From 921d220f2fbb02a2606fb225a83b7087534a3efa Mon Sep 17 00:00:00 2001 From: BaeKY Date: Mon, 16 Jan 2023 09:06:41 +0900 Subject: [PATCH] =?UTF-8?q?feat(chart):=20CI/CD=EB=A5=BC=20=EC=9C=84?= =?UTF-8?q?=ED=95=9C=20k8s=20manifest=20=EC=B6=94=EA=B0=80=20(#5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(chart): Add argocd chart - #3 * chore(chart): Add harbor chart - #3 * feat(package/helm-value-inferer): Add helm-chart version - kube-ops/chart/src/index.ts에도 version 명시 * chore(package/k8s-generated): Add crd for helm chart * fix(chart): Fix script for custom dns resolver on MacOS * chore(chart): Add cert-manager chart - #3 * chore(chart)!: Deprecate cdk8s-loader * feat(chart): Add scripts/deploy-manifest.sh - #4 * chore(chart): Add execute permission on scripts/* - chmod +x ./scripts/* * chore(chart): cert-manager - Certificate생성시 k8s의 기본 coredns로 Chellenge 요청가던 이슈 해결 - #3 * chore(chart): argocd - cert-manager를 통한 tls생성 추가 - #3 * chore(chart): harbor ingress tls - #3 * chore(chart): coredns Corefile - forward 추가 - #3 * chore(chart): Add jenkins - #3 --- chart/chart-config.yaml | 2 +- chart/helm-charts.yaml | 18 + chart/manifest/0000-metallb.k8s.yaml | 6 - chart/manifest/0001-ingress-nginx.k8s.yaml | 148 +- chart/manifest/0002-dns.k8s.yaml | 29 +- chart/manifest/0003-cert-manager.k8s.yaml | 6087 ++++++++ chart/manifest/0004-argo.k8s.yaml | 10912 ++++++++++++++ chart/manifest/0005-harbor.k8s.yaml | 1746 +++ chart/manifest/0006-jenkins.k8s.yaml | 609 + chart/manifest/construct-metadata.json | 2 +- chart/package.json | 6 +- chart/scripts/add-custom-dns-resolver.sh | 5 +- chart/scripts/deploy-manifest.sh | 55 + chart/scripts/load-helm.sh | 5 +- chart/scripts/sample-nginx-up-down.sh | 0 chart/src/app.ts | 349 + chart/src/charts/argocd.chart.ts | 21 + chart/src/charts/cert-manager.chart.ts | 42 + chart/src/charts/dns.chart.ts | 74 +- chart/src/charts/harbor.chart.ts | 24 + chart/src/charts/index.ts | 7 +- chart/src/charts/ingress-controller.chart.ts | 20 + chart/src/charts/ingress-nginx.chart.ts | 33 - chart/src/charts/jenkins.chart.ts | 25 + chart/src/charts/load-balancer.chart.ts | 32 + chart/src/charts/metallb.chart.ts | 47 - chart/src/charts/prometheus.chart.ts | 37 +- chart/src/custom-component/index.ts | 1 - chart/src/custom-component/ip-address-pool.ts | 27 - chart/src/index.ts | 151 +- .../argo/argo-cd/default-values.json | 1038 ++ .../types/helm-values/argo/argo-cd/index.ts | 9 + .../types/helm-values/argo/argo-cd/types.ts | 742 + .../coredns/coredns/default-values.json | 0 .../helm-values/coredns/coredns/index.ts | 0 .../helm-values/coredns/coredns/types.ts | 0 .../external-dns/default-values.json | 0 .../external-dns/external-dns/index.ts | 0 .../external-dns/external-dns/types.ts | 0 .../harbor/harbor/default-values.json | 581 + .../types/helm-values/harbor/harbor/index.ts | 9 + .../types/helm-values/harbor/harbor/types.ts | 514 + chart/src/{ => types}/helm-values/index.ts | 9 + .../ingress-nginx/default-values.json | 0 .../ingress-nginx/ingress-nginx/index.ts | 0 .../ingress-nginx/ingress-nginx/types.ts | 0 .../jenkins/jenkins/default-values.json | 0 .../helm-values/jenkins/jenkins/index.ts | 0 .../helm-values/jenkins/jenkins/types.ts | 0 .../jetstack/cert-manager/default-values.json | 261 + .../jetstack/cert-manager/index.ts | 9 + .../jetstack/cert-manager/types.ts | 217 + .../metallb/metallb/default-values.json | 0 .../helm-values/metallb/metallb/index.ts | 0 .../helm-values/metallb/metallb/types.ts | 0 .../kube-prometheus-stack/default-values.json | 0 .../kube-prometheus-stack/index.ts | 0 .../kube-prometheus-stack/types.ts | 0 chart/src/types/index.ts | 1 + docs/cicd-flow.png | Bin 615437 -> 1214602 bytes packages/cdk8s-loader/src/abs-app.ts | 10 + packages/cdk8s-loader/src/abs-chart.ts | 14 + packages/cdk8s-loader/src/index.ts | 2 + .../test/component-loader.test.ts | 2 +- .../test/container-factory/set-prop.test.ts | 2 +- .../container-factory/update-prop.test.ts | 2 +- packages/helm-value-inferrer/README.md | 4 +- .../scripts/generate-infer-helm-values.sh | 12 +- packages/k8s-generated/cdk8s.yaml | 13 + .../generated/acme.cert-manager.io.ts | 3503 +++++ .../generated/addresspools-metallb.io.ts | 416 + .../generated/bfdprofiles-metallb.io.ts | 174 + .../generated/bgpadvertisements-metallb.io.ts | 345 + .../generated/bgppeers-metallb.io.ts | 619 + .../generated/cert-manager.io.ts | 9227 ++++++++++++ .../generated/communities-metallb.io.ts | 156 + packages/k8s-generated/generated/index.ts | 11 + .../generated/ipaddresspools-metallb.io.ts | 364 + .../k8s-generated/generated/jenkins.io.ts | 6864 +++++++++ .../k8s-generated/{src => }/generated/k8s.ts | 12097 +++++++--------- .../generated/l2advertisements-metallb.io.ts | 311 + packages/k8s-generated/package.json | 4 +- packages/k8s-generated/src/index.ts | 1 - packages/k8s-generated/tsconfig.json | 2 +- pnpm-lock.yaml | 7 + 85 files changed, 51156 insertions(+), 6916 deletions(-) create mode 100644 chart/manifest/0003-cert-manager.k8s.yaml create mode 100644 chart/manifest/0004-argo.k8s.yaml create mode 100644 chart/manifest/0005-harbor.k8s.yaml create mode 100644 chart/manifest/0006-jenkins.k8s.yaml mode change 100644 => 100755 chart/scripts/add-custom-dns-resolver.sh create mode 100755 chart/scripts/deploy-manifest.sh mode change 100644 => 100755 chart/scripts/sample-nginx-up-down.sh create mode 100644 chart/src/app.ts create mode 100644 chart/src/charts/argocd.chart.ts create mode 100644 chart/src/charts/cert-manager.chart.ts create mode 100644 chart/src/charts/harbor.chart.ts create mode 100644 chart/src/charts/ingress-controller.chart.ts delete mode 100644 chart/src/charts/ingress-nginx.chart.ts create mode 100644 chart/src/charts/jenkins.chart.ts create mode 100644 chart/src/charts/load-balancer.chart.ts delete mode 100644 chart/src/charts/metallb.chart.ts delete mode 100644 chart/src/custom-component/index.ts delete mode 100644 chart/src/custom-component/ip-address-pool.ts create mode 100644 chart/src/types/helm-values/argo/argo-cd/default-values.json create mode 100644 chart/src/types/helm-values/argo/argo-cd/index.ts create mode 100644 chart/src/types/helm-values/argo/argo-cd/types.ts rename chart/src/{ => types}/helm-values/coredns/coredns/default-values.json (100%) rename chart/src/{ => types}/helm-values/coredns/coredns/index.ts (100%) rename chart/src/{ => types}/helm-values/coredns/coredns/types.ts (100%) rename chart/src/{ => types}/helm-values/external-dns/external-dns/default-values.json (100%) rename chart/src/{ => types}/helm-values/external-dns/external-dns/index.ts (100%) rename chart/src/{ => types}/helm-values/external-dns/external-dns/types.ts (100%) create mode 100644 chart/src/types/helm-values/harbor/harbor/default-values.json create mode 100644 chart/src/types/helm-values/harbor/harbor/index.ts create mode 100644 chart/src/types/helm-values/harbor/harbor/types.ts rename chart/src/{ => types}/helm-values/index.ts (70%) rename chart/src/{ => types}/helm-values/ingress-nginx/ingress-nginx/default-values.json (100%) rename chart/src/{ => types}/helm-values/ingress-nginx/ingress-nginx/index.ts (100%) rename chart/src/{ => types}/helm-values/ingress-nginx/ingress-nginx/types.ts (100%) rename chart/src/{ => types}/helm-values/jenkins/jenkins/default-values.json (100%) rename chart/src/{ => types}/helm-values/jenkins/jenkins/index.ts (100%) rename chart/src/{ => types}/helm-values/jenkins/jenkins/types.ts (100%) create mode 100644 chart/src/types/helm-values/jetstack/cert-manager/default-values.json create mode 100644 chart/src/types/helm-values/jetstack/cert-manager/index.ts create mode 100644 chart/src/types/helm-values/jetstack/cert-manager/types.ts rename chart/src/{ => types}/helm-values/metallb/metallb/default-values.json (100%) rename chart/src/{ => types}/helm-values/metallb/metallb/index.ts (100%) rename chart/src/{ => types}/helm-values/metallb/metallb/types.ts (100%) rename chart/src/{ => types}/helm-values/prometheus-community/kube-prometheus-stack/default-values.json (100%) rename chart/src/{ => types}/helm-values/prometheus-community/kube-prometheus-stack/index.ts (100%) rename chart/src/{ => types}/helm-values/prometheus-community/kube-prometheus-stack/types.ts (100%) create mode 100644 packages/cdk8s-loader/src/abs-app.ts create mode 100644 packages/cdk8s-loader/src/abs-chart.ts create mode 100644 packages/k8s-generated/cdk8s.yaml create mode 100644 packages/k8s-generated/generated/acme.cert-manager.io.ts create mode 100644 packages/k8s-generated/generated/addresspools-metallb.io.ts create mode 100644 packages/k8s-generated/generated/bfdprofiles-metallb.io.ts create mode 100644 packages/k8s-generated/generated/bgpadvertisements-metallb.io.ts create mode 100644 packages/k8s-generated/generated/bgppeers-metallb.io.ts create mode 100644 packages/k8s-generated/generated/cert-manager.io.ts create mode 100644 packages/k8s-generated/generated/communities-metallb.io.ts create mode 100644 packages/k8s-generated/generated/index.ts create mode 100644 packages/k8s-generated/generated/ipaddresspools-metallb.io.ts create mode 100644 packages/k8s-generated/generated/jenkins.io.ts rename packages/k8s-generated/{src => }/generated/k8s.ts (80%) create mode 100644 packages/k8s-generated/generated/l2advertisements-metallb.io.ts delete mode 100644 packages/k8s-generated/src/index.ts diff --git a/chart/chart-config.yaml b/chart/chart-config.yaml index a17a5f5..e8949a7 100644 --- a/chart/chart-config.yaml +++ b/chart/chart-config.yaml @@ -1,4 +1,4 @@ env: LB_IP_ADDRESS_POOL: 10.0.0.1/32 NS_IP: 10.0.0.1 - CUSTOM_DOMAIN: localhost + CUSTOM_DOMAIN: cloud diff --git a/chart/helm-charts.yaml b/chart/helm-charts.yaml index 13ffb94..4577d06 100644 --- a/chart/helm-charts.yaml +++ b/chart/helm-charts.yaml @@ -2,18 +2,36 @@ charts: - repo: metallb chart: metallb url: https://metallb.github.io/metallb + version: 0.13.7 - repo: ingress-nginx chart: ingress-nginx url: https://kubernetes.github.io/ingress-nginx + version: 4.4.0 - repo: prometheus-community chart: kube-prometheus-stack url: https://prometheus-community.github.io/helm-charts + version: 43.1.1 - repo: jenkins chart: jenkins url: https://charts.jenkins.io + version: 4.2.20 - repo: coredns chart: coredns url: https://coredns.github.io/helm + version: 1.19.7 - repo: external-dns chart: external-dns url: https://kubernetes-sigs.github.io/external-dns/ + version: 1.12.0 + - repo: argo + chart: argo-cd + url: https://argoproj.github.io/argo-helm + version: 5.17.1 + - repo: harbor + chart: harbor + url: https://helm.goharbor.io + version: 1.11.0 + - repo: jetstack + chart: cert-manager + url: https://charts.jetstack.io + version: 1.10.1 diff --git a/chart/manifest/0000-metallb.k8s.yaml b/chart/manifest/0000-metallb.k8s.yaml index fc34d8f..9d0bd7a 100644 --- a/chart/manifest/0000-metallb.k8s.yaml +++ b/chart/manifest/0000-metallb.k8s.yaml @@ -1,10 +1,4 @@ apiVersion: v1 -kind: Namespace -metadata: - name: metallb-system - namespace: metallb-system ---- -apiVersion: v1 kind: ServiceAccount metadata: labels: diff --git a/chart/manifest/0001-ingress-nginx.k8s.yaml b/chart/manifest/0001-ingress-nginx.k8s.yaml index febf1be..fd1e712 100644 --- a/chart/manifest/0001-ingress-nginx.k8s.yaml +++ b/chart/manifest/0001-ingress-nginx.k8s.yaml @@ -1,21 +1,15 @@ apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx automountServiceAccountToken: true --- @@ -24,13 +18,13 @@ kind: ConfigMap metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-tcp + name: ingress-nginx-tcp namespace: ingress-nginx data: "53": dns/core-dns-coredns:53 @@ -40,13 +34,13 @@ kind: ConfigMap metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-udp + name: ingress-nginx-udp namespace: ingress-nginx data: "53": dns/core-dns-coredns:53 @@ -56,13 +50,13 @@ kind: ConfigMap metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-controller + name: ingress-nginx-controller namespace: ingress-nginx data: allow-snippet-annotations: "true" @@ -71,13 +65,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx rules: - apiGroups: @@ -155,21 +149,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: default-ingress-nginx + name: ingress-nginx subjects: - kind: ServiceAccount - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 @@ -177,13 +171,13 @@ kind: Role metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx rules: - apiGroups: @@ -236,7 +230,7 @@ rules: - apiGroups: - "" resourceNames: - - default-ingress-nginx-leader + - ingress-nginx-leader resources: - configmaps verbs: @@ -251,7 +245,7 @@ rules: - apiGroups: - coordination.k8s.io resourceNames: - - default-ingress-nginx-leader + - ingress-nginx-leader resources: - leases verbs: @@ -284,21 +278,21 @@ kind: RoleBinding metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: default-ingress-nginx + name: ingress-nginx subjects: - kind: ServiceAccount - name: default-ingress-nginx + name: ingress-nginx namespace: ingress-nginx --- apiVersion: v1 @@ -306,13 +300,13 @@ kind: Service metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-controller-admission + name: ingress-nginx-controller-admission namespace: ingress-nginx spec: ports: @@ -322,7 +316,7 @@ spec: targetPort: webhook selector: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx type: ClusterIP --- @@ -331,13 +325,13 @@ kind: Service metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-controller + name: ingress-nginx-controller namespace: ingress-nginx spec: ipFamilies: @@ -364,7 +358,7 @@ spec: targetPort: 53-udp selector: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx type: LoadBalancer --- @@ -373,13 +367,13 @@ kind: Deployment metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-controller + name: ingress-nginx-controller namespace: ingress-nginx spec: minReadySeconds: 0 @@ -388,25 +382,25 @@ spec: selector: matchLabels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx template: metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/name: ingress-nginx spec: containers: - args: - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/default-ingress-nginx-controller - - --election-id=default-ingress-nginx-leader + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller + - --election-id=ingress-nginx-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/default-ingress-nginx-controller - - --tcp-services-configmap=$(POD_NAMESPACE)/default-ingress-nginx-tcp - - --udp-services-configmap=$(POD_NAMESPACE)/default-ingress-nginx-udp + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp + - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key @@ -484,19 +478,19 @@ spec: dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux - serviceAccountName: default-ingress-nginx + serviceAccountName: ingress-nginx terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert secret: - secretName: default-ingress-nginx-admission + secretName: ingress-nginx-admission --- apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: app.kubernetes.io/component: controller - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx @@ -512,20 +506,20 @@ kind: ValidatingWebhookConfiguration metadata: labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx webhooks: - admissionReviewVersions: - v1 clientConfig: service: - name: default-ingress-nginx-controller-admission + name: ingress-nginx-controller-admission namespace: ingress-nginx path: /networking/v1/ingresses failurePolicy: Fail @@ -551,13 +545,13 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 @@ -568,13 +562,13 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx rules: - apiGroups: @@ -593,21 +587,21 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: default-ingress-nginx-admission + name: ingress-nginx-admission subjects: - kind: ServiceAccount - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 @@ -618,13 +612,13 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx rules: - apiGroups: @@ -643,21 +637,21 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: default-ingress-nginx-admission + name: ingress-nginx-admission subjects: - kind: ServiceAccount - name: default-ingress-nginx-admission + name: ingress-nginx-admission namespace: ingress-nginx --- apiVersion: batch/v1 @@ -668,33 +662,33 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission-create + name: ingress-nginx-admission-create namespace: ingress-nginx spec: template: metadata: labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission-create + name: ingress-nginx-admission-create spec: containers: - args: - create - - --host=default-ingress-nginx-controller-admission,default-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - - --secret-name=default-ingress-nginx-admission + - --secret-name=ingress-nginx-admission env: - name: POD_NAMESPACE valueFrom: @@ -712,7 +706,7 @@ spec: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 - serviceAccountName: default-ingress-nginx-admission + serviceAccountName: ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -722,34 +716,34 @@ metadata: helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission-patch + name: ingress-nginx-admission-patch namespace: ingress-nginx spec: template: metadata: labels: app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: default + app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/version: 1.5.1 helm.sh/chart: ingress-nginx-4.4.0 - name: default-ingress-nginx-admission-patch + name: ingress-nginx-admission-patch spec: containers: - args: - patch - - --webhook-name=default-ingress-nginx-admission + - --webhook-name=ingress-nginx-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - - --secret-name=default-ingress-nginx-admission + - --secret-name=ingress-nginx-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE @@ -768,4 +762,4 @@ spec: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 - serviceAccountName: default-ingress-nginx-admission + serviceAccountName: ingress-nginx-admission diff --git a/chart/manifest/0002-dns.k8s.yaml b/chart/manifest/0002-dns.k8s.yaml index 5f77861..c2dbced 100644 --- a/chart/manifest/0002-dns.k8s.yaml +++ b/chart/manifest/0002-dns.k8s.yaml @@ -2,8 +2,8 @@ apiVersion: v1 kind: Service metadata: labels: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd name: etcd namespace: dns spec: @@ -19,29 +19,29 @@ spec: protocol: TCP publishNotReadyAddresses: true selector: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd name: etcd namespace: dns spec: replicas: 3 selector: matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd serviceName: etcd template: metadata: labels: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd name: etcd spec: containers: @@ -84,8 +84,8 @@ spec: volumeClaimTemplates: - metadata: labels: - app.kubernetes.io/component: app - app.kubernetes.io/name: etcd + this.kubernetes.io/component: this + this.kubernetes.io/name: etcd name: datadir spec: accessModes: @@ -117,6 +117,9 @@ data: endpoint http://etcd:2379 fallthrough } + forward { + . 8.8.8.8 8.8.4.4 1.1.1.1 + } cache 30 prometheus 0.0.0.0:9153 reload @@ -219,7 +222,7 @@ spec: template: metadata: annotations: - checksum/config: c969a43bf8545ee684ca9bacbaa5d82f0337a1543b1432e2191ff55cd4eb5a0f + checksum/config: c4621470c7da7e98431e7eac4f48b47a50f55ed851d251c7fd87546eb66aa384 labels: app.kubernetes.io/instance: core-dns app.kubernetes.io/name: coredns diff --git a/chart/manifest/0003-cert-manager.k8s.yaml b/chart/manifest/0003-cert-manager.k8s.yaml new file mode 100644 index 0000000..a863563 --- /dev/null +++ b/chart/manifest/0003-cert-manager.k8s.yaml @@ -0,0 +1,6087 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector + namespace: cert-manager +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager + namespace: cert-manager +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook + namespace: cert-manager +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: webhook + name: cert-manager-webhook + namespace: cert-manager +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: clusterissuers.cert-manager.io + namespace: cert-manager +spec: + group: cert-manager.io + names: + categories: + - cert-manager + kind: ClusterIssuer + listKind: ClusterIssuerList + plural: clusterissuers + singular: clusterissuer + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Desired state of the ClusterIssuer resource. + properties: + acme: + description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + properties: + disableAccountKeyGeneration: + description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + type: boolean + email: + description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + type: string + enableDurationFeature: + description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + type: boolean + externalAccountBinding: + description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + properties: + keyAlgorithm: + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + enum: + - HS256 + - HS384 + - HS512 + type: string + keyID: + description: keyID is the ID of the CA key that the External Account is bound to. + type: string + keySecretRef: + description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - keyID + - keySecretRef + type: object + preferredChain: + description: "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN" + maxLength: 64 + type: string + privateKeySecretRef: + description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + server: + description: "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported." + type: string + skipTLSVerify: + description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false. + type: boolean + solvers: + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + items: + description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + properties: + dns01: + description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + properties: + acmeDNS: + description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + properties: + accountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: Use the Akamai DNS zone management API to manage DNS01 challenge records. + properties: + accessTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientSecretSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azureDNS: + description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + properties: + clientID: + description: if both this and ClientSecret are left unset MSI will be used + type: string + clientSecretSecretRef: + description: if both this and ClientID are left unset MSI will be used + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + environment: + description: name of the Azure environment (default AzurePublicCloud) + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + description: name of the DNS zone that should be used + type: string + managedIdentity: + description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + properties: + clientID: + description: client ID of the managed identity, can not be used at the same time as resourceID + type: string + resourceID: + description: resource ID of the managed identity, can not be used at the same time as clientID + type: string + type: object + resourceGroupName: + description: resource group the DNS zone is located in + type: string + subscriptionID: + description: ID of the Azure subscription + type: string + tenantID: + description: when specifying ClientID and ClientSecret then this field is also needed + type: string + required: + - resourceGroupName + - subscriptionID + type: object + cloudDNS: + description: Use the Google Cloud DNS API to manage DNS01 challenge records. + properties: + hostedZoneName: + description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + type: string + project: + type: string + serviceAccountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: Use the Cloudflare API to manage DNS01 challenge records. + properties: + apiKeySecretRef: + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + apiTokenSecretRef: + description: API token used to authenticate with Cloudflare. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + email: + description: Email of the account, only required when using API key based authentication. + type: string + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: Use the DigitalOcean DNS API to manage DNS01 challenge records. + properties: + tokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + properties: + nameserver: + description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + type: string + tsigAlgorithm: + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: Use the AWS Route53 API to manage DNS01 challenge records. + properties: + accessKeyID: + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + type: string + accessKeyIDSecretRef: + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + hostedZoneID: + description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + properties: + config: + description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + properties: + gatewayHTTPRoute: + description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + properties: + labels: + additionalProperties: + type: string + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + type: object + parentRefs: + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways" + items: + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + Support: Core (Gateway) + Support: Custom (Other Resources) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + type: array + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + ingress: + description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + type: string + ingressTemplate: + description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the created ACME HTTP01 solver ingress. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver ingress. + type: object + type: object + type: object + name: + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: object + priorityClassName: + description: If specified, the pod's priorityClassName. + type: string + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + properties: + dnsNames: + description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + properties: + crlDistributionPoints: + description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + items: + type: string + type: array + ocspServers: + description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + properties: + crlDistributionPoints: + description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + items: + type: string + type: array + type: object + vault: + description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + properties: + auth: + description: Auth configures how cert-manager authenticates with the Vault server. + properties: + appRole: + description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + properties: + path: + description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + type: string + roleId: + description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + type: string + secretRef: + description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + properties: + mountPath: + description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + type: string + role: + description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: TokenSecretRef authenticates with Vault by presenting a token. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + type: object + caBundle: + description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection. + format: byte + type: string + caBundleSecretRef: + description: CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + namespace: + description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + type: string + path: + description: "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\"." + type: string + server: + description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' + type: string + required: + - auth + - path + - server + type: object + venafi: + description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + type: string + required: + - apiTokenSecretRef + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + properties: + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + url: + description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: Status of the ClusterIssuer. This is set and managed automatically. + properties: + acme: + description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also be used to retrieve account details from the CA + type: string + type: object + conditions: + description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + items: + description: IssuerCondition contains condition information for an Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + format: int64 + type: integer + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of (`True`, `False`, `Unknown`). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, known values are (`Ready`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: challenges.acme.cert-manager.io + namespace: cert-manager +spec: + group: acme.cert-manager.io + names: + categories: + - cert-manager + - cert-manager-acme + kind: Challenge + listKind: ChallengeList + plural: challenges + singular: challenge + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .spec.dnsName + name: Domain + type: string + - jsonPath: .status.reason + name: Reason + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Challenge is a type to represent a Challenge request with an ACME server + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + properties: + authorizationURL: + description: The URL to the ACME Authorization resource that this challenge is a part of. + type: string + dnsName: + description: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + type: string + issuerRef: + description: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + properties: + group: + description: Group of the resource being referred to. + type: string + kind: + description: Kind of the resource being referred to. + type: string + name: + description: Name of the resource being referred to. + type: string + required: + - name + type: object + key: + description: "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content." + type: string + solver: + description: Contains the domain solving configuration that should be used to solve this challenge resource. + properties: + dns01: + description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + properties: + acmeDNS: + description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + properties: + accountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: Use the Akamai DNS zone management API to manage DNS01 challenge records. + properties: + accessTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientSecretSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azureDNS: + description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + properties: + clientID: + description: if both this and ClientSecret are left unset MSI will be used + type: string + clientSecretSecretRef: + description: if both this and ClientID are left unset MSI will be used + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + environment: + description: name of the Azure environment (default AzurePublicCloud) + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + description: name of the DNS zone that should be used + type: string + managedIdentity: + description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + properties: + clientID: + description: client ID of the managed identity, can not be used at the same time as resourceID + type: string + resourceID: + description: resource ID of the managed identity, can not be used at the same time as clientID + type: string + type: object + resourceGroupName: + description: resource group the DNS zone is located in + type: string + subscriptionID: + description: ID of the Azure subscription + type: string + tenantID: + description: when specifying ClientID and ClientSecret then this field is also needed + type: string + required: + - resourceGroupName + - subscriptionID + type: object + cloudDNS: + description: Use the Google Cloud DNS API to manage DNS01 challenge records. + properties: + hostedZoneName: + description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + type: string + project: + type: string + serviceAccountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: Use the Cloudflare API to manage DNS01 challenge records. + properties: + apiKeySecretRef: + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + apiTokenSecretRef: + description: API token used to authenticate with Cloudflare. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + email: + description: Email of the account, only required when using API key based authentication. + type: string + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: Use the DigitalOcean DNS API to manage DNS01 challenge records. + properties: + tokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + properties: + nameserver: + description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + type: string + tsigAlgorithm: + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: Use the AWS Route53 API to manage DNS01 challenge records. + properties: + accessKeyID: + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + type: string + accessKeyIDSecretRef: + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + hostedZoneID: + description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + properties: + config: + description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + properties: + gatewayHTTPRoute: + description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + properties: + labels: + additionalProperties: + type: string + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + type: object + parentRefs: + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways" + items: + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + Support: Core (Gateway) + Support: Custom (Other Resources) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + type: array + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + ingress: + description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + type: string + ingressTemplate: + description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the created ACME HTTP01 solver ingress. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver ingress. + type: object + type: object + type: object + name: + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: object + priorityClassName: + description: If specified, the pod's priorityClassName. + type: string + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + properties: + dnsNames: + description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + token: + description: The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + type: string + type: + description: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + enum: + - HTTP-01 + - DNS-01 + type: string + url: + description: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + type: string + wildcard: + description: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + type: boolean + required: + - authorizationURL + - dnsName + - issuerRef + - key + - solver + - token + - type + - url + type: object + status: + properties: + presented: + description: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + type: boolean + processing: + description: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + type: boolean + reason: + description: Contains human readable information on why the Challenge is in the current state. + type: string + state: + description: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: certificaterequests.cert-manager.io + namespace: cert-manager +spec: + group: cert-manager.io + names: + categories: + - cert-manager + kind: CertificateRequest + listKind: CertificateRequestList + plural: certificaterequests + shortNames: + - cr + - crs + singular: certificaterequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Approved")].status + name: Approved + type: string + - jsonPath: .status.conditions[?(@.type=="Denied")].status + name: Denied + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .spec.issuerRef.name + name: Issuer + type: string + - jsonPath: .spec.username + name: Requestor + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A CertificateRequest is used to request a signed certificate from one of the configured issuers. + All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. + A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Desired state of the CertificateRequest resource. + properties: + duration: + description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. + type: string + extra: + additionalProperties: + items: + type: string + type: array + description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + type: object + groups: + description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + items: + type: string + type: array + x-kubernetes-list-type: atomic + isCA: + description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`. + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. + properties: + group: + description: Group of the resource being referred to. + type: string + kind: + description: Kind of the resource being referred to. + type: string + name: + description: Name of the resource being referred to. + type: string + required: + - name + type: object + request: + description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing. + format: byte + type: string + uid: + description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + type: string + usages: + description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. + items: + description: |- + KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + username: + description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + type: string + required: + - issuerRef + - request + type: object + status: + description: Status of the CertificateRequest. This is set and managed automatically. + properties: + ca: + description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + format: byte + type: string + certificate: + description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + format: byte + type: string + conditions: + description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. + items: + description: CertificateRequestCondition contains condition information for a CertificateRequest. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of (`True`, `False`, `Unknown`). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + failureTime: + description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: issuers.cert-manager.io + namespace: cert-manager +spec: + group: cert-manager.io + names: + categories: + - cert-manager + kind: Issuer + listKind: IssuerList + plural: issuers + singular: issuer + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Desired state of the Issuer resource. + properties: + acme: + description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + properties: + disableAccountKeyGeneration: + description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + type: boolean + email: + description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + type: string + enableDurationFeature: + description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + type: boolean + externalAccountBinding: + description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + properties: + keyAlgorithm: + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + enum: + - HS256 + - HS384 + - HS512 + type: string + keyID: + description: keyID is the ID of the CA key that the External Account is bound to. + type: string + keySecretRef: + description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - keyID + - keySecretRef + type: object + preferredChain: + description: "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN" + maxLength: 64 + type: string + privateKeySecretRef: + description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + server: + description: "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported." + type: string + skipTLSVerify: + description: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false. + type: boolean + solvers: + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + items: + description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + properties: + dns01: + description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + properties: + acmeDNS: + description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + properties: + accountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: Use the Akamai DNS zone management API to manage DNS01 challenge records. + properties: + accessTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientSecretSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + clientTokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azureDNS: + description: Use the Microsoft Azure DNS API to manage DNS01 challenge records. + properties: + clientID: + description: if both this and ClientSecret are left unset MSI will be used + type: string + clientSecretSecretRef: + description: if both this and ClientID are left unset MSI will be used + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + environment: + description: name of the Azure environment (default AzurePublicCloud) + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + description: name of the DNS zone that should be used + type: string + managedIdentity: + description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + properties: + clientID: + description: client ID of the managed identity, can not be used at the same time as resourceID + type: string + resourceID: + description: resource ID of the managed identity, can not be used at the same time as clientID + type: string + type: object + resourceGroupName: + description: resource group the DNS zone is located in + type: string + subscriptionID: + description: ID of the Azure subscription + type: string + tenantID: + description: when specifying ClientID and ClientSecret then this field is also needed + type: string + required: + - resourceGroupName + - subscriptionID + type: object + cloudDNS: + description: Use the Google Cloud DNS API to manage DNS01 challenge records. + properties: + hostedZoneName: + description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + type: string + project: + type: string + serviceAccountSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: Use the Cloudflare API to manage DNS01 challenge records. + properties: + apiKeySecretRef: + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + apiTokenSecretRef: + description: API token used to authenticate with Cloudflare. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + email: + description: Email of the account, only required when using API key based authentication. + type: string + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: Use the DigitalOcean DNS API to manage DNS01 challenge records. + properties: + tokenSecretRef: + description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + properties: + nameserver: + description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + type: string + tsigAlgorithm: + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: Use the AWS Route53 API to manage DNS01 challenge records. + properties: + accessKeyID: + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + type: string + accessKeyIDSecretRef: + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + hostedZoneID: + description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + properties: + config: + description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + properties: + gatewayHTTPRoute: + description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + properties: + labels: + additionalProperties: + type: string + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + type: object + parentRefs: + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways" + items: + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + Support: Core (Gateway) + Support: Custom (Other Resources) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Extended + + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + type: array + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + ingress: + description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + type: string + ingressTemplate: + description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the created ACME HTTP01 solver ingress. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver ingress. + type: object + type: object + type: object + name: + description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + properties: + metadata: + description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + type: object + priorityClassName: + description: If specified, the pod's priorityClassName. + type: string + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + properties: + dnsNames: + description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + properties: + crlDistributionPoints: + description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + items: + type: string + type: array + ocspServers: + description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + properties: + crlDistributionPoints: + description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + items: + type: string + type: array + type: object + vault: + description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + properties: + auth: + description: Auth configures how cert-manager authenticates with the Vault server. + properties: + appRole: + description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + properties: + path: + description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + type: string + roleId: + description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + type: string + secretRef: + description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + properties: + mountPath: + description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + type: string + role: + description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: TokenSecretRef authenticates with Vault by presenting a token. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + type: object + caBundle: + description: PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection. + format: byte + type: string + caBundleSecretRef: + description: CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + namespace: + description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + type: string + path: + description: "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\"." + type: string + server: + description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' + type: string + required: + - auth + - path + - server + type: object + venafi: + description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + type: string + required: + - apiTokenSecretRef + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + properties: + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + url: + description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: Status of the Issuer. This is set and managed automatically. + properties: + acme: + description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also be used to retrieve account details from the CA + type: string + type: object + conditions: + description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + items: + description: IssuerCondition contains condition information for an Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + format: int64 + type: integer + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of (`True`, `False`, `Unknown`). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, known values are (`Ready`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: certificates.cert-manager.io + namespace: cert-manager +spec: + group: cert-manager.io + names: + categories: + - cert-manager + kind: Certificate + listKind: CertificateList + plural: certificates + shortNames: + - cert + - certs + singular: certificate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .spec.secretName + name: Secret + type: string + - jsonPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Desired state of the Certificate resource. + properties: + additionalOutputFormats: + description: AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components. + items: + description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + properties: + type: + description: Type is the name of the format type that should be written to the Certificate's target Secret. + enum: + - DER + - CombinedPEM + type: string + required: + - type + type: object + type: array + commonName: + description: "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4" + type: string + dnsNames: + description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. + items: + type: string + type: array + duration: + description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + type: string + emailAddresses: + description: EmailAddresses is a list of email subjectAltNames to be set on the Certificate. + items: + type: string + type: array + encodeUsagesInRequest: + description: EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest + type: boolean + ipAddresses: + description: IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`. + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. + properties: + group: + description: Group of the resource being referred to. + type: string + kind: + description: Kind of the resource being referred to. + type: string + name: + description: Name of the resource being referred to. + type: string + required: + - name + type: object + keystores: + description: Keystores configures additional keystore output formats stored in the `secretName` Secret resource. + properties: + jks: + description: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + properties: + create: + description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + type: boolean + passwordSecretRef: + description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - create + - passwordSecretRef + type: object + pkcs12: + description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + properties: + create: + description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + type: boolean + passwordSecretRef: + description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + required: + - name + type: object + required: + - create + - passwordSecretRef + type: object + type: object + literalSubject: + description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + type: string + privateKey: + description: Options to control private keys used for the Certificate. + properties: + algorithm: + description: Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + enum: + - RSA + - ECDSA + - Ed25519 + type: string + encoding: + description: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + enum: + - PKCS1 + - PKCS8 + type: string + rotationPolicy: + description: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. + enum: + - Never + - Always + type: string + size: + description: Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + type: integer + type: object + renewBefore: + description: How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + type: string + revisionHistoryLimit: + description: revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + format: int32 + type: integer + secretName: + description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. + type: string + secretTemplate: + description: SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a key value map to be copied to the target Kubernetes Secret. + type: object + labels: + additionalProperties: + type: string + description: Labels is a key value map to be copied to the target Kubernetes Secret. + type: object + type: object + subject: + description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + properties: + countries: + description: Countries to be used on the Certificate. + items: + type: string + type: array + localities: + description: Cities to be used on the Certificate. + items: + type: string + type: array + organizationalUnits: + description: Organizational Units to be used on the Certificate. + items: + type: string + type: array + organizations: + description: Organizations to be used on the Certificate. + items: + type: string + type: array + postalCodes: + description: Postal codes to be used on the Certificate. + items: + type: string + type: array + provinces: + description: State/Provinces to be used on the Certificate. + items: + type: string + type: array + serialNumber: + description: Serial number to be used on the Certificate. + type: string + streetAddresses: + description: Street addresses to be used on the Certificate. + items: + type: string + type: array + type: object + uris: + description: URIs is a list of URI subjectAltNames to be set on the Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified. + items: + description: |- + KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: Status of the Certificate. This is set and managed automatically. + properties: + conditions: + description: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + items: + description: CertificateCondition contains condition information for an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + format: int64 + type: integer + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of (`True`, `False`, `Unknown`). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, known values are (`Ready`, `Issuing`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + failedIssuanceAttempts: + description: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + type: integer + lastFailureTime: + description: LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time. + format: date-time + type: string + nextPrivateKeySecretName: + description: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + type: string + notAfter: + description: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + format: date-time + type: string + notBefore: + description: The time after which the certificate stored in the secret named by this resource in spec.secretName is valid. + format: date-time + type: string + renewalTime: + description: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + format: date-time + type: string + revision: + description: |- + The current 'revision' of the certificate as issued. + When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. + Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. + Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: orders.acme.cert-manager.io + namespace: cert-manager +spec: + group: acme.cert-manager.io + names: + categories: + - cert-manager + - cert-manager-acme + kind: Order + listKind: OrderList + plural: orders + singular: order + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + - jsonPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - jsonPath: .status.reason + name: Reason + priority: 1 + type: string + - description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Order is a type to represent an Order with an ACME server + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + properties: + commonName: + description: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + type: string + dnsNames: + description: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + items: + type: string + type: array + duration: + description: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + type: string + ipAddresses: + description: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + items: + type: string + type: array + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + properties: + group: + description: Group of the resource being referred to. + type: string + kind: + description: Kind of the resource being referred to. + type: string + name: + description: Name of the resource being referred to. + type: string + required: + - name + type: object + request: + description: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + format: byte + type: string + required: + - issuerRef + - request + type: object + status: + properties: + authorizations: + description: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + items: + description: ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. + properties: + challenges: + description: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + items: + description: Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. + properties: + token: + description: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + type: string + type: + description: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + type: string + url: + description: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + type: string + required: + - token + - type + - url + type: object + type: array + identifier: + description: Identifier is the DNS name to be validated as part of this authorization + type: string + initialState: + description: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL is the URL of the Authorization that must be completed + type: string + wildcard: + description: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + type: boolean + required: + - url + type: object + type: array + certificate: + description: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + format: byte + type: string + failureTime: + description: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + finalizeURL: + description: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + type: string + reason: + description: Reason optionally provides more information about a why the order is in the current state. + type: string + state: + description: State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - create + - update + - patch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-issuers + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - update + - patch + - apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-clusterissuers + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - update + - patch + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-certificates + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificates/status + - certificaterequests + - certificaterequests/status + verbs: + - update + - patch + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates/finalizers + - certificaterequests/finalizers + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-orders + namespace: cert-manager +rules: + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - update + - patch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - challenges + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete + - apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-challenges + namespace: cert-manager +rules: + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - update + - patch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + - clusterissuers + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - get + - list + - watch + - create + - delete + - update + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-ingress-shim + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + verbs: + - create + - update + - delete + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + - clusterissuers + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cert-manager-view + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cert-manager-edit + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + - certificaterequests + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificates/status + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-approve:cert-manager-io + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resourceNames: + - issuers.cert-manager.io/* + - clusterissuers.cert-manager.io/* + resources: + - signers + verbs: + - approve +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-certificatesigningrequests + namespace: cert-manager +rules: + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - watch + - update + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - update + - patch + - apiGroups: + - certificates.k8s.io + resourceNames: + - issuers.cert-manager.io/* + - clusterissuers.cert-manager.io/* + resources: + - signers + verbs: + - sign + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook:subjectaccessreviews + namespace: cert-manager +rules: + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-cainjector +subjects: + - kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-issuers + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-issuers +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-clusterissuers + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-clusterissuers +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-certificates + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-certificates +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-orders + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-orders +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-challenges + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-challenges +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-ingress-shim + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-ingress-shim +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-approve:cert-manager-io + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-approve:cert-manager-io +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-controller-certificatesigningrequests + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-controller-certificatesigningrequests +subjects: + - kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook:subjectaccessreviews + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cert-manager-webhook:subjectaccessreviews +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector:leaderelection + namespace: kube-system +rules: + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager:leaderelection + namespace: kube-system +rules: + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook:dynamic-serving + namespace: cert-manager +rules: + - apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-cainjector:leaderelection +subjects: + - kind: ServiceAccount + name: cert-manager-cainjector + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager:leaderelection + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager:leaderelection +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cert-manager + namespace: cert-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook:dynamic-serving + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-webhook:dynamic-serving +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager + namespace: cert-manager +spec: + ports: + - name: tcp-prometheus-servicemonitor + port: 9402 + protocol: TCP + targetPort: 9402 + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: cert-manager + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook + namespace: cert-manager +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: webhook + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-cainjector + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: cainjector + template: + metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + spec: + containers: + - args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-cainjector:v1.10.1 + imagePullPolicy: IfNotPresent + name: cert-manager-cainjector + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: cert-manager-cainjector +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: cert-manager + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9402" + prometheus.io/scrape: "true" + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + spec: + containers: + - args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers + - 8.8.8.8:53,8.8.4.4:53,1.1.1.1:53 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-controller:v1.10.1 + imagePullPolicy: IfNotPresent + name: cert-manager-controller + ports: + - containerPort: 9402 + name: http-metrics + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: cert-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook + namespace: cert-manager +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/name: webhook + template: + metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + spec: + containers: + - args: + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=cert-manager-webhook + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/jetstack/cert-manager-webhook:v1.10.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: 6080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: cert-manager-webhook + ports: + - containerPort: 10250 + name: https + protocol: TCP + - containerPort: 6080 + name: healthcheck + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: cert-manager-webhook +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook + namespace: cert-manager +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /mutate + failurePolicy: Fail + matchPolicy: Equivalent + name: webhook.cert-manager.io + rules: + - apiGroups: + - cert-manager.io + - acme.cert-manager.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - "*/*" + sideEffects: None + timeoutSeconds: 10 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-webhook + namespace: cert-manager +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /validate + failurePolicy: Fail + matchPolicy: Equivalent + name: webhook.cert-manager.io + namespaceSelector: + matchExpressions: + - key: cert-manager.io/disable-validation + operator: NotIn + values: + - "true" + - key: name + operator: NotIn + values: + - cert-manager + rules: + - apiGroups: + - cert-manager.io + - acme.cert-manager.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - "*/*" + sideEffects: None + timeoutSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "-5" + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-startupapicheck + namespace: cert-manager +automountServiceAccountToken: true +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "-5" + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-startupapicheck:create-cert + namespace: cert-manager +rules: + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "-5" + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-startupapicheck:create-cert + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-startupapicheck:create-cert +subjects: + - kind: ServiceAccount + name: cert-manager-startupapicheck + namespace: cert-manager +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "1" + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + name: cert-manager-startupapicheck + namespace: cert-manager +spec: + backoffLimit: 4 + template: + metadata: + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.10.1 + helm.sh/chart: cert-manager-v1.10.1 + spec: + containers: + - args: + - check + - api + - --wait=1m + image: quay.io/jetstack/cert-manager-ctl:v1.10.1 + imagePullPolicy: IfNotPresent + name: cert-manager-startupapicheck + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: cert-manager-startupapicheck +--- +apiVersion: v1 +kind: Secret +data: + api-key: NjJjYzNlYjNjMDEwYjI5MzQyZGZkZDYyYTY1YmUyNDYyNDJiYg== +metadata: + name: cloudflare-api-key + namespace: cert-manager +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: acme-issuer + namespace: cert-manager +spec: + acme: + email: baeky.dev@gmail.com + privateKeySecretRef: + name: acme-issuer-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - dns01: + cloudflare: + apiKeySecretRef: + key: api-key + name: cloudflare-api-key + email: baeky.dev@gmail.com diff --git a/chart/manifest/0004-argo.k8s.yaml b/chart/manifest/0004-argo.k8s.yaml new file mode 100644 index 0000000..0b6096c --- /dev/null +++ b/chart/manifest/0004-argo.k8s.yaml @@ -0,0 +1,10912 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-application-controller + namespace: argo +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-applicationset-controller + namespace: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-notifications-controller + namespace: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-server + namespace: argo +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-dex-server + namespace: argo +automountServiceAccountToken: true +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-notifications-secret + namespace: argo +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-secret + namespace: argo +type: Opaque +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-cm + namespace: argo +data: + admin.enabled: "true" + application.instanceLabelKey: argocd.argoproj.io/instance + exec.enabled: "false" + server.rbac.log.enforce.enable: "false" + timeout.hard.reconciliation: 0s + timeout.reconciliation: 180s + url: "" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-cmd-params-cm + namespace: argo +data: + controller.log.format: text + controller.log.level: info + controller.operation.processors: "10" + controller.repo.server.timeout.seconds: "60" + controller.self.heal.timeout.seconds: "5" + controller.status.processors: "20" + otlp.address: "" + redis.server: argo-argocd-redis:6379 + repo.server: argo-argocd-repo-server:8081 + reposerver.log.format: text + reposerver.log.level: info + reposerver.parallelism.limit: "0" + server.basehref: / + server.dex.server: https://argo-argocd-dex-server:5556 + server.dex.server.strict.tls: "false" + server.disable.auth: "false" + server.enable.gzip: "false" + server.insecure: "false" + server.log.format: text + server.log.level: info + server.repo.server.strict.tls: "false" + server.rootpath: "" + server.staticassets: /shared/app + server.x.frame.options: sameorigin +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-gpg-keys-cm + namespace: argo +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-notifications-cm + namespace: argo +data: + context: | + argocdUrl: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-rbac-cm + namespace: argo +data: + policy.csv: "" + policy.default: "" + scopes: "[groups]" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-ssh-known-hosts-cm + namespace: argo +data: + ssh_known_hosts: | + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argocd-tls-certs-cm + namespace: argo +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + name: applications.argoproj.io + namespace: argo +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated the operations + properties: + automated: + description: Automated is set to true if operation was initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. + type: string + source: + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform the sync. + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to perform the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server and namespace + properties: + name: + description: Name is an alternate way of specifying the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the target revision + properties: + allowEmpty: + description: "AllowEmpty allows apps have zero live resources (default: false)" + type: boolean + prune: + description: "Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)" + type: boolean + selfHeal: + description: "SelfHeal specifes whether to revert resources back to their desired state upon modification in the cluster (default: false)" + type: boolean + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application conditions + items: + description: ApplicationCondition contains details about an application condition, which is usally an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + health: + description: Health contains information about the application's current health status + properties: + message: + description: Message is a human-readable informational message describing the health status + type: string + status: + description: Status holds the status code of the application or resource + type: string + type: object + history: + description: History contains information about the application's sync history + items: + description: RevisionHistory contains history information about a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + revision: + description: Revision holds the revision the sync was performed against + type: string + source: + description: Source is a reference to the application source used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + required: + - deployedAt + - id + - revision + type: object + type: array + observedAt: + description: "ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field" + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated the operations + properties: + automated: + description: Automated is set to true if operation was initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. + type: string + source: + description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform the sync. + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to perform the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + resources: + description: Resources contains a list of sync result items for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace of the resource + type: string + status: + description: Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation was performed to + type: string + source: + description: Source records the application source information of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: "ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree" + type: string + resources: + description: Resources is a list of Kubernetes resources managed by this application + items: + description: "ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type" + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently observed health state of an application or resource + properties: + message: + description: Message is a human-readable informational message describing the health status + type: string + status: + description: Status holds the status code of the application or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceType: + description: SourceType specifies the type of this application + type: string + summary: + description: Summary contains a list of URLs and container images used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been compared + properties: + destination: + description: Destination is a reference to the application's destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + type: string + type: object + source: + description: Source is a reference to the application's source used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm template + items: + description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override specifications + items: + description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's environment + properties: + name: + description: Name is the name of the variable, usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + required: + - destination + - source + type: object + revision: + description: Revision contains information about the revision the comparison has been performed to + type: string + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + name: applicationsets.argoproj.io + namespace: argo +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - elements + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - elements + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + pullRequest: + properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - elements + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + pullRequest: + properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + pullRequest: + properties: + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + group: + type: string + includeSubgroups: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + goTemplate: + type: boolean + syncPolicy: + properties: + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + required: + - metadata + - spec + type: object + required: + - generators + - template + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + name: appprojects.argoproj.io + namespace: argo +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted cluster level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted cluster level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinations: + description: Destinations contains list of destinations available for deployment + items: + description: ApplicationDestination holds information about the application's destination + properties: + name: + description: Name is an alternate way of specifying the target cluster by its symbolic name + type: string + namespace: + description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project + properties: + ignore: + description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring + items: + description: OrphanedResourceKey is a reference to a resource to be ignored from + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created for apps which have orphaned resources + type: boolean + type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped + type: boolean + roles: + description: Roles are user defined RBAC roles associated with this project + items: + description: ProjectRole represents a role that has access to a project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound to this role + items: + description: JWTToken holds the issuedAt and expiresAt values of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formatted strings that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync + items: + description: SignatureKey is the specification of a key required to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources are allowed to be created in + items: + type: string + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in this project + items: + description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the schedule + type: string + type: object + type: array + type: object + status: + description: AppProjectStatus contains status information for AppProject CRs + properties: + jwtTokensByRole: + additionalProperties: + description: JWTTokens represents a list of JWT tokens + properties: + items: + items: + description: JWTToken holds the issuedAt and expiresAt values of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + type: object + description: JWTTokensByRole contains a list of JWT tokens issued for a given role + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-application-controller + namespace: argo +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + - nonResourceURLs: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + - nonResourceURLs: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - delete + - get + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-application-controller + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-argocd-application-controller +subjects: + - kind: ServiceAccount + name: argocd-application-controller + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-argocd-repo-server +subjects: + - kind: ServiceAccount + name: argo-argocd-repo-server + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-argocd-server +subjects: + - kind: ServiceAccount + name: argocd-server + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-application-controller + namespace: argo +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-applicationset-controller + namespace: argo +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-notifications-controller + namespace: argo +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + - apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - get + - list + - watch + - update + - delete + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-dex-server + namespace: argo +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-application-controller + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-application-controller +subjects: + - kind: ServiceAccount + name: argocd-application-controller + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-applicationset-controller + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-applicationset-controller +subjects: + - kind: ServiceAccount + name: argo-argocd-applicationset-controller + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-notifications-controller + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-notifications-controller +subjects: + - kind: ServiceAccount + name: argocd-notifications-controller + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-repo-server +subjects: + - kind: ServiceAccount + name: argo-argocd-repo-server + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-server +subjects: + - kind: ServiceAccount + name: argocd-server + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-dex-server + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-argocd-dex-server +subjects: + - kind: ServiceAccount + name: argocd-dex-server + namespace: argo +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-applicationset-controller + namespace: argo +spec: + ports: + - name: webhook + port: 7000 + targetPort: webhook + selector: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +spec: + ports: + - name: https-repo-server + port: 8081 + protocol: TCP + targetPort: repo-server + selector: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: server + - name: https + port: 443 + protocol: TCP + targetPort: server + selector: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-dex-server + namespace: argo +spec: + ports: + - name: http + port: 5556 + protocol: TCP + targetPort: http + - name: grpc + port: 5557 + protocol: TCP + targetPort: grpc + selector: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-redis + namespace: argo +spec: + ports: + - name: redis + port: 6379 + targetPort: 6379 + selector: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-redis +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-applicationset-controller + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - command: + - entrypoint.sh + - argocd-applicationset-controller + - --argocd-repo-server=argo-argocd-repo-server:8081 + - --enable-leader-election=false + - --metrics-addr=:8080 + - --probe-addr=:8081 + - --policy=sync + - --dry-run=false + - --logformat + - text + - --loglevel + - info + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + name: applicationset-controller + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + - containerPort: 8081 + name: probe + protocol: TCP + - containerPort: 7000 + name: webhook + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + serviceAccountName: argo-argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-notifications-controller + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - command: + - argocd-notifications + - --loglevel=info + - --logformat=text + - --metrics-port=9001 + - --namespace=argo + - --argocd-repo-server=argo-argocd-repo-server:8081 + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + name: notifications-controller + ports: + - containerPort: 9001 + name: metrics + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-repo-server + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + annotations: + checksum/cmd-params: 89151a7070265d96ebfe4ccde4e43740cf72be860bb48b964aed19eba957d2b6 + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + automountServiceAccountToken: true + containers: + - args: + - argocd-repo-server + command: + - entrypoint.sh + env: + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + key: redis-username + name: argo-argocd-redis + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: argo-argocd-redis + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: repo-server + ports: + - containerPort: 8081 + name: repo-server + protocol: TCP + - containerPort: 8084 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: tmp + initContainers: + - command: + - cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argo-argocd-repo-server + volumes: + - emptyDir: {} + name: helm-working-dir + - emptyDir: {} + name: plugins + - emptyDir: {} + name: var-files + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-server + template: + metadata: + annotations: + checksum/cmd-params: 89151a7070265d96ebfe4ccde4e43740cf72be860bb48b964aed19eba957d2b6 + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - command: + - argocd-server + - --insecure + env: + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + key: server.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + key: server.basehref + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + key: server.rootpath + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: server.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + key: server.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + key: server.dex.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + key: server.disable.auth + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + key: server.enable.gzip + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: server.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + key: server.x.frame.options + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.dex.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.dex.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: server.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.connection.status.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.oidc.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.login.attempts.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + key: server.staticassets + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + key: redis-username + name: argo-argocd-redis + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: argo-argocd-redis + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + key: server.http.cookie.maxnumber + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: server + ports: + - containerPort: 8080 + name: server + protocol: TCP + - containerPort: 8083 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /shared/app/custom + name: styles + - mountPath: /tmp + name: tmp + serviceAccountName: argocd-server + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-styles-cm + optional: true + name: styles + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-dex-server + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-dex-server + template: + metadata: + annotations: + checksum/cmd-params: 89151a7070265d96ebfe4ccde4e43740cf72be860bb48b964aed19eba957d2b6 + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - args: + - rundex + command: + - /shared/argocd-dex + env: + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: dexserver.disable.tls + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.35.3 + imagePullPolicy: IfNotPresent + name: dex-server + ports: + - containerPort: 5556 + name: http + protocol: TCP + - containerPort: 5557 + name: grpc + protocol: TCP + - containerPort: 5558 + name: metrics + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + - mountPath: /tls + name: argocd-dex-server-tls + initContainers: + - command: + - cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + name: copyutil + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + serviceAccountName: argocd-dex-server + volumes: + - emptyDir: {} + name: static-files + - emptyDir: {} + name: dexconfig + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-redis + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis + template: + metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - args: + - --save + - "" + - --appendonly + - "no" + image: public.ecr.aws/docker/library/redis:7.0.5-alpine + imagePullPolicy: IfNotPresent + name: redis + ports: + - containerPort: 6379 + name: redis + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + serviceAccountName: default +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-application-controller + namespace: argo +spec: + replicas: 1 + revisionHistoryLimit: 5 + selector: + matchLabels: + app.kubernetes.io/instance: argo + app.kubernetes.io/name: argocd-application-controller + serviceName: argo-argocd-application-controller + template: + metadata: + annotations: + checksum/cmd-params: 89151a7070265d96ebfe4ccde4e43740cf72be860bb48b964aed19eba957d2b6 + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + spec: + containers: + - command: + - argocd-application-controller + env: + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + key: redis-username + name: argo-argocd-redis + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: argo-argocd-redis + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:v2.5.6 + imagePullPolicy: IfNotPresent + name: application-controller + ports: + - containerPort: 8082 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + workingDir: /home/argocd + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +spec: + ingressClassName: nginx + rules: + - host: argocd.lab9.cloud + http: + paths: + - backend: + service: + name: argo-argocd-server + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - argocd.lab9.cloud + secretName: argocd-server-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: argo + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + helm.sh/chart: argo-cd-5.17.1 + name: argo-argocd-server + namespace: argo +spec: + commonName: argocd.lab9.cloud + dnsNames: + - argocd.lab9.cloud + issuerRef: + kind: ClusterIssuer + name: acme-issuer + privateKey: + algorithm: RSA + encoding: PKCS1 + rotationPolicy: Never + size: 2048 + secretName: argocd-server-tls diff --git a/chart/manifest/0005-harbor.k8s.yaml b/chart/manifest/0005-harbor.k8s.yaml new file mode 100644 index 0000000..194b52f --- /dev/null +++ b/chart/manifest/0005-harbor.k8s.yaml @@ -0,0 +1,1746 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: harbor-tls + namespace: harbor +spec: + dnsNames: + - harbor.lab9.cloud + - notary.lab9.cloud + issuerRef: + kind: ClusterIssuer + name: acme-issuer + secretName: harbor-tls +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-chartmuseum + namespace: harbor +data: + CACHE_REDIS_PASSWORD: "" +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-core + namespace: harbor +data: + CSRF_KEY: WXlJbklNVzJNcFJzMGxRZTFGUkNFNXNuVFAyaUZQWWY= + HARBOR_ADMIN_PASSWORD: YWRtaW4= + POSTGRESQL_PASSWORD: Y2hhbmdlaXQ= + REGISTRY_CREDENTIAL_PASSWORD: aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk + secret: YnZPT1IxaGtuV3hpdkViWA== + secretKey: bm90LWEtc2VjdXJlLWtleQ== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUwekNDQXJ1Z0F3SUJBZ0lKQVBZL096TE1lVnEyTUEwR0NTcUdTSWIzRFFFQkN3VUFNQUF3SGhjTk1Ua3cKTkRFNE1ESXlOek0zV2hjTk1qa3dOREUxTURJeU56TTNXakFBTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBZzhBTUlJQ0NnS0NBZ0VBM3hsVUpzMmIvYUkyTkxveTRPSVErZG4veU1iL085OWlLRFJ5WktwSDhyU09tUytvCkY5dW5tU0F6TDY1WEEvdjZuWTBPTEkvZEFTRGprcWtCcElkVEd6b2dSNWY4VWlCNm9zdUVZN1Y3MVhaZHpXTHIKUGpuSnE2WkxBYW9LbXdHODBXNStXZDZWOFB5Z094NTJta3IxdzdJV0t6KzFaTEk1aXpicHBvbjdYVkdWUmFBVApSdk5aRGlKNkNlSnBjSjVINzIzbGtmNVJ2SldhdFpMQ1lJWURiUmZUaUtzeVEvU2xSY3Y1QlZmSGcvTEpTSDlRCkxHUmhQTUFSbGRsOXd5WkN3WlpESHhoZUk0YSsyNmFhOE1ZM3U5c3QvbDAvT282VkNUR3BNaUVoaUdGMkxWanAKVVdxLytCUDRTRkV2SmZxL0R1aW5JMTM5Vy81YVpaNy9Id1JQbG1ZVTZwWFRSTHlJZzdqZCsxOWZKd1I3WDM3cQp3MG84dDA2RmhqbXJDemFZQ1Vqb1JlcURtSGFObVpOL2Rkdkc3alpXQnUrak5oMFlhdnN5UXlDSVZtdjZ5cVNjCmpQaUQ5dWl2eHFUd2pKaWRJQlJmdVVyejNhRVJRN2NRZ2YwcWhxakl6Zmx6SGJGS2hJTG9jQldxN3p5Tmw5aHIKdlVHVC9XWmN3MHQvT3RNNzJTUGFwbG1UZ1ZiYlFSeGYyVkh6eXB0R0l2dHlkbFhLOHRoeE9NcFhvNGUrU2w4ZAoxZ2RRY0M0b2lzTjlGMjlvTnM4UDV5RlFQLy94WXV2OEM2MDduQ2oxRHpySWQ1YXZHL05WZktCL2ZiREtFRmdOCjJXaEhJblR6UExFY2pGNGZFcmNVQUV1V1cwYnVYLzZGSENHM2lUdHJxeUQ5MktUVkRmTjFKNTZycmNzQ0F3RUEKQWFOUU1FNHdIUVlEVlIwT0JCWUVGRmhOaFRvNFVBQzJQVXNmOGpZYVdqMTYwdkdFTUI4R0ExVWRJd1FZTUJhQQpGRmhOaFRvNFVBQzJQVXNmOGpZYVdqMTYwdkdFTUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0lCQU1Bc0V0VmxFTE13ZHRjaWZIZU9UMGtPbWY1d285SW4vZUZTZ3NjQ3pCTURhUngyQjNxMzZBb1MKSWw3WFdBWnBldmFSN1c3eWVBUkthQXNoQkxoeWdVcUxEMHpXYktsU045SHByZDF3ZHBNMGZmeVBwTjVkeE9ZQQplcjA0eTEyR1JuQ2JNWXFpNGN2enRQNFRpblhxcTJ5SFNZaExiTzlxa0k1Z2JXVnhrUnVJY01Ldml4ZGRsbE5ZClEzb2JKYURESG1vdk0zK2cvRysxWUZndDRxRVMzOFhuSjdCclNzaEhubjVFSVFoMjg2eGZKcml5cksyaEhiTEoKcXowWXVGNkczRFhQZVdHZ1h2ajBIaXBjMGY4VURaa0tray9lR0VJNnZFa3l0eXZvZXBvWkkyWGJBZi9aTXk1bgpLd3VoRW40aGhrRk13V2FTV3AvaDBRZE1DYXhrNEJWU09xbU5WYUxTQjcrRmpzSWo0Q2FzRm90WWl5SjJncFJCCk5mOFFhUzRiejBUbjFlQmJDOGtzaitlM1pXZVgyYjV3Vk1qcWw5alR0MlgxSUNzOEtLZTN2RUJranFUMkFVaTIKNTJUdEt6bTczYVdyei9HUHkvUTJMQ29yM0ZoOUZHVlNCT0JCRFhHeTZNSnBOSEpuWVZIOUVFTkZHT2g4NW9sMQoycEFET0JCNXZBVS9rTEI1TEhQajJrdWUvRk1pSGFObnJTWUlHck1sQlNYMmpqOUVZYTF1dVVIK3BkNE1CajFGCjV1SDhPUmlhUTZodDIrV0hrbHhpYzFSajV5VFlRd1ZsSDcwQ0JPbitxVkVkbzYzeVF3ekFNSktGSXdsR1VRRVgKamlsamdjODZxNGNadFVURnJjd01pZGJrKzhRNitKYkRWZzdIVi8rcG5DK3dudjE5N2t3ZQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBM3hsVUpzMmIvYUkyTkxveTRPSVErZG4veU1iL085OWlLRFJ5WktwSDhyU09tUytvCkY5dW5tU0F6TDY1WEEvdjZuWTBPTEkvZEFTRGprcWtCcElkVEd6b2dSNWY4VWlCNm9zdUVZN1Y3MVhaZHpXTHIKUGpuSnE2WkxBYW9LbXdHODBXNStXZDZWOFB5Z094NTJta3IxdzdJV0t6KzFaTEk1aXpicHBvbjdYVkdWUmFBVApSdk5aRGlKNkNlSnBjSjVINzIzbGtmNVJ2SldhdFpMQ1lJWURiUmZUaUtzeVEvU2xSY3Y1QlZmSGcvTEpTSDlRCkxHUmhQTUFSbGRsOXd5WkN3WlpESHhoZUk0YSsyNmFhOE1ZM3U5c3QvbDAvT282VkNUR3BNaUVoaUdGMkxWanAKVVdxLytCUDRTRkV2SmZxL0R1aW5JMTM5Vy81YVpaNy9Id1JQbG1ZVTZwWFRSTHlJZzdqZCsxOWZKd1I3WDM3cQp3MG84dDA2RmhqbXJDemFZQ1Vqb1JlcURtSGFObVpOL2Rkdkc3alpXQnUrak5oMFlhdnN5UXlDSVZtdjZ5cVNjCmpQaUQ5dWl2eHFUd2pKaWRJQlJmdVVyejNhRVJRN2NRZ2YwcWhxakl6Zmx6SGJGS2hJTG9jQldxN3p5Tmw5aHIKdlVHVC9XWmN3MHQvT3RNNzJTUGFwbG1UZ1ZiYlFSeGYyVkh6eXB0R0l2dHlkbFhLOHRoeE9NcFhvNGUrU2w4ZAoxZ2RRY0M0b2lzTjlGMjlvTnM4UDV5RlFQLy94WXV2OEM2MDduQ2oxRHpySWQ1YXZHL05WZktCL2ZiREtFRmdOCjJXaEhJblR6UExFY2pGNGZFcmNVQUV1V1cwYnVYLzZGSENHM2lUdHJxeUQ5MktUVkRmTjFKNTZycmNzQ0F3RUEKQVFLQ0FnRUFrOHE4czRQcnZZYnk3OVVWbFdKTktxY2V5a3dCa3hFMWZqcllPUldRMmhpQWlyeEdWNSs4bERULwprNnVqbTFFV3diNUswSHh4UktrYitQRWExSHFOTkhFNkp4TnBKS0s5ZXhEbFlBUSt4N2RGQnFWci8ybmF6bW80Ck1COE1MWWxtSXp0V1dvU1l3ZThvMm1FZzRxK2J4WXM1SW1kdTdBa2hFN2RKNjNobTIzZ0xNZmVNTGFsUnFvcHUKWEJQd0U1blhQNmFHdVVOSHRHMUs4dFFKRGxaWStMRWJBZU9mUmVOUWhUOU5kUnVrWVNXNTc5dmZLYmxKclN2egp1bGc4OXNWbTNjV0VLNXBCNnJqOXdKYks5NHZvS2Z0VnFiYnVCd1dqZDFhOXBpYktod1ZCZTJMMkZXaHBTWmM1CkYvY29DN25qVGFZVDZ0cjkxeTVWaGhKaElaUUNmL3Z2NFpsNVhoRkhzNVZUWk5iTS9PZnF5RlFMWVhWSk80OEsKRjd0bWF6QUVRUUJRd1ZacUg5QzlOUWR6UEhXbWMzOE9raHRjMXd6YXFuL3JnOSsxc2dBTUQ4aFdDdFFKVWU5NwpiOXltaDVBMFo0UVhLcHlGVDBiK3BYY0QxalJoYTA3VXRrWCsvekxKOUhwQVhjVW16a0crajVDWE5wbnhzSXE1CmZKRmVxM2hCajl3Nm40aCs1ME00VzBGc2U1WW9FVXNjM0IwZno4QmxRQmIrWUpMRkxOSDM0TUg4cDFsMFpEWUoKeWFlMHBzeGxCaWpnNE9QWitXQ0JhK2p0Rlc0TGlXZ0VjeHdnejh3K2hFT0FRcjJhMURjN3c4amQrWTRJSzhVbQpsVFZzNWRicDRtT21QTWxSdi9HTTdrRHVkRnFiTWczWUZ3WGczUWJxdVZxTFp6RXpqVmtDZ2dFQkFQSktaYkNXCllmTGVqa1MvZmtSeVYzVkliNTRtS3dRSG9NV3ViODh0UGdHdVh6anNKeWQ1UVRRNThQcFVqWHJMSG1uOGxTMisKdmlFOEdKeWxLd04xeU1sWnc0MCtrWmhwSFVwQ1d4LzJaS2pBcXZxQTlPT0tvMmZ2NkhkL3dPQW5VNEN0aW9DMQpwcmk3bEtGWVhvUDhEdFFWd0hZdkl6Q1JxRG5oYzRtd0pEcXpUQzl4ZHVJK3N2eHpsNHhIODJmeDBqclBpRlkrCi93T2RYanlmSVBqeWhIQzRqUFRXYmFpcndYUzlkQmpTbDEyOGFJUlQ1ODAveVhFL1NZQXVnZzA1akt0ZzV6UUEKU28xM01UZXpYUkhYZE8wZGkzdEVNSEdSRUVrRnBlVm5uUFF2Q0NlZEswRFYzNmlOd2lXYzhwd2RmTE1WbmVUdApES3daZWRDeCtvLzdldjBDZ2dFQkFPdTQ4REdFSkpKekh4VlI1bVkxSzJBbFp5WXRwVE9XZWhLMXpYNzRKdk0zCll4TjRuZCtaeDVuOXVTUG1tS3pxRjNUVSs0NFJWdGRKSzZlam9GRThkTURUTldhU0xXL1pEbU4xblQwbmp2T24KSVdKbjU5eW5PQ2hXV0taZ1haLzlVcUdSN1B0Nk94U2trZXg5Yy9mWUJzTVgveHVzZFhRaWdlb2dsMGlPWVZGVwpnWElpaUxSTEhwSEpzSy91TnhJaXpqMGhUWVluN3VEN1BSRU53RlJjQ1lmOEoxZVVGYmQ2RHVDVldlUUNLV2dmCk5kMnRTV29pMFZ5bGo0dVVYOEl3MHRqTE5NRDVDUkVKRWs0R1N2NEVEU212VWR2MUxpQktKQ0wybEVjZ29QZUMKb09EMmlDYzVLcWdubVFyYVJpbEZGazhSVlhBOVBXWkdZM0MwYjZUVm1tY0NnZ0VBTlpPMkFPS0FMbENBYlR0YgpGSStrUDA4UlA0dDVINThBTWpac2l3ZWFHbzBRaVduUERxK0ZkNk1JWXBLbjVtdGNBbHZVTVJWb3ZiaW9TSnROCmM2cHNCL3BOZjhKQ044Mm1xSEViN1dseXdNNDZBTUxiWkNXWUZMZThWQkJ2K2lFNEdkQkdQRWZ1NGhLNHZ5VG4KWVpBdlJ6NjRIR280QWRsenRiamc3NlYvbld0Z2dXMDV1TFhjcG01NUtKQVFodisyV1VMakJ3OVBIT0dEb1N3ZgpBbTIrVTU2N3JMaHQ3MHByc1FEajEwbGFKMlF1U0hTMVlYR2xmZUZjdzNlRlVwOVROK0pwdmRvQ29sMmxDSWdsCklIamdaajZPUldmQ3Zwb3hXN1JnQnVadWtxQ0QwUjYwSGRZdGF2eE4zanRpZXBzYXBBODNweE8wSmFwTWdaV1oKcnBVUmtRS0NBUUJPY0V2OUxpdTlUL0dYOXBqa2llelZJWjBoWnk4QjY2RFRlUXZZcEZyUnRDeVQzaDhxdU5GaQp2THRPNXYwSERSNmhFZjVqV0FHOXdldDA3VTM3dWxKZmwraTlLUWRWb0xUWkE5bys3MXJ5V1RzU3MrREQzQ0VqCnl4ZlV4VnhpVUxtZWFpQ2h6aHE2MDhoN0dZUHRoVVU2eGxGdHRBV2hqNW9MZnF6WXlBZzZPTDc2YStOeG0wMmcKMWF5bDNtOFU2ZUFYRjIza3BvVW0rSE5wcVZuR3VKbXpWb1VBNzVZS1orTnJlRWRoU0JiZlB3TjlzSnd0WlVpbAp1N0g0a0hjTTk1SXg4ZXlzQ2pLcUtJcWV6QmxJVGJEVG5qTnZMamNiSjVDKzBhNmx2SVhUMXZRUjUvZUdsYzlNCkJXRTM2MHBOa1YvTEQ4bU9mOUplcGkyUTQzb0RMOUVoQW9JQkFRRFRXSW1meTBLOWdHekEyclB5MTY5bVdZUUsKT2xjbkQzK2hRcTZ4NTFabjFlL3RleEZlVmxoSG40cnJuUmRDRk9BcDQ3dUZrSjJtNzJHQ1ZENzRFd1F1Y0s5eQpBRDVqb3JxZ1ZIcUNLWmRrSGpiMlY2ME16bTZnM3J0TDlXSlhGVkx2TkJiL1FHQjJ2Z0hWT08wenFpcUdaajRlCkV4N2wybS8vNVNFNERMdG43MEo5Q2dHMUh0WENTOGRXckdQTDFwekRuazhWWHRub1h6YjBMQ2hMVUZFZ1pSbWgKY1Y2QUZIRUsySDh3Qkh2aU55ZWhzUlFpRGtsMkFpV09jSk52a3pXNjhjazJuSmpSV3lQWUsxSkwzTkNLcEIzUQpPb2hyUDBmSGNXQVhNVzk3d0ZYWmhSZm5RZkR4eElPbGozTWNZVDBBbGFuWGQwRjROR2MyTnZtcGh4MDQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-database + namespace: harbor +data: + POSTGRES_PASSWORD: Y2hhbmdlaXQ= +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-jobservice + namespace: harbor +data: + JOBSERVICE_SECRET: UFpzd2lBQ3YzS0x1UFhDWA== + REGISTRY_CREDENTIAL_PASSWORD: aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + component: notary + heritage: Helm + release: harbor + name: harbor-notary-server + namespace: harbor +data: + NOTARY_SERVER_DB_URL: cG9zdGdyZXM6Ly9wb3N0Z3JlczpjaGFuZ2VpdEBoYXJib3ItZGF0YWJhc2U6NTQzMi9ub3RhcnlzZXJ2ZXI/c3NsbW9kZT1kaXNhYmxl + NOTARY_SIGNER_DB_URL: cG9zdGdyZXM6Ly9wb3N0Z3JlczpjaGFuZ2VpdEBoYXJib3ItZGF0YWJhc2U6NTQzMi9ub3RhcnlzaWduZXI/c3NsbW9kZT1kaXNhYmxl + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJakNDQWdxZ0F3SUJBZ0lSQUs3MWxrN1dWTElBdGp3YTBTbGY5K2d3RFFZSktvWklodmNOQVFFTEJRQXcKR3pFWk1CY0dBMVVFQXhNUWFHRnlZbTl5TFc1dmRHRnllUzFqWVRBZUZ3MHlNekF4TVRJd09ERTJOVGhhRncweQpOREF4TVRJd09ERTJOVGhhTUJzeEdUQVhCZ05WQkFNVEVHaGhjbUp2Y2kxdWIzUmhjbmt0WTJFd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdFE1UGk2Tjc4OFB6K3RjeWdjaDladVV3UDVLQ3AKV1IvYW9Lb0o1MDhrZmdJaVNkakdBMjNYdmlQWWtENzNQWFhlaFFvb1YrSzhoYjJGUmpkalJpcXUxN0JZZTJNVgpsNlBzQnBTb2JZWVdaalFpSjljZTB2QW56aFNxSE5jSHdwR2FoTmx6aS9YenZ0UUJEaW5KT0RvTDAwNHpmdzl0CnZ1NHZJbjQ4bTkvS0VyY0FDaE01cVpWU0ZQS1hBR201RExsbzhZZFp1S2loVkRjS0xEaVE5eWpHbWNpSHhBb0IKOVRrZDhCSDRxVy93T0xGRnBvVkt4VDNxWkwyS3N6cVJxT1NYYXNObUhCYi9EU0d0RTBOUHVvR091N1RBME0wRwpEY3RnaHhUR1pXbDdJYi92dHVsYkNKdDRqUEk0YU9nT0VQcWl5NWhRbDh4VkVjSUdlZCt4OWZXdkFnTUJBQUdqCllUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXhDVEd0dWNnbVBocEF4OHN5NzFKQ3gyaApVRWt3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUhIWkZEZU16eVVBWENHT0RlOTBhRmk4QWlNOFI5NENZRzd1CkdRS2ZaOVBIZlQ4R0o5NE9mK2FFcW9nMHBwTlRwSkZMd21FQzVZY1I4bE9UMTltNW50SDZ4eUgwS3VwTHM4RDAKeFE0MS9mWmRBaHNLMUNMZk1leFI1eXFvNnlYQUl5czdkVGhjYU5wT0Y1UzVYZnRjMUhxZmkrRlR2MzhpdnlnSQovVFJvOCtwbk1JZlgvb1JtY0FqSG1pWVc4Ti9BSzdNcGVuVW5BQTN5cDNFakd2Q25yRXk4bnVyakJvTTVvZURTCm5XWjdSeFVUWmVMSnlLMnR0K3NmVjV6YWs2N205b0N6dm14aEgxOHpYSGdySlJOZFJOT002T01OUDdnNmQxK0cKQ2RuWnVFNlU0RHVYTGcrK1h0SmYzbklHNlVJSUZWeEdlY2wyeG9xUllmckhLRW5jQVkwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server.json: ewogICJzZXJ2ZXIiOiB7CiAgICAiaHR0cF9hZGRyIjogIjo0NDQzIgogIH0sCiAgInRydXN0X3NlcnZpY2UiOiB7CiAgICAidHlwZSI6ICJyZW1vdGUiLAogICAgImhvc3RuYW1lIjogImhhcmJvci1ub3Rhcnktc2lnbmVyIiwKICAgICJwb3J0IjogIjc4OTkiLAogICAgInRsc19jYV9maWxlIjogIi9ldGMvc3NsL25vdGFyeS9jYS5jcnQiLAogICAgImtleV9hbGdvcml0aG0iOiAiZWNkc2EiCiAgfSwKICAibG9nZ2luZyI6IHsKICAgICJsZXZlbCI6ICJpbmZvIgogIH0sCiAgInN0b3JhZ2UiOiB7CiAgICAiYmFja2VuZCI6ICJwb3N0Z3JlcyIsCiAgICAiZGJfdXJsIjogInBvc3RncmVzOi8vcG9zdGdyZXM6Y2hhbmdlaXRAaGFyYm9yLWRhdGFiYXNlOjU0MzIvbm90YXJ5c2VydmVyP3NzbG1vZGU9ZGlzYWJsZSIKICB9LAogICJhdXRoIjogewogICAgInR5cGUiOiAidG9rZW4iLAogICAgIm9wdGlvbnMiOiB7CiAgICAgICJyZWFsbSI6ICJodHRwczovL2hhcmJvci5sYWI5LmNsb3VkL3NlcnZpY2UvdG9rZW4iLAogICAgICAic2VydmljZSI6ICJoYXJib3Itbm90YXJ5IiwKICAgICAgImlzc3VlciI6ICJoYXJib3ItdG9rZW4taXNzdWVyIiwKICAgICAgInJvb3RjZXJ0YnVuZGxlIjogIi9yb290LmNydCIKICAgIH0KICB9Cn0= + signer.json: ewogICJzZXJ2ZXIiOiB7CiAgICAiZ3JwY19hZGRyIjogIjo3ODk5IiwKICAgICJ0bHNfY2VydF9maWxlIjogIi9ldGMvc3NsL25vdGFyeS90bHMuY3J0IiwKICAgICJ0bHNfa2V5X2ZpbGUiOiAiL2V0Yy9zc2wvbm90YXJ5L3Rscy5rZXkiCiAgfSwKICAibG9nZ2luZyI6IHsKICAgICJsZXZlbCI6ICJpbmZvIgogIH0sCiAgInN0b3JhZ2UiOiB7CiAgICAiYmFja2VuZCI6ICJwb3N0Z3JlcyIsCiAgICAiZGJfdXJsIjogInBvc3RncmVzOi8vcG9zdGdyZXM6Y2hhbmdlaXRAaGFyYm9yLWRhdGFiYXNlOjU0MzIvbm90YXJ5c2lnbmVyP3NzbG1vZGU9ZGlzYWJsZSIsCiAgICAiZGVmYXVsdF9hbGlhcyI6ICJkZWZhdWx0YWxpYXMiCiAgfQp9 + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSekNDQWkrZ0F3SUJBZ0lSQU5KS2JwS3ZRajJlcFZXSlk3ODJ2L2N3RFFZSktvWklodmNOQVFFTEJRQXcKR3pFWk1CY0dBMVVFQXhNUWFHRnlZbTl5TFc1dmRHRnllUzFqWVRBZUZ3MHlNekF4TVRJd09ERTJOVGhhRncweQpOREF4TVRJd09ERTJOVGhhTUI4eEhUQWJCZ05WQkFNVEZHaGhjbUp2Y2kxdWIzUmhjbmt0YzJsbmJtVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFwYzlQUUNJVklXTmt3Vm5JTUlGU2JBZVMKNUg4QVNwZDdHWERjUWduRjJCUTdkK3F1SWI5UER0T2g1YmxDb09ObVBDQ2tVdkJLUGxqaU9tcnNxSVBKOWZlNgo5REl2SzdzK0RMWVFkSjhkdE5lNG0wRm1YL04zMGxNeHo3bUFacmltY292SGk2U0czR2xyclUrSjFaZjFyMEZ4CncvYWNJZDNMeWtSYkdibGhYV0dDQXg1clMrSU52R3ZxUmY0S3pjSWZhS3dNZ001eG9Eamp2eE8zbWtuUlZ3R1YKNzNHNWNvZTlTZkZKdjdaTHl3WW9xbUxET1ZqYWJBY1RzcURBcWFqWG1QMmdCVzYxZFNBdDBRVzkraDUrYjBtMgorS2pMTEp0Nys0M09vdmN5N2dTQU8raGR4ZXRVQTdPdnN2NTdZTk8yOHpLWGxFSXlCTDlIUDlKeENnNXc1d0lECkFRQUJvNEdCTUg4d0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3IKQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGTVFreHJibklKajRhUU1mTE11OQpTUXNkb1ZCSk1COEdBMVVkRVFRWU1CYUNGR2hoY21KdmNpMXViM1JoY25rdGMybG5ibVZ5TUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQXI2R0p6dThLQXV6VjNWRnFjeUJZRFdRSExaZVNrYzZNc0FGNU5YZmtUMFB6aERHT3gKMEpSa0kxWDc1YWhLREdiY1JVN013a01tYndITkhzOVZrSUVGV1dFbEJTejFzNWFTc3VVZkxxOS9iVk50TlowYQpwcEJRb2dNUGswSnJFN3I4cVVoZDgwOWVVVTFDRjBQUkVJSUxEcU9nMkloVzd5S3ZXdmUrcjg2bjZmZ1Z3b0l2CnRXeVRpZWo1VUVVZVFCdWYrVEpzY1d3c0RJTk5zV0NoVisxVXU2eFhwRUduTlFFd2VpdDQ4d2YxK2pkTkFuOVoKV08vRDlmTzQ1TGFRQzNTY09pYTNWZUFTRGsvd3Z2elYxTDVkQlF6eHk2NVlVZFdqR1N4QlU2ZXpyUkhaWnBWbApOQXhkdkUyK0IyMWhOSm54eDNxVjFPUjFibjFjQW1lVmphZFkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcGM5UFFDSVZJV05rd1ZuSU1JRlNiQWVTNUg4QVNwZDdHWERjUWduRjJCUTdkK3F1CkliOVBEdE9oNWJsQ29PTm1QQ0NrVXZCS1BsamlPbXJzcUlQSjlmZTY5REl2SzdzK0RMWVFkSjhkdE5lNG0wRm0KWC9OMzBsTXh6N21BWnJpbWNvdkhpNlNHM0dscnJVK0oxWmYxcjBGeHcvYWNJZDNMeWtSYkdibGhYV0dDQXg1cgpTK0lOdkd2cVJmNEt6Y0lmYUt3TWdNNXhvRGpqdnhPM21rblJWd0dWNzNHNWNvZTlTZkZKdjdaTHl3WW9xbUxECk9WamFiQWNUc3FEQXFhalhtUDJnQlc2MWRTQXQwUVc5K2g1K2IwbTIrS2pMTEp0Nys0M09vdmN5N2dTQU8raGQKeGV0VUE3T3ZzdjU3WU5PMjh6S1hsRUl5Qkw5SFA5SnhDZzV3NXdJREFRQUJBb0lCQUM1emZZaENCQmx1ZHZPVAo2M2xyUVdQeVd6eVlOOFN0MjFhdFA0ZGdwWVI3Wm8yWnVWN0s4YUw5dHdWY2VVWUpic0s1Z2srWjhiSzF3K3NKCnVYTWNPS0FuM3NBNnJ1eFpjSEN2TUx6N05wOUxML1NPeGRkcnBjM09jTTM0OGZmVkV3eFVESHNhaEkyTEd4ZGEKaVFyRm41YVJod1dYT1BaajVJdXR5cmZTTDJ5eFNNK2VPam9TRUhiSi92VUZJb1cvdm14TnFMc0ozUHQwSjFxegpTYmU3ZmVXNHp3N2FkSjVqVG91UmozblM4NkJOVGxsRW9oZlR1UVVhRkp6VjQxRzZqVkN2dFl1VUEwVlorSHlXCnQzalJNWVVvMEwrYnVMOVhEMmdYMmxQeVVPOW9mditBT2dxTE9wY09idTJGK3NQM2JuYU4rcENPdVYwenB4UVUKbnlXWjZvRUNnWUVBMm9rcmdiQndQMkF6VVZDRkVuREhrcGRnNUtZc0ZwNWZmWm16OXF6SVk2M2Jsa1FBTFl4UQorSTBCR1hMbTUrRmUvQUZKUFhoSjVid2dkK2xuZTJNaDVzU05KbmVoUEFhd3JSMFIrS29zYWo4QWRBSWVUeUtKCmFBcnVDc2xQRlNkdEd5WE5hRFJjMTZlZ2llcVZBekxiWllTT2F0VHI0T1E3KzExQjdsNURmS2tDZ1lFQXdqd3EKVTFsMTVlSjlPdkJJeWM3V0lLd1hjSFlZSmc5VW5uNDljbmZjMFhwdHFCd3lRRUk5dWlnaUhvUlRtOTBsazJwQgoyd1o0bERBR1lCK2pQT295TGJCemd1REZraEJ3cGZyTHF6ZUI4Uk1IUVVpd1MwQXNhNkNud3oxUW1IUUcyalhvCkx4YU8rTkJuWk1Cc2Vpa0lBeWVHSnpEREtPcFh1OFV0RThNejZ3OENnWUJOUXVXd3lqSkZGYnZPNmNyQ1JFRXEKb0g1UEdEaktIbC9nUmZFTUt2WUYxN2VrbnBINWlId3dBNW41NTFlZmIxeG5lQVR1eUpKSHVJVTZIN2pJTkxvTgpuanZROThaM05GNU9OZExldVR0T3JNdDZPQzJEQ05EUGlkMnl6bzA1QzJGVmtiM1hNM3dIZW1vVm1HdnFYNWFWCmc1SGVUenk5bTdOaElRMW9Pc2RkVVFLQmdBeVNmR0xjdlliZHZDRmVnRGVmemJoYnEwQzZSQ0hpaUNXaUlqUVEKa2hoMUJqZ0Zhek5CbG1GQVM4VVI1NStGRnZPTnd5bDhKNzNmeGVuZTRtQUZBSzU0WjJHblR1Si9jZXNzYXBadwpoMWFsVnFqaEhaZ2hWVDY2TFdHenpFMng1T2VtNlpweXFWcHRrdU93bU5Ublp2OWRSWSt2MWxJRnFSd2NUU2lrClQrMzlBb0dCQUtVT3JIbUdqa01Ha05JemhzWjVmOGdHaXVxeHB5UC9lSFgyQi8wd1dnRnVBTHVWYTFHb09tODUKWjArMUpuUmI0V3BTcEJJNjA3MHFndW9JT3oraDM0TmJ1T0RIaVhOak9HeUtpWWZ0K3h5Tk11bFZ3eFJXTndVMAphVWd3VmFJeXZvcUxEaVZKRWUrNUsrRU1LYnVKcG1iTkg2SUJVK2cvdVBySnYvS2d6aGdkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registry + namespace: harbor +data: + REGISTRY_HTTP_SECRET: dnUwbURVekxPRHQ4blRCQQ== + REGISTRY_REDIS_PASSWORD: "" +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registry-htpasswd + namespace: harbor +data: + REGISTRY_HTPASSWD: aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJHpGaVRwUXJhZmxUT0MyYlFOcTc5eGVSQnFGeVBGUkV6eHd5SHUxeXNRVW9pcE9EZTlKOW1p +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registryctl + namespace: harbor +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-trivy + namespace: harbor +data: + gitHubToken: "" + redisURL: cmVkaXM6Ly9oYXJib3ItcmVkaXM6NjM3OS81P2lkbGVfdGltZW91dF9zZWNvbmRzPTMw +type: Opaque +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-chartmuseum + namespace: harbor +data: + ALLOW_OVERWRITE: "true" + AUTH_ANONYMOUS_GET: "false" + BASIC_AUTH_USER: chart_controller + CACHE: redis + CACHE_REDIS_ADDR: harbor-redis:6379 + CACHE_REDIS_DB: "3" + CHART_POST_FORM_FIELD_NAME: chart + CONTEXT_PATH: "" + DEBUG: "false" + DEPTH: "1" + DISABLE_API: "false" + DISABLE_METRICS: "false" + DISABLE_STATEFILES: "false" + INDEX_LIMIT: "0" + LOG_JSON: "true" + MAX_STORAGE_OBJECTS: "0" + MAX_UPLOAD_SIZE: "20971520" + PORT: "9999" + PROV_POST_FORM_FIELD_NAME: prov + STORAGE: local + STORAGE_LOCAL_ROOTDIR: /chart_storage + STORAGE_TIMESTAMP_TOLERANCE: 1s +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-core + namespace: harbor +data: + CHART_CACHE_DRIVER: redis + CHART_REPOSITORY_URL: http://harbor-chartmuseum + CONFIG_PATH: /etc/core/app.conf + CORE_LOCAL_URL: http://127.0.0.1:8080 + CORE_URL: http://harbor-core:80 + DATABASE_TYPE: postgresql + EXT_ENDPOINT: https://harbor.lab9.cloud + HTTPS_PROXY: "" + HTTP_PROXY: "" + JOBSERVICE_URL: http://harbor-jobservice + LOG_LEVEL: info + NOTARY_URL: http://harbor-notary-server:4443 + NO_PROXY: harbor-core,harbor-jobservice,harbor-database,harbor-chartmuseum,harbor-notary-server,harbor-notary-signer,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal + PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,jfrog-artifactory + PORT: "8080" + PORTAL_URL: http://harbor-portal + POSTGRESQL_DATABASE: registry + POSTGRESQL_HOST: harbor-database + POSTGRESQL_MAX_IDLE_CONNS: "100" + POSTGRESQL_MAX_OPEN_CONNS: "900" + POSTGRESQL_PORT: "5432" + POSTGRESQL_SSLMODE: disable + POSTGRESQL_USERNAME: postgres + REGISTRY_CONTROLLER_URL: http://harbor-registry:8080 + REGISTRY_CREDENTIAL_USERNAME: harbor_registry_user + REGISTRY_STORAGE_PROVIDER_NAME: filesystem + REGISTRY_URL: http://harbor-registry:5000 + TOKEN_SERVICE_URL: http://harbor-core:80/service/token + TRIVY_ADAPTER_URL: http://harbor-trivy:8080 + WITH_CHARTMUSEUM: "true" + WITH_NOTARY: "true" + WITH_TRIVY: "true" + _REDIS_URL_CORE: redis://harbor-redis:6379/0?idle_timeout_seconds=30 + _REDIS_URL_REG: redis://harbor-redis:6379/2?idle_timeout_seconds=30 + app.conf: | + appname = Harbor + runmode = prod + enablegzip = true + + [prod] + httpport = 8080 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-jobservice-env + namespace: harbor +data: + CORE_URL: http://harbor-core:80 + HTTPS_PROXY: "" + HTTP_PROXY: "" + NO_PROXY: harbor-core,harbor-jobservice,harbor-database,harbor-chartmuseum,harbor-notary-server,harbor-notary-signer,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal + REGISTRY_CONTROLLER_URL: http://harbor-registry:8080 + REGISTRY_CREDENTIAL_USERNAME: harbor_registry_user + REGISTRY_URL: http://harbor-registry:5000 + TOKEN_SERVICE_URL: http://harbor-core:80/service/token +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-jobservice + namespace: harbor +data: + config.yml: | + #Server listening port + protocol: "http" + port: 8080 + worker_pool: + workers: 10 + backend: "redis" + redis_pool: + redis_url: "redis://harbor-redis:6379/1" + namespace: "harbor_job_service_namespace" + idle_timeout_second: 3600 + job_loggers: + - name: "FILE" + level: INFO + settings: # Customized settings of logger + base_dir: "/var/log/jobs" + sweeper: + duration: 14 #days + settings: # Customized settings of sweeper + work_dir: "/var/log/jobs" + metric: + enabled: false + path: /metrics + port: 8001 + #Loggers for the job service + loggers: + - name: "STD_OUTPUT" + level: INFO +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-portal + namespace: harbor +data: + nginx.conf: | + worker_processes auto; + pid /tmp/nginx.pid; + events { + worker_connections 1024; + } + http { + client_body_temp_path /tmp/client_body_temp; + proxy_temp_path /tmp/proxy_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + server { + listen 8080; + listen [::]:8080; + server_name localhost; + root /usr/share/nginx/html; + index index.html index.htm; + include /etc/nginx/mime.types; + gzip on; + gzip_min_length 1000; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; + location /devcenter-api-2.0 { + try_files $uri $uri/ /swagger-ui-index.html; + } + location / { + try_files $uri $uri/ /index.html; + } + location = /index.html { + add_header Cache-Control "no-store, no-cache, must-revalidate"; + } + } + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registry + namespace: harbor +data: + config.yml: | + version: 0.1 + log: + level: info + fields: + service: registry + storage: + filesystem: + rootdirectory: /storage + cache: + layerinfo: redis + maintenance: + uploadpurging: + enabled: true + age: 168h + interval: 24h + dryrun: false + delete: + enabled: true + redirect: + disable: false + redis: + addr: harbor-redis:6379 + db: 2 + readtimeout: 10s + writetimeout: 10s + dialtimeout: 10s + pool: + maxidle: 100 + maxactive: 500 + idletimeout: 60s + http: + addr: :5000 + relativeurls: false + # set via environment variable + # secret: placeholder + debug: + addr: localhost:5001 + auth: + htpasswd: + realm: harbor-registry-basic-realm + path: /etc/registry/passwd + validation: + disabled: true + compatibility: + schema1: + enabled: true + ctl-config.yml: | + --- + protocol: "http" + port: 8080 + log_level: info + registry_config: "/etc/registry/config.yml" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registryctl + namespace: harbor +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: harbor + chart: harbor + component: chartmuseum + heritage: Helm + release: harbor + name: harbor-chartmuseum + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: harbor + chart: harbor + component: jobservice + heritage: Helm + release: harbor + name: harbor-jobservice-scandata + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: harbor + chart: harbor + component: jobservice + heritage: Helm + release: harbor + name: harbor-jobservice + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app: harbor + chart: harbor + component: registry + heritage: Helm + release: harbor + name: harbor-registry + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-chartmuseum + namespace: harbor +spec: + ports: + - port: 80 + targetPort: 9999 + selector: + app: harbor + component: chartmuseum + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-core + namespace: harbor +spec: + ports: + - name: http-web + port: 80 + targetPort: 8080 + selector: + app: harbor + component: core + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-database + namespace: harbor +spec: + ports: + - port: 5432 + selector: + app: harbor + component: database + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-jobservice + namespace: harbor +spec: + ports: + - name: http-jobservice + port: 80 + targetPort: 8080 + selector: + app: harbor + component: jobservice + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-notary-server + namespace: harbor +spec: + ports: + - port: 4443 + selector: + app: harbor + component: notary-server + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-notary-signer + namespace: harbor +spec: + ports: + - port: 7899 + selector: + app: harbor + component: notary-signer + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-portal + namespace: harbor +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: harbor + component: portal + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-redis + namespace: harbor +spec: + ports: + - port: 6379 + selector: + app: harbor + component: redis + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-registry + namespace: harbor +spec: + ports: + - name: http-registry + port: 5000 + - name: http-controller + port: 8080 + selector: + app: harbor + component: registry + release: harbor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-trivy + namespace: harbor +spec: + ports: + - name: http-trivy + port: 8080 + protocol: TCP + selector: + app: harbor + component: trivy + release: harbor +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: chartmuseum + heritage: Helm + release: harbor + name: harbor-chartmuseum + namespace: harbor +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harbor + component: chartmuseum + release: harbor + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/configmap: 3a145cb777903ca8ff8fcfcb3c25ed9ee7a426a8b01cf024d6e52d92458b4564 + checksum/secret: a656851d5f972f5f6dd05a5c13a5a0b21527971b9ec7dd91ce85b5699d41790a + checksum/secret-core: 3839eb5ae43709d9b8cbcf204866758f268cb71c4127b5294f9eca69bdb54ca0 + labels: + app: harbor + chart: harbor + component: chartmuseum + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: BASIC_AUTH_PASS + valueFrom: + secretKeyRef: + key: secret + name: harbor-core + - name: AWS_SDK_LOAD_CONFIG + value: "1" + envFrom: + - configMapRef: + name: harbor-chartmuseum + - secretRef: + name: harbor-chartmuseum + image: goharbor/chartmuseum-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /health + port: 9999 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: chartmuseum + ports: + - containerPort: 9999 + readinessProbe: + httpGet: + path: /health + port: 9999 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /chart_storage + name: chartmuseum-data + securityContext: + fsGroup: 10000 + runAsUser: 10000 + volumes: + - name: chartmuseum-data + persistentVolumeClaim: + claimName: harbor-chartmuseum +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: core + heritage: Helm + release: harbor + name: harbor-core + namespace: harbor +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harbor + component: core + release: harbor + template: + metadata: + annotations: + checksum/configmap: 6c44700003d090140872c2c92522a38351d5d23cba07570f3dbc258b6123063f + checksum/secret: a223dc2809f360fef43f6655eed62f84cb9b9962c19b0e8bdda769bd228e1708 + checksum/secret-jobservice: 8a0f8ee2f5f4f8c854985521289d4b4c1618f4b2cd397346bac0d7fda42c2874 + labels: + app: harbor + component: core + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CORE_SECRET + valueFrom: + secretKeyRef: + key: secret + name: harbor-core + - name: JOBSERVICE_SECRET + valueFrom: + secretKeyRef: + key: JOBSERVICE_SECRET + name: harbor-jobservice + envFrom: + - configMapRef: + name: harbor-core + - secretRef: + name: harbor-core + image: goharbor/harbor-core:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 2 + httpGet: + path: /api/v2.0/ping + port: 8080 + scheme: HTTP + periodSeconds: 10 + name: core + ports: + - containerPort: 8080 + readinessProbe: + failureThreshold: 2 + httpGet: + path: /api/v2.0/ping + port: 8080 + scheme: HTTP + periodSeconds: 10 + startupProbe: + failureThreshold: 360 + httpGet: + path: /api/v2.0/ping + port: 8080 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/core/app.conf + name: config + subPath: app.conf + - mountPath: /etc/core/key + name: secret-key + subPath: key + - mountPath: /etc/core/private_key.pem + name: token-service-private-key + subPath: tls.key + - mountPath: /etc/core/ca + name: ca-download + - mountPath: /etc/core/token + name: psc + securityContext: + fsGroup: 10000 + runAsUser: 10000 + terminationGracePeriodSeconds: 120 + volumes: + - configMap: + items: + - key: app.conf + path: app.conf + name: harbor-core + name: config + - name: secret-key + secret: + items: + - key: secretKey + path: key + secretName: harbor-core + - name: token-service-private-key + secret: + secretName: harbor-core + - name: ca-download + - emptyDir: {} + name: psc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: jobservice + heritage: Helm + release: harbor + name: harbor-jobservice + namespace: harbor +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harbor + component: jobservice + release: harbor + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/configmap: 41138a089428e6776014e59b1a37c5e69bedc9331ccdb1f382f1950882ec1b7e + checksum/configmap-env: 5c0e2cf333f81a4f19f13c25cb45f2b2f5353c9bd05f59e8cbb6b59cc0eb7195 + checksum/secret: 9c3f6b597edae5b2ce51b169184b8aab77caa5282757f82d2747fbc737a73359 + checksum/secret-core: c9520c89f764453343ebed585776ebbc72d7d91dde8344963011d2b27fbaf20f + labels: + app: harbor + chart: harbor + component: jobservice + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: CORE_SECRET + valueFrom: + secretKeyRef: + key: secret + name: harbor-core + envFrom: + - configMapRef: + name: harbor-jobservice-env + - secretRef: + name: harbor-jobservice + image: goharbor/harbor-jobservice:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /api/v1/stats + port: 8080 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: jobservice + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /api/v1/stats + port: 8080 + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/jobservice/config.yml + name: jobservice-config + subPath: config.yml + - mountPath: /var/log/jobs + name: job-logs + - mountPath: /var/scandata_exports + name: job-scandata-exports + securityContext: + fsGroup: 10000 + runAsUser: 10000 + terminationGracePeriodSeconds: 120 + volumes: + - configMap: + name: harbor-jobservice + name: jobservice-config + - name: job-logs + persistentVolumeClaim: + claimName: harbor-jobservice + - name: job-scandata-exports + persistentVolumeClaim: + claimName: harbor-jobservice-scandata +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: notary-server + heritage: Helm + release: harbor + name: harbor-notary-server + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor + component: notary-server + release: harbor + template: + metadata: + annotations: + checksum/secret: 312f085e4ba6c1969dd3f9f451bf4721870b9479c36aae9a0494fa265882e779 + checksum/secret-core: f4372310ca893a5d0cb9bc668db81835ac510f9015d55747022715592c3cd3f5 + labels: + app: harbor + chart: harbor + component: notary-server + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: MIGRATIONS_PATH + value: migrations/server/postgresql + - name: DB_URL + valueFrom: + secretKeyRef: + key: NOTARY_SERVER_DB_URL + name: harbor-notary-server + image: goharbor/notary-server-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /_notary_server/health + port: 4443 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: notary-server + readinessProbe: + httpGet: + path: /_notary_server/health + port: 4443 + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/notary/server-config.postgres.json + name: config + subPath: server.json + - mountPath: /root.crt + name: token-service-certificate + subPath: tls.crt + - mountPath: /etc/ssl/notary/ca.crt + name: signer-certificate + subPath: ca.crt + securityContext: + fsGroup: 10000 + runAsUser: 10000 + volumes: + - name: config + secret: + secretName: harbor-notary-server + - name: token-service-certificate + secret: + secretName: harbor-core + - name: signer-certificate + secret: + secretName: harbor-notary-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: notary-signer + heritage: Helm + release: harbor + name: harbor-notary-signer + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor + component: notary-signer + release: harbor + template: + metadata: + annotations: + checksum/secret: b95d5b36f547a82901f287150a855289b4ddc8ebad7986ef09b822754b559a17 + labels: + app: harbor + chart: harbor + component: notary-signer + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: MIGRATIONS_PATH + value: migrations/signer/postgresql + - name: DB_URL + valueFrom: + secretKeyRef: + key: NOTARY_SIGNER_DB_URL + name: harbor-notary-server + - name: NOTARY_SIGNER_DEFAULTALIAS + value: defaultalias + image: goharbor/notary-signer-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 7899 + scheme: HTTPS + initialDelaySeconds: 300 + periodSeconds: 10 + name: notary-signer + readinessProbe: + httpGet: + path: / + port: 7899 + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/notary/signer-config.postgres.json + name: config + subPath: signer.json + - mountPath: /etc/ssl/notary/tls.crt + name: signer-certificate + subPath: tls.crt + - mountPath: /etc/ssl/notary/tls.key + name: signer-certificate + subPath: tls.key + securityContext: + fsGroup: 10000 + runAsUser: 10000 + volumes: + - name: config + secret: + secretName: harbor-notary-server + - name: signer-certificate + secret: + secretName: harbor-notary-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: portal + heritage: Helm + release: harbor + name: harbor-portal + namespace: harbor +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harbor + component: portal + release: harbor + template: + metadata: + labels: + app: harbor + component: portal + release: harbor + spec: + automountServiceAccountToken: false + containers: + - image: goharbor/harbor-portal:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: portal + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: / + port: 8080 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /etc/nginx/nginx.conf + name: portal-config + subPath: nginx.conf + securityContext: + fsGroup: 10000 + runAsUser: 10000 + volumes: + - configMap: + name: harbor-portal + name: portal-config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: harbor + chart: harbor + component: registry + heritage: Helm + release: harbor + name: harbor-registry + namespace: harbor +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harbor + component: registry + release: harbor + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/configmap: 1dd422c1f80f9b0e00e1a2297e956c1da3fb1d6bc24892179accf38bc1e3be96 + checksum/secret: 4544b7806f1619c89a81d6451fda52ba08bc3e2154b5589583ba5e7577fbd2d8 + checksum/secret-core: c14c5d2ec6dda961e320afa429a93d0561fa2af520fd3fe0cf0486e80128ea70 + checksum/secret-jobservice: 987a08639e0e8425f3f8ed8ebc289686fad278376070c282879b9056ae6d74de + labels: + app: harbor + chart: harbor + component: registry + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - args: + - serve + - /etc/registry/config.yml + envFrom: + - secretRef: + name: harbor-registry + image: goharbor/registry-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: 5000 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: registry + ports: + - containerPort: 5000 + - containerPort: 5001 + readinessProbe: + httpGet: + path: / + port: 5000 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /storage + name: registry-data + - mountPath: /etc/registry/passwd + name: registry-htpasswd + subPath: passwd + - mountPath: /etc/registry/config.yml + name: registry-config + subPath: config.yml + - env: + - name: CORE_SECRET + valueFrom: + secretKeyRef: + key: secret + name: harbor-core + - name: JOBSERVICE_SECRET + valueFrom: + secretKeyRef: + key: JOBSERVICE_SECRET + name: harbor-jobservice + envFrom: + - configMapRef: + name: harbor-registryctl + - secretRef: + name: harbor-registry + - secretRef: + name: harbor-registryctl + image: goharbor/harbor-registryctl:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /api/health + port: 8080 + scheme: HTTP + initialDelaySeconds: 300 + periodSeconds: 10 + name: registryctl + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /api/health + port: 8080 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + volumeMounts: + - mountPath: /storage + name: registry-data + - mountPath: /etc/registry/config.yml + name: registry-config + subPath: config.yml + - mountPath: /etc/registryctl/config.yml + name: registry-config + subPath: ctl-config.yml + securityContext: + fsGroup: 10000 + fsGroupChangePolicy: OnRootMismatch + runAsUser: 10000 + terminationGracePeriodSeconds: 120 + volumes: + - name: registry-htpasswd + secret: + items: + - key: REGISTRY_HTPASSWD + path: passwd + secretName: harbor-registry-htpasswd + - configMap: + name: harbor-registry + name: registry-config + - name: registry-data + persistentVolumeClaim: + claimName: harbor-registry +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: harbor + chart: harbor + component: database + heritage: Helm + release: harbor + name: harbor-database + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor + component: database + release: harbor + serviceName: harbor-database + template: + metadata: + annotations: + checksum/secret: 55b1e7be0855a53d12362dc11834f575bd16ba09cdd84b0551bda85635e15ac1 + labels: + app: harbor + chart: harbor + component: database + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + envFrom: + - secretRef: + name: harbor-database + image: goharbor/harbor-db:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /docker-healthcheck.sh + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 1 + name: database + readinessProbe: + exec: + command: + - /docker-healthcheck.sh + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: database-data + - mountPath: /dev/shm + name: shm-volume + initContainers: + - args: + - -c + - "[ -e /var/lib/postgresql/data/postgresql.conf ] && [ ! -d /var/lib/postgresql/data/pgdata ] && mkdir -m 0700 /var/lib/postgresql/data/pgdata && mv /var/lib/postgresql/data/* /var/lib/postgresql/data/pgdata/ || true" + command: + - /bin/sh + image: goharbor/harbor-db:v2.7.0 + imagePullPolicy: IfNotPresent + name: data-migrator + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: database-data + - args: + - -c + - chmod -R 700 /var/lib/postgresql/data/pgdata || true + command: + - /bin/sh + image: goharbor/harbor-db:v2.7.0 + imagePullPolicy: IfNotPresent + name: data-permissions-ensurer + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: database-data + securityContext: + fsGroup: 999 + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumes: + - emptyDir: + medium: Memory + sizeLimit: 512Mi + name: shm-volume + volumeClaimTemplates: + - metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: database-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: harbor + chart: harbor + component: redis + heritage: Helm + release: harbor + name: harbor-redis + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor + component: redis + release: harbor + serviceName: harbor-redis + template: + metadata: + labels: + app: harbor + chart: harbor + component: redis + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - image: goharbor/redis-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 300 + periodSeconds: 10 + tcpSocket: + port: 6379 + name: redis + readinessProbe: + initialDelaySeconds: 1 + periodSeconds: 10 + tcpSocket: + port: 6379 + volumeMounts: + - mountPath: /var/lib/redis + name: data + securityContext: + fsGroup: 999 + runAsUser: 999 + terminationGracePeriodSeconds: 120 + volumeClaimTemplates: + - metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: harbor + chart: harbor + component: trivy + heritage: Helm + release: harbor + name: harbor-trivy + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor + component: trivy + release: harbor + serviceName: harbor-trivy + template: + metadata: + annotations: + checksum/secret: 81105cb33a8cb2937d69d3a39d46a94953951b6154c8518d288852bcf66b4d6d + labels: + app: harbor + chart: harbor + component: trivy + heritage: Helm + release: harbor + spec: + automountServiceAccountToken: false + containers: + - env: + - name: HTTP_PROXY + value: "" + - name: HTTPS_PROXY + value: "" + - name: NO_PROXY + value: harbor-core,harbor-jobservice,harbor-database,harbor-chartmuseum,harbor-notary-server,harbor-notary-signer,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal + - name: SCANNER_LOG_LEVEL + value: info + - name: SCANNER_TRIVY_CACHE_DIR + value: /home/scanner/.cache/trivy + - name: SCANNER_TRIVY_REPORTS_DIR + value: /home/scanner/.cache/reports + - name: SCANNER_TRIVY_DEBUG_MODE + value: "false" + - name: SCANNER_TRIVY_VULN_TYPE + value: os,library + - name: SCANNER_TRIVY_TIMEOUT + value: 5m0s + - name: SCANNER_TRIVY_GITHUB_TOKEN + valueFrom: + secretKeyRef: + key: gitHubToken + name: harbor-trivy + - name: SCANNER_TRIVY_SEVERITY + value: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + - name: SCANNER_TRIVY_IGNORE_UNFIXED + value: "false" + - name: SCANNER_TRIVY_SKIP_UPDATE + value: "false" + - name: SCANNER_TRIVY_OFFLINE_SCAN + value: "false" + - name: SCANNER_TRIVY_SECURITY_CHECKS + value: vuln + - name: SCANNER_TRIVY_INSECURE + value: "false" + - name: SCANNER_API_SERVER_ADDR + value: :8080 + - name: SCANNER_REDIS_URL + valueFrom: + secretKeyRef: + key: redisURL + name: harbor-trivy + - name: SCANNER_STORE_REDIS_URL + valueFrom: + secretKeyRef: + key: redisURL + name: harbor-trivy + - name: SCANNER_JOB_QUEUE_REDIS_URL + valueFrom: + secretKeyRef: + key: redisURL + name: harbor-trivy + image: goharbor/trivy-adapter-photon:v2.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /probe/healthy + port: api-server + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + name: trivy + ports: + - containerPort: 8080 + name: api-server + readinessProbe: + failureThreshold: 3 + httpGet: + path: /probe/ready + port: api-server + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + volumeMounts: + - mountPath: /home/scanner/.cache + name: data + readOnly: false + securityContext: + fsGroup: 10000 + runAsUser: 10000 + volumeClaimTemplates: + - metadata: + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-ingress + namespace: harbor +spec: + ingressClassName: nginx + rules: + - host: harbor.lab9.cloud + http: + paths: + - backend: + service: + name: harbor-core + port: + number: 80 + path: /api/ + pathType: Prefix + - backend: + service: + name: harbor-core + port: + number: 80 + path: /service/ + pathType: Prefix + - backend: + service: + name: harbor-core + port: + number: 80 + path: /v2/ + pathType: Prefix + - backend: + service: + name: harbor-core + port: + number: 80 + path: /chartrepo/ + pathType: Prefix + - backend: + service: + name: harbor-core + port: + number: 80 + path: /c/ + pathType: Prefix + - backend: + service: + name: harbor-portal + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - harbor.lab9.cloud + secretName: harbor-tls +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app: harbor + chart: harbor + heritage: Helm + release: harbor + name: harbor-ingress-notary + namespace: harbor +spec: + ingressClassName: nginx + rules: + - host: notary.lab9.cloud + http: + paths: + - backend: + service: + name: harbor-notary-server + port: + number: 4443 + path: / + pathType: Prefix + tls: + - hosts: + - notary.lab9.cloud + secretName: harbor-tls diff --git a/chart/manifest/0006-jenkins.k8s.yaml b/chart/manifest/0006-jenkins.k8s.yaml new file mode 100644 index 0000000..9d8306c --- /dev/null +++ b/chart/manifest/0006-jenkins.k8s.yaml @@ -0,0 +1,609 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: jenkins-ingress-tls + namespace: jenkins +spec: + dnsNames: + - jenkins.lab9.cloud + issuerRef: + kind: ClusterIssuer + name: acme-issuer + secretName: jenkins-ingress-tls +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +data: + jenkins-admin-password: UWZOdFBxcnFNcDZIR0lXY0l4RzZpcQ== + jenkins-admin-user: YWRtaW4= +type: Opaque +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + name: jenkins + namespace: jenkins +data: + apply_config.sh: |- + set -e + echo "disable Setup Wizard" + # Prevent Setup Wizard when JCasC is enabled + echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.UpgradeWizard.state + echo $JENKINS_VERSION > /var/jenkins_home/jenkins.install.InstallUtil.lastExecVersion + echo "download plugins" + # Install missing plugins + cp /var/jenkins_config/plugins.txt /var/jenkins_home; + rm -rf /usr/share/jenkins/ref/plugins/*.lock + version () { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; } + if [ -f "/usr/share/jenkins/jenkins.war" ] && [ -n "$(command -v jenkins-plugin-cli)" 2>/dev/null ] && [ $(version $(jenkins-plugin-cli --version)) -ge $(version "2.1.1") ]; then + jenkins-plugin-cli --verbose --war "/usr/share/jenkins/jenkins.war" --plugin-file "/var/jenkins_home/plugins.txt" --latest true; + else + /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`; + fi + echo "copy plugins to shared volume" + # Copy plugins to shared volume + yes n | cp -i /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins/; + echo "finished initialization" + plugins.txt: |- + kubernetes:3734.v562b_b_a_627ea_c + workflow-aggregator:590.v6a_d052e5a_a_b_5 + git:4.13.0 + configuration-as-code:1569.vb_72405b_80249 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + jenkins-jenkins-config: "true" + name: jenkins-jenkins-jcasc-config + namespace: jenkins +data: + jcasc-default-config.yaml: |- + jenkins: + authorizationStrategy: + loggedInUsersCanDoAnything: + allowAnonymousRead: false + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + users: + - id: "${chart-admin-username}" + name: "Jenkins Admin" + password: "${chart-admin-password}" + disableRememberMe: false + mode: NORMAL + numExecutors: 0 + labelString: "" + projectNamingStrategy: "standard" + markupFormatter: + plainText + clouds: + - kubernetes: + containerCapStr: "10" + defaultsProviderTemplate: "" + connectTimeout: "5" + readTimeout: "15" + jenkinsUrl: "http://jenkins.jenkins.svc.cluster.local:8080" + jenkinsTunnel: "jenkins-agent.jenkins.svc.cluster.local:50000" + maxRequestsPerHostStr: "32" + name: "kubernetes" + namespace: "jenkins" + serverUrl: "https://kubernetes.default" + podLabels: + - key: "jenkins/jenkins-jenkins-agent" + value: "true" + templates: + - name: "default" + namespace: "jenkins" + id: 474be7705ac6cddeedf68ad2962972dd9921f64c6e534967402794fbf06a21ec + containers: + - name: "jnlp" + alwaysPullImage: false + args: "^${computer.jnlpmac} ^${computer.name}" + command: + envVars: + - envVar: + key: "JENKINS_URL" + value: "http://jenkins.jenkins.svc.cluster.local:8080/" + image: "jenkins/inbound-agent:4.11.2-4" + privileged: "false" + resourceLimitCpu: 512m + resourceLimitMemory: 512Mi + resourceRequestCpu: 512m + resourceRequestMemory: 512Mi + runAsUser: + runAsGroup: + ttyEnabled: false + workingDir: /home/jenkins/agent + idleMinutes: 0 + instanceCap: 2147483647 + label: "jenkins-jenkins-agent " + nodeUsageMode: "NORMAL" + podRetention: Never + showRawYaml: true + serviceAccount: "default" + slaveConnectTimeoutStr: "100" + yamlMergeStrategy: override + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + security: + apiToken: + creationOfLegacyTokenEnabled: false + tokenGenerationOnCreationEnabled: false + usageStatisticsEnabled: true + unclassified: + location: + adminAddress: + url: https://jenkins.lab9.cloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins-schedule-agents + namespace: jenkins +rules: + - apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - persistentvolumeclaims + - events + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + - persistentvolumeclaims + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins-casc-reload + namespace: jenkins +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins-schedule-agents + namespace: jenkins +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jenkins-schedule-agents +subjects: + - kind: ServiceAccount + name: jenkins + namespace: jenkins +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins-watch-configmaps + namespace: jenkins +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jenkins-casc-reload +subjects: + - kind: ServiceAccount + name: jenkins + namespace: jenkins +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins-agent + namespace: jenkins +spec: + ports: + - name: agent-listener + port: 50000 + targetPort: 50000 + selector: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + type: ClusterIP +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + serviceName: jenkins + template: + metadata: + annotations: + checksum/config: 2b0c4702e7dc5a1c165c86e02e5a2c8804a2f5b8c94c9735042c0dbdcba59c2f + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + spec: + containers: + - args: + - --httpPort=8080 + env: + - name: SECRETS + value: /run/secrets/additional + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: JAVA_OPTS + value: "-Dcasc.reload.token=$(POD_NAME) " + - name: JENKINS_OPTS + value: "--webroot=/var/jenkins_cache/war " + - name: JENKINS_SLAVE_AGENT_PORT + value: "50000" + - name: CASC_JENKINS_CONFIG + value: /var/jenkins_home/casc_configs + image: jenkins/jenkins:2.375.1-jdk11 + imagePullPolicy: Always + livenessProbe: + failureThreshold: 5 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + name: jenkins + ports: + - containerPort: 8080 + name: http + - containerPort: 50000 + name: agent-listener + readinessProbe: + failureThreshold: 3 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 50m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 1000 + startupProbe: + failureThreshold: 12 + httpGet: + path: /login + port: http + periodSeconds: 10 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + readOnly: false + - mountPath: /var/jenkins_config + name: jenkins-config + readOnly: true + - mountPath: /usr/share/jenkins/ref/plugins/ + name: plugin-dir + readOnly: false + - mountPath: /var/jenkins_home/casc_configs + name: sc-config-volume + - mountPath: /run/secrets/additional + name: jenkins-secrets + readOnly: true + - mountPath: /var/jenkins_cache + name: jenkins-cache + - mountPath: /tmp + name: tmp-volume + - env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: LABEL + value: jenkins-jenkins-config + - name: FOLDER + value: /var/jenkins_home/casc_configs + - name: NAMESPACE + value: jenkins + - name: REQ_URL + value: http://localhost:8080/reload-configuration-as-code/?casc-reload-token=$(POD_NAME) + - name: REQ_METHOD + value: POST + - name: REQ_RETRY_CONNECT + value: "10" + image: kiwigrid/k8s-sidecar:1.15.0 + imagePullPolicy: IfNotPresent + name: config-reload + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/jenkins_home/casc_configs + name: sc-config-volume + - mountPath: /var/jenkins_home + name: jenkins-home + initContainers: + - command: + - sh + - /var/jenkins_config/apply_config.sh + image: jenkins/jenkins:2.375.1-jdk11 + imagePullPolicy: Always + name: init + resources: + limits: + cpu: 2000m + memory: 4096Mi + requests: + cpu: 50m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /var/jenkins_home + name: jenkins-home + - mountPath: /var/jenkins_config + name: jenkins-config + - mountPath: /usr/share/jenkins/ref/plugins + name: plugins + - mountPath: /var/jenkins_plugins + name: plugin-dir + - mountPath: /tmp + name: tmp-volume + securityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: jenkins + volumes: + - emptyDir: {} + name: plugins + - configMap: + name: jenkins + name: jenkins-config + - emptyDir: {} + name: plugin-dir + - name: jenkins-secrets + projected: + sources: + - secret: + items: + - key: jenkins-admin-user + path: chart-admin-username + - key: jenkins-admin-password + path: chart-admin-password + name: jenkins + - emptyDir: {} + name: jenkins-cache + - name: jenkins-home + persistentVolumeClaim: + claimName: jenkins + - emptyDir: {} + name: sc-config-volume + - emptyDir: {} + name: tmp-volume +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/component: jenkins-controller + app.kubernetes.io/instance: jenkins + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jenkins + helm.sh/chart: jenkins-4.2.20 + name: jenkins + namespace: jenkins +spec: + rules: + - host: jenkins.lab9.cloud + http: + paths: + - backend: + service: + name: jenkins + port: + number: 8080 + pathType: ImplementationSpecific + tls: + - hosts: + - jenkins.lab9.cloud + secretName: jenkins-ingress-tls +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + helm.sh/hook: test + name: jenkins-tests + namespace: jenkins +data: + run.sh: |- + @test "Testing Jenkins UI is accessible" { + curl --retry 48 --retry-delay 10 jenkins:8080/login + } +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test-success + name: jenkins-ui-test-0h17r + namespace: jenkins +spec: + containers: + - command: + - /tools/bats/bin/bats + - -t + - /tests/run.sh + image: jenkins/jenkins:2.375.1-jdk11 + name: jenkins-ui-test + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + - mountPath: /tools + name: tools + initContainers: + - args: + - | + # copy bats to tools dir + set -ex + cp -R /opt/bats /tools/bats/ + command: + - bash + - -c + image: bats/bats:1.2.1 + name: test-framework + volumeMounts: + - mountPath: /tools + name: tools + restartPolicy: Never + volumes: + - configMap: + name: jenkins-tests + name: tests + - emptyDir: {} + name: tools diff --git a/chart/manifest/construct-metadata.json b/chart/manifest/construct-metadata.json index 30a0b31..59a06d6 100644 --- a/chart/manifest/construct-metadata.json +++ b/chart/manifest/construct-metadata.json @@ -1 +1 @@ -{"version":"1.0.0","resources":{"metallb-system":{"path":"metallb/metallb-namespace"},"l2-lb-metallb-controller":{"path":"metallb/metallb-metallb-helm/l2-lb-metallb-controller-deployment"},"l2-lb-metallb-speaker":{"path":"metallb/metallb-metallb-helm/l2-lb-metallb-speaker-daemonset"},"webhook-server-cert":{"path":"metallb/metallb-metallb-helm/webhook-server-cert-secret"},"addresspools.metallb.io":{"path":"metallb/metallb-metallb-helm/addresspools.metallb.io-customresourcedefinition"},"bfdprofiles.metallb.io":{"path":"metallb/metallb-metallb-helm/bfdprofiles.metallb.io-customresourcedefinition"},"bgpadvertisements.metallb.io":{"path":"metallb/metallb-metallb-helm/bgpadvertisements.metallb.io-customresourcedefinition"},"bgppeers.metallb.io":{"path":"metallb/metallb-metallb-helm/bgppeers.metallb.io-customresourcedefinition"},"ipaddresspools.metallb.io":{"path":"metallb/metallb-metallb-helm/ipaddresspools.metallb.io-customresourcedefinition"},"l2advertisements.metallb.io":{"path":"metallb/metallb-metallb-helm/l2advertisements.metallb.io-customresourcedefinition"},"communities.metallb.io":{"path":"metallb/metallb-metallb-helm/communities.metallb.io-customresourcedefinition"},"l2-lb-metallb:controller":{"path":"metallb/metallb-metallb-helm/l2-lb-metallb:controller-clusterrolebinding"},"l2-lb-metallb:speaker":{"path":"metallb/metallb-metallb-helm/l2-lb-metallb:speaker-clusterrolebinding"},"l2-lb-metallb-pod-lister":{"path":"metallb/metallb-metallb-helm/l2-lb-metallb-pod-lister-rolebinding"},"metallb-webhook-service":{"path":"metallb/metallb-metallb-helm/metallb-webhook-service-service"},"metallb-webhook-configuration":{"path":"metallb/metallb-metallb-helm/metallb-webhook-configuration-validatingwebhookconfiguration"},"local-ip":{"path":"metallb/metallb-ip-address-pool"},"ingress-nginx":{"path":"ingress-nginx/ingress-nginx-namespace"},"default-ingress-nginx":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-rolebinding-ingress-nginx"},"default-ingress-nginx-tcp":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-tcp-configmap-ingress-nginx"},"default-ingress-nginx-udp":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-udp-configmap-ingress-nginx"},"default-ingress-nginx-controller":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-controller-deployment-ingress-nginx"},"default-ingress-nginx-controller-admission":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-controller-admission-service-ingress-nginx"},"nginx":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/nginx-ingressclass"},"default-ingress-nginx-admission":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-admission-rolebinding-ingress-nginx"},"default-ingress-nginx-admission-create":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-admission-create-job-ingress-nginx"},"default-ingress-nginx-admission-patch":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/default-ingress-nginx-admission-patch-job-ingress-nginx"},"etcd":{"path":"dns/dns-statefulset"},"core-dns-coredns":{"path":"dns/dns-coredns/core-dns-coredns-deployment"},"external-dns":{"path":"dns/dns-external-dns/external-dns-deployment-dns"},"external-dns-viewer":{"path":"dns/dns-external-dns/external-dns-viewer-clusterrolebinding"}}} \ No newline at end of file +{"version":"1.0.0","resources":{"l2-lb-metallb-controller":{"path":"metallb/metallb-metallb/l2-lb-metallb-controller-deployment"},"l2-lb-metallb-speaker":{"path":"metallb/metallb-metallb/l2-lb-metallb-speaker-daemonset"},"webhook-server-cert":{"path":"metallb/metallb-metallb/webhook-server-cert-secret"},"addresspools.metallb.io":{"path":"metallb/metallb-metallb/addresspools.metallb.io-customresourcedefinition"},"bfdprofiles.metallb.io":{"path":"metallb/metallb-metallb/bfdprofiles.metallb.io-customresourcedefinition"},"bgpadvertisements.metallb.io":{"path":"metallb/metallb-metallb/bgpadvertisements.metallb.io-customresourcedefinition"},"bgppeers.metallb.io":{"path":"metallb/metallb-metallb/bgppeers.metallb.io-customresourcedefinition"},"ipaddresspools.metallb.io":{"path":"metallb/metallb-metallb/ipaddresspools.metallb.io-customresourcedefinition"},"l2advertisements.metallb.io":{"path":"metallb/metallb-metallb/l2advertisements.metallb.io-customresourcedefinition"},"communities.metallb.io":{"path":"metallb/metallb-metallb/communities.metallb.io-customresourcedefinition"},"l2-lb-metallb:controller":{"path":"metallb/metallb-metallb/l2-lb-metallb:controller-clusterrolebinding"},"l2-lb-metallb:speaker":{"path":"metallb/metallb-metallb/l2-lb-metallb:speaker-clusterrolebinding"},"l2-lb-metallb-pod-lister":{"path":"metallb/metallb-metallb/l2-lb-metallb-pod-lister-rolebinding"},"metallb-webhook-service":{"path":"metallb/metallb-metallb/metallb-webhook-service-service"},"metallb-webhook-configuration":{"path":"metallb/metallb-metallb/metallb-webhook-configuration-validatingwebhookconfiguration"},"local-ip":{"path":"metallb/metallb-ip-address-pool"},"ingress-nginx":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-rolebinding-ingress-nginx"},"ingress-nginx-tcp":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-tcp-configmap-ingress-nginx"},"ingress-nginx-udp":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-udp-configmap-ingress-nginx"},"ingress-nginx-controller":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-controller-deployment-ingress-nginx"},"ingress-nginx-controller-admission":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-controller-admission-service-ingress-nginx"},"nginx":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/nginx-ingressclass"},"ingress-nginx-admission":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-admission-rolebinding-ingress-nginx"},"ingress-nginx-admission-create":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-admission-create-job-ingress-nginx"},"ingress-nginx-admission-patch":{"path":"ingress-nginx/ingress-nginx-ingress-nginx/ingress-nginx-admission-patch-job-ingress-nginx"},"etcd":{"path":"dns/dns-etcd-sts"},"core-dns-coredns":{"path":"dns/dns-coredns/core-dns-coredns-deployment"},"external-dns":{"path":"dns/dns-external-dns/external-dns-deployment-dns"},"external-dns-viewer":{"path":"dns/dns-external-dns/external-dns-viewer-clusterrolebinding"},"cert-manager-cainjector":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-cainjector-deployment-cert-manager"},"cert-manager":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-deployment-cert-manager"},"cert-manager-webhook":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-webhook-validatingwebhookconfiguration"},"clusterissuers.