From 8a7dda94b2821aade7deadae9d417a3fda95405f Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 13:19:07 +0100
Subject: [PATCH 01/10] Update README.md

---
 fast/stages/00-bootstrap/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md
index 52e6ef271..64c306626 100644
--- a/fast/stages/00-bootstrap/README.md
+++ b/fast/stages/00-bootstrap/README.md
@@ -190,7 +190,9 @@ Below is the outline of the output files generated by this stage:
 
 ### Running the stage
 
-The first `apply` run as a user needs a special runtime variable, so that the user roles are preserved when setting IAM bindings:
+Before running `init` and `apply`, check your environment so no extra variables that might influence authentication are present (e.g. `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT`). In general, you should use user application credentials, and FAST will then take care to provision autmoation identities and configure impersonation for you.
+
+When running the first `apply` as a user, you need to pass a special runtime variable so that the user roles are preserved when setting IAM bindings.
 
 ```bash
 terraform init

From c727abfa3b971197b83d606ba53fc5b7e547216f Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 13:20:19 +0100
Subject: [PATCH 02/10] Update README.md

---
 fast/stages/00-bootstrap/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md
index 64c306626..cf91f7725 100644
--- a/fast/stages/00-bootstrap/README.md
+++ b/fast/stages/00-bootstrap/README.md
@@ -190,7 +190,7 @@ Below is the outline of the output files generated by this stage:
 
 ### Running the stage
 
-Before running `init` and `apply`, check your environment so no extra variables that might influence authentication are present (e.g. `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT`). In general, you should use user application credentials, and FAST will then take care to provision autmoation identities and configure impersonation for you.
+Before running `init` and `apply`, check your environment so no extra variables that might influence authentication are present (e.g. `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT`). In general you should use user application credentials, and FAST will then take care to provision automation identities and configure impersonation for you.
 
 When running the first `apply` as a user, you need to pass a special runtime variable so that the user roles are preserved when setting IAM bindings.
 

From 6e896382d6112eafbbdf479d0c4212a551fbad9f Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Tue, 1 Feb 2022 18:12:57 +0100
Subject: [PATCH 03/10] Fix READMEs. (#484)

* Fix READMEs.

* fix outputs location paths in READMEs

* fix output location paths in READMEs

* Update README.md

* Update README.md

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 fast/stages/00-bootstrap/README.md            |  8 +-
 fast/stages/01-resman/README.md               | 10 ++-
 fast/stages/02-networking/README.md           | 12 +--
 fast/stages/02-security/README.md             | 12 +--
 fast/stages/03-project-factory/prod/README.md | 74 +++++++++----------
 5 files changed, 61 insertions(+), 55 deletions(-)

diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md
index cf91f7725..c9b0fa714 100644
--- a/fast/stages/00-bootstrap/README.md
+++ b/fast/stages/00-bootstrap/README.md
@@ -162,7 +162,7 @@ At any time during the life of this stage, you can configure it to automatically
 Automatic generation of files is disabled by default. To enable the mechanism,  set the `outputs_location` variable to a valid path on a local filesystem, e.g.
 
 ```hcl
-outputs_location = "../../configs"
+outputs_location = "../../config"
 ```
 
 Once the variable is set, `apply` will generate and manage providers and variables files, including the initial one used for this stage after the first run. You can then link these files in the relevant stages, instead of manually transfering outputs from one stage, to Terraform variables in another.
@@ -203,13 +203,15 @@ terraform apply \
 Once the initial `apply` completes successfully, configure a remote backend using the new GCS bucket, and impersonation on the automation service account for this stage. To do this, you can use the generated `providers.tf` file if you have configured output files as described above, or extract its contents from Terraform's output, then migrate state with `terraform init`:
 
 ```bash
-# if using output files via the outputs_location variable
-ln -s [path set in outputs_location]/00-bootstrap/* ./
+# if using output files via the outputs_location and set to `../../config`
+ln -s ../../config/00-bootstrap/* ./
 # or from outputs if not using output files
 terraform output -json providers | jq -r '.["00-bootstrap"]' \
   > providers.tf
 # migrate state to GCS bucket configured in providers file
 terraform init -migrate-state
+# run terraform apply to remo user iam binding 
+terraform apply
 ```
 
 ## Customizations
diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md
index 098c65062..50f8edaf5 100644
--- a/fast/stages/01-resman/README.md
+++ b/fast/stages/01-resman/README.md
@@ -53,8 +53,8 @@ To simplify setup, the previous stage pre-configures a valid providers file in i
 If you have set a valid value for `outputs_location` in the bootstrap stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/01-resman/providers.tf
+# `outputs_location` is set to `../../config`
+ln -s ../../config/01-resman/providers.tf
 ```
 
 If you have not configured `outputs_location` in bootstrap, you can derive the providers file from that stage's outputs:
@@ -65,6 +65,8 @@ terraform output -json providers | jq -r '.["01-resman"]' \
   > ../01-resman/providers.tf
 ```
 
+If you want to continue to rely on `outputs_location` logic, create a `terraform.tfvars` file and configure it as deacribed [here](../00-bootstrap/#output-files-and-cross-stage-variables).
+
 ### Variable configuration
 
 There are two broad sets of variables you will need to fill in:
@@ -77,8 +79,8 @@ To avoid the tedious job of filling in the first group of variable with values d
 If you configured a valid path for `outputs_location` in the bootstrap stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's outputs folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is avalaible:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/01-resman/terraform-bootstrap.auto.tfvars.json
+# `outputs_location` is set to `../../config`
+ln -s ../../config/01-resman/terraform-bootstrap.auto.tfvars.json
 ```
 
 A second set of variables is specific to this stage, they are all optional so if you need to customize them, create an extra `terraform.tfvars` file.
diff --git a/fast/stages/02-networking/README.md b/fast/stages/02-networking/README.md
index 3f9854758..f655a1740 100644
--- a/fast/stages/02-networking/README.md
+++ b/fast/stages/02-networking/README.md
@@ -136,8 +136,8 @@ To simplify setup, the previous stage pre-configures a valid providers file in i
 If you have set a valid value for `outputs_location` in the bootstrap stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/02-networking/providers.tf
+# `outputs_location` is set to `../../config`
+ln -s ../../config/02-networking/providers.tf
 ```
 
 If you have not configured `outputs_location` in bootstrap, you can derive the providers file from that stage's outputs:
@@ -160,11 +160,13 @@ To avoid the tedious job of filling in the first group of variables with values
 If you have set a valid value for `outputs_location` in the bootstrap and in the resman stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's folder in the path you specified, where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is available:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/02-networking/terraform-bootstrap.auto.tfvars.json
-ln -s ../../configs/example/02-networking/terraform-resman.auto.tfvars.json
+# `outputs_location` is set to `../../config`
+ln -s ../../config/02-networking/terraform-bootstrap.auto.tfvars.json
+ln -s ../../config/02-networking/terraform-resman.auto.tfvars.json
 ```
 
+If you want to continue to rely on `outputs_location` logic, create a `terraform.tfvars` file and configure it as deacribed [here](../00-bootstrap/#output-files-and-cross-stage-variables).
+
 Please refer to the [Variables](#variables) table below for a map of the variable origins, and to the sections below on how to adapt this stage to your networking configuration.
 
 ### VPCs
diff --git a/fast/stages/02-security/README.md b/fast/stages/02-security/README.md
index 36797f2f1..621db3e98 100644
--- a/fast/stages/02-security/README.md
+++ b/fast/stages/02-security/README.md
@@ -57,8 +57,8 @@ To simplify setup, the previous stage pre-configures a valid providers file in i
 If you have set a valid value for `outputs_location` in the resource management stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/02-security/providers.tf
+# `outputs_location` is set to `../../config`
+ln -s ../../config/02-security/providers.tf
 ```
 
 If you have not configured `outputs_location` in resource management, you can derive the providers file from that stage's outputs:
@@ -69,6 +69,8 @@ terraform output -json providers | jq -r '.["02-security"]' \
   > ../02-security/providers.tf
 ```
 
+If you want to continue to rely on `outputs_location` logic, create a `terraform.tfvars` file and configure it as deacribed [here](../00-bootstrap/#output-files-and-cross-stage-variables).
+
 ### Variable configuration
 
 There are two broad sets of variables you will need to fill in:
@@ -81,9 +83,9 @@ To avoid the tedious job of filling in the first group of variables with values
 If you configured a valid path for `outputs_location` in the previous stages, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's output folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, two `.tfvars` files are available:
 
 ```bash
-# `outputs_location` is set to `../../configs/example`
-ln -s ../../configs/example/02-security/terraform-bootstrap.auto.tfvars.json
-ln -s ../../configs/example/02-security/terraform-resman.auto.tfvars.json
+# `outputs_location` is set to `../../config`
+ln -s ../../config/02-security/terraform-bootstrap.auto.tfvars.json
+ln -s ../../config/02-security/terraform-resman.auto.tfvars.json
 ```
 
 A second set of optional variables is specific to this stage. If you need to customize them, create an extra `terraform.tfvars` file.
diff --git a/fast/stages/03-project-factory/prod/README.md b/fast/stages/03-project-factory/prod/README.md
index 34f9be88a..70b6cfce6 100644
--- a/fast/stages/03-project-factory/prod/README.md
+++ b/fast/stages/03-project-factory/prod/README.md
@@ -15,51 +15,50 @@ Projects for each environment across different teams are created by dedicated se
 
 The project factory takes care of the following activities:
 
-* Project creation
-* API/Services enablement
-* Service accounts creation
-* IAM roles assignment for groups and service accounts
-* KMS keys roles assignment
-* Shared VPC attachment and subnets IAM binding
-* DNS zones creation and visibility configuration
-* Project-level org policies definition
-* Billing setup (billing account attachment and budget configuration)
-* Essential contacts definition (for [budget alerts](https://cloud.google.com/billing/docs/how-to/budgets) and [important notifications](https://cloud.google.com/resource-manager/docs/managing-notification-contacts?hl=en))
+- Project creation
+- API/Services enablement
+- Service accounts creation
+- IAM roles assignment for groups and service accounts
+- KMS keys roles assignment
+- Shared VPC attachment and subnets IAM binding
+- DNS zones creation and visibility configuration
+- Project-level org policies definition
+- Billing setup (billing account attachment and budget configuration)
+- Essential contacts definition (for [budget alerts](https://cloud.google.com/billing/docs/how-to/budgets) and [important notifications](https://cloud.google.com/resource-manager/docs/managing-notification-contacts?hl=en))
   
-
 ## How to run this stage
 
 This stage is meant to be executed after "foundational stages" (i.e., stages [`00-bootstrap`](../../00-bootstrap), [`01-resman`](../../01-resman), [`02-networking`](../../02-networking) and [`02-security`](../../02-security)) have been run.
 
 It's of course possible to run this stage in isolation, by making sure the architectural prerequisites are satisfied (e.g., networking), and that the Service Account running the stage is granted the roles/permissions below:
 
-* One service account per environment, each with appropriate permissions
-  * at the organization level a custom role for networking operations including the following permissions
-    * `"compute.organizations.enableXpnResource"`,
-    * `"compute.organizations.disableXpnResource"`,
-    * `"compute.subnetworks.setIamPolicy"`,
-    * `"dns.networks.bindPrivateDNSZone"`
-    * and role `"roles/orgpolicy.policyAdmin"`
-  * on each folder where projects are created
-    * `"roles/logging.admin"` 
-    * `"roles/owner"` 
-    * `"roles/resourcemanager.folderAdmin"` 
-    * `"roles/resourcemanager.projectCreator"`
-  * on the host project for the Shared VPC
-    * `"roles/browser"`       
-    * `"roles/compute.viewer"`
-    * `"roles/dns.admin"`     
-* If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects
-* If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.)
+- One service account per environment, each with appropriate permissions
+  - at the organization level a custom role for networking operations including the following permissions
+    - `"compute.organizations.enableXpnResource"`,
+    - `"compute.organizations.disableXpnResource"`,
+    - `"compute.subnetworks.setIamPolicy"`,
+    - `"dns.networks.bindPrivateDNSZone"`
+    - and role `"roles/orgpolicy.policyAdmin"`
+  - on each folder where projects are created
+    - `"roles/logging.admin"`
+    - `"roles/owner"`
+    - `"roles/resourcemanager.folderAdmin"`
+    - `"roles/resourcemanager.projectCreator"`
+  - on the host project for the Shared VPC
+    - `"roles/browser"`
+    - `"roles/compute.viewer"`
+    - `"roles/dns.admin"`
+- If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects
+- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.)
 
 ### Providers configuration
 
 If you're running this on top of Fast, you should run the following commands to create the providers file, and populate the required variables from the previous stage.
 
 ```bash
-# Variable `outputs_location` is set to `../../configs/example` in stage 01-resman
+# Variable `outputs_location` is set to `../../config` in stage 01-resman
 $ cd fabric-fast/stages/03-project-factory/prod
-ln -s ../../../configs/example/03-project-factory-prod/providers.tf
+ln -s ../../../config/03-project-factory-prod/providers.tf
 ```
 
 ### Variable configuration
@@ -74,18 +73,17 @@ To avoid the tedious job of filling in the first group of variables with values
 If you configured a valid path for `outputs_location` in the bootstrap and networking stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's outputs folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is available:
 
 ```bash
-# Variable `outputs_location` is set to `../../configs/example` in stages 01-bootstrap and 02-networking
-ln -s ../../../configs/example/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json
-ln -s ../../../configs/example/03-project-factory-prod/terraform-networking.auto.tfvars.json
+# Variable `outputs_location` is set to `../../config` in stages 01-bootstrap and 02-networking
+ln -s ../../../config/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json
+ln -s ../../../config/03-project-factory-prod/terraform-networking.auto.tfvars.json
 ```
 
 If you're not using Fast, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning.
 
-Besides the values above, a project factory takes 2 additional inputs: 
+Besides the values above, a project factory takes 2 additional inputs:
 
-* `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels. 
-
-* `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`.
+- `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels.
+- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`.
 
 Once the configuration is complete, run the project factory by running
 

From b0d32af600dc49660e25c2c4932193e22c2f7828 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 18:32:47 +0100
Subject: [PATCH 04/10] Experimental module to derive DNS inbound policy
 addresses (#482)

* first version

* add README
---
 .../net-dns-policy-address/README.md          | 35 +++++++++++++++++++
 .../net-dns-policy-address/main.tf            | 35 +++++++++++++++++++
 .../net-dns-policy-address/outputs.tf         | 31 ++++++++++++++++
 .../net-dns-policy-address/variables.tf       | 27 ++++++++++++++
 4 files changed, 128 insertions(+)
 create mode 100644 modules/__experimental/net-dns-policy-address/README.md
 create mode 100644 modules/__experimental/net-dns-policy-address/main.tf
 create mode 100644 modules/__experimental/net-dns-policy-address/outputs.tf
 create mode 100644 modules/__experimental/net-dns-policy-address/variables.tf

diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental/net-dns-policy-address/README.md
new file mode 100644
index 000000000..bf345a9b5
--- /dev/null
+++ b/modules/__experimental/net-dns-policy-address/README.md
@@ -0,0 +1,35 @@
+# Google Cloud DNS Inbound Policy Addresses
+
+This module allows discovering the addresses reserved in subnets when [DNS Inbound Policies](https://cloud.google.com/dns/docs/policies) are configured.
+
+Since it's currently impossible to fetch those addresses using a GCP data source (see [this issue](https://github.com/hashicorp/terraform-provider-google/issues/3753) for more details), the workaround used here is to derive the authorization token from the Google provider, and do a direct HTTP call to the Compute API.
+
+## Examples
+
+```hcl
+module "dns-policy-addresses" {
+  source          = "./modules/_experimental/net-dns-policy-addresses"
+  project_id      = "myproject"
+  regions = ["europe-west1", "europe-west3"]
+}
+# tftest skip
+```
+
+The output is a map with lists of addresses of type `DNS_RESOLVER` for each region specified in variables.
+
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [project_id](variables.tf#L17) | Project id. | <code>string</code> | ✓ |  |
+| [regions](variables.tf#L22) | Regions to fetch addresses from. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#34;europe-west1&#34;&#93;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [addresses](outputs.tf#L24) | DNS inbound policy addresses per region. |  |
+
+<!-- END TFDOC -->
diff --git a/modules/__experimental/net-dns-policy-address/main.tf b/modules/__experimental/net-dns-policy-address/main.tf
new file mode 100644
index 000000000..1a5079efa
--- /dev/null
+++ b/modules/__experimental/net-dns-policy-address/main.tf
@@ -0,0 +1,35 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  url = format(
+    "https://content-compute.googleapis.com/compute/v1/projects/%s",
+    var.project_id
+  )
+}
+
+data "google_client_config" "current" {
+}
+
+data "http" "addresses" {
+  for_each = toset(var.regions)
+  url      = "${local.url}/regions/${each.key}/addresses?filter=purpose%20%3D%20%22DNS_RESOLVER%22"
+
+  # Optional request headers
+  request_headers = {
+    Authorization = "Bearer ${data.google_client_config.current.access_token}"
+  }
+}
diff --git a/modules/__experimental/net-dns-policy-address/outputs.tf b/modules/__experimental/net-dns-policy-address/outputs.tf
new file mode 100644
index 000000000..d379f2683
--- /dev/null
+++ b/modules/__experimental/net-dns-policy-address/outputs.tf
@@ -0,0 +1,31 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  region_addresses = {
+    for k, v in data.http.addresses : k => try(jsondecode(v.body), {})
+  }
+}
+
+
+output "addresses" {
+  description = "DNS inbound policy addresses per region."
+  value = {
+    for k, v in local.region_addresses : k => [
+      for i in try(v.items, []) : i.address
+    ]
+  }
+}
diff --git a/modules/__experimental/net-dns-policy-address/variables.tf b/modules/__experimental/net-dns-policy-address/variables.tf
new file mode 100644
index 000000000..1b80d160f
--- /dev/null
+++ b/modules/__experimental/net-dns-policy-address/variables.tf
@@ -0,0 +1,27 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "Project id."
+  type        = string
+}
+
+variable "regions" {
+  description = "Regions to fetch addresses from."
+  nullable    = false
+  type        = list(string)
+  default     = ["europe-west1"]
+}

From 9c9f13a81d59449a3c31c8ebdb20536741c67807 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 19:00:47 +0100
Subject: [PATCH 05/10] Update README.md

---
 modules/__experimental/net-dns-policy-address/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental/net-dns-policy-address/README.md
index bf345a9b5..4c61e216c 100644
--- a/modules/__experimental/net-dns-policy-address/README.md
+++ b/modules/__experimental/net-dns-policy-address/README.md
@@ -8,7 +8,7 @@ Since it's currently impossible to fetch those addresses using a GCP data source
 
 ```hcl
 module "dns-policy-addresses" {
-  source          = "./modules/_experimental/net-dns-policy-addresses"
+  source          = "./modules/__experimental/net-dns-policy-addresses"
   project_id      = "myproject"
   regions = ["europe-west1", "europe-west3"]
 }

From c6310173a4a4a154f84d1ca6718cd8a72796b711 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 19:01:08 +0100
Subject: [PATCH 06/10] Update README.md

---
 modules/__experimental/net-dns-policy-address/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental/net-dns-policy-address/README.md
index 4c61e216c..36f9e4e1e 100644
--- a/modules/__experimental/net-dns-policy-address/README.md
+++ b/modules/__experimental/net-dns-policy-address/README.md
@@ -8,9 +8,9 @@ Since it's currently impossible to fetch those addresses using a GCP data source
 
 ```hcl
 module "dns-policy-addresses" {
-  source          = "./modules/__experimental/net-dns-policy-addresses"
-  project_id      = "myproject"
-  regions = ["europe-west1", "europe-west3"]
+  source     = "./modules/__experimental/net-dns-policy-addresses"
+  project_id = "myproject"
+  regions    = ["europe-west1", "europe-west3"]
 }
 # tftest skip
 ```

From ac36d588bb201eb8ab65229dbfe8e7aad4179341 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 1 Feb 2022 19:02:15 +0100
Subject: [PATCH 07/10] Update main.tf

---
 modules/__experimental/net-dns-policy-address/main.tf | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/modules/__experimental/net-dns-policy-address/main.tf b/modules/__experimental/net-dns-policy-address/main.tf
index 1a5079efa..cb3144de7 100644
--- a/modules/__experimental/net-dns-policy-address/main.tf
+++ b/modules/__experimental/net-dns-policy-address/main.tf
@@ -21,14 +21,11 @@ locals {
   )
 }
 
-data "google_client_config" "current" {
-}
+data "google_client_config" "current" {}
 
 data "http" "addresses" {
   for_each = toset(var.regions)
   url      = "${local.url}/regions/${each.key}/addresses?filter=purpose%20%3D%20%22DNS_RESOLVER%22"
-
-  # Optional request headers
   request_headers = {
     Authorization = "Bearer ${data.google_client_config.current.access_token}"
   }

From 98b238ae7afad125afbb59ec79e008e108601417 Mon Sep 17 00:00:00 2001
From: apichick <mirene@google.com>
Date: Wed, 2 Feb 2022 07:59:21 +0100
Subject: [PATCH 08/10] =?UTF-8?q?Updated=20modules=20README=20to=20include?=
 =?UTF-8?q?=20details=20around=20module=20versioning=20an=E2=80=A6=20(#476?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Updated modules README to include details around module versioning and how to best use the modules

* Update README.md

Co-authored-by: apichick <apichick@google.com>
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 modules/README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/modules/README.md b/modules/README.md
index 31770ec5c..9b1913c74 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -8,6 +8,25 @@ Authoritative IAM bindings are primarily used (e.g. `google_storage_bucket_iam_b
 
 Specific modules also offer support for non-authoritative bindings (e.g. `google_storage_bucket_iam_member` for service accounts), to allow granular permission management on resources that they don't manage directly.
 
+These modules are not necessarily backward compatible. Changes breaking compatibility in modules are marked by major releases (but not all major releases contain breaking changes). Please be mindful when upgrading Fabric modules in existing Terraform setups, and always try to use versioned references in module sources so you can easily revert back to a previous version. Since the introduction of the `moved` block in Terraform we try to use it whenever possible to make updates non-breaking, but that does not cover all changes we might need to make.
+
+These modules are used in the examples included in this repository. If you are using any of those examples in your own Terraform configuration, make sure that you are using the same version for all the modules, and switch module sources to GitHub format using references. The recommended approach to working with Fabric modules is the following:
+
+- Fork the repository and own the fork. This will allow you to:
+    - Evolve the existing modules.
+    - Create your own modules.
+    - Sync from the upstream repository to get all the updates.
+- Use GitHub sources with refs to reference the modules in your fork. See an example below:
+
+    ```
+    module "project" {
+        source              = "github.com/my-fork/cloud-foundation-fabric.git//modules/project?ref=v12.0.0"
+        name                = "my-project"
+        billing_account     = "123456-123456-123456"
+        parent              = "organizations/123456"
+    }
+    ```
+
 ## Foundational modules
 
 - [billing budget](./billing-budget)

From 5396735bc64f543fa552a0d7cf570c9009d8caf0 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Wed, 2 Feb 2022 08:32:59 +0100
Subject: [PATCH 09/10] Changes to gcs to bq least privilege example (#447)

* Changes to gcs to bq least privilege example

* Fix 'try' on encryption variables

* Fix roles

* Fix tests

* Use templatefile in output variables

* Remove FIXME

* Fix tests

* Changes to gcs to bq least privilege example

* Fix 'try' on encryption variables

* Fix roles

* Fix tests

* Use templatefile in output variables

* Remove FIXME

* Fix tests

* Merge branch 'jccb/gcs-to-bq-changes' of https://github.com/GoogleCloudPlatform/cloud-foundation-fabric into jccb/gcs-to-bq-changes

* fix readme and template

* fix readme

* Update FIXME.

Co-authored-by: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 .../gcs-to-bq-with-least-privileges/README.md | 29 ++++++-----
 .../bigquery.tftpl                            |  2 +
 .../dataflow.tftpl                            | 18 +++++++
 .../datastorage.tf                            | 24 ++++-----
 .../gcs-to-bq-with-least-privileges/kms.tf    |  2 +-
 .../gcs-to-bq-with-least-privileges/main.tf   | 16 +++---
 .../outputs.tf                                | 52 ++++++++++---------
 .../serviceaccounts.tf                        |  4 --
 .../terraform.tfvars.sample                   |  4 +-
 .../gcs-to-bq-with-least-privileges/vpc.tf    |  4 --
 .../test_plan.py                              |  2 +-
 11 files changed, 81 insertions(+), 76 deletions(-)
 create mode 100644 examples/data-solutions/gcs-to-bq-with-least-privileges/bigquery.tftpl
 create mode 100644 examples/data-solutions/gcs-to-bq-with-least-privileges/dataflow.tftpl

diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md b/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md
index 078ba2647..8804fcc95 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/README.md
@@ -3,17 +3,18 @@
 This example creates the infrastructure needed to run a [Cloud Dataflow](https://cloud.google.com/dataflow) pipeline to import data from [GCS](https://cloud.google.com/storage) to [Bigquery](https://cloud.google.com/bigquery). The example will create different service accounts with least privileges on resources. To run the pipeline, users listed in `data_eng_principals` can impersonate all those service accounts.
 
 The solution will use:
- - internal IPs for GCE and Cloud Dataflow instances
- - Cloud NAT to let resources egress to the Internet, to run system updates and install packages
- - rely on [Service Account Impersonation](https://cloud.google.com/iam/docs/impersonating-service-accounts) to avoid the use of service account keys
- - Service Accounts with least privilege on each resource
- - (Optional) CMEK encription for GCS bucket, DataFlow instances and BigQuery tables
- 
-The example is designed to match real-world use cases with a minimum amount of resources and some compromise listed below. It can be used as a starting point for more complex scenarios.
+- internal IPs for GCE and Cloud Dataflow instances
+- Cloud NAT to let resources egress to the Internet, to run system updates and install packages
+- rely on [Service Account Impersonation](https://cloud.google.com/iam/docs/impersonating-service-accounts) to avoid the use of service account keys
+- Service Accounts with least privilege on each resource
+- (Optional) CMEK encription for GCS bucket, DataFlow instances and BigQuery tables
+
+The example is designed to match real-world use cases with a minimum amount of resources and some compromises listed below. It can be used as a starting point for more complex scenarios.
 
 This is the high level diagram:
 
 ![GCS to Biquery High-level diagram](diagram.png "GCS to Biquery High-level diagram")
+
 ## Move to real use case consideration
 In the example we implemented some compromise to keep the example minimal and easy to read. On a real word use case, you may evaluate the option to:
  - Configure a Shared-VPC
@@ -93,13 +94,13 @@ We need to create 3 file:
  - A `person_udf.js` containing the UDF javascript file used by the Dataflow template.
  - A `person_schema.json` file containing the table schema used to import the CSV.
  
-You can find an example of those file in the folder `./data-demo`. You can copy the example files in the GCS bucket using the  command returned in the terraform output as `command-01-gcs`. Below an example:
+You can find an example of those file in the folder `./data-demo`. You can copy the example files in the GCS bucket using the  command returned in the terraform output as `command_01_gcs`. Below an example:
 
 ```bash
 gsutil -i gcs-landing@PROJECT.iam.gserviceaccount.com cp data-demo/* gs://LANDING_BUCKET
 ```
 
-We can now run the Dataflow pipeline using the `gcloud` returned in the terraform output as `command-02-dataflow`. Below an example:
+We can now run the Dataflow pipeline using the `gcloud` returned in the terraform output as `command_02_dataflow`. Below an example:
 
 ```bash
 gcloud --impersonate-service-account=orch-test@PROJECT.iam.gserviceaccount.com dataflow jobs run test_batch_01 \
@@ -119,7 +120,7 @@ outputTable=PROJECT:datalake.person,\
 bigQueryLoadingTemporaryDirectory=gs://PREFIX-df-tmp 
 ```
 
-You can check data imported into Google BigQuery using the  command returned in the terraform output as `command-03-bq`. Below an example:
+You can check data imported into Google BigQuery using the  command returned in the terraform output as `command_03_bq`. Below an example:
 
 ```
 bq query --use_legacy_sql=false 'SELECT * FROM `PROJECT.datalake.person` LIMIT 1000'
@@ -144,10 +145,10 @@ bq query --use_legacy_sql=false 'SELECT * FROM `PROJECT.datalake.person` LIMIT 1
 |---|---|:---:|
 | [bq_tables](outputs.tf#L15) | Bigquery Tables. |  |
 | [buckets](outputs.tf#L20) | GCS bucket Cloud KMS crypto keys. |  |
-| [command-01-gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. |  |
-| [command-02-dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. |  |
-| [command-03-bq](outputs.tf#L70) | BigQuery command to query imported data. |  |
+| [command_01_gcs](outputs.tf#L43) | gcloud command to copy data into the created bucket impersonating the service account. |  |
+| [command_02_dataflow](outputs.tf#L48) | Command to run Dataflow template impersonating the service account. |  |
+| [command_03_bq](outputs.tf#L69) | BigQuery command to query imported data. |  |
 | [project_id](outputs.tf#L28) | Project id. |  |
-| [serviceaccount](outputs.tf#L33) | Service account. |  |
+| [service_accounts](outputs.tf#L33) | Service account. |  |
 
 <!-- END TFDOC -->
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/bigquery.tftpl b/examples/data-solutions/gcs-to-bq-with-least-privileges/bigquery.tftpl
new file mode 100644
index 000000000..3be2492e2
--- /dev/null
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/bigquery.tftpl
@@ -0,0 +1,2 @@
+bq query --project_id=${project_id} --use_legacy_sql=false \
+  'SELECT * FROM `${project_id}.${bigquery_dataset}.${bigquery_table}` LIMIT ${sql_limit}'
\ No newline at end of file
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/dataflow.tftpl b/examples/data-solutions/gcs-to-bq-with-least-privileges/dataflow.tftpl
new file mode 100644
index 000000000..820770fbe
--- /dev/null
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/dataflow.tftpl
@@ -0,0 +1,18 @@
+gcloud \
+  --impersonate-service-account=${sa_orch_email} \
+  dataflow jobs run test_batch_01 \
+  --gcs-location gs://dataflow-templates/latest/GCS_Text_to_BigQuery \
+  --project ${project_id} \
+  --region ${region} \
+  --disable-public-ips \
+  --subnetwork ${subnet} \
+  --staging-location ${gcs_df_stg} \
+  --service-account-email ${sa_df_email} \
+  %{ if cmek_encryption }--dataflow-kms-key=${kms_key_df} %{ endif } \
+  --parameters \
+javascriptTextTransformFunctionName=transform,\
+JSONPath=${data_schema_file},\
+javascriptTextTransformGcsPath=${data_udf_file},\
+inputFilePattern=${data_file},\
+outputTable=${project_id}:${bigquery_dataset}.${bigquery_table},\
+bigQueryLoadingTemporaryDirectory=${gcs_df_tmp}
\ No newline at end of file
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
index 357111255..98b15bb20 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/datastorage.tf
@@ -12,10 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-###############################################################################
-#                                   GCS                                       #
-###############################################################################
-
 module "gcs-data" {
   source         = "../../../modules/gcs"
   project_id     = module.project.project_id
@@ -23,7 +19,7 @@ module "gcs-data" {
   name           = "data"
   location       = var.region
   storage_class  = "REGIONAL"
-  encryption_key = var.cmek_encryption ? try(module.kms[0].keys.key-gcs.id, null) : null
+  encryption_key = var.cmek_encryption ? module.kms[0].keys.key-gcs.id : null
   force_destroy  = true
 }
 
@@ -34,22 +30,20 @@ module "gcs-df-tmp" {
   name           = "df-tmp"
   location       = var.region
   storage_class  = "REGIONAL"
-  encryption_key = var.cmek_encryption ? try(module.kms[0].keys.key-gcs.id, null) : null
+  encryption_key = var.cmek_encryption ? module.kms[0].keys.key-gcs.id : null
   force_destroy  = true
 }
 
-###############################################################################
-#                                   BQ                                        #
-###############################################################################
-
 module "bigquery-dataset" {
   source     = "../../../modules/bigquery-dataset"
   project_id = module.project.project_id
   id         = "datalake"
   location   = var.region
-  # Define Tables in Terraform for the porpuse of the example. 
-  # Probably in a production environment you would handle Tables creation in a 
-  # separate Terraform State or using a different tool/pipeline (for example: Dataform).
+
+  # Note: we define tables in Terraform for the purpose of this
+  # example. A production environment would probably handle table
+  # creation in a separate terraform pipeline or using a different
+  # tool (for example: Dataform)
   tables = {
     person = {
       friendly_name = "Person. Dataflow import."
@@ -64,10 +58,10 @@ module "bigquery-dataset" {
       deletion_protection = false
       options = {
         clustering      = null
-        encryption_key  = var.cmek_encryption ? try(module.kms[0].keys.key-bq.id, null) : null
+        encryption_key  = var.cmek_encryption ? module.kms[0].keys.key-bq.id : null
         expiration_time = null
       }
     }
   }
-  encryption_key = var.cmek_encryption ? try(module.kms[0].keys.key-bq.id, null) : null
+  encryption_key = var.cmek_encryption ? module.kms[0].keys.key-bq.id : null
 }
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/kms.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/kms.tf
index d7133542b..5e6166308 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/kms.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/kms.tf
@@ -17,7 +17,7 @@ module "kms" {
   source     = "../../../modules/kms"
   project_id = module.project.project_id
   keyring = {
-    name     = "${var.prefix}-keyring",
+    name     = "${var.prefix}-keyring"
     location = var.region
   }
   keys = {
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/main.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/main.tf
index e2a50e4fc..8c8486440 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/main.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/main.tf
@@ -58,19 +58,18 @@ locals {
       module.service-account-orch.iam_email,
     ]
     "roles/iam.serviceAccountTokenCreator" = concat(
-      var.data_eng_principals,
-    )
-    "roles/viewer" = concat(
       var.data_eng_principals
     )
     # Dataflow roles
-    "roles/dataflow.admin" = concat([
-      module.service-account-orch.iam_email,
-      ], var.data_eng_principals
+    "roles/dataflow.admin" = concat(
+      [module.service-account-orch.iam_email],
+      var.data_eng_principals
     )
     "roles/dataflow.worker" = [
       module.service-account-df.iam_email,
     ]
+    "roles/dataflow.developer" = var.data_eng_principals
+    "roles/compute.viewer"     = var.data_eng_principals
     # network roles
     "roles/compute.networkUser" = [
       module.service-account-df.iam_email,
@@ -79,10 +78,6 @@ locals {
   }
 }
 
-###############################################################################
-#                                 Projects                                    #
-###############################################################################
-
 module "project" {
   source          = "../../../modules/project"
   name            = var.project_id
@@ -101,6 +96,7 @@ module "project" {
     "storage.googleapis.com",
     "storage-component.googleapis.com",
   ]
+
   # additive IAM bindings avoid disrupting bindings in existing project
   iam          = var.project_create != null ? local.iam : {}
   iam_additive = var.project_create == null ? local.iam : {}
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf
index 2114d2f90..7ffd06340 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/outputs.tf
@@ -30,7 +30,7 @@ output "project_id" {
   value       = module.project.project_id
 }
 
-output "serviceaccount" {
+output "service_accounts" {
   description = "Service account."
   value = {
     bq      = module.service-account-bq.email
@@ -40,36 +40,38 @@ output "serviceaccount" {
   }
 }
 
-output "command-01-gcs" {
+output "command_01_gcs" {
   description = "gcloud command to copy data into the created bucket impersonating the service account."
   value       = "gsutil -i ${module.service-account-landing.email} cp data-demo/* ${module.gcs-data.url}"
 }
 
-output "command-02-dataflow" {
+output "command_02_dataflow" {
   description = "Command to run Dataflow template impersonating the service account."
-  value       = <<EOT
-  gcloud --impersonate-service-account=${module.service-account-orch.email} dataflow jobs run test_batch_01 \
-    --gcs-location gs://dataflow-templates/latest/GCS_Text_to_BigQuery \
-    --project ${module.project.project_id} \
-    --region ${var.region} \
-    --disable-public-ips \
-    --subnetwork ${module.vpc.subnets[format("%s/%s", var.region, "subnet")].self_link} \
-    --staging-location ${module.gcs-df-tmp.url} \
-    --service-account-email ${module.service-account-df.email} \
-    ${var.cmek_encryption ? format("--dataflow-kms-key=%s", module.kms[0].key_ids.key-df) : ""} \
-    --parameters \
-javascriptTextTransformFunctionName=transform,\
-JSONPath=${module.gcs-data.url}/person_schema.json,\
-javascriptTextTransformGcsPath=${module.gcs-data.url}/person_udf.js,\
-inputFilePattern=${module.gcs-data.url}/person.csv,\
-outputTable=${module.project.project_id}:${module.bigquery-dataset.dataset_id}.${module.bigquery-dataset.tables["person"].table_id},\
-bigQueryLoadingTemporaryDirectory=${module.gcs-df-tmp.url} 
-  EOT
+  value = templatefile("${path.module}/dataflow.tftpl", {
+    sa_orch_email    = module.service-account-orch.email
+    project_id       = module.project.project_id
+    region           = var.region
+    subnet           = module.vpc.subnets["${var.region}/subnet"].self_link
+    gcs_df_stg       = format("%s/%s", module.gcs-df-tmp.url, "stg")
+    sa_df_email      = module.service-account-df.email
+    cmek_encryption  = var.cmek_encryption
+    kms_key_df       = var.cmek_encryption ? module.kms[0].key_ids.key-df : null
+    gcs_data         = module.gcs-data.url
+    data_schema_file = format("%s/%s", module.gcs-data.url, "person_schema.json")
+    data_udf_file    = format("%s/%s", module.gcs-data.url, "person_udf.js")
+    data_file        = format("%s/%s", module.gcs-data.url, "person.csv")
+    bigquery_dataset = module.bigquery-dataset.dataset_id
+    bigquery_table   = module.bigquery-dataset.tables["person"].table_id
+    gcs_df_tmp       = format("%s/%s", module.gcs-df-tmp.url, "tmp")
+  })
 }
 
-output "command-03-bq" {
+output "command_03_bq" {
   description = "BigQuery command to query imported data."
-  value       = <<EOT
-  bq query --project_id=${module.project.project_id} --use_legacy_sql=false 'SELECT * FROM `${module.project.project_id}.${module.bigquery-dataset.dataset_id}.${module.bigquery-dataset.tables["person"].table_id}` LIMIT 1000'"
-  EOT
+  value = templatefile("${path.module}/bigquery.tftpl", {
+    project_id       = module.project.project_id
+    bigquery_dataset = module.bigquery-dataset.dataset_id
+    bigquery_table   = module.bigquery-dataset.tables["person"].table_id
+    sql_limit        = 1000
+  })
 }
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/serviceaccounts.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/serviceaccounts.tf
index 94b3bc447..5764ad538 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/serviceaccounts.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/serviceaccounts.tf
@@ -12,10 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-###############################################################################
-#                              Service Accounts                               #
-###############################################################################
-
 module "service-account-bq" {
   source     = "../../../modules/iam-service-account"
   project_id = module.project.project_id
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/terraform.tfvars.sample b/examples/data-solutions/gcs-to-bq-with-least-privileges/terraform.tfvars.sample
index 2ec10c499..672e0229d 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/terraform.tfvars.sample
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/terraform.tfvars.sample
@@ -1,3 +1,3 @@
 data_eng_principals = ["user:data-eng@domain.com"]
-project_id      = "datalake-001"
-prefix          = "prefix"
\ No newline at end of file
+project_id          = "datalake-001"
+prefix              = "prefix"
diff --git a/examples/data-solutions/gcs-to-bq-with-least-privileges/vpc.tf b/examples/data-solutions/gcs-to-bq-with-least-privileges/vpc.tf
index bae63d700..d8cc33244 100644
--- a/examples/data-solutions/gcs-to-bq-with-least-privileges/vpc.tf
+++ b/examples/data-solutions/gcs-to-bq-with-least-privileges/vpc.tf
@@ -12,10 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-###############################################################################
-#                                   Networking                                #
-###############################################################################
-
 module "vpc" {
   source     = "../../../modules/net-vpc"
   project_id = module.project.project_id
diff --git a/tests/examples/data_solutions/gcs_to_bq_with_least_privileges/test_plan.py b/tests/examples/data_solutions/gcs_to_bq_with_least_privileges/test_plan.py
index dffa25d2d..37ea4e8a9 100644
--- a/tests/examples/data_solutions/gcs_to_bq_with_least_privileges/test_plan.py
+++ b/tests/examples/data_solutions/gcs_to_bq_with_least_privileges/test_plan.py
@@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner):
   "Test that plan works and the numbers of resources is as expected."
   modules, resources = e2e_plan_runner(FIXTURES_DIR)
   assert len(modules) == 11
-  assert len(resources) == 43
+  assert len(resources) == 44

From e279818b55a430f87b3c6221841d9e1f56561385 Mon Sep 17 00:00:00 2001
From: Elia <79325566+eliamaldini@users.noreply.github.com>
Date: Wed, 2 Feb 2022 15:21:10 +0100
Subject: [PATCH 10/10] M4CE (v5) Examples (#413)

* M4CE (v5) Examples

* vm-migration new parent folder

* New vm-migration section

* Updated variables description

* Updated variables description

* Fixed broken link

* Updated variables description

* Fix lines spacing

* Added output variable

* Updated Variables description

* New variables layout

* fixed new line

* M4CE (v5) Examples

* vm-migration new parent folder

* New vm-migration section

* Updated variables description

* Updated variables description

* Fixed broken link

* Updated variables description

* Fix lines spacing

* Added output variable

* Updated Variables description

* New variables layout

* fixed new line

* added test

* move test on new folder

* Updated variables order and description

* Added output file

* vm-migration example tests

* Updated output description

* Updated output description

* Fixed Typo

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 examples/cloud-operations/README.md           |   7 +-
 .../cloud-operations/vm-migration/README.md   |  34 +++++++
 .../vm-migration/esxi/README.md               |  43 +++++++++
 .../vm-migration/esxi/backend.tf.sample       |  20 ++++
 .../vm-migration/esxi/diagram.png             | Bin 0 -> 16388 bytes
 .../vm-migration/esxi/main.tf                 |  58 +++++++++++
 .../vm-migration/esxi/provider.tf             |  20 ++++
 .../vm-migration/esxi/variables.tf            |  66 +++++++++++++
 .../vm-migration/esxi/vsphere.tf              |  37 +++++++
 .../host-target-projects/README.md            |  40 ++++++++
 .../host-target-projects/backend.tf.sample    |  20 ++++
 .../host-target-projects/diagram.png          | Bin 0 -> 34623 bytes
 .../vm-migration/host-target-projects/main.tf |  73 ++++++++++++++
 .../host-target-projects/outputs.tf           |  18 ++++
 .../host-target-projects/variables.tf         |  44 +++++++++
 .../host-target-sharedvpc/README.md           |  44 +++++++++
 .../host-target-sharedvpc/backend.tf.sample   |  20 ++++
 .../host-target-sharedvpc/diagram.png         | Bin 0 -> 34273 bytes
 .../host-target-sharedvpc/main.tf             |  84 ++++++++++++++++
 .../host-target-sharedvpc/outputs.tf          |  18 ++++
 .../host-target-sharedvpc/variables.tf        |  48 ++++++++++
 .../vm-migration/single-project/README.md     |  41 ++++++++
 .../single-project/backend.tf.sample          |  20 ++++
 .../vm-migration/single-project/diagram.png   | Bin 0 -> 26745 bytes
 .../vm-migration/single-project/main.tf       |  90 ++++++++++++++++++
 .../vm-migration/single-project/outputs.tf    |  18 ++++
 .../vm-migration/single-project/variables.tf  |  51 ++++++++++
 .../host_target_projects/__init__.py          |  13 +++
 .../host_target_projects/fixture/main.tf      |  43 +++++++++
 .../host_target_projects/test_plan.py         |  26 +++++
 .../host_target_sharedvpc/__init__.py         |  13 +++
 .../host_target_sharedvpc/fixture/main.tf     |  51 ++++++++++
 .../host_target_sharedvpc/test_plan.py        |  26 +++++
 .../vm_migration/single_project/__init__.py   |  13 +++
 .../single_project/fixture/main.tf            |  31 ++++++
 .../vm_migration/single_project/test_plan.py  |  25 +++++
 36 files changed, 1154 insertions(+), 1 deletion(-)
 create mode 100644 examples/cloud-operations/vm-migration/README.md
 create mode 100644 examples/cloud-operations/vm-migration/esxi/README.md
 create mode 100644 examples/cloud-operations/vm-migration/esxi/backend.tf.sample
 create mode 100644 examples/cloud-operations/vm-migration/esxi/diagram.png
 create mode 100644 examples/cloud-operations/vm-migration/esxi/main.tf
 create mode 100644 examples/cloud-operations/vm-migration/esxi/provider.tf
 create mode 100644 examples/cloud-operations/vm-migration/esxi/variables.tf
 create mode 100644 examples/cloud-operations/vm-migration/esxi/vsphere.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/README.md
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/backend.tf.sample
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/diagram.png
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/main.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/outputs.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-projects/variables.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/README.md
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/backend.tf.sample
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/diagram.png
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/main.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
 create mode 100644 examples/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
 create mode 100644 examples/cloud-operations/vm-migration/single-project/README.md
 create mode 100644 examples/cloud-operations/vm-migration/single-project/backend.tf.sample
 create mode 100644 examples/cloud-operations/vm-migration/single-project/diagram.png
 create mode 100644 examples/cloud-operations/vm-migration/single-project/main.tf
 create mode 100644 examples/cloud-operations/vm-migration/single-project/outputs.tf
 create mode 100644 examples/cloud-operations/vm-migration/single-project/variables.tf
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_projects/__init__.py
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_projects/fixture/main.tf
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_projects/test_plan.py
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/__init__.py
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/fixture/main.tf
 create mode 100644 tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/test_plan.py
 create mode 100644 tests/examples/cloud_operations/vm_migration/single_project/__init__.py
 create mode 100644 tests/examples/cloud_operations/vm_migration/single_project/fixture/main.tf
 create mode 100644 tests/examples/cloud_operations/vm_migration/single_project/test_plan.py

diff --git a/examples/cloud-operations/README.md b/examples/cloud-operations/README.md
index 1a491e94f..62f86db9c 100644
--- a/examples/cloud-operations/README.md
+++ b/examples/cloud-operations/README.md
@@ -50,5 +50,10 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
 
