From 665641ba7d42addcea352646c24a3563cf10b2e1 Mon Sep 17 00:00:00 2001 From: apichick Date: Sun, 8 Jun 2025 14:51:08 +0200 Subject: [PATCH] Cloud Run with IAP recipe (#3129) Co-authored-by: Ludovico Magnocavallo --- modules/net-lb-app-ext/README.md | 5 + .../recipe-cloud-run-iap/README.md | 68 ++++++++ .../recipe-cloud-run-iap/diagram.png | Bin 0 -> 100691 bytes .../recipe-cloud-run-iap/main.tf | 152 ++++++++++++++++++ .../recipe-cloud-run-iap/outputs.tf | 48 ++++++ .../recipe-cloud-run-iap/variables.tf | 52 ++++++ 6 files changed, 325 insertions(+) create mode 100644 modules/net-lb-app-ext/recipe-cloud-run-iap/README.md create mode 100644 modules/net-lb-app-ext/recipe-cloud-run-iap/diagram.png create mode 100644 modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf create mode 100644 modules/net-lb-app-ext/recipe-cloud-run-iap/outputs.tf create mode 100644 modules/net-lb-app-ext/recipe-cloud-run-iap/variables.tf diff --git a/modules/net-lb-app-ext/README.md b/modules/net-lb-app-ext/README.md index d04e5b68c..6007752f7 100644 --- a/modules/net-lb-app-ext/README.md +++ b/modules/net-lb-app-ext/README.md @@ -32,6 +32,7 @@ Due to the complexity of the underlying resources, changes to the configuration - [Deploying changes to load balancer configurations](#deploying-changes-to-load-balancer-configurations) - [Changing the Network Endpoint Group](#changing-the-network-endpoint-group) - [Updating SSL certificate](#updating-ssl-certificate) +- [Recipes](#recipes) - [Files](#files) - [Variables](#variables) - [Outputs](#outputs) @@ -1035,6 +1036,10 @@ After provisioning this change, and verifying that the new certificate is provis +## Recipes + +- [Expose Cloud Run service with Global External Application Load Balancer protected by IAP](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/blob/master/modules/net-lb-app-ext/recipe-cloud-run-iap) + ## Files | name | description | resources | diff --git a/modules/net-lb-app-ext/recipe-cloud-run-iap/README.md b/modules/net-lb-app-ext/recipe-cloud-run-iap/README.md new file mode 100644 index 000000000..86d7121b6 --- /dev/null +++ b/modules/net-lb-app-ext/recipe-cloud-run-iap/README.md @@ -0,0 +1,68 @@ +# Expose Cloud Run service with Global External Application Load Balancer protected by IAP + +This recipe demonstrates how to expose a Cloud Run Service Global External Application Load Balancer protected by IAP. + +The architecture deployed by this recipe is the one depicted below: + +![Architecture](./diagram.png) + +Note: Make sure that the email that you pass as support email for the IAP brand is the email of a group in which the identity executing terraform is a member with the role MANAGER. Otherwise an error will be raised. Also bear in mind only organization internal brands can be created using Terraform. + +This recipe addresses common requirements of backends protected by IAP: + +* CORS + + When a browser sends a CORS preflight OPTIONS request, it typically doesn't include any authentication credentials (like IAP session cookies). Since IAP is designed to protect an application by requiring authentication, it often blocks these unauthenticated OPTIONS requests, returning an errorinstead of the necessary CORS headers. The browser then sees this as a CORS failure and blocks the subsequent actual request. + Google Cloud's IAP has a setting, `access_settings.cors_settings.allow_http_options`, that needs to be set to true. This allows IAP to pass OPTIONS requests to your backend without requiring authentication. The backend application must then be configured to correctly respond to these OPTIONS requests with the appropriate CORS headers (e.g., Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers). This tells the browser that cross-origin requests are permitted. + +* Programmatic access using a service account + + To access a service exposed with Global External Application Load Balancer protected by IAP programmatically impersonating a service account: + + * The service account to use for programmatic access must be granted the IAP-Secured Web App User role (`roles/iap.httpsResourceAccessor`) on the backend service of your Global External Application Load Balancer. + + * To access the IAP-protected service from code impersonating a service account, an ID token signed issues for this one needs to be obtained. The key is to generate an ID token with the correct audience. The audience for an IAP-protected resource is the OAuth 2.0 Client ID that IAP uses. + + To try out that programmatic access works for this particular service do the following you can run the command returned as output. + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [project_id](variables.tf#L39) | Project ID. | string | ✓ | | +| [region](variables.tf#L44) | Region. | string | ✓ | | +| [support_email](variables.tf#L49) | Support email for IAP brand. | string | ✓ | | +| [_testing](variables.tf#L17) | Populate this variable to avoid triggering the data source. | object({…}) | | null | +| [accesors](variables.tf#L27) | List of identities able to access the service via IAP (e.g. group:mygroup@myorg.com). | list(string) | | [] | +| [impersonators](variables.tf#L33) | List of identities able to impersonate the service account for programmatica access. | list(string) | | [] | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [application_service_account_email](outputs.tf#L26) | Application service account email. | | +| [command](outputs.tf#L31) | Command. | | +| [oauth2_client_id](outputs.tf#L40) | OAuth client ID. | | +| [url](outputs.tf#L45) | URL to access service exposed by IAP. | | + +## Tests + +```hcl +module "test" { + source = "./fabric/modules/net-lb-app-ext/recipe-cloud-run-iap" + project_id = "project-1" + _testing = { + name = "project-1" + number = 1234567890 + } + region = "europe-west1" + support_email = "mygroup1@myorg.com" + accesors = [ + "group:mygroup2@myorg.com" + ] + impersonators = [ + "group:mygroup3@myorg.com" + ] +} +# tftest modules=6 resources=24 +``` diff --git a/modules/net-lb-app-ext/recipe-cloud-run-iap/diagram.png b/modules/net-lb-app-ext/recipe-cloud-run-iap/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..81debbf22321061b5cecc87008d7b8ca4fdf40ee GIT binary patch literal 100691 zcmeFaS+48Iwk>v^KMdo+uLFjE6L`b zVZ*I(FFZqQt(|M{+?glux%b@6W8~U<6%3J4%$PCfm_-EtH&fsKm;d}f{pY{@1D64=38DS zfBAtF-~Rf6z_O<6e;}nF2qJhqevI=VZG)=&u}*p@g3p6Aso!tVnl&%W;0HpXf5hOU z|EdL1UiVFx{XhzEt=4@~!fz;spT-$}c<_y5|AN#1!u~h-lYczQfe_*EGQTJAYnw#(20bEXZBs#sg2UYy`Ui#Q;1;y`rz%iS$E5A@rhXd? z!TyNJ3`w<4&I_<@vvz<8(w{U^nDD!@e@K-(|sm_UfXzCWJF zZ)K0a6B%8$2?tiC;8|=l2fLH1*cYczG+?5bp(P z`_ayOv#8*luOCBsb)3M`A&-;py|%Zi`lc!S{PA^R)YNqny-($PjX~Qs)7Q7%n(}>g z@Ao`l;9u2_3eGaSyzJm}x`5cMp~Cl03~mTE?;WPpaVK=J$dw3*u&ad;V4Q zc~;)&_(9FKX`sGOllJ-JkDIDlOiIL%A9Q?g2l(b+|LhlPv|rZ4zookBU&6~lvaohu zo>OyilD~$*Um5ys{>Gpj-f8|;(Dlm)2d8Z_Jl=0h+CKTNe;q~+u!^62!87J zYb3u;yPqhyOMGWneLQv)@l38VP1CAED2a>5N6yT^5boWOEKM*8~qkmA& z$><;a0Yb0OVKMUW)%4Bdr&?@uA^jCK^J?~;i%`Yy?HpgNN)#%}`l>|j!k<%?_sJQ$ zg1B%3xdmlaGrqGGx}#0HeEodg^g;jW8l+tE`8tX7&zEHr-4i5dP{Us{Evg+#`XH}g zA{yQC#yM!L-|+iqzW(kUzb&a>=a*mOcKn@{-?<&fHa}x`=0ntdW_JdEU(0_Sb|>Du z{%h?1y@~(C7oS(dJI}{Km%U~Z&D+6* z2C6F(44 zik>vvra*v!cxwTq?^`2ppT5!Nr}hX~n&_#oS>T;XK7?EZ@(?X*;X91S` zNTGdKE`dI*<1exVbx{ebyhICj+cYUWhwx$zllVJ|5&9b@WWL9QZzTQ9gXABM1*!Lr zf13Ct20Zw#TAH@cnzX5dQvRt__lbWp^Cqn>wg&b+Llcifa`(@st3$q9d_u~FG8`me#H6sf!#jt{0G27 zdG3FNwag#?R(D{vebpnhvcD4SZx*50b*G_xd9Z%`Uto}*)IRF{C+nAceZeiTLLNwk z<<-kK^~DH224PZ~O_%p?e!wrd@fQJQ`OOpUo1^L%tnznj8H5ihfYwJE8m++x5_c~n zffjzCB`A4yjPD+A{x)>`dsn3xtmGd^{_T=bx-tEM5N0sE3DMl?#B~v<@G=k4isixX zghf&_9?6)D7n;--dW@=Q)CzvmL~f0%C|7q`A8zT@sC`bYGA!N+tC4TUxN?hlD-XeC zGlrEigo~QSM0t<5DW?|dq~=0%y_9vZvp%kg;Np^2#Zl%NK9~3u+CksBnfpbum08iA z*LYWU*Ry~no=}?SJ$Cgn>`3Tqw5TwSeXdi!-R+OHj%mBT3NCYJ_Vw2^unjFTc0pUtWwD=Gp73xk=BwB*GIUW7?n^;pV(Kv-E$vpn1}+X zH#YV0%qH3@SRe{TxK&m}L8xPfk=~)Fx@P;SW($p0`*07oBo)@{3qJ+Yp3vo#{^oi~ za&`PP^2zs3jk?u4-_uv95BksN>K3SX$7oe@U-h1)l2LOov%gTn+zA=bJoSk=i%5-A z5oOM5dX=!;w$;?Qq_bZ8%URn0mM8O%C#_W5rZbEMKTD_I^5mB`Wtdx`fi`iV0`a#; zseX)d)oi8>wKkC-?)CrQphN#|aQ4YT@u7S^tH_VC-wf%0 z9UZ+Pst;UM&EH_S4|mo(g!