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/clusterissuers.cert-manager.io-customresourcedefinition"},"challenges.acme.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/challenges.acme.cert-manager.io-customresourcedefinition"},"certificaterequests.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/certificaterequests.cert-manager.io-customresourcedefinition"},"issuers.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/issuers.cert-manager.io-customresourcedefinition"},"certificates.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/certificates.cert-manager.io-customresourcedefinition"},"orders.acme.cert-manager.io":{"path":"cert-manager/cert-manager-cert-manager/orders.acme.cert-manager.io-customresourcedefinition"},"cert-manager-controller-issuers":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-issuers-clusterrolebinding"},"cert-manager-controller-clusterissuers":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-clusterissuers-clusterrolebinding"},"cert-manager-controller-certificates":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-certificates-clusterrolebinding"},"cert-manager-controller-orders":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-orders-clusterrolebinding"},"cert-manager-controller-challenges":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-challenges-clusterrolebinding"},"cert-manager-controller-ingress-shim":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-ingress-shim-clusterrolebinding"},"cert-manager-view":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-view-clusterrole"},"cert-manager-edit":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-edit-clusterrole"},"cert-manager-controller-approve:cert-manager-io":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-approve:cert-manager-io-clusterrolebinding"},"cert-manager-controller-certificatesigningrequests":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-controller-certificatesigningrequests-clusterrolebinding"},"cert-manager-webhook:subjectaccessreviews":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-webhook:subjectaccessreviews-clusterrolebinding"},"cert-manager-cainjector:leaderelection":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-cainjector:leaderelection-rolebinding-kube-system"},"cert-manager:leaderelection":{"path":"cert-manager/cert-manager-cert-manager/cert-manager:leaderelection-rolebinding-kube-system"},"cert-manager-webhook:dynamic-serving":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-webhook:dynamic-serving-rolebinding-cert-manager"},"cert-manager-startupapicheck":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-startupapicheck-job-cert-manager"},"cert-manager-startupapicheck:create-cert":{"path":"cert-manager/cert-manager-cert-manager/cert-manager-startupapicheck:create-cert-rolebinding-cert-manager"},"cloudflare-api-key":{"path":"cert-manager/cert-manager-api-key"},"acme-issuer":{"path":"cert-manager/cluster-issuer-0"},"argocd-application-controller":{"path":"argo/argo-argocd/argocd-application-controller-serviceaccount"},"argo-argocd-applicationset-controller":{"path":"argo/argo-argocd/argo-argocd-applicationset-controller-deployment"},"argocd-notifications-controller":{"path":"argo/argo-argocd/argocd-notifications-controller-serviceaccount"},"argo-argocd-repo-server":{"path":"argo/argo-argocd/argo-argocd-repo-server-deployment"},"argocd-server":{"path":"argo/argo-argocd/argocd-server-serviceaccount"},"argocd-dex-server":{"path":"argo/argo-argocd/argocd-dex-server-serviceaccount"},"argocd-notifications-secret":{"path":"argo/argo-argocd/argocd-notifications-secret-secret"},"argocd-secret":{"path":"argo/argo-argocd/argocd-secret-secret"},"argocd-cm":{"path":"argo/argo-argocd/argocd-cm-configmap"},"argocd-cmd-params-cm":{"path":"argo/argo-argocd/argocd-cmd-params-cm-configmap"},"argocd-gpg-keys-cm":{"path":"argo/argo-argocd/argocd-gpg-keys-cm-configmap"},"argocd-notifications-cm":{"path":"argo/argo-argocd/argocd-notifications-cm-configmap"},"argocd-rbac-cm":{"path":"argo/argo-argocd/argocd-rbac-cm-configmap"},"argocd-ssh-known-hosts-cm":{"path":"argo/argo-argocd/argocd-ssh-known-hosts-cm-configmap"},"argocd-tls-certs-cm":{"path":"argo/argo-argocd/argocd-tls-certs-cm-configmap"},"applications.argoproj.io":{"path":"argo/argo-argocd/applications.argoproj.io-customresourcedefinition"},"applicationsets.argoproj.io":{"path":"argo/argo-argocd/applicationsets.argoproj.io-customresourcedefinition"},"appprojects.argoproj.io":{"path":"argo/argo-argocd/appprojects.argoproj.io-customresourcedefinition"},"argo-argocd-application-controller":{"path":"argo/argo-argocd/argo-argocd-application-controller-statefulset"},"argo-argocd-server":{"path":"argo/argo-argocd/argo-argocd-server-certificate"},"argo-argocd-notifications-controller":{"path":"argo/argo-argocd/argo-argocd-notifications-controller-deployment"},"argo-argocd-dex-server":{"path":"argo/argo-argocd/argo-argocd-dex-server-deployment"},"argo-argocd-redis":{"path":"argo/argo-argocd/argo-argocd-redis-deployment"},"harbor-tls":{"path":"harbor/harbor-certificate"},"harbor-chartmuseum":{"path":"harbor/harbor-harbor/harbor-chartmuseum-deployment"},"harbor-core":{"path":"harbor/harbor-harbor/harbor-core-deployment"},"harbor-database":{"path":"harbor/harbor-harbor/harbor-database-statefulset"},"harbor-jobservice":{"path":"harbor/harbor-harbor/harbor-jobservice-deployment"},"harbor-notary-server":{"path":"harbor/harbor-harbor/harbor-notary-server-deployment"},"harbor-registry":{"path":"harbor/harbor-harbor/harbor-registry-deployment"},"harbor-registry-htpasswd":{"path":"harbor/harbor-harbor/harbor-registry-htpasswd-secret"},"harbor-registryctl":{"path":"harbor/harbor-harbor/harbor-registryctl-configmap"},"harbor-trivy":{"path":"harbor/harbor-harbor/harbor-trivy-statefulset"},"harbor-jobservice-env":{"path":"harbor/harbor-harbor/harbor-jobservice-env-configmap"},"harbor-portal":{"path":"harbor/harbor-harbor/harbor-portal-deployment"},"harbor-jobservice-scandata":{"path":"harbor/harbor-harbor/harbor-jobservice-scandata-persistentvolumeclaim"},"harbor-notary-signer":{"path":"harbor/harbor-harbor/harbor-notary-signer-deployment"},"harbor-redis":{"path":"harbor/harbor-harbor/harbor-redis-statefulset"},"harbor-ingress":{"path":"harbor/harbor-harbor/harbor-ingress-ingress"},"harbor-ingress-notary":{"path":"harbor/harbor-harbor/harbor-ingress-notary-ingress"},"jenkins-ingress-tls":{"path":"jenkins/jenkins-certificate"},"jenkins":{"path":"jenkins/jenkins-jenkins/jenkins-ingress-jenkins"},"jenkins-jenkins-jcasc-config":{"path":"jenkins/jenkins-jenkins/jenkins-jenkins-jcasc-config-configmap-jenkins"},"jenkins-schedule-agents":{"path":"jenkins/jenkins-jenkins/jenkins-schedule-agents-rolebinding-jenkins"},"jenkins-casc-reload":{"path":"jenkins/jenkins-jenkins/jenkins-casc-reload-role-jenkins"},"jenkins-watch-configmaps":{"path":"jenkins/jenkins-jenkins/jenkins-watch-configmaps-rolebinding-jenkins"},"jenkins-agent":{"path":"jenkins/jenkins-jenkins/jenkins-agent-service-jenkins"},"jenkins-tests":{"path":"jenkins/jenkins-jenkins/jenkins-tests-configmap-jenkins"},"jenkins-ui-test-0h17r":{"path":"jenkins/jenkins-jenkins/jenkins-ui-test-0h17r-pod-jenkins"}}} \ No newline at end of file diff --git a/chart/package.json b/chart/package.json index c09267e..5f6d46c 100644 --- a/chart/package.json +++ b/chart/package.json @@ -13,11 +13,13 @@ "add-custom-dns": "sudo bash ./scripts/add-custom-dns-resolver.sh", "sample-nginx:up": "bash ./scripts/sample-nginx-up-down.sh up", "sample-nginx:down": "bash ./scripts/sample-nginx-up-down.sh down", - "config:network": "pnpm ip-alias:up && pnpm add-custom-dns" + "config:network": "pnpm ip-alias:up && pnpm add-custom-dns", + "k8s:deploy": "./scripts/deploy-manifest.sh $@" }, "dependencies": { "@package/cdk8s-loader": "workspace:^0.0.1", "@package/common": "workspace:^0.0.1", - "@package/k8s-generated": "workspace:^1.25.0" + "@package/k8s-generated": "workspace:^1.25.0", + "dotenv": "^16.0.3" } } diff --git a/chart/scripts/add-custom-dns-resolver.sh b/chart/scripts/add-custom-dns-resolver.sh old mode 100644 new mode 100755 index d31561a..8190eb0 --- a/chart/scripts/add-custom-dns-resolver.sh +++ b/chart/scripts/add-custom-dns-resolver.sh @@ -14,8 +14,9 @@ search $DOMAIN nameserver $NS_IP " -sudo mkdir -p /private/etc/resolver -echo "$RESOLVER_CONTENT" | sudo tee -a $RESOLVER_NAME &>/dev/null +RESOLVER_DIR=/private/etc/resolver +sudo mkdir -p $RESOLVER_DIR +echo "$RESOLVER_CONTENT" | sudo tee -a $RESOLVER_DIR/$RESOLVER_NAME &>/dev/null # https://vninja.net/2020/02/06/macos-custom-dns-resolvers/ # 위 링크처럼 DNS Refresh diff --git a/chart/scripts/deploy-manifest.sh b/chart/scripts/deploy-manifest.sh new file mode 100755 index 0000000..70678d4 --- /dev/null +++ b/chart/scripts/deploy-manifest.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +MANIFESTS=$1 + +case $MANIFESTS in + -*|--*|'') + echo "Unknown k8s manifest path '$MANIFESTS'" + exit 1 + ;; +esac +shift + +if [ -d $MANIFESTS ]; then + MANIFESTS=$(realpath $MANIFESTS)/* +elif [ ! -f $MANIFESTS ]; then + echo "Files not exists" + exit 1 +fi + +POSITIONAL_ARGS=() + +while [[ $# -gt 0 ]]; do + case $1 in + -w|--wait) + WAIT="$2" + shift # past argument + shift # past value + ;; + -r|--resources) + RESOURCES=$(echo "$2" | sed -r 's/,/|/g') + shift # past argument + shift # past value + ;; + -*|--*) + echo "Unknown option $1" + exit 1 + ;; + *) + POSITIONAL_ARGS+=("$1") # save positional arg + shift # past argument + ;; + esac +done + +set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters + +echo "$RESOURCES" + +# User가 선택하지 않은 Resource 먼저 생성 +cat $(ls $MANIFESTS | grep '.yaml') | yq ". | select(.kind | test(\"$RESOURCES\") | not)" | kubectl apply -f - + +sleep $WAIT + +# User가 선택한 Resource 생성 +cat $(ls $MANIFESTS | grep '.yaml') | yq ". | select(.kind | test(\"$RESOURCES\"))" | kubectl apply -f - \ No newline at end of file diff --git a/chart/scripts/load-helm.sh b/chart/scripts/load-helm.sh index 8429e7b..2ee53de 100755 --- a/chart/scripts/load-helm.sh +++ b/chart/scripts/load-helm.sh @@ -24,7 +24,7 @@ function helmRepoAdd() { function helmValuesCodegenForTypescript() { local CHART_LIST_FILE=$1 local EXEC_DIR=$2 - local HELM_SHOW_VALUE_PARAMS=$(yq '.charts[] | .repo + "/" + .chart' $CHART_LIST_FILE) + local HELM_SHOW_VALUE_PARAMS=$(yq '.charts[] | .repo + "/" + .chart + "@" + .version' $CHART_LIST_FILE) cd $2 echo "$HELM_SHOW_VALUE_PARAMS" | awk '{system("generate_helm_value_inference "$1" ts")}' } @@ -35,4 +35,5 @@ helmRepoAdd $HELM_CHARTS_FILE 1>/dev/null # helm repo update -helmValuesCodegenForTypescript $HELM_CHARTS_FILE $PWD/src/helm-values +mkdir -p $PWD/src/types/helm-values +helmValuesCodegenForTypescript $HELM_CHARTS_FILE $PWD/src/types/helm-values diff --git a/chart/scripts/sample-nginx-up-down.sh b/chart/scripts/sample-nginx-up-down.sh old mode 100644 new mode 100755 diff --git a/chart/src/app.ts b/chart/src/app.ts new file mode 100644 index 0000000..54bac49 --- /dev/null +++ b/chart/src/app.ts @@ -0,0 +1,349 @@ +import { PartialRecursive, scope } from '@package/common' +import { App, AppProps } from 'cdk8s' +import { + ArgoCdChart, + CertManagerChart, + DnsChart, + HarborChart, + IngressControllerChart, + LoadBalancerChart +} from './charts' +import { + ArgoCdHelmParam, + ExternalDnsHelmParam, + HarborHelmParam, + IngressNginxHelmParam, + JenkinsHelmParam, + argoCdDefaultValues, + externalDnsDefaultValues, + harborDefaultValues, + ingressNginxDefaultValues +} from './types' +import { JenkinsChart } from './charts/jenkins.chart' + +export class KubeOpsApp extends App { + public constructor(props?: AppProps) { + super(props) + + /* -------------------------------------------------------------------------- */ + /* Add chart: metallb */ + /* -------------------------------------------------------------------------- */ + const loadBalancer = new LoadBalancerChart(this, 'metallb', { + namespace: 'metallb-system', + ipAddressPool: { + name: 'local-ip', + spec: { + addresses: [process.env.LB_IP_ADDRESS_POOL as string] + } + }, + metallb: { + releaseName: 'l2-lb', + version: '0.13.7' + } + }) + + /* -------------------------------------------------------------------------- */ + /* Add chart: ingress-nginx */ + /* -------------------------------------------------------------------------- */ + const dnsNamespace = 'dns' + const ingressNginxValues = scope>(ingressNginxDefaultValues).merge({ + controller: { + service: { + type: 'LoadBalancer' + } + }, + tcp: { + '53': `${dnsNamespace}/core-dns-coredns:53` + }, + udp: { + '53': `${dnsNamespace}/core-dns-coredns:53` + } + }) + + const ingressController = new IngressControllerChart(this, 'ingress-nginx', { + namespace: 'ingress-nginx', + ingressNginxController: { + releaseName: 'ingress-nginx', + values: ingressNginxValues.get(), + version: '4.4.0' + } + }) + ingressController.addDependency(loadBalancer) + + const etcdClusterName = 'etcd' + const etcdClusterPort = 2379 + const etcdUrl = `http://${etcdClusterName}:${etcdClusterPort}` + + const dnsChart = new DnsChart(this, 'dns', { + namespace: dnsNamespace, + coreDns: { + releaseName: 'core-dns', + version: '1.19.7', + values: { + isClusterService: false, + rbac: { + create: true + }, + readinessProbe: { + enabled: false + }, + servers: [ + { + zones: [ + { + zone: '.' + } + ], + port: 53, + plugins: [ + { + name: 'errors' + }, + { + name: 'health', + configBlock: 'lameduck 5s' + }, + { + name: 'log' + }, + { + name: 'etcd', + configBlock: ['path /skydns', `endpoint ${etcdUrl}`, 'fallthrough'].join('\n') + }, + { + name: 'forward', + configBlock: '. '.concat(['8.8.8.8', '8.8.4.4', '1.1.1.1'].join(' ')) + }, + { + name: 'cache', + parameters: 30 + }, + { + name: 'prometheus', + parameters: '0.0.0.0:9153' + }, + { + name: 'reload' + }, + { + name: 'loadbalance' + } + ] + } + ] + } + }, + etcd: { + name: etcdClusterName, + replicas: 3, + labels: { + 'this.kubernetes.io/name': etcdClusterName, + 'this.kubernetes.io/component': 'this' + } + }, + externalDns: { + releaseName: 'external-dns', + version: '1.12.0', + values: scope>(externalDnsDefaultValues) + .merge({ + env: [ + { + name: 'ETCD_URLS', + value: etcdUrl + } + ], + logLevel: 'info', + provider: 'coredns' + }) + .get() + } + }) + + dnsChart.addDependency(ingressController) + + const email = process.env.CERT_MANAGER_EMAIL as string + const apiKeySecretName = 'cloudflare-api-key' + const apiKey = process.env.CLOUDFLARE_API_KEY as string + const certManager = new CertManagerChart(this, 'cert-manager', { + namespace: 'cert-manager', + certManager: { + releaseName: 'cert-manager', + helmFlags: ['--set', 'installCRDs=true'], + version: '1.10.1', + values: { + extraArgs: [ + '--dns01-recursive-nameservers-only', + '--dns01-recursive-nameservers', + ['8.8.8.8:53', '8.8.4.4:53', '1.1.1.1:53'].join(',') + ] + } + }, + apiKeySecret: { + secretName: apiKeySecretName, + apiKey + }, + clusterIssuers: [ + { + metadata: { + name: 'acme-issuer' + }, + spec: { + acme: { + privateKeySecretRef: { + name: 'acme-issuer-account-key' + }, + email, + server: 'https://acme-v02.api.letsencrypt.org/directory', + solvers: [ + { + dns01: { + cloudflare: { + email, + apiKeySecretRef: { + name: 'cloudflare-api-key', + key: 'api-key' + } + } + } + } + ] + } + } + } + ] + }) + certManager.addDependency(dnsChart) + + const argocdHost = 'argocd.lab9.cloud' + const scopeArgoCdHelmParam = scope>(argoCdDefaultValues) + { + scopeArgoCdHelmParam + .z('server') + .z('ingress') + .merge({ + enabled: true, + ingressClassName: 'nginx', + hosts: [argocdHost], + tls: [ + { + hosts: [argocdHost], + secretName: 'argocd-server-tls' + } + ] + }) + + scopeArgoCdHelmParam + .z('server') + .z('certificate') + .set({ + enabled: true, + issuer: { + name: 'acme-issuer', + kind: 'ClusterIssuer' + }, + domain: argocdHost + }) + scopeArgoCdHelmParam.z('apiVersionOverrides').z('certmanager').set('cert-manager.io/v1') + scopeArgoCdHelmParam.z('server').z('extraArgs').merge(['--insecure']) + } + const argocd = new ArgoCdChart(this, 'argo', { + namespace: 'argo', + argoCd: { + releaseName: 'argo', + values: scopeArgoCdHelmParam.get() as any, + version: '5.17.1' + } + }) + argocd.addDependency(dnsChart) + + const harborHost = 'harbor.lab9.cloud' + const harborNotaryHost = 'notary.lab9.cloud' + const harborTlsSecretName = 'harbor-tls' + const scopeHarborHelmParam = scope>(harborDefaultValues) + { + scopeHarborHelmParam.z('expose').set({ + ingress: { + className: 'nginx', + hosts: { + core: harborHost, + notary: harborNotaryHost + } + }, + tls: { + enabled: true, + secret: { + notarySecretName: harborTlsSecretName, + secretName: harborTlsSecretName + }, + certSource: 'secret' + } + }) + scopeHarborHelmParam.z('harborAdminPassword').set('admin') + scopeHarborHelmParam.z('externalURL').set(harborHost) + } + + new HarborChart(this, 'harbor', { + namespace: 'harbor', + certificate: { + metadata: { + name: 'harbor-tls' + }, + spec: { + issuerRef: { + name: 'acme-issuer', + kind: 'ClusterIssuer' + }, + secretName: harborTlsSecretName, + dnsNames: [harborHost, harborNotaryHost] + } + }, + harbor: { + releaseName: 'harbor', + values: scopeHarborHelmParam.get() as any, + version: '1.11.0' + } + }) + + const jenkinsHelmValues = {} as JenkinsHelmParam + const jenkinsHostName = 'jenkins.lab9.cloud' + const jenkinsTlsSecretName = 'jenkins-ingress-tls' + { + const scopeForJenkinsValues = scope(jenkinsHelmValues as PartialRecursive) + scopeForJenkinsValues + .z('controller') + .z('ingress') + .set({ + hostName: jenkinsHostName as any, + enabled: true, + apiVersion: 'extensions/v1beta1', + tls: [ + { + hosts: [jenkinsHostName], + secretName: jenkinsTlsSecretName + } + ] as any + }) + } + new JenkinsChart(this, 'jenkins', { + namespace: 'jenkins', + jenkins: { + releaseName: 'jenkins', + version: '4.2.20', + values: jenkinsHelmValues + }, + certificate: { + metadata: { + name: jenkinsTlsSecretName + }, + spec: { + issuerRef: { + name: 'acme-issuer', + kind: 'ClusterIssuer' + }, + secretName: jenkinsTlsSecretName, + dnsNames: [jenkinsHostName] + } + } + }) + } +} diff --git a/chart/src/charts/argocd.chart.ts b/chart/src/charts/argocd.chart.ts new file mode 100644 index 0000000..6313083 --- /dev/null +++ b/chart/src/charts/argocd.chart.ts @@ -0,0 +1,21 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { ChartProps, Helm } from 'cdk8s' +import { ArgoCdHelmParam } from '../types' + +interface ArgoCdChartProps extends ChartProps { + argoCd: Omit>, 'chart'> +} + +export class ArgoCdChart extends AbsChart { + protected loadChildren(id: string, props: ArgoCdChartProps): void { + const { argoCd, namespace } = props + + const scopeArgoCdProps = scope>({ + chart: 'argo/argo-cd', + namespace + }).merge(argoCd as any) + + new Helm(this, `${id}-argocd`, scopeArgoCdProps.get()) + } +} diff --git a/chart/src/charts/cert-manager.chart.ts b/chart/src/charts/cert-manager.chart.ts new file mode 100644 index 0000000..a6978ce --- /dev/null +++ b/chart/src/charts/cert-manager.chart.ts @@ -0,0 +1,42 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { ClusterIssuer, ClusterIssuerProps, KubeSecret } from '@package/k8s-generated/generated' +import { ChartProps, Helm } from 'cdk8s' +import { CertManagerHelmParam } from '../types' + +interface CertManagerChartProps extends ChartProps { + certManager: Omit>, 'chart'> + clusterIssuers?: ClusterIssuerProps[] + apiKeySecret?: { + secretName: string + apiKey: string + } +} + +export class CertManagerChart extends AbsChart { + protected loadChildren(id: string, props: CertManagerChartProps): void { + const { apiKeySecret, certManager, namespace, clusterIssuers } = props + + const scopeCertManagerProps = scope>({ + chart: 'jetstack/cert-manager', + namespace + }).merge(certManager as any) + const certManagerHelm = new Helm(this, `${id}-cert-manager`, scopeCertManagerProps.get()) + + if (apiKeySecret == null) { + return + } + + new KubeSecret(this, `${id}-api-key`, { + metadata: { + name: apiKeySecret.secretName + }, + data: { + ['api-key']: Buffer.from(apiKeySecret.apiKey).toString('base64') + } + }).addDependency(certManagerHelm) + ;(clusterIssuers ?? []).forEach((clusterIssuerProps, idx) => { + new ClusterIssuer(this, `cluster-issuer-${idx}`, clusterIssuerProps).addDependency(certManagerHelm) + }) + } +} diff --git a/chart/src/charts/dns.chart.ts b/chart/src/charts/dns.chart.ts index 4876855..00d3885 100644 --- a/chart/src/charts/dns.chart.ts +++ b/chart/src/charts/dns.chart.ts @@ -1,9 +1,15 @@ -import { ChartLoader, ComponentLoader, HelmLoader, HelmProps } from '@package/cdk8s-loader' +import { AbsChart, HelmProps } from '@package/cdk8s-loader' import { ContainerFactory } from '@package/cdk8s-loader/src/container-factory' import { PartialRecursive, scope } from '@package/common' -import { KubeIngress, KubeService, KubeStatefulSet, Quantity } from '@package/k8s-generated' -import { CorednsHelmParam, ExternalDnsHelmParam } from '../helm-values' -import { LoadingChart } from '../types' +import { KubeService, KubeStatefulSet, Quantity } from '@package/k8s-generated/generated' +import { ChartProps, Helm } from 'cdk8s' +import { CorednsHelmParam, ExternalDnsHelmParam } from '../types' + +interface DnsChartProps extends ChartProps { + coreDns: Omit>, 'chart'> + externalDns: Omit>, 'chart'> + etcd: EtcdClusterProps +} interface EtcdClusterProps { name: string @@ -14,25 +20,14 @@ interface EtcdClusterProps { serviceType?: 'ClusterIP' | 'LoadBalancer' | 'NodePort' } -export const dnsChart: LoadingChart<{ - coreDns: Omit>, 'chart'> - externalDns: Omit>, 'chart'> - etcd: EtcdClusterProps -}> = (id, props) => { - const { chartProps, coreDns, etcd, externalDns } = props - - const namespace = chartProps.namespace ?? 'dns' - - const chartLoader = new ChartLoader(id, chartProps) - - // Add etcd-cluster to chart - { - const { name, replicas, labels, serviceType } = etcd - const image = 'quay.io/coreos/etcd:latest' - - chartLoader - .addComponent( - new ComponentLoader(KubeService, `${id}-etcd-service`, { +export class DnsChart extends AbsChart { + protected loadChildren(id: string, props: DnsChartProps): void { + const { coreDns, etcd, externalDns, namespace } = props + { + const { name, labels, replicas, serviceType } = etcd + const image = 'quay.io/coreos/etcd:latest' + const etcdComponent = { + service: new KubeService(this, `${id}-etcd-svc`, { metadata: { name, labels @@ -59,10 +54,8 @@ export const dnsChart: LoadingChart<{ selector: labels, publishNotReadyAddresses: true } - }) - ) - .addComponent( - new ComponentLoader(KubeStatefulSet, `${id}-statefulset`, { + }), + statefulset: new KubeStatefulSet(this, `${id}-etcd-sts`, { metadata: { name, labels @@ -156,20 +149,19 @@ export const dnsChart: LoadingChart<{ ] } }) - ) - } + } + } - const corednsHelmPropsScope = scope>({ - chart: 'coredns/coredns', - helmFlags: ['--namespace', namespace, '--create-namespace'] - }).merge(coreDns as any) + const scopeCoreDnsHelmProps = scope>({ + chart: 'coredns/coredns', + namespace + }).merge(coreDns as any) + new Helm(this, `${id}-coredns`, scopeCoreDnsHelmProps.get()) - const externalDnsValuesScope = scope>>({ - chart: 'external-dns/external-dns', - helmFlags: ['--namespace', namespace, '--create-namespace'] - }).merge(externalDns as any) - - return chartLoader - .addHelm(() => new HelmLoader(`${id}-coredns`, corednsHelmPropsScope.get())) - .addHelm(() => new HelmLoader(`${id}-external-dns`, externalDnsValuesScope.get())) + const scopeExternalDnsHelmProps = scope>>({ + chart: 'external-dns/external-dns', + namespace + }).merge(externalDns as any) + new Helm(this, `${id}-external-dns`, scopeExternalDnsHelmProps.get()) + } } diff --git a/chart/src/charts/harbor.chart.ts b/chart/src/charts/harbor.chart.ts new file mode 100644 index 0000000..ac643b6 --- /dev/null +++ b/chart/src/charts/harbor.chart.ts @@ -0,0 +1,24 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { ChartProps, Helm } from 'cdk8s' +import { HarborHelmParam } from '../types' +import { Certificate, CertificateProps } from '@package/k8s-generated/generated' + +interface HarborChartProps extends ChartProps { + harbor: Omit>, 'chart'> + certificate?: CertificateProps +} + +export class HarborChart extends AbsChart { + protected loadChildren(id: string, props: HarborChartProps): void { + const { harbor, namespace, certificate: certificateProps } = props + if (certificateProps != null) { + new Certificate(this, `${id}-certificate`, certificateProps) + } + const scopeHarborHelmParam = scope>({ + chart: 'harbor/harbor', + namespace + }).merge(harbor as HelmProps) + new Helm(this, `${id}-harbor`, scopeHarborHelmParam.get()) + } +} diff --git a/chart/src/charts/index.ts b/chart/src/charts/index.ts index 3b23685..5cfd287 100644 --- a/chart/src/charts/index.ts +++ b/chart/src/charts/index.ts @@ -1,4 +1,7 @@ +export * from './argocd.chart' +export * from './cert-manager.chart' export * from './dns.chart' -export * from './ingress-nginx.chart' -export * from './metallb.chart' +export * from './harbor.chart' +export * from './ingress-controller.chart' +export * from './load-balancer.chart' export * from './prometheus.chart' diff --git a/chart/src/charts/ingress-controller.chart.ts b/chart/src/charts/ingress-controller.chart.ts new file mode 100644 index 0000000..d8a8a36 --- /dev/null +++ b/chart/src/charts/ingress-controller.chart.ts @@ -0,0 +1,20 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { ChartProps, Helm } from 'cdk8s' +import { IngressNginxHelmParam } from '../types' + +interface IngressControllerChartProps extends ChartProps { + ingressNginxController: Omit>, 'chart'> +} + +export class IngressControllerChart extends AbsChart { + protected loadChildren(id: string, props: IngressControllerChartProps): void { + const { ingressNginxController, labels, namespace } = props + const scopeIngressNginxControllerProps = scope>>({ + chart: 'ingress-nginx/ingress-nginx', + namespace + }).merge(ingressNginxController as any) + + new Helm(this, `${id}-ingress-nginx`, scopeIngressNginxControllerProps.get()) + } +} diff --git a/chart/src/charts/ingress-nginx.chart.ts b/chart/src/charts/ingress-nginx.chart.ts deleted file mode 100644 index 69c86be..0000000 --- a/chart/src/charts/ingress-nginx.chart.ts +++ /dev/null @@ -1,33 +0,0 @@ -import { ChartLoader, ComponentLoader, HelmLoader, HelmProps } from '@package/cdk8s-loader' -import { PartialRecursive, scope } from '@package/common' -import { KubeNamespace } from '@package/k8s-generated' -import { IngressNginxHelmParam } from '../helm-values/ingress-nginx/ingress-nginx' -import { LoadingChart } from '../types' - -export const ingressNginxChart: LoadingChart<{ - helmProps: Omit>, 'chart'> -}> = (id, props) => { - const { chartProps, helmProps } = props - - const namespace = chartProps.namespace ?? 'default' - const helmOptionsScope = scope({ - chart: 'ingress-nginx/ingress-nginx', - helmFlags: ['--namespace', namespace, '--create-namespace'] - } as HelmProps>) - helmOptionsScope.merge(helmProps as HelmProps) - - const chartLoader = new ChartLoader(id, chartProps) - if (namespace !== 'default') { - chartLoader.addComponent( - new ComponentLoader(KubeNamespace, `${id}-namespace`, { - metadata: { - name: namespace - } - }) - ) - } - - return chartLoader.addHelm( - () => new HelmLoader>(`${id}-ingress-nginx`, helmOptionsScope.get()) - ) -} diff --git a/chart/src/charts/jenkins.chart.ts b/chart/src/charts/jenkins.chart.ts new file mode 100644 index 0000000..e000239 --- /dev/null +++ b/chart/src/charts/jenkins.chart.ts @@ -0,0 +1,25 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { Certificate, CertificateProps } from '@package/k8s-generated' +import { ChartProps, Helm } from 'cdk8s' +import { JenkinsHelmParam } from '../types' + +interface JenkinsChartProps extends ChartProps { + jenkins: Omit>, 'chart'> + certificate?: CertificateProps +} + +export class JenkinsChart extends AbsChart { + protected loadChildren(id: string, props: JenkinsChartProps): void { + const { jenkins, namespace, certificate: certificateProps } = props + + if (certificateProps != null) { + new Certificate(this, `${id}-certificate`, certificateProps) + } + const scopeJenkinsProps = scope>({ + chart: 'jenkins/jenkins', + namespace + }).merge(jenkins as any) + new Helm(this, `${id}-jenkins`, scopeJenkinsProps.get()) + } +} diff --git a/chart/src/charts/load-balancer.chart.ts b/chart/src/charts/load-balancer.chart.ts new file mode 100644 index 0000000..3f26b88 --- /dev/null +++ b/chart/src/charts/load-balancer.chart.ts @@ -0,0 +1,32 @@ +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { IpAddressPool, IpAddressPoolSpec } from '@package/k8s-generated' +import { ChartProps, Helm } from 'cdk8s' +import { MetallbHelmParam } from '../types' + +interface LoadBalancerChartProps extends ChartProps { + metallb: Omit>, 'chart'> + ipAddressPool: { + name: string + spec: IpAddressPoolSpec + } +} + +export class LoadBalancerChart extends AbsChart { + protected loadChildren(id: string, props: LoadBalancerChartProps): void { + const { metallb, ipAddressPool } = props + const scopeMetallb = scope>>({ + chart: 'metallb/metallb', + namespace: this.namespace + }).merge(metallb as any) + + const metallbHelm = new Helm(this, `${id}-metallb`, scopeMetallb.get()) + + new IpAddressPool(this, `${id}-ip-address-pool`, { + metadata: { + name: ipAddressPool.name + }, + spec: ipAddressPool.spec + }).addDependency(metallbHelm) + } +} diff --git a/chart/src/charts/metallb.chart.ts b/chart/src/charts/metallb.chart.ts deleted file mode 100644 index b090ef5..0000000 --- a/chart/src/charts/metallb.chart.ts +++ /dev/null @@ -1,47 +0,0 @@ -import { ChartLoader, ComponentLoader, HelmLoader, HelmProps } from '@package/cdk8s-loader' -import { PartialRecursive, scope } from '@package/common' -import { KubeNamespace } from '@package/k8s-generated' -import { KubeIpAddressPool } from '../custom-component' -import { MetallbHelmParam } from '../helm-values/metallb/metallb' -import { LoadingChart } from '../types' - -export const metallbChart: LoadingChart<{ - helmProps: Omit, 'chart'> - ipAddressPool: { - name: string - addresses: string[] - autoAssign?: boolean - } -}> = (id, props) => { - const { chartProps, helmProps, ipAddressPool } = props - const namespace = chartProps.namespace ?? 'default' - const chartLoader = new ChartLoader(id, chartProps) - - const helmOptionsScope = scope>({ - chart: 'metallb/metallb', - helmFlags: ['--namespace', namespace, '--create-namespace'] - }).merge(helmProps as HelmProps) - - if (namespace !== 'default') { - chartLoader.addComponent( - new ComponentLoader(KubeNamespace, `${id}-namespace`, { - metadata: { - name: chartProps.namespace - } - }) - ) - } - return chartLoader - .addHelm(() => new HelmLoader>(`${id}-metallb-helm`, helmOptionsScope.get())) - .addComponent( - new ComponentLoader(KubeIpAddressPool, `${id}-ip-address-pool`, { - metadata: { - name: ipAddressPool.name - }, - spec: { - addresses: ipAddressPool.addresses, - autoAssign: ipAddressPool.autoAssign - } - }) - ) -} diff --git a/chart/src/charts/prometheus.chart.ts b/chart/src/charts/prometheus.chart.ts index 3808681..34f39ed 100644 --- a/chart/src/charts/prometheus.chart.ts +++ b/chart/src/charts/prometheus.chart.ts @@ -1,25 +1,20 @@ -import { ChartLoader, HelmLoader, HelmProps } from '@package/cdk8s-loader' -import { scope } from '@package/common' -import { KubePrometheusStackHelmParam } from '../helm-values/prometheus-community/kube-prometheus-stack' -import { LoadingChart } from '../types' +import { AbsChart, HelmProps } from '@package/cdk8s-loader' +import { PartialRecursive, scope } from '@package/common' +import { ChartProps, Helm } from 'cdk8s' +import { KubePrometheusStackHelmParam } from '../types' -export const prometheusChart: LoadingChart<{ - helmProps: Omit, 'chart'> -}> = (id, props) => { - const { chartProps, helmProps } = props - - const namespace = chartProps.namespace ?? 'default' +interface PrometheusStackChartProps extends ChartProps { + prometheus: Omit>, 'chart'> +} - const helmOptionsScope = scope({ - chart: 'prometheus-community/kube-prometheus-stack', - helmFlags: ['--namespace', namespace, '--create-namespace'] - } as HelmProps) +export class PrometheusStackChart extends AbsChart { + protected loadChildren(id: string, props: PrometheusStackChartProps): void { + const { prometheus, namespace } = props + const scopePrometheusHelmProps = scope({ + chart: 'prometheus-community/kube-prometheus-stack', + namespace + } as HelmProps).merge(prometheus as any) - return new ChartLoader(id, chartProps).addHelm( - () => - new HelmLoader( - `${id}-helm`, - helmOptionsScope.merge(helmProps as HelmProps).get() - ) - ) + new Helm(this, `${id}-prometheus`, scopePrometheusHelmProps.get()) + } } diff --git a/chart/src/custom-component/index.ts b/chart/src/custom-component/index.ts deleted file mode 100644 index 05a1bb3..0000000 --- a/chart/src/custom-component/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './ip-address-pool' diff --git a/chart/src/custom-component/ip-address-pool.ts b/chart/src/custom-component/ip-address-pool.ts deleted file mode 100644 index 98a5968..0000000 --- a/chart/src/custom-component/ip-address-pool.ts +++ /dev/null @@ -1,27 +0,0 @@ -import { ApiObject, GroupVersionKind } from 'cdk8s' -import { Construct } from 'constructs' - -export interface KubeIpAddressPoolProps { - metadata?: { - name?: string - namespace?: string - } - spec?: { - addresses: string[] - autoAssign?: boolean - } -} - -export class KubeIpAddressPool extends ApiObject { - public static readonly GVK: GroupVersionKind = { - apiVersion: 'metallb.io/v1beta1', - kind: 'IPAddressPool' - } - - public constructor(chart: Construct, id: string, props: KubeIpAddressPoolProps) { - super(chart, id, { - ...KubeIpAddressPool.GVK, - ...props - }) - } -} diff --git a/chart/src/index.ts b/chart/src/index.ts index d05924a..3168dab 100644 --- a/chart/src/index.ts +++ b/chart/src/index.ts @@ -1,146 +1,9 @@ -import { PartialRecursive, scope } from '@package/common' -import { App } from 'cdk8s' -import { dnsChart, ingressNginxChart, metallbChart } from './charts' -import { - ExternalDnsHelmParam, - IngressNginxHelmParam, - externalDnsDefaultValues, - ingressNginxDefaultValues -} from './helm-values' +import { config } from 'dotenv' +import path from 'path' +import { KubeOpsApp } from './app' -const synth = () => { - const app: App = new App() +config({ + path: path.resolve(process.cwd(), '.env') +}) - /* -------------------------------------------------------------------------- */ - /* Add chart: metallb */ - /* -------------------------------------------------------------------------- */ - - const metalLb = metallbChart('metallb', { - chartProps: { namespace: 'metallb-system' }, - helmProps: { - releaseName: 'l2-lb' - }, - ipAddressPool: { - name: 'local-ip', - addresses: [process.env.LB_IP_ADDRESS_POOL as string] - } - }).load(app) - - /* -------------------------------------------------------------------------- */ - /* Add chart: ingress-nginx */ - /* -------------------------------------------------------------------------- */ - const dnsNamespace = 'dns' - const ingressNginxValues = scope>(ingressNginxDefaultValues).merge({ - controller: { - service: { - type: 'LoadBalancer' - } - }, - tcp: { - '53': `${dnsNamespace}/core-dns-coredns:53` - }, - udp: { - '53': `${dnsNamespace}/core-dns-coredns:53` - } - }) - const ingressNginx = ingressNginxChart('ingress-nginx', { - chartProps: { - namespace: 'ingress-nginx' - }, - helmProps: { - releaseName: 'default', - values: ingressNginxValues.get() - } - }).load(app) - ingressNginx.addDependency(metalLb) - - const etcdClusterName = 'etcd' - const etcdClusterPort = 2379 - const etcdUrl = `http://${etcdClusterName}:${etcdClusterPort}` - - const dns = dnsChart('dns', { - chartProps: { - namespace: dnsNamespace - }, - coreDns: { - releaseName: 'core-dns', - values: { - isClusterService: false, - rbac: { - create: true - }, - readinessProbe: { - enabled: false - }, - servers: [ - { - zones: [ - { - zone: '.' - } - ], - port: 53, - plugins: [ - { - name: 'errors' - }, - { - name: 'health', - configBlock: 'lameduck 5s' - }, - { - name: 'log' - }, - { - name: 'etcd', - configBlock: ['path /skydns', `endpoint ${etcdUrl}`, 'fallthrough'].join('\n') - }, - { - name: 'cache', - parameters: 30 - }, - { - name: 'prometheus', - parameters: '0.0.0.0:9153' - }, - { - name: 'reload' - }, - { - name: 'loadbalance' - } - ] - } - ] - } - }, - etcd: { - name: etcdClusterName, - replicas: 3, - labels: { - 'app.kubernetes.io/name': etcdClusterName, - 'app.kubernetes.io/component': 'app' - } - }, - externalDns: { - releaseName: 'external-dns', - values: scope>(externalDnsDefaultValues) - .merge({ - env: [ - { - name: 'ETCD_URLS', - value: etcdUrl - } - ], - logLevel: 'info', - provider: 'coredns' - }) - .get() - } - }).load(app) - - dns.addDependency(ingressNginx) - app.synth() -} - -synth() +new KubeOpsApp().synth() diff --git a/chart/src/types/helm-values/argo/argo-cd/default-values.json b/chart/src/types/helm-values/argo/argo-cd/default-values.json new file mode 100644 index 0000000..99b298b --- /dev/null +++ b/chart/src/types/helm-values/argo/argo-cd/default-values.json @@ -0,0 +1,1038 @@ +{ + "nameOverride": "argocd", + "fullnameOverride": "", + "kubeVersionOverride": "", + "apiVersionOverrides": { + "certmanager": "", + "cloudgoogle": "", + "autoscaling": "" + }, + "createAggregateRoles": false, + "createClusterRoles": true, + "openshift": { + "enabled": false + }, + "crds": { + "install": true, + "keep": true, + "annotations": {} + }, + "global": { + "additionalLabels": {}, + "revisionHistoryLimit": 3, + "image": { + "repository": "quay.io/argoproj/argocd", + "tag": "", + "imagePullPolicy": "IfNotPresent" + }, + "imagePullSecrets": [], + "logging": { + "format": "text", + "level": "info" + }, + "statefulsetAnnotations": {}, + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "securityContext": {}, + "hostAliases": [], + "networkPolicy": { + "create": false, + "defaultDenyIngress": false + } + }, + "configs": { + "cm": { + "create": true, + "annotations": {}, + "url": "", + "application.instanceLabelKey": "argocd.argoproj.io/instance", + "server.rbac.log.enforce.enable": false, + "exec.enabled": false, + "admin.enabled": true, + "timeout.reconciliation": "180s", + "timeout.hard.reconciliation": "0s" + }, + "params": { + "annotations": {}, + "otlp.address": "", + "controller.status.processors": 20, + "controller.operation.processors": 10, + "controller.self.heal.timeout.seconds": 5, + "controller.repo.server.timeout.seconds": 60, + "server.insecure": false, + "server.basehref": "/", + "server.rootpath": "", + "server.staticassets": "/shared/app", + "server.disable.auth": false, + "server.enable.gzip": false, + "server.x.frame.options": "sameorigin", + "reposerver.parallelism.limit": 0 + }, + "rbac": { + "create": true, + "annotations": {}, + "policy.default": "", + "policy.csv": "", + "scopes": "[groups]" + }, + "gpg": { + "annotations": {}, + "keys": {} + }, + "clusterCredentials": [], + "knownHostsAnnotations": {}, + "knownHosts": { + "data": { + "ssh_known_hosts": "bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\nssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\nvs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\n" + } + }, + "tlsCertsAnnotations": {}, + "tlsCerts": {}, + "credentialTemplates": {}, + "credentialTemplatesAnnotations": {}, + "repositories": {}, + "repositoriesAnnotations": {}, + "secret": { + "createSecret": true, + "annotations": {}, + "githubSecret": "", + "gitlabSecret": "", + "bitbucketServerSecret": "", + "bitbucketUUID": "", + "gogsSecret": "", + "extra": {}, + "argocdServerAdminPassword": "", + "argocdServerAdminPasswordMtime": "" + }, + "styles": "" + }, + "extraObjects": [], + "controller": { + "name": "application-controller", + "replicas": 1, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "args": {}, + "extraArgs": [], + "env": [], + "envFrom": [], + "extraContainers": [], + "initContainers": [], + "volumeMounts": [], + "volumes": [], + "statefulsetAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "containerPort": 8082, + "readinessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": [], + "priorityClassName": "", + "serviceAccount": { + "create": true, + "name": "argocd-application-controller", + "annotations": {}, + "labels": {}, + "automountServiceAccountToken": true + }, + "metrics": { + "enabled": false, + "applicationLabels": { + "enabled": false, + "labels": [] + }, + "service": { + "annotations": {}, + "labels": {}, + "servicePort": 8082, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + }, + "rules": { + "enabled": false, + "spec": [] + } + }, + "clusterRoleRules": { + "enabled": false, + "rules": [] + } + }, + "dex": { + "enabled": true, + "name": "dex-server", + "extraArgs": [], + "metrics": { + "enabled": false, + "service": { + "annotations": {}, + "labels": {}, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + } + }, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "ghcr.io/dexidp/dex", + "tag": "v2.35.3", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "initImage": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "env": [], + "envFrom": [], + "extraContainers": [], + "initContainers": [], + "volumeMounts": [], + "volumes": [], + "certificateSecret": { + "enabled": false, + "labels": {}, + "annotations": {}, + "ca": "", + "key": "", + "crt": "" + }, + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "livenessProbe": { + "enabled": false, + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "readinessProbe": { + "enabled": false, + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "serviceAccount": { + "create": true, + "name": "argocd-dex-server", + "annotations": {}, + "automountServiceAccountToken": true + }, + "containerPortHttp": 5556, + "servicePortHttp": 5556, + "servicePortHttpName": "http", + "containerPortGrpc": 5557, + "servicePortGrpc": 5557, + "servicePortGrpcName": "grpc", + "containerPortMetrics": 5558, + "servicePortMetrics": 5558, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": [], + "priorityClassName": "" + }, + "redis": { + "enabled": true, + "name": "redis", + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "public.ecr.aws/docker/library/redis", + "tag": "7.0.5-alpine", + "imagePullPolicy": "IfNotPresent" + }, + "imagePullSecrets": [], + "extraArgs": [], + "env": [], + "envFrom": [], + "extraContainers": [], + "initContainers": [], + "volumeMounts": [], + "volumes": [], + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "securityContext": { + "runAsNonRoot": true, + "runAsUser": 999, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "containerSecurityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "containerPort": 6379, + "servicePort": 6379, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": [], + "priorityClassName": "", + "serviceAccount": { + "create": false, + "name": "", + "annotations": {}, + "automountServiceAccountToken": false + }, + "service": { + "annotations": {}, + "labels": {} + }, + "metrics": { + "enabled": false, + "image": { + "repository": "public.ecr.aws/bitnami/redis-exporter", + "tag": "1.26.0-debian-10-r2", + "imagePullPolicy": "IfNotPresent" + }, + "containerPort": 9121, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "resources": {}, + "service": { + "type": "ClusterIP", + "clusterIP": "None", + "annotations": {}, + "labels": {}, + "servicePort": 9121, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + } + } + }, + "redis-ha": { + "enabled": false, + "exporter": { + "enabled": true + }, + "persistentVolume": { + "enabled": false + }, + "redis": { + "masterGroupName": "argocd", + "config": { + "save": "\"\"" + } + }, + "haproxy": { + "enabled": true, + "metrics": { + "enabled": true + } + }, + "image": { + "tag": "7.0.5-alpine" + }, + "topologySpreadConstraints": { + "enabled": false, + "maxSkew": "", + "topologyKey": "", + "whenUnsatisfiable": "" + } + }, + "externalRedis": { + "host": "", + "username": "", + "password": "", + "port": 6379, + "existingSecret": "", + "secretAnnotations": {} + }, + "server": { + "name": "server", + "replicas": 1, + "autoscaling": { + "enabled": false, + "minReplicas": 1, + "maxReplicas": 5, + "targetCPUUtilizationPercentage": 50, + "targetMemoryUtilizationPercentage": 50, + "behavior": {} + }, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "extraArgs": [], + "env": [], + "envFrom": [], + "lifecycle": {}, + "extensions": { + "enabled": false, + "image": { + "repository": "ghcr.io/argoproj-labs/argocd-extensions", + "tag": "v0.1.0", + "imagePullPolicy": "" + }, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "resources": {} + }, + "extraContainers": [], + "initContainers": [], + "volumeMounts": [], + "volumes": [], + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerPort": 8080, + "readinessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "livenessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": [], + "priorityClassName": "", + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "certificate": { + "enabled": false, + "secretName": "argocd-server-tls", + "domain": "argocd.example.com", + "additionalHosts": [], + "duration": "", + "renewBefore": "", + "issuer": { + "group": "", + "kind": "", + "name": "" + }, + "privateKey": { + "rotationPolicy": "Never", + "encoding": "PKCS1", + "algorithm": "RSA", + "size": 2048 + } + }, + "certificateSecret": { + "enabled": false, + "annotations": {}, + "labels": {}, + "key": "", + "crt": "" + }, + "service": { + "annotations": {}, + "labels": {}, + "type": "ClusterIP", + "nodePortHttp": 30080, + "nodePortHttps": 30443, + "servicePortHttp": 80, + "servicePortHttps": 443, + "servicePortHttpName": "http", + "servicePortHttpsName": "https", + "namedTargetPort": true, + "loadBalancerIP": "", + "loadBalancerSourceRanges": [], + "externalIPs": [], + "externalTrafficPolicy": "", + "sessionAffinity": "" + }, + "metrics": { + "enabled": false, + "service": { + "annotations": {}, + "labels": {}, + "servicePort": 8083, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + } + }, + "serviceAccount": { + "create": true, + "name": "argocd-server", + "annotations": {}, + "labels": {}, + "automountServiceAccountToken": true + }, + "ingress": { + "enabled": false, + "annotations": {}, + "labels": {}, + "ingressClassName": "", + "hosts": [], + "paths": [ + "/" + ], + "pathType": "Prefix", + "extraPaths": [], + "tls": [], + "https": false + }, + "ingressGrpc": { + "enabled": false, + "isAWSALB": false, + "annotations": {}, + "labels": {}, + "ingressClassName": "", + "awsALB": { + "serviceType": "NodePort", + "backendProtocolVersion": "HTTP2" + }, + "hosts": [], + "paths": [ + "/" + ], + "pathType": "Prefix", + "extraPaths": [], + "tls": [], + "https": false + }, + "route": { + "enabled": false, + "annotations": {}, + "hostname": "", + "termination_type": "passthrough", + "termination_policy": "None" + }, + "GKEbackendConfig": { + "enabled": false, + "spec": {} + }, + "GKEmanagedCertificate": { + "enabled": false, + "domains": [ + "argocd.example.com" + ] + }, + "GKEfrontendConfig": { + "enabled": false, + "spec": {} + } + }, + "repoServer": { + "name": "repo-server", + "replicas": 1, + "autoscaling": { + "enabled": false, + "minReplicas": 1, + "maxReplicas": 5, + "targetCPUUtilizationPercentage": 50, + "targetMemoryUtilizationPercentage": 50, + "behavior": {} + }, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "extraArgs": [], + "env": [], + "envFrom": [], + "extraContainers": [], + "initContainers": [], + "volumeMounts": [], + "volumes": [], + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerPort": 8081, + "readinessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "livenessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "topologySpreadConstraints": [], + "priorityClassName": "", + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "certificateSecret": { + "enabled": false, + "annotations": {}, + "labels": {}, + "ca": "", + "key": "", + "crt": "" + }, + "service": { + "annotations": {}, + "labels": {}, + "port": 8081, + "portName": "https-repo-server" + }, + "metrics": { + "enabled": false, + "service": { + "annotations": {}, + "labels": {}, + "servicePort": 8084, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + } + }, + "clusterRoleRules": { + "enabled": false, + "rules": [] + }, + "serviceAccount": { + "create": true, + "name": "", + "annotations": {}, + "labels": {}, + "automountServiceAccountToken": true + }, + "rbac": [] + }, + "applicationSet": { + "enabled": true, + "name": "applicationset-controller", + "replicaCount": 1, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "logFormat": "", + "logLevel": "", + "args": { + "metricsAddr": ":8080", + "probeBindAddr": ":8081", + "policy": "sync", + "dryRun": false + }, + "extraArgs": [], + "extraEnv": [], + "extraEnvFrom": [], + "extraContainers": [], + "initContainers": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "metrics": { + "enabled": false, + "service": { + "annotations": {}, + "labels": {}, + "servicePort": 8085, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "interval": "30s", + "relabelings": [], + "metricRelabelings": [], + "selector": {}, + "scheme": "", + "tlsConfig": {}, + "namespace": "", + "additionalLabels": {}, + "annotations": {} + } + }, + "service": { + "annotations": {}, + "labels": {}, + "port": 7000, + "portName": "webhook" + }, + "serviceAccount": { + "create": true, + "annotations": {}, + "labels": {}, + "name": "" + }, + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "readinessProbe": { + "enabled": false, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "timeoutSeconds": 1, + "successThreshold": 1, + "failureThreshold": 3 + }, + "livenessProbe": { + "enabled": false, + "initialDelaySeconds": 10, + "periodSeconds": 10, + "timeoutSeconds": 1, + "successThreshold": 1, + "failureThreshold": 3 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "priorityClassName": "", + "webhook": { + "ingress": { + "enabled": false, + "annotations": {}, + "labels": {}, + "ingressClassName": "", + "hosts": [], + "paths": [ + "/api/webhook" + ], + "pathType": "Prefix", + "extraPaths": [], + "tls": [] + } + } + }, + "notifications": { + "enabled": true, + "name": "notifications-controller", + "argocdUrl": null, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "logFormat": "", + "logLevel": "", + "extraArgs": [], + "extraEnv": [], + "extraEnvFrom": [], + "extraContainers": [], + "initContainers": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "context": {}, + "secret": { + "create": true, + "annotations": {}, + "items": {} + }, + "metrics": { + "enabled": false, + "port": 9001, + "service": { + "annotations": {}, + "labels": {}, + "portName": "http-metrics" + }, + "serviceMonitor": { + "enabled": false, + "selector": {}, + "additionalLabels": {}, + "annotations": {}, + "scheme": "", + "tlsConfig": {}, + "relabelings": [], + "metricRelabelings": [] + } + }, + "notifiers": {}, + "deploymentAnnotations": {}, + "podAnnotations": {}, + "podLabels": {}, + "resources": {}, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "priorityClassName": "", + "serviceAccount": { + "create": true, + "name": "argocd-notifications-controller", + "annotations": {}, + "labels": {} + }, + "cm": { + "create": true + }, + "subscriptions": [], + "templates": {}, + "triggers": {}, + "bots": { + "slack": { + "enabled": false, + "pdb": { + "enabled": false, + "labels": {}, + "annotations": {}, + "minAvailable": "", + "maxUnavailable": "" + }, + "image": { + "repository": "", + "tag": "", + "imagePullPolicy": "" + }, + "imagePullSecrets": [], + "service": { + "annotations": {}, + "port": 80, + "type": "LoadBalancer" + }, + "serviceAccount": { + "create": true, + "name": "argocd-notifications-bot", + "annotations": {} + }, + "containerSecurityContext": { + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false, + "seccompProfile": { + "type": "RuntimeDefault" + }, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "resources": {}, + "affinity": {}, + "tolerations": [], + "nodeSelector": {} + } + } + } +} diff --git a/chart/src/types/helm-values/argo/argo-cd/index.ts b/chart/src/types/helm-values/argo/argo-cd/index.ts new file mode 100644 index 0000000..d2e1d5b --- /dev/null +++ b/chart/src/types/helm-values/argo/argo-cd/index.ts @@ -0,0 +1,9 @@ +import * as fs from 'fs' +import * as path from 'path' +import { ArgoCdHelmParam } from './types' + +export * from './types' +const defaultValues: ArgoCdHelmParam = JSON.parse( + fs.readFileSync(path.resolve(__dirname, 'default-values.json')).toString() +) +export default defaultValues diff --git a/chart/src/types/helm-values/argo/argo-cd/types.ts b/chart/src/types/helm-values/argo/argo-cd/types.ts new file mode 100644 index 0000000..d30584c --- /dev/null +++ b/chart/src/types/helm-values/argo/argo-cd/types.ts @@ -0,0 +1,742 @@ +export interface ArgoCdHelmParam { + nameOverride: string; + fullnameOverride: string; + kubeVersionOverride: string; + apiVersionOverrides: ApiVersionOverrides; + createAggregateRoles: boolean; + createClusterRoles: boolean; + openshift: Openshift; + crds: Crds; + global: Global; + configs: Configs; + extraObjects: any[]; + controller: Controller; + dex: Dex; + redis: ArgoCdHelmParamRedis; + "redis-ha": RedisHa; + externalRedis: ExternalRedis; + server: Server; + repoServer: RepoServer; + applicationSet: ApplicationSet; + notifications: Notifications; +} + +export interface ApiVersionOverrides { + certmanager: string; + cloudgoogle: string; + autoscaling: string; +} + +export interface ApplicationSet { + enabled: boolean; + name: string; + replicaCount: number; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + logFormat: string; + logLevel: string; + args: Args; + extraArgs: any[]; + extraEnv: any[]; + extraEnvFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + extraVolumeMounts: any[]; + extraVolumes: any[]; + metrics: ApplicationSetMetrics; + service: ApplicationSetService; + serviceAccount: ServiceAccount; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerSecurityContext: ApplicationSetContainerSecurityContext; + readinessProbe: NessProbe; + livenessProbe: NessProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + priorityClassName: string; + webhook: Webhook; +} + +export interface Affinity { +} + +export interface Args { + metricsAddr: string; + probeBindAddr: string; + policy: string; + dryRun: boolean; +} + +export interface ApplicationSetContainerSecurityContext { + runAsNonRoot: boolean; + readOnlyRootFilesystem: boolean; + allowPrivilegeEscalation: boolean; + seccompProfile: SeccompProfile; + capabilities: Capabilities; +} + +export interface Capabilities { + drop: Drop[]; +} + +export enum Drop { + All = "ALL", +} + +export interface SeccompProfile { + type: Type; +} + +export enum Type { + RuntimeDefault = "RuntimeDefault", +} + +export interface InitImageClass { + repository: string; + tag: string; + imagePullPolicy: ImagePullPolicy; +} + +export enum ImagePullPolicy { + Empty = "", + IfNotPresent = "IfNotPresent", +} + +export interface NessProbe { + enabled?: boolean; + failureThreshold: number; + initialDelaySeconds: number; + periodSeconds: number; + successThreshold: number; + timeoutSeconds: number; +} + +export interface ApplicationSetMetrics { + enabled: boolean; + service: ApplicationSetService; + serviceMonitor: ServiceMonitor; +} + +export interface ApplicationSetService { + annotations: Affinity; + labels: Affinity; + servicePort?: number; + portName: string; + port?: number; +} + +export interface ServiceMonitor { + enabled: boolean; + interval?: string; + relabelings: any[]; + metricRelabelings: any[]; + selector: Affinity; + scheme: string; + tlsConfig: Affinity; + namespace?: string; + additionalLabels: Affinity; + annotations: Affinity; +} + +export interface Pdb { + enabled: boolean; + labels: Affinity; + annotations: Affinity; + minAvailable: string; + maxUnavailable: string; +} + +export interface ServiceAccount { + create: boolean; + annotations: Affinity; + labels?: Affinity; + name: string; + automountServiceAccountToken?: boolean; +} + +export interface Webhook { + ingress: Ingress; +} + +export interface Ingress { + enabled: boolean; + annotations: Affinity; + labels: Affinity; + ingressClassName: string; + hosts: any[]; + paths: string[]; + pathType: string; + extraPaths: any[]; + tls: any[]; + https?: boolean; + isAWSALB?: boolean; + awsALB?: AwsAlb; +} + +export interface AwsAlb { + serviceType: string; + backendProtocolVersion: string; +} + +export interface Configs { + cm: ConfigsCm; + params: Params; + rbac: Rbac; + gpg: Gpg; + clusterCredentials: any[]; + knownHostsAnnotations: Affinity; + knownHosts: KnownHosts; + tlsCertsAnnotations: Affinity; + tlsCerts: Affinity; + credentialTemplates: Affinity; + credentialTemplatesAnnotations: Affinity; + repositories: Affinity; + repositoriesAnnotations: Affinity; + secret: ConfigsSecret; + styles: string; +} + +export interface ConfigsCm { + create: boolean; + annotations: Affinity; + url: string; + "application.instanceLabelKey": string; + "server.rbac.log.enforce.enable": boolean; + "exec.enabled": boolean; + "admin.enabled": boolean; + "timeout.reconciliation": string; + "timeout.hard.reconciliation": string; +} + +export interface Gpg { + annotations: Affinity; + keys: Affinity; +} + +export interface KnownHosts { + data: Data; +} + +export interface Data { + ssh_known_hosts: string; +} + +export interface Params { + annotations: Affinity; + "otlp.address": string; + "controller.status.processors": number; + "controller.operation.processors": number; + "controller.self.heal.timeout.seconds": number; + "controller.repo.server.timeout.seconds": number; + "server.insecure": boolean; + "server.basehref": string; + "server.rootpath": string; + "server.staticassets": string; + "server.disable.auth": boolean; + "server.enable.gzip": boolean; + "server.x.frame.options": string; + "reposerver.parallelism.limit": number; +} + +export interface Rbac { + create: boolean; + annotations: Affinity; + "policy.default": string; + "policy.csv": string; + scopes: string; +} + +export interface ConfigsSecret { + createSecret: boolean; + annotations: Affinity; + githubSecret: string; + gitlabSecret: string; + bitbucketServerSecret: string; + bitbucketUUID: string; + gogsSecret: string; + extra: Affinity; + argocdServerAdminPassword: string; + argocdServerAdminPasswordMtime: string; +} + +export interface Controller { + name: string; + replicas: number; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + args: Affinity; + extraArgs: any[]; + env: any[]; + envFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + volumeMounts: any[]; + volumes: any[]; + statefulsetAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerSecurityContext: ApplicationSetContainerSecurityContext; + containerPort: number; + readinessProbe: NessProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + topologySpreadConstraints: any[]; + priorityClassName: string; + serviceAccount: ServiceAccount; + metrics: ControllerMetrics; + clusterRoleRules: ClusterRoleRules; +} + +export interface ClusterRoleRules { + enabled: boolean; + rules: any[]; +} + +export interface ControllerMetrics { + enabled: boolean; + applicationLabels: ApplicationLabels; + service: ApplicationSetService; + serviceMonitor: ServiceMonitor; + rules: Rules; +} + +export interface ApplicationLabels { + enabled: boolean; + labels: any[]; +} + +export interface Rules { + enabled: boolean; + spec: any[]; +} + +export interface Crds { + install: boolean; + keep: boolean; + annotations: Affinity; +} + +export interface Dex { + enabled: boolean; + name: string; + extraArgs: any[]; + metrics: ApplicationSetMetrics; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + initImage: InitImageClass; + env: any[]; + envFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + volumeMounts: any[]; + volumes: any[]; + certificateSecret: CertificateSecret; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerSecurityContext: ApplicationSetContainerSecurityContext; + livenessProbe: NessProbe; + readinessProbe: NessProbe; + serviceAccount: ServiceAccount; + containerPortHttp: number; + servicePortHttp: number; + servicePortHttpName: string; + containerPortGrpc: number; + servicePortGrpc: number; + servicePortGrpcName: string; + containerPortMetrics: number; + servicePortMetrics: number; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + topologySpreadConstraints: any[]; + priorityClassName: string; +} + +export interface CertificateSecret { + enabled: boolean; + labels: Affinity; + annotations: Affinity; + ca?: string; + key: string; + crt: string; +} + +export interface ExternalRedis { + host: string; + username: string; + password: string; + port: number; + existingSecret: string; + secretAnnotations: Affinity; +} + +export interface Global { + additionalLabels: Affinity; + revisionHistoryLimit: number; + image: InitImageClass; + imagePullSecrets: any[]; + logging: Logging; + statefulsetAnnotations: Affinity; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + securityContext: Affinity; + hostAliases: any[]; + networkPolicy: NetworkPolicy; +} + +export interface Logging { + format: string; + level: string; +} + +export interface NetworkPolicy { + create: boolean; + defaultDenyIngress: boolean; +} + +export interface Notifications { + enabled: boolean; + name: string; + argocdUrl: null; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + logFormat: string; + logLevel: string; + extraArgs: any[]; + extraEnv: any[]; + extraEnvFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + extraVolumeMounts: any[]; + extraVolumes: any[]; + context: Affinity; + secret: NotificationsSecret; + metrics: NotificationsMetrics; + notifiers: Affinity; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerSecurityContext: ApplicationSetContainerSecurityContext; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + priorityClassName: string; + serviceAccount: ServiceAccount; + cm: NotificationsCm; + subscriptions: any[]; + templates: Affinity; + triggers: Affinity; + bots: Bots; +} + +export interface Bots { + slack: Slack; +} + +export interface Slack { + enabled: boolean; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + service: SlackService; + serviceAccount: ServiceAccount; + containerSecurityContext: ApplicationSetContainerSecurityContext; + resources: Affinity; + affinity: Affinity; + tolerations: any[]; + nodeSelector: Affinity; +} + +export interface SlackService { + annotations: Affinity; + port: number; + type: string; +} + +export interface NotificationsCm { + create: boolean; +} + +export interface NotificationsMetrics { + enabled: boolean; + port: number; + service: ApplicationSetService; + serviceMonitor: ServiceMonitor; +} + +export interface NotificationsSecret { + create: boolean; + annotations: Affinity; + items: Affinity; +} + +export interface Openshift { + enabled: boolean; +} + +export interface ArgoCdHelmParamRedis { + enabled: boolean; + name: string; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + extraArgs: any[]; + env: any[]; + envFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + volumeMounts: any[]; + volumes: any[]; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + securityContext: SecurityContext; + containerSecurityContext: RedisContainerSecurityContext; + containerPort: number; + servicePort: number; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + topologySpreadConstraints: any[]; + priorityClassName: string; + serviceAccount: ServiceAccount; + service: RedisService; + metrics: RedisMetrics; +} + +export interface RedisContainerSecurityContext { + allowPrivilegeEscalation: boolean; + capabilities: Capabilities; +} + +export interface RedisMetrics { + enabled: boolean; + image: InitImageClass; + containerPort: number; + containerSecurityContext: ApplicationSetContainerSecurityContext; + resources: Affinity; + service: PurpleService; + serviceMonitor: ServiceMonitor; +} + +export interface PurpleService { + type: string; + clusterIP: string; + annotations: Affinity; + labels: Affinity; + servicePort: number; + portName: string; +} + +export interface SecurityContext { + runAsNonRoot: boolean; + runAsUser: number; + seccompProfile: SeccompProfile; +} + +export interface RedisService { + annotations: Affinity; + labels: Affinity; +} + +export interface RedisHa { + enabled: boolean; + exporter: Openshift; + persistentVolume: Openshift; + redis: RedisHaRedis; + haproxy: Haproxy; + image: RedisHaImage; + topologySpreadConstraints: TopologySpreadConstraints; +} + +export interface Haproxy { + enabled: boolean; + metrics: Openshift; +} + +export interface RedisHaImage { + tag: string; +} + +export interface RedisHaRedis { + masterGroupName: string; + config: Config; +} + +export interface Config { + save: string; +} + +export interface TopologySpreadConstraints { + enabled: boolean; + maxSkew: string; + topologyKey: string; + whenUnsatisfiable: string; +} + +export interface RepoServer { + name: string; + replicas: number; + autoscaling: Autoscaling; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + extraArgs: any[]; + env: any[]; + envFrom: any[]; + extraContainers: any[]; + initContainers: any[]; + volumeMounts: any[]; + volumes: any[]; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerPort: number; + readinessProbe: NessProbe; + livenessProbe: NessProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + topologySpreadConstraints: any[]; + priorityClassName: string; + containerSecurityContext: ApplicationSetContainerSecurityContext; + certificateSecret: CertificateSecret; + service: ApplicationSetService; + metrics: ApplicationSetMetrics; + clusterRoleRules: ClusterRoleRules; + serviceAccount: ServiceAccount; + rbac: any[]; +} + +export interface Autoscaling { + enabled: boolean; + minReplicas: number; + maxReplicas: number; + targetCPUUtilizationPercentage: number; + targetMemoryUtilizationPercentage: number; + behavior: Affinity; +} + +export interface Server { + name: string; + replicas: number; + autoscaling: Autoscaling; + pdb: Pdb; + image: InitImageClass; + imagePullSecrets: any[]; + extraArgs: any[]; + env: any[]; + envFrom: any[]; + lifecycle: Affinity; + extensions: Extensions; + extraContainers: any[]; + initContainers: any[]; + volumeMounts: any[]; + volumes: any[]; + deploymentAnnotations: Affinity; + podAnnotations: Affinity; + podLabels: Affinity; + resources: Affinity; + containerPort: number; + readinessProbe: NessProbe; + livenessProbe: NessProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + topologySpreadConstraints: any[]; + priorityClassName: string; + containerSecurityContext: ApplicationSetContainerSecurityContext; + certificate: Certificate; + certificateSecret: CertificateSecret; + service: ServerService; + metrics: ApplicationSetMetrics; + serviceAccount: ServiceAccount; + ingress: Ingress; + ingressGrpc: Ingress; + route: Route; + GKEbackendConfig: GkEendConfig; + GKEmanagedCertificate: GkEmanagedCertificate; + GKEfrontendConfig: GkEendConfig; +} + +export interface GkEendConfig { + enabled: boolean; + spec: Affinity; +} + +export interface GkEmanagedCertificate { + enabled: boolean; + domains: string[]; +} + +export interface Certificate { + enabled: boolean; + secretName: string; + domain: string; + additionalHosts: any[]; + duration: string; + renewBefore: string; + issuer: Issuer; + privateKey: PrivateKey; +} + +export interface Issuer { + group: string; + kind: string; + name: string; +} + +export interface PrivateKey { + rotationPolicy: string; + encoding: string; + algorithm: string; + size: number; +} + +export interface Extensions { + enabled: boolean; + image: InitImageClass; + containerSecurityContext: ApplicationSetContainerSecurityContext; + resources: Affinity; +} + +export interface Route { + enabled: boolean; + annotations: Affinity; + hostname: string; + termination_type: string; + termination_policy: string; +} + +export interface ServerService { + annotations: Affinity; + labels: Affinity; + type: string; + nodePortHttp: number; + nodePortHttps: number; + servicePortHttp: number; + servicePortHttps: number; + servicePortHttpName: string; + servicePortHttpsName: string; + namedTargetPort: boolean; + loadBalancerIP: string; + loadBalancerSourceRanges: any[]; + externalIPs: any[]; + externalTrafficPolicy: string; + sessionAffinity: string; +} diff --git a/chart/src/helm-values/coredns/coredns/default-values.json b/chart/src/types/helm-values/coredns/coredns/default-values.json similarity index 100% rename from chart/src/helm-values/coredns/coredns/default-values.json rename to chart/src/types/helm-values/coredns/coredns/default-values.json diff --git a/chart/src/helm-values/coredns/coredns/index.ts b/chart/src/types/helm-values/coredns/coredns/index.ts similarity index 100% rename from chart/src/helm-values/coredns/coredns/index.ts rename to chart/src/types/helm-values/coredns/coredns/index.ts diff --git a/chart/src/helm-values/coredns/coredns/types.ts b/chart/src/types/helm-values/coredns/coredns/types.ts similarity index 100% rename from chart/src/helm-values/coredns/coredns/types.ts rename to chart/src/types/helm-values/coredns/coredns/types.ts diff --git a/chart/src/helm-values/external-dns/external-dns/default-values.json b/chart/src/types/helm-values/external-dns/external-dns/default-values.json similarity index 100% rename from chart/src/helm-values/external-dns/external-dns/default-values.json rename to chart/src/types/helm-values/external-dns/external-dns/default-values.json diff --git a/chart/src/helm-values/external-dns/external-dns/index.ts b/chart/src/types/helm-values/external-dns/external-dns/index.ts similarity index 100% rename from chart/src/helm-values/external-dns/external-dns/index.ts rename to chart/src/types/helm-values/external-dns/external-dns/index.ts diff --git a/chart/src/helm-values/external-dns/external-dns/types.ts b/chart/src/types/helm-values/external-dns/external-dns/types.ts similarity index 100% rename from chart/src/helm-values/external-dns/external-dns/types.ts rename to chart/src/types/helm-values/external-dns/external-dns/types.ts diff --git a/chart/src/types/helm-values/harbor/harbor/default-values.json b/chart/src/types/helm-values/harbor/harbor/default-values.json new file mode 100644 index 0000000..f3da591 --- /dev/null +++ b/chart/src/types/helm-values/harbor/harbor/default-values.json @@ -0,0 +1,581 @@ +{ + "expose": { + "type": "ingress", + "tls": { + "enabled": true, + "certSource": "auto", + "auto": { + "commonName": "" + }, + "secret": { + "secretName": "", + "notarySecretName": "" + } + }, + "ingress": { + "hosts": { + "core": "core.harbor.domain", + "notary": "notary.harbor.domain" + }, + "controller": "default", + "kubeVersionOverride": "", + "className": "", + "annotations": { + "ingress.kubernetes.io/ssl-redirect": "true", + "ingress.kubernetes.io/proxy-body-size": "0", + "nginx.ingress.kubernetes.io/ssl-redirect": "true", + "nginx.ingress.kubernetes.io/proxy-body-size": "0" + }, + "notary": { + "annotations": {}, + "labels": {} + }, + "harbor": { + "annotations": {}, + "labels": {} + } + }, + "clusterIP": { + "name": "harbor", + "annotations": {}, + "ports": { + "httpPort": 80, + "httpsPort": 443, + "notaryPort": 4443 + } + }, + "nodePort": { + "name": "harbor", + "ports": { + "http": { + "port": 80, + "nodePort": 30002 + }, + "https": { + "port": 443, + "nodePort": 30003 + }, + "notary": { + "port": 4443, + "nodePort": 30004 + } + } + }, + "loadBalancer": { + "name": "harbor", + "IP": "", + "ports": { + "httpPort": 80, + "httpsPort": 443, + "notaryPort": 4443 + }, + "annotations": {}, + "sourceRanges": [] + } + }, + "externalURL": "https://core.harbor.domain", + "internalTLS": { + "enabled": false, + "certSource": "auto", + "trustCa": "", + "core": { + "secretName": "", + "crt": "", + "key": "" + }, + "jobservice": { + "secretName": "", + "crt": "", + "key": "" + }, + "registry": { + "secretName": "", + "crt": "", + "key": "" + }, + "portal": { + "secretName": "", + "crt": "", + "key": "" + }, + "chartmuseum": { + "secretName": "", + "crt": "", + "key": "" + }, + "trivy": { + "secretName": "", + "crt": "", + "key": "" + } + }, + "ipFamily": { + "ipv6": { + "enabled": true + }, + "ipv4": { + "enabled": true + } + }, + "persistence": { + "enabled": true, + "resourcePolicy": "keep", + "persistentVolumeClaim": { + "registry": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "5Gi", + "annotations": {} + }, + "chartmuseum": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "5Gi", + "annotations": {} + }, + "jobservice": { + "jobLog": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "1Gi", + "annotations": {} + }, + "scanDataExports": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "1Gi", + "annotations": {} + } + }, + "database": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "1Gi", + "annotations": {} + }, + "redis": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "1Gi", + "annotations": {} + }, + "trivy": { + "existingClaim": "", + "storageClass": "", + "subPath": "", + "accessMode": "ReadWriteOnce", + "size": "5Gi", + "annotations": {} + } + }, + "imageChartStorage": { + "disableredirect": false, + "type": "filesystem", + "filesystem": { + "rootdirectory": "/storage" + }, + "azure": { + "accountname": "accountname", + "accountkey": "base64encodedaccountkey", + "container": "containername", + "existingSecret": "" + }, + "gcs": { + "bucket": "bucketname", + "encodedkey": "base64-encoded-json-key-file", + "existingSecret": "", + "useWorkloadIdentity": false + }, + "s3": { + "region": "us-west-1", + "bucket": "bucketname" + }, + "swift": { + "authurl": "https://storage.myprovider.com/v3/auth", + "username": "username", + "password": "password", + "container": "containername" + }, + "oss": { + "accesskeyid": "accesskeyid", + "accesskeysecret": "accesskeysecret", + "region": "regionname", + "bucket": "bucketname" + } + } + }, + "imagePullPolicy": "IfNotPresent", + "imagePullSecrets": null, + "updateStrategy": { + "type": "RollingUpdate" + }, + "logLevel": "info", + "harborAdminPassword": "Harbor12345", + "caSecretName": "", + "secretKey": "not-a-secure-key", + "existingSecretSecretKey": "", + "proxy": { + "httpProxy": null, + "httpsProxy": null, + "noProxy": "127.0.0.1,localhost,.local,.internal", + "components": [ + "core", + "jobservice", + "trivy" + ] + }, + "enableMigrateHelmHook": false, + "nginx": { + "image": { + "repository": "goharbor/nginx-photon", + "tag": "v2.7.0" + }, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "replicas": 1, + "revisionHistoryLimit": 10, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null + }, + "portal": { + "image": { + "repository": "goharbor/harbor-portal", + "tag": "v2.7.0" + }, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "replicas": 1, + "revisionHistoryLimit": 10, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null + }, + "core": { + "image": { + "repository": "goharbor/harbor-core", + "tag": "v2.7.0" + }, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "replicas": 1, + "revisionHistoryLimit": 10, + "startupProbe": { + "enabled": true, + "initialDelaySeconds": 10 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "serviceAnnotations": {}, + "secret": "", + "secretName": "", + "xsrfKey": "", + "priorityClassName": null, + "artifactPullAsyncFlushDuration": null, + "gdpr": { + "deleteUser": false + } + }, + "jobservice": { + "image": { + "repository": "goharbor/harbor-jobservice", + "tag": "v2.7.0" + }, + "replicas": 1, + "revisionHistoryLimit": 10, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "maxJobWorkers": 10, + "jobLoggers": [ + "file" + ], + "loggerSweeperDuration": 14, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "secret": "", + "priorityClassName": null + }, + "registry": { + "serviceAccountName": "", + "automountServiceAccountToken": false, + "registry": { + "image": { + "repository": "goharbor/registry-photon", + "tag": "v2.7.0" + } + }, + "controller": { + "image": { + "repository": "goharbor/harbor-registryctl", + "tag": "v2.7.0" + } + }, + "replicas": 1, + "revisionHistoryLimit": 10, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null, + "secret": "", + "relativeurls": false, + "credentials": { + "username": "harbor_registry_user", + "password": "harbor_registry_password", + "existingSecret": "" + }, + "middleware": { + "enabled": false, + "type": "cloudFront", + "cloudFront": { + "baseurl": "example.cloudfront.net", + "keypairid": "KEYPAIRID", + "duration": "3000s", + "ipfilteredby": "none", + "privateKeySecret": "my-secret" + } + }, + "upload_purging": { + "enabled": true, + "age": "168h", + "interval": "24h", + "dryrun": false + } + }, + "chartmuseum": { + "enabled": true, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "absoluteUrl": false, + "image": { + "repository": "goharbor/chartmuseum-photon", + "tag": "v2.7.0" + }, + "replicas": 1, + "revisionHistoryLimit": 10, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null, + "indexLimit": 0 + }, + "trivy": { + "enabled": true, + "image": { + "repository": "goharbor/trivy-adapter-photon", + "tag": "v2.7.0" + }, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "replicas": 1, + "debugMode": false, + "vulnType": "os,library", + "severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL", + "ignoreUnfixed": false, + "insecure": false, + "gitHubToken": "", + "skipUpdate": false, + "offlineScan": false, + "securityCheck": "vuln", + "timeout": "5m0s", + "resources": { + "requests": { + "cpu": "200m", + "memory": "512Mi" + }, + "limits": { + "cpu": 1, + "memory": "1Gi" + } + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null + }, + "notary": { + "enabled": true, + "server": { + "serviceAccountName": "", + "automountServiceAccountToken": false, + "image": { + "repository": "goharbor/notary-server-photon", + "tag": "v2.7.0" + }, + "replicas": 1, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null + }, + "serviceAnnotations": {}, + "signer": { + "serviceAccountName": "", + "automountServiceAccountToken": false, + "image": { + "repository": "goharbor/notary-signer-photon", + "tag": "v2.7.0" + }, + "replicas": 1, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "podAnnotations": {}, + "priorityClassName": null + }, + "secretName": "" + }, + "database": { + "type": "internal", + "internal": { + "serviceAccountName": "", + "automountServiceAccountToken": false, + "image": { + "repository": "goharbor/harbor-db", + "tag": "v2.7.0" + }, + "password": "changeit", + "shmSizeLimit": "512Mi", + "livenessProbe": { + "timeoutSeconds": 1 + }, + "readinessProbe": { + "timeoutSeconds": 1 + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "priorityClassName": null, + "initContainer": { + "migrator": {}, + "permissions": {} + } + }, + "external": { + "host": "192.168.0.1", + "port": "5432", + "username": "user", + "password": "password", + "coreDatabase": "registry", + "notaryServerDatabase": "notary_server", + "notarySignerDatabase": "notary_signer", + "existingSecret": "", + "sslmode": "disable" + }, + "maxIdleConns": 100, + "maxOpenConns": 900, + "podAnnotations": {} + }, + "redis": { + "type": "internal", + "internal": { + "serviceAccountName": "", + "automountServiceAccountToken": false, + "image": { + "repository": "goharbor/redis-photon", + "tag": "v2.7.0" + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "priorityClassName": null + }, + "external": { + "addr": "192.168.0.2:6379", + "sentinelMasterSet": "", + "coreDatabaseIndex": "0", + "jobserviceDatabaseIndex": "1", + "registryDatabaseIndex": "2", + "chartmuseumDatabaseIndex": "3", + "trivyAdapterIndex": "5", + "password": "", + "existingSecret": "" + }, + "podAnnotations": {} + }, + "exporter": { + "replicas": 1, + "revisionHistoryLimit": 10, + "podAnnotations": {}, + "serviceAccountName": "", + "automountServiceAccountToken": false, + "image": { + "repository": "goharbor/harbor-exporter", + "tag": "v2.7.0" + }, + "nodeSelector": {}, + "tolerations": [], + "affinity": {}, + "cacheDuration": 23, + "cacheCleanInterval": 14400, + "priorityClassName": null + }, + "metrics": { + "enabled": false, + "core": { + "path": "/metrics", + "port": 8001 + }, + "registry": { + "path": "/metrics", + "port": 8001 + }, + "jobservice": { + "path": "/metrics", + "port": 8001 + }, + "exporter": { + "path": "/metrics", + "port": 8001 + }, + "serviceMonitor": { + "enabled": false, + "additionalLabels": {}, + "interval": "", + "metricRelabelings": [], + "relabelings": [] + } + }, + "trace": { + "enabled": false, + "provider": "jaeger", + "sample_rate": 1, + "jaeger": { + "endpoint": "http://hostname:14268/api/traces" + }, + "otel": { + "endpoint": "hostname:4318", + "url_path": "/v1/traces", + "compression": false, + "insecure": true, + "timeout": 10 + } + }, + "cache": { + "enabled": false, + "expireHours": 24 + } +} diff --git a/chart/src/types/helm-values/harbor/harbor/index.ts b/chart/src/types/helm-values/harbor/harbor/index.ts new file mode 100644 index 0000000..f5c6d95 --- /dev/null +++ b/chart/src/types/helm-values/harbor/harbor/index.ts @@ -0,0 +1,9 @@ +import * as fs from 'fs' +import * as path from 'path' +import { HarborHelmParam } from './types' + +export * from './types' +const defaultValues: HarborHelmParam = JSON.parse( + fs.readFileSync(path.resolve(__dirname, 'default-values.json')).toString() +) +export default defaultValues diff --git a/chart/src/types/helm-values/harbor/harbor/types.ts b/chart/src/types/helm-values/harbor/harbor/types.ts new file mode 100644 index 0000000..375c916 --- /dev/null +++ b/chart/src/types/helm-values/harbor/harbor/types.ts @@ -0,0 +1,514 @@ +export interface HarborHelmParam { + expose: Expose; + externalURL: string; + internalTLS: InternalTls; + ipFamily: { [key: string]: IpFamily }; + persistence: Persistence; + imagePullPolicy: string; + imagePullSecrets: null; + updateStrategy: UpdateStrategy; + logLevel: string; + harborAdminPassword: string; + caSecretName: string; + secretKey: string; + existingSecretSecretKey: string; + proxy: Proxy; + enableMigrateHelmHook: boolean; + nginx: ExporterClass; + portal: ExporterClass; + core: HarborHelmParamCore; + jobservice: HarborHelmParamJobservice; + registry: Registry; + chartmuseum: ExporterClass; + trivy: Trivy; + notary: Notary; + database: Database; + redis: Redis; + exporter: ExporterClass; + metrics: Metrics; + trace: Trace; + cache: Cache; +} + +export interface Cache { + enabled: boolean; + expireHours: number; +} + +export interface ExporterClass { + enabled?: boolean; + serviceAccountName: string; + automountServiceAccountToken: boolean; + absoluteUrl?: boolean; + image: Image; + replicas?: number; + revisionHistoryLimit?: number; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + podAnnotations?: Affinity; + priorityClassName: null; + indexLimit?: number; + cacheDuration?: number; + cacheCleanInterval?: number; +} + +export interface Affinity { +} + +export interface Image { + repository: string; + tag: Tag; +} + +export enum Tag { + V270 = "v2.7.0", +} + +export interface HarborHelmParamCore { + image: Image; + serviceAccountName: string; + automountServiceAccountToken: boolean; + replicas: number; + revisionHistoryLimit: number; + startupProbe: StartupProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + podAnnotations: Affinity; + serviceAnnotations: Affinity; + secret: string; + secretName: string; + xsrfKey: string; + priorityClassName: null; + artifactPullAsyncFlushDuration: null; + gdpr: Gdpr; +} + +export interface Gdpr { + deleteUser: boolean; +} + +export interface StartupProbe { + enabled: boolean; + initialDelaySeconds: number; +} + +export interface Database { + type: string; + internal: Internal; + external: DatabaseExternal; + maxIdleConns: number; + maxOpenConns: number; + podAnnotations: Affinity; +} + +export interface DatabaseExternal { + host: string; + port: string; + username: string; + password: string; + coreDatabase: string; + notaryServerDatabase: string; + notarySignerDatabase: string; + existingSecret: string; + sslmode: string; +} + +export interface Internal { + serviceAccountName: string; + automountServiceAccountToken: boolean; + image: Image; + password: string; + shmSizeLimit: string; + livenessProbe: NessProbe; + readinessProbe: NessProbe; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + priorityClassName: null; + initContainer: InitContainer; +} + +export interface InitContainer { + migrator: Affinity; + permissions: Affinity; +} + +export interface NessProbe { + timeoutSeconds: number; +} + +export interface Expose { + type: string; + tls: Tls; + ingress: Ingress; + clusterIP: ClusterIp; + nodePort: NodePort; + loadBalancer: LoadBalancer; +} + +export interface ClusterIp { + name: string; + annotations: Affinity; + ports: ClusterIpPorts; +} + +export interface ClusterIpPorts { + httpPort: number; + httpsPort: number; + notaryPort: number; +} + +export interface Ingress { + hosts: Hosts; + controller: string; + kubeVersionOverride: string; + className: string; + annotations: Annotations; + notary: Harbor; + harbor: Harbor; +} + +export interface Annotations { + "ingress.kubernetes.io/ssl-redirect": string; + "ingress.kubernetes.io/proxy-body-size": string; + "nginx.ingress.kubernetes.io/ssl-redirect": string; + "nginx.ingress.kubernetes.io/proxy-body-size": string; +} + +export interface Harbor { + annotations: Affinity; + labels: Affinity; +} + +export interface Hosts { + core: string; + notary: string; +} + +export interface LoadBalancer { + name: string; + IP: string; + ports: ClusterIpPorts; + annotations: Affinity; + sourceRanges: any[]; +} + +export interface NodePort { + name: string; + ports: NodePortPorts; +} + +export interface NodePortPorts { + http: Http; + https: Http; + notary: Http; +} + +export interface Http { + port: number; + nodePort: number; +} + +export interface Tls { + enabled: boolean; + certSource: string; + auto: Auto; + secret: Secret; +} + +export interface Auto { + commonName: string; +} + +export interface Secret { + secretName: string; + notarySecretName: string; +} + +export interface InternalTls { + enabled: boolean; + certSource: string; + trustCa: string; + core: CoreClass; + jobservice: CoreClass; + registry: CoreClass; + portal: CoreClass; + chartmuseum: CoreClass; + trivy: CoreClass; +} + +export interface CoreClass { + secretName: string; + crt: string; + key: string; +} + +export interface IpFamily { + enabled: boolean; +} + +export interface HarborHelmParamJobservice { + image: Image; + replicas: number; + revisionHistoryLimit: number; + serviceAccountName: string; + automountServiceAccountToken: boolean; + maxJobWorkers: number; + jobLoggers: string[]; + loggerSweeperDuration: number; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + podAnnotations: Affinity; + secret: string; + priorityClassName: null; +} + +export interface Metrics { + enabled: boolean; + core: JobserviceClass; + registry: JobserviceClass; + jobservice: JobserviceClass; + exporter: JobserviceClass; + serviceMonitor: ServiceMonitor; +} + +export interface JobserviceClass { + path: string; + port: number; +} + +export interface ServiceMonitor { + enabled: boolean; + additionalLabels: Affinity; + interval: string; + metricRelabelings: any[]; + relabelings: any[]; +} + +export interface Notary { + enabled: boolean; + server: ExporterClass; + serviceAnnotations: Affinity; + signer: ExporterClass; + secretName: string; +} + +export interface Persistence { + enabled: boolean; + resourcePolicy: string; + persistentVolumeClaim: PersistentVolumeClaim; + imageChartStorage: ImageChartStorage; +} + +export interface ImageChartStorage { + disableredirect: boolean; + type: string; + filesystem: Filesystem; + azure: Azure; + gcs: Gcs; + s3: S3; + swift: Swift; + oss: Oss; +} + +export interface Azure { + accountname: string; + accountkey: string; + container: string; + existingSecret: string; +} + +export interface Filesystem { + rootdirectory: string; +} + +export interface Gcs { + bucket: string; + encodedkey: string; + existingSecret: string; + useWorkloadIdentity: boolean; +} + +export interface Oss { + accesskeyid: string; + accesskeysecret: string; + region: string; + bucket: string; +} + +export interface S3 { + region: string; + bucket: string; +} + +export interface Swift { + authurl: string; + username: string; + password: string; + container: string; +} + +export interface PersistentVolumeClaim { + registry: DatabaseClass; + chartmuseum: DatabaseClass; + jobservice: PersistentVolumeClaimJobservice; + database: DatabaseClass; + redis: DatabaseClass; + trivy: DatabaseClass; +} + +export interface DatabaseClass { + existingClaim: string; + storageClass: string; + subPath: string; + accessMode: string; + size: string; + annotations: Affinity; +} + +export interface PersistentVolumeClaimJobservice { + jobLog: DatabaseClass; + scanDataExports: DatabaseClass; +} + +export interface Proxy { + httpProxy: null; + httpsProxy: null; + noProxy: string; + components: string[]; +} + +export interface Redis { + type: string; + internal: ExporterClass; + external: RedisExternal; + podAnnotations: Affinity; +} + +export interface RedisExternal { + addr: string; + sentinelMasterSet: string; + coreDatabaseIndex: string; + jobserviceDatabaseIndex: string; + registryDatabaseIndex: string; + chartmuseumDatabaseIndex: string; + trivyAdapterIndex: string; + password: string; + existingSecret: string; +} + +export interface Registry { + serviceAccountName: string; + automountServiceAccountToken: boolean; + registry: Controller; + controller: Controller; + replicas: number; + revisionHistoryLimit: number; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + podAnnotations: Affinity; + priorityClassName: null; + secret: string; + relativeurls: boolean; + credentials: Credentials; + middleware: Middleware; + upload_purging: UploadPurging; +} + +export interface Controller { + image: Image; +} + +export interface Credentials { + username: string; + password: string; + existingSecret: string; +} + +export interface Middleware { + enabled: boolean; + type: string; + cloudFront: CloudFront; +} + +export interface CloudFront { + baseurl: string; + keypairid: string; + duration: string; + ipfilteredby: string; + privateKeySecret: string; +} + +export interface UploadPurging { + enabled: boolean; + age: string; + interval: string; + dryrun: boolean; +} + +export interface Trace { + enabled: boolean; + provider: string; + sample_rate: number; + jaeger: Jaeger; + otel: Otel; +} + +export interface Jaeger { + endpoint: string; +} + +export interface Otel { + endpoint: string; + url_path: string; + compression: boolean; + insecure: boolean; + timeout: number; +} + +export interface Trivy { + enabled: boolean; + image: Image; + serviceAccountName: string; + automountServiceAccountToken: boolean; + replicas: number; + debugMode: boolean; + vulnType: string; + severity: string; + ignoreUnfixed: boolean; + insecure: boolean; + gitHubToken: string; + skipUpdate: boolean; + offlineScan: boolean; + securityCheck: string; + timeout: string; + resources: Resources; + nodeSelector: Affinity; + tolerations: any[]; + affinity: Affinity; + podAnnotations: Affinity; + priorityClassName: null; +} + +export interface Resources { + requests: Requests; + limits: Limits; +} + +export interface Limits { + cpu: number; + memory: string; +} + +export interface Requests { + cpu: string; + memory: string; +} + +export interface UpdateStrategy { + type: string; +} diff --git a/chart/src/helm-values/index.ts b/chart/src/types/helm-values/index.ts similarity index 70% rename from chart/src/helm-values/index.ts rename to chart/src/types/helm-values/index.ts index 0ce843f..478d902 100644 --- a/chart/src/helm-values/index.ts +++ b/chart/src/types/helm-values/index.ts @@ -1,23 +1,32 @@ +import argoCdDefaultValues, { ArgoCdHelmParam } from './argo/argo-cd' import corednsDefaultValues, { CorednsHelmParam } from './coredns/coredns' import externalDnsDefaultValues, { ExternalDnsHelmParam } from './external-dns/external-dns' +import harborDefaultValues, { HarborHelmParam } from './harbor/harbor' import ingressNginxDefaultValues, { IngressNginxHelmParam } from './ingress-nginx/ingress-nginx' import jenkinsDefaultValues, { JenkinsHelmParam } from './jenkins/jenkins' +import certManagerDefaultValues, { CertManagerHelmParam } from './jetstack/cert-manager' import metallbDefaultValues, { MetallbHelmParam } from './metallb/metallb' import kubePrometheusStackDefaultValues, { KubePrometheusStackHelmParam } from './prometheus-community/kube-prometheus-stack' export { + harborDefaultValues, corednsDefaultValues, + certManagerDefaultValues, + argoCdDefaultValues, externalDnsDefaultValues, ingressNginxDefaultValues, jenkinsDefaultValues, metallbDefaultValues, kubePrometheusStackDefaultValues, + CertManagerHelmParam, CorednsHelmParam, ExternalDnsHelmParam, IngressNginxHelmParam, JenkinsHelmParam, + HarborHelmParam, MetallbHelmParam, + ArgoCdHelmParam, KubePrometheusStackHelmParam } diff --git a/chart/src/helm-values/ingress-nginx/ingress-nginx/default-values.json b/chart/src/types/helm-values/ingress-nginx/ingress-nginx/default-values.json similarity index 100% rename from chart/src/helm-values/ingress-nginx/ingress-nginx/default-values.json rename to chart/src/types/helm-values/ingress-nginx/ingress-nginx/default-values.json diff --git a/chart/src/helm-values/ingress-nginx/ingress-nginx/index.ts b/chart/src/types/helm-values/ingress-nginx/ingress-nginx/index.ts similarity index 100% rename from chart/src/helm-values/ingress-nginx/ingress-nginx/index.ts rename to chart/src/types/helm-values/ingress-nginx/ingress-nginx/index.ts diff --git a/chart/src/helm-values/ingress-nginx/ingress-nginx/types.ts b/chart/src/types/helm-values/ingress-nginx/ingress-nginx/types.ts similarity index 100% rename from chart/src/helm-values/ingress-nginx/ingress-nginx/types.ts rename to chart/src/types/helm-values/ingress-nginx/ingress-nginx/types.ts diff --git a/chart/src/helm-values/jenkins/jenkins/default-values.json b/chart/src/types/helm-values/jenkins/jenkins/default-values.json similarity index 100% rename from chart/src/helm-values/jenkins/jenkins/default-values.json rename to chart/src/types/helm-values/jenkins/jenkins/default-values.json diff --git a/chart/src/helm-values/jenkins/jenkins/index.ts b/chart/src/types/helm-values/jenkins/jenkins/index.ts similarity index 100% rename from chart/src/helm-values/jenkins/jenkins/index.ts rename to chart/src/types/helm-values/jenkins/jenkins/index.ts diff --git a/chart/src/helm-values/jenkins/jenkins/types.ts b/chart/src/types/helm-values/jenkins/jenkins/types.ts similarity index 100% rename from chart/src/helm-values/jenkins/jenkins/types.ts rename to chart/src/types/helm-values/jenkins/jenkins/types.ts diff --git a/chart/src/types/helm-values/jetstack/cert-manager/default-values.json b/chart/src/types/helm-values/jetstack/cert-manager/default-values.json new file mode 100644 index 0000000..fb71af3 --- /dev/null +++ b/chart/src/types/helm-values/jetstack/cert-manager/default-values.json @@ -0,0 +1,261 @@ +{ + "global": { + "imagePullSecrets": [], + "commonLabels": {}, + "priorityClassName": "", + "rbac": { + "create": true, + "aggregateClusterRoles": true + }, + "podSecurityPolicy": { + "enabled": false, + "useAppArmor": true + }, + "logLevel": 2, + "leaderElection": { + "namespace": "kube-system" + } + }, + "installCRDs": false, + "replicaCount": 1, + "strategy": {}, + "featureGates": "", + "image": { + "repository": "quay.io/jetstack/cert-manager-controller", + "pullPolicy": "IfNotPresent" + }, + "clusterResourceNamespace": "", + "namespace": "", + "serviceAccount": { + "create": true, + "automountServiceAccountToken": true + }, + "extraArgs": [], + "extraEnv": [], + "resources": {}, + "securityContext": { + "runAsNonRoot": true, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "containerSecurityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "volumes": [], + "volumeMounts": [], + "podLabels": {}, + "nodeSelector": { + "kubernetes.io/os": "linux" + }, + "ingressShim": {}, + "prometheus": { + "enabled": true, + "servicemonitor": { + "enabled": false, + "prometheusInstance": "default", + "targetPort": 9402, + "path": "/metrics", + "interval": "60s", + "scrapeTimeout": "30s", + "labels": {}, + "annotations": {}, + "honorLabels": false + } + }, + "affinity": {}, + "tolerations": [], + "topologySpreadConstraints": [], + "webhook": { + "replicaCount": 1, + "timeoutSeconds": 10, + "config": null, + "strategy": {}, + "securityContext": { + "runAsNonRoot": true, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "containerSecurityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "extraArgs": [], + "resources": {}, + "livenessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 60, + "periodSeconds": 10, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "readinessProbe": { + "failureThreshold": 3, + "initialDelaySeconds": 5, + "periodSeconds": 5, + "successThreshold": 1, + "timeoutSeconds": 1 + }, + "nodeSelector": { + "kubernetes.io/os": "linux" + }, + "affinity": {}, + "tolerations": [], + "topologySpreadConstraints": [], + "podLabels": {}, + "serviceLabels": {}, + "image": { + "repository": "quay.io/jetstack/cert-manager-webhook", + "pullPolicy": "IfNotPresent" + }, + "serviceAccount": { + "create": true, + "automountServiceAccountToken": true + }, + "securePort": 10250, + "hostNetwork": false, + "serviceType": "ClusterIP", + "url": {}, + "networkPolicy": { + "enabled": false, + "ingress": [ + { + "from": [ + { + "ipBlock": { + "cidr": "0.0.0.0/0" + } + } + ] + } + ], + "egress": [ + { + "ports": [ + { + "port": 80, + "protocol": "TCP" + }, + { + "port": 443, + "protocol": "TCP" + }, + { + "port": 53, + "protocol": "TCP" + }, + { + "port": 53, + "protocol": "UDP" + } + ], + "to": [ + { + "ipBlock": { + "cidr": "0.0.0.0/0" + } + } + ] + } + ] + } + }, + "cainjector": { + "enabled": true, + "replicaCount": 1, + "strategy": {}, + "securityContext": { + "runAsNonRoot": true, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "containerSecurityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "extraArgs": [], + "resources": {}, + "nodeSelector": { + "kubernetes.io/os": "linux" + }, + "affinity": {}, + "tolerations": [], + "topologySpreadConstraints": [], + "podLabels": {}, + "image": { + "repository": "quay.io/jetstack/cert-manager-cainjector", + "pullPolicy": "IfNotPresent" + }, + "serviceAccount": { + "create": true, + "automountServiceAccountToken": true + } + }, + "startupapicheck": { + "enabled": true, + "securityContext": { + "runAsNonRoot": true, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "containerSecurityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + } + }, + "timeout": "1m", + "backoffLimit": 4, + "jobAnnotations": { + "helm.sh/hook": "post-install", + "helm.sh/hook-weight": "1", + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + }, + "extraArgs": [], + "resources": {}, + "nodeSelector": { + "kubernetes.io/os": "linux" + }, + "affinity": {}, + "tolerations": [], + "podLabels": {}, + "image": { + "repository": "quay.io/jetstack/cert-manager-ctl", + "pullPolicy": "IfNotPresent" + }, + "rbac": { + "annotations": { + "helm.sh/hook": "post-install", + "helm.sh/hook-weight": "-5", + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + } + }, + "serviceAccount": { + "create": true, + "annotations": { + "helm.sh/hook": "post-install", + "helm.sh/hook-weight": "-5", + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + }, + "automountServiceAccountToken": true + } + } +} diff --git a/chart/src/types/helm-values/jetstack/cert-manager/index.ts b/chart/src/types/helm-values/jetstack/cert-manager/index.ts new file mode 100644 index 0000000..92a6f69 --- /dev/null +++ b/chart/src/types/helm-values/jetstack/cert-manager/index.ts @@ -0,0 +1,9 @@ +import * as fs from 'fs' +import * as path from 'path' +import { CertManagerHelmParam } from './types' + +export * from './types' +const defaultValues: CertManagerHelmParam = JSON.parse( + fs.readFileSync(path.resolve(__dirname, 'default-values.json')).toString() +) +export default defaultValues diff --git a/chart/src/types/helm-values/jetstack/cert-manager/types.ts b/chart/src/types/helm-values/jetstack/cert-manager/types.ts new file mode 100644 index 0000000..e61f798 --- /dev/null +++ b/chart/src/types/helm-values/jetstack/cert-manager/types.ts @@ -0,0 +1,217 @@ +export interface CertManagerHelmParam { + global: Global; + installCRDs: boolean; + replicaCount: number; + strategy: Affinity; + featureGates: string; + image: Image; + clusterResourceNamespace: string; + namespace: string; + serviceAccount: CainjectorServiceAccount; + extraArgs: any[]; + extraEnv: any[]; + resources: Affinity; + securityContext: SecurityContext; + containerSecurityContext: ContainerSecurityContext; + volumes: any[]; + volumeMounts: any[]; + podLabels: Affinity; + nodeSelector: NodeSelector; + ingressShim: Affinity; + prometheus: Prometheus; + affinity: Affinity; + tolerations: any[]; + topologySpreadConstraints: any[]; + webhook: Webhook; + cainjector: Cainjector; + startupapicheck: Startupapicheck; +} + +export interface Affinity { +} + +export interface Cainjector { + enabled: boolean; + replicaCount: number; + strategy: Affinity; + securityContext: SecurityContext; + containerSecurityContext: ContainerSecurityContext; + extraArgs: any[]; + resources: Affinity; + nodeSelector: NodeSelector; + affinity: Affinity; + tolerations: any[]; + topologySpreadConstraints: any[]; + podLabels: Affinity; + image: Image; + serviceAccount: CainjectorServiceAccount; +} + +export interface ContainerSecurityContext { + allowPrivilegeEscalation: boolean; + capabilities: Capabilities; +} + +export interface Capabilities { + drop: string[]; +} + +export interface Image { + repository: string; + pullPolicy: string; +} + +export interface NodeSelector { + "kubernetes.io/os": string; +} + +export interface SecurityContext { + runAsNonRoot: boolean; + seccompProfile: SeccompProfile; +} + +export interface SeccompProfile { + type: string; +} + +export interface CainjectorServiceAccount { + create: boolean; + automountServiceAccountToken: boolean; +} + +export interface Global { + imagePullSecrets: any[]; + commonLabels: Affinity; + priorityClassName: string; + rbac: GlobalRbac; + podSecurityPolicy: PodSecurityPolicy; + logLevel: number; + leaderElection: LeaderElection; +} + +export interface LeaderElection { + namespace: string; +} + +export interface PodSecurityPolicy { + enabled: boolean; + useAppArmor: boolean; +} + +export interface GlobalRbac { + create: boolean; + aggregateClusterRoles: boolean; +} + +export interface Prometheus { + enabled: boolean; + servicemonitor: Servicemonitor; +} + +export interface Servicemonitor { + enabled: boolean; + prometheusInstance: string; + targetPort: number; + path: string; + interval: string; + scrapeTimeout: string; + labels: Affinity; + annotations: Affinity; + honorLabels: boolean; +} + +export interface Startupapicheck { + enabled: boolean; + securityContext: SecurityContext; + containerSecurityContext: ContainerSecurityContext; + timeout: string; + backoffLimit: number; + jobAnnotations: Annotations; + extraArgs: any[]; + resources: Affinity; + nodeSelector: NodeSelector; + affinity: Affinity; + tolerations: any[]; + podLabels: Affinity; + image: Image; + rbac: StartupapicheckRbac; + serviceAccount: StartupapicheckServiceAccount; +} + +export interface Annotations { + "helm.sh/hook": string; + "helm.sh/hook-weight": string; + "helm.sh/hook-delete-policy": string; +} + +export interface StartupapicheckRbac { + annotations: Annotations; +} + +export interface StartupapicheckServiceAccount { + create: boolean; + annotations: Annotations; + automountServiceAccountToken: boolean; +} + +export interface Webhook { + replicaCount: number; + timeoutSeconds: number; + config: null; + strategy: Affinity; + securityContext: SecurityContext; + containerSecurityContext: ContainerSecurityContext; + extraArgs: any[]; + resources: Affinity; + livenessProbe: NessProbe; + readinessProbe: NessProbe; + nodeSelector: NodeSelector; + affinity: Affinity; + tolerations: any[]; + topologySpreadConstraints: any[]; + podLabels: Affinity; + serviceLabels: Affinity; + image: Image; + serviceAccount: CainjectorServiceAccount; + securePort: number; + hostNetwork: boolean; + serviceType: string; + url: Affinity; + networkPolicy: NetworkPolicy; +} + +export interface NessProbe { + failureThreshold: number; + initialDelaySeconds: number; + periodSeconds: number; + successThreshold: number; + timeoutSeconds: number; +} + +export interface NetworkPolicy { + enabled: boolean; + ingress: Ingress[]; + egress: Egress[]; +} + +export interface Egress { + ports: Port[]; + to: To[]; +} + +export interface Port { + port: number; + protocol: string; +} + +export interface To { + ipBlock: IpBlock; +} + +export interface IpBlock { + cidr: string; +} + +export interface Ingress { + from: To[]; +} diff --git a/chart/src/helm-values/metallb/metallb/default-values.json b/chart/src/types/helm-values/metallb/metallb/default-values.json similarity index 100% rename from chart/src/helm-values/metallb/metallb/default-values.json rename to chart/src/types/helm-values/metallb/metallb/default-values.json diff --git a/chart/src/helm-values/metallb/metallb/index.ts b/chart/src/types/helm-values/metallb/metallb/index.ts similarity index 100% rename from chart/src/helm-values/metallb/metallb/index.ts rename to chart/src/types/helm-values/metallb/metallb/index.ts diff --git a/chart/src/helm-values/metallb/metallb/types.ts b/chart/src/types/helm-values/metallb/metallb/types.ts similarity index 100% rename from chart/src/helm-values/metallb/metallb/types.ts rename to chart/src/types/helm-values/metallb/metallb/types.ts diff --git a/chart/src/helm-values/prometheus-community/kube-prometheus-stack/default-values.json b/chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/default-values.json similarity index 100% rename from chart/src/helm-values/prometheus-community/kube-prometheus-stack/default-values.json rename to chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/default-values.json diff --git a/chart/src/helm-values/prometheus-community/kube-prometheus-stack/index.ts b/chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/index.ts similarity index 100% rename from chart/src/helm-values/prometheus-community/kube-prometheus-stack/index.ts rename to chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/index.ts diff --git a/chart/src/helm-values/prometheus-community/kube-prometheus-stack/types.ts b/chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/types.ts similarity index 100% rename from chart/src/helm-values/prometheus-community/kube-prometheus-stack/types.ts rename to chart/src/types/helm-values/prometheus-community/kube-prometheus-stack/types.ts diff --git a/chart/src/types/index.ts b/chart/src/types/index.ts index 00cba78..36bdf38 100644 --- a/chart/src/types/index.ts +++ b/chart/src/types/index.ts @@ -1 +1,2 @@ +export * from './helm-values' export * from './loading-chart' diff --git a/docs/cicd-flow.png b/docs/cicd-flow.png index cf3f2540f14185025d4bb505eb0b667368af6a52..ad43b05656a26e05a85a9bdc3161171b7281a9bb 100644 GIT binary patch literal 1214602 zcmYhjN3Qf*vn6&V0fJCKHL5G9`vaxMyP!8sdT)|sGD&ty^xk{UK$EFqR8N{m%|e^s zeS!p>G>2w$o7fR6Rz&3gX`9l2{15-@fB5UKzy6~l^Uhy?{ZIe>ufP7s?0@;6!I3`u zKmIT9@jtAN#QybP|L_0pzyI~0(Eqjx!PZ|z-Q|D%3+4X#_Admg#&!D_%Kr;Ngf36F zWgNg)aJ(P0x~TK)pK}O=p#KKJ{{~?m4F3ydU>dw(&td#Mf(l>}vN|r8xCf`}f1hV(V2Od` z`Jdk!fftrfIGX=7FvMU`e;(#p|Hcacv_a}m(Cm)Z)hK3u0>d^>ZVT!bo+hZCQfYG{ zi!4aEyW&Xw5?S1yHl&~|!>6}GsgqYtCaEKWgd7L6H`E zUzAD>b9jR%iu9+O$)&K-Ym>%z&4wmWV^p^_Y&>k zQZ!na)dydW#u|#}AhRxp)wjC?G2QAHT*@5UQdrb`@d%^ciI=8KA{0;UElGJaN$1q@ z12PXT(5_SgAK)fI56BGf{ZB~_;0!DJ0+3a)qgwD!yvN3cSSSqtreWNGoU+hF8w;G+ z_69Yy69>F#j%ja2B%O026f^4>+3C|`j#wH&j zZkpxaYVv3N~4M z1ZtyBHg(J+j>I20jWxzQ6Y?v%G{ztzY36XAw=`Dz5-m3m1+ zprJ&d4G~cSFQB4Ck&?#y+pW=pRi}VxF3oYym+AyMWHWbJPdRBA~a3z>r@tv^foddgCwD_RqYk$Y@Jm{ug0nZhP?dAZWApUd=b(Crc;~4lRPYYNuZ)mxubly{ zL9dGFu*X=y<`iW#Eh_Nx?XbuS$a|OG*sxC}7@&hJ*y8L!zYF|NH{PCrd1F)V)%NdU zT(N;&5e*>cA_iX9^$x5mdJOcCjo|P-sJw$YLeK`QjIws(1ezf@IF{afL=RLkRE$KO zafH8eMH_fVOY2=PG~2x6e4MM;r(xT_#cbPTGu#hJaf6|8M=h7@iJ!lMMB}4E^|5_5 znl*zr_ne#}24hf|2!;fEi%PAo6p} z`hc%!pckY^^VGZ8e^Yvd&J z;2}I^wVr@`Ld%&z$+ACVrxgL2fkd$hZY)SCggTMuKjwqURc|-=lPCCobu8yt(NM0_ zqfeFfku4!RD^W=t{$?eHPOk?{F^m0VJUA7lfZqAXDd@+%D#AqflsS>krfmvu1_THp z%TwvwNAT?uOywXByHp^K!SpL@+@&eoddF(I@c5^EA}J(OOP99Qtm$rWEGbTCpffvn ziDA-4mDgS@V7gg#8{B?jBekEG;x`||kGx~!$@G$23L_5j$hf~<(KOvIk>ANrTNhW( zPcmD%TwtYX`|&Sna}@O~q30RzDlPtQ#2=O=O)1QuElBh0yup(wUBS8sXV(<+sgEMc zVPXSuWNn&SCk&F{qWaw&Qk)5gIexVKGG%mtT4t3b*EY+G!;KK=cX=XQls5reGBREY zPemU}AP#qck>5_PhhVB}U`U6=`@o>F5$}A>%`{LgfnWXeWAU6)v+FtPD%l&LH(2;y;$39w?a%3} zOr60kzLE&9%&lo_^G}jC-|4x+kcG@dxYYQ4t!1V0Gj{zP-41#qMa?$^YV}!D%KDq|X*GhE8yZ@?P;?zS-d%?SAtta2n!RNuD z=F>S>*UG=&EzQ}=5=VJ{U~NTD(}gEuNv%??R`5XYtA8wGawuB01uz3(&k@h|YNw&B zqf*JyuNJZxRsRMeo@|dE6uWg*@6NYBmNffj81C-p^33DU524|feRu0;QG!zOCb<}T zwN_D=m$P~_>VoMNe@W8ruUNPcjN+E9znE-Gn)Kb$Crh3R{1io@e`P5saRguO=Aoxn zE7xkVhhpfxvmg69F)i)YnA?d+hLEhIT)BNfw;6SOc9iFcT*5oNe=i9_05aNOqDg$u zl}P;J3aOI~De?^^9<6jzpV2EGHUC6)M1LGu9=xptH%4olsc}lAG#SerG;f>iHC~q= zjk@>|HD|B+4Sp=8N@7-Q0`1pTG2(!1P+#>UC)=sMulaY(98F$;Mz!?fA+evZOtxl>O>R&yK%;Jj& zbB9LD?^HzAtxU1YFC9BcY#L$H2F^ZsqySYXwg^Ja!?%v}pNzdHtdAP(^w(WTvSuKn zVe(a}k`NqXxjFGe{8auzuQi!P2)kgQ zcjxi3ab7s2iu9CVR7VL3mV(m|u)5-%>OVnNHtIgwu&2;TMCXf{(WtI#Dz1rwv2G^P zx^+&LXoO~%g47Ka%y{nSak`fPyLzvoETdB~%52AK2lA9E$K4Y`%&nVPrcssWwfyy{ z>m*K6egQ%OFc50DulcwLQm)ixsV)JRnm&4fzGFo+=bB%jvVO3hs=r@8xUz=2*X;-h zmcNICO}pP~d)cLZ=943m=Ez$jIjjZd6BRqmmecfyge7}K&SupuW8WDTO(}K%sr$o* zd`0O?P(+d!Q=yOcSMQ>Fuq@=y@dFe}%HtP9G}p%cV2qJbKdB<_SRTBPPUjf7Fr6j( zIF)-jN_d?~hLaj8Pmw^DnSaIM7DWm3B z1QN1fY&Wf;x9M0pqsbI0o&r^Wge2;z7v=3IrZ^EMSov|+2ClOJC5x2!+N7yWTu4%^ zM{9xex|R$aHnlV^ zQTe3}P@YWj|rBO}-Q3O&~sYUGL#u;J>RiFa#=04jmyMi_?m`R320%oZ9Qokf-j zM1c!x`~;vG#9~n-uIFiQQeIdD`8U{nVUr6Vg&oQ6 zSGaOx##5*P->QqoqbAqHYV)^Vls)@W$RdkrER<5LmbW-n9Jy7&SilZo5o-K;A>uOd zN+#(uvytz?f-SPZj}gT$Gk&hA3|!+;JzsYF5^`KJRxTO!A_-W@pC|;#17qi`i1+&W z3VdEDIqu3-=qz4#0nKW}1j&30DF`FuaG&5x#uLKjXO#&4_6~^KYM#Iv`d8)Ou?x%) z;DtM?w_UrmhD~X@2BxCPsB#&%7?&1RR1xwBEey~v?3RvsWBJc728O*){SoZM`rNIc z_pYh&xwV9dy78;8Qnr=-S*z^RCSG)^Q?~@t^6UV;h(fX2KIF|`8n;I_71D{7zVp5z zXU@hVdK;tn{oTvWRwP@o$TEi0$E|^tVarffoU-VQ=#?-&j;Yj_Tbn!mE2&>lBEqDi zj*3X(-lr6>s=VcN+DV{P2Yu7Gkrk*LTta4+{5ly8OH7oBKXqThB!<;fJ$hv-W|{U> z!^vb2B3!fL3Wi0XzzbxRT2Ny~?CI=UE?@3#+)Tq~OrNvh$ujsDg#atBVPmmitpJ$3 zc@%wE2MRbY9>8JX$e31Bd#pJ(Pc5yBfq-7Kv^1bRDR4MI zjTzRN#%$T7eZyimqqxa+_UQQxVk56BbEr* zZf>RVZmb*o%AB2OqlI>yGPJ}a9DR0Nxv{(Z1jFu1qQL!G*j?~7@A}+FMc=$F@?3u&jDo6R)$Ha zezuDjKMDY$iJOg!ZUvExk$FI1#bGQU=BUibSO#3991PPH=8NhoL#$duqwtWvPtzKk zns>zGsr#EPT$*Bff#YdFtX^*;Z61ku=}|6pA-oy!C#P-cTBUcnB@kr(IN}=6v!j?N z+jeBMJ+O#kS(_t<;E18(j@v9Z-+G7xF#cw7lPi>x70zS3VNdo65uHzVgi&MocEb)g zP~Kj%R1+$g7RL`5T9&0(ahYlgM6b$ltbhmc^8!*60FL@>#BTiqvI>mliq8OGCvZ#X zh#=lQE8HF`IroN8lb1k&KnE9r93O}4nos1NdSC$1!#Y~KV4&NDj!ZP|k>C`hw7uWP zP0t-zx^Q13HgFCYL8{Ja_kuoi>eU3Dy1i%y1Mr|&sx`%-NX%SKL*kU3stJEYjRTNu zjZ>BeK}XeqE7ai)kQABEUUZ8%u(u=1*`&z}i&<}fO|5qCq4Yo^b1^w9&=)vliBbRI zGuF0WqtjuAdArkylDu*F)C;KB)fsB>sPLA44!RMgQtu$Jluxq=NX3!6%KMmyj>bpA z)vYPwuCjl@^&M^hvkDD)epd`5wDh|P&EsJ_#@eARmZobUd6Pu(%H(@&O&2^O%dEu?nEi7;| zf6wWSY1dsJVa%W71&(dLQO()fthjO;4tuwZHjYxwod!8YR1byy?S1IndkY)&e(}&s z*t90~P5aBBPZewpeb#A{$v_)gy89dowC?4%OU|%@06WAg&{LC&5nyAip3*!Cw?L!? zJMNJzAn75VVpA;@fG%Dxem;KMXNC1y*IR=?@7z8$O&7Gn_q;#02hY{b!`fTg+tJME zfI`h$pcq9vR|}tRna&0XZV<84bAP^jiNFPszu zE*cw=!aTY?=fhEwYNBy{lqkAJ~eW?J_Z;{uxqPF(N)2?m;i13rK*2aRI@DpeFz#B0oukR{oLZyQ6;y zYQGbBwhdAJ>^MBHgsg^)u)U_5va{QCc081nO4Yt>*Y;cn8ZqifCA5xI?=Mx=f&T!B z#2y(~AGXFDux~}1OYs|w0H72#s&tIgMKnVZ;6b?cz_8V`K()|I zq4zqN(N0FVE!j&!n3fSN{O89e4Rw`Gd}aD$#eLucHn; z&@Jo**n9b)(4ku}XT_FgyLe9_K8KkC2fHdm7w5(}!2F78aH}>9^_&$OUg48=u>kvW1x{LwrPKGpGrm>|{1LCs@UZQOcUX?>dr>#m zZFWJ?Oa0Q&ZCHVMUx(z5BIy4}8u*2`31?tB9w1lWTz6HK=Mn7aV1xRYV zku6l=Z#o&HT9SrX@C=v_R~%ik*s)sP6K+=)NL34k-b!AluwX>-IW7GC-Y-+e)S*70 z6GMDBw72@9V2;;hAOOmn6yE9#uOs9b!;ebgltEl4HMlt?07W&Kzm>s25GBb0FzxJU zRJy3RH|Y(V0;U%wxk4rWfYX`g{}uUsr4)A#;rC^ zbt0L{OWy>C!T8>BxTb4}-GMkiF^~HXTLO=i5>DM(+T;PV%6^;&8Khz~G{@=G(OdXJ zBq*S(k-c$}V0z{?(;V|x2 zViMl^030i-YEV0ZK{=iD$bo*$zk&b!@C!w#s%r+eZ%P>S3-$Ud>EQgXwOGy#cgb3<|Cj^62R)DM;Knpw6{wB3x!ve%jMBJd&Dy-pc+9V z;E?b(ojp$sSQ>a_a4y)v0rZonPI`S~F6?A4s-NuQWOch7z;lPtPo!-ks@}QJsoiCt z1v!LrQY7dxw|?&t5J6k)Jp)3=`l?$PS?7e@jmx0rez0lfxl>-(h*w1l@^=?qX4IvI zCzKdl9{49A*>`-Wy`J1kREf_$C$aAAMZKo{>}Z>#ku(5prM|_h4_5=9W=zN5C4C*_ zjBG{bA^HUie5)lJ<~?NdTNKSIgyX}+i%F(2M1=te4q#j}#QD}ldHiCfSG&IJTQ9?D zNVy(63P*GrI8ty?ZQmGUBCArB_J)p=jYRnhFlQAIa+YVPhFk8 zryWGqnK}T?MA4HN?t)%)pVPi=3??o_J*T<-WC+KyuS9J6KRJ<(2?nkWV^v>m$m6eD z^wqv}c!;&<*RZgYkF*HuuRwtvBBEHJHAF~V$o%YbTKxir{Jn1?;Iadd{-~@Uz_x*o zFbT7E+irjSt{A=`IO|KN(K>hexO1@MkuGs#4oXT@{q&<8lfL=ot`g!}~XY2`Md-3{+q~CF_oV-x5Yg5HE>AkW_-*Q>h z;)rp(O%+FGua|*S-uF}=d|&W?Sd`x=(1QIKvyRLT^?^f|w%=G$ng}i;gd2(=!@gco zr`fx4(?QOE!#Aol0V5?1ium%7V2QmGYbJnltbGnu+D+B~@g;Ip`&0)ACq-FVxGd^> z1i63M9mMUx#av7zaJtt6@HUgrxh^niG)Hh)^*W8QeJ-hd%1eJA&sA00jlBq)TOP4Sa3z*=xSpUvchXwL(}*+_fU*PD=R@K zj2uaIACbvRI|4Lwg!0D1$orfl4<7r7`K z7znswF!Spc#ze!&rxA3s<~i$$TLCxD7tAh=X~ybz+r@}63?IE`_glv8muEx4FUxl| z?I6U*Prl*N&y!QMiU8&iOZR(1E1~3aFz>*D=H%Ypz{N522odr%f14ESx2E*>?gqjc zhQQK`>IdBotfO{LKO}U-;~6`NQjUY})uH!pmabC}%|@8*lG{{(NIPA%cb^Fh z@><0QVR{&76zJDj*tQ)s@~ccKHTE1Xjgqet0WlTECXBi-N2y?y?B>0^YfN=hd4E7A>PewKCW8LQj z2&c%ULZqkgBPQunr`=?7MoR3{^k*-nJPGQT-3|f=BNC-o01K9vkKgnR2oq-pW`Y=5 zURw3~Owopa0SBTB)YWqlERajhv|b1TZ!CzQ2;o(fwOvNY?p9h&2^zq7YQzodvrexfI0Zh9IOK|*tR{gr4#w+%0h0R1i zNgL?$iq_o+3OILiX`*Qo0d}_|WsnAPIw@NiL12T(nIrRn$YcTF7Fll1GvMyA^%tST z0=+!TmhrNE<9%gV>P73*p(16#P_owu-nz!gK)9gef1WhjH%$(`>EK4d=;JRRA;v))N)KLU4eYOvir?xmG zfLEpv=FrpIXP|<0h4_S3zb(D5Nz;l&S|1SMVxCZs#Gn9#5-sXL(f$l^ujHgF5Gs?y z4>{5)2_7PYSQNdyQ9vSTyJXQ&Mz+0T8*{hYc=1ds(YNfTWvYtZ|G(PtBoa4c`@ag9pH z;}`6Ah%JyjWG1RX1DpNyE9(Qco2c`4eoRkPwbg+~Pd<;{RMFBDoR5v8&^AZ?ff@c` z9??|6J;)}wmdfEVKqopjf6grJu-FCYRv{?qH|qe z%sj}L32^Sv0eQuSzc8FhF-mOlYChLt*_db42*YzKh+0lWdxL~JKXoO?UN6^{<9s-4 z#kv7vzR2XdY_ZfpCWrWp6v+rg!UEG|f4ug9u{T@hX7i-$82JLZJm`#u^D-|YU}W{v zBpTr$frd=IWC+_%0=;(KQX?|Z9Xn}>vw+S_T?V7yhI~&u0iPdfQrINX2xM}z>p_K+Y&;%@Gw_w|fJ=QgA z*FR*6_$9m>Azq2EtkK4;v;yzhQWUUF!nrg_RGMFcXoR(=u&*%oWylE=Ht!Znhcyl+ zKCuR8*I4&RLb5x!54U3JNU&b7DtGV|&s_H##G*v?H@_F% zCl)6wS7fEzUjUokn~#U`*wJM?zk#Uj?~}&~6^j@TP*$vnXVibwBO`kHLAhWXcnV;T zp}AIRV?{F6i;v=cVwS^jwdUDW`aZl>Gr9$SZ3j$F$S1X{;WM6*V4H2Y zKw}p%W(Sf!g$X59eZet$qplDP_G0+emVolf%+3?01}9A_R4E0zoG%Js`-opdAY@6V zrtGpWCrC&dSGHEQ?*Vn)oh0^jY~xzY3^54YgR!NR(bEX{-^+yIc*I&V*Yc4lioBt(~2WVGX_G*k!`6N61 zjb(|_K;(&VoqVm>zISwp6yGE^HY}u!!!%=8q2>?X7^GiAAxEFTMAxL;El;q&tda)8 zPXSk}IW=`z@et8=J$HN&REakQabadH`#J6A-iJhcaSUB^rh-$MXq3vqimy6P84Lx) z4PO||0FP_xwG}4G$*)~hkVI41WLUw!52ebc#|p&t73y%Af~Z_RmzL0B@)G}ScC6@j za9Ts5h_lt28=}93|NY4$LrVDolxhA0u7oA-o>?dY68D)!<$$eN05MK|8i<&B9Eog# z8s|h3Ix<;MQ#Qq)`GRZK;I~5U)H_g8gr5Nh7p3_HS^5u2W$ef}PE$eZZ?sS}PzL^m zinOA64EJSx0|g2}6lPeKxMt3JO5rr34?AEkN~|y-57rp4Pg$FZcwsua=a*n(tzUxh z#S^&2oL~Ze!Kb0j;`olVlSD)FjdC0S;#>!`^y^Tc!MI|xA0(4OWVigx3>u8l>xahE z_g*|Ez6(u{qO~cq7xjY2X@TDD+)A`{4mJ&Ih<+B>;8evM?CamCB{e$Z3Nk(4325HI zf@mYSviNX_U@Ur6VHp8!DNjHqq7iZc&T+#^jPTmJWa3aVRr8}?|A=XUn(HG!$z`B8 z&iqcmz|1<4=rkUzHhGB$70Ctk!^)OZ3y9z9{*wZ+f?({M67i;qY)gSfN$#g;cc zmfijD1OVv%5SZglPhuX#v&u(x_rq5dzIlLwv^iPPiA%E&8;G)yK_1aw@!9SPY=}WX z6kk<-T;GPVHSpao>aJk`1r&d{3!+Stl=l76tq9*gL1;}mr!2C#+x1)5QAGr3E3#mf zU@MdrM$?`jIU!K6JS$Rq2dgMX>q6=FYEnN-GABU5lTk$>rc^)56)^Yj@pI^kV+{of z9jd8}DFW}y?AO*n`(U6w)SAV(I*y()i9f1-Av(nkT zj6kkrwbUT_?2B~kO(?o7vS{d1;`w_m;0#ZRHAzHKA_oln@u*^pzNXL8?W*PzTL$k? zYa{XPPvGjYxANoyh#5i-qHvW@V{V<1=X9*M&)U^6V0MAe^b%K-9_91yy(rcHoN}JW z9=od?ZKOc18np>8D0YDox=)aje!ClHPH}#=AZgEd6M#kK=1Ra{8m$=(RTdvOE!UQG z?x+PHyL9IiL60>p6&1yR?5cJcm}33OQOJNojvHUpVZOIu1r71>xZDsfegy3c9NUD` z9gtvS0RoqRH63I(_1pE(ks9WA(0JdDuv4F&P97d@Sp?Y(QkzWW*L}0N+1E_Bb0s&) z4PwHX9$_>dI}E|QL|s4l@x?&&U$ke81cZhMEL9OS2UC76dp}zZR|cBfvw`8&rI)9ECD3!e?rRow$;#QUqPrq zl4NhL8}4A~>%~O5A)?#U0p}9@_gmSL`%SzEJJI=Tlo4A5hj7)Ya4f!11s|&nIFk4( z-)G{0`Jq;P5#-IRR|#Ue;m5dqKiV2!12295DwCZ9k)r85N+MvJE*3 zNM@!$Em4phyZ%7uS$2tN3a;Bmt$>4Vex`_%?8B5KbMC{y2h9OO;t*PlKhkv^%kK_u zY8vyMnc6)IHCe7O6xKVk)6bc1nueI}uW|R-rUKHF5pp9CGE->WuSz=1XciEYET|7N zC>=t~H3!)vyzGjqv`5&H<`4?cxEAKvRCf{P`tX<6_D=^#6FY{)c5cZJjyP863F*9- zd0Q2d2P&TJ4H-)N&ua^AdUn43$-GlReO-XNS+bk@JNn`qeN3Srks<$42Nd~SOw7;? zb$%dZt?k+(jQrF%kf=l$vwiz?o(XIs$u&WN%&})$J(NBz zReBR7SVI+M8f3ExwE~lwtg0?&4-4t1#bZ>bZ!<#4g@E=n(<#y*eK>TlAU-@uBof7K z0+S1DvWWE~^+HXu>|2KX8l}`Q;))uz#9t0QMQyH*7!?XvK&J&>AK(1#qLF~;**gKo z$^Z=qG=q*yt1MV|gh899KiZryIfWj=i-&uw;#eZ@L>VcO@7LGJo+pF(5+4^5s~KWW zH|T;Yh@TgTi@XC_ zO`~uok|f(jF~k`&0RcDBH@}G)=6vh zIoIIO;o9QTNN~?1%E*TeSWW;N zIP*Kk!B+7OP@W=w5+f*7($Ji~Z7@y3DfbTu;G7_%dj#$_Q{qKS#USTYRzYgIk1~hQ zY2Vu1ZGbZK1{(DtTYIOB4!k-JUk4r{DdCV2ezXe);Z|np6cXSW;FO4IT6}|_Ar-*C zonK`HIfn#-89^Z!{fDj&EsD4R`Sv@pI#+!SCwD1DS-GYNV;`~wW?D2WYfHTEmuoZc z4Z{dSE9y$u)5G^Nt0m`tznT0vcGkR{k7GQQbx7UDit=ZH&Lt|U_UhXkE{$F zWEG#Lh+V-DI6A+$!eUs#o1FP8jV5PpSllNp7_Ckwwo8|Xn@s7Z61Z8*RoONCaNlmZ zEP8-^Y7vThUCt>hT1mak_)AEWF8`mK+KShaLqa{o1H1`uVCADhymHV3#Q<1K7n;3p0j?UGk|fV3-_L zppP+1y{yZ(LR<8_jV#eW_r} zVA@+Y?w$FPDMhAckRlf8{^{Tb)$Ydx3N%-KIi?X*A7nek>p+9{i{nz`ab{)p(q(*@ z(zumo9;mJ2?;NKeXW)t(8=l`@fa;=1+aAnlF#V)IG|t~j%muFCao_p^o8fc15OjUD zA|yZhXKvVwe2z~*R+#&TM*fDMDGMnr9-$y&MiC(6KpnmTpfXrLUg+lhyx5Jy_(4o`yD@}CI@T1E6nxp< zp05%@4-Rld+vUm6eJ1afFB1cl{_1gFgS>D&6EqMtZs(%U6ZG5R*}B6J&2J@|j);QK29c*;qpn^N&*Gs<>QT5U9K#KhWx`NJ)^tBqqh$Fe%th{ZQ7xlA}FGs z-@5w0GdnmPh5!!;J@fu^(9Op#ZiJsg42MxBx; zn|Kw70XCEfrK6W*e^v_o7b$=Ak`JQd2B~5*f1oz^Suv9~)Y;1c$R|On0`+WL`p(W? zs$)8chSOqq4|vXau7MLJ?KVJk3AM{NXc@`f6PDQ+E6Q(Z-!MCWF5(Nv4q+n$AoHE1 zI72x9c#11Kf#wSaroebagI_%$UhgYJm6L*lxqj9~>%Rk*26u-XhByA0dtTwFVfC29 z(hv5;n2MU9ULP+;V3=8u%LKUZYVZ7;q7RBtGX>?M-V67MNBeJ#n$!3gcs1JS@y5%6 z?gDq^lVsjBCc957BquHkkZXT|$#LC$`EEalfEu7QbGBTV7fWutGe;kUS=WgJT7XS6 zKWSu7;aau;zpbEEY=?p1cV>W{D~7-cVEF;3sPd)*6ZyR?^h_v-5ZdS0%OF7C?j7II zGUZF(4~S*e4>uy5{OvpLIeZ>Q^CEl06v;O%j;-&+?-#_ZEMHCh8b4MdV-*v+EbOU4 zVN;{(iGji&6$5F_@G+c0DL+tffNjaLpV8?Qh#r;7I9mww^}X4(Mjc6E7o>FvOps;d z5*Yt&L$~e?JdOdlJC62n&*KL<)+~a!xqWH8C^@gZfxotB@F=Y)k>pn=mh;sum!DktAJ~;utN4Zv z)RX|liC>6QGhmN#`)Nj0K(xEbEgiHXntXVaO7tn)fPKCdC(W?*H1Uz#Yd+*+j6Ygc&n?; z?n_arynB}MR!@mk$CatTiBbNEQSe&~^?Lj|xx0N(IGOpj@cY39@whPGty*O$aCUF~N;qC-sZ$|{-&QfCvd5Hzt zGxVbaJNAGa{*dS`5=h2sfL1&9W!pgvwZT5B2+`|&ecjzM^3#xOE43y^PV=tuTCw+d7FoTA`-)B3m*v?Gx4;K#(te!`#ggTm0xy-IF z%EVc5A<3@J*@5YcWCdXqmN(&snT_1dHsjCFif~y((QouH8$sj{q*;LY0|IyeMa=;t z@br2eBsS-PU+N%3m=q>%@K_j|)2|>~ASPFTPET-Z!`|BCuwOm9^RdXTOfA7PfTTnY znl8yXA)&qDM)p^(S^p8(_$pT!L>xh$;bCauD9~a;_XCJb_poyG;tv#`qGx77NDb(o zCfyS7!wmu2q+I)i#Pmitbhtuy0d=pqMJWoIOayooBFbIT{lEkPD#w9SWh>E4J6E_V zK>vdu1M!bPF#}NK)X9lvWaY<#!HH?o^XoXt4X}(vNDo2@vc{Hfo0;JiTLrHBBD3l%As|v5KdU|K{XZ4j=%0UT`2dlgmmt{SFcYygeSZ|5i+phKg zPEcH`>nssz9FwFc@jCEB3D!lKO!lsJK6kYWOCb9!{3H?&cr)-j1Qk5@wG6WC9AXu< zN?>xYHuTkE^v6&o<-$dpAY)KqWxA?bwZHbEP5{;MXacu?wfuQ|2GG(0iVUZsrT-tk zu54*pWywBKM=%eU0)omYDk3)>GRvd_GCh5-`u6GQn{zt$zx^B#6^hEN%r)##w%_Yg zAV$M05XvPmxvUkk@FDvAQR;V&*3w>g?c!6W-#VXqqAV!`fYz`HZ!fI2iA)*e%f9c$ zPE7Yh`}Kt@Yt7YUzJ>3&zP>}NI??iWK2focdhYzd)(1&-8{>3)g?nq%PBPNofh>?Y zb?*&1#z4~cyhQM0Eo<8U3B@|1x#H}Ed+Vak1#ZU(w@niqfS>9x}b_SJ?bjE zYVKCL@A=(azm?~<%+a{%r`Jz9B}etjEclct-x)c%V~PwxVPBs1Sl-3tzC8m{FU!sW zMuMVxpMyR=E})MP@hVI&cMmYQw31LC`RUE60uwJvMdew(s>iyQq-PLjlgAI%DtT5w zUlu+Zfi>OVkFocgCcdTa(c3#)$h7tgJxW@|~zaD5=R7zmHggw?%w|*@|<7GJg{Jow(3VTw=0l zLxoQfq-0T+P?4zVz|y2xnjy&$Q(OnHvefnYS#M8TqF*?wN^fxjOd@KQr?oRN*1o}&SG@d zc);`4;-25U5LkV)wAkYb=j=jOVqWJdmerfan`bP2PruFfN8N7uNPPVL*C zc)t0#=U>NfowD591IR1|rjt-h51&_&nkD^c^nIZOClmrnIQ9pVGG$+x{4 zL^Ece^;1Xdg-Y1YDaEtvp87|lp|2z!STEQdYnKT|?nu9M!_tqJn+4Kok;!RRZ@4=z zsMht}Y^W5HqC%ZML-Bqt1BrXuF*CO!m627p#{G2uSW>5ApdWzHw6b}_(`|kC%K`}V zXZCd7&-OmObCe%LZlx>*$4YnAACA_M`;Y~$(nzS8s+aNZvdnEJEqgs;a>D{t0(ALH zHlP)m;cF-tpt`gxdVmttPJXG^#a+jjm*E>yc6i?$ZjmkhUSumU&Re}rKKQ{PUt4>} zWZGnVU7Kk=3_c|{ZoR$*07ffV4EqJF{bz-ka&U0Xd8Pg2WwK!!>vuk(5C0$-M^)DNma(_4TqJ@8P<0s2lt0s)#I? z1WAso%cDJEYVU@{j%r~9Jpq^3j-pe*cJS6z)6rqdyuHALZ_n}Y)Tz5Z%&&uW|6UD0 ztS+!If7OhX4RV^jH={TG*3b#>VbJCDE!H;P;@5P`sikymvIFN$)zPiDCMPFq8mZ;d z&YKYt=s^kKmMCnX52Q~=<_pmQnF3-Yn~!&up}%2Ie&+Wn2&+IJWHcz~FI$C4a+IId zQ6w+Ea*^9t(R7fWpXc!C&g?!C(z`V1+@4KymS?l2MU(Iq8v;#l2`V0+xcV++!5oS0 z0(l``jm2=x{uT1Dr(#lB z`KiZM7k9U7I2@ysESy;hGBs)0`gV?VJ>x5qZ00sMDHeF9Ywaex{Yq1eLBiAR0(l8G zS0BIZ=dk7#xDR1-N~EB;GLUoV>TpeO?Ed4p)MBKxfU>#1>@V9@Xvv}q!UY2#elwJ{ znrrfuReRlTTxEvB`QGZ!3?=MdfCMEIN}inO+h8;Js@J#Fg(Mg>!{JF|diN#ltH&r% z?9R)i?T|WI80>%4?TU2ITkuu&agQM<0#6n}iAcP9%`qELw7C9#S+saODysvL$<%*( zltMe6-=FPD1MUV*swY{!KcQ_{fv3;}{K(%~L8dj=V@#9ej?wTmUhlROn#^`V$UOFB zZWwK{>b*v%%j+Tv@8yxQJMY$=ToctRypl0<7jC25-x5yx#E_k%_fLnR4{B}-mKHk@wqTh0wK2L7aFr>1tQ@#PI#j1s#;Ip{b%#9oA9)+AZf0GM>P0K^GjjMSY zexj#eE(^OKwhZS+8T-6V?>B1Fy)+8$q7eL|C_TTjMH^$=y&uD4vu;`tLrx5vn;T;^ z59&G6Blx*3m%czQ{-NM=Hb49eJVntAK9>Gbf}l^U+pi)K_<$w_#hL28l)cC&?|TSu7T`~H>NS5B&rQ6I8zP);AINX7_}0n0++^)P z=nJSRpDiSF-H*rO_w)`e{>9&R{lyQg;6DB-6w=3G5nqS5FLWv8U9(xY21b>I>asRz zw>MK++O{40j28O=VUvR}81e|gw;rFDHe^K{MjwZbuFB*eT4qi;Bu7gJq%U9J(`2Te zLQC7I!hFQBi(70FKdD@0*@yAh!!dP)j=NL@<2{bNuZcp0+a940Drn7NyMgb2b^4Q2 zmPd(Equ9<3w~viuLX zC=Etyo`0U6$gF-Mj{5VJUI>ZpJb?vt`9Nq?%(mO9bLJ-KoQj%+MW+FP{-M(f5ldB2 z*AB(RCEZwsZrAOy3H~oO8%9(=?qMI`XiRei0QHp3_L>%P(g^Z|91Fx3RW{Cod%vHl zk03?A>n8@EYex%E@Hz_q{cch=P;GBk8d9U6`KHUOy_?5A3H(J~=coq8dBUYnv)~(- z7T#OC^Q-IruxRb&A-|r7TN;l_|9xa;{-ul2UaUs*Bau}5qnb)g&FH?@Uj9C~MYI+? z8#It|h}`JzWQF{7!)rR?7mN+aD|afq>~(B*)ITry)9N=T-s}H)n0#PEB;zM=q0~8nvuQy z6txC2rlir4O(6=Wk%DAiglToj8!WK*!8d;-UL+f>Wt=&4|B`u&ne*nYif7p`UTEhj zD{`U3FFh1kHa~bN%a|%e)$y_U=vlfPEs#TD3Y16*Ws^Ua+ez=_P93D9mML$1y2(GI zS1wpn9Whj=1DB6?P|EXNt^J>>ZvlBJL{1u*GC7WJIk!;jqmj4!_gC@z7YR)1lY`P4 zKaZ1T$DrX2c&=bG@ARd_I5p2GCn|0;EJCmM>tETbV-M#x6NWm+OZyM~lBI9(*58ps zR%t1&2D1yN!@Y(&3gNHa`o=qe__DJasTrojvFDf@4M18(KyvHPZTG_6c3l7#{`6;S zs7$yO02)tD^?2Ku<;jWEGOdE?r1gAxIImawS<3kv3&Y!Tm_;_bAbX!<@vD8j^l}Vn z@i)y52bEqlWmf)Kz0bCI+g(%5epwKHh@<1@B)1Su<;+rR=GK zZ!G$i_=WgU3hKRdDM&P?-s1OTw3#Oh)DJW{{AKOL$T5v8zgcCjEN6(@K1zq~50Cq> z?^=y#olGG+B8_Ud1U<=w&RX}%oQq5LBFQG#K9Om@?^BI6D6*+N=2}Qrijd`<%s7b| zjf_{;O&O|xl6ly;Z|X6g7i#e24`M-o4c0IX&zDh|^7u~)%;3p(!k|oAxywK5{RD