 
 This [example](./onprem-sa-key-management) shows how to manage IAM Service Account Keys by manually generating a key pair and uploading the public part of the key to GCP.
-s
+
+<br clear="left">
+
+## Migrate for Compute Engine (v5)
+<a href="./vm-migration" title="Packer image builder"><img src="./vm-migration/host-target-projects/diagram.png" align="left" width="280px"></a> This set of [examples](./vm-migration) shows how to deploy Migrate for Compute Engine (v5) on top of existing Cloud Foundations on different scenarios. An example on how to deploy the M4CE connector on VMWare ESXi is also part of the examples.
+
 <br clear="left">
\ No newline at end of file
diff --git a/examples/cloud-operations/vm-migration/README.md b/examples/cloud-operations/vm-migration/README.md
new file mode 100644
index 000000000..0c75af091
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/README.md
@@ -0,0 +1,34 @@
+# Migrate for Compute Engine (v5) examples
+
+The examples in this folder implement **Migrate for Compute Engine (v5)** environments for the main migration scenarios like the ones with host and target project, or with shared VPC.
+
+They are meant to be used as minimal but complete starting points to create migration environment **on top of existing cloud foundations**, and as playgrounds to experiment with specific Google Cloud features.
+
+## Examples
+
+### M4CE on a single project
+
+<a href="./single-project/" title="M4CE with single project"><img src="./single-project/diagram.png" align="left" width="280px"></a> This [example](./single-project/) implements a simple environment for Migrate for Compute Engine (v5) where both the API backend and the migration target environment are deployed on a single GCP project.
+
+This example represents the easiest sceario to implement a Migrate for Compute Engine (v5) enviroment suitable for small migrations on simple enviroments or for product showcases. 
+<br clear="left">
+
+### M4CE with host and target projects
+
+<a href="./host-target-projects/" title="M4CE with host and target projects"><img src="./host-target-projects/diagram.png" align="left" width="280px"></a> This [example](./host-target-projects/) implements a Migrate for Compute Engine (v5) host and target projects topology where the API backend and access grants are implemented on the host project while workloads are migrated on a different target project.
+
+This example shows a complex scenario where Migrate for Compute Engine (v5) can be deployed on top of and existing HUB and SPOKE topology and the migration target projects are deployed with platform foundations.
+<br clear="left">
+
+### M4CE with Host and Target Projects and Shared VPC
+
+<a href="./host-target-sharedvpc/" title="M4CE with host and target projects and shared VPC"><img src="./host-target-sharedvpc/diagram.png" align="left" width="280px"></a> This [example](./host-target-sharedvpc/) implements a Migrate for Compute Engine (v5) host and target projects topology as described above with the support of shared VPC. 
+
+The example shows how to implement a Migrate for Compute Engine (v5) environment on top of an existing shared VPC topology where the shared VPC service projects are the target projects for the migration. 
+<br clear="left">
+
+### ESXi Connector
+
+<a href="./esxi/" title="M4CE ESXi connector"><img src="./esxi/diagram.png" align="left" width="280px"></a> This [example](./esxi/) implements a Migrate for Compute Engine (v5) environment on a VMWare ESXi cluster as source for VM migrations.
+
+The example shows how to deploy the Migrate for Compute Engine (v5) connector and implement all the security prerequisites for the migration to GCP.
\ No newline at end of file
diff --git a/examples/cloud-operations/vm-migration/esxi/README.md b/examples/cloud-operations/vm-migration/esxi/README.md
new file mode 100644
index 000000000..8e77f37db
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/README.md
@@ -0,0 +1,43 @@
+# M4CE(v5) - ESXi Connector
+
+This example deploys a virtual machine from an OVA image and the security prerequisites to run the Migrate for Compute Engine (v5) [connector](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector) on VMWare ESXi.
+
+The example is designed to deploy the M4CE (v5) connector on and existing VMWare environment. The [network configuration](https://cloud.google.com/migrate/compute-engine/docs/5.0/concepts/architecture#migration_architecture) required to allow the communication of the migrate connetor to the GCP API is not included in this example.
+
+This is the high level diagram:
+
+![High-level diagram](diagram.png "High-level diagram")
+
+## Managed resources and services
+
+This sample creates several distinct groups of resources:
+
+- virtual machine
+  - [M4CE migrate connector](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector#installing_the_migrate_connector) 
+- IAM
+  - [vCenter user role](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector#step-1)
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [m4ce_ssh_public_key](variables.tf#L43) | Filesystem path to the public key for the SSH login | <code>string</code> | ✓ |  |
+| [vcenter_password](variables.tf#L48) | VCenter user password. | <code>string</code> | ✓ |  |
+| [vsphere_environment](variables.tf#L53) | VMVware VSphere connection parameters | <code title="object&#40;&#123;&#10;  vcenter_ip    &#61; string&#10;  vcenter_user  &#61; string&#10;  data_center   &#61; string&#10;  resource_pool &#61; string&#10;  host_ip       &#61; string&#10;  datastore     &#61; string&#10;  virtual_net   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [m4ce_appliance_properties](variables.tf#L15) | M4CE connector OVA image configuration parameters | <code title="object&#40;&#123;&#10;  hostname &#61; string&#10;  ip0      &#61; string&#10;  netmask0 &#61; string&#10;  gateway  &#61; string&#10;  DNS      &#61; string&#10;  proxy    &#61; string&#10;  route0   &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  &#34;hostname&#34; &#61; &#34;gcp-m4ce-connector&#34;&#10;  &#34;ip0&#34;      &#61; &#34;0.0.0.0&#34;&#10;  &#34;netmask0&#34; &#61; &#34;0.0.0.0&#34;&#10;  &#34;gateway&#34;  &#61; &#34;0.0.0.0&#34;&#10;  &#34;DNS&#34;      &#61; &#34;&#34;&#10;  &#34;proxy&#34;    &#61; &#34;&#34;&#10;  &#34;route0&#34;   &#61; &#34;&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
+| [m4ce_connector_ovf_url](variables.tf#L37) | http URL to the public M4CE connector OVA image | <code>string</code> |  | <code>&#34;https:&#47;&#47;storage.googleapis.com&#47;vmmigration-public-artifacts&#47;migrate-connector-2-0-1663.ova&#34;</code> |
+
+<!-- END TFDOC -->
+## Manual Steps
+Once this example is deployed a VCenter user has to be created and binded to the M4CE role in order to allow the connector access the VMWare resources.
+The user can be created manually through the VCenter web interface or througt GOV commandline if it is available:
+```bash
+export GOVC_URL=<VCENTER_URL> (eg. https://192.168.1.100/sdk)
+export GOVC_USERNAME=<VCENTER_ADMIN_USER> (eg. administrator@example.local)
+export GOVC_PASSWORD=<PASSWORD>
+export GOVC_INSECURE=true
+
+govc sso.user.create  -p <USER_PASSWORD> -R gcp-m4ce-role gcp-m4ce-user
+govc permissions.set  -principal gcp-m4ce-user@example.local   -propagate=true  -role gcp-m4ce-role
+```
diff --git a/examples/cloud-operations/vm-migration/esxi/backend.tf.sample b/examples/cloud-operations/vm-migration/esxi/backend.tf.sample
new file mode 100644
index 000000000..99f84b17c
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/backend.tf.sample
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+terraform {
+  backend "gcs" {
+    bucket = ""
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/esxi/diagram.png b/examples/cloud-operations/vm-migration/esxi/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..45ccb361020058a8da9d3dec8a601a2252e2cc23
GIT binary patch
literal 16388
zcmdVBWmH_<wk?`Ka82;S1Hl~%m*BzO9fB6_PVfN1EqDl?K;dq|AvhsWxJwA`&Rwv-
zeeSuZo!4G_zs`Nt8vIx?*IaWB>7$RnB9s-SF;GFM&z?QQka;Je`s~?rug5=RIN->c
z$*|3{XCi|#5~Av!hI?5ajwCbgIcKrvso!kBGd<)neE<38yFQDK`+)gON;Wg3@o4YF
z*<)#L-LK<&eLNoy#mkQ*@7B>@Z)LiS@S$_C^#{vi6XC=?e_%_s<t9dd_IzmBbVRF2
zTj*l3ZGp4<&QVcmbQ#MXIfx=AM<k9L`-Lb8{5mLz!u5G$7zMJyTPP*67(pBaIcN-l
z)qS{kY6NzS-y;)KP;2)mfLJusxF6ht*ci5q=8RD;3Z=XZ((i%*SGQ42AA*2kSpO$a
z$NT^<n7P#M`IW)rP@O=0d~`lBm3l-EP1XEl%xKoT?hCij3W2UP{+_ybs?i$oW<w#X
zIv+1k$c@@7z#bN<Y8V%&t+{yHnc14ix<{I+f;D2(&CEMBHZS{7^NLb9@;&RPj&~|i
z7R!~Wmaoae!aqw0x3OJnGm{Ax3jN&AwVaF$bsJcBz<yi@%)jZ^BY_{{kRcEsEsuj$
zP}+O9%56}Z%m9n4`%y(*U3FEJTf+e^2rrhja(N~7M}-v<60MvZF=TK7x?Dj>hhlIj
z_tr6_H5kWTv^+S^MOoX`z(<6pJAIS|>V9#|T;?$6!|Tb+#WB+JyE+%*=)lT_i%qh>
zM=*I|MTC{HK}A0!i51+rAn2QEAXJf>I@;CWkQ7<SLLv!63-0=gb0n{aM0-S%u}<Yw
zGDEiLPiE-Pt5-;T)h%Y|WngTT^gSarv08uzJxZ3&VfRBUjM`3It><@D=g-10Xl^U5
z`xwPEwyzW2wDIqPjimV&_qAIr5kvlf4iUCem-Wi`@}n?)Uz>B%yk-LbTa+$s{dQ-J
z@9bQ!M|yi#W(yd_1bX#bU3-q&T&&dLZrwII-#8ISiD_%kX}7+tl;Qna6#HP<Ov%@I
zOGy5Tthv6vsbH)3_uqQ^#eJe2>3w)f&{A74{E80Y5_g;19Zg}Y(;niB)VOTMe8qR=
zrA&5}RPL<b?A^}}+uYWsdR(@k25q|9ztNk)=X61xrbENbY{6*}d@a_tu1GGrdNXed
zx7=bzC=6`2i4^5Wqvb|^vX-Z2{w96_7<v?y3r6Q^wuY!zu;(-X6*F_wJ(Qo=aB}HH
zCJxiU(3RheU~U_$Z<HJY-V=ptC=dkjd-QE9-W=v_#WYl8XKMUFTw>>rpOi&L#te6N
zxgh(j`IW%>-CHYl3lm8h14d_TYFQo0WZoCla60QrQ|Lp*m0D`Cot>Q^*+`io&*k+<
zLxCHlLsCT7=#ih-y|=-ghx`<1;wd4S$YR~<@s$IG9>dEs>qBt71SR^0I(CLSq^iUN
zI<2CQUdfvT>8-KuyhCD9l5kvk6`6W(T`(5Kg*4Dp;IcIe!NExsD7+x&HEMHIaqRmY
zmAbdPpQq`3au{aRt=qvSAkg<A?wyB{k#+>w^woRvTDw-#NNY8m>hG!Lg<HuHqe!8#
zt#|O~%@HkYMJ{7~CtBK*n-=(1qx2=BUjtbt!C8^kxSE}8HG|&Les{s~Qj}MwEN0Na
z7YYhP2cQK>rx039KjXu(U0HQ85N7!Fa}8=|7L#xG>#o*(9?=SMIHE%R_R55&@YNBc
zSHnU2;)gvZ2JqDqw1p@=nEsVo+!qxrOngjkOe#~MU#SFXUg`vo+nIIHjIiv3%bHiM
zcF9m<WnMWG<&$AvWQ9QcFV%C={)oG)yh(9=C&7d-@{Pg7&MdD|&uL@TJpWa0{1M?T
z8=d@a`f(U0;S1U^_FF3luQxFaX}9~NYP?WrUcd!h^b~lvn~f9wjsB8kT@VS<DCWRR
zxuEXnbJv$hD_>NO=#`ZY)?eR~&L-OZvje4&3d}*!teqWc8gg7l_Z!QqdS~yV6w^eG
zP^R9F4wS$6X9zzdY0n$I7`f?#%e>U}wqL0dBfnvwOeTdhILivw$}ybk_&k~UdQz4U
zYnpI@!-nXyF_qK&WfD_9bMYr*q^UvZ^Xj*72s)PtVKO$1f+4uN*L`z{wDDyW!-0dP
zrM8p}RoC3|j19fBvu%ZCO1FzRvfO4=YYTGYLS3tTI?FR}ED20MWP~f3U7#VhI6WCo
zDPTAU?IDu1#uz!%Q@qgq#o^XGt8%*opXGH1WH=cNRFX<aoL~M1KHA9-2@m@v6N7q(
zMa2OY+$LQlS_gynt08b>k9L=k*@>p6dvRw%6)KD^9}oM*NWSV6r(m<GnO*G3%SF=Q
z8|Cf}iDFZ!Y>PK;r0|DXsSeMMsWSKAX?b`&Sl_>nccOn6P~oHE#yLsVK*Pb(Xz6Qs
zd%6P7gtwq8v9sPLnJ13;(`Zq+$*b{RW0e$(=rQ;Li9mZmQbPeBUo%K_;zTx{e%Xjp
zsj{-N+-j%WI07=^A{*kR{OOD2div|!?{3DgBqL#9v)T95{Pd&)gMhcZ<HD{by(``v
z8fF>`t(JW^7|7&%8>9__gM1+vB&#w$A7FuYwtb$NpPyLxMQ{}pVEj3CRGdp!cebLl
zqT-v(ZhFgclgaq7=x3yq4!-3fz^|x0=7{kxO5>7DItkjuA9^2?=PI&(@HR;n3VM{(
zPe(%^$*u#FcV1@Uu|^cl{my$6c&Am6Ug>R6Pp7xR)-&hG3?6&%ptQ;#37UM<8R>57
zXlv#Vv#4ziZYSIvtb(WK7~Mp#5zOk*Rvk4px#^CAI={;8=mG&Ah}_6J2ZS6|3A37<
zoM@TtFtDc$Tj8Y`R$csyTv83{SD9nQmjsBI={m}bC2@<`j-Q``I~P=RHBL*D@!gB|
z0io7A1gB*!ZxanpVy_UWXg@6h>4AVa-BHPm<BX7tob9woYbaJ|LU10ZuZr^GhafcY
z%Y5azslkcNkFfXXz5C35W(ht4I<Og$4;kIij?15$_5&4T#UT(asAwtJu5}@=nl+}f
zvDJf+oTDH7!iXdqg1slM=KnmGDZV4U``FAH^A%G259N1(7y`P}Kj7$RLV4q&qv1I)
zNd{+U6)%(EUxSN~i`G~6atzcF#<lh4E<{?@cUN~JQh>zQA>=?7ZM|evT~!mm4)!$E
zsG>cnLW$Q<w|1UJ?<=!TZoh6V%foQS=pc~Z1SPShh2r%}DJ_oTcMhEzD#}DxAjeLD
zKWk3$gyE~JvOviQMss52MsRa9icGI(H@@?fFE~271|_VjxrD?DG<tb<fdfrc;J*?F
zg;=``+C<wEWd+=O52G0bR}IeetX(HV#_&}MWez@{ce=~i$^HGsGZ@40^ww#B-{mkL
zA0H7!ZLT(+7`8pn%H!<(yrpmE%d__e+QF|hOpo8RoStDi{jtdyl?RKQn&O=e)Sz*e
zX~_>w9yy75WMqH4)%oa^ZwM!DY3k?fD10Euzj3o$RkyOTNAP!QIH<XpJp`sAi&27+
z<lP6OW)OC(f9-QkL$Fg=6^5Db_O97k4pJQU8a*w~6+_e7+i=Ftj{gUou4omNp&1<)
z6SG~&;%<UX?)OTc{`vU?H=-r(5qjvWCgm?_>4NOI3Aog<Vg$#y>l76z6ZlBdmL^$f
z@fzA4_WJ(I>ojd;g=Uv8bz$ZUho8HLI)Ant^S_r5%vG61YmM)n^}#gyo6f#xo|pg0
zmlMZjH|UgsiGflWEWpj)B|<mf+j~DXthb-t27o+iJ(Kvy6el}PF^fnW+-VAvMzuF+
zC&JGfJM+~U7rv#VV*)XftnBX4|5}Xbf};xVG8^|lx<zmw(A@4c#l(yiO$qsctb3F5
zn@amfR%9O#r>4sdN12MT$>lyz%@4s9B>~1?N9G=K2`BdYV38d_8T{QIqw}x+L}Znj
z0Xa)?XkdnvPu<*w;5Kw}_a2@A{q6CYnEC0a(XEsz?<>I&d*#~P)nJ^;=Gt06b$!(H
zR{=J+@17Fb%Vxx=#)1IByf1<*d}t_=kcWo%=C7r#c2%e?@n{OSG`KyY+L;jNik-%i
z<5Kj-C$Hw~e>0Ve3vG+FDNl{D$QZI!wN%0n#Q2(u&X2&+Dyz<=tLgp{sHNs35|rpw
zS6}#)W|lCqmcS98x-zCr+#JhS)SwG(b%`bY+E7<}uwj%ApYbJVu-xk12ut^`zUsG%
z;WBJp<C;oLPj*-dp>xImp9b{*lf}gUKc4NBU{DR@H7RTeBqJlEQwgClY?^lf+JTi8
zM!}VScILKH^sfr-V<J}LCKmu`d9UIiisEsQ|K`BxQBz@qqNeO_>`re=E9<gwu)cVv
zZ_G6KEbDIK&&Sj;7IN4P+&*VNxO*U6-$fNj5=F$$!!m)uW%j3Q=`%AkK|w(kJZ~5n
zzCoe(J~!(u6+9mvPrB}<|NgC^r8Ql@<bP8p?(%1%AT$(V;PzGwN~y@h?}j1avOmvf
zwYuQ31m@sCMMqDvV7lpAT6#Dc73mXP@;w<|UHy8A{U4WefRI=JmbdTk?cvq8Kkv6{
zyF1q#a=*KFvnJ00UhP-(zCNdbK-2^Z(eR37*XN830iSaw*IzR;^m}XA&KOQj<5>`A
z7nc=;B*m|dSW!hqw3|aCBPs5V$c>w!#RT|C$NL4hr9H+=2m;l7YjQ62EJI7pwaZt=
zd|<;F{c<ls=7n(H`0WvJe0=<&n6dE}tNpH5`1oOb?A0~F;{9ONNt?6Dbyd;xmgs>Y
z0&-#ht#%pH&Afom&DVFPuEn~GWhy24%{a8^3ym~_f+U7N+JR{dLbfEb@W{#Ao0=GE
z-oJm3j)76Rx3_1vF7fNvFIX>Hd}`{}!9h-THdM7_OjTJK`vEspjB?0PJ`R#CUZ5Jw
zfS(s+*?whPZr;s)_2<S}YboX)Az7Ed@4n;VvIW0Dm41&Z=A+tv`uO;Gv&X^I@86Z-
zR8&+nG&C3(7`v3SWu>Kvh=>(gadFBzIw&`%r>8Goy!g`7)dk<KlQZJF8wcqwrtKx5
zg0mEUFfP~6#u@ez`F?X+f8mfnA7x;xMWW3un`~pVqap|KvDT5)R5Y}3w|BDUBU4mV
zB=v*_!*?hsD!943VPP=l`yq)INX~j6^WH&4vo_Y&y2xION5sTfKy~!>f%jHWR1AaE
z)zy)Zkc4EwGcqu^_k*Roi5sMZc$zaa*l+&EA`}hz9(r&Z`SW_5g?m+JoLqd`v^UDU
zyCYB|Z#B61<50@-rq!YOGCuJqy8)P;F>42J8R<)F9w!Y;$9nb|)>iqg=gLm(R=IIk
z_dF=tK*+h^*pq-w@k>?H)KmvOCB4S%1^;1U1e5&YoR-#-wyNfH$*IXH54Ve<;n8YC
z?b6yZKMM<~rmYoNmY1{a)C51LOWd?>)S`Z{*0+KJ$=ht)6mJNG5u|eL>h5l8=IN=u
zjbLVG#;p5-ezy<I&dv_F?b_O!XWioBVnIQ{(4#5El8Y$H$OJ+TQ9GFu{KnyAa=)RX
zpv1e9BCV&>7XSVRjcIJwB5Qx(;k0}h+@%c=y7}Io)qFZv&`+UZ+3anv*jiJpiq5=Y
zjtLWJTw25%o^xmDo?iSmiFm6dyX8Zvy`?bBAx*1Aw;59s3gG>B+SHxHzqX)_zmtij
z;>Vo^2L~q>VsM!PGh2cVMh(u7u#(POU%h8vTf^}}ki5uRh~8i1Y=Xoz_)X8>x1m*4
zk5@WndYQXLHx@8EbNv|!hYyE-gSJ8}=pojL=dGBnjfhbXLus5M4_Bi{)&08b&U}cz
z*MExoISyIt+Ha5Lj*wpZU#^7L*Vx+HR;1iD&@eEdj)>i>YG`Qa>FKGfznFfj{qp6@
z3iK+n_w1J_tpN{h6$H&9amVRYD?b2RQO18W^l)lKP=43E;S*3;a|Ph2fD*;#isNEm
zb1yN%0?m@JzSMcnRAFaT&gqteVvYzkg@b#;01R!m1tI5fB&di%!_NAuih-H{4^Pqf
z{X}+F#&>85TGS_~gVlU_{bCZ23&tSRSF<%%gJz7z?p|6v{8W6r)HgIm{QQju&0e(a
z6;{^PC0{Boi=w7?h%@qU$T3@7dFSgz3?+o$?D>#-yI>e!V51SJ#R)IxHa82@r9qx?
zkWLA3aCGWo?tso&@HjvX@I*K+(PFt)6UT=uUAw!sE!b^sZG<g(c+pW&gP4t*A9+7R
zCgsv2_!ai+8CM>hsSdDsBJT$h>F(Cf!UD8OU4IX`nT{n^f)utsZfZ{AOjG!8eIK#c
z9A$0oeF;PlCzJv0b@!N&;$-SpZN(@#xjstJKxVn)Fk_5xdqrGYme0yDMtis@e6YBf
zfTE9;_DeD%csa6g2#o${Cp{$OMNLCvV`Vs#-Jk7k*mx6S%ftQ6$jC@30gV`0i2T-D
zXj*2bL~=;<_4W18ki4zBmKNGQoR^nZ1tGVxQe`B{xyb>4Xjs_Sd(#8)%D;Vms0UD;
ziIz(e%vDf<g=XE9mw(=_kx=y~-k%SyWjEg}a+P2v?kb7uMgF5J5s<i9ePoqXcbgQ$
zd;3>Y^06%h8b4|?dK<k$C-w;f4K_D7eZ0MiGtw&)R6c+D^oc<-)vU6vayKJgZ)b-X
zu(Ts$xor)GWU9QpsuayqrCR}Bu6YqQ*xVe_Mub6E6$7>YXL#v9+q<2k`D`fgW)!$d
za+-B9W@gQ)2-K~-IML_6-B1+>>%ObU!HB+^UaX7qr%zP|%Q5%&&og5^Uy*!mZr=JM
zJ`B5*s4lHVv|M5$CLv*<V^|plb8>RZlf!!d#_W~1T}R?6U=Lg7_*qz6d!6s<xJR~M
z4Lh(HG<B=y-Zh6&d3p>#)akc?3T@N`ugYJ-+98@LVVWBrJhJzp>g-~;598ildW^Bz
zC~%CqQqcSEjR*+#;mC%g+hFz5g=$3;2$WHwJH%`kjyJmaOjlpO6BJC-&Cbu?yT}}b
zYrA_umGJ|v&H6nEn`CNsv15^<j|1>kx3j}W-#u<`R-^X4)qMjMjbWBwEUc{c9<B&4
zLJiv8F6Q6tLRSB*9qjHz%$Ajx8#!WVUQXso>+pG{aAR(<7_@tC6qbZ4cw2CTLOCa`
z-l%FCdhM^)o_<<*e{25HAUKU&Bzs_(^+Wcj{dD4t`DQblm)N+dCAkn2lkvemqfG6U
z5URYj(!Kq)8Ixy2gs;flZbtUsP-Z5i9*CbFZ-E@ob~Ly!F)<4Z3QXYn5Fp_Y;p=Ux
zbqcG}($d}i{az_=?`xhVUl&~ivmCZ7&J#&|vMa`21lOPA$kB$ON}vNvA;>A?qFo3?
z&_yex_cERK0;kbjgg8zAVZ8}<cDT?S9z)`u)LyTBJ7zLa?kM@r<@_N1cf|VH&vs9X
zlnIf=;`_m~riV(yJ92k~7vqz+XR{TtQneI|Xy%i9R=-&da{g>m(I&eTdat}8aF2IN
zN=gYhS>PkSL0a8~FG14$Qk{{?`_*(UUjP03jm&o6wXpbz@8R_aT@(-jX~FLO<3-`2
z4<zeTq@1vownSp@1A%6vMtj#mSWQb6>L4C{a9-kEECJN?%v468*~_rmZHv5JBzA_s
zxd{OXjx&u274WkQt+%)E;_?SGZ~3kN=&b7b#~Jp#p*CpouCCqFAn@yfcDNggzASWh
zb?(8TXJSD?iE440>%MOr?Cz$f;bO0EvNWgNjk+H18ayb9(xS|2Y~*YIKq07;i6u*$
znVa|>DVsDE8YnzQh=*rxYx@Z!S3MB2=yzejyOF3QTv<_ZczW6`F6c!qT=W~vKL}Zd
z+YGJgr9F3&_bJS0nn{$JOR|h^EK~BAElrpdGc&nKlsdVzjCRmtt-M;QHHa+HU6|$n
z0GW!LME**Dljt_n_dQRAF_uwNT5Q@p2RePXw-cw%Wo)nV3s!VKpcSxjw%a+ZB+9_M
z9r^=v120*7Py2Q^ferq5ho5D=fJF*ZT-Xn3{HgOj(yU?~=pvWY1bchM2d<*}a`K4|
zSxj^kaw1Z3sbC2zHeTBcC`qlisWSry4ViP`C*^O{MHWA3FtPMizJ2kqaOdV@UJF0b
z>V_VjqXAA&m^L3QQISoqpakFm35lLn>VtGWQ{5HnT<UzhROmu4A9A#h*JgT{)ULhj
zMfM*d$O;Qt3mh*a?8S~(D1=Q$PH)ab#NZeWS?W4(JVk2_2j_yxuF(}Eo16N0uYRfR
zV$r8xC&b;|j!@Cb#l`30?&4?+2&nTTVXcmeisNaJ7?k&1In69{MK*D72WYvcbEZ_0
z9HVy=i)tsxq0<kx=1sdY;ocYgBRksjhU3WcLsqw_lLs&nr{VHejWh+;ww6c)Du{I`
z>3+ISCzY5$%P(q3NtwgjFEpJA_jgzX%X!C<3{1@LpJQVXH@1}8TG>u%nz$F|v*<TQ
z^e`RxIOAE@?-P<VncE^};HIVs2s(;tXlSdyCP8*1N~wo|i@&`uvtvWsNh;h-`BbW}
zjRmi)6dEGUfIC`>GEH5OPZe%sYl9EEc->G~2W`u%MhpKKrS!_%<8N(=^x-T#!G%_X
zg^39zB_H06DPk_cx8eSun-ky<=3EIZo4A?!mX@@CnORw-Z~Djse3hr=6&0l<BwipO
zXsD}`TxnfVb{OjD#MiaGY-yH?iwe1GwrE`;&u-exDXaB`s_YqV&eJj^7nZ7>?5j=t
zuH;5SeJde9mdDuePeKQIfE-^5%U=Ku1L1AF5=Hy_WpcKW@~5-Sm5uNI*NfQP-rn8;
z6SLpypwH2;yvAy_`S-VByb0;wc@FX|EvRzeMovyL;ds;1&{p>MK#va3zn7GSLx6=d
zu`r3|LM=*7N}x%-khMoP)HUpVEiD@I3&$ukg`%Mlv^5R8{T2GX(F<YqIX2^tu$&&i
zLAl83<)T4F3lXP>Mp;8bq$v@INr`d1orKNtl3SW+L_~6C-uwFMTjA<g=e060=~D_9
zLnz<~2vXD1h_q?w>18|vNJo9qu3C|6T2^y)Pd9lAU+trGW_A{R=jP$*A#a%-_wSXx
zJ^X#RpPuUUY?`a>WC%Q*Q%Xl$KxH_xT18W&!`!ebhozx^CTGCOBVwej4>vvEW~QmC
z`&{9pP!I>wAd1{LZ1U^ZZ%y9{&%;kr<Co<Xg-XohKBa1?=Qg~h^4~IQHSzrgt0^dm
zR)9lz`<f?OK7Q8N!wP}u#SUv>*usS$A|fSyC8Wid>~&Ws;%1G9D+@hi_%55Xsj0L3
zdE=bR@7W9plPyWyb2nEvIr)(A;-2ekq__mO>B-689&Ur922J?*M9k>D)Lp1OJ>To+
zTYXnRFzhX=7C28Q3fYwD{K5nL4;WubWJ}a(s0$8vKp)L)Y$E-hsXoIR@1MXHw6xNm
zXF>Ow$%F$6t=%&FXERt>SmNyQx-Bg&unkH9f#&V)?Qkq|0AlQ0wU04!b8|B>p+^hM
z3b@|h-Nh4$GJ3)m7WV%BjameN2NViL!XkTtgk-ikJFAP1hK@coIM`M3`7@!2NPB51
z(~7(yTBAkloyRD2dh#||_hm~1S7oujt|ns+TC%rJffxSI1v&02(P)i{>c8Nn%Mv+$
z!yOPCw=fwAC{Pei^_{$8k7_s^Hta2jbKfMK8>;{JJo_DT5{WX`tJ%HFZd_bx?E;Kw
zg&0NX7OPQggk1N}07AkbjcER2=|uo=q6UYANt;CQH+sv<E1H{c<r-F3R61Bgq`}k&
zdvfn&7kumpbt@~|W8+oWj{qnb89zQ%7c=(JYMpA=&Ni^8r{MUfO(yrJF(wERF>y{H
zsikEfEsZj<_tj;y*X435qYFkA$Tm-cgQF3N*_8Sln><-++>7S`VqQgA^l%m@g3V21
z4H}aTMX<QHB3gc&?il_>FbdL4&sy-4BV)xZhw`D9XH_>fHI<gi&ri(G{@jHZuf9QC
z0p(LWVmGHEJybCv5?h6E!0ftnb90M78^2CzNlHpG#;a^WBqkghLbfy^)aT^orQ_fI
zOF3PN!Ecvz>#~`i{8eP9{8q=p$9Uwe&b@L0HUfOKq!3OIDTp$17EFHz`gOUG0r_mT
z=%T#vQ5{R<!r};xkcc!GH!k5zcY|{mvP@*{-JM=<;Zjbs>#zP7G$8V&Rs|x)isF3S
zy|^fVpmlz3_RFW(v?8C9>=xI})pen|s_$AN=-Ha~Ebp!7ePnW(nV&e0bLjXuJAp^}
zNvcP|=AS)>fTfMwg1?7R-QZ&VxVO39okN7dUh+d_>_v&+xALt27;w+dT{$bmudKrd
zbxm+oE%z-~Ae$xnyemA+CsR-o@gcYIY6MUMXNC?ezrZq=v{}E=UoT^F2ndl>Tb=ZL
z!j6NCbU%kiYTZ0PXa%=o)z;LIydoRmpg6TK-{J>iH^)1u*K-901*UP>_>|hasO68n
zy;4)1!l}#a>)m8k7#$$Cm(DCeDfUn#FE39KZxT#21dfY3Oe;A(b#2tgoc<`+dG{8o
zlg6S~{*Xf~8PK45s<h!1V488x6F~4V*dB2sPx2siJh9}1i*_}*=-Fp@*4WI@a=XE^
z82N*Br|MW1i&cbEj+n_H>D6XR-H3g*cHH)>FiHYC=I@TK&dm_}P?HLjsgvbjKJG_1
z?Paa-?rg1=!An=#6J(3`(Fz=z$-9dq0$e1xuS_hgqx_gl_ndeMpYMp0scRUZRacA}
zu4?JJDKJ-kYPQh)yp>&R@Yb>Ta>SS&`}qVTt`V<ECbs}fzNWfrm{&?_a;+N%uZg=3
zL9m?cAf+t#D{Dn%tINx7`-mnz&XJ)PFGADjtEb2&g<s9+Ix~z!E*J&N)4pcFPs}5@
zJ~_wuq5iI9Rv_DeZIQNU9(+kJO4FGQv{t@;{W>zD=uXR?AH!j@<pvcs?Aj4%*|xek
zJXE%BUnp#7_`Ct`H)0bx?=eO{JU{Oh9RS1Kctm?&jYqzAEZAAPSbu;t6GUv*LIbUU
zI(D|;n>5z3fnRe^t=Ra)?9{|;%xmkFKQ{`d%NVet?|LyN?<}baWVvQ#l!I~!dOkMn
z%#`WiQhm(LT}i2{3k=K+>=0e2lJYo+j#k=T?BWn<KRo3oKikJ>Ln~GTI#`Z0KC!Q#
zD-w}u*3{LlHNe9McZN%{V>Js%HSkzYgIrvcv35#xS5_?5tU4;%?gK4|ns5nG^j1nk
z7<r#bTie^mU!0p!3vBURe$7$a2T>#rP<;IH<85ic?R<4qH<OYHKej!^d*bKMpAUiG
zX?%$t7?3eCGIBNX5R|}Q%e$i!2l9V!O-;=Y^UL-QL?(E4fDG8Ps?Ly(B}3V&Anyko
zn|s-MkBO9C{^FD|I=~zLZgA4pwg1NChO72=W{$=i5v{6OZ+~Ycy4ysX{n*pO!qpbN
zrypyJg(|=+c;hFyXbIf%7HTrYJenFinW5h3pXPVAHgxhpdnfIbsla{1)Ud-?z94WB
zayhGa7oBr0mCp~=74ljx*Wi;%lEp)PqvrBAhsDsv{X|w?25r7o)714QMn}b|#P!r#
z+5^fLb3hCfEWMckaWR33Njd#dN1eq@XlInT^xdD~02XhC2|a0!jLFr0hzig7_aY<Z
z>uvH$HGr8BklxCWD%7$kG-$8AX&gwZIbFMV&cyk+uiv$w*XX<v39yW&4h|0~=Ps&G
zBWG#?JmcwFU+ozNf@IG|^6%ha@l`p>u;6`t_>O?X4y4j`phbyGx`F}J=eLJlSnRou
zJfzeAFr@HR)zzb!d?zXAXcut_A0KS@1CcQ>YOAZwz5?{rOY$Hifav`rRRo<GU(~<&
zYxHnkMg{j(g&{dX+z}NZk{7mT!Jo3Tv%h|QjjJ~C$$Tllpg^YWD%0cXHW4W0`4hXl
zo}LKzcr`#fqppKiU0qtB^w4Cy<fQBxHjI=5yGb8)o|;|1=NCZhc6A*%%a?Y<dD7Dw
zt&jBIvekrNA@j~Tx48vsIFC1&eT4G)0nJoJ;q~-ifb{0+NG?b=6=-9JQ8tA^G5#i$
zm6a(3jop{L`WG9X`F<L^+wk86zqk{IK{+MzohjYF2Ko<46C3WdGKM7fb&s;X_;eVG
zSbH4A^Ql9)4l)Fo@x##EhA`+fc8EVa?sO&~fWr0_g|2`fyC;N^kL|OkA#)*JFLHr}
z{69ofoyz(+8qH1h@qZuhGWl;FJRhxfV7Jcy&tTiLY@*u)|3z^HOmEC*5f~i32V4Z`
zu3i{r`cI>eI^4DPytbk1*3*;|isiY8Sz-U@6vbk-o+-2u1f885w0`XIvmsAsqG?(u
zruTf^uWfD3e3EqqJ1RI{?L0KqpQ7~@v>M$0`=HJe|1oG3Zg`Q!|LNUD8!SBi|B`0>
za?$t<G#!?s@;nqoYnk}!*YiVV9JdywTBS{*Z4b~IMxR>Ar_hpv-Bd*nIM{qbUFM6~
z4R{};AAV1Ri#rVugy@SCVy=Vy0E0nCx@)j7gV?<<X*FSJ^%lJUqQV(JcHZFVZ?4Ku
z9}Y~sOH>3(r1dj+7OJh$?qK9I)pouHA8IfxJ@uPB=~IZ9_Jo%gFh@enYbS*>&mhQJ
zxg2ip+Mv+kNTBKa5~?p}Vpcb9XV+g{4HtpAg$4WTs|kZP7;kbRg{E$5LUr>CoLa3p
zpOw!|1>KdB=E7=>)S$z1TN}XMoA7SWfY*Lzf0&Az`Yqz|?P0YxUTB-Ih-is&+UjXt
zvJHL-Xsyj3O1h@Xtf_B8#49Hiy`rBaVW$V6>E3b(%_|T0x_Zqb?&O7xL4yRCDu%5C
zQ<Mko^e3R5xyVZoomo^bM{i=tXj2~W&r7&F*WvOju(@+LgQ~U&G+KNDEU&k+S*p5H
zu#Ak%DCMAS<CJUSCbKpDUS$_V4gOiknhIGQKm80n)kVv-xwEg_6)BGii`eq5g(M^<
z;-MnUk%2(63JRnoB)*5s9XmS=5Pc&f4`=6{zkeC&>HqxsBRU9!X}h{|{l!2>?|xS2
zH~+ZkE1m|`ZMCXAX`o5>nY=#_UR-yI$a6bJo?Q1(52)fQNFitMyf<N6!kv4QA?eH#
zYdyWLj{7pyu1kQFl+?L#zO(Zy6dD5tAoQw<mX?;KrKP4OzAh>%s;!+}E@8CP+MhoW
zDbdl<D=RBkR}136QTpVcz-*F}@dQaoNqe|6cH;h-NHA`1?F!^z)4>I?<v7f@M@1l>
z>pPJM=JZ>fep8B%!@~-;%SH_}?Cj%xec>2~Cns{UvOy4a20V!G<sqdj)pSBy8cLC;
zkB^qR`sK|{9zt(rRaGZ?b#*lm_<$}JFooLM+ELQ8=tl$TI%<*<*4vvn42YivxLF8y
z3ce;ebE$kpo;AZ?(Yr0_zv-lQ{K2nK&R)tnE=K`<6BrD3baVtHwj{ZCmdha5#^z>L
z7M4y@92^`XBBHCSt9R~SXt};th{YqE{Q$?kM5M~<KqM3Pzl8x)cOHA}nGs_4{Y}rF
zVMq-tUrvuM`~B^xp%~h%Vn8!)P$+i!v#njr3lTnM3XB^1T3DFOS+un}&rLyA78SHY
zVT+E5DJC=owhD|@Hneka=%NY?478~Q;o&&vq^E;EBEkjf1ARKShW7TQuCBbda$a7I
z>t7t6HHNW~xUPfVa~TdlSgBmq84bohFC*xAIqOs%(6(Y_052#c)C$x^+%6d0%0!h?
z9bk^Mq4{|d9rQY!SFhNf5%))|uC7)Dwjfd=On=#Qc5)I84duXa5$2nqd~&oAeNKew
z_ZZ$*+$kP))Ac+WbHszArfSu-93%R`zq$glMfLM4ZQ@u%sF#Num%gj}jWdR7a#$E*
zUG#3@*RQ71kd(qgnn!vWDAUZ~Q%rQ9x3;#Lo14SlVubqAQczH^vX)m=U|TD?yK@r<
zH!)FDQ@?%<$A<~wLth7VI*tVco2MIJREmCsTzOAt=2DW}Xo2Tka&u)mo>Q$&cU>Q4
z9#G4jM$O;s*BFM@4-Q%Rf;3$$P|k{b`^WUih$-b>8vonW!8G|6`?M{?2C<9A-(Oy0
zwnNhn<swCR&clR2B*gG*C|vvY?XI)%o098~tW<+?FUs|Fc0gJ}{7-}nSKCfcO2Tzt
zAOLpik=V?us+yRa69DE<MP=r51OD#n;!@q*tT*e8{$%kI%@!^`W_D`TO(p)q>Xi!@
zVzcGnrwAl)1oK*3h4}c=>}Y9d+}+({K7IPZp{LgzP>;Y2<UE+Rjt&tap)x}<EITKs
zFH9`=b6VQWcpK%$`Z^aFT$^`yh#OYP)03K-%C34@@q2~x(b^;26%O<bY?gwz?SFl?
z=cIhiAI<b_QE|J{V#&Ok;C%eWktHtRwIE_*9o7?s!=oe7D!_I5cz6J33W=VWPz5*$
zz-@tDLqZC_zxR)p3O2#R!@Klwb;V8mAqsQ_M#&F{A0HK*t^ezMZBw=Hyin>R^I1jJ
z5oZKMR;rVUVX3n0eyr?>N6eG!j=OQ%Uu=dEeGcs>U88;sKb?>eDV7QkW%Em{{^8+J
zj<|~T^>thVf-dlGTSh{{D_e>Ulbj!=P^eU7h{?vrMoCGDBL?EfEk5ce69|X!J20i(
z(VBPBt{#*GTH#0D`xXFYLV9@Fme1z5kQBe5uk<V|EHpG0zP=X%;<*Wc&rF?N9<2=w
z3;>-FbmJWE?Z1D!o~6l$Eml==AWJ$b`1|{Ndh!xajgJSixK}T!0B{5yNvOfXk6-$?
zlg7+(G_|^&NZDx0fvp2-b9*JkJ^SGk+|Sn@9v-#2t(BE8Nk~4e76ZZ2kIBW<6z)78
zxYKXp_isF`cp^y&i7zA>Sy`mS#8d!kA<jdZ{upxt!dy$gzV==L4ab~QsZi>sXJi~X
z`uH>hwofJ_FCP*-_Hh?+kC~ZycdmM3Vj^yG*J`l1qJoWDG%6};yYrdJNSFBI97!83
ztnGTG&kgp!j1IDFx5afe{A2c1)5bp5ZkumqhJp4|@}pQy%meBL-w!TFeiTUo!6`S?
zqUd^b&6}y&lF?`DFDCABV|qnQ#$wgM^;V8AfE=H4FmT~nS?#Xqs9wRtS$K=c&C#+`
z-g<cyZU<6X3ojsrc?@)*J$1;pv#Xxp(rDk+kT8B<!?`cb@YO~|KAqkNt>QhpL7;w~
z(xXehg^trcZY9O^HqK*8CTWF4+L$BsyurPR_<8+r;lg3hcypK-&*RMhZ_=p$7bLj4
zZJ?%2HQ3LZ3sXv(95`?LaD)CNLOTFm-zeXN-wWfK@Ww$-Q67VHKlu9p07}l$!cQJc
z?>Y>)or%fH=4Rm-&^rYS3$qB8mX&1zPTzZe?(X8^A}b4Id<<eEAn_h10g1^Z)$D2Q
zi^jltd3n9Py+F9wT{%7FBID-bst8|LSSTzkgolTRjSLRT$;tWLUOEAeD=&|(D<~)k
z5HyH2bjd%9)W`@PH-a|{iZa<rX7T<#z<qH}1D%;KLX?!x8AMgrmX|5=MF{Ki+@f{M
z{P}-XK3N^W%X)bcv0UCA1Uz&gk^A1AO#{ITh~yKZNY9}W(b0e&AuB6u0S5aZEGs9M
z22p0A$3?wGo3`Qt0X{R(MhM^mQgZTG_5|qKQ?B%OS5Q(KWevC*tk2#88qO*zDigUk
zh|rGx;$)!80i-bi0*H)^Tn1gf;oxxg_a~#Vv9=C`WM*bk->4djWA}v!8vxC^lL6YC
zcM?=_sj0LJCILUdj;ONKN=iy1A|eH<1Ny&y|L$SA{wl=6g1OfZfk~Q9YR1IG2mmT6
zUhdOBAOO*n7)wwri6T%hSdz0%8^cGMT)lLOX8Z748AeD(7N)PNrsn78H#axuApyoU
zHjBY~LX^Yceu2lPR*7+TQDvn{)0{ADeqOyq9roc{T*a={uaw$au*owHf(}#ITN|oV
z7G~yQ5py>;4cNw`OfxJPkR0?dX$+D9j-KC~#qyN3c%~_W<Gz_=@$vCZEGRzh(pU!M
zhnA7wo7%w>Kw%+s!DsO3RH8Z1h{(u<S;_8XMy-5--B=*OQY+Z{I60}%B<@))o%|dc
zl29pBrpqQS(|Q_OX}T2X1Gado><}_rj%EWpk-T3a^7H3UV5?@_ft8n(>^VNJii$$3
z$_Hw8z-%H!h|k0{H8lbJP*B$QgfmY6q?7LHi2-2n)wu7)f=5?Z*W-rCM2CkX%>f3h
z#*hsBu(2V34h|0X_ZR2q<$(<ZIM$e$MHuWcRsu-z<Hy5`i*Tz~I5<G0qbzx(aCdEM
z!o$LBxB%=~2gJKiUhWlL|BA-VVS!DEa-@boWTg;7@K{Kl-U1k?u&Ai0uy7e!P~vQI
ze4LU@Sxv3WIVT|@0Wk5`%$}bU6XA1_y%d0*1=@@;bu5f@bXK;ug0uC#k4xeBTHj?I
zU@G2XG&VNwVhRz47}UOey9rlIDITZ>3nzp<%NN0pTu#5e^#w*iKRG`i>F<A=8b?lw
z@{il-7#UqmcJ9yo-PsXa>~31l0vhNoErR(B0<**qz$;Kgbqoy5p`zFDID1wHg5BzX
zt$CWA?xq9qG&`G&>Fn_Ekd3+6L%FAdH~<TtgJ7k4mQB*v*Vhq{qq=f^WB3e+69xtc
z(av5vr;LxQL_pZc{>XcI@#U{=ZKY;rk`NNor49~&UmW#r_kjVSz&kD$qqf^cp92{d
zbTr?ay?QKiVc)fbRPA4{?NzK_l8MosoSYnv#B7VBcOo)T`D#sdcEa7Xz%{|b$zo8S
z%y}04?llks7X5GRN^}iJLeU76&)(7UKZS77BIv-#$o+CKRzAxNIp91Af*ZKNCr9W=
z3yna)*#ulyHI(FqfPlcC{LH6VvCz0VTMJS3BFVhFwS!Nx-YwfF-OKWEZoIv^#{uMQ
z0A$@tj}^JswuuQ=Gc;t$^1#B5K78&(t#&gbY4l{_043vdUOGvFWGUjnci=V*aPtxp
z5<tSfHvoty1B2+87)%tDh^VN!*;xiUI)DSgv;Q&v=5dRF5*dK=)U>n*Ru8<BfOP?x
z-o=HJ%);CpV0rV4imGp}U9tW(3()!V0`aPxgALr~!lot=6kuM4`ujbBg5$>LbH6EI
z{C9VELV|)jJ3GtifV^XCYwYFYGsdzYuD#34Uk+)FzI>jVngWUsKpI54SD(ISqN@7p
zRVL|Pt5<O@P{rrME9OG#>g#7LU%sxPh)+vPJ32m=m6ty~KL_w#PDX~fVPag|he<>O
zz)Z%T1F;>wR<~^2DkQw$$e8G;USpXO6dLXg$n^*@i>AQ(PYeG~5`k}&0+e(AJIOkp
zLg~N7n-e4{@6!I<(fiMd33cJ|yO{qQKLGnL$@Tvw??2{VeMUwG`U04eI?vb=><xM-
zz+(7Ww!8ALzNr~R`j40XH#6~H)@mic!NSgtSwtiNXvEDr-O?q?S|>uEV)DHKr-%so
zt5?T=igMb{rt~aFGTAvfArMF+CO<NeaiyfBfNFDhrMEXMG*nVt9NwpR+zLq9NPqwj
z0Q7%0Ht=w8f&+Yfe8yJ+g8+nL<pt&C2Y-_K0J4RR1PGtNQJ~q>0(6WW_Ew5={25qS
zfGC-?UyZd4($kv*Z1udNv2g~Vo*flbRTJv#0U;ANnUHq~MzU-u=gfGMRGFqo+V<rW
z5ck*r1%rK@6lY2;Z@-@fdI0lqZMVmRmzSO&-!?rk20~2D%uFx}8Q#+!V!B|c;@KAE
z=l=lrdwez`1OO$V$ETPP{Z?C1LE%bD{$$f7kct);XXi&<W~DL^QuI|+Dr;*2Q5T~<
z!DSDtf8dMvHa4>S3vwSIU-R<NP*IhmDD5IXex#$P4}<_tKql<l(AGAhAAH-huwYQd
zst-?OvIKw}nQ5mdt0iqjL?edWYqeh|8^?Jp`4L2*H_LW<ra=e~T25ksB@K8$qe*=>
zEg>cKS_uUeRaQw!nnmqVP`19cCI04JQryTFw1KGB*1PlbL_9r1!!~g+t|$pHzq0}W
zqm841h{8)j@wUO8@z7?P%@}FG(8mPYAq4~t4gy$6qZHwfV~}lrVIe*~{#Pl8jSVUq
z+T6?E%EtdGEkg~~R#%U!z`p9xw2X}JB_$ob{r&F%Ngy|nT*AV_LY}h?0)UGf=*Frr
zQvM2bg6ZUXM+Tstj8{I<U<S=JoSbU27fE@}7}EdQHUEu&*(e?XkwIHu4M2(m*$CAD
z;1_-^EDYBH@e{BZj~WL)gcmP>B>-&94oF+|U1V%u+S&~NDJw;#p@5vrxN0mA0;C;a
zhiBYfT~B}f_@K`c{y|#~D4|dK*ZN|KiHRSp%Np`e>FMb<_VyMR2V7iSyu7>>dp$jp
z=xTJhuxy|{AtLHv<Nj9(862a}DJVGf-s#=6r?<DP$6VL>d0k@SFW@P&v+32<oMb>h
z6*cHBRV00X&(czRQBmLMsDrO>OL1|3Umuc8Tz&n;_O_LS1FOXcKMGKdvG%)n$RJ8m
zKtD_+@AU*isHT~inBLV^h66%YSr4C|x3_}CI4@sP?)kg~AW!kEuCDI!@$n%W6%~9$
zvgfm;@NeHrO6d9c8ozvb28|zhZ^g>YEV=gcCu*WDkPTI-Ym7Vd^QjvOfySfYDCLt+
z#OMdFuLffYdoD7o8m^=_HSu#J5=GV=NXjcIg#*9P(BYw>Wy%*F!a)^ztsPi0_}%fz
z$-nafg^au-hLjjx5adg4ceez$t)pX{zBsnSrx<;B`}u~W7QOtIPB5J#?DJhf8h#{|
zx{NJxK^%aWBB^+h!7ph<r{IZ7e(wP6nWlKeqr5v11oW>Na8c!}T3Y6dLZ8Ok*9WMi
ztH+^+!2J<zm#b0rHAd{f`||;)y<Z|ETun`lUN>&C0$*Jl;G*8VdBcV#RW%x)m-?sl
z>(`(HF(Dx#6cm)=9!)K+@i)8v)c>SP(Ie;0AtC_B0^@3*+diuzwkF^D=iKvphb4bQ
z*3l!eX^N7o`<sLDoAWsbB}GNqX1?&pq{8o}pr)3n&i2}H8#KvUI^EeRHrpriPeAxk
zP_W?=^s;gq3}E2hh3{A*w{d=G-TnaBeQ)&kq^g|JP+NO@XD6X<2mT)*0TeC(!c4Z2
z0$QYiZFgQ=zM-X!YBn6+-Y#x!^#gFu+qZ9BU26`9ec%8D84(eYAl3R59}Jo;q;JA8
z0FlzdmQZyR3=Gs0?YA4OI?X^`VQAC>x8if<USl-ew;0{o4v+-9k+I8<pb99eGe@VU
zQmo(>{wd-Sfq-$~rxe*};pPUWrk02sk0$0Zyit)s34$n#SGNCz%K*^Cm)9p}XXY2j
z9pJ;%_VxfE(96ikczZXw;%7b0=dJ-!T|>hU(7KvV>$iBmOu5>v9u2`y68ro2?}U&M
zlD?U>HA*aOb{5zU0BhKy-6S%NVKnz3LPcZN0Q@^SISGRSS_HZ*N!q8~Z~(e8z_*BZ
zyRC1<9eiaZ`ypSdf#tUK^zy27fC8+~kD4KX9E983JwXD{ae|C1{6C3<bZ?JSM@MH>
zAMrO%)u+|~bCZXU5ITUg0hR&a?|_mBASf#;D)#s7H$m^^0huS;$mAq$DfPb}Jqk7X
z!OM|`j;A0c)jKhfP;>La7;%L)h{`QUhfO51BqSsRxQTS!XA#)HKf0KCbzP5Z5RS6~
z3I>e#e-r)xC7u4ez6YSkKzYiW_o)E%IMm(yS7!+LsBaOB+l2C19RJgQdHmJ^NVfmc
zb@?ytng6HLtnL{8ky<?U^oq{5+gpEOD61G=mB9Dz6fyYD7^2usKtYKe!U7EZA{Sr)
kUx;qQ{eL<f^ne9csQ+dj1OmSCfA&m9Qc(gbW*qdt02TN3cmMzZ