{PsfN;(2)_p{bK<@ty_xeXGzb|?t-?7P88vPq3^%K}a zLi}Ih9RsK*i?X8pgyB9E*}F^R4H5qyE=~4p2R`*3Oh)76j~~$OGtc3FKwJhhh9>RT zX7Nu9jwtkDeX;+%82r8GU(NMD41jP(o&CV;rvYmFMX>+Y*oWWs7u>PGXaoE^cNO~ikMcO5lXlF(L-tD^=Px7w z1%mu(ZXlE74`*&@gnp(ly|8G*_DOx^!62|`4NQ_?>preThJnek>g#>b3Ux8;JElwi zs@oB1*bbOD*T>b1#gIg%3qVehr}dm7;4`T2KI@W$Yf?mMXMWZse$ZA8hjL1{HC(eD zLMxmvCJdNZSaO+5b$6nptpjlUR3grFNOp%KBh0m$7(HxqXD6mHfrP`HjX2GQ-}Clj1(W_%T(I!L*}RZM|whgTVk3LAPN{woe6;MIVcZ z)a!?iXkeTvFuasbvsJh+B91ot+?lj{y1-|PcAsXT69u28P|u)A4)(X!+^-Dk0S3iHDA0h>`{08uEjwBeqEA?*$ z+T;rf{1%jp5(K_D4GHW|p#3%Y|Mzy2lHbd-_=hQxQ<5U@&oAi^goHkMq5h0of~OTU z#@8$2-Eq%-?Y*V3pCiW)gW$83@L`#L7>B=qrVsVbfuAP+{38DZazF@7YY{mrQ5 zTQHKq{$`l!?-tO%*~Nk6*xzzK{QHN2J_zuYS@MmX`2(1sf1ISMZ^J^=cLd8nOIYYV zwE1gu|B?IlXQbmlJklWpB)-#MM?2){SiIr_KaY6WcYxA&@G$d(F3Dfa28evT`~Tnk z{l_B3j)gk=wljd)fgcMQnI$udnt-VTzoGn+PTzcvqAET5{D_|O9zBBb$AX8LiIswP z9X^M8&OCMmue!FC!5jei{Z`(?=g=lU1B6fC;wD(GewZfW_hJ>VzRnuJcpacS&|&dk zW&n&YrzYc!+C%0P24+{pDFJK;c{tV^|&@?8XjM6F@>iGP;wxDt_C!n4bjT_91QwDtp z6NaCGzHfCxpN_T+eT@3oXD=GRu7PfFFT``++eXij&<5P=LX<#wnQCBWeu*`GKTh)& zmyuxX#6SaFx@{QSnm<5XfUJ{jf~WAe|oDoTHpGjAqu_vVq7Me zy*mZpFatht3HpZXGezqp%v{00qFc}hFywf+=Z>Sk!7P&+k;3QE>K5q$hFu5GKsg$# zPM~pqsTTmbGjQO`2U42BuRexI*KyxL7e!)CMA2UCLp$VLf`UcT9h;8btkG{XGkoWuXuU7~} z6)&es{}j!88Rr#jQ4zqU|NFV&iOttpF%*Ha+g`rxPX_7ta*H8J=@%1Ie~bD1X6+%! z|LZ{>g81mr2a^A%4D-BiQ20ti|HG_Ll{f#nOwZqM0g&HhW>ffga_isofd1g-<$Eu` zVzECBfM0ej;NNVk_$M|1KA8B|=KfCu0L=2=C)Ei-IctHqzy#l<4zNxGKf4Y|A)jIo z3;4As@M+Tk{ugbHCcWTsU4rzgH@MbEwF`+xSbp`cWms|ds|e{-RawT^eoP>h=N+W~ zLR0SwALGP4ZZy#RQ`wEATZLH!Yp%oL~{ znJI+!0qI|$k)NQQSDV)N?|~UW02Dx~ea+sVN9N1=VHO~8YDhi+=7@xpFX-dT6ahdg z<34~|0Jx~H#G5$=0QLNF4~nvAAD;nDd@xg902an*A+rgAd>T@kUSMCpXfI%^7m%<7 z09c2VGl<@#Fwe9S;M z)K4%w7f94X<6Qg|fp+NE%cMl0{oD3^Wc2(7dcY_Pq0o^raYjau4C8p4TWF606Z6G8 zzyn}%-*Ff9@!LeVf3N7zzj>qIM>6+&n#A|e$j8p?--<^5ZD9Nz4gLQpufuAxYJ~k14Dtb$W_>wMw1yKYU7yo2i)qX$ZjWb^dcD~2!{~Upxk6!*$ z1$Nkf)h45#Z4~*kujs4oM{nHp_ir-#n_(X6-H!g7VV=J`;q?z5=J_DNuOaktx-#FR7$Lk;V({J@?{5}a*A4lYU;wYzs zb7bIj!YE3*4mJ-%Qs>9!0qh1R20}rfp`%|ybiy6F_nUakA1CqiV`JFQj~e+sc88H4 z+v48+PTx7H2B+Tx(0_2Q`8j4s=TE|EX|L_!a4cZ;fFmQ}u$ulG2KwSo!r&m94<`G} zVt?||H|pX0`NQ-_aO_ujY4cAJ;r*~=KS`jUNtA#4$&9~}hx=Px$={y@0uBs(3BQj? zc)R+PWAf!h&ac+c<}-iThpZ{MsCJ_oR=|5u|7n)azV^q?JcFbqpQP@Y;*} zakvV);fn(eU3@xs;%k@N`-a_bTst&|{=swK9wG7NjI)nJC%!$EB5e8|6x1)B-PjC$ z2}d7_Uyf@^=Xc<-cUcB{7^&hfDNa*)~2&pHY|4nDf&Gdh^_%i%{^-=jmx;Ve=G{zq|* z|CqzBlv@r5c(y-A$ZAtw2P6>+DhI1hfkVQRHV?|bzG*fnK`UN?tE6lIzW=p?1J(bE z6Pq6&aBA{P8vI?#?u9M>4z79MDfh+J{v?XNcdpq-*&hd0G2h#q`Hg+^M?<#n(*Jvh zG2`D$nEvBY9sgcZ@;6lfP`&R*hkfTzv7arpzqy`2ZunXZ{KDa6uN5Wcu3(%d?66H6 z9=`OmlgUoX^TH8b?g^3i;kRH~yFP;7(kz#<<(?=$Sq06K;WJ58&7tPX&DQ79^`Bq= zo)n18FulJj6nM-8+33XuOvImG|K1ev5|RhLM_G2syrR;#Z=#Ls$EG+=fhY9quS zq*L+?jXhI^^@9z1A05gnT+L3=y+JsUw4j+oUU_h@)tKbLCK;=_k!O2k5^#qpmuWelSiIiU*gCUizp3vu!7>)87=?M9Y@8?9WvFZ=;#SPL zR4K<~2QyxeWXsy1y%kD-Y_Q>;Iy|q6gFjgyZ}`1P0b9d?i%Cz2{WZEpPo~w+&kGkz zrCN=6W!U)c871c`f)*8M@tI7xd!7;+-wk*1iigXF^d#yfvBD@)d0tHQpg~faA&&I=iReC!a;c^);@97tXF($slN2%2|YYbC1Pm_pRD9&(w^c~Onnn-%L%(B((r27F+4^;oj!nVYKY96opj=7=|a=LF60Rrv(` zFI*^$F};}6++kD1xg!rgJdgOc5EnmJU-KJK_qS*6#bvMFtxD!pJB zN8tkYIHv@)gucT?8g#Ofa_Tlb?3JcoW6-GP)t{}cu6W2Dv>G4WOz9%I*)Zj%g-w5h zWWvf6T;ZijjU$GBi!~8F1y=SRd$jzIai-MK@#%*<&yFc3=UV6xFHDz01`gt>I5P7o zuMg=;9>VE98}HOP>1^rUp74Sa;$3A==M$QA@pjxp#i+cNW3GOThU^m4{=PzKi9H~U zr)V>@Er5eiL}U^ZMTR9gskH_|XkgC4cm^qupI2XA*XOtg#4g;HD!3x9fYjtI()Yq# zJRaw8=t`FKtlF`>HpZCCxTPLV5dc0)ke!t^L2c4 zhjB`ceh2CtB5>UFd4eBKgy>CwcD?tb#S$I!WLst~3-`UK#)3&9S~iOW-J8fC{`$ zqNU5nGSBVyOnn%gc~@T&UR8-m*H7153x*D?7t**#7Z@c!tgo5sUD{<5=}5yHT%`75 zFA=@zxNh^31FyM1h~+g8@qNWE%2@>wCZnm4On1bZS4~jwo80Il4owg;r!GxPUTn{? z^jPhOxHoFNg=s%;jx1WMLY|$V*Be=xiP^?SoG`Yk7@~^FW9}FW##115`O^g`km{A- z<;3;YTq*vv9&I=WO&~QRyBTSRsDDK>oANC&O)_2-(ntkS zNLS7a+2Ln=zd0Rz$)3#9s?A;9J{njdl4YteO|m56$ArP{>dc(9%~FS=u;ZCZTq=;I zaJsA#pX<87V2z8ZaY_Z~>vj_qUfi3boEyBhq4lw70(NJVND!pkE8N8M+ow1%tnNNi z?%>#w4eNMa8B^Qu_3%pUHat)TWGKjVQOi2VC2!~BiH}q13UWeNEok`~9ptVMH$1QL zsy_jfDAvVUs>5}?@cQMrJn)_4W#Lwaf%vL53ozTL$2PYP5#m#vX?}Y2>PIoG z4|>`190lDIcLP+KZtIZQw0lnP<;-)0+Yamlfikh7^1T`LaJ$`t{Dj@WR3(w#Nj@n^ zU#9zU)A|o?iS{sgJYPus7N*)CE|)3c!`YW6K5UQrnZ-?|ZG;JAv~nFb(R2<~Ow#l^ zj0Zx#Zu?#2?b|J8;Ow<8)(4Bq(YKD#myT8EydbasnjG%81j%`(g^CdK=xp1pFgt>U zO?<7v28pYYFWh;C&yHM^?lg-dmo@;&s5E%x88PCf@fgil2v&}>zus;@Vjdl;Eh84mPEY{{Oj>>Ic2gCnynvok8bMC_c)cA< zWz&i)%ni`=$Zw@$sV?5x^=SI!#~YdN#<7C8R{&;7Nic5KTeWCAm?F{CG+t~58Ver^ z8dF=6I|J?$ufw`9%!vWHDumgSy@`@U(s4w|-O5k!FI~|HVW}xdd>yWV&DvvPh3j(% zXF?knsmIltnUKVbxrNlT5ZaSLA}Q)5@zTET0RQ3cg@(xy&az4M?*2Kl4je8GK3WBP z4q<+|W+0*X6Y$B_RzhVLIqh~IQ*rQoBIcNh8yqM7JkQz=>J)VtjPV$*m=mMbKp3|Z z#3pu^XE2b{iRo{If+V8I!R{(R13G`;-TkF?@|gf=njH<(4Ne@19h;%8pLRbjI80yuJj8=#NvIBf417(3@vXAUOH9wRz? zo}Xr%ERu~g@v^|%r3j_<@+=;P()VJ-W4t91jzAm@s`pfd?cqgsgklhFWb=(Ms+Pq& zPj1C$`$)|zi|(NFWFC8twLD`!8WV%0#xUJ^p(hvLln?V^;1cn6xuVuK!{CdTIK|Pd z#Hq$hho(H8h+}g>qa8R<#Ei>n7`>^*!2*6fiijVjJomikb6iG>=Hvqmu$sf?Lm_S% z39|XrrwZ^b6wmjegxg9VwI)A_%D5nPvY$#Me`KgDHIRx$eK~;Eii|}{Bv+CXL^UMG z1yG~J)_5Gy$Qy#c&B5Sn1w%4`vaiOr<5OX0fRxgn9cvSH08664tKHpcG4{M87X~$u@_L`ruK@%=A2y(5M6*y@36(HPN>{Pe7$Z| zozkQ3#LS&}EAcfwFOitSec2s0_=V+}p*6- z3aKZ+kK^t{?f|{FuPy5+){=m5)58(3NDqFe4|6CWEha56V? z=D2jn=Y^-wN0W|S7@K?BAovQ8KJd)I+npaiwQHf=He5@O!I_D&&6I1;yFi@(Pqh2&52_J8`Th-=LViz%=bDHOCt@KY9-=HyS%d;?GfEzWYkj7-%=k1?KuF?Md3+IyUp z9^{6~S_wENQcseUO&^K;HU^lH)C&^a)#W&$Sz}iOEZTxnI`WC1Zu<0`+iKJ_H-|Y8 zh>lj3u4f-iyH0KM9CNqJU8GeS)>i8^2Y){8z2zYs|R_U~> zTF|oN?uOIB4sPD4W3ZDp50OCV%5C<5PhFPC=E0P6?%7f|qZuxR&e#Bj>f?Z2hkGfM zUQKyUck6e_Ji#j-K}NsUBVv<>Ms9M7;~Ku}UIP2P&^(b~f@%@kkojpRr$V}4q&gT6WEyYd`AFl=D)X@PCAw_`Mp zk?IPpu(;29zamN>+?aqjNGLg|Cgt|H2K+l;?1h}(?0Qj3?iX`zIps)PM-RL>*NkpO z8cm$wfhkJI=Vg2JOOI2d+k)*wq+c(o!58Pj^MYW=9~Kx$XuWd-1;;UCoft{e?#erB z#Z%K}vJPHGMBLP0o#Sy=U8`%i@E45PqCYSG)2puc>;77?*C@U?<+v;>fA0c2+#qo< zNsfMow`-a%MdK)UWnaMJNf-fnDmO1Nw|N8o>g4 z0$0i97Fbg@clSJXYRt7+*O48iBcfK^&G>lGTS3|#NTh&{^KiS57e}XBQlODRTQrSSIR_#)ejIIyneXhhqi9$wTybD()PC-wPy|))pMg zbZtpGyk&~Hjq~;{KQ?NzL7q_1G$I<~ZZma9j6Gx;$lXjRB~X>JHx8TGV9S)4i2SHY1);5ryuHl}$N`1O01sx#9G2D=W^D4O6s%F{I8ddRJNxWDW>>Rt zxsY%yvnWaWK?Pk)n%zzZhn5 z&LvqHma9&PFf&)5u*l81xsL`q`(r~c} znJREZgTBDyX*>udIeNlr3n+n4iwx)>iiEDFV=om^GfvCZ-h}1>nS^tLO>x>&^TG~$ zg37!m%pv@VEkJp|K7gvk_AvPMcoF82LZ-T)lP7o+%c%{<2M8fZe1NhCHM_At4(5LD zAVMSXgar6cmY>R1UuL6cCJn#{KGybQN!R$mgJ{f`n<2$iohnB*J8xmMgDNZVm`m?T zIjTBIss>4-Z{G5-u4ym%TOEwF7{h1e9I~z#4~#EjLhd(O*Y5rmbi9~};AfBzwQjqs z^4zHlTFApWYc4B(uB4q9BL6k0Kk`=PuE;)~9L@uKt2!pe3&Xsz0Nt>u#0bJT`O zF@_;Z3pe93(P(Mmb~~I6@DB0m5!jO#1t%I<&9usGS?>yvUjjGL#8R$mB-|@BF?h^7 zv0xaiAp@`jodu6|h__V1TI_M2sdCHpJl+M%-N_9k!R?HXs{7PNyA>Fx2smGbiWsLQ zY^6k2xPZKes@Bx>#GNhuf`sr+mFhc^R;`b%0Lj)vB&_mChEFr2<&C`Gb~#?}4)8oL zonc|~*VE+S(aFx2Y~NFNIFY(L`Io=_xDU)ix3k3pdJJ`V^(t8@s8bBTrQM z#&vw!j<#ly^-}{fCAt9r9{Cu_pG-a)XON(5YM#uxKT^)Xp1EEyurb8!UY$2}cs3IH zg0-ID_A0))gl8Z_QaX&+E_r<>?Gr$M#R&EklFp&3laF(}2N7gHE&vLtJ$(8w>dld{ z=Ng$ZcgliEEJ7c{a{m z)XZ&?BvRzwjCz+c4BSXeq(3M|xC?2$C@8FPrjlRs-iYa^nC>%Yi!op#C`4a|C`v0E z(>4{;h-0Jm73Ww1AvC)kS)M$zSn^$Se4Lm2>B1O*MwJHf7X0pG z3sxYIO@MyS9T>3uJdKyb=^z}u;Jj-U&`Um8WqelgIQaDh`#R@tC>-q5K-rwj&F}^( z4#XKEyUsk35UU^;#Av!}V2o|IZtX{`#bR9IS!msP#@Oef%L3}=!Q1tvW|h}xt~+{M zsT-igl+bA&WH?Tz$!Z|K0)?E|yf2%vKce1dda2y)R1Ug@X>O4sB$Rg!ufeqFsS2`I z@x@8BY>d1OczAk_#8g{X1jWj6UJr#^6t&!HDabVChM8^^6yUZcvx+EJqv5yhnzqAZ zx08woC7*!aFwH=3@GGb6avh#TfCWX50jmq;P!~1@ICDyA@90BGtS&6ym*)L$8M@s) zShP~laA3xoZL*tVUoR7K;YyvLLcPq*Sk`gYyLK1g0WhO7v^W5s8~MzXmNtBwn9V1D5`!G-4$D^d1bg-DLe z2XH=VIlDRCJY88!#L?Kpb7SKkGG4~H(jv>qu!3Vh_bp3BjObwrdMbp4&sPo=nWj0vxAagwWlZshyrE2u;Yc4>%*+EcFo`sZe1mr0Ch1( zwVz6eyU4MjrXI$JSQ;GBb~GQhtrAcdRwUyRBiymPQB?I*vjYr9Dfic%G%o>InfVL5 z9B%t?aV9r$@Tnf$&O%sb6%L>`N6=Hyglj5K&cc}RL2Z^TduWOV7*^@lF0huZ(nctN zs8~xHMaG`K1-toxm*!RgnV|8f7ASY$9BV1wy#UPNMB(0U>DyyITorMa<;RvRk7E{I zVLG+l>B)}xj?PsBf_Y01Cu@QL`k9NZU*7Ql}y8M8}z+MW?Q5uVwL^I$H;9F~}Lhvh%)z#$PrEQX;!Z4n6YBnYoH_ujT^M~O+ZJ;#*C>nogZ)R?=8`cw$BIq6?MjmfjmHOI7 zav|={LB|?$UhmxQfQt#mB!aJ&dO5iCR7eLLQ5)&+%VBHT`=vclC#c8F(E1+D8xfts zJ#SSU zGevRZhX)V5eZ&14>!+o+yuEHJ{FLd6h5LKZn%;3QUlqIzUU7cVOGg1!bjygtX?