs"
   project_id         = "my-project"
-  bucket_policy_only = var.bucket_policy_only
+  uniform_bucket_level_access = var.uniform_bucket_level_access
   force_destroy      = var.force_destroy
   iam_members        = var.iam_members
   iam_roles          = var.iam_roles
diff --git a/tests/modules/gcs/fixture/variables.tf b/tests/modules/gcs/fixture/variables.tf
index ac8da00b..f79485f8 100644
--- a/tests/modules/gcs/fixture/variables.tf
+++ b/tests/modules/gcs/fixture/variables.tf
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-variable "bucket_policy_only" {
+variable "uniform_bucket_level_access" {
   type    = map(bool)
   default = { bucket-a = false }
 }
diff --git a/tests/modules/gcs/test_plan.py b/tests/modules/gcs/test_plan.py
index 536aae97..051eb042 100644
--- a/tests/modules/gcs/test_plan.py
+++ b/tests/modules/gcs/test_plan.py
@@ -44,7 +44,7 @@ def test_prefix(plan_runner):
 def test_map_values(plan_runner):
   "Test that map values set the correct attributes on buckets."
   _, resources = plan_runner(FIXTURES_DIR)
-  bpo = dict((r['values']['name'], r['values']['bucket_policy_only'])
+  bpo = dict((r['values']['name'], r['values']['uniform_bucket_level_access'])
              for r in resources)
   assert bpo == {'bucket-a': False, 'bucket-b': True}
   force_destroy = dict((r['values']['name'], r['values']['force_destroy'])