literal 0
HcmV?d00001

diff --git a/examples/cloud-operations/vm-migration/esxi/main.tf b/examples/cloud-operations/vm-migration/esxi/main.tf
new file mode 100644
index 000000000..ead0fd973
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/main.tf
@@ -0,0 +1,58 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+locals {
+  rsa-public-key = file(var.m4ce_ssh_public_key)
+}
+
+resource "vsphere_role" "gcp-m4ce-role" {
+  name = "gcp-m4ce-role"
+  role_privileges = [
+    "Global.DisableMethods",
+    "Global.EnableMethods",
+    "VirtualMachine.Config.ChangeTracking",
+    "VirtualMachine.Interact.PowerOff",
+    "VirtualMachine.Provisioning.DiskRandomRead",
+    "VirtualMachine.Provisioning.GetVmFiles",
+    "VirtualMachine.State.CreateSnapshot",
+    "VirtualMachine.State.RemoveSnapshot"
+  ]
+}
+
+resource "vsphere_virtual_machine" "gcp-m4ce-connector" {
+  name             = var.m4ce_appliance_properties.hostname
+  resource_pool_id = data.vsphere_resource_pool.vsphere_pool.id
+  datastore_id     = data.vsphere_datastore.vsphere_datastore.id
+  host_system_id   = data.vsphere_host.vsphere_host.id
+  datacenter_id    = data.vsphere_datacenter.vsphere_dc.id
+  num_cpus         = 4
+  memory           = 16384
+
+  network_interface {
+    network_id = data.vsphere_network.vsphere_network.id
+  }
+
+  wait_for_guest_net_timeout = 0
+  wait_for_guest_ip_timeout  = 0
+
+  scsi_type = "lsilogic-sas"
+
+  ovf_deploy {
+    remote_ovf_url = var.m4ce_connector_ovf_url
+  }
+
+  vapp {
+    properties = merge({ "public-keys" = local.rsa-public-key }, var.m4ce_appliance_properties)
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/esxi/provider.tf b/examples/cloud-operations/vm-migration/esxi/provider.tf
new file mode 100644
index 000000000..4361013aa
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/provider.tf
@@ -0,0 +1,20 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "vsphere" {
+  user                 = var.vsphere_environment.vcenter_user
+  password             = var.vcenter_password
+  vsphere_server       = var.vsphere_environment.vcenter_ip
+  allow_unverified_ssl = true
+}
diff --git a/examples/cloud-operations/vm-migration/esxi/variables.tf b/examples/cloud-operations/vm-migration/esxi/variables.tf
new file mode 100644
index 000000000..ba886d43f
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/variables.tf
@@ -0,0 +1,66 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "m4ce_appliance_properties" {
+  description = "M4CE connector OVA image configuration parameters"
+  type = object({
+    hostname = string
+    ip0      = string
+    netmask0 = string
+    gateway  = string
+    DNS      = string
+    proxy    = string
+    route0   = string
+  })
+  default = {
+    "hostname" = "gcp-m4ce-connector"
+    "ip0"      = "0.0.0.0"
+    "netmask0" = "0.0.0.0"
+    "gateway"  = "0.0.0.0"
+    "DNS"      = ""
+    "proxy"    = ""
+    "route0"   = ""
+  }
+}
+
+variable "m4ce_connector_ovf_url" {
+  description = "http URL to the public M4CE connector OVA image"
+  type        = string
+  default     = "https://storage.googleapis.com/vmmigration-public-artifacts/migrate-connector-2-0-1663.ova"
+}
+
+variable "m4ce_ssh_public_key" {
+  description = "Filesystem path to the public key for the SSH login"
+  type        = string
+}
+
+variable "vcenter_password" {
+  description = "VCenter user password."
+  type        = string
+}
+
+variable "vsphere_environment" {
+  description = "VMVware VSphere connection parameters"
+  type = object({
+    vcenter_ip    = string
+    vcenter_user  = string
+    data_center   = string
+    resource_pool = string
+    host_ip       = string
+    datastore     = string
+    virtual_net   = string
+  })
+}
+
+
diff --git a/examples/cloud-operations/vm-migration/esxi/vsphere.tf b/examples/cloud-operations/vm-migration/esxi/vsphere.tf
new file mode 100644
index 000000000..3a8376b3c
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/esxi/vsphere.tf
@@ -0,0 +1,37 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+data "vsphere_datacenter" "vsphere_dc" {
+  name = var.vsphere_environment.data_center
+}
+
+data "vsphere_resource_pool" "vsphere_pool" {
+  name          = var.vsphere_environment.resource_pool
+  datacenter_id = data.vsphere_datacenter.vsphere_dc.id
+}
+
+data "vsphere_host" "vsphere_host" {
+  name          = var.vsphere_environment.host_ip
+  datacenter_id = data.vsphere_datacenter.vsphere_dc.id
+}
+
+data "vsphere_datastore" "vsphere_datastore" {
+  name          = var.vsphere_environment.datastore
+  datacenter_id = data.vsphere_datacenter.vsphere_dc.id
+}
+
+data "vsphere_network" "vsphere_network" {
+  name          = var.vsphere_environment.virtual_net
+  datacenter_id = data.vsphere_datacenter.vsphere_dc.id
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-projects/README.md b/examples/cloud-operations/vm-migration/host-target-projects/README.md
new file mode 100644
index 000000000..9580f8987
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-projects/README.md
@@ -0,0 +1,40 @@
+# M4CE(v5) - Host and Target Projects
+
+This example creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple  [target projects](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#identifying_your_host_project).
+
+The example is designed to implement a M4CE (v5) environment on-top of complex migration landing environments where VMs have to be migrated to multiple target projects. It also includes the IAM wiring needed to make such scenarios work.
+
+This is the high level diagram:
+
+![High-level diagram](diagram.png "High-level diagram")
+
+## Managed resources and services
+
+This sample creates\updates several distinct groups of resources:
+
+- projects
+  - Deploy M4CE host project with [required services](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#enabling_required_services_on_the_host_project) on a new or existing project. 
+  - M4CE target project prerequisites deployed on existing projects. 
+- IAM
+  - Create a [service account](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector#step-3) used at runtime by the M4CE connector for data replication
+  - Grant [migration admin roles](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to provided user accounts
+  - Grant [migration viewer role](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to provided user accounts
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ |  |
+| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list&#40;string&#41;</code> | ✓ |  |
+| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [project_create](variables.tf#L31) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [project_name](variables.tf#L40) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> |  | <code>&#34;m4ce-host-project-000&#34;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects |  |
+
+<!-- END TFDOC -->
diff --git a/examples/cloud-operations/vm-migration/host-target-projects/backend.tf.sample b/examples/cloud-operations/vm-migration/host-target-projects/backend.tf.sample
new file mode 100644
index 000000000..4f2bb3365
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-projects/backend.tf.sample
@@ -0,0 +1,20 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+terraform {
+  backend "gcs" {
+    bucket = ""
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-projects/diagram.png b/examples/cloud-operations/vm-migration/host-target-projects/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..ae0eaf34cd03b0aea216a29a3afa9404288c7643
GIT binary patch
literal 34623
zcmdSAWmr_v`!)(9f;3VB(xs$;w9Ftah$t!DT}tN+N`rI>2uKLhrF3_Pbl1>5<iIfV
zZv6fJ=Y7w&^Wj|AxelM^V)mZB*0Y{<Klgn<Ylppit3ZfHgNK2ELHJrxRt*E=ULFPp
zrWfu#;6Lpt&@v1Re~j0%uQWUj_nWjovgp)r)$r9fs1>`){EaYW$i<a>#u{|SymPp?
zm|`R1;5c&jW;x~XL{RdepGs#bR<oEnB7?i0S?6rY=cws&$!FA`k$?~*4kHrPtDcC>
zu1I43S(EkncAepCXJ0%AS;`8+&nPt>ZJ8{~9IMD0N3p$(i?7J~C`^`FCmR>>pASL*
zPd-HX`*w9l$;yG6w2F^#qh}>1r>3SJ0KXIaR;rz7`UM>(!av;FEzQ@q>DL@3eU%3%
zqmc^m%v`dV@(v-DK;Hp=rcB`KV%fW^N#Q&_fxf^nDjz+R&>xrWt$9KQf6e-+Pl<K^
zqY4?*vh$l>4q(7svHw52*`BahdnincODQSm3kBqGpbb<+-Dh_zS!fYdPJb8m-+^?c
zHq0=+C>~lwf2n&={Nmphls>!<%;$$>U<0E$()mwzpm7;Dr%G>Al`5a=2LnOl*7%>G
zC58JYN;f|t{e5<BWsLl*fX;+<ptY^b(ecov#il~p?lOHcUR5COlpH1@cB#0CB(n(F
zW+mQuA5o=dPoqk{{qu#BjU&k>UGW~RL{1YHcBKN1a4IT}{Jc)nlR26oBGyMcXG$}x
zsqE6t8#9k$%XEn@46fl@HzyF)*Edu~Ms+$jVdL;WA2vpd%M)eT9u4K?S}j%i_#Va`
zL{m8o8~ko_RnpC~c0a5==^%X}DH$J^6dRKu&M(IH-KtVcTYJM9TaJ@8E>ZFB8K*2z
zrDmOJ{>RkGPw3O%P5u?Es<ilkbC~ks=`Z`xugVYc!a_q|_m}-TdXkcEI2FaiNn0QM
z_f$!SW&MjZbIzJNe*d0Cu+`{(sOO(%7m}*>>~$;|<_hkb1l+1o<K^GEzX}T~tjwhg
zh4l^gT4f<#e#+>pTvwUr_*@RVbUcNQyEK_SQ&GwZ={Z$G4!2#CLtYkt#MmZ-5+kpe
z={lGPy_*uG$Hhg%eu~S>UWr!c+R~=-me_SL6E3o-<3)zfQ#6gorB-9wTUox+dHcyt
zPDWvV<ppPzJi7&LdXCEnpUcknKzoC76NNt;Owf{2wd*0Lb1%Nz4!-1$46X(VjZ>HY
zu!_X?Cn*PY7iB2#bIXICsBq#8PO!69a6%EK`CfZ9k(P{E)h$cU(TEXZ^9G-)Ouxme
z=McGJw~X@KX>dtq0J$F??&#^M<0bPKJ$MlEBz^H{9=vn7LoqDz#<{Msvaow`yl3+|
z{WRIWOuu1c6H#2B_m(r!^sp0VZttsR@_r{<mRTP@^a2F>oOFsG5hSR{`d9DY&f8Q#
zjUp?nB5r~hAdOe+bs@wIm#WHydl(~aChxWR4CIA2xv2OMl2FXiFWW>!QOP4lD^>>0
zAIEz5$}0;bgc?W)4gaROov&G-TS*ux_hm6Y9S!@HSwRePs=iDz;d+u%I=Jj8jYfo)
zR(P#G7<u*%vbd@1_?qzEm+;`XE&eMF9)~%g(?sQDr^Uud2aGx#s}1{Soecb8JJa^1
zY`L31NcJxwn^r!P5A<%BUs~!HKA0x`5!k~zC+X>VP<Sx3C*m|?*kg2Lg~CpZ{P3(j
z0yCDoCRdza2xnE1gG#(HjE4|mX9riPVa-Ha?M$PSkqu}SOz>5DWzp-V;&;yyZ4;HY
zCN&ey`9V$>TxAx=8Hh_%f7GYNH|iSGqn;zElVxb__U`K9%mgzfUq8$_%)FrB=VV_O
z7LK32ue61!UXLcab;XQh+Q*$pK@Jpp$Z)lWw3tuxpnrMlLr+P1u+HFlFeRB_>}_jH
z)7Gi3J@RWNaJEitwcUx`zAB=@LssMaM*wHNxgNRK=Jg?a8NS6XHo6Dkc*#RjezgDg
z6%=46#l%!~Tw)Zb<mV1KV0hV>O~rgHFVT$IhT-LASC+oW64Ovw=aZ^j>BUk9y`G>*
zJX)?QvfZKh?kV-)XnWiF@}g-iHHkk=03<Zuwi=e!Fn#)?eDqiC=r7NfRw~sDQLOpP
zLs089wSoS6bKVPXarzU5cZ%ljCfK!6nk*kM$6|+ah*I57kEOG!B5-Wke{RWf<eD5V
z>UmU@{{Ei58kD$X^V&qy%-IriEwMi8Ra=yJArAqf@N<$7ns~|#^*;W_$PN#cJ}ifZ
zRIO$T=YN^fzQlM_UF<xhb=xk}6%#EB&U(wnzuMNclR|AJ!gmZ}eQE1!>g?bUnJ<w?
z)w#x2pi%I0mfXlsA2u>HgmXVgzp{=xIp!t5Sdgnx+e0H((HG3D+|Ks)Pk1E68x*=b
z!z`mAe>#3$U*nLx2~_CDvx-s7tzo`{%)w~i+?EkvtjE!O=@P`LQ7z)pgjh8P0pp74
zUdHqD5{!aV`JyY=+hb%Or!T@IF^(Cxb3&r|r!NY57+&}{01y(uoRVC_mwK-%R%Xvh
z&D*dqecprQjj^M*BfpvO=~<;PKhI_NAKKpi`H;K{FNXm2A8sSLkE=eUzn+yhyZksB
zfouQx%3yqo@2?D~daEFQFW}~als`<!!B3{j`Ti4J0VxlA2jh>PF3X|}=4T^{@q+Nf
zh5CT&nax!(?0X3S92Hmin7)FhMVlx~qv{)>RR`0lanOk*WI*+Pi}wK>nqPuE5?XB0
z9`GiiI6jY^Lf>``a5JC+S}Jpud5pwZB}N8^o4ju?a(afPa!fd#KC};bKJl-UPwL`s
zTf1R4I#=?hxO^%pIKSDQ4*UHT5rlnf`^`{Sx|kV&p~DE@YD{@uVP?oHX;9diBO6fB
z;}Nl7wq@=jr>%Im(WdNzh)n#bU<D31u0nG}zhX1u(S$-!;U>NLK^AF+@5fe4rY(89
zZ?um{@qfUpVx+K6f9yo=iM-mVZnJ?z;))`%WJ+iCW%3|<-8{?wKQ30OA&%(Z<mD~i
zCjx2*{7uT|!H)aXC&y=)=jv7XZd))h7|XuY<CD=Prm7#`jh?(xRnq!Av{95{*j$1Y
z|Hb`*Y~^;~L{V}nuq8n+TNXsB0+W1}zFjf{;p?BU>?!+`i2lX1Jm9lL0VF7T_Zt4V
zrL$1YPvRBAB{{hlJ*tC{fNHw6cyFvU%*OQiAg-V{>s`OUa);R@*INkaynme%kv1JU
zPkcBhi5LBqnx1;&=v#-ZnM*_&bo9W7*lFp{=?Sr|-I3JX5Z}_Yh(GLRI6%SU5F8#F
z-sOE#QCIh;s!ERm5%=?F;}_;1G<KgpIzM~LNg5F(Lo_%%<OMpFNzYgU$#|Z!-GlKd
zu_E*brX80$cC$^_5CfEM=Y$m}uYZk*{9PKOpr#9HDQ<5a{b=n;UX7eGxLFwuZO@L&
zFQo_Q*p9*L{}g402Ynghd%RnFYR4{HW0w_z2m8C{2YMbe+{cfo#lB!riKuFr1x07R
zq)Rn|%nrAQFZ%g_(g0}r1J!M}BpmK%07Lpmyh-UJ@7Gs&OtiI;7W0%H8DE~YDUM?L
zBv_Fr)YW<~HMtPK!pdyZe&GuG^s%zWV>DWM<yp`jhBvN$3VT%Yd7J;C%?C4c`@ezq
z=}Zho)lH^YfqR)^7@JLvw=w<s8|1W0O`&lBpmd6Vu;KA&Z`H4U409q_oYc5gl^)z{
zKtYW%N3^+;&y$^p)ovqh23&3ycKjyKKTO6bw)E5UaED^HwD@^6H)p*@%X=702uX51
z6G|5muvv`viHML|{8=Q@42Eu09+bEw+e2$VZX9BTOkG4xPHO&+NzHhu2!*2HY-wp*
zd`35`$V9GbN6bjI6oR3t385JYQIlDG?NWnA@7o17+TZ@svvr720#6uUXcwO}3!i=+
z<S;w(AhKbLZ#G+3TCIO!0lB9#eNuZmwx0i<KSV!wS^?C|$NW`USfso(=2&r&4k~ge
zTIXr{)8AXyd&=*IgD`RkS!uD6SaSsKG%~+PH<08#T+%LGyg0rfd>HM0)`{p&$GM97
zzm_$R>=i24o~0!_qh*9>#}g;{Lx8&uHifS(<n&s_yyoeI0_t?-IV#wFhN8;w4;lHR
z0%-Tr;yN{$OY|kpj=)qz!fk(-GJlv&05i27%cDa*5vL$IHrJ@(Alc3t{rb4?Da0`m
zwGD@6@q%Tu`uGH4`}EKht7sn1`4CIaw0f8DBK4{WwMu+J{DFwVG~2mrfWwuiUrAJ!
zx3etw_5G>;qmABU@vimQLYd+8#HDHlvImzQJ#lrplztPFp<URrLOUlN!*?|P;x@h-
zx!j!VgJ@Z_M|X7xE^p?x<ehi$<e~`CJ>B|Ax&`aMn#Fr2G35%EuNpy3=&%TZGL@en
zNHu&5>gvQ=kJ66#Uex^F;pl(Q|4G~4>DF^hendOX^^+9)H=O6%(^Er3BP?JdZ_)>l
zfG=k2>yauvmj?`3zh=d})YZqO?3KLphR!9VSRPquxSyUOR@*0gx39*=DgYRSoqP-O
zXAzW8WkBeNc`@F0^r(`C4vz3)91unE;*#3h?vZ{trkx#~aUDT@(v_cj<Y9$+^;ZF8
z8evy+*wxAQ_RX9A4QK992aJi>{*h2i^}hln&Bi~Gm25vZM2=pz8imPzA;Hws)6fsD
z#Tj_}<}JYYm<*X<@rp-EcM>5T7mlgxe=wHQ^R*|LPycJUsvOfJ3)Y2~aG9L757i~n
z$RAXs*S$D2Ml9eL;b2S*AMb12nCSMwFK~&PBXLPL2fA;qG_k%nSJ=#(00ozliqX?O
zUCBtVQI(osA?Lh&8{XuHWzT1XJ;ATtX^@4pv$)vQwhpkg*;z^NvtxeLQj1kcE|SOt
za_>_|IX(OqOXfP?t!UFgfAMSUJuhEH&o}zcd0C_{e$1v#J9g$<?(tm(R};XT-Y8hx
zqP0O;(`S$d-h+2#uQlz|{+P-NdfJ&~jmBKs9xgO%WGOkRp_kBZrALYRsfOekmzHWz
z$%h>cr9i(Pd_CD1DsiCJ5tCy4{w?mo#O-ZJ#0G_?@rB10Z*qd>4}pe$5D0{+!NP8B
zZTm3d>nm}33R>dY$~u7*ZpP>LzbV)mpPuVoj<v6hK5vNO(|#J`!t!lY0iv#46b)sh
zeD<tFYQf)4((PR82AA9U6fY^saJ;FY?i|&@(O0k&5z+2~x?YO~zZBR-BfHEvl81*K
zLCvvB79#=D^dPUf*-3}{2)gt|)r|Ted07>ek#dWZn&zyNwhoT}bB8vEDxbx+!x<H(
zA{c+<l|+LnoP4?-Xjmo=g(876r=UPZQd65pG5>BJbbM8@uFf&N*~~w9@R+pD$8)*K
zt){q{ZcP5Q%7Bayj)H=fMu)yEYhMatKkB-5<+%6@-l88CPm{$tomiLV*h8C8?eg2}
z-WJb8-wzrup`@=mgCqdmbI0mgO`I;bPt5WI_IEZSQjuSr9PwYF$^)ve!HxBn=w<ss
zt0GO`j8e6-Fzl^U?6}@Z?QGX+I5qr;om0W`QUO#;K|x0R_6GaD%G)M-EGr8O>@olE
z>PBdcM~-Q<9(dtOu?{Tg!`;Kx*oU4s5AOTjtp8m5>#QAZ6-wXFRa7pzOs)u>z0i`?
z;Qr{d+JAo4Y0i3xT=<TZ2JSwOHPSWQSv&MQjEjtqxbeH`Q9O+8=U~tOyudxYl1xWK
zk2!$#MY@}V9U(1q((81z?Rx4PJTzJs{a~F;{Sf3iF*9L$A2Ipo+~eShK&8t$7K^=q
zQHTiOPIznIaqOMk7``?7<`$nVkPQ4MKGok-<=cB-W))_Ryq?pR$(w7zuwb8=NVWM4
zqrR%hzn0b=9-<Y=AydPtJw+P3c)ET8m_?Y47?xn=uPcrDqUzPLFhBiN!*Su2{e8&#
zTx9N<{w)Q6z(&EWTr!^_u=#~CxYmvci~(IK^8h{5#@|w0T?h4rUPih_4Zl@dcD<tW
z)5C)w7#j7KT{%s6QCxd$G878^yw)v-cWCRNB1JdKw_CdaUW+m3LgfHN*SvE2rP;kP
z%=Q6ckxYc7lcSAXo)4<hLC=R{c>xZ`d)}Xp_3HxuuvOONeHe%eQzHh%4&rCk_aK#g
z$*INa?YH&v-WQ;p?Xa{I)>9hGZ~If!`5+QBHJB-11=u|x#^vVY!wHesZ*glWZT_@O
zdilY(m8GSjW~5_&dS1lX+*PCHt%iMjI!^TQ!LbT|Ry49b`|n=OAtu62ahpN%_3IJy
zj+^J_=jRf20R3V8D-nO^@^FOuvd*47)8Q_$B3@@Yu?TE-K2dY%`LR7&;$SHY`fl_d
zdUSZp5uK?e?B?TjV^CA4r8eKsv8Gsjuusp_!CPqicj!-3hLK^<A@3mf(-yzIsD=;^
zv&-i#luN(j6EZ@C@M0J!l9_82%9>q9Pr|Bh146J934?2n(!cZEN02qArlJv(VYkqk
zCoXzM^DbMdpZ-J^qUe#=&Zu~T$<Dn--CvWFlduU_soU^_l7!!bb#-2#c*6ume;92I
zgMO`ZNoBn}XFLL@`D(R2@z*y`R8(E+oVPK2Zpa6hPHkK;cC?|^hw0YBMM1tNqu$%s
z<Ivg0OHNLc@X?0e<-XqB9CenJY?bkG4Oo9d0W|mUVe~anT&$W$Zmw}!-RxDZv_)dL
zML$QwlcwB#a5%U_yUq(nhHN9ERJI>%-8^^<ClwD2R#<Gb)7D;Y1v85Z3rFF0Os>zi
zw!ZVW6mC}3@uEm;sI2_r)Nf$=w1?`IkcevL=Qbt?MP0o*xd-3^{%wf+?@El8+PPkA
zo~M27Z~P3^_D}_NQKir#n$#nBOEVPD#wGws;^>%xq_|(}W7;+_e|a%9KjMo#cs{*Y
zRbdr4B>iY4GHPr3FL-!*E7CFmU_ARxNiBTvn>@;noJaO$Ge1CJ-OOfEf^!w+(J!mT
zA{7>l3^q;Gt7u<8o|a8$3hf0s4`GBh>slh)QpCVO1m0w}{*aGhVd;+ceD_nZn@=Qi
zhUTa2x2B_5*-G-{n6KnWz!CW&P)kou#_;%w?Pc#t`-WX_wfcA!Wv3~HM<n_%K;h{L
z{6tlGBs?^#$pyW7xy1{h#t>g92S<MEFazJ5e_L2z!Ru!>L{Y=w?=5QwWY5Kgc@z5$
z1LbzLPFgXazf~D<bw8E1XglyRSd{#M0*d?l@c|A-9u``iE6Ii);pwA<MD1PhQU2yI
zKY4PJNxb9YpXewRdt1kyBL-_*N9@81lbXXhCcxg^vFOcAPnTKnPhtRl;^lqDKuzu7
zV0U?f|GN$%QT9WTH(7gnBI}vGrh(u3aj&(!7STO&_Z%!{;>9N1nj;_|vPcKJn2G5@
zh>ITO|D%G)Hiw$&S!;a9Kmg^RyU1?3CpWB@m?&aOp*bX<7#ti8g0CKLciL$?IPe+C
z1=S`LXU$GuB2@Y8Fl_*=5>75<<PKHtU)f@QR^xL#I(%pXk-H6Cdgj3`@PcckmroAE
z1P`81ks99pwgKnD<7h#(k8?jW32udQQyJpZ{&N;6+r^f*fme##n8kyIC={Bt+|r&4
zM@KP1bFZL{NvDW1XUG-vR(qK<9~|XiI>8WNg+9~ox{1atT)ut^{^aL(w8VgwP?8h!
zwXx_gp*~AVVX2$@`Ad(n2Qix&%?;uE$T6}lcz9u#+(YHtWNj_mJsNsRcX@1ohSp}+
z^9Sug1qC+d-F9|Lu#Mhf{s>8(5Ihj-^DS0DQBje#iLEy~H}huYfr{gaUA4&JQtc^*
z+kKCHmL^AgTd%d;hER+gf%e#$tK1zx!w>J^|8lgoal3>!c^_OP+SQD*qfCnyUS>>+
zyy!QtM4_fV_5&7Hu2~e42dZmgM$KXY9Pr=RKWX{-^XIo(*-pxDc0Q+v9X)U9mzt+*
z$!@OPLv0?#sXHw+NB?|&xk)F{;{W63BKqO~-gyzejD*yuZu5IDk7Cy(#OurF*S+@W
zYkY!yG2HZznndXhLCJ=n=*I52RV?_VmpC%~Xj(aSV0Rt>L4%bH;`@Hs<~#)serNA4
zU$m8^)hHM0c^Z2}4ugn^WS;tq=9E`fIDD+Pvu}2h)mRpLoS7Qb-cWO7B0((I97<aQ
z=Bc?FE|GXH0D0c*W}N*Knw?hy7GpUY%i$0yTLi4wiI$_IAqVPS?Y&300xBKo5}uoo
z*fn&U@Old}8D@kAziuJD%9KGaxuk9GIBrK9B=Aqxk7MNFihfT^+uPlF##1)f$Ft(7
zew3O*`i$JikwW%QK|#uOuw`!DPm4qhPQ|`V4xG8IEvmUW3H%5pliwJraMh`-RN2b=
zzo?RvIzoxtnX@s^7m)3UprDGAhvp*!hail13`LICwtak3T}l(3x))8xWt+kexej)x
z9K0M2O<wDWX?^}qkBKLJzw>^M**fzW_dJ1bdRX6U*ohZH4iHgT0W!GwR|g6o$Ct9^
zJqKx?&~ytEM1KwKir{>U`_<d~rrat#e4xC3c6PSn<kNj-pK8FCZ{oS@UAR{EQhf?*
zK8zA`B#}HuO-1T4mi~C_YD)9y5a0d{>WjdwKchGk1>zd}kWjq0>b&PL^7R|6u`zZU
z)e#=c=s7`_XO|a*t<1RiGiirsiy}NH=fv&$NDI|H{(uF|lBN-4#&YAQJphZ}zAgRm
zWVKhuC!~ic>NPbY_S3WK<g$CKIT3apE_n8|!Wd)zOmMjc<5xR%Y|(Vz-}M0g6rjvy
znHVK$-##9=*h^1(9>MbfVf)imCgHi-4TFOqw4U#XSPsQes)S~qgtaq0YnEy))X$3f
z6fn6LT~o$Key>kJLwrT$Pf?NGz9aOOGFQz;M^4k(_Ii8!o8#*s>BibnBbrKI^QB(}
zu+C{{6QzAvTa!=lUxzy1Odf6OuO$&X7Nr&|%g2PD?bqvc>dU$nu--fcR;^qUSC>6j
z(MkQEZV`oB)skL*>BxRUm!1i7!xAMNvGj-@0iXIs;Xyt#DNda~3}>C^I}XapQI;~c
z77=kI1{e8RUweJ5jgQAyb79@Su6k~uu}DrruB$el&A@i-g3n2tffK}ZH44sYwKR$B
zOTk_mK~|{Q#}ySRSerljdse}wY2hLw%u@E7a#n0DE^bcP9Jvwc6MQg!8ED^BVRhg2
z^4Pcg&*s|UY9z+5`ky_Gm%D;`L~y2`uCAp^rBfSCXJA_R5-uF<TZp^}5-52sS@laT
zgNB|-j);J$$=sy_aKW<+^Rg<$Sh;sAhg3MIh*24$K-Wva;J=ej`HW~z`MHYN@FO$z
zR4Z-BQTf=OnG)%U-%rCkU}^HKL+2^~SDyP61o#LYYqD58VH^8Tk!1yT>RGF478~+&
ztC0uh>xU})k<SP1BBYyjo3i!OV@HGrU1cvVysLxjgj+s35Un1(S4R~quBrd<K9JV@
z5LB3}C&a4unj$~+(w5iYaDNxFyX%F53oULO(|U{;R5snLyjO8ZU&(uUH&nU1p*FF>
z;+MYwp6#2W{y#r8XOZwVWTj^`1sprY_Ep|gjci5f2g#pXsoGjv0P&6pSMJC$m1)nZ
zbcPe)%rF6sJhD3%@UE|CAN#Md7nk)veJ}w09)+2+-7)X57$-4yK+FD5cL?Y}eT%tk
zW@-I%X78F=fTIXB(Zc?}znSMDqNtFtz&ZX6dpyq!=Xrhkk)Y09sP0;uNrAp8&f~}U
zaed~MY&r$Zu=r>@X;8`=_Dm)+cwY~oHGsQDVjd!3>uE8n?D2h8y@9^)6O~?$_&%7R
zxikoI1;nAx98N93l<DgW++!|)AV`T(1vNiJm<y!%1_SL;hUGwCfs{8O8Q{`rr~li}
zqZw8EMdYcp2?taIIC5<}qy<v!3IAQT_X+~Bk&}N5LX%E>4Ucl%rC(Ea##avKvYU0)
zRQHj0H+*Fyr)zo9+b*E=C|<q7)3S8<oX!uarsIWuEBHuwQG!2H{oUY*z}iLI>nZNj
zT3Kp3x(*uE*CYEh6x6)gP8x#TFJ3g$-J|Mo2FB?QOo?GxD+pN|*qNn6eS>Si&JvBB
zLRCzBwGT#SoOt>BT3SSKF^up%qx#gFnNUJ2>_Y;7byhkyd%{L>BU&=*8a;Hbx@Su?
z!c_^!+ne`6Jot<RC^)1oFxULenMxS{kg%uyC&H3dzM=pf<d^FW^>CG9i+8MDXRU*e
z=Im*|ebbq$tTPvwz4tF<z)&jZ@+wp1FZhL6ihkFBW@0dwe;YlR#?+GC{IkL?MiZ;>
zCZ9@9K^CICY;EcIN=2DU%^kzjTPH0kB_P_X%VJUmnDF>hKF%_F(z0^w^H^g0p6)I)
zW?m4JM9Z%dXrqt4up}2%1j|#*G5(0?hwlvM=OU*_s8{q>lqX+!Y*HpM{;)Zu3sZg5
zt}P!BoTdU~!mqnbm@kZ37UEQTJAl#EX6ajOZ*SJi$6d5bow@fU#iX~#$X~0x78T}4
zlFEkz|Lmfbk(4qN6W!0<g0nbw6{ryz_x=QLJK|Bb`~xS;7r3n~H2!X`PKUB4`qFDJ
zl7Fx~F$wcQ{|-$5Yt@T07u%ULTYs?xueU^6;IH9p3H>p<N86o=!5H6{WOA2%)xt1s
z;or=+8;`-!_Vm39OqJ&3Nz=kiLPzQP7$8~+oEf!N4v7dy?<8<lB{rn$5$iI+Uku+@
zHrO8_Byh4v@fEL+w~Hni#Kgg$hgv%md|95cshr^<X6$_nvcqW}8{JP^{43I5^9<M;
zeM#2;eI(Ye-Y#{)O4)^nzA=vq1U<{5eKoLpXVnyQqCfF~#drc1)29~%_0<fBk40S1
z*4MY!IQ9N8!4YIPjb1RTEvjsbH?EPxo0N&+hD_kH+OOCo@o++WJ+o=X=Gf2(f-7#Q
zhOZKXI55i|!MlB>M+@i2<edI<30$99)|xqERV7e)isAEa{5a}1HHjBe;1^5$oduik
zX^AXLZ&hp#*1R=g;%wob#P!wqd3Hw(_<2>QuJTYXeQJD!Arr$mQn%a|!gDpl{~`!4
zRJigqVmk~ZFdO$T^QHojIW%6UY2PU_b*Av>_Y~}|qX$=6e4e(F=deTDjezJ3KDElf
zO&Kdj-FoM{TVn$I=jDIk0zD|!^1Hn=9}VEi#(!bJYM5n>!h0g)O||a-tC)gh@v^kA
zQ>*4@GGH)LizgPiAb$CC^c!f3B;}3p*neOO9M{9jc^)iZJC=L<o6$(d)4Y}#K&!MF
z(^#YBIh_x>uRs$s?}L3tWXa&su%#WgRmymx(S>YR>(z6{HmB{^h|Ryd^}Y@U)p_i+
z{O)7L`a(ZN9-Q`hdFx2<s1GE%zI$_WonXJnz174`iRj2#Z{JkBu`zdD_;{3JEscs@
z5Nl>!F#U^}nnFfAxNCUNoboclTtY&k-7V%~ygknMs-*GNdk;D*_xH8le=%vk8@^C}
zD&Je<P6|)KMdT}uTgpME1HZ*MWm|4i;cSry-;D0l>*&*d|3+Gx;p$&6Z^gc0xt)WH
znBtWNkujk)`WkzCGQe!T$x1)l+S-(U#_@$kM$$cgY&<^G8yFZkJFD}itgI~m=g*+P
zz|NkYfeq(`6|-Zm$gf|IdA@0HE}qI0z=*%9;%lR$G<0=!4Go8(orjU3p)261$jG1h
z`Bgi>&%S#rBqVed8qmd%@a@}U2x(Q3i+O5{(_o-4nOv_GGc1!ch3aKK4#LI7g_!>3
zuhLRWhMu0DgZ=%~)YKV;cd(uD{G6PeZx41P#KoWUOG?s_koZ3|GBQe3I<L$ki}$*0
zB+cZ6nK=PpJ32a6Mz1u*$CIT^S-)r%b4T$~RhZmc?7Fyc*VorKGGZXovbE)09_|Z^
zfrehnf$sgTtgPJL-u|`DDJE9e(4aSSs6)w=34B{<Zg~8i6PANMIXyLFh#k*SHt9|7
zGgl-N6cl_#O48NU6=W2CE*6N4CyR;38vFbAi%pR9XVxV^(+~9z4c!H?SD{!-Pj8_A
zGawNIkuv9wF~F$NJz&&{q~OlnAG?8pf$M`z17PvqV!^uxBy5IgZhl9mo$Q5(nk@3W
z<hWbg-Dvm^A_e$7-%`M1=`7978C!5#u&}URkuox*QBhMrOCF$xp9GwpoRD(k?>-kW
z`P9ZO*x%^06sk%K4+#kg`10ksfxiC2`1tzaVe>$`>1$<WnTwGaqj&E{CntZlFcMMP
zvb(JDjeZZrMTC4{KmdP7EojiY+w*B7An))6FLQdAm(j^BNVe4L`DIjfWo33vg_UNY
zZ=Oe#??(4q_lC`y=0f0LhssIFaDNMSL4Hy-Pu%q;_DF#=s1k`lc)>3H{eY#Flf#Z#
zo|_9FtSl)x=!&4)E(6Y4omKhzTP0T_<H=*9(+3@MTOsnQ_tfm2oP2zIrY9y=FjhZ)
z{rYvqSm?!za=DLR%>}3}5Fxt`EDXjdSiCBR4KjaK>d>I$Q(y;j(POznADwW<;>0Ws
z8gGyTK@^$<=WEDB2*w;2Fxk>}RRoc^BErIyRME$s<nZ^dUhQh9eT^&p*a+Ix^r*g)
zTzM7y#nmXM(Fp>ZWG#;<8Yh038MCP9)ohiOA_Fy??NQ%j4j2V4_B(n?%I?Fl4(=pV
zT_$)<wTIQlyoFyqouemtVCl5^Z`&K$dD=M^dI}<hy1IINd^|lpeNa%)Q<GjR91Ck}
z+yZ2K`#mBfDJg%gA|NQuRaNmZ&|gc!@Q8?r&sMawX-y6-v7^g==absj)fE-*MURTZ
zVn)s!WBIfl6{f90E@Y2x-$7Rk_A{2|#IHX|Ic;ohg?twf7IydZGhlth#?Fq%MOR!|
zDd6rh`w*C+7&&5ozCny`j^zMNoSq1hqdmo2C&Xu?jF@d&o<U<{V}FyH3bkpzcg<Cf
zLk1*eD^yli*3(neI3TXKxA(^nMt2uaC=}ch>SeJc>C_p*%y8qT(ReHBN7pd-5q)Gg
zflSXVELQc&4Y+4vWmSd4R_-)=N;;AW-rBN#L9_2Gya?<LaV91vIXOAe3(*gThKBn;
zwwGZ}0B#ZUNBf>x8@pIrZ!c9ZYix6k+3V|n|JbcV#+123$86N_M;%=0#w6`96T}aN
z74HoY45Tppba<+vu(#$<miukH*S)TxQ&~yL6P80IQ!2>M-}X)z3?6Z&c^5K?^E+lX
zAt_1s5qt|a-*T==J==G4O_foY?Ko6#5t(KGpV>ei%tZ3sPmLCW8WwAzhuQTc1%~=!
z1_tA45dcVd!4wn}s;aJi<{|2IbNhpXUr{Nlz)oL^N7n+_@%zmAYBDl1a%pKPD=X{3
zVR3|9Xm*x0RPK_46UajeS=1NP`I?XGIar>j_{414pPh_;5#RgU!`ol@s$}!&bg`6O
zlIfxI2sB{rC7iU2@}qR|*XYp1lYoT{wKoMC;?JLxkdVC7)(#o$HjOD;oOA1&6}7&k
zx%~6ty!E@>;#-ruIdsQHH<vqp@Zm+aiq3>WcM1r2=O;2shj&!udcmDXPY?huUW-g+
z?-4wFXfiI<(9!}<!@pozmd?|B|DN>mV_a)ZEiHBqj+#&R&JmPv74LR;5K`sftx3&=
z>d0k_9dRS{TlEsSK~w0*E&G+!u2GcQ2v;?6aOyi?>Q_xW$<JW}=9N@@hUJftrfiSG
zFc9zGzvm|S^NsB0hudD~)QCY~!-T8Cq<w$ljR=JDUmA7Cf?FEbH9x}i^gPiZsYw=b
zC34^0{|*>vX+a<mdwZO-+;5w)Mg|7yNlD!?naRo1OH0H3RaI5_d3pZ65bLNK#=9uL
z0zH4hxde%;fKERkG6>VUjHs5UdXa-a7Y;etI<yO(Tp`ZnR8JG)j6Yi6J2)5`95f%t
z73bjK0MJte1j<NUUk4Tz0|8X4{e{FXMx(mA8wXs|f?FA0cXE(Bzq`rCC8{tumM6kX
z|L+~VMlv!y^ww&)5CP%PCq#dD!|77|aS@ib>%Mj!d>EGy6bfX{vKU-aQgT*C^cycX
zcX3&nRj)z|H5pmJSvnK=<xBmK`7dG^NJ-zfKdktIDvl=s@;#l=sHrY~;uiuwi!zws
zqE`wzJFjm$cWH~b2&;?=8)|vbyX2wEU;Ge#QfK?dewTVPGLjGp>N4dnkK86>VwY(K
z5Cy@>@y7ZE4SCepufRjsSs?ZM$%Dc4RTwZVo=@jA9q9;6D!I>GEf-o|n@$gs98p4w
zw_$sqSD>j){C`~QQB+Ypr-xoF!e5YvW0d|5wV7@`T{?)AG`M~(4Gwk%oXU`MF`f6p
zr16u6??gk8klQ!mz+@vC(fx^BE$G`LA8+rgxO~;j?E9fWa@<OC+(vA-3Ul56ijeNG
z#CCRZQRhs2_3G7148Sa8nK9uAOc75QON4+d#L<zrAql$QWM7Yqc;m!?*#0V>U+vU+
z;PMB~LdAxG1w(Hjc8Om_Ks~FEt(JpM`6!`#700XVU8?%pmj~;k4>>jRE<Robv78a$
z<72g-RCPMVrRzysG7LQ=y9#CCfK*(yJbn693KIQ+iH!}Lje>$=zZ*^#=harl2PdT;
z>U9TQ&VZMscQgMM$38Ox1&8=nc)#n(@;hR`8B|G}&oY?C)&BIK?8RZagN@(LWH$Ay
z5L9CF?x$|~fvYL@<YpJ3IV7uPhk8`I434dWrx~CB-A$t>PgLqUH1?}uhB273^b!*g
z$UdaCwn=XA+gXnWqgDclV>-)qzUZA~zVvFxLr7$}U)pIgGBWg$#O0d4wSLm80FL+#
z5)-2~C~0W$adL8UcNa#7zSYs0-QVX<p8;17Q^K{UJ&Y2ZAeN(lFgaI-0Dw5UotC;R
ziVdH`baNk=YpEZB9$R0eVVn%jY%C)R2nx{3s+wB~LHaE(_&hJ<fD;m1CcB^lSU^H#
z-Wbn$Uer^GC)zXjX8_cp%UHhPo4wKwAQMbxo?IMfKk!AS<#2hPtjQS}Wqw@3lx8@e
zq9+nK$`Dx#h%uTiyS>3*J-l6aag$B7RI7}X@yGfc5Ejs`%3b8%fAd>pEocQz<&o&o
z7W@$#2e&2W*RQAU)XGK$1qDF4{33109Q*6nFU1eu_x=+u1{xaaJ|pzC_C-Z?H6=rt
zQA_g;C(RW=0h$q;w8B)&r{k(%ivYwEEW}mGLY)f^m?hX3!kf7<U@qX~bOaEM-CbKK
z6bdvrIyySa^j=Z}oNF)w*&M{vA&m*Q!>NG~2=3=5ME{+_*{a@sFx^5Nryr@yySwyp
zAnu0hDSR%$$ctwoGCrI_FEU4WQO3e2IVjWo+gw|^Gr(Pgd#4?bv<R&)n;tK4&8;y&
ztr?cD_&rbT$`JcnKb;LO?Qkq9wX1mp`<FcyT!J=Os4NtN<SUs8xbL?^U8SYlc`tv7
zpiXAF&W}&magGgvRb5z+wd?~Q1w1-q-8cD!8?haIQ&(SKh&F5%NxmbzM-fQsoobhh
zyj5)SkTbWw-2t<w28-bZx^1uO=o%*Y{w{I{t+@@o)kJsu5UJh%93?`jh_kEUb;&Cz
zWJ>yI>FV|;KNaJLvFx@p$*4w!864Je3WZ3OXhn2<=IJ<T=k5q?)BjKKLr};qa868Q
z6Na#vI3J(WB?X+}rKf+(zMmEw8{4<)swxRicx+ph(e}#93a`hxM&|OBf<=J!p);09
zbxlnUi1x`x6O+#;88J|ebb46JrRRoCwJrt(6P{x$40c}}FY|*HH>THu8p{d)`rhdK
z9(I{}MfWqwU6V<SZ4J9H{TyI3C{#_~q-Rx}Op`e8m{Zjc@;LR|bR1qn)Aa)kPPW<A
zVJpqpgtPDEi<T})o}zfa?6aJnD)1kwTS=*xRcG-1QvEtVCRuou!rCQW@;TKVVX<8y
zsUI91ynp}xb4x6at1fpBk2}W9WgklK;c?m9t9bUHl~|E@@Ct#*Vz19LI4ook7|YFN
zoiYOWmKjY%)n(f^xjPADAL?s<+^0g*A^5c1Y%>@+DOXf|5(!3dul(>uxeoK8*-VA>
zBtqk$w&0%k=yP;e53kbvW8es}v3^)s7~{PQ;hTc9v$Lz~YfDSZ`r29y#LTJaeK9ey
z($dnClM}$22MDCHva;gRI~=;uoE#Q4p(psaKia<Dt<QRIbZDp)6Kd$AYYP%S5DmJ<
zC0Ozc^8In!K@27!B9edTe720-6u}*g4o6l2)HvQN7M;1D3`MzaH1!O)7jV)e@4<Se
z?e0?re@5<o+LIL2OOK~bmS&TJywCs3uX53rGiy{g9FoMtGNvGM`TTW#;Zo_YI(p&L
zNkD$lHIMJA-x^kBGu^*^KwLKW(wgzU9}LW=kDB;I#5BG5Vdu*l+prjnFZ(#3`0^ct
z*iV`3RV$tA>+8{xM$Z#dQ`374uZV!-Kdc#%`S`G^(agnBtP5=ojpwi&K)1yEk>)Z3
zoOFeZvU3e-x4fkP-;n37Pp?hf&{O%rh(m?Tf|bkB=t)0Nh1RswQL{7%4{8d&6bxbW
z+l8+FRI(EfL@18l-rjoD_2hl14DlOy`<wBXX|DoNa5SU1PYQj5M4Cc#P0b~*M|*J7
z&dmOQBAc0->K!eS5)B2vS!jV~CJMsVx0jmzZi>p9+gr$H&`5-f>=f|g!sT!5<FMHp
z&-4SyXkQ_t#~&^#N7=UARwI-Qm}1ax$}Hti2WnIr_9h1%pgP;%5%uNedmEt^L<OA9
z<;9m4Sq6Xi+6zA?2YIX+Q8Bk!1WlVI_?irSOJYJhUvV1Ei2gDMPq{Fa;m^x!79Y?5
zplIqcf((JNi<=C`YJ({t2RHTQUP=Ra(DmE;A)>K?cD@B8s&@1&1QEc&<)$xj4_1>C
z5J8bKqX4y{Ey{uPban$pwD(-OK@&45yxf`Y2<(#DK*fjc-0EYV`Bj`jv?&)9b2<p)
zO3v5c#ExcyL-)8AP8-i-%icL|)NqZ{Oy{xD983*Rn%nWkjvSzaE;AeRP-Tro59=`8
zghQD`4>mW0-*hZ3Wi*8lwkybD6mKpp=*!DLP*XjVCO|NfKym)^PKPnAo8zaREPDTE
zL6NoILtFIi9c{(Y0P`Fk-Df9KvdFZRyM@2A`7QAW>j~U#BJ(yS0EU&HJb~_&J2wbD
zv~MI85*B9u-ku?w*HhYfjPoUZ28Voxg;P^gb6>0&$g$wy2lR-qXGn?5L0)MTlW>&p
z_PkSzoHKfVR&bDqi_0vC0BE-b;ch%X*&bs-(os{l9kr^(s_KB^XRDA#J|*`qqEgCK
zkMQrfx5}?&WKe#&$G9Zz=AY}!E#;PzZ|Ib!?KF%}r`zJ5=&X)?A7VKuT<1#9|M57V
zkBH<hdQWh2W^G5DxhKi1%?tnvNU*+%d}-g34x_<hzpakXcV?d$#>irQYQ0fw(cKZn
zKcU@c7vNuI#x@&Pjv@LVFrUxp=>aertI%&QKqAeVc<7AVBM;A=-H<=GlxYxznekS7
z!E!zT!hs3I>_4+A@4c1mEtBFgLR-P~4`C%&gm8$*g*yl8(_2bschZ+U-&cMOSWA7z