&<5 zl;7Jc12d_V&y8LmN`0pu4+gNFf)Jg$Ufr^zsl?kqG#P9$7%4JU6ac?kZh}zEs3Hl;$AQ7kR!v)1!$T7F9fCfsyr^!-K7i*9G(1_ z?LzxegAX@4j&}~8RL6^PLEX3v#^`GK07QF0T%AE2Cuy-+ zHVu+^LVKPakhkb@Cna`I<^jQY;G0Hhd>BOf?3y;6pW}Fc@Tq-SuuE{7!Jf0c6gP9P z4P2X+$?XH;xwCk$Mw&GNQ3@6qhyujSaoRG2$7RK8%(5?Lio5q~aH?Raxuorn<3@$7 z55c**tcBCOQ6RLW3I{(0HFbFSgFO??JrK=G-G_>IIGLO3cs8nouTPhHsSCjH&~+sg zo$*4~H3v*6oI48P_$Pnff;MRmd%0xj;Bo>q0TJ7KJKIEAHhBhOFWMb8&EZbSRs{G( z;BN6Xt6DG^Tzh??IWeMDUn<)*#j&&s3Ai& zSoUqgDjrd-(sI#gQoqH9<8?5cG|Z^rjF1rLZ0G~eF(g)uK2nc8IEgc0-Q36u$>h> zyCpKIwHj|q7*F;V5kFD)n!-BqtHek;Tm*e{wGL`Pqi$SqZCl^W_AUq@n8Wa#n(okS zEI>MfT!96`R|H>|Q$Us?NK%b$kan8p-T_6O2J(6fyl7UIT*)LqR_SvNY_0_oivP>Z z!NVQBPU~U6JEtvBP-w!N8;0JY*jNM{ZOq1-ld#CS=bkW@-ad~I`3C>XoI;dYX_*Y* zN7glo#tStkBXP4m5~U;EcPt(4eX{Ru5clA_!wLfrvr~fty1ws%IMZ~+~KKgA$$Q5-gM6ijo(OgP^&;e?;GO_*+ zu|7ssNDos%LMjz&!#nKb2Q}hbG-hNe@^j>t{aENiLFa;aPdb8}E}_Ud=AhVQz6s|s z+}5%a?IC%<+8%2WwB{tI^YjES`Ej{+k7%|0MCBs|pUP`5GrL8+DEUZ}JK*I|O3Wd3 zQ~@UD3=zjCtfU(g5HSe$yO#>$pqy@$JKA{0KS3-3Ah}g~a^%S@>RDsTAdt?l6mSEG z9QuxPx62LV9P3D#JM3~}@8!imlxG+*h(W~xjiNYN5mMf?-KnP;$|*)T`9>&$OrCT- zLmkP@;!-Fsb1FIQ3CSO|1RxLApb|dBt1~{u6QLXXQwR~I{mnqSqH#0eFzRrJV5XFA zZ}sKb>ulhO&ka0Z6((3kG~5@IRklg>6RA`dOMz$t>m5Cx8xnP5koQQ_j_`U>i4xiH zvZlz0**lE3mGV93US7{et8};lmu>ZN6mKp#%)r}th-BW#Z~NUAEuF$WK?nnf6sXuS zEB@k-T)#bRQp#z9kTaiJBq6SZ^a98dxjnMztYVfPZPS%*m|J&nLHP^Kev7Req-`e| z0JNg>)E%4=*$#M_m#-Acg+(ji3F1mAgf%bFNRB%j$B$2~+G$7h)bZZRX^4+*alkT{ zHxZ_Vhr!Dy*yGh%Cl8nNoh;fr;b4yNvL#6*0EKBv@;Gs%af2!_q%}@wXwGbW$_BJz zqIm_ZUt{|X@Df_ZJ4l)tY`$fZ+1SG5#Gn?$6Fmz6R1+4usR0uxms@U8wm|X~V^$aP zerOh7M`9x?ye+%ymGhXZ>XSXrGSV*F1i*wZ74B}~DO*gfmiDP;+IYdJW`#a@;HFI{ zo$~e#a1e0*^BA%wtU72qXyhI?dyP}QbV2!`H4-pH#S$d zYtYXYN#(**g7Z3o-p^+OCn54e^nffzp|MJf&lL!XZMFgrNOf-pPqg(*k?c8w{_tD@ zi%CfWvkspXB-6(-w3oYc}hG@p!dcXaUKLTo_ghY2+Jn_{m zQ4iFH$|r=&9&Lu~pvyBo16ijGWFmDurUZ6YJ8K(>;gf5nYj_Y&A;=E16xUQeZsR~! zNHf?SP(A^;6~Pu@U4p%1k$P62DPZ7+0F|p;(mk@DIi!B&Lk>AXqK*tCN}e-u7NAdi z?*iQQ6tL6F93#s@${`MMg4uXRaJ%O0RCop6_*Bobs46tTmSPx>1Sb0l*_l+S00z-n zsFU}cGrYeIyphwhE?g$`o_AL&(|fRP)@v>?2~bdsCJN(K?0 z3xXx7d+=f?oYvwXC@RRj@vkkrXAX)5X*QB_K)y&3)x^_OvFG-%E@@u$gciBDA-J55 zrG%#{QXIY6M3A!uI&lxHe00yZGi`xx-HzD!6s(66im-EM0#1u~$j03B_UK-FsocWM zK>Ad=J@zb$Bkwct&Pi`=()Y!Z^XpdB&MhRk@r~2Srg1Q4k%`IE8l4Uqc*Ob1>L3?D z+Em0I-jN6A_j;|%xjlD#9>D7z^oQnYb9|k8MUk+X!mO`MG7|btX>Tr* zJtrm(ZevZ`A(!_DktM<1ZQ&iM^f?VF$SZ^n0cJeyIP)tm1*<_U4d2Beu|ot~LVyVD z9<+4L(krDOQzhRklw}^hvucxbL-bxmJM`EVOh3|KUn%}29q~e@Z<|-n_9MKZE>h)U zK$gig*W83N&y_qqG%Y9OCl?@nlf2flxA^qKfr2)!H~<|AeLm8KrrHf%;QnN)g^W&k*vF*N1Tc@T(+xLJmAO@Gc3jr?gt_mxAHItC*w!1jli@TOoW>8Gjsm_lMV$Mi)EM7-iN840yAUzVS zlW|!qk3nRW&UaP=sT%my>TCKXE-aNy>_&bRARx+b0s@2~In2p!)cuu(xe z4$80G=a4|u7)UBVq2KdXi#lIM>OIrK1$P?AChkwH5e(eCZ}ZkScT?R}hP#m>G_2>< ziIFMgJTjldQO2ZTZ&+@UO5%7_d~Y(J#W99a_QYBjSFn@9#J&^ZwWn}vfwV0mvja(mZ4yL2k<(6t%KK z;>%Sgnv(=-jHDWL-k~5c=lpuXIhv!4b?ANCtAlEHuy#*+YsSNIzH)sBF-*S;wUdC| zeA5AyxbT|-n;n<{cG@9t4P-^-*sddMT45wuWrDZSsTh)~ArNTwyS~+f zL-a6?pvY>|czAb&{Y2p|LGU{u@sSU}>WZ6mMc9H#uSa>mwzI}vI=kgo$D%!F7fTxe z%a=9YkE6rG7?3PD%ZQ1P2D^)Q-Y}tvro{UZUJz>4CL}tWrEu!1T)&v3#uOcI!TxY~ zlc@=s@R;%(bhCl<6;qt`xig+CQlU(~M|rh!s4Bc9ul>1DAh_ipn1#h<@j&j{ExxG@ zbKGSfVzTNoZ1@Mu5p1TZ+?AX&ZgP$`6XKV%0y<13EI_P&Oe|_u*n}_1M{iW@edb9C zNl7RXvkJRS&>$>z;Y-8PFu%t0k(YPFh&ZBzKoHV!6;xzhTyp24RDfKQXmXq67cYx5 zWDJx)dv@9d`4%&N5-i}~Yhvv6HLVpj zJdF2Z??xI8RSAUDk(d|KN{UcSJkY8Au7WUKHd@KzgvDL*=hx=Fq8~V_8aV$a`6# zw)`=waDj&R>*_nMbIrWiRs8*a--(1=o#x#J_XU=_vSiITK=UvE7> zdqqXyD$8%9GlA=TYYZ+o!JB|70g?xt2)Usjkb<<`!ltYXyU`(r!Eb56)*^MIoszs2 z;HJ0^56hM+&(QH{b80ch@I0g~_K}b~G;+}LjHVl6fmUyoAkeqGR`b5L0uM>Dp5N}8 z7ftQT(C>u>oQ}mC>*+t{+*7vRI5HZFesKEI2)uC?z(bO16Sza?zMRw@*Y5Y2j55`P z>E=Sj8~%u0c0JQnd`LC73%!xxI`Yh6krN%H@b;X-a_IzKw;(Z5;7`?&G>Rzk!c2(F zU>Xdf2M~VGQqq>D$`##PA+fpbS01QmOT2Hx@J0%lY$YuLBcKIjGID6w(_TDbTZrp; zmLP0oynfF2t0}}(=1k@WZiTLe;YlIvK0U#DU~fza;clL3HYb3ja5BHgP1_=u{KI;~ z2w=h5Np|VR(10IO>(R zJY*NrS@!{?SF_J(1mUV+cCL6*`NsMBMt+zvjw_1;(cDLYB=>R<7w9NOrIaRKk4two zBfAgDBBp?Qz}@S4UO(`>V@41E>4It1m5=QoRp?DSDd||UhUp`b=uigYMtx5 zb?zX%aD`mNct@NtXn`PWh1u}!wk6%nhyX25Ni`r|dln}d7LqBzQZ5VoX4zIeUppr* z)#*yLhIg>!$;7-zjA3D?I&$_ zC=t@V$l!n)ZScQs!S*(XwuhN*V%={ii;u?L9TsG$V*`xSxa@c>yQ5U%$m3jFrCJZZ08a0r^ahhEkB# zjRBuI;!8kJu(78LkEAWcqr9Iu4RqK=Xi4VNGhB^-!l}wmwL!|JdsyR05xsnl7N;q@!_>iOf&nm* z^vq|NQ664VmKZT(sgN`t+C2^+@>nv+W>kvqdF<-z+vZpO;oOvyS5N_`u6og*32)%raAOTH|VRj^lh(QAf-TMlHo^JLD(n?H_SqcD49v33O z5s>5EBDrS^`lKnhYq3CTo<6z98x(GJ;D}RPw+F!3ANLC#t3CKTB`PHAfo#140%aYn z#U?8X_%*U&)>1J+gUzHpq!nQ#xHT38lz|IUed(d*J5mNZq^(J*((15UKtDq+CaHt+XcZK^{~zpc8hj`Awm%HV2LSlJM8vTN*zpmM$!;vv`>O4YD`p# zQZ~iaro2xoUsdkdE+8G5=<(C6T*WJF!sAnha8~sJcpVWp^dUgQZdw$P-(is6EZpJU z7wcAH6Ki+dwDf)tHRxR#={th6dUJ`s8qM|!OHNQlNE1YCakxTaxy~a_im!V$r38k6 zWDZz>DC1ewwn#RPfW+8G@wl8oiU}ufys9!}W3RX>@&>Q*e$;q) zRiYDd0GV4*`+)!N%q2^JdL zwC8c%UuU3Fe05L^4$!y?9?LkYfQK;28PRBla}S*P%I~Q}I|UTVl4l6G!5&4`0EG|u z683ySc0fJvkrZvqni&~uZ-^N}1_TCpM`HZORwNVIW(gU&WRahTsvT-(JNgJb8li*Y@^Lj-hh8(WJ`OKbcY#^KP&bHmg#=Sif zyV)xtX>V&c^&UWw2KG#;y?KXEHbFI|f^&?|;7CIImsDZc77X60g;Y)mMg|ZwP-hF- zQrm|du2nt&k2PVz83*vL8W6tV!4V^$0j>(O<3$%?lpM-g$_UI2Pn)RjXb5?*faC&1 z&U-%cS4wKdy2m{2C`JskJLN5kC1JY^tHCA?Iyq2aimXoMA%{cgg*>wB^vQuCYCGV< z=eJ{D%UNwM-9Q;)zPF7X3ivt$45CQjN4Om`vpLsRYF>Ic;bmd3=myK@PkB(SOE-~s zF(hti$&lbWTuS774*^m@aOxcGlGE`%A7WAE0xmOE5NI~U?=MseIeI#Tq?YRKe!vg+ z;8wWsfpOJ1Q%oEivSfj7m5cdvT#flOQJOZucti@cGwco&0jun(18jJ9yM*X_TsbIE zESyOee@uYz3^MN=*c8wgum&OeaG#>#P}oKDfY=c92J$NHz*D#mM6VSp6gbc%J_Nb~ zr!|lEvQr@I?k?W4n1R){L=JzU|;;ngr!qoJRv)r zx4T?&D)0$W$Nq@SQ>rsz2IEDgz`HD^`aJ}FEcsV|Bo6rw{3oP$A;wySHPvQ-a|A3} zGUu`|rzi?5jisEd1E-EKZ5JK32uX`>X8qU$93eZX$d_kRn_GIw^2+h$k6&KTjE-42BHUk4+z1Za|A8S!^9;0k-alO=|0# z9r)&ap=FB4ahdMaRzF^WK|zD&rffsz4nUT1*U09gusJB=Wv zjMIK&!fRtw#vERnmj3^kdk?6lwyted5szS{*bz&xAqZ(CL{TB6lY|f;BvI6agoF?h zNC!p5f&q_(qhN0+c2rPMK(Gsn2q zXScQ1T(dm$nQQBVl9WhfDCPkf4dO8c0r9E=!x@mvp#%nsL7Rm6vUQ}a;73F%oq5G zaF?VAA8-c31C+W5@J9(!LNuPnfO#n;Q-atq4lvr`Fxv6KTp=WKcxF&PGzpe3)Cb8T zqR3_%lxiYqewe__VMVZMAh(ERhWQ1@F=HW-tpM>4WRnbNyv!#sAPU(ZgpH34vluww zi-%ZvAwCG=2fH~;rUquA5u3ypY5>YdW&#Z#NamTrucS%Enm}KWXR`^XGSji>5Q`l6 zEMTJ1vRISGU`+G{?F&prWF+YUEGVO3VijB{p@(b$F-fMQAkqof@fFil@>mKBmJMOW zgm9tg78-Q87{pAymO*u|;82 zycv(t^8*ne6V&__WCgxUZk&XUuT zbYiql%>wiWF{t2~AOb+;k^?z702q*pH?l-3(~=M^Emz7&mWTv7_+MdhW*=h$A&G>R zN_;pWF1y1Vl|eaBt9Tx6e%!7)ID_ObOf&qJk14C&>~L=u|lr=Ig^vNg^m_plF3E0x_2DLqW1NWXMob#4effJ7w?Z@`oIq!@vQ7=&R9bzwfS5;;Le)j?eiNlUjRqJ5;n8oWZ76hckZ z$l{T<jf$2g#b8Kk3Ho1mM(jyww1LgTQ-hHq zRgjbki5RHTHYA1`jY+;*Vnmcl0}n%r2uhIQSnOz%Zv=8ZN;rvxF%jY|!f0H)I-Y~p zK!hlQH8pVY5&+4=bUtv9uPG5uwZOk{WR~-Q+a`+QGjVzvj4b7!Od~vjT4MA`3;;W; zQ(&WnNHs6bSE=J7(HWK)6A(sLP-EmoQ>ak^wJSUXouq-qMT+tgeRyUpJ~TE&jP=FF zbMZbQS|nmH@M8GkT+mYVAX*HfgE2}Uc32=w4u$nJU!IUmidP2;pqd!iKnY|8MQ_xh zBYYw>J;mjqTnXkFp(+meFG3*a$rFM>o2zJKz@*5A9&MfwMoc32#CVV{0B0oz56&n} zYY6gaG{FWK91nVCy3Qa)l3FL|)Mp8xKRk%bJOQGZfc4&!)?m|cL^#R}< zL$!(~R2B}_7TV1~szZ1RQWRgqOuz_(*@6f$QheQWEJ%XU7@`j6L9oCNQkVmXbSM+o zCx$@=4u*|QhAJeajGxWp`IDc{U!y5FB3c-4LeN$YWET|yN=+D% zo&X*;)VTxF8xkdyirEHJTxc{|#WaA!Pb1|?br$api4(iv;W)=~TQzzgoL}s)B z)DA5|YDy9$Q4-7+6+C?a)JAHF(I!LBf=^UJ2v*3pfS<+=h4)Mbfj-sq0fUNRBq~iX z6=*?tGmeo&!bnU|POi{0gkXxWL?h9l)dgChsuxyC(#4CVLX|}lr;{aEdW0oj9Dojn z(3cF6b%0a@xJgg~UyCeJMHY*R;YoanRwq*@as+0Qkr)#l$fO6rJOcg-QZ-CYLhFny zNjS(DK8XX6k`PTZCU6r0gJ#f-P<ZXF3r*6hftFEu(MQ{Z^uv$fwK<66|=?%6<7>ASK`B*8@ zLZ=ZBN<2B75zCHF5CY}WL{DG|2;nMtP8MhzvPK;)QN$s0F)D;Y<6?cxrm&tOJAx>| zSFRQLN)kB0&oPs@5xxR*6d3?Ckt~E9YldEfdPSl@?Hi#}K);hE(FT)|2nqCPj#fa9 z3h==}Avq271uR13E7xhUG9zRq!(n9}nh60_&0=T=17=p?%NFmd-(MAnjj)_LxwOCkVB3w=blu;=O;Zk&PW2q*_NYx_q zl?`PJ(R7-YWQnmP8MN>O@l2f=8v&Vl8Vg(*2GK||;*7)~7ARPz#SHardJt1`ys1aC zMg)d1Bjh|*LU4py4@D6{J$WMxcvHc$D1jK^lkRL4hDg8$07E5&{F-l^MT>zJ%C#H-^2Hh=h7$VEg`tW< zPr`9yu?4{O4wouo5DpLxiXy{dSpW?y zHeNzRW^_=ffrpKbXES_EfMsw1Yf_TKDNGJrjSlsd(6a+S3-@Ykj=~pbg;%q z;z^B60sx3TTnjxtght~?p;C$v8^sCHnF-N6NwALyBZMbW81z(MY)n*85cof^Y>y(w z5*7_iT8s!CKoA3pf(cKA5=NLQDhiYw;KKzFEvmrPr^O&1W|W8rmHcdpM9vlnVu8M8 zVk8&@pl4y_3I#iY6%mA!5Cn9K0BSR3JuPB~CMo1V-68{FN-3p?