dDXAM>UNn=N%p{!tn9 z)sHUWTU8n7YYJzPLzPAcDS)iNRO_UD@vz!SWq8G0q3hvbN(DPxQF{z;&zfOr-}!wE z(2LKketo<4SzZ*eH~!K2BxlF0XHjSEV-=FCkyc&>JK^bM_~>3Kf}%b|+zVmFXiwug>2mFYD#Yv{WhQYh zFPP3=$x#d{06s1j$qP42V{d_!K>>@Ns%dDqi~c&^kH+#~RIVTq8P~G@JW_l92mS5t z=91byh{t4-az%1rn{(CSGMZN9-kRsn-joN{Oe4>}#q!P-kwM|0;VR~wY4@{8(v3tw zuY`n_ol8KenznyC#o@Ru1}h&cgh;mPZvpmysK7M^S9$1F;|HB#LwAan?7;61uAJ^) z6Z>vCO_Q>{@vF~^aY`#Ie9#~>;N1{&$cuH1TE5)L#VPxSvo-2uV6os#_=FeV=us%!I8BAb7r(6ZbfDtnrdJgW*EAWZ3OO zl0vJ=bM%W5en|f8l2Ft#xULik@eLcd0JA$VPOLkZYub|B5ASK;Z0eXG@7e2=80yVkRRC!MK5+PXQiNb991oE(Ft?%`H>et&GR3mFZ7uQHj?+ph3 z&U$r$L5t1N4Aw%`c25WtO}`?=??Q1uIPdyaE536u>EZYE^UovA9O?{^;qS_2(c&C^ zpRdu_cBIUT2OM}joW zg??`xd!4@FompsXd^%$~;2@-@e?gS4@2_2ZJZ)z;q32V7pRI|RRGNFNeRn-KHgu<@ zIh*O%^DREDw-tET9{NbP(ApR%o!_)L#`zn`xA0v?{Y1`brCa$e50J|bf&o>=$2#2b zvW)iXaIe~vTD&}R-&07wpmyHf7<;v1*2So=?86mA zkQJ|@x&7%0PVZ0*DH)9#{rdAmMXx?Y?EbGeh3E8JAy(2|v&4>uGB=(%^OQm2a8kT7 zh1VCh!vQFSUg7T-FDokEI}~ojdD%C)-%99)ac(xwq7jB`Ilk`;rG>vG+T_S|S17+E_DCllPX`-rwStBh;I({|2yq%aM zWLiZ)k~l$K-5T5V8Ex3i~9C7UD_~uq*;0bZu6(+QhEkIGkC-#@QEET zdojZTJsdH|ktFd7YT(H>0o`Q*!rauslP+(MAb$gy31k<|i{OD4T@E!txAA^5GzO{R z;N_6Q!2;wrvh&3`oc6K6Dy#>(#CFM9RHhV^AYN2&h=zm#_hmD2_DYl8Cf>Ri^out7 z_TnJ#NsxhMH<}9N@t!`&H2v#`WQS-L18@KeJMSCY38Ph~gH31szd0F?AX-QNzCTD% z^~S0Q8n@`6=2y-je#>Qkx@SnzbW4A3l+@FL?L@Kx4qC#J9~-f;9al)8VkOWLQtd0U zuTB*Wv0a_&$ljbb8aBH<)r-wI?J}%(&Vx8DoWgefwABzC?ABeqAs~UuIJLx*Kyi#X z`@UwmT&7)ld{TkQNHZsA{h5rlSplJ0+GU4vC+ayw#6z^mND|b1@!k{7Ums+$I?d4$ zN|BTvo=y8n%|nqee9v*)q-;YJ{my%o@-C-`(w~dvdU`8*zfhDPWzcRV<-pyv93!kT zi_Wk6Wcgf=$_r`i9$2S$0AfL-jcHOuwYRj@CAfzBn_TWlpI9lQYR}LnU6g(Dc!8#a zy(w$9Pf0qwVsihJs+ZnEdc#%l-UXvDy2mNfp|X@_MuN@pFV}u){kclfj_j0dCiw$cvzS5YtE;V&n{GnR5PO-t3- zy1DpW+R+X^)o4QrD+Qr^3k)ob?ofL`IUOZ4L`=&6R?aPgCc)#;Uv*NYnfek0=$K^~Y-mLh5U|I|Vg=O_iKy07TNwMw#vV z%z}1%`_{#}QD*)|?aDg}X4LNL$u@qibPkb|SErBlO?J0n?1a;|oKCa9h0(E9!q)X2 znO6MPp)ay!6sSM~=;^5@O3W<{{`t43e(#FJ=kPNa{^QjaqxYh_5&9if@z{a0+Mq8A zI!jD8qLn0LOD#8-3z_bflNeCG!0dNdFw0c&@q}_ARn_~(r!JsrDh3&>@eGRzY|Dmv z@&w?W>;{dpjCT=8g>)>!+I~DDS{2A1CovIaQ!Zfg-Aj^l8*ia0I%3 zlj?2cUYZ}7Fx?Hvl(qLVDK0lb4l>2pub*z!LOE4a^)S4gz$kJvF`i|>iS~5A@DORk96DvJ>c4e2?ec2@T zR5ZhWENJkJ=jCUl^9m^PpFY2OpD%1j-SLQRDEA@#K$d7cj1`~HH&FYsFcB*9T2Ae= zFb)O$79AYPInOeZ@c%59di$D~%LC(S(-!(OMDZ6Xr8K-MP-lHHfBe`$P4uV;IaI}N z`5r|;^IT9SpQ9V4o!7}pIS!lS-z2(H{;GOg-(q$Z8Zvpj-@Ct&g%y~SE1Q-t$&M^n z!x>C4=|H5wbbZ!PrQU5@I43hJg*zKh(*O1yiOF~QS5T6T-uf05BS=?tm0aR}BaF_U z`Nz%vvZ}zN2&GiH{LX(+y9tHZg!=;Y+iYa+MW5^{Ke>c`{c^KYq zd8>}SaofWMWQgCO^NsJM_?yzm)EhYlp`})DFo*thD42E0-X#tw)*WslzKsUl+) zb?xx71FNOB{w#}Lqhz@#O;L3d_2*N{GzZPBKQDmEApZebbK&UcZxtd%?QQqLEUY|` zaKy(0Bjjt@?PhM^vqvS|jhg`livCy%0^sA!vC-{U!7c2O46>4Zbn@aUHrw`IwPbaA zsl_AW&fx~xin)-uk9oh%oS2wOWI^4_WTEr=yYc+_9gn;6qwXdCOC>xFgx~@-;8@uM zKl7UUS0&z#aIf)yWbF&7^KEZxQ$>Laj>Udce;+>MBY~hge1#4C9_8XKy2{AzvvPtA z!&4!@>bK7#yW%wx#*2oZ_Djm<+itr`s5tBGxnCi( z6RDFa9?7(~uOL3#6SfSrDKVStCU50>-bE~l(+833>y+4vp;!Dt4- z!h^L@x~rY493FP%*QmJqEpE;&E+Q<{jip!}!+&p%5#dICysx_U;9^p(`ctJWhgdpR z$`-EDDE9clk&*6!E&-G011UmR8w@1t9Bt{8U?p-%fVGSCbuaRgT)^ z7Lp7hG)!qh*p!y;J5FEX!+)=SoR-(A3ThH}-m*n4P zlhU^-K`nAjmcB)UuxEk{U7UM%VZob#a3QFK^kz;`AX?K2+)&U^`2L=p`INUZ)HVE- zxPyfFDoVKm*5ba=6HK-CVEsrrP7eaFXx83hz4vqIr@XZ4*Z2QF^4gJ#jLHW22sfu! zY2Tb``yMRnRFZgt4-?9DYbcMFTsHgm;-5^^K>(6;7E?`vZYMsN2HDNOgD>$PkMu*_ zjO@rR#?PjgmfXB>w#4dSAs5?Tf4|`G_swGg#9_MeD1h)0+M2AKMQ87Txm_m=XZ>1_ za;!apVxoEbbI8dthSwZ!|JQErKX}jm_Y3kIRI}SvJF9f0xBe7xCKR=jgY=YQ|y}->yAAc>4#P-lK%69(}}V$&mTmhe97jc0IvlfjDFTvFe$}IYl@;MiorsPV_Km(t$6!@GF1f#E$t zdJ`c)Nd*f?`RD1~K2B+U`upLV7tD9)sdMD51BnFZK3E2!6&?a;LrvT2VE$W(yRB6}187=1uXQO6y^GQmm&cknnRozU{ zk!1I$lpO!gvo`Q=@a3?)<|a*o_X5cyPn(bo@<)0~MM~wupY>M&`7~=1OgDqfYZ)1R z&mvP&BJo)EGBnEXA zUk}$THQ%=qVYyfQD7azQ!Q}%?Re2oIOK}Al5V%LLneP#aE%6gvm+x{S=tVvJO{Yc! zD(V6&wBkdZSBLA0-?zInZ*r{7#Q=D7`F-eAvK7|ecfUy)L^SG~k0iFBgulNu)4Y9n z`-rasodh!Z>;Uz6X?crMy*P@Q#4)+`IONHD<%4h7cwaJw+Ic>=7~}LtYLf9dGv+2_ z>;!aGRbvgH0N-zXlPHUob#wl__}tO{Am4<5ZEjy^DrZJhhg)1S9^}RFC*cKIb-a;o znm*`hFdd7Hg9k}>9NFNE#m(s(UN+QXyy{&$)+hNj97HahU^?GvTVV|3?ciKlxB46Z{DjnW5HEMOip8G;{)Q#F9 zs(vApu_SQ-0d2zEp!aHbN5d`|z35azc({iv!Rub8solK4m)6e!)I2`Y@c6LKZ;*?5 z4TgB&Vc(E9B)nS6!Q&I(f0z4qFUXa3LoMPCYKI?~TKza&6gOAzNS>|RimxLn5t%u@ z+BwmJz`tIOVg4oG=GS)8*=z2*Jn1z6ijuabU-(tk(REhSF>a@CowV;8?*a!hInOkZZ6?1}m<;SqlCsk-#ajmex{soewynz+=*QxwFHa9a; z#`6u&L$Tvxk=X|czz4onV58xIjIW{gP#BA6kc>LhsB--Gh6SFM?ig%<0kZmROJA(? zH>*tnEp!X|U+;mAZFxAAnKtFm3(x`=8w*37U#^CE4WcJcKHe;C*}qGAbX{_=m45AS zW-`H*FCpri;PS;bSO_0U=6}(GinT$ej}>C4Rl$;+Z#Rn|@qD(C&NjIGRxXq-5-8=? z@~e+r$zw&4^o8MX6g3x0rk*<&7QgG|#ks0{ic}QE#P+7@5Hx72cdum^2o3nfy9`4n z=w8~)a{1-Q1S>NK;nv-6Pc6dasC#s_3(Q&)Zg>z0K6j9d?j-0*B|sO&*19{-xKC(V z@Q?_Uhl6gnY^e-@zK7L=j>r7r+3g;Z--Xfo*ZZX!huf4jRh|n)knP5{{&65CX6009Z#cs$^Bp^+ZOblu=`{MVC%+EHRMn_Hjx1G6&eAt0j= zeI1sshvWym+eZNnhQ*T$nOd=%NY)|fWN6nXs=@msw@d@1t)xFi&)K>?9Qj2?P8LcL zobUKy2b3T3D}COb-x$66U!(gVCts#|_%Y10#`bofv{_fxQ#e1z{<)iWdA0G1sOV51 zCBLME6v!c`mnpwJm1#FZvO(lc*n)hf_5BncF;-!Fw1dGZfDdLt! z4w)G#{JOv0Lta?;64%?2n5yh;TUBG>D|!;J{iY~DBKgx=zg^T&cCzaQj)wT->h7LQ zBJsv_ehjB?0*d19`c}|q4Z=j{d4u`weyV%SpcNCdmleRucL?r<UJn)$( zFcTDBm>=FNVAVKxJl#bKox|Ti3;T6}i-<>&JfH12%PoL#-pWCo$2OhZ7-QxP3DlDu z2f{h6?T5bY(pz+O-t$E1IU84YCTRjRnpIe555q!IY&cYgoEd?_fd?Z8F~aeE5XX=3 znxJJ>>vzAOwcoobPYg@>)lD?moC|Ls>!j?5_xaITA4=WnzH$8}CrIU6)_R*1NU09y zPP(#(0OFO2Xs+7~(F&nZ+A%$M9#cdLORt(}zuSdBi8KEg3}I~_!~M>%{o;9c#Ao@< zB}=V$`(ZxsS1TL6)OXy%6%OFzMxCxj&qeN-+h+vNt#(oeV)&~3rY$TuIX`KIVMf#;d&MDA~n{v3-r~d$4>5yOpynbx??jyLf- zyVG)XH(^tlXX5$SzxZAh5|lN?1sjw9SM4KhXZSuUH7#Ea6jN?2nG)`==QL3QiC9u6 zp`wI4w1H#)SJ$gvr(#O>cvT^*r$6+YoDZqPH)q&Q?x(K#!V>8C-E$!?MA7MWi@8^@ zl0{Pf6{mBD;u|DD1}DBCr!N;uxzd!;tP@2(2ll>);p26kEK+m~JBw~VzH_F1^YEU9 zURXt)H>xO4{1CU+xaHQABiXONo*ZvLr16;G5hSp@3(4}A>k*-qJXf+~-HR>%p`_C5 z4mzI?#BLeJ=*I7b)y)xIa^>sq_2|$!tWmU}aQ(;+4un6YE7&wkO-kllq0Pq~ONuiF zST)jDnigQS;y<#$mj*7ftQjzp=nV3QxlB)daG#KVm$q9U)Lpr=@dv=gU46LV&s^*; z+DDm-<5@f54|m?3fI;WZ_EFgv!Z|sT)U7@{uqWBu899bzRq?5lx3k)h08U}l%*{AM zinXJBN^8B1ZHEL^x<@N!mAt?iFsjGdf^9Jz-~Z~r1AEIMV&YjTglfDNP|;p1TU7SO z+Z%>K^MyII)NT2^_LjnfhK3H0Tu1`78#dtBr2PSM17yHinSuZ~9DfjQKTPMKS2q}p z&3iB>%3Ta1YD@;nF(=XCy`Sv!Zn~?qUi9z}N>ATEs`RcEj*spa`iEca@ljcD(GMC8 z0CpIhBD!#pCF(S~qhqD${^IKlnZRy_a-=hW4$n-?XE5b+<9}xhrZL9Vycyo_Xx0zd z0VV#bo%{o?7MKU+{=}UetKUgt6qUPmRSm;ZCUZK#9rw`9OLc*RxhLq_Z;c!#PX%8) z90iw>zmg*CVqP{?_YGXg<*o;-$_AN!$ayML`g@m4ihGMrSp@Ou{XKRg$AE#>&J#>t zk1LOPTaPZ$k}d99MqZu?^sTja7x*M<>(?*IAdy14c<}mLe>dK2=UODGXgN)fQEHmY zu^fBsYhCu!<$5R(|LTk+pOT1{j^a*x67_C8%U}lzOCKMe^g@e6e`OIWW8@R6!^Bsp zM(j;Eu;Zywy54im`Z+sd!YaX&sr0Cl#w%IQ-F`x!8yzb{85We{3nPI?kZL1P%1Khb zo@;sjDP9s^S?sy|FdR6-2Mp}dV6=l;l{!;dN>wUU1y4)BOA65+i)DUue)?YL2X{_M zegc02(3QyVj;_H_l=nV=bRw^66O_zekPpeTcz`SYlS=c4jpZDehAWS`REhf|uZ5!B z!n;-4g^$-Gin64#XX{TRpr#o0&ronL+49mkMY`>n=XUB|d%#}nTT*s=&@0;GJ?!4< zJVcH1{Bh?qs`z|FAT?_0IVDf7cPKrG_&~X$HZw&(9{2I=Th37a-jkuZ*O=)$4c$;Y z1jyuSwv-(ZZ$7Ct8=eJWm_rB!w|CI(oFqoZ)Ns!$c2c+N1NhkeQJMA-`d66P@S?;E zSw42eT)>WfElys{Qb!64E$n#zcjX^H-KXSz1?qDA`wp)sbgxp_NK^TbPPYlpI+)4y zL;7gJe$&6CDtd&U?rEag%L|PM7DWtl0LOcEC9}pT_$2+=*jloWQL*G*H>oF5B+-?h z`P;pKESv8y_xd9u$FO0?pi&Trl)Agb%+?p5!jP6zf%Dor6IqF4E9s7gk2lm1^TMOO z%N^!t!oaH%3gkW(Lq^lhj(wi2Xs0h_Vy}Qg{B^G$;kntK$LXGlwX{I(ua<}_xvmL+ zi~S={>t4@Z`@(;TpO^PEmS)^1&b(8{11qy=8R!(ds^MY1V}=Iw0ASKgR4f6_*J&Ro zP%z_FwD|%9@-E1y_9f{jD?E*jYg45%m{lISeb0F0rwGJxUW5x65eaMcc*CP#GGSJ zmwoZ^u+N{DNiSD*LQqi*;nk}Be)6Ea5hO0O7S$5E{GU6yaCgP8vUaLdEN`?KzwbRy zzQwLF`-Xo9v7vOyyrQmzv!{eq(BO?oh*6@$5)d>h7qtULav-3PVl|GP{{17rJfv2y z3woBJ94C%SVVE7cWFeaP%#XB{+ZtAL8yUrc?EQqWCPFKRHIy_cH?6va9I=OH7s&{e zUZn}e0E)>wx-=!w^q4lBKEb{|*gc*md6KDLziIM`MT`HRD#wR^zy@kig()2N{@r2^v4l;RF< zuv8i2Pcpyavs@%IBqp3+3dw*l1hZiStuJX_#zFB!?)We=l1Jg+lb^WjX^zRYR*#NYsGgl(<{6MsF^i~h{=P1|1PA$j z>|WEs`(1W1TiACp2hQpfrkzhupA)!;21V?vqpXVZsW#Tj?AB~ejF0q+p6ESd8w61x zy>m%(JBiS}q0OwTS!yFQjEyems{V$9_#@wDb7nZ7o`lX30K^Qu*{ex$$atP|$t)e{ z#k%c#JCTVdJN$<0-T0o$r52T?K2lKqEmGJ6ArhluE+HB31x?n-vI0;ntVnNUB7K;Y z`qWPB`hk7-t0}qx4mM)&z%pxuNA$VR!lh}+47NdH!COxIJ(=h1@O75R$q9v@v;dN5 zJjy={)41@Tf=6O`R^86l6w90S~?& zF&o0}1~+#$4~0EcF=zoarKeh!d*&;7jpja_or#|B|7|_iO)m7?lPb+ zcZ{IImSljNuPk+SeXO47-28ZOj8H}$ZYV9ay8jeMWNfi zMin-j2836zc^-6?vz(kTGVR}MaN;xQ^zzg4XEIDj@SFyV=!8Fy2#WV0u|?8RA~E(E z*~ssdeRhd$n=vvK_~9190G{Ht?N#&21DSCy$+|(N59dhny1zHPI3EO1JPy;U`>_aF zg`IuLxtrE64e4V4T|^>4C9PjVf1G0@07-uB(ms8>iL*XvVWy?hqk!x7C3f9Zc#}NF`VnZrU8Yi#OTgX z?^Ki3kK-w>ZS@vJs1(!Q`K~;^188h(>wABb`fLX-`p0A*~j&vJow77u;-_DbOe|zvEkKkwh(rE0p0oxWgY=MZvF_1MSNsRrz3lXHL8*gjH_*XC6g47J+5A@j7J zo&2Vj1{>VSMLPB5ONG*3vQho`i`Rz<%#oG|jWQth-{0L(iSR&vT>Wm5fdl@y+nd_| zY1&q+^uRvEoY}~PE9b4f7q_~0N6r#Ss*KB6FAw&sQ{e8ht2$pRy1A+Qb5l+co*e9!*P$Wm|Iu$T;&Kn-m>e*HzlWG%e`Ou+;p4Gd5nEt$1 zZ5EpX;k?U#LIA(r3XL#8d2M7ON-3X6#s~4F=m=>!+)Zt9XmNcg6P0Jr#H&M1B!YkX zV>=z`b%4|P>NU4$+j%*Y#m6r@cdS1~nY?SN8kUO2NiomK9u5$I#=B7ZbFU1%FxFdv z-Rrpgt~>bWFwimnvb=PA*{%%nrNDby(5}W7d?xEY9O9JR*}j{kuKIc)oob00yB0bb z$RAoykS%h(mkyY}@ChV#F+WY1I-1$vr7wxkbRYvT; z5V@ibWaM(C2t(`4%G}+Eb$bQt*BO&(PhwSjL^so8zs!aW$Dzj$Ar~{r;=G((mc}Oq z90t~KFk?O$q`!lN1UCZmPX#EQ_1l+i!>nT+xa7@JdjGbyV)R&$l4X(-KjEH1=BaK6 z2-IL zGxB5rKcd&+P`xHHztC+g2kHG_C)7A?KlR$34H%5I_HXCzIO>qQU`056(f`I1*cU_x zREe9q-aOGO?52Qh?sh2JX5|VNhfg>-*{7_ok;w40Y6eEtR^byo@$H_0Hd6D|xB|s7 z(nFNo7I_PY-Z|~J0H$<@FlQ`s#@#uu3sen0_$acX&`(;;8GK{k!__{;nJ9SkgZ)c1 zbS;zR=%ph!!p4J5Dw-mc3=?wo>x{OT%#e=!AcbfDdFu!6zP>nOF=8yjH-AsN4BlAO z**StY`v%Ss-HIMZMS){X?(J1!*DRV2<4bzkZ%T8{I(wYR*Lv*k0F}PcUa&cQ~as`N87I3zgpZIyYI6az|`P^nX>Rsl*^GnJUp&UIQvbAwznt5@j2x)ZFVQgVT zz9|oL^y#SEGodB=X^*n4H*%>z&SQ#tTh4x-8kyov4JEmxy9?PxIdv#d zPQR@dnQgVKHbG;UKe@ejx!yWfL|<&uNIe2V8vGRritcIE-&q59=S9u{o}xGS2|%CO z$Niwq_`b`Gw@md~s)^_JmsuW7kIW(clFRufTw;s2$zfXwH%7UbfnHzAOSG@=E!4+9 zx4UoZCs^z}@zka9qy77a7f?RE`2TKO+QD9;{p-dyFvSbGD0fOHTJ6Jml53L1*;MGf zQLynqTl?KKWSGx8)G_*NS|2yD`$*&WhTx+_vFSr1xDoy&-HYZl9Q)kA2JrE{{6GqO z-48-JUY;f5V|wFr}-USYB@z&BV*BG6~0gdNXl; z&vstX3i&C7UL9V-Kh8b;c{@IK9tN-;oe_zqZImR`j?mr&m{VzuQ4AZ zME^HxZn|My;RI@*j#&GU0Z(nNYK9)i7&i+7L$2xNFUV1q>G#fdcsm;j0d=P?a;iCt+JUzL}CoxocJ z+f~*;t-%=s-x|q+f9`WBK0*f81b6lFLw=<&n^Z3Cyx=-5EAJCY!7^6+X74D6RC@_RBi`l%}!g`Gt%^3!@TvWBWdVtu2S@ivJ| zi1`sJ-;5Z_W;(Ld%5gLOzAUHrOh2CU=|NGCr*wMkrRURjp8Ej<-MPat=k8#EHmP^T zGuleKmw!;Aeex6_#>gHRuo`$YQ>JY+jFF`X(w|%%^+Br;JFs3b<7nUcnNFso$OvDd zg!3)i-F-fs7IyhO&cdpBjjVZU@``IECTa=14m|a24~zOb_Q98vE`9-X^isdkTwk?! zLvM6FPP)j4bYeqU=Hw%C8XUtLyktt3juZtH3IG-ZI*^`GbPr>>ewv*zuC5bimq>U$ z^L^hA)`S{#PSKCoJHUG`MRt6UmD(T~+e#8n?)res^uir}Xl~#9X;r%hrE@Zc_2!8^ z3g6`hS1(0J{W&+b-2;sSh^UamE#|1IPLLZH1`^cx{Kg)gy|2}+uMfPneDir4Dj~hn zuN(tg+1wttn0l1#eZd=!IjKZRAaC0U>j0C}NhduY;;+Sa5V{;6$ED!Y&&iP{!h zT2hI(;!aGkWjcv-MLdsxY8s@%#gRRekBBdyG3&|n1i;A!1mX;khM#oK-uc<(uG#T_ zNISD#Ww|a3-x7_|9D)icjnYVWMyCRT^xf6hV1NIgN~J25R4RG%y0@|s5!RY(&M}{X zho7HZCscQpr#4-bRw2$n;O2N}LB7>UI3$uMb`hBmFR&lufCuK2&N;sa4}h!kSlh@0 zb0jlZuB5!RUyejc>tHz#uVW&zbYDL>=z~qa9u5k-k5WxKn}G@Ml-WE4*Q-PTnWn>t z#AdF^MZTO?EO+km=_G>9dODv(>oQ{06hFcQldjo}U=jkh2_wxW2!7c)g=I1?4GY4R zH)r#+neiKgN>BLe?oi>pzGul7oRCAh{Im<>MOl8|myljHIno185}}d7vnYqZxcw5o z37AVP(TS=)?ak(Jhi!#)D7J@K5RW8fd;fjlDKkn(e);tR4bT)l(TZ+4lwUa*E+M51)x9mTlcz(QPc>xbeWgK%R(%%aXNeP<7iX@?T(J%O`0(I02-(4|w# zLeJ6ASx;{Kfi)gueZtiT4Cwd4I*In9S+aU^`zLnkHrBP-?~Uo`Gb)jvOW9T)C*>=z zXX6BGinX|j_2)bnN3r~DGfHj!d&8|@alh3J4<@(gI?eE!aM$b^Uv)ywAZgZ1IlDX{ zsowVnQ2)`YQ@q_CO-1@4-b2)mIy=_$ooEE;l0#>zGX`5;&-?I_XvnaZTYh;cV9>1ZzFYO$&`kNG&B1JFu|Xwux2^#cubV=pSOfA=yRXy(K8>aEY|1+)HyoSudxCy z>r=jI+=Xg5UWT*RAlA_P-V|o86D!FXZD3qnJTZc8LEbR)eqhAlD zjxYjA9k>Yl7d#989qWTLcjN8w6V5$yx=k?m2Rpnaa}P7iA=b6t=^cPvr3@~wzg-P*Y(R9YFb<&Q za>eW+g1LrKUD~2NxUHvfRv`yMw+7@u3XA5s>)5S428C2K9k83JQ z7z3UBRag`DLB%)nUl&N$r6)Kg17%UrLcMQ?*N<(wb$!2rUU%*IL~@V6o8@FHQebE0 zL7Y<^6SA14TME74k=E}1*Dz|7V2Nw`Z@rJlt@(bEm?`nd56Vn3`TBE(PlJI^pLN zdu+PBw_MUqh-Y8QJ|i7&Z1zQK4+$at@-6b@kjDlFZz+ASq~8pTiVUpA=J|BIfOGu3 zng3+r_LWSK4|pid&tS=KJb*6rD@?3psB4D@_`kxYjDi{lmmtLS1Ny^6od(_rG6 z7!#G~=_X#s`*{&jCR0Q_p&pG$0rYU{Hx=+vbC_t&3NLju0WRP#^CUs;Tu^fKd2&vX zd$~we_8F7$O3XKryAhl=ibd5!r-zfZPbZPBn00EeBtio2S#ahVFffOBUEIcOxG)#) z@u4(ME&Y1hAhYH{>R9-4#U(~wVV+W$;VjLa$+4>&94;-#7aPdFTrjJ`KG?g@UaxOY zW9*VT{$dQ`XzZ>&-areXm@oK1v`2V!4da~)PFSN z;r!r3Iy;5$+kCAr|U=!cMEZzeZ!?#pgpxT9wZ?m+ZIgUos6u?3?bV zVc6$;Hr1;8k37%^*nt0zW7@%~9Ak&rX=JdEO4I}Y6&k;%4!kdF21Yqo@)2^k%3h%_ z=*?3Qqc9|g+EuK)MYw%N6LW3ZLyHh!g#U5d7Y%aht&-MOg$X-EW_!{R{rb_$orj_IsqKSM7-? z>sbD*JOKJu@51wTd88&9f@taKy>6BZ4<8+|Iac{O{7Upb*ADt_5RbiSdDQ{5gP-8M z+IsuYeUW6Czg^7W*smXeXz<##Yp%oB$JZrQ&sBEGOR}f6c_X{Fsm)Oy+_noneh33n zp#*U|8&$w5wEN)h?@zUdtL#0Y$A7QXJTU2)+!^)zIB&8xb;kaM;vcVp5ORLHQ>tc-Bl(0*Zsuv_gnxK-*h-OL}x>5g4B4G-mnCcEjt7K_ETMFQK9 za)H85G@*SA8o`AA65)plQ6?Uq`PF=05rwGeKe%7ylXJPA_6OxqatA>KgwcqyJ*|_@ zn_ygC`VoqKU3nE^k+j4cre4IM2%7G)ASuVy>7*aDz;)2al|Vvwah9p5{hMI0v#d!p zBM$FNHz@A|aP@+EFn)WdxcEt_YCT)G0J5uf>G_30Cyw%Z5?$fn#<~Pr?|Wp1hqHFf zK4ZVi@V1H~ot=65_G+p_vYc?mK)}U22eSPhYUYez&&FlS4718}qIQxPdWqredp9Ip zFLS`8?_iaq=ZQ1#^G!u3?S6CZb8v#%7B5o8HtvzntgI(hq0=mZg(|Ly$%SHaS4ve=-+!yY2-?bRSp$9;0;e)bZeG zmJ#2Iq9K}d&bnD$ZS;??M+{EVO?bV~pBvong*0DXEScU9-N_(;fYohH$(^|0HqLBc z!a+mWlHj04W9?U>g%!Clgl)F`Hpm?IBROZO(bkwOMLD*M)ps6QVw=)E5Oq+5E!(z! zF-4+|EWgpta*up?Lk4l6^ReQM=P~h5`#`C&tJGQvzYpv3r{;@=Mpqo{;5ocF_#A<5 zr+SZ5v|-tf6s(%D;Xoe-mW9NsNyp`{LZ)B~g)Vm8Fhn$HSE%Z<4O0v}IG;u+YX=WA z!bzuTX5wc%H#{67^L8Wfklbz;f@Q=Fn<72R;mStTxa6qD{)ts(I~~s$qWA76yuph@ zn>an@mPu2e9-I)nlbxmAVD_CFn+~J1844sAqSy)`dS&WER`))n(3nwzXpWYc>1Pa! zBK#2pK@m@r8=e15|T<@MlB0e521;xU74J=^UmJtoKSo{sKk zKhxrOMRKMT3n~&C*8^mwff69Z{k>c-FpFh3mBOhNTkR~RfOleL?ZD|Ave@^$9&YVq z{UibfR(>1LW-vv!NZ_s)mI48Z@t$K>y>D2vio;NXRsynGw=j=~e3=F2DUDYofNF>w zC)KU?+b5S}73&_HX!KB;z5^SoVXpSEK`5kF^6ZnTr|F?UaYQxvuZ&wn^7Wf?wR3nL zSVH(NGb<+Y<9TeWA}-1&d2PF-?xDKCsHna-=-RE}qytxw(T}rtMYm4K8-C60i%U_a z5Eh|n2Lx+A(RNXbShx`(5SpF?a{E>$tkN^>gtwLZDZB#27;{Vcj+jQWZ)1Dduh6!@1A=TA(j-6KSMpj<>N4Bf5Vgq zx*iS-V#Vb)ft==Zt!iE`S)JAJ-;A8&k>Q8QN0MQE5!eUGv$gyskq43YAZd6leY7Eu z!z3!m!{2>)#MA!g=zaD;^)Bxd9U7eWm|)W(vVXkJOCB}h{_YvLFIc&VkFT~C4F+`l z{B96aiJWE&4(Z%E_I1BG_$bm2RF>WcvP9Q)V870{>7WVw*j0f_03}C%xJKs#ST%SG zJJ^raL#xWH9X=2K@UhZAE%QXcaBtTB|)u3SV}I+laNW&j@ga(@`iwpQ8fS0Jn|KTm3fY zwP7+>Az3v4@A?w)9**$SqMdfS^Tv3#qGiL1_h>uK(Cx>RAxi{KsjKSa`pa`Ku+V~P z^tX4O!Bq0GxX}VSu53T`|sUgVFh85`-Rn%pc(Z1 z_U(axo~Khs8>xDXbN=4bN1}yiRmj0wvP5d6YQ|g0#Tq((%h$7R^TswURGW=hEgA0( zL*@*w*4ynD_gGmgJec6yP_S7uYmA)b8d zp19ieZuN~$|9D;5t zAwN|rB6mBdsF&qcs{p;QH8A-rm2e#w!RQm+01rO;!a2tK((5a2=vIV6%a^tTy*y!I zU^c;p_ibzX%|FE90eA*E<ae&_#J*w=mi?Y zm72sH1v^d>7k!^N!shzzy|x%Y7}ELIQPQza#M7*KvsfjqEC5E1&^E2vbn(zvkc|5HG{^4Hyvk#&09^h48-$9MYr7TWgB zzmKd*<8udk)nR}AYNUE|PLq=YIdyG+R)jcba23rnEsFC)4IQ_K-T*40+>eFp= zArOb({2{d2x_nV70B?;x(_wdI5Btd zbNFpKFJh2_iL(UAbz$d39i zIRGCyO4m1c;@WdNj(u-$V2kcUJbj{GieJYr;Wk9c5}U^{SH8S?M}40u=lk-`!7xzI z*G)>qF~}JHi|iJl25$$_!gmkBT>+q45ojMe<(p(Eqc%xy%bBKPe<6%^iquTWrW{_7 z)R+6AsyUjAM=|U-JZ48lfhy;h?+`kvw*6E5;mQyDquVwnY?$HT)BfV>8~B*xlH*s@|1kq ztt7-YQdnH=`04uya#t9^!=)LI5;&b*-iFH#D*N^QEMum~6DKsw^VJsNy^wO0yfxFl z!TSgcVENjzNKGJ##9_R{q+nhSYo~LO$YjL*;Wr(W@5dfkVGew$WcAfyy4mGbW&Xeh zpD;KfJu1@F%sgPggPmXB0f?L7bY4h{iuQ#ORF@(<@QD)aH5Jl-rGUdf3311_>_hb# z4omwi7u3%R0$6J$^`dh3E8VptAx#bPbR5*r(N&*)p=%bSwYxS9n<;^L4uAEziJAS#8fIE^Cn2(&r0_udjaz zO}pkfMr5h5$Sz^=k?%uXq8pT_#=JAlpNxP+lHD}qLRc!xPU0k|b8<#IzMRU<3lXyM zElAaUE@2FKbjzo^q#XTHYy_tcZD8gT3^N@fDNO1i@y+c?)ZYe5VE)ZQu8nw7DN&%|?b5Q#KfP`E+%Q%+4yO0V#k-PlA3L`PK%Flz0e-=gN$io+jUp zlDznbXg)@;#*W7nst4_+LUwN)C@4* zQlIuy2cXFTgbf7CDLcKFx2w*6db}sm;La1t2DhyxUqOR?d6T9|kkc0LIKy(6?$G|~ zHJTr%;&a=Vq1W?UBaS`=>&>j`_bZ(`kKaKSXf!u1O$rkT|0^vn!&?o#wLl(zq6E{o zC@V|_-Ll{1j;CsSJ}xFmtZ=pW$q4pg(lNf}a1|*2>CLPCkjw_GC2U5{UmFhxY?227 z5k6ew##}C5$8+5cP@B71lU2QMc{?$CRSw>+zjXTQi_)rhlx2i*CBA9}`T28eS@@K~ z$-A=$>h3&Fn9B|WDa8}_)&S98c6H^!p;)a{=wZkdop< zplRikKD^?}eV0j+jIa(%z@?~ED#uZ-mumSTl}wSNzg}$jlHNG-p}S(R1m3WpY1aGP z{B`J3?lV9zglFcI$q9TOCf?D@B9?t}{c#J_Ib5TfVpKBPymB*m9=;b82||w~#xvn; zA~@5BxbHt1m9}>hT6tM`(9AlAbc1n|QM&BcZN%$rv4nS=6?C&n_wzOQCek0bFxk)%Et707fq>6tHOJ?UsG#kFi|f(3jaUguO+N0$QkX4psM{&f+&zQy z1c#`XnH+EWJCPOliSJ#~NRc>G7t(sto_@o172Dn}OpstIp;b#{yOM1_2sLEjm^H>vcNLbr z%s#5&L|L>{LFd!PKza#TLP_mCqa-@dAQug&In=QD5! z^aAR&k0z@wMfQW&tw$mbso_RQBG2yerjK=%VcGtq3fnJ|pC>08z}S1J8M&=2X(`v> zIrR4#c)dn|2U-H&J&RbUMS=)}s%drDNtN~bO!h9LvsFeJS`KD1nuezIMCM+(>P*RF zk)FvNFaGxRN|QNXEDX{1=?#>tWbw!OAt0+Qi{58B)j_O=3x1jL3-S&FEgd}a>HCiu zD`pWz(3ZxHj28jW9)0yos{Pm<$vd?WuX(?vj-_hcofT+tN8OhnZvg~`?0kL?$!9b) zC1f6nWa&T?zLWD2Zo$uE*~R+Wm-V#U9rxQO^Fs^wUpQk(_4xZ~kV!SRz+HaqT74Kd ztAsr;qN-(=fk_?t4qNl+vHjd)F^N}n8L^x+5csb^VZ{8{T0)-S>X-<^Z`Wjsp)W-C zRx)Y3pS-1ehSup!{`F6ki^7_8Q(P9Yx_@#@v2Sv`v37fuTODBk>(gq=++s2OtLW%v z&MutWXo0B|ATw)fQ_o4>Tq+bMg3^>d7KbR3#`PwATqH5Zl>`T~I6|Ow!{O0UE)z(+ zCHl6gTL0n*cx^myUz3AZ+-+?uS~uP02l=GyBy6e#At{e%ZUn!Zd1y}_d18#jRJ_?A zE)7@Iz+ftbe4Zfzccr%QoQG~~zwoBd@o=)$mHpgIu6iFBrFympWZa`>l>PCQd-^%p zovKAfKh%35;r$hvwf!hHNIiO{<M*Vu+VV#dt(ZpXv0E+L;poDc%eU<{oeax1WHlOC0K4f2S?wK zh`SHl;FtizCb=f|2#pxn=USe6@xH(lwYRL9X-Y7Ey+!Ed2j1>9Exc5{kO~uF)%`$I z?qERQD)PDrM&mRde#f6^|EE3R!vz4JfE?zO zy!w2(Xs}Y{bW8n44@}CpKSYMKVKVMdak5Xkck4xL(tTHNi`@^!_QO7y{`Sk4!{ff)r)^$1()&ecB^w20@ z^DcpztGC8bwNIlYe20VtZZ0ukk;KOba(*$X?Nf$gvv>7K4v;|7I3Lmvy$mK7?6>Qk zn_MFMHkar&j-lFyoNv?0&tX)Tn-R*D$@v+>;S~l!g;gDX7uaF4z)})7i?OXIs8+sNdD(73rV%onSPfNgz|dZxLK*z?lEYeg&)Exwl=lt7kse^S8Rg~s zTNcWm9Jv5i`CX4f01Tt|`y>Dx&(czNsd9p;Yu}s|!mSU&bf(&otdTV<-?lgM0MIob zCwMA~%$M6&Z1-7;52QKOmh9`!Dv_#1P;;Ez(s$DWRlKP#7s_Sz;&8mhWUt=PT(nPB z{TOgecS((dwKXsO)fd@)LWZ8t`zPaP4i9cw zhFlLnjog*)&q{$QSaKJLGI^O1IwOsfnHR`qc*&}?mgctryLie5H zY_lOtG6jG1$XCMq8az`Q04EB*c1}37s2q!q|AK%0VX^mxDE>~=p)4f*&->f;>puEA zz>_X_=Asfa0!yqx&Iu9j0~g`>DXFEEP=lobYfAr9j?lO33K}h+mal2=q9-$?$B4|E z(GMNClp}2Ld76%hl0zZlW}OZnb@cu{9#uQ3@P?f)MNBhP!fRsQ6*>J{mgUFN66 zvEYa$g<7tZni<~8xRRx%TvCyjmJe5HZT>W(@);B}3vpA?{pKZmPFH>i2L|4xK>oUV zP{Ma;f>nHePhcW`KOf(DeOvB)RfG8qmP^?eSeHu<^|(j(1q3MN`3YZabq%M5x_!sE z`|u6=FqRp~h1PXcfBpcN9t>~wUr+6cw`OfKp1;+udL6(zV+A}X-z!|NMmpv|{I zcu)z&6o`P3enxSr-uR#J5i`@ZDptTnDZ*rz*S=e~z~r6r9Ot`&Q{SO=1_TU~kTUDm zueG6o=OTyTh=p_6vyQ+SblJ?t&7}o{MG{xH1X}b4A11U)nl=#dQQcu^t`g> z?*bncNrlB#lDfpplAo4S(l;Z~oaf|j+D*S-ejnrJ71^R#j4-Q4wzEyq;=B4b;Vq81q3@_C;r=14_ z>jtkO!3n0^hLI=dDh8Ol3bVlxuJ*mt`+vOkx)_UBKye+q7)eQkN_ z!R03c)G!)nJW1n@6_n_TzwSPI`>e?F7HroD98aBo>WDpL8L_EqNVlplX5>iTH4 zB{mZDk4o`pO7eZWn!pXcicwSygP~zgQXYYMv{RNOrby)9ZkYat=o`Uz<9yvKxJm_v z7yHPb(SfsWq9L5WUx}*6YAfh|i#GH%&a_+U2dXKUJCuU7Nf&bHRZx?>+cQ$RZxRJg zyGh%NeQ<$=K0f!Wzf-jOLS2*#dA}W1=Swv^@l#^G{TPk-*=8?3LIw_=o`AL_#AP4n zUdkgj;3;OLLK88+)4hzmVOWp9tLI@ODIoAaGMP)<{c2Q^(B5zEqeC4OrhI&~ zDX}(kkxeoc%N&e545iT$%h7mmk&f;DRUE@}wh12w3n1xBb>au}zZ93;$7*jxV&C3C z1fPAJf37?{Zev_cW55Jf;;VJ+p^>rfl7YQblXbGj8kg_lpU)z3d8f>x00Yt8BZ{Hu z>WJn7)O;NzJE%c29oNI|@xNJIuXy2|DT0 z(L*k3`%*W8*GzwWZjYt;Lxy=;jQEUf5*2=C#iI_A^VDNU-~i&kBjWwb{5@JUbGts{ z=VSQhz6_tX50siPP?y{Fx-c1{Za$J(`=~{(YhZ+AgxI z(M$;QM2ESj7gVb|KF3o2j3E z7Z0~^2reueSa^A!sVh9D@Uhd4nJuJ^8G6zHA<6Qd6iH2@f~M|j%6^XYWqXy@Jesj6 z9B%N~NAS%1+( zSKVH54u{i^Q-kpm=kuNPlxG!h z`s|TA&cvWmyF3KOG;mFedH6)Lub5-eg8Qo|&e#iR*wBXM(*6i-zl1D>SUu9}DbaVd z$`^XDGJ2*TdLRG;U5$JCembOs_bB00T+-Tmxre@cc-@rmwAL|Xa&bC>=_70>tij8- z={_lAzZiL;DB3$+cFWdav=D34^M@hv%HhxUwy?eqb=ztd1<8o`MSN@y&eo~wHsK(x zKTa)jpDY1pEAy*BnTl4Uotqt(B@&}{AnsQ}AB>Ti48Gsx>^yw1hLczFYc+6ivjKH( zzc}8XqtjkXJ~@M!hj4Yv*5RcGSxlB*YAZd#z&dG6N8kvz*_0>V^1WW;I>v_FKDAu& zyiP;$tjVn~Yu@)>%0elG=iTX3*Z$OD4;{D>#R{u?wr3H(&JUa&=$q{2L9=nLm}hkM}+%W(JUI0~`aVYBIY6dQb{?rUKv z&3>hHtni3}aRKAQ)izon*5jeOuwQF(X>A+WV>t?@z8WFlz^hy_5D+)= zYMf6w;ZYu+?clozS-PldW*d(v!TH=gLO~p-5KUR$aAX_J-_VJZUQvdF=c|^2s zh!hbvqtK_f>_Nqv^Z4Jns~K#cukrd}RRY?~`fKr<(>a}DqTAwoe!kr(Hq$o%8&GBK zQ4#UH)4(%zC*Pj{InWxE8uBBk{vL2G&beED94ZR|eGH5_eCy>;df&T-e5JCl4HljH z+wmU0ryr{@T#xHSd?%2vNP6^TPPgnHJWH~KJuOcB+z!UN4to z1IFoVy#@Vj5wvCrj~GF|v&hxwdV)a^eJmPFg2lyKTb4*-Nh8{$P3!uF#>Y$iYq)1y zr4;w|!nGx(Et~84+BX5J2noPG#Tx44E?vjOff?WI**XCctH3y7Prv$65+7dpbRo(( zsNwJO7;$qk@kc-mBQ6@G`-Y+vo&|fB%hZ9@Bz9~ZH9x=2(k<)L(CzcgVY`f9Ni&G3 zxIRogL51BS??(#r!vR}JGOX-Q=tlk{Gg}8k6RYjk&h|&A#g2 zL9Nk1bOufJsDdPQc$OVSA2WUXPIdAH-O{~8cnbfz1tsJ#*OMCNaK(j4{22^4R&S5m(NYXv zqK$DmeT`?{UFv)TzNsJ$Y9R3eo9P9-)+BmOatWc-ILQ|RV~cct?P_|-vQHP_u$eXM z>D2&L?~FU_6J|2#CVKod-z!mHCk$j?1oBw;f2ZpEes0K8!eJ zb9`|w?r-IK-Onr`7tua=(`(-=6;>Cl-kUQRf~>T%&+*pY>zjTQIzaOAhp|+Y=GEL-s$b)7{n=YTqr)4~ z&mO+yp9AvB$lTZT^AR1l^NmNR8>&Y>oNaTO>3H8NUz1S06Xq~92gAHw)Nk*?3kDe7 z8fG+~UU<1@Qe&r!J-rD^`-Kf-W5WJ%-{u>1pXdQ&@nr)2$|Emn42TxXd??Ru-((Q) zpYdISH$EM^RJflO<2ZN(2iHB<8@#~Q@&H;s2gXvTJs-a8#m|O+B|(Ku1oRW*0$QnF zoKh=8p8-Gs-_?_|mEt}vc<9W=?JKMPFH)4zYJV+rl)!Bk23H@`TX)VsIwDgVCs#CH zaG&Z$wIaID=_g#~sm)=+%NIXyR$G5#80S0GBYc3kJkxE$(iYLMC%qEs-(oPr?MGzy zCwBD9_6si{m@~H;l{@9PR$SnsjQ3*oDBADZaXVm!vVZP#U7H`xm0mpUU+}|cY&sI~@1&u}2g@6bD2?>>Tm*J4z$N0fCQ!B!<#OK8 z^UkBJ8xNqi2G(>{=f+@H>MVkZ_k2UHI48k#zZqt#;MxTfu%wh+wus@;o~#GiHLdl$ z5qs48U|`eNbWl><1pN}0-R7NPeq0onP?h!w?i=zDSbk4;tJeM3v7d7=VuLGn{1jPy z7Odqhp6>w~ySmaxQ}~HHnNIrLPbo$Q6l7z{Kd}~fW z_@UrH|M@4b$s6vMV)2vI3``DM?XZ2x9)G^r9pJU%Ii%%}ZyJ*QbqoKwkRqJ@uqCcAo#lF7| zfxB_WR7Yyxe#=+#Js!VycQHU#e__ERgl*guH4_Fjx^Iw{l=0<=+Amctt+K^bU;;bO`$o_tZ2ARl5llIydwBfz#CQvFO?1YV-1sn+49k zH)o`xj{H82 z2X$L^=C)2DoY$o}wu87keINH1&5z^dDO}cc3czQ+wY#gJc-C4=C52|epEgYwDKMjs z74E8Ye4Mt%xpwWi8iuR({#dFVUCC+qp0vjJL9VsmENy#nr)yxGPq-XppWH*qucca+ zaVs(G?jwLGtMwUtmEZn;4?0BsEy{Rck3M=KZlO><*^d4?PsRjJ{J4$#3WluY{BC?u zfx}8t3KWPmgl9eUFZ)?8F%i*~hbFqF6SaxJ3@3g81+Ml{tZdItS-v4L=D)YGXPcBZ zAvPm`HV0Jq>-Ok#x~85Q+zRgGCVO}x2vc)H;zjoQ`?YHd95A1cR`HOmj)MejH z0!7u5l?pW*awZ+7YI0{e^@pdXSe{A*J|#pYLh|2D0ALz&^`0JTt;GP zxO42_;QhxJPP3=k8X46>_rwIG%YJhDk57n{b*uSf`;N|ZW)Go7fPZGDnDw1zq>M|; zOY79xb2{3m6{CgNhWdz_3yu&u)5BOEmcI|hW^ifxg3t###fl`Ilpi5=c1!RNr4Hfp>P?$VZtW8@f^@+<+pFJk@sQXnr?Va zcB(dU8X*pidjAf5eU_SgWX#IA6vZ4c^KWw_LO8)3KPQ}Db`Nh}R^!Nexe8g-oVKSJ z7uTm^4haG^yy~=TZo+Te^cLn7QKghv8Qi3CrEi?PuOBwyA|m5-UhC)*y)W+N7)|0N zaxkmFOpZ>bG8eYg70iq%xo%dUwpT?mY>JR*4?A3Zgl&1h;YP=4l}6Fp;;fG}K+(Qi zZ5Hu>Q%^xB92>L^An?o4o316{7C&Oisu|a&bQ8D38>;wI{z#1L3LS}L*H?iH#G?{( zO&f>V*hoksed_-Fh~MH-^3g7Uu{PiQfZ{;<@Zfy=iLa5PSgmm?5es%W8&+Y!D8 zTg{7+lI{D4KuO|r{D-~VBQTUY0Wd$5k4Sds-wK%vGM9R)fm)+~XnmTlIPj$*iE|=6 zvhR%pAR6_hs5)ux|&BXcb{j0+Ew}f@$#F_*V_ll`9s)!U=E3{%Osvm=@^Vg z9t)TKFRE|lI~V+rryp5p9{MAE*O7faq*rDSW{sNUkh3m)Kurr`mUI}*1SgTH)?9yz zVzj_0%MMh3w&k%5@9kLr0cs#OM;6wrcyxoc!WpZXfw_#f6TQOtw`WBa}R$37T`_Njw(O=r$4N_Vi2(qkr#)Ax5L(@S-rr20N! z4l^SLRVm|(mvjZg%kb1jhWXoKj`KB)o(dYHVEQdMBNPP;ug+#^-J45xlbbAVS zh?ox=rHTIc<|@nF>=eTi3T48nM>(OmIF(Qm)S!?FHMD-wOOfL@Z)LNW&J&A$r0gm6jMa2i7L4VjG@i|Vn_GFX&c!Do$ zjMYv$IsQjLp^6_Ykc>>liSGSZ(IwJ+-S&wZmInJMB0Hy20yP7DvDE97ZWL7Rq8n3> z6iNhoir3qYbC65{eGRC8rWmB^icv3~^C4fGVSidEE#?l^^2J$e-oJT8`a>7VxbOw} z&X9#KqP=+A!vt3fzb|(OV@oz{t52M?3*|ur!shWRi(1_49V(<}hp2YB7z;TrN zey$U{koVuIs%euUuSfdySYI-bNBdn0Pug~$Mgn0BU4_@L$M!0n%@`MZT09}L-JH)s zl}#Hq3)SnQ<*zOTIg)WO4G1{ z6(1ErlUVv&OjO91kdH0#f6d3uj6HNCt?Ax=bhNj>VR0IXB?|rLM9v9CuYMt*!HQ}3ihFsMX zbSj)9lCU$*9dvHLoVrY*eG;Eu_V5S8)Fa6zP!EDlZI)<~x5J=p>SS2-bzd1gM| z7N2-Xc?9i4(2TnIC=i+IV(z!@AJ#HZ}k|lc=sLH z5*??6v5C_uKQMaxLwV19x=~5}&K9``ouaMP19?pDo_gTi<3Yj7yAdG*=Gj+?;clM= zZWGG4OKJXeIH~^H7kTS9hzh>rZV@ViH*;j4&Fq%6h)V5pVk+Y_Gsjo?g{hfMKMAS5 z0$LBM^Y55TXmK=;1ik>t&<8W1tm8E2Yfu!j)h2l|*nipA7)1#!Skbhl+v;WOPB zhr?~L-m^t7AKiYl{f7=7=o&sEQz2}(y`~~b`>IIf%@ESs9c3z_+`ZILJ_051{!A5c z5Q%ac@Av7{Z^H9ijE_5pg?ItAa>_KJ$CslY4HQ~^H-1#YFX~U(4}f@65Q+8`6(f2a zzNk6L(mtlnCzp2b#>*I~#ri%`LimjC`CbL%O#YGBj`8AoVRr6n!25@^o#e}LA3Yhg z{aXAL24R!A>{I)x zH81<_nTLQ;t)f=G7Y^T?td@62^daK-7@>xgUrW=o6jME02+6O{;dVKmC5k)8z2$_? zzQZfKMgjCrG8Nn&Jul7!vZiQQUYY`3u5Dkq#nTrOL-`%2D8ALx*PSDYRtaX7`D*fC zbp3lK<%YMBfhybs&Nsn#@gfaJs8j3Z)n*cSr%0J6jw$+`CT)A)n<>>CC@BKdj~n0z`aov-&{kvJ`s%Sl&gV zkMB^~IKV6fi3pu-eRMwOdNf0=q$O$C3K$=%R+ld}zoXo0W}rb3{<25*&6(#%Frj*S z94;xF0>Fl^Iqou`d&Y7y6h_GQkre9bVGy+v$}+!XOfzL{LgNPZ0=LI;w{EF^x3?`( zmtT>JG53-}kOJGI)S-AM9*+^i(>>d$P-DJWFmO)W-*+@AUD9JsUyJ&h6chfQw3WOx zLFSFuGyJMHSPu%sHqD>k2py#x)0M7xl8+6X$Itma6ZnHioK&~xe25^A9$~*tL9d^m;M5_J4Q&_!!!VLyhJQ9@o72FKRn#c}uC`1Q6i!x5m{;}n5JP_1s_5eJ}+Mp$Hq zz<3dCaTZ4hhEKydkxDTNP*j6yviL}kqV4a=lo>e|iJSO5>m7ZiWk9bkc@O7JWwNM4 z=K+*>SP8b?@+GaPq$;^Owa@GNE{?_vhCO@3|0SjF4PeF`5IfEn8O;cT^DBw#;%nRM z`!;iwb_5d#-IS*gt1ufAuNRIor6{SPe(?C%TVvkB1VO2%$(lx)guky+ce&uIw$6eJAy6eUiU((2)9a8|DSQsE8(o?RmIaL9VaWOwdMMu)z|47txtg?>Dmdn<5IC6Bcf(pR_k!qR(a zm2A;@i1$TiUmkzrVnFr89L{11*#qClb9W_c&|^3smgTG-pWV2S-%N%Doo7nnGlGwl zUL0vTPMd^qU<11D`=u%IHy59Dzm#8OyEpyYWGR<4$T0T-{xt+H0}}3i9)6;G>;0~5 z)#w{bMJb)g`-Nt*t7q;fv`2wyO7*HYY+qXK^L};sc;4%skB{sBKeQhnq?1=F z-SOx6$Pfi=M)@7Eec}bkaPMYX^R&5hcON_VajyBa(cG-o9P_tL&M_Pgl2MS(#zLBO zqC(|62TmdB{CI|&9m{UKeci7Q2bauxA&jEi?*q#$e8B9OIZ;1Al*vG>b$Qprn^$5n zXV?q*6-F!?K1hV&E$%mdBpy1$h@qDYYbYwR>t)w@(V!6;ndAYeIC}hcxHlK*|cMPC- zWrci?us)TpjKpH-_vEH_-#ad^Y&XWxKGIqsLf$-yEk&GfDu^TdSCTC2iUm+l+u33n z=XC0g2O344bvrc-apl_hXL>{$IZLaMT>!Lv^?WUDIcjQy0V8FTkCjk7+QSvBmlFjB zghvH@32zcQzbh10E}^{Po$FWcM5%-U|@LU0SV17vPti z<3U=mOtHK(16k$wq;{v+`;pDXya3kEpkE!147=ocs-^ok9Nr^byl>E?Rqo$fUt2TF z)(G8!!4&rcZdStTx8|HxZXUv1IGUBcAY1k}dJAbP@;^h^w^B6UM>gHl%JX8zA#r51 zf5&T2i;uiU*qmO*eLa-})4=n|O{SmZ%Oq{a9N|^3>D;wYPFXajw0b&_oxBA&`Z*&H z;BOc8U>)Ibdp$>1=>9gCN%89`NkI>Qc`~*j@f+FII-K69etg&5~5SqSqs|}3}H*{q%L!0eGJ?N@yocElm9#K zVO8i27E|eJH(U5E=HfWfp<^=4m(R<4k{L5klnK=?{Ly$Q719MBPFwm9pl>`SZ!3>N z``2T~kc21u^0g1%ddRyKMk#3zVz28~Nlxh(0SNY}fCcki*cZSd;~ZylvcGtrQgS|y z4E?aNBY>6Piwm~U9hgcJn3Wq^!}uh;28Ik&XTHsCSt?{iXE$UxhdoF>+@6M_*wrmX zPjcq@aNU=_=>cw<3DGe{2YB)DJk4u43>Yd*Cpo z7rV}H1*HOt`7;=idxE{5!%SA?c7bFYb-$kK^-SzuL}J+pb9g0gYed#zkrkc-*!dm8%RY}UurSo7z-;gcBgXQ&N zpeOzzH2F@l5=n?wDGpN1bdrYHkIqWp4>im>>QYYVNTy9Qr33yGy%#2rd8-zjdd>)hU0 z^y!IT?R^m!2h>C;C`7MyunU&U`n#ZTL-*yxq~bq|$$bY{?@}9o$;}ZW;lWPUVT=H) z@av8DDSE!g1|v?nReI!)-1c>9ZHOh4QfS%&Y+(4F6*4x%0|=sd9~a(o5ZHMjYylkl zChL8ju2T5b)d*LhCb;Z$OW8}gSjvQaltdc{KSF-Awt4ZeKW{eottK|ayN7njMxKCSed zi=+~v;0TWWFa$}F@zz8s0CK5}o4&v`D&ah>+zua@J)TS^o%5WN%0t`LTeH zhZB2NHWeTjnug!SYjU$rlWsX#^GOa+By}(oWST}lYq@0xx@&u6G(sIkkmwvVhwFYl zYHkgO`~3ycHegsOJo6qKkPBg|WT(HYZ=WyRZphe{l&xu}dN!-~4v&%#BPp3EzG_GmW>7?y7uxJ@3oRz2`b>e(C9_ST+$k_<6oU8l=4r*Avr3&oI;;Vv?27 z>d{ies1NS`x1%*^#k?Vbvfzu1quV97<0bms_gSi%RkLU%RnZ?wymB8^cP^|eq{PPV zP%ZJ~`at;M0TeF2le_fX!RJRaCfZ65UeDmxpTgVFX70G5d+?LsV-!l~Y<~o7LL5#hr>P&hmk(+u~IeHw4`6yFjOJZ%z~j)yx4xcz?1Dao>9^?i$bYaEcXR(m@w z3cD;ImP(x>?7`Ey{Jf2XF6QBnu34#e=SP;DmM&{wX1(|c56KbvbjaRGx8EWzCGL-7 z8Cc^_ovwDOhFfB|FwEgEV2MgVNw@oI#PNYyA6a$!rKls2JdZ&k%gE!hzT65%tg8O? z3yvW_RBDmDfMAE4aA5I==P7l*A=nfd!Yc8%Si|mhOltdNj0^T8%|#8NGa%#egmJNx z*nd}0ty1es;!oGFS<5MZFb1)ewnh7Lx533-7C8X*&!3AY_^U9Emm2BsdIq=bV=mTV zupXXyVzh$;Lslr`-7DRd0&JU{21xCVhY}jj9)_5BBjGdl@8jj%v=1nby{-4Y1DwW; zybOY#MtX8*{Jat`&t?7XaTvrp1=@h*)Jw-Hh0 z6N1dI^_QPMCFI`sFL-wf_j%Nm^>d##HW<36;a#gBRB0WELGGwL<*4Y@Z2-%Um|2x! zhKc33`&J%O__1caC$qu{c0bMCcGd@mD?F`HS}LZq=C>+fFxnnx&Hep+xVD2GCG@42 zo&<|L*5||IEFaf4?p+g?M?i0<5)=WJT2Cq=1V2)A>AJ~VUeCk}@u5gpYx3g+A#@uy zl(tcz`fkSvOXm*<({^QL3MbtcwT^~DIRyI}mEETxnEQ7fCP`Qy#Jcf1yCTCApR#%R zf|^~+y_($Ib;zE`({rE~ZQ+wbwASJ(WalhPiSbP>*O8jq-hmCwdLJQD`` zP@`u}>0*i?1RJ+C6Xx;?ngtFQ;I-u5EHK@xK9>y*b_lvNkPcjU^b6;TVaJXUb$iOE=DDO z^>f+I`IHmzrE)%#lsbMk&(Hl~ZLYL00&9c$=>wY`O2z@x8+ zgK#;PoTC1UVxi6RGmdmx+F$4;ivx)yUZ!u(S~dV{fI*7qFGP$+fTpb<>k42HF!B2; zbp96CJh7A`PV@0*Q|*rr>U8*(a$|uP?nT2|pYpcAH?n%RRPvyEn8ms$nv?3k_(Ln} zjTp5UFG=3zWn{kI1e=@~;^dmRe@%}$A?g!_fu7I8Ga=n=9Iivhm@pd{x0hEQNf-b< z8mZfFxl=J8_|0pevC5az5+9CGZs6i)TtFBF9-ePT|C~57*5~Hj+|#bKk2=y@am9a! z7D9Kb#;WBzkUJW*%g7<+&4ijTKir+&4T50fhl;HG9+tIPZ#D1W8WPaG` z&Fm+e2}QW^*}B40jA_@yD;jKHR$xmrRa3l&}(Wyq1y91q^7*VN6`3vS#0>G2`FVS@Hi7PYkus#Q&sVX@H+AN_0=3N z@ijSpE-}I+QMV64fV|;}gOKs&Cx^S`3A_+B+wqQEnxxpLk7i?@jZBD7PK%b-qu(RM znXM(H@2AskCJJI{r3LJCAF_4XD|uY(8zwT+Xx`gqH&o%x#C1aC56kiWMioVYyiDcw zp9gyaYe#xtp2h^R=s&j3wR@y8>|e(C;qAGo>`+#?7;StK^gCIA-*wIuX|=;~Ikh2C zjs3L6XZFNNBGbb?VgDwb1G57Nr~lS2H&@G-?@cq@4&sLwu5Tte(c{s=E|;508kB*) z+mefd{}}T>nxq#Fz1+Q3{VZX^44!&uZk~FkfsnQ8Bcr~)BX2C9LnxLD7a?+lT8{%- z#sIt^Mvgqqop5zcLlYowq?`5S6dRgdK@Z)7Q}-br4bJ5EMfT6j{qWwxO26C*UVnu) zig2%`WPsp8|L~HHEP&d_3psEOHN5N*EYOC3G6zwiQl?j6Yp|L@idIecT3Xa!-RzG~sGl z6E1g3p@AJ`>x;M=QkLJ&%HS$Tg~!^PeM-Xa4qdf;FFPzmEXpB&!}vIZe{pqhfQF9<4VmnC7O3M((lDV!eI;rez$zD%@W-WW zPH1^(>HW<_9ih@^I4$!@YTBoTeg2pWrwa@F(!m&+Y!HG`aVYcrpdJXJuC&b#2sItd z{y|sNfZCs!+=GdO5IaS;?Bg(Os}F^=)dAsOQlEklhpDRN_rBn^>~ryHNzyXTKL?{<(V z{@x0N52AhTwRrGPzv#P-ah2WRUYfkfC%zA;UO#A}ajWv}=t$_V-?{u9p=sbXf&xq2 z@_XqWrxsrjT_mb_em*T`{PPz-%W#=Gwp#Yd_o?THd?d^;XrJS9V;sYE#M@5`U*0~+ zSUvRV7GN~Z>os}^bAh8flr+!wA+K*`J*w^SpfAS0vjB2#?T(>xQ16Y|eEg_zQx0uU z>aRB@czriGR2rto`482+&kZZVXKx}|YGy>pH(U}2q!>$lvRwIXNRue~0~X!DZk|nZ z`6hwVY&qFi75Tg44#rI^g*DXss*`&c?_j77p+DZvv`U`7d2mY=uEPp?jeHR4G!WHt zPg&hx`81p3=`aa0^XejC-S)1B%+z#uiJrH|tb$hXCC3SXjPQPi)U_U@cT|B=U)ysu z)_#qL9vYd~%Uivzl}V1g^RBHMtkU&k83{L71L3%!I(VvY`lT~|B%u?VV+b7=zG6ac zahgX)d0orx3lctD61A)2La%4`&cL{FsUVJKbSUws@HB#_{us`+5}s~vS05CYji|e+ zlZvluZ|Dg3hhZNns_COUXY}hu8qh83@UyLy5bxxH|FQdCQmyLLEm01 zaK)H+aDu9Ca9s`Th+?oAz81c7Q_APBeRD$2vL?Q1GNX%n1W_{30{i67WZF!qSq}{A zdcIqg8LZE;P;#yQ{ZKFqIUJJ`_A>nHNS{^t1+*Wb33KqBdHa(4GOI8%zd`7QQkc*A z`Xx^5*=NuQ_S5%czs*N#v%L2F+vACE0VVLkC2vG>#J*tz2NP<7}!kUt(x8J6~@dXOg_GJmIPZ%G+yS^Z;8< zVJ&`-drh@{DXp|n(;eiw(Xg`DbzLn=Z7dpkaZg`TwA*{FLGhYFczu>~+B8RQm(r1` zE|wE$ALnTMT^4IX4(M3y(Q=tu3UaQ%BZ}4ZMO6%%h+ZahGpo_BoO=M_|L{d| zgT@w`MMA@bjA_~gsAu~#CgWf#zkC@S~TAw)z4)|srI1_+RM-D9-IC( zfEW1+T%|!|w>lS}eaJO8>+^*+Nu)`tb_~Fo>sWjuArDZyd{eg>M5BHgbwc@@BMY@p zU$C#!cYgiR0NQH_(ikK?vfb9J3X_L7A19Yzq=pExdH^k-GQ@KNrfJQKcl#aA&_fh2 zho-xA;wSuezML3ppLo-^&tFm?%<;KN>Kh7AEdzMczQcC+_EN1+UEJ$IsF2C)&Fs6x z?=(CP&#*XxA#gqZBEOXZ;{`AiFT%eh`c+9oF792q*+0>7ZAiXmgloH(;M8>M1+>() z81MC)Rs5rWEzXOI0oqbMH2L-%D?~5lLy^gwPGahzIkeUz5Ah~tr17;JCo~!G_6w%MRdv6A%}@BqrL~FK z5I&UZmp+OSLqHu1J|NG(Y*GQ|2Ri0x!&f>t^Dx8%s8XU|(AL(qk|d%KbQvbCds%!)z&8!G#K?)hpGmizFEuH+)VA#q7sA%HJe#ZIU3xV0*gXFzGnDj zM)%u++oQg-_PvtzYmZ>m3NAd%C2%+${%7#M*lJ-OQru36FhU%syZYj5aQR%ezhNr* zzz!O<%7bvfe`sa_E8&I()NRL$2~^4&ZLo!JDq|mc!TT~2un^uV+sQAdXE3N@;JRVH z{g~}z8&n@DR|mj9hkbg{Wlf~Sd|m)xG8v%3oM~JVlp;Q;EWNtFW@1qAhWI?)u0bQUAwl9{$%$#HyeGdzYHlZ&TlZA*>JUxE!XlyKin1#JWL;Se5xt3mQ1 zAKU~keU-1cYwJTw0pL#U0KLLa$n!t-76P|Jw4NoB$JSGz0NZPqta0g(LE#P^@x_na zV~54(L&swMOE~$#- zR+QCS2)2SVBnL#1lHf7h48MP!oHvu`r=whJ3{?W3-$C}uZJtUwUJ9+i3Dl z+V-F;d2Tn)Xu_p?UdH=3(Mt{t47Q5)5t;+YBrK)N>+AEW$=p&i5AhDhl4l_r5ykyAHH2vrZMEe|+ z@`ynp$EFOWS9b9zH1X&7AenCJPc{t~a+Ubl7QtqQzocbq^7EnKrD;1K#3zIr|hPclr1Z2zT-YIH&bx;mR*o)n|Xw|`&qZ}>sb@6$m?j^*O%mM6W{E(P}T>- zPwby?i<+B+gx_QVZ@tg=raI)~6uu5#(&=xlU;O%~h`zNfIe^zTNJzoGr=?%;*p1Oe zexHV|KzQh;(=X4lASQCBAe@J`$=*y ziS9o774xdG4dUJR=OH}?n##-WrZq~%Rnell-)5do^Umzo?f3yb=CDLHWMn@Dm$X+( z$d=J_fB66&3E~RGm!Ze_C{UKshzc5^fLcdL(kiL<2DN_^hh)y=ne;2+xXsFKQAoyG zd_q3!(z5T}E2&tDQY%ZWZnD5okRJiyY)DnMkB;skeelQU6_G{G-agE(^)HL%9unw8 z?H;3+wupeyaizAyyyu^4)*`Lvpai;h zs0JY)*ldmms@7+YpvHr0r3TzvZ!cV-6b{7bJC3Y#-qCH&j-7x%m9^GH+^HcZ1;v3} z&DXE9KqGqq=yd)DACA<4iQLEc`@7>P<@mk6$4mS+8?e0lzzGo}%5{0}#MOfxH|>pN z3++Vv(>>hOR$_;dy!Y=j!YT(%@%WzmI-`}J^iPh=mZn$tt}^9n)&kQG;W9pm%Oymi zUU0}{F|btf{pau~x=+3D_ALNw_yPVycYS)6IrZYZps7Yl0fJJaoTWd}Qz3{d-zWaK zvmrBYsGHJagcvRcAlk~;m9vtR`bxk2MwB&fjo8Dl_=*;RI1QA61lZ^TCUwbpWh?8% zh0C<=JJt{!`o0g*1zaPk#ug!yI%GtvGkw1DkNrACJq&71P#o&0a^C8BAeA++UHw!B z4$oK+e3;3lBli2rfhwd(i&A+XV&8a)-^qAdTYqUFjdG>nR|m9pH<@eSg8@YQ*d6}{YnzC^rV_@|eSJCV!0aK< z0xmvT8C>h^Yf+cvUOK>NOhY_8@(<(#sNa@rc$KbV1dK4R@T^gwzBy>oo{9jlb0y2O zs=tzQtd9wraLnskGu&@}G6a}b+sV{C+jtyZ^cr$1g)ZSMRjI#@Z)rCKFJX=0;oAyB z+m<(;f7b08>Y-zF0QuYO7=}G)<}o z)dpYPtH0R~x?M(Ey=fl)x!{8O^Yd{k+|)^e246*oe}YBRyDEYhHO+jIA*0}2VJ?$s zYn(@cPge5laVQScz#dRQsm-PCdC&V{!4*Hj0oMxKO^RRMp#0)DwO7AyX7$Qc4#gW} zJb%XTkyw{PBf& zB&hs5B=MNaeN;?5oi`)^mK~Hyz$$?LHXea6iZg z<piUGfT}yzrqA|`o4#QMyvMBUR7Dwb2`{;1 zJCN$Q-(j;>goJ9~1XrEZ1s@&M<8p6-=+;^C_B$89r^m8V>rnQ(4o(YIOM5hk#=YgA z`cf(z03Y}B71GKUFniaQSDl-`0xDK2@aFoQAb%-8+X9xom0>u)jP>Ube8L7$LKS?u5EH^y`r zKH)$>R0$MrE`Mc;KJeQBu^fO!o!^#)11*+o;Utgx_BsMt7j4+R5U)#9T71 zwkVMMH_~t2zUlz5tM{gdCPynuF=H$_;8u9g1y z0;cv?ATVA-^yA>IwJ9*dRzUoJ@ih>P~4)J^qE@gPJWv{kx(!Sij;zJ;)%x5?5l3zR|$sp#<)8dD{ zLfTcYirK?aDqR_Rz+Y{0JN?e!C9~IGzUON)5jeAu7_0l1D)#hvi!Z}Iat{orw0v4! z5(TGxxq`5Nu&c-Gm0J4+`?B|P57uaRpTp2k{q(R74chEy(81gmG40~)PJ@1jm$viO?o)0k-@PY$U{K2hga_qFl;E7%`>9ybofIc=T1sa-w;+&XdM z>+t@iNw%xX%NKRIe8{%GKL>_1u%3$d3+k)~nFRA@VnK5I;JKFZ3trBmb1O+y``)DE z$bpZ1GR#Z2k^m1=ylCA0hdIrT>eR*jT(gSRj|I%#mpY#*WrbpM6TYyYML}LkhmqQ2_UyU2uLDzaukbwl_~g_Bt1Up-*)pog-(*bcv;U zrJ#ye(oH%#l>i49Jee>2lzr(__U_lONbaHG^myR^!EYgH`gUDIujOAK`}Xwjv;l#a z4gOO8U_g9UBA!8iM0^Zr1#`UGF+W>A`mNkq^VltFZnh;7mn%FKftmX=d>8w+pI|Cs z;GDldj>Ay{ zuEp0YNJR5%qwJJFxid>=*EX&0AVqzDejORsmR1c&Y$nElND$#@-=DmBd=Ws$)ED7J zY`#lfSAcAl*h&`?-odz*7~X=8c&(^&U#LkuaO9VvHr+$BvIHE5?RN@&7htos3o~cl(2adGIz(l0=x63eQlA+li=vh$ z%V~BW@W9(Yfj%@UTz=HKg*jtIOj(oRW$H^XKTp9E;9E|Bd}%2AGASJVy8tf|$o%3r zH%Tr>!=--eaQSf;w*NtYA-zY|B0cFnlym-SXLpp2yF9OY#kJ+}?6Xlr)=*ryb#LqN zj*{Q>hB@$_KT)=j{3+r3lu5OeAqUU)>Cd>6SD)sn3C zOc4KQ6g5wk&GzINTh7r*o|4=VuEPLq^+!Z;XXJeBMuHPT@p;{=x}WNS8Icb0;;pU(N4NQbT%w#gtVr zwsuDmmVEe*+_YrFzT{KhL<+DFB`v@TS|lUc)w+HzS7twJN_9yOmr)K{>qTDD(1K~G zbs(ix-Ji|%yBEcC^tcl4F|e4X3Z4>4Z-b84f*tY+RR885N$vf6MH+j)xIv2$2{gos z#`JbT(f(YW{SMSEqY1%EPl|TX_w!TJuR`R9=Gv#{-GNPHzYdw^ux-@>$Gnv>)x(^q z+3pU@+O;7ie?^@ej5o{Qa7M=ONFg&`ZVJcQKl7QOaDThdSS~~fNINhB_cOFbxKCDN z5mTwm6~BEdgv`&?l-IE4&yS;v4&}ZaVS%}~6tb;xBvX4n7?d%6-w9O&+WD)$ZhZ=P zu)2FpDp$zxe&~en)H0%m4_wQ>s5*Bw=Y7g6zSbc){A%@MXXzw<(00(UH_NXu`9s!! z;NTg-da{f+WGyV}!+XrVlk)c6uYIf9=hO?HL+*ogELw|1SK?i5r`u>xk3F!pVDeb< zg(l9RPs(*;szCGVZoI8S#jHfRFS(!lF!?(^(yOf3bkwc}XBd+|>6gKKH~e`h9^N|+ zO@bq-z3C!SyrBAAt)wLML+{>J<_11rhlbHb1{4mDZx_F07W5_XcrlJbdFp7x$2v6Mg`L>Q`FI2M(&B8T> zRyF%=arHz&IE=(=L9IVJq-M(kec1S?^|0OF322>-1y>`OVLvaWHUA=rh)B(zyx`vl zQ$T*KMPqAX9rj7jM&K-@ObY|<^s{o_{`Vn#Qa*P(Ph?7gVBd*xeO%@vnCF9`KFD{S zjfV-UpO@ZNYX@>F=ZzJzDP@igITCK)G1B)n$4hjdS?M!<==7~hP*F(s0E`Ox*4-~q zFI+q4h#DdV@{GfN5RIQC3m_+QQ?8VwEh@cV(~^K6z<4c-=aw9+a-XVF^RylXS)eSI zK;;exk#E(vO74#(O3vJrXrC|XoF%4P{oCCnV8zzYr@2p|KCV5|j_JaEHFK$nZ5<7M z2Px&k%^7cB6d{Dr_}L+t)#7YgprY z)M<0e>$ES_vZJC(k`Wp7${|hm`DABP!1ac%1B4C488kwe1wtkvUSA)hW=tqaDAD;8 z&gk9dg*pA+R~cT8=4l|_%kkL#r3m5cqd1+UAm{wzTE9NfAyu}&nAb564Yd}eCvB8E zI?n_X3Fg6%J*4M<+b@aAuk&Wi!;MLE4x6fcw5Z?A^z1j}y- zHVhSi8v+}As&gwX=O(^Ei@8U-OK7F>3+A5*(Li+UFL}msF+LGObu#8cuP;TX_6qn# zULG9>0{TUY8eY=x_`3TN@1LgomQQ=Prt?nb>(K(9^8u@Yt|9lX+QSFx4HC{KhWS<; z`o~cvq~IPLL105JN(dTpzAyP?gxHxg=G?sE8jEVDtGd7MJh67w-Z=} z%+LbD_3%~jbWnvwvTvK)VX>)_DfU|jF6x(~d+Ya1V9P;yzr*z9uDQ98=l7qOu5LEIH$=jcZ9O_WGU)}4 z<4mt4I0oC|w{8XNvvGIlwa?{Xg1NyqC4>>I=Oza+Bfj!``;y_1#|~mRf1KqR(!aP2 z{cVjSM&qEqec!l}U{il+UbW$@`@KqUR|r1*veS<`LLpA!3P0nY@EdhOw89)$vm%42 z=*h;nq9JUgAs+fT4vEB5_R~z(Uq)MAdVN|y7ci-C)TtuQ0|QUWSJQ7aZP2=vufGGU zk^|_{kTTNu&<$jH%o6~DhTA^r5Rj=8B3-#U9OwZbCPR>$FmEs8Epz;PDHIqs%EMLR zPVnX%E`xhmg8Iwpz;Fb~(Vn)qn$ket57XzT#{uMlxodpSc-wdBcBAk4TaiDY`n+Zn zIqaJKvcrivE(XjHDgy>muy^s*ZX>2b5Be7yA=$_c?s=u?0w;622#HM4Ogj=~i4lXWg;P-bA+fpvRV`{{s~5Lt zjOFWtbX|l`&wXDOD|&^h5X|4inO1)(^6@|4^Z0QvA+8@i_O)ajQEkG{P%iX?K&P+t zDgy%m{gz`S|J+~tBp;6d*!xZGM?0GDjSG~gHQ6(u>+LJM+AN3nQ9+s3yysminciF;+#;BFx`DaI$G$eo6C&T`SZm>yyD@^j32!2TI8D!6dSW^jaU+zH8rsZatC0t-W;cWf0-5E`meB6 z)aX*}w$DVANyI3}HsCiuhJX4kL6_(L&OOZUs9WtKczH}ejr}g%0Q44==iM`2DZ`D3 zgSs(5BfI=1lyDAmlc7ce#MrZ@eFJk0MgQu29tvUwbH{dpW@A0};!C86AC|?qw!HC)Z1XK78Ko=XYiOFEZC}o+d;9*o3zosB_;-6!bRBp_;Ld z14?w?-u8*zL(jV#*$%M%^z$)K{h__t>|cSid(iK9WM@j6-jIR8gx+|UN8_nOhwBlU zguYHdvZ@m}zRf<+g(cE-BsYytf!?Kf0ya_jb} zZm{Pgx#*?{Y*q+!eb>lZIEkqlv+)(U@w=tV?+Flv4a~XVp5x7;OW%xZEUiapGv~-jI8ccM1 z4Jw3ff&tWP>n#MwuX5f~q(B;}yji=zgRWmiy!EpZ64UEM8fUnlwdf|m6m?i3)^D_j z8n;F)xY1Rvb9|jw{(WNU;lhk>SX~v#`L6JFJ071fkpzcf6h#AzBH^AvPi`{Io}t^b z$!$r^3jsX$K?u+4xMm-=I=88pTUS_gl$}3)m;&DMdmduX>TiNKw35YLow>HHFA*$u zv+nxt&B*t)91x`D%+B_PcF$x*T5DACGtD9Ycoov$f%vK~)*{x-Gp~Cd&7~~ z5UlrwP0ivdh1)B|2oq)3B`(hA?I2e?IDZ7ISzd($>(TUsz7^0Y$5EpBSiWfuA~kXA zOQ6GaaL=K1!|bOxZPmU7Kc(pNuroE(mxV2V0)R{dvK%pSg9<;6*O)>_pCkF_U;n%( zJ~ZrE{gXiq@@Lp91ak(SaCQbCV57fdGYJbq|0tug3lyI7JqTB{(u((brAp&}TF7po zrMen(x+Rw^`3a`?W8ZOdpVmmDLQ>Xb?!EWZD$bB; zy}sJ3h#cwthQ^Yrwg&K&6vNPbJ19!6-^;c-ecPwGhRWN&VpoxUp|H(Vv6P;Ia^!2G zgl$rlXy1_}%?TdHk9@*ineXA_hYjKPBje77(m;ren?R8k|Di3LzL1L=fkHz^`D{IXEX)1hP!Q$<{FgxYMJxJgdRKK z2-BdX(MiY3Cu&^y6gJr3d@W6Aen}WEEXi2@VX`y76MVe+?F%JUm+^APKcs$Ri~8bs zQy;(rkj+>K$i;IF3)OR63B^R@agHL`;b*xf$ zmFx5Jwudb!;R6huW*I^`7=PnM!WEaCFoCFZEbTJWwPv5l<5!>{6!(I#VSGmqgX=z3 z(LST?Dea-b<$DK2SMLeZa~u`T1OCpZlvLjUQea96LX2DC6lSG%P*6(w^M?pg3_klN zUW;8tzU6QG%I<^S*36?MrTWM`a>Bj57ej)@=$Q?u;N4fDp*VBn$)9WKZWA~kpKmj9 zq*+F7aFi8_pw7R?yT09TrBQn!mzvWw-TM1uJ*(Pq|MjOMdhw;nA>$Qk)00wwsP}CB zbH2^r>_!6I(47dVmBd5;%(7Gay<1R)jWIaIFP9Ca8uBuCm2Y-f{VDa21V+8A{3Gei zwiIQyApA5lE;-VKW8*|raGgm|o@TC`HAH%?_j-ifJavBM#Q-QX)gFB5 z67CbH#GQ}!j@zq2NQ%Ah+_G44q88iEq=>|)nQaUZNoc~hVpP=6po=fWF@gmGY+XNw z>r!Wg@=-xnzjgAYSY`W@RDV}HZI9$w~xZPpsGN|@hUW}sl-c-Os=yf0v~HQM{I^=QF8gV7hF^UF(r zmA%BQ9y~8En5Rn5sV$#0f5;sOINK(8%RzTc=Z(#FE0ndrfc5NW@;z#y>}SL$`Qbe0 z@*tb{>&e{4tz&-;T8XV3Di3I^4^OgAk4Z!orqHWSFLE%#AI8#0P%fYoRF7DflH2!> z5ZZ_tD19O#z~Vr#BV63*X9KNMA6-!GE+)+fHxn*@3emNyK3XFiKGaptsQVNa zwX0m;^OMHWAobX!`*_t(#%Cu+55Lpx8U9^WNzAx!totY;R&LZU6Bix^lo04Py%o&Z z&R(~ausZ2k6&$pHUMcgg{+9Xrap5`VFSbNPSD<3R%rm?2omOtBOgw%l&((cYo}zx8 zFPi8)64KL8v1`ka`oO=9(!PI9u4z_SIclbQ6n%_V`0E{6h_?EGwJ~`ic8GT zUEx#Y^i`vMj%V&V{pXcs>k}^?i5$E{ygafe320B`bEzE>w$JU0o&Xta(qpuabBM_J zCR=fx;WQ1R(H*vZ-8EMILAw&oLTf8_aD(%T-VxrEUdD0;{xJm@GHZK7Qn9pBqJFv4 zh=ElogH3zu0EV$neDC5Sw-qmz04nvX3#Z)s8Na^b+AhcB_ia*7G7l=8ShSR2LG`rv z`{!)G6uv0W0D9px?mV0#`}ogAt_|9P9;JI<#})rPa*)J;6LmI#J>+y{;pXN?tiKT6 zPUKUM*eksh51RX&%5vOV^Moyu0Z6QSKU}8nN}q89@#ss}?&~5HLc|aU>2Zy)^3!Fn zy0_1~I}|eU2LP*RsVB-K;0kwO9KY`Y=jK)9hwoeEaNobz_H$eG*nb@wA6xYg{v|we z)=wy?w{XCZc6NRWNtxhH4%m-PCi;E@B?SS281+$k$p{ZnXB6e77h!oJ!z*;qeRa4# zh-7-Rf;6Dq(bv7ASCh&V)D*n4^W7=tPdeq{UO9=D1~-ivz83IK07XK7{^#!hpql#; z;eQPm#1i6#ZaI_o@WV3zRzr8VUnX7wi|ur#&+jsLct&!ZT1$-i3bG{U>j1NOwdhbb z^im$z!5}Uh?jIyHSSc`|(resKZOqrivt$?( znJt2P;VVU9e+P~~CkI}P7_7l%pFFGsuni7bNTmIJrC*%9JnN(WZP2SfN9XSa^4hO% zUvE7dhe3r3SEr?wc#~p?qO$d3Zfep1VB$WMT+e|_^f!kuK(ctfPk4zAi{piY3F5Nu z=ndwMdvM&gch`DPR)?3w@n8V9gqZn^W~EPBxLFrPmgkAw{#M@a z@4UprG}15Pv=(;yK633K_o%8yf&tG!g)%th2VpYCZl&MoQs`r*y!J4p*M9e=O6D2& zHMxfGc41y9mtmDt5zp09`6gt#qvv|%q?C1Mq z@!H-$tZ_4w-|EZ9A>?!(zBNKVPbYE`Q-2?7tSq27UA!91lP;qhZ)r%d3SUejRm0_e z(xz-*N0P<)vsci}e%MsLH`hqU#Hgm_;)Vg1K{E@HWm4IxJf|wI~Bjv}1kRmi)Bw$`R;A&qfu*tMU`R~gw zJ?2#(3SiQB^Z8-a2zn(p1#Rh4|2W!ORr-f{|3u~qH-luck~<=^ll068U7XfoAL(lA zGZWn8uf&-2r~J0w?{zalZtC)r65wp47rMjJ&$;-ep!38&k$sSo^9g*BU6Q%=b1-C& zHf(V`$@$2-{B;&3}lj##T~P>$()H8?S4z|NbTB31pL{ClC?YK^V`fMu{C|gpmX?C zY=)2fgumQ*S|CTazo>Mp&tz7h!#NDnwH>8V&-gtZ z$bAfBTnWorh-{5m^}$))SMj2~VxN!65=T1tY|kL**qSnK`HB-G>;^ae<=-3wN#S$< zRkk3;Y4)gvO=DhqlxcWCkB_HVsz5hb*WW1h`y2~A^lQWY3SID7>Xk_2`V%_NhQ{0+ zG?2>E18>qF#fZIagyBIb4L`{Kt(FZoL`XsRm;P}51@YHDui1dLr48I+3D0{ z3+rwJny5HhJ8DMPB(#@Ld?=nz^Y&De$-NmZ#$=r$uj4%ddyBOX8FFchJ8{PLb&0VL z2z;w1G|%*CKp>bmfL;Cr z%l3+7obp98+6Pok_3;os*XHrEUfSuFF8BI3+q+~+w@l<<=B|DpsFc+eF3g0f$DLGE z*s2@sE@-k~4sc;)A)?|!Kq)%AJO&Q=e%I4C{R4##L^tPS%1IqP%D#$?E-vV*3>w2i z4sax{hJJKJxGH5`Kx+nUyNRLSiT2)S@b|LnXjCVo&g~sn96bqfS~GunY;`Zdfb`x! zO!m}6FN!cUVSx&3+Zp}R!|Ov}HfSUW8v99kQx~ZJjyX<=dB0qHi>WFTg-2Xp#HvR~XiGM ziL%&n#US~K@F;G+wa!d#Na^{wpC((dR}PaV{*%KVO;yD2CRn~Bua07bB`sd3zZ7?> z@Z0u)cpdhd?et{@hSMAFCzCEWZO(M$483?g0?){15oX)hHCv8j2WQ0%NQi!_*ECrq z&E)x+4XqU1W5yXgx6JG^PcieLS&mP#6lSE$j^QpyDS}LDa(Ks;n`exDUrS^jcYYj+ zLlObASvY&fQaBV=HD`liJnF`I%7Xi@45cWeuhKnFk;-8ki)3>+=-C2(wX{#r{7khp z5c%r1HOE>{s(CO@Oc-G!K2_KBDCn&h9msPyl^^H@?cu`gm#H+WX|V`>sRt1ZQk~{Vj$9WlHfyt$Qe+6kA2C3ePD6_y zIc4RIxP*0k>$o$*X^i5AL;`H7ct@D)y9)#tM@0X{(Ryj$ui<5&)$*2qdw+O^yX#NH zG`h&0>4tp}P7sZxiXUrMj@y|44cd{Y6V_bv_nhDTWTmthW(WECBPqrPjCgwdjS}Wf zp_%Y``s|K9J!pOgdA+>d6L~2q`*kg){fPk?<9Y|K`dO^b{`+1Yf)K@5^(m6^YiV6x z14bHgA=H(ZG`zp~!`9-B#3e(|oq%@&39~Yv6IpE9OMU(7n=qP-{YApSp^K8EC7h|J z^7q5>>vykp;v=Asu~#^jqTQ`Pcy?!}9%97thH)N~CDa1~!aBY6{?@XX%-MWjrgX;M z8BhysqZcr!j}M!gCT?Gn;tx5fsVB5dQ7Q%#&zdmn0y~WIW_nf~mZ8Kk2K(5jLjBij z#@T+C26N)3JHRNAok!-2#`b8zQpK&kYiDI!{aJ2jW*g7(dlfFX{JHEi+rZtkLQUQz zJWKvm1u4Ss^o2agIQ8!gNgHMKqg?w?z&^-ee>{bc*Pl%+d#c_4$_EZb2aJOU?W1f`8M)z(`;x@XNt5aglb>6-irjC#bPQ)ep2}9b zA7S3J+6DXV*xiCFA$a-R1<8skl8N0@oP*RQDJ6yDbDAfku5k}=eN;9-Oq3HTr}k+-d*M`ZB)ER15z zIonf)Ror$mxq?8Cjlo2b|2iw6fko-!qc2b)pNl|PD^5YdbM}P++rA&|TR{u=qB6%v zbY+ojl6Vd~ay*m5O{}BF)3tkZYwp+^T}1x&oGGBJ*vCDl_p;-;;0^mtsa!I+N&7E~ zzx#Ov04v}u{%ITMG%wEeY1+e>E3>Jhz0?)5ng|2Oe;_Bia?Z^qcw_j{<+%g4-d@fh zY^i0n#vqAzMF9hhu1pb(O32Q4sp!Q=l6svdo5Dx@5#ZQ2SOU*|ackH3!ovQ|Hwlrc zzJT95tzxdl!>zv(cICo~0Cw3}D6ZTr=coTB#3&?mw3H0Cb2FTAw&bA9msJo5paqX2Y3xb zzNfWiy&^=NKqgcE-Op%(4dp9YW5s)SHM!2nVYZPFp?7Fg2qZr=+8LJBaVdR}#KtsC z;{n#5Rf<9two63!HJ4NT@*S0UsLp#0$4!ZMb;riVGe}(2@jyZ`b#mFjNmg>@{v7Te zb1*${8ITeuFZr)aBxrH#1Yxs^VS7yS{9}S0c)TzdsH-{rAIslou9#*sYL)Em@-1{_(Gy~Ds}|<8KfTU5V%xo^c&6vc zyS~IukfrNgLMk!N!X?tw+JPQ=-18~9aZOiNfyeXr&~7>8GF>hAV;b70PQUKWPkIj~DhP3W@fd4;*zn_`{<)5RD-5GEM5Fb2MofvlF;2ZU#fj&#%(W# zsKJjA*;e|WtzErsni?9hmKZgvYrNbY{{R4%Oh`Y9WmC`C(L$pxkxCZqT zA31cOLa*29c4+sTWM#g!Q=RuS6A%s=d7gm^guW(8H#Ln(H&QpA4$jOqUJ=WWm~n$9 z#1?*`@{bD%t=>YJ+Q$I!4NbDwFaKTZlQ?5Uppx!G`fXwjC6cFQn~JFX;dQQizqXx9 z7|pNA8Y=HgbmU!&*ROC`i;o{N!Jut<`zIe8^Q0+TM-W*@dZDC`;xR4N*!39>{<8Qc zS#ez)-nZ`@Tu7ECYIl1&Pe+`vK2kO|v4;mrRDDE4hV!I#@>k7yr~clU zlSrU+I7viIEV6Kq;*x*xsyJMM(=vKg8&?&7@9wNKTAnz3^yp&Gj&A|H9aZVx4u&rB z!0CuHe{As~C=T%>N%}SA-x3U!ukL0&edg;#v0z&Ed&MXvli&T5WnDfrMF#6vhaP#h z;^vg?v)gtM5YfdBR>^I4UJv82v^MkhHXTbB)Q?}(Y)YMv7%!)Quz5y(^)6m{{hKZ z?q&TRu`J)k7604CSJYmW_?1xw?U`}zq_Ak z<;_@hd7!cJqibZ_{PuVxecXE*)x&@}7L}X)rn<*5M1q3ADitIZ4GALk#R6I3wMSfe z;)#7sp9ZT&;I&R^odTR8Xq265?}2}BhntT1hr^<9&(l?|e80RON`E-{D9prYBJaGb zP66(Uwt;w<$xeE$AXno^C@hj;Yhv9oyZUkn93^^c`_sO6#kMTi$y<0H0sx$@g8VDb z$2_b^fyfNmhklGUs7EPP%epWDzgH*qfu}1#68~UxI)#MrRS%i+u!@xE^fJ=NRZmTW5g>PE7jfBJa&k*qN2HO_#p+lg0P zMZcXK94af!&b#UpJbZiq$kho(5k>!bZdv*@TNxc7=;fdoCW7G0_a9@gzc}u>dG$Wp zDD-mt#_k5}SdCSHymdk;%*mJVfBr2RuhU-Vio?`Ir~P)29v-M=aiEq0(JfE$0VXB! zLT2syQX`ZouNr&4V=_SY0xQIz-l93X0#gBqx%EFV3D7PP*K>WhBa$ z3q-Zn1NLj#RK?ye!Wl3W&Nt;u6RL(e3cMN6^8MTArr75Q7nbcNws2_@y2U$G(C=Iy zMB_e)g^%s^$N4*5lq)`!O@#K2-5~Xbn$Ws#%Ra2eN`d-Y{`^I5CE?e&T!fdp`Di_i zzr<`T@?`k$FZRm<@^J%MYyYkF#+j@?Rpn&~%2|BV;+He8DgCEl{G$F$XAU0VZzHYF z{rfDp-%)TL-;P#qzLN!#;8QOg$h2XrD_n=k#sC2gP1l3l^0Tm-&dXZy$yisOcC9*h zGi?py`K{z{`;;hbWy(7H^L&+Mz@x{35O>P$zv7^%w=^I3a0F=;UPotjC;M+}YOJr# z^;S>1(F)YZdwlk1MOCRdqp?75R)A7I#vh_uxN2hdaoz|@wZqGSBW0l6@aFLnmSQF_ zp^xQ~9%0N8X0Dm;+9o2~;UC1@znUk5N(?8M{aqK@d0 zZ^j(gciwKV?`Y?up;FNwPy{bSN%&2D|K3iY-{H=#aROM+1rOn&o4bZz**OblE0u#PI#Z*aY8OA`C>*rJrL>^s;F(Sb6k)@$y_k zIX4!_6g<9lS~F{l@C`yd&&uXsp!2JOfE70dYb-GE>O9xu3L5yoEr(YiYysh= z2e*Z_6dUly&3Q!gSXz#8be~pqx9P6k_WJ>`^K@i*rPEx_GHXWMbG3gIo&qpgoB0{t zGJ4$$b1o6Cuhz!uzbvJm`V*o}AAKmJ*ZanX)C$VQ=Tn%Omau(p1hVp)-zS$w765uN z@0VZv0N5O`>chcqA$dSd`OyYLq+C9y#MxI4lg2^tRZ@RJ7%RsL4S(#N>*uy#g=r&I zzw#IS^uS^#gZ`|G20c1MxVr#qzhAa3P=FBLC;aFh84%Z(k$@yZY0)CKQa(bE9(qfwXk1e7B=(8l{tC{*!GTk6AILLV4)C)ETA1DImn&-GawB0 z<>D)Rr9~ngumrJ+Y`BWO-t)DZ@d<7puI(NXKu@bVboz8A7zRggOq{-Ks!MMX^HhNI z)VnTIV#ANGjVV_lA2hJ`f8Oxk?{Pjw`�hx2M+Cx{&@LyI3_Evwo+#nsCMv@j)5R z14^y&V7!=MQv)Wm4Zh>Lm#g^pijK5i$F4+Hb(|G8*~)pJ_>JYKzvJnh=r6!jkpIG9 z?P5`+Ac}YW$6wQGFCKCuT!oD1&R`e2G=R;K;*rCe~@ZmE2IN-Cq`FByF=ekXv!8%a>yE zUw{@80yK?}lJ3Qeq>vk({LTCL@8p49Ymz_8P=LnlJDy`yExLIN0m}ZF5V^{JPtaL* zWnaMXT!z)m0nRu=oSUtUdo|!+Old|9OUip=X9yaC51C@8x)`LKYo4#6PB+6+7n)z) zD<3B(f1s4NDK|B3AFC1yt5*H=%G%vH^PsO;dq?JtM^95dVy4Qv{h88tDE;}BBNBvI zs(mS4GQms5x_X52IMr%C+!DcAn};V&C#D{9cV(6Xn%X3pb9^;;)(hQ++mr2@&yg&# zYf*j>H0yy1q<&egGZ1g@vBk;$%Ffs_^_bt24ubW zD*$jY_NtYAg?Y0TTs!_ca$P{4TB4o`kgPH*knER*%}--bJ_7@7+0V0q;rLJlkE=XU zJ?)K`-~OPu$$RrlF%o54$Y1z2>=#`#pvizF1|3=P5Frk_E+5Xw9^2Oeoe4i=EjCDa z(}&R-inx834~UTX-erHgEFwvBku?W`;XGgK&wH3`Y{{7i=Ly^`%i&1ce)?zA@(!?b z`4)%bGQ45dxB!f_;VzI5f1|i8K40$veu!E_BXSV}+Nd$AXwcsip%GX#%}Qo?>=fV- zkUEZ^8#jsz)JA4~oa0~O$eI6{aEN%lfdlO^^FE7vfAHE`a%7x!V<4A0+(Ov|%bq9CC;rx(V;X zE$oeCm_Yx|^);|aOS*!ZXWnOga8Ont*O*kv*4@{!1S#GJk~(qU(d|XY-3CXjcx#Eo z;qzBQp(rkpvygdTS~yRHegX~SK4WqEg=guO#Mzs_K6L5}N7~V?Vxd+;ko)&pSEbJu z3lDFPpe!)h5L4z+AUw_DVI}1T@Zp^4TiJ!*y@72gB>j){&R!z$T9K6@nm0vvqqv zu`LA1WWd#n)eaI_we_xEr+rmQqy)FxdR9WXSnS+KGw z%Hu*QLDg1Mr~y*aH%B|N;4lxdm;sjsmD3AEGSHw572yl#%!A$SsWhW+oKKkTV*0JcX~Hq&k0ea40eEQd!GqywH;a~}&qetx}B zm(rd1 zVCs&`K%lf6ZfX680JRk!d>m=rN85|)11^T{s`m8g`NK@S#2a1XstZtam=?2SRUmpB?WZiIG88*KK`3HCCAT zF7$atT_$&x8nAUpoY6RbRr;6Qxjj=)xA9TQGM&CHv0tE2)Lo6C{Qd%}Iy~GjKR2$$ zJ1>rs{Zi+Td+<*gk&7JCOH6=f2V;>0`f2Wp1w^AjwfnBpqSl2U(zKpO@1&A+ak8o( zH09&a(zpo@X!uUa$epvtbjgJ9tKObtc@7L_#X)Q*&odU}f=d&ZzU4EISUx!n^Q@2) zmfau5Gk=ViQv1D?eb*1AlNL_^p4%{`dtT=xb=QAVzVxc|wf=sld-S*`YWkr4%eB0? z19Kd?#{Ra_zBseI6zQ;g4dm=?DA}y(e2})DEA!*jxW_o}0Q3Os!32k0-CHdP-nf(c z(er+JR9ShJfii);EVti_J;KwPj;QcHnX^^s;qU`4=i1=I4G@7Vg)UBI9cT;=E7doou@I!_u$;6RST}$8b5Q(W_R2l7#a~ z{irwZ5WEFWzbBT%Z35MrWRqB1Wh6YwAs6UW92Mvo+KYj}`s_|(<5uPtY{<#|N`~j! zhX}O1UF2}z*U+B^y+p$Kn{hd9A-d;rPE^DSzn;J^O`jY^dydO5PxS2yWsQ?O3pqvr zB67?>QF9eO#QLTtGpiStI)FUnsGc316(xiuoMP1X^hjL_)u@~#hUlG>Ti>>)IX!w$ zIygUG-WxSFnt;hZIR-3Ke}e~Y8oK^dn;VbZYUPG8MTdCgUOJ5bYI0lh_Cf0c$MeLr zGDw)ygY0-A`k_M6zd#^~qM3HufWKmdlzZbbd;2g!F zpC4%!10^rp{j8MFT4ugo`90LHrhbDIHE;a91X>RQbWqPjX^h_jvEoNCANC~)Sv<(% z{<~C{&Jh1*(wSWyYki0CMTNff+~~+DQNYO$n*2=; zfu=2}uRf=nH208iL2eX9F5CFROETe<@Svf_0l6;n;Qi7d2-jvDflnC4gQPx3yVH(heKm}e34ue5w4Xm&+869svY6tr82 z6q_q+WCckeyy!GKM%VVb-l%mZJQgJzn$0V>Pd?!DHG^!$wm+80h*K$Q{^bJs_a31n zGFFYav3nezP=kNKl|rI3asGD4pZaVlEMme*WO~FDg_TxL3kLie4{1mIE_aJAfImHb z-Lq(gNr3#BA;^R)OKsmHB;X@9w5(FG?~Q(BsYon{)s46d0xt2(c>)*V+?o^D`Bds9 z&_f`6;w^k%1K%_Zb0A*W^W%~vcgCda-@-kMyS6z%-<4i30b%UOXSses_$fvk0@Ojc zLQh1dGUTRz&)5dET-_e;oRoU+!BJhE)v}v=^-!QV&u-1NhGX`A|JepoUczuYlD7F7 zu4#IB^ZQ)m&5^N(iMsVkYfvfbEO-6PirWF+Pt*4duurQ_W~SP2veN**lPZsvNIprM z`n(U$g?L|#4M|xegZ*Kz(b%(HXn}^Fy%>FpD+SrUDwK?o_wNX1muNw zhVZ4O=C95BnTfug6|QbSAdLch%j4~|xg%g^QrVdcIEWAmpstw%}b6u>VuuW zX7y^*fH?w4)nw_o(VR${K=mTOnLv1>yfASE14?(Y=rxqPq{iPm4 zc(eQFUSU683=SlaX_vbYPCf9RL1Mz@M`0p{9 zGs{H0`woV?qk>jf8=bDPkC8ej{%ocAYHx}CQ8Sv19|tR&+>g`3ds7%i4w=8Lr4D?e z4bDUrAZ)MRgAZ08zJzeGVJ#gyxg1}E}Uwa-yuk5g`)>Cnmr~K1GLMBg4 zFD<$YC`TWEB_-iiqO+!3SEH$f<=_fi?!${CIm3t1sda+#F420JQVhw@TG1Er%Sq;@Yy*&?`!|1jekgtYhtR0(%VNL#n8FQ?C zxjCN^eE}NMNjJoz^3aSgli*Kh&YqwbIz*x9n{W$y?2Ts8>QGXb){)eV?^jFdPtn;A z24fn1BjDcA!7>{;<%ZBR{qk&BlA9Rw(qjXZ{kg}_G~ZFt=m@kw+`&(XkRPw`X?3j) z?Lkn+<9MUto3dX(09?j}@f4|E*S&nOtja}xpZC>?_q;y3P|v%1$?rg=NjI!BHsW*> z`Jt^GZ82WLD)WgxeFr!FSns{Ktd>nlxQVv7!%%6&l913xT=Vl7kNXMzu3|%=da#V8BgQ~ zVL`rJs*=1LLB4VdNa z(l2}@Dfp%{E6YeYSM7dp^tw+$y$_EQ$Nm=6`ZC-Xv2Mn1-?PZ98Xn?HZP}`kaNMKP+%90#A%+w>3W{A$S z$X(leMJd!g+m!v;qcf{uQ%oVs8PJh{J2vkuGCG`lz{apS{*qJ1Y9KnTSjKq)E?D?J zoPy7Z5A7uUsH~CJ>$#eyWU%KO3CL8x{=d!FMXOA$eSC&or7lx`pF2tn&i8%`FcSk%_Dt$czG`R-EL)&qvQCY ztjuyPHGuNKs0(Kwx(Q%+7qYm7Ns3OXb@(Zem5uiJ{(YbKnt1>G1JYPqyi=+1{Le>I zlr>d~wp!u(U&+2`)$ZF_LZoSo%`^mcQD{Ex?SXusT(SbfG?Yod+S+pVw?;%>y7kK0 zz9n{tbi#?5&&oZ8?%qNouCvCMjWF&tuN>?zG5h4vY9sqh_l`{esOwixfA9Oup*j{j zmwM$ABZ^Gi5XGsYTLij@J~)csihD$bX~A_G&4?L0vGZefdLE=N9=mbd5jK_RG`3Mb zV{0wp&krAus%#af2a`}5GD;Xj@E>+;7D&AZCc>rMC*kzBgEf*femB3bpJUGn?Qb5n z+zG9*oWj3ldPMm5BpJt}Ycwe=Wj?JybZy(sPNh1pagA@j}X0k>Ibrycj?X#PTl`c5`)o3C6lu#d_O^gg|0m`uK)Vv?zqRcep6X=jD3 zvzpFm!W+Kv(n#{8(Yoo{^tnjiTXcrzXgaU9ujn?k2lwK}zpd}!2+-;cU zTE02TtNap7NcXONUbNX=_?!7ojs9t*Nyz2vkvhNpWv^3{87BGui{*+tDa-qOrYcnB z1pBT=E`+q&arz35Aum97Q7mv?IMbxcKmBLeyq9nM(GI6(Fm9_J-F^jomVhhm7jDCK zrN{n@yIMx|cpZ06j;<|lE-9$D=mnqVL(*nc6-x7Phe^@8GZGok2qGErTr&5^%SOsvI<^?UrIPI6Pf;PK&A`mnGWtvw3U z8 z*B<20F1zd79PiiqB>ST&ht4ApsYiQrWL{XmXK1%wI8C+J`)9HOwrsJkebT>>F@YOe z)S_Gk+^M=%{(X>#RleNA(jccq_8Gsz_1fLx_W^Fb%|~^;HIH2XF6ZmOj6tZU_2u}! z)w?`Oeg|pW#LD-@4ug*Tg`mAoB#zu_(8BSX^OuA(f+X%Qber@fb0Wf!vhh5D4AA&d zi@=xXg~^{I`!NbQb^=lwmWm6%9V7>r@^({XJH2}L80L_;cSA-f-JB54R- z4Uxvc6Q6Cm5-xWrPS_UZD8-d;u%mncmcE*ZRJKgQFO^pwq|Y^Eu%alLeGBC9Vorsv zT4(lnsCx3qquC@^euC;9Gw(hsR{QXZFy1OP!Q2^$1AUr$D4sxbKiH%)$QrzhwtzR` zaPOD$fqBNoMl0FW#l=^@=ME}4Tx`84g`?lUA{(5-mbfb*_2O0iycb}apdjl0#QElX zU+1D}BL$W08V8t3@y};+m1Oi44?bozog2}v3FTTKOXqoi`7f3i1zpoM*$i_DsGb5bbBbEcm|lyVTD18p2a^ZEfLqrqaB>Fre51wH*Q+G;No` zJ}x>3rfaD_mhmiHC;?jHrKhsDv7P}@FJfC+20@ID6T*LgoP8^6X@hB=2;%VU46|nO zLtqhb%yyDiprM?8(v$KXjGBuFgm>a>%DFk5`QcR%wqVPzZS(W0WxgCC z0c$f;S$A?Gi${u+zP?kzAxie8ivuM9mzf{U`aBf z!JVYL!gA4&s|`>6cUX>}23D$)cWKWWLQCe%w~7I#H+7krZDYtKZcYqr$~=|GktYsY zJ;YIv(A%FT4QT@6SZdf5LyB`B(B;F$v&h2AviFA6xICVV?OCvg0?s=rI+r=~dgTv( z`_)<6%bR4G5>_=b?TV6>IEI`u#`SJ3({4!6)wZhY>Y0n`LvtNDW4}P%qDd_yaCX1@ z$Ky}lDlI=?KZW{kFQGa7(vWtKXYbmbzsMCxPp>07 zl62HE6LiX))OKEclbdaFd1(c&#fe6C3Ei7yUth-I)e%gI?3&tfd=G+V`Eq0wn)pzB zb}bbB9_n8y^?w@cXQX29cl5JH!}7zc`V(taS-_%Bz7fZ5^V(Zhyd)##FWf`~`^*&Y zMjSnsJg6hj)q!2014N~z6n3Y zSisXRxTL<%^wsR3AB+Dm?h~Uqy^cJnu*1hd9J){I=QUlw71d`IzF8e8knpJWw>eu# zI#!VEg9Jakeq*c~irMC%%x8sp}PfeBdoBM(w?4n*LWRw-Ia>Ezm2Pe*^-o)Kn2Yt6o@k3r;vz!$t*QW zvyHbvtjvik+%#>TUQTfB4?JOW9Hrjrjb!@|oNC9MuotfWlKY=93O=Md~fv50lfeB{}k2rP;$WQQA^I#yMWhD+SXm2d@%^}prkzZ5rrbpt5wNAkd>|#Dxl(Blf zU(wde+JXvG4D@$dhjjk^w_={eoB6Ak&iH5eyj7G{(r=dn% zvase2a~iTnkMX!k}>Op4H3wwQpWD0yS!4>;{HCYdlyvG zPUrh0vgku4M-2S)5X9`Q65SFmea9WKv4p>L+^-B=(jyrpwN=$#st^bc1h#OW`=tru zcQ+@l;1L#iFVi1y&j0e6+#7lb0}KiLesX&eTtF-)raaH5{eu>7)c~c^sQ@+4hf%Eh zBec>4ZamsHG^}s+OhPOcJDlX~JMJUk$!gNjks`~W0 zPZ>qdTT~uEoPa$aFE!!^TC4XZBBOzmf;t+b$^PM3f9^| z+8Z4cGVkQ+aEFNs|JX;oSVPy7jBykA$)gnQX&^lCJ1EE$b)ro6Sg+AQW{ewNp~=QEzB1yL(-Ca+~b^emrlB zAMxz52GLZdq;P-C*5~W%x-qv3}>uGSOav}dY0S!0r*zC{gN0|6i@z`>8>B`@LcyU2MZpA;A zuB%y5Esg$~`#4qP@CZs2ksv`|ricoP0+N6IEY6*()7_^Pk+9kO3oDfSs79PE+TX4e zF9qVDNf(lAKMv%XlWM}LqT0lnd;Rw2_Q;2Dw&nKKu!pPJ)B8>CN&*Jzp~ho9Kh1)7 z_HnsS53Yrx#eOztif>^7CysZi*Mfd{|=vI9D%N^FQ?Q?`L1V@+x`sN%Ie_{6oXB;@|&J z1VkmU5d~<5?L$=Kzl|w>qv_Ai#vGdl_JKCy;jznT&3$?>WPaO(#*3u+vD-rNaV zyU*08avAWp+CvC_f4KK+bwNW0obP^rtnhPh4Eh*oyK;?6J*{^W2!C(Lc{}ksBU9=1trrQKt76_W`C8gpW6Dp)N~n`r#GfzM|BH*J4a9 z@~|d*VPYv!DZb#2s<4`gsm+7_4;s?@?7cs!`_rKRje`(JBS*Jk|11rO>yCbK>xiW` z#0%JphD{^>!O!FWram%!Y{V&BuUPq29DwXb?pt8D$tCx5%%K#3e>C(3#Z{RYv~clX z;dJ|P9X+>=f0P+sb#%Yrwl|8J8liqs;J!<+f!b z!sq!oO3h|{VI+#E3!hiZlajio^J|b}k{B5%kX&IOeorRZv(-Fyf!6Yd=YBRo_1nwq zbi*1%!RRBsO$ki|dB3kTUXFka{}!5+z`}28rVSEj=Z++)C+P z6*{Q9@0v{ZzuR*kQLwiF1&xD7^=ACZk>P1n>0Rqzb&CB0+xT;AAxZ2x%rV+`XhI^H z?;YZ!Ivh5`O_cXpGhq(9i_TU7joaHqPP}+WHvzt zOJ5E6`6kl%^miXS_-P&r>EA$Nv`g;DREX-^krJz;vbD?uJ{-fe?ng!aQUP1zuvDhJ zgNNDj;*$yUQrS=V{2|Ky4p8iVEz_S`p1G^#s(VXh`h{##Jn@@cp2(W5sY?#2YG}25 zL}G!4e?R->WqLwr@xkp3$$gZh`{Lz77~z0j$o`q56{2^)&0wSI=iR^e_M`HQt&ohIHyT;j`dB4_;u1*OMDwO;_^Y zbBEVve$O4*>`z*)gl8O~L2v6i@7HE?cgm(rSNo+|R__;x)D-E;{dnul2NAEqXFKS= z+3z+L`z^)~+fx>87r9+^Qx01s#Fwf8`NB8r5zuGMt4){AsJL@zn@#y?@E*T}JM0e; zzJsdw@h3YX-LmiuSFYuNHy~Dg6WL$IDe2>tE|1^7DbL7PkTG~4MAd6MG}7-1!0GIw zlSZ&U%o*$V$fd!qp05&ji0P!RVQrlKClox+`q==^O|ho(%WzS8xtlyaV^jNhh*PD1 zpq79yN%3hJVl2&z`4!7PCBN}90Lhq^Adp?2R*u{%`H!`k&oG-iX*G=w*O^`RdC`OW zi>R|I1pBNj>9j4P#5v|i2&)~CMG#Om@jE%+33Kwpw4o(@EB_*$Uz z*6S6c-HWdnzg6WGEH>64fkCuiS}vvR@I3V*Mle%J{M8P%_q4ADqmrG|FRO0M9#15O z{kYyBZB8|pTlkFWbmgwiSPQ)^bmL?PzfHfxKh!R%va+GkBe<@=#}*N{CPvBT>plTr z{t{RE!Lm>FHou{S_$~mY-0iQhDQf&c(P1;WrGzzyv_5o}5vgB7EG3xdk zC^oqX87}$U?+-&g++Wv{chZo~lSY81M$a;{=y(V5lSH*(jP#x&sQm5s?hh_Lf9@TA zC6xSJ3=u=7{P+tx=Cm-HuV=cR)$kH%(}cL6t)Q)od;CXAZ`!K5{8^8LaO%xodCC(J zWZjftngX^=$D`{F)(2N2DEFoHD7bff?SwJZ%^-}6TYqkSe|7zRzI#D)nUucg#R@~r zbr(Eu>gO+N%$VLb${c+%^=rl*lxKuIBpnkT(_ZOTkK6fjI9zU0#ZdYywPVP5l3^1z zztU#UQU5L6RXgAtJc7x%EDahLD#~3@Ma~PRX1a^ZG~c@{ItqYA>$pNt6nYt>)iO@*#%UCyu9%D7S~G(t_qnB$vaPR}k~ zeAUs)Um4fSm4Qn04}(iq3sp=;fw}RZN4m5H*UQY}j>1eqsqtrPoFDd12quB>2k`y~H?NalWtO64VTr{#Xl*8`(L@v?m`9;AxJwoK6Jcx;T+E_>8u znJ}vR3Hy|+UIJ96lmP0$Z(LUuzOM7=r^7u=+epXBy1&^*1bc}ee2_0pb}wiLqat78!13X8R&$=B&H z`mF&N8M%GlU#(#QPgA}Sn@fiYdY%2*-vZv#uOGANXm_9EWe}*2x0?>tl+Q;QFv+G+ zz>%Qr=Nal0x7oP9#d3Rr_lJ$Y%w0bVJ8&W)#fPuW+|Ln!TX~x${iVN9Mt%M=JjKau z`~)$vUl}=k+Ou+MFXTa1oI3~o)teQ$+~0%&8>4_f{+wR?WCnzO_myTNvv{DNnnR;c zpxoZTqOK$T{(Q;zJ}I|Srtl`X_aLd`9RGN7H}a3*JP_Yfg5~{R+3Ch^*};XDId5~_ z`#c8+gE`eDU4lpgxR?NY(wZ#=^%JGY%4wW^d1>R4D#`DVj+R}K3ygzL21EA zd~O8U4Wx$_)j(ihG^i7ZugvK}|H68FRdYyF%`T0ldrR@}$kZ;#DD$TteRX@TD{?B+ zz84v@P8s0(+Y9_i7-77`4uo;{wvSw^$;q12Zx0YfZtAC?zHs*^qq5~u`vg45M=#sy8=;g}o9!A~vnUqJNs+7rNZWxbC zHdE{Bm|$73eI~$#MMa#YGQ|D#yyV%as7@|1ce4uG=Z=bnE4Ys~o=>w;WQ=DTPjBeC zmkm%Me5Wy}&@-}r%soGv_T)8OPml`f_%;cPc(*${Ung)DTHEsDsbk(>-)f)5WuFc{ z%%!VfF74{g!hE-pweAA}Y(u)f>IZm9ep#Jg+u?}!lXxMZJ8BgjY~kthRp0mXy`D!A z2*f9c@KXJG`W^t|x7fNT)oS1P!e7t6aS`608b5&_HOy4F!7<9(_7LD{g-$QC?_+$s^3*_|O^VX?i##!xyKK>l+~lH8}WL;rdRi}&G_ zufOPHBR(;w!g54|P9Z7YTsu=mPGUc$LcfH&(7fa17wnfCDLqEEsa&GMe?0dXYWA_H zcBL(!7^cOv;zRyi+;d|2>sN7l_o_2n3wu5_y~sy-PHZ_letvBX*?K9n!*##}1~-^t zvwN(}rWcU_s9cOU@uZ-|1l6QCMSdc0?H@c)>uj#%RP(I=!GmLS8N~H;gj}deggy`H zqQj0wm#g7j-;t1^xfuvL2?_`UY|bslE4DA`o^TFM6Uf;>J1uabL>X|q5M3z;H$MIn z`6skOJBnETk`MzQC!zA2Zg*-MJS8qZ>|SBoU5nLrJ1LMO>66oG|8IaFRw50toBZN^ zGQ;;BtN9hCl+iP1d&|#TrT0F z#5E^a(IUV5#;f=zte{Ylu%8c z3#I}!CPB7;hpg3qn*zcTGCz5P343!#{57+o8L)b=Y3AX;m4{tF@SL^L%swV^u<128 zB#`p@mF|ZEmJBk=M=rO(Y!$q>K@FgN@lEr=Is?OnywTcIMrpDu# zR3Zl}CTPPsZg*?bOJnH?y=*kaV_RvulE?cOaA!a$RF@B)oqRvQ^zQd?Rgc+xcz;bf z9S%<|xx7M+(L33q>X5ty3=!31na9o?1^ols8jy(o{qE;=O=~W{6f|M2wrvj7nd*mi z)&Azb1;PMR9fu836vYvv9d<4IIdF2!FNB^^?5F+pIS2moU8+qW$giyO|4Ou4LEllxyNge1|KA zSTMBhfG`aj5dHeCSs|ue=9gYR)EC>$)&>E;ioJ%Zv~-gFvrGPUOfQaI+hFszZWwvZ z&N7bCgR5SCXuJZTB==6MwLeZlFV>hd)y9*_y)F!Rvrvb6bw@EJnXe7a=RN8ftE9!; zFkVXX66wSq)jNBNBDn889FN{DXoKBrK0&@R94WK+VP^EWDvs_~jFhDJN4Fi?<;8yv zGlqhve#3OLefdqn2J^M{_G=S=rJCM@G&!BM)As0TKV@-8@FjkC{4K|Ue~=^f>;HT@ zh=(JZSm80LfJax+c6%nGREDfuD#}s&Ruuo>J>J6Us9a!xF;Sh19RWqL2P4&rWCd2- zztKh$Qh8I9G*4rDx*2cGdbJjU1Fd3@sU6d-|ifXVAlV z$p$#(Ri`hEo@Mvb>1X#zv59>Ke|yq%9@qNNPs?-{PP7cyTMycMvfup3T6z@kPOzJC zes28yk-)N`>K~gi&t{KAoYJ5@8zi99nfE$FU4yN2(H6u-mi(tROAA_9QpJzELogyc(7;|C9&+SgoR3-;|@!On7j zDlF&{<$Yn14EQI9iDtc?E+eoZsOdY?$LwTJu614xw8YDlK_~|vI`1$`g7Z8SPJqbC z`nLdtL$w8utSn^hO!|G-`ryt!L*Jt1y>NErXA%_sG7$D9_;;u&dIj%ITh(BcgB4aWEvx^N>?%Kvb^&Stm7Dfq2b0osYjJ5<; zLikg(qZm}N=sm)lrYo>tu1^BkpCf&FH?{~JR_Xroh8M+08F}zwfpmgPi#b1_FY@49 z`xLM9;gih?BurIh!{yCnVeQ^~^jK-R9G$vFRL(l%jD5iRdTKI`2$G(D3-1l^n_RGAjwbM(JFfS!V+>b2at3ENk~*Gh2dsH+)nf5B0jNBs$Yb z+npo_f+`D6qcu%l4rz#!qkLY+9$Dagqf|Vm1 zO95<~!AK$m9H8t7o`5q$(oQre`~uRwwtIb)>L(fSdh9>T_%?`+D$@Zs-JI@U>aOgs zk4+W-#Foaq88G{_4afMPdgdQ()|H9%%JZ?&*25l?)z`mACNq-a2>HCjmG}kBcPTkX zdH6>2J?Z<5=2@_^bcaqlz1kZ{D*v1b~V zndb8y3^XU)ChAPE`>x>fOPhZY46Loe=7hPCdf_dyO~Y@H6RE&R7o{J*113@M(r*FO zolj7K{6%RuuH{L5>`Q>joFa1UQJ^V^7ZCrqFDz-;w1vbIz9gGPKh~BQQrlOWf(G7u z%{;h2-P-Spw^uEq>8m-+dwZ(u9k2R_nP=G4(b7kwX1`QaR@ z^PVr%_E6>vLglqR?|-_Cms{rOtcE@Ua(`9xp$CvdH=|^o29|%J$#+T<<;>RzQs^6< zVF35t7Ly4!-!I0MX4cQzZE$SDhg16}|6$dZ?L}V4i>lSHg-TMMSJkWI&9vt7%GAo! z?=d~UVIe_!L$QBztB7Ejf88;91u%Bg_#UmI;r7gFaL+$nQYTs8jAM>GNai@Ap(u$3 zRY`@W&#>niPY2w)+2aqtnK?Zt2jJ^A71PWT#wjtX&8M^{L}|G1{T#3qA7eMPT*?HC%i2&M*+r0S8XF%a{*! z*H^HQm-X~iyy?Qd4xNv(l8k{TXBNfse_D^zzTTc~=QUR?pv~9ttr;}Gx7gL!dja~W zp6Hr=3-gQLOZ;CqHbcn!V=Wp_k|Y3@c+!m3O9Ch-eV6DtnB?r+{6jAfKsh@fbuI9msuRVoNEKyP*kdu!h|BU@pD}X4(|>&5&9&mbZi_D5A2%>K z66kw8KUAUJ+pc95Fmu|>D(a}IDndV(jBSQ>J1X|}3v6+?isyUL-ViZWR_7@t00h6| z{rpl;g6uA-M6w!&D2lu7Dgcz_wKOYq1|)RBVjN4_{HZtc z<3CrIya%i1=Kv(~KVrQF2+K0>tVo=cTjcpFBx7vphNy&#QbI;5xEs9%UcYBA z{d6kx9hp?o@KUzlUg15U5Z?5fB{+vRZQ3iWdbPtAY`^r*uMrG86+0r|QQdNvKWLqa zVrMB%4oRee=3be0KYuXL;;cw!dt(8Ig~7?-ec_^NA>j!No z^7etXPHnSYZjbGX=7A&(>g)RLyo^!@nDc%1{U7AdQ7lZx@C}tn_Mtqt@jk0^9LST(phLp^KCzOPaIW$cVbqc z+ZvtYPn=vwp1Y(ZC5C_HldG|yA5cGsYT@^l>MJSf(N2F5g3ekxW#h_C0q%Rp$KmdJ zP(?6yRaW(kq~Pc~DQi^a0uE8EieQh~6C4K*?bLB&C!B3YbWY_*zP}-K5~fjNbVd6J zAMaI)pklV<*{QXrvnY-q)x$nHYjF}C=qHP^zC%9WR zlhzugrgSlr_o{nwJm|UUMP47@k_r`27!DCV@4(5CYj3ALh`nf?KDT0EdjAg~aC)heTx;_@#|J0y-SdSc$z2@v zd*A29bMMM|LLq8|W2pBXSe>hKvaUawig824YS-bkWz=eaRI6 z8YadapsizvN3Nhs82F(;1i1JgKr8ad36vtJwP(3F-vXifTf&{&a-Ct_HH^r4oN(CZ zoJR7@l9;gWekooVzL^Z|s|ql8@GStizP#$CcqC-69O9$D138u7MHtAtdY)m2pn|5nWw#3-;yIC9Mc}WjgyhdS z?#{xpH-!b{wf&B}j3clRmnKtB=&6}kAlW{^=Czpg1ico1C(M4~S3X0~H@Hc9-B;}O+oOR5AExi0%?FAkicJsDz>k$-FVA{9 z=F{zsMf?F&(sDygZP4VIhss7;UCw&|Abf@iiD7#@&^vEU4L>jvhD#W~@XMxNg->-l zz4^;I9pFcZ?U^7AUe=aE5(OI0)m)@n{7e89sA9SO1XAmAXl;v2u%})3HeU@Cys<7E zl6|HC?T&Pr%s#*`5CUA+G%Y(P&mHOZ)O_>`9!CT5E;}8mcL@t{t2E3@wwmW`-EL`8 zSosqUC41Aj$+)KmZHe=pyP9BlwT#7mW_TAf({WFvo3}Tf4ZooutDkuhv`7d}i?6GT zzCb}bbbgBFPA*@vcYv6e3xD3-a?|D=>PKuf{fLI5@JwcBv z_&9m26zk;UXhEOf5BeiyzsZ49Guf382RVU)j}McRakF#i=y>Uv`aL62@0CNZ*mB1Q z3=`&aK^@$J1OJyK-fTI8rIvmjCuvLZjCPKx zsggGD^3DndeFYO{iqe1zHzcbQP{?SURkskf(ZD6LbaRJ#f_LBQr+K}83`f(GC30Xq zg=Q%fNP*)$9d9R;ZtoC2^b`qvpYYJlSVh$le)m_w7zSovjKSID;&00gpA^?a)wv3y zoa8h)jRuGAjOl#LLvm*SvXQ+oDED{SR7C!>|BZx=siFGbtfkia)iUv?*P+KlcU2Z`F#mK^n{Sm#qq!dzHK&MIi(s) z&T4gadbihNA$qzGna>_)jU(X2H5_I<%y$2?;-IwPnJq!|>(+yBIDB)-B=xwM^pihk zz30`vu}ROYuWF(3>&W#qlUd)O-Q(LfdG3n01k<8$&0-R*ra`!Imy-=oGP|H<&f!52 z*|*HW$)YF|QqRXJ)FHWz*P_h;EwD8%`M}09l=+6k*?2jrJH25{i(vgEIJgdJ@4lZu z<|0&qKHTo%>q0z)@aqk;EO%$$NFJ#1 z$Iva~eIaT0YL+k4Ii#UaBtel2ZI6Kd;Z?qWS*1O@+YhHMGe4n|_ak&9m{woI=?+D{ z!o5yQot80ABpY3NG0Q>^S_jzpgsxrB?%iN~L|%4(dE?!5LK#O}_$ZSHj93`7{`7&2 z4r92!FHn>l1}LX>Px8?6mb5YkfC}3_Z#={T8enI*(^x463H#A9SOeU6d95Z3k|jrx zuEi5{9k6W~2lsSMzSP$YNJ-|Y1HBbAZazccU5LSbc>29PE^TOsY&TrXBzpYuNLenq zA9jsMmA3T4cUE)aM&w_B$YcynHO|GPdJ-V1@_uK-3F`kOB~5huGBah^GAM`ZfJ678 zt*=3(<@>x+?DaW@)!3e#o5vmx1Aq!|?8q{7NAIzP0=|To9Qf|1WPeq1E<>M`9xv{3 zC8~?r2iHMBgoTf`u52jJqa}jbw11(H@H~pv zqbRh`;J<5dpXzXy;Z;ebulJUH)9G~6OrpzhTR!c#OB<|ys>!ufFXH>;ruxJAjj+Vu^Ds5Q@!KOcaUgu#L`7jfQ$egANUukcf2iZhUHS>`^P_r8x_O6ZY1Nv;B& z=HF}19$y75?#JWWIbjTiOvJ+|cIJ+Iesx7HrQE$5ryr3n$8f(q0m{lTHKkjBf&4z2 z&j#G~#23lqJL5OeolsUN3H<;wF~|tKmDHs9qPW_<#eD-7wp(gpe1if~WcATSgE0m} zRo7m}dn9t_UrxmxMvgtmZ};ez<7j9%Rv%Bv%@5Cdn0fm>{6mqS&m@8Z*-xSyYewhZ z`m)K1qs|P1;?w6ceL$>*;Qt;^RqlSDMLQ%BJ0GA6MJZCQ4&~u}U8@`098P2yH;mr< zd6^&3^>&r08(E(^02N3j}ahe zujgOcJUBYRWez6oRCnJFF&_G^L$O?sMc7tj@t)TCNQlrte;0amQ;Of`aJyX9$+aKN zROvj!ig%vK>dzK*`^mR^xOC0n*M7{;3!kvo_fN0@u5IP5)TPq3J1EG&8HOdYSJ=F{ z`BnAMp5GO^sMHGc{TQ0Tx>I*xg`@hRs&L6PGQ=bw^Ilt?J@XJ-BuU`2u606-j(aN% z^LDf~&CagF=?Sn)rnDPV|>GY;b8_0oTr>~ ze8khEl8YM)Dz+}UFahIaR81S|z)-RhaG8tWS@_QL zO$g}EVSqBpFPp%|d&sRH+}_KBd%pW_9C!JrLn*`Zva|oz zSz-z`L_97RVZpJ=biJHNdd;|);>n}E!5s(CiF2cqx=|)yes#lx)VQsYp`N`wv#Nv; ztk>$%IkzBJ@D&S*j#!8l0T^PQhk)hapN4vKfW(rwz|ma~ z_4OH#PeLxx=Qd+b{Y{r^eKzzEeVV^2A7XGdcsFMHqTMU>toGPqk4}7C$W8?|`HpIt0a| zzZoDh*%i9{km&EBC&veezrH9ovF}%{`E_wgV0>f0LH6NFDvn;Th+2c-)ArvuIp64u zl$_5=2swj7d616%37P6`PjfmkYX*F#v_7~ObN_O14+qBW`fWr(vup$Gq_)~eyPC%2 zs52hh)q{E<3%9Sl?#yw#^ECJ?9T6~2gppLF=|~1&x7QQCzAZu=%lmHig5>~XM}BNi zqIS1-IzcVV8UI7pDPU)u%dZc{rRb-^5zivJyjOj{s<2`QZPm{{ryA~r$=n`ZCzMnLrz81I zJE#G@SPu#g!U^1?u-DVm#owW%J(|U4ha_?EB*^82^7M2@aIT)|mOU&I4LeNf;(|eW z^BxhU{5juUjib_0^m=q9#Q5+v>@!b)zR(k_%k(Ys)WU>Kc-oVD$ofZL#L3CO zTAxOfcy#eb`{aY3NYVZsP)Tj0($joqJer(IUZ+&iIT3YK?|bd`Xo5R&<)s}Ur}PYa zdhOnL)=}DBk@Sp3l~oG3RCwiAJ1hl_o&D^N(w`MLO~HR9z%GK`X!(3!>Q2ycbxz8G zH74_ApKp`u=yyL)_<5U2YH9`FTG=5JpTLBe{vI@F*`uajv|Wora-M+Sn6rR*F#u9| zT!|IdGSBn9)W)L{J26xs$qRvMWJ1*!<9>#j5&>kBo2cA=e~Dg)yd=MSAgY%p=tE?3 zM&a-;wg@TxzhA7t^eRPvRrm)R3UT4wo*^x& z%o9VH*dVHOsrt+>IXJ>W-4<`wH0B{w+-pXMR12hzUW0lJVQ)mL9Oy4^`CC$}T+Tw5 zpWYpJl2IK?*#*`@E0Ed;fb%3}4@LW-@7O;5RV)r`5#HS&SWG%=)5r1Y6?(uZX}?>B zV~Y_@5XC=Tz4ZtUBJIS!G?6kNdMfWr&)_2VyHO&{!)wr!Y9|Ftge|M~6;jv7GIcN3 zOb4iHvJH*R$6`6bymTs?!~M$Vug*#C`@^9$cX#u!g*<+agtcG0pB%@b9DH)0X*!*p zxg`iW~%18LZ7%R%`T1Ce-Gd9XeLMBAAfvpyl$!BK;Q2q zTubKbQ64=Sjsum@h2@%yGkL`Jgo)g(Leb*@-p0Y475Du?MTfn7A56H%9CUcH8p3i$ z|Ggd5=Wk$M+~e2ZI)E2htj$vjZj+=}4bfri?~_X8cXSgfaZl$~02Hn-c;{9sdDsUs zNX6c9U{<bJo4#%y!^Bd$WF=Gi8s6)T_;bN_YBMI*6mK1}uw&3OMRPIi zmD=NtyEchd8c0|C{yR30?pB@T^m)>C@yjbomu%~v!r_M_qxBzn_drKb+p8uu_@zA`JrA;e_8QqP4HT;@(GH{Qip4+9zWqNbo@0q zAo&XN^awXo60bw9%XfdMD(-XiJ`hFzSXz9t1~x2}fD1@6ZUp`B;Bukk@_Oz6fDpg|ej#jHU1PxAWSKNV3ogPNI^Zzx z=tKq_YHIFn*#j&#UNjoJdQ{USkI@~liJWL(QBxY#k@F@`8bz_Gt1$c%A$}y1)wpt6 zzRlW+?m5p+wYN`1By~(qp*&O+u zpABhr^{v1Y=}eTv)y{y;SQIn;XiHcvkC=vC`2k-Ra)WhT=?BPR$@OEgUF0~^lS7gw zGi8~CaY8!vVas6=a6CLc8W{Yca-`f1TeMTMwur(CE@>ro-P$Gge&_>K{SZ2ge;Y3r zj_xQa0Z^e6>sIfl;nMLH=PtgT- zBDddxw+?O;pe=zN)mPmmT@N=>JrNCOJ6Jwc_jPvBF)>`=@Yn{5?*bM%m?wXg{A!YJ(GumeY2BMq>(a8{N)>Ammr3Kcl{$)z$Y) z=MXA9796q$m3m1;viTtAr*JW~ug(VWZ3$UXN%b#hOcW8TBNQ@qJOsboO&;w&z2b-EAtL=b$bTyV zg9BB4mxkE;&GpICaUl1}mKi(JDT|XYIQ07+Sqxk6H4NqZy~Vu6d;D-RJ2eU8Aygiv~x z5*87MtWCGti0X^0f3`2Z+=>7a2rpC^`sogm=V!FVx2T`oH-NWK_TCG|C+h-e2!P!b5*_=!{(5>?*!2g!2J*=U}3wdo6&W@2NY5YV7VFx_YW1DHk&S=kT2>!Cp( z!EG=0O|HnR3SC4o|Gem#5Ul6kYgCof_BrbJqktNHT*)->j=UgLOT1pk`{Pjbk2{kr zrPEklr{Mh{Y7>rTPaly4wK{oKI|RKaGj5K9o^zq2pIgEF)`%ESy9!5xE5K?_24CDI zfa|!?KhZ1>1n2#N!fONH#z(6Z(BjTX?P%Leu)BWCXP`T2!~yCa$%2QLIOv2_H$rW2 z!|)2`8&R-nt)iSVp@Sj_VSRMy>Gyd4Jde4=ui#bH$NkCpJR)wd)nKpdL%r{PT_DVf zKk30k(s&VkCO2h;@5CIc=4A_i$|;08>s4Acs>KK2)%_EGCieW{Xmx=mg>Ae0YR7)h zU(BgnKV7FM(5CxK4t73SM%t|{zFU6YfNeYUIb>b;#|~S31-L8Lv$r zG(LJ1U+VZK?rG>To4x&YtcCl720-a4eOTd>^CTn?w|(;BM4M!VcmA4Uy}CkslH<@< zV`WJ5i_bBAo2mli*7Ge~e;*z~H2Z-3tAVmuf{>o1bXhM)e!y@G%NR7!wyr34maw1%qV~Z-pC>bF+8Dq zyq|koM-Fh(ir!xca=+P0cS4MHVGhifmBx(wsCxi57rvO6n#b3$yls$v9ihfu9UMuf zVKQwBATPnlm7{%Uk3oQ)a`;YOj;_qrEm(QXZvzS1T1_#6!34fVa(wnO!B8!%WJ_H4 zX9!R=*8l>OI@a>hltH#04CoH&6+8$uN*Mcl1t#}$NNXauo)YJNjrQ0t&_4b%`|7fZ z7wa)S0Y9a*vhi4U4OweUGXy==D_|ESVT6`sAkbQ5_`L`~%nllmW%qpvFoD@$sr~6b zhyo(W$Sm+I$PRQ8xUg!wFC?1fTCsCh3DHF4fioZtpz8Mm?crV&r;V`;LiVkYt--lt?JX@}3zewe4)qTx-i ze4Xa2@+A;L#I`oKOlY!cT1+^+LpTB&YV4;sdpa2R3B?)T?i+Rq_!YYvrj91V1HH>P z!Xi$j()#A)sPdlwj@{2_>XK!KdeVq5t;N#mt%K*jXGLl(-o`I8_%~t??3IDZ1dk`^ zieUosxCa+|K zfAwi;e#huS2x8u+deSOWdZxJ-YA8_A&}TPKUkr-kdzlUL1H>&Nm$V%qiSRn5Q}G>R zgtoHuidUtr8Lb+g&?^mU6(tI;JM%)R97B0r_H|~xYD!ak4J=W1gaNR!^tUJ}NIk;0 zms^-LKQ;>l^4omF)~;nmPd;DIt8THU_?+hd6+X!;bQ`y&AOb2GMO2 z1MvS5V?6pZG*-WBAU^KYXnu5eFgR$oHuH>Ohdf!Xr=}u5`wb}UmA~y%@=z#6nEK;> z$GxW!3hY}|oydM)K0>I-a8h;Nem@oNi{ZIn3C<}i3B1OBj0vA;8fQA+PJBML@6)FH z<*+?HD0u!3!mYZGC9ia3YBUs0JvK>vvQ5h)f*5Q6ygRhZwLE*qdIBePX2b6z-Y+rP zFrEvFButEwAGGmuSSDYYddL-TJrt5dblrBEzr^M6rO_2cdzHcTjUfqiuGpUuk0tNh zD~#i{J{KcpBbng}&f&n{PctELZFavKM(qUqxUSVh9yI%>2_l*MHK|3y{ITI7`NTH+ z9nU_aD=4b)aGCOS z5^uC!ZkP096|!lU>f4q+Va6+cLP8=QilnpJUwjxgy~P^Z4NpQegtNyS>xI1CFV1lC zX)}*w{y1dNUKjO+uiPxp79cBZO)a(8)iJR8id-=otC8KOXK3!HRwZllc_Q6`6JSVu zK9Vq@!V?-bW?|y^L(_XWTC(6@Fcp*Q^-R%V(_!sII0z~D=vqCA_$)eet<(tKpNw^j zJ?59rXYI%nAdnI4&Vf49CruG<^hniJBGDhm_r z;^)cKY&zZJsO2+z(ij~g{8w$Vfbm5D(gI@rO@AaHKcTGihe2I(IdxXp>eQ!1I`w0E z{=L%rdR?STjQ(p{{-}LBAU*;O&mQ>wAkd16cJiP_h(|sCqpYA0!(cVTYy*Aa*>u*n{?ixVKcT@gNER0^K zo|o#@f9$%kB3Qz|cN8FnKgP}kacQd*v849AZWc) zTX%WBMqnCLJ-|^D*^vb`bg#jjZ6}FpnAh*3d(OxgISX}b92rCffe$svY4f8I@7nxg z^jpD52j>M!K;h+4-qvJ3yuTCw{q(^W*zA)kPMw`fU!pYc9R@&z+Z(EdgCH&>^ZVuU0-{yw8h)zk)uX#Dme_61nA|NX; zACcP*V6h{F94>oGdwu7Yo4wP$4RJdOKjB!;vAp#$+|cngD!)j4fm*d^7BNdOj8>m_ zEn-o%l&ii8B@_ziz50StZ73m=QXZ!9gz=(-T;cTF2}>>EZ}}~^ z-xbVy-`Enw__pXmF1GPoeUv)qAz$#iZ}FivS4DLC3Nb15ujlsRyU+R?4MQ}E{d~NZ zgo%P2pf8@(>MJkYaV^{>QpH7joyO3H0+9KsChgGdWm>?o20Ha&N3DtPuB6b4<_crc z!V#_sA0c1#av~I~D=AhfoB?4Tg&Tp1F&S2Fmint}RGNIH;+n9ij^SZu$(( zJM-Fy_37mgMSF!I%ZU;FtC_cOfes-1)Xo>oHvLO z;cqB};;<{I0oDbKdf4PbqK)j!9=O~^)}~PD9;P4RxhS0Uz0GTpZbb4Jjf?nxG57Ky zzPHoD*V?OEUqFfPI;vu$16HHYyzQX?#54i}HN3yLvkHFHDF&kr)@FTBq_;L@5t#Pq z(cO}3zTF0>Mj()M7yo7FgXbv0J2a1(tPF$Q2sqkTmcW^&1jZh213|nj!vm1Nrv^Ae zN{%XdM=4LZ(Seo|j_MDG6AN#xDrcv4em4t0oUej@0K=cS-`3$ax0Aht@n>AGXEU@}OgCZjmCq72%vg5HcVu$$wg?7OVmd0)Z8 zI+M4<8CJjerEWfzfS$1^3?WONPA)qj`ocKef%Ev0E7#1ixbcz#WFE>5QXm`L=IS>Z8}YYx@f?eFU;1W2>Ea zK4R|$+}40>r!$Ddq^;xizDL6j4nk5@mtx?pAB-XH9=uj9kCfE21KYti8?8~w!2c!! zVk}UKiNSb1poxnsWNns$(DupA_k<4b(NN`TDnA#Ylf@45GU|VgR+>~VFO(%tiNMjo z9){f0JkyH~v4zdaphO!e=NT*%fSgDhjd@mYw3hAPbUXa+SVki7FP~zAB_1_CS^WhO z+8Z@DXSEU5C0kdF?7jXM*m^46Pi?LwK33wdKQ;Zc;IAi`G5es63@bP|#0V(>m(Cq~ z4h6j&9QJq^oudz@tUdhi#vCk2#rSmKI)7b3*G*1Yh};N&&r@MP`%7&Z%3=RLk1ua& zxQ{lKAq}mFeSt~80e-ZW^}Ng1g_uhR2NM?v&iz4M#0qSf5* zWJoe`vgFa9kUcu2{t`@vc&kw(fS5Zl&HHtK(#uT#s)|2igwarM*#DGr9ZL1)VR&LZ zEuh*!TRFC;{_u|TYcUT!4m{nr*Is)+p{SwJQ|dYAot7%5s9*Lq59Gv06I@rSU*BI! zgwITW8z0fqBskg*LNzx~kse6zOae^e2KLOKGZ&B-vCZY@q@g9EsMLLUp7wsaGIE6b zjV|g;MEbQtlC&NAl(KS5#b9CU#LH7XxZG_lsGZ+(@>k%@c z9~C{%{&mgd&dC%)4YNjAd@YS+9ZVRZ^ooxWMg24F?y@#OZ&)O9wX*MJp#RFiPw@#M zwRAeWwVi}^2S?s6zhT-c^30U`ubDj23H%3w5_lB7qwJH2ok4l>LY5z>VWBZn!}37)nin{nFa2<>B5c9MS2a!vfPm$$n9PNb<&6T_iHSitm+T zPRi~kl%X*Cx+-n`DD;9h)VfZz-)0``R3GDZx=9Se+!cJGKO;(9U8&f-Fb3%;_hzQe z+2roeAnVDf%$80gX82EDZf9lR@~4ZZa8SkwetVZ{x*Vjuv;3|e|N3sfToz$1NZS34 zuEJyRYN_zA70Mj@MeYW73}EeS=a}aa+pJp?x^n2&zF8k0v_WF%&Fzt0ZI|1U)tNY{ zeloIUlW#VBKD|%)o9PhZ%Y6f$jZG57A13NFh~Ptp6T`}uSAZ-(-3ab}yFWN`zb*|O_wSAw=$ior`nDGi?b?UU z^?pKLD(2AJy=}M4N1y9G&w~uB%=#4R)(K{V) z!=smgzgxKb*AHADigkGjZ?e{oac>Labo$MU9(#fJu{Dni%gx%ZN=io*bw+6j=swPx zm>kVG?M(%aojmZL>$M<P)4-np&N9_N8p~ry~2_s z7<%6(S+A=(-5s$0RHP!P%sTup+lYj*(s%%V? zE*#dup!U(6KeMM7!Af7aIGZrL6|}bZg9VV7{nJ0YI1U<(>SIT|Y-Wc>O)D;`ItSV1 zWmfg_ws`p}z?3`?GWvq&R3ZxzjNtC^H~=);uhza}`+OA9*tbe>aEJCgUdPjIRZ`5Z z@Pk`EZ^-UK=5_g+ z>*3epxeDWlh`-{y)`u@+U34%V%?Q?Tusty65Y&=#5(5D{7KBV6M=A8V?BEM(S&cs$ z`YrMM5TYynD}uf7)5*)secy`AK-<5I=MzKv;W^EqLDUCTL^@{;(A49Nb)fW9jv>Uv zzv=7=Jzw%!94S3Vx_aE%LsVJJ{k!hzhcd6N{UYT6hB1mQ7~GBphnY?sTthdW4tRzm z`KPId#o9QJfx>Uy`G_m1{O06llr-r#ykDR}q)e=cNvC`U!sW8E2N+M|SsnFxEBf9e zCB8Fx(MGz`pGwnuDWsV=s-8?I$?vDRSSwhhMX2d%N*!eJZtWtyoK9c(Q1j6z?_B);!K0b_jS%=mF%xWIR?J>UnYk zYtL>#iJl*V_mK~=V~nVX!(Y}&uox_L{v^K=$cl638e+I+lJ;$Z$jZj-NuMVX0EJW< z!(Bv4>w%CPzB%}SkyV@@Fx>iJ|1V<^cG*XsdPt`uwyRJEeXOK&l9|4L+5H=W`LmIG zFhIm1r{16FW_VpM%Ed>=M1vq+O;f#G0BdM2$>3q$T=}qRQSaV+t|8q1g4QJ*>d~_>*EDIA2_c?A;I$7h{yA$zK@Na-qeG zsRt7R`v%v}`1gH)1rLW<_pI&-S6eIVwHPWG-$)3!5qXv$)$KHtpL~uoh~2LFqYom4 zcjY>#YriD@FPl0LbN zhxbzQ8!JUd{#8baUajC+_5l#Hkm3`8eBSTYuv^A-bNuxJeN1$Ht}}M;+md_oy|}7t z_+~W_WC_e^to};B*g#g*2*a0s(e!!>{g6v?$+VHVWvj)`r}JGLij!9_BQ!-|3$$8M zHp~oF!V(pd;o@@m&5z@ZSN|z&L`iL&8dPBK={$tY{C;gy>Kpj-Ht!$XDdt01vboKZlWZKLx^vd)E2ZH)C! zs*jpYKBWVkhSgnMXNGBfTg>a5CK+C^G8}?sX*lb~>`Q`6?|y}dV(gOywYkE!@}3!A z`OLda{#(s(>xp08Fq@2YR$~2zb6~tt!W*YmX)Jngf8P#Q-8hr?2xJu-oc37Oy}x#0 z@bGe`P1D@U4}jCc8TCXuQr8YH4l4Z)NDYy`DOcFee#CH-U=m255#SZHV&Bh+&EWMT z-O?JX!|uLZd5^@s@%Yj@kB_KP=HU=Mh!;!UXFIwRSxvT4`@M;ut^jDY&qfgGrR?nw zRR_&($Kgr5;e2Qb?>frV{<^Ff+^T=D@XA(KlLvt`Wp;A2VjPFx3V|3rti5LwjVsI6 zgdqJ!m~#Rq%0$=qsr>dIFZ*1c$K8EX%%q}!`%w(ac^5VRSry1Llv|^G#(l(w$2`5Y zas@#Lb|b);``q_s^Zoiz3g)6?M_%>=b)`7I_iG=;>qF4ZSPLT&sB!CkjB`!ouX=0P zL7v=&>2rn5xKt+GU%=MznsX8WJ-gi!!X%OSzR^g3_}kvDN^UnfZbCmD1j`Js69Zeo zr}TKgh5*8h?Pg^>yY7eZ!(T%D$exUzq>eUG;gm;{|Da-5#?SPkx&Tboqv5QD)X9W~ z#u2nmU!Vn5RI64$S$EI@84O0fI*xwRqVLoo8Y}TYq(ySmnj-UHqS1@EwqKu73i7TY^Fjpl?e}+t8@7JMIP{yvvRCXS(z8(Es=8m3uteWm*AwncZ+@UM zpJSU>bHWc2dASEoqkG?UV)A?sJw@PuMhRu)`xjI6nHP`7?-_7Sn(ZJm(Yo9PGP*H` zef5j;7P5E;Wr2b;_hezE`eC8pdRa;~34gW4ImauRYGr@w2=(SH2hVxFd%+KL4VK$f z$+3He;MnFmnE@N?`;CGk&isSANi)!TYa-v_nTe+R)xQ*&a47-@t+2fjf}a-zgICR% zuJgXM%f#fFS2Y5^U4csb>B`@_J}C*8T>L#ZD|WiC%ECbC%JNhtg237ok8VE{#`2P0 z^QyGB!1SZ{6mec6amdm=^LU&-6FXx%issf4zAD~jzHt5?MaT$1{Ox-oASrVS3+``- z^EfmMM}6$`$&q#~IMI7$DbNCkROnvUBu;dPheCb+En+zNzD7A<`U6rhkJdEl?rGW+kY*Bape1A_HFEWfRt2~ zy)Ov-{B_-G-8^SN8;>5Cb^L4uv>68QBxn15RUM|=2IRv%L@I|EEQUoju5U5}vl5lG zJW5g)P9kqbzQf6C+t&#SID^ul*gYPDRaKZh>7xS<#!%CK^9{nOSm(@G=`Zi_z4fSt zo(9Iq0pAtZP`nnJ9+1#a)s@Z?P6wgQ&(VWE)Rxk>bJeO8pnGe-yM!tCm#Ugv)-PEs z&Z|yww{#hg)_j*G1zGb7M)nIxF5E;#27uq&rEAJB*mDg9vZEk9-;LDo_gTLOJ!LRY z*K`k(=Q>nmZPLRAo+1vXi&V0#vi@BSaC?zum*fFi5{VCw>jJU*@!wqI>sSy(!pT%|!c` zC}qkd???0vbdF;n9QIP7Yxc!IK9X}u_MN-#0sq61_K3~D7C!6^O(*_a{Q^t5Kw79K zTGZsSz(Q@{FwyFBFsyy49#j((&HUuN-%ofb*(tevqE6aU2w8B^69f(Q>hh%>oHxpv zgP}W1M(NiHtM>4Mf4?1VAwuspizGYdOS7ofu{!=R;AM;w35Y#eakxd>rlj{5^a7yS zkX}O+5q}Tm-H`mZSfLb#Oj)|}2eaHDg1U&b6I~qq^|sfKrJq?4Sv%*X zDa^S?9K^P#hu1;BXl?02SiT&s1W*3y11a5}JEovYorK);F80}+-q~=lM?nTF@AT4zm$P`u=>&G|IFJs=8-v|8K9e%f z?R$JX{oo+M<-f|eX17dwd?5)wmqMlm<+1PwPt&)wY~(_zkw5t(KVm5VyB%g5^*UKO z;TG@}^6!l{*5kx4;#3_hPnDpW1rOg~d?=*~bw2x$HV+K}S{bk2)pa!)wwLg`hVy}H z(=Z2CwL4J&YriMTI4>snY}WvQ;nu`Bo)k9my?@cixHD1W?Zv_Rp7B%Vq!g6~Q(&Kcpi`Imup}Vwu(8rGn%)=jez%nieM)(B8 zfryVC=&gOYU!WIig6XZ@p!#$uP@$V>CWfDU@k1OO6K9_qse!a{IW@meT_7t1V?)z#)l6-wUiL@i0%4OqW3v%fs0gbhVcM5sg$c=8MI#Q0s9nM&^qR3it7rVe2o z^5F!$5T4EH6<%* z4e*5J8;<$KK_|^?+4W}JKgCJs%Jz{pzuU9q>M-%PR@oztTV&0o+;t~T12GSq@@QCz z2YZ~a)FhOM24_4LjyaEB65#1WeYm>jZh|W!L?ICV6kj8vz{=|Mcd0D?xRHDj6AzwW z0!-jk!i?6}@<#r#5ymXnk{wQK_ByzRj-l>L+WS~Y9?T_TU8g(jmk2)}sE70mQ8jht z`0no%Kxn)Q_#rr1w-YzR%780#j4&aFGZxFZZ=t4>9t7pIS{l$Q4Qb#om=uEcCInaE zGAg`5-G(4xL1XcJBkhbhTin= z4=mA^N&9t_mMekac)*7A?ObUeOgDq+|>8Fk5aSTojDE!^FHzK2b)%6?PZQ zgZYD0pQ;vi>}^{oHz*FCmeuTh5ONaxdyI5+u2W;W&v!)j6XQNkO9);}N~_*!Y_w?1Yl7dgY% zb2#AH+JU(4Srk^AC=!`|*L0gJ85HP)XWw~$#*vWi0*Z&0n+2t(ISmwsdJz~dI>wG30Nqxg}RXyG{KJ9Dd8FSH<^%=pVy8cO&z`ua*saN z-LOz?(9*3mi!v#iAyIxUU2h<)^39%NcL%C_Ij`1t8p$qIvv1l zl1-E`W-~r9n*CeYv2BX40zf?NJGWgq8+mB!feWawGbPvearwP@of+rT#NQyn89m4c z>1p(sIQ4e*{b&^W&G^`O@mgw)Y@dK14&GQPP^sJ6^ar|Rivd;w`D{^q1MjC3(NyZu zDlV!RDdm2vSCqkQmy)xK_lXpANS{^Ef%ETT{1vfZ-Z?c?b-w`Fv4}GuH!|XM_#j(Q zhU*U){srt+3kI~ui!43QGZz!zw1C3Xk!gQ}^MXIqhb*f2e6@RzKLwab)RJnaJNeQ{>N zFEMPdh{6b&n%GI>XM>xMQ2yY7z9mdTpIdqf{5MEH)Z;w6g?@S+?%|OEqqo=gTLnp6 zd{*A_S$QzquV#-)TR$T{2;Cl{>1Okl4X&7qW_78wPCK+5ba;DhR=a?2e63c}R|gO5 zPsm^^3gr)x{R1RnU`#4ti_tss=_4R6&*}v3Yk&ekoE?84&oz)m+XJ;oVSC@6>T{cA z-w*nAzB${fvPAjIhBxTZ%x;Q;`Q4K=xr>uPmO{V(xl^AxgB!Dt1K%eKzVQ3^Hs7LL zxXjF74~2HBpJp0+l!w;;{T`iNl5{+g9GgP#yV8aC%&SM|iELeIVIW9^yh-&Ty(D{7Gd*xl)VWyhI_PsO#q z+>Gt~)+Rfoo)U1qKPgGSz-&lDE5JI zEHEUG&20~GtibLoacW%ZOo zknAJc*Qv%nH1WyT>czb}uU9IhUDoVpivcvx`{V5v3-i)He~J0~sTSq{webxQO_ZC! zqmQDJ$YuJig_Ee|v#(G0VOL`<_Uv$}hcbofV||{kV)F~W5ah#TCCHJkeV&jJYO94| zHCq<4?+Y?yV{>^93QN-PSgGc6XI6pOs_}-J2kUULNdgJu;sgHYTZE zyt4jo)}Y&uxx$qDVii62n8&>2;7cSyw(~PC)yBW#1DHdb0zCk>4ay+70$lUu(&%Bn z;`jz-dYoH*YMFgmAl8c7ec!q&5+--y>=^gzd0HY_k-0VjzTqo=Z0h?Q!bc*4%30a@$*>%47l9ep1 zc`^J`b|pZa-AqUu{pg2x%nrn6ci>G`--rZGrGKy3egN>Orez+h11gqLH`8~i+QK5# z%%HHdy}TfQ^;NrJRnVV!9Fbrt^{EIK>tNnPQZj_XnWhfj(D;~+Tp=4$-t+}x5>>v8e|hi2kQ>yN-`GmPw;!7=Cs|W0}YfIs?0g z%g;7I7ymV-)r4@oB8A?`j z%DQ`D8RQ%bJ&RZ5y4NRHHVT)=MSms+T6&oDen|U5jfAH2k3Z^RVsa_a9CVm4{sm&~ zRfgFWVbf9oNFi|uQC&jk-lku-vb9b5?ICcHxSq~WL8HRT&8&6j=bp5pW8zjn2PSfv z*m*;8H@pv<}a{-gFkx_4~lTF9CFh-S%PgU;VDSc{m#7 zV7%soQbR5#%eSzFY0melKsToMb%>X#^?v6k;X6CSKw{nZ65g1JW02j?5JQl;0>C$P z-e{62r`tjL@-nqG#+L-r%G{Tq-uR|TU31((7aF>vSKs(Vs3XPd2O$GZO*XlE^Z4EF zW}pbAdnX_rzTJq^b zLSUN=VRMl}>CC;3C&usgRs5O0fcvo-l?<6qU+!J!b^1{Zj8l4%Irn*hLhW>dBK0!h zm`;{j3oCNhfXmpg$6J0u{fU;lX{|fYAkCcz997aJmWe!Z==V?Wrzw-_s*1~3{=E0- zAt?K`dyNPcN_t&xM)QdCSMrOzD|>??V|&fv<)VQz{5BuL9Z(HC9rmpj(vU%C5fl|p zWG1i4Fcrb1;+ef4&!jYCg5tyv!WQ3={+mhbU+}CcdH?9-7`o+8?r1|wP00On6fWoE zoV`g9!bjE}WdM(8Y2l>aS`s2^8hEzI=Xk%g-x?ikO}5FsCHr&txbaMm&JC0Q`+@x@X#iB&EQ>io5hoD>36Iw&3=+$Ks?v{cHS*x6pdxJ16bdAglEdU zeWSMUwz}!zC_ir5%*Qp$x#^>fPBMYxzHmhiK+-I*1Xcl4Zf+Nv0lj%kl` z&jE-|C6vvN%URaQ+fv^&)i$yfQ?)n5JqhLcIO_vR-W&2Zk9&~C7A_4!#8*vGsSo_ZV8;>H(=^^ znX=*HPIj$dt#`*y_$R!N zxH0OsMQgr8qoDNbWB8X;@|sNdL(8-GDUZ$Mv8%$021ABXAS|{tpCFL&*CfVGvQIfo zvMDLv?D{>gFi(z2rF?o*2S{*h*RA^wZ!1$CfqpT{%WVrhvwS`Kk>ZgifymN-pnf zvmEkwHacy*FKBA(8S|KqgWuf1r`qQvn4#JBftL*GQhrn5+OrVHbpujw>cBPA@sJu| ztt=XM$qMe)@d`zE(-BZpZ)cc`AcRaUnZhT%w0KDD>iAY}!reP7$o4vayq29 z(}P{9{ORIb5QDGr*c64M-ff+AzMgJVf;&-M@V`6i|7hO_&G3O0H@`2=6*R|}a5{EM z$teejbwj<936dL50IbDyU%t>v6=7BjYnLK1;|(#R*_jX|xs z#uGQSq5$-vU6K$MLj-;JZWMsL;c4kka(cG2;gYBUWW2}eCw~+0N|17BKRbYf$QO8^ z{o0*%>Pqt7ti7CS{VvHd6yBzodjC}m9GbV21 zx7VHb;CA<|zx&?g|K$)gK@#M7CF;OvdUhMn zR>w!9-&u8#B=fk3{8?Gv{tJ#9c>IAbf1~Qc;Nbw)gnmY`Nh~;0+X_wW%=~PdNmB)s zBSdStUpsfd?-wKzt<8~aA%Vahde$b8}W zt_y79*Jyjo$JM%oV@uN-;v4R3t(#vJ5@60uFSypoHSxE3se@EY zbL1o+_L&9J+n=_5U*t_DrXCIY-VKojHkqT*jk@yP_9Vor?MoS!`_mBAp&fcYozy!U zzPXs`&0BXV^%E3vpy!^On~75Bnu)7;^Bu`~hW>HQt0(rhi{W(h(J3f4G@dJrqVIr< z9znp1QG;O@+;7Z!DWi1Ns)F64l~|V2hvw5JN~7AdJP&PIpg!sAK9QMS3HCtJAOu+T=S$!E81j>Qlp!DW65kbOb;R1 zMJXyE!=w-@Ye)YL#p3h=laqMX(X=L@p@FxGT!6qg7edRp696=y~Bpri5~1wq}6BZT~Dnxm|+O8T_77{l1BBkuG3` zQr~qRE;?X zEb?urb`h-JL%;r#^4YW;U+5Rv~qZ%6V| zIpuj2p95J%lnLc5D@nogJ+ztev8ov^)(3(u_jAn?I-&Q|BY83g;CYm`yWR|QXeC6R z(Xl7_N8zb^7phC$y|}Z}dv&|RIyijGhd(0YI&LQU1eGb?zxU4jS^URonH)w=_fE8p zgAjd~FnT{;H|J%#y<(cdi~IfdtK`*1iWvjx0s!9q9iF^GEjlN%YfRvd71{6ILJ)zC zMti=3j@{c#meV{ZkvBl9_ZccS0_{zy-)t)s>T6W)A({yLVG>@H&vBqWV4|z5GvT+* zcaL>@lK7tM4e!1-+i!A-Sh`i&q8A5VuVv?Urs5O5UO`p=R;IeL-90DueV_UPU3xlg z1xv#&XLXt)O)kexh@m!^dM519{JpRqXY05KW)}_W$R`I*)C-Y(l6>6jj^C3Pb4;lV z`7*gc?V$h5MnoJw(&zX^*P362it-%1*NU<0fLrPh?NPwLe#QVgmp^3BZ0{)0;anC6Ja~NA zlY^_MbIUPNc18>P7M(xBw;`OvD*hlJN4>+r)uBF+kKZE`U4eY=4qJ@%c1z?=Qu3P(mELL z3?im5db}$)mC**=(2AOz6==Q2YW*NVoBB|+eA=j!$y-dYS2XN(+Z@V(nE9vK+sTaV zRlAjr(lnI?@yJpWZV^Oz*LJDye0C0-ak-Kml=LJdcS>^hecoHDrPaREb^1Edesi?Y zF3wkh$b_k;_G!YQm_9=MB#A^LerZQv2Z-xN)D6lO%p1mtMBKG;jeAQu&v&Jj30=Y!+OW)3_#JN)hTF$`c=DP|kD=^{ZRE~rWX*`?_*yPL6 zv}VdG_uF?0AjnVpbxnlv`F)x!fo>NTvvPD(j6kOH}44w zw6m9Rq!h2*P4a98Pp7Tlbt5 zpgf14&E=G&p%HB*t266?P1S0qySPw_(V#8V*gp6 z_nt20We&mr%w&3`HQZHA9j;Q&Cu_K=mk&(wNz?~vDn5Jq0%6( zjpWGRXN3I?odoPk+QGi7^aX1i+7j3#UPVWQJE3+v9P4fz7$rrHv{ue_27<6&~{ zn731kI(=>CJqj7jm6KHNdKGP_j}QzR0!AEt#lE4;J*ACCx&2$ z&ZJ9J)>idGc=iz{l<^52f-x*><3i)t;JtX)5-yl%^!ch@P79!=)H511&NckxLBqoN z_AY`JZ7bC;0=RJ>C?ML`uYC}FduG?fF2MwO>9yIO2yRiwXSmRv3m?Ge=@t7spGz?q z0#~(J4JWS12LvB(>pi$S_umjt)14mrOL2YpTp}MUdb146c-$}UB-qkkz#QX78*`dU zNaA|7?K|`Hj=FcfYRly?gro9x=X}1Xx9upsw0@b!JcVFc2uVI*n_g4ms0nwC&ZB2X zU*dGV)wfD@%kvEM4BC&yYwER&oi5dDQ%*3&E0BRGXWnL8Vvf*>b@Sy|o%uU0RLh(z z(XiYgk3To#mgc5%kq?}1;XB!*3Y|jBy8r|;pG}yG82^X z9cWOaQhp%6?<8NfI{c%^tlR5I?|b3HDNTM1fowP3ck3qKDE+1?Jnukh{xF(oE@zmA zu03;>9bDj=N&w%#Hvn+#l}@+7exd8g+X+1#{0^eImwM_wDg^)5Koc{?%zL#}{{7qU zlf)M|QOp9izaR!dPOry{#IQ9rM@@q)G;!l!pqmT>jm~h-bGgH8#4CVV)PAl(mYFV; zPJOEV4&@A%p}3gW7B(se|NOfiS327ZVfyTExd)XRmg@YcI?Xtj~`n?LsK02zri5FeLlKV;M`}6Z_p&F_#r9-8l&$vFt#){L7l;1X*Uh^-!Kbo*2D{NIG^xAWd${5oc=1~tPx@IIWsg(JJz-k%DLP;*Xszy1F{)n26sa|B3U8Cy zd#OpmhOdi$gW+i11^@uCBIjWK&b@pSAh6tU*((oxu<~s1v1wn%$yG%+&7pX@>~9dW z=O-X%O%BnV(SQ*8y3N1*Q1a$OG*sZ)oo%Twh|Px84Q4Jskw6Z##tOvIBt0Yfao0o* zNF3pqH?4JAzDEL>tFQHW^u{&eE^k%1HD?WF*vrY!v}rV+IRKIEK5OabE-g4VN(dY3F+Y;@N!@d_>T_b>+PeVO^doYq^A~*?|?Gu0r{!UIB z4BtDO`LE)7-~Sn}c+KfgR>5-uI!pbO8X6V#_L5d=td5M%p5i1RD(75y%l_4Q?fM+b zKG`u+ZfD1gQa}5_m!b55x}2R{t&uc35&XFNL9>j>zRrGDLWk_DAhfK9`hk{ywQ1E5 zki{1Fi9%vz(9*`?0mQ16h5cehUtiq=zeaCfdwACr^EqgP>AwJQvXgk{M~S5UT(JcK z@7{gggKlcOda-f@KfI2^n53Bxd(;*GxFzoO@|gr{h37rxSobnn6iktS5d7s=9+e3b zjnT)8A5SPX??LAAi}t>o%i(b(R+vj4)4|}Z2SmTP`doISly+DEhi}*}s|CsC==ImiuU=4(&ABsGsFhA~b0=MYR$e^0x|aoGC!nWm z>G)~Cs^BhJaL&07DZcQ4@WLT}&VMucR$ha}6^iHj8S=E&fKz;)iIX}karnIC@7ul- zb-+L`%ycmJzSzgOzd(~-PhW^Wi7?RvjQTy_9kLCpCsJ{n-P7Wu90fl`|2oojhTYlI z?y_wFXD216>~9J4W(lp&18biW)T#kh5w-f;zp$$C+xUf)bGIE7C-WH0Ee0b9$?Zt} zIM^Bu8LM{?(Rm-47YrML3>{p_YJ+D+wg;!?#6)Le_I}7@flH0jGU@per&^p`D27H_ zCsGq7sPHnYqC`#xYO;sP+(RAAVQ=ZzU3B>cTp!LQA$li1N;c>IIa#<5PTRk$O`k%+ zRw8G=`Cp~HF?9qOWyz+?{llh2^yhJNcSc#pxRJe#k~L>^1-#OP7f8~{3lrtf-BfKo z?h8?j5>Cn5{M*CZR%Tahw9xY~nVgQP%W-kkmiDW(+O__>{Sd`twbur7<8k2@OrDjJ}t`o>W;l? zpA%w4s-;9D*ok#LbHynI#s`PHKb2Cm{(KUCNuhDIwNhU{;fvQ9a{&kGiJ0jhf}vFi zkUmrbhUngV-GpCz#w@V7z+W;g&Q-?S>CQHi*@Us3=J=UuWv1NjAx;j(Vjc8 z**Go`9Xr}M?!Gq5hn_sx3Yo!YO82S%8#B{$VOINNuUEZBxXs#GhH27^t$ELZwKm@` z_1Jyj=kBvn3*7@Pfq7C=0A(J3-E5EdjK1lHlE#ua<%Z?l87M`Z-;VsX_B9El$tbWS zyngswdAm!)6ZRv1pPz<+8{XsR^N|8l3Oo$2&Sfwj_cIp-YfqT3KOGacmk?tEh62xt z&-RpRg(Jo*o05}x@}8>irYEG=G?Z2Fq_hfeAMeHy5}Ah*`ZT5t7S^Kp$&b*VNfRS+ zg?x1iS8?b3ct^aj4!}k;$1~t00~?v$@lg&3@_Fa#NvHCD>QW*;7rQ5v?h={X9A%{9 z7?M3x@VyeMEoJ(XGA#u9Pz_wgFHT~Ff6N=R!Sbjzrzmk!Id97sCoi3N>(!Ie)Z(RS&6n)JK5>VMKyY=JT}``=)o^ zqe=8T!+OZf#Pi=CrrSk%sB2p3nfpN%i<{|xEu9Gz&f)h(>p*DeZr(G^AI*yKiaLDi zk85?#F;)`jv!oYoaXtJVf-8G_Ti@YhMvF{Spzb|(iBEVJTnPXtgSgOqcP`hbGxg@2 z9c%<&rT*=(**2OI_P7*Xh&M#@Hj9QvEw_Vkh9y}^4xwe!M}-5oIM}-!%wGFtNsdtuxDY38K|vCWW5|u~*n{aCUjC1yD{WMbZQFmz7(S9DnL>uXMW%$1 z@z?Le+V8ucd#~Lp6_@imhhzARsE(xvubHo#%b!TDAy2jmzMtAIPxTkX+r#L(=rk45 zMT-YPowrsFNT`^akNdm;c0@AMoPS-QWHfR=U@v?>`Zqi^d6s>ym1{-v03b-D=deJ0 zgS{BIj}rZigoO}=N5bJWdA_0YS5VZ-wyc*qXwwF060gtSa%D9O!(praxrnfGeqNpxvuq zAjqf2t8930HtmM?`6<1Yop61C(%sa|ZBh#9{Ph&Yd&#hNc*1aQU#1VxZ{K@k$|>rX zc7DG%BNBR{uMuSg>$>mkn+V~i{&lc>MqU|ta_6y^_PqHe-tM2S7_)klgR>w!G1T}n znNK*EeNS`ajYczzkh|XZzwJ!BAwhiXqm)y=CJIMr} z3)}$F`7RI4$7vOl{b*U# z@8ky&dUkDq&9eJ(4h};SMkzmu2tP7c(7o<=?f(6>l3EGnJ8Jg=p1bO1eeEfBXP+uX znue;tVMYv?Qev>TthH=8U*d)RnYx`T#Qt%Pz4VjYYMAOH5!GCnTesL?pTl`i>8S1s zk&0#+_lq*`iAB}&QWAq0`DXVQKfQP%Sb+KlqDY9guv(oF;GEI`%t| zw>c`2IfwJ*-O+{&Gc2PY)ayX|*C0H>(&FSBh^GIK|KeW?I8e)vlx z4>d(z1RFZBH2}-vX|TPXZ_K_2T|R<5u%iPAhnEEJ^gIhC#h-= zf*0(8PR>2uSNBM9-hzP=OdGUpfMqd!tVOH1&Q|%2)VLYbO3L0=I2?lCbzR|Yg_982 zcf9y%%QcOYAg#dsh0pL89=zG+ggTQ*nghhx#TdvdwK6xfF;8S+?D>zXHn;Tw zYh8XEyiZJ=T37*gc2j~_*SFI%MXXjxEaYTt3nAInRurQaSYlT1u%$C!?*ns{@>}~{ zkRgY|XJ#}dEDXwnvd0hFdPfA&Pjucnb4r&wb)#Z;}iynjtwswu`DQ=TB?T z)kBhX>|y&Kqf9+r>)^+>1;7sG7iQxUMe#4lSz?Z{U$JoD_Nc0GIzP$iap5r! z?s7c5u|YD|m>#n4)wH~1&3g2=XJF=T@Amf~*rP?@d24&xB^sqq$D{2knFndJ=7l~F zDMpTpaps_u>+TBvie%6osLmCG{Xu%=&vH|sL#5YjRzUmv1zM7)IgekeKZtXSn&ecM zmRCLYt3|qCL|nJS-%wdNJ#O!OEN1y}i`Q|&@4L$#n&~b-#8v?yG4ZdWDl@QsGm4E1yYxTQEvd zx3RsFBzu1`Bt1XCon?o3;O~3k*L#r9N?A8EoTv~m7~pmHVMelL+8~^yZW9b{cmd8$ zpJdEvZuD=1Yl^e!(qlZ<{&|$_-l^}%si^7JJ$Dd`^atrRQ)7L@Dc~V&t3ypr=AG)G z(X3Ny{LaJZ;qzn3NuQq`zLMBY?|)M-ruw|wzkzK4wE+H#(F%MrWjc`du1lIN_^%&6 z&g#5kC#3IAcOHx#R4(;el6b8rPsHFsyxPY?-^gzk3ht_ILgipEM>2M!PAM z#oMCS*Zn*he$JGq`jarwDptG5o#q)-J-p&&ya+%)iao(-u-J*^{EI8rJCQT3%ALW7 zLj|30vtESfwjpVdzHD;e;Ju4;so?A@`m=+E0x&};Q7&@M)9E{+F<+b`g=q5A??!hi zGOTyIZ{67`q280>UNj5_fu0b1Z;aQ<$&)wlUG~V1BZ9D=#(IO5qx^&*YX>Ajoux2a zw%xRVf)Lb|pCB8sn0D><^FuKVJ@gP~v3t#ryM;(2{c`1Sds?CuZU{bSyMmSjo>0Ib zIL^)c?_wQ9usijOfx8|)sbApNpW@!ROiT6tgosiK|AP5sgxn2D48-Sidtae09LtTg zXS3vrk_BQ8r3Vtk=bY&Wux?!@}NpKOR=y!^NPtpPt^+*5SwqXZ(7 zsa`+>5(P?HyF5by`vbLO=lFU~g8lkFvRI|ykg{F&nG0k$8hO&<@6obG;DM1As!DhM zeaxr(TDeymL)E9K(dw3_Jphta-K4t9sitm`d~i}dwUf7fy~QsQ1Sm<_9pcpb*V znZI}e^*Q(1%O$y)eTcDfO3&hlI15_7ylq-Pz2BFp&-Ck+havMNcpkh4l!D&k{`%hR z0}g}FQ=LcN254YHzO3fW*6lvBz)A07-Ojq)1P#ofg_m1&7qFFhhbj-L1b){E-4;9j z+$H*mXH&oX#`&f2HFW9H9^uC^@%{U#iXV&u!b2}Jr&i4~xA$*v;gc=>#H)0g+pZph z{$A@egt7dvGt@7C_?h%&h{eW{pw7Sa_tGF@rN-^wLr^BTzYb}dNDgsvxH_PTw;P?n zSB#nBUSUi{G&j!wMWuHCW9YHZYghibJz}8_=nu;@Vsb1%YfoL-^*-$0k%hRK7W_LS zEnq$%Tj1+BkK)hkZ3=_upYdfu(2GS4ZwP8_d$L}UA-q{Te~*QVqub{JRpfTyhv*2aDD z9NXijw&Fm19$q3F`4tHSH#WYoL4|*hA_Lb1$w!h+YR?I;r^~r!_85Fn&)4nllMB1( z@b??uh)VM$QqVs4zjd%*t;;zr4J>Imt~gpMun+WC2>^#)#z|ksW*YV9O-Oy8AcOe? zn3T^z*Scb=?iixgZ2-J<>uIw+mm*u7s#|pgAwBIHr1}c{$XPj2A#pUkk5ejd`DVi0 zMe1R38@__LIEeIq&QkcO!D+=jC6EFu8cZYS^s_N;wTkMA(ls5q-Qf-XpUo4Q)Qbu^ z{B>Uh$jUbx7!(WQuVUS(8(iKWFfH?roUce3b43AdesVZ9a7v8^f>PMuLezR+VW#`* zk-_=Tx$+kPEubl8-S;$>EN|!SqkUff3)vBODo?v2j$%?Zs_>M5yovU|nqf6I&moi? zIeQw;i+_BiyeEd^@3|+X5h+)7ny!^#mn6`h9}2p2(fQ4i$1}PM7X$MF{$UBEiXKE^ z5qTIaZEDinIepk4*?O)T)d-iMuF3^;dF6fjBn3_N_v|Lry?7El6j9y%Um2(Men`Enc`jnyR;9lDqpPxP7n39ATFO?ZZCKG4=_P#%QVVzx=J;yS>J zjF)1voT?}o<*aL`DrP1>1vzcMf7AC2Hy}HT4DVw1ppNcI;J6-k?M106FM_}Bp{tpW zrKpH42KMS~h^hR9-yPq5Uufvw^ds|AkAeETs~1gWzVjWnC9W2HD3Mub^daymIC&`# z{RCYa)*p3>gSh}dJYM~)3_4#KzlnaoCBHvQA1N?|_$;Va)Y@KXQn}O&70rKb4qj5H zl-J+gUn5vPZvwQ-_B>PX>KLm<0>>jFICacu4Ikd%n$AXvq6linPo6iJmr0KDk^ zC7_(~RHqBXoPFJaUD(<~KOo!lt`PsD%ro6hf1OP`7e*?b!Zb$>E&1ie{#=+ACCn)D zZT85=Q+$L*9I5W#HO^seSq%N%aMNT^U^>v6Jd|JVfSaXPT0FvO3<~#&mC;d5Joa)> z7Uq!-L7xz5DuR`mgBLsPv^LGMA_DqXDZ1A@Jb=^vCGk zs{zbo4{uW;N>-ok3i#F2Wh=Q=r+M!;k#l%p4^!^x#G|<>&rNZ83BqH?HyF64PHc5W z*!{IM%Fp(g8?Vj#N`7}RVCkZt{i^RiJmv5vIg&(Bl19#bkTp27T>0^-kb!j~ehD%3 zlPW3H;EAHjnC969wRPWi6&k-imgMd!CKg%_`Pwd&c`5+v>@)aYnH$WRyNntHw#I13 zCn%m1yq0vq#Yd?iQj0|V?9Yot^++Lo z-f*b1ddZ8i;)6Rz_JHR9l!|?6M0!sM&(X>i6@}6SFlqo7B9oA z7sYdV7t6a2%@CJhgi*gYr}GZvMV)ydbSR{h4)admrx%3Pn6HXP-tz%Yh*AV%MhX`it)%)vac}~p-8~>WHRxDJ(y*xb}p01s7ue@7%MgnbJD$KN=`OotyaivHMzygv#% z!zMK`6+iruc|O{SD@~HR)QJMmG#k%=Yb*)tRDUewDa-b$LWp@f?Ec`d`BGML^Y!z@ z%$`&hm`2@x_UV_hR~gH~oB7{N+&{_w z1z7Z~4DFg9x)(_l5OTL?fF>ABT_a|j_cOe1Lb*qp(+UMc8y8RyOxo>EzVa*l?*m5Y z!ExUzIPO;-Z}kzW?$R~qvuCMSZo)E=O6b%*{0OFRxF3`}{3B+yY@i;}b~*YIqPf!d zQQkn8{2)C*55dOuK5hF@;7(`Xmwai)BW+WkSO)Juf(Z59{Y0Sa!Y@;<80Z1aQ5j3V z`Th>@Ijk!oQ)dw$TA8#aGI=0_xkYT7YkXgh1at%!Hv?8#y%mILBzjUX&l03B&<3SP z9$$00L+e9dqw6=Y^@yd4&z`wJ2aG!%_@7;(&A=S>Cnb^_plLpF^|w6^7z)G)j~&oF z`pPQMpg-Z5mm6a_Bm&bT7AfGZogsxM@=ToCkA}e;z?+qXi}BpPuJc zzfEp%eGe0rmlC1I5N>Qn-d)4nVFZ!1{bX?vRW!r_ma=(EyT2Jk(a_n1%h0EH;BrYX zd#qoa`r0OIV#xQSU=7*Q?rHVmM&*p%%Q5+!(3<+D6IV>t1-rGfbOBRY$2(`dBDIrh z!Dr`)+dE~1Zl)6S+yb;`ebvKhW^mP@kL`)*s=gi;Y{rLSW(=oe58v}*7Dn325d%cy z@#;X`8C|f;?uoAKad)gO9&VS;Q+^8Ha^3gR4YngIBYER9k+;52&uV^|-o%hVPr38j zNS?{@&zabD2ZKShg7WSDvd^jarCUh2H>9A@85=gE)_#rgSswFaRXr@q4t02R@1b38 z!Tj!*_PSv2S$0U*uS0Ibp6~A8_7kI|cYcF&g#i5rqIk)sfaIa&uW_#Gr!S3PCVZvS^%>U80%kd>{?nU^CpJn;n6PRxQlqZG|(Z@Lk3(_g6 z{D7soD6qwGIcUb=M%LJsf2lY(%EJ2(@e};|6L`cN8;?o{L?XL(VspCQ5Y|A`ii9SQ z$_vfLeG$0~>}iuBmmKpuJj2&u+AtWiUz0R-Xo1M(S36?;!@u)69yVz*@FwT}(zT26 zB%`uQdii#l1LGzC82K!ER5vf+UK@4d?k+-h#JBf0Rhs91Ke)gKs z{1W1&IAySmT-AAW?x5J5mVK&MP7eThgQwxTToUZu-|G%O(<{ zyxzkQ9&6D!W3C8V@FuiN`jFp&II2cP{jRO?dDJW8?DfE|&ZvMFWe~aaY05QiRq5H` zHj{#Dcj{Z~qwfVza4z2(wG0NDtsf}MRaXlbn}cV&j}0vtPgs=iqw7QZ9qJ{t?Ier75Vi$RGVEkPfnIP;p>Y1voCHLq8r(g zRrHzt#wCpa_?$CUnZU|n0PRYzZC|TY0+rVsIOWqxw?67^d7fZ}xh>WPx{`U+HP@bM zXlIxQ!wfzvZLWAOmPnWp9 zKXrH1pevO$M#|K$PYe>Re%vdCBFu(J)}X1;ZHiZnoKt^c^ zGhjaU4N12M_VZ}PSE{i56;?gUG@I!$1h-tiP*C@VNt}A>CMbI)?JP5&by8cjTJ6>QSHDiFHw5OOw&FH+wZzjl>{G=B>C7) z_nfW2LH-mryCjN?+2g8DDGvjydd7 zkj|Sa;55_mItv-H z9^TuqSu~9=H87NjmaBlSn1uWM{pd)Ks(jql#oK#SZn~`?B3pF0(U@JCZ;f2e^?vez zdl}M(MBxeLNn*Sx(Xxk#BN2Xe7+yga_e4*pGRfYLv*=a0HzYu&CEbf z7dqdl{?W%jKMqBj@B4=SoG=dZ%Mif~2Ndt_Bcxn~^|9)?^Wh7x-${REQv~zARFyw)gETOA`wY*>k1AR*M%G6J7f{V^;A@B@@ zMFp3YoZtTOaLTQ9LMxzk3Y6CKPS)uzj2{MO8i*TiJtE3+3N9PVfbVoqh0$KJ_P6x>lG)Q z3nM|gW_b^-jzIRmlX2_d0w+c9CrB^*2VJ@ht@(AJGljL%NWel|kLBFlpkoD4&)xiwg|m1^Pjji{rj zQ#2hiE+0E6mXE5C>Cr%D$5sM0dBIDOJ^+uD9Gd%#dn2S=4ig^7NAN zbqLg+V`3Zt6Jzju&&S`L_B-0EKx_k{!&ZB0&s93_Z%C%K0r^HYrqGh1cd1b-)I1|M zkg&#|)huxj`$is|1uA@aP-CX(T6jonGK`hp!pc04M>?K6`6hkh^YTF-cS37rhCOwH z)u}k{D>y@7sbRAGqxFyX^74Axzm91mXKqtahlf%H2QDd=OTKNU&foDiI`C~hJRvml zU^S;ZCAMgHy%`>4axcx2`b*Km_3&%<3tc##0HG(ilHwn^cJC`H-4i?AR=+#cU-{UW zNkLyXdY%HJe$+T|!JxY}_^Q_DlRg}OLjW6-0{qa@!K8B8l?nE<{I0nnJkq`awy9#WoGUW5$o!Z4#%WGT`a&a0fk!U&2k0XI4k z`Lx@Ka1FIRDB%=Kb0hCN*U`+oCpWLkJQHBhp) zf5%C?5kIJFr0G`~Li74&*g$sZv=-Pfw=^^`wno;|;vK4bxUR4RElOtL>CSCK#K?siS)PRn>p zU1OYp%Jo=Rvz=NVMu!3Er75@F(@yd4msF`U&USQio%VRX!}F8KUVi%>S#`Exy)&#V|FF~;u6qI8jQ5+I#2c9Iy@k1E zyx%M&bhtZu&woLIDp{m6!`tjW$8F7Zy?^GQ$=|tzKH#Y|CjJh2X5#w$J$2Os#;tht zjQK`<+ecs<*;--pdQft4AfZb<=iof9XDYsu{mgR5H#FF1K0Hj{9olZXDuhLWP}x7! z7A`vT?yUF8cx{Z7u&KzO3E#7$>w|J#hP6$p!T09)8IL+huXB(9ruZo}9b`5avGjd+Pwc zZMD^xx*FBcd%b0Uqo?*aZSJ7L=HMG7cZmZkekQOwM?UV`v+&_ps`t-fTU|MdH+h4f z&*|$@@4fw`DdBZwO0z=O9mfSOw4FXh$6batd_U>UE3}q%7J%ZZUkRm&Gj$c?zv;$q z2B}zkZZ&PrlAtQPdk5j(byIEw6bCJFD?H3&8cNiuR|ylzC04R@Fqr0xTGFAAB97u= zlidz;0whP$6Sjrdnt~b1U2F)2_5kZ3IQB9cJ2@?Vowe< zsvEt$^G_K_;`4L@o6cmCV_B;UGt74@fM?pi$vz7RUVA}&6VP6f*kj*Fdvl`4ZH~@c z+rrgW13w%rI{8cypNjJ_4tHWM1p$rRceyJO8huejfEZK{wRsJJydUXrXEaSRS8C>q zV}S$~aYy_j|8wI+^>N0+m*j}TS%9EgxXL#M4dKa>!}2$chH~P;K)*j~0JeoN3p1%4 zFO(pIR79@(fy$LJKgD5jRp_}(FG~%z`yMQ=$0V8M7pfacb#294yTt2 z2bY6`!ni(U;O=nc<6er^$GM!1nOv=rXBU4s>*PZMTB%Qsmf>%fd(zk8c@h}s1VN}T zD+leTX-eN$lH2oj27f<~p(Bfr3!F_&z=bNcnzqiUBg-iOx zvh5!LR_pc4dPyLUjBYFqFP(-n?3boi7>s#BhmDH>)}97c z(e5HIy*N5j@>+l(`nNFQXDiqi?35v>l{TKgm=Ga-%a;?CVw*EpUQ&;ga7N&3)6Z!o z-9soLW3NZU+czZQ1N96@gQY#>#tvU6p>v9`Gd~`;!_(H(PEgga{3PQT_OLW~2Yrvm zXPxULaqHy!xicXf1vs*^y&5rcf&^E95<9;#$O0Q-g9$DJM`rRSob;*8rmFWx{&n!p ztYP1MUB?y!gwT6_$0}=!&_G~903%?W+S_ZH?wBig8BC&cTFz|tXibdL~dqFSe$cChbMA+oc zWL`j5xhQCRqv)n<^vh*D<^>wbDrr%T$edrN$#6u>wDHnswPP)$A=S~VV*KQOraTz7 z-9UI}yp;lysxBf2$QnTo4?p$b#eg>Z*31tsioV-YolJux$O74;0s$)G=qSnfiC z&`IX@Jvg`6Z_Crf@8jG)-M3-en^aDR)u4t&Ztg&miL|9VR>!rD*{!A#wKy1m;PXSu z*c^U-v_E0L?KMboB4q$|QXHqOk3(*6tx79D(tU@Gqrz-Jlr6~U+)h47ecjWa4}9_> z*yFjgUsrZw7)T2={El`|ssdpf=$0xdL+_vx;L$*7AhSi~?}T_P&GO9E#%{lw zIhPVZXL!N}MQ&)G7E8}83)MmH+c;65{a{xuQJ{h>+WAFtq6y8~<>nBbT0DRsk@kKz zUM`UFpPv@yBusO`JtTe7@^HzW;1F*kLOc4pl_06&u1zcf=|~v&PQUkVuH2jcvUUf9 z9^wOn3@N;Yr$J@c++aCh|73?VJYA=D|H8NP%uOH`3#$7HhA&mX6;3F)sO)RK0e1H82X~dGtGraCnJh0L#+ImAnQi zReoyD)(U3uv}oQ%eG1xIK2YTx(JSDQ5^L<+zP^{}cIL)R8E>9BHe3_E0g%`@8L}kA zU!h4*_Gtj(Tt9flR*}pJd$1xynAKaqsT$b$G>1FP!ztbht+VZm!gS~KX|k(rJlGmK zcA^QJ)|7Z%>_k1W;jq$Ioijdnz*S)&_$r1wSk2eJIw=OZw5&hBbK|&I$9qv|un96ily|Z5oH>(%q7gm!O z4++2Q>wh7x1t`?uIj_e;-^VeTDPC^k@^O7Zv%hXK^~c-sVQ5YKYl<#$HhuJp1T`Zc z?V&UD6evY(%?8puc2_nFOhmvEj%-ok68|h{xb2HHWGk%nUiZvjeJ_ht3YkSOl|9>xWrA{dJ()E z;@_aWKeUP4+}lr~HAQN#=|k^!=WokFp5X+vUq)2*{rZ!)6f&Kdmc&Z;d-;#0_=0JI zrTE&5&si2Ge%SRowg`^w4wW*~9*@H;;rUyGuBVZJ2BtlsUeG!~P^{*-S3L0{d1%K} z>2T|;57+jOkv-i}d@P@A=mp`ti6T2(wkh9+vpV(Bvpi6b{e_|R#o`l6e}qJ~&~ex5 zLGER>)VwL@WFU@9a2qP}lDanCx7%Zovp|#1xSq{GS!VY1Tn_VsDLF-xR*G7CQrNu@ zrKr*Jr(9KGLPJ4Cw2OUBuk86*37!gX~-T_vy*W4bbL?ol^_^#pvQ zb&#?9PRkUA0M8n%jN(n-+cGz$jxl-D7tGLz;U(PLO8%6|0QYU~1@H&znM&{&Gx%z01jpTv~e&_aAs(n<qQrfa5)mhoMunJ~1==l06TF(8pd?(7{~hTro?&w+o@ctndkBrpCBBk`39iW}Ere zVD8~aQ1_!Fd?5Uo_F=)u#=F0L2Xgr6GdmJ)ds|;lUgavA)bNH5+*KeBL~Lq3A4( zE81g!>e>zKXE@|0%wJ&^ND7ysynmU{*DOoS4UN&{{(AYQJaV&OB56A@4a-UK9*b`or6PTn>NQxacwLR(HycY(fVnO(n&*Rru84&yMu? zL$kF^nn`!NZ$NZxXpG>w_@ht#{~wC9ZLn!57v8ue)BKsf`#zT+_M{O`pQ4UVt7BEK zmE;KdY7fjSEQ4byxMi2Y)rM+b<9)2sBQc4P|9a_EQcgb{LG6v#e%PP1FLH>yys}Y% zsR?!)CBE*7@Ck5lSX<-Ee}INoSHPs!sT`K8&*mafKi~El#L{kRcPMoLl*6M;|5gv;;zqjLwAt0k}D3HUR>w;g|>m&cChk4(<> zV=>`pMQn5xepV=_kn(K-*X8?=s8`X>=k)+jy-DEecHhUqf(x!Rm=;r?w&kJx93H2H ze2*$*#_G%jY(WBdbvWKF?0&!Y-`Mw#gbu++zedNx&Qjv7;_B}lyyj$-G*Nc_8%VZqTHOB&b*wo7^S=+`M+P|;1}8bm0uTpQb%%Hm_lbdY+>>E zq87P^R{!b88yl@MhrHZ44-PXbmu>_BI=_A9_F4oleM0h62_DdnyKSF%)HC{RsqW!J z(w`=jn00(XbAH()>3;fV*p{&5hhVi@Kl~`ju}aU;dqsuI-IZp3%%>y9-cAC!!egHO zvcLQ)5^kq}d4s?YGe7&ITE2A2uH_HwNjkrx!G*xej5?M|%RyaMK32~p4G7b1W5eWr z36to&ZTdSU?6SPfQ4rEn`Lq4{7sBvpYAW;n;DL85bF-_;&!XgTvwcbI1eEl?ZR1PY zgt(tzg(j1p`yokzmKTT5rdZnUn%FXTPm;Y zN1^8>E_LtmDLsmzMOYS}U7Y@Ozf%)lIKjJf4!o0BvRulOn6O5Dr;`GAVB*EySZ(wm z+O3^oJ939l9Z6g&45wc_>LO8+PMTq^LSp`!=5%TI4Q6NsvFeWxJNAs(U8S>4K*_iB zx>Nm(9<^V$@cHOc(JZvZf-xD)qTf^jX!*9vD(k7$Z_6%hF<>Md#>=gjl=|F~mXXFqBH{2})ZiKBSV6iDd#8@cxzB z{jxA@=w@OK1eE73q1Y|yW#5jP8|i2K(XV{a8YNMh6H9;}l0R;I1{Mf!2{g~>NRzmu zJzm!(`=~!UC0Ki-Qz}g5!vf7W9NxEir&0NEcim9Zt>cT@>xg9uPIwc(CAmHz@MR=n zmhX55LLle975yD5d**SQ9$EEMZj+ToJ~0l@Uj=y&LF#4bF&(T};OuA}QDeiZsG}$0 zR&f8vwm4K=^m+I<7u}Dadoiuiyn3$c-j@$T%jC=e!}c7Mfp*c(DpYZbl2kN~D>heD9Z(H`asJK&>o@^fszJx>? z5Dz-G{S7cn+;URp;qBG)1MXjr*c7gi!JsX*81aYUHwGrn@MBma{Cr$Q0=k@6GKF@k zm*3f#f|LT>>KaP>1uqq9R>LLhWw)8m1JI-zvfx`^!VVMfGKH0o?IQ`*M@$;~BMEjA z1z8@V?M;a!MNgISOx497vF(Qp54MW~l6BO9#I1f!PH0M%4g~9D?|pcs+Cy@D{B7{@ znq3E=vs$+|0>7~?^q3^a&nte#k~7`l%Zf*zegLuESU2^-G+rj>1nN;h^D^L&9Vum+ zc^!KhAJ>q?KcU$HAQiNu8P@=ClgyX}R!PS$Dg0}Y2aczDvkA~?hN z$jq%hr)_vBSX?)l|Gt~~d3!p`FU`@Q^QHsz#84XHIou_yl{Nr8kb8fta1X-x^Dy_- zaDCPw3!1s~pt1q;0h&`aALG(YWjod0yjXi3>iGYYpcE6#-V{fBriOdPHQ<;+T zNz%K4r71ByT*ZGu{Wlj+H!-w(DK{HweD4wf@GczVFrJiC+N`Z}dsch&Y3@5fM5*pe z1z~~TrR|^}yBMD^Fy0{U9T>1o4;3t4h91$;pg|MzE*blNV?&mN{KMXt<^iv!%F2%* z-SzY5uz^5eyHuxpn4>P-4Sevo-#aprBIU9`H#M?Z<|;g|Yz?wjX49fo1@!oEAg&8| zp66y&@LdgT%9N;)=e6hb)VuDHV)?+03UMc!-qoJ8OBwZ)XXiM5G3nL@f$n4`?I!lH zgk(de9gjW*uCjE)bSgIoaBkVD?!Q6s>>v`sUPC?!F7TpY+9qZ=U~6S(j4cNNB&-i!KyEmuDF?-MsZhw^c28jcgc!PR1O7^PkB?O!=|gdNC9;WUT^jf`vaX$p%kAXdauMH?IDI%fq}lEnkD#*45Vi> zcUVcvDWl?W55)23w=9Df_am%7d3|IVz&*|c>dFOH-YC#N!uIUfP2heYtSmkvi%xkO5)cyV`Y zAh1D`G5@|OuCJAvKU3KwUTw{KRhOBMXtM1;oRMGP5pI6-Q3V}&?_h;0IZh_q#y!Wa zOm6~W@mT@XrYfcKvNmn$J&pABDchHJ&MwchHN3&4mz@aaBRhylD)y7$Sl9}l@X6cO zJEtOr{E9)7k&JlpA-8gdir$J7v>Od8H|oOQy>+$Y#CSC99yIP`_0Fz94<)QAm<9`c z&dm385a4%vpi@!t7m!MX4LHgSX%$E=esAh!kL0p@;E=eng`Qgc#esJFd(yKLu}4bx zbwBiP`an80K|uWqmeRq<4AJ@MirZ$t6sK~7=R1z?j}SkTT(bZV_Kp#4spw zF19O7>peKnYBZ5!e`dV)?ig#EyY1=$i-=w_3N_`jpEebrJhJ~d`UT+*K{mg;JsBYN zbW}_Bn$`b3VO>N(DU}fjgknhTA~daiuhUHSs*2_LcJ!{*-`KUg{&^{9{-5w`9_Vrh z%O-E%P;43j}>d+Wx!)=912du642}^(Df-7JCJ6?tjl7(vX6AZi)9z2rP{r!$#__h*m z9KGoGJ?|#I1GC7|`~HtpDf{?Kj}o!W`d=V$d;0Mhp3K2dwyVSeia}GGRP2lFUd1(! z3&F5kR-jd<$XgiuBtUW_{4&|P-_p{4wUqDer7{$&B^okj_%WZ+yr>qO2?^+e>h={0 zCZ<~Y6U$Msm4lffhTA9Bm04!)}m<7Qcm$MsW z8q3!84$W()n3K4gZ-5wYx=lGh{e%+l6{b}BSl*}ifpROoduVdChiOQ{ zu2F$BWj|k`mLja%n&`_(f`d5~?wbS^DD6zPKMAB(Lc`DE0&b>z_5(fPH*qBzv`*5#|L4?xDj5YEV=`#`TWXIpI z-#1Xlt!ZUpH2^*6wQK>5jK=W+3heb6@4t@@FAB}N`6=p4DHwJGd9iOBl(vz3s+Vfs zGyHnYd!fg?JkK!WSf95a`B$rug8xSf%Q~H>aW^OuD~epdJc&MUlvkcy*bHN3{Nm;{ z-R-J)r)zK;0vIi7N!umH2$1w8Y2nQcUC!-!Z6V0#SKa;!hdS=6KMMQQVekzy(;iH& zPd>AqvlGboR6$~4ee279hA-69e;9X~QhklF4umRy@zQzkGd|BzTtw4v-wPOJT{8#) z5A&2=xyKJ0f#>(dU)cS3Mg7)}A{N0=Vs@&s8b0swyi~072=eu=jizfItcQ4i`mw>V zQzL`rlrPEg5uTCtDrVS&kjEhXIWyhjGBw?9q}gSKc(_&`eZc-C&0g>uHOCYa(9$sn z)tTt9#~5J%kNwyJF2vE0eWU9q+DmkqT;im-d@8rO#F0k1SU6LHr$bxfGq(4x>gxev zaz8V7((3`b3oPrF!!u>alsMcp727W^>_~eh;rR%N`Ae$3Bzw~5*UY!`wBHcFCJpRk zh*-)|o%p=X5wcpb>d(HxAH%=R#%`C00a_)>;+l3kAB@9WK%(0)~`?ZUa2GGpNU z3sSK;R%;9Snd;+<6u3b7^Dwh{jYdQu#26(6<0}Jr0`a0spKuq0*!KYc#p_KLA!TEH zSo9W+DFf~mr!+t!HsrK!nc!JMQ#$In`CQj-P+s04&4|*EhSYsk6WU5wmHa~}j3M_P zLxhwP=C?7B-ofl)G6Lxi@YM-l_T+<_&1s*PN{rY0)vV zyyZ+42PkFKd9Pi-BUifMI@We;*oTW(%Z&Gj( zQfE&Ww(!erFq)LkD)IHQjYtZxvL@q7o~o_4fe2&1?)?Ma9}9jLUT}t;Hh*JlG?0lk zao~j5SJ53=8joxHeD+UPAo)i+LEtntgjGeip^l7c!#Mko{%|V;=CtHLcNmhg_kKnS zZ`@;;jD<*|$a@d$rNv+e_KX|cV`7DksIadbny%s{;Ejme=Y1zuu=ER(D_N{I^%I@om z)VFII?^i5T&MxhK4?Jm$mi2z~6CS(=I)vr>(vqjNJ@4nP25z|_JQ&Ff7&On0oCJJI z8OPYL$8I`w3d7Zq%$-P-#z)}Yrr+~Oe<$TD)^Tb=sl)a`q}}%$zKgwJ`3-NYiX*Fd z3AZ+}M{9Dqr_)dIc!$b{VCvLc3A7?<@oDTIfVGuHMju)QqXo56JV!mf1oM$q%i{S5 zRL4{sI(^yws9r&;qF#p=p$BT!lY!P{=IdM|*>Gxd&vm7`xg=*%`o@Q&1!?TNVJa`S zJFSolOqa2^)zv+DZ&1mw3iUXDf9i7dFl5~+GJ4i&?sF(l!^8G%SZZ@nQ#NdN+N3wtCOu1ZQ_T#?}RS(0@QnMks zHuoc}@yw9-E$uVZEyAkhas(!X#@!3+jXq3!xSD}Mu!GC@V?L_rDu5V6d|>t$J`p>l zgO?l^vGn-%h;s~W-=E5zzt+bc)RU_h+@z+vw#&{GxcflkrR;B|md4JZ`eGcymOLe{ z;Nd_=#?f4u=PAt1d6S?LVgrW+}DCWQ&hnEfrjby%&5oXk+6A`{2bDebx z#AM{U>OmR;J$&K-0+lZi5rlet zQ8ol9sngkjlqa#p1*YK)*Lt4A@Ymo93_wbM@FggeB3}m;APR|B65>8s;Q&4OP>=JtCmrq^GVae7sBC z_2U|$>acFR-5Cbxax9Os>DsMx$M*Q(oyAK`mr z-o)#y2p~8e`*?!rR=z$-K)hNZc@JQ9Jm%+??-{D{ig-D*{1&>i1NigCar*!zrm*7X zuS9(XX!XNABI1CEmE7$V`lk|(g?!_pp+?$8e(giF4U1Ug`sN*GPbupta zBle5S#tygScG|H2O9SL#1r%2pa2G!Ly`H5B1`9Eqodn*FfS>+yx9?r+m3d0?ej+os zDEu4~wZk+6e(lW~+M{_m zf6InwUZAZtHiK9*v`HM}vLBbvZ`)XBON{xHk^XNIh@}2wwvX?Rt6k0gOE7e2efEwh z6Wj^qL^(Nw;9Y;t>u^o(Y5|)ATckm-Om=x~*~Fu!294|-+bibDw3n7Y=5oTVltXL7gQ&TJ*2|K7PU{T)ILaSU2G}M&8VYsCu9*c+}2b zXYb!?#-#1@cMBWjZ2T(e#9iuDGANQi?dzS}y>*F_OK2Z2Q|ip>mjmi~I%m{Nh5p@FwNigB;?4S+PyJSGxO=nLK?ORVKkM49%eRTY1v z`W1%s4hJ_(8BB~IQU*YH;w%4f_v8(z1?O=R*R=ggFZXnRl8abAziRu_h9a(=`SAb_ zU#*LJK!^F^D8yw`T5;5g$+^xr0OAK&95WF^6(Jqkes*ahqaN>unJ&CEx-rcq;peB` zC)3-A9?AClAHlsMOW}Dr!*OTZR#=P2HIV%dBE@?AS<8%eE1n9RPVI|JNz^U~QAR-V z8fO%k9nyHn(1FCn?~9C|qUrX$uhPvU=cNeE@b*Ic3XiIi^pq;`QC$}8LxY@)c9jcv zzQMWm<9MV#BgOc|1!CEjU%&PUFV2%mwg!%FthVq3uL)s7@Il=qmSYD2@@rQ>@~R0T z7<~AsI%sfVLvIvrCw~|bGybjj?+)pyq5OF37w@%JdycCSNLPp6M1(8V%Wy-yb&f96 zJ-ukiFL>gW)bj@q6h|YV2}Rrok1^iIle$iwMaeU7Ei-}K-%=5NX#(4i7FA+UTC*X8 z^joIh(l#!#h{)3HPGzqHY_P{IZm`w){Suy8Js{zEIOP7E>-UI0snOlLL=q7HaMQ2A z5e7xzr?&>laa-5EHC?)Ykv?snbVeahXsq-m*yTs(@_N~4!cb`**oW46K?))FdpAI> z{Ej&|+~zn#YU0x&HUwoR;xvE-5v9;_E67tXQ8%EgLOu~D-F(TxXSEF;N-R8o0V2eW zN6oaqN(YWplc(xrM3KlH%EO8Ngu`ssX|9YW=4bSO5ID*R^cvDf3zYSKoT;p-F+m0X zdeEIlQD(*vo6A0r1>i(G_#4YN=h_!YC_=sz>nk+T@N`cDqYfH6b*^eBmcji>&BeOP z&jC?+3N3K;UGI&X+fiYDesMPBCem~=hvwZgfHDO#;-lkY-i|j78;NS0+}sbeMh{AO zzAz_=!ne|6ag|?BTOi7QHb6Q+l`)Sl>Ea>;tV%;HLEOZ`ao}M2%;`U9LOb!~B zzfSjjzMpRY1JI*6N~x3{SZJnm)j>G0BA;wkCez0aOPLWn0QBPtMmg(g04b`zrHQa@Y~#K05bE)^l0^tyEiw|HGYJ-I)BAqO&4r*%rd z58m^Fo3J$qFnK5_kCL&=lk0q8kT(Iki==#Fo{9ANPN8BJzzDz4d_Q_d-C2X#NPGB% zwdS*PJRae8T}I7i5e zk8#lsr2k43hT3RA*Iz1g(AW#8SBIv}mP2T>BZK7>p@H^IUzk+-OV{uXY)9UYZBb-S z8^H>IVAJ*_!PfyjWWB!yM%IOcH4DS*M?Hk}B=pD30O-D^@xAqYD8(-_+x!}F8`{G) zUeAO$-6-?$(jmsf1(Qo57#lL9Uy;&EEnF1+>dQA<8kg;UPlNJW*gx(3y%x7og_1qP&#t!h)Wj(v!G*p?l)+010z}Y39P{#4fXub6DIXu`CIFKcw zvR;mjA8>BsP8X8;W?j;%7G~{{DRbl#31oRzBg@8DxlZs|8nwA!E6iRdcLw%7n3dS; zM3ZkIDA$95?jr~5sQt)%sA9Vlswb^Nw<2BcP%bqVa6NtAf=asX`>c`R@5l4^H_fXIWTl?Y}@;*>>V;VsSMC<61kot76i32ygU$Z-631)DDp4Ft_>0d6W z<#$NLRL#Ot%z>tH# zXGve92E1^lb?~oi83G%<{lhfjM`L)s01)MMIN0~OC+4

?q6yeTr;C6nP&+FCv?&|@OeiHpNjp@Df*m$M@PEVo%98 zPXexKRdm>oD3ojs1l9C;UG)WwYmbQzul-n*Jk|(mUML+2jN{aAr{`>Ue*pyD-_r1w zK|+O1#=_^A!#+0P&wjL53OP;x|5-T)Ok-lcK?nNTHf8T3Ms|1pefF|=#FS*b3uGWj|)|xouCR_7wi$0S#_#04 z=1cL;)iy@eoV`q5(p|Wg+8`9vob_W{q8P@oHctJp``g;f9&FrMuL;1FDg8Xab|HU@ zWMx|e0}8TZKqAG;oZGPDh@`iqA>0yrz)Og12yN+5-4_%+vL{}dkewq>m@ z&9vtBkqY}47|Ye~J^-*XDq|HnM!4M-_x2rK%GGf{@BvJ9$2~Rhbkdv;kQbinN1g-Y zq*+E~o)wdxU^Stdt%y-y{ZjlA?}uQKXH4eE--cqIAn(C*=XZ(0qZ#($dehZyj+l^! z^?6@cF5zpx&bb~!6a2H_Qv5%R_GL=U=D<+$E0yg-rZw(g1{{O<|GaOGGwtBit$1~| zHgbfiZHE1PsCbUtD*RBhZKJ=s6TEQ#1MfAAV&#O+*6+#o*pHF8^|`|Iy- z3G!gKVB9mrJ7yrs^mG6Lpy216p!yI&0M zbpuTU5x(Vt!^xrU4My_~yaN6{??)GZ_H)xXy1DG|%n0pOU2FS8TO@c~!h8&bLT(53 zMHPE(Bu(h0;BS@&PT)C(g*vsxlR9#;5T*O^&e#2zMacx*Ae)}PiZ62{XY5xg9)>am z|G&5YpGxA7zrQSZ%#66X=E?ot3%Dzm82E`ucZ8No7b707LJn9k&QhQPchbL5&wY6x zrrJLA5qy7{)Tpz#AK(bMp+D@;kP7L5zvw?p09H%l-@R(IEj|-9`3;4g{V8Gh!jKBY ziCJkcy*=(t>>Y55s%*P|8SM0t3tniZcw*&Zzhc=Q57^IAUbqnqao4_B3tz6!`f+Y| z1ELy-`=xMp_v73x=i_cDQX_}&_HnPya$$PxXQP`z(!f?%Tbj-eF%jGnuI@EQHs%Yz zwX>M$ZGyFz<(ocOQMR#yP7V|1fNbq)_gZ#W`gBXFz7#jaciTxyFcr(h;gnNoh0-XMv3_9sk1K5Y_ZV&tL${pLus8 zm1~&PFGKZ}{kv5w4_e^4|Bbk4#L~c+0ugUI8n-fY@%!Y;M$_LpvKL9)e%6cUWw{-K z;(1^O$9kL()_qZ^_?=@o6y-BrQMZyTovc8%W-CK0UK_8s!iNw#noDZEn=^koL)z0i zLbz2{Oo3A|@f(9PS8W<@p~&s4C7=R*KC^`w7wr?;Pfyg?;g9`1*$K-uw0Dye2zIdse{Bz`E@dob*1>z< z7DWHyEBe!K^sPF3n)R3N>+2g3<8YO%k$wr9k|PiNoPSRHN9X68)*Th6)7_19M+@M)x^Iy=c9^?sLQZX`Kh`cP@tGga4k_>LHws{p6hlllZiki<8UQ`Frm2 zpkiYGTvNk@lTDPl_);CVMyasXRj5qU)8c-Ja7FZYcDZI#bz{`9$DYGvgI-tNW-n=s zU(}jJ8Jz*p9wq7%K)z2@xm&um*IMPmPFUUHNrcN;o`M5*AH`pNXg@PMk8=kd0B2gr z>y%#U^yw-JIE^NI^N@4+ILxY{B|(6yVIPwoTyOZAqNqHVd8~HFDX$K1!{(aEy_W>G z$^5VCy{_>4USDqzqo0(IOWu^CH!txUl>M23@`EpcWS?VWE8ZKahhA;krVS}_MHDF` zS~FpD6GPEnNf}4yBwl)k8K{GqD}-wtAqH6#u85^k2G@ichO)eeLaW}e1E48a(CXXp zBrr%i$J-=P@`@T4URnK+k^Q2h%xMF*ugOYiC!+EwYZ4YFOr>n;m+uHjP(sa4z%`y!$& zz)QO~oqoMf-{p{egh~!hP!=NH^T30BHLOUi*<-2Hn>u&P{zF^S++mH36c({Bq&+`P z;V;Min>al-ffv6O;N3=riua0&nFDNHV>JY5dM%-F-PjU#k(#B=sn^pb(B+c*peH;r zm@zFR%N_QY@^3bp!sSilT794Tyy`;i11%)k)%6X)?o8IXX1%WtfY)K3kPqJTNcnbe z*=I}8{Sg&|5O8!!TO-19B_nsj^+snM<-fRJDLk+x>SpIe79dz)c*HTj?b+2KZV1Bp zo??Odj{kO2))ftg7-EOUWk`UzUKLKstqws(abvnQqsJR z{6Hum{XyG(SeNTw?P}(^IsO1s`87cGo-jR%t_fginx@V%HShDN*39Yegg!cZwLp54 zbqdz<`9K;G=34Ps+NKH8(;-jysTV$~|&?^;*ms3U7aG#v-sM#;BG7Z*Ey+dSg_K|5CJd@ubZ+WW1ub_+=39)~!9};$tENl{S2=s~y(qGVF$u_zdbBw3V@H-%k$J zw#q*kk9Y&<@mu+`3I*>sd!1u;6m$TqR@kG}d~n)Be>YdhF0S~1suw)j?@{vk>*0Qx zrSoe1&d7`qT5a1Es<=nvxyz#_jAxUVmA^ROdsE(P0qq$am2a}KutJs}wOqTy(0G9b zUc~#<`mHJMsUnT+EwXn<#b%sgh1#cL}u!1nvYDgAd0ka zt=Hb3>u**Kqt{9efR$ea2z2$ z43#$|%AQjw8Pwe#i__~~Ss4e#1!LxRVDI(qp<2Xi zUSAf?+Ru+!!EE-aZu%TD*az;k&(f#Kskt_$?wMVfYZ!ghs86j)DU4_Xz4w{Y!Zjid zR^9Nczdz#Lm{oT(82G3;>PFtjLR!w8Y(0QQqyCa2cw%!Or;~#VO5Duw_f8LtRRD2&KF++MAaE&k z(uS5fuJDY{z;K_}9Dui=Pi86rzwOWy+nM8~i~IRnmq!=ibB&cw>G=`2?a#94pCF$f zAc&8HtDJsoydE;wamr}F$l>?`0NuNUVPvxiU$5?nurHM#mthlC50K0FQ8A#2X&Z2d zeih(~Ba14DSN_Tmj};O273-6=$TdhHyxmm489(5$Jt&s7SU}CBu{HOl1fBv*upGN2 zH7z`I``}!y$MO0M>1;n~6OQKW%Q{ge?~#CD_AK)Q&Us{ynx5p%=|a_t$&s!xS6rT) zF7f9!-Y+0E=8$0P%(fN?H|o(Cn!WU@gozF&tAW0Wpd$hM{kg7O&XWAalg__GffCS~ z&p@Xo4e%v2;RkV*97wu!%7))_ z$in_7_D~1tZ(>UKMeRT)_a&>uztbBqjtTv|-k8dHa9(u5E%~@Uvg56TFbns7%tOn! z*N5=d=_A{ zA74o^!KA7Dan2-SBD_W1qpFb}v03kFaJ}iW&6^;wb0cc(t2iO_<`8Kh&t#&VFh zRC3?X&Zz-6tvvcR0hHI%5stlzEbbtvO^{&!cImHV_6lzYWWB1lihv9O59@pQm-)w8 zh<@YPY1I~&ydrl2bh5hkok|2{Od*{0;7Vo!tDS!}{a`&#h0R0Mz*B zRi%P(E6{IB<~dYskQOdzI+3gUHl#Jw`HYTgvono|36S&p_&tbQoZjWP7xYo@^h)xb z6n(@Zouw@AIEBvdFF+M9c4w*j!mMv(vs3G3pJFNfoy9nMDjA=f39}uI`bwSdQZt_8 zKZu2}FF%OvQWLMxH9=p7^ssL?$G^ucM=&KUI>42BcFUe2`un+c>UkB-Cd5|ZO-CX5 zv@O+6p(6USrR$VE|Gf!fcz4|KPM3w)Fu_wdCpJ>pr==}Y>b+YST8;~Z$iHUNjz(WP zH*hsZKcIh_Oj>Mke%&9#kocq@v+FowT{0+Zb^YM2<08QO{qf*7c@ASib$=I7Kd4r2 zV&0a7Q5~)8Tv~otFUkog9y&0{hN6&}@Rz)#+$}oYSJH(Ir*4OIIr)A%K31!7();p$ zbo^Yh`_=7`%dp_ zlKq-QDiFi&9Ysmfi(W0Z0fF$$Wq^G8!E!~$um(k__3$o4?4tt^Cw6;v>}!pPen#fh zc_t*Zg~_@4G8RsHxh3EP*WY2xt2 zj6gNrmOacX?OLV;haZ6QX&}DN`=!iWIS0rJJbpMwTj2h{40k=VUyoPhE=#lNU8-7{ zXv8K-A()n-tKlmXtuW-SG{SZ-*4}hu{rwF>y)W^6W=6{K;~(ti97?@delDae(7`Ab z+gW=qM#5gp$G%b+t5a>t@z-be2P537@wiOm?YS$njB@D6u?0t)_nH6H?`OI&w$YtG z56DDnUt37kRxzR(K53rOM;zZBdsDTW<8qOu@|T z6UldJOtYmg5R72tJ=*bf>^3PE9qL299^^^y-DHjCwHZeu>5%*2a$K)TvFGNl4G194 z13XK2JVJ9*C!9yVd-oUtu8&*EPqyq=8Okjj#J!GSGEW0!78;R`)QkkTWIxC+fDwrL z%F_Mlv4_2hw0X8FhmoPc_r)Y*0xjWxQL;=3Mh26sPsnICZi)8gkNc}{PsD{H!Tp;i z8U8s}U!hVX4u)PdUzdoUrv4(|4 z)h=pibK$8TI@YL2bV)8o_&yoF&_7ZhZF;14(~uCRUwGvZW+amEhQHd`dW`Gpvv+MCinE%FLu7X<9TZ;Jt>dS3k5gk z6X}|*z%u!_I4FYZ*4cy3&x=~7V53I5^mG9IO7~ORIGO!L8VEJnkNn{WxFHc*AK_WH zYVr{8xb)h4fk0P&v(ce>Sf71iGq*oZzPSTSrBCP5)-jf`+g*_`Qj^fM9v?^MW>2^y z>Y7@bQM~1Mlzqe#U!D5(Rjo-=h_b3EN}WuUxDe1*FVwT$1t99@+=AK#wH}kD(rF%G z=&J6ZybnLJmJV_EwzEGsjL+gESKFRhc2l;o|p=;|$aZuV9x+)+xrIUo#mNxHKCByuLTiv(gFi`1heZG?s zl+D-io>Y<*&Y;szo`nX4sD?y8k5yl@^G8G6Dr%Qd#~9v)?lJYsh-4^kig zHF<2T7&Oyg{qbre$rHSg4>8z%;%E2PcfR5BE`*~afAS|e51a*u^R2x8tP+`McpK?T zPPwVS&XIhZFOQ%p!?ChB2V0NU>krAlmlL1p1*?Af%OGR%@3Zo@7x>HZaH z@rQv}t=ioQs*uD-6&^LZRiZsqT)7>XfeuvKYI8J!%6Du;xmfo!2J^MOD z9M}D#C%}3&LR8BmAG0Vf-oVH-?xcs0B%!ALq^su3{727;Ixl#oW1C=O zPjklGZ>M0&k3DgElRdBBknZyMA%}P4bv=K(>UVt##^tJ=UkeaLm#>rWeMG-G1k`&2 zhMi*gugk%S4|UY%{abHr%+5uqGaJQE4pkm2Lndc*gv?6-!h3`w;a6og9|*>F5e!Z|!HdNzJ!;0`KZ% zVzVb|sQs-G#I_x+bl<=8YTQ>vBMBqQ8Ep^d5q*`n_DywU;OX;Y8=gcZ!LgEDq2r*) z!;FS$8Yg)k5+n)$`E!!j&?BCzs9fGk&|+WCow3nPVs*K@?8S1{t|FCBHlUr2rfk92 zMSRi$fh#T|NXqLHc?iySYA0Y@syC`C^W^cgyy3{E)GwktL=pKkTe+Esju+4gP|NFG z>VzwDLbJ;|z)Mu)u{fHV^f5$rd%tXBMgQ~%jVcw(IY4zkw{-Rni`8zVhvO$aWXXCi zchJba`)P#LYH4h;yZdi?p9Mt;ee5`mKC)#p`lGTgNq;u{Dt+E|lcY!&8WYCZ0=r^y zQm7IU5?^g%s=&i9eOUND{M3#FMa2waM8ABU-i-KX=eK662Ydjrlu#H^Cx&Gu|2W9f z7vrM1XePBCPY-H{HUoLz;ulhX>?=rKc!`vDuxR_ZKYA7! zw1!l8U}mx>6@IO!pWeUx&eWw9cJtFDolbOYGi?B3dFJFGxBsB(%Nm(I_wY;~VmOZA zYO9v3Zo8i_CZ0s*Ghu0^wMA`bgI8iqPHHp9ru^zRNkKu*?0+K880R*o3)c zC7n1MRyKG$ajPB$kREz+&y|6R9r%>XncsP6G=|uQ3*q0TZx!WCxxE0S`R0u$#9D$F zeeKk4-O~mZ?)%dpo=8iX=3*-gL`PwHEOsic2~0=PC_uax+{yT6bi1(17( z8FBtq2(kNx;{^QL>3f7+eTJBewXa{0jic#3#L~i4pLVUs-rLSg-#?;#G^7m&<7{fR z>&Q6`%8Ij>B(LvZP;62lDK4uMm6u^|+xsGjJw9wL;v}f!9np$Ft*>`F-M<&awl^mL zNklB>sk%=-J#%e)`N6LiVk?PW1~9m?O$e!u-iedR)AF+b$0E!^LqO90M()pH{Xx?G zekbIOS=I)auOSgmsS$ju>A;jS1tSW2mh!ddDtb>97UvSnAEgDHqLj)2#@Us-Lzxh- zLfYA&=D&W)b51WSb+IV_J)M6O8yHnamW!HW`^yBB?frO7z2M><=pRN(YuJV2fxoq{&bIN<}O9HUjIA;~olj3OjO_M*CYzZJ8-b^Z2EDW}ot1 zt0KiW5WLEmHzrM3&11{Q3Mx!3zD63zg!J9^0D%gKXGMnT+hbNd&Hh4r6ywH^7HbaT zUI_R6MQjfCN=Q2N?5!{W8Mz##Ol0Vn1?>r=R||PK!UW{kbS1nWS~coujw3Tw+^V&z z{`7CpdTEGaMScc*hWvy_9mqzj%R-|IU{JJ|avx$}olh%^enSNBApW83<;i>qN0Xr= zxTAF17IJY|Lx72b&P9OW?TcYSy#VMXi-=d}Iw-xB$N5UPB#=NgIVP~(eLb`T@6S`T zlJ8^mPz#>d{MQ$vsDcagfWGL0eUkifwh#}_{rEaG-}5Rys9W_Vc_?wPH6tNqUD}aZv>dL#Z01cH|3N^GhJ13mFCN&@g?X26|*__ zU*Qaz3yC*A-T=n4Ha~I)86|(HKs<2Gy6sRTf@^?veJ}D{!UTf*7ALL7B2O^i^TxSbszRd{<`QaNIG=kb#Slq{`t4xYQcrSlJLSb} z&0tSxrr~n+UU0k9)~SFASmkdxcAZ$iIJa4UKOnk&qJpaaeI=QEE_VKhc=?l^A*s(v zIq}WwJch9bQJxcQb2*54LVToC_J+C$&rD;LDK<*F!$rl2Srx~C;lNfQUm)> zm5aY$2GI6G%H*{?6h zLx{(H@5l{A?D7MeZzO^b=~;?ND0}T{CGoYNaGle|Z+vNc zr{j$08aX_ddZxm}SH=vxOzadG5B}p*gE+m~i8)Me*TLQB0yWpJ{U3@QsNUy3G0z@Bo&k#^1rkXk$j#mt-oeyB( ze5OW|_8uFfzW68xUO=RJ_y&jarQ1;T`ih6eshZb#C)6sLP3G;<4oL258oY}0UYGCH zA^T!4jQ3^xvy9%iWYM)8m++nP|5^`4L!Pel10#?+)o-l{{DV}S&%rOrBSJv+aBoz* z>?mS+_i!QwS{)C_r3ThCBi9ZNk2WER`VML#HdWr@el!``j#?13BDJNnH-}q-1#Dz( zA9`IP(Vu^85Hg-NcGuX6NMVqOn*Fr=pWo+sfIHa9o&ce(AkDqUwbjWRg{ng3t~NrL zuIKoU@HF8wxqg8fRXhF;8#s?SO3H9Zb`of7|AD@*)e-bBY1`=yvf6NQv z-ui%8)Tr~#mQ^2ZO&#f_9xtJ158iVNaUon}Bm&rgrr^M+!C$lOoL!CcQO9h7-Nomr z+^!^jN2KN@xOF=#UW_-p)1jroL&j*B46O5l>mc5yVQX#V;2`WdOo<)=^vW2d6fx(o zCx;n4dp21YpqJ4+dl#(Z?bTrN{0im$L$V}AUYG9;Pe1UG4&?eTr>&S(iKp{AX`f*~ zhaTjZKA$(Y<~V=<20o@vwzbrxKSf>cW~rdqQD@_Wz$V{WzE!bl*wcw3wtEqe?346J zbL*p6T2C!f*hl0dJhHHERvvkXaQPupb02;W3eRr^BN3SgbNcCZt6*>RsE|56=KE&0 z--U0^kbdW<+iPZ|>XF|iM88NdUA~!)S4Orj6sPX=!!Z@#t$Wp8*a`#fR&VQw%yPw7 z-2QzbQlEz{TBs>*+YXu6&3__6-l2LZXdKOF;Hv;qqG5k)CIwd^{C%pz;Wdpk=5j#;v>`852pZ~_TKy>R#mbn&4f35^5d6n9aCk5S*Mcg+*uy}S@DBZh}t zF1m96g~CYlI`QG~&*UB>&61r*c7Sg+p`fSAaamTg|?lEkktO z5pk?X;V*!hx6@0h$B~^B#tl$N12)~1G{F#mm1G!Nmfbl=%J}uan|SqqSe6w~EX(Ok zBf$h|FSYKGA;E+*2yb39xwigN`rPHDVZ%HQi@5QOx0SjnE^kf7kyxDMMgCkk$X@O; ziTc4=en+3;p<4U_o(n{ejlosh*OcEf0ZK(hv?ggFEJFEf1d6;Go|4pyl=VSi6aq); zQZvuDuoqm+lgH7Qu0%hr<)=Y_b(sA0Gf9w#?Ae~}u52on+C>p=qV89rlV8Y{VD=%F zI8VX0!igCIQ`LSqautgXTRphfUe;rR(+Pm*{9Bm*aNB~4!hq3{EY1i~cg?pzd=rc4 zRqe>FL1kKHajcu?RVee*`^E=TEp*RU`k~hTF=D6w)F6VDcwJS5h8?;epG%^z&-7vd zw~!6v6o+vD0AAluw zK}v!C+qx{DK3vapZ{ao+v_<;6vMX5kD^G|1^=&68QQjAvF_EHwcOl}3&FaS6Z^_;Xq zoColA5j<$Ho$9`FIog{~uozLGe||XSFIa&iDHm|g zpOe4AvLbfiBl*GHxNJ0E-bkd#sB?@V9jlfP#QX5Ber%ox`#!lBSC2@ZMFhzj!283t zxUlJ-WinXZa~T`$oZ*95WN>Ds*~)|8E$4pp59uL9ngrVO9qiNKvqV~Ja%qG2h2zYE zIoOx1RDB{y5>CgO~`X#I8nG97Gk&0maTfk(E8l0@=2o^ag! zuag?k7FyTLtB6pwp4_vOf?3{k4BHa-F~Dy@8CsILy&~eu&jhV*Zx2R4T(NxFtFfkZ zAQjVcDqQy!1bl36h@>FAYQ_!dO+O*IRxKn(EN8{GyKOS-F0qzpb~u>=4*Ky&hc`Kf-gg z4=bwjBH>H+`2941`swVi3Wl@~zalpQDJAE-j4f4D-(EuW{$M1&ykwuFaSd)Cs0!bE zJ(7`vDt}=`RUMAaTRZG6%`evxJP2@-1AVc6y{)Kem8ecr0V-Tui+j)3^so?V8tQ>>>D zL0zWmJX53zMM5q-9`0^M77sJVM*znq=PztRYp}D2&KJjlRSWamr=zyJ^i|H^GQV9> z8A3E{z09$mDDe*)c@`jh-C`kqon?vt{* zmc1@@@Hu@6m|we*_JF$RdOx~I*J+Er*TuaGb#kv0UGbJ`IsQeKMASK64vod=1@ki4 z!(#wg(r|4cH(gAsYruOTwNq_a3m@|KO>K39!&a`6IFUndyC1p&liN|@HC7m z$Z8au0;EGv2(oE6b+kk74C8e_Ex1of?F|#gQ6O21oauMA{_Oi#9xm6I=q4Wy(B|&mU7HDUuZD4< zw0ZXBN9h*s(nom7A~Ok@c3SmxtRqe3P*x+M zqstHL!Jg)>-Y*_H=o)ja_l_$_YwG^j1DwN90Qo-XRwua?&!fO55)vDBEWVR?bRgo9 zsx^yJb#*W82ai$p{v)^V^aLMLJ?pDx+A=Lx6avo7v#7p`Cm3e0yr?U$N=Su`G&Oka zGX+Ez(Z{j<{&zeCj%`enft?uyv2mN=?=KTP-Mz}V<1|@{UI_NZhWAymPPyd!?JVA-d$2!j z-mL{X;H#9~Cy?bRVd|EMn@OknB@BIvF-7_m70zg@}{t z^OrPy{r1Wa(+4ItPxCb=G6_e$1V1Ez$U!uMQjUASH2-;fYtf^Nt4chdb`_=Q(dlqh zf1PoG=EA_4L?S%8617M{PnzE|j8*dj9nMjE7VEdY^4&eITJ)DPPhSDX%T9^I4`-p^ z3!vtBZU2Uf2daKRV2)e#vGn=iXe)BrJ|PA&wVZ=S`yI_@C?vqoWk_(O=%~g_yqCbZ zG}V4L@ig&~tE+TKYPRc!{&7DmhudL{A2*UF2=ZK6=sqG2JHFakHATpl-^A}&{*p(K zXbS0LomD`!Q~Y)Fp}C?>c^^E0K=VDvF8M*qD4<8z)oRaG1S`%W?gR0v!?Gs|SHHPM zQYu`D3PTMJ^9k_-L9CMPTVet}T?10ikR-HzZmZH_xD{y>kFyCJiqe+(c-5Jb*y}2I zI(2VSw=w#e<9<0=)A=yJzsHKCuyj5)n#4{pHlVw%*JJBlCB)*q;I^W5l6hAqO`mxY za%g(2$7xy5ry~=6kfH2zYJwcaaRTcdMJYgVKXQ>0Q)Bh?2O$frLFzH{j=rSD>OC{p81F+|ggCZ0zx zDC4k)f+(fsQO>D$GCU89E`Dg0Ve7xoogt@c^2a;GK6Gt}KP~Gw%ihIpYOVd#1Aw=s z6uCpbyysxFKFH3!1Y#@yxO2A>T5e=nmj2#`A@}j`WmkgnIU%TguNnuupAT}|@#D$R z57Kv5v+}m$Ma8|$K5*Y)aQhYYcvaJZ=sPr1IUHS6h5WRo7 z4H{<-9BNVDt~%|96z|pDS5)g7dcE7R`yGDfC2fJl)X9qz_xCgStUp9vTa3vsTN`7= zvI=)BXrc$&^x1h)Cs25-B;JXPYSaDp`8*qy*1P-yN+v%79EX2GnA-HCSE8<`b@AUq z{((`)x|q#THmmd#O}}ca*B=${2kw2ziuKx$p@H3NUcJ=sOMey=?bcl(S;J;C>RNWQ zY6)5aat4rxJGZhq@`JK``K6&0nmVzS8TR(}9qfCc?t}HHXrVmOVlfF@dk&=a)qW0> zxmB@MG*4&oVSF4+iF|6UDwQl}pIm*g!soNahT;2WZ&p%1$Id*3Uw!|EBU|~DrumtOK0D?WyYl>`sZAo?g&O&@$EVYlLki{w}HxY--~C4EncwYx4I~@ zh@KtBoo#eodq$_8uWB)k1|U>Lm$9|i02t*;FHZE*wXUvh{HmIW0BMo@JZ9G1EB(b@ zt>ChoDX<5**G->g$}S8>Bk|yr%f2bFsuQ!)|o)q}?$NSER zR-dm8FaEe~6UqL`T{7h~19aKkUSoWIUBs~R8pQQl!pUsR-}l_&HDp9KLtBrB-(je+ z4)qJun_ATO(9)hNK+xdt2jLY~)9;@@3Nh?Y5&H(Ij*T@1*AC1Sid>_7lgpb#C=~1$j?eZ>CccsFsj88Zo4aocrN_W79zY{25 z6)AM-kAy1BVMJ}+m&2duW$m$>5F9=j_H)$`if!H@*p$b3@spVS{&nTX`xhHBiw3*Fwaj8&Ou(+2 z%tHbQ_IdB)BJFFGk3@RJsv$q>#zKtT$kXm=;!M^K|HOIQ`LIrphxy3uSUnZ)uVX%a z-(q4H#lwjC_{_T<%+9}gI+#e7b3 z9$@u}@e$*#r=N@Q-N(&1cOJ$u_+10j+Q%h8U#R_*z@PoFK7}g!AQ`2oK01#Bfl?H= zLaTbDUiGkzM-?AJ<-uicwi>HXwqV3d{AfnZVV-jJ>YsNt)|M#!`XN=A2;l87dYB{- zpv9O^RWkQ4m*?`Zxz-F5S{b!ISj$fkIE>hdh4rtP$HnZg&8fAES7|ox{H#*Ij7uXm37Tor)`BQ12O{|(SwbTegUIR?a^=$SC z%R&&<*J+L&AlfzJR6+VUCZ8uPrWtTGV~X?-D0L&jUb_2y3Xv{5idA+4n_0Q@oId;4 zZkDZLcBt`vX@8%Cce;XqJy+9rU;mNFglt{2NgS^|27x8V(dA8Mi9tj{NMyyg3)}a0 z<%s>*-_O(0nm7MF5a=;|b4P@&jh$tH?(pFRNn8VevbXH~1~GY?CVXTSp17aBzYuv* zEU1Bb?8TK5a#hyfpFT{XgG6n+y!w1i01K||JENUwqSoPrvqiO^2YHYwBVe`r{C^6^O_RkxwbjMilyQ&mMfNPU5@H~>z1nq66SPVTwA&jwYf z)$zuNvIFKsa41ja&x2-CZ+gc~m$qOcw|fxEQgZ08c(xZD+vD}{tDS2aF&^GRa~n;w zb2W@ikY{JgvS+o6ihHs?rDC@avXec@-gm5Ew>~Rgtr(9uP>6-JCGj+cNcz5E>@dxNC>|z$c{-wkvj3i_@Mvr6+-U!% zMl(mW{q}+#Ic)KDi>zA-+Ghr6>a!FdoxbU}&ZoqBrJGxdute+PP5LETo&M*ZoeN)W z&NcgZK(DiB?#nyU>AtYiLqp7IDQE!eD1W*ccYCC#OQh4ml`=OBka#IM$b)tt+myS6 zohJv0>W#lKQwau>354(8<(_5*%iWc}m=DjNiY;@H^;4|^`ZIr?>rOcEJY86=QzPB} zz|r_fd~)<6*Z7q=+U!Pkn!Ftlt4`&&4dom^fpsPxrkt>ZYJXJd2OZ%w>k8t1hkLPBKF>)=T+fR~P;9MAq zM|o}yPkqBW_0HO`H=m#B1uEzK+seoNHU6=5T}z5;QS_I{;Za0TL6IOJZ<3KDS@`-{ zbWK&?xvgzL;q0@+3j4T88IV{gZ-U>V`MFq3J3i9x+5W-l#7h2LY1PCoa9Di?fWlM%(>!b- zSYnSv1)c3vu+$h)kF2VH)j_Kk6pZcnueeQ zc5J~G^{T-1>nV-gX-29qBCHkV;6`l8UAWm%nY*!P_bz zid*C@ju;J=DHylYYxT`K!;g+a&CKyos(dw$$pOLuy4l!-T)5!_pYy{Mc?Y9?yv2%6B zkOW)J%zn?-Q9@9CJm+S6SL)5r%b7seD2&=eo<@Phn5P1%I2@^j$Hg9_Ycb^T#XZcA z=`wz|9-`w<`=gy3qgQ~BKUul3gL;+kzB#BfBx>V{+LHs-7}+DTx$Bt1{2?jPK|sTs z`=~f{^!&hq!~`1qD|rS>qHjj7Tm@4q_v3!(+@}-6V-?_DNaDx=`a4 zqJVM*z=z|w7}KBT8iw;PSfDcmp0lV8m)ega-5V`ZH9q?e+$9`PY50$`Tp5SZpV#l= z4j3CLuU$~?&{%JK&pbLlnNKnV{^+SOS!<>Pi~;nz zxy!jI$?lOkA8NAG0)tVLI{p zF;a7|{STzBV9f!UhbioCJ}c`-JGeL{2a`uAY~a!P>fMtsjC72pz9-wjSf7t-#e%&#TQf7%DnLPr~0TTM3_N6oM3}hxdXmLXmSrglef$rx@_6zfEQo9kv;(QLQj&N_2& z%-s)Ea3PS`fMNJJ)cnqNf-lOmhF#~WOyGA7pm*{%1)jS@O|>HkTSZY8Y%Lxr#g>nR zd9QEOmxX^1K$j5yEyvKDzS9@HRNpHFKSSM$)ZPrq57HqmU3w#?s~ zDlcbi-*xRJTOYsnu?+XICCwA^E>Kh>V3e7K$x`}cOyMgc&F+~KWFDvU{UsVe#AHJK zVPOQ$hJlVIcB7(!9sdbj@AZvf+f6-_19cZlDd~c(sS8Js^Mh+6)0I{m^*23++X$C& z+$P{;{VVe0gas(U62QHv4*UPJ8>q*@@}<+xCpN?6ryCif6(q@(IY3 z5A$)#+=8kal-1dn^9yaJY zeZEUjNPP#)Acu$+21Tq)4hT(MjmNnPjVlR|&v8=r&mD=Fm#yLTGwM{@{$}OV4!;YXE)l$~@%NznU4?f5 z|2y1xN=KE`eQ>#tXWiv;MXA$4I@_=dk7E8<$OEel>jPBK>Hf1Hzu{@BA5bgn;yPD# z%j*_Pogk9w-f~>+dJi-*x*(SD)!$Kn|6au}x^*@+2%m5o>&L zBJD9VXh!zOkw1u8aFmZtEpGvb)&m}Lhu9KcVT#};;X)=`QCSDfkM3(aT%L6j_FC!C zxEpZA*2hW?Z}*)pTCr>YD>QAq*^Dyf3etMSl7ieuU9B_63vUae`*>#Zy3cJ`BD?x1 zxYDN{Njr$);@fhesW2R%H2LJrcw+SB9B{Qr9RqJkOg-FN3&HcO@szB74u?0Hp}UUz zcuhk|h+kqeS-SdsMhC7qe(tro;9f=7ETqZ@HaJ4q&x1O)=P@OnZKz14=n?$h&)9Uz ztTc!Hl0zTU#gp38Dz_+)9d0?nR%YM38&xQ&s(mp$9=2=ujq9Fc=z+$Smsr~@e>L_$ zsoC=Kujbx;`4cf$_V_5!ziS44%1W*t1_B4cxh&()k&qF(cv}zKPH$BziVCJUkNiw7 zH+o8?B^+LnUkHJQ>8(0w?3$!%hFMz7!c z3(mM>RcrZn#RadlS>swl5<1KD-p{ftyo8^8+QRHdXLO{~CTu{?B zLml(V%2o&e6-{$+a$+rrzJ6XsE&9THNVnE#Tt$8k8{_Qbb}Xm!@<|TG(nIGZ7UW8w zl%NkX*ubIf+nw8bJyWWZWw3AyA0JGj#7&mz-|uF=RWDxp-S8eJcltIj;bq_S@v{{@ zpx@3dRGAkOnjG^AaWklJ~+6VU0F zEkkFM+~|6q$D={tvzGUij=txwinuWDuWYXg1I=&k+*Su|1nJ;jSYW-Q$K{!a=?fU4 z!8m#e7HB9>eKh3aZAicbIf&IOgl@mW9VnY5>WS&x@1ca(`CpR)?p7Wx*y=2d7E z9H&7-#HSQSx8&h>@SI<dt3Cen*&FLq!4V&27M z{?9$da{wt%;R6ICJfB@f$3Yx~BK~dtJ>2_sGxLq0km%^j^2}O$y7pDM9gBlp?d#RB z9iGh$-Jcz_Gwe^qO4M)?6U}e(DOGQ<%f-P`3|H>EaX8b4zJ@$ClSdWQNKZZ-+brPD z{anl{yjj}-mQo=(a9?~zB!JiO2vx-0OI4|U=@!$E=-?*=G%IQHy|Ea1x_e_(AFSyV zp^*X6@lesu2sl*`_>E0JF}g1wr<;0598@$6^Ep-vXR}u5cg6-x^YNoTY*ArDYT15t zn?V;6XXvNNgP73XqK45oPn?Fgv&IZV+)udZAXwy|AaOIm5_c6;%RV~yIchCEx1FjpOXDg`9 z;#2TMd`trL9lO^@z+_{H^7G~&Y3Kfj=d6BL^EBMf3h_vbEQ64R1V*j6ZEElg7Fb*D z@vSL{TZ(8UjgcclOhzSuYYk`Md`VK&_!-ufEWAmh;6a3Wapc_Kf>Mtbq(~AD!q&nXY zma%+*`LN1dv8hHDjAZW`D?T_g2(i-ikow$s^G*KQ!_V+t_Yf-k?Z- zlL*Ey@Z~fRy_o;DaK=)kE-c{tGu=c2OPE8qhu|SOupN;l)q;|@?etcJ^tjl z)W--D1M+d?FN{3)HuoqsC>Ar&KjT~Y8aICix<5l34q3GcCES&?YjbK(2|5qKIj1I! zSJHEj^`YDbR4QcO$#kxo3pDaLR@bHwx@tz6l*D1*y7Jf9vDZ%^ zSRND&n%Eyl4&Q=DL4O2)D^ty4k^Z{rKH*aLjxU5P{D^r*37=Ys+^B4I#t!v|Y`IQYYTF&|jEo zJ{;~h%A)W*dIj{8gGNmb%w!kLTt&d2ubld6jab(-SfAiYEOpHK7*vFexjo7x<_-Zp zn6KurUt*H(g&zS9&Aj#=Zdi&+Ky%xf4#5ydKC4jAm61C;(W~q2C>lMdzfAGg9pTG@ zCz}jTzVx#gSI|X%0xQuoZpBTm`ODMQK2Z{W-1Dh~#{FS$&?bHOnYu0@epF2F3+GV! z&AZf$P83&XaULU0hhfevo^%>u1C>-532~ZsXg=JXnnB`E^Y?}(lI=b0IILypPntd1 z?zIZ8O{LvL`aNkc1+4-@_#LPr5V72$w;Nut7&FHlxAzdF+7*4hIWp@+Pe1M(oOCPU zP$RzgWwZacymrStG~Qsf?GBL+H`mC%V*pKo5B6UiZcR!QH2rqMxuIH!}~AZyX-4@>{hN`%V;od_O6TAmjq=Q7@qX%4nty+8@KaE2+1T#lM%89Z!FMyAQ8pjL zanZy1wQNPiv~V=40n+@k6w$r`$EB|eO2JJpv>4OjuK9f4o9WQc1G@?*pmEsg91GCR zTkFGTwVtpsQT3sVx{&}Mcl#6ZT8YZu%fxobUN=pG+NesU$90I0wKKhot%{U5bcDz{ z#Nh2QoCr0>!+kz8?|{U9=@Qqc1Z?k?cLo%sxC>?+-^G9TBdCWOxi1&pfIbHCzQ<4s zy!|Hq`TV_b_tdWt$iMqoOIJS>vZHoAeLwBe`rq+=#pr+%S-P{amI43bwvHgQv{ z^!>sNFuVt0r#8-++g2{YwJiE-P7Pz33K+HdJp+TXv)5dn7aA1?UgX~8`Q(1pD8)c# zrE2in&-5RrV}}q)DOuOXkWz8R>-?|noN&(_CF7`<>~&ri7vB-_N=rEX)_wX{j_jH7 z8~O+_tzroc(@V83j`Chj^Lgb4^A^WXJfdP$JXdn`?jT;7OE!4!AMo%fL%*A2sY5Le zP~*@2L;Cf|LQVGtj~{NF!6l{UEhU8CA1|faM^E$gN2}UyP%dMax5znlPjS&38!LEb zo*8)fMWCm_yRv-RT~43+gip}M59yUPEh2>i`AXW$^))4y*90(r)Ba>QVASVfUv*jc z-lbQ~j{4p2%j;D1L885*=iafCm@-jK#i3NHNh*E6e3_Rv*z`e$P~dH*ZnCx-5;Ws& zYcG6Ks7DXmzSrN)VKLmI-qKCZ$vf{;ui=s69gRz{UnI9o*7V0y`NPIPvjcnV*re@x zahU1Y{JrY<;{WiqNWoMC!+6?j%1TH>uxD#S=WF#)na^!^6Z|@GGu_8?W~<))FX=&X zIUj}Z%b4(Vvt`fZnLb~Gv&ByJ#?zgaP>0wn3gY~>iRYd4vtynG@zow3$0*U-lAPj{ z*2RZ4IjCA|5ORT9rdj^z?T<(T^>!(1({_rvW;z28&QNS>)cHH}%nD2mysXXU*qW3WZ|zJ2F*q9olys%F;Kl>jw@1W&#}RuqTfXMppFaxy9Q+`Ioyx z#WSwof61!&cKSs~9=iy=^e}!8{LkOF1dhU>J^y~s314i%guS)K zZ_R)7K$xCcR%LZdhM%OlzgB-o+e&wGKLe)=4e_794wo6oB3$oVwK%tBhiuO9DP4Iz zp}h26qiPEtj0k%+rNsHXhp-2vqAil&@UFCjToU#f65DCDTf7@nRTH0%1Ww8YM0WlM z=Q)T%s^3zNooR4xG+jKk@7ul4c0ZN*<1-&Vw|Bo)NZs<9GD-ToJF!zZ>SL ze&_Ubze(X)=P_AB5a23F8}T zI-o`Ps2#npL0`Y1t9?1b3~eb80{OSxS59g)uf|HrykblJaUuiAk};#3@4XkEkcko_}lQebG8R#Vq@e=J1?kPkNYifiA*_OG13 z4l|fLWweaZS6ait+`qHOP*17T4jo0K>iiTAdEUB!7FQ2j6(|+neQI=S-|d#GoZfFg z6lo~^(C0;3ELnB%w4di>ypLT_kzPGuAY&$!&VDTknzfBk+ww@jgv;TsT3-A_`cRV+ z@@lIfth)JaEbx*5(>>jRU<~u`MfYpgpQdEavNk!%F^ObBJthFR5mp*qbz3?l@X_OF z^nUkG02RU)QYR(jodYB&H?5{|YblCB2;)LKrnr^3}0xmvj5J_HNd- zM~PTH-D7`|u2y(CmiqD9$$1Rfp1nzfDVOk`IBhPTC5!HSyi>cBeH^E(OY;RYSiThf z9%d!;+mqpG5su%tFTD*8-@T$}uv_%!K;&-o5p(YBKD-TCKjFNh@84u6Et1*;r%ZNF z-W*i}269Tk{_|UI)gv337f_rYUdWdn2jeyMzTc&x17muR3t*aEA{6gg_I~#!8NHfn zUY_+VpL#q*JW)o*8C&UsmUAVRRqD3g_(WnWHN1Fzw6!*^NpyhBqx2%zg1w&9v*M36 zFFyi>z=i;wGCedtK@|m8ipoTk5wA&EA|iGcrn~oeM4_>^h7%*QB-BPT7@VeL0I4G_ znUmtwH>WY}2%7lj=in7zw>!nhe3*qg#Fy6*EZZvCW7O#IC%XpJm7BHuEjcRybf^$s z(6)wJRYaFaYff)67EF25wjoq<^Ge(KgpU0E{CuD`Q= zd;U?Mpl4THPSz9FhtBMA@$<1M>G*ve8D0l&d)tRR(gYV-Ti{Ze93r7`%kAsNIdNj* zQ_91d93t~;7TCWW&R!XvpA1Yzewkd$`2}yvsmTEo$!iYM|Q*O_kq!U)lYED>mXuR1o20cL@%q=g9`_ z?X~63uVFhXpUGz@?}_HPc&?UhDV3oMMg8)u^7!uK2_M)i0nk$f_jLcRuhSn-XPaZF zNHg(cnfKsULPbK?$tuuSwf|c$Rh*bB5Ucnjz@wW-;0j9M^aihsiO5xi(CYi|~qDri2{l-jMEjoyrB#*fV?f$NVpZN^UC^*fE^5ACOb=4F+ zu8NiR>L0$_pbZ$&VN2pKZu7=d%eX2z$IpXsfW6&WpCo-wt_bQ9eLtU|v!$%B1U%tP z2HiR4U)lR-ssnrDTJPatgM)?;K(cS<0HOWz0f)NuuhR^$viyWO$F+EgFjZoV>{(IF z>(PeSy>9{*IG*H|erRnU~4$GxB?+ zXSJ-5EBe%8!p+`h(jVRV4=(&;FU&s8(|P7LMcN)?fWSciKp%WXr>m{Guv#=XzoEK{ zceELsuQ%{7?fN!9=hnk^!dCBQNN+B50Ia70F7@tGB-z}trye=sGyeT_5Szoz220|g zir8*v`KLHN_nMNMvpaO`2D{>eguNApHL<(VOLas*kuuOcF#}iC?$F$R<2L`1Ytr_D z^$8if?<NtDxGxp`OnGw;VEWcUCoxsYaL z1D*YCA&BIIPN27IpvNWuaDRE++%L9Hyp$7OSr(4W#4T61UOM2(-b^1j;kyj_zB z`9I~nnA14Lw=ZSP9$gD*?K1<{JoeQS z=IPqqf3Hr2XRnPADw!^MZT#DpO)f}qH~*Kf)gkx2)95KL^{;w9CrS92>-E=R+f*;- zV0~G#lb_y_MVC!FlQCeCt*;T>stqnc%3`pg9DvdWCojUhh0o`H_Kp-ZB(eyl5pE#w zkjkri-o!ccDIS4t`cMt1lv@5V8%T=$pksPFK;{>6&kI_Sx%IN7hZ0AlZv`xNIR%Oq z2bK7~Wx-zvX5;1$&_T^%?Z^2Fxt)O2REWO%a$ae?F!<~}BZ@x6OlHqmzR%zHX9=X& z2{w#7zj`9G)3>feK|j7I6Tz>)t^5xbyx&L_`S{8&-P6&ZTY+*dP2B>mlp&KxDCGTV zk4JP1rIYvBr0#F$khtiQhC?|{m9Mbr3`>W`iAUDT)KCVp5LTgel-KP#Z{~iM<5ZCbbt`}CnnnTq|!JYiW2(#>8^Q?;L`FK z&_9fvoj%F&rcdc9bgxoHeGC4<+9CDy;&{CmAoAATNBV4fawP@#-k&iAy6zganlBct zJ+TGa=E{v60L})mGo*Q_5uK44Sjk5#@+{vTl)7PpXkPO&O$rM9Ps3xHE#644b zzP&0B%6{H)-yjWSzbe#DSIEa-!T+82;G=R`@Di>sxz3%(H|5|;K~y+4Pj*U^a(KPCX=iz#-~tzrN^IR zLy2tI^5=b*Zy($ZlHB<1hYPXZ1V8 zL?b&oX3P&qMmlw3q5f%Zln;R2^SkipHATa_>@+x-&6mH`H{Hud zd&yo5#)t7Ygd5PA17fmx^nK z{dFVO`QTKS4Gp;8`%F(9w=^zD>ixG!D=_-+$0MVyE+m@9xZL1sYj6=zma7d3%9LPl zFc14cmi1@1AHEBU;N$ZzXHj_SSSG>QmiqrL#$9v~m+aj$m`Fe?K@wP&FV)kEBP~+Q zM;ZgGR`{G$gQOo_c!pQc+s}B-YZK5Y( zdw;CI&sX$v_zP?N_FBe&|M`7vaLzNne8J1px-(5A;Q4Y@gw^fm8J-U@S_%bGKP7VzO=&9>;Z;Tsg9!hl(~f{2=+aMVW}9mx2W#5H+v(fI5~^{h#|I> zK3@Cx8#@NYnPNPOQ|FrUpNXg`&yMj;`gH>* zQ8>;=`?%c%{=1a6cw__iR!x?3aO;)c^tFV-7+pJi|G75To1C=@JPXEgj^06}zRteG zi+A3OLHnN!n znJ$^9_`}MrbU_uU{MYM-G#TOc-Wcp`mwE5Wzm;_;py-M57(I;S0U6AhaIEwF<9}5* z`O7u&77_3Sol71r-{r(5v!MI!6}5$2S(v45<6iMl0{7HVn7xPLPBu`FWu8#_A#4bOq^Nh9MJDUNI;1A#LylOX23tx)c0za^%LH zV~d!_^H7}TE4F_0fi}B@sSc8P#YS6C|9y1p2i4`fw5Hc{^}7UdMb@`#PI2n794h}$ zX$Wt;zxjz?K{5LoLXB2~^nNDep5zO`U2YBOb~brBNN-gj&|gEZ&Yz#H&%JifdAPy>vF30KCO zHn8=We}rZo)Cy#Kok{fiaetvyGF~x6DjRM#A+dP<+R*Rh&ML%qzxTq;GSj)eE{VYt zFSw_<_fS47N0+jzI~MiEAb}w{*C{2c0Gj*1(E#YkUa}7tX>^6t%M#8ys;H&D@I`MV5^W4CXm34}f&wNy5 zHrRgCI6`N}(7yikg{Mbwb#Laz^N|$7?%-;i%vh3Khhrcp?jR*q=-#^td(SF;-<`jD z81u(S6Wj?~Zmw4PH-FsCy?L4jXFd+p7je3CF)e?lYXf@my(>{PO=ny)=pPgD0RSPF z`@o$8uc`5iwIo{eMY-VKR)f3P!S6{w(6}20okFp6be*5qO{Xwd;RcPTOgsy3b?Hr@ zqF8Q6iiM)s^O!(@!B~&;)wX^m#hXA5o0LOokxBc^SJzTlwJqPounzvC>n1|^d?0_) z3Dyy|dapyT_4=>egT)hdzxal3!VQB>N@rAyRAgrp5|jc;Qs=>$mOfnYS&{_|{ljJ^Nd$ElsUI>{0UbaGBp>{JVM(W_KhvI$GKiOOHk`$hZ9+=t((h}V=_3k>tl6(-eY zk#1L#@!*SL{}*%!PrbhOS=(eUFgw^#h3P-#BiFsgh9a-XVyG~XLEov4>Ohr{*iNS4pH0}C@rmwvFX4Rht}g->tQ zPzTE{-3glRM;F*M?wxwk&1-JLUYI!Rd-(an_If`9srt$R=e?-D4B<&-5Wk2}0hhwV z@N*_1%y(*QsqG&~$(0%nV(M%1pDiO{jG7;{8M>c@&4zFrjecJ*v2K4FAprZqD>jy{ zAv&=z`Q1CabwQLvU;NRd$UCeVA(w4>QzTBxaB%yr(tAiY_AmybCFY_xSIEXp%#N^- zV79_v&2&?s06r4PHYAsmC(HyuWJ)S)2x-<$dau?6roM1he2w`jB?GiAfsmc5~3$153ej)yMAy=~k|}KlslQ$Zf0vp=8&M%@Gj2R-ePsBT{kj zDK&Kmb(FSKXmxN33P@5_C5)SC(lJJUbz4~A4tr+@eK2b81)wS@lXSNo{8Y(J4_v5?8 z*A%q^CrNP<;-UT$&@-WIP(5TxWKS5^eHo^S#C^=LUr?(V7Gzq~>6c^}xN@7u<#2sD z#Y}~>&zr$Ty?nKIxFyvCOs`)42@t?Qg${MGsA=}fAH3s}l<7{8!>@FKRn{zfpNDi*MD7KiFd!19di@BTD5=WYnZ(GF{IFnx#9(-`T8R#YQ4QwLM z3sm`jPC`ya?|(BB)on*r=#?&WqWuem14$u>5}G3|bxk0WxNkJmCGbwQv|oedt;vQn z5}-%jU;Eq}l@AvU*Mq&>CUKNqs~8Rxlf9X}{=efNG|^9cUXQs^zWg1HbnN0VSV-mo zPq)iir`7&5ec107CzMD1d7j-pgxv^3u)NvhRZrYtQW2B&=SJwy$)~)n4&R5*m!S@) z@^+vfgnKOs8Uhh`G$HO$GQBne`LV&ElcaWxxRcCYYLra;4U!g`C?3>?4S=10+85e` zm@mtj$$93PP-)>6GDHS@-{(m}gwAm#p0|nbw+9ROAmz-^=_PNO`-38qx*FtL{p7FkyuIwr>dv!8 z?ubUE1OyKQk=W1oY+T)E*MyHEFubM!D+P;4YJeI|)y)U@^;XjiI1PYbyT`$fXDM!H zzUqF_<$7F8@9e^SdQrrw35dRlk-^Gb?A_<{B01|7ZZQ5_`fwNS0g_JqSMZ74A~ z7##}T0$KLCdp~AX>R;c~IZ=6-GCmS~pFYfQuH3N_df25`TOs&nRk+|@2M<5eg8i)N z@?Ad&jF=Ll*sWK?1!{WRKsLDV#W@!-&0Cf6k-jm^nG^V8fEfnS9w>+R)$us1+M=yW zJuGkkN3_#RueHP1%PH+eC$OF|{bn^@^=GI%r+TiNd@crF;lNmDq$g;>{QmsR43v_;r)wD1&NduW<-fzvRKv}~|~=&Ms9J0 zxuUhI>ywJ7TuXcL{48(E>knN_S@v-7RT(;@7VvVfko^n<iFwu|Ma5vB8P1&MozEp*_^<2adMloJ7INHnipkL&VL;>X*Isd!;!e zZ53h^a8_jKAaFwIokp*oW22wA+@gB>09r>}%zek1aO!V|1%#o_aDqvaJ5%2#=t(Jr zDuVh~8xb07qR?LfM7h2j&o)3c${&rk?h+_P93F(T)}gnOBx_L43h1_@ki_WDr((W` zc2^en3`L!95f->476J)aG1^SPUI>@*_}Jrx{--RK&%MYSFk>^J>JF{#kl|58NFw~U z-yD!gs3gu-Uiol_ouggOXWuXZvB1BuFlqPXWFoq%xFf-Zw1yU(K3vVhZ1hD&$HA!g z3N#-G?Vv&kZF__M`@T7I2x7Uv&_E$P%R=8kYHz-vj)MnOsMo)s_F8)*D3!I4>S4|3%?iMVHdHLMM4XnA#e0Grg2f> z?qhzJWshp4Nvvn4yM&kZQ3FS}zMe8_9NSkEV9co{*WK@^8x{xWn;Q%k^TKTCoGQ+M zF$w!PM^O_A>zDF{eqA)OQDCWEX1P+B6$2ztuMJ43mHBdZL?8uUe%t)XDv{@6+b+I5 zMwKxt%;Wie4M!Z;9j1vH)0rkQlPL*O#@-kay4V^e86GY|RsEXCF~p%fe!ocQ@f<~( zsQI3N!)r5-PqsH|C1{akMR<-v$`Lo|MNy`vzZkF~HNdO7HPLEaH16AG$;UKoxuEZT zknmqY{y1xGSyYPz>K$4jzST+MTNrC>=SM~+rgDelFtYoBU)fXI;EeVM3%3SF9B zVRS19@@eHwR=nz*b9gjgG^-}A+)o;(3T}G)YRF|2qn$5pJza_*_SkLwT@*Fj15Nkh zV9}K`TrJGBnqTifMXvrp3vIJ2GQrGc&Z+uU@4sKH*gO9j2=P3vV{gOAPGx$Qy2LYu zY9ouZ>Io03{jvCCU_q!|1bXSY-n_l5wL2I|&zXE4<%ZRk7BsMrU<2seIWLn0ya3Jd zm$vr|UYH)z_vdoCg3EDb*I0bEyI7HAVjEK|{3rg_$4o4D#AL{Ps6*E8dwX|DYgl<} z(SD-PWAAxB24 zHT%ls@2N>g)B5H~?Rf}~Hq|nLbuW(nO;Fb2k^kTT5)}vgk-Frgiw&hza?ov{BIp2N zR}`@lVW`J0dc0rfN0LYgsc~+Pl}_C5aG%)QDR|Z1h+qF=gGfo|LzjqjQGSDK)Ycwe1)D^DVtE<6p%nyo&vdAIxy6?Al{U z<_YyB=+lRcCH4N(4xFDpMeX^0(!!1$KxB_yJAi|U<5gfX?fA-3grc_*!lLaflDOz{ zpWS2J-T9^bNwge@doVnt$#I_#nzsf1HqGbMxGb zf1yh-r&_4rbdd~kLUi+-pZqY>3%dC&_yN5zD(KC=@9AP3K#*D|??xor#)*bTAO=bs zSHGf27sO8G`F?R9eZ(-Tz^AYdKYw;P4u$ou-w4(@@9itM`pI~2VW~b{?>Qc2mHVQ_ zc|H}U;t5~6Q>Ot~0 zpHR<1QD9FUX zjxpV@=VKdvy_4@pXKS9V^tS66OJ|EeF~-lDe$@kYz$dmJQ3#9=ADt?%jLJ3Cchwn;?))03`o^2<0vEsP{s4wM8=@5IBNTDb6ZGB;Q}$9O+Sd?n=Y&>r{k?yI?)SKl=6(rX{SQ22r14KkVf#Jp z%AnVWi|$+C^W#+zr;-2eJ!OR+7oKqYuW!_UphaKwN2w08vXheAK7JS=%P@?HF3tu&>`vGbBWElJs?EzuP0=}Co3^vSef{|!9CQHm z!}SLEepDSU9ov@r>nQIj#d69tZTTSk*=RE8h?IV=)513cyb4de6Mevg_WyQbUl^&j`N&ko?fQ8J?-)UTaKV@FW zT%F5a6PSw-@gv7TY9H_~o__KpuK%@B;`a5M(^i>i`*A#dqvyWdx=XU`xei_(W$u_B z4R{OysRo~x5Dk0D*tsQ2j+EkMHINUhw4>B+(7oS;X|wiLQ0L7b;(FY#D~u8p;mN%6 zg8Gz`9|UBvMzIeBax|ir5J;^GyN|+gdnW@TOVm`l_l?X$`T%E81|3-##K`*_f>~d- z`>Q9L^^ReZa{RWyDbs>nLOkU*re$7j(R#T!>0zA&r4irHHU!!;_PJE5k$Wi^wSVA0 zVCV+YC)qFWX!`zM5@RM3Tz*1tr7ZCw_A29>Xj*2* zu&ERESQtdPU4QTJwP-r$vBNw2`j7WHZk=eHVLa=T3h~7AsUEqd6wKxY?#s((;Xiit zNlM19F>9}_H_|x$J`mopfA{bWAi%Q1=XY63T|2J-rnfS++l+pt?<>rM%!YUkd+6N3 zk-GL8)2Ey$GK47UgIW)rU|upkxoF)m7et6c4rz!4RYLm}gK#-ex(AH<-Nji^LbWDa zwj5v7i887)qw3;(EFmUOh_n`A9n?8gPYnUfoH>+iS}x8q5_ z#Ek%c#<04>y?*dd!#JPgBll(3#05&P5r`Uw!b+--M)6ps!maK1Nv@@@!1*=~L&!`5 zI2lHUlU++YP{ymllQ=aqB?g+MlFkqQ0PqwZ-9)fBTzumA^*`)y7}WY=SYxle2GPCr z!&1X^mPIRQt&g#x4-tLBy);N+K+e}P)Dzy6c>lf{l2pz&?BDhp zh=>fzLB-mang|@5sEpbjMIl+=*9!YyYTs9z_5pEN*9>;BFwDKCi?!d&d`}9*Tu1zl zH7UJ?BS1lvo&K7BFLJi+s|XX2%v3F(h$C{ssiI8$ftR;26QcqUi%Ls&kc{LL1C zl7xI<>bYoPs$nOQiA$5PMSWdW%j>!siT~?Pv2m3Q(VH4qmw30jaf(`KI8sOyq&*mN z`STp45!Z4oSBN5{>b?$q1C}u<3{a(EiG!IsKDE^9RA^=CzH8v;`SSnFey_>UshM8v zIYt5()i)KX=j!+Y*2Sj!y;72TH>(;{u5lOG(2)=4uTz<(_zLSiKggEzl<|y7r;!Gs zSO~uDzQt{{+Ch3VoHsi82Sa{9Sq8b8l76+{>r0qp$aIOh^WY)-)~Y5vRqyRs~ZSXE!Hd0KwyVdLwCDV}-ZJzI~;C2GXxLk&fi!7HE8R z(Ny5OYZA76ZBI__1sbg7;qcAw7f6?yIv|=qIeKh+D7htNah`)t$0qeTqXnR3cUArd#Sh}ulRgob2OCb4?3=$=2I_@Y zeIOuNu(2BLrq3i;#zpdhdcJy4D2LnKbL>tM?u(|74Vb9RZy&+m%lCmAmiA1$?5#3B z_uZh_U68fM@1w$p&aKZ}U_Nf|qamMj!HG#V?x*Vh4pbYY#C-wUHr{Q4rLZ}qPo8iO z#S^PSWi657<@&x6eb!hoiwf*8Cb4L@*ivkr&0M=DPI@1dmv)j*kCxO&rm&%`dVeo1eDpL1^H~tKVuX23GU5 zyGq|zD4lrF@jc){%#U{dKE42bdnv2Ku`hNHMt{_~B+say^7}2V#P`jK+V*@#JzYS0 zk{YyEUt#q4wEGlaT}>QDL|QwTh{M9=+AU4?xnu`Cc%!^`(4mdn2p=>RzBAFe;;|O| z=jUQS`m@w1&S_tAF5w=|@!z#Oy(pwsM#FlqfqZnUSru`1yXR5+?uT`_Wd~x3Lfa(# z!-}e-tLlTi4;7|;3jlsR?Auc&SN2!B)ShnuI~(Yn`8mv0dHi*r`@CO&FxnJBRVDHF zz~{(sUKi$h=9i^XF5-C%f0i3l^BYO{VM2&%LVlb@%gRx{xroiu2tejNIz2vGcK$&5jD;3W16=W% zX}7tq3-`fpwEOv(_u|U951E0gU_B!2I^0qA{K6#f1J= z%up_KK61Ko%wgbry4PB&-wj(Z*df0>7K8hPNjiC4E0VsbIEm0v?jE5s;Asx_06PiN zMFY9rp1El4Lr;OI56QL!Zwc1@l?zano!`Op5Kq;STtu8A0ObOvDR5j8YAb}XV0bXR zW?*4uN3D^PqCeE>uxH6Sw6k$aZ8NTkP9<_T42S3Z_CefoPu*+LZAt8luA(^aII1T% z(J#-%J&ll~vK->};+j_T3;ly8)EUkKEv^p#nR?1Y+!Hno+BhwbWr3o@WBCYW#|%Ct0y(nC1W{d z+et=KYfj#K+^@MmZQ)C|vJS4039rqUT=po+&&p3)a{*O=6J80aK(V122|`YfG+Vpa zbzT4{W@o?T;+g4R`(kjf9i|jXmT<~4d63+Vi5kcrgNyVXL*dMx7}VO^TIHkkdVx=5 z3)MAAlLV9Q(ZaO%ocrn(!x7}<C8g4SH&(1zNNr?vt4A8y_!%g9d6pPjpxZ zdb#&F?V3R#)g@k10t|xoeQN0=1FZ3og({4GzM_xg9?NhijGCZK%YXc(>O)f;ubJTM zQZgf%_0@0ehCPVW%!M6)E8MpZVA2Mu!(rjWrNdkJOr=gW*TaEcx><_$kM*TfuVzvt zy4`#`gU-6=2g< ztf#KPFV%?qTL8ifsLj(n9b2t#5^f#!$|kor-Rp#w!?~3jSb5pob!BtInJmM z!nx)zWLIgKk-l1+j5+KQrQEZ`&>~9imjxcYOEyz#o=1-R2t51-uwl^J*9#xF9INkM ziCraj^WVRlXnfbTJr(RD+VlF$XV2q@<}_e8!WRz+7D0qyCBxvEd@6g&DQ^*U5$*)^ zsQsazr+dF|azC}@y=)V1b+gMPRPqfX$an4m|30n}Kdky8W`5xs*&K=i=JT8cHUFwX zLs(O1^N8PZ{(g8;RIP3ad;e=T3%RZOVoSsZTJ7uT!8S#YZ;A{(=V}BMpE7bc$X#}A`e5Ct5;&z7rmPyAHQ1rqU553|1$mmqgnRH6TTy*Fnq zFV9t8qafPqQ^@9Jn=DN}QIrv^B=FSBT9{0gCY~&4*2#I+q|EWNY%0Jgftn&>0kK?J|6&Cmdk^g5&aMhrQ5W*K*i-$?Cp44)mI7H9`On*UhiIEcFb1M(#74l9?=N&RN+F$pDpK^0q+z;9%&hdQ) z%dV;q?}3r2pyo0!O`ER&c_%a zYE+VPOmNIJr#dJWU)wC`?<*=ZYVrgAkm_9FktkSZ0}z*0wQ6}1>|^E1jiE*xtM%1; zm}b8|d{DBIp9Qw1a>RFEicI>Wk_YP$CHxlz?9)(dlS4;b&nXmR=Lm!;5Qp)i2!Z-C%c( zL%Fuj&64WA>vZ(RIW8|ygYo}%vd@{WXU7olIXJAVig@e7Ve!fZ7gq@V^08{oV>b!c z(62B!ohYRnFSlu7&WeLf@o&GjrH5tQQ}XTh-lr&iWn&$v5KAD4uY9N%lQqO|3JrX) zQ1*dpQ1aQM;*ZQjsd}YjwePFXqI8dGbHLyPe-Bm<*Ss~TcK?8@%UZB$A+&@30BWJ<_mRXu7JT@cZ+pz9I)gxj0ey7~~mCiz3 z+&w;6dy-bkqX9Vfa_A*0gZ}DSI8A7QNywDdYT<4b#)q`h8hgB%FSvW`7m}LG1cRy1 zm|jtCVZ&!^K--bJfBd|BzY`04RBc%I9ANn42MK^&-ZCp)jY}_^0sYeif=N(zPHwp4 z5Jt!}H&v;D{Dk7m1`ol?kkm^w61(a5wVWYIU}uqY*gUKa`jCUx5WnKOfA|=BIaF}^ zE8F77BXl4Q%hX8|df8Ey*ZwP8U-B!;S*S~&%VX|I+5rn`<7&!Yx;bGErQy;a<$c1) zZzy)0#ZQNZW3KSlbsfcc*}0_9xC^Y2tG++^!C6pNJszs@LacTY8*e(?SFB(7_%+9) zfro)ArcK@<8SDhmv?H-J`2M@o&>n&E45Y9!7*z>=0+1b!gZ0|xCXgfSKPMi~+Fc;8 zAc}ihHcB8H;dHw%s-{6e9N#}~E4go)*NY5*DNq=9;8CH}Vo!vSzfmn2GM$(V8-~FU zbQt{`y1~}HrkATz3Ec5LcCT9?KVOJ4k8cfiTy*VjRt$FR7RvSA>FTfHFzPL-ZTbYI zt(V4L45q31mi+7{I-2)BIN%Knt(N9xJrDOnv|wO|B=ZB!&4=#TSA=(He*>NCJQBZ_ zPc@^f-GejiP>BPWZzK-057`HxE+j42CX`0GAH2JV$V54h`aOEI98rDkosu40mW6dv zMex^ea6F>PPe#Hc&&DyzG#DpIYT`&7TF@qFCWtpx;qD6sPABg!5~7l z8(N)Xrfn^V*h}|)@SkVm=^R*VPp`J-B#%A|BFv{NObF9pzpb5Fwja)=Ldhr#`}z1{ zwebYwTNQG-8dZ5glu;Lhs<#T|`D-eSz{w>E4I^@EfWEJxWX077m#{I1StUw`>SBm%@eY z9rxSydHqt>>|Vy<#m|MM6~lBIfnE{x1NN!2`-ajr-g`gYFK?;W`}Nkrzv&^^md#lp zpSqt!qyJY{O*e!}^-GS9ksX6xVv@Lc7O)AHyNLQhd6tzwQ^#cuumWN6zL`bMV^T%e z673XRUXt&@!7A6xgrNMMv}>957~u#pIo}08HBfy;XqBqd&Hh}bYWg@u{JIWXCVcCC zWZ}OGoh|qzZ^2=??O;mSl!Dw<4R$tFP-q2kdV2WPewOdaRDqUdR9mt!gPFQ&`uAhj z!jBMI;#IF96Jp3%zqTNcoAjLxB>>ak-#(d#(6#yP^d_R1Wj*HpA*9p0vAN5r<1H7c z9S2=^TfV+|Y^qt_PQk-GjY^E=`Sysq*ZM)2dOfz@*fJL;29RYJBrpW(k+y;nql^pm z^;%qrGu#qm=E2N888Xl%9|A zCUfqf6C+T6lYL#To974-#HeXSP>{Vr+zd?wytJP@;c4^j30IGGsi$GVjyw<)K>UJF z&k+7%HSwq}XX$euyeb(KLLrwridqwdt_wMZM$MV*L?t>lV*7Y0JT(bt_Lt@aTD&!g z5FHo(_IM@St}pdCxfkl`I5irUd2A!GE>>9z@2A%VNr_}< z&|!c^oi2FCAwM0y3kx!_@J@{G*)hb;`WW6#474s2;oh{LVYykqM}8jNA?1}6ja5_; z>H0B7p^#1dG@8_S702&9f5gJ|c7=Vd{V~;5rvTV}wqF>a6WS~06P22Qu>K|YQ}o1I zudJK$IXrp-I9j-d9eIBf=V!3xnpGRq%(8)698%8RTQvf$hM}bD zExS`(BU3WG-91?1zV2Gx9{L(`&l7+Do>o@cOe}Kd>$BaT6u168hTx0JYmCtHbosb0n|q5o-|! zEf!IT1$~z}Fh{Z5O}V8y@o(b`Xc_${-W~`RAyyyjPhT5z9MzJyF=Jgo)qFiJsa-rt*q zIR|}yM@UGe{-Mx%yBEsCeU5rJRFv1@BL}h}bC*{o*i&dF6ugX1s9?@z{1JRCs7(!S zwqo(Daj-^xiLd@TXx$tq@mE)b<;^_LD7~5TdsTiE$6S$=f0eTk+~)8SgT_H$_%E$o z#~UAk4Dy)IyJ$;+1j2X+7)Dxw<`Olv*YcdO__5b2C^hcuY{g5XlFF9HLUG}A9C_jP z?x&D)t&{0}f{9do7VellP`kzty70CCP(qPQ z%8-yhgdo_lP|Kw_+de$v7r>7L@m>f4eh*(u+gHm5B!7^tK&{qE^!zSJf8LD!8pdo2 z_l*ow+ibs?DI7dtW60a^j5wxI7C!gHW;ySXF@0Xe2SrU-%+!g=!Lr+%w^F7&FR&hn zmcaa8;FyVDE#^13vjCFqZJcKrad*?I#(J;adBF|5%Taq025+qS^Db8VJuEm802xK? zuM7zz1)CX{l|J#u*DqTax4(fgshrNtW@P@Y28FHD@?36x>~}BlR;z}01JDWeoHqdV z+-QR<&+CuF9pl`ZsqZ9|PecC~mllU6GKn8SY)tpUXebOYp z%J&KWR!MOP<4T-vd6XR=#WjaHf(dmK9x|6Wpaq_%q}6Cai(8 z1FfD6m{r6B{R0^?y0ml%otzZv$`9<=KCz8j zJ7B}>KZV~_Frf@BOWp4W3Q4x^J7pA7N(xdDN8t@M`HIHo3(OF@mE^)Hq4~|P%X<&E z6I1yQcTdKTqsD@VN=xjgfTSM;1;+Hbe3#+tgVYDlK`7&8m2#^C{l&cBp(cG!{%4w4 zaSy>*90WOjBD9}4c7*K5B7CnvUBi%zoSu=QLevRw5}_&h<4*=BnC3|wbm5|s#__51 zk3F&dE-#vIV-Y16-hL9+nF5pyN^N}Bi~Vh)B>%$456G*X3CJx{KzM;S;T(ti8*Rxz z9X{3-!T8L--Q_!hVaQ#5`2o0-m}ztM1`m2Zd1$`dHtgCui{9T7RtC$|9ue%N7DG!D z9v*Ev7aM=m-mq%h9(&mS^Eti<=chs|dv=g*DTIK3U|71!SS$L$#kTaRI@%)!-%XB3 z;URriNCl=>RfU9{^Qpc1b3fi`kz0tq6!%D6X(s%$7$g5u75x0J9I)!NG2=rv_Ag-ebGTBXiuhiD=9e2~M@fynZFom^N$bLu0w8};$TKNcE7p?D416IU9b(3quB z+Zs=240(-pLR4_?k6`!`09IE1+h7h}N7~!-878Ou0n~!}OTCsm+4OCnDn~1}8k^V` zgzlw|)tN@O)AxzPd{9Z4v60jsy-u-m_`Dn3+b*7(_KtEu6j*-y@~Ot#s3X-l4-_n} zp9j^wDVeV;@;wfFy3;9WvQzHFpAR{)@x_{5G%pX*U>lpK@V;201O3EXL;d0lm0@cj z&BsN~7WMe<_Bsq8;5f_pvN9B{ca(`e!5dj8d*jyLFx2=5)t&ixI|(|fJ@@&##%cxZ-4&2Imhro$=y3&;zfaeG)uUP6#Nb{t(TR6y5O8!Yp;ZS>*N(bu8y!hJe zK*Y7jJ4z2oqt6yVSLi!R-{_t!+Q-%-nEN0tmhyu_f7u}mg!0x=KeNr|S9eKTB@OQn znmp|f_NCunTb=fhJVW#BYkjUF|nt7JfmhJN~OHed)~8|;1#FK_`_C?lU(~X ztI6k_5y2U}#IjYw?VMs4lHU(cdG;*@zMXd{6zl`&WC?oFqean5dz)1}Gx%kcoq3Cd z(k)n7vbJY9v}jl$*o%&OevRbmDesx=KD3y_tTyL$S>^k%Qt<5M&*-7a{?()e6fa2j z9ovw^=$tE60())UYWC2iQ+H?@fPpTrB;felQ5#BDv^pT2>(|sA2t9_!+D~IG;<-T7 z>RD#e?Oi>^r|f(nU~qn4X$(h4r@w9NQ$ZV?ji7no?uT9rTe~2AmmO@*A2W4@G~nx) zA)qd$bLbLSuP5i%+kvxi@H54ik-hgJ{(<^ul*KT{gdB+;cfw@(w^TEGmKLVJovG0%udPl1OX=l~1pKy|ZmSbE$|qYCe+G zKsYuQl1twQp(4nrksN6dPC9gqDzOOkzf!jn@Mf_;54Tmz$Rc%poTs4r(Xs%uKb-uQ z4i%G&zj{&o10${k6~~da8<=b2EoP9@NTprAyXc56t$ZxiYfPEz=Z{EONnCGH&#-hE z;c4P|Yu`u2v73%9QFxo4@LC-Q$?Pr>&#e6I3L*~I97pqbNZ^0uu~-Zxigte&9ErUQ z%qo4Dn2`8U8sDFk%x=kk6Q0+BEH+g#+7(jMT?;v25dbI|uB)ROhiIFZdzJ`CVklT{ zA5{{XP56Gy1MlkKxGI8%62X`_D>U>vK@{JIWp!eMLTis2mA$Q$T#=^qddgPF!+`o% z#68tiAvbaTl}BClp;Hf-I0U1v=REqpiu5NITn>(xk0k0%(VtpBrkv<4`KdB4kM1yy z4tu^E=RZ@#n?0)^L#og3cpFqoZjWRB%vEceiMSw0M50@N0QN`V#j^?WDka)T=3~SP3ye@_Vl?Xyl+B~1m?N1YAR)lsn)JG7yHyqG zN(tFNfaP6FGfB83WOW)~PF>F|*MKzm8zFFgp9n^$=qG@_`{f-@^3Bz&yp zx*)Ast0EUJ8{2>UmicWjK5Am|_>ja2WsKvRv>5*h>@3pkqMu}b52Ljt<7SfLzm4`PY-Ihx!-+1smLZ<}BCqN}eiDPhI-8P*>&% zD94Xxsb&Yg$nau22H!sFIJSYCYRA9;UgI70Ngp8>J;<*VVFBc&?v#8Ap;8^y_>AY` z3zMNg7OtucHw^?=4lcY~+W8*36Nw#iQ`|V=bJJWs`Q7@D+x{MCaPhF#u75WTsIMqq zgVwLMxoKzO2fZf5#ilgAj&`wIiS73he0``Hyqotlev+(5;<|N|`nPS|;&FWues{Od zOGk9DG0EsIp_=b)mevo7Rf$xXq?|~e1X^GH86k(~f1tO-94g3V)tUW;YQ8m0arCKQ z^r2>*`}uuY0!|X@%je<1ETapKOF&NC>$hhQE_lPFdQ~G&?h8wiO7OrT7Svv^cSW$j z3`A&evUM_&J>*>*WC~JfK^Q$*+cFfr^DE@z%@B8xsWje#+trF30oy#HDEz88KyK=b zJ*<`(`-DafcS6}87~~}m9}{v2n@!>-o51$N37_w*;~Ut)Eod$};hv>jmZATzj%Um$a=+_*wBubhwV>`(C;R zxU;y7M-$xDv%n4qU>_a0?>@d(xH%I~@Tfn+c;ox-N(%c+RKUwUox86G2j1nqrdLJ@ zbHvm97*lOCu~F zQy{kNuQ2!5eQJ%&6rQBLp7AIyj?;_>+k876TGB~RQb*?-wlph~>e26)cJ!mFR97&V zWsPmffux6iEny>+vG%du3;_xdM~{GncU~sG>r!ujyfL$Jv*DYl&t`OO#BF(QS@Wy; zvnn4#Ss~tB<((UIjUM?Cg5mP6P2&kXh~46IFmFb40%A=zPG#F)4CC}u&i7D&Jzi%b z>V7|dXs}kSI3aPD2%lk9BQCqM{!s*cW zcfm#nJsr$_b@JSq1WUai^e4<%yX$yYwo9;PzuQ}r_HBKAF=clyhJ_UUb{kB2;aF^3 zt^7l7&;Ty&K3x!8El$2q&YnVaooBXNF_~gFW6ue$Ue_i#O2KKMbY3cCUc^}Ph|xl?QML|9SU_4 ztNU9-vUKdDQ=y50?ha)sHs&dVFGV;`-$Q<4UG>C=`UT1ymsh5hmuv8OoAhon%uko2 z>MCf#NC{kek%6PSKiza^R~FSy!>Kc4; zxIX4b%~a2Mx2Gk@C^fjFB1b6sA44z^nAxNev(KFe)J6iGSH}FMm(|txF*KuN3h3x=w`huARTIG@5yAv6oDIB31O9Ck>}} zL*>4e@IJ{&_|3o9_UwM6JrO#`bEiSlF;wH1Ss#%F9L@#|{p!6(NFQ?=!hEQwe}$WE zSIIsn((wrx8z!8@zO89$g4B8k7qi>$R+;KoP5dI|^G>wuEBqS00T3I}fok68m6G<_ zIr?tD^@S3?W?)j{XYKx(Nc;YZghB{xvU-+}EcPQK$SYe3)Xhgat^KOrIA+WIhA0*G zDDbAZXIIk1U-r#g&b~F6nX>suKPlIVM=FbjTEem|Wfo)K_v;3O{rBUL>Z*y0hHszGV|S!=_F)>^ zG78Ela!!6`p(bdK64U3bYH#9@o;>mGleG#|@Ok5=2jg|x zC#BkewBGMFT}5iBG0wKUDVhr<8X9>`2i8a7kUAkU2Dctz4Y^%7caUkP9InZq3R5A8TVG=V;Bb!6@hbHu0PB%-n4 zhm#h=08sK?BZE01%W0`VdGEUnA@l0b;Bjnv=`?=ThS{ft{YZszHSX2EjrhA#PH|Op zH`SFv@aKuFdAtQi05V=rroKLq6EzTX>T!F1o0)a|jYH?CZbwM7ipLK+8?JKxDbV7= z-8kic~B1$#XGb3ESh$DxZp`;H+(8R>l6gimy-zBYNj{d9!+ zswlJ(;-`BSWPUtFa)96IKnY$60CG~T?uSi1XHyY)t+KZ8-h#^iWqMwJ??ob5lxc8k zOtt|rSg_0D>Fd0GgrF^wxGl(FsapQNL}YB|TcW|%;fE4TyEo@0P1Nw7;1m2)O)`#3 zudXzd8H>}#QlLOWvotmDPUMFrPiFWCnnj;IgI8Ui_w{qyogoq%7el2|aSh7jC#g`_ z&@R99UYXMkTSyr4z&QnQ*$v6yOkM+sD93FA#3BIB%tF)e<`5p&m6w;pa?Sd0ie5LL zL#YVoIs8Q1#AB1JV+Lo{4&VUDFgIvRT#I?FtZOcv@iM$%@E1eg{KqmLoGRI9Mk6>B zi}ov~7%Q)VLD=E|6!R8gcmo6LsZ15@GkNV<_3R&h9Rw+% zKyAN_grIzlI2((BMNpEaE?XfTmNiB%!*d3Ql$8M&bE7{&iCrrm??=*GG5Lq5$6w(F z?x1jZub!v0#W0FKM|nI#ya7x}2L`Fb%(QV>#Sgfajtn+wE2!XY>DMucGET5ViReP0f%rNdl+uS2+fgK6k;%Xl9T&QZ9zWH+Ah3YNeZ3qCU$BO8x54`23Y zh1wK0SHmN(t>G~ZBVp7v zmRI48KYMG+bRzPX5GU%TsDJ!ZJhycO{8(?WlJ+ZdU%4?*sftwW$S=m_#il~xry?%Y zBy-v5him_U4wI>*oF#;xzS_iu&ko#no8HGzrGJ;xL1u3@-Q$pHAD^Zms6nsSNb@EA zeqbHmdoSN?(Myjo!Z~3t+qkgYJihrld~yI7!hsA31&#v!_A(0d#RJUV^{x0!-^;V&<{?gObTt#In_Zhm?2Fn>A82;fBT0hc&f=IwFVFn!@0 zFfQ-t4u``{+sAg1{{)^$BCohbd$f`FEzo5+zfVJ^Li3@1z-6d;l1uL?E4+uLXTZH3 z_1^SC_ZZDXAcRsjHRJI}X{b&AUi(Ag-HewYZ{;7vhe49SiUlX^aXnVqp7P?mky^M% zwHVZ==iU}Pd&Z;oa<=rAqQvT5rkKESVh;QoC>>Dl;mH354YXsD8wE3Qf8=KmT5E#C z(?D60(v5bB!l&srXAQ{BGrFAvJs5^DjJLE)2B`0257(Zm*Xi!kCq-8vY^6Pf`KmbS1i9)tlPfNBNg@Z zRrkyM0-_lJTgBt4JxVzTPgcocU&^oqq$&hICa9tZ+DMupzvb&tU8tc^c{FmJG0G@Q=aW zq=qkG{QEk%bj}`#R_9g^aoaDD;gGJ|=i@eh1k_pMf>^h%*3jxN@hyd28nXZ~(&G-v54us!PxdU+=FvIdR@l<}_eup9>C#G*2WBpkb`56U*7x&V2vSl(*`wVrC+=^=TNF z*EbUtg{!sKDEw8)Pbf!)!Ul7SJejgpJVPU%x6<$sZsfyxdRhIwbn_+K_W?kzkM=7b z-XPWF@{oPxh~;jGn=|LSm&+vds_4asuJ~5L7aAc^v%wPiu2C5aKZa3-s@Bka-9@fI zD_yXGxCJlQFkO_N!>4g`#-%IIYE#~#QufL!UbjD`<_+v zeg;NO39NWK((q_b$It>a#UYlyHl7C8_0S!-DUut6W%xA3%S$oI3vEREh`ULA@oc6K zJk7Eb>B?aqh;8IlDGdvlXEv8LwWi%+;{%h2T2!+gi`cj-K_TUyCPFD-i*uQ;)P*TXU!|#lVf0 zC;xZS;ZrNO)`mY^tF>6*tfck~|8ObsmUSp8K&=DzT0lQNv35zkD>FHayIuW!H+ylT zuSohcD9(abq80r9gmEVNDv4;SA3mPLa9~>naZCm$UWY-R#(VymCHAt#LzrPbK<#yK z6uThazpug@e-31+hT|f&$sZ5Dflar6B%v;Q;Ndt^5XIyFivQGXG346!Gky0!H^0dK z{sS6n|1kWy$4AysvBOu7I>PxhEJoT;i=et!`#MwL$URkJsDg+u34RCzf6oLY{aprLqs133sTN@gqC#19E175kBm@6iu1kRQV<+c*bx7JMRj-LjCm<|1LL30D{*? zRkc-H;4qp9nKkI(MF55;CGr6786|K@(UO8tn2o^S+S_iQp%oJ#AN0Tv&olqyZ11$^ z?5MPsMeJ?l6X8>XG~1_$3x_v6=|?=7js~$3zsJQvo`KuHo&S^%J=ff)BWx&NAJW^e z7(dBSx>*x%pVn-!R~nRU`;vta-=~y^(G=EU4f4nMx~PnK+@DT$-JgT(U{%+YNeIrL z@y`@M^Ye8DK!qz~3u7Mq%Y;ab_A$V!>qZd{(545(LU_>bQGaC(0h?xRlMX%w@0<51 zm-4THNg&#@XyY-LG+)D+6RvFmu@#0!vL-!|Ykm79`R&;N4mR)d(_it;`O?ZoaZuvv zk2MiIYQTB-jYoCCgAVXb*z?ET*>vB;OAz**B?|Z^ECP}<9PNq~_BeYjFnYyBNEJ*C zX=8j6#C8%NT8b5as{xN}uPuxCiQf$M%yhL+?^AiMlM^%ifj2AaTXZE9vgzM>EH73M z6=U&w{9@f64|u8J{_yqZ?78PjN(gMdPY-EdE8QZ#9!*b+!PCzEQFJl&TJJx-uYV1BD&d$8NR$qAP7iB67p1MtV)Hr5AjX)!k z{lO9bep6oj{{19mO86cNP|wBrYn(#s!6OqM z{Mp;55B{nxBKs})l_kb^!KfG5!%BOIZ=Y|U#h)PsUuT$I8uRDFnYsHDQ!o34z1uyq zkg+aw!a(oOC+~Jh4Tu=~SJm7<*!#ZwVrnP+um0`9yzY3!4{o|Y_U>Zg>m$z2>-|#f zvrj1a9w~Tb80p#PWmhlOIr^)W<+4;4^ZGfiVnmxyL4{fRrdy(&c!3|S1DJn20sA#~27`~|=q)5vb&B)K> zY~YHMM}2;S?j^gg({s{i`KYKDv0*Bun4V=JN5M1T?`t1qKW?8+&G&*ARv&!f0@Sv6U#_@N<^8d^*zM24q})^Zk_@lm9+w@OXbL99|;eEUs!6}2UC zNB3{4;r|%GmR%bp?T>h?nt4aZs|y1x=MsTSWK|PTScV|^}Axwop(4Wz)|@n)9I{>-Y&<@e79Tsr)5`u5(r@~*%W_SNScZQpV~22*rycPZZLomD zOMkY!UWZ@EhVIfdfjlLeRc=!t?wPcPQUFGZ)W8kmyQ~#Ym(@HfJY`l6ocrVtfQ;qm zefyR?ce~!herkShE`P4$+_qGll77Tt*dm%{=RRD04V6(E?kx-xZ2bP&S;%G#z1PKZw$VFov=!rYLqd^hJ244v}ZrF#hxGXzO(9ZyWPV|_J=r6*{V7{`OBT>8_a z=HXuV6xa$eZ62wr1mV7(IO!VgujZjtM#lxW{-O@7^Hjb98A)deKM|>=K4fgHUSGjq z7ixM2wa=XH$}Lc!`1QBWU=ZA1HQ(sM?5sbSRlo$Oki_MSzw9U!oK+#c5p_OLLmr1!am+UzrW zt_k%fXlrH9P|8MR2Et(co>jsutxwuTzaMnJZ_vfPGoIu=56!c$wAqvHSaUQJA6>dN z2VJmkzjx-l)SGKBGFZjmD@KfXmOIEo&9BERVh7&;fJC;je&qmOU!ifD|DD z1vJ=h8PANEY|^QM`1nFXX9;q+gO~9K{Qazs`(s)o8j?8e0brPbYvXi;ERcd0-To*1 ze-44$H7VYsSK76EHN*~qsFb-+V z09)_W(C74}2=1xjtlsm-FEg%vH!9D;dq8A6`ViOcM+BBVm6>|q`1h^jLAXu4*2+>? zratIpr^c#hieMpCGr4tOIa zI!;>VL}CCh6au%4D()*mpjZ0qHT0>h0Rr09DWvYKe-MNS;BH*R^9@}T>ke?=*l5s` z5`8j`&=O>)ww!ZsYwh*4zUQH0pN;PvuHxlkv?lqrOyP4)#)iZE7P1f(WoYPnbo|G^aOQq750yl;QfII?=}(REF_RjAsv+trJV7r*C65IUH+ik-h)3{loNYn(0%_t80?hG#cg&w+sz z`tK6@qA9%wDMmb%gtk4`(Up6`-V62is!pYAO$VoRVG=Rks*fdWcKA#nUWfE;Z|F-e zt$wu6_z2MPU=T;}VmUY-1XM?&>deb0_U>T!cKschh>*}AAorUAPJ0QLwdZMblJ$MJ z-h2ax5?I6W{bEgu;_+Ai`V-k#wrlR=8k(JI3J|7va_H0v+dKFmF(WE!|pZ%0!WSh7W{)J!E#N zk`pZBaR6z&9s~uEcH+*G#JRY{E)N^dD`0&0hj`!Q{;k3DOya1a4W)0dD4*9}Nb2O^ z%Z{9`Qa02hx6sKLhDsHx-;z%R3G4lSva@GC*{aZsELy@cs|{;rz6lRAnc;yXws0Mv zXpHmz43@8RglUAL-v7KbU(MM_(X5@uCN19b4aYN|a?JTUPS`kQvQtWZQ1g>~EGkoo z5r?}al~CVUWyi}t!Jc-n!rX>D0~;`qRxZ%HOQPg*exBYvK(c+_)_9R5{^5!~w_E-) z{Y$6jF&{9?@9=?%cpe3Cbu?Q;CAT){x6OKS9{)N<;`AEy=uxO*{Zv03+m(6ub}!e5 z41)_B_lObsGcn}xp&B?T?Q`x#5!CH*daEV~6PSz=vDljV(^VZ!<+AO3uF!C)kOxJjd*^{{RosdOI)lWY#heH)Wb<)}pq#mc%ahDkp0Ay1qc;x)f$ zZy-M0(;+$V6*4#?zx}a}x_EALzDce(@&WHVn5%d>)b1Fr|0=J9jK8QNmvfd-%I}(Iod0^zZA!102jgw(?%?&0s<6^YC?fhF(SGgP5) ztSDA?d0j)wjQR~QwZ3Z1Lw0mi(#won$)9>xyiO;pq}D8Gbox=X&}E@f1!p|}ZXW>y zj94Qz^&?$BxiwF8*g<_rwf<+B@kij|>cIMS&;&zu*BbVjsJBqMOoT^Z3@QmD#$!Z_ zo>A7i7qSprAntXSbdPrFT_I;c{8H?zekSq@I&jGs2p!m12#iAd4dl9R(73P_^#&-& zqlQbhteVq%OkNgBOs{x4-;VG%nkLePbm>y8x08JmN~1_jujNkT)dzt%$RP@ISc@9K zj^gvRzig1p5D9*v8LaNTAE_8&amf#Vk{Wxs#CH9HbQM3iYJkt z#o>{8EjQIJ8DzU+B8r}wz#*k))Gz@fLVB}Ab&Bgo<;5WyHo7(FQ&q4Pk^Gib=mWLUjTcy`=2Vs&Zd zMqhy<)NIR4zPVn)syIlz$4kN%tj4o;1)Oqkiz?HH5v`!R8j0FIZgf z=}LO9{f9`I@H08(&DnjTQq9i?=sWx_-NWgktMRZY+?r?3gIN?RvI-w8T$c2NY~XQ> zn8S<)9N468YLyx7aXs&iFPD8(gCA7F; z>3#d9gqLVMxa?Cp?)!=EMxRWA{f5Cc4wo>UUf28LDf@%jKL8VHhv_UuuF`z!Nc>*K z1--TT)^3Rab39tpPfa7eARW%hCF@v+ca_&+{5aWrNWSF2<3sXo{Sb3^`exMeXA%B! z-}a@SeIKIl^Lmk z;ZTv>A=!EC&R00^yeq?gLIXk|ORP#b`K!3;Pv0PlpO1G@xBN-b&CfXnuKmfsB7nUY zWM@mQ38=4#hYM*Heis`WEx91t;t=OPq_n{1KT6{57$?!Z4m9|EwQ7%@jAdJ16jg?u z)}8bJl%^S5KKj+t<~OH=VNcuGin(=H(;z-h3)MJ=g2Uy0Z?^-ua#RrMoDj&+d&DWV z!+IKw*Yn}agF^2})KOv8H7BF1d6`-IzT2WIw$% zBFru4^GYDN^Q9+``?G7z`xnlUr@8qROhKWV{#zQL>CMhTznsJE$^d3Sx2G1^zbuN; z+3~IaNV={qMU^P}OCtG^s31{9!8bAnauE3X+4QW{_fFd)AQV+6>|pO1+8GJh^F!ni zAGP*n;;w^)D!`7ZOv+i64~a3$w|#Jh{!1Z(tGHRNH#7o-E<&yFyWj*IouaYaqMM_E zI4m;0YuWkZ`F4K247!Nv5Q;w%5cST1Q;B!l-Q#c{9>n>#9$Ia33Lqv2KfitWr;Tjv z{`(wS_r$-I(hQ<%O%`i8dl`78??G1-NCFd*{rW3@=O<~aSt>N(m2d{lDNFpKx9r0P z5>wm?&mL{7z3_%{C{pqx;ED^oKs#Ok-22ayUnK*UpA$I#m-Z$yCLD+IuY~R2c8R(_ zqg}qt)yy}c>2%>KRz2*yB_C9(T<*1>TrqI2_?F@TDSTSoK{4VJ8n$OCxJ&)xE!b?f zKnZc5No!>^`TXTn2goj{f7NV4t9PwWDCcL*D>F*hOFT_z=3;2!2g}5$*jRuBeZw1)Suq z{*vq6)4c3!W+86jnGRi%%(wC;m`M7s^qv!#AA8;>*Kg%b&n>$6X&3g%YP5gFDe>kx z!!3ghI!4zzVb33$XAWNfiVY9TARKAlRYn(Rc#DG9G*hje+ae~ z6ou}WZS~79mXET&)7xd*%eTcziC^TrbogBafSEGaZEXWsfka2NE5EzCgSyY!|oQ3zgE3-ITorML*b}Nlcgw+gB%do?qQfpt@FKHd*9_+ABug}XusCMJ|6Rh zyKGa*XoB_LOAipMlH+wydx*MRmP@lOd6(}65l{cdRdoz;%70q^05p6qY5C_H$5K-F zezmv;ZY@zPO}Go#9Q$|bmBWSh1!{#2scVI1kn~_9iWjxnr(2?=Rgp!J5g7kudxYRv zvY7`sKdcRA;r2Be7>&4!nowP$%hIo8-{8e%w&UKxwdC zk+1FdxCL!HI!aH$=g7d4V{64DPpv_Sq~(7#M+aN{5w{eXD2_4^X6c&QYaL*GU2nNi4f=t+KUc zk-;J78L=CGDDB(5uiKAoLNj;21b=0Y#l`cfzys$G-M5OzphIJM#I8gaS-FW8^qkA0 zhSV}=EvLWV%w!hKmtrVWvfpT5RiyDrdVoghFKDJGP4HBoo>FMMSdmZ0ehqDU|2%yt zbgI_YjXgpjABUfXZ1DG{f#^&E!NFrw84A_h8}Ho=$bblK; zmlMT7Wn(m9iYbhzii$U1N9@ftdhOiclQn6KMc z6U^!ndf?k`1*Wnu>e4c>Y`39pRU#6-`b?xUi1cg+HiABRCw=1=OUS51A?Z1%1+dmL z#F3_WxES*Z(g7#-x?c|>a@P7tUA*~y`!UDm$$x_~zB#~A(}In_B{l8`_%lU$Gg5A0tZpY6@UM5pHS8IHTjwm-+P}@4rOn!%H zOkge3W|wtPT<7(8YaQ-8E_M5c)0v-sEQ`Mo;$EHxo+66t)jK@D+KFP`HRZcM8RH0s3zy2Ck+rP5&S>TVkSCjlYE>_AoLO0((%JG@K2=1WdOXgDF{e)S7 zIrg?kDD4Wj$oRVDm@EqH4<}b~X!UzgL$Mf@+x1bd=N_T>MSQl^WYc~Z%I$2JPJwEt z>gB@X-0S{&*!s=L=KMK?5d*NEx91mUu+Jwz^q#JDdje?9cJ!-(jFy;-&a8uU860#b zzKMl0Hjf)1+E)5WG#FthTUiM1Ar>xv9s&@Z!U-PbTW_*p*)7JUnguH{mzOhwTM;gy zk%YqLS5HJ8rN|@+G=`X_xYtsaT@Ct(c2HI*OTc2vETZRed5zrHRKlp{AwCTreZ%7_ zi1m=HxEMV+DhQ_mu$8uG}ygvO^Sf5ZCKI5U??-fnI;>#<# zB28rd-5;80a^$<_d|;S;N#hzr~{FnZl53-`^l65a(%y@n7qOk%W3%K z9sd|O(Y;O@Z}99Ryg|aH>#J-E56T$<2(Toud*+s*?hMqvVrL}R*o3>iOhsRpW9UEQ zoy!D*WCh7k8I3F$%EHlXxeP%&D-2OxuetnIbueyb@dV8&NGGjiA}gmHGTY zve&Dw(j!+`l0u8X6_LMdq$~^fHx4u-#wck#?I-;ahxCX z13L`Ku^NdaLUlGAA6lpR7eSXP_xT?SL`ZIvrK1=WTr2dvH->)2LezGty8?@e*pmiCr7@97d3x#W)F1b`#gNVe(YO$GBvRY=oLKLt|2W< zfH|~RPHp(`65P@i0u;w((?!imJpcCPZd#R-R&rJ@J(~NJ<6iCLfjuUEd4^H@(Ah!~ zJlR=&2)OPlBr%U~BG`1eVA%RrIQz}u?ZclzH!OwlD$;d&uAKZ)DIt_WJX75`;3GXR;QRX8 zUft#XQ#2rwEeN4(rfq227fx_#dbf#NV!^6UJOZk-#g}1*fm3dzh!&OnR8GRY8IEaZ zO(3X80Yg;e>cacgNs#y39!E*g2(@_r3S4t~ij+AP9$r!$mDBVI*~DFvvUT@6VrDeJ znKE}EyVgifMsPT}vB_js+>L@ZX7zsC7pu39$>S5{CtHi7azo_>7tl#oK9MxIo``rw z-?B5~7w0_|k59(99mwAu&Z8x5=VGvL0k-_wqP(qq4W2C8gejlfo;>5HkqH8;!L9u? zx5lYl92AY1M!3xH=EA`Oiw$gk(jo9PU7IrDpTo!e^%!OvR2+GZ$@nyrfBV|@^q&iL z!7s!EouiigYV zegCu?ErYCz?H%TDKV*sj9&0)`dd7WaP1ZR{jLV$wP%R3e8eOr^ zxne{e#MIyU$3QC^spJ`FdDJdXvK;ki=Ft{>TUX<)cgI6}YkTbW^109CbAS8~I)IWO z;IT>9i*J{M#@h6{HgCJrKmx)B<@Ff;@)Jd_{0#x#rO6Ms@3xNj-&HfLV7QasUA4+RXd|Brn`?c_Mh1%_^7?z6Qh}~ ztwY;YMAF;(jtPdjb875;!ldoJcWP}JwYSx zJmOp}zBjMO14g*0G~=VQ!WJ$e#XWsL?#JV0SzUQ~2@}kZ8D?L05x(5zYYLbF@-Jy0 z0g|w<5jxb5DZl)HrUmhUc7xb9pEN&^ogWGh26rnRG-pAd-W;8sZUYvTa5gV@Iw)UI z@81Xiy$FNu!RDECI&P))Qq$8jfOuCswTgvCwq>$O+j%F_j1NS`v+SEOe)Tk-&1h5h z$#?b?F7S^=8E27*=m@^%59f1&chLKOpJA2h;J9h+pq1HAI+>w)`b55nG08L;YWArA z)AwT?T-ALkzS*Zo;MFtMQB~Cjm;bN$zLpsO`-Ct}$;EWLX)(xXtat3GNc-GLIl`l> z$StUEA&Z|m9MwAbma%M`?5G`%X?j*9qKl>HAr(&` z717d#e%_RS8R27cFd0$^Sns3bGiqU<6T{sOP&j;}_x0&p~ zA1vvcqBd*)fkjWW+8z!p6o*D$v+s^muUMTyKf!)0T2WpVOt*XP)5n8>u;k^?7%=K$ zHm%cXU#siJYeOBhSu#TU3KGt>xEG(VaDZnm(hLSF?B%vxt|c7fZ-!K9OaYUxwzTRL zkhJQ&+!tO$wxIg*{TDJD18u!3RDPyYb^7JI^mXmAC40n@0P*~1(1zUhwc$CcC-L%6hf4bxTUWJ!`QA#Z^J_^>A+-QDWZrO04zvIVEH}pw zDS~@SBtx;Vk>7870M#z$b!1^kYs)Br4&<9T?U&&kW>16VZ(0ZYpvTQ3t?r^sk2gg1 zPyCCqSEeLNSRF}Tu9>c#(fibLjYiD=CobU~L44KB=QNx`kfdBt7>l`lDAM$e**rMi zNS#rX<3Xr%SGqcozKL#AeV4QA<3+D@pl%LXyzJo!^cu@{AE)o%e@PKJ*d8(z%9_Oe7#V2Vvl?tEY9)Nl1W#w;hR|h}B$X$Y0~xAu zbcOJ@cOQEZ0p4TWed{RD++j8;^`q<_9#10lpflCF3S$84WyX?~3> zu+}k~;!lAU+}UtV<0s>(;XTW1layY@cq6ER!zmL3DxIzIO9`d5bXeme4RwZFv2b@fi? zY7f^gRadBORM#E3Dz-xT2bj53^?BvK(u1N8Q+c-PnFNf`)@Y}gD~~BH>%wlBmV7w% z1w5c6{2I(QZar}!r?bfWV=pxd4v+oQh)Bputgu3hun_|4ZMaJ!Ly)$)zWfx~Tfn_d zp2Jq@dL{B~1?Z>Wqo(6hoEd}d+28%^S+Dd?6i=6|snbyFGLzi;%iBBT%|kRc_z->` zhQ7H+%{_cam5pibw8R+hYUdZDnZs>Ht?VRdoWcD`_PL!l}y3I*O${H^7R2v97@@-oObmKC6OI5>;z-xFP zdt5y6E}q9$0Xmgq2WH0qEaea=~lKO`mWS1z8`!1sH-4ZVS2d4%f>w^DX|8=tOwbeuhpy`^<#!w2k) zdh1t;PI6i{38#P7r0`Vl)I4P7aPALzP5hcl>$j*gx%4?1)az#7r=kSHy4q($xComh zKp@PM1Pt$Fwc}_^iY}3e&IHB)DI>|294R8qI#wB|k z@&!7-MRW0L?@%ck)Jrcp944Lef3$wTcflxbrx-_c`2?;!_$AK^EY{+9&)R$S(BGiu z972etxly#33>Q82#u0oqER!E@5hM!X@#<L+S?VKwyh9BnJsbDcCT91=4m1v&g@Kn4#IRd5<{flC4aM};XTHmn> ziob3NL#SWv@#eAWlo&$({TUIi`xF(M5LVhKwtaB+Be3m+O58QLp5nFa58He?Cwp6i zrDR$>Qo!slN5@0wiz=~x`k(2luIo|Z2g5l*UuDFZ?8Pl{=ONP+H9cd3Cr$}y+mFp2 zopcNP+MbG?M67yI&p2c8?O|1$zZC`IdRYiu=ZL&Oosa7o>V-Ng8JQTlf{=K4%GAjH zW`)g1{gCe+>^yK+`z;IBNqc^hr#6K0=_ah#cOa?XFAw3$;!R?u5ueR5Vj+IsUg-ri zw}7$T0fv_Jb!h3!Fvy={yX64gho9=nk!d9NRQjwhe%lYhIUC3C<>%0ON9b;aCSSWL z@es|-CwOwaq)8x;z830Mt2vC4`ulX;A9nRJww!U7&UoC!l(^@{tFu<-+sV{)w1qBs z*>YZzI+Ph`A)S;g;5;Z_``uVXs}ve`LcWX=X1{b!q~pF28(2ZqZ+UXXp%T=0&!s`O zrhS^n%v-L%i))?D-SaO)rJs`OW;DXS&X*$H%+Pu3fu zCmuN|s%pLAUsE=epTXz(q&S}~NsaDz!|lm9s#`MZn#q#F;j2+^&^T~5vi$=Et)Hsr z!7eID2`n-k#1IQ`Uy#Spk{q~}lX6Pkr^v=8ytYai8*-C`zTV$?bAh;VXASagJPbE( zDp%c}SnSs(r`(^X);WAPq-Y{dCA)WvNPn-lhPn0(jC<2?Jli_2qtA4wz~yLalhM5# z0Wmg=t8?%IcS;#VT|O3js^-fzR+Yq8ukmsG#gnj{j2p8B$e7G<1WM+p>kY(;ytT?7 zTO9i5T!0`LYP~11IhVH%^;sz0yhAU}_O-82QqfjP3a&_}qe;?;Sp}iD(Jej-Gh^E+ z^geE?h&o^eQI?ye<{P_kkk@%yl^ZtaMKRy9C~XTWodj?<;}KFpu&9J2N|@G?!BWd! zosUYMo~*Q9`=mirT7Q%sR26(Kh6`$I!npPajdh~s*3AAf5>f`$v$Kx4^S@64hzPTM zX__gv{&bH!p7)Z@c`J^ zxl%94X$ZGx7s# z+j{X>Vk=M&8zwZBJETxS_U~GK`1P+jg(jnXOH^G*qK%qEb~c9`vH?)czrFenhcn-& z!|{Y6hRK{A$xuXVO!?A(#S|j|==|5Ihj8|t_S|Ft4OU(;a=wjKN-s;<%+Hyu&^EBG zMc1M6S=JqGbbF)~0mEY%O`gIXeSvUD%A(`pb1Kvbu?zeZG)b!RmEYi8Y%w&nvkPfmRPW!4&-^nI)?YE{3aiN2_10BK52$08Y0SiD5LJ9UW;-Xp-B<8 zjm&P!qwvE1seE0a22_T9!~_&uSJhd7IGVNuwfkbDzrWSDm=9DGyZYAMcfUI|urJ`K zpXT4zLu=-F-$pqahIF~aU2Oy6WE|xN$resTI_C@TbjSOFfDhlS61Mj1 ziN#5dDC1+F1Rb4cij4W$dvZro>#kR$W9;bNv24nigJ^P{ACw38XD>RlJg#*QEhHd2 zJ!O?ycrtPMK47DG^NY4&iKQ{`N^*gSw4Vvx5_ zsEwTz1NK=DRA(NPspuUiT&XM6^x#)~{e1g3pg7;c3!5M>Ph4R>OyH)oFg2fx@nm<+1{}Ek-uQ^B%nTAzF22&8pECCNYFIs; z6{gX|$7_2f`9&X=zI)1aW*jR!QF~E;8hLpMwamze3>YP3+KKsE8%H@g--cth&49>7W_}FBy##M|( zpMUEPJyWPSY?JMNQ#wIW^_X+g$3x#%J)7EP@mH<_SvdM*krQ&N6MaU=#Yb4)L>0gx z131_3@@-cc1DY@sbz)YM+J|D#*N?D-6feG#9Nk#!E6H(-_)UGDVfx_iW5VhA82vEt z_^lD0cogzG-~Bk>D3hmFJ-+VNFU(EJINrl!7cH9nsX~XuO0J#~_yfIE(6%Oaoe(4y zrqho5y{E@cLb53W!UJO($~GU#_aJE3OMF|b_F`Q`j)mOAQnnd!kg7hLl8s1?VCiGG zahvHzM0gah&Jr(OPzAeQ@80-L8Up(?8LL-c$GB8V1ETU)#J=q)e5&b<{!qx0tWw@Z|z{p}%ukZ^U+=&QvWZl4)9jpSooa?N1H<)Qfw^3PH1P zD2F}4e1rk;nx%e^p4Zw_jvUMsecH}|W~vFPPlO4czTuZRSX4ao+Xr7lL_#@SB)H6|7t;PmoxdY_cNX58+f;qbg1=wxrN!bCDCl{7gYXv>nrm; zxUPe_x^-RwS+o9j_^`^s^Rn$ox`KAuJ__S~v3UdP62E$3Mmqf1Tm4uG{*@XQ*WC6j z0=U!5TYea!HVm-x78465qgC;Gtxmd%`^C;_i#;yH!+{a#?UA|D>GN!N5jyq!BnFPi zG|cMG8P>B*%3jhnI(EI|&k@ml9B>Xs+1RhuY!=@0LQq%9$_I(W9*dekqU0526kYG% z_{uVKS=`6No(iS!t)iURD!dPWdBwJfNYOjd1Ax5HFm42Q>{aJBa5P&3Byvf9mbfnn zjl7?iX|>MymUqQXQLtX`Hj1e-IExH>o#r=mIP^hm`$KX&mxv-E!vnRsyt#|^U2P#Z znh~!{oC;qP@?*8mMb@a3hQAhvzC3|ZFIZYX^dX7UR3A;|hesEJEWckxL6fiP_k)TL zXs-8e%F4m-SKoolKYyOKc)9e17?1Mm{zPzuIBI5oK{I4t6eAe?L6f7a*s$CJL^~T#75Jj($BSg?MC~j>O?+)<9XZXzucVV zK*&FA6Fb42Qoi_#+BgVIgc8mXXa(Z*le?jZUW+@_?2BCUkH$g(wd`2f=rsl`3~>}I z`!VRMyDyiN{eOS0N zK$7H!G~T!HYomYgY;*LtJIJQU0OSaL?3YOz_xXC)m=pp}y|}W{IkgS$e0u~nq6+Y7aXjRA(ji@AuU4`BX6%T&In3;em&WY`t=1_=S!UPMs=V`}l<~TrGHT&LY^p ze7&vj+wp{0fU4jlNNNfyo*2{jjm+5Pa{k7!SSu^?non-c6F;&uU|N2eg{ZlF33i2o z+s4=a5qf~v^Cd2$#kg&Myb2lO_zM}lW8*+WSuUj3^?FA8gS%RuWABS4vldtNVX?x+ zG(N5r&qp03?B^XW(qpLsIt4Rg-|p+_gJFM%Q@wu+8H5IjWPqu!QBUHWtmI_ro)!&9 zq&ngc%?aglk%z-6Cz4P@t@lmYP~LD5D2m2m3`Wmwl|Lso=?TyhsH>T2f19(s569OX z<}qOfclm1iHET~Vz@~?7Z;|+)m$HrS+c%M zZ~-WQs}G!j*~n^8iGz5cEGPiz-w{x6a!PO82XwMA)af-wih1&sW;*|F7rh>CsbCow z@Dg(tGuIy5zW5TToFl4$$k5@3@%S0x2>Fm#u>Bw*pq;Jgw>^GJDJrPr<>!mlOv8;N zwAF9=17zE;%_T6Aq|W3cWxxEXJJHN{`+zwMvf3!<#2qX{81_tDX`8B3k4bPb(SI&Q znME+?$t@Tfjq~%Zvw0v>Kt-E9y49I|Zr2ldAgoPysB!`8Ret;kJPEJ?bvekc0%zah z&VRl?^~L0?afxBsNYY`T#v!=QO?<4rJ?sr=x;->heZ&4<)jG28W9(Kh672X(@M^HM z{gQjU%{l<6eATT>3T1aFLN*pb>;&XDg}Hw%)p~SB1S=QrL2QN{vu> zp`(9A?(kQTL5j0XjnAB_7&v?$n)&m=Teje4DP<~5bhQsF{AikEbaI+ zZui83{QL9ID~p(w_7jN996p2#S_IiA-#*(uYIByT4=UH5(JwyKx7`r|u)oFY^9eX=uMGjt9ef$K<_K!27$;lV8t#lbZH<_}bP++>}J-V9dQ}6vyd()lQ zn~{|Jh;&fgAEJ>L3&c6nynL;v_R;Rr@_F<^Oap`^F|J_o@rKz{wk$3{coY z6S`92N=AeFTD}|>s>HP6UZ_|5YwCPaPuachm_7A{-pHBZgbjA9+d|~O86BTGwf=mE zLg|e#=bNAJ5G&XEI={BEk>!zM@L(i%Q|F!1*>x!wg$_vtZ6EHOm&C~my z{0=^o^)P)pHqO;0uOo*NH%b}rRam%><31$N4;cZ%?m$P0oKS-v{=2lj%f?N>GV+Tz zU(i}D^w+QyzgFX5A-o635Ii#vi5rlQ{q|q-SSrBA!LLtyAW3?or&fQn3}P4Fx_eJK zol#lzC>ceMm20YloOylquF2mso4{ACAPso1!_`=HvapNe<)zCdo7F>fo!i$mUDVVl z?-p3TQ8HKT+bhAGh<(m$GHToY+|KvV>MX^vgmP>uZ|&#vGcR={6p>Oe9#*5 z{eYxvxU2Sy5eg~GB4Iieb-IUvCj05DMj)M0uU>YE{P@6s+cXZsYr)>{XiahFoaJ*E zbaJUO4~2p{#Ofc;G(q3bGtZ5U0jv>8_7$8|U(x$mXFAPDIQZG~>Ol6&ty;jc>tvw| z;jGLNNxgQ@eTHM7xJ}$0ztyrl9koOQjRUWiM}|_E?3wxFtqxhr6#7O8)GNSya3BUz zFaYPk7+VkG|4m%|;g>IaN^~x6RPrk3)2#-)Zeao!(tHdYW2Lr9L*9B7XX?Hw(v_Z$ z6h5Gu1miHzIYJvkP1f}lEdro&pB+Id4xhgG`=z)>pE=%V5<0$G<|~D!PO$c%TdoFU)YU(tFHI#)SX_fpHMJIVSxN}*CK_DZau9D3l<3K$>qvawOq zBnr2QK(>qmqZC8x^q|pZlztE#t7>&@8`B0}b9#S?y}%Bj@|he3oH<;Zf=_bEF7956 z>xcRykLWpiFXsYYe98E57{s?B$V3#S=au%M@c0p_SDtSR1zkJH#mq~v;-M7P7dUbu zdK;8c6e_q8_M4nt*D;QVYX+4sna@BmUm(VE2~QL0Tp`<=V!-fW#X6>6sme(iZcwmN zq{pQOZT`00nCLZpK1*_WY{lzq5Yv7jBk3PHN=WMK(jOkG%4Kp;FvL=y*(qvB^kB%S zo|X3)$p|tTNoKVQN|?eqS79s{!MpgWjV$>UZYfU?6INGMaQBkG+v=GM`Oo+WFJ__p zR&3ysL4}Sh?!QPLU&-?QNJdbhu#OMmhunv4xsNXloH9tcz8(kP4wO@0eaM^;24t0E zZEhOOH(DM7fU#o&n&6dhR?#;AW%?evw+VN7LZRd{e6MczN)91_0LYSz4^asRN&m&C zKE78nd9dzJp?D$BLc!{2KXLH0=cjx0XhOUAhom_dVGC$ zM~#Wpsrvnvg1_+BfW1WMz4|j*j$yuaXqE8J{ggiix8w8P9k2R0 z^J*nRo4#t<`z%gx&;0Yjev7d9TrXd0_|f-%2h^(ky@D7C^np*I9Sz{ArwL3QD9BDI z*Hy{{=g@WA<<}f+sUdIS7?DS+dG9WXs(1w?kfPtwH~id#U>(hDI$H0C!DN_%khjDM z7iq?dTM60!yd~Jv#b=sbja7vS{Wti0&unu`HwcT{Q@lMA?Yr1de6mJEHTW_l)YWHv z_(ipK)|c0Fq>L8%Q-}h-Rq`#!;Xt{R&mWZ%!U;v6EUl&*D&OHRAus4zc@aKrTq5`? zP)Gf7=yI+YU+=;=h2JGl4fbUD@vUX9u%7*$&#&%xO!JHToshwbaEF#-Dv_^@Qy-OL zhu~kM3f~9srCJ5U$I+>IYolYA?;;-b;ez9uOY>(Nm?F;TwcUGE;uZ zuIK^OWdap4S$R*A;VO_Zc!U&R#-urqRO&u`XviN{WB>N92nV|fOzdy&Jr7w5UJk75 z+If$YeD01i$8+}I$u~{q);%{(JY{BfY=nK`>c;f>`+Y1}1p%wJ@j7azqLKv0UOScZ z&qLmec;ZEJS!eU!Q;t^+O`_E@UL6<_d%;$)h$e>Md;Qjl{qA_uSNI<<+GJ zBj(6y8>N6L#$NxkvUqpK8?w3zck4eBv9D9;rKcE^_V4b_CBpz2P-pZpp-{C+RVNWQJq3-9b*B_gbeAnfoKg z-zvTg8dekriDr80Lsz2t+6PZnR?oYrd3JQ1fQP9qBB}-*${?{&2CloX=9c#X)KVa} z579@xpo%e|2Md!ynTFpzDpfVt$nr01CZjHq>qUktu*@g5OfIRy?!|&{yO~8^?MY<6 z)##G#clz{&frCN?fUER9>tZd3cLCb$R|) zEvUnvY@)F|AD^LIz>_tzKB9x$4LO6~h;VnDcd#3}|MT^gJ&X&ia`-Q702IePOFqwJ zs0aIlo>Ow#7REfDkB=zf1fZ&q83i2NO2VjHJN;s&d%t6d1Hc@!daK_0fBK9``tBZlw>iUX%7Pp0=nu)`>aob1lq%))YC!S@sY6gWxrA%5miT z{bIzGmKCq-xV)~vaEESZ${4_PaJ4?)=|a?d)O=?dQ#dC<3$Yphx*YjNw3cFyUoH=3 z&y_zo>OIwX{ZjsHIy2U%LjDHjuAGCnIOWv#%_R8=QH0Lwmme$B`{I=cuz$m2m|UAr zNwktx$0M0nbUa@S*FK!KTOfLmgXz+~@^_CfzRLWVrSU2h^i@ks+v^cL7p2b!t*~@3 z!|TpSMwtT{r6xSaGtXf&dSin?|Ch>{i33{ z2=MER9Fl8GYp`{HNtBs)9RXYW{W&MoeJYEfwDNM(a-Ek~x*kyDHqT<2(T_K@l~)CR zrfaqFY3vcsz6uzsc(Lp57h;b69U!Ydf zi7`IDSZR`HMN_18E)JVzkSVCESD2q5<#&dGGyHdqXum{HefbtY7UFVI!GWhI&8g$} zX-hH>&>7h;8*wu+nA#f+Q(pg+Vcy0!a$jl-YlEg=M5|ZsHf4zpqr1xtAC)E6hjnk_ zIMHCqfaiOr!fPNTMOq1VHTuY?LM$feN1RIp=$c%s2_%VZ>(}gl`lqXbsj7eF4)- z0w`&G;grnaIbLG_X`vKGei=NfIo__(|EAHSO_q=UHv`9dOVEPC}|~}D@s#rK5)!1G~jF_3?&?f&HEjV@eBE9 zoTt_y$`YcVCQWm`E!%6QA7i)-9CAU_!W!OF9bM1=3TK5?=`! z=gFc;41nH~`KA6-b4A2Nzube8IQo0mU!x9q~m#h4i7cUwCS%!VpL<0^)HOh`Q6W0o? zKk>SSz_lf3>Skdvge1f7$f}UwB}yvr?8=s&8B1${jl64meFknH_AJk#as7BUS1DgV zG)%!ZS{~9X>Dji2804ZU$|I7B&5{v(Z7=dpZeSw2qwkSwi5VV?6XfKc`8GGy#52a% zm!3>gpTc(zc_AsJm+Zd2j3WGM70@=Vdri>?5HC+u>{+niZnL{IUb> zMovtC`k`07hjyIxIQwl>lGuH9Q6Tvjd;H*(G|R=MEF!-co?lo7h@GMAf!ftNaC0ln ziK1Nq2gIj7(GjM7!?dvT3|c<^;wO1E@!vmG$|<6v-n4I-|JhSFBv@PgKF-qBykhMG zN1V3m;blPrk8e*e=fx$^@Qd!|HWm|FlfR&$hsw5!yVHV|_F9R+K0vYYfEMa!VVVz< zZ0ZA|%&u8jzt!$1w40A~@;;xt^PQL8t#Dbb8=k8pRk-&GhE`BQgHRtl6NJD$>`TY{ z%0PRnDm8y;_v!~VzY11Xbo|;_ZnekMRjhdzzoge75_~%FVZ8YW?=S=*36Tm_Z(w~@p!*GbSI{^KMrF8MX@d9g*z4m=G$x^n4we?@R^A; zB9G6Xxl8WsE0vrmysCe)kd-E>u6Z9Cg~Sz)ys};eHFK1B%kU0(IBi z^$+*^&7p)KWF^@9aNr_lQBt9)3oSCIdJO>invI|YJDxp=PJV?krkd?5sVaX6na3+u z?61`1r%)nM4?>|uU#{Do^0{2bsVXOv3y{VbC(OP03kl1IlPfIpw4eXfrW&QIh%!NiBR zY^@Gf%?>YwJt{{i512OEW91%K4+gW*49)L|L5-?|dr>haAA-0cHpJcstSb7p zQc&eKeiHqJoi%~?o^f#V=CHWARtkX$Y`DQC3}FxQ?nhq$69O@{TY1CMqrNCLf)yPw zc3t%TexRI5&+U*KfpE#XVDUIuKTPGt|y+KQ*;3Z1o1^G{RQ-Eot?dQMLPQQzt8htbQ8!_ zDN=KvteUmWA;1lk;Xb%_vLgbQQvyRB)^Rk?(Zza?vx+~)4(x_WYO~6t>9I!$$U43@ z+HQMxvlF!zmp8L?E;P@7r&A2XZ!g^2gLTllN1~#NWO-#NoQInD0E-~7E8pckuMChE zm1tQo-VDrUn9?3;=!IRcQ0{JsxA2si$wG25>|mH@_{^UQv6TCewZ)rH+(k0XrF%xM zx1V-;)dz}^NuPo7%zRXO7}-_m{Q{|D;6W0bP}~FIm%etn9PQt#Ehx_Z0f%7ChXNAO zjuAcc-tnYacOzI_z0+KxiBUQyr}nM^9FDz&FJ;lY@rw_bm8FKqix8=?I>@y=Q(&c? z(492W2#dUGO{qBl+?Hl49M=5om;N$44H}qJyOGAAv@c?^)cEt=YBRYcv_tpKzc5gqWs<2TVRLKO>UlYW>NK)OT_2&Zo6~r;&c4!Dw;DLv!ah@ zNL(ki_TMdN&mBYN=Dv#HJe?U+PhQ<|cz{W9yrPZ9sN89vVrpL;zu|6zhDwAS*6?L* z?L~~-?XePlVs*(f*4_-IO16mnGx=Qu0wQzu;jd#L~ zB3}0xd9V^)!nue!)>JCqSH__&A$c=r-BXfs8(K|<3FF=pQ1;Gygw_BJf;;oj&4K|( z8=r(YGWQixsbqz_*!3>;F*SWC)ay0u_qWg8#h^yc8&0t%)gOfy^&d2F3W-7cbCSGx zA4mE%y^K|SD;u^3R3rRl5gp>wjRDE~12$kd^ zrTOh>pSTv`vVZxGj9d5T2K&teqb94^(^0Qm4F~@7m`;CpvbJPyTQ}|et39OCe7dry zhLLYX-yOA^_SDdPsXv|4W#2O==)fq+`#tF%jVh)Safe?ySM_XM6XpPWQ$!Yt2-6-f zeP-!ARNB*lE}Kj0{NO%1d4(hgx4HYM{zedd@^0A;j?Vca%8h%1c-efpGO}?1N_2>y zcBY-U_GmB83W2VQc(ANF9C>InK|3>^v~&gYvH0pG*ia+20#Iwy|!I_QrL* z=x5nsS zm2zXzbXZWmeN~r*{lO?Na4b=#{(AdI(seB<3Pr(RQb59^h=_oalW$~1$x*(3o7t+Z z*%>48+!H!{(;2pUuDL=!=lYp}hc^Tp3W{1_83k5GMGVrXb)F^vOa$~`+#~Puv&UOk z6FJ)s8PNEt`GDFfO<4jeBzl`z*zTrI?w&8}sHIY5*N