zcc{k1J-?CR!LzS%f)kX3V$MN@EU*+`a|w|9OG-#^ZNb*p1BjTInWb4DnP`3Z@R%v{
zb*)O?&TmFA2t>c3xCXvGQ+HSBKIDRJZEj}6szyK^FB+nWLrx#}Qblw*I5_N^<g0W2
z2XmI<JIXeWoSg{05}MJXFOMX6p!=+-ZX;h**BVDuRf}s%!{fq+=>2?Sg5|P<pAg@4
zd9MUkh6-*l0r^$iR%$VcAA|TGN&H5+e@JurZ0^Ov)}YN$D&fH)EPIMw8g5tPwU3O>
z97MHy9r8ieb|L52n{RJN#qX6h-9S;2QP(1CM1AZhWJ3c3SOc+TRmsjnBO@V!fj>A*
zL?C<1Fg<PUp117lmwnyf2gdK1UcPLssqsi|SQ>1<cT08Jm^Ik26*)tKAY{>_Vz~t0
zn9^1)NjCi{TpG50j~cUDb=eYok^qz`5=s{Kv_xAAJH1e>3#5_%bu{I&hwjawfe5M;
z6@I^6HJ#zJZL-gvthP3lx6>1r{ds`>lr!K&NSb_pSY7kU`Z)88aZzpU<3?ldQ7C4#
z*PSE+G&kDj&Y7_k6BmaEy@Y$zC3Bdj-jYXs_C?YhFNbEznVM$LI&DimHYq*)7BgaQ
z2upMBLGgOrctG+mJRmn#-_dK;YYEK)q761=6=$q+!t7JXE+=A}v)dYsoiFX3v7Ux_
zJNVG5N8Xai-V-V>D{1L_kecmH0HFg18hQRjJyU-UA=8R-t)pycE?gR06kaWE2uG*x
zT`({E2ANw7v`C%ssa_8L9r6=Ja}mpF&8I+nqVD(#Ei=?X<}&8CnZvmGLY+;-Hjgzm
z-$vjG?yV%c#|nQ#a`$1yrb3fCU)jr>=8m;XCZ!V-RkiOBz#uru>RsLlZu{isW^p2*
z?&T$>M6!0^>@jDi%N)D!9R1g{zM&zl%qCZd-NVDf9qv!4Sv_!GxU;ik|6$y~F^~bb
zibUhkS>*hMkWf~Q#gX~KhGAJ)9dO`D;=8S#9VyiR3@9(5XMj}0dGG*3tds0lcO_=v
zJpe*JU^ig(lK+P)`Z<L9S{qgz7}P?$5df{%uPwB)RBo>3(Xvl;Etom?k;x(B-qB*%
z5n8<xVy5dG8L?6gT48B0a!dA!;bvh8Pyo@2!V#xi*XU;)Jf~lJNDygr1}n42&w7Y!
zw^#>merw+D^63ZlMi=Oo(5j(HeqU8JO_;d%>1XH)oTCpX{<(UDvC%9qUbZ+SSB`j<
zWi~uL;wYOYwnM@x?!lmBjHUa)xyiD_o8^;~asBtx*JGxu>d)>_4;$gcygqdABKUF?
zz{KI<VNP;9Ktt>|=jP_d#XX9Y4;a<}-kTB!L=i*Vd2DR#*x36w{w66YDaKGcJ3B2c
zN)WTP)W_#9UL?fFR}D!1#Ok*DGdD9cgF->vvz=^gUXQj>lL7+PfC=j3Q)8)k<F}2X
z-s&l>*WUcCV%_G0`T5L`MfXd2E6l8v4C1uE&&Ck#?di$*v6GK*2bBGq9)ZiN$+<`v
zjnwq7Vf+^ziTZ|P_Y1mf5)`k-;>*0q62sd+^G~n_Lx`&AXW`wkZa1<!J*pS4@Ffn)
z#FQr7#Q&KJ!M!2EFC^;d=D;|I@!RM*z4PLaIfc;m_myW@hlWX+lAVr5iVh#R_9xO0
zL|#4>wRI2sE958@RCQM!Kn}e)I|z>iz{DaZBD#mz7XUY~B)GLTETlX*E2*oi>#dKA
zkB>FZ0{Qgx@p_ctMxOR6oV7Y)$S3#@67=%%@@{I|h6CF52oEt@Y0J^5RCQGT{FtM(
zzszsC`RoHZt4P_+pPni@GFs#<EDsmy;_lA-^l59^a9bOu>{cvs1?dkjn5v439N@pn
z%fne-H)8+WcFP;3g}+to4<uF&6?m1>9=k!d<h{z~*kn-8U#E^2avy1mu?~Qs;#Qt~
z*tq0|&CGfdr_WHOb^nBdueFI6tu+;a&I#tFRR1)D^XSVtyqOSoCi)bFz<Wae2Fg%7
z;zji&udIpEJ1^SVXW$tn6Plz&4|e3tg51uWQ7GHp+Ul|VylmX~36>*KT2f-+5o4;u
zdbuxG4`fFuJs{ti%!s2+b<B~0zN^s_=1nrNqwNRt%k>bc?t;Dj<7t}>fcy2C8DDZE
z-k*L0vg^W;<0&6sS!wB8bSH>R2Ba8P*PuVxPp=P=0NidsjFuh>9~mrX`@Lm>wx+*E
zfi!>@0+RGwl9ql`YBc(?>B9@wL5(403a_s%g%Juj!@uv)`HB(d<ZvV$Wy_~<aC(HX
z3q`!~l6Xa}TPpGNM5su0d;_S>o<~{7p{<$X!@&uq$5_uY-0mPoLIG6C=6+)cK%Nio
zbD+4rEG;V|#>10-V*CWr``g#oS6p0tW|Ty+e3Zq*-91}{l;ec}7#xiU*j!f;p3=;*
zB=8`xTKqXtEb%iD_rIw^Eut$~=9_@nAS^%!4In$SrzS+Un;t>p*Vp;buYlJ@{rvoh
zr2%|C!F>j?wzig$34jEVC3>~Fkig%+;8{csK=NZ#T8{N^coi>XM%R)ZPj8&%JaF~5
z05Mt^={E<C_^;X~E-Ca_+a>nxfN_-CwVWCt_&s;{Ag03a;<A>ZPwO88FKy}J9X~{b
zT&J@@FDFOqFa&RK2LT7de{a9(jsJCb@L?|5yQb!5-mM1<GaG-OCDror@tJ)>h3RQ@
zC|uz31?J7{p+<#rzDJHlQo_o**M#5S8H5o?y2H;+J=8#DDQmP;y#3Wb85s}#Jb$65
zYCMFW5fIZdkiImsGXpL61LB|!xv)OraKF)SK|l0R%~VM8)$;CLal9uaBC-cYnaMN7
zsWa5rS>DYF@JD(oXmn=W6_;l&QA+9QQ%gR~=$#I)4wiN#*L2+)?<8iAFLafvU0#rU
z*wf6x(Gl>vaFwH<0(*EfmVuTQUzkN<cK#v_k1$*3qI^FE=;-V$GDDMnD)hWE?;K6B
z%z~}y2^{-oVsd4zC}%?SelMUSzxZ0~G`Vnm@>~97m=gI84e+}4-s|^AbNB=V1h}{>
zMt$L-cwwKfHIu`geeZM3C;-4&p5fQYov0*INC4RlJ*rrt;i&k~I3U>!ID7mrUn1F=
zQva2|S18`g>a}dg1EYWo)iXE9Yrj=5zN;-&OS*A$WUDVbp2o%b`6O65+#nLG4ecDG
zRe@9cjpWJkkz@~(@y+)p5lozW3bw#R4d&Coe+P6Oq@#x6pL>qX&Sox0TpY~b8Pr*?
zUfj4Frg>&F!vvdLU@~@l4UsH!G4LU)Ao<2sgC7_Dnz9LHUwN&gJmt}YcXN(H8aN)W
z^EGJ(^L?C`@x$p;-M@T?-csE(Ez*W9Y&+%I0Z!AiX9b0Y;gOpUl5nuGnRcKjYh3{N
z_xFbbMzT0%=Y0%<A73WO7*43h{S|C&cX=;Gd1)|hp3u>akB{eMXDcZyWBRD7j(q(}
z0MZu?{>P(4;Y=s+w^DtZRybdKJV?%=7auR2P-|ujf2bH3h+9utG+hBb9vBGQ*kB63
zHw>I{1bToKPO~TlFKKCMXJ>(%(A$yh&p<;l5HM@&MDs*#4-XGTe*m%>FuU_wxV()1
z(_ARfxNgH?@I4z-u=M4kOO+0=P67`>+=0%cIAJfx34k_4a?S2`BDMCXWC0DG=eNz{
z^t<RmLszh&xOf@=+%c%Xzh7E9EFm`C8)!`NJ$p90VHh{RyiDv|#V;&H^uY5Xi3+Lm
z`Zd2Ss3AX&0RrabjWRfrsQw2??_ez7<(|4rI^MR9--wqrp=GmFZ~62|LP{#LVpWo_
zCqwI61zCckqlpK`+90gkfYRURn3$LdY#LgQhztmQH%Nl8C&7OMta$$h{P_4-yGT3_
zXw`jF01}FoRsar0t`b{jfoNW-TgNns?-WPGjL7zaHUCWu^nzoVh<CY>v;`uh>nG&x
zXJiznW{8(;KoF~sXW%*%QxoY_>_q>!SW35Ks;!NQpP%&MT1N;mCRT3r4_qTmFIKac
zWbfMGc*w5bOz>Hi<X!E~N><p>?y%3n1c8I(&{BDr*wqi&B0hyuLjr?(a?U#HCUVUR
zW<$`N7uBz<tj|qaTR^MNzEhKR8>!#ci<s#^wkFuv*sQOw2lrYXz2O7g*vAUJBAT1h
zsP69WAbcteo7~MBr)7D4N;htkSKLwZqvSN^BFpIjO#f?f1A6pXFI2*mc)ZdkX&LJ{
z6vMslgm`yvFD)%?cEdb3Y#;N9@Nahq2Odr=4g&gb4Sev=MSz8(Z6^`+FY(A>EkcN!
zo2s-tk2?Nw4Ngr!*EF1pOGwb_fZ`zTZS*FX%ov?GdwYA|q}D?EMJX}Bn`=)WGaF^S
z+inqG^}MqN{D9Ip(Nlpq?jT<FF#}%uv7l~TW`ngn`qxrl5tHn-nz0<mcyLuQ5V;iz
zd-QN^cbBsqvwMX_20!pOy}qids#Soag}M0(3mz9I=W&C@y2}q;OUq5(%k1>6k<6m#
zd5NP`pAp)VomZ&-e!L4Ybj8n~K<`kIJ)UW(<Fhf-^xz<Y8pzk&YF|NKUg}eV|8~Q|
zEw$)VQc}`~4<GjK(9+P%)M~1zr~rQI)q$M6yq2csNs(yqU6<G2mtDBD<hd6(yu21$
zzh#>0fA_oTVVRIS>3H|t6cT_197XuXWdV#P5UI{~`XwaBss1jA-(sMwce{&eSr%B9
zrF-xO4l2!EnWg-<rZnlPbl;7H7eauOD9f&-aMk>~Yz0mv+*$gV2;&bBHy3I5*ZP)B
z2*w^Oil3Ak8h?nt@^TVhuATsIOF5*MF7Fmho)vq3d}~rmJmd%*iU9JtlR||qMUDa{
z6G>-Ld->)C6IwAt%{sWNNHObLP5}O@8-?lI&04r)QL+kpnQ>#8OF?*GAr#4`c@7KE
z*EKMj9Mzrt8);Oq3VPA-Db!9Pq%dtx*^Y)lBzTavWj=K?YATD`l`**C<X82Fy90s1
zu_Zy1T!kNytr_2*?I*LL4eXr(rvsL+2D0Q8Lu6ZgoX0*2_TIaE^SV2ELXb=E?#}<7
zRznm&USyjkr#-AE`?LBW=JL<#|7z|nqoQp4cVR#&DJ2z<5s{ECL24)k0|`M=T0luD
zsR0a9fdOO)X;7p)Bu7NTp`}5Z0i+pnU|`-8z4d<n&)y&Qde^(xdi~;unYpere{~$k
zk3yN0|4W3pDo%FO91~Nms1rJ#5$6gv;?key7<YdW3Zue)b))$IGvDyPXp)sz=8AG8
z>F<bQubcS1s(KrB%jOqR^B?x1x0fJxm}Dmq$xZuh=094hyuBF!i+2By$#T5`vXABe
zXwjm^cn))Wkp0j409qkG;ArJ5|DiSl&Y{7LHg1F96AGsH-8LutW&W#0mmo`7mFi9P
zHW`4QSQ-+kQA&Nnjoyxpl$Vtjw2vrHRZ(fB+Di#Np*4c)>Nn}%gTlK3$R0cnG6u$V
z?f1Bjf6|`ZG!1Aan6usQq2c;CPnbBVFniD@X7Hcg`v`;&T(fPdx{qJ;+I}x{=@WHD
z*)rScR#Gn4Rm%ir6<=0+G|w1zH|AwEf~vsb6kYt|Rfy!nSPv~P_dDL!){cIL))I^&
z4LKDB;{`{SL1-fQYrTW4uR-WX)?kRtCqsN&acQ!%vjDhte0)^YIa=Bb{JAe*0Zj(b
zc+AYEwidei`1rJ5B7swFOnUwL_5RHhSQw0|$kw(9Q26?)Z+?(<Bfa^(xA}pDT*G^!
zVp8i^;TQ0}c0)6t`v5BzXcW&A`!KwcYVy@|_nfTC5qXYb)u$T?N$;S-9E#J!Gt9>k
zuT3juIVTllgc-l)e+sxE9FHhI1G{%F7#A`9q>^w1dvo>G+nRTP>PC_$EY1x{(JOu;
z@#bD;q!5#{Dd{A2;tQdHo?duJu<1nuv;UkJNa%-#JZx-8`+!$SyAH>NhLX$6%Ln0t
zf`V{3m@f5(5I;Ww7MRDPcT&#4goSZHytYC-1Mi(mAP`fCN9bwZe-MlWj7T0*`l#eM
zogpBoxy((1po@;CxWk9Ji#o>{@@fB)fY`^nO7a4BO#;QfGMBq~ETS%$v4d7S!x{^V
zS<GF&&+a;>Mthkpg$>u(5(SFvR8%6q%1KL;a860{S_)c(tl*UVw7uq<7<L5G-0!*C
z+`q$YCsp(*zc`<_s`&I+=$T<m)*5@|nHY{6W|JRETnUT<9h$0?4~L`Y$|+}UnDR&d
zoUW|CH#ku80E7gP&tEdQzP?C=A>1h`5mA$rlmx{&(K)*cLp2b_3eTzDyxG~+ReBR-
z{3@A*7~p^Ak~9s9zR`gM{@ZoTEZy6E`}hm*`SYI8J10n&y3Q@8aox9#5k?VV6=aZ~
zLS*E6WU8NswiGtzX6@GOnzZN@L+Y5EUl7YEe~yGdNMrpb{q#+R@Z45GC%+wC^!>A5
zIue!F_9(YlNai?lAFo|hoF#**H0KS+j}AI^EU_kBoys_UokNC(olF@@M1PvFMnbQ$
zm~2$-mYQ|kd0{4YYBRV5_CX{uxMKN=zxd@UbEi7u1dY8lG$wubi~#~!JfRg(4hRD$
zw1K$0lQ%D)Q}$C-Y@C|9G}smiSIW`JMP7=8oIM-aahsoUxm%k2_nsSwp6|%wuI^j8
zm1f|_Kci1=ON2GfybL@2{Dt`?h`tp=<l1su^1FzBDKWi;no71Clny>y)`XZ6#`2zP
z((O<A6rc|c`<`Fo5a2Mv$H>5Ol`qJ3spmNCT2DhBedc`Nt{=;e{NO}y)Fwg6mZG=O
zcm_DdPk(R!M`~<+eSNCmK@N010eY~Q+0vq7?(h~pKVMm2f030{R#Y@PGLoS1)f#Q+
zTyLhTnHPvvEQs=%MH=__+wa}vd49&t0zWJ*HFs)3cIs~KGK(~6WX=}-4TaC8u-Ufm
zE}=&TP};|Hi#x0J&r3pTKX)^0bhZIuCRbz(V3ksJEDAQUT!uKSc<Tz*+I}_yskj&%
z7m<GTnSesMWc&Js)b6W1)@W@^_>*z$t2hJbJ7xoY63oa|Don$_n;|&oWN!}xWF@6h
z<aZ&z%{K@H!?b8tC_A#CptG^j+`{4|yJ_A)so1Wuu`vL=hC@HgZooVBjg5COm@i9Y
z*w(>s><|L=&Nh;j7ajR^L{n#zNUlZkZ2=VaCX_5WDOO8s@}*jhk3IF(>$T-@k|>)@
zW@gf211V)_NMh2vF6QZ|?lpF^su_;avq`+dFJb&d<(Wz*&IUgx?66o)wD6}0gMIzU
z-nay#=MGI-r9QMJ7edZ&CvtB6=On--IU|MCTj{`w#H6Mo%gRo*EX>VK&5n+~JEp<`
zYE}rzup6KPJ$}ri3rdL<?dXG*eCT^*8#%D_k65u8aUMf=BQGq+ZEFZ&Jle}-c5fDS
z;a+XxDhL{=t#`tf&G4nfg49!~t+P`H2NAxNXJYr3W6^8FOwKmM`V%xZb8}mJc(JX-
zMk9PB>^x3orYq|O>=;S_yLRLxdD*0~YBqI~1so#NV18lt)JIgmB)x9zc+d__scn5=
zb*w6|T|X9tS;3d_<z8;i6={Imm_G0{HWV12yFi*c#N6g&@yAT|{Zu;cOq2|aoXi8Z
zo+7S<A6$tpR!mealD$B+nNPV)w8;gd1!(RDuTDIov~in<iwmuiU(w3y>OU{Cp~lYj
z0p-GPj{=_Pcl&neS&UCJ{H>*6Nu!rK{MTswb?OX<1}*jdzNdIyb4k6*W}xr5!Yt0u
zoeJpT|2V>r6j;N8-9)E`b1uh-6TlhbB%A~|RWUL265x&iGH4y>Z~%p_t*-+`;RSm7
z@=u>Wd4&4*PfRp`$_4+ms$Z{?mq9)SGq-`6;L|^K{J<UmY%bK&GB;r0>kUs#jC~PW
zH&falmf!K?Wz4pkgamY}1Eu>&hn}&ctxGwuE9yd%`%f7;z9IT0AS^3=;R7tXcgq4L
zU!+FYzlJst_W0Se-Q^-A<M-qGJ-@@TNp%ek3cEzE;?{uy27ixgnT@y6(FA@pG;q*R
zBSuYKUFF7&Vq1Vd+6O>E#o#(Y83_rArorVXfGoSayMwt+&7S3!kOP)lM5LsyuFfO5
zmHwA42EHEk>Ei}G0H(v}Ota5<g>&l-0k*_>)1F!6#zUpcwN?JG+s%df8doJ6?T=M_
zj~($(0<%0UQk;`3n&gDiSV+zzN;pH<tUqO)wb{tyKob9rGSn|((!oXD*g2tgzB*b+
z^*;uXSfCPnz6ZUPwKdT~Ji$7ldx<_P8(Ww4iys6M$3cOC1O5H)KYRd{@fVxa)YS2x
zTW4lwa&oSMLLT5(fU+61p{`CA6pth&nY@to^}g!r)Jy9Ilg=R77L9;8#`qX7!6@e}
z6^{vhdrjsnnSn6E=?d3JYczwn+cwSX_qUGtSPVDg<j_SdgdPT<gGSQ3DC3dg*yxmz
z?(mK7me1V+{5f{ZPgvq_-MP(IP`IFqndTtD82x)6#4o3kQ<_YjMx9x>XbhOT3KhC}
z#MQl+?QJ(eEA%6dx<${*8ur-i(W9?pV=QFwu&^7|I=ohNfV)Q~bC%U??L4=hp57%$
zZ>XP)6AwVHoabJRtb}`|c|L>@$xAq>*(aTwbLHN3ci%SEr08h<`c+~tLi`!^C2t<y
zB1Y$jHjyp&!?syx%ZB+cAwQMIQcb~i*!mofW>@O3KMt4s7^kf%3%K>VTAGHp7j`GJ
z{=EQ9SnIf=B0zkV@gXdHC`dy_W`<@C&nhW7_ns6pc711i`xmJ$p6~6qVJtz=3A47m
zDYqo=@c8)Ho6k%8mq(Kq;7Cl?l2?h9|1b>v=R9fCbQF!Hfi78L**W*;UdL)s3knH}
zwr&)k!dll1rEo)KMQvey+$1H~j;&dO=*ft`1JVt^y?%X$l$7+CQkH<GoMW~qKfj}^
zOE*WyKEU|HeUMT=3BiSggfutbEYMy4`7^X1Qtag5z&Xd#3(UE~MW7s@R)FeLu$4ux
zl}JgL$iZ<5Rt_)=TK_C#;AouKPE7Mk5Hvrc;#(xm>#`T_CHwE~>lqCE9$Y*G)|z|t
z4erMmTEBNVMwo4skckYgMWd9#+xZ?Jt|0zbpsdb>Y1Df@(%rp2-<jyY-vns@1PH(q
z8jAnqzRY;0abB`I16f!1P*d}>|LIv*7Z(By2II1O>2rU-j+>hs3?_RY3t*tpQA7I6
zMA<nxjbAr5gkKW$Kh)O`0royLRM9tFMH>jes<88*o_0ai4`^msNc>IbEHgfpGWHRO
z-N*Skia)#rtPUCH)t?E7a0lFFKx-7|Q$C7bIw%jbf98_H?(b>xBK9OUbfp+2;j;cz
z2MGtxSHf*K)9|M6U0oCQ+C-tNoSiX=xNq|(s;EkP_cl^h3JMAbd;1B0{89bhPl~`Z
zm6er%a^C7=xV{ZaJiy;rzOm!?04c)udKgO_kJqP+I)6hC%ZvDP1VO}>Q*X8%zbq8U
z!{iJVUUv&2B4aQvbw^eLL_|k>a~UTNjf_I`qw6D*eWr2^s20#!*t8D@;<B=`d{a?k
zg8cVQO@-{2SAM_gsj@1541&(e%}E~rYLjt}aE>u{5qTpR#|ZQvsRBmlFxvO;Q+KX}
zhm7BKx(!z9;%nGB52kwa>ChT~6_+c18mK{RT`F$y_tz;ftt~Ck{i##zE%5BYL0$7&
z8v~G8Xal|2IuMg#?MDnFArOer>HS{x^fbG@hdik7m5?LupqH0xJ?5|en?%i(S=lN2
znVF@Xol+e-I@}9fUE@|hiALPq-GM}*7}MDaBHgY{=kaHtoPYO9bVCD_zQJ}%;NRQ~
zGa|~4CzF=Iq{{nG3=YP|#_DQmr4QJah!hkQfM5kY0aQ@b)zyK~Yn>=)1(oD~GPvI_
z*VT<(W#JPS*BM^(6TQ&@>Y<U{EfW`jjfse0V_^YYQz~j|5)9yh@A2a+Z=A>--ohRJ
znI&EVJu~x#3xEM5nzf+dbZfEc%NJ%A79eD}%)v1tTmzW?3eZx#Tsu+#TyHY$oF!1z
zL5;ZP5>4C2qZ*wY9b<umWMq7~2gud?G61&#4KL%`ePOW3O~A)ZNnulJFxW1P6f)2*
z%BG(aTWziwvShtDU_*}u)scfDQ)Z)we7V^d;&`yp?_vulz7b1|OL7Vp6b2i7+mAkj
z@Y-^Ell^3^Ux=xWe1>XVM7;T3fxZ2#<jSQ?A|E=2k)8n9mK`Xy0na5ZT~kxT%%k)T
z5T^iKVr|XE@|9_&wH4HSr~IEh`DrY7sM==ZO*ePyd@W1goR~x49ZB8IO_)j)BsD%J
z+4QS_zT@{~Z&r}w!IL?}w0e7sS`t$3ws%~Jk0MwFmn;4}L(!EF?{~tw#kQ31?{?qX
zD9Ns?DX$@<dv!Ty+WX%2d)TSG9-&6YQtMiko5Pf|>k&$)#l-o<_?ga6@>CUnE&fq@
zudT}D*Fx$#^4)+w&-LLG-!lnHKoo#pZ`=6~gJ4sPWp{Fy&SPBP+^KCfNuhbn690IG
z`Rn~B2_r!cqI%aV%Jk$zK0PIT!%_JdJwY)5L|eLjAq*hV(ITa5MpOWkcG(fEm;fyn
z?cO<@((!}nE9=VY_YMW9PbmE)b!BdO7GdJ+P8CBSHcUc%^dTqa1<Ec7cbZT)%{YQ3
z9vh*2<~SaT_T17fir&#|&uiB>WF!RHSn`oaj7~}oJFicw3RNyf?0~i!O{l)x^%11X
z1Z*)@ZKU2>_q8U!M8Y2{;IEy%JnnN@cZTk*!oA^*m3k-!WUZ}nIw9=E(q?RB3Y)h_
z4nBvSPLM{Gv@9;3??3(XLT?FYXFbQEH8!7!QT6<bw#)*5Sq^T<s>ZE>?6B~!_d{-y
z+`Mn^Wu?qF7!nQv0>Lx!iFyxP)b}mLq>u5tU0<uiw`I5RLu<OtZ!fk^jJjJrM1LI_
z&MCdf%}`YD{49A>J*L8gHJtup|Khwz^ewFn9<93d#3^6M6yd}a@x&e>Efe9&sk%oj
zk0Vc$oueN<!Yy6Z^~gLtMfUROa6)BoC{rvS!=YN=6i&%2-;jnO<~3dDO~;6dPAa_+
zo>{4+7*)Q;{{V`z@*JH(%FRY$%3L4py*wjZEH7S`Z!4vV&D>&HRM6?a*5I8?xIO~}
z;YL39?l^=`yjnMK!Dy~o-lIPlp1XmzBnSP|3LgKwkTfP0fU$cwD$ww5;&Rc*j65-+
z+$k++SVRk&l3-g(_|2rDuJYlcv?ewxb7ESB1OYMC#1bKjwidOqWky}^S|rFsi;7R*
zy@BQN7a=VB64mn*KS%UF8|Lg+c<QiN^ooGwM+NN{s8$UggFz;A=A!Dl;+lNuH4U8x
z7c<ig9*EHWhKmY4{3g>;m<3&QI|aF)schVjBihw&`_UX+o7VbMj#ntSP&VuZYRJni
z52iEyM9B0RWtc$(q9{L22YWU*sX@}rWFxhqDhui>G$reQHw{x|thqAPe|gj^A;r;T
zOfN=$&54jkaZJdxp?tr4SEwkbmE!qOZ<amFzIT@<)bE_zRc}=rl8<q7c4S(|V3mc=
z_hnKf4ulsxF3U}C?imcXrnt+uv25n`%p`ruj-pfb6{_gTYNtSv<rfksoyA%v^K2M7
zqUgn<Cbo0@RQ4AULb+~xEEFH<Je7R@kb424y_SBztu(8oQ@qx8(?3zrbnb2sIhnoG
z#$%*?NNjK3bAw(V1+;J7sM3e@oC+s>so@BB-X-QuZ|kE#&(<l=sZe))(;ZGClN6VI
za|^Gk%IZ@^n(F;bXd~RhviTPeuj&4b=1Gc1p@@YC681|=PRlIR_PSfWX_$n&WC)>j
z%(b%@dGWI($&@kUPoLQp<rJ68x&_jF+s?Z90cQD8WShN32`$zeh>Fw1GLs?vv5EsG
z<2|E26EgMZj;`P0CL#8Hp!`PEkRbC60>}b+O_k7gmvo?+shU_d@pKHQ^9R`Se7vg@
zubY(Xv+W$*&wGc9U#u5hjvje8F?t52sh>PO02P;1fJ0%v3}6WpOcEfU`MFScFjcxi
zR^~o;cjg|q?k=@05B;>_^y0i(9pYf4#3uJ6)h{t&diYxV%E}`TcdOp6(O%Rozlp;S
z)qb)8fz5%{L8ISiGJZ@5DlhVxcZE<R<f~luA8N^27_{C1v&<+g$;$Dy;9NX7?EC&h
zu7_5XNaL|INlOr1V=&QBUb7G-<HSpK&&9zPtii_VCc0NPQDx^izOBU4IT3Xa!%y!}
zONwU0R>8<0#$e374Zimpipln5l=pnsmxBJ_>JvWL_KfRZYvpqiOmuObz>akoy%V$e
zVwtEYPtcBFj4uY4cX~Ff(C-a?rYiSfJ`{a%HlSHjv^!SJ&FaBr9jH#hk1=ZtFQ)L|
zLONz;qpFAE*>eNSly$PzenK)um)zcdZcD(LYa2e`vwLT)hq7Bz*6Vqi4dZ&JiH&~q
z0J?Pey7XmW0`vp172iUN)Uq+x(y;=1%!7Nf-gmZCefnc5xnbF=8gH4}FgTlDft>fp
zV|9nz4@o~)?HBcl6|D|Qc=StDEX*+>9<aQ(SYt`$<GI?zRi7yqYl-e&W!04|r|jgn
zB&u*X(aLc;x>t*#=jQeI?u$TI6E|m%emvr{Onw=S`SShs@i$`GbMGU#&(!I$#T2Qv
zf3A5<I8I+KT(z3}#J2T-6LC#c_PO}7&uxcsY_rw=>fH9{h(_lQM#O_JoBP+qChJ?v
zDd_@iV)QcJ{&S|x5vKZ)0;JO-&OsPBd|-izVV;L{m(#1-K;MFG)!rc&a{!-K-taZv
zsW&Dmf3oB>G07Zfm>MeRtql!}$4cDIQsrMZ7^xQi;Iht2roZ-5d!Xn0@RI<Gl9x_5
z>ZlT(+75uk3X+rU5J@p@c&N6>X_irKBfPO#zaA?!;O?>tJvf^IE5FLIWXAV+YzE>>
zbCE*!jm{XiE|w9`xzj@4KIXA5LU_A<)pdht$xvG0*zZ+X<^oHNf775fYt9q<ExEfz
z>lNW$PHCiKwdn21JFOl`3OSf_vQAUJ0oNeBsi9mt4Oj9p-G!L3cX?c@FR54H)D;<!
zv%_R7P|@N0#s*jJDPk8-^LOrW40ehX;RzJx6NgX-;1?|QS0VQUm=OlI%028EQ8%XT
zHu+3RrWJ|dOV#b-2IIrLc3+A%L|`;KyaHy*{fmp@ZTGfftkYp_CMt`s(r;p&%1Y6P
zp7ew9mHX?NuL?#Ff<Ca)Jn-{A$ivOtKdr&ev8piULdAB*!>TSVOfmtShNeZ-U0$B6
z$}|e@wRH+;J<0Mrq)OcB7$E6I-_6kUdzIcHJIYRxjvokop@62LDZh2C=#i5p<p9iY
z!Y6@Bwz%kY;#Ms#J5v(fw230y6_9&{+S}8-N}0<ud0hl9dXZTC$5lQZ$#S=Z4oxWU
zY^m+5Fr#2c#j0=ov%{p+4L&n3e0dBUzrQMF>+|FsKK*2sCH6o@2m1n?iPxBE_Y2V)
zB#Ve$UsO@yGV41{ll!expI9j)7b;HkL6FI!=Tq7Ku|YS|Vb^Of;e8$4MLGnC>s`!{
z<=2Zo3EO!1>I_h`Ev-L^{7HvER)~f<D*755XqiWp96r9s^=0uMmJ!L^yq)c=Wuu(*
z)N8(WZ-X<2M)6?WG>CT6qp5!7$3*W1DI^VFn+H~3P<gFs+3V(qtdR%t*LnuIc_CvN
zMP~1e3bGwGu9ccA7tkD1$1|ae6}9#J?`iv(4NX&`XVHxZkEs&-4_e2V(0dV`^9-?O
zQeW3)6wL=-+dzbc(%!WSS#8=iRCHfyWx!QUgf8AEb_hTL)CM6WWrVf)S|gS9(APt2
zWbC}FftT@db*3_UsA{jR+LJN$dgrxphwx+-5l9RiQ(sf^z%lQYTK-DLehb%ZdxNCy
zQ}5gAMJ&mak?sdA3&jmip19|9$Gr`#!K&60t0>Lg;nNx)lf**Ydzv<`t;r`i+8z;<
zp$2>z{katqV#{}_`1EEP*B(=u#2Jx<U<8h3mS#9BwyD3p^Nbyxk7$X2db!y<Q<Tjf
zTM}TK8`Pis{n?8G7?)p$GP((t4cDl<q9Il6kAA7HJYUOSE$0}JBi%3?@#m|+F#-GT
zMBYGWY^E7#+Do`Z<uGoX^{of}@up)LOU=Wvf6ihyjOs=z%4Yk*?+X@y8dAuHsmTBP
zDOj>?y8nX@=PVFTE34xD1H$H(D{{;Y8%ki*2jssUpi2o#QX?YIU&MuW{`L+*AcU4T
zwO8Y}Wv1oDXDXnB15q~Wlz-f%KYcc?_(nQz{OI0tBeUxVG057w`fsPGiG>jJ%JXaS
zOj;R{`MSpEAp*yR{XPDS5YMBDHBZOvT#(~M7S>B5Ga|@Y>a^0=O#*=9)j3vufuf;6
z6m>6ZVJ+#b-CgIdv~YL)FP~~+=XA1Riasb0>0}lb7Q0r!@~C|%xN}GE0(iAf15_FP
zRy!R-yn5B&+?-ufa&JJy%E}6)YfFeiQ5`@1Y?yBliu<DynqpM@7}S}(y${}60w6|L
zSGS+f*b2-|6MI03&`=LVF=gZUND&Z5UenZc42Q*|M|15$NE~jf8)SU_@Z{9_`S}kY
zIIRZlCHA(rdCFW}U4dLlw7#as5cFpq9{z+xuJ5ep<VA=uhoiVeUjEPLb$^-NRH#B8
z3=}mmeAe(k=mQGik9|2NG8St;s<-AlS*&(9XIm#>Tj6RltP!;y>+@)|IrI2S(E1*T
z^{FT+f7E)=&|IJl0!6*s@-LEu&MTfw30i|#pQvy8D0ubiPe5M<WckI1xq3CIe^#Cs
z|Hxj#$kB1l6u)CiiaLG^$_ZIWAOp-)ADx)cb-F;fw?3(%rdDoPV1f_Txq9{LYmB*@
z&PE2Tj^ORLEA3$Bv2k(fxZT~|S!)YwgwSIR>|!xU*JqUjHAaCle}0~;dsv?1mpj;#
zXpx9jV;fUjR8DWSRc^`ZLFcYGh1b#?52tm^aHmi>uiYaqtgD4GV<~!UvSHVT8Gx$Q
zf8A$Nd*yi5$^Q`0q^!%No~CakufrBV30I}_y(3ypv(>}h9Z1a0m=Aw|oEgNqEB2st
z$?K_gTxQd)Q^6D?6l_lDP4I%InTXf4Cj~>?)=*yV=HPJe=<`4@il)7pchXnbSo^_4
zBjX=GG_~|29mZKHj8zd$M?d!r64KirJjv!uWR<F6D775INr;_dnV+u{>yMQfI84ba
zD<Gk%&euku19#l5!h<j~Us&@mjMC43z?@2mkN@O6+ww8hFZcWrAlCy8(Ael`G=maC
zDD43GY}F8Oc%S-wd`TV9H0_Do7x9C7Z<8fc@<7yIc4=+1gtq`9&CEU6=1kzyqFjur
zo?g|@1zMCSujwaR)Sjp8npyFcr^E*5KV6YV&nmxxf9SM+I|3>oQ?1<=Kz|R|CRv+=
z6JulAY@?Hts_puhAx`KwV)hxh%er~jzQE-Wkk~g5j!`&;n+7k`;51b<+Y+N5+#Z7}
z^Br=1v&MH4B4}Y2?=QC36QY6(N~(v3oZ=IbSEwIC4B~(074k>_6wx-iYstx#hI_S2
zUWC_FG;tgpL=~6RrWfUz=r-MOic@^@f}9fJ|259k@51BF)T0%fbkpI~ELb4&uog-2
z5HFqvTY*uWIg_>vkTWg7lzAPq4rJ#@*M+XBDKnrpH!@1J#~kb|gCaHCFr2xQZ_=@9
zZ*Ol1(%0Wl@0lY9{RXN#mX?;qSr$D!G4Ojmx0`hrQ&3gv9_teiirl1Ks9&fxZSJdT
znou%-MScdS;d@`-rs;D7Z1!Z0I|cGh{wsVO=#r5DWdXK=DGx?={x~IJQP-Yo#HPMo
zd`B{Kr7-VmBQ5<h`U7_HEIq@#!dwOncf%ceZ7`G}?OBQYgPZB!Mc=0!9T(`VE<U)m
zpr8ePsRWS=Esd_*X=XQg2@P;qSkzKs;KheP@cXTkn4x7;*yc?SkE#Q6d2<B3b6_kf
zfXCm<3kw=b3~z>F5UPk%hn{4$Lo+iL7p@V@sPf2PyY`@Km`3)Syox6F3qtdFZA}o$
zjk>-6?c2B6SyjGSk5=y7tSpjL$grE8-Q62LCTL4OG7~{IMJd1a3AyzW%;s5Wq~{r_
zEl8@v6UH(OnqE4;qM`!8d9N{qD^NMPaPpWPI7EK;0ND{uwfT<SNBm7HpdkTkYQl?G
zs@6wyWREAZ@S1HF?iz-$qFVDohVoPbwRu$F+)*e%sWhQa>icqZX(p<X@g$VHtyKt9
zhF@dI<QTu`p1odjy4@<&#SG#ba!_->$Q0+Y@mxwq=lEO(&h!`)w?s<xi3iQcePk}V
zx&v{hlKt}2rTS6P($4yRF<iT$w`#=RWti@?BP~ZZY?_xB54wqfCKuQIdhGJEv!7mP
z-G5&JG^Gp-Kmm_($)~Hv0DdnZZ>RG>jDtbBxNHQsF|E8<ot~~JXakt0j&^ph_JRIU
zSVZJSifS4rI4Ed?sP5P)f8$FXA*#x-AhLeQ6b%m#znvP7LMjOAVufpxZj(ky_9N2u
zgE8n!viBdxpNc|$^AspM>#un1lOIY%k{f#p6PshAvsL`*hBRq(0m9tvTo9>Y*f>?`
zX;f;$qKWZ&9d8m8A;D?R<6Yhzf0t|=hoClA57a<Dy+#4+%FoYlzj5jU-{k$q#vU>H
zH)wrNL39%uY;bO122RFftu2&jb#)bVrsYLj>PCDgWgFf*!1L^_jW-3s+2o=f1!LeY
z@*~}#5z0^zEI;<`+rE*J+i25EOnJD?=}HylYPF`$f_o1%p=X?nkdhl~t1NqsY6iC_
zN<TpEc4S_RtU;po1cU@TjFYb2afS!#o4by@w}m8=$l8v}E|H#Q8;+yAkht+)bbRn3
z!?y|o;1B&zBOqrGLJx1E--ssrtvr+AJ<QF`1;zOOk*9V1k_l=H(#7z5b7r+ect23(
z^gI<K)SmwAr^absNb>W-LP4hx4B-K%fPes?J&5M%V9#X05<6ofBO{}umC&a2;4Z=)
zNHPQjQ33*8d_tYU$aGxNipK!rX3ti9PUoIPA*Cg;?3umH5IyzDF=I$zmxIjPtYd2(
zyncFhx{`bP#hP>ag&je>;22~bxRk@Y6qSt=+%CrVXkt}0vFX2V60{B~F5d5=W@ncN
z!wXDR#e<GDNl7=l6{MW-b(3h&eTB%rw7gtLS2xHpU{4>rc>D9VeuTHLyE{YC96(<I
z#YV`a?m4D}wL->^k%=iU#;HWV(6}}$Oy2n&M&yJ*j9p08#xgZG^U8~Za6Vz59GJro
zSHW<<ehm<PBYLah5x@`g^Yd9*St<4RIF!*8dP-QH(hq4&8|n9r-!EY3J_(;e&%S!?
zebESDNVkR*1;00qy-_EL?e6aOITBK_4p-rLzqTXK<W1gF=@ONq<m+31>tdP#`UYcq
zPR{M0nQ41xr>FG(1Um9F-(!#s4H0*4WmQ#HvH>A5c?=YwD8t6{b94Oz1H=wbX?cQT
zdWkGZ!RC^qRTb$`NL~;ugjQe@_D_tth9BmwlW#HRL_D@5!5tMJ&oiW!+3>{P{>RuD
z-KNhGsaalbuCTdi!qg7vC}9StthE9E9zD9k$qCB&867o#M+eJ8Md>1CBVq2vTs0It
zE23gz0D~ZcUxtzCG^EL)+n?9&UqYkN;c$4So9>dm!>^cg$OhaSzoTW-rV;srUO2D%
z!rFLkmHKqBJdRxg-$>(^=D2rdbZpGd)>in13#1`6G4U1hlwPr6fhU>IG<X~!=7OpE
z?5$NlEKEqaPz{0WVD(+_$G-6<g(;;Y_L7c2G=pv)f+_?ECsj$$m8#l^NJ(MQ?Qz*V
zr&?Eg3I494(zSz$&^D`WZcLT`Vb$bo&uuw<gD#hsUG>LDPJn_nb%v*|r#`ZAzgWBF
z-LR0)k=|`!-{f?UzkmM@4vy8ePmoTOCl?d(uYjq}Ypoijnu0g5Erq<w?$mS=o|#IM
z^)xi#maXJTz{oycg%l#9us}Fp=(j?znV(s@zP`T4W_oz#Rj_4uVoc1V68)I=*s0vU
z7=YUz&3QhiuZ|2w$y4#lpXJ3r1kp5825f6C{-Efl`j<VGz&alY8}LW~PpOzzzJ3o&
z@=8%Rk`KXQ4no>JB);AS9tp1KiWfNGn|=1X^|EecE-o$rek&H%!2&qPbGt`A(iX^_
zLHiM|Y@Apc=2SYSo8hE*X3C}Gcb2IT7Bf0|wC3@Op=e$lZCd+m)#$iyhlz=40G|A^
zbylmwy24QFhYTyV6}jQt^k?aO7fkdnykok{$jCVNl5Zs+9pn=~J~E;uf&aZ3adyfk
zY_AG=k?kj;WB>}OmW{h4_z*jFd~|60jnp**0~(54@{v7AoW!Xd4KoCzn94uGYR3Vf
zUH7yDSS2%4?Nh%(-dR>&`4D{`e`{-%IbUXOUi=%OhDcR(!zDuykAvTIDxah`a98kr
zi*(r2qk|o@cG7dXI27uR*CG>gKhU;Vj7kAbp>vFQb&{Sy7AUEy&oA+wa%ErG(8em-
zJ2)hZOhnwla&T~9cJLth<6Zc1^Omb?*^e!g>dfjh)eja`!SMd167pT-?ytSduWcX6
zI)R86_~nlmCunq__D3T&soyYqMJB}JXH&+ioPe7ETm%5|p)R)Qv=!WeO6xQzpiQNI
zB`D6+2*{0<7@D*VvmprZed9#v?PGuZo<Gfmw5(>skE@UD?N<QA7N4D$r)(v3YSjyl
zI5{a8bh}M=if?||>60=v(&gl$yP|z$ClD7k*0-nkqgnb2m7VZE%-1`n8^-sDmpW?3
zuKQd^PCv7?O<KHkvPikGjqRU(X5)v?F<S5NyH&^sv8PRpAX4{1rGy5wXh~G#!aYG>
zZ~XrK{{8#Wz={Hc&-kW!cJm4sm&wY2$2pLB{a(zwNqqR8)hEpEN4o_AIW23_+bbio
zrt_mBb|X(~<tFl<E#NyV5xdpTsLP*`Ac(+>^AR+6?%a8#CKs5B$1R|?xl>^;Gh}PD
zchhhHI0T6h&@FdJh>Mq3RkbU7to_(z<1@XWwg)ITAU7kVdPw_s3BT53>MN8Bk^at4
zt2)+PeA0LE2=k_uj&~Z^C*cuz?9!!=ebx1lPPY9!3TRSiaujKHGa5KOzumIbo!#Bs
zp@{QR#i0F}XK_VEU>2&qz5e)x4;?LST`Q_JQ#Ws58QJIc^i<qwgwR(wCfrw!gqE<S
zp|Hn8XbF@%+qIxe*}lOxmfhOd77rFAN#VS!%RVX1_h?WD{$1r%LadI4<3;Z-4wc$h
zCwF1*?KO<MdZr{(J<H9`1d9r+r_e6r9FtMJ7FO|L1SSyVp+XJ&L=5u0KHCIoHdrpG
zZOl3bZ~-RkeHPrLLCpN-_3I5+GqcY=`LMU&w)Zz@0apMfT@sNSb@w@nX+{;>p$bYb
z)vRbpjoe$lwRsUets=1xT~WO&U)^RGr{8#!T5BCtg+UtDpUO#IcagbB#Zed)sO)yG
zzaUB7(2)5V$QF5QhtVjd?Ng7;v=ds^EL>gbDi{wSqSHH*Bdm0boNW{5<!NxaZ$rn&
z$Bn8S9h{u*a)6d)5KnDwa6{X58lEH3H^Y?+Vf=N+?L_s*5dzG56W6VXVULS(r+m(9
z0avNh(4~yN3r^t5T;-lzqHgz6;YWuVVdNM&I&QDF>y~p7UETovll9<_Jejo}V>ri;
zP0dAv23dx=7Hh!V0qsfv7wM#bR`b{PIH5_<BOo$z1CS9`R#p!8)-9WWas((Wlag4=
zi-F7ZQ#LS281k=p=IkuOj2&P13nu6Pwz~xme@V$(|B+j1m{*@*=;gD#rfC>=HeOR&
zZM4y9%6I6(;j@K9Y8&;Brv#nO%O&Z%q(%*fHf69ajOp6kDVTjyF>951YE7?-h4S?}
zcdG}4K~vWk^luYA0)(CzeQ<dNIOXJg0eOoK2s#<x5Tn+Ymz(T?SoX=2oIBWw+02td
z!=i${qaz?P`L~hr0Ryaa%z0v?8oKCmaZv+JJ;<HVbj$;(d)Vw=yujoxyomaEkHyHM
zqCRcxNz#t-i-ld&^aa`N(<BsfZ0p0(wf&1QO-Fp<*H`#hv!mM>#W<;sn?BUR98de-
zf^_LRR6yXK^%e%x(%PDiL!+&V@Qe$>a$K65-5nhYSWNRWNY7sH_r*+3PQsx9NnYXi
zB2s?hG_i`B*f;`&kS11IBMoC0bP>N$u%mHYeDR<PDx#-{ou_iI;>tozmU*4=et1Ek
zD~yrU*7qh>;-iQ6fE>fwKHM}a;;_f}Jub|;b(Xhv2p!?H#Hz17?nnkAWs5#g+W>uw
zY91B_1e|swE`H;=G1Un8&lgZ}ck`B(mH;x(&Bb-euLwW50ARby+qZ8!Rvq^EBm17)
zKq3FRXs6Jb`5Gd_$1}%kduuDWJ=I$Lw8yC4vH!u*t_^vuDZ@$}mGn)#$OCBZu5wio
z%;QttxOVVs%+NEr_^xGXR3hVo)8yz<urX-_2f8Y(wsO~(dzB+9sksUmhtgvpsR4Lh
zOnP@va4-@(p9n1QH+OxI)c`eSJP$vA%wcp~Y;0F|w=#D4?9p>Tcc~qZFh0XoJh!tv
z1bQ)=;N8c;Q82+@n0!n{6CM#k0^O+wr*Ho(y2@<_p*JLA{z{T}d;E>?iK`q^unl?!
zJ+dWzho7TqNUcHnf9;-h!Y?e#RF6l*^G<p#CL6eG2-dbT(kusS==xdbb?@QPl@%Fy
zII4)%ZAT44ZTKVe&DuDPv?`Pm_2Q@<l;viWW4a$I{e}j49vr7mj$?PJLM9i!oSd}k
zng^hJpPO65PVlOK=LE#?wHE?evwS?X*U<RvSaq~<7A5Z&SHvTqH;%m-yINaS;P1_G
z3%hscqP%A@JkTHe80jn8;emxHfw(a{$WnFDRSUZ`g!&4KkSADVc0)T}w(o%3)YcU1
zj|om@2_(Jjb6X98G~fBbTk3l}xGQ8(8DkiH2fHqlRP|<6{>~44nUO78zR(Sa8)-C^
z{ecf=s+>sJA6*6UCb%qqNx{G1!4PQoFilMTl`NEp56os`byU{qFl9G1?bKm)GISDu
zd39>tlodB%nYzPwDrQo6#&CGsp~7{_xw*IvX%Bp1HtssjFGw;{6Rnz(mxt^5s)J>N
z53ONFlNw|e-QMA|aXWI|;ONR*4Igg~X!%9Em<cOl*|hw&hNqVbox)5K`#eZY^+iQR
z=gvr9vYAh9oSS<DB6{ziAAs9YM7MhVUIO4W;&~xf2V$>g)pO+1JB~{?;Y>eAk|(}d
z!EMi`tolw?A7$WdNEVQfM*NOYyLgwCrmblYncT7D_0?5#PzP@)q_mBYv~hLqbF2b!
z7(XcRIaaaATUD1%@9tKLsyOk36P1RUmHmB&vSB9+T)B)ju3UxOr}5jtOx+&n{psTf
zUkD2msA&)DDr#Q=JBRN}97KB8O`dD~>BEbb_u1u_ldCT--k5F*W`mPj9o75n0W|_G
zEp3>}?5`RRv6}yEOL$UJQcO%tRu-3iV4%}v!@awA!Cj!RUnNTaUk2gi>OICyP1RH=
z{g$G_$1kp|Wo{`^N|r;vy12E9>wxqY`njE#3=V;f^eBZ~A6wRIc$kdul$=a^3Y6K&
zsi}JhAK0>C)r2%$CUu@KW{w+Qk;a=C8NKyMZ6V^7C*zer@hPCv4v<l>dnWiHZ1%Vn
z51Z9Wa`BUk^4k{|T4Rs3Jez0@(e3q}mkvRXv{pC-vQG>YS`68+_=#otczDW-W{YaC
zt*j)f$izgJ;Zb6x|Jpo#KGUZ@b!E$rCC7T$-H!tif?MWeU#C|sWUQCf8eVvOXJ)N>
z&6*$(G3XrU)$AbCUC`XE>j$Kq;_Ew;RO{mCF?)#%nN0OzAej0*D0ue21`dLNql$*1
zwQb|XJ)5e0<hSysMG#OxWH*dcBul5Bv3ak@fc`hjM=^%2OKZIX&n|OsgdG731k?w4
z1FzAbKn`5-Wp^?tkd7je{<gNcnVFWLXjNWLzif8zg8JkmQBLsZNj`k|cD}ykIf~{b
z3cjU@rR6mRc>rfzCae*?tAzFUZaUDoAaUKVeF?i_H+j~_@{QwlHU_+Zy<H$ia<|L!
zkSsnq8T2>(x^@|~qFUjEi3I-lqjGS{RaF+BcO*keCC{uBDzA6FSYXPjgvgJl8g5?2
zCmK$M_&6CQFP_P+!U=0GW=6oDVA<IJ^HKwnK(*RQNDBfi_g2aLlyyzySXt$AB4Tsr
znZv|@@no9Z8ij-(tKxs{QM(TGzfK=W-V=T~F=yc3fAIwVq#}QBKJfnk<UoI|$}g6J
z5Z!-m5%7fM2nZ;mEPxe*WWX#v3evM8t0T|X+A2*>lbxJFTzkNu<%p)yYVi6YIVf3u
zwqv%X$K(1JU;!w!8cM2~H1#syXVr`<sDF7Zo-5y^1Es4vK~MaW6wrD5`Y63-*@>cK
z?I`Uu%s>$$6wn%IdF9p9Fb_1bdepq8M}{Xg2|%NmJ<V%MjPOVQzx>+QP)v9-B4~+~
zEBd?)pVH*#tss<*1vn5&=vH!_hS%4%pswElP!$iZl_u61@N8b9Kt2!S;`%$-Gyntv
zWaxG_>>EP2VZe5Ld-mz|ez@_qY#75Y7)MOxcT5T_m|_RZ$FhnFtE#bq#K76{S`Sc%
zX#**mnwt1|%BA2_`lhDf56Ef?g>(P+k7=l=28M=)lGOnu^X1D+@3N-~Cv9HiH#}uQ
z$uoOLYflp73ze03NWVN11uVp{@NiICg!&%zTa@q%2uyREbbS8&T)Y$zQ?<3lpwNh)
zfQAh!8BBB=S3r3GpVNxV#P#;}0_JC|CCE}r%gWddt;p{@ZPTwexK59jN$vt+uOb%I
z?_SoW!(;={l1>x(g@q>IK12f%Dd0h-`9wuWi-JmJDiC5nh26hTE1sH?5|Kh^0x}ql
zgG2c*ABJ@r&isO-eyuFH_gXL~VuG^yg@w#x-B<vHsrs79i;2-Oz<|tV2v4O1kO2dO
z3qRl^06{{%1D!Yx3=HC*V?ftO;TK9spwrIHJ(CPyTXWo2IzvIR`K3o{f0pjy<^S;-
zU>A8Bm>3zY;UEkdnVf8O`NZg#oS3-fDVtqa^3Z^^%#*L5D*5GoG{s}8ELA(8=ZfM1
zl8iE7J_b{_%W7)wpj&DF-P6z<3<zg|lF23FTPNsz$bYsh0~XgFc*e+p&}{e83|<3)
z*<_ml6?+YH;qxHLnxfJ?2H72`=l4u&UiJ6(mKG6lwzB#F2-rZbf`UVSfqK8rABe&;
zA9c62dD0S;FFmVeI9d16(b3Ng!nIXZ9~~Fzfu;;>5mB7NG_XMcuLA}>KJbf`)WL;C
zQZuO<vL5+Z&}OcqyW5gz#}`PH2EV47b!jO0#F74w%@(;2z2h)kUsWXuBD9`Ga|CF1
zDk&^XKn2=l=CKTj|IY=yg$4Z7>`D;0gJkSfIGZjOsH%(o01N<1xHVe$l+k(rUWeOZ
zG4gV94x$M_<=kzA2C^2=ZVsGGa9DExH&0f|N4A5&Ta{wzgC5{B5d#Dj@J`e~fyp8l
zmz<moN>KTh6ZJl%ous@Fq`QsH$5NutD~ez7sgECddg}ICiW3l!9NfO4sH0!szkDJw
z#N9!@`2c42S|qSe$BzuaxsFCbI|+QrflvQ{xgcgzC8sWGf3W@;;E4r;pWkc?1K{&D
z8YLa?Uj1+>NL?`oSy2H{x_<Ef;o%UQ6+j2}JMwmSuNaa)9ocC1*ueo&#RP4!6~$-(
zXaYb#+mwStL!g)kN_tj|bfAC0W5tGt08)%kNl}qhl1i9-EN*cGZl78v=_`hwca*{#
zAdv-_Sw>N2T^kw5cK{zkh2|f09At^ab#2K6Q&T`e`1pZAX>Bb_^Z3RM?8YW2$n_dN
zd2&@Y{PJN}vJ8gm3%Fe%wE-gRGiT0B?Es9Iwh{noJ{wbnx}V$IIy-Mx5tIR=0qXGv
z$J5>o2TOe0ls(~*n=rFYV1&wD4|g55wR#LeqPP-KU@yU9q6}EJCQU$_-+R+@XNh4n
zbjAaWPZQe#(z0JP6G2t%1|RQXgyqycKreM#P|*O%y!x&?5b$(@40NVN%b}0LT>L=<
zz|KxMAQcd<P7nk7+r3upw02cjk0>`Q(Fc8$v`X9gbzk)(2w{(iP{E@jo7+FNe?r>g
zeMM8`2OGIe@B&^N?>%n=#H<txGKT*e0Fb!w1m>x?nhAeySnB-ZT!~5F1%{}7kC+F=
zfVO08t}ibxD|^*ICJhngbH_b7K`sI?z2VRMKa3n5`C3`2&BAYi+Px0c)#4u_SGyKK
ztJX#n?CtGCbi13Mpn?-i&JH3y*4a)|PJ(XUyr@=}ZSvycq9Tn352QaHD$NQg+wnUj
zlzl!K7*Ku$g$ls0ZbzYtfiQ(89Q5cx*@8;$<6zQVc~;(3DG}iB?g5X1=8;zcoNc9g
zBO@d5cT1LqMgX!?cbvG`R^lynuiH#Gt^0-Kowdq^9aFgw22kgpV@87K0LUUXmQl)8
z^Fo#$7w8f5$P0A!8U)}fC`#!2!(cy_@l60<IvD~JohOwiSvQ}+4eFDN|Ca#a@&QrA
zdE#aM&ib!|{kyv$Ja~c9Q$&k#1Fv{OYWd@DyOYlUAw$6F{&x?_H!yzV6HJ+jT1wGA
zG6*Hu!5cl&#E$-XL~7)4`mz5TN?uc$KYo;sR;C~C6s3r^<30)9Padme5qy9b_=oQI
z%lm5FTG7NKZ;~L2l0hH=f{T(dv+S$pf>&DBYJNu-0ZHNB!7LYa8lC~e0lk4$OA0`7
z&)N6O{Af$VRQ%;hvfKP7&z?Nzclbvx#quw=@E7M&qirPH<I~>}osd?Px>SBKfqxIX
zfkX*S=OVFm(edxxuASvgjV$}kksVV1ll1(LLH&x+|Gya0qrMuuDgiM)>1AEJMN<h7
zTHT=eJ78!NV2EVU{GE5IIlm6Hm-O#gyM-BfQx{MDowCh&3WUb?i@$3p78Z!&K2Z2O
z+Y5k>O6QyQi*bCiXq1-em{6$ZFEa4SM1xAe>mmP_Uf&yyDL5qcIg|(ry?l7M1gB#k
zRsLsW;3IPOfTVv1PNx*2{_n7q$a=~D&RK(uU0U()jL6w<aQ{1A_JGBIxux6zXOsV(
zYQWhHx_{U4tdiTyzpM0r@Uk#hp2>O4icG>j)v>}7azquBkXdP!$U+HE#+9Uu4LGYr
zR$Zfc@_&e6+R1Fr8Y`gbl*rg?o}<7>l-vjrVB`UdM7*istG&cJQ1F!u3UC_9*l#fX
c^TU0-$0~weSIUxz0Q|dsQ~gGvlG)4u2b+vzv;Y7A