$T7arI-v@x&Q-9$ zf&tBio(zlmts#IcD&R|LT;Pr?LM<94%qfM23Cm4LiTos-5|haMM_Y-7(3^>&Iw%nW zyC7m7g*)fV3LIAsC{qkV!9j}@=b>R<&iBr6v!rAJ`|u#d=%W+a60=m`c0vzc@? z97l@}L30hhxWEL6;9=#Z5TpUI5pt{;p@ovwpcw+dsiVTP0cQ>I8L?RKY>`%Kb+Eid z&-G;j9Yu~68IVYkMho)AasmF~G1M4Kf=_&um;)Rc5J(#G)TS6?FrDZ_VG|HjLBi`| zpu7q%h!8O&*nlgrC@hsFOsIm0h{OaupQZ@2gvpHZD70@v667a9m%>7OxF|l4qXopl zz!Qd|HQ}%mBc!1tEMXAKBQY;hst();JuyM&Ympk{f+Se31q@E0DO8~aB^QOXGKL#3 zEAw zDx0iSAeuB(rV}&GI>2KCIr?B&D3uo$!@-MHu%t~uCZA&K@BY_ zn1-;bVK^ueiJ%~7f{K^&}?CMj`rl10q~yGXNGj937IX)FRVEbs?FfKnW;S49P3&;k%^s!Fhg!0I++16zU?#A^b?VPH9^ zY<4`F!!w2BIntPzC>%Kixw;zI5|Ah18xqmJ7`6|P4iYU)0S*Y~$nmkT+$c^&FhQY; zF`7%K3lR1oPLimhA#2UygE?e^P^!|Z6XGL`KuEWMG{b!pxZ!jIH_*sPz?(?AD3Lrk zDMG`c8U+Xrhb4k?6-686!3d5c6yPuWY4(}zN*>!Fw?fGL4xcgT#S zBr_f-6pPdxk%rF};ss$0B&h?-1BHY#Sf&_5I6XcpJXWD0`3U26z(7Klut@|Froj?H zT(S@$Ucp9K7=_D5oUgb*6@n@R>#1xGEOw&Q@n~Wm-8UL5@KI6t1SOz1V1)vhQW>oD zhX}4POd1{^Mn_bBSQy$U3#5RL6OH5H5Fm?8A>etkz*w~|CX|ABuOKwYz15(e$#|0# zf?S5yhnQd#gh4(9e&^DB=~~|~DcCdEVhLmc7+*F9Y9PXVl~{_@sMIOhh!iTdP|X3~ z1jx83L=0j?EF<10N$Nw8Ba@e`h=zp_biN_+5+O?wOXN}66ly}OS`|c!)tRLNRRT$^ zR7NDg3znn;Oe_mhTQCYdB837DR)_&=&Tu3spTcRCniwe+keZ~RXjoVVRzBiGcO|G9 zKsHqbOM()7Wg1aDj~1>Kvt*p4Kw?5XKr}cFg$l3%5`GIKh*WAYAoB@y0i-DqOTaZI z;u8~SK5`yDMg{VS52nN=sH5=gD7h&J&y;9s249&7S+6BJK}@BJtWdHAPa1;<664~?X(!aldUjRS` zqzeN<01*r=n862%IkJO?cq>>VEK3>#`T_YMt6sndKrop5@cFe3|M{m&{#V<;5bHVb z_woO68&PG*=lAjdVVm5u1S}l)>-XQ=fxm>|f3*$9{GYb}7M}mGjTA!k$i%PT|I;>f zBDgfr9lvGgKWszi{&UA)zyE7Hfcje=em~KF*#6bw|2qDE+{V*&3|Qg{=}1^{9s{F^ z6ZwDwhFtgW5%~XV#2`iR-&*uPJ~2G#?;iO5`)?8WUv2*f5djcEq`*rP2(!82@TPs03c1 z^81-haveM?A{|&{l@g@Y@e&=p7ww;2|MQFI{&!{J_d8L*r9p1=>unw2>LXkKCMf^& zd*^TQdg>%J*j%{h@4uek;w*IJt!f;2w~YF~9MkiwEJmWxN#G4` zJtzM<0lZ83KYR8rx$E7l*Z5wbGs7(NU+wI-#pUYPYv)DGgQwPF4t!&Oy|c(JFQwPs zm1D(hV$*BEA2zmq_D0KPnkDXH(QG#p!UM70cq%GSTa%qJvW7)62Zn}S3#Wa-eh;__FROK4GTbW6o zLo-?_E#%Lgh5P|6KPK`xHcR}5-aWnBxUrZ0hMvDKLA|oShB!X(onncaZLbs_qFx!E zK|*2YQFg^we~q0L*r%X;~oMV3?Gnze72dwDPk&`Pt z3%}b=&91E8;`7gyH~0(f{6~y$dV(M4R&(`X_hPS{s1c4LhvDec8*TgB^C+i+e;wG% z-eNn@v4}$9y5s)ZOqG?-oAthO-jFp@Qu5)}UM}L{>|eLu>*nw1I%9L~V-@mD!xQU+ zY$o!IHkVTeH3U%JOu?7e9S)tc@|tk;XqwF`)aZ@9akJUIRz9*??QWD`WEe&+>K8Zv z&t6pgOk4X6{*g{23F`Zy66cy-`wnn--stQoepN6m#<17geKGQ-#*|h-Os}|(%1_%K z%W;fE@gB`jw)u`aUN%J8+rDmCZ(`RPf}73v4{*!f$MMS~ms2Nfn^|`IW0!E;*&h$f z-wB68v))nh*)`4S6+FkU`4mb}T16=;f1}IV16D7`soE2>d#AU({I+a3Jc~mc`7D{S zd#-yxq{Av&(;e~?+u$#ul+{-x6Y$Q(7q$!A(%Pz$ooYW1wJPmYT+e}$DSNNafnJCX z9^cz(>dcg}`?>y%&9hq1T-dcBf^}}Q&BL{i-TLV*k6SWH4Jp;HyGaNgprzkB8 ziKxi_MP(>mrd9nywf+oM7N&78rREI1v52{68w}!6CP;|Ct3w<0CFQ{?Jk{W8@FV06 zwfRA@&A!(lc|$iJ3{aOXe_yfwnj$jo?H`V!5K449LqOSZJ4IhJHpX#ld)D0a+;f|4 zkI@|Nt1-6cQ01dgZs z+QRbtBo^h`vv)_vwREg3>sq<0@3LN0L$4kF&Wt?*`++WmV@F|uBaU}$u?^Lb`^mTP z=s?@?dp3{Am`Rb%Jo8;aZRzFswQNP#_&veqpI0a?Ge38YaNl3~c*1azkIm59@WASH z=AJ_Pp)GGdoz5Ft+xN;A=cYSeSK5=u_v&4m?y=`g{Jq3$Yu*w&Y%hME!Dt^j9%U|> z=_HL)YL`D@I3^z3XjeF7@+mu~Lt|k4ZsbLCCh{U|S&V1#zM1;zGFo=~5s&=5Qn$zU zZRf2Og^4z!gC4m~M-4f<{p3&&*U!f%qRi!{KrZ zzpkj?;9uo1730KltYR3d{02-=TQ^_Agi{<+uKjf6q}t7%xVirAeiu%MXXJp-15H;y z(Gtm{54-kDw+o#~zK>D9djdoFzzy`m4canNZTDXJjMYm$Mf`)d=a?&jN8Lxg zqjD)fAMG4(jk{2y_m3LyD$C#gFvW^rNnH6s$R)fQOrGy7gU$;0G&s&JWrK6u#jcuF z)2Fv%&FogY#PaN~&rm$yw30Yz~AO$(4Lj&lwJuDHE|=;jyJa+B2QmER;hcxW$BCO{`*wNE+nknUf$SbXV`mv z>Y{M-a@37$KTGY?g*HP-x2>l4<5PGb>w_~(l%Do0*ZX^~G>G=qjIUrAzH~WG_nO%| zm=fhall=!}=)+*g(rq5urLF_qvnxCJ0-gpM@oe(Vcg$tBY^V!Qc#%$rWQTI%^ zR&*uuY?n>$>y@CXO8VJvSa!m8Udo?!gDATkM7s#amtp($hW4pv&wIXb9a`I@>+5|) zYx5}DBeXH6^YaVvQeE=_KjavxC>Pr9a)*0;V-uzYHgNgnx|Py&Njm; z5sr}$$}T=62VHQ!eP#q@f62p7i$<9nIv0$1WvGZdAJ{NVX~96}y&3^Je-a45m4Lcu zl!HyI41HRkkoJx-WuD1&$0pahbE&ptY#u$Vb-4ZLeb+JT!nF#|r4g^JYbsuJ?B25d z(nX)W5B93o!3?e{+B682a>J=@?=r6kXAg%S%=%tRb&Sk+5&9=PzM1SY|EcD4@-ge; zj_#6?_I~>uZXZmut4|qQ-eli?^m1KLY*07m$OxW#3h3?xo6O<09n;1(-OBTd_Mzez z;p`2pJ-e+Rj6}*s*@baURlM>b`$oj>(EpHKpo)PbJ&j z^3W`u|KbJDo(uM^JEO0C6;h=9n9cA1tQ4`XLu>EuuP$beZ?Qe%uRr z`uj>|uj0o}j-;z=34wlEFVuo8p?h}CXKMvlv+HAJ$NARHLND!NP@?H5X%3+U0m;i}9G%mNEXMZGWA?L!;1A41?^I>xrujR~OB%ieNZK zzW0jm^8@AY_<960E6~PB+w%}L<4n6`y`XLCsbw8?S=f7=36YBG`CGRSh>YJ`5&~-r zUV4wpUt{&0s$V4Zv){DVpEPbm{-~?ZBZf)zBAsjsZ{)K1Jju`6x+%dyWvYiguf=*`fqFpEQR@gQ&J`4_5kDh#QR#W(o zVb(3?n800YpS9e5y*d5(mbdSVr<^=z^_zxrY0bWkG5ZXfvuEL7DBBNX97lPfg1?|8 zwL?mTf7pLWhn_ld^6g}&@hND>L(gq1`X@Y5xel|5oO0LS<=7LiIP(Upf7rLZBZfcc z`|i@;q3$w9{5a&iUmZQ&>CMxmS(nQ`8MD;0dj{fB#?m1vTa8&lkqbH`R(zkuWxLI-lP67f6{0bGtF)xAzDRTpiLw+v43^0)F{u zh?B@;!nHE@R~7%h^&j@=o%{aSd1JDX2@XLJ<=k(lm9YnBvqM03Of;o*nCr_)BWeqI0K#0!RX3%gbcGB-m{CVtH~{CZC0X;Vf|gn6@qE8qC* z&OP_J0eZOj++xv;U)QelgBI1DTl3%o3Yj<4;n-(uD)x5( zi?h;2iTH|>?B1*{bJ`@L&vJTvDt!HX#di1X2mSv0d7BPix*&=iZ^xtbyEF(7J-f%r z_DkRb`y0o4-1L_#;DM9BY|Wk6)35*Z?wgEW)YI$HqM^T^&8_#kcXj*jJ%~Hj&a=1qzW0Q!ydFC6i~8<=IB(3e!{~Uy z2s;>+l=wbt;m#n~-8B)*vF$y*)-@h_ZQPP*511tX>bS+wm9O2{!>PYI{v%`AKEID` z#=@Q)L&OWmsldj0zaoA~sHg{4g`*Eb&AeCa?@(N|qgU3GSCTiI52 z^zr(nr(x4Ra)T?!%u4$3uvTgK1{I-!sEjYU^<9H2^SeHr-f^jYJ?Z(D99G`Zx-O4| z^D*1#4+?+0gUdA^r6iXgzU)1RNBNvOyK@4_{-hNClC}XZI~WrOo0fvk?(@*aDea0N zgV9n6ZS7ve=ioWc%OCfy%xXSwd z*x|!5_fC{`sm=&J38h50eg|U4PD9;moqr)~6iL_8KZ7CLczxrPIimEqv*t@H?P>0& zO!3l59Yl^k)w&}}RNum?ySIJD_ji4$25sB>u^=2gr?%HalJl;a=#=%NaL+fVO6H+Z z4c3bC!nkpMiSJs7>t}YHwZz7@e?;Y++tbv%Fm+<6oKU^-(#PF>uJ zKL*W^K+CqSd$_y$6!95>NNmpCWV5*swPl#&gCo#CZgnx+qS=&3VXU39hEI&k=zd*L{zPFT+! z+*HhrZThqN0yFl<%=?}wZ_jyW<2&bSimp0m>|K1Eg?Z>&`*lrympZ5JD~H4R@ppO1 zKAO)n)WzVmik&Fkz?VFh>t^<3EnVh&?`OF(H$$*uN!NnT2k$6`89N^x-MjbiK@ElG z-O$5Jw{71}chB*1&RBwaXLcNwxoCoT0|*Pf36;Oi>K8kbc8Wi3S5@=^r;Og>_SVz& z2VGJV4$DPzORA@KUEb2DcL`@TomzNtIc4|kWc=dkD2wS$_ON^61&?R#9_zN>Hqqps zBM4>v2%+#s%pd#cws`l6P2^EWtre8Y{AmMxJ|EIzTir-*E)v` zEB|H2gHwueKJkw)w7)SD>?BeT`${JolW^jDS1%r4vw} zeeig7Cimd(mq(VK9q4&xsb5sXr;LqLg1fJs%0LxwI=K7uUtl1nr*v4AckmOeyRieG z4sR%|cFf3`UO8H|?fD>w8gY9gR|wN||$p2=#6y|D`zhVeF|wzbgGUKDTcG z!7&l4w`;}0%p88Xxvu*=cOzq>*Gp=VLyb#XMIB?JE|ReQhl0DIBXwLi1(mnDzH8hI zL(;;)z{}?yI72gJ!K8WSCgbB5W1`B}HQg_KJ%zX1I&Ug!Na9DA)ZR-hFTNJlciCP> zcU?BK4*zh=sE8U_T%C47o5@$SP?`Z_D6=-6*i<|>c90-?S|;mm`wH2%=TD19{CVPZ z{ZjP6r~`b}ZW;FL1(MIw$7;_+oJbvGh9h(l4k|E%hM|u=hOkG z1CK50{&?GNUP=9Jaquc$`I_OoTIb#1?c=}nn|GpMc6s4zpFx-J=j{8G6eC|%-Te6C zit=YmH&4xZGseH=>7>7BeyH7nK8M-KT~Jd~v#fK-{@DQwpKcwu^SVp`~pVR zV%-%#eb#%&J^cdKL64kmaSgQXomcls8$PwCO8oW}l#zz7iL9%yFO1CV?6)}Ux~$CW zbb0=?E`rmD|a&q1epjb8hy+`2Mm+fteXYV_K{FODo7nTokv_}cp|>RnPhqM_ysQdW(9e_IBV6oIErCx z71ej{wr$%6mk-%p-}U)$SpNl|*0`ooq@D97w%jQ!EDV0~_DeL(_X#t`J5gG^I#)kw z+qZtc_r~ixvNw^7uHJgu&!zU|NB-fu)pqZmUAbtJQ->*DBuz(ER&T|%9?sc3KWQyv;_}TmzfG^4;WcOH<(+Q%S3a+pY4a&z z@2o6&Y50xLfs&Hbq*grWybG{B%v* zUoIivR@8T`nzyO{oGYu!PlGz$*)*=K3Z(4(0B~_{hVuktZkNH(tiHoH6;$U+#elp z-W)BAJMn7J`^ipe?Yi1GRr_k&)_vVrF|UL1QFuN1Z~rSDgY4Gdm~G#EuYUX2KMuq^ zdDfeBldahT)2)sc_U-hr69M-u3TeZzxi7TtjQZYpWyD` z3*s8)a(4NBrJlHrLKP=plA<#FuQ*rVl63qy6nlQ&!{NI=uY0(L@x`fnL1<{`?n|A2 z%{$_ZYEzsoJf|9Y&90&F;sE!#+}(!ut9pG2|K;89_L-mtrsRHnx`q8ZUFSEqZSeVV=?^yUE=$EO>iSU=P%@6sn$BlU$p4uo8Oc~P_isR#OJv^uG zIZVPB+0feVrI{xw;OFgeYO5NOOpi;@C!W76?%Xgg(ud>xVr10q7aw+7hYuNzZ_C+= zQw%PM`(_yE<|RI@%)EAu_Wk4-(Ak(V)4^0#%@b2iZysM9_jvUQbkeHW#(6hMti!9} z{LTaHt?x=>w#9s}cvzU5$sdCE@wwV~ZefdA>ihMsv{fGx+A{x9)W|>HWxMv?$UR8J z4SX7vQ}-CO+z@cO(~H{13Px_-Q*cdDD{XC(G#-SV_EV>PUUB*y2y%;#zrek|J1Z-z zx4Ajl{P1bI z&p+)$JLMLbURFC(=W@5|IAewS$-QwoiK7)!mafyW3)P+=MGN z-kE&5{M3UN4z+#vO^Vs?+mgMXQBc&Ff2`Z9lT%P{dC}PGVF6>}!<(~+bH_JbE?rX6 z_~!d)&CZdT4+?W~o~;67`XonB8G#y2>NqoLBXj=-|EYnS#tvOeTbkJ!`}tIdwQcVE zhbbd&7M}awv>4{^q73orD~KNXAni8WKM$p#GM<(>A zOw74&9VHm@A1Qx!4!c<*WX0~(E-15>4NCm+KyA9`qB;9_)S2p;-YffND5vD)zWH{s z@b!9-nMGyhTb+|;{Xk4wyOvU;O?ZD7gUT~@SF#D)Umse!@X;l0cJ0*VLvKHP_|O4- zziUt5#(Y__*E;y6_pH|_NDmC?J%@Vwo0~o6d*bAc4~_=!o}D|ARWFWms{7-Gq3ish zL4&Mp*AA{a@XAXqgiH&;73jLynkQ8MR1-?T=vGh7@fwL&);x1fQ=0!8t=m#Qcr;#l zGBZEVA*A+^e( z?t=z^n2vQVn6tFN_6~l*D`pXxGvUS1mxwPkBGcI&=P{5}IOFGGJfdgVNB{)oz6G~>pKP5ab@Z)K8^uf4}5dfs`U{xsFv z))*A2s@W4z4na_#7tR%CkUl`VxbZ4Zg{N0K*)NI_=oBo&4 z4i_KYDSS=T)v73t6Hpl43j5thW!SC5U@RtoDG+599N2!mZ%XNDe*eTz+$+8rjD^{* zx_tAR@~1yzpr=kPR^UgM9=nMu-uG$wb*Jiaf+^R3dX1WCdPS)CHavr)t1kc6p}d|o zefspdB}ez|XaWg4I0_g2YWsF=3NwGp#6L~uiP;%Lx|t9^-}i9YH}`PZOK`OFMi0)) zI(G%nY1!>9**$afLi{~dR8U{tGU%XGs2`~Fj0{-zoqhBB zf|Y+uDYY9WqfM{wPj5_91r-_3)!e?Ff0^bICwscOy6`n8FP$#=k$9A{XY8@$*pfNv z81to#XO_HeO_dDXj*q$B?z&T}(Ok22^R}@badf z&aIzaT{;vste=O>Gi!Ovv$atl0^L6rZ?9gLIjyGk#7WQgx_SGZYol*Yxj@>_s;bPb zS~7L=#Nl(NB!OP-tOButTyFwN`q$rsk6W+lQ-{q&XAId`PHRo=4z848%`JixmgdNi zzAu8;SxpfI7p;Bxo;$jCU6&QA)avhfTdZD-nH39m`<|I`>tSD%F^ysHYEm>e>eEkW zX1{*j_BB?e>N@tO^p!R)L%;uBzInoHhZbIB{F9Bh@)!NHp$ z9DOt2)2`9<2k3$GrLK4HiHe$@WiE{jCVkjH*t~yXazo+y8w+fXPLaQP_!F`T!