&Q4m#t6`mX4MN_5sYV!_ zPdzi(+4&rz8S-6_Zh~!$XMJf%RSa+GnkjsU^q}pn67P(}Bz$Wj*h=pS)Lna%kP1hg ztHkx?gU@}PVauRndaQ(CP*Ya@@kbo1y_Z)-gs>V>c}%|++s_&^L)Mbrw}c-6%30xs zeWR40%TqCuQGTasiJ2jh+tK}i1zW7J2;rhvkGMa!hu>$!i-P#`NK=gbD2Mq3Iz+#J ziU_YvOwCQ*uUJaCGXrJ2f&XKvvl-W4-qcU8i;$~&g)8?||3FkETvVb|cQg5ET!#4YVM)=3y#Z3v`m>(W9#v7);*tb&4a0V0^&?#n4@gm&&gSzUGDyLEf-IKZ+ zLBQJkjpa0w${;6X_@^#}NA~#h91lho(i!z$Ot7df(xK)n&gNTlfA&O`WCS@S5#o|6 zM*FHOGi4>TNcduxE*M72KgOeJPCoeud_Al$z|Evj+qoVDs@rPj_hUPBMd|z<(BYSQ zv;HHfhhUPw!5QJOgQGIT)oMtZGn&x3T5MKz3uIA@x3uld>g3Vlp}9=U8QZMwS-^FU zzem_~ab^4QWadQZkUs$$baTit15o&J@jnKiP%_kV!|6EvF27Ky|J=kpnXfL;$?6Np zsxl!YXVqzZ#+tUi@EVfy?mG$woQC@gXmM3&b872Pp2Zd&clwDcvDp z@P6W2x_8fpGrIqTwVJ%0ztRuGfJlvL&ij3W`|oMJFp(OrLNB$5zMph%7t;sf zRkxFi)6dDII+l>tCZpqF=_gNub-h9?;Xtgmjfa@A%d+NS%F1c8SpVlR3c`t7FZ;)^ zXbeKWEAU6f36RgNMI!dsxh2ZPJvh_vEmWLI9u_nXN_o2IVrRaF*|u7`pM-6Odnrpl zqg`-Ie3l1IweLYO%>^v~Kpg1rIs~Bc6#g|*9sMv_yWN`Wdw*a8sH@xqVg4YD{iK3U z>5wlaaJ(hUe{ed@(o-A!Koo27a;+oCj>sx!gxnMZjOV!;W@D|&^Y?DNOpf98G)wG& zm46lsMf}^kt8e0s{gK=T<|$(iY=_igd>AyWYU&owft`AIucv#IAsmPgnt7flz*G)> zhw_djp|JQ-*{bEBjC7oXBh$EdqTLM+c?_A4Lq~eG4$0zcBs4$3Bo|=Ju0rgZU9thL zLu=3~xy&H{?a6t>u#*LO&_BzqPTqk;;yeM_~YM;Fwg63_Zx2gaQAK= zffB^}?sAl3(Q){oG)#~C{YUSa&!MwuYd%2heDe7!5Py{cc-QG?ocSt2_z*^btY6n( zwQs^aGQ8n)t!607j<v=sJo8JTMOD8e?Cm#Gs1L>2gCwcNNI^<7>!~63kFZ1z-g*zN@h`6fBtAdBka0y`f zCs2^niOlAlrnJ<{H!q_tBW^SuFhgUY14;A*sR=}48^?q;+G?{02`Mi$VvXl(1m^`E zjoRcN}FO=IYcYsa|?O(HA!zkhj-bHIP41=M0@sQ(HYx) zY3JBKj<)t6aM3GECtQ6~I(Qz4XpHlYe>W;YF8e+-H;V&&B}WXGD;2J2RTNHHYHcs& zbYyHefkI`ugco@A%TBrXlrS8jC8!VcF>*z|3mwz(#gF+4zhpUe2<-bYu5TYad4)+q zgmC`rXy2dG58@zNJ};hHPv*JG4p6;rg+E9L&c7H#;7C_pl3+sT+fVNdydUlTkoTK; z`MTt>Yp%9F)FWy4nGJK64|#n$vFTYKG)JAT74OXz9haot>x1S6EzG38L1&ngXpvmx zpM2lEcF@#Mn`ZAS!N>M?x4+ina@ZtWfj&Q3l~JI{KP@ESs26oF*ClgJ1zCtR#|#e+irbP_pIFpyPA4|dd>_5Rn7(eBx+jPZTnPmR_3ul{W1ti~@0YaaPDyDY zZ{5>`O|Dqxy&SBNjNO^ZUaZxf%zLfCYKgkJj5HhR-z0jG{Mjmp;q*J8!-%}<4wlQC zn$olJj_eXeA3FNgwe_D61duX_RCcsI+=jxjsl1ueZ^>l^^UFdj9i{90Z+Z+LFOP9C zycaQ81Odethr&%1YyMQgY4A{I=-w|rbSz=VJ6gZefpv0b$_BaErMhL;phzN zyjk(syMnxus1%&-J4^&J!#e(zpphr#n<)(hxOpM=n!ha8p~r0esZtj8aL=vNy`#)Z zf$Ux~yX@^&xx@Ai61_kAixL}G;acK z_Km<%HKf_WS$A5w50nG-Z3@+$1t6<`cHiWo`@Fl4G~w5NLtSZhdsk8X!KNd&<;O#7 zXKF5IZr>dYUmBWHKF^o7FZAQ)VZ_-4g0YZPqMF&+`LxRuW;v?1ZyjFpHc{d5{hM=l z)~uK>P6J^{?u$Tqd(5DaZy)MPW$CNk>GtA0cvmcJC{|sz^Q%jTGV(DpqI9?}mL=NX z&%?|1il@fV4g;j&l%NkUTMC9|GB7wxHk_W(5qk6aeJpTJ_`O5Q=__~bYBw%k*>$<< z>Hbyr4@utu`XhcnKSbDbOs;3oWB+H8v^>)eAl z+8(0+GcuDL$y`5Nbo%S;Z}}5K5*`Ius!<9ZS-Uy-fhz>%=}4_EfNAVg&bqfeQHQJh zd)<895Vo7Vch8J4ddbBlhq7(`gG&e0)A(ujy;FUHsqtY9&!Ch_D0a?yYH(L#aPDjj zO%VW>-}lVy^$@F{zO{u=n#pwTU#|lYR|lpHh~)aYy)dqtn3{V4sCRz$?QYP?3jwK! zUN4$S1gnk#AV-*%0^A*0fAcnT z6nXuFo3NJ8>S=U)Gnk(>QBH7*b9cw2B(;zFTQ<7Fgk$)GV?Sm$VQF~UW%aR$^B^?` zfj7kp_#S7r%Wx_3t8j-oTnfb7D-}vLoAZMORLzmJ>NxzVPIG_&x^RPEb^}GFF}|1k z;tQ!gn-mGd#>U2YfFHnZBJRBQ2`E+EF7Z|0uOUsWFB|s@;S%*W~)h|VSSl`fh zwjX=a=^vfQ(183v)bc!d-i>Ddu8ZrT%9%s`60wSeY}#SF@= zMDJ_!*Ja{HY!s>a&=HVi<8Er>`BNzQZEgJg`m?-0S4*wafM>sqFw_1$3Y=0nPRhf+ z3x}0%Umx8~w)SAa(ZKXq<(LMr1cD5(aDdW-yGFxu77n9SaMCH+uK5A!3jeS&bw78I zIMg)teTK0_I`f6RtE*vwy#|w{*BH zkLT0!d9bB{ksl9)3!WbQ!vwE9sWi@zeB4u&sqnm+y|AVTh}SY29pAyAfp{+-p!^pM?c{5%gA!i?#S`n^jG@zC4Ryr)NZ@@(uVS3LVHl^$^y(;!AV%>{ZvJ|2^ual4=0usK%>qBMC z@NnQ&2)^Q|-5BZglnQgdUg3U-pDGmQGPIVp36lps5M(k&{1 z_;}+Q<#p1B(e5xqu>X0vNn2Zfb4oqfr^!2!u?%c0UgTa!@_hmg2*v4Pl>LIb*ayAs z9c)5Y>R-W>PO#p#{!|_557pBO77(7lCwp-+3`eUX?$2Q@#ISGobY6W(2O1h?P(RAc zP(BCe$T>Sh>c%wm3Lqk7+xFBz2L%juC8l3x@f7!EfE7sgffBg~kM=shm)GNC>0BDF zth5y?Z_MzN#H~of_-C2r0bg!9Z(~^4*X>To7|`PpwXuyWouD1=4zy3TI$imA__~;{ zei@PiQ#i+*uh&G0&&@gdC3`$LpHe$IRn7C0!^<}3;}Wq)WVl6BRNbx<_8@|V*0=1Z zK9|_gZ6i5^G5iMTj=bOcfME7LX0H3Ga>>qKn-3?QCsTtI*{|n>WZ7>6_ud9{0W~Ij zwsKqE@2k%nNWeRPi(n+Wj*a!P_LTKIANMDFHwN3_Q@UMy?S33_`?F!ktm*82yMP=S z?YLN4fH&+HI+@S&{m6v|`;h(TI87b&<<3ZM_?MzP!w98&SkFk-e(6A^{d|}WP@qWK zZ5K@iy0Wa_Cv3a_0Rfh zsfIGSp9_+Hbi`gvZKiG9s>1foTBy-F3KuVYb3g~nGw5mbbctulsna=mK)Ztx@^f8=2Rpoa7lTdUN zBmnA~Cy+#ZmFH@=iKF}HIo8VPJ;mlbkybYz$Nnf6^&>tcbburfG=0_?7!KH>g$0)1 zwEU$Mi^o-%aQBF9s=+D&zoZ2eKictGo!>dqEz?S`KjwXcZN*ZL0dIj<62AKGXTNeS zkn9njNu~HH(lgg<6v_7;J#_J9Fxbs{3Gh_x1@T92tD~M+CS6!ufInr z$xJKa3n{kPnxy-3^S&zKG5gJ2!Qwd$55xB-Jq!l@*5?*P$240`PV{n2`&FrlIvv2f z2Lz_i6FMB`;T$l|H%=}$VH@sh%~FQ4S#_STAMY`yFOk`~KVRLaGOWw-#1xp>PnUAXhwKsz`~L2Iuy0O^ z;&K&xhZ2hTPo7am$A;L}57-=d0eSF8(rUiX=mI{Df5sGXfZ$x(ndzF5R7ZQ>orU3h zCIZ0D53&WXwQz%4wE!{8$D%s+r$6oAhNKiSv)7#a6%n5Wi z8Cig>dNDvRT3v0YctWw&pPc(KUiTmyl5I%VZKvpSx_GCzbP_?$01JWlPXP}%4LYnZ z)$~L|UQpr;48%+&AVTp)!{tIYWB9l}UOx+T6TW`E-Ux8eXMHoceB!IkT$Av?C0_WP z?oEcL7H&0)yL@owVDTpAw21ugN7pp@1ljPB1+cDO^lKm#2%lEiD5qhD)nU(aOlDaLI2aG}cXAZNmDDF?K!V=``b9v6c( z4txD#H5xrS?yH9crNA^xy?){cL6}uIqPYe3&mImDrS=X%I~?H(&7Db)S#Z*Ll4X&n zfta~{zo)Rw9~>wX8|9gJtpHs@?Uud@G3My&)WA0MB|oHZ{ndwP5N^Z}T%_^7XPZ;c z4o)hu-CS_$^OPmfS|G{Qtt*Iu)Z~?|c&m)8~j2VeIZ z`LlJ+_YcXu+<|3Cxyu*cJ-rUK%&kjb`E&ea70GEvm_b;!g>~A|3Jk-~Ub6xxotg@7 zd+z*flKE^NhpKfjjKl+{1T>=IuHT+NNsp+~R@B41gwj>o)19v+(8reSMPezeXQ5X| zSgGeT0sVM9d&?+3?3)YsIOZegi;D7V9(H2Z`|6*6VGDJVYF7=804LGk{a8y?Pi(!;)M$za=_z)HUeh_J?6~ z;X(DgU6eN};2DzrfO>(xb8s?nNGj?ja)-S)K8>yp@n0isk(k0e89y#9vhSsN858Ao z!%A4s=Iou01>t9$V_k-AT0k>m^gry|pBxd#ZN^84L!f8N{)l$`@dMFy8(@)s-tu)nU@D&%q)7+zqALL2NXnEhO; z#dns_Jle0};`)&;WU|8=FmKyKk#j6+Duo-kl3p{5?aK7bLQrkXrHzoOweqaBGBjG7 zJqA2%PMPt}_geSR9`eWl;v)}5csIJhO>yP&C#^sA4LIO!e`Uw_em%`wj+JwJ7bJ#$ z$?i_RLaYsj@$tB4Viu(+d8U&v`XyP%P7H(ikP+^?W77T9Zv^AJzNxLlwfK&CQbYSe zQ_@08#&bC+470}`Pv)+-{2JsWn~VooHEOR}SBAx;(7t8(Q8LjMrEb>6ruO8aEDR-_ zW~#IXTGUI*`O5plGgUYa^R7+ldxf7ZXu5g)5R?$kXFB{T8)M-(ur}wT{#14U&Sh{L z|5D5+hf-uwnXb@Cl3~rsHHzHqWWU4cQGImkM%m`A97viy&<+>hEwTl)qUg-&sRGfs z=;it=i?0@3{ScA|zo*HUDP74X5$Y}cM;Pt8aF7aB|m2oMP3KOB8gA%ryRPtal0B?o`& zGuScML(?VHx^lsd8R_!Naeb7FXYhI`|aIiU)bwu1Rx@} z95)McaJAzlShKF(S-jzH#`J%<$WQM_0!3l(iy6tZ{!7Y1yPrF?rD`%*_m(MNGxX`6 zLD5ybxUm+DHq@`ZZu_1qZNH4*{QHoEXIaDcBMpycG%#EHrs5pn0CC2|>!WaYY0pTb z;wV-g_neyV3ma}u$97sTSuZgkHg>NZ)86#YxGxW&6O6g8#oCin5U%-K4MPAo(_)s* z!CduE<^CuU{*{YP<#TKLn$OVA=x$v*!Jsi%vvhro&tgnY-~pap9ja*_4HeJ|qA#0w zza*Phwb`-Txth31mOC0nVs+N!lWagn>B;2>Imvvwgj;kj=JzbmAH~JetF#akOf1QZ%4cnpEkG!34MeE5Ftb9l0InnxfUYdWnYPY;i}1quaL| zk^4;3=j`zP(H76nVN9U!!wiXs2-3d(4AE-uxx+-z5KW*L=!A572oxs~qLjPtE7SDN z^vyd)5MGS$PFVK4kA)7q_IDr04}0Iz>ykn+qoS`_0}+I`a&9h`m93oaUI^^vbZUMx;I#mOv2H=T%Xt}T$ccbq9#+*-J`u|oP#612C+CijOA9y?62^ZQ(owDs$)$rUSVu7}; zxHG~;%eU=YO#k+~<|2c5`I&oY@x1mptX@JA|Fy9GnfGH{n@$6Vw?8yjp@Bn>C%2$} zvaLVt02}^7+yHb)W?VPP}i7B$-CBpFgpg%0%jm zzB=9j;~X{yo_s~*Zx#Aix?i6T$LsR!<->J_+=cvnrP^ka{N`=@kqg(Cw8=u-v$vM$Dkmag zkqueI{R$zf?eV-k8{aAdU~0K7{p=45ieu#xY#DCY?u8ULa@kTpoWFsSFk#UdHc>Brl>!x}OM_b^%vvk-&G&420Ra`>Eyb3r`0txBI7Sk5r1QP;=u z{K*HG5SB_SSvuF>fSn#*4%`PMI*$WUEZS#wVwj+K6E{eCv3DWpUCA1=&nqKbY}u)s zLAdk*i7Q^K@aUIYQAd^0?;F1ddJ)ES&FAs;_h^wH%l!;kF=Q8?k>(HY4E(-V_(s0L z!y0$5Ym+M%+||lG$CX{qY|&b5nU&jCYq_?5A#NH1AoT%!T2o7PBTiSwD0{ESvawVY zO@3K}iEk=IQu=hGa-E5gFotsD)p_>dU5hyi12qUt4p)NuQtz5crjHDnb7aTL`k;>P zjd4q20oMT1iLaDo7;TI89Z^!x)j+Ox$b>6!hAQ)*EfXIhyW5{ z->#1P@;NMqv25B;hUwFRcy=s$E3j8F%fZe!X%?LGT{d!0@h>Rm#1UBu|BPR2ASb)v z&c4v{{elt8RoDvrU1EHFI49MRY|P#@!r;aF5G8#NBvYHh^!n19s!BB2oAIH>-Udd!THmWQbcf!nS7WaXK}NmRrUS;`dQ{y{u|E3ECE8ecp9I9&gkURV= z(Vc)foE$yCzB8}hKw#20+ReNjAi@PCDHP2M&G0s$u>jd^%J8jOVl+NuaZ8ok^U(OJ zi8IOTmxVsdUu6$O;pju?d0!U0uMIidoBNKzTzEGLC@Xw+P9fGv+0@}X0nD-|UX5Y- zAyIoEbrAX)4^(rpz?tO9$ag*r-%m?(PJ1I=o;nI9U#ttuo`}6xm7w2J!U*b@+V5ZY z7rigcLoC*AaiZI3*Dvxu=Jk>L)Kf=7kXhq zDvVd*pipw3pjW+s zyN2<;;CyZ3=RO+)0u{pzf~(l8-ntmyyS^{`=k}ocKH)5OX=`7Ip-_IdFi)@3a#VDm zsv*yGl&VkC=Vwu!Z0D{RZC!&rdiFN=IZ&4~AM5f_wqxNMEc6>LHBfUGyG9wB7CP?6 z?a*Cy(ITRkG@S>a+9n2D^(Qbyitu59B=h|RnK>Z+@i@G2KL!-F;Q5q&sn@nug^A8z z82-e#WS$DN_AVU1U$93yKwKP8=1zQgw@3Pd{Db_nGuPwTAq1-LYEY*yW&my>rwnBN z25gcteB#@^)&Y8Lj93I1F%y5vVQhYTK56?)fd5LB|7_WY|d#JApWF$O1SZPbY}g+ZiyHqm}~bU-N~Xd?KG$n+-jWZ_S-y2sWuC zlrqVhmCnd$;4f%^6qxO8qrH0c4|^uv z4_AXKKYe&XYl?R_z}oIAI9dCHugMLrY9iXYjt%`JTOjetAm4^x_&ecO#h2G0pU{Zj zpU{=5Um@kt4~_HIg#q&lSeMJZP9cw)CBvp+=Ubj>rC}Y>5JCGn4qt*A^{^0hTmpX5NXeFI3C>2!pzsoWb%MW$v@whit!P3yilVwb4b7@ydLxWLY2jS=&WB>fezaZiqQ$RoG7pj6V zZ}o%o++Iw5+an1DkwrE+f=@$gEk_?UjI_D;NSJgBa1jAd>HV;j7+z{0^g{w&l!`kz z#4un9Bpv`2K*>VXCe^Snr1T0UrB|s*K#VjLw!YyGg;`0?k74|iF|8iAM~&lNFw(5) zC7-;gm28g(FV(lOcznl-^RCC*4{$m0aPdeB;J~47s2>i?oW6lnGt}ezJ;6F%zpB>` zucADg(O-zn=*-ghJcI;^UGcebIcNk84 z$U&cD$i>HOs?V^x;vyHX_I^9~i>nA?>Eb@alnv4!Px%qa>E+%(W@ect)rJ%_2S=Qv zf7^tY(!+CsJJo21N1XmeQQoG`mAQ(z5h%{KljeQnpTtna8+s_QRA0p9)<1sw^%qAk z&W3x=>1@_Ro|g3C6{}N8;x(lGu<6e?DNS>f`)w(c4gPoRgZ;y?h==_Al3NO#9qe{` z3b^Zjn5X^R*-i93zscsdFC|+tvsc48HPik34z0Ml6ALGw*gg6-N6tCZ1TilfQJLST zWkA(N1$<%BK0kC+9N`cIwRLAc`s4JiV3+XovoThBN3LO8y-JsH7QA59lubI z{q%^_!@ittfwJ!L9)Z-E3ZLHyvlaYtabYC-ASxJ1ca--L53wdl_Vl@z`vHO2p8N<) zGF?7~(i%5m{V1;+p?-9gtg1bW6mR)?P@2?$V1!s;*zR`s0~GF#biMX#9l6JSL05F6 z&>LHquHqKHX^Bbl)B;%Ku72jNbU-#j2hYsG`?oLLkgN6z?g zc6!LzZ{qQLxeE#uep2}}_xHaB*@pz3LbIu?<8P;q(r8-u%WyAz+4z%@$~cgc zZvm!IPdAjq54cWRZuU}#P+T5;;Br)7WNG3na4I(Ue+ZyN6O4JLNuLdW9R z#3%B2_9m77a&OQyCpEUj8A`}ua7|vH!5wGQ_$s=(AGn8_JrKb74~U19Vgzcm9n$3< zw=$?c@8ek-nOeRb_Fa8JaQ%xRD#~5a0h^VfxS&j$4%Sfc*Ja9ljhymH#m)dq_Ne0a zu7&#vES=Z;rcdLm(K<0ae)RaL-;6GFvF|7~OK%-rsx9;geWyBZ8D?AhrUYq?y|Lvm zwW~H-CH%$>LrGX_KfO?Pqp*Z_qsAhXU3Wxs|VMr3Q-Gj%$Ys|Uj(W6M-F|2*l~U-ynGI)KC`m& zc<15J{6qf-it1~+viDieO9qQGPmt$Z@i}An+^z&4ZsAaXxYg$eZ%2wc3&=bu<`S?s z&-%`IeZ}0fV-8=8({rhc_V!x+;<>Y#L~;&`#WaY=%}pK2w9oU^rQ|&j_{?X%4~u*J z+;7YR`Ztjq3E%YV?{dB&ivqX?9Kqk@KZ5{5tcjrX-KYkI3KR0r^XXszCKvYmM>b^h zZAK`yE;{wIPFfNlps?3JGB)+ZfYERP zAYD_Sk8po>QdjQmPXuJ8gj+^`iNo{O6Y4W&h}WJvoP{%HpFrZ>H?l^R`Ab^>Uo+s<^c%$PJREwM!jbKrX_{!vDy< z)wX5RLn7wFEnU;Ql`taYC91fd0tn*bX?RHK?k%hLGEF!Dr`yw?%jz%=%&Z(i=BmCN zTr_g-FefD#kJ&$R?N(Ae!8n9yObmLY&Np7LgY-`YWNqGCurJiFw&Oz>$Mfk@Z3m@b z)5O-UPk{E+qdscA4(~_wuip^){hZqCDj15eN2&vV-sO}jivi=gY(@L6J&mseA!6p2 zu=h7B^lAOqKjm&=d3d;+Jwm=-t^&LpE9>(#@F%zpX4}nMo_e>(BTxV=8UR>>l>_rV zTpG|~F)I@Il*zS|IJU#kwaV)a(Gr@}?)A;1WKnw_m5%7{^aT6b6a~lLL-6Io|Ys@0J>}soChq&v4rupfo@S5 zMK~l0Ic%9dtWMm8;R$n6Y%4MJ{r%m3nB>bu^TQEO)hoX*Gz-=+#B7bvVAgJll$pA& zvu{#RBe6ZrcMQBYu|G~Yp8^1zbh-NdM$S^CFW-X_!yHabA0EFfh*Nga1}$6;PS{{`vHNi zESd(KY_6E+Hr-pI8CQYXWAO-FyXRA}O3=~SgJc(|>4;Q5^p(x=gc?q`%tb&Z(9({m zbnrJ$;iK|C%5IJMkeVKsysi7*u)9EbLD70J(MA)E3|3^%I=5CTmERJtfA3Cqa|dtl z*7J!@Kz^etu3{KTj6FTl<`uBYr{zv?K85|6ZN7sCvDG#Zg-W|F^NbpH4UVt-^vL$W zk>%R+5AUk}h{tvQ9r)aGATBcWA9$^i$6g7hYr&;9w67Vhh-Ty1z%Oy~JdB}SbF{5P ztlZv~Ay&>JeZD7w-y>iu%%u9TdhndprOvBdlf#?)c%1gkq+xaCMqp#p;Nv|o6M1v5 zm7)tr6@v-alV(9N;9Q?^xfxV2)X{z*u&reA%k~WGNF=ZO!F(#DfWOX=^k(<}DS zb|=`3zrKk6kYw~etLBfsY7wmS$~w5Uz*H2{u|*-$00nNJ1zQ<$1UNz1Fdo>f>rLD< zDg4VJUVar-FQ3q_IVjC5rNJV$f1#-3X|AtQw&rRmhPj_>0SUFl!d`a|2jAWGm$XBI%@%ro5 zxWijmMq!4Qg(&(y%!#|>?WtMn(^P+B(Oxv!^O;}Y;My0_GAT+5X0hM6@{eU+-{`j= zPvySq9IoDMpZ7==3gus2C#W{IeZnuN*T$+Xd~S~_Rqw~6 z+Ee`#`z@$_|6BH3d@ISCW>bkCr-ZcfCsU?5fB9b+sHc3ii9T3UW{W$rI=I{hq<5l&kEEDNA#gLm)5b`7JyF zpRU2^8N&=E-#2^|>1r<`5I{u5Zm05$sb;sC$~BSSVsT$kREo!Pp6MsX!0!6cMmlGi z;4&ewM%_8z7UFYPmmwVVfIPI{kaQ~|o@(StS6Nq!dQpJMFw9>NmCNAf7@UQG^&Vft zGGc4R4?j7}7-z8ESr12z{vGfrEY47_?BV91#wR+P@7Z~FL8y(Tm@7|&M}4~J9dCJY zfI$I&c5RSLl7J}x6IO7oT3{czzzY*xCi+|}+9vsXhQ~gV zBRuN~;m={z)!#2cJtub&HaR~zHv>A?%##uvSMM{42>~rXo&uD)DrWo7I`%YvqTq{O z1)E+=F4>ntzc4JhM?ENiZe2-y7;)M6dg~rM_eq3Wxv+nN{4(>7n^h#QOMV3OEPHP1 zahaZYsc0iC!a$1ZKiho_vGCwQ4IJoL{08tP2t>wQO;Y(mIhkaEfW?(@$qU%fcjs^s;~H}|JFbfJS9lm{r}95efyy34 z)(azB!p~(poit=DqWzy>V*?E2Mzkh87!-L2HuErTcA7si z&ry>v-bZcr3mpGu;L)z8edYFxi7d<7N%mx+!BFk`d?>AVImJ&eKY`sub5+{KT>DLo zxaD+#cr|R25-`%mTm3#J(+WsRD_kQ2m3()qYm&1T>I+2)7JfEg$w7uxhw7PHP3F)0 z6JNA%HFq;710CzbrPZY+Ty=+YY4^sTxa&RJQ&#q%F*MspHi;!@Z+Kc=HM86-e1^fh^W_wM@i;c77oIGKca|!NQvyTO0ausiRmCYA&9@Q z_c@Tkqdv{r`EU9KpT3s<8c0joKNYLj0j(9Qf%_62tjeC>_#q%@OlonlEA&tlq^uj* z0(aJ*A}Q%t=c+^jg;oUkV-P)~rBee5M@90L&l_6r7lz5!db=ItW*7jjdO|D>xYO9) zJbbpT=A=f7&X4{>+b-{0emO~(JF#EanIc{e6wrzGTM?H!z7NT9mTnAbl5}cUknQx& zxQWG^UL6+tKx0|4O1s<-X~Vi0ssQ`<{P zkn^mK!l%vJw`w8pHtY~IrmyE2_htWrE#h5$R>Opfn;e*JRXtnq27s8tS~F8_8qM9+ zs!C3oB@vHeBC{US>LWq!dx5>IGEAvu)qlv~mfs(M1e+_szDkCPxG0S$_zzsZT7*|> zg>k%FZ)8I}?5Yys!a!BxiIQ^#f+#U+rvF|^w;2Qbyd;V-Wp$6QxKq5i%J0+VsO3MR zz*mZf-nzf$MZcfak-Q?Z-1P&C;bs!PDKpRyFh`X-Mh)f6z6mAN$-dhgUkZO_OBvCO ztcb@lx}h^|4G+f_JGx-V7NyqxUT}Rp`U2PL%8c|PN!VWw_sBI`q6;-Ts&R+QU2Y!P2>no>rD-d9FP zgW23L3n)0{6TCi@N?Xx1LLLTUB@b2R(~qBJ>s3Q4*RNzU5XFAO&VNDX!&(Tw=={&g zyJU-Ry}&;^`@XhcxNxvW;yW+cCUUtiV`o6wqusYzT~DihzE$#*El(wiVvrM@<9n`< z*zY%Ngopx>2KWO*WW?W%`VJ7-OV7L8C69|}FzKWCDSM9oTpuPbS3#U9ULgX`)%PGG zY=48T{WSkz4ikteD^=j{srQTE%}SNHbOn$?7O-?^zy0(V-l6eH#B$uLIxci+k zt8A_w20Di1HMZ4tom%3Dzv)CnYTl4Lg{`!$_02 z=AHO_5k0{Pf3o0g!67O?1&uvYwoCeQ3PU z#O*Vi{le@1p;~}^xkmE@{$Qd6dzP1>Wp9-kWbuS{Jtf2jwd}p+_`VsaynY1*J8m<6 z*=;&rAErC{``J8Vs*1+d9vqZ{W_l-_6 z+*dk5hX_remk=MlR`Jkws7+o1TK9l>FuX42f&8HT@sC!O?d8?8sOi8h*M$oDO=~vzhiQtMq(*qd%p@T6v_r zBLFklv=$5{x%8&9sGcz({PGlApdl88fGcyhtmc(j1kw4vc84TK7!i46y-xX@yIpd> zlF{Mt5FwnoFX@a)j;w{I9lqMsXSO>>bx4Z6o{Ik z3+x3@ohgg>@@tag^_wjK&qF5>pD`NG$M!r2(oJM_h>0Hd9ax0}nYFT89_=Qcj+@v) z0JZn{h{`Fl`i@DM>}$pXo5j;lfT=)cnzV*qQu_9vDfUi;##g=x-ZW=ELtWX-;2`Az zm+{k4{pHPoTw`#nIBl7CwdYwba8GjFKVsf`!k22Cu1FBZ`vjjX!oC!^{hW6{Ow~Cn z5!wG>v1%?oTtNZm&u*@=MMl5l#NE$OpOu8Y;i=^l|Awrhd6;X<-M(_v-o!hUeLy*9 zX0^TqDViuEFjX$Jx9|q$5eoChzl!hETyJo{l)tMo(C4^UfkzJY$I1B>7u)$H$9#cvXN(Np0CDP-mr`|S-g=ux za`~NPvBX;&h21YNhy4@G{`v9I_*6gB2YBzdZxn*?CcuzsU;kCYr=ijC;mEsS9d90t zR8_;tu0i`a?7H??I)@G&A2+R z*@yJ=TJQHwCi}_$G23Ckp9aqS3SjIHfpI>k@5rZ2V`0-P_g!AB(WQHWD?-}4*85@L-enpYm=Djti7pl$zCZ6X>~rIsol3EN zKHIENZ*AXgBM;`xzEcg6LqQD=NP-Fm2gN!@5GTf)fUw3Zkq>W2vsM8~EFV1Z>P;11 zk`0At@7l9Z`WnvWM<4}Yvu_PbB$9k^%za;?03`c`KaWA4{(#Dybvqu6_hsii!h<%1 zjBGWPS<@J8D`Utznez3;Txa#p^SX>!b{PQOoV2NdqADpg^^6Swv!;CA2FGSlX6iCY z*!u0x!=|jiwU;|OC7fwgm9>2KYzM`a9Ubp2?#UMhU40gu%8`G-HCL+!%uR#Vc_7|~kJoWt{UE(Wcp`r+f14&j zIUW~ye7Eyc@XDDt)1&Iy-#e5t0E*tS+HhTXhF`_Z!BqOK`7EG(iL;s0vacR>yS$x? zy0VTjZ5OVNx*$Bt3(0cL!&Eb;O>G(UR zfWKM?Uw+`2Vv5d;I0_!$rp*>5zxb1GIaFDIg!^YLEW5Wo(~Hvk%kEU%Pug1x4pSM> ziN>=Lk?j))XMbq48`N;4FE8rj^$2fU(d;WQUEN2xuCr8*pc*&5CjW`nA`u`B(s?ia zna%Eim!`0Rpnc-N~}TVs!Ux?2o1L9any4%)?pmP7N7VHj-0IYLoexZ;T7 z;m97n04CZ_`K2*sYYia)%S(HEC?U#tJcwk+O4<}J+Cjy~@cA6V8MwjkB0i{Jo zYf7xY`qFXZv!$e}IQrovJ+eFrDsU9Cu0wi1g^{X5uKRtn-bC(ow3<{gEEwNJen(wE zIhyb8HXTe#)`hzzA2KMeQGEnO;e7RrptXDP!6YxnYwprPhxixY_CC% zaytQ$W~dd%Z;q_f>cCZQQ%Nt>^(w?}d$r}GQ(jr8`x^9`w@1g8D(U__O!XlaCCGsx zbC$YAYTk5KFx{TazI=d}M^pb5z}k&3sJd)I2Q-sw0@{+kwqDiO=M@ILn_*tstDV9* zgDXWPZBJTn_W-IccIqBrOFR>ZmNf;aWSu4Y1smOv5Nj+N(ouiVr@=tC4tEnA`s}yg zadT(?mENgIVpjIfRnvv7(EV(>+ku4J?|pof(mqE@b7-2ucV-EAnm$p` zDO^X7#+R0M7k(Xd6{cLLrtI1~hbI=jK|HiMe_HM2uuCmyXY~MQ9dOdq?>=MAOk3uA zta<6D_r+2uNF95=wF;Q{Jyx|Ii=PZ(M%VO8$5DDv36k4CUtjtH8a^;^ar@BC1DaUJ zPF;HECSjf?V#Q?9F+tzFhbD9ExVucLmF6P_9*pmYqT4Fw9px3|hv7L~CKzC4PiQNz z8ryn(Yp<%q>%uGSw3Am}qkAd1uF}_D@FwIUb0pr2UH`&{)${!kyqp;^+LP{P2Jp(T zWj+awh{|(vICOsq?t&2*q&_5=L#l_rj^Nxk98_^D17doJo_zaJdx>x$(L3cQG2?ef zI}~ApaLV=QZr<5{tFolc={22M-zkCoLAanD-TC%(?y)&O^1yiNWBN+EK4hi0aw5Cp zIkc=z$?h8_s{Qe_){Mq81))$GKTE-t$%Z&r4QlEkB29+h$(;J@X_4Q1`E@gU$EEeS zH{n*W>F*xp6zChTabVu%Cv{gM%GGaFvSe_AUYC=3oBJyx1epON?-!*PW1wcYwmHPa z;+X-DY9(B}_rU~zL$XT7c;u<-FW2yy-^W5fZw~hKO{TuW6e5+gD4-MS)`iZ?1Chn4_kSOK5a3f@v>mMP2jx5}B`{d^^|nWDiI zK972cWbW2di^;!-d#j#t{7$KKREbp@`r*a?+&OP?LmD=7uSr%P%W>U)Ir7p^3jRJP zErclm3}}AE^gQ0fn7C`Y?q-j5kNC8Tc@N+4PmqYH{#@n`4(75uZ zhsRLWeAD_@c#UnmWbe_en`BMKrOM`_3Q5eEK>ej9MxB+(1 zY3ghJlFX(}c^MBJub>md9u9!X?o*HZ1o4VCZMSC!8x|8NQ*tMopMujNLL2qvhW9N^ zmVN>;qxt}l9EwI$K2muvfEZE%dWdu;-l_uYO3ms?bm8BV>eZ?5_{4i`R1vzlX!qDY zT~hapHyIpe;?7b=?~}0mcBuaR?rS@A5AXhAPzV0{eeQ?e_eefL(#DI#W^P}K`)|0` z$!EK3C@$}7coCVeeHETLy`whGwR-n}$O@N{;&4H<^Y*7Zj+F;<9$r)FSg_n$o8 za(?-^(pmWvKSsUoD?4dG3*P9h;GWi=@Bob{AIXh$|B9Q~=?{WHSP-oHV+o!EwI^|^ zpYBy~$vuESPm23Hzb8J!8jhW(Ja?&vfce6!G?zRl-9XcpJ*lbWv(+--2WZWErrsDM z;lMT2h4cLT=@@t3XC;{we#?bHX!*@xg2ugHuI3}0wycM$by^w%N-7g59B z9Vj6S|JLGcRlOjgU34h%v0_|}>j{~c+_9r4wcf&ISRPINVT_g)0N8oEMFlBESM61ovm;D6^_y8^hIm*80L8Q%3tW)U>y73QDeaZVyI@KLHI2v* zT{55dcq^EAc|d@xQ406M;=IFbHLZYEL} z2587UTi(;@Z0>9U{HGh&!%XH;X0Or);9-{p`Ka9-u7TAC0 zMi(ctcwhaPH;cS!3QWI1G}N)Rz;f5K-%Y5_7&5qpU|j8|H8}USj{3;oMytGOYQF3j z9^>!xi2Zl|97F!*Suo{hv+p74KmbYX8LZd?rxii}Uh?;1raL@Ws|aSo|gnn)6zuoL!d!*6h`Z z)Zv_Wil2OHz)NCHx$%|EdGT&=jW>?blzMGnYjI{3&8ze7Tnt||;R0iQ)9>v8rkp&N z*-cC4B0zCo8@PllKSRG;Q(HP6@#N;Z+#}@4vje)}Rkb*m?5{mSoX_nIYs0%6nUNiE z{q;as&-wQ~%%_o|)ez}vO&AVnb^ry5tNWCUIfFhVx2Q)!5m)d=Z7!Hk$8%N!@13(T z@cBxct|!Xn#JeTAi@G*GMcgr^GwpXN~C4p?MDq?SO0Sg_GkhqgGhGH@L2Y?1BR3OD2VWK z#x#tC=PeoO+l)>STUm}f2t&H{#rtwP+|6aI+iP>$=CupAk6_6!lZN929x{Et8Kqu% ze0kg_=q3P*^?CQo2{T{kgl(`y*Z-D!Jn;K6A+{Q_VAD-f=J^wap2kQj$0(h6Wg$_<<(F`WHMn&) z)`UA?^l@R~k}sGu&et_mrGz@t&4bIo8gqLy<7vN)!xLHT=vaR*pJ!ul`(>ErQ6ao> zBW@AP_g;1;Lh?$#l2db}b9+cHbskyIcxhIN7%6L-I+=~G`#X=g^liMWb43l8{d6EZ zKIG6~w0VeS3)VgJ_pM zuPDJXIsJ_qv}Tv#M;zN0p}hpxb%!vlJ7~nRtN-4mgZ1ol^EW>9buEo}To*m8+Pzqs0*#INd=4-$W~{?^zZNnSCI|Gh!(8rRqB~u( z;NiHNq)W6DtMk<}%X8ztH}b7X8$JN7Deu=&&*QHU`e{$UCM%9KL%PQ4E(|G>+2}?v z7qCfB!iZ8%NbV;^JR!(DO@#J^{Q~;!Ud*pf_2TD2ou|D&Fib7!so)>Od$vkX(Tyfa zDEiCnA6%Ndzs~*n+oy}k>I|u)qWStew==Ya<1M_$HBdP+bjEX#_opmBD=5Tf?qARy zZ!hSX3^0Cz6lF-~S8TCUNBex2-p{FjU~flvgh|r#YsA8}BB9kTg9Muwpu@^N7l5hM&Wd4pB{AdgM9RjJ+v=eD@mP9i`jr4UW*dFwNRKy;oB3i3aa`# z5lS^fI4ai0&o{0YGTGAv=tDQM7SH8lJ2&C@{(QT?dwc;-@Rv0~?p(6aZBSrd{4rBeO?TS)+V<+G+{V4d#2pm&yTIEv+gY7+r5y3`ntUciw1{DU)qCa zJ!pT30sB|>^@xI?h~)@uS~R%(7WzJ?AFo-0jzAK0)tWXVR#}ns5&2+VmCqP436X8! zC|?kS;lVx19j3&&0Skk`$`QIiYnjy4JPpG3+x$nW;Wje-j;iK;bP-1U{6|jJ8@*%B#V5e_dgn|GO>De#ahtNYYR^p+jYH%~67i0DrC|oAS zMD^z1!aW!7&K*iBmVsJt(5hTZpKxfLIHzlA8h2eddFo*Z(RLQ}^;?R7MaUo}E01ML zUt@qj@cuyg_b&6dl|`^IPXsC|{&#)hGv9%J+C4>6<>~|qfoS}MQ^Fr_OgN7!ZwGu` zynrUVf7usjLvU#m#aoCsBVa!b_4pM`EZ)p9dhMb0{Gt0N8ViY={)B4g4AjbfakU*n4p`K%ZqbE98hK&LPw8^8xW*Vt+T_gswr4$9hW0ZS;UbmVuSI9Np&@^F* zjf8Hy?X3DeLlO^c-4^dv;#I%s_7RPPv#Sy#;sWKy@_R&su?N#^G)XrtKQsrlT&c`! zzp<^ZX%`UOTClpOwtN4<<7u7q$GblpXYq~I>e69%2e&NrI*e0Q(yVm;MZN^i zqY(tCqw(NlLG<*s{*C385UFB@1F?Ws*zp%2cccj>x{%}7_}rpTn4*<-^B|plkuXZi z2u6fAvu!dHpI>SngIU^(ff|3M2heay;4AhUGUq-87+lqwvF$Ci2ms+IJd~>P$+>XC zaRXRs)PKZWr&RxVP3R-m7sDMO?A{S960{idm%O@9aC$OqY$aoqyAuO%%_CY7L&l0! zCRwy%x*u;I8rGF{(dRn>=o)06c=(y(AMrIu!%04r{QjX?>3KKV5+Nh!PbD~@&64baqu^EYvmZ?UeYM!1MCW-F-NH$BnTzC>lx&vRMBD6N zTOP-fe1msBe}?iH2EsnUfP5&wgzYwD8acDOFRG-82A!jVOISAmxCZaZ+?w(D8oVPl z4nv~XFxL`p)l_ZA$_#_`x4(J4PoI1y77rQqUI8!isZF1Qm+FX>__SZxh>T`LFP6|$ zRy!`^42QV5=-t~MB@D0ad48PZ&I#D!S$>^pNiw+_qkHZ&)onVOS^Cvi@k&+S{K$h5 zemj1d66q;`21S!JH%hX!tvfWa{<96=y10d!#>7>6#W_-@X1YMXcL)wW3%=O=sMBXc4$%=!}lS?dZdHGlRO_@4cPI>Uyh z*)o;uq|cXaHi>X%-0a_c1N#AKH&&C6|`n zw@7q{J8Gi__`n#5*){wq8xu{!o;;xy0GRhVcV3EN+@EHi+(J(~h28O2d{Ql_Ni98o zV`%8A2o^BjK!&B-V5yf5q_>Wx%!uiRS#pXR=;1;Cl|L%3DR}g@AJ`!#ZLH?kQqE_g z-gE7ccU<;6(aB;@_1edq>w>#<)fmA^farN%*Y2FWn#0Ay%7Nuna?T*Qk9FBcNcc`Y zDI+T^YkI=1=$n^ok$y+2>@0hAs2ZLieJjP7R+rTs#(j&jP@S#co@p`ikRqglnc$K8 zu2bvR>p`_bMyI(0)qLCwvfwUVFz;BfYgAbenvtWi0gv9A+8oYLX!t5}n_rsh!gXW? zvV4ye-$X47xb-Du6?pl1i#g!36B%ZQ6I8t z`#l<3UY&kBoY7I|8JrT4@qK@2Fb9iU5Uw9$ex+X-;zwamDdwtnS})t83nwj5pC{R> zJ=+!Nx=XwDEt-SwuD|rsdE?^nm*D%7)x7gr&Ej5Z%F{yM z=69}aSiIJfzK4R&w}2h?jpQ%vliS}tiS~Vk39zy%?S~W|m~ylM+u;XTaj=bahLJ2V zPe@&Ez2Q2mq=?rkJEM@PCiy8g!lzh;_n@47XPh?nLuR!gJcDbtuu5O<3n&g)h4vW) z^8HF1%qWS&_T1C9Y+k}5W8m?@!m4XP(1z#K4U2g|nF`cdjbaDK-0JgW`1<71jRTU1H^Bnfm0aO0bU+1Xwx)m7hU3 zJdW{$`c;%teAR%te`9|q%tYGNhdow#bUM>Y&gmS$TD8NEhtqsOoQk%>2YtP5!ZaEV zosmO3LE<^)+SGOG_=d02D^AO^0oR`geA=Gl=S)*uI?H@oaD)S_#g_rL8}YaWFKUVh zrvNofC`(H?>mKrCEIb&~uKP)Ki&-+(C^1ZZBUG&SD6sh6@Q49f-+#}B3_m5`J#?q6 ze0G}!P7(7|R_KpDbB|sggfE!y{)@}U4ya3XWbkvDz;fVlYs{&w)iwP-sd(s0F~<)3 z$p+2HIfC{$%GvKw zslpzV;RjV@uW)MZ*}t=--q(+KJSyi1nhvb3qPt`fWi?o|=&Pj&G( zme+i(*p#GRA_WaS_f+gIEq}*0Z+x@^OFbv7(%(Xu^4C1J_&$|ChVR9vIDoyK)Ybb* z=lkf-*yu)Ua(Y@KC2U2s7alXGgfOLK+RD+w&OsK;{HQ~-M=8gDg`Hm|Gtg-f%b*1B zMexLCpR%Wv$V{;pGUvrmcKzrzm=Wx$>0yaJ;)lvk4i*UMxpa0co>TD!ho<}67WNAb z5e8hUkv2PlJ2vLa?xC7U1F{pC*c8WcVm@xr6I zI3@kir`uK5`BFp7q5&=?NgAUY`hFYVBvCqZJ4ZyiTv>td5jZ^Vw`Jd0b5n7Yld)=1 z1>L+CJXq_5391G35$dmbwb&Ctvv~;j)3s(y3^)$TEy;lPmEvn9RB=Cnb$?>iJV9M< zd33Z9pVR`_HJdMTnT&eJ%-(ki)U5V5eRI{^%#Nl=p^8o4qN(o{=0YyJ6lj)yM>mPP z-pMaZzP?IH)6!?SrJjC7dOaNa6X<9jH2P6P@|(;t<(_zb z?4GcuM}7XMJsbIamlnHe=YqTJ`8@HUuxwK6MOKN_A&f|`B0&szUpo7+shn_GYf4dl z(BsvchsVdJ$CKC;?)MD_BRXc-T!`)p$!Xx%;%ca3|84gpZwoSWxeG@OlTpn*#%zLr zy>IxE;k6c}<_ zU(ZJi?xIs(%=M$J#CE$=irYM_{eDhW4{L3r1FZa7h4Ha#*7oWh!;gXm0uqk@mHbsP z9=`D&H-UZ-l=c!acS_VAfBv35=+?mMq#`?WE!@CUmnZ}66qf^WgpP=8$AfxE7;KsH zG^yvtK3j+LX|80;n-)3uZ?@8Z3R=tI+^V52vi51Coa(=E}yk4|Mwk`^L`ZNhELZ#r|q~>R)4Y9`CcHHNH`X zdPOO1^+w4^?y-2=bR)nA`Bw?i3oXcpO6JbTDAw4|kB9lRhuvz|zXa??MvW{B<_^}z zRQU4`2hX3^-RxA`&-2-bcT?zw;49Sf?5HK-ABU*(#d_7y#UKA$WNkk^NceXPV5 zeHnvO^7!+;EI?a9WBKodg+a2OSC+&xN)^>4g>n;@8P#Ha->*0W>D|jOKOmi{l^=JY zGyQVkVBTF=K*Ek1A?@h6E$F#0nZ%>n!%y!fj>rqnV?x3Yv9PiVd zBQNG!2ohQyeLqR2AT6+sg?h;LFr6Y+{Ocb;WfvF6M_fKL`>4j5hi(GvDx61HB-w{%l-*o)kOOn@IXQbn{(N}W=}MoGUm##Jnvoxv#ir6v7Y^up z-EwGaSVOB~E2;!PIPY6CUOSgJ_C0&Z{k2BuV>ywiJ}XD8ofEfnac5!^0O1K+o zXe|UypRe;(Cp`6d|FqA_Ra&t-(@Y#sVQxn^_Ix+io_OCb$)z%_2L*J%IaV)LKT4zX zj-(?~Cm8KS5z3EV>g?-_b=(^&Q>F)k%NmKFhw6^&;1(Wz8>i=V6sQ*q`C0~p1}N~N z!cwa591+h0HBe==Mm66(nDv=3KNX^e#~Fkxoe{lmXxz0jo6|G&OnBqPYk}6!6!NUiK8{6$}P{qh%1E@YKL67f+jE2C#K zIo%BaGQ6C8jj)m;{;p6@de(KV`Skt%+2&?TlS3ib1&`AE!;b~ zwyM)pa+9f)Tj%#Pr2NOZO*s1Q`09MS9I`-PlkY?i&a0>d+^<6xZ^t5lO|qC+Js|)^70csDI0l5qLy_I)RBE8@MjTUmHA98y$Pm6 zLD!EfPBH$#>dU!C$5VG*dW)r$^#{MThYDoX0VavJ@AHYFu-~26@c8}gd&$+w9=9H? zuWAi?yx#-hMKwt`{8IHNhnE#^9pHXs?};$){k2PyEAf3Fag%9J`|&-a^s;KwCD^z4 z$=B8Q1>1xpw;gzF0g_#eio+vbV{E#?+=TdJ6LR+;jK(xU_ zZ)d>0mOE)Zg!=4%!^@Xg$)k`>?s#Nlh*eI%2<^Cc?CfwEN;t&y_MdT8D*Bd){7m$W z1+Dt_$p8Qu#dbVaIXv?1ZG7bd`<2pB)}EOU;)t+FUi&QFK9^(t7S*45y0Gk*dRdzp zF8-Ul#&%kL*kry#Nxq;J6Axzaw;Li@Ctl@;7XSn8y^&t)!*Pwv%MS@G`Ccf;Oa{|9?jo9)Cr7yE91C3|?E zGM!ydg_5Sf{;crVXZ4rp%~{AvPins}KOV0Aem58K$Z<#5+230fS?py0R8bXPNMC#U z$Cyp@MJ6I*hpnwmi$=`8O(lNY-bJaAwd=|sD`CS%^ zuqrx#?N|OMQYd5`&d`PNL8w3PC>?Zrcyr|6l-BdwF3dxz?6CwCi?2q)JIZb2xEMyd zQB+@YFLgaP^{Cj6&b{c+8(t+Thn9f!BT%1}q1s{tr*REW*KU9tJ;(8vpdbiPTEN?X zTAWXzPVz4qXM?krj`)&n7dV1pLEhUS)8gphaDs^NmsL0pc>74`8P(@GOiisS#3j z4baw-a37O@JTd89^ZRbDjvNJ}7Y(IGV7Lv4YqY}W0XsVlHm2|7+K4X6vKrd7dMOad z6IOtheRLSk`5XR4&^<)U*0Y~8*yxGZ*U7wmfvUlKV152H0%VuV`NALdn))z##KF&T z$WNJfa}#Y3%kO9_QtRb=1m3UZC)X4^c||v<)W+*{I2XUyTPk07&KYKO)#+g_KV*6D z3Xlkz_4pC%J{-jEOgM@bhX#f8K_yLr1nHY=P>(lZAS~`#a=if zrai(xcBIMUV3KT6JZLxm_!{U^Vb{wIvx9chCsS0m-=qz%LM1W`WHjQ8U9}}=`jh*l zPr_s6k#4GXGp~Enp7H0ZtztCSec@^5;TW?@F%N6aG=qY{rhu$7G%X8>b7ZbUvtI+@ znbr3#@s*oXT<14HjnlqFiOCGsqj>m)SC71vu%TAULbeY4*&4;aNd7B-#?O<>lQS`e zXar`@D!LJV_oZ)dCKW_?7!=;sea4c7?a^xfVtxCZMj=KkqVY#g3v@^R6 z)sfVz{i6ZBw<1a(CdB?_;N!CmAXPp-4I0GIqLR=jf01bGGk|Bh66uLok?|>}MPyVU z72)TOL!8;_c==S@(MpNmD81O7cfBYJxrU zYrj9b{HVqblvseLo*8OfJ|qd3=D`UnsPwL?;^xMB!5S#}0Ji(8L^8Zclici$xpWW; zyIZvEE}^D1EIs8b$HNohNfv)hK|aCA1+3(?c9==5Gq>%*V52GScRS_z`_Gv2P0y7v z<(HIACtn{gRP^K2v~r#;&RBXE!we_HfFI{~+pq z?sA#ber(#(mpA;gcmph1~-LvF4XKXiG_NSKg-v?mzP4-GIzqS*01a(|131k zlr!}+D82}(dYD_hzsC8C4WM)iem`f@?DnCdyZsJY?8}Ir+2L-OP(gZb{{G#s=wa_c z{{1{%`KGGF`4F%kCVDWDL>PL$qF^fqx{4N?Eg!9+2KNMjFwEi_^YrHL_)u<4kQLbj zz75AjrvzQR150^r!RRX6_Wrf6Ll7|8nIxgcXxQWSg1lCFr-#gdg?0xXzs#;2Y)?H4 zB*p&sy%$YcN<%!lTk^gFCIQCd#bJX4T$EdM91=N8Y;j-OKQ71Y5yCUf;s-6ZuS4Bu zmlYjpDf1Y76wwbd!?Pp7H)t&wqv0?a=XX;}ttf~`>lXjUy-gd@8Z3~2bZe9NPr}*Z z*jG5B{TA(DUk{r7eL6x&G!b`<(HMBxb*Nx7LZ^~>=hK;L-~0XifLYz1=#&PN&52tO z=fJ)ga-_lI)hbD1X>G24PAJZRD8tmRjqUlsA;(`$j*0g^e1+%cLUc(G>VdknFrNuN z=rh%w=TLO_;P*6_50GrDw8FtEtBiYJ4J{%^ef($tHs5`oRr%b!sex=y6*0yUnz+f&IRdZ;hr5shDJzk_q@UI=;ChUTlT}n5 zCy07reg^Au^kNvbIxjU&ATtPYho7J*lnR;MO zl~y<=zkJM!A)F?3KAjtL7_=pD~-I)J-66z`)Z~fq|6BuA%V7vd;XV#S(Upb*xlF7 z)IkEEh^VpKDy`DK0tCzEQ9nOhE{w0!{kJvnW(uxFA)kxesbFuxn!6{M*_(!M=WBd6w9MCvJPfL)tIcq?qFwpd4wvbFdh`?~|~Z^4SqR*2F!#-DdpY z;PU$&`Fe(QFU5{?-G$SY<1o9K;(k>OCZM{U{mRbk>o0|Rgt6GhW=^#dw4}2fV5&v?5V?fmi=&T zDu0SW+}|#Tt%YfM&vyGH3e`F3#JF7Ad)duY>-bM*NMHRu;%18&&W@c0K6-r|=3oR+#;1etLs z0WCO$f4zS$*FCX7tTj>=N&7%&jd~9iy~K_|3y9-OgFu^!Y>RN+OiA|@^!K1Tu)!8F zQN2paLi}iyTyElE-+TV+_Tgf35B$F{cuPGm#^81*Ww9sV$}g-bDL1wWDJ9R?k19ci zwbc8IU52c08-zc^+OMPT0qA8xq1*yiu=Y?qvewL(535p2educ z+sYN$&GtZ)-+k2HW8~g0P5}4v7c3S!SoMm_UOos!CLZ7}QrZ3Eip={m1!~?}Xp8aT zMXDZc;v%*#>roByE|$wTW@;I=e-^V^*4k}5wOp=az1gP+a!%#bR#)&&O{wRwk_S@0 zxfr9;UFgrB{jHPePyWCiX6SZDR_WI@hi8^oTLj~h4|ino0nLaXU*FE|oLisQ*LIEZ zyv#nPE2pbgKLADY7>Y9W9-UI;t@7L;n~Y8PW_^Ce_j+|o{yxsEcSqnU#p(RkwL%`P zsXL5!m-Eup5$$p<-utcE4 zi~eCNJ_jhGZZa`)Ma!dv<8I%ALOcGIeBaKuUY1XbcrTyP1k|)c^LpOS{ct&LV?}{` z0%$>1IPbhpk`Kj3mrzenYu+*U@5i`qUp@PN9IUC24NJd@(&O|=&mQgUivb(#E{cOS zuvkv#~ppcqHDg2bJd8SA0H^kH_(sL~F@mzqUN)5p=@(*2shkT zHK2Nndp# zXNt0~BxtEwG_v?2Npd(n5^2C9Dr_-*zwB+L5+#uA=~A075&aN8pT2HlGU4Zk>mV%W zbFRXBz7;@3miJwaH0u}qYcL0|?%@0qPzL?sFWzb+i$MN@belE5IwSq@WQllz2whXA|aLGy_H2@S^>XwS<5 z{VaB5e@csp>vveF)!}CI=nj{^PhrH{+F z@Y`>}-t)I-=H8k7!58IIzupO*j5qNfjY2j?V-~W6@(1#~LlJuqKP&H_E8B>Y=?>J= zhs$fWhvx%~bQkXw`+0d7Lm*{>83gb%3>oRPA^IE3KQOTNUrH8i=YzUw?ZFa|>k-pT_!C6tW@ScU75!3wDs81mr~5wE`@E-qqnnD-qm z;~m$l)foWDIj1(`@~9S!SNS97SY<6*^MDL{ZQpu<6HJP-53=nA*E+$CXY6N(5a={a zP7+*UZXLf)U!pyvzrA`4QW@p=Gw~8d>XJC;?wJsn%6DbGbh#ZeRy|&ogPix+uej@T zM`LTv?SZ<_%!4;z{>%*GuFI{N%?*v>E(!;@mYT?YNvL31jghY^I#kUtVoFGG1CkQei}0-^xBm z9+>U06v+_A;cvrERK2XZ|Nfy3Eg7ADp!x+z;+mAZ9m`d*AI^LJ@`uy& z_k$BCB|g4cO;CUVeIG8oJ=eginK!`+cGwVY>enECl2ib$=-?hMa$%@n?(m?Tp1eST z@)d<$cq82%8jP9B{(bj(iSqN~8J4oj(RN~?U_a~Aj2;w!@Z7^TA6}@K{Kn775P6yS zRxRWsdZwI{(2t+arl{=^=xzSCSm6Ur!F6jU0G|9^tE$Ano1=XR-qD|tzi!L(N1p0o zquqY0C7zvmbjQ%moqdps?`#AN+%`V-4N{m>|HEH#{+vso0clUwmHbt$gW=WDON`(X zcGUFEyu(HG=P!F?SO$JN=_f#VxAR9W*VcZ9?<_mm>Xu>2aw&kqNBeUbBnN5GTj^wH z2Wdt}JYIkrvWayyzrEX)^`03p|N+oIeQ$m3IEaDE< z4B=Ate`TK8^R$Iw3-CMg3k_%VpLc%w<0dc)QJyENb}u z4deTfB>3|uT63bgewB|iQgtVcoB6@-wLdN&4I7Q42BTU$!Sz5w+zYy=WfS(OB*>+w zY_u~0?Kx1V{1XhXT|ljY`w7@V_F^xW@b8r*0gizD-UPpY41%HGLYQf_{NWb)1uyPaKgO9T` z?9Rk5R$)IEQn1$XQaiYyI8~`x{uVxtp78yWq3*YzHH*Iye(MYUzHs1mB}Aw7OicSB zP)^3b)j2|Y<2&5SE%g8}aTDMd7~e|q=*-QfR*zXS4WxrMp1 zlT$_;)aV|7p8&5(+`_|xR-X1Znm-8e{8^l5c9Bxmf$;H=bWMm7mEE9>yzP_R@u-oNMqbhYCQ|PAY*sH+F3pEDkxy26 zOk2*26!pNOsqR-kp(637N5*U%YhG%GbFXl})QI8nF};=khGD5~=2Bh&u0F!;>e2?L z24%-41wa8wU)5mC<^qzS$t38jn2bYyFw|>okoLyi-t>Y`MMJGs*>D)8F3_m1UbJ!` z<=k$#I%7at~P=Wu#hIXhGP zpmxT{TsvGmtzJd_`Yq>I^n1kNZS~FpK<^@8i$?$slwWt%{CqDfI@QA)@B|^;Lldo{ zb;~$>)cTz8-@fM8q?v#_{oSsQPhW)^1f4@X12@F8s`;tq1ZG`|6te5xHHEjSs(qP# zs*x9e3-1sL=;om_z?JsAPvMY^F#YEUrzh87@c6GbFlRI8_k>8NrHZ+<>z-j4br=uv zH`bygh^;_f;XOt}X{E>GY9~Ie#2wm9aRVgf7e5+$HC`t|>*B-lLHhZS!7iW*)AyyR zfn#M9`0rImp=Q|w^j?DT6<f1p4f?eNm#13$5nBO*o>WP0qWoii$^i`4*mgJ>G8GQw2zpnB*+d@4Kzqb zP(u9TtHZk-qXqt?5XQb``hpM!1v8*h>D`ml9?0O>-}bw^^7k~v+VjZ|?IKFj|E#h< zI@2F}Em!MFKP(5n3`_Gybga+4GZ`*=kJ5EckB2|X-dCxB(YuV6JA#t`R@udLzRN37 zC-y|T{aGc+spT&XmSwFQDxj2GOwc~@*9#7kAzqzj4k%d!ar*KB5P4Hx`8_2s{8DF~JfT1jL^+nzQQ!cr6pPkJwTnQja|CLxvd>06BlfQ7Dngki}cw5TIY&W5x6axT~IrF!BIYmR+Bm*#&Yo!OS6N)SbVNdyEQ zMHxf{1R39uL7C^tukSTYv~^v`>rO8fA<=~QyB{3>yi+mu5L)v415)H%~--ayi1%G16BwR<4P zQ$|J^WzplgVw^Z^aQJYdmg|2WndrFDvfX|+WC-itztOPWIbVnud9lmlFpv4ueF^)j znU}!GF^?i@aRBp`H;XQO_$OoO+XAffL=jKek=5^!+}~l_60+7m-koW`k(I%X{h1i0 z`nk83S9a@31N5MutL%C?IYXnSL6g%$4QgB`G-S_F(t(kuwoty}Zg0^2&UzoQv0fLO zl+~A#&$SPUE!4ACpDRj)M?VFr^mqjJV0|BIGfAFS7P^d=Aqw+P-+M2qPEtNVL8DbDsN3 zey>yb@)R=-!;o%P_XwUupZ=qNA0qT0u!ls7`D-?T|MUy4kw3QW5zHe!d!;U&OzwaS zBqHs;)rNIA_|vUAbBCDs?)PB0*bwrc(cZf-g@yORv72LNiuc-hs+N!+mh?1;G5AGS(_QSsBEc-0*+7A1S z5dbppw@SpD>N~v)$ErsW;yx?fJ8DE)y%GR(rGx9xJ)8qcC%C#Vb;yVq-Mu%egxcjy z7->_(Kpm?dFE3^FbfAAODhdhGV~b0Jw3=0qM5K&}CW0$-OrCH)L z9nMc3jy=gePAyn&CEf3yJxT9X%Ac!*FQBT=5y+ggYHsQ8?1L2f`~|i#sT&_;Y4Rn@ zJ#rc?iDEZViU4=}&~b%S=DB=D`eP4ipHIbM-LyX2XyxX)swgWIGtrUY9Azdyl5r7F ze{}cD$;GKKXTfCSGH}zPZf5zhlVZ*!y~U#=W*&3m)HjdnZBi8>Tm3UNsg$=Fs(p zpC)(xY?tsZLJ@ho%0H+~R#rm~PS125S)-$TULIfP2*&kmFfV9N7 zE^#PKr7ndW&Oc_uU8;wEI9M!XG2!Q2{kmK7uF(Xhy~*r=vQv(=0@CpFQ-+-L(&%T` z{CbZU<=%UXmhNaFc;N}QUssZQ+wXsp1kaLU7}Pl#CW$R>04vs_sTyUhYVKj#iTv~N zvys=Y2GSH?(Mx)E`Ba}V@hiZ~cN+Id)O2k3ZPGE;la+4VUpF?V>$p#F2MS9zF2wM> zBoRrUmnnBp;NlY*k=f_--|e-%0%O}^o(e^aqiOc*sYHjOJZtowf|bdZ3qvt#bEzKh zi;OBV@CmP?K?L@Q@=ATLrlSA)`z)M}cBQh)HE`~6yzgIrd~zJ7@c2*yWKX$1(4y;? z?cA?A?~_S}tr-7KcGC-yFK7-aznefj&>MHbGQrP~av&MTp=#El(XBdw4cEY&+2s3oOU(7uR^$qA_uRy!xn&pan4^o ziz>(i?C7+d#M%1TDGPF$F+E-$tc;6v{axY*_5O-_%ucVL>}OTRAHXMixDsh)C-F&2 z53pn|Y0sM6TRVhrXRKC)hWmDC`j+obyxNLo^LuZym_liB8A8QCV&*lcFaHIvA)IV` z^|P}3>V^=IKfr|GG$HR1O6#W90lH-=Tl3%#cU18;Mf8cdFPe0WjxKu^atBEU=4mde zrADLsVxM5P=BR6JaBv!L6cB ztWS3XEevmT58uFk@o_)BPM!>J#n@@2eOX@W4mfoOK1 z8>Y6=T^vDJ9>xhX*Au#lb`)RBRekzFvTliFr00)QXZbM}t#??WoKS-ZhVH<_H3l|y zb$!rJonnJ(#H{CHG-@E~h|ITZLLtbpUEjC<0BsEb&ksxsz%vF~8paZ8Slmm9VYZ?9 zw(p@OoiOU3^Vnv~EsoabRKHf*;6r%mxr1n8gYH0@i4>((gkZ@7t}3wX{>`ivhx`_n zasDPM=yK%S!*71?vz6t&z&E}Xg^VBi>m?}wdFM6Q-lyqLkY18;Cs8o_@6#W+Z9dM^S`f~*2YS|V#Vdv#0=6t zRk#_m#0J?2v!9*|8KE&ELP0Uy@WQZJTtIX`{qlN->R(%0lj_#xjw}rCezN{)+R85* z0bz5@j>R6Z>&@{Ho#@*YjOFF^y+XqI=k>rRa7Y|hWD5CmgTaLKeV~s6KNWl6SD!<@ z(^q;(A|{Vm31*bweIAml+DP!MX~dzrKVDEyf&2s`_n#Ed&EXyHGaJOO7lyVE>a%vv zYfw>8W!CTLzN^0fvR#woXdLIkXikfx?BS-$Jo}g%_{+G*pUR}Zig#K-PgQqM_r!$I z4zJye?cw`)CNlO2H^@LHZuV0Wf3G@yzR$y*r^SBHO`dc|v-bP;;c$U^M^D?s%kF(! z3LnT<{h|z?=}+5JX(fpikaH3DKp+yIx0nup;Tgu=$3!Ofb1fdvR4{(D^ym8{Zd6a% zU;qvt1v0D0j;r47X*v55U{{cS#`W?p-PD*Cx+=f>WUInbMc3wJ7SAU|xVkdmP_ok< zO&h&FmRY@HxLLh!#wX(8$~Fd*9O_a{ptV~pQ}Y(FgYR!=qinpF8i9(gMBi_Gh-w^q z`)KO9_hVPw&{;_@mr$%-?tz#e4uaeFDIuev)Cm1z~Vil{39yR z-y7Q;y9K8zmgcS9mt74lWm5q==jP7>&$nFLHqJj)8|=Y*Fm}dmDf1zMsA_1_P`QZ| zE}xoH8Fzw2wPNUpLsk__E6Cpzo(sl*O0+GUlH?haZhHgq4lJjK6j+b)0w@L$)t}== zzJq0e{Y@mO#$ZL}}`eub3wbo=V%kACCm_}QYTis8xzTWxMKJ=o4d zBDMUQ$LV0SG?&Zq`76~H?b{NsmdI;NpTmRI;F=Ik)n&?$81)ZIwT$9uwlEl^{Q*5R zle9Po*VqwGq7ht#yK0d82%#@}c`02BZGsw7zh9|{0flMbuQ=4>lX}7#in`6I!R1Kw zp}j9d3`qxLl6CyuJv`?O+s^wNUFvb7QvC_<%TT+fo#aSGDXr{yhpuulz@r zRpx?j85&+k28?`fN9{tQ!_~y^yRzl>_9T%86PU8s-RMPxqlT9JL?F(w8-Ex|CQRfV zCQ~QdhrQ>Jcc6zd>&KZEqsco2U z`@p5gOU^X?;yA(1C3gfx#)uUMlPPs!HoraFuI9kGI4F7s;G4K1zO>X1@;{-MCW+0po13*~mJxXLlvi>4MD@oWSCF(1xDiv$Hf=}n95 zME#N$s)!u@GNRn-qmSx#zFhhUWwNNK*|e7*OR3)XJ>O}+NveG}b)&SSWC6}c;g%F% z7z~3l_t+_;m>6JqsNzub;QDiBxG;lD1NLJa$KJqLYb&TNN=(sz&7HVnn(ERQ?Rd8B9&J(aN zRBOL*Ml*Vb=^$-MN&Dj??G?(@1Dffvz=;^8S>9?CMC*9CY}W!PWU0)Y%b4p_c6=9^ zo;Eg=c*8&?I2vExZbZC98zY9|cfaky8vI<3Lj2wjtUn$p#MQ4_znw}nVTa?31~Bz- z0xZVAp0D)ls|HIBk_$~u2Fw{xgQDj9LQ5iveif>eaKH(=@;3}F<_x;x58ea3Yi56& z1DLU?wwen?m{SbE z9sR=>6-+mz;Y&7qcmuiKwP{O<{B^a@_;`PZeQKObVf!NvLWvg1c^@{VGRv<`F>?z6aKey zIkEMR>PTwvu{A14mmEic;OYm6ZN2V$lIT7xXHhz*?-r(Dq!%%M5*AIR4fmlsjnz%twn|ogSC@ujI-U2?{sUY5#oFSrO;z zrv|<>_Ek=Wa7>W;M;RDmCz+OX5qdEb&GRjn&^pkmDmFFa)g7=)6$9Lsy?d*R!+S3= z?KcR6CZEdMdLIoBuxtTp*8J|OF%fLD z6BcgbN;p?EsrxSh<&Z<`^G{;xvCd14Ke!dqqQ~>c9LUc9Xu>Mx6aT471Zm&5+$jmq zB@max__ihCyKGPNA7tlx4TOQ`GuD26)H~YkSXk3xRujA5uqxa@Dx=gY3o_v7N&yN8 z1~Qk;@qb?ypj~#3+Ldju%sJHz=IS{2Mp-4T(pm1H-LC@lRH|v8(5H}oPg`>xQ}gNK z*pG8W`tG^zOEuNg4tBVMEja4iNY%w}IsOJ#ukTAFvXxUS==%m>YuNKa6R1MJu;vw7 z`M2{!5v~4329c$w6%DaeO$~y5&Maae?6ZpYs$*G?pLR*URQAdzhep(Rv6zZt!|`UY z>~e}+xgf`*peS;-6vY(GldI|Ms^yeapW}pc?Cwsu+V9wCkZ? z;<$Upd{h?U*N~-&wT{YNJW+LVn-Oq}b7uG$d5nC&u@`jG8lH9|JsQ#RqhzN2)&R@* zduZSFPax$V6fMH*$u*6lU#hVZ;dQH7KF!qBd>aq^;cKU_iB4Tp^$mf!Zw$-CP`G{e zQ9*V|*O2Em)fGntJT>(!ZM(^`yiNJbJ;i%GeAZ^IKDY`Egq|0N(W@%r9M(;bed3Sy zv62se&DG=*8?{FEjBr74ucXqtf^Xo7ASgvD53-qo=W=H5q_Zq8Dj-F_KR*)j#9vvR z|8fD^s2!|4Fdt0f7pD6MuWayR3zsCov-qU#+ z4Y3SJZCIiI@LL>5V6HGUpuMuN(6nB?_DSg&N}6G(QQ>c=>rC^Xbij;rqdKNJ_T=M% z1>pePP-iKZLP5=P3Z+%6Jp(FCBalG5ry{ zU!DUH2iYO_PZs-v-vA1AdAhhxQkr&--3hOKC)Q z_!Rqm3l%0FYIj{V9}yM5mH*{{kv99kzKT;O{{0J!r+>w)H5lhvO?^ zX7uvfSGEHd2Ic41zA2PKuLc>ziPDp*wx}SA^4#O`)$jD`V|419uB8zjQHbvNh=kv0 zJS->6Oj^7vFQi2kw(ilBTJ5nXA4C}?9we^tJNz({P>EDm5pW~@m5>?^lCAdl)Lrv4 zAox{u32#^~88rXq5%8HzcL~1L!Ibxg>s?YV_K@%B7~i}P%Wn18^;_&OkU#w*g> z`ChV5N+iKkJYZ(-=DwT(a!MX&w%L%^!L!)U;d0(?mz6gn_KG8}&uo+R&pnzl;6D4) zob15w{i+bk-wS>}Zf3{r?+WgI$Llj8NG$Mz2j}&iTG{DZi zZ=PoU3em+rJn;_iw2_JB_YogDm$7KfSj5rQVodiJE>bDCz3rJ$HABJ(e?KixW`FGC zd-1S=mRN>54(;TyfcYFhA@lt#jFp733xB7ij8muA>0?IJB+G|~Q7~uldVqQXjZdvJ z;}WRHFZXlhUpSGUN8pSK$;+a*G^pmeTF(LY@X`5D}rAAh`@n0*R}=i=~lt`G~jmz#cP?sAH~YTw?j zjmK}lIW70FH{VI*BGB@2&gI|WcREcq1ahJ=mqaMonRIg-pDDH$TaFuqh29(N8U>#4 z{)HO++v{TGz=YuK+M3<9gJK~CE6t-Ry{M7rBcE@3pOA2OjM!en@8E+Vb>MLe5}sPg zyzO#zu`hUH%BZ9~OzXY;l9XmH$E($xSDp{U?feNwKHM)ye)CxWPtfhFDg`;d_0pNv9yoT8tFGbjL4I9+q}dE z9q*dM!ieWc1W)hI-2yn0s>_FLyzgJb;+HvMZzTLa59ga9HKj-CT9oq!)lA?5fhmme zrFeInpL-{J)i1Z{N{j8 zf&=1szg<&}3E^DMr>VE@w4wO$X{USxvH^!qEb6=mp*!pq{ZtOqKqz?M+%}-w30y|A z7teimV)VV9q1+cnA`vdk4=oA8?zYd?Uu$T+$M*qH)a`W-zkh?}1-G|{kxQuMy|3s* zO@8lg*Up z(s+v#f2oc7aO_HKjT{>-Y`q{~;$OTS_6-)yiy*K_WJPoP`%6`O*V}*@iRHSlox;Ib zDujeh@S4G) zL~=SU_B-%E9dn37K2R}U64EYqawWOH$ztaVe=$73$T&svzz?oz#wd}Z-GJ~=Iq3wa z8+2|_RGTvE0NO`# zcn`yzN)~9fEeZZ>I0_-U&8f;C&cpM$O-?aFxC|yQAN%{Lz-G<=+0E?e*ldH*P!fw?b#IIV+ zA99WW985|-H*}CMXM=w<;puaqp-|-3b}Tdq4?nDn=CYPWK5y#9byRbGV)BBLLjC?= zf*CBvi}7}f<^z>dCbQD=Q5GH3G8Sd-I|@$ntIYN{7gGz~1H0~-xKw|!O^N*{O{P`> zqZS$2?g)HJc+M;-ea(hT$Ik2Kii_2yqX4fh;eLLi29Q&|=pTV00P*tmOyP0#!wzvXximK1n=&161 zJ}-~rH17$#Hu$31CfLNoRJWFfyH+&ZV-KDn%k!AF(kf*!9BWeJ9enR#PSies8r-^D zx%69=@3V{x$HR0~*rTAj9f%d^z2|kA;iiVs&9C2>5A(wr1Loo;sBYSD4Eybu&RPXS z0vfpA0=0GZ6ZU?nmZJGmdcyCx7>e#e5iZDpT0`|eIPgLP4naU^p3Hp#@GYvm6^2D7 z4BC>w3D(hm4_@?|e}DkDjz_xo*8K*u>%%QEzu$ad`A3rU%*edNQzu$aWo#_hb5Gi& z>FEQBt6$9?uvR?gW~GT zms58*x5wCUsN44d>w(_?c7B&t>G(Px^}vUT!##p89&}79^pYzuaFjQX1djS@$L}>U z_Bn*V=g9E#w{$${qJKvJn7P1H!vBNQ8BX&8WB=gr=L5d4M^ZilV$(m)qH1QAa_4TW z0={=8J?@$;ATLvS81-;*_itB;HAfI1h4MK`*Xna;%eExCpVqe{=bpG9jXYa)2AI3P z_=R$f!CwD_QV0tLUpk%i$Ee4%XIkyJ8Oiyxg9;k7+ye3P){13o4!u|Q7uFC^t~OU^ zB3EIiYWw-?o~@IQ5M^u8#q{<)zD2zE@d2}rbvVC9Rf~;15c7>U`arGq^c*+Yp8*tP zzvg$9r<$JOz>QryUloNbRNX#Hvr2d&B5fX+_uNlxzl8viRxuit^*JP^zVqU$#7Tf!rcBt8DN!f9n_9wFS>E-g-uKE3akpbC7fB zOO?;@!;Es7Gje&Wy$+5 zH3bba&-)5aLysR7H=&MF3k^o-Iz<+2y2CnKKMv)OI4hOm{={XZF2yHl54dOdQOYJ@ zY(2=F>7#->O@}`_h~ZM?(S2kYGEqHF&1o3h9+kbywqxD+qn!qrW_UB5Eqv5t31_^i z<11c12;jm{sV%H;$5(%5{%O{`Nx#Ew|L*Z;oT4Kr<2rYW_#E48aYUrxc@FVInX@jA zd)Wx2XhPcqqUBhe`wf=~|GpU4M0lx%@;YDi{jRCvJB)*1<79W(0KzY`q;6!D)`EB1 zUwa-D^eWV;257>XZ2rd)F_|*(Hve-aNv|{-^TvcNpSJw@03!%G^!v-{XAM*3RXLz_ zLZ6KNod+k`oY?wSo4P9O$x*@SG!ySI=g;Ukey!V~80Yg;1WJ2-;o@*6S`tbBQH}Gb zFBU#;A>hUtoBkB!lY!T;{&&4TR*zUK}%-JNgzqdt(h=_)nW8m*eg|H_gwGu z1e=LtQ`1lroHCDAZb>wLih1uK7`|F?I^`9hczE^=y{TzrzKmC$Tbx`^E^&`GVq&Km z7G2le8`iWYo{bREBc8r|TgmD_W&3`9>)fo?90F?_Ew!a`*x&p@x9ml6npIWKBFR2J zeb|hI>jQ2A|Gpd3jtomiFX`TVut(#uOdb?ChvJpJ^vLaxLv2PlB}(%d=2w*7*Jzd} z$+{%r=N?G6r;2UzX}0Z}W{>MlLBQF62d60%HSBP_rYxQpZwTr4uq|t@e007e zbbUT!nRFtwf|YD89S?O{C3F}+2pEpFGPQpLyth%EhHz2#=*Mq%E-rkz@3-%-Nx0L(rA*mwC&Iw67nB7K*Bek46=hn1HFQTm&ipBR9-#bY`Kjl4ehX-t-ve5 zh1Ig@xc3|J!U-W)s)XQJIV zGje}j?mpqcPS#s?5F{kP z)MbH?1P0*EQKMlxboKWYsm~7flj(;B?U>lGRH!v+eQz8an6=KlNFg@h`JveM7@_lD zE?PGGo2>rsY#JZAs(IzVG7S=)RaN7sb_P;4eQX5PSj1Q^>o}PNa#N{Hu=F=^h|SBmRQI22?mE$ zSh~mO!~-3%=wXp_?}o)HM3oY4Sw9P&Fd%hK^{K{Z+=s`lRYY_0o*OYB>&!Uw3EjY_ zh^%-7+IXAjj*JDK>h;Yl_zW-s_+qQa-@`YY;uhw!$J22B4bKZH04E&sK%^ZII+}&? z>zFLRtVk_>?Dl@Ovne+;K)FA8XtM87F>P^H{t~O^!!fluaSqVNRq8&w^wVA_XX=-b zD(}sJs_9FjOJE;`hbZo_HeVZU>Qqpdl94WYL-lS>ocOa{G&DIROKHNwaaPoH^S)>1 z0~Uc{`>?`(JoibR;JaVfO})+h&=+JXpO9wP$%? zWUW56=O@me-;*wQ)1F^b+qScVn$J*?)MeVTK8L0jtk+MZACb2NTv8maF+)N+&|_+*&JYh$@4rB35#vL z`0&Y?kUm-l6(hBuOypiH6nBWMzoKhx{=Qv$9P_Vq?e45qUZ#u6;A!18WeEcQS90ZJ zYKL*xu9F4=C){_E*G1*x1@#0>IU@IGe|7vAUwo;1@WMRhH9ob{u)m_|O2PlkK!agX zWP|;3OxAl}i`ZN8NBwxSlRR^`7lmn^r+D@i6YDu&$^Fog`C0Px#45Z|qy)J4c#zgm zwjU#+J5L-=RqWOoFT@{q#=?=Obj>Zr=g-tO)&g$6Df^~&A0GQv%A%BW{v-_hxx03> zXZGIvigI|f*yirv5u0q77FP0z)lIBm7yP1i>hGNK%awkzR{HCQ@C>o(erR&%FX2n# z_fy`PfXtu1`!QtAJ|)*99zLbxJkugsQ@A5gb;je?xW7#Q6L8}nwF>RhhePseZ@&?n zH=gpu$w6a#U?0hThUn|W|F>2FUa-}&Wu!r@BaGN%Q#R28u_W>nW2x%EMvHhauAJ3`fwS^ zudK(f{VRVSs*uF&mS7DN`BAZLW|g}$C%Ap@ccxjP`-i^>e*b_@j~Xtf6iJEfRPN=M{`L$0)w|*gcZAMU*Ax%yDv6J1oEJZT*pqYJRt?hqJ*4=x6s&d24$r#-z~rCvGQ zE6L7~)KFxxWN)fzRm;ku$Pg%af8`Y9Um&yD)3epBQ)Y`x8!OTr|LD!hQTaz!Ce( zxsYjw0DlC?jnIOMPh^kH5q*D;%qIkg^vWmYBBDPbZh$<%zFSyJZYkY+oEBv_g`iO> zc-CTGGTAz77ac<6OR*ctz|7=!*Lf2{Z=g&W!9RZ=fs&hiaxxi@N|Jn&o^5C5dGBdb znOfJ&1l5@y#QKYn_=M9`K+Y9WIM5!NX-*lJ3fkn|_q!a}Px5&uq4xcmUqFh1kOV0W zKYZew1Yx@#U6G&}M=pwY5;G3nxaI*hyhqmxEKBzG&`LSMaRrx_< zmc)OM$4I`$ovBIgCvFyhzniZ?&*h>8wSJK(chJT!oTFhwY5500wU!`n-IcG zU@P7I_CqZFEQe<_JyoRDa|KR^SgBhH-ZdBH&p;jT$UvLnLJ{kuIXyWw+MXXmI2+3N z9PjXAb*c7F`hT#Hb=+@S*O~UYJ$pxiQYm*=2L}+nH;=9P;gh(|BLiTl5vUpn85(rl zMUuEBs}xm++0o0cZF;=eKEQX?76x$`=e)6*61WNBT30~ROIZt#u92R1q{TtL^3y!vYk0hep?J_+cProevydeL0 zzQ6<-r#JWWh8qxpulFL5%@v*S#}D;H#s%&#PCKk))RJX}#4%M?WUg{wcqD3=s2pU=0HKhQ`g?8`H1W=-}z zINu3~czhn7)+h)St^D)SoyZE{u=jNBGq}l1g%$}Qm>TbL=WiWw=j`Rq6%L0UN^vhi_jb)2#Sdl@Xuen|kq&R35@n zIq6I*?2mT^;3NPlmaa4l-pWucIh(hn)N3FU_Z2N8JC>OI@mHSFnMuKGK-VAJG{hf& zdPi@rbv?)mPfjFQH5N#|qZ0KEpRQ&<(WdqiPGsPfX`1Y0h%o!)7RjA2q5UNw8NJX^ za>(b~zUJyq7A#VE+R`90-5!s8qwNLIkh#y`hbt?o?5X?+i9MjPBl9kU{*@0F5JX1a zKBw0G!=_d2W?U8#Oeq|m2&{b# z)7@jsuZ?TKi_RXG^}P+X*1y>Ocic7(d$sE~g+cD>2HKLq00G{wjB-FqfrtAF^YBi&TtSjr$765xRt&d$ z{tLfUQMI4?^QJnReP*pk%BOuq&Wz=S$c^SeD_qPbWdlAxF=z@f?rlHprjy~-XRW2h zIe&ClyxfKcCNazO?20|qn1{u=BO#L0d2V&uT6{q5$Q5QfKIE%N9=DhE3ht6HaFDJ- zaQtgbqr8VM69&3eGWlD4nzHY=jAx0$Lx5HS{v8DLZ!05wx~torw#TWm3az`=+xoC> z5BGFIUfgTnB=;`sWX)^dvuJ;ADKCJ(0a_fZo(iDm7u9w*@F2wGKwO9??2b9>z{!vi zy)z*#-A&v={C6|G4ndZu0xTm#eWeD&%*IZ$F z?xr$4%d$tS!rY8m>s_AEsDc-spXPQZKPq{t#LadnVVg_XRh}DVpF)}L#G<%~466o{ zbU4z-z8qc+yULnlI_ju8D!{eBxL~@S=Ls!7nB1TMg&^|iUH6_7J{19)jXORC0QCKM z4ACSP>n#m?bI}66fLZQzf$Y&@HES8r?iTpK^`?>v$Tm zy~IaArzxJ4m#=On8eZ^FSP#J9sSxJ1*X~^;YIp~|bpF885nW+VXP9R!p*MTKzrb&B zZinB#SWYhnQ|04#ys>4&C;Tbeck%nwe$m(Va=t_PY&S_sKA&wm{GMHZ4N`4%Hwz3Y zw~FPky&HCjx~S`fW0je}<-d-X_8OnDuU8!9@!~7atjqA!l8ki_Lx|W*UA|GW1+SN= zy)AnHjn5K)&RM(^+ew7wGP#BZ9{a1RmjQ0(p#g^7=u-8t?xVr}HD_-b_9>>Wz5dX^ zGcsun?SfbBCl5ED1O6H{r7X!F@relPb#o+e!N&WZiipl;&$OyxOuO=hPs-PG-+1&N z@Ml)Cv(#g=&%qT7BbpLIDm^t$2hv=X#YwLMmAD8rg^N_s`{aoy%F&&FFW>HyoF50k zR-dorE!!bP?98aR9osHv%Rm{o`Up1eaiAw*7nK5D%Le4qJeyR1duPRKzUE~+aVjg5tC#CTY{2pf@^m~!TV_~$-dJ? zs#KDjjdxqnqS+0|_e!tk@;TmQyR0of0vQR-uJo5Q2H2m}ilBUC=S>}gH^;tUtbjwH zpA+5*2(7*Q*$u?~mV+8J92akSaZdicvw(Z&=_WD-epObkQaN94W9U1H?e1&daE5_2 zEwHFviLMuLv+|Zj=+W=1 zknZ!=y_dD+KfgoVdhlI7CUHk{h5Oi3@xVb|o2M7(7sk~e11u3>FRW+{Y)qj0n9bAv znT}pauKigKb5XddTwvM%QD}X2@HbE9eBWPxMc^;|2?4E!t^EEfTO)xb%T7hV(R-H7UX{$%UHL7S$|xA`dj zI!Zzt!1q?Tj#^l!uj=uyV!w8bqV{Jg90D12%keth8BK!I1G+>KT?xC)ZqQbq!^2kX z8!v@m2dOy#l8L5@kjQ!jNTz0ie`F8DeJsdA4kp#ULjKc8cU50*w-+s%PweaB_$e}P zp9hoKW%&BI8Cgt8OlYR(LFfACFH;-a+FPFaqK=&tIuKB#>ilZF-QS2h2t|R>;_n3% z!*#y-)S}o6#cc1NDrT`nU+W2}HB3^xp}+Oz*~8S)|C!)W*^#j91OIp4*jfJs;0u%A z%9eJx64CMI!?@kG_tg!7>xj*}{#i38IB>c@V=~*P;x|XFHpkp4O}|V=M%kGIdw6P0 z+v~~lo^M4)i*1hmd-;^G?X%D2^W`%TXdn-SNrFdXa@lQd`HSzcqnN2zW^Ic7D0l|H ztX|cnQ_*P*nVe&to6^#c>UGKTdg9{x9K8Ci0tUFcy(9hUtEtCb5&e7win{#j_3)W% zvEB0m?tZ2Q0%?mBjYi4=Bpe% ztP?N(5}uE?e9fto?31kWi%c`Wj_5OhZpHeox*UFz=~|T<=5H1ao9nOj)kzz13Ku&m zu1;DN_aG7?@%DtZ64&SN%MrBI+vuG>r*wTeBXK1^Bx_&xQNTbRL*?#n20%mbE-mFn z2-|CYh8o4pVPuZ(x(BpA^ajQ0ArIl%fnP81r@>zo zFLTmUHwdS3_5`c+dZ{OqopA(_6kbp;_Dd<`xri^ zkG9!&{a(Z;!q+l6=>hsW!mb;Pazq(Q2Y@~Xg=kq)HHH`>VB?;2Azc(H0PMypT4?4_ zz)TE#_%Vz3@}PU zKB18k25heG#e_b-_b|XiraC34;lzDfWTH-NMGN!$9Sqm|NtXN^69eSMTbNyqWu-LH z8l%h&mzq@3(hEf1@ta})t*_Qf?cbeiiW;@*TC~@~MeqQxel_d?RDJn!ZjnIv`)D{9 zT$yPfTMxE|6?$fHaUdeODjvK3nF1sppF0s|xpIQ?^pUk=nJf8Jg>0hgQ*@XI}| z%^UW2+)kVJs-68!GAL;*;`*Mg@9j=}53;9&+1BBSvvOyai!qNYbhSx|drf=}b&7qh zxh0o7h)Cs2SIe;Z)$*xkDpSvzZ+g%*s|>`i!R7VG8~0lX!XM@6tO0f`&%AyTLgQoJ zsS{X!5c4Z#2k8*~x)z;UR}wvPc%NJTz3D(~aPU3&Wh<$MLVVmeYg+R9zSIEFp>&d0}f?;0>Ze^$MN1qvA0 zi0{G}8Bs`>xQ9hT8jmDAwTic;LW7Wz@SnnAg^-PIKfheDxjhkJE90@w9j+670}wKN z#yNnXIkjjDeW=6$``BCeJ67X?(n;E4>G?x7DV$)hH>E%kIpz&-5dG9-xoxqSW8xP|&rw@1` zO~Z~c$zAhwGBoW{4z4|(REfaN$3Ied%z#pVo{wLvQXt$GAQ6NX>;7LqEGJA8kfWOw5ZAK;d?orEy1_$S~yzVv+fQ`nQ1<1Nz_kO z;9plHzpL}`7c3^JTU?25&O!);zYwk+V8Amzn&?&wKe}4(=TM?QKMQ-sqCt4bDD7I8 zANI-^7u`3?-jRyIEq=FJ+wSL>G1B!YKS#)qapqu4tYZWYqKvftSIHVU<2(ge#`CSW zgvuTF9Uo{%$2l4N$Ya1f=^m@27#ZmR72L zG*?dPzi?=H;Ng}&c%)jcG6+v?AKthl*_-ZB5PWHUWg86dFe8JQ3;%}SM{VDaU==SO zqCuo#?9q9PG0^fz>UZjmbad#z21$@YD~I7JxvlS&M_dwQ4TH%FFrS_ye^|2z%&02;jq<5HlMJb@x5qv-o-YB76<@uQIf1$zZS#wGO|J ze_wBupNCwIekp(Efv2v?49qe7xqz2&fkv z@))5Bi$(4EMz=`T+X5d@hwCP~6$J?1huRAIZS`hV>|qOs6_~QT^99xA&z^Iw4KuAj z4x`4;aVQ3XIXXY`6GFwAy*szoLkKO$NxqEVTfIn|;%CECzHRpA&6KRi? zp4&F62%Itf{YZ1k!3;<#h*3sp2c2HV=qH-y`zh(TV2LL`(=^P_zPbvfLYW+Zt zE5HG%$6eWDg9Mg>YmJ_g!t1X@O^eUdab&Usda`yYY6&65_4}--h}A>%dCln9hasu; zDff%G-+W?TT?KEX-EMZ`maxPwkK6O`RpV}Ykq1cD+nS->M|^|N41C1jNs3nimGI7m zZ*TA0Ye&--USe;HhCV{8#O|3qw&fndoq5_#28L{Kr^zVQQR{Z|` z+<7pR*e1ivZ+%~0y#u>cq!w}L?ucGYz{df83k(tFxM;VrWrv8d3z0f>hkQM1fw(FD zR56)oEY*LJvq-LGlRdo>uBulcU-*eC!`}nRg->wV@3_E6>(^g*!&$i>Ufm;z&z=>s zgNp~bIC#Hh#q4gC`G(XnR_tT*ngk-|ay~g{lSs|-7vk|nyB}Q3DcCH4Kj}D+SD7wg zwH#v&cwV06-C>&N*SvNR!CRElJlO$sN_J_hOy&TIIYhT{NCp4hJ#WOBv)<%qm^d`z zGGU7RN^whbaGsj2`i;ZjGTTt~xn*2RF8)3YUC|#?NJ1-fJ*!GVSbH7}*GV&vVxBZD zgN`eo$G^jyIH3Fa8UO^``+LmXwYL{HP9Gh)q%x%928{rh)^4w_1Bn*%WIyj!SJSxK z)p~mVYX6(A9#9TzfIzc3(KIqkPr5-gvJPBA2_@wxu?gm}n z4^dIQkUnv~BdedCQ#-yVvm}OnKs9?*ukN`32s;fI*uuTGsvpRsKul9&9VimfrGy@r zg5BpP`uX_m+i8Xkt+Ynj&2$bmgw-oOIET;eumG_~U+(EN$J2YQctJo#*(=Qp;BE1K8k0ax&sZXVM-uKQ!M|9ejp`F#-}> z%k$K?E@Zz*MdIOR1Sne}7n=eqxQ#A_8 z*+5w{SdyNM@}J9I(6yi7CT^F%wdokuyXaja^l&Dk@M4n3x)vGt_f#ChYkqyyj$JPL zAQaZs))@iwt4JW?Ix(vE2>!mKOrcjSw1keuF_R(m(Q%sE$+8(cy8g={L~T0;!XVf(|}c{#p3UF zL2S|mT-8UImA}L9F;5`J#}CpBVer~T)vOho2MTFD;^cfs!DAaIR$6oSPaldeh*hQgX@3J;Zn`Ez1Y*43S~dTJww3V4O7)S-$M_LJq@&g zq!U4joPxpu}JB8$dcgs8>#`EUi0Z4g`^+1%L=IF_p6474`HHCz8LOi=s z))0&WZ!(oQHTUHw-*eN%=SeEaLI9`*e;2y+JNUo|*FAk^y&9Pcm54A6il!ap3R}RN zo!2sCTewvBVU=R@0oa*wFySAU1Y*_&&+}Ocz(T91lWuyI0$>95xta_`o;nSgB-+;< zOb1$-Umk}IOBB@Bin>o)V=p~<+-1?r*kGL~)SjxibTMA*eY1lfim~-TMH(MvYt7sM zbrB*qdb}H2WIKSNh6aYUtm{c*_G=caU?1r_%sYp5ABCU8^#uvJeYXEjldXkzn=S{u zuXdu3X_GpBc>i4kHhdVzrV~zm_u*e9SxM-sZSdwd&UyifsuT!4@uC+`rD2}ip7JE; z=IsQ$?P=6|vWH~7V#LC*=iCnpSH+TIJv_`CAW)nSXGH`3mK(0ZLkwWE{g<9RAE4p~ zocEOblv@N-R(U~`@AXO?huC~j6qWl<>soX4z2D+%4wNzuh}_$rJ2CpN`eGthTP#G# z+UuQ_7V|hqPd>P9_ln`kv+)=;_&l_y-DULxKS|0Y;leJVze*QUK6sCpty>vh`Jg+QpSfGM!g1;N0&tS2D%?_2yCq#?3FR_O3wK~*`Uo-E|)sGetZIvfJWBA zvwsbrf-i^j5j#jb*$5*)2XrzJv?#`O!wjGRTB#?_=sUZaC-3`&9FF?@bndi^p^%ev z(ZV^Lith;PvErbp)^_=%Zy}sx^NKgAMT`LrT92nmrgbhp0;nTAkf^uL3T$7g@3YxSKbbt zId3DoOebTTLw!rQw=-hJ5x6t5_qNAjuuIv4h2%(j5)=#(Ga}EX1AaT`?+$4;o;14A zR|{b(iC0e{iX^dZ;}s^e-DW($)ux@kL>|D7Lfsy!y3UIr=;-0UIAZOQ?&NoDZ#a_r5A`etYqrrD&Sei0Zxa2x{Nwy%MKy`a|*iXP~9VS#_ zJ^7YZJrGlQl<=pD+()|Fc7VUqe1H9=!q&Bo_5?^eF^e1K{f5-h4 z!k!`mi1m&A30Ss*20hEGnG1+^hX56EULudz{!L`e)#am`Y#)jd#z{XQsS!`foX>XA z@y$!{6b+s));1@4OKy)C<8kR8JFf-6X=sDOt@5x~xu+I|64LKZwZ)+K^k_{8PdS^? z9R^P=)$BX(yWYqbmXu6xZvm~4)9{WI_94AQ$U}!^o=8H^`jpkn**Qk*C*r9|$$#a3 z6UlI|Jer@E)fe*s+k$=H%-^HHk=6=kQ#7{kQhVb;d2?rbG5Zw80LT#tLfSYa0)c~R zj|TRq65;6C$A+sZ?Z%bM>CNaTuC(V-u_-=QWbcPqn6@LzBR{(ukBz^Q+%aIb@_1!` z9g-?DNrSaOp+-k5U%uY@`S(%Uw*v3_TCNvwJn|ps+)}Tv4N0F=$Q^5K$9;nQ$~T6) zA1d`VVtJVy_i<_mV}Im+@XqJ_1B9U^X4O7z44gzey*bI>tAF>y*Jg0nY4eU)5IMS( znPVNz@~vsV7X9@y|5!f?L<1ikKnZ7K4%GXWLTARlXcv|{Ds_zb z>yex34@tdxl=~NXJnI0^gy>FYuqSJ$GdMpJ`4ii3gZZ7dLlmHW!vPUWzDeS-M13EQ zUhLCvl+a{#c04?iZ<{4C0AV7_YWuJOp#{*6Kg}*>U&K1bb|^c&o)%7=cEm-K*C~Dp zj1t-}F$`np_oAs)E#I#80<0ukLWqoJ-{xlVEU4jUUuxblggo{>PR6deJuVmIKUAW> z%_erICNV-GUhLN;G2i6{RoQ->*94kJH%`#BESP`od~S9Wk`HZ^(jT39Y$*981$JOj!pi(X~$d$#E1laG2@{Fwq< zR1Zk_yO;(2Tmprc85OELDoi&#FX{9xLsgiBfd+Yunjg=@hi^P9X8Goq&2Sg{26L1r z!@k2eQy)|3owvRvS)S#v)34GW7kPqe9xX&PE4)e}Rtc%|coQ`xZ)q)>PQqz^{MaD{ zwY>1b4=afS>Iz)ei-U%kr23 z7vbIK^ds7$J-K5n81=}$4wQ99n5bQ>+-Fbi$Aw%||IR+m*Y>4(dAJ+fcAIFGUlz)X zmi#bH-~ANgpG=mUeA~Y-2Z9)1H|uUoc5Wrr$%xSXdqTz7yD7ilfm}vph#YEFTG3yd zxn0=nJ~OIHhCI?5yx=&kEzS4K!a0DE!30US=P6>Q?EFZw8LhPxVWIbyB@QpC*K5qS z)BT74ncREa^Fx+t3@>V19Y2$AdEqSlS=<~yEcsuABAEJ_g)BEKxRy4 ztw4u?Z>1_&9ILxbWs`@;;|VMD94O{5x!U#V;~dR>9toFu5^*fY9m|%TxVaCZRyw55&29&9AVEOW^_&Pb=H}Qr1=S!i8 zj-WbPUoyYG<`QiKQE=~84eG!tYe(ueQ(%gd;%JagI0=}Df1#@2xbshu`8YnpMvD?CO4rob>&(avcXItH{ReH3;qA zv>7$)YkK-wM)|q_B!9p2JwKpbh!EkMdFj|*hZT)+{?dh;#J9U+>-T(?f_j!UggdUz|JuM_R4p2>hp>GKL~~m#TJNxQX(n)M5rIk=m9s$PxIm<`<#yw zdnJ3~4Y9iN5T+*wp(|49RdM>7TG{tG5CHA@l1)AB<@F_1Cc(P}$#j00uR|SDXQ3nZ zWV%!#fl?9TOdR`eZhL$?v1ABKyvq?p{~wg3XwmKOm%p8ycsfDQEoHLi8@J45Sb-T6 zwb+&ev^xPE>m?mAtmj3D;LE^_p&d@sM6-SHnP#xQ?hMeZ}5po8QG19Vy(GD52yDry&^uZ>y&S9X;oAubIqtr8{MX8e~*h+GS z6gICtkl)ZFP=5MrBM)a4@uNg(BAWLfNSYpJ-g(_c#qNB`u9#Z5wRy79>Og#ut`ju! z^m3lmy$U0F&Zg+0CCCjM7aW5C9{#m$<7WU5tWY)=tC^&{g2SF;@Q6SOA4eypYYO&) z%)D)2g47J-p$T3}OYu<*>^IPfeNieu*2Mh$MR60%Rm{Ha!p{{~1!}He^m{f@M2$!C z{kJu&R2Se^FQ_bn`;I5{Wn?!iJ;UEOk-oLoFg8s2jOf^^DTH+wccM^36*3E8Z z&|-rM6vqQEaxHD}it_4?>g_0(rtum8AQayKa3~*W!~nmBQ=C4C_00(9MWS=H!OZff z6(^F+uLdta>!|>Vp{D7xc)KVD3@*g0R2)Zr%0Fa6qMq65NbK&uk=k_Cfd>JMxVZG> zmCpBpoVTz3-M&m%ySN_yEs(5jQ>XF~+D@8XN0{Ml8Je3vMcM!P8F<$-NE`JvA4Uo&c=g@JO zNBXROYD3W?d^+(ffrnXT1M{(J2FzEiE^FXkmKT)gy4 z?8%ha5}6kf<&ZXGBImc^lZ` z$T{et%b*GyeJ;F_)-y_c&KU+X`*(9R&B{-;_YyB~JK5kaSJYG&@qP|o>DC4dZ21sX zBZB7lMf1^%NV9^|M@%#6g#il9MNbp-@5B*-DjT!6R!s*_^I}5IC=FAN!K>zH(Q2DC zSK$+>MX7u46_I$+>WlFSRP-mo1kpeOIrW@3$TVgv9?x}!ooT}xlV;}jWe-DRcnay# zwo*U2&_$t;2?0q&S^ubKDQKXD=12E_c3pGU5X=}wLpdwA3t|S`9%cOZALb0(@igt z0IZm_Kul#EZT|Yaf7mxP4dGQr7x!VG*88BGpNd3tNjT!;!)@fwX@hk|uA5DoNnDmG zE3}9!lqC)OJz{oN=X*4?`z@-X(si^s2&w^vZ=z^NH}HI*#*hr$7q1`5_0-#3GQGvL z4|W}hWW3@QaN8Nz&m&Qin8K*m%=&n+7W_qoBl_d1#z6%&j$8L{(ls<+qS!l-Y$l8i(sN^12RZx+CT^O)q*j>Ki~YqTqdpe+6U8 z4GZ(^a?64WsLRwk{ie^8kQkG*AGa|Gk9BfdY79by$O%rZSpmZ?uF4LaR&!F5dVTYM=2mzkKNXY zRh=B@Go*nedVbj#%Jkh)pWS*({RFEcmzhVSq8k5@_aJL$H#*UlcjaOrlWX# zmv@#8?@u&F?gPbq+jqH11WB^NHKXa(h6&(b@Tk3gP3ZJr)}_F)w3pL`?@8uyBX~%! z58@@tt0UYOR^q&Ma&xXN1Ne@8ip5X(;UCpGg1q@~eS5_Mi-?yzd}!xHf_PDLS`x0= zBM~o_KqhBT)XK$mi+jH5CHMxJ(f`suWgZCmm)bG@XZJZ2Dx}6 zI3Cnx&cByL-sd!)ZTJC{5YWr)m-@3lQJaZ>Tjj&=nfYHZb8|KL4e#2!t>*=ctTdu& z{c|6>YdsRDuL?PIdJ?=hp$-lA_ob2yLDhsat9tGR0$O!{kwB_bTm-; zivynq4qQ|JYM8#@#N)v^FhgaWKUKLP1rkTSfqQ?(vl*3kQT=L8>#D!W?$>yl9TxCL zj!?1$A?64QZ;{8Otp3gyI0*z7CY1qB#Y^w4h5{-6f|Jm0#K2TbXDCQU33*yEx8H^M zm`jYcTiSSf86fiY8I-x=y*ylIiGI%#N&6n|*8|OB^T|N2^61YX;s+O3kI2_0!UkY! zywtLV@>a(N!w#Q)!l9oL(_~x?zvJlEz&8xP!*ao3`#!KE`Hia=9&RBkQ1B0o1mXeX ztUVf{eQ$6-H)hE$Iq^P>TOcYW^M;v}@_0v(pUN*#5ByW@DCH{@qE5X3Hud1XgKNt? zgpbJ^zf4B|#^!ut7@e(t0qN#b*`8;pSuw$cUY8iD)b&DqwFm$3V% z!Fvkt;I;?O?zh=={l#=)VWm~NR1}e4z5UYQ!6@ggyzr`~d74W=#V<6KoYeY)Bs#V3 z`^4hg;}_Qfu#okA%?MboZfyNR+2_8|3|e2mN7~uP_XuaSiGc}Jfe=F4;&#Rdvdle0 zhr^us6b+nD{W@Jvnu%!leB9&EpS9Lkc03=FlkYEb+yhQZdq<(P)@(Wdl09I+)1s5l z06xOtUs%mCKt-~5hw=D@1%=sz0xJCV8rl(KqNfrqztQ|XPnRrCs)0CapR#r29%3+9Mr@CtH5jnVX>_&p5GK5U=;%&Na&%ZLk`+66YF4x=3 z<=eg0S(_QymBxmCX$0<)=H2#0D}VF7+9mR_k81YST39rp9s`zWx_caM_kDTvi#biL zH4V#`0+Z793%iW+hP7s*qdR=eVHqiWEG7VwwwhDx`+a?h-z8H%$X(hO+BHFeb0Xy+ z%3Gbj%>8s+gpZ_$Vae0hJ5!-{%y)}zZ4)ixvj`_N&aoOiXjAeX(BeBUy7FPv;`H*G z`%>&9rw?@*ma3L!&aW+3?7onJm{P0?ia^*&w504r{RJjv1_M9{r_WKsJ2%pE zBE%)e_W$*TB6|J`;;*5CCde{u=acxuYG{x@q7ESOO z8A9zKK2OR=%5Q;=M|$c{wtdoI5f^ ziwau^YzeMaDM4G%O+9zt&&C}1%WNfQOHSX5etZizgCtL<^$G`4JZ#Osfx92`%NbPO zr(xooN!3e-D(m=j^uRy6AAXt)Z^4+9>dfe26N=eO%CSezX_U2aqN>qqh|35l>~ucA%8N^R1Q9@}^4b7-|)|n`sqmY zJ#h*pJ{mJgelMYNKgPa;$gdMoL`M@eu>0`rPlaeY{oxN ztV)X--Vcq;ifh|`qbEA);G~Ccnf-Y%5@q!O?dkP?hV(c~iKkgkwRXF+&j?pQLK3pk z`K!eZq&PPV17AJtK_!k^Hee9t(`C%!lieGfp2vd89kel4a1K=zca*4(xcd3t?#x>OFP|u z$shMy*!Sj@fBnvgxKr+ntnnT#e#+W7LG$%N=PN>G!T-IeJGw$n{0Vu(I~rc#t(B}E zCWP1w?We>a+SB+!g1>wY*pZ?SX9AWnx@7;pQ;n{|Jf9Tt@doSVXD>--oT==cj z&i3#7>|Bz(;QMI>It*~rVDeFHps+PJ^Q6Tuj+zLb2)_Toqz@Q~=#w|loq7VJy>#Zw z>%w#5cp60u^BW^@NJ{%xG)c2Fx6f6_^I_G-JHvx->kRbqa<<0^^CK_#T6q=U<^E~# zGoEEAe3_JOvTq@OfGFQzoLk&=g~i(0B7L+O;#b|T2!#n2b+J7`>0Ja*} z3@LrtCyw*^sO7=2iqHHT%`ZKFKfd(Xb}lYDQl!N_jE|#8+Y8{-pF407(F|45`_|%) z*VKudpFw?o_T282s)1B|j5(*eAJgar*#>S*?c>(e4G7w+UZ4eIKQ(d7dGr2}!y{wM zk(|R7#jOK3oo{L(87mueA)OXK)f}QIR2*2HH^;`!bM%8$to4%^Ye7xc*b&96g|5d#+AMze>3ZsqmDWUqX0e^ zRSShH(yN(Z^S+RsW!6-03jv^O?v<;QN>{-v-FMad-Fh_8OGA&%HRLTG=SMor2jUP` z3^Y0lax?Ut+z%=^CGYp|T|&E|XR~DkKsyLz<{Hj@2}{%_!^NF15$2N#sE|X(+)P)I zF00QBxcIUh82deA|Mh3RlfG~Ycj>T^AFC4s-dRIG{sB8}Qimp4SBaJT55n!1s04hI2s!alzbe z_w(~meEkD_bo3rjWtOWjX$EbrRG-Acy;cDQz zCH=d&#!?C~P$zbjb{5T>i(QEX9%abh1eGg!GO*Kwrykynp?v%c?*Bz*s%u{Bt%e zf|AeAAgVhxz5#q7N^Yf%w4L8w{~NV{_mt4*JpUx$$L;ts*Q;*QuvXv(H`#~%Q|?35hPRic^d2O z#tZ9X%RVwY&lCnK(BJg@I;Y+x-P#fCW76?TCxQ@So2|kNU zcZ55A#Py4O2|rcnrTyGb3|~FIYL)P)<3#&(f!DY5l4x!vkOw#e>u|+^vK^0vh$|R@ z$o5gpI30@&*V^tXkEy#Ahnwf6aBlXG&E>7wic3teVt$!Qt^Ga^?)cs(i-I6o{DB|u z6lk;?R~`r7tVuzDU@MI98eWN|X*04<9CuiEZsc5bb z(ck(hH<3^9Pusfl#l*kDdi@bW%Pk(GNFFj)OSL6unz5h5K3@IVX<+_sMeW>On!W>fe)qsBuY~4yTlmR^XUB88@v^MGuP^X#FX9<*pbyyGSal_ zva`Sj;0aAmE|5?7B#fsxTSXNB9Thd3eJ=e*cLA8Q6hJvteX~kb4#%{BOR*#;^p~kp z)#@Q8mtMn*%|d8lFEiuP}Ytpc{%K#%cC!=dP9GDb&XIb0B ztguF)@v`*S3xDrFFiFg**ze)%!|BO*HwtS8C594;BVF z!)gKcUK->3N<$^LpP0Pbj^8QFVKcW|Rl;=aZZwSd9N;ioa>l#6U-0N1-w%~cs%#dhnzy? zt+1BZ?!{~7e_j!U2i+6OL+BE8`JKvn-aq)``$Mv5)&`@dN&WGRf;$$$OB>$$yitlh zbQb=4pL#EZ!IsH1mlEdhDjCJ6zvd9M=(q$#|HfK%PP)NaQF#KSCwH?Yamu!KNGGfL z%*a*QCuvbnC7K(}J#wKVBR>3^R_M`=*kqgT-5*a7otw`#9jVt%OZKPJzB@P) z)wi)%_d=iF5d&j(k1L^Vai~YL&-$*5=d5?K(VE-L4z#+AW|tSIA<-A5AzZ`~B_=|I`?*H&|N zz63L305d?99G|`s;6Z+P1lWw9@j=7-1!wET-+(I7dJLnZawZoB&Bf{mwlA{0-<*L2so|Dg$~H2ONEV^Xd>E}LJ9K-*@x&kn z*!nj$@GhF!I5B+X@CwL$68VR}MYng&;PN*stp?KpRua`Z$<(*q*NyZ0_*q~pEtqIF z#$wdgj7Y}l5GcQFIJ9wNt`vv71Hs(Orcg{c*N};XG}o~2*HMEYY8^ZpOn{l^A$i$K zXebS5jF`dPoak5M4v~l9nhqG4SwPew&^hXxR)P2b1pj2TCF{u()hj9QMK%Y z*uz}4?G7AdyfWBWYWB5@pN+Y|155QE*M?BR|01Aut9%d@ygN#y&P%b^@e+8iU7f|z zul$83k$t!^O|;^^Tl`;OeX6%ab_5aP7CQos(oC&r$kz+naPK$uH%h-8=G89T?Xen1%Ov7 zB=`kF{I<^)kC3Q|WPOM@`yvems%beU9-eX2D3E{J`u?IpshfC}k% z*bmy6K<2y7iFb;I_%V+hjZxl+4j+Pl?G+Pk%-^Sgy~5-iD&EWEsaNo!`y`nyF4kK; zT+`1U!X^)@=!ybMq-uW0eX4RECne_#1d5K@>8CRsDS0#{u-Jax$5!bH)Vl>kO|-ympgtWcc*64X zDBmCPei^8$c!aaeepG%sM#=FZ?VA>$2lAHRXNFxuB*CbIQ}zjZCVK#v_rIV|Zeq6e z*Wc_qM&j|}G~!5O3wB!xyrTYMmY;pSyX?bXtC6R~pS<)wEmf9%ry)qBEwAu9R(K3v zEY$u~NsB{y`#fLY==NG!C*!>?-EZiJeM3QCIqjUDdlhwlNI!E1il=LPSJ^wr5WHbIVp#@M&Ug}LU9idT?SdlWZ z0MEH$R|YeKR>Aqt{cPK_Axny9h0E5+Vkq~&U~5qnL2clE3jC?&x8{<(XCQ6_^BE-Q ztIG~>*iu+GDKnK5Y|1GIPAYQr=#h+a!sY>uLr>YjdzjAiWnde!pB>w5P5J9&v+l7H zP-Nahx1H`h7lkW3Ixe^o?!@MvXd^#$lz#w!>7r zagWR45W&Dm+Q*L{Jf}-+g>tjtDIKqC?9(kra35~|cU2>67>@1kqm%fGu&)ly3uU<_ zf%X`z6nQNdYhPi_hYpP>b4%cblzoZo_}T{ueok-O74sd#lG|W&h}WEQpoo&_8poDI8PNA6_CVBAZ=@1E)eFC;Wu&kr}ReyqjATQq0|r zaS{P)g@xO`Z_Drcev!t2fTQ4g!Cw=XaUb|oMy>Wqz4qJiCI2$prwJVt&9!~SI&T&y zRaPGTjn6JeQbF9y_RWcURscGLIYB8``ipb$x$dzh_IuJ}(EO9G!{7WnefRpRnWL=4 zh0#9T_vgI%FDM{vFZY*ItKGkBB)ryaU$B_kYO+)TDd{0i?;K@sn=wnwgzN#fX*)q5 zWe8IrNbJhMBBH37Ozo6=Qb}`2^^Si&(t1{_ZxB@)4#XDdH4JV|d@K zBOhpwSilfZRX;vb7JN z+7@OMWAQQ8l`S#4$O*Aq)n@;BMa%v_27pRb#%j9qRGY9yG>^ggey4ffFnj63DjX~bA$i* zQ5lcVBV@jN1SDP0x3K=0*aqyuUC)V-j(h^5cURvkdifZ^y5^A`yFz$qOmnTHu2nsc zyPXHc9S_%H%LMn@h-+F`lc!t&D{z`QyP)~-WDMl<`#5JmN|S8}TU{v20bcI2HoxK}b!u-KfQl3E1`K&g^Kiz!k9GQ=p+;?m2 z_u;{Oy6+`Ow&>z<-N)<$EiR#K#uw_qEx+=9YoAFoiU%bscNYPzKbVgrb^W--!S3XD zpig{r4mnpce)G)^j>qE!ZjpRvhIvXj`YBS>2Erk8JUjVQ5U=brG1%pXYf{4Y${|3g zabesV(Ocjr{-JRf*S_hp9l=W~Dv2UbzRV0PX43o68~`8zGvRlCq!DF6MNc-o^0_a= z1Iv)F$HBfPI{DdHq<8u~Ja~NI9Ylz7IRAQ&cHQ38^kt<8X;5P+-FvC8PU(%I^MD$YOK40u3mr zCv98(4-%#tcGFia6WB_Ip)c5s-{05%u)Bgzy67}NzeC8os3R;TCf^R1i2KyHcB&Ic zICJ%IUZm47fEiX3)L{>vI)niu-8mN#O#T zc51=fRf)GRj?snxbHXhA!7h}~y06+H4Ai8@;aqjrr0cUjqpPl{^acsz}L2)>t`7F6V!}@Uc>K>A8H7an@G?*a^fwC*kwE;EX z^1#B>tLHyn#?FXPVKKIqj~ak+F(X9Kdi3)Gpm**{y!u|=>3+TOQh0R#1&`Z$=UV>^ zC6K%w5z*ywpH zc7w8y_mr0xUwS#Ip!4_5!_FIuG}g$cXVLY7E#qU>DJk6pslGsHzN^I~r>-t%{(=sp z$T2@9@4&|cuDR-{@jfap70|=@eEjbnbHrD_5F3%{>HS4J3bv0DDTu{SIa+D#>FlrS znE(}9994Y&(lDNb{p#7WOg)zBk`#ssL%$W^x#T>3e26K?{*+PvK37c1+egNuhx`P% zRAHN@o&(w& zomP4#d*i`|e+vkWcluH+WX!{SuGgOE#lE}nbWcKOZlwybhgJ@3n{jhmM4%%4eEjBT zx?{gw;{CvZ4T%f>BrjvS0#0{Az3>^k0zcr(uJ-FR>*C|cj)^2a+M_a=-y{EXoV*BR zsz?nBz!qap)``TNXM4BT!5Z08-Thy+8dAP}x)K0MbsLvLl3_Rsr}4ye`y4MQNrw<$ zGxwVGQD(Ip4aT_HfAGfmiC5wdY6X2RL7-Kc23Iu;_k5!{xK{^89q$USmej+`*0}3< zsSa64MO~aLA=NI(Pie#H6nDgGE+dr0ZN;bY*(%XHv{9?iOt+GwqGyM>oIpBr(@So5zw3PTYumXF3!Ud5_Quz-M`*D zuCEV*a|&X(PVQ;B39`H7(pckNW$ol{0YQ#aEA3aVM$<050l8}em>vPEePl# z!)c=)MQSJlO7>@Bw7&p9%i|tm`=i0hF86qa6z)W_|Niw$pN9i<#K|C3-vFDL51o9a zp4hL5<(-wjte>I~v#9Q++2-}?trOz)y1QjdxnG(LbeI<^MOQg8&fNhEfd;dY8_-<`)F6G1=cxhTO4Igi$yNA4N`f@< zczwb`BRr_SfJr$w#%|X0NCOg| z(g$tW`Np1eD;L~tTJ+mv+44Rg>GLB!?%xIev|nhQ`9Xf+RtA{=&>SHC?Vds`E<|bs z9e)Ee9xo2oyI4dg!&&9mSd941Ry8sbjbU#Aok?4v0`0hHYGFY}-}HH1H#o$N(^+L(UQ~iBnti^E;QgFn`T2ZA7|WXY7%O#d;i~Q40a8A^yyfYUdgR_5 z?dXA69>+Ur1!IZgiH#qV_uF`&tjJ=$oMHJqjX%Na*5+b~);I2G>3v`BTe+7*l$m-uQJ_SOU zZEES?;$`317-y{bvvvZ34a*ym9;n5~ib9c~sNK*%bmmlEn$LU9F}>_52^SvIat6Fh zEqI2&t^&Xak4y9#E|vJ(6W=vikbYJ{j-02#F*k+nuW5j|ZfT!8%k31o96h2rquUZt z=^p&y`r1QvvP_{?2+#nz*1>`QqzCxRnZGK8DXqHK=X#CbbDolGB{1{|MzjfK+Of-* zEt)Qz&#yGW=&#+bP8<4A%C&Z+n|(HP{tVo>uxB{uY2k*H7%KwhSY?VxRo`a8K1s^r z!{@9*EzG)*?lJZd=;@UrF9aDYd&zM zN7q(>-`mTq``~f;7N0{CuVSH+VC&e0pZ%tX8xe#x97N<10cS0%$q)VsCh1&K?6)X1 zT4xby38^^$)&|+(-h*kNc<8ZZ!K8x|<@`C)}At$vqoPh-$!edkGPX~+Zn zNA8R{F7T+g`lAA$K3<`Hm+9=c{@guGtz{K1_wgzG%k%Lr@jSR+UHK^bUi;PZSmVE+ z=RV-peECKwfFjHKbTtd51m;S?itPs|*L+ig89M`>e|`0``BGv~?vsv#|EK-Ct19hM zGw=@tgsg-74@LH${z;9#N4wCR3V z9`l*i6te5DFDaWFFRtCjL~rc#ZjK*zkNLy1=QMJk3%{|yTuCRGq2Q5~HT_bhA7Aq1 zNc_#1{<6>ey*tx9MZ6xSSH5*U+PM9K5}9e@z+SAu0lQ~sr7hrG z##5)(+piFIzDy=E!;v?F^KC6iarNV3ODI;7B1JX82Qe%9VP)(hh^MA#SQ#6Wqe206 zhO-9b>zxz3g;G=3Htp%L2be~h)zp3|(|4b^Pk)AS$fAtf2CZ7^CN?&+;cD+I!tpV% z;WeWyRDTn{4y?}n^v2aiz%vrm;?C#&h{PW&=PPDKYao`)X$J1QDK6$an^I@vjpzGnXLUugJ#5ng>4!g$v6Zh^ouZJ882gA&%}B0q%-_)XVsd(;jd-dwW4KrXEg@+)qwfr1-za zIETju(l3f++TWfSs0y#xqrZQcV;{`fMUP@{+N5XOP`Ity^c#5GLI|$B=Uk?hT80b! z{ko||htv55kMoHq57j4;*g`j&;JpXa6CAlO7w+q<_9J^DIrHDxnmnvrb~y42zm>1(Z6egA#S`eS1vTe$VN6j z(qKT%?)VbQ>P*Hzcnb`bhrI}MzfG4bTUt*7W(QPC@vD&7L4ei)2gM2RV}N@aiDCA~ zP}6U{zsF_tr6Ia#EiI~5L`t^gn>O=z; zr`=HiQTQi$2*eI4)qY*!p?pAcT{DHXwPlxwqn#p4F$>T^NVz8jcqs47#V>V&&V$J_ zUv7O}!r2-Rra942KMscsQQEF2u{Dxg@U_JJQ$;O$wk^hh+Ppiv!NmnH!!vKTobdXj z8+-}m1F;_aByBugO1PAZsX8i>Gc?kb{XFlW*u`mm`!0M^N1Xjok|K4!TXaKu5}dk{ zyjK(0XLuC?|LsApfZS2Cv|DixaNAy2;({$>vEx%%e!3|zg9hG7Og zBwsGJ?N~=w^*0SK?hG}_{+VEi^hs?;^HlzjA7VeDEO)ljb2mA{%jX$k4r6!Yvo03D zMLFCa@Eu^YzGnyL%M*-K3H9!uj~}@yfN3TEQxW{Wr{0WDlYUY$GO00h#rK~{@fFrK z{DZhIvh;8gq9T^J$N1;;XY-{#jxf3{=gbU=^ckuF%%o^nvc3d;@%!JH!)cPFZO7)E zx0w^O-7ae3?nA6F`4RR+u)9Qx#hERH^Kl{iU+-%!Bb%j?(ct~y7sm1$Y<(f^?F0C^ z>@ZSwiduh{0XjLK4r*o;Yz9w2I!}N5=~kyO9DWEce7mq34U%`KD;E~D)ZqtZWdv*X zeD)U_t#b0l^3r#?$q!wl&0E9a*lPg8o94P-hS7TTYvqy3%)P(>@pRko-vG}lAa_Kw zW?dDoO54Cwp4sJQodeick?nZr6yH41cDiTkl3+nz-hKSv>nDtDeW$czoDZsU8n0Kgf9{i=(iZ?L*zWmus?A+j8E58|lPh%Xdooy3IIj9K%$mQ@_dP#U zF)xKXV7P^;=~y-i=A|S(EaS{QH<3m<>Gu`ECs`&>F~ej&%AK42N8EllOcO6|_3^o0 zt$(n(yavm@-#T?9>XwhQ>Yv@3?CU7)dA{-soBRcB@miC_j_7P=_Y!!a$$tX^pQf|- z3pb{dq=VSxH<{fbVvMij(a#rFMb$f-39(@^36qsNu-z8?clwLBRG>fh`4{}!J7>JUN4D#lYL7 zoO8Cp>=3TYB_bv^d7++vJ5h&(inpVV+UETto(?%63uZi=YeIdNMj?u*HRIvI8^oG> zetaLebLjvvExQ}{wT+2ENq9eexwu(d{JQh;+9wwc{cqvX41Q!z*6jq-jlG*#VYQlR z%_M{OFzrjq4Ug27FEwxVd)({juOnuk4bQj%t_=z2T1D%GymC44>XlLTtPyha4&Df| zxSw_%E+2cvq)OJ`BWD^{__<+LYQWBhd|3n>_=;2}~@ zYim-?eHg<9+ZA=dHbKfrjQv=sx@gWp_?s9hmsH}472KDsB2-_|Cp&A^00c@RG)NPW)2)0sNvP&yROUSyg3Pk}70)AgYK-hD^|e<%ZVgd-VqMYX4A@7Sy75dA9e2L-Sx>#><1G5* zkLtPe%Dv;l1QS6yn3IS>H`cxj;6++6wPa!D!H!G2*b`8KzaKF9I$2&P{!o~B62cQ; zK>E;x+q!?CBv}pJ7L>66J)zeeTt>{l2-+ug-4ld|zm3*D>tyU79FrcF)+79dkUR{j zOwrC#QS&8PN#~vO)~nE$sTc(uwTh{aFaT?`zpLzdd-E`NkJ=kunl|$jxnJUTu%{rS z;<>R*H(oGy3V6cx7Q)G7l=#psma{w2`x8tR9iTGLOjrmrjF$`fzU{exF*%WA&dt3I zuj2twS;jnV*Y>?;Faf?EZuE181J9w9iNR?}!zdSqElJ&P^EYGc4N#TnTzPL{OnWfe z!)(y51LEP9D^t{&30m@HNc^a64k2~FvXt*H`wj}f8J>A1B)V@=0(OO)ifJxy>M$qe z*Wp-0vW8Bv*CS z{<5hsxZejA_z!jCjWU#v*LG@_Wt@$PZ0AtKDwj#;yiU&;OK_`juw)J6au~wS&fwsA zE3AukFGuCWhXrxi9H!Hr{i2!Bo}R<$_{k=a33>6-HiQT{MNz-fufR^#U1#7_n>A>e z14fj%Wx!?Jmh3qe8k?F%`mH`C0<}@&E^rlo@MGuOkRQtJdb_k{8q+@r^xEWMF1Jm& zum|=YXXX|-#|oCn&K^P_KUJh+->%K%;I__hdgbUd=a=Bt8b*zrK$7$e`8A`AOY1-V zGKkYOmBbMYuW+v^UR)RS^g%Dg09{^Bo(xITq2BZ0zxhL4f8~}83vYDx z`^Q7d0F_B~V~*&(W;4z=1}xJ7zbwG%4m`{mP?~jDynUNf$0Uy>5r!32>$~;yQ_oNn z?^k@-cvIk8Gtg|4>=is2LueqrbZ)0J-DOJf^*ffAmZtT)TGIoh0n=NPPjgcD^L09v zPfhK(J#K#Z(;iL*-uO(9L$!7J>(jP8?#XWF{!WyyEP~@?X!EeJWrS)A8bSha!7(zp zY!Df_q&`=_WhN(z8r8;7?ScFx8|Z|Tc3-(InvHY!eT#@yPAE%*hUd7}*sD#SIdGs8 z?v9G92RVx!!G2|JlRx+DeL9z@d4E3C%(LMcHn8XCyn z<~O1;0v^uy*4yQ$NFqSF(f;lBe%+jFpUdwCAsIWCW%;(P_iy{4h~vKGb@P@p80zS5 z+>c~e=bDx;?^dpK2 z9GI9}nGV{(bzjw$*E6|lRgp`X7z1!*3F<4F%w&I~qIWw4!|&Z<1Wrh5rt}>K8{CwC*eHqVF5tTM#jxNUtN-~rg*90#(F&psMNmtVPHgC0*Z zw&wkFw4CMMu}|IYuGp0V>*4%vcnNBZz1ug}OfBgCS`cY_>>SY69v4=Yu5dQP5im){ zdDe1e_UEE9QbRC+x2^O#zl%6{vsV4;j#hd)jnIuBA6r5!l!6ZVehy{l1+G-cf%+h8 zA3zNdI7Z09ytCM(dz3{;lB)92xf0*q7Sn8<6z*dtQl#whGSihFCR|YJ$T)!8yh_b)D zk$y#o{kx6Rhhz1M_Ti`nF!D*Zx$P5_B73{Z<70EO`wHDjv1BzAxdg z$vQ-Pm4^RKL6*Xm{usj0V#*EtN3HjG!tRn-2`;9wP1KY+U8>g$+zM*7fTOhx_PSUyoxZt87rBGtyQzaht9COAEOD z%cRCCvBw`$9Y_|e$Uof53m+-iD^U@~hb|btR;p{B-J^Iug?hE;79Ys_G>@o0_~h}U zC8j#~VNpG08VY~6@OR*q{j`f|5mXYwtS722j)^fj=S}(U-%bm>sK}k)HHz@?r#^j> z$OGrswm)u~P^S{ckHlG5jn{tNzEb$jTz-h;YV-+~_AQEq(g6J5yf$o*@Ea9I0q0+R zmx38%s%F}*7DE^>DacR>3P6SdtwcT?E-zi8w&#}_d^Rzq8Wvq2P7hjajrOQ40$$T@ zINWK5KD7*fw{vuuOW)nEJrZl8io!3+m1@sKbvjPa)xIo62VJC{p~-VH4wy+O zJqFqKqGt#=`js{wd-OhX^4EyhqkajcYb;G>{Pgw z<9p^N;GNZ$sJm>prIjlufM!gT6u5~&#IL@&&6=A_RV#2 zK4A`lVFUhnihSXE*Ux-n${jp7#=G3X**fiP*fjh;?8Yihay_Q7T#-p#JKo+hxOwsw z(I0MDg%0}t*zDiaVv32wxpg#H`cg*DoQ2g8$7xPQw)u|1-x!`SZ785>ZBS$JnEQY<>HlO@_k$l80^~%1t@@j!>dP!DOxAOC<03VJKbDT7uzdD9|y77YIsKGb2*_fc#1auLyyH6e2Zt3JPkVAN7oeBly0j%2&Vw? z7UXCa-Nu&f_Q)Vx`Cr9(+Luph?dy=AAydsmC^U55sWJ3Ma0WF}?2SvXGsJtKQl>y( z<_rWQHWHHm;*AS!ZzG9Pz?(ZzFMo5|zZoJ})S}Uq>Qd%On8$|Q@HGQPH&{4pMQP{7 zO-~L4uLy+t?Ghi@qE(%1Fm18~8%m@`$34z$XhJp%dpVtB{R=2u)m4N{va>8~5URHH zGu5fk_-^FXn9%@5KG3^Ef`KZ z%6gswv0|jh{W|~Xhd#bUyv&DZgS?x6P}UDiaI|)EIKtP8Fv>1)K=Em>f*l@OKQ-;S z3=o;CqX&`YO;2N3-K%n%*NI_0HLqRh#rr1;P=U*p~Ffi=&04bT1i{ob-IFQPDIBusN2iEvUrFJ=P- zy<2Yg&^YqePu>^%^W!!Ozy!FjJpjLwgxz<`-}A^6Dut0QE*ISbHCpuz3?~{I?z6q_ zn?t60aj2xDS=50@zn6!;Pygs(JgD~{C$v$JwhKlYS!;0#lckX>y3@~|C4SkHmVZR` zG$_P=^3yl$gQg>4{w5-2|3<}d_}JVX3Zzk=ePQ!2S%Y}5#kxbwacUySOB#8H>kOe? z3_6^E5+XZ<=+1yIP#~~Ou;(M@qFdsAK~ek(nPrQteyb>de>BT1>mxnxxfOSjH4W-@ zK)0h*^M!G%Nqnnf!tkSiD^B%i1k1L2b~o4&wdWq@7Y_?WU2%jbBFd{F7O?%aD2m-J zX^FENcd0;F7h@)&yyW~M)ClDGjs>5vUYg;&+TW@ ziOqXwuPPJ{{4(~{cex_%kx*UZ>30ew=9%tq5A~_*TNLaicwl%A;y8Qk=Yq_UNM z;FZ^pC)x?P_+0xcDI$g)%q!F{fW68GE_G2T5u-N+Url{JH4br#_Ae!L&vAN;;!@L4 zZK1E9`vyoZ>v2VXw?Bu>=@agn?q}~#8arcL-QJvVjNcU~6D4Wbrj`FxIOlk%R~N6o z0a*h>QjbFTOmXFvEFPIT&;682TL>>4@%O#ugidJRm2u?e)p5Dn@N=Mt!w%D;SSyaXgL5^NcNK_NGwm>xzL5@bWj$wL?u_B#cmh2vhs zih-)~K|L}2mG0a1`rz`&KO__T&+iMZ(O0n^U7-e(7S=C};2EBlS*=E}ZTsob56!R= zHmO*K`=hHf_~Cf80(ARV?WU&-3k#KLcxXSO6P)U9s62+$;KU_2v-``WFo!eipW9I! z@)U(TL@EjLL)-&iCQ*#e83r3T!zIX7N9-=L;Y(q2 zf-~g~YimYxK%I`8-qGEo7y)CLa7PF;Wx`U>%AFZjpRYA_=9JV|Op*PKGXb}x!ATD; z!TDh*&zzs6jD{KA8)Z!p`)JH-9GyN0+|gTyn|oU@j&pI*SGc3QVtvfd3m&P%4|on~ zc@U9q(8!WsT1rEQ#%Q{yHVno4sRZXnl=ncv=fyxh52D=iAzo{Je0;usCi<82d*`zcx_QAdb>;NMSR`jR{l1PstWJ6UCnUHyMh&?N zL+YLB!;#gnY@r3EEyXunYLO)w z%;1c=$$NgwQx2Rf3inie_BisDd@|19V}0&kdo+`unu6)9oAOZ_|71q3Z2!o~C%Y5z zk-jr2WA>>cpi^2gfGKoNS^-ars~a~}ur47+{sfI$6; zIVBA!wYt!Yszo8dx_<`L2<+y8^Dwo(fo!*60ig8xN@Fg~2Ix2T=&l#2a^rQ{D^xS# z5u=dXF={T3(WA3*x8e&C+XNu=ZAo$T82RgelQhz??6=y8S24&T9sVE_5PQq zrdHj0wY$f$v(`ad)3@j4?fb=x1Q#a%2G@-UvP)lGyE7bIU|L)V<)a&DJYY=f>IU(n zbnfUePCO+wkZh?;iHq)dJ!lw(b42&;gvWRKr5Dg1oWGLe9soK0GM|GI$%!;px&Jp)(N)&`zAM1G5b^jpmX-UE&y(XMk+U}dBqKcb zPjuC=*-`I%=7rm0NPG`vkv1AWCAD@d>v2Uhk^Ft*o3=_H?bsCNQI!k6eSW6=cLH#p zWMD`0`C|RKmLDdEpwbJb8=d7o=K1W#pJfzOW)Nu$5>|i#%Z4)uVKF_ z^0H#hgc|%4IORsC=Og`vOJuy}Tm%S>-1|U=E+6hV|8Af5D8b#v^8g;V&8we=*SGNU zy+^2Kqbq%$An_gKqxECG+wP1FC1$7z2@IiH*B0E5Ov7wedi5XguKp;>gZ)D54F3BQ zyT6sJkBnr_IQ>+mc5`f`L33PhWBj2H(J}l@5jQP2SaGs7ohA2|8{OM4sjJ)kVr*ki z`>J@#XYKpC9&5(+9B(6oliQn_ClJO@e)M8Ko2zt_k9tzhFCqoM zv3o!@$&WX!Vv9Ul-`sti?nz}@)9D%#(aY%kCoJEH;|TrG_Arsdb2dO?7q6x6z61f@ zm)4L7M*Q=hBtXPHV**p3wW0_g&eQ4C673vb=*VIAA3-5g7@V%>*mVr(|@GrL1@{$;W{bbEV88c+K{Zk%|pNHT^*CYl}V*m?!+u; z2r&A4+7EEc7Y`q&MiTf*A}{q7QWjVzlHG!p|0@B$-K^fCn#3@!Y)F!(e0+#S=-ImJsHV~Wvihw0C}Wvy9ip^!C|=j~QSK>#Wc7={1ZKaTq^I!szN&I^ z+iX4}-eDJJS<=rx*Y`)>3&r^p%k^y1WEnIYLtHGbg`FCXp4@Mz#}v|l&aeSJAd$t5 z@)yh0xJS;0+^7_brJ{0IH2;t1+h~(`GaM|IM282`%FRFF0aKYOQ4xGeGRztO=`Z%y-5P`_!E|=_NDgr z9YY`+AoDSxwgy2+J@4`Rie*NM@9Hs5WaC{dC zk}^dZFA@H!&aL~BCY8S)kpY6|K1_jK${^36O5gJEb}r;HG+p@~q(m~k(9WBFjVoT?GPQz>bsCqGeJ9b9mS*i`q*7vUaS3UMQ>u4oWqjtLJNK0 zLt{x2eE0&X5%)ISwSBeC4O;(qC-N0dMohxtb>5)x@;L|N53XXsQ44dopV0TI^BCLc zJ#qCG@%ivwst(hVna68HI!hQY^^cb#vNEyx(Pj^XJRw!=!GI-9d;Z9HalAj4GUc?7 zeL;}0e`6lk+rm%x^z!lF*5bf*)D^cQ=@XDqWMN`W^unm)Js3`Lx?HV{sJ4Fb^pB%0#y`$>`r#;d?0Ns-!IoWTE*|pGTG;oD#b8dI4&_GN&rQl z<>z<$C*zeoDrm{)Q!cI+}hIlqr4!K)Mhkd$i=QEqzNelZ85>?b_l zEwP`*rwYcP2q_+j%Aln+*SFr|>QtrAaoS-|5_4jHfjA5ox#&0&>~o@&>wB)0@>j%Q zf6^U$Blfg)O@st~VN!8)V})(}v;O%MTDcB)_XyQN2NBKj3Y>&=`s1xH7@#}oate6X zEq|c_J=J@&0)~)b{5g^*_HWJ^(jL8@0tk3+NLr-RBAuh>80S}0@lJBM-Qu%*_x<>^ zF}!z^H}ZL{f`vTXdD*~g|Lr)08+M7rm3wqRZ2J2WtA1dYX96;f`h#ly_E^N6+#}C# zwM~E0>FRIa=kkXGffE2$9kp+S2EF3lpjOSG1r+?yx>Pup>P@TN&Gmr2nABBwTp=KO z?IB+Y$>)#w^4=KKW{QpDrBsN^zJ`*8Pm_`mwM0IILDRs}Qa$`AAV_l+vm}Csc~D0s zf7?Ycc%JCN1s)z^qd?@gHkv-g{?k0l^7}Os3VD5exuJBonc?|!v)nO6S?ab=!>cZ% zC48|GRb7nPz&2QJ()C#3u! zxq{HcNEXAS(~SBviakj|ig7g`o%SgT;fc{C`*!&i#PD3aCU$jW&Uuhb8e$Y|MsxM- zi@E+`pyliqRKZ=MX(1#}0Iwg}O;fNRbOHBvOTyjGO;oi?M6(J!kS3ZQ-U~{lLwkOU zi6;p{He@eHR&UgE>`On-rIRW>2Zv#Q_hK}<`oYYUaWodsA-hC253fC-S<+E_+~=Qe zznyjg8tSxfCtNDkKc@FM1Eh}JQkV~GYe=3GJX*|F|BTv6Rv0Af%3EXmWjK)k!pt8L zarkR4@7*G>b0CAYy3>plD?{)ISB@@*Y}!Na#hES#7zfr|6zA5xPCkP}dB<6i4>1+M zmWyZr+9_iZLrh09%_<8BorirG7JTXB0R|nC)tp1sKytJ=>SKV#_Ys-Dx`Z_M)$k07 zVJ`*=oc_+i$L6#wB_&7T)sFOA@cp5>rY36!+b2m6#4CT-Q5dgy5kpn$S_r=)g4lOv zVDKhiY(L{M08!MpW!DbK6qCVM>0Zsp%X$;5G?6E0`NR?MGCOkn?nZ zTEY}XROYZ<@PXp`{?I9Y={{gU@N4k#@%tPja_HcHE2l}4!^u9r?Qh};Am;UBjQGEF zx^e8hGq%-JkZOnKP{Y*A4qt38ryxJD8grr_Quw_;e^>YS94_5`_FY^hQVC>wz>eT| zTqNPWzr^xh<2bGiGXeZdfzI@ym7idKA^4-}75$fygnrLJ7@^+q%2JNf#+o#~S9BPb zTQ<30+l3N=US4*#pGs#{yPo8-v-4W#Rw~1&HTsIZ7F>9PXuaNcmR)de27Yg-O)A7*s(eiqy{6Alf{&A(DaM8f}gkDzjne0g-@d$%;}~9@#<#&l*)aO^2uDKXST{?T(JVhoAkaQCy_s3n=KKksm`#auQ)DoD>Se<-sHnlC$yWscfXhM(xDrB< z`BJtLeoAk|`I=Js1@$8`(X6Q{j@DXsj<_#{;&(I)vCqrCeo%D7G3AXs$2g-H=)cDe zl62}fW*3-R`t4-Sd4`>FB%VKd%RsQ*Rh~-ohVf8Qa2PRN=rE%y^M^ZO9%Hh9lby6p zDdD>MO<q9!dTQE3bzPzdsDLOS?uBe zib4%6vbl49J6O@`OlEo9LT(O%cQ3BjOt@ASNMnb2KHPsD=i@q2&D2G33C8-&#P9}X zQO&6I^Ywf!I?x@f@vDq@O|zHj=6G2$Q3S?xSrXoQdR1h8#8}2~0}uM_wPVGTedZf& z-}10Sn&z0=W`aY%fpihFo9B|RP(xRyokVbt=jNd=rw(WQz8fLCZf_=>HSfA!_8|u8 ze40gp58+0n-XHNQy3AuaGnf3#HjT zehLM_QKc}nT2Mm$awqo%LoQULnCiHPH%bA6o5$4sNjMunz+oEmgz3C;rAFEe9u;rP zGz$at!P{Q>=7aatJFR82$HO#)Kj|#ddVAu#RbM|^T}OWD`m`>`kfkQ}e5;-z{1Nun z5ys#WCfaCB0~|3kC0AHaS0^bSn`OdxcqQMjnrG9A5NnJ z^M`GR_2rWus6%WZuL1z*uYoo1tB4W#$NUi4*Ie*}gc`i5!VK$R%|koyRrx!Ieln1& z+(Lyv)H&lx?+Icb22!_2Nx;YP{kan5W_xoypb7`mU!{od?<_OTsuxpq7bUJ=3r7z76?67SY;F82p>PcT#%4$PX)Zw?cK zEfbFzCORK*!|n5n^5v>n1{R`)_zfsXs|XHTh!}BB)iZ$7IHGW2P5^nppdg)-tHbm!l+3)G`+f}DUlMhIPHT*k?u%e)AKz~Kjv~4WlTUwWQ2oK_xb0~a9hT2Y z2O$anf71=V6YmN>N9g77&$BGlJFMS%vk6S|))>~QJ|%{CU&3R+YwKbUf2YH*v66fn zU&ebB^yk;BWiU76GsJR>e2_#id^=Of-~?Czy?IfWy_(^c16jPX`;ct$@AP=}$#d(> zhkTDZ+*{0ZFo1WjYXb#QW(70scp_bsuz^ZwOR$cv=i#tlM=9y;3<&%3i zRyncgsd`_V`Ux>G5;*t&273vHvJxM0*>DjoqRxmp=b9S+Z?XgTw$(MG%JE`Z8MCy{ zOA*tP^veBegx5lg$sy%ue582d23@P~N}!x|%p@mZwzR@&k7laMT&*f`re$jV027f> z3N03kR_x=@AB4;1+k3Ue0;?-sACZkBFI&3A`Vjr}82me&Ed0uCa&K+GE^NW#i?ls*v5k$*8HR2QkNkm@qt}D(kfE%7|XDqYq z->aY`&gW+?PNKGARpg+vzLmy#^X9@E8shz__MGOphGm#nog}1q6>uI|YSZs(o`Lfc zeBs0W^!p+G1~l7S?!k?K39Bkz8IsuWvSlv!uF(lbefqm`_oiA z$F`orE1V*nZkU`b)T0NbAdH=M#(+BR+pNSCoIyPC_}SMX>#Fqr9x9&*fSwDjf(MN| zw%EY0C@9xHlt`J^lC^%(sccF04&Vc#R|vH(ytmUXwsCRa!uuKviP{P=|6qYg#cYrM z)+mG4gSaz>uxbw4!VTQ9rk}JX{SMGx22%O)3H6Ikb>IjOZ6DH7?OX0B9t3KKd@7@* zdtZLy*;Up{b#{~Mclj1x(&wb`dk7h3b^xG|A~`Wy0&l}|MdTaO7M@@@mq6>aBG5=# zp*7Bhow-D+Dbw+XsDM>;)WsIWSHjm#C;;HLH`=DH(ZePD6M-;-$DJo1EZ$oTpD5NI z94@1r88@T7BXB?JoVT(1ny{Q%_B-6J{X;X2_c0u{g0?KgrCW`o@7kb0@`a|&#mT30)))z zV{qtT87P|>7ehw9T@fL_$e-tGdpjuW1mtybMSQ`|W9Hl_u{L}ODz#*kCiL&GP6F@D zd)GH=G5g-inLr0L4SW0G=-o}Ele_LM0P1KSD30V z;Wa9T$zB~1-D1JLywGH^=^5h#WyMChL7Z*6ZuM;!zqe}13x>U;@8NPI>x-f|utj;Fy2xo~=!7wx>R4?oR5tD#Ih zeSxR+{%AZ0zIip~-|7`AgXpdH-d&jJ`U*zG`=T!@hM$gh6HvX;9+~j&J$OpzUbkH3 zW<3)y?bXMx<23zIWZTvrJ;8h{?ufJ;RjQAFXkI$xxNhG*`KNBYCdM&%khMO4!=xd+ zxAF9678`$9S?49VZ8FzB9QJF8aN>z*ow@V_gF{f$37#E+yzE9>b-6DO! z81~YNEW_$9jT))y7@I&cARn28eRp$+ONh)>UlDIh{e%#h!=W|D|cE^TJ`oogg=1BaF4fL4D_!ovl>9bg8$vshy8` zs|=fOE9EllI)$q!2~jh_r@KE;s!$E?-E+AhG>ad6Uvj%5#+<4Rz#Ag4 zb)uM*YtkF)ZZ-(HW8f=+x@dJ$?#n`HTxmK2sCSRY2Z+MX7Lh{G?%DivJP`X%bR1;! zTOFNu*ua=t-n5C59bW4c_eQ02)T>o}M>!VE-Rl;8Oh5maC2x(!w4Q!3|NO4+yPoYU z8zV=LUJh}{uF@U&a?4E-4(b^TK@0bEK~WetVE@)l%n}Lh7jQH8^(g~^(NlpduE!_R z(`LM_*m498F=}fCnLwtEg zJvB17eSKDB_l{%ae|a_LN9qm)8-Vlny`B0yIb|C9HI% zyU$roI$WJEyl#dYTNLHY`Ooq4@XBrSsOK-b1+0{x^q}!g1(bdU%VnPzu%H9QSdn9l z*(y={l9b)X{JZg%wtc9A&9xyG3if`{By~}40>HcJ_l!+k@F8!n>2>K=ExBc+C#d`P z_E!SHzi9RPchcYYHd^^^y7%|f6XXc6UJEyz2jt{kR-1diZVx?1T}}j`BrCC3TIUxXutI%<2U)b-ziM8&m3CKaL{nFJ zk%w`M6WfP>XNIdTXgYaE6sXm3wT?}$+|U`k_t8i|w}YGE0TVO~A4|G+Ef2MODAqeh zv^O#8&1<55xa4kxR(S~ouQPcGh^>#qLsBp$XG=hpQ3zmCT0=t~R{HDX&D-m|Egq~= z4!7`Xu$@+3hV;o%c2NXYz}zuQ?wuZ_aTnBBI4UfLYWqD>n9cUya!jf;|LoAAY1vmUA6s90pfjWm%G?nLHJK5F_XlR(v0GG?NfhDOg-S$>uy!KP~8dD}EyW7cYx0BUf z!&DrS>*;zS`RFXpwkDi0OB_tWDIQP!*x%_<^Sm>-v41-uK3bU%#54NwZqpRM6HS3( zPh?MSSMK)VEpFIL@u(vH(r1Me5Y!BQjqKyV8rk)C5{262`m!7DN&PPAW3q!n6JNsOvB-~KM33sdo}hVj~s3b3;JK| zyM6*|wTuB}>*HmLE$j3cG6p0VnSeZF)ARsN>_honNG|Mm`d zk(a4cRueWIepL9CYt@JW(r15th8V4O(r|;g`&?$IB9is}l5)?O-e#`VA5$q+FPy*+ zG0=1;pQ`gD_nqcY51i-X@IHDm^E`*3X@l-} zIjm#hCf@YJxSrnBy;1Y$*n`X1PKw#jH2^JT(n;Q;<%`v!^EP=tMrO(74~MQq4{fhy zFB#vBlXU8Jq=e$zI~>>7GMEKSyP$8zDA?2=R-Mu>kR)TTUy6|a8?oZwo5 z5yJlrGoAZ)XK)dDKp$O8_YEa(c`WF6U@GtZxZ5%F_&UT4V5|tC@fb68EWJ03#B;Xvw;Ku0TPa4E!evfO_+d~(VB)nY=iz@4#eqt z8p45tS}kWd)hJRr&t-<1?CHvd_!8Fed1cD;!?ZHKylVFN8i!=Ml6%hHZh(bNKm6~u zCum2xf`~W@QaRQwHHEeA$JM~*ju)qc`4DL0$5}P96HF;Ncu2~}gRA{uPJD>0;?4RlfGy;NrFx-6;wjum{Nq=B2aAC$ZCR}N#;l1eFfArVsl zMtqUP^2Cu0oqeGS1D(mqxA&vpij;gXA73*OPk9c)2H<+un)q-m_$@c_R58<0h0iy0 z;%n0zQTbrucmoHr^YmD}u?A{FL=;P_(qNJxRD}WaZjAr!Lmg`RFkYBs*PoHZ>{+?6-{rj_4|mecDr3@uf^_Ay6H$ZQ{9 z5>VFmgJXJ;{#C+v6jGO(w>iJ7CNPXq2nURWG_DOX;h}Q2X_cfMOqXxYd))2kW;a zx9VV%*jlUN?}P&flain95A2VR$WRosVU!%xylijN5w-aA`y!9YcGxdImN_jX+HzU1 z*@wq4y6^Y;eUP%u_KycjFoR(}4NLaU1NYTS$W)b0Y=r&edp`3j{C?)NCiBC!`0gp* z(-os%j5&SmpQQnCTFq=r)GOHz;;VtIv-|4<0)Ia>2&)fmPigL+)JT^tzV57Hsr~iQ zDbXU%K-WY&-cg2Qd}WELnVf&z%xP|lP$xB*<^s)(G%(I1_2U#hD&>C5dY+CA7QERn zS*pz#6(NKRT*B(A2e5v7r0@nA+Ja+IOzqEh2sM*`!P|R?p9;Z$AB3}zt+AoYzA zX~`L8CGGq8{uQo9I4+szyZ@4kJtb@4%z%Vn$M*gM--Nq$UC^E$O6TJJeL68q6Vq)Lgf24 zX0Q8tU*UxAZ?ZrLF8+$yRi z67BK2)BU7&|I5&+gP}&$;RBcHXInPFDPSz>Y$`ADa|uWO^K;ra=AyY^Iw#eICMtfr z^C?Rg4Hp9rrpkBm&|VgjPjY@>HWXnV`xzuQAxc5632YT3?ag7lzl7|DLS<^k6mPA2 z!os8S#%wOQ_i6C#m}pfO=9?ZR*)~Wr7V07mg}tdUzMki0V&MRGlo-r1(EdY9KT-rW z)T(OHmp?qA>w!aWx-&|zy>-Fp15$V>vr{^ z;WEf8;=jUdl*^9u`u?LP*&IP! zefm{!NBBcv$8o@t-z!m3VQ0<$tl$1)>AJQQRifxGk;5ZVMaiJT8xllRG6;PA-SphG zdb&qNL@26G*x~Tt%aMSoOKRDw)ipmmbYjV{gT6(efLk0w5pS<@S9;d$y)D-gOBaSX z!qz1_P*c48T4DG7;83+IP^q=`bA5gCwF7J_^#O$Bh0G&u@5qw48PuiNOkwe z2ho#DD{-HbXhsbv#_b0Bg8;1~NP!@qc@Z~LDjR3SFogfA(DQZdy_9a+Ml zTkGY=p`dSioHO?n!Gkg@A8+8z5g|mXfieERujFQ_b`(lj<>az> zmEI)>M9^BZ4zsm3NQU9#<0d7H}&ECGZrXE4&R9?$)r8j?<#ZBS#L5Y&=R`_0D|j@B63_xx>UG39@B$sB%kq5Xv;pkuyj zoi|succ4=P4$=*lg>cEfe_@xsRnGMJ?I`Xk`a)H(_w0g`=-lE!@fvZCnR=4XNx_zZ zkGjrrUe^l&Y1%u$Lqx$n`Z0Tp5GuutPd@W&j~wPs6;hK4S-8Bf#$zhHApUN6zdk`ynAlIL#a?&V zgstRMSHqm0u$JxYqRLY0fOyviB2F(lUG7CRNr&xMYx!+v>CV-^uUFciNhgDq@Rg}Y z#%L1{(abx4@;6ii@FCf;nKODt_2+g>eWE&X_o5z0GB(s^g4TU-XAjl8aev9XmDIcn zq&}@{ir6{WU@w<2`RX3+NAz&>%Wnl1Fb6C7SiI;X#Ur55z*A#5xTP~Xk+O~#=0RE~ zJIGSd57zmSd>;Pe4fRR6Bp4jd#i@W;k+q{@p-cRLV%)UZdt!DLnyZL)Q!mf=8sOOL z#{8}`UT9)6&wE~TKbF9X8durh<9E~OIUYdio1wkmt1~gGZ4V2hlw5e&Wk8-py@=S^ zAloO{JM|$|E=*)InqBJ$&d#&&`@AprD@#r^;s^mkmu-+8>u9)dDzKH82Lc-TB}CnR z%nf{TWCcziupHowLX6d#`fj(H;LN4)-k=hLio$6CH#^f*j_TW%zKO8j_yZEs7fN`- zF1X-629CMB-mn2=$gC9~Co0~Lam#CX%_d>;?Cx!eB7Mx76E#5V+1b40eL(r@DW3Gr z*KIN1q@Jqw3Ak9#Eo>zY-xP9@IM&>yABcFj!&CF*unm5VK9R>iNvuNPv4Qc?Jh-dV znBk!H!&#t)dqY8f7|8cZCxA6dg^#j4m0tVU?B5LqE+_xl!y+?wpM(+IZK!WLU{~u^ z*h!x!4}i!RiGdYpjhX-jW<)&yElBAkUahCQaRCtmsBh39Dd zwsHA&Gizjig5gX|@qJEV)*fXc#;3A8Ai@|55)_hdFh&(`m*+el$W~$$6`edY=wOXp zYe}?^b9yT-hSgN!@3Lo#uit}ig(~hx1`2*hx?%uz@VlHVv4G3s=8ohIs2;rWNABxH z@@cHwKzEA@o^}(7@7$;9aW6M}wA=Yjb0*vsizJA)QSxb-R+=ei$^PV%Vcv9egcg@g zY29G>y8F~>PW>}$2ULnDp-|lOehDHIQN0>c>&eDyB1aI~ly+rb+2Mpsbj;R;2K?$1 zURn%7`=?9JxWWr$N^cHqX^%^XUf#gQP;~7NxaPXv{mpIroL^rH9IVXF75(+=pjP+9_Gc{iA*7>x-95TDd2GbW@r}%e zX^r2^4Xop?ySIkzI;|NT?ccVanDXo0?~NAHu(SzRb-mbRn011``o3ACUiCzjsQ>xb zjLM4t=1}ThTMq_#_qz4Cwd(gkzPVe9!uaCiRqTKg=R+TZ)2}A?!R*Y~ zxq=J?W>fd=3zou0K7Pr`18pj5^!khQNklu>DD$Ep@+N#tIwZxpZL4BHRR9SMLh|Ts z1+W_?$d?o*%i94k@OF6N0_*!R=ltNlsrbbxb7_QpJF+5*CVJz|`yVf#%SW(}P#Bac z_8wK8&nLANd#UeVA5s{pH2V|dnD@nqnt-44W6eBiN7{cKDHy8|``+I1jXHANcyf{* z)hE;)inWqD`+=2<{FzU5Y3ZU-_v_gu+WhfXmOHfHm`m;9PHlIB zo!a^InBJGe^KscIVH@xDU;FMwJz&v>e!Mu)>xp_n5nN7q;E~eP4T4MZth=b~s1;m@ zhXYCKC45z(hW9RGz|~SA>IBmOlLJIdE#JA&YED&Fl(U_^6(ChAgFr0HV=bgq>klOM-kxY3D!Y_y&qJQ z{#O15R5osR`H+t4#$|%UF!yh))CWGO!FF(mjh-zHk2HI^Wctd7oY|Oi)oE=@uKQ5ECBgs5R(L z)5dMY5BM+IsxwtAWX@6U0Yal{SnVGa3$kjFu)ZL0XIcqieTJ>tFCNW3ym24NN=lr} z`KttdH{#)Y`0U4Vfq-C>-)DLg(>=K29t!$rm`mhG&Dnx2s?D83O&w2Q>#DCms|auE zP5LQ=)E36~kE>a~c;l;PmFNLnSX}p7ML{7s+ylf3_;%(9f0a35m97;0n5(5B-;@Zz zoN_j64wp+;8(#eTjQwLyg|Pf3YP#}vmeDv|w`a6(m5Jy5^=nc7{s><=Y89EX&$89s z#o~jPhxNd#SbxF8z`y24;zRS@L@q0>H3etkMyPq;y z9AR+IPAP*%xie5$%ezO8H|$eopQOt~&L=>I_8b3rZyxxQ>0qkSaq?$0#>(6KiE@ta zWJ1WGr{r&elKLAknKm3PmyJ4<9LkR+Es8zzU3Ke6AKBkUwD(32A95psZvQM=aG%E$ zEIK0l+AVY%k~afLMBNcT$G;P@e-*k%loUEAJRwi3>@^S_a)_tDd)LVOfSR8h(eI~M zj70@jHTP4upR>BGgHLNg?h!$z66O!D zA|2Fy{KJ%j-=OUm`>dVe-@l)W6#bo+fIO}7Nx2q=gUSSKWWOBw+wTSU&rB%yL5xG) z*J_i?Ub$GDh_(c9kbWQz?k5~8fL@O6-%e$bjEnlj{~gB{vyUF|4r%=%RMH150^`?u zoA;Xm_l*qW^nFF#*U5YJo?#7U9M9VWSYKTmLAlxs@zB1lm+_b;;xt5jF&A%Cg$L?Aptu@q~7?1@BxejuF3BU#H~qkA`3l6yiFP8BZSs*4rOP* zY%H#m8DKQ%rgOv*$=vY`MOi#%DqVSG%`;QJFVSkF$5M;z{(>G};q3dR6dC;b^Gtww z4|V;B%T5q3;nn$a^)D(CmpST7`nG?c$=a_RVjD2wpx^!zlcdSW$l~H8M7{b{uiwa3 zkuumI7G7%@d5H5ql#A1N6K3xt&?D!C)L2Y@#~i|;lHcuwV4B6U#xlb5FmI=X2hV5f z4_ycUm-ar<13nmTx5YKh;p=itg+olgCK~|!lx?g$_nHbSc^Tv=#ruBY)^sMOHlv9B z!T9OLMBL*r`I!qZgnrBQKs!7+vCGv51pfnEl(mn&=Wm&DwmqU6g?(i5s25AW;C-}; z6O>AdbQYn_iWjiBK+WV-eIOQ1!G(F7W&uyPk-WD4Mnh5*kCH7HI3I%1?k2n`wk}*| z;X8G|8wz}w^+Q=hK3~2T29itxrvBzDQH=8D3R0dPUrx7}aR7KQ@bcv(Z*W=^agM)j zL zkS!mK8H?kfNwA#c!f;UsLenxlZD2W*?339g^6h=XhtL*&%coC1ofaU_ z=%NCRWLy5&>;u)e8)KB0H7S}8J@$vgr<9cI+zRgOQD+zaZ-1^f`@P#ZpdHnK4unuu z@=bFc&yCv<-7jn|9p-cdcye3Iz6R_gPM$z%io~U964W1_JP9}`AlGJL4rU)N%=P!o z`fxuq_`ORJ!)~fRp3j}nBP_nPQI4Gwe8Ky*ZHc*gv#eBvZ5~>v#cd#lEN{>~ z(YqKfTxxN^2)C{vk$LSqz=g3VK4L?)X=YZ*9*van5aN`Mpj|Iiq#ZSHGqs;uVwM96 zU_Z<;`0c}j|5d&QIGR&?b`Y6*oHp!P=*XhtgnkVRItEP-Qx;?D95r021sDE>hFvL`2R?ArlPo9pj{>JXvz$3JRq zCbMVXkO|DA06_m{B#@_9d4`t$IGvBxYdW1^d+$bG>uTLmx)Jh`&;=jxo|elx-oJ>4 z#e_qQYl&51IY5So#g?yT0h^Hq8Uh`Bx|32?R+#H&(LRZNl(7&I;o5VwJ zBY1ZsPQCm_;SGjI=+IqjDebxgq%5$}#~ZCt?qKLOp;7(#qAxPPju6gTm-m_Eyf4bM z`DwI`RvWK>C8C7z$FIGmXApGjtD}6mMvbb#);4fs>LxBTagV?7BUqCR0OPB^|yaPOH<y^frST#J0gEsIKN zqpWxKo{C5IHvQ`;^8^>UzL1W;jG=`c~+%!O>?!lB!<2Wg5D{=jvlJZ67kN=v~j zsGIUr<}H2R@6OY~#gn_FtK*OrGldQebf9Y~)45~@O5MM}E54~fx92m}+gHhat-R^F z0EuBfpMoXJLc38vU>izd)%WwZ)zB4S%k#1P)v*EJ;+Vgk-|=g@y<>+G{FC;sKw+Cy z_aQe>|HVF8w8`&Z8H`xPi!rG{N&^MTRnqdxyggopwy#0265!%T2ppIhus)n|R*j<->dopk4?N4+OC-rP% z0X{tU@h}p!Pu=R3D!IS0CMz+JU(dfm=rHQ7TwMt;=O1|(uW0*zE|DF{y(D8@)u3&U z^!PEMw!I)-Kvb*;A2WjX>K+pG>{GfFo_t|PZju+F_LU`;PMr;Z??a4&ADwp1%qQE> z4$LD$%jhF`Mtk#A`vr55NR$H5-7*OtK5#SKa}QG>$S7p?#TY*TWQj2DNeaYCa(W;x zmM8dnec`1Ju8)5%Hb2p|CRpK|o)75{YE?$8?Ss|Ndve?pbtfndT^;o6TjFZe)Hnby ze(`Oetz$qN&u}bG0)>Lo@1^bJYzeNH3@7;KT6IvvU!MdFGfPT(` zB~v_#?mCd{85G5ujB>35uEgdrrP2qTJ~F4Io}-h?YVzBv0sLm z3=}UB7U&V+AS4()!%Pd4EFMrC$sXm~M3c4^LFIf;H}{M&fDiSw4&Qx(wm&#>wMx~8SChjDrfjKR z>GZRUWiObk?{B}u<@0MEg)amA(FxJJko6z3_0c(im-G7OPl`5`OxSWRQN5El?bz(^ zZao?$_^fM#p%OkF(=WKIXoT*nDK{L+$*#)ceBTgA=u4V@7wz(Kg)>BG6pqyBjfJlP zJiHN&=?YZLP@O)0rAX|X=Na-82|EHMt`dSB}E2l2kf14I>0L-@@F?{J4OWq>|PuYQ#V z)EL!=%=uK*?AVhLT!;y2`#S@K2P;^Lx`ux)-hvIOKE^v-m`?j!rgSN>VxcfPHi5$m z3=@7{16K+1{we%}1HsC{4Re%IRxg3zSogsg($V9>G${8^H{+2yBYL=^J>RbKMJ&cl zP~y361~hwy8bwwo-6Q93tB3r%c%%US;4Mr6mCOt%h`j= zBHpJrzMR26`upMb_e7@4^sg__;f3~5WLnqTbzVx?AO}-99im(G+%&ixGGnAXR^!F< zKW_&g$)yQEeoURMjiC`EJVSMY>MZuZvRQ#FPYVvgbG6lz?C_bjwaJZXRqt7g( zokyQu>w|EAO0a|6mw=1*1n}b})*2uQcpTBBbU8bEV*T1nvC_Hv0aJz9tW%Pl8R$(X z_d@T8IoZ=--6~zzf7;KS?>$CA-Mh;E_CojQ;XqZzMn-rVgQs%CB!$Co_w#jHhG>4R zhc`$=P#>R$4?N1YGwFpsDeiZ^T^~KnvoOaT{dCY#kJgf<h1`>$2f41zLv-3M^ZA-0Svl^p@sLIB3yf!bCT=Umu)-VqyJI)kLU6Uf5`#$1M~;AXum`gy{bsTe2!q?eS|tU!M*GF#bI~ ztETK%ez3V^_`*^X;aykl0v@#mZ*Awkz%UTYNUo4w!ISim(v5g|l-yyc2nZorD0DTpjw?vd!sI6NTI#|*WHiayZ!+3uk-^-w4JbEf6}>v0x@2hOl39(V|r z#TPLrOk*-PXV8z0K4*{15rra==cA>h1oMe;p|@#6K|@75pN!W7kInbt2Z!ivn2YZ> z=l6`lvb^skndQqW1r5TP<>w(npm2d4H{t0pFwI=y^sF~{oO*3C_(ZL^R=;Q|bE1v6 zg+08d{8(Fd1*BTfl8XuwTM(>lQI@e2qtRa)Nmiko$%LXFzSa6K%oS0ouVGQ=`-VYH z8JMg}{NQ1D7^{)X8$rw`(~(u)sZ&eDYDo3FH|A8rz>}c?ay>4JWL@`*M)BEnUyCNr zQ|7irZK)KngZ@r1izkBb-|gtnsqtMG4bo)^wNy^n=2uE_PWiWBM`fvEh+8objZx** zXDM)o6pq2?Y}e(y+Ei_yZ~kouM!=%38sisDSWdhos6Jio*ItN~XNBe?v?m}YaUuH0 z>U&Vqd&hSX8q6|Wm@vERuGTEfcXNzdJ)Qa&OWeq>tU^qf=~`OCqAhPn)-mQ+N`wCZ z0-Pigj(IO~X&^=FKpBg_U#>!#<~=A<@250kkpzfNQBHo&uJQ_t-qg>3w*Ji%Ur z;1bHYQf^bG_*f|dlAnHA5-phXJEg1iM5uM3tEEAhgz%bVnt*Xm%(rtt$H(!)8JVI*kfen;BW5EV@*0t4l`nWAIQvcuv!9gA2CBM>raDVY;JCK@We7p!T?*+MMSg=vw{=-TkQ-j(qDMuVNWNLeQtNQGqO zXUQ)83pUw%-vMzVf$3z3L#18^#~%XcaD{j(l;D`ETjz8uh~tBkr5vPmGNPBa7T%v1 zHiygwG;5^0RG$;aWpvF*sF~m@bB`_dwT+&pdh&mP4QS@^M6@qN8RC)1H3EL7YUVF6 zJN1ICv1#ZE{?6(Z$xdN$NF{#~r2Q<5k}e?YG}hd-%>hw|lhrNUU`Rz=f_*#+@g<8g zVQ-Qbm(Ft4lSvrQZ*MS3+ug4Q+z^((CL6>rt3B~fr4Ukp(g89zHpFAlp2AWuCn;Q< zsRrfmA@la01!O4jD?aGFN04H)I6_lwkqUNvR%nnH0(ObGE8IQ$(6^OyBSOO0c1^jBdOJ;vi7_ zqD5b{M4sgV%6ZAkBpD|@>NispX~R2k%aj*hf;n*3xRLI`QF&Eh$z{T~A%HR>u(qDM zK{APhhq|$zL8iPzG`UJ9xm*>NJ6>gDSl_Tl1GL!#P(|mzhdEyC@6A&#gJ5q=s^N;f z(u<(p2gb7|@aB@d&CK)7R1;L0!VxB*Ja5k@QnZDMNd}Is_0$4QXxCf?Yw?2oOn8WY zGnCo4vzW1k%DB)wJ0mWYTO=Kr8})2>9K@(u)lqaB;r;vml5CG*$==vkU-`=sDQv_; zvUug<8uzc_@bIY*J zJuiyI&g6a0j49t8oEr&Gpc*`tj?eR8P0Dv|gq~1*yi9Z}>CUr&>NS?`KV^qfTrBO@&+1l7Xx(j$NECoxi>pEw^?0 zL>RB_YZ~eszT3w%MT^g%=Hb_G96Wwm?+kOpf(XODzLT|S=rCse>T&gpx~zMS)s$SD zu(ZCHH0o4=#MgnyK7QvZ65hD42#%-jWe-Tjk{f*jk;1mdiaIM&)JJEK|5*;XQpxVs)n!JUNOFyq0 zYo`Q1i&cD2F54tMvmw=>?*dNuI8xHt zq7N7I)HlK5yuJ8mL%vVo39BUa-j5tbh_J~sqs;*ZYXmpLli~KgBMbZ7Rq|3J$NcX{=cE zF93?nAw(Nc`fj~{IJ}}pxL$mjsz_#~OrY5m;q#^l$Om^4D?nO8pB}GRECZXbJ{xft zw%dVb>|lD+TL62WUu83iufdfEWkBHwZ?i&@{cCuHr(sCE+E{?97LIE6?s1vu{p8(j zBEi9aeS6fxhJp|ysN#t#xz+Eo288npndi?2tMuLcsLbidkHB|AepTM&njUHOm&}5i zAOi8HjyRF3|9h*)qjqY1$Y2d{*gXIlc zGZCcG@gi>?-v`yTc+e*(?m;UW!X2FnkD|rgtG$Gd!U4`$_S6s3^1=5w!O+FxBTT!jI;-tkR zOM)i*gl*WY-guW9m9PIwdK5XH3?F>lY(^W#thNUuJAL~@{VnRP;K7l9E-?JnQaFor zi}Oprf6Jru+~a{^JeolmF40fG$beGHuf6dyK(4>ncwH9HE;^gdofFwz?fD^*{?g~=Lcjp zX+!yW02x!DgGO2W$Vy#mbX3tIkLfT%^a=tH^g8JuP;>s&qdh&@Q7AH(B-#l5sSbq> zHXY%64Drdp5m8Wp0W>y<>iQY{QF+hKik1y`PttmwI1H>Cqn}6K@3B>AeXoi6%LMMA z-Fzqp;5q8`Mtb=mj=ot{kMRvn^ZO8xLzcsb$gvmhA!xbT$_vC)c{}&4^PK(WGzpKA z7KZsOMpZ(;yM07E0k1G|={RR)%BLcc5q!w*-QOA6GJm1)dot7MO2sgo_)+G0@IgkW zJI!x;+BS1yzfl}#_O3@G%f6{~6ktma^2pB`wN!fSGj#Qi2h*OR%NiHQYFi;syI;lh z-d8Y`ApP?!R7uuXp~c=#?yaQz6udg+~|H#87o0w4y@E`3f6R!(yTsSLXvuZIu& zxhrhOWd7x$7;k_?5P@jFvhNx+&*bM=2YVz^{X!&*?|TepFCN|$Ia7k;eO=SFRf@&5 zWA~P^=FOGZa^Ha3%hC9RJL#R5mr`_BB89}(R-sOMlG5ZbuG)B4MULf@x`46vo5%h4x?dsKjrqeM+@LZR+o7|{SL;Dze(9^IGJ5I zkG8$$`R`8Op>JeA^5Vdj2iUFREwI<})+brt;)~t(6;RAC>#zTDg-=Xib8#%GsW7GV5lPEX7dn0F zmOCPbyCK*L<}TikPTKVP!45$WKr(e6YSs1`0tN&S_6)!awtp0%E!Et6G5h57=7iLSZXAAGz^5NZ!T> zHgUba&nyW+S}H>XnC1&Y6@9v^(304T&-df|#(9X+*pNEY6OQBRNo?F|Hzkm$l|*zJ&1Gz`??VUpW^Xs#RE| z&Ir)-QaAY-%6#{7!iRVrz3mWudwvN6&o1YPOc9vKUk1OxQ*r+iu3^ENL6ID~t~c&_ zZO&z?>t@WI;K4+6d!X7MDhwArh=z7t7{RSd+ty!4y}3hMOA8s#1kqqW3AN9ReDnAO z^22}a!=^Yk*L~`P9MtD)FE1c5lFmA~j{Hi&MPUZnUt;ZTSTTPX>iBcn=ksF<`1~(Y zxVZMS!~I)qlPp$0VV}hf)&Ru6&c;r@WgsSvfp%LN)e6OL{#j=B;eE&?0$tSTr7%<( z0HO8?*bkxYFMbdiS-2oNZ-mdNvCmvI)YY&G>NIZV)1QVP-BU{fYq@x<9`42ZIjE`O z4cx1_0|ACTL2wfyGU^G5hkO(5X@(;~K=tZ*&%*$og1Mo*3WsSJe-OmtZBsbFN{rIz zvIp<}n*zm!cYbrOs=gQY^nQDQ{_SDdTiefIAw1GYIGLE3^WK z(Tbw=?iq`{j@%pWrF83K7^S= z^>2*3+S6Ra>?r^CoFNX z{YEk+wgt60eB9vksHh#`o2iw|%O?p&kJ+)iDa;E@IAQM0l>XGY!*u8H24g~)ztG-~ zxx{)vqUeo9xPtf&;8e2fisZE_d@aO!9R->jpOX%s@O?mWkD( zyr!W>mqR#isbbAXw+$`_7W<4AlDsQUE_g8)U& zvi@Di^2HkU<$DSqgxG?<@;ezD^4K@~`YLz97XjHcUxo!GaJ&VFM8K0Y4Tig#C!b)y z5I+D#tA;c{Y()^vKkj@BGnVV6L<@&qS@8{KlAVN`WK8?L+w}VkN;@KCpc8@@6fuGr_jQYGj+Vpc>t?>B1>?Oy!_>}DI(rPo`PduA(z(=7 zUEcv(x7fwkm5HP2!ODm3d70#Ge-#rmkH^_z3|oK)$(}Hu6M<>BCvsu6C!30>4yy7I zr4gEua?AI3R*G%{KKfByKVe<@-Xq_qt;cSU*l$*GEo20Sdg$NfNMZpzrEZP?9|uZ?l*7JV{gM!DEX|9dk2OPkv{%S@@TWCtpo8*RiwPq0$lbTJ{n+7@;y83j zJZU}vy=pgC-r$~D?#{tF^ZCfl$|t!mryhQ1s40!Ntkr(U`%EF^)Vx5csXHH&^n*`) zuYkQp)mKTMM}SCtm}c77RQ_|j+ri4SWuEx4J~b8@s#FXGYSmr$(?rz>P4vpLS?bsS zkqgss?2?1WAk-Waccx#xAvm+f1OWS}ngD+cG);G;oX*$Mks_WGeNt)QUQ^$07$D;~ zAlUG#{X%lDWvs0(&pvtUnH5JBxMQNf{!+&OL3VwqQ6aOX9~l!LM=9PK6ZaR9O2Gzi zws+k^%JS=%5y1A>%ve=+n!#|vSyU>fhs{=V4Zr_fSZ%BWZ}^ux}; zmhH$}1B0z2#kxQT<9GDRedNVW|K&5d8VJ=3elYPUE_ zJ&GMLM$KVN_;OeK@rpdCS(LB$J2@rx2kb8koemKKXpb^EvvBRwxP=_&PG#9l1V#aS zqMYQkmu0F86Cs>}FIYsK;OulA08YKxKJ+D|iiWt2a#n6WG=@3Fmg z^w$-plM`4O;>iavwXcg4`gKnfUX2-5{tL7?>V5S_2*>3^!CPTEzB=2qZOA_F2T^_Y zYjeLo52H)nGE?$w!BK>OfSlBkT|9d~b2H-$-`?fka~EQ^({yNp9<7?TPTytr&{12s zrGJ<%;@k;HlvAB+AR-^Nv3q_UsL#@$Y9<{r_-Sc$_<7fZkT2QNNna3e=Z`QYyy0f= zh>uZTA$a0@xq-S~r;%(ruhZnozhT_KtjCdT$cpvTZz{>X5Yh^DG0g|bzeHXy#m6h1 ztuVQV6Zw8Q8=x@i03w19;Q7reH~uD(Cz)JJ-Mn7|uMkywrA_?bK6rr^zGd_1MbWwQSxlj#YM8 zh})(E@T9EAYZ97k*D5SA?Li_n3HW0k?RTeM<#n-VE=KxM5|KGDnqGH$>aSgW{IvIP zetF8bQgv_q`WmfihGg+@yYT#Igv%NJ^8gvO0;(gby?uqeR9;VsD;4D9F3;BA{?)e{ ziLOYeO}SsjA9ue(^6@#tCljAaaMN41^`hgU>~JKeZ``87eL`dHz`;Uol6{#gtuq_$yxwz2olt?ZXWOf8GK%`>xRcYBhjym_)>O}X0^K<_al}T zX8B(4yQY%`U^nhhGxvvlo)|;uSC-BDEtoWZ-3=rycp4?O}@4Lhf|u z!(Qmu<9jIgA$B-qbZ}1{j>`gTJ+|caR7k#6K3Mh>o;s3XADo~D>$$r#{2L||Sq)Xv zyze1~`5A^kR8VJln*tf8@yV$5n~v0~>CP?*>8bS4SF3iMZ>9AD#SS{%PjTp~7v|Zx zyT$ruJx-T4G^(~KAhKre^O(0^@ld{ex1$Ef@49S=tor5^Y@I%(5%`w$?Rd2m9`Rrm z9}p=ZtoE)%e%mgP*vrS3@)n2PQXuEEXlw4Mjk3S)2<@M@dZiyuj8M$j9{$RS`YnEC zmH}U6&HjBfNX2ZFc2g|za{{VUB(n^{Qt0$mpFilNk1Dj2tQ=squ$XC`7BYB_F>pjf zuD%*y&rj0Cu;xS|-`?wh#O3j#Ik+vXdk$isCl2mkz=+rDuO>4~klRwjS0ANf*)eMF zPMg&uV(#_3ZetZ+ad*p$2k#%vjMoce0Iqi;b5L6dc;-ANO<;@ASuxSyKN1IBNBGN_ z@)((FIK+^AM*uV`T~_2e1b{bnIGtpK8^aiT$^5; zL7mg1j#Hg=^K@=nh5UtcSM9O&Ya`g4`6iCW9#PMcAY=R`GWGRF2ctq!ZAI8Qc=K>g zihWwPlL7fs;=`@xag&3Qo`iwCwCB0$%ropCAmUixoNSTy8wba7{J74hi&m$v`8&Jy zzqhL&?G>Y1PKz&FvqNgFhwJt5TK2GZ_>qIA9&aS!J>SU{e6RgxD)u}_j}mRarzu`% zd*KubuQRR8bYPbNO@2>{4eiuo_@uYsp%)oUw69URnXoLSP8X?;7~=}#4dF)jH{^Ko z*~yYTRx1?^euY0dYcQYL*R^5U_c>8MnlJlx$Pe80kWN6&0D3AyTQBW_Shd>_=6=MK ziH|gh>GWX5D5T>s-4=f4{16Ym6$pVqv6_b>gMJA=F@%Pf^Kw=R{(1PLT54l6N`R^Ng3j1Tt6rBg4&wrZ zo(h@wHd&>N6&YsPUO%u}Jm|xGeUHHzW~Xbl?UD)}IroctGb>Tj zgz(~aZ6T|JK7@F~h`&K4YW+Q%ejYc?r4~4n3hr|+D$6^!(Q5zL><@v$6!W(4V_ z$Ily)!x(`YZI2EpqSJA^v2yz}rs}G2*?K46e`}63X*H@6XCeMT{;_uHej?KBM}JSM z0HN{meh8aGr<_m((1$zsllF7CcMM7>4PEh<_)w=4FK`6iWoPDo*J=zM2!s_=czi~( zs+Tvie`=;5(x>Wae$hnGPx0Ll-!OmUAeW7D>Wy6dd0Uk_k&^Yh#0waG{HymChFVh) z(&4~O67Q|bn@^zm+sS>^+Mm`fdEpL_aZPAKJ9ia;D5rfAqAo6ei>=B#KgL$c=hfYZ z6o5Sm$7b9bf^@7>bu8sAf>c?B{SM-3IZ;o)P+3~)v7Yij8(sw%7xkpLRbj`vfyUCc zg^6rYgwLS_PF>!`oh#PxMe6+{4xgnsgu}%^mjpdC z+8BuJIteycS|@^7W9`q-VcWwg+1n>>P7tM@Atu0K@JKYwM*wwyI2ikFbQo!fUtY45 z_`YiDXeO`wF9pK|$HSmQ5Si+F>+}HS>l3nk!N2ov2q##l+NKx^rI%Oxlos%r^Q%2_ z2I>cI&2-dM;Lou)lSa1ZPmKHB>o7;y#t6T2*e%A{=Mt-p!&8}5^Lw787y#%oXwD+i zIh4XrtaT01ynk$*E%gGH#i*Cq$9e0`@g-PCpbGf26p=9_We@g%*;HplQCcomxrtO& zQ4usrN()c_eo#s31*aYm>|Nk2&8U05^y3HRsC3KJRdE~ehx`78@zcH!ms3qhPk*@| z7R(CrwkJtn9yhO!!HPT)es-&Uku{YsgfHy6{XdSGyMIIaK!6D-mU~?V4|)C)cVf-+ z@bqTP;0-OPKp>$LcqN^8ZS~S1tMe&~Fx2#YZh8Ga{-OPRxV7HYzZ%aOUPWM% zpL%mYp4zxUwt3~(;jdukSqmdT1leRCiLZ+0?VmIK`_mepH+HKdkmeEF~JiTC=6uP&c zE~K8{(YELx5Rmzcd6iV@QEK!We>x8L&SY&S+@4V92G@!MjI<3nLj=QfAzHa7NTvW9Pq_;hn=LsF#H$46lmsQNZz?m;-^EDF@DP~W=e zxC`PjC@PotFOxf5RYG|V;2q(QHI()FeO2Gj9!i=DO&c&xj@(WRuvWwq%J+H)wR%;l6kjDDEcZda~6KE@_ zwJdsk9q*@udADIFw`rO%o({pDUqb$Tkh1aYrEW{H@JxT-CTLO8$V*8obX+q#bHWQg zh$Ge=y?m{_9E<(|Z8v|q3!MA-t`~lpyUSEv*oWQwhizYWS@LQ@I5T(%a2TO*z-wYL4%{d+@uIz zne1%EU}wd~7zw{q@BO||w8_(f(*1)U%!#vKGzX@knvtfbzDx21lN@pk z>fvaA7b+I~sSIbh<83@BN_**Bl}qWk2Z>@($WFr1?D=;TWo) z9#J2@F)XFWJ3R-udM$%|b`z);IdKV@q>1o&uw2YS8C>~OZUDsKNM!O7c?XxbRK0n? z(8u3zit+~9^ogeKw-kIQ=$5LRhRt z#M+Wb!FTb*w9;X;H7K=|_9jTJUAW1l*X>SrhG5{?M#>?TB>Qj~zAzDXJS`vE0sFwd zf0SIt)X2#Ixy411NiM`A6r)i#YNDc<+9r@a<%>KYQd`4Q+U^IsMn8EL z3){OXc6yw214c*u0Y{KHiQIHU{wBue1?=ZbFx?H&dl{$$@Hb$66)ynM01v5o2$IBFb;C=bb2hN{Aa6o-7X*ux4 z4eVb$Y^lEm*AoSsA`w_T;3waEsC4O1?_VmUH#vcL$3_pIm*EJLQ4n@$@(uH+K^C1* zZ+#YK0?-uYUW$5od0n|+gYK$XjP6C`z&%2J?2`k8hvHmRe=J*qomG@?KP;nK6k;)Q zTm09pA6gC0ZBax(BtCz`jddRbm*e4onB2fof!2!0{$h6&I;Fw)E9_|Wnh*j;QO}Gg z;JC<30VTKj+QB{ic>h7Bx@`7co}~#()T{!Sml8h?-0|V1&k(Babt0^;R-x zzSxUY_&fj~q-&n{N??WcO--_-=IOob6;l+zeZ9l%<_0AEkBgY2SvW9TO^fYW_SaC;=;N>k2c z)-ME!Dh1I_{H2hU9m(5;-Ipv--J@1NZ7hExL2 ztz6{tP6~QdVF!X6J9MC7yTxak2Rc3jJ(S~_CU`+&_0K189NiAV?17%+kq;wt$>%xt z4}Z!Emk^QneuWp1Z_oC)tx}=tRpAEgts75CI8*HR-X&x5DLzIedn-Kq@?-Qn;kl%dlcg8+I<0O<}}#WwQ(@2a_QS@^8(6tw+iHZMz_nh9rtpct4T^6y1wQh@aypm|Cq;6r7%GL+$$(lUB_yYqFUR> zDgd}%2Y(a_&bWx4Bm-auGa?RkqK+C(C`sxtsZRxVH*17Q)Q(R5U$Lz`O6H}Hs zY?uTbZA9S_ja|T{vMJ}n3_-t|h~|;1+Nb9d;jVZ+o>n+E;ZrcqcG3I5$x4Vl^C`^S z9wOy_VPMpPD#_c_?dG)ib9khdzUgyNi%xjo|;hzf;cc23t8|P?D`y$4Wpzg*k zNO2RktFAKg;uiEfu3(Jhtj7AtP70k`r$&8ptZ*Yn7Nu#}AeHwhWPWYqyUCV_K8>*94Br!FBK}HvcA$?)22XP6-44 z2^a5xLG|4y)%|H|{Vg^2AU-hax>18@SM8J-LI}O(HyQq2!hQ~kBaQBD-fQ&Pj>w59 z%+JVZ2l@$Elg$MN@qx)GjoE;@jPrc_et|H2E|tBJNyRvz)({*|v)sa$(&x<7qVe@y zk;7ULL8LXO4{$0mXDFNWFcCd148Ga>d~r$|el#P0J`7D1@%MGOX&>g;ckg}W4t~oU z^qbmzX!AOsZ@jSwrC3#@Sj}UZ&s}MA!`Rxlmg#jLWD8V@BW?h)8+x_c^TymC7T7WG zm<(>r;~|y#Lj8o77cxFJRd{E;4%9MCj;<6!1FzL7D2(48^|2`wgNm#A{n62MtbVSz z=rnTTpKdW20Q(uwH<1wg=X4t$pX<3X&BC{gf!Z_6Wl2cK5X*$1ij~d13vvo}a}vy28(*x&S40VcW){eevZ~UvBq7f}fs_LVOZN+V4skZI5Q3_hVwp$NG3H#&q&M zIAHEeJ?uWAS~Q$r+UxAi4F^az8qH?;eXU$q?c&DLJBNzXHLcTA=7Bc|lY}3Gsvp|{ z3y5Fu`Fn4l{N!$VO;^B}dpJNZCAbjzK{ea?7+%JM_#mQvacg?b9bVIRjct8^RPOl< zmFa*UN|E{d1{n-%1YZ8c+~^CTdm3B-5AP8Gdw2ej#1$R;@S@Cc+I>fmrfEvQT+p7g zX@Z5zafp1`e$X&=V;04g&mXTmrZ9b=^mea5n|*Ft`3IQb7={E$c6~)s6h*%g@VkXp zW@Godv`!z?AacO&+r_k=xH;kNy5HCQ>VOg0yx5;N73^a9P!@2%31$5up6YhrFHDMY zNnDx~N>^N9w(lfPPE6blO>g^^_s_OIeulP4f7IzT0pgK?mvkp0^W$stezynxROytQ zT+^ArKO6t|fSOa?)26XRyvV<kXJ7xUUiA+P%?)b)!Sfat;niWkc+X=f z{B>&b0iqndKztpI-X}(FB`+D4&%FRL3Et7$`vAiV{O1gT7t)7i5Md7?m|$1alm5UU zFg7r_i_AAXoCqKHtlRk!D!*q}^x-qRk+ku!D!|*<;hSph+M$*NxSzaU%xn*&>r9ww zo~fp+cK~ppQ~FcA&dV#oDb#FWt#A)aiRJV?vUm2lIgxkk!vec}0kd4^jOAF0KCZVy zK8f|FK_J<0@omZG1u!7w3AK1@!lo9O?6h;w)DX+XQsC+^jMV<;nw@0wE$r`h84l>{ ze9%$tH2~}(X?HvM{jW~)=(pdwkVHi(NOW{V{fY4HBDk!D``d@BCp-WIL_Y$X7fEN4 zt)xBM&+-_7g?D}&e(IwID4cvwpwV~lf!A02YA%Jh-z-gi%a0~0=`qOq7vpyyDa!@(G(2rdV$K;x6oKtm|Z7`N#Za*@t7F z85bRQT6%`Q@-WZM{rTOXesFmYQ+a2ID~IG+{ke~&c@>x69&kbvASMz!a<126evF3( zt0?_tHvTqZN;tMeBqF_P`?)@@3&OB}hNd%{a9X_OG}XN~_dkq7AoR;&W;fkmo~&A>9W663O!L z%%k1!i}rW{gctEW4ESa1p63&~8O?`|$)xuaGhHUl{yzVdzAwV_(f_#MgmGZ(8&(8> ze;7MvypO-v-DnJ2@ys4qK+rJHdUEKgIsnj}oG?YmImDtB4_a*5(C; zr$2Se^e4g{RKvVbf8k-A!GC~Kw}h}r`u=3UjY9i|-w{m9QK^Yxno^fr^r5#t8OQwT z-n)&vk?DFQ0K<6qn0kK#7*^Y!dvVa<7CgmnluG z`Dg2;>y$!>MN}@MbzkE8WGoklFZFlrT;Dc&zP&xTCNZC-fYc^7+$v5;|U~p>+EcK{Bla=po<+%A*F5&}Zodtgn47&!_CEh+2 zBdg7Uj-L+ClQV!{HLSq7nq06l{1zs8E+AbgFdchVF0YXMpOs1We3$r|C6&e-|md z7A35dloN)j6yBhA_i)(}l|AEhRqhyM-aCd+K?r=1u)Zjcdk=Z}aWfm3FHoM*_TLWDHIQg(9}`!9czGFP~OjPR;SRaK4g*yk!+(w@wJsP()0d6m>u;?2+MTWMsMf*D?*WBV7Kr!qMFig z9%+7!AG8`9=IO4({X0S*6b%0kGAGhUu=dB#N7=P#A$L`zbN4;y33eA)^4_nAl9IFz zE4aIJ!O!TDpS!!|s5Ks#^oE7Gxa4c6JrTYipd0;e_D6Usu_LJ=)v>75n~j7b$R>nT z?@Qck=wVWm_E4SF0o}aA+Ik-9{*3p3p*gA+K)T|{a=%q2q*2XEuk}%ZQ}LeU*5p_d zrSgiCA+M`6Q4)E{Qn~m;eh9}CL;s!i`IXO5U#^w+#Sri@96LHPB|FW^OK_dN{NZfD z>GbtF>Ry3=4GDQESxJaoUI0oN9^suf(u04wp+o4r($wuoXpIao7k)X~6x17R*)kX{ zGqCASw@2Q_4SF`xQ+d_wg(YEsRw^29p|%vl*8))+oCTn`xcZylCg|0fHO)4<(>rXDJyA zM;1tD0Lg1EY-5-Dg>!HD1#e!ul_tN@+LNtIndEnTlmyI(xnt|dVe$Ublz6UY?zR-n z8ww{R?G@cAgv5#3+KaVN zfHib3?lQ_7!w;-TfgH#%(k=lD;RhZ7*|zZ250b!dJwRM=UaErOZdTMGc~PO8bCsQb zv4i*kgLvrgZCEg8P>M?Pn#KKKZB&iOaO-62p~2WdIRh!}ALz=LYex)Xr9$+(O|6K!nPp?siDvVi&qahrJCS$;|wDb;`e2l_8?evUu^l#uLg8$ptRpg0ZK-MP zesv37+w5xa3z7IxUm7~4*j=t^uh;Px?_Lhk+hF#6+H#n~9fCQ6^_hNOP1zn4UOf`+ z3C`dH#m=u~F+=ZLJx^y1uAgVqJ*^YNpONZKvVW2Dd@G^Wwm0hZdzPbp7<1YLgRUuH z;L_coxrpmZHw}znRxb63yUE}7t&6%0UpT`TUaw>M*!DecxgcDToYoUnSZBMbsBGgC z{rbDlFeiN~QC@lfx<`3i`TgDFJ}IKlN9ZGiR)XuC>}QG@5yDiQ9Jyz`JV;8doy~dA zUiSDS+?zGP3ci!C^giDb zMIf>Po?L7IhxMC^a7o%9%=7Y0FV)LGAzK_*0JxrVg)yz(p%D!XGB4!Wvy-7Fy zB!#bLzZyiC=s|tV1ZLMqA63>f_YCAOwBIjSnAF{!NNNJq90roPHtHKD6o2dVr0@A4 zo*@31pYHw)Ux_N;>FTJyVgm?n!%oZAO3ginJ-?6W(Is!UJ;2;v`N+lNVnUp8XC*u3a}LmU5h|Bl8>0&-YK1?NKgfc5G!cJ50--Gy#qRd4}Z7c<-?fl=BU2 z!clpAP+Ph-!Si5a5m%i6U1(&0Kr<>|6{2>}H=hFSr>+u|YOvtX3 zIeC8Ni&Y>0G*w-~X{Z<`x-+OUoF?2ICYrKD3Y|DGdiN@ zZF;L0pYsEGNx^P#!f=exakdV(Dm@VKBV~h0`eD0(GT2W^{K}<|dwO_Tps1lfh2Qf- zXJlK8vFk&Q7&uR8zOZmK%=bwZ1tRG__o3_Y{iK&F!xkFxf`r_jOd|4@w8CWMyqY*4 ziXpeVcDZG)A3MI*7t80o-gG`kFM0}+oO0uj;ul$!&+${fo|-*IF-)R*n8N+5y6!!7 zT`Ofj`@A}TgD_WU;S0GMRB3lf2Pu*J@~`ejrg~nO7Nj?hUt#Y=Y(v97K!N|eB=ltW z(N@}UV@khd%JgsZ%F$(da69V6tc5Y^t9$NK;5_mQ;zLoaL$K?La3@%8Qvue6tlnz* z-M%;W@~KE1OrV8&yKvuE!m9!CIyleL7F#4I&-=aD1iSj{w@P(u}ft z@~RMNjo(Z271U!bJM?hac>kRgz&NrX{Ky!ivHAK&smp^Ray zu=_~#J3GMlD^b~Vev}8^&{@E@AR?qUFLb7&1lOrLSLMV&!Z9lmA=deyq|h7d9m7En z^%p&uCxeC@4|qd&+n1uUI*fOSk#iRn4#r`qCzJ8bi8tg*xgX)db^<$IXb7P|x{wdG zula6aFfYvGSjew)*PqPNMkPRoE6!h$-YxdaU@j0F)8M^6z{9)!?7JF`2hBf4R%&o5$)CEU@WFoI!%a zNr(?;p0}SOh1+u9qo`{RZvv;31Z*zq=bZN$neK_LWbjX2c)M3mKAyf=@VtG`nsOq| ziIP>KY7d@g^DqrUuOQ87`$wW871;?N*}$q&Fa^6zTbJ0{<(fKN#k(2YpT6gNjkCBw zUhxi?#l?X?iH}j!O34rSOKh#(W}5t?sBaDA(0otO3288iItg3;)Mf16vXD|Pn<@?B zya(eZnPD|M>LhsdSu6jj@~1N5lSSN@U5IK=0V`QAZJ%_)GY=k&K$7~UiFjIgq~zr} zu_r7Kr*7p0A!~^}nGRKRxQ$eH8I;#;i-(^zKHfo8%BKpg+#Nw+R+;rFF5YXAKPQ`l z{#fER!}I*E9Xcsp$sP8u2_I9qO5q1iscmCSa)oJ1M4@uNsHmgjy+uJGc}f>n?|WN{&iP&#Gu6Y&I(Yjj z0arknv2Xg%cs?KuW!q6J`u0to8$#3{K5Gp1SR}d+Mnm8io z27~V*6Aabq%T2#u_`irs*=y?f@3Cdk{xINQUe;)pb%o$b{YT z8DY%2$Ws$5W~cgK0MZ*%(4F2xkvRUOqm|X|?FOIQ=ez$XsT6d>9nxM@1923Uev8(; z1WhwJaDF~4Xs4F40k8RoxtA(EqvvCR{M`KG@ybq6P#(z${&u}? zV-Q%!4q*H0!yf#E{46TQkHlWJpLH!7`WvBed($1o3aJLl57IiHhG+i(N%IVs^7Q-Y z1St50579E?wTIa*WLIIL=ZQ*(-p0Pb0M<6IU9B=fDm=YYX?QQ+KXK0vDd*t;ov6~x zqMva{mwtjiY36deom6v(LywlCYZ)(d^viQ5{*Y4pNZw1g|!sU5-mcyY+}0URaR zjB6+Ss%h7aSfL6=h$Sl$`t=^{vwIAJ>&5$>exFc&Cx>kgsf9KgIDp9- zYU((xsaMaRF?_)gc6Ogji9@;v?)H6GqdWCXR!XdaJ^;8NBf839@Ub29D8%5XlsyBW zt7-5d^&GPV%s{2;7RLzsPprdHsL&oc#j{09D{3&iy_K_HbO^+n4I3e+c582K#%g zk`cM-&?x)D+&<%XoaJTB9zI%R2|ay&fN=AHL)UnL7Af9OpPc&cw+@ z1LwHc_pO-mIXm%BX_Y`*lYk9W*cE~|TXR){Mwb9mWq)_n3Xb`{DN9cy(oTyrQrG6R zkE<&939!6*IPLF7jqASZQW>0JV(+7Bv&jktL-dXI{y7x7GYgqY;9|gq=U%Dx-HY?Cp?cs((FLb@&&YqQr&Y zY|8hp!edWiZ~lYcm4AZr^Sr6hne0goW%tO^}@VTTR?{ zPvLF97_bYzR9(Ld0IjHs@Vg+8L~^p+V|aK1ou|gnvfbF_69N)e(62ONs~7as>$n~u&Z@z zG!dtM++YcYBg2T>dey%otOKu;1kf#RiPdX+ZWYLcB#{gzy3j3eJb>pv4|r?56vLqxjjZ`o0IJvhvNp zkMgv>p9Xc5P~n%ZXn$>$1%-v7T}r`hH#MpB%c1UbbOM9l$xWDbliQ~YhF)Io1@MzH z$HhmD(uSZBM5|-|K59s3=y!QA+xm23%igq|Xus;)YNQT@Vo2YeueT~=O$RE(pEXn- zfqmD@6243O{Tx9G(76WdoFt4ND?Twz{doU~vvxZv_gk5_9#9Ae2l{fK7?yLMM{3ks zU&2Pc52T1rICcZS_$FSS*eIDsm0m)$;`l3am^_&*8tT`5o4m{2pUz)r9B5&%$+Oc) zun!P$4U*TuR8(B0iGV;AAWA0_7BG?CSD9KET3bI7SQ4IXfR6<_<*(Xt>7U^5K{HDH zc>E3D0{@ZUO*Tqw{A%2$tFOsaC-78bAMb|-C9n%ySbw?t?a%lZt_?FG70@M0-{J2W ze{%BlIVxWrJn4NZriXF4-*556iJL=j=U-qXq*Ywct$sep(aYq~?lmHV`i$WEQ|s-q zOP;DMv|*o5e7=kH$JtG@k0Z*2RQ7HX?swb%_POLm^b4Bd!ZEv>Sh)(>3ay`!`2O!o z0>6utT7?X;gEWf2qtes=4jyfi=FfUN-Vw$eD2ektokHgw)f3p3AU(K5uT2!V8v#Fy zH7#bCLP2{+nNb^4Uz}k&^d|yU??dl1Dkj%)V3oz23qtUS_t&}6&`52=5Z_$Amg`iK zZlYcM5b|vJ&_|ptlId%%h^{b(`+gN39rtR~~j<;ygR%R|ZD$TJ?3 zIUX=Kg>k=!oH843;~IaSTPqHieiRFFg%EcsidA?o@5jC;O6ptk0oW z0eLQo%+<1A8kPwY7MXPSR(?s)McpBgeT+zay!02Qzwk$^Vt_O_=g&(^mY^6nSR;xC zjP;m3KPdr6ZHj=(3jd3o+AhnmytV25qd{&y`)uY>{s!&peomXXqQQW-gZ0=h=Q=(s zpN}$)XTbNax$&DAb>x{O94NBBEf~Ec^9ndwbKw@C-it4cIzG-MI{@ItC}5xlMP2-4 zJUyVG4h#8c(l}5`+4t?N1U?sX*H8A%-S$W?6xo*h)GfHw6y~2eimxOGI*%%|Jb0%+ z2PB5?f;!_U?o{Gq>b%D`~ik;-9|)Ag3uSZd6r&Z&x!O z5%d1yMa}JfuxSl4AZFeb@}zFrz&?O}J+4i?XHB*oBY;8{=N6k^0{V*pG~cQwGT|V{ z3zm?dCJ6fHM@Y8AsrT*UQ=lKMCM21kR%E&jM4fD!OYYyfQm2*DQiHXUVx1iM9wm8e zez$zzheD4mp5)gDP0@Uw5`%9aH(;92f0X#R58+Iu_S zUxjN?739MQEb5f76&z`U|2Ulb_R9+x_}|+zzYA~DpwO1M`cnOFsyv`Ru#b0p4_W7~ zfHqUN7y?Uux@glOx2lGhzeD$qICCEZNi|?x*ILElYig>na^F=O8)12~y$&r^#g#s66X_n81sKdHZ#2Y||!oztN2-4F+QPR;dE&#ZNScib{h zf|cke?H#<{7u{}eL2k_Y0lXeB-XrA{39ou7VI+pX7xj6@*rW9~h_pHgjrYF$Xmz&x0gggiKSb{r&0=Oy;Zo^H zL%l2T1C}uH@pP5J-9VvDGT}Fhj8rt;!R5OYO)xzJ`=Hnt@yND>+2P3HRPqn#F{Ra` zb|+^MtUygED6=?g|R?5$P_nCaf@$_lqWYoLo#!%huHJM8tpRDxDq z>bK8sfktRQ)Gs8^mg@k0sy$*U)e|Zv74bTmv@454D_r*4dIAN8HbUVW6H*ywU}5>6 z{q1Xg_wYND_AkS>JmCzZeB9DtPwS(> zBl9NSo={eM`>!X`tI+Ne46o07`-Fgyk53fEOXAfY)!DuttrefoLZT@r=dWKZKvL1u z=o#se8eHCtc*=;V_)Nzdwkihn@84qZ2(J~#<$AL3)R+3__$4yr{0A7>O7ic%xRm57hyZou|k26qE4caW!QkK)ZGsB-y{&e6_&b*_g+;b`LSz_f=N)RPO!o zuqt?H16-*#4FmZ;Dc)n|xVLqMzOvLZd+PR-LKX&L_{nC@BcVhDBs+<8+`;}3(ArRhi zV~*E*4TdIBg9JrtU%JkUtI}HN;yj5<`5HZH1RZ>e2u0xbMMFi01LjRJ*71jhSW^Y| z3EbY^QGar%zfMQEVwz?+wy9GJN^;&}=^lN@cxX<7Xj!rVo$QJe`qdDM_%sQje zFbe|MV4%2oGS~MzXOZ$|HSMXex*f24*2pmg#hOKq#=OJn*8)>!*>@NQOmts!w#g zUr8T!N9R^&*}hngIUF2bC-QCbGI90;=zr76=W{DL*jVl;Z3*H6emtPuq)uf~TRMU4 zjIB@ZySzFz(&csR&kq&uGEt#8;J+JjK#U7H5Jh=d_&I%S=A62Zx3;C06;_X&jRSOK zxSMmd(UrPABJu;U*p1A4t~!{~t}CiGY9`M3TJpmxU61)%Axy93Th5WM_pOCBhu>$5 z*h2W1sY);({&;+a?m~$1#~t!>)W75kOmz)n53~aV;G7zP9yL^&|KwP))vM>8E6z%) z2)R~7GYNd}lP@HX@H;uMnPZGD`r-GE&#X||)6E@m>dZX(?*dz{x=B;mG2l&*PFZR1 zbkMNYNYi`LLd#vhx;k}v=_+SRQm(cxcC{X5B(0~fx5U54NVcd4eaHj`~?wtAMtCrq}S_r7uQ@5)@+8* z7lo^`)A@JQ8Ox*5OP+bQbGUXfO4z$}O?^Y@Mng8*P`A@-5JN%1=whzhqO8Z=9WN>7 z+?;qqyAHFQBhYEx1#M_NY%-gWq_erEPoOlFc}_ zLKxXAbd*^BOpIN~J?HlL@CSzp1#n9E1a`D*App)f;oiNt`usk_$@Nty0%xpw+7(MlJH1j{gqHpJA9hC@!~~O^m*~}eG$Fl77L?YJY|?{HT<~owcsZ$H6#b1;jCdK zj_4J~4=lne^;asWkLOOTZ$Rt03557@4C9@wW-L^}=W%n>y`)@=(*m%~F%e7wox zfQcr7tL)LTMl2jXYC+eJ*ND9wNoOR%RC;Or)2EDrw*2F-U!i*Uj*nm~9MM_)lYLD_ ztR~lBn2mj{u?dEG{W+ap@&nVbuWocXu?_V6T^JQ(SeQAwj?r#kTR-^V7Sd3G@r{f& zf6D8lil19_kJz4C#)tCZt6e2u>O}O(U<<`>GxxLkvk}Y8tPQ#Os`N%3=NT!0b>h(P zp4GOy^cU_&HZA-Z=Y5_Ld%~<9$BwKPp;2x(rgBc{YXiXj{ziZ-Wsmv24YY|L-B*3O zJ|2ULL7J+b|*ER8S-%H*SfIX&I8IAnD^m24LyuxP>(jb-`^)RT8w@3Viz@0UoH)c)e_fW-| z<%f;PWUuDCLYID{$K9XUD>f5pFCyKUXC`_+GfjU&e$JTBrD{JYNSMQ6yufZAxwQgc z>Xl&(3bEOo;ru>0XD9V)zuPAxNC|C(@kM(Z&=i7_e-`^I`cb5`T&)hm@H5@P3uxFd z{B}Pf>1TGZs(KHHgSiipw>1+RY%*8(^yjau&G3k}J7D7|a!zh6Vi+z5c}4VmNj^**5+WXwR{G_|G-Esd$UZAKAq8Pqy`ZA$9a6rFBA@I@>M+d6*n2IuX@j`y^#U8EDojx zO+2_@=Kn2}fiYiS6yalqv`#*1)7NADdP!o-a@S*lwvi%K_iqe}Ssr!GXhyDoL#B@d z*Sy(6hMI385Q(Cm;yK%q_wlYqrReX|Z40OE&7X>Oe~d86*r9NHmg}mhaOh0599;t| zcpn~ZaFHEI;~GzX_(sO6(T6@r-UuNTi#_*3@uioa15n@Y0I0@E`OwTbLtE6prP%<3 z77H@KkHGyErVm~fwa?UMh% z0$1nT`FvG=+50(fTVD@)AF@h}fLYy08DCn`40Bi5Qjul1IJE%dZ7W4u25lz@@75kD z6!0C6dn$cHtCyCzz#YBu12tMF@gq9`ExR({L=O>SR@P;&vqU^36c{g5Lb#T-r%ql6 zx}V*89>+wG^78h(2Fd-hKHNL)4b3RLXTQDt^Q|{;vq_{LQyIcqek>!%H_@;cL-x~v@YgrcD3$^jcWAK-~Ueg+sI&ljB~dKM!aKm zkA%Io5P^PCpa^JQ8;vibk8h}&Kvo{Y{$;-l*Q@TQj1?b_PvEg=hcOCRr|O10*mwCU z5S*m4-mD`Ur@Lm=O3us3=|tFHH}V%6sZK;@s&f z+uyF}yc!l9U035rI-V>m>KT#%>zF*`eSbBkJ&|UAPZy*lZ{WbkzKaKm`1~9r5s@*4 z!2Ynfng$3inb~dy!@sFf*|cE;L3J3X_a~qs=ioYuCxy+*y|mPG+>1AozufUVNXc4V zakiFbeL+v+i$)`wPP48#XdOWn0cRgSRe6+#rx7}jBZ>j#M@fq7FNUxy6iwj3$Z2MQ ztUw~Pp2YhDn|dR+-XHTg#=(I*oqVISyhYGtt?6ZX4@dq=P@-r8swlBcy z{AgZ#k|yC^R{M%B*{W;66T;oOZ|eI5O$ed{Wsp4Q_@#=X3TPYl9O$x)deDo72_4Z_ zZ+GJHc1AZ>|Di%Jlw=$1I_f@K&APeUZ??GpAuU{`>s>pS1?LhQ6;HN3$nv{qDwI8& z4)no}>`slel0mkcYpFm0ywZ2JL}=^4#=!<4XhId}J4YGpsX5xG*zLhO!1qi$Dh`L;UT zF8f|asJaxS*QXW)^>afjb=f8oDu71lpG;_NWb670)J(PIdKG`F^jX&GY;Gp?E05*7 zE-cZh4fRVYxkh~F79A3g;z{bq=oMC*ai*`Il8Q$x2NL|>p|D0}<0~QM*EEI(`P?R- z>>IgM>FplYXNbWJT>MxGKcmrtJ!)p_X8UaWZR6}VMD~2O#J=_if8V7l!83U>?t~9{ z;n-bgSXe$!iu*ocs7X&18fwut5%d+nnyx>Cn{lVLSiq)z&!kJxC5#|%Py=c8wNGJlSi8(*ja zMr>6dTH!|$sHUWuA!v^OVzj+dn9Q2=T=RhGq~3ke1B^iN>K)BVc(fLx4@wl1Y**+W zi+KG}XU6$AKR3Q?vgzk?*whq7`<&H$rRy`{9Al>6 zm%ZmdZOWu5trNA1ZV8|A@_C1FNB20Ig9ttp0`~$zM_Dhcgv9B>Us?I$!tZ+fngSHo zQQO^fbeeu`Cpf7cPBCnTb^&Y&$o@GKc{CP-{SZQjkzv*LAcv2^c-77LAm51#(t%yk zE)j!qZp@bxV+6s<%`a17Y54B>;b}isR+lh-&ik?Zh#XYbv(0&XcK5TxiS6SGgu0TK z%^Wy(JM=aPrihZ!6#l1!sZlFc%R!M~k8*QOpH+g|FrV}YTX?}#)zVABr1N@K~qYIu%#rO2Q%gvEo#Z&c|pl9R~ zHy<jj?d@sbRX0krm@;%t3&Kc!>ZzC-4}BOhN~ z0PYJa0#oyRQlq}tad2Ef&U>a}p>z>O?Qbu2z0DrxqdTJ6=@nFv$!kKQBoM86cex25 zHng_?u$IA#>tA{l{QD;AUo&SSR=QL`2~FVWe&gV+v61A?C42|n*u0i})M)MS?xqUn z??pn>mnUzkM3@lHT;~n_Y%Bx5%{B_peBnm_qXo27Tt$A%?^Lu-4~hPm0XI#PMUl zo#0UR3I{cbRq!>=_#RKCNggM(-HR7H_%_o)fz`Yn-(9LN_IKvZOJ+&Y%rjdg8F@qo5u}Q9 z-9Dj!x6g7P|C9C42rubjPkaREV49O{Ugl`dmV~is7&U(Unm_fO2r&QT7T)p5FMJb> z?j_pdX}wX%ad4Pp$ZYaraLV8tpwR`BPTNl0{N9(Lzt%`L&gH&ctAi4)ZC{=zPlmo9 z@Fc?BCiitUGK$nTY#t!Ad8?l0nw>A8j&Ak>;{Am@FnwDFue_9`j+j2;@q;`a&ffha zq@V+Kyp|X1&xp)BTt1w)D~-d%+)r_lVs`;j0;Wd=7C_@o;)W82gn+ zzWAcmd>M>ykWg3-M!@=6PpTn?2S&l@9H~7{DN&>X@VH{B03%tw+Z~^yd8lm7OR#>j zLQDu;rQwdbDH$h^x_7_*g(B^_>nk*dQ=0P}2RnuH8f_aqYw53NJxUC|AMGlYEU#yH z%a&g+eqZ++3obCU0-L+KUMU58f|Op*i*>(0=+}&=L0PLZfo%N@(cCySYv;X07?RN4 zy@ZL-#`o$TSoRO%A4%ucrK%D{;lBh*d=wE;qJRY7$U!9s;n$zdoVDhjJL5Qt&~#T< z?fUlnc3IJ`Lcdc1ZZLb)0ZSj$S|)P~w%g2yG8L=8U_H#+`J0l1%TfhzkbCs?Busn9 z&WuU!T$(MZs%6mkhzzX8r;@PF0!jK=p+CvZ^!8v#*?Zt%C!x!Yjd;qWjqWusE(;F8 z07sz4Tqo!9++SdRVB3UmK2Htus3vSRP3MCwI}*`5-v>e1MQvry6j~>NKvF`XLz@5| zcT@Ttt(TNS3qc+IP@mG=6X%-yjrdoUz0LZ|Dfh(^rVpH$#;*ovLg*;V>}4_peqcG} zN^t!!1{f8WJ4Gs!r;X9aL@v!|=!5myUgzH)@JgLx{vug}`=KBA#tTmOw%g^+cjn6K z<9~wi;0eau_4Cp6bhPDDOut`qj+1_HttiH4=ZE1uz)!2k6u-~LbZV^e;tUXyL=`eH z?wy8{=BIW9+J*G=5rcL>u=}|T^RB#t81;Eghc+2JuOuQbV(^aJy`G+6nGRmZDi|83)#V|TRmJ|5}zHTG-urH3;;$e9U(m0&@| zZ=ujg)aUS_>smy(xemYg_t~7>2N7@5ZM79bek-S^n^KdRycl}_)XbSTBn$3Dt)>`Q z&K7<{PWu}@s{PY6NjZB?h*|YLvS-OD#674?eT3H4A^LMxVJc+NTLVVxwn#&t@2cW# zt%bKxANqkL5o+qC-R<{)i`52bmRb$=je|JUmKmdA`2uryKiK!nGfanDGUDGDEf*~k z3;zI5%aQdTuB+`=IxY}GutfMI_u`;j!17qe|+v*|>V&!Ex)t z?3p?QVQ1$=slwCxY0~hZ4|vc$XRI`sKIc=1Berf|Rg(^H6x^-BOCZ zN%#&$pqfW6xX>=w3rGCDIpQ6Dw~PUWd%q&}?d~hkUY4%&HPPCxrZ*%+XP=T5i=SFp zGrTW@ZY-fq`mYX79r42HdGk|oXLVcg>mJFQVdztI_hj(bs52c$=+rY6- z>f(LYM&v8rS6c3f`?|8De&Po`vNiTVS0C%%#mNampIA0xlfq!9hh@#H}99_7Q^*BvwJ2$ z*fXwP|26%mN2nRB0ZwaR=v!TzXX90iGK2_t2HJ%0s%jnY`d1!Z_t_&}k~0(p>S#Qc z_xG>h3gg(*eRj=XIUy~nxgKtLdB~`JkUKJ(@&Y+B_Ed54`c->W7}YFCp3+0|(2dw} zt4)T#t>y=+p-Qlj#=DyDduM7_{hcR<2k#ASpFiqEkDMoDuTC|x_NVIbQVhtPNjcyy zS*X`Hg301!IzEM}d4JNW_nI2x3VGrP6Es4yV>{XhPK!~!w-EBqTQ_t&$WEVhE3j)R zUqHqK#dVyT;}6kO`P}|l^Hhe4kr@hxyRUFRDkA528>wb?ERHL2EmRznI>SO#HvP3r5WLV20 zX8uvS0(e%klF+esq>0Y)X1h357Qn0O5T5GaxFp6k0S zy2zN0FnZ!(j0R2N+T6Q4hl?s<)oMpZmr4EdVo#r~xe{Kw@%?S^OYu?mN>Aw`s&?UNLA^36aS`2G(I7$fy*eiOE*E;23xi_QM}OQV>=y>)57kV z9N}6qUeX`8mg5|b?YVycV_s=({%MGxYE>*C3|fVLY|Gdo+Ow5&BYby4Q@>4y!ye{ zop{|wl!_jq=G5#yG0yV(*uxLla7xdNAM#^ap8V6S{79$t2b;KAr%Pw{XmUSXJKS;r zKEa^0pN{j_i0L!h+~y6UyoJAW_#Am#a9(m!WYl;i<}aU(M_(uW^9jD!+soO`j3kFS zVD_EJPhcEi8l ziNg!7v(RWh5G%8bY33Wyw_~=rbyCj_cXd-Z|SUTftk<=^Ak#FB&(Ix|U4m`U|kj zbL>QExwFiqZ^>}}H*V9zV;w)@yz}y<%7PqoKz9$_=~0>wu;iO;{rTQ>1$H2K!Mk0u zUUTv9W%7h5-vf^bCc0*==ARoQffG=Me?2^Ek-nYe0WWTdZIt|DabMhYKi<^)yvJlX z;`9oa-O&~eT`4E@{pa~-YU1G$IBAma{G9mNIjg4%c-vq9_0Eqvkq-g6&CDQT!Q0!O zB-EN8z3S*Jvnz8pQ)WH32I&40z5)GLmwD_D<2ZG%ji#wjp~8vk0XP=&DJb7^3L?3T zT;8v2)4u2BLQ?nC(J1u}!GC(-FQf6*z;S9%;f9Tgwe?I!hesL!r27s&ECUR9$vh+GIl&kVM--sIW)OgS-I?TU zm?t#wUD6c<9=Hg{x2M`)9>li|MxOG99y=FsOy>Fy@3STvq|{GS*t%q|#~_lJC#&ZA zxm&6-+z%S~*wuh;TlK*W5!~#}sWz_AjOWn+f9AY}PW~6z&bhx2HGGG!_MS?aH44BQ!Kom*{4&#p+9#q@@fV(> zbia3IJuY5toa!DX;FAeokc!Xz5~7Y9q3T&J#zc0qd?X1PA@}10Z-m@4;!v49^~B^m z4+<|LMw*!%tK+9&Gw8>g(5{&7r?wCM>&qG#P)@Kp4?9YC<~u;bv(wQZd}n$6=POL- z)Z^r-Nx?=@(Jb*hurSWS@$Vl4NV7KB$Fu6+p$v)jY+nKxFBqi`uaNuUAsKGDHqcjU z50ZM9m_@LodDBo{i*PROPg^t?b~bQujIfbKZAQyfRSmCvPqDO*^=TjROK@cry}65I^lKou-o8CPp^(>)2>4e(z`WtX6v`h`QvBYcvm+hJLf2-5 zX4+lBz4DePbY9@Ng3T|fCoPE;O7rWPr55-&yz*-Ac@YlxWWS*5E=Yh^G32vxl`YA4 z6tki<T2P%pS_tmhdr%iQQ96mEn}4%uRl-7A!ILc6_M$mrNlnRft_-%&|ryg z0dqrKA<^h#u{Y0$r3@ZCUihiM-q?uO*ZUjB;tfW4F(xdz4MlOr`+ ztYTq(Nj)pb3}dJc+2xaF5UygcB3${?ot^!di7e(`pmg0M$wZzyfJ_DKRyD@>-rN1a z*>%2gvJPZbuuu7E3g5PTU$~={Hh`}^JeLIFoW6|(r_p7nx!>+o%)%OBFiO{?%)R8; zZ9oP*4=N0Px)>(0@-Lw+oZwuE0hC|9F-|3}nVj#P?Yh`&2SV zBRZeNI~-}nBig)S$%N<8#|-5P?q}Ss$UocXJ8>J&3-iXBELqJ)RRUFT>Y5S)?Tx>q zuJK!)^(~B#-PhfHJ%LoV{fJz=Qly?U2NO!@7;vKZ)jPz5BiVd?OVyc!Zyzll(dXhM z$6v&wE%N~zSOBPGH5zr%zi3-qpIc_QZ?swIgd+u0n`)j8A460@@Jjg+)n1*}AIHv) zd}_$WNBMG&uNvl*3+`zcsTWU{nD6k!QHlDpZ2ryE9w&6t+@f#UO}|z}}55Mtq)*C~e|3bCt1F_9B_YXY~;%BKL-WD*pJnoPS`ZCWjD>%GL7+Eebbvo3>eH z%qQkRUB}z>Ryee9^ul4lAK?o&3+sJE{z2rDoM`upc=&nNJ4*i8<)m(Ba)YVq9MvY& zO-aMA8RSC_N5i(}@(5drQU}?1j8E};aurC%yK!spUi9Is>2<$V;62bsbNoSCAb%_F zrMvv`x&?js!tUT5{37T}aTA^Y0S>RX?_PF$v2xG?7Z_F6{;I|dM$ z3ni-5r}<`%Tzzx0qWRMfxDkRo=JaZv7>|0F9;&dRk{;cjRCV96Hq zw;y_W#oidv?dll?4BE-P4PTHP=9X3JmpEq(e_+C=&KimuMTL(XJB6rqW zxZ?(IW6xv!YBjpkEf3GvQ16AndQ#$-J)v!XV=m~ec6@D_)yD0wapUgEZ_PW|b9_w~ zsFV@+^1n1Tj%kVOD7B5=9Q?`HXBrU|eH8+S;-&S$B`MTrrhdga>^5Xu$Q0y!)g0YD z*j#REGXh0RHv(Pn(+qnK;IxNwBgY7|)0Q>4_7t!)sq|yrm=2Ri{vfYkbQEVNBb=VP z3~vSw^GH)HuHm?3lzqQ%G+Hn=18KR^AyjIPI%=$1TZjCy?6 z#&?k?5rmsN`36}dB82m7!%vk7z9hz8pkm3AI*M2P-HK@1=Oil%_3V4J{db*{)CaBZ zgRG|MI}3>$a6opv7l^lxp!1lYPg8$*VfGdGdE~QhjE@9JOd`8p2=quazv3Hnc z4j~mY!G2+p^4ngN1B$Q=;TR z$IGs>R7Gqh3T!_|$}E|( z5Z?^=$JSiEjp`Gq#Y06!?tP=r`J200zRdjEv2&}ynY6{A4ux=Z_Be;~Oyilu(t5h^ znfds0ezZTPZCwhuC&Udw0Z(%>r^@b)3w zU7Atf_6fXKN*$XQVQ#lcT#}59v3K(_s1<$&r1>XR^zJ6ITzjI_+9P1m2PX6u*me zU$B@|+q&;-ALTwZAdA8Oe#W^FWDhW$a+sfR8jN)V^^^E`w$qxTJWK2)U9pd`j}8e3 zu=U8(%Q!lD#D350YwVV>vd(e1`n@<>M-C@S`slxpd6|Udw%<^d=hp@i>GZzOFpk3a zUi={5?=B7O06{kA`HE;y?aRJKhE&i7=%yr45GlBkb0QX_)iGY#t*0^G{mMX7SwDv| z4(uisA^hdi>GSD(2)leJdqpRwzx=LoFKUXYI5t&Y z1R?D)&FbZ28f~%4!Jp_xo{ZPvP@VPSZ`cg}k&#q>`o2dX40$A%PiuFhm7}=4d96&? zVc<022Ji-_D=qlbDOI|x7q^<-7=9%?2|~afMXF zr|SeX>PjgLJ{AaLFB$sWK662Toqf)GCr_ZVT`haRQ{qi4bZyJV5E?1J=iyW%=C0}Rxh^_C-5NslYBS;HP`&;+0L!K~hODUz)B0NrmymB3 z$|Ks+SNn^l{V+?PMWjdFM!}9#)Bp!2KGzuEY9I#K0C zmpt4HdGc7E*V3SB%#-=+D=_pq4uWk|y9121QpKMs{EubRW`_v~x^V%d}A zw7nA7=#qZr>HvGfg42(DO_U31+HWM+H{*%sxr-ZD{`E5iOY-;((~G#QZ)`d0QA7I+ z5Wc>4MN1_LS^UcOIZsc#k-XicANNT9S>9*8f5zK~NQd6y3-8oqhvHT~+N<5+P%7`T zYHUN-M((O*rMs#8?2q>38q??L?~Ai`N((&|ZoigGX7#JS9z0B8*q=}z-fTWU_~l;a zdjV1y#K$~+Jjb~?4+$cYNR$iC7miJEFs62SdUN+%@H}P0=p8|+pt?&2n_xA$h_}Cv zJx?|B1Cd_;tPefl`9gs<(8#?b{sez~s9qJG+IOo#am&!gIrHnv*5MzVyiFv29`^AA zH)`Z5g@sI6?VP7wqDk(|NVdxm@o?H){dH;}3MBOY+G16Zww6HH)VU1#Il?lie&p+H zve-gQjpPOTetqpNmGj5UE zkvNL~<1tIacNrcaz^F)XuF-e^(_4i+x?{K?MBRH_Rsrs`YRVUmV8w+Ij@BDo}E+1IUoVf^X-|oq%*KQy~_-awA#_N^u z%NEZQZ0d6stsbM%L3SWCXRU^rQ}bZp_~GJ}2xAC zI4)%TC%kMO!XByzLqWg6Ok#oB0H_P}gwMSG?QRcrnWbo`hmYpCZP}${>QfBCBwp+I zRke*yM4hV&8z>y^=7dio8p`?<^dKev30HH5>u}pv}91)=9F5`kO@0%OwxI z%$pL!KUxnHKGhcw(UF^}8Lrwpz?~vtk1n)|$~k89p^kSIk*ahe-!FtsO2)MN!tFtK z!d|SRcK6wuo?j;__jbw?Ft*}N_1QxuYYcjyj*o+Pn7;dQDV=yCy4I8#TcJArJg8{k za+c?--H_y&3G2+tXfqh)+4qcDbkn&zL9Jv|NjSXc_qZiTPCm*HUc%>+n#;knj{*Hg z3Pw0gvthf``IFlZi@*cnF#27)Q?)>;#A2%lIoz`@Y@p^dFJ$G17ucrzDG~qV&-}ul zUQiDbA&t0g|3CtIYh+0FJo<3!1(a7`sPgV?6`^jgqNpW}%_PZw7%CL$y%PaQRH1j9 zeTN#A%%Z2lnSNo0?>^ay8!->>3hu7=u=J$S9qe;J3t#RRY|VMQUAE`(t39;aK6R?8 zS!l;^2#2w6ac`hi{V|tg@jUJgv~XBc)k7W=ru4YT*X6VC%7kOFUy)nY$$sk@3eqs% zc$_buVYwPMe*#iN#_*vJlMBE6p#|;W>W!>%3Hywa>xx_>0Fes#{CXx6QR=DP2f8*YJXxai6l#NT zqasxfDLgD_&AZs(tj6j5d9BOsj&0}tdU;nk*{CRh^_X7Y4|CE|_nsLc8Suv^Y&jVO z7lQfRud0h$sCWB(J;E{B=N}piFWf+BQJ&8P$E6{&pO9Oigxx-n_l+U!=i|Hw3Qb)%S*SqToK+E<~7sQDnb(--ioed1lQ%2(5?@Sf124Rp#F^*Vn@OOTtw{-(_J~_UUQ}&e%_0EnrDQpYH_n+}rzcqkn=b zh7kf78(=EI{YlS4(f-`zDf8tC6$J|=bS}xp`Qn@9algC}_8Oir?n{Nb|BRUWa3kRm z=y(Z!Jf8MNnYXKZU43M;clVfH!b!)+Q?GZUe|YN@e@>69xC(4nf4E_Jd|FcZ{hIk| z=m81LI;hmagmqFNO7HQyhBc+`8i2)da%=`@G`1WQh0xNQKO&Zv1O9vdkmI!^#c=Or z5h@E9$IejH4i3Lg^n?*IPre&@pL@T1nh>K2w9-<39BG~No#o>?<)xLuVtDVN-<{&* zRSB9NUWQU8+tqv)Q6HWY%IlW7ytZE;C_HhN#>Dz7-fDiC<~BY#V56V;ExOl4nrslk z4lEvf-oF(sJ)=71VrjVy!+{{BI6*cY72sy2PW=gcR`@-^vrR!ZaskKvqk2!}Fn-|1 z-O-1yd+g(I$u^F^lvd5>-(1I1G9UwpKU7*)HeZ3peR(ty^IMs`q$eJKkT zs`IzpIagP+XZNw&Iz2>z1{QY^`rYEGRF_ozo=<7c)=$j^p3d>l_nQ2er`mLG?Gd_s zp)Z@-ZT#Q_2hhs>FGG#w77a80OM9{hBhokjjda0&JtY_^P`rKUYCGpr& z3GE9otVjk~Z))tXxzAp~U}{J08HqSu0{MrB|4nFuvgD2*X48o=LNw?HmG-8bJ8%kP z*!WI2r_|nCsqC9)c%$Q=!8qTv&$y1m{PTH*+z05p-b3OTnLXy6q|m_-7^lLOJ)7(m zt3G|;47Y)J^GV3|m#onWi(gyU=8HT8zU%Sd45llj0$;g&CKtIJblu$q+or={5mS{F z^%k1TKL!!?dP&GLur0AVub$#KSczKuEd0|s)Qej4+=!a)F2r35(j6xEd>01O+)3~R0j?GBF7-P8CUjC$N9W>rXnh?@Y zTi&)qpRcM-fY@Zcn2UF%fV?d~`5Q9ZfXMt*c>}=Vd(06@EvnG=J~jcQlCM|$thr3H zf4RNpvoD7p-JR!BVuW4w=QQ`-DU6&IaER*Kyie3}2Ae86! z^AlK7hAS!EniHoyFX>4L@MLLLq^}A~d%HQQw24JtWDL-&BJ}M=N9PM&Jzg<3Jr?$9 z2V;A#*C%W8`u$R0cJjZFy?u&y^>v@%=xeWXD97O2IOPJ8SGj9Hl`vG841g6Y@@%o+ z0u8bDRqA9R=C3o{u;H{?K1>*=y;ZJV)jK!WssuIuk|rlUI0M5spa=J(cq@HzK9@0~ zSfE&sYW+%kE$1anbKv zvmmfG!kN{t>8B3gGfjpc_5NaBo@{0 z*zcSleP$4vcl6T7<1hb~*Y7IqQTUAi5+<_^!{_c`n86P&{546~u+0q_B!Qw3^Ida$ zzb_U5Wvy4BP7WYtb7U-DVZTw={gO1>;vUV-Yzyz==4IXK7SqE%J*uq+^3Obcg6lIY z^Yzhv3hr!-mmpmF3MEXW_4h0EHjdGs+ZqFy{P{s#AXmVjE5XR2Ylkk8^HTquNny@< z6)Iwtq>eCB_j0)nFKnT1&YgV=?ewvUWxbcz$RziK$@zhnJncqA#|Or*1bSO8>X~Q1 zDeQrHJA9^hb6#t9U;hEY*=vmg>!#8^n@Rlv0s}7L@xAWea%5MeAp!tf;s|^0S)D(0 zvbZ&GiKA7X!gB1>XYMeuujyg*Id(ELpesRl6o6!a4{f`x{u>RBS%JIV+ZL@PH(IS}s z#>0^V%qmx)tB(hwX~#Y9{Xstv>CKO-t3>~`^1@-iYwIXC z^*}*=?`uTK^dyVo2J8|^UbfFmMLyFzQ4wrSF{?auMZ5XOPg#uUpM~X$-P3D_#*Wzk z*|f>bs041KF%e2~ztZZ<3~ON&WD2^Pia+=ikdd=16N)0N4o-M+iuYBo=N7dRlTN5* zvW*!o$@__u{i*k%hpcjgIC;C)+baXG7e0)q3m669U zLrS8mY_FJy;1%9eypCi#%Itg=&yh?vAUNNFdwbUWN}JlcT7jPQseGo0?uG)LF!31d zWk?nhPv~`Ly5>HYb>Du@j3@Rk%3*2>;Y33+^?f( zU9{gLoFP+tL#X-s_@KOv4@?X`q*gyd%4|IKs}V?!6PgZ-K-;0TJLNzn^gt1){M^eE zf8JV|7slK1+JP zmuZQ9@+M41`Gj&FUIO@g>Q#9jDO79t6XKnZD4^t?e#p{)H6n`PkXL<=d6X49+I3%t z{-ULQrZSYD*b35UVTW+33k$y+)%)!tH2!)j&(p`E)|$&;ntpMyFQuKNywfv^5yPn& zp8kxQzP^jW@PUbu6^#Y-Y*Bb$$cH0z)jIF4XH(f< z_55DbnQ`vrp&!rZY_abiWhV_sy&rD|x!pXg^snzQO!hS(p(SnR6v3*6$ zQaLd+ve_(rP#b7mU~&}XU^1k`s_2Cg10UwtJC{EuT*UbLf<5%>6KVu(r;C@K3}u!e zTH(Z#ke2}=K|W#$Pc&$sqt^99BO!R-K3w&7 z2iX5sWhe1n;nC+sjjU1xM_;mvXD~(p{FiU&#AYmsph1cIJ!2WkwFyT@yc;LL!jhw) zkAx~?_D#5m_xAbD0crD?Qz#<#NQ-(kxrO7Te!t%?R08W<(dw{Y^bDk<0us%%YI;IrO@rM@}qxu+I6?)I468IWIl`TgKbto!gv*Wq#bo$Igtz=SWw zZU*BQd?VKTDQA}E#7xey1GW6HZ&nak3T55a*EE3=2vWL*0crG;9Va_pBRhQ!ew}%9 z@h0kA-dh0`eP(uQbWd`^n0rA?}Jc7yXTeoVCx= z_R9c|o%nl*EAI*JW5GNQM@qCPa5BRje4TzEu!tIIWjK3yKz@TVV6Hsi9a}weE*=5| zuGkLE^_tRFH46v;x_e%4(4b!2A+e(`5Qq4r!ai4?4kwG4LzmM%2K*T}4uC=M83z?n z=l<5n^V>2i73Lr5r@BkG%VhMkM0JYWjJf+K2Gm32cIJdH%_5rFlx4y0muk^5Sc}n# zIr76E1pT5p+Fr&!sGF*?R)r4}zLm=xoKB<(Ld8orT!~h$qdin%t%e7qp*y*#X9|CM zddS@6sKGwaSeTnDu7t{bABo1!wb|vF>O<;WmoP9IU=C|hCOPLf;cA?9*$-IM58h*N zx=nX%(xf5X!}p7h^kU&XWjCuyu1OKxN}i%jG-%+kP&DJOx2PwZW;(gZQoUyn?<0&i z_M-#oAqR+iy?z#M@YMyxw*?-;0(kC&wexDwM74|-_M9zeL`QCxI%91q@R|a!Qo&xv zDzc}~)wKQT`u(Zl&T)VF>v?`t>eFsb@zLu^@GPuJx|P)WtEJukxNH5faDHAR8|kQj z@HX&I$ml^b>}`&JuJAa)0@GHL1L~^B9_{7~%{cC$HlK$qd)}@`kn(i+$@?H>_L8I- zU%|@ruqzYD;lqmIeq-(zRf?H&T;5nNQWaYl;NI%2C^x%$?!O~Jb2l1fvY5i^@KD4gyP=K!sY*x~-qH>4DsaH_zgeP@`J3a#HMK>|?b*ZYkw{O)%hL+% zx(XX5DyE+^}l|WeYlnY;z%h*{A8AX^QnXlv=jm5)*si z9=#ZBtv;y>L=8#?XCC6xXQv?J-WBt3)8u)-M>e&3hUxE9d5)Y(B1%X=CJKkD-x+4RDsM&v&b!{5Llw-O|vmzZgvB2%>76ZQui;-|-rC~np7 z^kd?}B!=t*`hlkG`(@tybq1^yf_Kb9V_R;3hf&#ltw6cJ(SJIqQjbRupF}XUX_#U} zp91kgGNtb{j-4+Puj;9r_qXw> zk6C}_zq}H8NZaF?@LA>?eMx3UcIL!VMD)rL6mtWfcngXldvkk;d(gw%*}jce*dwFv z^K?!}z?0P*u{m}6inQ+wgG8Wy+Th8@%|WbuyFqoG!I}|&eQ{3sEw6;2+(=*eA)eA! zn2`p)91qtMW5{H%C!~z(T)6k3=kha+T;@>?Z;5p!E0QVD7Aj4tLY%8dbWzs08IH){ z0X8)*+R=y}Ln>)j%`u7oN}nT?z8~d9_Phu+(gME^;&e*@8$Y)0r6XjVqy4Pjiehvw z))zb5#C#ls`1wItRaJXxqF!u)dbIL#bAFc-#+FcIALf<+J|9Fdl8vNgEp1@;y(Y{` z{c@rUBRj{a%q23UvmspBMlQE$8m&qO)5m%oj`6%lqN&VyQE=NY=Etxnr`NC1F8&goNjD5I3lxX#IQSIddMV+}+G4BkXB4n6prmfAMo4*@4PG zc;8UHni7I8_A`IXTd^jnqX_IgWr@6yI6;e8D) zf_qR1zQ~?f%LO?F{(skO;t&Gks?+(cYF(j`qx^At*<~QVFZ<2;J8xmIxgDn<6(Kyk z>+yS?e&a7mp5OGQ?ZMYiid(S5LmUizuZRw?|{d|o0DtD?ugqzcbl(#)H2b5>r4(Wk|E)EV{ zhx^rizz=?VaUQF^iR5#sT<+Utmv8Me5D>&Y0914a(})vkX@IqVUr|lmTXg#P$)0O{ zu#vx;BnoL7sks#{kbJ8e>2 zQSR`M@x3~vuRs>vw|i$NgGY+tr!^pmluLdsp}>D4jre=EpCM;Fx_n1Rg$fna1PIyp zN~~%dj3ZL^+clif;Vy@R4WA#3m}bDYW0vyRg&}FgGMCnT!O7@m&fFERec{ue(cv4mr`x3 zM%EPJV)vOiBznj5#U5&D{^$84Cu}sHdxXEf?Iit?+qf;kNBMBRn_w0csBUe)LYh@KYS=@N6pYtAd+$4dk58-C%2<&MpmyINQA(e) z<1E&qPxt!XgC^9kN}9fjerdQSz;=0pg5KHtU4>7JYPHlv=fz#&LVXdaeJ|Dvr8C|< zI*D5t9L2`vaY4fCCzjVgQUm}T!y8?hiTv4ct|W|8<0EelCWohx|1@_v+$E-7Z&VFf z1~u^3`q%jr8k0pt{K3uJn1_GW`@5~{i{;laZ~L91ByjsQU%SZok%ZjbA~g-!(@zFb z-vUD(riY!LBotv~pMGliA+k!E_wOQr`c~Nu} zO3&(S%JfsamLtbU0vIDU+7?c=!)kRfy`z^&MBUmk5UGXL&5w`=98?U z_E>C8(#9wfnu`>jPZHr|V{dAaU?X$H!sRF=Spr4sJz69qsY`-yO$gT04}xLkXuT0L z{uqIi*?f#w$#_yLO=! zHEb4|2OQ70^z^ZukzpeGO8O-PYAx-ur`$tyjwaOUcx?3FNnX~?qRndu&)#gGrM7*L zJy{S4C;GFha)8jMJQSCtiYM|09};U0M7*fqti{>p0)*TUz$>!p?Uf;v<4K+R%?c5h6+ zFbj?w4D|=!cJF%2Ve(s)HeG{T^dQ31{Z0NFo$W~uma-7t{N{4hwaWbbO~h=JzOAZ{ zfMqxObCO2A&!Kyg=DxuNgHedkOZK+=ASExj$**YNL&h5Y;jakFMdbhK_ay_cI@7*) z*!$eOb(Hwh;qU=3a1+V)dy%qw^JddG?))R58Ru8zDh&Y>v&1k~ra7z}zfrm9>TUN} zlT79Gi*|u`^V1-U3b(v`f)4tTquw{xv!D9 zJ*6Idp-kG?r3#)Xq1re2|NPGSNhv>t-Cz}wR=^L)QCV0YZLC^x+UlDfmiE&@YYx37fc)Q zo~!0%xx+JJYz6QQMRU~jG515<1N)b!vZb)T0MPR!SeK!rj_OxVki^wbu6s!EhRDok zAWUpj=MSVGZyEz?j1(LLecx0~p>xi%VLzUk`Y<}$wAttPbwmfW!nn;Qeo<_znr>ZIW{1a*%ud-)J73(F2=P?$ zj9nB7VNUr*4;^`drL9_D;`Ywmz7t;v^&aotuw;NPWm3~GQC=Wf%r`m|_AE@|x`56S zQA810sC|~U>;SqvZCq-az=4Qg(Y`rc{0ZQdlv|(2c)X1L{n}oy+LpKA$IjSg5T|Y% zE>>g9Gc7yJv*;%@KUA*sb4MT*4{@o+cMp!$$f#tqYrs_aX;~l&;Ed1{7mZD4DS1xy z)a)|%6?+$9K0en=)PAl^dZ3^3)s?W_22<3#i`S0?By zML-wZU;sulQnvjk^yD^kwKrBXp=HvI1NiDP679W-UGa2Wm}>{@%|1?U*Cmg_<^w|8 z%{TxS6idzK#~vEZ@Gep--{#())8PI1uQAvnJ5|aP_cENY*P7sq=8W@tk#1l7who)2X)ZdCbtPO>CIFG5g}hDL6?b zLe$9K1aoxBMnTQ~LKSid_ZxvZ*O)|mf#9hN_8&==HE=<;mX3@rQtM4uj0dN5$#In^ zm_P6U^tpFOeX{$k#hU=bVob^`IAGzY&Q}U1SmQA+Jnp0==Epct=A0p`|DsLjDe&jfF6+_lLxai^^3x*b z5?;&0%n(J7GsLJo#g|XNtk(Q}hA0=m#`_e%4Z@e-*9{@<`Thjvm6%b^%jFE%!W0&sgjP?$17@(-N*7l3vDLV#-9yGe{H5K z>5a}-d(^^_H5NX!hWdUb5#$UTVrxfkNE@u1+ZD|jKQ$rXTY^4SJ+sZ$jNlyHB-ZJ# zBR?)Z`B6`Kym6rwGwJ#ej&;PoqW6Tk@5}y*(^>B0FKpq1 z{2Ci9j>c!miy{(4ogiIF4tQzd+eN?2H$(nq4>}K$LIpt=#ud12C?dq;t>1GU2CkTn#j z)xE#-^E4k7V(A7wdna;7JZzW zAAh)*9nHM~c=R3*?)-!&t^83>z~}|0DQyyIQOeri+WF27+@6X3oYqsn zpWNx9Q2jZJ2#QAX3@5S1p6%x9pdf8u|V%DK6C6-AC^*;Kv z0kG}3Z)xyi98@Lgp~2Liy&CpT#Rbr!s1r)7(CQe9!uyX$JJUi>vLm%o2RHP_+4fvs zbfxCc%Su=txE-yS0?-LBc|7OkE55ZBYe9t{jcSv_yWn~eJY=Sm;ST1U{0LDaxmN`J zU>8HYGUtawox%C_sMHSfgLt*6I)pQ4>$Xe=@`ByuzX}4nFLh!!SOOe|Qd#G+yR5f! zh@|w5ZQ_o34{psc7sf=uk*oHH%XToPziEGRFFMa>eBY{R+ zt@AqGv>Dm-;q%6TDpT0-m0PX~5 zpKC<0qWAdCicq!aj_;DD!Pb4o>i4EUHiry4h^M1iQ_%NC3nCH!tlF%v?86G%M6t;` zBmtz_+A~@Wt0*S*O!~d8C!f&abcke8t)4+${OmopzGDB+*)8VgAK2`xZVe4~JCSz@ zVz0Kbp#zyMIR}?{A9{HH$qJ9v`n8B3wvk={i1XRd#@ksW?Dy%9B#NH-^=s-?yZ=Z!uPsHPAd3DHNPYx~5=8;=4J9WP3BuRUp=YgLGp((NgnR2& zo!Tcei?zv*)p!jjfkqvA|H94uI-bt&*UKF)S_6B(Bl)>Os$D@oo$HokFsc2`GtD=jlXB|FJb(i&

Y^e@8jLYaLz+K{uZ*lqAs5nb~g%B9=4{HR3=wx{e1yO`^D(?Am;l%rr|?c z)6WkUk)BfNQ$EQ47@HPj-;1Pwv(wC3w@tfOsrIDx)YJAow5hvzQlcv*3(O5(r6F1p zg3}Z9#(g?#+ECupdHdaxkxaU0UsatGhad730kgT^{U-Dl1I7;zp-6u|rsQKd+$sE{_AzBUjyrtbjSdyy?({k|Xh)F*FibDJ82chJox zK3C`yw?_BbpDr`O*E3sxN=vZduoV{>+FC1$Z+kxL=k^H0rZf#NtuxLq2}!LUu+33x zOA1tx8*%8Cv>KFHUJeKM9DehMoHqgo)%p`{Ske3r`Q%5h-0Mbo&Uv3}y6Sf;+E2&c zoxYXZ3z+lfZSnnm zil@xeVKMx59DTKAxj@G_c^(y0HNq;K;pU3A=5ug?U$F^1!UM#XU<-bz&iAtUY+3m#fI@{U>utP3 zruCZykk)g`1G)9d-Z4N>%@^VG_SLsT z?23VLV*+Y73ssLpN`&lJD0d$q2?YIU#Ipxuzi%ZaKfl;+)V+>BY%!N_9-KCO)q9}@ zM{(~*vCL|)FiwmdEN9i?N15^c0SW=6(%CnxxK2f6U7XRTZIqPK=KQ&HAB8^Fo3f2q zLk$bxsz#|pORBob`n1#|A07Si&s{Ul3D!zZfwqSAWuu1ES5df5@l5AYa8>*rwd1V2 z<)Wa*gIz~2M_SRzHNaiLWl{51dGX3T4u{4;@9}Y@P}@!P3>*%X>=Bl$yulAQ4SuXy zg85ucCW?nYs69C2zCBe$!EV3amA9X@wD%D%Y+UY11(gcl20C86SeW?RTRy#~dmvwH z?!!IcK#y)$yauWF=M(gcJ90|fsS^n#VjNf?q5G#x>5;NT~lMBosGF9>GXY#G}M2j#{)q=!>iB8D9Y9n z!rj;0S&+{3@odpstRXagJQo!tO(Az`ZaC@lN z?|MjcJ@}x`mA!MsE*IY#-uMgLYTgGhS?HNOIf*9%>Ra+aVdyeh#K&6P^9W7d*gM zf7?g3L%HhynepgCou)>R)%)QhW-sDpv&qP@JzlH2NYh?#N*WcyjkKLjE-{MoCW&rf1$eJ=-9OeDDNhP{H5Rv_V=Jy^ZSm9Xk?8R8Bs z@P#uyX8Xu+Rew0PXv>-o9Zb0NoAwFzLdn+T7e>pzVrr`9R4*l({*FkDNKYd+5ZYD7FMHo`&?V4-+rCQU_33LaTO28IpdJyy z9PhXLu2xXj%iCpWsozg~ytK(tuMxgw`vF}^!1(u^_%F;{?V4fgW~e)E4LB4*WB~G2 zL|PX;iw3ldzj`#>KdCou4G27?=i{qc+87VNJ*<%-#|P52 zggE%AQfO08lGc9PR1~NWWgpMK9Tc!|P?^7;0@GJyfBd5hy#M#7KoFKb&3%-=v{lfP zEHeN|U4*Z2^7LEKRbkgu@{s%~L-(t=B|c#0qFQU--*(*{A$BCO4?@?hq0`?z3%Snh z4ZtYuv9`S8@<9XH^4XFxuhKwIafWz7Rh_Ss?>$hM#NuU zW&Yw@s~N>-_u%wF^H{pztV8?gkE-#j2l(S+kMK&ES_FIfNiEV*DpIy{l~;a;OZM@8 znQpgCJAHQV$M(=c^F=21oGa!zxlnh;zp$TMcKC&@#qTaZYCOoYMM8Hn6@n&x3?y03 z{dhDzecTB7A+MWh>k@>rDt1v?9N8Tu=D~nUAe_~l*cTCB2qVVpn3R{y7Cu*jG*dL= zfc}onm-~|BO5Qhed=c@y;fxsP^%4*zxagGIIl}3(DW(4SebqNw)nNWM5~xffTRbk^ z+eliZeW%0aHV1MMH)@z!QPVD?6Reqs&z5grH=*5R>)x$*%q~A6QlV(5t&0r47m9Cj zVC%&BH0bkw72~Ii%C87Kb94A6l@dobn=$pUg$c z_R18hC@^}Mo@;Z6o~|aHitTjbRUp62dO0Me%m9f7^{~Q-dnRZ5;cTgm@)#J3#eC2v zCxB7=D>MN2=i@bDUlQvSpW~-R8k7HCkqH`$R-CwSlyC0k;D4w#E%y%=DDv|5$8b)c zusQS@PQ!JKC3Wr?>=*fA_ys%bjlR|d1VADdP^j6wiU7A2n$}DuCW%=8D`HcSE8?AB z(>7_ozYFt++xO$+ajm>OzhUv5|AJk}oORI}Fhrhz`@kwiNpXJZRc-76FzybCBj@Kz zpLDUhomX=}yy4`oxaddy6R>Jc&4HJ|vZw9#SPK=<<5xjUI|B3hPBZ(@J+k)eB%fG!ZGR1|6Ui9IaAfPJ!K-W(tGA{ z=u&2e$0~$zeVczw%)EifFzs|d<0!y97UAk6Qn=*&FUY=c=dHKbj}aQi%5M9ZLwDqv z4DHhSrsvf`&i7(D0GOQtO~zmM#9CdgBWTwIes#C;x!(%u=yhU9QhyyZRYp$wx3}~V z+*I(>DD%X_q+Lz!P0h_oeKmrs9`eh|k(kg=NTetqm${#BG#KN_?A}l;-*2TKZvJ~H zKGr$fUhlc%qcOy(&&r+pp@2>GTJMT@lsw4sL zJHN9FEZR`C=p@N$I;AHMrSM+c2i({&#H-#O68)yoaA79|vcDPyIo5rNpvJ)^pMQnI z8-r4~!{E=1adP#;Y+XqxJiqcB2G>i{I_i9(y!gByYL0E&i4yl&@{F$fSf`}#=TrxB z@?}^tC8Fral;97-K4K7wf&(c(x|Thtl6W(2j$PS=2L zpZg5^Lc$(m2-rc3ji12Go}I?w8kE(zPfnq-$5&y{#Vr1RE9jq@>DOtQIsPU3`xKBl zqq9`^6p^!}vbn_=uzyZeyc`KOJ7sN6al$>ta5&YcCOcR=K(K~YLTwdI%OF#4~gKOtC1VP}S<^q+Dqo zwrZg_av!R&H~3+uRCt<-aOrT(U1gj28N>cHy`V+BR`)@7;~B z2qd1nfUK@ajn9^{DD(Meivg3(hd%!tf9F*Y`C-eBpD*lNj-fw}URcsynw+O^cErJz zo-N9G{$tp03@Kn4o^0xv{dHFmN&!)aa{+fgO^5M_HuI$gjp&KQ_QgPPdzuow#jn8n z!IF60hPQRrTLJf_%6)@V8D@NYdZQg34xoh5AMBR*sBkLl?k3L`gS@U4-i)7WUY{?f zi}p~`Af#V51?3dqU&{6xUlBebPq?o^JpZa5czE5k_}RRTtumOWjk~L=C29(Y;k*pT z2>mSAi*p~;#JSnM%Q=tVfNm4Hv7!X%ukZ-fWILq3{zhI@93)jgVf};?CAm4=>N}0T z83$L#JpRgVH-)j$cQspTi$=!ea;VYIJqWjwWI=PsqH=51Q%sJ>fCExX@!UJt7rty9 zr?lwiw1REm=01k`7<~NVQ~u)jS5r)i_YN-@*`w!c+84r5NKF3aiFQ}(dijaZR|VQo zWx`xypFEP8?pm4sYzu(6QD8i)a|Z~dq2ti(mtcAVM%|t590PKexmc8&RQE41dEQm{ z@%!YBAWX_1qj9VJGvE+V-z=!Gl1Jx6fMC$O3ncjoP?hk3_CP$c+Xrc*#^Nn~ce<4g z`m$|pQyi+t!u`6+aw#7V)6w2nT;&xS8v*5fHiL$_tCMn`E`GY15M9CR$9rBbsf=T` zbG-MToG12Z0KakF+vVVgR$r-xK1$ZRIoGFCe!NuhfeMRD^G;mTK40(OwMQ7HmJm)= zFRKyC{T8z4W*^HK=ciAf0pz(EPp;rG4D9qGc z$s2~-{o6p0#_R>_P^Y@LK7`Ejru0aay1P_$kM26vHhziy5D;Z)ctg@Or@fSE#jYXi_G0!GHXnK!^4R*fbG$UEQT z)C^@cWRODDJ?(5}uY*F3a%J|ds-o*k5F<2`_Q zr0lfqZ$ErhGoLrwe!!5Be-uc)pzk{XIOIH`e6wmf6T-)M$dD?0m=yuBS@4-yEczGG zJ>vwc#2z3}u$sP|@deM0pPxs4g6HWO(<6{`M7wY@$%74QoD1G#`H%@eXy>@BZhrRn ziC}E@3zU^*^fUXfyG<8#pMSqpz_0rzAm!d?Bz13gQr6S&vbK>wxZ>^5_TAa;iPrHH zXV&$AT|0RYaJA0d8=YgS-scruDi0q=?O$J8ZGs@=z?FDE*xD=(*PikA;5?oxKMP5s zHV@!ZI`LN|4b7!`KCw(wDAD`C>i6%lwNZ@ZbRX-b*D~tPE50GB+BlMXW2%=z&=g3y zp5PiC3$QnK`h)@Mxcw81jG$X=blSS|3&t&e|-qo2d|$YuIm$^JbOI# zoJy8s55e2=F-%JIJ+C>vvk=qYYzNV(qBYJpEf0}hy7j5bII0ak5 z)Q`*k%x?CCuD5TBzGIVuF-D^A@h>njjlG$3usEA0^{-!4w)>zj>fo48)0>{Vs|f2k z-=%-O>_qd0eYjfpnvsbK-Ur%X*7V7F>EwmOouv{DLS)yw@(w-n{FN=ax%+HEwZy^! zcE*%NY@?IMf*gZ*h@+HRz^9w@c$w)3oNUHVqLDujj^fybcY$I~*G-}PJYr~32SGV5 zCsfIudTlQip?iz^8Ckf9TavgJBKllqud|N6H0JjC-k#~hfOhA%wR;@oLrFb-(Lo36 zrWQ21msGXG-2cIxKF8559vZr$U$K%!KltY0s+C}K2Is9_%@Ab+RHR9qhE9u1LO~sT z%e#AjKgiANI#^?!^uEe+`!H6PAG$wc!dB;xaqL!V_BXdYbkdIYmY6@bvYRqw#RD7- z<-~EnShgFC<+C`Qg^bjY9>0;OFe@F#J6J2TQ3GtyongAy<1Oz;hP#yh9m1(>@8y#= zKLw43Zwt8UmKU@Vt_dcHa%l6gV(C>RH{Zj62 z{L)$VK>&T)4lZ7a&P;s4eGalJHUCrPpg{!bKOkEeHnyesh?N4S7+a#;k4r~CS3O~g zfj0<8Iylj@_sjQr8gRa-sF}u(e|r*HY%9bBH~=i7e5A}7#}s9!Qh;v&sIIsc9k!4e zki;j~EX(9u{5~k4>E8AH;f$`{z8QH3{Yj`(ZZGLh|L9!jYu`b#J~t zbs7$yDkcx46V#@@tr10jQobM$Fb0D{&pRsUfWViJ^|Rk?a+^7+w|e#NLn zM1ESvh5kV$mpUFSBb;lv{$;YBdw5=*p0u~snv|1r1b1ruIoqW>J%9~9+t%sy{-vLTkbO^9 zp34R8i1*up%@E>9?17ys-FO{BQ`EXiG;NX`d)zdC#3F2&zQMp33Brt;$s{SXZT*#3 zzS+dSoD3)CZl`lsA-xr+2NETVGmyLIIA-Z54D+n6g;dhk{Y#UNz*?syy*|j)h(9;` z;p~I+74+cAm_zHb z9POAS?-m8^z?WFMOZ;i))8~13ezOiZ*5Rn+kBhrT`oebun#6SU?6(o`jni9E_O-Cm zx_VK7a=+m++Q*P-*A&&XM&xO}Bzm|7ez@*PL=~$xpGWks#xu00l3Lj|OvQ@|me!m6 z0C5UHsyZD~J3CXuPly-pO8pk<`BAQkks;-}XY}JfHnRef1UMT4#7g<**X=G}6nWZ} zW$FtfxhDko`yKsYdgM{6H$HK{8*Mat>>qBY4hYz1g`+;5Z|BlysH%deE6rf$EcV%hf_N@XWS0KMg1Q~pZkydX`Eyqook z%bSkHFxb*0ESwKyU3!ara|WImJ~UZa`Y@A{x5JJ0srLmvJnwX0^sm0?RW$6N+rRG0 z2;SSD55UZo04%okg90Qdd*0wr$ls|P!6er!}U%BS5#=QtI|>&N2e<(!0gH$1zWT0=$Ub9akLwqaq(RKJHL z-+7_F(heHcyH9|mfs49ui{ed|b(KzWPx|u=IQ?igV6H32`zt!~3bkKB`59GVDs2#2 z;!*S)!jGCqEE3pb^@g3g-@&gCWzJAH-)N>Py`R?Bdh?e3$nP+8VTA{?DCwDp`(4m- zWv4T_;h;I2(f1WvXfV>H1@~PGoMb}{@*Hmdw#S$4cOQpIz9&I7>;Bkm&FzPT5Bf7s zC6muHblo#aEFt9+h4-wa*JUwQWA&o&M?VdHvMK&1(x-y@dH(^s1dKHQYP}zIiw|Mj z?DP3e64rfIPN(^4B}k;4bGKIO$i7BfUvoC-L%`OEotM5J^x7dpufPM&;ofO+&(D+g zeWkhx1p1mh+JqaJa1}Zkgk@9MF>|W@{g_bH23R5-zp=ZvHG~77^5(#}klg5V_)&u3 zjYZ@Krj_H}R#q5WeyWZ5+Te2;@|kFkO}f1kB%H_dv+00y`T;j9J@+YY+{d{IS-%Tb z68M#G8f2VKFp*@Iqb5fFc7-^1l6B%C_tBV31ZNJ~k-nWX=GvSNy+oO&I>L&5 z{9g~w{o&R3Z$w6`#@v$%ckmCpgB2eO^r$)PDFhe<6{VV3`GM|6z7D-CV&Az%9#C@M zMIip_7m`AL^j9?QY10XXRa!d6Y)t7!vllAV@rf%gdBF>2BU%b6ymvobjT4JT{WWQ) zMTw2%(s(^`oakKQUh{Z2?c37M)N4O)chr~ef4`CFqR997X(D&|WE4u!g|DEJr6dA6ZaU;oGWSs= zv2+^Kn>s_KXR!NM)@nJpk{-QnWAysG=isgdpmHckv!D(0o0wTR2V2F?7g-V@_u>-b zgG;>LS4H8?hiTx=xHn^yU5(8|lQJFVi{3Foa06;=2ukX1+zx*t=WJRfiYLz#Cgf#( z%?8{Di5CKTBqn>bl{{|dVNbBD3||WxG+>~dL2%7o0X!qEI&#tN>Iy9P>Uc(f{V48B zMMnyY5`Dk|-){B|bAM(ZLEe79p2**z=CZ#y^-+l5mYQ$%;6RCe8u2iv^ir`_Q~8goge|Evi&EOB*)hyD|$>kD!(VegEQgxmAwe1&KH z5HJ1wlmo{HfW8my=w_x0nocq(CdJoB;^9OGX!?}kVjklo^? zBG+DAM|4+0IkI(AQWIjru)2W7x3GRi2{P$38X&Pmc(u8>P5kvp*JEmYKCF{_ z{fN5Ck@xY9nen291$6?56Aj%F?N;Y{$US4Vg3eLThj-@Rmd{p;4dose8aAxu53>5^ zYIJ)_;AC3WsLE1l!Dway&CM!OWe=561V(qE>V|R4&qwujSyb{ZM9(e zlW@92y?eYZb?_88Hx^){v8t2kEX;SKLku43-{QFriib5bT*P8ER-TUAEmyAR^42Pk zD7Z7Md$1HN(oY{EzHu?FK)usq{zOYFRWw@1 z{2wtT4y{vIQhm|W2^#NX<4NsVrJ}5j`y$g74jk$uIxGfwwspQb($nIJt?8O3jIaZ} zG=6*N$akXZ#x=80CF&(Ol!E|(;tKNWS)AYMd~`Ln*@MeJ=c@QhLX;TU#@RfU2HBtG z3Yyf59posRtz8Ord}yb}ERN@hSSfi6uA0$^pki(`0-6Hf0n^@eDStZs5-{pZwc55r z*Iq2)aw)3Ife_H_|3!O_r2o#^g<^3`Z9jc2#{*9mJLpQfWS(aCoOd(asn{*Nq`#g4 z^8Q*9fso)GX!azBBLNu1#ASPqr2-!&!GiOVnPa_f`mq5&A$lC2&qosda4^@Y zmAHt?FI#>WxjZC;Lf&p}Msb!AnFZ`&!r~F=53*Soa;+z1_cCt;P1T> zan5`5$vlNkI=nJe-UXRnOdddx<9_nh$YO8y7yt;56DSoj3I~GE^ESF;Hw{IdJgT)v zWRcjn1I5vg%ZojnLO>Cqe0z6ZBq;}2Gpf(xF`*aEEs4%@7BscLj`9gw_PfFw37qsG z1mO#;LYr%bcuczT-acZb5xg?fRDYQZ99^?OTo0AJrzlR~iN4hlldisxd4$J`#{Bb`Yv_WazV_Lxo@FQsWhp&g)%R?f`)7JkoXA^g=hA_(NaL=*ag z^4FJn+IXgS(1ijvGyz6HnIv3ZR`glvUQx8*lsc3(Quq6Q z1Fuhav*G`)?6d!@J*xI#|SDXwQ322|s0M&^EfW_q?#r*s#tqF*Znt`dV;ZpFWUZRpAPSr=*)D zA~i^7*9@+Hc=|W`Z(Y4Yg<*t{;nME&}l7$a(a=Sq_bRRTVEloi_S4HDFJZ$IfzQnsQu6>y*LL8s&NC)Xvh zas6M0fQq|fV+PkxL8lmT=b;%$*^}LWA~~^e4Z?)B_eYrThjO{h_e*Q=`|VBP`il0% z%>&k-gB|I~ekMLj?P{A7!1sZ_=zc`eVOpg>CN-$zN{N)?G%&VD#qW9b?Fem^=X_MY z*Y?WIyyQI3ys@_yYhRL)Sa@iyRO@5HH6(f{DWD`kB4%qlkf9&LnqGw zji1vrSK!a~`2s((8HI)*99;z$`9hozb8#3l1MOQ1eXbhwW1<|eHl#uZ>M3~SJ*~gq zrw6fG=vIs#^t`$qw~ok<*J$LP*nTJo&FNBNmurg>JrhAr>+2TV2SI&Q;C9)+z)4+a8_au%=5W-tD5PY&a z2X83Z3m9<3`{<|#eXiIo$iT?Q=X#Hn4~&mYg|+w$mm)aM{BeaTIQy%GefMkWw{kME zf1u<`L)k^9n+w4)i+PUOpY@0;)ISw#(Xy(@Jjsyg9 z*y@6?V;|Z(HZO5Wu=8_zERIxfbBsCXLGb22kK+aSAz|t>KhYh6eoN}?jhFbgPd?rJ zmjI&*g$Uha9doaF?~B9#)~Bf!(tnm<7s%u~2O)^X%WiI`KHIfX^_(0eOKeU@<#e{P zi%pp2xAq>u`YaH=uL*_ zplprs_X@a+aQ?hw`tU8A+=Ouk^)eymDL>X(aJ|QAk3q8Va6vNsV060;p?X`6>DcO> z7Jm6*JQ*$8@H7OgS9j$jKC9-xzJSf+S=u~_eO24J=8+#-72EZY2gFD7vTSe6!93lw z?vu`Qp)*xjVMAZXnQ8a==2%tTSkBd8MN|vl#u6-<{b5&lK@&{xs1vu7>cA-H@40$Q zkas;fKCEjA+1-z`gGoR#%~^jIk`26U@hgeB&bI!7UaqI>|6PpDBT5d$Q)0IyeZzGx zC8T*f*8<*}r&t-IAAN;u5YtZWF&=6>akNH3YUe#X!Ov;D(gggMg?kN*9g+ct_s;2U z2s0YZNS3AS36o3yMj5x`iRUTr&-sK9s&>R|P=lwKK$ZaOpf0vwa)T*Eg=WU0|4OP& zfri;5o$aHl26dn7x?(j^kMD{`R!X?&S7%X|kVpu09@oxlY{yJr`RX+pzt?_j!>3)? z$W4(GEa450XW$0Td{5bBh4Ur>hBq7y-3&x;mASQK3E1HJthkw>3qLlmy3g%j^0(;+ z{g##aL#ISYKju|B*~xG4_{o!YS{y1!Y@Su{eVwX`^AmR6k6U{4xIPW#@`RgC5)TLA zz_R=Ohn5MeKFJAqrT7D$I2xJaxABU^-!eece0lyLH?KQ5`@uwS2z%byDJaqr+9pQF zjdiO~inSq~7{N!Fg2?{^^Ge_Q{0uC1L#Gxy3 z`AhOXGQcy~#g%vI@p^X2JVlpkO&*F$KKBQlbOraHs%)I|F$^y7@A?M>Q2wv-(Q+M$ z>8QoQ-|qr2{eeAG&W>OkTjL!dy_h?Y$*<056v@!xWV}i}+`qq?)yIr2I5GMNhTH8? zf5I|f&BXFJuCmrsIdoQ)oDj`CmA~i>1?T-705MxJ6Yef`tfUL`F20t;Z=+`2!SJ=$ ztwUj!c|9&*Rx|V&IS#z1O;>Pd9)@Da(hUIyik?!)zXqwJGL!gVfczYTIJpZ29 z^wYsBz;0Xey`lJ~qX)r4B%$i^d}9c{{{FCTu1$Cc`^PZ&R@}D{p_PLYwTH>xFBAhi z-$q{wHfP5SN&5H3vs(VSZ~L&2R{as)46%;>6|ZPXC^Dc~x&KN#e^96c8RYGCCL~uI zEq*vztx@;G3O~6+e2QU)F>#cd0V$nT3bjw1*JKuv+}bblIDV|+JHCe+8r1qr$=fDi%?`HJ|uwV_^7>r{LwB9~IRYLS6 z(j{jGES%NB&bu_cb$*#Pylfx(cX<5Nao@xH_X5{Va4p5-`8f;_>51RwEf{A9r&7Ky zG~QjOxzQsAu&+oGH=4DqhP^%R z43YYZh)OhUeKu@3og0t=gK6c;!HkOH(+7n7o6Otq@LUjcklQK8%fcV~# z>u3<(nzk>cybHJXR~69_?%%F5Bc@OXL!Cg7W* zj{ISu)H@B1|9X$|ocDHI|FzBGGX)0Bz$Co*us88UDF(Q39+Mo;*?Nu=;JY~+80D^w+=cJPhGqGyd%8^No(G)Yd9^$+47eS!0(#(~eH`uo!Q%Z+E@3=c zhFliX?e}2hXc`tW#>D8L;UQBrm7pPOK#89^J2q?PDnrbu%KdKiS98#yVkq)gp}dv< zL=U*1Aq7i=Uw^(klYRNvce!@z%K7}}M3k#2hak3i?Rw^ZIXvnqTBbd{APUS^zN{Yl z{KHF~3FcCNyEzJZ#truKP=&8)ZIjwT$9c@YxHbVUOLBuqwV!}$9>sNEa-0kfW*3~v z*Tce*qx8gxX9U7NGi8N^*gX=Jp(oA5)0>X_W=URkBz5-kB`)`2CF}O7o`&gfg`7PG zc$M03-21gL{m^yC=C5Z&CQZB+(K^zbSPgS8Q~Q!CD|f$oIsd()|GmH{xaH50?pA`T zC#_#m+~ZigH|~E#)eIG_itCqxwXQGrmNQWP|BAxC!WPeUF@Kf07pvN(VNvA7F2G`& znDt);a=QlW$r`;`7x$TjahsqG5yOMwbalO`keIw8J%}ff9vX34;B#-eDFnWJK zPoAS)yIZuK_L0^a3v<2P4^}+TRq!V9g?Oy^*0tvU`l8|I^ZiKZEWN*`dNQYB8~FWL z?neYf6JI%Eu|S|b!Rn6DOX3TUZM9=aFGTs;H`dT6^??7U)hlw=B(G|?rdnwDS1!IB z;T0i@_UZdU)3I1I{r5o^7opgP{rv-62ERn;h$oiQ)k7!l#pE%9BQ`7c`ls(l?Q2nWRh$Y}Zcqemro<5gc)NF($qSaQGuRBG=cTB4!I8yxTmX#<(# zk^Gbf0&n|}u%Gn#^;&vZNBOZ+&r}}jUkn)tK7aLbA6|tj(&$aA!z1z(5}D8W^^->> zIr5*$6X^lYm-+@uAeND4lZ!OjGYM%u(!If?zsEn)f@$q)C?SI_JvYW0_hLgVM2 zdJI9sJL(N?wI|uGhh99;{`b}P6LFPEEW%4blk9VvV;ItBJC}wsa^R5YQt7^?7kC-sZ9LiQuZq=B&G{&Eul~3o9ee!+w z{RsQ*sl3aFBO@o@7+5$UMxX?B8YAbp;8AkE^OH5$wgrXR7c3x<%j9?n%ZShr3bB*0 zvKK+WHr_`kBxKJL`#tQ7mfuD`%Zf&q>VuGJc(YSio^-nXIBw&<<831K{ipk^owm_& zLnQa@C@^i8d>EhHCGsk7ktz(1S$GwNQspYvOo2O^p^f?Laddn-L&Q3JA!17PMJT$n zh4}4*QAE8?&#!-*zy68EcVv+t45V5rtCk0Vvlrxb0)IY#!&B$@a<)Ip;0yvrdOdv& z<{lCU{h8#Ce%VtExLWt!H4j7_euNL)As~5f-dF8}99b+n9$Q{Tou{j0)ExMUsn&F7 zFC--w4L^gT)V{NvjQ7hHKjG`lH)qn0KsYqo&oz=Ba5}Ec%iV-UEM9QxB$#c}$UG}= zMc!zV-k$vJ6jqq$gsBWR$5jAS}00b**-Yfx93fSh(wYxXdYX>z2u9x zoraJ*iL)(dZyudT({ik&M=KQkz`P%8g~}=1EFD2sn)C-rNjW&QdB2#y;ru2~u@vVsS7ofEe)S`)`TG;0xOb`D~6l*PKI!vYRPep5aYjM93-M1R@9I5$3P< z6BT=3tOVcBUEXTx4E(R!>WQ{~tJjfJxYKV>z`-sM|B_Bn2Cd3$q!I@UIrBky&&UF) zy6(WOg_#NEoBUioPC3J#9xS=ThC`(~`PGB3;eOQMXPpUw2&v_1k<5a^>rl59Sj(89H{gS+{KN5+z#IsV>m%XWHUj=iMKRUg2r4ZWGKJimpnPa~jI z^$@>CWuo_?B>Qw96E_shh}X?XmmfY~jpYbzJs<0oJ%uHv{91Q7htm5+@jgu5$7&xm zn2bzbLm}2CPp@9O8by40ii+t8CGhKxu6Upc&;tSIBWxw&p-v@U_$_`qM~dXyle(18 zh4L+|D+w8b$}n$UTK&{}aPwtTN*kEBv!U#oGO#CHJiVacNMI2Lu7a?{N zxQr;@@A4^;t5yeM)x>9CR(|feePUpP zx!v#6>{jgKs&^ViQFMsk0}mbw3KdbSXq8P|NzJVfa9tlC)zcZAFLPfvnj^pU6=Uq< zPOh^>MQupU5AT&YO1S06`5ZYFkeWQRdJ`N_myKdgO1R$jUzya43)k;&b!G0+^$;&j zX#Bk4j9wwfQJ8gux)Q?Q=e!b;cCcT?7i#pgoqWbAp{BypF2*i2RKJrc?3cSov_Z4R zoVvh1Cyv_gJ_*lV{D8luwQwi*gcsZ?IIz6ooOdPOPTsHX#XKDmRjci2K&(*CM;+ZC zcG~^Xn1x^MxwLI_1kB{op1_g9J0zsd$r~RxDV#a|$t4}Gwp3~^?+D%t3r40evtAge zm9g31>3odetNBxn>mDK8zUkG?py~Qy4Ip?*cIPSOeZ4deFUicpqbRH0TMcU|`%W|! zaTt|lemgJ1h0W`4o$mJVzTpy;dT~Q5zjrb!t?jBy9jJMA9r9vrfj!Vv-`E#rNK8-p z4XAZDxXR;Qa6gs)unBD?>*PqE^UfZwzOaUGAfRCG>lcT>q<z?ZttG`;uC9A*2(Q z<`Q8(H|i(ey3qX%QuumuRGv~IyAHlnVPUTA2a%Nc_*D1#Q+=zw*ge!M-kCzt7RUV| z7zv|XVQU@`NJW@o`Hbu>sXxMAhO(^F6F@p}%Q-$bW#TQF{{G0#w9Q?%=B6%c3Da7KmC%1fFYI@CK)hkZdQNiTyt zG7lkx1Dkaw4kB{b(4N$Vb44oEerjGAiTk&i_l2XnCfUu}N-cfeJpbs2IC$><{7XvsiOalO(%pJl2hS{GJ|4sX(xAJw!z&`~S~ zFA8Xo!*_bcTW8~IIr|xv@0YiBc%S#NqEWQ+g*q#(=>^UpvK<;}n5RuBu1^-GR}fMl zzwHw--|fXuT*80@%vbGAZsf(NAKsw$w4En77n_1$TSV^?@H|B2A0VIjhQ|kUx^MJ% z1mQD#s6A1VH>AB=pmhiH%cFFaTzb)9v zr!?Ptpfq7_@R=9-F_I!`XV&WjEjPE~o_}EV<0U+E?;_UIu}O{(U9 zyn}LqD4qtOrH&p^_r-BGlNn~y1#**cXyocj4qg7NnXe`XBfzXBwYk!qV4Vmrev8ey z5n1Ll?ejxKpnqfQq^uviIkOqIIP)&ol+9 z;E;rjP}TQ4F{kn#8vgi~J+tWR3{WM?vfW_Q*9(1Bbu9^2;x(D@<4Z7sOUn)7nLNU% zI}Z%PYk}^E{Z1A1BB|H-tW93+Llbg|-gXkO)jU*4e-7sL(UU`EnzS{W92xnW(bo<&eMf zpJOh9=m4iv+Rxf(;q5ZO^Rj3+jlZ+sJz~lhX3w6CY)s5*3jAN<6;#hbd#9aSJ(p7D%3PsUh zqT`Ver4$K?H$X5538lXNPR`XGWfNf1t*tWv!tr>)?JM~)qieoA2FUDLlL(?D(W9) zzgj^|0!Kbefa9|;ZhpgpZ?UYG5(f)oDK85p7lNgKhb2rL5t7~cJ7y9X#P5x`QG|S5 zFB>J)qrGhf47n5u_G7Kk`N$N5j0e|}y@l*7?HtcjKAE>s^J#HnYfB>`$zblIz#4oE z*fw!T;JSENfysOBCuaN?lRad!-NoI(h&>eY-jh(`a>6${z_lfDF7fTCE~{|ZGJR5a zcS!9iu^hpv)E^fP^&dK)FT&6GX#V1Oufs=@XzGu|iM$8zdJAS?zBN9nuS}k^W10*RS*8rMtS?44&9J^i%N-RLW8t+0}1; zEP~n+p_98u9qi?d8Y*eB-&b^NgwK34NMDl8t$IDHt3xBMt&V4b@6j*DHR^2h$CP${ z>CNHQU#Wd6Ch#psx7t%ei0I$IF?{=?tYr~=_$r8sPN;f4I5W$ z&o`^5gPJqM9R9&0vNYd(PmwVF#5zZ;cjP!fafNp(LpUsaboRZr)J&q}b{l=VE`hfA zTs|>1xp#dZw)f7n`rh8>gfD(j+*e=Leb}u@gX5X;Y@LAH{5>I}(ASL!i3-3m{Hs(; zyt4qHa&?^P^f^rV_ZyU!-oYL65;<`KY3W#dA>B|j-wVywLFEGHPqe2Au&qS?n1Fr@B!3PkC#+VBjfafrp_}j zm7BFA$+cOXO(Le}wFN-!}pA^MBEVU=0 zu0=%B5Ap&BTDVOgFouEnU{x6Py0APs3~)yEjwS8Vo{>~r%e6ef|JPTZfFgwbfVF0q z{(aFKi*u3LR|@vP;8_X48t^oAHsa?j3)!o_aU%RvtTOvHjsKK1W| zpR_0pFJFfy4gQ9!)+F+CX4R@bBxmMaivb+7SQ`}0x*B=HbLNO7U&gb#$%IF!XkT)u zcQqd?y7%}TEok)Q*AOA!J|6Yjyy(ksS`YBd!T%5CFVP=8%k(+KBPo9Jgxf})>wkfu zT|=a5Dd&lsB6r0wdsa_?Sy=9UvT2WAo5Ih+%26FZsNRVyseRFzdwguJ-BT6lD?#$* z{WbEx`H9&A%A*)0GkJ+k&r2dm+MQI+eDc^kK@YX`{jf75Yasw0|qN-cIcHrvar`!5V-(sST9$5-@*rVB!lQHzej3-*iN@u)wF zrxbeAq<9cLncLoKwY+FCC*t&F7EZi>CqS#aW6iG>vKWpRRE;z+SJ;+2RYaV#VfOt({-zyU}WEhibSM^5j zHLQp23PLy{)IZ`Gd8<5-fQ$+r_C8)~%{`4U^*0J+B6^j?7se9#nZ1dU_a)~${e+iG z675qT#l6dXq597Jb*YbMvg83KVz<~93Hp!@7aMMaz;~4ukUrbjhl-sJCeQdWQVCTU zR!`eL8ju2$Pa0KA=k$DQ-B9S9&JWwcy)NIwjUjuB{TvdWRlp#j@0TAGe~y|+w6E%N zc8CQ9NGEg2n^LV2sx*#M-KcH9`9;&m!N!vEq2}skzHhH4;lMtG|CU5tadkFobQz@PF84eVi8 z1J$m|r66iA=7wJDw7 zcP_xzicF^@V-)T}On_j+;*dvi2y4duB`MFNOSKvKXUig)=rNk7YyGc-=qxAf(_aA>mA%z! z=jeS~t;uDjqp&Rv=l5=qe;=pQ1L}z<(~^~%kL;C{J&6Kew%Vg;N(z9#m5GOKk?~0s z_lL~0ulOUJ))#gfYg-D{bG!=I0jY`-;HK=syb+iC0wK;(3UB3?=hyCQ-oO0CaRUPS z75?%&1doHJMjxh#4`v01?;W}1t7tybO(3#;_73LhY=)~<0;bTfmuKZYp&}1Y6+Txg za7qdqxtNnfn(t-nLPF+SxC75?0(%n5&m_bDUEw84eIcqAUCq(94fs79ge%;CpR=?F zw@~TB&oQCI=m(wu&&`-v=Hz$2aIz62mVA2nbYTv;-#DLt&viYS=R7Yd!&-Fh}k`h3X`U*Tg&#vX6t#*M28 zIi>v0W`}(cryrv&e4}FH#q-vSTfqn@KeSp2Px@~7McaHx{e9*(O4}tMePjecy$&Hm zT8Wmm4BW`vS8n91be!ZzX;LMhoVmS+*WPZ^q*=uY#o3(qmd~}T@8mZRu=;s_hv%RN zKv*@)KpIFXTek#chq8Es^xvhGTc}@$g|LEmoHh43iUV{Ef!R5HU|lDtd+zKU8_oG# zCQ*;X=kCt7AJo~WDp<%4jG|o2ft3Hu&hXk>v|IXXDHr*x*YL^24#Eq(f${qX2w7tL zhRQHKwtUXt`$;gN+0k)^KYHqJDP{Wa-OES2KJ^>9H(ooA;ZOIzh%Xdgk8&N=wuA8V z0qoA*j9|4}pXUH#)Sc19PjjD*;8guK#>*9d27SdKgo5!e6~3kDMttUKcnKe<1UUDT z6zvfaSaWtqTqKYoZKCxqZb@(49K%f-hd zz7_gwBA8UxPXgm_dkMLfJ(_~WsmMQA?=%1BF)v=Db8!eUa4FOnz)N-Q7Bx{&+0 z%rnqk{gWCFwvUC1`g{BxEADU`;+sPVgOs6iy07kT^w3wgB3-uqjv&P%`T_VQo4*1D z%DMbX46u(SAJG=rPx5jFK44B&@{nTQeq!h?R`{3Pf?5x5~<^W)`F92yuD-fePfjcR_~VnSMOv@CUX@ z)0_1;?O}-k=&z7B;*}`gELkb$^9BY38J+B4%p={$Oe~+@yr#!&HQD(ti35jZLzA@k zn1AftXSMqWwscz4z46u>%Yf>`BS-A*Lw2}|Pr>c&dKfh3BCH5g3ohgF$1xv{<@)n{ z>T@GrSEkb?helE{k-Y=Nw;(H&qjzfe{EOYNn^yhk+p)%&dRfWlZDv(+YQQksU?<;s zWj{P$35?Gd*e{uH0dn*lU4PloCMjqF1gJw!G4KEE$nDMFtO{d#faJ*EI)gkx=zwI( z_OOpRdM zNnL##fkO8a51LP{>o@P4{k8#jLUqI|BSg>!Z}Oj)>*1X>)http)4EBHNJ9=aFrtfA zKtbuzy-&V#f*~QxM?GKI&>NKj4KZ#wL0pC$GU-~%X0ykKdy@3&%8X znn1oK$VfK*vgz@b#rNRSJNe903k7VwT`wl77D z=o8Y~JZ9orIzLPNYLTMoBN1GJd1h&G5Atkb4E=UCAX2kwRy28E0wWE@;Alqh8-|fa zZdzCUeUKMDf<76E*5`Nkc>JPvzU(8~4*t>D&uzTz!6d#U5h8g0>vZG*haB;k@ES** zxv->fG(ON#H8;M^-!5;1xAOHBn|OR_@%B>TLsMlvLQWud@d= z(<}G*oVaQ4u}dFKY!DK6#Fe9K0(A6@F`g{PfN(`5l@pMNboL@qQzbF4DS_cKm?dr1 zoWkq@d)|uJR}QYwT%aP=FwQ;_W>C9G%GTxK<@i;*F)zq7vQIZ#g4~`N+ybw*uE;pp zRU>A{o-oh&5OX7727rZWKa@WS5+z|Y<=bGtvlRM9GH(_<@FqlrZXy?;2ZN7v{y?|2 zgP#kogJ+D;oep1K_#Na!ey|nt`Mq(J;+d9T=TwGLeeRu(%d?@5b`ZhXxZ4*@12EU| zFZrDsfb$c?{+H{c|GA9p`7~ks%Yat9(sAzEXk9!k^?89vpAH3&3 zh0*=n0jq(Cfs2zZGDf~PJj|dnZ|IT^hz3mTUP{E*u$$iWecNWCDoyH(nyal(v>^N+|__AqxsCS^Gd?nd4Rb7$~jAhL&aiZIvGAty1 zd`x&di9R2LbF0pjt|RkFJm91)gEgqH#}ePNrj5O-evV#c;`; zGyk+v1*RH!T{eCBJ3{sgb32`ppFQZqfiA`mDh{m#*~~9$$^{2$hdEA2OQ|u zN&(h{P#(slfF#?suZDx4v+M`Xzu~YCjtU$E>w4R_0(q|@RkN!B?x^2noL zk_BF3GT-I8u&mTpuZe>Lz)rPgp80@`QxNjbGjjJ-zC6sf%iZH4YY%6vZ!wx%B(24c z6OU`>Uk^SECrakG%~(qI&m$g8ui2h)f!YiCIMRE0!#NSUibQT9wkOx=VUfOvl|YW& z6(Bww^pumoyvBEPWM?9HxZj0(oV(f36vx*TSmXgpJyB*|&Twv!k)h_#x7|Mt-Jk!c z$uvXB_r%_m!}tB*0&qW@kK7>khZ+ShrG!-e#Xf1b zT73X$wKvtA#tC(a42kjM-W+2$DKBa;CsLOkJ|H z@qw;3hCcf+3y^vE&#iWSMKl6rYeyId6!9i zyoac5pMZ~*WhX_c_k)oz>rAGElKtt+!>u!2G8jHy6PZeyu(F>I_5;hXbACEpe4b-I z@j1KSxgAs|cM6#w%_58J_w{IjO%a&^5ieMr$rP5vNSd^?P0sxM>G@st32-qN4uj>u z?$45fu*P-~+QoSD*`7R<>-79K!(=$k0xUxk4^tE0s(*NMXen6a1+VwlcFQv zSzt7msMo~w5pNY~1-~V^!}j2Oekpc1QkczXp@U9zT1`TKQ=|=|&Pq(Rr#E38@&Evh z>Xl5cb_{6xa_H?2uE(`Eb~)A|W!Tg%%s@jCYGxInl3LPDJ_0(~)n7>3rQy6t@i}r@ zsL158Zm@lOUz`QbTfuUE4*{+OB|K_xFVV~P{_4gRuqGiWZrF|Xx!a5h7}k00Oj8># zS>;`!j9|7a4B2}?IiKuR({j$f9R4iJ5*4Yo4;nEX_|B+GNmouUuyc?`8mjplf{&z^ z;0eplXDhBPG~(cH*504BL7ANLy`M!mV^FUg!y@RZ36!|x*DyN3SsmWWRF1=$x;<;~ zF(Ckv{?7BoHX>a+Dnlj%prYpfMg6*76!Zsr^SztcFN0M}D*WprsKrvLiXj2T6?wd` z$L$fpk`3n~13H!Pn%7q&)|mYJFBTHGE_RPillqnI~~Yn+P}9 z&Gt-1hR0{7AJsnxj~lFYv}E{s5}S&b7*ze+9-QOLl&>2Hql25U9X$bh$XkS0(T)## zpUuaY5a$}|Z+q9Mr?jzoh0$;Vq-%N#>|Ai(nsocV7&GI2?`|WrvA3c*<+SSC0Eh^I z;8crT*+{>&%$kqzab7m88RaCTg>j%uctHRs6?^+lcH$UKd{N-;Y9VzS{#LDMf-Q5E@{# zuqSCLXNbPgY-KBJ59rJQ))9%Q5B>D|F|sbtUaCEtX2jm)Roge2UzQuZ{9E=ryf$}$ zNkCzfjXpFLd_l>H)XHAfNJEVC-$Mnk_Zc5}JV``4flS<1!rHbTy+#^a~kI^El&qFg^KQ({^|W=|NQg%Sq^!^+=@Hwwu*0RLYh9{ zsFOpF&(muh4hHaLdqi;+UCT-2Ih$&Z-4ENx&`oLiiw@%!HB>z=ut&j;*S%*2WQPTp z=6}5R2#enDd?9wYiETy7*P^C%0lR5l(KuX1Wou(+3Wo0+1)lg4d)^6C_fI@TE_Sgm z9`+u_$9I}^LiJ9Y5JaMQOW2;%0gT)lc$`xA#usR^#E-&9raKgoZu_kfq!gCC`_iuq zRuKfS5pi%0efuS#a!+9-OLS#sR&PGVKE_Hp`a(>e*Q-dHoRz`k;zgdg|YN8G4 z=>_$kgagj&c$sIac-_w@3z7z=c#ZqEyt&+u_4Ue6zdFN2P~S{YI~`$fU- z40%_X6JOK-_tNWA&M1g1eYjc^AAzbN<0O}GF%w+|p#fNFNp+g272+k(TDLG@969Q- z>|22V#rnZDt|601>x^n^XbS?AX8@idJMSI^HTjE^@ZLVg$Q;1#W|d6J zbaM~$gR*BZ`isva7QE%>YJBy0SIbzE*z{d9_7s`iJijhI#k^%7!$el`7)P}07Ui=F z$vv5Py|6K^55n>~^2GAzL(GeLbUon?2^--_@|f25q#}zo`Cd8J4ii?6Tmyt&rNA$m zT24A>Z@F{L2C#N|SV!!)YYF&U-ji#$23IlL9$YfRFYACRIlae54TPp%TXk#TFPS_> z4{kIs5wAb_A1P7lW_l|CK-%H7H^y@_xPi7kdEI`t$6yhWlXqrggKkW8JEVfu|7>s$ zR=R@H<{_SZ@B4ih2ch)e&~f38w-*Bo8cxR@M3#s!Pif1KOqI-O*KqFBAg<&EKoxc@ zLDYG5jdZcZRLYCyJU!PEwqx;BxL`}hmq-4J!`lxT_Q@CIuhKe-s4-MgM6!VLHJ1)`gu|CR+A>IGr5{Yu zIk_E>?}S^$+If(kQo}1ku?_pQeij7f6FT??rzLZ!pN$gGZZN0WvVWWPu^c0B#c~NM zzS#N>&%ZY#-#1{+XCXYMEJVW#bSXP^M!kY*81KSZf_4H2dDG3dm_%a1?)pvCn+;Rq zpjV2*5yLL~xN=4z?6G}zH}R7=y%FEYCM>`iI=P--oaplPQ7i=1Aith}O?t(@>^XEA zPW9{gZe1X({g^&~i!8vQe8~tqICBNnHcl?N;^lsV2tJs{3$dMwDVP$7Apj*FuEetlKDQ{#(+O)`XqANScUqLT z_*kVh&Aw&In3(on3pc{n*BM4o-J#DfVH~8yawi|_GieUg$$fYaI}O*IX4&IUf{RXcN5KmGhYM4! zWBd5iPu1$egJ>Fi_^`}@)vDr~6vF#%GS2yJ3tR5PULw&KV|sZ|H036?A|AkR;iz;J z#jCp3x8UHd;zoFPc)!+#h`gOHP^3z@IXeWv%96qhd$fVg+sB@1FpNPnz# zxV+6)8V*NRfZ6hKT8BV)>PX*Q`nW!3vrLTN>69ty1vUX#de*r`G@^_`$0;o!k~)9j zR;I^HO_}MLavloo4ao1$NF-5xT+|n}Wi@}l!j-c=^ST6;{76g_L%O0^mTIUua#-Ya zaVh6-g(s?$Hl?pg(%+op{ko@_o{bB|&&6zu$)CW(&LxFDwFe zj&Vh;ui93eb%)BrP+s4Q$7~KMR@p z;K%z}pZ2I$CihW*{;MqC;jEWEv-H5>rfQw=cPZ9R;jXbwe>*y73ev)HnvFg|dd0&3 z_UZ8Wc3bYssY6Y6TS0XzRMF%?Ilb77Z!X8z@|2is#TO#HC^`;;qtBGQ-sR#B9H^|o zm4cq5r=z)mA7XE50Orj}S(S@|$DsKa^YVQg_m&bmu+x4o;kx|ZS5lco;u7^M41pms zn#YtP-#JqnP%p0^U=Sr^R-SPD*TsS86c?YT*FLi+i6?#-yUHXe`)4gY;rnJ``VK~79M^<%wx^&9sW|a z`7ubzLFo^$Z@ldN(RhLRE@egu^{oV~jCs@F`x>YJ-oiZ?!#pnw@NM0W6Sv60w6a)< z>$1_qgO7kvj}FxQ?;Msd4N&BBN9~s+Wr^4%(OtawgaCNXr8q**t*Bb;YuTTS0<%mm zJPz)&8!=?dyKlQ(Sf>emVW$GsQ6v-Tn?Lkg?S!e!n;?~s%bjDx*KwaVkB}m%c#KyO z$PXLysA3wgeg~HqFQD0Ym%v)Q+huMUoQ^`$erl)I1~qGAi3hS85-R*zKgfrRs}e%m z=6*WZMcr@P-a_?TJknYTZ}1Ydw8D1+kL-#Nw4VCIr$$g3*~Jfnd^7_)kG|t_RNpB zc>9>N#h>^jqM`bH-JULlr2#EAp{anYkrOkPK=(1r-HUP8({nNsG85Ll739j>w;+Jr ztA7p9njna)g%HtOGn4c_2TB&wlKV*iOU(1LGJ5o`9Z8G{20 zy(59SJ_QMF5G)4~FdRID(Dc{TI%cuhZ}Wil4tNJa9-`n1nh+PmOMlVhI+05~3Uj94^10;8?e@1De{ zrlw4TcyEW=8a52MoA1ajh6^qG5R177na_5kUt^rUkfZzN&UlSPC12_@bP-+_*Ze6H zXD>HY(8EKeu&(L)$}@?js$(Y+a2XAzIsZIm(!v-EoWv2 zXlJ1LZeLRVX2xB&yYO%2{oJNvR!ipi>b_NpvgXxVJsaT2E_*h&=u*W#7ryWpf zIM#p#U%+0#`|_KSIPKCHsEQoF!L@*_1_y-E@%N%Cz!{#l>>Bo76OqB@;XrdD`O7)v zSOeloW+o4T3HA>0dz+U6i~PfFA0Qy>0I$_^_Jo-tp1tOX{Ga^L1a35(pw{0X?fyEO z{O7`OO6x%4hQosQ<}owpqmu}??xl@}cPY z@%Ep_8&J2Opxy;HVqVwY$ntJ)F3(8afJ0UD?Q+qW@g{ql^LlZ{+f|TP2vr$L)90{4 zrcaUi!&%f0M^vLCJ8_6dPE}Q-U#C5}oE}V-%UV1>*(~{eUW%jbNuI8?hf-Z!v}Ho% zPgLLc{>Wa^mi0*g;BoMEk_M01(%k(xdryK2Qg%UN5!HWxR{5FuZtfe^`fA7HoF{TB z*|SYOKXKf{rIz*fi1J8wDn$$CGg!jn7aDnwhgx3saFJy9nTb=mrY^SI4r5xDtrUuZ z89@SH-(jH0GiqV)1d>u;e$7XNGafvO_L(bzpmxRYRYDDlnCGB;eWQyICFg)@I&SRZ z0n)xo_Z*G_9Mw(wNjy)yEDn+A{i2Kd+@oE{=yrTrl*vbUZso+u5VLwGI?Bsp&=W?? zNc51r2zrme=A+eTS`c=YAf|?G^iw}SMw%~|eNudL#i&(+a8#uwH+x1|@Zy+}@o!`& z?_-m2h-QvF)$yR$=-DJJ3|v>A*{dH5F3!J$O{vdmfV%_~F0kB2by#|B)jw0<* z68-X@4hY;4CP43p5RMU=_w5E@Iqt)dsD(@^ODW$sgi55jFZ>g~=e&9K1t!RysjpW3 zw5Q8iJkWQo{V^1g1|X;U%q7yCOMn9F&xaG0XYs~ru=r#^)aG-krr_q|zmXU-2ZX?+ zzN8Y9TqUzPLCPoijFW^WjjJu83+~~N+B?f+0^a514kwbY!`%^J;td0`UAwcQBVh}&b?LNBoV+w@ZLau^HHgq1Zz31==-`d zzu{D((TEE9d7m8Ep>v-HICVH;II2IGE+srfkQ??o9GFfv75gJ+={tpyQSUM#5hWY$jgnAy1k9%lgzE05|k20rJk8AzQ zn%?;+fzbRmh-(YyImY5qVN9YT`&LXo{a`8DvmT!sBtUjPip<-O_kol)=`~EJuuo1` zytp)fWvFi3F7_c=mGzGX|kp6bH559>_A-iW~+)DQX<1AkD@r?&tz;B>pNy$X>+ z)w?%PlfwyK-dCS9!{xp1Sz2(v8~!|)V&Ll!`YsUPsbOLT42)Jl*|xTo44(;~K7i?* zqryH*LlB`Sx8GyJ=-MikTW1^G4EuK|G?H}DAH?u6s7uN&UiVoX;|-b*4s`22i4@d{ z_&BWM3W4WqYDxkVIq&y;H%|fD@Eiy2dU%O<$f>l~ocuoC;V}s=wp&(cPFi_74l~%- zx5LxR3pV_qJ!`O50d@Bp!g2#9c80VMxE&kRFp-@i9X?!6aX-ny(q3Tt^1FVL(Q3%S zMV8S77-S;epOka}d|XxUi9CpZsQo8O;PQ0#TS0hx3GSI31lR5&dXIDSyV3~&h;d|H zqgz2+S$vjHA<%1CAucR{=acx+nh2IrIJa03A<6PHHJ?PzT%j!N3Xzi}?%*Q4|AnHF z3r!b7GM8`ltL^Z>WQWAAu?qUsU+eVV=iY3EnG7Uk&c?ZD9J8fY2x}fO25Q24azE(9 zW%K^6KjQ56L`DgKzH0ABp4cW-CB_$X{O~j79ri$!Fbqf?T8|ZuQP9S`xAtG9C^+|y zVVxtr3IzR>gnjXl?^o$Yo3OiVkRCkGCC_0Lgd$b#sDeIV#}^xi*a+nuXiyRDje?rD@KL;tF0Str|tCB9CrN+<8}M{`C(R zVeQLy^R!Dq%o~1^o)7ON;+}7#mb+u^ zm~Z+E^;wPBW3lnah@o&P6D0dsJYNrnHq^m_e&RR>H>l@R3C22Ex9x-!8*sy;oxUZ% zrH&KR8a9}EMtxFNjK@}1Qms(A`yIC1mG7xRv4;wBY2#uPzeI$k@qLRf5>cuSkNQ}$ zkhl?|r+5k3qT44>iFvA#hIJC#th`J0=3)`7odM4dk&V99HNoyqFh}N~<|S&DsnM6r zAB_9&*+b|FKzr!>{}TB{wWF*4nJ=C9)VKUb?b58_pNDh!GPzH`4c8H z$%>9`ea|;@s+($`lwMPL-5S52Zvzd)>@ouQd$6b!zLcpa!OJhf=Oz*0ukYVFjEE-en)Zf43iJjQ3}rL#GEP z7sdQ&@^s3MomE4?c|BjN?zphiNgN7`x2X7yhJQ5y+1mISq6eRXms*OAlQbdRe3}Aw9~R5Q-Lx}R z2~kl~`ZJ^?oRj?w=XZ;gRCW`(Yo14Ef;Ld-P(tce4EvDqdj|r=X6xZHhreN8nVE7A z>gM&PtV7*(zIIAivyIjoZqwr4^U3q%=;FaIWa$U=h>1kQzLxM0;kEpGYC6a`!*h=S zj3Ee<-7i@?-3viE3l~6*M0a?F`mgfH^CJXaZ?wJ*E9!hTT-L8wX%KIIX0#!lSaQmz zJB*r7YVN6Hf34B)A9W3bqI*h8>*Ho7d0|}c1t2)jzbP-ii`|QjeK>BgfQwhhvR&Gk z-A$QpH5gxrKj7X1*DDpPPGle0Q>Fu9+n=iZt1eI2zAmbdZO$Y5vTX9~&L`4(5=#;d z6e!VP;KZa{9G53R*SHVJAm_~GBuW&b@ugMEc|0(E>J9K8%6*>`XpTn^?uIaL6I`y8+A z`64D2Y6e7fn*~a&K^<5J+Bp-xMANOv5t(sL9+UMXP5B$#pwj?u0{38E4g^U`{s8$V zDA24a7o9y9bt##1$%FP%)MJ^YY4>qY-P%HAt(5hBO1O~m>Rws0$a3MQv!fkx)b+R~ zAU40CUU-YPZTMS*#A6$yiFAA7; z-0vfO%S99iMUN3GXd%Qa4>#E+2GPvj2N8W(-`nkpQZaXj?`ULx8G9uZ6t%>l6F3I=t*<+fQuRCvj?^;NIa#fR>Y;}yflpw>+iHLN7ku}%v z^A>#pN?W*tgw?_($Iq<~4;OXzY-Ia_dv@VN5`FFksd_2DFV9Fe<6vW3A)>wVE&mdu z71hPud{*C$zwzSm^;%*-@E(c)!z|!e1)HTJ%8!_og`Uqfds`xbi1H%+5dBsf9X5Y& z5C(IgMm;l=BfTABkLY?<+-{p%yz9CPZcTD%#>WBOSb6}fO7;sU6I_NG*^FXEa#|l$ ztA{FC0jM|at@r^ejeC4*f-e8adijM+6zwq!CcE|+U5?#Suxxub+l>(EkS^qBT5bg5 zHtk($NBowV`XEbdaL)(M$x_ExyQOST-)sh3oE<}cyK!T_Pj$iVLGjDo7#(-h!V_d? z?++L{MQoY*)Sk}Ol*L{5h*c~{$mTtQ@1D4McN#mG4f)fP+kD6=GXV+eak}#G&8s+aD@%50i?j>z+uYjXKT3xbrvkUG1fRoo{ z9k&Y>5Wn>?*#aU(xz$MSmS}nk1^Snj7%-gTJUC0vPlranJ7rf}nh)Lpv3<{P3Ws!H%KX07ue?23=KGAxTw^Gw-P@A6D$Af-g&e;!k!Qw((-J?0dPYf%1qn%}0zg(WG zeM8RGQr`BWT)xU@dF#5fpvD0W7U@FZPJV}sH{AKhJ;vs!YrGYHHdqomb=Yb&IdZMW z+x+L=G#@a0zPDSb6ASF@hJ-eAzjt_B?S_OKNgdZGA zrHa)KoJYq57VSk`D~{t@&_;?wxo%U~H_ISlk)FrPFXT;bATHFL6~t!Ts<`qXeoj*q z6#>UF2`auwdC@dGS()%WF5i-<#CH!3yKf-(*K-}iS(!<@z%rzxZTH2~4zQ1l2_c>v zjGRG9r-pXBInA>J#8nTh?Q|l&_~Z58oE75I0?6wA3xSmTf-C`PJbW5tsV@agW^f!d z7>Lc|<(6fnq;7u&&qbLr7(Px^o^!aR%K(u2@!ImIv;+gn6PvGl9&S^1c$ z&xi$_Uqr#4TM6~)Id|*aNoBvnx6vK7RU@9lx?M0TR|jt&9-VS;_^B17VCgt}2_tK) z<_Ihf2pdBL4K0nEMH;Wm(xfM?xn;pV!iL^HeSsEb<_NfZaXE0?ZQ93*-$^A({q&Mg z-f53Jb#cp?Ej@P1bxtcgVf?t+l}=djz6)3R&_y1|^_ud20q-}MqWu{T6BQEjkTvk! z1DTc_(T+_I-%^=2o@Vi~FJ|=xntXZ|2hy?193{cld?Znh>xT+4Pb%8kED z1wl_H_W|`lKS(aTd*%FqpMuzC7;xCO4XTG1MHvq(_xSdmQ{U3*Y~lO&a54mjL8OJu ziC!wG+@ApxG))g)-Njvfd~St+)fm#;r;pKrs=80IP^9E3DBfAfWXsW!Q|_B;&Mtz| z6Gd!4MAtk-XE_S!)8tg?n4wyWd`=k?X^x06Ye-FQk88zY9WSqFMr| z0OM{wex5U2PEHujNDc3YsZd$}#WyQ^l8Tjq7u2KxfqUQjBGM-Ue&f6<9A9v!_|T4URMMFa{4$%?O}a< zGC)m=X%?KVRJ z)J41O5P-dX{#948l9B`3=>~FtH5PMzt#K6ZXI)s;`{l0y(%@(h(3B~h=g1viH3Rp7 zs1yt6>pc*A?W=LJo5jp4yyy~@%_pVrBv7x(js0aXV=b^Onut>6M@8qR@Db`krBEp3 z$#3;~``~Ee6Wtxc6SWvhx}I)-I_49})cnPziRl^)gZ(+jU=apUFq~HQ5mVJDjGyHw z+1a62>P9yK3qRc;FS;-U1P$r$t$3*yCi-&vJ5VeCrz=Or?-DQA@tvA7_g}5Kr;yrR z>FGXYXUNY{ABR8P4x}2v8Ze2}bT@9+zCR*A2g@eby@RAla^II0EprCr=T+&a81`A; zBh*#>tN5<$|41|Tpgzu#yC}r(Pr`}dK0`Ai+YFFx_4e|Z5&MuU>epV+)Oraypo8q^Vv^bA(orC*pSuti)z9xZ zoU98mpM2s^5*~|H$4W!h<$bDuLCZ{h0@Dt=vR6hoi<``FdF+=tkFo#)kzKiWtfE?r zNL*?%BD@>j1m`Ch*@ZhW`Z1vnUq`#hWqQMg*jQdCVx%EZ67z%Tc_P*%s2PVjU>5$y))$SCsprXzz zQN%2HFF&?2Dy^@=0S((>POX#uPcbbHYk-iVau2&KOrrHQ%+8_v?L!k!D9AZ zJBRfs6D5}?SB|$&Cu#L0vFAjLQ=h*E+>!;| z^*O1XN7k%hMs`s9)r=EgyPisfhuNPp)Lp%ZZBytf7RBz6~`&@EauZNCzS6=&+Y(X9C)-IyK&_aqktpw@&`m(4pg;s{i z*bhVq%qRr1_Q@?Ld=w#fo>orrb?+q6&vT!y5awupnSTXWT+Nlz;ix|%rQcG9OEzTF z0J(`HnG=MFAaf+h-g|vGd%*EN14N@GM~ES0^>mjX7L6*46V^RB2rq+lUU~qFS11s^ zCi+ue?~tKpSz=WiR(<}g=viMbQ~;It8RbMT6NmI=wO)}bN`0nx z5!@Rd7P*XRzl^Zb3M*t9o@PXh3pgFfcRT+`x~?rnu_*dWAo)>pQUMW!H%X$PfMmYD zH`Qy^bWIsh;D!@+*su9;>3_96vEkU)*#v6$_j>^>*yX~Y66Bl2Nt!TV2p@Rap5BnV zRdZEVOPT%5qPcFOlM@b7S8&R!&neoMqhDCQhr&gaF@QGo&iM!$pBoyO@B)Ea543(I ztz4@dl4plfvE|;%oU8Vw z#RwT20TL*Vc&AsEd)5C%_Z@B2M&5fh8yWMmNxFGlIUh9b8ZY^*mI!hDQ@X7U^eq+~ z2AW0qmvQh9yS8Z+pp_+6MnW5Z;+6ZZhB8O;{Xll2)|3emt9XVgH0fadz?0@3G~x@@ zkK4K&D%nS26)dmsL4PTY<3|#R-ijxOQOP_^Mpo>>Ppv7jFc{KxBt~L3Eobx#Z8` z0|mOHw*zq0)6^!gcB?pflU2{dUCX4CCr=6l{rBz)qdE~%+EEO4iaxCzvRj*9Q%EX4=J=BBU z+X86y*$^SmZ3-LPot8a)uvDJoG^0f+H1Y)LcSvB+L(OaM!kp20qR6sEvhJGtbTw<0 zwpQxTaPZH}(h!lNz{vsMEWRJ!bgi#;{FRT!#QgAB-hNg82@YmHI!~{bWl)paOSz!3 z8Bxc#5N7)dhnfD;_P(}A!4}sEM-dq&BLwz$c<7p(sq}Z+VEDw)eb!bw!_q7>AF}P_ z?_oUf-_YMWxYnf#Nc>GIy0z{t7CwI{ssL78_g=xvhh3`nj)k^7-r{0+V{b06!GX)I>h9#^+YsIqO+pD$qJz+2;n*u{s` z>HBa<6EZZRk`GqjE#m3C7$P%eY;+*&XZ<1d+6_dfTc9mTSj`mhit@=O>LTddfbLOu zM@iBeL*0MCE%N~KiMg!)Bgri}{QYrczv*f`Ae2BvwB&D(5R!nEsmia7+kGD7b{{^* z)i^z8Nj~!o>%|z15e?(>)~k+5vCqq<7mDY@Thj>+x3rs4HgnTy= z)dq6GEBd>dn|*!#oKEMdDg5vxT=TA9vhZWK_g@e3?g=&!es%8LLJ2@aKJKFvjE#r7 zMqi?XF(LV|Doq3iCiq!!62Lkr-p}_xy*wN8TiqtcZ|G0CEC3@bebT8I+#(M)6lYLW7zg0uaje@GnPG}D6?4kgEP;6|tl51Shmx_oi( zK3LS|*`1BJpLAxdsi*u(d+Z!nyGFoFo6{K2Nmw6XHi}nhR@E*i;SSoOaSxYrpJa2H z2gB)?GFixY%qJFZQ8*|jg{OY+=r3eKD}6?Ar=COmaD0BS5Q?7MS1(8yZ0`kHG3xJJ zKE@s-b4~D;Q5GJ6yeB=mv zHA5hoUB2<$AZ5A7<+-qzM-&?e``Fh%2yjm0Q96LOZ+v^#B|0ec{=taRGJD1ydUxxw z%o1s~=jB9j%vJO{r1?wAB-z0*H~+IoiT2w4?&i?ZHJV2B=TvhO+_YnoX@SScukLFl z72}gUkK9W;eU#t%`2-&u1T0`H;6CBKZglFsPpQfq(Z{&8)%hm5%}Y%s8Z#1Jd8LC$ zuH+t|kjIX+M;`c@Y5lNo%j=dw07}HzcHiV@yK8x48m!)F`t;2@S(LeV{Q6bnaJ{`W zG)Mx^d4B*Qmz#dHGwFBNQGRG*{Vau^BJ|h$HG0`U{i*p%!V23c6R*fIs89QJpoe(( z4|b`+uqCrGV}??N z)3pO;k0?EvCHcL5FTMyZ{)Rm(j&eU1*HM~JpZQ9@NiLm3cIl7Y34XX?U0?5|zGP0o zLG3Oz^=r}Tv{-vO1Z!)LqYm>vi|sxwzU_%UB;cl!&8s>NPx|`Mi(5yzV+7#n@%K3V z4%#Zk?dSAiQ*upYfSenS<$f+FjTCzU1SsajZr)={cg9ioJC?T**D}`$6GEMFZB)w} z!pT0yX9!*%Z(;s3t%O}p(Pj6;P&Zg(azN-q-Bd9kd2(p*sF;O0RR3{EF^BKj+zx4% zXRa)9J%2sZB9znj9cS_{k3NQJBn`+{u`%&$9M9Xse%jJ{Zm>`9`|}=#z>CQS_c;PQ z$>ImpGcP-`gdNn&tq+@vf7j+n8!D)Cr&dlQJj{0sE53_dYzg9N_O$!}`FR0S@s(0wMQh+>suWQvL-5C&V#0 z`YGktCV_0&lkJ@T#fOz;1e+o_9++t}nr4jFs^ z!g^1s=%LC)rl3-!CHj z2_{Zd1{(@se^&NaSdb+kEriE$?+NmNp!>fpcAYwEzWdqc*s@?+R~|t=CQ0d96mCf< z;Kuc(r@GhtmR4r_f#fdVi=AJG=cr;v6z4r+-Y&)|&hrC#L~$L`6a^;_@G-lFZuW5@ z2)MRgg?`w16idej=cpz9rih@s3J`$lCn&azr`M^w)P3ko8hj0}wD7C0c7vMf0}ghC zmZ>mz#Mkbhcj~*K%71tK>uvE!swL=KHGS=?+KkXX4!7GLZVim?!K:H{5pLJ0dY z@&Srd2A_x*P%KmJsxV1{MX@t3C_0)08wqHBv<^N*Iu4)lJ69s*WuLcOEHG~O`4>z9 z-fEE^O?V>YC#@x3=RdnGB>1qbf?u8hrF;5UwxK}xd0M1;HT{Z<(WeKtMH>lqG%#6bGF^r(^aBHxi$iU8d zO&$mZ`c~-GDk=l*RpOj(!?!tH?O*t1%Hr#DCT0}$n(T!DV8y}gAi`nZ1IKq z$%i+9(%?afTjJ$k}>&B1i8d0)wwE*m31I@3nBZ+D3T;DZw=@W6( zlzObUdZb=^76scWJbw!Y!i$6{5ds7DBo~Iyy+7y0%OLjG^jK9!FlkHUWj~^qWX_ry zlbB%3{+uu%XYGRQX-+bQGb864b5ZL}`ED$wKm*?&?a$s>z~ zQ^D@DoFYPlhm_12Yih?iZ@q~PRZ8`DbLp$ojriUm#6M<($f>cIHkaq@N$d$8UIqGo zSjoiv@blliB%e0-n4ITTE-aHIPxPUkSXgbpncHLh(k)zDzmpuefO;!iBYYMJr^j)k zBjO)P$j0q2?F0 zjg7tdaG+*W7mlV{9y0d+k_UOXZ}6l4XyW`ipmTPvD`c8lrIpXGy#c5v$ya2Xwv6)P zQGk#Pd!q9r`?6PfSdc9Y^B@2?&EU?qm3PU{?EXK+urxV_v0}1Ezim=z$GY;q&nO>VzjFxjtg*qN>D* z1`*fKm)2>&Qn&Vd^qTte3Qm{f@;|8SLc8{y?lGp>u#a;7?la-W&<7}$6(`=1dSZ`J zyxif=k5f4C@WV02SKM7cyZ#q?7f`0GRlOWqkw}XJDV!XtkIn?Bm8}>j)XAKbB?GJ4|+2jx}24{PkaK1hz(TsVc zVk$FK+Yk9w=z?JGPZY0yXEk!>72QzcA?B`QEn)Pg$(nKlwS43n|K6FpV)jbE`z4lS z`mTQXJ*yI-Shbc0C#LnDh`1K4WAS@rP96#=lrw(-mTE6S&2^^w-TPk{h{mrGRs&0~ zs-V*ZbP3==@PyX42Kw0Z^AZ+QJUq}ORz001-!wkwDrA(N_Hc)NYkwHSECTs#!vV#M z_#wBSFVokB9bLP~gBMpVDVK86Cpg5#o}f3BP`FjW9zU~U9|0#~CCo zT`ZWb3Sz(I9DvpDYr$*oju>cvng{eZN4%`2DR4kVBQHViBFduohp1 zO%Z)cc2ze}9+yujd>|WP9#!w)2jA45$YuMBRO_Q4GVb+wUaGsQ1m6&q52YFD6D+H* z27L`HX+K85YFYlBB>CAgnu;wd_}z4Z4Grgz{@f;EUm<(pq+MPBt(eaf5l6)=wbk#R zUv(nb7CurXn98f+y8^o=%9QNS;~F+7Tm>al^Vh0Lx}HH^DlYQMhg)%PN7Q`w_O?od za2ajzxjo#x(|uH5D1feXFUsBRZvO;D&O$bMBd*mCNd~*$rR; zRVijWk(}#6qF#4byza4%aHnaPVK%p_e`ZI1cn^%eWxH_i%av)xgzNl5$AGl!>vv&? zENxuCcOVn5L6dinKARU~=alWtbY1R8d~{)jMMQ^>LA< zeY~ht4xoP(`Aok(so}TPE$_bfy|BQ33RKWix{G7zy(A!%EZEuGq?jo76Rsh=`#k|(v z4BCKDB7ZqhCHvE?Z2-S)yW<}o9Ijf#Y21{3zb&6!%>=h7ub(m%eKqDUBqp(KivCzR zRPuv9_Se=6X>@17{*;9v$e^V4I$JuJ>H~z!CN$eWA=6 z5q@AGd^VzjdFh*2j5~(sTadlpjEC4^)HB&$J_{h*u#G*O^q@HT>JP{^ysUnHKM|(aEsG za24t^QbE>&e)V+qgYo9hm63C2Bgrd0bAuR~c=;axI#tBah9H=F-*L_S`D~wJp%6`L z3tUG8QFBWFIxPkH%&rJ0yM1{}kkLcwj-t7nW4L@WtjJp}HNAx%g|ihe7+Q%@6)}cU z9DCD#A(PCD&q-Hng{mpdbLgG=ut z$YN7p+k0AlA%G8&x_23UX$dPK(-QKheiLAwCeJ-0D~8XqXPbX|aUNCXCqi#u-cgPy z6#=Imlg)kmJ)aq=?E}j#n6jb2#Sz`<>T%mfK38b%vTS48eo*=qNGAu7POWa+L_=I( zy}?+Jr7`URJh|C3YP31jNP3oROn#|byUMQ$ zic|?6wWJBMS-iX9oXR_Q?c@7&r|cKytsjoWh*v8x&Y%cyZ#H#~I6$=VvW5i$kiE?J zFaH%ECmQPqH0m$x0{!aW=|_m4>z}`~((;vmCfGj)Bm=!H?z{Y2KE#|`r!wSTr4F6+ zGP1PGzElDmo@F=-_(1!4&PoNEYa<-K?mG1dQ?4Y-=|j@DZIM{m7F-+BhJdaFZBpG* zj)%-Te_vTPlU7&m0-fR?Z|iXXz;G|F9u6?}AG@CU0#*7ap6{5+GSMv9$k3~W2C`!-nK`^cL z6m$>hT04h&AP6L6utQc)#-;>1dU6{_!uRLiAz#LL{wOSu@Ep+Lt-kp3tq1d#wG5>o z+$$527;9=P@Js1SWRVa_@DdKk4UJelUR7^sYR%^EFd+tW_g#_p@G<;mBPsO3$IIly z@Af&aK}T(T=tj^aq382+QZ(osWEsVP%WG$U(||85J0+i$q)`)@9@}jb0OK& zcwk7?8X&&TcN?RN1dpt1etq@#O}sVtoqn!$qP2-YRqrR|p2%e^_iK6W_94i@ zeXvhb0os)hh8djfKpY|o3%O|HVZ{kNL!$ECv8A_4P!NvL}inVXxc#`Hz z#P!&>r=;Y<@3fv!J%HbQnXb-@AAW%h;VvPi#GLG2rj*?Bv>Q`Zy=p(lIbT{dP$!1V zNJ8B9Lz2m`1!59ii+UUaANE7e?I%9cuK1mGwV5r(ZCt*_wjw&}&nOazJ5e(gDpL=+ zkVMx3Y{y~nGa+M`gceC;ju5da`t zpcRkfG`^sCP6(?HSMS?Be#1Ss*yAM?C=Q#sqY3(rkG8!R3{_LQ>E|*VP*w;yExL_6 z_@@T=qwnCybMr1K3g1Wcn>y$PYuxr=9hfN%B=_J+4$7sa7pMnkm)cU%dJF4gn%uV~ z4hPsNJsGm~Yjx&GbqEkZ9qNl5ryh}n8Y}b#&B64VOdpqAI91<9zniUU*AXn z?e&d!ZAZBVCZltiM|(~n^>D(SWd2C3&C-Dwybp3A&~3>MLvyGY810_-p{`Jf3`7yK zWVFReXbIP64Sxk@E)~0QS_zG_DfZ+g>>i<(TQht zUd_`J7qK>R;lr%pcs%@W)6c#b!K?yuS)0Q>4$r@Ull=7GsFj9V;_xzuz0N+5U6{oFtC3aEkVS0#d9bNt{QWJJ zbBrU-kJVYclkjCU@&l>lIr*G#o+8(HnHNt5ntQVQ>@!&7;JL!9gnL(yM zYD31JR>bKWI_lTja4sn^Vm%QR=OwFr&9TIkvgPt}lx#0IJkFaPYJo?BotSXquSdi# zss#%x5g=61T>89;d$lh}lYxJ<1GFy7s(UY_#kIxx!6_)_L)+d(vRzlzK$1djN=&VJhYp zKMvmvE%~-+pZHxH*q8Y#T7~h7S}VsfGXLzvBartTa%LA+v`-9z3@7+CRRA z9vchkbQ@UBZpJ=>XQAYeyGcAHql*>Q)B>uvk&hFc)S4Qd+Nr$KWudVbVTE)?)djpS7)qFN7dL_fH%^CUW;UmDmldRUws*AAaGE zbgFc(2YG6z3jhX+M9+Hw5(794NW@5(SmIhUZ4VvXH|!$>upi&IMBm)W0ev4jCDl8b zOYJ}<=#K}Z#5H@;qkCKh=RherIHx+=KaVNhNbnl!b|m{(kB!fqT}`B>>E}XnZr!uT znoWc;-!nUA@$SrDIuAmguMW>aPLqY&v)hEb-RG0@#L8Npp4LDeGDan7I;6WWJpPvD zeM>Bjz4OpXwQtRrn`>s0zvVJwRlH$w6X^$HNtLC@Bbn*r@pPFrQ_|pl+2E8}jMO3!b@lMeW zd#QAJB{+zg-U~50;-CzzUs6C z1ak7d20!FhAo}Iib6`;`0yFTQ<9ucD(LS z%dB!L2Kp^{hKm5fIs7H(1F&%)@lCdqB?BLXi;My$nYVFR@pU(Y4-vwZy zo`qKLEJ*emlb{A$n#ez%aZhjSb!d){0eF{uA>e^`dqn~4Kf7S@F8-wko|$~hXQeHb z&$T`D%tiAIZAL2~XE&GmLOs}y6+S%vMV}NeY>r!wpq2_*S0f)CSN^jJPd_IgG;vpe zy~edsoz{^J;RyQuFY!<5M0@$Ka-e5sA-lzyAW*Z@)X8o#tZyq2qfU1Kzwty(#>y_H z0UwP3;1fU;@c+~6$MV{n7?j@EHq{ea9@jzl-JoKaRd^RN^n<%Yq#e);SjB4SDgDZu zxz{DAc&t(pAy7QWk{w^G*PrDve}C@liS>A&Drp}d`00Y!AeUS~rDeICvr%AvfP8A|_BT`Tc?a5p`x#($-!!|=YW|3$OZy)7 z(JJS}{CUSWE0p)CYlYuE4|Hzn3F@g76ELUuQm0Y+v+76q%W-NV3Ag!yn-bGPgeTrP zCKpZtQ27$d(Sz!U`x3}Pq14yWI5P9EP(GZ+VNYdECl?YdyBv z8){MrjvIN#2IYFqKT1qFBo6Ui_BE-WOFF_tnYFbwGg}}ZhtF1j^~-Z#`HoyT)iDBD z^?I2^>h!41dk+D5&$zyF+!pL{+U%wJ{pD1rpl|QjB?9gLER_4rK!l`=yht)I2)W-s z!#gM&;{liDXum#)xiLp@nf8Pji#&kdx`FI$tzl;-cUjUXlVvg~6dz55OU)!Ljo{4PN;j+PqSDtui!cUmPIM2!hR6TpVIO`w|6(&kM;E|nc{AJb@E$ly z10A`gB3F=D$xeZR+(=YE8maacXXPl*q#*GfN)!5Kle5rsliU20R0p)3a>Yxwt-a zeCg+cO)4+7D?UbGhVZ8eney9AelmMmN!0hq>vudy?c?y;UFT1D-e;3=Q`CkSnoDON z9`~_-p+PvV8~!%Pg#47hWppVEG5__VHE7{#G%N`#xWw z)#)qUA_&WPeBEyRExG74#Mr0;gemQ;dXOh0)h7A{0iR2N_cCqI-jej_!vf=J5v5mN z%I_WmM*PEA-2R0mFW=^8NiyYlKm8s#qs!Qzp#%PeL)ei@#{>?rvFXNa)kS+HMhzzW zddi+$eLeESjH&t|$BLRSbQ8Jst`jZ`_I+D+eau&Nj3CS7AU8 zw7ycBUf&9WMqlY1L;jlG#}4(Nh8Cl~prt$Qs<2e>TM+M6RoGmS zF4^R0@y&(;Mvs0Q(yF=civ?LMU~Uuz={;*x$(H+d|IE@3&cif{$E|1uAp6ZdZbnJx zb7K2o?pc5pM#&JkcWr;kE&Ehrr*%&_lN)D6|DG&l@KGl>%W287eVH8~==7}vX^Ure zLCyaAc}6(mQ-b)^S)pE_6x5tUX&w_hK9!fdqN55kKkD#XUx6B;ixk%+2ldpkx1TBU z{`zDxKP=`kjpG=7SBS#C!EF91I|sr;VuXAE0!{wP^<24@XO9+@PV9>ht={qXb+7T0 zv)mWzPrzsW;N!_LWmmJ?^H(O9f%K$$TVI5A@ULgQKq=zv!%wp9U*At!X&!I^HHIjB zz5M=5wbvR#k!a?{f&-K%UVpHM;`I!G(uu@(M;z$my7Gq&`;;j2pvyG9LBhHP{7bHBKUU$EDbRqz9@aWJg6dWX^v}ywQJnwU6fF;+HNT&N zFDylsdQsk#{XS+s+<<=zXdPwt)XX?#RSN&8v3R(I-^njcp$S~=A@K(mncQ|bs;>QU zi2Z0`Z4~;~15o2?RIChX@}x4Z zcxq>>gcd=nSn!d)T|NhxTL@mw^8|6W9_>sVLngJ6Yf)-**|*3WYU5Qv`|BrEk!N?E zC+yiSZDkXFdHyftbT?uz%wBE@zpfg3zuT{JZxSk?znc2~^%R`X@=8#7bX$Kyoh95a zMefBoen}Sr{rT+jwJ0%I*W3N)Mz%98!ncHE>XAv5C;2s@eqSvg7)COpLoEF9@bJiN z%X{$(%8e%K7A}u?8IDAJ|0Yj=%#`a%R1Qf#4& z5OT-o4+;MP3r;A5t@(Ls!+Hm|qD zT*Bva;~x}7t?2vdKf*8$VM9Tzc|SGd#nG7%8oe`K{p94o_2>qX{O5F~b)cu4H_NG2 z=O|Nar@R*DQFME~nyahxWnBO_akpw1Q)h2qqWs?twY&R~G`9?nL?t^w;|_VXNGK$i zEhUtmuEyp+N2);q?Ll|j{AtX;(CGQ`t55kN;&-xz7xsmS%mVUw>I>F=q54{rrh^0@ zA}!??-R{pt`ZRIkai1vxca)?$-IvDIc^(Gx-tW2ie&eeB0{JjWVr2Za!hFG=-v!6) zt9$FCjg|FrYQm3J&N`1_)4cGWKOQfAb|_Jr=u4mR7KQd=kItV_FSYqqDzwqckN#Uc z7yc1NKZCPYFG!|KTJykBqjz zbK)gie{OXsvAlyg^0!#GGCPCmbbt*loR@C>q>d14gu*ZJ8*+MK^1TSB$6zDbl2J^5!Ej9OjYw|sGN8N|u@OcaCv0b_4^a8J`X zQSCB0f5=%)LXwn&C4!0eJ!3T%0}HAd;wumLTgck4lkFD+yC$b?GrIW_pUF!fYnH8k zo}_jeuUpB$yzaWT-x(=Yqn-zM<{;0wIMZ&D2ystr_F~bEpH}< zf-;wQa?t^AMi?w=0({^FVnUJEQC`_A)(ENdKS7XX@hV>BsnbI?*(I?b@7fP7V#T{@ z<_W8Dv9%$);iV;Mulm}P`-O*D01?@c$cwkj9*pN#v-H2VoyYU9fo36!aVF86TbI}% zgLqLnS7t9d@x0CZo}ld}vU`=I%>qd*T22Ys(0r^@@eZu^&p#W?wQ;_sr>oba1|P&I4M zdtti#OP_3{MF5AQm++_5FWPS?P(CZ7gr3NTiif8&-qyD9`)o%3PlE1V3~QxNc zzwVu_4axu-<$MD`N#EfQr$zPtg;Qf@R3Y9oMD6o_nCp7-yCKaEO z4E(2*%D}_xpj>;Vm&1v3Umj_z-qkM1w)HZynNWiney{T$hBeP-zsf1{)CH#|Ch)|m z%!f#B@8~8IT4e%g!f|*8B47Gb(Vc2|K-QJ4llaA7mczT+=X%d9F`S?le85`dw$4lL<0_u|y=a8YBj}ueI)Teol1A z1M^SgjJ~jSr5S^4p~U}kzM+zRli9r;bcy248nUow^9T&~GyQb0bcoK~I?nnpj-HP# za0<+bx}Ey4OCgYD%PAGm9Fmga#=;PTC$H)6#kM<}UEKE#{3<+28TZASLdjzIr1ANH zXGEeD#kFG6CyLkiXoP29eb-&M*KPiMpIeS438w7lm4id+6&~LoXcZcJsG^cS_|G(! zZ}Qa7lo&bRx4?+gqP&Y!&@y2zzY)~0_mDp=mv*)<-2QEpS(~DZy3WD(@hqnEeG!MR zp$K}fqRr#)4a`ENAzWj@wds=)$Grg$&s*hb*pJdXyVUEG3vt_wSy**d_3X<8K{tlo zUt@kV)jgmvpbkskj$=W-Q){;7Bf_+^d=22IVkuCb<6Qosp54zp*#z4+RZ*cE%dcht zwkfyl!AAS3ndfmT7f#GZ^H)6%X&`l0s^6G5CRe{nPVMyPgz#@GJo*fPcI&6N%CdDS z1_l%K+MjIL@I2oB;T$1Lf1=5Ifc16tQlSyC%HKRVYnE#qqgW1w=gZJN`}TnYa-?|e zMtVtQQ)V~(&mh%_00_t=dOuNe{{lMVE7QybRPcX!%9ZzUJ00ssZ-574v2a#<5*(>ayVivoSo`}%%(dHeAnLZdK; zpg1Jz|OlnTE$5QcLm44<+-iWu;@|Cf!iP$n# zbA3@4$Yc?xH+x;4hqSQVVF2zQ8vXa|QY4Bg$PX@`4!QhH1_=xhx6AaaCpN@!X;rg0 z#zuBNynB`qAbkLg%e?3U^axaRkR11C+w3zMC%z!2z2Gn2?AlJvxIb}+yvd%a+aALB zQ@rTvdh9;#JQ)&H$AY74B<++)8ex#eDa^MpC^(h)sFV8po zpzmKV&A@WSJ8R*&zFNkJkuYAV@CrxNN#qkdWc0KB*#nqOd{)$Vv$gfO+!N_4%}@rT z_(^aj#oiVJX?J<0H-R$8v9*Vkq<;GquVHyS2uZ9j;~oN?KlQ#OA>G)6+4_4wENhsM z_;v*hv5k&BK?3?2o$NC#$}S^%y3=X4?gkplZD8F_dUzS1u0sK&lm05cdx8?gTd%d? z{CF^geTz}qLljJUE0ot8$ZfLK1&zhRim0y%n@Cz1wP+?CooJ0FdN_^NV|Bg^{u^Q^ z_jHZfEe3~SpC9sNvmdu7+kPl9cy^Ni8@0G)SD0m?fAQ1F)Kb>{PP=Kf3->u1(tZMt{L&!juXJ5sM(r%{7^K~c8o z%?+5HJF5&ob%x6C>wdxE!XXaM#KauT?Rcs>{sFAV0d6x|IDA9)`rOWxA^TT9Bl)*I zY1~Byg5>mkR2cEe zrJN4dpQ_wSDf<3KU_I`{_vJteWYpFaYmz9Q%foOt4e7JmjKaWw=|mn4yQ-;)IO7tC z#^(*(Q~u%o<4jZ+x%jZjtTM;v_HEMM3uMXiA^AZ**z7(0iGdVX!UC^%E>wCQlde7Tzn*W<&+=hM+q&8Kt`VeC&lgS;J>SZ-*1hRr-FPao+g1pL!d5 zUHy0ME}5;{CvUO5k87wMqTJp<# zemD-Vwn}DLCuT&fuiA@o?eKepIW>s;+c)TocYy+>dP98~zu*$I?TZlywY1E>DY$VdN6q@1Nki6w-46ags8;XpreObC*fJKn+$pe zVXx{wPXXX{sCXFJtaO@kUda=+-$uPt(>mtqpfk@~f7&ms6WdMo>kl1&qp_K((ruir z1A9;3o6EhvF_SO)J*c$6p$=X+4D(-iG<+}ZWd{2M?s*64N)oM9pu+JwxT+T+j8IGU ziU^l}sL>;D%gKr#4UY}as0r=6ZsO7#R$%WVfxc%Kh4hFXYmBkev?wbOV%hn znSWQd;=bt*3Sauebl_LV5^d8M;m{GmAsUWvX)hVsv6Y}13rGPG-B|{L)FKQj6=+Ht z+g+|H0WRo;3eOM@6~|gfGkN@MkX|XOOMJ_nCv}a;``5w{5(_=b)jK6!c3?3iZV$zN z=^&u1UH1rye(uAm-iOvi$l@x&r;pW}-k5)|>Qy$Uhh|Tmy)yUR0=%8n$FjZmADkIf zYZ&e#aP>y*g)kV#p+l!Hw_4NKrGA?r1!ciy4@jR%6W7>WjPJK6h0U;{PnX^w*ejIb ziadZkU#H`5oQ>6zi}^r6Qg+qVqolOS(P+N!0^tSYjbu>~XdC_ZS(xDS&ybr9g>td? z#F6PmaHRC?cuOI=si>9JOEIq60S4 zV&j&|9wfa$CJBO`X z@hd<*0w=BN1ZAABc;GFrM{OTPO?J?SI~u-Kll{Rz>5wd`hx)Tlq9k46Epu5PMdzTm zaQ#w=Jj~|akE9QqN-M{K%AO|Kuci!f3!Co{ zZsaXE!5@<-e~4^UdM^31JyO5FQZVFv(#L&8DIkR_)k%xqoV(sN4;{ADh0v2{!M)D& zUEr!+B|)M6*&M(8Z<}~Nk0p@;NKq` z^E=+=eZ+o(%xp82f;0yUt*{ByzwFR1G-P`^hVW-i9E2%{$)G^uPHSM*1G_0=@ z`*RM!j3d4|&C07VD`iL+-=-ILm=@|t>#INc`%#5yGt4Ts)t{^@a-Ru!PiPo|r>qy7 zf42_yvBr?>yYObnK4G)F9cvqZV@&ftwE(}oY1}*!sCIF+ds?G-RQ0JtPPw8z#P44x zz7#Ivb(CG-oRDKYsZj@sdX2aY)TM9xQwJ?+v0h5Yq@GiJ$hkHB#GhN1yuYI&l>0lv zu@iHFCT)xGnid~-hGlvsMJZ%14VqOA^6N{IApRQtRnVuGHSKHdE;<2uLuoA$ml&5n zCQQM&W#R10a(ba(80eMmhDTg*&W^mHCF2_;;`kKa+WvD?zSH>{9JTnR?x7yY zcq}XM0W!&LzXe0rT_&k(>3uJ_t#y7lL()mAM}0n|UQeU$T9*(=CgvisgYQb1`3bw< znr420cX*jzU4m6Lu;b^<99R)>2ySf+|*)Cmze2+HBiCDBP2HMQyoY!(7my z7+7zw0KSF^MZIs;hF-(3{Cs7ZI5xd`@>i&BqitR-uy@~qD4cRZJ#x_~I^5s_H3c$7 z3@hlRICA#$&SYiJL-IPGvjK#M4FtS63SkiUOF9^=>=k>+kJ7eMrzu{6H(`@{GDeLW znmoVX1Zn8kFplk0b6GXXA=fLg)SGO)*n^dE@UF&Ndi-~OK=R}5Q=Hr8x_sJ=R#m6b z!uk9+H=VK@&wcZLxd{`!v@1V6v07(yS#}Hay*lkJPGl~t-mf9JE4DfAtCXhQBLrFV zka^5E$X2_G*$Mi|>!s6fS}+NZ=+mG353!v|6u|I_!9#vqjt@ZsNN^G75JS9pezi(^ zPK+m54Vqn-8|~ngD)7<}JJR^a`MMp4e4jY@2~V_yYr)l8PtewDzKgH6YL909Mk@+A z4Ynh+tqOU}1AjQ*PXeHPR(qq?^C>{W98ZSlorJlF1{Sixa zyre0KU96FW1b~YN;6JJHD-E$V+>UlMOaDl^t}QjyF#1ZMAaE&4@2IppM37#jiBF%+ zWUX_O$*4&A%U5<89%Uvs&v9E2Y*or{HmOj5XL0GTEFBAhb?534RRCWjA4{1F)i6Ad z-96I{=Kc~_Uo{)|>38K4WYuR12#7}K7k!>%$dM+m@2xa$(40|1{0)>F&g$j>LUyUF z@#E6HP=!NLm?!iEeHzZjF5Up6t04NqM+QG{%0y-%0Vrr`{@D*yZWJGBQ5Wd^C<8gT z45CE%!tE|%gY1rD8qOzdb37yKr&2X1+K?I$CEa3cO{gvmZvfld9(_J!tHb8>Yf+yS z3F#a4O5?y@yT?Y{lN^pQ4Y@7~!^U^FdO}ckCeL?$-#g$Mv1oDYcigmmNPXU>ZkuPd zb5G()@BlWFKS|RLR4TOCe0kSKCR2fDY1_T)@!#H!hyV!o@U1Z4WUtQbt3opFTT%Il z;PasbsAAD2Dq#8g@s?3ue=Xj&k2vYqG|b`PYEr7+kA~!ZM}fVP;80u=%N{0J9PI%L zXu|f{KM1gzLbVycxM)vbrSdZrB45&3v6Jh5#67jymmu<7II3?$LF9|HeFehkj+ez( zo(IxB1!~NT5hqY{aW*f6^$$b$_^nzW~chT*1@s-l-r@n2Vzm z{oDoyWa+dLau#r-hGS^~oK}6VyY$PR1hkyUj%46Tk_6LvKOG0zhnQFsf^kuqT&Z~P z3EVmz5s>i=)$HX_$Wt|2a2AHyb-2eTi%l|}1}Uw+!8BQKLE0Kn=?c1Ob^q?|TY&We z3lV?M@5l8w_;6ql66g3%^;O9V)v~QS+y<-<0n?&*7)ilZStnlCh5Jh*n(c))Nqwwe zJ>=M!wwmA5j|5Emv>pEIJ460-vcp> zMRecx?3R~`g0X!y7xh;-Ec?DNM5g@u1Plc6X?Ts|HxRC}hMA{Fa;1FDV{Be|U-r0( zOVY7`dP>zIWS?8LrCQPrKCD&Kewo%#S>E;$KOFyuy3syk=r7DUquf4EEw}f3o=R1RQK;o?E(p6i06(CabOOuC*0-vtvT2YiGU}8EqzNMZ<@FJ$pWyVL1<7fnPG3gi5K-y z+0P|0` zl85F<=1h1$K1_Lq0PC}dbmx$J*7Se~BK=BjZF(^&O1KM|pOs7UDz1WhD8iDrSxwd` z{TIK-k=^RM9=2oW7$G`B!vgI!{U}T)|7V^&#o3=BjQ;HL-9U1j5wJ*-gSr zETcYQ?`&qbHYn(;%U!d=gJL)PLO2r~-mnPSm!c)`Y}%x)XgyyZR#)`0T2Wc0()acW zXG>i03%XZ$;|*PZD|Fim4;tHuSKDJecg#`^sL-c`A$mxJ#EL9|Rq%=ZFeEt!g- z-!=&glb3Beyv~c@7$mn`9oND`7ku>stnP36DEA>$6bA^Lsp4`1SdW;Gt216t zM)sSMD6H)XYPfl?oLuS^?V$+FR=ALgmPc?EJ2DEo58_w%C+LJIs1#h|lB;KRl$EWX z_Eb&XcTB_rVn%&0uh2BRPJ4M$+oqUA{9!KPRv>+YAN)$5yre}02v;{8;}#aIkclB&{v>~XQ$&s(V9YjqLfG<%5s*mC~Da~wR_ z!_KR=Xxtg1bTN>%`IkJrVm3YXHAE62(mjX49(H|`guTET8!&HkI9v{2oMDu)OAz0J z%=&tl&*`tYJ1r?xKJkI)Q|(9-mKxCHZi#lfG*Zeq+L>@47kuel*A^c$IWB;fTvE0Sc1&Fj+uQsUiT4ot+*02JLD$0~*_OMaL1+a==a(!J32*SgU zBkF>0|4BJ)I`=%p8t$Y&_WHRHF(1bG6^>N1?Wbee3E~#B#(xxVI1Q%J40OMnN!d6Q@;|oztHhYDrHi7 zINZZ*AOoBBBPXv=Nb~8$e{&@BPlh=0xYlvL2@5aV6bETPn8ayIp_~ZTjo%#`=Dq z_TdiAaz!avtk`1iW)xr6LTC-z#j+Jmag-M+d;#Ug)j_-;+Nd95(~5lJ&VsOTFL8>! zPo`P-yZ)4)rzds>UK>L0^k)aC#W}fLAx4D{GpAs)&RT79XTrIx)$#GZoIZwL(v&LM z?5WM9`*f}ccXc4Ogbz%dG`HJK-4~&T8Kz|$3>AvR^QVRBH3-d6m__PY`4AM==%P6Z z48XYz*cn#5mW~ODpEkcG+7@HQVswZuwoV?B&!(=pTWR zSLP@}6`w@)V7Ttv*Nv-x(|$TA&bq`t@pK1LB)TXBkH@D!yEV5k!GqaTlua7N78fN_e^&olH2n^$$DOw$+agt&1o=fmKNerI$J zxz}*vLjHAWl3io_laIG;hIXlLKA-QR9q7IVMBTkkKFK`&((zQ>~cJ&pv^o1y*)2N=sO&<3M7 z@*Lfn-masL%uE3?Mz6XM_UJL%G(-y*whr8@vYcaJT)ns#4;Fhb09!j9nC?jLgL%

QxVY*3x<8W(%zbB!s3>XQ+`fV?R|`gYRBrz;4aLcY zyc`L|7W}+vB}r^5e$wwipTsP4FY-_he=q5Pk~{;e^Ut{fcUiRP5f|Q};`ecF1T_Bd zDfsiAT)~*EpaC?x>27p@P;DAHP@`8KL6^afd*AJ!L}!BuGk%nme+W`?`k5K2gPec< z9gXvECUQtr&kI4eznkp&*SNdhP|~+thCATnxCB1y5tx1Sys(lc941%x%f5K{Ea^{O>W*ajwD%?U#~z%o>{o{R z>e+`Z>`ZL$@;2daT($_w(E(Sz=A{Sv=AJB8p7byYy{vauvTgUQUM;TQ>}QZ`WK7tW z-m9b7>pmM!OLWe0fbQYyrTKX6@$aGR@A~*WON5p@+I@GilT|)_=U?RzRd1KlAh;VW zTok3+*KM~6#Q9ShD~)CZ3pobF<*1pUWPledee{$^`bMrd_T`W0P5z9&&Uv}8Wp=Z( z-S36(K2Wqt@7!MZ=M6x!%2F(XOHii#ywv>p1JB-1vxTuLSBkX`Kz-hhHzYnMyk8ew zzx{*2dh|;+cxC=#U{3pb?XX&SycK)G%UhU6!Iy?PH}RRe{6e1Ytl1vp`@C$TK$ANA z27p25F82evLm{AN&doVo_L0$EVow~kgLB`5e_R@0@E`Iy^Jc(m(b}(XE=uM29@P(q zpF815ByF=9`3WFsXy!!bLm?0dB)`uZL4tbgb2pT0F;(Tc?yB{5c$y7Ke#|2GKB4&j ze8=y*gHtw$D@~iVvl`F+rIQ{P;&+W`=cw7~~>1SS-as!(x2=@`mF%M(Y zRcBtvL%oY~@EFsgd2~t#WMEkg;Z)#X;x^NN;&P9`;p_kSH)4BBb&ktu5_`s<8T6VE zf&V9*iT1{?vc$^T1H0dyuBWtmu*6+a_WfEWo~ds17Vn=vAZjdd9<@&4K68ZcGlP7f z+RK@`c*O$DDBZ1rKiK+VE%XpfGjOiI)zCbaePz24laRn6e$~@rTEAc5K42}PQW^MS@kpm0w zSazM-XZBF(xiKEO94eErzT(eLt3O$T*AI8$XKI|BIi-HPHhJS|ktb;75k-mgyvW2qv+k)ZlNOB|h5QKRWEW9Xn8 zK~tRfQ6NRN(5gsl=pgOASaH9jGDL6hrun@Eoc0}V;7OJ;Z6(8jGAZhF+r-eK@Yb8a zdy!kC5DG43U+?7?_Dz%*gjWwT-yYdS&LNDS>{@fekZg9nF&K#-IwZ8N_v#j3QAxuB z<8<_|^n1EV@N;Uni)WoLujKN&D&D0Qhk2SF^~MO_69g|R#a}p8*vu z+G`QTK(o1;Vd3U6YyW}x=kNGeu7=?)qkvz5J}-=iSD`ig;M8<45shp(*F_m^rZ?kR z8#xEZkpa@jKfP$k309n6-_~J!PHZ9kYR=P|w0DZWt;-?49A3j`y+pJhhCpzuL48E(8a~6S=kVLlh13aI zUN4oZ?mLc|0r2;RDjHXD5Ak)*H9JqURP|v8Hh1{IM5=1p@+V1z?fGy_YP#;4yLw3W zK}vykV!|Znj=9c5k)P}doA<_FwXxj3fObkd9fFjme7u_{gDVp~355H;`f$Y2B2Sg8 z`THQ9$neeMZ`d*KMao3UoIwA6-G_FqUaXjXD>OZtPh{{$OrA6S6Z<{|_=)lwJ&w{%n!29&F*FEP~Ps$R`GTsT?1!M(D$(1bk`Wcbm zU;Jk0P4q4RBkHfVw1`R#dz>67wV!sN4Ocfpqo--Fhd{asO4`IFIOAZh~95zvM_rmcx1ac;h$ zsX9;GpYx{H{rqS+uDOa(11s zj=7_Ed1+&22I|SjdQNz*NT1QU(Q3K%bhd7hEUz_3^e%1C#Gzf-5#Sd+bDGnIA|XDr zKRTQ(O$D?jo-Tb>XRnS>+{=a5e}_va=mca@gd)B^TCCX(Q`-J_Sm+=;xx_{&HFS>k zdhMl^ZxqH+XR4(S*ZdQq51Xyv(e6Qiu7$6%H3a5YE8{|3z5^}G@B9Pqtt9*% z{AD}u!v#T=7_NpAeOpH&G z4@^Xv;+4H+?s|IAUYl)w`TRmIK#jZN1I!;tCfxDQF9?MOq?IA|}X0*e| zkCI}5sTODZL^56maf_cb9SF1O9f$V;ngBnkdsq*zJr^m7kuO%+uwG&==4AQ|8B@(h zfQ-*Z;JNBuJYfCh;uu`Ve7e=-A|I|Hc<44MHAL%#=7YRk0s_nWgsP+(XyvRZXC=Y` zzW$9y5zW_O2p+@t)rLoqg6h!AIVe)fUvYxsMMyrUN(ufDYx-X*b2X*@kZC4y=0(86 z_^;MpeDAL=Un|kT2v3?1hv0T(v3&D!pBKYE9NB9EOp2zJpcO(j;0Sh!dbrvk=#Bu+ z9L(>0+TUL*`DjAIazKOm&ylP-2s-!57fM7H5|Z&XLx$1{Pv?7tKZ7m<9<{lp36~i; zg^wlKEA#yz0_0JAGe{H_wXX|1nIoK z#b3)^iG&J#E8R0U29#W1saqIRMcpbjI&~v0vvVIZS%r@;37q&KMoLL#7zfRYeaBINPi>|+$`bddXdY-?R&(GEi9NWe-L z(@%Q_wsQsQ3hzS|8?y7Rn7y7ON}u!MCI&R^M0g_eWs59oIqmtI9lVpruZ(=rglPN- z6^L=0f;AUvTTHPZ;Vn;aYAS1vgclMm9LKy0vel~OIlB%AmO`dUq9hv6en{-o8rYP?ue zU%U3wR6D^7_U_L2D(1d0dIwv`Ir=Qz7Z9tM(M$C!abb^9d1Y_NS5F=n>ap5d8@g^0 z*HD+aw+SZp7Z44tYSN|NWHh)|`e2m_U>5S0G%Z@l?P9m%l7G zU1D#p39QDC4?bZhqFl1E{PwO1vm0Q=Nh#rDy^5gAjNj}FM>CCZ>Y$|!G60;!3DBER zsMtYGPw_VOEi={fv$D78mr){20Yjj0wG%5vG=mO3RA*5p0Ryw$Z@cn*uYY=)9F* z9jUzPv#UL(^dW1>)a-6Cucrk9Fked??AH`&u-^a}eFsc`KWy0{TiLwS3b!_rTm`S< zk`DIg(5&A?Gf_QSQ`e4fG>lg?2V)0oDu2%>Rwt%Mrrms%$NqY39BeE~_IpDUYc}6y z=!4AF5z-uRmI?(wSNXD>%r?iDFxu(!sUM2w8bU{k|Ggm^R{B-SF~b zUlk~n`m$+J8MO}zs0`yzdU&B2t?qN$1(!@$jBu!Ec_2R9c-N_mJ;%uE@W$E!&U%4d z<{6$m!1dqEvzQ%Em!tYc6pfu^cBM=7;rzg5L4&7ZeQh6!+gg8%Lgf_39_3qfz0{v` zlqtJt1z$dpC^_D>-h|~Yg^Jb1(55W8_|qLHU{m0&lDk`=9)};?FkShO$ximf2NS`h zlJhOs^J8R9Y{EwS669}!blEZ{ZggMR+sP&b%k*X6AYP47wei$uLreF?b3LLw*S>QrDJV7B3R9%b zZz1L=01MdMV6B`KFsYxu@%!<-eV;)q^m;J(5pR{I@_EgWdQ=+wB`gQIDuk z+dTk-@1mVA1Qh>&4&tk=5`pL9#IxH-{YlX>iICU_n~NW6vo*!OkM_YN)l=I%eI_{* zjqp3Ppt7_1S$y1S56F)vnECwSl?c&*!rO~MrDxfffoDiw_9Z}LIqH}+cT1;pA4Ng; zlvsIix-FO7W3Z9~1+BzkQ9vg6JVDz-9nlDYvhQ_FA*w3lNCDjK(}vdFhn+^Z8ppgL zRznq#JRUCgz#72_0sh-V8oT&K*iEpQf|^oc_xyVM1BN>TY_=Y@2sNbg^zP!%?-bDo zMdX}Y|3-g}r2J7B{)ieZFkj^_nRTXfj>4^R3OhF@D8Sj)k|nm?ppI@{qE(#^Jku3oDffCOpIUTJb= zoc|_c8I09pw=eG z^NQ=TF;|toXp0VvRsOYX9$;n2jQFaax%@-kXy3_3vf;prc^POhIznoknuvdB(nK?# zeqO5%tsb%Dh|zk(jm&!Iqk<*Cu%4`TDjpXxo@oG+dS zHydg_UK%*<61O+{?1J4Nf6NH9x*BXR)ZP&a_Sf6v_p9?cmcTN7SadNqNMfuhZmHjG zUqeVpcE(f3-lXR~Y~V_6-^r^UL7lIXyTBTtnQ4W^E4O8h)`_$LbD^sM=rMA~1_iX2 zyjMl^K^-SD^rD2I00wcXA)zTqmvftm-@RT135iVEx0x^0y=#nE@h#jYp?q8*QzB== zu?ECKw=&@g^;Lw3II&LF&nMyT25l@HrV2d|>Gn)HS@fTj2`H1VEBfUFHE`#d=uQ_$ zhxYQ;lNaQ7r^EhLqa#LDt3e?&S3IK29ISjIjct7E@)bZ`7yk@D59RqCF;F9 zC+BnhglWWSpEz6WD8Ze|o|c+k=XUZwWf4UWx{D_{L)$TcnJqlBCTlY7*XJj*H+8V< z8ZsgSUWm0DR)HaR;lkS?{oVAc}Np>Ct~pc+rE)s>MaEg zY7{(V6^vG4eRwJCCsXEB>f|Q(a_fT|^K4{QHjjjrmS)R$S0 ztl=HM5GbXl=}9*%k<5wr`p9ltD!)q{7?=E_%@1hJekJ&H*}${2?ERKK7J+05D)Ovr zWU-n8Q?s4gD>nOBcmhfZ?geTsTK6z7_U=d~4mXIY9|?4&;m9K8wvp`j2X{W@FB2Hi zN59POzb;PB{!_2v!M6>w-OG8u!gXL#1wGGP^=A`c&@-O#WSH9@q=n8P5lhr(RpGPK zLs*V*2i_mckz$d2;Lz24Vh_nZq4cVc0!LT4@k%=OjU}7wX>mlNHX&MnXC?xw%%Wf1 zonSqgfh}I?SCC+?wz`>N)pc*?AGX@Mc3{HOA$@YagBKALeuhKjD8XE%%9$R z?+9ia>|wMfPsqr)oM8y;b1Z`nT6J(}0l3K^a7?nY;||Rod#}-fP-Z__g?@hb%T|J}bDvj~bT+)(J427$ zQ0THeGdgh9RZJW=JpHpGtA;ueud|md+P+}WKK^i(asjzeP4^Lcge6oLA3hf}Fd4Mf zDMOWXE*%X{9eyv7{w16jz{tId1*}1Q2}?7ZxLh_nWt0n0M64l5mD?YfJ$1#oSYM&} zeDd3#OxusKN$I>Kj}oeFXB1x^BwT9-u@*bDd4WFOPd?k8$HQ?ZyU+0mO${7ozb}m> zUyt2*zpg9vD)0+H$yP4@!O_Lq(-QF-z_N8St$q3Zp<_;<`e>x<>!*KDPcwb*mEMqa zqweDhtbU9ZS8jRmhT^_HHSn?KA57xK=@GVW-_n$$67sW&rR&^7#I z&-ha-@AGzwv|m(ZbsK)#%yI4$yj9S7Mh{SM$1P$BG1Zv!yajdkJp+Foqbjdnm7%-A zXQmK9`GZ>9VVEAi)I4u!4#8!YHD+jt0vfLOdsKS~Zc|X6%x4eSXGI#-RlPG5{bS~Q zKEJp76BL<~+_Esx?UH9x+`-zKj&aab^skUsT6CA?sz&K~A4$;?d(gF=Bg?wB_o*=D zI+vtqeA6){(gZtunR3zg1sa(B2-;BDPm0V>*(JgkhL6=W-N$IJMLotx62W)I&cGE7 zW^TSgwC+}>{!x&701CNi6sx6CAMLXRQ% z%X_5^%=qN39J{EkAsF0J_iLrXJ8E4m8^$au;d+`1_Tae%bAclqLF#`?(82}<|Ev=KZ3X=h z1^wk&F24b)lpU;UfZt@S%P*cW5y16LBbDk%6v9L6%?+oC1J}DHqdi1z7KH<*;cVs; zv4{0V>HY35=)$Adx6Am0l<X1fcGeIlKu=A~J_%bH9S2tX7d9BRWoV&<8PAi{ zTkxPefBl~1`e2SE7)$sy5_^#g&+7X+ouMjiEmSji@OtXe@ypL{Rj`@D_VJ3wi;*$J*XE+oe1dZ_&(r+ny%jUL&ExvM!Ru&DT5Qj zv{0q-wMWz%!KlYij*hi9(8+5;@Ma_Z<~F1E_=^DtV4P>AUgDE!6VYDP;_LK`E~0Rz zTsficq>{?z$wo`gJCR;LOdo~=Ah2Qt&9!3ZtnA-(O*Zu811^=4_z)6KfaBEU;|D9I z#gPK(-RTjS?*^?J#9!kwJ#;{@uvZnm#SoSQmV?%U&44vRGSCia5vjxk z7P^-jRG$a?FfjU0HN$VHe<6)UY`{uru)jQ*96j89#VF70O-MIwyBQvJ>iqDoXVXYC z56F(=Vl^vf>aS|8a3qI}Xn8su4Z8GN?yw%^OpDJxmO%Qua7_>0m_3rrD3`g&R|rCw z>p=y~#ch@rg>S=kIX!CbkA1j4e$w=*Qu9lM&)cxm@BnW!ZajS@7nOeBZU^->!kFV{ znDs9sXRuPKNegCjdt62fhP8$WTJ!n)h*9r)J$EBQn5VawtDuDP*^>j6*(OY8TgVpQ z+GpQ$!ffI<1l{5Q*>YEhPW`@j1h~yLm8DQv1e|i5pnW`}xA=RV+_o>QW#$gSyGykT z``A~@rS1+s`t|v5J|Vo};a8dJMePWo=Rq!^R2eOP#j+8CTSCpz;a3@yf95j~Gu)~C zHTCM=kK#`qKw02k{yQFKSvL!-^jntS=X(bOx_$P|xdIDwsQFcFqv>IO8}shESCbO; za2oFFzLq|rc>76OmoZ-iia*w>72q z99>AVl4{KkDtUl%)7M_Z3gT0hmjhHE&HjnGU7_ybF4yYnXBVe{atT`ig+k(v^3PA0 zaQiwc&?>V$`sw^4a2|qm7#__<7oZZK&JXozL^lA$_adNpjl_$Eq1!Wo)&DXXwjFo< zQo%l2mG;#fno7KO=zH?2dL#YCM@|;OT6}_XjU8yO+x4|CRrRLazn`Z);b$gZg1Q$& zJxGq+3K?e}gsaN<91_^%e$?)B-`cca3irc{Pq(PSaSInke^@#5C0R>J89JD@iN88bK9uA*T zf+GnK9Utu_JBRRl-nXZ?5!uxM>mEOU;1$39S%#pp)P6hJ&IENSBhs;8O?-sNT87$x zxItp*V&U-U1AyQeD)(FNLb1Bol;b6O-nZK0faxVK`=p@P89ecU!Qs;v)o9GP7nvo~ zS>d?m?8Sx3vOWjl<-GEJ8hlJ?FgNw4)vmQ^4v9w(QTAasSQd$#gzNMSO5js1$Ze{F zSNl7o_AOBOX4Y_W@2~>#8lgAV7NLuJ$i{d5bnokN1UAln4ENu5T*8kz@Z#YYv49q_ z$2}Dk7^i^;Y~aS)5Rg$+N&NBB{gyq6lB7>S=16@FUq({H`f}?Qq-uI|N1?*&nL;-Xbk3q^tvPH z1&*auORn6Pp&+kYiFj(P0?laU7De*eE-dxM55c?$rnD>(_v@xeHH|W1UN?xLMb%4m zj*if09Bcp+qJ9cG0qVhH86v`OW1b#!) zvwrx;8cJsKdibm)EPd5a<6qD6A%0WtzS3twP4x#SxTH?`n!i`ay%d^lKXs84;^dZ>Kn#jCT-0Tb*X*kF?WvueNuP~te2@@6TUsoMb{!rF|QKHn_ z!{G(ONHQ{g^>r?4Ay#R-8y(^KfKFcW^12sEKkbT%doP!2Bu2cw(e#3*G1V~+841^& zAJ9-a`$YLx z?y?;+L3hXy1zF4VTJ%4c#D^nav-CiAW?EO@easdVLY4krq%s||N6J;wyFX-f1Sa~P z5D(uNriJ70l|K=jznhFMEdXFlBrJQ3l|HuRPSTzXQHO^H5mxpqD>8F$Nur@3ns`jx zX}y0KWiy_YP&3}#x>)S~KD>Lxh{mO210VUD-2gvFu1^Z;gE0KFXfX@Sw@ql@HU%Ee zcm|Oo6BmC`W@dinex$iD)Zq{&9@?gYuqCB9L;2(%3wUK`NKEO^M`?$?{szxr$Wp1B z42E-6r+Yp<1{;U+Kp7FNN#*nFpFl5N@>w28hckX;0csA;EiYSwNi0$lZL6z8pIEQ( z0dFmu37d0f3v+f#_F;qnx=`nu3oUU!P^7<`g+@zNzBuUh@8T1-I7x?5 z`v~XP2ZE57livBKIp~Hehx5}sZL}Snx>)}+IQ+#ob}{}s((qLIjTes9hEn~MGLF0$ zZ(WKWPgvQxobgfxdS9)UV!YA&B75!Npjt(tC)&EkoOE$DDgL-8DFZPLzp4_Rdw3J8 zAWx0>HJ@2O0G@K#zIpi97%jimx=If;zDIlOrRqv1S@#ITn{vCopKF5H+&-&KP@};oT__Q-K|Du$A`=}CdnxAFocu=vhCPtX`gOB{G%4@RVOjan_L5UYravdb z``Z2pE5V1v*Njf?nO?~6C&}_{UkTP<`E%ci_5qZ|&YR{+gJksCU9}Kxz4ZXK6|i*k z;ICIG@CHIA@Q;#_3S%MU}tN zS*>6DQ+akB=c_Xkb;bZ=eS9+{>t55d^c|SxjxKu9v}USNK>_)?sZC#&o=et~s6yg+ zYfZbesrI_#$nc-5Wgi$7nW&W#lh*%-rv@?sVjsBl4)+g z41b2uPdZM&0DZn9YPj!Gp09$XAK$goAyZre(1*R}0P}+f%B+0&`RLV_FEK4ZJmdqS zBUA);jOKnNu$IR`tDmLc?#@1w5I;6Q5PUu6QHi$}da4+nDAOZ;&C46LLb0R{Y_kt} z<+xuv{05H2J{XjmS4~SC9?N{?hvWMKS6B>DNKgmf1a`SzHxJj_@*$H~h z<8X{5cl>PO;c(0~Ql~2D0X^RudFYA9#ejWL8eU22%3LV0<=z}lA(i4MC`Bl`YcJvg zrAtx$UF6#b@Si-9iPzukYp!SLr)?f}ra$!%76=vam1vUlM>vC%(00U+zVCm2!w2RI z_{S3)6OhW`H9MA_B|qWI;@s}VPkp%gu81M(hL?NOfVW1keTHVAu<}Xel8=@S*}%iP zPqaO)H|%#9oz3AhH{C`*)PcJLq;1_U%px2vFvf63_S&Ip@_WrJ!EUW9cS)Y_ zQ+OhV2frc(GarAnoy$Yo7sR9aESq(rbTo8z>PrX!qPbk2wf>pwlj~#Xg?{#ajAx?N z%_7YH08J(xGQV!10}wf%Na3{6dwd@KW3SCCsIc!le3G8n`yGm{X#Z5wau}uO#^v`# z-e26@TLy+GDFj3E(I1d19$y}%snu}RK1{QxnEvW)Av+4vH3rq;#6Q4Azd+d9ybchW z|0VZ9Kkviq0=2Yf*#c&l!-`|zU_YX;j0ic`?`ZY3J*xz;EZ~Fd}!h9 zD~w9!JmDUDdU4`U7^HVeM)~yp5=y(LBnL>6|eEZAW4A7 z>DhumL-who4}yaFuH_s6`u-701p_<0QQr z>>(WaNrv#e&{eH#(&bPP4^gXq_MS(~)_Lxj=%6sLFC}AN%8ilXItpw^}VvFoJ4S z&ML-~sY_?}Et!VQnZBiH!9KUPfYHa{0IQn1>M{duj*V^N%?SaD3p#iW^kbE z!eo9$Sq@*3C;bHj-Pgva#+jg|-v#_506|@Fa_kY^u!B+y32c%0SN;%>edO)4@delu zLu|Y(h0O!)H5pa{DcXTawF>}=HQ+Pm77kGg@7gZF7yU#M0=C|l$Wo}Mdu!Ucu4X3_>`$&wG+#xG`r|#y{?w2n@zD?00|sZOQ>m7 zd}b5!&hABnTUy{P2llAXd+kd~^xxD@Ld1*;3J6v+*LRT2BL;~(-x-zEb9eGQLKWog z?2cah@)4t0Fsxj#xBuv#)bj@T(%;)kzVK-xmD?Lul8^X0jNd^L$M1 zhEF7v(Msq(>@YW1GWOW%P9-M&3&zBUohbedUdI8i`UC$BL8s9ARg_=Ne0GJ2dFPFv zDqE>uW%wn?g66%}F#JHBWYr(xH+DDvbc;P(O9KSaM}fV3Ou740qWOIuExN$&t2!(f z=juDZV!K7zxRfzI5`FD^0_zpX&#PX{65X(ybZ{H!Vx6mol!m0dw-`LFh>%|Abq(!L zzSa8ot*-}PI`5PGNleALMKQ}2!|zqe`MY6r$n^0N&nLrvtw+!47Gqgp(~MqzcJ1l> z$wZ@8%~wzAiZCvvX6*ezLSlHk1uyeA%VPr(n;#8L4%DbeIbN7?SWa+bzK5k(we|w6 z;GuU@F5F@gIwPOpUE0=>x>kM^Zmdt$k3)jl(r49;IhdgKx)7-wxOL5WJ~_H{qCNVj-$zLahK(o z55eNTN9d$77cqhw_MO8f?!nB!K zY$0lQV1)uEHIOrtfWS~U@G$HV=Qljp&vb1LkEMfM+w^-DcLVhDa6Upfyu8^sSa1Hy z#8ho!&_8Dz-q%A>ri$dX-&U^9-|NIW<9^nGZ(_x~L6a`2fwtkDJvt_C9S7)kI&Z@G z<80x}^&=k4cVBRF=m-MxuHgPb56vme*lVM$>^sd(kAE-);#mWq$?AYuz;JS&+Nc zxgA`0J*s)b>+sX1lEJLH<#oczq$^adoB9-&(fcCd`CJW=b@&iW9pQBnP??_ELeA26 z<_mYj$S>E}<9c%pKA%so-ULp|>o1v*G$9-B9(EK1hUY1qeL|bM7z(%=LZi6&5sg#% zkGC5scR}kxSI*tG(MjKfIy%fSd_X>C8T%@EeFu|bboEJ%>FRLG)8pxJIfKZ{9=BuK zIiY4ees^gmlIwBlYQvHRXIH?BRsYaR_j-5W49MYNn9q$yr= zP>TD`XkMW9xHLq)tcAM!%Q}=`V!^;G_XfBFPjBlrC&$ZpyT8ZseYxaKaaHvWl=kWR zJ3gEOvaTKp;hfymMMYyLpXhV=cmjy;4DsWlhDWs1p|odEj_20^SC^gBD(## z3aDRZnoG`JX5qv`GF66B#@vq3GJ6-EY*m1Jl{Es_xJ3Q}!FsvdnZh0r0rqHv(9wnL ztqOsYCmUKfEK5vduS2I@Ue=aO$m6fp`1Mp8A=V;%53*c~gzDz$5t3{WF$Z)#>eCiyv`jAnV)lpyV>vrQo-3nd=?os7QihG*? z1-#oRLfRPUzKi8reC{%4du5P83N){EK3xzu*4vlJ_K@`LQG5Yrw@2^5yK3a`@VMLb z>yLO2MqK@f`jE4Rsp^P%L|}re8{_++en~x#*5V!PrR`47B0At}P%`<;WDhehK<|fU zI2n)(uv1*gx_5fI7D_OHIt^+ap2%B0wD*blIRiLg-^2T54)%NXyK`6(-_N2x{_tVg z?d}RSnI~hfy~JmtF&0~L;Ceqc2mL=WdYFgj*busb*kTlBQ@k@KLg~itNMXz)1Zo8Lt^B?O2lGOYi6~(f!I3 zWEOrD6z7-5I`GRaa91%Jyg^vq$jjQ``Mdut=3qQ6B?g^S0o(_ondLTDJNU8y2ya;n zz8(6VDw6J4HW(tt6Eft5e621E(@V<$0lW0)w16vD z_F?NU#)m2iZ`;_zCslp(xd(T^Tmq|zS@7`%ui-CWef^C|&t&}}1FjdJgn9eMs8M2D zKJ6+Gpnva=A4#BN_B2{DGoBWH?|13M3&HUyUfa=tD~Ujw4NntFjS%h*xsiYR8R5fH zrE!~tg8}TI1qFDpQb3y#nL`TPbf^ZW)I$(BX8K&d#k8)Mkh#;PWt?aU%szBYKRHN4 zJeM-0kYj%CUp3-*<}m2n`RY^TGkfTG>-D6s%VKlxaPO_d>)c#C+jbiMufBGbw+gKB z%TqYh75%M5#XYxcAe7tH9hBjFTE4wkVp$x0wv%p$1*=; z!?3@7j#lVRLbfc7qvO3NdTk{CF!vZNyW%w;#{MZ$GbJz zq&)AHdz=85N6v~WwlBBvA~5S%SDI_OULgWhxp~!37b)B``OzPQhBdg)Zso!L&(pUp zRp5cBeeql`+Zw0-wrSpvS~K@s*AYON<;^P6sTmP8lP1RvUmk?Rm)wYg1Jt#x;_D}uL76<` z7N6gn30Rq z7O*(+o$K_BQHQLMh2T7S2RA;ZBLL@DWZUacyM8*-p`L7P3!Dib2($@w0MYchm7V8PF z_)%1~iD*0);e$SA|#Gm?( z^dl?REm1qXfCD=mu0{(&kk|A82b!%3?XMH=S$`}l1KnE9TA>@$nQ5cfP@ddbx-@Y+ zUz&u$PI`6TH0Z@o-W^!0Ba{}~yA?m*!Ib9BFjaBA?j?akfm$rE$uLo7DtfV#68u3c zvB+=YBqVbI#_rFE-xR-K;@9n4m~gL3=AGOeDov?9$1YA$8!ftv*oW%!%5JOAkLji@ z*H1@XFDH8ciKhfrNJsTu`4E2SZ@jyn3A(emn*cA&7Gs^Kf1vdGKuQp#&S2nCSRc ze@}i`A8%XN-plnwRzfr*Lu&VHfA_@BsHQd@Z{Sw4?gK=;oHz<2#+|z5xt(>&M?r(# zm0v!E{!}%uhH{k=$7MUa69ZBvuim@%anG9S=0LEoy=J~lJ1FFm1-F~*%l!n#iq*&# z=?9234nKtmw_9aKyIE*L>Q>^r1YDTq%>u-f(M9IM>^S8|=X(h^cQ>LVQn9By#63>= zYkv)v2O|F1V?Hj`^;ZqF1S+q~VvX z;tX(pH+jk~;itU0RHL;XE#huoc;c}jeo%CAU}Ffg*Mkk|+{v(KI+d?v^=gcfC@U73 z|8A?`$f8`9-H!U~@2M4!CqvJ+qb~D9SmlOS^~d9tf?U0|LsizMb`WX0<-^*a>zDXp z5hV?Z&)O)do-J_+w0#eHcQz`rzyW$M)B0mGOZN`kYR8GpYSc;!D%69%{jlE1MW>+R z70LjPBHPi z5%t$Uy_O!?VJqiJTBfN8(^rHdu*0M{J9O>8w5G{xVF>OfI+$WN-@P9FF*tlc*KwVK zOumD-dtzQsmn%qK*S{1`1h?dC@vOX(ep87^3DK#$oEjiWr`A~fciw^>xBGY%nR5|Q zRPkhHb48i>2<=|{%|}C(zvn8jPRo1g9^O}fiI4jZ;bw95?sP+_XUw`kR5Z$dWHw}p z#hnDLgRD!4^g~#{L#IaMhxYF)pjE!^%b932ht`b%2*}K@i_)Fni?zJG`4(Ug6<#%W zAO8_$R}NBtLzd)sOvBdw3x5C$F%pOMQJ&A_j*0y^JhDJ<5aKlZ?~OZoZkf5m%rdfn z0%O`SqpgeU-9B?PNrU*Hw|9bqbMFA6)XDw0XFkaHPhXv~4H65dpWBLVc>F$IcZ$oCNLUEh%$cV) z)t{-)wY*mY>VQpaCx1MHGCyAFK9P1xdz=sY zaXf%`9c9yhv(MFYbRsF)cQW(&-Fz+>*b+p`h}{XC3b0k96$Swt)C_3h*Bx* zBAGexUg6qK8N21XU8Ee!V*nAY_6;`H;Rgcu`Il`!$k5<{vUCFl(ZLU!Lr-jIAzaJx ziz?0M0n)cNhAWn1VS7>Ua{=x2^^S>f|6G~o3T1L7Z}&c21NBnD+!c_zcl#G5mt##w z-nqYJ=aAq>%$+zKnFN><6R{*9^tT&#M1cyZ_=EYN*f13kk>wR__lce`#~dLeH*a@I z)7VfrZ&~sPw!Y}TvZ^KE8@;Qe3$0oFgpWcabRJr(IjBC7a-2IYCq zNR+BF5-MT7ke3%lec34G7@F+Q3LYbwqh~LUoC{U;Pd+lgUB|`;f$%?rIpjm8bc2i2 zS@J+yF*sO7T#X(o&mOr*b`T#aI3EYBu#ezjo7x`i@Wq$q3bLC5F|i}#!*R%`mBE|a zh|m98^y0CE!z(O`>0}4k#Cm)&fWS|X&$w=cf0OrZC2uBERHA3U^xhXZ?yoLw85Cl} z!yo870``1TcLRCcacTvJl6k3H>Z7EPmv{tHRu!f1K!P{Uj3UooJi}2{0XJJeoK6d5 zhC)ehu zVX@T{vNB}f=7I;I=Z>^*jp`#L-oTS33d+yj3!hUC|8p@AAFn^CL#unz%b2iq`YHPk zmBybRSMHdt3DfIGdUYXAs?yBiB2R)^(TAF$!FH6rZod`InyPuZ!Fi7xu$ouLORiT0 zEncc}`95nd%IoDjqGU80wf0(4eFi;?&(+%l;@5`22`?2YBEEFWgZL>%Xj^SwrIoQ4 zQP;U^EZ>{EI`G79{lk0uxcxY&3KXPKRW)3XCowMyfY0$~yG=c2QY5+O%a7ss@umix z{39(jDh1nfPY^+psrD7>XK3dJ;phiBb1CmRkT&DYE}VP4zL5#xhG)j#tG$1(?%-C; zzL9(S^7I{4S{cxb@_PPlkEWUcz&?HM`U*}|@$&B4JoF@I%}INBEL zsl6>)mQ-E-E3r`r4x*eK^g*u16*c6mD&KFow>E@3r6Pqy0@;+J_^16f`l8@UD8*mQ z?HJ`4BqIuzh8WBu_(FbJe2`cg5dnS34>u1qD|;dCZEFyQ-=3CCS>5B- z_M|TorLX&65tZzA7Oz>nYp}6ZtkE;yEX!_MiD7oWj|4+>^X&$GANaSQ-m!T+4fZPr z_7nIuV32?zLx|s$Rx}A#(=yXv6{-a^aQA`C=7ZtdN8)O2dDD8aJXKLPd!y2c)O$`6 z6T!4tJzNgoEXP6~CunM$mJHeN${+0z^$c|zqVgU#VA**QI1(9X#N*_>qyv{EKK+uy zm)&`57)AgF`LPPe`&o&p5AbxaXQk{%Qq^Ie*Wc&jzkzXo-yZXOOAe!YP?$PW{Woll z`F>wjvGj38uz42?X-UfXa4~d|KEXNO=f`O@4-0+u@&15oUqRue{Lp4$!u}4fs>w@u(*a zgau>)b;3UZqw}o&^gnapoC=$MAGy*D!0TfF%vXC;Kf=%UOLxe|kgeAciV?6OZx;1^ zLAt=R2WmZYSfMKVg6P_t7micX(mNJ!2c&u-6t71)z<@ECk-U)0qdm+i(Hk{eM411Y zzN_{S6YidWDpP48GXNr6%&{;rH7KKCw+8eboiNgg{XYsiJRp2e{no`&5VO7mCgW~F zm&DjX870v9r5DJ`ZrCnN_~{pZS|8&^ON!cR2Ps$gAtX@A+bUw_Vv;U828Z(TKA@L* zw`CG!w;pQ%^qlehU`a=#3y3hV=XPS7+?I-hE}wrvC9ow56gZerWE;yJ;fV%=7J0Us zL&exx{(UjBi~LVUz?Dh=6U6D2uK0i-fFpLFfF^S_e&hjI`(o6Un<0suVK_xOiQWv! z-=(jz?@WQJ(ND`*GN`uN1OABi%)HFb$39W$jV*E?krp`(_SmX@~D zxmcmnhZuGu<~fUJq-qU~{^!oH;MIKCNPcVwCEQOb=|v^^`Uk zjcLKse0~^@KXPpbo_Rn1Aa#9DPIu+aVmM%AsG($*N4nG@dz)v<)9N1=9`k}3Jgd}? z?c+xixPAUtlIVw3Voz&&JMC<&)Fcik-2NO3h)VRJ9>Mnh4?u3Yp(JyAts0CO5{buaN$P z$Q9N*w!rezujm~)j%IuQm5HR<3_C4Gqw|`9KawTZ zAX5_j8{&bPv^8~y;KNbcICplV0R{8*cIvat1XYIe-dh)T43@GWHI6|}Z+2tpQ9*D# zDfi~IYny@6;~4`_3ob9h?38^TVI<0Txm{8CfhsjUulD@XpLfjsv@Q z3P`3TU!l8Zmm+kpVZfGC4}`EIs$IX7{CKLBi)D>0@62p@2cjlx-+{ANK(bcaA&h0o zZ&%O^Q-`~hINy}gt-w1Oy$l-%p1@~kXamAcp-6!S&5sED-@I-GH;oSa4Ap5aG8M{X zxs;#u0|8&Teg|tA z{_Hf(LrD!;c_&Bj57+L>!}UTV%>UiN0;!j9HC|eFl$f`&O56<89W)a^GNg41{Us9 zHF8uS&F+ONcqKTXf*Sh^X+8XD?wUC$x`jGRC&ri(@~+3?nest)M$rYt>agJw+SvtVWrE^)r6;kq@~5OMqK5?V$_27K^*MQ{WmCji&g#IwCe!}@CB zp1hoU$Q>P6FY|o;Oy?9rLYQ;SuQ_0qQBd>aOUw#0=r?O3)MtcP$DHxI6o{`k(-^m= z46a3hvv5#J9Aa)@&T4@y4B#A39M zkDAvcSW%=JavQOD6s5J6FNm^Ifyxz~58xo!K)7C32)lkJlF^-~MG4MQc}OX(2oRV| zy-#MJu17>BQM+&x_%r04+|$mosm38KDx8I7sh?G%d`V}(k4QWV()zSWZXYv`$VmI( zK0CINiZvcbUF`yU=Dlz0Qi!^S+T=XQ1wIln%)FgqzCC238#^x7K(P@5T=|ev?ty5i zg>plduv(WwUw!QgnP@0Bo^sr~y8D|qt6D=KTS?eW14i}j9mp<0pQ^s}ma!$x-WkPH z|I98VlPO*KEI#unZ6o#<tr6Ny?63-oaU#8wOGnnE5xRl^)3z z|DZn+pr}^JsN=i}h(UI3QJSQe5#?iY=}QVs$5Z%KV0#5rKPO$fjdm#3nKo+LEQ~3; zxc#|h^jIu*@qnwLfMg0d1^^zFL*K}MK##Hjgb6q!mGqrb1Zw~NK2rfdo9+7jGL*jU zd>L9m>8i_y>I2$?O!M2lGfGzZtBrnZV>&TKo2*65AgD>7I`1IEjNjyD!Eb3=fIa$( zxmNTa3}I&3_xUb8XP*boZ`+dwuLSK}s@c{;MvMTPVUEo^?>`X2WB# z{8_eZeSRs)qNO~{r}|GlEpFW$vH=LMA5EGn6%0k2U#3M4fGU7t&1 zhw>Aj`Cb|+OgrlS4mGx3z@~@Y`pKhnsY@k#dCJj>em8@@W>2ZfUF^u>xUb(@X! zsOXWB?4fGQzH=T}QS9*nXej$2BhEt0gaSLdNKimzz#x zatnt2BYl(7s4FNRi}#~=h8Nt!xv{RYQJ_Ih=0etuPN zeP3{^kK5e%~? zaryXMK*2(zsDT3jSHP(-8B<;I%Ktg$e=#gJFgOKj!{S!(Z&VG5=QXXn9RgO*^ksmD zB&=0{`GF1eRn0&p8o3qxJi(Xypg|h#Y#^2pw{t#A+vQ=L=6YF&xLrFib6C>r+QsMX z*gvD{YA+TC(TYgI!<);Oya>i1R&R&Qp(BkRSYG|KFvcyEnBq>)+wIX0IULO?%9p{C z&zb0g1={txCj-9y$C(Fhsqea=dw9#k^w`Ghl0M=ot`^x6b$8MZGL7{8qXa#{!)ia? zv|S(G^cQf%y7*bWdomn1HU4h!0w;c5U|>}}Er!^5tYoNc zFNZR^nWX^RdhA}zQ;-xNl7{b1AK$@H^LcTWBR;=(m~+`jP#U_Q98FhZ#Z5 z788%Kb%##kmvu*N$Gs35jrU=*)71juiM`-hpRy(jr0D0zNoESv8D006=hfU$svSRR zoM7PdJ-?y{8oO_Nk4TFgYQWKIDQ(64P+P_niBxQGBrMwb%%}Zowz;vqu?_mCQ5wlm8U-^?F=+val4M^zW9Q8_rvdohF!thCQkrVCC3+|XGvxG zlN*s>AASr?HK(c|@INpS;D2oOetwOJ{ezBxaG8DeinZs;8k~|-C45vpiPJk zGO6)*iApv_Vwpg!%3a`TUon=}x5xrMK`eqvFGJ=CGd1!|Xz^mW&v zeqORe-=3XyyN=Hj$eOmwE|NAn3Bz{159VFiyMN+3iMUz`=UInz0q?=?BzLV6u2iT^E`^U} z3ilgtELhJF33oN>v)GmL+f<9WB9kvJTR-0(Vs?BiJ!@RjM|tR@*t^;4NP64d1QCtL z?Jma+3m}xyq{c;l$B!O5&<`|@Ic+psqsVDGR!02T6uZkr`w1A|h}xwOAUh6p1Mgpj znIaH^CfB~XJ$QZ(!q0mocE1QJh>cM8Q^T_n4K1`W7soKC9uxEdcauISmfo?mMj_s0GPH}CjSZ{wX2 z=R1TK>(dH0Bl<#tbZ2hm8kzR`i*(hbf*VRK?e#l{sF2HsKHJ7b~$o(H9FP?O}eds%m^E|+4c+~?)i(_^p`K& zX70d8`k+_jkr^~=Si=*QUj3!gAll?_4XUoudUm6`UnkkSdh-0eAXkLviiu6Mi?cR{ z_yA6=2lxb7t+3PreGGJtJU0k?KK)?@bdsM5cVTbSYy6A$*&#sx#4ZeX7fi|m+-@wS zmWe`aVwSjl5vuw2M>KPJtIz$L@{!{1hOq@FfR}MPk;OK%m}x5epoM}v^b-n?@(8L| z86T_5=ONUuPm^Un%6l(os~-|wSRGxoXTt|6VewKq!T#MeUY$pEVcm1=8SJRJ6hF^J#d@(? zvxW*%Z#YxetZQmSKA!D7a7Z$3P5pIz_YxBaRteUHxC5`X)kDo89r}EEGTQ3}Lb|Wl zoy<$J@6{aB41yBnhfq+V@R^sS@d+L{xfbH@fyHL6jad15D zi!MXO+yWWgij=YXMXjoq`9&wYkL8pe7d>2lrvCB+{`Usy!?!(o#jgCwym!iwRoV3? z;=h;WvVd=oy{)@1%7m`Qx9n_6gk}tsEuF%d9ANfHgamOf^V|ob2!Sn7ypYG#q;(Nn zKZcBXNj*P6z~i>76xIJC4fT>Zv=5x>o(r{-*`0weOrTj3?%v0?&L^)dWNs)_njIx8 z#9}-x!R~XGt?rb;mr=#nE`14r1||LjfmUOpmo zM?{Ga#P&rm+3WBnZnT;pD-OQK-w6!JZP*R%5{ zY<6O|1$N$ZaW`4SNQy`h5L~|;F!yg>-*u!Y) zW&qe<(B$a;*xT%ZcybcNP=B^{Py>TJGBM>g^pwc1W>#|_W+O1X3mR3U)u;IgMGgbP zbRM4q5(WR4|?Dd`MvoMMZ?yyh!dx`F5ET1W`M&Sf>7x6hOLb(nmciSMueGV~8({2EMUZHez6VLB zKNnQB?#J7k^@Q`M#0Wuz%HfR#{hhirMeVEX;FHH% z0rANB77ME&QuY+0o0ART`WP3EsZ;LfBF2Lz}#9>1c4 z5B}rSg5v`;UjBs?&yp+h3k2GXa~+T7L+)pU*GKI9Tz6QV^5QA%chU$;;1RE|^73 zhowrgTEb6Yc4Y+O&~qq5L*{tAG>aCKnTA>dgOwxr{cB3bmX#fVdpwzjqd)8f9$5Z> z@iWe~qJ7&yZyWGK+diZ$cS^9ST(HyKZEN6Fl_vFL2X65Mm{%dL*i4a?v{#Db>Pp#& z`!Fp#YecBp;O>Y_w+qZv= z{Al$$eT&bh(f?dWejJpKE-x30LtR#{QuSNYA~MuVZHw_hu8b-I)RpgJk+vV8G7lYY(8jW5ew0i7K!5! zr|}Me-}@^Vm^|1kJ$~I4Qo|0*kNR60OWCypbzedMW#YCeSf*pWUIRP-iyGH~vg)i| z-9~8EIl*)1&WL~PTRM4@F#_Mp^kn%m5bLWZ@!wmOuANIPu!$w{xghV#RL-CDJ~CT= zwbDAOV>#9@#|Y00Fky=QnC%VF{CdWU3#LXf_o&zd42Vdh5ig zK^D^l^@+VxU&iH2#ns42lty342EPkK|NyIg!DNr}|1TFkfaMjVItp;V~q_j)Pyf;@@! zYtH^I=bE1-bY0{707ch!F3m$}(Wi4+H_DAH!*M_6DAmMl*2ffM3kDaV2hN7Q%T9sV ztKN9>87qoa?k_b;ppCb7X|sdxOz zLMMQ7d~>ANys$PHP+}{{TqsVYIXLk*6{x|=Q06EF`K?BL?CT4#R02YF$>bl#Y1;Ap zu}mQR5U<*0RY@asAIAS_-3MnP59Lyi1d+`kyAb^MW&e3$G6gVevzci|`vEvj`q@$rbs-sUFxzV|k&i4I2hz+>>XbXZyX73G4 zq`t8)(GQTD5<2q+K;#RFTvS+s-s4(=T>(2*Z2H$@IfUPwv!bSV_^gbyDDY#QJ(EU% z^TQ{+=~wy9PM;Hrs^W)YN|a&TkALx1h4Bu}C3%W6l8t=2UG5SF{)H@(bv*b_-4A3q8J|1L)#kExXXu|2A?$EJU zf#Y#@HpqgrhdR_&sS$~UyTk6LuO?>m>RkwfqtJ}~p-JYc17U52`jfM_)6|J6QHo8} znSktp9z13&2_i9|_bCrg<-Hej2zUtQ7vb~L+ztI6Qspc23FWZ#TPdO-xOSz|3F659 zPnT{7(AE^Ay8GnIr+L_#BduN)3{lpQc{LMA z*32q|{%BV#}SbMk(F76NH;T=0-6s-hn!_#JDxEs4i-SRO9h zO-dR%FolY09y@sl5AW?0(;7pFS!sevbsdgT`l(my-OaEb&Q82RqM=tgA_&rTt}(pz z;=SLQzjsP&wjq|=`@}wRc@hf*uVdpcov|}6Qo;RY5@iIyl*RZ%b%RrqT4I6n=Dr3i%z_N|W%O zFU(id>81Ts`3U%dmhwKk<|0zjT~r{U@&I&7@T{}#1@YdbP(G$)Gx0CsMxlKme z=|_x3GD$f+5mV9S>)gme8$7;p<=Ln2D~6FIM$`gLnyne>ew&Mkec9 zmWG>RmSk>Wd;0HtUiN?dqAic~DVB25!#a}pBgDiP$ zy)GAGro9L8(r(4pR+yB{Yw|1A)2H^okAsW?c&+tNnyMsxBbi~V7o_(Du#cZWp^t@v z@b2wS101?_)_gkUze2@Rt1;Vt3Q^Tr($2CguC^%SVrE5=Iltgdf%sF!9SnHae8#$z zOytKR<>WMu$q5=AOe6^Z>O1wcS0duo?>N@xY>~R*^9g#R2mEd&GI_0=PQ3k-Xk+c7 z`oHV(p{5`Z^!omZ@}A~ZM*`TflYKe>ZS(JLgIeaVdrH3@$anA1ydGo-Q2HoOxGO`^ zjG-MhAio0>kC^X~QmIt8$pOEjxtNE%tl zpl9A@k3Gw}UU)=}_C#?2n3l}W_!5&b?pfK(KHORM1RyGJBNIT}%(zdWAIjRD|2P4O zp48|Lsx;+>@(Wd+X)({!6TW=|e~9e7wof`pH(qY5WRl^|$eC6w$x~e_N;^VYhQMOY znm^|*2M8(kSRD@imdzoP*8IR;-3h8aN_Y0sOOaHB(sFYce@NQX{06z@#{DaTx zVUh!6W?hCjArZ&EJ2HG)1l&%2y_G|XB0bG#eA+#sen=j{X5;ebl$Xo?08Li!-J7My zVBO{4f%BG10PizKN<&k5RwO+Dm9Nw1Ngcim8M|Z<_%=i+p9LA-|KRaQSIN!<0fUpVThle4 z9&ml(*EwI)vqMD}(FY21Ufk>GY~lU%rA-4gJy+MBA0bGy$tKDK_U)e?WYhn9?86131jnagG9Ukgf3}4Cf&&NszTfqu zH2xYnL}kO2#|yk=3AHBm6kEjGd)~n9ym|pI`;8EKcOL|(V40TMtUbTZi2VFJ+lm!o z`1aLXEaDmdz6Y4r9gx>q-gnXXi1d(01WiENt@b~CE*>9>&siaVNtz6qvOIAP9Wg+W zVDcv>s}f?#MEfmeS7u7OZ!lfSKE2bKs1)z14-H&y$FilKV!J-`p(#%*Jr zDHj>w(%rfrnWe3@{)Z)u57FIQW??cs7%pXMqxn7y($R?7GkSXdlfOWKyx*n!|gsuO}_Q_^=ujGy}a_E-mEC`+9e7PhhMR3Y`lM|E>>5Q-x+l z0YG0{ClIsJa8W}!-YYdX1LEwxUs~0!)h(BDM6NB-=oSfngkRvRo_+wi-o5f<&v}31 zx{Cp75i-a8CNh{Cq^;fXuSV$3kumRoi`|oUDo^!M?B8|k#SpGI{Am1A5#t&b*s6!h*?bX$BVrCSZ-r0$^` z#Ma8eh?E=9hr@})Wc2telQ4-AM7!J9kN4aC9Kt3e8G)_+!P+0ycIiC|v?MbP@LzCT ze@V&KW4606ZQs+>Z+ zVd4Af>R!n#5Tp)}$@ufs$y728TMmhOd0b3E5;mt?3hu#+R%b(?&`a3PS$3`(n)FRD z*dGD|R3{Y&V(L&Zgvri?+kklND|zkbeF(2c5wiT1+Y`<^g70h2L z4d6a~4qr;$GkccrI9#lF74-vXCIqqmC%3Z&ALlz_;a`u5{f6#sFHKw+85}s^_5yn= z!$A`cyE;e3VO)mN{t+8Q1IygoQ+|AQE20o%na2lp`Wsjmq{NgV-6|P5c=#WK+ z%5~tLr4duzO<-GoKiT@hUt~GSBcDY*bt}u|DPEWpwBn@8Po9fC&DwI?EPm&8){n&h zG9gQl(%FXPQ~ejVc5;0<{|p-13&ScuQS@MGbK^-t-@bhzkFr`jR+)SH!{(-)el@Qcp#H z=_DOQ24tC0Ti-eQ{)OuqJHz4`WPdc~pyT4-hF@|twW`_{rmoM^uHc%UIckSJA563O zuIxp7Dd~0ZX$M_h*B2R=_+fC9;kj5$w{G5jJlh!&>rv$wJ)Q7WDvx>Gl&KIH!n^6u$aavHNPwdh`&K@J;Ep+euh3{_c}9ro6*)wnl`Slb z$d_BJ4%@NPn?qP6f58$2APVZ4>sL{{UN^zE&AjQRw;)IADQyvha?Dz!61S{c;*zmyLor?I|QF?X0;o#?5YI=1>)??yWD9`m9pFISsoJUJ>TV%tq$5=My6%~ z_~PcgzpMKVcj0m>ef#C7U(E@065l{w>>$K53i`a!SE{XM7Sf>X#Qm~8FzXime7!FRKSSZ?)n|_W4s+5mL0H;w!LKH<*r^XLi(+k*o zE`F&Ti)8NVR#cUc)&2q~?CrAKNh+gzo5+8LX>uVXh-2u}w1C*{{JTxj{Ua2QI~hmv zHln?08a!8BH#i-Olb}2-!E-YIR<=v6-u1nBMAQ@q?g7c-7t`r5a@6A^l6IH6U>uWy zYHRteeUxLAV3L6y0FU}xC+F5#(n5zsljR9pYU?b?r0S3Boml$GLF0_hk0sKH~QT+F!`}iX>5?zFQ?% z?5dYl_$|z46iPWUI#tfm5wzZAVH1HT^{N!I*c5G&X>T(>Pi;h=No>E^XNAFmk6wYX zK4;xMG$@zr-=?5lKzVlgx<9IzNf#=biP@~mY6QoQcOLsaTP!ce`|K9q{&4$>ZQL>h z$){-qb4AVcZlV6hU>R9Ko_hD~eA&-W)u7cR4k1pM**xlf-WQE@zG3b1C$c4H_8Q@y zum$hH+&=kfnLhgj>8jb}`Cj);r+J=@;pqQ?&4@ILNf>lZq!;=E$eMPUaJR(xs80v> z$~@2A+=p{~tH?BeoIW@PD2;q~H@lf?&RiH5dzd$s*RK72W#OlolP*6BM7Qc!sU;R4 zrsQqeyZ!qp(dTLA~v*~C4WV6_nSOj&@WB#uzbLq648xCG*CbpMh`WaX41wNX@+0T6T6>XR?S7? z+h7Mz-aUR3x9~~c8F5GDl*s8ITqtYBb&da~A{?i_YgzP2_a?6LL3H1jG9bPzIiQ^j z;v_vlB>$)4z5i|D3(^c*LzA}Pei3tWw@G0%!I7F!CHuuQ`=ULO zaRZlIUCOPljlS z(k7k1=V|j7go1I1gMa^X+b3y)5*1E~RNlGRaw#A^qJBV_<~J?YrqqAtqbWFKPf4o_ zxjbB03Y~!5wRgXgZaSIA&zYtIxy(MG?CH0Qob&3nD7qxPV*mSGlln9D;GXaoyy<83 zXHf;PhP}_}ZvBYw!-YMw3*xd~cZ`WKqQ&1&{cK}2&<>a`prs*=0lq%d&pn1Rvh_!( zDX$OoEA#RaPERs$BbwaV`N6cAN1Tx-#uT~Hh~1h?Yh60|m~}#OrB(UNljkX)9Cwlt z5H%US7bfx*vST*U?- z54)+FzalODD>#?iA7x>w#z&RZ^8Nb1~`o(FoZ=7&4j?>TdtAL3AT^mgMS2 zBmQph69W9Zb99zd1W`b&w(e{37oq+rMbgo^*R{ROLUs+%Jx$-e4UKxeG$`0xxOs~_ z($^If!UDy>?aIUMQ@;+k`vOh9Z?)McGQr%&XZk%KZ#UvCUXmDu2Z#J7%%?x(9Eyp5 zG%;}}`MhzuTu#V~SZVZ+`D{UoyuF~d{ujCI9=vbW$t&S8A;ett!b! ztiU!~gEy(W$`R4%026$A`2!6*_VJeqXPp$i&t_8MT5hYyP_)fyp42>@IbGdtl z9K^01M+rq04G+QTQXl3MyRPEqp~W=~gpu|)v-+LL2(Cu0U;CyaQ$}p zY!@!+Y)(H+P}5cx%wjM%wce$L5i`CY8!6IMxpn$>>vP6AEVg%8^<}@D4)2*AoayR! zls8rpGfCs|4$(vQ?$v_G-K!KIbh5^J*dqya1T!y)afX?vPoLb#o0{F%o6Wq$8rguT z9^MY?njXwS)IYzYvU*^$=)IqYcPcs6)G5@=)XzfgC^W@8Az1?`QVY<+zssR+YBz1H zH!}{VPM`OH1u9P2@t@#DVX6#XOE>s#oqz0x3DjXZ5G-bnKy#yy_T}EZzi9N9@)7Eu z!?uc`1)BEwW@xYDe0BJ(2MdHx8+LSwB$hSmfQx$>zcW#?`==x+KOLdAk-oB!<}y{d z_iS=~Pwk^%BFcenh~{lFT2Z*|{(e|S;u)CfmQK3iWEviR@^;ww~O{nX*Wyfo3{tSJRQgN|Xa@iNMWZWMYT_hHwySb7-V#k$A0b0r`I~qx$SEBfIe|EX%l)rLVTd}tnTs9z z&?!LddJTQNI_`EqLnrD&LLCrVs1vY+1z`_!f$+2%Y&2Z^mw_8ZcpSJ(Dzr59>_%zE#(rB6_Fn{s+F-xgt4`o8Gg0^7#k?* zWmS#F2lqLuDiP0zj*`o}9E9(}6QLHE!q6MuCD2JrfH4g*HOFr~E??e6)Clo(+Q6}_xG9f%Gz39-1)_+M z0vwG9>xg^dHW#jT-?!pxaQoYYJsgV-B8PJgK-UXnbM<|R?r`x^Qx}=9VqOF`&SsU4 z?(BXd8W2vG?l$ai^Yc`k^x6ZEjqpA8rHx~%{=Dsq(f`3E-vE+bpNb7V=0x3WhkWHR z39d_0&#}zK9`6|veL;f+`g+`%PXO-O>E#0+7X~JRhdH5nbs}d%6v0x)=gb7XnQU5A7WQk(190?2$BlVWi8?HuSX-=~dKMbf(S#cqicfdDM zvN~69@DDmg!_8zsJs93xj%N7-H8+oEn&0p>>{;|)ldDm+aSMUu{X!|`-i zBZ|?UfhH1pj|%w~40c(IdMGe#E4i^i1yQjYr%rpwU-CMxWA(il;lX~SWtkmM@`{ich#( zJI8iIFPEi0A%UEx}Y=10j^;G0FgL%d4JYob{?X>2fr!nbbUmBhvveDE(?h z?V@z9uvG4-{(5PR+7DgV6O5fseC;7nh(j8 z1z}M!`KFvArcKneD)oe3rBvk!li-)Prf&=!rC;y(dQt3YIN4`XulJl4d;#7E!T#`T z%CVqmVOYlNlnHzZ;R9taW(*(W*atiz<2!<8le?QgmEfv{F4xe;Lx4Bm$%jMY`f84B z%*Z@gD#!lbjE;X)Co#w3upHq^dFAT)(ViXhw@KR13UG%}SZe^8-V!?bsj=^}8y)pupfrd4ry533^pA+spHctcG5dHV7HafmF z2iC(Gn@RUWho5Ta0xpGDS`8TdD`9i4>^OLqcbaY5`mI^!i>5v~_tbR}%*2Kb1F?GY zL^|A>|K#YeY^-94XbXEZDR-8 z@Zu!-$@@p&ve#fF2UF=CoqLc?y$zuoL>MA`gvUUA#h-#+M~u_KevY+@qEp7JEUu50KhO!4suDsI zjtLI_5!w{-@If6)+)KL^%y`y7QU#N_Ge%AAC(tugc#Qt;)gz~DKn0P!o4Jv7@79na zhkoc248W4D=K0+C{lP@5&L{u*0Rl z&iiNjRIStLTZE9;;)mXV>=u3f+mcE-wT$C4eSPIe9r$mNYm+EUU{t4`oN4p(;2>eL zA2YG{cp1*#bacEgVz`qy5G+FraQ3^&X=&zJ=hd&fM4-_p6%6sCNmMCG>W4bn|cau@X zE*zxsTh#2GsK{{PCmuQbLVz_VChOq%7`PAkmS4^TCYD)7?sHiv2~