literal 0
HcmV?d00001

diff --git a/examples/cloud-operations/vm-migration/host-target-projects/main.tf b/examples/cloud-operations/vm-migration/host-target-projects/main.tf
new file mode 100644
index 000000000..a0e899d5e
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-projects/main.tf
@@ -0,0 +1,73 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "host-project" {
+  source = "../../../../modules/project"
+  billing_account = (var.project_create != null
+    ? var.project_create.billing_account_id
+    : null
+  )
+  name = var.project_name
+  parent = (var.project_create != null
+    ? var.project_create.parent
+    : null
+  )
+
+  services = [
+    "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "iam.googleapis.com",
+    "logging.googleapis.com",
+    "servicemanagement.googleapis.com",
+    "servicecontrol.googleapis.com",
+    "vmmigration.googleapis.com",
+  ]
+
+  project_create = var.project_create != null
+
+  iam_additive = {
+    "roles/iam.serviceAccountKeyAdmin" = var.migration_admin_users,
+    "roles/iam.serviceAccountCreator"  = var.migration_admin_users,
+    "roles/vmmigration.admin"          = var.migration_admin_users,
+    "roles/vmmigration.viewer"         = var.migration_viewer_users,
+  }
+}
+
+module "m4ce-service-account" {
+  source       = "../../../../modules/iam-service-account"
+  project_id   = module.host-project.project_id
+  name         = "m4ce-sa"
+  generate_key = true
+}
+
+module "target-projects" {
+  for_each       = toset(var.migration_target_projects)
+  source         = "../../../../modules/project"
+  name           = each.key
+  project_create = false
+
+  services = [
+    "servicemanagement.googleapis.com",
+    "servicecontrol.googleapis.com",
+    "iam.googleapis.com",
+    "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com"
+  ]
+
+  iam_additive = {
+    "roles/resourcemanager.projectIamAdmin" = var.migration_admin_users,
+    "roles/compute.viewer"                  = var.migration_admin_users,
+    "roles/iam.serviceAccountUser"          = var.migration_admin_users
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-projects/outputs.tf b/examples/cloud-operations/vm-migration/host-target-projects/outputs.tf
new file mode 100644
index 000000000..ef78d4c7c
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-projects/outputs.tf
@@ -0,0 +1,18 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "m4ce_gmanaged_service_account" {
+  description = "Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects"
+  value       = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-projects/variables.tf b/examples/cloud-operations/vm-migration/host-target-projects/variables.tf
new file mode 100644
index 000000000..f6e3345f8
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-projects/variables.tf
@@ -0,0 +1,44 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "migration_admin_users" {
+  description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+  type        = list(string)
+}
+
+variable "migration_target_projects" {
+  description = "List of target projects for m4ce workload migrations"
+  type        = list(string)
+}
+
+variable "migration_viewer_users" {
+  description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+  type        = list(string)
+  default     = []
+}
+
+variable "project_create" {
+  description = "Parameters for the creation of the new project to host the M4CE backend"
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = null
+}
+
+variable "project_name" {
+  description = "Name of an existing project or of the new project assigned as M4CE host project"
+  type        = string
+  default     = "m4ce-host-project-000"
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/README.md b/examples/cloud-operations/vm-migration/host-target-sharedvpc/README.md
new file mode 100644
index 000000000..bf82f2368
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-sharedvpc/README.md
@@ -0,0 +1,44 @@
+# M4CE(v5) - Host and Target Projects with Shared VPC
+
+This example creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple [target projects](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#identifying_your_host_project) and shared VPCs.
+
+The example is designed to implement a M4CE (v5) environment on-top of complex migration landing environment where VMs have to be migrated to multiple target projects. In this example targets are alse service projects for a shared VPC. It also includes the IAM wiring needed to make such scenarios work.
+
+This is the high level diagram:
+
+![High-level diagram](diagram.png "High-level diagram")
+
+## Managed resources and services
+
+This sample creates\update several distinct groups of resources:
+
+- projects
+  - M4CE host project with [required services](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#enabling_required_services_on_the_host_project) deployed on a new or existing project. 
+  - M4CE target project prerequisites deployed on existing projects. 
+- IAM
+  - Create a [service account](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector#step-3) used at runtime by the M4CE connector for data replication
+  - Grant [migration admin roles](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to provided user accounts.
+  - Grant [migration viewer role](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to provided user accounts.
+  - Grant [roles on shared VPC](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/target-project#configure-permissions) to migration admins
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ |  |
+| [migration_target_projects](variables.tf#L20) | List of target projects for m4ce workload migrations | <code>list&#40;string&#41;</code> | ✓ |  |
+| [sharedvpc_host_projects](variables.tf#L45) | List of host projects that share a VPC with the selected target projects | <code>list&#40;string&#41;</code> | ✓ |  |
+| [migration_viewer_users](variables.tf#L25) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [project_create](variables.tf#L30) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [project_name](variables.tf#L39) | Name of an existing project or of the new project assigned as M4CE host project | <code>string</code> |  | <code>&#34;m4ce-host-project-000&#34;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects |  |
+
+<!-- END TFDOC -->
+## Manual Steps
+Once this example is deployed the M4CE [m4ce_gmanaged_service_account](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/target-sa-compute-engine#configuring_the_default_service_account) has to be configured to grant the access to the shared VPC and allow the deploy of Compute Engine instances as the result of the migration.
\ No newline at end of file
diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/backend.tf.sample b/examples/cloud-operations/vm-migration/host-target-sharedvpc/backend.tf.sample
new file mode 100644
index 000000000..4f2bb3365
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-sharedvpc/backend.tf.sample
@@ -0,0 +1,20 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+terraform {
+  backend "gcs" {
+    bucket = ""
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/diagram.png b/examples/cloud-operations/vm-migration/host-target-sharedvpc/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..0746e8dede61bfffa315cdd21b930987e63dce96
GIT binary patch
literal 34273
zcmd43XH-*B`#nezkS-#<geE9eKmnyUX$ne}j#NRaNDl;&A|Qk!O`1yYO?rv+(0lI^
zdJi=alDYW4zxmI6m|3&t!>nN~)=Eh3x#v9hJp0*uKlc*;N>hcLgpmXX2ZvluRY@BM
z2QL=~2iNB|9`Kj86i68kP9Tn&lDw|B*>1CeE3;w4My*goqjvE}#nDJhQ1)%<hg=~i
z99#Pf3n}*EPR>IoFP2jFk3^;SHi?IgW7u%p@Pj#V+WhV;`W-Z%FWz(fN%leyH$P|u
zhK%V^pnatpsEn6?i8-QFn(XP1H%tjRzG~@@=fMt8ge!5xs&erS!>DLuRJrbkD^)5{
zA=Uo9Ao+jtf&~xNd+Jp19sHrhWR5nY%4%YLef`<ZsEa|t<fRh8=YbK{Hj!Y<<{yi9
zfzN4T%GiN3jvB|5x6<$^w5%n^XaQ5u=Xm>>Pcs<YC(ND+99*o_Mre?B8<l9KAOj3$
z7=AMr6;hx(7<@CwyTnW;ZX5{XXkrvFRqOkA#p?bl!E2eRZ>HX(&gJOZ86M;Elp7JR
z$`zNOI=vi0&A#;E1)S$*t+D@~pV*NcZZM>(-y4z0@%dYevxfX4pM7{yv+4Hz9M`8e
z>v{J->k(i=6-MjltX_9QuIo?YA!g_cS#=0T%h&4f7?w-&cw?>jUiC-$x|{1}nEyXP
zNsItjYggQ3t-Cn2vq1k<!DgPcV-4PwW8)!-OD)9;U1dfzr8iNg<@s-vE0j6ROJexu
zS+dQWgchjJ2%WEx=d2ko_c-}@tIO}kY8U7plaj7dQy(867Zu%m7NeRS&-Xva-sdoH
zzK5u~SQ|S3dtDkgDb&*PvH6m^JBLrW@RR*p0U~vd6ixM)Fn8=o3TcgOM(tDgMZz()
zhg)%5DOp{VVZ#W7uC}@nIucQFM7$z3Vq|Fe`oXt*1u_5K1?wu9V9TuB5?Ky0VSe70
zUj^?Se8#*P>fSpFmNf}-h&_BHAtiOG>}=?CHGG1IbGDY(n-Y%suETtniiw_?iXkb@
zz-UfPBE%tV-N0e)N|^64uOOQQ-p+^jYL7^1&R(dK@-l8WhIUyqt`0mok6KHd6g!QM
z?wcg2Djx~mUkU0BjUF-F-OJaVkdZQ-7&U$~ldPkiuBV$~ZUz+^6?@QHJoWxz^}zM&
zn<6LGASh?#cH*a=zu#$#wWppw{yDB*r#K@0u*6}jJs@`@!J0-taiY5VM9cE6eoq~^
z+25Pc_<%W;DZY%@bGN)k3Q;!st*-@D!hT=_xmeTQ6xFj!_4R!IM65C`^M0-L*yV(|
zka-zqS{~I(J)xpmxU7Ae27dWw3R76*^4o9o@OnmL2@Kgs=M+u3EXevD_14OoUF`RF
z5<%0RHTvos=(TzD7q(z<iFj%oJ)x3~4I#%AaSA^ll;wXoKCG$t-Pt9W(=c$Z^OY(o
zE{yH5PL>ptVWmFjfc@~6=cOq{*)p=QC=S%4LfRO(?rx>u<Wf8;R`yXN0<r749|ju2
zdat*BR%wnGS+xn=_%RIcqZ70gUf0+Vx{&ds7!KMzJENc*%2>5CmGWAg6aUflQ}n4Q
zh{o(uvIh#S3=6biquo`)aod<Q9m;EAX&(z3V889n%4p-hqP={47#(Z4LNWB<b-={B
zy60;eyr9YkPjl>#x!Qe8pLGp7!Ns}&>MNWN=URNzMqgxqQEQh?n}ll(DzHx<oQ_YO
zRg#~b`Mf#Fe}P}hDMuWsSqC|2P3WtcDl>!G`q4m|GcMN>rmV7V3te&{cYpN;Blv?k
z_e?eqxoaLH%1U`z7h?i2nKtHF^N0hC_<it!S79{aK%91ow*9z6vw{BjXh>b!R+&`N
zAHVgbtAg3*r=p$txuuxsg)A7>b+L1ysO6`9K!AMdE7hDx@|OeAgZmO&oLN>5u^udX
z&HmR=X4C!oT3LRi{6|>ehMmx?8O-CL;Gk;w@PP{~kWYO7$E`7H>iFB-8Fk)DT^(9O
z{kIJQMBiqnFEq7rT7`%LFe>>E&5k)?F6sf-y-!#X_VxFJ2)JpOs78oy-}e4+OgK^z
z;r7(g>!9`i=R2Row~vk}@!))^jR#AR+aHp|JvBe5iMeo{Yh~0~tTcM<8$9+P6_jH8
z?B(j(;(x69R&VT!E=^LJy$g1FV&K@&;+?9sqpEe9%b(+JXnNqDWbMJq4w+E#2Xh@-
zMw+k-&PNg)qA)U(?p&(kz)kpi1zDko$GOta_$tXnaO`(#n#`d3T9^5*8tqCF!i~g6
zo*Wd-Y511U7XydcO9G<p@|s78qO0%v*D`M+F)B`HkdlEbFJC(JRa66HHu<)R@eIKu
zRNU-+ooiCBCyFw6uP+#@bvr)$#p~#3mS!ybyS_nePG4+q^J;m$7#bK7>b2&bn0tBj
zL`50X-(L)|I3!5jsW=L^TBTM!Pe?md4pM0QtjPKN`SaIRpW}^{J{DVF9(qZ>D9o#+
zY*l)r^wpIxT*;T`ro31OAULo6w^xU}!7KfS!yiv3JRIrkoc1!6w)^qt1_xPFD%d-5
zr@|;fpBrnE9B%~@$%ACPgX?ROoKQb-=LL!#caz}K&EQuw$x+O+u1VVN5zY%uAr^S<
zI#r|$RVh44ABi8%OqH4_+AckN6u$6&D-)-rv1>y(Qb1JDyzGFP49ptMf)6V)^1V+8
z@5V^EeXRGI5|n!OvoOcb!st^VzC7V(bTj#FlJ~m|YoEU^J~Xs68Z2R|Etfj;aeW?+
zlT(;OX}rsvDmuTxIUN@R%iUafhpMjG1bHZ9fAFEo%o<OYwtBICP8$bLkb+7CXr$^6
z7K64)q{Oyr>5cz<%@2x6&$F{NZ}B}|;pF)-B9S02xMK5+;*SaSj%A|7sdQ{v!2Qnz
zUJsv0kFC#^bbR|gQ~$KR^HFo%mp95S4TZDRC`Y0f<BkgG2%w5@dEW=BbPpPy`O5Lz
zcnz}W*{0d#aO)6(O8c+7-oczpoo%WusJr}70$#?(nCh_L?!#8x)Q~i$>bK6W-eiHj
zLkf80{hxEEO3jE8j4ydm0vyYSq_<lv-3d}Iquz^y(fGzhc^CBnF#W+GQIV?EDrC+R
zOpPt?;S23d<649LQ|9p-G0<}Sw;lMBS0_!{0Uo!c)fjxl=!E>dFCU*rk#29r!?XUz
z3z^rQjGxae?`jW?b2#k#S}khu6Qla5nVevg3D~UCkKzYDN!M3Vi+%4kIMIxJyaNN?
z6GQ3d99Tu3i39X_Li6{vYriUX==sUn)miuPLwg2ox7voa4?gm*!>fums#DLMmmu`C
zRMHZU`_GfxmHe&Zq2|j2l9Z)OEeCsa)1$MYzf;Yd^YSQr&P)6#T^9W5Ss6a>{k5{P
za`*GgV@KvhMn3f+kb6>Nd9ayg@anOw5c3BMU)!$L0-?mM?S0`;adQqiOpxyPz6tQ!
zC5xk=$g^me(`y}LI_h)0zT<@7H6BVzoqvUlf4EpY;^M#S7qD7m`byP1Kz@Xp&I@2*
zA5H$70_|)w)I8UFV1JT;b^ciy&z$sy<`$n-+EfBF4o;Oj%e&j3I^V2hb!!pYCYeo&
z)`GF6ESUqcK7U6gAKFx1=Fvb|rC02vDI*o|OqZk`T@G+26DMmbWc(l9{rHD<&EDt!
zpdf3l%YyvyAG<>vk3Hxf%iiuT`RZM7g#wlYdmI;U-9iN?Hs6n6k{WudW6KvUT`|y?
zb7qyeZRBOlIL8@gEvjoel_XJqLcg+eOF$JAVnzd|j~*on5TbVQYpZFn@pq0xORtxv
zY~7y}-fyo?6B)<;JwwjQc=?$7KY1?ACTwDz1W;I97|h?Rrlz#DJWH}XJ?;Au$I}FH
z5&P?SKT=Y;g^<3f7FoZoUwcuabdC@SudOrbtM$p6gan%Ln6&Q{su0N8UjS+Bgv?MY
zyE#C4#fcKBXP(fX7@wJuv|MmcDouldPx}d&#si@#GxcA{yb%Ce$x?;`Lv5!Vi`7gy
zXEs|zcK$Wz8tCtDS@e*G&Vgin?=txRdFiW&SiRzCtFv$?pCh4&96rBj^z0j%!Dk{E
z*U=W;pOr2xazRW9JQRTWoa16Rs$32>KX@KDd|b<IOwt1IvAtV!%6XyPiwhvf-S=-e
zoeKeK6?r;eY1ER*GI}H?SV6cag6zE*M_*3tz@1;e`+~NU{|OHBoF=F;o1ms=e(T-2
zIB@+?mhS;S$(Be><hScl6zK@@!|S_G=Q!@}GflY!Kkurg9J&>zGG|ivEjfcUMx)N`
zTsVBoz_Ik!EtQYaE&Ww0w7MnuI&0+Vh9L<(DFkXMs4Y|uK?1p+Kr=g4#k3Zh<-75E
z?7`-y_RPG~#VM8ae7(ncY_sBPJy8W}tErmv#s(h_Zq<Q@VkSrAPV8`llXpxQHG@kR
z^U>y$CFkE5OaFc^t9h+C^a{5&wgGG9&#jm>>OTHzFN+b2ck0q)ZoY`^FiaTxr7uWI
z3ob}WVfb^9dNA}vteT#?H+G~V$<YPvz1a09iRr{m?pZR?BLn@Z{{BG@Sqd;KNx<hI
z&aA9c@|RwFtho6phEIVqE$681&@eDzEXR4*hJSZ^<+{DTkLtBsdpl>9yE}YUm=ssV
z*EX6RDO&kK?ve<a!FDGlJsp2`k0p(YLsxH#qkP$`vb1FdAP?Vue^oBE!vu&Z$yi1L
zG(f4F`)gDb-#wDzFa9{=vAtSqx$)YgcUmm6&<)C+IRNo%H!skQxP$9w{OV0m9nns7
z6qM*z2!|Q_|M42*2>dxaT;c3mjocVi>AIhFCtT#NGb@Tcwt|07OetXb*i{jMA5|6$
zy4z!p6DTd!L;zQL>ua`El3L4>SqA{(+ep=xW`F!U?udjbb~d<RX@l2BOHwUF1AB{h
zpEdIwc~sl%&G4$*gxD*LHQUSm7!T^Q)ZmWAw1-i$t{f~#p2vP$`dg~S=1l)suEku=
z^&mT7tcjG5iRuj-l#(Jc`sE98u^>WSzw6%WI>d{1nx)~yPw3MgSEo~KFVD&BzRQ%g
z(|5fTU%lMd6!upx#Y1aM$7b!Ob4d>;3dp}NT{RD$O1qE8leX<FzEIB@?U|s46HNpP
zw=`AM-xuH{y&X&)rybY;P_vfb#d!S~fF=Km6XEaQuY^WN<4$}b-e&x+!1*gSTBWN4
zx74xJMDU#QHsShfrfKkLm+APh>?61{g72F;V*WNaS?tpA`0gHEpk72o-yLxaV=a^U
z*Rpt#yJ=0Gol_rO-Z{2hExTEM*lr6t{0{r+ji96;zmoRDz(?wvo8zG_)*`5?Kg&eW
z%->!gzsm&}`)#c9l(MhHQpf8!nxaceieTr<H&XbS;Ego&<%1`=hRbNbVMV}wscz|3
zpByIrbrPBh>~(xA$^r9m?QLyk=nyD&=#tT`J(KoD9CnQ4RM_2ep9|%3-ZujnmtcXD
z^6%HW6DNNL7h7A2Bi{;g#C4pQOlHZjJ>cgod$Hv5qo6UnMxdyigI9*&h~#YP4r*g4
zjXdh>stbo|ohuKl34;uY{KB=nFAF|_yU7AI(n2kuQ@l2W4Ki$IfC8B<RAF5v?L?nA
z$Y>e7*WVzRIwpwYeVoK`dX8j3y71(O=AJ*7siR?FA=13MB#PE*V#T-f@nIMV4ARkZ
z0o`>@eP4?tiHLRL#O`nI{*5K}zPca^xLOTq`>RcNp7(`Sy^pW_nK_LrWaR9*w>6oo
z-~Q-CU9b|@K6<`*9t<2!9&2u5w7<LVu^tqaRW)bYsG_<b+snh18#vEDxID!|&y3f1
zjsIDty9=dYbp&^Ddhd1W9kKApgq5c2KG#Cad3npvo?A%1qW3OKwOW1sVq{;-@dfwI
zZrDoQji<2X#BSau4TfAznua1sHwJUoX@QkgK+6xR*u>1DI*Q>$aQvWlp-dP(Rs5H@
zi*Lm{Q>7}MJm+pxsMhuJeDBoABx>!-%UndPTMs}C0jA?y_qe$*XQ-!VZ#Ln*kaiWh
zcn4V`j~%Uv6r}YIY8uz^%K^h56O*wZG7JEI&T1Z32b+ug4ECT5)}-dGL&?yZdx#~7
zKPPM#W|}G_x|;&|p|AHH5aN{PHmE5}z0Yy}1}^UpaNZ52)%Nf`i0d;y{z|MwbX#cF
z1hRcqTv5P~vOg19BT%vj_R!Gi`}4qy{Kx3n9Eci4pd4y)>y`ZFW?k^|qwAL^<#76N
zgvXH2ty@W@^N*AQlx?2;`8tft^x^nK@FAZHe-Md56ziQgMn)tg#4z7g=a){`8JznS
z7lA4Pc3#lNBxn*8JA7EaA`&ZnRJ$+TQQI!w8O)A6CXFattiwl4vHgTxNIZO!PJYln
zJ~p<q`C{Q*HQOp4Fl+K^zks=B+|(HOOYA6D*^g|3TRvhGJd9xoy(uwK4$z=LQM3Ei
z{;G;rFVi!CVwcUDJS=oxr*`9-JU@_C3N?K-@+0%T-;>(kp{If`hWMI&RufYj4g5FQ
zU^I(w)|DM7Y97c1SUbl3fSNh^!P>2O8vQ7dy*pnU51OToZzH?GzxA-kMWk2Qa^b%X
zH4Q}@-|ef(im<FFm!6o_$EVXfO-A_%2?-qtUAgPHy{PPOCn+h0GVx|H>Yotr#ShXO
zKjt)5s&gk@5lCTI=5yei5-r^(dL9Cgd;m5UOwm)YrMj8EAQg+LtXFL31ds$K>0VLy
zySVrlNjNe}((|Q2$=6|>IQvHzbD%*c4$$eXFlCJEK2j&sPP*BD`Po@sa~8EKt;ru1
zA079i^kz=|j_uI#4cls^&JM4jV`+af)NK}pHjc8T7IPirZdncq5s`@7?VZ>5=1X!8
zzT7RUYW4)FjZIBoU3wQRA9T{ST9&dd`d{OtxhqeT9ykL=VD@U<f3L)Fsg?I7zzn|j
zHhqH7iBrmSCM7eW7N|)9=B9e`dZM|}v$T{I&2p>G-EnZNZ)5#5Rjc`W->NiK#eeEf
zY6w>b6U$I-f!8<l4Dmv8vT%voD>F<6{2=Ac?Z~gS&DNjSP$QRQQ5N}j+7XOj?V7^{
z@KLHe9v;|@9Y2&Fwy*z3n6;a0fZ;P(6Ws5uy}f*a*{gTnL%omnni=QbP2`mV6-*~5
zj-=|`G)|okP<pXJna$n=x`b1lzgF>r6!v95N_ZWSRPG_hzt*FCo_ImAXU$;`j!w=r
z)CO)tBLJGwdTuAk&6V3fH~@ue1*QWI7Vc;2yYc2+In$C7*RE%ANwwHRc>W7+2rJ{y
zr4DJoKN3&xF979+l(gZ%<D=)NOG;Mh*0_vC%tQMWc-z4|#M=E-U(LRL<v4(GpHcCx
z8?onBms4YYa&Tx@?&4xgXqW8|MoG`rGk+znbkhYg)YzEl7p7OopSv|flyejn+Xn<n
z7F%$|3|!U`G!O1Y^cFJehBOxzlz^BSHT&QSfo;#8u_1@gmFs+_x`pl}SP1IZpD!N)
zRuJ3&VgOXAyU|WSwZ}u4OL?_q=T6*-=ZFQ}W3>4K_M&tNAOk5P+TXq=HV~YfHEa4x
zU>Pq$m}`E1oM|$OI|_i6lc0&hn>$w=QJIn1XiPH^kXmqoA{Nm)M6@1ZE{%PC=WVtQ
zHi&kCK#>a!GPHkI(x}FO0^}E_7uHfZlM|6!x(uHV{^r=q@=5%+4V!s0@6tQ0y206!
zFoKc>12w3W!Rk#?np>w|>7Ds3!d`wsTMeINW)%2fN6fE{T_$)0%dYmXN6aUrz<=P4
z4%dI4R7UhV@X$d;H=J<n_qQ7R;DaC;PhNqdH*aDp$07DU^$ofEfK=tjImDl)6Es(>
zdn7Cz-tX<97t+K$^VGJ2XQw={)?CiT9NXJV;*gx2MnVp4dFPjId>ye@J$J*BMS@tb
zRLgdlzOzbhyKww@L%*W>Vm`8`Ajx!tj6hfX@smcMOOuul$D;{M`P7gKgVKGi_dDBw
zv~xMwVZCA#ufq(tqJHg>bDg|dn;r18c<P6CadQ)XCWc!<unyQg*UPb4jY&f^`)x8U
zESBFdI&Sd7QlP&%V5g-FvJ8~4|5beUI6$h3UEql`-XXv23kr(CVm~RD>s8OP7|I{f
zj7@ai3u9Mpe5IVe0K1Yw^4u^xw`M{$cQvP->nqA3w;`gS7Q9MYJ#ks^56JiBuG3WI
zgqKp~lA(E-1R)&v<kDiz&6Y-GXM{!OWVi~P4xk!?aw~hOUgeoY9Oi9NbD43b-aB0a
z^bE4}OY`EB<C6Llqp8V>$A>GcI|ij8Dm?UOSAOosgvckCN-!nkbI6W5=578Vr2OTT
z5cdAj6m}?b={9<(wdJ5*6Zuj6tb4F<Q~lZoM;MR7&erx>Lqmi{UsdICo%1$}j?Uej
z4+aME{9?kwdd5><9@o}oGs_V?MC~Btu6B1#G~W9K$P0gEl+(fVJmcq15X9RK>CAcb
z_cP#}$w^C!Lp+_Gtv`~@RHf|@;cQ!td62)X_jyy!tYOLLw^%;q+87+=`EmPPN|Fbb
zpM5V?P7{hlz>a4bv=aL|-1_?-Vawq3g#_{<Z9XV&6bYE8!31awXPv#%*nyPoDJ7XD
zh%hX4eS>a1?G8O)Z!N>`-AlA^9~&D3G{J2p&pmR$G%~nR%qO0)LMwOu{h?2t??@kF
zx~iGjN-a|IgYR+8Z%ikneeQ?i%Iktfkf-kROdn(Hn4%Y$(qr&`WohbWd^d%&R@*(-
z-d|gV>fNC&7hhm#u+!dNrTbEU(U&o4MOe@Gy)pArrZHfz>$GT!g~hb|Sz9cT=NWXD
z#VmX6c?b85Srb_>rBE@&;DZX6X<Q}zE`UUSCdjd+ldkmY5CKf8{iSNfdw8Q&E5Q}c
zWvw>ERnwL+Wv?Gj-9J*Cz>bJr=lLNqatO%ZUr4@J&>@zXzofT{dB3SY6@Syb;(ZmW
zz#hZjt#H*;;Avx%aC#<QEYBUE@J)}4JCA}Ax;drGyFo{LsG*n$?Pt;`lsM{xEs~sd
z<R4^IocNVaTMbP-x7xAv4KHH25D!pfoAYr_#1tKk;82syRFOGS2YpxL8g2acujoXh
zA3Aq5{}@&!BFf{@GQrhcEt*Nss?ze$c#FFfXu-7;dP_NOkLhr}wRJ|8Ejym6HY{`E
z*&`JHgZ_~bhJvSeKeiht3+6i>Qj$F^bP)M^_oCis&0`2pkqS(2_S&MVytCs(sw^*H
z`hjOpXQwn52d(`j{8vL$1$ASrj!D!mvzyv$4^k1#=%s1<8H4YO7X76sw;CG#q}CkV
zJ>Ab0aCB$JZ5CTD`x8HdRqr!p6f~Rfq0P24qkLTOP#~Gt{#Pamqd!uNUKMGQL1Q=o
zX=YMhzrM%xO8>Q<!4f?)qtD2CLspgK5>GVH`|8jDJoYhT6&cY-OQO{h5{<v@6v&`_
zC(^UG=+G%Mn>9a*j~X0lCq*(s?ygQNln1)8%aVF<XtxSR@fRaCws&+LP!5Lm;lAEh
zvNLslR*jrw$Fsj;%0~E$^mFftdgwU4mfm6=_$e4QWXky2r_mrmMj*y_qrhC!oW&?t
za9fvBbzEeP_-}KlM$(+*v&=g0v}SK*h$MP;4{$qNmi*r6nR0G^Qvv!(mj75W3wtJ-
z!tpKK&ggZCU@6=#iPko0-OI2bIlgEE!KkQ_@V+;J+PB09`1$DA^rKvYUxXX@<>c%3
z4rBq^Uw0q=PiIM)<EHti+I5pV|3B{M{ogkdEAF#Hl$!;0oML*cD+!EC45@4Uf8Cg!
zH!aB;E<~RmQ<r(n3+{M<9^NPHnP6RNWDg(*@1?|O$utn7tVL455x^Nh3&CKKlov9}
zKo=A0tRR!}f;*D~_^OIHdnRzORxB|Jk(C;w#U0<12M-1#M_$5t;(HJ})(SGHP2iXw
zYve-_VEB*!=i#q>Oe$oW$}LR-?n-fw(bL8CSigUC^EG2iq<duFXypeK^oOmruCC$+
zj(J?Vx$YaYfm}XDqcIV8WJI6#sA$-F;;Xor<gXKBRi~v+J1bMY@SdIYxXP{likadj
zg@8oj+B0aCLyAgHVSfHQeIIQH-|q4bZyH4_;Z+5z)j4)oVL@P`c~duYcG81GqqOLg
z6RV(q#AJ|gmwgsB%|2`R0b@D=JTFna9yv1qOPe?h?S}g9R(-_|QaYf|U^UgPg2t;m
zZNOgu4nj|>q0Mv60H^oj=Ik+<$!Wc1^jHomYH8}@WLrt8%JPWW!z6*vhUkdUHR@h+
z#~gEx_K!>B9NUgtOsPhr74_C4GkE{PtsjDp+YXH@^gR=PDv(uI8O;u|c&-WUPi2P{
z*A%p5WeO1Lo@)xKQiP*(GgeM^n+kI&vUhO~5pja|rAa~VBpSR-v$KReugzW=J$(%8
z*MF=eQ_e!o6c#>RchNr|l(;xD7`rw8)v-AG$1SC9ei?2#9}jmP2Sw{Zmrp`^6Vn;#
z=D~rv6@Cu{R|r}}cpoo10b4;GxU8TBU~bWG)hyK+A5e&`TKV{sDh33oDNk*_xEj8v
zD1*WK9W+5MwEKA&{4|C#tqS?=<V7f$zaQy0%#r}@dHjGO!<^9nbz2R5dEhGvuD23?
zdB%R!-h;1ETFHpJAA>ph-44>fRcc(4q2wgvymgJoW=)O8zQ7!n!L1RY`Y$ZHFGz8K
zIEnm=(_|<b*<hOuV_vn39l%FDP)hvTHo8riy}q#O{>RSW4`fVwVQnzdX@}D3OI;S{
zlSdA)k^kACNy6Q@VwaU+r)s=K2~)q0%{r!@CV%nb!6d+|Rn6EzjZs2+uk;C4BQ0uE
zeM3>t?gRUO=I+1cPlkeVXzIN`7=;Em22yHscn}_t$3i=CKGe{TZgS4|X}wUhYCdLc
zB#h*JkBe!jF#|K3y?L7|_FM+?Hd7pm?w<#be+`db+1d@V?BPRf+)FISu{5cO_Affv
z>=uu6jm6Deqa4Z{4x@luBS-$bO7M%o-X|psaR%@Wx@Do=Dnt8}r-9P>_VZS-!h+A{
z@3j#48>+3x5q+<Tk&cMXKVlB;ZH{BrPSWT#-yV7RL8_5;_5C~>iv9;&Wie3u0KVzR
zFdDEUQ}Q3YFJdC@q?_R~A~SLSIoW4)JEPBWstHY|(I_$Nj*3$#w10)u?}6Oc3NA>i
zIg$j`|G+NkI^}iATSzmt<Zm1R7{31p03h3G#wOgzEr>{pqtAb^0#k52j24l0(Bd{O
z`G1EJ{}&*H`6*T1^i<Fs6kif0=m5WB=qAc|<<JRzqQo7q{QW=p6^8txTVgmx;`RM^
z()zuk+t9C2_LLU^)W-bC_o;Kok$rF?Mxx$}&G5(U*jM`*CinJ*?Lh<laKd#n%Dd=L
zRs%==(&C5uQ-~tQO5)W!FZsr)39TN%q_qUMxYrm%A~YlD%U;5#`adl6S;oprNbwd&
z|4s@GRf&RTs8S;-*Um<suCT_Rjg0q$mwsdJ%h|e>DYY~=3(OPR3k?YH5-#;H-8(&Z
z%cToW<=M-^^bk}9TLy#Q)3IlU$3T8Pw%12^eI1}iDmyrM{)9ZY2a^r#{|uSHR6JZ+
zSG&r$@^&zJ8!8qN<Fdzr5T!zDed~_|Goz@3z$q_i@7>GRF1UzGPEKxVkr9hZ{|bd>
zW@L1o%+4CAtE;=Zx|*1zDg2ZpmLY5&9Ui`8{@KT7k<+D3E?{Xh+x56R`|sbsqodjw
zP6`)qZwaiMwKdn1CkZdl&(FhL3kwU|RMPk{*-9!Z$3@Aedy4VFU>$Bm<h}pQ+uH0f
zjTtf2-#_2zRaRLU=g-W-(hR`{C@SJ#-Hwp*L0Wrz(~q(F8yhombMx?AUtbHatgdG1
z7n$pyOj_T}f`<epF-t)~!NkP0%jpdm@9^AeBLUaw&#-o7$7DJ8it1__CZ@TuvCr`d
zX=(ja$7f1#**|_9AY3CgH8ovbUBv5z<mBm@nTN&ak0WD-fKOkG2zhJXLyllBE-x#g
z@U4;TM~J?)582^cTU$SFfBCz++h5i>%dCKzqmF@6kBpB8+vjM9b1jaI#Sioj4({*l
zSix0_^-WC&dOtz3FM`qd9#ZhKl9KCH5cVP?<>Oj!LQc;8_Dij@+o%^jxTs@|xrb3k
zjo(gp+};yO1PrkIH~U(+?<fWKqyICLSeD$J9CjEH3?C0qj*1P`NJmBW^VI`-<k9Do
zvoqRa((OkgZ#`Q1MSGi67K61Ikwip9`1tt3rf=R%PfV<>uh+DjS^}$;KO2h4OiG#>
z8F^dBp-G$g0@1Pb!-t6j0kTj;Y^<-hU@=#6r&H#TJp_WQf1Z+4Ru*QCK_=yIyFjky
zkjTo`!3=#WWJ)v(s_=BLUw_ZVe;g$BI{YY1vk*q$z)f4rA9uM<FchvJQ;D9LF+`jP
z`UBlQLqmp`rTO`<{gpX6YpCOmcV+qp2IN)XK)bL?bnQbn5K)Rp_8+(B8hF}{PEG*b
z($mvhxwZ0<jGTPMdSYUtLeDiC@!_crifG%E6J&uw#B1T$qw`jj_7~e;2all_yp}3V
zu))7MT{skE#*R2Zu&n)pl2qcIu6N>2*k9xWp$q}RJ3Bk1q+#BcB&Y}9rQQ~xfSvb6
z9@F62=mb7iZWha3x9Fa*FCzRH$u}1kRZEW)rn-0U<YY@H8%l=KF8CNsjU)-idq7D}
zZsULQC^9Em{|kDcB;CGKUk!>0WXdG?`M%nIpn<h#vSB~QE<_R2(a~{nQP<e$7Z4z$
zPLG^XW1y#(<CPT`4;$M!I4B$2D#uY>T3pnG%f32bM1_Qe{HcnH8rW}GQhj&Oa=Fc?
zYiw>Vl;$<71h;!;h5+8a)|(wN2~m<AHuuhd#v?9H31J;JLS0^R<b4efH#9Z|?inK{
zCT<HkGf-0_-Z42#1XjrW1@Pq4i^UdxMq|S?c@Kh44Rf|4LcV8a+WEuW(8oyRqff<D
zV`#j0Wq(*-@CyjwVpmpH-oAYsNUqMo!GVX5Z@6)|xM&tYbNp{>Q7Xwq?;N5hv&Nq=
zJFKq4@+uGq;EDUv4T|aa9*By@OF#Hz)t3SFKHFuGH7J_+yIi%Eo6F5l&CG1_>Q$gS
zG=6Pst4A~9Ef1tBG6oXpgUC|GPgPV<@SM8NRWJ^B05(gAsAejV7TsUK3+tYH!|U~~
zQEt>-=-Buc;D!RbfaJ<jT~KK_zGjT&FZQ_=-*7q_nj^RhU#N+lqvO|~j-H;0Yma|W
z7_$y5*y@;=II6)jUprn;syO{+JJ<puNBXS#ed3eQN*`zwG3X0=;xv78I||}P&FVRZ
zsjs>;3ATNUvVQW?MNk2QyB-Uoq3JB$J}A9<>0wc=qoWgQAd{ee-$)CyibNv+{_R^a
zn3|euY-}VVB&?}9k=5bvDdm>uZ-5j5Aj`su-1ufJgW3V@wWpfb72P2RUzt>aVq`q^
z^-gwvht=B=7**YK5A(w?-P?$TJ`jUaTiSq?iob#o6iJr7)|CJlLm=4i-x;mNXg>qd
zh<2a63<#V0UDomL(w4taGUR3rsn2C*+rG;$q?G%wT2Nzh!g%wo6}>7M^TcV`u{a<}
zq^YSXx#Z-pEiwuU+cCMu%uG-!=^5veLav^^KJA@5IPVgYl6bheYh3Y8QH+amH=z$f
zlP`D%<n3z>o$Xf>Ey}7I?xZgkZ;ts>{}wtGdhTGGV0@+cGXL_@7rjWPL62Pf03`L0
zA#p$jaQ|H(8V*;b4K?Zy@gHvRaXj7_Y*XZ2jMZZznOIE7e4cU+Pc64c3<)~<t+O<|
zCp}oYDr)2k3lGw2x{V^bn2tTz+uPgO>Fe^8(}=KVMFIZw!-o&aP*0yeEh#A}mJ$_p
zx3t8AZ-lLT6Ws)v6#41r3aX^r-cQ_Vc{u06%Q9<sZ%s+5JieU?|NR<=CVKP=wcdv;
zeSrp$xtEuhukW+e=fh8BWCmlPFgG{1VrEcYZtg8OB?*b;R4G3psxT_u<ujGW9?OS{
zs>6z^0wzA#xy}^1lTrU_+`2T9+Yt|?IxK4B0Xtee&jus1Wgl|mRco0{h*M8ap4Mjb
zD*<p1-i4nZ9$HYYSUdv|w5BGJ9kgfr@#EuBuTXS(`6GEPdp21qsirT~mIUpFE{eh6
zTr2q&TdOPO=Ci&$U?G`}MY}pv4wqAdw*;o|!{@rhFxx_qCAS%GwF~IbIOnlt*`u<u
zveomavQV0uJN_IU*6^vVj}OdOf{9D?Binxd{8?T71l*yObR9P{Y(*Og{&BxX|2_DT
z?DDS%u4_|f4$%3iz`s#2LI)YQ89KC<$P^E))+Dwq_FrM=j#(0zxm6wot->@(6v(*i
zr4x@WXS3;J+H^_|wk&_se|1lq$X(d^ovBWRq%0>!m^XafI)`EX4Gieak%%7ZZ#Wgg
z!osi(Yj0|nY1@!MVe@w;C32;urMwBej~?A&Mjjo-s^`eb$SxB?!Pc+4;6sChw&zGF
z_**AXflu~hp<Vg@mODnftX_PwAM|k_$zjYhO3-)e4#V=?A!jL)SKyV}eRq(I(M5-i
z&5#&H)DLZenvixO=AU-&-aWVzoq0bXes}h+$khYQ<UcBCiKEC)tg@LIE7Grn1gL`#
z9`f;7vGgs)^^;~u$3hR^skdC$Uo9TdYGbpXmzbO)g{2UY3D>?9do!uKq6QwGsm?F?
z<~!`a-DKQB*bQpLAjz}0y1G#Y8QUuMJ1?_RnM^JRrQ2#*UKd<z{4v8SX%@N!J&xpa
z@zox8c(T*#+jLW9so|8jZ_5!gy|WM7X*oIS20;#6iBv78`Q;7J-B3`KLQD79pxFe;
zEd(cnLYyv~H~}B^&MtNmNYGye9`5ct`}>3a{Rq$qkP|5x8M&laDwA6ZnBLjJ<I$+0
zuiwSw2%75eW}%vwcsB!{Di|*0^*9<`8`REFvT8zBWg*hGTV5>=R@>N7#RZwS?B_xQ
zHvxc^&IQCYsqp#;**CxS)~Wi*(<|0ZBZhmnBj!bDSBs9A#7=Cs^@rSkxsjd!847WK
zOfZxwd$6@dH8`j8E^Be7UH&FBnn1`tKMx2*P^t+6&Lu7zj@GDkC2{3&6>-zP2)}>o
zX%F2uO1p!`{>?q>HKud60Iks7Wnk!WwqoFY`qT#uHhBft;E26<@7`^Vr62$erf(qu
zV10$0f?*Q;i%Uzpx{D0T_M0LIWl)HCmljm$K<7F7WK3(uLPkYSCV;Qjd7*9S3wvf}
zpB?H${d`|vQGI=VW##D5kk+uji>vFQN0bX-OmiP|!0epI>Rtt+w=n}C#VDqS6Ybxs
zF)0JzG1Uk7IZ2#JB+sTyMehap^rq2H7-YEDTG<@;4qU!X$Na2Z*lB}~b%?q0n5+{(
zg^?b{k~IDe(k_Hv8e*t!kdew1gv{t-)?KX1Fvn;NJNqdmWNpBmJ>s0jbKxxtZb)O2
zn;=MvPx|Q)!~z1r+NFW&13puiMx!rqo05`}#Kpv743R@uKW+&S`@Laq;|*O6C@n6g
zZ%H~B_?Mi191!)IwQu!r!T6mr9xoe^NakLBu`IqsH*M!G{xkKH^qf~sxeKM6rjQ{s
z+dA6qR+!pcUH&UaZ|{q(vAoXCPH=bxwW7=~!8DQIh~(*&jG|H3+v8gwC0M3K(}em(
zqUrnZ1I1756L@n7f)OQ|nI^Rm&2|6q!PAT#yV&e^(YI))r>h&hb#;CKqD8@%XM}#k
zV34pzKL@xAI;&Ftu~*$ECSzmc3MnRLS7+zwql_5Hn{;Lb?ED={E%!N204|cVNKD3a
zW}?&|k=>9|E+$b+FbckM#PlDBj0#r!$L;c*-_MjBxJ4&K<B>1xkycM9H0J0yMX@d8
zMs>D+)jyC{f)(y<S{8oZ;^=Xe%J!DGN9s{ykF-Ehl4;OxmdcoHbv$|j65w#OHenj#
zuwznwVn?~L<n>0x<jAXKJE8@DQ{>5$wS$A9Wb(9Sy1AJd23lIe(sFj+`T2Q(_Y5=Q
z$g)X4THV=+yg%}I&(-TXCcMS_D5%;1*igw`+q?dcY-4Y*fQb{t0Ji)*c|k(58`Dzi
z?J-tp^YL11(Ou$Urfka5fPeU#y>+o)h|Jjm*Kx=-<fx*mSIns0`Bt*Nf&$)`z^s7)
zUZ6nB$jAWFVsLO!P9|DPQ(j*`F)~ua#KgqbHn*|y>hE8UIC1{ZgdMG|xCM-ZA#aB*
zp5NfEJt8bDEb9)|R-(~70JWw9^1nrR(4-(Uj9Cc-5fTvmy!G_bCE%Fp);iF3wWngw
z>}i5ywLCRsA(iOGtemSJ2Uav5qI<%DKs@vlx~Ss4sZQ$N>JFVkwp@UGV=uchrnP;`
zyuLs58$bJqis<=rh@*0q-bfazzP*h|OP}ohMcYmZCH&GEAe!`?vc;BGuupf$VzK;?
zEuAoiV3S%aYxmwHiH#UoU|Xilw6Z_q+gSmTxec&XdC6lm>bRmp7<}t#w)Vp~Z?O!)
zm>~to<WHhqApo1<D)nJuL{}WD%87}Ie|U<&OrWM(n(O=h5HF|cQL5c#9S&zwLZR@3
zct;b8_`es}qB%!}>XwB?pAhgpOo#Kj-C1PlIJQkEebg1_IQGXC3bp47eOX~m*_~+m
zPX1MA43wD+B>(YDM0!#(Riy>cL=;}Fq0L*<yEiaB2G2}R_J%elLm{#+=9~SJ5=0TJ
zyNgXe$3<l=Z7}L-?Cy-H(j@TwLhZMwhv74Mu2C$~=O*Ol^skVW!%ufSR*paTv&Ue^
zEqZ=;CAp+}ioOwPJhl0$bGg%oj!xoCoZ%@#wZ-ixg`Ar=2^Meq8G7^Wd$8X%(f590
z)JZ26wMmZ@3N1MdIlbmRvy!GpH<a7F86bg?n~1%+UYkP4W4Cw6qZ|xZrew-UnRq@H
zABvlm?Ks9a@uS=JJlN5hdx<jMO(yLVoN@ttjCJ%YA^yL;YJ`2aYokiAcj^L7V0Ais
znPp@G6UP|Q?i5Kk5jLVGm9w7w<4>y^+xSnll$YwIRsik!H5O|OT8Z6o`U1{z5Utfq
z(1tyGII%5eKFMb89}eEX7;45|JUNA|`N+Wu@~h;@TI~%C46GSFJw11&9q-6+;8|z@
z1uGj+ucu0U9Wj)6N76B#b<fEdc#KEB9!!cJ#EQSQLUd0$$a>LbP}nLWTsCWna>ZS>
zd;P}yz9;3W7tNLKuf~++VNQm2b3hU;*%+0<Z9vButiH@|X<=Qt7tJLi?YR*mOSRi3
z^WzWe>w^4zi=np@larGZ6Gw2n?2V;*JJ0{5i{etil|bB8o>r!%GoX?9tl>jLLn;r#