@-$- zhRUe8uxh}FTOXc}J&WqP30BCb-@uV4JEk2y_U__Jd*?Ug2QN}KrCR)UU0;ycH`#OZ zx8mOXCE!`O0C<%D!caWS`1dHz!884pu51!LW zTQqZVcmMWFld*ZiV|nP$Bc*hmOuX16dB<{dY0VvL6rRDO4`W8i&shl zU}86;rrTEkI3_w3o#>8oO`c?edWhE?;?>cnaGxlRrd|+t-kv%)dI(Xw5r3Z``)AoD!UhnH8AF*wG zC>J`v{?Xx-pn%x-R4H@b*yDLo<(jOj=rbOL17(9I#A#VQXYc=?&t6t77)090c|icY zSF`WQD!_RqQvjMgxoE?uewn@KiOXM(dKk_{Fz5Z1`2Zx^P?yd5aO>L8`(c+lZc&b{ z+p&7mzIXSM25;IJGY|ng!>j;@uJS)M8o_T54exyizy3yC>pwu8esl6ST$ZYR?W{*D zy*&pAd_zl#&)$x8IwZFdUPO&uKh8Oga_myL_eppQ*XX9%TiK6zl>@)4=62^BAQ%f; zEcgM5l;Q!(9-w;DX8((WrNWt80R*mSKWcPFr%_dN9< zGEqI&cu$g4yHMTPeK%sk>)~sz9x$6nmCX;kvv2Oy>_scrjDS&Cx%EQL-q9|e6&@$1 zzSYuk z7IfUF%WEheIVVs3JylJcfSMv%G3pLJxK4cH=qB;7ndb{mpB{q-AZCuF&uBFzdsDIE z;_|*}Wy#;VX|c&!a?zafAy2{jo-88}yo+RDvKmIGrZnAJl4_TviLz5)JqIYz*14BW zzF9NdD{futnqGOSBi3)4|DK2M2c3+aPuO0HKNI3$!Y`(~8wJ>{i*4bJR+_Onn=U=~ zx*ztevtzRNfElEvBTa2LvcWkmeRnByHNNBJooQiML(9ET>ITYJ2TN-PJ6Y%*FW~hJk6br3jlu_k$a{lIgRop zKG#Pr;!t+^4BVFp`r#+_NIf*@I7q-OF=a`ec)?~?&aL*ga}B8od{{hl=p%x%W{>m9 zUCH$7`SjNJabpn3G*39tGxg$NM^bIR=d0y*3p_)bXLg?3*KhC`>&HUL%w3<$Gx;;L z-`+2F*oPVi-YQhN3Pv%SC%%ExG+(r;TZ7$t(_rPlx{>v5FMY{}zW3{4FlR}(JzuJyW4SN> zu5Kv&e61r69H+0}tK8q+Ce4mu?L1sS!w<@~%u+Mgjl0<>XwmvljKYm_EaFj4y3Q!H zFAJh*^h-S_c%6)zyVR^GCXPSSv=cH^w0)QJd`L^oc{zpkNm4GpQ7Ni_;QHV}eZ47q z$q$h7lDfBtdZnn=fXP2UBI8A2+=7&y?>6yE=4KV>P#Gh$3$6`b^$+HgH|V1!r!MH~ zEtk}{;FRBg_v1vWWWT!MTF~QVJM8A&!&hA|+FU*?Z^e`i+YThIs84zU0JT%eu=EPg zoS~-BF$514U;xD>bf>AIO-j~+fu zuUg=BiSWqs_t1zXHSnjW8*v)+8 zkTLgkeQ0B6+N52j06N6=t8Ni}jr7c5%v;$x)bZ<1>#NlY>`w0IG{EbI9@T=qeR{G4 zWnvq4zyF-czn54tVB3MO3daYt0N?4YxQr&$iixJj=MNXgEltb4-{d+q&pB#oWq!R! zc@!i%1|RX<2ua5cwl6~{C38OEbQ|rf^E_j*y6jB;dN86yDRb2 zGA|95O*<3*34v*@%XI0jHGYnzTJ8s~(d~M!#x@2`@KdW)FIT6nIS?cL(gmo*_~VYN zW{^fmM(=JoUIMO%eiPq1FKX(d9oB`ht$#Rv-OPXays@y_I&#Ueg0ao_?_0tFqwjCc z3aBy26x?I#zZNVVKU1=Hbogt-;5&F{NH-h@JN7a)HT7~HbtdIleU~byu5g$2lAxZH zcQz}o!DaZ&^@sB6lN8X(l}8~(abRRo0zL3n8=DfF`}x|M?IqWYYxpl)S%*)QY`m4h zn0Rd6%L31K=MxQQUrackKwollsCkNYvG?naY-{IA zVqC*~BP3)T?v;%lT3hx+CIMp;Fq!vyT$d`({V(UW2K#|KQQK1EiaT#oYoe98Q${?r zj=Kv$NWxz0Eg3dw(cI;LSxmm7^Lja^GH3O7a2+W1Jkxf*3jA|Qx}EKHZ9#n~AZ7mN zUERmA+|`(MAGQqu#c&7x=M;xo+kF$B^ec+n?0EIs`WfpY23;Pxx8PB}+f03}hu!N> zT}Q8O|0vkyfBb}GsEuPS?au>ez2`ETEfvEw{aWWj+wSb#@$+`jB;O}ix2}&b?({p% zYd~Gv;hhZ#T5e%nc`4&GU$qb5+~WYH*WePj?8rsw_1hQi+VxRgPPv+z`iHl? zj~nx3+yRg5w|;AN*pd-c^@Zb|3orJTWL$*-o*T6BNfxqa`y%FlW~Twmlpc1}z7 z$B6N{S6rtHv&#VcnSI>)$TO4m_o}|lu5TJpId!DMxbyOn*I20%&o@12$?*3JGy}|( zJwv9wN?{$Y+IYRiW65WBy7GKlzF$w`cVx<~$-|$gDF+&xqefnvmMZaI$$Cdk=%$Ddd+es%??!GE;f6_O50B3Y5? z^Z1TmNt4BEA&SWXO)w9H{vaqzMNZwbqIuQcjq_e*o1VWr6%3)Pu=VINQq;9SA6!8H zY0l)A$L4AQ2#;zg%+UVH_%Mlec)Dk0SI#%onMlo+rGs)mZh&m#&(rnW-RKWWmrT9= z$A)zXs$7>AkR_iG-kaP>&HXrHm-W;9?j-l@6R!?E>VY6v*H$sh?6b>$#r>#NQ7b*N z=kQof8SKgBC4`0HyMp!A_}jenoj=!D{e}Sme&HiYQj7o__X~f7ZMy7l44)P_!7-JylBl`1RFq6@TkuSsx!&*_iX>zoQj6 zmfHE;Cgndk_8{eFAvs9|&Wzo&(}jfu01@`SwJa9@eQWa)11DWMXKMbyo-sj#pLE{A zk+R#{ecqE>&b75l{Hn$DoVtGn*W&h>jn{bdK84C~w>yx#&^V;|La<4K2)D}K_ZG(J@#-g803GkwoV+2l zz07X*)*$DHNR&MAvOoUayLq?f&d4_ZCTg!L1GrObsl5hH!{#REN)H_@Wa!Jjj(my^gxr68UMO87D-jHEE zDEmUrd7hr|V?P9riPa->A6(!0#!4W^kDd1lMyf(I`$FOCxVVPy38UANTf88DqDN&} zJ`KF=yZ3%#Wq#`L`_|2C?zP_Bs=uTIC}JS$t++i7a?HbzojOQXpKmPK?KX1Rj#tz*!)M(A9iGQOQgrz6;W?ApT|bmO$~VrYXTX%O z&GMgh{MO&yLbqlo=MUGExsFAu1y2T}9?;fc}-w^yJO9X#}pFR&c8)O_0E zQG>qtf!Luqt62^Df(jW9;gfT65n#-V$&@8)NBEiZ8#)e$skQ-9KcQSmIf?3bd+G+8 zkI{70L-e21r*O7?$p7}F*z`BnypO(q{;V@k2JYJTHA|jb6H?mOW|#-}v3#g^?i21V zm$hk^AWwVdZ1(8)0~UT8v}HY7Rd?tBz=b0o#Gsx~;`B$e7Vnx{C8f74G=F$yG|XGij~|XN`rbz0U~URY2C>{70ExlU7m%#4CA7Zb8)n*s53gNU+qNET-rSa#t%AfCE^DrKSv)Go&zd@Rz2aTOwu`e| zcS0iHr=f5&B+h45=AYE9)GtK6zPS|_0Vs&m(1&kZz273ZQg1lG<4CUM*Gk22e-F#s@tzD-C`j5ZXWkTLn5xq zwsx$&XF;O;srGfJtb=ndD-BA!Fx*Zz{06163ZbTvHs=R`DRy;yJY?3lKYAD|%N76` z)!kwcjwcC zDes%-H{O~HBQsa+KKJXIJD(g#2@f@%YQrr&yhA zySi|zEA4#@4pi8MP41Z12TwwpZBN&?@+sz;ehz8CjqU8WGIvS}+WGO2 zbD=w&hlEi2m43TD`&Z{8@%>=vZ(zHB@T>n#9&qdVmM? z`N^bP3rgIxk50%gm|k2EE_*bucFs-5Sxd{T^{C`;>3JWps2`h$-#r*Y`7xCGq=&6m zI>Fzu$whT;wQccaAe9{-b@%cx;H?d9ru$ZxLG`eaEd#fu(WhW(E(bTNLv&bbn{fgulKNOz6{elXw10=M$TUR;$<~N>iUce8tqrshf6`Bxn;g2R*+|&v~7@ zwDPkatGg^dzwyjwS5zFW&&0wHoo>2Mvsnb?rJoj}sE{LjZ~oWYUHA9?{eIv7=ka-b9{0!Xc)#AS z*Y&!_^ZC54<8FVI>%&}8xz&oT{O4g3`7=h9^+dElP~0Q9neHoid8+R{9l1iyz*}$$CeleAx*N}ftEo+-M)5^d5bG}ETYi=!^cUtQ9#SaH@D;O%RTgy&8e`h_Oc_#(fNUxdd@zG!= z%QygN&Tp*F4sXBpzC9MJyd!w>S#8XrwhO_jBa zh+Tb4ZfcW!F~di0bLu^lRnj5R+OBHnPQ_L1jHzv=yYesG?H;+t9ag)`(XEbjycdp}eEUCP7&b(80Ji~)l@y^U;+0Ci)G0xq!(8C-GCNXlq z1wka3{~=4!9Q1`M;|i9?Zhzkb)x}A*Q0io3OD}biSKrCJwwHTtRtN7i59AluZ~Q(= zuyE)1<2XTfIg{tY4DJOt8ayVq>m_FWg0PkIn91VDoY~1Onjdl9!|ozEb>7L`co*T; zQr{BdPQ&F7=~cxo6*Lu>m+jt!2%!xOmi*L`*($0N?3mg$3yqGaN!TaUZu~AXSVu*< z{rX^9EP}yt3*GtVqFFtfplemr z3Hz?==2rgAb0oU#9kqN*x?}0_VgKE_rRmL2_yEY3o?HedqU=WqtK2S!(%n})6>v&7 znk|!{{foKbmI?MfBJX`4U;b7OoWF%Y%nUB=D8Vm+ST)PLv6GAYRd)h+Nb16wp>hJ~ z=rL0g`BR4N{qIu}r=Au@*1hFM$G^YB*LWjj)>qiIqpqsr2BX#YeXOkLgT8NeLW-+Z z$1P#oi^kGyvs@N(T|Q(hTU|1_I{z^1?t-?ao=DA9nZbQV3L}10wTAcpnQ3CVX#LvT z>eX<8tlKld5tY3;z}hn3%-QfDOlc%aJmd0>XLm7ynz0|7Jnt%~Py}(&&d$j#{++1St+@uHix}+9{e*pYnChlDaKGw>e%HujDt#yO zows;%LL)ILCmdR9)zPBjZGfHEMp8YUNkGoq&iQrH1ditwUm) zflas;Pt@e}{Y=}b#Wzn)>6)Jdy$rMMVUnAMz(MSY+k`_v=KT(Pu%e5ZtiUMC7+q+; z9;u$|{;n;-qM5GlvnVD?$$-~PcmspZj-s!78<^lujvY_ji0e7+nANhrIScQc!9xUz0_xWmiqq@9w)2UZ39xnbKc==b1 z(&n#+&KXn@sQ#hAO={WExc8W)uP?6K^jh3u0Oi#)kSWqu4E<1VJ>BOrTeoWYp{G-6 z^Fyoo3Pz$W^pqw`sPTbI9J2F`^qDQ2Pm4-VWZzu~Kg=Sb1)xEBS@ZPE;hEws(jS@5 zqTOe!`fjjB*!f9=>hd37h>ZksxfNPYToX4tbJAhR(d$Gn$|qS_t7?KgUTes2P;UEt zMgMCS!k{_BNZ}W`iVSS1r4UQqh0CL5LCM8cm&aM3b19OY8v|LgyjS~!o1qm{ly;c7 z<|yWo{99Mh+(z;}CfAQ>TC1-4ZOu2|Bi_=?zDmdG`Y?VWuy&$hXZhJe&G5EUcm~mD zrn*_XH{f#d-#nn}#GSfQX$shmMnFOAY#PI(eL`68Id?B&P??v^zA!IIg-mKY@U zayJB}y8G~cHj<+RrEt4^Tg=dU$>aUAzru+JT1&;xO^wma6}JR^B13i(aY;So`L;Ii0zC zXN4L4r7*)a;x0Jcn4G3EY{T}nGkbh}x6Vnbg-6_$E*~4i=`$C&K6Af1-TG`UAg=yb zx?}&XU|}W;Y`i!v%0tMkqJ?&X^X^XeT$u)kj3nZy37MU7_X3HMu2054J`~vASa#!I9`s!ujL8vEU=+Db#6-v6AbcS; zkB=aHVfmyraqQF;l}#Ns%jyRbl(ZJbB6p>(Hytj_9BOPTo%%7(i{ghak7NAKgq~Ay z34xt#vpuxZ_@F6{s{aJz)w%H2`5;Cz^BztUpN)5@+lCLILCv zbXVjk}Z zof}e_e7>8df$GyK3fK#cGdwz?_1iD+{Mb@AoAESlFWRLw{kqaHz!TD<5tN+KkWIH$ zlinQ4=|{w5ac6KpS_QwgVl)2Ko@tUl(3>APQtuU|0Rw2(K$;OVQ8Q^_jOPw1C$#ub zM4Bx6b^nYnx$l+@7^d~R{_Vxo++eb@Bkhi7kSWp{U%IMyeY2O_Q#@s%J zY#zs*yEL#$w|?`U(ALasLdHwHLakl0!F~y+i6>zp0Xq$2w82u=W28T(?^a|$d0tEY zN=_4cbCx#vAmdn`+}uhzkJ%K)owM9v^_p&{7>nhs6CAFn)b6Po9F6&z>~4(VnU&>W zV8(|eynA^`%#PW1>rZ&zInI!r@5OQVa`vQu=t`RYg8!D~o*p>;IF${{u8E zs|HN4E&rV87|^D*;HQng#+_zfZl9Kzb+Vjk`#Yt5V}2@%;1P6e;tg(!ulI>szAPgH z^H)P_6;4_`{`-%A?NyQ%fQa}S-(QnO9Pbj+49BdFogI8DzgNy}OUbQ~{Fw{zr@!VN zSZF$0u4Oy1>Q6V7%6H1!NdmV;o$w>Q?cK@4_NaU}-s!L3Pzn+AF+rWFbHjP{k zdZ(y8sG+e5l7d8Jck_@UDKEyR94ddZGka@7vBzut6F!jtRe1pW4vpwf8oHr6+=Fu- z%R&3pg~9!Sr~doFDw!0b4&xxJw6r*a11ip2yewik|}f1H3%hRcLKh z$8yP`kzS;^Y=~03dZuWq0FqC#Uulko&){evb@IPw(8tN7jigz|kkXdYLu z;Eb_h{$tuIWMkZr1ufhbzVoDEcYAgW;_5;P3jh>$fIA-o#T+Fg((~5NS@Fn&67oeE zU$Bkz;R}XN&n_8AgxGJfIT5uVdI`h!Od~*0|2&^Loe;e6n+44~CG+N1r|H;VYgG(8 z>kLj`t_4^lrwYNVQk47BzoP)Jx_$SYzOEpk9z}h-CerX%n34XtsN1Fz@Xvz?La>>G>+~0qg-@=g57MugOGp~4WCDbR>z)JeJ*<8 z7rTVqhTh5YMvp|5kH}Vhta)&xn2S`D#lpnqDi(i_|HV@dfE#AGpWka&JN=?-_D4u} z+`JPY9nb0D=$?DWcu*v(_(}Aa$DbqScspv>Z1ouL85pt$o_J|tDEH?Q!Gf|SOc|-d z5_hA%+09-#im&(Cj~KD9GU-i4s?Vp8mcr+5eHBk>TVgfD4_Zh{ljE*M5J{j24P_-G zd_wvNk^5vvWmlr+STh{L!!j-G)yyC(_o(PXteD-l$9cj6Jo+es^eBO0Lc4emjf2~R z=ZX`}IuwjmJT%GfVWN}e=gqMhtDAH7)cCHl*0ugwtZ4*Mj+QXnuv@=1!nu3f%<)(V zQv8)czTMufD>|4b8W^jzp#}B#ULMKE5xYvXw1k^<))YB5p;@z{BWSOgZ`BC{p2a=s zmt1{@d|$@ie8rtwd6K-Z(2#SY_gS`zjGCh-nVg_%IvQV5I-K_+*kRg)xO#hET-{Q) zuIsSxYOB)b6c6AG3mx*aEyh;9eB&8z2ClNz{v$HG@O^;_u)2uzaUyV5r;9P&VMp@nDcp>uuw{zHr{&7A&1s8)adqF1 z1kK_<=L-`YED085D8jLV7>&FRPP=_!_LM}fFyc&AUQO>gOfRt2H_8{L$~)!aCk~0c zQsKBecgAb}J(JBReQEc4A?}p(Pm&OXp{$9;k+N}hs;_+PgLr2WP;)Jky_b26FS`W0 zDWku^{1Z39A%GWLyUtLwrkFb&Pqpw!vle3(Sb+DjYFDFC5N( z+|hYG_rdJpJ`BG*Vux-NLBCt4z_mAQe0eq+BR>-dskus1Ea&Xq!