3B@ieNNO&D zR4l}YwW%)+3)Rzm`+69AP3hS~H#@#l!=YB&t3bo!Jus>C^%xN;GH3$*+~-Qz7UY zXX^4wHz=AgP#o`JfO6C+iZKV{EAco0vRoSYuvGz{kNe?#D+gG!Eqf!#v<3;LQiuGN z@`8<=%Y8p10Y&Ir4i{^~;x8M(#>xR6SQ*5vZ7;hdAXao14PFDA%2W-XW$ZQOZ6dn- zqwQDaR57R3B9nUy;ov1e_5|yO@X6MVe=gj81%qAj_EWCAd!94AX1d|ob$%`LOv9aZ ztKTRbDMS`>hMr+QFd@={Q5Hmz(E(_|kJ=c7JF_@wA!GVBAvILAKHd2=so^}{fzxJ-M zc*Ul&-Z~bT0Bn^(y?0JZHxIGf@X41}>G`T$gZczh?Zy~Yp}tkX#j8%28tY--9g?Gr zxo~_j^y|lPhNFHyhFL_M1nY3ZOu;3gFW*PCw33k$U)(#fCUa7HPC&)NtB1)D`OPG2;OUaWOhYuTKS$zUw?VaXKP27*Tn6kJL|i7? z!-WZ9`;&)tVQ9=RXL2;W^Z=zuN~OFjKhg0g>*OZyUi42Bu2*TI!y>p|ulpz~_o4dp z103{oK0zf)=|^XLl%G983prWFbo^d*Ep?JaF`Dst&W22nSiNtCVjM@3LGr##hP4_~ z7Z9O-?+>T@&$jh>tC#cH-A*Py`Y>Pn-iR7Lz_Eis_x6RXk6tI_8HOC{7;Q!PDJq}x zE$k4}J+z7TjeXn3>wuj=)Kjyovw`SD*B(@-{?&~oeN7jPA`fo>_mE>$TaU!m%{(!{ z)rP?ovZyQsKJK}oq|kx$bA+LK8>)*T`Wd7`8&O7R$#Ng+N|a#CYMq#pP$^}m$OM( z7t9B?MT4;-4;dDYzAt%(X>>wp)-6_2rlN`?EN#YLqb@u~SnQ1*;fU?RGae&+%@wDT z=zZ#5#TA8VJ~aa9jH!k=@ex@70cbV^32&GELsMRe3jmH}!(-ft!oAp*Qd<`#qJ>6Q zig7H;E$Dw$dgtHoPHneai9+>JQtpoS+|RZ(R#-Q`6@WM}7?O^nC4F4_+AQ8Z9xGO= z>~?rV%8Y*m?@I?<>OBdHy%Lr;I3_2(kY7_80pL%v)1>j%WlAwqkoIt}>#1e}1!>B^ z!DH~eP$Hb$NGKptsZTHJvxG)$b(qNLFgDf=Mpv^=_JBlk6s95EM=O^?7B-IK$kxQ` zbfLOdx+{gbd6l@%xp6Z|#F4PZclzGw<5ZeOQ;&~{kW(Mih=-J*?>=9_yr^!!`>-qw zSG}>HE!g&ieNgj%6=fgEC|8fO^|hKL;I?T7_3`}FvBM}S;Rokf5Un%Qbg`5>hcAW* zEQ9L@zF;l&HBB!+vfix}9A`y#?)=!oA&R{p^JBL1*2nJQ-!hyl zLoT#hHwgRjzNaWP*{Z8~k0IQuu`#R%4SbBebJd}6MQTZ#QTqwkE&q-$P0%0K{w}b* zJw}2X_*R*av;Y3Ed=rq@64t0Zh=1>&$MT;~RrOuv{m=&IPw$!!nkT%9wZ#{!=Z&!>@`Uz<{53!4b*_2Mw<(Vo)MZmiw@ls_KfVFFG9GCq z1r)NzUztQ`Je-(MJf-DfqNF@~jAv8ePnnlu>SPkCJN+n2*e}wppeYaIvR_Z67kdv{ zY=;yXSNPS0TV7S`4dT0cdJrC3Pd)uRDpd_V&T`5vK?c?QltDFft_Oep$PZl=-?CAp zBxR>qW1>{1I{&rDFmQdzhOOcS+=oY$3|lE;C`izwFcaJp^PIZ$8Qw2@`WP28(ktuM z&l96Y=BrdjdJia+UJ;0IZv74uF_`QId5Y}|3p=t5`#jy;7V@L~I9bu*p3sz{faYL0 zz4l!m{!bD2^Jb6G#`UPhHm{#KO}f70!{H#ketWe^nU5{BL2Go3p&dQP*oU~_ee9Tf zMK;f~qUtF;vQFcW1Fo#t67M@#DRfS9s=Xe^@^giKd|NC)iCrHEq?>9vojm$uTk|4b zv3kT#VA?c<9iLCTLqi_A1>HXX`oyelCz`^+Ze&)|;=*FqTW#C=qdpYR`HyDI|9QIelS0c=%bGE8OJ+aY1Xp zP7ez}^SN${kJ7X;vF~qh>qV@G{q1epM@yiQ%r2O0TMO>6@`*TLEO(#|MZlSSFmrx@Y^igwQj@N?_6FHjK{|c zsL~_qg^-^ohh{_b)}ql8xwoI(C-gMF;R7t3g1Gy{o1q>CP}OsiDxT$Dw~Eol@57GN z{YWP+PJkKXy-FDe$4I%4hD6Z}ZsnW~Yk&wQ7}ptqmkZM;{->IwuT3yEN-Gy8CAsC1 zsBnu@Z$461qCBIyBD%+Z+%_acKfH{^3;O=T47biQqlA4ir}{Kvr76Acp{lkYwy$iz z7Vd*f?o*XJlM&s%=n8Uc$%( zYV9+{zLqRAd)jBaWt7b0SCQtR!$4jpDatlFZ|5F#@-5Ptg~tU^}c| z^vWqM9AqNWVUl9|X))7+TH*BhtCZODLN6UgHVvf$u6&a|x9UTd>;c;H3aZ^c2fx-V z^I|_lpW`oFgeaCr_X?P&d~I!*qa_pEGl|FNYrQxCE+}#tgRNS#Ni3@-P35e3(is+^y)B@$V#;@3hF9>>;48gOJUI>XMuUIJtKZTrEzjE=>a- zpdz2wAG9J6sT~;SVkWn?#sL}&q=AjNj}FZoEVx2I;(h3wL*Z%PjQpy{zXcy5N15c( ze!Xl3oLxQ77#J4?E`-Azo=4c60i%iio`Lc#vKG6Wj_Q8iPgi{va{ByzJlv20Bo&vn znrv+Z_ABweKZ)~@Of;RYr^$y2c*sAz#GIXAT{j+89!_`a3+58%!GjKsaSaPO?b3r< zaobqAQTO*l6pxKQ6a>E1ZhEsl8S`*SpTb;O@r!sJhbc~WHxm8iR(?ky0u}EevtBHB zgB#puN;;4b@lDv>6Y=mYVCnos8HflzvSPkxF>UakiETlH#>-3U-3IXLF?KHl#G-p z>G%q(;uiX(Olx|ax8*n1?iA6iZ(cAd0=nHsPF%)1Cm^!`%v6Zv>a9!N+S?bbAmGtH2G`ipTQjY@gRElO>be}3Wn8X}lzPJS&T z@FAf4L*Hjy0$A5XZ2jedjp&7<8rrzQnn%!fRO7_(82e?KLyK|*PwNmLhDQ-Ao12Gc zb9@#*@*-hFbU)aKt?S3Sg}&vT@pGoWvTBtX7D|tBg(R;mQ{Uj7Dt>PkSQ@sjfRMy1xM{@LLNK?cZ#jPJw3+4z000`1?6cob8Er9X z75M#xbtaBU+r`Iq+f~>@h?`LSz_jSEEdH^U8x9ELXekIq!k;tv!0T9;~e+-O*prQcLD1r3&>g0s5srqBsfgdpb^#i^{* zkxD6NZhj|Ds?vITjYkU&W+h6_nH5V}@zIr7=idU1hJCHuP3hXk^S9^R!tLc; zFs0K=O_O0j0({Te#trSfiBIV;;!BU@l*Vdp8Dl(nRmTndkRC()-Uo9|L(m9f5Kmp# zOQ_tG7#nO3zf?ry@YXvEuZUNrS;*21_<-un&g=MjBP_zyE)u$h}CwHkI zsBMF!jB(MrC-mL(jXThfdoY|c9ybG}k%7jqFs-lW_&H#l)A6VN^x$XQvx*YBTlQ-Z zhm&?Vw!ekiD=a9C&cp0Rn?(XGB|w0&m5NP`ZgHr1dtwzm=nK5P;!EFCl7R$A0!D26 z#e>qNS3jvMn?7$+dPwVEpl8yR(Q~wgj@1WbCYo}iQ6;(nEv*#*jd{mOIie~2dYz>jnup>1xizfJ{IGy$@A(%dRA`db(^50TdAeZ9 zKPT;!I`9(*!>C?W=}xPdxX$bk#~seV+cERB8x#nYGm<~CJ08cy$<9@ys);+wRj|J* z3!m0;w+rC(XoNtxPNM4v!aMkJok!noGry>m2xMFjtvzl+2?i#04Rt)+k;^&Wf`j)Q zO+P(8e`GapP4e_bHx52`mi213=I$S-%Dji)7q>*Du`;0KG;@8a9&c;p1Wjx3m~hLJom3Q}hz`!By7|`01gJz$Y#hseMbdRqUQ9ov zFaW+OH(0N4w-nv+VXrY&{C@OFXs}fDz6STh$_n}DiW1uQUbU#MjHCavbap$`^Z8u( zxl0&#BZwPEoTy+`+@)Krkb?SY^8@5!4ph)I#U!q22DfH zC4*j|lCyT0Ux9lB+y+HI(_zM0V0oG-tn_`a-*o?7pAK<+7>H+mjM!o*-rxx)8FKG} z(s_h&tLwc>mzPnKG)+Ui9($(UWMeYjELCxqFwhiWZk~=wq@$_E62+L5f$D8&sV53Jj&0oQttO50`0gLqx8NF4u|f%4f@MV&y9S~tM~;s zn0$7SU*H9PZcc^Vglc&=;kJ1R(+=LXd`}t=GVcd6$-dck^%bit<%kc9dv3ZdIVf|F zmpik}#Gb*bz#W-K=jsa}>TdN}9(A5R6h0emiJY}irKBJ9v{CQQPb<|vjtQ%N9y$#` zu-ly1bH>1LIzAqn`;^GC?OK-Rb%k{Z>L&78=QKsp#(e7a1u@6aI3$APldeA<6(cw; zkQUqlJJ_>$AG~X9aDg_@*Y9VQm$)upeFEW+rxv;9YjzaRL1u;9u{!wW9!@=z*jG$j ziCq;dWbWy4zkskch&pX$gLDMtiy_j&@J8#L(}S2XFtVu~r3{Zi1!TAD)?nQhzcHYi zhcMdftKRS70)%e89%t0z#NPE_6YZ5b6NOvE%n*H@ZsjSu2Brg};5-lxmn~`urgs{e z5U0PfB2B0F9sO12k=%ZH=0^I;_f{Ddgj>W~dw+-Cr|J*>ux{r$f#xuD43$WO+q;Px z7_aNE=glRG6Jv$;UM3IX2MCJTYy(KPrmY)K;~1+U>O@kwUG8R;!1h>vyV@-cy`HDo z(e|KKS?U@Y*0>P2@8ZwI^*mGYsuz~WFC}ebJRl71To7l1ni8Wu{v0|t+{E0tTVcL& zjREJbsCan%c`7@*R^(m0C-A_9tuUMcAw#JnaN~si3~nX+dLaGlUh~p1yN#2BY>f{b zX-w%T+0>ezaO8<<(9rN>XkBL7ZqQt_13z!mmJp{K_o3Q=|Qx-nz87C)cd zGb5pMZE6AN&wxC((Ft}OTDsqej($z$DrQoWQiJj#!BQ0$Uh{H{)y{vMir+gro!0N> zH=O%i;JeCxsRV>G2WpAoHWVp(i-0L%D|!p?4bN!s1kN`d^N(p7hXb`9W->p?krU@y zk#EO$0p*Sdbxf2B)+w12)_%^#r}6MCed2sozX8?SvD(81rV6m(qPhHWzCfu=xyGay z^>SoA!)-mcqmvWyWVbXx{iIgv_!Q>9xuy}7wu-6b;uh{J!8B=x!QV+g8eO_77OfD< z$;*F^tL(KU$k3>R@&kHGbb}^=r*)p@;e2Pn-QnGQcrejT>gQ*4)CcEU2ST5{^pyNo zy7sExpEI+CX=aGaR-LXw~PF5v{R*8Ijc6ncumP?KdFUNFB7g~Z^El>dpa`|h+q;cA}+f~yt7R2yB>7>G`Ou+DuZ0D&!LQmNF~QS25(vJ(8@ zw7njP!xneZ!}{${6=u?2>>iG4u^&J3=P1$+WEONSGwmv7tn#dD8h*E zqf7)C1~U02^&8^@yVnC9<>>l%Ej&A5*LXmWYyP5vMiebbOea2ESUE&mVY$-7lQL={G^-XJi$vW%e*_q9+>bj? zM6_`Uq<3-uT1D*qZhUvmwMjPZUV!&h0W%K{AlkHI>)BRCF>nsg;kY%x9QK>}VZ?n) z6m3>_laU0+Ny2JxS0 z%DpcDH{w3iM*?~qjtfk=E!=kgzDuoV{H5xo=P|PT?1&%D&*~n80ct@l#`_*fs>JEm z!dvZfOhM9sfuvYqg>)mPdsOZFYG5w22cxLJRoo`Lq0Kv#yh!`f^3b3Ao=w=7@BIV_ z6mk(*|3a2?kRJ6iaqQ)~d@pj%9awe0Foa9BM#Q`i$cax}eUJyjq&HO0nC>Q}@e-ov zd@9w8-~6hBo&R*PQFS+1IGKGJ;ionjtAq95{60G%BRwu0lIG~9DI

JeVa1(B9y!3{4hFmJ($98wO(-;9mZ-DrZpt}J+*P}SRE3b%|pM9ETYeLx)d z4QKj=oG(=ZJ_zyPg}I~1ZBhe6g?%31YShzS5FGZ(w{;Kp!&@xA`dZaL&6Fx=qOQ`q z+*LR-KMU-V%~dtuXLaqVv8bauJgt7b>}OQ~WI+38fc^W#)d`oUWVW7$fdCi0*N?u( z3F{_26H3_#7d+?h`e<2%ikZ%wvuVYTkJ;WUM9lQ|1dp@11HuO`1$S~hF75kTpcX?h zdav@It^3M`t=xa&>mz_ky>{$l++$JB3`@)j0FzmA_uzy|r$b53L;;e(X|HEod>^V$Z?+W;oqq68@0MVnPutf-g)v)O{p+{z*Q`Z(uI04cw;c8R45*xLxd(5N z>dZq396>P8KALaL(eb|3Mdin4-%{~P&ASmnql{;K-9MnxoA&KYZK++HC%$N2s{?>x zj4lpfdjtW>IohHR9>Mf7#$;!BnxDpOJ zm-k`4^P0ZE7m6LVI|2`}D)}H~rSi1)7#$pTWU)vaFuzWPaCuGUp&sh67d7sK5M1IA%p7QX?(~+q*BtRjRy}NZ(BL}vPt*YR%rxrbXRfeu zzLwtCeA{X#Or~(VQnhM`n$qoii84r2C#U;5?IZIcJhNzXpl)wAi6>q+( zB;H5zs|fqci)<*e;GaQtSH!zfHnnyDyYVOP1pjd)rXf(2+E4k1$R1vL<2G0$=*8Ti zPX4_31JuG|SH&Z2T{RLn%ZDiqaWgV7LUVo7@9J@%!TlI>WBb6~@9AE4{l2K3-0w)u zE_Jpqm(Onjd9KMv_CsjJ&88V5bJvqs5}0UFjM%!Tm+bz#JiayKrI6l;j1S``c7FlJ z8CtHlzvu6-TIV>k+%FiEgGx;UsePJ+cBW_w{w38Udd6*aXgF5=c~VE{Zdx2W3vek0E+~mmJ2#juj2E2VKvC(Cyl$I>QPeHH(fJ8%a3uGG4LmW8Sdx1B zV>_0uYtK*FcLw_!4G%dO07LAaQJepsm-FjMHla{<7A;T=+O!g%JI{vSLSh7#qmt=m z5xIA2-TV>ic*Fg+`)+x6GJX@>rOhAjJ3N9s>(LWWGimm>>U+JioC&(fem35iy#glg z0iJ$MWp*?oySQ<7s#?=aJgOpm`jNIDSFCvHZk{%c?|KxrmEz++RXzrKj2mt z9Zm0UzZx(8*STIV2XvO&o|?(W@4W}T^vS-x#}r+oMum0XzUMw>=b4?gYY?~Rr&V>d zG1ldbAIR2&nB~KW4V?4C(9DbenR_ZRcoaF|F}TJ(SNfAX!O3M(?f~;%FE7vYI#T2M zhKuKtH-74w@c4&Ip9u7EsW_n9glo`xIW4Eg}at!~RH0^{;2XC-dYT1_`sBR{tBeh4i{_F`#z+ z;S!#aFyJ=&vglf10kuQ)O^osPBhAh}HiYQ1cXc7GN>P+{ z%)ZYPZ}@?WZXFw3V@Nop24;W4@_17h8c*xlF3)6s9tneF$yc?lL-&zztstPn`6{M& zp}LXh{neq;nc3~^^-uruJ8o1U#kb3>>t8rqxNgi&zM!H^cJD{murcmXk*&s%51pX1@c*K-m$Y0MktBgk%-ZvM{v-!~#N(Ucz}F5Eo;gqe5GZyqM2B10oh8 zEV(21<*(KHeeQ{JnPin$@m{#Xnyl_b2IeZgB47-sMSR*Z(!Q;kBQ& zUu*rG&-aE%*!j1e>nMK6_sfUB#_hCePI!S-yugJE`_!q$?9d_O<48@oz4dS`5Jofb&LQy zSCE5+ZFcSx=V^4(kC{=1N>e%<1-XDz9@%Q{5!FUKK^L$n{zg&J8 zkqx)0W6Lz4>5FMfe+=zTQ_6d+Co+^YbgG?a-8sZFJanGP_1PW1^uAKIk*yUjasN%B zAvpRlUUNSJe=;-P89N9EtEtRKksUi9$M}(bjo5LQCva4IV$@@<8>^U1o{~#=d zelr@wLUD+#~EKa-4YMo>kumz zl~CU={axIXLzM3*Xq@fxgzMyUX5dDU?_D!-SNL$Hhbr!SRgaZ^$QQ-=k4ZO7ssh;YrOrKgDmMax|E6!!}9(}E6_gT z*VCE_yZNPQpWGBeIKf;R=KRNP+PcrR)?mid)AfDt$LBox>dfn_&0qJAndaNfoy1~p zpJ0ve$Dr}F6&r3XOTY)8Z+L$1k?krnO>D+mywVbU%zB}RM;2aEp}v(52TO52wRojC ziWKkX?`EkLyBNc8N-vg2#%;6Y{F6z{!yj7BpI$o3Z1!(}WIn575px|W|Kth%n7V(^ zdOVGjrLwUU7oKuDi?UZ{8XKki*_BJI62&?SpF@m>4)uir>h+VF`;uWjifwOKHNK>1 zu3f#WyqOplNKVJN5_h0Km&`39FfR-^!62_x=EZ0rP9-H&U!HW+hn0A z2OS9!A!##O77e2Uhb+7dk=TaGi%qa@sJ^9jX+tthXdp&4Zui)k2rTUE_l9zU9x& z_889j~+YV)dgtueV9hPPs~qr%sqyfoaf`!ZLJ6l6B1y!s(STu#R^--L(#a| z(LcmaSKnI$md0UMAI!&h-nP8)EQB^<^G$E$zNGue7vuZgAZs&BpEb(tsC;<1yt#cD zQU}3`=^mKP=e* zg`*SCN<1%1hWc`eHHUxwko9>YAqx^;AAp_f;@1%2(#LE@aN z*vW#o5`Bx9TeZv66O1<|j@ss}L#bUqW=@)yn@<}Zqbca4<4(%c-Ctm@6s^nrvt9Cu zb`=@`kXxK@?N*p#^*-AIn}J$$-*mRdD)40;#E-g84U@%ZkDw?&OuJV!w`XA5D8?Az>Vn)b!@1 zj5_KjnTqK>Ea`AR2sI8FuIv4KuAi>GYg}UMQc{OSAP|q9#1jGMuQV&Z%g1x2HJwx) zi1q?x?C3(LH@Sb$pup8NE_&ioCRH z^GG8P7eU1m<645k|M6#z5b=u8SMPNZ{JY0roj=Xo7$C_s5NIq%tdHlENRk501d&T- zY&{;Z;-#)*YhG`W7UYRdeum%k(B)7mZ+sX4$H(87lUqj?|H@yhtZFb%+#hOtWM6pA zyri@!zjl@oH;`w3`N%WZTS)rlx-ytVTT6g~M!q`^!FOP(UmuJz@#ysCgURQ}D^z$J zd|$ot`&=1*mDt|cuPCR3Fe%EaY3PzGL`!BedB`r03qA1@OZ-XTY$K}pM>qNg8PF!4 z(7px1gSsWx4aM|!(bzb`7#uaMN2{6Z5j)CB~QxoiCO5?4H#f5|q2h2yp(QbmFl z&IHM22g<8h>+`ig6H`1k@rL0##Q{~Tm{h}d)AKScp8i@Y+Cnj$n zm<=zYIT$KDHaN_#Upt9U5oyxOEqs9xQ)S=QSfYLVS9)s0sONZUzNr zK3h>>x-{^Qakee-_I*>0C%V+@>ravh1Nz_bfCFpD9t@TV^oF0)zMnia1rSQ2e|Q6_ z$Z>of{qU&E%#jkm;Lw9scZU2ZiQ z9lhIU|W58mSH*&38^nB_W=sxyXYht=yd`A$2M-#6?^1 z>8p2v%RagOC4~|}o^My9L__B;9N|tL!Z5tOr#bx)pCUTcxwR70p10X2=_J&!T|xlX zO6?b8LA1so8T@SNK~7izW-iUXF1|1Jgr@;*yXM%wdvDrEd!Es#O`pGCv3nGWb_#DB zdQO@tPo4{o3EoFB%vpoR@wFM3Kc0>9-c6ol+`F zIfFoxt%%Roz-sc%oKVELurfsv?X%LkkMQDW{u-j;30tEB5Ucyjk-;FB1h+z?`08M?)Qm&)!2HnNh1QAZeWmo**ml zM+(Nq=Dl}hAf`6&9IlDLDG2rzVU5|U&{bUH_^A-QK z^DaTzquF0JvLL?t`)k`Iy<RP~f}l=+%{=A8*Y2`~MWl<@$$?Rx8@RA7zVW$GIms zJ^ux#3kx53_4}JyvbqcAw3tT^r$j^+x>@aK-+n2hP7fdl8UwfH`H)I^>UG#f-$bhY zYM={gUJTPc9lq_;8QyQ^++0H``svg$t)$F)%0eY$G|tV9gPxwYQG8&Y|Diq0$58KC z1fW7_$eH@vF9Bt{?hQY&Z+2@-&aPSI{(YO__W?N$PzQUXM+(`xxZZsmMF>uNgT(fH zVY98C1^DldHCCtnH}PM^esxV+GEzRSD6JzAt|KP72)EC?Z@AgK--f?B#1CJj+U-*6 zVkH&5X#g&Jhde+7UCii8ML4qSPw42t;`UKow5*dx0Tm41MCR=B$8HK2mG$dV=C$vE zsRh%ee`cgF+6$7F);}Fr?eDX$93m+Dwp9vaiZj62xA1Y5ERKB(L-@?D^iAfy z`scJH*MeoCmaB0l54D|7CL4!~mvd)W6RY#M(LbXAX)kcguGu|}@YL4aGe9_eBWP1H z{<@g%BT@i{K+0x{_C!4PE0vkOM$SHR0|S$m(`2aBH{y#a@cb@pJrDa9t~xYKgxkUd z8gpFi3`@oP`}47<9wVn1xFxe*19})fYMtRBM2F2rXj?F!{+84W@V*x^k=~W9!}NEZ zNc(4nKP-EiTz?~^`sF&Gi;3}pzsG2<(7$KLc2AsBl4iCXaS>-~ce5iALi|V4mA0$K zh2g&>Bt9CFsmzIQhD=4s5WoK1_PMU!^X|P9!dmMY?jZxun{oErgj*R-^>EeBHihE+ z!x+fh*nA^v(M1>7TVCeka`XW6eZy+RNI!>9Aa|(P>sbc9e3CTc%Yr4M zDzl6e0YE4pA#$<=T!I;91wxN*yyqIApnl@djcN1gd`*A%I73hrO(%VWIKcPKojreE z+uX9NiQk$MgF<#7@wQ(KyfDuQRevLG8wDz6(&q#I$N{caLU61RZJe4ss@{GgX!DrLu2wel;<3gta_}eLHsGvm5q8+cw_V}i{ zDz;-6J}7K^cZ)yiG*x+g@_fB9RI0lJvHGus6>^#w=FHT+GN~bn$hm;H4HG6xneyHX zcX%&5csgh#hx?S^BL# zLLdsiBk+9JgWbsj^ypxoPC?PnWV7hI@JH^`(Z^DMzy!0E^)pGEB+SW4_<|%!^Kpr1 zQ?MdTxGm+8KhQ9^8w2Xq*l9X8A>+sC;q6sM1PG*vn=I&V{c<{R=h=PUJ28)}P4xGf zd8j<2m-8Ng;aF%%&1!u+Hio-y;gQ)N=7io-szH;tR_t#mgQ;q0T|pM!VmI(PW$f!j zd`G%V3s8p8U_De}3XPz9Oq0iDv|robivB6acwu>iQ~U^IOB_ydg_SQE-jr^36Sd|+ zxFD%X!9E9w0XmKv`{yZ`c7%F~{5tw8apK0l`U0}B;u)SmuiMG}O?>}gmFRSpzjHJca2ka8xitpFs0a7(tS+au9k3dkG%K@xps5D+X4;o8nz(+23Kn`7P4j zRoZ#o1M1gxjy>zt0D-eVe^0OW7={=CzkxYsz)md~M_!$u--k<+>^Et1VWYk!?BmZ_ zWVo_cfWKM^yrF8WjdFoJ7d{RUy13;*ga8=t3VABFU|9lJ1~|dz76!nHjB@=AAO~_Py1r)M(y(L7fUN1-?8XS@!^zEYXf`zP;LDS|Q3IfVv$mYlZ{ldr&ANu%EIRu?Nb z2-=zK%PGj`e1LC9TWfyBJlc*9d(deEE-QFNKWD_)yK3HXLc|7r+!9s*g zi_fXfzRUBU$aMLqcq;TWn^Y(MB4wCOW#a4FL3=K3^N8N_3fJX&+59e;%UwWAR;aMq z^C~xWQ1_8x4cOIK9_CY^m8Piy1R+}+_m~hj$*Nye;l>r~YLzgZTZvfzx^bjXh03>( zZRpCk4xY^6xyKtcRmEmtwKjfcCp^{J!6{kw7*F+fH0Rr~YYz=&wC}w(gO_KbLOXj< zDM+mc4d)L`&obOiY1D-PUoee$wE;TIU3HKThV9;sz0@JEV{5=Tq@*LK@Nua9xz^6% z%P~A~3GmB~J{7XTR-fm=QuO$!74!R&QBP$u_2Sdx-7n;r@IQ{1KfB0-aEgu(dsXV}y50M^Ay{(pi0z6;oN`BA#{)+}WZBidw((l%|+)ImZ11Z_xnf{@)HJM=a zLg4uIb9!#FM$2Phr@% z{rcBm?!Hp5aEX9I8TcgVeoU4bWc%N1FSiB#Jlf19zDiBeexRMeCmiLKgwzl+ql30Of(a3>m*rpZB=cfO{=($pn zI*RbBMy7)<$V Sf)Mt{wA|6XS4V(v|ZeMlQJH2e|-K$X-8pg6zO84jUSM3Ac<- zSG0(X1*d&;rYjc4?a76xyhY!~B~RwBK>v59JgP^c~B+Jm5YbvdXM1DkvlXkoYOqw{SXk^!G({c?@i~3KU#I2a`yR&nVci& zH988ToN)Sf7u5T0*rc|Bs`B)3qW-gQ{v?;z&fZkhC_cdu=5gW({$RqprXg;F4SqgQ z7bIK7OJ&&7c2)}A^9;Tr)GK#@PjYpLryHNKW^sKa8DzU?(esIsvt!|b!fD1au=NDrTBfYSZ)qVEplyLwc#ar#W|wpKuTt38^M{u*dFK0I|JJO0rlG{Q?PK?*)W@ZI za@_1}Dc!y25*Y6(zLa4&bUiat(`+yFu{c6#4-KOEQmnA;SdLpksinft=4Brn# z(}6RL>ce+e^^o__t~f%RsF5*|Yo5O}!#)X;elBl*oj2lOJ3pr5FDyL>JQli6GGjwQ z^TgdVUCa!}#n507J7&-Qdt8_^)&ZDCmzu9{Hg$OR9?Povl|$;tx0o&JZ}h0DIhyBk zfpO!Ngh^UKFycnx2llp99*X^vIzKI^4ABidlN_|yV5WEn^A9yg3*#$J>lQGN*~tk z@WAj%{ll)cJdlSBcGp9smKViUd~*`emEr1P1GBwKFA?-7WDRqOFk%gmdupg*rDY&s zIMQx#T689eCHvSGV7EQ(Y`3w@B7~o z$WQ%!f%WG}s&M}=nFQM!ux8vYupACH0729`I@=wltWXp}u=An3d4C2AG4V-&m@@X2 ze7vE4#hvMWK~wM_rT#wRM{TrjK1E|-y@uZJ!WIhpm%7-)&&O>lx!-6Aa6$@2Rjyyy z%cmB9t!kwsezqfi>i#5xvGsy}p}93Lgb{cvN&V;VJ>8vOkO;>uZD>oT*TWKD!k7k# zqOx^E8P^QrUA~-x_I2Vk9o)DxC7kwnUvNR@;Y$`4&G;=l4>b{~>@Bf~QP~Z8g*C87 zpGyKk(ZlWuw=w)pe0tJbeF|alP1=1LOqYE;r_@!I-~H!fSJWaC=#2N6Sc3f>?lCZsLFnDB(tR;$1DwV52G_SLx z9z)tf5$nGW>&3P>=)$?IXE%pAsykbbAUb%Stv6(?z(u>{%ehPhpp<8&?6bc6#nPKc z;swEn^0tTXG!TOq{eFRzQ!`9ZH+)F*T))bO6g_ij)~&K<(J;>@hR@gTN{f;VYiA5=iaLX z7l@_c*2HQDO@nJ%y@Vvx8zbl(> zaoXznhv6=Mohc_5|~zBy@!DKAwT2y z{wxJE#)qfrq_vJrE%s%!ttZ}hvd4GzMFd51$p7rActSpKu_ISC=VDBOAJ}9VFmFApe;A`WV`fGeY*Uez=2K72 zpw9P6`R+g@d^_6X*q<}V#Jo2m%1?ZrtF(Bf(e6K1<2YzuSQ&^#MC?u4+&?*+!1rt|f?QmN^?DOTS* zB=uhARNh#KWu75^7#QaS(t+FW0YcgW45O%4(3+&^BRK%ak*?ksGzWuVbXY*!2 z`OA57QeszD`y+5c1?$ler-Fil%!Qu4XS&5c&Zhsi{k<$0YHvRzGXsr^@T#g)>8(*? zPEb7Pp?&E@ythKB4i+Idf>vJgo)YQ%ZTh~Iiwf%;=wKbe`m-B-Ulj53!o01X@VcFz zdxX|TLv>(OGiy2G32})QR#)m(O?b?qn01Bu0lx(g3jdYzfHepB{@BOXLY$l8*&2>^ z!ZMv@aMSA3X?Ea(~Mi=QD)r9dc2(?+eb5OTA zxdPbNidLd7*!~<-jmL1MgfQ>Aq+VdWGn1k3n&fNG212pGs;*{`a-QJ6bh%%M&w#{A z?g|e^ew}%|YEOCbqDMmiv3Fw3`LcoBU7K@0KIFM*?4f`lJ)hKPAfp#+NG?y83(t=I zl+u7G-xUijQ{?h`T!7O)&i4A|?gE%Wi$-^gsYolIAKB^s*~iF8(9K}uhwbs8_qoFG zj@OZ+=NJW9l8yTWS7%}+=!BreWRd&Hie`LFF9&go49b!Rh%Fh0_Q3*M5yrGnh2QOG zA6Y2-_k!o5=Ry81nQ5NXg-$;6?4S=(#ZG+p-YcXh1~bji`tGhCy(jv6g9x=v#rt6O zbZC%jkpaOwz*qL!%RKC{#gmeG5dbPOBH#Em8G>J`x@vvCVH;u8l*6Vs^eW9Yb7|td z&_d86a|q7L*@}Qjepg3%Q9!yYNaOc7DVAS$4~zH>g?@^kRVb-&Raa(B7*rq)F{xJq zzuWcw0bdAuP;7)^`=RbCafd#frcI57rXRm~`PBdi6ApxMkrmwTJNo1HsarwR-VNAK za1B^3i*^-IzIqM&x6f!H{yZ7tEpYs=K`;|)x3fuZ=JXZ5-T z`Uxtb2BqvsneXkAHOghXgb*j%nZ1x$cy;ammQSJN^gSJie2k1QvbQOGEfBVZ+Z-+d zUQM~jHXC={ui-CW=-3QEPShcJHd>k^E@jI1tj~z{k>w{iLp*+xJg9@@~t1)Nmh&{r>bh zV@MuATxg(aTHJoPWcZ`-(2Z?_?T3FikbucAj{#ThuHT=V$7eu%8d0=|@28`1gi=X7 zaYlHTWq4jO`_~{?!GUxO=`mPW<5$dpiG&T+n$LI4+IEIytk`!b=S_ zA0GVc3b$5@@zjZC~@$K3`0p^=Uw49m)I!Y_Y`grb3>$G%^4&3gD=YV?CpmmNis?v@g?d?3XbiJ9yR=i~-x(Of zp^yKYB@HwL_kKMZ57F)%yQ%ind!+Fc3x8@^AEnc~_FF$&DoXV6?lxxg?Fxa?)q5HS)Z#RL98q+>|M2T5*i{njcHvmPfUzr2fb3 zC_0r=qSqbAdR6O5e(eui4#*GJ2eA7a-si*gsKY4R4b|oM=b(-tRo<~w3n;2}MQ!-+ zOf=`((fwz+)37fG{o|8Wpr6)1BCT04?jBdhpR6fl!a^TM?`$BiN#$;*Z|ZCZ?4nso z&wiz2{b!7Pr6S+l_L0@7V2po$5!&SdNS?jDe(m@N?2gFNsE1G!EulKA*j+Py)MX>W znWeAp9y?Y-;a2;@k;loy7ynX#W7+C?ARMR%a7xFVW7H8F1S%4`?2}#Nrzch^i!`o( zHv0_+H{M0w!_U9Nc+8_@{sEO#O*a$On$iu{oMjSB=h}jmb4{doZ@nJUp>voA1W92= zxX;|FN|_ArtSxTeK638|>DHxqgSH~OyYORBe!if)hj|n|$dAfWAH6!03NN9AJQYx= zf<=Pp)6T9{}ai*d*W2y9+8j zCBmD_Hu<7odi)8(p6pwo2RA&!j4kFEh~qvp5X0AiL>C2HAAZv%Su0I84VUr&jo4!n z-(&HX65g;2eI1Ohs$a}_{@kvQi6u^XGb*?(@+&@5xz|1RBb7$D;4{;&U={7~LsH*IcGN4v z@mZaE?`MT+1a{)V8?woicfo4%z$)f^ccWdgq@=O=VBG z#N55#&}-oG0<^Y$dV%TvN$*F@`0}2QA1~=N;o8Y)nhB?O;Jf>jr0UyTefVZ7OZ!k1 zWBw)TD`a!i3kji1ZLaJt`1~L+5yb`xwjw^VvFG%l-OlH*$|8d$@m+jO_C4aAD32mHHhy zLhiSHI)YD27Z)sd4kHj!>Hu9G@eyTL80bKnZ`cB_d3A$-ms&!G=-Gw3(Pz`%vadHe z&YMMU2KShe4wScT&hSKeR(Sw5;r$D#4~mCXXEMDFV+nThu0VU_ zyCM?iyiDaphgf*ZWuMLtWp>B(e@AHRI-oQhe$ee{Eh+sSAaikg#e;|1*X>s}iEk3J zMj7WrPgzcy-!IPd6+!nmY2g=^**f1GB)9sw5QRXAvWepxScN#me2Pi;bbLPFTqEws z#EZP<56F)Z-9-XLA?BS9 zqfH=ve7nDISSKcuiu@dXK4#Bc-~M_$JX^&bybI`KKf0>5vUwhHmktt%I>rMdW`7a| zo9ZJJP~v7@M_OmB?NKsoe562$yvEh9F0>tHQ!_EXWk@VOqTC1 z?e8P!a4!egDRo7Ai_Ql=rbxsLb9}Z->ak6UlNaevzNS+LOi;lkhvY}?4^K)!n;gcn zAf(oBZ2)TEV(TJk+GRywVI$8YdlrX!-n>?N31ChzDl}tIMZwkB3|L@`5G|eXu((t+ z0S+>RJ_$W-8@u+u53{*{2)o4j0t(|TD^wpL>2NV_?zlb;_qRNgqUYRobdl6Z9@ka* z(J?#m6LEKFP?Lb!;-i-X;zI1OjlbZe_l5U^0=xxC!{x>S{ZQ3=YUg%Rs3{8hIykVY zW;P+ak#~E5fv_1{+4atR9#i!zp1dQ(dp@CDA~ub%_jn2aOiVvcDV`WE6*HmnosgVq z=L^M*>bhtb5nc|_rT)5iHhhLMnly(~V+3bCuHkfRp3j7KsW(0@B+onFt#Gc;y7WVq z<-)WA!yLzR_BDqRzdBP#a;<~>x(BK+=FeOGd#g{_1_+7|Zi@U6o;Wih0QFA_hc8Fc zgz}c@R6IYezPontHq&Nr0sSAB+&h)q{!l|Dd@ls<>+_|0gNjEqygPhQYTCZgStGvS zN)1ou;m0erheT(1Ds~G@z}+je+=%4!fxaA~vO95S)A3LwYtRQgL(*1TU0ZX4U8pru zX<99tTjYK*$xE|@oJr)+@Werv3xwaMYBAOUd&g@P_*gB!w$cOti>7Oq-D38*E6Mz5 zf1vKvSv*&fw?8Vz!lqDIY(fWeG$4$$RK|G(WjzlPu9D!lbbsUD?>XUaP5z2Dh9Eoj z1WB2}NNeY^c3a@Mk0$4hMSe+tEJA{TCc$hKZ_q;y`>?J{eB{z__NQ%|N8a(&3$?voor~WG&$rF(gECN`8n>Lw9nm0f}=Wr-*1-2_FOK^ zFSLnSs&pZ3L~ih2_NyE^TfD);hJDVZpLOBtZ__dAUj7L2p+JnJ&AJ?hA*E`Z%lB)v zWT?Wo#VV+MuXt_mf!+EV>e4_6)W`TKB)9VSwOQ7B{Z=F05g7aZdUqL~R%X4QJ!79X z#ZkH{dtk54c;?9G$WY?O(p8`t!|)oDKV9m>v0#X4LN*f;Ijn&A7n;cV>sYJLKk}}! zpQ$YH+%Y{+x-2?MUk9?ytngN1H7Ft~f;1e>dm+4H=IGaN(qsAfsuWgg7sY;Sdi{Fg z(r4`dg33QJj7oyXY^}Y2{gX75zAwni?IRjuRUH^1OYpJBrH4PWM6hd`-p3=t{4u`C zK;Nd2WO`ZN&0-%Z_U+`*VH=!n zb2M;PS8j;!Q>AW@@WyeJC4-91p^PZy!ru=sLhL#mAt?BHaEGuH zdDRB6_;-Cr#qj}ILX1Y)t7mzStc?9&k!~D$+!4M-S}ZJCcyXt!9X0r=ls1+yIsF@M ztvjV6sbB_@_vrSz8yCy-b~0aQzG+yJ+d_Z;3hHy!UZGYCGx?S-uWx%wXljh8fXQx1 zQTFF`b~W=P4zjPPEwKsym7@^{m4x^1$#|W$+A2;Faz#1+-cFA{J&`4HY)jVPPzcB0 zA+alO1x>a~wVko>$K*4Y=|1_r9AV)P^=*wUGUhw6FVIP9N>von~ zW#3>%!_F#hGFZb3krV8Gc_B`OgydkkkLeZfCn$ZNzx^&X(^)*8<8U9<>Gg^_tf`If zmML?3_P@l4I*B|FO&J7da0j(CK;~tM8#O{gh}57-0IWA@f!kbp2_Nqj{P&R)X3~uRyih+I)wH9?e_r)ZI?QL{ySHen52%;6D9YPw9naP9`!NwcOebU_-F5$ zij{@jK)C)!X&9ZyCaZ@M^@kj_6QMoZv(8+Ei*(sDnHF&IQB)usPT|Lnhr`HkPS-ww~>tbQs-onFOB^alM&^LyZq!?hRP~N<6x2Yhgi-}K+3eLoKQ1@BJ>w! zR8I3y3mgFgKX9}K*?%7*Ei%2w-*pK>>zrydI^c?YlAG1=cxElt_-HQF~e6V6yLjfa-O z36#?V`#f6Y@Ky71%nB4b6<@eQBI0A%6O2#0<+eliWU%Jg&wL1@=}^i4Knr(p;MkP{`gK1LBl`4ytwfDSqd;B z5lvV$;s@b<&S12Ixmft|S-pq)(^YTJ&?rjKPPS1U&=T{(e;f!P1}gWyj~!XQtin{h zc3b0lAj$8g`4{YP0_`9L@L{T(WD`Y_zD4qft?PIW5qYnSGEu;WRoI89ApIWWNXcj zD>R|@+H_S3(vJX?U&v0=fQgkl($h_P!2Jsn(ee_%a=Q4KHz0GR*uT{xn3&~8wj^4U zXzZmg1PJofBko$Eti>_pU-=pbP6FHlnd{n?Jj1frwEQ{fDCK*nL3BY=coqp+iE{_3F$VlnO1tJ@wiQ9-?-$1BhiquTk1AjhzgK6| zZz1Q0X?7n;EITTBdH_Tf-D6b5Ed(JBuD5V(vZ*`9MX>vwB+4f**Lr(fIZHf z>CA7%@jj?AqNV*;cD3HiFbcOdQdk`EbF?{+zkJ1jzPHa~_ZRXmMtsO*|KX<>Bg(z-J-kkd zB|lW;y1$LGy#B*wB-pXUVJ#4C^W_c4h6J~9(kn@_k zo6ywnXG>GcN(2{+>-_ui;-}f##lyu7&u`nPu341=0iCkI}oZDA}E@L zF7vn|pMhyZUs!+;a<43h9nWo-&k#PJ4BB;em6mz<0rCRQ^!K(k^J=cYTVhGB7I*finA$i_zJ*de?CxZG#( zvN*iedC~jtej)jAd_lT;kK^Po+DK>aI%bU~k$NpcMMY!pKgQk9P#b)XJL%<7eBD;| z<@RIAJFM4-V;YQ^ibU_Z6wefw{7#lS1XYEu2#Jq(mXRAX{D+62rVup#XL(;62_QhS zNN%Rhyej)wOrcd29t1_$jWsz5!k#x{hGXp!c=lt4b3-t-uN^qa+iHH-{bu>26i1Q! z#r29Lp_*oC^!rb(XExU_g#x)p7=viD^!^;bSix{14Y-({A3Ul}$@3vU`p@YiV8lN5 z-Ns3KmQvA@%pB^j$)+3!cnJjUcj@K+tixBzQr>&nYa#%wkCky>SSa<`wjrMjRO%k< zqM-WbWjN8gSfBUd3P$Gpc!Z`8>F*13`hJsKL01CcSw;N{oJ}l=E9Bt+zL!A0N`j$x z2?)8ZzY;eiEZm>RjX^88KUCF{2jbVs2(AE>Rz!r|AVkliS z7{!8X?d!g}IjfXepzZfnt79{L0DM0DjC{imT>|eZ3B>sG0Y< zGk$WwyEpiL-=g1iLo<_L>oLhvQ_L5GTY_^}6M9CLwqZaD@UKLv)rMkak`FMR40R?Z zn6UigJD%X-3Dja6t_lqU^J@%B3=KMtvxjQW!}B^r;rly_`?Ni-P#F7)D=SndrmP0C zZM#cPgNzhGd3BR#YYN7ys-YcVpz&2nYY~s~Pa(DONT6z6-K^?iF{ca_eGxSC9}QD< zzW3R=%ab2z)z!=mN|06U19!_xFUi$@-fxFJKU(J_bwDB}Fp$Z`?}q?CKb!HP&ad$`g!W!vW)5<13KOjpia=No$>WP6bpn{;Maz;vH{Dm-oQ|Ko(bXPq z3V2f9=O}~JauciKCxUD$3tKnzH5+sPkXW|J-=F<=sUw&}D{-R|vPN2=)0y+6~Z_dil3>GTQbbg!j zkVfOvP3#*JYV1HH{M0Ao_gC$?97xoPOku8qw)JI3>MEL^bqR-juR_3Q(%QS7#Cf{x z_)jdu8N_w=&pnMC4nF+Q)9L~-x2wjzFmXDg^u#j?ZBDp=!&*;_z?ZjgP@^?Wn0y)^ z_C6hh{`CIzyV+mX-fkXbv+gOE+DU4`&{Yi^i5i6_l}IQpfnl;wu#9y;gGOZcKt=ir z%acvNvN=+q^ggAkPPJDj^@Z?z=qL7aK!#gGj+_G1Qie$|3rR%B%6@wxqi6a2w(NKB zQRNn}(f3nD%uvZc_mT7IFJJLC@Ni7eq2V~WX$ohew~<-)!exDPwNj6aV=6R6=mPiT zj}2-0k$2P{Ct2?h|K<*CA}OH$A?FC$*CSf{uX#HF1UP`J0$*z)9&4LEU{eoLnE57h zH?%dqj?m&r^#NLFkTS_h=eG~ckR}};rNcs*Dq54A9zb>BYE7YmO@KIlnTg=SWb?sC zlq0MVnl&Izgb5r#R;nfsTPw}3RP-G$I+8_ERt<+qAk@j=Q|=2VO{gM$b>O=Cm&Cow zZxIXSr>%<8XVbe|-x&!|t)3js^s@aGhdpq@#D{rhh(j`t`x61$E}TT(SBLd6-pbdM z{?;u`=m0XV{mbHy+x@QZ2?+|=o{8yLov;giQSvqMhG<813n4ihY(1>MHba-~I~z8LlMUj_@j*tEj*$YI9KU zL(FsNhFt1U59O0a=tx_&>F{81B8dOqn%z>+*|LvHSl%Y?JPkR{W|Sh4+98tsRdt72 zckSM*;$F1O(@pHt6TIfnU1MAlE@`mF%bu+B2`{W)pP+s+r-S%b(rd^Mb6u->rdIs2 z@q`UD;$yo#aP|WKS#f1#3yGS%=eDa=lm#(jOn&vfo>pOx+ z@1A<$OLjM_-UpUK958K_1^C?P+~Vh1frp z3}08Uaw@^kh7rietfQLkz2M;bJnMoR>{T8UIvpAf&6xKUPFEHU#EtgE8X$}U(|Z?32%md5K#y%neU#&7(9kQBoTE@56^Ni+4mKW=>za(r&sj_! zZS6xX>egSIshE}{9NXIi4gKsSD)(pCai42G6x9Vn$NGwF0m^dJus&KUca&zfF2?I6 zO`Yl#V1K$0Eqjg7<_}Y&ip!zhKsBvi++O0`7Rq5~i;(xn`EyQ`>V3~F0|L1E5~4i> zf1eYGMulX#Kk0o1I8dUk7x2R9ZiXX1lc?VC`}qmV4uP>xU0eg{>0Jw_#pFUnLk64Q`{_=cD zpzz-F9p5Sd&Z04U{oQ-IhhM_mrSeLli@KZ~Lpy9snZIGngL22(&lm9(OX%t^iPje| zIKBm;sDvxW*xGF-x+fx=T0*~-3oMlD^`9B= z=%O7&*}lCGFBs#R6ZK&#DCoeAF;0%h03|4#SzoO4EHSRrJ&VI@{;N6c>#*j)&qNB^j`VE{x~{?W4C;OAMnmcl z0<|{68k5W&l$ZHQlEex68u5MhAJ1A1dFgmd|J1$q>Ox__adM@Z^UWu}m_4k01|JSe z9Pz;U{w!=FUa9e0l8)g@-pkbw#_PM!v}Lp7#4dmuU$iRwOvsR6@z}8axK0}9SPo|M(`z|W zw0B)=xWL>&X5%jCy1r3EorNBnW>RE4Ehe>1qpR6p4@($Iy$&>{M-=}`6&8S_nZui< zvySfKP6eYI?7V#U;PLc^Htn)a=7Q-Fw+su}=utoo?4TpL72hWE8*(Wgm|+BCFW)mC z^kD6MX2k|Jy%uh~&pt6U>+!J>B#fV}4=p5e*drJNO$1uX@{YOM;NWjN_tv{82G=thU0hbV*jfU#o6j z9`}n0rBu$a28Gv2Lm*lZ*wZ6;KNj~*Tb57Tfahv{eO3*`U}g8>4F`nPuy!WTIeJ62RE2`CEv$;lH`?q?Y0}TpR%=fEB&u| zWcEUqFsr~|o>fv6ufK;0o7@c&J@%IJG_$KppkALh*q zm=obt$#;(p{>+Oky1H#xRM@M81w2kH1oGcfbS}4+arQhREE+{+-P<~P>(SK>uf{rR{pdzh2+5u464VxyA+k8=Pw-=wnp$KI2*2CM=ga}jn zvN?|g)XCQl^dTk?|9~aoLC59^y~IaD{UrWr9=%%plv>pg(K`YXCXFpSd@_Y#zAjWn zIXK153y>vpx+AqmHdp8AoBfjF65#N{7zM#QonQ<|3{a6$n7a?(n@d67&H_`-GJ9zFCmQ~pqsZYxHc;FeHKt{G%thx~Zr|%<)&o`8{ zhJBJ&V)p!`m$u}FB~<6bW^%9x`QFx|EkrJU5ZO&7zH?M!TVUJpZ%f05^PEB~`?7p! zQXEQ<$wAKIM)b>r8zcoRHT;HeGls{o!CGywrba8@>d&_|Y2R*_3oEUxWkQfl8!nlu z*ufGUE{D#A(w9ALGpe6B zk5guUY}qz=TRgyEMO(bC(I7A*h>=ay%prTt$Jp-W2Yl{WxTY_cdF!MobXa;xB<3#Y zS4fNXPfmNnN1SI2@}WL5s3N{=d3%N;X33r% zVbS;lmg#xP;#W1guNB@VlByu_+sH^``Vvus_I00J zux7D?TJ9NI@&MvtQ~IWoBuBN^G)kfO_6hFsW&eBQ#QCmOj~@qF1a#wOL)e~%X_5O; zQQmldHf08k?w1e5O(78L1>O8LzSth(&(y9=DJ+#1`V2_P^l6`K00sby2WPra-;;Bw zKaVmGLVrvExSEXZ0Nfz3lS@Xcq5LnD5+h+SuUWjMtz(JT$ zW{+c8FPNg*wD5U`e#s9bxe~BeY9MnW?ONYK2NC+~cP~=wZ!_E4DP720;&jFKbxr3+ z^2hAH`ON|wEf*fKhhlbX_%p&4B(2^E?S;>YFvWf$(?T@W_5R%BZE2C0dp9Ype!>_K zjo{JQ5(Py`JBG^zaKWPsx?EvDw+AHl-KRUWaYOFQuR#1V%18ONJrEje!eZHa z{~@h1UQKtzOMMa>mW~UQfNqrtz8#31SN?IahCIRBPiFhQR7Ru)ag848@%^)|Xh~Dn zA9weTDO*TDS#uT+@uxDRDgr(HZ4uv$^{cc^Uw+A7a0OYGU(whfJ;=a$q(q7+Ggm`j zeYJwP2kvQLWEtmBI`W&01~Eii1g49BQ_T}A)^-9*`pDg@_sS~PzC^ft&ESOSO7AalxO@m--6%s&PAqT!FvAByWCFB`}_ z`2v9~CwwJcd%(&V@1_p`M4OlN>5R`)ZUQnD#uP$0fg7X;K;4V>A8S{#tg5zUzvlI+ zi>62=2qIExCj$@!DFsB}>vOPQWdBCojPRUofq<}zx#k?jQ%wC&HNB;alDzunZ5>sZ zWzQ%Z=C$2<4x4E8Gwl|}JvYwbSvn)wo?kE=KWPlHO6?WslDSXXL{(eI^G%hW?MI4- zZ6Ej*#yrvmZ8#2uPYP(-3S^c18cF^+(f9UJaYN=Ll3)AgWyaZZt>48{PjD0Gb!J4I~d{Y&m81`msUiD!D1fG3Uf{{Af^TT$a$k7)O zS!~b9`n7?${&|`1G}16X8#MhR9QPCB)TK_mPS+O-uewN~&h$LJ(l_iYGwy5Xe>&s3 zQKt0mc$4+IUc-UkM?>gZ?3sh@`}VWhh_(RwCAn{EYo2@@e1HmwbasAurt)?(?Oq=%^t<> zS7-gq(Uy~23vaO;tOy7(1dX+LN&6f>)pPy`ft*3W@RLaI7~Vk7LwEMxbrH0AY$pa_ zT94iawD`E~r|nN9+1Q29U|m*w-wv#8@h?iG4{-3iSubDPK3DL%8}EAKFOX6n37)R( zzTPF%5HQBQPh_9yw$X|%MKH=le1_Vu>B=^IHWlGU4_Ncc6r^PvAxr%>!F z5ht+e!|}1u0zekv-$6A7Q}AgIDA6$G4+$Q;`sJMr4$pBz*t*f1R zIGuNi0ayYSwV4PasjQ2Q6u-v)DLjsuC(v`eQ6uLmE~G{COOY@aA9#4a*1q{$peK_fR2#(Jdj%?+;52wO+yuH8PtvX=~^-u*8V_0jpTN6ohrqyx?7Z zXFKa#!Tk6X#_3mja)>IV=qi`mvu{#3*ss2WW%lp(3P+!|Eh6lo=I<)CUt2tFB@Bpe zZ&7}BuSM06qm{z?n6q$dJl!FB6j5*YouT#OgX-m2YjkD5HwRuLy7f?m6|7$YqUTgl zq{=~{Ql)+_sa4er#8ygFdNvkHTAx&?4&*Hu0^-y%oHF-QByt!w(Az*c9S8$9RX!#*3 zqb&8=5rW*^!Wn&41$s);skww`WotJBV~tsK%3ls~sIP+C9M6+|kF_Yjx%+(~@C|B$ ziF&|7{JJSzxo?$&`})I~Hs4z|h4fqkp9_IgJB%|@qE`7D`@;EN9OJ9imA~j3W90aK zpKIf^Gw{cS!k_GhiBxhQyX2XIHDP?OpAT;Qn0&Ha_KV^-d;Wr?bD+uYYCXf^{Vd*$ zM`e7KV1z-1sLZYY9_XQ9$pD2W_4dOQ=`sLP!rSW7TbEC79>pi|E(fSP9Ff9kg*|72 z-KO_=_*`xldBPy}Ag@u{eD2xPL>AK0PKc2t8UGgPq21YwK8pdp-?jtDD`f-6D}Gh> zN%eQZXasLV?eN(>zohpJr9`_izYe|fw{Yw7?f0a_=ka9)adN}9)^PtImAKF8&(wWu zRWy^Lv_qv;aI65CntvSfurI=gb~*os1m*$Ywbmrm1~L;mP706{@o~ppk#d%wYk^!o z>s27{4Pf72{^S($Y1odB5Ta}cf!C4)#a>=z4kMK0c<>Mg^nLtW-qJJO?x*oZG5tSeRs2gcWuJdPN7Cs2V!)Paf`s37I z_!psd{WqDx+`Wa)hlq}(4aK?DTIQ=UUo*~s>Ds9@{e*z)Ps zhw*+@8#qkkk4vgD7?ELMyhrRWHUkB2R!WAe(L`>S|Bt`+``~4V9#rE8h|Z z$V^Y7^;M*gXVxUe*viQO|DkpGv--GQRoO-2RSseAcRsFZ%p6m({89;hi_8TwJSPd( z5}3GAaC=bE6}m%L#W@(PsvE_tAaN-G4t&Z0D7Y|fU z34w62r1mJB$-jUEwydqGSP2AQh1EY)M*v)LkW=hoI&&1DB&%o5S3^cqQ!av_>@0>vx zvP(apMi9*!3cN4){dzjt8~v>{!&}av`h1T=I{uVHQ6|^nx(C%5vecQb3a+c41Sg2x z+&+p<+u&xKgm)$A=ns^{e<`~@t2?zl=Qh4nnBOFLLSN+jt@FlDPw5ptfhD3F4&O2J9jqMZfv(j9JWfqcMl>J>L zd57Fe#0^yI_q?u`ELPUGK?1W{FL|swFO+d(2^DF&c`tVcqREGEVlIB`1%P9~}5?U9S~h}J_RiFe)V zju5>5(L5}euHCQVs}C=T@@0CP*VprN7rZk-md5p|4fD&UluS97zI;=1%te5qz2bAa z-PB~w_i`9`Dj0vMbmnaj)rRg*_)1jFjL7>4@iod;|u8p)| ztyS|(aGwiAslce3IaperSU&m4N<9pd-7TtFkgA{G=}%9 z&<%VCk(kn~tAZRI={#{pA3IG5MT+~z`Y%$AfHkYyN3Sji`XlshK(#tno)W79b|HKe zW9v28Q`1NVd1RSBI-kh{DGQ8b5A1RL7_yREpwwYyT2?G6ucu^BCzng#(h}Bei;E%! zw3g(}=T~tk*m*YlQ+}0r-mez^l_I1t7EQ^&uLBAZrWbfn+kR>#x>$dN$znw0lApbr z`)lSGrCr_?f!jDM2S)e?PTX)8JB9g>KAc^biiPL3YW{p7+3&IOChh1zCshsGm?X^EENxeF?_<46+)_;qI+^A6xi0=1#^Vy-yKsQ>MCLr|+a3@JrJ;3L(Wv%qU+~c9VZHF)E8J`&Im5gM!?#-0+=z_5 zDqsU~+}_0}RQ9=0d}({2Hhl)~Mj>zfKyK|dMa%rP{U5(T8-WQ9fJBhF$v&wOhUwUv z`wc|T+~xl0|8!*-=Mwz(J==8HrU2e2g0kReOV*Pn$? zqTR*P_r&%?-KpRXVXm*vYF7rng6_C9Wy~I@r#at-iw{w}Q~f($^GBXQ1;mx0Ab`_| zS_#R5EF`W-TkULAwW`T$9Z-Z6eYXPq*<^T7wwqFC*P@PpP7I+(MEx}S2ObOzmRON! zK+YXItJeMuov91fRjU7B<6-&z_GwU|Q=-*j9IngA#)8BK>o*Ymghk{yRZ@EBo3RP` zL|wpuY9u;ZmT-7m*tG$ z`D~+Fo^k24An(y7!>{{!vlWxfiWp9!Ng@`%7`vo~t}-wBovV|bnkFuyI)$u0zQa5o z55imqq+ziZN^zC7*PQ^KkV#o_OQZAH&(o6<@pia^Do5m1nbn&!Ru>ryO!^CE{~5~2 z;W}!^PTEibe3`)UYcUiJ$6O0h>FpxswvNyqo8k6xYSc@ck=o>)ei9b6d7U4c5MnSR zIRSrYu(-$g(OfXxATKA!bDbG)yIs4TqiQbf#M^@dt&=C`tv%PAp87- zStsuY)a#7szH0Rn9zzyf<9<)E3C^VJCUSm`A(+X7AJay-f;4wlAYbssGUWnOy$qr) z5%Z8dI0f)-2bke?@9;2JgqHbx4dsupa=%D4KaHI2ikQ$5o?UE#$o!XR$7x?o98Y8# z&miU>WOY1RAvj){e$Uw3b39-Bhu=C3sfQpJ7!3crE&hqGpc-SoCb1!-%Pr$G!J(7! zX|=K|$HK^e7l~zI&fZ-4@&JV7-jCGcK?NxA+d*$&L;B|)|Dd!6RQ`TL0Q1iBIBpfR zteHTh+&$n=Zh()=DO5?WE>t2-4T_PNPQ8Qwn=GfvCOt8JZU{WLe!0?9kY-g8y`K9} zR%Oy~n0_dr4SxFu+As_^HZ=W?P6Al-S##R;?Q5PP1^OlC>ItY(!YIjbJV6o@J#dfP z@K}J;dbr#9g7t*LaE}rClneY2nmcbaeLpsNte~jvKMNVDJIP&0(zzSA;__8rXX+@? zES7x3}+xa8?B%BpjQ=_s4j}O~Le1xNkK=wGDba-|;0Ee<{4(Hbts^FfpvMI=m?b@b&3Zh)V6oO z_RKN-@#dKHRpy+`k^)JKj~k7)`l4m<=_crEU~N z{5Wq~s2}F-{><-REx>h7195=(1P=hJzEA#zyhTr#@tr!yR)@kox_wTBcIo7B+64lb z7?9ay?+a2!#G}!vWBO{KuW@Y&K!dYJ-)H)DEZd>~bA^`Dm>arWV2u+YfyaeQ(eoUl za>tH`FmaF-VkEmFeOAndq_ysZNUfTRV?Al8POQ^4%ckF|s_o1Ff~}XKG?eBo*dz)x zypFJRK_-3lCvmnB1L|0Nq2wvU!39s~n@^p41B6IA^v?vhPxuYHHP1F0T-vI-P~_j| zSH)ZuXr+H4AA)keNjkplzO1?$U$-aLGxnN~N*Vi9{=UppoF~?>9AemB3`Oj8cVleil+VZe^Wa>dOExbp=%y^n z!23L;#;hBl|Rw}bqAw0PvIH@KRs$%WYm-K^Gs?+B_wC#N}v*DvDuj`D4+ zT+}u+GDup`DCR!XbAqPX9YvjGRxZ8EGn2ad=0k+A5$-{#gDS(CIeI_za!BuSyV?2a z?HtR$nHcpQER0YG8{vkBc=>pMxa+I;pcH2M4ai5x@LuwfU4uOtz}$@U_|?SaO`6%0 zdkB|MEft`32{;Gr+2PaXeBsUpQ#Ab(U!CfD>}QI6JlUk?`QZ-cSD-!NGa0|>y&CZW z$oN%!Gzs+0GYIM4DV5>}54epFl zH(sIJZXa29mb&s*(zoxi@PRO9*4~9?GtrdanT?8ozwli0-oJ=%nK_C?GIT#?4`UMAi$X2&))0Jkl{YLgW`TB z0ybGYG|DO^ZOInzXSiTu^ERD})p=_$(Lj2OBOb@k(%jCs<2SFFX=~le(RJl?Bc}3X zNmniYD=zTtDOve*Ag|O+e-J|5_T@BrcR(k1Q_FsN=f+Ka;`xCt^J~(+rzNiaBkIm= z2QRl#bHs7QOr~4XrIeaAkqNqz7Enpu&j(hC4ihfe)5O~aeX(8Bpc}0 zwSsIT()en9Le@_s3{~fdj$#ptrhPn4zk6mu>!!WXY9#pCTKD0A9b%K9f+@x;1Q?&*hc{a(-Yh?(l%K51NIV zZ3n7*YhBbyYW_Nu35<^h?lk<4PxrdT%`jX-tPep)lx$8qUkGBA^p7SV*DHh&@8kZH z7Zbq`A_;X@NrpM4c4MGHh_wJGMyg+Yg{sCtv{RlW2t$~^`PbpgaDk$|PaqWScH5_9 zxVOReR+s!ncA?jfZLKu$@rmmBdo&?@rCR}&rFUUHLb3UpMSMQJtkp6Bw@a6$=~dp? zbG6Z6%-YA@TutKC3*=0HCaY&|qffo) zC}UpynNiA9sz&YCJ2bT$t*Y5c$rrv=_5=Jil$gqdJejqr@$lsxqR*A)A!*Vt%6;oS zbrjtfFlUnIFsbA`iX3j0sHa1fHi%>9V18GmyG~z9d2M~LXZ;T+Mf6Du!0ab^g-r>0 zly8m6RH6$NV|W7bzKZz=0u|*RNo+t%dbPg)UcAx?vo$65XuwXi^AkT%4}p07@i{_1 z4UPcg>-xB`ZL>g|VDCWZd|?kW<^=DY9(3>R0~ol(ws6SoPCC%oqru+a(n(qvHb>3$P_vyPSDL}SG@L@xH3*BR;l=UrT1^dL%wV{uPVJJ;$YGmVg(=$gfPZ7#)?kdhghvOkWWCFZCA z%DJ|WulK!`+pxD96B43{=McQqc|1+hlY`Ze`q|`%KSV-rMg! z!eX6ks(I{iw}3rvex2fd%TAbBdq%KxxtEt=wuJ4{9UeWKZ8onae-_+{fG-6by@qU53o#ve2p>`twYzy2pI$oqT)!61Uqa>xDD8mU9uy6J z`#Lc^YB$bBN>61`UO2PgUVEU|sKEe}`CNRUq`tS0OH*I{f}5IXPix|U#*ox0K%=(rpM9eCznvKR zd}P;eoxM-7oPXxu&Ih&oXf#y84_x*$raWrG|)T|k>a6@U?}g>%d+#)+LbxHg?`pp6bk$A&uG zNz0f$o--^i!TRI~g=Xf&N#kR?Pb;rDO~XPZ`aSOpqJHlVXEccS9RgM#$HaRHB-Nwt zY>9ASW99?q?d$%7qI+7r&!wX-+~tAwOt?7Dy=*2e$-WYDGxiM50C(n7sBP5ikA>rM zQgBh~&(iXB@{{ zuY1eI$t`_-E{e$2^Pbd_dVn~k=PP=E3)t^C7gZH*d;b^qU`bvgH zjG)>!|Faxgr3j-9cx2ziV+V0+9l8AT0miI9%YQNySe=3%J%o&U_XAXxXAN$sgT=`? z>P#YB!Eq?Sna*<`>*VCRqdp$UQPYFYLibov#xgdp;wq`bc&gxqU zM9vUYx+%<4m&Kps*%c#Tu{g-s=7?EPr?T{jJZ}91!i}aZe3zEEv#oe~7J+}0{PeK> z)Nb5XugS4mc19pGSH2ugaOYUyA6UH&!;$wD>CBvATvHJ@$YNSgSAtK<-uCYDnGcTH z<=9p7-ryqpuUm}5caK80i+Yn6fAiCq0724N-xRUX@xiBb_?$8c&CQ#&`tD8omM`34 zy*d<4GUw>l9_54WP!}M_kkh$@;g=^PB<|EBpTLT_u=l8m=5Ne5c2Ht>H$mji11wE&te@4)nVsvlw_XgKoU4Izl{yy8Wv_@2@` zhrUevnd-_NO-#nLIF7h0eF3bjtu(2lFHtT1^vZw1FAj#fhexyW}Gah zctvQ-YAN-=TS55~?9MCBOJeI68X_prNDoKxF4rOn?jw7fwb)O~k#loTF&zmlXKl~4 z-{c_3eggv93Si<{`3D-)5(om`^m=8v_!7^ez&mxKSPH)co?Sz11&$mgc(Q|} zS$i7Q{05}j964I?3%J`UfIIE_LcOT?M8nfw$W}oP^K@8$sd92ZMHP`veTu{HG+9}R zQGC<%;9}?GhO9VF8IC;1B8Eq@h!;8DQG>@vci{6#l*Dxr<~x+oFZZ&o7;2%YjR-Q16 zFdTx#85xG+K14oZk>>xxEC|je>_@}c1=!|CX$d$IoDhn+^vOUV2|peBbG`c!Yu@3^ zvSF-I<9^dzwSx`G=ll8WKVj&nA)AOi;UHP-Ycs?qT1*-e2Z*#c@29*^#I5&elZf9o zSV8&vpX>p7_d^IZGArfuZE1G5F@S? zl$C3n{w3PMWd<8|Eh*W!Gw?Kjw=9CzVj#=CG42ifNx%JLy6B=wM$vsqAA~0}QOcXM zHw>$dauOujCa7yubusen@?w0iYCm52`78$Ik;e0Trf)5iW~|*cJ;etD+$x3V){A<9 zC7|`5$R~=+Wi3w2;ul<(>lEEu6 zDK^1KTdu-Rv<;G{0KN?Gu6r!09Ku1TN@OJ=C+2@!<5Ppxl2Tu9W?BD%^qzV1AN;-D z?4=D5Y)P8AzT@nm-Gpi8N9-aLmxuYCK2d!2EAOLi4a)PkkWpdeZUW{Q#%K3SMRpXZ z!D^&*^4Eq#+655>8s>TEIRG|+yxi5%hxDAU!K~vmaFc<#FgYT9I_jYNwSDUTQZDw( z;dP{*RFGOX0=N@=H9GUA-V2(xg%k2^YHOU!4y_$5zC?=TZ&kIaod72ibdYhm4aA9C zbTFf!3LxB0}c1Vq8|d)&8@3})BO z43!1}nJG=c5^(A*acMXL)FY2Fu+r(``KrEBhMuptQ^rMI*0xBZUNl z9@O*Jvj~jU6-cfbLU(2UG0diW)CN1bIrZ6^0S1U)%m=(epgp2NWU;zfCfo zDOu0fOzFXeMmJbt(yrCXj~fSMAfftCr?D+^ZnHrGJRiTyzCoSS2EZEF4<3%fZz5A8 z`jpUkAx?s4YM8{tog$)rUS*?p(|C^G1L<8GSx9DPw|CJ*G!j5z|8UHLw@d8 zbsr@Sp5~@SoEv68Up@}$uODZ_d0&b(;7so*s5FWvjh6X*G4sI4KfNlM}M0rVblW z_xHP=pt#k;<`diI@hw@V4Ba2pV?B5GG=?E0T0W-kvao+4NAK-L4{^%ir&$D%!=a z6*zl&Eu`EndK|Lq@>UCg_CtPm;5FodkcrQAJ-7Yo>_y-Ev|p4f?C#aLqTx1hYXIG# zi67!tHDe&KjKA8~;0UA*ws3p2DIYys9zm|4OHzE@zK8>)3-MWM#B_N? zvgEYc{ZTFEkqmA7YDZu4YrgW0eY!4GK|aMi@l$s5zL(<@%1WX2`z1Fg`N^}MVKP;H z@d64`^jvZjUqdj}aphEfe15QOmF(2pnkC#4JU=k~JiNUYPcci_Fgw78co7fBHGx|Z zM!U=w+PTB_^E|L_& z7sYA`fLb)3R%RMDm7um%sng|S624B4uHGWv%^`q>t_77K323{!HoJ{DlnuT2A%LGk zs(n)Q@Dg2%UHj4KprC&RGFC3aw{{%ja#a!;b?mQzFx9s>#}b56 zuYaQ8*?`LTiy)cp-kpHIgv;UU629A)m+k>|&L?o?FmWR#_QLnLgZ?FZ7x{EIf3cuF zP+)woCky%TWN$Y00=E7j6@rf$ZO1}8a1`A) z<_Rr!)Fix$2_~zVA)q=Bx-l)jKM(nGTlRp<_y``Tb9k0$ia4!`UVe^)(*mCb>GypA zdjdU(j~{QA83Z*XKP+YO^AGlU;pvDXz?<`2@a*@WMw~==t5xVdgEj>9J`H^G*@eY> zfe}{nCYaUIGvg}a1uoP4P%dYTV>$=9eXDE!WD)5g)AX5!Jetm(j`W8Tujl53Qur*@ zsV9aCiOW&J%OONA8}=Fom*rQuELrB*(>1?6hnU~Op>B={^7e7WZBlU?4a7-7Lo2jJOtG^M=a%8^b0XFNaUncmR9+2 z?VKv~*p(a~hOD-9<>tTGXrjm7EKdg?>Mo*2GeB7HCw0U!M7?>L>OiX=!mb4#{&`Cx z9q>hrFH-RM!gK?a?T|rK@DySwtH2=h>hp|A$v1IAQ<1u*zWuZ(T+8T%y0t4yfHGiv z@nLqPvAe+&^VyY7g-m0+v@q#3^z!f(9R+wY>x#vJq<8asK2yPrw1@ajm@{Fd403Wt zA*HuV4SUz&Cox~qc5R3k+>bidUB~-ptI5vWqT>+)wrKL@?eRJa>7Za3^P&V5lE>@O zj_rh8=IHPx?x{ND6aIffieqWMheHByyw^cY;}gY(XDle7T|*rbiC~sDk22bED~5f} zcU|#%GC;kfGG8Zupx~qIkP|>Rykf?c6{dp~Ab)|ho0k)mcefHLwwNnaBl1@rxxZt| zClB~zmHJl$dA2FWQ$x^D1bsCrxyC#RKP4L2;QeAASIY=So-kSW=v#r-LPo8EtR;)F zLjEY$b1NWNA+GcB(2E`9+q0yYo;lPzr1%H2NJU{E39^a|ta{e}lb`7KH3TF}P$U==F_uo0AW_+-exwh-A+A}HEk7r<#fSm;^wK~1pa<@lC3I5ifh9Yvs8fMw3ag1_r zK4$50`tdzT*y~qP52Z`xDRSY2U_31FhYTnX?8rGuW)Bb7$+MnOl!bIs3M|T1%P(vHu@; zef)tc%9AomO?~wNNw~gxto?zK83TwWa+0|BGw0g90IF0VsWHg?vul8sp*>Cr$L@8d zBIiTqgOnkm!t!r?3t2jziIlj=u5M{_5g4wX2lJgY8~MdCYxzv4msLQN>f7eiI^^p7Za* zkZb{bE~aiN}eD+RwNGlepE%i%{%40jTuxGw} zZXsd_71;mf1L$oz*VDaFDKB)plMie7hOh=VAeW;J7U2D7ZZh#=AxpYNpEmg+h(Oi& zqZ>-vS#Tvkfi~%ueng|*vkz7JZ(Fvn{?T|EcnO%8@Vq+{2)K-<74<$I2#J z!+sBH&`){cLd%j4OR6tu$jaNTmhtJiGA*oRUsLor-BVFycxt8J=|^p?NB0&q3xq-b zFZEU$)CI_nu&#EeclEPY+57tRc=yV}Eh~RL*B7m*yD(4FYV!A{@L0>PH# zKdtY_?(Hp7X{ z73#g#-c-bwY+mtO#y0^^Ea5J=hM1K575p(n^!y${SBuT$7%aa33o>Oh9|rTDk;-e2 z9^H!d9e$Rgg*lCuFu{(Eu*yEgMBFa!B|W4szmfp zhuJ(Yx4+<}VSe5HwEWa};Pa?g>#)5e_q0t?wP$W!OG`e6YWh5yo1sne(ZIFw||2 zD4xlKqXXzpb!V3mpRNyhM+BAQdJ@yq9(eTlhez(vivkPDr^DE-oewqa)IAdQeTDbI z#6H2k4_{V)>3{1MXHkD@RlnMPs?1X*=@U>3$6va!G#g_A-uqWlb_H{3f7!yMA z8jJ+fb6Z^Ke#Z`}v2FgzW{-2R#}7+fK&Oy1?PF|Rk;wthYw({V2C-e?En;)GIDKCT zq6+f~y|DbJoc;1AyPpH(7HD|B-lqI#)a6wEde*`u9wMZhOygkfkYBY!>S66QOsCR= z3P0`DLvl5okHIm4qE8_&$|`|oNRyBFRU=cP4$8i+3!m2&-7xI zcD&6VI}1md-Vra*7;~h(aHGNqSy%Wd^$Q;XK9!VeDS&udA(-gp`FgpdxEv8Z5bQmXu=Wt z>>x!Wbs*3x$!Uc0L0qOnf-mX7oGsy?>j(tSUYb}ExqvU_jK9()_k&;ZsBxMIk@X@h zPgakmZ#IymMYA4fTEm$kB6`kgl<`pLQ6Z+9yXwu|2^;s(t@53~NpH-nSz!J}zwSHB z3mh}hR}6dn^QjVe95=8JIdOSha_*`>9Q_v%$K?3knsSc|9igpN%v`ukIf9hP0e)<3_WT8sTKi6zftWk(>LSluT zn>rkQ+A9$iap*(p(d(@St3u#j4{tgl;=5lO%S-98@RKT{RJ?umD)ol(ZdH>lHN67uu~-Y?A6&;e=ZGB0mBkDz6@ADE13 z$FWOP&-P)q3-&etDvo@br{dYVc~%Q>A@Pr&@8iL74_KLF6773z`-}Fz3NdSdRRofO&}eOFMk^=wYNbfolNRi zUZ?4R`>DcfZ%|)$k^#{Ls=+}o`t){k|1O&1UV{kvKwbnevMF!m zX}}enO}OAel|%*pQSlBG?H#%EG-xGZ_ej|F6tF{lFqJ?9LEb;T< zG}NgypZB9_)HhdQmecAgZvUuW(9?02_uy6jmffJw^ElmwKV$dd`uLU&$Ml&id?9xz z*c9L~*BYXxvco(cnLLjXxZ_K|i2`lLn3?43=K=D;bh0~hIXIj@!81;^?oWZJUO{3l z_K~)%Js5fu4DJKYU)|gO%q5}H@2k*v?$v;^ms~jBwC8;VzP!S?NzUfs#_cPB31;k9V3l|eW-DS z^Fs9Xh@giVF7{-Slh;?56vIHu4x+Id#}ogVvFg9Ja021K-OXx4ugb!S_Cje76j>QY z-< z3gJP<&7ZU2&jI{6sVh#9gGGC5*TiE&@D-*=rT)|Bdsx8kxG0s`YD7lT^@$9WQ+qOr zTm>Y6XZr7&Js5d&8TWSJeWayT!&OIs3~?$VWL*MLm)#(Pg%|n`_8^Z z4bB~Pa92m>z9-h+Mb`)=^PN@HcIfTW(-Z29mtneWm$^_^3*pu?I^;O=i;Q!5$N+E+ z99Fyxo|`87kohT>uN+U*h4KK8K408^658@KgvO=tStj$3H}S+_2LQ1%Xu{BRD%}ex z4V(aS0MDoA&r0&_%%9q?13OShCtlb}JY7s7f72%Qy)T^`RgwTvOSbS%m^Ia%u&sWN zxAud%S9%-#FBKnPp)St@_!cmOCtULmY;Q94Egtg}%E>IeugiS1cK|QGEdnL+4OyUb z&Ae>Rso@UVqb6V~$qbWW=6#<(VcS7-zjU}GNSL#>fiii?$?7VTIy- zlg1ExrMm<^-8geya7#C|_eqHhcbfnpB|uc)GyCd~z<-|^Fdb&Qz`fo&Ir6`HZt*fmi-7p10Bd{qRbY2uR@vFK&nkb2Gm)o5RE(v4?wV zaun2Y@9fU_lrfO~nF2p#<8+MW=CG7j_x{Jvol4Pu4};i;(R2NfpnTX7(9i|8!br;( z^Efa|cD=?(Jz$ID;sF+sEQhw)+z{47I0?XTiqj)@0Xw8yEoB+%cX2N6SD?txsZtNh zfgcZWzY=7Kx1&&5u<$noBEYlUh1KcD7sYD`fO8648TsVMQPK{`7NQVW2gyr^LESENz$vt61 zVmQBf%+{mBw9MkcGOA&3HmZi`&}m^E`*OOHsRQxF=_~MVRpS5|OV{}=f#6cvMZ$5P z&#MdauMaV;=U;Ily}Z*X`E0kkU8H=lk8#}~_|FP@wn-rB!uzMfs06cdI^PNBR~vbC z0OnJ_&`8ajuf|L0FwJW@GV}Ns?Z@ox011UBG`A=k%*p7IOa`4~3bn5g4lN@=9#4}; zj<#P$J{+gFdYWMUVHj&%CsPf^<+HnZkay(G;TH|%porbD;KcTU@d?4D8KbtE?So0n zP5SM#hZ=Z@q60hC<#FR`Te6hk@`Bv}XnUK1ejy~Imi*i2tO&jPW*;QQ55%s4ZWB>s%fN(c}J^Pc|WA$Rv^wR zd%c$|f3oamPQD?mtl6Qwe8u2%@yV(J04>R&?)r5_vV-LVxEuR;{9m|YOzjtQ9^0PW z_nVH8P2FeWRQd*gj+Ix^n8kgt4t~&TIkQFtIk)ml?qMNHY@wlhj~GOaQyS#IcJC#R z2P9p+)mOq3%`*P?~#yf$)Bh1+4QNMVhRfvVIXQ=0oTLd zTNzdoH(}o{q-vEW#YEZTup~kc9Db-Z0V!U><*X>-P6w$xY}h_*c5t@S^HmT!SY%`E z56cc%k%ZclnL5aCAAh=c$H$FS&)9s1h7;Z@%YEpG^DO$2 zlKp){#UkDTd=d=6f{Mk8CL(19=*K)#DuuH+8^TusDCBK7+-MK%-xE(-^@SBuENZc< zsfC9u%4h!f>Ai1=%2W#+3gl8HHIkbMN(eVHOFcg_%Hr~HSO z|MMq({4C?w0J1oZw~qh!f+EW2z6C`EFaUxe0rlnor;=)YDOn3~Dy}~P70&Fx+x&;3 z|K6jO$=RaudlSa@_2m2|?Ami&-Q@FDHSR55>F?(pg}KvdpMe!!1J=uLvJtRk8Xmr3 zmhy|qAXRsna?SoTIFSrQ$bFOL=`0$562iiNM-G)R+`=h@-wi+Kp5jug-s>yhY4)*x z5(IH7HFMh!exG=Xuc#Wi&j-^!xN@|>r|zsLpD(5hRfLMcc!68Q-socHi?T8{MdOvI zR;A$V(-Z8{U_Vgtet+$~1LE=Eru-4iGjq0zQ31*BpNmN1V?)GEOBS zGz{?FqpyZhdhcEAJMTfFAc)U5R7ml3sg@IS2LExV;!8sw?R|xuLnuc$4ZsohJVZ+& z26Grv=7p7>oo7b0khP8#nd}qKrdHj6zAN2|EeVVx*JbQ31qhn?lY`Eg-BLsyq;sLTCDkz z@FKwwwTC@Cq11vu={oJ*h0zC*d#=AF53l>L!~=3S+_~q2%Xi*~p(n2Ve%O6Td!Ob# z9>rt6{-H;BLSEEa01&AnmmTw`ZppoVQ<~8mI#@ov-Yp5y<{rYXfUR=!u z5DNEE_;C6L_>Iz@G_npI0jz`n%G*2F>WuTl2m6?`b^B$YG8m(aD3=Qd5@#wYnk*F>Nrtna2B`E?k}i<)co4#CafwQRZN&`MYN)JSxM9X74x-JpK8M$AD#P6 zs?GhihI}Yu|D?T0#%16Yu(uFv_xVwI!!!DQEqLRQcArn2^%(m{Am-M`31Q(KR!hrx!g+%q2 zNegg(b)KKj2%^6vQFtT@N)iNxH%S5#C5d0Zm)Ub>cV`WV z&|O_!b;B!%DD$d1!oD6^Xha{Mdd12xq>0hz3(f6q{q!;w^0Q<+s}-GwJ$hku?mx{O zF6g|itoOml&=r$Igu)QjVfZ@c$LP$GLRggqt~gNq!Lx>z@S*=Pi+bK!UgTldQ$u>)fz#Rx*D14M=ohPJi?{*G}MwZakGh6Lo-&Up3c9gIdwR=I)uyj09vj|L2{rtgFlp&N_EFGA3}J0ao>De z%qeks-3xeTG|DYrCeXlo{#JTt+}C!!wAzj!3QrY?)R!}=M_}B)A=Q{q<)eKRY&`?n zUfDd0KtsQO41Ix6drC-G_LFALd`=IqFgE|*8le-KoXr$5>H9L@@r#PhNAKL(RFR_o~Cn;vI8m{C-;eFM^669ZT z@O212Lvsz1kZL`ZXZhj|2Ws1M8NeKbiZ`nLd-Uh-l(&CMl5;^EIC#c692VvpQeEB=g3!qlkM3~BS3ZrP_AXzdt)v$SM$@YyNXuA3)8Otw#^kO8 zss>N*0tzZ^bGu1*22$0TM1rj~1H-Ps?7AZ=Vm*ay6VZ9AKl(Z@EC>8KoC{6q{N(nx zeQkMq2j_*xTVVy%u3#Wi!pFWGA4v|m2Z!|EM@dO5d|UBHw|UE9oOIp1NK6-|>hrf} z6lP99TL_c{yl5Z(cRPLQE|M4d)KN6^qT1V^E=lb-75Yf~R^!So?dwmy=;(m-w1E*8 zq!InwlIhTpfC$3;=73Cb!fhWdTt7H!VmHY-4N)IMnzk=8C1%o|C|EnEP1I|4dM`E; z{i26@Pq0IE_(yolwNMH1loUV ziEnTvyfxjVzOkpcy?Q87IGKHbr;PayDn=ee=e4!!haL;+tqx*)czJ?f3We7#B~}AJ z@R&v7&r47TW*xq-abBvfsNM>)PPCAe-qi1Rnd|EarKvA@W9KgmyY^QBq=f*h`CEF% z{(`7aM*V|=&aiRkkl0se+P#4&95)>RXj?Co{vOkV=EyP){OFJP&X@57pAwj!!kZv? zqFn#s@~i(jE7(B2$2jF{yr>`{dKIcXJy%*}emOJ;&%Au-h=)$JkKQzYHD7$+&wgO_ z?*}dk%XrMfy+~n+{4$p=A7got~C) z!ZtXDDW|9Xdh%20XQZInp7F@8+J0gu_`(xd>G;f{&1?*ug}NN!QdFH(;08;~V5rSq zw|xT4cG$ba5IEBCn4>FcVVkJ3uK1>v*Sdc<@^o;ebD=BlN}%igJO$BvGwD4;(RL|w zwS$~m093)_WZkODAL&R3$7RUG;~q8Z4}&~J%ty2MOp*?=har1w<*YUgKfKkp8{dEu z_5PaHHBdo^3(@VM=D;ZJNh(|T6_P2DTdzO!@r93k$+joO`Dra(zk~90N$5lNtz7~$ zzOB~dWnWzI^GtontQOxF5tjqD!}g={1EDycAGr|iuTjMZx*R^NbV^z{NZvy0J(2+XZ02 z)>aNU2DqEgXumVFvwf}WFiV3{HWD>TnzO#IZ;-GTD8U+jbUj&Tr~@$cJ9!+#^m=zl zDS7W39#%T3KSMU%cy-gO_!t>z{E~+walCXlSlw^**E+&d2b2`{F)f68NHu#(HCVS4 zPPNCPk0lh^XT<`t|EJHT@|7_x>%ShC*UEI{GQ4ZyFD3f+u#c|yHhv~Qkb-Qdp_25 zPJ0|3RjRWPb~nDD5Pv6L*K(Mu(~x%49=3)10Y_|tC@muA-Ycokxy-szEtdg62aJPH6EZ>B86F**@YW+Z{y>wW_bJiBv+@*j@Iwh%nhPO&a{vAYj^l0u*MTjuWU7;pCIVEjSvE%oww0|zCl@=gL%<@X(U{7Wj| zG4aLQsjU>^1x|5r0GGMEzZfh0-Y6|c=_RkoCn2P=_8Nj;Q^}kaY{cL-1PmNf^<#d= zuSYU{em@x}dZM2CH!MJUDljF`RM&~cJ=W3JbNZi|fe-(So{D*)uAvK428=30#cs5k z>Q91Z%zgcC)zi_!EAdx1RRq(>_^ZB4+E)Rypr>^b{ghPd_Z^ywV92NBh0iTMGB0twIGDrvGTC zlDS>p+eAY8;oUtZ2m#`|FgQ@4ouzNONE5`u@sNGC?(zn^k(|LHAcdixsP$pfU6sQ@ z>^c59MD=y6B-9~4#m65T+qN~bM!J76E35?+b6quR4U3sWY7;xo47|3fYtzpI%4p20@!V)bsX*_p`euscD*jM^I zGrvT6s=+gutY(-ChrHyWFX!nlUR(g_N&9SMW5Y&qi3e7hZE zBC7?O8oK+9RacMrH23fcyzXgK-5iWx@=M73WhSVp55V5HMtos9+I5Z{TKc--2ju@J zX(#j+qQC!FxAW+-V|}WJOxw-{yjD_sT z9=H>Dn`Zgfcz%z^SW#H{Q?KM?(Fzky*y%3A`b|himdLzLd3M_e)V(APP1N1>wxhQ| zZdbT2>=Sqe67d!60p8Y|Qk?fXk=TGZBQI2aKODK&KFg_$pG*xBUDx4tIY{MOJH51B zj#ITma&~~!I^06U_k7nLRx5Y8ro)-5-lur`*0C_MQ^23tB)H}Et-i|r=mA?66cqG9 z++IbyFCx5srkOn zKR;fI6UvcS#C-95Q=O|{B)?|1^ZoQ=S7x6OPv-_v9XA}{qJ~`xa+jtSdwvErEp#XS zZ>1b@cyTlZD)-Bg6ej$UU{qi~b9J z_y(b|sjkMJt=ZR!pg~~8ua{r@wcNfAMl!wcI%tqBzF5j2si*o;i>(8uYlSiPpn^_& zCIp$_&OpIq$YIsACr@nwC%*Pa8T4WX3Yq_uSAV&h2kU;)Rl8WH%#y^+G2NfM=f3Y) zh2qKQN!+}xCx&wVV+%F0n!p!okk>`z6M_X}UCbhPgD(2>2p=dxoOb_JF?m7aa2^Co zx^6XyK&SKN*#~LOlty_5g!*yTo_F1J!7uRU?X=ILNYNgq!>-F_`*zq$$@&ptg9HMS z;ypqkiU%s(W311I`4!Hz01lK0K?AhB@pf^mH0Qa@_hZ-$H<7Z%J=;_3?fA0$sZlpA;&2115+q3!Q?ECAvBOKV& zVR2Q$xM8RybC97D$H&B#*N^iIze5&twDoGgJ|NTX(b)!B&i&%u8CeEZ8aEJBDq9$)pXvZg_ma()oVo8JJ=*+x1=Q+c#*=zU3F$BYG7tOMxEcOhY03{h5*vQ= zpPWIl60NX^Ko@ek?{}^L-Lw-72JSCGderj!{kkfDZL#YMS*j@pwDtSbU}5jlksbYn zpab0;g(isyEpTy~*Es#FN27u*_veTBx?k=uKr5_I^m_ubbuK*VBz?fc!gPcrqhWzlwRM|!9`vD)T361Xvb-YV?1u8yhc^9?uio=OKH8?4PQaf& zY$5<(?)-YpS0W3Qj+u{v@zX>1IzJpj$$C3|Z^5@9y(1?3_&H`CM83>Oo?kb(>c&=n zRiL~W*iun+$(<(0{FXkKD%i&fe#YW?J^30M`U|oV7t5#k9L%F8Nr_BqBdpP!Cj^Z> z$cv|n*y74F#rXyhp8z?ATr#vqoccE}F+uTrfCCu1Dcpl>@wkMqeQ6f-Nmwd zI|!R&S4(H2Ya;d)zc@#Zgk6Ieb0|}~K{UDL6=edI>lDsc$@jPDOKj5kM|(R&o4{)8 z>&riDq&TpJ^?wTkzUDBl#hw)5#}A{3yS$VGg_(Le`(D1C0WOsx@wjiw9-kreh0}@O zPmI6({?bQJ7IocSJ`lx|4AzGJMPE$=v}&2OM-xHU1FRLIZj{X#yzD~*7oAZ3GVqV_ z-;k5;*o#o_5JTrDElar;LQy5wKIjZNi_HGZj$SzZVJZ0z+6JLn1}`cJwefP`i{YX^ zMC!MaU-mAZ-nT|1%6Am_Bu;Q&XTxMi^SZi{t_AEzpQV>emJtGboq#K0CD-d5|l_i^bB6o>?_83W;*kxrvnJ_k=_O zxyQTx!noN^FvK8&p7i%u1(bRfRPLt}=lt2VHG$fIdX?>^%Fs%kV2K?SdT&;5^#mdm zapkA<8lU06+BU?~z5n(I%y+Y^uwn>jz1J_bc_{tyM+J&|HVQ{=%AgkZm}wD;m98wm zjcS2iOLO7$$pIVFS>XV=#qTy1M&Dp_{_x0OgO9_ecAxXXo|Q&=Kz*(o|KR;j@S^y8 zJd`L`h|2qh@}+rqu8F9A8zsKOK4njU>($!AbLsbo$Hy5I^~e7#Av+`r3<~fxBb|Wk z$hG9+9xleBg`5a4Vx(Rw1uN2)q=%d2)+`@~7h5#-G=YJxY`f=^&g02qJQl#Ht$&)4|9 zR@=cwv=r&H^C>rL^m1qe*&Aovj^*V73Ur#cT7JG>Cjy@Im@1j%;Q4C+K z5YC-JP|Z!yV}Wn?Z$L!HGkx7kNpGdM@CrBK?59wHvwDcHQ=0I3+=p@#P_S@}W9D?N zoKvzIsxXuJtk9Zny6&3V#+YIapXky_fW$fPH<&j8?|WyOK0-t1hO)ukG2y<5kGy7( zXr%10oAE}tg}DbEZs}Vv+V=OZML#f5cmSFJ8T@>gT4&|ly2UldB8i#!Pq^n(U5%& ztjYQ0CVeiOUzW=sGglp2K7!v$yRR$Bw-+c34plnO=etQP%~ShQ1Xg2*eVVc?$zj%9 z6XXWI0a=A3jiHI8&L&;?4rZGCVaX-A<$-xXehxnVZ;8l;7Bp=ql8Aame9wC;&PDmk z6sHAIPb~Bw?^@jBnRIUcr?L; zD(WdB>m@!qBfBcUC^`P^K6h9AdT;i@s9h!1U;GkAPW{61uTollWBOo!r}B@{xF}P& z*7v$$PtE7x!u#EU(^bVekNbFKY)Guy z0@x#!A1CG5QCI+N%HGkw>ge6{2HZ6fS$I{I731~NS7Z8jTl4!47onvWMOZV4%aXez zNWIwiYxiegSNJlAk+$bg%fs>EahX2e7?SewdJB^b8kHzGtx=CoW&9(gJ!+H~5r6HJ z@wp`fdjg@dIBC=O6}EQ#y)vSrKrmM0ADU+U4wwTX*>sm?hKTrvx2KMrP=j656%CP< zAPZ7PhGOd*h9Lu<2BypKCDuFcF%16?&fn`JD~UO~IC0;0Ap0CcvA5Q$^F!9Hrf;RL zCmz;pyM)Q}33OCl3Jnvkd_U5+<2 zq2I@{^`KAh;s9L10fg@g2p!iO&#Y%MkE!tLrC655N|cyque>F8kiQ4z`o-RNUnS*{ zD;Bg{@cywe6K+q&+0SC9m&?@V%#bDUiyl{!B2iEXCl1J}Z{*pPjg+1uPN6Sqade4^~4)eK!QiiwQ z^0Td23Ui0GWwOlgTAwZf;-JmW^vKgNprQ9MueH`58e9l?FG{?qC}6}VVh;%pateXP z*{W*LTW>PIx%bvBD_0{33Hmn@TWx(|ANCubN>Y>RFgn~vD7?m3P5G~8IYZn7tCZeG8{mQaN$&Bf#U2mxJKf==!?8Rzs#~# z`om;Xu`;BF0JXE~u@{w;a!;Y5vG5xt1trM${o=No_;(#P5CrxF4rQ_1Uau5e3Zi%M zweFLffKTxm@+T-k0poy^zt{wI_{6Dv*=JA$r;oS&f`R!&c@xNcPJGp+$l=Z4#yr+a zf>HQV^#-G#sT2Lx?uDCUk7r3S5rD&%z_!sHt?Pt-V`US=iMJFfRY+*XAs!3Y$K!pu z@>w_xYxvS&wb4$wz2C(yE*jxMumU&%V0f z=NU*?yjR=0r}0tF&g60im6#r$JVt!k1UJ=#N$(3Cs&w=me)B{qeTT*?O=rfq3P+8f zlP^4xPmsw+nW}~u2pt>y*vM657WT3I%$DC5J3O)8rjquZW_&K`;#V-qel2#ya#|(ATem!iUqjmm z!Jn^;!b1`>xh?)xr;o?y^K)BpfmE1pZwPr4#6}@q1qvuPvMKS!(f2`>QTb_wgv0}S zdV_^3yH*=(cngo_j(F5}p$oJ~6q*1FUCZ1sl5u!>#1@v(<{{XND zwg~S1_1@%PdOSX^pjoz50s*{UD>8m2??s;9ixUS4_EqtZi7iWG|EK?4ppNW6;e^Ds zzi^y5{edL#&3evrUN0}rEU6qRHj?|AiThyntS&F9noB60q<%MCZQbHqRq zPe3{MFQHzaJ)uC`tL9zESmFu1fqXv3QvM@i`M>JaIDRMdzOBhO6l22)3-L4)kAZBd z^;$(wPQR)(Q%mV?p$q4sPCdTEHhYGMW8zbv_}*67_29#G&OHU!D)}xTp1Wswm(QJc zY+vCqJN~D9G&$&~ALD!yzl=juW1lrIc8cXsFI?C?NgV3<-WV@_oxQ95vh}5VJaghU z%)9?72B@b%00qCn3ZA@_^53~ApI)-B;1BGu_t6tw6zqsYG*_{;Bca=#KZwX zKu+bB&0)?PWU8=G@w!PAyK!;3FVf@byQ1qvX{;#QtCsG)l;7vr>@lKAvePGosp;<- zKR)UXkUW*Ss=v3tdLHw5$JLX);u9Iia8A1%$^=D9eF;4c+pPmFgeLI{?pc}E zr(~QTx;=p}@%ff1(}}#e3ULC3v)f?LT}JvZ$TUh-431M4LtOpIqm=S_Jt_^Ho>(PVrUf}V^hx7L^ zkYC7b55$Fo#`p$(T_Ab(oNi5yI#_A8KxNn48zmpS@sV6_AE=q#1Byrp2ajX{fN6{S zfaSvh6lZGVr%Q&=MX>t4DU&Gh^)&-7hP_?dWx>*~4BTuL;mETK>+-0nT1j-l* z40z?4koqHJc>N!IJ>Utv58gkW%MbY*S@QROeO7Y6OLCs#9~E+m(bQtj-4Cb1D!Jau zg^Yhqs9=@W4XOGBHauR=^a-sF!7Z4>PYB2c7T>>Z&zud-wF>v$9CQ77*m8=38K*0D z?){Z$_pLsZ)V7(Q=XX&sm9u?VT7&}skxj?KD6Bb79cXp`0lK&o&)mTa1nMuewwwXAg ze>;=RNAF9R(O)HEGY>Q^!eslsXRM#`-0x9r7?0!r|5u?{7do`0Lw!{RSuTz`M^r(v z^28TO)1hx~d)9Tia37-C(3id)^^+fepIIk9cLUr0c;uh-U44B;;=LzJ1;4Lnfu6!3 zC>I{*(~s>#a$k75qq)oPh~PvvflAebNvl5&8V83v!Q(yT>2)9Jr9Cxvub(#S*Y@FW zUWg3^|2q=UC5d(*~#uOC9VOET5T1&94O~ona`skGvjm7Sq9c%rza-F#7X(e7VHZRc8 zbe-p@e?B-36;c7{xc_X~^F3E(LNP+shJv`Y3oO7ds+5OgY32P?x99U<;l6`=7VgR6 zrbPuEQNX%L%k=vY?0fr;5w;y4?b&+rjno4erv3!=;{t;+HOE`|c$Yl7;2l&m-&PP% zAt9%zf{a(!LPLNEsB&NTA%2uRX2`zDrS-;NO_E%cWl@`ktpw}1WHiLUA~@?!xD+Zq z-R664h=o1GY2v+nR^|>kiZ_nh2P6ooZJ|Z3z3E{&*i{LiHdkH5I2u|VdCvxN=FNn< zH@f#;=jsP8*KWZHOkKtQy|brozK8bmiV_%3tWH3^;nfZL z@Y{YP|aL6b&EQ~ZuazLy;Xa>JLYlmu}95(+i#bi*(i9LOyABoL8Kv^ zhx$YQAdbn~m|e%0Ls{$-vu;D=7Xch)wOu^&V++K zCwI*8?-kg69AbYYW|ZZd6w!1bJV1cF;Q116t$hRxY8tM8HZJkRoTsnirhQc`z#KQfh@nh6FY|+>3q-mjw?RhWfs`ZBx$zcUJ`ls=Y`UhN}z18~^V(J|s3dZc0rh-JN zkiJ&|HZZV^IG%SFqbfVi=?uw`^NJpdzEL_>F>o-<~$2&-#oaPkcIErH%;=slZWP_tfci2dfE`&=M#-pu+tAl#Rzi z1)@yk-Oh!MRhx*L%cM9FleMfqh3c=HrxAPQ!%$m72wp!N!o~#aZ{$&MPbExu_7i{$Q zA$~K$cXO4Y3ww$A*qVx0MhbsuiRyf?VCVUPPbjA-TcdqT+OVTPz;fTSZ;GmD@e09z)`eFI4feJ#)p=EIPzPOp z@wD&XNMkmvi8}B$^r-rBPrR(^xcgzitG9(uD}D*})7_oLQiMjlyFGhz?zcV7*xX=W zAU0cqsM6n+oZW>m;J>*-Xu zaGbOCdBpE;&l~Qem8qLY)I3vX`)a5!QZe6qSke!$H)ieMjqBw%p4h!M#5izVxq~JNje-$n|0WZWM8gO`$ZNdS{T~GhglmRN-f6421Byv=;la zuIWxA5#Ptowy3md&Xi*NkF==bkfzqlu*UZtvIdW zF1A1i%P;NsiyVX;;ea)UU++-q=OP$!jn0z$xdR-j1R;d8fm<-f@&YZLc)x1Ltb2IQ ze)oePzvaeylT^hs8v5ldQ~ub`@YdbDJ<(lcn2tP>7!Pfz5I*;vfB5C))VgX^N!%v- z^4;y=P>Gx`eihGzD2V9O?3cC_MhF0xny@7Yi$b?D=_Rxo`ban_+V;I5J9D=6)o~+yLjs5W3Cc z7ud)m8h)XA@`~JlXV;J4r1#HbzuwFeJkNh%niCJgQ6kds$cemCqw&EI`%?+ z1OA97_Y3saUre*mm9tOdN(*s=MM?YZi3rG4T9_Q(kzO9{6TewT#+)?osubTkCpi&3>D@P87_oA z#Nsxq@#%=-h|6vl_??#~Aibgg#iZanTen|+gilc8Ll@^1w!&x5CLsuW%{zUem^YI> z*zXrF0QofK^#^(G{wVVsLQ%wT$+L8r=CjwCzq2*v)Hn9^K!-|gLlskOo;k?DM!$hK zNzc_^_}1_Zh04*2;3uA$7^WK9E8D*WK4Np-s{-G=`vL6y#r2LS0RoyIF8#LtMKl86 z)attlCBl7mw}=O+U0;Iv<*!_;1yPkzfRkXNiQ_bF*Q4l@)!RW}fsIu5S<(ci4Z|Mo zh8nj-rGxR!E6|@u9Mdow*TJR0d%~^fQkyIJCkb0k_U-G9z z@HiSBUjY@fpN+EaaT>;XxvfUGqg7wzKQ|>jsJ7Yld)22$cO~}twzLw;DA(ZJ_``W9 z_|S%qGJEzZvEWyIi2_Kgd=yCUCwokYA!xP!#S#6=@eI07oFJZsXKut%+KV5_{!-EJ zhdrPFIH!uFc#X~7o*vS)^v;!yJzD2^d0mMk8qL$J0eU~$?89?OAPoiZcwg|*v24;$ z{SO?Q7Br-)CljU(5Psg_fVOIJFq-D%QppzC7j1*+o<;JYRPYZMn{l##fRVkQ=xZt< z+|Uba{(T*U1H!s0eeze5L2N>v^cQ@d!vH2Pu7>4ot>_s=CUy9spQ8o^d1kBI#bmE= zci?4jF^(~%N=st$*E5O+>igk@+xKEIx8y9W(STx^c~;+5Y74Lkr%RqX6H;9LZFiot zYd+2xoc<7AN2^|x=2{bx=*wM2gzWco=@MbzNxaz_)Gm4Gp6O6Y>OIsNtdq-T5|8n5 z@b_ua3x761RAE?j`@KSY&{>0LMQ01yuC9aO1pBMk;k)flS>l^i8swvek5q~5M!Feq z#uRc-7}Vc40C4wJR&0R?SlHaNQz}`a36IQIp<3$hvhVfc=9xkn9j*OKljK%kNAr+oo>IkJkkq}0)#^!|Ngr??k--%A+q9;FQD{UvJtb0H2DFJMuB}$~B zSnN}^e^b}xGl8Oj9K#O1`1v~PuslO11y!Tt(~u}Zy3)%*%yOn;V0spifND)TT?bq zx(BN#QYYtK2oLH$2a(=w;UDgB7JlW(TvAsGoYuxBS(je>T<>DY%jV&JPG|e9%}K-= zn)aA(aHz!7ks1LK8qLWIG!>4c&2!F-z#&7i5}?-CXH#kyfi%RP-IWCUeR9#AZ)$)2 zUPqMOe(A;7FV@Gh?Kqn67+@$RbW_G@00w4>kwcFBXD!lECT=Ud$H`PvinD#z)AZ+tWjv-3O zNdTMBM})^<z5V&GZ^OSTzhRPMNeA#Er}H9L9-2+NqCn_@@uA*7Uu~!?9iU-X z+Wyb5Hm`Y5;HnCDnr@kO0$N~OkK;2^_5H-oxC&zD`@dtGpWnUmO^aN&3+X&c_iOVr zzijo%V>?ApJtGgH=PgcVz3We`_gp1ZM^HZ0Jto#Cjk`Qyr8rU>c`r}ZrEE7Pdi&R| zLy6ylXd>+v@mJFm8R`HYfa=pHh{Ml^P4+u{@T4O~t2%o^5B#a!r7BP)`<3j6BtC=L zI`6-S+DSf+(QR3;4OtorOO%kfQq3ct+^#Sbv7S|egj>Y};s7IL^*|VP5$}<&w5>IZ zNUu<+bKI}6w>L#DraVjO_o09VPbEZlRN9Dq_nD_h2V5Za`;!Z%-;+A*anCmG?T0$- zF+mp(=8AvgCtovPEqrZdLxu@wQASPgE&zLypu%r>|L4yT-Q}f}7YYE4Z%|Nmrm2Ty zojYy$aSsw|t{)PLG%3ZPxMsW-@0)@Z;TNTM49q3!bCXa*)@r{{`uv3A;@7a$u|!YO zzppGb*Uv%dfPGXHjc5U27C`!+K5PC7FXsJ=HM`!M#I;*suP(OPks-M^j(wYocKBee{FALvzfKKAz%O2S4>9&>SCxAcgW7tz}lZbDB6!`2Q zM9TChTUOD37WjHNQ_%X^GXGwsiXEK+JmUWCw5O_P#cl}? zNF1d?6vIan*TchJCEPWr{eI2VEC&BMndZd(FkZ!EL1{mJ(sR&3rMroq=KlW!1F zz$=4?WpdUbtPX(T+-)|RFCUI7IRK*@C*}#>JO$nR_^ev#2Vh7oKE9KC&W`Z8z2pqE z^d?!*!Pc7&^4w7KN6|UPc=+WaWpkUSr~v@h3NVuUE6aWKZ{0 z`VjfNS_Cpy(U|M>nDKk?^j@TKZcTRyGD&)Ta}(V?qo%ANAxFOoXx1eii&FmhlWb~q zRe8_{iQe|{802hI)YIWU5WhBcTLH&Az+N&*8d2tkG3D+zv%|O$t;YM?I>Ay}zP%JF zk+KtHOl_IqTTI^Qys9AYD3|*{UB>r5M*V#j&Q(@K;eF=t`*|?*fQ4%Oz8pMOz4H0{ zd7swBX?ekKJkMebb@Q}`UUj#9jt$Tnj43@PlYu7O)VkjIU9s<`f|ORnSI+iVsFavf z@V8z(8M+v{3%1-7$w=FX!$iWfu19aa8^*p`G;jJ6#LFqro-Bj9wuP3fZi%ycttS#W zH}hfin|q*Im|6wrv6frdxZyB1eBWo4<(D8nj<+AgAv1C7QsN|A*7_p%-N~Vv_U}kB zy9km9DnRnrc${ltzYMQlV!WJp-cY@9BEH`9CAU}a>*-}o_h)p?9BV$>?y?Hm-gDUp zgG^m3{+?)`RPy;LgGR_ws<#8-!^{ROukIt21m!h~2j>A1zt~h24)ZS~Cy7z11 zBLxwS*S7=dwxPj)Rk~=-Z|s9V_g|o~4UXgbxtEHBjcRBkNFZRc;<7IRa(p-`U>;0b zkF;mwU~E;N!_((;!-g3q&U|TzbExOL`XR7(@tv_aMyCl~E@v!cY0AxY0ze{msO48I zMlVgx&gWzgrl_EI{1mgC?$BpinGA7Q{2GT@;_UW}aHIN%`(~=g017+07#=2B=POM7 z_Y(i;r8|Fa^j*u1W0^vUKcSQlTR#7E_MqlZ@Z4~{0&&|aW6Y8-pgTSseJaZH3huEl zWgX|8K(Os6CM46#w|eSN9ZrR(37?A^QiZvtT6-J>NpRB=V{DZ2b(3W0tsj($;?w6% zFfDqFys@UH=U<_xgM5eCRwJL(-P$?Y2#dXWF7%^hF>tTwhS@4owL7A}n zKJAr4xK-uwxv{WqQWGG0k*AM&5K*u3t`WaG9TQt*MNpM=Cz5FMl`=&0&&G4S>93A` zmA`Br)Z1d5HzNEl-RC~Z?5#M53p+qv<6O?dh|Q~bJ+)c!lP_;+ze>|UE9ZPy_~ah> z_S?StA}2!nRLBDr7bSJ>2cAcLrpe=qMxx)5kXL`Eb(PB?Q9YzXnFo;9!*S`|@>+}s zKIxQjMbkQ<_srw&p>@+a?_rp8=f9cBxH1}0E(%H* z?|nEu);)#{t%k{~uAgR$qyg1OhyMHKogSBm5sT3Ka znjh#5@`WtOZ$bH>NB6lj%!wrUa#yLD$9hShOl9KnW4&cz znUgezoQRkY#V;qj?Q>i~A#$b*Qc{H-j)bzerV{W-g?{uGnf@*oU#1Gp6RXrL}Uz-@sd%j8?XC4*|b!@hmN z4?q#}zITD3Pl) zG);7-4^@^`?!P{i3C)Ve51Mp94M=HWJz1fAvOYI)v{1OcGcYb@J>( zKwN>~Eyj+R58!@y3POklk+`;sU}9ELM!q@vR&h_t>lI^UnlXOqB-@=~ZMF~Yg2@^;B=_|~b<;f3>ECeG=-;TH ztLTUkBl^lKs=b$8+?3;@hlHrxy8Ju%9xS_QJnwYRbxx)F4E9e$l~cQeZV(1iC3 z_p14piTtZogLPcJZ~WHjJr!u~&HkDDYSm2)z#vBQs6@($T~<%bn%wx5fE9!4^g+?w zq+3~s_wj2Du?F*Pyq~`P?)LV9kc^ijs;SzN3LhpvO)e}Z#^CsNZjqi*UpfOdmE8mL zEtN+|wP*qcEdFb$(q*=n{6%i^s9D@sL|<;_-ige5lB>NfsGj1};T?wWe086~yLp5^ zO`E|-uK7jo8mOr6tX9ebV`H5Jtj3&!Y7{-s>Wk`>dG&_%s7$fWe}+mJ*Et7Gx~H9hQ%wYz+hH48ACFK^g9?#1c|F7=c5pZb(^V%YQbr9T# zTYvOg&aBSH;c<=cVXwmj(7k zpDRKdd|4nq1$D1O*w*E?z_}y>YsHlh;#xad3)M5i08Ch*o}qL+!t4>vec^-??D%#T zBGsG@LoSKq{?O3TB!q2mb-L*S&oyvglysnql$=v+3HkqFZskXizLGl~+MY#|9_rN6hnhX9=AD44km3Wgjqui|+2t6|Pr77tkG4|FLvkTZ$@C^p^-qcmxs2L6G1Z z2#A6N$$tIa^xU<2dfEgCRMiPPp!B%bRQqxFNqj@Xy;wVE1#-#<%GNH^dqKM~*UAU4 z(c!%vzkbV%^KyaF+g-)LzCLx>#GZ-1tKJ=ak@tx$Omapm!2s7Phv-J}1gGUaNUxep zDEVL4#2k$UN2USfVG7vl`g6746?O5`|5EGyC}@k#L(#y0%DMO9@28l8Z(<~mW;O{vyikNQB1rF8oXtB z5-v0JYD~;rnepXk@%l6$5PWBJXCUP$7nS&tl2{60G4D~U%nP~seLdn=&PB9G3+V^g zZ!<#&igSr=p{}p!0x_b;r+ywgR^3zFg1Oyh6hz)l_BhIZ@F)V|lhEb5*Vwk|;%YU- zW}DR^wTgmx!GV_NkFn3HiKCORFz?A@0#kwdEDXtM=p#NZ`R@`uW3GDav$%Kz^wEw{ za^$G5L+EEtZ@^cAkj;f}g{@U76ZVaP&L5SoO{!~ z>FkDBdHU|RKDG`SzNqSv>Eufi)w2zP?|B|loy1g|!g2j#an$3`J%2?zfTnvT#7?D9EPWr?bv`oa-!;-p&Ng|#9I3Va3IhqxwFDMJMPt-WNpg>NE7hy{rDz2y}b~=>dj1#?c36;<0srhJnovpZTlFOaj?sLuOk?u z_ddEfCUQad`4XSdzOl;Oj|s0Ib@A)f=hWT5#g$XfBiD}HGqbUlo~G-w^P<$uk+z?^ z>1}fd7%Ve*EA#oS!LwA}k6?Q=F>S9CV|=Dma4RaR}`>p)9{VJ7drkNelXxb z=Kk)e4(R8w%?OzLe%rpU3RNA}Q2q|V($F?R9nDgVuF1o>eC9>HT8G616(y=8{Stjd z*6Cii=5wxMhI-x4Q!TcReLwBTlr#*gz$?69RhKV*&uf1M6ut58I9=#G!m?(zdK(cK z-s?VX1P1-s9MycteMHKbepMTzOP&O8guMxrNz>p!#K`&}=1Ek}KAhOi*#8Ua(~RQb zc@^Liv!$-If-l1?pA4e#tb(u+o5Rmh7sf}vWvSVXm3*9aGE{>LPdOq>(P=6rNA24; z2Sw(um>^|CFHPnPH83WQo^rcs84yfxocq)O9L}$VWrDi+Z2QJfOQ?fBM`LDl7nA&r z?g2h`I0HwGC*mH}#0uwH+$Wa6IZug;4~eHA)opkt;m8#w?AHLJw_6tyie!KHKua{< z%m!D(J!*|W&m*?n?oD=2a9(? z)F*OiF-=f7nCJV29apEqOrtq)_1;*=cFCCoIL*=85P1%@{ms~Qu4HYpI8N*46%tQF z0yCbJaKrwZ+)B@GISas}pyA7#5c`U7HtDP6gwMC%rmcS)7NcfdC{J8Y&Jm1>9crM8 zRCdJBfd901M@72c&O)S+OB&E8-e2vb3f1#LyBZf^Q{Yh;yst57pNH*$Gc9h=K6<^m z$7$~R-Wc|^6c(a$)jVBGhGZe7*d^IBayDqFd$0TaAkMosu?Rf^v@1sJ_*F0c>|9>X z_y$aW-Qi0!dKkY=F_L4{I{jtR+~hF_@4WCz;4tW5a>UI+4`GR|xLEa+kPS(RB8V(!uewr&5hbg?URWm$ zz7!VdI`a4qscS=)?s2M2>Xo8~Zc$%B2nx~4hp!(EXG80jkz3GHfFvV9UA{$rtrMqt z4%^#2-m@!Lbd&a~g%=K@x+5Jfdz=UP5XWzzDyoSm$r>k1EWX{?vxhhQS1vm`p_|>K zOKsL!_yia23r&Zp%(eA2?stIwDBj<3pI_U_ZXf9%j8-L3ReTU7QR#K1QN#wj0G0yM z`_$$c#3(fGAvki!uO3lg?G{hVgVK;eU{;o;@p9@(5E_2pm3%?&q|0c#iO%!q+eVM8 zVULB3mWJ#b44ROxXKq8Z0vQWuo0LRS80-P3UZYqss{69>Kpci=*kLOmIjV;j zhTCS7lJ^bndF$JallS@h`{tfv`NJR%0@PG{SAf5Oa93q7qW0M2Sx&D#P&Z<^MF8bq z!MYTp2P>o~v>D^#rA2f+8662mDQ78<)JMfgS|Q;_i=3K%_SGbKYWGq?p-vI28ISQb zegyXzYAfaEDHuEsi}Q#@>19hFg=a^KxtZ!-a%p~GR&rz8|cWW*l>-k7UrK?)Ar6yv|=aiHOo#5H!D?9 z1;MXXUalEafmv1yZnl!&zS6xpUZFyef3xuurFl0JD$L1`FlqT%r=Ol@>G0y-;}BWanSlFNcsB=@wi=7|Lh8LRZZN3r>M;SR#PjzKWF!L zI92`;7^b5F$`beG*LaBU5H#$vXLFRz6HJ8sTHY73=%+Ss!b^_k(NA0l#dzaEh(f!{ z09|j;ko(b)J&n@ebSRzrP~BGhe(j~Ye5%D04l~{*4BByhkNAt zBosJ$xS!IfPJ?slT>k^Kj+sI5)B1|B_GtqDdn;}q<5;bZ_CdtNo0|B%N7=o}{ns6w zk-!y()Ne`%!TijYNlB%n%^OG@$z02=M|}i)Podc}y$I0K`E(CV7&3d9>y?FU?FkR; zeHA_IQ4-bwIrablBX+)XAfQ8e<+FXNCL}lAZ=xT~oMl_8{YSf6PcJzueR8TTFk(2( z-wcW=3g2QOVrG@h>~;B#rZZ~z1HT1umRF28Ucc(;5oG#v*ke&xB4NA5(;JwG}Ld)`hY2K11DVv zFaoX$+_;pd;k+tb=w^FzH5CvfrZeSQ-Vf|D?&Tl`USsIE6^3vT_YmZI(qYNtW$-Nu zx#?7JJiD9(4}lo4bRbUP%}@;a!hOg9Q|F`EEp*O3@4RO!QV+g$rDk-YucLV|>yxR5?O%)h~! zvx5+_)?k!U-dt2omIoRtgm*N78JTD=6UxITW-_RmK4c#H!sN3fa-F?X&Kc)Ml>dk) z0d4u0A9WETh)icH#CS_@B&Wmap2^U*!pHmbLJJVBAQoOe@q7T{<&m-`CSW995}iF! zg?p}QO=5vRdq|MBcZv~i{@lNNJ!9=<0i<_?g>W#Ay5la8XYLRKO+2XMMf(`e|E z!chlCLT7TFx^TS$OwU>ppZC>u_k*}X>ex6#WRj`Re=fPCye~A|o8=y%RNJWWp!cEF zT&f;2*o2xsX%B^?Sk6K(@~D`R9~Gos-i`dG5_G;H9}^)U)Uz8y3uE3=AmD%j|P@-l>_521$oH=jLnf9 z1C?^C6EyC?3Drmyv~Bp2F&^34NTdJ!7p_Jk1vM>YMY2Mf?3_1D{0;Lai`oTKh?uiPZl;Zg5{wFg5?32P z9~$g+%%CEFJ>d8CCL!r4fV&7P5%c})$=AhBVHDlNb53uEE(wfAVGLb`X}HX=hyGEY zFP|}^34z0F @gdkLg`%irOm8$M-Q*<9^2ZXNteAM!rc9I@wf9VC;&He&@4zB z4G+mPbt`E4EN461(2U}&1LlC9){&aPvCFsbfHe5Sh*Xp~qaIxMBMimXKXGkO2SppH(>bAVH$PG=o{y)heMwGH9`=;kKK4&JrbOBGP|?O! zfe}ZTUOkU3_bCPxS91vchRuKO)pwsYC(GSO_0W<{xg+zSoNKeL?q_mvdx_J>X7w|$ z;A78^zbD_^2rJ4f{XP(^xQusuGb;)Ds{H+PIT62pey|lVPX4#T>IumQ%pM}HK9XaOQO|M)>shs}Shw3X${fFE(n9AL`rC)j)YumhWTioQh|uJy_y#*q5DHeqRqe zD_Sf$AkZSS=s)#2kk|V;47=>W_MQBKj^EljrD0d$Bx)ZL7F`(&1LCok6<>EgimFz7 z9#P-VjmlR0DV=|BLce2igRHzaj4(ZgeCM6ILcEQtdL&Y!6`Wpo{=?f$0jlg7r4oQ3 zzt3ITP&#c*pmyiy6J4(H6!DVPpZtp1BT5PX_WAjV2;mFeMl1O|50h7uyx#qoeE^gi zgh9o~<&C|(eV`Wy)NXv@a+Cnralx}YWRiS%49%!B&c%dc-~~#_s@QP*hApuD{N;AI zqpHoDv>S9quAPrAQ0c-pANYezg!}mskbcX|EvTC*tf7-s79vEA%|iaUr;E=#9`qH8PV(tE zij2$Vr$CMp==fFYt1xBR=O##i80h7Ce(+>&8&@27VWX3`(zb(s;M8lm>F1!!+yHB& zHCBo`o}l!nNBJzbber6Vuvw1ue&HYedU{EB*pS*T9(K*5gv!CUeFxfd`=K(WUiP5^ z7~xL!lPR)1n8X!Q*9Hp#+~;r}^#w9&`+Lumq_}zj{0>btU3Pyc!~rmH?`5lf_p!}s z3i|1J5}Is&D23_D89!VlL?dTzpQ(CyS+xiJp)ZllS2_81ETM3q#=qwqZ3VF>#EW5b zt}j|LGI0asK^9yjzw1uj``1p^BmWVC^IPzCY{tzyRs>1;`ELfolb1rr?UeG@K*)?F ziLN}%{~%f5y7~Cpg|@`oDLl6t+s2U#R~!1cp8Y)#0KoM7La|u52Grrl>xM$Xu~7A7 z=ni&&I6yz4wn7PK=sYo|@e3T&00YBJ_AhoaRSm^~tufT+gu`eQ`CiOWw>=Vv60-P} z8N@^q&s|KzkL~!a6$K17$$2!0JoiN@+fbYv*jKU{PXsM%I0BDIU%Jn}B0XE2k}>`c zG>W_h%|Ast7PcI%63LAnCA*?6VI}EG_Kqif<>erD!MT~)swF z7YLr%c8_e|O8432lVo77Axkg<+MedTC;v30U0!ToeS18R^b3w==`SH7&+=s>ztE)z zrTOoW!AG84g;F8PU;~{zdARV8TwGx}W%S3ZJ*qEF2u7;^^4dGW9Q1AssMJa%vSi z;;oeK5c|6-x`<=H4FT*Z8cTR=DfO|cH+f^VrF-7K-T^VXSp1!{Eb>tR`&DpLge}3g z&_Mw^-cQ9T`S}OuBkb-PNu;+$Z#9Bs$nz-Dm|A#QyWEr1c(}5*?Pu~m^S_#m>2-sx zRY|tzr$z{rb>f7Nmn^+=B(FcT$&*zdXJNUZk@B0D&x%j7SEV0om%kIXa)oD{cmWnA zI6mKZ=EOW37lO{embf1-X~)1d2%p#v7tQH2^R};a_%ZmaQe_WCI9=W6zLdY=nfDi_ z6Dmc6kXaI<72>EgEB=GymS8$pc}lyO8d@wwe`}lEHK9;OOD_0os{8MnL#ikH3?hYm z#QbooWG1oFq#z9D{&I&%L8HP5@!U&SVQCNN00;0n_#-oHzZ^O|_I9~0Jy{a* z?|OdlPv#6bis=(-HZ=Zry$oJ1(g{RDoHI$oE8(Vje}er!*$cqMq0J>&U2;w3FVqY$HT}fywgHR5|rk!?Qb{?H*f+;DI(y=$wPso6c3fhfGJ1VBv0-q(%F-UHs4c*1x+@0@-4QR+`i(aH*6z5~oKVcR~D z**=?t?iBgtrk}2AlvG8!mKMADc3rS$`dX*>BWKSsNd$ z4WhjSZE)-WBNqgRa^HvS`lxn(6tsJfmJyZ22^O8*cfZApw^K`~l@#x*w`1lIzZ|}d zj>%9I)oc&3hJo}xRBN?sDJP)7;S~cAOlDaZ^RhhOi6+ECN(i?h4<3vv!+C`CeSc~p zV9$j=9dwR&X~}!qz)3V`p2p&vbpvY zEP&XN9w9yWdbTb76d!LN&$9et>jtXi8Ar$(0hLCsYJ@iq6byA<*j>-z79(r>G~?Zg z?-%#SehXxD@2_peE5dZOU$3R!M<0X&uuZWS(GNK(`Ew#wk^An!muCh^^_1_X_mQaW zsb9}`26M0+?C&2V=u6x@s7_YiSEE7W0Z*BZMeo)j_86c$rrsMw8?xc;Q8NEUhs@a) z*`+9k`Q|0Sc=zX*_cl^6x(n>`45$@@XzPJkis^jgEn!uf6lRjEC<-GRQE$UN>jpAH zIp3!52i4nt*~7d5SQuCgF?(>bhg#}3qAPnmz4g&X>2D-{mH=$mWekMilDJ*8RIZBm)z*yGbzi>ewnu!KD^lH$=fHr9S5`VUoYEZX=Hk@A z2Ru!TWxrMegw5Ck1bmX0VcyIaL4In3Id8p{EbIw-w#RYcOnT2eFGu!h!kx`#C)ls% z@#J{CCLb49Uyj97^)9r(PhttvS-naG7x}Sq<5hY5;qhf*^SBDEKs&!}TBr>ag-Tlj zSHBH8+<0cC*W;}HY5nx^fJ5~334VR3e0}xUvba26gJTqY|m!g9?r- z6%#>op^ft|<~c$d7AyR9Lu9%Hx9Y0Mu2V;}XokaSyjV&a#i!zJHbNP9apFzpz)k zs%c`&`Is12J)7!V3bINsDNfwAEb-(eyWrS$A7Ud3`m*HlEVyV>89GoTmy-Q!hJ5yP zcW@uCyx&HYrlxonjG%v22eqc-AxvQ8mWR;D%`eM8GJ)H&qbH|qvbqD&-h-&rrwl^b`YJzEmJqT905bYd@ z?wL-T{Yc5{yZ*_B^)B>~;H@>_*-J>97`L)ElBbNkFE|G>h`JzS1VL;Scg3u=(+TGYF<7WJOltbX25N; zc9UoBWN{TeyB$1`k{=r*dT`7IkmBOEC&GhSnOq2#=FltNVd=N|>8;wh54GbSOtocbO-ThTB*`BKrZxq}eC(%` zF#Etti3F;?4D@W;;ILTx9ic)YX`rqCa8NzuUD8i%PA_{VN-{*Ta}P%N>^J6O&l^S% z+=ae;zS`%XoCQ42?ium^m6@zC7q*)&*CJEr?>F#ia;>1$?J)kl^ghHs^~=qeaT8;98uBaehfke>W zF1%3K=^aE@Nl~h+5zhFi>sYV71;pnTC47vUGn{9p&Dv*|r~= z;)q}vy8uW+T#9K{6+h<@g)Tqdk=ImqE_P=J*V)a__aIv(h%j^N&(M&LDV9KgGct;& z64Qc=iURX{T%>O+ZikO7t~X_m5^2Xz_RjZ#B$CFz)gNe~VFr_f5zs#f(Tk#TGTmunYm;ZeL*ZG>~90gu%Xi2XGEQRowSUquUE7gW+MmA?h^2w53htA~xbanH1N&WyekEPd^y^;a6+r|q^& zcUj00QK9_UhnOVmwthRhLDA#Rmo2q6FP8C2YURGKFu>KK=h-GeY4XmbDtIbPs8r#D z__U-V0L9I4?{08+%N5Nu_XXkp`kuRN`V+yqJ35o`T7LPd^f$e%aBmZ3;#izC=Y9d9 zf-6$))bfDFe@A>Y@|fa&zLYT(6M@(vFoK2G*5fVbyN2#7>wb0+XoXd6V*PZ*W=#bm&xf}z7ErG%FoXa<(47(L_lQ3P1Lqs z4G=DLqFXR{EQ||zVfWe53&-pgoPsKjln0g5{JA)#hKw-m$+=6lzh$Z+jFHy!tAMs9 z16akCi{3>zy{Vl!BJCX|@#^NsjT6O@uS7lDlv7W0*hi3R-LGz61eJ8~x!}GJ`#3d? zOYIjpdoPGb7?1$*V0mz#uV!>pe?07?_F}=zf%8+oDEEUEjpZ6VrB`wNY0&HV&_iIG z85Mr0GM8Ze_*vcOH%;CtVeG?m?wWAmV4}h5(DlR2FWI{Tc@HXio!amfYRM;??R!RP z2&EYv2TqyOxZHF0{ozTSJn}@2SxdZb(c~W_@j_PD9WV9J1CrmIoy{{V$Jw!b40BY_Srf2?E}G zvc#NW6rQ%~~ ziYL~D(?~C$`eU!C+V64o%*iZ{__A4A^NB7Sy?(9|sXBU<$Nj|`XAlUnnOA;3?Duh% z`m>W^V%aF`7a#U(2iC_q1AYS8V4)mqDVpyQ=zU+@T`yEDo_b|pe#cHl+uo`l#xr^S zY2Y8=R)4@nF8>6I2ymNMu<$_Q0-Q1fHyJ=!IIe8Vj_Q;dFS&mCxg!Ey`@UN&1~SZo z{B-6h?N{hE1NfCsK+BhNrU=1rMP- zt0nG}0lK<+3-JLy3cXZdoRNzaP5RjQ&2Mdqg#HB{)Cz`K*R>607|Z1 zu|7)=3wL%>Kuj67Y5f(oz^D4+ffpQq9Gh(Mg@hb)TrWoT87AdEu+MJ3&yIB;e#fe; z_7xZf%KmdpN&a03#p-ZW$lBILY@@Bb^M8@sZ>n%=MBl!7PpN+_WA~V z6Skt-%ie?%%!^aUW?0O31Z@UN6)xMwdOO3s+D~tFuBs!rvH+N3Yq2 zs|sy_lnVsr=n|CO*G$D;KeY$ws(yDoXvO66^l8r4?F$x`2{t8bY1K2|M=;dJ z^1)@2+8?#Z*46j|f+cyf>x8_NzE6+*Jzgd+j9lvj$q?@SyB|JMYo!olE~oCy0MU{0 zl+u(fJYLaR4X69@;X1$9@0Dc_sn)k6|DFyLi>wfmARm(O_mgMtHt@rf2<(qBO^hee zW}(({V#A}63J%+T_9M#r3XUB-zIzrdLxvY=p)>m@LIlj)ArFUZL%U)7`xsUQC)29B zdj?x+1YF=uH^_*Md;<{U0O!M{ST-Op(FmLTF;ykLdSKM4yI%(gy}-Ch{+`XyZ)n@@ zE2XvPK0n`bA#V(K@rV3wXZtH1o{9ypFDdwgm#fM}yvBFGVfHISsgOe`Py2psC>5+O z0fhbq;^@WxVt;I>3zdgGWJOoqgfH}EZS>xs_qAxN7bHqr&GQGKk>~1tQg8F^C$r!M zy6NZgENAGd%*FTWgctEB#}{aQ?MoHp+~@XpfR-{EG(#LR$_0!pO}SCaYj2j|ExdiT zfjuSK2B0!;dcQ7@4(hwNH6w4*)gbnmhjx|uFO%j6iZ7UNK;UA96U=+3Y$z=Ag&y%m zcYbpNmg%a$O&)r_&a$zu8_Pkbc_VVR@l$(8w~_xfi5Z^&K|>SssV*K_Vxk_TL&TEuwgQ0CjJ!l#>Z{V7l1Z5 z!-5UQ)h^O-PB^X}Uwa}dSL8wGZRDevV#E&TJ~Zba45ILo_}DQ=@(mL(#1b{zWt%Fn z{fqUva?)c|zRyHl?aQ4o^Tdn1oOy%+yay(;_Mh>r+OH~rZzntn5&ywW_M<@h1tL6G z|8z^ir< zalTxgn+ko*?v@47D+SQCoIYYeOJ|l4#<*58Yi*3~d1Vwdgh8I?4cNVH+K63O z#Bm$koPJ&lCu#_hn~fiaV%m!L@lSF9EUPDbk}4QG+trlc4{755rt$Fth<^(S&At%t zy7$@p_W?4iU(YdhvY{XwqTHI!{7WP*j!_^k!tUzn!kd{tsk7}x7bw(yfADL-NqK&> zLvn(;EcFfQGh|bHa(gGAw-0 z#JE-}%k5|9bNdQBD35k-S;2IHww8Ce-#4fgI1@`ydmwT(gnpkddPr{c!Z( zgI8QjANq8X|GAcdObtv}12j}KG+pU59HV)uJxQ(+c%cL5;S&WPRN@3wDH;IA)?{&P zc9$z(uF{2Kt#^A2mG$%}Z(|c4@^Ca3?L|BNLrg_k3!k6%%@bd5B!uHJOkE*e0$Yab z6}h~&W;p(&@l<~cQ8FIjOAgmmivR;jwqXTHs5^E=Pi%v-k=hL+Oy`MmhyBKB+*@?` z?lqg>QZw-Slekbg$L|*%wP-VfX^j>L-Y1J3m-`c38t@>W!M+@uEo@*R;6(QkhGXzv zo3g#yC^i*D_o=!qUw7*=GrCc$3DHTn;WA10mv=tFV-iv~74$wpq-{KVS`sQI((OeYE*Z%LI;szdE~ow(~a z{XSrmz#H-i#fafsDq}@!AQKA&d%Bo&OeQ64azAwXtxn59@B##Oin^6hGP=F9KhDP< z0e;Z8x7V{Wm5&aXCuEQGorLrI!)5moGsbaon82HWg3TM-?0)kAURVJ$D zD_WQzwQf_9?jRw$$Cpj=#fJ~QIX#&da}J0Mpp=6H)7VS2<)O#Uxsa?pFE8B>`QeM&nkYb~t#|0RPBAHwG zj5w&?a6s`A6r<-)`utw|y*Y80@C^4Qtb^a!D754az?~Q!bBxPqC;`R?TaY&nGcB_;4`tZug1p?sA@sC zm`hl(@dm|HgE<}^`QK2wBO3O4)z0oWI$X}<_4knlWRHi*t>`EgqdXom zsUNr%6YBE2nTzmeNaAK#XkqQ;*UQV(nEk>_A&l-5`n!&C4;H}Gh2+r| z7{SH&pKr*Xy|O9L8qZMtv97I4KmxNhV|O35oV4+|XmjAGG%=I!htA*B+Z9F*3zJpD z)a?mU>ZNe^D&8&h|C6cNuJ!}jL0i4(fb|E@h^q95R-Ft*;N+l6A_V#8^L*2)lcX3Nb&b8`h^^VA zsgdQ%3U63Ez>eGy7aEE9JsRO-phYPu78DT?f%Heg3zzx6F%VzX2U9m042T9Xa6X)w}<8T=;?;+Hm$9-9OFYKKN-Dk}2F@J5aV9sTbel^MkT^E&EvO zuLks|G-lm8j}ImFmN?9ty`_6$RW6e5cZtAZxpc#b7WC1tj|qJ-G`|ckPi1euS1;w2 zehNCvU%JCLn#8f)VG(B8<)tPg4v+(Q+Yk2u{TfUJGJn^E>-leBy&(yFtM0=aPs^x% z)B+_fRZJ|LG9L*a?b-9TBIy+1;<4v>ce1O(3Y9QhQhpQB!bs=jC|XKNaP+GX4~OAN z9uoGlVZr>;pHIHe!Jj8IG4}*!b=~rOjYiw=Tj+hMB%W*L=x0-37O)Hi&_(hRY|i*t zC?XA4i~UN=@8>=p%6=P!AEeMYCY86vO<^lnMUiTh?n)YMq7W zG+tJV{Tr`tA_^|9HllF(7%$q_At8~^ z{hyxI{`M0u_BkUaFyno9_yKd_xjVF>r3aj@1ICwR zu|y?|4KIxkw;?`D{r*zV&+FHbUVSvQ@R~tvepcx686IGSx$x~c+`~9!bbsPJs=uuhO9 z6@$4?4^JX1k;MOjQT_9|`ygf`hX+C6I6*>(S{XpOa!|a5o5(e)hi^;$nQQR3nPU8WV&b&L>r@;Q|p(5~wgBT|&w*b8dOOUPeJ%3?pshT$JzGb1qEt=CF6$&k|m;VHf_bF7KGHVpN52=8@psx*P=r+&yE#LLiHKB-LGgL{wF@a3^E5&qOxq0SD5Sd8?wVTg`s_XYQ7tZMcZ0dKaQ~4uEbH zo_Fd!dctAaek0QP0{-EE#wH+t)Gr~ZPfMp`;_Bf)#rT(rNA56+S|~OlY&e&oSv8 zDZKT09`gOzZf(?k{osDIVrThU?D+0a%N@>x{Y7As;ATC1>M^e=%5~ztLV45Ouyk+( zt{m~#>-n{`wXaw$Q04sHCq7Ts^9n4ryR{vR(WRwtdmpwgJsxUTf+zC{sf+L#?00tm zQR7}G!%Nw{fQifvZF+IPZjKHmsQBa)WBt;Tx1g}UH}{F1_W_uEXz(8XmPFEoY73Mk zuKiIDRwzReSLV;aAX%mRgT9ZVdL8@w&Kgore8mGgpew(oCLpsiNqj~=ojKPq&h zY4g(@M>GN4#O&Yp^u*eDb>C?o5nN<{ph&2EeT!m;XH+)vOSJ~P3-oCHXKB&-NFVU< zVA!GsNI&w;LSVY}*f(v=T)x2Kf_0{mRtT`3uC3Ao;NwfSB*fSr-rxRnRzon#WKgnU za8+u_3=V9M61RRN+7ru-(X0H4nIKZz)jf+09AGJr_Dthk`(Laq;@x|I7xR3dZL%1= zjiOQLx=E1oI%1 zsWrdnbUq@FtD5CEwubTHTuOSMHL$&bpeQ~VZqhRD;TjkdEVmw2VLvUG{C2(iyoUi9 zsO3mr!H)5(eSt5VN8_brt}9GU{i> zW6Jt?@T||PHLULG+>H(JkCj7sSc}-OqA|Hi=!1>(` zdKh@Ypxi40F?ukUUOEQc3^SALDW>4An2HK0$O+d>-gLN;)vo2ylM=WyRQ9L!;3eUE z501pg%}S<^F3Y`eAf6*ppesWIY+n88`8QTtwAydO6_MvD9~pp@o{fFs%8|=1Qf!aM zAs(RIp+L?NJ{0GgWR~zJQu-qQU|xR)BxN#8*JCD20{tP=r8tI^$gEH$xn(YNBqM4x|6fZTHni)Sn;1g&uuGd z;IkS*${J=AU*GTQl`3V{_fTLyB6^W+6n2VWW}hkVSVp#pG}kR01**x%e;7<#gI$Rj z7R_pMX@~x^B)cca5f*H{tiy$8ORq0+;=Pd7XZ9G?F2vg|hS}B3B_?UGk8xy4oZSz5 zCcZIx)G>WB^KAsuaU_8RiJ0_ZlqHhz~MMo}%-|=2)x(QWtqRjazO4mP&tmvso zz6qIi46qlIY<7q-DtF@^$$z<^x*bO8U9t@2Zu)D1A1$3E7X7>1x1+>AE0P?$7)`W` zKn4n&Y)X<`943CPjlY&evd_cCK1C(P%dd*dgj%gV$~>=?yk*s&CNFX{=C}* z$}|KnWh;cCmzx#(KI7h>AE6Q5 zWUI8po)B~|@shQd{Y&k)xF_y+*ghLfeHRxToM8<*{v_7D;=U}4=NSj{B=##iYf^_W z%1D3eq>$(_Xiu^JOkt>io7m|eQ+$Oj))SOjeHEStZ(_Sm#WJ33zYBOy!McZpLV{jU zjlYtDImzV3Nf-O0E%dY(xXw)YI=L*DhwHQ~_ zweh*edpAtZrgfFN#RJt ze7$ih&w9k2?7j@#@|DzF*ie_-rQK)YGzH<{`MF-Au-#gXE#cG1_s~+E%l^5@K=n`- zFkWSNciX98$wVq4Q)-1rh>YTZQ+~7Vho=c>`Q7fmPBtIPoNm@l{LQ~>-c_x%IcaY| zW9~Jdzv~dH5qz}{Y-KLT{z)$W_ZRbD9nnx$OaZ%c6|S%QTdzq-nHH@FOa+MIc)WM(*_SgoT{eE z!?Z!N7K>}LBKwlvKLJB)nG~;pxP2ua=Te3q0Gq!mFvXt^5}?Rb-JD2|l)BpHp*m;c zk5Mb>SSiwDxJG$%R?Tu`6t3T4_Ob@^?&}(5=i7adkMOpD>^DRPy65>$*9BjYq5R&~ ztd-l~=841N%lpbQN_+fW3E^Hzrp!0@x+Yr?{{fL5p?qXj>6g)IQNSMNoeAAFJ@+B<1Cg^EBIUX zu)mbS1uzT+I36A`DqRc&JV8Iq!qNv9{eHnCASY0UfTi7o{`A(^(hBwv;zm_zKKSI_ zUz*>WVW3M3F5-|C5wSSfpyjA-@4~1uKxuXjN~Fv1=_8GLy*|5%IUf%#FC<24pJ)}e zYCEiZoy10dd^}r^V7zI4Mr!~cKO3Ix$QorbCni%lc<+eV{Y2!ONNubw1|kjFRiLOP zOQzqxRy|5^AjG0}A2KW#Z{Wo@*wW_ud%vo0Ob&{WWv>T(D{6I=y*E$oHHt*a8gu}( z`h6v#;hw*Yf%ReMaVTZ(11F~bvTtyx6$_2LjPna#ruJRc0AWI{Jro(J_X=5{PUFWk zNt9R=j2}&IPU;I{TnjvCr3voPgyPo5Js)J9TOf6|uXG(f!I^I#kfrK5ooZ6n^US1+ znSRa$skg18#a}j+*3qPIH%R{vp8e~-V26?uO$+%7p4AQlk=;ir%v6$u=Z#0?l;L9i zsQq_K>GL~ilL{QS$vp%r?4H}_#Qc(b%tYvCl1__V2J_;d2TR&VOz#7w_^4`_Jr$&weCQhq ziDzn)9H*#~=Sr=0vR$wn&l6zNia1zXj=p_{=3&>$fD@dS^zneZ>7Tm5koyl2o>t(u zi~Ae4%C%WPnL*sOu;Zyky}H!l18m58JpXPY)$v0|bLmGoC!Q=2Xo)_gH?!!&qh>sIaMYc$y zMi>${4gwkU?{0$8)022#n}k~ME03?VbRmk4JrS4^O~~I;GR`-iHRcKC^?TivQp>8C zWKs~9+%o|5pZcD<^z(!*cDPEV_IQFf*D>w(8Xzb(%FSIpABEy@0Z__gF&wmfwuhgT z7C-3n5TVZ(K5&9-SA66U{54dQ?b8(#P(Jd6(2648ed-2z9jaPT3nVgEc~D1%)yvql z+ZRPV&Oera)l8J{%XnE?bUh|41ojuEvI3SgDpU1O$*A|zBl!sXnp~dmuv7agv-gPv z5sRC6G?#0*XN@LTCHrvF2MP|tnmX|9DU7CFlfww9N8}xy*2*Tit_oTpZ zYzWSN+b^1XtfF;PnQP@v6}W|mX#vbn@c{>YHubi_(}44T*La_`@0d(NGIJ1|M~ESN za4GRLYWfIq*O*IFar3!maUi%;i)nxJ^{t&rmsN@8<2iBi_)$(OE;1f@L(LTmcYHg(|9WGkU zz)NYLrNObPTabCuyGFg;Hd&fXm2WX8@XC|;PV1D2*f49KA)~9pQ6Jk%9B=f-3-73K zO(yi;%EPo9cDvvFW{vms8qMSwefO&m^9<>gvBLxDVBb`-_?`b)r6=Z1@YmJZT`i=F zI-@v_w`leUSAZevuk#74MS;!_d;OLMP0iYf%xD=AqGHoiI`8$l1cK|BLM4s*l)=IN zh1k>m$1HURP5sJ_Rx6SkyvE`6;Axv!<;aJ&_N^#~5@8i@r74GM$5SFbh5Bd!5z}Y5 zU&1Fl!m+W{>ty@Zn)M4(VsSLers-aspIB7x76Z!NkJnA=>x5hj^>ol>jPVh=%u_h2o0i zO7+K8rjrgvRWL!n%!799Sj}-#Tm2=}&zG~XU2dVe9?=}jdt~GALJ58+RDz06@$vQu zd3m^yjPm#EY3bMHD>GNgm|^B?-saTmt|yteduVAuSRx&0A<*|5j)SYCvt(EQi>Thp zWf{R>Qg7DdmyjkP}k;LuV%hF=z5<#cKSGR;9t*4=N*@oAH;!O ziwxksAq8R_&Wzqjw}$>HUkx0K39<>V>dl6j0U@t_b+^Enkmc#BXk={LorHooC{3F(5%^8RYxyE;Kwsob2_ z0H?p7aSFVjOmTE_9=B!QAWQ$$;Hx_Hy%UCA(%4TW8u}C5s+>j5YwFfkPoCMeQuYXJ zRnyrOH3$0xZF|vM5F+mT>MLg9HgffK!6^F@3dBABLD>stI8ZOe>d6zkB-J_IG!*@Ij6 zfl65W^WRCh+Av)DUn>w|)tN_&va@8u3O2aK93N_4}iitq5u zzEGhi+M{t^wY$qC-0(T+aWF3e7L&O62=uQXVS8XUrO`+tasy2*=Al3-1v+m%meis5 zNaYpKXW>Ydt20Zis*MmpxCxLg1dt$P-WH6m)(vkM9WU6eX^gN@r)@h!cB#KN`2sLP zG;Q;VP;b2+DC0g@Tzov|e3=w{pZk72EjCkycf9&8i$!Oqs&}bt+5mj}U@qWP=xLC?Ic9?vwFLar@(xT z>(RpUWfc-OBdVo_ZqJm0VhyLu+1mho^EP*&^5T8=tJQ5c*bk}T&z+|bmzK!s;TSMr z>CZBGVyp)0!TYF%E!$5$tyz$Nd?;I!pWq8Psgq09r!P!$!H7Y(n#+-Q$Pe-kT-CEs zhIb~uW;4?C0HW!EV1S~Fb1hdGrg~%TlD;c!mg-Yfub4LXQM*IGKJK>HJ8SGl#gH8g zK=JI7Jx<=jhy*+TMOqp{T4MLCp8JsQW`b{qL%r{JZ+~)T=YutfUn@=aWQ?v_y2YfF zdAoCSnB4S9vuKX>!*DFg7my^JDjr_WV$het{g&(4AmP%%UI6k^`iUo7&(Gx7Yo2>>0-x zW&y>jiw_Kx4VV|q5oSsuVU>kXTc}6D+*d*5U{I3rgV@xF@}9iyTk&B|D66v?^9HZ# zS{0}7S-EFp_i*))KS&{Arx%?XvrW5NGMO0D*Z$>e-@5iYc!@aqWmr~8&acax3onqm zgG|jndKQ2xAtD^SNHZI5xe8g#Z6Fx3@~)3sp*W8}mCV{2$>XwvS+v50s2uu)V!skq z;LA}B`R3wCe+Zn6t11I%gG^2MJLRZab2?CKAnS0Nr?cMfk8T-qPFER+HETY0?d5tc z4=|aYB{i06KmMs|p~5Gc!#Hq(f!TO%%sNS*`Fs&F%SjH;Cg|ib`-K~H=InVN_*c3p z&kUd`@VLC^WrddxkOMeZ@)FnpJoJ?R$H9hk7Ct}&LE(N2Dna|+)f{w(a#Y}#2fvF6 zD#AIaM9bTEH5Mp$@)q+ed4&)w&~UdB5~CzI^L23R;U0i@`H^>8h-PGneX_o)W{C$lZ#5&ztNj0+=C2h)$6K|ws?!WcX?n9kz9f~u;ct5x8>PiwtTv2*E!*))u3q%bP6b!SgrI}cJ#aLYPf-rXgLYVqr2Si*!~m9 z@1YFJzL{4J{O`H)TkQ_B-}tIXb85~_iOvcib*~(WfSlbn=KEX>U6T_*I(#`0-B*HH42t)) ztSad_GyVove8T7T@?w)tn^Z8zHA-6{xnp>s?0==+aDowd^8SVM9n;5W)O*%Jo4%j$Qyk0QrZc#Ev_1q~kf%EL`rdD~FoDqn|ulHjG~hUgV& zL6t)0RIGo<17s(?{XD?sP4F2Sw%&C3O0YdYl9^F0jJIa@JG*YRSHas7Se)Oi{A9Iw9O#laQyu$wxzP#| zva*_#huuA7jamTUUg5%*?eyEe86vgm%z}c_@Au^k3>>KsUN?!!?In$QVDJKJWvVQ0 zw}yj}*b)ZAhx|NW5Loc22Wc65WD=Rvz)d0zXCptb<`k-MIQ4HrD^3vq9H(%0jm}{# z?mZ9UJZ8i@nrVA4F!Qh1!ax$H+!M?ea6c!8IYpjxBmCchpxiH#Bfaxax@uP;WQAJL2cYra6ZF>ztd zV!fqTle1CujY|Fp1W`J7amjC&;lW&Q641@F;S^SJn-9+-#O{^m2!C$P=SRC`^`8@; zuy1eS4rgtGc`47C%j8iSzi!#Wf}qsB93qG*DU+pND@yEBJqEqM*5XoqZO9~4?h2>{ z9D?^GFCW9xY)8)T!_0N?0t}tOsmGjs{zy_8bmciyc!5RJj@-vtDZEEGxYToI&Q4Mo zi{~Oc=s_LBqmYx43NDi3JD0h~#t`qfiNMmLB zrYhYp4d`PYJ~A@K00g}3TZRwM9tb1Q?pp! zTlaS&S3!HXRj^swgH{7)a?;gzXPg%9cX(&tU_%njgT;*^VsIGCldM}n8+lEb*~Tqh zJpK!?CsUvAZqPxfsytd+?}m7zRHmX9yQ!IQF0s(ilD8nnGtI<^g#`;fS^6)wZ2Q}g$_w@eA z#rz4v!$i#72-x@jjQPfY`qF!UpqJ<6X=}3_+Vv>^YEoN=<#0X};U~!lja?su0u%bm z#&6~FDT#JNh<&m50GLSP+gL)tapnNJqnWi*(-wN26t+1yq5=pPstoUX_;PeB8uFFF z#;3XiV`09eOS!EYuPHJvLTePEE_?IiG**r14>DXjv~dSLO@8s!d|{x^yU^?dJy{0n z%{R?g&Rk@FA?%6P6JW2N?47c$crV2rU_*7@(0jk<=i~zy0)64BH zQWmjM)rzr3l3U*d^0+9&ceD$q{u!)lP&dMPOyRP^n80r zNKsriKQwwu*S7dLg<62mt~3kqx2;{#{FvC}rX5}KQ|de&FZcyM)u&}&bh!ibu^>@< zAk7!0vR(;q;ON8f3wG)w=iS44->aT0Iy2u5zyMgWWwxfN@ANBN4n#JN9pD%f7mtvB z`U*7zq1V7?mMzQ$nyw++g$8k1yC1_}P+=-9gEo*4nyGqyHOzF?N=X*q9{1ie0F-T! zQuQ0_UtiEG*u^cq^yJ&oJls^oYeRHro&Vy~Gzfe6B~?8vWy9gv1-UPw(#6 zE5w%wIo+G{ss6tI+!fir>W;KqlAGQw<%@Ixe@#mkEX|#_t(E4X)0}clZ*K@a3in<< z{?4;`x#a0+q}-^!t-_#p!A|Wd438CVGK5Lm(0Q?*K1B2mWQ9&I$ku@)VM*3(5w@@E z&H%-#;Ck2G`6jqbwNZGh&;;HxORIZ+Wjn#a)+g_HNXq^M@Wohk`0N{>uoQi$$}d1? z%8gUe`F;QHHvKyNamKVaO$-$W!%!71`x}I-?)7E-T+`Z$CdwCqrCnZ3Xf9vUdmrwk ztLTrP_GA1doA^|tDZ%}r<9###;9*zzUFb$g#p8`J_bp&D&eHm-FtD|+acM`Edp`~X zkfSE8tY%A|$kv0i)UiL%PZHWZvPcN;>+<8ORwBqE=jeC*r_bP5r`#uE#WuNYz*x^Ur@6T4*au)BEG&F-# zRb}tIW!L}T67OWuyfFcv$ahfnQW8=Fmni^IB1(-1NPXOUKt_>?z&R@e8h*r?A@5ZV zc5wJLw#3og_w6UIbURF6*!rQmPGN`n)NiyW0}zs&!~0VvDPxa257=zs@}fg8y%)E6 ziH^_Zc%3~-=>h_jS7p*3_>Ob%ohvKiOFwhy`YoTqc_ah-p~k0P{plN~$@!RB+>Zt5(b2BU z6UJpZFDPI5;U25ZfX>K13Q&3kE+S)osSWn!8&1XBbRZaX-$-2cExzcFimT2)Cyoya z(9psFJ!#8v;r;RQ*9-A_$LV7c2V)P18$3!TFh*MER6H`jy<8q!ou)SV-Gk_jh#697 zx_f4bL$Qw>ef3I%0G&fDZmbFT(F8%7KU;{0dp`Cy_EWElcm_DsNzBo+o%C2xWZ^Ny zmzt#{eIp~ohcK(0%rf^>a+n_8Z6MPdJPD8TT(0bm4zxcoi7Skg&n!yN%V3}2#iK0WXY@5bGMiJ)YuWbo>KYO`Jbaf%;SyIq;AU8a@4og0 zy9PdmJy^{PzN-qy@Ao@;xz0_i3{fL)y`}{I)6FdJ$ zF2?USlXrxDW9C);>A8n_->xQo8(h5Z&&MG#_m85rThb+{x5*Aw-^K!{M74q>B8uPg zu0o|fE!a!?NBju%7}h#1y|v{fx7m(l>faQ7)#8aI$5Y=cIj_p;>~2q2yeaY8pGF<* zz2^s#RQSDIEFS0mStq0O?$~Pm*aY1$u!9uVEkQYxhk0!PY`@7Sc5*GML+uKu5_j^n zFv0Ts*(hSc(V*X2B{BrL&c&E6-oUeFi<4OxS6X4o#xEtIScxAVBVe0MTlH6~J-;SC z`{T>;pJOmn^f!Oh(R4|cAh>p4%%N-4Lpls15S>z^*cQ~folVO3aExVsfTjWe*pp;U z;-G6h$(^H9x}v?P?{MeuKkw;f<)xfI=A~;4Ct7KgV83&h4afMYjKT71QUAXk+gxj} zZ&z^|Lmi!?PiS9)^SHUMYWK6~Wm3hk!ou5tiIqF496n>cGib_QiFacjRY01FFIq#g z*^2V|{)yws62a6q4!h@{EzmDX{PZHq+DTpPalHDbLwW0NA+o8$k=jX!@HjB#S{W5cH#P8|-08%)r1qxsp z2(v~CN1v4BD#gf6;_KqRwu2R{aGund3O*r*yKXaC9awQ|eFqj@o3VEK<8sIj&BeNs z^r1CuV;JDTI~$e3)s63i7 z31^Q!h{5=&143SN-)VlzlYa6^nX|XVJMk2w`wP#VU@5mnqIurihEn1WZu}Y?KxxP5 ziGf30p;Ze69tszOs6>kj@2D^1qLa~`2t*;zCadp>`H=24`IQNg^Xi@r9hNUlu|s(IkuN z>2ELSlrYq>tXnGMUpxs$l4%AXpreJbu}0-Pz9$Qfdv zzWc03cp00dXawx6@ls3!FUd!Eg7>>L-}VyimnIrju7#SZ?z#jP6r9%~i795{iI)1? zhgvPZ+wN@ftE~G*hAA=Jj*LD06~g5KZvjYF1W#znconzklo|jNd<@tu@d?9ZPH|(9 z2z>5P7HcM`c#&keU)DLGV8zZkhw;xcJiQ%kY@eub> zg9Z89@HT8WwY)uRKgwbH^k9t_^6|YW#EHzYQfg=Z_s&~7ePD-iudfueLE75o3hFa~ zhrj3YE+ks<&-*xwS3WXuue2ceBGGA))@V)T@}6CPlRYuX!Xw>-X*^j^?9nx>>*2P1 z4}oGtGK+J%xQ*-ZhwomCGsN`=fnGloQ|RWLa78U(bTys32m}2UU)tjo zzHq2IxbQ8Ddf|Pn4*SilG1$(ldvUHZ%#BNs&T!OGrT4_StrhkAd7R#*(I@-@hwwcz zG#JL41Bo?H`YycIJ-*nOb@-2#OGft8^oQFqqkJs3VY)!c?~^Z=lho?ZVjrxMbh8h` zehYquP|wd^-zj!R+-D; z+h(Xn{jz;v25fEU?Bd_xnm1oQCpb{=^CCEz##js;k)j78>$CWTTL#4Cv1#2mls3l} z9SJ1MK~=9799Gv*eud@su)}>Kv3@8G#sG&%lh(g`n5dGb@#N##6t6kz^whZ)M@7lM zhc@R4@LMJq?imp3kQ2VWGIiYnz^)w5Da9)lU1a5G#rJ^`7I%Px&LGjtKK&Q@4KVdGZzneuEv_`;Z%adv$1O!#~mg4w^_(B$4w zPj$B_sg?Hi)KSGhyyZ!|Gl5op*M3 zdyyo+FntRfiv6>q4G25{ar%ux$=&b#!_e{{|5d@L^R+$8{t!I%1s6`J%oi6~!8c-t zVXA}X@ETVTqPt;oSfYtg#nQ%?b(fr)ibaF=nBOmPj#)a1e1Qq8IfWfQKAcQIK6o|f zfFdz7QO(Y-p{YDypaa~?gZh|C>@Qh?pS%fv4&^=_kB#YvHfUsJsRJZZz<~B~x=x)}mO{yOr!!83&4>p5q9QpK{zEWCpcc+5 zERdbW_4bKN_AlXWI}?q4=NP09fCvai5W50(VC*o?Z09|-NgK*C92n=^c>=oQig65A>Qy) zLwufJbt!LQ{ru(biZk1^FTaxmm^b(V(#qEuayTigQY=4d2gkT=vc1nAW;n0RzUqqj z0bq5$N7Ti0)H0qE_waFN;-|qV=I@UbmXkr`G;O}I#Wj&`TJ(B2?6VTH)<%PmCXP~? zJ&*nAbLFv}(mcvEk8nnayg4Q5vX#yYoxBggU=Bf|=L4D8ff^EWriuNxiG1aZdnpHs z9(>M+&t7Xy3iuQ`?okFdgA(cI=iz)`J=~cS<&D(0vGWo7OanUhEm- z>Zbs}CR9D3C-XN&u{DsxJG)Q!mDT;0=fAy}r61w`;vQe1%ZEriC-vHQqyWf?C49_| z(00w2WBR<32Jzm5BN?9Xc<>Fr+?e0)9D9N_+vSv>!Doi9jQ-{e0Av4xQwZ%^IezRb zx@o+PGti~&m4+-<&z*+%CxE=>o4Xz#A6{%UhqjP>qyFAh&g!Wz11v;HcP58=e`S47k`1!x6U?a9wDPZ$1Fu_f)pvs#h&u$Gd(7@~| zr;+b-wef_%8dy~Cq4&TT`n<18aSwPdn?_hZo@X`?xgr_4X|HL`wsIH%mLz%KSOYuI zqSIu@t2Uw26HCkyYMjJD=<`lFauA=UdAH#B8s6!T6RW(E=ae6F$S6*3w|>RrzFHNd z5%E1R81O4rTJMeSF#S2!^#YIIlL^OzoUttIrJ{13a7F_gPhOH4z;gTTCWfM zT{dp}DtqXEA5ZXMvQ@OdOBe<{L)D%Qsri-f?8vJRA`6oUs5=~~Zuy&2D!HNl>}&XI ze17zsx?OtEcGDe!1Z~KTZ>8?{WO&>O&0f~(3-?u>sZJr8qdn&_(q{?52$5UYQo zZ*g$$5c%fz8x0_^3K-_4(=SBM_9oPn&}swGC$TRpFUv&-RH3UN8S4UK9<=FRxM*iT zrj2-fS;yevXjSnF>quG8qoX=B^4m#L2*ZhYO;#27PTA3if4+M0GF$-+9by;3^m&)Z zd-IsWSz<`9bH}0);R~@Rzk;#4`vAvklywW;biVW%aBIlJYI#iA~cOUss zB@DYmdQN|C;_qd|?2&a5@#HM?NWKS^x&RF=D(~av{3|i`45n!gn4Hop2j-5J zYdQC4DE0U!P%~Yagy6UE4(}zmjrRT!OFcL}_p6!)sy4Gd>e1^DV;-8(?cds79sYhr zUTfrA+VIYU`<;4H{n@(k+b#yLJ!6X6Ae)fAcXX-NTF10|D&nuLbpAv%9S789q63Y| z&8BbX*Q4Gr^(w5c=sY^{EjU z-(1pPne37f?m1tZw!07)6)9cBM+W; zXi4F4PtH2-G=|Bm{t+kLqKGSOp9w1n|1UK&o#{Smi@CCTRp<>Pu>*uXJ#K;pOV{`8dCafd1z{H zD7{Z{FEGJL^<(3dh=04c)G%T3;Deve8?!#7Y4TGqV5IC2Dh;yuOnbl8>5IuH>URX{ z@+~IhK3$c>sR5qsPV)}!Y9tgM@oLQoMZjs@!G6mggi6mRMmGX#PpKgq+wJ@F3;uv) zI-hUrN3W9r>pnVxYmRXM=9(2l|KV#igfyxD! z!kxJmYTvbgscyKiZh!$V(Pr0o-!FBd0hwmN4D~)fCU}-L0aTdl6eI?toNH{;Wci}WuVH@7%0qUvxS%9KBdMu#wi6%m&_No`R*7K{% znEquE0ek=cA{4@R@1 z6ekad1u2B)Tl|9-1Bir#LNLP#!|JrV#k&+5ck{DMPAH0b`tx%oB@~8W6kx|?X-c1f zI73!9;o$=7+b1Q!?A9O=bNXrfLau~RauKJy+G4TLEPBk3-j^FiV!Y&64n`I4V|<|i z>y}qDvY?4}_IEH6;#yY>&r@hRAENPA7d=1y2`98pS)hS z>kJ$vR59xXXk?$J==HYujNa4#30jStd}UukVu`yIS-oQ=XIch*NOEj!3NKnZ3uT%0ErvYYCk)!9OijFCD? z(I$*)4IpcDb8nRD{^s0t;_tNhiwx#u@&m#NYFZo5k$H(M9iTJ~J?D|eRX za3!B78;w?4Bi0y8=sUs2)+3rdOL0A>)sXE3p#JvfQnME8h7J%K*&}(>9L9Mx;uWW| zrv2(KNt%n^uK}C70Juhs_ve`AkNKXPyY;#zwfT54{>&W&6-v&3xm~P%Z~1m`WFVTQ zw|4Cy8y)~g!3+WmKW1Nfgkt_aaWHTf9MygqmQAKEv}Dvtwkaf)%}19$)KBxScM;;j z*hP@DR7B|uGMnkaU}5tbGs}8}DAr(tcY+F(CSSQw7m~!Ex~IFRLD?SLI&k{-8l16dI=rcp8RF|I!7h? zPGdk77$e)u3+)pftjqbhYKJJ9;f#D(E8&E$c?4rH|A?s9c|9{t)q3g zOo*lw!Cb(9rQ=s#kJjrQXv#k8Zs?>82K6VTwvg?ozXdN}{r?f<;g^mS!oK{ZXDSug z@s=9P!G7^fa>#x|J0)+^_1kZQ{!B7U2GxOK?Ivq2sNVy`!P(&_ox1;H83pFfPv_aU_7!63EYlVTj#Ja;P|94=A0D2YLO#y#zlTTb$tH_fc>sJA`7+d)@C z+u$ammU`uzD&&&IN^YW(A2MAenhT+Ho9(UVZ{N7&@4@hSyQgd*lIC-EksJ;}I}m@s zse-3|KoX@D4Zx4)_Odmldmm1UZ|%YR*Gz}2s|Q!O|5xa#+N)*=FOG{`CGiE9?H1SquE@GBdnCa z^5=VdDoqObn#_E9I_j3(LHPCL7jx)8XN^mKw3!B%7$>^Dna@%|mgvJ%XDg^APH(+- z-FI9?4iQcBb}sJB{=~Oqb7Dg7y^7zBI4GYoV^R6kavtJV@fBiw=&2+^X}%6O6e^x3 zRT;1Bhx-bhBKAFn_r6K`>F3F3yhK38`36)_re7p6*Q{v0UX$ThZey~Cx+mO_G0^~o zO|SjsnIl0R1@R-*2ruw|&3s@P(W+@kwe@vaAT=s1CMb0jjjKB=TF>FI8+@J(lsn`x z%helyWS}g3m6y0N8r9|@mHlMg$)Ty%of@kDov*K#CXua!KxfT-p||gb693$`Mt?dZ z>!T03c!=Y4Il<+sd5ySE>!JeE!Pq-B5^U_BdPN$cWvUr{N+7drsG%t4@jmcy@`Md| zdGr#Bx!89eJyq1PH1@Q5@_Uu(@k<41{g$Ia8k;9|9AU`uz=x1&iJjnO{0P_Zt5w9- z576NlWso?H>{7yD$>v#te1s)QhXT!liiCC$9L~?{Q^>Q7cEH)VFz54kc|=LX#SI`A zuceMhAgDK%eXU4UWTE_x$sd$yIm}{lPEQnQ;U|gmAF5lNx=&2T)8OIAP20_FTKJ2IW-51%wo z^D8u&hshFFp%m;npyho#OEg|9^WJ*w@dLgriVA&^Yma0a2(2*WTDlJ_IX{?dAQU45 zyzo`-L!Wphx4tfZpM9A4+*0BM+FWlayzE86dkjOLEN9-jCX_Vvd9wXu{Qnvm=Cv5# zxve1;5SjG13Ph&rj&H|{%JwpUs*kniEp-!52BZO{W5FSR!|&!bJk~E~vGhO9JB`>h z3*b{s3?TeL{K$pMt)A4zb88ON`&LCSpM2KpEY0I7PPKQ;O?jGVP+q**@6CDQYBc}I zR*+W|jlb3EcQ_*SK+gR#xcaddI4}4zpUb;{HMTK*EEFSd$D?Ag+(Y6&w7+J)_TpHK z)d)F_=4Y@kAh5~P>H(O~^QGm{)%491Y|`ml_nvRmE&JP1jWCrwfA+oY9nzE1wJ*E6 zfU`FfTsV!1rHi9~A`n}IR;pP3@REZ?49PbehaL#4+~>QYIpGG>$jIfKV!7t3C03pD z^D-msYNUkNMFMh)H-I|f@cYciOg|=&bq1;kH(6{j;59f91|bDOEgUxGC4{SrROIhI zWHG+S!-g(nN=5znx_=Vt+)`jEbD2v`%Pz{Z^i)6)?66I@7;WU_$NyWUWa-$_B$aOw|9#4N-kLF##UUr z1lO^9wo*7==(IxuChM{U*EQ!;>-%7$Rqt`ntnpl!p8p-b4-?JB;~rdogW3RAsK?ju za}S26MO*fytXb!HV7iLqJlBH?6#%}_M%W)6Pn_gFDvI%?8tcC2g?x0PD^O3)UarcQ zOy1+#Ve{rH^p;l*0RT9+ayQ&%e>s$MEOK`PvB}>As|{CB^smdFGA7S>kI}9lANySj zPZQgp$h^evjY|FM&#O&ZpGZ{DDhDKrbDw*Rd}M_zv-dJ)_I(&P(;HbmXr~X<_wgXT z=)I`&bnsu#3;u#CBSYYo%gXX0*%r`ud&0`%_4F?3#>>a(bcNHg{vm==+ppkQpe$@& z0}lqpRhuIJD2|lX!aJ<$@`BhR!&7*-hUNeX}K_b`gDe1CqJ1s?9N=1>(Bf zU1+!H_g%jw+vL{*4G`Ys>TaBb$DJkwGV|kaltgZX}bi<5Tr zZjj!>uZ&)8Jd(b4=ep`n{ouZO?yz*LnXe;=V8r7yOdMjde1cbv*_lxa_LJ~yh@?3g zOz6fNa}LbMGaG&Mg~*Nl;aCnLJVl-W3g&blCIq&JH#~`&52IqBgm$0a`%%R@Z7d`p z_N#`VmAO1OPzD22h5r-n*_vP~edA{WqtFjvEj975y%e#vuDehzxLl3bWE-dVHpAUM zZB@Ousmq#aJWeDb;;8I|8YjC+6o$m5=ST`t7#bqcWRL9FzJK*AGG z^9<*9?!WxD@#xAFEIxC7zLU8PrXkrTw9aF1NJ^qsC)in_vn0r*Vk zd)C$h6^*ieg_pZb+&;o#j?%|VK!DHKd@lpEjSKpg7?b`jo$GuoivW{1+n+bnl`k8Z zX6U=DlZ<&Fd*?l{?J+R>&Oq$uZ`Wb@Ar=2Jtr?g{%OshgLdtYNo+N`~*I$%6{y&)a zkLO5&Z<@1l|33SL%47Iw>$BAKS@KrSDCFcL8WdSezrSXf{`S4F25eaViC)J~_xVNJ z1VB4HrLd0N@qg3s#aYp6vkC67W7cSjIYYi5uT4#V(UJGzTN9|cqH|@H;EyCV!iD=Q zde_M3+W+$|qF#4@yy5 zbNjM4rjO^;G~xF4riaE1wd+TwoW#of%ZZ>Np)rJ`^1QWXx4N;s`knSM*VpE#b{W6Nv};dX zerJf+$KRCfW|2B2#)+bRCxT`wPPM^1E08Q~eKZ=n{CEZ51<~~x@mKizJeD^QT0TcL z;%9S8a(pVBXigyZz?@~Pj&ONAMKXl1^)_kELNIkq9Dq^+5}SL``-+A8SAD{Zuw<9^ z=qBjr`Lh=fyjs@`JPW(KLoKF&Z(~XUSU%}5ez04B%_$v<%F+3lP(pjsu=^l2$Ogc} z08a3c$VRmzu=2JMgSu~W;-(>hN#mb9$h0f7gvlO4&vI1^T080AJc6S)oZj3{d*!e1 zt^K6#fdEsml}CW8fzZa@QwA85KgBW{-8!T1qinY^lS1%y7C{*=5yQuRKWV7@dmDjD z%+FBw&{LC@SU~IlbbLO;?xb9cUT2}Erk;|g*_L44h|mK)!r)Fgby79H- z%Tnj_y!an={h)2rNK2z3JuT|#8+=IshC9|Es0)3pB$VsU_a%8Kuk2Q^{OVDQ!%3?1 zR}<`@sjb%th8k^tEr6&Od4;=%Z-h-sidvptUMQU36prV<;&2O&*(k}c!w*8g(PQI; zVn(S9fl2Nf%lF%x`dEb&y*yK%I2kro>~$7^knZcFAw>JoL0JuBPBzni8Z{X{9ZhYk zP-F#H83L3Icvp(_2j>6NNoJ-V>pUp|t#^)R>ZEFf3(Y%6Wj55G$h)l=mT?{Os-+WQjh*^+2)P`(zf zn#y^|jl*mwQGtk;BaER^5qU@o;TQbyo|Qk&iqM7>@)({!GqKsHDQX2|Imv<1)8_J< zo^zePGpgHxyOUo$PytN2xCKQX^5y2=7=dd5x*wh|ls&YJDL&_{EOn6Ii!_2x`O=sI z+rAK^J>kXkeVGU2bI#L@Z!dc&uD%Uol_1r<)4c4ynRxzT2lK{n_W2~W;5zUPE%L0+Jr5vBy@W-Ks^gJl-MOdENEJ$$ z&VxOmO`Sg!rY>ViB653wt~_io*ks?AIZ}U~do{a#DwXW}n$Sc6fSVG!R9$zKj-gcY zFPpAk1yhf%$fB{_v(xR)@ri?bz_Y)0?a4Oij-pO#-#VC(}V3t#X; zgE6^o@qPy*uK&4|oKnSnEw$0p;k9G^g!7nvskB4YC=U& z`sJq=eQV``+m57jglpQ}$45LkvkK9X--+otj`w@yNgNjMdmU&JBS!T0r!=K-X*AV% zn7%7yunW7hqC3S=6wxj7z%FS23Rht@E!k4O%uAQEV|EaS|6}QYPJ2(-V2aax!x1Dho>^LTr`{Ue*0yjk#xHnd${K$ z<(q>c-{?}?^PB1)^T=WY!Jdu=_d`lPbH;CH75ZLt)zt&4lyC7dY}1 zK>LZKPVW)C_dE6ZSr5lAJ-vROxx61#15v!x1ZMhmhXJck$=?U=%R>uNLL)d@j3$@da|hDqf{iT{@M>&RV!VTkcuDkt(BH zDI|Uqx}`?``hg9k$1M^EGTG|(_}tA0ReSRGV^Ks%U`^*XO;QFT<5FGsII<|t(sS*8 z&aIw4#pWY_?vc@ohWEGw&U!kI{Esk&`}3XyF%GY+&FxArRCr^ARnyyI1hLWRVso)r zl0<19-_G=YIHr?~N~^(Tuvw|&VKT;h{e{1B=giRx41@mjZ`ig~zBZRVB-DNfDgs1l z{mZ3a*7+`s%;pdfzIi8Ey>AwLj}RkC=sx%=^Dja8=rB?$G0_0q6w|U<4Y^gRa}%rI2JR|dyh&^TAQbp3Gef<_UZ$n z3Fy8qFTd9F;rKo1H}}qV*9UotFk<|ey`Ak5FpdCGHE&Yy&C*VYRZDAI3@lsj=;l@- zHpfi6@y`?rs+ax|_G;WV7igo_SDA6 zhn_y$YzT-2(B_8bZl;s0W!Mi}Kl^;+^P_z2tdIAB1q**@kEMrU5;dnEQ76p2PVMOyXUVN~_dLrRL{p52@VSe> zO)?$9$eikG5Ae4$~66D0 zujr?edS1h{aPN6N*6fv{1p?W(@&RSxelxadV-8gr&1&+SU5DDI-4zvNTosA4J}AC|kB0%*obV0kzz-F4{x{n1C$&$O z^<5VCTN5KpdJ#w7kS_b()QDK<$;XAjl~hgXvQKC#gIouDax|BTnPh)67q@Ucjp_M3 zw$K*%j|G?iFF7#9%JrQ!ZajCA`2wNyBsLCQ!=+9y%SQ2RWgRj;=Hvcw*MBV)!vx?D z?dj6&apx_72U*4wOH4v+TWB)I+;}KX}%T z(H2DvD?z7&$8n|93;qKWYX6G}^SQy9psv*mGGU^yeeLS5d)R1qq3>d+KKAo*VMTGV z`2n7(_zOVWaU=VwXL8{)6#Eq`yFIZP%wfT1{LX>%~3dt%;$8`qq5l>3|_M<70l-uhk*IQPkik+DMm&b zf4f53-j=J~=|`8ckRv|V2Gx30;oSC%5T2G-huvIyXlDUp1{615ttMmkIfot^mJeI1 z<>B_&& zWV*N>3_6Xk}u!Y$s1E>C5qfWGp+-n9w>|DxfRx@3@aMbX`mhrcFf zoH09Yy8lC6s^?It4qKmfJPC-1lj^Vb-slX_2!Dp3q>`&X-=WNdzG}RtqyKkX>dyNO zaLK!q-QParzMPI-Vjr9K9YiQfVgypp=1LiF7Iah}*}-IQdhxq(d6sRvclJD=l8i)- zOoG%n3Latk5zGB+B6n5Wu4Q7NhNQFYuHxqJA>PaVChlXa)^u*L?<*KNGM?f$GQpEQ zKi(r+gmezU-Xj%pxN;bMrk9$X-}D1hj2b$qB8tMj&HWLXYX=OQL*aRHHp@!o5UvLB z^82@811OL?GNgX1b)x-ka^NuK7`##Z(e6MT|CGd4=buq5h55Q7mw$#I2|gm|4!EsmFXq6+|Q)a4oMlG`=96a+=nF9I8^=sQ#wu{0?=?#_*{Me|zkKSk}mry&* zQ!)~$+UcPSP(DS+MqqtsFo^hI38FWd2@lIVbz2Juys_oe2>^e(+DL=iuKfYG$> zKog~T@xD-BPv3e;5}$7$@jLbS@AG_wMJb-?j`Z8!y*H%54exNT8JK}7TiNyC1)*;5 z?oOB3hi{wrWgip2nu9#sK(9uj%z<%n9Ai(XPJ0c?mB)1}Ob-!#pArW=qF6R>ISF4dv;=rP=j=Ar{@)!QX zsBXksmt#8>mG*u93c)_HVAZSDugE|i;e0{uS78&HnbVYJxfsPrNqL3uGQHb z*IbCWC>k!&CshrUdE(gM0@k$lB}=Bx*vm_A?Tn`TrhqHf|4v%7iDS%(H1$5WUo+|0 z?$R46%+#aJypxl)gk9p2&K3JLK@Wqa(mn0dCwS5+)-#veQB?OHzK0aA-uiy|kRv?Z zu>R#?pprVWv{<#%?fGEqf{fX$0Rp-VZPpL_y^|+T!tDqB zd7bFHZxkcgnR28;j=>Q;W97WG}eQ!k-@N{FtBheo4#6K8#jbZeFSAJTfF4 z%Hk}Y>+X|Z?OXmsB?V#9lpYH#$eZ{^mxRN#CQaxPG7L6VS1^ij>qh%@v-R}28k>If zz3Uv@()*HEG}*QqxXFus7tPzYO8Kzh?T;?+$jaIbP2<8bgS+n@2cgdEWIj>}BZk^U zVh2C33{{3&wiXIvOg!2K=loDxhm|F)$N3kNPsn7$=z5*l5QOQFKXmUs#+9CT{S0=| zokkV0*eD;ktA2Uejb9W2kR&!xh<654m!h$x0=PF*!@&=5EzG<8`j$-!omH}tRjtPbHx!$8^|a6HIF8gS*g6h)k3fD-=wfP8g?Z_sc3oZr?j&4G zB}h(VsIxi?SFsD_i1+jel@&J@kQX1~^@o`9<@^wHAFjWmKZP`EK~JIERpzLJ{2UsK7}G&gSUw>ghjKT?^*n}#jD8wm;Ud=R@(H}OgL|9 z)NwjpA0Q4sXW~s}gOZRb<$Pz76Za0a=gU&hlkaiw@gxV$73^`z45xQf`n}(M@=V)t@ zOfb|Sc3?x89*mi|hE~vVp#kIV-GT)iXZjM<^84|gx>En0rI!KE=)f4aT!^tWrmQ1k zHo+lKZVCeLrhf}#8p4l>f;xtr-ZxCX$P}XYW{k4n%Nfp<{xM?^B#-%Cr6_o01DkvE zp-n+A+gM{XN+{ntzKC5mBE^PUl4S}OmIg1}T7RRksG84z^kL)u_WXU>D3q^Tm);fF z%D;fq&Y^hUr?#s@y;?$v1oH976yK-w;c0lqebT_kJcRc*FA}Tyw2=*2iOa3?iyKjSza$tp zZXZZ$m|-hK%7$PQ!KDVa(1*@veo~>Iex>(<=|S*8UD4)m);o_g72;D`U-cJBV=KIM zjVucFKGB)0d1|7RvMgC`v#(9>1GIa&-ST0NCKE;&xj7u->L7Dp464}JC60Ueuufz* zRlv+0Hn@l$W1l#;-$>}^_x2GJ?{i@G3Jyt0eiJ-jW%tK)Gx>%c`h&WFGuE_Z86Qny z1&Z3gxsvl!kg>X-K2XgGG?@cp2l|Ei%cgj4Y^(oUhA#l>iQO1Idlbe^Q{bs@hl_RR zxJ9;9JP3|i`s$3JXeZW4>6Isc>+#e=0xS|te9t~$e>C7DOc5P>d`%X{f z27wNF_Nemo?W(}npI;fPBxECI`6-{T1I3dWaU(8ZDx~m#V17YQA-k*BCHf`Y>H{w|V!xL$NZd1Z_YqyyNqWe@0`brF2k7zb zc%ykZbZZrRS8OB>VQ2a6wMl=r-3aJVg;kuSS~)Ai7abJR=WZ^euGlsBOqnY=vN@8uW&6uR%EA+E(Fu0kZQ?|8KrRP;gH%AWwXYuu*1 zx=#+kxbg{$UGY0J>+CC%T2Fpe8ssE(_;?ISS~55Pdb+J)t_O|xJi#CVG7|XXO|!P+}MV8S&fGn>-~wykO$ZPI{8br{#-^rx6PP7Gcx&(x{cv!`ro| z^)IFdh(Z$yg&Sq^XbbERzqv1ISu3>|;+ez#mebW$3N<<6^PY0iPI#{1x?2qkdcKV% zU=H_LzC*t5{kZkRr+6ayG#$?0+Vqj>8!jEl=VV`!j!l1@>QnZ@^*4!x2GC@hOUw`N zu2SscoJU{+vZDZSPV&IE?t*QY4AnlAforHfIGW=Y%@Ygk+L~;1tET>ZG+#6=y@BoD z-g+Iiy`gfH@XQd55n`HY&33(g#Tc6Vh|2Yw>1%LX`lJ>a*<1_@YnJ_L15kj+UP+JT zSwNc1kS{~C#}@ioWnneF?m3z3ttaEGy({mC5?O`3T@S&*(|T@^Ea?Pv4XwbTrQ$|n z&$#sP2*pO=M^8P0uh7|5VPSPGas{Z%G5D$BeoWcrDDm_4-yS*t`ul2A(6d=_169iVO8$|E0EXSUqY-4$Rw(|OF?l67e zuhZ`qcjh9YbWB&WgB_y=f<@7JGKCUMeu7)Rw{U4owEe7-CWMu#foX`(E-~|>7F11+OIy&r&IU1T`z#^-W~*uo3`VV|8DI!mR=DN z3fbz1Q_*E6a9OBT^-kq%I;t4H?Lafm`p6`?#^oLzfqe0=n_RL0qMU9812>MTgL7gj%iu-xw*3R z#7gHmS8FAIg2-|Yin~#!J$+@^&xY1lEeK^j_ma5=8nr?@ZXFS6J%S)lJ}EFaVGS zzBNt?rJhJb;1{R*0b(XZiWb86WxrA#OQ?zkj|9f`KQnr|u9u>x5!c_-EWr@sX~)2r zj)WE`qEI;$bmX$%M|wUmQ3H3Y!oK&jhD5;798Z%A-Sj@fG-B*DQ%Rq0sY^bpud?5B zjOGB)CbD@Tz5Eu(vWzW0Ob`=Yrf=&@fS4s+&k(+uTW&s23*K_b3}Y;nkl<6r5T50o z&BxL$D6vT0zFjNF{e}0MA z&Y_VZXM?>;Q-x}vU?XCCuW=^K%tbp@!v!O|1Z2|X8M&~5wW1HD96pa%e*^d*Jy%Fn z<;Oiklq6^a7ZRWZ;7G@ApIqk8Jqq}FUlH-2XzkeyRisQUP|*8cJ_E{lkp9~2qjJ6~ zcAU>2mpvg-Y1IfYtL4IS947r4{yQ-@e)#WcKzf#tESjGW;W0 z-%m23hP~5v5_1m*xA5BZY32}pJ4+o2p~Dr$1dn>0kO2jD^!#=>3vx)OjEf%zl%XU; zlRp1l?)G(i5#8&liFHNoRT6*UCGW3!dr@H;PGJv7Jve=$jqSx9xJi`ci7pE2{<~iu z_dkuL^C$0&iti6zp!*TNKYA%b%`x(!al&yGN(?uzT0<*Zm2hD1O zIj^wnM(!A?6l^y@ojqFjuiwa(^RlvvIX5B@({?OPmVX6s0|*gPDo;Q7_s)n8FDUkH zD)*?ZpYzje#C*%_jVy*F4jzwt?95|tdq5Trn={Y1eT>IRYA8g7swsWpzGnTCy)sUE z>2+8pKhLZzhgzy8y`@)U4ptR0vVNSzXLv#&y9eOi`Vq&fTD9*P`8xwHnC($W0+`WzgLSLN-h!M>?GA2^Ir2% zkucW&v)3aEqC?;NsM;OFA+UFq^OGX;fH&pMr!%Bt5|Zkay1p3JA$fWF zB`1JZf?J~|S81R69GEhTnC|Zfg1akPmQ+&o3or&JmoI8CQ#n2E*58Pwu%C{%#eG)R zk?bzEOjMLNty2<>0Np9=G2+g;Jsqa)_dMKGtdp?su-x}X8^q?BkZf^G%(_+Dv!|RU zV-|0>C(7&UKl&10^%9P!KX;V1w66Pf;7p{VoJ8N0@|$PuSz#zH=4jDnVvb-8UknH!B=Or}e&<2MSTl%Zsqh^LAi%iZ95IF0$e6>|JKUQI7ZR z@kvK}U-<>YcSIdeoaa z1&phf)!E#>|8$)j9nS5j9?ATDnak%>#xU*?Leon#yIp^r`_`xei-Q~B3Rnn9x00!fyt%3T z(FgG!kFd%_ZLP${a3^G+ef-eYgvlm6bGb!8-h5wDk}P!dx%DW+X+Ot1zuIx8*uP`( zK38XJt`jjhk)rv$&>B%AX)!%d6-n|iuS;XgR*|^48Q^jOTtuU2p#BXViFsIM^Tpsg zov*>;Nk7j4lsJ4 zLg{KcJY#eQwK`KB*&q+K=HW!LguL=o#OXA*olU3@va6wK8;9r9qtj{hw=TMq^FSbt@ioAo4^Oz{SnkpGJKpR zO5z24l|qAQ0w3VO9`kb!7SEROHXY1>rNX!1P$En-#vsXlK{txK>UwW+nSH+8FJde2 z=_T9$!)@bXFJa324C{-=DfWJnYF@&5WVz4D*xSb=UBX80$+)ME#SgD;2PmnyNiHaXMoJ1V$Oy$;^1U|{#@WB+MLF)9j4+;el^b;4yKF}FDn`C7Uf9Dwh(PXt zRiy$ll2IWG@#mN*$W6aYsxTjEDRix1_}~@^1c2A?fQV1$`x#dUIj_=Y2Aerbj*&SG zrU8J}uttQ*AJ0C=|TOALBF6 z@Of9j#LaRED`o$0CmtbmKU74=9f8*G_a$_yPDUQl0{tCs-R0+SKR$G(P_1au?bG39 zo$JT+2_H(4126SGYZ#=t$~dr<@}ln#G6W0s!VzO>aT089s{>?AFKnZ(Q@KQ0%zhvV zb=Tw;u2%?jskR#KdvuomUfKGKXLA9iwe6Dz*IVioWRNsQTCQ9A=uZy9=h!ZvO6vDFpvqak?i+Zf(OOfd-Ls|KYm?5NlWX0~_r}cMFuZ zSg|}n)j^c3ghT;%bT+^05zbdn>lD#L#)`;iuBZdY1 zPwrkRn5#L&hWuHW8n|+kB`p-YGA^U)=q}P5D(_!joj-f~I{~T{0;B=NERJPu_#b}y z_Ie8y%+z1wP~OeE-G}sGOiv8?*k$RveTxjv*rn1Q_B`CV=&j|E5pxHHz3GS^JI}yK zH23uTyErcevh&ut9mLuDu>R=^eKg(_q}H;@Hg?p+GXS8%R5l#p^o&V6Is*bCr!GX4 z?r3#MYLD1h40X+Ud=gJ@4)p;*GIGvg;Mx&653=Cb#$T`5o21 zzvJ)uqIY@zJyJ9wCv}D0!+#yOt*rQ9g$8O zC$8@#aLyF)s4ZWO{KLvzLLdD&>cRG#R-aV4d-!Iq1FTA_237F>d!Gv^v|&|#(#Uy- zCWK~p0$xsV!AiUNllYnodSq~fBzC*D^$TSKH+bLhPbI#)$-Er=N2KTeH$N-e&mK3K ze(>Fa(zatArE6x9wq{owiYkYDQc7|5pv?R!nPU6n6=^uVf-A`|zGMBs58r{%$a0t; z-T3Tn#R;YMnHyeGp| zlVo49y_(s}^(%bPFRDltGRA4&gNyWQf|^!HaPo^2Cp5)=_j@P7U(f=r*$`kT@O4e- zqw z1_wAloOy>d)imoX^lce7~=c zgYB0OdZ?tEDIL5J6WkpZzE_;pvB$$Np1AoOp*)U#cCPdtU)c|}l@FeM?x8^5LS0|R z^>~$T_Qd`|oWp9L<%0rIFU7qeR^ zb)rY^nugCm3B=lqfNdo)nA%Z+q#3*e>GLYc<2Qdci zx?6(j?874@pFt|4#8o=^#lW1>seqZUolulET6Ok}`F%W2t-!Dj`|CG}1)NN&K7go! zCOqwFuHtGh9YgW5?xpOW{7Y=R3+BuNTpea{lPLvS^O?={|MjY02YRhTzq zg>IpIxx9gE%uhrM-@`dz&Mzf^LoIoW@0f&trSb9YTIA)1U53$`wk|2Ay(fS8{Tx-_ zE?K(?_Zf~{_mieSbXjXz)}PAp)KnxtKdHkH&RZ6@;ORnMmnJP?fUe(hfhAcc&)~=8 z{(8pIhHH$+Ztun_9*)FRAFY5p!gpU~to3vW6kGTpa8Z@LWev~e#M(menY@X=zqs!z zwJ6B)jp{1^7({@yoPbZnB&^h9_pf_@eT5mel~4ND@N!P1*9_`!AD&n2s}8{UV*w-fzJA9D zesEx8RjXlz_cD*AI#9~&ZFYHb(<7?mwwdjk4>UZk*JEEDv!kM3HdmEyu;q5Iu_5+G z{Vt`A*{&g6yTyf#Sc4n67x%tqU=oDByj*al)YnBL3Bg|azd|aZo)kRz>*Cu^VODo_ zhonaF_^QC`!vlKFDl_2vD5Kk(=sh;D0xKS&R`3goUmmSQ)^$-d?0aUmDQ zMOtmC{L>5mKrTSE``m~+*&wlN5vnAnPNK`N{012p)b=y}b&)u0f+6$VH&&J>A zWzvmI12HL`Z2Wrm@she6(vKXT%&&?QA5nqKC4_Zz274nx4?5DiIJqbM;x>Q}G^}yCj6pmOWspj=dddCSu z&Uw|s-|_hQT5p8n%!iAmz>r5M*4wN5L)E_v?>&oKCKUFD*@A z{a+4K-XWNiqN%rf(oAHzfmd#7QD-`tuC~~&cMM{C8~D6D@5sOB=ON|uWJ}3lQhkYY z;Z1hbRB4GV%RG^A4UGLyt zmXG^cqcg|>3%-hll0^Jnlmqb`>j52C>M=b_FW5JmRC$hu`3U>AWS|zpdUrx|x&eSj zr{?Q&eeB+1UN4@CW+pICFz)Mdcz^nap_^Y+9qLkODj%TB0WvDKOvB(Z&=Mp(-rf-I z3oAbb>pV~dJjQMM{?dx))M`Dj%#>E!Ab9CWZUPVrWlj~mCn<+J_jkBlD`{$v;`*Ab zRYZ6pIs(=N^eD*>>+;3yzI?#=f?w`yPwHX+czHhoztbHHCO9!XAy3*LNdNT!2Fb`(@BUeP3}FPzlZ)Gwk?ruW6i)D3_mLMDsd_je7qQ?~r<*Wc<* zBYU$c5#!zIqnp34 z!L>;X8D``I)o1j@Z`PZb3Fc-?^?Ovhr& zYWvBiaL;t4zZHI7B-C;PPXY65$b4#XUwKpd2-!z^NfPBy5-*R1)2cp+pFdX@g*mU> z`>^75x3*169={w@EMb?16o>*kS5$&-DDH3I6rZ1N)r%S4;Q!%ew%k0e%( zkCP3*(tUC^f*%P5U9w{x)TuwXp$KD};6SU#1-7uBhPd-ner7R;T}}9XsFa&|cPw(R z!8^EF1Zw7FiYx?OnO#%8ZB??4sZD;YGo($sWtEgxFh8tKO0jzg?$%lf#8PP0b> zcdG-1w6=1o`+~RU%dQ>3PO#O>lQtNJZ`t2j&rqfv)bEtH!d^EI@bjshqz~o$XPedE zLGwMF`f|T>cQd57JxSn|Fwdd(TzYep<B|#D+sIV z5s~!}&Q`Tgj9ZU$&ga%Y@m*J<6yQnnCoi^_k*QwQBgISh#=6_^{8=^~Pk;ay)mc>0 z<|XpIKgor{h_i({=hVrAd^3n>Q$d`@Q%uiE@!opstG-{UGLU4H+#fzP5#-XkY%uy6 zkNtBHlUr`xYL>WA&x08(H)lAk7RvNK2U>uU*7MXTfmfdf-l*VLbD?J(O}mFSE&vkp zzM-S|*A@<*Et#91{zsCo+O z7yIOI@bS8~*P8KW=z4en}(L z{bxbB4Zgg@Nl&u^ZsOoR-nh*0XnK9RF9?kLRh=uu*Z$EO3ENvAC208J6MxVQD0aWT_1$lI9fWw2k80-*&2&iZ$Bp;59y<}FEEj0noLtaJMcyVuVz2gHTnErmbYd}YN@ zl$OlR%Bl`wiacJwB}?4)+ry*?6S|VH%bCBfi1$9s|)M-Irl+7Kw1h6Kykwfjdai z<0dFgedML-M@J||56+Etm!X9E@(&muog+H2OM!RiM*%rK3hjQ^1;tfYRCveFdwA$GMNDd1&m9hJ65#yM12@EK4}dn6qF7GLdX1=fhgg|w%DeK6#B z5}na`b^8K`aH-a0?|(Uq%N}v7Cv7B>s5!J^NJp1L^9?VVDJcB``eAe@V@m)69NiSgO#dyx60i$AUNF-`Ffa#L>`Dn8lCg zxn8JjZ=c5gB@%NTIA6Tw7sJZB!*lkL+>@od+_hfEVHGFK)T4Xd_|Oyx-s?MdXfVdN>pmCgTeROcK+zBe>C7I=`S<2&U6Kw@ zFB*P30m$3YIP~+Vzarl$;^kDx1M2=3%p=P2t+nt71`ubHv6-7s192sM~;!Y&} zt@`qZaF0qmVnb$Y54MIKS50fbH4k6V8k*>B+TVJ50ynqU13);bCbE`Q06!BQX3 zZLy3y3hAI++~1!o@XCvuxBvX5<`Zlb1oW#$*}}vHnpBO)fvG3d3kaf>3Rm7q-{s`~m?hsbAz0)}ej$6AfxT8nh0dkQa<1%2JV| z3)91rL~~gf&F*ni{~*^-MO0U+Zw_67`K$bvMs6Q0R*{tv-pWG^1g~a#a9qYF(K}2&{*2AdyZfB zjkn8g2lz0Mr}k^amtG>fg~nP^bT0eooYJId_-`UZ>dJK=bK}TrQ?-Sn z%B7shT$TU`$JFcZ5D=er14w8&E^0r z@-O>R*?mb2b%|`b-sJlXTlHr}ydVoKmV|iT2kP)gAmre)fa?EYbz#bPl&OI#C}uad zz#v?9hbt*b0J}nhXM@cn+1Qj~x;;h()YtoAOnG?xW4)yWjRj>ZJlfe2{KNc2nf+20 zi~^hDNE>+ae0N^6XLsVNafs^GS-lKAD&zVAl#|om*%vy>U$JR1ZS{6f(~CpMn`KG< zCF%YC^%vl053Yj!kAd$%teUXbAq&J(>0#rcoSNe(V=l3W)|^xXecbsM)MT?gLe=C@ zaWGHoT~x1N-QC8!txyheHhvlLE!rDlUlb6}YwEEK#^>F>?4qpT4MZ?TJt;=;89PDC(Esyv&x~ z)OLjVlTj<4($}VQq;8wfyo;@bB~l>NxNru6VWHzwp+q}T!7aHqfcX}CE|-raqRJ1s z4I;@|fG3!yL;3P$87BO_Kq3w0nZnCd;(DBwq%&Tva?%4k!P@DyJ*52ggl%r?Lw>S% z2x9>Dcnhb_Vd#msy6}9HljUC9f-xDZm_1Hh2{7F6%P;f-{(3`n$NhaT2sx5mflAu{a#GF6%v#2 zmJnk!cMgqqKI<0fwibm$`pVNx`}&wOC_6s5Q`yEyS-DJ6EyC$UQ!)cjHf@{x`(Y4| z{u2ea8BNu$3f!k~Tsc*zU)w4=hPG|I+hXRGB>QG-95jc3J)`QeFa;9Xm~)M}MU~z^ zXo347UiW!LdD6YAZYi`ywZKar#6kq-N)ML9Myv@gSHCRlH;`lnU`;=9)=O1kbSOAT`Bf%1fJY-)A{brgw zS#P(a2YrgxJd4jp)0|(qr+Jy}aB4p7K0^1Ato86xx`*|LhE#>L_Vc0d#`)_DJzW-Q^6Y#65Yck#naT0mpUEsk^b|b1UrGw!! z+7ir@(i^}k{pA*14wIbw}Q$v>`y^O?CIjI|8vm?a!#czeKNhr1*r|Gyg&%I~2= zd3lBe6O6a}?F#nURNZ*xeb`UXx2={Qsx&*f8J0sw*1KE3>s;E`9?DRB+Q#uC_CNi_ zg?{7^0L(fp1n0(}egwzp9no*z6ZR|W#@|y+2}vtX8){zDhc6w@?#f{alkOP+{P-xL zCZ%{&E@xRicvVl)M~fz2jw(FGX)RC5b9(rKfB$(;CwYOiO28#Mq<}MfnHQTld8ZD( z&b}7=WcYjy`=`P)2ojMS@^GYbcJ>+U;Wmd@CKjmPAsJq-mv@bmRqyOFa==RAJkGm^ zD#(s#rG{%&*B5cOzj2Qx9jZgUSgy`o^)|Yssb^lArAcs4?-bUBAgFQ3;yOpQr8pSS zE)QdGZ~LUXsmiSdE$D2X<+MD9B?FQNfGaRUuhaz!*G58V1f0wN^zkK=n4c>6$&vTr z=6#K(Uaz*c$ZQpl_s37;yzf{LDsRQeONdT&b&Y2$h|EFK0LH?#lpYCd0K}j*M_xai zl3}3?~2kd-zyE82?hc9v8+E^0>3OMFC6lw<|pXFfBwUT~4K_ z439$^vSz}S-5C|#TLN&(YZ9*#Q|nL7|A5Y=UxbJGIN6Bll+Y2YcUZt(LbT+|LMa3^IE5qO>Det%XaNBoW z*yE|0*Qf95^C&3#S;15T8JN#wTkSHmAJvJs3tE8mLR)9@1-~5+*Ev3~KUi(-lxyj+ z9CRo!_(W7ZR0f(OJyEagg(&dcSicOB028uW&|PJXM1W2F+oj>p#;lhAMj2srjAkVRhjD&Wqj|i z;$mo?x`Yt;J|9pf_wfG%b5rN+b1&RyN8ho@ko7ugd8wBDlGhCTkEQe4R#ge2=r2je zM^G{Xk_6u*qk?3GufL0Z?il-oZ5EpD>Z(<99T(;dn-s9Vqvc9Py=O&VF%(_}<>u7+ zRWTZzwwd^`Z^dhtp@%a9DYA_k|K~a!g#VOz{#4^gJ!j)h|H4H0jR@A|w}~~Dy#OZL zq|3zxrXpOBj5p@-e!biy_*~b9@Z*iI?UQO!rpoVSg02hvw|kQU|j~{VR)1Spd9If0NidAs<`r z=T0{=Xa(G5E7ew?Z0JmllDz-sVQqM%968?4eUUlZUOMr=nGK##%dr7JPWA~6&#x@+ zsp7xMox1Bn@d4eN`MhA#0C&%KQMTi+nmO{oBqZo=^!T}GA9tvpHIH0J2VcoEs-vfh zH1iN{hEws4azeXZA)*)f7rG%$lgF!zkO%E~uFaSPitAfs%Ef@K&JCevQeC1YMAHhk$c?A#PY#$6+>Yld3I{c_7Gj)Wth>tt9=rCp=OsSCnhtYPx|(l zH{>i{wFl|ZRnnBcw0MN!evB%^e)QOUggUP7wA~=0KECSn{^@eJyNq`V=J8Fyis8*+ zJ+_`G_B%*wGEr3bKywvn3+Ql+Hd|~vH`k8Xpi2h%dUn^gtHn-r+MF?iVbVoG|EPJT!jp%_jbCR zA;wR0gkp8SZuTj-B%rk@q(4m~ij?B=(C<`Ep2 zTjFh;3qeNnX#p{n2!j-TusfmxT&4B&c9h0vkVs82i>3 z7?CoGp7`JJjLl4Pf0<}l?W8c)iFWr**vMWLxQG?M^mEVUgw!GMloSw<<;Fjn--Ni> zZGdkzr$`~g*uDp?(T7&4XW}bcm4j%KLi^s*d<{z%h7X~Utj1}^iYB-CqdhuMG~smf zQ~7VfAS6Tno*lli+XpsYHjnK^OZK9N%+~T5RrvvWdfb5@ojvq@T$~?5HjLfj!(`W@ zwEd%nRvYY``0^I*f#|B)A$3tK1(>U$9OW=05spk2LIJ#Lg)iW=Q766a`vp@0of?-KUBFIhyUh&fB3M#MT*)pR*9$beIBpfOWsR(`3SYRIp779eKvs+ zs&1LrpG)DF@2yvpx5?kUkkYPf)SQ+E<}a35(xX>m@-oAIHtmf03U`A~(=d2KF4(@4GrTI!zv?SL2=_Uy2^cE8BNoF%ru)|{ zNWEy~egBLfi|UU1P@id&yA1qbvvO*T%5(nvtglIu;%&cx-OBD^(n+>rN>=H>oXjt3 zqQZW46!X>Zh+M_;`#6oar&tYFQ?K*-=iEoABHx@Q*k8EEut>B+e!4EA!Cd!%1MmNQ zF|e_qa%xWPzcciIBvwhhXjRd4d2zIAM7;64Z6ckdjamhcZ%OKSF?9izltZC*W5LZ5 zcpGIb@RyN8>VP=}Uuwz9+kKyU@&$p}*=XYR0)7K##cOtn=RpT~{~&i(AW<+}?Bmx# z8aK=yN46*sto zBM@#LZtcD9@5?UmYOBZxXw{2i1!G z3$8TjWmNQI>Y`sgHDn`%xo-jv#D2Gvp8HW4z^n^^6>72ff#$4M;Rv4el+$xFJs+>d zx%!*NU`7+W8(tr!qU%S0!o`{73QOK|C%;Snk_eym3_9|yJ%>3i)t%H=e%(w8{1}_2qW(Pri3Y+MjkT(gm%lW+2%Z#(Ea2(f+*RBi{_&S-6rW8 z#p1focu4u9A?_s|fRsp43lZXmMQ z{1~XG&&#{OKdQE2Wv^gJ2@(3oZAQ-Q{ME*tT{YhI^uWJxhX>Z^cn!=>2yTCGnK z3A!OwC%f?>JXh)SZ3ET)y=S4264ceLB~i&TTiGN{NJf%Bham2+$H)lr#(cCo9($;K zG`pvr0AE~pu`f-4);+?Txj!ol_i_&twt5{kzz31{GhVeGoF>5KlYcmNEJP?L%UD$m^eg=Q1)gZ_~Xp;|*CNC1D0(V;) zjlt+nu&&Xu`lGDoXoF>r5N8Fqz@V1HzCj0PfhKFmU$+Sgpa3fp%qNppc?k6UsAy+O ze=mp@m8F|7fyrcqCA@i7FO2&#rCJz z`#Dd}emA2V3DHmgVm;|1u<&b}uHby^tLjsI-q$7Rf0fFG`z(=6Acy&jJ^j zXu-9(`sy^8P`AtS4tV~p&Z1wOSem%KF5V#m*h{$K6YMQT@~DV^?uBot(ZfVNQS42X zo-Vu@Ic1+{FCR7r-Mf_jD*0~oiR#IzByh)m0?Zl+_C5{f19SuJS3Uc0q&M=%x9u># zwaoc#x6t$BL+v4;|NP$etgz5mCns!a`bx%EkvhI3&f{M}%aZgx9FjAs8}|pmUu}hq zF4%*Um7tvy6xqHY@qva1q;5hcg*Hzu4kgeS#dO!Lv0A1k9Vu0leK(YGRH=)?FHY=! z>NFLxt^7BlNjw|3xIb8B0MH3)@XN41_YcM4RvQ=@E>dmGiDKBND_b;;~7u$^7&qa3ZK%L>p)Jax)`PB{D?2`cQ5-!aYJJ8Ft z2fS|-M$0TAwowIK*4z0i{+Q%OpCH;P;|wy0Dem2Ka<{3>D&Ov^F8k$f+;9NI;hTb; z+Xt}!ypkXJeYhN;c6{_tAYlX;6m<9Irh`Y?sv3OgK?0#30_lAjph_i#@D8@$I@{=0 zd`qh{C!l-pqzgHH$kO*#d^GqWK!OV^eDW+?Y{l!5BHMm_Jdaat7NOIF2|`J!IUn2a}P%&B9FD+QBg~Y z_ZrBN%Fae9aNGx&-+3Ql-)WML@#N zghM_a=*IN*;Q39BY+ z!Iwwi0m5Gi64szTE-M+{B8Ra&k9bgBcF!0kMahW930@yOhmc5?cPOu3z&HQ!@e5#$}Rt#q=xy%`|0{Q ze86}}vhe8)KqqSH=uLo7XXIU|8qz)2$}Uqt4na<=oqvZ+z{* zTdjreZW)xCPZ`xwa~8pB7|<1@qq}f0JTj{kTK{&E&pKdhH)wTfRu5L57vrskrQlhW z6n1#S(SefH$NWN>o9cR&q=Fy{|(ViA;B&r7})TAoEfT)e&uN%+auYmnRNyFH|MIo4OFJp;}oWFRxL z$V0qHm~E-Wz#Jv&;K`Kh%$mL!pI36%udjNr$^pKQpw&LvpNmeKUDHU<Byf#4bXXUt?lC)fKC!cWQ`h5qAvwR4!!pW7}}UrA=GOpy3d!Mj%PX`w%5k~>ll z=piL)U%MtYNsX%m^`KZ602WN!vyB95;%hE`->0O6+)RM`D6N;t=ch{N(HCc5n<4(n5(vt3fVZ z>7n8jC}wPF-@?sNIUf89Z4nU|>HDgcI!(`FbG0qh|)>G3BRSf{CET&W3O&#u<4bMgt4jhTKU^8vL=8`_y>1!?ty(e2}k1e zg9qvF`93@-_GGHBJ_!V=is@;dMWelV{B=G;Ah1H5mE^$}>-F5nt_2oI-U!j&h>~6Ivgwb!~8* zL}%o|ERbM~>=g_&z@z!;7ye$vgwv+JHVo>|!t5&UUw5A!NLMo}ytRCS{MQ|b!?@hS z*P=a;I_g6Lg;);Oe@ISQ$+d`&Y$pr#^r~d`o}SVN_GYjNJ4Ur`MM^Q7X8-c{ogXA; z#iM5q>4gCh49a=Cf>1>6Pi8Ou9Eih!2UhJ$8Ng0vD$+%v_?^I|F#9nyUCwv}@A?Cpx@(6oV6@7lf zp;Y=^Ndk8d=!hWWA?_Pb`;owaK@}NaiK=$-%0i`M}kDS&&*II#z+PT5`VGRIXVyo(~)3B6<^IdEN4byznznGCo%f*9=c_IGveMjDdF-j~zCD0d!!c9;J$VGu!r9SfT>| z6IzhJNWL`!PBxYnnN{_3umLC3-;bEWXnVZ975d@Ck$K;TM5+w$37VO9UEpWXz0Sku zkxklL7+XtphTmvCLW@f@0p2HRW4|>QmQQxQAF+K&eKCTSPl@H+BIyyoEuUrAdh_1p zK57U!&~Ja;&cgk1cq_-n7DrkP&M56)W0qt#Pjw@}T<}8XiB7)X8O{Ugu+J|<3fc3K z<&9*F7do3NHZ6##$2~#QGW{*m7U4!2|Uj3OGlbs0Lv|$$I-@j7T>Bc0M5(oi!BjN@)A_V zk=Fi1`=)uYk-p!rRqZ8}TcAS(qER@gxMFo9UDV(3zJsOtm5^g9*|^v5*RzTym9Ak3 zw5k+nBXfN}n9)Vu20WOwAJUn~D25g2_xBP|Yh6y71;6bqZ%I&ljdvsy6%xjt zvGSU?*+Ffe#$HMi#b?$65E?%|rxc2VeJ>GG4F0Z8n7e^ed{-}PD!N@nE_%VPPb~;U6V`*ncf&6}I*>b~-X+MqN6u*5um5qL*(9Mj; z;@mx#ys0zcVC2Yi#@xj{6c6%=xd_lpb)S+K2Gvwn8@0}*&Mky8bpV*aOWcfb_ zvqC_F=FPBMFT46#UfMOhRmYkuQ}vr?Xn_!W{|%VIc$ku!2PYM_xgvS;v+g#$(!OvW zWnx}67|b3Bx+Gu0T`}#G;+t?q1YpM>_mSgGOm|ATTfWZ=6Zburt@SG*R5}Nshm38m zaN0B~$xG}xbiWuW55lku!QJcOD1Cj5qS zdZG;73fV<<)SH27A^nAWkUXojzWl{#Dzbrsw_lpqz{Xb+5AU(0PP6`trEq7s%X_;y zI1Ig>XG$MkE28o(?u6kbs}oYVuglDBm zBw>IYDKeQJDs6Ggz~>j@VMpmc9adD1HvRL1yrkjhtz(JQx51TeqlHPw;P;`TWQC@8^RyLZNo;W4`FMnd$dY=Fx-?2jP=`5@rbgf2WJB zNT13+y6~!wuJJomNR*lGSa{{3KfiLcK%$BvX{Saaub1o9*{o((@3t;xt4%ph!5+_M zi6-{r#nV~kRy=WG?$Js}T8%}JhK2SWb+Hf(ANJX-FZcVuMHxlKyIx?C*?cIuhTbL4 zG>Q?Upvho*C)3q+q5x%5jR0nmu}8#VdFN<8W0(;ygP+7yKGE$9H^o-3Bs6g$m7-#P z{kvBVu>|)hclt<1{UWzL6Ya$b)g0(g2du!uZ|l8Hg#Y**CNp+TiTuhhBD2rEde!Q2GX+jVpWuP%}Clicq41*%3a|=QC6@-tIAI`}jK+0KcI9I+_^L1j8!M zqT~2e!-_dFZrf&Vge|vD&&P`_S z<|Y{(0opC47naL95cOzH`JXmpmfmY6|(1%vve z_f5j~@E%3qOPA6mfp|k$VD=6QJk`0&F&C? zG8<=4Mo$6-lR7&m>@x&Qlw}43{ML7TzpO?V2S(ywBH1&LDT`A*?PpI8`8~W+Ib7-9 z{rJhx6Os+v<#feFUGsMkZ@$Z8pD%^sa`YVOnSZ%}CpGqL9p5*1`F`5<)gBeW*|+Ze zAFk#H+j+j`4*Y~~q&5M+Pa#|s#3%AxEN#SYU3Yi(D^m%xgx5?(Z=qdT-wi*P@X5K~)YrD6!@(VG>u8wVU4PzI6DyThKzOkL8eCHQ z#o0XHAcXR2Dj0o{wM%N^WJC~`HvIH^qv0UhOC@rEc88J}!#CVn4;y@Z%;RP4W1@as zZ+S1)E<}mu*0z_jGqOX~$B*t@R#FkKCokS@T{yUGNYv5fgxCa)$C^!eoA*R9t zdm=cdoh_xm=pP0l0uksapPKPl%IbhLi)g0QIfAzbd8zM4BM|oIU0X5#VsvLcZ7*1T z`e>@a13wP_x|DTt{NXAEJ7uFio;ME(gN1dsy0EoU3JF}jbeTE* zbp?*yGw>=R8!z{_djAkGe?xcYXjugsNt;AchPWsf*i{f`gxd{OnO0+NOoss4oL+)I4%f>y%&qldlicMqF0lg#?)V!Dq}f7%r>8RJG56)wN5rdUzyOx_f>j&jNb-(ZD z;rC-5ayH0si@mZibY&rbKkw-z&<{vWvd5T7)P`7{P04Gq)?L;V-(inoFUB*H*x&l8 zIm~_ zodt&F?8c4?$x3XWDy!L*W%9QELRxW(qf{KN_BZkSg~|!lr=`s>12y$5LD%nC6yt^p zLi+pioPXzf&YV{uTvTwPT!o9AS;|1@!N&VU@c+~p*>RGx{ewKgRH6^qd6`62kozqy zc^8H~L}B9^-g^n7>S%_c5{=+49yG0i_F3ks$Reij)pS_YvufztSGVX{mWv;R3fpyB z985@+0;=VOp|1z1^lJNt*JKWAak>@wpZtPi4gaEpyGZCvO~WrYlE(-97rkZ(wDjR8 z7ta3eO941w``WfC^S)k9bUiq58uE_9bUaz?Uw2qjlD5EQc*9&79#P2D(yu1^C0Kur)A61i2 z*bT4xlbE*7P?3#b7VlNULiSsCur|7Usc8)y+cr&*7YQHm-)H-lLo7ZbmTYke=DQ0$ z$yMmT`&r2s{v3VoWtaHxD|!5E(>}wY|1SWS5F6H1q}roI0%;CnZ`yVOdzr0Ib$|YD z{n#3Gf=BPy?Sptij$L#W@x+`c?{60sY0mP`2emJePe$1+7s&PRAv&Ym8E)ajs9tIn zFk9T+++_F_lVlckx?=0BYnAM)FWOSKn)8W$jq{iBZRN{_vasT{cfS@qEk(2-3lD~; zO^CDf-tS-gCd}U>xU?(-q?XYO8$4vQ4( zQl!A>;vVb{4h}#XFbG3SA4ruO2h;UvB6n#0wcV}x79O2kJ;V9xaSmfc)Jp6*&^gF2 zM^0A8E82rj_HdNE%mKmOk|>l0MgY9RwDVr>X>~s$5^aSzfiMuWQyN@#%9X?Ra~_u! zmcS=~^WypQ$v!3DtnTx~!UiwZ*8Zy*!;dv93<>y3QrI65H*Y!_VWOZPFoo=?oc2{| zQSH}T1Ud%FP>z`{+NR zg#NkxvB~3geSGJgY9x!VS6x-dhXILtRL>Kd%J;2)1XZ1Qbq7R@=vlkIp*y^IC6~r> z1An56lqLx?3TQsr(@iYzdeJkI+0K>}iY)eN6b|vG8+!X&^tABa&*F(j4$DvZvYmS< zcf<1ia%IQaLodYG;<*U}$veL!H2?PfN0oAAC7O7{fy`bF@1X%uPz_M+P)t= z)RXV$XC^Mi(VY|jiWbpx?&RN30aJ_vxP|bmjJI-guYZLXLBrnuFJJniVhG!o3;j^) zH|b`Z=8w*uc?hp5e!r%3B1eY#47<@`b^jkBW%k5FVQ~Rgg9MIcfHdOn~;ll%<8(yxbfgR9S zZ1Nwy$k;G&VG;%qj($yZ7M%e z#XmONd-vu&W_ff!Vbk&XYNv}@mgj4JdRYLC{HB}r_93egM3HE(W ziaod_*=tUylu0!WQN>qFGfZp;#0w7l5&x!S-4lAO!sC~`)>u+youF@tlb-5BHx<26 zLQC%}zsR_{hxd;RS7o?swNjF&pb~XS(SN65J$V&3kIwZy9lp&EmIW~330?zc!U~`} zi!?7Z!rS5o@*BJK)_c!B4fkbYA~f7LKVHdLe`NO%_c(oS_Wi_WXyYO4fTrP=r9oK- zVnBF+uiy8v7M~Lpqm5`}WEYKW>}ULCBR+UWI!ufQj%B>Kt%EeXX21jEaf&+iaC|to z?4mp!o~8WtF@B>9^>_q#0rkrV3vT@IDk2rUiyyk5P4;{|Qp_(fg}(WfgR@YW1PKx? zh}HHz3iZ&P47}s0IRU_IfR6)(8Ra13l}r1&U!F?#lao21HKaq1&51@;V0LM+R&u9*Lhd5eODwOZvFmPSP!l(R9pBC3Ng1>lLTYrdqE@}R8jQ=UE>*`t1b=dz_s zXP?*@Un#b4EOiGPoO8I|dgy{kyQVV8%Gse@;&xINB7m6LrWY9^@pJ$KP-|3JD3$G0}>&&^gN>ccNPUjO<qE!P+f`SR_0mJmUTSq#9j*mxC$tK=+$~!gZW{;M(u| zP-xgr;P}fFwo)+0yll!l`W-1_py4a`(UBrUME^G2O^q*&q&+{6W30Wp{1^q)vAzJ` zI)ACR{Nqs4sbTe(kKdR41M9T?1kR9LHCE9sr}N8NwsE+{PZ|YI>McM!bpzVz$ASPo zl3+;1FY;)jMe>@EnuISPyjfc(iXL4QhOU2RaAX(;xc6gx_HA%xrBGXQBebmQ9!8pc z&l`wpSP%l5TK3#eGUndwq(zNHFGQG0JFVhyRZvme%x~K1>T1xuJXTN4Oa|FoNs6Oa z>iZI)5JIES4Org$wh})ABrE8ABi1~)-^^Wf!zg2S+Dc%jX@nn~-j{y-!-wWxZjGX0 z$Eh9JdEa==_&L4@5_+caIh@s-?4R&QQuzjYa3H__g+Kgh=nL2?6TSzHwsJ>!O& zDSO*>0J8DO-j`?iJ1wBgZw_6pTHX>LzOKbC-c*$2kt~B1F!fhfQT*FPR>&aK6OH74 zYeCBK5{R3Iez~;?D7{j_h+k&J%d9x(FPLZXj88nDU8I0#SHF@1P1vYUCX|81o2Ww1 zj1O_zA|!giIN%KV4zLncoA zOT_xRisq<dAex+b3i=-lM-`BGMFmc(Bz(=k~J%l@?&Xb?K)3~o)5hlgyBX-!J@fRjI847`y&JdXdtNsg21@&$m`OiRxSI7z z%Vd6h$n*8o4Llj8)%pbL>oh9;S6}63`aY8Fp!E+^QG~8}6UK)t-cEl-X%VI$!`M8E zSFmztbscHBAJb9OBiez15fg37oQo7O6jC3A-{9a#zK_`K3UK8abtwp? z*6$`2`?yI&%>^Rrif?~imcaAJ_X#Q=x3;&SaY2FdyQ6w-E=2l9Gvw9dg`2XeV2sQ2 z8Yj#%r3>kOiSwLMA(qw8A%&dF8`=v?%^lVGzbYx0ip1~2_dnQkfsP*U z$2UI*(M9`t^{cm^?kt{X-+b0#qgjyH4QExc!4uurK7NpAWG~{jd00Ife4O^Qkri>O zE&s%~uoG>Md46)6CFF)~;`2=#U|rp1yP}Zbyb|rCq#hu!}bf`N=<*G=rRemXO5`q z7PFx}X47GLC_cF_OQ=DUDzXSyPpaV*aQNl-3^;kqfeo#U4h#=WX|J-*PmgMMX+ApC54|>MKj(&Dl;o7&&hMb} zB2iTuqzGNux=oJd8r6G94b2eeYui>-9i_3(|LG-RZXUKrG8&&~3-~oMb01&Vw_FQv zhNqIw;K3jQ{2urTFQz^~EV2hM(Y_k22h-4AWKE4g<=CgQEWX{#LkG8~iC737Tj(8Z zDf18aI{ln;8SwA7_$++;2LU9ks9w)~nyG3EhNf|(JZR@Rst`@b!WV|uV*%hM?iXWa z^$as+mrr5>&D5{6-C{=sIAeH%lY0+*Q5Uh&0iH#+3hCB+4|Uv!99Toz-A_5S5_-p0 zxVAnU)wAB26URe13J`YkGftH#h&>zV=GB z;UJ$xQafQClczXx{fN+z2ok@ii^Hn2@JFBB2jtKO2cZ!8@7nwTFSfi9=myY z$%J=68T_fV3tHFndS_Wl9#8E@D` z3#sz5Z*?rLG1=Az^P@B-;**H+E7VKv8XkZ#Tg|8H!@hYKidXP9k)M;XUnpZs-PsET zd~btnDPAvjvzvO{M-azRU_|Ed+31eUw4$hS9HURar?;=T zQe;es^2GeW4)_7^@zY4<@iaQ099!m~%bmln+=@X5|4>}&@03OA}&)j#m2m!wtC{))yBqGUN z?oSrZmegI_TVb+EuP_H6+EGV3g{%Jn(?0HR!qA4t_S#C;M;Sw4F(@YeLp9}taAzf8 z&%9@?*l!}>rc64wD;kq$MR@iQACLy2|*IIlnc2+yCE%CAVJf={fn;}}>i^$ok;wq{On=AiXZM#B*jH;fQ>$PPO$J@ro$X$QHv4Q zphZi@KZe0lYrRiv`88kXXJERBdy1(m=7Qz4fX3i&6W3q?bqm3U4d}epd zQM6$qrtVE`%7(*}o6|;JdAi;g%x@fj-}(Ed{kTBCU=p~+G}t{+kU#v&oYK$vA@yjK zhDAa;W&V9_@BXc--ssazZtvrxG@azR5Z%P=eA9^8XEw+G6*PL9yh8Fg&T985VNYHH zM6hp>&LsqQMlg_HI3Kc>vKd3<2#)i3!?_{7-84!dUPl`MwUF+|vrdLhdEbb$BSgki ztvZ>DJATrQ{+2t1pkT-P+A!V^dB3q(@X><>QL>g6=6Hl3D>Zxxr%ypH;s^g%ZRYcH z-`Jb}PQyWq!Mq&ImvY~RmmJ6*fIJwP-3j~5Fxh?nfjZ zb4S@>?DAmZoQirfOvu4UcAnIpPIYPAC#p29JrVFa7C&s9CWvW}F(C^fH`17$b6{N*!M5k?F- z^1jGm^yKZCozB_IO~rkksq~`WJxp0NtnaV=A={(xdqLb^hg>v~sN`(!S_4)8X}L?i z)?qgPLjPF!f1iDZSLzIC#Ec>yzi&Hq52}V?kyb*t-=+lB{jBg7 z5MR;G7Mfo2b>9h-9|^ey(JM8_3iG-czV1)*_VFsYM@LA3Eo-Bj26J?;MOx|BZ_7Ch zvh^cO9kAlr=Pso%ZvXjtEIxl;FQ8KrPxi}L?PoH^yo&t7JFPOEl6%o+T9fAd`pRx8)A(gEd?p|MPs+PL>WowuaUxb{Ur@1(-#BaUoY)tjiR*qH zPaO~J;XPzQw9lFkl7ao(les?x?Eq9+J6GoMbyIp;UY09!K^m%jlCPW;%oWL}FreZs zGLZK`_D~$wTis8O&tcDk8x+e@!)~X8M;@)3Az~k`tu*of}HwPrVh4xu9Fly1`sKf0tSZ>X;VSyJ46p z2&KV(YkeT+{ku>WHb?b5Cak;JW4?i{ zxNtqUApi36!yeaD-s{vDRJ^+GABY5#4y;|g$d&oZD92RFvmFec)A*E~(CK$1t?7y- zh}%yaQFw!r#R07QMro!z`y_Qmuuvb(=JynteLurs_H5e;;`ra~yA?rEi;!MXSoHgc z8yWNAZ3v>ajeoFce#ThD>$3U$d|78@cF#I0F7&6X$meU0u;Zw`G>za-lx93}842Uf z&9&UK7*XO)Ka%+vTK=(2C@rVYe62srQ@EY^i`uoHH<=>>&dAY(7$N5biWgpTw_L0Q zD)B8}X#v!cb>hPoFZMW;u@t9}Cq=vV@MWco$+kvXFZ2FhPoa7+=<~NB*mE7bFP;@> zmuYCe$?v{dTlSD7O>}4J%kv>~S$>^M=Rn>HOgHt3?)qK(UDag=?S<`%71RT21}a%KdXDvfqDXms10bHsHM zYN0WC?e_PVZ=CnZ7Nve2%-c^Nvv40HgV7Kg@t(9*#u6-|a|i#Rc)L5bt>1x@Y1MO( z9H}D#^+n+%suvNw&#cW#>KV-8w0?i}x4Nv7u30#9atD7nAZqLeT)TaXaaOYZV-B!` z4_Ms4y!ltNdjZROVNQ05{--i*aBO`Py>PP_c@AG+503WM9Q3=D2j9Iiji12HxFwHw z`>KS=2BT5Xl&2uaHWH=V@V8d5;Kt*A~0V?XIT`-^@8 z@ZXWU!CzPp@+XID17!erqS~|WP!A}{yBKD(@)-c%x4-JYJ@xlBe7p)3B&CT79GfKk zCRWKRR`^g`^I2}6G7OS}=IlJz@QvjN9Z)h|6h{insMvpn>GeMBcM$Esu)j?g`B{rE zq=G`@X*gE%L|kWxT!K=CIKvKROL`vM@bJ#Dn91(v#UIt;7M6z46oZI9Vk!*k;Ug<< z({~FX9&yHUnS4VHn*`?hn|w?|N@M$6G$TF$i{6lc%5u~WX!IiEmLox0@KxAuWtG?V zXDVBR^W+^KBEn%F4R3|wQ1G7p{*7L5?8(yniw6;SG)k4} z2UiO}*q9iw|Mn^%e@B8YRyt5+9()Q0D2O+ACjIH@(csqdKi;`)P__a^D3P zcjFi92X7hw*Q{cg|i(3bw5s6Jv@c|9kYF`pPwd* zq$me!dR}DeA+NmOevOdQB}IrQrXQ5lnTS&EuOx_`d{Mr{nSK?|z;)a2hbxKK>9|3J z3UZKtOoVq6QXP604yqMT%=ueD%p+CD8dJV| zh;avcAkt1Lt!lG9l$;H{Y{^g&roXK+Y<^qFyLxaQ!*YR$ zsmm?c_Clt8waIAKm83`$3LjZmPkfK-^L3>*?102q3KTeA4FoQ=tZL-BKhNXO(ocg` zkIRsaNb9rNJ4>QHfH2(Ap}wPXP}mDa6pXH$IXPsayDBtw_;hx*`1^%_UuOlhg zeJ8@=XSIFUPl#)FKi3@F+&p`JO2i-_xsZqNmYdoONsUIFtb;L}0*?Efeq6{rGzh2< zzx}$ctv#(NuO9CygSMBe<+0XlV3>sTv6@^Yz?^13SsBbpUirHKF!zEc5um@q$@>|{ zfF#N#2~~3G>a`QvYv4NO#q}wldBrE0O1n6x`1_{rb4f7_|j0PKr*G;8UvF z*iLY|_l!NF`F*yR=AZN%Tx*s@l(-*k8#U|p%@TB`T;!`GIeqcs;iJ>lFx#dp>%Lta zqPYGI4)QfQWF4Z}5ZOBW>IIk1<9hWjah`>)2Q(fkrhhoGm;7?U+#v_cO|{w3H707& zyHUHXfg$oB%py(#CmkJvVJTEv}|p1R00 z4)WgDj#74fUECj7x|DK}4~x59?pd5i2}r>FS4*8Y1p78ah^!KcxpBI?$hzMZ{%jm6 za>$hYrw+n?JT7kVev0Zhz=y?8N6Gt2f*}hF0n+Tx1x;G-^z!k`TX3xSrziVVqN{@pzWM)!^yP!xtpV=ZgZO0F}|zzPw3piEsAnZ~~r* zaojh!Cs-gwo<{yjs?Yn3lL%7z0tqx*b1)uHvwClrj!_eN!&G3JDS8J@W3k!P z1S-|<%EPK7a3p{0+$=v)`Zb<)9u)Yl0IqSdj@CXtk^m=B>hm(c_PsX&%jxmr_%E>S zfO`9q!w22X@%+#a+na08gchZj+)Wiy!Kg&SaAXM1Gg`xdkTI|9v&4tv2WmMnOh*q7 z_BEYfws9@uD^XHgVqXD58827cfSoVp^ytNh$;^A?)~BuLlUV~n}*t0L`3in z4HnqiapWe5i@p$Bf|;y=0O|VoP+EcOAo}mciT=(SiyjpODSW6Ezzv+6DGoxt(Q=<@ z2l8}9o;xnS~Hp|FnvQ~^5g|plbI1}aDmFE)XkfNR2t~3CC;uT*C67jff zicoEu5-f6EK!*Vuc0a)do?lal~Uz>7c?m(5QgRy-jKfI+8p?OfJTRX2?~ zpW}m1SJ3riD*w3k`pK)Wtj@mbw>$KUn+Jbayxd!b#lzP8lGK4~ zi!esLkwsv)&~EcWF}616+yR&22XFMO+F&H52U@!Oh*xg3YA6Sw-C?Hi*AF``miWDV z*Kt%qG!+bn5kLo(E<+1h=?3HiWwe>x)II)wX-^&MFEa!_d@pBmwYr7UU|Z#OfjH%8 z9sATIF7@4LPJgaxS75~3Md)C_%|Bc(>G$ksvqRXuN{!a=)t9_w2it-W=o57xt|-^b z0oO>0Ih1#Y%h5s8e;taWCf_JTM1S0@diey0%tS=0F^Y9H%6tsVobJs}hNJrM;cUPI~@sLHHHnLr;GURmMP6R-VyONcV-_q|vc> z+^<#FccuTz2J_a>o(^>`S3Jj}b9xZWRxZfMmEYGoh&7{qVy}2U-qobiww@7QyRVS; zqx`|PYn-%?wztTd0(IibyavGPC|)04`u6cu#6`_UYQ6KlNy>e>AoMc@UGH}&|6KQNj@unC5*oDn z4LeP40=rN8T+xxpWt{z?Lj~hv#HE)!dI^Y2dr)b9Yihh zS)rl95J93u!d$Tx2{@Z^H=~6)T|Aq9*?oV)+q<&-2dke@^l*g2Xnl~Fl3O2Id z-W;BRQoD4wNWKkK)f~iZw`x~3U@+dcHm!JT4L4nom`Ra1vhczU&&uNbSWptU%7&Hs zWWDA?ybrh>GB!TPmQ{8snuSaQ8;oW)g-vs_Tz`jmnE$E|_bM^$Tw7-@4DlP`$N>R> z`h0K$h!veqhvg2`0uUqDWRx92dt8-z`rG4qM&5lm7=0?J+w7P1=M;C>6l4G9i%7^X zI(6GqHN|!A^mXsRGfs5EG8mf=5*nO$ws;47lF8pt#^o<16&2eEFTd&2JWy-4uKRF% zO~=>IP>n3Dmwb_Dl0xIg3O4|6P&#tsO$jmPrroX=4Y-@)>)Ri zcMhbjeX;SpYlTqU4!7h?ZVyJy_QVE1oI1Ue-@_kWQ)@}crh1(L=*=^=#S(i0K4G!m zeFtuwo|GkB%W^B*bu~kMA@8qO-`i+sbf+|G(HDMrsjO)V5l=O0(4~%d~p0|%TJjX3_ zTSxvZEWLw41baR+T6%f;I|@=Tq+QO-Mdm0w;Va{n(1mCxPe$r9 z&lS?!OCk4Mr1+TCF2e_$f_%I>bJvRd-u6Adx@#oV5Ti&;mAi)I@ATpHJzahGHUnJi z55J;ics3{W6={|eRKC^PtfcP)&Sa{noAo%%2awF8NlQ7T5YZ~NpF~5r)QZk zC8h}Byu(?@4~}`}UN^;yN2RY%Tz^)z&4nK4DWN9ec){fg>x)yOW}i}-w~^TjYj5Q; z`eq72vpGS1V0^&%cKJlTE*{1}l7OvOf2oR*6kVUnyoAq!W20_t?dUGfZGJSep*n@H zHY6caWfo}(h|BZRR)%z=3EPLPw3EdXBuiq2RtNs;jqY=TApH;g-}EELfW%GgJwIKo z;r1J%I*@|wAOkDZntRX)^>R9;!PJWPidJRXIjXELK5S1q1_tX{yYm*!h@MfyG;g!F zxp%)NLBnsm>o1lw!Gv~$QYdrKfEl5QJ-WmyPuf zY*mrdwAHRzrqHCdXCJ(GA9#N+Mh%429Od4pzu)V{zevwLW;`Ytp(4KRl`IJ~+d*YZ zgoPFZY#+CK=7hc5wWxm|wok2+80Vdx=^mS4%BAMc=Qycbk2 zAk~i$YwVlU{USxkOWN<(+rN4p+{zzp8QRXhTj3a#T7BKL{aqqfPvg{BvulBd!aMc` z%Bef7gF~(9L+Y;eNV8#ctYil$$BWhC`Em>0Peu}(=K&L6>8F1b?rWp7^{}r|g@TI6&_{Ct?e6k3iIijCPWIr2kUoi? zZq%;zOFiwhd!UF)oBW=68G0yj z(oamT@1zmhwI6T%TQ@%YqyX-vJIba~&Dxo7c%a74fx9Xv?X-CI+e4xP7-PRd40moF z_j@vl$R|ffs@d-W1`XnJc`f`NfG+4h!fc!;;8^fF|KM)ptoyj=}T`?Hgu}a``TmCP14bm~Ox%uge~y|Jq||^n&A5L`H;%hXAvo^M7(4xvK3ivJNN% z$zb)OZ-m2Zu#d!}j|TLd;0fKakM19z@4?^q>{1xpX+)*_@3&~m@3=Zpg<5`1&h5Qo zh*qrCn=RUyb0^lv!UeW`as}Pr%k-NX_(Q?i z15;UPSM8UagI-Ke-(RTfq$1q;fY=7|*USO;a0>zCCq#QFgw#$?oCr37cob)`Cy2YP zsdsJEu|c;(hFr4t8kYdjom@GuqL$b{3}+?0-QSg+ndwB7(0FF8YXReLbAkJiIFZ|?qj8-08RV(Iw(0Be$rJo@=Q#rw;-?jC3E0$qf)einUN(YXRP4Pbx# z#}?-F046*6?H>FQJuz5-Z6ytq;utdF8NwhgZ@2_HP1LI>MRR;q0fe(~++mM9$@jK= z(&u^c+2TYze+AD7uCXVu`Mo0gmxl^bUQOF$ztv`tG&5-P7l`1zP6P&6e3Z7w2xigaQZ9uDXy;b;~}LJpdFYF|hulq%4Z z;pIYG;vfS2ZQ3Fxp|Hl;9=5W#RMfn!TP#OBA$xQ~lXIUYw|0*n`5jKoCX7!X7w*M` zx7xmJ^8D==4`7ko9e9C*(KPr51RwSv5J?bBz^`7*O?uPrqvSQSoYZ&TtQT>>$;LRd z;!B|@DJ;B2D<`A90SOCo^y%Hlt}U9_w?JT=0r+C|%TA6QI|6NumF1}l8XGb5g(M#fCea!yP1P0{C-Fx&)`x9xP0LIQs`dM zngAwjvNRlDbYb7*!Z^KO)=KGgh?)VABlJC*VjqGW`tdx2JoWrV25e-H&gA{n{+rLA zH~{}A&y}L0e&28kf{y*-#K{0S54XI;_|8Xf9(Eo5+J--mto$>=mZ ze$@W0*!#U89T%b+NeC0O1xCE0E^8L;%AobkF{ZOaVm?jC79At!& zAR&HmI43dwl;?9X?JU-md6v0=d=`e$eDQ|lcv@d?Ngg9wSz%egkFzk}xptUAp)@;f znOFDe(VH4s5RuuUN>0sN2Ne<7&*2K~Q?T=n z9|60U>s2n{U_kp)1{<1)I;*Ld8Bjz1V1EbTH7sJa6z((ZVThB+hj}qoDU;}}DdXFH z*+k)HapjNb^QqL+4w!N-ofoBN;UyeYzdxT5`TXf!;z-;9)G{9Z_Ye+U{`ek!N0+nj zaxSTTNELsZ)>mN#VdX!hoQClEt2-VfF7d77u(AB%Ts_;PSLa*@3qX^*)8%n3BoJ%c z8?*vj8D`HcKGqdCk%8n)|B|}m{xNnDNkeTx<23O{j?@RC< zOxzz-@26d~8t7{EbE?{k{hlIdw7lAP;Z%TcOsGqBe`E|{(|9o~D(UC4Fwwgv`+)z2 zKa0HgUvj@Mu0(Kqj;G|8!#_5DuyL2mUFvHdXeNj`)m(nK{kGR-?jFT(I~dZ7U{d0U z>%qj^<`~Y`;YgXL{|mDptVs5}D*- za2l_MzsB@?M+a%VXGOR6)(rtpKOUH;+JocK?pOW&OWm>?aW!gvze^5pf#SE%0xkpN zH-)F!&I?icErBK>09>>w@q=_eXdwC&C}YMbo`uq5pr3+IiZ{avWumOwXIG(`k^xLA zum#xE1=dYi0?OVopol#QZHE{ugmCT|8P-|s-Av`934QY=5H}Q=_WO_>X_zXeV3>K6 zSB6{PkTeWzV<@7Y--vAr35PhF>tC7$3(cGkTLw^y=ZV_xubeOs%~szsM!}>+Vz8eJ z(jzItZKfZgaI`}&g#i5=7T~O81~u*i^(+lTXoMXkY+sg)jb@&N!Z!&wz5Au(IDoH* z;rvuLNpaT?_^P60)C93=AobFH=f8wmH&}S>-gRL9g8GuY%H`5dK)StnrRaR#8HG1t zrY%V%CYf9nc_d!n(R@C9Nfmkp{rhfgt_3TV%Lth@!(m_4S(BuMx6({HgeC+Oj~1@{ zvFut0A)F2Ou>aMmCX3&c`3S+O)}_m@M?+&^3udU9Qzpz`rXKuV{+T?7RoE(#Xkq~fx$HR-ARXIo=%BMa&GHCB327<|0<)MsojUG0f7_awtRrxe8P z7O?VfsU6#!*+az7(N9m=o9TvJp~m{x^Z#kH7|$QAY<=`svTc0DsKD$?`Ck8l;`48v zL$3}mq*-nhT3)o5k%0AE6|X@=e%~)z&+cYzfTKMv5@VWwzTmT=-$0A_D>fHN%s$X3 zw0pC$)8{jI1$XKlYP+4QxVF5+#{Y?nWH>})jAA{)(Hyhq1kV`#jjZSwe1 z(l>qIS*GO)+pQ@Ik?G<8sC zd0re-Pgz;GFYip}&!j-a%%`{sH01`YzJK<0p$+D;}?$7#*~u2pJSiw z`>K+D9oFL)Rh;$_eAUE(&?Gsdt^t|u@D1>LXSFh$m7i;U1eLafD77cv#m=a)bC<{1 z==`GSt_CM#gcxg~j*)o|CpT}!TV|6ab71Mu^nA&`gDaJ1)-o!9F+L68aAp4^HmmTD zdl_%Lc(9v54lg(^yJ*@AS0MYf5)ig`t-0+dIAs)`L-YBp3vo|(uHwZy=a2wHoE7eS zaqpZ%+SL7>u0UzvTL&Q4d)|orF8=iFcCJzES7Vm~TS)cnmbe$L;5tAefz+jQyIi9EKG%%w_o3%~mlCZOBb)rgKGDW~P1p(H z0@LU;ck6~CalwbV8e)j}6U6#r!ws42v)94=kfd9R5S!-iXGjSUr_}zJx$eRy0zR#B z<;~;i<#x0Rp5o8Oq9rgQs0Gs)#r=a%;f}rRVtoRAS_p_rxH`~uVuZ3F9^3Td9pyUT zd<9K1;zw{<_8_xA_1Qnd7Y?6JnJ)OdIKsRP|IcZryc(x4PR6^2c26(BrRL6Q$S9QP zJ8EfCUWczn1kH3tLpxegR8VMh&G5fZh7$N6P=WNB@eOH(gx=-!g!%C$t?euXpQTI2 z?t6URPVlZ0Wfy&I_=e)W>8pSd+Sp!R8-VY8fLkg2Aoj+Y*HHKOfTi36YY2>)4enpQ zFp9%zF&`9LeLbM#sVxX!k`EL)4a_ydSUf zlQpIAiX&^wMP%vPyIo>%tY`DlsD9iZZb;@yz(8O7*&`j=uYp#1>wW1zoAgCmRty)o zV7U*f)Wc7Ppz%AwusG{~k+SAD@h78g@5x(tG=x^awy;vJ)N`m65JcN=7oRMv2UCmV z^Lx3tFB=$!70HYAdooAtIf(S_sM)vH(`$cG2^%)xpqjJ|7NK85<}cwWJtiP&_@aBc z`Ej^-^~Zvue?H|B1^bv2DRV^KEE# z<(YBJS>@gh@#Kd3eu}s~qA|C}k)+<@Q7Ef#@gk=|XF~Dmk?ZHq3p@?DHiI!Q)W|4OE>LcwlrWT z%JC-O=Zix{ohW4cz9&LzM0F`IpG-Lb1=#v_hu0s2g1~_AZZDHf-;E1%>s#Qfjc)Iw z`0+u2UlbnVn{D?o_pMs0$aj7Xt7?rjIkEzOS$@`M>#Of{T%bo!mRny!mGO*%gv4C` zp=?eG;p%&yFe-W$D7R|MtY~ZJN4mTTtAdo-u_YqK=@SkO5)8sz+v-GQ1Hsiu2l#xu zqhaPgsv9YCxNUz!(KsF2HYwoSJXTjAK5`2ypJ}gGXT%T;41Jd z*3c_`-kD83ET!QBHZ{H?1{zc&a65QsYal>B`!bW-T;LwUig-U80}SE{uggmN`G|lH!1I)KIOWmB|6TV@ zo;e!(fruHUjqdwuU26Y4>sZzq9LYH?bvi-*sLlO+2*)gSU_vr8_lJMgz1vgGAO^nTqebs>v99xX0G_1;8>x9-A!g5aOfvTv7RE`xK}cS|Zf#Fj13vodNHCN8^N9JRZzEG& zSbT%78$n58{BaL@gUqR_CtMO872W$vcF%-g#hT>P0q(MdNMWDW=-@M@+M)sX_Lk}! z&qI1lERsv829ML7y`Jx7(fX=nuM#wCp(A!`V`^!)y=k+YCWA=pl2bMI!97(ZXI{o}& zpB-R(57^wNYx1^V%I@JTQ~-JIMV(9ANKd$sj$P&xA1_+DMV&&^~w9BQ|n^mHpmAUVyVRFX{=tDCc%|-;Q?48=qnXsGRvDv2{^pPB~90~jy$NPeu zsd1~$J$7n`cYTM`##k9EG8tvKpdY}*(di^2N*b@Dalfkg%HXnL)^|~j$JDs@9$1X` zTjWisFkkf;Tro(xOgL&f;15TCvuO^~qY`@4W45xP^2W6w~s*rUoPoR?+Kw^TydcP;?6j)-tC zbe>VaCO$<2fmhXqL*z%7?DIZu_vCIRYFT5s-+P#(xI*Ecc*c-=z_aCK({B%+Hl6o@ z#&A3$_-o=}e^YX1u=sKLmtR))P0yc6uIaTSKf-CxE}WkL_#mxkDygl5&_qS zl(y1OU+db2w)**;nM~^Q%dRG>z$ffjClZNDeC2O5I3A}DQ~JSTsr|UCfeWa!evq+y zZQd1(4iz7}hVTyF`u)660en2)fwi7KUz)3vW^x?`-0jS6PM?6}E0L?q=lzyU+{vD7 z3Wp=K7Py0m95VlvC#q&R+x4ARP z>SVvjXk)XOzO~v9keMKTK_jp~--dU6A!{`G;F@4vVYvbB{C=HP>_{B7O#(DNN5B9WD!{k==~nEc$Xj<+1SUnI?NeIux2&O1EJuaO z-4IN?T*WECo!~)9Vj#+&f*W!~qwNj)rJ_0ecRekM*u%>W8Y|p2t4py2-_)W7FL_Z! z-X$0Iu#aa08mCu(4-<_>-yz9tK382J8X$cnCTXDy$poXpXc&(`+ze3L=R{%Xe);|( zU!M+A8^1@@F5LE@IPoA3KV71ZA}igl@KL^1+Wi8u!L!!da~Egv;}|T0Wqv4&wr<9q zdimG!mCDRLr<#3=?@@^751pe_jU%8vh6Mr2&aoUFFV?T<4pf&tI78?+%F2tpc8^3PUGGMt)TJCy z*g!dl$QhR?BmH_~31CKtOj;AzP!q@}1eloJ!QYsa_v!(YKMZRJ(Q^9Lt3asi@pFqG z(kFkvC-!Jvpa9VS?!Err!2Z(5&xL_hiSaUUGT}7Vy~fR1Cb7HW5`C<%Pxc$74^Rmx z(ob;1#HA(|LN42*F%h{>NWZhnD7^S27q>rJb#&GEIV?!n&-nHV8dcA%A{fSc)(KpNt$`E{8!yMKp3d^Q&<`1)hMPq~_) zh642?0}emOJ7u!(d5_5n)?9&u2hvoX79eBMtV@2u+Ya(V)C!$Ec8|+KDlv-9nxabi z!U(m`zF|>A0H4Q(8tD0kUuL8Gqlqr=Q6V^8lt*w9T;^(2_GZ=T$2*Rzetw#;tS%n= z2}LM#d4BnYcG7nqpMTEYm_h*I)i2Q9ztyvho2(VKfx4{w_wa=1!}m19+V%xQod|a9 zY(yMRvd@dBDNGC)EY7RvSc{w_ESl5T^^*|-3F@5d+w_u|2P7uxA5519olF=Ud)Q-k z2{h4RAL!rTBttuXIS+_hyFQ?Kecf9=p1#i!!(KQxs5C5t{{9NV)edu z<<~CjZF-#))``TG8;%fCO3Q3J!uI=l&GVRmXl7is62w=VqJiNt2ThYV$zlB#Xb7=y z&ic(_vovmhCZ@mWNbai$x^9*=e=h;>_?oj{JXrOB*^koK^o2#P1>djK>2eJx#a@f+ zPnbk|NhWctd+-iH}E6hKT=7g7p z*3#4(^Y*#q(7eL=dokHBpBYrtgR>K@JhmhAI|XmahEmXkr$kgg?k7PUA_x#rGjx&O z{U^QGPS*$YdzWYsn)Vl0s?z@)#uoH;H{?;Y>36kdcF%~wuW3Z>%_?SRMznc@RMgh3 z{2_9F7j_bVjUO{?bPdd3Y|b!LLau~&vCyOb)fZmv<6+@dY^3^F;nG!UKL_S&fePb2 zd+NjgB{Wo7;_Dy3M+|vkgn_r7kz1>f1|nC*cgXzRhUPeO}h`Nr1gbc?<)7W9t47S*;ws1^q)e#t{2N>g^4#z~V=u%*$%kH~X;l#xgEi z1uE5#(O*&N?IOr?9yD~8%hDyGqHx>Kn6|b0fvf~vH0RB{S*PPFSfX7bIKUz0Fs=;8 z@x`maR*Vn1Z(*JLaf6q+VC348YYpdmww5VR;RwmK+dj@7=43U!Ep%g?8o`zJUVJc! z&B_0|4Of5@Fl4#lT0aZlw$i?N@{;AyjkrO+`1*#$_MDrueP2QDBENAC)o2d6{J!DM zldg!O?zMaaN2QkE!>!bxbvRxwaRoHjsS!*gz3rag!trUer9g_)me0W{JDTY^cTTdJXcc}I9xBLW z1JcSM zA%rt*oN1kJ^-sd3rS~HzmkRd$dk@zGk$oBw@U--?pW4KK1A05rSno5!oEe?Sw>?<> z$XoT44!(wh%zmSew@J;ShJlJL)9!$BUt0I5Yvd$mIWH%e-ME6ZSg zF8zVQLy@d}N%kB*t^G_LeCB3!Jt0&L!)_Dsdja1TINrGS{sDZ2b8i`O7j{sVfMki( z$+61d6uTM`U_|(Br1zVNAF{u3{%_j^{-FN$JY>I-Lk2J)&BRNay{<|AaBf+C_%q+S z$LcZsGuw^s+Ih9OT|ALdSojGV`<`N*102*^!+=ClPSJ$B{wXR_e_l>@W!Vets;igr z1%7?n7kG=8A$`}_;NXAu*I!Onl)oX)gWnVGduq7-GGz`vYj|X9M6?V4zNf>7*NH5J zC2zw0p`Y=xb=x>@VZhr2^eZl%$i*oHd*h$`shFvlpfvuV0&EWdnj)I_dk7Y@kKI-~ zh_1PRp#hziZL3FDcte5nC?0}sS@t`Y6+Xi?u+2oeuDlrY*}AA=GUml`LA#|kYG#K0 z{#_m0JwUJe_1Jf*aZ2M~b3Y~iAMpO^W$_xa3jB2{c9`fsY9E@lP)GcdV!=~hS&}z| zv5ybDjok7Hsm6XE=vT&}n}ERrKgnjtzOXX4eICa`*w6g9)%iy}s}GQX@TWJA(H`Ur z98>6m77Lv)otJ(_Q`^`F)r>*Nf39-9JPWd3U;E{{o`i1i%>xQ zEyw*M-ylDR7OwGN4@RsU>oj`L`v+^>A`!d0!F2E>ejXuTR12s21UIb|S0n6`=i>r3 znb~ZV^|7pV>i&g1-z_Rw{`qKva0ZkPv=YMb;=Fb9E$Z%33m{|eFmrwmK2vMmxs7Fh zMDTE>sb5b=`cc1P)OR50P@3kkO+%c@q32=b!v1kpbyF?wzozol^xY}TTwWgcSdh_D z7bh0ow!A?yLBei$n@Tv(KxL3S5P%kQTdC6g85n14cw%Y`w@EVIGp=_$?(t}!llaM} zj)%Y8NTuDu%X4qqxMf2(wp&>KIkJ4Re_I`U_SpTpOeV??zd!dX;%`DDFyMJep*q;) zGQ;EgH$sM^XE$S_?xT?9GiUDU4_9C1^WC4i$^TjFe!Its+@Hs(abyf4frTFc9?5Z9 zSPLin2-sJn^iN*l|GW+d;hM~{-_kWR3CL4Ia1W-g3t!SMtReVJnu651QSW!ucScl{ z-M#q8!wP@Ls**_JOjP6UgrgWAn5)6Ra(pV6KHV#c=wo&?_Ku#1T9HSQYote68*siS zw~H=&;&XT~_ssU$gRGir-tyDita)>}k3uu3Ip>KRLwsPq)g1ft?OxoLA!4DM8T9q{ zdL-+2yS71Y{dj1Mv@E|84}B-t3G5+@|D+$>8cdk`j666?Do3QHN)Nn5u2fROCPeW3 zP>bQMXYDgZnn!d24^pF}+ND4o3c!4=ru{eCo|AqOb&{-NAt0xtxqPS=sL0ZbXwP9m zr@Wys7!~g6 z*T&@z$W@@InlJPG>@KM#gF$&=9v1x@ zQONB-m-OXFXZG5du)Mo1_iYuU@<4GHW_roA8CX;v{iN%@ppVS0!Nh^IzrU~GE1e~#eP29o6O6ST+1DMeB_IGh?084r zexVE;bj@k}yRX9=tQzutI&y#ZEnKs4_IkMK#9<-!W|Oep?}>#XuFWH*^*QjL-7LhiX1YA#|vu!kq&n5>s$7Zts21_U120n!7+0 zViy8cxTTxlho=Qr^{4~=a;Z;XM(MCyzc*;!n&joXXCF)o(3Z$Mb;7^j^Xf$UIHaeh z{@??k{6S2Om%j;a&F1UnP6Z5q9UpOlB7(JU+M$`WR32be2sb`T!8%-17Auka-R08+ z|3ZHQ8?q>FL_Kt`5-^6#15P$|UY+)jnbGdp7Jq#eN`{7iGrew9x>v^q0i21Ovd`#z zAJ^m{{uZQAW@j7CSal$ikvM@8er|_Cf_#fa1x{o#AXig~NLdp?r~PzSD2XDJ6$fIl zRSL3>lYD6~6H5>^rO z%YotTGRedzrz3 z03K*<9x9IXdeX*G?7-1othxYM-uq)Xop!(T9)e(;dsUzBr+iqU_ZckICT=#Ar}BMG zi3$qn2;67oo8>llTBxyWlIa&u?SWK3MBXF67MgjZAwh9u59r(jmhzGg{ox1TX_F$xb11V3P%5*Sy*Rf5B~mmgn!ql4Vo~MC1FXjWT27tqIyfeo(lbN zx&R-nqnW{F;oVcaxrnZVyg*p3u-o5IjnOi9N45Q;;xl6VjVp%r_$Pz`2_GDVH*`wr z`udknUM<2weJ&4h<=Or4hGxPHyHmWQ{KTxT?vFF6^?a)QnTZpKzFpQ!(_WPf#!x@) zQC^+p4inr9@gveFQCY(!-&4(Z>ZPC!n}i?d(st|H4GOa=c4qha5x2q*Y{~|<5#g&r zZQ9yZ8k9|HPgH({^u&v}IQzatjt;D6eD7I3B$WsW>jTCTQzVn|<3ELw|H9MVAb4@O zYcW8UrOR~m$(ZEm3+ZzKecIeS?BO%kQ=S@so6-2638dbrdVEa_PM3IYWHqDGE+Y2) z)a}&B_d1ER@27hQ40DO#MF6c?CiwO+nZJ~dwvU;TyES6`Y*14y;5K`DJV3s7dCUaC zC`b5jl?AV!@mHIFYIaYy6+piV`A*y+?Q)vkbJcxMF&F)?nzr8e~v zdSXujiG7P#M_3&- zM^0tR-VmICFS#wOp9A;W0%G8Z=m7O$2?ELE48edLVr^$a~;*_V8~0j1f(KDmMD8TaPF* z;lhS|)84(=xy4fG?&@ZEVWZ@x)XlU$OYoo%nh)QpNnSV{%p_KbUNeTi<=tbOtNBz< zS$H~CESs4d^dC;ART3c{#-2+C`aQj}FL?NpAjV!K(A3KU47S`bTs$-ZH8i%1!=(FP zxR&u7dm)Gx_=}%>Q*mXUDK^nNrc1MriYCjh%Z8o5H?&e&2de3Lz~gqsh)J191kgCb`w92@?$e@5H}KP^Ae+Vg()Kt*NJ>HjSFaGDmMu#RnJ2s@2e+ATa-T(RVF3>!6(>UGbM_`g*%c%v)0ebE-|17=~^ zoXeLLb_EYAjwm)!E)sQOR_103bB2Dzd=R0t12nQNpk(+bE^*cFG8?D_yAPyEz81k# z{A%wn({&PHf^NEh&Dyyimi;D+BrpVL=>dwcxz~7;vRJG~9n7Em~R60d7(5=0Gxy_NU&$@z|#3vSUXE!C#{jk5Gym`LCK%V7WCAg_Y)j zcd89{G?J<*oigmMWlH;i(Hk)HR?$ftbwRlAnI9<94mF^TI+IwMVeMe$EUb)MHXY*w z&$_$@cyWapx@SQu8%A-Svhn?2pbuPC* zK@#jjeGh;m4Zq|L!=v!a0Gp2DiU~;;`SeY~N0KP&psFg7r!Vfs9+`JiQb7nEIcX2D z`yKM*2EPIF-jr>wJ8S>kfh>g$pw=L!TWwk=dQgY}@;wAGq5M{Ls=t2L?u}i01;CO0 zc3}8|-3SrXIFdaB?AZkYny_c#a9-F>IR)ZXyQUHv7$1i@eY@~I6-Uc}7zu2XVBmN= z+Gh@GidIf7?}wFPGPG$)@>n#L@#`c%Xy23se029311!3^<9Vzc|M*imFjeVysXdpac}c=^&Uvt!2lSy%H?JVR^~U{%H)!pK@V(bF zIpei8Fv!#a8bUbmb}`Z*Gz*_ATESC|YN%adub3;!=Y8aepSQ`;r>&$6QlaeEJ;UJH zHrJw-6gFOa_zyz;nhaGn35H|!wJo9u^dEqMqkM3mZDkR#AAyobs)+^h3vVbY-X4mp zz{7;*tw#rvEGH#mbeFxYFkJ}W-kjlg$NBN|>rqZ6>xmX~AH`4H9pH$fFWdT9=SU-y zrArKf*!F8FZYn&?44XcMYIuE<5qBd>~J=}~YpOmDXTkh$`QGiY&2@u!}ue;>? zT)1&twD0gd#$sK6gd{yj_E~@5#_v>?s&8`7&-Oi%QD4eIep_Fa1-}p3o<4Vy)`a0E zUw@A5;WO_UrKKdc&w@2a6p1s!cL)^1ARI0&`!+i6Z1DW+zea=V( zsB7|7z^;Uc{Ceho-JVfIV%a~xm=A)@0&8A&Dpff4Wm% zv>8^+rHf}UdqQF#ek_B3u1B$hBIRq* zOLUgqd)iwRo1X0po3m_HmJdNnFI4oTZpDm<1b&S0zBu}DXrOyidE5zaL@~&mK9*4` z4|?TN-NE5fJ&RfSf{xkxeVo)K7@_aFnZBk)$sbc*$d|TC|75{;J?DvUnxJ3~zdM!3 zfhS$>P9`ft&Xitkz|mzxAyT?db(!kP8=Sw}-d7Ud%kdyradpYWQ*~H`?Eu5LU+l1Z z1;>*_?fGf1Y#Q~+bU(j=DdJO@kiUN)dom#-eO%3K>svGk^GhFF)t;SaxtQw}ZQYwq zxk)EGKi;4_n42T;p5P0sVPk3l`aiRVC}>U&b?$vDu31M$kDKp>0c8vpbETc2jM*b@ zgu74DvAHiqVZ^7+xcNDmiuCr~!_o4^ON1?jYx-zC%*)1ywk=R}E!*#6(4m z-nXHS`A(c*Uc$p(Z7ryw>B{KyRrpMXt3uCQKnIH=9WVby3yfCia@9{8O@5X3I%#WE zKCyJnr$5n5HM^-!AE$?>KnJ*ZNO;o64g#?^>SL0~boLESu5aPfL-WpiW$=pS{oE7q zeZj)lG75}|An(e)SCNwmj-<)s$2gBO_2?8uY*E;RY9O8&pLPODopUzaQXgUT$ygO2 z(>d9u(rMeaB|Tb+lw#Y==ZSUo4lFCh@Km09J2{^`dN3@I@J`>%)8gw9wmM$(7|Zg0 zI_0qWOL6h^ukr&^V;jPD=H+%zPr)_A@$D$YQbZs; z9`cfZok2f)|0J<>JsKz7=tlbJ!1!?;W*dZy8;CdJB0A@CtRL?!UkA$DpHKR11E{8n6uGPVj+l zvsu@i^h-LV3gYEzy{XoBexA(z%*x&rKVrt*^5rN!x(<6CF?mG(grU3(_>;tMj3Of3tS9204f;UFZDiBM~-9n3aK_s&` zLY9zglIC4pvgt%EH{nEL$%KE8VUm?-15Dk;hLqLY!hOS zRHhh-F4z2nTiBBtZ{#Pht|NZC9&l3kr$PFR30%jShmqrt`rF)FB!K1Z=P}L#LC5l% z;|Sc6-+Ehp9%riXkR0b%m5ukn{uZk^8FQrd@faEdTYPasbr55@( zy!KOicd-MXW)W9PyoSyV?CAT5)vf}k!FcE-W!kY@(3+>N=afAh^-_F2GVgRiZfILp zkjuUrF!NXCXbYHA9E1nM=TEUSg;1YYj zSMccvQzgP{UhAzEfHZRe}21G|aWBdKS68Byf7C7n0@aef7_ z0SpL<_bE6Jy&?zTcD>QYw{^t8?|ZfnD0v@(-fyCE@7ME9xhJrG>#y)JQ2sVr{XU5p z5q)Q{c0FQG?vE8xY|Q2K1@wgi3M3O=1ITFQgoRP_JY0*q7L|03EbRJd7KrD;ol3qQ zDreI9DiI~RoH}@^-d=ydEHgY&-FrBU%)O$>C#Ih!s2AlG>36{QTj!}y4Vf-aTg^%s z1)ZP&Kun=yL<=`};=ELjaKvWYBNzY(Sx*(RtGQK)qXvmZs%iA=MWtxo&{TjG-TQr9 zPC0^ot`sD;s0E&qwoiY|hBC|CY9{D_J*A`p1&^N1^oi2HDY<}32M>vJ-0`R_D8wR`nQt{WKNMWEAL^=ZT4 z_}E769DM6yT-5=uSIH}L)_elfTs`H@?Y018HHEkSe(_82)HU`3J54N5S$8NVAQASl z9%wH7jg(Yb2=oWP5KPj>1sQw#-DUPB5bCj7;!=CayX_MQUQz+pNiE^@YXwVA4~cKm zI^=?O`DzmES}fMzp{!t9)m#N62;uR8yK{dPvABH@mUU`05^4sxwU4!wfNG1Ktr(m? ze1!T6aL*uqx6!O!XBbY}Z#~Qw^hoWT{&Fi#$xaWioK$k}#<0C}L|O}~LiNXrir!%I z{~-1G`#QbS1dPIuiuUs9=O4g;K!}LFUwE_rJ1n(QJU1bukkMFtsd^piuN%S;rp&HZ z%Lt&4D(=Nf-wn-iH(C|4PO256US!2AUD_rNi$zHerp^&5=qbY782S)&u6jL?rB3{E zI}Fzu%Fa5SlU-pYY=tc_@$(#j-|ZytV|X$IBk-ezu6XakKxys>ul6Wku%A)&H~aa@ z_lfpiW&woYZvcsZ`xK^w1hxAjBxH zm+ic<;#-^FL7%0{fYn6*OxM#{sVnZ_04{QclY$ylTMG^JoZkSZk`mkKv7S1OHvB`OMzO>DN6)!%UAZxy%hv|N~!4$Y49k_&s zqJT>GcR!%-qfj&7{160)AH~9#Kb~;lh&L{Isv25a3NNul@s+i>73(Ey z<9LxC1Hmz6dO2Qs#`|ni{@ABS&Y#?k_~NG^`^pUQ#RA1QyzBxc52$QHYWc}|9W%@P ze7bZT4pOK;$02V0aClwCy%%P;2qM2fQwtq6j#v`dVEWDwwWv8Ftu@cfcM;we@#mYOsNZV@FdntpnINq$2HY24|>@7n6}UVk@%B*5g;aPSqk z(d)67xg`ClF_F1yYhO-xwLeWZc`<%_II)0mS=Jd#2b|^M32HW2oQm~95ImW%EbWpN z?t^pHWZED7$!I6T<+K;7TE0?P!{NS~93{?|I1+od%gwM$=K{V9URQBg0`5HV8tESx zo0JMPG^0YMVF&nq&L52G?%Z8ULl2`ITRPm4v8qWSJTX7^atontJtbHb2>L#%T|B|!S2@7iWno7EAx;6LHYv~hUuSB+ z<#lh+&HMB8H^RthRykgEA7oa%g6lM+|Mas;_N;ovT@GiUK!8W3I_y~#dO^N zci~U^yG2KNf4=H*pYJZ6$CpDR5JW}i#H;e|jYMgTrJ-N(SGv&Ia8e~>nekG71I)t5 z$2cSOpL-`F!sKdy!kc^a`{X`&hx}WIEj$D-SqTmIDzme`NrOPzi9Zfk@#U_(t)lUGF2lt?b|(P zGd*B0kNp^{?{e=b28r#UfhQF~_N$ham6$3JE6?=|Z_+3W_HzB)&+fUvV9{_NvX12& z9&P*ek~fa8qr6ql_C)wmaX%$bWLaSHrOxRGZ=_FlWuM|ZLv$&^_M-F5yJDKtH-#VU z2|E;~#_JFlswevjJWKAev3ti8p2F}+suo)GAu`o5#{)O^z@kC4$Zae=N96EfU;M|h z{<(|WHv(41DvIYv;oNPGc_%QRteyQ3$KHPtM{Ii_&xBx5y>K7sp(;psOB7YkRSTN2 zL|Rbg!1h9!DziXStHAAYy3##`#(*G7iQ8~{(HGs)Ntb_ocb2neP)^sxv}J;R=3erf z&;(^;&|YAA+uqR$dvFopnsBHd$0Ktu&S&p!T@_6}Lc)S1;n-t^2UKSr-{>UsOHC73 zjy=Bp+a?`LfU0k_d6Qsidp@7YG{CDra2(|iXfi%Anu&STg7xse)iqgv&vtS_o|v-N z51IRPlaYGatXMPA0Z^VE5*?VgH5`er;@b~NdH$B%u4x~7Z3M6u)Y%Y{izQZ+<{?6q zR$jobA`&a7#WN_B@7EInzP&^vy@%A=Cl{U=HqiWi82kKW?0D{7Ixn)|k3(cPOkU0M zs7F^ZJC;8+S$;i09fZwcw$u2ckBBe*ewSHWHC!>N&O<-RDs%YizH|z=(7h^9a(dM2 zo`u_+-aomuOkwN3MPlx`wGXr0|uWvGp%^i$;)!dF`y|K zgUE=`-Ijx;+WXtFqvB&Zj>Nn#jQ8GC*_A8AF{e^LKakdqUrEbeRpC=_Gz^kL+V0an z!fT{#{-qOtn#FOt0ES?Ydh+DxVJHP*r&9>Nor%2QUU5*BWwY*uq2B75bC4SB`|D?a zp-M^;@8SDE0^VlkNpq?>>~qz(HB(KzDP}$9N#CiLQ}=#P)LDw7lkbq)K4{P%jK%w= z;T1@GK3E`sfnp1Z256Ia6nd$TCt1C6<<$X=mFFXD)=hybD*s1DjvN4%h{bOj_U3UcA0FRkahP8j$j^_@~V4n`ccA^7Fmli!a{osY|-*lI< zziI9w2><4ZXL{l>RGu`Bhu`V!5{7c?lCK8Ma$Br1OjXu6T#4s?s!fSW zAmeD3isOL*6Yd;2%OL{~B+mHjRmFz6s(h^NbIl%OcXekpR9fs4b?#_!SdL*_7(V_} z<;ww;x#MgSy@HvrF^D5u5nFw>n6Pnh1TI%_eBm`tGQBtxx`tYfvg{Ti&i5;Ec!c{= zI_?!yoDI>bD4q)5oq)xI+4brTf#`gpv@atsq>KUM-50?Q#JyjtRq8w?I~;m2zcjtE zKcXb;>G9p9r`@nMIJL*ebXCjmGcHybMgPmtFr)x!iZ%kl4EwX5TSJkk^YmXPL zZ{Pi-`iT3o5U(NOToGXC4$l|)%^uykl9g@X#tkml4WwK@_h#V6BYkG3ac(L>Ggrd|QkNwiY^nWjl zX#OmSUWtu)|G3KJJtttIONk%8i08YC$UX6jE_fRf`F(WNs@;m{PD7}eed84p8Wpx= zaR34H+m&=~Tm%Ht*=9JdR-M9EOeeFRe2^(-%jPupwAMEkC^qsq(;g!4{ zc2Bj!pc6kl(__yc64tRDMe03RL4wN`Vj@6Z{etAF8O>7!r_oG#?40G247O1|^9u3I zLs=|eJ^8t)qAsn0^bb^3ef_=M;%=+^eIwu#lgJ~{CW8i5PvgE!e}Y!{IRN_TKt-p6SLJa!kLS<_<(u7l|5>FsFScV9s~ll3_)!js=1SR5 z()%HjG1J@6_ZJx$u0{D`p@X8Fb?EWO^VL}YO| z-*c{pby^)bue19Lh`Pc7s%2UzomJ4s0W#?M*5AzTbhtFa6G6d(;mhjd9*dg!gtdIH zc*$ZifhnwjW4S-)Z9!P?gI#m$h3*PD{4Qotfje*wiFJ$K^-nBbm;l>oo#gz!7ykPg zp5bIttOd20vQ=06QkGav89*9b` zf=hMU3+~nuZXtOdNB?}nMJWW_5Ub((nt1M;aYx-Y$&MoGFE)21yZ%%#7A}(KwIEk5 z%0MG$FY&+=ye5zY;fzikPCWT$!cl+<81Gjt@V9t9KNUxh zr}x%sToiT}Qx%-3AxDK-EITZ1tcBqATiEayd^wj)-9>&M+<3ckf;9+2a4WlN3ZLQ0 z2BLGB3|4yc$$J%UhhQY_i=0k&Tl#1~Wc*hUp0RdQv}z%w;B%7?>7zvc6(2%~D!&b# z$+Zi?yRqlQ#fQ1gTgLbVLb%jlsH!OlVR$c-2q01FTEo6=voFBJZ!zCMN7kRm>H(M9 zYQO^ygXMHd50_$^zt@lKuFw8g45z0jgC~(3#rgCGhiZ1ySLd&gh^F-E6J*zoIW&jb z;h)L&wmUIqSHyuO2ETFNPwXbQ4lys99EwyP$=&Ja9v2(P zFj35FU{Nn5WzhXO@VBad{2sT*T3xO^u7USGG3NG~*U$9zYGNh5j+YCSuE@YiD}_5! zH%v?vWFNrz2+vdVQ9kfyxqNWw8LQ?GF&l#IOP}Xzvr3{VK*>svw`o4j8KkiLMMuA< zNE2e&+_)99rQ?03!(})(S_}`mD}=xHs{9dWw0-V+XvX<38^Gh5Sag}|*|-3Ct6{no zKEekRIDQxl@4yOHQDJ}NhMj@hsEfkl5V=yP)J!zLb2qdn>TDh4XDn$Ah#_Tl$K8Ml-e-s{j^Ql9YrhpVLtmEzw_&w9vxdab75qCbVD zCD)jGyN2hRKnR?DT5sSpPsVhW|2T}2|h!#uNbJBZHx}^7- z*oDYMFE#3e)VJ@^c%@wIRx?dLfF5){7t1QOs)t&6x?s=L(T=q|bNfz7zV|Z5{_!#N z(-Bpc06op`sci?8pb7)3bzl#sT+-oy0NKdf=TNh6%=X41rPlPp?Ikv#e)cKw7n3pm zck&DYdoJRFVo*4_7-pWQT)(PzdLLHnH`>DdQf`Bo=|JM#Mkf^{g;W92t=i{z``!m* z&N)F*PaE=1HM7}Pey<}&GpfROWuQz^90}PIF+K3rou2AVq|Z@p#`~psFe!m?sspTP z5a!@v=%z8>PxRWqhS1K_eBo_OLl=WTvnM;SemZWze~d7FXjo+e=0yw6Xhf$VICG&$ z+W*)v$nWl6T7TGEesWT!rN93c0Lq2> z9wT}iqqqx}qJA_kpH{Lnedz2aFz z&l%+f4wv?X`m%a1?;8Q1>$|=^TX{md;tl(92(!T>CUQNW(}kd^bW3CXFm*4vEH3Fs z@4=}{Kd*xK95H(Om#OTXSv8|t|8*K!40wH^Bqb=7pURyxB*tXT#xeGcKuo3T!$rPX zvz!y|?JiYy+7j}ek25GIpwofXxnHc`wO0p|>K`=WKyW`>buvRArAJ+}fkc zW!TJ;-nf|VQGqbA>2NxRnvm3YT^z>nydMV&{XAvBA6yfQ*~~?GSq&LLcP|q2DA>QE zV0vp0YN$eS@O|)VZSx*PQtC{i9UZ2;unkBG)C+kKPk?#dU=^$o_#($?Y|1_q1)Sv} zZqJg|Q_Y?*@gjzOA722JbAnuJ?Xk{JSw1P>}&L7^U0lCJbvYRW6lY?N<{i+q_xBMnH6HNq9Tfh3PN!6M3 zYm2qEzfDlR!Udo(o?WCgP=6F~P!KUieQQ2^p_<2zNd44P5{dt1n&hn=2WQ|@8YBAf zH7KX9NKYBVcvPekT(`|2fk^o-P^iL06J>m{pLG}3iIru)K$VOzYw)Y-{bF^U`*Wk< zri2|~YUe_}LD2g7%9(!8#O$&i-?4JZELVE6?;eRWuRa$$&n@@)lk3o1RNS<-&!-#R z&8K~1geCg@c@Z;`V3}X(9~;&1jEs*En^FeQ&^<6KHvyFnwHHtPzKWSiw^nl|wKS~2 z$D+F@;`H10b7FWKh7gX5E=5bxe6Hc9xS$mB=!9E2$w)M`44I?aHxt<2GhM3t8F)Wf z%#WI3U#j|5*=JvCPeK*W?-vA@_+gU%$VPa502r$GW1|$t4z5QRu?GG5Tv~CdUYbjy z$tC5Q4E6!;ON&s0uj<_LDLo5kQSz|xsk-NTJ6N#OK43i`{AWy-r2Kw}fBnP5#)2xc z0NjezwtfrNB71<-5h06g87^_3IoMOeyTNKeVYCyB2>X&wnI8Mt41R0IVNX@r!ULA} zh_^=DKyH|&4J}__ZsLMF6@oqD2}=2T+ZSHz-cR|mC+`RTYbm)xE(hSzh$_3+-aRys zll(rTvoo&u=SN5nVp*(}#RHGE&ldDv5KY&KM}P$!VH6)8Uh#OW6svf*k-o)q7Vc+~ zLy$EA#GjFQp{)U{^SSEs!LtJClYW4tUWDEyM*A1e?aHEuNKO|M$(pr;2pQnYflWBt z%`(9Sd~P;u=U4luE@y9kgWIz>7$daH^(1U>Q8R*Y_ig&Hg3|yi@)~3gzjt%ckfG|Px` zr=^3<86QhMQv@7&FWD)Qry>ZNE@j-P0uZOclt6U7pw%$am-ZE5Pu8~5*lQe56#YYNC8ErR=_M^Lk3fbC z|Iu!pz6XwB;5T_pP!_hIj@SN?aGV+hI3-SCqepMDSxDp>f(2UuDXLOr) zb%TsGz0hFe+x)>WxuA?KMzrGcLYsXG44&|GEGmYK(?)Rh>4`;KOP*lUo>KO-eWVsE zVL>M`dRIfqg()&f!{WS-6fV75a1;sjLSziYBBl@-w8o{5b zm~6u3!`J%*9b2Xvly&>i;|kIv7O74v6GTCvus8o&2o@*j0n*k8zoU;puaWdI{KKdh zVqpqioNcd@z-I0~d?+DIdDhKI^ms#XX5uv$7(0U;^oR~O_X=`AzoLHKf4Q_dX$|<{ zXFm<6*R9w2yD|m2G1HOx>XVn>3b*zf(1LA84S(d(yX_Z^d?dfK1N}cC98r(L;byth z1(Rs#Z=jAF%RZBy(t`gCNV`t2d)iBJTLJlOrhV8zI-u}|p^4mLD!b||)K2HSJV`_^ zS&;D)zv@6B?8&eyGKw<6Fch`jGryOB@gVesW`@QOx&>6!KC0`^xdMD)P*N%{HUkP0dZ(1gXP3K-yi$UbF`PDd-umj>*t;# zDCd>pav%)rwg(CC13Zpad8Tho$nW15-?LW|ad7cX`*^+Oh91?y;+pm@4Zj*286?+c z%QCl>z5LuKJLNLf3o5T5W#Y&CAM#~GQ6ar03;AE(sR`lq9YZU+C&y<%9emOUK)15V zDXnD;kBV9vD+fdf%=OrqJDpbWA)f{&JOL;p>BZVp$S||zpm(ug@Yc%*cSx-q8stWO zP2T0cYoZlrdMN$={`XO%*{@z4(8^N9|-Ra4a4l3dix^2yn0Y# zo2!|le*W|ccDRQADGJybb+kdVDY*EH2o93pFGwI~T1iFufAwQL)H7`!kd?*Tgsf}j z(Rcg}hvB_+EOv}!ePuvT;HWl^D`48*e6=63d`>zfa};Ru)B9XslEHwf47aF9hY%h& zZw=Jm?9%11>r({@c;HgyhVR_EMxJD`mtCm|3Z1zrB5_j#JW_7Ldt;g7Hgn{cnA#ti z>;NI*bIKRH6~brJ=38r&oWRTn9rXVnclHGGmCqIqmq07DV@a5Zb3}JyG7rtmzEWaZ zN*uP>febN{53FJCR|u<%R6G5OphuFmdf$%Sx}tZ|9{<*H`WxA`xEH$Vv=AW^;s6+G zSQvir<-a5GjnJIwSdEpAxn=7ZiIwskJ?X(Ae{fiI}R)5sZxVS*W^kl=ad)g;) zfSi)?OML}gE{U9==wO`fZ}n6B>$Mi=>4K>dy@J_zNiTeLC{oeY94-hp>xD;OU)Zkh zBz&#R8rKWZmO!}oH5Ai(vsQ`vp?Vaovj+Pt#mD_IdwJn8M(DC~o8ixTckCKUMnR@T z96a{5`^P+CgYtTQ3I2dHAE+pdYEaz+UTb4jjDJbcQ#`;FUk+)|T#r%B24`a&MNi}Y zvN&z}^+Fcrim+?gI5qh)i zlI-J-KhN-nap)&AAC*;etopwVKBvI@XL9cyM?qfhV{WdVo2MCZ<}u6Sh3|w~_PGu% z(dD`U=;!3Zh|KZ59A5c#FN=hIlBd9+;%WTw`fkjE4TzY!>x?|kKkHa71$4hI7f2Vh zPH*gX|74oItQ~WBy;F6$d_GjZ8mldoFK;f86&iye|A8jqp)!aVd#PGIM~8O2yk-U| zG&uH3**-2A`)7suM*DzwM=|*_lZFSL|C!h@~PkxWfmz3e) zlAp|76hX`!-c)H_8u6?R=2@(?FxHH;5)5>{<+Hg^?9CgYK93bnTiC3Q%oFE*bF1rG z|0>xbl10%XF)TO=0iIBk>@S2I&GP+CjWA>3T}+-PQfR9wTU>r;bn_r3ICvFRNXqBn zsi5@UUyf0s=e+kRgzj@U^!+-6yu4#i49_09J^5DosoCw#U@3r~%gc=m4lg(v3EY#J z;yXluOU~e1x_n}3N&SnEhV)c)U4eY*cAq~(w2_7>i(i)rzEh42PhA-x}Y(EbZYl2Xe{GVjye`7ri)LLsh!&6WeMzGM+VkoALtyu{}iP_P*~hm z-e&I^i>b;@hqAlE6Lk`k2RA(QJDoBQ7-Z*$CA|0tAgXa*L<0WORCM*Xdm3}mDtISB zTjO$UDhttv`XTkci-;al-{@H&9oi3w&e{jYFdNdnK6`2um0q8WNRGy3-Ydw0ZRWlg z_Z@LcD=*@W7xT&$cV+fh&>vhGN6(KjzFMl1d!j}E7<{m?f`(I!5kF7k1b!TlZux#J zGZJ#V=s*s~-|3S#Qb4}R8^++G03M{b4rqF3@Afudp28!0c=d@jozPl%3prq{9HtX7 z_21*~lM!`VycT+sz%5Z@?&Z-M=i2qProSzi@mg}M?_80QGPy`;Ibs6th9^d2lb?Eph56VJ(~QQZS$h1oFp}qePk+=Og8 z=n^JpS99+$JLZ;@Xjlm_UjmJW`$is0pqgWiI)#6&I7~QjcWVa8;0m>Y@kmcwn6&Lr zMgbxm%h|n;omSS^?c847#4IldVkABNv_*CFB5wRxBw~KlHG?rdr*3b^(*a;r;Qe?4 z&Xd2k<2du(V#UB?N{9E3v{zow)3<$|${7|v*DB<`>nM46il5t2f<8U*ufqnuAvkPe z5jU|L@cKhkzVPp*u3?@!x++bAD-nbl_W{)Wp)7vCRqJf=&!J||+HLHDc+vR1bRng$ z?8!>mYvwt;U+&EdC%%6^FBix$McT!T<-j$Frh^P%bWC8{5d7fg0n%srLFuVX9~_=?VGY)MO{euH%D0F8VdZjbi?Gsoj7XIC>z zKN#SI1`9hCUui&h_5B0C8POa@n7b|iaE+cSj`Hn1193Ax#H)#j`}B;92@?MNDE?rZ z>+n_;r|tO77k107LL!F=fiza_#ojCTpFs` ze70`)a$W$B!}K#S*z_-xc0pkDxBd-3Vs#14V%SsxyyJXDvio|tPLsHd{Fhm+J!DoX zs*f$dkl`Lp-KS_>=Sjgo^)ZFjpzSVfZgLPqd-!y`N;@k_IzO%`T79Cs@w@#Q&ro;B zww)CKrMSf;?nn|?GPBqh*2xMx0gYY%xcF7}UaTpzK|DEBfx?7-hzbWT{;ezG8L@jK z6QHD07?VP_If)LFjIhK5d6L$1CCA|J9?1i)W}!B>iwzForF9RjK>WP62rl2fj*Aez z9BRIH&7TQ!P*h^g?CWca2{B;}xM3#q;$x(_Hp`pM^@Dg{8R;9m3XMH~%NQ+|r;ve$ z;`PfBZ)B*;7fS^cl0#JQqjtCMa5ZACW$;SaFjbK&Eq$oHNXdfOj|5*@wT5m_&POF* z#UEHxX_5|GRvMvQ(XuT4(@=hv)iy5J6++|zfAY64Q%m-|cUFYztEV%h)!1Jx8B`hP zUOCIpHdDI9WnGYL_HypNj~7~~u)lY=*Q@|rg&RwOb}I>e>K15RMya7ChX?j0awWRh zocdYKHMHyCtK7rFOgTd~`aAT{M=bFDg6- zeV`=W`qJOn35PYr17W4!uOtvwO=OHZzr|8d=38HsFL9V`#W{QZ1RS>UIrVTa3t$c( z@BXJk6vqw9iDMWU?<6*-1?nT7TX-DBXH{)8F4FO>UJ=R7rwG1yBJ-MIHLdgY+YTqyOUWGA(@dH0jUfAUm}c+-mzax8;i z-}}8Jmw!u*!SQxzhreokb8FgIKkZ2NKWqdDZ@~Fjr)+Qz3kk+=^~W5E+fadf07Ps4 z45qz*F`pkb8(PYNOO(AinX-r;lUeL84G10|p~tX(RH${(Yi{DFL4*8|Hs{|fLk>&u zN5>UO4vEVjetS*!hHdV#O12BTeh6Vhkk&>m=VtwS!8#P@aL5|;Drmf}f>4WK@waP) zmfi0~Pal$pyc%b{*$E6MQS}4n{QA~(PvN#AjXax}efg2dx%H-Uw?nX6hQLJlfGoW2 z#j`Gm;lmw1)czM;2ofzm1$;#15B>Ib%k-1mzu|*pqrf>D;Ymik6YyiQP!Df99k2V2 zDs4>*F@>-5INTQCYi#%I8BMD+7#R^qH>f}5TE0DDnptt4hvw}&BXvseqIo;AQWvtKN zR2?1s!vR^oTFH;!u%n^OcgQ)prxj%kxJ^{pfuTbRTSzUU$CH#i_w|ywk%ZFYtepw| z_+GfZsq(&4ukpYw4yEwzx{BhyboEqWdbfn2q@9cKAR?kUKxI=1mD*}nUnEwYN{tQ~ z*Nc4yjk+hOrjqQZh{hV#t;mBR#i=c{&&FRquy*}gn>+JK^wJG%^&GS}eZ1&>rR;Qi z;oVM9EGE=w@&_+b=jFIhq2rAtn<$G?vwK>%b`uZokv0x{YXkp@Gs9igjMCL8`__7{ z@>F9Nzjw6P37P^v_IFSzz}fZ&(B(}igq8D1jEG^_aHJ=|)fS1Rz4pa(?c)}0y~pZw zfflWjUZ!OKm_~(O6#XCEVgD1k19<;G&J2?!crm>ZsdNfH&0gkJjt73oJ_g^%S8jzT zY@-Mxf5?VXo(#kIRn){_q0FGcXmC0nAvFk^cfQqlS3fY2@wjpi$LC$iY!(b;>O!O1 z9Dn@@dKnTJ$NekqthCrN9!vaX3y%QvG!D04q>vc={BK}95-G>8VbKVAcBs}YLg=ai z)8Jm7OPD7EHn$NOXD3B(k(_x5*za?46fY#D4OE&U?L}oD8w3viB8<*LBALudh-l~x zB{J9^2{_ssLSrfFrMK-Ror0XF7Z53yLEJ#)-oLfpz{Xde%kQBRT9TWTx-R|kbdK>R z*oS@M#oO7A$%R@2Cp$j$mTv-hwKVEnieCF*s=d8o<~JSZoB2*x7SD+(bn^K^d%M`=zd}ms@g_YQ1_>y8rk%&ggP@q+0(FZ3`W0 zMcEOVN?~30QFcH%zJ=MivX9E%?$hs3WsH%#THw zO+nNN>__ITzv-M4Q!APz%x~$!zA4lpQfvh@SBRz`rCk;P@8S76?@T*XsZht} zofJ(n)3JlM-j0uc^gcEe@v49%D?sEH(1hR}da=fvrh({Pt{lYzsCWWV?K3DaizdiwioGKcit%hdPn z)&_kfV&jU4b^6bZoer0M!uE=2VHbQQLKHmjR`j)q(`$1C#JIjk>7?BZB>E;V@=?*3 z&{}`-ofOVETL=gAFIX<|z>CS_p9M6+NhRRy!U@7@X*CZsgcpk2ThS5dxi}VnrGCWfex7=qP1t%9iHH3M z$9fY&Y^!2{H0wAa^ZP!qpWQHgYXPc)KjqAb4%8_bJMIcCvCbIk`*uU7gyZIem~8g& z6p&^Zj*dE^% zxihW+c%0(BN}*H1BuE=S;W@z@G|g_@jG{l}Dv{B@td%k~n;BGgj_P9rjGv-c{dm;k zoxuhSbKcP75YUf<_EiDeuvnCCwoN%4^=6e&!0>dZTrI%Z zUkvSWZhzJXmdg_65%wA#l!gVL$Ys zZ$6_%LNz|q&v=aQ(x18!5Bg37)Xt}|kKalk51jKsuS3`d**Ap8*sG+dtyf~rb&KeT zKvm13PHg*GiF?|QpgS!)T=IsOXXw9=90Hfswjf@1hXchnh zwAy^~#5a%ZEmrMfq5~}#?=hlVeBl#`7V*LRutnU(&_!L9+atUhD!%-vV*gTn{IHqRn_>r7 zg(n{WTrK`ouv_ECh&$}`$A0brI8VP)gtQ3bp*WP>xR1zm1p7iT9#L<(=aW)6oGKo{ zg#tSzh`*oTZBeP`{j0Pn(!}=5ghxDRB}{4llKQ@9rBSbEG0$YWsDExll$H} zhz?VplE!R=G{9rZR7JzYI{YQS%#T&O_`zNfB=|#yWOqv6$4~b8@(j$R@5g@;q{4eyU{MB(07#o_{Ql5nB=bo%lX)*u!{$#Qd`-n7j|_ zlTn}D9DQM&uSe4BN#q;nIPnFUyl74z|63?%CtxbRn73N&dVa zC+0mw)Dc*s@Se)p09OO;`$Sg|$ROT0Ep_>*(QtnbJ;vn8gLwb3P0Ok~4~E5xbAze* z#b$7Qzw{`$8m)aU7P*Pc`(k3KRz&K-?R=ujiM0yaG($k{fyp)b-p+d z1;hvTHvW~oFT}rUqH2O}#*Y+%&=kz$oBV#`Q`GjcUmn-%Jx9Y}eMPeeeqr6bD;`l( zfmGbFt^%m2S1)7k6~9aLm{XXq2oNxW2Voq3PqVT9+yv+2HkG_tP1Nzqt&9D!tJ`}Y zXMe_tqatcJy~v{43lg&RgFTo-h@_68g_iquGoR-#B;Gt{P+s=6q!0woi+e8VwNSBQUva$6gQ*^`1fx<;jyJ|^RbCdU3sgyQ5sm< z!o>kLIsU>HnR57Ex|}dG#oI45*qQajr0MkTHW;x@>4zA0y_3!r4f)vqK)BkW!#)L! zdk0&z**0Y1kyb8hnzboYoQRV7Ev<9=5-MzEFwDMew2J0gfg?&d*6|AAN_>C}`!9ZN z)DRZKqWm*!Gy@;*ihO#va$kZ3cs-+4sd;E2o4y^1`=%1bWBUa1R%-mdNVx?;bpZzp zbIo0gPb$sS^I?EVH9W}Ct7{Au=>p?#GoGZd&qxL>Ap5A3zGWe3`Q;fed|#ovuagmFk!sh^$3YzPWRy0L>|2($BE^W*Ho(aPC$qm`7)=5cBXmK6r9L7;D>^gX!(7#q;Ip&yFx4 zCw$Y~4~Udo-y&*ciLUXlc(baO7RjfA5PS>`&I9U5lz zM(hDgUmkdq2kl2R6%`zRb9h8Z>?_S5>Qu;-NS5$N$m#bQD-LnIQbaeP4q0Dhze;Gs`qJ&Tzzp30?c`=|7szY)Mrmh@!v5JUoI3h|B^a zZ;YZMip+fd-SmkYaiUMR(r9B*m6f@3ZR;p6#h@R5=r&@KgH8XIQ?}MMV_&fqlZt`|=vLOcq&=foQE4_4hFtbRXS;5A7Wl-#}~LVr9@YqR zBVdg@U&tbs-YfgKpVCUK>3emY;r^fqZOB_vp@02*7Ps9*&(e9{!ld^4*7P6-URulRdp4{Ccsj#VZkA*Fz@0JNn+4O2AueEf}-&=vLX( zJWHgah%-Ve1yXKi7s1Skj1n&OMzN;`4TD%?tV>xVFCaQrH+Up7bOl z+zgP&-()0}or12;eWm(srBP52Y{G{NlUrpKCvRRuldIvgE1dW30E{FQAH=&JQJYd35g*#qkwf8Bw zwEZ2ku%UK0dt385RhuS$4};&;c-HLRP@;DRM(?`}xANdw=Bi;Uj^`w?vjY-BM>`?4 zTiEzbi_UkvP4-;W6MXetm z(EQw8zvTF;K|s*QpSgAR`|1J`;m~Mh*ardI@qD9cdnhQa)&U?WtS2O9}ki9ojZD^?V!g~n8uyvXH zDSp!t%_|amws(L{n~wSmgI<0Bj`=5a4sVCHdK8ntu27C{m$Dh-nrCx65HBaB)94-o z%A(&tm$adT-9A+YJaF#Wj1JR7;4^O*Qh@2m>WQ1?Z|q^(r7-K)T$|f)gQQ$xAX%PY z`IDc+Tid>h_7hp&I9c16IrdMnVEqdDbX2W&ttY(H z5&d=5oQ+R!-|;s2oVdxi+%L2b!^7@UAELQTxcbDMqpMg88abil|MjBh=a}c%-l`Iy z007TU0mT4$3H%^@pdLhIHwL_L@Mrk77#Pwc>q7L-*~RU#-M91Ty^vm47))TQcTbS0 z(|_XXE#Fqa8l8g&gH489mLERou2y=bQg1$?WN3Vj`%(*t&~!A-J`&botmA~{n918O zGQ)WC&7a>t!fqY!G}Chi%a#-UljZR@Jgoi~{*JMaQ$Vw>1!k5FwlWbnDxuXTF~3zd zeA&a;Snr6&&Q@j4FLbn>&(L;6#y^HAHvJ(&kga(mY>)+_GqZ- zL*+xTUdNw{5+)@6@$!2G>}<<)gbrde`y z(O+%bT1Sd$n zq1ogOdoAFgr9s!cACkd+mi^MOf4I>_9h*cSeoT=ucY0ff<@fELbK+;oOp_-(~&5pkKUzZm_MK7X=$`)=7)dIxa<`@=k7 zJ5t^=MLfA};cZxR{f88`+7d)KOSKKTgM`57;W=J#^8oX$+}58=;w@HhbpK0xJfck3 z3*k8Oi!=gzO^kyV@s~68)8yyVO|PB=*S0x6rl;wfcVHU$jyx_&{JRlkplbaMr-%U= zvjQj?fun=8WH`j!XkLgWy|DXU`vtfUViI+=Fx(l5c?lXMJ!n9YKl?fw=eP3pmO$V> z!bbY5*ZKG8YvaCikx>um`t?HOnm{O@hyM}Ec8~ETB;lotp^O~w^^HF2@shrIbstk_ z9cfe&Czjb(FkS=yWlNaEdZ<%x`^vTFbKSKRJT1*Lw+CbkmRDKHcwZy}%kd`P4n-92 zH)jZ#5VVsFlX?3^o!^Hn*^}8Ehs`F7Z-%1q!CFM&2s7EVy`FGb7^-CG$deb{lEu*h z9y#Skv)?T^exu8MJ8L8VZDv5j)szdYh3lK;SrL>w?Zv|$iCvl1m|o8tGCFm3mR;tX zDK0vZY55-am(v&+0l{%N(S^Vl0xnzdR-rT@AOtja{1$Ve#!Acu=G$xCD^N}lL>IP8 zi8THU`Kr7tAh**qv2O86{3TMPKnv9zE+VL)G<*48#6-MvY>T?X@~EGOM^7#1qw>(i zVFR!&?&yjP)d{-hcL=)<0=Gd~m6DpAZyhpK+Z!FW`97n4s7~T?&pRMMG9b@{_7(k5 z9Z#mSo&0D}buFDX-yM)n_4B&aq7&!GTVutSiX1ct{Xk@FbS>wyZz4u%*3jWy^1Og9 zMNzP&oY-9O7bg?_mzCVuB4~dBC6U*w3A&yq*r-_9sl#d@+`=XS=B$}1oWn%QUx^l2 z*n_#>V_fS`+kMc^9>mJ$qSn7ot#7vq{=!>0U=uIHseA33S1)T~^Rkf5$qB=eJl#s~ zNkf4)S%!Z}NUX`S>Eff7&%X~rdyik#5`~bJ3L2i;cAr;IJxHaj%boG7E zMDCsQfvyNG0*NAmI^MGr?i5(jF7Z*^e#dnrS;GBYP!PGt=r%^@?0G_{VVMzxd)xN; zqJ`9b=pL(B!SdVR4)D4{IB~j?1_z#mHek}z{l@sS!koWEtpes-FSnsgIwA8hch7I}GeP%OO5foRxA2e-udhd`jacSRt4;>v?> z5>Xw_796D#^;%L|dO|o2nG$f9_u}0jV1jfE(ed)Poc5PzJ$C%Js0Y~nMLTbGpSsE) zdfPE~$w`Xh?6s*`zfg4%{dG?spSQ~Hx8d=F0EAQB8kNF1rz@7>g*xD?}Ms8Gdu?J12H zc2hFTr*(LE>O*1l967Q5Cj&>wF43jUnLq^!1+`rySjEaTkgE44U)D1f-z!FmD}IXesuQ(gB=<`8S~X+qFh?s!~H-IN(JW(JnkHT@ZUeBd+a$& zYK@x;!#Vt{KOa+Vvs3D~$&9nn#o@_Bk6G`%z&2K|3rpA){Z@kkZ;OYTjCAEUyT1~| ziu6U|Va4m`m(nATGu*gII8;yFwtq}i;?vw%=gE<(Y~A|oLv)O75pxTC4af8FW?;ou zKz)3~ob)Zoe46aHL;}mxUkgtqh_q)~4>C$|q~y zQ{wC{6Vr4_TJvqV*~jee9ro4U`e;gxrewh-z~3N0M7fRJ?IUIPeLU~)2sqEj8EYH9 zj~@4Z!7bZ^5MNw>FIme*oN*PpJ=y(Y?IJiA|5pRM0z+uO_pw9(#Zw%zd@V(U^77x* zdG5pD7U+yljB1mL$L~qKvOoZCaERfRgLhSq%&YXC{_`?=KmPJ`tV#ov9XM)949Yl> zGxG4sBG~|=<#<}uGs_O`2er=U`rMS=okFI!u>Qp>ecY#6nfaUvDuPMW-4xe8Fnp=Q z9@eV%&%C;_2nmO?8qOk`jy}o=Z8iaIDhU)4)l8}}(1$}uY)a^twNE_TZ9zpfTdS&> z8!h}$=9P0ES1SrS-~8>WOIi6+0E+E1iZa9IEs1Nhvh?gNFHCtD2cc61&dU`~i`m1I zjJDCZ{PaTT;88<#*juUdeJG*fKccFFpZ3oRp4oc)Ybot-udWLZlE&@Z2G;9R%=u*5 zAPcFmH6p9&S=zIcdbN>8Y*Qu4#e8eaJJw!&lO~C>uWS6-Q-#ROEl6{Z?tja zD6_Bj3%kw50qGw+P#&+{pdYwDW-#&qA7c+HrhFgTA$cahadY~laNN*4tUT)whS;cHcZhNA_+}vR|K#4;~Xad^B*;e`oYz zwyXx6<+Ux7@B<5!XuL*?n1%8XR$oX?tNC!*htct;=rF%Vi%$Qgu9a%T4vG9Z zXs_KbUwvS?eE^f_IM~?ldS1xr1r<_lml}H3SWUS+b}Y4w8uRRC75Xq16U*evkAigv z6Rluh?p5ai~0B5G>ISuz~tc9 z^L?@-dG~j+ehM!loKa*G#2C>99BgYZ&WvZ z-{MVaD;Wh49Ewv-`o6O!4@3SL=Y1~@w%wmk@lsV}6h4Pdkv!RgTV8p+2gld#90ZyJ z)=a~sXkl_sj4pjz#}w$##`vyonQHHM+;3$TF3s)l-98C>6-4gq*AuOl__o{j#yi=ZEAMD9}|3pBI}gUSzbj*#)3 z6m2>(>o;8nNu3|3X1}eR7VZ7YdDh#%7dmcv2)mM2K^`I@5f}gF-tRZ$6y-q5%h!#u z3s^xSZ)&RxS-qc~G>Pbvncp8QaHrolp}XRFBfJu9*nMf_E0#l$L4)7@;^gAVkZ@ev zY^nJJ#zO5KTF)WB8HeqF1TPD>x&4mPUX4m;SN=<$!@j5X+4DSS`lY{;DV7k3RnWtE zjd)bSA9TfoVmOwA=xFx2j4CfD+DT#$H`zd8>RA=gZ649~L{B&~bDVCj#UwsrTvNSX zwP%LKQ4YUSynGtcbs-vK8nW*A1h5d8tf-Ib?0?^qkV}S5to;ME@V&N?$K23n_>Wvum*R`3U*fzK>p(IN&^Mi$iii56ZcHB-=juvDdw*(}>n}4>G=i z6M-&qRtQ*}i0rcxmwh@jd-DWxfjDp$k+`oi zu1+8Sdj5iWFK1`cSB4Osw7Uca(`vT3=$xmXCrY9;Yt*d#w|L^t)|77pv$C76d_>kU{hxj2M zsi!G)#Z_LSrOed2Y+=unlp#QopNZc?DioZ2I4_yWuXX|FI23{ugA!?$JbxT{nQ#SL2O2X{cqwswQhvm^cAbA-)k2`OYhtYxE~(Q#k-^ z0rn;w-0#_{k!b3_!(!|KdaM@m-(-8|EJp*P!_wPoc4 zmKT}RI&L5h2S5PT*zn6Ed3i1_OC0aE!fD!K0>bh%ylWyHnWs%&j~f0+bY>qi3DA~P zu-$#hTRAyFcVKF#A;b%lJR+uAWrZL zq=mz*adX)!H~#fw>nqRccY+Bd;+G0=iQ^*#gxW_KjLQdY>9_0-Ni^}<2NB-%{{N76 ziHGlNy(O0J42Owucyq7#YuqZqfN)1)qNEhf9VbmzMJ^|IzfsK3#6O)ilk_d>N5f&N~< zr&FmFO1v#kaE6|zdH?K<(%3TKBRiKh8h)bSGl$lnkyvM4_dct<2Xc$obmJWz;^frc zw55V7&Hq!lUh%=Hg6TS}{F%iA^|5_Ph`+Z)>&|I(hbI}z&AIrHZ?(2NQ#i+YJ^JS> zfVcR?P>Gk|3K(6s>LOky{=Pys|C4?Exo)c#_M`B%;eLJ0U8m6fa)7cW=&RXAQq!nu z4l{DX=kJt99p{_cA^eunwB~(fpJ>Nhd{R}~J-UYp)CBYv4*KS=Ss*JuN^`c7n*u`4 zUC4z%JJ35u^9nHHME+n|i_|_*{lO461k4VrQkYIpH|yz;c^VtTnd?xu$)Fr-oxc74 zXhwJ;2teVWc^3Wv?q_^3}T#Yt*GWeVtA$uErQ=)G+9%BQte#1qpr0506QqQ8AJ#7J8-g zMHLsAWgTwCm*iLOxo+!&T+ahfQ1uUHHmv-eC4ZlK-@p88oE#T~`aC}3bPYqy)8#EnDftMP&xLrvdhSeV@{L3b$c23%LV(3D-j{@kWJ3W37hV<4 z0Y096`J~7(TJh~LRoP8GEhqA7pE`#U4wH^v=-|bEA~>+X8xIF9AX`g2(tL8KLpYK6 z{n}x5>W{T1z_d8XH{=t)HV`Rpm&S-<`bTs@Qj+9Ah&*$r^ zEz~2)4SGB#mEdR)dHaJhMLouXx|lNzm@XXH zU_HfX&%<%9ryR-v&p4PbxN!&9_G|QRM<)_s8r(5aFJD*>Rw4TCAyo_RU215_q7Crs zyZ!_%@-~C-6rlk)Z}v_aV;vvg{%X7k{}+B9S0OvJ^bBIdk%2Kh@`?L6+Rnyuq_?e~ zb&e+R&K*aE^uGyC?EPC1!b6p`RLrEgHqQLswx#A*(|^JS_h;Qdm5NP$DUZR^K<|WS z|1;Vd;i`)>-5pk4JvGDc1Tpn}H+O|Rr~4&jk$itx%!OyI*4DqO0H(TV>>JVX;b=g= zl;!avVzr+*0-^_=! z;^#5-_JHomXV$GzINZpf@s7>@ZmFxwDdqQrJPEBo(pE+n>*D9@C1^wxmddXY21lSA zq4Pr$5Ht1PwjwgBto&g{542|`dx;6rg9Z;ri>P>`tZLc&V!tIfJF-(9_PEif_qmHy z5egFizI>vkd(KBQggExc+-0z|_>p{lm28+u8a-FfQ{e0a_JS^N-rZ>Ac<4?W6$!5P z!xwS!3$1w1D@+Ve`tvy~(lip2ThsdIdP32iy?pGvO~Swm!Ie^^dmmIERIs1!>(q5C z0SML}O=|n6d|0u#$o%h9)F0UU>5~2t_*`s4D4LZqb1(h!4F;n;^RzG@@Ho{yQ2xSTPVu$jbS-Z z`oFKw_AalCxa>FNN@*Mb_6!#v1d)l){6(_1;)^a9+|H=Z?(aM4|GK3;xG6d95grTj zem=m$W5*dk&4rDu4_q<$!x1DA@x;rf6zVY4mA06xC{P@;5!ZV`3u$@;@M6ARUqx|r z+c*&yeGfxk3>e{e+)zWk?^A6e?A_{RKrHtC+mX0!d&lEHgdqUMyXD!U6$anegmU|9 z{%K@ty&oJz4e)USgyycHq`8FNd-@f_-J61x z)bYaA8!ZYXl0quvUGEuEEN<;!omGzPKH(X+%TrTb+uE#+6+;|$?!RI&4At3-Ba%+0 z%e}b!+Dc}}^fAoO+aq*2{irLqb$l=Z)*!@oa?bXuM%cHee&IMR(jI@`a@+)d;_H3z48qVOr-_v!l1yzN}ZTw}rNC z#xW=OZG7nF1uaO%3euPG={B}|3e9YCOJ*_}_GTm}skM*4e`GP_6tO1mGgr0n)pw$I zJpRR53M8CSlsI;Ebkm;>>SON&?{STctr*NP{&2@{>6|A25UgozPxd;&(tOj^s+i=a z>viMK&sR<8f#`MA{notER9d646&+#JFRG8KaT;#c&32+{J##LKzRFniU9!r5-3xeA zs5L7mxGpn4{kRX6m^rCA(cCqmBB_KHC zDKJ|DUeQ;wO4cojANz>6&3u4dmCg%@)Q#NkEm-Usil3>>EpZ}!_D`ibTjB2o1OjrUG2Z(@fnDft&rI- z$HESLQ~UC4`1{PZUeDt2rF;4j-t7EqE*gAeaSvT8 zlEwP0nm2tu?;A4;wtdM41lb3lj%*$}bb>pA|BLs@^YS$|+hByy2- zQuNLQPw@ik<5ZYu<`Mbk}p`oj~nR)oSixkhNI=B}rvx8lRe_eJH4Q@^QG zS)o#S5Z~@!H#hj=sUsW06^*I;ItbD3sr}tE4j3iOin0cO)feYhtIo*pcw-KA&{Zs( zVIqb~!l>x>1>4Va#L{xI@678@X?y&8$>H&iANzOP`o|BvslDplQE#-&#+{et%wV`( zq#)XytVgT^u79ku@gd&(!nDpn03ERJO5RQM>KvnAY$RvTJ>6xLFlz6DC}_z`^YaN{ zc)SQOR`1Kf|9ReL%e=+&Aae8`htUX?w$H~By^kz)#DV|*6-%nlGfb$@3~ar()9@YT zz&<|kQObw0G}HL9t-ZBJA2*VEK~5SAAI0KeA34F54JXlJ!@Q_yRdCvVzeslfJ{=x- zV$781_q?m6VI0FiDc1cZAS!#VY7@PtG zs_`K#sDaVDqwl5v1*~O|qIDZQNH)&$h2F=5eIu+UAdz5x^oe2;)br^bujkjx6JD9W zVzO2}e;ponz6YskfHl;K2`bxz&E;yZTNfOg4>``iVC&2;OIqaj&A*sfx)s%VK45f8 zHe{|BF1|irq|2R2j8dM=Im1^Thm56LBJ!?6ch+QMq~dga!O`%%H}l;2{xYfsn#?z8 z6Drl*hup%l%XFv?!%EFyUYtlXj4*W3a&1X;FIq6i`{=~!jI`b5Zoz8MU z>9^y`T2jIlpZQ7|-K0`m3OgZOH2g8@j`5pmmHIuJKdWpDkL~X#$n&pIMFqk3`?Nc` zOf3TPtMQlD+4O=}=&)?}FQRT1ye+ zA)smi^uryDQEwL=TwxzQ1Qm>+8G7H2$`JGSiFBxcp>o(5b~WPgI|Xnj_bg^fP#|!C~U|9!;hj1ylp@CIxPYea8552 zjmHRHK2I1@v^*CWGqumFr_kN!XsqpzJp_9nMs=%t33HuU?zbTi|J&e^_%`6CpFG}s z_SNW(fxVIBcMVuL2W|UA1!yq(t|NHq}>8lux4* zyZKcuQ?rM6`0d-}j|hBNXE?KdUoG6miQX#3nB#74R3neOU%~GVJllsJm$ul8&K$G_ zzaRjss@^A*DVLcVBxnhXlPuHW>64r%Z+W}teQ6KQG8`YEe{7hF2Q&D5?jUbtHa9J+ z#V&s1rK$a;&PDQLgfU1wddbv-lY$IPKdm+uW73J*PJ}Cs}=?awjDZt8m z>V|iRd)OrxDb;rMn6V%b+sFst9Us1YL)UP2 zpeKJmkU>7(VU?bnAElS)I62zdEBA108NON$1o4FERv5)SPI;)FEBeO<2hYE0v6nh; z$H9Totx1eiX%H1Pz=Q0_l&1*JN#WxbAC4UQqg6HeC70G4?>Jhz`#+JoXB!H%&Iek@ zWe@wxD~uFTmJj3@R^|7rv&u@WEx$+gTM8!_UpJe13MrD8=U;pI?){F02W8YwU3HtD90)q?y;Pc*dLx=S_}pk4RRHVnSU>y>5i5N7MrwY(Rv z6;qV+s_aa;{rRV%FiPZ9gB&w#-{;Hm7I+Cf+BdULaX%k2+%wcH88q#tIOr& z1ZeNV>vu2aO0*e%U|*{R8Ld4jWF%xA=AS$~&iA_m**0|_X{kY6*PkW0M`!pw$`7-1 z#??tU#3y0}sA0O8Ym7&V=mEL0W@NDCJf>7{*D`~&etms?9L~@-)oGRpqH_kKB^>_I zSAia8-}}}gY5E#>n=8p-Iqr9<3NP}?Q}*o(_(Yf~@9evfZ@WE;w|@$!E}EPs=Y2fE9h)d} zX9cbGBo4T3q^RjtZGy4_4s~xmJj@1{2a2wy;ABD5-l1nC52xVOXG?j&HI!*CGFqDE z(cYFdf(_FacFkYQDH-SCN1i2q?&s$TS!MOxqY=*%_4#{_(B{daetUDq`(f9nsx+BK zjdZrLr2I-$xmy1P{8lU`SmAQ%<*+1iE-pgrk5ciIgeb>;)#$=!TIAuYOCsKFE@=o8 zlIZ(osen)@hi{~4X!pC$ZjDy8_DIpm?l9h+?DpWaiIS3l*&1fLTOp|X^*rwvP5Cl~ z!~&j1MK3&VDq3U(ASD>z{E>>5ui0kYW`Qr15MSv(7m)R3ngCOS+OteS$~Zks_K8!< zn)`ib5HyN_!-fo0sJ1;(eNNn~`=Qw2GLzEUtD7yxyvm)yBq(CPoY1%Ps5(wn3Th+G zJTu=GNbzA4Fgz~!vGh-`(^|SuxMtYIMXUW@k!t#)Kl=;N4qi%XYa=A+&4UTA*#5rl z525==`gP3pv-XN3w(B@&o`XZ3iP3lV1uT+ZgSg){^zd| zMD$Fhl|3GFU2+&B+AzcN?%2vgK4_u4w$idlcJex9dDjZKvhk^9JdYRj``B}X zQ{f-%Mtpy{{9qh76?)v8CgGVLZ4#UZ0SjLKTVg(vt8*14`>bk@u=~Tq>_h-oO)|D( zp;P)}uc=%zmixeSa&E{p7S1~RD2XGb_KiCOIomYO*Bp;c9WyYiR~uWg3;Q)_2lPj? z9C|2QMOGQGyP+MKPmFkiM@ZWX8Tou5V<9-|lS?{) z1o?j7a_@paE^lEyz>{qlj`6f#0BRL|A=S!;;&Fjk3oAEbF z3V6w$E+jfmMpi%RBDs%3KM?vsTt_YUY_UXJ)nhPlMTXlLz0vHjwvpyI9Lt*vz?(9E zISd{8CX*{R^0IQ#^ekdu4}`S+elb0^C}|jktMMH=N2%5iy#njY2LTn_+px;-tH38@ zIxt;AScj$|mw7;UzA4FEt_C&Ku;z5{??(gMCdk#g)zIJ&dHAKLW}ong^ui(fpW}D) zd@iedJ>JQ-&R1b4b?kxg=)P4@?wzg_ z?%&^Uug8NR&Uz6xv3zF&gpOuZaoksZGKMYIQl$~#s-t(PVV*dG+GMCF zojMfgGMwwhfIZ`L)DT;sjVi6aZL^6bS?!yRpPwsiLH26)RYH9lxkCr$~Y`>ORJTPRaS8PO9pOCOlIF~< z0gfv>VGEzc`bG?$(D9!vPp`5K9!yDDi_Oq3HCic~x|d9;S$~U~hK`4*^K5WKYE2IX z*<)Foyk{dBH(M9{3%Fsg2aAsW#3R3T)&vRMZC^t&2CZMSSZCnbMd341S!xN2g9WQS z8&%o?mqy)|;K87WL@8{>sDniiEU!f4$>|m!86P_|JzRMCfs~$=<3w(Lm{^#cMqdF- zAw1JA&3XJbj}!5DQh*2)#II#I&~A^qR(zI$c!R@9)=PHmbXc$91*y+4?`gN|)i`{x zL)MS6nabLHGr3gc2z>nOP)`v(PRx~q(6Kh-{_WC10x574;C16Wp*3(B-NbbIX@z)m z^A(7bY!2R3aFhL8yb=3=t?MJodv;KaXo1oWIY9m@-$aM_-O|5KtNRG=;STM-?;M6BYW}hNj*5n*S>2-&l-6yL20so zKNsMJ8Ia^A248-lqLX~p#3{&0qzYM03ct#YtFvOg#7(StPx|q)DbnKrpuc04P)8zX zjzfewL_KlPaXd--<-gwzS>F`*VL*&+LhyhC)1w+CwDjm9PYJUp_c^_{0(H%X^8V}#dTs0KF|fO8bwm@VEChu$_EDTNTt zS&seTByf1V!_acuUn42d1(S3v_uvOjfDA;tCS&MT3q7x2p(AhKX*35|ZtTID495OM z?u~G2XnJ{jAXZ2JJeXs~V7feD*_8AC#M5vrrk}flUv4ZL=}E9z@r8yHNvXHZ??Nas zC)~bMng2BNgF6g4XKNFVufqKC zV_a4-2`^7On^3v^Bq7FW!vxR z#Yvgs`E9-LiP%Jq&PM)B?$$(G)y+L3UV7HJ5tOD9$AiTU zIu)t051CiwJ(#$hZ=kNY9`uhZ-INg+u-|=T>99dJFIDx(Cy4j7PWw?sxd&s6C;HYw z;Kb(E6oFXYP`(d+mW5qaSHo)bmryt=Hb9l|-|OyP{@K^DH=oFl3uG^blbUMPg~Y!3 z99SyRKOi(-;>hYf{9Ou=&5!r(wc^?LL%CWKbACUnK-AJWrvm{Eqdx-YJ32JP49%64 znXh^gOjLWHXUpvZH~tmq1;-(-suOm`7hLtWy7USATkRPa>wr|(GXoNYj+_#HpZYP&w$Hm{1r)5K;?8|3ku-8N+%@RqTHaxG_#Jw5b~^P^$x}nT zZ<`KvL{o6XM)u$5^wvGbUfR4h#TO#NaJ5^Ra>Ff-dLeE!=F6;uh&V~7AW`T0>?doC z`C;5|ad97|TT`D&1L4x+Zs%hODJlwj&OKIpcr6GA9iaa+L!iO>{oW_k>F00z>d*d` zSN%+2IrwMICUtgS)%!CtOrYJ;cF@kma5`X!rOinDl{c)87_ZIt*H=;rTrB!;-QxKE zQ7Ml`I_=AQYaRc(s(x1)L>1|~+;f9h1a`<7R@Ex#WvYr#6L7ULsjA2=lUyHHT~~#o zHqsgc+{YfTeoiT^`X;tdN^nwDv5MMXCm|gKWWVkC)O0h92;%+LNX`wrevI=cyY{5i zeXkUCwc}SO5T{Nc>))$A682oa(t1MpA43)U<&DbkT_n?9%>XW}qZWxV2+z3dv|PbS>YY~SX0 zgL}5=!uY1d6klc)dEoVAW{^>2s2R2{Rm>fq(;^I|V)j<+GDr(V2V2T`y77G=hM)(jht6G3NnGi(IIU0iqe46tm0a`UXG;Z#s z=hUCh)hxNEjgjob0}xQ{i`hukL#9>vl1s!$z3tPlk@B~Lbqfv^YKn*}{&jJXFpgi( zdudQjm>uqbZx%Dc@l(`%_nnr)-6ZUGtq%U3+*B+XEnKARMa)#CuMlANzd9vTT zRQv^Sn)QXTXGWp(&c|L}x&m=JfJ4&ZCA-QZIL54!tI&8XW=CMX(K z?)=j*35L4r47G%;JAz4Ta{3A(89)McuZ;zm!I@9eSsYyh_b^>GeRhVRmpRCXAc)`bf&lKWxtriU}oto#rHo-iF3n2Z59>35c^YAEy+Xjd&S2|BpSiT+L z>PmQjjE?rY0LY|9MUFX}QkV{SBbsEQ0bT zhO=!dgBJOR;ar@{?CCB&4)McFcOhD|Rp6ueDUxRD8ZCb-Sr@MT~= zWRe0Unf9>n%=YW6lT!9Tr?TwK(`qXF+KNZ_No5NCqdyLFQ{BAAg$>H#3+z517+~{t z3ns)af7Hx1sc0LI=S1eD^&pX)qhRz=^&`!g?cY9BMOJ$p}ebgy#o^FK#A zW0a+bXZ>Km>fkAJw-u%cm)5KsF?nUZmio@mc#H=D8`l#GuEw<9FBIe#HVEyJB|l(z zVqpi@;F@YvLOeixzKbA9Hhup3Mk#N7?*?8MhSyF2_)P{lEpq|;9-NAk{b;5_0p7wD z>z&-DCu5*NNW5%*U&hP@sjA-UsB zeWbMVid9W zQvb|^u2NdP<0%knxPhT?MnM8aRPK3U*J)2srO!~S3m^R?5anchTq9b$JW9U(9O`{K ze&+`La*k}k?8yj1T#)L0M4;^c39^s?QFgNza87}fO= z&)9f!sWv+bvyT__ULT|EgRRrkpy=&!>S2p!k?zgY+sWFqz?-OxR~_G2QQ9_k?zX~D z?O)Zt^VO>nM#7`b+jro@+-q(CW)FF+AttxRi_}WM&*E?Qx`%Pzdug#x=tDoQAZ}^QD+|qE=z&|T|ls~av>_{7V56<@SQqm`> z>Y676*Y_L2vM@k9T$2^c*6XSVnhL{>j^?xZ`Kzw$5}DOEhKYaX7zm1GX9QlTxt^`JKk z<>}4b!ciH%=g+i|uANj!Cm}H)?`t?w2ZJtu?k~~cBwP?VFmc1FPxkO@e7T}=>;K2n zd2K6-MnU+M1SDOGNCpuk-hl)GL6QhQeHUl-T0Jv8W)c3dchy%X{Y0eHQQ-DYxc{VB zSAea(4j6V(Yf}uQCnti`S$l3lQ8h4c~w|()Rd86x?qDIK| z@a!6dx^3ScQwH^Ac7&y6QcL+Ghp)4N~3Qfb}gADYwP_mY(Da$K3Ib-S*XJf#HGWqKF6O|c_m6o( z{5)SMS&aG~oKyvzCGiQCIzHhU z^?nMwp5h1lK(Aw!&LH7#w0sJuq~Me!#B#4j=g$di6-pspm5a9o3#p)Y4 z-bw6pPNV$&^q@ue*X{wZ2`@;(*4yvV<2l*s3<4>?w>!%)ulMQjTzRWu@4|dI?BfLf zxOhKS7>C&THnm7!@{C~i!NuSlo_gl5C`hUg6>0!4*?rtzDD}>^aENNmh%6WK$k6S& z@vi%VT6ekM^#KSjjXLTWTDCN9XeYPesEUtIc*Uc55=U)#0FRiYB~?(;U!|bfCshor zNx9ZE{U;H$J+I}Uib3&(Dk}sfh;~iW>jNB_*UN@ zYWnqKr&3`9m4>qA#wv7hz>apU$*X-Yt~C2p1po5d_eRi{ zMIP5)W=x7Kz<{_Ue?K?dY9444-2Y+4*fxsvohkPVg&U&dl;UcwezG`20%9I8n;Ja0r#)N_wKM?L>HZ>xNm!iPe%bDy9M}=^-0W? zUGfa+uX$JNiHEdhZle9cGYSoppa36PXmLNajn@*sU-k+2!-dpCLjX`uu7Ambf~8u~ zKUfb19zriQIX>=bWD>?eueU%=5W}1%`Cnn=$7T*zXqz}yX8S(zc?wb5_2`B@^&edYMx>isnL*C=F`I}#ixC2k3#u6W4_;25%j#e#q|M>6vshb^w7ts3Ak;YN?xL%x>4)8i8CwBUv#FRLE9eX& zYMk?hFT(wY{3)CNDT3KL9z~~lE_7!t&*G=+cs~7f$DEvgEpKc;jYnt_3@BtoZ7}=h z?^>|nB2heY;+orWD-kuJ&(`_H93zeFmEdd=oBKq8({BD^cw*RLjLyk<@+FJ(CzhnE?f{l z1x34+bG_{A#J`;PeZjftcCnAZ7f@?(``H2qw2}V)j{gNZFtsY;y$<&Zu{YF7y0}p? z4Fm!cQWrHJVM5?eLx&PDqtSj|;14RPIAHs`C~;f3WN__KkGPAG0gH_*z2FiQF;CF2 zW9ij4K2<~|K>yEBHfOIKzbxhZq13?<@S^=AFePa7;<&=<>c-Mw?Qij@-&b)tp}%k* zU6a4C7ky$q?XXKRgiNpOQ@I|G9qDeL3me~KYyCN>(Di?|eH*~a@bF^71})nd_~rL_ zS@NV%L?=Ls!^mbs2$bi?ISTutcfN{kr_!-jcM*^BuKc8k_rtp+1Zebw_tj+vh_O7wGsLWc}zpj?iBTPm_rnf2opHA7+p~BRg#TYulQ~g}tCTn?tKKYecXc<%JwM z4yg9Y2jfI9H#GA0@i#wtahdX|)ZlPSP+~8PksJs9zSV~m86%9@q1Nl{Bir2*8=_>= zeeFgb0cp509P9Kxga7~Nbn;Lw0PQzI;dW^ffS+lXByUu?`QEKwp-9$Ii`ROd(WosQ@ z`bt5(?0$p{{i}}f8YVouiE=hnmoIJ}>!5WeEc6>ILehK+Pcd)YaFfxubCVaCZ3|-)li}dU2m(lSK}Y5uMWj zRYcYfhkb6QK_2BEy6tSo;>dOrKM2C5)W#c3N1dL_OX_NhdBYkvxm@y@`W{XSWctUlxkVi}p2%?>r;3!5i?p3pUiZvhBRmBnH zZ;Ayg7&o6I8}BZoTcMqXNGXJgP3_9FvmxIPZGeZQUk-fka7dkbG|kEib}6NlmTm)B z&2)zewz(bT_KQ}v(<2jyXZL3jy|9njBwi$*w3OjDY6b51($+6NU(_f;tw%Oq^D>Bl z5MQqc5KV+T$jiW;(#Y*xTB3d=hJ_$rP)_Rzu0T79vY-96!3m?M@Su$hDn`;Xn4Ky+ z=hnH-Ag#wNEEJpkkv?5!=H?Y9sy|dh(QfPmHbk(i@d!MRzeLwvVIX~9dr^h+H#T)r z1gChScY>*i8Wr=m7LSW?eQMj970VFb!-hQ}s{IVia6}|ntx&RI><8-8(x$Ix7ZOe5 zha6r&@ps2#caojFpUXR718Q~g&u_1ESbZHN{bG~D578tg%FHHK3POsq>cRK-ITIz3 zXZLQJi_fz7fSKHsnYz4B*O%GJ>Ois|<8$K@^YAoxVgTY@3ukpY)joe6b>~O=LVtaL zv2Q&YWt#JhnX1bgB3948+xPJ6mEz;K|NKIYmPmLe>fvn(QGG7r{p?iyeXWSsCA#-b z)UN32Cmc871_t1yMBffnPCkl|i<%%8O~iSe{=boOs_ z*W|3bdG?P?OF@`|oHkjKz$=;pfKvO_iM*6?%NIsU&m3_dP&W{Ow~vvGg1>#Z^gFP! z>sr@f_|yI5nRdPlqW@fK7RZs~k#bl1`(ke0whwhT0_Iy{KkvyQJjKUh*=}v^G*r|> z+;L>Q)Z2Y&63`ugQ=!CK^do;1*TdRw_8KC@sj70AJR`d}zXkM*u>3dbd_g3$ouUJ? zf-Tf<-bB&*n30%kr23}&C^-CiZjFzAxE~3UTc-Hqx{%JT?