z!hyS={~iF&MgS3TNqdng{TXZ6S$BeRFI9-Yk9i=#y*0smT|!d9C8?O1M?(oPSz~n6
z)$Y(P*V4t1I7Qi~bI`07>|74Xb5IXM4Ov~<?AXd(L;MR_4J8ci5b%GIg!T_5^Yz1@
z%t(@2^QAJpEP}=%&i~p_t@Uxb8wsdfKTM$*Np3wNI!)j&LHC~qGV$RM`n~U)oTNpn
z)|*f$z^yA;C|0J`G9F9L=Px?G^9lv`D~mzF_jd3!A9SePx-&PgdVn@^d2r0?LoN0^
zz<Q!9@2Y8iS-$rY9fw&iv#)LBnaZRSSjn!-<|C0Dzuo6qw_$obH-T1L$%p;P$FiT_
zE?NowN?@U-rNt-V<L8$pf18prNtG*^hLKSnZg+P-ULyS-qPw&6C$kzlFEgOm*LoLl
z&OJTF)Mc)AMPF0}fF;sZ<S=M7SVM!<Z+fdEB4)_i3;_O%Wj~bUys;u{?!Gj|&{ebs
zNOBOeDh@eAwee7l!9Hd@1^qfuIn#L*>N4f2BU}2s=-G=n=$k|kAqjff{iXhw8p^2I
zQkun|{iLi`2tPVUdXW42x958e&URpVJ8Hq}>K%RxOgA(Svhw(tZVA<EHZa@ex%Y<=
zuWX?kawZ*pIb}%+=RTqy=;^`ji!G~4`Y<p!NJvDKb^k33j9d~mIX+$<*>mAvc?89!
z=f6WsJGrpX+`iyq`}WgHq|f53f6V_Yy5Z-*F_oXWe?^qpPTIW5h@;Kp0?elLdHoof
zW^Z1!=<P_V_?LYjkrOXFa2qi~a@S#`2a=@$>$xDvl&d1%O5Pw;uDZS1<5yM|eu?-X
zRkRaemQ6$BJ2T4v+>)G?cygg7U#|D&&26(swDc{3-8ZCh89x?^{e8X!0aY<GGhZmM
z0+H;a79I#7xgkB|7cLz`9PI3^yDZP{JWnnH9v%}-p+i~v?jE=<z})9NV8;uRt7y6@
zo9^*7%ocg-VQ04*GS+9$9PAa_H4HgU8hEH2-Epj~YJM@O{_gaUv)dezespwnvG6M;
zGCG>J^tkjNzC*xnSCkmPu{HJn*$7+XC8stu2p#sx)E<{iz4{h1*E|Dhp0WEqC-chU
z%wWIwYoZP|n&m%R5wqQZVZV|V`UBo8(k!0RRIS$1Mo3VFs$ig68|saZt&V3w<busj
z$djux(j}szbxPm3zla-yfKmxVAx;(@8A%$Ml%lSo@jB>^OW2M*)V@Hsp<P-%5~!J)
z0cz9}B0ycPh$M2%uVg9Jd-?LEP5bwKS5CBCa>$PlVLRhv!^44-iOunDVSdfr>-zfo
z&hCY!rO(m0qe21#?4y8I+uYf~N8Hh}5Kbg#yO*Dz|A+exC7UoHFo9V5&C;WWi$C=7
zK@PqibMj22Jo1<t&$aY;Z&q(O{?qpSAS&v4dA^Q&{#5Yl)R&K3;^IltG(pf}*fzyE
zo1u{rBNQy=im0+1BE#w|*8JPSE}Nc#cB^^JvdbCq{CgvMCk`#HR2;GmmN~X^$BN5s
zL!LTeGf(~PEnn|q7s3<%OEv7?xq9vdjIvHO2kaL&q}J(6=ARDek;Gu5uwWl3cZH|T
z5H@;<*^cDdBn2I5rs@sq(Ia5tFAPYhna+Qn9vuOiL7z9l%*;#zEM(U7fR}gFq59nm
z8xe-w__(-3DiaVRBO@zo*Dd<Qj0}o1adB}wYwKmsAi`TWcA}x7q2#>IGm9q8yvXqI
zt-U=Px=UI*Is)=E;u}wp6lH8IsfXWipm;VYA?rB;6UnoAL9|GE+j{f;YwciyUqkg~
z7tIw#Nnok%{r%`aRIta{S6{e&5S(?oMW-yRs79OvxqqCx_O$u1=A8NR4n|OEOyXB$
zfeEU5hYY_z>}+g5CF1hulg3*!-OzJ6(#G8~=@;W3BL9eS7d&jTdTz$4L6&GYb`v|R
zas3$5{LAb5?XO+@QlY*f*5&e{`%@+BwL4{JOquu6s;`JE^_=BG#%`=08GAU<7Ru|J
zjjiq3`8hsnS4?(?s`vXc%f34P?BwpQqqS*xc(`hLxs+db4~19R?Sx~v%E_N+IGpNo
zwuA^eT3RF%4JY6}y0L?dv|YmV-kmek5@I@(PpgNvllDo25bGX|XYU%E9Mcc91fMTw
z#>eXbdNjb}?Cgx~85H~_3TJ>5Vrj`CB_+kd5d>2E%L2dQw-^d9gB%-2_aR&_KnTw$
zz5g&brP26g&_04l$l7qAaMZcl{}=k0N3_fTq1=!1Q5)2Df!2{%zdz!ow-!RtUBg(e
z(E=VpSx2PZa;E3ER+4a5%$e7%b~LE>H{0U!Dp0z#arv?T-qWckKFRw6Ja2B?izfKe
z%JU21rgEtM#MD&M03NK>dkn7PZUQ*kzA=`jT<5#W4MjyoUs$~noa|PVP)k#5bTD`Y
zs{1>d3N?4xdL~}BAMdu!B#HJg!EAk&M$%6UD7sBc*?M~?H_s9G_Vg4K6aeE70gOP~
za-V{(s*)&aDe9jZhh-hCH?QiHciSK+>-c(>!t$lv^{L+*=rHNylO_p<sL6Uve?C8)
zP_-W#C&a#6DoFgVC<olw%eM=iaA^#S+_g|<p>tP}g8C`X{ZfZDwZgvuCqIzBlR<T%
z6SlSd*Cv3i^FP<!6TxY0xp4k>b#+ED5b%SR-JG19EG*dm;s7hoUEAARn4Ihi4V4QD
zp#|=MX7Ny$_!$Q{+x&MJ7{Xy+cmVRsZhpZ@Q(~nglWnx5X+Ms!%nXZ5xzQTA7`nkK
zE7E5bF2jEJ(cCI3=9tgL#l;sF7rS9-mi=`qZFEdbOhd!7c7nx1VC~m2&|hjZljdg)
zU;EJ^-P>NDkRUv|mXGNR@qCv$%Ode(zqHE^USt2qh5)})u3|B6JYeFMbu+w9A3{Rq
zBOyoWcKG)huC9sVj$20!LvnC3V<11EEGWsc&_ROa85N6`vNB2&y8|1%@u{g(y7a(p
zz$qdSU+$tv(yZw4x3?!QI@X%E6b4&E4;Atwn)fMRiuTUXFXYP~Iq*Bj-dJuz$l7|M
zGuE8Fbhj2{q3|hZpTXo3hIGDW(FgCn+2Oy%Ap`X17C-Na!Vb#ORbiyE^|0>it4vq_
z%X!gzW0m-XUex&&6(fg7AW@RowDtU#qVYFZF;z}xaAJ5q(SQ3g<C^c()5QOv;%^?M
zZPd{1<1!OlfV5nt9XE%V-)0(kC9xV+4G4(GkGc4zvjMXpSta1b3$p32%r;&NF1)&5
z9A?@p^Nav%ZB-dVac)^V%DRx5vF9c|_NT0XavBVJBxEYnFO44KJPzu<h5UJc;H)IL
zTDsfEMoj+N1--EoHc2t}UWkqD&(cyR<USt<FBjo=gO|L$M^tGRAfUt4=6gm}HSTbo
zFLF`9+0q?Rl(xRH;Z@gt-rn90v|pCEl>U)hY9N;u^-YEguHG*%hPNyV6$mx$6JXIt
zzZE0WK*?I!ayB3ksJ$p#VqAg>EktBb;};l7+=`1`bWg+c?4R+Y1`L#3TU*=d<^`ZC
z|M>Ak9DGFuSi8q?p$89eQe76C>KpgPX?T^Y57w*0UG#3uL=~Ce4K+Hl*`$IC-rrr?
zcFcSjha7FZw~&WvXE6pRT0o|;jsX)Rl*No{IHB=sO~-4K0NF%$3c+}D=YBA3jlyu7
z0XK#LMFJ>>7FqS5);@juq<Wbt3y~2KscdT6-Pi~VB@o8N!Ov$q?NC8?K3<MZOKWPE
zj*e89V<aL98y_Es!{LAbTK-uCo+J?vh@zy6X8T76qQLJ0?B`(bR;&EGR_CCXvVM=Q
z#bGGUliA3~Nc?3~EblW($<LoZ1CGNTW!w$G0Dk@YwM5PCMV1txlZAz2{X35AM&tlH
zwXF;Q<}{tOCqSV}8!j&92eil0f%>8j0Al@|=G^iAfV&3rKZ#{nQV%P9#a_53RF!E4
z)GAFpq*@b@arm)ibMwT!GZ!8CNp(M$yylg!GiTKHyLv+Hs=4_V6&V;9R3F5ORBAv0
z?^#({S#n<EgP)(Dyt7yrA-ol5Xb~9%1MI{uxSc;QYULd0Ud&v#aQ59a;ebv_n_;k}
zfz{Mmb5q&*_7ybYMvyYNO_MM&8a6#Hd)`lw!SJxDx!Ew9;*3)su%_)~e};w<GCQ>h
ziD_~u2wNel<oO?sEG?D2deGL^X6Cg0<wl#{(7$*`I2?NzCYu~`nSV>~r^4BGHh^X_
z)a+QLo~GrecTmG$E&1|4t{TnHu00r7%deL9f2i%j{vtr;jW4@(>;0D_A`LAyZgSOl
zTOXhK`CSDE-{Sg0$ts0I79$hHfyRS#GOVTqk|Y`|3*|<|4m~q<Fr(@Np1sV1?N^&V
zDMxX+FL3)}<L~Cw(^q_uu|87xa^gE~X+48PkFJz9%6WKr>{dSmEJ8cZQV#iz4U*@B
z-BjyDxi8ez7+6@IJeTpa^971un}kBkn-o$M(3#s9OvlfT{l3)XL+xgWhz+Kxc*ZNQ
zmmlNNBKg1ft4Udf;Sh04%CSoO#3lU0FF2lcN0bil-vf=`nLX?5@LgPHvEQB^9#3cq
zHR+`uc>(u17yw(itj6=+zorAgghWv&RE6f4<b1NdL-n)AkH4KZ0qRsK5t^O3P_FVO
z@HWm->+CEecg)4xw`rt-Aa^&~ud!viyyWKTu8(in6g$#OVtaKSe6bRC&|L9~xUiCJ
z@!$^9{H6sDuw<Z>E$UchkAsh%Ug<i1{vrI9n~e>@G>+9_>`wv(Bg#^s)ley4J32ag
zNEKpZV{@@kdGxgWjj!(|#rdyvyP*vG=-Fon$ye~y!yb7I5-Ae>6kAbHU~gd|Cz!-J
z&>n8VJ~cjmPg@3TZLk{#R3*1>ft!*hShBQlhlht37v6{yAoh;)g`uILM@MexGr-H@
z<>kG2$t(|~1izdNHPe)SauewJn+3f6B_=?f{ZF@>0;$z<<E~sF*s!`^0OozJB-8T-
z@Jbah;c-5#if}rio8;w2fYgDJUcl)d0$fK@E@0y#$jJTA)wtS=cIvU~Dvhr0!*@V;
zpN<`C9RZ9&jN(v++xZf~iP}H#F|CS5T8<s}Ts;-cVtZOv{Hxl<Tiymt2DN2_xF1_z
z>uVKr=WSfsee3ET-u>^HOeTjD&0am18J2j}rJ|Khj0!^rYfDPNg6<U>aPS=1F@xCb
zlnOIUMj1fuS@m}6`ubBw+Ir@?uQe8jIuojCJO*f9re7p5f)uNm^6DD=e^magt}7h$
zwu3hvHI_IyzGqEVz_$d`Q@)Q>mO-%q|I|Z<=DF{!?OJGm4f#;a%Q`E^7KmpL|GTHd
z|66tM9o6L4y^B&+x`I-qiKrkQQIOt2g-ubECQX_Y>74+g6sZv<fYO`v-b5f&0YeAr
zO(dZ=0|<dY&I<1B-uwH`Ib;0pxPRQs7!DYTS?~L<HS05<Idf+D^^#|_AmipK{cpu&
z%S#znV7$Y=5ZlO~B(_xg%-SmvWk1q=3q)rK(J7)bZmJ^xO=SB&P*nbBJUKweE4XRb
zWebRQ)fNT8{IeW?%?<(YfI=|sm!Q9fYycwm{|_dQfZHyy9f9%Oz;GM;y{vf~b0<gn
zuTd&$3Nj5+@eqrb2Q9O7VHVDRvn;<@ka471u>QaG!cO#Sli5LI9Rnb5RQ&6|1kR#7
z=(T1!^+`LMY9~7j+l5D}6KaaBng8|nWn?NJa4u&sNKU|SEI;*YILiO%HFZvWBLa89
zy`D~uyL~))`KbmoH;os1rbUGUsmv}*OFHW0({}Th*f}gSw<@`A=KlCpPjQd;?fs#l
z3fBjNB4y#rMnw)A_8Y9i0t{YW{<YRmW<Dl$1G1L>OT0knQ{d~tyuc(tZES3so0~(}
zIn)8?B0DRKgoH%O_h(^!J<HYo)rAH6w!E~o=O!rrFaY6P#9W{%LhbU~OVp($ggP`T
ziPo34d{AW=Ch!21#A{p5E_YAcL%T+OxUv(hy41PFe7G34;{8aVW!MDuOcSI0d+HkN
ziElETEX*zhgf5zlNTutkN(((|D;(P=5lVoSlI~x<%7UIe#WhZCu|Qw>6S^9&Q)n(W
zMno(U-mHH$(W+wXCOO81Y|njby_9+XzWcL=S6=%)F{FSvRw$1bltNNWN=ga{5GE%l
z6K2N72tIowp;1wQA8`XYdcuJzcX=M*;6UB!`1GmQ!yZFGoceMT9V155BUoW`iO%%Y
z84(wBIFIdCO?f&M>iOmJ?F__3P@4s^EzJcR(N_Px956bS$Y=#*?tqgia*%s==Db}0
z*T}W+h)<P;Q-CFz{~>xQVQlLA4JXzJ!u8xJVa8jY(dzLdH$jW}ceV=`qG+91Da-|)
zyaKd7e_d~6t7X+6Y3>ir4<oY9KXTPDy9=n19{%Tk(ovZ9F-x2tyQUR=HqbBr;HS*m
zg`ZTj)Vt=Iv=0W=O^iydz`&r9OL+D%7X#+)+qYM*UIo#KT)ETC94V4`g_Dyr!NK0X
z8x&RXW#I$>ZkTsMBO{YiQmhJchi!`<Q6S?%UH!J1*-M_;a8UC95W^n7^`bB2ojd{%
zNy*~#I3-o1sckQ3tB_^#y{4($E>Qc}MGT0N3Avj~B~PCg*{oYZNDrHR$r$uXc}XZS
zV<d=}LgJb+azz=F$**q&j+JRIL(vCu?Zxu`9nT?37ow&Wb6J`@wy@+LA3oL6RZN6_
zK!4;W)adG#KhyFW^fAakhxelXD10F?Pe(h>f2v#g74cZ6hCiJ}AQ+Zpho8EX^Y#_w
zIi@9;Vv}j9ZWF!=>W>1Rj2uO&$;nX>5tDO+o?%KYC;X<_St$PvWTw`&w@k%nkcWqd
zTrPm}B9^o(3fMF^q97JuOobBJ76mFe1FbM+LFVGQWJpg+wXJgmr$PcDrZE2JZYG)=
zNS&<S<#C_UN;i%tPsfwRC|*O0(n6x=Y(fkP(R1JPB}kY+pHxWvlsB?wC#uZl61%?S
zwf#%P0{OYkpC~bZNVkqDR-12qD||!qD1i*~0Z>AJX<_nhBnbBc4wiF5>a7o!GNCK0
ztHEj!aRmjdBO{NrwEFw|wIC3wkJO*kvIhY+{Q?CF`me}JZQ4jOGX*^_q!ZAm;VZwB
ziZV{U#PHnm>f#2PcM_WNBqV%YVo`Y7XdH?&P$k-Ua)OFc?ISa`5RI&)R79E+-SxI|
zke`h`7OfXXpR>-gvZ$y#RSzh*BHNvg%n7D@L|5u6u*Cy-M)V_@biLHCCbC}dP?`DZ
zwO22t8Vz3Bv{8`xa`A*dZ^04Z=XV4OBD90YF#jJBCVYZ|6r<<3La=dh^dP7N$yo>_
zS)-$P%+t;7%9ShME)i`v$$FSuT7DiHqD$mNvg<q2U<jOC46d2dSXd#EgrVPV=7v3f
z2Z#ih(DF-Q5J&mMHH*PyPLVs!<3)ZtucVkG(p?A=K{4j#$FMJXg|uv#LK?!=aOhJ-
zr@ST-bQyVnG^q=@TDa$IS06u5aI<@NOUFcY%Fde98nXv%_imfRr6)p#aoxYovxGjL
zdO+{uUo!^7aB_=@dHVV?NA@8QEgi$d4_m3R6ciM%PK~*NYUZ6gXGCub3zxN`4%YHz
zEIuL(X-_Q3RYBiTwHPMmxE&3Ftp=1n)bC3HFV0jdK=8TAsftf3yQKm8#0;mm`sSUT
z{HD!QpS?gG9k|!B9nx;(6LcNURTe&m<77n|nd_<QP_5s@Xgx)#klRNDTf>x%(|`^O
zXT?R%0vW<d{8JNx@pJ(Sjz&W<$C>lR=KA=&{1x`?!dx({{yQ4*oagl~PmAAp8~eU@
z<JRlhwjjuxTlg7BLthk*cUMP)U(Xf+K$3j44DYctSkW<cjT}Xxi}9yFpxRN$R=|n<
z<-foNfzvy$;9s-0widLi7YB?*4mBvhg8^s1<)AS)_s$v2^!JW0!trC@q_{wh{R44~
ztW@Lup+U>X4ihgXS2|F6x~;e{VOb3VeGtX{rO?4ZK=yjXX3vP@z__sORH!JU22hRr
z_h}PnCMH~5TqefG7+G0&x3?o+y*fil`4|uy8`{}ypFJ}&G^C4rZ+LR0)OU%p^`&nN
zAGhzlKCKE`Csi1RuP?vLV;Wx`uMN9y1Gvox`dx`vAMRdX)?ee0Xl3)@wm#aP6MlDX
zPWjD`>d0xq7&3vDj`q(v){D(|^OjFXzfFB-*yKrkb8e$de?+yUJUuFEQIr0k56%8Q
zCFS^FwIsMQV6$QN_-75U!!6mL$<_df)I7^teEK+oL6E@T({m4u*N6p_T2QR5`0V5B
zJATH`pord?z-o7Q*UT(W2PpsKz(83;Lll%aX>6yvyL)VG45SDf&)Bp<06v6QOzydq
z7Dx8?-&0>YGACIK$sG%cu?Y63BqT`)Wj<ZI$j4pqBmy=pTDG|PZckBWWc^~YFo_5h
z<NR5IC-3RgTWel4$cpqs?J$2QIm|`btj3_aPyNy|9eZT~M`xPe^p>)0fKCWAKW$A1
zZ5#8wv%Vz4SNY$XgxF8~mYXm|nacWlN;qJHHd>V8u-kp9GJg3wJi%S8Dxjd-Bz~>Q
zSI!S`9r^eodx&ZY?Xgr;R7Lsu_wL>W6*+==!0HkXgaVo)9UUET)F7)jg@6h-h(a_p
zG(ZIj?Jp@=2U2*xMmt~C3n!XYtG!`;<?#U<?sAy4WxVd=Ubcsepf3$=gG8JmZE}1>
z6npX7lJDh4M_YX3Lwzw*z<5aM=N9w|_6@oEj(WE>5}Cd*^Mw@7#)ffva&Mx4>b`*$
z_2c2M!Z#Zuea>FZ%Cat_AOKR*B=wz4-ITXUy!yo^XdMYELej^ZnJJ0rQ5XUg%#7ZB
zgYIv$cja;_8D+{m34(l))fi9$<*GDth-<aCkw^=B`@%UQ+OR9!+-C-w`uktU$1|K|
zJ9jS7<(+!_H3bEQvmTdjH%*<>5D*ZMlgXfK^_kH+IpEXxFk%ZZ5GPzvVWTvt@I}h`
z|DmR<xG3jr$<H03AX=U5EKN&|xpb3xLX@93o`ao(i1Vl^lIYf*j|0ApKI2{X1TG$3
z&&6KPj@{Cm9iX{WQMO&GeQG%aVL<=zQr4@*73)sH634vxcI0y6n-@!Cmzlj(Ta3bA
zGe%w`iGL*4U*#9`JCM>4K=%l+v!?=2^poguu)-W*Ng%2Wp85Gn-=RU)IIXO#5TQYY
zA*?G9U$II^iK(cl$PMLh-`D^}b|!n|A0XiaE;j4)+Jze04IfF`4G<cE7%ARW9LY(&
zbTQddo}g=YeClrY$d=1dioVPX0)M#_5C>w{*;0w2^3K&;{+%5vWmoE+LWA{Vo1g;}
z6%0rrBxuCogjx@%Xe(2VSZ3iX(%mgYA+BEzLI2S&TUCA;AJvRcPHyXdBlJpRWeNaP
zVnCrVD6-;Q%h$>O`P0K3Pni(p<6Cl*prN73I)3iw>MFu98#Kd)j#1&nEy!Lzr~0DT
ze0ZxxM&wM-Q01rEA*ZG!>6kuC%n+?W3PEkhg;o1kkJU@hm}(-o8GgP4)r&4`^A(P-
zckZaiZRz_PiI{+Cc|~?^A)E19LlgYtQIJ-fa+|;7H44l(-lnzHRo|n7U0LiL4W7AC
z5^!XvKK0R=IM{SMacaQCzyQ(JH81<(2dKCZc-z=q_dRP0N&_I17Z9M%!y*v(0Lnpr
zj!@^}L$fDNPG{u_;*t^*Bch_BqNCf<21V6bSwSV+J--g(Z2V$n5b+hX%W<YKnk$x>
zNgQ)$2y{%zJvk;1v|vZR+yMqp&i$UjHD=S(tCz0}au-<$w%9NywGo9-iUwlmf-hKX
zuL%&ZKHEYY!*zm<EH_C_b@#^~m2XGzTr~Jm_92@howDv~;8iM<epOMk-+n>q5<5#z
zUtdjGnK$le&vS2xft+G&VuGHYo^9Qx;jN&8%v&4e%Xn<v!WEU#6=7XD6RS4DLXrCP
zK=0#s4SA?P{P+F7iVI~5L6T?+m{n+-FhTNAKY!(!OA?LD57Z?5o|VK|caFvjI#R25
zQ7N9)u^S6ym+THXP_5+1O|4J;?PcawK|4WfiYDqE{iD31q6;JL2fw!FV{uUpJahIV
z7FqY9N|Hm^yD!Z`lXI<8fP3MP{x!`_kXusWb4$1GPR)DwB!nu&I7Z@U-ryP8XEC$_
z9HIhJn2q>OYWFaI#5dOG7Q(-kD4GrfRD>O}6?k?&RL9k|qI7164?Hj<=x_7=+qr7s
zi|J&9{$90pbrh@9YJeeWuTb>p5L5_KykCIpTn0UK_P=-Zb`1O3vzJKr=iK);jLaH*
zzcAvlGgdI@P*JfEVs4(<(BS8$)0k>!XLmoZGAHMBa0!o>DhLhEf%ZGmzn;dTp)=s;
zn!cKv8ffm&*MFyx)7pDeOpNQwm7AiX(NL(Qgv28q9TrR}n?4@@k->ES^RWOVTJ2c)
z`t{jg*Z24Lmy==k&1r0u<>9flu*j;blLY3kQ&U4@rs}v3gh*ikQYruYER>GxVk;^{
z67}@;%@o&*i;6hX0jIvGq{PwA4)}P})}^1jyM&m|W6vU7@qg~X7lYT(DOM(Id%Ft2
zgn_g1VrOBAY|PBeEGsJ`4{n*9WM*o7EU>w<av7PZ+z|{}&bQJpx{_)uSjhHWT;+Er
z!DT0Zys}~oSSq0Z!_xAqR?r&|VSoJiac9R(^p)Tk6rUY8;Xq%Dv-F`V0I=wg#Eg=w
zZ;=n4W&4c2{t^lr6n}|^1%Ib3|H%#)O#!6kOXV-vMH3$<1wnX0&!f@}{*yLQ?Axn&
zgmxAI(tsFse6K8kYb`)_4H`yW@B?6ne!&>B_*m{7x@amc6oSpN))o6=F+`7By?}4a
z2KdDN(YW^}|G>k#gCG>8C=QbkgBLe>-tm>*Z{WZ#uW{lpxe1U6Pg4aMVBqkbf`&Pu
zNwW;l1L)BFO+k=ycOZxKcK`i0V8!$I?B_$A)I^$PJZf~A1zovI_-SbN#2DiveoUax
z*gtka0g)&g0*mO;q2K+%834%@7vZeUmy(s{zk6dO<P8Ivb9)3U0uc<yPPrYM%Nw_^
zS)5KB;iJm*Ct>>GEbJ}5>@99H=3t`BZ)Kyasuo@zK~X`zjl=!y#pXrr8gJu9v9VJU
zd07q*^WWrmXYt(axx%IP2T!e7jl+UPuNO~PPLk_)^Z9w!dGmU+$mTW4SIUJ%BxlNA
z8QDJ(OZX#=D$BcHcgLnCa;lvuVq-B+Q+wLcv(eUKDs^vi+7|ZYNr0yW+<Hg>Mdu3s
zHE3ZJo}d;RA!T*K(PUW2yLh@V9(MPiE$Zw$e5<Ad*h+KXXXl5^X1fc5n|p?1igY;>
zlsV~1tEbC9?CmmI=`Ni9ib!Qyx3w#dvC$1Mj4xuN(}E}IK40E;aoq}U@URPTtSAiG
zRXs)1L8z354iisDhZ*NWILgr4_Z2HSHe(0TSd7T|BWa^3Myj;0#zu^Mg1kx`#*Yl1
zKVh|#@r?^MV6jcTSfRK+#sd2k;Op|tIroz6=)g1OR9loe9pyEptqYdHt7^rs?qSkO
zFEJ>F4!(gfJygozBDT0APr{R$K*y816pUb?<z*-J@w6sho0-xJz9>x#6TXMJvlE1E
zM{M;TFi!k%EiJh)Pq5FdTx(C!thlZBb-;?r)xEOjt46e2`q6H=S`p;Aa9dIxgI(PD
z##s7#@>8e%rvG4+)??=39N4B}6w9r-Os*p%%%vkUKmilH@(51Q(K?=6!I^J|iF<#a
zkyR&-VRxd4${oeXB8PFRD17eHSe2*pe4wlaft9<mVIZTI<o@K&!0e<HGIE;v3`($j
zhregn+|s7`sa)QgKFaPNyBCN)GJNY@+lNxA{no4F;qmB-1}1sk{ek(<J3BY(RWQoI
z-j}Ty4@@0TsiBClD=o~UXc#Oa!kB08bgt$a#m{J;-74$=N8*RmBIcqfNiL~Y*Mb%L
z!~V85MD>l;_eR=}62{N$e4JX3PA~gRWr-?ob~f|cfZe3l5WF6hX6<!v8h82zy#DI+
z_w0^%(Rp1hk*exZF&TzgjqiV+Zy>sP--!!h7yE5LOhJ}52XcOi6jPh~t$-(7yQcsK
zRX*z-QS~XK(8>3io2NNTMbz$vTMw`PKx{7C78dY7u$qUlk9l-89E{N?KaG3OQgOYp
zvRtAuSLq$Alc1E(POhhgfmM3<S`xz}L$MFm#)lN)YKC=(>67unpY`aX^!v)85B!ZH
ziayq(TVW<TkHl-3?pu{Penvf98W~w^ap0~ycyvwIL+HjU$5ElWb8Q7}HHqYZ35u-C
zel7N0@~&{LKkm^_&m5R9diGP1t%rfbncKp?iFE${0<zR}JnWa*-|NSXuN-`Mk#YZX
z<}Iq8TT%QOkWP4Bh3-T$-L`wrdP**O{_wo1kJ^Job<L8)QhuvsI=1fU-jdcf_nzu7
z6u)|A!GgwVz76BuC)Zb8>Yo~Jew!NcSDh6yZkZU!bc^sSsH#TneEa&u#xm+~*kQDZ
z(SueoYI)S(E%-uds2(A!N8L4P?Yx??<fk3i%K43{OI}b3NBOlDm{O+Khm-v}jJae4
zS00oMHoL+20xLD}p3Pk(-&I>?hw`psR0cL*!VY`aCBdbsfxD@HMcEcLTH}_MIuJbS
zO{z@SHK`YSSWeK;JR)8z$eJl4<ot6x>0F-y4k^VaQ~fcJknj`}_mHd0cI@hz6fxNB
zxNLYs%cC)>9kS;5hr<&GAp`gI?nldnE*ish4W$OsBYWl)B>kJiV9yF)QUTE!co^zR
zay0*N%V6b5jQN-9Xkkt@1tC0piWP#m+a`Ta6G~APWjq$(DU!>~z=luw<P8irRpsWB
z?k;=wB_cX5?}SM(BiNk;P0yVoOj){0aOdEurfnMXeTWqkd!^ehOh+e^)tu<-(!H7`
zF5Xq9i$GM$$gojGLV?PRa%uXHRy}I@d)6}`^`Be_iR>mquifLxFNJaW91s$p+ksNU
z;)VXy>0dX-o?;jrsZFxT088svouepHm`hOJ1tNAmzFXTPGe54VJ-!Bcv9_1)@S%Iu
zvxb+Yd?eTqbPhc)Kb5MlOD?2aw0csx&*eUcG3FjjkQ<SzH}hyi%_*|i^p>_vh+toN
zD(@ak+J_FoY#CQMly5F1gPq4D4Ndi29JXn^YqeOPTkNP1!Ogw_K1dYm9^fjOZ#KF{
z9u$7>qVo1!)z1_{r~_&d#h_3&M*q+shpa)Qdann>9Ma~uXE1nUUV8%R@-TO>V_%hQ
zw<@D1_pJXk_>2fe9I0_CC%)9%`w!L;9gQ`HxY#a&j1E-0;N;iw2w^I#Nmj*#lxa%o
zfS7_>Au~~MTMWN$Ydm(gf8^?}fUR9^SV>i#No_|DT|-96`8_8gWH@c@=Z*97aSw;-
z<8{ePt3FxlY~SD`=!e`@erRdLY1}I=Ec?w^X9K2~I!6Cl+Mdcgb26@2rk>ouqND$r
zvp4MiQbFB?b|5E3>gIIzuSVY-UqERV+RqOU6b+A1HD`)Nii6WyegAAw#NQ7EdHJV%
z2}FnySUosa&1n_CQE^T#J@xIO%R!Z_e=v=_-`w*nAqXy?bTlc?EP)orTD@=UeE4R0
zzCrBq4>j2!Ao#&oQ9o)}-qif*A6;OZZevAJyU66*tf3}iulaHzPc(i#|D9s=^xOFf
zlSpsFskdd0r0V1gI>%opj3Jrg!s~|eC;pWPhSOF+arH{#^>1Z~*(0(y*D-R_<Bwhk
z65o&<<jZH#W%?-dy|=uQ)iS!io8Q{dHPG)2Npvanb#z7zqtlxk4+TZT9A&B3BG(>n
zc2*v2`#O?JcPSpZ-PblOISwb>miy<0G@hWKg3l1GPJBJ<ti9)KVspNFQ_Iq&hN^U4
zP>bj)kQ$&s>ID(Xk2dKU`==j7JS(i;SUI@1&&WG^^JYimh;!%m{`W~}W@*-Awq2-h
zTkn->nGn(+if_GyHe$G_zKQXa<VBb?Z)sta1a;tYsDM~4OxRmJOw_u^z<PhTi?jDy
zfo0l#%q5ms*@|<A>@g-f5)zHndAvUDPvwrhYq1%$D2!;S4EYh>j6Jk_2HX4=m{mqb
zFJFufl<Q=aHswv6-x6`((5)L|N8R0Dl4m<rh_PkiHt|kJ+p6J^M4w2hijq^7P7{@p
z9mqQ-RP9oAAzlutEioO6&>cM{_-Z_A-`e{v-bKT!bXz(5LV0R7?A9hWT4w%V2Lkp<
zF%?mP+9nUTkl3>fOrq3{m944{wYj5{qRl=FUDPTr28P|sD2ZH4pml^Z<<|1};MYes
zHqU$0^}LgM=Q#aY6<?P@Vv9f4lh2dgW^AR1JoR3ZRY+`&;<O?XL2(_?0Z+Hyfd-zD
zlPw;Hz4%@ZWJ_8=?EFTU|1ARJbF1vteI;F){#Ig&1FARy>ONK(d&WkF5DI=HKlJtH
z*3JDe|LN#Fp;u^TN!HJ|qL9fqRZ^ARZ{$J(5jgI2G#ytN+SSE`XLQ<dP2&vXZVh_M
z_bEJgZA)0PKL>Kv$k^ZP#Wu3kQPFTTq8{6Oti2?1=pFsoO)xKah4ozs8Wrf{^|_S}
zoyc*U&74A8M&&|(=?<|Xd+!3n6UM-vYzbXsQpD+UU34d_-s5%>FZa(QPS|~P95;KT
z!9%0@xn9c1x%ie&Iko}L!^m{vn~st`v09<7N+~_oJd_#OGP0U#$%SW3sZJe@z7lwK
z!(|2`G?Us8s`9eFZYFF9&pVay?95429Q|&XUwUP^fww4oTOMS^&p{+BX)ClS)lya#
zOIy$2jo4e0Uk^u1e_v>JW-@$*E_*R0m$r3z&vJG@$-dbC3jClAp2po+Jbq1)PX8Ii
z=0WT%Fj})}pIW*Idq{n&(87^TXXP8dQfgrq$YFxQDd?BY-wqBA3Nq~-9Kckh^?Qrr
zI{x3UJd(*O7~w)Ve_cXQIsZU}YN_$sSs5SZjQS~C!j9gCny3lNjXiN2o#GKyx^AMS
z!(&c#{s_paEto~o&{8TVFv!dGb35XmP-Ig<<^g-MiK?^UO7MOe9IZeW3%&J&H!U>%
zoh6gpD>Pwsi;THxpaOg2`F4r<F2koWf^;nuRUUh4j=M$4o9>e7!fEK93p^%Iq)-60
zIZsb-#hRU;58&TF>IS{3VX3#nV6y{ah5n*&bGHxK1)A@I!{#?bLvNV*^}D*=kh@)P
z5a4AVkPQiK;PROuxS<j;R@vZr)<bus<8rM>G)z0#H)C<TVCAA3512;Ir)(45qg_{!
z`q^-Fs<`$efth&{#}K1&=Qb8aFQpCVlF*ay<K7U?-%@ha<twQ+ZR0d2tu>dE;nmZ6
z{NcDh<L>X91q^ywzk{7#ZO|qR=*E@2$&0_tL#}5wU$lt@<t2CLdX0nj#jkr*38#5x
zAE%?Q>KxZnoIKHHSW2iae6-i}X7wcM7`w0Bp$+aw%B@o;K^G4zFbEoB*DCrxefm_{
zH6sh?iXfFo6i%*htgk<`0$uzep`n&O?(S7^I6OPs($iCnR{FkS^mjK2*dH3#b>Kk=
zSx=xgiy$0oGgm-`wwf*dga%;eJ#{d{CH|oG{sQHxD!bKQ7_V-MY(R1M4BYQ9(GecA
zEO*IicV##u<FdNBp40Y156HOzDa>xP*eqt)mS0dXHBv?T>FsPS4DI}N_EyBy)MM=M
zbe*T5h)6|c<@uLtf65oIm^9b!!}}I_`S`Hoef}TfjyxL=jVup3WRHbcvU+;{SdWu%
z0q__|#!E(-!)ETd<Bt85F+vhNUfMDqO(>VUzPh@jfE^P%J3j9HwI?qW5znZJVJrn`
z!W@)5zy{y}B_@pvtcPUyWI;F>?abZX*||SQ6OcQ0<U4yfqif=a@~9h*db1gTJ2VM6
zx@CLqnIPFq2{>rwuB~Mny1f8sx#4JQYikN}a;@eFG`o~nT3$mMM4T$ZlqAjA?IJj@
z_6Km1@{+<r$nFZvqZva3&JILwFPmYq!ooj3GnhcoU%0{t0(LUlrTwv9=H`lzUg^R~
zhH=3Z3@p?giASu=l$VGCo7N|5er%5v88TXce2CU9I%9U(4fL83IerJ@hi_SLrUSI2
zeRLp6US9>J)*Fm&o!e?ol#lQswb7|bQpfCPeooEqTYNhX?pQ3I3jt<;1LRqKp2o}C
zT2;TYt}Y^F;BvqWB3Q&e1AE!HM0YV&`p-L!fd%~du3Yt5_Go8lpW<i7b(1e(%!A?X
zK?f<Kqqzo90&E>^Y|f#;Gv2|ZynE*j=2ig8!29>_qob+Ek>eHC0REOL3;51xjPY;8
z|15I@p4<v_VqVZ2)NbtUDMxfDeTeW0>ix0{AvrF?%PYeL6R>FLl;Wi!C#hpjZpoL_
zKTN(gzdWs(D)Sjf)Qw0zKy}6csOyy2$K8;W<Q)oAL~&8WG<QrbP`K|5jr$sv#`xlc
zua8e<M5cERx~$eCu|_$zvA!NM*Fws&uY^I|N43e&&utkP8w+Uu(cF9v5wNoqGgVds
z|ALEEIN8IRnwlS;8B;;2F)_k2Y=%sYlE)dK4D(};I1$v%Up<}G#f*`^h^K+3u{3(D
z8zAps^nzsX)CWyrppDO#=__2E$%#h*$7*B4K^b#qO-5QeiY#`w#&I@UNzm#`$e48}
z+w^y91A__BA`gr`$n-N#&-3DF0`^~e1oC{j4|f@2ryhz~V$$7Z>eb@DqB?wMrzzAt
z$whf~ar=vnrc%R~>%oZlBvsUGgKrJMrDQHfUbM5dB?=@s9<&!V1i0|CXGN9ftVf91
zi3x?i_bMP}rUsKT9BK|1dJ_9x0pbWrsse`r`b@qzI?uPawUMZ>0Rv4%Wp?`V0Pmx*
zGJq5qmoSt=l?t$+Qp-g50P}?$?6Vw-OBJ(tRR@lg;*ph>Zm6uR6u;Q1S9_22v|^tY
z-^9SaF(R}}<i?GgAZg;&E$)mWN={A&Ef*J2=8t*@3pCeMGjQCa#YU|mpdI&(nLsSm
zMV9mZz`(#A9gJR4T3VAs&F@P+z<>ZW7@7^ywi3G7I15G0JSn?*^JZFa$b9xR%B5j6
z%+LNZ*Cgk_UIj2a8Ta9pit9I0w0PNHKHu2bxRZoF7pXQeISDFJJQep~B}%cI+ZcT1
zY_?Go#dQ^EBQZ=9wF+R5UUkgY0jR1UYTJt@KE}m;t4RQ2oRrkoDOc-=^D9Ad0t&^L
zg^f*Kem;5YtIim-@SEq$1JOQy?(P?S0XDM@3Ra*JuYh@~x*na1LZL3Ae5Fz-7zDWc
zQg3Tu5*XRoj)6_i#byP8s5%Y(HVtxK0+hNCe27c6owhZT0Fwo*;D@XJNG;48*L2AF
z@%#O1TdLWZ*T&oz-RFU0l-2pVI+kBkqZ>kv=8&#$V6;fX*VAaHnclfeB)|5#a$vxC
zRc;ayx)Xcz)~&Fw=iCaWIxpKid-kxMn^AfRvVY;1UK7JoNl;+gOginGWl$1e7IQEq
z%GNY8Vx^8JB_#!~INEPjr!n47p?3nie|1p-!_`R^8(<8g^S=}g)cCNyr+IO2HDv}I
zwyU#pa=NTPXwL#!09D{u`<w%GrSuV`bOP}d#sT|V9MPSnV9E*T1N+(FyJux>t!-rl
z1_A*4(4R25-Y%g>*GhWc0}OE3+nm)+Ro;Jn;vr1fK1Rr9Wn^RkqGD|Cz2s++z(Xpc
z=%g9-F#!idso&O8aoELM9gDzZ#6!Pm1{^%FKYp8vRhrzK90Uw}6B8&|?BUkY)D#Q0
z$hdiR_sO~FmaeWYD4Vo_kx>IsTkiAk-@S|3oR8sQ=N~OG30+1FJ&;M=j1Yutu|@ox
zJ2Bxhr(V65J{18_ZOs%Z`Jxhk2Pom+8)26M-y7-dSekurf;$+U9XQ&N*3;i`dC|)`
zFuyt90UhQ|+iKZTU~3P3d1Iu_S)BGL_B_yQP84V>^24Cw%P&rWEY$lN&@6nog+bMB
zlEO5*!(w1GhqhGg@$<1XqlmW{L8DJuMjq-~g_-4>o10J;zn^#6*rGW%!EQ>iLD6Mb
zKd#(HIXXDZi2K|OhrA9$$O`DdC3KE`K_u_`!~(UqyK8f@nq!rLB`GGWJS8$R61(mg
z@Bq#U0C{FrP)j$!y4BHm(h$D@KR}mmw(~ZYmY!AH%cQvvdg8!5gjNz*>ZN}zoB8#)
znZ|$X!}lt24Ge?8<9&@CkE73@mDkJ7X{keRHF!4|pWh3Vle3X`MCTeU-D4{$kb2L+
z4=5ApKwg$Y6vduUT~$@K{qe7@hC@V=U$ljEP*qqGElgVyIOk44MW}icAmaG&7|>cR
zpxJm1Kvh?-cP=FCN9^X_A!vwah(@mr^X}>m5#WQCd7j4fA#EF*D?YiKPHl~W)*-;(
ziimKcWdy(?i>UzuYA9d%$nz&5BeM($XCaSKk|A7GIMZ(7Ww!T`0mOZjFL~K(-IfOv
z;{rH;Ab_U8lpAqJo405rMdWfJWUzpZ6A8d;M2E{g#O&DEovnJ-D731I3KEUuN`+kB
zn_5;kG)#mnHlU*x-goK-`|kjm=D|$`BQ#lfaP>h5C@MA<3QQS`r;kYyWb8my_8_Lx
z+R`#l!pjp(_bC9)L|?vqQH8R75sS3BZ1NC2pomh-#kw-^$U5g@w`qA~<AAUd1vf4q
z=$%KI>!nT2;6OM2c2ChPE4K;!I;b_T0Y{ne)ZSjnQjlgMg5`REtLyfcw_Je6y|3p<
z_OJW7Qu49B^pkdaug3?^?RUzUP7s#OemycvgTyWbV7g3V>36MHcUAMTVE9jDBxQUT
zh>lQF&A^lb5xlI52sqfu>zF4CZ3UJ7FGoAcz5iNW$@Pnu)0%pOKize9Q0sqfy>cDX
z<LIBM9<Wz8tE}x`Zum0|Qa25{&W!c+UX6nY1$6D{<ELN&I|~b4o~d=Uc5u)bZe{{L
zPYbgs08S13x~k*PXPpKisrm?+j=q-ae~{NY*I!&D>GFiV7I?Jw_EVog6JN9v`&1$z
z9EsnTiSucgxwDhlJG=HR68QQ1s+eB5F>fYkFMMO)bF)ng^CcKD$_{q6LK~h{RJ6X`
zC#(7yieTd;Skf<UOTCS#!h-MyOaL$yN{ETke)K3L6?DA;ZLWJ<JXzxinAcN{0qm<!
zCB$C>8~#;W2Ez^3RBlAai&Ez&H52(dxp>QdWZ!s4F6}^F85R5@z0~?Bt)Go=ovOD{
z=1bnl$+1@Gz%4-0S-+1%RTptHAA4s<zjo=d_k8RHt-Z`6VpT?9g$2{me}L@f@eXgm
z6U;ZODBP2n5?|X{_V8Ho7r38pf*tf*q^*kEr{nKIba}9?+lLc9l;`merVA&-%Ms))
zh?*FV5bTB%ngwXwEW~6H372IQSfM`Nn477nP7`EgN|?kM25z!ng>&?g!5Uejs&9P;
z@~(hNmB;IVqf0IpnW2i2gl}P2i4%?!Rd7-7<uZAL!W%zIdgYDnwa_yfPB}79HtI9q
zDWR#13SAhXuHKuO-|^=@f3T3~NKQ^39uXlTBI4}SU+g>x_%E93>Q4=2FM(6lIc5sN
zpY*j*gr<N`Y~$8JnjfSwLoi{K31UVOw|mO&;AJklVv>l|Lp>D1+B`*lHg}1lDl)`s
zbY}j!dBr#%eS|t_xdT(*R5CR0%5(awWW+y8*02Un_Q8W8Q0E635r}~<oo&)f&&kOF
z427~XZTQ#9h6ba9<~9TZ0YYnbX`d@xG%VDretr#7wy3srw0SzZ4_Lq;gcwMJUGAn~
zv!k|_z8`P3$ag5^4l?m<Qr!BeP?Xv6Vuihxi1N()5XFX}!{}wdJwzQ;3Q!H+8?cN3
z>KNKf3IwyPjEo71iFH1^JZ^^C+RhlXW#MDMB768SxMl;Nb$}sBs;Z#}OguN{c74F@
zb|DZ#gyTTQ0BdvRqw~BX{KFeyMHFLaXQp+HM(@m!&E)QTYI5PRCg$gLRfafJNn%Tn
zK`OS(xM=FZ#i3R6C>-Bm^$+-N={ZEB!Kb2|3sv4I=t@_HBQu4hN7j$~&C!E;w$LKX
z=#=AV;Y!r4<J84jQG=wib{uT?S*E*_?nT_r{$#QvKsfA~qSm)mIRepkrxi?eF@o`j
zo5QEIn#DdUyyZQ;Dmgcw;O}nAN{t$O5#NOkfRyj0j>9{8HjkYiXlV5A>{Natg_{6f
zR}$Qk^+uB*;ukZXd<Qe42BY1#MyBC@hN86|>lYsvKk~m~u-esnU)a#d=vkRw8l=ar
zK{pqxC!>TxQl_0ilchjJ$YM=4&KU9hz*RMQHe4f!5rYO9KVz5K>SmX!|5Rcnc6LVg
zmHk@CWV^!ndUHhZF)pQSFY&am=jx2neZ_W<I-?KC8jIcCl;MZj+1Yn?&gI&oGB;#3
zFd*}D=RPl?fk80jUGn9+^&|+PtANV6eX_>{JhHV{w2s#%<Y&A6H+THEm*$3jwBfSn
z-#wODdOxL`%TBIulwP%7%H5d7r6+l|1(7ha{jOnm*Zqty1Ofrc&*uXmi6$l{AT9!x
zWI(qQI&&ut3s_-KUVU@A4T4nYPeAqpDKw}(gGkb}8f2e^h4!AFHRa{y85vJN>xir@
zGLHwZG5+C-C<+}oA&4y1h)}2ZT8~Y~7${qR#5F5MC}NBQKKj}=<{obSl-{bm<;2nF
zSvw_L<8cX5vOyEg$CkD+OQBR+TRl{R8ZOWUysSqB4^tv(!(<M+pOk@6K`EnV(~O=D
zh$q_XX36LzpwHH9fRq$a#S!biWA%WRP*L$9{7~-FbBFl2xRyB~P!O11^&Os9#9NGi
zZJ2-GSO4^*ErBC!v0_~ZFRp)2&`%Z)_vP3$M46*HdYUEU<W&3!Q1I#@q@||&6P*2t
z)%o`t(fs?H`o4|6ANO$KkiH3`izwL|QbE{0Zn9`P0Mk<N=y)iuDZm2Lzh9#3A$Z}i
zD*2k=?Z{4>=OPp^b^xLP_dx`6BmgGtjU0w7AF?k~G>GfS@x|?qZ0rd(rej44(0w2{
z_|JXqs)E#-X!`LtTHYj?#i>?rdeZF494+)81PJyUcg<3${3MEbPCb7Jfsd-jsG-BQ
z&!u*${nr*8Pi~IUsQBdktT1@VL`6tQ>X$CPzmny-R#ROK8u<(|2DWc4ffRy$wXO#U
zdoK2TD1spuLJU%`coIaw>LQw^C1$;$6K$o}W9N9gGN7doRil#G4d4xMcDIx{*>ktO
zq;B21B@nMB0~gdB2I&Es5f0||jh{6%^RTi~S>{<jF=r20PKpx*z?IN)<Lp!5r)L+D
z$Q>nM4uwTUJ$6?fK4lx0D%{-l5tfverW%_4<j(7|laLI$RDlQrvL1-|r>Cc9W@bRt
z2r?i^&yB*85<3&lyZ_te%h*dGA6eG9zk^0T?Yh>Zgx$lVi>NMTKkuh~z~V-Phx5^Q
z9UblgIiK|kL<S?EAYO9D1G!=ZCl(iS75#?~D%w=TcT3-}G;47yaVNub;WS!;rtxk`
z<zA_D9lzFs*QVp(P|_HHsl~;~@V>bX5pawZkHvj!CO&_FzB64^#GhS*4Ec}M2Qsm&
zCSJ$8ge&{JsN=?k!-AyrAK5S0s=qbL?)nWeG8#>(?&9_oa12-d3wUqVc$7Betfu?Y
z?!&XPl<cKtWlOYWW>Ue1#Kgpa;DZEFGr7*aR|aNP!q8_LvqJyta*!}r51eepo_`En
zSM2-*MUY5QAP`>PBA!x)S8nP-$Exi!ILJq90DjT?{bA}LUI3L_&m8~&UO$-oDh<F7
z-mk;MRFsq!78XE5mz6V!iBkI*!fd?+dBpAQ%JfuJRfm(g#QsB!Bm7Y`z3aG52DoP9
zxE%{M=0yw_e_%jExo^d_Qsy(QJB?jahYv=K`@Z_}$~prVs@3o5?v6qtJKt{0KKT!M
z1TjRaA<g303#MJdQLMa^?4VRR?xA<uCs`!af3x>xd(+#vZ(nWEG`GAWw8p_S6+4C`
z@Bd!I`afUdF$ws;y#(xkZ^|h<zw39&dp8dDJ@vSNc%-9ue{b@fV(cax``6=(-FN5N
zJlh*v0kZy<0#+jX_h$Hq18W|NkOi?6aO}S{;lY)Y1jn1~Z!3{{IUPL=96t!Y|I$S4
zc`{f@Z^uJ_#hlE+!Q9unkF6}D!-kf1a7+&{SCsJ>zO1qWs$kn0R?;kbJN;<%Ni-Qu
z^FByA($IfiLY(S<_`>yUtVCk#VE>(+e%sB60Afv=Uv>E2Ds+SK=IT?Tz~>(0-rx~6
z?p;sK;`>!2PKrW%dU#w~*qsL&J-2sQmDs=wCSlO9%XD{jscCA~7!*x>&Mzz~0$qVN
zh7SPvEAa~y*-=1ISZ88^<N5I6L;L*D#Kfo4(zNL{qd+uhQ4~5y9Xd2PsI{880kY2O
zar+z3ooXKg<QX)$R#jDbZqDp_Nr9MUKP(vxHGQoS7atFJXdN9L!VTr+-#zNeMDiKL
zGqo@)c&PXHovNy;0&3X=^uD%sOlm6401rQRGl%)Q)n<4G)>Oy~L`d8?;B;P##X^;z
z;?P}!t1ByDyu`qpckgQ9@aVbEz;b{&cw4SMJ{O}KJvZ5I;=p*;NXk+!&yA_&&COBx
z;BqMb$np3Ko?SC%9}E5Nt9T)y>f=XH7aA<Dt@Zv+cL;!p+;4|qZt4K<830`Yz}rdI
zs>HZ~#|{kOT0o)9h!9`~<!2J|BLMG3e16fas;Nn%!T~~uF=0w-xL=?MC9DLGl>DkU
zw&d}!f8GNPx@+3NxO;ed4p5J_lz`}S&WRBwHUV=Nil|YT91zydhmiTaTpqxW(PcwT
zuKxryPQ8E|??Iozi8#?o|0*Rq<s-mY*y6mr>$mTjnWcBk2PRxVg(`69j3LO+Snavt
za9_FEH|OvuDea?z-S#Nvb1*am0|S7lpA&|vfUn>g0$Ca_FR!1U9{`|0<nRlTI@u8&
z81xOWEQirN{VUDQf%uId>+er9CajQ@l$?l;{sLN0+S@}uk&>6><^oL10W^v6oflYV
zv^HgV?m>AjEua#FEZu#5=0v-G;0s|!+GLv_-^@SmJpm+6@HV_?<zzu(CrayD=ez*&
zI<d5=<FBnf(9}e5v%b3e!}{0$6O{{N`&B)@eHArnFRC*M+zo(XY%?1lV4&=>A-iC}
z1Q403<ckvj65E_C?DDcre3xa-<ZKNB^uRBzud^~S=^Gghd)O}hTj<`Pujcsi2Y7li
zNIx~~v(AOM<B`~3ily-o%quYjPR(2OOHWVm!Z4!4@mb9z?84dZjpbupm<A}LR29X%
z`ut=7cefGQKIfG5?VZ9o9$e2qq&gq1{i1aho#)xM?%~^Dyc@bB)BwH^#>0}e8x+)@
zsdgyEHl7SA_zHaJ;NS~g!2GRqTfPq>t1Aa*E)@*hR*WOpgP~>br7$_5o|2iVsB#Kq
zF`zX7h~|xmuz>;Xol6W1pw{ytCr3C^%VEJ&B3Um0goZ<m&8DO~*Jv0&`W^lRL8Z`$
zw#WVddc=FBZw>RCn!(h+{`|pmzz==l*h+_L?Etjnt3CyVg+V#m7ACbW%EgzaKo$;x
z)C2PYfPdpguOFA~8!9SX=i8|YpHFl1@wJr_Q~<mmAidrL9lKaC%DSnOp!JM*3JssJ
z;n(nUx&#EINq3dxbqpi?@$-u#wfhady~Wp}iy$)WKY^toJOo9fKPb<E$fCcG%pdS3
zSiwmIo{$iNE3{>>;RyIDx05TtJbBEsvjGqqzOWab0oe)B*O@~<_3LCr9fN*<Fi$7n
z^$hb%0&d(urmEhGM;)lqWSxd~0KtFx#>lGdVpg$Klj^lJNG>ZKFjcT0fl?KkDT`3|
z(z{m<U{YS%YlCBB3HHav|CT~#6c|{ZdA^#3y<nL9&{oV>7jWfl!DRB-RZ?!m1(Z4c
z=Z2lqs;c0!GpE>Z@VaB25unN!3W}=Fzh+NPPa9cUs?W27FS)$;w~Y0wU_d)!39Xf%
zpHbz3F@VvWL@t^gfs&bg)0Ur_T0{n<(p>#{JDBuayWtPof+%lKOiTzdYfFFFE5ajF
z{Jgv%3I}Zz3clLf=Oj!XKaL&FFDMwG(Oe5K{nvGJVu7gSdYYTJqFj_St{wug`^v#p
z372AHhoK6CB1YG5QEwb4Ba~#NUtKUTG(?H`1FV!jA{(T{8!S3(L%eiACI@Gxr=xaT
z=bV7W8v$b}ph~zoP;M|XN`9QsBx8EcSl6c?&~W~7ZmvZT&ftF<-9Ut9%)gXS3v-?J
zpC9?tdE$}YUj|POm2>A`nh648;DG<Outcywo%CN8<1a7!+uocQxqn#x|GEjtD|E8-
zBRfA*5KyGFp9B=YIf~%DyWzl=|49TrNgRGtTL9yT03f!&z2oiLNdop4dGjP{{k;lc
zMLkDwE#PhKU!0n@q`w}JnPC2UfM;J#g<7ZN*!1u*iiKgFP}d|EGB0<ss89-;>00do
zo6~MELX7&)^fT3rR@Jv@n1N^Z_MhntB;+p3zdn}+KIU9``mtX+I*J%3SpU=E(60;m
zxME?q9oMxIgs|>D`}_aX0Zt;5tJ3ckgS>Jf?JU2qDZ|0WlPawGdoj&dq2S}^{y+I~
z#=DrA>4sz@b`CC6Pu;`CHlg;2pU(>b564;P4Vo#$EP>?j=V}#-yqh8YZG{5n$dU^Q
zF=KrD_a0ET3SA5P^OImNL(J4^e?PDYWoyEf3F2b77N$KAVa*sKeE0X}^a)X#zj;dY
z@jwB^4BUwsWBZl=;RQF-Atv1Q%vbU#jsq)kR_wRtoV>s~A>zUKWzlT-3z{)5U_*ZW
k@c^79{)PX?zmYiN6nzt{wbHp`0`PNJSwpE<!Su!d0*WYxUH||9