=%w#^W33qKesq1 zIBhdrLg*`-ybLisEYY>UbJarSdKGupMhx=3*XDj0G_G$gcBbxZZ^~zL`;ybsq8SMw-{SrrZWqPhkuDjD?&mCaKX(v= z)zyvU!O>zJZ{ECVI7_Lj6FNLmc9h`Gi#z0ot9zt|;pv|m6R-kU!XW*9Y0XT(0R@hE zy#qnLcyPN*h03k3Tt+gKi%P1}-Pm38xx4037CzIJuIpo|FKGsI?mDB<>R5}rsb%q` zToAQLWVrA1gGcVNCq2#FuzRd7AgoDCVkaa{LkEVvsAOEY$LwAwr+G(R;?nTzxMppE zOx}|v6$yF|rSxIS&2LPWKU{_tY)nxpzAequ^~33A84+#%M1%W2&+1lOyOmE7Q0v{E zC)HylE-k4HNw%F~p<2MrKWal*7X^qH&lN5^)?K*!j7RXEmc*}j5Vv|1XRJ24aHm(P zp0J?^mO2y|>`ua+oiAU@6TqazErX3iRWX~2-$*F6#$P+IYJCw@n5kVf&@TKGS&|g! zCR#gp&+WKtdfb6~#3lco#cU7SXa*TnvId6)HRj1_FO(z35AKAReRuxKvO0H`X4J7C zwc!9OeTormUM|e^Ftg_v8-ysq4sQO&I1wRWhR%*Cg4@K=@&<9tU7Do47q&8>t2a)( zZ&%q94(a2Je)E~5*E%v}I~>@DeiS%dai^Yr%}W+`T|p?A0(Zuy3CQKBKEfC_Q zUHL;L1w89x$^;v!-Z*3+H4n=b=pGv)LBg;hwg0z61d+zJf8q7yt+Ka9A)lgnUPdSP zvkh6DflXn!ZxQ@dl{OqnTMlNJ^8FL+w5TqqVU*XrHIyEtCDSxiu{&^fZcR9|Y2F%8 zInAC>e-ukQ{j&ZVuUtSpF;3y6#NHj#$~i!FK?mb=&el+7JnsV&Vf`9DfnYB*9&tqV zRk_ouyjK@&B+oXIUk>`qdBU?)9#ft|AkKqPFUA-Nnc=oHs;6nEeXAyZ)2^>O#FwcT zLYn8_4rqbsS60$ysPF{=U5&k2zy7O!jkq%4oC=_oL5%W_r&Ze_BW{>`vkXqpjih$|}li?Yzme;gJ%kBC#oL7Wy4|bQD0jHW)4xcG*xABf- zCq}(~8(Pj~ zX>z49(?SL+YuVLrZew4s$0lcQPuX@9pn4GSe+oZY zTK3Jgy%nA=_;Sd*2myP#Zy$Qy6hP=R3gr z5x)(;bhd&Y#~`%#0#vcBz_X8S&Nkd>V*xA`xCB|7?;E>Yn+BFPxU}FrzE;%-S0@K%_Kf!g# zYrJ*v&hRv)J?4S`=D={$)3F>i3mwPpbs_T$(lnWMQ)I!kL6{&8NRle0P0cnk6MkkVst@k$UjNJ_>L)Gm;#*j5( zF-y<nZ3VY(w$4;PuB*jpwB~YnY-j?_U=}p z0zivE4GDTJev}>qBEj@6BPPbmZ{22npUU=+p}o+PiMKC$X8s=R^3Zan3L~o(Kz17}2HYxA<_F9KX2#f1DSQBB2SK7gWce zWW75}vu2A!!j$Y|UlrFZ7_t^0tm}gf|i>*w;Ls?LRZBL38XBSC>U1TCQv6c%RH8x1^}J{Yae|41P1@{rNX# z;&y1fycfYw9oMk-^HBBodxxx%_=u~I*TPu(OiKz(lO-OB7e5jhxpYvE{Qhmfl|I|d zq{I2nqnfxMUnn^5cF}gV*sP#CEO}YRa@mBkUm`9(>G*l__&Hi0jh5qu89zVM$Uh&o zJdvCr-l9S2I1o5Cs={1IbuG(4kq2lyC3+A#W zf69kb)I)tTtbgdTGcZ_*+h!ziyP013a0DN=@~6JWUdcMZqPkZfp1ni|*j5WhD_F&8pTL58XLP4?Aw!-SMJK`X?xI zc-Gyb3X&hNE|~in;~}EpFmOQDbs!u46&}q+ME5((At{TX@%UU#%?prZ2I|nM@Uo!O zDX5n2tH@%OLd9=YZ{_yzeIVXUOnw_F-;W)Oc*kn<=?hxX{u;6LJ#{Fj?^1lZi*6iE z1d+?95IgWEKx1zT!BjG2hKnV#mLLl_$I-{x9;1^pFFvU+roO7+;Agm|JC7jvu8=*u zGhMt`dg#y24{A#nUE;-`P|QyLLo@`0CFx?AbSDHaVm33|=Aq_nRo30RLk^6n$76XNYNC~MYowbmhkznz2hVs zFbopGZ5yN(0Ki2(^-k*@yrd4#>o2l8BgW6}r0QaVY=1TdM_v_%l`;o|RJg+_=&O^@ zpnI>o2jl%5c17N>8J*yj6_BDZGOPL0;Q2xW_xmfqi=NHgWUU`d zF>iZ*^_?{Yn2tIm!ydio-mxo+C!%fJ=U_IBWzS_d{XPVovY<~k>hKsw^%^Q~S7dnp z43CMU{(Xj){X*y3b*4|UTR&QiV412a0rZE|zUPyqn}90fShNVAK>w`Z(zj~2F^FU- zK#%D>=lNlAXOIuPT6Kp1&bsTyL}B}*hfXKnh0@$nSOHpEe!y+mW8fBh)-dp+nMCmz z@XLBgQ7M4?mK+AD_3jj=#tOU_%()PA`H8tI7phEi@DuFLvHzb`Bm>PNeDXu|OiY|e z#)YqiXIg^yE zaUY;ceSZxNf*SuMDEtc)>5dTYPFMEIt=8`DY`Q|o(Gg3_4_o>2X@{W+G6<7PCj}s% zZJ_Q*(8|f80yRy5|Mjqa$Y*vs;62n&R+eCQDY$Xql`mc4X*5*gXtadky z35zfW=&88u+?VBaB*r+IOBW`=s_S zQ+gZxg~sF_(@-Fty|ARmzGTTLLeAH|148BF6Sx82R9%&K9K|i9FAl{=?E{`N`g+6m ziW{yC^#vNvfEC{QZQS6xkO_j<^Ggb)YCGbtMJ__XOuHha)5%-kT$1oZUh4ggFH-tySGmP2CGSHpRw!t z>u1f)YmT#dRnf`5=NT$|e|<zhFw`$=K`{kLxQ<4`^~dXP zp1({$_dB{=y&z|W*{nOLc}lSN5d)Mwdq|P|M019T$wL}hb9FL6`_Xtyg=uGb5Q;6n zU!o8%U-)u!8k6yA`hL2|STQePY?1Rt_eW4Pyd15hA}B6Y#Ee0U6wh51Cf zIn1oUSJjYzl64qpxCv@T1lkJ+{70AEr1>S3QAmQ{!F-U`!i?SvP}Ds}c8?gC?fbHs z2}^?wtKiU~wO~;m(g#o*4Lit#={Oko1OPx+jTSwKVrlQZ?VJQL2+*Qv-PjIXg2R1y z;hr#_liv5KF5abnU@5ro0)Ug2>=MJ0)I^e)#p@e^;g9n0I$B3RBOn_VflB6CURc@TFBYKv9 z&-AzghXAXdQLOQ95GSJ3i{Ka3j^lJknrmRGsu&PZ-fuA_6-!3TsdP}L9fw(kZYDGz zkNguLL!&%_Em4U^@N*Uy>)?lHXf3XOm%LzstaT%T{*e4cE$mT9)=jBk^51b#sItoq zhVlcAMDoHQk`jW^fG|=4`T+?Bf;$un*+8xs$~5M^=LCF!F333XwkzP?+DMYs{|Qx} zL54`|pSLM6C!^g4x2iK-?`wlVd4Ag)+6o-0b`sF#5N4#9aJBwnCqUtGD=j`>bjAfs z!jWjcHyq6yST_9X)bH&MX#Q{T_t(^;(1veOjOq3kRL9zH?Lp>Yl;E~dvL{s@sbWT8 z{z!ba+qjNgCUu;<1YZj|qmT*L+9$wO1H+nzqoZL+3(Gm8gC@`cx|53kcYO}_{l)D| zrMwm9WmQ!hPCe3ksMf3O_7BxJyWFL>21-lgFP3f-^G3v6t~n-`P+nTr>J2c_7-jy+ zJi&(QvgDPcggnCceRy!@(i?{Yx3%p@M~j=IdcYtrAd?6Sw0bWoW+5=7!BLjC%mno? zB2=nx0H+)2_g2t|jcGq3eHQa>)e_5$mZJ;T5@K}2RHU{My1Kq+&;Y7Z^9-RJHU|q$ zIN&ff*go~IyV zA=qbhGJPAX%y%s~kD&ljisHAk)iaIh|LnFyAVBl5uxtIBBfghrRq>2lQ^u^dg5olDvoTOxzMjWlH)mZgs}070^P4W8Q|H}FfSl@ z&aUB;4Wc`p9BGBIcRAEZppnDkWA#@W%U+IVG6iZdEQ{nj*UR#2a`gS;nVw@B8`JPP zH?ifOTU2)1Jct)Qw{~YDIS`bemTqY>5=f^$Gs<hbi`>pZg~_ z?w?g^L(+OORk*C=jkFSZzYriLLj*|HkIuO;*Y>~o1TbMHikdY+23H1dZMG~;0Hu#r zX6PUPgW%XT3@5$qX|)#xDXcPhplu|v$$^_Iu}Qv1BK{>U*<4G{HJ6!Q6nJf0^jn1T zJ`f)8UvTT>xI)67eEA=u=rQ_V#*1N-spyZ>0oN0l&inliUI?LI^pyl}!tBHVO5^b> zqFf*}2MWmRRZ7i;2x2!SaxK^PxE>TDl0eBuJ_*_MwG_@SKi5#EDVk@UJd7$6{QSii8aWJ_DXb>XRo4?Tb`*Vobx5)moRx9-Hdg4{s>ESrtr|wGC z6(eNqrCOVl8ECvj#sBZ_L!KBkllyaJz2w=kaOx|({j<^qw>{j=AdH+n0Sh;xTJWP2 z1R-|1;yyTr2g)2-rYm+kO{{qx4PIGn-u;|w7W5pjsRip1 z5FMIg_dv%m5&>m*AzUGlcxc1!3$QiHV03vB5s2?=IG+3;Y|^FE#mL0OM`D^k@Cq%Q ztia9#W&a)Wg3oI@HBo4MccUpM)n|Uvi1+c&TUy35 zIU=?c*e~#!(sz3EfiQ32HS#Tv2_)kGO4Qh+#RVB7B7{uYu3 z&=17_)dE0mdU!iY3PRJ;J(Bm=M04gDkp&ash5qn{_&z32=0Dj3a)v_xzQo5BOQ|U2 zu9K+*&~A{(1oFqJFi@^#is%ARY!U4A0V;L!6K4Xhy^yi_6=959eL+n}iGb1Fci;Zk zYh8;+%V7qSA0?>tAsnKc_E?M6#0`RhgOOGa5 zr8YcCYP;#QL4pRKN!x_Vvm zH*YF@b6h4bN`VYgPvjJd-`(ZSK$Qln1+5=*)Ib2*ZM`||yYcq9#JfB4t?&1`lTqa zqf3tGVX}IX_f%tl&O-L9#*B+P_o|G-jTBjgj*#f5tC0Ob!^OZMpQkoX&98(lUngI9 z@0J@^TJe0yZ&OL^mf3b`3*lVnx2vHAqZ5VW7b`~?5B}QPJ+Ei{MY6ayglg>{@?(2< zx{m4r`^C!Vb$I!~%o&4Y_rwhO_3j-;w;ZeGI(8K0&#?c@BOlIW?RxUJC=uSPlvfX4 z&ANa(Ge(9Ex}6q$>fk-DRPCly$5aorC}5=<9Ge{sI1RGT7dl@2Qu_4e-Hq_2C;gSH zHOB4@bq-%j*{nnkA0ca{JFA@~f2VY-=%`R1y;~KYvUcs-!<)4)IQ=hIR90$hYKA_R zfv-Nt`@5^fqU>G@T&Sj)M*VFHZs)XGh8jI zMTe1zHsSo&RO!!#XGuF}+1LXj*tt>Z0hLzV1P&c6(e8>SrON9=WPzAF z9v*F=Z;!VVy}`$t37=E+sY)cC2|CdFI&hy)o4nveOA}jn`xNTANUAz6o;Zb3Rtyd( zB#*N*6yV=CXcXR4!*qfWL_y=R`&7$On}RMgkSaei4IO~dd?<2hJgg};kDDa$AZ$QQ zO^v!ZQkJ6W^^@-N=g=woZeWeua_QKUu#YjRB3?}RGamOz$TxUZWHl?kx7^2=?-m?A z!mO!ALRLx1MX02l_p&0_;WKNO#eO7Ssifvje-#)oOfES7SWMZzggzRx=}YL6r%a+( z!G(wK(47tMv7x<~6;IqT8kM2US0f2uIg6ZaKD}861KE4-01T6DX^Cb8#+<%Dk#b4@ zb^o(CI~u<9LnLIV7DiHDIrGJ_^Um>h**AjfM>7MKGyQm3!aFu4->q?>T;zn2_mcWob8EA8`@lVSvp8@Q5PBOMV1S$gsaZIW=2 zU$y2@Ea6o-TC6Co&^=S2_k!igqERm~!wXB@=@mPx>mBKvmtE}4Kl*;{Ky&TR2hif2@Bkm-O$WVSZ{PRNio#)>vDOI@i;gh#EHl#Ft z#fNoHmW*2R8_hm)zW-U@N+qH2NO;Gmn_`T^R3@qIXo6P7>}kVYuJ4MZy!hGUX0@I# zF8gmUFN`J{u1rZ-x1iQ14E;|)r$DKX#Rg!4{6MIbA?gobDJ(!Z?FUa5bHUg&XQHPk zu)t#gE+&HlLuTo;_G}nNKtE%VA&rEN{nmtBdPfH+t8X}!gl>e9}uIYymQ3&zpSo}gmG`uHj8Sb^< z;&^AOdylE+&Sb-muF`6CXZQ^qBBk}7LfAP(e6e{G=2$EMwbG8TSb!}igAT!BWyr_5 z&pJ_`JiL^l`YtsoC59U;n8AB@gIlRIH}~qzqp!DR8N+92Bx3?qyy1M>ra1k#T=r-s z5@`vEFxTJkpFY{g&eUzPON-DsV^I&%jJCNS@5TTtOhDk$Cxuxj5bcNpaG;7{9g7MGVFWHJH zxVLsz8)hehbY@rUSL?F$mVl13^_nP19gPz2xV=f9c9X&JqeKH>#){d4Kn1yie5J-H z8sSzEPVi3Djk0AnL`#jxo>Xx3nJxwgNE;CMNjIH~*<`=BL`{Yg6hIYXdU4y6$8|^h zkGJ>4E7^ILv&kr!o-6HXK;Tio?MbVesfBUnT`$w;R|4;Xj(sK$)aO=JL*A2?biVJ7 zNVgz-aVUrP;{i=hoh_jCM4;a}1&p#Y*=ed_cV|ZYqnOq0H~S56%S?GX%iRUK1tldP zZJxyw&EnsUqXaofC*`-bBn9)}wF>agnKw~1!MXCBbppu`cFC1gV5Bl$JF97{lEwlo%k#A4g<)@wp z?IEeZ(rnR$rqc#)sFr=;QTl~${CuN2IdFs!=ORJQbv9BZovy^x?xV)!FLQpgO)T(L z@-Gx&M#Z<^Z0Tp}r>h1o+iQ5qhTh16#-+=$zaQsW1Av?2_^j>{;Hip82ZDvgG9Z)V zDQ{U%T?t4W6|VZKDm92bFFRYim?7i%Xai)FuA3H~KZ2e1qa1LK>Y~|dIWpwM+Yx#d zp=ro%ig5EfWwhr#XC7{XnrToi5dXpAx$k_W6_$qL_kzdp_RJk02b_BWweX@RK*Qg3 zFG6sO>8=)$ zIZ3`?KoYKjTjUstq9J<$PTY|PiQ|vYPSRo1wM(m>2s*YlI~0}t!r-yyW!B-2w(vBM zlYZn6MSKd=h%f{)VkU2yz|PKIDW9^yQ4BhM^4s2&7_I<}k07DvB`dm-A`~JsH>HX0 z($@RzmVKgr_@kFAMHE&&Y@fwSTNUDS4#>|gkKNu3KBiQId`>fnBHzhb?z@x>``fumTQ9h9u3IQM$rVEeffxA0{l^;$L{{DO&-T!~j1l31Y*`0i)R){YNWS!xk>-9%J{f6-ElLjWd3pT6EoG3ym9kH(B~0q_5R@!hm-uGMi)WX3 z2wK>oXUt6$fnTXiw3mbp{Wrd6du&wF;0KK-9xW3@8-}4ba@dD`V%N8R)tfL-BCSF_ z^u+XS6*EP?3a&Ck)vAo{=0?I%;V)gr-r3&2pDYA%ZoRH!8v_-fd*3(+McV6f&z84= z(7^pmYB`aWdbuRntm?G)lHIEJ{70z)p(G4KopcWki9nxUJow+QbVKRa_T1yAsRS}04weLryHQ#v z!5xYZUpYm8Ydh6Q<9eo(8kaa+jo);G#}0LhFMdXS1Fj(6gN95Z!9R(VSqpuR?%a zaXZzneWMSF(u6>Bt6gBv!U@F?wzEN*@;10y5l zO@B@l1!vMQDnm`SOrMjH=Xaw3TF;OiI3gqpsSM2E9n9{p)ryj7NxUEpoT7tYYWuc5 znVaeY)8DQqW&s{<|1*Pzj6i9kjjgb}jb(&P#xz56<8YwO-viqB2C}Y3U6SyaROc*n zP28eFP1HwevL3%+#P!$jXWtGaA%BY01#vr&s&DGXjBuS*{u|=`kGhhRb9F_M(CMoz zrIOGMTDh`O1a81%mc>shqUmWE&4!)A{@3M>QvRp%<73Lopdx$E3x$Q-kgx`XfV25W z_Cluy?o+rz$H720S{0m|L>d*%{&0h1GKE0_+<#r+m1Ck3`;lM}fT3sH<_o~Arm{7k z$?^O94$GnYHNlP9!|FffXHUEF5c;x|y|abMddA8iP01`d88D>!T8&JrA~Z1}UWA*# zoF<4*I|M0zg}t?VjNO(D3si|JB;ou*8?a9^qOvhTD%(iylx;de`~M`)jND4I$bQ^Z z;i}myuv0GF_R6TeZr>MeN;^hk5Ns%&fWD87A}nbjTcS1qz?sDh+WIx?x^Qnz%hwh z3PmysCxAw|^=_pz@>_ zMm^`dGHq;)Q~ZFGt=6pfDh`lBDN4zU2R~zzdoe?