`)sfg6jc|`k+0W3gfOd zl(XC>7_CfwrsxyS0`x~UNJ>slegGt)QtqGZ_${7D>dj1L-($3mVT%I%O%H_JPFMGU zGSsYnOA1CgS4Pq;Wvyv~2ZC|QMX2~<8-Kcdl;XB|z^1g5aR7Fgg=d|1c~DOA$Yl&! z2b9M6;;*tig%K1b1|t<3#vdvFPUUC+TnX7*peg8`4cqa=E7Y$Co?wxz*7{4$>i#mV z`@`o;;=l@!p07e+^saC-?MEiy8Z`j`uM4iR{3CfC$h~C&agvi<^esyp;L9OBkDK7a zK8(A8r7|l9*y{ei6=cBd#Qx0NY@hE3K})M>e+NO_0AeKvV=37g0iZwrwA{a_@+sFx zjI&0<#I5CH3n#JmOlEySj0#hp;E0cLVhAetEw_mZ^kVO$xhiQOqIk6*_HDB)W z?bnJbuiuOyxOBfVvtQQmI zC2`OOsY4v52aCBYhlk`BX!@18wqn1RGP*Y40<0|LBW9mvVN8KvUcr(@nQ$9?3yo$5gh_>w=DS?xtAXPvi*s=8(_LHFB> z`D-RFz#Kfe^Np?JtI=5DdzSy|d|`DUC@(0k)q`>|9O2P?H1t1n%%h4%77nq6u@4rtSzu(yu*94fflYGv-)7q5_p7kV7hM1OVL^&IMICk9_4us#Xi1~ z&+U}TRDx4QSf2y)CfC)OlbN^EzEFHk)8_eX)jc5BSXP3Gvue+{VbX=+Zm)5??~Bx6 z#^5jAyMaoIM9lIZI!>Z2v_xQgiqrb-CHq44`z&Hh{jOWL9#qpwxOd*gE9pxr(Lx4y zdu>I03*F|Dx3=U#WJ0>Z=M#|+sQmHrZt0K(_8H*7JX_o#yifP!t8v&;p{OUYEJYLs zGTh0PklCM@KEe|Rm^lN&L63*bjwrR70*2JPL6!A>tT8G}KjfR=jYOXu#V7dBMCxT{ z<@@P(xqX&rEAPLQY+Mg*aUYUy%$D9Gz}0`5>jgFmE;VjjJL>b?2MEl_PnRtcIcqJU z27mr8`>vo|XZbkgK_MT!Fs=p~#9s?~O&<$M1_C6@zN{xbwaw?RiJ#6rOs~AMijtoZ>!IA18f=H_J%G|) z5f=f(#_^+|F9*QFJ30&X&99K>`kM4|O@S@nZeJa(R8<+-)ue zKK$GtQZ(K2;x~W#=TF|x+uM<5$%s~7?yV{e9&BEu75D0NPtT@~=-%eKd?4u_fA{p* zj7+_sGI$ztrk-knvNSJvE7pcLh1PRRZugWFVdTemIm8eU-m=@rCxYT`ARf9E-f&uP z)Z>H4Txm)yfPB43Fc7W$k-+P4(i)&!W!HKAHaVA8Fjc z1380IQ~95&FKag3R7+P|LPPc}glo&l&sY1E!6v0uMbW)D+c+~0KKXSv-@<6U$PpF3 zM%T9*t<3M&HmFoz8WbGi>StvA@Qksiz^A(>@AK#E96T(D1Smb|?b;)1!i_$i0rP5) zZ9VST+YUlx)ei-+nadrrd8s148kS@wHc&!7TeKcQZ0+cegKpAzU6GsTBktn!*Lfc) zXSS_6TA=M0X4Z%2JW+y)pB$RotPS;xHW_3G6Xtr2`az|C^hY6oUrs!?ncAZGAi(8w ztdL{^IdU(}u_|r76MOtC1v`x(P}s~4t^7=mslx56W?)sZGh#N1`R!HbUUFDSTo2ab z`}OB%O=^7tY4uV~`2n?B7ZexbO!JHP21Bwm{fPag4CCW{pT|T_{+5kMbFD>tN<~aj zz+#u0)CW_gUz?kIMD+@fy&q6OV<}gkaSlm_5|dMny*Gto#W4nf?0n$41N&;0j#^e> zx`Dqn9Ompiy)w%iXXA+^79)E1-lh;HA8Xmsv*ZfN$1*vKG2TF5y#*#J;9YbhyP7(b zh?2;wD6;w}oV;^Bxj!JSI*qZmSTo>Y?N#>mQ+GdfYC3RSdVl93q06&VtOoTFX{4|6 zcgHcZq7?ICiqiB&Yh$|C>!qp;pfvfdB<&U)az#M>7~^~Cyt}(SIto$>-@)y{)Es8o z5b(+x4n~*g&GW`@zo5T5^jmNxurh@_J?My1{*!bgsNspe@PVFly_8Jt5yq@`G=U!$ zqh!I#VuTxT`q;zAk`^`b^LyogYU8#%sqCjmOsWg zCZs!UrDQZ@06S-&8lc5y>o9jd{RD=Ou$FSeIul;uLDzZic6{S%d#2r^%n84HSQ>Zn z=Na?S?TYvj;g8%fan>&?b3r|LXk%Z7Yx!Zy@#=gKVC9|zZKC#9#DMeTK3{*BsRP{w zTz+}eAB?!d!F+huc{K@^+h_H1`d$AJ9ec&_^GG}Mw$Easit=RutJ(f{Z9H_ALFXKH zLwMBR{^{X3xPeR9`A&xdq2p+_7CzUcV94xZ?@kUJB7I=u1u)OxZhbJj7cQ*fNOYtbTWK&dVY?Gzguvp6n9)%4L)F;4{1GYI65e@+E*2 z!Uydq_IYXE>w_&E#RKgT0t9_~Y&H2>(7~mJCEVxT`ERdpwnGyYsf1 z4AFQZr$b#X>_athaXDe#xv@Ll#A!Xwtz+JYLLel|O_YNFS|ghL-;knk!II zh?oVWi|#LH0>qK^J2%YxA)Xr>TbdKFo+(lqpMGUSpO3)L?y7_vZV}qR-o?eyb`q$)diF^ioQ>r>*t0ZxZvxd^i)C!2zT`7*F`n z&TCl}@9;tyRCpB|LqKogO<#l#aY+oVpdYoj=GN2`{f_Rh0n4X!?Ns!8qotL}@gZh| zenBka3qj7849nyhy6t+jzfOZnze>5g%T5x$>^{;TkQhnr#UKD)pkO@P9X(&^mL^;- zeHKMM>%DWquM)Luo)X+8hpy}L*w4Sej>l}Sd?0U3JaSPRM{OU3!@O5Y%F4sP6_HWD zV|?BR-;+`oq_s`2)2ou;1Spvjpsk+jMW$)?2O7If|Ccikis}+ zyrA^1n}0k?c5*N3G5( z=$^1~fPINb#tg;A)6w8)#@f%A{M(HhXYxGY`TM6;oq#vv(^ZK9XT>@(W$q!NImyWs zC-RkorP(87SKM5EpAh!1%x_-%7KURxQwE1Vvt(J>#$pM_RIk_B80w8yp2g$)Lz$4h zFJSm#)nBypV?HoyxgzbJR==iOBPawDtE6majt*7ACsZ*0zNO}8eT1|E`9UVyC7GA% zT>-J(!4@%1)h+6uE_TNqhKWuAU0Gc9^h&j@9a?ZaQ zabUhbW35ibn1(updHeI!m6WBx2!iMJ(;NUafl5)Lv{T__k2FoRAkQQYk5d9xl+0H& zz2W5lrq+o;Vac!s?`ux}p`Wkh6X8O?V+m7bb$hz2%JodrNH>({qr<+-Oslh&qBp-U zaSWkTMPXlZ`AKd~;WgTX(;+?pX8uZ-6S<;b)~p+B$F zr;WX@(<^Ct3V(&a1jra+2cM;n$Wa6nxO>$2AtV*e!vL3h_qe`lm$Z^R%{0PZk4uyB zU}XP5lYZ4zH(3$Pjs*fc97@d%@s?5=wM~lj!HN>&1ynx|vuMfVyD=o`3||L#nbo3R z_G6eSl+q5)V*(cGmYhR`^AK0|4yx^=*slAUbAJ&26Q^_nO_&Fr#1^%Xp3xvX)!7Ca zw@V|Uj8`3i5Azf-m6>u7hyJ^)3^F|wn0p%kPGebx#@5->%U^MQ^y9eo9OF3yxwey`62lvg%xN&+y=YnE8!r{#kDYIxKUS#&z1ZFl1x zHBuw!GrBJlUulzm8_C;|%3JaL(4^U(*p;J{%s|6zTJvzZ__~nZ1hnkjXC0c0VejQV z6+9V{ukjjxD*~xZ*~9!gCur(PXn<}%b^yJBk#5Q;ckmxn`>~n6dqqR>tV;+9^-B)e zK$1blzCYv3uX7*OoTBD~2hP84^6JqVjw)YsHnYfROW z=_q>fsg7-5PPfb1e_B0_{&B%q*CyLXl=kogTkIUb46Fth>#Jv7Y9H)CG%jCSuVOP& zK9$5952{O2Bv?PxjmZ(2*cp0b_bTnDBE<=BdFy)2{|G0Umu6p*3NbP%={rBEqo^O` z^Y#4lGU5E#f0ruT=La;W{KAFWKVcJVantS}P0{j_Wca3lJ=_$S0@3-6BV!!5vlO+2APHoyB zIY0dz3?DO#kopb7UG~wa>7-l~ev)vM7Je_aN(t89dv%8ite?b`awzM<+t!}J8RNUG zM_>iJME!A?yWY0`v(wb!4b<}XEbfXLeh0+zm8**GnUHn3WcOZ*pd1T$bbnzOU~h^s|a*XD%_E!5Y;yf0pE z=TI4aLTu2IE8utXe*@|E-go{rt>*&WtJ|IM$z(s9$fn7s1g`6&Y?YcNTu=9X;s_hi zgS^;D-Tg;b$NPl;l&ipqmup+hsdW5eNrEgZndX7MxEAU@C%1oyx&2ZQAEtv+hLv(( z<}-DDQ7&BFrcIKQZ!vpkE}DA?ea9m^+9IPem}TSnnHCdImM$-fELklJob~8(OPCg{ z;XKd6sL;nlHb+2lUibz8Bp70t{nrru&W8S?eMACs?mw_DofgU=iHXRx@!fUmNTn*V zf@2tV9VOclvtMx7UT^lB`I;x*cSQur>?JT6Qh~B6D*{P>#HR$IJVZcL2o6mdM}a^! z_dupT0pu%-Z`ySS(-BpF1!t8;I;0@+7R_j1w=!lzU(}QJl|`Q#*`c4EV_*{>lkY?F zc8A#Y8H@etebs)K7Zf)074x_DQL7xtIEonT&#-?ptf^DGzkIz7jkL_UQ!jIC&fRKV z+}mvu!IH~5o_O4U;O2!1tUR7m>Ord*>7@m%`Ez(L{dZW$`a$OdvM}D2eMI<_i|%JV zT*AI&lO*B@kLDeH@eWb)prA?|1A7<-{G;6 zF`4eo1woDuOnSUTfgMTO^Ne%yz=UqcxQzY;8oD2pPnhnM)kI{cqV7a<`RBcPt+v33(fi_zn3F! z+V%p$n19{Fy1%0G^LFRb-mFqLr)6LHUY_S)1dZk{a@dEftf%KsNj*#FnL;W`ol63y z9o@PfPq_h^Zt}_f^Kla%+dd-t^pdMrxj%Q-3sMs6RcYB))g|iZyZ|eD80;+%9`Cd7 zK8V$YoiF18B}+ndKOe(xba2Pq9&vK z)UQzy8W0iN7Pqg@3H_|i8yZN|iA=6K zA&K;(eU~D%oKGUoW0D{bX5BJ9ISD8^QY`oVoky~IFo!Q8OXJ0)wvSVxeI{W<6WPme z?BgrD1^Z$_+e2rCecHUx{g3J?E}AZSYx7}96koeM9e&b2oVN1*ID|ECTYHSjzTpB2 zKcw9%&0Op~eFU-MUqnp75hmrZ^fZI_o{FA1{`$XQ+w1bC-H{Tb%*JD0Zj=Kg`e*`* zhJ~{Z9v?rvYT$T5S*+g~H{GO59GD?Ja=-krkk4Gm5`a;B|JyZO%Wt|1o3}ezq*ukP zpmepZ-VXR8lA&MfDPMs~Tt6Z=7~FYZKq=|>SYkAi`^(Op7FtEI<8ip1Fpnd!BK}P; zBlm$S{S8WSxgdK9x1ZeFe<^0L|Y15ls!Zm zrK+0;!zhQ_70GO%AEmOD6YdF9hId^d3My&BgX^4UmFgkg5J>uo9?SK*V%wTvGmdQ@ z;-C1dh$+=5JY#Qs|3%ywmRheLZxEQ*hA6Gel@ns)YcZ@A+d^1#aTdVR z5odz-4q|ej5Uy5!v$)8zJ?;CU50AW-*qbZAhX}&KT9`@311Q9P-LL1W+b&Y8a^M(N zo!R8UXP{`3r?x_6}eNGpfTPZn;Q z`z}r^re>ykKqLiOBk^KK(bTldk__J+qzP{S_Wr4W$DGKg zRhZ8^Z`1^F4xgvAm~|m|K<+@RPVAcQ?FZ!lf!>X~QmJW*!Kof}4k2yvJ&+C`;G%iS zRQECN5VvcwazOyYX(a+BaLTc>o<9ig0L%Jw^6?nuvVP3)Mc-^QKW8IztM@iI<9Pgd zBi4P%l8o3NJ2Tv#hE}IO2h5ogMK0GS1Z5(ZTV>@qnw-?I(aT+j62)9h15=#41NL+a&_sExa zh`*14pudQ8I`aE(7X!3(MuBv=Pg0H-{wr#&02o!R(fsP}5G{h^T9QT}d}ce8N!@-Q zrv;k8iO*DI;evum*jiXUe%n6MU4ax?f5mr(N7fE>hFh5;*H{!I<8mR{$3pr(nZx}C zFBkvJ*4ruglW}SGhU$i`wYo#Mu6(imMXrqEP2)2`Rft!%Im*n-HPIvn%#(bmKyoi&&xhco@^kWaF8$y3U$+_>VJA|{2 zYtMVG4?IXX5&MggbvQx-)FsF@Ii%^ZPp>Nr@n^%?U}P%n!_^k)URi?W}O6@hv}76KT@` zfEOuV0`PBT<-F-AW==4IyGY)?LpLKicg;2!B&jFoVit$4*zkvPzu4naWJ3U~R3|LU zB~uMum~60^krL2%Y>#VAP$Aj7<+Nn3rxi}VelC!Tl#OW7HLJ_pV z+4c(b#8ZVlJxL_>o-*~@4ErowBJ|n6Ap%f*-vj4j9&=nUeqfqOH|0kr;nv6Vcp2yB z%&maSpl8jc;DS*ZaFwt2Rq> z49MP=$EX_Zab^hTOc1Y=Lw)7n@(o2Q@xipZ{YGRC+abu5k>t*v#8S8V^pdZdcofLm z&0e*I?~jEs{tcJ)!r%VbnEP_FCC}&Zq=iIy1x@1gneY52Uz$Q$bFf<8)YQE-yR6S) zQ{CS<`OH#Vt$EEDO+prZ#=>hJYVp%RSDNVUX;YSa@{mAlItDpa&ngQie=n!XBlp3WUsU{?IjV72*Qmk0le1}rSN{EB*W-hJ z_!R263mqhEL-g|45w!e@{KW9~1xic4pNzT%Hcyk+39n-?N6rJ{QrS+U3qOau zN#bM7xrvhceJl|cLIPHasTHKMz{OP#k6B3fxvC$VBO|blLcUJb#sio9hqLBkiqwYV z?_w9h%M1IK{AN})>!utI68``|d=p1n`yu-ciCi1tV+#7j>wUj~392|+Ktc_7>w9*j zpIyEhqALz?@k*#2Aashc+6%sx7LFflhWmUSf*9XzvU z_HX>N(?jWI&M_@I%2ltN3%$tR9LEcKj+gq;Nc`2JyE(IOM?+1nH}UdjX79oD>qtv6Mq)=+TJS~ujfDIfMl zc%JyGysL?&11txZ=X7Y1^8OB^DR|dqt(?m4Eo2--c0SRQ&*7B}We7_~Hri@qU;3;5 z{Ot$!rOB+mucf$2?Ho7QKkjMNzRh7eZ;}9;|1rcbcH5Sn$0K0Viv6w>5qx4j>5v_g zM>l%hqwXlUFb-?O=sPY^;#v2;pTfp$7MJkctXT@dn>`0zy02xLH3^qg>TikkvKQa& zM|*rA>l2Fbuklx`*gGb`yPtEUR(`GpMVuL!lyV-do+&cDDMC>>DVeSyKqD?2Yotd8RkrfsI3CTdk3O*G)~@yd>wmhO3>(8{ci==@P- z{RH99*+Y)K4rMyBoy z8Tb52!syfDi=sslL7Nxc5O>((T{$wl8~j+@{O9ZPl3&O3q#S&6f6^dhBWs^8NIb57 z%_sD|b#<>>@J(KA$`17bg*+)s+u{D~zw=RY|HOu*QAEM}++8#F8vVGvFowqo2UIWP zjrjaxsR`6hhl~+SlzpGL|H%0p{%+4p!|?p<^XEpV?9-srx7tHrTnoPOd`IpkGs687 zVmy#KS2tng+(+0=X>IdkTwN>2GVahghiaG(!s8}>pI9~W?qME~mGWA5Dz&r*obo0H zwIdOSs%daOijMT|!D?vp?-9aCz2@zU z_nyOzM}Igx81-V~iV)bNHK@I*B0rw+-bHL`D({F8PX=pL#y-yy?I{Q=o&^SUA9e~9 zTn{G)D);eRllxKfTzmg|SXxNmM0ZNhRhCK#*5OI*!(ckUw!RTwFA4@UA@354!XuTT z6J9C}$JvoN0MN&LGG7aVM;=i53HPf@KV7cP4^RT>c6^Y|as&)$U~!jw`uKDTeTDZ- z0g+&T^K<7=Ko?awthXQD6NBAa-Q=_@I{-B1pB-u{?PvBk9a&k*%C>%g>bUbSPOZf; zd~-AC+H4<+=&yerQ&+=m$q#oWxE#am!+m%s`E4upMbLI)oqVJCAhVd9HSe>jALME+ zcl%-e;GSQkl_THxZ&#|NP2gjp5r%BRE)j0xeuRQN(dMW16w!g^x?pKhJOl*Sd+ZMt z(GaS6`VlY1B>u%EExNZaZ2yp4Tb`*OHJIbfDk`)2bYL~LCxUezCl$z#oACQK-8ISF z0aBVlFU^y7M%4xJGVoTd-y^W)f8CFMHup6n2QcArCJUd9ka|6O#$$M(DhbEXKC12q zdNubA3CKMNFpdjNSD^~YkAipUT}9U@bQ#BX4}jbrKY>qpWawzAKO&b-E=J}}eYTiL zV)JuL-LBJvKi9nesSupEf7c6wqq5ohBrPtnxS(H;*cxQBNza*9Rkv5*{<_Co=X!Ny z$*S*XWDlJ#7~X_5ZV`v3E9G6uNX<{FnXet94}vLv$`2U2)_F5%Frj=n9r5_h#oK+- zMDar9w}iHMD3CuAUL8{~G!STp)Z@PU5t-XxudipXoWD28K|=@6L&?x;mCnq2n zmfy%(hzC+{^!NK(?gQgl@Mbq_6mFMh3XNLKnlF|fj}-b4yjIBFT3bb&`RnGs&Z8_J7S?hM|3S8IW2TiKGEc+le2h>BZ$MSM?51Af-IL`lc%K0O zV~*v0E|hVKmiQ&cwMcmPgMnaGf-@EP6!PSqF2yBAm}^qffM8($2cFA3CQPGqTml>a z^d%9Zyku__3))8z$tR#JEQ@&(U$$qSpbug!m)5jRgQ#S}%6{lqHwIDo2n&o!Hy7%` zMHq<7jyP-eF}ogu5$+%6YM1v=e7=N}Z~#^-GJWn&F3sUv$es+y!(TnG3z+5yo2+yE zk`w9hsYlVNV1Jmvm(Q(A0EXc+cCc$LkaIDg=>5#@lSh4Q9Dh%(7WRLp{MHjj)Nx>I z6~Fbgj!(mAo#HJYeMEwu1x5l=+G3BI?*3g6j*zo{ukoi?p@X}pz6$0Q-zeNC02oJz ztIN816$TFds<8)Sy0sD^jGL8L7Bb7Iq?+MS846Csmd+HU5cDJDjyg16?8p_CUPb!| z8CavtX!mcMn&nk8!}t4E&}dn29P%xxBiIpQEg!@W$PCk!fuVjxK=?5GF+N6cpSclq zS@qC`;z2(Es;xKqfpf5R`Rv0`x39+6NW&@=%Ijvx@6yYZob{Y|PJht-ZO|YMiVxi5 zD5Tj<;L%+aLA46}PR+yf9tHWoZ%Dcx!e0-RIE#C|(Y=o?*tPR&$|UVC#~Za@>|L}a z+hgw%3!-`N>EV6#8u$@DW4+HQ@=)N+++VOdn21|}=Cg1szalg$z>UF*D_B?%y1p%M>|hi%wXF#`~*P+WZD^IHq-zKLBIb-KU8?=N|a zic3{@(A5x_mYp(p1FyBD=}T>}3R5mC{xdutE;iEmOqaJ5U60s3HQ`I?t${E;(gFxc z(<8S{o^PCa{um=_11S0($8{IcK!Ef&?0i6Rcq7}MW^tBDN7Ah6yukkXrvT6~%QU>V zw3wtQR7iRqKQ7nKmOeO!l7Kc3YmnDv`~=8agk>2Z+Akv672d6*)A*|T+hp>E9T0N# zn~3i=iKsCzWcShSp94a=jU=iAUWreXF>~5yAYMN(h;lW*H5F-jP}z{#yB8ZZJZr_k zB@(?c+|c3Z(4vtjVj!S(=n9ZbOms&F7Q;z@R4loG7~u4JyOM#OLz-m4;!q zw#ayGmgsl~Q&kWN92dl8&bte-Z!VDsYA|ADv+0g5l29+{s-`Q0voYgd;)dJaUgp5~ zTDz}jW+kwt(MskZ_J{^(~IK6f1J+iWV3X(8tC2o z=uH1H(q8h}2{F$l#+_cC!d_g=7jAq@DP#L+&=CxSbh1| z4z*~8%PifqO1Y)DjFYDVsfr7@i=00WB*KJV9j_QR|FpgzA#$cMLW5(U>{b@Rz4l7^ zPv3r2gPZ)M`2mRjQ4Cn^aYq{uS-Ix#oIh3@=_RANGwJcpPtwOpDAB6a6WaQFge3}$ zk&UT1JUPz(4KChKJf#4@>{H)npu3)TZ<=}|9{9TA0npb38+kk+tq&RYmk}4Q)Sl>z z`w@N`mmpweA3W_L6vG@#F)La=LOG%D-dYxgn9P!o!uq!#rOSFonQ$MM^nPDB58FK* zCb&IZ*H+E6KDqoS)xt25W2??qyiZ&QFQ;+9inKD<$f~nV^p}!LyT33jYzWWjI*deb zynYfAE(1EjzTFeG{mh!^c;9~@Xo)n;fs=dX*^>|=nC?(qPLGe?t~&1j{>)6y6&?8D zq(@N{6H@-LR%>JP+V8vLHoQL)L<%Tmp|BFR4(J6xByV)2Cu!1>_N4tio!HZ?@P`fT z0ai`QbG$VlzwEW+ROn*aJuy4>&_uTqdP7VqQ6GQ>55vgdV~W84EFqA#S@6Y$UMO3o z1u7;#xuBFAC*Z{CrIzj-BF$@LHx0*lKV$bHG*=(o>xIzjA|lz#Oaf`hZk|lVqzB)Z}j_$N80>S+cq4v}YXDWDUNr`q(R5 zFD>v0<8?@KfskRJX`Wquf82A^+@!*|u!q_kZTqq2bC^8UN{6w~2e6!=$Bu5_R1>?z zk_Y>oO=q&X&k(^6_%%klvSaHX5Mu)yPL)pYLo}Z-k3Vl69JzrT~k zC(H%~$>4$B<-tmDQVQ6S%GL?qikZ4Siz=aMR z3o{2ShAXol==imGu5lM8I2vy6YTbXJKpEmH>SVMmgZyBk-)Fl<-QINjdRIWNUOdy8tj&nBlQQV@ zBGS?2B|Wn1S^wgs71Yi{`yiu((}T}QBFCnVaC@#s0M^CoGCjLh)Cwz4*N!fvj4qEk zNHW$;V2dXivEQJy3#$-I4CAQxQD;v<)$f+vr2VL;_GmbR#%Md*R9Y(iZojU%9~gJ| z5$jVD9@!FocH*@%9H`vzhzM6^b6aMCr*Eay>lWutF08#Rs&@7o?W7@}+81fE-%h%f z^p;BUWg`w^4&zELbI)#>k7>3b#}a@=zad=zJWT9~fs27Yj^w4ewg!v(_M{-t@3GEO zhPkzgZEPx0H2%)>uhS4adFcisXV*8DK9WxdI@*YAAVf^`ZXPeJj6p<&y!;5HZTN`C zE7J13oR)^)FL9A|1FZ(};5TP2H)xL_Bs{OPN%y;J~R?J_1*O2O3MKb`iq>?Rl_Z=<% ze8Fe7Vg1iOJ$eu*{-QQ=8lfmbCwXz7?Qmp|zf#0W0Ej#8l`#lQr>?Sw4(te%aCn_E zk|8zbI8yEEqOz?{7GwtqAzdMVjiqU17Gd4@J5AU37y#y;^w+}~LLGc)S08!*CQjEj z!&KldDBB3oj^tjCVN;-A5k>uSw2icVx?K(Ak?ge&XMzqEzNHITmWq9v57+Ni6Z{8` zpbVqIn?8~l$HFs+i~FiSB_sl@isG;UCqJ#&IEM2023!Dc)!K27e&Hwk8pACW656!# zF0SqJSpcae>FQC!8UCfjHm8Qmg_6|m_*RG8p%1zRy;q5ig6Yn}SEEU+m{q_oX?mGXl<^l=w~l(tCacmdw(3IPC)l{`?@+CdbH7)QAj%7eaY({TJoQn_pJsr0~p+_X_Af^;ajCc2e)`oyHP9W+#U9loUFZIZ()^I=^x|)%ApAniK z(MU)j$9~A8|In4*X^*t&pwYqI`)3$?(|cgGjBD_fMAs(vr?pMJR{-NC^Ok?d;6{sQ zpNz7Nffw+zug@UN2P)|*C=$DBi_C6>M;MnytvOz8KG*ZOZ%Xio$|${s3IEZb6g5D{ zpT4G78h5-e!VJ6gOhqs zQv3lkK;?7oWFqHw7pK2|%cmcH=Ei0>M-eBPfE`%ZnZ_;;se8ukp+QH9C(Do@{K=i* zWpa9_RkbsDxV$pe9dxJQam z#_P)lP?u+Og?gL0fdSymG~iqpmTE{?eI2Xh+rLehuGo->KBaG9 zBHSyl5$Qh6$~ZNpt1c>L>&E%MN0o}1?QyP4A7HWZ2z+4XKB%~1X5VXjoBS(!Cr5Tg zERbJaT!cofb$utvBe0zg2e{ggee}d+YVFHrB_JdM8LI4k!ie_rwzV9DzeXBn_+iDZ zF=RF0yMrtc^VfG~BUdb+eqWAzx1X5={dKnwdoiQwgLd)jn&C%f!AF1;8@GQ>=HlOD z+7jI`=ZuSS#CZVEv|jO2{++Zo!t-sHakRAq6age9!ti zkp@V{hT82uDU$Z{Ee3%Syr3-1X7Z@Ysbh}XF~ZqQmTE%tGy18}5Ek%Y(4}90K1EDV7B;Af7c@AEP-Con(T?g-G`7u zkr4?b9nvPngYmnfHoYH%us}ib^y8RUvj0#>dWE{AI+A1TU!FAYE!X4wCCO`c6F=(H z4S%)Wjw9O^<9I5y&M|G`)Hz2r9nCf4LE zPl@~i#5yO}<^FcxZ_oDGReWj)!rMP;GB%=B$+C9;p(KJE_S0!R6RlZO!~Hy$`p_S_ z@MQ4M`M4!#4ZeSNyikAo5oBg4&FdWR7q`eD6oK9ip9tFytY#nAm|;r=D}+?V%5yTm zo=?L28cwe*<^vlEB3N}CR>SySRscxnDW5SaNwOSvQkN6zf>w8t{E)ozRYOQYx>K~A zeiI%N2A^g<6i7Xm4*bAgrt6?9#&Qi8Vu(d?^6iX0Zsz!mj7xPQoPZsnXnhyPe!)~I z3eX3rHlF zr2j~|t}R8CDEdnTB|H)p1j)%a6p^F^0fDcdP0w0=?{q6kEUHe};eZy7{i%(GCL%_; zhr->1a20@!7g>LXU9`^=-}E|ON}5_f2jdtWR=O+s9kH#-+q^M)j)_lQJ%%=~X`3ft zIiWbEbH8asjwIEsb2_K+lh?dAxYYO*(G?~c3ikOFgjC^ z&7~ZJa{#})?y8woe6P;ap?F z;Jt^$I@RW8oFoA}_B!DJ$YY8ynZE&P6sU|^*sPiT4A=gaQG0TmIV{Y$@r^YtLIcZcG~ zHZYzO9OKkJ~bc;60&1Gte|>51}W5 zOULVivtDxI{ob?*#vSDo;59soYH#gXmzh9^OS~NVgk)Uf3m~f)?3s`(`4@KWD-EhI zLTN%nEN?T2_MF~BVWHiOUGv9>x01&dTT9*a>zc%MK*k(q2!ZkS$K5CX9#U4^Ox~6% z-+4c3oRK%}^A$wydP1R$L6hwToKUVj`-Adi&T7sdBh>necuXqzz1I48YsBDVO?!pS z00R4*BX6_IYX>OyGbg7996=yKyPD>2mE83NQ2a6H4#QrYD!k7&er{ldfp>?$@uU2G zYu$XbWcyFeYD(0Q_`Wt007QYJPw$M@?ua;*=`lm|PJ!;wjhuY+%!+;{_8|lHucM@~ zp|u<)jk-GlmG#Ff)2CTysO6MD>}U8I$6p@UV$t>;+twdD>+Ur$Yz;dNUxpmA zpj7yf->Xe?+wRYYw;qJ_xB@)JrYVjVmr;QnWYh=tbvu7p%X~=-jnR1L}tXD_$4`KyK7qu%Q63a zlea;GLI|+GO8mYyvHdI;dyn?)gM~)Pmu@ib?vJ&tnf~3385RFz3VxumNx~1bQ*D^x zn9;aZ#*O88R(Ua;!EE0zJEzSztwU%7S%=)7S!n&0ClF>>bvw6NZ`s%3;jk`tu?|J)22; z3ft{h&%7Q=SeoW?{<*Iv-8hczMH+G$GE@O-mdM(kz7+m7*_5i*ZSB^u`*_2T2IFN_ zYa`8g9-KOWy)^?T-Ji+5A+QY&v`enS?h+xA-E$Br!AH~c-j>>{HeUq=jN<1-csD(2 zBpJq9&>y?0@WbhpHi(|(b+boaTJ=AZgM+^~a8oa|r-SJM)T(%bFzN$5+}>oDh()2( zO)&HjV>O=*x{&ILc__73H1lLcU2AtSEH(9CXj5m#oR#I+`J*chpU_mwMmlhZ(H3)9 z&jEN((698?JTk~mszIsOemiq8x5N`FYL#YBpWt}Us>BXkxugj<+TfZvkqo_*$w4x< zJvI~%;e0Z-56f=77klY3S1!=8y&Ug>%jEIt%T)F3C|BtEB%iU>4!Tuv*GgduMYv=C z`t9MWm5hl=L<6cEUDTg84NCktfNBUjL1^as=fn1zaiXL1L;30VAp1JE?q`5r!tSB> zeAtVm#3wr{-$IO)M&ZC(!b{f!T%zvuqC|q5>?ebEpB51m-$+3OX1@xXGpTK5C6Yqv zYgZdrzh8S+184TWId1Xe&Iq85T61P3-EBgXo8QN2UAyyXmbqW_hIRoq7g}flqfZWG z%S&OY26RUjUCzySAMeGWIFbPE)?XbvBJMhk9Sq+6`FFT5-J$;)nwD@^rPrADpck(* z^pPM7X#joq%a%>!zc4i7mRv*$;Q zpbmK3Z2myM2JHM=QCycUhoemIh#}?vJzx#tTTIfbr8N0Io8+o2o1Jkue+4{3khbn1 zEYL|{e>QyLsXPdeU(ig)D!?aD!3-tYp10qEU3q+!n5}|hk81CTB$2c#eQ7VhD(7ot zA~V`eNqr7K#H|ujV*3)$6OF(V9eTcQxjuCxFYm}e@wcCFo6P5A>+ZMTCqn%E32TUJ z)xBOI=kT_xnO04q>sj>;zty(NeUp?PD&k6QXjvj+{2FLtd-Uhvf8O11JDLv#T?4lr z;&UF&7C`d;Xe;NidVS6Bih+{qub>BBXYM=D`Ew&<2k%!$33$NifOGf%S-zF_$ZSKG3l1|CtB6@ca)xmNOr zabGr1GM68xBdkOAZ@vdLDWjO**KqyY?wpGk8^I`xdK;T@v&$6%DDt71YDWW>#k3Rt zX|Pm$>~0-{%Xg4W6y11dd(!-^2W8CH)_wB%+UJTW^97V5X~amVk<&pA= z;M-%YUG6_kF}?%E#n)a9hudE#VfOUtUXx1!*vEmD`lR)~i&30TQ!q7~qDoMeRP(G; zhK=$pl{j;2d z$(qvjD8$ifeUS00rw0LBZ0eQge2}Y}kv~r`@PR=^r>xTB#tRtVs7f=PzbjUV^?mG* z#GsVPxIg5QdI#wl5ti1_%$bcTk9voDe)9Id<{yTZ{Xm3_db0UqvsnrC|R(}&b+AmQtvzUlsl`%f#9-SyjmwqoXNj-!7J_mAl#od5sY*- z)`Dj4`;~}SIHXV$*VgX_2ZcoAS4# zNPv2loWM*PkJt=aEp)?J=IeffWJJfO&b8aKFq)5RQfO`a5(pL~^>Qbo+1kF8arxa( zWRdqI{CI^6cg};N%?EgXl98&?)Ex;atmp6XsvG=$;&SPd6{ZC%rpEzeiPa_ej?8eb z!%-5AS-=a3cu-EE|NA#BneU`C(I+LpxQr;@^Jj$`L*Z&B$|ad-Lcd=2C5qsbSbt_^ z?(JV(6}4%ly;Fv2%l+Oy))UaRrNlR({N0ZMhg?ejF5B(2?CF~LZX3*AsuH@kyc51f zcV@zFKHqFNWk*}6;2QqY7zvlDX0l0CP-Vier*b(BKl#k>yG+-)FZbb(AOAVxZTrJt zKDV#-V?G+2o(P@OAW-ru$Qygp!=_f$pIbZ!|8^M`)XHu(iAux*h1Uo01t4RbTHfls z8DRFK<6f9N+zJ)SIg6GkC6M#rpf6J<~lnrr~GdAvAst)V(If$nUCxCk*UkNQE_o`*i*R!G zf#RwuC;+f@8FO2Z;PLSGXQKTaz`%&eqw~P16OXU57r5_pA4u1f++K|xo@uHydw45 zLq$5*R~S1-->c}%`cdO+zwzVmJkNa}B@N459_taRyr;Lwea=Mm_6V}72j#98=bk4} zjS9`d;TxFm;Mh{)9Uu>rQolxslC6(DXM{ad08FZ<8O1CUh1`-U$L~hH`$H5!7DWIk z590&snDTGFaBBW5bOXYi>N;1UoCWBaErLF004NXqjY-zaKC$Kqu)gALPrI zem59^DiKIQ3XSxp2p*BC9nk8CKiKHv!BpcA8bjn&mL6>>=5r`*`j)%?6eqbm>b=-Z zgNkEA$MXadeq`Ycru$irTjNFQ7p087!sCnk@x-I-zDA7b>@Z7GME z&U-}b@~0a`9@N@?hmFUf_}+2Zg!0D<6RdqAXk$kT-UrE>_lgcfqgm^300Ql`<0}rV zs@Wrezrx_6>`WHh+G^$MGy02wx0LA(%woY#&sAER@11Xvb+_2tAoZ0omp19|amWa0 zT8Bs7?_iH2sayucRPwr{C-vDOQpacnZ|dVeLN0~OWQ8+wBuc^ey16{0J-AxJu-7Gr zd@KFY8e5|W4Va0W!kIrR2{hC5QSWg%e%wiAv4hV%d0W4~+`A?{7K~)^k5;p$Q$0H8 zz<2D^L`l%Y(=VYG%cZEKPbYEG(tM)CFj(dXLLL?yRtwz@HFnRe^LvB9(e+I{j5-N_ z_V7#}%KQj=WarZVZ%Jo@4%_^TMx58ddN(l0wYfprH|D{DvlVDL)_T(jqQ ztSa-Z|0t_dr_K-=rSOvRsH>0TH#zQ+`1k$v+n?E@293YiaAu7$ZKLEuf3A#6a%}t< z1>mm$$Wr#r&CWjwP;t(y^`SK;!#lPX%my?(;Nv(12hvi6es)+2CqXu;9u50k*n`RR zQV;bWJ&%4KpWmx_jxHa=RlX6auvZk~4Cq(Bq`?@V|F6AHf%*y(+B3}}$rDaj!vS76dEbUuw?+c{!^1rF51tZz~lA&gvh_uYv>^Hc9P^7T0 zMH>hoM4sqp>!yAEI(AR+jbRXTp`mP{+}Q1BwI2Zi2(ppEPK@Vo4;y7g20{78edSYr zi5o8jZ!Rc{c5CnIKKY$KpGJCJ!j6&02EC;OpI*fBp$?j`t<%aT`2EoW`aTZM@~|d| zDef9hs-e;t9m@$VgXUykz}|=WJoa@=2g4s#^}M1f4r?AOzzaR-qPltgQLQSfa=@+_ z_MTjSa$rI8ctW)80;=p=hM}~qWPrys1loOXM{>iECWd;RACEDlGa?nTNdaH5M>CdRw#$K)3uv2v-?t`rRjxMJ z@l(wJYbs&}?!U5S1cWZ+pTb}KU7JQ6_Q~&0r#uzFtiBBueS^Ze(f8FEi?w)Mh}A)jQ*X~aT?+65#OY7vflUGo%V*(4yq;Bm;80b zt|E`bd=m_2Itn+ZZ^;88S!RAs*gej``;S6++HV+UD~AU!98ema0RCY3J($H7dlZ*k z(%GPc^?7a{Q>3-Uk9{0h(%Gf>XbOwFI-H0XbxzDZNTB#MXl}B9uf8V$O!4js!#94< zPjs?RySs(5eNpFc`0Q!x zKD^W@e3TdA)hQ@U1C(%Z?%XrG2#3$t$j7i7pEei!2^Ma#PMf5JLD>o_htXVf0);|r zB$$$qnDu=-X@K7LOB3C|vILCDJxdI`ax~bt(|Q<5U{1w5JX0{|3T=4-bRh;U>JWfC z{D-kzYt*?r|3biCbqWtYd<;uVdpAA?73?NrcM;u3c_fEP_|rZumF;C$!rgw((y^4A zxjL+nOnJR$Na93~$G&#I#4u4_#0<+{rhiO>1ebgEX&M?TDief}fug-~6P(l|OmM1n zpJcL$>-=w1~tB5Gqc95rqgD8=qZouP3D~ zC!wZa#Xj?k6jc7IeSwA#XT$`c7PXzjfceh8r!NxVS?hKvlL$?teX+Rb{p**}Y+g5u z>|_$H3iq2GogTl^-RJ>^SsMxp{IB?!BJ7I$anAYhD{D>h%PUop*30N0Ks|ch-y;fc zyelxh=@ajTLx%|z1oaSu$dg&q?H<`8IEQ+(=r04#uz5 zqDkVZ8*Afk;&ydX<`}rxJXE3SYyK{K)(4Ne-;e!jiRzQQNIV;3uMsdKb2TIPO9ltb zP^=x^pi+fKgz(^gP|3LmUL)$kuS{QI{Oent{g5LfZuJZh8Oekxs8r`e3nX(q*+m`Nr9%v!WN7keJ($h z-_HWu;PO*=@SZfPmF^2a#lwtv%>du{JyydQo&>kEMtY;c+pzKV7ZdLM;~xULLB$%E(5M#g;u zfkN!=2PdPT?&u^bfQi(Pl3slZ`ygZcjlMyFt>;31Z{ZhAj+^>~A zJy>Yw;{^ThJ0P`L?cj;WYVv>Ki|p8}UX$=86Hv#IYbe+Tv;ZU+XR$%Xp(N`OSGgkf z`jGJ-dL`pbgF!`wg+NuVO76r6yAWfL99%7aBM&?Ad~Jvif1*4YvDBXtmeR%2MxR)i1A_+PJA`^~!jJ-dlK4lI*Sh>{8MO-z6cj~jK{bG%d z&-Yg_;N5r3yx@GpH1&mPee3nEUsNosN1gj_s747Y zdSArw8xY1%`}5cI-Vn6KEx*i<=;iA^To0s;^8 z7JY}sH)ikS$QnO9s*Xs~RD8R?#e8w?S5NcX?0XlfBd37>!Hxc#=?lq^`cC85cD#_d z9Z(JX!VUK_Pe+S;ZltNu<!Vybb90kXJ5a* zw7mYzrhk}HAaE7ruJ#vbKg)CVJD|JJ_|eNN9x+c2nBl|_%33YeOVd7IsLc7g2g%p( zS%#qM2O;l8xcyFN-U^dj&U}Z;g-|7Wr7!iv!HjCZO;faw#9pI*_pJMyo~9GL5b&B` zZOXsc9eq7YUZpNJ^Hi(;G>-Sg@snM8c`@J-^q^>LCZqc|kFvDE8bRW1F72*-*oX2E6 z$=}(j(N~Aa!+E0#hrsq#I3 zxRMQ@k=cjeo;hOK5K$9Tt?P=v zDhPlQ>sb>ZEQdeMk7plJ&9IP(6f~lW&`<9x?Yakhw#)z;=gMRzxQ#@2qdhE=l{EOnB)V3enooz6c3v>Z$Its{80N>+2|jVy*fX z{IfwYxeAle*uhLaGH5{mNg5lO{+XtqT$EjKHvFj;lL?hg>@Ct3TnN79c_>0b|M|hw z(PZGsrwA}OOR64xeJtq<>Bh?jTdu~gkHO{f#7DaGKqv7beFdF{{Pr*BN z)jwOGs9J)Ez`cT?-A&6yncvxa%3yf^%qNY${-Dob04{eDy!9ofM+ngU0!Ad)`q}fb zNLb81f<*`?Jgqej@t~6Xiue6SY}W$;|Ja{AM|*NKq(Synttru($7}dWxK6UzabtQG z3(GYJc_!ausr`VqmEN|T6NPb@QttIT*(G{+zr)Y2rm5;Q#N+k?1e;zuH*I8Z1niNS zv3uDHpha=x_`%)`5|<_?p)toOw{@DcE+3$alk{?525|vy$Fpm^mQ~-ycxJjIkx|;g zNN{CLM1z#PeFS|a=HdqyjrER&=_s*7*coLEBGwdt3{_L9t~)aQ0`rq8Y^6)EK^zC3 zGp6m(F%AS#ysRjwGyl4QrR?y;@5)vSL#;>48qb_ie}!fqvY0z=*(FFyp(!9zEm!OF zeq6Uw&lhMG<8z?i(Lc^d>$Y*0Z17O1ZO;#C*Bf}}^N)P;Mj9m*E+*sOV0@! zE$zyY4a`uT`86yUXkqzKVK*IMW`VpTM>W60`*_>`GIaU&1VzDsS0L>&CwFY9;HY;` zYpJ)%L*YV!_%$}XnLYsq&y~0;#MYQLda1w5?T*P*1kg}}xb&%2RCsW_<`8aXit{x4 z;F}NEBhipk8|C+&9i#KiDFtU4zGpp%W7d_pu($TkPy9n6pYUNHTusXvZ~}uSZ{g zmL4Cyipnk9p3`Aw33t4`r@!!iNkW9L5a}>%6K%Q-dZ(Aa=7n!QvI@eKjKT-b>x#_l zLiN7}IVco_v)D|FmXTkL5(ONLu*ky8Xk4n>MVWPoW3^!>Fqokwq#mzRf{1ORAS}uf ze=XFkVySTzx=n4polq$rV~|lm@9qo1`M##Tt^onATV4}JkGJm!xT=sUBwD9e%YS}u zvl5V1l=JBn{eF0cfD#{qYu|C-E0JGsdpOixiFvSAR(pcgbF$J2vZsiJ)R#Mw*rE7c z;oh^MwEA_!+ZS-VsvQseJ5^uq5qC1Auiqst!0!c{*ZkN&>dFMWE!X)&ZDYqR5)|LR z=$AoxkKFh8rYbBYPjhi+dH{d-Z*H$p=eEHjE)cI?kfFqTh<`UI)Z&G8Mt4Px3d)p~ zAy6p#K1amVu;XdEK9y5w5B%}c?)P>&6(gGyhudC75$S#23Piy%O_k?Q3PfD+D#`$eOMrJh zrqHQNw1SoHFx9wvNYvH9W_cd}cGC9D3s<4o6Dz4F|K|bboqelclb_o@q?j!$&v!UR zBJLB3#NC41@5i8V3yI!%FMO%q^|6X?`O{qYgo?Cz32Il~>vc=l=f$}D7g8sQz`beF z_Mt0D$9~Ua1JG zb7DhANQ2WLO(esxhi4L;8oC*V#%`Nm6mG9N`xtB@edu!dSru>mp80LWU~wpXh;xIn zU3{ysS1AY6NpfX#2wAG>TYrEBYM%+SVahBV?VjA9nV$a$Gg6k1@$;*%0qF^h4%M5L z25!(E)?FMQWtvp7e>7BXYOu-?xx(fJLs)Ex{&Udppy3G7FoPdbt&xJ{$7uEaV5s%sb(g}x$T!-7%N~A`{xOD_N}1A7Z%%?f>-~nt+xy~*;Te0Lv-`d ze4VjCyl&L7vu z90(Yg+)YhA?<1&C*0h4~{H*Usc%$~lGW`^&ryxCBdse}9e~yrdXVoZX&SgBXm@!o9yHA;LS=gtKW`B~L*iqOpOT(T# zyuYsoe%Qrv%&oXQI8rh;*$lY4&r`~vb<{=jz|w>uvwavC#j&Z<`JK1Oz3us2c-!7( z{btF_XHPZ7hjb0x1Ss=f_PX$Zm*Nd}5C;dYkow8=t160%3v^OY4}S$OV(bEQ?~)ZQ zT;|2B{~kFAtF+DGFcV|-W9~}R2vm1bAs4B?w4>{=G$g}MpFK#e65?R{pd$7!Mf<~N zh^XG)um0QAbTyIr`S3tXz=M;!fBgA?i|)BB~ui5nR# zNEN?ZdN&nuC=cO8LhnW;D8|0}VNwS-=tzE`K8quX=l9~DuXFz68C3nn7eOhbwH~TTy9!>Sy&Nr#fsW&FJ*Le+gQ#({Rk(_Z)$&~qkTw-qwu=H)q?k6 z+W^4McYjy~$Y(rrA1M_pebnh3jn8a7kIH(Zm+TAI#dJTD=sP zS3iiK#2#U72N%mx7Tryxk8B}~&7(4@Tsvi#S$-zx=lB=U=YWC%Xy4db;iCeKn~@-yAvQbX`b&$cwuyucZ1bx+D`=j7b)@;-RzL}!k} z>%Hfw(-dtScE498|KxJo+bBRB*&t??$axs1jN%!okJK~z#89>KR%1c5se1e8V5hPv zvQl+_XTRAqEBs{i(?0|nXJq5o^DalkzXiM(^;}F}E>wH4iE#X6UkJ&h`|yM7Ic8hg z6Zg*r>+-@X&&BQgI=}96tJf}CAs@VBEYAIKIjN3++pn6`Iwj_3_XeKF5bxvSP6}(w znUpE6((8C8MPfV9w=-lRu{Yjl*5b)!QwkLxLon+QYgK9Wx|b7Jf<;}LK$u3$(3QDXPFOK{)+(f>uX78h*&}!R&VyzYmR=SiWU1 zeG=jhmqqm_xzOQVsB??61NE&s_(QC+9LdH4 z6Q-b5#1Z4}hk!qtW!tcX*N1&HTpJNChEXw+yp`J5gm>c_Lc_^b5}xo+KYPdRP472- zUl2{!f584~PD0JVjel5<$dcUYVUz|Uuzdh%Zx9f8JoD_Hl8WOiCjdG~FE4jh-cH0) za&&C>!wI>kZ9su?w$$caa{80=8q~78?qy*1*o$YDvQH%e5dptFw%a|f(x+|=#rXh_ zW9uY+lMP~>>YcWM9l8jTDeTYT6RdAU)Q6ge>lT?E_Ch}-6cSN+k%L?<>yU&L$78p@fw zf%lk-7r(_=5+^d;lTNR^%O0J-Z^Ab|X&j(!@6!-rxyhMfobRF#=frCs27-mmGFZ`G z?>ualCEF&0*c;#dQh;xuiH9Q^48ad0Fpl@kvZ&`hJwY`h&7Fm1;{8U$bnU+NuL1tO z?LL%wp?D`b1g$S-&vel{3?OjC?T_4TVLI3SaX;^%J!XezW@zfOe3z@+<6i1?3t_Cw zfOk3tRaFQWpY9r=C0XAe5?JWS0aU2`_c!EUfCTd^vk#$?lV)4nPFFz2S>X#k#79`qKkr>JPbf|vrH`Qa)AzA|GO(ty`LfnCSrPSmEU{}p+OQnX-B(ei z#Y$RoTl3G>n@j$cXRwXOv!WK$MY=EVpRFCgcRKXf0IV2T7-x$9F`@4;InShm2=3jo z^lG0NEfL1Tp>|@G@I-+1^-hoB(d}!2bDKp&i6v^NC{FXQ-+RB$vm%_AllAn$`g~6A zS0|&JcZ|x<%upA>yh0%n61y#UaO-fQ`jQWECr+6%t)Wmcvx)SWKD zWxEoBC*J(v6JUA`#Zfz$OH7hHu0j8NWsEoVZVP#IC-0hr%* znxgn|uh+XjYb|w2rOB#Bij^w7uAF=UwCT80KL_PO6YD0${lr~i{>kD1urS#XHmH5Q zx7)YTKIynT#Xe0BwCz6#4pX|SLcFaW`D@Z?r*74j4?n|>6`Hpry)gI7ZU8E-PUB3f zfd0`jN=&AfTt^@a?95W|BtN?K@pAT-fOpmQgxY%Hk=Dfb-Mil@x2oOmkGq_c~_(1-(T zsM-?YHQ^^uW*xsF=O{(oOXO$$9?wzyC?P}}v6u5;ZxnitXBr&9`-aQComb;eq|?w` zw0?1{W^{d2-HFGMNK~7f5f z9Ga>)+ef&h0W>OL;p8**3A*>nlHtN9bOSS8sVj;$UG z9=g}mt;EFEeUVNNLd}ZDs=e*8!aI54 zhJu9`vCedT!9r|)i`xmt=!|`YtnQydtocxqHhJ0d9>X(mn z+CLNtE1>bz$G#I@wf$nW&gFb;EZAitTJ*cP44R+2Yb%TQN&?tsqdwof(^lYJOsVgg z!)avSOnt8d2d1o%>w=Vn+T8E^x&02DR(T?!`*_nl{)QQ6Q+>Wt zP;r^|(ZYXPE^WyL^N*`?=GQ)n^~~NiCn<{JjWSWF)V0>Z_KIhZHXO`B|7HeD@D!qye@_%H;0`}1SKuKG5r>&r`>x7Lb(Zpz7i zQNn&Pda|=&8Hm#3mGf17l1_H){Tg1<)Pt8)gLWu|wuLCi(-Pe?gBXw;yqN3#5vnPX zlCwf;*fpNs;^oQ-SMER|1LV>4m_Zr&_>^=yn2d3_pQD2ou0kR9>Ya0|CIh9Cr<^1I z<)m6u=;b1n)*Z@tINJIu9Sis4^|ZzaD*w5)=@jvY9Dz>_=3&mf3XWr6hU;gHd`&9~ z@LA@}`h!yzyzc0P6GAqN1I6p}Np8b~c4#HA`-&nTRHYaJi}k^{WlG^jWhQ?!wi_z) zC$OI@HDuxSPCky!u1g7AlHR|X4m7)64olIpxAVyCXaXwqkOZ=4EBupd>vup+1sPBNu1jsDkg_qp7%`D<)^j1JHAv%#$e0+N(SXhA$(l z;`O06xr@Op)AhJa<8f2C&H8p(aynH#caDQZ0ETa$->!xPT=ehr^Cn|fXpYB0ORr6! zRcgN@pl4ohK%72)Kf(uu!}XX>Zw@LJJXEn<@>(Vww~!z{P5X-1IsOHpjp*^^0*UU# zAN)m41LpOer&E3(0>U3d$7q&$@P)|LvIA!&8N}R19rN<1loeuCfBR|jw=c@y;MR03 z=u)Kfyn5I5W!m%7Y*B1|!j6EGij_Pgso@QWNv^k=zTVE(C!If`j3wHI{{=GV^tm1C z8lCBdd+BjXB%JZ1X@RR}44?OfG*9N@e415VeD%_4A26Gq>h{G`0oga1Id`FPDq%x& zt<+!ZWwAK*rWMVC<^0}AThwDc5R%xxH=duP_UF3xthP$O(6oXoh0P}4vAeO3&+Iu- zDx9gOq%3-<6LX)9l~1M!wN$v1=7CqYu6^37W;|9g`Ii$tg8+pZSUt~uCpmj)P#!sh zbju@isjG-5BIyc37=p5cyqx`2nw=^ zg6MK0Lkp8*)1LeJx2-x60vT9c$1XXmv5?zz>z4p5CMOpXA)orm!55f7EsEbiGe{w0 zMZ;>>IqD@B$TQWETtU1=$hAJ0a|8!d)n$3Y)c?9GbZm;22#(bQZU#UhT0-2QKzDs3 zpb@vpSl)s@9y;~HeR$%DF(lsX@i$uP`x8j=mrJpni8H*2<~5~Ttu@nxXY$QuqKxAF z``uzCM|pbO>*k}O(>hINiJ59;<+6{3EQi9P;lK3~7T!UGVk2?0aiy64i{XRSw` zRZTn}@o*<_^9u;|h7KMSN${-PP3>Zq=zu+yr3*do>&JIB^@<6lZcM{?PWsB)z5CQB6ei+33bm_u zafd53NoIgY@*T!(ia+zM+JBX&6}2z@-c((B-GTpN12y?){XL?=h@HU5@gDFqk4tbCK%=XX2FeF zQyAOQBoMo(=>G2QrJ)o_|3ov4Ry7e8XRMFt=qwf+$1cw1-weqyhVp$hf6*L&Qazg8 z%X$}vN*)l$1tLl^;s?G^ufvgE<+t@zaBxPYFLlS4pNB~@K4knMgG_w0$Bd|(@P0oO z&Y_R#wrEzEaJiiqSh7Vm^gwLf#UnRwgiU*r(g!hpx<_w|KPw~S?$7=HjDHC;c7mm3 z;&@M6DNOU?{tL8Rb#}|Dd(E{5J8Pmv%|?gHO^jadb4}7PDCt}&pm#6#jeHE3CBA;% z#e+)R!%)*5@hZptfcKd5KPe@NX+RVw?{|K`On0ddK2F5y^PHEjr8+y0vvha!Eg3S3wnrVYU8!*F_k4$RBP_!T|?>Vej758iJ#cnhbHg` zt{2CH-aLK-&$E?zP1?aJo)D1x?FBKR-A=T+N4qi9wfO1?RpQ61jOTr=V^!PDCO75d zpdzJhxsrmE&OPJQeLWjo6X~UW#C9#h@CT1H&ZPL*@nPijPT<0J<*dCcWA72%4O$Y= zL~WRL=#TgJ=WFJy$E6>D3%o1ctvpB!DNO80Dm*_Rl5y`vk9eU&UDVA2w2*DQPf zTpj6Dc;+AF0z^(B?e~BJk`ImA88+mVvWMW|pEc}4D{_@;$(QRM(7NH8Q{wAP6Y-w~ zW>y+k`!>)IP7e8#nJ9nD1-YAa`*J@g-L?_Y2PhGN-}fPMNr0VeDCwA8JXg&%DxLFf z1Sm`{!TtMvay|!th<={^H`LX#>##;&l!Gr@36>nL$NT&^MrzK=-cmq!MFV(x_*S2S znzsStX^(FA+vM7pi9(|0Fs4t|Gfd*@PHT2;uCw}`IvIBxvRo%GuHj(*R@iA&h^Cd@ zn$7nwVzR?4gt4DjmuwzyGZZaN4sJm4O~Exvc+-{9=+}~9;v_lBo&0F%3|&B zmdjua#wL{*pT#2wxDTGEo<$LI&-cf3s``pfX#d{4 z0Z<3U?Dqmi_6@Cvhm~l1T~UFVwh_WQgs~qy`c~8vBh0>y@iwznt^ix_1zudQW4*LrV362FUiL zBaV0EXs6qtUH&$#_1S*5f?rkgdz32lQ224p5?EFqOYXK$7Jz}kWDe)}(o3Y;hKCtz z)ZcIYk^+kc;_4NGNNT-Y&ml;GVFJzHOEL2Pnx{xP2i3dXrIv#?87haFTQPE?`&4c>`->nLhvY%5sU2%q7$@b7;#%#iu za)?i0NrER0Kjop*hl|S=aFNMH|Ad_y?>GMp*r!V`k-Rf4lpnA*{pv!ok`&Jaxbkbwrb$Z(*T^;1!*}=jVE^>-5}l`sK8vDqM-+ zz-lmb_!(Blqc+gM0+6CZ1&D5`a_8#oH5{dz1|TRmB((&?PnEnc!Xs9_L_ero!OS6N)SbViBaK^84&~&nchGqK|utWzP=CDYu(kiszgOeG9x2S z>{A9wl=M(8Spypqc*ooCT`Q0gF4gh7=;Hk@G>84xKJn7593_5=;}9EW^`&l+2TkB@ zR;=e!QuXtB=$xbQSa6zC7j2~M2h{nfe!mH$Uvm9oH4fkIA?Xe_6rXYujBI=tzS1qL z1I)oWnv}W8oWtf$3N6CO*wD|n;RSk31do&H{k;Fsy2Tai0*Pg|vcug+zsL9Hd>&=l zvsJ$qDouXN=IX)9mtNRq5&WtPQvgjndathrJK%}z~+B|+cYlY>=LY#0mN z6ib)Sc>uK{@VaX>F8(tw@>BOW&033b6T)V&>fd{M$)UU0acPh2mx?9X+MK|=!4>K4 zoo3!plzDIgyTog&*73ta2uWXzoB=o74_^BK+c#0F3Xu$%gn#NW!4$s7jXd}aF$!M| zz(?`*MMX7!2j&Ml&rLEZkJCM(k=I8pOpUq=3Ii}Tpyu2nD_=8EU9ZyoUpX126D1A?bR}63_g)&z5CK9Jh+}0^xJ^eCNE!l{b%?%UDtf z%FMwLpt>cQZr%ss3?3{!=dFyKE~u`8%{EwkGUeT#Es11|)=K)(SlkaU_i(#t$D=9z zAnV;P{GrR-Uhq8H3w!9tJ4P@T1Y8=TnJ+Z%}?Nd8p_Z}sJ4^;#?wm2HcV!~ZFp){WWe9%}mO<^<2)XyIT@AG>6GItj%!RT_c{dNe%jdFbTL z({sO2@EQpZfjREsIDFP%3Hc)36pfF(6p4rac^zB(l7COv-rW8wJ3kq1Q%J@`Q#*ZK zIA`)B@6o8`I!3FXId>-alWNK!N|uM5Sl)ga4*Y47q@+s*IL415EQ$ehaa4Ih=7ys< z!-uL2cH@1^+DNw@#>wiPOK9taZRkaGTUQIhLHk)>&zF6K%Tx@#;u%DVr7 zi0u}3F5J%Y5{1zIeaFIuPa}Rj)pcqsZoP#%dH9xZI|V~Um)l$F(M$0#dE>=&5mQbG zWW;cOfeVgWNi*4Zr2LOM@j9=e>YAM0|wA@wnMh%arS3{HB_5_&eClmCxpg4x>krciXF*uvZ>m zg9t$4){E&6Hp?7~>nqkbOOvwiREh+}wSRe3Ys|}yW*Yq|cqv1lO9F~1`|g-UAhLzo zHlBR=!OisX+LuNtQ(+di1TUX8dX;U zq{$WC(L+MMA*Ng_w76ai!1G=q>?!pJS`P)Alx!4TB}7c`7G_(|=JEu-&flkDoR6*S z+c}Xruzpo?6Einoh!ft~h~-iAp-*{*LKwaM7**&3pr0>;C!xJfq<&;paS2mvDDvUh zYj4A+?b+V07sZyJT31DToOOY8mDLJJXY^EZj(J%ilUVQS8d22NRF=6T+{fo+ge=iD zS6giSpP33-KEPWwkWz>7J2l51^R8I0VIi*R zI-U)#CK=s+ntLLpapQux+ikS9X%#CZyVgUNorX2R3yqChec-EGz+JU*E}sn@U5?}y z`#fG$$&rD~Py2cq`|E#(yU>-?*ih1VhVrwPXihv38^Pdf_M6`W<^(z5&KeDc;>-^e3)46G`@sI;Ks z(geb8bgfd-?i7ZbT8P_>Wm?R$9q$>fRewMHdMCB{1>_~4IR!^;5L*Rv20v8cF- zdAdi`ztIQl?^s&HK3Q+s0msz0I6}%q5@L8TJ`8o;=-kvMt8@@-iDY1hIvRfQy$6KZy5sD|Fd4!Bw zTFD4N_v59?iDkW!BnwlP)*$*ZzZ5}t4hq}cZ8*f!!=Df$ju5*1p{M!W3ckba2>Rme zg+2)&tAZj!A&usJx1mVa(_45d1ba9>-l1{_SL>!%#2NID1FnMDLQavOz9d@A1&QEx zcS8*hmlHOnuX)drxbecy8@wE7j5aauDCT(;I;h5BvGL%cV?wW7e&fRf2Vy+68{(=R z%CV~0zM;H_UGt;c_Z?7i6-e>oC(Li6Vll?&k+<{73h%I76Yj$7X=1DE%V?8~_viQ` zfEklE9|BKO^IR1^!>7m#YMq(=CH9FT{DjLdwe0Kb^5=eeJKo20d-My{*_`bLVl8oC zkx2Krs%)XrhCjLUd{d#+QC}Kek43rdq5Fc8otkV3JuX0!ICch44(62N5xNW=vxm2M zb%`rQqWkPvK?$kV(|EnAf&^2@TjCMwa(;ckc^Y5*Tdh$S$de`N#oaDKBXZ|lS5#uX zr-+Eujf0hufG_P;rS|mv&U1EjljUMuZ)5ei{>bMo>FrOiEsp0P z8)^_1w1ARi^o_PUQdxGH<*aE$*Z<)96 zhjVdYY%;_diiY*~RWIkC@&x*Q)I)6lRUz|#y8B$dbc7<-MJ_(@uzkN-L4B)KD|{H# zMe|^|w-LIC^g0)n^zNVSl^pCNWe4p&o;LEra#|`zq>Ad zG#w`Gd}1rWndQlWkB&FuO+qwK!j=YRdsTm+0fT?r)OS2fiT(m%ZoBMf_)B=z82NMP zP}$3wVbXTdj|#xB!?7zN$JX}=SEQuhy?zAbvOu~BZ%OoWj%a~Z>54gKFY(8_y>zW( z>0YzS3G3@c2`!B$run)*J4~{8hL23Wyz`D}WwK6Y1$u?uBN448`$DOhzcRQsprbUtBIjQTlA<)Odj zqqpCA{uLGrM~-`IIzr(+MU;K`^QFmXaLgPlMl<7I2r4 zv&TVliBP1{rBpn0oB}0unaqPW!C$lNuKhyZD@?&EL2tTtcy`j40NKwxKI_YQEPhtt z^6L!J)X<|+QnZ^#a>B2B@wkfv`r_3)vsN6Y`4H^8vwc|9&=p7YA2`18)(b3-n4~ao zZq1rdG1%o#ac8?h!{MKbw{q_f%|&(4GGVXzLbQ+9yG#@R!>(0!U`Cv;cnh_wiB0?d zBpWGi91)cEuS+QQQ}p)JcCHkcD(3*{T}n=BA3>qw_C~uEEI; zJ%q2@G2g#2KHYw+e&?r<=w^wQ-D4PkmrWzl`8h$#u56OIZ$vl#rv4de-Pbm1v35c8 zaq{_2T(@CkG}KrtrZ4N~aUZvUqt{x}bB`}|xSq*kKjD3^>cC)%q$)N!-t6*_zj^oT z#{H>NWnLhizJ{a7S9iu9}w1vLc9J{YE_Et#r`hpC73?X^aOqWJM4Q+ z(j;}NnmgOz?n4Ib`s0__)5`v#o?K8tSC`QpHvQlX8Ym2VAbxL}mUL^yvSap&-(&7t(SLNhRo(~0?}sGLQ2ZkL zV93S0gjsfTMPVfh?8^Af-}dtSO8W*)#ZE_c-jxq#+P7fvm(3=?52*SXKYs*!ucN3J zJ4^>MtbTtTSg4A@(XlkFKFcojaFju)4>PTUSa@a10#bBA!IEO-;D85Tr|e7?5ID3*m@^v2ke zBY!>IQAa;@XGY)Q{^1+jQ{*>tQQm&lvP>j#oGq*46vHzuIv)eMjOoE61f#z0A9hJ@ z9&|Xa-afj;-tN_QTaie4zTG93zFDW-T~_WTC+%{A``xWMuT|8MfS%~pzhor#SiGsIm)p>)Yj9w<_^%>Mf7LCe!Gb^h4>F9pYD>S zQCaQ?5VdwbPjVk$Byn4B563sc>I+QMgg;5w^0U23oP$V11=1m^(+oYZD#~1VX zy1lC>w`-L-6#aa>?FQ0w&~f*Sf&_CK0du6M%xI(~2*tcI^iBVhXBN#gQb@Dnh6Kjg zMRBW9SYy-yF8s#O&JX^jUGNz3JWc$;JlV<~4oKdUGdU#H%>83LWtKhu37+uxBkrB83XH#$D|SfCHL)95&>+HuRa z=iWkZm6eCSVA4^0JVi@Lh;`>WI=l?$#&@C6Ivb)ak;xLI&He9-5B=4WHkdrWenD&A zQl47NsLQ+w$p>HBCvh#g>1;#>rftH09j z8mf-#Wdwd1l4FB=2?JS{)2x1xM59_-*<8Ozp_jk@)mD!EQR$42mLv*ubJB9(YHCax z3!sNzm}i_VR8vL#FRXY}6chErQ1*|Y4P|2BW7K>{P*^ZqTCfu$1`?*B^p*2#EoOdS zLO90*_PP){eQ0{h-&uB~JmgZ0y6?Hr&-MwmdE1WiJ)8PZ{dTr|*0olT+qHX<RQ zd@-jCamNBgTq#FSCCZkB2eXJ8BNi&agW1#2iA^nv5F^z6x{0VhJaWz;Lo%*wf zG$s&+`i0`rrm%{|XbAA_Fmi-1OL-c+$%r5J4TLwAHGa~258kr3_TlFS?6pS+bHF(q z+w*|zbvQ4FTd@k)qi}ikZb9VIsd?kH#k+PI+|L~Xevo!JnTt&584ro$`fD*{-(>f{ z5RWDOT~wt>3IE>7xU<#szGUJdH5is5cRS)ld#&|G@d8nS>`tnM_ob}cOZcpf03V_! zxn4c9W^O77FAr6oL9#Bc;yyJuDxpTns~$^OdvT6G%NM4)TpkyMD(Whc{7zRp!?_sC z|L$nM@7nx*(hrH7!cX#bMUF(?tRo(d&wj_l%KeU_AX8IlYM3vy*5F{IVe`Ge#$8`2 z*atY)h3ZW7^&L6c0$7Rdz#ar#4rk?&T~>uoDx|n+OPk|~b$Up;H_juIZ8ZH?n!op3 z{sllCJE{<#elOVtBI0lI<~%Vmx}U-rCyNz3(RByqL7YlB39i4K@2}^&%|Bt27LT4z zO?waR>mKI?7Xd}` zj}X1)Q?ELr_tC@6Ct9)p-W~J`s0Z}KPgn0%$8R%_v$gziU%*WU^@|Gjo)#IrL4@Hs z3IDe9K0jx2Q#cklmj`VaRPVyq^HSc4Z>_ut^1l3_3G=U_UVET*{?z1t@4_mSj<9uh zjz;RAL>cZd^Cv$lr;7@_L#a(0*^|Hl} zHnGQA@prz&H9R(8ZW9)l3p(e2x~Q!4`f3-h_J0ULzFmw_MSjInMa85g*BVH6h+>R3 zV*LN}IUiZolsGQh7y3`hg+OW-EjakT{al~w+RL5i;7EpsSKMV>KPuMs{yvLuW!>6u z+M^Xlj^?@(;AMJ-y#A2F8+ITkQ7eBnqBSuRH_3Wj6-1}#g2lFJzs*nQBmCf@(2xi* zdjtpV&Cw$9cKX$qhenU)KZJ43I&P#lS@&~E+c)_(FP%uy5q#>T1LJDFjGlY$W*r|4 z*Uab`>kI{Gru{lU!lR~go)JMfdTiJ8voqp-bQ}3wl-Zm8AxPyEk$rKdvk$LBP6^!ID!bPreu0M{(jY?HHN^+dZ$4}C~ zayc3~y!C7-k7Dz7?>oo}A0cN53;0L3jy_8Fc8`Xm1=>qrgt zf%xriDDD8>A1Wl1@OxKBhz0k{qO@hDJPVE@78xjFy&{d_gp4WoB#+Jk8!3>7V*RRK zFDfVj&j=xby1(6OlTe#Cu3Rr^gr@>eR+eB@m1G%Prl6X^`*!%Tn=~%U+4Se3;1b3h0tm+oi zrV2K<_CSEPeJO97L|_{ynx{Z{Pshs(%`mZa*!_pquJSF88xJwdJ*U^46G!iNsgAGf zXW!5~SBtqZFr~Y2N^=qJleWLkM_5=meqL^{Cfnc`2g(or>gtD8K6z+&t&#|{3F<&X z-zUJY^7}=$@-h5WEtH%l4M1IVxC`O_5$pqD230FaP7hsb^%NghxV}~Cr#UM(41ckL zs-^C!Hu1kVib4iWDsCRFH6tYzW>W3 z0tgbaQ zQ+fOiTLNE2_z0^+C{)P1w&8x48v*_~Mpvq`PR;TS&*^kYuvvamX?lB8@pY$>?NhcL z!iD_BiJ`{V$p1_as0{!;D^0~Ja9iH_?$ZW)#(ad!!agi+A0j=*OZPf+1_^U36mL2L zs+ODlll;K&AG~vb<dHI)84`P+*AaoHR-j+6lHTcKy}W$)Af8Ve z7YFosu><8&uw}q8r>i=7r6CdX2(l%f=wHO0M2|=ZCk~au0ZD0DcNrUg?O_Lxlo$!U8%u47u?h0x9=}T zsVKZneyzxygam}_F4KowcgR0H-sZD{UDom^Xl0+Qe2gc+pk18s-fgV8Aajs&Xxn)dJ*+KqPow~4tT8a2G{#(iNnS`OlF)uc^>^Ua!M~*m6 zM{*yE)%giKPFi)N_O08TwI;!DmFJXLy4BO1-Ne$c(tzB#0{|H|U7qNPOEf8}-CG`Ib}oBsKB7V@>ABhQ|d&(T)tomU{*0JtHUmCUz5SqX#A^tXXiWG&{_|NL61y|wxC4`a@;Y9m z`n}J@H8$zA-__>xd0iqLx%B|mJOu=o)d04F6L$%gd%1z`J1{wp{9KACAt-d%`A@;7 z4@3k3l53gdX^FDGzxqZBtVyX9d@RH){ zAy8G@fxMazVKcP8#4W3y)`O6jvt+%ieLW-y&mzA3%DMYUsYn5U{@aK|9RkcBr}GCx z*Pi3BJiZa*M>CMS=qAX*S06bqxMs)g;P8G@sV$2alN@xtaBhzQuBK}vH6;O6mXj&8 zr?^G`;Vnz=44d4~cGhSW3S7jj#2q;-vh_$!&cJkiwja-{lu z3CFo!D=0%+i0(;J^kw+$_YOlIqS_u-T~@jhik0x`Uf@uKXC{tRw^2Vd@n5cgE6tUR zKQBH&MjcNq6x)pK%giTpsNXm9%|&C!Zp-P!g@yuBpZ?r-6z4x00b__0DNK zuV2)}a_CORe)$I!YxKuk9;pkA5npSlxplH9Y5^6-ztv4J0)z3k$G1)j7F0i``rOP_ zue<2TK~&G3iNHlN;RNp7Oan!Ia1{Vqlwms z$&)61u7^a9?rWWduue|UX-|W~kYg1hmC=0TbkS#whBL|bLl2gQ9oZZ_YvZkZcyZlG z(2a-iTZE+>%mL$TII*YSsOyw$jo%c;wWdiYN`njqujq%N|Giu~=dS2|hH3U5xm6x# zyDc+<&<5Y+$awk4l_teew5n5gT(74Hvi9bIdj9*u69!YMr|fv}v3I=@i_M=tx$og+ z)&*0a`l09}co$ICz0Liu<`=0VV6K%4>ssYPzy8VUl-T2 z)_c_)kDOT@e&*=pUlWO~Q7xmLo!U`w?=@0tM z52||z8r}kcQh&^;`$&aHFdv2spWk)HJiPEd7SRbkdcAf~EUX96SNA+r|JE>o48318 z_zJ&n`FnF!Xc3Rxev>0*+t#e_@##~=GWj)5m*n@PU`6(#5or8y2)(ppS}N~$!5r`q zEe-ClxCvBTXAA|k;68tL^$#&^;Av8cOi$3mZ$DyJ^NL&LoeDS|4!h?NQk`hKf^-<3 z+d!zDgL`WvHBlLqbp#^MxSG1e?TWXd{jtPe{u1SakfYbIJ|FE8a9Cou&_CK;LCeG2_OQE&=PluMpboS)r&X+Th| zUeC;usH~tRo09LP131MZY7iZ(-Lr%+2-DQ{Abt4t*~@|ZTc70-$?(UE?micxWUki@ zQvb{z9~yac@q9)O;`YTqUq~uBx{Dm6@M))52+|9EDjwqHSlWn1%?m#|y3{_;?Sno8 zQBfrNsnwQrKnK4^vw{3pin}f*?NPWl#Y=a;=579XlP$cS@`RQs^uN5OcDOgf@;X^& z=^cx}JWBNbjg6s6Zhu~)DefsT74BEGFEBbtH`cIU-(LIWpP(p+3lH?Bwkakm2V8zO#kEzR>~#fWp!9L1C^LJv6sDna@YS1%#E=ZsJqb-iIx< zJ#oPuqz2RB`SB15sqHg1K+N^j!CjQAbVqXzvbI`UKrvy&hdIn>CZ~l%`J=gT`pOQ0 zE#PX)EOV{2NT#S4P?T0inp@qcL%O#}sunyTJnvYI*L^ScK5E`i?VjP!;{;j!$_uw2 z1Vukd*8A{K3`lEc7s;gWC%H9a3-4grjjvWoh4^)a?`+i;Xs#BEZ^(<(xv#pq~2= zWWb%*R%w*JN4xoFIhXgkXl(!nOObzv$4hD3XSU%NB>N(67f_@(623nhhsq`!l&lsU z#G3Yv*IhCU+exaw6Zff;PnT#MFVO+hxPk}ZE7BY{+vzKj_h5CMVC=M6WuMTOynki~ zzHD>!wpQVkh)oR5ZeW@u^&aobuyZ5C1}7Lsv-jA?6q5#jcsZ5-9Kq!1(xhBKywMOk z(qdK>$VUCeC`v$Zcj2W%EWc{*@mpPY%?t}aqT8`#rR!QG**?j$Rpy7R3-<&k*Xr=V zxInaFrY!$pmHVVF81OxZjN)`5(U^Z;&CEXy0!7pNyt!|b#ow()pShS^4=GCvMilMe zzfwOLdKJ@$s*xlUNXA@SgS!q|0k!^;BDd+}&-Vfl&H1!$@rH8D?(QVcM3?Sk;TAX* zd3qjhFox#6^yhr9{D60=EKtXut_LRX@UrPgUNQX69#aLV>D=pfb-*QG$$5JDzdRCB zrEl)?u+LOAbsXYR`=SNzT@=|GNDFB1!721=e_h5;&{ni`Bc8$601sk0biDa}pZZO8 z$iq82))j$vmG(v7>hMicp2auvm0i|r9AQ#x&xgQ2?bq zvh4k?m#|sTmGpNViM;!%=@LEer{_<{||xf8zWep#kSDEGN;zn@8@FfO-q z{AQHO{wUo5f-0u&Tl6`0EC-jE>M~w{F{aR#(k7&(KTskpQs}t4pLku_ZJ&SSeDphn zIo6TAn|9XK%q!jQ&GC~P$JLvbIApqR!r&Lzk^DuWkKw9XJMBaCJ22|bIui*8`4F!G zhp1}P^$PJEd>J7=Ixk-mAiir$%uYf&12)VOXX6IQU6rh|V`D|vY7~y4+u}2cx`RCe zJ$(35oD(KCWHSiX+ISJ`4Q=20wK>r$#N||nU_>lDGcJms>oA1zt^W|Tsj=XJkF%br zcy3w{l$mn=Q?tCk6evI~&%}PaeA1mNB^IO%=wd0rPSA_16j@n$FyGYdW;VR;*?s%a zfWWp(R(RFhgWz)<^}{K!6csF)c`5vPvhhhh~o<`KEw^2tWM9#_T^e z1?^wlcD_DM<^h2#H zRBZgL_{?IgxH^00_S}~$1{PP1O~1isY!y*Z1LuK|w8x$=l!q%!Z@pj$XuG~Jr}I8* zy9#q3cv2re`iRJn)?6(3cp+E&D!=aB-HCSil|dXVSCrIa#pUG>S+Pspnry(Q#%L4e zR{o&Ny4!f#@+0IwfI?x>aj!<10uK!S0@nrS>=o-B!Z^ICdTR6W5~#Q0``m{kD@)-G zwhoZjLm>O-)m5CV9w^ppGK+f`t_lm^eJN;~9(AudVY}ehP|{pPHUlD8u`p6mJ|E2w zlYGrxpq-dV?+s$G@qS&)QAnbn5l;MlI!>?ec2pZPsf)$CD<*6#c=!Dwzl33nmt^LX8|2TTZkph`+p6BwDj<{#rd2rl!AY&}k&V#RUt8v+!uTXgK$ubX z@63K*dfw{}lT+LU*@qNu-c0dxOAL)vJb2|D;J0%NapXlf+!Pj7gI^IYn89T zi&2l&(K*A2TIFne&%4I$*+Ga#GXY(30Y;!DjDG6j)YQgOQ zTGG#%Vc*sZR>&Pp%HK&HktH|h);>d~v!O)WE^1uvWw+DH9`{GPtaGp{a#k_*wgxf_mUo&XrfF0#}MeUeNq_!mst^e(?Tim`Rv(PJ5%A z)@klcT{<$?ebsT~1EOCZXXIJFh+punhA?^Egn%H)M57YlgP##`-yPQ=#_jTs59_8( zuKFj1X#^a;A8~9c85F-( zA=zp=cBE_s1=!{RRY=KlAkA;W3pEXG<1uUlfc@W>Fv@{gfJ!H*j`#FADy!pG$v*ZE zSC_gBl@L`*V@ZWA_@)SI2R<;U zcs7!hw0V!@haA)9CMOv^-j95kE6P5OK$w8wLdgsD@EKU*vC4yIyFSqPp7DAUJ-T%Y z?L-2S`9V(!%cd=S{3Mi$n@?4O9YN+$>;|tY5aG-B8D0ne0eLDhar0t)A+V?HL!LC& z`Q2_J_%;tTrM*LbupNW4!`0|I@~mGUlrdPlDZI)UBlxY?<^Y>I?a7919-InUb8x0l zN%{1mwr4=a^;vyCvqNO%QO?Ed?9%Ti|Kj9~-~~>qz2WF&zA1EF@f%01v41l8-4c$w zM_y_*xAOuYW%yO;>^xz=$5n_kL`cn|Am}&1L+Ro^B4gmZh&XU<^c}8@D1l6p5W_G9 z9$hB46g=EL-l>WuKJ@89i0gGy1lLUMw>X-~%;z6eSA6&7mzM~@9A2^ZFGoI$Xv?q(Ea0G6HB98FR6 zpJaN?zkMu$33kA|ph~}eDa-jdw)T%$pgXh9zsF-IyVS~m?!IHr&N*wN$bw_7s0<1; zT?7ER#gAs$BX?gY;Ff5lZF2?^`MigPSlOPFJ~N&(D8%=SL|IKs|3tcJ-N7dZ#TvYm z3NZ2vwc8Ikzj-7*Q;B7nG1Dm0%ze2)HxVm_)E*s@=v(7WW}#RTY{Ac?_)eZbX>r(H zKWh+zO8Z&a$j(o{>m5FgZSCwK4eU%t5G=1w3avbyaNn)JQ6z`%766MbZ9ZSn+!tRt zfVBN_s73w|+1_mbtbGXPBk99u3hohWu`F?!u=R5eC_2aKm_z{z%7s77!#?YLxhvQo zIv>^M6*x=d)ADPva(g;QO&4!GlLsZacDfNhP^G<^Eee5ILHB1W^Cg<}M(e)7prAI} zn9bzp?fHs}Sj)_J&s1Ak-S><1r6MVdLQMf>=*S$bI+NdMD9O9!SKiw9%YM}!wsKry zdHyGk=iilFtMMyS1N|`!7Yt6IVDNe@hT5hQvm1R1ZtRkN5>#t!i%seyV5b*{FJZ~qC<|2WP+9y(OFG`jbx z%~d~{pTjh%^81(kscq0exDfrrnTQZ zLhEjch6h(Yyp1M#+~@DUBM3@|y}2cuV*5AfhlXl&;1|0LtxX-aOy>7woI}b7818_f z0cGa#XdJ<>*-DvWF84-~yhu1QH#7(=F#MuGZXZZb1z>=B7PYG;cx3FiC(PjI6%fk8)& zCeiQxi}S3hWcn*yf9Y(+@8RWaRbRT@1M&dslb<;7kUF3t^5jWv{`xCo2a5-y<8tf( z>dHeH-QnO>sBb~d#%l6#&wX)?*OCoiK>5sSsipeI8E`I60==sNKVDwt*HM(?!zD*6 zW@^Z~(a<=c>pI|3(LhFh@SFdBP5gy%=A5p)r90;#h}gymJIvJE8tU~U@8E63P;e)Lnbbi5=`VWv6C3t2<~pY2?*1*m!jYC1NFL0mbPhx*Wl2jEzel znxhBQY;BY8$K@j2>pxz~@72;6;6%#p@jqCy;d!SLuc131hzlI( zpwC>jr()zFQ`5VHnZcZ*v3{1#GYP)s?0ICI<7Pl|y=2tWNm3~^J@41sv?g1InNeFE za_-q>8M#g}JK@F4@5Cx%3!ZXy;0ECwJ)7)$O^Yr)AvYPX51qffgd|x9l1&OYosqMMssI9kI zE&iT_;zumHvy#a)XcYPMV^L>h|1y3Z@dZs~Ngm_;N$0f3eB^tdj4PU#CV$6di!Z>| zwTwm98gK3Z!gVui3)W*ya_`Lb;Zw^S zaQ*Cs3dp)`#o?rgqVVeA11?+Ti$QKH8a7xpx1uvytlPXhuIx@hUFWCeXRn2K(UGl0 z8TCRNZkycfA|&l~|2D`ITOj9-xCp0;cO-+H^SvEgBmT7c8Ox+;obK0W_oJ21RZJFh z6oL=W@q1z+`nJn~iEsB`;a<_PH66~IshbUmpXsx#kkGyG8+rbKTTYsD;oMkYty(0FRCV@X^&=J=)y^7Dk*E55S$=JX(?PUyTP$G8@7 zbuJhCwF*%|nZYN^US{^-U+eeMP!IA56qPDf0d9H!aFF5)Pmp2)FdX^hCmdns zZoTjtV$>{Buy$&Y*kQ#uZ;Qg2lm~-0GO=jiz`3n5gcU+{4+!fQiC+zSGf6>zJ~e-k z&A|>;5O4lDSM8_F-*vJHK~g~u{0DvQmR)RZ{OJ+8rX#Q>Z*^*b!Qx2K^o{9b+!Sr6 z6YOvt8dK>nBK>l+>(HUJrW_Jq_NOIbO_VmymSubr0@Jm)%^#D-?q;txt1UqC*QuT3 z6Ja&6T2T6b?wsL(g@@W`hliQS?_+_-7morJyvxd*`W z_wW~hC?D+bIp6&%)c1pZNFUSIJjUBYkHv+fk9S8y6@HN~2RCzme1HBPLUuFq$a2-} zMOxm#gliwflH)G~LKVj5i}<}S!{0$>lg9uU@h$j;RC7Oz*L;MfrP(SUnR#U?I+Awg zn|t@&Z(^j`smaiCi+4j0q-DvM+l&08daU2Irz?SI9^w^`Vs9cc)2mE*ibbM;r(W)m zjc9nSHeR{?rTj$lDX#0Z9pIG>nQ_#hmlcWMelk{cPn+wFd#ER6JEB1YXL=~GZi-kB zSrSv921*Q0LS+~q#>$)}$+~ zvz>R2hoUN?3`M^8|3%Y$nX&i#NhXZ0DUr%0# z5MFGH{4Aooj2&tHrhlq>tC~c}f_;+=v)o@Ox$3P#u|U+j19oyWM`E*N9Pi?Gfz2N) zPeU{Wij_>4TO{P-O}t3r=6@E& z>s`uer$4{;&>h6vLGjKfU4&KQW4epjj}2GsT8LGW;XMTDV3ZCh&ESim6l;q2;XCWUrk4SnN*9)1I7iy;eEcL#pUV4G0+J}8Vx{my*Z^_% z>3s{?ZtS;b^faGSeK21sW=jQDXM2L#zn%oq9~Uj4l{W~6-j#IL*PFipKl}!xzO%xn z3pcF9Vw~Y0lcPWPkbLd8dgxB>aR>x7PJH%jnEzrD%0b;~!!}Mx$d)P6NaI4ezMs#_ zwVNj~0BiL@pkZM)Qgo)Ho?=dSq;Ahb%Pq}Wd_X@hX0?Q_u$k+5@ph=(EA|ph3!lEi z8-~3uq)dK0UW;Bd?39x%HjD^BXpX=n(z>VR+Dl7r^e(azFNAxYq8IojO67>m$9oA1A>4+?3`Rf)QhE_%84`q_GtEsuU7ntk|g<$V9i`y4c*YRe> zm*3Xq@WNXU^7dYN(BDCnbOBebv~R5*Osi|qa{*&$4Ls{OGEQmgVgTNgt9|)?vezFV zaR6}MEBTdFsv=#!O?5s#2mW&tDSF?(UZ%)gu5H_q`h@BSO-b|*mZ12!dwj>mmqf9@ zf^TF2_%wB)v8V5o8}BRJ^?aLm6EzsW!Qb&YTKaC4QIWJ8U|m>4^0t_aq5=L0S6`J=|QoMHerr z*U~qTv-SYjC?yx~&Z$T8PJG?lm+BkVk0`Sx_>uH^XF1}IJ2YOCG0kwFMoV(v)Q`_! z5}d?nA2t`}K*+)KuS>yNPG|aCG~az3nZ9?;u(fq+Fb3G^@9pk)D4L3K|0sRWCv{my1J$qfkHX3vqlF&o_nE{kt!t!#1VyyIXium~^*X#hC#Cv0v zzxGxX!ud@pZs{GTyl4$G_~FAHq$SFn^8IM}Ws$l2`N?%=uI7?*bB%%bQDrp_9bI0Z zd@4de6G1)BWF#Y<@~n?RR?(!rS%;D)^Xp^Ce?R>OZ>phx=2wYuSvB%>hS%ewZn>vN z57+Hm-8~x#ji?hqmU9Je+VRCpF9BZIK+h+9ci+U6SW9YCoWhoj{V9dRFufTZ?jOZy9zxSINBB^0oOy<(3b#k8 zWYw~}&3(qlj$eD@YvIsM=AX38GO5{q;ZOXWPNn|}{v32S;j?>60VGcIp^Yq1k4!!q zAl3){?pt(N7xPG#;Mxpvx$hc{`#txGZso>MWJlJ9%51R5Lh}LRzh-$pKHJkiXq*FI zpf~BOUtc8+PEqWu?;l)$ogkQ_E131QZaJ2g3~SVSzJ^`-lg0;foc8Ah2UGc5o?v`f zZWA2Zb;mcG&+P@s%qhNihX8M64oesDhDh`V70KKio~r{i)4K!(Gw>qssfs?U;Ei%j%n9ir2jmyC@7^2=$!k zG0DeoblMFrq&ubV&aLTL$}K;<)UHKl(*shH$(x)@yOuj^-q{(cP4bUynC^rid7`2~qRU@6RPUX=)ImbtHCnA3&U#)9RRbkZt~c z$`fxuXg;)ISMuGCMAAS8IQT7f>+8>|u?m|W9Xp!ZN51?f4pw66-Wrhw1|2%6WO8q7sUhx06bF6f9}) z=kz`{1BNj9^l9H@GNDIi|MnVWq^RF+tTFPe^YHqWH*pokoc`|e&V5QQ%zajvx%?1w zLb>M)`ZHea)5XOu@MAm9Y1(f`GVsu+4My9k?t0~O+)2~ajN-mBgCTEb3Xw643n}Iz z2+Q#dg*yLrSt0T|roP@tfpzZ`_!U;pc=`&$PMF1N2L@(vZbIIQ)7=I8zYOAo-XR4$ zzKss$fu*Tpw>oOpoXC*URjbczGPhAZ(Ehvn{zx1306yGU?!#|TfU4B3)knKVtTwH1 z&jGExnZg^7?J8J*KVH(6*&$mh*qLUW4Fty8qw4orT5YzGqPq7>pha}ucGT^Rg``$P z-~FdGI(O^tyY$b_8HEDb+k6OIWzW`s%_4Bj@cKh@lzrv^2hiQRDqup?NpKGnxF{X{5Gl!NSuP%3I8Cb}GePG;-?|)t^+%u?0)jnxIL~z(wonAH7@z`__FeOH! z1Olj4V+h$q;r?;NT}~!1`9Q{aGNkW)Q5$$dOvD$) z=_ZWZdfqe73wwj<-nrd`+UT7hOwlf636iKW@IJ@>&M1e3<}wufgEJu|X@XH`_F?yI zAvcJ0z}lqa-es2keJZYYSQ(d(_?0TAifybc{W#}fb@M&^B&v=BiR6%EcCJ073hV8_ z0xvnk#;^gsQv2vIR;7G%nY}eyT+V!4ho(AFT6mG_(>jnF&6{vj+vsok+S#TGOj@a2 z8b>_|&6!y)h{i7W^&FSKW7I%7H$KBKXVPN~#>fOWL~P09)zlhxPT5{CpWTjYg_R|PvcC=@B;PA&mTti(xWL#X{c8=2zb7UkvQ!BE z`=l+y?P(iWwvaLXkE~yf^QJDg_5P4Ib#3?jcUjO!Ud=HqMg+MXh=k0Oh9x&cHmq86*-rq!8Dw=@Cyt+Gd zrjRw_e1XEKrVS)cKckZ3iJTWVF*2IM>~8BlKZy;JJr56`i$DAdgc36z4wxK9UVd1SjBY%aXs?mUd8C@4{1*8>;LLG6$u?5{&3K*ZwU9qq)9|* z4w`YwcD9>$#?fznr0Fxt76kc$O`J)`UBi0+dOpxif*wLnfb565B!+dmVWp-y9Cn6Q zq|vSGg>FiL3?5(;0Z6sW8bI2#In55#{>X_jZFxOI2&Wy{ofz`uE$~>o=iV`&=L`Ot zAl<~jU#2h;zHm$qkDoj%4$}LUD2@;lX7s-U7q0_Ah+mPC#!F*tbz{hwLOZKL8QPL1>us zk(o)gm*|hp3AYBEkrs?_p6H-INEQhsqM;h0FxRw!onHSpdh9OSvH0#xcMp^sHo}ke zmY(&q%m7EbmT3ju{D%!4N&dRc*Rozdbiv2iEXo^nBDvreY12CSfQo>gpp5Fq)}vWV znkhdK97-itK&|QBpAu*1kXHZiAfF%B^Pcqv$nzqJVrDtdaaQx59C4;TKVQ>^o`A{( zi5)W!3b!QezQH3U@!~5egT9t=B%*`xAc6I2mkZO_^p4yOaE;-1ba^dy+6~p&J^D&@ zyzNPoxcogxx?0s~!E@0jhb$8RT8f*PdvbC>*aPCC?JzoMn4y2I`=#EX#=Loas%+xomyi>?mUc0MU=e`932>jD4Xr_`wo+k1*{(j2#{0gZDF~pp$fx+c-fc1ul()6#QV_jsdTCzbtb2L zoiRjfPZ_hkzHqnn)fC#w+CRigL$U4M55-8f;^fugnwV z3_MEvoNc~=g)+L8M7vQB$s~Y!cGB+liQb&}^iE&r@8XMbciZXM8R#kaov;NdAc%hs z!TJYR!|=kkCrt#Rt$6&Jo{A^YAIo|d7@4$RO#7%*pEx*HD||Jv!R1xXAE^@QgtSxq z98L1T$T6Pnf0LW$_TUa#kKF0_9Ads}#gydc{61`#h(6$1gd*W@p@wf3x?t_f#1HUoZ_8Izo>Uh>WllWn3rw+Q(bTO?jyN4lY2e= zrCRbiVTbhdC74=`s<%?kzk4@2MzBtVWbZimO8Q4t?RIB=-w(;g6{V|__WBVz(wjX5 zkRAFOxww81xp(xp=dchin6R~^$D5Z*B4Eiwo!$DoL(~i{i!-kXb-w%>=)X-_!TAk z%N3$h?Kh9^Ie8KjL<{g=C{EDUmdn2^>&_*QDs2UWgIEhbg*`Z-ijg}I+~13SKW_a3 z&zT%^?k6Lmfrov`OHis<<1iG2fyrgyts71g+6`o!C)Zerq_yq?GC)vLPtfQUc-zkq7KaRPfHr&W(*^L$M(XMHZ~O{|!9`@H5eTnUwmC$(@0 zmz?%tj(HImt+|!E-k!h@&DE15Cs*}|>7?ZANZDeg`!5becB>>suel;>u^*TIFzuS!BVLVGRB?UJL`KBp*X`{U!;#q7tOVyD{r)9X9i|3fHaOBNL4IR~tn1$MQ0~b1!3lFkLsU*?Z|mBM_2D0#ds6 zOBi1NfQcxfKo4u%1kUi+@u^&xsIHRfvyb)n4w`zRe%W<++?oeL>lU$dfQVC#OJNmrhh)<5RXr*Y@k&$rGcUpkR|P*3%&Z-P%mzn{RT*o_LlT zZDC?C)|#3VP$w@ZZgnAdMxD*(i>EMk{bA3I1;8h7eu%sl{82K0${9(ZYjibig&>af z`F3UQq#>P=V7*?jf%JAnU}y5d8Li{7U-!X-(hMGa&VCOsT%&MNU)So>7;#x~I;@{se_GAq}NXPv-Unl`Rk%W}%&?560g;bN+bACEXJp6m zZ_t>euL8w^<$iA*7~+)8HT>BST{)x1f&&z<^t|B~U+kV$OP}u5)_fdDp9G}4`*;J_ z{+<$TdCh}l~*>60OP!IqNzT~F0d@Lw;Vq)TKHP#rhYLi9t)%SSRwKV;ZG zsa7pLbm;_{JnHCSN&{1ce5k^kL+UB#b2kZ(6$wr?zZ#+UBZF@#%E@Kr)TwGhYS20Owf%aUX zrUPn8enw|W%%}@L_&8~?#GU=&%<~neZo7mrPyN%)x(*JP}n}&JjA(r2E&IhUC zZcT+%y>i#{Z#dMbCcNDajaYs|NE)|M^BkL^Wm@Wx7}wfo)@E;CXKUR=w|`4>?d*TWfW4=kxQsc zb?NK=S-n|aSJEbLK(akaq(){5@$kAfPqXs|%1`q5rQSiW>q4f%=YgD8B7blfxoXt% z2Lw5YERp;g+^VQ~Z~wdn-(gr|`QSXxAXx>{yHvz*>}k**1rPkjnH&SRoqPUBk9Oe4 zLH$jfwU?soOmUxrEE?n?`Y1cn4AYF)Zop#SPt!*VO)KtUh2c8 zwD(KuBBls;+|8grBlS(WGUl;JUbz#hB&5Z>CP#|V1#r*6|9n9&5IPn|GK|$#s_>ed^pr-z2>Z<`u z`(tG$Uvs@X+eXR5>Cmr-oSEJJDBP^qr>P>`)g#!I&c?KylSS8lf|;DIe%snrj`d&l zzC5Y{*yLpB;ch@S_0GI2Kh7G)jd(l^MHdPIDI$o{4TO-M zoth~2DN#Mu1m-2I^Dk;w0C@wxaYgvmBx*!2 zdhr9|TuIMA-g&_mW}5d}QuB(P@4*M}GzfuM5X;%T9Av;nrhw%?>NWNUF&^xcO<{2r zO-T*Owzo8)(EoVzulGv_%zVtQSjf~(7 znZq~znzx93)oTDjx;upag1ST5mSh!VX>Y?XkPFO&8uL%cizgUWk!SQWBrAHMN@tl@ z&qwSFCB=72I}qwPLIv)fmEf;k)NpsVT8VVEN9-sH#P!X-t}6FMPRX^}%>@r6toI#F zZn$clTJiAS8HfRT*!svbdv-9B=%YK=e;`cgfsk)LZ;Z-61l@lsbAY%}4x>6`Uc#4U zY^Q(3@@Y)Ds@?;+ccj|lU7b%07f9lpHQ4posvk!4pMvMOo2u>a0^G~?KGaL>K3B}J z*>vNX!Mx>{+4=?6C%mPjm0G!e!2?u#; z8Yph+6sRs4ne(GaIKb0-feuPBK}%<3mS6rxFsIc1(sU~##yyr;?NeezD{4Edn;k^4#}c38>$DUO1v(}!lP~|06%KLQ^UcF+p+YS zhb-UkR*?BhyY3-HmBfp_aKpyCj^5r*<6kQsnuozBkO=P9P%$wzOX7WpZ}495nVSZh z5t%z0EUXsX`$fDCF2nE6ySJ%+vVOD&8Hg#(^z4R94_m6T``TqiEKfa4;q4YWJ$Ajj z0Fn^{p)bt(kCEo5`7&DZ>Ijfb1|nUlPWwylPq&>wYwOxB{?0kyKY~XZKl_Wp0FLZ- zp+Tez=XW92SocdspM2EM{s_cm#0~_qN@l_6mMBddTw(^z5?sX-UF(bXF_?ygycC0- zaX&y}7_meFvKtR)?}M=Or(SmYyFHp@-B^*9NiTx*f&5`6P0=;nzBa-$EMB`e9Eefg zy=+uwh4Xw(qGnv@bA+BBpZt(dAIopsL#wdlVk>O<+osQvD8}(5DI;}MF?AHDW@!X_ zy70SbHin<^tE7#kAr;&!0Zvoi2i2di(3tKgcw+P0a5(|l0dH1&Q$7cu<@~mr>TH|! zERL}_a7|SIOJjU^7i5nLHy)vnAy}jb8(8|6U+KbW+GV%iSU9R5k&=|V<9izJ-f9}J zbH-o#{`iXYE(U#e$omOM?`?u_9#l%CRuSnggE+{4-3Nb{pRQfWjL_BN#f_%uC?(ZKsi_6{-5Lzx#o+31rkr85 zzQvI0`GGz8Fs4drPY5GqrfE>$p+g{1wVinBpfSy*9i1_T@n^HZ)1enKBkUUqu9hW@ zCM{cR`k`$wZ~JS<{;FzuWYG8RJ(!$fgFf+&>Nz`I(!t`4!45)X1rpHrPHZ%?Ad^Dg zeKT)YZ_{_bTu$VQeKzwWVYrrWH=1dcCW8oxuIv(D-7vMtDC3>fi#>n%bA}u|%ZBDw zsPiZGQUm3nA=*#J8)URhBdv8^xas}$OC#OSA5l6j-hHo3In<4WAU!h#D%h=@4!UgS`Q{S9MX zeu(^4z#cvNygneVBdpkvGoTl{v}0rL$Nh!cDJR}D5TVmSY3Fy+=@J{9h7|CEPc`wI zN*X1cdoIj&w(MJW0b%_aT$kznwk>pNi% zaKUCDnK$(H!!3kErntVT*Ss^i*#o^DI`wn=c`WcX0vXD z_fT7D`a-+JkME#}fSk&G0pn5Qj&j4@SG8VF8b z1&W)4%UY9ZQz`R)L6{uCo&-$tuz~Qrb2AM-FNGxGIg0jW`&vdeN%n! zPkTLzH`l+zXsaOO^ZHZ$NU~JxVVr)RW+8%XWchu|&+ow7gs(~-7d1!c^)L@dNsAn3at#|wHm&20&np|NHySL;0 zrE1Tkd5@y6c6rwr2C&+073bU*-=@@#7jHXIr{|V+q(k34qo9t%bwsN>+kutMyyrfS zQdPs~*oOhAM*0wa>butXwfBSnYRYr%U6hNpC!sW1Bhs&{dmIHzp-2?3jc2b%$_=w) zdmk-lfM2`eH0ym>yJMtv$X zE4rNA8(jn8YN~#4K^QPOGDAN-7G`0w>SF?;G7#JtQp`?^3H!e&`&CQ_I?O*}=BBCnV(bJKPx@-mr=MT+vBqu^}L~%Qko_yE(?!Caq z`S!KB1bI_wM_mTE2{0Um9C*O~c>wa(C!XsRS_VSiViXU84PfPAM38=%%FLC`^ zV$NXI)OU4li@=->eEoh@a*UjRQjD_n^VbZikqbVs*e5;aqhyZSg1yz+=w4$?Awd7->Ysk8DzpcY6_TB z0kYe}ic75g0A`CM?*%udJ3@~`toa`h%hcyv8V>#C0jM)|Cj-FyVN=d-SFNJC%{718 zyMIP?Pd7c}KiFC9poR%W*$trkKkJl>@yMUg9l{3fkB!^tYlAiDZa?`D?Rg$5D>edX z$RFq`RSr-J#4%!PIz1irJ44%rgJAz7QEla^OzP#MMf_v8<9C@J11?ghDF>6ceI|%8 zf1h>_Z-p>G7zZ6By?@^3XrH0^hKGAdq=&+ z#c?3aO@L~$izJhMX)w`Q^;x{jk{JPqer)qJE7!;R&g_W#6TZ2yRVlWk>*ghRcIrfi~9oW|?-HhmigPM(%>xvA$ zXC1Wf$u;{QNE)?O?DzfmtU|Qq0^cc_VeW-8pbTZ#Pcf9Dx*gz~bSjJBPVyoxgQeD4 zn)jz?eGzOWc1Hb#3!lzKlIly)3O7igPbvxnG`k${%cFx>EE#bEEo^llF=LQjUS z#vY0IeF%9}AS3~Bq2jb5`oqXk?0?O6P%253>qr0n?4#hehf=@hlL7GDzT@Wjks4A! z=mV16)T~Mqfcd))(+OZVG0^WIIvRcXZJLoGu^hi4IjFvk8_S(Ewa(m^0e@fMj@>BWR>~Ce$J8iTtj57Dk;m+CT+*J4UVZcOhPM`#6FxTKP z8&$9o8Kl1_HDQF(ruq4`_uo()1G$QSw$TY{-}dd4sLW~GC;smKrTr|Zicmrxpa`bF zBl}*TeJC(x<>x_4$!PHh4H!e~JWlp0H%*t(bt8UzdvL9?({XQ45T=4^x{0&<5RACC zyB0h1nP#z)g_QhX!9UW&+51Mje zZw|ZL^ZFObi1Kc|R6Utw**3DB!h3wbNY_CSAHY3C(&Hb}H{)}F(x(cJ&>?V=%s8Ih zlSx^5U~3oe46aWKj_}0I_ zq75(qhTh^H9$xu<+o}e`gtw=OHjD}P1HSjx_a+GUjueILq#V9|vnMmT9IKRrjvbNrPMyJRa zpd3gVgWkw#3CtunZ3a8^U$5Rj?o}0sTV$63aNYVW@YtS=By)u5Y4KS-xOBkrf) zjOZ#0S?pmC#>gJaMUGEoNLJZNaQK!{`q?2_DC@IHfPL~hyd|cVZ#4yXV(qxAKbf#8 za6=v=WU&xSvEh7Q1JZEZlqR8FKizm^+2TX@9F;^+t7^sIIqx_Q**luEeOi5&_2tX% zN#+wHf=tjkn!j$L7^!N8k_=SY6_(}h>q&p=s}RdLN8Nm~v-gRXsE!)yhm?khub$dY zDQ_;nj=a5n{fV7lD5uZPyplO1c=?aW=csroAmhBxbI$jK$a_D!PFOBc7g#$HqdFvGRCjoyx+kN0SmY@KdTzIc`A{2~6B z>iyc#A&nX~@!J`98p*_RL4n<0cbofJpR?^~BaRe4^0D}Q$3AH*y?_v3e=<1{OX#jY zISesX)rNZvREi=U{Ect&*C*mUXzqRTVyXi~Sp!_4OkNf4TNK}G_nRdmp zV3}-fdX7a0rf~N-d;p`yCDosLItU>|XsfH>e_GxaV~C^(r-HrRM=(K2AA5kD1nCJj zh=Su2!_$ynhX6}fTY9>c4w?!uUQZTAnmec!6UU<}WNNM_D}zBY&?`03gOrw6#l@xB zUK`s-384Gh0VYcW#K=dztcwj22Wj)Fz1O{Smj{n3z3jjln>|lZc3`1Xx$E2y+{>{} zU{2m;)7O0il9s;FtPNgxAMK?cQRsZfLTrE`O#Xwx%dKI|dw#UPYx&0^WTzz!)QhJV9kOuiWLM zj=R)98M0`j(n_WbE2_ESyQ`f~hdEX}lY6kO$;K`p3glkE0Pe*#74PnS`v#x;a6Ry2 zF%Hf*4KrcUt9Wq~ z>vz!9?$5Uuy{Xbw=ln-}Ir0uH51hS|(Bfqcudm=*l)cmlWp168b9l6fIi8oO~394(cwOkA($>+uPYQ(V@%KR|&Of1Bk ze7=#S(N#MO@3cv>lgFf$^@filu(Y)9ULsk7|H1Pnbch@_B-%d=NOfvn-_yM(yGNUJ z&Yh%Sgq3xaxPL6&elf~upV30C3Q8vVGrW%H_Yo_kclfyKkP?E*npl#~w+wA{uKsLo zm&^S!ncx!^Z|_yf$%8BQ0l9$rh&{Zhs+%LR9do>{oiRAcpZ*2bUGyuW0LmyxRjVT&g+`xjRZAh^BM^vO5fwJ^ga;%4_r665issjK?17x{;J6=z3J zjvxB$ybF8j;lbE+uwaB+$YGySNq05;#61|xp_$qoD@eI`ZowbF1+x446ol&AD(jIf z8Q(yJ>`#L`eZ0&Qg}A!d4y7(22cLGL2mhV96e4rC7t(Ta_XgSnR7)clxIZ4t;*dVS2FW4 zMR=&C4@}9|BZP34{iM5KFmSN@65r`H`Zc7vB)4{H>thpo&AlD?E5zAWnLi!U3J?P1 zH2h>Q)PZ9zqo-F~b)eHy-dOkpL9TjJ@(|iI&D#adrQ(Z2O3Q073#V&XBUs>IYkU#M z<{0#b<{Cp7031X^;x; zM;3>Xfo%Qj@*HAdNV*lsQ-qyeObeHzoPu2_HB?-bu{K)lHdAeo!JgZLO2}xSTB*Wo zDpRfD@qimsbwS4R=fSgZL+TXDFZYQAe1vt}OIA6fD90LVxgZEG3U>vOJa zYI8=8xy_g0zzL8w|Dyo?t;W9a!QT5@y>d4!!1IK)r@*}*UbM^pN{t4Zo9zy2UtR=_ zSN#-Plk;L%1sfc5__I0}@M*#;H>uH)dS+|~{?_q50vnGWuRU=m->>WQe2_GJyw9RC zV=&lEFb_=oTccWfT$-DkZmR5apF0WDTjJBqf3EP`5`IGhCX?IE@=(2e>y)ksLWTNmE0>-1v49;46 zR?@}1i~As$;|D;xckYjr#uzbFTv+|Kb=~15HD_Mg^+j@RJ9YW9tcFosu&Dky*Ze$) zes5Vr8R*w$?(2>-`Mkbg!kV%qXxa1Y_A})NovX+}fna}W=Em{B0M8HYb{QbDn3Xhbf<`hZ-OM%D5 z<3IiP@;TURW`o>x5uLjY`}waUseKrIXK&zL5#F99HC(FOONWNSqbTNnvjvk4_mpwO z$Soi1RpPJr*#D9F0Y6-RPrdv$%b)&Sc*c#;*cs_PjkO7FHm;N{5Q*dx*Qkcam>fE?CSWP zn%UV=r0onEGdj*|B17E4+wKx03V&7~b+gnv{fV>znV-X-x!3~@JN50_)aS?RXBhI5 z&h0qAiZrC41_eDF_0U~zh&t-g8TY~gJ^ZdBBGJMZ4W1>LGOtQE0}^0*FZjw-R8Z<7(XI0-n8*|A$0wZr78&6P&mgUr3EuS9cGB%3wfq_$JIHUt^kFe^1<0HX{A{6zX{Ep!W51PgXjXtrw+u~X z37;Oj<_1l|ZARC|R?fu+Rk$@eHV&Vm!s|_$-5EOe*Lz`}-{-S;y5%R`cvVbfk{E*Q zc}3AX4F-l4K2KtttBo0i8mGfyee**!ke zwfNcGro{C5-aLK)kgN`e@-2D?F(rVpa~*G@06~wlKxrGUU5avNe}rqCR!97yM8xAHr{w){hI!SZA@6CZEgX^BM}b@cmB8@_Wfn z%rGXBermWaah=HMIfE&Qn7K^7-wI2Xfy4&PE0jF^5;SM)osu2?oZ>umx1847d7~x z0P#!o03cfX=N-)eqQpnxESYfnBC9SlY$p*E%D0B-Du1~EgW%np_bb1zuAQXRZ*6%q zU&!lcFIm~{j?4eB}JEcCv)roQQ6=XgS(gbwsd&%1%;x zv;bKF0C@q;NjSW!=wxdCgR08snmI7HUiq5zo`m1kI}pjyO8iF5oi!3DJy5ooU5- zTfqaWptP5;MzhZIkyZd}?r*TSYOF1|mWt-R_qzCabZ}07I*T4Wp6a%rpfKQ|LwYw{q*bl>-FVNrIor$rSri#AgpU13?xg!I(#Aqy=;z{ z7Hcakcem5?ySr6-Dj6qbXw+h$FMvoV=kqn#eMd3BKXwdGAOtr;c?mrrF^?r-!fZ1n zI=6UAV(ezIpe5@T$o@0HV$|pOFpvP?_<~rS1Er~Px>le~AP7*sU`}s0g@x(!@p0bm zYE#-5yaeTN4!s-tI$d$p_SZ38Pbu%G-y_OZV|{c~_dH-J-y1rad9dZ>wTp$Nnul~S z;9hov@woP2n(RzR#tHT9Kiv!$2y!l^aIfWghe<@*oYNR2>f}y&etwJ@035V&e{x(j zZR#*)3;#;88|>tMuMn!fe4xvvT1=nF!7liFWiIbgPn13u5o1;73ltSUkKvGFE&csi z&FtQ4-L4FHLSD|viadjC8}IQG#dkZCZyHwRwDzr^4SDeVyc>nbhF80_RpH-wQob}Y zl1t{$HvyjI>&$u-zAD3fiWUl1iAE{hGuf8;?Y+_!LXAgFv58zln-HXf`({!MODGHM#CjJYRda&;bf`JYw z=gM9okRT)3N&>=Kq{Qz}RZx*8Z4f_!Qj_ow9ZOa!@yJ2d9dbl~{wlZA1ty|2fSc3J z2Xcw7>z}Y&v0>z`$DW}~Y3Ukcqu@p6M*S8~Z)XJol-1*JZ4uxD+Tn_$)G`47~ZUKC4LaPjpt{DO?U7 zv}PYI)Y{wKmn9G9&Yz@%f*022oep}Tpl`Rgm<4M$5M+{?*cZd_#oAU@46O0i8$YX9 zl914oYvi(1D~!6@@AZUNuL6nx54LO$X0<^8u2?8VKf}i3Op>cI5?#N$+Dc-WFYAua zq><^oNXX`$sJ=(C-gU(5vg^`90BcBWq>~=lhYOMBl#3D(xJ5mqFuMVAPAu|d@fj znZ*0`TmwEWgo8~#(*AzUASHvXhDGT=o#zLSZ@NkEZAi4yE@-(`p4Z6{@WmAiemM$V075ch)O^|a#sSKWpU()mnV6GFWGZ>R;u`=&5VvoX$hj4+P5i*)Q%x&35Sd}Vz{myShOnf-taoEHWK7>40t&~kDLf9lrQF&17t>Wq^Dt|v6bsUA zZg~^(xjDrfpr89fA?;;&kv8Yu9pAlwMgQYcWwf0DzxyG;0u9MWV%8Ry%PsJQMqsY+ z-2;f9M5BGHwIv(9-!8c5>-C{;!7 z`u*JifTp1=P&z4NiOt_gWID7GoNZ`m?j=7a=TzY=NR1!D)|UQz%(omYRDfMezH)*SBr$ zqQWRtBhf9$<$6|;2Vyv#ofEh)0(5OxsRFc!F{n*@y$*#z?heja3?6H6)^btvd}ap) zIlbm1Dah;}$~DaA4VeTa>U3|1uB*X-)$@@V+%9Qpa^n|SV1>g%CfriPo5>)xB?~+{ zlb*chHjHMP+>q79!6yBf?G%tWjB%vv9t+w(Ajhj9Z7SY2hOeU+;)}|glN7r1a9oMA zB^i~k_0=EeU-c*+P5>@bg8ebI{k)u6r5`zfv!GPKqX+!DVL8`4sN&e-9xC}RMz^c$ z_yni2Ro$O+LbjDZx#28%{JN>CW0e-qMW?klZ}7x*y!5O|n6vYF#4sS+F2YGI!vZQ6 z#T&^u~e>e*-zZkUDNEFU=N4&bxIHNEnJ5QI%9)}B-;XX61Y=1nws?Ecnq6LN z@;Lxi^eVK@HO;gl;2<5gocGa?--g}`&tDbG zRneBZP^E$#bY|5g=U}fCM&I7$`V6Fr^s~Jq^^1pjdq6*^A8s7d?We<)6r7^gx_5~@f}0KB=SjI= z**^y_+{~9rh`-cy78YC%>L>AhGL0X(7)Rex0;;QV{>V|%bX6&Z-$$^E-KAOU9e#6lq!rQS1(ul z_@lY+Z4T#bvm|1Bs9BJ+AQj9?CBx-X3g3Hdd@zdKHoqYoWW|pOL6)0gAzne64pw{> z$&h)iG@i=iFkY+OeMGd)(pY4p)^6-;$N6yPox#xey3fVvaxy(+X?E**beaPS@kbH` zVeN_378PM+YtAyYgK_2vWv#$@Q+YwZ$EM9?P>vSA5hAK$-T}EY`-kxPQjnbnoB4Mc zFFni*~RPPCuUlIq<>(3GFKn4G!Dx7xC6^Q*T=8S z^-X%AR|wIo^hx9dVK8MiN||y0{?6InAR$HiWJ&-|Cd_Q|PHlHl6>)~g&n16(yb0f0 z_9x$Nha=s6yI7)5w-pA`)h~HE24I-u^NUTs@p@GG<9-Lv`0Megr`NC7Fj(2>{Pw$$ zi5C2(JSvZI^)aeqNFGpF=&92ZTM+pFt3JP*TW-AEj-1mg)sF{hG!Fe2u8_?^W$DI! zmD!)%&<{1G*}k*|d4QZq&Kn|!6umuqENw%mX5Z-Pp_ucf50I3w1VL`AQz6CtmCnh` z{4zsA{YR{5|Bs{V+ENsYqQ8Vl@==r^Nuq=|f+&(fNnc-^TB~QeODROS;e;Kot79rJ z6Ae@@QO-~-_UM|pH2GTQG#`qMRW)0DEY16ELp!j9C*$xra)pGB0nf(x{71UvsE%I^ z^8gR@i^#H8`uk1r-G&Ll1$=n0y{8i`efEOy0@3GZ4txbvBE#$=*R<9@;>}F%*R@U{ zk#2K4je6cF9+4^q#=HABO>$nVjC*Bhj;Vk@+hvrC{>_mVHU7MPuc za~=#L01+w>1Px>fjL0l4_NP7Qy~z)bf*Qen(G4pETeOKDnDHW(eDM=}(C2hm&I~p( zoi3$xX8C+M?URE&O993KFFcYQl^eQ-%uw=t7uA)T9TT`n{ z4EyN_5&@HQchESzk_h5&)3bhw;@cYI^V5=O9Q!QKei3n%VJ~xVe<=f#{NmO;O?USK zjisylRTB7MTYK!Y8Sq71KB!W*JwxuYL}^?r2Jx?SSM>R$`keH$k1&mYvPEHHKRD9T zaiA2M390MlAqS{o4}*zh!9DLvIp9k?ro&jk`cPbg6OHcon0)UGI9iq&WX}Uk#4op9 zCxo{&X^%j*+N*HgnDnr3f9*pJ|uPI{4&8lBA{xhCs$3V5nj{J$*4dS2FUOxAa;m3Xo>PA`@o^TJ))!*;2y-)dx zaBe&ZQ!h&)m_~iEzoVmkj^qs-phooeX=1&YnBnTn^FLrh?Kn;iTRrvO< z=aKQ>LcCBuJrB=^D{%9GWS-E>jk4vKs zi}qf4Gkm1pRW@}vJ?|OV-@_A?BviDLX?C!WGY6VEfi+EF6uR)$vxm*6I&zIp5mFAjA`eY42QCB~ z_n|Pl=T{4u4HWJ)-uJrOf?FCu>(d<7>0B zs_oZK?jbYfKq-MRI~!Yj4d8WpcT(rqlb+V(?~`F{d(Fx*_6QB2jliz}?BhCcq4>-j zP;NUPFSKdGs<0|xaI^(EmKwfzDIK@@JYG_sothpZD&hQ>GaRUO-@?F>I%UG83DhAx2}?Z2YD*Fe%(EOjJh8QX8%Wd2iEPt7{3p(Y3}pxx)=`*`>g+{^Ca z&a>Wi@u4N@X-zk)3~ET^_jtt59Sr&l1NMEr{fjKEBlL~nDE;uKWe?oIt$q^qJpx;t zx;M2@W`zu|>tB>5B^}s%+$qxsyFToNGm#+{&L9i5#PoRAdE`1#o_Jvtwm(#hWswU< zBbF_N3R`dmjhcH{xN50J)T&NroPh93Q6N0&4DS0yzs3{0C~D*`friw`n-ExzSR`df zanG45$NMgd8V4HX$#Fp4>E*MG`i;;wFNgU1YLDy`#Iuij80w4SN&CjxSjWlRyp!WK z1Hrch4K6*ylopo};E)mC=MJGPuZx6NXjdkZRPo#)jyW)!GbcIugEFY+=wKRLZ0Zpu zbhTfsO$uyvQHf<>pS2$LJTo0f`^d>Jm*Uc!OmO+_Ww_;}9asS-;DV6P)%0oJU>0%5 zNvhh(JTP8jFvPGuV2ahMh9cNfw6ktNG>gHPuK5%#Ino1XYVpd;UG+%_`UEN4gxSsB zeGN=!ArsoXKc`9Wr4<8GPv z*dqhau#0Xt8O($5u&*J_4{Zj%lMd3+1U~-hfo!)Oz^+E^0(j6Ij^3ln z)%zBgU6T7_H_+Zdtp5nmJ~F*wcY_GQ0->q`R=0t1hiU!omW0jj55b=yf8qOc9I~NP zOXKw}U#Ir`V3WZe5BtT7<5pj5dOf}z7fN@orND4vQOU234-~}FOZj*!e;TXg;er(f zunO}kJc0JedEUOs>iyc9K6o_#7v=QQ^VR)Ik#i5d=a+WB5SR4E_|lzd`ipB*yC0xYjMk>e9%`r zpuUztE7|34%WYO6HF?40eZCIEh zji-W)o3CtlQ#B=eSC^Br>@7l3&-fsFoNRW5Ko$u{r=flL8tG7x`K$V+JvZK71_K;U zC-2SVi}2Zu>wQIStUdBY9QGM|w2{1hu;IvsJzD!}8Z3k7vz8`4=_^4x@|SzcufTXB z@jO~AFBD03q87bGW}BiMQtd#ic7tG6_m_m=ybglr6ToZ zVTZt?uWSpIXRm zOs;^53t&7{hM*?#e(b9=K0^lmykuo1B_6}WJl|-jF=d3AaK~c#7NEOltafFOpC0Gt zv1LNBc4aPEsir3vXV6l=k`UJwE!FsNJciw1;pupDxsKP8<&W9aMup#n)xD>;d||?|`u;tiHK9YC?V` zIjA6(OTvh6mOtKe_w)>t6B@DJ&i>JHD4sW1yWJb-*&sK-S( zZjXz*(^y2Dowr+)u}6mR3GSQfjE-nhaVIAje{tBpnKS1!le_9&T>%mQ-JCKxmJ!;Y1-0ZPT8p)e!5qSGgRIJg&8k4 zgZSfhg&jqZGl;B32+*}oFT0#xvnMj|Nc7hauqBsNd_N}rC3~2Y{DZeb`ohdt!x#@@ zXhDSkY`}i;6#2syP3~VzjIZhVkYm9r^Y8Q4Tm|*>3=gz@sfV)Uj}GjC;8F`&O%bm? z$5jPxZFN5X4Lez!@>94AI>NYkJN!fG7;4l_Xz?H5rijhG1-t8uF#(CnBg$6ee(T7ah=&Oa8l`v+X0yz)$$;=L9F$Cq093X zauEi#jKDsm;W3bX+lC2+zdSdX$_6eW?4%y?69VVsSLGqUDCftA@xL%@oZ!{0>mZ(& z*W0rk$J&}#ShicfZe5^ z0>;q(lq?yPu12~wlXxP&vjl2^|B++)Yzl@xLc9^Gpq-;z4RzIK#|G4iv(f&o-af1E~MQ0U~0uAUybOK*@>#ecU z`h9MugjHwxKv?XqLNbcc639ztJ%G)vaH8OZ?WdGp(4ZdY{A@q^eY^`Ugo*#Jc&bk5 z#Uu{zEjPST%?eX+_3>ZFf{Fc;>M=zl=$+TF#6bO$YZR&}pkb8Ru|_@t1mDe-ep)2L zspIEAa=!qvmM5$5(XGyOLSp}YQ?bl79>8n2`TG24nsTwgj%qwTvk>=O?6PAN?*Z@c z4Kzc-+-3|NleUK&b+3zM-*6IGZ(jEK07W}Du0-zynIw0gYASjLG>Y7lht)NZsF5MR z!Yw40;MTa%dkh0t;5*CE^Ih9CP=9SQu%4Ql5Q!nMsfuyLUr}~Y-or%!E9!QLzchz4 zi*h{5wbA(3BD<{-MR$Pkb}0=h8iw)LdEec>_^)R7|83&s=8}H%o7H=M%i($l!uaaF zUD`gsipBDzs7=f8$vv69^a9>?Vf*#4A7T+ z(HxM}hxNG-ibRgqia#*8qR|pXkNB+)mGSUewwICkM)BHE+H^@4AKd(>MyeG$@B6~b z6F1T`gWyu$&1_(S}QXdMBJFkRdLG zk)UE;$7Ox%0m4Xg6z0Lz0FvZ*`)M<$FK6gZ@V~mE?;`tZ&Sy*mlwBYJuT;Q4oU(&? zkBcF4JamkU#Pk3v8vDdP6Kf*$j@xZxl&rTmzwWo<7Wd{)Ntj~#l)DIMw_~O}*5r}O-#+6{Chw$8X!=NM$p&y)AOmvpy_5$zBP+3Ae zCK3|mVsix_y;2@loo57WwpLZ;r^EAGorU~HmdHKKHU2i!=Y2jw#m2$swK{k z#--aqmt^;T=EY@1#f*GcNa;2;#Ew^K(!FZy<=R=jywvCKiNv?%d(`&4^zal-d8P&C z&41uwQuj!S){`BgClG&N_-)P___QmtBQkiW8HDm5%q>6zWxRCpOPEro#wJ9!KeGUHo-k|Ihldy^d1;O#j^0~T9phg+cTDE^)wO}>5`e^U}g z$&yPKfVVwn5C=OMD0TV08~@9K^6w|dq-wWv+PAJKK!s~>mwywDFWa@j=-nu3 zUkb6K(PJb74_3gO0jgOCDEehE6~uccg+Oz^6HbsxOx@Cv@%-i|Ye{}3tREq)Wc@Jw zMB|w*n>vJ7t70A_ZyksEuD$Wy__pbZ{k|ORZ*VFeowElcY!UHMz8J6Dbfq9^m#QRC zZCWOq!}nS3`wi)+ZrjZBa9GLTFeN!OIidEdJj4T=E(SokXUohrRX9JN^5H%t^recF zxl*$0d0QaPXWyyqmMa07(le9k&R`@eRs?+bLd;+7I{chZg z`-2Nl$EH+**K1pnC4s%hg~?A*Ju{Mmu3M(dz310AuYsIO7+MefLZyoWPhFv|Vr>sJ zIr5=cuv{`d}x+p0crD_q7+y3(+t= zVC0vvGNT85YN4>k40`&T?RrRVX^!eOd}&TC-%;JuCL>M6BFU$R>4+XDo-h;)58U{p znZzu<2Zi;iVViym|M;Es?E8w+53n%y;g`amO+WYeY+mMw&H+c}z&1;I1?+58&pxOV zHGmO7K%k|M-jtGE&O@x@c}|Rl3l`_Ot~dc)7=#~{JXu}R9oIS2-o z1KLcQV_nPi-(5F(*)W!x+&hXNh(72o*XzlX49Lh{ES6{k3h0Q2X1}AJdEYiy702x% zS^?u!nQwLd#|F^QuRg7VC&8Z~+snIoWc(-2=TzuD(27kAIn6$d+_4Og$$=Ixf%6Js zTI{~9y_Q8MeSg|x$S7GLWs(qTU~nJjtW;JJAH`EO2gR6n|Nb78j01T#K!^d&5j62g zo1G1oc|lerh2d&=`Bp}|eex5b`W76!!t8s^kGJ!p?h;B@GKVm}v1SE`5evJ#I(P~2 zdQauyT(5l-EggJ}Xbemq*a&|ff5F9I}szhX?gV+TlFNd|5f!#)8Z` z53>|!W4|s|Z|K9GALp*Lk_JRDkvZ?!J~)0gP;J>C@quzux|yh1oNI;M=Mv`U2szMp@hs{{bgPGiFL_-&zaOuBIKQNo ze^kbMYQwy3CqP!zTQrt11WE|u2xdH~4?LURs^f!k3&u`#vbn-)=LpZU7gwzi4iBzi zf8lZu?fns+>BV}(Pu)DQ;NF-rYgqo2v(=z~&(TSR3Fh!QFIa{|fHHm+G|c{y<5V?s zMhzx(?jWrcmEgy|he?H|#HXr(@w)@|z4a`VCm)2=4E|&EYOAnq#{pE*?a%G)NM~pQ z%Li^1*;84J?lUAxmm(|&#~Wu$GVJdQ&bwK!BRBINxG5t0JUhTsi2A2~#MTnS>WzZ% zfAxO6V@Mt>OhG6xtGyMkwq*Q3gpPn>yf?uWl-B9a!cb8=8mH0!)wi%3vUrF|L)}P@Ul_LeIL8nJdm`O+368#JQe#8 z9759o%!~F2%J({7U*hp#t%daSK56hgOxk}_zm!sp#mLQz!v8tXQ9t56fK{7NB6!|W1ip)c#3ZAZ|b^d!P)uI&&kSJ#||Y9K8g(a>DFCu|CWb}z~FMf z^3b}+k(b=6suOk3&2{RZ8&^JO0f-&rW~J1b0OP z+MGiMWw3e5!0UfMPfhd_|AiCg89*|qlRLYzGfvahYy=Ub{w)$4)%Fm@yN;&DUTLUD zdkO2m3H@G5L={*wd0`0grU9FD3e1yAGlt#22k<<+3(-bjoGd{mbHB)W^85Jm?H&2b z8T^{0m-BfzsFcUqUz4tcvUVs;VpqGol3ED zg65#q+6qtv-&1}3`xr~hJxIpwbK~4ZUg6KMpIQeL=xQ7f!Q!^$ z^H8DacI2Ap`!p#`ON>((9UQGDp7CJa2=V7pwRF{Pd5$s&`91*4`FXcCo>ecX<)tVI ztq{44zLS@CMWwE?Ssr`s2p4_}<_NIf6Cy0m7cNv$iH7>q&K%7s1?Bw{-tqNB-(`EM zJt)VXrA|t(k=zxbmhKSX<#Pt1FSdqwBaRXKi-+l!Whe3#KmvZxe&thHWzV?@j$_0= za7kR<(`6TA&}kpa-^u()5&WGa*oR2BE5v%f%m{00v<6Hsf(*neofxBxU>rV&tr;OA z5$RmGs~WkOs^8hP&A_!lBWc^ggXEdvX2b0{_?~zZhi=3Shm=*-A2AZh0pzq|oHngt zZ*P*#a(7>Y`2XUD9BM5Mf38S8I@r>~z#I-&8btVDB|g0ORo(O?O5k9t1zg*xHsQNPj8j9BC#GcV8G-tan5Ch=a6duGO~% zbkis4bCFRX!tC+m@Au4&Jzk-;eJ-{8yo$eN{AiyIU$xa%oxiAbUZN{Dpq6+-8^{`? z@;PYFt%OIs%PEBmxVx2f)D5LpF*#qmH!bj1#yiiSk2RG~_Zqt?{OV2^{D{AN$Ak!^ z_>PF=a)$KS6(U>%e92D#Ek&rs!S-e!ErfkXDWIl&l&|((8fSxAMoB-niSR7q7P)7e zd4Q=AIW>Av&1r!B0r)5Ee#1=-Vjji!3RCoO8baEn7vuUkb|B#2?=MgDxACpar;^O$ z5PBqcSTx@0v~LCGq~&!FB<^TK=co^Rdh>?IPm=I0Kzhg0&x;Q(c??d+0c!v_U&F@C zaD^{eZP2+d>a0!dOW>%fy^h8?m>g(mHKU^(ZwYwZw^+7cod#Zsbk1|V2Cvbts2v6g(I>%8QiQSXJeY#TL3)BLK>01+>7GxMxV&ayW z5IXN~r47^ISvUCC!dkYGnC4AJx8LpAQXqlfX5!bOUICYm^VqX)HCbB>Jl#EO_K@e~ zGU9PoR^_(&-FVl^?wS9q;PQjp?~l_tSt6*`p*b0x#;VG3{mo!Kc^7T3=E?T*yee=^ zo?yj#ov){lWJ2iJ1P^I`zROfJC9fA-QzpLtX#J|k^Ld~fLl8(+h0(+XuI^hH8n^Q) zU`bZ0?jzFa#?5GKabpQzmi}LKW22Cu6t?=fFxN#N*86kG1nl)96#edRIf{-|S3SBg zpzO196c-)Bz1|83RL)yc!})0zGW2;`pbh}RH$9_Pv2nJvhi)ekYlTlxc>SHnvpw$XS44C zFS&nm4|Kim-9($qz5?#c=9xTsk5qJ|Uqj>`twGHQ_Bd^b7zXY4*Y~A5J|!I}0eTNy zy4>hITb_LjbdPoOvVYlfXWe7hkAxM1kJeOunx;Vh#^68>>ORcz=5>#)57!NfG}N|F zaH!m_m#|aL-MR|e)SWh8KGNLar*|r_gie-xLn^g6Hp#U7#$B|{;J9o%U{TB`_E}_h ze}{ix5ng0){<~cU4Q4a(zvXr-Nl-(F>92AmPgtGzUkZhcJPYNQ%g+RPosR<8$1Bs` zo`ujN8h=DEvIO+45OVFnKxAF4)>3_b5$>6Gmc(f_ro@mHCe&RLXWTc|-~=WJ4%^3Ki$0Ck?&A3{GA&2hzXQ}YdEack zu2Ct;wRc7H?n_lu8=uIGCqLd|ANh{)D65YLdCEe!1YT0-pLBGC?O6QN<+mjth8DI% zw6JiWP`VV_zM{&v?%7Dh+ZApSf7RMChqxGpp@R2vo_e(YamZDWj#?uwEXaaLM&V5M zg+_zhmiJh7+ty~%m{-kpM<8kQ?`TQc?M(z4^v`a2ahRaF2VhUMy=0@#-k+#Fd3RJV z!h?!M_*2p=khJ@f?3s7wS9Q4)6?gI=BeXsiY7FmoHoMwn z$965%%h6M;RAZSvY5@Hcqc%O93tTaOD;~hzg8izD^>HfXS!R-V>+GTt?A72sj(!Kp6q5g8(fR)tRi=50poj~At z2|m}9!YZvLrMR+5kQ1f?KXsO+Tb=EcACiH!7G8RNm^T|8qmH5~;g$ooN+{8}8!m3- z=r}ih!^*iQg@@G8l|2QELa(V_0+rs(CyJ3*HunfL&^eT1_8rYA4#$T4Uv@(4vM-)L zSJ4U#cHVe{aB&CJq5{OF2>Jz%wxB7GC+@RZKwFP5IA4RTC2n1_+?xL8NRSu^;&ZPL z*pB#F{(hUQ(Ro*@%ZeL>rbHvXR-ghsVmC>^5xDPB4@gmGR(>~|M<3j*zOW6)AB4wS zR2{CVKBo`w5ZupVRcVB8vr|G7yrw%y;sbmRMbX0eD79;9;39*%t+oX0vUI*m+8=RD zhp{F08~t2Hcvq{L^^`^eB8i@ktcBPF`Yf}`fh+A^kjE#c<8Onj_Pj{-r7V@nJ0!0I zqto$=ysWgmkcvp}l?iIquLvMiYOdgFZyhZy5}`}*0Xg<*YcOw~A607ni^4HFt7{e1 z&9jV*&eq{BvHDvd?{Os+HT8@@^l6dIpcos$4yf)(;zx)rIy0T~yU|U1j3K_nAL9Ot z0^3Y{@44%Rr5%5RG$Z!?;7AzW=S9TO`j$y9OfpVjVRdJ1+5T(jgyu#N9B#9z&=LG9@YgamnD*7iJaEvJ(X`cbJSiJZLa`0(EfZ>t{8{H0jUDG7_U1Omv~Gqzb73uxi6=C3Aagpgy!GN@^8ZFtboIn-wQh~ zADHt*0{1r=QHM?Dgw`u#hM{Ijo@RQF;K{zK?Q9?E3q8^1gQ z6S&IZZ+_;`Iktyu+bZgpItT5Hq?OOpYq8?fNm_PIeg#9CaW!QY@X|Q$mkK?$6v!jX zGC`DznR%K%IpY!kDxuM=L0GHRccl(M!I=HGijOziXrI53Gw7KrU@ES$FrB81e)c(N`G-`WD;SkPLNv3QGMhVPPb;^bO}tsvopftEF2v%?pX+;4DR zP4+v)OHq#GButRbv%*hsFa9mB@%j27yx-+|?ig*|WePNI&1sgZC;m~kS%8+GVt1!`&d)lZZpf~yuJNr5k_`JG`N-$Q5^wtPWty&7kNjO)voU-=Y-k$L4XhEeMj1UJ8qiJN3fAh#N$s0qOrTB^tBwmNDX+m z*zVuilKkNlV7Y?XPSic_CxB$(ceiTslfIb%nc`%3&YM`<-DAj+KuF zQ1M{qu@JeVO>t1zW45!c^9Qws$g!9%PiN9jHbf8NkVV^P zO73LI+<%m{rR{KJesH6?CdJDS2?!oR#O<<4wk=EhYW{DoyS4e}GF~o^J~_YEUC&@2 zj2O4qmCxW&W0kDhOtrI{yu=)&8y%K8Dqp+7~MBV%tC zKr}q9UVwK7w9^w{@VtyV?(w?s=Xiit4 zgG7T=i2N(05UBLGa8Ga%YX<4VbQWOTF6PC}!JP2ZZJ^dodr4vxT*3a>hu=?e!+5_j zyp$wMe9%Wu!&Kut|Dd$?T)pq=LxaG41GOn=L$o`tShNG)BVm778DKiXI^e!vc5VMu zPvq}#N|n})$a$gr!I3D($+pox<$N=T02|z*XgzBE4YT-yjq0Gy^kpwJpfPiLHl}QF zRZP|gk2BA(>%tz5c_>UWv9BJ>Q4KE;6Pzb~TZ#|!y4O?)N&s&QfO6&IeQnrYxe~m^ zNY-;gdIBAfyQ+BSYkjF?b^J683>>F+A{ncr_RaGFdnVm@AmbGY+MQ_>Ij%=qwP1$u zj;hgbyM3+vTyiO%H_aBKo>jpDyL@w40u&fnJn{fALGTaZ_dUM0(?nCjGns~Wqa`FE z0~h{pTF}6w0SC!vnoe~{JH#i3P%?|Poz1yvVCd)J5hC{AkPwfmwJ$SfK!+4}ryu#1 z@$-!yBJ(&+#gJ<+O$}0aweSRR%9r}C`d{1Smxi)QOc?R%JfA#YW{?(2aX>uR&OQG5 zu$JNX5zQNHDFyZ5jCj-E7uNK{8oV*XDPS75O{QFd*2tv(x{fL^nt~%hXWZ*aAB#Bh zv^-LG6D|+;#=03Sf*-zuwkoy}90ArH*y3C}I+HQL_i?X)A9Q0tsdEex9+u|{M>Z}T z1}WlSr~0&?{w*>^p%Ghfk?Gt6-tP5QjuO|LE?)bX%IDKNHGZLP9X?E?(s&x~^!Xx? z``3G0G_5Y<8x{@w7Yb~5xjOJThKzWnQNmdKt4jRhUms?##Q)ysiO-+xy>n;jCDSH% zWh%?h?oA%{oqQ~W=P2(X#zoamnz82|;BjEa^OQ5EL^2~W0L|0;ZhNkW7WtD6UeR=6 zb{3`5-fkTZpzuzt)IoMTQO&=14y1#V1xcu5(o7ZN?Nj>T`+6TirABEb9e*zG?}fGF zeruu|`Qqb7GNUX%xVQMIvk;Yc$A1e3u69oYPQboz7n)eC@w24K8t4wS3?hW)pbOwS zVX5xNpu~Qt&=s;5*{SwtPwf8-8*}p@?x7S)aNQ`)O`K>T3yvCLa5Z&6vl;4sE7Kln z9N0bEzz9y5$)INQ@H+|iTQcdny8$|5FV~+_l{w6nQPoX7`p4&R1!Y|05^a`&BZ+Ju zrAoU$xpVqQP)|-wNNp&@RoMg3j@ZMIV$J(&-M--IkWJdjfsTIm?3PG~{ZExb3X8)6!W(o2 z!M~~P%Et?LUc5g5#v9HMHLtJ14J6y6sV@~b_8Z?!t%yc1ak`9g7Hq!D?E1U<@rWa(STs= zkuqO!#(P)yPzYk+=~lyrpDBn7HW{1fap$rI=taAk0aNVTby=V4{iZ#9e)MMxPGW%l zXNn#M@70yX9OYa%!$6(DJi0)W$h1&+S-@KkuHwvH}J zUQmi?Di&aC>m5mt17XN}Bw`=Aa)sFS`6kOc&5whU7hj2vsOIDxe!rCPT$wteJe5s@ z;IuP@^E~;9s?D5d5inXQ&-G9{I{K@h(=e$t>N;Nf;C9^lu%kJ%&6|+>Z@J-N@i%7T zwEMrtq{C?a_c;u&5Ak2IgaLgJ=F?no(5pDpjbLs0Oy9n&=zfB%>`tZss-6vOmC4)(=n!!iD+8b!*O_pZc5L9et(QU^`yT+W`9NFFZ|I z@y+s+wx7}SY8G&$(*dxk{m03H!0L1>{hA_vDN5xpwdv7GWb5r(&lu;E#%e2o7L$sJAv|UZE$Gw$*LV{_xNrYJ|JQ8!2m^G}fDfU!#EI9h`!r!AK7K zw)IO#?K@-gj@$HK0Pw#hy-dnI!OkHj{hkD0`@N#JpQ=6d=SBXW{MAvwO5Qh@y!kR~ zZ%`DxeXjweqLW;XRZ-&Ta4%8v%8MPN!X512XE;l@{_;An!wY_BH)-f5{bm1z@A)o} zP<;E4_i|>A(Kw6uE-@^vFds!{*eR*T*SqNLwPQC&Y8>s?Y`(_L=!KXM`yZs8E;=iE z?iJ+vr^y|CHuvF5sn#DwDyh3riPO&+-}Zf%{m6_&Wg z1nPnL9j5m^?(no!s10^*tZC^woTd)F1)RfL16M&?d}@o*srRk>P`9pdfH9)xeE5EC za_Tla%3?Ci=q##f9)nQA{_!FRh`l|1${RoCE6q+9@Jyc{29{tyzelBGf=7lt(MLl6 zg;YziBsl!AMi?HOZw~*ECC}Kcup!Ba|1~*;I^FRw5V z|HET~0$09PnvFO5`CvVZi55{t>u{7DTrEvG(AO`m(@6((9-OA*Jwtagciek-_2W0k z7wTh0+=eJ#{HEpj&9XtL|eurEpg;`)jzi?-+P&@-q z<0yTu19*j_Bk&B_pZ42l+}6FJ9cc*k6x>{`FqVc+d}JAj83!Mr-#?pDV5y;LRK)$+|1^2`r{EQ~=CP)A$y!9Dp$k0#Wlp($fgn}Y)6bWOa4wquA%LCp z$PW6!F?a}&8Z37+f5~auS9Ip|)DyB9l-h@Ek+gmE_o1ObAIQEf#Y1=6?e1QUD+lGm zeGF~rd(Yp!Y;l0z+9v@w_bIKf9%>jC^643Rkq2{7om+;G6V}|TxYb%3bkAUYkJgu%$5Hl{49o}Xbrt{EQk8EX;UZiNk zJzuhUex%AHD)uA#RE=6f+evmI%a7MLzP&Z6kCt(50MU0rm3-zC;bZ{H4YS>bWT zzY6e2c+c&^>IAzENq!K{ZAnO<)YGLXmw;1be|ZBlxwjr_D7~YpJfHGU86`$KHGzic z&Zta;6*wsd-wL)i{`%;8-LsDhewMBkJ>igu7YU*@9bc`k(n9kJ&DUQ4&>oL)fA8j5 zQTGBW&6e=fne}gW5aiJXJg(oH2C*I*L=Gw<=NE=J&vu99(6KbG=I{{}1-wSRnTA{0 zB211}%zCl8nD*IKZ50-K<93Ai7ea4sI&MmOmj>ewamvv{85 zg##bNkM$r?6JuAn7U}!z#a?ff)g`D7_)MuMp8y@=b*!q3yL13BzD{He1L=%lKqUKo z7QPl=u0yiNz*3qVctdW30aT!(>4Jva&C=r+y!O}{pz|!%)m(bfjzI?#!hJ7 z)9G2*Cn-l35nbnXIGj%QNcErhJLMDR4rFV97@)g*TXylgvXjG)f6?nG+kP>}Q`9hW z+o#q|vI)ub+Y6^jOs1#0Ft*60lihsvSg?byOsae&PrQMW@*O#}s19w#5IVGNisqX8 z316)$QOiEpiibT89Z%mD`5C7)W{*-h*{ff`MIPsm1}9QK_hve|PVst=g(>_exz`gx zo+s~L=X0~PMj->a2HeQS+vp55E4?tc@`jQ0tS3w+86r)8fcf)&Y()Py#>!oN!WBceWY zx2Z5R*q`gY_Uh~BLllb#`?UQ-=dO>}?D_?)&ZuIpgUHMk$y$E1?B!IfA#)Gj99&OD zGdlca6txIGJh4o3j%VA!N*6U_-n2}bSi~g{J9g(n)=w{1gC^*)a0XTS zg6-=Qm3izM!wn8{5Wa04Qxw+heex(`=OA;6ka>;r%BHIPJ?wIY z`d&oq(kbNW9LKBX8q89)FKJM80rOx+r!Jk{ErL>&bw<#&0kT!zf%)X`$^wjYd0t;k z2wInS{h|pr#6jgx-}97JXCEPFUd-5^+%NVdTu;UIcQ$^93jEWAVi9cJrp>2r{;;YA zx37>8_Lj^SDLq`ZcY6E{)QCU8P0#a-)AR8c8SAjIRGRZ4G2QbMQ$>CBaK2sz8yiSh zl|{?Cca$1Kw0it`LAgOLc=dzU)`gFX#vTIKDQD$Nn z^uCFQ$1_>&(C==7s%UD}hjV(6Hm+;{)$K{GpFks(NAu*p@6k3#99s994&%u>eLS_T zPL=3`=5v&)jNs0ES@ec8+y|e^{`nrjM20hcU_aLV%x5WU`-(W_IzL;U^Z$%6=E>CR zw$DLafS|?Ka7alQ#E)lC#H|iFis5x>vQwrh?-a##iAOQOgO*;{zB^|0%HA|! zk$V^(-cKg-ecZlE**%eN;Kd!$qm+uW@~-_;7gM&8YgCZBIp zvZx96+Q);&F(}GAb8T=@>bApi#KUB(f39*zBcu+J`TOfJIqh#M3Un@aWJ{(m^zGN; zk5Ri}ZFxt!#&muHGsEz-`~h2G&{5_pGdHqHAi8})&N@ey&-*iiTm3-n? z72NHQQY)50`o+*ucee@gb^YqM-sX}VQWG7~oSGZm`2pCi{@Tr)nD+~sl<%00;W#T@ zA*`ndQbNm}zXlmr0}`ymDtEgRxT(uM%3-a}=j5sQjU4@^bmz=WRbKxBjk{0uMZI3) z={OL_Rc`e?0-~qM{R1eb`|698Aoj0h4&PWJxf=wdq{9Ums`U{_`&h9nWCm=w4?k({ zd`)1iCz(`t(C5#^yAy%xs7Dz{>GyDKV2XY0KJRmSK-h!y?N}YMh5;w8?^{3ojh7|R zJ2*_9|2j8jnYuu{8xBgpS+y@j96OLcjMZ;H*52%dPBZT$;e4#pPL0ezKDb{I+n`0? zsXCnd!6LFJ8_g2PM_;%Z+5t)cB3B`!c_l{t6+dMaX&aIJa`94}(xxkKc}3WY@t(td zORteyKMSwJP2vyWTkm5|JlrV@c&f(!0=P8Cpman7TD;XKbH@_`{C3VhrzbXj5o#t2 z4LbFZDNcngLLHAkeUXi+WLOvpKA#uGymRP+o?57OC?V7yd4!&RkVnsFQ)+MX`fk3@ zqNYgyeZ5rsr#%I}wLVj=}> z!iUGpof_@)pWZqHlu!4q6hs=@6L>ozjKF_mSgwzH~E7syab3cu|yZ4(#&ai{3s{+cIo|jXPeS|f)SvG*JhMX z3XD~`j}wy3#wtxGffS91|8J3>x^~oFr0|7 zr4KF|g29*EW)!0e0$B4wlI26liV~QrcG%0o_s8&O5#Gg>$npp7 z8}&Ipf0FRI0lo=ZgYoXY6?TSPF~R0+xTFwVx%`hlN5?=c!!ws6EyHk>{%d+oHZS7G zo%ZlRP9yg^$iMOZ>`{6%e%|AUrRs}vuX#mjoIb;AzK9ui7VeXhwP$+=lumJ7LbM4e zY<-NM%^UkDNb7L2(^^=qhV;L!P~G2`31wVqS{nT8TIWt3iEB-uQuDyF+0xf@0^-a| zSe+9q>(H>rntAf!xLURhE^ZxySQqjwMT16pJTg66Gs}HMPp%-U|Yy@$L43&{t~gZy=7xz>pF zRZvZpxfnmUNIfki&^i5`M2=cPI|Q|_Wg){P{o9Nt0(nDtTdMJT-{rI74a(0SDitaF z^dwFW@X{OLBbqH;e#kr(PqU z#vJDwdvy#-<;GNm2wvUoDZZ_A8P3g5=A27UP?}d|I-IV6wW^k9Ersk$n15Cv$D@m4 z1j*tFVDA~eXZ&TvP9Mhc(=&;LMq%Rpe zCavFBGT1|I{IqZi%_{gL-{7$M;E4I-UHZkUcvTzrw167hRq@7%rC5I_QY)p7FhE>KEsqKL5YwzKbuZY zqr)+^nYdGTZJK?b97>??_5GwgVjG<&!P}fJSV7w*>l&18?4G7*J}X`F{$jE z>Bn_VK8F9)4)GL;boahSilz!3Yeatw4v<9#5JNOZ+dXSS&f{+vVLXJ}o~_!y+YY=O zAq#_hKS4b)tDCc_mUB)ce*XXy?WR>urZY%cTOZQp6>@I~NR_%D7n3vMt%?3z1O<=P>?y{=9Z!Ft}6M)K5mi$6~oS_%8R!L9dZ{2dz8# zV8c;YvB(>1L3#$>Cpm43)Y~~+H6M+0@_{)1&XY3CWonbl*@SP~#(+e9I;$RG_+LK? z1aw)j56SSeujjSWY}P^`dywJ)?eabEq3ddu?-v$Ywa9lZ#as5Hn{sdVdW6pQJ&2m_ zyJs!vn?9~AWQB2%G;M!pxLV|!>bv+;jUQU1xg^%4KauvQlr_p|1L3AolHm+2FZVyM zZVmajT^koJ>`oK;vuA}*3 z;31u;m)r>W>XcKMq^)gYp z2KPJlGn6aT2=}4+H?dz|v_56XLGb{~+eD%+IpOa^UB!ut8MSs?^vP>g9NwY3CpWwM z4nqUhxr}zbF*Ou)%^cyaM4?`aZO(vc^qg#rzq&@zY(N|k*~3+N3b?C&e|e7cIvO@8?+LfyE7n2rOLk>tW{v(3781P%8X5}+9@~~G2w_e(h*Z~iwJYn@*BSmr z;ew3q439u1zr0}-Pa-VPy1PeH`^S1PEE;5O@ct$fdmHEuV?&+`@BDqA&RSXZPECyx z{LEnbMP2Q~1HT=`pfOwjIWTzbrpGl6GI0JT-?dawG|ipZGBntC4C8M~47`m8LsOCx z5*Xg^d{|Mh)id7JTW@9@oo6zmGV=u6!Kpc&aZTU75Gq<@bR%(^LWC|)1ouTFKXP@v z!3@tMhPZkgPVTes9^t38eNyeA7;Fs?sMD3p(7!bKWq1?1*pe$urKnMJB22! zvRdBGn9J(AkNV435Iw3w_m}~vKl`P@j}rq!q_wlidE~4!>F-usFlgbt1Ml%?rB!_s zcc`t)+Z*_{<1XM!gz6cLrdtu@wP?wn%A(2iDQJ0dWt9TXanW{;YieIX?y@OZ1&LYr z9lCtqohj*w0e-F{OBTZmU?b-kZZ#Y^l`HLT!xA_nyd-M)OBPK&`19MV0IsE*TM3#` z8~aF%pb*XuH}g31#4ZH?*1*J(-TCBybn1m}7Zzfr^XJnJPzr%Fzr4_Ef4P(ZfV1Iu z@x@=-^Z>at_hkdHrdS8Pz7Vg-9a5Jijmr(fr0a9JKMM)@zuduz(bNzoMUS@ND>fSB zvR6==JU*lhd&yhY94d1p%M+y^E(c;5eA4M>pD;}a?Ev)>sr?sNj`!$_TUbS+P1o4I z-niz)`^Z!3>OKMAT04yPeRbRPRTJ*L7u4 z=V`h;a3s{=N5(>IsS_F zUGMxfd+Ncf>aj;b!4}@nP`RwH^tTlRjElTxJEBdc&^I^>!PB8?2x`yjFwvPqGqS=2 z2(NczBT>83XMrT`VhY_(2DF>nU;F4e{qb#StRly^tanC#|K4vYj0ffco;UBimKM)F z!enFNBauJT2*&%BpBhY7A$^rdW7sUPyin4(k5My(haGOa9g(V}q0}u#lr~C&rjk!}jhi`{#JG_zwdEq$9cxg^lZIpvi z-HyX;pB@z-C42LrB?VhGR7a9ERaNeu#am{=HK^{N<_WLbzrkI?x8_3`6(6^FWIKGP z@986>kwCFBGN0fsS*H4z=J`YzW5L}64d+fWn~g$fdow?zZ*MPvhi`&quYcXUsjxtZ z*6rtWYHdljMo|~G9P=s5)D9lnHm6F;d-d_Y{8!_w;pHs%4=Zg_H9Yvd&UET4W%`B#c(zR%_6~tjDX&cE?tDx?6X?Ve2>?4O?eiOOCvi+>8(zdqIXM_FgX! ztGHz{l;KDxt|^xK?!brIzOEhK28wC^t(Qk&p+qcH(OX8YNowhR6D7u6u$z*!k^=G{ zQ)v3`YA%^Ud>J!kkK7Xk9FS#59)@0<_A=Yt&Cmt=hKRA<2KTSJYQ&bCtiDv+PZ&<% zafyhgmh*xC9HY~oP5)Y#c};LoqSQ&hP^ZvC%ga7gj#J*Eg^xePa89~zb#d$U%YC-` z@s3!Do4}re&K2%;wwLqcA^ip)YIW_!iB{!y^H1Yz4}&!A@BsQOuWxjUv82LUCc}~| z!jN9Iwfd_k_wvxno(umdLzu7V`K;K6&I`)v^r(kt*S_KHI}uGqzad}t8Lb=M>vdkM zA9IFh+v{Evz5WD=!K%?-p$7&_WEbwRzlp=E3B6a-ZC~EsCfvaNjp)6M(Wvh*&z>81 ze~7i%)HcOkhl!j+8ZOv*av`5zpN@I;%850(DIXZexi-O<3Pp7*Aoi92{ENv8^NvQ6 zk|N?@u`C8sUpJ$U@;)Q5LBT!!c~H>P<(d(zf(bJf5(WR%$$40k%{>|6e9dqB;&mUL zLZnaZ8XP{$^i|R%7=a+mDo%bq!xsI81-xN1NoOAe1;lTY`I$ z9tU(3+{<#evfkgu@Mhp#N!)?mx@t6x1=%OP7^mtCTbM^6q@&(3X3)o-BwyxBe*(hK znR}=@I>cJoOGFpq=GevLl~6C`Uu+mNjz=z7O;8`OtRFmCDc{76k--;?KwY ziV%A;mI|Fh}DA8{wDr{+8sjeQ9h0AkY>E8haINHrlR#0_9-R=;x~H<0I@+X}xTquyVDPfK zU{1IBygs)mf_LJLrcpc|08ZK^{31wiQQD0Um~VXaB~m-4AKs^w&?B(QZpTyeiac!l zGMV^^_6r^9el&Zw3u5K-fY&V8mP_E}Nv5N6EAyzUJ&Kbf{CQ0sww%JYM9zt@_w=cp zmcZ~K^5IV+OK~w?1s#QZPc}!$jL-ma&JX}ea?xMW-K*2RszI?N9DW_ujN*CxK4M@H z_9+~MkCdWO5?=RR+qw(v+c20{jELV6D>u8p9H@|Gtpa?sqx4m))pPo<5X;t za6@*}@pvk48POziL0r$%BQn@Be>-;}s6Y2IlKZ{AU3V~bzGut7n#b*~gh!@mY9QEV z;lQz8vBk{cG9B~pRUVJ=xoy=Sp8facK3&3->((kVrU%|mhKPM+q^I_NwNVwzA(>=W z8g2W8n2F+Woch67qvp!ag&xsl;{{BCuB-V-iXdT`RlvZ!b|Ln zd0lUcA761&hF9G3LiKQ)2jwK+*!nBS3_}$KEm<^w)sWi;qVOeVWQ53}EITCKpCypK zo|^`+!p(uiE%oh~DCi2mB93|S=w*z{2J> z3wxsfqyY7*yvh^yuAiE=`Sq~};GH9w@qzmh!L@&P(K^>D^UaO#tbWuE5!@YazUY?P zue8FND{>2$L_%;!)Iyx)7axtkankk;W*eZMxU45|LQR*&fMR^eTaRK+>Z;9rPW`%9;IAF^N6bJ}yjrm{et>}!Jw zIkIWUjl9*;7zzr3h{c0-$eQ~hhte;MhCTW$!vB^SJ63!&@`^?rqixdP`7?PkGJR0| zNRe9~>frl+YW9gj4qB_rh~{6UkbI_zb=5f?iQc(*pDjkbBDUh^dSv+bi%r5`ba7Jl zhbogF%=iT407p0R^1139Weuy~ea1RDOj)PNDWvK~^@a0CihlcMxG=pW#nSye()}7*&)u%^F4U*b>joYE|ISG+(_+!vZPT# zTzN-j2_sNFI6JmYeF;a}1E29G+F%IXkT|`Bc0wqgf29VDVwj%PgXVT+*B2Klr{RN| zD)4ZSU~+jCZm)Z68DCt72O-{qyBoW^6*>&yDpI9nhe@L90L1Y}tt2)~EQ&NYeH5!_ zcd~%|iN6$cjP?iC2Oi}Sz+ClMa!<$@ms4bH{OrbX=H{Jd)+6h%$77{YSUfzWe!5?^ zq)+jH`=d}>o_*flV2{iOoAJ$&9)LODHM<|6N@5RBL;)&a3eoCVg85)mp4m;-jtS57 z-Bx&j2~t#(Ze)KFc|GT8*0Vx_$`4m&0PbadGFW|i<8Tqvn9m9<0`JCHSN#jlbjnjc zk$z7%>*z|w<<(?VJ;RD67co+9$9>h48sqC7VKpC=M^qc5l*P&IRwKQEi%(w%`|N&7 zAR?ISkH@jC3f{!&Eukms2^*KR+?rB`)1o`BW{h< zD7~Z`iXG7VaR=$_(_6R1Tix(fHd$MmCmc3MfZ-7?i@>6J!^mG67n)G{L2T8_9wGt4 zkPv4!6**B+iAd?WpH6?vT}s^d@}liL7D}|gOov{jC6@(39_bI*8HjuaxcwM{wQlYS zu@jQ_aj9AWU*J$Ag0$lwXWCO5%>+B+hptkeG`@dL7Vd$)HTzO*>K+YOYl@g3l%PQb zOi!;X-JfN-o~}?*5&4SFb?d!(#>hC86!4$hUq@fs@K8!>$vDOACcFEv>GrMTqCBz= z-7#BgF#LR~#O`b#^W)1;uZh{cXE2pr)1U7u?9VxG8Pyizkj-HP3j-03TOI-$ERE`< z+!E>h5My7Xs9JhbW7eWXM;u~wPrp8x%pxe-Dw~)RYz)kCpUT|*wBmqO`te$J^+Wi* zJ$bryT)5AOdp#PBesvBl!HcUY{&+Yk(va_S%d__%;CMBd)`8m*a`+6AnvKOzXvSm> zhcdzm+*xb9(Dtu)Z=ka8e#jjG&N$MOb3IeIn&LWJdQ&G|ljW+p1k1hN%;`eilp6@{ zGU0!1&?(jjN$XAG&kNU0)kSiP!rs~!hLR<}O8KF4$_|#c-PN;U3n2D50rt=;8uJ;Ss z`$x(vqMk^W*9pur>;>g-sKVv(J{@JXF}nZ?i>8h9`E}Vw@68-(p^(yZ@5izTTnYl5 zd9>aaa(#>a@$jTBfsj7}y9c_~NFpnqA0DphsMcccmn>`+u;OX^@n$PsSdKfJbeidp>`J7_!&=65e*Fw*=@c}%A3%=;pMU$eQ%zDSyt-U zgx~Ao7n`X7pD7d`HyIUW8OB-To50s*Vm^AuE0c8dK%=@ z65=)%rC!J@Z>KX?oz3G{ZBNLhY8?3oDpOigM`{|X=5&$wxXY8*G@!nf-6s1LT_*dv zp;&dBpvvw{ZfYbTDNmn$wSR9u?Wg-%cFnIkP>|YQS8|nfO3ABblpPFri;8V$fAbxU z4w=Kc_-y=#MKDj6)I92w@XQkPb~k?O_zI71-*%OKXnE#L5ubcI!j@VcR9Z=I9N*!j z%8y^RtI=QcV0D^&Irrz+arsMZJVs$s+@!FJ$YUO2|BxG0lMf3kJmG0FE6n!_sO!_b z(&a+<+JwY@aqiwzpR$|fu@9yC_{z8ENbT!|keI(~!G=)-hjU&fj8Mz6a?pO_q= zR>ELml~glJti7rzhSdJ&_}<_y@F0Wh)jPZ&b%Z|ImR*GpN#3rSc0E3VWrCsIYeL@Y z#m%&WF2LMd*lPN0kmuBe;1Rx!5uxf8%#<(N>E?D{;+CLpXKxp|;q&5o2@9BysOXUx z{mnhB;rDX6E5klH@#EF&ba^wd?|P5yKA0H7#!e4lC*?h1W3C2ed;JYuZb&^^F!D0m zS75-)@!zMo6m}^eqw(oxkoJuWMRZ(L>gC7YsBX_cijV$7`T5aqQjEYK?XUpV2a+y6 zzX%vEeLTl=a?IrD@48g6=X-Ejc+BK-zE#=dZj-=JF<2#^oN@i^b$ec-x(Un^#iqm;nK% zF6+zxX#q5=x8(C}Heo@eD89wk*<)KOjQ4Gvx(SE+7w@ahKJ?TK&^xflK#d7UK{R94 z*S8C!{aUgP^;k|ntqaG_>)U-AA5x|qQ-s8?kdrTaj>jX-BP2df8KoY@xC1@1U(cIf zZ}k%~>0b~qRZ;N!Pz7^@>luAH=ys-O`8Pk&4BB9}u-LCcp=J8vt3eFArsg0d!+Mnn9gn&bbJTs!)}-% zW8TF+s*=bxQj3|6&doY7KF-sGoADgL%mJSoJ$0AoJ(k!%FX`yf{G2ig+WG~aLhjK# z7PYPKn>#Q9u8qB2L?rX+f*H-2_y?;L|dB7c$N%zshOJz9PD0R=6yv38QtXMt5W5KOf`U zvekaZGJ?!e{mfo_kTiUt>;B!H&kP7tkzvS-*L_cIxi|^0zM~M3i{jt-DVfiB-lvOH zt<_<)seJ~VeCfb_#F9tYVlxaJD2k56dz~t$7hbjzWAeWTU|NlA^xP_Da8zFxRRWIm zb7k^DZ1H_$LpQ83l)TL8ln@|*Asw{BF-9)d-rV?0hMw$5?f;H0hJBYm(cr(T-5phx zmS&8fcL3^lWWRWYlGpJ))A)Tq+|VNt=9sq)pA>|9T!QM* zKvXaQ3D6ZX$BT7Br;aRp$Kp7u$&dUQ0iz))ITrr1kAynD?O!Z@uyXgX$GiLeRjvtg zUM2JeZn4f^q}STYgBBTKoZqf^P?qsig_C_Sf3N!y@p8QBKogM$)ACNdZU^qdrYw90 z_N_6wC+-dQYjzN3(WBRVZjUNO$0c)BV@=AvrDs;dEjbt9xvt(rn^DL;faKtZt9+)} z6@CWt{XI~lVXBFLzXZ>^4-qK#Jtf4r?zY_nMF_(SRJ_=a_g#7e%KT3;; zUp$>&(n!Es6F51v0<N;#iy zCRYjW8Npf^<)8C@8slHpJ62`F#9UK9-7X;zi+V(lFcLwkjZ+(dMI4KXMsK&Vn9YNJ zKG6KOPNxTs;CgQVHK~4{#tWiAc*x>WLcYgJ4f#CHV8hOP++(HroHT55KTTx;wy@r- z#&+GqB6BA9%NLdmo>bouyv+fLAKa3YyVl`IeKKUICMuH1O zp2%Z%NGIsaXTx7^%SEq{7wL@l_*1?)TtiYXsk`+N=2aL!xu@R-jQBP@0954t>tk~v z#gkK9ANxrq!SUPS0VuH{upNn9e;v$4T)>E}y|`c9uLAKKRyQ14mM=C4Jb`E*E_;Cc zWv?Bf9F~1!yeLnh*(#Xf3X+)ro;rU-IA27<@AT}~lFQH}g}a5|-0s<@>hUI&o`Khn zc{!TT;)9$|O}2o##%=DCdrf6Na{rzF1-snMVCd1lH>U7s^szk49y!qqpuB7BhG$)U2VVl51X=R^n zrji3DYYJ$mjMvrrOyM&H-JBQ=D~Wn-70~Js_QBE3k-#)J+4;4{j>yBe8cx!!E2GYx zd7^)XTPq$vp7psr&KkaMbv$2Tgc6&xF>Bub4lr+2Qycit#Jfl@Np%3-ME+b;?tOxt zxI_Go@ehrSeA4P?E}4{SEk4yO?_|AwPB5&vIPCb{GLu?m+XQi;E%i~(`(0V+N16%( z!CNRUi&~EJVO8r()x3g%)Cr%weC2Dt!kD^ezg@(>v2c5t-(QU0b0>~{aVKHXQo^{O z@LX|rOtE*UVZ;;n@I4yTB_tGXyFgjI^h4ppvDACzR^to0)5SK_p+Y_X#F73n&JP?T zV0*kry__rdz7@;&RdepE=&gklpAaA>=Rb40iLZD5gO~@W6n1$K4&Yc&v4i^*&(-nh zF&{MVo!6gnXup(*y|aTv!!f_f@GT%<#I`+B((QoEK=n$2MgrGD;4T(_ITGVf@Q#vEeX|C6gT5~>+}~Agha`9{R$Sebk-(-H`dZyFwn~@SPpL)^b z9<78KI+4!b;UvKCm3f%25;i(Mtj||>EMXapyEvst38V*QiPNfoVA3Pi+CSxZ>1s6X ze40jyYpypPhMso-$f+g31;u+ zK4HF~uSDFUn5=o&Kr%XD>bFuPUo+Dq_Hl3|x8}0gyBWjn#GRO&-Dfhn5|eOYT<@eU z9WQZSR=~TF1+{%@8n>m6JoHSE(TP_Y&hZoZ1xg$b%iP=dwLbgoC1}o5MV~lIv8hg3 zJv*R-*FPtq@3zH+l~(=0>1dBt5i{vEK}7h{Jo;BVufKz;(NYg4jK;JJ3tDzQ-TBua zoz}==@@1CxPirn5vcPfMwx8F#RD(01rq+AN_h4~fCo#hj<(qo}01D#h*Whi5+3kJF z*6zbaZ|ND$0BNcD@METF8t=zKCUCS@_iTX^^$0E0E*|XSuj}QT0+5+rqRi5yRwf7G z?dEJi>_-XfjlHT=2+$+0N=}@{W(9LTPPkrW@;$atzix1BlUtQ%jeXQ>Fic#D~I2QDL`HAER8y9qf|Fke$4tl7ZwRrud6F0m> zmXKeMG+Ywv-W``TCd=c*w?DW~uaE&gXULoqxQQ~}SN!e5kC!y zBSoQBYoTh`&%$dzy7>DH-f!R!^m~6LseOvMF=bxH7fuhNIg4c`5*t;9)tkMo6(0u3 zt^c0FAt~k=0FbBVQLM7OY!1bDP_GhAVOOd(l;3X@E;gUN3bAecFp68K%F_|eG1=8C z1l`rdTVG*Xm^T*?H0NI4+EHh}ZU{+>$%oYi9HIL|c%_RGc^6hdY8gidR0r^Nn&xa( zUiS^SCfwskT%t}8!bU+=-;%Ck@95lw~TAjDJ)}X0P$=t#4yS`JOzzu@Bcn z@YY^KhddI7k$Qiz@CXS^)s~<}RPXQuj9{R;SEBG+j}Vys^QT{Jz#mF=Y1icaZonx@v52pULmI;z6IH)&LGG?!~6dIaoof?aj z6f{P$fPY1_s{4Cv3Ztg!cjGf93Bb3)YvHC?g}>IVq+l`&+(fvZttf;|4E^4(?5}S^ zk!mA`UWU<*=|mr3RnWwAa(KjF$^965^{XE%76Vo5pyBAc4HFc+I01wTJpBr?8h61O zC@O4PRFgTLUbiIGQ{f32G#*urdn^x*DmM|v4PGhUpgw6gaSZk$?>ikt{Jjlg{tLLd z5|t426{ietr*4Ru>bFU#E(cleGRx9%rA{EgR43~E)4hTgiFU`2;_z#9UI}?n)A~v& z@n=kER{?s#K86#X3IKe&+o7gRb=^3*(&>QZtB2moF%T?h6`3P;xzukC_vLtFwIc2hbn!Xg|0sVD0bJO7C^5+BpPk zJ@GIgp`K-H7o{(6a@KJ|-n ziSoz!40wjqmt@0ULgttj(+4L?#V7kdqcobMdtv9nPVZ3}{nV^gnr)d|UU zegptLZoI}bG@-h``m%}B`u)D$ffLTgQ+&vuf87dz0J(wGbZ7W>oB^_1^iP@3_olhd zzjUm)<)m`PjbQF&4QrV@5o0*4KfB3)%Z$1xtWC|cmAI^Vdc95fk0_K`f1)EB_t7Sw zztnwzw$f5lw|+>=M!yoJ?=j;)oNpHpny!hPGnPf%}as-3C_ji_-$U|EN?@{Y2% zvfqGgA6M&9)nqOTEA2dR^cAn!u}1ofJ#Q^Kl1uC7r&s})aMB`5J4s-2j$|{@KYx`l zqTAVnRdih)-u3;`MAFXOjz!By6gk;J<;?RN6pdX z$Mikg9rr28ibH1&?|d4ZX)`oqi$NXm`3b{Z{c^spoHi&vC_5+6{P0P6@w{-~>{s)& zAMDej-iNzmm%Ziw4*C^lK?8erzy`k5$*G4M?S0Q@kXDewB5vBJUVb9F;m|zZ>DD{#tuLeW zR(T%br5b*$qdC0ynRMji>?SjZtNW9a4@ zfW`fcrU&!8`61OwSBvX41&|NpRdZauD9Z>C9uywmpU-u;!L7%GQk;o(Jqu;`a$y|L zZI8`rej(W!di3BK*HH!$?_7$V@+VxsuPoNsplQ)=4ikn_v|#UG!wDmc^*M$m73>jy z^66$Ux$cyvw=r%!EBOPRgWOGH^=&*_=os8BS5$0(s%T~mdfmtf0tcDinHBE!%;12L($-QpBO}XsugyNo|I&f)ohgXfF7i5#qNhR30Ynf z@ZA9mSuE5ReJ0JUU(F4yz#BoxYXC=jZ2;cjqJ@X(Rp(|i$4z7z*)j&12TnpZx;1l) z%vYokx!K7>H|3uIUi?UW3+?DXFpO~mr>visPI$WIWIF+hnKOibv z?_MpFx7N#}YYQhvqvOyfi)me6 z^s}zd^&Pv(!^Qf|>>LJjXgdBS>GfVHw?VukWjPdY)Ij zP_e-p9S?sN3O*9`dyNn7+bIqPl$T52(9`J!L{1_8PJs#-TyxM4lV*8^I}4l0jl8Sb zFy-Lb=XWyCKq26%MyXhC{t_>Hb{85wNv#i3v4>$eH)V%?r<3u2G}aHGpdKI*BwpU_ zC-&n9DzxLD5z#rCvUCrVJv6x3K}5awMe)`n8OUD4??>xSS|u0`@p#{0i?}ZX0tzI; z)%i`ZmAW&)C8B8?>fltNpd=<^Ppd&YW4T0&Gr(?J8z|Yxy#kbe4NZ*P> zlTDw9y+oH`1r#=^=#5<9l9EjI{O#5cz|;ScbX{AD0zvebB;%u~1VOTZz7Yh;Q9!w4*i=_n-9Yx(sJxy9d!}~Uw(!?SDJ2-oDl?2ak3#}=vRnPTN!Jvbyq8d8 z?PEb=xrcKB8e$I!QocU#lbt_d{i7-p zc@=zon3Y#D<4NbwU))!>t9Ik@yl93m_9<(Cxd4(b-+&ue&TTNeNye#iT8xL8{=lqU zdcOCiy||1e1%j5?i;YK*7fF~8=QP2J9HsDmVqb-bgQ~gAzm?nFGo%v!dvwUctb`#LMVB@U)2oS9jE2QS7#JhX8E&o zxtxky9?e9oC{ftrv2p@RITPJf9#IF0XM9)eHIk%K-A~%A&+O!-;zS3` zH8tbjj6^fN36nO^P}PC{t7m$c{jp8^{3Vq9T$W+|Cew(A!aCF#^&9fs46tr{XB+v*e7Oa8*+QT+lVJhXmzqp+ zE2+77&1%*#3%Vk@hw86q0!oJ1@>YLUrP!En^>o~lOn4zT=dRdZ+M~Y$6fJwz?X45} zr>jo*L=iCb+uqZJTg4F(ALa@dOAz10Qf41XP%ZC2x6vwN);GUh8$zU)_+Sr6f>TLvJnY1w+w;mOPu zmX>Np+|MsR#8P}X9Q}Q}<9vfGsRO1zfhLK5PLC&6Z3>fy+o#ey!BMF*|7?lmaK`fB z<&($h0w_oON!Vr&j9f{S4lr39pDglNE1g(2N{EQ%+=}-X7g?ZnvZ|HG7vRT{a&9V~ z0;7_!-MD~es`V{$=Du0Veq#EvM{#|TdFfmKStD41zh_rh_W^gioyFO%JFHI7n|ElO z0v2dAruf+EViqU>>dh{+c z`BZC*twDr7zrnX9pYXy##()r}@ZN_?#sZ<}QRu03w}!bShARli9FQa6Cahk0J2B+c z&&P>8^b>#3bVaNR%29s&p(h8d%OTn8>H$1nH*nQo6o2~;KoZ+_5IUD z+}QNz|ANGU`AwNLI=%{lU#^D(6k3j7{<|mX{Sl6*WfUgc#1{SInor6a;1JHME0}jS z+T2{d2Zm{F+VR;(Z#cV*_lw8CR}6E%O>DHlTeX_zKk8dvZ%U|s+_U#R?@{^8?CE_E z^sMue!?Cv%j;{xNWcamZ&FH;T6$6TRH!z5E&cNd1Xy zy^QV|gAP!m2a|{r)+63$+E?~{Pkzm$xJ2cms;IKntw_ewxA>*%ffSCvfJIt+XVm(F{JM@Y4DLy>i>^5fBur|%%0SdP7) zS&3K=D2@_vxLCO@IdX`FXc6fV$<*JfEaA#G4RHS= z@&^$5w11~EPjU$+$y!2rT`f@M*)Ql~=yU1z6@ROP+0?xU<* z$j2Vg-?p^!UEzC_3Np-uKDkL&o1*2S-jb@Dd>Ed&1-Cnzws`mNY251~jAJg1x9P*8 z%Sl|Uut!E`3pNcupvwnl+$S%iKF$U;=kqaz^>^q1W`pahzfV>GQL2eM+ybHul`|(K zm-SXV&)+RbD`Q3De&#Ms{Mew6#J`k!hE*Byp1q6=|VLMgqzrJMoNIGWL-u>xCOye3ccB^SB5baowwL4W(mt;~ZK%T| zCtH+{)g`g-kP%B4;ahI^Zu35r9>+(mp`(j^dwi{%&9Jv^+dTGVJ-!#!koDE(c;t;TXZf?5$|qs2YBaI!-0b{o!|3;W0TL*vHVqPpAdhhpKJE*tZ?G zPrEyyoSd;PJwoQyy1o)$1x};}#1Ev7ub|C{`B>=FV|1{Oe0PbQrdg|-b}1EKKCrI_ zoR#!=JPXNr7@!RjWxvQ@fGm5~7VpwwNsEZE;vZ--&%asIJFtu;sO>JXx7Y8cm;9te z>hy)Wq%YWC%NMcw9D17KyL)@ze(8g)erN8KaW`_2hQ-dVme5|lp4nWl%i((#5A`Xz zNAFAMOYRp5Mc6fCcR{*^3lXld83X)&CfespO}qn!#ug=QKkE}0X3>hvO_kzfgvzfb2uG5 z^xwe$!Fo=3WvutHE^t-KS9fEgwn|&Lo$ld!t}Y7q0@1nrDlRi>#~XX))#nR}u6qWG zcZe&en!h-?XoHTbo^!5r?{|g#ZQXRrxBi-z4=?FJ{(@GT++n;kB8>&f;01xt(`<&5 z@!-grTo$cDJC;cAiM8~WwMxP9)d(l9tH0?+={_w<#f&QFJpo(jh+WJa1zhZP8G8n7 zxo4kxDscLY261a{KQL_t5HmZU!GpS}M7+NIv_DlRzHy8F=KtJQHF|asmgpa2^qkMw zX8*xT*Dw=TxZM(4PHKPszBX!cMXehWj1QqWhQPFKckkBFvEMH*6Ew!xs$7#oD(W@# zs^Z?i%U9p1UIQ@CtrFct&iBkgc#z6{}YJ!`;{~-24&jaM-xmyA-!e zak%~ZJpw!+19%L7#eP)+L{%#g;<$IJGfG>WQ1(Z6^MQd#mlh`D)L#jz&cou{G37z{ zK5S;(poINduSM@Xh+7PA;QBG2+EihNZ{N31KqdG`YKYck`sen2Jqts-`lU_IM#4Y_qt zNHzUlso=Cv2A2N+T#zg%7cfYQ)2o$|gkUyz~Fh4U^BD%O5lMZN;hn@{OIx@w%UVBo~j zlE}hU?`OJ7%H^ZWPczrmyY3%?H)A_f-~^A)a&Vh?db5OV(O8KK=F`U>S;QwX_7*sh z?IF6p#c-N9*5+jaCkv54?BS~OeqB4~Sk%HrxQDMNDP29_7Kt^Uuefedov%;)M5}R? z^!L|u2mA_4vWM$Kh=vku?*24E1$SQ_%fEc#j;BK&pVjBn`z6BneKv)mGyVQo@A>MB z0~RxUN5Gaf-^OPDt?$0_T#BG|Yxe(oM}_6Ybg9It?q^j?l|ZoOv+L)99ONx74A zQ7+dPoV~qPkss=BI25wmJbt<1ofyK`z}4Mn4eeZC;c{6dZ*_~6NN)G5P`sA)1aU&* z+2ltyT==>siR4prFY))byX(`5Q`v$kpRw_^JU@Oygo8o1JMjttHn-0+HV4eFx6Xq0 z+zKajQH4E*q?~QCp*aW60k>Cb;FHFap>b$4B($s;(ut!S2R?l9VfH`LnYs99?wF?i z%6y?Cx+$lhD*z;wEGFrU99!t#vR^QZ5nM{Q+!4OWR7yoHH1T@G9r1=`4M0%k#e?{x z?hGerzB|oc@jS()_xu$cL9f(Wq;?;UhmV~)dtAD{AT$w5se;kIhi7NpSMs76?-%Zb zR3r0`Q)I4>4rWqc|HbSf!0W$T|G*t1grP@HjvWzFqHN#xv7&K=>Lf$9!wEd%u?r!L z3nQt=6)>Ku>Oc9D-(2qOZxECQA7*TTjpI!_ru?fSuPna_b5g*pY+v6L@p!p4wYQ{? zxJG|EGz-6)ugqHW{zT;W?Y(T56M5b_f8xrER0;XzH(|z zn2bw%+gj*%cRd@tohfrc#(6fK?-L!1SD}5sr@uv`o3v)?eUqmy>puKgvw;#ym!_EL z?Clo--q7l|JU1v~=Fkmn_u+YYZc5yA&))}Tr&{~j1K9wXF)-F%`*QSNzUj|lPvzz# zL9z05^|bfR{X5{c{NVXV;hPL~0s-8HtK$hJN34|%jVU4SowXZoX8HwzkjHL;Aw-U% zH^5y}?berJA)h<*vm2EO&bA%3`LI{_tE@@7F&JZc2h@mwk_Qo~RjnLl7o%-O|Hz-<<6))seVvt5YfN`<5mC80TMneo+})%vV2P3Ewt$q#|$-?#v$* zxOc%R%sN8Ce0ra}ajY{G3HR~m(ry)o$je0kW;GX^UdOMp_OkS5^gJUv@}A>K$Q ziv)(PbAa8GTnQ@GBvO6BQ3^m*mS;Zp-FqD$_Iw&F?=I1nwS^vSB_?NEaT5(}q4rdK zF#7N7b+wQEm)}p37{6_HE>rD=uqwoI$*boPQe&q)o{&Kb)I6NVq!kbJ`F3yk-k>BI zWeRtJ>@oqZ1607(mWu!dbQw^<4BBz$PIq}Dh?aFPzmS@sWeb>!uE4!&29-azg5kj7 zVDCwU0Gv0vn11xUaIdPx;_5~_l6OY%5$5m?rmyn|xGgTs?x9KMNN?8r2s2aNvdT`G zo@7SNNHNfAnz+3iC1&#DQa_Y3JU!us(&nA^6o^f83c0@WYX8zeP)YXbg1N%dZ#!+5 z;WTX^juKM3yDtiM&^*0Pu5%f0nsjlTwJVsHm(iepRK9*3yoXJ$esm3?CE*4#dG9dL zV)F_M5j9(%;1ZNgW`ae{rA@1l?>pHkiQ1j$jpaCt0LZjp-p7{Ti=wO}`)VS^$nMS? z)V_9&I)P(|xV`e1aP-fIF+t z@<@T_G*7<+*P;&^1Y@)??#lgpeu8O(UsknM%ClhClx_9QsFG-cGVA4byxd5#j>f5Y z4`An-MCa^Fm>~TO)Z4ORMPS0J@_p|SxR?7~kfL+nP=&v$s`N#l{CKX2m^ULCnvE!B$;VGdRC>|yJWs#) zMf(~6#qU|AKeu=bW<956E38| z5pu<-dtl zB}sKm-dix`=@V~}S%#XKhKk`ZbTN5!Bk^P$ltGHF5+3f^mO`A7c8mM0JlTK-;P*$| ziwz=&rsiv(K{(R#N;B-tJ;%~YK z&VC3H*134QgF@?qKbdQ5zz_0>0U`wWH)6c*64N4bDERx~LCNk1Af3y7nC%1f8;lQa zKTG_;71!KcuyODhv?mm!C@sDoxbF$b@iKLnOK@Da;#1df!lX(uY|1bSN@}#xBXkDIGBFR1xay`LSt;|FQU$aQRo!?J1tys(rFN~CbU+t z75B!JDk=`|{9UU(FBj~Kox`c&!pbGd+0ez$f=? zjIfW2#z3&lh2D1&jB@~AMm$~2y^E_VZu?gv+#nZ7WgW)Qeo4Cm!%=+fa(ja3?Tk9~ zUt z1emPB8si=>e$6nqUhW!jd$c52?omRZU@9)IL-~(sDwE^{Lj|4!c z?O#8+j~m|S_Ys%HxD$l+z54w`;}Iakcy`G5)eg(zzmk%pb>1IMTV!5^{k!=8!$b=l z9n$?3?q>Q_d))6K?Bh<4)c3Z_zl#iSr=RXEF5LrveGktUUWf0aRh%wgmL~jIU{Cwq zsX{8em(Qp$XiU^=CY9ZnvuyD7;X!)G*RgMT!~9n5I%aUSW!*^QUV+nfvrlWE^2Ukw z8F#86#`{-$=PLDY6avb&Ul{2%by{vdZbuktX&&+Q+IEfK?)h`R26g*sMBYLxwhygi zOD}u{q3hh9E&cXBT$2#K#y_)}$QP(UP)5i8&iuK9RAWJQP)%IN;n-xl?O#Jv+P)>% z+lMpj8PkGEcE2TzNbus$7T?m8c3A`8bI2tpZ`K*^D(Ne3dZwV8pTlE9Jr`FAo{Qq5tMj1$~XV?6Y^|v>(6_v^&_+h_hJTawd;qbVYU4l zf@`@AFefa?$SF}{53s06_S1j?dZmKXD}+B5Et(U>+`Ck{zk&j@gCLMU_watiFK3RN z%MsI!A3loi{0O7kJm1J7C3~c3YR(#mb8MK7RXs1C}lzXbfE-cPw7{2x)j0nhmUjQ zDXh;|`QVXn*D1ost0gDK^5)mN&C{f>0a^+{9mTdR8dgW zZcR7F0DO({&-nTtR^!XMUk_iKKK$|UcWpSDtsYzGgC_X8;^K4Zv2 z;$d&o?B6#!=AZ?9j3Vnb{beu*QAp8+*5N$+&dldb9xfMu@eUM44x9ans?fT)(R4V@ zi_?3d9@wwX2543cWn}MN$frb_K4!PN)t23qgf!KT^-k#Lm(F5ppk~3WI}q=antR3E ztuP@`U+9miABuG`+$bnZl07+gHe#K4$PW2=FQ70JoDG)NKa*F|UMPpY3U*WPVVGGi zZ}@?H1FOehcq<#cDKkDtY1c`Qe)bsOw^00^TK3s4myjp;sLefKPQ{{>3T4IgBs>y2 zJt>J{#m<7WEv-(U{g5c1ZNiptL`sCa`Dy9LS~aJMg-$K|;M>9eK(eAw*GZ>u&P}uw zuR!&7gwTZGUr7)UCL9iI3dRU0 zF@H}5bujlN&mObUGgbx7t;HNkxOvvF!W5LiT)hDDfS~yu?#jpy2Z^wMJ($#|76!VD zaP~{DFQKfbk&;zEq1BlX{ndy*ngLbOJNgE~V=AY8IlV!+k9ESZ-lv10a;=*yeY1dV z1SRBm0R*A(JGVHj&h$uct_sEBPiGWQwY*9md;mTNUmY$ld~_z`#uwW1@ZGAb^D>V= zPb(zJ4o3NT-BTED{|K}r@V|~5S*QZx+M$sUnO>K1_McQ?cq3BK7^xe1+vA!m=j0!g zioR&UM^`PjFty(?ewW4kG(y+=fyr3?elSZfrlu2_!%&xdh`*i{7u(;155y%18lqJi zETrKF)4CR37Y@>wE$Bl);ZydRSkmuJRqOaei}iNB9y;Kq_CM?1w%dxH=ujPfp%Up8 zm!hYdy$B}Kfj8ECH@nr`fjxVduSEZ6I`Ep9*pXno^1Co0U?tJX)sFWUIue^V7xZ`DyFy86u8$Ks9lbex_|r(&Y%X zi{gSteOH5=>JC5K8e%n1hbV_H6ZSpmJili#&(3c7bF~TK^VF~Y7pHrCGB+vX?W<`- zfB-B@1x6!`Q?u6v!nq5>ACvkVB}ga zchAZCHJWtPJx^qIJTN+lmmm4rX{;Dm3vq@O%v%M|mkdt7q;i1_vDw0k)5R`d=5)ql z^YuzC&ccGqSf6sX2VmLn)_TuMpFe}iDbwD|()qsn+d*$)@X34FBV@)WQU>qOnyR_s zB8yKHs9x9ecdnny(fTX85+gJIcB6`Y6(yAS%YGVR9CgwDg}rY2FS+k0k7sYZ!pV>; z#30rVZNJ<;Z|#A!+;XGa^+S0;?I?~%UG%v-1*4I`pJrdPwN>7d=>+VmaAiNtjRytx z6a+>=>Ag@bYLq>adSQ~eQNGjz1v{|66!+DY7k$m#Hh)`Zsigvj8lfxdZj#}?obqZ& z$n-+{`Z?%;2bwH-p<7EMvSwzGCWm$AN6;( zk%M*Pg2*PEt@}+;NsIb(vaNFAwAr!bB-iCawxP)=iA{#2e5fRtXayM~!5ZhQ-7L>O zNe+L#b=Zf<+DpxP5Tx~Qq~~f%BLiT3NFXVWSM8SQZ=KzdA@sO9(P;beez2(f%&zym zy{!^-yu)kyv#Gf63;9b>ATeOy`00bo zy@q#ZW3Z+Pqch4n&7bJH$2PqB9Uprvbo9J4^|Sf6vZh-$A?tD36C{{Ic_m4>=Ns%H z@y7UM?@3edzl}Y3DGNXwnTXW=CK1G)mm>g8+x94UPfNG*i;8>gy+`2o3lIrJ+?UT?^vL4(zQ*#}~4 z0vk6*eG4?_Nw4stgzog3f{b#}FS%{oQwl8qz|j)xpB*@IrRbbSCKPwCeP`(^!TXSK zmAL%`VNrDAK98cgwD!X?74s~PcM=4 zej6LAPYTCo)NbA4zL%wgRY;j)z0G4`mbmG@?{W<9vzl_0&DD}P^NCg{w+!J+ZerP-Ta(De7no;lPZ3_M7R*0tE(@G zS@6Wsf~<+PjafFcXPd^b7xAInu`D$W8s>xy*r9C~$W=lM@ez`5TnDA3<)VKWRq)^} zW!yg=9sYa|$w|%J;&VY**KmYtd2$wieg-sTURalNACywmlPug1m9cXGKyqZn;$E5){5#Lr@TYjuhjlGw zW1T-A8B)LKN6Y4g6YDJAZr}qrWjlL7mPgzV;ta z_q{LJK~^*sT3GXbxb6>^Copq)>~lQPa?m@Ajo1 zPb4H0zE^k_eBRl1SI^heb8lUWzgL6>6PF%4k;R_{^}Ip)A-STWLms*U@`e16aUZRH zSbO-Ah^(#OAA56}JVZr05g-7jAgL8Bu$Db`lfDYE3di{Dn){u^D2xwPH-ZtGH>e>i zX&RckT7&th*19kp18g$^f>syJNs04MI}P*Y+Ufvb5X0k~KYi;@uIoAyw}lP!M}jU| zzjbVE+gtpGR;Inr#z!K}_B=NiQZB z11L^N#iyd1SAhq?dTx7+pyD>wj`HU^G$U%wg+oJ4gvJa;ypXW3TnTw)}tzbhoR;7#=WWI z{X=mZ&7#{gFWExAOQ5Vji*>7+y{9Oq4iM}p|Mx%B7V?|M3Y6gLtM)q`ien$oC+s)cH|wVH(^*`$~vTCKpJ!%HGJo zp0js5;4Of~KS8yZ(>OR|Y3+#;TlkRH_xP+AZqJ_$dX2DQH82HFU)G#dYlDH=sj2#Fj4<~5!%tW2qEL_ThzWf37A1`$dKI;CpK0Zws4g7RBaKu=)&lN{Tyn9D!U?>84 zUts$%leJt$<_?E^Lg$!}V&kaYG`V=+?d)(NP((;Qa(7z zfN4ZN;rSM;$sPCV4<7KmEjUlRAJJEc!Ka}?{dfLw9A60PzmIB9&1v;*EUCCVX?Z%2 z7SP|0nrHj$#ecpN6sRB<_NR-N`W^{PBgpc7CHBG+3vo8}_@JCt4_O%mP|r|$TT`Hp zshK8%weV%GVLfsFbIV>i+*yr}cpY8s3Def~(fHBu>u=}v&4Mh7>S(>CmP6n#0O z%d9Mro(#lF`W(+ja(OtPeAmKf835E-EcT#18QGiB*Ub%Nm7&0zH8@+xPpM57igQd9 zRr4jPwYOyIzuU;r!f=@GS^-u6Jl~VjeuP}%UlCaODTg@{_p(&xnR}{UeV=9zHP5b+ zq5VT=Czd#7hnBd0u2*J&ZN2|?$ci}}f4#m3YbtevG@Sx?3YQH|(PwPr^};<5avj?7 z;oVub2j=TLL;{E?gb{FgxnA^}A&kLa={=I<6&>hsz5B)kMLmz@wHIIhbkZ_qch7L; zrd%-b(Gx5tmL8eV>rH)wUz6_ENGOAw$?5l*hIo8>naanKC?aIYN?gl6`q#zj23Hf| z>$i4oX)nWV;1x_*(3Rzr@M8Pr@#>?ef<3|C^X@puHp+qJ113Y*fWXwEvJ&mMg7JWTf}@q6nqoLf5Czh@!zefQ_hPhWeY&V!sDc4Nx$Qw1kv#{9>R7)roZstjP?(3TW{M zH`3w?ZNS`hfclD6)`Nel-#+%W-y^9GHOb{NaIUrSeAwMLdP|%rZ+cqxSu=SA-7R1K z@KBrO2Zw9v0;M@5p_k(wkjE&awA)lSn6I%K5#e%u7c<` z`%|O}w(s6PJp4il&#*zTOgjI4UPr<%7l8A|5jy?{e+c!QClA&v245KiYCjW8{~412n*B;n)} zx`pBK2?#_fRNjnIJG0-D{qN9DFv}>Rr?fXig@`BT<);{j`h}A88D43h@f)2d@K&?j#cJ}rM-l4{mRdNbF*7{}HsxN$MCDak zG7n~KruTbhmysIIwU~|C^c6pbP_@Eh>76DU(CK^qrX=n;w=D+`A4=YcQi+ba{$E(l>XDbr-QoIPpm($iNT2 z4A4(5%T0DBkx>-Zex0>Hz9e>)inmu0^gL*2#TNb6B2vLY+RuJeJZTvk9zt{YYYLcd zqiD#bEEniQ#K)7Mm+JT0h6z`X5My;oMt_L`C!E^8mp;(UTL*6vL6ns>O{#Q)%x~IH zxU`w$i&ca^hvIGal@XWOB2`p=^fw#z&`G--&ffF>>W#U8**7`TlzM0^!}vXuA=Ey; zQGr~l7LPFF&(C|(5^^V@4@bb*lC!TP9e(T3OC`1`dYfW!<(ecuX9xG06v{|X6dzxo z8F|nBhsMVh>YQ$Ip)&xdO5i`Bso zfQYu}r2=9q-;g^0g1v~+ohn-si@xN8no+;|>VWhK4&foAP5CndUe{~J=gRl0qjbN+kh z=%NMvCVGJ9$TH&)0k8vVvTt@S_gVAXz%^amvCl3qOD=pe17x@~4p?zvh(>VApgP}6 zS`$N2lEm?r=rN#*!GXk6?0E<*5jPgO77M)@oQc@CR|{q9zX^GIYpc<($46cDXH_Li z>t;owP(z2W1!z zQu?;{WTUM7{D4sw07Pjtd@^#@eds;Snu9hXylV&Cl-u(?i0tDug&f+nadAJ@r_f0L z9L*257%5kSS{TYdjB$PcMx{Zw#4fqfab9}%EbfY>tAGmh*_093{`_F@EBT^}8)To5 zbZxwj?k1i*y}8E~K$|MN1-;n>Um|;gM{*7})um1bTreT$)Y{JZA#*11%fo0!t%J== zR~2BIs@lcVa9eO`{B5=E>{P8+#?zWm`EIM+Kg-EJMUl@Rx9owBd)%k&y28{$p@imJ zO&|zp5R9T1DM`oa^fs?*O{Lg9={F%PMc4-?c`6;E(^5Vrt305fW*%2H`=YTHdiJGq zdzs07|HK-NiWEkWex!MLqWzA?_v}#!iKc#k`_lLRljwGam`@izIE^|=>uYT%uesU% zz9y-H+4<^UD6FInYR^8l;2*Hn;{hbobRV?S$i#{U*Sr~A11BTohnM&;r#ztcQWq*Y zNp`f(%=4#ci+GzRgS(Iux!OJJY9F)!*!eTcv{2sqC>rfAbI$eqDirA7oX^F~0x1>}lE(w>66FmV zM|W2%DDI;`EW;*u1Ze|R4tMWmwYgGwpH7+A>6L=1 z2mSwaTJFaqH^YeGsB5<6*2;bM@>P*)-b*osX^cr|lM8*U2o!^tS{gDC>a8CByat za*Tdhom#s##seJf@ge@NbPO7 zAeEGThEQZ&)GEuDRqRWf;+3KyMu7oTFwTQtaRua`)5fn5+G?~coAR3XWOfPl4>|k7 zzJjFms&$@A0{^@y;;|3r$&(ia48Dk7ZI`w{|sTve?HZ zTyqHv?Ale034;)z{$HN#IxP$aDzbj}%$RE0zW%x#Zxlm-T|?a4WcCK)gJ@CZ*%#2g zj5~FEyqY=IrblkOo|6~DZF7pNgW9^H%U1S%zMfWP21b4a1x1s#5^|5~hJM@^n4L@= zGP9-Q*B8S~i-ak~hTWj)`C4fqfC|B17npdY2Qe>G@d zj8qIG(-yXm*J-X5>n#=w6siafz4Q;C*j2-Fkph&x1_XMY-lOdxXFALZ?!s@*SV7SN z80j7WJpD*pNbFASww7|=7aFRI$+<#r#T@-@a^vLS(NS z^k#p>A3c2x&^5|mw=2!W+}FN&U-o*>&uJ^k0@YB}E=O%}dSLeNUhZYcsrn-5eOCDLJYshBmj*vG zC&l{p_6D0{T7?PN^tia8XHeUZa6P!v=i4K`z;Y?5G!@yWVXB8%o?|w=t?@~oG!tK{EGG|k-3Hc zD#hCzhVg!VjO}=}K;-MIzmg8@cAhE#XX zgUW05rt_+uEI@?`s9{9hiQH4Xjf0G5@Fw`BiF%w*Pwv=TAt}}H_b2D+LY#PC#5_tr z5y(CE{012L5EUvW#x*eO>5!<`!l2LBEz}aY)S!ZTuF0Br za0nYpdIGv)?+aDd97TICR^Etq70K6qlF5^sD&Xxu(({el15SUXCcGEB8qqfSYfi+| z)s6<(r-AB7!uPo;Xg}^xruMj7$E{XQ4FQ8NA~NT7Isupn=@dCS)!P6F;swoHS!U{U z4Va1sKg-nq4v$wwfYI*-U=~{kM&sL!oF^4QUkt|c*or~$1nV3%eUAfD+zVgV zKiwdR6FZOZ%9r@1R800b%_0rUKQ1qAWV81(#2QJ4KFmVe8zM)wR3hLZPzZofKR zHeUvkg|<05=B{`rxT;zkakTIHI+v%+GM;y6r*tb`d)#BH4ErW2zWrWUn{I#;M4uaz zCSyN6Zkphs-nSjK9zMeA>7%a3_au6fgjt^87WDff+-|zI-p#9B#L- zrt-I^^f(+}f9sg<*XF2eQ9r7QB<450b@J%f!kkl^rvPeLY? zfiT4VApF+Dd8cX$Ija=Rxm^2UpGx;;f~cr?$AJnH&t*x+|DvfYj4IsOEn;uKA0SKmGmu zGc8&qRgD?T3M$Mx%qFl`$DP)@H8nM6)Z*xq^8RFGfmi@r>zSP$2$9fhpmOvn^xC&v zOeikzO<=(^;K+3yUJf?M)8ABoq=0+7#rv-}4b!1VI9l@Ji*>!KY+wlq@ z>0VlbjMOkc(~H`X{qN$ItaO#HecPU2#r+G}U~Ed7<;!K{z+VI!5DM;ecyupV^V_@oFh~IL4A|+bvQL%GS-{!)%pk!pgE1^KwNfwq%z#O8$21jE@yJ)r5*IGtTRan6Q1(#=bn39 zK>pPQKpU{p9Zo<@b9a2adVBM|iQiP=@@ExR_OjcFH4!edgEo> z04BGXC44kwWu9*R)wl4;Sw>sN3v!V6^CV`!_;4imQ1f(w>YaiZY0RkG!fam`^Qi#o zwc-8{Az}LX-S2tsXU8US2pu{a&XsAV%{qOr&-_+$Zycpq z-d#_CqkZ7#-gt3QgLlb;@kVjbd_G_JRz#n9AOpa3u1Bop31@(>4)%~nXDM)8yF=IM z=slF-Z7rds|6=w&_eV;}4|yKCHv&6AcO3E-;wiFad>dl@QvhN)a-YG@U)M{vN$;09 zP+fmB0@O)S3{Jx>g0k09Kzbk)c8kAY+;{7AX ze81=z3BtYEOCAcZ+};nLJ@c>0d8o>M4(qfU-x@{o_rj&BcMV&>L$qJ8zm`0!w~llE zNTlvVLxet>aOmihQyc5|Pvy6F2yq$f6b;P}daz)CP>HC1;oOmrBM=Gb$p@uC+P8*a z<_wGdH;R<7#HeBab2$SEOu14{_!$!r-P52{f${6daAOR4+%1_A6@q}hAk*S-`& zkT49Tgz2DgvNh%a_WIrU8p3R$b|=v>@~W|X^VYTQAUQDM^8~?@>_c>wi^9CqF)VNr5iILB$|1Z*HrK{s0CtH9dJJa(tr!`9Hl3V=0@? zoi$IH%h{D=P0vX?pd(P73`I)|eG7D=y3eQy8OOzDlgvEzH28U+=^2EZKxG^Z!ANo- z<)fa`jRckMg<`|QaGP;?aliF@9BE5BxSknFJe~e54^zQlU^$<58l5pUwb&Gq#PQE5 zp3y&+uC!Yx-$W$_YGlnE3!mocX`@CzNwfET-70+-F*YFugXP*Gn!@!(; z-n1a$*2ntBL&ppA*x>Fl#|=kF^lw9uAw8i?(|~+Uy}jvm^{ZuJ&6=!Htuhg`-Z@K5 zp*y(dlG6f)8c>;RYu+2RfIGMCf^cexP(iJ00ejr~V)vOMq{e74wzZ{7A{`l-0$(}f(JC&+i;Y98ZC=hl339|(r;^V36 zo$q%jRbBf1Xo7OhTuW-Pea)g8oArl*#BMdaH!y1p>+O@;J8i_G`8CliV+Z5Gk z4sDIwu!qEj5a64#r2JE#=`U|NIHv}|yDp-A9gyPF8sT$#+a@qeTAlgR(!IH-bjPq2 z%Ru-FN38duqr2Um*~{P8$Br2TUEK<^r>*r5g5<;5g7~TrX|b_L_#Cg|OxIuX!Qknas1_rllWJn z>#U!vjLG5<=*Q_OI+a%kl@r={2`Bsctx=Y-MDF_hX{Q^s$n9JfbjG%X7ccEHz&< z@r?jRT~Tz&4zgpxZS0qgaD5f8;rYir#vdyDsDw7UE zhM-?9ZegLpIdAHV(X9Dw^yFaN4|{?{1?o*&b{^P6Nb(_rTExDX)Z5=r86T z!#S59N9}mT6JoyJ-iOmZ=6PoN%n@&Br^Bv%uL@qB#kukdyXV!>pP!mULhOrsJ=B_8 zdFtg4T%PZete@@{anu7zD}Mw48%d?D#cZFGAPRXVx*fSwC0__`Bp!y|# zAmO=k4x#f$z|1W@ODvf1y`%@E9;+*&Wi~sXJGO_3>*4kr(R#u$G(?dTPpjhj2dv6h zpyA%EEn)pC1~kpKB@YFvXSIn?M|`&J(LikzGjF-TZt6xn_K%i}tL2$@;Y%@NM9#I| zId1s-N!B=vq;ZNwtvbgLF{t(zATi*akG^dBY16&)+wz4QT=l`aWyNVg!&DBij56Zu!yWXiGj&LP zp3v3NIKH`uOu?2ZM9Z15{?Z=?rZtqH7ygq5b7(gm~E#RUg|k8c&MO!Xzd3+b14uU6S4=+qoSp*xz|sVq39$meY_T;GN@;Ae-y^ZI zH`;>q&sT$LYN2l6$!#h>)r-w2g2D(nsQ& zZ1p_e(E{b&5<+b7Gnx?-=H``r4)w6Yhf1(AlOD z8+$L28)yEUJ*AhwZyiYwpERcTkOyZ`#f3m?9)n&x7-AJ8dSO2VVE`kz+=Q`)++7zJ z%CN0C-(6&mW7fO`J=t>dYo*I|8*@Q8?tApR592sJaq|)StDpL5kA?JVF6#lF2!wl| zP-k9%LL<*d6cb*M@Iy74v{8L5A7XpctB2#ecn|zz-yYhD_PXss#=@eh_Hf_~_6Lxk z4>cTSK(-ScA@+~=L-7!o_O86?bM6Yo$tUuWDZB`MMM|O=YYcb8;a>Z6_f9!yIS)tV^M0^SEZs3 zZ~F@2zI#CSzI-!jH-2By&8WJFj2Th01iB=6x7KSPs`v+2_=Yvo<<@TXH3yY``y0d% zu_ZDKPEMbls{l|hvA1%PEj2G{2Upm5BkrLRZRpy44b-n+#tN~?uBdSJBjnnAL^CK8 zakdOSJ5yd~=p!vS!##Ld8ySE0Q4q3+MnH&l`P7&(aj=()w-10L`x>x@Ex%>J$40y- z``5jAbzP)S^?AQbOb5~3AJG8Aa?GDnK^xX8B$9;YPGlbzbAvQJ%{cRe ztU#z7#U`wa5KBXSf&$R=MRDWMOFx2k@?>5E4hD4Upv??GqfSocU)YN*zxZ%^e@WrM z)e=)D6b7*xlamcWJl`ds6}ev#?rENNJiXs($ONCMLgXiXk0&0_je9w6E>ioYp|>s%6Z3HP33lmyRMGl3Kk^katP2xGUd}gcs)~(KP|4B z8+TRue{Rn&Fx!2O|Jr)GJ_=||&G+pdKEivc!TV^0+HmEQ;djpbb2LHR3*Sb}3O0?_ zg7*&B>xk9P+c)(aPQH0QTYo+F;ZzT*Ys>2u5E--Y6YizJebncG+{Q~EMGBR{P&kW1 zb-wtr^t>*Y>3S%mlUOH2|9m;&m3u4i=5gMR$XYs{J0LEjH1o~TrsObRmsEWpg$4Sr|b_( z+0@GMPb79j50maZ%_~|GqheJl&(Ln5C1{#{$VyLCo(aLJG(Lcjxxhba>s-h6dDCd; z#vL;n`27-g9Zg+!q;UbS|6X26cWVL+47_bU^@k@>hy;XJP$fKB&;1^1&0F)<_YE%O z@W);1f%W|4y)lQ67HPmSzJwgvbV(sFs&JC$Lwd$U_Skb9`RZI{=u3Ur?D4oxmpy`y zin^vw(5rs8=*>D;JfvSGA&vw{)jpnG8ky-d^H}l3=Q8ZSa3ZN#!>Z~&bxF)Ts8jN9 zZrws2wEC+KpXS0j&hUY!rV{MCj25%`Fd0klU4o47G>I;}XFEG}s+iS$t4Keu`vyCW z>RxR*!0%Lf-UKjF%>E;MnCe9zxKjvT<|wmlon4z#kbWWB=jj65VT$NnZe1YhZte@F z-*N{I?XP#H>%S#|0quSnpg@VAup9|tN(|+7&~Gh(yPv*gQD4Yki}E0nJy3P2c)lJT z<#K!7!|&rPlrx)l7vY-icjVq(Bx~3Mg2?1t5QIItIVZ0C1sM+y7C(45+NNQ=cVGG2Ovi5}$7W|KQJGf>nO5fcE<_1o?1rr_(B`@AO;&vrLQ-!l9WC9oofj#9U7 zX-XuMl7EUmD=0?2C8#|w8+zt;+&`)H&X0riMuSO~ z#jwkIp+NQwU|hn{+FAe57|A%#X&96$Pv&2GGM>P6ZDhEMV~Mxl?)CAX@Ln4UT1Qer|#@)%IVJkf*I*8Ggue7r`?y6h>yS9 zpgN}vu6~5n5X7KZ+8&H^GviDL6oOoLd%Xdab|mA|on`wq&#%~O&h$8tw!0{$ld{6;W z@CxMIx^phvW&+-3AkiLh2@te}$IglcczFa?o%UDFkF7 zK8BGlKMglGsmsZTQ~dz7dqa-NUnaIj<&4K0?0^T@S;XY`!W=a7^OyJKR$i6tk~3dg zYt15oQN}v=^7i;qrU%t1q!OzO4i@*(x!q4{zYeJ$^=NBmhr?A^iSQ6ezxH!g+db%g zEF|ZJphl9WZdvFU0BoMvP%$k;dg{w4H@SVhI1)=xKuOexZ>7#_|0UNG(f!6_Epgkg zjeax-bUF8B_nTK)@g?a%nC(`#x|x&!BIqL=Ds2OIA0PbFe8p!iHiuK`PenDOdvc+o zd$w=)d)$Zj3th_FtdccDzuRx2?7q!s`(p_0l2%|FNDozcgym&fO=imB%ZkG`&`NKA zdz)BcSwMVJX)<6R6`+eHu^&5HWA)I}t%!UIv_Vqig{ zH(t4Xf<}h3K>pI*hw;vq;_Qh+9P1;pb^9=#$A6k^&ojc(ASxkc^vL$Q(*4T<;jGO- z@?`wUE~2kv!K9wDY69G{SI^CDJN=m1-M1&uAzf2=-^5D?eS26*a|s_N$2<&=$NtG5 zp7!U(tbkf@UC|!P9ydT%r!~0nB7b_o#=*F>7YgAAzP$%V`2A!xO%14q>%XrO9@G>oEV3Pb-KT#3(>S$&k`>uZc#h{ZWY!KOSQR6`PBV{ zzQx;gxI7;v;_;oCh>!lpDV0}z`4Trqn^yNU5H5^T*R=E9yy@$g)O353P6P!M6%WmI zq^a8nYkH&k>A4Fk59nkTSGa7&LqyxgLNc51|G-kKBLGzoRCf#q`_x8SIZ?`4>;VX2Oa1EMpj|!@Urr1-X=I%j zbJOXbcW@LPWwI`QR;2+y=g$A>b*vIg(#3!+ci&*ptVGJQa}v~1QPn+Sv~&~tg0FQr z3N8F&l;e$VdyVrw2u<;16~@Qfz823Lll4yb{H%bP`d$A?KNt?;orm!jjXQhkF&UTB z6BQJkTjdw>7hGYKuveI}`ZCxM-ci*q(RFY>cBegDJ9=NboH%@qUX=zE%aLAuYbAyi z`MoXjxfJMeK-h~LvbG)hCmkWWzTV$hkIMVVy}is|PO2;1dezTR;JaD&@z1GY(k?%6 zy;wKh;0j1_%cF~qCu2zH2m2?H7bG%p;%ok3?x59F#ZeXsdV*crbi1{6>l(+A4~+cw zgLCwH_>(m3*I7?RdG;1(S|+pvj_RdG_THPL?bMS0bHd6+_aAK7w?{wx%kOj?5^*peKFPtu-9m5P z{B#dt#hmb)z z9mgbL!oDVyqYeobY5UsB&tjzIZGA17d1Xl)^M3i%OzQFZiI>&um|RWxyTKPMD)##< zD3T$hGol2rfTX>uxHJI8TT7@&2_s#AU^%?J}z{u8R#g{~rM2u;{Sfjb0MZxl4;ZQD{}U(0J>GgNf1j(b$)gj{uIArE2Ip9iw=;eupEzDl!)bBlJ+~L2M#XsY$8Dvbi z8O=-8wo$fmF0H}=)xt}fB08)LVQw5eulp)uMFilvYa@ZI6fJmbaes8&7nRX`JfB5k zLI)~)&^(C^6?zj-D81%`Z$43SqILiMx;#$)CsvLxl5vLc{hl{gx69+&M2uu&nS3j{ zyvU1-8}Wj)=Uy_~1BmXM!U{7id0UcHnYb6_ZY-*D73p|v7hR^|1aMV_><&s>0riH8 zG9nO&ro2Bmn&2ZBJOtp0U>AHc&)9@(@~+uC(L4#cy$*x!u2exkeo=s8wB zG^CikA8V-{-q^|2(yoPOXz-y04q! zxu-HbsBP^ZkMX!yEL4E>@Dox(Bampy>+PMVb8#v5$VQ&-2mLFURc4kB6W055QQ>-LSq-W~;JW$Y}J=gvExb(u9!l&8gLwbYmKWV%WpN7$UdG;)*uctnj=H6OMPA9Y-w$)_pSTO`JiRrMyc)Z(~!`*@R>iu3gwRjn) z_(5?Mi}%ziS7pk#oFJU6i)cC&57a9)R}np>Fl-aWa*I4qD3V`~KdR zpTnClUUbHjb-Nap>T9>AJ40IiPuCKGxmp&FvHiTRL{cUX9Se~dT<3}m#FGUG4;mOk z?f#NGFX%0~SA+mg-lt3~ehk^Cj)+IpP`kB8fR0}h5c6zYY93nu8Gxu*+PrY)ruGrT zYY?}l*4c^(ah4B<@LScXXC=T@j_s2zc;kV-a%cxjqWIk|`Z=_pCT!|{(I^Hht(CJ1 z97rgRcHT2(vtap6xrL)y$#2&K4(e?0d$`Qv86ENq8m4gUF3jweJC8GGAwg3cFLXD$ z@u9p)Z~UR1w1hi*X5W2tTXd)sly7F5H0GziN(wYyUSG5cPfcY=#-?QbBEdb_?t3z; zOtN1-6P9>qeK8k*uokyFJelXAgcaCPLmU3Z36OW;4f3;+&R=9yCYtUrUEuDQk;(6H zL{j%ik_08Zv<6x@nQH;KQ*li)YAvd0sGi^#qqK#vDAuDR*V(@7t$A9KATR6E@_9TU zY8kUg*`uG!Js7-|&RD;w26Z+MwR~{?&{K7nkxX%7kJ?B#+Ztb%R0IJAc^-*!qt0pz zRIIWq5QMUMdd1hzeX5^u@wjZSZBwbbwkYsJSWi#Z*Kzu|vi4(>+HKs3OM8PWB^@eR z7soiE#kP8Hc?A*gYv}|=s+jEA-%qph9D^RSyVH_GNRWt zFwU07;M`KI2Bio(oH4Lqz4(DrXF+&>dd1}{#l|9f8C=4WqWG=`EC%+|FAc}V zgy1Js%W!8jmRwmVF2Y%BiC5HU<3l*{4RIA0StgW!E)4SySW4CqR%WFf#rF9=uNTFD zs};xWThw!Zd%z?mZD3Dl_SyKajQ5`uC1SOK16mX$L&_I|NnZDCp&GA$+%xr(A2-iE zem;spSkdVuZYRZ4@@fx5N@-u0VqZ(8nv&fbn*~tj)~p7b{0jGACx&hn;hwVyh^6)R zBKNhzJ@m$a`6q6xv`9bG5o^){0XW<*c3k+w$rA^7l)z9d=EXRTzGrzef3|y)Uk+I< zW%-7Rnx$w%QWkgn9J2g0b-(zd$eeE;F0Z1tFAvfBjNQJ%(2v8Rf|0S^=#bu@gwwrx ze~zaygS_2=MH+K{dn0!Qhcbq+CPzIbUCMZd$6w=)fgd}uX zQC%u~aP4`&{oHFGJv#R@*5oj`PS+`MylZxp+cN=Cd9q?O3R$?>lXL1)-=(;r-P!h{ z$Rs3{X&JI@o}T!NFLj4Y03hVh-F&j{;VSyQA&V2wO}&!fT0h};WyWV*RYFqF!INN# z=7*gViY5N)0MA+D#k0!g?EJiz(iXVyf!@FV5>IeLBHwX{d^ff1bmp^3e;ek*V7}g) zFE*G>y^8yi5$4ZvJR8;XeA{YI_!;D%Z^Eg9U3K&*e{rOt zRH4;x=In9iuhmLL_db`KRK`6o=C}Rp?Q8x5r)Gyvn3%_Cht}G8hEn`jE(zBFDeGgn zuL0>(%)s>jw&pig<_xgDv+(>tzU^%wupyigq*a z-+QU1lb95uvyFEoDFzd$l0GX^lEURDg$rbfMhbg^pM4Eb>xZ90`AVMIWS5N;;T^mw ziG3~e5Q;fDOm-%f3fslMk%>fDZ8v6Am0?Y7k5{PJ!7#*l9UshSg*{A8_%eN7SHDSd zwEKF!!1UOTnP3@Dulus^^cUQ3j#vqw2Ss~V=yoKxj(g^}5( zVo2MCfcvO!#0w%ydHXVk($3ymiFV$)!g~kHxv8U^oMt&iwA0i+p0QFMXy3*z)2G zMn=GeN=8nZo@z~B0n-}*X5VFtHrswT64VP}++ozz7nuP3Dn9ML%tz;7SIpffK*B?d zqPxZ`X*(%UcRFZ?FK* zC8-|jbvJ?5I4JDjQDD?g3;*sW=X4`eyQ8N46X?$AFX`^3A`}wJ`s~vM?n5Dxri#C# zQSet}b$WVMf6n{}pCau516RDMr*YsKBlq4@sfT1S4_9Xsc&s-@)V(oA60Y>A>(YG?-7P23 z8qasqfYCD_JA?fDXk2UY)ut&f^#o{s90~cVM2z=&Alg-n3wBmobQOlODk*8gco&9|<4egs(K7^gK9dG1R1O1o&cW88&y-#w`5 zE*uepJ_&SQz4SPo3G4@|aAJVZ3evhg8dC;0+J%G&N&D0US-;l2Q!;cHpH1zvLiVec ze%Cn0fkSBe~y{m<)(T z#nCOXfI*~K=Y4syAG$#73*pu9()uA=``(mok0DYD z`5w9A1Cv{QUgUQv!y`I{CEH2N%Xi|m=yutaVqbL)?0(ag3B1tvH$pQm6+{Tq1iJV8 zVr8AeiNDr&d+%PNaDAFMS$qYvgsn>z+Mj$omG76z3Lsr%9yjCBU-g6Z_Z)gWfm}8g zzkb%rrkQHX^%i@iGhXvOKw~~x^z%pjZ^~+{DxwZd>do|U93DfUl2pkaH_AynkPPa` zpi<-Vi$-B~UU5l}uoIaf{U-v)5udv08u|GHK`Y_dpJO%{aFa%C>V+Ro)GxL_zG?3Q zz3Xa^B#e)7yUX_kDphV7mGi6Y5dEUuhad0iQxC7_1rh;&4u zpERb-CAUx62LXXPKRdSm34&|4tay>aeSX#n8L09;>yEduNGkILO`&>GU6x~}@M6_&k z5xE^I*_x8CNVLTy%=?V*KfnUa+ujvi4N?OO-kdirfW{YRzm(~?PsF2PL~{dOCk17i zpiYi~1AlURKEFF<{w$Z_cCQZxK_Z#^n7nbG}qmjWPgZTko?bm;nf}56L8X)w)Ce0wut@JLc(|NEmI80Z71k zp1nn;&lUEl1F=7rUkG^e^i!iLyhra-<#=(oq=Ycw`JTSt@uC$?kSkv+l`RU^7UbP4E#M*Rx|8=LcjGh@(!06Moh`0$0vC-otO+a1Pe$nCROE6K9(kNs61RN1J$Cm09a;(8hOPugDhTn|F| zf`<#FRxs2n68&1r`_xR745%t*vv(ku`d&*Kae2oF>3PF+QZ-;!#XzvfDbJwke314v z(Cwg=eK&!=zb?O-!gpzIT->N(l$D>pL(?Mddzash#6+m)KmJe$#Dusg zj$VwozUQgMmSicfdm!?9pOMk?bZ8<~^Zn=0U84#F+^PYE7H^9%MLhh3gHLPfou(uO z-Rym1!oOPV`pw<+@f@()_3&g-o4^q*8(f?8y`7pz{nD4*sq@~JxElbsA6=UQ#C2bnmWL^Lx?fjl>fn>zO=V#qJJYa_V2@p>n~^_@ zTc0=Te9OIyUUhA^Y5wmWm`r#*;p?WGUrEQ36a6%&*bmNmc_2%YtgaUJQsmcpmJAcT z$^QIew`ng8#*lVZN}6c-{fRSW!8cH9?3OkH*L z44PWjw|@<(Rt^`v5KZO%`@!G7T@jC|#5KL7LDrFP(neN{(lxqcF?__TFkG}xd>jq; zTW5&s=b%++;&*KJ?di|yuAdf9=#P)@ldrj!JY$XwLi|Vm=E4=!{5F!}4y+2OeHg6J ziT1UIR>~B0Ao|~u z0E7W+xoFI=y@ht=oty0yLP{U|iC`Ncsj6tAcGc_Rqjh3(@VnnB_~H!!E;3H!&ufCD z=?Soo#+FjA^ItU| z7+N=xUuz$xV1Tl3PT*|gi--w&aIHVji(z#ZL#+=o3!}dJR*;|uZaw;b9#2uB#`NwU zIkb1UIT>3ApHNhRm;YWXnLmC%?;2AYqd^t({3~$*OctWyjt`C3wO9VaPkPguDTYb5 zUJF`Fp%3PMq8h@NnU-FL6I=ZBfu4Ue7%X4~)e+Og5$Uh;XP6X6mhxrXQ>(08zwCLd zkg`A?OTX?;GOEJeU3YnYhb14OI^>SQE+Q||w&XavCBwg4=dz1^g!t0Fdg>w|c*?X- zGO}`SEKFPp`^gV{(Za8!c|g|H+}9r?yTI)MOtrg_9O?R5X>m7hc>_n}tZ#sbhK7>~ zT_HKf7oL2z99~37siuVH>>{e#eN7S-5_f=md)L1hL@ikrt_W>ih}DeNRAY3HdQqJB z18NfmrEBQ6%V*-3_+5lOT?Ckt$pAJzdG_mSDiz%_mvi}`dm27LmrmbfaVtRc zo93v8>s?g?3i2DZO>H&r!Mar2dCI~E7ME9kwKf6DK^K~Il`%E(z2^t5>{``ifTbvn zc@I)MnipQ<9WpKZQc3T(H8wML;l&NHG^>b^sDsd`zZcfC-!VAK0w@cQbhuvP%gj0Z zdR2TB9Lvkm>M&aQbz$XLLDio!>2lqNT>&Ys1dFj6L6384j?*pimqUMgbXQ*utw(ud zy5^*?wtkf7A9yp@=5dKXaORnO>uyEktEpq*uTO|t_jh?rg&P^h#+2LT+z;nK2mpG> z7iIcXjgT1=P3#{R|E?tp*Fy$@xQrG$gApw6Q(;tuJ?uyp8+9a!TdT2$Do&WNxhX^HLrz^zTw^n@t7s zc*IMlMo7?j5B>8de#Q&T2uVOdWf?36E&G_HvtN2EQi*f&dCRu7X&57_BXuoMgM@VR z_v@|?c5*SXksQL?&?>@DE~c$L9Ld-9*vIUglf^Y_{WiYs+s&?cu0q!En|oK2XqZ?! zW4#tbVjlSeP&3}oJAn3dcntbZJ%>48>&%LFW#z;g-nO!49m_!lijAv^eAm!rt#GNW zyjL?ubAw*aI?Qk#l`u#dFC8=5{bj!zMG{^f8F%-x=7E9d9~3FQHyPM`?u``EBm*XO zjeg6%pNTW=OX=fM!1U`JU`UX{+27;-qa)-mG4KEIvCz8eDq6(kRjdP#0U=^v5$Bfk zz7L-1Sa$UHRyic-5DJONUY_5mzw>UlLRRwY+Jyrd%cuGN*88}5g9Tys?|?ewQOsU} z-kEMDQ4M(pcOY48t!%zn=Xa!MMHDx)am0Ehk}=%AZjXC?M*omQ5q=GV^Mbjm&ZHyd zMFHIyVp%({-m`(uq)NE{9+UeaIzVUU^SQA`(Vz%kP$VKsAJk>+?y`V@V|m<5#XD~a&-y~Qwr22*O;imJK<^p*YBI7CwLE~S zg_{N=2Cyy==r0-}XdJe!4%D1r(2*_{1t0JIr%xyVC?Y*&PgAHK6hp5`7yYmq) zqQCw$Q&x-(Cgb?u6&WIf}hu z&66Jo;nUQ`zFbb!x0&{jzhBD=sxqP2v_HuF2Ez?*ZJCD{p@q5Sd9~nbvpWA|d7ht< z|E8&TEl+=*3(H$5ruzK-*7>=FQV+C|9?Un*NT@~fs&j>k-3Dmx1Dsv$_#l!>B!b0( zgs)v2xASLXXH`EamR}C+4l+@PJhU~?32fgmq*G+a?t=u=d*#&E>`n@w#Cvl`1t;Z| zOXCxDV1}sHSX4JivkYa{LgT&ggSIp|JKnK>PklK%4xx$xuBpN391Dn2zo^ zQT&y>@)k62=)V5JBMZ-jR)nn8FVloWN16C`q2qyEiZmRRSITW6 zuH6Ist`)WxTn}4P-Ltq)v6{fS+uGM`-S0eD**+Cjf9B%ALXxj^unzDZE~Stq!bM{N3aTr!2}29xwdp@pbA?{}=U|IB&?e!pbw>FsMXVY4A@U!K`# zeV4#6104td)v4ezV{;yPN}H+YK|wyrVH|#e_8OByNg7&WK1y3+{$$d~=)&q&DUbCI zk65@mK_>h+edTvhWQRd{RU~)ph=|s$i?6#x%agz4s~JFlxMsF*SRIRiK*-4hNj@HP z8>@oqS(oMN-yVDrT)sDw?D=7<4??3!rBc~j&G*1#+QhCihF%hNT)c5pP_RPf4A<-T@4#S7O(<})d8Vh`t->UpSqIr5M{ zn@IP9{mR=j{Q~eTfW~~hSp6nFXJ=g^&ZVRJtLQ56@D~bk9ohw(nwk_h9jL$;$AHZS z`1;jUTSGfbNyd{>fWyP_wNd-j`@(UP^x}Y-{sGe2dj<>&?0qUeGWjiAttAK0_}mT% z>4dJ*^rslW&$?u;><-a0G~-=& zp3Y~)rRs0VU@t7WCDjtuk&Yo&=@jAZCj^DeJ;$Sb^^3E$;3P&>R1o;6j<6HSkL14j z;Zcn+*7`#*-ktw`udbV>+d_X@fTwHcOOh`m-o%)R@=*pnx5N@Ec3pE2N^sgf{pl`} z8T`@DhJjvz#h|1eg;7O{Zyd!qJv_^^`QSzTnm&n4P-;>gM{ zJjB;#Fi^9irK{f5`;^a@r*-J>&Ktclk?X6(@~?|NrynO->msAFS>ZhA81SX|2!Kb9xDd z{5|gvvi|Xjd~@L;*=g$xw?9VXn8-V1bV-p%zE88qwI7dA(0E>{%5p(vI!=isXAC%F6Ndh_LVf>*d#E~KxJ>b?goA9E=>j_OL1d{@82q({$aV{^-~{Fj+t zWk^W#oN6&3yEDdPc)d6;*^8MvUCH!lJ;~FlS_*>wIE+W1R{+H3uYcF}Y`jE~P#rDu zxsEJo>$x&VgPFV@-!h~j!1fED^K@Z}IKJfACe^csS)bm>$*rAzboBw<*8)LX9eED; zSTXxT6H?Me1{`ed>`I^b=MRaJNZ+Y2=?;n7GtYTL!V{p*ovb4~AI6~;hZ;z~OF%WszoBKWl zvzdoA@#RQvmq*8Vcw~T-?YV^HBH=cCm?7nd1~CEq37IeNPxe3ayS! z+#6fTQsDG?in$;1*pJ5M) z9$M2=h>)NC!RD6)xf~qasyD)Kv8ZQE?=$X?d7du7jlMeN?XT-1_-4e)`%A7_sIO=x zbC9&;AE$oeo7Mpt<(cR*Gvn_6u`j9!TCeG7Agfj>>IJ$Zfkq02PcleS};xt!BO7ePpl$s6mHP zo&i?b#e_4fxk823MI%ytHu6Q1p5yourgpJfuYJtcDN_%JnE@^OllkOPsh1#*k;%g6 zn0KS;*(chu5E9Ul`_~(WEB+o=haYKuVM>elt17RX{D1+>;kEBqn+}{WKZ>n)>~MUA z_RIdQk!oL!vNl(LtVU6?aNgyIq2Lc{R-wHR$GBb~ReOz6zF&A0eHYVY}T zGX?kAo+s-i3Bo~OUM84`P$7Clxv~@>&I%c}m-{zcMFhu{w4jICeV$hqZ*AwpuPqNj z@bFHqR!hV2{Dkv3@XY&OM*sTeWg2oHH^5CCqvw}dK30GGYgpprL{~`8b{k~#ux?c| z0F58N*tdNA`@PdLw`TX`7B#-)e%IX*2>#}eF;4NOWN4av={H_O)+=Ipd<{%9#`^`~ z&n}X;<^=oV_SA~){^5Oe?(yrX-mqpmvk#Nj_f!{oPwCHy(C+_8dgRjtRM5E;OjSX6 zu}yQQn37+8i28_!QxOYCa;v*&9V;3K2*7@{%Ea5Ne5S9hQk&-(z){-?jci!I0Ww&j z1O_Sqb9EnPFlk(o@0R%QG+4dg?z?w+Ab%QWS0!%U(n2$^6b$(2gJ{TN!-Z%|Hy}M>z=NbiWGi?uM&2 zvpI5CxXJqmZrRrw12*6B3TJ}8nPDbqV%hU})sMcZMca= zh%b3j9{X$G15(#e3%ed zuMH^S&jDla6uUUxh!&=l)zjl?oRaPp!6S&*LMmu`!IFP_FXH%3JP@9F*WDLyL;G-^ z`##+cg~=T80G~(Q5Sb@OxV2d+zk(wNP&0cuCC)Iy@wP=EDms_CkQ5T$7!e0oMp&?{ zDs)80-^8jGnhY^&tU}Z|*Mt>`FKCYsX&;i$=hh>wM6Uqp+DB2z%kQSQH?o0p_W~#r zd3@E?{ueJ| z2hJ4n-NY@QgR9%0A#8sz$C?Kx>*ce>=AHsx5oUPq!dw;~XP(^Wer48tJNevPG1{7} z#CH1GDfiaDAj=(pflEe9(RZ`z4lti8Cw6$FN|H@$)9L2jKsi+ zhDWrQLbv4tWQ_nKPfEHcoe;t}-9t8jwMFUCf$6zHtvr(9MEk+XTySeuILP&sz`6U7 z|Lituizy_|(W|TcEJM50^|J6j#&O1tPJWw~ug(}20%dq^UDSQCN}-w62IMg!HWt$w zJPC^{U&CF-ilQ<*-&M64h1+K*X}9t#hjan$og7s)6Ek{{TLBXiutV6As_zJ`XX38p`RrwmV@- z^zh31HM<%#M!J413M^Fn}x1GbH2HMLFxx>4bWNT3+`rf`cTfDy8z5u6%nt zd>7J?MkVK#k&LM0GVEPp=5dr;eK8%O$v!`$oXu@^ihf@0$CG)JCu@C4%so9Wz$llm zWrD#&3p>YeRx)|b2jeisM@|S1;nBv10Pb;MCUJX`gNMZQ)<0iUVOolJP^0Xp z8uY>4*RZdl({`RBrY1kP3wD~%K0%Z9~5T{{lPq3-qib%1B z1n%-dXj{K?3$7{Dw7&3`Lo%8}`|;(1Cy9^G^%lI7lqbJ{k8Ho+HG#l#IUYmAw2wa~!x!>Gzt zhEybF7|R4{FA3Zju4;(%L9ywTs;2`v$m7n|}DD!^OUhUH7& zEBb0)pa1CEP$Cb$hyZ8XK2mE&V~i%9tdi}{COSFO!0X7@H~AMu;ZlICmiP9AE%jregda+A3cF` zHKhe0uJ{^(spv(qo}A$y0O^ccThp5tCOkZb_p=9# z(|c=zocSOdzR&osKfk7}e^r!?6;E91MQPvr>FNEWUov>e9PT?2SuL;KDL&+gV z7LQGsWI-1KD{@A%!=t*CxNYWu4Qd;}%7IUEbi~u@@$@=X8d^fpq|d)1Hs4Q>`+dma z5V^LjYmDy366pmKD#?8R>wA_c$M3D-dU^ zp1PAstM<$eZv;^ZINH% z`^){sp$G9dJN)hUJF}$JPw^uROd|y#M4nGFJ&##Yy_7NXpOL<$^d(Yi8s1e1Q5W)X zw7gMxv$#~Ma^leh{)>yV+4}war+K$iuY(ZIUHRhvg^QUH2`dq*$7Iye0XH?8Q*J`= z(7)lgjdCS&#}>`rRHviqG`zxy4xyA)r!il|e3uLmz>v!!lw{%Cj6LaPV8!m=seaq% zWAcS1mccmbwudO_K948)f&0QV)*}k^%E5p6oYZMvxF^_r_fy2opJT1J#{b@eGpyJw#(OrB3 zTHVjft={-JWV5MDIQD5cKx3M4X^Cd`ZN19 zrlzJm+H94h1n(uT&E)E~uvs5pW&s8D7H#O8=<9?b)>BN;V*{qHj`w)y*mvu%ktPVT zzXN5+2Rkrbyj1&SGVcNE{kJ3o1;rdMO{eJGgpmW!c2ZdX1eBXD7f+h046nb_umwKy zv7OyBPz>Yuk~|l@fliDM`bQf*PT6(ZPa4R8_?v9Z_b@vke?HERGoLH-_JJz@`GBRx zC%5#lBd%`q8^}tV5Rt3z*Ls=oy8Z>c0J$!e7M+|u*_GxW=pUBnZJ}1Zc}(2p4a#aV z{=%&*izO}hFly|IgR}?spWTXglH_(g+VOVMSA+RHDbJgR)>ZF{j7C{OgJs`1m7aqE zdxv5@l=n$x@GJOCso_XGhT~aVag#~)-IUbu_lr#@?Y!rY9P-0)xfbb_w_})%6!bP= zypfd7N5gtF>*%Nd0(gvru=Ufe+i!kcE6CY>PHvqz`e-e$1P;E%;+EzK7TJ69t?duT zbV$g|q@x#Exn!Y7-F+4006UHXQXNgWw$QgPer2D6;ur^*`l1lk*y{+;YlO~Ld@uce z3iA|K0p_?Qitc#h?MQ-vA9OO+rY7XULwU3=-!C;EKLwkA%4K=j!F-Nfn1>^r7fx=Ju>xO9|@YLbK6#G2=K5LcHr{Ao(nH}Qo?lfD> zv3_>3?1GmD-v0Xm=R9+I48cBNymJ-z0`;}f@|iWuuTGC2I1992$Q7VDyZXT%$;@x{ zyWdF^_LE6hKG@Zdo0ksEvZXvNIMbuohug1qLvjguUHb5#zRAD^B|g zbS_S)AeE+n&*!C+Ml6Ej&qWacbd>lrH@d;Vz|!Q3c|}!^Fy*=tzJcI6p6TJV*Xs91}{}F@bJT_R^J$%s`Q=vQ<$_Xm1ZYIQ|PC# zWhiKYO0S)Ay}v{%S|!+Wa}BqehmJV)JZ6YLkrEVw@vm>pGh}&XJ<8rug=t01hz}+d z3!q8QKehGN;YI%*v@7_KNHm(|Q5jd=X%@ybFT!}c{1uy(`4-;S>!*_39{#(_9#dNx zg;6IWe|imJ^yz3;_m7(Z%?Q=v{oI&;Q+xk@cD7EorhV*BvNSZ{;|10$29nu0 zv;$pMB-n`v6Y}Q*=hkcfja`N)pGFfsg=};c4g&L(gBvAa-yMjfQf-Gk<8T6~!`^_le{V5eCG&;4j=g zk3-}no*}ZxoZFS1C??CifQ#98AkaO|<<;Oeml5FwgUk_%h5Di9+T-0Cuj-V$q8A5tAXRA>3WZrKeKV6U`yEWH>n}4D- zZTrfl7A7JGb>v3a>0I>BS!ri0igthFRhZ9~g%`GP$#e3n-hQ9V;YgCMG;D6U_Z+;z z=q&Z{)PirZex+X{mcZM-qFk~CuU`aby!m*8$Axfy9n4LUn-gI#H~skoWXYxvUF8H< z-(^o|3Y@_Vc`Ywrj7rYp>n)&e#@GdlPqWcfhZsPr;*DJ9kNX*u=S}gVW}siW+^E<0 zWofAU`$+SB&4o}Z=gFQoX#3DrKa!S5zPWht2JLT)b`gF(;3`=8t|vqTd!7+Ap2=j7 z*FTmF>pgoS!pfY>x^hlB$SCOG+(M`oWl<0B10`RRU~6x%J!Yka^;o^nKaq75sW1BpF)tL>LNOjrkl%&pwz~exzYv z=nHr0mPuxvIQlYxWo2MS5QbxM6$khP#&nPF63phRu-i*M9?i5OxrdJ#urJ(J2TdrC z!B{TEm2c43r|fBF>k%UP$UH=&J9f$5%OKilQnI|ac;AYwEbfP-ur_A#sdi=!G&o>* z-nnLvUnd_yM9ugqi9URmL_X)rE1BGNQ{8ymW=$zYpYUW3CDMh~rrpo5L|W4mfl?H0c~TlAkaCbT&DQ?znARpR|gOugsq8#hjQH~O)Ah?0Uu zTKsGcP#4$3=P7Be*Igrn2-tS-rc;Z>gjCcy^Cd$yH@z+>YFn?MPe`-;67In>o0-6< z)A}QS0H#0OQ3vkhyEuIK;5y~4yRh)3xIb-1-@nKCik!mZd#1u$ z_gs9&-|Mh{YQMP9Y(k$^GDjXR(Cc}9ZFWx9e;DBuaQy1Xqe8*t(!MD&@=U$c$A+V? zef;*4uLtMKU{Uq*@8p5^zKML|%qMOH*zK1IIyRT!jz;!?;creuRD#4ZC7 zF_7YYM1}Pz!MrGPxTRa4#v=vlq%Rw}HXl=LUN{_u=Atr{3EXagAao+KX{?(ju5fPJrL!3xwwJ!afvQ@zI3!FPLef369yOR{Dr#~YM>mfP~c zNVn0Op~&*Sk6N~H2aBhwJw8P4vK(q!6$p#Gmm&BS{d1%`&0i4s< zrX!Nwh+mE!q$*SJFqS3+u%~etEb__*k4Mel+v3#vd#d5_+~Z`vL!rmWlg?Tr_r z400D1o)CaTb7pmFU|_3FvqcPa#9=bc$Pju(rcMpyjQD*0z6_?gAS;_ zrgu~uv^9h?`(H7g{onxzTunr`oiwcGyqBQGC^<6MGp=P4{l4dh`Gf_080K6w^V?Ny zIq(mD&HFdC^#ZW1d;>D~N#5=EkOH| zO5y5z-onvCWW2u@VC=-Jczs@z*XhQZp8mnTtHPON10!IB=?%?g`|U5CWmJ$YoL1F5 zkd;7WMs2shrWnMHo-Adb?ns7^9zra9MZrQ3Uet>2JA1EJK{>tTvp2+ly8PD%Yi+q1 z<;tRSb{|yk(|J8~EFWK>nUrp&o%+KbUTmKi^6XuT$BoKJ$m^Sk?g+PFl_`s3;Ne5|R` z{SJp&KbVbq%yk=p&}G~9gE&}+?BibRxKHRc1uPb}iH5fsU$(hno)9e-hEiUty9vbS zlKhNAPVkpa6JE72qglkhBSN>?msH7#vLI1-dbgdA6)^Yj)i5+fQ3>L!o)~4^ru~lJ z-Wt*8j;)zLgHfnVei5m2zDk+pm}<`^5^vfKP-%p^0xbC`G%Q(}*~rM$8Z@YGM~ZWV z^q0Kpav3I_{Rl91Sr(Gm9*dE|Jb2%dm~y{gn#JG2){_n!o9H=tY~IyS!=VbiRN+;L z%>6dATzL?L36U{=a6WJ4#KJMSv^1e!=Q&TS%65_I=Ncss*VtxbvI!ZNw5DTC7vE`m zct7g-zHr?x161Lm4sRq6w(Tt(sMY221!W+5Z6}!J&@f6(ejrgS z#q$g*dfcO{*AVs4UH=+ve;3S`MH+m9SHAQzlblLmEO?6AGo<^x^wXDnh_LbPA)&@wuGb^oz%g_Bdoz-$WjG=hzPIlv%74T`#Q;UrE z_J)%nwI`ed}!vHxdap^%QBK&YoNz@>m>~tZr@hINKKsddf2%NG;Zf zPIIC6GwVh)^17`{r-U|;Y*Kqx1k&y-E()Lk_9Mj{D5mgzFfXkHhwj4$n(xHKvZZ8z zpLXqcflv|8Nx~31!w&N3f{M37J(S<)zUUktp#e1CdSiHJTe5e~_TIsYjS6P9bJBz; zIv6SRTAvxn)jdp<$KeD=CH&nw8??_z2)vxi}4;|jciIz$E=^ZYaJ zBW2>&2M+}m%`y`E)?(bXQe2s@XUlif02RQHJYe|TrZLT!b6NdK*yh*_xZBj3;XeD}zbDRFbVC%ZR*`o(`xPrIMv9ueP8jEmZblU_Hr z!@)ot#K*($$IZq{9^j?cT>>p&`twnz-0`UiWLO^M1-wo45x z5A(S~phP+R;TK#L?;g2(pnYNqcv$XXcsm+LI3tTy76gh71i)PE09i@PP$YXE`}c|#Tf;W`r^xQJOr2vQmYO2b>Vwb46^v#I6V*egy9J^^{Ef{eo0_v5b(aiBd<)Edw9;hVVf&g<_H!}V*m-Q_B$3V z7>|2=ng|nZ-pK-$mFOVbZ4e%}$-PQ4MpxXYgqx|DspGr;Zl zejtT?L;Sio?dAD;D=#`YGO;>S;nbzx3@LQ#B)98wGsAOM>z~#WoDXfHSYdLb@j`6Y zf6r!>=o!|7eG^ud8C#p@F9XZl=Ly4GDJrY?{73}(7hIneCcRga6#dH+r!$5mJig+SKO=N54#T) z#16fnFMI{1NmtHS1VKMtyLI#)2Lztj{4URv{&1LeU+&U6dqy>e#aJ=6aC>~?$8gy` zl>kh#IV!WNuD9>-v$Dz!(Jf-@1fpXRoJ8p_7}AAogFnP&M?|TI_1gf72`%fx{XiTFmzgfjHr~R^E8+I<+ADgC%wLY*#pSc ziBzWUprIQmfJ7E=4@RbQTc!`9J_st#w`l7|Wjo2I?|z&IEs%wr4;haQqpI~ z3fz-e6u*qZPI}ORaYUQP^Cy2_zkP@Ce6a$H!LPolo)gMFWXkrT)_(DqGF?!6l0=bc zD*nbCpA+l8bmpt~DNSA$@d5cluf%L1MmLL21e_|snVI!DS28Slk}t^b;unXMED8Obg{Dag zh5GaYx4*P~b!YutdHp&0{cZzX4)&oh_>SN)zjF%es)R}v)rzQWSriX)-;VENngj8j zj-zCM)~gtLZ7O0Q?_U6EXoOI0JswI)mqULWwn+z~X{>Xg=$SkB`W=ln_6QMK= zC0VA7)PAl2hYM&23_IU8OA`v5Np4@Fz}@(e!6Djbq2-{9FTm3@1u0P!jvlZ%{y{#2 zl=VcPvG%Y9&}4t^wC?>}&<0o<3)s-!)jPi2-tG{FST{FwK>>sR0Ml7-COeV4sX4vf zbH>IUr+u;Ir#$O!3wO9NUybOx$1Gfc^2)I1r67P1AU-eUH7E>OE=!7e1V`&Yt^5k% zV+V)3H+zZq8(04GMU*Y4L9ofvIoG8@QMFSHeFrhEb z{)hVl(mt>Uad4E3f5S=kQ(u)V=&OASIJZbL7O`9oEALFhZGY%Wcpr;XYC)gki*Sdj zL;VhB&vCUfeVkaO&)>Io$0E>f&P&JOZ7xa$BDFSD{JR%v)sTCO^6^$iu??bJy}a@^ zygjyF4$SM@i_0Vxe=@2}8n8L9(IkFVey=a687B@#o%{8AP(1TE8ZfwmSZ$71Xpd$n zbFc$whi?QpV5!1vfQO9|y@LZfL4BS?^lZB5D;nZkc}>^Rh`(97pV*MWret5}K3oh3 zlrVMu+W5N30tlZpE%NDNo%@V6;ZJy+YjZ8uwUpxb?-vEJ=Dk;7ZPFlC=*!v6(ZqwL zP-T-VBzs*w0jHR0>q{rVumLhdmX_4Eklx4KDn<$fE9Z5X@5IF^>?4xE1BWUbZgG3dS0}j?5<T@gQ#4#+NRidBmg!&8XY1UB7{29@ZtsS%)4pZUMmtW?y; z!+lV1#|l#YVkdN)f$=lBv(9_U$d|;++aA*qLwmO&N0kNhG7bs99_4Uq%nd+vL|fz!$O9x!2dQWUe7=< z-6dbDeG3hPKpVcnxP+r?*=1ki?)^mbL%>DZLT3Ygc$})!6UD;-Cp^12Si!_$Fa=mW zl}Mw0R9oCOV-ULMk(!1d)+~|MW+7ADqw2R!HD|_Wel8gWL)qR`FY|spV<6G{_1jYG z#==C7sEI|2z^}W65n_F`YJD#gO@AyxSa36XQ9Oml&Nf^KQm1oh2Kbi4G_Mlrq7g)tZyv?OXm1kaYMg-l@fzIIrRRaXGmN zQN%Zr4QMh63F@AKF2P@2rg}-#e7h7vD=zygBD@HQLx+XYK5S(g;tLxq3A~8@110zJ zl+Gl@U0%!(vKUl`?teXjv$wt~Li(&Y^xC9GuZH;QYOKpGNqy~V_XJfVJv89uAsbJz zmtK=>t{MMf89EF*0dTu3PulE>-K_Z6we+*(7GPQQLubm(T-|oBc2sYn0_9D)h{d2K z8zi;b2+&$4(Z0*!FYo&3au$yA_%zM8pl2~hh{o!Vv3`aV6_1QhydUU4@?HgGs;ol*V52QxzkWaaw&y-~Cb@AN?4bQTyMI0cjvx^B zJga&IZQwPf^8`Ls^on4t8-IFl*J6oisCr9UhrtZwI@)yzo9s0}$ z=Rq3S;?S_^D^_`!xv_-<7IDk z3{3uPBM}K)t9C|ECRXF~kk<8i)c9{J4n|l&u=~=G3_O|E&7@5=$N=l1zHkl<-!}cw zUHf_A=NDKNqWYxejZOT33a{<^4pfkH`8`lj&XE(h+>yz-^;isoM{6w}fDMH*&KwQFWOzehJp zUrX_oP&f+)E$Y#WsYX|FoA@%Y>5ra+^fjB!NZtcjfGQN+|9Wb_Ubj6^*OA5$?To&| zM;FW2(;T#mF&gGRN2N98-ZY>87XHIJlQ>wgnm)^wou7}{`i_xjVG#y1bLl>2%ElF^ ztGtSGp9r$G`U?ZHuck>l^e1VOIaDA68?zp=uumwn96aCV*l~0h!QEnt{jlyn$-MV0 zj;b+agj`EAfC|hT;pXe4>keKWjJsRJs76fr^Wh0X_7-QBJJ}fd*fno zeeIfe9VqaE_IVXx^6~8X@pTbV8%(Qm681w?x(PzZH_8X&pKy3G2jiyzbVo<%7%>~W zjFBMAkbPIa1Yt1yRo!DvXznnIRhS#6WK+-H_wGKy?7yJLLb}0(ZrtlsXYkIfwaX5Z zCmDFi+!uQ!pR;RMIx=(3N2l`mq)Zy8)rHhjoHH@|&w0ahk zi@pErcstL}zeztyAtgV1Q%1Y5#k4HQOpK(d`?r3)K4BDy4j;qHisA$k!}mqRmUvNd znJYB^H0ZQD>?z8!*qiIc_4?>r^mH_LF`PIzLnAc%`6NH#hE{j~em?~s{mg&Y;FM@` z*5u@sqV_r9K8VEeQ=*r{+IH9tQr$hgzj@|aIjEf<9_OQyu=<5;$S96Awe2u5N=y#J z8fEDBPi~!Q3#U8^HI9sagB)jD6D`Wd>%#Q_I`sn@MYwIVQSyFE5?l30PCAXE?H*r& zQ`L?gJGVV$sG{JOB=#sgfqAP<4=5Q8+>wb8uZCI2obmZ`2iJQt!RC4UPEV-6+ZSW{|+Y!n|oG2p$QKLXxB?4=FJeIRXUva$fP_` zknzY1X<$uMQJGQGbe{{}nP=vh?~`Wl%2I=vawQUGs8rWlIvK#fotu7%tL$r-56x1X z%(8j8S<_^g$db-zvrx#Q&ungO5J@50Y5JD-wJk*ND{rOR_3iiq*1Um&Gi z>HHn*#d;VFEn3nM&9>5}Dz(Va zxKZ&Xe0yYeGCzBq@*7S%bmiwwR7eaaNNCN&%uJDu1{BqmksaQ~K7P#HNPsAOc~eZm zcdB@Rx{lUQ&do}!0iXkKA1=jy?f|jf-*=VTQ*!)v`tQ+|?0o|&pR=M84f^8~#W87Y zE%HL;A7*2YW&1M$I!2H-%{{Y$mrlcrwj3Zh4te3U3C`WSyt%JEz`_t&?Rk z7ZW1Keu(~CEWVgWM-v-QyYxTwNb#V5EF8AESQTIxG5V%(k9^Cx0~t6ItfxPEk+dyh=vXigJ; z{-eL11YPj4@h<&4ho-E149E^q9GTwnd)1^LWOS4knPhxfP4D&#Gc;D)yFPxITpi)# zJVP6WPxGohxF6CIh^u*{;FH3>>vl#xfOeiPI$nJVC{}IH*zhjXSE$p7^<`+JpP)13 zbI7M(_5;KCTuQf371X`;?1lFMWKd+c-PD{39=)#Okbf?ReTBr}N>`=tM4<$6iM5Kf+*cxAFhRIof%o+6J7+Z;J0H0QEr^!wSEP6va!9?t$G#cs@e z*6(1iX`gAW?;M-a0cAX@B8}DOmo+H_z9)*y{*(_aVMkEMSA{@P4Rtu7%pjH-eICjW zP7)1p-+6{55RT>#jt@c9ev2#X{fYZl{khaZuJ=X4yiS}A`ri5qP}Rb(FiH3u`=b4~ zTYQY7cph%JL|aLmTDO?PLB6kNhU+l%5UfX*l&~Dg>U?0x%yK~yA&MK z{(742eOrIJ4Z*7r?z7m+$ZCildpzw!_IT=&nzhLNcvK5rpo>5tXg_!tTRrbPkb-I_ z#>TKyfj1SfubuQ#etpKF-5;xY%E@J1e3iA)HtX)BFR}3iA)73{rzDbu1vei0^St!$ z_2KJ$57)~oUxiA{Dq6GC0^!i1$zNyjnw3ssR!FI-_aHBg7c(E&dyRz~4W1!(U_y6E zFK-xQdS@7B1aom+n6kLsSsetH@eM}LpnrlkbKDm1Ap+;*2KI2U&iq&JO8(L`xQL=G zIjsG78{bV{)8P=`eCB&gxkM(h^Rpg!C7d`Jxqlw5>34rV0>3y%mDeB*_^MeL>Nr31 zb^OWC&;9hwmf>((scz1Gx8MSPNb|hC12V)|Z=&%_G0$0>NvtE{_4SG!Z|1n3hC~oj z2+xRF z-|tOSr{A{aQ!T6axh8yi85&-_aXc4UcSwVjLEza#NZB8F_!M37qn}>iwm!|@xKv|* zi!zY&cG#m3yz>XNBDiRd)ghu#8o$de;eXtWD36%^~G@*h5gfd-KSYKiuPCN=i6^{vap6#8I+O^wSLpWUDPp-Lq-i|I6hJRobj; z5@WpXlynuhGurf;=(I05`wd^RJQuKp2HXxdjK!wz1-Jc0Ej%f7&SJN=DPFd{+y&l1OI-F7mtr&C5V4LD1Q$W(0c2aq;*r8KsQ{BGI1}) zoQn&<4XQ>r6`W(^2W{2qc%MM;tJPi;+ec|`99NVInJH6e;V+YoOGyo z{*Q_dpOPauYj~VN$D6m;ARXv&ulOjAw0P|m^E+cx-OAgj(S)S}JEgveIk_kGek_M? zU1ZnF6i#+|xqLao8j+SCiIVg-c0Y+hk%zLp{e7~aq!*~jwa=IL$_c;3pEuZ^HT0ib z<`Psv+DazO2Z)r>(>HUEvn=fQK>mF$VRM+**yQ(#(@+}jxrO$7)m$kO zVdHa(Vxly?y*fED%|!&u3Oo7zC##g*sH$+pS|>NsntSb)&V zUNC)(e?5nkdt#VOqx^67N1ffLcj~L5XB2k0`xG_ZQVKVZ*uV=sU4lD^J6-k+CO~zI zCz*L02XvWxG9AbbpRj~V82RHIkdr!4&wjXP<2M^08+s>ws2;ISG;Mx>1fzY@^bp73 z>tZTbOXRAq&*k?qEclky#!jhFk7T`|-iK2QEHWi|WVw5sUpuo6G_-bmf;px`nuJ_! zN1}vzCH9b`)c4EA%hZQb%=xRhFqYZeQp#N92bewGh;6I2cyOIC zN+ckjdK#sBMwsCnxL~qZ z$Mf!>u+Lb}QDk{3ag3JPo|Uz)_dUyX@6mr8^+8rO+xy(gbtd4fOzop`|NbCgy)X%= zY4PUtfD}r*S!$~Hn?z^Z<4C>S?E9U+1L^|o<#*w&eGF8Tre8e;v~alONq^b5*G02n zftY<$SPp7gcTrh4J>aytCJmqsO<-BBB}dQ2fjWS}Kl#M@}5m%YJlyw3&T-JEM+@GuQG%Qo?5s~W^Y%s zczA}I*=%2rTxw|gSOS3NFP^e9iq&CYz!`BX<4oJ~^wC1s=`DSuO*lrN&j)sUNlZ9S za@1hS(o;fUGwQ4w!WXqqNveZjy|lTO>Lbb$9|t`*gU+yIByda1mSNyh=Y5Fnds!kp z(%(R=x2+FTWV`UtMK23s#2&=IJ=5ke28Vlhf(_7I=dn6McKX}Q@-P3AoCX<7d=Kt+>YpIxI9c&I1e8oMoIcC1ThCMj)Ej4`(db;=|B}61Dq%lc+FNO zO94g}P>R1`Pgr=l{OZnpg%gG}=itLlJ=BkSN4zc!~U#O#)QCirz+tz9X#3vC*au`&dK`-h7gH~MmFp!6mn> z92-s5&`FmCpFh@%o`%&@o(c07%VwX1JuF$Xr8s&;1jWF`fF~`G`8WSD?VQeNKMmZO z0M!xZHovE6^rjImgpnZDRevP@qW9BMC@v#?PvPt%6*QhKundmgmkFuB?B$O3n0wfN z!{q@iGB6}PeYMsbmU^E|XyL|w3lfowx%W<`@%~AY_=7g2n(mFUO%0V1 zfQ)_B<^nF02qkM_G$-)RG1!3o7;54Lt&ns-H6-}??b6p5WCr`+W)J~le-^0HjWhNg z4{uSte%;d6`^Pls>N_glCE)6J&5ZA_NZcc-;JJie>wnvAS2F;j_<2=^r_C3LxK&Ta zNCmWE6!fpG-TCrl*^>dGKIKR(&n`N=imL(@FMP@MnqQ+j3`#>PD3Jz!ER9Y4Ln!-&|76p-ht9jd zKQ!HA1Caw;i#KXtpne4qdi$f)L+p zR(ftWy zp5?`#Af;y=zYvs;aVYDaTAa-4*M+ZGOfI(2qsar~lZ4pL4gDFyqzCu+!CkuCPy2>q z;3jpvF+nT?Zp5HxI5Gsj5;27M(;e~Z=Si6Xv$4{7uf@5G%|q-|Y|dt}w6P)G3h*PD zmW2V5>!niDWuuZISPpbFAb?LIa5NK+vx~_PN4T-*AVI z9EhjXFvklaJoLQWPwStMU|?dI12p|Oy`5Kqvia2#IPd zhsz02_~jb)hPyP7A5}03Kkfi|)R)%uc=JH!;c{Gn=!3K9kV4+zy-~e4^4fj}(Ny#q zet$+)ePxy&m+LH2>1$k!(=V4dYW1JTB!QG!dWP|Iyg)KKv0t#e!sIA;+6hZ4Y&~un zXT=_M)J`L~n#VPFYVJ#H7g{q>P}2^m0hA}=bX1)bfOq1YOO_D>IVVwvf@%F5dp{T_ zRO2C6a@R%r(Lf*I=ywH~rp)^`^mS>lCs@xmB3kueyQrqBI8RmQCAf-_m@wG4xbZemB1(D*Y@k;?IHY=aY7$ve)Zw zOxL$9hrhcS%ZpQ1{?(5s&+V97Vqd*W<`g_HAV8B%|yylKv%M`#6? zktk|6IGxn8AzmZ7r1NSuoP+!7NuaRWuwtXGFbO^;{C^T@S2 zI!EmY>1gay$! zntMOXA*o1a0SlhRH}^z^#Jgd4Y2(YQIB=kUNVIaYUvt6P^86~s)t&GDiX=;AvR`rH z#;cs%9NEPchtzH%TcAxmDEpKw`RY9PIl3$$gsh$JAmBZC20tw5385VLH&zgy52FoR zhj|ix!aPE20yZgc<8UF0+l?Y98Lje%?A980q3u`j)3E=p}?=Wc0T*);V(iJ-`|1&grP|5GWd{XBLqY!Mag2e}hl-J(%?e@ch59tRs zRAEqsleq6D2@<%3U-j54dqh9D6USe{dFV<2xAlD;#5Y3!o!sNRdNO4_sV~cBZtBd% z^ZhqQUCvtha9)|qZA*MddoxaQ+3&JdT(91Xyoj(7`@syr+GmA#jjYurY=}gE&2rN% z|0UmOVGn!u0O6u971}#*ts)4%6i)=I^bIT@0vC46;y$YF5|ml|zuYYEaZzCz2pFUf zF|6Qn`tAdHez}n$&1_Zj8N3CJaO)qXc-3Y4@leX6g6uF}o%-@TT`0b!4k5SCcc2?N zMp-g%*}VJ7Hqp7`LQ&R#LLRkWywQ9&>tV6J?Mjj20VHcZB!#J|_7jy0rQJPo{s4|* z?;*d$yBQgDu<^yK<@TPDl}V;}gmh9-c1wRz`+0f4`_Pyrh;)oB*a*ZD-m@IJ0@s~2YabcUFK78cHmR} zeGw2~yt+DYV~SPo^(8G1&u91M<7M+hB&L4GN6mjVYL2wu&7|;7nY70f92hI`-%T*L zUuN{w5HCZ9UZ$pbl*gWOh==~YY|)4WOP`@XVm{c8+|qO@ZcudCFCusg9Qn4Cvu?aU z;-y2rAI9IY%^Er5ANT@kyTkWzfeQJTP+s|*L-7C6LnSu;1kz1)S?Wj}Wak{vp*9TO z$$uE;4Z<8ih?ciT&9O)SRD0?O(Ic zL)?d-gT?36KVJI-@k|p4JH0oWyk)EQE21lG0;$Up*GF;*0bFt!NYx(%;D9W6efgxy zb=2nf(L9hJ6q%$i=uy${WK(AYjZUth!(K4iY)C>=jDt^SQ`)t-SI6sii5Y-0ryaa` zL4gR^i2NedX2SD5xB26t$O0~T(Z-*DEuyzhfIE?oT%Cof#` z*K-z$>%PLVfsj_6g^2xgIL-z8`Xs+&OMj{6C!f9DoJ6WgCjBvsT$V-yfs$UF)&pHq z8hZVE6&m&3J^Evcv+QFvfu?H?+>x5V#YdvUuj|XxG+(%V(P(d>zx`FJf+Z2)6E=zU zGrG}7k)STE8=pkV;jsJqQ4d|4+`Sd zI{gj+6F7X#z*e5R5;sQcO?xj&hxF`m8*|uQ0n%>UUchY zL6GirPA=T@R;q?&-JVp*zn>z#h-Pzm{8r@M!!V6qLrhsScKwRdFtM7FUu=WgY_JKVj}Hz#nP2R)=@<-M<$p962u;!IS1EDFk`IQbrOIFS_H}O%jZZkk^~n+nPC0+#@b`28&%%F z8SHXE3}?c|a(Q$5p*+x-l?;u2f`nGSZHJ-GE{2aPqOj?(Dts6={#?tXO_IO!jUe-#`4-+Jr zb->Fa8{W6Hb6P&`hZ52k6+la}`)+%M=Cs`R>KAjWJ0x{l zeRd5-|23?gy;qxtr(dHdkiB3U#B=J0hPlN?yyMOJiQZCFE2B9LD(irBU(VxUTuznm{KLz*ZxVMu!qM&rM>WA3VT@U&PZC+Jd_iC37tBjGXpx1 zAO;Raa(m>(_oS?F?2S76%sNig(b4{>tHMRA#><)ho=2r@_wxtK)gIsy_OOn*PI%@C zm;WxiU0b1gXpaD`FGr&Dnp5(kI%L=Gv$xXeA*=}^p&r1K`Eh3#=-rmsk)+-&=eVz^ShPE22`fw3+RHD4PghVLads$&D!=m4IPCK=Y5|}_ z-#8>-ZY>h4=nd($l_ZIG@-+5A&@pd`1^~Iv#oWAX|`)O}*pId39CmLw17^#iHDw)c_Kav`g3C zbDtOuXwDGVd|?5|i9;m<^#kv=$D>gGw#B{e#0YaEM05vWHz&Sl=;QIu0EEbeKK<&q z4esfav1A@t9}f5~usg&6-l{o8+sP8Mr$x_T#lk)4jXG4Sz z1SC9BWpJo-g2`T8ul<24AbVfmD?)t}Depm5>k=l9k-o3=%ZoEde|k~h%etHrkGHm# zL^C{>qEsR9%`jte>G|k=$OtC7mHyk5Q?$|iHMu-sVM8(PG2e)z)2Af`cWipT@_un0 z@>x#Zm$JrOUjPq2cFka~VPA*1Zjkt2Ui(S#kb=Sgbg^GwrrUtzY{b%BuD}sa-do=e zgdzM1W_r`ASw8)`evQr?5nBvU%z*yE;}PQb&gKp0lM)>QUjg(m1Z5!2UgG9?cd{om2T^5`TEky+Yu8%pc;Ly3)=5 z<{IaU50?TSjLQ*vDZf%;*q(h62gU33yB(}O_aV=Z6Qo|#$X?d#u0|+{_XHNSaA?M2 zA@NClAe2Mh!XEK^(VEZEGm03-ZqBua zFGwa`INa5brQtMGa}S-{Z9xYXOi#O8je}{(Z)ZIH>Apw}B^EnKWzHBmmVlp>6^ToK zhx5B1OD=xTC*Q`6fPnt&oKQ!Gj3qo-TlCIO#S#6D+qKmu*2E+m`Y%AF4`j>V&<*?G zWK<-ykboD87fQ!%Fg?id_OWLAwSkyJ3||%&@yQXp_^3yj_*Q&`hZM9mJMhfU_ciuh zdO7nqr1tg|t;z^oVc^c-qohmIVinEwR-HiCm6P9pZCGCKrR&a>4+PF1KH04Jyw2^L z69nrQL1%@n+xDs7+=tTN#3SD|Zh3uw0YF`DpRm!cF-qN8IDOJa-0LDYXU(#+p&HO& z?=u)vwrQX-s&-G;i$2EIXuU7zY0DRWDP0XF8%BP-ntG&B+}2wLh`%?kpJ8PdGIUK( zy!V5PwYHxiy!p=i9+2lsU`x$E_v+prouLh9Cw$$j&4b_e{Vr(d>Xe_Y!7^FFPg1${ zz3i#M>s`Wyb+C}B`LEa-3QfztH?!p%~d+i!L2H`E(7 z(OUB%HQzV*ioo+7sxbPA^hHo~x#~G?u3;%3@Knmj4U!R?ce)J(Ok!UPoz?PGXM5d8 zO8dOuul7PifB6sKYTn{>Ob3_NF0T+OV+>W!FkjDB3Ia_EKfwdEHpV@9Ti_5~4V`|` z9wz^IZR_)$zo3_1!j)HDltA1gP7BUS!5oR)`=cM%W3wbOq0ulch%dCSo2@FLpnbYV zpXQe7>En|Aa=h;QSV`aCu<4?F@U*XfDB4CtG66;utae@xf|qp?e&PI!IS=Md{9L)j zeg^yVVsXW!qCr6XE>uZ`)}8u2gIoUyexvMOh5PO573a^6hLL_*MPEMhzK)-*)6;+o z&V4TlO2k(>KU~gJ>e!NMI$WSE6ToRKv*GxBKvpELekjz%T(WyE(+9r?2zg=g<9$xd z%@xp@49f}N@X!_a@A^JFW5$Ex=?RXpj{}oHVZbhqjCJQfq%=>g96({om{R*ycWMyT^;5dt3}#OsoFeG<|2sUQ zvLoDvbqDAUpR*D~{1DnBRe|Cqa_j4!)08KEizfR9jo(h*)HbJn-;V!$ClU2`2$&3W z^|*3yX2(Gt^V2gbLWt2v&o{lOG2tSx1&O7sF2Fb!q^mFNg#C2wOKcd-2DAQM-SB`ClubIG8Y*WK_qcGs$bD! zv7m0jX{k!aN`*IZpYcRVVC!~DwWD98>29O`6LsMjYf1ZrrImT!r|&Tz$g>ECgPPbM z2X#F7$I|394iT=zx0*;DNWr{<&ArIvlN?UNg{lh^fRau49c{Z%i3K<9xj(?dQ(?t< zbUts&lyX{#1}sb5RMhheXpm zcz-)0_h}h&*#{1)ja-d-+Pfg@(J!>__fe+)LEfAi3(H(Kvub`adHOA8>n3E3CMU=X zkb>SPfu^q$eXoad+~rc9oWq-=o&cFk{++!80twY{h&ma-s^b_h#PeY64~2CfC40&n zvq2zEqfNno#E}(~z++`+d1#+&5~uXpKW;};oPqX(or71_`%jf^ekkv$h~|~@D&i2j zo(-dFIv}jeMWe&h(tvMABBkIeE;fRz=qaK(9H2mb0~ZB2-s|OHDbCTZ3yyLCeo}Mv zn`{MsR5QcEULtmjwr%~>Dqc$L@a^41=YG4NP)dhtGWGlm6}?ta;-Ri?UI_iMetTre z1QUBGmKWzg`E(6tc0_ji)F3B*m$c1~rXa`Jye~opkHuasA4ynfcI^dpqQPnU8k@X* z`fB?`7e$bF5S$Nz?BTbS6jO!AAHnEbebTP%m$)*WS^dI7!69 zgJBh%Ke@0z;CeXHP?iS`iDtk$RK6}<>5h6a{Yxd_E8bAXc=9T8k#oxWNCESj+*b1q z9L1HR?W&uPQL81|Odm|woPtz8Qm;0?fz$6wL*pL}~KxQ!d zbb|!FQz#cs@f+Hs=cAM7)8nEC)!_hw41TKIFQ;X^_9E+1<5E4Q!+6`8?1uI2CPi4( zl)yZ$?Bl+x2w)&dcub^YW%C1&>ahqbvQ6`w>GQe)fAm6wIW(QoJms&_;~b;Te<)+D zZDhlp%&V|~Mo$--)o-{NKmRIrf;2*?5vdAX-1i(7_8-S@Qd}{Z{nbSyH4s}37g^;a zpAAy`v7(KJKfihU5|5YDcJeOoWv#+EOrI#|tIWlG*~ST^Iy(k+N9#?v%|9z4ndcs6 z^qqRh2807c%La?lZGydB`mX8PK57ywd`Lru&Rg@lf6SW|x`WG--h!|YnqD_{>z0f5 z!?SVRebc2QrXs1=t>PraHXu}1TPkmIc;6i-RjRl>-BZFYMu`NxRHOtQ6f@p=MevG# zKN;qBM{RzeOz{tT7ucYByWI5q{zM|gR3`>jTNy-ngJ>^pN-z1<**TcKkMW4VgZS=7 z-PT>~?K~POmQdI;m&}aRHh`SJ_cW?kX{;mMNdCxgMX^F#Qa}mdGZSS^U@txk(YyC+ zJBaXT9{Ufjzq&8m($;FJ*@O6czhv%CQ(*GhwhWg->yoUMd zUH&aqkpI3Q{ivZ}D_ySF2mhr1NLP&l)L6W`-8<(8EZh8IjG>l)KN6%bgqMQu1p8-H z`@N1|VGs5u&gVL1!jpTRliF@FiK@MhoQMXCz$BQr(E1gQYrs8Ls zC7wJ$PD!wwB=apC>`H&l$2`Di%5}nTw-t&H+7f>_MRn_5px2kvE82N38YMa5dlC}- zfli*|JBbZHHDgE{i%b6jRY`$_{T)VfD*Ks(J}!>L>GfLgtRB*v0MU#O&(1FxRoPoF zJiaJ6-63jYxW2m#s0&HAxRAfFsCga=<9%8cJ%R^%tF52zLvJcG{J5^#GVO0Imx+&S zv`~dOZv81Odg9^s9#`C7k_cwbwi-^>up4wKGCzykr1v!77m%Fw1c#lfpm)7ICO-k8NISgRT;l|B+wQTmSk069$=jbb(xHPP6y(+K z4P*aABAH>Wb3L3P?6|>OyXkzA0{~H~kRq|xw6N3q=|AvnxW0gVe3Ua_7TB$2O@dB6 z9@8lZ8Cx}>kk>EG=r;$|?t1P>?WZ1jkagBk|2{qs2%18eE~TGf+EbGWv+y35cJLNN z391lWe?!4U~Q{|~M63-~p(wLiwXc`ZwV+G|!2G35sZY@ckklf4*>gV%$ zPChV;eSl8)Eu{AC0ZE?OH`5Ulo|+=p{y+qps&73kK=Q*Yp*F()0=s|$&qH1ILt&(g z}vM_oce6NfCqd-LPsuH zlfZr%4pJ=v>gVfv+AgXr*-) zAAB=!zc=s|r>|cL_cOH|qGJfRVhfQoF(N|7vS~arK85x)2E^0wew>qda$x0Xs6c0HYUKof7|9%hkT*i|l>{@JR%Cf?Sw>HTspHediILn9~^qPkMQ zuQfu{T-f7Z$b2Nc$%}Z(JtJ)BJV7&k?sXh)Q^hK(96f32O^-SXAu;O4H~{2d0scwdHX#k}GFaefytZoFCaYwU>oc|{^ykAr^x@=dhQMTeiM zIRm8HTy#w`oujh%cDJ+#+ z$bEDn6fO5zbc37BdO(vCugjE&;nmwYz0xSDM(ypb$s5|n5Y#?Vry?mp{u*bPPXhpX z`xSj)RoXz}xL_~ye39vxg>q0w2|Oho_@|kECj2@op%yee3#p^fZ}~(#q4_Y zU{Z=dsf2rKvxs8=Hrer0ew-N{Qq8B11hn!idZ=}&&5b0BvGVZpEvq^1t`)H&nRbvQ z{+r%53i|dT>YV{?v*3y*Va}GhY;QfZEeBu(&FFA_2}@ad!DXM6tb~GXj(jHi zMvAheFsOz8SncdSVYqeu0`S7vCsqm-1RByYrXJx@IfMkvaJr)m3T@`x>Q^9M&pkAa zk&wZZ_)!ZA-3$I+&H%*hF5GnNXoclUcC(xZ>f{bI22%?JFdnlrsq+v;?7V){zfkw@ zH}$){ycG-Nm;M1COsINv)(hQ}*o&Y!#j7%}Zr|1bX}$GVqEX-<+gUW91;rT8(}%kn z&m+r&1EEU#Cx5_?w45GxGBQ=q!%tND(iMF3Th0%K2e(<@LRu(#JQGG%RkC7b*mO>V19PNyAcczfc}YZ1TnW)N+tg195K!2@8Ze ze32qJAE$u=_Vk4S6Kt|r!W>_AfhxDEA>dIBcT=;efCArks8>rb@ZNlRGL6x9?MzN5 zoSvFS1vUKsr**UE12KO4I@9jpxxk?V>4&$jSN;&2q%LwY z41@u<*l;hUBMUOX;m2=?V%_WAKLXb8y$lZP%Cq!e5~SqXj=&SC^cIke=lkYL`Pn<< zf0gCFV#@&d1|GC1l7Wekb!SM;95cUj$^6#*&X)k%xX(0)C-2wT&&JT}$du3fYA1ed zAjSL1t%ur@MfO^7hMM6{PwBJ{z3C;BB%j7r}?CH~FDO zpo6}0hhjH&D%@^m9w^#4kg~Xh%A@t=%){ESYa~M+Y6dSa=dHFna2x?%$qRNl^F9Sf ztnd{oZfoTkGtNFG5xP+@s9|#BgV)}BG|?#g*`0D*8nd2WUS)78+Gj^SZ2eWH{O-oGbrC+j5bvG&<}b6e#1{5S5-aWQXGCwD&@6H8JJ!tgYw;=;#8EAJKd*A{V> z0g$S8Tm2dWKS@VE?Sg7JGBXX5#q1>ojdhOq7Z6aIbZyU}uaDj8DIzG8>xK)RIO+SK z+*n;4_l6eSDxqi>;;9aXG$RB*2(E|AGo@8kmin98T>*0;QHm>3oyW1y<}t~k;UmW?lmC^GcBwHHAFKnpNf?gP^L_GTIZBCG%>=(fV`iq z$!nSQwU0ag)>HZ=S#PTfjd_ z9TF;a{VP_1y7PL3OF8pq(W9F?aR|G7@)Z{~^t+9RF&OZg7=G*N7F5GSgPn+Ve12`i z)7yHwq3;ba(Y4`E)ynU)mV=7IS)QtMxW_r4AEo3LaeW<~^$(K|#7*N6x7wu*y%XlX zE_O3ENv`5qin|};wSkhSL)Y#loz*%l&=q(@-tdcR1X9@@ZG|R&^>k9u6c9|C2M^rW zy=PtOobe$I#Mt3sx84md=^xwpWv24`-2F7ai|?1Tk2@~Up|Unc)Iy0Sd2-&*Y0Esz zF^%#l*(P}PE&&%QBKQywM|m-I$9f-~p5k^tyJf7+VL`PkIyM^Y7p3Ksgh^8PmzfsY z8XBnO=gqk0GnmYSk}CN=3Q6yM%f@kEHMyQ|ma$hHxsVN(wBYyC>SGlj-SAqc>PWo} z`tZ)8XHPUO5ZNE=@Ro@hPxbB0Pmyd<&F#B-#ZP!T>^%su;N%D|^WXDBDjzEq5ov zGUkXDPkG1s05KCzd)U2$PR5cQPMXizk40enC7jAf^m$W{=N30S%_i*yd zp=|_yKDK3kplDs+@T$`2XxZ4{+=g86D;xvDE#AmY{4D=gKrf!NcRWF`{Zd)7hZ@)D z*!@E#ACK-+q(X@*7rGQ!`&CO99*`!ylb)Af-g9_O*Wkce;>$u1LW{R7TZI?V#n(~0 zoF8YSPR37fvhHb5#rCUwU4;km>;@GL)_dHH)Vm4<1i0#Eh$yvx4{%ffQL zP6ywMpT1#R<2eILV!ZXi%e(aqdK|yby+GaQ@cq8rl3>4n$B468i5Lw*fa#<=e#8&` zcMT7Ulzaeal*QhG=OJ-Ic9wcdLb^ZsiSh^SY!C4lqfE>S&AVLg1z{G%wpZ*_hxjB= z5;N{28mC`~Q{p|);353301S}3w>^`y2MH^o>UV16Mlb20c3*3!=&522@sU4=))ovr zjU8Voq8-1a2%zco>56Ijuh@zLK)kO-HZA(NJ12v7;D6~nt96a&b(~iHTwNA)5tnp` z^OMJ)!|SjMFsVQS!5B{K)gGP+d(L{<1E6+2mn{rcZm|>F$MNpb4;BjcpnSg4Jh#s% zLSI~P2J&=%qAsnb8iLRWbC~oaiV7~j0#KLXT|6}iaW?Yl;uF>>yfHbE*YbIUjXJG8 zsuQFcy7%>P)78ugVLp^T17#~nC?LX*L1lR3x>s>Pc+)|!4^KT8r(T~(RKIq>v<6Im z^TP!_zF*~4>0*Q}1uaY2(kJKaFmMk)NGLTT0{NM%ke|3OE4<>DDFN1OT+Uu~-hh%F zZ+|VaV?E5t0d9f|8Sxb zkCOVhR@oM<(!IPMYPz6vLexs?^YBOg5g$Bnu#WfF<+Rq(HNCqG+{lmKndaT&lCtWs z_^8XF9QgIUsC~k42|KeyIh~S*)S##Z96_CyJR()Hcj>^>Ok8 zg;;mHaR8(4<4Re#?Giy-j`vQjzAwz*PyJ-n4|6^2b@S!XJI&Tfv?n`z#+{4LBl3j% zu567zv)3;bHn*Om=j$ByEk`fbiK=tz{%mx)*0()ARz2Z!A8qq@Nyly9NH|o(^Fw>* z+sZIAnXcV7gPLe%8^Qwj<<^_&4C_uPJcjJp_C-XKKQYswm+JY+|c;UwCpbOLrCv&wd3##17Xb zy?iTYjfEsUd{Cct5j&-f`h$ASQ$&0%=`fi7T(i6@Z``&ac?xP>D1doC_D zw{nK3O?XjM(?p|#=$_WKQpS<|v5{6{c9Fur`*h~F4mv2qNED=iXYAwNzuN&YO;3dX zmlDHUuW*DrD2E}uxscNP{JEr?_t8g&ZxZ&hU)y=VGIog?fzt~GYyu8mjCdt^5NoJQ zNZ|#>rwy?v;#7ptbb2K^PWUyQhKSRG7PNi6{}{46T@yF>RQH2`BsLF>u(0&4k>Jo~ zdCl8E!@T8-kT>o- zO7X8xEGZXedY@`WAHR82%C=Qww6gP@qQrZ-<&EVhZ*3A|hg+mO9%ra?^beSyl)k2a zsd42}a?9i`q6Jhz`NmqTU^`Ag%V|m;*NIB95V<`f+Oq5YvOMw3B=T3{EA_T9&)1$Z zJm^fQYSn}IaMz9HiF&QaQ!Uuy=VlS%M1^6@CNQd>FXgioKuG9`4B*p=nKI&{_s+g3 z2lWqS={wB!QXLw6qid@&UkB%UFV7^63993{s%0^%k)|{Y@HC?31)vj|gnTC}!RE9z6wsXOudCftmqRr>>2rx}RV33}Bq0>`QXInNZ(S@X(W&*a}8S z&!3+8T(^@D7$k*l?o&I0N7V=*yXlWx`PcfZN#lMK-?5cKL^N2A{Y2oAH}~VfKeW$o zU+-K|n@>A*VyX&!Ng%f>bwOBSanDD4f9mng##cWL*Ffv><%q2G{$xI??yX%L5qT`Y zvp#GB`Ab6?-UBR6LuCQRb1&WtkB^TzP^rk@TCHnS`S?uXP%LU*e|1fQ+BL zD6>d%6pGj90>nvu&&W?CEUjN?WtQ%?fOM&ZuDEWA7vi&eUo54w@wt1BqCt!iv|IZi zm5eNeO1wNnYU6LG9iF2mijGc~@l#oFa(?)C{E|^ zd|`QSOWO&mzk8rJeQsR^!(}=fMV4OcL55Mz{yunBkY(@w#5~EXRbR=VCpTy_gxP$q z$LPtf9rdoH0|eJTdAPadwdL_$oNO~`*kuZOWJq<>EU<%7HRm}L`2d1Iafl-Mm|{0(nk=$b@-I(u5x_Z!We z$G59pE&h`|iR#Gfe8lnmea>R{H1MG26P(-!6FNVKsTB^?71e`11%YXUYkuaUyL`Y{ zw$sD+ZeFZgccyXD5M)#M^-j9_)zRtEgCEgh(6!k(;=_+%tL%(TunbV+U0+q6rO>UP*Xdm^sOX~2cPzweQdbioy=ld31#5U!n4)h?{j*^E$s|Q~SyKm3Daw*n_AV)14(g><0 zg;&1KRtR9gcG+cv1(&hR-_-hwk`Fj*k_nB^_7k(65!LHbG^NtNseyT#)S|(Y2TP*01`f~cJsNa1|7e6 zFyW(0JUptJ1wmsU`Oo$c-j_X$P>Ejx|8=QT@V0S?)a{fik8@9)h$1*g5=Eg2_X=!^ zD;QZ5=I0)8T#sCh6IW;EV1t@)YJNP^AWoNbX!th!Y8q2F3N6{B-7ie;oe$=fLzI)k zEb6sS?%da(sb`xeIhM!eOx-xvOk8Q}GiG9~os3kKOVCAr>G+ncTH|xJk zfWJqq64m9yuXPSi&6h=b26@os z^PuN}-j|h2F@gF8us?_et1x_z0V_)dU5zW!XOJayi~z7e1ojpJS{PWqFxXyY4t8Qp z_<~!Nfngip2_Y$GJYApVs{0uqDCG71U|e!MED)OZ+lmH)l-uD0 zu!OID3ZEAnBU&IMhtUXovw6Q(sxCWtBA-+J%d|iA*GBB7O&fgLM$>d1rX(${3F{YK zL~YW|(=w_&hZZZZ*&A_3h99#Le}JZR1wtmdp4o_f52J$);0-b%-<#c~V$}U50Ky>3j(fjU!(mS?Aus?3V94$e*^sx12^d_^Zf;-B5`dtfFdBjb|TsW_g zpo+x^=|@2Wnf`q1$M?vAj?<7X6)_W|UltSFlb*m~nSX_wFXlY8%DK`dTI~pc?HxK_ z18BAy62R+AE&#RqHqF~6RW>jXXQV`kHl}u^LX|_ zXbOW%_6GD*b{k8a+<8EqFud~e4REgmzu)MhJ!B5eA6Oi{6sSn>0EEff{pz%$5j^DZ z`y-$JT2u)5^5}fr=$~?PK76jz(dTv5Ui)c(46`yGl6`jWNq#gU>rfdU2`yZG7O~xF zHm@r>Ss#4Wzhr;e>~JCGV{Kl^M3M+P%4MUPE^91)pxtow2L%2rNQZHEg_?R^ipF_F zl_nBn*rjEZ=^m=-059)BGxx0t!F9dfuXl?3wT}cMTvSKCELb|tK42=iLux4K=Qu-z zpqBeMH=6o#JY-E42)AMnY}KtfZ?j)6FY@ZqdHYQ0H`ID(=jqS^2KCc!WCDP+I{nB@RGE%n#H8Fv219e)I22?;hNM9!kS&>>A zRSIT51b40LdlaeVL@QfPakJmdb_cMw%}-GlMVxt#aR_~;u-Vb< z%Nld&M_jP1t<-=Z>UiDds$nO_n8** zBTL>(j$V-4k5lr;B9g(nF({*5x;}p4(Rp4`9(t}Vst|EZJ(J_W@N=a^;`*7o{F06IS@p ztXw_fFB0>GuAbMinr#L|HblAV7_hS*#;?!Kh@J0;;?%rkr2Hc000`S?I1Jz&r6a_R zOk0JAeQ6V@gy*MBor4Im({kC={YlY72Kbnh`YrS3t6_P%v-Rqr?A|BMm^1qVHx$%}{Yk&um~hFCk)C%GHS2~=v?=^8V1m``a!$5Z+`I;|-|2+^uO`VS=@ax@)EW{YY5ENGC-TjkNEE7!$AeW5_}f~ljQl{r}Oi0fAkZr zy`IY=WY_dvawn(1ebr@1^TYAloWXEZ*aT&4%NO;ja;k?wxUJR@k3DfwxdiSlMX;M- z;7Z;0jia>&TG_r7-9J2rnS^X$UzwzG50IakdH*~hp=p0s_FLXDexwZX?mkC>4Ejr8 z+zdj(z9qgJr~_3=c-pH5MRvUP>8PSzA)Z-<+~>Ku3G+*==mt}$I2!q6K!OC@?{)Rh z*XS}daEnLBVpSjyEo}NVb_UWN(sF-9{kz-WUgnD|te79lz$LNy^2z2!uW&3@qJjv0 z3;O(jl0ffc$tl{k-cQ2{T+9-EgB;aYD9n|TkJKCb=P5$Tk`fY=aLnCl7g*YLp8ADmC6Puy7B5B$^6qf$M;kElW5G9aR+ri=6 z(c1GVRWbNijPt_g^=nA7!t+NgbgrE)i4(~(m0qAgYBiCUhl;xF%bKZAnb7Q4TKAuC z9{TC_tkoTIfwfJ_(JC&Nk=O&c@m}QtG#`)7tfWjAmD&WX#br{Y%b_NCZp>RW1i&Z9 zzSpLsM)5W-_cPC~G5FFDI1$!2w5s7`*nlckW{Re#{K?yA)~IW?n?~&OsC&77`jlL? zTzOd!0*I@4Z!Ab=)u@Mvp#!Vp&R+!+Wz^m-jmS?Kc2Rgyo8v})F^iT zbL8XUG|bAU%f5k52 znIvOG+U4F;cKMlidb3J+i}gU(oKATO9126f=QRGR@q1=h3D6J&AlYBxUA?D+ zK0&lGuy7);cjUZ&%!y9&iQA>bT2$*|1U)HeJlzFo4K2iKUxoYpcJ)?vl+QV{^SnDj z?F=AR0*2~qtu}N1<8R!xr#CMdguv^zI|==^vEap;ec3CzEQ7-Xb~_A-ri$J%+!!jb z9=`@qiXvUI@Px%;EPk^@w3Tii`PWr_buH1vNOt3Q?oJlTpU}==8}V~CDEs~vvYQ9> zD+p;|k`Vd%o51=e6(^dkN4qJTA7Y zJT3Wi)w^1dIr8AJYGK6USqPM4Wkvy1&CM#Dy4u^K3+b1(8-56Z?AMuuS6h}+0{FC# z3e@FPcwT+ICi7C0N#dvW?!JWMpziPYDe*8<3!q$m6`6Z)FY>#~b;WKzjWZ|aO4g?@pu=*)!)xKnZnd}uK}gP<_`b2-1W%*uGwi{=@=+rHC*4r z^HK0y8wNn=55f^qA@1m^-ydlW9fSADHp(}s55MeBYIkg z{pd88Q~f${8R2}E7Hu-#`LodwF7%sgQMLfv@`TtTxXud?3g=@CK2lflhS>!h%k}T4 z?)lUO4o2`2!yQ6KGvew9HVWi2xg;*FJ_z=9apVO|l%E`V!PqKZO7X&#M&iY~279g! zZ;i)5-}%&XDHf*-e>xAFuEHmvG!Db~hW!@bsPvxIoX_ScK6P>gVoW76XAzlj_Ot1Q zScQau3ki=pOgX}XXn#JMqxnPH)~n@saVl=Qdr6fC`Gq9#dfLW7IR`XD-tFgJ2NRTB zUjiuWVlOrPU|o;S7)=ulz2z8F^-p|prMmh9k$1eqkw(X4Zjy789`d2De3HtjfemI- zp1R|DTYz`6MC;((lJRMsoZ>7<_E~$>OMba|&D4_zwWhl>0Af5$zFm)2L6cMnq{&F*@hm44H4>N`QyGIx5{krFfA`!w_k zL%HFS4SSSb#A|X}JqJZkqKhWP22XM^c|8P<^}T~EK%$5uSEOLW#%3nrDUY>(ogQBr zFDpe0%+Y&Jd&Q7%ClfoI1-Ovc&3-bcPT%$*K-jLVcWo7}k#^&4`Fj5q^8oE%^Vr8b&w{^U6?pX8xPm- zZwC-UFLJqNVspkkGc7nv;Tw0rv&HK14kKPyQvLdlc184+H2(pkw9{?B<)-Vv^=v;V z)Y@d{s73qr0FBCMbTC&Q^OsXgd!$xT4Zc?|3>~t@fsq5?O>3umA zC#TWf>6U~VwGV>NesuoBUHZ={HZty7u&EQR$MO25GOziNPa7x)JR&e%0?qkS=LZ}@ zuvcdLceC*&+f7<2AL-&kBnF|~LT(iAGM9&Iz(a#J6-=?o&9Id|nwX%RDZQ>1n_mo+ zmg1Z^ZnpZ7rki+btuqWC@!9x#1b9#b8i6fjfsXk*q_=y?-NVCl){5h=gWTW`cul-B zK6jS2W4B z)mFQd9NZlB4?cKmk!C(#s_L${E990hWc7x3+Sno+MZ`4(+|>!n^<&Tz?EUB>gtIf}NqGCh@bui?}1s;L-iPzFZ{7HNyoq|V+aYqNO6yJBPQD8 zfdB{#Nr95efhW3`CnFFOlcjuM>Bw4m^?FwFH;O99qW;FCp&+k&^61@& z{F&Y3GCMs(i)^9`6u$QV7usEt2mbg9n&t@AhGG@4aW@xH=io4z&joX!d$M zbb|V|onr~NIf6G;AnzA?VfNU1kE!KmyeHiI;KRChT{Y%c3-bpr7v^#zj;V6wkW$Lg z1&&}Q(2P;0YvOmFf)Ze1G$hSdNBjSmEdVI+FuRE*e!p-1`dD~`oEzVDL2xVgDo!@4 z$KgQvc(f>##esm)XKQJfP7PFqaeIBcAR*>qMuzr$g)RdC+vUL~E0R%j3SLM9`oE@| zUG*)XKdRzFg&7A237FgMGc<;&#>52%akLKcADQLSQ#!zXJX(ncSh!;jIAKveI$3@I zJ~=EK5AJD$Wf6PEikMx<`M7=b;mc{l`y*r&>WKIgJ+-hS6WVv}4Ff<_k9y;{4|2T5 zhRU`4dEs(!+LoRe7rL95@|2Vn9K~r^oJv1f08&jOu+WyuKWE+FM^k*%u0O(_+c-eu z0j0sMcYv*2eU=@$9Fv@L9Oo+)$Zi>?g{i=I!2aLJ>o_7Vj6Ocs|u3 zeQcD=?`b7R&(J}4wyFcnBn%$!#MkA1s+Z?px)QE#8C8uOe)f=MGMb~4!Po{WH|_6t zBo)2A8s8sao84ESp8#FJ0eX)akP76-wCi5v=Ww0308Adn4V%1f^(~<#c)Co>Wyn9G zu^o0~ieTS%WX6UA^i_S2X};CS0nUZbG8?57%w<6{M{wPdGW_@JE+y7N1IF@sx7PU0 z-F(18FI>B;zU@;BecsmYV(;tAe1{VpH91F$`5I6Y!b_&Qc!t3LzAu10@NOHNWcX_D zf3fDdX0xk_Yu(wrXfaM2$`+v86wIXeJ?w*RVkB=F-17&r6p7@`OS3=5kGT^=zJb&E zt%N#y&ioa5`~;*EfaA{H`wsY*@v{G{cj#sXsE&ms(d|L!{kBI?>pPA>WuU&g81Ool z!fU7OL1b0APWcLtmV3EyG~k~c@YU5S8eQnjKUMt$Mt=_WqhBFLe*5MY1xHlvdIqYV zzPR{k*$KR7v;SKGJVdDPIq0nPb0k8%6bLsMeY8?TO51b|zdqapH*p3T=~8zU~52KQYcQ-&?1#tWRdHgcy=9{x+*7t8$m zwB9HLT~&HwosNYk8eVk_L6Af9sHlnjLM3NkUHFY!=5uUvL06QAu((q?V8ViiqT~E7 z&(?lV*Xy~dHs!b{k8H`x7_>6cLITv>PgaOUk%*Xck*#ST=@1PXYS8(4Rd=#?TZe>Q z)7L0G{p0~g(Mt|jcw2k2xy~Fp@oJ~Pfj)qY@w(`@!_qfWw?PJ%w1-kZrp(TRk{ju( zmyBkf5@Ek)w859vcDc>%p%9;lIZ({R6f?!OH6)|K2T-(0gD|1Ami>&UmUpg z4G@^=E)_yDc^TIVmm8p+!d6ZSPs9sipBmKeB`djgp? zl3WCmpo4P-8MvSNz#}Uw;u>0B&;=;|yMb&v^pl8+;RTes5!% z7lMBi;{DkE6zNe-8rT3_R9C8gH9SX+0Gy%so`IYO4>lBB?f0fD{?)ZLDiU9}OWCquVq^xU zRbitMRtTkjJAH4bsh_W<{|zCn%(Cwf1@fiRJ1^-6FFe2Mfr59|w&U)_+Ftnr8jdD2 z?GHHgIBo23AM?$nw8;xeD6UAEa}nT(__L=e#V%x4;) z?aHDvl%)Cs0Fch_U;1~wx1Xf<%b0Hu8R4_91-uW&7(8uSp3k-2mqH+HCGNrO@sMf7 z+~@qX9_-2M4+ckEIi{?&0IJ!ddmIF*elewo5_3=$c3d7)!umZZZ1`PWZ%WB4kk{)a zhRB@A>;<34!-aCmzJj~k{9KhSW1HE9J1RCQAy8Z;oYwsf1?rt&Rrk^_-1o8$xKr>+ z^%Smn(1PjrI*o31{=imYF9Dn*4UgOPcuD3$XfA2=ctw|9mW(V|c;gawf=9K(4Uvq@ zhT#dE$~%BFxJ2}QA5UMV*xU~R@0_B6NwR(RyjCxWz3K%{>SB-=NVBaV0RJ9O`(O+> zCHrp0JIA#V%6-gAkNzRw+w(df%k$%5FxL&G`5EqCBB-j7x@*}A2Pk~~=KhvWJ$M<@ zc{g)>8`pfg?G^(dcs;t8>Kz_{C1UoL&xX={px>DoMn<~!UW`Erx)llNr|!{SF{}`8 zg4Uh=_xy=3h#A^+d=_=udc42B`i)|*5lR1h$2lM;GjUYG5Cvv-5F z{h+f|PfstM+kUSng_T(FCg^MOZTXnBQx{jZaZRLt;_uKE?V&q$d{Q^5qo$TxpIu5& zpZMn(&o}gd(uk~1it%Inurp%+gYwyy{)ByOiJK2kFfn&j$1;o8{hVgx3)~UwePB%U z!1V<1E|(FGWmoEYJ|jvMo{IEDW{)GpYyjug#v)|8i ziSm%hQED}^kVMW9ev;d9?cx6fI~DotW}9-p01<}(ub|ArE77wBj11F_1BE>^M(iYIeZ$CNe-pz7tKvzL<e02Xk!XHD>+XoUq!aS95JJFYOtQ~%-6`12#{=t5vKrW>3+bMqg zyiEMCIHgLbV+W-lH01(YD~HT3pTkJyGTd4^c}P)O)orc#TQqq!3a#WaPw6zJ6-@8E zJ21JFGo&6*5U@BhzD7+OAF8!!5H@FsndZF}?9-pj9fK#Hzbhnwps?B>g0L*#;b306 zCPOJCaU&A(dVzNt z^1=CGKyI54s3BzGMb6zvzJU; z@}Az*_6G=tsm|%fmaAGZe~dA5K5M?QMs?VuLe!C5hC2rty5lu_{>g}VPRP<)oK>zt zm+3uhx_tz7*ZvZ`(#nfLx8g~CL~V%A)KUUMCukO*aku0=Yw~_uak1n%UWN}CO3T++ z;R05PMth-1W~J$5GEhKv?Vr{yV1Vz>hXjEMxjy=qdUJ-K`;_5HA!)7p;JdRl6*tGw z*O3ji@Zzu<6y@&+l{`vXRZ-ge+kT!(Ral0tjTGCwvpw}gjj_*enM3QEL1A?l;Cz0v zhi?F#os4|aog=NVPWZ4|V@I4(f-txq)v3L_mO@1u4}-pgeQsshi1zyah}l%0Dz7A; ze?bsM`Y^`Jb?|uiiT5-qu@%bahx7!GCd2w{SS9h|At#{ks;E35!Ln|;6nJ$VPg3BQHm#Z3-Uv$YxG zXR`{pql3 z9OqXdUv1hZ3&@xC6JeLOXV?e&aAV$2`tW>|0fVD~^+Dy)cBXjM7(Sm}Lb@?{qA-ou z(e&I!u&ygIU-I`+vRl|djJ49hhy)t~U^o|A>5w?^3qjOa1php6RxDmK5de zaMgJAm%P*Zmv?8Svwp{6ICbIs4kUyVQuD6-INrxM#-SVlch{P)_fh_SETsG>o~t@_ zGIMtbmAtYqB$z&_6*K8?BEhJh!k^JOuEd#>T}bBM))Aa*D*1Z^ zML;RVCg{=nQacHyY^hpPqLUKniR&ceN?MAS2W@%)T}K{y^IC zqAwLTkJtsw9{#|u2F!@y7y;bhx5Fylu7Ui)3CfRTxsPa^(}c?^`}`UHG5nh$+a+Ki z8-5H4ibn(jp{KK2ks^KQS!9p$Q_MHCuwe}>t}H))o_pYOL@+pR&>A@!b@JWVWjcT# zWQ;HuwH%^UPHYj#a(LyN%r){w&|1t^2xx3`IX?huoyD+dC*y!pGdmyxWfdoZX#&p@3e;@%dC~1+75I~7|4A^-D zH;EWeN2t&ovO@1qdlvBgWeT3Q#YgMmE$>_f;nF*sYN=OtyB-5TZ6 z@9XVbduP#+*K?)+p#_PO{Ox<4;vU@qsQ$8DhMcYh4g*f=V@vZ8raMgck&W3+(9X;s zC7%tS3mz)?J7J{)&>hP~K`H?14dzm*M{N8g>*=p!qon}TF4 zJf5X&IxY{7yZ1|w2Og6=X<4~kM6{=WAI+vq$a%i^{_wWX`{S)o!_uXF-qm?A-cOKP z(fP$s*E^WyGIQUfn#P|eMJL4FR@RP7c|PUa2`a=^IxLSp%Ba4@E0Hqfq$6jAn6U(k z-JtTW6R@T}Pt%^q_{)!7(RP~A;7lb=D-Gk-c`%dU7LJK8qiInq(zIAY~*x>Y@W8SuDK*ES^e)PmG;}Uj~rqjkp{C|Bxu@jpih5fxiujQ zHiFo-No(TwUgMmK69h^04F{REto!}|TsT_} zoQ)+YB`YQ*hOY9EKp+B*mP68g=Ii$YI;0*BxIR3Jx{}*+tz}JTOvv|Bfwl1$%Aii-F!|PNuqyFv|nkU@w zOY+KkC}|pPPGhaENT`H;!f25_(JX#>Z|zy44#A!p-I$htY_dS5mxHoLxUBS%fUqj6 z%5GP<+u-vtH!}GphPI&thv*YuO(Bh3#ACLMc2+ahmVMbcKk$vJ`jz{(;i9g8JcG~E?CtsbV=RiRDD@-swr?M7!2~?q0&=WjB z|1duXX>&Bb!7QJVK?;lcrcXR8SHwCGRarJzF65RN2p}7~&RvL+$4V>zT|uTo?+^bG zMs1V&J=R=4F??|R27}Roq{Xv2qa33`4JUB-G{k)!_}Z$JQp{u?7fgm_>HYH7-S1G7 zH{ZL`cwm>kJV6)1b{)nW?t+kRQTtY_t@iI*ZAh>ihcku_dg3qJtw7s}{W1J!b!%)V zyQTOp#7|s*_JAHRTebgGF8nB+Nqxlf*Qpy4#r=#yKmkM%!Z+5@sO|(M^ z<=)l0zuCDuztFH48BzU_!alchy~{3sT1rR%yRSi5faLm3DMR%;2I=-0G;R3qwg&V2 zmj5ziW%qXk4CCK4z$5s3(SA;|0~V3f=a$-0i1M#5NS9!c-BOX_Nz!EQ-Lm%Q4Z9P@ z6;?LEe33r-2~URLsZEjiBO>qa(2`I;LCXL9#8(jO`!%JyFzSge?KHHSj_&?U?&oQl z<#laqu{KT)@V@hLAAPik+Ua#+J|~ufZD=`Qb~})d?HkJaNVzW}{Y4<6MPc!UGlxct zQb+$v9c**UC|IASJV*b0P{GZWsD33tJYyP^At@NugJ8An^b34Q$sea8xx-H8vQ;oy zO~UJI{+Kh+Fa+=l0_>(~7d#h*Y9aL(b!4ra5AgHDK{NR0Cc=1N*LigcQHWQ{8pbEQ zZer(}Da~`QuE`9*vL^1np;6GkL^y1M^_QyzcTqr@yR*(puqdAUAP^G;sHDK(yQ*R?Ugn)(50a?)_J(vd-!L5n?c}n7vaCf7{P+Rv zzB;(iOmErCv#r1D>-N+k^ZPxRp3e9!K#C9?7Z9xUzk@P-G-mRr?-3HaST(f)ok@wB zAN=mbca_(vYve<*7LLZ6#J#*-0^px3{Qz?*{p?$(LrWeXTqfWLmuk$$>651YupS{n17Y<$F$0!Pt}+3X9LSERwP&(Ucx<> zn#I#1za{O`E%l_x`A-vh;Fygp>(!H3Rk3^fz`CXie>t(29ya;MJwEzK0}Jr*%v!uR z_jA`Qf-pjdUOIO2zot(Mgf& ze3cx$V!(m;W6Ne%si}$<+?3g`ZUZQ$Z^13Db{%D*L?tHGx2wBHrjG;n@y(3C!&k^M zUk0fG(g334?|qLXTjgKbBZLx9j(Q#Bz-NV6L`&OCN+IXUs-}}yD#;~GFLeYuQ7M9^ zCyAnHRgpcVIY|rb4}7 za&m7vjB4Qi`X8Z)(P}V!hhmUE*HnkMSz_!;iGy1%OD;OzwN42{0TaYyrokX9)>CZE zGfD1NWz`6%@}UV)gbwO2gCHJKwRpfF+`pWTH^#x!Azz|>jfE0l`@ZWKn+WI)GHj0| zNZCSF`PB#p8%2B|8I5^clHBe7OH$#!@xpelb_EyxLuB0(ckyo3a14G)~NFpevlxVe7k}_0mHKWsr87ndDojg zIwtty$b1mNi{2l4R2RKy8XER=c5Xep9=P_6O3@cE$=&rp5CyS(EUc~bFv6_!D}4q? zz&qu{^X`|HZyg8MJOIM_vmA9!FU3!~2(Zx9S$LIv(ROF9R#)w7G!)Olh=yH5eu~S) ze(UH^PKx)esEfoe=-H9 zG?Co89BGQ~%^XzjX!_lrxa8KKf~wqn70zSFv#ElZkle7^v@Zk9xKB9_#4yIJ30=>5 zo>_~pc2!+K%1?$if2ZGw(x_KPodb6|A67lDqvkKI{TnPOI6BG~gnt;+ZP4A!XvT`2 z3uJ^9K4s3;A0t^epya;}ZN5)DAx$wY2XUfE-frB>LMgN@`l4R$>h#KOcwx5ZGq>{P z7v#z%EG@Tn^4Bd_@59y5*bfAIM>6Th^HZ;H5J@6+m9K$?8x^S4cer);;ATUW!E*+m zV2L5>Psp#ahz@B(NGpcTDhsTBs6Sfyt? z)cmIfQeW=4cU_oC%HP&5>w4Bu;Sj9nA1fHYUFdIpeoF_}T`(62 zNX4wyt{w!bA!|7cf3|NcsZ2@8pB`5#`$NGnKG-$yW9%9iO>Gb!-Dck1c+}5zDSA{n z7+GwYf1O^~`Lr^>p5Ist1SMu~#C^0r=~;1k8il@e#$5+LjA@13P8tL$Ukb!a!F&!- z0zY{`;bMD_6>}W5e3cVD9Ou`zdDX3*D*M{{8e<_EhPx7@5gbt z-ZH za=FJ4pRO(-?{H|S**emY2*gFP;Nheh(EP&rf5(vf>?+oRd7{F2AMAVT>{aeeK~mBA zy-tMV0Hv8zcv+9Yj_=`1qr+aPf%}1V`il8X^DsJ1^Wdob8dzd>-V_FPV7(Rpfx7Cx zz}ALhsqhI6_IU{^4(_;6m{eH5!mcr4%JyfGL;R%sdGs1c4!*uA8-mj|^f$>(mpz=Xz@@sh~sRpP;%YZL%w#BwZuVcnKA@?;PE_cij#^pa%XeH`}Xdz`w5Zo&*cM(yQCAGz#YL!ptWkNx@kgu^n;cp18c z?T-DGuLUTnF)G@7kA`Mgfb{Nw78>%2(={T8Y{#PB^^nmHHLnr{b-dU^i1dl8q{Ajo ze~h~sx&o7^LCjOgyyW$KU!Rs5qTTAP=>+|G)Y1L4U5I@~veR$cUa+-_hvKYm3*GYH|s zoRKNs{Pp{k_A!m~>y2ERP=B|3boMiMV5#iwr8ng#$MaL}xfF6ycq{b$kNIOgzot4U zJHLf1&AGYgj^C{2@J(BXls*%X??T{LThbiKkI-2b5SZ22oV=Z92gHZ6k3wFds7rMi zy*1~;GpKNsT|#L1-L+?1`wCnQ`v$57An_Vc`s_HaRk4bpz|gzA*+H1mzZc1#u2z0c zAhB5U?Jf7O=X8H4>9f7+;p3@|N4yjfQsLa?r#_nTiN&f_dFeSI07^W+U&ov5 zWzR#y0O>m-B@?p5*yp_E#{UAlyAPk9fV&d}0{J#q^#Dnb%%UO%g=Y8rWj==YT;2Cz zm^QcQ+m}O^_t2Cw=hh`;@yfshO9Dc&B*#JSZo2DhBqcOf4>vTN03SoD{Y32t4h#_t zMBg>b3X@$G1d~EZRe_IPc^ke>e_2U(A%ew)AQDg)#e0P%_$w&h5jbxBmVQy6oOWyMoh&9N9o0iAmdM$C(kBuWMi{>7nh4U~pa(~n z_lzIUvMnH&($Wx<8ywApd2x!w4jZIa+_kOis6}h%ry&gvgmr!8Y5pfC6%|68E?{Pd!C)7Dkv7O$e*9+{QN0UpoRe!|b=k5oxCxzR~jOI!Y zYJHr$%Pl2(C}{Hy+7ed_+Fwt^)w`FUyc~;MztPm|Bz;H<{B($)dSf^_$+C~zR~LXY zf?wjYP8{%VB1l4(@7eAl+ZU0>pzvl*OiT#v4EsIc`4ez}dj520-XBaOWzko@r2F*D zgp)qh)~6-*VNCt-@jG={2$I#j_WNrNE0o_DKA!c|=nfQ|%y*dFH8rRJMu1l6lhZJR z0MTonnu`pu^{sRi-cWCg0%1u3Zj}&2P}B1?q6AmKq&E@z4GKGl#)J9HA3kuIorfkA zgQN9cjR6|mHuS7@m?VFfL-YejvxWrc)4rw9`PJu){P^ruIj;&7?xFiA7t#2{{32h? z*he=NMrHD)dehf{NvsjCpQr1w*w=-YH>yLh{tTSh9zj?Y`s|-+mj%Div=cu#{m6)7 z6@TwSYKR(*I^9z_N(so|5Oojq%+~RFiEVxI?wWxYZoc+8qe9Qv)$j9!dZ*Xzvu)+Q zRVWB1?~+aJdDh6Ln!&z0J+pICT2c^?HQPYYuNm{6J!@)7TSu)RQG9vIfvM`UkqQwO zeVuh!6OOy^Jrx=HIivN(^BXb(_8Cj|_c+!3vY$x@`}z@9)I7lQ204N^3AJPS_=9!^ zzsFTi5Fw-c9lt@)&eD@J`S|TKZnNnoWsN7%D8yFz^$N8I?Ki9e@4W<c6>67k;>Y z_@ATXD)nOB!@lL`xs>~ObsLr=)${;eqf6|1+d=W8ezIo&^|>BjBxf1!!;H-yVT~MC z`!i!!&)IL1!^?f>4B?go>)>+Y&#(A0Ck4^+-}%*c5MZK`G(Xb^-RKqaSgnzXT02Lz z2O}rsIJRFys=2Mla;iZG$D6LfiuUx$+?+9BBdMMG(L7M23XTHk+4GjJ;XbLeu$qHm zc$Zw>f=ZM_Z@GQAHMcKBKN%>%+cPex-0u%sWRpbumK{H-tY$!}XTKcBgK0#4I5P`v zn>7r?Y$9L;;L$_zNp(xS5=xwf)~+|Cwp(`-v@BZs!dInE@uAf)c$cUkT;?=ZqxX(t z3{Y@M+>TnIo~SUcp7#6X%w6dA8TZVEWm^tOLpdlYkLc3b}k4jTUYlbX!SIhmbkfb?Dbv zsc7C)v4(NkyQXqDkqvd-VKQ5=bUaG5QcRko-HJl|2yEcUyNjmunAL>6IQmH*Z|Dxa zd7ucFT($W0QI@<)mUCtA3t3y-{_MjEa`PLLRNWKoW-^At~~1csowE zus@rBGee$lFwF}0aXZCVSjtMIf8Jxa3R-3h_499xIYtcs6(FxdTHL-J%zJ5m^|e`( zw7yb~OrKh$g|5MV$KK36SL4tMJ62g#m5<>F4GLa#(a#Xf>r`jdcxH8U=df3tzJbXt zgPd7QLTHlhO`x$#@F>M@tjyA(Q~$ex{p?8|5RCUjot`#H4SU)>)E9rnyNDkw>3;kB zuiBJU=B`!%eQJEuSFVx|pT0YU`glJHr~KNV&M!*fRqQzWtR-p8Fx=To(VQIL;0aVe zU?P5e@2A0%7n^WffPyXw6oE6l76E3vrNeY=@28aOpc$%jOk~AfznDuU#R-vTGdyj~ zAEkZ9`11MSgR8FyUx?xB>IeJI-REYA$ic?v-+VT@nirP45}v&*`GMdya&uRS78D41 z?LklUR=ZfO>y`)8Z9k-Qn4IdsSc+4YF)sYh>?ANHSMF}fOM0}?``+<=1+UR$IbL#s zecDR4eD||Cq5GC0reWcKoP@to+N^P3;7`FjqYYvP?IORf&myRwNOxq;T%p!GCJ}7i zPA@Z^v>$|OJBIVFGIU&Tdf9)PM^6W%x;fnoeOmVTjo_(aCRdT4kDu$WI}PE=K`QBa zel(*X;vm%2DD&vKZt5A8=HFYty?q1Io{S}U;`$Lx$1?JN)uVX^AaJnO!>!Xyq=w_B z@N7{N(3oPPs_42g8z#nej->xIQ1cj|>j1Kg6N0e-yzVlXjG41b^Q>OuW*xJ&I=fSL zMZ-tAdf%1at2E6E-f7De5BGgqC)>tm=9rxlP&C3s|NbrrswSQ3FJLvk>=y(w`n)Lp zLj8h7@d@_$lp42w-a`fU%Dqt;8z!g{^osI-36&uw5MPQa_mlqq8$<|KMQBy!6y3t9 z^p!8Z=i9J+Q zP+D(Z_7@7$2gtrav(I@{UmzkoiNB4QHf1?s%9-5fG4D=u!yEEL_#HF=`TokbZCm0A zwaI)Vbenbi1ZAo_l0P!Ib@e59|LU(o%@nM|q&lLmg(ta;y-|(3biWz%iaZd-<4h_r zW%hzi+IJYIy73YkZE*KgNx4h{XWM%uq{%a3_A{}1lu46(no?PESq*4q0WJ^j-IFBd z+g;*Exl@;$Z^`Y*ZE`qJ~=T!`6NCjTvpf=Lu!Ht`I>6Bv#)k4*yO{1?T zun6|m@5g*vTn#98q+EFMCfelfeHA#|jMN9-Gg{{}Q@wixM(_mKni~n7)_vY%|WA`XzYvwRI+)q9dBnmyGd>UTG0ff{_P zhM0|ng}AZs;l?DYyr35^B=1kS z-4BmBu@b;ShMY4X_0B@B6B2*>6qX+!JURlbBe6I4 z7k|iLIV+6h=dHbl!uh1~AiErtbt;dvhrw{R>pHP+q(mFZBPN2i04R7SX zyZ4UJ!9It)(X#n=88wdr{3Q_K(*B|Mo$dof584%E*^jdJ9nH|0OZMo0O%KUP-pvfd zjuHL`fyL!T9^P+6-xl2U@XUVFbl4|`sJNHszK9ylD9ic%6!k~*s$u30+wPSF?DKgB z(mYTr7Lb=SG8~>vl(Q81#n=h$_3+8*d|bf1Y0EuSuAyQzi&B9u_xBRiU(xYjyPldX z6T$CjNK7hCs^}nBzA_7Rm9C1`5E51doC)40%tthjtL%Gsfvmgx3ok#UbLL30al{RQ zev%29-z{Pqn2ivyIv}D0++vT1CB#}Rzdp}TdwpIqlZ6Ro1V-r{*^~_GtHAsyY!6rY z`AK3OI{n=NIo*Eill_9r;Qg0xXoBWktFR#ST#Hp(k+%@U>h=Kbg;3WK_7wg#+f za+7RB7csbQV+s3^>xV9)#Z=3xFt8mZ{wWQ*Ek*7Becl`nb9y@-T1r|y$f1}?53SSk z5G@MozMif}dz5a{CgVO*>BX9gNRLLe$Y&F>RqL%YUWDRsQTW%1g397$!}9x=Bq$8J zl-8|vnIL~`ZpRaU!LiAHQ}PI_=Whx2PD;KfadmgNi|{1V*MLrU38EFb8y5)`!PFw(WZ2~(#ALr7|u-?PO+(JZ;^`{b~hw=SV6!)sm9>hw>)ZYf%h zU4pC6MUPYNKIDyF6xQ=a*e*BI^$(bGMgAm=Z22*`J)5W8-p$U+xjE4l3$Zedyv~iU z?o$yjN5YU?p1yB8;h7@1hokMWy>S`N;u zTVyX7Q?W@`E4BR)gncFJ$mPh>v3&{vk;qS`7{Y-lcR$?j zVo00=jo+B?bSSSr;T{f>l=NuWXnRD;ZP{D5%_kG2ub%?dj>&gxTCHK2vIY-5%`n%R zDM0(j%k>kJp`9o}?zSAQ3+go?zsVPna~Ve>v>L~DCvfi3V}sc`r8`KfH?=%Cdx@T0 z!6P2vH4BK?BZ1((9)DM6-uBZ{??tm_7P?4pZetVbEwSklApI|zt|xh7;P0UQBk9bx z6a|7H`b)|xkD?$5B0I<%CNGBS(zC(lIaXEgmb%BpZ9APSmnw^ zWkfgc!H^$j`?@Bbc$0qWnMl^29JL&aK>nI3I;?`54GBQbpFgk$bEjwXKM(j0&*$@P z&<^`~4Jdp_F+3*}RGVsv9;-Z58KqSgiy&!}p81y7?`@s>w=!Ths@b}*;bv1m9r?q+ zSM*%mBv#-N&nxxqc<+f#S(p}kj`SwQrN$S!K<-JVi|JhG&HwIk@=e%tDY2c6!&q4E z_br?el=07ffXMZ$$?n}Wm&5z5qLF|k^r*gxUXQ4RHx4Uh6JG|A7)sBz0Z$BdRXTOK zKPVQ6>8o04R8ci(ZmONv0-v=JYM$;;({th-Q=};8V1Tf44>b3QZP}7Zceap>Ui*{; zqbdJ=x0lCP+Hw3Ml9mCu1^bB%2YW|2$Zs?(1XG1-_hs70ZTzIG_Z5DP2y#H-|Gh! zpp!w}BmGzw$*h<%5n;pmwZzl!o*DaRLhttnkqQ%L3r%-PI}HI|EgsBNk?FGz6F{mp z!&7uJkLmO-*^jn_{@q}x@N`)W!zxDUua{XC2Dk)MZ~fNH=i@4npP6!;-H{Jt)sfA* zS42Ka7+tlZWh9fCes2Bz(rC7)Z^pDw$tusZ`kLLcO?+%ac%k=spDk*UpNJcbcwP654!VV>A*g zdmjs@?ENc^BUfBd?fX4*{!W|jAwg;~iQwkM@Z)0^;4!rf>~>#N^4IRG4+NpS^O}N} ztwn^;zSp!nM^W`Iba}XTwft+rhAJ{)XtKF$$bDQ7?Jn__q9T*tAK;ufkH75f0)!9br_+lLMf)g=L%c~Fg z=_xs&!8gIiB_ioPOt|39c64)}Doc$t@r-W!y0P&uYUVF>S6N^lHTXEOE;Nkt%*sYJ z_USskPABw-&FwQH?b~BN!Hx8w+354I#~W)RMdYeS1yZduH&k{Zb@xXMJv;s@|Dhg}Ij9l(!B$`bueA+xCMD8xDwx zDa>{4WyQv$m3;yG2!21E;m+hVq0=n+{QlTTl#RCX`~17tZ=rPE@9}_-vF_39;h@4y ztA4`c=H0}itys=Fgr>J$5gu9<}R4}p51(H#b)dMajCepmudEHUirKde8 z#CYNKKm(;2vGB~Do>tgo7OXCCCXL{PoEECrUq)=l@ngl$evHzI%$I$nIxOhf#oH7Z z7kFDZC=T=1Wr(2c$2T6GfWDl+1;#hN{C~5c!IF^+E?=ag#NEAyy2> zfNiEKXpq*36GfW5~-UmnW4o3e3ePk7N-Q$i;cEjrCY{i*SEu~?57l`Duw~zxL%1bnghv1LvI?a{AMfGKkj~Z z+DmmD{#=%{w?ye)3-^rtCtdj-QOvZDeW_1!cBVd}o56k@o)T=0j_2jmsw#gRO7{7o zX+a$k2%O3?>Dm+hJQl19T>S4Fsp!S~wjaj7PqTWQj<54@N`1dCNM@u$q+IY07<*cn zgzWEi*_4m-v`!qPwg|1%J=m(e0q&aBySWkfm&Wd;fzl?N$l!Uh!+2}9Aa^yqaFz7S&{k{^bx)Y1{I^75z!fSMNkEh@*F?0wcFv|K| z=tFpS<^5*j#)QlwgA+^cClQ$edzb#Id~6@YlG6oRBpInfaIP*u_c`AxE|J9_%PFa^ z&g0YV)4)FGjni!5zxa9J6+ew><1E>8MCp;sUZM6z!`i~)ar?=xBn^uQ5aGY7+fHaq&H>iFbh^+%S4Fi08y^zpz{_tW&i8-<%&N)d=AI zc)DpTdbe$)Y<~~74k3IZPPIPe9V@&vCVIU^St5VQ+%|D-(jOS9dqW577@$0_`OGxh z3KRfYHk!bRCsfvcEZoZy1~%Pt+oMWx5{qqkCv)ax2Dj)})T@B)rsdV5D~nH`@=-q2 zW_CwPGHZk@o2!N8!=$oL*wwm`+%1uq_WR53Ltm669(6r{>J&SK3s++LKlE~Ox%U$;FJM{y%VB`C4t=1T zS0qBva5UV$Jd+kxIL#o9r+qDDd z(67UWTZ6vZDPGxuq8hPJRCngpgJ)dd@FTnAlyR%HS<#*{JaxR$n0~r!7yHyHxol*L z+pMk0dQq!lZ!)D~z3wXou9Mgx{6pPLQ_pW5eSMUkgk;5Yd5;65QM;@HmH6P-y>3x8%KkdogN4*aU%;|Cx870~x* z)gN2abIViHoRxwWuE1S02_C@n@1FM6f7$%_!E-&*pL8D>C z-p{81A>U<__Jc_x&5acA4SKn$_580uEch*)4#!uM!(CjQg4>eiRFW)*tXPNKwZkCx zwIh9!`cc`ZVd})Y_uK56A)KUdmTO)dvl5&j5BD|Pe!5Xpf}|*NxROKx4iYPIme*0r77EvdEV zy(!s!YnRkX4_}GnE-z!rOJE1@+!1uj<+c*Y>JQVT4>|PJ?VEjTe6?Q@6l4&>EWJQH zd7dB7#+ttm-SU`0QA_V)e|tp|yUcv-zzs3x@Yij4e^_Do-976(W1u}m=#hjA#p4d^ z6zE4*u58y2`?xCR3F9nGbOk|PDENm};~5@`wcOZLcDSFP;iV`9RQj3q{sWcWeoOJf z9sVc#r+wJLvJ;L9-?e0cgS_2Ku-OvXSVE%9#FMHSXnzLFWU3y(l~dP3I+EY!Z2n5R z9N4+(k?KYh@U;TP8nG|Wp6=aox!el&B#uv@F{ONcb8>tWX8>8i70jyeGD&-`758ca zOY&iz1?r2|QCA4LtCZ$g?BUrvs+ifyuPP>$Zf?OFh}PG%H8l90(E7nkSsDt1?~g%@ zPtG_PI-*J ziK)9@73J01@8q_$T^@6_uAGg@GOHyZ8ujFQjRkObiTjRZo`Dn`7zunznOxCCQw9&? zBM4-nm$_aqhr5ckK93SVXT5hgfWC;n5?qS*0oz}pv@}R}*)F1D)8f*$fA0g3_qa~t z?ZdxH64R3;9P$*Q8~;u9J@P_BIm`mS9|Ee&+G(^yTMsdYB0M$BII<$$zrI|nmyjMm z0FW-`HnB>wM=||3^{G9VblTr^O+X^A>q4-x<#}Fz&&}?*eQA)-&CPU#-&s@dvNyhP zBlD-l$5;Gep(0kWLOL(Z{gxkaqFj?vej7BIhY2C8INvF=xpdriwRF&?@Yc+oqLKOe)V^22fdIv0>;<2xWl-B7zBU{KfJIX~ew z6xNuim)X-*X0~SOh7)TA8`*o!=ISUNILURd;(tr(SF)Dpa_&r53d z)st>=qc!9~V=VX0sVC_$zx`7dzNTf4;3|c+0#K#q9Zh3jjW>KI6wve%Ef-6s-FB7{ zsJlepIiEdi$d%L;q7kpA;K({{p)!*K>`YoF53-t0P15Fn&joQ>mP2R_&k~w`)%N=V z+lxfl2kv(Zo;6HqoZiJFnA#a9+U-u4+%iUsxDt>z8T*`mX4XB9f9x@hSWto+CepdP zJumZ@ydS5>sjITlhTtVsoRuESX-yavVkV#*ELsefwrGDh9@&$#+h@om~gZ_umzljcw-oR2`=( z%jrLVK_J#Ux?iw&6MH}I18=m}bV%wTwUy!-eGL|N*S5Rv5C?pZph#`M*$B;1`XAOj zX99Q5IW1Yl44yuaj|91W&-sPXm2%1lBfGUVj|6mK9zchMn?t~L58OTYRu$?l z>z7SnN@}ll5Abfe`JI#8+hN8CG_x&{@znYGh_ z_?o_JUzP`q(hj7-FY%%u9QAQbUG8;FwQf9`%ee|~!Wvi%l|WWCP7tds(K^r${KO+l zr-~L$mS#m3;#5~TcOw+d@=YexiD)0`%cuKI`JPN%mA6MYD7bvZ$`jFk zoyVT=DkWq%SJYnGJJMkN~t=S|scagA_ zEl}s8tWYKiPBbDE{vmt4M!n4aEaInoCKE5btEG1L79zfh6-QsoN{0N?`i7^%x~kL^ zD_@?pGPIdxQF#TRpfNqvBl8>Vd$@1qu)xiQ_Q| znJn~G+z_4?rk6^Rg|IDy98(D&F|ZlgDKF6V!N7zn(V<}UaB zO?YMTexE;+eOMa!+LM;0lIC9h-9DyT1EL)tc&-`rH29qTzrjT344v)z?kGIYpZLfb zZvJ~P6H9%-g4lb~`R>O;U6n4GqfwvJo>&Qsh>S93GvV?|!f}oi4*R|~wrycFa@wcQ zur2z5`~3W0z6RT$Pf-+Vt1b*K&~sVkUeQhYvh&9gE&l0YYBke+2(1!)V^+umRe%1O zKIIXNiS@}WiY(fiGrVWxBKa>h$kVJro*r42M4W=-yr7%+a#cb9uyO_ zp4GK)L)4&^++pB(aLez7E}kn(N#)n`hswx>QHA=^u$PeW-nHgu8R@C`tUP3LsWPwO z@3C2X6a|$!fN#FB{i_zq4_eG8C%F>v0r!xb`vgAc9r-OvEDr~48-Gy z*e{JktOxB#qv5EN&ISwkY`G98^+lsU{(|b^XOD>+L3N({)*FLDNTJl&^BoLJFBBig zUwGr#)9noOdcG`2;vH|z30`XS2ivM|34 z_edWRu5nWLIkFT7%SKJGVttf}&mRpah-!AmYjNZpIJJO@4=0gti%nz45;ic~b-Cc4 z>Yg{B0FhgpjALWAg!NXg;yyyZJoovwp_RSP>95PrYt7tGr3~ZrvVpDCoF_NRy{LmN zy&Xcvx#l-9#yHMf-#5)ro{vg9`uAs;4G|}Eao|cRKQ8h>BBTP~VTgI4cznBU(vQ=g zsdnWUcqbmgk+^kU!ff?19@?2Jo1%M#F4ouThdv06@F6JzvuLXw4s-FV(E-Mu3;FQy zZaceg#V3y%Zr#i_5|ktH1VX*m??$a13(Q0!)usmQv0hgaw{R5@Z}R=ymp=m>)Q^c|Ew7sR29nq+(Boe`J*0(+)%-XC-y- zr|x0xQ_|_=9|XdHafV1ccby-rs{v)(fS!1e>5kN#!^~4l13%N&+eP0MU68-=I_K2g zt>}0KZKgWBc(R6lLXYUg_%>V$w%T&Vc{b`>u1D~F z!wC0DF3*FHeER-XZ(^7Gs%HU7i1PFP5pyzd`B`o&^HvQQ4n(^^UaN~X)y=m^x{Aj* zM#nI2=s_kNvS)-y{(Yuk(9b_~zlDi-OY9q`arO<_3E+hE-o2erb4WaV>h9hsm->_vrrhQ@FWX0jin(6X3ho>5XBHH_A=~f3L+ANjM{F%=>Qg!KX8ONx8SA+x_}2c1)3cEvGclHm``B zpm{yK!QHNwU6tece2|Fuf{MSp03PVlSA*BMk>q?Q)sdyri9@@3r;uM${e%~#*uVIi ziv8k5v$E=*d?L@x@Z+^e^vmw-rMb+@c`=fG3v7hd$RSowI06~0rw;Y`OJl}=V>jY! zk1DX65ZNkwTe{9)3p+={L#az>;lPv2sgd?sZJi%z7xZ6T9HvvfXKB8K#R&E9X-(0y zUyFDm)&Q3~|3bNOI27No-@r)gC4q`JT@vprIUHB+byz#kuIMd?R{{C@cHnY_gUH+?teaLC)f;2_?^OD(VIM0v;ec`WVxRxc;#vabu(_v_=M%`SX_pR>Tfh%~XbST+zZ_mf)- zSgGuX7=5((dsI1pqaWjoqpLi;mWw+J++zrr58xi_Ap`ktjqeHdmpRpv$~OqcCw|*0 zmQ=WShZ|~KM;)!9!an0N*VFrZ`6;NG0U=L*68tXuUbM><+*$qxT8lg0f7O1;2|33J z=eBRtH-d%sul61^p(LkLdwFl$gUYYlPeO8`7uB+`ycwB!9Fyy${Z5=mJ0xWH0PM>F zDbI8g%_b1jz_iJ)>U6o4lzHf0lth0V`NrOEd*WnRJ|71{qQ?Vz_I~g?VM8LMg>5yh zJ*Mv)9dN^DYdt*2IHH+rh~WCB9x@J9g$F}zzM>V&J~|`_AMp=dTD2kqLNbf@KDsWKZCoB z5!O0ucv;u61WcJjUX&0 z{S(QnO#d~-jnVL@lKLd#epNfr@1dFTan$hu{-)249c7c%1Q;-68TC7odVKVGbcLkJ z3nfrki1fk5L$_?}%%KshCuscaBGw9>H<)WTq$b8*s04iNt4*ss3&Z*B#q0|fgDi15 z9xR&oZ({=ch2cFO(;$W9PdS%aQzs|}jQ$TU7Cvp7bDYB3uCqN4T54E&v;aS)r!rx> zaY|`zh7J&(S9MX`3r%IN_4|5$^rQrT~E8QN>&V2)}OU z3yC3m!`KWB#|48W?~yOUM{lVkp~ZUm)yOabibf#5F!;JR0xAPaf?be7_t7@+u` z{?V_f5GiGfW+4&X>AINI8BI!EVC>@k;Tc#L!Eh2sR}(17@fzasqE5e=H3ToaK5J)} zm+|#kK3XpA`$`TW>oj^3+1Y#~+kraX9$)#-dby`t0QS@g$m=~HB;&RdVVw0a=Cpwi zR@tlS5%x4G5NAw(ZMNRlJ}!~Ie%S7g)k3V+_L1zP%WJCI0D=W1H|+ zFa~e^N_GAZ-Bwz0K$Ma@bbv_=~2ux7Cgj1Hjhq07r<$IDS z=#QsBGdy?-CL^496|7?sY{FQj=(SG`y)xjhzs&)+U%EZZF@&!7NILIzUopUq2!Epx z|GHk@qqE#K;uZdm5p#VZQ~SM7`9i%vOIeq8jQzVyNmH_W-Bu30r`Kvgk@r8s)UacL>{IDG=F)WEdCvA76F>-k=RkBm6Gf0G)fiHwBkI`xhY>=>g)Kt;RKv3peiW%xBf4B=`{FaKv zd1N-^5P9=4>T_#1H#o6R5Cpxw{IGi#iN{wMJQGFYHo{vVqp(PTX%jfXzc-JiAOhac zwD7(ip7wCReEkhq)}BUJMF|S%ixS-IWBkI$suy71XkcJ{pO^&5MOgF@U_&s_ksyl% z%m$N#?I^3(UvEl&E6YKK;%ha#WBdW4X*HsgPfO1Ct8)kwA(Gcac@Jj!;7ec;A0Fyp zd-Fz+PO6^my(~Nr*yYixALD6ee$}4@9TV9p1D17Tkf$7zYo{moh_wyc6%cb zI5d;3AL(~Ew}$m%{=A&GFBxs@CS0`^F-bV^5577lZpHZ;`ak)%efU`)gezUn7xnVwZ=a*SHWw z?q2e}kRrB!;oie9t}!{z;MEM9XkW9P)W47>E{eHdZF(NdawOL`_U|stNW6(V_Ya>+WCekq! zw#k&mctCcZ!{9fMq=^EUw}-Nz9SZsixH&dqkJqN)Q8$NNx^@$)`f^S?T2ce|$gY)) zygpK}7MSP{r|kKR-;?u4So@}oq73AGv2tiH)_rWd##ip9@efwm2RWi>(U3?O@~z$D z=zZDxxW(x{7m0Tsmx9QimG!y7PLg^Bk$BG(1P=R&eCK|8Co#Buynyg8h(_-znix{-B#i}v7G=y1}I6d(aDQ&J3gTN zxxb@O{3M240f@3-VtvAhta^}l0xvx$x={kD;W`GGBs9bC?}3PFu&ZMSB1qhxizWEA z%aNA0$KE3LC->h^a5sbDWxoBx|25J z4C8oypg@G6>|Gvosn6AuVxq4tKD?8^0%8B7sxsz4&JEsFIK0O9dKH)s&RQXN^tq`W zz&t%GpT6#$87hf=@33KgQnY&a>>|>LOA$WZA+mk;ugi4#>^EyYBf?jC zBSn>^vfmwwAF^W>P!(x*ED)|n%uG-p(FH<1_qi@lOwZG5hBe2}T|SqNCD+orCm!ps zw7kr9-)XO`RdAxTCC?Z*H15YWdqYbO8@0zbv0jM@lig2xM)ub|%I#gge=o2!X!-QA zElt=}(*Bwh?Crlr8upmDd#pN0C$#iL%l$6eE%HcZo-I`YK#~Ofek0UIEVwTT;8ayNqa=|=Kxi`1F$edEJJ^*n~6F% z*uyntPQP!<@^*KClO%2vhD-EXKDZ+wZN6VF)GlD;)5pE5MoK@Ihv9SSOjv!2M%Hhl z_l8pHk>efrcp`6PL(h+dPsax3hOdu@@0B^ns-@`rg!>o|Jx!T@9rdKs$hXA&KuOj0 ze7~t*F}tJ2_K8lTV7mJu8rNv__91n|1KCV8l|LtO(Z7*o?ld`h?`OjcIyUt37Udj;wUSkZiUr)4Fir3 z`tL6prq0oGNMxq*i}-U@@53*7CGa%Y_TcfrK7_~hwx%nTWROUr$)dtx7n9()0bbqQ z_wnp<+{e9xCe#F}7*a4fEUI1SLTA;of4_3nQ)g(iXC-;#I8KRRzJb$fKj-)cEHrU~ zYJt(u_(saNITeWu?V zLQ~Q05)9&iZ*3kA*C0`|oJYx@uC_8!0*tJ#CfLOhYjyajcdBr^dlDxlV_)NU!$Mzn zfUO0TQ+q}P=&2L_q0!C5ME8(D73}73cc3yLDJ5N_d{&QNun{EzV*aiM6H~;hSMMH0 z^P2fOGr5`vx15+VYrG6G1t%v9pmEj@VXv=?a)b=TnM3*@OC7*p`qr zwRyZP+-N-7yrHe{Rr|GAs7;^jA9M3Wb_nkwPki7m__CJh#B2unqO-etvcIyD1x(lR zdlH=%-*;h2D{3+W6ue=Zw27G_=-OC;8WjLzt^R&56j{!NrhtPAM`Tnxlk|wtbDPzm& zYLyE^dcV4IH_uWQYuMj$BQ&{(htpScv=mu}>CB-RYlCNpr`Wd`)dj%k1AlIJ*6v^BZez$c+`I=Nu%&RVHR&CfVEfnTnc{QI>-RSwvsNDKz&ZhL zsJ^#CYsXW2fCB#+REKoQ>+w`lXDA6SA<<_F-T*&0G!`2I6hJqAGim7DcHD^Ll zm!9_Nz zW|^t@%pT$I{X`$*56M{SLc@0L@x5!DrSwJD)yVK&@pbxZ`mk&qnvA%7Byob17umdj zHSIr)FfH?zWXLw)4r?u%?9b7S?ReV<=C?iYMfp24Ftw?!jq@B7&Y?LCD68YcmP|J~ zkYdRM{rfp`<~Nq^a`!g%1zfO7VV@%Rz(Vx7rJ>sB#&peu(blruUbdfmE{2svbG!F= z{w3~Lxqr3GH3R=LO<~r1OWj#zo);_lOmpjTm!I`~CMxm0yp&Yj9?P{DK4NQM3?#@7 zT1g&NP}b+3qtB+tzYF&eo)78tk&jt-e|@VEAuX>Kr&p?19@!jDLyVj*R|P|}A@xiQ zn!Q!+US|^bQ8`blK-cxtelN`OeyiD*As9aevFC?*nNlgNMwpFF`sye0 z=NiZ21mpDt0gGtw^H*a<*}gBIy7&rmiRr=pfJ>9qP@aC1GB$6}3PF!ZoBF}GH}A^M zdssE=H1+LLCv5m~%Q@wsd<|uX8^B4Yao*)Kng|!gCF|`Pg~S#TOm|Mpd3qok?`eK^ zCX-rxl|9sgS_CkLdE_|w@AoVgbA2(|bCYho6|JMwG%Y%rPkVis@1&w$`*D6<_he0W zB%;odQP;nL_GcAebTV)rj1XbLC|or(6jd}}D*BjCFYb7?PazyxFCLP;`!H=f_$!d# zrqcvQmPw^hX4*%3spp&iFefboOQa~YOxKoI#75^JGZ6cU{OkUJN>Sn4_3cLHnYz*6 ziT86IgHrMRjoa^yHYa2n!c|}K7NSVa^QkIpyQS^zi^*;u@**#A`0)rV%F}p1!9zSJ zSGd*ue3x}ChS{&M&jtL07>3vvxOD^u8J_j}!~NQ7pqvgwWZu#H7CNody!cFtdg-%>Pcq4`1o9rnwKyY`5U|Ee?&bbp2q|7<08bcVUr)Ni@g{vJk=6Cm`@iY z^-KHY9#710Fv)Qt%AuyI!3{}r7h3T0?LMZadkZAJJQ3Rq!?CV3p(*M$bZEjexSZ2C zC;SmUOU`VF>S?&rz^(xN4jwbpcqDE$PqnlG=17W*h9;v8*jAt}`Ce+aNTr)k@PtjJ zm!gT!a0UJUf{UFO$Z%CDgoh$Mdj|`?h~4cEhVEIfmqt9~*a=CV6w(h&9>V7bQBM6F z--2a+GAgw9D+bYK?EP@npYI2#q7R@_jl48j{p%1@hHt2yj;|;J8({6CaBGPZ8iEuO3v%phym^wkU?#xnIkga=}O#SBGQD@pmsOetd2IT4A1h;8mXB*pVz43A= z=FL5FBdg=u}=p*g*lQ=yoGi8n7ZFe^)aVUKSYaPCbQ6aV#biPb?jt}+^idh1!y95>h+Kk09FQn)Fx3|N0e&*kO4(Y1% zdrVIIUjDpjk7s~wv#6!ML`tuWS=q)Xpwt2Im(d?iWmOq!G-2y=8^ps(9KqKi%Try} zbx&UW(`2>AUv)&p9ZS}fQy7ry#v_0HP5T-f7Rh}>q=pk1HnI86S`c1$+)H!3Wb!fh z*aH?=PsZCxvxU*R$q~L5WDa4-)Gw3;6 zOpujbZt0lQ8@=~Z@J}h-2VLj|VCcf4k+Xsr`3!K8a}{wlO+_g*lpIDoRUh-GmVF;2 z`<!wu3V*&ua&0+QeS~k;ev=OU+wP?6c%P-SBVp(QP+c9DDvVm|!jHY~i z&7hav#9!{|cvH~$v6jdJd~zMfd03f8a9&ToJqg6!qjb3ZHi!lG4VPIYAHPMpoJ zTO%h14nmo^)$c}n2WlTEW8LlBmV3j%8ABwBgczwmC}M{mBBA^F7{)|nh9Sa|_SE|h~jN=K(&n{R$(QksWGmZ0)is#&W@ zkddZVB^tYL=MKCe%ffMO0|gdAz&mQM8)qKeY|5X3aOyJpAwrmgHK~px;fdS*BwW0i zMX9%eE!-K7E_W^$kV^>5_eu6R@WN){xoXd<%aoul$|Iqa9(8*PPrw^0F(I{++Od+{ zYRBpVLSp#1SP2?wnw6rSCAG&cE-#0kQ&;ltcFV`FF8gjlyyqvp;?{SDq89}drvX_k zW5&{TU!>@To1BckRZ3KN#KpO=aEQ|0G)Q(0Onff;;L8qe5n`&385*;Yh#Llb*TMbY zqtP%RUm~gtR3H5&$T{Wma6#E?>{HS_*TFb^z1oqNuBP-qDD)`&MZYiSE41r&}0(<1&ppeIJMS+3>D^ zqS$Xc_zN?-Y79#8zMJ{5HxqEv^@v{lW3~_W`GkHgiMF340`o0h_;1&fprd zorq398Lt}xvoI-s;9BF!b4TK^4TZM`e@n!H2aUYkUOJ<8`)Ns&53#jQVUNT+BOw+~ z#l@PRHEkMAOS^I4-i{MsrkBG)tK)oop2cZVgO&#ltQcJPhuAhW` zpb-S0xVvc2?jtJt$*D)6P1%n{6oPd?h)JONGxS)Ndw_0enh$JEJ@3hHC$={C?cvwrA65tQV{|F`}c%Z&z{)U7wP*D%Rd~ndlZ9{ z1j~w-EI-~%v0oRfrV&oZ0d&p=OBn6r=S~*quLtr*EZjuWu*`#D%E3ye*=Mo7l!adL#0kBJCXd9-e}2gAzQ3KRQ4@3elJdLGlB^YhO4g7+OZ) z0{Ewo3UCejxW+t8SaqMy7f^pO{{|rf z-8J}VV3v~{Ij}{O)>C`(j-kB@{?=ek_LJCV+=F1cM4&?6-8J@U@~#{x!b$_{6ASNn zIpF!ZIo=%|Zv`j63s#9z<)n_^R%^XSGNO4mg!$gU$4%Ft0j!Y>?OS;2_{Vtpy)-Ao}-HM3i}d^Kmi zvYqm+1~`2a(_u)Vel1km@nkB7B%zz1E{u`(&oE?!^c*6fjNVo3)b2yQIsn3FH}2Ix zw)pnf2V;26uliEyFfhk0@`LntoeZ)%y(#rt6#O|}l4~wVm40~1oK>b^*gCeG3Kzzl z9;~<9rjZjYR$sF;^K`Zp)mxSfPdMK9`PwxZm?E5Sv$-$L?DM=|Jh_jr*$k7oYE^ok z2gWfE`-o=W7+Yn~X|NBTo##1i8Nwp;gjqrSfI|i)iu3K%Thm&VFWawNvZZ~UcsYNr zt~yF?j`dB1Ogk7btLW&!L*0|;o?nh!8h=!CRxfE^SDRZN7sbw>m47()UsbNByDrn3 z{oUZzuHTMwW#UHU0gzIdf)|(zjC{2#?r3pa@3+%va%4t{YhAw{z*ZY(oB!%AXiQ+>!eF`}ITemy z80=7yg`1I=BpIN$I^@d~oJUov!!bgQgLs97!BmOfdla~4;z-NKPz?i$Wju3- zVZ+x9f6;L5B9F;lddq$Lrx+*6uw+iiZZt2_77B52?!Fv8nn_*-iHI&8s49W$0DS^a zHxDYd4B?wFDT!hgGx0hlg+!qjCb2|Fp+@-A;_V6cdbjT1)^elE$CK&Wxhd#jC{VYN zkPbP%Uib9351SqG)BEHl)`7~Y)CSieJPJo!pWZvJ7Ati`&VTy5b^cXoE=$@bS~8X) z%56Vo2|*B#eX@czEV>n z;*#+*(%zimja;nm^Ujhy^`n`5&W-M>+gm0yg`h4A&l3bM{P)(sa#g)H zUd^JD_jGXQ1(v?lJ_j@oe#eUg{31^2S0ySu~K5E#DmwNnh z>jMMvOJaUks6bruiPsl5Wm$eZg$eQ-&RH#KkcYY@xh5$V_K1=--t^9k0W*z|cDu6Ju>yyqc9 z=!($&z5Gg?i%K-5RXY<%wjdbPiwGf*7D{+G#B=Ac>kTey0?J9&)!Ps5Q%~Bepynr* z)O#^5zIWJzs6k4pP=G<``?rKnWw&~nAiCJg+}uvtFg#*2^0bNH7@d8SyA40`&w2l`V%z8Q!N|I|qg7w^$xJ;HSP%csk>>_$q6s6H>-&i8{PV z^~Ja>%Y1PZcUAUGN?vurL%@;h_uR-{Sp$R~s;^e4Wq6;|pLoq+jbn6X+(O$T3tu!V zk&pK@_5wve(Im&JJdlQve)E_%0+_VhAQsnM9ngpitUW zwL*@!eUnkzw8Tw`nxaoU`e!3awa9Yn`@bQJF}vYB-)=f9o91<(ZyZqoWTmXLV3Xpd zo^GEZ=be(uW4=DM20wG=_op`WXU7-qQv5lD|58!R$D}BBnXkx(jORk! z2<&x~H#{j!pYmjzrAR2IimA>*qU`#Or7xD6F9n<3Q+XkKO+;xul|+N2i(sJv^?NJrjrPf{EK*L zzU-fHrpnsBhI8r+SBd~s!f%RhTY*wG{VvN-&*JCZ8GOjq z6PzKRXMTTxV)Q+A?49NvkD#DLm;G3@#4)|lg#s9X~TQ3?YMuaH6vR%6u zDGppQ9!`%18*@V@&iNLn1}I_PRh4f?Z|?b%O)h7vzF=VNk07MxS`yrW{^f%NbHN^4 z93GH-u1vxggr!*y^!~KkV`UI9*3B|>OFY0qQj_BeCS?%Jt~X*j_X9erXTP+I6M1CQ zqV9@o6Bw&8>`5s~cfRu4w+Q(9ShMUj8!g6pz3Gr+hR1Hvqd>lVn^pLH%t3&-Rx_L> zWcJLTyt}arM$&R6(RW_(h}+}KqWWqSm*K6`n|s+v495A;%w2>x@F1P}$d{QG&Y!?< z&d+K(W&K5$p#EQf%(8eT%xxsh!ofC-eG*TjmGn)Ol_NwS(A>QIOkxV(`+9la#MSHh z(Fl3B`YCD!x?H9oyvs9QaidK0=ZT(1z7!RGNupI7_! z?&4@q-=^!*6upY6PuZ&a(Yo|I@H6!Uep8L2d>%+4P@Crem;X9~MUWY1^ zL~}sht^vHEXL#h2_{49{G8WK!;xv}BCV8Es$%xqld#frQeMU= zYFUHb4Buv?V~n|sl~6CypE68^>!F~<1syk0mLyj189Qa*wj2+3y~_7_SF|) ziBK1K*K74!Up^gO5Z)m4^j?9{?zBY*?8tr|1hJP|IjVk0R-o zw<(8CT6LF#l<=iixW0+C_$jA-ti%Ru{~KSF4z!x(;Qc{;P!Fb=d(T_!{Et1uX~KaDCI6hKZY!GU`As!X$8!Q9*GZH zme*xDo}7aKjo5y4es8J+)M>vRO&pyrB+x3i9yUMA58FNe03)@U&>lV6+*Yl8nxl(D z_v)9MvJZ&;+@=e1P0_IQuL!g;Q_Uw6yz`sGdd#DAPt&to4L4iF0|d`e%n8zO!}=xv z6^^I91{zcT?P-uN;`j3og`R$3_GwFGAfM4nu1h}O#}`Ca?s%k>>0UHa$c03T`F+y7 z04Myw{CwXX;0tOx_gBz0sz<7pC3t<7oh`)h5Xe$cTN``};#s zzNO!%x!+w}SeWDo>AW8D`gCB9mp&nwu`|TOMw!Wk_R0RyUs5oEO8gPy8KP5Y(Yf0v z1t9Fky8Zoox;jKq$8hI4eQvF}IFUlaq4{MfmN8cg6R8-B+GS6FqITbzuKyy`koJIUlVWb|Nd}hhUN} z@8jY7dMOv|e)l4bv|5+D$=*&7@&+jbv{L&6A)Uu{qm*pepMoSjmP7QBCWoC>BXY{` z0#JUuK|)=DhAumvZ}MDE9HiIDZM(g`OBnohfKotP97ysxoER&_a#ZIL(8}p8lyRnU z7jRF~`Py}Tn5ngR&jUcj4q^f&Rf^i|$TkhQZzQfFe;64T8a%HWRp;jugf)V~JyNeb z;UF9(rR`cSy`-Z@>^IK2g(?p*7fF~WL_j+e$;=aIgp%67#6|x+mi@}hPUt|Dt@ii3 zCK8O^hR^~an9E1L5}t$Ke%<;6!)g?XfB?BBtccM{pYwTne*dftHYG`PthBtiFOvuJ zcy9Ec01-UJQceI6;+Layv#eM4V9uj$uAOgzYv zdjkdk!J1eX5^GKHmf(X4vx+Bm|4i&JuwLQzfdkFaJ$y~k+|(09EH3nqCor|&zjOH8 zrT(S7G){L#&}uTwDETT0&E2@2_ls$iglkUK=hpGZZ>|0k>Ai`a`tS(74$0;o4}|RMJfxG61H{laW{H&9EmP3A_BqgKZ|(Esz$03xD0`2aQP?&0 zfMy}$zXlK`U)&C(@iq_K>)1A+Q=EKPXI#OUI&XjKX1nJi%^hY(n_)~$sYe}6WaRa& zr2N+oK&83E=2Xf%L8t5imLq`jG9C?ZcbUGi`twP6gL5#Mv0UmJUr2!*_X%L{Va$U; zBfe2B@9W(4=;?EK2W7K%B_HhtQ73Pl>MjWyVN1j0h<(!Q%!B{u!5`&AxxZ?!#QM>< z2J2ge2y~v_I!3=K(s55aSm~|ZQ8Nm2kRHgm%MO2X3hBI=1lxcpV5q+haK}{#NCH_U z=t;qIxTzE|v!}~~Gss(MW2Y0oSH=TVhtw<2{85l4m!bm#6(5$weP0VHFf5py4Fod3 z;NDBJ>3u(iZEg4aHN2|r&lyBPyG#3PDF+)d{n5`@rP=-YALD#a^)~_PgDIo_u}ph$ zfBUEQq>{=W1w}ov#@0=n{`u^&avi@=?Ni{i372DLZ!}>i5O8cvRd~kI6%-`>_pzWS zU$BE+r)NesujXd}`E~bh+S3RC@m7rsenz%$7tS=j-UMm+>pNYssoR!)vx0~B8})krI<(FOPT z_DQHcRqr9v4qwj~tj!NssX8;EEZE6qf37z&`Cfy+XYgAN+xA;vX?lt?W5VBY(SXmP zi@;yQKL<{;D;FL!VIR+?w|o}HG9T~S+$T>89};!S0u+bhdvOLM9-~EC*@x$C&IVIV zlpSt&=pDRAukzoAawCSyJTO=8MK9Wz?4wv7w*aoof&ux~^xe-(jEc!|oj=(7z+USb zvIhVaXvp)PYsuBaLGhsEaT%r8^0dv7xF;{I*=vye1~-@wM@@bK#k>n^!75a$g=ZY) zZ{o0aQ{s<&`Cx5t1#6x*#m9|>c2 zVL7wj39bHVFhkMS@Y)y7BnClu@APT2%f^Y)-%;2@#=s&~BtdIBaR%FFOI9b7IS;+y z)05AFA@n$28lt)0t|<|@d3lzYG=#PGlNI?4#ErI7MeflMFvj@O9qIRTklr`)L~Ql? z>b^hZ6k68I$D2~ALc~(8-gNFz2HE)qd+V|b-{(J}IB1~=+#8AvFfDyPZaN8IxBdN>k{p=pcMj+d! zTQgyQ9ObWEq*nWIOu4hwDaJCmWvXK+^2E9PKKII-6oiGuzL+Bz)A)V&BA9-kg}>Sx zOPF(;RckO;_swa2k?NP|SNeNa0RMCLG+$TgW!USfhPE++f#k7F>95&!=@}@bIbv~A zcByYrvm9u-i+V=z(dD-BQ1}yqb8_798rL39ZOE}L~)TLI4sf+xU z2>gCbL#Raqr3Hvh1@#hdKik^L-L>W!d^TqnImw`Bcj(s^7Jfp*&!)i4m{|N!20R zMy{QV?$DT$wl`xR@la=CO}eruhYCgfcXLb{4C=Uj+$IbXriYrVb{N*itr>XX5% zd3EKv=4bONgy>++PSNyNtO1D5m{)KiT9lYhB7J_F$q$$CJWU7j37Zh&CXv_2(TbtR z&BJ&CxFZ2u%^_w~8>k{536=XDUvfr!=l%5O4ryWN{gpDyPR6;ta6Ge3At z)XS4O0V9h{0)!xXFheDrb2AN2dqTN9^4sS=5{C!T5@(1I9~krTp($YCP=R5Oej%61 zFTGV&=0V~4GfPBoCmVV`8KWv0J%4gY44trUK4U>)U%-`RbAOku5{!sf!H|ylXH4@r zAeeYJT{N%2slguwR&zlUrodr-Bay;}r?WvMXS~bqiKP>qKL8{#1t48~@jb?~wuDx=2vRYYRHfR}E9z@v+ z)7*1M?Wz+O5%xhp7^SrBDL6lW(2IcdHq=+;ck%#_(2`s+NmhBtzIuAxgEO@F@&DUg zWC|Fs@wfKm4A;O#ujo5IpIxKGLd(LOr8hj~w(rv4k7Lhb!u!%m=_s0k?O)me6n4xQJsmy}kQ5`P%d$_QUlj zAlmXqdRK1toZ<>4<_W6?8#XM`;pvqm^hOLXqeVzGpO3KR>T`(6L0{C>u3U5VtKGvz z%9Q4rWE{MZuH!d;?ksG+^Ne+x?_Kg7j)P+fpe2PV_~D#@_oxahe38R z3*-mVJkYFTKmt8zBD*WNAb^*^?8zx%H6Ew9Av7}Ib;}4gK0TF*$lu* z@~S7QTNkn-07F$QzV>qj2i|9NZNLfnqfA4yt=2ZMDj|rVN8D`%%Xj-xU?#BnGu%-| z{AA6o)%Rtut6-KmJ=GkGAo+c#m{;9rNC~~C5$e0R3b#F4EB79qo*;agcYV{|DACEC zX;53KwaXE&52gk{Y+zaWH{VlnEN1YO^vdNA?4d6!eY~RWbgAqtw8@WZ@(t1+NV3*% zWzPX$pM9)6D^TNvV|L@-32dcIYx1YY0CCok>30uU6Ic|_Jr#W2#aFOL(&O^@Gc&zc z&Xa%=FVu3G5?TRxi2{OOl<)5xPDp>2?q@RNbYHNX%Uch9C*K$<9uobO9Cgb^d0~L& zk#J9TN}Pl$C5iVzUP0eU7_HFkLJ=<~ItWSOe{q16JO&U?hG#D{3zDUMvYx=cg}ZJI zisE`P>EBPZ_V9LO!YlM~I>&FFY-a$&wG;k*KX=`e-razZKjARlG6*;}2ky%E9OS_E z8t4OFzG=C)tMazU&TyTm1^zfj0xZ!O_z_eB7FIsg8}h!16Jv2o2e$F)^HH(#<*q!* zadDIP2V{cE;}B+#pmn!l#9G87emj?feSPFdDD&eA;=~(8_%mt&fBxxrpMA5#hyDV7 zd9sp#V?(O56N90uq$N!fL-6kdPV< z=Y6zXi4U$9KnsT91Ns5|+**h>?PL1z1`Q+%@6U(f*E?}M1iyeqVtX`g8J9Sv*?SD} z9>DvEqAxz~!a@+PZ8J+I5of$Gypkq7NsJW4w*G-+s)<&2xqr-6E{TOP29@gre)u)_ zoADU}ys#-O={*hMJi?0726Oc71t50&*HE}x%KL^}r^_CE0{)(NI6N0KgwhsulLra2k>D~qeTJsIPT%iCA)$0-t`9T_D=p&$0PZxBT+1Y& zC2*>?UDi_?e^PLCm^)n+@O|GO$fJdl^EbQi z_vx{`N(hPJEK|vQkhC6k-uTW{Q<86Ij^p3W*hLt7UEW9jOSIQm>7%r|@Q`(oM|FTe z0AjV^z~$Yk9_$#cPb>iH@O3PKx4CXKGpkb>i^n+Wh5IW_Tp;k z7HjkRV9CjV0#N1cS=eFL=bZm6PBC8Y;IFfTrZ;NU-n8rM!dRkV$hX7uR4%ujRVI1k z&aUTg$#TAm1C{{(et&G|{to8=XG+?vqF#AKbjETl$pFyk`USU`0qbj^5G;T5@-cDN zcQ}3yr|MA6%GG_Y2es!*R|*9YWFe7exsJ)1EyV4Y!u#*~2%rY$kTZAF-ns%IwGygg-{>U$4d>;h95K9inF4NABz zzoe!E^^H1+>*YtnMdd6r01K&E-l#=e9N-AdcgG)G;w}diLYghkEZuFF=kw2JY0e?c zb2&g)wlK#NTvFDHpnzlg;4iC<9nt|CQ9giY1SGS^XS-|J!ckA#2MV-d=DAC@rZeO1Ds`XcW@QYZZvDG3X=V#MLKe;cYfPD2&aYU zidebn9~h9X_x{_AAhxf}> z)frJHCR36$)DI-$cm+ewxE~zTpsyK<;Nx{RzHdJi-rLa-F9KDfi@IN!ZkD4TKubKd zZPj=mL@lrkY;wL|0JIP0S@;e%DO^Z4io{d9QV+nJ*LmLppHHyk^fp^A4gnM@xa(St zZ*&@AKkDyup$xiW15w8Wul-JU@H9l#gtz=qGSaLWF6S?tc*ZBxG`Z&G9`-mx6S;MX zKu>!OS?}`t{oLfHDm^_&ksqo(eQQ$wmbwq&$I39&ZcjN9T^?~35^B}Y=1xn9S}hTK z)#E7+S;y_Mwx2(Yam|5efeE<#%5{W#Rg1D4O;Bc}L+_P^6ZhkbL*d}}fP2+kXx=5b zq}k^gjiodiR=JNQp^2!7SMykfUJQ=LS5^*6*@rj!;?{-Hljntv?Fys z>{m3z*p5xhEN`4PhhRD@!qu+sw_}llqpgJz^AriVGLcsB+*fOSG3Ix)RUpp4);?4G z_`Kf8vtDDyNlw3dg97byIU`DbUx5hXue2f9kc)uXlGn+z02>WqH8tgKh|p*Dkx$4{ z{Vg-X^2a?fTIoH&rMi>+UT^7&Br>9lsF-fuehJ!(h4`VD#{~b2xI{7T`_aPd2@1hk z z*P_hnwtu|Bw(H*-WE3{*_z}R1M{6b~^yMD=c;%kgfuoh+;C&djDo5qazNQJ?9o`!C z=rNr$8i&E*g`TNs->f)a+Wf8yAkEq-*n>B?@u}~WkUQDIAp9`pwN|tD=3qj@&l!Wf zfgJYm(aws(+80~tcy?pIn(E;0N{qshzd!8w?I}f%q0}Cn_FP}7GtD+EWVI}h@NwWy zoedQ6t+}zVy0C)lz`~3lygk2OW*>Ir5_AXd+6D=+rNAy6t2+7*uGE#h2NU1+zxlJw5foFOmV?X8(=(~A0fGhJMElBPy!6_L&fT99 z(%meHf_U18fI4O;tF|V)yTVW|{9KO@qwpTL{s2?r@EU(0A`(&zx7umQB~?$UMJPjC zcE*K89yuLo?Z9?XcXZEzg5kH%DHtyBZw+MVJ>}eK@VsaMS7Qh9g`r=B{Z5_2k^J{= zIW3(B+Q+x<6%fby0Yt`8NQ87pkVq80MRreYV#FPT*SZnS?8~OrpUJ--|opz?YST9Bj3jqEsbed#$or;03*kSv+xzrXA5SM z3XIYwNC9hRscu@Y<$b8N+`BVW2({jo^Plszq*oC9{(i?kxT?)70_v5!D0Z6obQfj6 zUj`ogY1E)XY>EuT%AtY-le3E&aMg{lUN+vxcND={2u_D*fC2oz=bn^%UYS2jT;>Af z?WIvn#QvVVBV5!~F>Pht>u(T1!5!H%FoWv-QM_^m!`U@My42anP-+*c9Nuue(IM2S znc{(fz6~k&y(t?^*^_DqRp8doKCzYTn}ZG1xmoojRg`}h62Gvb5*8qpdamj-q+hjY zUuV+y#kNj$!%)Jd+;_@nG13FLTx6}_nm?$os#QIKhkwcqfPyQAERpC_riA_}TK2?G zkJ_DMO#b&!p4aYpR`1y$m@oBZtM-?7i>Tjl zvHj1yKWEf5_amnKOVOq8vv6GUq5{jk4Ev~<(GG$-9!mFKPFzI zHVN8%BUfA?CsmYIaoa;b{fVloLWw;FYM9pM1H#JPwn~CXO-7$m28bXACHcXE$GQ+- zpvMqTijxqhU7M(5gUiD@htuVr*8naMd#J$I^>W0j%;P=`Gx2HUKhZ@RiUyhC&?OL6 z)A^y*3dBoixS1)-=$c>_Q?vtrMs@Qd(yMy^es2m~Geijz#E@8B#iWL<8Vn9#lM$LibS=z_Qz66W$u}k|ZH-BN z{?s?I7Mw@I_$YP3#D_>sXdVn?A~-JIF}tYe`y&1#Nh32+?i<{SydlJ#|9~@pGw3?6~D!alp{xO##uCINTz^IybGAFa=DNjvLyla{dZm{0#vR z9uim)Ap$iaWO@Jy;fE0wEaC*_#rt!8AC8PGdm;<#4s-`TYq51M1ko* zjj1Is+!ZCclOww1u|0FoBJ6CC-pa+^50~G7+VAUVIq6x-D_#CRXHH!(pQZ;}$W2y7 zS+j7K5)lw8eB=OXF!NDL=%8;m_4qErZGCQZJqA^lIQwtz#GI|pX=xFEybuW1R=HZ%a2So*m7Q1;C#>4q5I zzSIq&5#^_6-Q4zp@o~YvyDSeN&E(N~VeUfwtX)iDq|_EJ#5m;js>$?W{P}KuV7T!u zFP#sK^3Z<<#VJ*FRE@qR5WOgg)n7myy~v5THhc6NoOZJ^h1ooF4f8mye~GZcW`}xq zd}+C7>)!1*WM1Bhw7zQEjo&fd59e;&z+xK1y0hwG6Sa&-zE{C~cTaw3!Wt+4*=_MN z-ECl{dMb&hC%AE;{l2eE)m0xt>akkAKLWA$jqsWHg$J?u_OvhXxz?7+neh(Wg4rB`eIXCo3zgX&y+I`JDh7^aoc zuQV2En(OQ1Yq(8PfmHpOYIO|#jsCc4Kg$>3NpK%nuHTn$409+`%b=<)@-r#@DFt!^ z*fg$c`g%WL2XeAPxk7n5oFV=roLpjCSo#8cLR)n&OjbR6&lO^b4;HZ6itNAvb!I4Z zxB&P2YNuZwCmDR$gecYXoR#pAIS+}sR{>k~H;Kwi=!NLD$5dUYezBYlMs};hz9&*c zmwosph&}Bn-O7IVUD-)6_eY88vk$orQa{7qKYy;#Sq5r3>LHNF6&Pv|YYK12eVQHT zwSUNW&;y;A({v|-c57D|M6E)ArfXz%TZQls%1F8)!0oJO_;TKS-KAcPOo-G+scK0o z$)@$FW)I)I7-&5aIT*R#bS3l=)Q`TJxc?otQiq;-0bXh8KN32KuLX1&PK}-Yu&Fl_1PbXJ1buv&-e@ zrsb|3FWt#`%X(>FfCA}7RKv}W`lyA=>G6E2++!3O`Jj4V?rVKtBlL=`UENtst+I$h z6bAMvl)c*Hp1hqz{tBg%lLeQCXFMmVe1k3Bo~2uRM0p(ji&~ClXZ#kh(AYNsxj)UH zhm)n|s(!Son0!wt80s;$wh~U*O`ouJ4t0Ni)Z=SDX>D zS8aP=t`aqa{l;6zlaPJCjnWj^0WD|;8NX!ixy`XTJ~ZTclXv`d)%QH(vi#>jD!!O6 zOw`@Hec8_{Ru(qiio-ATB7%l+y$_V|h&_?d6#ITTX+5$Kp46&YGK$}=DJkl%J1?d` zRg6BAu$zTUC(zN`0mgbD>|JJ6Ps&+te&2mD9_YjTVj*%Toqg9o9iijvE0^2Q&I`%TmX>|Ad4)={6qkfLJz zwEOKgmfPFScm!o0zUCKjR72@2!Y443(GYD0`u1u3mMXrH58N>vG{W|hx-gK^ZSU?S z^hF+i6kuZg8ah%q7w2-HU(B4_^oNb#5y~;94DQQ0hZE;}aaN$Tuo1yAZo1slzrgAZ zk)CIy{nJAIT2h2Tp4#3I6a}}ECBO0Mz|yU9mwt|>f9H$QrkULgV~odY(~$U=j03Uo zU}IL_g56h$<<^DAlUaM&9X}ZWjfH94aRV%*e@`8@T1Q-8ra>E|5*=kmzH8&Hf)9u_ z+)-(=!YraAm3PSXdPSV;Gsas+2TYU{1svLmeb}+sUvQce4BWQ%@!(Wz3W`@v)-X7M z|JuF%nL&WD_g(Cp1Bal5hw(%ZG1?v{-oA`n*h_XysHDr6&ygD(zo5Sb;FpP$>EDOI z10q2ZZ)c$3gN<(KEHWyoBSfeb-LA|0Irf^IjGBEsbU)jSjyd_fC8=#u;L~p=1X_*9 zcJIgCY*YG5{NOgfnmd*TMV(ID<9>A(e`F1xx(~^=?{_7m%#LI5Ifx`mdx+bFlu5nz}rU`%K`Eq}D-3c-W)Ou+R+&_UP}hEz_dCB-pwTj0;aY z8VYA|sfuST8~4?@(|dH{Q)v0vAM94npr#sdk;XX+dG_CAEC|GLD$=xjkb6QseM`wW zzODRRL5lO4?ghS(EUubzut2*h_G&#;m44_N(f2^czLojL zeAqA6qPInAZtYV|E$8O6t!Dndq03nIYY(;mOC%aTEiWsWqy2Khj3i(=}a zru<2w?)|aIHPB^BndJK8ubz+rnV!E9=u#1^pWboj(r<8Ox4!J$U(y0c{u9u_*L_J7 zA0ynEd;^}M&p7x^>Q$+3Ho2Dq=oBeTq@5|jHQC~^$ooIMRlcU^4 z&`qR$$GculH9zG^HLP{MiEt6U-CHaMu?b8T`8Xx*UMuEVQnbAXP}qpV*8O5^5L>L* zrDr8IIX-w!vHhd_L=O#%D*UF1ypl@rm)nOcvZH6HM;f@J;og+sF88wzSRWQ|$&aT!%U0_cy|_$D3C~DQWdN(t58~x$N6Z0u+e$=}PJqXZFvT-u>C%r!QOVc|55C z^~2EU^VdVDNS`?8_3x)DLoo6njoCfK!OpF)9YPK^G9oZH^O%33R>Wm9`PC*Ag8096 z3Uy7u`@_^TZhLS%M=Kc_G1oNJa-iRrKYY#j!TZt^Fj}vR|51+I4L>u%3Dv(UF#Qi^ zH;)WDC!~3|rIg4m8KL9f$iKVQ^@4kVwXfaP*$>UpaQm=x-I5Dz~j=k=-YkN z3P(+rX+KhfxXo+L?%}zQ9(=sUs?XOogxGWXE>gE!e5xtVB-Oo^)Xv(c3( z-5oAI0$sks0`~`2)p(2QnXI~rv?+&GMWSb6nc=qc#N)YVQ7wBQtX_vL-mZ#s?)jzm zpN$C-e`7zxe3{{B)D4lfl!?3W!N$@OKW(ILMAXla)SDq6y;EbY=;mMp^g#n8POmJ3 zTyxdP;Y7wm^%uV=7~*Q*%5F=IVPC^*Uuexn>p~`A-0}NS9+&fb^cjY+2@lfT2Rv|Q zd_Y2f-suPumco5LcAw)5Kk`387N?3k%NJ0qdG`HWv38vyn`N&84OJ+Zg^sCq{3GD# zk0f#1K)-^~jz2Z3v{Em+Qtq?J2fU4I>(;}+-RI*9vh4RWMTcdVSd@yPPot|Q*dsp~ z1_l|=pP&iPCTeLT*#BuoB_w;oD1cj&J3b*oWNMIJhYtGlIhDcb7{Ze5^mRI^-Jb?> zCg^`v{0C>g$)!OQ^Ap!3eTtgRo~fgJ?76nV2QFcPG#pB(YzUKalF3luC$Q&eTqpLs zKLR=%@UX=;C9{Tln%*FIZ5kQ^3#+bdb+5|ewLa$Zkl)ebsL z;(NRQPAR=FIYe!#>&I^JGx&Y+9fFqahJ_}Bo18+b3>EDDC z*h(ub&$j9rTtue2e`ETX1Km()GjV-@*#LF5zL)(Jwuq`UWHuSN&@yj1=mQ*j|NIyo zk=Hz-DQRVfBj@NaPQbg8XiqY68k&QMq|rQI&HE(pt?!Qn-v+`v2@LAJ?3n(c-C(p6 zk_*RJ-WL2=#~COZ&i+O4A`Ocya<#Zmaxr ztD-Fs(Y9fN}k()lC8|L;xB zPjW5Zu(nj_m6P_|Ol*eU>Bi6?nwGzPyzB}^Cl08vC-ZXCA@;9;#DQ?^*LNtZ6!Y+@ zT^TCL&FO%?@^U(zAE_G#CX@Lyy`egItz3+5Y2e5`2ZswUf7pkI3(O<`=f{LnwWS~G z`ERA0HQo{$?0fj}x9u*WO_D4j_tQIZpEbh+r9D`7W(OCCBR%G^67r90-=EMwc>HFf zZznZ78G9Zx%$J_B)x{9t>TVVde5i<|7<9*j$q*Hsubg^;9^(&(UbhN7v8ESqmM}r$ zRHp;B*;mp#!7$~iv2jZm_`FMl|s1}}mqZ&bvUwy;TgoLq+4{!wdi(*jy%l$%uu6cYrx6g*E=JLO2~d}1Tln? z8+^78s5b*cGw(}L&js$FxC=!S4-`B<1U;KrnzuK!TJG0+Zp-%vOtNewM#uPgJss6e zwBPBYrBY!n)OTb6(pFIUv%VI+!T;F)425UFO1J_m z)-(xxyfQS$$%h12`LUUL-;U2p+W;vP&Nt-_wN)+M4TY>!2m!TJQ>I;8l51{)8ulZn73EIAUFW-;O$y}$hg^;1!>d7 z7c~qj-d;&4&wF)mSuv7(y;}lG&}peRaC3~w5lLz(EsI!(O3;7#uFp6m!kQlq&i3{5 zc)6+Yk+5z;O>%$OTf@8~wT7mnQ|@b~nHXzae6VR`P4xjzQsc0S|LOhe=YAS<4|$2$ z)XT~1*JelJ^Q=B6M@AFstKVlOJ;opFC^;#b8|!S|$d%MR&stNqG2r}|0EEzA%DF{PhvaBG&!>IC2NFpP_sn4q=%jtz6HoK1_d)5x?tY*ZodHlO+GQc& zvs|!7N7V-aDqBK3odzxxyYq6ju7w))%#y}g)*0(Nt&TFAd<2)gciy8^4zQl%xRo6r zrUta43u~s+6$f9F9>2xa;cJqjX212#?I+KK0Jaf?M}HdsHs%&yI>RaHpTVNm2zS!( zyi)EiDUE+;xG=I(;jGO&`!;vSx){RF`i4-!I1-Po^y6u8eKTVIOd#=0!U`cN(C5QImm;Gq$TuK|(! z9?cjgTX4zL4;%Ku1JuirwbE>B_?N}>us@mD=(i<|b8~*>PzvlU_TmaVM&{?_*XpS4 zb6dV9$aua@ncayi`|!(d*-&*<97eSFOl29_db$&ywe?#cC{PQG$Yk1QM%vI7O%ss( z(H`v!lBnnpsTw#klUnc@FoZ=!fWw^)j-#Egs8p{MrCgy8GzV7T|^SB*&__rwr?7)B?jaE4x4D_hMQWO`Kjb zpvv`9tt0Pe?j*u6@!Wk8u-G%0|h;o@@54<$%7vnm8` z{3G}SKl`Az@Q(}J*h;UV&M~hr7?jsCu zkcfs7oAX7OPW)n;Bi!Kf>Mv3qu0qk{hz)T;YQoohHNL=@So~Lh+FODiuIknPqx`Ve}@HzkSDrRFQw9XHE!O1 z+VJ%FX3kLjL@1vw>)B1?9Dv3RI$+jSI>WhkvpcZAec)b==NQAb3DcO*bW;bG=~kuS zwBZ8_L6AeriI4PhA2tRydgnW+J$FBtS*n zY*_M!;~&lALtdM+$&BNY3&oZ8JM5JOBD5!AJRqw^Uo-fPpWih>ZoJKlF({+{krE`<`~?9HB-lG(p)i66m|u6urmn zY5HGdYg(VL7E3HD^o^^FTwZedtcF+J3fiVLYVUc>UxlO`prTYF0L51K6}f%uH+LpG z!9*}aEYp!;OMz!ZG8wXs$!ti@CWboeaHxePbt@&j{PCtC4mWR z(6rT(Jx&$Q^E+MM=?ZWAn<4#dcS1D)u84Ce#M*_a|g=Exzh}6zEY(m7)_fd zA2xBX>z!-gMOpOv0x9VlltJ82Dz_p5g2K{)5NP9H2NZQ#D}`r)ZLH&N8w zwkl7zPLCXgaelMUf~7|0UTJ9tBwi+1EE#6-C)We*Fa1XU^&A>8i3^STb+kjQC=~ zQbIbXABYt8C>EZ9>Qv#v%Nigtl;4tHI0CdTs4b#KZYZ(#(?qYvYx@35q{bYX+s%FL zlQ4c)ee9LpOEHS`bd|S)BkR5|{|H9$#sVvWpOie5qUN4{PK6pteY0P?cG;yzcj$KKf z{V#gRn(}n@>pl~!gVU+|J$vm=niGd^^l6}*`;7=2h$k4r=lRJ8rgm4b@4Mc8VEhhW zFA#%wR0dl)ELeCEUpx_>0(>sw7(-+k+kb%HTub$Fuq?=j1%xwG@^pJVAJqE@Fe4{? zq0YF!JVE(A=f+AQGUCSl7CDP1i&&305_gi04Dr;hln8nH+;PwN`Gk3$hk7DjMJ9wM zW}?~GK={eF-wpMtH7-3KKp+Ag{|leql;~jAi~E>le#~eL340{I@8V0 zT^wdAA5?y?vg4b$ zj~)#XIIHkQZMV<6Y`~X&iN?!pLMidlUrQa80_ZWPI&grgwHg7R@(E!P-oiCteh)dn z7l$cJSZf=-dK?(}_bpskuO9U`!-Mt)z;)ion|;zOJjM*?c>b)MM|u02`D+$Y{YdKY z>JWZ-pV0oHm-$F3TTnxt{TBIMZ zJo~sx`u;Uqk8Jz?o@o{nxyN#MGPCy~(e1rMnFqHpxgx!jBFrJo>8B|dC&xERMn0u8 z9(9lndd6x^()ye|4+v3+odh?L!<^k>NaT>0pN@~#d+`S5mVU7Hl z$HYVi`B8l<%?pJ|Gh|BK<)coDPddgXYMXx)z#N17g^F<+o5u`InFX|BqlHZk8-&BZ zwCYgheI$!nZCy+i%<{2kuT4tQ%zjLTe$u~QFR0t28bM8vFYhm_9Di6jNsaqWkoo#z z=+V#*T)mygNTibP-2;Jx4Y$p)o(eEXK!EHwT;X9}rQA1y)POYS1`oNM!jYViO{cyR zQE|8m*$)W_CY{S5h+FUp0v9t6Kx7La-@{^yh(z=6974J%-Oe~0(h-40S^4OB6-N{FxyIZz@MeHzcg%_W~JHB%iiM!>{d32e<59=h+gVj%c%E;ZO zXDV@&GEV9r!id;UcREOLx*uvb&~N#2nhH8cVEJ*snR7w;diU#uHFJbn6OG=_+{=na zT0j?&q*(8>VeF6E6C!C44SmlWiqwAml6{U9*Kb04AM~9t{!4fIa>G+hzg**FLoluo zgFqG|5gRpBRd)qF3q|xbxfvTuER-Lq{XEM|O8iFF-PdD_ct9Q${-J#yuGTHjJnh>q zQ)U&ZuJ_9?=34XkQ{moizi-M3?-pLQc}C+vimOyl0kr#IEdc?E=g502DdXmdiUy=a zW9X(`*Uz7ycj9JMMpKhZf1W9o`4r8VyJJ9g_v`TVnwwMH$o!7MfDeJMK0n^-3?Zz( zvBQGrVpE`ngqb7mKz6k0UAzhhf{FIoEDar1?6lvGMFT!J%H3pGG%6>L=th|9T_u%3 zo!$@9%YJur*7eYk`%CvW``9&tryzd!O%v&RPs{xiOkRh5PsSenv0Vn!PuBgIXUQg; zJpzw3Jj7j=pMXJa4R$3FA6~am1Zo(O8%h|;=uC+u>Br_g=tOYY*Vs@LsEcG5$f-kK zeKbXrE8>ZyOErS_vuzKs#*nk5p|QwT=Ns&H=ek@NcAK;@zsY-g zqJ4HKWb8wh?8}>z1GpX}3d`e}L$w(h@8Ojz_eB3v`$Fvyyr1PWz2+CXVY)n+8ge7} z<4=C@_6)kHc~tMe=&*6i-mjWN+6iLLK|u*^<2ilWCga~SWqJ=}6n2tV+)vy)5nuYD zz9RQ2yeysm z0Wb|l`3S%D!4Z~m=c*>`90$K)b%mbasTcvvGy6V;YxDS9DPZN}%6xM6lJDqz9+%`R zL=|Gvbsbj<|NO`uvENjS9_anTk|VwB;{>}X^O8I%z*E%-WyI&i?Snhe)8He?yZTU) zPu#(|5=YZKazArr-2}+9?zYm=od_29+3QD6sS_Ba+Tzj2(`S{>;9q_Awe{@mH+Hie z5E|D3)x~m0Ar;dmZAd%Qxj}i#J8d;9PWkz4_;k&Vv2oq|o=5vmh*!Bhvo{`jWBX?~ z=*nZq%a3Y4g(_$l)Rr~ChmbknKS!^$OLKID&|hvzDja$7`3onXWWW(n_nQSK+r{2a z^Y2p46R4z{_g5k(ozJetc*G-eI%C95c?US-xPFC?=v(u-n`h)~j;GndCz5Pb(#U4J z+f0`s@SvLFgi4PzEdQw{`K$nc=l$nDz{TSZ=mmbX?Us`0|JzU?4ETLrm(Vn%K4_~t z-dA7CwTb;^-eapIQGzd34r(BN2fc&(t`rhD)HBZ@SA;mvswM?7E3ElkmV`PLa!;!|+ zt+f!GEqM20p)vMJ>_;Esb)aXFBQN@s`NIAC@<1SrN+`tk^LiS83PmO6H5dKL{K-}uk(>{>hFy#Cqw+x|j6PhCjCT7oeY`)Ju zd^h`?dZvrV*q1#X4*;4uu%nKWV>8tH^M=zBtU`yLxFUQU@h zux50Vl#VHnI!9%XidUMOwim0hILS#l;$7`^?5J$CIr_>U=3F=!dxpx93PorJ%lGx2ro>gK&-KzN98Wa@w+`-!fT0^ zJrq^Yw&4vb?*s-e(cr-Xq|@acNDWBM>D#)`->a1)>j*Ns1UYs4{SPrG0mE3&7Uwr} z--q1?xxg%xbPl#dQvmmrZ1lgLBKL519@>I44s$m5;(H&D{FtlfAY;hCc;a$-ORwj_ z=#GE>MLauwIur71wzw(bSNczZo_v~v`T8~9>oJt>MY`?f1n5QD(Ct%7?ib{jxHnJV zFg1gXk-Tv#HFLOQr-VV4c$P8Q&ljd637ZVE(6^v?ACq&3%z{e=UkL)32W^eF5YHtK zY$IY z>9h5q0o<0OkucEkbB`OlpUX$N*q69qEQ`Zef$-@U{+8*8M-psml`9TgVwEZ`Ko&DAH%K(Pt6g6dCb*DH0fbWJ}@=}H-3PP5E@5{KUJfnN7x;h5h+)o1eyWyK_;!pq^L>*v$z;4la`Dx{7lJl=)L zVi}uTz#36HdN1O;J%dLL`idu4F%aaJOHk-0bbu2pyNwxUSk36~3<+l^<%#z$JIldb63LWPJ9MXCt&4On z9aXAH_=Fj~{Wd~8D~80?`YgA<9n;JAXwS%W%=_jfrINCaoIEv)bHpa64zh((|h2WO&h&3)oLD4HX8OwRmiZ*_DM6=dJ+ zd-umcNCt?MOo_;E-Bx_}i~ef8?9J6rk9i-dfiOX@swna3$~rk;7qQmE(Bc-LiU`uf zimwnDbb7jd`n)A#&E>y_^(><|uyuF8h%eQ~nPmH`mHb%pm??}CsaD9*#rL8i1@@3} z?-TPpds#ogTK1Vu?YqQ#di!kf7p2OJOT6UYW;`E7mtzUXJfEQaFwa*Kz&X4t8vl(- zUu%bVeS0ZQWjqh>^QCpi+v$_6^pj<@8i;I-eDj>uf2#Oybv)&YIYAS-KHSlFG$z>? z)@LI|kBDFl7Y6zLVtB3_`$c>ozno~b3`uT2*fZI*jtW7Wrgl&oO7{J7KH2*KfnNwT z5FGadJ6(~NA`;YczV+}Ikv6k>LD2-9i`^$-S?S@5`ug6{4ir|K{#ngXd~n0>DOCKj z7ztb!Ct#|ljP&6=#!@tL<-eg%f6pbB6W>Otmq%2nrXj4KJ?;s8VoAHuI%WyUSK|l5 zS1-rgyGN^%M*vs29<#$c5&|aNXJtlxtVI?zJb4lQV?dLhqYco`8$zl5PUdD$s>JIX zzr=cch(+#J{L*uY2*534lX*n7KJn#DEK${2k8Rqo4n(6#v*L^|CN)JZx8S%>qa%hu zC?_7)C(BW;@b!L_%;iN~`OLAp?`u*Jo0@)9A7Co@s;&a)v->zfNC=u2fo#%(Ykda3s zyaDu6T)5q-8gnDhW*G?=tx!kpzS?7kw>&{dcGwT^jYH;!#93_Umx(gRta z4!gNc#;(W7Kd!Q@BN(gRmbngBb$LDh3LF%t`uq1>3^U&Ao%CO<5sHb~sN?pycVl1Q zZkF8{%OVMKPy?Fgpg-Ez_HuQB@W*!}CL9|ec{LBYWH(D4m0=%hEEwdL^g1GSjM$Lk zNM99&io3sE%%Bz2G00{C@PwfF95~>#(&!DA6`GD9#h*JX#Z&JS6s^)7T6bK&1ZVF` zQE$xAeDFg3W7&5Mi`D5l1P~5;+#2)~JtBD|dm)PxckQ8{i`sDSnp?+*u zO3S8*gu>t(y&Z@;9+*d=YaKd3qXk=af7JSVXGOlSh+L;0JhCQ=cSz0jMTIfw{Ws8J zM|gdmsM5Ah^gMrSr@xQ9;Fwg-al)DxHKanDh-*j!LUup0&bS0LBVTZ2q~#zUzbqnO zWLy?B0}tt%y1H(lBk@eBslk>-w%macObSngpXSr?h4ZH~@E!gyuJ+t8pEzZQfdwQr z8$aF^+p}1Q%$}cJZA9AZPRO__QguwdvX=V<(PK$*Gh^Sev%m!wT)4adb-4jfJBDrt z`znW8t)J~;-Fq=M+Dn4Py7=Ww3;A*v;>=c+<2_KzAe&&N z($luz(2H}eO|8jh#Iv*E0Rk)T0Q}Ql9i!-tl6^_?`#H=r?ZDyD-a<;)l)LzlqHrzR z^!uG=rdf?@;N4K`{K?Gt&YP9xq}sdrOOpypZ+q^o?e7IarQg*N&MY;&H|V8Jf@nF# zKJP(GGaeK!UybcTTNVpa*mE|KIz5t{ zy#h!_;Qcp^wys!#J#-(vM=)m z=K~ExwAeS<$(@t-8ZY$q`)n3J0}Qz)F9o?5$DdBxD=SI(;cxtbGxo5CEp^rrbk3fR51Uc* z{qBGCZ0%Z_XE<5)94gKMq(NZ}btCE)=T6T@pFWD$1pfS>16vP~yT*Qk!Jb}rf64o7eu4|A>OvZQ$o+HM-xxT5wr4Qd z@Dx%W;PRHFNP3z5TCArFgbZ^SkU!?aItyoLc;D!HiG`@+BBbpRlNWFv)A`Yy8>o;(=sgm_;V9QWVue&Kz$lJm`Td2hFc91Hf2 z*PP7ZtU_o8XX_jLz0f+mXX^c8+tX#0w_ia4UUY5A!#KJ?yW#g!`XcsTbL#6~)k6d7 zXUGr9fCRYvj|z#Fhj2d^