literal 0
HcmV?d00001

diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/main.tf b/examples/cloud-operations/vm-migration/host-target-sharedvpc/main.tf
new file mode 100644
index 000000000..803d1dd27
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-sharedvpc/main.tf
@@ -0,0 +1,84 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "host-project" {
+  source = "../../../../modules/project"
+  billing_account = (var.project_create != null
+    ? var.project_create.billing_account_id
+    : null
+  )
+  name = var.project_name
+  parent = (var.project_create != null
+    ? var.project_create.parent
+    : null
+  )
+
+  services = [
+    "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "iam.googleapis.com",
+    "logging.googleapis.com",
+    "servicemanagement.googleapis.com",
+    "servicecontrol.googleapis.com",
+    "vmmigration.googleapis.com",
+  ]
+
+  project_create = var.project_create != null
+
+  iam_additive = {
+    "roles/iam.serviceAccountKeyAdmin" = var.migration_admin_users,
+    "roles/iam.serviceAccountCreator"  = var.migration_admin_users,
+    "roles/vmmigration.admin"          = var.migration_admin_users,
+    "roles/vmmigration.viewer"         = var.migration_viewer_users,
+  }
+}
+
+module "m4ce-service-account" {
+  source     = "../../../../modules/iam-service-account"
+  project_id = module.host-project.project_id
+  name       = "m4ce-sa"
+}
+
+module "target-projects" {
+
+  for_each       = toset(var.migration_target_projects)
+  source         = "../../../../modules/project"
+  name           = each.key
+  project_create = false
+
+  services = [
+    "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "iam.googleapis.com",
+    "servicemanagement.googleapis.com",
+    "servicecontrol.googleapis.com",
+  ]
+
+  iam_additive = {
+    "roles/resourcemanager.projectIamAdmin" = var.migration_admin_users,
+    "roles/iam.serviceAccountUser"          = var.migration_admin_users,
+  }
+}
+
+module "sharedvpc_host_project" {
+
+  for_each       = toset(var.sharedvpc_host_projects)
+  source         = "../../../../modules/project"
+  name           = each.key
+  project_create = false
+
+  iam_additive = {
+    "roles/compute.viewer" = var.migration_admin_users,
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf b/examples/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
new file mode 100644
index 000000000..3e6d553dc
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-sharedvpc/outputs.tf
@@ -0,0 +1,18 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "m4ce_gmanaged_service_account" {
+  description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
+  value       = "serviceAccount:service-${module.host-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
+}
diff --git a/examples/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf b/examples/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
new file mode 100644
index 000000000..85f333ce0
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/host-target-sharedvpc/variables.tf
@@ -0,0 +1,48 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "migration_admin_users" {
+  description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+  type        = list(string)
+}
+
+variable "migration_target_projects" {
+  description = "List of target projects for m4ce workload migrations"
+  type        = list(string)
+}
+
+variable "migration_viewer_users" {
+  description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+  type        = list(string)
+  default     = []
+}
+variable "project_create" {
+  description = "Parameters for the creation of the new project to host the M4CE backend"
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = null
+}
+
+variable "project_name" {
+  description = "Name of an existing project or of the new project assigned as M4CE host project"
+  type        = string
+  default     = "m4ce-host-project-000"
+}
+
+variable "sharedvpc_host_projects" {
+  description = "List of host projects that share a VPC with the selected target projects"
+  type        = list(string)
+}
diff --git a/examples/cloud-operations/vm-migration/single-project/README.md b/examples/cloud-operations/vm-migration/single-project/README.md
new file mode 100644
index 000000000..d196ed8b1
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/single-project/README.md
@@ -0,0 +1,41 @@
+# M4CE(v5) - Single Project
+
+This sample creates a simple M4CE (v5) environment deployed on a signle [host project](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#identifying_your_host_project).
+
+The example is designed for quick tests or product demos where it is required to setup a simple and minimal M4CE (v5) environment. It also includes the IAM wiring needed to make such scenarios work.
+
+This is the high level diagram:
+
+![High-level diagram](diagram.png "High-level diagram")
+
+## Managed resources and services
+
+This sample creates several distinct groups of resources:
+
+- projects
+  - M4CE host project with [required services](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#enabling_required_services_on_the_host_project) deployed on a new or existing project. 
+- networking
+  - Default VPC network
+- IAM
+  - One [service account](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/migrate-connector#step-3) used at runtime by the M4CE connector for data replication
+  - Grant [migration admin roles](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to admin user accounts
+  - Grant [migration viewer role](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/enable-services#using_predefined_roles) to viewer user accounts
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [migration_admin_users](variables.tf#L15) | List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format | <code>list&#40;string&#41;</code> | ✓ |  |
+| [migration_viewer_users](variables.tf#L20) | List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [project_create](variables.tf#L26) | Parameters for the creation of the new project to host the M4CE backend | <code title="object&#40;&#123;&#10;  billing_account_id &#61; string&#10;  parent             &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [project_name](variables.tf#L35) | Name of an existing project or of the new project assigned as M4CE host an target project | <code>string</code> |  | <code>&#34;m4ce-host-project-000&#34;</code> |
+| [vpc_config](variables.tf#L41) | Parameters to create a simple VPC on the M4CE project | <code title="object&#40;&#123;&#10;  ip_cidr_range &#61; string,&#10;  region        &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  ip_cidr_range &#61; &#34;10.200.0.0&#47;20&#34;,&#10;  region        &#61; &#34;us-west2&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects |  |
+
+<!-- END TFDOC -->
diff --git a/examples/cloud-operations/vm-migration/single-project/backend.tf.sample b/examples/cloud-operations/vm-migration/single-project/backend.tf.sample
new file mode 100644
index 000000000..4f2bb3365
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/single-project/backend.tf.sample
@@ -0,0 +1,20 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+terraform {
+  backend "gcs" {
+    bucket = ""
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/single-project/diagram.png b/examples/cloud-operations/vm-migration/single-project/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..b47bb2951ffc6ab68ddddb8a3578a951082681fd
GIT binary patch
literal 26745
zcmb??byQUC+b$_BB_JSO(kd{BNT(pu-95yBAl)S?B`G5@AYB4Ow{#EELxXgKbe+xn
z{?2#4^VeDDtixLSAJ(2{KXJ!(UHAP&sC<wkz@@@PK|vvSCoiprf`Xa>Jf7HSz<=nC
zXU$Mhz~b+uB{V#YcAK?7GHEw#2=O+a%i6!6qrR>rY&_vVsT3w9ts?ejbF-?kEMiXj
zk=$U}Fj49-?@;|-ajn_9qBr||;fe0w1#jh`1@8j_Y%etCw;~n(D;g|q7~yEe;fy%G
z_ZL{4C*Kp;NOgPZT6j+^)>}v8<e9%tY%Lz*$upB|{f$D%GRBvvgn&pQEIu>B<K>w-
zpTMG}8FgV_av-1Nn7$swDOXO_x?kQy9Hs5->}*N4I>GK!7lGnn;Zj!MeOpQB={I1I
zLLA7XwIp@K4_3HtCJu!8YZ}7J_y7M38|u-ZB#(D96Fj`b3D(SguM*aRNY)OsY+aKU
zW2C*lVM8X@)gwV`7X@4|^_<TuFB-+d@Bc#A#C*8!R?EBYuj(&)#7f`R^YZp-^YR>~
zFvLG5hYcZpwh?(>`~Hx1ah{j++~4J_5#C?_p7CGyyj(SoXuY(bxQ(c+RV>vwPGO7x
z5`nOSh+2XZ-dXAvu4K08UTyk6l~h^`ZoT%k71!+vH-Kpz3BOe4NK&Y*d?hU0*wj>_
z^88|gd57fTOKFHawZ5p6vpTo^)+61s1^;=zp6Xb!vpe<`<(RRW!v2LqsT_!nO?_U?
z-B#6e3U^*_ISM)J^MIxNE*8t|Z!=Qot{&W6Tv}RFPsmd~e89PMwNiv>DCEAX{~m5%
z_Rj`{fY!vz|Foa7G&8$go}6pZF2?7w^m7ix<tmtWuxPi?U9Bi)W-_*TaJ}96aWSq=
zrUgsWU3a&XL=To)CLVR)7rWY8naJcdY;|7cxx4eY>p#^$zeSVs_PTz8JHT3RzDjy0
z0XvH+gY2c>G^D)aNOE&=V`I+sx_neu=iTUiDbvFWuc=mK<}65uLV0<(%M0yvjL1(?
zd_;x@2hnZ?Tu*Nz$Cwmh5WSjtF>Z%l%B^pynMU*c_HA4S^Sh)x0xkp-uJ~@zBTA+A
zA2rPfieiXWmGu36H&o6$-)eu(=;_)XCRT-9iyK~>Oih1RDfj26){Ubs3-^?)w90n#
z(fyopsyN;7vv)IF^7;HL0}NVyjrR(Z=PA#7QYLh?T8XHI-m=l8>2`q*y~Gt=f}9r^
z%h%O|K_LvPuz}WVlgrwBndAI>`0<dxLH$Jqmw=kks{#_<94(fVV)Ave`E(W>g2noM
zr@b!;BzGWbRlx!fACl_nQ+#YM+~oP%3Pq(6TN}vE{ubn5v!C<1*UFzr`m*9itOySO
z3Z{v}-h$$=k-h8KG=05GS5{2tT<i6>m7kif4=WO)!fK7_K^Md5vskga>U@>be0(`M
z=AwQQFP$P%*LiQesGd=s9TP~8{JVjrh3@=+b^j)?4Y%C2YYvIX5+Yj)yWro=2$hY!
zz1h6Iu>{>m>VABgY=1|eSClKr^=fjat7CY$ePMWXsDty3Xm!1#kNrD#@HQ?^te@)I
z(*8bKdR$~Kg5hbRx(4MlD%B}blez|&u8p*dnM!Zf8O+9r4CLrxME>;I9X}&Ec89&<
zy@#!vY44c4V<w8SqZqH_eZbPs&cDxmcy32ty{)a)kbci7{>6E`n>p9}`q33u=-CJE
z%4Bh$4^Au%$H!+KVW)W55z0fqtd|3(-@H)On$<FzS`d2EG5b^d&_)7kYpZkjS2*|j
z9_Dw}TGn+p<~1i)ntyY!bDCL>V?JrY*z8tR=$WfuvqBmxQr1pa$C1OK8Re}ypa}n2
z_mqtEeyq!G*ulv4G&(9Oic1`QpwsM~<Gr}?JqqhZ6iu}e0c2ocz=m>02Nz}uG3+=z
z?7g_??A-+WnkU5is~nD5Gcn~zNil5-aWQ)7{iyAUk-SBh!X_EzYhC%<%LwjZNYBuB
zUfn)D5xcuR{v5SDisL&r&;)vp%Dz9>;=Ozz2BZ8E0iALPz#GXXZSO3m;H`3A-_b4$
z#EY+ZcXk$|&110AU-3jMB%rn4(O#SxCpNOx>r%l(<GU#$r0o#7R{T*-kH^tmMSm0#
zsN{RGG-^aI)V#a9>vug#lW3B#ztG}-ay1ksme~W($+7$Jj*Nm0t#I>jJz8I?s`zrP
znx`yd`a{h-Y@rH*)AV4Im0NE@2ZP3==}B5@|DCHLeL)A*q0d2&;-~^TLc8)UOk<NK
zs!u?>WIh~-8di$3a}guni*qREeVyi+7$m9n<C+*m;KrC5U3;>VW}70O^3LX|nqj!c
zOL)6j2)kl~2Fcdl2LcSnIe!cPowDexO0O=HkKaiGmr;+95^L`{N-uJGEp)tzkninL
zG;|H4q6u*c4(OgHDp(rS8}QIk(oj>;>gwtWVMACO1h^emaUk8Lv7o0Fnlip&e&|`S
zx}u|YUus{Em%*%G9*1hC3>(+EiBC)@YG=rH;*XTACu<qsTw2G)W2svth9@D8SCqws
zh3bzgB`wm!ix6UWqOnVoXJ!?@`a}EI_qQjFZicuEkN+NbAnE43!}-6h<rB<z=m<Rj
zuB~ToXBUP8f2T0QU220_lXl$`X#T|O8k0<8e99G{;gp=;C8#y)4->S<(iIZUZ>Q%S
zRg@N4oYueNPYl*q=PHSPJ5zK`s84oZ5S*4FSbSF--LAhq!QeoARMgL|cpA9#se$3+
zHM=DHrn=&q*X=$<8*xh9-?6S@<xCl+4@yVH(KfEG)uqi$qAxL96HOGX-1et0Fx<Jx
zXddG~&b79{3JqcCQ+oelXM5jpf@%HFpC`u#o$3+{rZYm9WJweCo|rW0h9b?rSKx$_
z5`K^X)Azr#*I#9(#wU5Xk49*+F?1?CcU7hkV2`Z;bRt3sNyHDBQ@QnGz|s=pqy6A`
z6duKNX!h62(F&(BQk2@PpB5%dmme~|ldP{(EURN-hz<4j7ZPa@Bfn5%iJ_5p(_rX2
z^?eJ#)1DQs4;Uv*6e=fZw6~`fZmbLDdR9b)%YY{N0awjLFVk#_$53LVK=Ny^CXBSP
zM>%ed!A&YW#N=l|rK-R8RfwXzH!s6+gCFVg(;#*uZgSM%xIHuS>20cX3D})()4L-o
zGyW{xonL~`+ys2cw6nB@yTiQ1<EZy;9v>oU0|v4X)|;d~@61QAQ~c1<do|mKcC^cx
zM!O?T5LHFF`QBzm{>4T^`6!TI(?g;6m6~^ip(@_{Y5uh@mvfRwoTHY+A9HB>t`y?U
zEx4<S%4?m{e&MRnc}Dc)YL9T^(+S=wYKVuNil(8KYN0jibQt~f)}I$gq#IG%4n}p(
zQr_*$F=4g--g0bcEFVkDTH1%k&W}%pDaz*F`fpuz6$|ds7`F4GV9uYN5`=`v7&N*P
z;+Y-o)E)#|PB|<L4E6&#V+FyQEbn}b+s0M0c3eH1Qnt`=edy%oaCdXlg4$>DycbQH
z5odyT;~gCky;gRce5i%7^u5`X9sT7fVy{7N49ZLhve)6U>r1;vi-=BceM5c6^UmB7
zgMe7jn>UYo7reuj57yVHH<wmox-YmwKuoePND@-JEo1g+7qE47$YS=68{9g%N^qsc
zt<p4g9<Tf)!Em^cu-m2F`(^;%rI8UGkg?q)qU4lEeUl|&VgE|o^<Y2v_ja=1va`I$
zcv4hKaP<*|{_1%Dqc*40W6csEOYtu~g{BTeIBcVep=~pAvAePqE;j<({do=n_%kea
zeTYy<8z_H+oN!2?K3M?b+iP*K(4s#kniVT=wX_=%%vbZHpc3`k_M;Uh`L>~qr)8!K
zyf07C`>vAZqLx?uOw5u0W|7*L0`$nip{A)?^Kt|_aqr-JafI9s*Q-AGWw{#HFCcg6
zEw-k+vEg#vDHXr)!)SEP_8R{4=h7<0->CzC9&U=wSTiXu^vb!W>$sCrZ_tE*tENEp
z^H!$~2}v~tb9F^mNP4;dVOMc2Q5XF*Dt&;^3r>D6G*2EXY3ZIogV^2lww9Ut%ihhp
zlN84~@5{g>aUDrDj)q^z1hwC@NMRwk=}cJ7<J3u`F)%L=dzI&IxNhQ(qlKM5)(g^<
z)VHlB+qC$;a8yk~NG82eM-79y3>7r>JFXr>!}oNk6o%IU%uv&nyVl-QW^K<KBu<O?
z{x#X@JP=|a`6@`5Yj%8YdynGc{6rfYB8y+5!S6CXEBtDoUh7x<NX#Kj$i~3=QPe03
zrZTUwv=kU0RMG8zFgMi8X=);Q5&Y*dJ4a7D03OP4vz9;f%{P8(&B}iK&FY;i-<zHy
zZzBu|6FC=2sy7ku-eau>Fj$nV4sd8i4HBz9#m!k!_sm4oY_pr%v_HR?Lk!~5hm({L
zLx<j2gFBG(bIl&?A6*P^doh18Dy_S6{&u*jN|lyQA2B1j%I^v#Fq&a|2C+Nof)3pq
zrg+yhHH*^JhR%I*wTHmWat>~~3yQs5Q+ovD88u^vi_D5N{c(L_Ku>>CL;3uS-ZARp
z;6IicPfkkc2~~Jek+^5$!TjY9vBC8$;YPdgvu^*^j{>Zs?_P6D(g({E^az>Jb%N<7
zwcHkxcHEn8(7dm&R6oC#e=QPyN1T&uX@O4KmK~jLZs?n%!6CD^yZek}nQp{*R8C*X
z5WTS^@H<5vMr(#lw?VV#`G(?D0PQX6Gkiz|&O57Yg12b;bZ@=TWCtupOnIMtxW)>7
z{kqZB%@rz6U9h*lwYo~j|C)dB*x;K%j9y4W2xyfy&Cr)T-Q#HE1mCnxt|uIO&6OtD
zpv()%%bjooX1gnJmFMB})~4hgtUhEq1?qgTH{r>Ei)J`RJ)akL{4wXY$~5RXyt-Nr
zKh;=^>9-{LQ^~&O*>fUv#vypsr#jbFay2V0JbP2VGQ;{w1mCX)O!sXh*6P<+L~j|<
zWqP;vmxIACnYmsuaAOg5ZX?4&bdsg?-QrEuN~qC-I0W65ea;G|EqoS|Tb!iidh!>V
z+|X~`qlcXFT3VD}BPa8J)o$O9Y=Da|dQMf@s?F{^(-kUeez&rcQaMMD{mrKGd`?j}
zub|>e6IX$%+=h!-rF&A8IT=VlHkMt;&M-GR^BEt1l>BgGi!>k$AFK7atJ%N=BWCZw
zzab=qxNqIvzcn@ETXa*>L=f6@tb<<}GJz_+Mp7M2r&w#`Pm&n9C*<_s+0+}0V|#?9
zK7Y=C6Q9oHEbCLOA_@|1XTYI)_N<!``)Lo`;|mWxCop;wQMsqbrKv=jRwLGLqB_(%
zR>Y%8^!|5+Tk^~GdKkWCv@T_PD65A&g$|O*J*tISO^+)`e%0FXX1}1&R!%P1&e>ZI
zmIL>lqQe<V%{9*hK_c6xx`@Cq5Ivc=#5NVtvq$oQ(4f!{7%KGRbvhz71>s5xa@~;@
z<k6~7ZLOT<nx+0SZhHO!E-rT$7fgOsiTkX4WhOJpU)eY4QW6&QU(*@w$E2v+=6{Q|
zQ(v52RNOAubcWRo5AXBv(1t#0CpK(o@Vu);fQWzUULR!UC>^$z;4vu$45~QiBH0zg
zY7|xbYhL<Me}L?HSB$Lf)Z*bPb|U%AuF#+y9K{Es9ygtRN-CP@@bp%n=Ayh9JT&6;
z<>^PG0WUh;{jZNCWwjoMfu6I~nh-*WRhPwQPiL{w>&MPiRNu`In1iqP4=8vHn@>CY
z$Szsc^iAAdU6b6ENE6$O4rZp0NHjk*4Pevg!9BgM2?@3kk4*P^`A7R`k@jb>QXunK
z7(~^uW^oG%nClWk!k2VL4EhQaFh^N`XJil(#9DE+nLeW>)1H~zqaYgm5XV3h^-kVA
zVwpIbz`h8)i-rt<4Uba(X(b+wSkkc7g2{V3)ztW+fYEDYDad}N)QVB%TdW^&H#X>w
zfj%DW`zCg>S({PCvj(;7M_k4%Z*}i4A77mnBkd@zz>O};j9(S@$1~)kT)l;{d_EE?
zXNISC7F;~ZiTNPUUFtB}+ID;;x&<bcbr87ep}^S^v&Ww;>&v^0emvRxW!o)i-(|Mc
zL*|^hm4L0n<A93<;kMXK+jF=(_e_q62v^6+`BYjbB`yB*?y-zy+H1b+n`2C8W#%6g
z<#Qz^WdLlF5z7$03ziz;Wgi|K406YA|NW|JfP;e$De7r*{iD7*8q+sQQ4xC$0TV?A
zq!vtv01>Fh-Gxj;b7W{JFe7{_?vjW1g!k*@q#*LG8^*`#bH&Zg&{!0|K&U*k5DG(c
zba<ppfYu_SSAaaiis&45E__SeG@u0jzU>TU5}KBQnP^^%zt8fcMP5EkPPSfCLqluc
z(?k(0j98MF@Z??*kj-Rsivc*L`@!3d#Nc2>%TI)Mo*`g#tv5YZ#BTEqp2CeP0XCg-
z=Le!-n(t=Sw~`edq}E*6XlOcFw8vvH%gq*)@7BhwUy76b9)W!$Tj(*3V)DjJI~{d9
zU0IU|?p|m?%@SI|Y<m1YDq5fU+qD0E$If*~4g^x+eBg}gURJs+7S(gJ(Zw|2+*kR2
z<oCpyX4i31<jL=%26u%${j8hca_(hAoW??y+ZN*s0bdGIFBGR7R@=_-@Y|0JR5XJA
zlIk*>gqTxb(m%H8TEIkf1BBXf&JRUa1G@+}N|6{Nz12m8esgPj`T}tn-k5R#Kr?{a
zMJf)&55dBU1^1_s!odc7Ri9EZF%0LLKb=Go;mh{0&efeP&C(4Yw0=QMj?V?XeeyH<
zON<ns%NoVgZ2)Z<>a$HK%1<B}8mB*4l*r?s;6|d<9YyrD+@XpOb<B>eS4dfEDj6@L
zNX;gy=oqSpE#V!OI)X`X^HEzuek2N?)3LDT50CI>y(CfV`~pBlZ0=%PTVfC+JtmT9
zgf%~J(f8u%EPk3YPX1^xG=C)4g|Z#qC~J)t+@YKL2*aS&dGG7l?(7;K1@U`=kpZ15
zCTZ#~4hg?MRp2V~E@t=3TI7hfpw1oQbw)(k)Q1lQWy&(1H(i`~67m|mF;TqIQX!O=
zoE$8bS={_)Shoa&^e*Y4{u2K)zfWr<=bf~a3%G^)pyS`WI>XBme8`FA{WGJpEv5Dx
zeF2BsQ=fAFc~(U*G;ihRxu&Op)@6O|$}V1+?|$i^jpnzf$h^r%^jXwq<ic1fnY>1g
zAJ^6aVJTjQF{8nEgcT%;Lrf&xR}F76P}4%Spx4JBMq$nB9}q<0LUGB;Ti22nOevd3
zV`(o0pjDQ#gr&e&xe`nS4laS5Mc5tj0ZP2K<HDMu>@@Wa19?g^p12^wt$ZdOOD8?n
zn249(JS{z)lY?Cb98p3UNc(hSX~l1&g}ZY1@8E7k#Jj_&M#;$6#NR7@S8fg~&}&GK
zSc6`pP^ie#3yE+`PJSsxQZFuVMU{Ow5cx^>vv*-Bw!#UHAxpf1YO9k1bqmIU<l$Rb
zP-xDzxI$6GPgZ-B6>RnDnD@b>c|&io0!OK*${HIyvz4qQglZF28Zemy-D@4^ot&M!
zq(7*#6sHlD3kf%(yE(CcGw>dsMsj5#mJFb(a9H3_hul<|fy{<EZ&~+tqvglSk}`tJ
zO4Es*i;x_GpSqa?^Y(X+0Lgq|eB~(h>3)pOhVEAJnBrdfIOXcjpUGhH?CGCuKB?A?
z5|?2u0;v1WpWnZowcVASY;?_>se&q}FQnVbD(W%cvAB<l&)VZW?e8C!LOzAYeYwCk
zSnBR9Eh#%A#Ai%HC(1D={d9sGzv+~Jh>}-P5%Ie+vM%ILYF+2o-;szzdFjvWTi-}Y
z6LeCtib4rWWL{4$jDCx#?qu#{VP^Q)q4z^=wN@+3NqJ-eJR8#aWG|TwRd%}f^Jkeu
z7bhni5qGz9dAK#o1_gPVp5EB2N+ObOwmf?Hv&_`EzVqpkN9Crg6_5hSws1&6Nf{+2
zjg%O+-l$sR(Yu#U@4%t4T8q;m>D`N2V@y#wN<W&Z`+9g)GVQ!q?>cf$J1A+9xW?iN
za5@O#{_K-YO#wH;MUOzx-cqbrS&_T*=zK?5^lK@}eqqhn8)9tpYMr0%w(&_!l~IZc
za+j+;XG+cHSNS7E2-6Ar%5Pxwv4kqzGUMjE-gPHgznM08NaJt-qWnh#rO-hF+XwDj
z(knYpUx1uQM0TC_A?h3MsnX6f#gwiujL)Qop23?BvYQeL?5VW+E&^lNQR!Y^<je4d
zhqj^l7C5QdIP#{?*uClrbvmRf*%dj0JoYsSD#pBf)6g)0so4wJSl<{$*+h--Yw!?g
z&BDIzCBp^nr&LcFM=c9rNbNx`Z-V6c`2+>a7imd1$u-s#P}oB<OLFg6v?p~Kbw|rS
z8F3_4pz>V77`<d^wzc8KOA{GynsMN$xRjT<wGP{8g0pgNy`-nS>{=lAPg81ivq+|_
z)gmJQnYVCDO%Nzn(N4d<C~sl(nm6ELX+a7@!eC<hD~Y&J`H&9~Jx?>)e}UM!^EaEw
zD|aP1II%1NOnIjKy^S|yJz`4;GbnVWC~q+6)z9hSVFnISO)&<@E@i#fWsxd80xsCy
z!~A0&;Qh1f6i-PqzkW+Ie3F?)_T*}Ca`JBdlzKVd$@f>T@iQcSJ=pBkJZycracl9Z
z^AJC><ygI8gF|0d1B+nN_vEWQbHuyCb6O;-bt#0V+4nYlD{ir!yL6A2g`$tdixeCz
zENA_T(R`+Nc2>}_C*R^|xY0d&I3z@lfwalzh(vx|pa`$Bp=aZar|Qn<?)T>?K!3eD
z(q0@llTURk#G`0#y7gwGsN+E3q7n!3{w)8Ir|WMxVu!^Vzp&8gtBj~~|CHpX>8fvR
z(#!XwxYt5L^94oVkAy1WHVhKf@+ltUE)1&k_k&E+@Y+vrH+A2ElMR^<5C6(&?|Nab
zycQpt7(%z-qgp(d&SN^-5~u!1Z@ibfqe#p35rWgGzT=dGlv%7*{Jn3DOP5#hx5TAa
z<8xvmuCRuA6-O{NXRLa-<2H5LE{$RNT;26WL{&m@PxLHd*<wp(d=j77z1cYJ*3dQq
zi~#FJHthRK(Vs7GnW3+Lc*1aBwI|;>VYpLz<`Ni6T{|pTXnL}2d9nbiVN=m$AdW`v
z+7m$e`fxy}3#vK)_=6TBprd=(T1kGge`i+FPLF8usOYS$B4#*IqxQ!}GV>2BbLfde
z@u-+yHg1Kf#N`5n&^tYR3L!T6s`@@2a@B3ce;!SyDPYEw@ap)mR$L`k!)sT*$LFIc
zH`rWHQ$C+L`>rcK<1=jkQes%7>eqseO{Ple!7}A(lZ7LA7U#+F*jdc*MduU8R&jUU
z*8Gv|{(ek(e0B?Ao@NGk{9>vy1yY_F@1b1t|GyCRf2?(FjD^<-b%DOwgX?Y6?+st-
zhk)!(Y^0&f`Sb~<l(6VQplVh_MT+cw13X&hlGM7ukTbUL!Av{AqaTd}u}BA=;+L@K
z5<Xb8y#TNVSKuk_4gpmT1J6V%LU!`M2GOTPcBg0#H8YL<<}R~PVcvh5wqm9F`Oz;5
zf~!1oTfK%f@6Z`WDL#^M=k;VN!^BUYrK&iu?D+X>V7?!J|NL%m^Dq@)lz^h%-rkx!
zr!r>Y))y=y3D8o9?eNIRG`;yY7xN8q2h(>`1qGEbvLO|<sRgL9nnO4!i-WVAh$Y%E
z*yh_zsn;#Fm(RNy&<j(YVZNHc(nKGPhnd%i!gH<HoO_>U=nwS{uOdRTxXKIog#>7H
zBvO-8zyErQwLz8wBL^4T?DOxEgE<RJEXSHjKh0dq<ls4nc&}9}>8$>+Ao$2dKJF6p
zKBv7msH7!F`NwB%OLOY}#vZGgN&=eOR7|y(h8jj>q|{-LLW`MN(;halln{cMOD0a8
z6{;)Yi}(5$0>nKld)eER2qPdskyu!{Qq^z$7|%H+H%ptrQ53(?&Bn|)A#)YspnoMx
zDeK*BeVw0zq5$tqrk}uk2~=bPBwdX3G_eks9o5f?`T<p^o1Cl(Lf=~XpO1wP#Kmci
z3o!AZkGDMu1xc%&?lq^HfYEiu85dSq5y^3h-;=Zh;7_K}VgqWv2bsl#Zr{HfFd6!}
zP`Ujm6tui;WpD6y2bWv*v*nEE8)?s_r9b^|YC>vJ|4cpDLe(jZ;F+lkx;n~h6YMb)
zU3+^2E1qc$A{x?Q9BKV5GD)Et`d^&nI?enHmg|VnT!2~Vn$EUK>$-|a&5rlKxjLZC
zG=GH3_vx6J&sl^B88i1_Pg)V6co3NkB4jBXrqoIhg_K5y5Ia5F3`HTRXISCNDs8H<
zagpdA<TgWtyg)qiFm+0F!N;o)dBSB*VIA*>21$yBXe#ZcVv5-5H6TP^3Vk-`ygXF`
zjM?52ER}{+V2XC6YU3)x%G$ZT5@~x2l3CMii<GApWGIn(rmdqDfhmLhsR(ry6|`gh
zZS<x9vNw5vaa%<eafT*H>D4>Ti}CBl0E|GRt7w!^{80!@kSl1WKU51ei9xEP(yD*F
z^WY3K{RlUbIT4V)3hN6lHhttjj#85&kli{s7nE_dkt5RU`1`+m&kV;XsHJ4ZA(xSE
za#c~G<CnVWgCFilQP(A_tGunRTzJXVX{`0S;rT&&DxbYiNVnHXq(c2na*OJID7S}+
z*UZOwZMUgS{GFO=e|xn`t7-AYbf&SZ;15Q&``P`4fZslxSLu(+WK}K^&M@k>(U<(1
z8b+4W(+Kd{Z|bFJs&;@;4!wfsT3Ts?;4Q33FSZR%Tj*a!XFSECG~_4*V(0E`dlfQ0
zF1kfUwnb<m)T=Zv1-KgH9+pt9U@ghNPD}LbBRV)b8)9ooQ^Nk7lzw5kh$vrUT)=!L
zH0CbkhlN`!>J%IO=d+SPd114%dh4ew_!x|PrP`k@gVK_DeBm#dVpg-eGLD4oI~JO?
zkWY)snrmBfVx#HXF}zR=ilA?#k*e&^dpN{d_+^RG62ErKCci+3_^RXCH|VI0A;n^%
zrP=IL@w7se0UjBkLss=nCs5vA+*653QK;fmzb%zYP?=Y^^;nhj@_q$nyj!Pn>&FQF
zd7FO>ItfPbjq0&0hyXEOefqPLpodS2S_l0_pn-RXU0B{n5A@HyEU1s^2}!@zW1`@m
z>-=bjstsVM7gLAF>TF`1!8(@fClcXb;xQ@T^!0P11c<*O1*4N!9pkn?`H8+KqxTjj
zB^?gAUEN)u3?24!)90MV)u_0B_LEWNDa$mdO#d-t`UMx76{^J-xn7ovCm{SxMgb-}
zy&6M3!`QiJEMHES=*fF33-)NCU0&x7PKJrvpc+%c_crPtCbb{D)sb7T9*!AUg>>6d
zUmn3|DEK*G{}U^{i=6Q#%WY*g`@5Nbv_DWhgBdIQGEuOC*#FdDvaB(3BXxvS(Cks4
z?NTZ<g(T{V*`jw5%>>e8w@d52t?0!TsoH2nty>yj7|O43(qZ}@pN>_AD&AyIHIQe$
zjuH=Udx`<CU}HCBk5Rbb3ZHt4B+?5)mdsAqdD!EtT>ErbF;DY(zqZ>kWzk_5q`!Ou
z<cbFu35^R8W+fn13t`6R%%%W$V5kJ?g~;q)O1_1oaz1ZwC%k$V4&qjSpF_a#)D|l*
zrR|9n990B(6Wwx!G~utKs6Zr$=OMOeO^nBE#*&#01los!;_x`VM)$Zxi4Q{3M3F?(
z&aFiGz5hg(P!I+?{bMLdnwpiU2*tmRQYRD#<#CUgReWFN4isN@t~6a<BYwG(t+HY^
z-vf+(j6x+&ikgE1KLt3fDU6O^@jWu?nGhU?ArcJMp-_}3Hezu21>$#mi~`w2z1>`d
z*rGvnRQ0SLS8Bhfw<K4neTr<eJF{nT!9IgMtDZKTX2uA};+Vv&tEx81);)OlJ-_Qe
z6C0%+b)Nb5s*`u_k{yG0m;dc!dko$-N_Q>VFqaP!s!lQj!j0twW0BK19`T?&&T<Hv
zE>+{B86m$vHFH6`g&(oqh)|b#8?Ox)PicHhh8A4Bc_;Bo0tD!>vzZ;Zd&5W3H~TWG
zIzc2XyX@~TUQfThh3cpdQ;(pEIxCx+!7=-1iYS3dt4e=CA1*>kPFzQpjDz?p!cOXf
zZc0f9gy>V{y>#+_5;Gl=$l-gL`VtCJji;?^PF`-*{BM8wqt?2fn>2HbpKI4WY2W|n
zo6<-&+a?$KoxYbruf(~9Tjf<2e?`9(<zSlR<SPC{Yibtr5MmagpCTX7hJ6y4>HgJ2
zsQ!P!9sgJ0<(m!6#ZIybh`Fp#(An?t?Yz6OwS`n=EF=f?4ad9n!iM^>k639ol2D=U
zz&AC|7Z+xh{qesB280)~%#5362smqq(tz#usMp-(-iYt<8V&!&Wrcq;e^%g|aB?#u
z{zkk*{S)>gzI#rt61WOPjO5xYY-alsb&(n95^yE^IVY;;5Z6l*S`A=A8|5;4m+1E=
zV(42ar_mpXk&pjMfJvjea&vP>%Zn~9F7op7f<?R8$zVgjS>ZGaAs}^-^z7ADLv8K(
zOqKPbC&aM91t`!aP2F$(w|CZI1O~$XcW(=TzN~}!`cG_c-+rfy{g#hFAb4AENN#<u
z_iEJ&HT=o)wL?IPP=woaV&wa8VW3XCrO_#4f04IuON{SuC7aIX-4|iC)PfF&J0J3~
zA<1WoqoJ#2E~Xp0Yu)pIs&|}tk4i%XVuPZSE6kCn$rP}m#M4n$@~DyTLctz;r}f>;
z@$#a#f7KDC<>j%)?zl4GD!6eZD8g9~ZgwJQRK)i|;nNKay6v`toZCLy^-+vMSoL3l
zIeB;<g~o+#pWZecpP$QRVq#+6M5;fRgyur1Ai|AQ68DpfnWdDBgCSz)s$CNf_IpiN
zcN;O?z^-+5b=@ZA@xOV~P*Ks&EAj?dmo6Q|$;qir#lxe{XtBI_a})eGBIA-QALutz
zoaILn`PBa@%lx#~F#uouq~%AKCrdSOFpR&pv4Mq!754eFrIpo6sy!H7P+q<v_(mr_
zK3?A7B3F)063V`l!_CV2=;<%x<`!dZ-aU0@l8OTY=sXgsps2X&NBt5S9}iP2d{L^w
zQB_%)A?mBArdC;BA3>s#+l1)v?~mf)W_ef>8U#9<HaI!t7&H-j7&Kx_>^Aw$c=#qF
z>~}5L-1mU<6ZYx(IU6f$<<_4+7K6^<4x_!Tt#9AITU3vYjnsZqS{iu!;zfX-BoyW+
z0p8i$Yxchvb$2VTsyb;8#xgfIx3Bs66S1(65lxSSgVR2RM_OH7oyEXvU|^7Oek>~u
zoQYBv#KrI0=qvJhQ(N`obzxa&!99tyIJ)&39h$~o!tBilB@Q;WFk!i-JTj>V^J{Gt
z%R8br(9#OkBP1l8{GvoZDW$2T6rG+<1B=c#CP%KUt^!}4;R^D%D94BJ@$p?m(n~x-
z5+wp>SpmXcJM8*RgdB`>%~EQHMU)^feoysIpm$d<RYnKSq?b$%`4ebS=FWyWC_u*r
zE|Cm(6o>QFH1mRf0kG1XoSeG4r&Yqj!VV4&ROs;f#>NBi!C`*EkO~{xLmy2ztPVvX
z$5J6*Yj$?l(9ked{7v74B=#>=Y&|EI^{mo@0&JT+NtlkFo}}WBZ#wKP&jP5_R6{`_
zSM>Cby88OFDy2F^);56SLUO<z6#)S|YVaeCCxgy?hIB*_f^g6yD^LP8NYqXHDJWR%
zL@nvep5~(kC2>n~X=$lFm9f1KIwkUuf|!yMtLtOQF=BmdtIrAt68eT1EcG>fW<>P*
z%PiH6a?T&9V@vzr#)FoqEjqu8K>cS!Emzx|PyDX7@(o}@U@4SXW641AxRew@e*O?+
z#jMioY(`;WYEtaG#>U2tjg3qZ?{4z;NQ+nBLbE}97MS3Ka+@Z+DY2s$B$er-MkoYa
zhKhD7HzF>hg8l;KN~dzheT^}%I+70>pO46uMv$%F$t`gL<FF+u99>fp5e4Xm)_neq
z$xK8|O&z|)$jFHJJuslilaezxI!au1@v{4zToKhL1eEas14*xf&$5e85pr)cC@Ujl
zW0XaZmX>B#9lom5$C*WNL{AiYchpCTM41GY9yYhfGE*%@{c^B>N=FwP6Eg{%Ji<n9
zcDO9B#Qmi4g<o&z+rQ{j&2f9RM*XcAimil3H;Qe)+$Hc9vAF%#LH8{k$3ohdy66qQ
zyJcUBXJ7a~!)^(?*k)yB{yF%>Urtt*AIXUypr@sktX9~`h3llUWM`nG6F!raL}u|+
zUKDUO9rOnV-k&!b8cxMxQ1>@X>;|<;5~h+PLv6-?v-T*8{;~i4?Ro3PN|Y3gz?2G&
z|9xU|^5o>CS$0-dKnF`=Vq&KmKQrdVk@QuBW0DS+Y(#7<q5J12eO$HSpQXXV&V<~M
zoe`>Rh;EA=w8d}O)wtJ9i@L-xM%6e<-FK__Vq9uHmA!ahTTY`_)IIYWVS1L2$klhM
z6uT()aOv2kL)YZ{s!fUQj3xu-vm67Xo2eY%o-f+LD@gMEZ;s@&FbiNe$Z9)d|62hN
zh3bT(-w9MMmNw8mOmdc;1h&_EThqKdOXMjr@(3y*t?zZRJ{5SQ@t4n0Q~t8Mch1c=
zc*U`O;DhclTsG-b9&?ic6-(T0@qLi?{`Q~WT1GwV2e%h4QY9Pu_U)!{N41AM6Ai+?
zLF*!?pqL3T>QpIt_SygLBon|wMDHwpeMMN~gwQ@tMuK`0>+kR6`*)2iyWO(9Thci3
z3q6cB6LUCyw3>N-XAdzcYp2eh-E2A!|0W}M6`}LAOvzip<-E$E5S9N;Hc24D+eDWC
z2Nx<=tFt@-HZ&dk8F|0<N<VZlnd$uAy0JF?el`AYN$@zxaDuODSPE*`jlAZ$o(|D1
z|K$qv$j>sov|haIVP9zityLG~8qb8kpf+ZTEk#DnqecB7>G~i$(2d1&UB>a<Rm*QV
zXVSRqAx|b6N7jUdU_7z1w$2pu&v+S=WPUZk+p58lMCWseO47lmoDl#HpMPOj3Kniw
zomDn<e(biFGh%vPYeK0#&3D;!NbL_y^$+>%1#j~yIfV%CO>|?~PwRcpWx2A3E-dm)
zHt2!SHf|5|2;O3i|6_q0%%$NsyVagkMkHxsu-4nM`W?FZy(nY=sAu;SHj`fIaJnc(
z0r}cVsTA4hG;lCG;zI#PfqzbV*Ls}hug8(DKNDH5+O+Z0rCW8F`!1tuTUjEcW~wqN
z3*zAL_{sHFe&*r%@!Eiakd@fwAJX^JGcyco!tVRuQ&K2uuG6KAWM9j?X$E@>Q2IqO
zo$JTuX4VbtvlcNHP1(r`_9S26*sQfpo-f}7)*T3O(o{}fTi2Y-Cd!K)bn#l(J`Ym-
zfg^B?Alb5Z_|$S){A;cB!uFD~@tg6?VAHL~(U-AL4ZeTMBFlyU_~Ni>0=DDFj?BWN
z;AzUy)Y2l?#)kXe9QCA{6h0px8>?z=zQqMo1A$<?sI)ZN_#Bz`?VIT;o3U|74b%A_
zT*u_tn&{Hzc)C{5(@WHb+hMu0lz`mDy1@+3x9ANM1VvJcxz>ADq8_h;2mi*3o*ali
znv&KVX{weJ?DFR6Kln9X6uo-c`q~-D{4>wsx%v4yH@h=cSFwX@h*0LgwXL_@jj4yY
z-~@T*mX;Rh`ey^O($YVpc8D4s6G;y{y~EMmNCl%Uo$x<Z>FZT&wY7<tv3M=@f17SD
zu!;l#8+A6pHo1dw%*#7?tb0bu4bl?TX3Je7>Okz<W%|b4<<G8>`3)l?rA2R->v476
z$;Jb`Lp1>q=)?QBBk}q9`7>)5<KyEn7(=w%Yi#Ii@_(nfe36-%xe;9^j^n-nv9$c0
zli^ptz9cH7sjXf0l8$Om$~^9V1&oh}r}+LoJ~q%Br4y%+TUJ(fbaa#ov}sH5v9YlY
zhK7bFCnwv&nN|^Z065gt)J!ccF7B}R@bC!MIy*bt{VnI<z=PJYw6t_~<`(Ui%0g~q
zYr9hOCzlbfi<BJ=HD{>wTKz=lx72-8pTeJ~pevl!LSFq$m7$nU@4A2BIa1o1c4Q&k
zNWfnODtk>0w32lAdN(#SO!o@-%mxPq9U68~;2WE0c_Sq3g#KMvbBqzvT0%m?-M!ZD
zouws<cT12wb7V}+BjnA^4ZmJM<x3ZF>R<ewPP@CbcPpIXIF62vyTUi~6GcCMNS`p;
zLetYNnW8JQ!oslbyu7@MPFF-fJs_6oY=ShBgE>VbKCe%k*E|Zd@ap(WNEdRr#DY_S
zUN~n!>ikl$tZH68jQVVJW`>;zJMKMwF=7*@ltU9bGdbA}BM{33;Lt^7p!=1Gjs{?~
zqHge{q$DR;f+S4bFY?CS$HyS&b_k;;03>Z%0%B&CuDW-yc-8;{fp$NrVY8!4R&5yC
zbs;9l#?&=5Iu#HR?^)52kC6jd54fH#1au>3Sq-_n3}B;5|D-AU!Pt&w@e6tHu+Y;D
zs^6NmyGc@??TJ>rFu>R+N1uvEfo>mSS*rj?)}p6K4GuCtl_OV~ukDRF3)zhDZ^som
zO3$B&`d%fbZ;cEN?rv@t6c(Bmu1!xr^}|uhA@J^>pEoRxZjBpZbnkX|kmEe_c*Oj;
zpvyhRwX&rpCRarf>|Ka2_Bq#=2uUAdHpOn8F4!G?66Vl9(qus=#Qju~z;8hIZ}mvi
z$4jCOO#x)d*unzssIH%%=yksnxPzCaF*q^`sS>orBPx1F@K!L66bPcRG!P=4&_vSB
zzW#nRmw^1~X`REzTWl@Q>8ZRK>HVl@I>es-sEYt>J;Vx}nUWHw+eZ8v9pfczlognp
zw5O-%Pp#nKV5&WlL9D&C;D3QA!M%18y1tkwA8p;s)}5bM$))k6kXE;}=(0qbvo}I5
zFD{P1*pQKt2?z-lX2!jG3FqeJtr|oR7#JFwa5PZ`tnQLIYY!d{oB`1A^h0NsfJ^s&
zdj8@Rqm=C6t?u&Z9*zF!h%yCBq*Rd7^=glyn_OB1vx$jGfMwqIxMDP005i(-X6NJ_
zG4=2N^y33|zfu&*b>x8I7A$i9qfedtUm7wUOp`D>wfcn+Lnz!KvvGtB&PnK<yr%(t
z_<_N&v!jNV88sJ8o$vI|%uxCQjj@NEA7B87s<DAf*ikpWBY?J^3li7u<;-3yTkWbb
zA6H9-+2>0FhBzq)ea{L6?`H#a#O6Dt%VYwAg6E@hbTBCg#A+dMQ{*=gU+KTu)_U3t
z*E{j$t&7V|*-L8{n-~9KNiSlVA@)g7&clY}mBfOg&jdJkDHDu+Psz~AHno8ci^PNk
z(p6+I7U5rQC$9%SHY7nE@o<`+;4$z4&h1#{-QQti90T>|PntBpt37~V$yt~*07|6b
zF9{w$PEJW-;#=!6x8f8Q_I7sux_DsoFr)vFQ&DUPv($h4jU@E)A-06nNIk%>5YWlP
z7xT3QaUkmtR4*tm##w@8=9#vDJJr58pAwj_M_m89m;d0K7jq68Q$r|gcd|xk<LGaI
za5J@1k|GByR2n8Y4Tj5Y75cdq2iY0uEOs+@j~kLDmVa0r<VreD|EsL>iPTrVY@(<8
zZb*}=`_D@-&zTSp;HC$p4nS)E&vg!~JYe$q%y#N#6U;L|@;kTtk_f17Bt)%%sl9wW
zK8iVWv|FfNP}rr382Tuv_pkU1`t&8P)O}^BIr{=`2X;<&fHTrn0XyJvaCV_ee9!kR
z!Q$1-;NTa(K7jCdhwk5=sH>~*-qs^lR#tj@vAwrBVvNor#aIXCNoECEf6T7-_1FXA
z#3SSz<-r88G$@qrtw+{mOEYy^YHFSD_1W$&7j$oDr}5LqV<tnOi`~V=MM+7?#Drd_
zrnwnnZLNJJX+S8)<8_R6dGWC2Yy=P^BO_N=S9=gUd*AFV6h<Jt0VEJnQBiSfMuEgC
zCh}?<8yj&bKs)@j$w^?*J~x2iv6=u-CUaC&)KslP4IsovL`2|2wzjs$#>VdM?!;#S
zqOG71c^4!O4GxxqYW1p}7RP9XfR2x#2&))nDkKLdr$j|zAv-fPH99&P6WLZdH)p^P
z)F_$|vi=g1P#j`p$xsOBlRYca%}u}#nnt!()`_1pgIq`LNq84%i56&LW%Wpc(o9f=
z3!vd(^d&TObSWt*h`s%<U%!}1aI9t+Q+b|0&k7k20WKt20b2&bg6!xwa<9(1f1SKL
z(>R4}4%`~1UKt(h^^BiQG8k76B0_OKa`W+#lHx-Q(8;S!(IPm)Ls7UH8MBLv6~%0W
z$6Y8Tlz}1|A8hDZ>l4Up9_g>?vk`XI>50~ZAgW-8sLFJyTRJXY-jR_JbF{$O?QIU$
z?(S|NqE9`<7=pXD#f1eU=2H8g*fB;ib^w|B&(r{yeqxsvay3Lae{twlSRt=>lBXy5
ze27XK%tY4;Sj#j&GEUVExAvYS`xSGFkgW5Y7g6xP9(PP!43gCU9waLwlnIS8SAXG3
z*IKk{ke~c7hk>yw&4_;p%YTi6fz+UGWD(JCJzYnSI_cRjiW;?}$R20?Ju%{|p&6{d
zliYB$r3Bo_6ZHdZ`bYviJ2UZxYu6xFpYO+n_i%stjV7V`RJI+6TCSE_wuY%#@F2hB
zc39c+uUf}mrvS`jBVctWG2(yyUSD%xR@2dEsgh6)AfBy+>W%AV*3}M=hxY6t2P~zB
z>ory;Zfwn#V?x%qj>;1Ud&(vw^&AOQATm3vTX*?fpfitlLFqUzSA%0?eF4#-hz<F(
zDhO;pwajdHa-OICwQ=x7)5T7$QPKCaQkkuV7#STl62~?8^H2IoRh%QF!=76XAFjK@
zc+?hx{0TJO@y=DidI<>$fXQ-ma|4F`ATMpB1O3;C`S~H<>M#H81B3l#>Su2Vm0uhq
zJhx7)aUu45p#UuQcy$8nc<)i4DD0DLF-s@R-E?hn`XxcqUpMyVRA%PHl2Fam)KpFm
z3pzY7(6I=>irroN_e}h=)6-yE;Id+Sd;8s;U-VgqC)`+1&rDD|LOT2J-@hv>W;YaI
zcoqgDCK~Gbvma9w|8X_*9Pq%w+|78xhyX2eoVrn)G1<?O$!jNm(`%eW5JUmKMmU{u
z&(;HgbaRY=*w}MXv5b|z{O|EG2QP1mJTui^oq@l<KZa#TN5{*TFL6Kr0@8ciuNX-o
zDxht5VtgDQAD_Ncy-)*y#NrIcGl_{$fU5>1B#a4tfRt5STzqNgrAdtJ?Qwi?qR5)!
ziW`k_B0#ok{H7F%XBtJ(krJ1@oekQeMZ$Z>eh;b2)#~GTw<p>#@Y_Kk1o-$EOX6?j
z<a(ZzzCeWsYL!rCSAF|NdHDFy4BTN%zG(xGg_o3<pP!s`1dWc4g7fs-cOLRZ?kNqW
z3|gfS4`lPjT%Z+jnKLFjd(WJ3)!fDZAfM#j86s4qSZ|RsZ9cp>xofIdZUaQrSz#%&
zQc6g3hRDmE-4#B2^B@{DTJ{&jy{*h&XEgfs@ndRcrvKI7tw=3kVOL<O-DDsol9A<(
zF8Frsvsu=r+rrOn1o-*sT`dPHMPsFbjO_3~#ok-<P+`RThdiVTzZDqw7(dG`FS4_x
zmW!0Gh?d_o&Aymz``n7j^Hzamqn16lsJR3V@wp9V<HLvWZnB!XT!a3y)VhHL1p(3G
z?EIX`q5~tQZ)wS-(|CS<ekoBDsj{}c9T}o=f(Fso*Y8yWz%`&=9G{#J*Liw-GYJ6#
z6U5PRu{Ldr2uRugW>Fhz8GZY`bvXxFv|42m%_CPRRKL-3zKAc@^(JU!dPw8ExYnJ2
zq~Fqd?@Y7#6#U5L8lgmNe11%=5Ff(Gu(!824>XKqG}PD60Dq&Sfz7xc1Ox<5+{ASi
z`2qA<q!DLE2U%)`D8g|uG=o|Cii&vRo`{NDTmTxqf(`lntCK->kOE!}d%hHFx!}{e
z?GN@z@9B*6{37DM@hH?1cQ)UGjmdImC%~8Ri{3H~+7tkvya)3cKWMPeA540!83;+Q
zNa}o7V3EbMB{T-t2?sZ`H6wkWBgC$U1fxr2a4f9P!t4j>god%N#_gazCt}Va|JxLT
z$t@clJa-QETB(=6oW-2;`kse6J#j7a^J=)zpQ<03Tlagc&$XkP<W?x^_Uc!4EyVge
z9}CIlz@y!aM-RYpdbGRyZZieQm%VGw4&>Ey19Uw-J+nw;9knjvtM^jo9UmGuGl2g9
z7+vGeFOr=uhDG^KQKFXDC(&kzdj40mHCbgZuI|BKS+(@<jW7C7w2e;C`KV{ZygAlz
z9&`r)GB-CjyYJ8G8W~vu0@UHz-t0dLZF%{@{(R#uWj-Ka_x1GwswE&a1E>9b)c-w@
zYYIxxA#v}Uq0>K|hNn+M_`C)CIETd&x~F>0i!H@4c&SLDDKBl*(j_b0wnr*o{)>XS
z>FMdk#4?9~8bamyxGmhhEF>%}EHo4i@>*I%L}bQK;(ba|(q|kB3X0|oE}nm-Xn=_7
z&eWUjdZBI9?j`%3_R5p=U;eJjW!YL*Q?1Y`(crkuWs`cKOI*mB+FC^g1zIsbpFLzX
z79p*Lg+-H99R?hL=a-k4FzaVwZO?voA-WgNup27ywnIDW0AriMYk)$bo|?&k1^)&G
z0uc2xZ?%+u>)8@1L~K6U-_rcM1KsOE{>SAI2bz5`w8i)PEkQYCYD9jc41hMa2IzA>
zmuIt%i!<ebl3G$#m9RK&j|u^TxTU3KFF!RLh*;>zx>}JmacEA?YN}S4*X|%EfHrNQ
zvee9~`(EVshZ*V?;(`?n^9z2=$Ah}@#e^x5m4c@X(I%_Nk2;f6Q#n5>DpYfBzwz?&
z_HeayQ0*D&Uc`6rE-lep0sF_w%KGBvt5?5TvM(I0t*iiOza)l<heRUN?!}379tguF
z7~S|m%cY%49Zna<A~~XXp?snDa~V03A=2TFeZPYbxiBW2z$IqvkAG6v*jRPTn4|#M
zfk0wh8Uv@)EYNDd`D>W&COXq;^(Lk{M6Pzxa~Lm0kkI=mfQ3jN?`e~szJ66zm7t&?
z02SNI0id|OZA(PZ+5%iJ4gZCNAC&(}A#d$0u(h#iR|DjJaZ_VsV-*#mmTq~kX_{kN
zTH2-w8UT!`gXkat%=7uNwFRh0H<*K@QUJ66Dko0xUjRtV1sv=+GM2AA!&Ffh@<dNp
zcbU8*?%!fi-l*uix8>$LOzvc6f~2CWKaXqn24`!$kC5JHd@|`pr&5nC0QdP-UMS7j
zKH_F!@k92yMKzfY#d`NoU)ouq%mv;;eSLie<`Eg7%D<4NHhU9&_JQl{GaGzsXBrWD
zzixbgHRY4BmvT32Jw)Nx(`i;AOC41q9F~%tJnmKQ@Er>6K+f>{;m6ljh7F2iU+7BW
zR`7n4`46#ySLYB%x^rIF_FuoRhg&zp6%7}1$ax%TKt{obN>UANw5O={3>9s$JOeL}
zWV)uvMk#Rxkf`rDl5h*mJnc%g1Ox;C=xm>i=-%pt5xiec7!(I^@=aHX;zQti4{xSq
zFa*RHlQEM7ar)Hn-=(_|V`IUs*o$x8ya5j71s+<E6Bq^C&CTuV>Z*Uuxzo#pj`6ja
zm{<;2s%pxImKTT#L()){=YN2aLqMee!0KSov%sslc86!Qw3FaW!pC|H6((!1d0q^d
z2}Ylt9;dF+>WApYJvK!}mY0=PT97Z(Hu}>V9z80i`{zVSAv-%e8^h_V9rmq8+zcWz
z4-AYA3-S-Q1d&4Gs;c<tth~I|2C#uJGdH$!G|)Y4`8=sVIhp(h1+DN}kFFRvUJz_g
z<zHKtQn|g{$UKS9BSU+0YnK+LW@g5CK35C~IFplF(z}5DEK%jXY@ZkRid$b_=i)E;
z3KYk33E-~L`z&_MpT-4Qnc+0xlTpB091nn+$FkF26mN_8pDst+n$WPYnV<GPR_^ZZ
zAvQ8HGP~re1$lXoIAwIS)znDH$-DR8JRl|^E1<69v?(hq+tAQpMvait)SLiJQZ>pd
zJv|-VCem|x`f%idHD}9PWQFfJ5)zd3S+(JWUt+ln9}2OM&j7oX3q%nCWU#3+!>Wo3
z)YnEQvYb8|%F4<vcp)q-EHGveC^_AFjhP5roD=2o6F_;w#03z-OKK{rhNh;sA|gXe
z*oPHSDx20WE>B<vrl!kw4jC;Ej2_^myk8T?-7S(QEuLt{6FLKz)l8KXuX_i7Sj<1r
zz{v=ZVnJ3`R&A{yCudZ18!;HY^e;6%k(4RGkTNsr(B1@m5s+6@gr=pfAjs+H2+v@;
zDk>^~UWVv)@D$=8MlJ*p*D>@_rKQ9xd0VKWmMIO?5S+t+0yCdB9v&Wm=>X)mYYun?
z5WT86R2=Q?@!M8ppW49B$*5(hv-14=V-a~mpTSI-KKg9Pj|KEoJDZ!&d3YS`?5JsJ
zMZbO-SzOF))YK`|K>H*wIndu96dYVzTT48I`RGv%94;**^DbA77OADB)zsXaUo9yn
zueiFh5+ErF4Fx&~14^+T@CrcVGBPs!Z+DD6r-)KpF4w7n0OeNv!r%0SnLO&07;tr=
z7cX9jiVjEPp|-}sE1~az+%uCEmz&Gt=AWeU+#=^W>i;P1EW@Jg-nFly(j`a@A)<hU
zqytjYNDQHXDAEYSz%Yo?q0%iK0#ecqGlVn<B8@P_kdjJChtys?>hs@U_In)f-rt5f
zxVhJTueGjqUBB~O3n^hUC)<r*?j9iDG>-rR;q5p!`lIaujRSshX_i+<&p{Yt3*G@0
z277S9IpqCwK(ry2s_UXS=l?QhYT^gTnbl~L9nm}6+qHX>Ztid<MU(~IY9csM<e%>i
z>fIB1^W>IV$nTAhkI(H{rvlAu&B83={`O_&n%xd?{>Yc~fv}3bsaGkzc`cnu#L-wR
zcI9~&!)mB*@d3}p;GnZxtBd0%J@yQwa>)2zh&~H|esZO!rw9FD^Kz`MP0_-_LR(u~
zNy%SP{40oTIkmM<8=^$mWFZMW*U@!bd2nkuoPyxu$faxV)Yv<}d@<3$2QX6RBLgL6
z6W!i|0^CjLeJrv?_6N<V&#0l`xErc58-i?AVug})qe=SNBkqF|w@T!Ovx^H@_<a5R
z#O~e&A~7EFvx8I^Sn6i=k}2|^&$WNy!?>EMq+ggln*<&o`*+&_eE#$-4x|{3^ll;-
z_OH^>Rh5*yZm_RTvetl$N2}A~vUEibvtK$5MyOf8bTx55pgTz<Kw2oLX#zU&+7{f7
zU?|+#(aFi%Ncug{ff1CSS+6RX@2!jqtuO#o^m3_BvDaG2=y<ypN(Gpz6}nO<^zB<P
z&t6pO1h$&`pj0v=yS<)`uN)mo?0Myj@SG)7>F>+N04JlMXk-c!Oz3KD^>tHgSz5}g
zsS$@v`V`;xjA3JAqq=fMn+v<UTalOuaSOh^H^i+P@V?BtgX26hTLA>*L;18qki`xS
z#n!D}0(imgXkTFOLO9@(930u9p`@?7T3Wo5b-|eLY;Tt)%=x@yc7~}F`Yg_-@vgF*
zzJ&!l1qf68*xp_~DXI5qg&<qY%4(aMVu4c;`EptYUrUk3`v*;^r~keL;>KJDP7GjV
z?CR~cgac~!?b|m|d3qdx@y_JA_&8<>=f*OvH7$d)eCKb*o+6AUyy(@_qka?`76#Z$
zSYY6JTx4WqW7XHM4?vv+KK}S&6<w}C_k$B5lqTX|5!4p;mFPSmWl)E|q--G-Y3bx7
z^D%0;bY36*&0ydDkfw0a$(Fa%$<dK)&#1A_k8xmZ3}V8dLWh&T-XE_EmVHnFejgqf
zh%zwD$<GHdl?|QHmna80=#B@)6|iP7(sFl9gl~qH_jCxUFEE6r=pft4B?>~U0lb*l
zd+_jK%bK5JNY*J&b4Un@qc7MrA;87O1+-!g4*WL|H&#lHK>21~do-9uZ>IpfIeLID
zM6C^xqCA!|1?S?dPTN$m(9$|g_s@0hzmTES3jHmWBFM>>qliATlW|J*0pEQmCo)mA
zddA;UJW(;x9Vvow83=#8AYN(q@OV>+;61~?73rIbRVG*p{7^#%A!jTAc9|RvKD^Z6
zv~E=eJQW$l{&h)q_6mPE%KkO<H#@!PRacq<$X6n%#k`{~{T+`gv5yu)Wv*Le*-KNd
zxl(rXB4)dMqk3A*FWr*`|K11C&E>>*9d8QXj_(;riY|XR>VqBlzFqR%d}nOzcHA1;
z3Mf@seIWos(@YHOeY>SKc~&-VTRTM@oYX`wm`9!gQ^DUN8oE*yn3>$!f22(vzIh8r
zm+<Q3zHi~GLA5LXq-%s7;3Lj7MG!yK@a*t{Zg*W$ctk`$&@H%aP$*i0i?y=qHtYBe
zgBSk3Xd7ze1FWrkT|_><(Lw$~rdUzT%UsV@i9<--Xou7tr+uC;755ws#b$G+c@z7~
zGRNJN_f&n7Dd_0-w|_h=k_Rb|Z!=iWq3<4LKIjJYs;es%q02oKBDsq9s=sAqWQ4oH
zbsYV-LqN^BIJo=sD1^j(Kq(R7u{ZYG7l^NuWt1MY=tcw1b2zD&NgjtA&GbsuCuI$L
z4@nyc_SAB~Dg}t2fI!5A&AA{T0K~+`UcPwo9MU)`I9L^oB~x^Gc(@l(lGfKj6qQH9
z{dOlOCvV-l#fi^yV8G)0pW7$CsMyHI{{`2d8h22MTS;4uXy>(70PaQHZU^$<<ra^#
z%Z*DnOzx48l9t9TfxHBi+tz4uK2x}=s%p#1+}sVfef(w-yKp(kN!i%dMo^jzi`QAI
z{RNZ&Gz>E<%0iiOB`;#E#TAk}X4L0#ezzI*!=;oGV{NxA8D9d0Pp<WjP###<{K;9a
zUneFaDyyu-Po(gIY5YVoiw|Eu(;v-fsFanJZ6bi+?13)L&Ig&`yDjy}7O;%`W^Cu-
zvvQ&IkC#T8nMK1r)%j48`QZ~mkL#Ig7;lAl7uu9gNJ><?^qBai!Bi`&otVsRHjElb
zkazFi_3-epVbIbCni=4p%F2O?hYxPZj^zV(0yY~Y0BZE2`_B9DlOcVbujLp_h82s^
zX|u<g$6<mKOK*~k#MVhv0-wafuPl+*wYAWj9e2@ILb`phpw@m~l!62+X0Gf$e||xM
zjkPs5h`zv61yUGr4v>jST3#LzCLXM7eQ*}{w-$|$5eP1ejkq+@iywRd`}=!$>y+^m
zuEzW7u01*joJd$*DdaJ$+j0b%;Yx`9%S?A`w>`z}ui_Pld3r0mZY+<Bzt6`}s#pD|
zkH_*5BK5Xg1?O=+h!<bqH5JaNW5*5;d>_jcf6OyF?hmFyN^lHvnImM!xZeR^DG1~M
z5Rrav2E`LrkB$7uc}n5n#iu8|+q!BoBrcpSL--mNSFGpjnnN2db~V)9duLWpSAXN_
zq}VitIPAa8B)1gPhYu$!cS^-skd|nxA2D>8)K?i+=G}K+wBCG?>0ncs{%FUnJ>7(h
zsKN5y!_jQRDT()|VHsEdqH*s&KMxVUiH&v<Pswk1kLHc!V%F|%7Fb+bNh;mM^d5nS
zE@HNG>@_rqO>~RH68;5!v)+A|k+we_2`f(-yBeaR4^}2c?;NBY$DPNJGlirWd7n<-
znYve3>anCzCi(XwGq9IvZfW8}8;lC2;5;m|J2YE2Rv7ZDP$@my)z|*m&KL}Nz~ScO
zn0>2cUKI2E<;7Y373Jl71mTH<ibWhN*<<Of!_(GUszNg@29lcpF#TU|H^MvTL1jwh
z>(#At<4Tt)NBJno*1F32t3hrIFX*4t;*0tctuhZV)%Lb<O&s$pkdgb!e%taiQvN%a
zU>UHjnI>e4>t<kE#@HADQ0-O~wwiS=?Wew=YzC9_!-o$C2QHzzqs-R~z)&_ePSxXK
zrlTVuCeAM|CMO_h^t83I3JeJ`N5$Y%fg5Wzi&@#&$cHQ}Ej`iExq9V_*N>(q8Q|9g
zaQ%df93)!5i8!AEB#amcp2f}+@=rc0i753UmG508<&0L*8N+AP#Sap&HaEW^B0>vz
zWI{%UTk#F0uA5f^n_F5a159Xq38rdmYe!mw8~N6ID3B|#&3H~8o=;~KWirnYWE{V>
z46tl=PiBk?N2!W`i-GJ#4x>1VnCA2e^B@A;!x^!tRv!PjPM^+1e~+6N_Me%VdD{q!
zih`|Ywr+0XtgLU`u0wpj+jtl_RnqJ|nXjm**xa<2J7XwT=wcBNiH9k0yTN^qPtK&8
zh1Av1Tio2lbfyEZwKO!yuK|OF-)K+}k@o!D9N<>ddfgziX=7kw3I%M!lH>YyQ+xX>
zujO9);Q(Lu?rU4)_jm?Up6c4tj2ty-=x47ivKA(I79ffHbE%|CsVA!&pq>Cm%4?Kx
z&;(yAVd?hEIVLo7U*Sga;Ymr1^z>hfa<1QPT`9Nhm2LzSyRoRcntmQ&hyo87jI>#L
zf{UCFcq1!!SChrBC1mWL2>j;;zva<CG9V$+ADl(^HzlINkpVO0Er3>mi}Wkdwm{CA
zAJ=EmTpUtST3T9INQ=T8KRc6ki8J++&0gHR(_MWtW>n$ooOja02ag|2=uJrq*1MCO
z!a%V#T~JW4@|oq8`(m<F{n2LUr%&>ZfS7@#`~IoNJyB`^TeGvWMha9iH#av;Q4YWg
z8PdlE623xeoisi)8oiyastV$ml}2X;$Ia#A>&km`ro*2u99%Oy-G&8!j@8~5;2#f-
zt-z$g(ll?}ym`Fl)Zk{>Aa%4Z2RQq2T8RGx6sj1&+DDIQ6OnLuBaf^sG%+#~FoCj<
zAA=-;J+j3Re{^{GbJ4quB?S=_(0v6To5SD$jp5Zw{rb*EW(i98Lr{0`?C<s@2w5^q
zx^5HgeKLsvty^EWgF@)&0B`8(gNlmkf!1@SlFB^R)1$KnRH$V#K@sTvAda$C-T`Jj
zN>fhbU^%*UXsi#-)vG@uU>w(q%gVkUnG8wm1DWFGOSB#j4UsRwfS{n@>x!M7ootPi
z>!)DHOw6}^MH@(`BCv1%!|TopC<OYv8gQ1--hSF=Iizv#SliIB$3RS!0IBxsXqJUC
zI9Hp`1)HH5Tyb>dei06;g=q#iHj%zF#!gTF_{o!{r6r(P)>KusOX^#=xg|<22c=iU
zovnrTDW+(^Tb_rTCRl)>T^wqK7GPbO;eE#G2X!}|t8G`jgY!Q<k8Jn)jFxqAauR_9
z&cS^purIZ|oJu+0ug}8o&m(vD^pFL7dt~jPeP%SWtQ<7SG>%m~RHNIil45_Yk*kdW
zfJ}jr78F~p-th}X;mqh{CC;<rtc(l|X4K}g;rE<A#~>h@MJf1HI1wOS|Ll2_P5is*
z4L<N^*ISpYzPb4v(D@SAR#vD9F2-|mbDPoPFD)<cVW8}p55O`Fs<78!IJ+v=^J;Om
zbBw+SB5gSpJ(IhMkvhO+1hO3ven9CA!k|H+tgP$^_Cbuw9RYzRL+{J6K+im9$vHkc
z`eS)HI5e~soY}*I6oW#+;RQ{O^OS~nZ=w@^JU+;>Ft{)Eg@)VcID$2s4he>M2&_1;
zB0iq(#Po9H7jvM=GVqqTdw2j+1JCTQU(`y|d~Iv|6bN8I8s2-l5E*#|czJn1GuCEj
zg#-o5YHJx88J~jcgsc?wvZ1uJw1R@~$&#Ux4-~Xr{NThl9k@~ip&r0ZK1@czIpFe|
zh?sbEX633S-&N5|T)_2Iw$3Xi_Kp^D^Tv&9!upRN1E+|r8a}#|gqmvLNhxJ55F7yH
zhF@Mv6G<&>XfSF>8KzF_1_FzE{i`&%Tzdv_9a%W2_Fk3J%8q}+4Pvny%OQlqJlx!J
zyB*Ai(eK`gNl0|%$zP|uAmU>)t(~hIFiqDlj60+O&|4JE$_v7wad&u~X#`jv>UL_u
z$&^4wa@;&7R)B2BH5@&=*Re172KvDtzP?uT(@W(@%nUa^4nk!}K!9=iG-Vbjr8L6^
z?X9c`!x3<}^i{7rbA@1wisMR;%Nyy&$;`{wR5Bm@13{!38=j&CBog{$;CPWzhb!ey
z=r24CYsTl5@%SbW2!MwJpkv^bEghQ{fkM9y3<w1KytK9^CNLv^FMpv16yaC2F_o2O
zXO)zmycy%yR8~RjqF$f@{&^qO@PP)o$s96SeGq4@jeF+%2SCJ3U`HprpW65P@$N4q
zqIL&tQbN*6Rgc$O$a5s!c2{O*t~dOO2J{<*c#bL1LYelHeTji6E%Y->%kn3{MD2No
zO#a-W9}Z~kFYqRI@n9TsXqbjZxqnCsu%Zy)cW_Y?tvUM60u|$T_w>WPe;po9oiPwB
zdL|8aJ;MEXXSjgt)-C0R4)h45P!=rYva$eFA7B|^`ud515iMuNQlaC^eOXWGnVD>6
zEGna^A`d)UEJ_d#7kP*0&HQwJP3ppe7Jrd+@*=98@AERvTeyiK9EY<=5+64=fX(dF
zgPvKEaZ;e3rF1e~1OE1f20EFonOijss}vLfBJK_<zqU6u^^z<|l7oCqPD-K<Zas{B
z<qb%t)c~BE8z?J`#si`yTlPZy5eX3w;!_A|=brTt)(Aft5+00QShO&ImgQKX`(y9*
zY(vg9;+L~3A5^_LzZDWpYH4I<-z482M74h=wca7^FviB~J^rqQ@*`DqHmzzc>0_+C
zL%e-H)brz5J}GFfPlY5s6G3xYVM)n)l!lav@4eHbEs*@5WEx#3L)PGiH@=vc0Uj9;
zK=4MI0@$xTn)-l2gNd0rthuD5B%|(gBhc2m06<}dTA?UQtfaGZ>q)3KHcC%lxmo@i
zRCHb3c!lJ^pag65b75SlU4;tAa`D`Ps9cz!j(9FEP$+?(yka<^$wDFoN#<RpLH~kC
ze>{GGae+Ue^D@s1x{QpQ4wWB{Rmg3>GzZ{Q2(P&}?A*c*OlaKWC0>5mkgd-fc&8>&
zX#UyFb=>!Gs-H*jr{=t{onBg{P)ZsL{8Als|3J+#b&>F3mMg7C@q+x}{E|;yeMk5;
zF3}7XS-crJyrGucvPd||Hs&p<Q{JTH)tT?#Z-tpgYmZO{n>sP(qd(C3H;QsH&uU!j
zr%<_iED$ill-$o+B96)-o$#tD{aDsy=#k?qbOB34{GOCO1eLh@vmSV~!CRY4Svj1G
z(x^2=E%o?cLew~}K2cD(l$Dt-CMUOF3ib#T7i;7oEiAH9Qyb^)W!!-vb;~;mmIGD(
znosJPn|qrUN&U=}0iHvutrOeCo-^C`ut4T!jKq}tG@Qb%iI%fNEExvdTlT@}K5d~J
zI7ltUjFM5MY3U*$D=4L!y27;1(UA9c+^*@~oXns7#4Xs}d~rjuEONf<oxzr+9hB12
zn!I5Frd0B?J4{^NYhf1AQO*}Qd4q%2W+=j=HKB8yA0)QFpC=O7{v1ES#Jl4Vv$i;^
zXQX8qWR@mPh4Ah!C7ej#5F?v`o@8d@V`J}ITQB>wc*ftTl$Y9{_WoIaxORU_lT8t;
z`{02f2rieiGEJ#?7VJcQ&e)UZ{x|&RR9GM_ZxUG2<iR4h5y5Sk3nER#CEj{?m~Sw$
zUv4<f3=>#jp<cAY;Tw7dol9wrDsW@rG$>q4Tat+!B2emk=aVqiaSCt9CrEIK$@V!+
zE3J5I{DmA+vmn>PvUKX0M~f}&TCzQ`J!0P`kMzak{W*qSc@kd*3HoiL_bg#;mfd?R
z*z^YH$Pp%g@8N0N=c2<auj#hXX}HOb-CgKH+AUfdsgr%Pv=6hbnq$Cjzq35N!AFaw
zXYlp)g%e=voHs7)YU^MZx9F#c?c36DH|}a9ixSRj3+KFNXK@O?<A=L;%|tjFil2Pw
zZz?})a_FID82AFYeyL5y<DzCp;q6ccgm>aK81-|`@lR`;2%#h5%oz&KCVn!qH%iYD
zYB{_NPV`HH+Q^(A&|!98WIxLlS|)yntH-|FCZ&;)rZ4#y@>E~QIlph~*C5YZWqMvS
z0Zm+O_9eFK29A!U1-7<*g?#u?{jd4?d0@fRwsZP9>9PHtQWtnNx1S%y6|EDDnotSH
zNi-+;BBJIrF;?{o`xj7Fvt5rieYDR#r^{Xx_~9moMcFimr7yV*E>kS#Y3?+#nLHyL
zqFAi<;UU2w3)H0@`<=1ugMJDE`Akgq%*x34*dSu2zNnItw2IGiO!4{66`afbTUTeO
zB17AHI|9=pu~5nW;5w4zZmA!t)fV<Dnn<<l+KD&(^GH*dtgK5R!H3w(!_pTy*Ia9!
zq!DHm1-8LB=DbWv%T)<3+>Gap$ZB&l<{ZguGF+WX5E^7(i1|*~A00bVa`^=D(I|Ms
z<fA!;w~K7rPBTq($P+XXHZ-I?P2qfE8X3IPY-)G&GHpjo!+kZO(kpDK_bf8fUzOof
zEuJUKt37cO(+9I8xFwlO8xlo;We*I&X-eKSA`&jLV#iB1@vJ<Zwa~*83W5%La}j3H
zU%GZ<XJ%A%NZu@tJuYNN^l9y)*YhUor6x3`q>Q~rduNr``JZ%1VV}quxll+i{jyQL
zR+>OSX<Yx5o|(iO&6OFO6$R<cK&Fj=TZPY=cD2)R@$w)Dm=8M2UjBt^<>^&1e!`X4
zFZ3E=cI9k*;bGFy0!3U;{Jd>*L`id??37^g2x&s@vJO2;%s`=w=2;`o7h_LoHLv7_
zCUF-OL+zoO$hoI7n20WEOvH;zSVciRtYXhqZO9iA@XF2P$QE04ueXe>PY$Or;^l>!
zUj~2BceJi%EncpipSGs*o3keJhL9#QQWLqEh6_0OpFdfltQ{++MCimjescZi8j$uo
zTR->w`T3=JD(=2TD(*%aZcYwExdk34;*q}S71BJ)o7ALMrNg?!O2<w2r9%}>?`cyj
z;3cAGkDh*Zqsj}7CkGu-i-Sr=;8<6e-QMhSFi=A`)J_Yy!Vj;_kt<ZxQVN$bc$szT
zIzq6DUH*tDc|+u~_&2YjJ{A?c9k#qIC4ZWox0}(byQzG1F4Yi_C9X$(l|HR~|1r^5
z_IF$EzQc*ht;cz2Kip}b_S(&tm|u32L7hVcKMl%-{c!q$UmNqa_2(Wq&+RT_7|^T-
zk&CyqAp$IUuq*T!7w-s{%1M#zm_2`6F<FNe-1o?}_`Z51;ewN&AFTtmwF}b{OsT{{
zmdU7}wP}!*EG)}vxY&pV)EuBd`SPX74Doi>!qc<9sOYxCD&e0dMQDv>aeS4`A12Mm
z$RWCoS4wR;b0ryD^lC-YrCdCHtj>1ad3e;pTdV;C>EG|YKl#z2)1ur(g4tjgKoy{q
z*^XBUfZcbyKrXr`B;;)iyk4M);b$8%E3K|R0Pzf56;)hNFkbI*xP;BucrWor@;L!X
zz)m0@i{$UeixfuaPX%uGT2GYYyl-JlgcTPHq{?1ii%+jmN0cOb$k&|eAsGk6EYX89
zdzoNq12UpZ_u!y5&`X649YL86j2yQOnrA@(Z4IW~Ao{tsCi~)hcudUvj;mZ+Ukvvn
zcPS$onWlvW_8~LA$}yxiGJYv&Y7$td?|u2{`w;ob{cK&#DO}7w`5e@U3cm0vkBk~H
z19nVnXi1h5c{6PYNfo-|{7&zkrdL%<r=Rodi7%-vr5=90s<FvHZA3*yl}>6INN+7H
z<xuCi`cChyeV4O*YBS&n-h+;dJxm2MEY!B~2SEm5l)p!tG6N>`_VTd4_hZsGD?^&f
z#W-m0ZIoY2#K_`sMO}os<55H^k!c((|1uW!&b#53_VlOX)h6)#m+Aq6p+*ksB9Tab
z15gFhXhncjwljycM;68r;-^3oUr+%`nE>)oyL|$V^LzdXwgowia-<@Xm3Kz#dX36O
zMK{q*LX63Lt@yZb7QHrU&eUDm+fI5p-BJZ)d`n~X@tcN+nI}Y`C!vXj09S*AJPOt@
z_4dF5bh)kV+V=KK28>BMkqdTcXkl^DthBfo7)5$*D_@-)ENViyM7KYaymWB58ssBv
z(g++cAJ|xU|Ly6AvoF+8*EVgqzX}u*W75PD4akSv_}E_0ydU{2b23{YShK5$WW%*b
zlI5O{7jWpq+XTjpogD{*shX2>!Jx+u-Rt2iy8Z<2apTgT<}VPC@$GkX1ZjntBmsqM
zh11V#LV}r`p~;vcOwO`@)%j0E`Jgp6?e!i@aa15?SIw$7UM|84)794+x4u_DbJ)5^
zh)D~m`ATs#{B(ZGQ}d*9bDi*qvZ>nrUiN<*zMRzWX_W3Bo$daFxqX=+Gp7)(ahxu-
zzqNeA;;|Ep<6_R`XV5)4zR8kTJt#A^sQGtPA;%yIj|VtXmN}=MwC(j^2r*68oZoL#
zb2YT<ocuUF`hv)ZD0*a*R++lNq{REJ4!3Cj9V6dhY5rzaM*dn&^a!`wD}KYCFGO_v
zju(^TCp?o`?u!j)h20y#*sbVG3kNnd=RYdOO@09O28XSB!2Mn7CI>N=AWWZyH!$F;
z4gJ352A#(sqzmbB4->PLhK&?HTI}p9!=~dyJcLC~4&KJ&5SOu_EA9*=uCl7BKg6G)
zjq8kwi(3p*TDYALz^9I+`^W&n?-+O^6z7_PNYTOfv?M;NR&+NP$%58C{1h`_9!(Kc
zBZ<+GdT{yxa`eUM`1C0Bv>}+R;W}YPpc}dTk>@=cBvfBrJ*?`5v8m}yTPOq=5Wr;V
z7jb%+=2$+qT8Wyv&BHS&Op2NY?qU5(TR<gD`{{Vg|I?l0!FD^Th-DqsLs__RST6tY
zOy|0cgu!s~07D+sc|9>}TBN%veN7Y0(hIMEHA?4`(49N;8_p#GAG=l^Gv3L~f`RqM
z8Q?M1ZQ4pk<J~1Y(Goo)qkF&_CMJd(9Q0Ah9=NrZD;D~1Px7WJR!T&KPOR7Jzv9ot
zlIDlL#S8`FStazXh33V#?Dkq)7dJ19N09b@dvz(Nu&QcbN5Xk0wF3CM3-%7&MNpID
zBO|Xn<ux|6$mNi;v$OsCq1)^4st%d#Kk25`{<rrUQoF0fp0d2EA*`>lq8iFSzw!>t
zpom$C?Mo)Zm_2F967Lzwa$`eGB~_rG`=CzlCxmC^kZuitq^y*1ULT~YCeQ8c_!$~v
zmVBHZW)l8cv=ou=n0GE-AINugR9(-In76I`SPFTrhB%F!JvDQgK5%q)gq@-#*7Iwn
zx2k@1(CW%6Id4R9d;k&s7D6r~FR#O*9Bj!ls&y7{eT@SexQTR^^48WCa4}4YNiY1n
zswB2|SnS)&t!GdD+7gq^V|GwqzW1wR&*)N+QedNP!);B^-NFXsW_$Mf9T-))mbs-R
z{++n0J48Q~``2CTY%3v~S46^1DLvNh1D8KIH_4@q&`TN&KYH{CkE14r%OeMBDg{!D
zO@#gg*&^Ea<T&=h5bYt-=lx^S+lOe00I#)H^|@Ca7aD3ajqTrk919#6841WEy_&Qi
zt3vf}W{}87CqBE7H1yOq8WurY%!Z`GvBec3N{jEx;w26_b-9fGo&8r_Fam#8;yjqt
z|NT>BX%kI$hFC(-rXa^w(T8y|84M*=DlV+s%lh_?QEM$XxW)Or)e(>hf$>hLiTvz`
zh$6u%s=Y>tL$wpl!Si3x9xJ7X{IIW>;_w%Qeyu*miWB^kTY;P`2O3GA1GO*uoei~D
zdm-2o-XPc(iT+=|@C~Jc%xCr(TfDiL;DCakvZ#Z=abrL60i+bF4N;cHP<Dd!?xHrN
zl;nT=<IfBn)PsTbaO2n8)07}YIRp5Dj(s)_S8y5I#!rN`kj#PlY2`qdWiSFEvY5x@
zd7&oMdEKs>NRkXq<d8SQjLsKP&a4e-;nYstNyX7Af=luL$4jF#@<@|6dRP||)@#5C
zzwh~5lCnRX;Cn<l<%gQkE!2^LD?={HVFXCbn!qhu^!UMF=BFX~|N6S?6i-lj%}%}C
T{22U8p>xU#>heXh#$NvgThPj3