@<}qCzcEX4-OF>t%$><{gM-M3c zvrAe07gtR&9ZU=6g`rFaxFDmLloZBQU*7cFNP!z?2Y4}M!5vf!NuWy9#T3a&wy=se zEEhpNdHl)-zup5b7`oN^`X+y`dh)0WPI9x@>O@z1X3y-ThODOR;+r(Cvv3Lj!3)kh zpM93t7v%lT4<> z+D?TL-Jm}?Q6X(}20d9dFRI1$`KU!)V9y&yi~LFsvq@Z^5+5qbf!uVW+dcRA2$vDp z6+^hqO-cVclLLW9rXoz^=*T6Q0Avm0CmTB(sFHMDC;WN3?o*NfL`p7+(*MJdmB}N7 zJ|ufaLvZg<-rd^C5&Cet#qH{&^uS;DNygYN@{5(Y1EP^}+2Zg%G8B>fb*JP#QmFk| z|87>?%N!d8NcdL3vGqL^_dXn0i&XK*R(6@Ga5*~bQ-KAQC>!<1;adC)&| z9|>7C&+E?0Z~Djg-BbAien<=ZLzIjJo;D9YY{d2hGyDPTe+xQmwTSXF09vd;VwL_l zfP}o8A50NE0bQm?oQof_${sKxM_dI3oSp8UmG-g*P0^4-q3lG~(@^_+hJ*rsFIeEp zwj1RipycSzQ&JLgt~fd5U7pZ{QNu5!@%;JIA4MO2ut>!oL$IfSY{&bQ@Qc#08+4g3 zAKZXV3kXHrfk3bbtSlb(Zx5;n(V~6(1_diT3_m%5vL_=$g<<}{6mmxQZ=ZslA*DfH z%;2EKJ(V|iaK?@uucVXrkHLl)& zy;v#FgEz4FG;qnb*V2i+v7v)nsAkog$}ZRCxKPWkr(?@Bg;UX;#(_85?H4ZSVa5DWl{pN z0Jp!6VBIFMdNP3;kU2@pIk#vO^2!=})f?ldC<-#vTpS7A^pE^5KKKyb-=(6CtIB}A z1O$-6Pe{=Eu;_Rsej=s6W(0~F>KCr>q=5@om&WL}5zGfBqKuz0oFIb(I!e~#{{hLX z&y}(_QIS&eYN_zap(a3CY;n)Z@JfpUG0V6c`xX0TutN$xbIaP7v_$O%l~ZzrMnq4N&2QXsgcO|4y%B*-9rK9TSA? z&{CpGT(pStW$`ZS+)b+Fcklgh;c;8Ef}I+P!5zbF;%LgF$?)E}81rE# zL5JJoPVn}=WMh4HWnB}UREhyA=l&ucOp>pdrQsM2$qM@H9C8LYmCFzb3<<$!9haIAa@jcE1WMW(+kzO-qdu7Xc%8?-(VjzAjGuBz z9o!`&tNS*;4Mh9rC9xvO39e_(m=xRFzN~YlJ-$85%Ns0H!X}@m5uKo&$ZsS4Jjy4_ zBZGw|^cPng6B0fTd(5( zg6Y?DGdeXc8b~-@$X_lhD0tsm5mDhTl`iwq_AuY+r@SK);q$ktDcAH~Zx|?p8{cG` z71>u}bwUj$?5W`DvVz z9~*;$0c*f<>#h=24CLhHZ9qk(g~fl0e^OqQ0rLI)cG4^WaGp7e4N*~sY-xFzVrZ#KdjpPz(lg3Q9Vj8odO+y-v+QsFebtup#|Z)c#$ zvS@QMc>3@EEg^&k^Wqb+>$dAt+HF)W>0?^jFK4xz?D0HfQ>YeB(l%KIp>Y+Qa^}%d zUVmk50?WAsSJe!D$)a_6LpU~N?G zrroB^;*uV3pYu?Xl9#zq?*MrO0An$Xq-mbdyEZ)3B&;VmGLtgMO~+L-bTutb5DLUf zc9ow@EoI2MeKTLd)?KfuPMR=*0?!U==On7n6 zBe?V0tHTR-UD~xJy{MbcY2$)ArK}3It4wN+OQr1~bFE;k#lu=?SeZ%MoBRauc}mI4 zp?>nkS-(~Jb-)$I0F15H_EC~d$j@kGFC4p^{ji^}A*<}O?`HMO8gC`)pD(hM=axDm zQ-qV90M!y~zFYpKaN@%)D_Gq(RqHD#t?)he#hiPw^Nw?eYj~|m z+8Q9M1n8!{xYyVq>6lUs19e z+rN!x)>c+LkQq7F*}g0BFNgii{Qzrifl2F^%>loDhV%)S9vR#P1_GNl2i*ZyAxBsl z9S+;iB*E6x78XoxB-nmbNOevouSwT4#&+gAU5+qu7BW<_>xs=>3LafzqsEVR+3 znPnIJ6m7KiQJ3gS7JQHnLzkU4<9akQp6MoV=VG37S9&Ruhhf%>C4%JlL9gxQzGe`& zje_tr8Jcnk;T1O?fQdL)Lvx(Xz^#|bv(Ophlnp0j7NfAB9Q zRm4x#E_Rd(C(k33(VC)|kw)aw%<(Lr4x6_ysFatTUCLkRGkJd}I~cRfPl;n51+UH@ zAG({V(RX*cQ>TKXxA%0i!)Y%K)%C5%7!MsCjXQlu|;oaUbr zd3xEME;QqF0@1iZaH|CD>{Zkv$P8yN>-P?c#KBZ& zW9bqyMNnR^ZUdj7B?4;k)jov&F;rYm+SD89o?3pN zp>31do-cf2ha}Gm^SSaB0yN4lhj! zKAD=Xqf*T4-I~DHJvb*hf6~F zBvB+}r;=TTvXsf1r4-pKdt(VB+0!P8ETLq{*eanc$rRdT3yrdGWgUbpk^OgGV@7@M z-9P_lKkgn%s+n`w_KWFM_6H--inCPNyOrm zc5auG2NA1YsBpz@Gcr4lWXp*3jHmDjR}3ToAF~@pxGzuhY@b&bj`p+OBa%q9lu)I;+`c8j=vaCp2h9UUlcX`GVtYFC<*1NX1g#n{EOA7hjP z!9`dk)~|!M+$ePHkAkAb=4rWJ!CRoS5%Qu6gKA!6bU$zi2Xjk6_jUq!-!F3+{hIZ$ z>8CCfygtH1d(zdvH$vS^^G1xzU0b||@Yu^9CXvr3)m+w4sLOwmF+!T~0$6v5ncuGl z{QaMR9yqNAN@BG+i=TyNvI#?b3d|k^Ki4I(n;&gM$K%kkW)yes2>-f1( zfhC7|L#VEoD%(04k~^2%32l6414d*wu}US62$+3?x~=DnC!mtryOa5=j*SsE-UI9G z9Fw%rE27Ia_4Y_sMB}R+Z}+?RADan(nEhkCc+9WP?-ee=J}a;>S{cVFZGF?{(S@vn z#z>SB-7y4k#KI2m+A()Wq1__CK0L0+*-^ zx`lc73jVlvUNirNfhOi1L;g-|bTHG$loJoNzdFcYk2!wV1+t*FgNCL~`=H&|hLGfL zfA4J2B6t}$Sg&I=^*LzMsqCu_hxrqB1zwH18zt##V&Q!}Yq~@hYbKUB#rI~S(9yz` zl$-lN%e48T-KRxN`s@0^xZmAFI=RH5hO{nk1yRi@lpe91Z*A&@Qb5!Xpx8Js;yP#m zJ0T4r2(a-?-JldmxLshI=GO^MQpa&bQC#}N>854~t_VY)rV|&q1jX20K$VM&zu4+fEU0igO>Ozn*ZOoM zw33~#iCy@6P~eKF$y0Np;D2E&H3Phj?qIOCn`1m>n(%OqKQv= z{y91I$=-s5oo;EK23o^-ZJ9d1g4k4zSnd4mT`8OM&)d!dhtYN4;@jMi==1nr$wp$v z^?kg4T`&<{#-EiLKA^a}0%LUldA>A4*pzYKb$wx}tvlyFs#W-=x@|+Q_uS%j?Wxe~ z)fS;pT0923DL-2yWpn+I%-XpwlZ&aFUk#lI3B=stKG+!TZodhamYXpru_iP)~#*5axsUGw6IbNG=!$J7eQ|CXOml#C*>#ULArbRHbrq6{H5^vthXaJ*= zxaIR6+FOvaT>-CH%fChw{?Tyhve9QX#T#kmJh$$Qv z^%p(9JD}p(NqlBBcXXp_fd2)nC!5*MJCv7>Zma^%NR!NmCd+`1tk21rH6+yn!Uyxg ztJlBtf4EZ&Q?IOcOoBIj=UQy(5%7;mQ}3!vWr8B2ynW2a<_OWPW5a2pB{`+05}8`_ z!<P@xaPE;PJq{bLSyTfl1~|0&$A8uo6iOnonZ2NW$W;I zw~M)|H*g@M0D1wsAU543dfG#)kwTEKqT7i&l_B#TPfxU^9bxgcxE8eWS9CYhYqNnw z>@QwDUrS3Ng@10I_aH7tlO(ZvL4%z0&B*0;^3laISL{Ru_4wzg%o@zY9g8s{2w6D! zbx5)}nOBWNY)#nb`fFP|+%t&_zsr?lq76+d6;FF0=m7F55nXoq_nqYnF048NFRuA{pG_$&x5TII^t5x@ zP?=qdG`(mhEZ90Hk!D{}uc*Kzzd`L}A~9qSF~*owTdOuH zyr4(qp+Ow-`Q^#}8uz3@H%pKubSxVi&Lns^nQt2bY)g6ZezVx6`sht+p*tG#PTp%w z7z)t4C;7Hm+RWwgW?*h#gpQ9hjTrM;70a0{w?**kjn%@q1~IKoV&vj_zDhezdJ zbZngjG)RIRz0h`oQg(^T5g`+v7Yg4luTz>lV_7hU>d%T2i42Vm4eW+@wNTJyJw+la z-nWmoH8(j{2+}#mkZtxY0^(FSX`>9cU3^RqEvsRws94!)|H9M-KGV?U$x*ZR0qrx# zuEu}lf}E|&WfeDSW-W?QWVvo@Mm&imn)UU#PO4~D)t0{fK9({+K?$H5BxHJ04Yl`7 zy=xkKj7f5<+MNrRM>VjU`0!H1FqPiCP4{R$90Dh!=;8J5@NkdeTKd=rHREC=X zePUhEU>J3#<=Mmdp4ifbG#@8v7V~+9;DfrN8=hC?J3q+zGGEY`c7NdEKtrQM6PEXM zp+d9rC-1?6$IsNaL;7*M79=b=DK51W>wT#LmcsZcq59~?+u8a1r|L>N`R5(KI4XH( zc{Q?Y#lx1vr*T7J04EVA2cD%_N8YWxM#13+ZBssTFJ2(MfbN;)xu#M=&^ixI$!Mpn zq)vc%#9sqm;`dzeT*xS`JvDVOqk6&wiD1LEMsJ%=Y#xcqF^zPK#Kar=RO%JTKZ-6g z3~tOinHoXr#VdfH?0ga`asJ3puFz5I6ZnIw zvbA!ZO*peMU43U>b$Nj3!w|Gp*S4}s`2nDw>`r4#h2w+sgrr7gtW$wAl)ED!Sm?~k zAD{19wm@9X89#HE8E{vh?j}NaOk90ueLcSkOZRY0YP{gKj4BhGITwRh-b3-C<4vC? z*{}yH1K(qp1C4f1|HpXA5W!RZ_vsnGlrq45USjcXqP0}UW9_DGcdyo!5jXs|^Cgc!uE_twOD?rnHg#EXb0@hBij;zoOIDkd=}m zFm=t-!$baUQ`(qs2RvG^C;x6?47=jYbndZS=fe)_#m|jP922#s=rX6pS;svR^Ez|D z9t}SwDbxA_WJG{iQf8gAl*%X4cfaUFaJC1w9eZ#6uoBI5M1)CU!s{P*0wB2hM`#)d&i`Vss_#9CJthD*mT(=(>%=)&UO-v7au zJ2bu*s}#khL(cEW=gle@L4HTV?KT~homKF|c81;7g z!$+{@WRwrr!man=aZ~a)$ZXv<$T|F3p1~Srz{#25iZf=@I1c&Bi63cgGw4lpJhStB zr{PVi<4Ff;_fk{frnFiXttz?`(ovOn1W@KHDyi#ryi}!J4WrD*wSh}4-`>7kxfK5Y zcMh$p1oeZo;$m~UO*hTW7B{p9tTI;!U}tatWnl0nIt> zpox;>-``i4DxSjs%FN3%=&wx>)sERao)a}yp-sccwwHPFJQm9uZNKOV*&%!3FhwhcE zpWQY^+teJ&JcN}G+K3Ae4l}?9f2o>O^qR0H(yndGpp6VOXomXB3u@$c)u}?T&4ia| zZf-8lm~{nzpEH`2rX73BUpd^qBQ~p<_R5dkDoq1}DA@xC4hA!6$pfUkeWoYUzB_;H z_i8cv;^ifuDTlJ%Kl$`=)MWb6%@g(G^yi+s;UVRidMbTguv%j9JvW*?y8|)UY2(t9 z5BD9+>T0SX#H+Rm>duFiZD19yfX3nsjVv^p<&;N}VG1LQ`%cA$8oCOp@ont-N2mrrdX3dCx-vfm0@L*OETmFlYKdkFr z<9eIr*ukWs3}eg!9}^|*>1eJCQ|;sg+xMev5wB}(PV{IVNu00J64|HL zRVM?Q3G$%M?KfuoWKml{*MM76BuM2Q)l*;%+pP-)T~rpl`?xIZ9xK$-_E9RP_TuE4 z;B%;v_HFYCB9{yg{#}L~&8DHFUCUq{hAOI`);@d><*(H;KUDYTJk;o+(q%=nU?xMS zW{fT87{15UaT8lD5#^Qllc!?GM*n zf~w{MnBqz0^4rWbB`d{SxKzpyEnZzi>!yOrkWAr{wD3M>{~qW&sj5L#v-7pfAHw`zmZIjQ&v41eqD6)(y#}tMLJmeINv-ZXQ9k4KfX{{uROos2 z!CE1xfgs^0`!-Oo4g8Hz2DeJf<5zGE!%3B^zve*%^cEys za<9EPsm?ph;-n}5K|QxZdN}FxqvkC%aK5i@zpOF}_1?Sg*O-Q8CkO6e?d`X7&aFw| zhJx~T5AE<3ylM9qURLwh@^&9)1;RaoUr?wXe#Jk+?JezY_#b`~0BERXcg$u!Ky^0? zwW7?98XjvdqnIQ>Og{cx0Cp-A(1itg!~I}2$K)}TAjL3NjK%3_+wXjvj^)&?jN|KQUc$P$eFd4EfYj9 zC?1;@|Ngxjlcj`?U~AL;WJ_j{1ZEjo<|3*xd9xe132t`r)4Z{k-od^uNjw#; z!%x4AU6f-6=m{#T)rPb2hVO^nA=}4A&(sKDCX>y|yg2$hCgnKBau1Lj2XJFsL$`l(v531)#+Z09w3{FysvvrtDWp72~C{ zj^X0iH45BC_=sJLOG>(_9zMO_gL*4P62q;+4qAX4A#kAUQp)S`IqXDHou9=;ZmA>C zjFq*pYdB|7bqO~=B5n0CD7O|OR<_ABa{ zHtkDzY|t_ADs(#^r{l{Ac;xT|Nx;AwBvqp9lDyPROyX>kct%BrU7iKz7#uF;4VQ;q z)t`QwN%b4T<92FLaY_w!fr3JF5a+~*iWi?Qk#xN08<50Pbu_BZ^ZjpVqEPwuv4KsM zYCz2LfuYk5&JGciwTZhPxQyGhI8N5|jhF9?HnQ|OdU0tkJGbqC+RdeIrS3;5Hbs50 zv6Hn*+BcXu_p~_|UVS~)y<8ckcSu~FTk(YLr+a**ua*wvj&d$#ind`3?jQ$al4}3HtutM|0}yW0!;DJN@2mcd$Qg z*f1F)DiK>3;BUjB;HW4eS}`G!;UuTRHVYJ<&9pC;y0r(3R3c(j9TI5j0XUk>VtaSBDPim}E?}8n`N!` z%mBHq$+OSEfP99lE{?QvGKvS7DR-%5992*z|hBUss0Bb+Nvq+)I@Y&Er}p2Ep#&l9QIJl&zUf3`kddg<Gs7_LhQO1TLyq^_^LjHXLLqjMy1>8juO9Tm&btJd3^Ms5W6|={E~e@p<^dN z-FKJ1>~@R2@9gM!1n;*=VJ?~z_O5e!WZ>3&e@v?CvYZA6KQnu{?g{5imuJqQsc-9~ z`%CqpAz4QCzS6ntsDr~VBOd;R@BZ_zST^~o{M0M#5(WUNvrSm~N8y>-Y@y9;+0Xmq zCYmymB28UpueRysHCxW#Nw6v0@~WCKAi%j%BB&l04Vbj0t3G9fO zf2jPt%n)(sV5Tp1kW;7z=m+$?Y#AxJG=9!&94ewAVuf3yE&U`fv{#B$9u8W{_=odF zr(GOE|5*2b;*hqk&{9m}J6l_=1g1|GUYN`p;bE{g$7iiD91yU{{F0IeZuWG)@4|D@ z`Ry+{=W@TRaaQKlEu6Bgy+@o3f7sCM0I;l^aK(fnM&`G5$UyB=UAZBYwDK?dx8?^_ z8R#kP235^4UxzO>?e(5_&t6M3ym(E8A1nh#(w&9j10di>L)lk%*6|Xp{D$B5=*d9h z;N~$kxuJ4`_RlWRH2>#UB7Jan?DlzZ+yM3!cN%R^H1=wn2yiE-PKEv#v;MEm`(H1G zm83L6s~E;g{nz`^TMfCZxMO^j+f_xLUTRHXJ9w+R2N<}&t|B0&)~X!@c(>$G3@_18 z5GJWiKt=d3kAQ;do&PUhNmSBnGb$F~|0N#EdBXux=tj8p70`{(OZ)(?HF9ipAlM0a zd^GSgUyzWfBwQrHk|5|*yFSnt!D%cfEA4M-BHLvyt}P!F)W=m~5vP%#Bcoc%`%M`< z(Pepj5c4BIn5D<37~Y=pO*9lnsT9)MrsggG)s3P8p^;_2O=0A8!