Ha6wsThHqBwo>yp3djf`{R;RQeuJcK?ihRRZ#CqsEO_)u`L68 zC39e5Kgs#w$spj0Ba;0sHCBP`YVx6+VcEzk9olT%nB|>7i+a?n1+=OQ52*gNyn6}e zM)Q^oKr8&>!s|Kz$_IXJ{2w;!WfD2Q2hIGTH$T!OV{Qzb;7UAfT+b;(p&X(sMpa~?RJv8FcMpOTqd18ugg>Upgm#v&HIEUwXsq1Uj{(0(Bku$noh|2(Ef1g#TvN?eR5Bzqg-|GP6yD4@R z9QRz=%Ha71cp-qMm%G34=*r)DtMc=6J3Fzg!8uvpS>PpmpvXxBHvhm2*?N(>mp&6l zAUd!Yimx{u%K+xk06>ge0Ec?*uC>jz8BuZZkGhC-=|jR7+Q%A1d|wxzntvFrOZq2v zD|BMOBPCvOh&yij@?LVdFh~IrSan-?UsF@-{z`XQ)_=jpI%H#Ud7;hVPW1yz*95U& zz`aC^jpGM!O!tScX#gIo9aDM8>XSC-U}qLv_;;zW9*glW&*p) zsNc=RMw`T2Cy-+;QfELo;6o-Z?Z(ZU4&p~!`J%Y;Cg<_oC0)I@SDG>6@P8bCoCjv# zH0dPGMPQeZm*JH+08*G^LvGa&qyYqibb#^xva;2-oagVd8x5!n>A)kCU>KuW46#-P zFwU?%AqDUB8`!OhjFj8UaODZp9J8uA>9X7|dx=2cEr^ScKPk}P;KX%kBFZ!c9yQQD z{iOb?yzC$FXW)%L)K$cJxI`d47XZA*pSLh4ch@%0uT2*lY`A`i;Ku6eo-s{7^0hbW zn$NVJTJU;dwp#@N87a}+L$PE1*JpnLm$A{={p*VzcK8b6pcgDVb5zNP-skk{C2)E; zd0*Z}z%3sK@}T51!!!|s`9e7?0pO|GE{&7kWKh;LrJejl`-AP(Q&QVs3_yL zX1GUJ`mb9`csiYTA~-nMrTfjcDz1L2J#QEXpba2FO=aQYRKRTS zccnC@aH=k+4m|J)e+`8t2~QT&ei+$Lqg5upcRV+*D6uOG9td8{%#>J|Y}YxvgI|Q< zVz78kymMF;TD1k}5&#pPBzR)&&Y;S(n-bBpM7r^)`jLd5hF;G~)h(P`D(_JPeZ1n>4j8=Oyxee)dbDhdWtOq4g5hkVB$UcGVq z_7$(8k69d3XV1TZ8N(k-1DqIR&-xUjWrg|_U&%^skK`%#cO-MGo1aHufcsF3TGa2ZD447Z6I@lYd5!CG;f^Aak={+=*-Y37nLs*adx-d(r2NyxGji zoe@1f%I&YqFYfSh={;cT;8_2~bRw3^^VHwF#NWSZGRn|ssBiS&>a(zfeq*hf$4k}S zSb=l|V#!x7er0vSoV>FNYJ}Ltd%lBuj1@DBI9&0m( zrvF90-lzW`nF6J1t$tHy3Ix1&?Q?D5y`b>)5EMXPOSI0c4N9Nr+P(9<>LYgreznZR z2p@{xt%Z;K{t`{^1w$j}34m11U+Ah2340#hu@3!qUWIoJ+7Vb6c+X8W9nMg4-D$un zqJQ-j-`T{1nGZE@C2#O^`CFxr;T21tJ= zSXwW4Qo@zU4r_n2xW=Q3Wt%H}RxpoCt5jm5eMBp>a4OJ(w?&>!xApK|b4Ga3Jb!FL zG0>wVdGzcLKJnwf2vSjh*I9rixBKl8bG_A_E5SQ!IN2}@bGy%_eaTx}d9S9lJL{`u z%{=GDl-}^#H`ak(i(-U>6U?zktM(c52``tM1ul$x!bpZq9F@0KS#~laR(@HG=&RKe z5x(MUKlu6*0uOt_&2>!|XyBtS*#NOLTwTDh+zZ`-UcF&JDBr6#%pCTp^;6}! zjnRw3trSWer$n5fb5kW>rIb<**6t;VXWI7Gm7deDTckIIN+{LsrzJ~xg)fNxy`R}j z6Y0qukeXMS7vxdW2O;#q_P$V~Gyop>c2wP8lt~#`PAU*pI?24QRu|qIAT!n7e}jjg z?Yto*Td-&U`Kb8|OY9dzFsF@V+v1M!a&-QP_@q^xv0M6F^_Qoc-;0DQQ0i>^hH_H) z1{a5kHL+PSv(X{ns_ku>^GL@GI83{EcR7py5pK5lS8+$`7%3%nZ84V9!2Y-&R=h9- z+X-f5dFekh8gOzDAsv}N^$XvswtsnSbjMC)UKpl)TIgc)(sw`8nTMT(Kd9|^ zGm8~#-Q8+@p?Ke0D%SU*(11#QVXT*I!#s zDDDbM{DLe??p2oYaW!UP7)SqTLaxv_b{j1)J)5u3GA4fl<@egF{PW7crx*TT)6+nS z>t5fL&wNr{aghWhP{c} zOk=VB)pW;M=hDv*Bj~Faa545Z5u!caC+H|!%(V7l`4{Udxx6aLx1yl-qOZrjXDIEz!nEiwy?8jc72ss`u3`o+h_2&09C?A`$eZ>pC0HME(%=^l8bP{`m}>$*fAew6o)*TdV8rS5hQkVUvGY*ns{n z-tkwXTLAW!kJj)-bj7AbUTz2&c#!AGbgc7INtd2|#!}CV&L6XNSj_A+wZ^0Q@EdJY zHd|-;<%`3|Qy+iWvqxXC<9?BR>t@9DwBk66*Mdd4_ag-idZX^Qf6H_04|eY_ zW!~_&@%gAS?R1>V9{TbxmzBRYm#^L>o1!@(26-o3G94WXWfnYV zVR7&6fEKwV`JA>ko9gDW<8%J87d$6r$b&-5i%n(R2aaABk3M{1G{zBe&~lFq>;FaB zTZcu#y=$X_qS7b`B8?(lqI9=_q;yFOBHcrG!$`Lxjevl3gLFwqNHf$BLo+mIjr)D~ z_nou%?~n6`7ngcDu376@Pu$P_+$-ckYzn%r?463O8gXx@<1veDi#+O$Q{g*Zy8&5) zcOjw#4x3e?HdW`ob9n~X!nKdQt39W#ZbNmy(i{}M@?~Xt`0hnrV8{LW7Sd}zZBbtl ztEox?iU+}9bRx%WwG~gmN>YZVRP~wv?bTVQGL9b(IPKfRY3jo485!uPgwZvzNN-&g zbty)Jh2ExsLzhU-oql*9Wuz~^y`Vx3S$0K|2K@Xf>4+9T@5bskHKiqZxz}OvbhNUf z5_?E&J!f@w9oDt4#<5WLeA~!q51%jN&%5&FBCfQbq$2K`S?T;H=UlM26(9%v(Y^4yS@<(ne33^egPu`@0RH-o?=e}{twUp z7BVdAbwjzRk(OLsNWlw3vNEdBtIObK+QA=2?mc+`*V{-4~jMfrm3yjI6Gn?jf{D2pU?Yh^@w1qtgV@->#^3 zkwb<&Cb+KhWGBjIz^~~K)OaQYuDwDZ`R4I?tj0zpGsH6Op}pCRa^tUt)G_4QauA5n zsm{d%As{81jw(Cq+Rko!bO`8&LEQ%KgfuD%4=5k_wYJ^@OfXow;}aVC`X>l24+2Z~ zd<K zG)aJpL+8n&OHjx4kOqF!F8eiQ%rU*%{w19~?f5Xd{I=30?Hr^@eN95L93eB|KGcpa2T7B5l{nq*yU9po|c-w zc^eg>CN4z35bQcZ+4<=!yhre9&Rq28S(ZSv=U+>G@H|3t-krw!z1OOVW^Q=ye0Kl8 zPgU`;a zjwlT1c$UXFm@1w>ehc75Q@d!!|cnL6K zU?&aF6*75Tp$Q(t(*GJ_)r@1PpYd?P&+dlYm?Zaa1 zGo+*5sb`UJwwLq12QbdTJUP}ISvNP{BF(bWlWl%AK()0ySb2>SFu-A)Z}Abank>XEJTmccj6Vm-Xg@ye>`(Szwp@Z#f&@+mVnc z3ELu`#EpOO{?{9BD{P^_sQ=*&>ytw~T^>$4-S7U6H{`RQacz57SSvNKB_^GzobSPA z{z&K*Tqg%oR@3KMEBDgW%xq~w*S3>uSTF$0#tUG$0@keC3RGsOHgWkBu>3>;ty8YV z0x?_XwpCKI2hggejgha9xvd`yU+zi#u%14Mg!o+S@StQEPJ!-3cnOb)2o>O)-1WXX z);#9lss|Oj{7!%Xn;W8TUAa(|4po@4l{G763D@pa&y1f6st>R|neFUUA5LpHr$6?f z|8HaG|4+uQ>Fx1w(&c`46-5RKJS}={dAhFmKF(m*1fez^_p~4z5tmI-$qZdty#a8! zW0nbL3}x>>a~QOE3!z9$fNenxsD@HNQ6fDRMWTaT}Bq!*jByfXMeL7PBvgBU%6NIt>;#1{3WFhsU~dc$)PguKi@-`4y*PzjVbr+ z1xt4y`)vtGy`STEcII!^k2Ba5QnM)y-{4pmHNdyuye`KZ-4DmxTftvNJz~~a z459LF1yh9X!Lk-TyiJ=kHMTN`YlAAq8mt59e3g<){6afrjR)Zm*L16`+kk+=UBJoy z<$e+XGrPKd7pE0y4E$~ZP)SkaE))taDg&E>kCLx&-kK=nxB#TlcZ;ol7$#;576Zv> z!BfcXX+kiTrh!cyO*>~^xdhm@ZJ^t=H?F2sNZ>YKi`Xx!QKY;CEU^ zM%1wI1rAV2kpT2udw6crGIGJE8^yW>(Ejq-dX`L?LDO5vx0n{kwm=b}HPV{lI*=$*<_HI`%2SJqSC(UgSGOzS9lDB}^j$`%K|#-$>rtc9_ST)g&+}fi;gW< zRg(r0faP@yu<^n+Z-2c#wR;!$34_tikihOD;4Nuj-(T>#X)4+RXRRWhx`c=kI(gg` zLsdphQtLKS=V>L(z{1w^jij8MoK_EV1v|I1zX+NL z%rupHfO{ZPI4SVo_h8}+3Lf}h?g8SejdRx1;F%4=^H0Z0QN^_#9_1D1gM|eHT+Zd! zu8%Yd^V9EqJMdm)8d0W%8jx=SFb~C7H6w-tjTL3eQ_!5t2B2tB7-Y9eGi>^kBtOZW zOt)oBx@|^pI9}fMRYqeS{OnV5&u4$!oY%Lrkul2?huL;p?$9YO zS}OX{185dLm_>$b1bq{1!1`#b%}j8VBXTK$Za$}?FIn$4TJ^D4p9kc_t?J+$Ko7&% zBaw9Cjh_NLYf}eN{?S2VXPn|LXHy$altrQwaqw@omjG;@M#R!c#J?BbZ9IHi%iA(_ zu#2at2T-Z@G+^q0Zg@G!Bv2`s%HAI$#TpH)!dEM2T1DgE1WtD^m=eiUojqk zY^`uySDdx)rYI5$K975f(V+6!MJaFjHT#S}NO5LOMHQRt857XXdL(ejpLIh!%Isp3 z^9o35-R>mV5Wc=|BO)SqwH-R#kuU!uHr_}=v01pZhd|`$!z2G@R*CX!J8tO#xz==n z57f`~PI9)!;ss{KMAs$$Q0xfk<`+v!xPwYX2tKPe=rw-ism4L_2!8aI%jwE`2{B9G zVh@w1>x&XEKLgM^G4p60d%DqT7o`)zKL4?q+vTfCy#Ub0ZIXlzc|?63#erS`Q(@k{ z@Iubzi=PdP+<4Nh&?_W=7T*AK(Z-LkhQGT6wEi}?G|R7f1}pOqX?A)Q8{}Trs^*YE>fl#q4BSW!F837s zA7q4;KrbLuJ*P~sPSrhtqI0uySh!fcHsUZxE#9%Eibl3hBx56~E8w^P(S)zS}d255&XEXSS$d75TrJ4ZiXqb;I? z2x3;%i|OLGh1u=Xbs`J*tPzXf4pYKM&Ocdvynw(zBqDQ1liM~Jw65awOWuLHWu zIz~czM8=~%pFVLVYTPqaQdHCsLGTB)*R16mcJa6o)Bw)^rGlz)q-Z^g7@DYct;hs@No3GmQ-1 zNAqY;5gn2x?+yxwb;lI1I2<)|F_I&*)LtGwF*nRFSZ{WUF4J#t*}Qc0IN_@y5+^5# zD3x6oiZp)L@GUOlu_=2Ptnb=JHE}&^7;`;3>>gu$N^9AHsA#0^1TH>!R(v#IjgkT908cQy@$;%D|O*0O$OIgWRV zft~7W+e%H)(KgXq-u~}1g!@;q`ed)mtS8-pa%y%H%IS(ins(n)(`}muE+| zw%p2SMk#Kjm&A6@gn)DiiaD9Y&{Zds9<=`D?`Y{28`EeM`xQ~Q!ln5$d#=rOVLL=Q z+fbY$r@Yd|!D|2S)$My1Ly_x5eY2GxpILEj0+JRolj|}wXh-#OZ-dK&GbJ?oVnmw_ zj9$=9Fpe`8xIZI9W{wdKwR=oS1JfU0VAd@CR?$$YkioBR7QJqaCUh|1I~;^VjKw+8 z%eQzlOa8cb1j%H+5%;Vk=G9J8C~pq1XhHGk z+QhjbY}*CD`vVtiF);AXE2{LTY~l$T@5z1_sjFf0v%ukSrV9UR$(dy?6`e0{?Bp?g zJXLZ8qFY{Sn0w9ri$fXyhZ@Oos|E?1w;8D|`(Q?{*w_wdnXOmm6& zuNJfW8WaQVJ7ci@b+0NFDR2Y~s~$WLzV}`DmA^1F`|Ft)j2Y*#!4^1t@hj|0I*oSiIn8ducb~tBuemsT|@m z_Kmo+%4kl4YeqpvBHh!RlYP<1d2@@Tp!T#~*_oKFm4kHY^6XGPLkW;M&^s8UKS`bh zMJNf*$Id)^T-e@@!90Y2Ggtjlmu?Soycv`!1j(cstt04aF4uFJHrpif`y>eW6t2ZE z?F@g!yg7ZKzpxs;|a0wMY@Fa=3Y}o1Z$+?64!^wFl=K_7gCxw3>MpY_2D~XBSFdP;L;HNS;R=juJe+6?kuJ z_jNwWbv1Uoy~^0TZ-TKwy7?5{3;5#?plq2=`jt*I#~SV;zaHV*+%|6ur;y^8swKth zEy zZqjQ$xijmc#67x62^x?tI` z{ro-$hKr_!p9&;1`=fs{PQlir%g}naqG1=wV3fr$%9xq*!EZS|>=C0*N{Bx_wVj{k zaHfzPj#_-B647#`!57{SdY7F2sd4Qa-}WTqBKZmyPe&$R@fTGeE6qWVa zZF=!SGh~S4)s$r-QXC9!`6X`;55p(|&v2>WMH1Huh^1HF#^(^|a`3!Q_;U{}+%g+W zWYSUnw3LK)_v%J@-qcrKC!+0D_xX*bJo;496L%|7dw0t4lZG52IMD>rQuvJJ}HC zt3Hq4_w>nZpkk5p12hlGvsFX-pG`S=a15vCy~&mO>)B%6(G(dVP)^!&e$5dt1(cHYm_5seY5`TUsv3GV@ODx`g1R??#@ z<`rcyEgYJUkz>3M{30+xj^BU< zS;s%L+tYeI-yKR4-06rH+0KB;Mr=ppM{`DmjHKkiI{USSsC~Q=$r>i>8vJRi^lxs3 z;76#&-31Wq?}CXRN#|f!>9Y~V4f}R6T7nKnkyx%iJ4r9^oL~4E?0=H84iqVc6NF6x%G0Hy;!^$(wE`DyJ4Dh` zyjv^HCxFUc$jKjW+{|q|FGv@P8^d)YZLh%2g~5jWC_w4gGa2<2Bjx_52y`6B{QTzk zAX<^IZM3a_SOu*6bo?%P!@$xT~WPyp?i$>CU za}WJGdR^BvvDdU2{we-Y^dzsm?j)l>EVD=jG)T1&+%xK8!aXpR=0#K-TKHiO*+ns! z{!j-KHxgAQp&!DXf+M;7GM4<-wr0)Sp5C}o#7LOZN(2X2a>xrc?R8x{0~ov@4rb!d za}wt);IWai7;3VI#FbJF^k z3mTS!l@$khq?z&FWXSik5$Vu4JJ&f&=+@j{&an38RU|kys@E}{v<`xV z3?Yt6#q=Ox`n=O6g!E6{LQ1Axci@L;60Wny7AY!QUPYQ38cq+OB@SvN*9=>45icSjD?vSu<-$QnBkv_rRNx{ZB@^`fN)t-!c z=H!`iQ8gV>TgzMZt2NfaV7T3SZ(9W8P1iPt&eDPDG7eZgQ!I zqk?c0{84KU8{bJMd|vi-3J)J&6Z?){Ek{>J&?7|udN$gHG|iCIV`9qTt{jKikRh&Z zQr1=stO-jZX}rfWtMI9Ue;SGXdMKJ&MlRE2T|A00^TP;VeeDD6cc-4^5x1bTz4|e% z?*KWEb9A#z?IJR*C0QTpq?xKww^{Kwe`X*ds;kojAV3m!7NZUK)?t?rTyP?a^jDN) zZw6YI*9Hn6^RMAm@*d%55Kj>;0rON=yUruxXv61jI_O}uch4J3Q~EaVSfa^XV+iRQ zpK!H4G)S*bWR5ovYT%t2H`IxC@GhIzVP%0~wyrFT4=u9YWZLZ`80HQ)TN}^b#zLw)yD`p@45O)8%kXlVoZH>@DwT51U^Q%~Cmk;^pQj$Kk9^x*>4o)6%aGh>bn}OcpwQ-#nB_l z+eqj^0sZsvY-RHvW%p_Hm-UPBW&3N{bk|lg_8{QzGV> zYn0mIAK7ryOBVFv7roUHhO2c0*Y;zHQNciz?ky4&rw**x) zk*UL7wU^wPy@(uwnD76B3<+%x%n#?d;VfBHUjSNsUG}-S^S{oR@auo5CA{~Mgl=#o zVdt#I+dPt{oTEv`>zmq2Kbxe+O%K4?c$2Tb)`6An2T@5e4O>pT5M=zs=vHT#1Tlg8 zWyf;=WF&mY`6I#qw>DH5$TvK4ksE%A^y5eD=h|7cGkXj&cAa?uY0>yL`(3t+?h7EA zf<>DDh-T|wE&xrLZn<&LA4fT~!C2jJh__K*Qge>?Senw(LeA?re=q8}Paj$g7){hI~mz_3~@6KR*I(#VGwv)|6Yr$?K57hVXyxw}8n1 zP80~?kgud80POuFOD!|uZ`4n4Z22(wF_;KNR6-qgSt^CNoaT7X!!=q7T!NFi(&N7% zaBKk@l(GH_CA!h)>-L{t+y zSb3ZVMaSv9p@LYT+x$Md-mh_2ybaBMOC(+>nf;;fF_XlL*~@3Sn7zuX`~9cGu|Vfa zN*0UDtUv5XRqwh}HF4p-;5BiEa4o5V zR)rMEv?aNH!)Z!vdns?YIj#o|%=IoG+=Jo`)2c-Z!QIw51344@OzH#- zidR@AkhHf*ok9`qk{D@>LQ{8QX18A%P%S9M`?QEuoJ7F!Vo)3N|yqEetMt& z^e;C`5qPoKn_FOSa><+Wq-^dWvDw&?1ux#eh5B;jxi#Q#cj3K}s5SAahj%)S5D>T2 z&e|GH54(J&d3SzAoOCu?hIHEgB8!wyI7X-YOqk>6Lat&`I!*S#+(q|3T343#mj@(1 zKgC{BlSRixHJQ!Mf5@j!g-&-__G)D!9cFc01Uli#^n_Q(~ z{M!(jIzYf55Bo*XO|V}OfaLi~-5=v>0?Qcd?N={XpoF}ksaLUk@ya`7lEDb>Z3OEQ zD2Bf3MssWOI98oB4ih=)gY~;qnh%bnIk>$U13-1@b@c6>y?1CKv+gEbThUYYFY_XT zzfW~8d1LpxRFhGljqTRd4kURC6`0^l)f*OlBVjLs<^B#OP$zYESjqrgzI|X7K#jZ@S zU)4ZRM}qaK65S{bg2or9-+xUUh23%aA!4^EN*BFv_006U{ikyPm#K48L6(|U55n5` zz~!w2E#bEUyyJNJ-6o7eT^uG|k+j`WYFYOFf+xwE-?UURxMPs4uzv1}JuL*@NDNXJ z_FGZQCMMzbRDdC1(ZhBhj7dpo-GbS*1epoUL`D0;k-ByJWDb#3Z$KeMxNg)p!i zG}c<(gACY@@?$BQO6%L&x*6L6Q4VzqrVybu1AP{g?hbz^*fr=2t^gr@=I>|UJMiM9 zB8Uq^u)!A#!F>0^6`}W=`(z9MF^4E?S&Rgy{>#8l4m_l;R(0jv#{FdPmQJ(gqb)HC z2*c==s#%jL=Efb%&lED_$sbOn15@TybGm8oE+4oP(2wk)2IuGTqg}D+sWyYnR#8*A z{mW`i%;Y{YT{F9opEQUh7VYel6p3{D#3(WzCa7M~TSn*i`UeYfw~0t?)3*^#lR`jj zBZ}qkzypfRE+*&%Z?p$)=6z)ACuH-4UH%EY+QTO%I;hv=+NAE9$#%p+Ww$lZpt}yfcdV zE9wiZ-utglCxWm2^c}j);(`h1lye%EE&o`e z|9b(w3Qd%TBs~J2-;ismCcB+T3f>V6^f2n||D6A!J7y7y9e?ak54=qqGV_91zmkNW z0o99q;eB};`40B#HNj}uJ?<|wjbx8QXqJ8~D_|-5cLfF#rtB-O0!^1b&?GKCiCNa~ zKdp)CtUBeI3qkE=JsfJfeyTu%YoxM%MNF(+txNRpa=t2bXQqcbDf#C2+vFD~A$BRL zTl^Q;l_#(>Q8#A+g3xsuG-&)vLQ7F5(U-HhVw`S=!C?kCk?Yg1eR-2b>hfVumjYuhT%_`BW%jJs4!zuQ&C6g%f)yJ3KUC1YtAF1!(cE78 zUu%(v+9={|4BYTNfEy5doebcQsfy3FSAgHlDGBg9kKu(sLPu?gpDU$UK>T*Z)^GsMOZLkUkN(`(oWL9+Zv+RhqKt- zRv*sGM|yzHxBB!smG`Mw6Y?|@f>6nS3G-@obLE)liPU_!q%PxT!D%1?x=BKH;9-j2 zuXv9i@5(9?!FxtwRc}5_d{fz#qz!!a(X0mi*ZYCJ2^8j1PRj?2I?XN?C_;d=vDHl zIoxcS(5dp9=%LXE%cg+_t07%&5oy4~iB6+np~VUYpzDor{Qc+hAheho^d z1QNR17H|){0zNEw82Q6yPNyl!ZM;CmA9)uvVj95pPMmX@c~ceQ`W%+gvr!2;JaXS* z`C!;)Q|#7xmyZxMx_W=!jTD_@AUuLFMZdT|G0k$Iw+k7`SZil0g#87Mj}74jDm7d zm-;i!d4u!T^HY5=5*NR>JDMB8V%V&Q>9frvvqqVH(T>gj7A8v!pOQEHDvj$71Xa|1 z02L(1qZYjS^34wYsZ0s*TYT-Q_B?+bOBdT(kTwBuET%>}(4+%z>+rjJ=fq~dQ5(}J)SAe&44TmO!g2ddkxeUA81RSa zMt#m!Ni2VT_A65Trp1}U=a>g3=A^?+h)i4Q71NVdb4+>#0(r4cQopiQtN`hL5ghq9t+!f7Tv^2K( zTT=W10e2i^{@HlL7&y?*fg)Vt?)3pnqgQjcS86g1KYt?uqPNtz&B)oB_YF-w$*=%Q zNS6wAddI>+iSfCgfMY&V+Y#dhVeA}vLJ2}*0rVXy68 z@fJ;M92Xqu{jvA_g3wZ2%z>ax1KFuc@;vCJ-+Xd;1K43>;Z7{Jw%|b{F&E06cle$l zD{-KDiFWcHa)}YjME|A}EFaE?dC%pOWGhIs5V%}bEr(h8@Flj8fTSw`21E~;s`4r1hoJgO0JfFO`P$OhD3}24rm-i0 zKb{0rc&QpW53!SXbyJi+_J?ouE=Pdg-J=_pXR-3=S_whw zTBVQXZBroR3j%v1zZuqvAL-V^f z^y8Y7otb_BJ=~FBQ42dNYq{0|UW+dwtQ#^49qgiX3_S+VF!ZBXUzyJ2(IL&k7s_~zb=c;5j}6-);^it zxnOH5jth!+yU}bnh!lpjtCMWYDq?Nf*$_3GdxuI-fQ-jjD)R}OZnXkxAh`-?FZ4H| zKfo6Y&fTs0FgX-PNWHdy&a*8w$v7WyOE96kBUnjx)jj7OP*5oN54z#0jm8%B#-BXT!#>x#;{qZHzt^vvyqh&`Dlxu~VxiToe3D-Q1F>(JsqL(Uhn}}iW1u7tbxA#t2v(k1 zyMT9e7}c*ATX>(|vPEm{y*a%A*%X@$g>(ELe!s1~`bO|?^_no=0b%7A&YN!;_3MA| zXHeyzBR58#t~#q+a9jCEeiXT&M|()^M~$hRbMN)ow`%J&cIRzO{T%vmD_bT0*_az8 zmfmH7-xaRumk9lcrk$XwfCb0t2Jn*j!FwnFaclX@sG(PoD;1*>y$7NE*LxUP*`BSw zXiPJHuD`PE+A;kn*Ngr{lYJ|H-p^5AgU)}kA-N3;QskLlERBP-|I z)f|hWtrB>Ak~U4p8f|`lQ{CZ{XG=Qd{GpSlx%F(Cv)Eho|9Q>oIrO^{$VwSO6+QZp z*D5~p>Pg~r-^f_)U-FAtl|H(b0bc&P_q#dUeMt%*UJ9ypoJIZPo>bVtEz<^jZeJvx zNBRR_!b_mP&+HC#Am0*`-*how{;B@Re2>B@mfUU8Z__#eC@ttS{adj;!w;|7W65%4csX|5SWz9xtbV3C(2q zHAZolM1%Jk{O>M`U;!&*q<%{ z1E&YUwNyOn_SIf$GoZ+-nN9Bh5la6NgCl4V5#l-}5&t!w-OymKp7xRqGJ~8l!KXW+ z=>upR1JI+)m<1o8+Twi`KPj~{!vL1J^Uo4N*-QCS#qm$&KTAZgzG2^1x0I?A`AzA< z64U(};a#yG_L08%8dp4nP79s4j*Q+ICX)|ROT`A2-$3uE6jfLMLVT>`VH(=z;X;Qm zv+G})Pi)ul}rx<9Nl#XK>94|n6+CL zHn0cS4L=;ntZtIo-q}lRg(>rrlZVi4k#SoqmmOSyP)9 z#F&3bAW#s^k9^E2-jrA7w!eG;K)<|3Hi<|-{jTAFR^rB?bFGn_OGfbgr zpC%hjO*A59>?2eX{1V99{1{dx!^=ooCMw=$qy&=TJRSa2&&`83JaajU%E7fVcZ(HL zURd2Q_DA0#zSNhaZ1`}iJXZAC9k!-T;=-o>HQ96Xd;vnO>e9f-+N-i z@ij(6`}i&G72s9Q!N<)^M}asb6JWlp=d*}__kIpW<=Jzal$`uuel)rJR(2o$0DlJan*k3HX@6htfPIQksP7k+{V`WPEOMTJatGNccR+V#cTxTK zuGv8|FAa{e^+H@TAo738CFgfvxUe%LFg=d=KAsQ!P(k-of;Lym?oO6vdDQFyJ=pO! zd637S^1Fk|%b6llJVuoEb(PNm#1Au2-YUA+)G7%lLa{kN%$79kx+ILr5Z(R-zCP63hK&osJ!D$iDDny;3$ zFKn{A$eSc}4oK;5yBfb|JF3+`g#6%gy))WrIF;Y9J~VoB{1U_@%jt^TcqVnGa74s5 zSB6L=8OJ?I^k<^zcL_hs@=Wn*;|>1339VB6o=~?Z5dMWb(ASf2t}~8$Cs^gxE&-eu zjr1Ph5&>iS(QJXrQ!vFJ6G_IS2!f82oqkAR)hmQE=Y!L;cVf$DR!exAE=Y+F7h^M&?H>U{0 zWrv@={Zt8)s`AU-uZPTYk;Y+9isn3Z1U!DPLY1$<@eC^2t=8$ak-3Pl-0x~h&f4%h zg*G$KCtL>&2)z~$k`=;Q0FPXuq^E5L9~Hwj_3VS($}BppC>qUofV{27y0Jp)%hy1O zh^|<(OamX+o`bFw0+7|;%#-!5yQO%AKaWo@P=ZAB`NGyy9L_^sjQQ!b;Nif^bM|>r zzseVTr7ncwjMp4~7~P_%eVl&yS#~(_bKT?&>MNK;$|4(9=5`tP)`HWtpB_qjY)zCn z@^fTR55il;HwRupB-(q-xt_g~yIgX-Yw?cUbFa+`(gSLRab`;P+C_BB-$e<1E(?Ip z`~q@feSAZ(NU%zo`_Ksjex&xfO}NMl9C`z3)H0Sinc!}tqDk$}d+mEimO3AV9LI2h{EWZmVG=K^ zM6_ve=N-QLGNmilQTjaD7w0^}oG-YvA-E0Zws<2I%v7jVq9ivn4E^Y~83=Z?mc4;; zbsrceDDy^wFj;)lt^1sMVz(BCSCvmLq9k-Yjz`-BWiri-0+Raff4&sWB@qgCcW$#SF=s|@Sl^-M! z{pTP2Jo%vyN>RIi2%sa+^y{5e?ll27a|Z% z%yWyU%fD0!eqpMT-KsY)!xgUVy&JcTkM0GAIIOhmHTMKqG-bG(w91YBzIMMj9nF>B z-8%_y6&QK{>zU7coHTXR5x2^s6TzkH>0-tH%LCNOBJb2A9-jP^SW8yHUlH!HdHSKktnYpjO>HdOR}pdaesk~{=`eMD7eOm&OunP4ErIXGY^_|IQ| zQYbro;%qf-U<-MdW}T%Nn`#}hP+n(VX2|v}i3~lmW!COw2K#C$iD(N7G91yRJF#L) zY+!KZ`HP7AQ~!K|?XQ*hkEAOtyp!#D-BaAyAj6N1o{@lb^4V>iTD8e-+{aXD{hw~Z z*yVlE3>AIu;KUDt5957(%l5jp?x{iB7B73l_6vILDXSlUQzvNH(dUXq-UpQ86caqkhy-i9b5#m=? zf6ESsvk|3)E6rqO^tZ^vH9rHvdgqbz5En5qA(4fFiUC{cv>39yCJhkJ>Qj)f3U zuO0;tD|Be+(NDTfw^f~Lj9umK19yb{aH1)q)OAO`=)=hx+o!2GD)dMZk$4Bqkn0|b z4<{hnyyHRJjdx{pt{EHt@BbQ)KK$r&SnwnOh=O^-XREeTo9dqSXI>J#yFB|6-@tz) zgV3s^2Z_c7=AIDzH@GP_f`v0a|Ab@{npBjxlj zprs#(wq~RN%<%F1?EkeJdGPC2=13qxX`|ijS*N|o`(z9AZL!9i(#8WhdMW;0fvt`i z-rJxBks@rk$*IsehN?E z520X`+ina04Z@-RHBUXNSv8s4f9?k^=BOxtWbK2=?cbeO2Lre-mbP%~lU@g;&X_6B z6#bd3b3ua*v&5t!@WU}GmpiLQlG&cLAKcq*_}){YAMWI6ENXF`FU!+ys~9B-w&NBo zwW(gX-^U|&yG7=;Wi90OLeh{C6IT>V>l7Xij?-`wm! zz9fQ|x~HE=zy9~@x&CioZ*w_VHe||XA?Mq!Jk*Qo9P#k%yzKXj)7m+P@d)bf(?bdk zzQXtQA|M((yt|!4fR1Wwk#}FPu~b+mrTmAbs?j#R*0%Hs4VJy}2*B}Lr-DX*(k%0D z^s&^RE6pev2J0OB|Gmy3?l{D;%$LkmL6{N`ZAXbMYEd1>BD(CUzVK`smYe-%6q3jq z4w_JD@WWgiC-~G?x>2RgSoTVvG+mBNugz_`9YtY9wq1`e@hos3_Cl(FYMVJG+%yVi z+c%HtjyDlI>klWw9-v%1R67Xo_bZ6A7je9-ObgMbz?j7)T-vnu_zm)2r+DqP#TF5~ z@cv#iEaL$NTKLhd>SW4ImE<|5g&sAZ230x+kV7wbm)ZW&wVp%=z-_r_ zl}kUm;OQPez7Rqyq+EOVC5WPTad@_9YR${oz8}hz#^Sx{m+OAM>S=hsJaGKtC?oe^ zr@|+(fu0!an8Kao+A~C5ktr2ePEdLvngC81I z9(t^524u`tAAZM^&^NO^&GHhPDAi@R$n@|(+Dv4p@)UeS39*V4yqFSF&6dRUyVbH$ zQJiBN6OjvVyVoa#FU%OXkV%`stR63aD9~$3Pm#Y#9ft=ss8Rgrei~+BHgFnN;eJTW zcNI^VW4K$YTCG4@w|SnHtI~1z01+Q!hSwX-C%&|()UrB9F z>Mj4M19!0S!Ue6SqLFXq>iU(MlMga7_1G+4vF3YUChi-SB+=}$KzEbMUb|xko!@-t zxW1HDx7kcVZQ|@tG|1~We}U13|GLqtIcbEq`44?2XuV)vZyetB6Rw0^>?+@3gF8pf zx_vY(G%SnOgTP80Y(iWdY`VvCe(zJ5&Z;5hE1%!%UFR~FTbDoYo1|)C!xt8o!#w(M zVeov5$2$Hxzy>-Jv%ox(n*_}+!MvYt-PrXvPcPXKELnqNP(&MOJ@`2a3>>B{$%U))X-t* z%j)W^ME^yz(`?e#ieHRopN!8phNCA~$3DOQr>z0_TjC%1`>(@P<3BNF9p$XO`{qwi zfa{fJSIZ0SBF$o^8oXxdsIwr;n zm+qcDquZ;IYBNP2N}G+6A5PpZL#R`aUMz4ZU|NMb#IGBAs7nhT#4C6?Ha>)}XE@h8 zZ8>C~&qQ?~KFxjDE=pX?nyyPzND)-D+N}$*2CoI-iIg_sP}t>OawA>c&+AB5$6O6Q zfp@<97j+SdDGS%suJeMTCnbiO<^z|CctE9>QFG$v^;o^4LsK)LL$vmx?!3#IiO=hN ziGKNf^J}Sd*9h)@+_Gy{x_+B@sw5kRAN^OZ%*-(MZ@B``iZ{8g2ORR@*C26ZHqaxB zLU|&ez5nTn;;Li~%MWZVp|16fT=qZo{#@{jF)aFnGWa+C$1Tbis*vR8DW=Xy)BIKMbaYhp!o2Ixk4ZtuNU3VB-u{nc z>ylRB%PaqnFGod(%eMcD4zzRWkAJ1yR1(9#W@UYTF;dy=X*jeqs;0yJfwqaQU-Ko< zOnxeVqw_op|9t^o>Iau2ONXu4534P%^Yml+3INxs?h}(qXNZ}H6qAn}C_4{kizF3z zE%$gsAfvYA+ z1jLx$o?2vWZ7;07E=g_ZpCX~(p&s?g6p}dsBRLwES2c}?*WC_dJIKB?c9EyY$U>87 zO;)lnU=i=?Kb&lyZ|8(0_F%9w^Bnj`@QxHFL~8imqVx zy6(b{-t<6sxA+Q9&~@APT!c}#I`R*Dw8NP?Pmk`d*E5ogNwFPW8NRJ-%8GT$hJK%W z`mFMa*SUeO@X`b>2Gp=5&tS|?LpJPA^^kl7K3{WA+@XtPX|zS)Yz z4Smbtnf_2iPK=(-5b}DK(oUt2s+iCk@AMYm@lTTkE$Ozlk3tu?pOi#yRIe@;Z%Zk`#x zb`3qkTJ3*yiA&#cv*2^D09oB~vIemtZO|-5cojOetf0GZ>|2D+)(IuLQgTTw zc{B0WQx*EGA4TkjKlv-1C$O`}C9zFs&}O7K?Py_bp^u5+GZ42Q2+kZ!fDp9U9jvgq z*W4fYq^vjbpDc#W2N;fIeU{&%Z*@?_|HIl_KxNf+?ZR{@B_N2>DXpM%gR~$bC0(L| zbayGCl$10osDub8A&oRQirz>`mxwgd`OghL-+ABjz5jo{GsZs#!=bqEd+$BhT64`c z=XG6^3I#g5R#{>`oFy4W<8HPt0j6)7g#>2uI{SbaY}*4ZvpBDMywm#1r?4A4Ulc1( z^23ylBuwuOThhk7aQptl$KTDJt8W$E`gNnP(3tx))gh?wV^yW`bCCYs2wHn(=y}5L0(!M?Sn%^F`=@97?_0W%3pD%i_isg$y_VeL$jqV}@S? z6qU;Tbav$%l5wN2+)#FDlN+K)K~9ub_pUM6mam;<$@pUOhe94>(s!)&{9{~ACZ;T& zb$Ug&cEfx-{CG_(uCI~u^S24{@S5@sT$D83S7SH54Frl5*O6kPw{>$__~wrvLP56! z_P<=f0sSUQZC(R1rWz=$<|;;=r&-N{b~k`EFwO^!%5NL~{JS8$*gN1c#Or3!=pg>8 zHx2Utw*cpGkZm_udaZ8f=Y>HKf6Bd?`-y^1_J?`ZT>^Apb9r#x@_03LYFoTCd^16o!+L} zOcf;2WCb<%n}DBC=i{%0&R(LW^F`H<$cK>3k0mIx-qE!r+Ozm;!Xq%DPn^`9eT93y zr74|(@0-H_HS*7qwo1y@f6I5yeVY%x7~XmR<8CVPP_C;=T&MNM`?1G*4)HhH6!H`K z`2?x#5>O`kTn@&%+WCoNT13C1FMrvffwOS8YrwC_hhQ&LBp2@m6jI+He<&YK0~R8g z+SJ#HBW|d~Qt94k%}1jEzdQJJlebZ9#AdoghH_{pg)x zg+`|DnhKQpWn16Q7YhM;fQaey!@Q+xYgAGPHmL+77_rQI#T5>ls$juf-M8ywUQFbW zlFV9s6JZU)y0^CQebb9TbVGZ0eeUIwL$i;w7pSaE*B>3c^WB~Z%l|^>G5q|n{!K8x zQ>9WCNEvLbaKs09lQz$MeSS2APE`@F6n5fA>V7FkCev4iM_l8_nebchJ6}F=@*8iX zB}=I1svPylh`>YKZw-Hc;UVlE==);6bw+*prLNKz)G4*Dk9mx1uM0U)u$8-^Uhy*P zps3?puc~z!g>s9siy`=VZDfAOL27%U^YxI@sPpeFe3YWhVo`xTVu(2$8{ z&5c!=-G8AVCNk{UMC{zFqsMs}cU1tiNNI%a(-%rn(S~d2jrjR`OE$T(`@P@0AzMA& zdch$9bQ`Fw`UL4>NNfR2@`?y;ocz14`qzucIEHdeHV!t2VwjB;Vi((ljHF3# zp<5K61qlB&O;ofb(6_g$pzWktbNd6zJIj=)D5&_=bE>fni-3W)py>!jJ`R1Bh&jg zXA8+Broj!KL8YP5&Je&Ep-S553zCjT0Xq^rv#dYp2sFBO6Q9N0R^m~zNGM~(s`1x; z$Q}a`gcsvMI7!kVnWF;=;i*sEv?_GPz6D-pVz=Y&*rF>BWfTGwkV(rKTyAn`^VcXR zI255S5to_Hx%p$Uw;(y)<%=knyN2itWd{nSoy_v8SnMZ=80nzUaVkjZMjgb}llV>f zAY7v~dfer0!F~XxP;FAunl2~v)p2X|8STnDeT4?j4Vd`ty?Ul^=@lR>xYHF2f+DBw z#6UBz_u%2AHF}kih})%j7yI%UR9k}+xsi(F)+B%>3h1AffyB&U)H%(r9F|v?-G{?G zi-Y!Ziapy-;SY0f`!>k)6cTKA2OPd{`g+-fXR&R0_0pe2JrgbN`zD?fxJd0I-L22y zz8lVxif__n-Tb$gVZSThbo03e@9LWeh24k3Qt@tMc><{K=tjxTzULV^pxW?5ViJ_n zf5<197!U7_UDoub|M+-atTd8*PTtgzg-tCyf&Xni2c5z8EwRF zb{{ud>r=pA+kRUvN4_`<=&f8VnMM+EB<4tOTsE>xR0MkAH0x3Lm;)Y<`RDa_qw$H! z2)CUNV8h}Js&<@^+sLI;iz)da@zFCFuf9zmfs6D~ox;Iu#yn@e9P&9&kq~@?_VyTB(VL5GO0=?< znmjJ9T(F=&Y?Tb#BgPGAlkx~hH<5^|A1)sqI^f4;Ru0oKzc2O-Y-n}%pp=jZmOR%3 zF81Bh=jmV{aye?!?;7HZSKOAFzpNIYVjeL}!ESuQOXC^74#>X(p|}=BI)ZiJp67St z4@89-k$uQic7WPZq>JW$uxPW3`D(QHs5_>wl&ldH)4juS+ctp6Ku=)rZ$W)LakWRJa~Z#hpQ8!q;~?5+i270au4Z( z37F|7v844|qiZYMSDwod7$*-IVy~&Om ziGS$z0^5jeE@Jc35t+rsh|9OXbEI*g&v1*-662}^p6)q)sVBGOK5VPT;TDw5bo)<4 z377s;1?13mGL%I zzI^kfN4TDZeuLkXAA9zLa0dwqIn!dgESkF)NDJt_e=(Jz@rJM>BR!h0EIkBpfY#eg zm9h=SL}jHt5p3)N`(iZCR1-G&vQ&!=w(bb!#vm@0S+I`WXrq^B@uM&ivbic`R(w40 z&qn6NY@hJLqA3z&U|)eO^M*mKVL-gp+k(!sN;-+ANp^8;1Mzh_w}d2h2Fs1D_T1xs zpN&+Tl2oJmF=7KV%5w7+~qZrw%{AhPd%1Ti`H#3|B2*pZrArQ7`O#1Mezxd zWGKd|Qa4YsApVUG4$y7%S!Cjl3ZoiT*&yR>A7|MMQ)d$h_(g$ASpABTqAZ~w=ozdm zLq%F2X4aPM`c8&bCRYBdOtV=T#wi?WdI_1z=Vqc;lFBWKE+RGW16fxYWy_9Ij&MfW zVvlp5esG@)X)C-G7wwLekV_wWHUtJ2a?#&loImv~Gz`P@66R_s+qYtrIGc%5j%A*c zIV!XE@(?V4L-FyfTeueIP$^7&OdqsI#5?-EnCXVj7OMhc#;cibvTeu&mWfY+%vU^J z8%8QJj};FtfLQoww}fns6AoQ14#vgZ5-jb@BgqPlZHrhZdu7t-?9)tuBUCyc!A$EG zdsZokKvBZ00PiVHqx(D0V9{@_pC;*6iQ_W29r->k-eRUBtsBSg7WTXmwugi3K6$iC zRtS3%fnVVxSt3tdQlph(%B+~$kf1IL%0coHcJIvVI}??3 z;tQgS@{_8^)>_YV8q_>v1%|cWvu>Q|kHi0L zMzUgni=J&w4xkJ-*dHHjzir;(q1A#aWjm$$y=~2e=i8%!5Q0E}`fGL-O+4mo#uV6Y zSMZ`SGm5F57%+Ui%EBF0TRs4DU{a*(R0=!K0dQ3FBLrXWU7 zDP!iz-1xrHP~)-t$_mD!T>In%UTcJ%P-_r_)o2`H6RE)6_N14L;skM7zT`p*Vx?p4 zmCsotUBg9rA|8>2#5Qb@$+s`acN6tAbiC5i7RBfe@eE!VOAfDC~gCh zjI#1$qAlLiQ_2a+^{A4jcQiBgckbx!CS5#yl5ZYof>M(tv_UNkFDPJ

N+^?6#o-*vxqOVG3ut^VYMz~tFtQK=Q z4G~I(tcZyY&sR#c;XWPh?dh4BA=%PM*G=50<)n#71(fo86dm1~y zZV6^~lIAH?Z4FNCu&>qxDa4t4x1pwAnFt~-Pk~WK#TtZlyGo;=-s00X|KGVh_0q7+Mla@Tji<=Dwk?Ha|N zPM}0dQa?R4wEE2SG)_l;b+c$vjf3QU$ffID#j>GOr|n=}EZS~t-gzlWi++?l>bVl@ z`{sgz_s-f(qJD68P;n!6Ak+gnS3~)Si%D@`&<^@rp#Zk0f61LEhIb4%SQpHS%%Bv0blvSZz;N$Vwf|gmy11wRKBjTPLS#4Ftq+IpPbag=vwU9j& zo8r&{Nv_)3M8HpD98qfT6 zpTw&5Oxl1p>GNopvo}_J^$>nmU1aUVQs~{cVQD!P_Tr>5DktZ%X5%Zd#yH}QF z#JiTJgTUS^D=AAhG}pZEYWsCQa{CzowW8fewV*JDcav=3!7qNa^t)7}o>x_NyB?a} z&>66|8m)ace4RLLRchVhX3?#QFqEH!N9~7zJ3+o*zaJg_GWt`erRo@`E(wSG8-=ia*Efk?NP-PrCFG6LCQaCT zue}$mEtL3|Cd3wq+x%T<&pqVN*hViJhpAskBDd`3D(xGkciE>ysjbe?e>!XWJ5IDI z$iBU5Do~imT+>ZiZ*p!a^W55IJ9ASE|4#d(Mj?ssfxntd4Xt*+F(m!AkQQEOjzG7I zdHaOEKQq_9;Dujfp2gElwSX%vp%9easgPr-u0IlZ(9nLOSKApd7~8>cU`nzG*T=G@p)*vInsuTG_wixdy-*2kL+a{eSTNp3llS| z^7<#sIlY`F%{QkfViFm{4HFb#7%q;E+7eiX8!S7%hn>l%A(o5Y@olv7R(WN%Y0Yy? z(nqnPn@hs$t01GA-_6MLSV@;`R{)?z5$s7%gXePzt@3edQS}QG-7MLkKzBCV4S~6WIc??>(pT(B7t~v7_VNwdN_yz6*5jnQh6pT%N}OtSK{`DzG-}XFD~M^_-`cG64!b9tAQzf_ z&|JH|jV7ii`_e8TH()l%e<~CQCv+>7SDKk_(9WSlm|kN%9fQExs+g%1R-4GcDL=V4 zmPb6gY!G~t4VWcWa*P;mKB?UrzzQss^8HC@UC7!XPi4gtHxjD9rjZ#&Jbr2->@ePd z`fMsx2#6dCJ|yQ>Ew6A%E*Nf}dKQwmHR?iegElj~@;cwBU${I@Z4-qy@h6J!qkh5o zMxHCdPee65+U^q!dt^E|nKFJ^b!1#UYZvjln))oMNs`#AO#6$Z>ZwLLi+;mXG2qnk zFblyYYEA6V(V*^$1j|g8D?v{JW2kECZMf0vqrLIPkaed zYGssj_LTFjk+r9lO|&+&Hh&z#*GYdC zCgS!lb6n-RnKQrpaH9!`%CkY77MS?j=6P2)AHAJ>*Fh+xZgZvnj5vU~jU{2RZ-(Nd6RDp^-thVonlhOU zwLZ-?cSN#!WYS+%C108^1*j1Zr1t;6qegxV@s-PsN0ARw{!I*T{wJ&l0%hSiW451i zmi#|f>?$rIESgu{$yMKS|HG&_G*=EvUaR_c`MAmz{B6SWU>xBziUw{O>st--U8@qk ze0(@bn-YF~Txbq-`fPH+_f9-9KyPa90bYZuE0VfjQ9f=dwe6lm0uGzPQR+WffWIT+ z_xk_s&VqA_ZGn)`2hdtr%tnYHLLJ2z^+1TJT_+`bX?OyEm;1mPyN`XYf1#|=MraVJ zPp18^xBVYsVh}qC#@o9RL4r{x&faxfUs?p=-I0v@Q3H7srT%~YqW}ND+|^ziZr#FI zKv$)T)qHJj**;DDK#>?h6g_-0-1!)b8Iagy%0lv3QV3-kpi#RrHS%Zw`;0s5W9q+S z4S;`n%tfdksQ?mw8nSzdP-nU`{Sbtv4D)a0F{6_CyY&g5hM9Icm% z0Qb1_5r}Nl5J)D#zpby7R~k*L?tf!w1SloxBNoGsCkQ}AumEk^vd1UM(npYq6t<8y z@_?2il^Pv!I`s z{%;@Z9S52zlmc}|iIxeU-ZPtg0g~Mbz`iur&?fOlf0{|~4f+F{u zCtFBb7eOxPhd_8Kb~scY5U>L&lNtE^&HDMFig$qezeXZDP4*Fz<~ptZ(DYuw<_oPs zrQ>tEA0Jd8zoo|3is)&3K|*61bkLIl(5l(Hr6Bfu#B(ZY4LFyS>pgke98;F4ZVclH zX=xtyHQx7NiXaj~X0ZQ;c)K~v^d>i*B6+0TF*}2};Zl)ql@l+XE;{Bj7)A^&! zHrHkL%i7O0hfW|2@Vfo}9@nEGe!a?d?!}=A5It$6d@IR6L;JvFq6%|`qK*K%uf_BBhK15pz~ZyX8SSgikdA_?NmLsb17V;?Nm{|2hF){vy-|jww3q z`|yf7DeeTT(9^KMdJgHLj&x($|+KuT_^NDIy*J*ZTAS%X-ds;8ybp0USB zu7az@Di9y)n;IR+X4}29AX_i)MMa8TOeE#>&PyyVy3h}VgWT_*UW~aQ%s2U~qs~Wf zlHcd%$9s*g0XK4H*+~Y}?jNK2_FIo}8~@+CfQ19sG4m#Ij{cHa;13^@=W@6^yYug6 zz%05ZL1gxQg(I%7bp(B9KN(ni zBZq^0+^>}?2zxvB^`_YXqa61zoW;7F^m1qIK7g9QXL zFP5MIsU#Xnl8Paq3iLKQd&&gjV+^#7LfK*e+8bb=x$QJlce?2vq!K6m(wX%CZrlt1edFfdeC4evrm)ixgq>^N z^r-VRL%@ECm^B?1-ON)pKCMsZ4CbMyVWA8qLPO6OkGB35v8>WI;ppl11GuXB8h14% zg6Qgz76rXy6k`F=J!AYeD{_f+2oHBV({)*42N6GYDuZqSyl(tD`L~+C#rtg)HJfhc zIQIm195#epr9L&f9~kDf?We?=BH;}C$MB@Et^Oa9OqhYk)FDNsr_dnSc zCrNFZaN2$m6+iSIpf7fDgYRt$a+gIUN0UCm{vE%rw0_udfuq<0-_S`Pct(@gF}4K1 zRG62<1RevsDd#p@TzGiUglPS933p!|PuX?x9l&c(%k89fRX~wU!pVQjdNln z`6bwH{umcbvx5+B=K3zn)?uKs4Ibzw53&$W2V;;%qi|>L?*8+s)MqYrdhjXCq<{NV z6HkES72rCoBD_e4qqA4Nk0I?qFpRQ&$=gGC^Cj`Bs7U|9M#RHjX9Ym~vwW4RelG1B z+*x`)so}-SRa=AL=^0it5zNdb`^u2gbD4jKzyODY|8qJ7@pncai|PR;Ty$EL93bT> zXYtpS?DvECmtYH-5ZD?XzrzprXC)Ik;SOI!W0P_S{X&2XyZ5@+#bETRq>U~xAPDIm zhKaopEJ@$ig&<@cKCzn(`Q|}@=sobQWmB6RAwZD*EBZV~`qLJ^rVmNhWgkXNZGsj5 ze_?Y(u8&Ve@a`h0b*WUrx=7p2^UGvycnD~EVm-{@aQyD^%nHPBYZ(f-7BzZI0Rg_^ z)Q`I;-~!*3_ay-?u%Cr_87;)nGXx*H?SGMGWnU>^N_)gmcmFyCZ9%+D7mzpFhJ&sV zjr~tQo-dp3!y)nKiU+Y{p(+*?+4$TNl}HI0#W7X+xpIYYQB=7)hjNrq^XxbXop4a; zqRs%pAX;W`;nCp=q3X*Y2o3GQoo`pOOSllS!8wg%f+fJ`hzSh#O1R|mcBl(63)2*QLM%H7j~OC-Z1BzdvTxA zbneb%Gh_^^qyVcrZDotA;AQM&G5?=FeNmU?m}cpi`j2%q!u(xZfm-VNlBmcAh$qps zhNpsoctQ}_SSA}_^@SWYypvkiwX>>P+Mvxr;)4ka$^wLO6G#gCrW9k#hseLn_cHO1N>W1(Za!&zFt?mwfDX3!Sg9lHr2|omOt%vHbAYPrrXQp<@6}3C&Y2FzMXCa1~1o zU+Y-%=+ak)yaUW2Xag((l?Y*!Il?ar{D$LMRsC(L~)lHkl zZ(NQ}Z&Z+YO2}V-5fDsIslw>!SCt1Ofti&~DB*cj>+JQe&Pgc9Qd8cn;AyZB zG@V*|=Ea?UPJ&B^=ctgK>g0!v_vG4dyPbohZeTv;|7E^-;i(6wNj)PgjzqkV_x_+R z!e71&FO|E~1>bcABb(y4sLRQ)Rb3tzCA${5+9q=;C~%8!eShCK&#&R`DFOs$ziB;pt6utW&F9AT5<2qs$cDqcrHtN0;3O~ zD|<-ZW-c}5P-Z#LT#eB3G0EG5F_N+;vqdteGjSD6RIylNlQ6ogl^=(nC1N`MdSa(k z+a`z?`Uk$6{QWZc7$ar?j;CX~v_|1sNldx}`8fL8`gGbLjaV_la79FVK?XF@3eIY` zISsIqX~TNI?3NzV)b~xAa*hNqoREDUCy#Jy1{pf|K~unn2O5W^h03wGlIL6 zWQ?_Acf}Ihg+R{Lqd4RiB>NI@PF}r>qal9y^VS(9y@*~u*had zgRc8hi#3J9qi}%@wBl^)t8iS`|1EFJbm6ZwK>`M8JPhZb%jCnk25kx@E= zLu&)mf`tvNS5^O$#d(M9zhaF#8tlo7aCJII1Af?-Fc~|HU%wb4*9R(li-LaRz=z&FWE7N2v^2Mh9vD`{ElrvU*FbA4mLvSNf;j{L}M9-Gs9vu02Z4@m}x{PZF``5z3N*ys7$ucN1DW^lirPy5GY z9)!qSxq3{o-bA?tUqJ_zx*)fAOu!KM#o)Vwsp;(T{pd;>&ZJymf#2jLXS6nAH$fAa zI}|x_M6nqsOYG$S=QLseqgiGqSph@|OoI$_3POYfXBD`RfXo6~wuZulm(i~W|4(b6 z0T+wx*Fcz*=ZYD1S8f!H&EI$y@o0#-SY*vpQ@~t521MzR=Pgde5V-l^$A<}7r*g4p z?nq#QL8zd3JjhBv*(=2R2ya%Xd^`53?ZlW?-&ULAhh3V|YEK@#^4js0)n_lX>K9Pt zv=XIapUlD&GhK?r=>B%8la5yX%&~pNw)xgY#9}PjG0ATLL!O4f>0~iZP3oXp z!Br=vXt*F#wSfR@RAp&rXXj>xy)jE`vn=w!pvaK9RHXJ~<0bR)qQy0ow;MYoCdW7d3%Dt^CpMgt()B`yn`<0D+_Y+Y1NmKs`cp&$@8F!Bq>x0ktu!-(em8e-m|3s-kBLVo-a1M~wwnZVweg=erZ zaX3%^+oM{^o4qp@LhaY9S@+<)V+%?@bIxyUqi*+w^47zMM8sT(m&?SdG!@MBpL%n$ zK!(|5;+Be*?};9NRp1QHHlHhsPW{ix<%OU$VxMbxkMi%0!pB(=*Xzh276K>5hTB+1 zyjE{*GlU=>xVP2giCBgaGmUTsRq%N<_W`^&BfRE0d?8SfsQ6a!A>#NEP96m2JG|9W zU_9NGIOY-A*F9DzpY|bKG5)o=o0J5zbU__s$b0S2pNK~|g^+2tPZYmLbn=`ioRh;m ze<2?}=7VD&MjkE+4AFt=SiHaE*C34(t98HURTSt7B`g1Z|3DlIRba@xik>PyF~Hy7 zH@IO*F!pQ^6!-W?x{4pD7W~)s$X^<~k=WmxTKpd4wW@gg*WXV3VL912xrd>Iia1;& zzy!L#gjY>0#XuIZN3wbKWR=CrFyVOKpanjkGIEQNk^goJTE>RjXCxvi>?giL1Q84o zP3|!}F~`6DsST&zwBIz*kN=wSCYj78tuzEC)AGn1`$91u$vi9Hpo&2`r(2b%c=7-P zsu*FcGqbaQjDP)I`*+X4@$hz~z9>5^Ez8M^B=LX0&+!KBsrSF0;3D_j4g(ec?Vv?eDMt_ksVH?OW?Tk>S|FA6WoD`>={%suH5}91ErUn zUw1)Q)aqwfiZf6YP~Y>kbAj-16aFW|`v`LLRsh@7ljdPH zZC`mmnmUOr9HUS6l%VO^S#cY2VsL$qX$?Ah#%$1DDG@p%>D=!t)FPaR zLp5hy6uQ`4-s{h2;ao_Vms+E!j&(Z`5gLnXM1-E1PHnJ$Z%KS^@cnC0r8l`Y%j13$ChX`~XE}KlR zS3E|QHxMREq7J`$jt{C2(%dP3khC&K90}&p58HPt&>JBKq(5&$``1JjhaVsE$T#5S zt0eyFFAWkW_q9aB#9Aggg{yeV1I0d)vr1lI>W<~`5r z1uB!)pF#<5TUuL_6Qse72SNw`*^DS<#{o~51b$W7#DrcHnOTAF;cY?ui^6Klcm8PFfH;zcRtQ$ z76{CbHabzxeR-6&`Uun&AohqoUUCh(SnV&S!mvhkNqhKUY1G5*pnjmlX;7L|2wf2A zUJU+6C8TiIaJL%w2OtKx29=z={t~vwu0TL)bh@5;MavCjoczi(CAFYw=Sq{&(o(-l zVX`1ha#8uu(f{U7195Ji2~<}4Sp(+12{kTGtrrTiWxyXJOe*3?hN`3*97J!{k&YBp z+YJi15zv*+@vxFn!&f=2CRk5N)Nj2_GEg{)0HlM~a?4RwpIi1#8&X-xn1a4-88etK zFZ?)*m8sk&F-~Ly@_*b^}^S0Lqx*)Wi=neFgEO z3;NY|;W(d|8+OD%twH!AJf>`%l{h=HkUB1qL_LhJlmGH6?_|p;VS~%ci(KxEd&=YK zv5QXG+Ysd{d$ji6q3Ki^`7h#dfQDN$Vf85#w2YvhC^k&pYFc=sF zI|i|9$iMhm>;~ABSiyMd#9{ zPDeKrV?p2DgcL!WQ={@e<3aeU(A_21bqrh%s{8d8N3q;e9eat9kMZKCXfItxD%R!=UR0<<$NmzN=3&+EGY0Vt#7?3lAi&6 zJ*6Z*V=gGpW`2M={Kl-@MDl z#>wmR{hCo2%W-c_YO5qbWfp0XyHO3Q=N$mb*JVT_^`H%h@OeTC_BUO7{(FlYi13+) zoRn5h1$am6Q3|!?(OR9&(W`OMxyeW+xTdCtK(f0?h4CEB&yb0BBp6hdfvvd;l=6t5 zU~n89Oa5IODGFTH7+dvANZfA+PMQ7eE8v0f*Rz)eP2I!rt z?LMdxifdxO`=CS&))M}>R5hOvtHBd-tgVNT9^Z_216ij4*~Fh-+XZ#o{G>XL!PJf3l9+p@zhQ?0K~Q+Y`UnR;Stu z@bSqeIWj$8j6d$D_gQ#;_$Z7JrbGq8;6b{&@2sKtd;Pt&Pm%Hov{2A0eTAire?4Il z_d3L|cVF0bL|bQWMg-O z=gcGBnXXoSwUTScQtOc~)4@fo4ZC!!WJ&o=1BXiI-F^9TTD38ysPk+CO(Z4J3wzLj zJ#X_BTt5}(bbaZW0j;G`V^F9JI52`6gRF?3%7Fm=3t2=cEE?tF_u6d)GFFI~=zUG$ zP!SEcwx=FeZ<)NcOuS~!BC6FM==V07 zgOyG%#Ux1TePDCXRf?f^-ssgUz+SvTBDsD8p;Xeozx01|w0U<(2zisELVZCgaOhK0+y#oT`EYrl&ovPuqTakZ znv|pM3M^?+3!X0qG_K&PO(674k|;GD@^=6OO8vo~Y4nsdTK*?3N6XY#k$2yVj18gg z&H)gJoAtM=-QRjY3k+^rE?%Icap(Ei7V;39zbk5_`!KS2VB*KJfFWFPQb(-R0}Z1E z6x&V{gE{PrUF_)3bNHpzstu{L7C#sg+8A|#*rK|dg4FA=MGa`2#{q`wTI~fopPB2T zIA2Il6S!I()W-igFlrKGCDVg1o%${6(Rw{@2^#yBCNPh%Ib5*f=I{$iZ+s5p562#~ zDz8x?tqWXfxg>-Cs5|jGiO8TV1t*%$wTh741ufionil(S+)H^q5Smm&GAFCiHIV`?2EM(zHF-H&P#GRLB&VbN6LOmVl-()x5-BQ|;nOZ=#n&AtjE)ahCCH|zyX5R# z3_EYti1$lQ^jnXT6g+3Na1TH2*}w0_NUg{cktl2q^u%L(>9 zybhHysVp?}$zg2|oJx83>vDtUkSV)A7Z))h2y2yP1rsR+XCRq1O4-1{bC2*LO#nB2 z`NmMEMRfxVMbzmKSK}l~|PD=-4^J_qSM3BSp^@!$_O2b90 z_Ur&y^S_T1=0S8w^drP9VJ@}Pt1@{|pLHhV$I=xit>Qg%WL}<>ubw`%gt+Xv_C50B zVF+}Cr%;-@N#Ja3o_RlqZ2scwa$D*srUlSNng(M*J(X9A`T zoz&Dcy-C^?6_d2}``L8zg+n~wyNRROCh zEyjWF+6C3TIvcvY8&#DHw@Y$vaaktcc&*%h{Yh!^Fd`<(>#(`W51T3xq#A2s6kIlB%e!_TO^`61=+ z+PuJs1;#ofW0TwkOpm{33`P=|PEA`k^Vyd4*5{Kq3clB+*X#P5epIpkic01(VMMPk z-=8@;^BajI@4)lG^5~0+jIZ0^dlkfLMvF<$W0kHZl6{U0>|GT9lr*Ag&7EM~4)uLZ z7san8%*8~aWm5EA`e>y3KF!Wa=Uy ztGi>-$KLp(hYDEE#@s_?rr$-zX=AA{(|+3WHo4po?d4p$X8pC_{x^wb{qor%=^tYLzC$MTK)+b73#$BWUFPLP{jXFQD4OEl z-sbF2;MUXF-CE|Kbz9;|ddTb0r4L+)_z9W93ds-Y!(Z=Fa~gLhO=U0>W4dQD!C1@_ zoe6a|DAngv%|80zTSb)NoMNYMsIE~Ikm+ih=q~yop}J7v8PT^|HXkJ%+MeuIJnlmkR~+7$+~1wD?X0U# z9O)STY*=wxU=h{-KxbJ^Pue;X#W$m>x_VCf^z_^k`!%69a!T-w*~+DKyjVilcY9uI zCJSmv8>0?iaE$>j_~}@#n%QCr6S-p|MqOpf3jMmnto>6bhN8rZJB7(_hXnp8MohjC zn4hIJmL(arneEcQ^LCAkTv@Z>)s9$g*~fyo%I~$sJiArA1-Y|6UiWVR>@w$wrSIC8 zyTb;%ncFcpj&@_*&_{_o&iyGqYE!8*?w2f@em+?17{0pp=PB{ckF*Lq^^-L+ImtKb z`Hh)dxgHmJ*sqCkG<0Yuj!WJ@Dt+fU*AenEK^fa z@mJ58X*o4`rubgnmuLk?Jq~_1{)J)@{>P)`8a9KaT2_BvS(IAGzsa(Zre(<*-hN2_ zE9;8^3-y&T9j>Guo59^5*N3b=Rd7%De6-DV9-KTvr51E~Jykx^D@^89iK9;s8zd*R zLV^;XM|MouSmo-wB1B6y8X0hqlIjSQn@D~_C#(@I_WO;@kd-CtI5}qeH2p)FwpEJv z)DMy{HQy$TQ9am<+OMPU%~4pjaNfa2`I>5bY&~_JZ_%+HlT=f=>|ek6IqK{N!GM72 zyaAp4gL<`*%aNC*iIWA-yT-4vaYuMm?RD)4S`F#O9o!c>@W?)rz@xqDmr}F6ajH>e zNx#*kIA?@nR@@4`y7lzt+}O<0X{vpuvF_9hMH5Wrb?zId@@}XcEs8ObbUb?{o<98J zS&1X#Avn%Go0e24SXra9B)m$E0397@b$IW7OzKr@5T6gKK;c33{E00v{zsOlOPSqZ zet-9MYF#ZkpRa=4Wqbqnf{@)() ztI`r&6m>K#^3i?@gs%Ivw<}V{89S}#%PEPfy&pcsJzAEm{zE^RsQ$wR8pz5ue-q6;*DHULGk(t^pyE=NK6x z_nuy{?c+%(AG}By+i>*WgYJd~mGPd6X1PaF={gBk|iP1vG-c|!``$a{`6*O;N_F4a7Zd}>6w>>Wo2jyvkh}g2?XbDoW@9)%-cu!v6 zmV3kKcbH1L`fKheczx+DKI501rr!sNz2A4qAptBHF&uaML4{9ll12RB$b53CQT_GG z*tAMpLUh`*#?rki(d?w_Q{S~U8X=Qnt1fVri9~+aO{u1Z=rt+|eTw@Os#ELUd-;NI z%uId338DJUx4XXHzapZq|75J+K4`??kJ-`i6PijeQ|>7h5@iyccFd~EEay&6Uft6f zeShLPteckhg|RXQ2M6!lxY)ef?Ac3m>XSL`eTOErK>WgduHd&}(t<+$53P^((Wxmv z$t}xPJOc&h>$B3L&hupUomc1MNSl_agvT74cl?uk`2hD6+Am`2T>RmTG(%*llZ{6m zEd%cX8OyGTZiYzo2eLOuCGTlZ3sXJb{Z*p4SRbG+)_m^6x#7zsinVx(8B~i;iA0JW z7)rO6DSX;m%L<%+8rVGdiCKzDx&63?`+c=q>?m_&e{+ax>}WGl(n!ID90o}<3}+XY z0uHaa6pqQF0)7QKUs})UpIRgHs||~r4NdV^F)~c>`&9bxUYVqc>3?kOLuxkpXW6Xj zi(ju_3DE^qNe8)D|snav=OFecorZ`3h^Bt<$2*4wfUu zV^a}Uym&>9;IgkDl@bgk!>{TwEvTm9mr%VOxKK#KpShiVZtPv@DQ=$vR^Fc)>Pq$z z7xXky?-~>I95h?9mtH-hVatl8C3uQWo`c^}j7L9K>UH|poh4i1UL~8ItK~liM|O^+ z>380L`F1FJx8*i_!jKMM;hbCW=6$jw{%nT~vxFVqPuxpX%h!v>sHkPzag<}}1?Hz8 zM@qYH!b!)aZj-y>%oq}@55+!1_|fsb)pFkSp8wEy0_c%AbhG>^VuVSmA36=t>2$oJ_t|$c0`^0c`FmeIXU6*?#kT!LRPVF*p7|~>$n86ny~XRU zF6*5t8|pE0@w~j0=sWD;M2_b!7!k7a(+@PUG|rShme}6?Mzr!{X;{fQHnFHlyPy4~ zi){$T?BjmJ)wSf@XKse6#hy`qml>*EZ1HNdB)_HnMA2s$E`RF@afw_(iKRIj+ZYN+YA2ZObvN6s1_ZD6;6Ga(=fn{T>5 z#&-7Ejx}fJgD`4WweW9~ZFz6AlgpxCs{cv#uR`A0TLV{0?h<20#FYQQL8E!nI=_P< zC7JS;mbHhMmj2wQ$wlj{!{e63x0_S*8+;Vgon^gQjlSa*VSe7qF{=OEHt!h2D(hV- z%C&bo9Q*#@6-1bX=b1EvSO!)77yt7#oGM={mcy=ft6#G=;lmqsynwbSbX#Ms=n7vP z3kWGq#}?Tdq;Xs_2^rIU+jex_OGV-cDoYl>=3e7BYwpBO%Up40d^$;X8YOW~N>r&i zp}+TwSnHG5MQUeE&nA7myz!Ep=eD7>+iTmsNNU5!0i>z1yoIxNuQvs!o}L_AY;?4{>^Rn!(}Wv^@xx;iiop^2do{PLcsCYzHn~t@yua~y_XV56&<<*~EEH|M-CiI44OO`>NEhME zMa@13Ef)UGw!zp<9b40nCzbWt37Gj-`FK_9~IVZ zua+p8^YgZ@R*XflJ{Vz3j7(qEU+p}7>2=P;6MTkHmu_z!qf&B;SGAnGOXAbM&n!tk zmPTk-Q=iYE$9qYm_>xB8{~_$H;;MYU_F+mwknWc5?na~=q`Nz%TT;49KsuBzX#^ys zr9-;AJO6{f@AG*N-xJT=?0w%eYu2o*92sDGRR7S|m=45;h?j;}Vtawua2?&6zsQY_ zyAw@Q5P!2t?Qx>ykLN}{%X<^;q^n_F->x!mrd_(?4Z*JXE2@3Em^ijr<6W8lxb8G( zl@wetV+-3?X z2c+wbmbV{8Xoc@UOli=}zPOK%fD0c{nL52LlZNYBLuMwSu7DTEz~JENNIr(++E`nz ztdwLS7eWgT^SkS3Lb#+4O_kcRgN9MzXyNPcWrw=ADCx&`>)4H)usig=goT-p{Gt|q z2!(`(T`8Zd?cpKJ#(Cw{MvNUP9%Z1e4qH1H6@{ebMr%qLwStpeBcz=WB3I@C0)y&2 z2%BT!j+wuAM2*Vsnf7r)PKjRO|9aW%PeR7sOEWctR)0t?tf!F3<`}W>g;>+XH;5QQt#}gzM$*@(WVn%j6sMJ3 zj6#*)!BtWtJC!VbX{!K~;jIlfkG=#_!PbYQwpYI)3vKbSu&`!-*byw)bE~MR#C`o5 zGduewYz2r?R(|L>h!=B}vpk1{p_*`s5~M;!_d~g_LViyCF%uc|*ZnPRE!L2en$tId z+*CcYDL5@ZYgfiJG>17@keXO@zX6- z>NQ?0ySFYx>R+r6a$a^d)-zJVDk--RMVM#gK+3~v-+C&Ml#(*NV**rwI}1&~8!ZjZ zahb&T0uA^-h68kjam9V|DMvt&MxzV8fL_BbqDa>+qZgnG5!BfpP}En);WNaUX*$GLA##$FD7I#huZ4gxK7-J9zM z^el(93Dz@LM$n9DUUqDL+IBsHwUK+K2!kz*UPYX13~HP+W;R;LC1ymWX2gu8Z^B~r z|8BMk+1$AbBXtiy7UhZgFn1Fqoc1)wvfR&bpB$8EuvV>Czf~;dlJeh-o)J4LWo1U! zj3we%54`AQIfXwSxcvJ*$}ZHNQpy3AYVa-cb^tzi^yU7H2^e3@)|wE&UhPH5hCafz z@msv5Wm0ea-g3ZYdFgc;cC??&#eZeGZS*wizj80E{+6+}{P)fhfF8cFDUU#MR>V4f z=14&AxgE85WP+>ktT116em*uJN{tW|lxw_d5;)-5c{l0?i?n0hz4P2nMy?#T*uCHni5R*HA`UOd-J`?)AXW`dORvWY@`iHzoVf zEyo?{f{WY~*RmAP_YwLxJMg_<+JV23zP2Yb`X6i)IHAv1{d!fD-s~|0dpP5DWIYiI zYtWFpK$P1Bm><;uwtErBH3CM#Y4-C29GLfWzqn!&0*L$tgm(f_Nh`p}tPe=VM49^l zh`kB|X~mY?eM2NSR22n7W(@rGHgKBPBIvtYB=XS!Rk)Y2VIdGC3q@WxyY6G78<3w; zHu;e&(|sBPXQZJ|f?`NIwDl~*_%;(XnaxQ?s!isLk$g5@#chHqS@1;=KwTOr#n|t z``%fLlGyj>Q?MPogM8N-@<(u!#SZWV**avB2=~pvhK|*I2=@h3{XIAcfMbG_ z5&q*9&<{x*_cqG`M-+~-YYwx1~79AcQ{;7s-Ejw|adrkZU^QZsY z({D0*r;Q1=ex9PYKdvjvW%vlk2yX4*v#pjNo(92&r@2A75Vv|>Y;7Z_A_B8K4s2$9 zpV?2kV}Z%tVIk1gnj}U>!SDDy4}y$+s_SZC>-Dtv$Jhr0-nPl{oZ}+8)CV*TuXd(9 zGO@&D4sX+q_NDb2Z({R%HE@%TsIYVN9-h8V1$qs_*{Z*v%Hec5dx>~?U{MUd7NCxN z%aE%tGpQdUN3Spc!I{M|?dCoDZ6Qdnkl^%e0FK4JgTqDP=vB+aC;5Bs)uHxZfnU`r zw8kDq?|8Q}RZW;+R_dZK3NX?zg3k#rL7wEw_tFaVa37HJMJvLWy{R>5%7zf9uc8td z91K&Y*P=ev*BkSHTmTPhdmxBzWd|mQMphQyz_7IgrT~CGn50>xUvu>A31)anXxx~mfIGaBH@A~gP=PK?|J$cgd&Ev%kb?i0jMZYplSt~$2S+T~+NTcC4J#}ZHa_OCj|fA^{{-+hwa&?J96ZZ&Xnxue}lcV}7_2;(deS&n6-w$EJ>ufTcf!*1Vmen5fC2h-1yU@`06o=SbSkR4^vj;uY6lvD9 zTc8sahM>m@DX`BKXV7c@@Hu135x(R0xpssP5yUGpNkrkkZNCS!9>-ohi;i8F2n#@R zAi3C^qF0%sFm2wrdz0?U_>>2;%g7YCLm?uc0XtYXW-N4&B5ip{*Aur6XVj@-uv&VX z9eKAaEiFw(?hUw4hP88XV6@8C&HnKr-6Hc7@A;N^G5T+tnQ>CBEy(#ObtJgJzO)gS4%noad|h(3MlUOrb!YIr@@eoSG1 z4|_N*)G1>KE8o=y0MGvn zNNq+<{s3Sgpk<%MeXXbKE|6%?270C%DW0 zV!XAT<;nRWA5^WJ&)f`8oCV2L46V@ehAB+U)M@+8=}X`}biqVOr22(PtRS|5&#l?) z4Ze(|3!+I`rGNfZcC}vASVWQpaV?TQ06w9p!iCoW5{Y(d$;!$~=80r7M%MPt&UdoM zp_z%z3gws3p7je8#8I*A_+Bbub;CXKWcc+ynl%1LXQZPh9t7lKocyo9#oclVxRD}% zF>X`lG%iHP$8JZc*qoD8d=GmXm?=zq^ySs2+&#J7KuUXqFZWyrL-M5U)a^9FI~_<} zA#IQ8ef0C$4-F&?kIWy2k@$50&rhh9#TZ}=fl&J4&>AZjY2nVYVx|UnKmP~3zLnGh?(TeKdc(@e4t)dxr>p&)Wj8|+RpVvEpHHtJ{{F20 z&|g3Qo*QPI88|M)w^%$sJxa;T_W;A)7=T=;LL9$1YX>;^$0@j90}1&$7^C(9fI1A| z27&k3j0Z2^wPRNCSg^Xwkr9y8Cz1-1$|s<3a>IcZ-#%vW6b5ecCSS2?a6>&gIeG2R z-3m0y=Zq!k>xCdI5bz0Iu#?<4EDk%){PXU+czvL-`9tpa(o=|$4Mvzg#zhaO zj)PlQ$gpP1{K6FBBbUf^6gENPS@;JJEA)QOEzr6D)*%jrpPwy}EK?ptYJ%~sQ+kOD zZ^U)mo0K-4DtxdM-R}7VwB^(_$LMh{B&4-;tBE3n2JwLy=XFX%J*?xVZQ|ADo0DHC z>jU(awpOlXtU|I?(H}VW)577WCs?kht2V%|9#%g)cpE+0UE@=$-O}Y?Te*L-+y+^n>bq_(u zM^pm43$u6idSxFW64jyNo~=#DapZ~YRZe0`=w3lB!y({r#J+G);Ee$V@dhvxV1AoR zxar@Z7o58XA$VI!135KL#VH2|OaDSR^;a6*RlG!n84oV=@NEaoQSQ0|cKfWK^42zB zo}rQVf2ZhS1}sWdoA)KUFriS~*W_eM5&p$RabYxPLKBq&Hq7jufT13 zDn+T?P~;A{=8m=ddb6Ot5yZCir9Q@C(xq8gy!kbP+aP5pqebF^LXk!lXTA;@X69&_ zZkPc);~@?wsr9P>PfR?(sRB})UsF8{jvC4x%C}vXzRx1tmkQZzsAiDoU7)Mqh$EW$ z!KSy1e^kK_?$MCQ?4h6uJ;iDl2x%v6pF2aogmsrL!6nl_q?O$v=fxYHyWhP=bD*&W z5HSp8YtkCz`r8Jsb+fL#a!=pI{Hx1>+lxh1HJB;6TL)~8hXw&nOvTG-u&2EAG z)&I%UX?Cj+iP=IkFg#aGj-p2bCH=+PM6(}P9n(slcE9m$`!_S;4sx4*bQqjZF+!nXo9!J;l6NGK+VUZ-{Vv?29d5^~_+$Hc0M{n3FQyviGWpo85 z4Or)tEbE`X=FA&c6ZQtplllUh^qQykibwtkYT%3gNvkC4$b1P*K)LpmTwV_=uSN{U zH}GuMrAV{RNHy~#$!d@90(dq@B{~%1BycRC_@Ryg&n{f^-BUIKmZ#|Z$|P`Y)7F%n zrE!Py+tV(nU*?{5yw(w)3TR=vLpSCiyTAMMq{gRkeLZ}iMMF~#wesy$`@+%!72EBH z!Swve&b>HIc^SzA!3Dm6w=bK*kqt7UtPg3{W{jmB+0UlwbkX$vuXFL9@aDT@P$yuP zKq@Gxr&~usO&!T5$&f6G5)NE(lqQL;`WGch1!-|rKK2p0e-;ci`E%BTsG!~MAu9D} z^t}SiT0uzjJBK&TO>90PE{;Cx{hzywl3W*1k0;q;L$~mxmuIkq^+|l?I5hqyw^dj? zVvLKA>;4jzwTmN;5t>b&Wi~VgJ$!CRH3wy!wxZqF`na8;NY(985(VeHCcNrCk$>gr`Ep*X1g+qF|#ASdqcDT3sboRZ1Qe zg#E5bn=y@&H?1s|o)%@aqI}E`Y;0`bna4{o>S}=f&9X6bt|U^MDX`ZjXM!pbj-O4c zi6L0a(%u^TBS3z7Z`g4cFY<75J_0A&tW6-w_gt0IY|F_@I#cP)`R@NZYP*S9P2;{V zWN>9nD3-^@XN}aOyvPbIMB7WJ5ZLVxAKt|I9R-J-3?nLbB%}r3V?V%_SA2&_lr9!6 z)`V7&YT(FlU4$Fo-6O`qq24ik;40USTF)ztNI6VY;6pGoGn)#tChoE-G}onL+<=(} zr%P^?eeLaDBDx5M6#FkaNIp>k0+U|2H~17^x4r9nYcXZ?)Ln#*QO5C96;32q`XuNX zL`n26c(FT)MFp}|ja3KkNIQxO6a6RHWMru~-^D2)GBE4Wd<^{PCvj45-1FKAO^o~f zK(zg^m6cVOimag`GZKjuH3WG_abXG$luKkgh(ZW{m3$U6$+cVl?xD3;o!K)r3qO)x zA@UdKIz^6e{IZaC(sIMpOFO^n;yf)KLF`vDre%Io^e^pheNLYFJM-;v$m6K@WGjkP zikimUWVSOkEJ5eYIcACWA|*Er8d5-%op~6Sn-AOvPmwWr$JDZH+S_|&`2)R|3*Ruq zG`b;-BOH0&ZZCVh6=};=%eti~Ay}w={rWW-nT3Sj`G)~MdrPAK)#8Mo)SAo9X0jsK zAD0E-2d0om$hFMl-(~3jj3*0U*^MI=^!VD(-PHlfX@~ERGk@Zq+xCSXOFZP}DA}U= z?w;9k+>AR%Z?yepCmum+cn`+g^IKJc!S$N%L)*#6(;+AF-jz(J>rTVF8MS)7C}N8r z;aIK-8O^sMe4VwUoSE2;DO9;w4?yvONgA&1pv`R6dB&;z>m@B9o;4XJtjl_)jWqw zL3u@9hbi#|7?cafa;uB9@Z+A`jEs z7B|P_<-)y<6Ko0^9$Z3$vmXO5Kq^C|ZwN7_?LkH=bZc6!JCfe6XYMZw<#yRlDcx-u z?LNu1Y%oF%=RaW7$Y!zGU9#awEqrv+mJ=n!V(cO2rF^#kU-_IU zIz75Vze$z~EpJ77X3#_MRq-};Jq$1-5r{2(&Wb!g%8UYz*3~{w_qccd4f)HrGbYO^ zStlRN*Gm!=1DBYa5JLEy#RSliq6fzbKPOCXA1QRm?(+_sqJ17qa2;apgSScb-(PHL zpkbHn7`{<8C}Uw8#>Z!YFzhu%(!o8@eQYc+=vRDORTvML;0gn zWIIa1#9ALBBvkag;fMvLX;f=Jrl#*)s3qd{wTuo)o#WjMzl8wr?NH;#X2uDqBb!M` zq5W*VY%DYyls&{}c}GRxv*XlfbM$IMnUfG5rp}87`o54cMYi7NEgdK9H`sFaA%D#` zP0riN@2lOd%KOUxsyOYcHqlg+%*9JU`#Af<@--m)e~$8BRnV)W(69xt+#oXJIf*I45Tr0w+{cTIjS!deuD#MDc_&Hs(G z0HanHb6aLmmw+~TUL~K?EA{|1Sd{32)u*VVe5WuFLyb#H=bu~xz09wQT)&37a2dR# zCy}xk=b?%vm&(~MuRJw8_U2AlpGs~Q0*ynez}SMi?GKX&n-Ie&Po50rN;IY;F)!|6 zN(@mxj9;uIugYgHoJln;B>cR@{se_Y+eA8T>Z-z==nm@cUnJzDzG>6mfmMu!_iDZ2 zz8ZB;V@ZhKBu1D;7~l03Jvk%@%f-;$Z#^(EIpAxf_d(d`>i_F_Re0fgupR>Tg2LPn zQv(&^u#W~*F{K9Nh3$14)^-cC=mp#{{%41%yg5bkL4C(Wg$fM)rDdxL&E5@anq%nb z7c`8noyKEbyBDu>j_!vnCv)U8{1+F(r|v1z9c{li&6$kvL+#cDk82M%8fkZXS{6sr zGa3RrJ1lH=C?gW7;;G1K=IjjqMP)pl0Wtn{)!h*}(5!ixKX1Lwv@esR=z|t|u38SQ zX_+`op5~aAF=L~@>bWsDct@*!3T{Fkr+CchmUg3qgBaL+IPuE&k+oCkw3?=W$n<0)2 zv++`!Jc=~TdK_C1t=^6&Tv8%=PHK;#ltOVc;}|`+9xHWpmJM`482|N6F@8K1W*1a< zntZWnVK(GgoLe_;wMm!h1tL@REx4e(sB+dQAqdtDtU`oU+}xXcCK41P2{07VkZMlP0&ozbqRkfA zm=QcWEPMp|PB@#_UMS!JS5o%Yx+L*K$3;cux$m7jqx@xr+0BD_m33Lx2Q8qt|AUtr zH^}a#X=8tFlD}{li04YVIQA%{P@)~q$|amd4u#p|&OR7_%wJdy#pqzK9PTThi3<3; z{)*KjQygv{cU_*3BCYOEgK6#ssagNfF`#LXEv2z`+X}@g%(yjooWUhlf3Gh$sHz`j-y-S7ba^zS!*VkA)qAI0Rf=T+ zbhvkVeeu0&pk$2S;L{1J5a&8G@hvCb<>@xb{;yb^S^nji6f*FS^E>Uqq1Wan|8%2t z5h7i$N&QrmVUM2v2MGE*&9h$%GN<(~3M=c@VvKbJTs*Ci7&LW??3gIPQVEz|ohlL7 z5-wnkHSa}qSw?=j-&TX(+B7wt-8F1eIQ!j8zMtdJ((~C z0o95+`~E@gD7MK7KNYbl&8u_FNzS8_)n6eE5N)t&1yTLomZ#=7-7mTzXKa>d$YnEi zkC8AODW6z@*=ASz7j$jatTRC$W(|1Gqb4KaDvtUfz-(q>tmlCm^-Wo$Jy@xbC?Zpg zNVa|Eflw*ZXNoO$YbKxwPkA8UzJ1`}$n{)&Pj;g0*Vc|&;KkNT4dFTq^83F{M}>c$h-^rBu9=bAA} zaBz8c6Q6(F$`m>f!Uay@1Wp3+&^w6zdD5)HEz9(yv3xi{85OL`#Oh=d9=9 z>k>wKLgz#5J?=vZigAM}$;q#-UhLRkNAj1S*fI?F1qVJX&A`Xt-F5UL-3?WYK3T0& z+re}XNw0Wklg^S9U|80=5HrI`F(+cONgL{|*D!030C1k3;jHcs+#W2T=waee>XtA( z*!xMDU+rLtth56N&B%!w!Xh6IG7)(RT-b2AY&Bh*SjHtw1#bI1C(uU`gBJ@Cqe2V@xA|r&27#;Urh?#?oA#4imxTY2C!gOU;EY&!kMTy` z0GmORw5%0ore2gUai5Z!8WBRaV=&kk6d-q(KuhhxTU}e*GKhMZWq|Uc*5*%T;hm;` z%RX8u&UBW!EK5Jk_MHJkvrCv$3@SO)^ecow>1B|a#aK3H%djgs*d{DhT>rKI(Zfh2 zl0Vx_@2I)=aHf((9RMjiX6RyGC^t+*dw?|Ij=Ll%nbY!^IgY|_UF`U=$LTPE7Bw|C%Y$FQ1_4EO!_vxWM(52aLyU4vY- zClm!QCyUJ5p}bS?@Wmd{rp=|0)gjLu4Foh$`I2hO#OXW$}aIOEsJ62$kqvvGYb}<2JD>#7W z(=v=cMH^;2?MBgB3~{gbrt`$u@4}40JVxPJ&e72fkPZd}09(9)t^I1|g!fhmE1B68rz=8AJqeZDv<^A2i8!Z4>RxdIIwDGLFA zW8=K4p^V|JDl4ffXXL*fHTmX%@wQQ#;>i*DC&LJpHrCv*CL%Nr979I`(ZF7gp**|x z2=x(oQXx#=rt=a0S1d&A=5k8xGz<)w9f>*Vqz!d-A1M4xx_+#!85{8y-M93cqCcYl zK3jgWKWc|e-&}_4K&bGv>aab1;QpJ*`w@ob+N&+kKhU%{6mC3*qvF`NnScCokwl8U zi3pO5nb4YhT!!02d&0`DvXYe|pnoH6PAHQRlQ-<6&z#1D^MCI}eSUbRB}sCzwWu$} z#a%d)TgBjugI%aM1!#wcmFEmZ2tR{1QGJBjUpFQ)G#eAu;Re;@;~ZJjl1oQoJPPda zC#7k)+VAY&@EH4|tzhQm26`!M>T)LZveKu2jqNOr@a@4o59N*EdXn6rNIuI?g;kmo zF++6Cy^H_I)0gVY$p|+|W&lo0tHMQ}Hd)WfVVjiKZ)P0S&ZTR2B@^z(F9htrqXGPY zZe+kO_BUj`9ey1q+b*^Z^TeCfimp_BuWu`m!o}V!i+<2{Lyqzyr2dXjn`zBo5nX-% zupN+)>u1mlbXT$7>WE>(X%||3su(n0!nNPt-i~ZuXZTf=G>vK?mL*x@jO;3KtAGA~ zk4587p8HEu7|d>`W$I+AVI!8-s7xHO*4bx#>&YKh9sV*2Wc3X*yq5d`m>4} zKggQwE8FId zT2suoNxkVF$*e4L8cl(xt8Y|5v<~ zBGqL)CmE$ZS@pOL3fgJhH~(uloxy7>tA1G<>p;1R^A9Z-GFRuE-07b_Tf?5!4ji*R+6hFiPGcD~aGi^8dI1=051xS+$QsCt-<$?@ifO<`-t1^%$2mk0y+; z*#m}7V5cFf(}_!Y@nDPX-nNL|z8I9tWxw9H`e|=?9yz}`r-KH}4Xkm-@ zqEGzY_=63HE;-n@ObP>jfootzL?0a3#t%hHFM?U_dmp~%p)Z`J%?f;r^SfUZa4rEx zfxvw|pK<}TTJVNKJ~xgm`hr42!~o5~!hsNqdjhbt(dIyMVC4|zGcaJ!1;cOAQ!Sw~ zIb=uQ1&=Yq_+&kEbB!V-=v?h@_lBe&6GwlixqO3`{{`9P@Gz)h(5PXjFt|M8&kOdu z)wI#a3p!D+kB(X~PPlMM%~q%$?56~u8bH}EoV>d_j10%1Cg$qP%gYOpDXJdQmXUcK zC9!Vg`=@5)SgSWW#eFU>2s)}f-{MtlZJQnuQ8J(b&lIF2rdqToLvEwGESbc3^;E;C${rIdj7=Bin4NM)-2B%EyuF zHPxtcY&uUU)!k5>Mz27a?D!aFKAV>kxiig3lH-=;XcT5*QIw%dsr_3VsPA#(E2TUq zF%kVGeVLBy@?vpW-)%Xcn#510eg=LpXq2K}BDM)AAsNul6QJ6e`NxkyW=~~epNFmu zZQgx$u?h_nqTN0@VO8-~{`ZMeQ;CMV37~5?d15*SJS3?q2DQs`6@w&teT4C3dVXsLV@dN9w*uM#^2@H0eb!RNH%H)uh&~Ra ziUB?&wzv!FW*Izdh+M({7AwPVcyHzMv#L4U-ynYm;%2X2BfgGHOZp5jWwKH|9c8;dQ?^{28G9*tSy35hHWxmh&5obW`1dv5fAI^JiJjkA zz4Us;0t}!+ZoDtGHwcHY%EF_g#Y%_d0FyMorUo6z8pJ(45!{XzK3&wQYgV5*m|Bno zDSic)-4TI6~9=wPE>9hEgkN>@h z8%`=VuM6hv=_E{PUn`j-358{qk$CdRqMY~t>z&{AGL99`Z;0;S0DLnvR_FopfH2RO@Vt^}6t1H9(6%B0nYK?EkfXY6#3i8V_pd zm9?zG=4>T&eaI3LRABxTwRr1h;x#Pz5RC|Yq*(&4K@2)SkO0k!Qs4j4uDiF#=6J; z;W#F~y_%;?ZpeZEe&KGue*g588j;1hoA*W7bOQKyh9FiRm)oAOPMgT@)|FR)*l=pu zztg^4=J;x;jM&#;sm9JYQwaYz{ZOl^xi8yd z)EW@qi%j68ah#uG*zR(szQUegneqbEEHQ_YzzwEUI4pH;0VY!Vo~TKWOYQo9tu*;b zGTxlxcWGjn-E$mm`LT&eJC4Rnf>FIApJd&pb zkxx%yb@|LWIPl;6u=`8(^p$hpm7@3uTKI;W?eZr;z)woS&Tnj#3OL)?@NhYveg$$I zIAKwQL@!fZId^4ED~C>0sYShRJn6iV0{*R^rUpq`*#NcnrIqECzLezcWeC`5i>HvgP*^}yMFWZ#v^CO3XOy$Od+cUxHl>60JOzXhdX_^ zN{fEQS)GiWTpna=wH%Wo6Au9uC89@LNm*T9O&%0$HEY$};p|Tb;RSnY4t(ZNBwl29 z1>7*83jHR|xtAICI&sf`JM3%vCu%Fty?f_}x>8)> zL%Pm90)8%frE9HW5)do{uZ5>(`aZJ#J?4Z?04`^LI^3S%E3Vl#`|cjxU>)yP(J-G< zXoc&aM@M|+FJiNYmOWDBBpp2#kNTZ7d*x)r)_*0bt^?g6;q4R^3RR4^+q{ch_7l2p z#rG;)5~=IQ@~L+amoY>wIllKXpCco2NEhvE^9vdwm>MubLSE4@(_<9=mD|$n?x7NK zU~Eb$Pe?AMa*4_y}j3f)Q`d{H>T)xVKe8{FR1Ewy@Te(?Y z)R$9fh#NER$U*v=R$CRqReLytoZXuTTefaTmdB%TLuiuBVs*{lm6S<6)}swOM4ejZ zfXTz7V0O!@FaADV=VSK||y!yqa;vHZrd`Op4h`!59sbBab02-~& zVrTbMt0FJ66t-n05idJgFB*}oxtZHyrcxf^Y<_q9ZtdZHZNsrVX8D>Xni5sc-*bD8 zCKH{`rbX#!l{2}2_C(@`X$x}bhsC5Zb-$hdU}mJ@tQzFg?_WP8*56#<7I&0k0QyMt(XT<&#R|oTx|;n6 zD^`!#>StoZ!ZRVlaogK4C-~9W#IXeWr!fSuz&Mc>@3-X?vP8bL!214-IeplKats2- zQ3n{!h1}eD)R#o0y)a&|ivNRbWB;v7@2N~O0Y^6huUBY^LYFPy(=M{zQwfVEK50(+ zI&J#Q;pi+aP)>BU;pU4QbOEoz%VHPa2{c#tuUKB}s1}pIj$Fu#yO8}Vm`6nSx>60t znpVqcLK@1feZ2|gu(w0_sUSnP7hijC=l5(=wP7P*=kxHi*ouU4Z1xq?>$SIE7NmI6 z*!h>l>emmhgYkIhCHKPX=+J(O(uGAkE}&X6*g-ni`q0!B$#BBg2C*@;RWZXZCa}1y z=g3Di)$z6B2xeb9nqYUgd@R?*y}P>`0p}(n;`NyS)u$|;%_NM|UV=(;US2K6Ju=be zKuTKhPe`%p_|y}*sty-;$AinXU1Hna`R=HskKqo3Fd_yY;H0QYVqqp9A^EZk`S~He z3VOf5HJc|FF%OMoeECARfSe9f0t|~jDR6$zR{fG`gE+W(Wvp0@#fsgVYg1J^tNkc7 zo^TysW&PGgD{GaO{!>Gvh|l(=$7;PsQ}O&?SIH$aRS3Q0DS)873F0m{0n} z2Qqsysg?7h%_`T7^*d_58PC_t{;}2E(Lsy)$(wq`6R!swew{jOxmTwWMrai8^XV=7 zvhJ!K9WU^=R%w^hFf&(<;Eu|Qn7hqbwOKCbvh%s@(D}7o9WOI?cqxn!XL{|0r=5@d z{Z2bvw-6q@eIe39&aeE!T6vHza znWA@Z)y*?*aNI_KxFyr_e41zHU{h{_LFTO*cP!3VG19DMqKBUrD>BEV?LTl`K64W& z*}IZ28oyVOTTvq;Q}#?^F!1*SbDnzF_uuYQv^Q51QT)ZI6k2gIxDJCA958j@6MN8H z__LTGf6rwyrOs-DEYj?;h>_z`=Mm3RQNh|KjIwhFF72hc?7y2L5~b=p=vD@#%WclveSX%DN*8Y%D%MV zzYo)G$vn9>=;#asul8h8Dpf?iI1Y3GG<$bNtX*HMnEk2gqj2Du=_ed*5sQE^)4&nK z;1SEf5z|nO(vT&~;25*%#(oyJEY<@i>Q*M4Wpt5+O~(#(txpjkkXo0?V}YqL3)zyh zRm>&dVsvR|sf`*4GL@B-0$LXy8;_ou`tntaf|~^;CcVM4{A}!&79Rh9qqt8mvs<%v zoYt>l)T4@B%63o<1(p0O-9ZLekzxYu?@7*7F#OL`bQdBbe+ix36WNKQ^EB7pHw+C8 z?LCj@$u_uCHh|~)GJ~peygHbJ`aIF)xac~wIxfrH^M%u<+ug;c*k%oAkN_erx=JQG z@-~i9pI6EBSE%pi&fHt($rf)c~Om@P=L6(-vE{n@fg90xLu^KRHSf}FiD&0`L8s-Hyl65>h>ZJHA{OFzUBzX6N# z;(L2r7}G9rXzYGOk(1EZXVvY+Oe(&HLD%Wb`~v&2RIdAnJ+!O}8xl4m63nso8v!@| zR+wD{xCJb%6HWS68m3@DVU(*ps99OrRR-pu+B_tCZ%P5IkUt*?MI>Yhy{?61OnoiZ zn!CCPb$QMRhtf`UOa7X?Z!3254W}^=OUDJXsv)I0J;Q(3Gwm(@hk9KBUs1NZSAgw` zfBuw>CHdj&_4D@*#A1z(k{KG}VD35@GEoDM*|ybC0v6{DDYQy=VDE=m+6=S%MwO#l6f5#BHnbb2M#t(Iso7kECBH4qKo-+#c)a1CT#viQlaym@qMdo- z=z_o0OTw1M<d)bZLx+N$ zXY0>Zwu#K6r|-cKE@I2(xI(fs?GwP`F4XL@kI)uFxu{FSG|(f@trz5d)I|N^jC`-n z@();w9=I<{F={AD@72hEOVOgu8FfOUAje;)H#VfQeD1iTfH~r1Ga8SDASp|Z4z=Qa zVEajxH*har2j;}TMzZ+FfFcjg;Rt0M10B7}?NHlF8s&Y7s{jUqGjjZewX7G4kudY`Gk`k;e|O8)l8E1jfAcP`tXBRFD|OP7Q$M9q0%KD37Fv&gBD ze-kuQZLx!Ei3AHiQ;k&q=4-+Q2mTc!Wq&@awRGei$oxCqlN2_#7l(EJd;Pki<;>ZT zzU^onq8PfW8ycCuR^v5};Bd;a(cA?u(hpmggV{H%tkrpwI-;F^0-Tr1z?qJ!@s#Xh z*K#Zs-poJ$cLHgf@~)1`$Eg|-}2gIK#)vVuU^zJXiJw74jym(01mZgkza9)n?aXg>TUL_UKn+~Wcy%OMQ% zp(wssCPJKyFA8#erS~-W%~WIZ*v{r+PY_h62`yu*fT=e7UF5C`vD*I`GM{$h zdnnZI^lhBbsV6SK8#KEOyBsC$+jjf{_I3{5X_$<~=)-$Dr`9NG6#43|hm`+4q{81p zxmIO$T98ozF;R$TzhQAx+^-4l8YNO}R8H_|>A2%&6!GM7IGt0Z86}Mb7-(uA zR{*0-36j@PDr;0eH0T#0VR}%s=0j$gOTbq-;;W$d8kpU8fPB&@x5IfOAcgE|R*3Th zuA-4h&A`*J1Nbq`1}`Wp&cu^$D>X^aTs^Q+(=9Mj^y257dN}1Qgl=pu=N?Ln<;qIq z=(RYbD=L9PGSXJZ)f1*GSzIJxj+s2@75wPC4ae(-=&ef_f-e$Q2V-&el%Pf1DiP}jIAOscS zMK1}s8bKQyrpm?BGj#OyXc!-9Ff=1oz8!QfKiJaRw^~*iQ;9~V{Ztz|JT-RD#Y({? zLcid%W&RE^ARBizZ`yq&2>T^Xa~9hlvAh$+a{alTh4pZyt;%#p&TMJuZ1%-?ZSM#5 zwHuQn?UIGyqDsAa>}?NOf+%g%qQ}e!U8hb|)>r;Ztfz&{w}t3J+kP%Hj2h~LLJ7M- z3)?5^I17~Cj@k1q?hc&KswyfSs991)!l=GV5&Fu=PmCWrgq~Z>JUsMxxhP-}#$^Ws z-u#6yDWzk(2>otbC->f_rlaveu>1H9&EEU%iy>%Ky9ZJVvjIZv;HMZO_R~LND0H6p z---maN3y@8s+WW3ULo;~&QRfhmv1=1pD303nK7RZH>2iSnYUWz6~r8bVC?GC;z;LapmmTqG+$2<*HxQB8;R^T zv$I_MZ<1I^yOriLL)((aOk(3&AO_G+_sSxWND1#2Bx0iU?zhN+XEFu5s|ye0d|m8= z+cJJY^g7*wt#wvgGafqHehaNwPTyP9?G``@i|RTK-Pl3T_-fkj)lm8KV!(TWX6(<> z!B)G3-Nz4*jv8dNyx17ji?Ig>x;u5+m{>=BQFs#>X4#f|qIsJSbCW){;ZNWjAXE&p zqW$ZQ-B+U8Jk}GCAjgTAJ}1bTw_*2^$`bJ-_tX-&;IA${&FJ&@`h5vo?yWC(bHCQg zdw}Fm#ZGMF;DW6vOtqxgk=4?|W5AAdbWbg};z31lwm%rMlsBkv!L(x^T4Sro=|WbN zCZ2B-6w0YU(Y-~ATSAs*rE)r0%C_laB|^t^5Z~UIA~h%+CI{z1;Z8D20o>~$Eht9* zVpM0tDs z72v3Qu$&I@5Kc+NCVSg8t|sa-w2+sMbUQr-2u?OOh?vb0j*3UNbHFi^dm`0?d-RE+ zqB7;$I+CNOKnVlwyHbtb*VBI&^gUvTV!8)>Jm_Rr!xcY$95ndTLbP_jKwuC`$%p}) zgn}v?x9vY`ciDlJ9W{H@ zW@wd+P(DT>aJKXP=+a~5ht?_$b69yR6tcR>1i{LMhtV*zh?6}sod7=1T4JfLE7##G zbUuh5&N+tuQ_CqZ@wAOqmD?J>iz-n4cR9XB^FO}Nx1X!S~c zqREy|F}cCplXc9PDg4#Nvk_6I+`@csPJuVX)rP6S`~*as zIyv&vkCr7gxUE2AI5vzSsaO<;+uoE(fJQca+pY#-)jKZDIRZH;3|dglbvEzh7=C+P z8Uh3PNy_Ky3~gdY&QUcTl$D3=pW>q1LU~KP|F6Bbj*9Yo-$nsxq?JLW1QC@~LOP@c zDFLNJ=@jYi5Rp=lMkxVlh8|i$nh_Yf5e67~=s0`S_x*m)yVhCftabkVeg5*Z9-f)! z*?Z5u_kG>heO*N|tA=E>PlzcNotf+GZ{Bv>z?Cth;%}nACo#9_+-47L)zNsrdxmpu zV=6R=!CO7f60e@o*j&2wF8;>HfS!BtUAlt33R8i(I60N^y+pxkQV0j}xcIcUX~Cio zd{6kezP~MdU!>zp#F4;K#RqD&TD&&w9GF5(vSW;;+x&FT!v|ksH!fc_#2U|25}?)1 z;GO|$Q6pd6ZN(F}%IDX}$rrX7L=m7yVPOqa zvtpr@;EGzs9uO>u`nLV8-EUOaGEz2RXl%He=Yv+gQ&}&5`SMH;hdeS=7S zND1DXr(zOS?C-79Z%Z87RNYPGB@m1uDqe_Id~5oxz$-;>X>xe)6Hox|;&BF5WCBi~ zI{`fd0}v_h4~eO%H}{*acMCn;QGM2veb0(4XJBNK%%r2|vOPnh^EsQxo=4W}hOF0P zpZ97__-R8rqnj$|^A>P!)1nnoGo(Lig_bU0_;Q}+W$bPNzbLL)`jOEue{}kI4F?0R zH5IA}ZYn!K%%1y4jBP9rT8Z(lLRW_>2_~w3w#D9JH`&V*@BmGmIJZO>GC|cxR&23d zDhn5BYVu`+#pB-z2(`Pf>f_{TOFujF?nyXAwFW{XbN&EHmIM(@g8Yy{53c{Z9kkCO z(e-1ZK@=1dTAYCsAn#GQ$tUJdQa~&Ph=voFHk}mS&HOR3(n)Njz0*~`;V7r2s5qaxS~$B36;vhz>jZRO}^`x9^e4%E8BpDW&#?t+e8K~ zM~Qw%WiC`VM-JvThH6LPJ;w?wIW@)%`{ z8a<~y-z6WLs3~M=GwoxlZAcsR6yx2P!immhO{)`j`fk~xuR&HSjPF!e_@sEqi!l>t zaMx&=&lqo%L8qhim|_R72v6$JD}8mOlH3cu8TB+(XE8C=u>}u^X|8FptcgR{lw}{( zMMlIi!y;)p8pI#|VOAy{yM3x>U@{)UXLl(x>62i$IMWKe9Yqu7^;jj{A!}@{^~2u6 z;63OCu6d7}{)6A=c6MoFln><548Ltl6Mw9ckSD(*Si;`L2rq;W13{jscpI?@AW9zN z0p=X!VGi@o7)g}ZWoG~>#C_op?7L-&SVv{pDcE`0yZlx^hf6(j5Awj-25_fJri3BA z3UG5~o>H@B*a8H^Ptc_Ea)$@x?Ure;!y?pjM$#eJfUXyA$mlix$lCJD=lFOk4Q{2r z;&SKriZiu_P7bpXyN4MeNjsT(&Apr9gcd>OamUkEkI!l$S&k#sYZS#5c{Im@-^DP! zYf{I+cb(&ae3R=8qnF)lXquXE_k_3{l|OY)vFCM+ZR za=eA1vVs?$O_}lV9*0jqbJY2HCdwvwF!;lu2@CGVz;h34BrGz+eQ} zJ+;#g(yTo6Kw*OOKzP%Au`@;i*yX$i2}3X=Hhpu6?`U&~`OA^UdrLzvQrdPd!t769 zAAe&it9~xd3_D=Po%H9zqqmllx6I-%?KV?Y7QPf>2!LLT5XFTf5$tA8Vp6)458eH+ zpY_l3(z+-rDLuBZ5dEa$HTLa0=zu3M0dkA0=1W<{g$PpRZs*la_sknn+}7ye{oID)+9TMNv4;f-xJYcf zySVjL%tMdmvS1!NW~So#Y!Rck1oeszH^zg3P0QS*W3wDcj2>9_(__P}bx%NgvJE6m z-dci)Vq=O2JlR$Az}bR81CUC&SHqVC*)6HC#e^6@-k;sDRxk8GnTskPh2V@6X#gF(wcUy*Spm>U_IRg2Dn;d zHI7X6?pxdkcLakhfn8#T$AanU6CE8IDr)Lbb_%Xdog(cQRmgj?5RV{lqg~3hUqSsO zQa@m)diJpw05c@A6+(J#!493KUUw2v^!KP3nK_eB0_FU&vOTi^<_zzA9<6YGayov( z(9lrV&B~ld23%9Sgb>4MWT!*T%byj{+P!x37yiAvf$mTrqB#e=s!jZ*4V;De!WLoa z`W`YZiX8UmhBzk`&E8^ziS!*NTY6*efFR&`uimA&yS>7-N2KxcLTuig#-=H_CDJj2 zedH@oUwd656TmGKlccpY{}zF2MqcVaxJ+@Qg|`Mp6Byq8x*g%Me_{ro4qyA6|J`~> zJlik!qLZ6L9@aoUxrGXPVXfroG%z&sC$=e%mb{Vmv^V{f z4qq@oz8J_1U;|)#2BB)Yhj)BR54Ug zm|^E-rufuw2~{hI_wyM9JUE`nl}Qf59P8-ca!kd8tP1b1(MiRggHj3+#O=~I)FcfO zyZ_sBJ`_?0cvsjho|MSR$|DILQlg9XZf}j7Ilt^BK-J;JUh~lcNx9{*)Cu4Wa!ZNu zQ2yaoXJsZO?K7J#Hp!Em0_1XS%5vPjR%)gxOI(q|D&e=TMrW-?vPdv^Oug5bsNC>4C z)oUwkZr-Xe>zMK#^KHgO2J$8{rw1ej02Lt~2n~x~GgAJEvS30xB|oNlx2+f^sF-ga zMPRPikc>*FVX-h>`TWUY!^JErJT18vXJNDc!Tw&Bg`JD=@DU|qf6Y=2!(`GnhH zh*noFYtsFp73I?|PL9L3c^$y(MT9k`Q^%x_rkJOqtcCN<({Ay;6Ifx?_BQ@(Nm2BK z_w`gexg_V~*R(%moa7vt>%Z}3$^$WykX%?fbGk{Ir#Rt69R!}9aZ7Cf8p{~F@6-w{ zen(GO{lU08_0&l2*ZD++O3pAZ{GS6n9r53rv)wZ{yLj$??>+9>iRQb0KsG)1FnNAx z5XVTN_g!hTB+Zq2Hz_@x>xybySX$Sxr{4H5Pg9XZ58=ROuzbxa;cu(wzcH2z*{ajf z@SG31a(Jy&dF$Sx&`;BCxX{m`(@d`%aPb0Km z@<%xkunnbzGF^7}l;9F!E~ zCi}~hU(UmCV8NR5R{FN0uzhJ_;rLzChIperQ2}rttHpSeYDhbMQoy^4blNGM;Li#* z3Iip@p92XTVQ8{ME@Q5>f{STbm#V#;NhJDj|NHTD zCd9GSHs;cWm`BmLqLQk8c04MWTq%~Z3(&_bIfWMCwoD?Q3O+e(2fipoR;U&|x3RH7 zmvJW*_51mfZ?|+?dRUP+ ziSm0M@<52rl&BN*b{)e`w>4YW(ZmC+M(P(Ul9!aP@G1xJ8?aKIFt);n##SCV&IBd% z&325HKPQ>s4X!en{7VpSz$k+)DTLdRnztMKyc3yYj1FU#s%2$=diTZ8cya2j0KfpW&N=R96s zbsmkcMydf$atw$)PD&EgZvV0m0m&*#NrPEz_V61yJTtnHl@?p_txJsXc*Yi+CDZV5 z?MqoD?8ebAF@qmJY?kz{()YK!MyVDCwrbb$5Ej*4|2W%7^m2>Zv>TkF%dYk9K+cmp0i3gACfJCHdZI$xfmuK5oRaU(2KM z1ZFa@vGO;Ps`SoRfgs)emWnW8yDB{^s0i&~milyf*jI7-Ts%aq?8#lB$+bFBN2;kwMSjZgswpu>^7xwMMJ+8|GU+rs^QtL{miLjU&jV}R7ycc6EL7|_*^+o|hJQH~P%kbdC#RLK_Kgg)#OzRS zw*80}HHGT5p(@&~hTBm)5zg)w2{(v{cDigbLnUC|*>6_fclFxgCH#EX)~5Mw)(y*l zgIius7q4H$8VkQFO0MxcE<=$#z0JOp$zra6c$=LL2XWNf?E%TuGN*a+u09TVz|fd4 z(|@qB@$B{Y<)pW7v2AQ^h9JjO@`{oJ1)-QNe@SGhRX z=z@vp5}%5|?K2)P=>k1DOkObLq8v?=to8c`R37RpU#ad)@N^;Pz2Pz@^yQQg?w zGv4eM7Z>h4J`g^goHg1yL9P7Ub83Pj^tQHq5A{x)^X!=f1ty()icOTS8nAqO^66xA zn7Pn$AcGpWvFRnCR6nUcwn!Z-Gvye|lD^XJ77V=MboV-$Cf~(agm4j7TKL+$SwTiU zoVGvMP+J+u8pz;7Sol5sC2=%2D`%CaKGYac$6LgwmUbon@+s!E#^xBWCM&_l; zLQlSpdK^&kKquDkF|bT0JYub2gUYiCc(W3Jf1>lzqaa70xb%aiXOobi5{`ro(mN8?x#p8@6km(LA-i=QTojf8PR-=Wu_Wn2@E8bFFbO~^`%Aj=PaHjcREh1Tmj zLF@DTe0&<-r{qLF`Z;IXdm=|E!G2@xwRC{{`snoU-gN3FS$MuX(@hZo-Yn~ z&Y{3e-_vo-$j-A(G#<+svkX~EIo8hK@jgMW*d1(m3VQs^wflKX=9^^<xb{L!UgYg~oU77j!qgXBKkfID5Enf=PPaP4agDlX$o2uorS|&&=v>N_H+3 z^pE_)Jlv2lkIoi%%th>{458Ow#P+MUUogY@Q)=dy*6iQ%u;v1LVW4N>4QiY5)A zHC3h_*wX4{&X9zU?-`Nsyox$N*+!v_ISJ1KgR7E!JwAyuf&SVg^{+q426i;510twz z!CBpmdbQPxhrrZ*dRa;A%5GFR7kYxgmPBN}W>wzCJP7|onzx*yuKrf?hWRbcd;Jab z9d0O5M7(FD3)kzdq3m!p@|S2DR%z}IFd~Ekv80eo#8!b}L8o%>g?vuu1}tJdLoYin z1x6We!B(i+sMSX5T8iseBDxSpGlyBoR#v>%UI<;>rLe%!rR3QWxe>=$y7i^R(PRXp*gXeF#!4CD7j8h?N507Iy%g`@&8A zM*vvY9MIwmAW&4IzC(HQIm)s6JB|Jr0Pq|+N@~r*FYdAi9z z!G^m=pe3}10oVo}00j9r47$CatmqH=x$HrM8PDxYmc`sy;y5Kk!j8EW@RtZ6n?!{_ z0>ok^Y5Jv$tee0%OoARG5y>qEx3SiehD{L=D88NpwU8QMe)#6X5qJ()_6bh*_Dh`F z>4PIFaj9C|jURKfdK+jn1+MBJvH1QSbGg9!(xc!#&+aI0Tt*TtlH^vbUbaRKj7zTG zVmL;0Q|J`Yd|?hmj7*PoR)KD#MXFte62%G_YQLkjpDaR*vv_m9Cf#k~C&2eI)GxREFHa8+ zn=hwF4c!ezfxGBqMz26e!!78jUQhL;gD6H=)vgqFK)k#vcL8iDs{x|i4I16ZPnUW8 zZ%B;C8&)g>?b~Wl{cQn0&ev6g&UcfV>FsDAn1!70=SxB*&*sUi*9wa!9yK5LnFKc# z*DojPPhbDSa$4X;=C5sKH_gO&({Y_$yZHj$Abf8pnOyJZT&# z7dryCo<~G(eJ&7JWX9XJ-{p{k@)D^exhhh*ss10@fW(2IHk-A{KF;2XM$^ zW~h9&qBmchg#84+C|G;Ic-o=T|7?+|ddj&c*#a&g>I=MJCqV8?;gdVQ4wz8`V7H=% z&w|C}23KOoqbzics%}&jM{9|K(nc_?q1(7QDuVSrVcX@GC~jiqRkkkz-sfj~0|cLa zMzo)YCVO*-!$i{^2YIlM~B1m`=1VPn}kHnwgvkgDLSreRMVSO3R8Xg+zYy-@!S&F)yU8qzHB)B>dfUVr$7yEoA>VL zRxDC4MJZ-Di8W1pPfnNHXQOSwF_U0kt6a-D(7;V-AH+?n6U`thD8>PJ&{qdKbuH7c z<8O|>cu6`5+@#yH(s7&c%bHH7x5A|Piv@?Irope&fn0n))*gl)C9%66cQhLC8Gq;k zESeBYm7u2O+}3shgaKa_r8dlL+mUOdaZDqs_(4u9(*utJ5!c&Bg^N**0@67vZ1N|M z33EoRu30j41L9#t$` zWibww^Z|1=KLdVUll_vHXUy?z8?M&LMMfonBNSAeyH;t@R{?BkStG0>*Fn_*FOGY@ z(1i*~#~C|_V0&Ex@#bnxS{+e=ZH@!|=eCU(iKRwIP=6zyMP)9imIo5?&Q%|+!%(@r z2|CltuIs#L<*r+b=Oy8$oSm9#Y`JjaO4b%3!X@$;k!~|GS6sD?m8m>k_;LoNlScQ2 z!0;KWaHQIdd=%c(->^#{l+J;`Id3N^#i1UH&nX$$#y;U&rCWX05C^%K)m%~ge5~;UhaZkH4N}833du}U-lW;>b&^!f@fS$vv3@h{a&P-UpY_rm7&-1 zXm2%{;|aRdpWz}ec#yyS+YRSspgO#ci~VhRJ0&pD>7&U=?u`wV9NXVdgLDyql|!32 zijg+4f9q0=I~ad7iU5KH4uIQfn~HXTu^R@HNS+MEJf;EDL4kmy6A@c}hoYhYoo?Ut zC&j%7KjX-~On98PgUe zt4rW@d)0eL;6>i}x*hLR7DIg%mlx)slM^L6d#vj5yW%>hmm5&fVA9F6(pMI&&GoY3 zcx%xOb(XV_POPnQhqA+=xpMZh2V$e`7bU-ST`xy%G9jWi(3&-**fFc<-WRqv#ce~P z-C!3$tJW>-ks(l8VR5rd_l#KF3N511k5B|7xxVWu>G0hVJE8*F`h##=Yj@>1 zzcwQFkR&&*!_f_wJ1_X+N^~!P;%=yqC|Jp~gLY{Lxt2l3uFslMOl^y1QbKzy;N}Sy zXaVXH^UK2E3;m+2dPY=4RHS-eN|Sy2&VE`DxsB(WU(ofc(~-Ko;zLfHmWVLJqdazh zX0rvdOoo2>X`@z4=I|>ktvbO9FB-qh%1Rr9Iy4`N^}KHKtEnb^RyP z+TsYAm5ISh-`D1mx03eOzYDH`yH_FR(BJM+x**Y^2?b5+&9XjRTl5R{m2pWvog4C-gT=M2=3Qbdqc zhZH4#;$T8?e6&g&93k;wj4OfIM`FRwY`3MnX9Y+O+emmqbl0laipQN`Ekz|M*w2qs zc7ELtw6ng*yx3>|wNV%HBdKXWm!g?YC3bA|p+O`GaHY%e<{J7)F-X#Eai&d>4n)K^ zBlaIN`98Fj&H{1Os*I{r#6Y9x7j(rSsfqS;`_%1P{U{gvx*;1n`pcRtHETD2GKyzwz~UPY>`980$b8N z85Jv>LFj=z_1}?4YjSfbAOfF?45GjmO?D~{4N+NmcA8rmJn5pYC-{u3d}1_E**iGRJ6>_t*XRpO#$(#DXT zuUm`$x|ec}ZGbdGSz@=vg1+FoBi+~7uF-(Ni^#YV(al=cVSV;)TP&F*5r5c*Wu_Y( zZpd|x==D=zF=V~0Puj}q93vKJ>IVl6IsI%d4iP5}W3?`B(k|<$cSaFV+@@uf`u=A1 zo1ZOp7YuNWCk^(^zDY}yw%v=yZ^5w3W91i&2TJ;L2cIy5drnmkDvFbkc6ALpSCR0n zjDr^2WZ34fJ)@DL?u)+m-Y5o7yAo$TwF@h?9Lq`cep9xf+?9Z}BG>9r*?NmHfr!%U z?sT}rmqpP-q5;*-1%_6>wI$V+PtfJuydf>0Eob6N;SHY1ff6G=%l@?H<_7&52h+^@rpcL#UNLhY z&UAoK}FT4 zr<848=%q3G=Bqy)Zv*HtY`;M}9+;?C_hm&r$q0`Aj+@RGXQ-!<9VpQE0g6s{u~!=+ zsjpttIxZ~q-+Q=creM@ilrobbIYEsaXMcrmkgcumuue2cx8hrYC*6|FhUv)i; zvxX9{!PIL&i>`Lj^Q!2);@PNdBO_I#v-R)qcg2in5%0!2Hz@hHgzjF_fHoh7Ye%yeOU<$_c3HdDiH$_f+A487|7wvE_=%96)C2 zN|eHFQP^+5=SUalC>%BO-EQ4kbVn2N?PJeyLZ)j(PGaPm9Wjx!eZ$a&E9@-K>ra~1 z*zuX&zY6R|r1Bh#E_Xt!`>o_+s^LiZ4Kb>niGwfTM~;^-VK_NgmHRaF$w+|ddb=yz z=A>wj&ZIR3(kO#M(v2B@e)RCZvY6{bXn@*(qaX7>2PQ1CD;Ztp(yEKz(F+5ClBdVJ zfAe}dwTmv<`u+@X>X$uQdz)Bkn`qGU%ayqV|IB5u2pKmQPERr!=rN&%==^}JU?lO8Y<&`YM+`%Ri)7QgZYm52Gxw~rhUQL=bWT3w zl`4`Z)|P(|3>fO-J>%Pn0=5|pn}zngDcFd>kM;WuuD&q2(=OK+C5hiH{Sne1MG*2V zhHd&+!nnv0BY`gV44OslX3*wzAP=2E#ROj1_vnEL2j+!a{=P7NT!z=xLGGjXSUeYK zv+yJ<f`Q9v}HO0$(3P36d1kgyi`_|4`z+Bt9gP&?-UOg zes*mr{y`wR+RB|r*o^M4#Mf&PN+R%V%^#vML#B0yxBdm?*^pd7S>#NtVRp25B?%md*Ey~yb&!T z#G&rFkc*>w_cQTP9c~vXXWJh*s73v5mDQQXUDd;607cZ({{My|vdQ|1wK6;k0;r#S z#qs0DcD@qz7ggcCM$9GR=D$iIZ6Wc!LvpTu17%c6o9OB zKp6rCMGdIVw;cchFx8Kgi%-itmEZM774osb?#3@AL}B8Z&B1SCd@3HP01qYByW5qH zlHM3Fp;1xcWZ+aWFQPE%2ofolUn7C zk-V@6{HJ#?P|``i&-x?PEGCII8KP||>!oq~Cp!dlz#ZP`yMFbyd=5JuW}Pu?{evXS zPg$vvDaSKzllChO%YZaQJ}VBm4`xTHO`d+Oc#tu`^S1*EcW$7aBmBk@#Mo!(J)jBw zI{bw`w9N4Qfk`oVgE4HjaX_`QrrH3xel>XR@A#y2*P1>yjq2HsgU_}E;6frMTkXG_t4WNrn~xfGI^a?)AF? zh-s3}_8Vo$-h4Qd1CSqkTMS0F8e~tCU2&`^APoZrr1>c$zhm=Merx#I^5#mqdxkZI z6w4Xl;8X(j=AW1b`38{Ew#9obmu}_S-tmWy=u|Gg7wxaQcF{_}R0T4!+aYiLp80|_ zdHAag`+-L!ogaiFMsbTp%3+KC?_8h^w45L;;>EOChTAB|f4{`2X(oG=(tyw2kDHET z0DGdxJ&IT6wniAdd3uDbUk8D=UznXUlnI~@pedpcgGd}C+1_b{DoXBlu?Bm9;`O>c z#v2XelSAk|oyq0y4*;@Y3gFm?u>Yv7L&UfHB>Tn*sKAcL-jdk>&IVA|QC;@6!ANnV zFJZIayIJ84gt3#N3IHeo@VqGG`c$Z*8V9}=#OHMKUtj`b-6M`1S2+PJIlEN*Y9hXQ zpifgr$|Nxbm_*P^r)09EKii?o5fD1K?uW4r-~wP8NrX#Z;a1J8pLE(fb3H%+Mu8>n zUE4Z#Ll$2E^_1u3xT#FITC;b}AhVn`$eaM1N-Xi9#n%mcf&=_s5qqnCq`M>3T+WHGE<)4RiT zdfmIRqraI0t&rm$%6RCO^7r@aCc;}w8JD4siKlMWm?+k+T=ji3=0NsD4q|vM5o#M* zXHf~3zD~nRhPMjessjD%5cKBsWWUhjRejeHZ4{X0D&W+C0Cf8h-n|*Gx>H8)4a&p< zj!a-rH3^8iD8Tiq2AYOrx5DYo0E|)H$>?ntn7j|@AAT3RZjoN7@R;+r;znjGvmZ~u z^gWL87Jd3}`WR@ZA{5o`Vx~{@zori$3X%rOQ-1uwq#EWX zhcL$rGM=Htw~{Vv4XOs2!fz~u0u96Ktdko;8Z5fm4$$KQM2BjU=lnhy#mj6v;to@_ zP85cKyR~weaNCkiE5rn8^3mficanpp{3 zpF9UZW|cQ_5xpPxRdY7JKO4N(Lq!pdf)D4n0*il5Jesg#odnoy`|c44R-(Oc-O+Go zkG|^J*PRTeI!&Ox%CN73>M)<4=cAJp*@Q<7ew{x#k*{9kFS z9g7*8C7o6(M>GbT2h{|&tdRc?ACDEcDTd!zb&4s3IUKb|vG2N8VV z(@pW;s=bOu#SD+cmaX5T-G*;^gP&CGJULGWXD8W0E`2}xE?%4wdEwIdt$$~H$R;!LzFH>02VIu+*_=3 zSLjrvWZ`m5AtKD9pgtUYrB|1ApEZA)2u&sCgQQxnW1pK3v@w^8mX;>4y@U#l#w^-PB`m z^11FCE8MST26aLWP$zUbA#GLt{O7N+0u8{UyqRZt03IvwF(Ck(TNUqk5)C2&#_NR{ zXNmx+WAGDz zp9yL)w=e^Tg|keZ)y$nK%!au`Du??S{B!Q3G$@?h|P2I7AP;(u1epP2DKKaKy#7_qir z_b2*;(DYRzFqK>Q^U24YFifnYrvyg~=R0|Sg5=*Q^*3HlfhhUe zffXmhMWMgr+TXbPpDPimSS;cWmm1#x=LIKOa4hLc{)F>4PX6b^UQEiIJbD8p)LM*N@W{Ci8sQ>-|~n#-@^ u|K|lEmH=>GzgTaAhU literal 615437 zcmYhjN6!4p*B*9l7{&(y+JK?y1?0i^2Xh!Q=gelB2+f>xGYvfVX1oV)z<`&bU8wlG z5^UgoJ1|rgt4?^%b58aDX`9l2{15-zfB5UKzy6~l^X^}N{V()ifBnz@@4x-8;E1DK z|2KI1pEg%w|N6iFpa1k<|N6Io`#*Le+J~!b`r@y@QSP5leU|;p1!GY1&-LG`82@`i_`e{~z<)Nr zSu^g_R{xE%;JY&JMGxM=Veo2s;3We8F!Wzw{J)U@JNU@Vb6rSAaLE$hzshC11biznTeLjzIrH|Mbh%>okCiL>R*U1^o+$VdP&h zjDd^)zXyD;hW~|vW8Sy?uFe0iyZ70P{agL>+~dMbrRL|_k)Agsv$U7f|2*$etXl&n z>(A8vkIvtl_j@k>Ihq$olYx=EM`tiU+dqdvx5(e902U!{zSa62!0G0{&$BzS#7Odd z7<5MD$JG;0=06RLU+_?WI`gf6XN7;-AoV9|f3DUyC}uj5VVftnM@I2ZLg(QE&AxIzx5+d>kB1iu2{)xv35f zyq*CYGmkuiMPw`7wn)~{=je`Lr2c}_H~7b0Opi)xpnwpG4Mro24i;M+`NrPBJC8PR ztGe-wUvGWDM~Ci-bhY4%winQBTDNGPL+eU?Fe#cTtMn)fLDapRokkN58gp(k{T*Yv z#$ejSJn9YbhNcKf;F}+;2K-RLl&R%MBJ#H{Gy?64@^Dvzfzp(O?>UUUqr1tSPWL(W z!RPmhaL2A}Adq51JlU^fMmeH@^s!2J0Ob&stuNu^nKS$OZLJ=B$$s|4Ad90#sduaa_y>QdKVI4Nqn>?Ni#6jh8XZY6d{(yimE_nn zlAe~bkDZQhoBrVat54G(Y!{YMTApnD>C z8W;?pJ@7hYZE(Qf*`>Op0Wb7jf}5IBni}3x ze|8x*ql&+G)=gKXzX{g!^_DRix5x_|y{=6`h<&DMl{~ATK^z|jTR{_o3eGCW}ll1XU-ALP|`w>&pepCy5 zf5zrhw6;`|Xb8TZtS;kiaV&OuP-w#KuLkjADilwdaGT&nv=vl3Aya#Zb>JK@@a+2p zbo)LTDH0G3Ju>x9L0`k~I{SM`jqe~{sp#}~(RhE*oOfZ3kLwfW)4vuZ**@SkJ-{&7 zfwn&mFahl6&tz&Y_*jO?pdGKc@CWu=%X0ymC1T5aeNtX^!(__-&WugGeY|(PM#Q8} z***SD-dVg8jUV{=j&)S*cLEId9oJ1DaDSq#6Cyn!~^5y+@-lg18CKwOTZWjCOZY)>Dy{6s>0jl*uYD_o{~ z$R^+_cF*xOp_@#<8SrRq4%@H4YJm;-hPThqw{5uvs@&sep;4V|5$T7M^e;IPkA9yV zUFa#T&HJ4;AVXwCPxQMU@@*qgFE|qk9}q7w6kZVw3+0A@L1y2%EU87XNqV-Q z^yXU6jvx-Bvs!5gTlq*By#ZrZ1@otco(C^yHijJ7pjP%eHQp$N2LUGQoj{Wl7GO-= z%#-Ah&o(tv$ckTtvz0N%a2Kro;~Fj_x__tg4ps$=!QL}ejgTMseB;#CMZM)gx3n8CzBj68| z62;-rcmz|y`{cV3dWd6+7QF|lxuX~whj+;K1(tm9=TWCwD`j5Ga(KE4TImO`W=1d1 zJn}q?Z0)c|d7pJ1s6>^jr(!a@mcH;wpgga9>inn7Z4JN68eO$Ia(0O+uUc0Xr=COV zzc-I~()PQlwbBl$zugYvKf#DolkB2EDxlU8*_^TWZK_>_^ zhE02wJAkigY8*pz~zG+wZw$;|SBMJI*XiCQ1h4g3b>oGH7{ItJ%! zTg~yyvYqwS_+TexHq)ZQNb%ZC%2moK!zsSIqK=REF`w5WrhOq;>7c&~qAAukb@T^I z{5@tJ`u9=S{tLGrG;BHBMhPW#UbQ7|J1=EA1lRh-HB>CHJ9M1ZH+OYdG8sJ{EhFyqPU2Lqja1QRcCw2S3q=~rSy zQ8&Fe_*lxJC?$VZbMKU2J3-d3iL2Zc%+0G##do!{mbvM%DCL&&VpB+bDYMH`A1*gE zpdrgYI{tMbE5@GKEv3q^QH`9r5x5gplAtVjw8xOa!~i%O=*sH7Mh?w0bpOwdba=qvM z!5nj0uyh6;O=5F=bVI`Gq3wXYiEizRV-c3uSswq6gk9 z5OxD?CjigD+4dd`(3-`GBFEYA`0NbA#rxWQXPOY1mh8W#Y06hDljpi)*`P)z=)B3- z0%Bbf`HuHD^9-84as3nYxyM0HN5z2$+g>^FxIS9GGbUeQ6zD_=DLMm|c^ZLAh{n&e zhO}qHtCxL+_Y@I(WTPT4 zuiVV`(;H-aVXpaIO%>POPh1xTc?Ifc=#9e+wX(~>TznyIo^Wu@M~Ba5kq1Ro`;z!Rz;eap>eaw`;Na(y_8^~GviK0Li!QgxA{OUqZ&C&fLJ7T^Ab#6<8+(Yx?FY1! zUw;tc$FIx*%3<3cvAy&Y0cge=w<#-k_>N8conR^vk0aJ^b&pB2qTEct)baVsom~hx zF=Zb*vd5qkAvsE^1cS=FoaIn|N?l+-<8v)p>Fk$Wgc;Q2ra`?m4VF@7j8oQKwN^dFwt8Z*9VM``g~AVXnB$x2V%SOtn|7Jf@|!f z#N=fB$`mGk+BLmagNJc45)>1(CB2KPDW)Wj5@bbhBx5`e;v@e0WaNpaqP=xj2?8Dn@CPatNoxP^(WHJU_LKO)2Lh;;n@s7Pl9AP9;_QV#Y<9TBb z9a4a`+4mW9X} z@3`bs&^LDTG7lM>jpGCzrbM&2PmWrxFnGw$OaTxiQLLYR8O>UD9*K@Q2Cfz>%CaYr?~JKQPtI%#njT){dN zDd|uejP#h8GUHXmquM|9dyEX4o!zV-O#zb&^?42h3(cF|p{F(4Kq9{q>aU?{R&+=I zumry8SssO!{Gqa8==}G{jm4^pJ3+ueG@QH~gFGQQg8&G!6dDG?+Lw4R% z-92KO0lOq|Fh=&9a19T|j$#gTYUB~=gj!I3nQ(@mvzU{_0{ItaDx=?Ry;xJ9-Fzc_ zPtwdUlk}3DhKs|pLQ$(6Su6L@V!o$an;DULQM}eY27X_hhpwjY!(ee`cKB^}vK8*B zyHbvi8IDukgis_Qyv1y?0sBnPIk|&cO#5n##z4Vlp-_At_M{0liQEF8Q|pjLE@R{O z&~pmQ%bnFb`DmiRwy=H{rNFkU^MSZOJTG-j;$a6*k6JX#4VW<57e5`V6eQ8FtmOcF z$WDeie5y^2^LiGuL{>QvBjyd&j=$Y9fFxma>jH}`zCbr>0b#)q>XIO-*&PX=K`!L~ zeqk|8mcc>gmEm_$$Q>el1HBjW+)4HX+(_=xB;D!s!F(%NtFs@#L5<*p?pmSz)bL^ z)s=Q_t4K4xHCADU59c-m2(x>SS7?}c3=G=@~c5A=Cz$j+_?0uUET3l1x~P!EZQZO+f|5~(0Y8AAlEBUu7qWp8$t!wT_)Z2x zN(FS+OE`8AAp@vEuqfgKh%ETU&1R7U9c1tIVMe6}M66WY(ZqbTE9d8)|3>}#-PpS+ z(N4p}k!PgMnv6KKkLW`IXKc0Wsu46U-Lpy3m1S87 z>CGp$Ve@4!~8=!lJ%lQFNQRF1cLpg^33RYgKA z;t&(h{_t5a4nJq;07>Z~<8ma;)b?~)-H9eSzvd<3*kqxaNReRxJVY6H3F1I2k6fLE z*%a8;h4Q2$p^KrpVQc1f-J&_P?F5II?A}BS>)Q8GV;Z;9mBSDMbMb3#ZJ*~(6X%`~ z8MFFJ<$Q&1rtq}N#e(o~e+Q;<0-q103zqmsZei<$N) zwRAJ(vEtg9m3?n}ha{Cn+IisgEcA9~XI%TF#tYb$is;# z_2wgB5yd{`i*0SDQ`>7y6_JWA&bo{6#M9(v7^-g#uLYqPn`@7$9ma1z$Wo^c%El8y z3iH$->i$j5k7>XT^~Aysr&L>OO+;Tv7QP+$JG4(9s^*(2gg^9AYMSbxA>(BJYJ^DwDQY| z%$JbexukI92}z4dU4~Z?GKt(}Ou7v~0~ewAe4QjI*g3qbx?CHBJw|c(BxUWve5HQ4 zpjSFzBt^cCVH=;Yg6tHDw*}X+DvH3WMP*(jMa@Yph_7D@1ma87xRiODlURZXryW;* zaq~C2taPfFF1+^bN4?5St{S^=nM-@>dH#m&do^09R5pHoOV|>OC>xwcKJ@TwufMPG znxTBdC1jh~BVIEl;J?kjzSvenFT)G+X`x8Cp#n2;A0h(bE?^p2;&WS4{1bkKq-R|3 zKdyE^*5wQ~b&jJ}_fqeox=(O+l#4Euk%YnQE$ta!AvYfTke_j~()MLcPU<)~oRvTD z$A!VuvZ6o<*POie>nCR&q9<#CNp2vSQtfGUcXkEBNmmCv8=6|&&wR0muUVRDERaH? zn$TgZbDiZNlsS%F7p#^Y;OICQUoKD3c&6;jHn{qvX)LAZIDh@QKxbL$PR!4lP@g~S z`L-{`1TV>$OBditj}xyDHO_)9_tVKjPL1>;IJV0W=~|)Q7`pO1xDdY zoP=3WPUKoF`@P6^?iu-SklsB7#w#*1xJ z3nG$Oii1!l1>h`x$@6AYxI)XzwxA!@yzS0dks@?DI=$}BkH)V9k~2Dk911~<(}Z}I zd|(X@$(B9u_F6)10(|c)LgK(;b@}aFyq4KhY_&^1OFGeY^Xo59515OFdGi?Te%DU- z($@t?Sn<2Y-hp{VI$OeaCS%b)#qnLqsM#BZ^w~$$eyICuoxQ)@eAItS(Om6YZ=(lL zjiX}NRFxW?eoAahfaZv8c;Os8hSsDS3s%my6rXrZ9FNBCU3-b&$oRQ0*+IyMT?V~xZNFgn6b)AZYOY5JsU2dn- zpS_E!#F8mqdxZ!k*)RNq6nJYy%m5It1Mj21U--P&bz+Sa=8oS!eAzQNejwYDPM8)ws;Yp9{yw8dL zGJr3sq-r>=NC(p8|}Erem~fRxF(44{wqD*{z%x#k)DMwLd&UW&A>U zo6Z{;QZaPZrcNP8(~qs+i0L%Xh$C#7R4cBCVzj$5Y#dC>0#kQ7LECzsGg_~0O>s<* z**yzUs1w7-d#|wG1SmV1AsXZerYJi$o@j`C^;sSUjY8rNq14Fw)MmxA6>t(HH*o7E zI*aC8zw07Eq|TaA3*zS6$PE}(Oy(Y<I;bvVx2^aA#-$+Pn)tX>2B#2N z4$0ty7+h2uC7Eh{|0%yHbzjKrb(`NFn_AkEWg8Me*uODo5D@)!9R!(QUvK#%pSRHu`6anf7E>k71kwn3X!Dp7X z%n1Yz>ee1@(1chb$`*Vl85e4lTZbEp_%G4JPH@Z0iON9p1=7Zrn;I?Eh^#`8!%I}! z0GG1uIQDcak%IIHBWV5ABH(FRjJuk-Qy#4tP9Z!7@u$ZvZ)(Ctt=i(F&+Ssw?2J6> z|H>qA9CNO|YmyrjDgh!cC((2Fq2)^w4J3%o`wV805wGghSm-%mQWYC#wEj{YQvxy) zT>hw07RWgG%ppddr+uJ$_mGd*=B1fp5mN=CmP4*(Ei;#Dlnr6`~?ac5|u3*%)AqS6qdVD_nL{NP{a0Ll!5 zds@f6v;e_DQmZX38iqrgtzC?SL%DY?6%+XV$D+YZJGqvg7b1 zm;G5cI!Z{hBX|*PQvg3 z(|psY%5+6mSMn{8m&py`@^m+dr9jkJUbOqtHei}@XR61pLu6nO#Z!DGzzYlbZIh~g zOp?l3Sv`P0XMdA`HH22ppSr7m-KPxhcirs{rXsmqzj!JI6)~cJSVA!(pkq?SuIWh_ zq-ZV7MZm?$MD6)kl(hm`47-$J;V|uF#3tToaF7ox?yN05pCgTIPe0NpZae5SR(`P! zINo2RY3*L8rwlSSS3ZFjw~nI+#muPNYF+D`&J%^HQFU1Yc2~ zw$B{MAMG_*iDCe5WxB{R$4J?kQ)G8|=2`uD+1^>k6by1|?^=pu6|H+C&p&zl4x{F6 zx9ttrr|0V{>}?0}Edjo3H=gOt0xa)+;LQuwN-e@o3@IS0=l+XMs3OTtlk05!=PeI^4BXlZ|n1&|K+0c~$V z`-ete`_XImr(kwVs zw4GMfE+q$~V-v9hUJ$aCfP{v3 ztz3~T^e?2^E(npnzD6nge7moZg_osz?ARZ?oPIHPP8IVxm3TesuuGg&MU2FIl;}Ik?ujIw6Y7<;;ok56J z0hb33aQmF8^c%}U?#mhZSp6(zAhs~qc&sZ01B7*?S=!E~6uVni_B0vu@Pe8I?s1Se zd2KM-Ne20@6&&|ccBN&xZU;wv@R+K1_fKw9MCxUsF!|NvAyVh9p%uq-OGd+oFS1}o zw6^xfV2Bkmy)f7r=KcVUO+pDr7^GwO%+KJE6&jr1*tWO`Y7kh4yJYE4!e?=^({1V- zG1t2%&-}Fmubb^*(s_IABdv86+s39d4bSqU+!Omfc9<*-lmh21-m>su08h0E5a1-z zi5KZJ5fb2;Q*N`7t}t+4kZ!_7!Y(%kmM53$RL{GWL~xgIZN@Hsg2@Q#>h13tWX)c1 zG}VZ&qWq?eHeEmHH(pr|6D|(akAqfRel-~_^pVC0!o-r&r_6y6I)Dx!Y5zXMTf`=| z#zjBm=Apuziy&Hi5h(bB6MxRi>*HL`_yJ~8bbzK`U$n;YCMJ@aIyR^Stc-ZIp|gWn z_O!Dmxx)b2cO0~>Q67Ml@N+)jbjk2QNL!dW$u05l6W%a`8|O2N@5vCXT{P_vAf{8t zBb0TR`58dacYI2aYdBR%7L#uHK!R+KsHczBVM)bNF9MpDxwsOtDL71tc_48tm&eq% zC4~egfY}h&cAzx%0o({USAp6?n^}p<&`I{{T-uhKH6~NyyA8RkJcb_~a7}sq8?Uo2 zoe{v#P&@<_pRII7`tVW~X%1$$rX_t3FpxGOiz3yv`#SnHF5j}g$9l>03Ikr)UPM|`@t-Vi# zYh5e}T#SzqP}@R2*EtGtv}LBy);~`dJw@$DqBc#|N&b=}vT{rQ;0zikYG##TkgP^Y z?4V(9R-i4tY;AE9fV&%11yKv%#PI7ylmN*AukIu~>J3L7gQ|g<)qrn4)_K-57*N3Z zYVrBgrn_Mtc^gT+1QH<`$8j}O(hWDqL@F`c&{9jYt_GwcvDSbHPy8@1O!?Z##D+ zrV41I^F%8~FA!C*x*0hVx-qqnYRFmYBvbLYleOF+B|5`H{q6_TbHWR- zptJvhUnw5gKr~YI6knBU`qx?s&YlNRf=kfXFp4^hNeX20x9(4#Kmjfcvi$hYmBtrn ztW>~ii`GR(nU;?bmXXr33GmZMK=;`tAKl3jhF^UB9_YzjNREPn z7)M>ABtU!Nu{}@$YK%6v-(Y#pkqZ_Tl|L{QC%Q`{N)~3Q4VM*o`m$;+sO>@1IMuhZJW%hg z3}g$Q>zosiVmfn$vuHhxuC%jaf((8bMJr6|eSaMa)K*bkWIQuzzCO-6^GIL~fYGen zxfy;xPEefJl-NIoILQWMquuUnM|2Zj0Ek>)bh3kxGEGvmcqKhk8Ye9(O z0EW8YNJ&XAW?4|KPeR42km6DD5x#VKdK3b91=cS#`2+D;>hU;rVrZ*n2cXz9Uk9nP z(?g3UUy2dLKam`QT<-D}A;#S7_Uzl-<@sIdLVU4ye*;ioq#EYx0^n!-p({CiL$9se zpp3qQUX>wcPc_{V5OCqSHx7UnUEXUC0lu5A79tb>p7MX6B_%Pft8BT>3gk0}pAXSx zne&I`)@Q{nIN6~l@%hPu43GuO^7fh+xXg0rW}O@U1^nX%jswP5UX7jbEUw~byqXi` z47~wnkiGxN%Y#lWMjq~-{<1(y(4!$iV#B@H5P_?crsWqGRza0@&q*0Zj#z{{W2Zp` zBn?s)QND+GZG&u{2yeIj;MWH>lN8WdL~aq<{H<>;K|!WyNxK77Qpnv!n>|iPCPrA- z>+D2GanSgOhRGqTKeGR=KPMO%Zes5Ew+~7{NS1&)lo=axAUdc9%Q)lw${8IzW;_%2 z{_0*S_uB{{uso=W+T5#3fx_Y$L=X}2Ex8rsDAC*gZg<{1Hn&C5>&jny&x~Pw3C9s> zDXe$;@X7ZdL%gYfu~>U)5TQ>KM)#8fwFF^_+^1McA@-UzoFm=g9)$AiuFRsH^UH!j{976{sTmd z4bqKHY_sRk8kXF`))#L)1O4Ei0yws!%B+?kc#U8Eto+6-K5rf_Z03A-(v1*QxO+)l z0N@h&mXHjCeN9@t*8F^;+I$Z2HIVlC{Zn__qsy$)3i-_d$Oq$EwGup=ZS%uL_v{9e zq@Yr_Z2{I}^-|40$9&I$y|*w>E^i3!6dr*iZfV1cLv7mH$AUY$BZVbjOF+!i7GZ~q*>P`vWg9anbaG#u(}$+M60UaApfr1L2w{P@ z0c1T>IpXvdkEN%8x~&*qmDL3TBwN_jp}yp@hx`g#v|Knq8E@L9KyVNr?V=J((v5?FekyP9%K`Be`TUUgRwwr~*5y`S z4!11jK4Q<%=P?M#M-L(jicT zVeNE%d&URN{Ib1xh}2xpjGtRtnNR@PZuQb)cnhO~V?Y55sW~+uU{CVQ*DhfIvJ7u5!9W zQoJrzv{B_XI(@#SoY7bOGtmT;k6~DVM&bfcmB?XP8SAcLy(<&H3)Y;h@EU-gmmwSLT-CKD3*N=M48ILWg-H$)Vc@t^ ziH)K5fQy?B{u94wK0t5IXX%(qdwNz*eV5{P(1&Qi`g9Yz4gOK?qXNVb1 zcvD{`A4J0-Az=SlGp0+PxOGr8LR=9FQ+N2QLG9105I`r{l!c$yYbI9LvbV=&V8zVxJ7noBPAah{2S(yXeUzN}@!GW4@TsJMr2j!HCRr`&g7lmh< ztE*ncLoid4s52%2Q|Y@^pHU+yp~{W1D#9n?C`45&xQOQ#)0hBMAI?(nxl8Op-&h=^ z{a_j;F7jGil{)o>4|d=yXMoJMvY_X-m5NI7a^-xLccbS64et)ZFHk3OJJYemmY2EF zayNQ#iu{-k{d$8k2SX4?VA%4+{jq%>mljrA_52JZgzN_MqNrG*Mq@{9Ki{Cqe`maG zK#jFD$u*zO+aFs2u`PpF^lwvzTmTsh+F>LY_^#kO3*U3-$9$O~{*~Uv{3KD?J>WaF zC_J+141|BmJCcjhZil>KScS?W9Yh)G!g9{~au>Fz)uQc#`fZ9B=dxZbMrDM4(v^1w z{6<`(lKZ@gC9IVL1{~8#-^q^yHLt!0heuFp$0AeWumVFSQ_{sk1BM`a&oq79YeUuM z1^us=SouDc#3I;M@d^=)WrJ4fG1c}Np6AY%%9n|QqG&g~P{Z#kz4OHlw|JjM ze0&aFb;;Mw=wmjT?&n(c=ITfEn8?MydZ8G_-$y9y5XNByaWi9Z%#=U*&%436S(dMa3ZQ3xokBv#)tJN{J|{%>=o%RawF(cra*+GbJyk12bt-u+&!oGSjCH+uI}_fX7F;MgXiQ{C+?aK>7@Dmar(K9X$6_;-=|^Y@Ra2Y=Hr##IX#%H` z2jv-3 z;&O`lye1Tpc0|hSP*61v%mF(C!1B1tEE-1}wO-`DD)(bch5vkYgVc{*LJ8DNUmtDN zlMe<8DyM)m`$W14%#)v#;lsr=EpGmZTuf3)Ym9^aI=vkARB>P--Uw;mjN7w2kO1-R z57Ry?Lhkzp8e_lxqC)U@a48ccCj+L3ZImYFm9eK-%l4rl7FAks71U7J4AKrNAXog! zCkQO=5O>9Qpj0no`0J*@E3{`lKE{e&hq3(vMc1PTYe+4(K)u(OR=tnDfgFTmR z-85kFM0J+~nAQ^+wpyg}dLmL-U4K&8}eIC_eiJnh8Ke;ac@~(g5QXSWn zaML@5%2MKEUv}KSg6USp8;K{)gME8cXb2FkVc2UJ@C)R;Wk>oYC;^Iz;A5~sm4?B@ zA4v#7GR>4heXXx9V^b)gUhXYvo4L@bA&;DQafd{<#3myX*{Q5vYNEpDAhzPu(P&Vh z6KS*kZQT1l!xdPGykRdiR1idG6Z{L@9t@i`FeY|h8hLBAJy|NzKv#JH_i+hIZd%or zAY9C%-@SbNb40aIDUc50;>|j3d5`>t@q2j*S_f+qRRi#sEOp3Wv)mD7<}35TE2uVF zP=ofT(2GvYAOV6atjo!^QlQzQmsi0KZUl~hM|lX8-Gf^Yw>EYya|PXEyD;jpr+zo~ zvyoNc%%xXt$t*boxk~3QemyRTC)@~yf-8hxlb%#RN2dJ6-4BD!BO+bEZ2*$`i}Z5q zH*W{UG^smBY~5{w__GW6EWYXyp-=cg-@QE|fpHcsWGC1+V+B*?|A}vOc%PR_YWwGvh?_Qxd0J@0+CNr#LR6N$K*P- z-yLYIoJ~Vbgc5YF@_h2``h2SP(;rYfefPJ&PyGreQM=%ktU!gL&E4LDxu?5=0vgex zV7a@GtH&2xFs z8w7s+GL##A5T8$QsEpsvNV}vfn`&c(S@B{|)vaAUAvoE`n({BmKmhRmdo3|Z6VQB; zX-XHyG|!E@-7d1KcaZ>5aP+y|`&v{%&9etGhb1w16(3bAZ-Imis1zPv;-e_2Vsv=P zn^qy>)n1*LAC{Bl0pTG_IqpjXFQ8q$s zg~*^(B)%3rm8VB=z^)}cIKVHZ7%rlR3S2<|P$VMwNdia)NyvAL6f1No2EsB66CznP ze6ah6a=VQ^KMh0&i*!;1Nc*SeYeAg~{N71&WJ)YAWi^S_tD{hN?%i}J%@6&K=0|De zi%`ME(Q_v{sY!g6{LMvIxDu z@}=|cUGs`1HxrLR06nm%2lkKHjLUA46{~H+_(LhynuuTbd`IRndzvE<{3C(KUcIRGp+I<*a35K zRUSVRv)I?)b>P8|sAwSw0b5>StMC7ar_n(*|w20saP?!MS(|%};EcNi zs&}*Zs@p9TnOabo8Z}wh18`eC14`JHz_#ynqn2Z!z|J%n@l8;p`tlFiD=*goB`bx| zQn8Dm3h4%(AY{2gyFdDc^ zc?1oz@CBrL*oaOI3*=FmHZnuy)bM?_=voVGQwdC?!g+^`1+TO$Ydo09nhI$-&U~4pncRvIhC(3K9i!XhI%N)!Eivkg0 zjhX^*WGoM-K~ncaWMdEi#!d8%ar3_zgXEFvJe&#wLvfEpi~u|dFB{F>cRGI<4cI^I zwHNkMF7+?X;-UrhAd5kY8z9KWVKsYD@^1jRC;py1XNb@zZ?J!SKv11Xt*pU9ncN#J zAU~fa`zd+VJ%*HEj_j`=(=ZgDYM|H(IIzoWc+;p`<_=1sy8LaC;t$Qku!(fOqh1fj?;0(~nNy0d_9Id7ZJLMU zH?aEc`dXaVHR0|g5zu*7e}MMR%~UfbRi#f9eXjRgxf=EDlO?uvbH1j(OOM3BgZ|sT z5)=k>#S#mdo-rXYRgdrYDF&cZ7$3#7B}3E8g_i%Wb_9}ccX|J_Jm^%5IQ}aJt5%PR zdEOkpO~?>p_v21~fO2_S*nV20e0v6U3tX1Ke}2A;;)~aNA3rA5an}A?>^0x*yUMeh zu6OO6wyE3l3N%B1KfbC@JuI0@;@tnE)Xh8uAttY7w`HhSf5{#tDafSi_&R;vz{s)^ zs8FMSQ4+1*C2^lR@s5;hhw5T{O#W3eKj;VKI8HsBhDQ@U++JPB^=#}vN9}z>;het^ z1g&BrTJcIC2$cHjAC?fyl-=&A&y*DvcbI~ecwTo$$rk;{c0WtqOw4%Ygskc1c$o#u z?7$kavQ1$HD=5fk!>ThG#4_eLd&0Mst%qM^2zwQUaLW8Jv*w^)?E*8@DJrX9`B1NK zwBc$(uKUM+UB|3Q=^u2<3@SWS_C?qu=b!H;oT0vo-jcZ|YVVqv{A7TGzyI7&w=zMe zrmI=3H!?Pj>*dgf@>hL0nzThvFqX;vkF&enxDkqgDZ(|{v^?;y6f^qVG7T|!rt&XH zT=4n>@Uhky$}Vo^{n(hw6*F52&N?W15cBXW(^7oFTHlJmn6IKJnC}CMZSvz)?@{FK zB+4(^XAeTk6ld;&M4QodSIxT{X6&W32jctsy1vGzNdFE899XiEmHwkVbZWUh$ch9o z#d~_RbJ7k?a@a2Tn53nUkUXBSv?9c-qKi=iCEEAr&ekGp+@x2tv4OWil0 zYsegH5V^xUw3IHn1Ki}%k~KQ&(s`K*>LC6G!3l(gy}MB@KesU*MuPv; z*UV^+X3en&olKn6ZSwQ)CnvZ39ZlmaTKwq&_MY&z82)XCVZGPd%{>HFS%$1?uPIW%RtNy(&J99n#luz~!nZ?ppdYGT8 zUyoT>aVdtG!&MidxmQQ1hcxBaMc#_iL!a*3xF4?OeS2!MsAt>n2}l`oP3w13=Fsrn z*107cZ0zt1I1#XXAzFRair;sAb>#_+{ICCz7Wxb@!lz<*r{w6CZD?=tm_wPXfN91N z^@*}+HpwiP@qcU{NT0vErGzokFV1u7Ul;j)J7}866HbI;#_grlW`{X?`HTv-e9%_I zH$Z&~e+iUQ(rh?@NBr$OQJ83a0jt%SMoBFbAf`fIQ@5L1e_x3{RX>|}Yctb4j@%^7 z-3*zyY(CYq@cT~URp`i4wr{RETgQ{w`dRjLJCyw`rv04LI1dr%3b(Y2A7g_kD>!c} z@K9$x3(wPKysJR*JW>A!bRBw4?G2~oba=RdWdKB&8-W`lUZz6^azj_*ut{2k7)AWs zPLC>aj}T*ee(lnEGE_H;PcR9QUL!7|B7ba|EdP)y+B%U;<;ZV*HaNZeE6k<79Zrq$ z`~Ec8o;XQ~J5aODFOSYMz2L=2-bwVBEIe-w4^7%BhDdu2sh23~3xl<7I zK2V3)HU5*)u8W-1CR89fQ=5gCr$N9)Fr=Hck*mD0zEs_#^xsWo&1xXZ-B2 zatNX@FStU)eG!GVU-lJ!p}2sJOgqKm68agQr=`v`z|2UYOD!Ltmn=5RzGKoe!(e>r z3sl@5?@RTmJ71~=cDH^kI)Gq+jpX9+>!)$n+4(S>zjx~Qts#wcxdpzwpAQEg2J;V7 z&3uyVJG|RVm`b8LNeM+C z@KF0IFpF>cmbqrXJP7Tn)owA)?UqfmGKgWqxi=|~wUn4^51gu{1!8Z~p)A-wnvuM_*y z9aul)lncOx5%QWIUyTnnW5}@xwdnq6(Hy9cIPh<#tyqM!((|1@x20p#-`Sj=5#RyQ z2ZCS=MC8WJj}v<|-7*#j6{n`;+Fqi*XXkcCrf6trMW1BV*RCM%D9j5{u>s~gh5W_x zc4EaEKTZ|g2aZ{DDf2Sf>9{(&SCcyCD0qIKXLjy9zI!y(QTfj4!-kNSB+HKrWyiwf zG9O__z=;8`B7{TM`P|$uK?$K{RyaeO363Vy=&Q$PO3nf+3 zE3L2`Q0oz>6I{tB#>@j;-i6 zMnLE+Ln&)Y1c^2679RUpiHxLYZ)YKJHZPK1+q}LG&dAN#;xdjjQx>kdk~rhtOMXox z-A=4>EWef7mfOk77Tcek@l(*WRE$aSFSkTJ)+~>)6ImTqY`+mym?2)`d z6VbYuKN#ViCNox4`w&Wk6u0yCT8hf7&!ZDy_e$j})iKf4OUBjW)7_{`*k;_~IXyls z`FK}WjZ-Zt&PlNn!FA(1@PLyQwu^9MpOKumbsD8&>irO~P5P?>JO`YAGWm8?u0J6X z;>tS9*rMr^MQeKD6Ja;rF8pP^Na2A{2>ciY}vM&#xw;D=Zz04)Y#ey(+AEB;B zgogg6NCFwE+7BFo0}Q)Pd3vDCTX{Zw1Gqd+o%*Togb*YBId`hJf3F}9d9o(*3|rfi zEh=Mvu3Ry?j6vRGT;Nf&J^PjaSQCQAPulV4S7Z^(dRi#h!qP>I$BaT<#}Mrm8zCflt@ z&|_Av5S~7Nh0X(1Uh!5eTk>@Bd7mY zQ(Su`<8;(8=iZymA-w&RzP+v}5-AMxgxws4+*au zKW&nC(rOjlh1^`V=jmGLuu>~dMAKjyZmb`E)m1xd>amTL!sL4Mt$uF#GYl+nHd$ccX7_O z4Av`XI#D6l8@0UNNd=YZ-ms7K)3L7XBYNaSf0E>(^fo@Ak}gOA^KC{0;KI30gb)Ay z^YYzK)g-9B@m}4uCv08U^6eb%D{o3qRR0@d&TAyFBgN|C$W?5)jo0V=m$-s|dXn>! z_z?J2z@)%iNWr_0{$Ql?^UK4d*^e(~JWhX#7kPDyC#JsL$&9#tP-(gjr|wDdC`4SY zNA30)tMSx9viSXbyl(w?d)^g^rIq^4cvJ%!J*7Kl_al~eeN*-&1PR&?bE0OHZ5F}2 zyzGdW3{Zubqv+JiQ`)m#V)8aCq--$e$&D6E`b23oA0;Lb>Q#1l?46>aFW$G%SHG`J zetX|d&QtWl-hVx|@!WP6T@&&}n?l{5Cj08?9ed;+g6RJo-IQ-(;@TWjfU6VJ#i8MU zL4CjF@+qT@)gnVbYsR|q;d=bEfL?xXIMal|w3OA3;D%jUZqR(n3$a>@bCEH!)P;Il*cI1~HVLNWS$ z*|h8(1XkFGyT?49Ez0N*R)5^-@2C4ZO40Ok?kk(baw?SPZmPsNxV#I)k)lJ08}?Vm zy;Tl`eZPqF(2)}*WvBY03WjsKU z%ktKZ6HMPv9wvMNT%H*H5=fDQ4?l8NjqBY&WSNX-K+7)&A-S?2)C>YiaYB~-3>5nS z9kr%A=<5cR6+t3a#EZCWk~$z|X|-W=F(JQnbdX3wjzm}dPp>{GavFLFNZU~y4oS)d z`ByH(0uh4FQnB1Y4H>)>t1n(OB^=`0g(JiK)!h>0qLg}M#j4%%mK=ksKzJHVUFp?A zOu0)h>AjHqlR9}9si~HOEd~7zlyGmhd-;%GfsQ+O{Ek75N>KVH=_NDR;>Nhd5Fuo! z>!Lp1H(PMwjHKi3hdZmp-}xt#F{Ife7Kq!HkO2OYiN-0Dj{Mk~!-ZkUI{6O4jXwy- zNWb9>mDZ6=@#?&cv5B~7M!;SM-_)v`d|`mWC%X(@CkUQfx77I^a_TEtU81rggd8)15UvXXmpj z5>`x6!2(fLl4 z_?Fx@h;F}C&y22fs~e~2`S9ErH18zbN|*!W8}^3vI_bl1ZN2BWrgkri>$1~8XaXb* zD*~>tH)dV@_II0()c5VtTA+N8FI?aOan};bCPaV+SKYtncYc`;RI$6*8`f7G)qpV6 zoqfqRVnP?**^^_!RSwNO$TLh8;m-7L?aYi<>qcyO0&TRr zGi}G|rebpH)_o5_o-=%d>0x!Z-{-?zQ@qcK<3~xy`mo{!JP_rEvLSTK6Xc~?2zeoU6}3Q%5<_lJ`S~hUN&{k3Uyq)mZ$wAPDs>=bevrFIyUc+2OMh6*Cm@jb41G>! zp4mSlQ0C1orH?g=;im3V_ta>pP_s784?gO{2Zf03>C2m{X~%O+2AT%6x7FN}?}m4< z>nrs{d{v=rtG)Qm%E}99Zq#a{yn}9_X7std+@Wc9p^z$ORFpAPFKEhWW19MLDJ&(S z*6XYG7|2~w$luKFc`4^QX|eEYvLGDg^B&pDCtcdDeIwUCy1e#&+nrL+&|c0w^80`n zb`-8x_nPbkk!D+)!&W}4Hos`V-0(wlxhl+YZ7JgkEYJq=n(({`NXFS(nO-jsi0+wS z08fo1`h zUub^}B)M0icp2)aSKvm)!LA?6n==cf&kG?zTzgab-RiBSF68dB}j!~=Zgp1b72 z=V%B3mAdn{lQHIX$i+&|?4tYzNguoxZbyhfOiX-OS+3_K$2<{p?sQ}^l}$_KYCmCq zD3R&TZ6~?CC7XcR%~g5wA}AEkm=2?mJ1K}+5R_5=#(vdE=-;%-oycF#LO zX_&d-*Pfd^5}Wm{krO{iZH)QF!!w#d7V0@CA#a}F#((~Xl5E)Pnh=|u3Vgk}jWdPG z23JvE@ai`{8jck^;~tlgX~MgIij24!er26ytM;^bw>^PR!~>Y$Ps7C;y0>?iLA8sJ zJUj*X>Q)ix@Ddm1KcKM zmlphHlDR$w7m4WxqyACx!sW!z8=}lAqO*SWxhy~VuqfUSV29|}3wxG~q4TyQ0o?xb z0%hx+JJhR(LJzu29K> z=6P&EFL`|9xAnwDgP-D<1Q<2?(UaqYsUD-6etS}?-w&d8eSH)!ef9;Z_%3zsToMtE zFksGylAFPxyr%CtD7cYOlECEelWGFF7-jT^>Dt?9^U1@0X_70H(di?IzQ8-Rx9g$-O&52gN0rx7; zfW%!s{rnV-JTP4AbC=2<0w&T{5zk7T_yP(DhOK_m=X%=-RM#b0ayg*z-H*QfHoF^j z45jsyiC-ix>-!Ux@&lx$hHyiM-`MpnN0b$nQx4^$G+B9OYB_`W2EQ8~PHI%9f+&TD z`j;=D-$I)qzrQRjAu9UCyc8%G@f8#%yYb5tA4+_s)FYdh=%#HVj&Oy)uu8Ga1NZ~3 zQ65@TkPHXW`@T)9yuZz%yuAU=zfs1gcrW_LYk&H~>wfyx>#oogh@!o}dmuJG-g(d( zEKpNYiWtZJWh4U^7;F5j$shANdCxzvRYWq&Dp|V!u%;>S({yyu5njYR-vtPT9M)g! znlY&A5N&@LYw@#y{h#fEyMLZbpGA7pI`+IiN^uFBzQRe256!_UU< zZg(@eS73Y~6Y6Is!Wd-|4WIl9TgAdZ4)XIv{=c*W)LQ z1L;hB-abBtGE*WK9$mXD;-bFMT+$6mq4{$x4?g^9)~~7Bo3m~x_;imwzQ^zm&Lev# zk%dX?SwsUs8`7IOhj;L5P9cBJ?TGIKD}t_z1>|usOj6yvM~Ut~W3u+nGnw$*X_J9Z zA&_#Oa*v1jZlgJ5_9^90tyu?z`@Siz{2lpu{X^N08-fg-djFLB|9{;t@5tI9q;72< zVEC)YIL7*2!GX|LURLV^tck~`urvaG3pVY3m&ZQeR%o5 z-qP@2L-av6!T)WO2T`Sua6VEq2Nx7EB#t0teo+MCy~!;KwLgBRw%cRjC4O)_?mDT5 zOF1^#TVy|>z5SH}>O!kO01;@!Q$Kv9BI&SKy_^}{PT%MQhOWRc-GPFkA|ijHp@S~B7uhd-BfaX(>X>Z6Ho9@+>85Qwe0aF1h9L>wSoN+i0nCE0g^E<_eu zByp1i$U{(Y_PaETT#}v1O0ds0Ef9(9Tp6B|4ix|pu~^lIw27JeAy=c8=|YZ_ zIK_K%GhF$1Q;1WOD+{F~$_QW(qH-^W6N7s%|!?TXq7CE>9?81U%*O< z!#ZLxuWh@fU(xtwvI^)F@k|AKIe4y;$n9hE=jZPAl9#nbVUAzinuv_LHROhCZj#dB#HHdl4{C?6_pI!M1Peo+T!jNBRW2Q}6 zMe7F~bv=*7gX1}jOxupWo^RWi1qR`fT=*d?!w<(nyO}H0IV;ew)P4I#I^^6zF}_ct*mt zcd5ew3@fPe>Rk;aV;4{NC(C(AagHHk3jYLbOf8`la~?geJKw$i86uhIubtSdcJJVO z-ZfK6?%|n!mm+((PWrLe6rl|R{c`%I_vj0W_wbcp+E$&RkKPr&{X~!mnxg?l#&8`W z-ij7u^Y$HhG=c&tCOKyB_MPz7vHy-;@3HN$p3rLMJf%$!T~t>&pAT#_?T6|lTx}9) z$5Z!tC11w4PoB#kxtBz|b{E=w04e5=tdGPIo2A3Tq#|V|!%g7nYxK^4#6n0YZXu%~ z*K9AHOSqV`m^a`m5C^eUor`cV9*<`>LsL+$^4y$VK4J6y447McrID*gXVV;Tf6*u_ z;gtc$4!if@lLWo zz#)l4Z3_^ZJ1DedU8k3N`&xVdn z?N%-4MK5DtJM&>3cTj($#gHB_b|Mf^QEpGAd4rn zOAXHxWCb#_93nU!Jw+@&ve5UFHfKcGWW2jy0y#u@1mYD@fA~3fUrP&S#hGL7`f^>KcCb44ai)Dzhr{p z+tC@0ymE&EF;A&x^-XVU{r-F*P1+v!X?t3%Ux{xi&^0jHW?pAepn{`{{%U={9;s=B zfWm{uE`lXlT2Q`K(1H@kom<}RVOGSNP$XHk5FeNHuN`wx*BgKM4V0 zfBx*!7L8eGSWyLfU{3}8ANS0a|Mg@Qvr?@)qan^WgiS&5rBKgxqKoZGnEL|)fi6{_ zUjA_NopF^oUr4DB4RO$p+tJjo>;bde-6}TTaWk|J_j8~6MRoP1l;X=qH~sMz^WBDa zUpV2*<7UNM8qCdisNrPf(MP-l#WQf0Cu;cl96lK?BL<$H6Kk2x=Wt?YFl_ZD7OgD| z2FhXEzKeJ93H{B~5VHvi=>A{AdEvxA0iyJtHdhT4#`f_1kPZCTu-~T;pk?@)`+&5y zgkS(u@0}xPntQ6hYZFq$p&j=-R!m=+eA_>yJKKD2)YXlbU`JZ!Ts zknEigEC|h~>9I662{CNy69fov8-I}$>JI(fg;=v!FnqfqgpTXB;|em`t85!lPA;il zOmk)rUGAw+d9mOa*$&k4$;nq!$xbOL*(wJC`A;3Xv>GEE5k`zAgwoJ9>?ol)^n*4T z?vB!m2ZF~#$`=pbEmMa-faa=+bB;pmhTcHfDxS!ts#E(zi|EHezK7R>-Vz>>zH#r^ z4d^_0A-N4;wU{o^!Qnl(J%Js zLJ|LjvVZPGEA#V3i7(LMkMRWvd@MJ&Bsb!QB$FPc6!5`_z|xs|IbsU-S@1?J9nmdXzO*pI%Ff{wxp)-~w?@sH z?WjHVKviNt5<}T(oW!-BBJYr=I10~QF5F30UI_#S&bqQYbOq}k+<<_(9mfjgQo8T9asyTFZ0vT}~PJb?zEFBRi-gCbk(I_9Kr3rOw{_UEVRjEoM$Y8Y_6Ffg`rAnmWUw7VRjJb{`8Q5Kl7I_vFD(JXD;6^AWm-fsF;Au1^!?oZ6(JL+Ir1i!FxXbGpHM!Q*Y_(GRBfYxnlF)=6xj@Vsl z?>Ii$(F@UwbAB|3o|bbt_fpk09#2H@p8=2WFMct!S4oMJ-mrqsn zUSgd%&oM)*7mkCRnSU140FYVSwA~VEDpi{Lfp%C(3|6fy_Cv$&XN1x?B9?S&S}i~Vhm+D=FiJ=D!bLTrz zylKC#p06g&H}hNi$&U5j^_}l&W(@g?=TC&Ma5-vUolL4d*~jYvGOEWv@c;m)XaPQPb=P8~2AJw4xYR2n+;w&egNZV?8MWmzgQ{q!AAjFrE8 z%Ia;Ud_$LAibbTYe1sI-JA8(<8*N(2MzSK;LN2Xnn#J$l`8(stcV{ftI&iXSs(&ux ziP!TUckry3CN8S-2(Qpu#*=6GeC68)t&%evf09AYt=roX_h?F|pd+KoQyA8%{Y1Al#IX}*XLF|YTi8Wv}S0C6VDX61_mIf`he zy3>6Bj!SU_A6{7s&fB5&G5%ObMJoho+3mI64}TnOhi--VqwaT?qw_xOcjeBNpi2T# zg7Lk;Ym?z->F^2f9~F!wav1R*dN_Z&<-P=^X$1Fz601#BU*dF zBtn(95I3IW7I;1crE`#!gL>yQd&OI;(cSMRWn4X|y;hL(gf^yX1A5{>5J&kilKyci z#aYM|HV&)8iINQwxk95z25+$i6$q3x2+*V>D&kY+dFf{OYb8-KJd>BFbIYUsYTwKK z$6p>T3ui^~b!q=|WzwHfKM#qvCxb!b_u@@qt@CpSzOI5mBhkAfaq040KmE0a)y~67 zM&B1_!NJ_`)kDxG>v2j4Tl+otEiEZPw4ilo^xHq4!cN*FX?jxyG7-!BkhBL7*%QlP zc9&Jzo%x!Q;~t|LhoKl)iTQJcXS;XG02uJ=G0M2Fav`oABER54TnBaZ)>_G<$zMS7 zdkEFm_SLys!kiKz#P_RQQ`H(Y$Jw5$JtLrfk{hE0XfT9*qwi>pb3hkui)Y#2`N~+? zPHG{W^esd=`L5@@Wuyb7M`d|eaiC4QjICGN{H9Q>KMiQd7zG^9U7xLTUy@>B=TA(o zU3ft93Ivfq1}&nms{TX%go(_vMRmVWCk_Jug!(1@HIZdUrDf47~yixjnl;YaVxR z@iG?c(sGxy{Vh)pgB$x^o{%p(LOfE674V{8`vl1Ct!>Ltu+k!n<~qD;15jQ9*7Fq&9r(_eP_l5%-q( zTR+dQgbyi7hMYQa&I+fJ_o&}K!93Dm)^V+t8?S5@)NkqP*q$$o3dxnbRY1#pg2kcon&R!%^J4 z;yjlCf!)p~ml0Q9SJXvp$(g^^eh+mqc-Y{OhVwZG2<<&d>8^fcD~TvN1$S7Vgr^@r zGwhG1zB3(3S(tw(Kgzib*tr6LL{s9h9ps%AgFCUeMGK_IPo>u`T!DK>7wj#&QP|>| zbtzI4I|d6Wl6bpCCR36{l%cSYg68Ui7To8`?wlNH92=L%NKK$@DGBoUKips?dTL;Z z^2Ke>**GG7(?kvYGJ2xeVXjS&9Ch+SPGca)9h39?$7F`-?Ltam&P~y+7wtKkWKldG3!UTAOWqng0|UUv?9e z6>Dh79|8}h;UiC>nZe`LFPWg_yLoWLGa=4+5B!o5-N1@sZ#(+_EM@efJ#}UOxOhkF zF)Km0)?f6l;;s~(w z8sY>l7g>Pu_GWXBL1bBCYq7^h%qHauTpvqgAS&w3BMAll^=n44|GmO>iG98BE_d2! z)_F11;SZ1}VOv}dGL0LBH41f!I499?Sk?T1J+F39VWNZD8bbQtO zy-rqqMd|l6kzQBIc}E7)GD=(OruJ`K@>#ol(1&nPKiYQH@kfW=#i)XGvggYkQ;Ivj zv!e{`#f0ZkETWk?8G&MP7WJZ0_$nca`8O=~x}n(g>zb-+8yj6_`PiB{CspD{@XHs!Ll?q3z{2dD@_i3op(t z(N+7zCR;X18k#Dr2Lwcl1HfJ&~@~4pHkO>S_`Z@kizU9pz!@AQO~+ht`pk#k#*vB zh(R4aEx-pu`1!z)1p=Sm`x=M%`rY)k{un$TVLnoD zyx&;#@V#^DD%`MS9JI$CH=2^ZGZUgR#o#j$|Do308SL$~^q0G}E2xI2KjTOJn_29S z7&M;pk{qdbKAUvpRnVpF?GA@v=O5tU^vj`#NOGmc21pB=8~fH|%hT&tx5tM$f1_kO zvIrm8zpCi>*dtAsYSxyBl zyT+Eq7}-9zt&f2&5sLfy_^MkT-k(ji%LaS!Pi3=Ii_d@G3zUQT6M!5(V`l12jaN_) zoA=>xezwadO0mQ&ZatvylrfX*eSdtbj5+C5@HAGSOrjQLh{gh%m|~^Pa}TH7bPx_h z^9v?Txh#pppmCxYDS@}w5m7>?(1q6ng=AbCb0xGhU0d$SuNctr{1M}%6%P%j)&rspmte=N)VY12SJqcP(Nb?GZhb;aYR{J^XBf?!IYzsG1_ z;}zbL%9-s^)^~<;fTr$|ty%Q#b;JjnmJ0`~ydh+8PiXp6hst4s@I=_sZ}s@PTp_0l z1p~J$W~r|1)QjX%=246Mx+YU;HuV>^^$e;!4*TTOBERzSAupT(5Bg_-YWais%`TNB7aSnEqTe@>v(!A@4dq7^XpJM-7B^yQ}9uz8TZjvtkD=*o$9>Z z+|aa5Xm)mz*hE)e`4!EZ&U4?4xpSJrn4m2unvZ_z-FQ9=c7Pdh8TKlgV;xfoI7n_l z7DtJo$zD(^n0tn=#NFrKzPSF<3$h%Lb$>feG8rwWONx=HSM4O3-zUW1f1Os`p~AMM zz`v0g6D9JiY%|G+dnfJ?gP1_}P8JGGdp#$EeJQpqx$(bA0Xu+rT>2?oeCUtDhI`xz zd;~2KPKhRH$_RdbO`=~`FIds^B$B(PY^Cd5=Wpj5<BYu=MfAuOv8L=k?82%Sp7o!b9Dx+nUdzBtV0L9Bc7?3x*^1=1lwo9X-IPlYG zgykdoUM#^!LWmv`TIInuuE{ZhT#ZNi#BbA>TwWJ|^Yt_p4?m<);Lb&n(Nkd;jCE!W z8gnlJ#wRpz?hxO&42}YR%_X9b zLKi@*x1$wu&v8~k;-UvP^P4lup6}DXg+r-N#wvfDUT7b zFRzQfkEw*Kl1HG#zI=b9)5E6a*-`8P+uGSPh@5#5es=KUbg%)W@=)5mAS2gAr*dYH zHm#!6taMJyPW_TS9}(B_B?XxUA4+d>dJDSC4Q-nzXdGAJvIo2gX>5p3pD7ElRWV-T z)v>v}6?7i*l3*X)=(sJc_5-1$FPf>N9gg?v=~bubIQo1GGQ%R6UK=G zHKU)YDDjJZr}iVxe=d6O*M7g$i-G2W zg%B359gd+UucPfBoMf)@QTq{762A3X(#+04neqMeNuML-uM-qzyxv2kIuiYmyvg0J z?K`5Q4JsMH_tHl;VZCUAe^Z0=Y$D4vMc`iXw@=iAGu`3q;@ZbD>%R+?+7frW0n?GZ z6*lQ#zmH!+{~<52WBnix8^`6pxlbOG^wKEuF8N6(8-3zTGcy1y0m3&l^LRsD(0h-) z&fLyQ9zOr5o{A^m2LOY|5$wI)^et60*KRv3()5%kd^-dlS-_4@S$UDzGI>1*VE(^j z4`v4Pb*OTHoUV|LLCP_G+Hd`JnwGT9*;_-pmnsl|!ErRr9~fC0dz%{3LzBxns#}5% zi8wi0uxflcW*FrR{UgO4TseU4?Skp$VK@AyZlB9ZoB&gHO%HLHF-voH;Y%Tdk1ebhKRa^6-W3zNO-w_ zL(lb-x%AU&pV!^&Z=QYP%Izl^w53eR@Ke*Rbs z%*{W(UpL?l>wWP%J-^oLdh*-h1rfMo{d)gS$J%-QPF{-^Bj&%|b_Q{D|Ki*01wVsB ztj^N#ZIIslBMA-6gTul^7V}}JOaH1RY*3jptGK61GKe(Z1?GvQ0DCZLZTbbjid^~S z@Re6BG9P*SKJxdqosnYZ@5G2ZxMJ#`2Km(cBeRmH+HNACJcq&ul_)p;RNq=ZbDj$f`Q^iKTLH9`xzQ2o`FJZZW z_IKW!)A0pWR2e>Mk9syd9rO@8GMo0gIeJ8;j9U&2{Q*Ds1$9yGW$;SJ&-(R<4UtC0 zFu02P+hDDHJl8V{Tl7 zUuy@G5fk%D7R%N{_m=n^YC2j?U1Y59aaMoG-f!ZYQ!mN$^Leq{CsY&o$%namgoQnK z_xjB;-J=(IU{bbq^HY%OCFWj)ec#=qw!sX_*&I6g3J_19o8Pl+&Yi4BbVi2rVJHZ{ zPj59YiD}+Ky*T&W4|T%ax{z|q_9xYWvaYjJ!aST4J{gr~I zk|q?6)4ZDFM~_ddpGfB_rNRY#iPM`UKbZ(K|KddUhamBfy$(Mii5r%U?d<^{lm5mW8R}iV0?bhW9E?T=l99YR<=NX9n=@aL6&i3N@BA&Ufk+coCZ zvt5HI*)|p0siM+-&cl{i0N^P|F;9`>o$)!Qvipv>>U~K(xM%%NJf`?eI3VqPyoE|^ z2m9)pD7WQlcTBZUBxZ$nLf7?$Y)1AGO)I0Dsm(iXLuXPE%maKI%*f?jb-d2v5Y;31 z*2LYziBY|Pr%ivw{n@>%IWUrCok9wjI4!SPyE|Xx%htVdKJOBSQ1>+deEZ*0Df9_AU74)>)XL@qo@AEPZuJ_G#W9{>eVgdv+z35!olUJWH_7 zI-bOY7NmRlU&KgAktZap#gRih<|MBr9dnY`lAw*?lDt-?&A)@R`B{MCX4c%u@d+>b zWZup*`ehy{b<)@u{&YGEfT}8>1H8C`8z}F@62)41CzR;|?-IvSq~0WXfJ}J~=l>6B zXSS@YmSy2rqLJ=WkVd3e+B*;skw%e5c={Ub%*Z$w8Ff(=an8T@R#Bu`YpyxR{6=xc zk3PDeXW!{Hyjyvmix|{q8}lnT!l!Nm1heasC6n^~h(i%w@Wejxb^B6qJDKlc58;b! zZ_gHGX~n|FRwYTykDNAtMlykGs=XA z%&^4T#O1*WSb(eqks4=>x&zpNZ;`mIg>Qsc21yJCTmUup_T@=9>I#F|Fpdz;g&at6 z;G=0BFAD{7AD}cizX|hFW~Yr2i#g4~f}G|jzfaUW#5>Mhte;5#poeaOR3kN!=|Q>} z&fma=5Tz@=7QOmT7_StWd+lY%kD4I^Z%k_G4;Xj$vk5fVDG!dtLAoEIrldh+JEqHf zlylUi+{H0(e}=o)v^(*i!vR}VT?i82lG=eem{Q zdJlO<9~dG5E}i?>VzL>&_6jXb=kuqLzFspRjH5RXYo!ng*tPP4Hc#1UQig0 zff>Q;juWIf&p2P=EmHz+VQ@~HJC`~q>ULo7=f9*JoIFusXo7<4g&2;-$2&?(NCIG6 zSU=y+a4mAw;$i^TF`u%Wo}eCg5UbX6$%!!|P|S8?DkOW;K}b~KNj7?WvbJzdezq#? zB%i;|to+s-;|f6q<9#2S`#yMlzq&vy^9T;W$VTJBx$v{INn8rKyqGT)NLa~vsaMUB zv_@TFGK+g=t#z@hPD{;*ufKN#Pxfqb1J`m&cXCipb;HbfUD)eK7cJAD9B1D4kj8n^ zh4Ipq!^@+EH#&$I>m zPhdXrHjC$=$^t`*$9}=@ks=(QqP3L;VTjhS(6z$*>a3u`7OPC2)=9W+&p;^2;Q;1; zA#ycY7Ju%{%;AfzF)S&d(sJ%h1G+N(n;8% zwy7mRo?gu+{XpJ$ZC9oO&TY9Sb2^)uvp09WwtnyOM%HyST4#}pr&AaP1{XZ0ZD-v+ z|K?1vkHqD}Se_&a+em;E{H^v_?JTYxbvdE%=TTflKFt&kL|dox(}$pi;Zp3=i22bX zvmecuIrB; z?Y6(I?#jMeSRgj>1okh}wdKYzbI5Xk0~q*0RIo4QG3hJyKD`O>HMf|?%@SIkJ1hZ3 z>B4GD1l(-`H#`&sPzlEC$`Ac5Z9U(F_j@1IdQYxSEUsn|A?^kY@ip2aZlxwYbMfBL zajniab$8C}n8J1rL61joItLpg{4zT?>UX{23hn-e`tGlbsyYc6Sw+~hGiVv#gQ5Za z4g9!6c!pd#_W~f`7-hO8MCipYZ97}=dS~{WbRVi_OfG0k{8Gmmv}N&{tOARB2yVa7 zQ@SuC-4_YxAi%$FXZF|5kh?`cxYT)Yy*?(+fWGu+{E+j{nZTOHdS38DwIl$&QVBnP zT8bD;txoZCw3PCFAlxCCzc;q9U@rvEJ|ksMMU75^uQEfSIfpT~GFN~DJ}s#vl)Y+VY15DwRd z-2ki>F)lL~@Y6TItZKaPK4`>P?L zvqMnd*QJJ8cyx!)sHnnv3{A|{J_jGn8-hM&*dqg%L@!;C6h4V3`p?fh)rW^Zqlfma zUoT4eL9bV_T#CjK_S?7nz{+{Q#_^x}H(%qy_s7$T{p;;-ZaL$S5Fqn`XM;aaXa~5N z*$GdhNoW2UPf{wUf}RH~5??tv?{kAT=T&o>Lr(r1^iI|$lox?y2&VYUC`>C}v8`W+V@Jfdiyzt*Uzhfb@7f#pueW&j})||MuE_k0ws! zzhCdXAO1WhKVKRRTn)Q=b40fkC}A4e;QSzcf7{~YK1{+$?k@7C)jhIX_P21;FUG{l z4b+GjoA8RNt8C9&k0X>Qx9^kIhsSW)x8(Rs_iz^gx^W!E&*y#kuXi`-RHU)_%9?0BOcuZg7^ldv&VuA0k zsUGM42EWfOA+4aweOfIerApt0uGK84;p`4$xB7sNve2Kd#;qm%G zh`Il`o@=p#eCez~34FuCr6>xx=;6~^3lf#be(xnvX-6*~Ev}uIf_&5-s(k`_0i@6c zg>?-IFhhpj!xI`0D*fWU+Be{{ppq^rz2ZmJs|Jw zJ>(zFQa%;YwJiG}juBf*q?yckZi?a@s$o~4VQI0^y>qyxO8Oh;tC_t}&B zha!v2s!^u_GJF8&$-{|UrveDV>JH&!H;HZ3Qlxje67pb0gr#P$3~S?Tt7iWjZCiQ- zo;l&Rr>(wEM+dG)j`6(cC!0bWZBHGmE4yCN;9TgvyX^aOPD;Cm4~ zutED_h^+yui*Cd)pisj!`P5mAG%LJR=t&99x@xxYM(ly7APQvwNx7`W38&Ove5>@Xbj&qG| zJN(_Mx5m@Au`i7C3=qy2>X!7R%S$b<*VF!fFugX`(+v~o31!W>58Q8mA_tjR`so4C@_2!tWCyzj zjqrCcxM-la#g@p}o8g9azK!&k8y-ZF!8D}bxpUs0RbyyMx zC>j~h6!i->1LQEPuLWG#k5?n$tU<%jT}^G?-rlV@@Yl+%DEtSL1!pmcZ_~beX!GExgUH03S(;Rod&1(jRE&DYYz0w&S=g-*J0DX74gGyw-GdN^H zZHw<#D&gWK(VjJU;tvkj1c&BKY`+U+X>5Ler`LT#+t6f)1g2q!D@&|CGRe|Gzp}A7 zI!tuK3vuCzxYS|%cYS^Kt5El$z^-4Y@)w6^d?PtC*AWVd+cDEvG>S!RgrP%OJ_bDI z${IZ@*j?p~G@^54B725I;uh_rOik&WfuGoRr}G~^`28uoL;$N#FP6Mp^>#g3Fx(w+ zfh#D-+@@W-iPxiJj#%++L@Fj|3o)@`)@dP@x2Rf13nP`H0mfPygkUVcMcd+7Ch%&8 zPfT&+$}cSYoQS8HujKq*Gu$!k7cs;AI9=oWK4 zNGd9p z3k9hV!+^~1%Ym}7)>hJ|I3XzK&qrQ=Si%04(eVTwr$2i2K$5fl%Sm7=7v~;zZfAU9 zg=lG6eZR(9AjqjdXT;kcvXsX+-6vhKbACpYvtz>0NkgUR@+gxey{x&uN1YLxh(@;C zC(Pbc+EDS)9t)SN$4J_;?0Fi%Ia#{KM08R&m~|UR`j)@yqyaIy3Wu?sTI*L!1eSxPw+S@GVc0>Jv(oX|ugf|}> zAHIc3pBm8${uUVRF*{wnVQ_Ocz_Znej-fn!|L~bgfzos`1B_UlUimLVTwyvVt7yLd ziz7yKpkHN6{7@fVZf<^Ar>FN@FW_0zKS#&R377VCgmZL_J|dG#y)R83Pq1h zdYX4$sIL7DYd5Q0?;nf20a9mei-BUIx?k@$n%-TGR@B@G(Tq1-Zxj~dPm!E1=OG*~ zH*LRgKUeP0TEu1PN4oPK@mNt`9tdHM)JwjT?qeX&cHT@M|NLorbK0kb>`I+g`Z=pe zO(&O*petl^f_+8Ue(%;vm9vl$&2PXQ=-|ATh?HlQ@7`x6Z&%-?t&L_No-}kaE*V7}OpFg{nZB)jr!(qI5S#a-laeN|+r+ijUf*~;6 zw@+op-x7-&98RMFyLjXu{pa?bQGZ1$ITSb0RRnhTz!67V-Nz@G$Csh~H@kxpZ)LwC zH`ZHN^EdrB|76i+^iDQmMIk{aypNdf7%OCw`Sn1Wf*W=% zf7?=SR|$SzdGV>>f*jP_lNawQ2A>SZk?)KzPic7YTPH{^IJl*Di&M`v z_tBiOU;G?iVO?{EXJLl-wCgX~1-C~>3oyx4Ut4`-BV!H2h3bIBA33TCC6;V8&26eLPm~Kf#b^)Z2oY9x{ z81FZ;qfPQh%eg+#4ek|6teUf-u)Tk7meGN>Ph&bbKYRH^k)L02?IUE*M2RIeuP#iF z?eFgrsFQ7@n>qN6eV?NXDWwl2*Otip$&y(X%0iy*?>Jr8Xn_J5+pAp*hgReqZmK}D zmXfg)YM@LoJ+EcaUPo_yhtZ?D`E>a>8;kvCI3vP10^2%Na@4?_Hm$Sm?2{ztIyU1R zu!liEEcl@+ZyrblZrI)_dNrV!-0zRA%$}c#bMfozW*AR&+BA1K4M|kw)^k7g+U4y> zRu9LV7j_;rk1 zB-+6Y{5dMn)Z*qM?0b#N{(XDP{T^-?$)AUM-vdbcxNijq#~(4sh`WrQB$DzJoR{K^ zpvajaSAMK1s2ASwNYc}nd@ByDA>Z$D`gxz$xWuq54l|;#DMw4yQi#VPI8q1iGNBhh z{T*gYwC(rnYA`VmMlvHHp}=E3JQ~p@bTL%JEgL&lDib$7KM_C+ympYRE_3Pl+o_Io zEmb(*CaAj!qti5M@oV>^=^L&U=bzF|h)~3hvESyWD!T;Up%t-klD)LhkDOzRI!ZT5 z7U*{yDc|5WytEJ{>h{iSk2>Gt6&5X8^*(EsVNiUwsQ|g(E9vd@a4~F%3(yT7KV_Ss z%kfJ(nGK3AAw&z9Y*vzj-|a8Zf|H4r7E?mh-Pji^yJ{S@!f?VkhgYgFKjc|d>FN8fu-~2c6gl8}Vp#QYGzUxuqu3((4J|RUe`(#70edXo*Xr=N zADi{1`=4T;2!GVo=mXW(+nNb{sGQHGeV1lRXP@xz^Uk-N@0qqKq+Ybqu$_ll7wof^ zBmFEv{}=^8ASMqZXrIfSx;BfSRAe~8Nj6|wqq_^`mZdm29=6f=YadFm3#f4cM;|+2 zr!2AVDksSEL@>HP3hgVAxRnHEH^~=@*3tj={!DS}`Q_2x_6kT~oStOR?SsN$_qtr+ zrURx78WVe&kEfA-9Txv(=bvMx@dvhsm3 z@;Y_lJ&*@1Q=(ep?YnLLRP$?wfJce6giQS6O(ka>LFE)BXmn55=2!M*>r*W-d3(Gl ztaMaMs)8EX=PC`}0fYs=Ue#mb7S%W%ELNQ!obg_%q+7mb3_Blq0-;RHZ|6fxEc-`U zVRGuZ2@60rs@F%=&(rsCec9?@FJFg7I`MMwM=(rqLn;_O#cq{n-)^#Gh%yMVzRQE; zKTCY4+0R$$vUx<0#dX`R!%+gC|7TEBy>CV(@tHdmwfJga!7_TFe+KbSoa!jr(gVU` z5rn$2+>|M7;DDAq>GZ^t@DN+Xoq+O5wb|%ubhtt4N~5!u`STmtp>0ZDB``LIYwTE{~_c^5sMkQa{%a_mBV>bL< zUy+pcim)e+o`+L&iu4KO?Yb1ey9LwZj=Nr6iFYm)Io|6+Z`YD2+tZyqBrxy5nC?q8d5 zM)IAUSbah7mDwA*P(|hn ztM|%yWUrPeWGx*X>&JaV`Uk458o8e zWQ%a}Zqa8yJ(OfQJ&?7N`n_^MKX>F$kHe9PV1S8DKG9cNI~X6erKf%X&3)(PgTT^V zyaTT)WDT|T9MpG~=Pl-Bpyimmat)IFhpPjZLByDN>9jt-b^7M=?mNI*NXP;jt84t@ z1H45xg|p9)z^Aa1M&CP^0ocz<^;kB@WB5B>kA8_-qrD{ieeVDYKD?i?>z8c-LG=(F zpD9BHuovxn`x2+7K=R7H4%m+orVq;X(IgyGGho~Qab zV6iZRZrG)ckIVe&ZnIS(YZP(Q24<9U31sCq7o6t&7cWuQdmx}+$ZF?W>2B_9+I)Tn? z-dN+AVUAT)ryti6zII&{aGBPv{e;f2Q=0Af+|b*n`Gs6lif&w&y3Uai8N3KH6-NXf5{LTXJRXjyqn`llfhk57LHwwaWzrLh^ z{4GIRgE)E|^?OhK7)wl+{K__ihiR_N@Q)GupjN9-^b%pHC@aF zOs_&m91YWWYPMz;=A@@X$4eyj7425M;WXAx3+!6SvWG*VeP)9oyx}^&pm+45q?*`;3 z^)y)fh2tyXah+%;sQxw;j#zujci@p~MU$?8M8ZtM?PNp*inp&AA&cQQJe~)K8LqqTzmuNO?*~+zCGl<8ta`4F+7GCS zNi#pRIcfnZX$U6g@AfcAHotQCymkO>WU6NJVZ)@E?*h%d7N*m93l@m@AP2%4{NN$- zd2D`jS5xezlB}6=9d!lZo_Fhn!f4#UIDWu+)8z<`Mw41IFwLdw)X9FYpAyVYN| z;ggDUk)2*~$}r@9C1f#z7Y@}^k#R=qg99uESsWBeg{25SNtI6{0Q^?w7fMUtl;cv| zV0WXun4hlxWHYx9=}$^Ph|y8p(~hTst;sez{9;}-+Gis7UOvy5A{0wL*!lBKKB5%M zF!Y-~5(aZQz~jkJ)4IT!A=?vw%EQrSo}e2qC6vx`PY{;;kzXhDEPW$<$MM$ae#OB} z+K6lf`#7T*>(OmUeL5O;!W>g~ju(`-E_uGa2FwYrys9}gZ4)x}31;AQ47VT2Pqw_2 z@A3Ru%UZfUUeCxUKQFtbyc4@D-wqH8H@iC%`DB27RJpF0(4e;@=DirpJ$O~x$5;l$ zYeTVTUy}6v@Y_p>Vhk!6$rR5f`_&f-g(s{3$(9aIOpL5cSR=IeZp{4#XAc~i*CBep z1IOZ5x1A@UDgCsokG9@*TtTnj^X8i%zN7uOVX2-u&4D+oum`%&U3wDJWXGl{0ek<+ z3vZsI+iUwCb2MNv!e;c4!WQX%BYat?^T%;OACpuhk)0hrzV~3yKN_YfIqp^%-6%Az zq>54d_iJ*wQmiho^)u-9_s`jg!n^3A=o&Aq>_ua(4JsZ2fMv7JM|+4&w=f@EpEJuS z3rlu-&n1!Z4MRk=P$4g86K$bnpb+G{Icw<^LX*YBTI=z-Ibbb&0|jfa6tZOHuOThz zqYK=+rb~2J(Eie0bk;VX_cVeuS<7$nAvGpk`ks7yCpW+vE#_u&Jat+=HkM%R)KXAx zCHH`=f@*33Qe6q|WVUd(<-kUGxt~|Ocnl_ZMe^R4BS z;PWSPIG+wSiNTXh1F%o7!7vD6;$SYX4(A%4NQ(~P@gx?`2O>IH_Ff)u|1YHI7An-K zlcB#)mP^#If`68sXBOjly*MhNk>Kn_R#7LlY6}MQ9AD)U%=0N=ESt;*Ql732Oa-k@ zv257i2;V+1AoTLpcf}~^ntDO7Hm|%Ry!TvOce<0?d=K9Cbv%_HiS<#0CHNPA88DGb z^~e7zVp%F!F)+6x)}%(@V~#0;qK0TSXExxX=@>P%Mj-k4z= zJ6rdxG0q3=eHTt<^uXA9!FD*1Cg;CjHr#k(p8F;27DUPBIqn4R`g0$((EO%Qij(vH`;od}yM+n{V z5rZ#*i;%n!vwuzjeyca=;HHecP*Q`hH%wPAfQY*snqaah1gE@zsUa zF4w{}p}n70A;HMSro#&t%!w%y#>zv&K!Oz^A1u6m zZ{lBjFi2HATHG(cK(?Pu^thS%3n*Cg=D@_p30vK9p3zATcPQu7T#T=qABW%9K2t0e z0yliw9W?9C#Evl#rH9S&R%OQfybMVS*P~3*&#(LP9Z=i;*!|Ony-*QI`Wik8>gm_Iq~tF*_o=;V~E`64?Za;0~E5N3X|uJ4X$02)s>ZBdzOj5X#Zgb*LJ5>pAHkR zDu$3(?wW9R4C+7G^yHT#lKy!-a9Kf;Rib7by2FsyP#Rf2oEGVGUgHHmRKL@d7l4^^ zhxGb{xbxw8e$l|8S)yQ8v7X0|e~7nYLlb>z(w3rdX&f1@(v1kqer#>$z#on4m~R8% zr>KUnk4I~=h^*0I*|c5qzMyST0g=f(_tDT4bvm`|VR{(mhdF0W@iL6Ie@5drq2E^g z$)`e;Fvq8-`sW0OKfi1FuGV=TUTyaInPJHT>)gwHYawV!AR^Z+DTkG>2x@j_GAi6K z;<-L4h!C&4UzlR>`n~$gIWd;}jV&r~*gYoczxOdLx!fK-wKFXJw?v`IuD|hHgd9=v zFI0uDvKhoF3Vrzu)Z3kI;=BHs_Er9!546KL94{HN+_x*2$H#}*Jw6?5q_v}Pg)55F zb`*VHjJ%6G`pS8L=pk9oMTq}<rufJq*Vx8kCg)N-K`xTC{h>v-;(A5$XD%`_7XpYD2` zedw9Jgs*iBTK9uP!tIw@gO2C3r{CNmtE@CV;PLOBQ|6IK5TTS=3fWd?s&}6{2ap2! z@H?+kmDXugdiDU?z zhPu+EuF!^%Hu<4@|8|D+YC9ZQ|1ag1vP9oe_^H38|x5q<)&OkC(H*Fw9#J zBaYtlOgo797L2kNdn5jx=KC~{qheloH6f8IgAdC=V=HMSpngRvll*#_6xT5^Bot(c z^ZWc=q4+4gGdW(YI z6-nqhojmC$qLJgxa>Xx`JcI1*KWXWG1$6mUzEfsbdp-`&ca@>FAFgJ2S19Hp@GjFP zSj#!OwBzsvUk?{tI~jZE!@XZZ&(O0xApY@)gbt1qZZ~R}6HO+Ht}eIfSE=Jk zK6zp|^L^8-Q*asDyO4}?a|>s0KNUCS?Y+t_r*^Ke2rH{JX@n94_4cSaubVKDE?Q-` zw0ohyeWG8W3V!eLm2cXiZqaSFeMuNi0}Ld+LsZKIn91e)tYlH-Cyvb5yQA^GDV$2B z3MDT0%q6$`yAEiT73lm&pz`-EgyBQfv2k?olonip^vI@nY&4?r^AwEAp+;mU<@3HI z>-4@oUF$h|Mi7IZU5y^&F5IsK&M|G{DRD5CDAbaTAnWDM^V&8J*uGjdjup)uX6(wl zAYkqHx!}AjE>scsht;DC=Enu{(U~ZtkcJ0)<(D;j5y|t(Xk}2wP%$%<6-pl!QzCT~ z=<>~-{YSL4Fchr3+0<#e@P@IorDulxwEMgN+-N@6u5KxhEm6-IxA0jo<*(NVSC?p8 z!LQIk(7fa?)J`nut6()?U9QuGx;s%Bw<>rLsCx+IMtYvuil0fhDcBW%sMGe^CF@EJ z8}&EJ;Vp>iuBKgtPHrLNciM}#1e{MBYZdwh|Srzsd%2Tq#o!0nGi&`-kG2(IHpo5l|i9BZm1rEP`I z{W%c)CnL?@g_EO_xEwm`@krFqur?QA5{uwoK+9k{24&mi;kiwnPrDu4q6jja{cYc zr%y(ay1$K#dIG|$2{;bI{PAetsb92p$!(-g?oh2R%J7Ra1a1~j#%DosIGKcRZ5|*Y zz7^EHc-CpQ=J$`PL4%eIS7ICpsvnE}z~H}CJ}1+U@H>PwHig36pmW4uY9PK*)s(>2 z=PKZaqi=!pLq2wwc8f@_1ZJe}bEg}#-r@7)x$Aamh~p70be&GzPROCauH_+1K|7|}dpmQE0nuW^`CL}NH*E$I=){@(@)Qxbm*WXIYl(U`j;a4h5HgQ z^&@qqoDhz?MU+dw%)5r-=*cXME)*fvL_w+)2J1%>_bXo-rhh6Qgf$j{2Dw*pP_N?{N6N{3}4p zt(m+xB-N%ncr?_u#HR@2y-gGJO@#o~YWFIbc&+as_~$o8z$akz7sq?TJL6kc&i(}8 zR2zwsiiTA@Ln~vD!VvCl#Mwr6aLl^pWe1bJ%Vqk>)qvD#Oao7 z$J3`&bvERBd<1yo;%Cms8vs5z28Q^RBpjGhK>dE`>`M>6c^5M3=uabPB7P12>nj7Q zPkuL@@mx=gAK_z$cgRdVE_jo)LN=($_g%YRvt~5wURve5Yu|p@nP=>F1ZC<+Uw})+Lo6Wlt=P_8i`NjV2>CV2oR zez>KeFNS9bP?WC@svLB0xG2v)H+~G%Hf`tk@XvXHGlvr>Ce}sQ7J}m7BexHGyYTy` ze!VINN&Bj?nrgWVT&^NcGF)@6>tAL70x3rHCaU%V z<%2a#Q=Wl#t<30}i|0>Z4OI$mJl-emJj7Y(&<-vz{qSroGeWeARRe1?}=~vFgrcF@?z50wy74bVuW|PXt;K}3& zFz+K^NMZ_e(&LaH`Xl2Vba##6SL)wh`?1Cw`g;dmdgV6jl1yYm-lP`x9R8rf`rXPo z^UXNfx$EBvtM9k`n$qx5)X5ulSFK|X4yR!Gd$PyByv}!yW1_v}_f1Tl`LN?Jh319J zdu|WUIi&HwNY+2!jv+bpH1wN2D&+z*G=^&<@!XvH4(}nq6!Bk#-MjKL^l~~%a3}L0{ufUgZ4rM2WHMvAd4Dr6src-? zE^SFA20*!oKNtjF2c_Wy>38WvFLYgH>K z{ntKyx3+6?)3O^%n{p>7o`4*+vb4(E#Plq-NVV!8<+DkZ>76KhDJtXT%})n!E*S7% zHc?Falw|BRf8S?w=mWk*z`?K>KLj zxGJYIw0jh!*K!35*rjQeHq%bze_vjAJUiHL$9YTZP0j_i#Qe0vJDj@udCI>qis9{% z>c&qX#+=YuiED;VZLJ2=ZefkisTTldA!)d~3S3W!FB(F&cyPYoyxZXP&1ED`%s~sJ z$Pmt)Aii+#jcajL<7j$YXy8K(M~IFo-R%nP%5XK>uhwUVU=c`o2{iVl$)w~S3dsHd z*Qn*I|46&z^+|W>t3Bdng-TV*w?coxbedx3!f9_HX&rNCqY8E$bjP;gSbez3Dn z1Ngp+uW<$7K||xi%Fjgck~JQqM(K-|PYg%GTSKFFLXKC1kvU$(c$e}3W%+6wrR1}3 zs?UYctnB`^l%>X4R^qaXEk0@lz*jQ)O2<6jbXV6{%)rF*I=Cw`_}mOh?UGebu^>!% z)+fEKo5wg_D_JIZWM7Ogbn*NJLcYCMP}yEc7r%Z_(yrgdx-Sf#$QmOJXw{!a6<73& zDE_ZkHx*L+NZe-xY=wW<*6<$RGnlqZMo9ow%V$?D|CIbXnQQid+VMWU^U|{<(>{2$ zlDUV2>t_*6T?u|{G#nT_P(GCN4O9A)ydSkP_oqe3rSjC;Xm-YtMMvQ)*G}pehVWfW zyWR&cICo!;CQp~*Jc6&P73jgiU87*t;eF(pg7>h0RdHXa>@*#Y_i#~g5h|rXK}eDv zn;iC*_$El`eG75l2S~P>08%70C0stFTfM)UjfXj>KkfBVllBa1{95npF<$9yKT1lE zl(_R^P$9${*$~RRio7de0Q4JMdEP^Cs+Wj(vU1jlU!Oj|K&y^Nhj6fyi!R&dl{pqc zM^(1pgHdygSeH0!dscfPfu;eR%1#SzU&)WZZ`!mYw6}w=9(wA`y0Z0Ee=+keq|VhD zN|h%Kv52v!K|||bUBXZ57S;!)9(RO?PK^nZYX$3?Wtn+x8Cms3-aeB$vvHd zq;)3G7Uv6$+3hz-CAO`Bl4QS!2E%s#jZ6Txs^?zO4Zz;ja=UCB)H)Y>s6epsYA-PCpjTvJ39hO=cNLhK5q>l?-xo! zMAVlie%0HO*8RX4`#CgGGkuNknq9wpRyp9M!!3ch;Ve9xXs6jIJpm*FsBF31pV-KQhn(i2YIH&w-g^%-pZ@RXO~bDCn9) zbGw_da;V)`%ZM-r@>)t?Al<}+HYI=9ETP`qDJM`oeF6qXn0g6X4D#IM0~X!cor=k_ zMx?jC?KdHb3%Ry=hIV7Rkw!{V-G!;X(*gKyu!TgqAYgt$0+p|o6ujf6MT z16Gmyr!MOUknkT-hdmYYYzQ=-iIgo9>cLbDfU7yQ^=m^6ny|N3#`83!g3+~T$&4RY z6Hu)0bCAYgr#)}U;8Ru*C*4=}csH)z1v|et+67?Wu-QJ!j-(03_*kNnI+{}pvb0P- z?UitDMUDc2w)ySR5T2CADy=}F7h?Tb@G-<*j_C0A0wK6O-zik)uK%363^g$adg7`( z-hTeszE{~fJ}oWMVt!kGtSDHM_adc)ec}T0!96dnKGV;qTewU}pYN6JoRsoadoT)V zdd;{VM&exWlMhh%Tl|KdYclbBBNN{Hfkym4Nmx)2}% zuqSFL&7Y03wy+o`8*~0vXIuC~lI0KQ{5jN|RgH0!qW|K-P;1R)7AGEW{iNscLSS>- zZ#p_Van_|o&d!j$;wde%WYzStO}R`M?6o*M$#_r!!-}-~7w3IF1owtFXGNpwQZ z6LvoV5M|iw^}UH|{xs(Ni0Y%XjyJKrkogm)bTrDn{aO~k{h~itO21O%C2ov;VQYG+ z{IFMObf2CdSnF@|9(t1`NPGfcsq_wizFT+E>@h?t*;51FYqiEJG}E3m|I zh=}wd&dYmV5QsgZ)jtH8)w15V&%APi;{_UIU$2uI6Dn3jx^+a+P=K|PU}@TIyR%37 zEdRbyyo_MN@*8^?nCso8f82I~D* z!;>iN&ENgC~;!K8#}sE`eJw(t6zA^1zp0112%`~F~e$*@muKG8L2r~Qe_A5@ShQb+vOH5q|9!T_cxDDbmJ%n@pwcFZ;nPD<;}28rQG<{2bm4gj!sn=eY@P z9-!UaV=g_=8-Y^ZMb=8j>jFi00)BPg>ponTox*g&`Js&L%lP7!A|@ttPGYUy>o-*D z9uX@UymI%;q_}!VsRlY_w3^#e%5PqLDoz%k*2hn@Z@0(AjtA;&+~9xMLpSLX4RD&+ z(7m$zziY}=HxMr1$J!L=L{bSv$E#c4ZoGHu(P)PkiH3t#HS|LwDNM*8E>mytOiS-P zz~HCrxX6R1c<#4;-q-8-E4#1gKBStA1I_%)p|JZ+2mQA8-1+V#`)c`W_okWT(Uq#I zWs5xIM3r0qDTMy)E*kT-f5voV(Sr8cqu0mON{4x;+_3^~tXnl~SGn2jt%qOB>98^B z05AayI>jiIKl9h3FF2KCBd#BfM0{6o4{^x5Jse^Twzne0^_AxSAy2FZ28AvoS5p_K zP>)dRD?f1hAw)C(I|HQ;`#N4&5OQvZ*zTJ4YZ+9Yq=$fNJeNhQIfK$-2s0)FO{4gf zQbn@eI~0Ym9A5;(MQN`Ud$vNUU%$K;(iONsEIt$k&3JhIyHZW@KBgz>pln3ka=Hgp zBTfqru@%F($-D}jL%!ys3>2<;o&k1vzL1vAo>iDi{VP5$Z0mr_#4Z_d1JC5p9)3ym zD_l#xk-LuTmNie7!)=~IIc8k4->0-c&Y|(0Cft)Qa=Xr+Js#Z(2|hLg%NHff_>f-q9?wm1yh-f^}sIvHOF^=0sOGbP{TI}Us=SLWd=`1;gwidSB9r& z^Sdqy)*G2N5QFMeH7+rP;$ zpq)$jld+hvBpamsczkBr5r%MRU2ow*D6MLOKJQ2_S*+Y-JzSgPv=2&d*q;w^?E<}X z`--0m5k4N(D~o)8ZR@N5!UEO_NhFJ@y_(lZ9B>eDUK>*D9&leWAbdDE)I;?Z2wtdS zt-}ku_cV*X%Aolk%Qi)qO`)woy?1V&>fo#K8OVtiSa#Dz(Q`RByQt`|PGX#rw@?v*_=W zGy;g|J{vvvrR7t5aKl2#+DY@QcD8={As53*JMk-|;(Cq#`F$^{E$)(NC7$Ks;$L(? zUld7R$T&!q&}D2Dyf^{r*?acf_b_1eBEKGrs=C|A@`$~0y-Tml^+#~cJ4zwX50&z+ zn{VO=SI&V>l>tekcX{QCRg3pyqnU5Ic_r=k?my=ev1#rnt*DIkn(C$ij&piqc)y*w z3v7kyfNfX1@%)qM1vx-C+Vi<+ylDGzsH$lh($A+sXX&vX*ADw4C3OH@lCLa zKC@pvCVZ=E`PZ8WH3R&eSkHolYx>iTD7i>%B#)#!%bK^NagO5OJJdWhcF(H7E4JF6A1X7Su!>yvKa)EU`QDa( za=AexA#`GOhz5))<-d9nQhl{~qnAk& zu|bd_%hpE-0K5z=2s9?YW`aB3b4qxQDobHQszcbluTWjY0$)4bz%>7S*xd+bpY*@H z`h&XX!po(FR){68d} z*^;6_5Ji89MYczFWJgeeHw9TmK>>lUpG!|f$4oDZh(%RaX5Mqx0~(p$7H}sfcD7Pb zK3I5k)D~du(~&J^aVsQs<3;s&X%7`;36mQfW?t~Z2lLKKa|78i1~bX&D*1TVj6#>E z9rh}1@lmku#5XUv;XZztxtOi>e14Di@$wA^8C`UVj}Hp;dVuJa`juCfiHbv7O^?Cq zb1T{YAch-w1&`{Ny#~Exo^+CL-U*}F5NztGrk6*vl#sB9Y_C3uJ%8(neQ1-!%d7R| zYNQo+RqsF9;H?e|c=BKt3w0bufP-U@>yPox?Q@Y`m?4Z_MQA8BU4*IaTU&o;lZSwx zp{~cUZ9u%T=A)EFN%!oPM6wR`)wnd@6KqJJaqfa;3xwR_OyGNel}zq4<@bB#U!#$N z`$WT~5rLufeWoSBkgNBgD#JDg+{~ir<^X|)BDxILbY(n^fQzm zBV-D18x7RT<=J_iFNIH^qdT4}Kq~pOH<2~%p%FCa`4?uyC-l)>Rh4P>`i90KSu^J{ z#Gp&vcy)9O69%^OEbOfpFb!sB|L~v3cXQhBbL#UnOVN1L)7!jN&{a>*9IYj`dN$5G zG*EjH>w($w6$P4)AvFmqhv31j>dtp8y34K>L-+XhI2a!MGE=vjzEtqV!cI2T?$fo! z`xG)Gqru*(Ymv$hq88BNr(;D1V!3~g_&U0BN+@k(Ed#PS6O$c`RU! zx=#P;;V0jZryQ>Cd-_}aHxunrxno9;p1ovSa@nKuwX4sR;GaK;)A!@IL)e7FTr!+O zwpT?B=YIYsPgj=c*SH`AmVQJ8_y#JZ1v>tlz=m#*u^)y1>}@uwK;@v(Y*(qgP$!4v zDfo~6{=Hk|i{h{olK9Z%sTnDVAIk>QDa`KId+-$YFpP^LtC|A~CNO8NTMF}dtJ^ke z@G)rTFa*Gd)jOt$JVAT|2d9>$-@cjl(3yO6Z^zej6_aa@DwXnVXKb?Hz0Bhk*>+`s zkO+&4N|;M*nBgf#B*dZt-Z|Rq`xfpq|HV7K)9I%KQ>-mw_OUBzZqIs)eI}P3_Q_`0 z*P`pbk@u=U!u(yd`b&f(zljfgC?@=+u(mE2E+P7z&n~KtTXZBZ^bux4ZU3k<=X@{H ziWSd#^4f^F4B%*WxSps%1g-ehx$w|ps29=P^aJZNk|NxPuy)?D$Ungs7XM=2Spb)1 zbobJ?{MJ4CxU9d_HSwdX1rCPF`?ragpn1tr+X8#pY|Yh~5$eImS*T}=*<;)5?tLM3 zt=uKVojBsmmCy?n_U(Syd)tOnfTcu=^Qxk;9KD7{gU98*-!MX1OyE7WWo`Go#nx?_ zcciw|E&cu<4kYL6wJ4sS>OmBO<)_ktMn7W3SHX3l$VG&eXGWKuE?d~?I=OzO;qml7 z4*TLBHcB?VPbWZD#v1e)#KQd)Yzu>8P}d_7tc~)?3es~2ADfaSW`aLu^0Uc~pQA7x zZ{)ky&Y#nEZY#p+PmgM!#|%-enb%+5jmA~e+)+Una3_(x0}5;Z+U5hw<0tmn5}XaW zeDr97TiNfq4+)XNyD2d^;fs+nSd5#Hs2A}5O%bj*RiYsq7rYPfee_$kKc=JghiZ?d zS-jk0IlM#Pv|q{3dF$jgIaN`QCPMb*Kk^SejF55D0jB?Cq?*$6!$t58<=j-EEj7*` zP&2|h7yT6t!bm^hl~JH(l6?3&OzU|#B6eS$>>6!@m$JuL)?eWoN9eo+V%@%NG3jY% z|5H_|cz}}AGLeP{8A#61lE@ollz<5EmD!2Sq$^o>`9vtouV4#iQC39ti3_3baUfc_ zkdvl#&tsMSeSdMLo3CHG1PeK*X|PpKBdbUjK7uGG#KJ+}#P=JmVH453+t+zdfBdet zIRy17;$t~ZtV5PoumxatIn%t5Ie zU4%+*orJNNvZbvwA`*O_5)gh}nY+bXJMDh*nmXmqFuHP}RG_8Jd`WYlni~7ZK*0Pb ze7Q0qFRv~$s^P#_$HQ@^gpMGX?Z<)8H%`6EB+U$k?rd?V)q8*u#$a%3EM{=6|21*f zf7;8h-IufLMPoEQN(|HOnfvST;au_Y?>yn-#XAoDnT8%l8*mTfq4eVa;%1VmusVfCedU5Tf^s}qn@AK> z)l2^qYM6oz9)X<;W-7>jW7SigkH~R2M~R$?4`X7I(?CnmAy4NvBV~RQIUeKZGY|tM z-)3W<-MS@tTv??=QvXrNHdz0LRVgN&X%sKtWOTz~6pS(}zP(JSa zOGlB2hEBzhj-O}5vFzu5JPas4p!vByG~b&jb+@AKU!1Rq{2(g>c@|xW8qvadbRUm> zxy9G+G6x*`?@iGi=T39)HtX1izcHu{i$cfiVsh1$HBYu2OoTb6 z&P|_;#4&A#d_C&JP?^uTG0-;R{gxA|LR`6Lc|qf{!I?v)IpVw(0|&Mshez_#nb08H zM)AE9epkWncV9f)zIbsb_6vEa0?||;`!%)pR~1?TKArf^1094|iN_c)RV9Lynl~ow zrZvK-*_?q#>@Pm>_9x08acA5};#^kN@=;T)GbdVpF0V?T8;Dv~CcTq*y~hOMF?XyR z!~PRHyf5pq_r`XYY-sW?esosZ#;;ogK;!XHF&=|wNrD4`U!F_5`=N#buQB_%=Zdp% zX!r19SW`HA#PvpkT6qQOUv|K&RVz4$zzQ42@zXKuZTC3S9OF8M3Le~Q^|uKK5kgD0k|UhzP)W0eY?^OlvZsuA zJC=s0N8Rfc@_|>fKCP)SC$o7Z&e50q-+tm2e25J{sW9hDL(j|*pWcM<)xVJ4w$K(0 z+aA&e*p0Xu6%6L!0Nh0uD{nRAtx+srlmkn>yv9pubmse)8ae*2=<1extC`;qyI%=9 zm|AZIL*JzGp+k}l>&da%tD46dQex!EU{!=BKaU@5inY;}P%aTUGb;&(b;3oBEs`2k z5~np{1sqR@^W;8)eI7xF_H}rrFHP+nBNtb`*p5WatjaOzO^=a%3uAM)fLB^#%6=Wd zj>Wd^XI{XvI){ZPIR`_ClQ!Fa%Hvf-z_Tjo8~hZe%|>*8*FK_hpy4!sL20(pMn%zR$(GYAvfYtvnswH{ZZ@B)~0mXrD z;A~W@^y)=$HO7y`^=tpstr?HI`mfGx!{y)lMHYWaUwmMshlSvcuE6^}U?okspXeQT zCh2i*S`iFt&kED<>gMo&W7~S7X2a)kx8l^!@tZ3{MiE1e@RrMVcYljhe20euYU1wy zD1CDkZEmOTs-KFB&P`9BMc=g^u6sNI9NzP>k0{}?&#_Uq&n52l2kjDmd`0s&pilfM zQYq>N?XGM{2cP`hXnoqRjlbewsY{8{cU*orzkzGn_U!~4>=zNO7R>%(8tMx;1S%7G~TyTIG}2}$zStwE#+|EzobITPOtp~Md!Qh5huXbbzT))OOZED zh;O)B+M9bp^QNBn%L%#O(!d}}Ov0enh|4#BH$NI5;E%TVVuHq;w>-!%t>?Kl|M_J3 zRnT9T(>Yb0Sal}Zs7@c_H4uj@9O9|_c%!MyYuyI};`II$yY<~R$a9xXi-sFy^vic5 zhlj6-LiCS+Y^}#&mq??6vtLl^CJ&za-PeCp>OuS;E?~uizIe^m7VW+rH)Zih*7(9b z^6BHJd?DE7=M!=*X1pjs;0kC+?SGM4RKdL0Jhab;)Z#C?)ZiCuzSi>1{5iE#X_jfq zLI*_|er*6&+xsWlvj+AaLbVFoo(tHYI7%lrM|ZLC%R!81z_y;0E4(-@T~>RwkU<)w z{*#}`%dfJ|^ND=|=c|eNn?blJplsDWT*zM<^C{n8RXwr#Ka6)KLI~84mFVM@*GH@?& zAoAPJLo^hv9y2^r5Mu%(5T96aY*5by#|M)AdE8qci?pb_w{sJPN4_4GP+yHbG1eyn7(#~HuKox-96!jl=kZx z%f}|ZWFBZf>MM(&>w^s7>%NQXcQcISdW)1cfFk^$g=6Pz5w~9!pnTGOC~)?4(Z%m8 zgd82VQzjgfQim>t!&x0t12?cOHjk>)uXX6Z2=eF%Fs7zx|Nhb27moA767<_(QYiY~ zi_PTga;Kh~avSyw9ZjTclFa9JR`17@WY1mQBrnSC)3^1lCJ8(2+d~VsZyw`Rf@9Pl zI`NgDy@(mhLX&QsuUevkno}6gKT|csqWxW7q!?c)sL6jmPFce!tQR?Yv+SUw#&cmeJ)HL>vEE+ zwMoPlyhvfB!Ughig@sI6!|Oe@`>7LVRwT!L5#jdG(x{J?rE!n8qOYK!g30sP2Xs7< zH<+U;@V35lDU^<{CtrBa^bIeqAA)t%dC1mR_M8ca+k&MSMg83XGk8GrRg9SWrBV;F zD<2i}YzrKXR;bI&gIue^(KtV;YAQZ$jI~ibt|2 zP9NnNMLecMN-KCMY$)jO92XEoD69;U=}9-DWH1{`&ci*t@=tAn7Tjl8zX&DzHF;z8 zuVIj%Z6;g6l@a}|xMF`AjnDvef=mdxGcxxN0VEpqN6%A2lVstiXzL6+ZP@1 z-tmaz_M<_Nx^D|X)SJk&`Um$mjlcJb?&Q}F%ScyDFe~B(&P+(vY1p1nh+`6n+m!iR>+K*oz;GPueRM1E4?~uky&eeUa;~wRyE(o80bl%V+_fC5 zGe|A?@i*P~*PqVSPdl%V>meYB?X(vHB76Lv&e0lq7n9w}eYG6QBR8cDdLq>N_496* z_p}<%-^dZq*h%4+a+n_gY$F=ul&0F8{Ua(Qk^jZNw5?ipkBvb*KWNu0{sPmOYMC&o zH6Txs{7HtNLX{A-W+bZ<~Vh?35;>=b5{xh#$Zo{vYKU z9#TFPlQ*ZA{9*spFP^iVCo>w-yn#_w8c!en>L%x;UqkD)utlUq;gM4BK?9H~;p<|C6QYyM5Vx{D!H_r0t5L@4#?hq~PNw#PsIm?--- ze({AV8#gSs#PW-J?THgqNds6b5LoZ~o8g`Diiz~vTy*mh%N6d{(h?^Wz>}hk z_EL;)F!eh`65VCZ*diFFtTzNwtVLqehXtOvp7{f^t6l+gBP58glSRZ+9Bl;s1B@h1 zh|r@wO^QV~F9~bU2KGY?<2JoKkuO*&;Z&Y|vaB;F_g;1E3id#~FJSY}^_aprTvndP zHaca$X9Cc9%`JD}QRt0$w)b4VZU{m4d)ZruouiC~^`lf_@@iEHB!0B`e^DeGUJ#63 zXD)E_<70n83#!8v;%9t2-tN}a3XJFakP|fSW#{kTWs-X$Tcs`15wezj5{{;hCjBS9 z-* zZ(!k=chuAAJ9KZM2odksDE3=(pVrmi-gx|#t_zz!+{d|z(lPqIH@Qj5gK=8j?@pqZ zzO$eCH=SGPwbrf~brFOM0*HOG2N6IM@`Pddx1b6GfcV@Laoj~X-d#2^Yo+66ZF@fy zrhcfU+)32M?t@r%(nJjJ+8bpb*?6bgzOLjM^FTj^C9}NV{qD3Gwe|64?H-rfrWJBp zh-=bnz*mD5tuo8BCx46`}cc-Xc6; zP4V#eo<2y0|AB%6U8J8)sTLfeP>2ZjypH(R{l~XZ54WWH!t=OVtZ4Y0>ixpuiIy(jvRS^~U!$xWUbR-fy&EiAuQc_io_s>sl1UQv!My+0w61 zVAcrFz7A+GGM9vd4`FkogXGdXr?>6i`HA$uFS5Hg#G7ojU%h@y!)s~ z25I-C6~!=$E(64a@&L-`FdOO;J9R#JxKxK%X=3`A8t(LM_fxJU@6wq{)7P@GL340=O?y1? zCx$|vQo5;&!_odTL@CI5DJbWs=tJFJwC?zoln*Yw(&LMx4p1aHe7cnoX|mi{xn73t z*M374*}Jbo?md*ucwPsS{cYuxUoAsq+4zpFL!H)>+L!aSh6V#$vFP-v_Z*Pa#zT_J zp9B9(j2jy-+k`Vt`@?Yu{Y(Apw}-vj9)LXbChV&O7@q{7EEq1MKX^K$w*4V*RZg9o z16>|3hP^*a7Y-jXwCh4V;8v zMzheyPaD4hvRYYA;*u}q&sr~G?hBL3U(kGZZh)dW^Wi7?>(Yr8n176dBfzx!EHky! zfir}h^wmr6OCfT0%Jx?Ht!`elQZA@#zt?gid#|;=58I)jOCj`6^m?q+>_+C@Tr>w} z5!9K$Yhfz_U$EsE?q_xxgCk*K(kS!wo}o?A>%3v5B5ZNpUxx<}?P!$0bCqe?VLPnx z2eg)QkJdKg{kWwWR#hkf)QxpUc5FL84{=!kvy?J|t!@CRbQV+tExKj^R* zaSGZhy59U9+v~!QAbut3a5%#$MMP%dfN;aR{5I-x+MFJ)BVxR-KjP9Z*0LO7$=h-; zl|RzD9;o2DZyfa$ujxYPgbkb^quX|}hR^Kd@Gmuc9+Mf)V|hB2NipMN)zkz2$<4vj z)f{#U+QKR6OZ$oXQ{_s0GKmkx2u2Lbhwvmc-aj_GMS z@TgAF@*@9+_ne=PC|yfhxaLHW!E59J2y%Npd~^Fr$55O0byoV;q8!=q4c4aUR)<2x z_E(rH1-johX%u+2bmw>1?Usy8*OH55f4|SAZVzxZ#_6rxr`fM&Y+v@=r&gMFDqITr z5+(qQ_B+&4Ii$HRU%t5nXMfeO`*q%d!Y_A3LpZ{4)LiMX7zhStYp@3?7C z(l1AJ2oYY!u$L%LF{2+BVR%m7@l0Zsp!fNuHQeJ3-$*YxzltgCeD<3~l31t^SOD_+ z?s(d_706)BTIo&YyXx_PeBbDNkJg9Xw=ODbgrDYVQTVzwA)>_ z+S2%5ahx~wg9v1cB9*e_b>AMb)kN8J^OJ$L`vdUmEHgw|49S(nxQesyS?h1&v&4huKQHBNxl$Q;6G;r^wg?#%+CaWkgUR(%0}sI*1%J-w(q+C!p4u`$W4>I>2R1HS+*8m@g#io=W^uTRUTeu zTVD3C?6gE~BvoqrCIstO{vll2419lB(eD$YHyUi4-ec!=1!yk9r$4%0xraK<+bJcI z5-0*ZsdshatHU!3(I_T^%D&1;QJg(_55#}6w;Vm?okP_KOu$i3M?RkI5G~h62|8N; z5iHrb^4)_JFQ^*?GU!HYZZsILc)ECNC+DfI*~8dxiSA{*y^~CtR86e)OGNryx+P-{ z%!$ZGJZyze`N4xD&ttFANRojJRv?gpNmTbseeD@c1ln6D`DuB4tHa^Qol2c_CopXL z_gynjm2zembK4(AjbkBsh)^YF(&j_fxn$5wsY2s7!drL>PYzj7?-jQtM||hRI9!O~ zB9R(AMrMk)CDo|CrL3=vnY(K=yGn4N=5cD<>oM6U86+6LiHb^$w|;h+OpR04S|YlJ zZ&`uq^Lp^sDUSoe!roe2Qu2)dXytTrUe&PwMqt_xMW#NjzMiGC)BqK8z|l={jZykXw?2}Yq*wO_$=u$<{R-J_mec+{EljaRAXbH|Kt zZFb%V+pxDvX+G82qtd>9d21jR)2K_dE&`?lDLx}p1!nF+$<{Vemp~>Fz`G0-z0At# z;Yr9&p1Q{`*E16p&%1Dlhs*;iPpMq)E@#I$Hpk{7T(9x$9|iVt2ArZ%)@~@A`h43z zkw+L#;YTO0mS)?B0e9Dd+g5#FgFeyr!E#V-q}1LN0)ncB%hcS<)t3=kg**{k#C_;?_`l84z*_U|zaZxAcx^r6P$R|Dvn$LzU3z=qT#{)W;Z z+HXH5W9b_Uf1h?o!I0E)Ut<%lTLiPEJSP3}j#~5FJMC5)vG?sJfZvJRa{v^?z8etjwLrYfZ zZfLtAK4|<*Qx}G!K-fqQL%;^zC7;H=O3qHe4+DG1Odx0Y|de$ z@{abHR~Glslfq(6&|_LJoqT4&aI_$rr~A};qeZiMrJYCp_Vtokw<=Ccg?g@rR~L z=*fbRufrZm@~E)vmYYL*L%1DCS>Z4IapdVA0en*-{w7sFW^KcbLhN{+(-nL&K9l*) zpU*x_XMC`a*K>H$Qv+mMRCV9V<3{*64LX_+3@yM|o=4-&&pt)({L>c1?8?d=<0`qa zKc$^s;pjX+{^~LJg>uiw46UH+hVoz$&A$zbem-#Obu>DPbgyc{?=a4wqGLK~g zG)10(Ye8e4McBmEtlV;VdFc$Hge_fEGMV@FqWL~oaKZEN7z;yE21fC0o*U#P11J>N z@OYr*+ZGiv_u!>Shq8EIN{)5zR;C&T7>m>^@_B5CZ`+FyPIOw-`g;!wJ|FIohRje> z8Jc_v*xecm13B3`Ki_x!eO7t;Q*u45un}lTA6;`?lAS5>z(06YOUWpne)6_B(%)8w z+HWM&2NB+&*&*3uFW(rqR`t=r0=98Y+_@u;v*Hf`p7Zpw4pDfe8{nTCuYAduBypX1 zW4<(Ny2sJNkRfj!*_kMKc9HFLDGU~rTXO*nt)1b}z+2LnY}5ns<7#9mwS1omZS1Nw zkJbtYPBr?V3yLYLOZx;&Z+&%46Uzyzmk>36{ZgHeH*rtPBu}}2BK;$+zejUWhOb@~ z+5uLnFP5M%CM562i8_0mr!+cltnq5!lC7eb@bact04C>UFDaPh)fW$zz3<28(|e$j z*1P78e?Beh8MN{6Ugh^I9PA(AGst%HCQXrrR6Q)gEk(&+z!Y7TujM>rZIbBbzVeaa z-(fG2p^DlSu6g{P!)Bhmlhb$BU3|fr;bi#h_kKRKe~q)30RE(x}Lg| z_ql~(59!a({_evaN162Q`lp3UugrSRhz+6{ETD7?u~TyriXtu zIF!Q5<`Y*Ww(%By1)OoT8u4oIs&nsjKbm#o^vGS4jX`#>#^ZA>s5`U10@fDnbiNgF zLI&Qk_bpp~qcw$y?Y4}aw|qrrRywAyr8Dnn6^K~kp7Cch|0QJ_KEUl3<9c3`hIBi0 z517Gq^QPnRP3Vy=P8|7CL7V-9!WkS*l#lUyw%-cIJlyoUV@F+ewWM~NQIfdAqr-Yb zp2(I?5lQ=Jo+5-kXhsHR{jns`n*;RoNof309fx~~e4g3sS@uDPvQE(D1|>_`>Ys<@&sL2ZGJi4Z?YQ1Z%gKNE6D~Jhns=FVh|Sc8{D+DG!D2rEKEtucs~{_yNFkO+{C{L#M)FJ&~|J|u#{+s)eg@Om7+xbdXqu`i>n zKECo0(+j@yZSQ4kIZS?Xhrw?+w@}uY?@-4tG(UN-^t1MQ(`t2jPLs8d6esL?=vT0A z5W(6$gLZ+lAC+|h_tQunH$u-lUWzFoWA~3K4B;Wv)v+C2SrJN2{ZO0vzWAI)fVWYa zpIMRzGb(&_r`nqPoCio|CUPB4J4~ngDsrqvV!u`9`|$Br9{K{?$M0v|gEP zYodmssNT~iQf9}6NBEIU*SG7=^7q=u@tHbhL-=IHxhjsmG_>c*9^8J(R1dwa8+fGLc?xxb(ldVKT5>Kq&4VBOqBGS~2LyLS*oFd!bkeXqQ( zPba8#F+wc;ARps!$?ks4bq#i|Ap~Dt&Ldg8$HAAru20uCR>VDYnO7vSpVRLZ)SabL ztSi8}Z^a^^5p=SB7O9;|Dza|P$?2HKY$3+(3@oAVn66@!IwMmBIs`N4_mE~b%)CG= zXb<|L8yzl`TL~A4Z>wgLs^J(VnVSB}lcPo{W>QU0qRf0hy}bcn6Cy=z4u9J$)f_69 zcCznyMSl7Gt6Y_Me!p+&2i`%k#cYUotnF!@UlZ!bB${tP%?ZB2!o!S-B8EyHa+2}y zFgtfhsm^}I7FK&UCboOP)|^b8ea4A!fS9=vV2;l7l)RVo7_&w;o!|bMy^24#vwcaU zj@y)G#rT94C!6QuF4YTK)Wc96_pQygUQ)xpw6oE8koSC97Ri3b{8Shp`$z!60RJ97 z6&*3%=+G?{>oZDlll{&PP7mQte@|Zy+PcA+1?riDH}o854;EnBh7*tOfL-Ny5~~Iy z!?aN7%?=nXpJnZUQtX_kA82;?5mcBl=K@rev+_P!Q zU=6&~=w*dG#}1|R1s=oA5}i;wA$g+u-BQyQn>l~I+{q4Q>5qLWHjvwJm;z}G#{HI! z9CAqL{@@?9e+-}Ts4~S5rW+sibG^I;{-sfmJ>F5+!j-Cbxh)&x#F7Xe_-{XCjUiU(P_0* z2Py0=V$ipKe5;KqwHVYADHyTdGlunKaPS{VKd9b4roI}SIfe|ZB_JtkpT8k;MA_zH zQ8_ij(`?6hNj0GBWp|iMkx>BSn;2J*e>qIgF}+4fctLdtkNPYpp;Ak9mpmt-VZ`wX@-bJF=R(FRS)?jZN5+P`ZB>`G{vmGCGyYN*X7i++3jy^_j!H*OTr!*KDlyu1C*uKm073_ zb2~V&e7IsgM~hjlSzNj)wCt-wpUd`9t>iLnMWB7dODU*8D5=0$FYgUa5Dg_h?!t#& z_LbmS;0Duby(oVapL}kdc|Iu9?Q2HV!bOhPM#G|f*N(U$x(C(J6&GkaE8e_krc99S z*Zz<&+&l3Xv~V-|8R7;`oQ(9CN-HA;J2DT17cw}* z!}r)8Fii*EAFEHf>W3|~M&U2gW~1QngiC1_b4Aggjx=W7pIVTJeJl z{6zOCKKrW)7nq-i%op5~9`z%-TX2@xbKy{5>@!9H+ap+h5KYljFB?Vl@UCn~d$iWL z7ymz3i-`Vc5ql;|dVv?)6i(KlP6coAfrn!Al}yo_FUASY>Yrti{pr3y@r7EMMRdTR z97XG~j|SwRHpsbu{x=IzdB6cqcb^B0@wDF=Gt9WW5P4KjzJEUh98utqh-4&E`|Yqy z4?&i7$`{w;r2>O9kIxQ3=08Z@iuTqgqQ@oQeFz06K9YCg@4F%6@(7qHlg4#`n zNHTdl!O`O`<-8B18-PxO9#buU&#hY>vZX|LKN_DkCZvrS5>#%Qfp_-()K|a-l88HX zT#>|VCi3;Jy#5ShC{VC?hcU^%P3vq^zkmCg9iR9)0w!!sD zINzxl{Wzr$*P-HLuJrxnVSA#|8=+4lcBSR z^mM!)PWNhTfOx<2>uVSc_+bpUlRq{RUO6?A?~ZU@m#3N|A~2p%wKlYCjDO8Q8P@I-wL9At+UNlM|Pi zJqGJ_`3b0cN%b#)1eeg?>GgwK65bl|0TuzP{h_E0F#bz`L>3cc+-VEhCBN8edEg^L zDkqzMfj!+FZH2cZ3|NDQ%tL-YH4koi8gG|r?Q3xg{cAiZNCUwp%HnIq-t)|txQ3g} zKG?9VHApq@oBRO;JqTIHlia_*KZRz`x;;M_}@tastZT&rCM0 z{ewOjF4w0|tkodu7p%{hWCjn@{i!bW$RjKS@hEOYhcv_2T_*n|Qc3rmDrNUC0NHx> zwyVaagO%$u90AmDpR!Ci9s=`vdz9IyIf-MiA%}8**;nK-J+@o!B-0yW z5M06ul*&(Hfd*5qGD>C0etdOREE%#c=qmI%oCPm)TVmK4?n_FR#~} z6uvrR0|td%@2M*=maptXyLAmuJr-A98mGWDpPKy%C8V?!)!_R4ycIV>|8o5x1(2YU zi~fG_=zmPUT4V}o8_!|FvFIW?Tx|DNq_5MyPQ7OSRhNlx1Wqq-c^cM++YaAf|9ohQ z^vs3_fowM3o9A!B<{hi|Tg^j;-Q2#uk=qlze~kTo#WEnYr09yi+c8`SM0x#yZe{OR*WXB+*G7=A!oX6(@u?wDHTuT;c-(wxx5-;}c#$FK@MtQ|Bo zA8Zs};6p!6*}hrkI4(b@+3*2fbkwnMPWbxxi*OwLC`Fx|YOI9VNBZ^SP8(Dy3r=nL zWZFL7X1%XJ%-+5X(yZ4#D=e6ra3Lp&25Pa|J3}65zA)3cY`1B#?lL%stl-cRa7{d1 zuJY9U=yMSl*jL{7g-4j=V~QDoB|Ew&p|H;-KB#b!@_d#b z8;!T)v&x<1a;g@2iYnBp-i7faON956JB1P|q8ePBzDakt@18-^VTJy*-R)R=w$05v z0x%FMDXiOq`nAxPP3;0-%nCj%k8l>rq>8Hz)9lPwKD1k^(iiebK;Imf>Gu;6-DSE&ax2{L-yV07t{^$!8xoCs zT)P1J^SfKtH$2>K8ldd>-9TMGPL@EviC2X)7Xw^W0u-M|L31W#o{-8z0reLCimz9l zb#SP#R!2Q0N8|$I)2Y9M8m+GT-P!}E)m_=MHJ2}!{sW`WCfue#H_^xZ*}3qN|7(cM zQ$`Xk9-TH`JPGq)sP$=XDJr|{2??%NfD4DE=spre9`?VLW>XYDzzj+Ka1cPbS>!@Nf#d_(ktq?$VMu zoN@3fND``OUJipL4)$4&I6lqlaL3Hi5AzqcqI;suUim(Qr3#0SbP}JhABqG$jwue* z9-V95O&7}bkbH1J`**k$)y70JX53o0k#ip)xvpEaXA0|yZ@b6;(<*M*NEahm?A4GxU7HhdFk)M{8lIIeA7Hz0 zv4K=hLMw@`9-|rOV<;tA9hP?&wT6!sd(@B9W(`T8jLFv$8AL{Ag` zy}bcGhF=6jO?wTx-+M|qzM^+^ql?crKCL&*!|mtaTJ~lf;>vMROzZ)(!QP^6B5kiT zJ_JF&1>(BxYq)Vttp0aBEcXEJxh#>B(Or9Z@$wOWd=A$`JZ3zgsH~mN-P)}n12d0K z^OvPu6%x6a`s3Fu`AZNn9!z`RPqy;ilsg+<&kgLcBp>fdx?fN4`z={t-W5MNpGWnY z=eB+C!;OKfac%NWCLZXxs?nwg%h=EuS66M>fdrK7EkabsEayon-b)ws+xWfPPbCxZzle}+7>RA$>F8>@1v1FA;)L387xekP(01}83Q3(}1 zz*Q-U3;YU1%zhHZ{XYAYfu_SgXhyzwh?wZ75sEr;4>a)Y}3I!y1{R_aRG7jg6oKdJp(Ydm?Liq{?^W%BOm`eUASjL`mkZ0Ryt>O71*`6gfTJOCB5{1IoTf<9mfR;~Xzm^^-&Dx4gOuuB= zxX^w$x4yTQC(RUpGh-J z>gl0wC-_;wVywuHX=}nmuXt^T$7h~;q{!Lp6I~v76x}|!$2^@O;sw}*`I)!nA&Gb9 zR|yYX1#RjzvB_!wMjqEY%uyK_GpYTGv>!QTXoyD_CNhkF8oheIMb4rGpQN25BgGxO zxjz!Y9=`-3$W+0(a`^#Yh1dLyRH(!FWsFvS!4<_t>xP2F(Gfz#CUnUGPk;Z$+v9Y$ zLR~=4_<;@qf6Gqm&o0JUj;W9N6s+&TeLDWs@XTq{FuQAWQ#~V;yW}@%j|TSm(&*PD zkY*yo2qY2arnH-LwqyIgQWvS@&)mK!7+tpCt>u6T?x1M=cUaSPfASi@)BHd^^}8}3 zY7KO#*^nce$Y;E$vtZT73 z!{Cl&_Ejc;nk5vE8=S2)l@XJ(P2cYVxWmdQA8ipFn|l@#{8(bS|95KM+sT}EQIBJS z=yMf;U?+|qa2L0MoDs~OpvHIDBU+HzeNOqEXF6tH%SSgJ3F5A;%x}|jY&x!y6X7rY zaa7=!Q7HS}t;SFNRf)W0tuzdqCe?`iUpoEfXh zPy4`CRaM+<6}>AR1pkTphiQRJfar~r&EfhY{T;zXF0$JVm9XMfHp8ok1>p(qA1JH>rqb9hz2pS&i2i7%ci9^N@hL8h$vG z#__z9EDd-Y^Yv$4#7wKbK}q%*h8#C|&wTj;3xR}4L4wO(P}?#RqeW? zJ=%|b?5}eqe4G+3&-8gPm&r3vi0ahoshcv-P(Qc7Clst&!!|@B&}r+M*RpPy(&dR` zXzh{s?F%frB2N`Ml42H;23g_uVvYu9c8PN#hbdJOV^kp0R zbp1-N*rH~Jj2<7lUz$_F)AWr*P=LoP55KxRN=W=L!T)LDKt`z@PmDfc=7*@KIhfhK zaaQExV?w_zZ1G-~Cr2EV8SRjbNAsuCOBJaD4yG}f+|Mrot$2504+`RsaNFPD9(F2s zL7yI8ebkQ~yP}LEVW_>mPIl_9xqyV#>h!|ec9?au;lQYctl`|!dlN-wy@z*7*lKvmH3>a8+; zLwaGIRrXly*UOx;-o!WBj_%dMC?4f~YWkx|eZLT*zJ$6}w0Fs#)K;!rMtbS9J!*HP z$|T?`?>w~!7AN@nbgp|pk;qmY-`Z^wmi?9gm}T}v+0UOmj@9?Hrn`v{dfK^P@n|6d z$ZwneDE`}Af_ZixZy@#zDY=;f4&bxrgdEgQBN0}t6&Du07$$oz^YflzKKpSH>*~31 zxeAnsBC4ShP$16rb5nIcE3^b~HA4Hmce9v&a?kF1m@+0(kexEpi~H@4fq&r0BC|8V z<4}UMgaDh?$B|F!ezF*PXH#gWQo0AQkE0E~bLnH$`oiJMzY}0YK9yozlAKoC*wvHgA!g%sr=a-GdpYY}FOAqyf ztf2g&@nP6}=pS^IUgkgZw6jU5+v*>jA18$YmkgHyt6wc>E46hn(j8!8b#BJ(ek(Rv zPnzZ&Z@=?m*2#qgPl@C2!s)P|#l6JNK${T&qbuuoMH5NyW@>jtuey9O0~i(>;b&hp zHbYK8?RXLK@YwmafOxCPl)Sq0b@+9!01ts?qn?{m+xHr;9C-|MP6_(iiEeh4K)nFl zo2MB3QNI22Q69e9`Daku1cXXYPGXSSp)wnX8l>B|#=%v^#DB7?{v;LQmE zK@^dBdit}djuX*cf0d;a;%4vMnJd3F-QViS0EUkfJ4?r}L*3q=+eOmNTLRArHXZ6~ zQ3pot&;;qHJzFj*O0s|ZCA{P%vNxbdu%N`j-BU4X-@=YPUQ^}OT-*0^v!-ubTH)HM zg)|W3oPgM|R0sdTZ{%tj8`Y`%z5HOM(^21pq0jc1gWWc6a@h3BP6w2FD~Z*VQ$PHI z>3Z$=;11-=leAd<^LpzJ`zqih{2IendnkVx)X_b#4|lMka6q0ohnuG6`o*MD`^PA8 z^Hk8*^Th9}<{`QMBb5)QF)1nqyPDIFt_-0mAf@j{sR;w~s$aQn1c?h>ClEAToe8ki z-|>4|p8H&sdE`LzqMM}+)OpXKtUPxI%cxhD>IH^(-Yt`F+*$XPWvVNX*`QUWmjz6w zD^NO4L8ZWp)xca8Z|gl+dG;H{Sr)mgDZ)QmO`hn?T$Mfi*zY)JN)z)v8;}$xKG#Io zyQONJ^AV^1vq#;HsuMzI-p5Jx4U#cj?~0cfSsgQW^?s-+$pVA`(nq zQXhQc>XPpnq&LgEKxHmJJp4+H#eax&XSepNzrDjd5Q0@}s6dk0Y;`WLqB^n$hL^d& z=jNKdD5d(dC06&C+dmu7JeB6>BU}!|S)^=wpy-8}LeH?6Uju{@oWhHMXgE0hs>gg; zfZ}vQe(sK$UWR?QT{A=(4>`zLEa|UR@uDs6r#me;XdMlkxKB( zvlyBf!Tcu5Hj?S20sMW1-wF%16SIdTXvkcW=Cbt;GWikOV2^`fCIEvwc}=~4btw7V z2!ho7brZDrKB)Tl7JvGJ4r9ml+LIBlgcr8l(zj{+7z*FNC!D4| z?Qtps4k;I)f_g*Wn=ePR2|C2;-sBm#^cm;@2Jt+($g$+8r$Luv{q{4K z$nOfd4PZ8~A&q$I(4Afrx1u?TWA=tk7l!jeP7&Hs`2N)Pm+%za<}RoFxOs9Vt^{%) z&I19`F%N?gNTYizBgK%wq~d5iTr{BEfh1cn8V*w&KlXStC}`BflDLHbFOlAj?{w?# zn32=h$0MUR_x{d~9QUrY+;xVwAvO~2!wn`ncx_bwb?G8}Q;}e^L$RFqmAZIYOv5=&34g}0w>1ROvaA?RmnaT0^@N&aH@bUUa8_dGkJX2XnlJ(&veFqR=C zb62*tRyz4~HRlIfHaNX&w)W|fPEkm}SIv?+@|OPnRvQzlY&eD7tZq;wDa(D?Ho?OfWX zJl@(u9l#@9wB}ZC8%)-GFe@jjKl8V35lThlzHxzdEB{LaJu$l~^lS|P3!*E|@2aOR z*4931U_nR!kzCEEH?a)CLVf=o4X2?^^j-bnP3C!t2|`4SC*!}qGPwM<%+IIm3ohah z70S`?zSTr|br1L-;jIYyhyTcXMAcVU+~X=uqQ`EfNb^$ms_4$e^vqyz8lSc!6pXih zQU#NLKTp>&`AoPZaZU#LSA9xZ-18Z^JLtWX%jIzX{k#F~&o_PvIBs_kKef{Bd3KL! zTp^3WryRlgr$N6RJ1RA2;RfS8P$e92o0Qx#g|2}20gOqM+Xq&$tYV%~jyc_4kxS)% zoH_etmqH`NS7XJOt4Ner#@WY0eKcksnTdC%xNS36kK^VqRG#@3*zBQ%m!Pf6RKdjj z#*F_sS|L@!+qvEIxe`c6`&uS3XJ)*KL+Su6#2oMSQ=G~A>;<(E5EMr<`#WIg zIX8;t`W#?R=pGh&TeB}UWA&7fk^%g^Tgl$iRm1#9?|Wli+KXXa6i49Y`t)v%O=;g9 z!7AE~Pq5(;tNAm*tVlzr*GkvCd6lEZ@%zlnO`xIo{>!kPAU*It8{aSg2O3nP2@rdn2HH2=5kMi(Lv%v$X~Bay=bzsqqB`Tl`M_4rus@FlK3TIrP}bejDxzCA12P$m_D_@404g^NbRA-)T_ zm#^vi@qMmDr)yKUcseHv{5tR2Exib9$BjQQa!Cw=!f0r^>EIboK9g|(=*t*OZoh52 z#|ITE>BgX??&j;VL^Tw>JE@yOx;o8Di_QMNn z{^++Rx)-@uZi0@xbqXP-PzN2C=lQX}5X#>%mu6%BWTS%qC^{hZ{Iyd7t@LGR9~^y? zr1b<=7_X@QM+DbvS#Tu}AGGo^7W`k8T4UR#rw_B3Nrj3ej><_5zV0surs@4Y1jO-P zLrW4o$1&SFZC`4Iw?FMOI%tsea{=9wjZIrBkk*SJ3O#Bob~N}k>;*;{S@WMR3J++g zSX$VFKgYBZxFQqB`5a%{d64&~UftKe`by*|Hj{PRr`!iQeUG;AF<_2V0w}Z?Bn7}A z7z;q3zgRpQE$E-4bB(0P$z&tcKGTOc*i}u4pCM-UwLRp2KNt8e zM67>8?=XTEHi~8TW!higIZbDD`fi)?e$E}EUd4E$Sdh*&^`eK^Fs+vdgqHd9SjeM@ z-eChyemG(p-0<~T)vc>rob!IDhr==&{goth)FwBjW1h##GEjDfdC?_+^-Yw7g_xba z_r-xGGPrs2rM9?6%3D>OTK>A^^Lr*f4qLwI*cn;<34b;Fu5yCdn`lo>q458lwtY6M zqSn8@=~n9Bw%z(K$B4PqVE2qfdUwocg7J5WV5_dF#l8shEo`@@E|kmf>9g(QpJ(~{ z_h+lhRF)`E66vMCv&x~?StMT}l0JLb2rL)#QN*;E9OrwrNuxJ`9T!=Vz@&0z<2wTl+7?m zqKL4O;yCz&OdY{a_-Ty!PDc6p+^!7Kv+CJ;V9QMv%VBuvhP=lRxE9u?KT-O9%;N1* zG`l=S?Q666^(N%k6B-b`9A;Z)ugmT+!%Zy3vI)Nq^t~%d)Kd)DkJg1(8-~k2)9c)2 zw2Cx>8o+AmCb$J8rB@pKt88qzV8AboIKIHf8W0*Lrr!>GQ~lxueS`aK9^IE+>oMv{>~{*1D_NhxKGpG{@Pbo;2hvKR1e9RfJnB2d39-RZ*c!O>{Z#kKR;Vy^!w=C{AIFOZzpEoj+v`)S0R855r-`N95S;_{?uV4!lo=-! zH`%^}IpGYUQ_m^K&2YKZuU@~FcwbwvW;E{Er841Hwre5&Dh2eyw^mjQDqqlBUR0%N zQuN`Mg@yiZW+DjDkYi5Ij*5L0cy7Iy>DH5ZJRMq;P`j_6h-i%y925(|x$A#_>=#OI z&K_*XX|tVQyhs_=tQ_3$g{1(QJ20uUeF><2@s_0~oA#lC?X>s2ZsMP_vmn}3byc`S zNgo$Th!+L9~Qdlp*4CL{OX4spwd!Iw)j4H@oVuEpwCGP(_` zZnGG4gDeK96*7I&Q~k~0{5ib%bL%d{lN+Zn_=WpO>Q}-d2HfE)M@L3xb=8mj&^C!TDlpYAXYRBsHessIpKVNfQg^I^s;CdmmMysdrAx`Y@`zGfNwwIoIZdx3eFuj~ zaCh#cet%39*FT~YK(QQ5hwEozm?z%n&GR>)%A+eM6=;{!V|4U-REQXMCj^X3xmAaI zVChNEeOw)=99Cz55AQ=~RoE2{l2{(qBYx~Js8??{|3{Ek^wQ36;}Uau5 z0tZ`xHt{m%q!^eVuw6|_NWhly1SM&1Ux8=x+gH61_Q|DA>QQ~S>>j?Iqt0kN$Mx4f zJ0-x2?eG5^e%D9Hyq|e^DyU%=bTEJcZV=VQQQ#?Gqo5mi_h3 ztH;#f!}cky9x~Fd2r9-($9IRf}U zxxHohCYUt4<*iCxn)l^vIM{K2%i9NgWA%&1Go)@tof@2XEWu9Qsog%Z>2HR#GMreD znR)5fBE7=PgZC0uT%SKrxNzgA${N05->WPek~jt@-YZJRx9y)oKC>Sz5BP_BvkCGP z=Kb?wd1TTACs1m?hnsOPnj=PrbYg|G>}OyO9IHd~-HtN-7+>ijJ^lq!*1eJIufts{ zP^FyMdXYWdS7vEgfr-@R@~b^)H{JL&9_=l)0XCoL0D0|E`ruwv5xz@zH{56WL)JzY z0Xs)DDxU##{g&~5!v(WhPi%S>c#AN->cX%F0X`c0%ZgL1{^E5i_5!ps~`I!^u}smN8#!vifJ5SxQj&k z?ZzR58%6u0kOM0WNFoUA;C7+b3^LnY)~78XdVa$b{APSM8* zGmZLMmfqTTW#v|F5gr(eu{>KiAGKH8}Hqav2uZ+}aXb@+k)nU84Z zS;q@|&9dX`Yud!eOFxPhFlk`A6xkHFmD?k{XU~`IH+~p4nE}rCIM}%odPfZ{mFMlU zXQVbXoiYLxvG^Vnd94j-sfO60VMq^jqBYf@FcV?Ngq$=ODRzC=b1{7?S5D_9v9?5B=S^Xg@3-3 zM_9m~DDR{CLd#%-%BVPNHVJpW=riVWV4=QjA5Ni+{gkvP_MsSP?!M)}`DiI_1+Qvf za7)N46}!g{t40U?={|mwM-|B*KCFRz%H9``J+)Qe7Lze=52VFo^H1syjjASZA&{9=em-miS3tBlrTz|MxFfV$HAdbqq+LqNa7G;rbX z5jl61Em63=2G;jdu~i74ZOOmLH}F|tTobgIb$*Q!LHX1Sa?dke$bK$Y9Db}`T9<&P zny=zKfX?QE=`&UUdYsbrsx+!W<#C~;ukS99RC6%0Zs_RvJrFNS&)F;fwDI@)FsKsT zJ2J4wSkDb%k(P*d7kzRs6)psxt8m{HI2zfhkZY01J|dZP?ix|n_!FR#E_{%9KkM_P z5HWS?im6xBo~qhEVr)P~pMTEIZw(x>?+B8GZ7LDm(406gN?(e?Q#j1jC3z>m>rur3 zC=hYpm%WapZX*CzrlAe-sA^>_WbXpp6j@Y%y%WRFPe1`JIa5gLH7Yl6U`DQSeM`O+}^e_BScyueQNRQ8@pm}FaR3Y^N97nS z4ywUsL&#r9n2w~;6bXmr@jFv;V9m00bV*Gv!?>)G&o!V8+Ui4HEniH3O0ZK#w ztwY`f`Bl4~b5{IblQAX`eZg!GIYx`w_x+;lr#@#_m(v?85!)aS(X7?twc)%xn%y8h zDHNfkc{Ye80t#vXP8KiAlF7R~7l?~~12<6wO~T8ZQft?B+vRSFAi--g$<;r{0Cx+y z7t7KmkgXm|Byu9`_8Pnkw4f@oT+;GH8^D zgY}&xB^0^*EFw$pWO z^`~QC8ly|YGi^^fCpjujfvYTGljH;iubY*Mf*c!Fh-HxcAk2vS$;ePjADgFyNI zGNYlVb>rzeGB4O9Y3RiLnrGRLJJs0cTK$axC;g$}J8&)VLh|z|KVzV0 znn(Y#vy=7EI_*)i{w!FeuT0@|x`689JM8`EW@~!QnMWR1+q>#L*htDhH0FOz5K3rv zH0sP|MCOp5=96&}iuzg~dV+hw2^62hYxFyxB-+r!X=Bsdm;n&WD%p$h6DHB_bi7;P z1C)c9I220wz1f;`D%K9>7Vucd8iN#8Id~rq!Q(+u%HrusebdTypK}>p_=?-!(WT+gv3h2* z4gJx%L{RN<@@lELe3my-8P-g$xH;9YhTX|))HbcO=shNG&oMKg13TGwq{rHl^texg zJkA^bcvp0E;5|^uLxeUd%Y$lePra-jF~`j(PO2V@$`XXXe{=@4r1<9%Z{CS>#A^D$ zmzey?vhKx^AOLu)vJquN@XufaC$aIP>x+aH8_IcoK2tY3Q~6^i_IIBcTIYH4*ZFZg zEt}XMmSE*z8!ubWI&HQ&_y5Mj_0D>4cm6|7DqK%>FymZK(w;qme)rnf;kHjS_%FNd zVTRmyI*=u7e1qp5em*WfBpc0;a{f8JN0zV}kZ0o;(NTLrg1v`4JhCnt^5)$oUrG>e z$u@L%D7(r*Da_<5=>v9cxAz!WrhD=>UN<$Y?$8Fsvg85H6ba^V2nW4*Z5k6A0{jV$ z020Gl*0JB)ob6ZH!3T~99(lic&GE0uR3iIzRAYdSe^d(HW6upTe{}Iig7Quzml@{X z=@m7iyO!@wL5Z#C{Fku%_G8{)e2CM#94b=G3A&Xrd=a_s-eszn9GrK~Y=K3lB?}YP z<5LT|@o8M`eKkCKtEAp^juGBz^<2LB%R4*~q_m$EdLk}&AI|lq3=+Bxa4KiGZp1b{ zQtZ$-Lk45>7$C#Ty|`9KM^F#8cuLQ@{1PyGEzGTyvGbOD_U!zra5E8-kfvwWxq_OS z5&R=NgVRE++8`8%=Qv%aeX2p@?=?HlWT6*`xbjlfzf*Du)6NekQMK=f{5SCpC4`2~ zX#GQzkFx8_`|1~k5P297`?imW-+_tYfz2#YM}O{qbPHx4UMqO_Gyl0hO0vH< zLX+R_va5YQSIT%_f+myL_%acntq(IuTw3{SqL(J zzFVMVb%j!JO{4*N4egk{4g?jVb7Hv}<#0nEso{P@h#D{LV|neH!gNYdH@{&UG2B-x zVVLXwo{L*vqQqwz=@9N~x+lMe z&giER8kuyHyZ+y(_W6{UoJUU+;KScL^(|Wc%iFYXPdWgd_&Z3D?04SRdVf?n6{kVN z6!3TqoMCk9gpkfv@mIM{#!pau4l?|r-8$x_%%i`@@5`02P#_<#q7WV9IDi-9p!zEj zJ4LO&(Eh!JkAKevDl6=#ct56rCpjISS-Xq<*mvRt+$sU1BC@xh?;B7#onj#vmL7-( zX!HsLcmx_dYiJ_rOE?2yocunI=nRLJ@U}mHBn23;zn3rAY4|yHj1SbgG87QnC5FqR zrQ1KzXh{=RZuubF)y!SqL!t5A(cAUk>glbt`FT5KO!vHydt{`JZu8K-;~3VOzXViI?;=sndxkS*ZX4pW~30DVp zE_}}!{kDPTXWJ=C{+#*H61LrSbw6`a@3rrd|10ma+v8-VL{pO5OUsJ8U{`^L=XhII z3VQXXdF%^R8TCO3b2(l4eMr+w0h*rDp={v2HBt-DMr8EMZf_@MOmG*w)8QcD5=+s~ zeVg}tq9p{n3Yn9DV6@KvsDkQc-gDEc**0SDS7m=&L?V{YjcLVou&8TX15@>_>`(U- zgtMQx-&B_)%i;Jt=5d+~FIVbq5^32~CKmhjlHJ4E6H5nEo%K$0!YZ%Y#|UWaeSWi? z19y~5fhK@wP0`y}-(n)XjHPFzbDAi9R zyw0_TSnDCtO1K>O+a4w@`zp4&iG5|F*FBn$2G1@`3ZP9TMQsb4*VP4fo;tzb&RFiPR^JTKFc886mZ;$IJcOvjiW<`=~3b}zUP{byhzVuwUN%-fffl%t~C5|gT0JZ|1{ zV9n(P#Ozake40t7V>7tC-206#E&jMbT-&|&$&7(bbF6f6r;GCWeO2{TTUM(-NHA!o z#w|Vbpu~rFIY>OD)JX;nW&JnW-6vJ+TC^XdDtRM?Q#vnH@LMs0=lNwlUGezMQ4C>L zW-9F@5lR)u?N8pC ztzu09-!gtJp@3fAV2h7>{gX2+o+lC)4xV-+f6 z*-N=7w-`#YM^Igu1JUMpTEC}quNQZb?#I0&Tr$2^xQ7c+XEi^O9WI?HRu^l9p{mU) zEU_DW=s}CEiKP9YMYqCtc499Piw<&&7NINgzl7W?UW-PLZG#29Ys35Y3!RWN6bE0G zmgQrgxQD-dMMn;Nc0j~2#Zq<22I;9`%;>;}VcE9=I$lX^`zJNHxV;hay z>!U(4z+47Lr(3@a_e>{wJYSh2jbS7z6?>?4lU~~b97cHhmHmapW!!f>$0KzbyRm!G zqW8X$71|o@cnQ1fQ0EU}8=KdsS%@g}RopQF&*$&ECg|p= zcHy+3&;u&nce)ly(K&wjyTVW&7ky6O-xwgI$Q5LO)l@llYznKtVfCEl5=83(Lq{?Y z()@Bi<>T*VAK{J9e!KkfhIzKJ&jnxZvmIdkN-bex8%IWT_59881k)^3-8;6id{L7- zmBUqOIlt6wySp8j&r@Yu&X~i`^^6UK#k-{)M0BN5_RHuQ%^TMPH%LeQFIEa~LUSJ* zLIuE2J%=t3zy($vgcj1{=O#Rij1{K3i|tEtBD~gP@(+Y z;7fh;$KSmR5Fa0JhbR05N$RH<6Gih|&S8504xTg7zmL^nyAJ@L$sTTSe;H}OATN3+ zqlL8inOff2-t>DOAn_3&^81<@j9H$&b`Pi2X&)A}gngF!CIBiqy4HK&!?AUb+=g$7 z#8>8B>8W?|(g!!1d|5qu6B6J~ChpXdyGV_$UeTYjkMBeUIUXiX)N_DPqhCJGF@BipvqP{V9k`}`9U^wh zl4y=>=5PO|dQ$kZg!Fc4ZtE!rhk$;OI1(1A7@|P>EFbt;KTGq?H+$Q&n|%gje5U$D zq_|Yc`T)qT7$A<FT`N%GPfDAt0)JW%aBJgt*j`k(oslU1JU-v({w2S zf0%MRopU}Sfi#4}GSTkCYTv}8bPD_e4^@DxR?1ZmCSetekv$gXKIU)|ZgCDn@V`UK zK@DfXLJOWQMDgxtku2AT{e@a?KUY1S?m{el7iZO>hrwLM=xAncgjoASlygO(o(7E#GF-RGaOW$f+Ki!}2qg08~$LGWWCZD@No z@8-4(0VOQ!FLWH)wGHu&NG99E;QG?<%H$~HMg{NkM{?hh^p>+w!cp;YHO}j;IbENO z&po*g%%;S#$-(tzpMeYDeoUIpKD*{b3dp7Vy#x_NW{0l}_Yfa$r~rLf@(qn*4KXdh zknl`9dhUkm(kr~(xA_qb&e@bxi)>Kh&*5gc2ZE;|j0&CatCq-z;b7IoltpG~%XCLT z`)+A-PoW+}Jv=wQ%RX2RR?d)g@v@&sG5XFb>NgAYaW^vpYfR5!cUr*N!t@Amt;}2O z_s<$8xy^%?X<(I1bQ%BZK}R^fRr99N#N+V0{fXPX&HBpJExVo{8iD*zf;(K@kcwZu zXDWLcIt`_h#eVpXn!n8$f(mdchWr52Dyl0x*hD9G1n9z@_LVn5W7WfzQomcHgycSd zS7)Hs@w;ec=DqHzn!mj3Y~N?`yd>QB((m#8&R$@a6w?*Kg;d|WVO~0giSC{BB&`fC z9Tr#+q8=)Aay`Bs67Cm(Hl7HmAVeYA^Rh>DTVd+-n7Ff$3xT=z=P17v&b3EF1s}_lqr_K715fmsc9(XE?jIrJ2N-9*S11k^qDmypekJ%1}7gKo<4**qd zzs5ohTu&lz2-Pl`{9Uf)*ihHb-epQ2AJ`@$A@p9qn_nQrgsSn6C{;|M||;>hX~~Al%T7Yk&kHQnF0}>KiJ*jaLkX+OL4WlA=qBP{xa1Gl7B2sk{f@>z@hTntB#J{vSG&9U%?fZ`Oz}EoQyxYp!lwVr=ovQ8D^s4u{*?r2eexS_8_0*w`h*9iuhV}*@=geBG)kM`)Vf}?)N`Ue(t0OqeTvi@ zI&7GddF&rmPQI^=+7njdOK>{WYv)T}M>NCtKq6L1Ob`4G*!_K4A(^rSNUt)g%D6e_wf_$g%&H@{ZE)SNF;4 z!UsH$@B~6dwOR1a{cOAGXNamu|e75 z3!}P%^VYSb+e5mYs74zA?l$kc?njNu2ys$R zJ*FpKRUYzea=Nuq^2K&-1Ol-7CWapD7M=?#B`^0P-J?Xhs6}%)p5sk-(H!o&=vhC( zf1w$q-P5A4Mo8V5C~gitUpRlcr1WXe4DNC@p+Z>>g!}EY*UNfq!}(17Y%`4IrSxJs&H6P_!_yBdrvnn$6mKTh&VDL}eT}m|U-LVe1!V*@fbpF4QfXH{lhY~x%b0LC7lqtAGAl_^jZIzQfWxB(>Zr1Y1FYo zgV1B<{X25(%8~k%CEKinhr0cqmP{UL^mI*2{qQq!0C`gF)z7X#If1jY7DD`VeAY!p zz4K)OQ-PFf2G^~|bfjIHv5OkEvSo)CsIYG9fTJqCxBReQ4to4BB=LeT02;fVNPQy} zY3D9mF4xq}!`Iy%HhKPnU5aN-`R8z&XQIZ$t`73$mDT*#tUF~(Eh&dR^Vn{OiH~?% z0?afh=yDAUIi=ePRrQu^Ik4dN0$fa_jbvl zo=sk63g>}+o3Z&sYQ#a0i%x65MPWVm^i{=8Cla z$}oegC4L4cSK7w}zMb={pfme}kB->G4R$aeU4DN;Sl~spIL2!xc7&DwM6Tqol?$m_ z{kh-3vHqPpqg}iG54?OikDjb~TB#>`VV{u(k+iGbU#rA3+a3W1(RE&LEVF30S&WMp z=On;GC&-jO<(|s8MApM6F#~>_E2H8@pWaPBy+BzDYE){r;t*@eZ#t#?fRA}L9U98r zk(F-x`!x48)zPp4Q?-lRoiDZ~Yji3Ue%Qsuz%_BX%-ITKi)yPFSZS^2TIcoj_LZ}z zvSK5?&nvU3&HVDP`=9B?#I}RQKZXE z@s_of@VPqm??@?sS0rU&>p*|4ButcvmoIK}+pn>II6L7n2~+oZ;n}LkAJ%5mGO2DO z+vDsh-FMzEaC!?`?FphY=##91nM@MR8E;b^MW2>@nO=i4bW<)B8fcLIR*iOeeePt% z(9=174Rn}%n1DJmmup34x^{aYsRX_l`+JGT!~C*jkS)&TuNfhF_Wq1rx25MM%Vg+_ zbkZi|!otivUndXWVCqTi)|w0~NBDVYW*cSCzYS3yh-gFmp}}jB7frnX6!r5xWw(Gu zuJP)^$X(oAd+jbN%$dE=|6MA)6D8gw12tYY2`E;48++cb&YB;uRV|~c?O27lAsA0& z=X3k>ucCXcpJkxiJZ7&Qr5nIL&jwNwSkwLWOmM}O=@Y&s9(4yXb>;W|c%^ms`aTA9 z|8|d(0heiL7_J5O8}hPG3y-Au@rp8SFwsEu4UFH^)&}XLBxj5v9FVabS|Pu~t*%2=1-&NmkMj*ofg+6TiG~nxO9H1^Vez&m5vh(TkTL)H|f9TZNDs9zMmDtyS z(=M&RSAB1~%HOwoGu*2r{Yl&2YL#)4_`XfBBzpHO(WIDG|mP$ z%l5lJv+iNNl5|e|#ywDYw_5EH9pD$&N87^1^^EpumwL@If`MAMS=)+5^15zjjh@mB zu9bs)_SIWx>;tpx_vNd)ob!iR+yrg2(JRefqepf_Fu5uuX%QPi3CG|V?CqBs3F%~3M-wpwF zNWOAjo=(K@I=2%0d7Rin;rCC3M#>of5dLt3V|xMGV*I6HI>QH7^wx`V)Jh?*zx=C7 zLN3c7RdAm~F<)m5$aY0RZ~mO4M6*p259`o|mLl;QP(r!Sc0U-0J&u=2 zjD>kZ`%mvH=PX%8Ej1;3KTrJ*y%C-Ww?MmNhS&8qMy@<7kN4>Yq)Y!vs3D8=<3$AA zvB?UNgC6-D?ZaKHod-jlQUJ=p4cCfBHhQ;=tl=6L+H@B2}bZ(D_ z>vYmf?_ymWL|__rtmz>(JLzvJKH+>U0}fI9iAR_LPy8`aTY=w_B?|FN+3mLOkK48G zLrX>4L)B&V6Iz#=R^PaJ@aSdV+I;T#0;e}vE=yc%p3mKc8YH>SC(x}6R2uf-M$E&9 z=A{KoOEZP5Zt}-&za|evG}z={2}Y&Ld$Txt@|Hd zBemZu1))yhu-x?lyKECql3&R ze4z5 z$PD?x2($S}jQVUk%<0L-{y8sccNM3r%E9xN@i;;4_5~mOrFiWOTi^{d{VnZvG3(+Q zC#^ux1wHG>Aj792_4`)inQ+qa6}CI*GC5qCKZ!TPgZDp|pD=gdOc1*oXmw*Ma-_npS@*Yvf*W3Kbb-TQYP}-d$jxjq{$-V6m;X$fc8Mxrjg28BP4E z(VW*egES(@9QKCN?tLN6eb!j_Px~5#px07Ll=bJQaca%eaxaAE6C~lpgdPtZPdy|ai6v8063B~q0VT!5hwws!R;^PVs_;5-x)5_-*W|gks^-qXV0mfKFN%}$ zI-Y_%(Eb*Ka|0`j*K6An+}P68Mf+#;7BX)-t&T__SJl=B9rAZPtPP3Fzl+Ov-_i%t zg&nf#PHNuz?ZCT`+ia6!G5YULSod zF}#T+xAroY`bD&18$KAy`@|+=x>u2-Jz+jU@Ft~>@cZkb2Oe6&%?~ifZ&Oa2laOo# z%>$lI%Tf;!=;<$rvzLvU@gN+1l1bpJC#T2z+D6_{>(~rd{I*gGa|%$of5q zS2>DH^!1+qHpDkdYysED<(c4?z`^H#8ouI8AXZwO?{S~i|1PLgvCoT=b7k&wvbgcb zT7{cle5Sw#{413#g%f}ov~tFsuqJ&UUhEU&QF#lWa*CcQ&Aacg-M z9)8OueeS>@;IXz<-sEL@Laped6Zkde6?5A=QY5$sJ%s$p!*1Y?wMTNELOy9vGk`Xu zbX9HNz@13)^5#B5etw|!H?JLG+D!Usy1BEz#QMN!_nU0#c1}|?P4Jh~;Gf9`zuM?K zxnA}`JG&9~A%8ej`Z%27(wmP>K%`hN)!*es!QWg>4r)3D<1@}J2PlPrGcI}zdN`O* zh=_xIzVTdKN9j{v4~ zLwG9lcm#o&bKuZ9&HqsH-+%jjnw5{Ddwl<)lz*t>|9>EfGTWa)lC*4l{l@?I3s!kJ z$>LJ)n^N*0NUa~==fBS}#^ia~gF50r_}}S%>9faAB#t>aTSSZ(zAw=)(vv(Va<0du zANRSR;`p%qDbIL(U)TXoCc50C?%<%Ap6J>)>l77n)l8^lm2(dwexDPSX;r}^gwduW z9QWy_{vS=(wXG@=1%HVo;ZanAC?FyrZy-?tC5Nw{>T}nu<=igH5@*9Bunmen9x>@`~Ov*hkK zZAr~-`v(kq#{ABeN=zee+3=eLTM!<6`T=}P1B|X>GeF+b-(T*-Gl1EVP;z|1jJ_}Y zfWz76yb*;R$un@vG7=`vOVt7EZrjoYol%g{Tfr+K*DM>q(=e8~lTtN%hw z3~o*jdfx%6LgXvwZS&>V^z(LTUS!KZn7)m9J@N*!;x`hRIf+eT?Hlu~#50RP3eSRJ za3m*&VXk4aYLk9oaWNF?@)Y@&&411PedeUSi?VjxcI2tOIXmKZ#YT}g2-PP}*FEpO zFXYI7GKrW2j>S~Akc|3qnzwRa1J^x#mq8@&Rx|#DF0kFB3)Rpx=?ynK;~WigVJZpx z*n$3UC}b8xh{}rgaZhG1WFD?RoLb~G$(#J#B1t-OiV{_bKH9gd?5&HF7bG%kGO?tb zv(d`Ls|NB+Nf6na{kOKc!~TvZg{>To=mS~-bmX}Nw>^s(tZmNZCi$*yD0 zaoijYdr3&3L{220lV1sqzox%oag=tZFRZ7+v>kc+qxI}RELcyzC~m|#v3TkuQ8_s> zd6nhj-=jwkia%xyz`j-307X2b`BB)9Ijf)iq;UZ@1CZfD=i1w}PsmbM?qu8VX%cvx zNSR8J=%bKvcPuJ}oRfdIm^@7m-elZE!3V)>{CzZ@J`tfOa!2LvIrFz2pl-)LpDy`+ zc|ulg{(9|^qKT@V;2xu8_;;7f=A*uB1sUs>$(IN68x5UddgjZOPj&g+cd?lBUH-&FcD?xK$#K|e5|aH}XjUY1XW}R%ctiJLbC=K`vnx2E zAiGiBb&^nyBcPf}dVo6>Q7P#)V31kig_;EVSB|nS(}Sz4r*e|IsV(x034U*4u@CF< z%e&XEoU7B}eIP4Qr%IQr;|W7Rn(Xg%;_a^r93>iKHmIS4Asjr>7fC%zmiKlYWoBk5 z*Yy4uP~rE4{W$DEubx=Yd!WynLzW(7qYRD2uglP_b_#Gbb{3t7mcx2G@?d{o1aHLhK4JlP?*7;ZcG1J6jn2dIkOiva3;s9IKVogZ%D@ z$K8a8tXJq!2?+#;H-Ld87Pu|?z13?>_yPeU?$wohfS^gavWF*TNRnkNspo;Vug^(7 zE*LDVF4?Iz0wJtiDAe4l`#cW-Qra8_1IWkhp>?c}`Rh;hy?Ot_ukc}~`fQdlq1dmw`Q)7x+B;`N%|}(X^fF=`o$1 z5|$SS^O2VI(GdFtb@daHtoR23p z2H+xU==Ae&9QR762#uAwaA4=n%hMqn9&Zuo_>O_1vtGTPKI*?{7%t=X_3c|MeQ*5U z+|#8SJ$40iPLoV)EuJ@tK)kZGk;vZNefHN)!;$DIkuZvNJv!#$!Y&xU|B?$wtdk*J zMKY@vynM%TgS$$o~tl^{RMrs@sNVg0D{h{_e)zBwP7 zqvOt>QhvT;o%4=E&-@dm|Q zm~mNhE3@1|N0%M5Q&uhW%w^Ky1AdbgW2%)Cg8DXJtMG_eh2>o_KRwp(azZ~FM0kRm zCZavyTjl+O_$vl7J!<>M|qK|WpBtta%#`ztCl}4uct>fgx<;1H+CZX z*`Y2)AM~fjY1^><(030(P27g5{b0v&&T>*WJDp%N$-Hb*+38 z!B*wxUfI#1NC@*r@3Q=D+O2xm6e_hXFCJmQ>US{#34Hzb} zS74D>=fbl3D_%iikh;BOC5J2;*E+N|9on7IYh%u&J4n?(NGvUg19l%1@X3&ts&nT( z`5!Cax1%U;&EaCJ2lkAf|Heak9wZXUF>%N7`zq4?L(cWWqr)5&A_-cFPCw}rmby*-Rs9SJ${ zPuxhIv@0rsfq9g?jyc_@MUY_*LhHrc+hkU4L5siU^37QEb)lIF04I?3lYJCcC$f5ql6i!U@P5WH%mYy1vuSDZnW`yT#niVY=d1qdon*MvVrRmU%|{8Irv8QY*soVbFB)s*Yaz2@eGbX)34A zFjcmY`0>Wo9Lx0|Ik@tnwzXFfrV1ATmkD8tQ zy)DOldV`pDG{{e(#5Cs6jXR(ZQ9wVjK6*fa5}&?=sd=Lgnph=k0V_)(bJOFy)~B`S z4PAG^h}QOQ`%;GH)A1r75h-0I<#V|*h2@T*xpq&{d1N6w%6%RfU&b-^YT9o!T{VV}1DChM>B|}Sd_zEYEI#!wtxlcCr9qn;@rk}R1BQAME zesabB6|-Yu#gLe3Qh~4DI$130=nbZ*AKa@x=vlaPHRm)L13D?t=aBBwo7#yh5AGmE z>qsWEP%lA9o+BoeFSHA+nJ%5Dm!Wb7aPD%fedKvMWO}pg*ZXx@kFHC9dzctmFVW2i z>9Uz-6hhDi{0;AS{M)!D;6_yqj6K+HkTuABMY;5^MCxZxy}&0b znY8?L*BeEJ#|+41wcR)4jeT(()0f15hzKp5cas^=jd^>w??9~wUAqLU8qk2tVldlp zl&kMpH(z$!Bv=&h-h~)8$xT}f|GE*=A>4xR8 zSxk4~=i)g*at{7NbR3B|LJT%_cd`$9`CY1Kg#noqh{M+fA}`L2ftB2C;IdjJ?7yZ z0r#Z?Yf&%^HvKi|gv;~Ou^YX2V~j~k&bnJP!m6Il+7~6+aL)UI*sg)k9J6Tm=5eXd z;fO#$9wR|pXR!HHMzdu zT9VTS41_P8?X?{43MEiX^ty8f+Bj3lU6ta%qQwDT$5fcFv%1P;k%Azs!mg=pm}jpz z0k{W31K;AuzcI75A$exBys^`X!_aK|-Wi_zX(`mwH%fx=$b+IRkh-6%TDnkGW_Nnq z@s~IWU1#bZP3Jpsxt;MUn78=A(VpB&j3MM8)Rvm!k0*YfsxO555p+|)8k9^!Rk0S; zb<>u;55aBC3~x`B`9=MY*x#r!SNu=Mv4lWuk_MgPYf6JuMqhgNB6M%p>g)Q^l}7V- zhH}mFd*@R7r`E|WNIChLoYYSF1^T_+Pn1TQDY6D&`-a&g2|ro3b`eBEhT9c`ae@^M zdqZ->&N|1sL8DOwpWR3o{JeKguKuu`z6UV+x=*94_8(~#0FgD*W4!I88dS#s8|pmd zhddIoXrJmk0~jC)o^ImWFmIQ43((u*xo*nt0FSpC;DpX1{O-(}%vI@ZS^tQVJ{3aX zJ20X8bRbaxQh9X#<=vj!zUdj{IMiN;NP_N~)bf{xY3U2gRsQ(%+3k(%$<}y z|J8>?*_I6*myk0->U1xr9$cx%c@Oz#3lsWy*PYeUlbF4*>kJCBKI2o2_D+ACXDCkK z^Jkz(t+}ajHIx#(PtB_UVP>UWuMBlLkIs3HJKB)G%zJ4C>l=Kz;dDDC@+HyT5IsqE zayC-P!rRl2@G1NVwI`3x&hw3`+24&53*7-=>o7LMMr!$r=mGd53^zz(ud>d;X0ey}7OB5i`|oGy?(h_OT8{3&odVqY zE(I~_qFs?PisVgkv~2Ah3%ys+bi1a3*A$n7l~nCPRgdUK1gCVqG?n&3JM3%&eycu* zXa?y)3vEao*`1q$(NFzlx`_RCxY92{e|J8@7xNBrbTtR3qE#+FPB~uf+@?OR{GHmS zw6ooR7!0fo^<2jvkz1lxTOkzqqO9u3Iw|1MRA7*(C{&02evpX`eC1iRfUm9>tK2v+ z^R+ZKH==&R2Yeu*Ugq~7`t5TOPjv+&(Xy?}ewaW>%@$SxEA**10SiS6LJtkfW5`UkLy+1G>9e;y= zV`FIJecTDEKQ73b>k{)fP40%@R?>fn&hOX#H^03qc4$cT5X9laMXIe=6a;Q?vZ{p| zGmS(J8F+%Wct$!18o!lnQ0DNw4B&8Tw0*iqn^~^E7vm)?#mCZ683^&Fyv)=dTo&X{ zeV=z*N=diqtYY=a;NqZ$JCqU{Ga&}){H>JxDBk&?1Pfh+b*zMLd$W4%*cX5eZ@tln zS01{#as9Jy*`6zpCLjV8(ZHEv7Ca8EgRui0HtFbR@&X(P-9+3=xe#f(qc-9vf0kUt8W!M}SZP+>sAJH)k#G^c2 z%UwvU_vl6)u?j-5zLD|n1gQzbGZ?}4_qc*&`WsRCl0g zU@#ai_xm=9)dNLi&gvE?fh*?>691=PeNdT@-#WM$VrIi=;g52Go4lUTEW`UfZ^mH$ zDd3H%C|K3D@vV60IjFZF6XvWah89L9(UMKh;sbT){EK%2MjecS1rhgrYko z1yTp5#k>t^c#RkZDXyM{@qt}yE~^LaEt}M0Q~nz22SGkQ)RCe%Rv^nDSSDyF_W5nO zHqfijrztA@N#Vo^=S6;#sd>4R*iIkmB!aiuIlZA|wXSj+YK-dqxdSxz+r9NsJ3u$` zafJ@(R7Jdak0^xK`zu?wO5{PV_VTj&+xUei4Kj^~V!F|g?fY;V26az|$!Lu~u!?g8 zen+ z+L`9Z#AqQycHB?vkF437>~0daKJ+_VM;t+}jT3Nx@xKpdNJ)1=87Q3cr4-Tiz5&C! zuMC!_e7rT%)pq`Z%ItW1Hgm$6HBY~)cF>?UFP7I{g^;EH^#R{Jx(|i1PAc~R|Aiis zHwXJC*SOYmw?A9CW^Q+YM++@7#W^7e<;$+S87EI4!2RF@fB)Ajj);73_=m%iDNtNP95X=?*I zdJf37zu7_2=+@k`5qSRzbC^Ood!}tmH6x3}nZ4#KK=$~$FQ{+hkQeCaS)KZTy%Ou5 zvcDa)Bw~gnc71230cKK8d4V6Q^fs02<5N0gOvj=-BX25jT;4zn22P87w4O`{F8Zez z%SE7l+8cdwr7Y2$+i74@jF3GQ>EJ^c@fGJ2)Q*F9S6Ma-Uc~1*O`}aY>;30FQBPI4 z`*ljAweV+?mM)@E=L=OyxfA^u95tJIss%s8OZFRCR<`EZVra&FE`FgD=Y63X+x;yM zMXoK`A}pT%l}3cXxH63XcH{>2^Hp4Lw%a=+&;b}IWAJu;&cs{%0eZojuK zs|(^uB>oM9qTJ?JTFe;pe1R3^oH0!D$LvaM%=^;}RyBV+`9U-JyrH?m?XDt-hNa*~ zOdS*68n3<1h}Gr7yUZLE%VE`(HW2gvgZ^v0i=}O89XOrK5IXmJ@n*e)@z?aM4)UIs zZ=#0X*;c+Xa5wbHhA z>y%i;4BhY_3RuvW=$4wosNgfln6G>099_L}Ulx??*Esn`GhXLHAxNt3l7cuyaPWW> znBX5>lW^(Q9EdyjTq8aK6bH|p$@#r(T2Hy1G5uC^M;`1cY4$sNIDt=QJMLHZMP0!I zbC%U?7w>D{aA=jR2#tIFB<@T4OZE#7f6*d|VRB+onkig39M1 z7>oQF0EUx=QwFUF49%Cp^T8ZdlyM z@3JIpbZ>%R@6J~7JY%$b_Au)lBprWl-k(gW^%dO-f?V%P-y#grSXg` z%QpnhH+0wy{&vO?J>}1?AO^pCe7eq3ncNDnJt_rwL!U%qQ;9^({8X%$R`X&r;k=L_P_7HS>o=ym&Y~^=x}KcS z)miSOm_-!kpHC`}kDTeab1t->S~o~KV=sZa@2Xe5g&0q#C5B=w_j}F)kB2ygCIDJ~ z0Nq_pu?(iNZkxFa1%Bi7x69OrotC9hyyoUWKDhUGzjgh�hb~)%X*%!{58d0hBeA z;9!?3q4{o^oTT~CtM3f{vAX$EPUm;CMa67wpK}gY-J|sUmNDi5hiup6pYhvq2G*ur z>3eiHk9iHLQSvcrC5G%h1N)2nYapQT!GK)y0^Io?