literal 0
HcmV?d00001

diff --git a/examples/cloud-operations/vm-migration/single-project/main.tf b/examples/cloud-operations/vm-migration/single-project/main.tf
new file mode 100644
index 000000000..6adf9fbd5
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/single-project/main.tf
@@ -0,0 +1,90 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "landing-project" {
+  source = "../../../../modules/project"
+  billing_account = (var.project_create != null
+    ? var.project_create.billing_account_id
+    : null
+  )
+  name = var.project_name
+  parent = (var.project_create != null
+    ? var.project_create.parent
+    : null
+  )
+
+  services = [
+    "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "iam.googleapis.com",
+    "logging.googleapis.com",
+    "networkconnectivity.googleapis.com",
+    "servicemanagement.googleapis.com",
+    "servicecontrol.googleapis.com",
+    "vmmigration.googleapis.com"
+  ]
+
+  project_create = var.project_create != null
+
+  iam_additive = {
+    "roles/iam.serviceAccountKeyAdmin" = var.migration_admin_users,
+    "roles/iam.serviceAccountCreator"  = var.migration_admin_users,
+    "roles/vmmigration.admin"          = var.migration_admin_users,
+    "roles/vmmigration.viewer"         = var.migration_viewer_users
+  }
+}
+
+module "m4ce-service-account" {
+  source       = "../../../../modules/iam-service-account"
+  project_id   = module.landing-project.project_id
+  name         = "m4ce-sa"
+  generate_key = true
+}
+
+module "landing-vpc" {
+  source     = "../../../../modules/net-vpc"
+  project_id = module.landing-project.project_id
+  name       = "landing-vpc"
+  subnets = [
+    {
+      ip_cidr_range      = var.vpc_config.ip_cidr_range
+      name               = "landing-vpc-${var.vpc_config.region}"
+      region             = var.vpc_config.region
+      secondary_ip_range = {}
+    }
+  ]
+}
+
+module "landing-vpc-firewall" {
+  source              = "../../../../modules/net-vpc-firewall"
+  project_id          = module.landing-project.project_id
+  network             = module.landing-vpc.name
+  admin_ranges        = []
+  http_source_ranges  = []
+  https_source_ranges = []
+  ssh_source_ranges   = []
+  custom_rules = {
+    allow-ssh = {
+      description          = "Allow SSH from IAP"
+      direction            = "INGRESS"
+      action               = "allow"
+      sources              = []
+      ranges               = ["35.235.240.0/20"]
+      targets              = []
+      use_service_accounts = false
+      rules                = [{ protocol = "tcp", ports = ["22"] }]
+      extra_attributes     = {}
+    }
+  }
+}
diff --git a/examples/cloud-operations/vm-migration/single-project/outputs.tf b/examples/cloud-operations/vm-migration/single-project/outputs.tf
new file mode 100644
index 000000000..347eb54fc
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/single-project/outputs.tf
@@ -0,0 +1,18 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "m4ce_gmanaged_service_account" {
+  description = "Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects"
+  value       = "serviceAccount:service-${module.landing-project.number}@gcp-sa-vmmigration.iam.gserviceaccount.com"
+}
diff --git a/examples/cloud-operations/vm-migration/single-project/variables.tf b/examples/cloud-operations/vm-migration/single-project/variables.tf
new file mode 100644
index 000000000..2d7214f47
--- /dev/null
+++ b/examples/cloud-operations/vm-migration/single-project/variables.tf
@@ -0,0 +1,51 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "migration_admin_users" {
+  description = "List of users authorized to create a new M4CE sources and perform all other migration operations, in IAM format"
+  type        = list(string)
+}
+
+variable "migration_viewer_users" {
+  description = "List of users authorized to retrive information about M4CE in the Google Cloud Console, in IAM format"
+  type        = list(string)
+  default     = []
+}
+
+variable "project_create" {
+  description = "Parameters for the creation of the new project to host the M4CE backend"
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = null
+}
+
+variable "project_name" {
+  description = "Name of an existing project or of the new project assigned as M4CE host an target project"
+  type        = string
+  default     = "m4ce-host-project-000"
+}
+
+variable "vpc_config" {
+  description = "Parameters to create a simple VPC on the M4CE project"
+  type = object({
+    ip_cidr_range = string,
+    region        = string
+  })
+  default = {
+    ip_cidr_range = "10.200.0.0/20",
+    region        = "us-west2"
+  }
+}
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_projects/__init__.py b/tests/examples/cloud_operations/vm_migration/host_target_projects/__init__.py
new file mode 100644
index 000000000..6d6d1266c
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_projects/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_projects/fixture/main.tf b/tests/examples/cloud_operations/vm_migration/host_target_projects/fixture/main.tf
new file mode 100644
index 000000000..94fb07f79
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_projects/fixture/main.tf
@@ -0,0 +1,43 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "host-target-projects-test" {
+  source                    = "../../../../../../examples/cloud-operations/vm-migration/host-target-projects"
+  project_create            = var.project_create
+  migration_admin_users     = ["user:admin@example.com"]
+  migration_viewer_users    = ["user:viewer@example.com"]
+  migration_target_projects = ["${module.test-target-project.name}"]
+  depends_on = [
+    module.test-target-project
+  ]
+}
+
+variable "project_create" {
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = {
+    billing_account_id = "1234-ABCD-1234"
+    parent             = "folders/1234563"
+  }
+}
+
+#This is a dummy project created to run this test. The example, here tested, is expected to run on top of existing foundations.
+module "test-target-project" {
+  source          = "../../../../../../modules/project"
+  billing_account = "1234-ABCD-1234"
+  name            = "test-target-project"
+  project_create  = true
+}
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_projects/test_plan.py b/tests/examples/cloud_operations/vm_migration/host_target_projects/test_plan.py
new file mode 100644
index 000000000..33f493bae
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_projects/test_plan.py
@@ -0,0 +1,26 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+    "Test that plan works and the numbers of resources is as expected."
+    modules, resources = e2e_plan_runner(FIXTURES_DIR)
+    assert len(modules) == 3
+    assert len(resources) == 23
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/__init__.py b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/__init__.py
new file mode 100644
index 000000000..6d6d1266c
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/fixture/main.tf b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/fixture/main.tf
new file mode 100644
index 000000000..dac8f5af0
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/fixture/main.tf
@@ -0,0 +1,51 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "host-target-sharedvpc-test" {
+  source                    = "../../../../../../examples/cloud-operations/vm-migration/host-target-sharedvpc"
+  project_create            = var.project_create
+  migration_admin_users     = ["user:admin@example.com"]
+  migration_viewer_users    = ["user:viewer@example.com"]
+  migration_target_projects = [module.test-target-project.name]
+  sharedvpc_host_projects   = [module.test-sharedvpc-host-project.name]
+  depends_on = [
+    module.test-target-project,
+    module.test-sharedvpc-host-project,
+  ]
+}
+
+variable "project_create" {
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = {
+    billing_account_id = "1234-ABCD-1234"
+    parent             = "folders/1234563"
+  }
+}
+
+#These are a dummy projects created to run this test. The example, here tested, is expected to run on top of existing foundations.
+module "test-target-project" {
+  source          = "../../../../../../modules/project"
+  billing_account = "1234-ABCD-1234"
+  name            = "test-target-project"
+  project_create  = true
+}
+module "test-sharedvpc-host-project" {
+  source          = "../../../../../../modules/project"
+  billing_account = "1234-ABCD-1234"
+  name            = "test-sharedvpc-host-project"
+  project_create  = true
+}
diff --git a/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/test_plan.py b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/test_plan.py
new file mode 100644
index 000000000..839357118
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/host_target_sharedvpc/test_plan.py
@@ -0,0 +1,26 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+    "Test that plan works and the numbers of resources is as expected."
+    modules, resources = e2e_plan_runner(FIXTURES_DIR)
+    assert len(modules) == 4
+    assert len(resources) == 23
diff --git a/tests/examples/cloud_operations/vm_migration/single_project/__init__.py b/tests/examples/cloud_operations/vm_migration/single_project/__init__.py
new file mode 100644
index 000000000..6d6d1266c
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/single_project/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/examples/cloud_operations/vm_migration/single_project/fixture/main.tf b/tests/examples/cloud_operations/vm_migration/single_project/fixture/main.tf
new file mode 100644
index 000000000..c2750298c
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/single_project/fixture/main.tf
@@ -0,0 +1,31 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "single-project-test" {
+  source                 = "../../../../../../examples/cloud-operations/vm-migration/single-project"
+  project_create         = var.project_create
+  migration_admin_users  = ["user:admin@example.com"]
+  migration_viewer_users = ["user:viewer@example.com"]
+}
+
+variable "project_create" {
+  type = object({
+    billing_account_id = string
+    parent             = string
+  })
+  default = {
+    billing_account_id = "1234-ABCD-1234"
+    parent             = "folders/1234563"
+  }
+}
diff --git a/tests/examples/cloud_operations/vm_migration/single_project/test_plan.py b/tests/examples/cloud_operations/vm_migration/single_project/test_plan.py
new file mode 100644
index 000000000..7d8a47b15
--- /dev/null
+++ b/tests/examples/cloud_operations/vm_migration/single_project/test_plan.py
@@ -0,0 +1,25 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+    "Test that plan works and the numbers of resources is as expected."
+    modules, resources = e2e_plan_runner(FIXTURES_DIR)
+    assert len(modules) == 4
+    assert len(resources) == 18