_6vLP_?N#Yl3xs=;V}X@$dpZGF0!4DDl8XEc}0%BjgW{4BG@@<`rb7 z7-^Q^n~O;T-VDHrKu5@P4o(Q6ao?9oc^2*++YSPC4G|uW(9pC1b7v+|l>+HL3}d2A289-4NWE!rmo`@)q~0&icQ$;{TJksDi_Fjg~eS-WSc)R)bn1=QfBOa1b?I7rC(P zH&fN**^w2bT7)T`{Wv^vJ^B5{x(#cXD_AJ5CO#ConyPq#H$D0cTW??1np&Lc6tL_X z;nal$i=kJ^a;HxpV65y7~p$7SaTfu4V9?{+YYX6`RqsDbZ0*EGKm_ zwI3eh)M0DwD#F{r@ka*2FN5bl!WI)_1jv!2Q-AxP(p%>>{5@s#!OTWhNU$gn6%RyDfYGW~#8utFA#+fLQ4|aBPv1 z1fW>x&!yUZdFp(~NQ=0DFZH^{-mT{_KFX@*J|0b^x`>Lfg6#Wzi+S*d68SG)yUY%T zULu_@DnSJ=Bky#5L>AISK}<{ef4q{~hhG7dRtC4CIaN z<}CTXX14v?4GWC6%|TKAV(^|3u@QvCCy;!485`eQ(PmE0OuH$oVU>hU0z?lQtC^FK zAt)Xfpr~YIiZW4mc?Kp^B~v5TIS@nNl_}U-B8hnBs0rl+2*pn09Do#j7l9HDO&o-Z zpha09@GDu1*V#RXqN@1>w7sYXie*=35xb@DacJRr#i9!f*mPidVi47oL+--EvcX~J zb-~%3z~|LKc9TNK>Hc;6*Vh%#3OG7KM1?T7!`XtwXz50!7|&g?&#lUDE%_iwDbVuw zfFqs_I;`6enh*8jh_YYotcVcMNq-)L0Sw<@eS7JFW}xyQUkq z(Fn^X4?^eh54%7Segdk?W!!mC1g`=e>A6oBOVAj=bCAw_DS6z^18rrbsR)W2z917n zTB;}aoffs6G*kBY2epUEFD$HvP9*#w@OrjaLme+5kQzvf7WC}uf(|oM7WB++;@M%m z=m`6TUq{pTi7sR)FKR-&)^4SYLlqbvuigmMGNS^eNsw4UAL>!5zS9d+duZ~Q7qE1D zformD+nEkT^ezGnf;HevCIHi1jlj)F4mb^pJqU+@=nP4qX<#2s%FY&t{bJM$8zyEQ zliW(f-+kxr#sgV97jT{xrJbzbmVDk_+n_tK&njzV$P4xUb+EU;Ft64TPI^QuucV30 z&tHKI`*w;=d2<3ET_dI^F>-yEqh^qcu|u>@O}lQK?BjGyzzEjT-DW2UqL)-p4P68{ zO(hVU2bNv|5K_U;Pye{gdqM&f-AB75_YnzQ(4HdUk%Vz>YC2}PDF5Od^f--xbd?tB zYFd$e8>6nKv2Ftka@0}~&5D|2gJUN~?DHVrnp|!>Z_Mp7Xy{N{Uw5ixpQw2WLH)!R z8JnuDu~JGvU`%*Q_aMg9{^Rdq%VmPSt%gjoOZ$8q#22+@y|1$0e0{<2m>}FN8tL5TQ^v3B4o21EC zJc3hRtvh{cF2z{`ck&8Xk|2cF2b@;TOd!>=J{4-kr>5L>HRG!v*Hh?f1 z9;^o>CAqx<>+u@HOw1T?$K3!R`clF?QTP7P#+}fJH2>3s1A5t@$+9!J!P|bDbF}@o z5m5He%x$vpDVi?$am0ugfLqmAd_ligh}eq@<=EMeR6GTMsLX4jmD0{&B>K@}pnC-~ zFtXA1&{=Y%yAq|pr*p5L=Ob#e4)_}LgPzGClhW2s-Iw@Vhm%g>Pkls+ zGP9s_GFp<+{i@Lfdp(8(MK8h*`)z(BDcN5^48Z56R-Sk?`&UFTD%vq<7f-${$aOjH zId4_6FLDL+BS44yw%0sN3=!05?XAeew@{uUHqc%{r^a#?+Zd1>V(%@ZmQx%D_y@vhMgGoD~K*E8uvSdn9P`E zE%JKWv4RV%TE3MWl(F4bIl+>3T1-npD+3D2VOOrJ)xiC^Z_D$m>L{NY6-f2gvX!ac z8W&5}?GmN4#tw%EFD~D!i{UUkX!Cf%yDHNEtfKv;5H7ieyy}5pnNmzoC^aaJh(AMB zC>u^0dK^KnDx~S~G6iP~e)QYmBGi&yWKF*k6+JeW2Jm~aY1>}Zo45_0H8;tIpkrq*f7 zzrU?BCg2_;!KvV|njvelgJ^yi9W9~*=v@b zRz*y|zq+TioXh<->j2WH$Q?|7Ksc~=h|vINFpIiz*+4ItNKgW*jrK#CO&DvJ^&|c) z4qLx%zX4|~3N3E3e4#^!=RB9+6wwXf=T%6C9kh%+uP8!Qy2U;v6!m+*==AvZaOP`h z6Z{`MjJwT@r=FOzY2XeA*jwY8|J+%YIbtg*76(=^8WY~65-q7GSyd5+(?!1GC;v^X z;Bf&B81Wv|&FtXu66nm4nwV($(vGh~TdzLo)Kd&~9DEv*YRwldxpBr>1sx8JXBlK!ElFuX0d`I5!JD$#)@bsp>OW zj*8F8sy>1y+H&GWy(~r0k*@uOw~5sv$n{k2z&_FL5=0Ax37xvu2+2nsDPO)Qc((>#$=h8};}f~wUAv}A~_qd=1RPD@BhNfGJcvc?xE zI;qFjwEu#b(PWk!yn2nniQNIm>!2#2Gw#;eN2g8=Z$8#it|Pu?uqx+Qo&jiwB< z#?3V>3Ctv}M7rSG@2UNlG{{x6*Iy!0Qa_pA%t~GQe~gy_DFB7lb9=;s!*=$M=U>K@ zzmGP|gH&AY5?A^@8bJlIiTFZg@(hrZs0vda*C^*75~PmrHU))XINzl{ZbtFMmeqJ7 zb0fvqxQrQaQj6l;%#y%`t=*dN=ki5a@2P5AW5)l;Rs0ow6E}nhGu23D#i8oPR;cU0 z24bs^)TaACXju{}9Yh^7P~8LfGeZbTk{#Ln@?)4aWuAG7UJr=9AAzq|9w&2D1ZBFW zMIqn!;iL%*x8kQBhqb|BL84i$(!_#-du)w_v@9*>KUqutE*Q#)p+pj7=Ww1L{Z2P;iwM)W57flo8Tb?pT=e6?&RA?LMMtI@3A=1K zR5SfoYLQ?Wk?`iQ2973N{-`i?-*sUIm8z;IY?SiYy&I zCaX2~Xfj9wTu_D&r-eW`#(+)2f?u0WBBo3`Mq{8p4d11nIJtkASe_!Cm3!!6QA@+& z!u%InSZs*wzD*apnnK;eNbwGD!~V5nuQv2uB~R-imR&V!*x4JlslU3iYjtNa%QIty z!9!sQQVn{%k35~j=?YnbVm$2WOqPWh&6V}SG;WZ6Dwe-}D&9ceFHdbat4m}>i+?Of zT^B#2a*ZpuDnG`9lIxsbo;%8>AgFRt`!2fW4p45nXM}evd&!6x_*hP$>2)gZ%=8nR{GSv6zv zN=Wdk1o2fUIgrr+E42pFF!M@DNo51Q6o9{aivawE6DRlAj6g{PebNg8fE_+s zt6TXL1(XAzJg6~E|Mg0K#ZM`qAoS51+HUemUs2cnY{X5i^`MX303by!#eiC%%SjDT zAwCPBC-M_V(GzzM++>T~^ouJo21!mlvisC9O-Z@0yp0d}Z9eRVYSo_#$;wBW=;X-+ zQKJ)aL$bMrN-q2?Z@A)LHr`SK6mQ57AM_Ezl>J@5&0whkp`(>CNo|nbFRNi-Wo1i$ z2jqVV|B{v?|Lhv5T>-$`nj({Qck!7WE%_JGn0n5Y2cnUzMUqxz#M(Mn z4R$2RvGQ9_sW3>ZP~IH~=(qC8dO?cT!1~v>w@Xw1dK5sn>JMD0a>UeU2yf7@-Qv_L z&4*ZJN6C`Us}Jf!vR5put99bRXOOT(vRA7k@PiyJSsqT+kMC{g>Ra#zP)9b&{sQy` zs2`+)@D5p9B7>6{&%OF*LD1w1qgy4^Ax$*u@TUKkm9|m-!2!ZAln;M`I2Wi?Y>Swp zTYZu>)Xyl0a}}=oqpMTMEK22Yoff$H@z3MeQnY??Yb6A3{6qawq@G8#ji>4^t!z== za80s8$P21M2$CmV9j83#EIj$}fvUEmqu>}$N)2{bS{;Et4;9X+Z>jMNbWbQ>1%(C* zyKLdQn820QxgTVCR`Lb8c7tlNc7N7(0}|LcTuT+$KpJz@;rStyHdVQ$WwVbOb#QBF z7ocb&08Ie}iz#OqzQlpYIEB zf{Ok<;5b2Djl+(tu7*wFnq9MI-APT%;gg`WMtPofB$QN%>0+!bNcK?H8tHvf$E>f5 za;Ew`jWj`2jlk8>oj5 zj?gVG&!x42Cgf-du4n!N@6MOvzvbW5t@UU6>3%tB-Qv9bneQa>xs`gJzxK~NGs8yM z5gaB#u;*Bvqh7cs00S$V&%w63F%X(06jRP_o=@GEU<;wJtA=;q(fSYL>UTfD45{IJ zLc~pwcF@Y2%Y%5H08xIE(~b43Kio|Q-H#t-7o#rTn!tGQ*+Km4#{TzzHXaf|i6H&P zhs6AuK3#AUHE_DB56&W3FnQ(zf1}C4`4W#-Q`bs`7fGTEDr6+rJo__YzU04^knlFE z%N}lkj9kK(&$g%kd{+tmjoT7OT(wxt6}!|Oot|M#ZvmN0Qynf?@Ud;0n% Roi*@3&7-=Q>?3Ec{2vIvi39)u literal 0 HcmV?d00001 diff --git a/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf b/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf new file mode 100644 index 000000000..b223016ca --- /dev/null +++ b/modules/net-lb-app-ext/recipe-cloud-run-iap/main.tf @@ -0,0 +1,152 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + hostname = "${module.addresses.global_addresses.glb.address}.nip.io" + url = "https://${local.hostname}" +} + +module "project" { + source = "../../../modules/project" + name = var.project_id + project_reuse = { + use_data_source = var._testing == null + project_attributes = var._testing + } + services = [ + "cloudbuild.googleapis.com", + "iap.googleapis.com", + "run.googleapis.com" + ] +} + +module "application_service_account" { + source = "../../../modules/iam-service-account" + project_id = var.project_id + name = "application" + iam = { + "roles/iam.serviceAccountTokenCreator" = var.impersonators + } +} + +resource "google_iap_brand" "iap_brand" { + support_email = var.support_email + application_title = "Test Application" + project = module.project.id +} + +resource "google_iap_client" "iap_client" { + display_name = "Test Client" + brand = google_iap_brand.iap_brand.name +} + +module "backend_service" { + source = "../../../modules/cloud-run-v2" + project_id = module.project.id + name = "backend" + region = var.region + containers = { + hello = { + image = "us-docker.pkg.dev/cloudrun/container/hello" + } + } + iam = { + "roles/run.invoker" = [ + module.project.service_agents.iap.iam_email + ] + } + deletion_protection = false + service_account_create = true +} + +module "addresses" { + source = "../../../modules/net-address" + project_id = module.project.id + global_addresses = { + glb = {} + } +} + +module "glb" { + source = "../../../modules/net-lb-app-ext" + project_id = module.project.id + name = "glb" + protocol = "HTTPS" + use_classic_version = false + forwarding_rules_config = { + "" = { + address = ( + module.addresses.global_addresses.glb.address + ) + } + } + backend_service_configs = { + default = { + backends = [ + { backend = "neg-backend" } + ] + health_checks = [] + iap_config = { + oauth2_client_id = google_iap_client.iap_client.client_id + oauth2_client_secret = google_iap_client.iap_client.secret + } + port_name = "" + } + } + health_check_configs = {} + neg_configs = { + neg-backend = { + cloudrun = { + region = var.region + target_service = { + name = "backend" + } + } + } + } + ssl_certificates = { + managed_configs = { + default = { + domains = [local.hostname] + } + } + } +} + +resource "google_iap_web_backend_service_iam_binding" "iam_bindings" { + project = module.project.id + web_backend_service = module.glb.backend_service_names["default"] + role = "roles/iap.httpsResourceAccessor" + members = concat( + var.accesors, + [ + module.application_service_account.iam_email + ]) +} + +resource "google_iap_settings" "iap_settings" { + name = "projects/${module.project.number}/iap_web/forwarding_rule/services/${module.glb.forwarding_rules[""].name}" + access_settings { + cors_settings { + allow_http_options = true + } + oauth_settings { + programmatic_clients = [ + google_iap_client.iap_client.client_id + ] + } + } +} diff --git a/modules/net-lb-app-ext/recipe-cloud-run-iap/outputs.tf b/modules/net-lb-app-ext/recipe-cloud-run-iap/outputs.tf new file mode 100644 index 000000000..274a12c06 --- /dev/null +++ b/modules/net-lb-app-ext/recipe-cloud-run-iap/outputs.tf @@ -0,0 +1,48 @@ +/** + * Copyright 2025 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + command_tpl = <