^F`gTxrma(RRrvrE8mp)Q6X+l zoep>En46Ojo9Dw6D#bmHr*dFHq|A>9P6}Yl!^`~ZlHg7|{Vkt3vXpc>=4xh5ul^7B z#Gzr$Dj)7{R|ozyJ3Rk{1dp~}Yn@8~8qbQ4f9Yv63%;k>KR{U~wz5(x!W)Vm*LHnP z4mH@w8A-(gWgr}Ldh;B8u+L}z0jD(lqIS>K04N-EWuct{#t?f%*@wNzdbx2Yr?X}N zk|ZXn%f~l7!kkGZPd3x%h;dPky6+z+v0IXxh{qDlQefc|)A!hQ=*-|VO~{0xa1i9- ztbhz41Pk{)+IAww`X_V5Wm5FuC!Nb=_O{q4Y3N0>X3}`%0zM)NiJaWnEL12Y$`1e` zaHPOK#3>>Q<^KL1D6q{oWY;BWC{{uizNG?M26K0B7YtnoGw_wk0*!f8ZJkXt+Fv<$ z({P8Pxu^c2T)1)Vo|EH$r2+Z25NaMs@CV1yoz`}j&w1}f8Fa-jxnne~K8;w^O5UPF zVv(O`)gS9g#6T2C7LoI`vOB@U%y@Ypo%~VF``z1a(hIScr_>M=#CP_m%H!Gjd@Sku z?THH-zuXjn#JD|;^!r*1?l6Up3!F7CjDG29b{8%$b0!}k3z9qo0CJJ*hTAZe8eF9H z65jV*yTf$Bp=+P;K_3ndnlyT{^Oc-Qh*@`Ee7o*B@21_)qaRZ7Kyd+_pxVf}A4EFE z=LOUdOpiw)o<2cjkhQ+I%Vp>5CS6SfF0kBX?;9+Og1YPaBDBu1Hgf-D^0OnHFTrz` zbM_t{F9jrqj)y!0{_T@_2NSYs+>__Np#edc&GK&PJNX`Qpv=)EuH_c#@;WW_u>tgD zmvB%PHhA~5fepGi6(SuTMU*PhuzQUVk_R+J->smH0}Cv)Et*qZT_S6SPy_nFlME&RPfin#@8l6RVDu_h^eTTK8i&u@b*W0&!cXQKs?AT zF+-{xBx6$|50$BB&YL3oY}0s*qkylfck??WruG_hc4MHeOmopi7-NzI%aibuZ zW?#ZxDEY@2$Bww)&sZM9*DeBG`ML_2J=^9yNtLqzDK4M^G_remO9vh5O9XG+<=&i6 zk6J=Bk%^bOF)PG+n9~@^hfrb1sdwjWiPL7u+F9C_kc4S{90CG^M_xcDR_iWO>zSFV(` zJ9iUG^-!qw^xg57>+vc=SO-Iir8ONzMR$aH|Ga3x!ad7(TR-9#Xg-1spHr$-bVzky z=PKM)RP&R3pcUsCXuyB#^-jb&l%1K~gv)i@;SH(ipTJ!8bHwnR_a!EInfG`S2%=57 z?86K!ex&$$x?{NJsqN_EV1X;{Vty}}Svz?<1~gIGj)hchnZp-?TFD;TyH}VwG)%|C zDtusz@Hp?QuT#zwO-MH9i^&pm?R;rJJBdlu23qrPkV;-Z?rR2hH@Up}nmhdWO08f~ z1nIQpXk`*aC)!=>g_zFZ={+A8?a>)2rFK6sGsW{hNUo*(MF!MYTD82v#QSJ#q+W$Y z*mLAdBQr*A{!xTug6kzehvF2T-n1EYETI?jWt!d+`boV%-R%gWGEobO!M5W^T!<~? z+!xgqs_7)DlY-?f^U3pErDq6vd^o`PPxJJ)UyuTHR2Jo~peyg@gVbEWPdaAA4mra) zFPoPVghi^}QxZOKa~?a`*fVksjUU)paB-<=0tQt4X<~O)UDDR5oi)-U88a59ombZ@G0FXrj{)L3ou6DaXNadv4dGdo8Xmm+0UI zG4`mc0eS}zAP{A@Vs|3n;mo-2qx5jbueSaAyZV;=ZjGbM;0XfpVTaG2^1rRR|2g4J zLp2Q&L~p?#&6F!lsxC~(N!W7y9+CmF#ODB9R*x$G%LDThAs5 z7Fxc{h3_-hyL-PIO#e%p+lohH_YL9Lze+d%gSzP+Nn?9Mp@-@~!Gr$F)urpI&+AFYA%wU(AQfKQp+84mofBKg zdt_-Rb|FX6%M1Xz!m>F&iZ=j}-W#)y?q7SH2Rj^FjgIt9?ddf&6^-CjZaRLv3z$21 zFy;6cCm)uk=fA%3dRsx3`_vfR&TObc1<@zj-1461L%cjdX+C`ffaT=bzNFLVuuO%hy@|v259j0!^2sjZu4%6Dx6)cfYj+ZQ z!@FsL-aEfZehUYSEZ!fu34NR}V3AaO^=(hv3vF3C3JH+-~1xL2qoi( z2B0%J52^qlSkA1U$Fz3(Yv6$el@|(OcbDlZvdq`-o}A(WXvcYZM6G<5FN7gl<|D?^ zZRO1kz@jnJvBj8?V2oSf&rX#*e&9Jqw>2Sa3TK8Dx(3NCb@ont(vs-nRJjtfJBPIw zp4I^(Ly)(wo@TAcpo{5$*+B{(AzNYJq{=XCd*-1c%Q;%Tj4sf9QHcR1$&zXoF$pT+ zM9%jnQL_BcF$ZUgHG=R3jYS=W2pO%e1TT~8fZt)tfbAh@tnrKTD4rxxA(<#6QMdQ^ z2lgi6s5pPB1N@gh{`eBS+JiMy+=ZC6Ww!!(p7fCD`x>Ln|7@~x6vnqNZz26zW8?D| zPTDcQ3>b31dlYmUa0(=D$LvJRM1b))(9X`R}zqxkD zAJrx8*uMd(G>5xUmP22;Zvj=4!R>C?BapZh{{|pR=24cx7Zb)ki3|{WUN1i{4xfy+ zhe4`d4X1VxA$Y3FxD$*&`iqCSLOwQbo>#BhLEf={j@PVnsn52NNT9ilwx=oHrPg&L z1*28$@3gRqat89EcpkTTfLNgZi#qG^2h9e@F^RA=H@I^|RZy|e{VU1!cTC|y!gSi{ zmSd$^;2~@W;U#ei*d|bY#Al_*SIVY)==5Iin+o)UL(C$Dv<$ zdtJfQ3dzUo`^0(Ueeqn1@&@7dK#x*-2m$#`plI?Pn0Tb~XW=>^q3}FFp3z(A_uDoo zLFzZPU%)2nxda` z071qhP|EL}qJq4B*HBryS?$G|{BY4~Mb&_M+HJePk-CO6By&7`plX=7O>)h zD>VnX!6z3m+f!TMUs6Y-b{+b03V;Q{OBxxZ>6I^));)yOrgaHQz9ltR>h(F8Vv9z| zMHC+Tbp2YB>jr=jD|3^lLj^qcF#*Bc`hz+i0K0b|YBW5h#mp@;*UzATFFrt@&ThES zKtNox$8Ue#YRTPAXOq1=5F5(jmG@i+bCp1Pj~T77VD5#&F?#7DAj)dTDfu6h$LtcRrku-f{Kn`U6(r?|7R4A z-^fZAUh<;yi8knBq6taXOmkGo5^rzB0ZalCsDLhBf^=6R5$^u65D` z^bawh>VkFks9Dece0RZL>1L_5*CaWR7SIVK?}#OntG>RwfpSm1q;E%lioLp1ZL8;V z`5q9P#@c@05@WLReOHK@vLpUBh4@3)BnkkL4ggrFW%663NYJ%pzaN!1Cuw%wdS=%qC|lYv>0Q@(!C>hf8e92tNretE+7SYRpcVFYH?eYV0y@D zc6}+!dK+lZAgc`Elbq2`pXU(3aINIb)z~U!vcF$P1_H_Gj7LB zSZTA3*(byGfa^edn5i1o8_vI=8cfHyOX75*(o20kEsyl_8m7Vj^2C^3B#3O74HMD5Q?BjC| zy%n}`@l)`!5An3(b$Leh`aLuUlSh+aR3cckvqu~sco@XV)X7kt0y-;8%J85Qvmu&7 zP?8{a14>T7?GcOqi2$DSKfegL$nF)M!oGo4&ftJ{Yzf}30g|PW{WNLIx?cVQh-HvZ zGKzhoAl{{W@PnM)t=P%u50A3G{lZ+Ic+3 z85}T8*ESOpf9md97y@7Ex(s4P*!Og~qy$wNn z5wk%!8Z|YkTU>riOb30yYi3C@hDq>EyX99UB75JjiLZG49Qv~xTZcFu+(+Rt!}JRy zO21gGslm%$c4A&q^o>1QQ_H!N{@sG*ZdqzF#n+m4% zbQQSrpSA4OmjAtGkgI=~!!%WBDCxtu{Q{SO%LrZ!5A8C(*cJKU5#2NS)4oxR5qQ_i zIW}R`X9G*NBn)r)E#Nof!e8f1;Qr&MDE~Q8x1u|DfZwmuo903wWaSCHj zlX5*{J>t`z_Z#t3Q0o+SR%M5!#l4c-aGW!cfII-rjZWdFF=pTAPuZZMism&v7;UQ( zAomcqZh`2ZborYU%C+6$Kz}Ux^J*;p9@%T};MgC=$hG9WzZq6Kw9PqT6M%eJr9QOa zOjmP%Gq>#FAP3tWO`9&X7Rs>nizi_`ZY@N?L8&iOe@ZX~q?A?`g3jN9eN9o<*idc& zPRwEtJ-E=HUx&5011+8@%r?Kf5-jqsGWwSLQ#k?U1xbhZq8y|&!07#BM%-cz zyLl3~Htr(u1=R}j+lqSncL;YuW7Wmfc-DhLahbOF(4Rm3kDWM&FzPCkC-0%1i-7h1 zxI+YPd?(Ze?ETRvo<%==+`rRkjP;Sv(q>S-wxGM+icA*ubg3D?4W!`4Q@A5%43d&N z<^;W|qjB6oyu)br`LsqYhfATPm>-(va&J70^=vz}E#3+>Yka6Ni;Mf^A=?IlW@4B7 z*U(zGpY05AnYq1v*o3&}>k8>Jm0qq_kY)KP_}#z?a0Bhl9KRU#sDOmUaeK;o(B_LT zYg<3t!~VR0csqTPEy+vN+p?q;hdK_8Q9XhPa9=C2gNh%CLDwCCmRFROvOw2%Bju`- zI4M7p#qh9LBzZW2ysFzR6!$xX^4_AbLFJ_7Dvg=U7%Hut#~A1R;YfcLaqs%U0q^0O zYBVb@MMWEJE#;>vx{D1O->O%-L8bGSDwyZS4+phDe*2{u{^Z&PF4kq23Gx2+*~>Mw z8$KN04sk6&0X+{dJYHW}xodyV)G~`f#S;Z&AGGy5BYfVnL2_ zT#CBQM!51v|GeR_F)S8|o67w|m?e?Ec?$ig&336Gn^}l$59OWWBrM#Da@(r<`jYbr z)#KQSS7HJb>!`WqOp;gJkf&hwnwH&l3CM-3pPUZgM89SUBXG*LUk(NHD^Eq{P`lUJ zz&t+KRbsQ^b8mWO>9JbDTBR5Dx-%xol+UMg@lg*Ch=#0NU1~8jJ}b0`v*Yy@oX+LQ zR5ExqWH5s<^}7zv)h!(3ZW)Uo34z=;?T5qftz#DBD7+HDeiR2oT-;RaR;6*yQ`9O7 zg4N0HYQE;S*^z5=0wjIMIs6R_Hf1}~k7H?l$BU*mI*G;1TmQL;AhEy<-CbMH*NlXW zDL7n^|I4U9J~Xtm>pQ7WyuoT(T;;QVz7f{|vv9WHSd$O}DiG8Z^eMez;Pg^nO|CJh z_N%Ys{Xuss6NHZ=cUBG~|II!*9aYogdz-|*5nhrRG-`>|!8~RubGtb9Agr#h9%>~% zcwFFWB zF(_j(98Z&5fbxymUlQ&nHS^V>g-A+|pk(GcHgUga3@hmJdz1E;jk%*%!O|ee`s2;| z8uh-smC%YtiO-TCB=_X;3!n)w(p&}0B!f@={QhyHp{#*&Kd1boDy;W$lYHHA0*GZM zWDiY`12;#GH7A8@>Xzf6OwE;t<1=8stffqyGqlH#WuJ`uA%F;*!>IPB*vD)zde2{v z?J*O}wcpBNXC){V+w66s32%TxZ(K2Qh9{9a)b&J>pgIQCM*kvio);mj`M!2jc~ukk zgP?qE*aY2(N=SE6r*%u=Rfk)}A0r?P4=bcPPoJFC_upiVx`W}>b0o(tl=-eAwgD#wr1PmmJsYpwjp}hVH*NJl`rIAl`u^i8Gmf>u|HeOxr3yjHV{3_3+ZKQJ z9`buP#y&)#BpLj|i@KJn?aeM73#vCWe_T0+Tqu2FppL;r7;MA|LguD85(2$8N)8|} z9Rcn5h{I@RUtZenp*7f*()+fK*PLwKpbEG_xs{Jos0Ozb+~~GMORvEQZ!dG24pS;h z8+gkbcY$SKP_V*SaWE=9`0QkjxLEd6Lp=86JO(P%b><**69?)q@?Gkt+0kHi1#sL3XZk(z-6sp!Ckr zYKl^&#-Cs0a+rAWYyLfVT2r0kkWjDx#b&hDJxnX;&XUygx6iwr6h|BmgR4Xoq`r*LZ&BH`F^UBZSr{bv*AmDg&_?*}3<_N-e1D49{ZW zBF65k!{p3;C(slQO~XnnEg;B{|Ck!?_hOG6=q)SvNlmP_NlSip)6osur!9erDY>Pc zd}fnhz`y`r&`C2Yde^({EYKlg4<2o zF~++ok&-!0n}V$pY+{N2V7AHLnTv(WPW{KQ8o>nJkX}~ybmi|5TzUY1cBaU$J3N>K zEY*9`m!xFOfbiF|867qOR9FwuWoIw|RCo5>*Qu|e@4xRf{(+12DeH&9rAJt{s30Jnqz&`Z4*L2VRrJy)rp{RblvDvrkALiZPosSey6Ud#8AlpNp`5^tu3G=2+jW+jnHAY~kfgv&ra*@&jy(IvL?_## z`1TCJFLzk&sJWVZ!%;F-Y=Go9#J&}W$>AvJP`{4qdc*OT82=b$_?{ociHb(GJ=jIB zq2==Y!WCd*ef))34iOAjbvAB4-FT3kIJ!{CQtpvFrs49f6S@J# z5${;W$|EJIHC;9F0`ANvOo8}o9Y4^YVp?A>`?l3K?YOJ9U9|Y4!-LIzSeo>>xn4+v zo?5>eJ7P@FztisB@7W#Cle?Mwyri$Yi7+fa?kVNF`c|hnF8dAplc7)^E|q3%vJTX+ zn4q}62=k%+jaYj!3(g2)59EvLYvFd7j4Lgj$Bpb&Ksoqh?m^`Q>;)Sz7U?eeoa~i) z1yf;7P2*5EeQfW}}M>|;BMovhLvd|Y3&m& zG2v-F9K+vNr!4y1CA=d!vyhT5FrqWwN)S0k$?dx!3`i@ zdR340?RdOpAIk5bsC}Bva$Nybo~p)JNv+2|@b5a-a*hMh^n;H~Un(H|sZue!{C4&) zKHo~2dY8~UAmI-vnUCt^RjAbNwuyUNyS?VGw^+o=CZBVkH zDk{x*@m+6u1m{yqV`jm4GFRnANLf8V!jr)#Ovw*LE^kaT-upvUHR_G`=wlW zkAyn{HZaO3{_?JPdlqQtnb$1CeGXR%If-W&(NJ~@v1|c5R*1b(Ax1^BcJYY2ktby4 zbh&&{>Je5TA=31G_V!>!upg>X^X&aIs`AhS(Q%NK)J1WTwu*l?5= zNZU~-6sZ&d`^ck8*IeJt6#T0EJjGQ^NaYlNrfK3;n0sdO5}-CuP$*joL<_70A?P6i z$-JQgWTtkqp}4|uqQEP{PG4fgSg{XYss95h8}1!^(Mk;ov`a71hzc=_JLko=II#cS zF~#?hyD(Uu1Kx!gZA|nCangou;C?iI@pJ5*?+Y8r&W@1JeP!*g-8{c$onINT;)dF;Q@91pMUu!kX8vB zvgE(a_n1V)WuE-KK48$*(I&FlaHBLZMTuAA0(uRJeuKQHq5B-E6^9v~2Q!?R_~d=S zKpY_4rK@gC@8)zX>`4v1Br|CNX=hTM5T&$+r{5aaJoF*tmBewFeV}EJr#WsZnuL@^ z*XsJ|mdq>efqV>GSNVwU@q5^j3j;|m_gWcuB6hhX55S=mkDGTZAk@PC_|7)}R75hv zUJ~?G-u7;w<#doH+Y!aTS{w7u3@EzX*XFfRW%+#bTWOGu_i>G+nLB;e7%EVkz!!mL zBtMx|IFQFQtGG9@^i;Uu=*l5KeJpa(p{3}^UDuy8hx3(); zTit+SPjAA9BdYIj;Q)s2{Hpn~v&b5Yf7hGw)!EZ^eVHE5?|0-P_|4iFkdr(SAGZ&F zp65dd?G`DE-*0?Ufz|^E0X%mq(l`|Z4 zNz-4|K>7GSS+4#2(PyWoHTJs|V)v=8eS8c-0gHp0XDq^iKChTBq)*~=v?8`;{h}-` zE?RHWeEKHOmC(Ecl`*|~T@zM);9wj$+1O) zHHa?~<=w2DoUj5SF#6fzy*zSH?C*uWA+WhEJ-{O}9h4p0lh2oEQaL5jaO44DeBV9B zy<~nC76huIx-~TjPQ~l&#Nq2$J~bVP>S*Sr@e=Enh@^6_U7g$$I=~v!JuCpm)Tg*~ zic*G@7tqR(^fNJ4J0Oo^#PoY@?PVpOls)&534>a6#Ed^u9JH(w+>-wDLEN-(Nf9X} zsQ6<+$oFw9=I@b**jDq_h8ARmd>8ny>-p$1xB7A;;nv-o3Qbw*X=VYdAm1c+^N+QO zP{kz0p4Lis7jD+vI(WLjmx06rBAiI16|&~aC^XiURg{QEuh??*wn+{Qo-l=8xRJ&D zy`<}3*ue3)tK?7MqcCxlqly426LAepAT+$PSH|9hewpYin#p9&&Iz7CLh2Ao`1`C` zBkuj{pY`Kib~Wukmac0{Q7nr75;;5yN>G9%LEaQWvILRv^|Ps-wR)ziEJX{r=bo^` zJJw_uf+h|-MXA>w3~f&`UVsTa=`uT6y9D%}BzD_l8HhN4htf+ln1*d&!DnqvPQ@V( zXF{We-p^cXl8@$l4rp#FNax_w72Ji!3M zv)dZf5fC4)Zu$VzF?@WtcEA{#2P^g+T9Fa*ko=ftmC%g)`3+hSj-*t|&|?m>1lpE{ z$z;ZTw+zRh$NniG`sNg(q~Awt67(LjR9o8_gPhX2dh44yy^lYHuNg7k!NgK|Fdps- z>B?vTk>MNoT!aOMG40aszn8-E1=mCJ#d`A~W9(?FBXH@hHcsO?Beb+TXw#pB*IJ3g@jr#*{G8wRzw=NbB^)R}E;UI?!@bdhbJd>4bgneh0iR0ZJ5*xa;>UA*vv2 zcGiDE@0GC#Cy+@Eu|}1ui{neFIS)q8I+$2G--=5cc|=`%a9@j_KY8}_oH67_#P+nwNy?f2!8_YT@|EkU| zB5j&nc)YtWhst z)O{EXK=qcliMvJQR_WD$ltk{sJLRcl`y~+W`RTc-Klt0%_xhc}(%t~#E4br@@??+= z1T4nLJ3W8wEPQ!*nPC(_gx;EVC~Tu!{bp)$`kfXuDo2K?y;aI6lOxE$m<){7#f6jdY*~Ir;ByG*hEeoM3dX0WeR(+S>kl1gf z7HUkJr_Xw0Aeus=5ae2&-xDYNBP_9alb{AQ@v}_3ocHaSdP#>K>*ny|-jr%AY4$rV zx5fhfx}_Jq-+g$ZRrg|m!um#Ce6=d&a5z*4Q6-`te^CS_4JbigsILK}-kz;KwK8T- z9<-D%iS?PZEoieiY^bk2e5k9A`ebSINv6~TfX>y^>(z(dT!(iH!Cn5-pudqcplP?n z>CBL|!9mnIwx%3_w}Vz@=|J-P)?E!9N@8i{#oJXMo(LEUe=jMMQ47*N!<8N(9@cR! z$iCurj}PI#%uh=d!QsbVKkFG$1?D?Bns@#2E-Xjld&umQYg}qQ(suzY*RbYHV=Yy+ z#F-2NZ}96WO0YjmZ9U`vlGB>-9^;$a_inXB?kIPm9`0*k08Ll|=xU&|-sZZ|jiwpq z@(C1&gIcIY~b~e#UeMkfY%8sG*P^G@JWf%U=d>z@O0}Vk$!;K|?-jdiV|nZ{$-K>XRvrMqRB? zI&$7(5USGzG+W4*U%6x1l=s`6`#o=^sX#jnRDOKC-}l2WikG7&cZBujh0w@uWs!t@ zDivoYoz%m1k84Y4n?h2PL`8=!D)(X!n0F)9A1_8Qo%~mCu{}Jc5!?4C z?ItcD1J7h`ABb;465wlm(uLc(Z4x(IVJbsk4B*Ia3PsMH&j54%2JO8Ag3uI5KKv5< zQws|1o8mq{%$rGam*73y71Y7yy-5gR4UKr66iBh)Hgxt`r?Nc7vXLZf&!hWhP200NVO1uY+-HPG+&uqdm5Jd6Q z;cvyKi(Ph~vD#_|b<#U~zxN<6ecYQC1C)esuU?TFlfNh427CB8>^wcyaadHvGUNFi z@Xw-w0D$8K$MU#%k1u3)8QhqcKyw!j&+) zVTCED@o(a;lP~zB@1s($A1P zl$wWjR-+c{=GS~#Gk<*Q$?*2P3P;$c^#D;TW)eB04&<0iTJ>JSjmwnp?2_Kr0^BOZ zRB6pR2&y3KhO^rVHIrpj)kH%;!mP6A>llQ8lv8T+oL+|CzHq1wrlSLRhYKcU=W9=cGPOKK3jM<+3eV^7JpVoLXw0U@!;kc)p zag$^4-4OUTIx={x6nyk59$%hTLeSTA&Mx!jI~W|)FXqe~B*_=do4EHM*7$*KBHE?o zmHK<;k57(@g0JvHxP)Bs!%2e*36}z%*Y+%_pX|a@8LxYPS*slj@NRe!8h6)1NKWMT zxS8AcJ$>?r9(~xc*%5-*&RF$gB_o^QxgJc&1C%{J6_;!ZFrbEGzO8w+hv_?56q}Tq z)@wIWF1y2JwICmSrP#M~Yd*=HSS%`*WZ)4ahrl0wE?sUSK25F%OSj)YFw=c|+fqc_ zkvQ*p@#nFehwBk&D&gSb}$V; zmbyjesFSqcXc7oth_@0*N%Y%b0>lCZqw~;E<5gFtE!$(&Gc(#HxD|iu@*AP&BUgz( zVzY@tJyhzkr+IfHyOa5g6QC0x4|o*Mc{i5V$y1%NSz1Dlz5^gNI6AaAt##?*AGKfN z>O%I7_kklAXD(g2L5vQMhM!FZrB%awGuOKQ(?#dzB^jdch)c)96xHI+ul<54WJx}G z{uDq(Fwo21PzQ2k;XZCquQ4n>@~?6oSB<^W;e0&5r)=RVT_yR(H9R5npYOiX-!MxM zO-w^B;>G-NAcaz^c@@rgW}Bm*+WO=x&XH1ba#Qr&9`@hzrryD^UM& zzv$0X2Z|v&MucIdiqoLGr@|)6E z1{fm^u~^Z5e)=7izM`f+o9`h>XTr!G);{^keB7l6b$~g<`rDo<_fU96wx!|M{b7Bc zDm3=2duJ77BEeYeKnM1pK(b`KZ+%wPv5DJcu=7Hl95;u;I zx;@H#tD-_%$-H1@KJ+|AbMk$Dl^!gM!Gl~R+OzpVYje@>DICb@LN7UckuyUA zhS~^!GFNQ{zQIoH)<5-IxaRu0OZ7@|JrRT5wlywF}0hR?e zMmM3Y9}3j=p7y#qj6u>WqO@*(v@yVHgekN?Q|d{%W$=!cT*!XS+v{YKcUio=r$zC$ zxevN!3QYX~Q2yAW$*jfjq!F{RZgm(2-|vUy8cE+MIFon_6UK`6#eRRa@qRpK%JK^> z)KK?yGmcjz0TZ08+4*7@!zbn81oYdZg8YyU#D3OVKn=Lo`+RV^rKR3!flbB=oxx^5 z5?Xf{t+4GH}1=Va(})ae83!mqV#>z8V&P#_NiN% zJ&vq9^?*N*r?{t9O(Wwn*FZ`-Jkm>4y&7-X)792`ig>pgrjlSibYf;06TFR>;pL^| zbP;&IaBk0^uRZT-1YR_efh3(ue`~P`;6)@}_8b*7cVy@ih)qZBW+j!rjYA@-jxc48_zYOTyL39yyZC1o9~jviNXxpCET}L)?Kd?xkuGP=gQ?|Z90GS6e*QOV<#?JLatpW%bRxi_q(X8Hf~skf7$+ zPbH%E;VpIC1L*WejC*Anjj6!5^aDb*(ub8TR!pS=k$uxs3#S0Q$dpj}z&EOfIu@@B zV_XmA*d~2w_;tnDjVIj|UEEthfzseg#e>t*#D(6bClzH`6MZI0+J$xNb z+`-Pplr#c)?`Lg~e)IOvaCF5lZV9+9XwZ`Y^inE4&9h#w*YDHltYO{wfH+&DA9BYn zIdxcJNB;5>=4VB5&0|LBkycrC4oLyTW>6Ad^l@GT8ZS@r;If{eG#PnL|DZY})!edg z-_VZ#d!V|8JvniPDK9k@+GaOBP=N`TK9lte`@4~r#X}L?p^leiBup@v?w9giYh^!Y zc?Y?f@Aff>f9!&|q&(yOlR!%TbG7wY@(-$aZ9?D_BX6I(tRoF^&RnU~rsm`(C%UoDdmUlz{>;uvDud_!;2)v~Y}oKHsr-SdXw2a;KJaz64l6Tk z^!*aF)EetrG6~NwL z?LFL^E$*S))7#p|!+QpECW(2}q+3iiB59o~*r1cTv{;u^5Bt%~KYH3beVI0zmCH4GCR_PVGA~;0PjrkRJIb9Xyb~y_0PEaF-@T-;y4 zvw8Yp&z~D1*b|fWNkLoSstqBgzId8{d}&yAQqkI{pJtrl^QRcgS-Y(d z24@(v3rnCvHFFPNdo3)z_@;?oqhGnuAv))&?ar5~RE+fR9E2K3YsKD-1S|ZZu#LLk z94HjmzP~s=O)u;p$MHA#@AvnZa4$$+>AZ2A@KJ2wgm8u71_LIG3L2KhC3g^+Lf?fu zNDl(Qc=OPde3$R}DWKp0?U6Xg09dy!(|y~$eeC|`o71vkLYmJjlSoNkor%M~;4roW zW@0pu*doAk9sF<(2}irfQ)1A!#P~$8oqWO*`X`vD#NV$z-T``9%>I>&Cn{XZ$H#q{ z_{{}EMf96L;zUa`{tM$Hsp2d7c^!`(DE~LYwBFMfm_POivhaR?cvD&i&-9t} z!nhA`l+8bcgtNWGn-FkT`;DE_-}l%v{mGtd+FS6yR$oEEezm42WJ`L&wL5>Wt45Rc z`u)6|kiRpJ(~C;YxQaAPW;5bt6wg<}P?u|@q*?6C?$<|cRq7W@A zJ#}eud6YkuwfG!G5Cau?HHFz3m!115zTD_^J6%}g=QB%_8HpqULA)qOy>l*J)d{WZ}Mv0djo5N0xOt%QAX>>y9r*O9b~zd<(Z##8UmhF@tW&A5xhK!9=lluZAxd7YqqUPCA{D z#@J+Ss+Q>-`hr*CCYT zhOyhM&ct5R7ftuKc$8sm#h$tSj{LrED>E&7Lx3%APo!AN@!8~HTQ;ym+An13%|rZ0 z1{tt62&v%tG2cQHDGAs62b2Qvn>4L_XW-F$&{1f}bJqRxO*B6A*?r?nZnV)}u=+}h z+*dQ6g#RNB_N)@t^m%%-P(eZ73>jy=P0s_pU$J3mAuG4ixZS~1_G)YYyC=(aEade1^^jWt6T&s@?`Z&%?IwDx`#k>pjlrxaJ>6% zi_!J&g=`#Wc&ehZG-a{pDu=gPVsQ6bI2O`<89uQx{~RVPp4s>0e{Nztfp{}Ql%sB{ z6>Z*VgbDM>l0m%3+P%9v6?7%keDK1Ds6q~XO&NTT!5@Ue1_x;oWpGgH!+RyZL%ukt zuD9}|$mGcDUUH4CmTL6i3|}5$o1#lE**}kF`+}>VC$K;t&1Fi+3;E3R_Sf}ImZLZ% zA4H$oC{Q@H!+}wrBesE@doI(6%zc~qgN*U=ia|=?!qzFoyqZ51uT`BBu~2j34*sn7 zT%i83of~aRe@*;Iv((#SgROa=0UCV2y~{VD6>}DUA`1pTE!bIWY@vw@GlTqogN4@P z0mJU;F^1N|Uj7o~r0`6#e;y0=5&^5-W<9}GKVoM~AA{z|Z<&l|uEk3jMvL)p zhhq8VKxn>KFQf->CFb2bUb#bM=1uu?Bna9k*5Er_U-HKha%;EY1eJ=Y{igBeN>)(} zr_Z~6zXVD>dWYRl1umaU2k8AhWeGS$Cq*rccw^yT?Vn%3P6@(UJR(Xa`c1+2kGo6J)5M4ba zL(1=6vsclw!?Jda{WT?`S<;W;8`^#4oCD5ue}!;3i%?9{)Zv~J?4z3F7bj4|3n1zB zk!f|JiR(~ZbgS8VlfCjF$i42@+G0&aNS-646%FbxA!mdn;dUI@>WjWw{@9L?3t_r3(A6*CcC^D z;NGtXQ@rkH;`$AeCR}twD+?pjo>+QDv}1J?C!>0 zhUS#?O@XbaGtKnuh)yEpOs#N&Y;%-ftMQk87DR?an6z?RZi_VxiumgPX@0!d-`5f5 zzb>Y^v_IwpuK&ezF3Fh7aMDf4d`}Lu3)vngg@9AZQkQNggJ34MXCv&xL^vv=NzO2V z#1rXH8$8O!7(hqL`Aq}MVDF_SVg3AZ5c#{i*|Ww)3qmuHO^6`VCeXquRS%AoMe`=apVM)L za}rr}N_n!n215z=$XW3d9lkS_nP|FWfU36POHmH~hN^ARcY5Iky!xIaM2NZ=<=$#{y8cK-?B=Nzi z)I7OnrlTJEKyq(cFHr}hsbG=84_G-vV`&|b$@)jnDYE!4N3ShH@-h5WhYhvny&4E- za>DN9?wgVz2pzv?!k_c+Z-N{8E&n`8t*5_~6*jc8#^96h93rIwHe-Wt&wbZOID!E~ zS>D&^@7QsnNepl*#oM0tA>PmoI$98!dC3p|5c9rJjQ;nW;YAo#fT?Pz$0|xrD`Xj~ z7~_E#DF=UmT6~TP9||n!SDwKPP4AE4+tX|3m=MNWex8kgl6tOcJJvD;4Iz~J9cBHV zIC{^0+y9zrzi0Fj>XVZUOu!AoCQ&25hK~V(MCqbJ#QoL0&r|&ot{=R@81EH4xtGFc z_cJ1@z~(K9Bf%k+W=!cKNA%{FgR_w9)j8c9xR}Ap-qqOCYBcV7$S^~B7X-|9-SemMsU%CR)Sx8@S+fJY9mI(?xKpg5L+}m-I;~=uM>d*_E|D^LV`wtuK!m z4nQT2YkO8NP(Lv``tm*^X+q`9-X&X;kMu-Nd&NbQmT`=)HfRLD?f!kSB0^0A1-6W@ zR*&gnt>fQ;joiu%I;L#F)ZCa1+VZ#op&s}1*lUerFH9_u_A8*{_umRSyj;6;$__u)dz@V1Rk-O5u~9P1!+J2}$voe-Z)FiOBR2WQvFY4TH))Ocz~OprJTqLX2A0S6Q0x1`eYWE`Y|VDeSyU}R z1T}*t8OfWPFUUkWQ(>> z6?O{N{7Yr>xl0$AMr>?jqc9tI=bFv)AEV$4UN*`S$h8spzo%b;Q;wjitC=S`)mnAm zCy9=jaP(;tU#Tu1f$s&5x6+QJkbdpMu_g_eZEW$g*c&wcGaI8L%zovCIuD;$tO^J4 z6c2KV6-*hU1_)DI0fc#xy&*j)oO!*r^nn?F;^Y$BoYYP_RVx&GuRN9%Vf&hn?H3l9 z=O~;;gWr4GQf;Y4MkVrc;(Dn0|Cra5LmGrMPQmBJ$Up^YUVda5G3aHWvf(gu1tm zPghs^SG6b7xCV#m{W!TM1YKfV60h^2b&-#PK0_P>FPVr_d8*6<{dzu3QTIO9ejo4; zYP@#_AeWd64}q$a+ov6H>6H>>?t5&$FKHo+B&H>J%-lOt$SfqxYPUo3J|E|9WCa#5lcKAe6W|Es#XW7 zkX=p=^B7DBCth!rSV+UE#_UjW=UTCDRR#v&ej*BaJ0M$%DCpnh3I#_B&34!eA73kG z+=k?YVH!iO%NZdY>S&B2`re3v+4hQ80=QW&2s_ zucA*=xf<}N^lGBg9_N#PczI9+`s9)M+`C#RzXjg09sRR@iIVgo|h_eYP#tYy{f`N44;{ z2KjSs?@(Jy`Layg8pgk+rq0>+<`wZdi0SJ<-tIAhebqBw#vb>N=jfuJGL#lTz?($O zpIkRtIeihBtKMqo^;hg-8;Wf|x5pJJfU@_X-_NF8g)hEK)tJCZmEX@SKbph4JC$^I z-bUw9KUOVy;VLev>^K0+2t^uO!{)!7Fy(Uyl`=8&BT5{;us|;x8wrc1sZ|GZN6FKB6iTae|#FD%rmxn7Bzs! z<0o}TXo1h}{fZ`XKsHgx;-x`~&1;EQ(Jg9OnI=@G6V@ z-oyB*V8!9^pSfL{(Oe047awd|V;&-LJ~MkJ^g+jQjqptlGBdMh;CtDeg4WA(Obl(g zuQY4Bwj?VU`)v+~h%`Fd=DYc&UpWeFA{gO~yKYoVS>&NKpw0YRt5de^C3a|EkJBxh z@ol}6>!b(ei#*Tt^vcL|)JG6EsGKu&gW1;L07mNZRr=JQndsQOC4GghU`pKzv zn(!%pUdFg7pm8E<_Pv7}k*dCabnmtN_A}+w7uW`AEp)8NPcd@0y$h`D_TKp6EoPv4tc z%MV$;pl+D1R1w#-cTLYkkiFxn5m0~_+fKug~sad>bFG|^?y!KD@Z`9{~loT|-f654|Gt6NmjCj9S&qDKFEo66BsF6x6+~@RT zf-Za=+l4Vaf=MGG87>yIwn_@({Vy`Rc>k`B*Q z>RZoO6(*^cB|__Vd_c{bEJZ@VbWmuS=P6Ic5w-*SWjeKfE$Ed{#nqQy#NW)pR`$@3 z^f@*dE9_=EQIJ~99Y5%)dmkx$n@k@ioaG+xkua1T4!5JxvbsPT++2^i?jz+z4L zoTGhT0A0JN$6jnd3yZ)f!N#a7gjyGu;=1oJ=+J*}_j-g>6A3u@6O|tzAO2YU) zaMUKqZ%U@OKg(SZ2r@Xfz9o16WO)4r?QH)xewRM2h)l#I97(whip_x|#Or=O`IBu& z)bIMM^W+3U4=b24mNwnKeLyHeX0|qOFA?$Wzp#34uWQs)N_?)!&_l&orThb%%uDAHHKHZKhfwBrLGA&KJYLJW>Y- zPDw$WxAn3e>t}O?tm+V9Au6DNkqXoiK#6=gx7(F8h(Uew>lyY`meF3(HkUiD8|8@| zXLj7{IDsqK}2JfE&_M{{!H zBA8G`Idu(n5nI}LxHNw~-{4|#Tgc0sw~)2D_ey=j*De{(hmY{`_I2d?=3YsJx96c1 zL~9{^jFGWkrO))2iah2tzSN1k{E|1CZ@2ddWAf*9^z1ptvv36bOX31xh;@B2K$(bg zwL3*JZed{d2q!!&#@dK$#BA5uui^-t67%^gVyFU9aZ#s_sz_oLTtE;1-h4>X+^%J0 z??u?Y3zG)PcR--id#ZO6w={>If8Zbb)Vfkk*n^FjHTW!w0D%wKK~dcBdqZEXzV_Aw zP)I(zjn%Fb3Q6Bz%kpUBlqp)o5N{L4lA;%?$laeEo*5jYxZAvXuQ=lQ;by70ygvuC zXYBb{NIm!5bjaNs4m3?$%4Wo}Gwm<+G$p?eHzTEx#SFundz_^>y7C z!-TmP)GaSV(I-x6FA%O^a&SZOmS7^%WcLY*?z6g`eaz49ldlFn@PF6!%xv`@!lkbz zh)`aMj0gQK-!v2k9G8UO={BJ_ZUgZl)B<_iW7+jm@D4V5$tfJr?CJ{BX}x)ElUwLp z%a<0h6?e!&J|o(Rwx^O@IF#0kd>+a6^BeXvS;zavWBk!cg)aV{eht^U#0Y7)eorBe z_O4R`Qrex~zXAz@Mi{(heRwBg{QhM8ruWml_-Xbdpo*0?d%WripMpJetIV2MLk!3{ zy*qVX2FLc(VnwVV6Q3EL3wxn2o2Me#qs%m%zyjT%T`AQ}^0BOA7ew`>82Sc-yUfX@ zZP($FTGXX=-zYXeC!Ym(Ho!thqX9_Q7K__yxk){lkR>;FKN7^KYl8rzbhHRmdMe)7 zFu1OW9v;VY(Vo8Eg=1gpHpwd62m;$~Sr6H4 zLwrVZALql368}b|1dW_xWC=#jvxia<(UrCPBw|g`xxCengrbzVjw=Vd%aHk9!X^{n z!%^e){SpF*@J!GyPRSQqip|S4-}{1xF0{9YoLB$ota*YXIt+B-;~8GK$4A^hYDcG* zp*|l>HyQ!cqV~jtf=|FPdOzEEvC`cvIxxSb^l>(G795dgF(k~aCAL9J0H0Q0h!0UK zzXcm)bu0t6Z!y7X(!hAPOBX=+l4Y6j;bl(k!4F8-$aD53q5fhGNeMv$v=a+jDOuW- z%cdUZE`NJ?@2Cwf+^vK%m}I83*p?ot;}#|3v#tQ^TNP;I?E!4xlYq0W{C=JmZ0X7~ zP363g9G7`LpaJ?vBe##{xn?&TvjP~m@&*693fw*HpT289iM@=6Wgzeg0jC!%XiavK zBTFJbEPR{dXgh`MFM%Wk!`#-Ik3{H-xqsfi;=yp}>=a!6G7n*u#I@EPa$WFY_FM(x z1n-|KddwzaG;f60PM`VAg1TsSRg7fQgFEQ`xpE3%^%h=b=6wtuxc4c{eqUSXJ)z{q zeXVbnS)aGXZD@DgKL_jR8S`gj@zC*NaB9!N~2h|>lIQ&@24I-LIJ{5r7vA}Q)#rE zO&(}d58Awd*HNb4akZ;}Yzfq%6_k$8yF2n(k&irfL1>&_r(aa6V#lp<4d=#XWH$Y^ z$9WWzHoge=8gv44tL6??nw{9Z%#g4t*ky$u20=jDNehucf1L{lFlK@kyDp(&Lr1`$*k`nfeBE_*8?|z zp8f9`>)kgcT~}oJx9WDj-5() z0M7WizM5%s+Lzss`JEA*IKQ8W?<7*p)ww7844bAjE`&0|QpVcaK1~|8Y=c@v$%3bS`7rnB5aRbGt`WH}H6S!< zlLj;+zPOZ5zRPn14ps9*y?f!WCd0xmtHVs*c;wgT67qC0rj?s%20E)g1c`6F3%Ypd z^0SXNv|nax&z;lnQ7t#Un`sj8f~5GKb71U1IKt=PuK6w^05EW0{fPZ5TKorJ+)2N3zv5BCY0;;Ug~s*H}Qfl z>gNLgc|VF^7}|@|J-&x9srn#)?do+noD7H1!biUgRMLKb*pvb1Lpj1z=SSyzP?X_q zKn3PA(a+K3bKvnW@P&q}>?K*JeveYw*41YOZBZX@=Rg3qUBsdrjYmi5RdFVOjX`_CkvApxVm>IV43FaszYrgU_mkxwT;Ca!KyG)xFx!= z-`(k4I_iS>(Z?>dznF3}&p!ZE%P#M??A}|NOl^=BE&dLBCAKJE(&;mAcTN>dW$gFt zKYvb^eDC?r#om4TV0V#R-}aAc?GhRHUgbsC=Odju=SQ#Kk9@?uw3^^wWdz{o#!Y2S!qMa#<- zxVFS@%;^kUmV@!E6os~-2vH=%@MQ{-=4IBg`%kM-PA7sXCwFoJw1NU0k8oEd^cr#Jg;(hVyZ2wwc2oas z1UAn38XJgdE@q_11m>CimEjNZ(|t?y;iRM^foy=(O4vAVf z*He7^%ECF{UZYzS&MDqc*F!M!2ioJxpH3Ve;K{G^V?FnZeCY)^_L1}r$PMEeHH0Ye zg@Faxl|ZAs*VP`og#G3m2>H!xZjC7IOwRR)%=JEQ>$mgU#$( zrLH--wl3aL_EUJ_GY0uk@@>hGd;9R%OZRR?>$+`X-gZqasI~3 znfN$oy{qWLyBdJ_ONq93H06y8Wxa5upWn zK{7*z{H@o2@g;R-Ixq63AebPfiPkkTh|< zTfJVHU=LcLz{!9e^G zs;I3#)Y06B-Yh7L&2LZ);1)4ot~aImGH{9nWf{f$^W{TQHJYHg@ApCmG3VcJSeNv0 z6(1*=e-}?U`JNY8HjbHbI4He-eij}z!>PW0q!C7|8J%2Q++B)(*n2LQ;)YT7K?wbm zbtRhPF|Eq)=Vw5Q17Sgd8v9{C)m?LOgLegcSLqKN;E63e@zHayzZCPhFna*K0Lm#O zpQ+~=zSPe|*6>&5w2yeu2ft}TvYxQVDR*G)0#Fh7vZDPTl2zarX6IC#_hx`w!F93> z-=}Xn+_TQV>ugxEGyjB7zij&L?wilMyd)wcxvbhUCiP7voJL^1C7doaxaDE@2 zc%5RE2g`5Q0#$z9Q>4$3a$@v^dN5*Iu=Gu$Te>Qlbnoz%w~9Tr773(B(zoW8Tdct8 z@o-P8{JGZ(CeK&ev-+z!mzCxt1(gQ8Y{LhkCo!}tzO&VZby@2Ujo1!*^%B`Dhd48yA0y1oS48QeB!4O_Kf_H72ubqA7*?F zYCIXPx$i?#z@-&bmc7iC5{~lGXI-0{Ca$A zr$GE0HsP+jWtZ3Sns$+N5XVdYl>V#i z57NvYOtDgUxt@ptw-97mfiAreFqS2iqS&uOeqYQ$z3*pW-x6F%?uF|+njqavDnz;x zBpgFtdCKs(m(TK1fJESe!o6 zt%pJT@>4R5lkrjdS79~e;qy4)lPkwZuqTV#8)TqS-ll$ znfcwb=s#BO^N;sA$X|`=>&P*_hg4UWx1$sXJ_i=4(J6tlA0&?SyR-Vqew()ki-z=l z2BBRZfl-Mu(C}tni;a=DG$Vl}Kqy|e&Z{-{@x4T_^UWvcIy3cTgJ}iG_3~XHM*cBa zuV%CpLm-{Sr%x*iZ7E)oZoX8iVG?W8kvBzON$ssCCx^fVn9MnkdGW(>JP*XqLO+AsQfmHfqoIEQlmcHEmm_(*!f?LR|E7?dEAcpTd^e8$+S%K$ z`3U&^K8JxV@@O7mFmNSXIF@bu^T?W388%3X!_gFy>6v!W=as3O9{2X)S6XPWW85MA z@_m4Nc;qk#|V%q3Z#h z!OyM|5EV&g<=b`3;=2g(0f_wDB(#;|cA%Kv4hBn-trrU(Wx`|I+sCm|Djul)d;F7A z_4d|hZso&~9?ZE)dSa%tyO($QS7>1n(n;&-*5fVqtX>*u(!rp7JpW`dyF~hln6>-)W;&XY7xek~ z(%+T8pVUvqlGgfed)b5oARfqfn`?N6I>=47PqPLpEF7==q1auGTzNHgE)2#QAd_G- z*6mTfqK1LrNT`KqfV3I#(t&d6XI@OB$SjZs|Nb9fRQji*o}eW^?#CFwEtp^6tUCZR z`_~rwNKAZoHP~0{L8jaaOt+R7_`G>Cc)Gn#_PLRD(Onnjwqp&H4OkwP2GF~j-Tz2B zuPsHPAd3EyWPB8mAVHF(HxLj|5CH-C`Z@HhHLIuF07|&GZq=!Mrp{_Xvvoz%r@Y-?D+H~M}HH0SmBJ#J5o=O7+4OMEt-&RpdwY3UDpaTS8XGdFt{ zwI4nye3ObJo1M_aPX_+*Bg6v>*uOls=oG>Pmpp(%J?|_m z>a|`!2Q+bX2r&H6q}EHmCsG0}BfTQKSaC<8uivN%pZkeQF&^9}%L_n{uy+&hkcI7w zvE>lU6-(7y?dcU zXTMD%INqXu8_LyvSB(nj0h%oR8Br-fN(iqQsV&E2Moha@-AYt;p%g4C%_IVGy{tQIN_j4eg-Q^3j5J(xz@iRAFL8xnMI`gmf zKZ)-bzqn*!|JXKrV2lgBXx|V5-o95JH`TuDW!jJ6>jtkI&nlBYKc3(+{v#L-iq*fZ`DMmA9HF zBUw%(?cY>V+_HcS-umr)7lY?r{`~AHa`37*T9WU$U!8YJV1rbTvku)r!pF#&1(+k(=pz$R(#{O8FUI@uLuGSKsT*ygW+}{~3PT zuNVu?ei*K2tTno(Y18fPh{*Ye@@7EvLbIG|h^_N`U+Zzc+*$u=4^EDjF;OL(74J-* zON-38@|FuKJ~;(h#V(Y_AW5Hkd2|#twQT@?B)*4<(j9QuFf-3R>KE@2h%brXXS%Mu zdHRCmq<-Z)kkaN5fQg_x#?@?^Q{8InfLH^}lMnH0_NDbXad!p=2->cHnoMNWtSrwP13o5Ytloxg`$`IHkMWIXq<=IhXUSIn4#15XGd)+SAe+k**#J!z%y5!{zCY+B@9r`(TNrQuK96X_6iPFpbr+c}wJwO=<>tdOWl zk-PSu@5%UTG!T7ICg^O}W8HUU2*EQioHUEbB=d=jX zC2!v5dWvR1^b6-bUOm(S$(-GW+vq7vfA1?KHh^NYE~=;~EHAm+0p?lNt+ zb{O5fhWMT(B(9LKl=fa?+{*-kdGA;M^;xGqqLo|K}{o>6AOh$cZrjs1>HeEst8ox3Qk zt8{ih`)_7?C}>MQQs|f6#|QKu+5`VlXv>BZ3pyGG=?pP#v>$^|KQP_$QII6sJ(FFk z(WJ|A@N~l1r^82Kp6d7M6i)I!o;e4r4Y!ApHeU5O$bsnlxI{3{dgED?$mQ$>$-=&t zS5zV|b_$kjYVQTtyE3^Ko9xt>p!kE!@rHDC;W2mqx)A9oaj?ge8@jvj-~9Uq@GyD) z#g@4_s_lg|t$8LRE#MvHh0aF5EY{kbxMG*dFH0F=pSb2vbjA8qnC z%tV4m{g}JLkjuM`a2A^J97=Z-KsN773@A0ySUUr z#WvZ)sf`()tW>ij9m>0ddfddbFw!-ozdTa@$EP!Brng|H7pa?( zP1Y0k@7O3?3rS$XW-uPEYh^ucN4YUal%M@=`b_w8@VA`~l@55oY0u1!g8fD!LTXxn zA}dQ?s@pL_H-#YL9KSE-=l@Yo88*hD)PHF?tZ@%;g_ly?$noU zKDjE!`Q3O!UdL~>^XvbLR&|(KOn$JG9Mtu$tZAlnX5FUECz@o|&wh!0|7KzN?dnEj zB>9zO9M*;VIGOMOhB|1XIVMjE1U{46kB`DR3z~_}3S5gBc!8sjH9iqX!<|cOke;yr z#mSTzTO65Mm$|b9yfJE`$-Z8?70_wHtESoN07W!_Q(9h7(9-Y|2mk&=gWsOHJD<$; zGT+b|ePn82JsU#iD-bW=Mxm{VnZv)J0Nkd%yn6$<1MWz#dWNM z^b=i-@-KUe0g~C!pG%1*J^OBze1)7ZJFyiXms+}W<9nn>CYtt$W$PVbtBh_zdqof@z-81JkVl#i9XY72*4s@00+$)*Ei$=6 z_>~SH_Iz|K08tG=d~_QHqaMEQ0^!l1T6wt->>leo-}D*8v>(5PPrxTGk7h)(`(!!` z{?fz!>1RfX;45q`DSxElps>au%k+^=ypfVpXp+{^Yv>tbHD73m)-Eg#z>}25P9I=?_SI10k!QS>{gg^f+F7`;_ae#>Lkr5Ec!2RC zzkf^qPy4j=*L?3Gdhj@t_740I?Dfchp;pq5FmsF2eNxM3GN2I)zd=hhwjaspmzmlp zzVFOk6@i|h?Q?cWz`P{n{)SGd()fa~%Wo_<37yLxX|wN&_$cIhPU_c347S(wLPrK$ z=&G_Ia^Sx;hqen1?1T0$8Zk5Nq+-DtSRvZ1QajB#DqQ0p zr>Bo+W}!2ZVZ*&%sNUXC z_abC^qneVoKiQfDp?YBFJXyX}q6{A-br|kQ@kE}*!k9bC%qG%@z>BYKoupNVYd=d{ zmA;<;bn5u*k9b-nn{gpzqF6R9&PUodqOziuNyXeCFMq9m5uDjx0rHQ?@eS8&skyv0 zukAO5vjfbT4$^g@b()V0>Q!(ESFFDJ0;~z>|ECupZvw7`m^>F%f2=1A(!z(r4)6m)EH&CHi3+`b)pggh6`&@wn8M$9*QEIZB@kh0;-Dri@MLv<@mHhGoN3O zz~AQ8I?Iy+!y+$Al<-LOBuW+c3$ZEs@YvIrjdaepa5{8*d?uqb4K5XurF-1Tf1|g- zGRc9k(&Ij_a*vy=F*&0*g%R+00Hm-vp1FE$kC=}!#(yAeWkQ=P5zf(N?>OU`hAA2e~F z>t#iI=wtiK@z_|$9Xb92R5GlPkKuAK_m88mHS5(<5VYiAHQ=(tvJmMYqKJ?bld?Tc zCl~vKF81dRovG+Ht<{4p)6wjgUfILEMCkOj_j?2jBADuCud_#u_r5&`@1%#{TJqh4g`|XW8ns!0s8H|U zH-_t|*uW{ueZA~%J*56el@a4AuEI>0Zd*^U71^0RT@evCH~g{CXCP-0N0wI16nSYZ zw(~Q^;v!DfxyQWXvkmr9tCBRawhdXx(;7c{LZ9Os-+MxJbA?zjq`-uOc;MG8;N^z2i+0>;y#ZZ~R_>$;vL;+n7fK)UO0f5~v9zOvky*}ygZ4#65Vu}y ziFyY2p0z&Z>VsWB3uf)R4WwoM;0F-^{PgiX0nM~fu4NW8j;!#z9n#^<1I2oNTjui& z1S2zAq~rQKc|j;8_1sk8vs-suL9)4${B>ql#OE;662F~S6^^{2zgp6NAF=BMf=%sx z4p0ebi;n_Syimn*MD*yNx5S?~KxzucA@K^?dJ2h1?nf`#&$0jKwV1r$@8#oMTaSYi zWTgxo18GzJ`ZM}mfEAOvI+5U>Tz0~qxn%Q;btCuGmJWwGsKCGO_`4h#_I{_&_hDA( zf%ub96hJhgKsNoJ`{nkc*+%p}>GFF+NqwnNS|UBtoHy^wLXW*3QHpE3 zC$VlFy{|<98YgLMdHQMhfH5x6<~-D2@LX{2NNJ|@fL4Q_mo(AIU(v9#xMeRNiHSRB z2Td0DmAU}BB{>FP5NO{6JR*OdA>Vkgc&If#pZhE9eSP@a*=BpU_vpuIVG*K}UJH{N zcc1XzU+}K{)r{yPdM<{VINrilwNq(AFN7|(9@sfaB|Xyb`-?^aEH?l`&ZiGtNb>i3 z4WNMiJa8{co2gc-69?n+Y)@~l^kXfW?H&cW$FlDkpH)KsB(a{asD_D1j5aiQHI8=k zjB01Ug(^`y6*PGfe#Gku-7tR>n-f8tjF8~Q;QWpNOh}jQXzRm$WV1r07_n6KQ?Q;D zZmOhSVU(diaNU)UPq--68_eVO{hGa??4xE`hZpM{@@m}A2!RYtp0N}zb9bh{m*Lcqx>5;gKUrOk$F1VX`0b;6BB57am%LyB8Yzx zt!0zci(QI0?hyj&7ALq^WW}HXojg-obh)FJ3TaQe`ZHo(sBRU#gY*00ww^9W{aBw5 z@x}3Pjl?V|f?_%CaBS|!==De=S?K2>KOZ7BiD3UTw8-v8t(~*DVLS2|H0Ao?NfR2H zfoQ51rHj+0AZdxC)q}rITv~@f`4-4EceqI}|rN7B0QZx0({{m!6qw@%Pi zZTIy@%j%C2^&r$4H~EDYI!_{YQNI8RNB<(-wwPwV%1E>2eo)FKAL;9yKXUu5wzvXU zLDzVZ815G|`;M#rRxN)I#NqP$qiQ+uLH)wfk2${lz4k9)681#vAN4Y2>E2o`Oq566 zi~zrBU>tbD)kz;LNuoBt()NivuhepgQoe;-k(2bwsW!6opipUAkovEspz(;9Zz#*2 zr?-t`m1gczZRYL6T5v;;Dd3O$G$z0M8;pORXtIuIp33VsC^!zL>yLHQ%J?Qs3o64O z$tq+sKiDT`6)4tjH?wN?kvNke)%~IO@~Da*L%2>|efAYC$Cin%f@Uj|#16Kj7q;pj<3nrSb%y%dyk$F8>i!v-0eudZoeJzxY6R z?ZN`#nkb5*A;4@h`+R=gE%BJW?&sikiEgES-B4LG&Jd8tFxZrbAdoaO8j&mj_&8om zYU!W*g4(_+H}{FkrILggM0ewCltUYMU;wNx~`4hJVnkj>H^t- zMUdAM0(nS|nW%nq={s*6L;}VGMomZ|ZH}XkZ~wQkpM`wlj*&Y7(>>=MPpSAcv^D`- z?tAEyeo#L_i;q*|vQomXocBw$QZmT$K5ikMO$@y+0OAP|K-aLY^~*iI?}!`a=CX|R z=byDN)QbyoqcZl&mo!a$2=h(eUSQF9*tTrO)@E@iQ@_RH+)v6_J|KCnuXlLmEs0fH ziE1cO-B?L!N55C`VT{M`2u;KKSbFG=i+(%(mJ;_B;*x$~r}2rK3bo45#u;W;hF==jdrk z_e<8&{sxE4pI$hBj&Sl`t>~=zdVpB)bV)M*$f_n@DHuElx=b$Lzb_||y*;Gc%1i^? zD{4ezgfsg2ZngJ0dWUrk&vg5nlR?X7?kWz3%pE7it+UHHu?TQ@@n&xz(oPmsRi1gu z=@D)QuHAR73p8zcj|f%iK5A!*$EcQLMVpON!6LYamCPcDOd*v6TAgms-xBC-86CL# zOVKYlo}VTO6>RJPX1~B8%V>`o6{WqiZayc%`?QamB`v%hvniNJ2MEGgoTMS&o5n+( z*$mRYK7KvtlQ80R3H~5j*Ce==Gfmh%)|#L;U&i>d{)N!5NAHIXOqkP9x39KLcc*nc z%@-uW1m}0{&zz(7EtMQi;i9dA*yEfD_}5C{kZr-fx)8V!wR-Kb4SZEXb&vLE`a6!& z59JfVx55|W?Eb%UN$&S+;h-Tn<)S^ld2joO+X5dA`*fPS?NI|&i{CppIq9xCkmGCm zjL6MH>!b?cNOAxc9D?sk8p|dfqYn@7jC~kE32gsnqhG1qN|+09vEfI}jAoCvnGSGu9FUywB=js8Fc@5T$;~roiWEZLF0i6e(RlrTbQJ z{z277=Bn^zgd;EaP4sXZ z;tF_Gz)yZM>Ie&O>(vt6`zf{L@-W5)zQZhicrRhr8HJH;x_{vkCf^IZ_ew^CyZAzbPjZya43vSFA3YV-yJFHpHU9b3q@Rqne{9Jov2;-dM!Ie?9SfR( zFRMRgN$jC*2QmM1^iZBTB72IwBhaqZ@wA*kz{AyeP+0RuU8nPdcLlHC*P~_xzvuB1 z{m_4XT-51U{pM_i%HlQl@QhlV8A*IV3#F@WwJ=VF)Z1=;#v5)Nc()Ro-)1PwXN;Z& z<=etBkkRS@1Ts^L#y}$^-r-nN(SWvgYD*rAQzd{AlJ?iZpVjzCAx*U3ZfZFNU5xrB z>n+5r4&76TRR>Qn_sdu%D-LbzYlr@=9&pJE{rh0d9c<4WHw3pkv~OX%7EO5sc*R7@ zw7<1)Nh7DpU|Fg(y-R&Q;cawv1&v`eI^=hM*yL)u$E>xxNk=;M|- zxYLz}Detok*-HMWS@lA6SeS1A4!oY7IZY{knLiRd7nZ^(=V&;7&Ep}ZTQsZGdmjBe+`gL9}+nmm!}ba=mYNc4sS1=~)1geG6nIG5v=l=a6MkwkMY z8t-O3_kI`Io|!@T%Lj@>pQL{y<4>_z<8SGPw@1F2Mlj^KF{@IsK(v%8q5jn8?-8&e zWV=}_M=R`Q#f3Z(h}e`vNu`HtoN7h+m$cg8W2Y_o;86FUevdyZfO>a7yzI4JVVf(5 z6R2guVzV>)nd#1i1x@HSp%)1l$?5a(mofe-pWyccR~Mi7v;NwN;P+|w^p>{P0mchS z_6}ClA91P6lV-%~wfhxEr-5>m#*iw6=+^#n!(AM$Z^J;;_bRTa=EB_Q_2i)61$Xfr zRj{0uayxdjfY;m`-*Qz(z*yv2mf3z6V21`!^u*V2{?pg|jP-xW3=YqOfv8t>1ouP9Wyq!Qe94jZWoMFZ9~Ka|%yl`|oJT3p`pF z^BpVlT>9<9J$j9p`>*aaA5zJ5Ig-+kyjS~mlKEeY-etk^iMawpRY8{UnkeXIv1t_6xd)w>OwvkL0-Mf$9(2IQzqH>wf++Kwa11! z$M2K4a(%UKxgSVfd9&$x^5^c0V*ax-s&blSxT?w&+$sWv%eAxmItM6gOYihMkjX%m zR4jh8(RR@K?p<p?%T~6pRa1kQ>c1^`S*^^ z+4xl7;5;j$i`Jqq20HpR9Y+4Xx8%wF9ii|U=9E4ktNUU74q`nf$vlTcN}N(dZU}Nb zytqN%TBMwqpc9q>-gC2a-Gmn8NG%=I#o(nItVLI@IzrfAUjwe6ubjU%R%l}?P0nd( zK&?Hl!y6WI*N&Zy^Sh@fN%8{!BGq96s=Z30a=768_~t(UqrbSQ@AOv)89hMfl421D zDgyJ(aECekiIYp0BwULj%KVxLWUmsr+Rta@q+ETmp{Wb`XN|npDF{IsE;V9qU#E=$ z@)KEHtJ#B(nb6k$ z5K@p2E_TXDXja1;^&}REPZ!>!hetzdLQgMR%7_Whc)vY2@?81j}}?+95w)tWF!45fVnc#fdzGhT9R3ZbAD7_ORhC?3%8_iCVp<$EBllSQv=FF zr=3cZzKGjZa2P=gnLzPel;=Ck;y1(=-sDeMT4G~ou~Qx|v3BlBW8CvQv(-I4y8Tao z`D)0gu0Yp!bd$noTjQKjC+HP@0*yb|V3+GA`#@{-bjgfjzp>3Z7#Xb8)=zr&i+HpB z^zp9j=<)Cz!29e)*7s|KIPe2l#B}aradh*k@+Ps5;r6zZuOj;FbtAvB{>rkGnOwyq z1%1zwde64_t^5XcenTd|(^>yK63l$CYCVvj2M1y7`B%0>OS!@EP;V|cxa<|hGksr{ zuiwO#Be%A;41WoB^j4o-cOQG$p|K5IDOFsSX!LjYMe!-oM!(UMO92x(TWU>kM6P8_ z%Ud)?+LK8HH}?F~MGf!XJ>SoGJ@K$(b8OKXh;!ALNmzFb9)Eq__&NRhJ?Lvc;^4@f zqWk+ARQ}+h!tLnvs#+|{jgbch-Go526$*y}UhjipTfRu{hRa0QFW^@)nftQZuaiNV z-uoT7FM7~e{=9kf>tM|(j6g!3`!zN3TB8UoSC$;+=*vKysZ9(njb2OUVfuQ869{YWPJtaG~U7s#F3&$z?YJ@0)2DMH@M zaQ-ax<~y~YorKME&?;@$vsDAO#ne? z2zRF)yWsGtFrncmr0dsEDf;Fs|GvhY-lWMmGYeDM;wH^u;Qc%o&bBtv8_$miMoPs2 zSmaL=N~)M6KMXgx%&o$i3R8P9=eTyJi-C!*xM7Do?Lwe!Mx-j_j_ zujBIC;}EU;IEGffxV5PRec_inInG%4DH=>Te)20OhB2o;=2cBnn!X(K7>iZ}(VL>ExP%km9zG8%mMnskWR^w@?8$@U7CpnNG>pCg zKS9>;Bw%~_27Ep(dUPr0rK{S;=VFOt(I|e4LTi;dKf2?`N$%c@B(IpXvZafsSW;x39o)QUcM=Y|o`##LMg_~G7 z&h)yHT=$V8o|TZOs^8K5*-BK)@ zl`9F-6i|tOI3Ak%@tWgNjK{1&$20RF{_H{1V>jynz0+K%dsw-BK`1oTljIHnwG21n zBPN$}*~G^#b{E+FkenxOyHiwi0PSu*=sdy=Sd5-pH9U2%cQsbvOEu({?V(BA*4H-w zsg0vzFsz1=74|CwIXkEP(EblD$F_dHc=GRvSef4POkp1GKIekn%vSKBAS&vnrXAkI zhtAtI%maVs#E~@iJQ5zI-q+bK_BsE%li~%g?9f;gHT@}SP+Ni{3#N8d^7Gk%D&c+7 zh&H%ougyR+^6$G% zW;ct>L?HsPSFB^c$hF?94loR7uC{kMQ9)RPkNSK>x9BD}m)pAphUolj6gRD-vbjDl zAm6)%T*e^mMw~BiKWBtJNyr}wisH5O*)bocDqG4ny5!?e-``9zZMS*qD}aFzFm!O! zEtPlIF@T>88(cfQTX=$d{rXdHk(+MZpS5EkswHB$y%QYOzTq%>;;N0jvcpRR@9{~8 zS_lZD!tPLZ`21o`P%1^ z9d#w*?mt#JX3kFVFf@{V+m>BM9Tpl;8S+twW z@lUytWYDB*UhbC_@7mU8opJw z5?o8X9r+t$!eGmbmq&OI&Uy-8(rgC^3%r&AmH2(0q~*Fk$iQ%_^OiP4C7f>ookCihLH|lkGEIa71PUU!aea58`27pn-~06it<>C@lXRI%j)t8y zN9V_CBsp%TO(V|70rkR6k&TsKB>md`m>TA*G9#zG%C8JrLv>&qZX1)>BvzIBDejz9AMAcN7U= ze^7m!$twoJ17Z@mk$0*3mnv2XF+ocsRM+zLg>OlUJ|)a*2W^0MwYmA#GaZ#Wdxo~( zG7?^?TGR@-DgkTR8P9@6@hFaFS_&d%BCuYIu6}d2s!Nv#1%iY9*2Fzn58;W0QXfR} z7Y+VQYG_PX9_JXoHSZTfS=s)DFQ8Lghzt0<&unIm*jMLm@w07O56&IpzB^+vc277&%B12Va`RToXE8!w0z-T(S6@e{>)Q*(w1juYV?jFK~7= z2^-|7)BO%Z7;kJb+TsBo@T#t%&sdn5@#%V)EoFjw4bOl_I=OzV;@40Ai1jH6PQ$gS z_+M9i_1~%T9#wgL?L##tfpfILimgw7kuoRQwk^H(89y#qVU6sOE2&M$V`Ed_r;K1z zRcF8cFt&4>=?4?FFEzIWx%&{`i0a zLY|G%ddZT`QJIdTg&Q5Oh^E{|o5#o%HF-N}VT4|xQqM}0xZ@>is^szeVOG=y{?KK& zZNeot6=()vu*rK`hWeuY?`pXZdnQSI^YIH0pGw_UW!l|f4}0<(Wk5-wWC<8zsaP2J+}>9}79Ne~v~D3*y=eCOW! z-V8rtE)*%Ah~bujN+>^gJLVWqSx4#xAGgQLDWnyl*d93@fh8vmFeE3o5Zt#K`QmJU z_QaUnE{}V-ow6$zKu=HQ#7KUrt9Z%LA}^ls0%Ir@0QS*6Vd%(U-+VVu^bFl4*D;WZ z`%JnF_@qpD8Qd~;Klzv6gX8ByQOceW5+K||FL?j5{Gh#SxuWi)hZOuN=8^Y>KypgM z_Bfp-W$syEG_l^>qm#=U;|ia{{+K@O8JO!_vwRuq<=g53AK<5F&t$DhTrBCCDhly^ zWKZig)4{!n_o1axRx|@+%n_*ItX+*`$dGBIm%|e%0I&lpv0`+`sfECwx2Vc1(t&Ul7H&wg|2*Y2#{InJCqA#DMkL?(*=Sm~QRvr-*^zP@5OJSEp|gF8AL&?AOR;kmdi;)|VkujGP#OiH5Pilcivi zMxbW17?1XQMQ=j%5gr?kBg2bQgec^62rvN2n2c0MBl7#qeKbEbXZ2A3-De3`t2TY- zmi76~?nF%GVP4%o=USE4(&fJDO9^Q4)Me){B$@Pj$ZmfhDKyS5?$JXKU1r_~q?S1K zAsM%uyHF*M!dE0v7i(dy6RF*sllXc-FBj=M3PNy|#u)dZ!M50EkH)Hflsu{KbQ;V1 zZNGQnnYlk*cpRClki9-n);`E`qrjZJ?`Pz&NF~0&aUXZ;gkVbW-NqXjv}{O+Ipbe) zH3}r??w|F0X2CWxKN{fFFu5bnGq`l45YAbQ@+<%Wd0rnQ8&lqxWu>lby1l4{~^ELDcV7^tiux|k-KHi z4ULPhoP2od-B79Zx@~);=sf>e<+g<`&+}ccJ{s%Fvn@&-H7IL-C#XolNN7EIj}ySPLOF|{f0?j00tg`@mOHUlAFO6 zZm&6gE9LPRp;vA4CSGJ_gcewgzz(y~5(6+1^H{2OPTjp?vJ z+8~aX{55!`)E)$*wJ|@h4sQd-oFB%=<>aCBEgvE(t`VR!a>V+)cto;j(*&sbmFB(7 zi}7QqkF*=jt_gFxR|a~p%KRbzjTdr%%^V5?88&a6>u=}#p1)6k4{Hwq*RTo)`ATzN z#m?-d-~0}b%Kj3NdvCZ%H(Y{{=wk=Tx0ZV`z&v z7HSwTB_=BPp2cFT$ zS8w+>lJ(~TqxnSd%0vDb{>T!@e!aWZ+(#i9ykK=ZxX<80sE`8E+b5}w60Evc=*!lz zBKGn!9OhVbGnQ@DDs*UYf5jW&K6cz!FieB`eMyX^ur&NZo3~FaTJrum@bg(Rt&cwY zAn)D8%BjZWdJBWM`N9;8Btg?UvhoTy_%t#LtA1iLI<>*t&Rf8;!#;uMt;pjO*-7UjNEeNNNwx7BJ91Nsc+tH)I zj6w^X=0Szg{}fWppCCsLl-(P7l6^qEgtiL9;C^IY){Uk6DQI9$3eK9?!X^qDdQ3YZ z?UP~@$?M~JAvy;w-zqt+-QCtr10K{!l{L%jSfO$i(*!czA^6(G<@Mm~{NUfUCcO^r z*L&BLs#KXeEQkFnvt{!sJNM!(FeWsDwT6pOFt{d1EiLQKk3roMG{;#z_joJc@fu$S zhLPux&ECP#MQfg8d`Q%`i=8!#h6`+;o~PxEUZihO+W|4Wj527LY1VIRvgCR4 z3q}9(LXUp9cdh-=;!mdx!Ni!B^p7(1oy{8V-5{$ zcx1O|5&fF_K2c&His}Sz`lD{z{rQddxFi>%Fm_9F7LMgFva&~yqwM_8KO!%B%!d?h zvQw=OTVQU7jv~*`EBAr`2oGA!-xw4D~N?2~IqZXz{fO)%_%_!Is- zyi07f%sbts{E1X`dtJ^-Uu9k}>1gC)_gI<921P-8~AJ&5y@yU5(my8#vQEPMbd`$ThFB=bC)GO4q(}sQUFTaz9XgzdcN6dzckCx`mr^X8R3=cMoH2RK>eQUtP2zT?nDD8JD>F+m zsCoM);2(kHMfjN5Y)zd@OEu~C-3VXn9Xvhj?SUAxOxt>el-^N!(^ZK>)$dC_Q;y_b z3hql`_PyhK4eA(Tc$5HokgcW=osEF>c%c{aihksS@$_}+cld@;cNiKv3@uO9uRHMo z5_jMtR}4r1b=qx_+rRJXIho)v)Av7Bc%0IG27WZ{MiP?bMnzhgK)IoS{Jvd!S%vC; z8l<Q`Ef)_?G8L9;Gwb$vVME+NrQ3INFOG8w>~B%Lg; z&>e+Wq0y4010ls_$U4z0x;M0eq}x-x6-9H$*%Q*4QXr=eQZ4yvk}(og5hV^eFF(wy za%%#T0A1!dSjqWT+P^n}tnD6-ko!5Rf9Af8Kj=vdKy2HXZCQh^TqXcyu^(=1jf!rb za`Gd~h`|P>zIRQou8yiyzxXCtLn^CrDCA(jgkYG2pZIrJ`}cOFw`bFT6x(QXbGrdW zB$RM#a6Tl*?5PXdY^NfD0wmHn?U#pl1x1yxq(b{dZLd^>c1`UJ=`=F8W_1e(*{|sW zmNvj*B$}{Qs6Y9&?yukbM~}_V#Cho(WMv)ME-if2+UYJ$rU^dm&ub<1*Gl)FFG_t1 z`=?BK=-rF&?LIpL2ltWl(rmWPBcO{h-nG~HXv+SzbbRQ$iJq{aUXUDxow`Clh|g$0 zUfF&$P8Lw)Vf~7;i0p&=mu&aN&yYkQx2wh7gb8G4l&KhiN$%rYTG~PWRdx)8i1{c^ zWMy+d7i{#!X3qh-EX(Iy1!Q7vB6`zJqc8N}UUH*ncFg$+g6~hPQzs)2$7a7(q=vjj zUyf9Q2y{ZuyFN|%hsJ8-)xChb7od9N&r6)kP%AoU=C)x6_(UZZVjF@?^F@lj)e>DL z9FF~LfJ88o&)URC#GjY_`jF%tKdE1Vm6weNPnUP{_`(w)GYE!}wx55SKf{RoOK5nqzKg0A82gNxE4_ooMWR1JC)y8x?fxU_ zy0R4oqTrU0An-{>MMMMy{)mD^1xc%);>|hE8?%I_`-Tb|*Im$eVbKS#%=;#sEgJ*Z1p?x2Tmuu{A_XS^A&#&G%l~) zq4;n2RSC3Ik`?lXlgio0trspe$WZ*`<&HANUytB!hc2mVxHpB)nv;2Zdor|9)%{0= zqu^ZLwlH~>DW6N4^>rm?zi{9t)TizK<9MKz&o`1~w^8Ay$9%Vg+}jIK#8R^LnO4{k z`xQ>f2P#FsV;|U(&wt}T3Kid-d3TOg5n1H>O}#CA1dS+&HHtGTpaCi1t@ugt%peb*=sQ0oC4U@c~)#3WVfX09_(*ONIYtQNT>EC6oK<01z0P5Kp#=fGg(@L24 zpjEwlvC`a+6G?=}BQo@|$(JSm&^QCu78zW(;0qa_jt5X)>C7RJiprHnP<;n zn{M}{u}cL0%|E6;B5-|b-1NQ&-34MH#aAaohtqu@ULT>)#7eK}&SJ{R za-L(GH#Q>K!>iBk0xGWL%PRu$C+<08@yhJGCOt?FWLH@pKp z#|Kj&Kk6`izu#(qzh7&pyqeD_jN|t;u|UMzGaEOr4*T>9uG!_BM6R5_X$vW_ zLAxA;%+n4E*J;;RRq@HyKa_{6OGw}9$Y#|R4f;8W{rR1v&h1x1x3V=OP>&VN<9EM! zJ$-YJ%05|LKie0LqSNgO9V!~tqu!K;f7ulpSFJYJJ?#4}1kB%O*5l&2AWt%AOD zX2fD{F5JPF)_u&|=0j$QT@^&Ux_5aC;8#CNb_U&T?hN&S+Z)|k3v=e>mhQ_Iw{5Hj zfnc=W?)FVAf7cH`-0$@pqVtpPctuqoM+eiC&1-l`^1S!oqH@%wRathjVZ+I z?EyMvXw^Y`+p}3Dd2b@}SL>9#gkLS*%=2`+WCqixNye`oK;nII0t6ln{_*h)lD|J+TV+;jJ~~&1Lc<{2nDh% z9nRMFAtlUH@I!!;`n<(-&)&TG6^iR#Ee93HIh_ulqn}ZW;8?ZRi^FQA>zyKg5V6BG zOS-Ui^KS(S7DMlIDRj&QeelW5qkI~OPrEDKBfnmB0eYWw*-C-DN2I(~R>s`!Ni{x% zB$0qi%^i2`{>Nzq!B#gE)4WMP1zJaOkuOi*z=3`b`rvyBfMwZ&plMdaY@)CNaX4#e z2!Hm2aRFQaRzPE8g1_|*^%3Zo3*^Zs;mnQ@5O=P>Zxbn95 z?t&`%52g0_NRQVSZyeL8vuw>X{H}!<7eCbR(H4L+CST)&WgWA;pTFZiXunvX3L`46OHLsUel;)YfrskE%%5MrCb)zA;(h4P^w_#T(Mn!D;mLlynRKsjQDFx5T? z5sH2SSOshL`$3Y=>${wh4?UwQco@@0G;sqF06wt=bFUXXm!41bii2*5WSt@ZJ|03s zq^7U%NssEP$i}sWd<>=P4g#&2dKo-fd$jYoK{N*C5{N3^1Bre(zi@P3H$OfvSaQ@K z__5_2Xdg#r!$uY0P2j_@k(|TNK7d#f3)zPZXvs+H07}*8<5MF_W!YDatA^ut^{q{M zPvg}nERJ>dXy(r4l=e~{#NcvA!bfNZllVnOF!~fWwEN@+#2g#}7$IpM)25%Mg>Sih zI&^OYHc(>pd0%v|9{?=gReYb+!O+O=t<2f<3l@qj-n_wpI}I;8WLNW*Sw3NRxA^)S zaPvO(3v^fhI-Xm|2AxMWOkWnPoUF8Chu`$asmUX#ZtcVCed8uyLL*Edlv;sPnt#38 z%>qs2XGT0xf5F$iFVFJq%iBqAk#$E&cU+9)n|}>^ZQyu(sMVVv?|S*Me`x-R_1S;0 zE(6wgx=-i1`L@K{{#%KQhoPuIBX587g-BH3ty22974fwko_LjoF8Eei{R=@KY<-)j z9|cx&qyUaB*<`7@SCfbb=MAs1cgmG7;A!TF|&JJHT8?BBc%np=k&Yup-BRX zMeepMD66lJ3jNDUp5F&|lDMM_m_p&kOhKNT*ZajB{Y#N}ZVywy+smI@xF#y)4WwRo zdw#6BY&d%J8o|(^`#)SU$kTS+2@&d~3_Dy%lUla#i8^1df~fTR`=)uJ_t*@0SyiuF zV6XdB*fv5*J{CaHpa_J=?kM8Ki<&22%~{CrmrGebZ3*fTW&C}uA3wi_U2~l{#M$=F z0TE|zdq$kUXFNeL!XjqB8vJgAr$j6z^QBp77a#n?LW-+hw2!!u^&5BXVP{k~8IYY& zo7B2R(7vc0dn>JN+d4JT?OD%cLJKgB7@=?a2#bTiK3mgI_Uhxfp4?Z6_Hho%=+;QkkA0F2{R(3px2$_a$ zGIQGMtu^1Tfa%b(dkkxZ%wal&{2RG=>#DvR=1(d*>NJqJSf9jS-u|g3=UQ0G7N4^I zghh&SQVIuVPvtWDAf!2JKN5F!eV!#RPF!yMRgpzrH;UJ#*yCDO|KoIu> z{^4bgrR+WYMyw@PcpjCwJ&Bxtd$RJnHhbpI8leSa+cGZquZ{Q7ft#2FJibw7>unEh z_e`g0+Oa!nj_<;4DzI+*%l~gULL#<61y3IL-uqIxkLKAt?vW=O-cJ_SsSmKGkF~(< zhsvb?gqi~XynjpMHzhj{)E-;$Hwj=gcmr3EF19ccs=Ug6|N5=CZ`+$-O-J=tHq<_6 zHPoe=^L;lyH&g&reX3r8Az=5wT3SM3TcI|#Uq~9EvDWj0d*5OswS}E9S&7hVu|ym6 z8-jF~6o~jvd+mwO{tf$*8HYw9V~1cqz^Xmr8qGajzSTbdHS>xBZtVf7UXO zMs$T^pc=EqTaRSlq37ARbJm&GeH1{^KF4#{0e^7o_q;(hhW-5G#zLM39XoE15qc76 zmY4Hk4}Z#)KJ(@CLy28cxAB6%1OJG#3-pQiQ|(z(-t*rR?xH-kUv>L8d=S0CyK+2h zKRB-KOe6JR>|1xB4#mV}PCihu<=)Tu;ekH{HVvwekK}kYycdM*y7}>|VI+aquDd9b zTKy?jdiPc!_EC>S+1*d}W5A>RME>^uI$ckS1#S09^lR(rN8a%p3a9DF{KxWMuSd5A z{wtyn^#C`K`m&J3K7w#dOdSn)+*!&S_fGI-`GP;?WWDxsB!Pc39=GnZg$P>}DEn9% z?|!3NWJ>4_OJv2gpq)j0NaoDn8ElVefh7kEG{+O3Ki;WIXDu}4P*MJOzUQL#-H~Q$ z4GGFuBh>pBUJFv*5A>}J1qWjnCpS;NA+JAVc+M?76vdhReS&<(a#)N}Jh?9H)(l)( z;uf~%@sqk2m+T|v@j)G_0%h(4Nx8TAMX3<);f=<9J}UUFBLPQUUxU$+?kW*v0L=)N z;-&D+KN}=?PBeB{b*ns7kSMA7VSH9!`zPdM#~ak&WwzvYE#_uK_wi-AI|&JUwmQDu z0vO${(=`{>#D znA{iiTi(|b2W_ka#7iD1DF#hk!C%kN?`S6gW4CV`)tbD!CFcU!=m_tyTp=E1AR`bX zWeFkB=RR{o*V2IZ6p4`S*Wp@LHWQ1SmS)aH9l3()(uK0#$|m#UnKRn=OvvLb?e>pIdU;>5brn7k8QK&`+bAw?D|2{orgXeuRcY7l*cX5 zSC4bo)9Rcc6Dn%ieq~_Zv|yH6Tb>r?WN?;I7jL0_A0AOG_PFNmYR7pBenjTTA0QjF z_w&O%Axp%M-=X)ja@hCPn)L(_UBi%lQ^gzyfiNiH+;-HOZsFEd|6{} z;U?K_H%!RFak+`Yq^Fud{8GC6p@#(OtNVf}PYp+!tq;V}!DXl#n|ibjNVhp8^f4~$ zNjut*=Q-Vb=VwDd{PQUCq^Zx;hfQtiMcrBF5TwBqBK%p9){TlR=sxrL^^FlO07{T{@_de26! zzH@4zM>T~k3{peG+h)pS2uZDqdQPDyS2g+=o)0I6JMralkWkw-xcdWoqOs{^OYy1d z$}311diy1MWfsEzebMSA`Wfs~Dx8}=20nn}e7{grq4+fgr&3pGmv^!72iNs|Zlt>ARzhvd?0DR0y zxA&Cx%kM89Fbr?$=0D9v-~wA&TTk_XUOYf-Kl}(#`bDqU{Or&P*jImi^bTomrjay5 z761Vn_Br{v@n=3z*eCJFzUS9f9Z`Qf?Ey4yvj)0VaFXFn{xO29=`Z7Y9m|}#6f9&N zC6x*kR-6p#g%cxYw~jh2NA<6>J2TJF^y*qsqUMGDD-Oc>lWzCDhw%gt(9kOq$cdoC z0a0bOc3%1YUEsd+@OjP4Pbw#*<7iI1&QkD{_5=bWnSZqt77VIUE+|mnemUWS)vv2{ z`P)KkqB@O^w9MD5nI~3((7J6~yC%`91qTjfu2O6<5Aqt>L$*x>U)Sut4@X z>__4TLn!p%vr)kLRF9cNXrJ;zx2aCvE+3#N@>Tf!z?D8e()|SDO)$6N`r{)&8z#)u zOEvN7@2*}^a@(U%`_1ep_6T>@mW88<$?CfG*>|<*<`lZ5aQR@b+EG+tP^y}LvngAI z$w|3j#^~r~KEid*TEY&boF7zo_p@%PST-;##yt5R7EglmjPrE*veJ9$p==+ge$m%K zh{Zkt`7uKJCn|NM|7j!$Q0tH&3Z{vdpk6n4Rh`|tyS6{RZU&Suj$V6qdZ&1V@O-K& z0(4Gi6Mdssw{Vq>7C4x&xSZbZQc!+uqv6T#K^DkO4{8rYfA;5g!vd_n4QX}Q6Yu2; zgnfUm&gjfTjqao=q%i~>LMq`BxJgbmI`q5}UoM_pePdp^_Xv@rI~~JvB-QV!zA&D2 zSPGdo+!>~cq8AY3s5qxh{eEi#auRjk6Jz6*)6g?dC=`uc)){NVmwOO^Tdrud)WsD? ze94sUqia^)EAQ!@sMkh6=G>3qAVPGPd2aKtA&-yZW89VPDy$dy|qGEia}oOXQCPoa|i^6-^8zrdKvEfG}TXC6hOsJ?I3eKG@!^w{Dr_kyQItq z?VRMy%->JLRnDTRtSi3~1izyEw`$vY$7Rv$kqH$=U2UdCAL-V!??vAQc&UNVoD`R; zV~bT#@SeLuqB;J8p)%*U;hOw47IBz3*VPipzLFPZ`8+hfSW`4ZXLb24) z;=rt1$`B(VLo9UiS{(jQrPxFEQdjy3K zZV1>I@iAmZkmJ-L4X$8k!B8|-?r!@H7dt)vJUNwJV9bCRM_};g7dqv54!lv zYbVBNzVf-{!C_biTY;se&;QO4_UVpE>Pwd#eE}Zjv}~2$(e7Qq{xOQ5H|Dm&_wf`x z_6pVp>xFYKbuY)OwIkh zr!WsYI8U8qK=l4>Rlo1Bzdmxq!@DpkR*4KCu{w{fNjzwQsXr>ymXkfDjV_npVnr;| z1ra2tsRnvm=G7sAW{@cM0!gQjHX=>vVL19jUC?^Pgui1#~OW~$Gs zoKJ?=_N2hpRpRIl!M4kLAJgWTfUl6(Ea)N4qK$-l_&xmx7!fWMZ?FQt*NB2w)blZ2 zgP-%-zgQN_#c%Wgw%H3@I*<{d-9e+NuMI-)8j!OdXfoy~8~v}ZwA7G)=s%9of@?ZX z+RZL1&abgdKw@z~J06yZ$F~phzCE>2F8ri6@ay|y|3=G}OZ6=&V{$)jBgCz~jv=9r zwRMG|x82Y1Nzi)tL#nN^`inih?O|R@DOMLrgKlPWG%%SZG;fX*_02;ss%dgMKP{NV zOwA>2sx7~Y$Ee2Py9dKuqQ9onf~_?%uT{ORabFDz*KUB?zV?aeSHy*EET^q-HqZNt zSFZ4^)1E&LwOqeb+Z(Mol)X!d>_L$10bh-$w5OqaolQ$Ks&Z(YPMZ zbopzjgTVYAK6K?MjX8!WC+}B^$5s6vo+KyR;TI&m zSughq!K`V4J3`apJfMG3jitP=qWIW80EBSTKXFj+Z;kDf{%XM zdc1!xYPnsXN#|}%`?+2Z=`mT%Lw8|iYC7F9RDjQ#G?0*d4}07 z=fA~clU~~Uppnl}iau99d_I2_{k*^kl27OQ{Rd&U>hRoh%~knp{vFb0QeQ9{Np>=r zhz^vkT-*m;DrjdN#-ZM?zVLgc=rJ#ETB5#S8YF~_tDF__rwEY!cXXJS0<4UW-z`o7 zO$_D^mqqxtBZSikK@b~Ld;pAZR+|;dq<^~WO{X`IdBAt8hxtLYnR3n|hOfh^8xpJU9WuG#HfN;eJe8uPr?Y@gJ@-i>FH_KIjI%(=vK?Qj@PSem}j~XmLLDQXKyvhyo9=ydxVz1WtH}EXDT=jAv&oi zInNuzNKb^x%)e%z(qOxcznLKw&+JyeO95J^@ZxH3f6K7P-$n9HY>eKLmnPR@|v9X?q zg7v>f<-T_yw&tR2p~kEx!$60_4;})7yob<8S03<$tgdGhoQtjEHzs`0jRAPVTdP0p zo)Uf5`xyZoLv7$=u?PVlr4${TXYM}p7ZrEJK+PlXzHXaa+?^Y*J2Ks1R#!KVm*~1M zv*036<*7ac^63rdc8@L40c2noKr@fW{p)9y5jVdZuBR}gE_1@==sMT+#x>3JcB#Iv zR-s<5U0AP{Ik5C_RAjOPK$>RaCmERl$%kDE^%e07fWS$AR`ylYat!Jr{XEPR>5BUi zz5sUTE6mjS{FsD$#D`n*JIl{DO>EkY-r9&~ZeB{uv1J>?(ioj_tLZ#ZYt4q$fL>oN zuW!P5S_Jo`XqguKyIxT~JoxkZ5rGmfAoozWmw(D3U-*rqeb~)718>z=ihUIsG`8Xn zH676j{q;agv5~JxNg#e}QG-bZXtd6-6=znrU($xyYoQU;h*}}-GhnKpT>rLak$HYr zr!%Z})0n&G4B)slBpKqb4Xk1K5)ZJZF53B;j;_!Y{O>Kia^w(+sI#hlP(nJ}FE1{y zEJyN1?aJvlLA3A`bS?eBiiLi;WlM$BumKmf6uu}e>h$wwd15=Vfi@#^_x^bl(z)IFq9$zK-A#1kN!SJ|pjDh4+-Yl9qCC){=`%OJge z_MCTaf2{nt4@W9~S!P>@;&9#qMWT<<;kt%GDlm`R9{CK1sFvoF8D^+eCB!Sjb6;1* zx*sny_xAnRN<@i$e%jo5>dEfIEb5o+3U+E>c1#jWC!nX@`W=AmG5ij-1O?OTmdyLI z?;iJ1y6u@|+owym__zb?)(#IX-IOX3--h8j^&_~WQ;fVDavJ z*VbuHDs6F172$i2Cn-6v+Mfyv!~FP14NU5QV82*jRWt@Kwh)5oEnS~;mt~W4MQ2!4 zpF}^8@4i0H9}%?gehr^yOrCpE<4N5%$#+3>Er2B00Om2)-UC*qHYBTHjjD)o)T!(e z+D)W&?&lOhAs3iI?GRT=L;V&zgv>z;uU?z>?~6f7{gc=O*Bf)qHN#!q(Y{T|dX9w; zG2HsdO@h|7zRv~Gs9?#T>~)w2_8R)-qqKk5a@(mxYP=q%%+QOAFF$58^_ucIzOSs6 z@whbirm%{fS^W4#ZZPF9(F)ZKX3$4q({jX%RQdGlqtKlo#e;|M7Mx8-IS?O}Z%s73 zRVciW(9ruR(m3mgt*6x?ht73aun_jN+*n`G2d|+Zih>%;qB8mtbfEU&w;*ug5e?$% zx~9#2(w}J*QPV!?;L3tL7JT{Zzm8aSV@h z{?wVL1ier0_OWQ-afcwa$(6=TqiR!N&9AeLpOn_*;n#=vk(C*|lGt~4iBXk55?|>- z0qb*~i$@NVfjJ>xUEqf9N1xfM;TJ2AV zc&VadR*KjDHs?OSE%K1uEjhrCm9u7xR5slxPi{12^S*boj!CdTp&KoLN$5L$NL#4L zA6u$FzuyUzOioJ`16l+Z?1vzV^WnFZ&?o6Qem~iz9Y`H-L+>gvE3DF}=LxxBXwv5l zW&WzTo!9GC{heZx3gv7<@^>#Sv<%d13$_T3AD_z76|J|k`$fHH^eK92fEPw$MVotU zEj1kUnf;FpW{{q~uV&O=&h9&YJw}vE(2vwmzDyPsqv)hiWd?k|HZku%Ie$0e@((w) zBSC@4U#-KJt78!1ez)w=O!a^r5KAe5f82>V9wk>8Wa&>&WzoPL1NoO4{0-iPE+>kR z5=rUfBYw*c`PWz+Puy~Vmo@f<;|u5$lUEuhYWT`oWcH>3)lc)G2VfOWF+aU8+zt?r z^;aEElXN=K;f-lM&m|HIvT^NCh1zZ-!(yI7eIrclYgK!I`s>h^c*2IBfWSR4H!?Y$ ztfvg7gdu&T>%$f&viK{zbkTRY#8ei~-~gPRnLI{}nSfqwZL_!!62RNi%p{ISYJ~*u7r$3ZT;Byn(^$j#+F?bUe~@L*e$R0d^ULWgxW8#$ zAe(rzzniW2Q#FLr!n{B2T93W6U6#HF>;~UNpDoO@@wHt?)@n2|yEsu)d}+KUMmhb? zk~&g3*id{IZu*ZoT@W zN%V5o+}<~1t^&b1vGU=x{H}dyq6)3q`o2qa@EX>i78q3(9Ucrs*%$9OMEof}qZU1p zOes?~bG#9SY@_T(@0Cq)E(7bXw6Jq2rP4DF(0vYaHV#)l?m#Dxi(mAbV{@gi_>7x*WfR6{Sqe(`MnDhTs_m{}e%6+DZ zqo4eh@|Jf|aO9IteDb$goS~S%tDK4PO=j}a5WZB;>`OizNe%$1I-vqkjX@LFCf%~} zy}GOx+P+2;J)pnN#`qrbdLN!~iDd%7R6#g*FZCv$11?ZavwrZ@iOy` zuIu>t*TS+VYHzYt3h7BVsi^PQS@QU*bHJPi_8k5RpIurOAq(DWpNil7mzHW!8~Cc~ z{R;_FX#f6Bipd<@=;**54qd=DD9T^q=BUh{=_K5WWgG+Qo!QSGq|=!pQPPDZss5g2 zv}@&JpqxFF1o{DgcgJY8-LW-ltFsM~jmXDGG9!?Tt6oBP~&1YZj@gYa z$75cPFG^${@2GOF;XYo87bq)uku*6ggX@mwv)Y`FvHZ2*+Zmv+F-zAUdlL6I!%p47 zdxisdWXpo%P9G&wv)1v``DMB>wPdfmsh1ZSS9 z=2)79OeBAY!NyG^>)%mAbT769FxaDZ?DGS3H~aQ`;wTPr#8E>2C|=Kd22h743_@NL zoQGxThIhj=T5sY^18_|MlfXU$yeUsTwLgcqNK#bgjd1sM@dE~~lSOud5yQ7NfDTCS zCg6B~#ZbWnccu3u<J#mCg7+`pWB4a9>v5-)j+*z!Xl8HaG$U--pXbnE1-lm!A8ETl*>DP=!yz1huRluNfGL z>tz|w{xd=oBq#)-I&aV4>k3*k_!;{M*k=J~X>!T@R`){_$X&opF~z{AA^J(JDD>hEQGH^^oNCvAO>*6 zB3JiHH7tAsOu1qnwA~h>DENAOSFdXyHh#@p!u_r>;PUS5F!35{ASl(3 z{+VB)ah@l-n0*l2pJ8EfZmh8K?Tned>u+BI_Wm>4fY^9dXEeSZ(y3WqW0k_|{IGx9 zsKt9}V!n=zvN>a)b^BxoLPj7Cm}01t!Fs@iI!v7OOX~hWYo9a18J{2b(LAjqh8jo> z#KGXa3zX>7YW|K#8mjBuCy+E#41BsE;M$9&-WEWdki>o1z_t&V#US9%wt+wt^Sr1_ zAzAw20yPH+i^w5#Os~wf{(zSkK%*)C>X0P&;7bapkNe|wrgBk0Mp+%w?54bd7Nf?JrK4tsh+b7>~v8=1U+9Rb9m329}0dQL`yjLYT(J&-M_L#({@_jKWN$8TB z+rxlfYQ(1OvnIZw$hKz@1uSqOIX70?d{#+ise;7X$Gm3qP?U3&LPb{rs7LJ}8y7o| zQb>3;_8)q~>ZRKC^x&=^vRuZ_F5p0m z$tNrpQWnfKNsa#WOi%vII;gAob^qGmom(N=#XY}6{|>Y30}q$!S%z-Ko~N?`m(D_J!guuYr7uH# zu|F;GDUO(V@s=Et?XB8aDt*`t#uki&&r$h=PfDSW*GyDA4O45y0FmKMY%fb8T`BQR@ z?U3S1rJMHUycf3}Xfe*`zu+X0KVM)Hpo{rbl zc7B9s+J}nx6JkT zS+ImYOCa9Faz{=7lG8EAHWKfBv^i%_x5ngSjmH!cedyjgch&eNsLruaW3s^b!UOo*LzMGczCvxCQzL`_R{(T*tUsdS?s zs@oa(^NVL4N9xT{9w^;ge}CAwG_Q!gdd9(R+k()#te(dF9HeyjBEygn8L#myJO5K?*!QY z0epH$g?%|D3H;%w*E8x6Nr=02r>HzBxR3o8bn#!ba&Pq{JJtK!L;t*7%lwP&QJVW{ z@l4I-LxwuBq-$--;X`4CE*2;ot8^;99mv$936coc{b*VYF{~@~@(ryUb%@Br7emj} zJ_Mf7Hmm*n5A>BeeF^l|+tI6j5)jLTSJX#{^RjsPKK~gGE8By39B0GalTa<*7HMHs z5ZueDmpg;-!L`Q=^5pZ^ETh6VXuhU1e2bHKXDkK@6uwK9QpNP;RM+RkdfP)iS%eTi zSs@VW>HLN#BE3tJtMBBgq_^S1P(qQesp}9jwGOu><)L=n(YCh!sR1>a$l8bTF%4c% zo&ykk@Yx0~X=@D)#__u;2@L)Wp!A|TKJk-C-SYv|eJVRNeM>rjv z-ra|TzrcN87a9hJ7V{m~1e7D|;&@{?kqHO1F?YSR!UJA^a@Kj`g-CPS7=q{0c zPg92A^{y!SUL%3D*W0E&??<>WAfQxFDz3#6v{5cJtR9b)^pm&ZS}q)ydFNYKXy~2R z62A6!jmKlZyw5b%YHBda>*D3{MMPCWHp%z`Oe+;UT~;*Zd!Wn@(>Q7XAf%)3kt=|$ z%?|_m+1c`!lV6DS4my)%=QB_LEt_W=!1R_w*D~|u_RpekfuIy0!S!moy?$^P(}iDJ zlHJt1pbog1CN*uHNaOW0hx1eJVePdari;vAiuMn`uLij49v2_KS#^o1NGj9=9_o>V z?AP#!P#w%ISW*n7N5-|%f6PaCp5C$|wa(-R+QoU$e7vj7vwLID9 z_^M@hYg+{lKnr3xN#sF*74TphFZ=Xk_KO<*-{Vr}uuErJYkK%f(5X3;@}dPzQ{sC% z{^@b{3aNtz)n8RO&+mcceq9y)hl6E39vLKntu}3p$NeI;U)`eb@r|3HL1<40l89iq z^*U6}wt7&Bv_CL5dvmZGwwRa3CnP9y%pP)>1mzA;sTe?KWHQzcy08CaO{Bxp{xf(- zWmrR;_5+F#UqpxxfyYewJ_+&>N>j?WZ$V4>;e9~RVS+PVqx~4SXVJV#%k00ZlYEUl98Q5LI{PcoAtjgS(Q)Q9yL4X(2xU|RX~rQ6??Is8gQd;X zeWOo8|93PM8vgXnaldw=7X6z&C6f0fXQ>Z70dv@if})Mo{ygG5C8y|J(nC|7_ACFo zE1$(?bn%qy>s}6q93gB&cX`tPYW>itGx#I=;%zln2b)rY`rRW*)sG(z1S3H#dwk28 zs;E-U~=D+&uMklf^$mW_dVXP?A3n1F%5`w@)7;{MVr)bMOW| zPl}Eqh;qHSGGqYvtP<)p==;6C*!QbU{YWGD)eq%6Q|nQ#_ElDO*uWy;*bCI?wKO$i zH$sNA{yrJJQ1D0nPnz&djW%eGBG~rckLDK*P8s?jmf=1vidD{TK+u1klJqgw=XC+oA7>j>yGet+ug!VKHf{WS$Xa(6gIvEGp_>{sQ**(iF2 zj?=l_YT1I7OHODt^itS2 zG5x{c8bjQ?j=6GFSwJX?JOwo~<_xT=1E*KAu4^)j*sn+h)%|IWH~0`{lh}-biuJuQ&KL zc$mbi@e`Ool@5=g#KVIW6zf)xAn}~SdupEPQ6o~u9G`y*L~&Lv*s2-r_Wrdh&rDks zH}2RuhvAa8CmRrqR=#+P=9?!dN%Zm*M#`BvKfiUnQxeLPTKOrQS(3BDoTJGSl;wgr z2Ql->eAoBSe)(oD{3Zh2kr2UO#$#1TKZLH|u-)M^AO;5%3T}I%VMzXIxZV9#=BH!D zVVq7>pWmM!?>C)=V`4l<=85;+py%FEXcK(dGiu^__lquvn$;{I3$M^J0<}X{+@N2s zNC4Hns~ZSE?<{tKA{yU&(|dXXp?4r*AR3A0c6>vD=k<3H9=Q2h%a+9fQs9(#ZsBZN zWJA7Y!Y|}Eg4lwE$Hsqj=;CX8f!Ka!*M%m%ZXC0v9TM>>P>aYNN?N22r|aQ(zpQ^! z?Upq?C;sz9{j2=} zZ(eC9y=Xs3ru-OjcsSovH*#HQOyB5%X4HQDdxZPAxi#BTYJDHzr||2l#6cgLvB;3+ zk`l(t!7sU>6mI5+nz>=5bhrFA%s9ftMq!mupAeSbRWg6kN3tIox2NL9SI%^;X8g0{ z3!;6ujA^WiD+FuQPZ|!noOhd5wwD)a&!ewwAQdJW97TV(TSXEq{|uw z^mR9rQg<8ool8K==cNdR{DJ7oM-M>O|-MpyH}Tfj@a&q-N~=w1jV3T56@oN7-j@+efg zj4hrYy>nsP7KDjaH}z=!OtLG~&`+YM)`|4+-6Z-ucwK`f2|pr#k!ZpRPjtV}KXMAP zN4jOq)}dEeAg>rXK{$=oQCMp^AQ+L zGaWAP1M~`15~E2qf09=#f)dK6ya1Fm^1Osz5Qx)7Yh~1)f_?s^a&d@+aimql zw3=X+ZbWpU>g{7p56Pc|eZqiE<2iH}Iu`~yx&j|x0Uf32@yB>VV_9Oa!_FCk3FE1$ zp$oz|I9@RQ!x}Q&{t`_n=m!>i9uLLDx$XKO}T*W-wtc7fF1mUh<`?IacV)(=;BmsSj0~5V0}cwXD4A!LWVd z;5L+xa9>~E418IC8+_$%zae=8i>_Zz)ig*hO+(QH?=Xe#`10ALH|}1i-cX>j0_JcS zj9cT#T(Le>{eI3O8`O5v6Cs1#phOM5Te$jo&hcxpR6vtxX5}Cdf{e+pdG_-kt;HQc z*dH@N=TZ0E6Kq5~*TSR}3LZwe9elcr{B`Fig9R%UE+HlC8OB=R#KP(gGxRC{o-K-k zZs~pm=|}RmzpkVA2T(}?&p)m21wXB|dTKtYxKZng>1Knb_9?j?Iy*WBkC zxb@^rR&C+4?q;C~4p+{(OPKDzBi|Ns;T>@Ot4K3RAM)b(Knz*?^kX}>UVg|2-OJ4Z zyc9T81|u)3P;ulXedXDn+W3Tq)#Rxk!>LC@u<4HuZm)GP$lE#`mhSbE=V6`&hqJ=B z1%W@U`x;t#ykdqfSmJKIrgr-ZW@1fKwAWief58?!Dpul1`iY3doR9$3z47WXkS}b>}f|Sa)_!{m}snT<$zc6T%@k9E`PIOP@ zvneauv)|)X`H{~?Zw%D1oz_^2p1((FneOlNP~^@9cF6A!(tac_WuBj1xnqKin$pc( zVJ?a@q`n$592V*8bIBV9U9wYh_KFQsy}pB5IWh1`vSsH8;i8D<^F1GvC!}hq7M0WR zWN6}pDXz4iuXlTOJZ75$Tq?h3oF_h&j&jG3S{CZYX9K(a8Cy=~?-N1)w7B#Vy-KRi zy!NJ<)=OwE0d^S51Ub9~U&Q#d=2Lc$&0!5&hTmU0sk}Vh$02YSn{&wDVhpzf(2%^} zI;R(8Voz3qw{0f3+%HyfERL*^#jBbQJOe@46>tzS3dJ$UMygl3q4ZuZF5-xX^@ z3yPdubne%WQTp}7GTyJEOIsX9=PF1}%$l?kNm1C-n^n<`@G`SoApgMRzm6kc-?#91 zw#5ue=pTmvFNG8>NFM-5m85qWU!ZmgHrMaNbfi=85W&Z0G#?|YecTZM&a1VkYa3Y; zJb9zf>#HTvr2OhzH~+G}W{5x}ib?)c#!k_see(OIn%(+u5uJCjVX>ZpxI8~@IT=G5 zUqYWWb;#_%Jmvf4#L1Hdp;;99cSLDMW&$jcEHd^Nize;b^Qe`rElVs?#8U01OfdVn z(|{}xgNlQTJ=2WtH>m1qF!NWg-e*C(+=3n&WrTB+Zt^_Rl7H#;Q^_(Q?AnF1#pj_+ zYMtFL6=^>e58z{)s<~30WR;M)6(mO5%K~Kokx?a5FCO0cfEHdFLG6w1Vu9RkEYy1^ zie~aChUGU3No1p*j`H|JLP_mwpf9y*ibaL?{Qy)Tsqf4Eo;Q6kvOf4mR<< z=*i&}q#5N)BdyANSvYe%pwBj#L#hh(5D^&uc~|SywEQ8LB0aHeIvbQYhIw&!E<)M| zsZfynd5xWMV;=42NIc1c;Snp@=+QUBJKV2ceTyJPKHlWi=R1}peQc$gMI1Njz*fCj z7u;#;2?dtCyfX*s!wff1Ti>p5FQ!l09lluznqe5SQ}PHS*fzp`8hc^mABg0$vm=Gn zASt2QCRxpE)ANvpSy^1-411{Zk& z2+efO_5JXRJ4TEBo2tg(`lrl*=3(Q$Gjq;Tqr${1I{xS8eABf$MsNyn_@8aHsuUF? z5cfVvXIe#ImVwl3{vqRy@9nk;=vle=M-q&qgR%FzIeYl53H#e6ly-p<)naZ+>tT-F zPq#}D_xtfh@hX8QN^?kPjt2J4FSJqB2W{buA4y<@sPp0Rh~991@Sz=Qx7BNo2+GtK z;h^-15%jcQdI|@zEPPL@^HB6``i!mDT0+c9^Zm!btf6st;78R1TR?NHSG??aV=;CjVmk+fWj!pz6MSy2*ZAgidS&v2ci)a4wms(7 z#a&Fn=3rP{pxF__-F#ckgYg!f_|DFsl@wwc$FDWq$Z4*79Vw;t8UQKnA4%7>r6>?Y ze~BC(MUn(jB)=(wf=bR`zn9r_W_M>56{Nemy6OfHOw?M7mD9)1vr*38=lO?kp5q>`%3nPlp^g7?e?3wecI~?Cy(C^H^ybha_}3^q$$Lt4~gFo9p8zN@9v5UlU}RYWu=( z`7ZDR05bXK`a@jejhId`MyXyyH00|4xCtMo5HHTkROyB@_^5R@n2tBTc;{k0pH=+P zqcf|zc@~hPK7K7SLkU{+&pP>%MuPAJ6UKVMf>jE#vm0W<9>8II_?_1`9Kq*NRCGt# zujoPC1b&0&Z`G*hXuIyW1;L7A(tUp+a{*L`*WqVeO4Jji*TTW%q7>qT;wBft9O;Sr z1y^EU-p5a2xM(qk50xtKO$xn;Rc}d-gEK&p`jveeqYsetX)W^Wx$?(-aWitIl+PCq zE0vn>4}hoen<%Ko=6U?Pwv7Wr*Qa&7XKEG%XXSSav*iSjl0E089O6WsLO8#pz<3Bz zEY1wr?(U9Pd%$Al2N2f6pf-W3*ng(=>B-11^{7oSUl&DRzXV+)T6NRjQHQ;wgAm?y zlzCrR6eI&(a`SU_9>I*fLL`U@R%w6b0hW#|JxZL!D=x(isVeF=kd_KR-ryDaA-Lbr z$xZ3h{#&Ybx;I_76CGp&)aTt0q7EhoDiT?FpeH~wb9E#?GeW9AGL3VmR9XWgId1fe7{`&eycYD53T{9p+dU=cM z{MnOXYl0R1^RHlYhxHmB`RkCw0eb4|b3t)46a(t0G{WA~W;qL|)b#2tJn+ep+4iLt zmhl($VRJZ-^@|ovZiV%!wzL@+t6V}Kz;+b)pN~2`*)I)RsGtEpuLk1->{&6=&a#mL zgZY$hqu)7FT2>etxe0k5e*J5XkC7KXwW&ipJhfx`1=&f)v74-56|4p-{c}fNA3(on zzjpJtu&Rz%;KU^9dz+2OEEusc!(Ue9A*jc%>(A!8YW9^MhJ!jJoGuM-#e7v9@Iie? zyTPQvODq!#64Z39mEDilPS#`LtZ7<8*494+^ug)Uv}k?<6z zpHY4f8|`5-Qmf>Sb=zO}Zz>JuY@eQ1=1toOAE#HK*(o${D-w?;<})g>B{lu*9Rsw~ z23Dc*)LUO)C*WOQ`vk~AOgU5(z5cOs_YM;%Wygvht79}Cd~T2^_mnE!&u!LAC6o!z zlwbD#hO#UTuqocbL9Np0GLTgU7)krp=`N(ULmc(2uP#T-T)d}Tz#w>?qbQtEiDwuH zSrGQH9U_Esd=3wp?EluGjL?hJr8Oy7(>9Y0#T}WX8Y45po2iSxy!y>;zvZk=6HrH zhjcw2p(s_r!}SI51+A%1!lhns+axqHNWzBFd*f?50H4(Z!M5kchbByKNzUhmXXlWB-o=TdE z!c;I?(9@DMrWm#$K24=}9*1&1%pvXWlS)voclM6zXPxe^d7YTs9#W(C421ijYoMoP2aCHN#!^$d3s z@qL>PJIYhS;wEix(nedk0r^BJ#8(#f`2iBj-|Oz)pmIeL9h?fiN`|HF7ddQaC7*&v zeI7%AVNQ|oJvO6{>`8*M!b~{FVsQ>M-;(p*-Im}7=g1cIJEd=)Zq!Q!j&30?AIxc~ zNsV8ua_6%!!ue(Er80eGd-)&A6p+F%${3=~{5js|f8H&%zXz9#JE1y?U*a#7h3Mqd z<3x21552{9Tx~qj28UwZ^AJ(VoshUL(;4tu7(?picK6k-HC7Oed-;HAq8=)wA1W+k zsvv%3>F}`@IPYoa!}!}bCx#;awrK`oZ$7ay$#V4#<$$g<1(c5dYCR>*nJ(-or{^Q% zXO8AiB`qlOtfMJHuX0yHOnvRJVbkB=C3YkiMvB+$FvBJL$ID?(SVs zVl|kOptW0xmyPsb-j8aqru`C~lJua_Kn;)&v9_D%KwNoK>19Nm<<-w46F3A(qy1-m zW+GbKiQOk@g^bsjfXHM&Zo1W9GWeqV0I8~MZZ3Mrsi+M=z9y{W&zrnb`to$@(R{~2 zpLFbdD9Gx?dagC4K6Zu&mI{0@1VVP|^6DZV#%QxI_;!5R$UO>HP{hZcFSPaNEztaO z5dPxcDhK#10Z~$2>BV+F+IQd2y4>n{!wF93@02#ib=kc6cyPNn@%^|5j$tm=c!QH7 zkBboU^Y}wO&GhnLHzdxR<$#TWrwK>}>a86YL=S1KAkook>$NOV?pxbN3*mTKQ--}H z&h4Wd1O6;1pV&XynO)J_sz1@pL;O+iQm_^TJP{rK^+&VuQsKNXY@5(D0pEqH;-3_= zP=6L|s?f~$^k~9dog^-otC|bsX*=-&tW8mtJzw$@d?`*AliRWYt-+s#b3?I4TDVus zl6q}nftR*h4iBHz&bRa^Qt!gGP$*I##$mq0tJiFMCc5_sCy7uT*l)_hHa({=?$dM@ zXS=CT#}n_{`|*S~_xPUJOd-svn{BlU;~ed2i3shE$!BTe7{EE^15~I8H@BL&GZ_UR)P3C=(Z@k#=0<4| z2pjG9mj$_qK4Uh(Q&q~)bw;4v0Y_HfZm+bQ`p@jVyd#gziwghPVM?M*AfkK_ZeXIU zuatn^+ja(f4XI>99~^sH|F)?|rM)>~y>D%Kv3lK^)SjppKD~+!_ zr=s7DTzvU>Fhs}kb#g(E7Xs0SbI8Wi>cCMuBI4(J!??yCM&kDI4dB?e#ZOo*>!H}E z-k!81U+1Zr9qNbmr;F8;2>tad*zn)NFox@671pWkgF z&sPDO0?HxP4UA8D+T@;7? ziZ6wy??O@DeynfMhfmr4o_jLq81k;GFf~bi=F3wJU7{h>2qmUg@+5t|`)pS53bP)}3)R@NT|6b1NWPPT17eeI z%2a-m9qWZvSlX;_nZn!yZ~f@aIv^WfL1z#vylQz@Isur84}Z}AgQw)3>}c{R8xi|D zmHWxWcQpCS^c<+L7-sB!t#ZD^8B{l$Wi?}wxvVzf1W6otz2x#0&+D+PIXzGDJ%n7t z(Blzb&@~122qdqNv73#F`{cFL(~DHux@ya1ex4lweW(di_&8iTLMJ_6klj7hP!!N` zFSHfXX;GoTU1ea{{_q)8|8-1nTz7)2^HY5^{&)gAwW9rdgjG7| z(LKECd=S@T>JQmo!s_et8-7D`d;cE5LpW{=gA7KRBIBWdj;^bH`@qqUq};hzbQ-5G zd`nU0nvk=s<#VEhB#p!B({;@UqFiK zPgm(x`jr9pG?r!6n}n*2>E3!VbJ`1Pd036ruc`JZNmWw3yQ!<}?yyEgB3_|~l-T;Q z==;3R9xOcs4s)W<##Y$eDv3v7yzX)Roagz(?}I5M$Nm0Rzsp#qqnKq+asDMV``Y%5 z8PBK@G^_XY1xguV1w>+d1`Vkef|b5pJk~qd@v20YBQLY1?DGmrxFZ?fh&`>q-Imo& z_CB-%DZ);9iQk;Kc(Zi3;)mRdRxPnhQ>F5sZS6HibGD9U=#2@K4=-!nguEIH5N8a$V>Ccl;f_f*KA=G?B zO^^8KOn#Lqil9xfHV!bHos{Ns(_zGLMmNHU!6KCae1e-TUWr9Xg;-g`)CP=bZL6E2N>^P$;iM`&gYhC20(9=q&-*g~Z>bh2KIAtw ztKEwh8@HEO(9p8D4}ZDQ^VK6QovO;+7qm;U@24hm0sa%eaAZn5v>y5w$XU=Cyq3W( zL;K`I*Nd^C{u0xJo9cFSOCHl3p~D7PSA$#B%yiV9Q6?IMS-dT5Ujv#ewym7q>1+kE ze?fCv7?WmF>${arVB9ShDz#u(BnK;d^+)fFL=k46`T60mw(H*+ zyzg#^D3O)UXtpx1f8*c5+Fs0oP$lMrd^kSew?Drv=#~s9xEeGqisNr zY15kfBzJvV2`oH3zI$@858D8L?y0TuLHRzd4HezzvH+J4b{*lJjLCVIZAsFE0jzoAzK5%ZKArnF1uGow2jGN%$*8 zkP!S9kVB99Q5qO!ZQ9=#z|-+UPLP99M@p%P^GdMNpAyWqU>laHi3Bb$tC zx4A?{tLvZ10)Vu>+%j10ZB)Wc#%DcW0DOlY50vxK0auwX`cBLP({z+3`F z%DL&!Cp>;#+fS?2`jTjsYVwPeeYV>}5ZI_wxMcf{=5q*!zS8-Ss=e$o3G-W^&p;d` z?`0oye_EemeT5?S9Z@V%UIlM3%=ksCakm%`Q%EcQNZja z8uZV^#-{|XFi+V1B~y8cKQcS>{dCp$93US1{tXPX*GTkVzVDtz2j> zuyAmIgO5_^A|RW-kx9a(KlSZYe?IFHLlT$hk)<+AmlIpO|Ol=nTNFsvkFtRB<0~pCdqB1ZZ^X;NZd$h#s z1ot)Ow)MH#Cv>-e@qXj;>*@Ad&7x0)l$-KhCK@@JsA3m#$sdb3Cvq;X$WA3c)H?=< zqVBu;Z4Nmh`*pdrWp(|n61i`gKC%g&8(N`_pxe-_UbX@3I^tHe_Rs6M} z`hsSFvq+!5KzQ!HIq52z*n%>H$R5o)-F}jS^QhS5dZi#cw-SyO>SO{g_wzWm)BAe1 zOnTq?OX-{h6u>m4TE+1QsWM}}6?+nQc~OJroL++%rHyg?+1=FU#4~3|CgbEx{eiv{k?)od-Ps|kd?f-4V=1^96);4`p z&=|nT7Tm^r1sxblfk$)_?OU6a79Wk+J|=fAKQ`Q9qY$5#>cnUHCJY&@kmRVR(uDh4 z*m7z&8-`0n0eK~Y^7!P}%yh7tT09Vs)>#n@TlKwh<#rf}v|KYLyS1?gpI8s2q3=P8 zOiDPWT3b>mTQ|b6Z`0a?3XqqbK7O3?iehXxI*;$kgieZY(XvXRKjZ@nwd%XPX~qu{ zxbmsen-F}SId0Xg>`X3zl9pT%JU!hHm;UA4M(d2W#ARH5Yu^B0SkOBH;AQ5l5k0s& zhq-FroC^cby-RS-SZUo;dJjEMh!8G!#ph8=J0P>R=~J?=h^Oa6baaPpnfdhg6)75F!E7#UXXh7&Tpj#I-qXo^dW~|FQeAO(M~F(Y;H=* z8X#WhU`&Qr@U+6sBZEcz86HA{H1>5*H1YWYpV(+$D5L46!3^6)gJ?bjnf?-C*<0!% z?c8o$OQCDAWD!`y--YMBZ;V7!vg&BBs#nn)9auGm9A~EMV!%zLfygJ_zuy&m^#LOC z&&Om#ut;Ei9vjs#40Q$IZ=1WD2VYfU|E??!6&e(J)S)6HHMm zh>d&iL|Bg}NLs3$MOkYG2K5()E#>*E-Bh^2T+FoHlV_B!ihON{bDcNbQWTL(`x5i* zWzNAwP;WslVR^D&jCwCsu)T1$09}DV0u~73F)|heZ|z7LCknpzT9ogxYt) zj9{Eu@OcuTB|8+s7p4>|irO&7Dp-q7gbc4XwCQ&?t&MMAS=RS{-lJd!y};e3Ky^RK z@8XC;ckvckxvZ%u>lWX#9t`X&u;20ev^@?H1hZfp;mfM=bjZUdE>LHQVovNMOrzlL zUg!3a-6rZ;lpv;^=VLLQKl+~U;in$)Nwik!`{cKkSvA%;0< z<~`Nxk@4jsjbCU3gxf<~95L%V-`3R1Eg%W*TH-LKB4Zmw8wPFGf?&DVG+h=laGGlcA;N@`lbBR+_w}A zd~Rizj8?BQw<>T{>y_%UPQmG&3fcEWgfGxk@$RpOYYf(@I7I2k{Ly)@Dl=Ebk?`TI zR8JgSwzOZHOB^c0es~)26f)2P`at6unPH0gK1QIuBR;w^z|5<7KwN|9e0UWH_~v#V zJq@pC(;mTu%g#*STD5;U(R$Ou;ZBy@oRJyL7$SAS$Iz&%C%Sswr#BbecE5TRvih;( zqUF3u@jW5H{GUgm=Xn9Kd^$wPMDY0lh5eM$tCzn48ZC|H zFzl;}f_{SNT5yXoQqQDJ;Ct~Xu(H>$eG~7)b$oY~^uwXRE{+zw(jv5wi8GIGx&wvi zn-Id@CzT6*eDLDCt%^e&X&2&>lh32NXI0r(I}yc*T|U5Qf_;bQFj@3P;@)phL1%v- zlV{PxtK~JdELGN^(ZoChGShhDZciRJVynu!r)y?8UDZS#VU7T08T!pRZn(JNQ6X?!)R#cLghCG_ug!$<)NoI42`r7DeN)$p0JWt~@i|OO z_1-0OT);_Dx!H&P%YH#L=$6{=d>3`wmni6eF89x+ckbOrFPg9Kv-v7UM+NrGs;&2j zLygr`4Lw`XW{Ai0l{luDv}!P`^z5wpF|7a}9{!R9Je+R7doNc#EIwtb%3>nEG^ni{ zRC?e3y(p|QD(-lBNMzUHRp0q>%rbE@szp2t4_%k59^;X49A#7>^Yv>_16*oF=FeU( z5kEvU#C?BQ6lRp614bOn*~BDP6*NGs=wJpd>Fe3UFMcSF%YVWZ$Ae&kPf(FeeCIwr zC<4%;ldG*C=G>mFIfK0Hx{}%RH~1mNg^C{7rY#N@VV^X*I1E5=xsGb#lPpNfLl*AW zuEu4GINt(mTIDlPy0x#SW0?e!#wFt{&xW_7Q=Z+-j+5U`{-uF3@eu`RjmTpmv$^Vf z{9(f>nP-h7!y+w0Qu3DkjQ%x*FqzVx4?(Q5zaRw-f9T-H&13EP-s;C4wx4^r!nRkr zNxs@jq6=MB4#oY!UKiMB5lfJc?c2TBg{MU4eU~DB{EnKPGa9RX7f*vQ=;Old3Yu*68N$gt}d~J5$Hovo)G?ETplJ{f;5sbGFxLN?LTMu0u2CFLugyJnNwj>C=;Rk zkEgs3cGaKLMrB+S3%Qh2^3B^gKD_$hhQ(s4IuMV3)v4_5nNQ_0r+7S{|J*XUk=bIr zN8C(+vFm!ZIflCk&Y*x5$|fM^-MZTUP(W7WrEQn4McMVP9Sl!pix@wB@T@r_1;qaPef*?vOH<^8>Q&z?U+ zMx-rh6#{mU6c>|DX}t;Eq9-`)j$7Qmgy2Wz>HMU0-q#tGoob+<9#nPz{@lwgnLh2h zx3E<3T=%v5H2?ql_GH!*BFcaQ#V5+Ds*j$GaGOfHx-sP;TOT5UFr$V6a&!v60R7nH zk`&K>-EOQIQt_+#m)rOmO+zJLxIN_TrA&J;SMAUJP-;X^eto@EWOEg?&=Vw(4&179 za}T>Synz?jm#YU1KNS5d`^QBBkv8?d+P)tLBk~?Se&u0(&hB2iKD>Yt*I~^W%;wj9 zVx=qk&xryk%Yw64^Lx5l|F|AKIBBkz%r&x9NFYMz{XS<;4j@f)Dj&`@^nOpSAX>3V zyOmpkJHUo$>jaal;}_L|#k(-%ZoZn-K-R0sFB+x*v=|Izmr@);408f9naN25xCz_KM+I_z)DsM@GAna1pe}0D=KbTG2{l;v z$YUfjT++kMKb}HfTgs|mwQ6=*W*n%Z78}m-(YJj>b+cIyLIB3b{WGE6dHDMco%+am zTJYX_g<4IbUKU&=>aecHARZEET*9A+PsViFSB@hX3cvm#KF$D`t?mOTBJOyigfsa8 zqzQ(1-qx_VUO~NTg2x@*?E21f-i%45euA|DT}23Pqm9wL%!lknlz2&g3kY30V~L<^ zU-235H5r)O20Jq*$3*6ArBCLTUlsn4(g3&%Yp zZnnTd;~a2e_Lo7q^pGPp=LF}kQ9&*tr3g)oCcKTMURA#JwX%X6wBv*F&%QAG)buva zQ0Vl#eiQTrPPYDyt3oYO=)ki(4Ko~W!ud;&XTl<_`&EC`SA1>!TNz>5gJ%tl8^Ed! zexeOKeF-1B$HS6r>^pY)bKyxrscPGMoz;){%miTcG?il9eUZv7ExM+Aic5(5U%y-qig&cc&Ar2*dv$69`6>+8?cHD*QT-O4YxB*fuV z$rF4f5nI25AXez|RpT|uhJ6_p;Ucu5kfoE}2fCq9!D9yp8H1}#NpU-QMG2fY-Tk#E zEbhvGp9~WxuBE+!6Pf?|XVVc}?=xnIJ}4)?m)Poj{C)P4NuR8Almn*@6yp)#k1VEeInMMQH$iY9 z0dw91wHrY*Onj#;Qm_R=-Hds8)zOoll_(sEkchu%M4NDe+=WF7js`;Dqu!7yOTXtn zEIRb-#qs)1mMuyDXoTk7Wc@vTt|3depSs9>J#^L}v8_^2N8ZQ&>;9CHuH4cV{WJ|e z>^OY--rf;1#%EVJc)42tXyw~~xbh>OR99UlrL$8r2tF)r?S)btvW5F9F#SqVae5xS z%#~*$?*4mFB)w0L6P2_&jQg~LL4}OJn-vt|f7gA=T&Cjlynn{$Pz4<1C5r6h#ZF^Z zEOYb{22wjHb?puL!Zo*z~-_hsHTTeytSxs>I8AZ_yy&RrZXEKE*!pe{Kh`(en zm4B9Tpex2EdckAAnxn&w8G-L!eSE{?>vmEI=)%nTehwMD29(px&wtHkxGQ<=@3y&T zxOQ6?p9>-rLJrp+Yj0d8`n>O*zOX+CTkGWW=+kZlWHi_;30?*yLm{MbA+C2XiOJV< zzuI+F5od89tm;dr(=YUf0FE#Zfr0YPaI?=q=FzP&l=3Tioc{(Rnrkb(PX(chi%ycrcgl zC-|^zd32X|9!2`MZfkiWo`*m3Vrl2+plP$Kw*@zvXrYZ}6jixLQB*ZIsB0SV2a#K= zUGq@;>J}RbB4-Ty0T0@RmQY49>gk=2s`5PkwE7e{b4{cLK>e7&b=ihcN= zH$eD{X=U2UoYb|t2a4D0)bPn3ox*%TX@vfPY2)tyKaI`Hppg9*i31rk)_+!?Jr?2T z1;k;K-P!1B0cnK?#EPtPN1|(sG7o~*6mWcs`{ED~!Rt$1p;&nvwGYin-?p&v?SX7x z{%*9=NC{hbsnYH5Y8_qC540cl9zOBaf99^Qa0nt$7#w)D_CGOt`)+{z(EGbLHRsf? zIL!g$co2BKdD5^cEtQPyC4MC|^8!J9iaj#|Dda~^Nju_hjjhIRuRW zwzT6tViq<_AuAOOEb!{3Ed4u1x;`HiTXwN5Y!|GD<0bcVa@`J$YO4HT4c)Jm$}M zv`^kRzP9Kd;+RspNX-ZGKveKx)DQ4;#`D3!IqHf^&jPx9&r0mEZ#dvd7mr7rRy1PW6 zNe6eYT`I4;1gPb%vJXY^@AHej0)KaoGW{_x=LuNLsb$-A*Zb$;~SEQ-AUSw7DoWtfN35l=XvbNo4`}ho|hz4~H|@68kKaE-P#>`P)(Z zj3Zp90?$xp0vcrS8acfdrw-EVnx3Cz!zsh~Q$p!3h=NdjzA+@*PXr?Yx zcnBXF@dzrjtu-Sj&mU`;_;CTFPdN;q^32)EBBi)eUFo1Jt_W3^Fq;7aHmdw?iYI-_`YOMs%lN;f^ z-k|YEUGBDCZ?})tc%}Q+N|1qx_I{@hjTkh14G;$cMTNHAgrF@oZ}@P%&v60G((|D! zi*uMa!F?sp{(7Qj7@FVNF?~g}=B;N+CfLFfn2aO$cmC0C_R=>}+8qJZGljOjQ2$)u zb%?kNL*rw{3Z0fpKQ}0RsKUyriWZwwf2jlk zo|;eOYIw)JjS&!Sg> z!Q8CRl+w=%(!u3}*i*56us}s8hBkn<6&3X3w#Vh*YqB4M5u(3S`*-n3gH@iFiI9Cq z@@MRDCGJl*b-(qbEVcv7JW2~Tinf{?%^8^72@(L^!Fc~xS@323!NRriP592OC6U=7 zCaO>IP;W3Ufy}T>uK5!!>-);}J_oYD+6dv3dk6*NsI!2w)>$ce<}#fWZxJy|Rg>4* z%f8d5{G*`lyAvN`t&@Ht(i^%PZ&em>andFhTP(ZB`MW?M8L|xff!IO8ZuwZo1TWT` zye}?HWW{BCb&mXOBdseO0>i+1hAZeiW^l5E5a70yQp4Z+GOlY_eT zaYmBoHtS_pk+YzZLO_&!$`r0;H0%>TrQSovOC}~|}kct13fyAMpkUStGo2idmw9Q7^P&^`3FVb8r@m*yW4pNd9xh+U zWy9E0M|EEY)UI~RbIX4?JarDyNARGz`*!$IwLbLQIV6_x_FMu=yT=~9f z;$Y&-+x5MmUk&>!A2281DaQT_d6#GS6FkBOoL)b~S#=JF_hTdSZ)+~X9{FVG0(<|NMVJ@w6 zGPg5s3)_6234|7i?M9tm-#zao*d13SDL0N<97|Bc>-nxNl>16DZ&xf~AL>D$reAPA zWpvzb#&vgfgI>+S9=<22DDV9YN2PuB?#8>As#M=*4<|3h^#%YGKpj5-QEq3Wje_e) z6wm5X`Vw^5+q3t~es783nY1Sx<8<9`hZ#BVPdXHgVeCmx0G$p~{S3MHe%JR@R`m{& zFpyTzNM+CDtjl5;Y|4zk1QB}F$(01+eAI@6f|XR_Uq;9Wa9PBmq8$VEOl}~8P`it~>FuFxl)iRtbaA&U<@B7)7wimKX_4J^3 zM}O72zZ}JwZL_6+Y4viT?U7i2z-97{H;C&R4A=8Uy@~|_n&Fr}kKA$_Q5yDy%^=Wf z3|Sw-cik!CLT-at^^44tYhTpLT#MsvxLzhTy7i&=l}=+;z*k2=9FlBMzL(1zqe-2L z^jdN3af0AtQsno?DQgeu>tJ-DNgv@M4+THHWOR*1xjzbvUwVAQ@d?7(R=V)I#oAkc4r&Va)TsACphTc7>I zHd!z*Jy5wP&_>HU?=8FrdktV*d5E?=6{H+5(wCgLCr8=MvbXNJK>MjSF*Z;Ak?v*W zTLF0z`9wZHyekwxNbpfnbr^zDZ6u5Vs0UvB5F> zyV70@Qza%dA5R`zjo)?mW`j=1gOLswE7JW!sDir!a_KTTQk-y6offx@h>DD+hn2s1dF&G~_C8 z4MEO6S2QkP)%Y?OetxLe23hb4tx1XAW^le^yb8Pvl1Qp;lB>VK=2lh1G)sZgE) zjZ3pipQllrkS@(~6+99V9Vjxlqw>GyGeY~StB-q+=IuOOo-x|*N|YB?Kp zqg>_UWxcEebfth1{zf)iLmAreP$`S(;0=-c=Dka4OPk)SAE~x!a`Erc(rhk@BC?S1Zh2g$ku1(NQqq^;qztReFSe7F8qv+QjzbcP+F-QvBj>$a)wj-hy{kXB<-2h9Go1^KI=zP}ca8{B_`2#tYdCt| zVy~F}`fJ|NVGuCP(7FlE9cvn)efHiid^lG{K&1v;6yPxTvAeEwyRVAljr?TeCA8%WH!gt3_!DTwy zcl-*?nC})YYI!r&pTVFX^|5OQ2GmGKi(oi?e$aDuLXkw%Z{8vZhQIhPDIb7*g>ouB zq3{N#I}o?U1$vv56DH_~@VOBXt6zR$T+c2eM$tvwFXZ}@FAl7qBjxiI*Dh|~XYXqv zEyVkT@5_a7HssR7XO(3ueFE_EEZQ0+>>031#z8YN^6j#hDq3su=bV1Wqf~aGa_`8) zPFt2j;SL-1tF|4&ee87wXJSlAjg*Hc_nluE$f)al1YwZh3)F#8^F!sVzGrx}%5a#x zOy@v&jb`|Hd40T3Q&G5nllq#@x#kDFC|-`Ac#ouyaVJPPa$ zO{}7@kEFUyhD(qqi<&$S#3FzxgO;RY92z2U2~YPgGjUe^3HhKDr?TmsKG+59>&yp_ z@E2DTh0)%WsNxShBE8)graWWs#AEx>-^kp`rvSkW<@gqg_sHW}hkhv5r$hGotH18L zM=!d&Kpp#6&i--=)&2f6AGe6EVZU|<-6@nFR1l&A2?SzrI1)XF&5NK`PK7r^ej6;c+mM#)Y|$K?Dryr zt0Vqd{U8s%=AO&X`u$UIx`x~jsPporq+f`qP$LZnnpQ&ZKZ@)1pe8qJ(}1@buj1o- z$ZnnhzdcRf^-p=;VMPxDbESQCT%6o%0LSU8`TVPWli*1-`9RlcFFQZ`{+D_u2SBLE?YO;* zSy_e#69I-5wd^4a7(m!;!KJ*fDPNJ&I)iS3aZgHdfI}Yklz%=1qls_Lq;5?hFc3tK zAAr#L=~0|}ogwh5UcL<+%(mqLi2*AReotoBV6TRv!bTM&MvE%2a>=3? zG1IA-X^prI>W;ej-ZNWE0H3n+8z7uV=oD+N`Aqy`gJA2ch4})CT5%4ZIwXq~zA?)^ z+Qg=BrHXEK$sp;&vTxJP&1TY&@}<8%@rygz`4!~yp1V>9A;5rAr%3i+-KnhLl?Rde z?zw~J;g6t#LKd!_uHEVZa;lFZbVPT#Ig7; zrE%X+nRf>fQsvsar(JX9wfzJ_ho`80uaGBk{AbBBm`3k%`?#$*(!}iBV|{jI!t(5_ z1w#6LujVn9(IX{c?6{K27K2Q(n{T)h=p{b-!g`$$Q6-}jZW|d42*OeW*8~TvsM_9R z*k@eT$80@Bp2mGtd?0U?-2H^ay&JB!0X4Gg^UFOy8Mek*;z3c4SCaSj_deLDp3wpW z%&vAzkt2Nf%#%Zf8Q^qPo&}j4u53)Qn$j4#>;IB#r`^Y*!MrBmZ+?7A8JYX8Y2vV#vW5yCAoyhe1dqEY8A|15Cd<(7)1EUyaL`}yLa!L8H^M7o zgreLYIe9Zmx=UU`TGF{(el$oz{qSg8EHfc#Wx<$RG8%?uN%>?7v;X?!5|4IP?Cz@wT&~+F7hREL1uL+6!AATYh01bHNs!#|vgrYOwphr=!^Ze+mRd@cH)IoZpQW0GZ zRxc}Zh>k!Z4Xu&ir^iHDzzl8W@rM-fg&`|3?lt~e+!scvupXFDt>#FWu`SE9y$dFV z^jQ{exMz|F4Q)yHZYCRqpYHlHV2f4{`1miE*n6tykv^0!8FD>AP_@v3EpY&oTzO*@ z?p|4}!*%P1U-SJnK2)%0bjfsXxi~ysGzGw@87tF={NpOw;Woy(RExG~j~jJ2His-@ zQbMTLK&q{WGuw3O=hQ#K2$GnB5?uba6khm|U!7cX+m#VmEtMeZlc%hwK*L5SV#SKg z@%^5QyfxSW(@RQE?QJ_Ya8)^-N$6yhi6n}|DJxq&`URuSFTUmETi{F9cYgI*NIj#k zG5I$bu6hW1(yibYB3ur@n8+2^(e^&J3jgVCSK?r+&i!Fl371<|D!}I;aDT;*#a8(d zs{8o5lV`cVoD%-Z4fp(ezD>vbSWkdl5&{})P>vp)pO#fZ=qelWJ*Mlv3nDm^_FL#N z*HERvyU^|N_?xi-#P7f;U#Tc0p9c5w=5UY4xBj0kk=6$^p=dd>PZh!3A?w0=MzcCU64Cs66w zw1jWlFGRFbVZO%grD?q*Zp{03st>Wrz7EcZ|3J1BJDT-7hChUH0|g1gKwwox$iE{f zqb4Za_t3D$TM?1?#dL3aE`qM|AubbdB|%3(A=EBDvv(@6DZhMI&J{m5tz?xq3dxS6 z0mPyA9Q0WC#0@{d*sia&+4DN3dFCB-HOcp7xno~eSwem~t5;!@Zq@)_!LOMhE817~ zqc}maMr9qujf&ScPlT6zf;ZG(lQ5orEAc) zc*sRC#2~?IAP6iNiDC^0BARV0i~l?q@kF1JDnovb5d6gd)WqAiBfSc0T~G4<$RBu@ z3=eAm84H9e2uVek&`D00FDpR~X^t~cC~eRj+A};*+TS5QpPJjS)t~GIz4UI&xwE2A zHGf}wX;z>NVs`5Yf9>FTtZzX24D0LAL5+Z~p%dEqea5ByiktjJSeFChlL9oSjPuRB_u;*mDr}6u{zL5}rEm`Tn+# znc}Ln2#@N^_QK)G(dvB!T9iI+->b>}uuI@i0(a0YIa?;%mPA6z_Nhj)Z?$@-o~n*v zqm)#3wcg+DK^**RLL~9%Y`M3=7XnyY@|%7=1`Ki$kjl$o_svM#^&R~}UlC!#ZH)>o zwVPIT^iewWk^R`XkKHg_l_fr9QUqiDsjlKv_eIzZc>Z2IGl+59(c_h-4wzWnqiJf6?|j&PMst9mvdwtvc`O?YEVaR_H7 z%OEh4&jajw=?t#u5u8?THnt?U_Zw*antBsvwok~6d6(~M`5pt4HYsN7yL%x-Z$WuM zpBvL(x*v}?PEs$a*1v*LG#f^8@DM4bgerWiD&G1Z+_l`QI=e;PW@|{>&xpeImEddGwI!9vu9At-U7@S zpF0)%?p_*l>D%EOJAANmu(XevG609&32Vo$4~4?MpeqQG>=TthfQipC83QZ0m_9 zH=ulf+SJa;b~|w1$G2>$T>Iw$GK5rzVEAYW*(i_Y@u$?Fn2@wU0(^|K7BJ<47kO2{fQ@c&IhyL&(f9oQau#+ZrZ_~RxD+1<5px?`=TRP-e^OjP zlk^r8_68ba;3-@0Lm0*t)#czX%PfF0t)n3Xs#)Y3_Ej(okg$Sxh*O)F8C5@L=I8-~ zYZ1)VT+E0nX(Kc8D?GxMx0^o=axqa*TRW{O8>x0gC@}XS5p>Z$xza#*XD8!Z{+M}uuh=@yf95c#@W@4svA(S zdHk6$5X^fcFT|h8?x}#XRkV-9{e;Lc*Zdxj8M5E)HOF{BS-w5sOo`}R_tfwmO>EHL z_xrZ?H3mKlAEc8~a#i&5m@BA73%199Mb4p~$yZCf8Pd^!r|+M_ndnA=ST%V&yxwHX zm%irHM@*(j%>+tW8Gm#$c()?Jfv{AY)|tN>@_t1vC5-1W`kg=LnQR`NWH=GEC@t(% z@vNZjC+ryX8)E_is@lNhXFqn3=$X%s z;)O;fMxm!Up+SFh#f0KX+l)z9MX7po;9gk(gZgt9jdlXkn;kMn&upbWI;c^De{tTu zWA6flpcn4*e5~es1U|$00{`vl+Q*r~4k)XHBKr5SykgY=ZR*Ny&f;a>FJr;O3g{7x zGR=j@!^m~wMx>%w9qzRbt2|seC_JE{lj1z^>Q^g2jM^^8`LIbHoV}S66s>1DNUciW zgqDK{6SljuT5~(JH8kSJfQKvTw*DAf*$V(yTT5c1`5fQV+Dd43Uf^K#@`UaT$+dl^ zy-@F~mWf{COc9C)>q}GY?4d<7)LGi<$I7FZB`==^*sx}#D;;_a#dl}r9b7iY{>>@B z2g`T4U$gSje;YS?NW{yxR%?j@|Lo|YQAK!CK3v)T<4NaxI!gk)g6Bvw`|It^gT3}r zm@*6u*u?Hg{Lg_g&qMXzAPWX1f!mtazM2(zdn9V(le0lZ!$op??58(n7DLGP{BQkS zkLv{t@d70Sa(TV<_VyziNO?NKMc8f?m(eF|2j4@>$XfZEzrs|sBRZ0}%ls((&{8mBjzNl)%^p5^559QNp6dj)8m%%*#(}@2a#O<*0?-vZ}4Hn?q}2v zjFv=FAYUP%=&>61%DPu;`WDRV>d<9M-u?PQmd22aG}HY$Qgr!jn)l5_UX+jAc*6YU6uhF! z-yVk`6H9$%U@96OdRHq_0uTKl7lD@+^rLO?oB11&N-F;@$F&u_VD(>&v*;CAx29c~ zeRaPMk1h(*2jn=H>f+?S1@*1hA1k4;96jg*tBG+Z^H)?Wy;VG?VGLtIY~h-)LUPt0 zpu>pyRC_f&ckBGO1G*Lt!Mro!fO{$tZd{dk z&qnfy=It4@?z}#9=m0Q*=cVD#fBsF|7PX)DUm#L2ZgP>`cA8)`5{TcKPkL`Kd12kR zCx1&DQ;pdf??D6>tS z6Y&{3N3?Yekx|tTc0bvl4X)q!m8LJj1@_KgVYM$G@iLruvqSzF9o>PRSJoeH@;*h8 zori|+bHtzfVAA0i3aBz_4b?e2DzJabuaZx|`uBR)+Az`%$|aVs=AI4h(KIz-iVmfn z;b|AVe38TDmI~fMpNA}_Sd9^0I?tvjjc|4V1FHY|Hnyia@+IP^)%H_J*IR4@} zaQk!w#R}nMqLN|a)@e{n^-wx*;;IB&0P6*S&G$E_T=p5hdQ}L@n1m+B#d|`-YygI6OkpXHnF9A_A?XY#>876g1n$Q^Ii`Dc z;yRxhWVC2GfQ(4J_xB7(_rKylnJ_Ilk1iSqU1 z%iW($@+u`!a<1a?2>n+)1Mz}+zf;bs9bLpLC{NS1(GNOM40dwfNP!cA8|3bXV7h1H zsnsk*43rISL~;Y|TT52d!f*ULQx*|zpnd9xTvW0c3Ro9cJt$N3(UH-)|$p_{=e|6}Fim2&+zAp$Hun>w%3Fbj}bT}o6feJ7-w}ubRPjQQ~bPIt2 zzX9HXtG>|s%Vv>&YN4wJV|~;#bw<09^gO)gE>VI)3L=g#d1&!#79vfDJ_v#!|9H{b z0GajS=5_VlwujA8Y5vj|N47j0Cq6yR-y`+(Y;Et)w_beNkK(JjdNXdsDkpy;Gsk0& za&9|F>1HagMW+xNXb8ylC#Pliuq|Erjw!eAA6V|vC_nD^g_|-Y!YBQ-#sO6@$M{4k z8_PvX5gB0>h%uZ;0gXLiiV2!4V$jWAkHi@^q@==}d`lTor>z7vIw;~E?x^_josMVv z1nXcJ>G;qriLL@L2M1~8U*(B7HSOIijt=qwadeP6@|C@UJBURfUkC{u+`BGnYY{+2 z+Y8qLIbnUShkdX&=tWv5dOp8`+Y5-3Ua(v#NT^$zwBK;Wrleze&fYXX*n|Ips?)b?r&H- ztqk5VpLf#mU|1+zKy&j)?eCe1)>ibFpgzB99yBe)M!dW=wCA&y{;Wn*PTAY`%;#OVsS5i94@et5&&Ip*g2~S~Nzn7M zi0;v!58AtJu=M%$738Deumw`1EQZF0p~3iI&+zdgiT`$VOJi}zJAv$@HGc39qw8M2 zoVAJ%EC<1Jl*YGI=Kyp1Pt~`px(4X<0ZYW(`u3mTr^Qbw@)ixOm5eob^x#AI`hEol zsO~NebV=^t=hLSX9|Vn#YVu1Mi0T086Pjx#@w7hD29K2a|)O?GHOG4}q{cy-Y8Ikz+*hWyqgE?HTTYRbC%RPFIkZ0ql7p$^PDRZF_$e z!)R1BwtYg-^mF>RywOSm%>`)`!7&KRZ&^KoiY#Tb$9l~w^h5qCZd=H9)6KDA-F+3t zHLj_<#kB{JKHp+IC3}30#7J{Fji|w}p`I~0=c4}7CKV!NFIv=L%Cee}0mhQ`eT?R{ zfRzV`;dIZC<2>5VbErsvPq1j@Rv;t&fGoUS0kx!k5L}w9URs#6Pzl7m6anHXC7O@> zHD*3sYTQwi?FnyQqL2388&)1Fod?`7vJEBI+qOVi8Ok#6 z3d@=Kgfujv@_@PRqK(hUM~*5d@OkjBRK;dMz}EpG2XM=yf<4tjU&}Py>ngj=gym=K zzMK9*wnucH!QAB}l;g&f06Dgm`$&PP4XpXhw%B2rr=A${n zai)q-LC3vzs%&!K7iAnB0bC5Cle`C>`F2%S^KL#-q;Z|$*`{#;lP5B@cyT{V$(^vD z@3isI%wk-@nkNg?atxZ8mraz$;owg{e!{ zxzWyp7u+w157(N^BRpEq?zM0~DamJ9Y}Zoklf^fCauMftz}h3@euIiiz~0i@->UpM zRv_AktY-<+ZQ6$s9wFVF?>8-Q%Pj1KbP)hjD!sUO4H!DvyjL93oYSWwy5(XBho|*+ zqCe>qK7ta}F}z)Il+{?fEfX)fThmpP)7i}phk`ikN`NlQu>+8LbPIcoEs57OE2-yz z1|nP-i-)paO9N_m*8QMUm3)K*;^PD(lYI`o5f}G4v5@)kUR{Iv;X)1?6MV`}Dt;LO z+ptI+FT4?y1=2m)UXA{Cs}K7kSGVrZli~m7$$SiW0OQi`0hcEsf@FkR9|wL#1&ZHzS)V7cR2X_c1msuC7V9C9KQe^7A=!g=tt&V_2qH-WuzAJG2CrKL$V!ky_7rJ8Cj8r%NVOVw;aSKxL@`)Y|!2Y)5JQ^8mwZvtwA;rf@yE` z>0%?<=1B^a3)h3T&tQDqJ%*z-T2UYW33I_OGQy+y^*;{u$4U=vVx|jSaP6OGqES6t zo_@E;7o;f|_4~Z67f*rqf%+udbu3SCxPP|&D8i>FMj$5XS}KVTo%OHK$B}&+dEn*O z$g=SI>7lR9S?;xr_Td}dI$0LAIPE%JMKl1v(yI3eRUF?%a^BC*JHUeVFk?p$P;8mo z`_ZE8xhv-j*6lOgqd#ng9bg%?@#a1Q>P%jI z?toE6uU-chR*O8)$ptJNT)L!4FJlVv&K{riV}At%p>BssU@*@-&IkYbKIYmr{=qg? zzWtz5F`W3DKpw02Zu(Rf~c(|ljdpMrW zjP1T}u;Rq=Bt+K`&jAm&<3nrXntL9XfQSZlzc$Ga{O6RIUK50ZVE!^HT@TFo=_rpQmhVsy2s zw@JaoT&1VgnVfGL2{!`=q8%5a0PO^8s}jooQNs4Bk=Ho1?Cb&_-RqNi>E+!D`xxI(3ve<=?KBxI*(Dxe#uG*=@75iZRQ8nd z8ub?aWTCO=Pts(bHK*d=(jBknQKm8)3N>PH(#z|~^T0gAD=r85sK<2);SFjM{Ac~< zI0LQ@h@m@I1SD+gYkoQC-_tY^z5qXgjA4~zjd{7j#1dOYiTu>8Nv%y{r0*v;Ip+y& z1%HX3i|3_4jJOnbAN%s97&V6^bAjI4=RU7PE|QsTm0a4}p4B6Yh_QSMmR=!f&mlTO zCND4l=YR_O65UgHMGkZR3TK0!1c`DRG!Br9Xs^~>IcWP|TS0CEx4ypFK8uv8l#rJ9 z>Brscfw?-7EsR;%Ju=iO7@8`IcsA|>89lpsxY_*u?Z3tp)w{><{haAwz5(8S!}l5=PJ_Yz)Ea&`tEY@u1 zQ_VdW#ptx%BbwcS`b^Em=DCl!rq4=3~9>l$23o?e?t#miq8*3mEyZeOu$`1?^jNn z6nb;}$&B!$%n&}B%UI|F%V&@7q{!61aR0$GxW7->j#nPkB#mQx?9vb4i(PbE;e^M= z%PLt>q%GMuYvdbV!#+TE?$cLk0o|AFKxObHr`*R=^ZPJ@USz$`iY7uEOxfzurE67K z7pH^)-yzK=82Yq`lk`c_!Dh(zn&shp4V5`7pD+|h&JOm}d@ozO`0hhkekupxrPObz z+|N-HAbI{I{^iZ2a`p(oAiKwlf4{u$x`eo4q_qF>btY!J?x4s6yQfL6s+srg{FZG< zMeGWRywJF?aY(f?)7k>9RjgOa6a?B$dPmUJ)%yM9z_u_rp2+WmS@n#$cF?{zj;3`l z*X!EEzF$VNoZ2aWf1Rl0t&C=yolA4*B&1iUL7DoMBV@u6+Sz(c@0%pOvm$%k?L1DP zL8<1jXMf>b2vpEErFuFwloYNyo8`Q4hFkgPQgjd2B+7I-HY_j6-dFD7S_qRK7wbTq zp_@eXJ(w5b1D*O0mji1T(GW}X(&eW+7tE1zjKq`EFZIiXtVtmZwVU!VMA@rp@#%mf zle)ns4a!^eA9>vcS2SVC$_Cu$|uz2$2r{&*2(-PE?E6ebN{Sv+K5AV3HbZJwvJhu#Ac6^~Tl?v8OTuDo_s9H>RBN zvjMJ-3auUhV|Khar|$u+S@ZNz(P=*Duv@9o94>eUn!)TMCT3vBBf~hR+I?$}`1q6+ z@WW_XL;N!yPA8MqwLbNQFh8lQGwEOl9Zq*ON&;x^`M2VjSd@EyVtmUzGtBA6|ImWW zk8?BRl7F)ym$P3mltlo%*&r+bDGjoFM6p~4D557PGdYjkUwbCgIsK8jg+RU1tvixe zSFX+FMaw+AWw8$r_3{D|K739>Fc`6KL)afXFVuzAK@6w3Q&1^-YOhAzW6)h& zoh)FEKi)~IB07l{r}|h(vp>5weP6jb56yEU+<82Lg?Sl9aJbf2k7z45S9)tSW=FE~ zOY%ff?=B_Gt>X-tWzKmcL{E3WvXzEmgE=atEtbeV9Cvj);5Dd2Vu@TypP$d&jxXxr zUDMNaq`M9AhX2EL8Ohpjh2dH5luVW5M#dZZE&B_9X&EqhXPMxY^DU4{lM{}2iXmZW z=Fr0+@02?pQLzcc0t752|E1~rtXjP%Eu(Rh3En~yj~XWA<*rcZdE~W_n*9 zv!UCU_JAUtR}!giKfbi~#rs)fmXNoqWq@rV>}XF*449+~F0tr)8Mm3Ily4a8l2@$b zh?Asb;hy{f+_Kw2EPqf7r@bI$d?~NtrF~n-_OY_0aWvL5Krwg+Z-ml;A|C9=?0o(0 zb$j<@?_$})i%c)LeLO{PK{B^f){$=$#-=d(QhwX#5^)OAkXXFI%f*P#xUA8W?E3i+ zA$!@{p=QUU1GME6HV(_I##D{E>XwGgdCxpfo4mNJKMMKnz*;nfpua^ml~$>jFcko{ zeZG5dyN?g#P^y|g$7{gt^X^fLgSSaTB1K0<@(4yR7#`&!Wd0J|={_JnZkamYjanaS zbGmN7$XD7rexh7$T0y9aK5Od&ab{?@IHo@(WWgpP?;pY?&^$UMIfjd@u$S>JXhr9p zU$-h8c+igB+JmJ3@~Gd!BjObp72N^Gzs8t(CMe##B^Z}k>ZMG46%Db& zCwmCj`F#5o8^mYV#o*nZh<$a$rxaCh35R7RA%{g+nqk^|<=HFHVZ#}*qJR=hVkP%@ z$YC-BsmMMaPA{7$!f*LZKdOtRl&OQCe@k_KUyhOW<6xbBjRk#D_hV+og}CqWy#VuR zwOT5gT$>5C79LA4A9u&}D$e!M$%cg>HiLN9!v$uLUFjb?%WR73{h;T}coewwu3AocoIK2v{X+0W!a=t%o4Qd*9_|qEZV1hQwooM8a zk60?V`~CIa3!SA)yh{CtR+axAmGSegULm}_wTFKddbW!oP|#TR?Rf0dpV!O1%Gb!o zl8Ip+O3%d2l^CTI6o^|Id= z(a6t*#1{cnlpKS^M~8Xz{yugGP{|%tiD%Bq0eXNcS-eDHIP^f^AJ(VepH|vAFwZHQ zE4~So%havG%LZyd-Ma3rTCw!CAZu1?G#yyiJo&wn5gDb7ZstcZgDi=d_u1QC7z6U- zKBGk=rbP@Q>DG+`{gFIak3@iY=oh~`$c%a-Z>po?q5T~Czs=QQF%L7S$w>k<@LItqN6Kt zMDN7q3*8JXXl3cReLgppU-N0Av7=uZpV&M-K5A628LDGW*A*(Lui~5k3_!rJiBjtT zlRX|9C=7*4?jMN!xVkPI@+n*C8`9?GFwg#>SGSM)rc(xrwsCXXdj|mv|CQ(P$?fTpk^8!K6&dY} zi3jFrr$52HMrxmOD2;!#NSpKz>^3X=fXNO0N$@Z;2u?5{LK<3+SZYk`|gpO`R@?F-yhfG*Es^{f%pTOnN-4c%F7-qp5wJ>E1$ z)6rCL*wbzo|NE-sOK+w4Bn&n9T`H|c-d+1(S8i2VlY05WHu$4 z$b(OJOF4-U-cH*~S!7@aI+PX7UQl2?s@k6O;Hz%p-}~AtTB?oDgMO$fZ7cl5FDDAT^u_(I?hjZR^7-QI8;H>J zMIFAx%dUL&RySwk4q?_bR&8@1F_-xHVbE_}ebTMrdAa4|5$oH0Cs6QH#^<2(%@^Hp zWhafQqbNFeLqKf^0aRKjAQLHgg(>ho?cVWCI1}zsBbJzJyoZu^9o}GzrMe-DYu8*) znoGScnyWS<$uwK6EKuGnWDjsZR*4iiXKde9t6<(B5qoWBf9NitCK}w{r3&mrPA*5- zWP$P(>S$h2{j>FQ^`k{8V?5Q&I&e1srAU~|VL9MH*^X09cF!!7*V9QdvfXa*I9wUx z%3-_(LT3kpOE2=*7l&YLK0znIo*G!OuWIU)#NkiKKS+FWaNpf?-lN9)FpSIY)!&7ur~sy@#v!ejeDq@~IEQTIqngd@6kv zCJqW1vg&3YJuhT-3WKznbNf|G{z%35-yYYMyu4xHus*~gp5w}n4qSD4X1_;UK(g*z zxIK?g;v%$%_g-yK&CA7v#J4hC7>UQ4QGSkraR!u|UqVB; zu+{qrxIxT7A)c|4qq0T8fU0{(;^4)lo~8Ou@6knrL*9W7i5`lp0h|I0@!q zg}a|pX}A{U*EyvQ!~xZ2V+s1{Ogv!oCROdh9G3TCb%+c8pA2SkrL2rBuf6bNej{u` zL?)xpoD6-SQIpT1apd=vx(ZQ_PC0E5{0~1v?HJIy2=a91BX7?_RM)CL!dDsoX6q%? zIBjQO?suWbR3;;j&&98T1;(1${mq;XrgI$>m8(i`wz41dok_?uOoK4z=)2e)`+Dug z$hik~taz7#=>PJ!fz<%-_hkA&EormFs2B_Re5Q>%41GNBr^>)OP8KQrvJmhjLb4{cRDg7sc6W@UBt zHPD+t3)J@QzT37OltYn6O;H>9+|8%qv*Zg>cW8erR|edwZAV}8?r7PimqZ|h4f_i6 zM10!6)31h@5cwE)IKK}sX`l0};Ant4|0g+w$BoE;fhGS9r~Gz5z;+v(r27ay>jTs{ z%Gd3&pPiGu@Qtgj6qY--4%2aMP##Z9;yjiLZ?DmdTaVb<#qg=&^*u>p;as6YlTEBy zKQHpNXvUviWxG&451rY@dhGgr{Ov{r1`X%!iFA9&Nf|G?Yvmrk$OjPz!RrlhCB*e+ z!Rb>PZuzR-4?+~bzKU{Q=47_R9V^Bw6Vnbt$ zr7SD9d+{nPuf`616UuX=FArL@FJWSLJcNfWIfP~b-*4a9(KTK-C9m+O zomBd*s--vJp2UnB(RryEv*>-;4_rL1cyL-S@!_}sbw)wu>#zHIjPs7ydc<;FHMT{1 zL3|^KB1lTXCvNu>YIK09A=WqJ9&@ixpUdo

`&I+H~K zl(JdpDDG+f!*A*!m>}Sf6*~94U!3NVy8H4o?)%jdAa1;$c%!=iTud2|CBUj@9})Ga zKx6cln?2)^v(%Ptq1&$3s^V(gVga@0rDxM_34iHe$CoqPKPcFZ%?91Lf57aR4$gq+ zU=+$h(&vZk{y}IY3HbE3$uZU;S|2Za17mi7EZk29^QwB%SFiFs@ckZ-*BH+!-`8Jp z;Q;+8HFo?Kg@Y_jd5VHexr{L=D}4tcotT~?wT(44m9k8{Ly`ENoK0SiD*aU3(s6|) zQA(ZTUrVCedHn4+NRFiV8*opJ1~JNo8z9XB-@2kGw|W}?IiCe|Y!THOeW^;9kKXK;*6+3hW!gv5+(Ix?wB>IIf$hmI!VgsEA}mq-oy|72 zOYV2NX%R=AnDw#)Ml>Fd9fTpD^lyApufkDLMU}k2x^JX@VxelkEwfxTE7wmyc?M|= zo)IchAA=t$GJ`|)n(W(O9SivF*;|6Q6<-TyogYt4GK^2AK6={mW-H2NHrWMK>#IER zgpbf8rxWwI9&XhjNabN)jrF^z;Fd|p^HqfA-MKeh*N%*5k^o#~e%13s9kD{>h}-A# ztpB(nubbiCZo~LWKdZpKTJME%CcDzU#uP0To@R#hs(v61xNYM|Au0egyfPk&aluW< zZv?a7_%!huj?Hl&yl=Q=244@Xhdqi5kTQ$la1Z$wFl@kdhwkCY4b+31_)k3Fipx3o z3g7NS;Szq}rhxZ_419%JCvO%2%XN>Z`j|+T>v&4^Nho~%3hi)Vqs|%d%2f4PxkKOC^Tt@E2C9P4~ z25z!ujkO8z#9MJ&j(ZfoxAjNSH^zygx@8RY0UGv~3@yll=bFf-@?O}KFUQ*}Ga-F$ zWh~aYP(OPp-|u^;!SFTFGNdPj!ke<2l`;Xu`$Y$D{UJEgbN*0Iy8NTzPF^PA>{L35 zEKHu|X_2)f)_=fppR({J+fZuU=h`#V*#ew*4@Z+f94n|Kd(KP%ee%opt<%(4(TRX> zL5s;#-ZTCC8-g#gWECk4+KvmeMbpiHL3eWeOKTTaPtGdFfV||4>))X?cU&m8T zNDTz`axlPgYrxVjw@2`T9>oLVzU)Lis%Z0PXCHzGfq9+5QLo~2@l&q-0XO1oQX#rm zd@CjHuWk>xl~U+gHVJv(J`6;{Pa}YF?zgo_5q+*t{-=m@^<#LT;0n=yO8Sxi z<=58G4a^&W{))#x5LU#5oqj5E)_;q~SM|>Jym|&UkbA4i7pZ#&6TmAG>I_9*?{`0h zIk&$rfgDYNR4ecxEdfBm8Eum*->i^RA&Fwl)A7Q*SQ$NKY+9_tq2QSHyOgoCHBIjn zgY1&5Tv(svn7q{XnW9UQgnLMQ(RTPhN%)DPl!$LqoS$uV|d{4mOl`(I-EB)d_xiNE*3g!I+Htbk6w~X_J@}4`?)&qQDg$gYQ{di}-;dI+!#Ie4q?zBLemxoG z>zsj1_|uW`ly^Dwzt|R0jS9!M7cU;+*5nRLUst8Ceqr*ONqwrd~@RXU2lR+oT3e;|X*z;IM|$6Z@l{#Eby6~J~>>d24(Aus*( zp36}DNKZcd75#c~YxBM+`c)9#P)>$nDeQ*zoV$yAT2MUc*mF_qbqL5)szQF5@rH@f z@cYokR}4|e>0u+*0z~0v$sV(vF%y0 zJ$Hnw-}dAhn;JB{jfcw+wJ2334IWWL00Jq<1f1;FdYby|f_A(@Dh)3AphR3UvhvS zgAAthw%NtFUsY@yDiLwKba{zeGR8x}VX|hwW?=<*B@S7|7yW$a})o#*TeujyI^-L}3py8E611k%gW2nz5n4fqAb535h`yZM8HHm(I zgzY3NFJU^ePopbdwZ9TkuPPxU7BBn9-;Xn7j$9&kWsA=SU)S4g%p7}Vu#$R`q|M@B zWvEbok^jmn+aKtQXt37gCC`$+?z!+o&2Ff%PTy%$@7aDD4;i&5Gs?aOl=aIHf8J-r zCH_$F&%yxq%m+vBXYEHY9c6HN>~=EmhjZps#Ga$vmDO;S|uV zyPUX#0>~qdFAqo((J_&J zg#R{^8O%$9R+*Z#8EpX^8MJI{mYY)X$QJ*wPyd9|LVD@7O!A51myH+({# z!Y=p412{5GZvTV+-twnw3R)F5z!$^rV}Bq@ZXb8||1X>{{U&8v{67V2@3%jdjnS?r zC)3VVw9AE(yLXUrHhFCPv2t|wKuks?Iv7GNjCO_fyDBD zr1!BQ%OtJ6i7wLpV-JOmmMUbmw8MFm_AHDj@saTo8O+eB${dOLs`RckE<-Rr8R&gD z&kp_Flg*fmeB(N?Z^OsM;Lo*JI=Zy$;qem-*!Y*--y`O2vV200xSOcmm-kNyP5AR7 z>vqE+xPl6o=>!KU1T|TvI*b-xVpNJd)pz#GHeABp88NeA2eE&a>+UEopI+?e;%5g{ zeaa#SALU&T5qAZ2J#e$_qt9!5F1+tMyW11honx+rRF+6(M?y+{h34nAz5}v6DHt7m zYN!Q7@*yGnI!{|L?>CRI`Dgsz1FgKVEs&pX2B9$su~efgH0*4XKW#iWx)Og#YX{9N zChS%v$9YP8%R(K=hKEEds5TVorTj?Efo%SU@JsJ+sI?G=78mmuEDQkq=#ERzWntQl zT?y2@Asag6r>8t4K8<=7&Ef+pQ7_+RhVRi((eCRF`0SXvsMFK!ih+#YpPoIFg3j3P z=cPvoRp`v5C69`X1&HzIfSP*&{YBkl^n`h?d**hE0+@T;*76w(wX0r3DDMnC_C+0~ zt4$<(%-?802Gsq+r_)>XOV~yH=#Tkx*4wuQ3a_*abTp~U@h+|Nm~*$M^Eu(X%VfwB z-&+FhnLnK=xGyNF$nffZqfwn{095lmv{&L78%q7TzJ#kc$R8{TscZ}wc6amyC?PqJ z8oOWe0y%(uPHR{Pr(=26G(8(ce#FWiL$9XFO9#1wG@q@~v}#tG=IK(eU)|s&vM3Un zCYT)zplk4$*QwJr)fAn3nq%i=pXj)tRQQ1Ju9D?$uinz)3_HG(I9FcW z7aLGU_8jD>fHZO)PhSFJX~eB?_?T9P6}z?U@7|4q`4>Uo#onfGLwEbD%Hc_s-i@Dl z;}<|4qTs^A+Oem?wQCjkA>6>3*H81xfCchCwF;lPJ--LruQGg0}iNqpHL+Bx{dD+-S5x% zE#jk#$P3UZx4i2!x8mT|Jh+?*C1#$mw!E(O%5cS%%A9_3l1t1oA zxB}>!*g01PXQ9olSheg1r(RC%ZY|Q<7~Q7nGRvP=ht}sJwwaqjS$qlFxO6SxVUb9e zmg?V+*SgOMOl!SfU^+pDd6Z}Kn4RJbxcgG z;LMd=2#b9hr~<%Hu;zZ;=7VP3ICK5X1j19v-k|80dlT=kZ-1@8Dp-<5a)dbkacabg z$IyxP8%MuDY&H5-=?DKL0we!HS5W)?r4lOFc5-ya3PE3N)GPZ;GlhHp ze`0;>3mV;oYLXsPy4-IGIQne`gSbknA=|&1~ z$=wLD7@xs4t_1T`O_p*GJFU69n$_LpL=aaW6R7w7xOdiIC>UGMr$ZW@JpWl;&doQY z@?6T^uXHi97Pc@kYnIxcm>S8rvB{Ke;%TVzE4A zP~F*}7TiU0aXF$J)GLgKodj@&MCsR=v+k;tXBZ~J2n?~QBH$xRLgXF(xBEL|^Y5jvtie>P3!Ed(cjvr@R4Qij zOrF1x*ZA#GV(WT%sYxFU7<22zh4a?)W`w2_-_Ni2_4cK&*9&Cgf_<_n^Je^R(Fx`v zl$2gi8?0lG8UPyC7pL8cMM;%>xzh_2=S^KX2k*D7Ou{dx=tGz2NQys|@wsJ?Y)fCi z>wXT$j{Uaa{$$X(-2at{VcFMVyFof%ZbgJ&52&3i2NPm}JxBKGCUNL8_2KlDFp zZX%_SNojjuKyGJ)c~#M}0oVC{a8D$d`c&N^=6s_ctd-#C^rvl7|MKwu9H`UuT^G#* z81d=CbsKh3kK(3mt-jAuF9Y(gR+An@z*2Qod+z=MUuvZrIueMP%VRoQ<5V~ImW71~ z2?4uS1Xd{Ttm7z2mju)eQRG3Rl`KRBxu87o8NJ{<^$$=y8ux6)@4n&aih95)2i`(e zWLnIut)T_&deR@i+OG>C+P+=K(|W(Zzx-WcRC|;}K04=l^{O|{vt5=;C>D8}WQ`t}WqSqc*r-_8#+inqAG#n1xc!tb{Y)(A$~FP^QR1WO62 zT-Fj;6k%%s(BJhJ>xr~}*7Zn6IeEjB&*gMI>-q?m>`CR(!QndD zjl*+Z++!zzgp+N_-p9U76-1MdlUKdehOy7+paVEks&%VMaZe_E@q#R;+R+i@KnCW> zFC<9w7l@QQmG^GwpRr9>!mJ*gzo#!UoZwHW;f{jm2e0D|h9O!)-3 z@0oyj{fYYT_3?Q5t8*3}+YhWn86csy0S*UE%6(=?GwKoIcZiVAybOtRVMU}oYr0C?rNR4i!dMpb$9DgLQatXtnsKV6Y_op)d;w-!0JF+f6R2%h2Xs3=Y=ccs zr;%LX0r8U=?=Y|~W>-G0RKqsEv(Gg~on8deaG{y=X{RF@yvD~TdYNB~%%gxVV?n1p z?G+8mi}+YcdQl#bSGilZ4pnaL(@B|6i?_jj9T3i(^Q{Qp{OkDImm_$ijwANv9IsU0 zHa2g>x!7yNvbU{p-XdMBtSbK;5$Uh)x|r)pny1%BOmK5av~f$Gj2 zU3b>M`PG6H&u#<)9q+pn!ZC``f#iFK4?OgZnb|Ex6@rtQmpjDoR{0$se*)+tp%{T` z4tuxO+c{UQCl@xC(_4O=L~Zy42L?KM>G*sjC=SEJ@14kgw;MV9Ef0z#vqM_>AH}@(haqJ#RYfYU6(XYct(- zpC@5ln?Vvl^{Mk!TQRhGHW{8BcY1jn&oa(_lm7Z;8u!X$*N*}sK2#AeLZ#0s=17$8 z@S_)b&92t&3a0iuR=T4tTrg0O9wV@FXg+OLG_%}>(7^AFtD6!po?y7hI(VO6oLEKa zA7I(-0Hqsi6lpUg3Hm)_Mt6iQIuq~uGKL&7j+VjYB81}HCU5GD2)&6(*@*c;DI~xoEW#D+s?NB+mleW z9K}!(z%}pGLDnv3Wek5Dx|n#2_Lz9|V50uZKh?OPHUA1Q@9cZ{{b~$==1@lqhC6n_uZ3zq;qW&+gwKs9EeIk* z8jyKg`G}R4d8zf6nTcme5MQ2<$ddfC66)+T6^+X({zuYvZL5j|(O)7+dL#-6h!XWp zGAfc0`TDy#ch=0Bb36(N-CfmHJ5WE84^Z#77rVSWr}TVxK&TgE^3+CPZgA%{+WI}+ z(-Btped=r@i=I@{*#{SCG=NfkpQTj*7;RLdmwJXVESI*UNxgzj7k~_F9SQYSmlHA4 z)|G0zNf1oMMn}Yn6lpD`+lFPB+oWHqia$t zt24xKn|;F&j_5+~*==QbE#GZNh{e)1CHrc4I1;)|pGyA3g9`YWOqf(xW^1bcIr4hR z1XGvbcw`;dEi!V>YRJZjD{iMjBQ*zvlQ87F3Gk>{H z=bs)UKRm?1nPO6|$n7X2lsQFs>~7=N11w`aXQx;@7M>EbO#re|f&s4SsAsTxTZ*vK zW^Y32ET?a@+`Dv8`=`5yg%1D4i~$YyN3s{!v2Ll>r>-hfocp-6EA9dv*r0gc2AebGcV%$iqX06%qO?nVeeB z1$bJuE;jZt`WJv4m8Y@qbAdT8*X$27_DWSuwtaIPK|=B~7N^fqzi!TbUuq#P!B~Nb zRybtY&%s=^q##~GNKt)XwgnY`yWfEo(5kz&@d65V)Jlz{(%Epl2?1-pp%3``UUXTw zZVzS9znyLA{cSs5u}c%HUlI^2#Fxy4f!r6oZmraGr8601Tc<}VCw~d*BMP7LvoEyI zL8>onc7#p$aS=pWQT9Y+pyYlHxtYZheAQ|IJAy1)|BR`7gf(;U;d7Rf#qC zu*3sCmCGQci0!^$ia?3@AmQEi2ghq6^@6x1~L{_SKNQp}X9@3>U$o266)p_0jrgX3F)GDf1 zL~&_RUBr=U@Q!w6G0hUY@6ThbpP!HQ7w`V4C)MG)J_a)HS-ou+1VRi)4c5MoENGx7 zSREvnZ8mv=;MPm>w=5-`kv8AbUF5{<(jCLhrOoHz^t(9iTA0-XiH@WXhP?voB&D^Q z!}Ywe;*Zic@BN0d>Av7^FTjx~$kGmX0`lmI>U^H7L@1M(-w~inhQeWz+g-S@oR!K0 z^lq;S>W(3N+1GCQpG|2unB3rCT+)ro1@=Ui`i;r)>D|w(bzoX9T%n)&)yC{=J3$oC zbm)RbM+aQEQ0S0TkI817^1feIq(bVf_*uv7YrF`{JT2_y{9~@=w`*|_OLDyRy@v&r zYg1EfU;Em8p9C0BLKIqiU#i<{`}=oLWry_*5Jb?v~A3%@OB>g{83Xz#CYoCSJPSwE3YVDx!ogPB|QI|VkC#A{(cRt;#F z(E?;RUbQwIWN_Nb=@(6lo^3Ho7P(N|t}l(Wi7RK|98%fC(W9*&C-N*p!j4_97Iu^? zeSZ651|t7k5Vgy_R}MOMJt&MeX?`zAZg8GT98a?s9>46Olk3J=C#_E`hA*<%2|W*@ ztGoekj;|)OrR(Q+8we-)w?oH38JeDzd@_tWwJ-AVX-NKaP(IJ3WvmHhQEkQ2GM-Xn z`QhDgp)&sn!QU!UE|G5Wj8&Spd`zA->`y0h%Q9tg^J|e)1ZqfP^WgF^E)_qgY}_BM zY)gQ#@k7h>HD;-#>7bbk8?rhS@`lKj6TC=WR*0Klg-zFg5p$21+>47h8D9dR!u8D! z?E{QY-3iBWZ9fZr$*;Q4Z!HJ6Y!tgqZ;Ck`GVOKa=licaLlh;{sU$RJ$K3Xj3m!Rx z^;k{Q{Yux3_iB|IQ^a@iNxyuWym9!jEvO3a@^Wv}R8DMT< z!K+}Ibtu#USD}BPpd2&dAQboP4-nHgE@X65d+M3rWYH>z-_A?J+K^W3+^_a!!lmA4 zI?%T|bx^OU3}S`45c_b3;2Bc2z(8rRp_BNxFO2+pn%jm)DPp>Z#-Zd&{S4nD|uMzXsq2d?vre9sVs@ZU6Nzlchk@x;%M*fShLYurO;302U%ON;X)H z=6;&W>E}HN>qjYz%n#K11R08>YF}wrc@0FvEi595Z5cD$|Hg^yCF_RI`S;5i3LEu% zPY>)`viMk)S(JJ3tBy8s{-LTO)$JUq%$opL*Wro7kVjg=y#gk%ZtHxs_A&pVz?Fd@ zpX-sp9$t1Xnx^dI#%{KaP|epvX?!*R(7l2f3SX5^a|m9sChRBni^F3QpgK{*QjvYX z^?T`_0l{ugx}i~!$vwH>?l@c{HkqMqHdE*O%@nyhs?(*usr%y54POBIG0uxCE1OSL z0qWNt967%G`2xl>;)G~(uL;Z?t|Uu+n|;1yLuo-KZ~Yw3Tm^IA zXlpj&^=&af1rP(x@Um+B(V*dcuZY~n%cgOt7B9K(#c^r9rh@EDD=W?$mz>gt4k2~R zJ^@z8Uo|DI;wH-RfG@LXjm9F}UHL7Y4>QhOya_LbvLD=5x!)62WY&gn3nji9MtYr` z%vh;IRWi!s2{eQ7Q!}7$;eP_egdHudja*Mk2;L*Zhv7f6^B~kol-P&G2q-&6*pf)) zc%q#==iZOQUjEa}yStjmv=!`B-*-6DAm z30nFt$*y^@+IwTeeKjwiOJVOxhkR8$xLWF$aAm%G@;GN);Cs$9eO^x-sHVmpvcvcG zsvt?^2;q0&^<5iC`n8~@>>E4yVs}K_H)+zOk1^@g^~ttD7#+Vek9rA_?LlrB_Uzxy z{_xa`_syFVROz$(4W8=$i^&%Y>8kspwT<>so zzo9PtIUYTu*EW#q>09`Q*~t&of-uJND-}XNK>22SBH~H~d;5$W1yNNcnyra>ymDyN zUWwdxU@>#-AM|NNWx=KV*db&vZjk9!fgFzAbab=P3$_nB(=3kk_8!yrc|oQnoVwp~ zjq~udPpA2}Z|_RK(O>PwrI-+`feLyOx}ZL<$1J*#+a464d%f;Y+(FrjZ3b~QspElr z5PKH8l!E<(T65Jz#*MD3t2Ib-Xu&?+BCc1(#geYwv1_?oe~TPD7tKC8qpGTk4)m1y zqxQtKd&l;n<#s^gA$`7Hy^7i%e-F!eM{|Gf+nr{blx$b9tRX_H1H^2QG35%N2g8D;+sreqq$LikKZ+$%Q z5=6okJC6LYl;J*KQ($)A*VKyu>7x>kx@D802+Y-+0+zW11{5ul^E^0X_8G|k>O?q~nG)HhE^SW0?+HI-NAKbm76`>+H(HPCS!%e76WXMb4M9>?q1 z+tD25cY1B#;{BT6X)jwQe!_ZzlF(hpUj9h|ItDqs-HJ;KpwU2W`9?vhPGu*!Lfj0x zS>&5^hyL;>Y z4)#1d+sl0&S3b1U?{_WJe2=mkm}^x>505H&T>j7#v0D>OW0w2lbv$^NOlxtC87smf zc!JJ$v5`W}TrUN2H4<#=p4YX-_>zF12XEWGJ%Io;4ZsoD2cSb_+L4N0qcYQjr3xhB zRZs>l^kweIt-5)3>*tgG?pM-6sd5b$`YWyW*DPDy3DlmZ?0tSH!M3jx2m)bTLg6uf$_K&}*~=Cbg~$+cc8!0O2&=Xq`z61ga0V>W z4XxMKVr&-+16Wto8I)d9uDe}=-`F$lWCSXpizV~jC%e(ULcj>%w@HW|MSO?)R`Ylf^j`5A2AeP8S z%ey!C;`XC5UhPrXlOOx{coWq#vSc~7?DAYNDQ7$!WVgp}DinrX>+JhzpYC@62w{y} zEnq(E3Ems#qo{*?Bt}(PTGV4-mUN0H9@m);CA8IR<|oA3X3?cAkCcm#G@RAko~a${ zZ#ZM}`}EYay=BRPO(de*9I19rn){df3DGoAAO5XXcTo$y!1LMeij8h-xS) zjDKJhChgMN2v;(JdC%EsC~O}`Z(}x|f-c>jTO5B)ILbG5!_BVtqsd=TvWr+f>eKBA zl-K*ZT82eZ;xGbn#|Qe%s^et@RFrT+kI}~EM=pu9>$XG zs7KHA8hjz_FXa8Y_6O$~^I<~i1d^fQ^|L?G8g4}n#hs%M-)5g;igJFPbUyLq$cy3)7udc;V6SHA2lUuU$d;v+dlvaOzSb5x zbsqn53@Uhfcxu}DT%2B=j0{(T4pVSeLCWiS{Ndv3NBhwYJoriDzS)C`mgam9XIPv0 zRWu@er)2X!^l&eWmZWY(_=moz>%^?7M5pv;y7BMZxPFtg-p7J4#2fnH4ZA&87~9Uj z0`4rAj;;@^p2h2wb(h>TYw-GVsGJW6)}TXc=I2Xw&+iutg|MzyiZBD^A1L9VoW(CW zmv&v@TC<=Vl9dCg@PS{YPr5HA^J5;U^~Dk!F`m9Xf%n1c(ryp$H$}gLtCc>0#@O07 zA##l#l2Lsk3nyZa{QGJ3Z?g2JaOw|r_D;Q{%W^<@Kn&Vh1X^NQkNj58$2bAudOFS= zhy4R?$E3X)+x^P`LM;?6k93z125G7FHLE?k;2NAW+$9ZlTGvjH&&d)mH)LBkej-Gl)a{k2d`?MLt?JF8rLn&tDGZAdK*xMOqqX z@5oYBe-Kd^Zp87nE?44KEl*H>)TdPFj>_HwCC?KWAM#lQ`HR}G+n0}p5`s0$OhNSl zKaP8l%m4}fo}}UnSk>WLugg(^yE&=&bE+xp@!CyDs#~Iz_}}jvHo>aL1JI80odZe( z+A3X((y;`yt?wiKwQm4~F|M^2%19c?LS9xrHTA&L@UK$~JEBF|n{7IiKI|mGD`aIX z0%3=d1auf3leM6~YaO*+TsAJ+3$V{?hvc zp?1Lb*yqD4&|m$hOd#xhFlb(A!Z7kV{B=*O^~mBfOD|czVr&dI4h-O3Oqk z8tmJGJoQNsGuY-iX@_PLJZD*pwvun-*$|GSJ@85>3 zFOcn72S{hp2eKer-06qvX@}{mJ-@iil$kv9E^|l)ha`Rf5cS9N#B+U5#aiIM$sy2J z_}4>M{FpYhGVe#-%=OEqEk8kV1yG^vE{3n;Hwu{L70ViH?(gZjJC;}Jk1B6LYea#C z^8o3L$1J?K9AiU@1x@7^RsH6(n5LKV6hDpCSlkr4(GmSrpfkLICp!V<7b)abaeCH| zGnP?A0kZFn;(U+fbiQ5_EfwyTb?Y{kDUaBzo{0XGSMiymUB97$?0cx|9W_3hM zEIojLww??(odMMEfoeHbEGg9$f|q@)M(Ap5{T>Wt+;aI@`DYxu=7U{tXWl>fEH@7D z8ByHho%kW)0tabd2kG%R!6rg9foRqpwZO^>u?G>o!nK&z7UHp*e3$4!C@%y57TB#-)k5g*7U-*MKBeK@) z6p2bC-1z$la}z#gUHE{Xo-c(PZ+papL_0q9p`Qmx=>8J5hC(W~d`DG&FVCtLAUm@q zQ^QlrY?&nWWzMgHT>ol1nz>oFd%^)&-R6_Zhf>jR;|?z-%`{R6d`v7XwYw2EeLaseCrQmP_g)gu zx;Z`3!*(Nu@VyZJX2*OlOk1v8jS;r|w_bwv!rAvzWWL&d@3CD^ZXRE-rtF{MCSL09 z&i!@nn-gn*#2ms_Dw-Fy_`^qpg7{P(MvL+t9LFPOs-81+G%j0n)!g&xyTYHU*l$^D zYur>f*tnd7&(th^L=O}XAGE2b9%pO#>~olFlRpr#(O=!Jib1%!KKbM8aC(S`a9JU! zo!@VGUkGCiIR83v$ls5SIl6QfK#YC<%EpB^EfoCtXe#dXGqBnXrrX{w@~q)l1mdqR zYpQ28jOZ?7oXosmdixlW7DW$#af-5-M0lk4D3CNrTuV+eY#%wgA-(Q!T47@@nABaIeWg=6!6UescjrshOPKDPKKi(?BH#ie)@Z_a%J2;y-@1X6rrYZ2kA4fEfv4NV@l2 zBkHp=eCd55J@gJ-q;M+bTy@*1r2YA0_rBu78m07a<7l+q4D9YHd@VO9#^cg}YTUPB ze|U%C9{a(}{$TKSc*;wx3fs-!_A+k#-ZgNvXSPs+i5rsEouHlWv3+IwP zpT+kC;*v`WlNXO{-!Z&j_e*fQK=Ai|N2J%*q?|9!@Rf9!50RJk=p4OhLSzuTeZxXD zyxVy+H$n3AQWeeM7f)+}`QZZ(0p>au1wQ>l5x>!_&<_|F0ELsG7I2&H1|B{PMr0N~ zS>nBt&%n#G&7sO0QJRWkX`_i_1*aS)@S4o^Ps+gKR$L>_yI=vvPcm_1fv}krEI}?g z)VGxbwn16o>?)!k&zav)pVPD_Qc}`g*j(1Zy zTJCvDBzc}2x%y((P(1lPbNx}1tPvA6L9dAm16-|t`}b+%^#ieaWh9VILULkT-<6-l zxIgfffYkYMI5_*IXhRz{pR)ITGA>)IjzVz;NH7GEML;bWF9A1ZLbfYNzvTd{z~2qT zyq4Ry8-YW7a4Ukdd{K^WbWeMT6}`{#G5Q#`Rwlvvjkv)oo_jc0sO(;Ai>sfJtaR>3 z1%|UXu3s7BY2qJNaUmC%*)MAD<<_pd>mSu6=niN06+g^?mMR{!w|n@+MpP}&-XDA- zOZfYDPv##+zzg_4x10_t>QwtCwxMXQp<09Et}lnzp5IO3j$W4oz^W-D`(A&;!Dr;cHNH7EGBsf3hlVu3lfB#AUr1X;L;f=pilXGX} z!{ge#A1<4HqHPNgPps;EMzV27j~$BT(6tvlVTfvk5j1mq0_0{~2LF@H*AQ2#u}?ra zUMvZkh4h2X!j5}3#ZKPq@s}gi46X}9xnPe#UL~o732h~qFJu1ovS-m z$=8T@zo;runIQV~MaV@)HxY8M{V7YNpS6WDUOM?OaDzxI1>QJO&#;`z7U5Ab*XLap zFxKRxOvk!jtb=wtuIC9!n^P!q7CfLfd3_z!wqF8mCR|kK^%jkf=yHWF<1(f4=bb@& zq{cq;lrQa{y27*D>E_Zw{x81qf}y;d9=5}Ap#gh(C-hotpG_9@JCX17lX~3VZcWmQ zg9`ouHv>47uSY6mnbp!mQaABYCWaAFFh!J(ws1SUS~z41yBOaDAOPsnVJ(3LDJKS> z5NBq7&g5(Y|Kpt<>Ln?2H43>vR~IN6zo#tSu7Bif6!+;M5zqZ^7K;h^kJ&2r6$C{I z(7TSq_yGNBykiGJa!Ombm26@zUAOQ$j4&~i(jhHsWr==X2hb~mJ5(wk;Cb&kK$8>aXF5Ah9dH*D2E3OLy`#4@q7L%CD{3MAOHSK0?P$w7v@aLFT^elJA#cv`#dp<2w z&EK$9Q%QqoIBqyeYIvhZvHi~2DeTMFt)cVl8>Kd!j8dNzbSD_|!p=GCy}JqD7HW-v z)`NWV{u=w8YA?^~16-w*ABeY6^;@!WV)6djt#D62PF^Ef0^wp6|R)2kd=2 zOf5}l*he3kDx^jC;s|PqHK&Qp0<(-@z%sT+^gFgA+Hr+c)uvzL3z{n_%bXwnl1cl~ zd1o&<;NMHrsed>H?VGu$%=v^-MP7rAIbc1%?>Eog-+B4&UvnqbOD|bC7H;6WHCI={ zEmA+d-Mhz5?Nb2mUms***HCz#_UN3rTAUpbnS|LFlYYD@@5|%BE>XdgcoYwP7WrpK1p)RFi0E-Vm)D^tIdf$n3y7vZ`9M@-Aj^rI)`@Py*ODqjL zkCC{1+;C2x_j;dRao9@d9wwuA2xrrT^DR4`AASOuPq}IsJ6#Pr+1JeOVff9;)q!c6 zp`}MnbeRGQvkCm+=1_|W`f!}9eSo}P`V6#%E=A=7Fv!chnbE(2vlB87?P~g&u(xF- z%j5e*d{J-ZK@jMmv9aZxNnK@&Lr7so$+w3_z*qhN9qaJO{3xaFa{vgmJyF#(fq)Md z-^%g1+S8sB67g@EIWV3QexlU)1zyy1;2gu-D1BbiniyM`h&uJGfE`!bV+u%io~`od z@`X+P*ev@ULU5CQ(HUlW-OFlK8aCbZs!5E+3*{(+UsFp_+YpF-n~s52Rfm za+8(6TKu&K;yK?w*)F=HW&1J9g)|PfGr!n`NlN_#k|6bp$pGDwfE^w-O`4ky0hgPl z6^T_7Up;0pS1@j4;{^Ft`0NyxS&N5a58)>H@Ic`03|=j+7tpA58s)?TEYy-eJq>;Ngw~dd4K5xHY|N4S>dVQ>EAEe{BA+PM| z*qh5c(CG-yRF}wl0c5m>7C6drdiH$r=6=P4aFxX{%a2&k_pczPaYw}BZdZ$>rlTZ9P zev4F@{KE9F0E(md7C}rAcEej!Z8DnJfY1{_pk3|Eg?JQb?1CMV>xF~;Vz+l%BrAUN zpEN;bQUxF98T#8X&khB-5C_Fku2ABD3ni&_uH9ebs3eXnr(2v)77_UXL`rL8=T^Zs z23LaxTobQMV(U$*GkY+U-)NWu z-*@-$c4Gk(19D&uoKbGX2k-3xaGW+5x)^(z!tk!2uUW%xk{vANM4z-uz-|>UP}XDR+?YWV?s(>p1>O4&u;YNs#*qrkXj4*geD6+z z@ycyjGo{>qQL1TA8ujrRU6dh1jrAsew3a8E1e6LvW2dJiq!R-s!L^Y_H|v#H!^P*9 z_XwjrmCDpfkP3%c9wmdLZ_pKKwcoGbHm^<-v%8s=$w~t)T+0~-+GD;Rj_{z;>B}3B zSvniRu)0}V-WEJ*Qq`HMa|q!1%blbcGAWb>Jt%ZAu53C>b5bQqRsFT-^mm54j1J!M~J#7k6 zwAv31+ikT#&N#qF4hgwi5=tkAhx74d zc@e}QQgZopk^99X0QOo1T$S0<+4WfUO1R;j7ehzkVEYy9k3*i*5+3ms9a)EcKJ63S z-=n}K9-0{NH1k;aPTg_ji%jMH7Jn5hsQ%o&B<^vaUVirtLRH_BhSL;0sgxswC29ez zvm??-%Yn9|Ar94#fWng4w8PMS(HZ4e`iZuayN_IjHG&f?ZVg6YARc8E$9jGTnYGJL-2dC{LvlRa3#VMQzRm&k1=!l_7v8Ozf z{5 zUZuKGot$ZU=1S90PGDqBsa;yC&#{H;GficW`+{)7e^LA$LnC|2asLt104fVML*^5! zNS_B?C+ng3COyF%AxHb|{0m7jtclkbpN$8VHW?tj+UonRAF1{#L1`7}Uj*YYKMY@B znyem`s+SfUj%ZEZupj}&7x<6wVW__kUf(B!eZcL>w(!_b4iI0$fynyHja*@RTHJR; zE@&Ded)T{uzvOs@kE%B3{0JNK9-x;eBM011yF&&+uKN6^#$|XJu_Hxh@O7hIN)ASO zEa6kehz6Ump_qsx;Z@8@jd0zA{k2c~+=Xt#lRL)F z>CSwH`EhZITjdtVB+MWHV|^;mc|++HZ3#{FKTk~=nH*5=2Bt*c>sc|@n zp{f_y#sB%Ctv|QKtNs(xW%xlO>7TlqGTNYj6OEKqK*{{VK6;S0C2lR41VTt5q+zcL||R$^4}t9Sz;Fc5B3z!qy@7~qHUbC?aN_v=aU z6de5%DE2;}?mug3hvz`+@|k<|_k3E_CzsyR;tjCU(ul9*!~RYJ5Fc5G_qRM@x2{dN zkBM;rdTAt@yydcSl!8S=#d!Mbtl~@cBPBo7Iu~hagBWk;FZ*{s6OT8p(ZRYS5EY8b;=xp6{=BKQKxCxSpu@ zo>36m7^D!tQu`Cf6t|UqJ~G#{6*U(RJbKpKz@Sj}i%CZKCh#hG06(!`#asXQ_9MCc zuGiw%1@zZ`cS5c&wOw0Bu(15JI5cAeA`Bc>wFzW}ML&cMgu_&m1+X2`x_JPh?bYDE zyc?VLmY`nNE_UkONYN4Q=aYU-H(b9a+nz1IJ-q~lQE#2cw^U_?CIT5|u?NZq5`W6- zP7UOxDDNDu7J zaX3;x^KaqicRy=%h*>jL+0OfU*+=c_KrrK8JRvUBGnH<!Gc_9qfr%KtT{BC{7wzbxWlnmMfMgm%O-Lek>7h*~QqgYQbpMppwc0uL@ z+_@O6NPVu~7xp1q9GsIk{p!F%6CmUBxdzcu0Mk#omIeOYr_}fmj<=gu#>F+qHtlN? z*BJ}Kb~?bf`{|JglafF%aPB56Ydj5b-|3;1Xx53aM^|@v`_H+6dt$7rJzj9CKXl~F z;>4cD?~Dvul(3jjFkkiTCAo!{8`$@srRhjnyV$0Bw%d_}t3fT4%DWa(+#pk0W3*1q>)#91N zyEYe6TThu=+sfqjI3wm->$2C8h1dd*unaW=$ou$<7mxGf)>bTbdFb{0?Ct^I=KTYS zV2GK3lWV`H|A9n#ki(Yj{Hr52v?`I(i%?CIEDhV=EU4m{^;IbNsAlNOcwUmc;FHJ+ zh_?fpSm%-q`Uak7ktg`G6e0EEs`uMvPEq8wD|tIS>gVSd>f~lJkG{JkHmMLQv`g&h ztQ^I&sC?gjCk**@d{3)4aWo6NpqIqe%pQ!AM}0nTqj;au9=-WG10Q6!FHx3h_09>- z(so*b{Ap&CRSqRgm3D`D7(MjgOJVt)cA4_Cek+`K>v=x|@xiJc^_6$VmFLnK5ECmC z&hWMs0Ac~6UCeg#{!(13+IrTgYQl)QZ-&!mYZ*d7Gs9hhM+ zWqR?Yrx3;ql)jK|b;S@dgz72ddC!$?zmK2EwJQ&{ML&pqSD0#mo$-m;`sJU_EWUt2 z72-bY-k=o&H*jI~_#8eeGRq-weTvF* zuIDNw-wB+C9|wkataVO3C(}#EY4}8B*kl|x^cwXmnG_|Z9N+>@OSfm4uA(Om;U;Om z&TU(cx<2763@kDCPI+~O{Gagf_PT?4w#OruA2^ul`&K${Lk_FI^h&0E_;?r%dmTZu zhvcuGKUOPr$?i#uTtgPDJmd7QG$+Mpi;V#ytiNqN<9b3Sz=yokJ!>ut5*jV6+WgS{ z!t&Ee#`L_ZR_%*tv)^Yf{&iqh@q8Xx02NQ5Y_pU_Wx4-j)3OZTd?II?%+C#4>qb2m zURWkQnpSJq0eua>Ooe~L^iVxsgQ~9AQrr?*qCWppBLcxvXMGN)>MB2kHaSjQ^ThDBcT z6^q+PEEFqeNI}Dw5{q0Mrf!Ie7(k;HOtrwT@1kk=TrJWh*ay!aNPJ_&t-aQf+oyLQ z=8ro-LfQlr{3Af!V_{bbwitsLGN%Jc$Sr5z(yN0y*c22-U_m=I=Qvd^Nz_75V$~js z*1o*^YF`d@FpEy_0)3|(a*4(U2jZ(((!FqaDq0@9FYRUHyGl&mx8y9vY;QrkK+=ED z<+T?sr2K4q@rgvh{yd}B&#*L6LVX#`IWhy#waPZ5-?oxu6fKZnv0coNEdj$L7A4P& z-w{<*?M8(A+`J#+_w#Hg%*Zg%UP<~1FOH{s1j^d4z0h9RuI5(#tQUO=znb)(Tg$%M zfj}1gkBaHy`JN7@uWoE8E_VFdBhR1tOag6J?-K;y>fP_la1LMX4R}P@HJA0@-qyVj z$W~zHu0szI$HmWO;3u^5A)=x;Y{HVK^A8!PezggG8j3pGwKg@e76rlHEC!ZyeBWmb zU0a|Ahg|UnmzS-@6E=^MY(x2O{~>t%&Ps>PIX>E;7K}AhQYKUI>i)cD=<9h&X?-0XkhAX*(&hH22`2#!N7KTz zFa5Ls;(vb(#JBW~k7tXT0{{S2M*W_B#*&kkT7COt^%V~MrdVG-y!O@Q(ViOe?GnMC zok%&|PM)A2t|x|ErL2tP?5&V2(-$90C=Js<2c(`c{)WvdN4oBgphj@0six1~oojwpQWe@%GD1xwDzQv2J z7SMW!dX)2~ii{UX=ge*&NDZ}}P!PXZiEkCOL|!!qAa(voa}u%?aB_M{i^&TwY`&zD zDg>Ljj{dWx=7$HbpfMy>D?&Tdd3{&@*a~KTQKM*JsAmyI@YztCa~OP}d^bY`206Gi zAFt${obDjN6X`(^ktV2_DMi=eJ}@{3t%5!AR$zta%$s2Zl6d5f&9^u0{0xUGjkp64 zZ0zGj18o7eHm(4&)3$uKyBB&d_vCT$^LPH4T6Rcc`nZQ0dJnh6d^y?b9-TOL_SCs= z)|wiB)$6lb(=e0dEr@qvi>Ur})6>=C5!Qbl?eX>Ss8zV*qG{`4RG1 zzV3^LpSsU<$Gm6|5zkw6v2I@#^>T1hKaX<`7uNS6mE%_Vzv>sGV)ue!>=m6HwAp)4 zfU#2Gu1~J1W9Lt^7zOJpdSAAXAuv|7Yjd`t_shf-ME_Udp70tC9fqO%po}sMH{m_` z&&BrPp6(APYnzFvFP5NwPE{hI;(W-w>GO_)E*BLm7BW%^OF3- z0v&HhU~Pd#<2L{OtL4M#*$ISJ!*up7ioXM8**$lGWxdN(j!%4l?@jRt|5g!g2!V4o z##sj3K`qSCNIXAg`SUrX_5A{0wkPLbuQv*wnB(<)IJR6hD!lxq%XIFk;?=RMX`le0 zt#-v?e*x7Ri#~U6HJ+Au3+vup*(vt+0BdcdF}rN^Itue(T-EwaJRyVR5}+Us#|NcS zd(6|aw_k9d_6L;gog9DB&x@mPA0DPK(f4Zvfis^*t$$H-Uwm&7Nf-RcioZTxWbWSO zqHdY6W?!}>XCE4;$tURB-Ppg& z0e)J3$>-4*b_S2%sLk+8q81PHL`zJ~0955WXg_+khDUL5YN>IokR%UC5R{2EF0QMX zYWYZY@-!sO`Ev&o&~$WZll%ngK7jc8Mhs#h7Ae=`q{oR^_BrPsj$B*HsPz)Z(Bg*CZS{dB(%~D*}XlDCVFc8hGhc@TrgS_k^Pku<^AB6aWZaDk# z+ICO>*LSL1)uv$h&SHv%l*I?lUqNI+tv?o0{RlPWqU?~SXfI#R(ZcbqDdR30V<}1} zjLE>n=dOj{FnQ|Ko8$sv)R=ZS&M)l6zb$wCUeGzXO|SIeaLPTrP_`95hP~Pj82Pv- zUNZcD0%{%M{pd0w1H~^mK;au?<=Z~aA(KC?v|UB6bi*%J+Ua+;mUIG2ah$Ig;sCd( z5!&@6Nx4eG#?%BGyCTiC!Ra$@5J6Wo)Wzo>hnGLzAqpfEQwy_MkK1S5>3J)jsUKXV z(P!bZ9(*8zG|MA;^I;~JZ*U!TBA(!2-$pCb+h{6g`eU72$09Bu;6+(-J}#uHC`%c{ z)*fex;i_LwhMDoRjUqlOCXNG}bG<7f|IJ!s$@lOjpg!#VdJQ&Yy z)O7EpVu@t-JC?9&ZbGSAj4jq*>~^_#Q^#sCW(YL5oJNZ=j6LMJNjZFu^= zjUQ|1>;wC4XZGXGk-l+>nN6~<&?h|xP7w$mbR(yCqe0_s1qSf)Bbx8>Mw9yd(Bqo| ziO7c@R3#j$#QtGH7kd=0QUU5}SZ<&p@Z}T!;L>dJVnm5o{wv2B>W)^YjoTx2^pq>` zv=r1DbwWz*r1@JjN(O#tA5GS!c3<-1@xBp!F_O|_uQ1Nh_#-5m=%N!f+sbjzC4>mD zdC-sWqYmRm1@^8K=?JE5jKMqS=HtwFZPA>g`@WW{TufT$VUBN5p#iYz4*JktHgN$j zzPi5s@4lFRC6FXqP)R&eY=QOcM`A2Wa86LY0>Y{KQ8RuhtP&(ZPuoF~3LG@qLfe_8>E5OGYEQ`{9 zh#ENEIZE-|rAgPMT3uDqVoYm+pv3g?d&cUqx&79Vav}P{o|4SSJF0lcqxFQx`^C|$ z5x6R|yqNweZRZcBlXSOv7}dun2>c#I;@S?v@2w*m=daRS8mifKL_reg(yTCiCO0+P zZvymljhn0=jDW^|>;16OVP!qy)Sr!0Exz7tR2+eRH5_R>`l{J_j5sK3kA7#*>%c74 zlK=Qd^1UMimefgeN44B-|95|bM&rwu+bN`@JN-H|-tTp6#iQA6dzzJ`9Uz?=wrwT(%JB5 zyYr5}&I&11$oY#O4U3c|?`bGW|CP4(!pHm=MgrJ|vpGMOC2?$_cu%J$Acvnqyz8wJ z3R>PpN4WHNzFxXsWRXId>_~qAIE5B*-ph0R5j__wSEv1&Ec=2s2T#0{VsEQLS#bW% z$9B;!P->gpT>H~U3H;@k+%NLCrw_*Ji*cRokW%dd(Apj=Xjtx*a!~Q!oMhbZLx$PA zFo*lyDtQn=MHoSQ7v*!v_Q5FpeEQkUT65<3 zJBo^QcXidSZ@a~PW`a04a{H&7W^`!>*dR;bN@LywBWj;G-yN>{r+(kpiJy7d)3&iN zkE7q9hr5;lNP8_!l8gLeP+^J4l<|G{rO3CS&Xmmd@~-zKiF4uGMgg=N7z zo)o$y>6%3;IKvb!jJj5>d2Fl{E=kE6D>G{7e{&>=&B1v+#lz{k$v3Z=ND#Uo2{bWG zp#k5u4!UMOtS=yhbCIR!<*2iL18*(P5&uKgW)tK8)HVjw1Kw+B4ZW~T$CPdM8?`$+ z<-?2V#j#x-;Ibpb$k^J0GSDTiXpxp#J}~jmTgYe+X6pZw+x{7+Vlu(^u@JG4!vQXc z&^=7b66R`o^s+WQQtAA3s-G})jiX&KK82C?v{hANEPphvIx)}3O_@V~#}aa|+pRp`?hO>R*}>XXCrQgyvLM)YrUVYeZm*EUu@ zK^BiS$B`eiI`bd9lmDe2^pGO^ zD(%AzlA?I}(qjf@Cc5Kv0*yV)Xw#pkKQ8`dtn(6PEG^zu^N|Wz`?Z_40ifye>q+%E|J)(C0H;Z=YB8 z$M$!nFzlc{TQJ=b%ChC7JuFG9@RLeiba#}RE@i8oJpP8>&_@K8(e)hf5dhr==|`%p z8jmMZJ3iuKkQi=|iu^^G{N>i{gIfNA#wyp^H%El#PleAMXx!c0t?H@E0dB@;Imz5t z3`1~d&Ta@7q{nhJ5vP3fm-z#gck>2_C*f45*9y;dItR^viLu5W6VU-?_9v;)+4RC6rt0oMj3$*E7AKC0<+7-C{qnq!t`MfJP^yO(} z4}r`Ws-m9H5uXbyDGsgk#-sS^cjBv0eATxD-iq+?iRR$GXKH_6vyHur^u`H-VE%w% zs9phjjKUJ^C2L=TjI2e@J>(MiYGUpb0EAJ}+Ljl?U-KiqwmxhnzpO~1-Cjo|fvq2g^=4#RPB=wnlS z7hXRSystnL2`V05dF;bu)hQ4cd+xLB_a&?>e^)_?-cDm3#qVq#LoHzP5FL<$q^1vU)5TT|J%0rp;R7jDf(*hhhuEN zr}Pl;=!-odCn&=NcE5jmoM7Nk@1X;epeCt=?~*E*s=Sp}CECo}Q>V-6Wq?;?_&gYh z=U+zykBx(OUw0oh!p*w+*+DOeq`v<+w;G5j^#ev3VLsp6!o+_8PI?%#N6MT!yo4vY z^u~P&^?O`%q5gzLEcaZfQ+}mzSRoS+V0F_N#HWw2M|t%?Yyz>|misgtvu5Q5x9jDD=123geN~zj5B9!3@8_Fi zAiilczw!LK$cxLVO@a%$eI)1h%*oY}76`m1#02bo_9Vr}&i8#U^Aik>4^z%kM&{r| zI8NQcwu{OsVNE!TJ0_ujt{rN+p09Ak${hJB?q zyrg&tBD(t=bfsvp=di8!zKIhU)w$@!vps`JxZIf!pVk zpB1U-6}oqkUNR6V2pJ zr|vgyuUO$-|G1~YrBl8?mYSdVU;o|;Rga~hy?id$=tDorVYbsy67A3D3{+-k0Co3U zMBUj#UL5L_eb_Bki-OogDUaK?EOfgO_}@c@ncHg!2^s$qGOY6gyogU|oyH%XPjv6j zb!`Z9CP;t@DukUmha{Lkx0aI6gy&_E=4Qe`v-Sm4a^HZ}HU$(%2mB3?J z9{7#~4tb?Py1BAh=O+|$!ys_t zdE|aM<>TA!zxDl2HK&5zlznZ>!?tDzT3GrB{!+uH)6*U2>Mt6R>#CM~tKrKu_V($*`4Lope_fwQU z=n4!4KD^~HxR*cfK&btFfWmpI%6H6p6j&> zhD+U_i)p;S9aw+8o;P*;aYiXm zheug&D#Bu~Xp4728)^)v-Lo=&;LxaMK)`XeSfw+J6E4t{Rb& zdM7fxT0`S-V@`T$9?^kv*NcAmq7rdRZt}k4x!V2jVH^(L_{xeK~W74?rRQlGR`@wH2OBBJbec41@~H|o>Cj4X5+nC(i@ z{#=@H(&o&zoIqT>LIT34tt-9~>;uqFtSyf)Cb8cKx^L(YEX#A-PJdOYSJ%b?b!W@5 zu-8zSsHaejepX7)Q~-0B`^Z<%U&6syir24QVa#19-ifZc9#3e;9cZ<6RrAS>w{Ozy zMvjo<=o%&iJNuy9X+YaDAx%=f8P(|DHq4vS@_x#e@O-RAG$-Razx?gq`ljr;8CCi5 zlX(#^M%fS;3*ZlHcL-;)G(CnVi!fwXgXY+XYPoEvEW8d(mn~3(QlUlMo6qquAEeH1 zhmSq0blZ_pu;l^~^;5lY3y7MqJbAt!(Ud32VPBEZD&vPdbibMuX3Of$2+uIDLT@D5oYbYJ@Gk-06zGUI!0};d4p>WV)ov@7n z{0v#*ly;vc_BksL^nzZnuvjm2u_U7+WK9ml6Lx9$%U(bO&vV&ML|-;-K{MfkJs^X zi7i#UoTHcguF7xwIDPFNf1aaAUqvCp;VNJ*p&3oojt!2lec>uz-j|O>Qm8o_#@r1q zSZN@A^Ti~_^LF7(Ly!5vxw`U&PFv=7urH0$s;j)B05+gLn4Ma&50cx|?88>tr!Du0 zUsNOCbVI7f*t4Qdr(VC0jXc6R6S4Lw<`$bO0aNXZ2u#!ZD0Nz=@)XOr1DC*x3ia1`3&oWP6C!iO_?(k z;vzDg=(6aD&q>{$lcrz?jQq`ym~d|TeKXirdf)cIQ?cwaio6^opLCcdfU8UTYVJyb!Or zLyPZHgBUbNlVy5bCHm7v{Sno>+K9_6o6ty^<3r8r<2MN}{W_2x<4uU=gu7VZ3dI`^ zqs7;nf!4#X)|E<5yGJ*FiJWj5L~;?MH+k``KCFw6e#;NnI(ZWNoT&7D@QcF*oKX%9 zv`pkb+!WRXCqJRHtY)mcKH9fsO|Y$#$ZC&Cq6p~jCzKrZ?)(H-FuLTV7Xx$i@+%uQ zc6!-${O|OpzR`ik^dpFdRDgV2=9kZabwawiShA&39tRCuQaoVZ0~*D>Z-W}nXk&fQ zT6g!2&qgZ&2=)i>!xPU#3L_0g`Kc>+co^7zU}${^qVZqpeh{hdOOi^|`}1T~8YPlI zFb$%!zUtVARvxdiBsOfqqxi(miRr%6Q5f912%c9sC0$ML643s(aOIg4d|nTZ>w_+c zV|Xh~!=lf0XpYP%R_UdfI?7{+Zn}JqjQ0Q(G3vC0FPrLXi-$e#!p@+q$rzfTBR~vC z@pfjUCwG0l^u^@S*(00-_5k%1m;9-geJz5zryiw$0`+Wo>Xxt8!C`~f80+s4!=klXzXMJX3uWItfkd5y3?;qz#+H4GVyXe zaCf&VJy^P)U`Z8i=8NVKWaIUdWv3^!_GMDXs!872=kk`3q7FeJ#C5$dF%a0_$_HxPBS6z)J%`W4 za5cR+(NcE1z5e^g4UsPkWoT5NmHE5R@%rPzvqziM_T@mGJUJmi62a~J$$%YL;8B-# zo%i+f8H&~3Z%AkLW#HIl>10|O9`B+ud{=E;oxQ8R$@gBMJ7Cb4*|Ylk?a*(J3FX>7 zGF4`H6Jecvv$A|3O#=~+?PCB*KK-SRUGd}YL9vO7|D3=szH9os{agxXpCG&OB^<)H z_wznKe(ymYKdEQHQ)X)9#e@&2P*Y5cs~nwejujlKS)iLt^Kw@>lA@5L__FFg?)ini z<#YEoElKP`f#E+J46UD3S6e5;x&=wU8F??Ud-%K0DDmgqmLl&Z)?p!n9QRCpUD*3Z z?7O)_>kY_R0)}JdseHk6v|rI2OAw@R+dqWh&g6}V#u8p{aF%mQX2?u5_f@kk5SQUm zvy9SujB*M2N&YVkfEK7kZ0qG$sn>xVESRcJ609U%BPbk^*HyK! zwFivP{w0~rwCClpjPA2A9HyFc;LcS0e!*RiID4Y#rK`%tkh$;+hs6KXkou$?$RO_;crJAOYuQDmG0aXrQj8m|FnVs+kq z?LNh5b32kNuZ+~$7~h1^qHFyKiF7Fy61C1264jSDMD`U&bX@8+vV3pF!IaU@`FOfN zxGRni=T3<^>?$jX`r+5z(rbgf3?93E_cB`LciKnd&i1>Tsyt97a+fC`#2+3Zcx41X~`gPiBbaVPBy#c>jJ+ zYgQ9|KfY{hc~}o~Pv8q~tj)}WUeTb%iTZ&QpWpc%tVF-h^RU+zJ+0+clJc$_AxmN; z9nTPf85m8cGii+3ZXqu9jpa4r@wB2qFk)_%mXG;giO()DUT~!IW1)!jrPc4lkq_W9+7)G0YW09`8*OCA)yU@oJ2D5mJ*izXPu{hGlX|L(H}(9 z0=($!a>_@%=yWF;1@4zIsGQ-Nx2KfJPBrCl@EP z)t}Gq>nhoW0pq+~H0V$Dfg!K_ZHeyZ`U!4P^HuaKgRD5(na^-?n3 zL-qi?@D_m)DRB3nHZKGF%J!Y3@ZAp{-?;}Kx!;;hP#OIs)uA zP5xQE%T#}pE_4D5TEfJi2Xup2SFylCB0a1Oec0GTq~*zF--hIU_v^aHe~zQv9qIZe zof!_iKFTD#sTDe^Ywd@o?+p9fSFbhU%Ki#Bg8sAYqaDxd_AvWC8SP@`*mIwtHoaa4 zIysz~DkS>vSz~|k)B1|tWD=qJ^uGFIzh)ZrSR6kk)u=pCnJ1^!gk<= z)ZEuk97Hi@XTP{|=PFYAuyl4`RMHUs9ygRpVPUe7oO@W%1TZBX=2*$8{NbKfd73!q zx23z!z38!|BiQr^|Aix~8J}_ceGrBW8t+B=@uMG~0f!F$w%WiM(Y2MU=WO{L4&#I0 z;NL3*!GYj~g&F8y+rFhnfnie~Z2y_wmU(aN_l{mDWxXdB;pv3K4RVaPa=g~4Y!8EW zvpD1D-%c*#VZUrIQ3XTK zQ4lHEc&qmI74K&LxWPo}8}i$6zp{ki=J^JClT#ZEAFoa>{#9tGeI^ND_jfau|LxGh z{p};5uKk_=CYerxhKfi?^Zs67xJvD)H1;PzyBMjSRt(DfjqKzfd#Oe_|B`eyX4Eoc zzuf#&=R3C)f6lpRPIC?#vB?v`?L9T#!%D7TC&9)lEw_VDP!@CRx`=r_U*J_#P6Wnh z|Lk4+!$tHlW%f09$iANDz*XbBf8;rKFF<*hPbvQ2-Jz^uQPG|IDSVYh*^xMs9uM`g zco_J{;0YIl^x~`9~U1lcWv90xcw`g!y+>`cj zrISzx!g04J2%PM3t~hwpC-jJSwUWx1UJJtb#jhUvNd`>;ynh3E-(W0BjpcgXhr;ST{kYg(>npwOliLJzy_~BQ z46<(q#Y=~nqM?i2KBOb2U$>&}_R_`&-6zmIy7d-56$l%Kx{MX_u zw$E?>UEGe@UY}4R#NU0`JSo}yN=wxZ`9SQ!-Gp5h?-jQfzmG}grw;$URef`L9i3ro z<0af{PS$IdiNlG%bMLJU1wtFr?jSvk7pg3{5HOg>Mwmk5)m#C-xDNN?7#q|rKE}Tv zyrb~SFl>T#3;}~vASu6NOx?MCNHz-@uAMdQ- z3u?aK4NBnOmxBGtEERE8+McKG7=Iae{C%%DYfk|UE@-Cy>A8P3yrb&3?}Jjg(dsx} zFmwAwi&s6&U7Mo4{T-1P#>y+c%=oa=;h>kEzjF`utLh0d-3z;>RDezezXJ*g>}7hR zmzj{vIx4$#yTNy%NSW&Drarvg;1F|Z)cesx3Ov5Rw1$^%SLTzKd512nFBfv)>ZdXU zxB+*jru6vJe(N zQ1oIhxQYbeJ_XUmjd!{9#A?R#zL;oo2ohwIe9pEBM2bXaIZe8g+cZ@|q9QmYpZa+0 z4ubR}H#en4TK)_V5GC;3?F%}@&)|sh#Xfu5<~^J;Aac1FKmq4`5Du$k5)}1lp}FdQ z&0T*t;pP1f?K}Iv9)R`IEH6E5L=ywurs2xNMhAbkldyYog2L1E>@|TNI z4BzCpe%AXQ$2S9?T^p2dq;g)6R6OLZCvX6W0tr|kjg5y~#Ol1C9fWL2mo-odv`;9*2V=_?(+vm3c1f1to`&Z#hcl$3Jy+B!R8e2 zv)6|u|Bo!_bewW4Sn$v`fCXzi2&beR#do>)z)A=G7N8*@GoBzx9W_kLmCd)8stlhi ztj?4s^=ny!o&%N&-_d10=59$!!aTf7H z*+#ui{YuQAYhTvcCGgKp+@Gf=5|2;Jm1}>cojrEF0`Rk+i4Sx|AK^PiqV!u{4eC*3 za?Yk?n#RMGf%V&9$Kfk!WFUpNSv&p&$UHSxZDR84JdXo*d}(9}vauSXmT|g;ip*Jf zev;cBY7#L;tS#8$2lB^qGQy2{u}ni@FrVBnzzwEr9ywGrIg zHN3+!{-CDZ*A}wPaAZbJqI0dhIcPFJL=%9DSp*vjelNP_obsDBYmztms2pEf>hhni zwF$-mZrIzCgP^qqcN2tH+P!v%M>5;aLm3g*+x!YxE5SM-WTDWpCItR z(&xr*9?II%I@&f|K0PK&OtH`A{9|EUnp)?q7xnPg%ExXD1YMDvhntYzn8xp( z>vFxB*B6h@mN0tiM^l@LPSUefsi`kLK+QMQ?qS=Du@Ws(s`=qx2b8DYd%7fFTx|ao zz!dyg!d@i_hZ_CW{efsN4dFZZI3A+S!eH6vJUdPxq*uc3AbmOQPv1bm-}DG+@A6D! zKi)Ok^XH?=hdV6E0JZ(4q&D$rb^$dE58vZb(LDeK0KEUVN9+pIGMC(!J)4NOT$)Jw zS&F3jn9S$dGlp=Q!`LY*K;I5af{NE@3t%+Q)wAw2rI)*^KjvfZcN~^p=-g>ZsSK@ixm;G1XPv@ zt*yO{o0U(K3dx?nDE0gUo2ynvUp`Az}< zT?Asx`vQ4`QN*QjZS)p73RPTgoqDcCdo)mbQs3vKIXtx+i(CVE&$9U8|SyV%iF<3ctR%Je;d z_ZQRe)a`zi+}lZlT`O^aBV}NjmtOn=OS_+e<~+)K7%0u@e>IoMu4q5NzwgB5O+Jz2 z!1N;@uWc`(8%yo)1esdm+@9?oodG#NI+VnoIM1kc8+@hDFiSD zG9si*KtLW;Z!^cka3|jPgQBp(r(}wrtfivvj9VLYSJlWfn5Of{t~||h?z5G+T&3#g zf{*-ztl`x;g^)-7r<=_+Op4B_E->oE_ZN3W4n4(Ix@ z4@P96&_R{78hpmYFa_`;O({KV4yLR3S7TP&{W24&0J8V`pD5Cvoo_tRj$zsq{xs&N zUqZZt;Kl4;!JU7&_b+KbzD^wQGw1L7O^*Y4!9G^Eiq>PTR#jQS-6=W%29fAEJO6k`CO;`{RjfQzW=( zGusR7K3sUMi^i1lt=~Wmu=X}rp}k@>*63@9|ny#Dx|MT|*=E(D7+RvPDDu z+7Zy4 zKG*D>t2XA#pBcXfj03%$;ZB8jS43j9l5QWv*P|r|mp<*Q$MHsnO5a|uG5XXT-ZqwK zVeE$ayf`JROLl%OA6UhgU|9G_kxUc#z|qd1P9L5FG-y z8x=!hXN~ZgC{SKSAj?4AQ3^d}KAW79eitiz9B$Z(OZmkI^pZ7kxD2E;LiIiD4ED%Y zE!DX&evQdf!*M&g8-E#z{%Kd-!-%1Rc00}2y}5P>?AYGp;k}ME1vJQp=YG!&HEDoH zACEGeEn<|i`dLJD3y=E`jIZ%(L6$Z(Z8@XmF}za|x{kWh^Fl_O^fOX060-yVr)d1C zoO4|#c)E1t{Vm8D6yE0WsF#^BlPtNX+G_T;chn^roLKX$liFeaEx(O!slYygY1NkT zucFzyIy?r3b$Ga&9?tjdwQJ)s#PAC`7N;qx(!av1_gTf_p@qZ=Z?X#Dk2magw9*Oe zM%g8<0(jG~0z*LQ+^E~f0)w(l)oQl5U*m^mYyJxiiKU;cCLf~TCBee2hZWka4j-{o zIOxmPVhov(WJrZ;PhWkrzvTkQR^x{;+@$W|q!)ucz9>B)uy~;+QK0P3H?ZfP&DUmf zKDBD9pqYhQY!x-*-4)%@n}hUDUA+%?`9%@m`a=;}!DFGc)L^XAtSFUxzSkbO?lb&k zYrtV;>+_DEc>01zS}vM6~bY+migV9?L{fHWz*-wJhD*FNWe=>Z-slF<28! zdtr#14t|7i`jEdOhv8+EP*VOCNBH#YGj!qZFJRD~bRY6jsSj8EAQfh(r!bLJ_the& z+p2sSWPUjZ>nJ|r(bvA^IlO0WeM5^~O^1YN$BJU6r|I>XiGskFd6=l3(k<{B)xii4 zmSn?lX59<9{=Ur=;#POD?K8V%pr2R)5)p&*5 zUikmLf*-YS&HU2=WFQzh%BW~b*@e(CB}*CKD=>P0E}=(Tu!uMVlK5(&Bbsfl{0V_? zz2fg#4%$c%AcXoVs(OkMIpGb$LbLzf=!7V$UnU&1eufQqd6|lZu?|FHBaks*q+DgC zUmglI-#0$h_5P-bpLNaqaUT{d{q!oNge8?6RP%n+H@RG+(+#qvh^C=O?&8_zr*gaU zh)=D1Atc>peZ7ud*6SbemN6OkCLq4!b?rps`y7eiH*9n6q@5T(TG!!0Z;1k15ws}L zz_sC}o;|s`p0jb>$;%6jz(`W0=5FC#OlCs*<;=&hM&I7LOAg!%7SGb! zV>BD9kCaUTE7W)bbDNb>9u1m<_Kga8lF|N`3hz+5=DWY|exA0wURHe5z~kqpyApej zO$%nVG@((}q2sOZzEM6fd#c~P_Tk;WD%$KcZ|9<)I_&hV%PEjT7VV@Sb2i?dp@MGd z*%6EMD!G(*Y?_%wuGmA^o7NhDk^efYO<1zL@gkc=L8TVsS<=FIZ-*DUmcf;C?~$Ye zCa;ih%dJ3aQ!}2x?#w6l?H?QPr{ACE7I^WHP$eYjueVDf<{F|7rr7yLFba-{pBw!i znDBR+g3#p^tUr1Z<)5JJXR{PHq*hZ!!oCR4DU%9Zh%4lGl09~YAvVdS zBAj5jt^CZ`BruIHEqaMHNHp(O14|FQR)B7SPtDd!>j5F99@F%BvvBgt2vh1O1&oOF z)zK0K|Eg)69>VR76flpXTB? zfsd}k@I`uTpU=>e9*cJzZSz>(8fQ8N6ZBeE(1Z;f*oNN}{bsDc_9~~ou?NV~%aM7& z=#+1vKk4)#@&x<=_n^8ihV0EXF{)XF+GVahk!AID+Id3jH2(?4--gz*h`N64IBxbKA$o#phl;4S&_>+brWiZxg^AVAi-#r zfo(zaSUybd9-bc0m$mRPPAKU94-48}Kd*@)5ww4jL4Q0A*j9c=Ro7X&{a9}QIe!T{ zO}4vR`^f`7xom*pn9Y-5d|rC30!0q2^L~Z*sdmiZM_8aF`@czdiwE)!Yb-f5E;%XW z_o7a8vAoZiPw>WMin>~Qy9G$)X%OF9m#?oMeCKuhH^PK_FFf#)noE_3F0p;)+Y2ee ziGs^7^}RnAd%w$)(Gh?h+csP9Ys>u+C1G13XsuY=k&$Lz^vgEw=`enRcO?`0{jqe> z^?LF{=akvOTT^me8#olC;iMY#bnfWxtwvM)&@i@d}eSii%NnAB;(G$?426iFsm#c-;9 zw9)rL;PKra&$1pg0rC3S&(wgAEDR=b&r?Re1f8q5h9lx#e#z*YAF#bH4%XAJSVnLI z0vY660a=~ORg)VFFb05J-1J;*`E)aq=r94%qaWtZ4!@6`>LO1!2UV+O1R2Dc`V zd}nAkAPo71$M_X$*W}7lnsy+Ekiw$3U%{(1K$sV|(={v&QJK(wA4Vn;HP-cUx9x`f zbYDSh`+Z`_+~}Lw`vhE4RvLZ5DJMfUQ|-ILXH$dw@t`=rqIr??HGKnTM)I(A0G57h4guYJfQeeZddY8Xh*Se}I^x-QEcO6eH)wwtf)P;#MN zmJj(=_ouX}qHM1_3nRhu>juBm(3Lb5z9+~A@K9+cU$4H(0mvu3F#Xt3dB`V=zZT*Y zEXjDd?YoxF0`v%=N5lF;@{E`V5>@2`aE{VyN#=E4O14UNH05eoYctB3Q77bFSq#9G zpY1Q#Qo=UW>7c+eKtxhR)j6cFP?CHtBdf-pDKroAbRkup>_otcK=-Gpgx{1iasP=4JYOw;G?ESe%Z z?7!!=hml8aH*m-C;}ED&prWidH_Q2HIKe1PxfZi|UVQc#Vv`UVndD1nAii4nOC?824OoxZoVFMBjS(Xm zgIAoh(sAyO>M__T`#X%YT0a?l*YbFF|FxRW^hiGd*>q^PX0-3m70_?TVF9Qfc)zME zi(xY`{aj%W3xj1XKe*TGOMAD(ToxHJh>J3y`7;4cG(~8*tYn}Q?bGN`Il%$0Z*3F~ zufVasC{jU;eWI23rwXLVrqJT0rD)5etum5%Q`x_x2HC;VJ6^skWt#*65R4?KuzzDu zjTQA~MQly=)TXhK_781R);-Ovf8=NVU^R$X^buTYxM=Oa> zx#b*HPxRt@1(18M0C*cH)vj;O1RmPav0qf3pV*r0WqE6;ruGY49Ggq~OP?9D1kU!u zXENcket#TgWYLXhDG7E1665i4mrC!vrx}G0)PNU3&$&eH#Z@g}NQ!&ckrMlps@+ar z9LD*uU7RUM?)_jDj)jzRhMJkaMVGUytpd|wkR7_velo=@?N_aU5ZY|tw89%RT-5_u zuz=V2qH}bNTrWVIkzJuE=oqC)_IFSjdc5|xK>6ai0)XBFfknkJ?q$23Z23^kkPx9? zo!YXEha3u2Nmj~|n^Q`T8P%6Dx4Jr1*#364A$ed9)cYC%GNrJ4@*k{PPfB-j~cH*1qai#Ex!Srp<|P(h?vaL0&>?+DOEH^f^wksI8-32 z1T{SQqN~b{K`M08z5ahnI6L_E7d(e#L==S(U8QtEtDdHj7Zrdd|ITTWg>2;Ql$pw>ait*n7;@sFR8)TF`rQL2W5KRl>gS)kkTc zOStJn7F!9RwK|T%U7favP|5ks2-5jgpgi=f*)J9X*E=B7IT>sar+Xp?&cmC4%w4jy z-+6hhJ;N)~5A;PG^XsB+OxEz)zPV^vfUevvZfIH;XXyZ{5x{%Lv(YNjJ0;HfJiAWn zmqek7!r`;~;0PHSzh7YJHuv`(>(@QH1pK}N*TJno%P3hvCEflK)YGA$c96V*KyP=W zlO8@=yoPb=&@u{l$GZl;`JM8rTJ4XoHH)7=NW(uiYrGW6L>d5=3y+Cb!680Q8LW%murch=iQ~-4g(z=h=}(x5eu5 z#k=+Nvr!#{E#-^X@GQOen zO%W7I7mJd*?W?3mG${oP|39@jP?$W+!r1uZ&D>-^-^b0r{gj8)^dJ&*aFIV@Ww80F zIv+m*#MU!|3_6Ra}H&1`g2>bl|T_M2PrQ)z;YEsZun3PbumpxQZsHo9vj zB|;zjoOp3LJ^X*?-05UHu_i}q5H66L;RC_z2*1&`j;7JyXKgo!u^fnF9$DOQ{k^Y} z6_8`aARqNfrQDYFjZqdnjpQ;Yw6Dbgt@5r@U$m>9Hp+=x_izpE;<_5h#u${%C&d0$ngO=M2v~4#W9?ewmVza%aPA7(lB?UbyU@L=Ib_$24dfVT5PPq?COiggKVkYrxZ~)N= z3exezRG2jyxdAGEyoT{zIre6R)XBzp7CLxzU{h7VAEyrR@3-G9jSfdocZ36F<|@^; zr?)Vd5O^De_MXq7EEVIal849feCH$>h5hSB1^;t+IVmu6bj5ujHHB#>CpzF3Au-W0APWAX=z-hK07M^o| zM1l_Y-BVDf!%&WvBMg_T_HZ%IG574tcX~kAq;~opj7#GwzhVBS`?q^RTY`*G48SE(IC-SQd}<&Y^d^AD-EjxNJ$f77+|4M7yDE($p4i^ zrxotflm0SH|WD8<-^Yz%Yp2j?Vrm;yJk;hZCa6~0D+UTUM|=22IesSs7d1joRTp9(sduJ ztZpSC*Ddb3A@Gr+NtoVp2EIc1B?SMLGS6{ByKu5;*}Ra~Jrdv)wo2#bh)*a5YKPRn*Tl=_lWBr6f1GQgOvBE53PN*==();=oj`uk~Zq^)ci*4)BY}G_vm@qG7|$zov3W~`cIzx z$nl?jtAB#)aE-r+)VG@fPIvG)tGB0eyuhSjfMa~bU^*Ad;@rIJH{=JG_oE$cETfkT z_eR&&ZPBeW#Xym~I*G9x@WORw&LDJNALjU}T$nY1F#3Ec7Ihn=w^}I*uINRlrP6~pTUL-KouUo6EaF+2#1l39WVx$ki~DIQ4E6YaK%XF3Uf?q@mF zr6>?Ye@TLbM^I2yB#ZDy4oZ-yeEr^@J!f`jRFcr4y6T2LxBr9`z)u5&po-p+p|JK3 zf-VGWBrLS+GOksG zRqFe-y@^w*d>!MXhlNfIn`5mEVekzDA{4BtBdp(Qcs6+@(btzx+h1xEpb_Y-z_?a8 ziSOOIAX+KXg7en( zbn_;iEyN6q`>n>B3$dW%tQEg>)RXnBQ>oD=7)8kNeGuPggZG9+i>cRod(iySpsIMH zi%GtVJ_?cYhPCVanzqz)(ByP?hO2^ieRMR2&#x|>_NSIc)EPWrM#hJ6tqI<<)!pzC zpi&oZDX;A`63T!sjsKf9uPL@(C5yQ!AY^ws95pD$tle%wCe=C_{GO8bQKZ(X=g4f8oz4h&Eut=H$ z(cGVB(GmJ5m%I~Rh6Tt{jDe1MNA z?aK-z9#A#hQ*rc%4zit3+p8YzZ1Lq8mj~}dSe;|(LrEXwRg|8e^7<*5KPTrkrZ3UU zdtX&KZO)Xc7@zRsyB17Hh4c4PqPW{f#=&_~7rxm|nfiHK{R5uYyW6)9(mdVs(c-^n z;&G$4%nSPF%BHdIqhR)X9aD?C#j~DbIR;q2PW_5BFmzn&Yqk7}7I^Apquikef&T6xCx@x1>m$_pfKsg>Y!6A!um>BMspR$b4gH$4K6 zagsbn1{9-zU61MOo~KIarh`lmJLU#291;NaM+gz`(v)g$3Dzbu<=K=|<&WBxwf^}- z9wIm?yuiZS@&2JIX3I>HnUJv@l&uo1L(;7a#ZPz61-Myn9gp;yiB1CX4uNhhsnReV z02Yny&)}+rkX6>NssPF%8RqO?+WNJ7zXk?t>R;rNfqGs5?RUs+VLU zVIxh01%A01T91SNmPmMGQ%%wd>}_{Jr64qu=bKii8&V zZh5!U-oG!(neWVbjIj!T6TuuG7oxKp?7yUsA)^nja}ls4V*{mwP>tSNQJtDWEp1|+n~==H8VL%b3*;52m-idO7DMI7xV{{iJ$!F4jYd@Vf z@kx>tb~_|lZ$^BJ2LkuC+4%%ic=nxs&2xB0{iGwuh^8AC*)4pGpCk8y09yEY-d{dS z%9|)AaQMV+!ro&9C(MWP>xq#sE=Y#{{*nueNyyadB!~o5ATcCbWe<-L?wpB;wSt^M z5swQ_?wT>&Ck&vvnl3H#?Uh}IwGbM#oTBvjSPyMS!h+?y@L9kaBBu*b5(debdngL1 zx4D>gp{{>$e9^a9<~d8>0WT=?!eQwjss;KLoU^NiVXU9Sr3S66;g$@Xsf6Ip!HQua z%evsei0|HPy95P}Wg9tTdV!xm*93kQMxi9%o=*S#CdDkCM^s z%VQ{2P&L2c+#pene9WE|sO*?u?D(+AaISs6G8pu}?b$vtM{_L?!H&#HvIxNm`?8(i z?dPuVA%EbnhgBjC1V8NYT4YzzJz4n(XXqL-M^%%PJd5NTqsef-BSKG-!It^bBCYqAdo!H8TjIrb zKc?%;8;E(JL>FRq`@?>1%GJ3(p?N1=Z~Be@9)#bw+ID5;0Y%Bq)Dv#b$mfj=SxM{+ zl3@B(Znuj;$Ye-_OzjK4HsV+$4nA`+(Ro?w;(Zhkj0<%$g^U9NZ+wYtm~6 zrPGH#?9R{2%Pt1tRKxAkYOwDi^pec5fX{ixc23^u8Q7EKNN`|kmFoVr{vZ(^&ETGcMKp(G33T6x)={PATdx$dsp=V(JK zzMQO5~zbSh-EAzF|FQRxA6cl-_pJ8AsSnu-Vv@jO`x_(a)>e>gbJL(W0 zRR&9dOfYq_9^pLZt=e4%o!rXC0Ak1t1p?5TUDC~7>^xlZZGfAk0jJZufct|GGXY4wQZTWDe(&k%y7U z^W9k*lvjizKvrA802Xce_0zxos*5a12G;y^{S||v+=^R;8C1>X+cgXj!a?B>`y zKD}0tZ)w=vfdcGA`=Nx})7#_IdIHsv4n-Tc=lB3_5`zms!f*H zjO6oHE|Vf280C#rx+uDY#4o=stY%2Nz)#||lmqzq@foil*)o*$^i@+}G3fi%f;$E) zbHY36?(Gu*%|X4DC+1v@{gXi!CO;nYs-0*qR9_yqjpg?yZJU1Ek-mSER8*?TDGchP zw?W_o&{iG4V+JSa%QDlKkGRLD4!O(bf*3TuR=10=bov7x0VKIE&#Mi1RF2}Idtd9% zj-=RC%6fc65lcjX@uwj=K?*}YU6eI0^DVx^JnI{8!6-f-cgfnObJQO`7E*AI!>H3+ zP5J~%;5`&Q4Kl5qHeYC%7S8S@s-zb`g8Os6%u&CD^_bTXZq7a^M1pyLS3RXDCR%BN ziSG+6n~ZYN0JIq8*Q%Z+_nMly{bto$s@O_EaWSgp(+CfHOCfVNejaJ4fu!v&FXJU2$$;5Hrux%^ zd_B2l*KG!sJx&TlQDlrE)A15m>X6h`x=pB+za6*Py~%Byk1uCRDsV~sL&6~5g$Dn1 zXWCbgB5l;cdr+(GI0WgVYm&NT>1pJ`Jp?xDL#~~Hbog=H>jp&Vvd^d4${c+*vypT6 zP(peDGt!j%K*d_ijY-4%^hIZqlboU&l_`Tv25E!oyEEv?;XffzmvXBEx}Q3ELwwz> z+^HcD!AI$LIqjawu>%9hs;YwDUmLROv4G#>R;|7wMVrD2J&7L7#T-d6#J1cKYmZ8G zYz1zwFZ-SI^h^wljMmhj^oK8#ly3Id2ba-M zL;t;8cnJgtS5c-dpx?~Lk$$VU#FFM6bQT~bh%w%Wt0Zo?EP3u}JabsiTQ+!4T| zcq&+5AGrMltWBW2m(Kx$0(5L67pkT(#u)bg%ZF5{13g6+`$J%VA7iRf_v|P$XL%?4 zEUV6WU6^u-G#q_zP*|7~x3I3D6g@vo@!m(ziMAS3dcwVY>2e4^P|GDQ`%U1;^mwuE z-5&O^cUR~rMb7Pm(c#;}nNK@3mbegWe5S%Vg2czb5fEifGzczoxN!Xh|)KB2pue@2>JM})%{h5N#mcJi$4s(S1eu?5- zRY3>^(}nuIxM8u5oTU7wc8>p?1pJ3g>-~{U8{Xhhf}Mh5P?_Z|fc_Cmo>RH=^u%*a zx6{diE=bha-R~V8&U7!X{!G1w=G;fyh}1HL6hj*-$-6}_8n%bU1_Pmwsa{J{&FLFQ z`0WJR(fvRR4&2pst1i{~yOndf0I!=Wz4jt0uM)CmE24US|Lr16e= zEd7@}T+&7FWZf9%+kSdYaGL3@^0dp#>tRi6>R<+wIIE8i5?@i&oL)J$?VZeA?)&|h zlk?>>Zfp|Cb$O%(dOe(Oe@ue}VEOY70=5zEfNaf~G&ENvVO0|0Ws@;(wSl@#QFZ21 zn^xreOBMa{uB->ojzD$&s_be<^`B4Prk{2E+piL z{PXbvY2?&7dBvFT|2Xp9G5-{|`4E6kT7SWR?-{)og;G4+QbdT%FG$xW4yxq29Mb#u zu3>Dp773d6{{93%gfOBLWYcAhe0_-5jCek(bg&gZ8l8)Cv$isTLCm4{yzf>btebB; zV*^N}+J?m?{kp@*Mw$s*%GA)A$6yn^q`+%1*D-G=l zI+_!#cPxh{;TZk){Q5n14-K@wizCQ94`(9zB3L0$DJ1!nTuIzxzt(z@hiaU|k#}x& zRFOW6Ow$`=j_jGK?PlL7DJzC|%p8)*?2$Y5>@*5^?K>(N!Ntk#?Ur9InI?VQaz78S z=+nz*(Lv#|#ZxpGR;jH+5b9W;@zzu0O@c_U?Zo==f);y2FxMsnn&EtD|oU zTm02H?C=BW8NOGo!$}WgyWRl7u3PavbBCuUdZvBggBDX6!v9-_avq81G%oC$?Q|LtX(xrbk1BffJBjE&n-{bplMI!d3hs)eLz4$&JJ#vuSuA?uda zkTP*f(vlpmYOI;z3jl(sw;?3s!M(%<_vZKa3kEYLXVoS61{>$hdLLWb@HQTh#>v@q^j?amt1M!yKe{Wz$0J1l<{U}^ZQ%; z`Rwdzs`Jj3E)K|Zi9wEWguqy3bj7ZFt3o)x%&jSo{>8YNtLoAiz36;oDU-FC3PO870@? zSlNk1g6BWEV`G;6a>epOre>YLoPZMGkJ)P%!aE6XGPrT@Ze4c$un>BeJY0^RMdah_ z<(Xv~Sk^I3=ZQ4(*7UqR(mey(g`5hAm z_4zh$1~B#?zthqTz6V$>$yfWHka6}*trcnc-2y3(Pa0HvMt(pfgfc$-6KUtr^``j= zYS9SHVA(LDFFuJ8rfRGAsLmJw!0_U`F<{wS9>hdUDc-#vo+G`qU#L-M26f)Ky;{;| z49_${QtYqRW4wtU zs(Q`m96-+B;VVeHX#erAdn#B??o-g$P9e`0%CWP$WHAxule6k}oJ40)In-$U;!-}K zry6N7gx3y05R*KY3hAJ-AI6f!m{KGiBqx!zdUe>_J40w4zn@w!Ho6BvFrYng4wN$d z?;I%6ADG}PS{3ESE00wX?u8oP?81CMKN(OE&zM?Ch%;dgx@{kGA|_|(VWC)aZ}w;H z`Q$z!YDbA7h3DM4-^2g!STcc39?3#6nle3s2F`!x{5k%ix@? zM3V~EtE4X2EvIJ69h6rtg8MA~6tV_+VMLo|(R+x0Vk9F1QT0i`AGs55Fl;qxZb#Nr zB@@jRnpZ=yKG(b)+CkS*4RAw%orfLeS1z*y?JaeFpHc52v+QEwKlgxhY)uZGfkpa# zcefn%_~YyOThER9Ks{*xp+xO`jW6T^Tj_It{dQ;I+gylDh>LG<~lSR7Ovvq6AaG56 zw$VM8=k~MTVc&w#ujOB&hC5i;I=^mJQ!*=>;~mJ50e@jtu?zCOEH{@ocDUILV*Gph zwM!SD7S-;;oPFJ;{@8E#gt<7j9RsQz{s`9nFHH%&?A zw1If}Sv-ry?ZRIX3;!}Yr;X~wms9QZsA?VR!;6wAp@9L;%mw$;1bSFr3;YoL>5ef8tR-fY)Q&KC;ird zz2zQ8STh_c?U2RXezAAmVW7yqw>F`}U+0VU3n3kZVKNU+*E`Zj&fM|vq6%pm51R6Y zQx^SrW;(Q+ANcO{b6!Xm>f$XUiFW$$BuR(z+$fiLW3U!d#P2@8{h*c7GxJiz;zXlP zF1Q#`>0Q>!`jLTWO;2{ahwhCf-QebUJ=}hZq04l4C=Spb0ez(;(xfR_lmx$_*o#z> zSqcT}bv8diC;yGiNUcNLwH7=qj|siUwP54)Gvz^?Tf&iaa{5X!s1)Y`D*d2{UGvCw zNXwuYeqV&~YFGs1s&e`-#(+t>J9MD^%-giz;g$6EkOztMXdW?a6mBx-t6V-ONnF#{aP|}cZ^lul)A{_JFRQVp00G#BTuy`lQRal(vt9>RnXqHEG zeRG#FefcYmaak&zm^=A%rf6zZ1irZ}$d}LW^ZS6r zYVPn@%fZd)JpVIr zeh1CzviHP)CoH<9|5+FoFfnSnp5J`~Varo(u;Bw>n78}Zu$s{}Y#!||>SsHN=L^rr zTv(&n8XVeDG1%sQfk@W6FUOm5vBmi-*5xA+5251w7b<70_r}q6k0rD7JwCdx$nuj7 zD(Hv#t)SBQl$pGY>5H2pGPgcn=bu6{r z=XlQ-jRgDL9wIHn!fV(`nY5|L|I8DviomJ5_eL@9L*=U-k||Tg zteY0xNoH)x>r9ji&WA`A6xcPlf>Ouu}>lMu~}mQ%o3~jSmgUYBUk`t^LZFx_EEB8T4mvz1ZJ6tnG23 zf0d@rS;-CA;6P%*KJNE@4u$lJ=stD=_5}=E`$+5*SfjARIO|vNEvW=+OEZd^^eT3N zlD%u1wTsTh2RpPFq2>MqIs2u53vG7^4>AcfmU+kIKPCZ>T>mh!pX_S)*t6ddU{|xm zFb@*ZbkX75Za-09{0t92V&fh)slDEAm*hb$dJx?jF>WT-(cfiyLHFQCRv>XA6FN|~ zGk?B&jcwQIn0|OF9B+Cm`AibVlqL-1`M(T*+F6e9VPKAsHSx^Q{R9|G%ME0SGm_`!Zb;uwth#C}F~lxoJo-bR5( zW(-Fdm9Kw<8lk$&s{R604(V;zqcR@>xGLj6M|K$?-#EQwb__q%1@I9GKG))p%%<%5 z9A?WP4^ZDdw9PW@t-U)*l>51^j>nOyNVo2e)Vd7PLe0Z)rPs?Nk*M)i@PEL1VR!%? zzvQVHxhZUKTlvqINqncn$XI)op*_ct8hYdu0zwryLMQv~j7t~xv0#*X_t}fK^)&5M zZ8?~!J(L}wcgBu0q>*}VZp z6Xeu_8i#{KI&;|`cY#P?skU%?!&SXDHPFkfC?q15^1g)M9|!(_cvJb+uP-0Og(~~H z`*(fSE94Y6a+ki3>~f1#13)&2z>~fQxY8ZKemVliQ|A-TNXV7h<#eJ4$WLgjwf|-b z?flIB&qEZ2O0x4rF#A~2$M_2R_nj=sZbOtJCO7q9X_ zr9#F&lk0%M%zb2-cYZ0Ru>p#MVnCa1!^* zkR{M6qMi9a(Q9a*Oys;@t%$Z9ILSU*&H`Uegk^Hx&YSr9Pu-hsZ>1sdE~}@m z2*aGrxe3+togyvoUi-@Dx7#~LN-UPt64-)?gmDfT_*$|_M@-zA6xrs)3N9svo_GvxK~G)3Ik=D!d5j2d_E@?sSpN8 zjrT6v3tg-n_E2v-5hB&cOX=KeaT9IdM5mN=7UopXLY1t;GnwMoUP=L6*I&3aSQT=r z`(B|-AibH_8SZw+HEU=o?71G3G2HxY)1Mx<*PjGQ$lxqoe(-A*=75g01M|xL3UPjQ zB9-|&ph7=u-#@P<85-1HNChj`qTAysyh`he-a{VLK4g3(xvb54lJ*`^M;bDBa2*)5 zmt_mPyL9gs(nVX*yED(*$0rtAe(P_G89(1qjG}jRe+Qc>SfGAlL-TI3x+g*KsY;8m z3(pW*BsZ~=mwE%^dAXY0M~9VBI-K1L?e6>e_CNxc2O)i53=5UI-OGXwfA(3RO-Q1# zGm0trCBL-w6cF(*az{qyoIJefhVHrY{3!gG6g*FZCVJqJ23*{*2mp5^UV$HFBq(*I+fNj9-IR9p-#UBT7 zlHqf-=kL240l?Yu%-%;bZ`)@@$xD-eWE%t|V};2V7}(PE8h^05VP;!he&8S8#s|ns zOH~$AR-8}S0XB}iii-RPSy#d!<9>h-XL1_G#P5Gf?2|bK25()>ny@{JA>QHeC+o1X zc%0SVds*9$$?t!egmKQ!CH-6HO0O~c$Ck+o1C`{)26V};G$cHq-C?xKbqHz!Q)>aJbwDEhk+g{oOgy)QQo>DNPB(*o@4 zvEnDJP8mc%kh;o%(4&wQ*n5R1JLlI^gynGB`FX8s$J=S6^JlJ`A6?%m>`O;1T>`~E z?NY_?l;7dk(H8_Sj=Z37&MXvA4sBBK?p%cPE{d+xAO41)Q=br4eb6b12CngX1*2N@3C-X>bLkZ~l{RpsLdHWvh z9~$insVwrnf9(_Gul(Zsba3IMQ3rkx`H0 z^H5epPw!12K`Ir#iLcY9Jb*&xlTCQ9QWGn|VYLy9@$O~!ZJAx30K~s3fKWPf*o z0gN%d+3AHtsFCRBSH6CK(0y1oI_Pga6i=dSw@kM;8AQmy8A%xSrrP{zpib~e{y9)T zUNa17GKyTm69T*SZJO=@<0nHiTu+5|suHt7B>-v7SEJSMFDrj14A}A;{vLlTvN$fT z9CsvNucVshWDm#jWwGDSgH?WCBVro6gJn5uIGQ9BH|yyYm02??`f zlE#cglI4*g>vM4*M1Vkj;@_1v1{h=Z;eD4myOXo~E#fdfu7Injl5IkT?h3bdnQ-MO#I#R{KDUGoJ$GC14oG z8y@3(#*+@S{5(AaTfPKF9!>&83NZCv5907 zH@bQ}R7#;;=)8k*E?GWY5~)fDWgcen`8`bqPXRP%Xdg!q#syB6#T&6Md+L85L;=VZ zc$62=cat+DH?lD8ve)|!-NK4W`qTd+sPWIy#oXDgnx9_hj`_fYfyG1;6e`s+lmzw6 zg4#cZhy*WZl%TV3gm^`hYB%0gmISXtw|j|2H`_iiOS?bickxOl-0wZtX3j!F3~YwG z$K}u%HkjYuZ#86^)eY;1l1E5UM$5BLjOWGFZx;N~te^u#xKXiG$cjSCOUq-|Fpq`u zaBu74_KC_$i}za2O})PO!4@sI0Z7jcs`qsl{a%p7p6tsYuqg%7hv+{%vFolYZV1bb z1{O-RunXns(mOFIpeg0Sb>aQJs|)jBt8|L%`xFW7WeE3jGq@1U2QX#^#91B(;1X~c zJtqx8MR0qR9uNq>+?6AeZ_*y+&lATYsm z>0q~L)LKv}H|&i3etRp%gSnT7>B8l}p!!n|Q@%C7ljshko}C2*S`JkgxI9A=Cr?1I z6;J$(^}C_|Vh)*w{7xg?l>8zo^G!W|3;t&rhW(qPM2nx_>_ldPim`S}*jKyGgq!pD zh#B_&dY&?bbSe^c>F}$}WzU>+9_e#gRvz4IKll6J_;#&u$V~70mXO;d84CHKIN39x zOY_y#lBd0Lm}x#I%Qc6{Y6tr}Y5rm!sVtrNQBmfppl)j;ybRLk!p;)U8^cKuFuD0b zVkzHEN^%AHj{}^fl}>O{msJ8PfN+oRJpLAdOmi-xm~!EWiYBXT{?pjk;>)?%uZH_o zZ(cG~j>%8YCk^?=BXB|mxW08e%wFSzA)W&{W*t5i_oi(3!Drtqh$LMbR~}O3U726s z`)R?&<;C_84!4~YW9pE9)hdKkY^&!?INe>8n~&X%Eq)?y?92FtTi{+@JOOcl*ed2mXq5@UD0u%b;TQx zOfrso3D;y+O-+Nzd%*N#=c5X!II2vtFBOmKwP07I_cZnBC1;O!=2t|r4_z<4k_~C zY=P67GA<*+ITeDOM+OEBTx!1-aKl&d02oCM^mT&u_wM_Hc}A7$mtgtn?+e6g`U2*{ zqxCD+0R{c`125opPNF7ur`f-AMf6yt?bOiVOp#?wJ$uYqPu}YyUY_4usn2waNakfs zY<&5_GBB`DDuS_YtO3kg9PGi0U+WGY7bpV+{ypJle1S72b7O7AUT*kN8 zxqZS-2cDJE4cN%73y*j%_s1zc&FdUKsP%{c5 z{JPC+^dJoc;*S>qFzw&6vIex|Ig(+z_3^EJkK7KDx^7=>H!?91$bedh=ST0tiE*8e zSS`%Ec5n{L$%k$}K0OFU2|?uRd)3Q$q@Y(Efx(!dxIUgkqKkRDJG|tnH~t*l;SyJq zr6eb`WZyd&bREp|u0d@Epzq@83^1lZf^1s2>?EN%f|t_S_WtVj=2_;>zdB_zv+tUM z*OHPf7<=fN#R}!HY*J~z*Xdrx0!-vjxAl7d8By3(AMW%AP>1Tdz1&3Dbi$DJ@cX-t zLkV=j^k98eL~tc<(?tv^>a%+R4tsHi>@3BJ|7_CT?t1D$qM4f=PkkgA&ffna2B~k` zGyFfaseT+@!AYO!Ug4b&gqxy~rK@xY^%fi-Sv(%k<|W7F6F>KG=a? zd@ZVSc9Y-CK^ZAAIdOo^9xpDHG_G~=_l_8e%4<6%$wh3ZPFz)IFGpk=OLXdaM;aC5 zPjx6u+cTgxTuncvCDO6#>)rm6s%>TD1t;pu+fSazu0$*HkhfKp`(ZCt%^Us_*!bR( zWea{d4TMF?JAHkqV*@@<&OTUo^-gtL1a9r6l9P}8`(_#(4nvRar1n;3A5C;Z^8>|m z2Jw&EC1p_WfT-^^rbuC0q=Uq~-(ig7Euj2T7hu}-VKU-GI^xM~?`N$5!4Bi;bQ_iK zco8<=#p0UQlq%$SSVh%mGT_YO_e4P41|>ldg|!DMEmFV{GGzdhfozG#gn= z3l;AeL^JEU&%}fO;++#MTCM!n4EhK4w&(4DLq6rftE0b#@-j>xU%w2?y zz8pj5x1$l_NU%ts(qR7sA>TmhbTTB$6_u*ao%Wfp$X0_gGE`b&mhT=o-kl;H46>l=oA-4jZNNT%;(x*%%! z-Us{hy%V0F+@C)kzoxu%kD)dAIFrG|%ZdeXr^FC;-e1qof2LDI0W^a4wL{w<@S3v8 z350S`2M3F2l1bL%qoRwfG?~i*2T{=x>YZHiy(cpB2&~rc$mDvr6X$zI2Dds*xiK8i zEvL4-A&0C9-sGVdudoXR@!(i^L-#ZrZps`z;83T+Q{&RqEo1`hVikE#9OTp+)Ydrp8A6bx$k<{HrbVb&K_z8r=>_~cUgqJ+(TQ4VBTp$7^W1M2kW z>~#80U^hPTgvqe~8_ZwmI&Wd6sVEjFzZ?U2tzDD)84c|^Ew+3<`bj&eHDY8Ho}m;< zRM1rUDfX+_M|#;?nY;3|u&AtwwC|KbCVS6nZ%84iXZw$$(jOQKdYFGKVrI=cEU99E zGA;)fcFEIie25k{^M2ty)|k@r}LuU%=PoM2(ETHRD#zSfBKDZW6Z6yFU5JlF5jYG4uJ(`D08L z&kW>9$OR|gU@dZr>yX?OgG?lrzuPxW5M|$=NZqCbEaj&CXRJ|}?Gek|YW@~)FeliZ z2<+aeuP@()s?yEjm!%0{6#?}cia&_GP`=Hyr?NAS3^R}Pewq0pb49@7~#!AElK=tdMGUTUtT&v4iKOiDn zeJAl)Tb=(?FH;4V1hJ|bMo?Vi4XMPBe0*Cj%!7aYhr2Y~mjl-4ePTFQOKHs8$7Udr z0q5u6H)L$BOe>?XS6`2ipbvBzn)aGNM!>xQU;ofcEgaXL=nT!Z)FByqDE;vJ6M)AH_E_{PGN{ihTS!P$!66&`ENj z=+njBqVJjC^$!r5E)?~!i5`F)efCkcudh{KH|ov2dZXAzAAF!>mdAk0!||I-hnVgK zjF76P@hIKDRG?YOm18@S8PYn2UGO)84j4OyZ0_an&4DFk2*1In^$iEA|6)55g4qIq znu+8j)tMAw;Lb@BeMy7a3ol!aZ!s)jWR*`s3EX>zaZ_Csvarrg@pJoQHJ)`n&v*NW z5k97 z$d}+-^U$ZCRT*39d?pw3Am8!JPY#IN`CqIPy>-ZVt<( zEZsMMxibY-dA~}>fh#>i%|MAca zEI(wEr+pz4 z!oD~QR46wz6s7Um<(D}5E+zLZ__HFiL^C%Tq-9V+;>nG>{OPMrq&472%+J6plJT}p z;`o8zf<`k!CVII?kynsJ7k<)IFB>_$^D}Z*TuH0USROVUVC@A8DQJ`Mb~ix}5{ho* z?(98sQv%TuW3lpjmh_pt-4-sseNB;ISIA!OwKB=I;zuRzoBa=9$0w>@k*k^+2PISH z=AReyb+W$nohRFqJ~ZPW|18U%w3sV)xs$th2Dx!|@JF_gm+1HJTFKWj8z5XM@^1Ao zgeib(ZqMe3nM=k?=Q&f<6jIB`Cvpz_F#9tzG= z(AQKHCPh}LNm~ogBqq2E7B}L9r;7Jf`UvpO716os50-&j=}Fq9Z|2{#l}0I$QiRNQ z@sW+{t0Z?uIB(sfU_E*;Epqok@2p^r?zD}T+CuY0qN>{m2K26QrsvMFZ$|wzfT00q z3xF-@tpW`yLs}bACXDWzhy9qxZ?d;C{j4puyLKHf{Z8Vp`D~I~ zCh=?TB-UAi_X5+U%GvFe0A~^o&+P=HJR7%)4oQ~sz*&aqk};#0p}ZJKl9BC@-9-*y z>z~TelVo9j@ow2$_NI|V?EOo@b?7u0`(0uxHcubs zuxEjhK4OlRE1bgoQai45Zy#HX{aZCd>kWAWHO#t4)>4*4cg(%#h9-{|y*k-X@vaMo)IdmehP%%p3VL};)h-_>h1OV^h4;Y`;ZhzmW zkUVwX$Q%58Y_1-g*I0M^k%#*2Ex4SPHM2g-liV{M)%GLb3OaOCVEB1pd`%yo&N-N` zhx6@5*OC$zPWiqms4OR>m7SmRDQ=%Z#C1TbvyXTl>bHJ%1I~%=owtGjUIxkcveSj9 z5p365%e|0{5y0mr{ZrrB;e7vHKE~?ASD?c&n8{mvB)KgpExdzDU@xI{ub^vl`!gF4 zN2hTDYdF0N9fw(CvaI3Uy4MGInev(RCvCh%U2p(^TR(?O2Zp#HKDe6--65Mn6&H|J z|EyZRa-!WU%2R&Y3n-Z^VtuJ<30kZMv84KET~aZ=BQTrk86yCWi3?U&0axvR=4{TLuZf;A$>m%Vr;<9?0q6yJRN zCmSREv#0CzM?o&hBf}VEz*pXGIo$m95Q z@-Oy_TjF$xT^$fsMz0^|F;4MiZukAb4jso1c9AXaq57bWRY8+g;U(j%`F_331w0_3 zdJ;kqw+!{*B16TiO}C2ahW!t2HUP}$ACHP=fjbWJB&uI%qDM#}SEz8CKCC2y+X^a;Z#DxKd`b4M<8FwT0oj+}26Q@pr9H2arM&D;{^1>q#D7SIbQ{_` zYAjzQ`oZJ7Uajm|YS2)y+BZtEJ&ulX>F|EZ z8lR+1??sC+?p_nI&NPldig5GG>1=tNui@wFBL!WQNNLe&R83;KkK9EbUe(v|)=B?d z{V)lbhpBFL7#{EfVk^1D7Xmw`=T`jc zDuaC-IH$E*xnAqwGnc{UREmeq^o3IM%aOe;4(a+NU7Pp4_8D}(eo^OSmIK~%u*XUT z$Dungpg%2nuvMP(L!wQw6<3@?O&kP=Qk>sudj)}U26-Hs`^>l_%QN~8sveS$OfWbx z^4+)n1oRW(?3)}`n(%7_VmQrzb?b4ownO!MTSD*bv*jthF$e%UICv{g#VP&m#j*s! z!VNeuxah89?WwwA%4A>OqDddS?v>HsRegYE^2l4?`yZQ1$IRL{|ILj!K$87-SFd zXBXRqBJ*O+r@eB_OAEA87{Z5#et|E%BtJf-p0Irfn@c1$t1iXk#|Y+kZ^@|fN%3=( zllU3|WQ-9>is4?n_cdx;N)zGsGmVA5|MdxohP$0p z*C*`rem_Tpj;PtVmBGI~oynISM(sViA6q_RXI1XiIBF2otGws)Gcqn6e&i(CHp%Lf zO9%-%1z1-i^Al}H#LDRDq?;v+M60~c7vUSn7pqH5s_#%jiBCjhEF+tqus6Y-$qitJ zBAOl1{CyB3=mW})_iZy~66j2rRV!E+@Ken@eSMMG<&uiRNay6VUNC2J${9iv#BHUA z4%v9;XP^c0rHCHp{UcslPNNU&Jr9oBS8Sw0zYTewCk8@Paki{_2Uzn~ito~$E%`GlU-^I~5TCSynK0K&=nvqX#V7A^m>!CMqGX zZzq<@#HbjXrPr*o1q3Xq_;sQZ8BJ{@pS^)8Gy5`7Y>-JuFvFzE57vL{0%g-^x34`c1sP_V}2K=6P{C;>aO)2CFS+Kmaw1=+gEe)mb7`Irp{n zNQBwjiliX#&d$j+;#||i1i1f7x3HP(_Iq0q@QHo#uop&@1-sS|k+lBY+5=7zR5{Ri ze*I;+PRjJn@EjdPuA|yAGN7oVb{Ih*Jf(-P#g3COFxHuDU2@jg=<))sjk7dlFX|Dn zcd?58TH4MG*?(Rz`?-9Du)mn8`{Gq2$F~ znZ!mL5dh4fFX6fg(_W}N83ACB{9$E=>X!B7a{KE5zX&uN@u{}aD?u9jz{n~s8<{Gv zj}O0mZR;=v-gnwRlT0Z~;@F@BJKJvExt2~Xho*X7x99#TK{zXMN!^-k_n@n~zg})< zhFktr?bSgS=rnnx#gjj}{`>d1Hu8j)8*(Aghy-pB2Ou<9*9zi}xBr|i*2O-@uLuyF zHTQiN{8s|ZH@ga+tLVx7{i)FtoTF{8eTN{%JuF{7>Bo%R`(v{|ekY_C8Yhj%KV3d| zpYr*FwcsrmacV9Pt+nJR^IU9!aS>qzLI1fXmRB*X`M724U2z_5g&(&cYityB=r?BF z(@x32`BjNwA~5Qz?Db;x_ELA$H{aMB1x)T)8+-Lrdnu$=za2G)tZf!2Q5nxsT~_<} z+$#yJv2L&SUae{cU#5(FG7|ni+D8DWOGPk=2t&WjR{ErP<8M8s_*HbU-pO9J-E$@^ z=h-7w;ywHLZ1)%G>8k-s571|Ptr|y=au6xuV?f8I>M#;<1<7Wa->WN6)ouGEK&ldk zN3dV0f?ufzBRk#aVYCQ^Z!hIR)&+#tQu9KI#JjeDu4#4vJro98*A!vhao$ zx#4vM_D5p7vxB(V+Z_*=eI-Ne>Wk(DP)SkHj1}`x9a5vgx19j~nkPPSk#U{;q41WN zexWUEZShRt`@@fT@#Cs}3FpoJ4Y(+H4aDw4&auHe;QIg`T~)2~1`KuVVCe-w=8%FTqe#wG^*B8^kVoR1DoZk6?ThR;v5U81TJq%71$&}3uHh9rq=jII~1$yIV% z7B2aF@A`XzGWE`P^pD|B7fOS9*wRGH)K!{_I3f45+FREMD#)&KVMG<5?rk>k6Cy+F z0lK;P%(l-aGP`P!>us6zzzQe-4D#o#aXWHlAJy9RbOY&~>#Fv#Odl&>ao|IMe^s@> z1M}^dv*e}GSKxo_H-Jioqex^y*5G`v&nvE_KZpd5RFr3n7}SzZQWv1iwomG{4+t7zQV>dfN)LD>?DR8jw5ix%yIbMi z-yycUoNN$F3o;q^<%+UPXC7od*MbV)##1AKc*j{}mGygw=4QhO6fWC7NFDv^4R7{4 zSNi=8`r2zd;^B`K;?qd~wkA$TG;K1(vti2VQ)T|t+6~VUDHGw8lF&TN&r^APd=HGN z$IHgVifBgfine(;-`FN;{PPc0u350{6i z7R441#e??tQR^E&#T3($=)Zm%(xM(-rC$H?;vl0w*tg@WGp`;VEqR%7VTkcn=+!wuT!-e~UzoOE+Hj)w zcWPDQcp2NmZ@qN5H0=cXa)#8+hL5CM6(xsTUecdhZ6qdW$M5lhB@v70qCPG-fEK&2 zkAr0LT^TIxEe#>xD!lPMD;G9AH=^q8BW;}iR%{nb)!{sWaR3F!O|$k-_+eC9I`}ei z#MbWg zr;Lg4Ox_7E8r$EAvmG1-se+%S zY->ncfYfr#73DB~^?gj5&rK+#XVWfetH54Gaa?sgoe_I?Y|wr=LO+M78k$+MyG2;N zZfztxt)~Q9-xYKR=S5vj58}gzZlN;P8rY0rvVUQe22ORqkRRNX;c(zn`-5X34i<6@ zT(hDm94orMlXG85%B6Xkye^aKu(xZB@%IRi$08j`-WW2?&7fwD-vwWtblib%?-c19cd3)xHmne3KoTd`nhIifiwQ(=^X|E~P>iJH*YPpNG8|O|b424X*n1K1eof zcx`FseP_alf!}GuXfg-n8PbsX{jAs*5(W0>lZeqdRks(3UnpWDBNWb;aycEx4OQSQ zkV)O$)PZ_-!trvwD?dR204mC0&R4x5JstO!09KCuEtxlUvinhb%hX$mA}-d?o3)3 z+k+UHws+5SH}XU1lIYR)IMy0Rm)-SMTB%<+$ulux9LnTksJy4|q^+p5B zUN=S+?)%ByUm3;>1oAw@CBd70xm7Z18KphkqYzQ)moghLNCj^o$v8{dIxiT1%{mpzcDY|Hv>7&wr{YwJ)8}a9g0;f%Rd|K^Y?$xTZvvv12VP_b zYDGq5v+1pWxYWu1%3b;Fjn1Y}l8*iSv-16YB;)`-5iYI}!HeJTpegSfyHL56MF0eR z3P}m!q*9y#(aY)6=^EzGLYZ2_UJg^X{NZ>lX!uL!6@5mGA>eP|C}X})xVQZ(pU@<* z8d3`l^E*Th8<`75QbN;h@`v=EGI;T4=j-E=5_&Q0wBa-E5oWS88nM0o+QL=m4;kP0 za^Bi;4|1J)Ypk+K(?2R%-tGuo#xDzGaC$wog(|AY+=#T;Ym|R<_p^6-x6q~*B{#A# zXzGS$CBm~r$MBu=8*V8(LmX^9#0>Cubni7wAICMaHmo_mcc&lus7?Y454E4i?Zrs* z`e|_ti_Z>0eQBAzW@eXV%B2oPZGCzh=QxjV0$0+(hDx#D5X}hpug0g1dT-h|rWM z_%h1H8~4URF!G@5nQS*E;=Hf&{I)|-ikN)m50XZBOX3b5ef>Q%kfO>^-X@EEIz^(3 z9I#1v)*#qf_am+eaYmxfa2{XL@v4OfI{2KXM>+3D;-2zYO8V!eD)d!=!I5*jmn9qF zVY26sLZi-=d;LLN0&5d8OSu2+@4ys7#cLWFxXS%WFvt+GrbAA>&kyg*STPo%XL-OY z+2~QvvWfb5v(#qMhlP$nx)MjE1cNoor>dfq-1yKV2C>Me{gj2~Kw3=Hp8YQ@N6jxS zq64xcB71*hw)rBj+{S0QL1omXnC}I%otFh_l%Qh{!AAoc@L)_`RubUv5S&3N6LT9Z zIyzETg2W^NS zpTUbNjtz~$D^@NWLR@<6(Z#V7djzqd+7P=dz(v=e1FZCwxakmQ?cH>C8jXhBi>jIZ zfyn#-J(pnXt4$Yji*_3>L!%0;}0TEr0O&zJ&=ZnC;ZHots-6(=>Ms>+Q)4K z3A|FQ7b-iqiR)B7BA`J;v1RlHdky;&F6+CNFU{z`w<+U$c?!ilj}zn&BzPo@!Q{6L zOs%D?2_MhD3g2AeF@T{(0JquS5proupq|0k`SDc#HFQdhF-%=T*W0FOY~(NS0XD=` zagcq{3y%fP{-Z54pX4O{8Zc!S5+N6qbqqt3Es$__kyh8gxX?J_iQOj*Kj#9k_)cE5 z6U7m-s~BilAY41o_I~$XLx3~?^Qf^UUeK(~dp4_eO+P>eW`y;P)n7mg?;J-nPRIv1 z{Y~f_k`t7}<40aTcOBc&Vcpp(y6>t~8!Lb*`R#QsEn%zNnIJ3AOWvbUlW*FOJORnS-HP4UFaGG0>YQ$Wu~PPC@w)k5@hPZJCEP9Kob%*{yRBF^&C2n`AP zUOLN97-8t(n+4|suuIV?LC}ggwsaCo2(Elx%QOGMXf9F>$(eqPlURpmGM}|K*xdHs z-!YC=eD0s$z3`Bin17SwO zU8zq_;z^>-PKTQ3PzC*xgJdUTV}e=k4GtHrhoNP@9bviCzNFX>ue}083F` zVhSYk&RP~L=vaST>;VTSIrU(A59&Fv?BNi0t&M0xY`yu2lbtBr1e2yKW} z{F=Jb!&^5UA<1FyKL{6LtRkz)gI?i_Pn?%I_~#lPTjL6!QCqYw{(TdHv>uc*~f0tjT{IX?5U}i9iuaC7} zT#haH(69qHPBD19(4#}2X#ED6up z-zll5vCQrSXVTg9_T4f0EG)gP2#8u^@nOr(tF%pBGB{>^CHsf|qk+%b1;gTzw^^`%H9qUg>eDK}B|&dU zi`|MRd!|)i2M9=@N+GGHUSZ~2&DD+XMeX6*ajQN%-5yxs3xtq+p%QmuEu*deO|3UP zP+f~pEm}@iW!e&8ZQK(|Z-FfM31PgoXtKGum=~joit?Cz37A>-GFx%_>1Mw* z?m!;`%cffG7pB7k&6O!u_O)hf3-5n_YdL9u+pEpP6eN%Wgh| z&uyAst(YNNjzfqPB@3S5T7z+E5jsGISduJIdqo$upsNEh95sKh^NyoX(zkeigSu{N zrS!bDCP(hw7?FGY(b|1I_=PuWTi3ikvE_xr_?}7!DtL4vyQHeWmb^dUA&ug@b7<(N7yc~LEtHR4 z{<=iP!d)D_ms2^XZhs3CjtRumT>=|ju>`uKETJ?b{Y(t>nEh45qV<7;{&Lz!V4$Tr zSW!z}mb#~kN-74B_l6aIR=l`4-RB)e`9cewbXOO-ovwPlBNDC@@?)ZJAsYSsDK-Ym zP7DaB@-H#e#QQOWG%ebG{Bvn5nAr1swd2D3B83IOm4NshV+HHW)s|DR>`%UcT&qdV z5eFR;xSl0eE3Hgk)N^qtoGZeFP#2H%0gKfS8j79-VzTAfD7?6{!)AwFg2K>nC~FF&Otv5>E>M zOS!8+UmHUFw&NA9&2CZ4Z4V=s+tPE&a<599hpydS)#7A6jHb)*OA>fwQja&&v*(1^ z8}n06{l0TD$oEUR=?vh#=})(A?Z<?wI6Yok6alY_M1?P<1ycn0`V?xcb1? z*Fb)(?}y}k-}=c<{q#z;<3Rw|oa6SJ=QyqRJtT2DEp>Qeg`?NvjZ53qcfL$s4Z?u+ zoyhx!__$kprnb5R*2O@1(|z(wzVjnxu#CV%VIZdWS-#Lod{p+DfS|aC@?c#EA56TU zbidg~*hJgIXG^%_X-?D@+@^cUolwOm^C~>QeShwL)UP_{*O3^Wz|00z8oSHXq+b9k zh?43K^w9t5sEF#aZu%|!82gmav^qp*f=6HeF1cK(@R?NW&LVGxmjgG-eIL)CvSu6E zvj#{||5@c^af&4ehvKPhM+g|7^wbF+QaDdqG67_1#M81LePE_3bGYm2jrqlNBi}sW z(N>5!EzV08{_hJF@7JV%`9Aj-Ki)TtsTCRF);wL*qsmfWL@%F~&V`Gs{X86l`yny@ zf0xa){_a|C-30suTy@daNi?vVB))Ek$-T@WZnKWdsgfMxyUNFD(<`NKJ>0 z@mouf`mM4$f5}>Cnw*8~FXwsdx!^S2@sl$Bq{^#(c)0n1?5<%`a~_>IB!)%#QGL9V zLnFy-71i$h!rrvNO$7fKKciw3w7d#`6u-tZGlOyA0mF{tap#`~LKMOe5k$^k_0G@S z!`**$b5=j606R`_)*C`%7ViE0X{p$ce4m@FxUOyov~4O%gH+ zU7)37snL==Ri~#UopkPpHBCu0X&p3kpR8e^2w4BXd*h(eVqVwPxELqw=yS^xTN%K) z;egn|4;I84d2lA^mG>%!`P9?vEi7Zr`fk>1v`8P;7;N-CtvARJ0ZQhgIDVRtVq0yf z50#7LXX`>MYkr@%ch&q{_XYnR5<$Nj%PB z3Zf~?k6Rid&Nk!3Y2PE!g+mBNCN6v3b+glPd)-q6I-4oq{N^EVO%x)(;QXZEkhGAT zq0+#gC?>?L?8U=Tv49fMfcSH%>8lrBLQZ`C&mtlUqG`#934Rl-^kp>*Ml>%p7*EE zq6K)vm9D^}#x);?7loz}NDviN>v9F$kXhE?5kP2iq-n}b8~S7VbJgj6a5SJ2c*V=Q z(nRFqR+Nn`lS|O{3{T;|7`f>eV_mj?a;54QhtGi3dMVlGL4zsoDQ}jRk{Q>N;^g#v zYh!`lhozt?JR^NekS^e$U$RH)r+<>*fRslN%bbV8L1ZbOR+!-L!tLbt!DW51aFQRU zy|0pe#^B4~M5>{m^i_YE=zp(OPHF^*G?;h?T*QC%{)>1fQ_lKzl>L#!q z&ZdDM>;$SZGvvV-wrNV6sk;nE5dl}ZT<|aK|7|*nO9P}>u>7p1d&g2lR(4B#tO?WLEou zTzL+BRBYy_Xj&3U1BSeZZ6Dz`wAxNU?eEOA*No zjsT{{N0mIM*;~5!&w35Y3xDTofc!@Cx{iPhvachoEm2QtIih?;WCe%}^DNl$0cwO~ z#P2hDf^vvFDOqaiW4RBBAMt2&8Mz`y({GRZWgLD+DD~mhc~#gl_1xQ=o!->mls}+& zl0SFvCjixIHqlG`eV+mn_!vA+h0-U9k+yQ`W?*o5gSfqNgr0gGza;GGO`v=cs8fgQ zW*=>t;-?Yku+7qXMeSg57k2UTtFMsn@BAVsq>9K0OYuC=p0Nz}lsVlSkc6b2*73#_ zRpk=)n9{@0~&{CVTfmoax;HvwsZi{^a+5cd)}6 zb2A?5KXi=0{`PgcAY`c8=4rm(LrP>ELdKEzc}*8{*{YzC-#^=G1VIMf)RTHha}S9G6bfe?M$D+jt2v4;ce# z&fn~QE--6b^tB7wY(!$x6~qIH6fncc%if_7AM?oU^To~#5sz6|?f+;w`H-Qt#{f!$ zhkZb9Epn%t%3wLL_zQt`>}mh-wt<*8tDmzuIqK(`KfjI;Yr_WzaH!A<-lhiUlDbl*e@k|N@!dp$$c=4;jxd4B6pa~>U6Ar z=ssF-y=V=hC*IQ~t%NVtDK|6QFLHsdqkvY9X~M$}Y(#dr{ zMxL3P%1|fyOy=<;W6yiZPOQ*3)cjAQzo&QX{Osm_PN}f+9UzABiD1{Gcd*(7uhO2AGV>44|4s` z_f{xG$w}A7SMk6~ATrcPmQHEPUbn z*qLb}R){2lzok+s3qJF-p0g0-rr&_EPCg-?=Qmg|fB3B`U-H&v|!a7`TCsZ2TAa~^g=?zh0C5uc1=gaJbb z3=ewp{=T4HvHZ#X`1cu>0XVsPSc5N)Q5=E-<7!sX-^3O6i!^}b!1-K;IvuJ;rhg?9 zJFV6}APs3VWXQ~)?&)h`WsHJYKP%>N{@|qp&TmqQ2$lEg_Vy7Ov|Uf$N`ib|c6;;H z9mo07C?Gc(0BYa?H0H9OY`v0NOBNNo8Nvw$Drp$LVXS+PmIub^Hn4~F`4#MI|HY^) zzUf;=om4EuJfn99WN6GF6}l`NgvjA`F1~Z)QhFutmkp_HBm`#C>-3zoY zUGMXJ5FYbwdDt5HMZlU=J;m2)!@Y2Hz7`O6*P^DZ8%2c=pgWE*)i$kq@1iFn>hGHf zu7`ow5Cv;px<%y{H|TNN;g$>Pizt9W8{a2pspHqC5gM4Nq?T#$tNDmQ91nM;u6^cR zAt#$e-2mAGLUb0DG0PFGdiXQH5Qo-IbD1}GFN@HpV)sw9O}Na_5OoakZX%s6z9@$o zMY>gFt+(+0=i2q#kR}{ZSCzE5Xt(Wy?i|$FZ=)SPY0nORoq#SN9uCEPNYzt*`}5fl z7ymZweg!bp&1F6`h$XryL^V) z7c))$6(3jojYH*`Dtp%UdFhpp`(OS?CcG-dj3EYFOs`y>uR-6U{KUYEBA?=V`ZRetcbK|=ZyeN6}6 z?{3H2Ik{HWA&!hEvGtH+J)a`>1%a0tF$Zd9QpQkD znCj%9`fb!ZdGTF$zwGXyVfnGng?}G^ThO&?6iBE_#Jax3mahSuVW|5EdZhsm*lP}{ z2w>lb4qq3qZ*>6yV_{F%g?y1`va5M9T}r(WOWWR8*P8~R z)TutRFYe)TDSJ+z2NqKb64x;71D>xbR($oo%ZU*Lq{bYKMKuq~ZK3ws!_-r@_E9m2 z{FAv}-kg25ZXjP=ehA{iqXT=?u8k$-7fG2kP-x}cDTbTgaDvuiv7CWec|Lt-U%f^2 z;ZnfFs;TgRypG8z0W8HM%>mPWi4H(ua^KY3+umopi@wM+M}oWgVlHxmgfa7a^L}p| zDP;a*aFYd2w!8CFqk#g6D8JdrBTEMwbTve8>(l!_nb4WySXp|El$XZ{^*S{rrbj;` zYJ=6g1~f-pE23CvuHt*gM{vcu`2*wn!yT>fvTFNSmIv41o2z|;!hqv9>bxX!?D)H; zU5G@b)XFQ-2ZNyN!>UB(XF^UC?2CH7^slhU$X7W%zuRHIk*0DP-kWwjxz_-)WWIa@ zEgojqaO(*r_1>Wto#Jw<4Lw%w8ySOJ@;p&OR$R7yG>A0=NOgX6KbW4LSL>`QFTnz( zgz9Yft=#xa*J;J?O`c+Ljx)B;v1S_6Uu&~Jh7f|@Anq}%%0aCeQ7p^ZyOtmf6Ucl?Mc(U**5hO12A9ARCkKX%zn(F5Ur19d^M{q zXfNZK+o(j-rATW@+pifi>Ih+G|@-dt*XsH=2Qnn7^eNl-@Q2hP<$r^B+ zorvYn#c67w`=pV!ewF;P8Xt^*3hp`~&RS9*F#zt}KKwMqx5Z_w%429= z{a>+#m8Dphe&U>M+rEJ9_hTfg@Q*&!UAzgW#H+G=C6G$?YuE?TAS;1$nQthdNh=xfIN6s05_+k+bS~|@>8#=oSv>eMHd4cQE87I%$_-+zK~ltT7|FJhjpLTp4&5H9kCkvi(OTEr~o$Sd2D%z`tid>jQ;&R zspE2fw7uavb0AriXUAvoe*shi_4SLb?6t%WJL#QZ)_!Di;18D9l;^H%`76PtSLEBx z5A2OZIr)aAgRlGXEvfL)oXB-yev?EOcZyC3Njn=XOs~EGT<0OyXjJ(RLax;-XSG z(%u0ekrmw`&pXaW$V-y_<`2%t!-S>BJX}C2aLUEhi}ptUE;PmB+tr&bAj~NCpGICe zdS%-~x|e%dc{)Ajh2mmjGggVO6_B4Oue#ZG?O8Xjk!@K*a1!=SK=sCkbp6Z#wBKHd)IPNh#l5GG^0K;^<36y}u?0lI& zBe8YbYA;}ZO81_)#0uByXYlI22{{@mEBJS)GaJTrJ2Ra@D>PH9&dY~#xqHXUMHg;) z3#56>aaMakK31qU-%G&0zeN9Rtk-&|`z&sS4uLNWUU_&rV;K9MH<^>xFtl@%$=lpL zqF4L?V<07>ecUY#H`cp1or*9g-9xpuWA;3awtUZyf3xWi^$d^zH`qw=^v`>)<}GOu zWJwF{07lDuj}4Y@XSndwd@lt|B40BfidM1=ZOH#cYGYGu77jrYXg4Rjn;pYHPrR@; zF)gg8-}ltWJOUBXrN0N&_fC*+`#8(pkhh!B2C0 zbJ_yt-XRhFrBc6m<{ixzc!bTDJrsiZIz6o0#8oft5MvYM5rS8-aUtY}>*z*2b-oyf z(76W+kU5sRVyc&=1425|3*bMkr~{@WyYEA(E`=4Ya#Nei5IrPSjy*EGZG}b5RLKL% zXHDb>tivIHYKrQ4&ORQu8CU>$Ri(?rwYs=;--GLQs_BW>YTU5&AHNI3VeC6bz59J4 zpS3@}CmxzLYyvC#Z+|;K=WZIDmL`YbbE)9&aG@a+ATwqtbPf&6N18!_4(FSc1gH}a zaCzXT-tk+o;CyEd-q1P(3}(!fY`At@f&q;UiP3)|_8!EQF@LMDuq(B))#55WptSKA|@Il!^aVn*9yq{Cn?D zNh|Xg=2(py^^IqE2GsD27YJ*oP~GHEAuZ}cG6K(74XTc18oxJ12AKFrvMkD?&#+qK50(LPV~yl0!FG_+<0siw{i1$&it|*V{{Xa zOxrv8bMIj?ff6u)5?Ax-k5AYQF#WewM7v!cf~RE#b38BS)o%US{o>(K>;t)qkUnQ6 zyGgKQqR*J(Qv4(vS*QCdq2%^@B{MW%ox`p5f(3=xzDlH&nJB9LFq2=+`-@@dw@n+B zCnE%tHKAca;@*YF7>@511);_-JlXiV9Upx^=84o~|G)ie5L%|sBWG>bCkuYg zxcATFg$r-22^mT1K*HTr?S3~Zg+N&)*kB#+xhUeb7g2tY4TsK{SWVXOzFpfZ2Yadz zKMx1*4#DtpG4@yUrBVpA_QBo3|2U7~9X=Q07Tt8j_1zxNxAbDywUysQS!2Ubt?#ej zs-0g1R%^4mFF@wgAJp9#SFDcc(V3yf;#&o^@tTh$wdocsRJFedY`)rEOngAV-$qP=awRWz4o)VP z;>b3SOUd8w#i=>2$$Ye*t~MQ(FA;T;Giqf{SRZv?hC>I{j=J}Ieby2i1Rzm3C{Sb; z*RS{;+SB89YHI?V)la^?FS;q-tIKS_eiJ%dS=GPeWL=Q;ZbQ++2K}g#%W`)t`2qeK zjsTrU!Ok!mFZ=x<>D{qOB{&TpQ^0x?`O1jf!Grh?O;kLa{A04>3qnec_q2I)x+8Q# zf~_Et8|3*zn0N8r9Qyo1Ia6hm(}{52&03CAMQ+FiP!)Hfq{2j8)Q<}HMoKumis_UR zK~S`iAK3Rkll1)gdm25;x!cn^{G3}iNw2XX_kFQ==I8|%klctNe5x=X_b*cY8RUrJ zNQBndBsM)~1IVzv?=YM{qrJMd3jE_;m|fxwB_nnt`_g`6v6*zQbaQFE5|#-=>xUM_u{?Pb`_YT!u7YzJzSM&vxbPWUtygu*SZrLKZzT zQM2S5J@4NJR5O6X)Gnm5O((hWXQl zI`LpJ8_@wt^wZhj*Z<90_>KtbmhsPzKij8yWh~o&8fD3?=RNC1wUCOT^;fv1yy4g= z{IFhfq<5R-yE&gsuP(ySN@hcg=QvM-qu#dax;04AL7mR!qH4ll%pMOAa6_<2|1&XzSkyVhF=2@2_~rD z@B+rEE()j}6tPgMIF3)B|gwYg6zt9yz0Ao_#$=GI{-p&$r>} z3wcfu>_jtxmzJa7_>ct-b5iu=;rOM@f)`#>D;A@-k3((bGhDI~HrQ16J=amrpUR{= zhwr+osn2(8`hm%rhJO6?r*DIeh8jl(*jUKDvv z!&}>N${VWfC<4Y4JFb6)lzOrRSXgu_Mkv#M z((+|PLj?`)VeMGprEUIMoQ5w?VLy+j++$_*YSqcIyV(s^?3c&-B(x@oAk8}^KX$(| zDM>Pl`gz3*l&3cIQgT5PK=GL9p%~?b?0NdDrA3YN5&2_rgF^u6yNcwkEVpI4wEFC| z=TG*inN9i;>^IZKJmFoaw=L_f0*nLvUQCc-Hm7^8JORAR?| zFR32?N7I>YD~beB^p_AB-r^t)PSM%!717^V-N&BE|#w6kMIG#=ktg!G-bpzVI*`Ms@ z`h-S&+uvP%KY#5A&BH5TO#@N7564X{IfT;bOM^U|?fds=ctavkZi-5p&ugw`^x5E3 z5*6fwK{Cb}f-q`za45IPIL(%fqLd2%u4L-j>NN4E7Pbi)MHx1u?#Yn)5Kj zZozWn&&0VfdF%Tv9jFKV_R3VcusxN+u&9a9fZu}DtD(*hz z`&CVB`Hq)8KGbLbJU+Ff*OWEIMq8jA^%N2qS_sxJ9!IBNgz!S?_w6$h8^$}UmLYuA z-%&6uhf#zkybew#dNve&2u%bBJ_?r-!JzW(N+**)OceTUa2|>96aJ8_C_X~^(B+m; z&my&Xwhl9~Wj=yL{z070X#vRZ%-bH#y&Ftm3l9E7mV5d#9l_g$24CPP2gb%G zPfi00t~QsDR@yAcBU}#JTDZ|;$P^bYa5N-(2g>am{iQ*Bq$A^@^>_s&pg<>$g zm@M(|X34B&?RIQi@0%|MSWkH%<>1NHH#DPXJ|)yH01>puwA7;V0zj{X zQ8zR2kb+VzrNy@%zMDDhX}2tkC2vq6SFf&1<&NryP&>uEpD&j7#e}1PI1FD=L#^&M zeP`Zt=&!&nz-1xdSNuOrVK1%gRO$+k+1T+(XJf7Rr~>?yejn9!CE;{pxH8R5s3wL@>SOPsodpZ{hrxdw-Ljf zb!hF1WG@liIQGVw>vvB+e*Z68v$Xg*%voors|_C|T2N!?338kdcgw1<1I!(Xce z<*X@sDL$UP(_CjxfNko}6lCZS$sa3NUSPk=yf}7!iRMu!aYe#n8B{;PWJ2%#PiHj| zI>%qCoEn0IRq5`+De>?<>GnbmVB%MfMLJ}+z7k|hSJW4MXB+RuB)>FWhj&Z_-%v_t ziv!dN*EdHcvORCA8hn@VBRM$ChZeyjGQ~&)7Rvkz;hDIm_`S<2wWrCfP&v zbS8~B@(jH_(=y+zL{_(cKkiY%hI>-!Y`r@0^rtH*5)3vpxtW`;T^?klJ#aX=t(R+M z(i`{#L|4DG^fXj9k-P7C4~%ccfQrRFyK3*;%*jKtgwgNgl{I!FC^tG#zmhNXeH?G0 zeYhC#zN%K&YMn8Ue(fhuhAMzH+FOTJLJp)_;Cu)c2` ztmefX>i$u>N^t8%J8XH~CtK##d5g0d@FV|~`$uxw?%>@Q^pvGPAD+qdn7PLKm;zr5 z`SWy$CY0Q_&@g0X+m7Wv-KFb?(l5IyvvLh-^eWu~H1*6*319S2wUNfQ@9p5nnV?Ih z*Fb-tw@c*-pX=dzkKy`Zie3`oTqmSL+*dzK8 zMRkxJ1y=N>dPjj?seX*|{@Z-qh;nvXpmB z)IqX;C^J9;)5NwQn~8BaoSyPuKT>?SVNwIvV(|bNv`)ty;TkMX=&#tN7P`4EFN>_M zO3nkC3sHq7f3rR75r3VtKO(Xp#T-=BzN)@L19t4zCZ{rfLa>N-#cxTThedU6n}Mo? zqxN#tLx0ND^Orkx^_oj-dkm+MRnfuo*v+p6t5eF!huOLYWY8EhCF!psBzxaI4RMSy zVF(_YRKD>>@U@Xo$1kXr0KYd+(WD;RQnA18{V52DbHES--BGOUS8-dt7YD2N_%eeL z@B?W7`O+E@eiD|&aqdY-cb zhZ>9YeAN^E@R0YmiuO=;^+igEJ#@fNnS7^8)6+t{+(Z@#EEi~(H9^A!9xMjGQiLl_ zan$&l>J3b-d@c0h-Cr}UQudvpjE+g4Nyj(_?e)=X(@D7tmr;wTY9BB}Gs}l?yi&*D z5!x~|uQAPk52vqcn^Wr}{BGrum7>vJj&;#I$``J?GIl<~b>-^obg)n1_*n~8a=_L5ubP6@$Hm-shH9w>g%z0Uq+bpg0rW-F~W^;;6H)W*r@XNjDxu) zIbvUva<<+s4}IpyTo*14?8UFIqx|Qh3=A5%Cjo`!a=NPlP9dDmMeo8FlBl-!15ajt zCiyPU&HL}27nfIh{))-z`v~HaNr%L^8IZ=!*lV0b3a``3Py$r@-y-?@`)r{FbB^b* z#f7Z?inc}mq-Err+f><;Na@2lJg_M3qLu2|pO5+ZUQ1?TNMEP0dj>Ljw3s*T+RH;F zrvVZCWu|2Fbr6kP0o|9Fp}*D~yq?>zwn5#$CDQfDLY2E4Xq#Dpy%Bm`d4GOSLgt>~ zclh~=nRQTxYeAf%irr-ogCi=Yn~OindHN}HDsM>~tnROn%kA}*tvdoF!F+;*#^Oz+ zB=ZNVQp%p-o3W=nG}$jO|MEujc;BFa+I&S89o|Ts^M%M9Vcl$UBtkZ^lX_=K-y;sTy1-4VcyM@GppASeN3$IZu`eJUIrnx1~LApQzifAwouZd!vw-kO~N`9(-T*CfN7E1^KlrY^i zhd;Jtj45}Jx6!q?w=M`Fgo9or&39Fz8B%=;COZ{Z2>KXif1s6RB!H$o)kGH4w<@-C8<)_bwB9HQXE2+>r9hH1I^F#@2)dC&@7_SH32z#C5cB@ zUc{CYoG3og>`EYEd6Tch%y$CH(s(!-@3gd35MdLSzAHco~)?Wo`Ru-&l z)l-+ng8hXJ4WcyB2@=5zitX|(QPyIh_7~?lqfakodi=qh{fxr; zb&rnvo;@wyO9jiNsZqxA`59FJ7{Gcx_M$Wc4Wj)$KXl^vyj<1NLoBWYo#S`x@^gYF zWp568AS@_2_SO9W)N7f}+#kllK3}&q+az(k6c)4g1avxdpXK3*J&R(G^0ig>OoE`7 z7o%RTC7EsFn>cfRU6fDewM_u_q=Q^$6y5iXjKQG%xH+JT3?AFwl{@ghzkXc4zw&i@ zpVc;X*1ij60ZXZpz=ErPo1S!;->7@yZ90vUzUs z*+Wy)30tBySKC9x*xnbj;%)}nLH*dzU3D9naGt&WRG(#gV*TqZ(=HSTYT4T4KyU_I zhy>DGr$7q4Mf1KjmtQ8;zWVYm@jj4sNBjQW$I-sgpyO7&>yex}DGI*IfZbQ#u* zCO{n6f6*%$j`|voqtxtgu_;>32_YXCw|CQuMFoXZ-cqfXJhls|_K|i$geX|3xCoh= zbpEGbTZd~ZlbTUXLc7USm^8cSqBcg;r4fZ-3(Pwk*!%bNta$dyjlPU+IIbgl2p;u0 z`pszNp~l=K*nD`yh^Zcz^>mZ3{1?Z#Ci{FV+*gc~U!#6(Y*UH80<4zyB69lp<56u zTQ8}E(UxevRVFWU{Pu?HCrIJ8-cBd{?P{6>RC?n|9qH$W`jw1}pm@kKEHO?=!R+#T zy%M)$(T*$;I(Gylm2dXRc0j|Xo{g|`Ci`{2(Jss5(aK&Re)O33hoO^T+>^a6bZ_|n z+ylBu5N8Opqu6Ip4;i(<)@rbJ3v;-9LMxHRdoZ6+ovq5?F&YE45D6*CaW7+ktkU}F z>WRn*?2F5xX6idcTQv!PB!SjHF9Bx&=tOUTct{_tg-WfVQoZ@Vo%BYz^$efXs;`0U!}T<+&;Ed{C2xox7ZGjFob(~ z*pdp!1WN2=Jbp8yX`Fru)yU~a=Aa?-xWZ=B_D5S>_qhEVS)*6k$B{iOiSSl${WegN zS_g+AskTx)$4zlo!%J7cgYiK-gF}xnv6X*>?~!!O@yo>tzK?CtE$-fF|_YV?JxMrW4_qY!cvt&JxvWgfsNdJ1C;CU}AaNdivBM%NV$>@Zv zX0X$4h*1AYfx$bI1M|+0RK0&SB`-u*f~#~n-%NY`j(j7>=Tjzc`zME((jLP%*Ejwe-zIcuNYLoxDm?!a~1$YVbUWw#jK!b|mJzyJVF z_IWr@_W9}U_X<}8kTN|xGlomdX9|`Ai4g`AK*(z4Ze6x#DF9|2jl_H(A(owSNtKuv zWBXDse>6MZy$bY$HBa`yslmdSL?eG18 zn9p+N$`%%o`|;mn_MOXT*Uenh zdF266B<&L=HyxBkfMQ$@6k?8cwXLJ7gN;>0DaOM~idQ&L>;8- znF#`8;3u&vv&PfH$yu=^5clYIo;rqT?VIVeFpK!jHTwoj^4}ckPnT>b6d@1H( zPKoUj=Mt^Mh!_W16@8=<04s(5v=HwXGQ|iHzjhIxDOpP85SArh%S7Y*^0=KC?NXX- zl|(UTVXgjK9YjklR>5TZn&gx&4L?X{!}6{`wB^Fe7}2W<)E^CJEaJp;6y$pQy1`{; zsZj!aTWN*a=ZR}7-5wp(csg4R`t`aFjBt;LBPbyiy1c)HA)YyxWmAgp1;}Midir?j zjiBeJi>3DqcYN%@tzZ{~_aOL(3z#dGLFNx83q*%Sz4gPLk?qIL zqc4T)xx@xY1DkuE&|3#be8>kDtx%G~QWxaY%K+vJZL-~w^way5YOV};cw==mOw zyL`hWa{+qQi~sF^Yse`&kYv zEQ-6d1pB++mOAF!a>YoXfY$?rK6>z{U^!n>6yu=ppG{uUEDvp-VnbP!y|MDW1wiT^;!wY#e8;v*> z|M2=9)K(KF_($F$bU)ol7RviAYTkW-rvA5?iKELZ*F&3uj-~0v(CHeNva02mN$2wEJCzb=_m}8BJcyLWe^># zT}n@RF>qwUios)w84PS)lwVtsQz@|3zLMvfz)MF!_29AqD&Kv!eM*`^?`@Y9S>N{X zeazo0ZJ#v|guNj8nrS$>H|w$KReataPX-34FMYpu*Wi6^t=01$>o!Pm768xg?&rss z(-5R}Yz`~lk9#Z0!GoR?{HVC#9*H3YUe^(RHI2XUjb>dm=EA>{x%cNivt{{B_SEHr zbGtD~Jso`uT%g=gMKPvS#|AC^sXQbIuFGngeg43_V~r|tHeXQ6uMnf!^Y~}uc2{~p zE#yJ|=A^Yvx7CWpTZPOw6V~^y&kpCqGTg~mM5 z@{`D+@`Rv1k94!{){H$t1lqv5E~c1!<;qHRBz%c|`PbxY902>l%QS6Ki^aZ>%&`jz z$ALZd+iFnr+m>iLryqe;;bZgLwWV*KYR{D71oR#w8*I>A$mpDedjjLnF?L9uMgmO^ zJp-n4GkDVUj+m4L-Xrx$OXEEREMJQG%r5S`4#Pwu&Chnb66@vtj*btQ3VHIMCGN$O zz3NMbH!5=wH*ILGKd(C3a=kMQhw;zEyPnT1)z=+c^EGHdQyd7a7hvxsQv4W+$@vI2hKy8cpKGyqCnF^Dy1G>J2v$QS$lWSG|$7 z4{smww_!cX-Rb!NlItVAvjk$OT%Ppv)Db~f4g;z>xEs)}pcLwBI^TXrKFLY$GpO}G z@8hT0Cl~zK_7PsQ*z%el^Ch!_Ig*(aa#N$E;te!lcrCKbJNisy6P2pyz)rW+Kj^Vm zdV03+!#&b(Au{aZgD4&Zi6xScPPQZ7!BMV1ME7Cl?oE8px}yGj>g$_klMuaT2Kv_4c+(P-@%-vj+N^8oZK z4(A2I1?7dyF$F}=a(rcuCGZaoYPMJHS?ii`wt&N^i-V0s^Q%3-fu5TLZ3$ zzEXKOoKKYpuguJs@4&HDkV*cF0PqIiT3bHB3#xJ`@z%|C8-Crw&>@ZnrIXwN+RS&s z9ZcGI+l>troAG?t2AS>4L>1#&fnGJ)>(hC&v=!6%?UJ$0`Q1f7dm_JPWL))+GKK1s z!?;(f`7|anXxOK3-p1Wf-_)vWB8v9_K?OoNI31SD9-Hnj9i1;H)4Ac+WFj7Qsh26e zz9}E^=zr*j$gCZ_-7J2pvwlQt9yx1Vwyw_^*@!O=5Bh!79=xZi>Z-NwF$VM48z2UKS7wfOfM$bC?Xa-S#Y#H@P2x zY3lmR2-Bb6-BVlI5V%lme=l@${QOeKbt8?mjraN7eem|?mQ0;S0vxHljM>#z;trDz zJPGczphHx^j)gFmd z?+o&T4{x9$YeXVR%haqSoF(^=UHy zR{|5C=M8VuE9a!^dvSnl?Hcc<9vdLps!N@->v=Yi-A^Q)6;uWZzC8zY2?}Vhx=FGQ zgGM=Phn54ix+!5HC^7|88#<=11lQDg?cRAl&Al=6`D!E2C2o6NQOEVa<}U<81kwcHWqB3Qe8McL}Ah#Ja$ z_N$@EbdEx|gs*H8!)ncR862M@K}|)!Xb+;cY{>EW>s9kHjF+KwT)v;mss zsZTDI{gdz%L78)O^EO6YBoR^j88DU9vHzlV4oTGTwMhmRDB&Bw5;2QV9v{^kYZI{S zxu21)qc5o`f!rgwm{j~%e!S}p;Yhs)I*qHdD(b@yf+Izk1;~}wX`u6)oa)MZAt+c7 zajT2fYESZY56-yVe|vf~dX}9V6JR}7e}j8_%#1*dz_x6&^8h}WqH8f6@3#3|mDzl7 zkW;*(GXojb-S!MGd+zV}M&$SW)KT11X+Jc1(F2dzM=Qx*Ml@HU!A=7#}9`=H%qLdPG(~pSzxD+tHdW029taQCJu#Vd;sdNlK zGF`tjbp3mIxk{IF8Zd%|&YZj3)jKH#^Ze+)`~Fd8|0<4}nq(EadA+|GGov z=5vq!Y|lzifH=xlat}q*KC)g4YbCgiMk4!ydNY!kl)4Bk4`|IE2Q{bhr4r@Jv7&!eYA zV$Y&Mr`xd?#Jy!=k1;BjP5?)FK33I|F1la2sqp?09UgiTr+w=??=F7Ik2=0wF>;jx zc_jRse|pSgk=@?@%jT8hQzo|LIJasc-Mrt!$&=d0071`ZpaEWu(-x=wKq&GLMcJ$y zu`dP`TrP~kdq;M&K0(O}voPP_*exSl+HKtW?Q1Z?*?c2bP(diBtGdb&Z*npkJk7lrRn7XL@C{ z`;9wZX+L%|!x@a&AW;9|vKz8y&t49H1wG(t;AG@kaL9e_uObi%m6bT(FlgQR z>Q+0t`Xb+HmvRSq+ zNnf$*CT6t157YG*h}%v{7mPg{I()*2UM)**Pq0NPO+26&<{?NuC$9Hf5z;GxU{43Rw=+PY3cUm1{hgC zUXyZs>bCln5!4EHvmIXMdfbN>hsG&wOd&AIb&hj-3V5hkpIlD)jGX20dVVEvm;lhE z!foT8qeL(Jm7#Vk28G-A0t|6VC2L_n9mt-d*Z%fQY6}p()YzD&ION<7J8_qY)-=7Z z>GiqMY;E?ac1e!7PCWYNS46CGtAVgfGA5*JR;8{%{@1?Kk~_Ij$Y-;_*5 z_n-bPVewLL#FGWafgkcbRex>{ddh42?iC9sA!+Xytyq6#t6rR|s9q1D%v8Qp6)>f} z&!v3{wjp}o;l$-n-Ytr;FE-0ssD7DXZ69J1YML;7^ilc9EGqR?as+TA!fUCy8FO0d zRID@ZdQVVPhu#EcP?JS;cjt<>#tj92qFvf4)oKMzeoPk-)JgFzOvzcT;bxydecLmPh@-9 zMzjS?$8DK>tr}rIweGVq?l)mUGu(Is{gOPxr~FmyvB>uF3@r1?;c&j;h7t5*dz!v% zwHVK5HC5GV9~l^T#7khFl6eTIfx5dL59Wq)M4 zc5ob=HsUJ+-Lr|dmjttyjMW;?5jSTyV;*f==<>FZH|pxK1DF1$upxw6Q|@N{hUW2V z#>j8?miwCB64z8YbghI9p>${FHz0e=W9sh?a|Wi-YbI|>b3~IKT+HxPi|j!q1CJgG zU^c=1Xc)x(svqx*q75Cf;W@(UYV5UpLq!QOE}X|?NWm`af{GF(Nm~aPWHry>WonF{ z#gX-c{+>+u-n`X)%cwNd6z>;wk827;=y8**oBZTq`sn#xqqp%8 zF24~^M2fP!d$KVAdqSScWCNxXzg{GR+8zIdXH*>Etyc_Ym~MC6L4xakzDzNBPH+}@ z7vwmHhOVI8wHDZ-;Z8;{d71MXveJFPTg0*+r3jXa5BCmmMx^r-|&a& zm^na8%1EB7&F8Q8Xk!2J9?I(lrZy#W+P;}mKGAjvNy)I{1t7Yx-7lLSx~OJZ(TfX9 zc<&%O3#6P&_DSKMINOLSA03KR)6!;cs}38SzUf<44O0N zOo0K5Mj3u=&+0}&^8h_>o(a%1YQ;fCHBLBB*PsWoFUB^J&C!WF)KuXJlbAdBK&DPM zi2pf1OE#4d*fQO-s`R7*Cl$T z_LZ&)zD5(LHP19;ely*zmQDORQkM08)ArUu;cd(#ojsiqcE3w}Lu#hI^xVl=5Wvfk zF`Wb25fK@WA7+_o9Pr1AyTiV^b5}NI{!Z?({xV+p?4b;^fSXtbYBnC_UMLm&$_Sdf zPvgTr9|^(9_%YWOK4N&We?<~Dh^5=RU*+QM-?0-cb4N-w#`q0!Cvm&PR$=kqoL{~h zAb58tMS;qxh>M`cbsMc;IzZnLiDdR!!n7s)Hc~V`tVJIV*URmOgwy%nOxMRiQrmuw zt#BgzbKT@AT&^9%*zbnXWXm4*YU1m;XLaMZ-(8matSD8aHi@YIp>p*^K(Xq_KJ4q@2d>4+dpZdd$hxOW7vI$RXND$jJ( z8*5)XQYkk$B8l>H+n!_I574 z*k@&Zbqg1&GEV<--tfh84Nv7>{b0Z<+gx`9{Z{^fB!{lI+Y{y@xpN(c9^>oCu^7OmEXf6+r@j4CufPV~vcRoG+ z=Ka(M>3Q4 zTpzBzkMLhBisYyhP*aw0P3P4<=RtvMdAm}AWoIRjMi$e zZw^4U&-EI7@V%cV(JUT4|A+sr>wO`*5P!SYKA7ck->3=TosG*BY+pvLAdZRo{eoc5 z&z+CbdBcmXP{bp+^g7T+n7?~GN;)1O_1sBrQ4+ROsD6&*K6%0Q3y;d%e6%Pg-WGx^ zXdX4(UUIs9s39IPQbYm*lj3D?g#@EM{z0yW%5&T`e}C-h^m_B!=WWQxTl+skch8j9 zkni8;KPyVWq`|kv;rp8+8QXTBYmvj7P?2vS#riL~aVH4OF zQy03g{OjM~@1P$)*Q5r&Tx=&Z>}Rz zS$tb(5MpYdm6;uXsDM%NE)#Kbj!sAX9wUm+`vqtAGl5QroBWgaT8|q~r2r4FreJhM z@#EiJSJw$BHN(%jdq!aRXJ(t@j>o!93BuLhYUgrTdL9QT-j z>*&*Cze0yOsvjILyivQw@6||-|Ezr3&i+ciR2S~K&EvLY8ImY;^)?(2Rg4w>$3NQDNWe|(DGUsIz8Su9vW_O!lB@0>e%@^5^qcyqx+U97c zU=Y#oV;D(~8vZEzSjp(eyXKqovLGP>GA5sxyZf*}GD>8_zt?}V!z>j zOLjeaT7KBiA+O^DI8v+?GO8;#&zIvQ!<&HVqd211tmT#Eb8oBA7vQqX$;2!_EILCEr{Zh^FA%0tMm98PI?3B0ah zs*l_AV=8effn%QoHT-PR!FML{Q8Rr%10f&p{=7}^r*J?0V&QilsUB^iN42{UdxRE- zzN&jrdc5`8TYx?c;ZLiRc%&l^nY{y}1@@T<0xfYPC#=#m8_)P3P zZjp}>*0|E#!g~qN-DAT|g9O)2x1Vw4UAnu=r}0CPw1N(deBYQT>%G?K(`hQ@XMsi- z2zaZj9Iu@pko3S)n);&(#8$%7i?X*2jEr`HZ|oQ4=J)4EHIFcUnTGy>tii7BN0DEh z?Y(UN2Cpkt87{RAlPL6p(h#^yv`A{Ye;JAVE|CC- zqi^MN04`J(|Gt_2C5!S9DfM{s(}g~sem7z(5)!B=FFZ;I&V1Xa+Xlrq-^gXv25bF8 ziEnxRw(~)f2(fav?{w;;l{}o2O!Je=?bW(^bCyklIq!O&hsEEYr?=c0y2;d|8=ACJ zv&V&P>bAf3{qNiH<19S8D8^}$(O)i-{DI^EicYnZG9#LwyUcuG(IOxjzxF>^Jtlem z6)^?hUduM_!{~l~npiIH`|e*`DEr-wk7bG)wdkxTcQrwTew-y! zOUG!c`<6r=Fr++tA*f)HgRYxm9EPNrxG%M_Ds|{TsGrpHq}Dw_`f$I7 zf--z6BjazUhdIoEAY4p-es$`DvsJcc<%)R~d)-B739N_vga)Xo5@+J~BJuDW^AG1) z{r--dc%o(4-nG)J|1~Fegup3pj>?f=ShAI<09F(SssWsLg`Y*O#W6a-SifGkxkdXx zsWnjG@_fgAgL0p#?(hV%mb0>FXzc(?O%~n1}MmpuUx26 zC^~-N3P}~Ed8H#7TX~?RA4=7f8}7o4fUpKYYvab$g}%(9=mK6wnU@J6%u+u0f&_#F{W{e@#s z+i`|#ee1!8PrZ8{K~a1KrIP5%B4+*VA}%R(3`Rh16kox}3}<&szVFf(5mpH?)DMLb zeuD*@s*)o%o}15p$rme}3ylYf8BkzvEXIMh+o=gB;4*$IrXNj<6m*v?+2;Wwt->!z z=v+>C#@ns8Dzms|hk-%=G27^JYF?^UYY(&#wDoC-u?h%hl_6#5N*L;uQ3S2 z7h2L6C#=_``$W@+l0Lnp9Nac8CsLA5O0zFDx1;+kol zl0P{xy0wxOVWArt0bbE-AXR%Mv;OUh_GEyx1<%XRGG1Z=5t9;@_1v;ach~j^Qib#2 z;c4~cac{#C!0P?YE^D6AAR6tD_Y=gOYnFaHJ(i&(ph3$wKmIqi#*BwK8P@1kU$1^h zoz^?aEk0kr;rqMK3lLKP(o5c5iT~8c41ig`cI$n46+FK^PScG~Y@T``@?xM2K5Hh_ zOZ)jJzpj@x^Oa6FZREpo2kpbD`e-#aj>Ve(;AI-^IX$EM`o1xOZAw9@aNl$Y>N{kB zH1>6v0deYPm%u(G(!?BlBCoHVc$Pa4Y|#_?KmEu~XcH#Xyr9Fc9Z;FWH`4O^emkQV7#b2dE-g{^E3`>;uufirF|C81sbBlXKHA;D*k3W z89ddXJ0O)>@Nx6&Pk5r#et7K_3B%ndwh7tV-q!+{J(Dq#&iECzGTLpH4))bQ=aX_G zU!y@Rn~4*8j89+|rws{R^u}6kk2H5=@7sCk&%VXyTvGSuqESi4?!9M%KcAK<4!mP` zD83yiqSW8&+EeWJe088Ivpym>!#%+|QOY~N@yLtVNO4hKK;cX(>W+5g8Vy-2e1q?ak-=k5_^_%mo)e3IP&c#PTS@oul^_0 z7#u#f4E)1>E{Lst9~-&%^`ziN6z+yJ*2ZgI#RXrAuut?o2IM}c*~#nR6aS1qgKOlMKrS z?&uUjK-z(W&L?@@^9Mxxy|8EZ`DuLRs-3az|9yVd6A-Bvqu5-XGGqy7dfF|Secv!_@I@GtLx~axH7_an1KLC$Oi$)}OobrX+#BGe4+%u;i+`kWSMDF zeB|sUM~BtHiAeh-$q=3frRHgzvB=Og2xNCANeuQ)y`9YVqOA=;9x4k%Y zid~{0^yMk_4xSDNtjjBa-(>NktfMs(Xfl5eNUY&izEXe5zWez*(<&Csoq81A9e%%x z!JYQor{KYs|<(#<$(jV*Vpv!Sn6Hf?pHn^ z3GYM(H4JDVOPc&gUi6boDF58Xuv|#B5D8iX3 ziYl}`en%AtybSuBtk&p07pZ#n(bPh;ul<(q`(UOj-#qxf<3-0S^q16LKT~RjofNSi zsi2S z$Grb3^}65H^!d|g-=8LHh`C{L(Y-wG+Zp&Zzy{JO&gc}pwCcGbavRKXD<_B1{T!8O z4xNbK=gB{R1 ze}7Gq{IeoMvI%d@?Gu5aCZ1D2ielT-1{$+iyvegL_X{61QMSM4*;y3}d?2lwki}yk zY)>oth9C3x>Vq7~Bh4R>w|%BbsCP z%Sa{{K~vn9jYMbZ@uySIJ!c;RpE&|!-Oi68j4flggPHQ5>6>ElY=B(^!apilDFnwb zEXd_`p?VBv#0pv=F7!cC{6IQyjo#yz<$6Kir&oE(#7Ab8*yf8?y+sm z_5KAgMEhM#$g6>!*?_7=%3d2qB+&(%->q#Z5M!tlzPWtm~(6Qe)38otT>< z??fM*jc#VvzQ(8T=jSuUXq=Y!y*)0D1^y{rsBVRL|_~_o z^a>2*MoQmvalcA1=}N};Gg}AtNdK(+gIavh0?Wgjqb?N%dEhB~`f~yQ2)}FBR#e^@ zk7~=jK@fP;YnmkVNGyLXS~!EfDumN+D&umar#0C|GQZ1CbfX;JFqtYfR`zag#{K)r zAJ?ZFz5EihiejA%IMI_)3nMC>mJEga*sBU}4RrLlv32N3_vI5Av?9(Atpe}E8lP%tc<j4!kHL9hZqqL!Zyd~&K9AG>hUqV$4$XGj z8esSKqlIk!UM`1Z-!c^CC3}R-r!bPp;3&_4?arbCy~8g_z1>Tr;350>^#%d^zQ>gB zcT-n0t%dw-gdC`3=m@?-kIWQdb<~#4=VL@yIG^CTw&Yxn)n~tDVR8Lxy)$YrCPOde z`Y*ocnM=Ht+fR4(q`RFEya_)C|C11VLK`5#O%2C>eFb0(!+zeIAsA-%9pxgV1O*lI zyX^>M6mP9hKaX;FuuT0me34Hb|Ad4E977zk-f!5ZjT3mtpy#-?o5!#=;-EjJ@jbhps0VV!6hXz7+%`x1*>yn2KKJDUS^4?_d+o)qd1(J39enZ(zuo=&RHkB6f1=gBNc3}LcAH7{as0BB1>ErK z13G^4tnTU0CDbSRBnw7}Wknf`oi$(daNs$g&Jr5Jwe}6~H%HdqC<4&JdnLZFrMFD>3ld;Kab3e(j z7YUl9aeid)xqv)1Jj1%^T_5^oKPM;+*x)&Ra6P#i#MA7amV! z6F+)dc7a_Y2PgJ_=#;wSuU+_k^lK;E)v;~*G}^J-KLnN-xcs=sYB3wLD7>MkJ+IWx z!|_L@_wg#+YGh=;Q-3jtGJZF=2mSN)jej%yt(bkdW)CBb`skk7Cd7}oyo9(2!Ba8Y z^87h|4u*7ls&F{qW-Umqak9`HXM#~!-&6mlx7oVA8P?{Z4Pevp#_Lu`R=<$#9G6r^ zCGF+6u1Uyt#{u`7PNPr2sW)E)n(b`cx$N>n^%gL$X5SiKdG5o9;)4U;-6>z7!+cfi zr@(dW&g-PW2EbzXyMGA}7OcLHPyu(hSFWeHR20;_+i26+03kjVu@`-yuk_KV>+~$O z{d-id=rMgEF=q~^9Q~nyqhD6`TG+`+o#c5woSy$jk=k0!Z4wUIqnrT#)C%iDpRu5R zwO@It2MsraN`}Wi;!kxHIpN!;bC&2?LuYEr{OS5LHzd|yIcz4T z>qFzo``5&##VTL#Qv*YGMo00{+j5hj)rfau!4sRtrhCb|W8#XqNy?g^}_tdn7HKiRP9>k^r# zjU2fyIZe2q<*!NTdq0{oVJSxJ@TrIQI($pPJLi~N)L2A`;C*YsuA|+HP?h7C`bCWU zxe0vu`335GUs((AaBWEBKg8$8U4HmpWlwGZe2RYUPqJ@i!p#W>rR=R|#1E@a{Cq*_ zY}Fk1*htu0#?O)4=c4q>a>rk`G5f?LeF`8{@B@8;sc={=R)Yi+_>ly9d!Z8}QRWdO_tQ?{uWAn~$|o z{yDgpo37ozoNb*REo}*WdYGR#mZua|HhxEN*2bhka#1~KXvLnWH*_9h<`(>zm4$uV zU-}G->8JgHvTZa z!cg18CFU*3Cp0&_-YW%8vDDBHp1hkJ~$%_UmJcSufw)Z9dgcdsuDN9-WKtAK`d$|x<3B+LB9Z#Rp zUE;-=Q9_%Q5=8gjT737aIcwMFVGl_hRUo3Ct+K%yPR8B%1lz?$mEzM_?~kcLP=8*m`Aq z*h7#<4ZrCvADkOLA*|Qj_|l%e3vvGGn2S)#dkVj2G}1nYf_B~d>`@*zQI;(rKn%X{4j?K=-3+&x~9hN9%9*y;~fa z#Ovb{7O?=&i{~X^#jZP)B|GO;xwfJ1(5i*yBc6UIle;GFL+cdc5;#?&Lz3XH{60sW zZ{Y=}LR8Xe<31c%zpGwPIN{)7dGEh=r)PBYlKmTbk^6k2hWkAjeF)yTv9Nr{FLntW zBwberEgN~3l_j!`1Jt>0(sghBZRjVXpivz7&{4ypUVq-nfYQ4#+{m3XeX^do&wI%`9AYRHz8M2 zm(HEgKo5&v`tdppUow*QJhF-KuTfLD?f#sov<+&C2%IV=`4WI2J+oQ{U}Y z>tEYdG%qBF$Dki88R5#1hiK(!H#-t~55mI}nJ z^z2odu%e^peStzsXt8ssN(U5*b$Uf3wVQFP7Xo?VxhA_0s15l2<9!e4ymA?ilba%L z43L$SmvnGp{o#xO>(Q;}+xTM%E!-n?T*ojxr|X#L;AObqLrF}|=%o1?n>`Etmd$U< z_>yV)6vqKA?&zVyq+m<;;#;ThQTatr$=HW1WHMg<=cYmE-~6#SCnkOz_M3W0$=UjC z#<$yNvAyagDrQQPd(>K&)B(3i6FY)w6w|~ zOc3Fnrx>Suo0cbAx}@QCtJnZ)MQB7`;%5#h4Lr-mHG2bCl(?_?$B}PLg9&s!bbTRU z+v|CT#|&T*^=S11HvMpZ~HP6Q4J8+%-OawR;%_x8!l>$QYyIq6p{A(r4!z z!~6kuM9FKP%Uy*g{7?w?h!+2*HM=)SQ84oLGU?8BK&Nh;af%rqKH~?-w0*lrl?U!< zY}OCZIMr4Y&ARIJd_igOtY4OxB#UDL|AE;g8k<|~BE7QDw~@a2c~~remH==A&%{(X zb@dgDPqpKIPrQFLsLkI~YV9)!5-y4~NN+SM3SN{hiey$881fU%8U(7p;H`Zrij>ji zD3q5g%9qfxi(i|-7QWZEKM;D4R@Uz%y^+$f-U;^0pgo{9I0zUO)>4Of4QX4sysRHD zp3!}ZHq=O)v}-%KpK!lNwc+s=pKtZ8IdOYPukc26n0+8w&Gm&=of$rdtaLY>RKkO8 zdgB^)pA8M%{UmwuX>WnR>-D&yeDQv;WMBJGk5lb1Uy^g9Yn|KPE;YdJTyZ2>=A?>b zwr{T{HbdHrYp3FUhp z8vVJG?Z@-eBF8@cZu@E~^1|u-QJe8@F!R#;td+UXqL#@B;>_9l??-J6exzb|pp zVJ%3}>@{3)_p8Zf)4uS%=JV?j+%AB#oP+=to2}d>>I5i_10qVJPCm1SCv+t)Ad&6g zO?E%z5K&I8>RZPN>NOuFuc&p;cT5SPzG`?CAT< zye^LsP&s@2r}x=9Ou)l_j?M}dK)HV~fXD>%wRy8?ZZ`|CHu7}1<^fkrxi8(Jx?BcY zp6-!}xC=hzfIy#ZUQ3$c_C!B`^r1NH#bI5aT)#spT|ST2NrBhvUwLyRw7NKvmpGoh z)(Pe4f}l(^3jHZ`&?<9 zYpyeCko@(MyVYjMNB6B@cdWkqOYl>{BY<-s#RkfKL$KiQSN?l1NjMUmg>*1`^(f9- z|F*jBGW!9-pSu5ZpYoCXNGZ{%%gP&ZmSsEAMnrwGEVpKBWz!fgtvDP067(Jq0o<6k ztzW3OYLHQ3E??#XuM+D_(+ABv1SS_W@8Qjj6x}dk+&@qvk!5E8;1Ivynt6w7{2$MH z2**I`PPtv52EyUKo~!feM)lWAyM!cO;6916PiBJ=(I~FlN(Qfo3t-A!9sdf+Z`*hc;)v19_L9rFSP#q9(00`kH2<0klvM|oy+_2+M^b3y=O6Y+#j{m z4-`;1=q79$EDrKcjY|k~VXoif(XO{{{!+B!eU_7dbhRV9$^;|DJkM*-SA9J7zm6G1 zhTHb3YUWiaa=4n_vb0M9y3Amcdq+g~#EDt2zHnC-D9|%Du&od;FirLZWeVP)Wazt< zmKrzIL5bw!cyd3?>D3HRYFW{erms5R@5>{>b$0kdu&h?&_I|zL+pwNVJ2*Z7JC9{6 z%x!fKgJY3N_1ND zR3%pOo&p=#k-I7E2Nl3018)jrb947Gn+F_hjD}?$TMn>xM!de*~Qf^P9Y&Wn=tC&)etmsQU8T&ky=xbg~%j zua*eYJ2CEJRRECVcTaIW_<);h;#&!@2f@MLamd>-u3`hh`{l zJW2(^?!2se9Kn$N+&}s80}QL9&Zh$FqFNx)`bR)8$^0ZKKi!tL!As`HgFEQw6LJ5} zo2F;B{5d`isP#|3uE>!EbE^5o@UO3a9Lv$!7{rNA*qdn%u=PHF54eizml3v^;KYUR zmI&MwrKrWVXBhYD)idFzp!i794`}DkB=kCuB%+cfn zVlieuzfEiwM=%?fRG2}Hxl9w9A3#(4WI=U1XnGjz`-VNSW+;G^#R-5cla#B?#vfTb zfliABU;GA<}dRgG8O<~?Fu4Q}`7Nq6?6q<~zk*o~R z^xK|p)rI~yoZAUM%aeaR2h{|J%K0lAj=b>dk1d@ab=OxI#^yataB}9|BT*MZ(KI~)%rz~=jC&0tGuWY-oqJ11yp5}w} zQbi_U?j5<82K{xue5x1mMQXroo}cVd4KW)aqWlhHqjAIbficj&|0M_Oa=89{$(ZbE zR?d*)srzOZsVsSM;%hGbib-720ry*ue2{$|nc>NLg0{GboP*th6(U?5K?XQgOq_X~YDv1%wP_e`lYbNi$qf6@?# z9^sOl4PJkrVyw%D>mQdjj+gXWZtztCwL+~t6?^%#KR@#1C>Pf=g7FI`;9vAu`1m8G zQoB8Q6ii}>W9}kdUCf0ZoNV?tc#$0?lr10bWeTo2cq~5v)IQDHRE?+{j+8bUVPxF3 znQ6|-o)@7mkQt)5jtg>Su4J=Ej_KD96_xjG{%MXMjT@V+-=qG=agNKwJf2j(Jrc?1 z;ydR<1On#JKVR_?y(>Mn17kAUySG#a5@b}pe+ zR&Luqx)7tQ0DSWNMeEy$*t9DEOFN~|6(k|dY?b2`|_H%n)kS6vwd zf9@U^6}DNmG>`SZH}6%Qcnzq9(8n)VJgr}f(0xzv<-}?@!Af{ke1~#@a-SQ_dk`ZE zc%J^b7vg=veh;$9Y@Z<;kY-cQwxY&5CqXM}%e`8M5#IAx@pMkU(>J}=Ylp&vXxVgS z?yq@!+)=nH`(hCJ1DlN9C%Y?O?8s-kIcvsiFG8yR9MSNj8vS?(uMv&D@c7vG8+#q# zbA{*o?p8mdiG||_bd?k9JSzU|DL%DF*k1m1KEQEd&4n5-G6>}v7#cEIYL9U9-hlJ9*HDS>4DaARn>?)~thpPZvi zR?1|;clc2Dvi!b{rg1Gv`e$)0qy0Of4|A26_Q6))f=%4FT6%Zl(lFy+neTOi(LGKK z2kW)0XtdF^4%`T_`4cfDHX0N`0nS{FYz5|kvYHl++?)3etCyLccE+}{abKsE+8pu5& z@HEV#{|}fvAGeVFp1<#k==(i76i%6i#*ORsApyvv>^UU)gU3xL>6C{@09hCR*o>3P zgRS>tYF&R-TlT|F*;B8l#D3!cTUlobZtUmlkr%(}?qbO~)E)=}&*&H+X>fawRB<_- zWF?U<%j81bb!zLO!+w-VaIdJq6w%4!e0NH2@I<9%AI8sBdFdYAKT!2vw(MshOx!=E z6ZM~u*qjfa3{cudv&X_YS4kdJ7k#0K0;%McMyj7-_siNkcM75&2q_Le{Y>QInR*GN zX!M0nP>F(?hmI1{+c==0VoHB&1EX1w3;56#ZJEDC^ox@kffEK$3jWH8CT~*lNEUhx zoHu2ZhpJ@Byd8EoBK7ThGIH8|Vy|Y1}fuobU;*6X$-1rwWfeVK#7y&2;xmj{NoAy2b2$6wlo(t}V@8(#c}{<`LIxhTSAV)H z#Xj$oUvzqgP>VAP7Q*{2qvp;X+wTl#Vl_Qslk?g`mjHQ{E1GLUY!{DL&6rLT<6Yl> zG;*}URTtnVKkhx<@Cx#>9TqlH15toV*@AZMeSWy|&QH==5sjpl>j_1;=}t;@;5swU z#>~ge(_UR<4$GTKAzWHth7ov*616B$@pdFg&H_DZ>mQn4RFwsNQLm31MAsCV)Z%Vt zm2aHCGi5T;EOoip^fpj=Rw80cpYtQXsnWf7uFRV{ip*&6U*wa3x`_>2*FR%3C_l@s z4E;%+ZxBFztCxJvoL}Z5!{>uNL&$cL}7cyPFVQ!Y0kBJb-4 z3D5O>Uop!QBxn$`);V_YV|?@bCg7R2Vdi!QeX(;sBlT*2)aW0|KgGLBZLvP=an`hi zJEU(PJ?jD%@V-p+r+3@<5+6Xp>9#d$+O^CguYrfyXmsr7@xnWw(%Y99$7O>Dn2spov*%nn8?RrT=mzD; z--15Sw?jmJIBNxAJ+98ujXa&CkMi5H734yt--moqqTqk~YabKCcT1usYhLfxdOMg# zU3?W>Clwozd6Z& zys24F?&aLmm!CAmv6N0t3lE~}c=&XC0D*rWYBDdaAHpy5)f|8FV*Rj7mn$toZ!K;< z4!^h?^=Q7FSmS3W?9zH2nUfhg!zbMmWFx!y4zV_sPt^Ht3oCl|% zk;$~=f&%J5D$rr{n@nu<<-)u23MXmzqjaBdiJa^sa!gw+8^Y`ohsB88&jNSC&ej(p zE%xbL^6Bqi>y3qY*-%?U`*2Hw1zWbI_w&Xx#_JX9ZgIt;t8!Ic9~?K7?{lh{cdedl z;mrLsc#%NQj!u~$>wc^9EgCFuJ#mi3RP3Ym5yS|o25b=2FzA8F_`VwoI}RTGeC{3w z+2t?Kz!JpZydp-&sO5S_{Agt~@GfC6iN zwMv^e_ItUbiIK7m#+>%|yzwLU+Om{be=3Svv?fic={|_)hep6J8s)PO+HSPf$rfe~ zkELsaw~Hcwo!MwZP-74Rne40gFSti`45jO)XuOCEP72GX)U0KMqW*@S2q;`%NO`=y zIl2kjB1Id`o&7{Zn^}0@w9V!TG}H*Pd`cvv?)>+btE5Mh;vNZoLV4#*%Fp6AeMQ!L zX^?uQ_9JedXO@`C`*ci@3#FR7K5&3gD}b{_>*KCyiJQgmXG4uiXrsuc$I(; zS|6ocnscXhEdVpkktHQgB2cPc9YWuj$o$Zm!2VHN2p3gTAKXZSnHkWUSK6ATS9RRe6d2C8GqWGP(OSoQ{|KrGmQQ zY{TMw9b)0Q9f*~=-`?=It{8ce1lnAxDFNYrF6E<+e0eZ^XoJ3V4CG|^5RH4&dLKWC zx}6T!*TKcyYhD(FZ-a7|l)jeD5!&HjrK;8o^oS2O=0{}CJ%O$(I~pp<&<(c1?w@dRd;c{)b8 z_See*0n^9$n8djuLDh_EyrVrH79Pp95hcuustwC-xcQ*<*7CveS5eyV0n@?+gfQ@A z4)K0(JN|cME>!-**idmpU#I0#J2x+Lk^Oy)`+8S+nJ3oMAi#$hC42$v35CGtsr&)&8sCfOqz!ND7pCx1C}1DZ zv+M&>wx>t#()b|@jy+3nM_O-`T8-W1TQQz;Rl%|e8zDn7!Y#58-u(r1_G*q(tozEU0 zg-f3uwYfrID3?I~JT>=lx;*qbORMfIoav_mYCE39Yf}AK_8^Cc8rEF!Y4Ff-!t#mA zH~vE%j=oYfw5@*#hRspV*FP#J_1WDP;{1Yy!EY^=#VKW!0@&%e$WGv)SvuOdKY}QG z9WP2*?AyNZm|Inr4509FFd86Muqf~9)RK!a+RV5*jlJI}@WsBIxfg!`qYCbrU&Uw- zzF$%CLCA5FxAy>U^Mozw~wzB*Qwj8-Dm)ejsdUK}dL$vj|Vr_K)QS=$f%? zU0k2RVhQt<;<>0>dj1d@GAnnAEap*T4-qT4lL8$Ck)3{?f`dV zM;zu#!D{_yW|fcnIhGA37d4-~9w8c|O#O7>vHROoX=M)b#joXyYXlGM_O=goOs2<) zc)zrVEmL_L+CX`gP%1xvxTWPijmO-KK_A0?UU%v1T@QZ8T&nLP8haV-@kuqPy_ggR zYKg4`6RTPVOyUliu24>W70-P})GyLzmi>~(4<<|2+e?Ho1FhMp>lT24w6Bg+VCg0| ze3<*-IPVLgU78}0QLkuAU3Lom56T#4(dNx%(_fysv5U_g36961<6*OKqg|=%KChDZ z$8LKgZ$cw5Ts`d5fpFX4z+|3h?e{G9*(Z(@k1x{|J*CY`z?K$0L<;Zki2G6JmFqBBsZgIFDgLLlG|7F^`y@Cvw(9NwP$5I<)mA%Pf`!cpKXe!b8>+x8un zbFrIpXyh6%-J?J5u*TacXaE}9stFT}qd>iHsye#j>at&dGa%DD@U-LKh55Vl|{Mxyp*eNpA+>->O!KQIq1x1i+ewzH=2)-ddc8v(U=+KV|N+- z*9{prrG1285Z>$XmKqgF^J;suG4cb2erN0B+}KNh-FGVQvuG$`3Rdl*A^UbXz)sqU zx`$?@kKDcxCBFgVr4JRMj;+g3LZ&yXdOWLhS~7$Q&{Ww8r_aIK5{qVyJ>EPUiDHmn zOZ@%%MBL}|#uOSPwI%T>ih(Zs+%LK10TAK<$R)=**-eAdihKcu0Pf-27&^R&Utu$-mW zCks__XpN7L7xroUX{Pa2$czNiF$N*P#^K|}$lokes<^om>=AKJ2&T+ds~3Afr4a{Z zx_%`u_WNo3cjxmXX?8hL*8zm9&%M^8jMt09U?!QzYm;j&(-q{{qaJzD=V{Cyx>h~n zuC2aj3Hss_7WccrW0Ktca-YkG$roZHWE-9Md{_N(ir7aDCBWL>f~Q(TiE-UP5XT%r4FLbR z&vy@}U)u8XV?qS8__~!#mCU84 z>|xQqnYDCAT+~5oJpt*Dvt=94-_yEb+pkUp5*4is{&{g09>x)+Dp!0+3bwzi!LNHY z6ZcfuZYDv(Wi32Cbqhqgt*Q85DP09qPVKYPBPQ6+aTej|#)pZkhqT*)u}5&ZxXOla zw)7h2phg#WzP1Vti>Gf&kpn=g)6^mI$v&QGX*#wdHEo(5rX1E%9{u}!|G-VuY{^a# z(vzE_&bT&q3w-pQW^?h! zJ91-~{Jo`j&D!k<<&0=yw{5w7a6Q7Nz77*c7h0CulhI(B##?OH=FXFJgkaJ38r8Wv9a^i2eODI)Fj9 zCH0EApOXAsVIC)@lz>@35AkTLb!A-7!8cnaJvQxR+W(ld_}%qz7#_uTjQUL3V=I_) z*j?Gf?{@IsS&xo1S+=US88)Za@~}(~DIZ=W#(MwO+k-Oc)YfBKD#h$|)KfjGLY&xY z#(XZ6-nhFu<(c#Fhh&9Kz+X&vn4sm zs{Us*h|?Z4%=YE5P`E$jn2_lep3<|rbi{QeDcl}7Ai79*VG%u~>EfGrh6zS$M?^AE zyY@rf=ihw~P_+GoXabVeq_G=v`L(an<6z)U{8Yn%hXG|7hp{*~UlH_?nkipAf`o#5 zVd#5n-Y%xE&Gd8ci;?xDHAC_6b+U?o5+|8L&(`n*VPGFg_(#=XC*sda9(r?W5WIVj zDZiorc->M^{hGOA1)N7k0dl`UAk=Dg_ciJLXMuqZc}6}24uA3X5a1`P4<*;h1^Q7@ zk3OBZ&n15^czHD3mLZe)XV38|ln8;q>}M5-wH$KRWvZYrFu9rJ^#ub-zS_>RPtXN! zqkXBuOi~(IifqP@e$O{%zQYH4T9g;oJt>EN|KZZ#P>!QJ#qq7pd7>MXL^LLwZg~djvquj{e7%yTMfl&uh4C^PK)MARr{*?Y82N=Mx9*VlZkL_iNT0 znkm=ItqvpR6n($-@=SORAIp@h5Zh})^>DPi<<*+nhhjtfJR2|0^a=R3fc6%CF7nzwS^HLa z8R1)a1_}z`1Q{)$O$<1cO`BnIyLxKxmF7eIe9_tTLG8>G-Y-_MzZ{ERuD#ZyzAFzL z{QLf+64OOJgSkM8brf8V9s%(7*^lz5;jj-ZNWIdK?K+6=csvi>yYah+^MEq(ALc*h*FG`t zH^c~ddBA~N2$rGFhx79XE9l{g{`Bh=i-~$>t7#y7<|3kn;bCW&(}uQ9Ji*L+Xv&@I zg>%E&P0sqcO#{UQfq^QC*gzExc)Dgbap$Q_`A~*mMa;yAQ#monhIrHiKY2B_ky_VR zd%8u9PwGeS=A+*tJL7BF_zHoT$Xi-pgF%9l5nvO1hrLm;<7$;{M zdQi;~Yrg%d4MU&#Hk`Nju2@_#`27+o{UusX`s*@}RnC@H(n+*3%V^_}LUI{S!0uxE zXD{dmH`Hc`UKmKTbUT+d*qC?|UZ52S2jiNY5BrS0S{HKN^QcP*Z|lcoF@z9gf@)V` z!oY6$&pvIHGaX^+ZrdL2Q|+`}Z;gE-C!0%eJ>QG|vIeY7hUM0;GBbRiB9g;6(5I1o zhmY)`J&GFt4EG^p`_ejtd(g3|hv`aPIn@JU`9bI8H?Je+>crb}K{N0|bm2i-Xk06* zBM(1Im_hyFKPz#J?RyYIu>Zm9i{JK4_KhocqgnLqzR{_@!}2!bnPeLzH>1%G_dy0b z4^jfhk4_P5XtJf_wCRHdiuqm5TIL%j$v6H^_L>vh3{)5 za)xkz}MX*_*OU%I6=^FP}X?8cjk$7 zzDNWn4wY1-H1&zXMzXI_b)M#5Mvy|YgKwP-_w*^yB=A8}aEr|gVAMPdf3ueRZO3Hi0x7OR`7 zr{S~SI3HL~9ePg-cPsZ-e=>y4^AxBorWS%k1t97ov~k%;a)M> z%@lsc?)Qkl=rV-kY=tL6OL=}>M(Ovk^j+ed?`l@`bCOc0M{p|hq@edZqb2E}J{8M! zdcWJNhzz=Scvz%<8jX9Zptj6kF8G{(3I$cD_ON35h{sNfj83YE$K&B{DRsF`C8wHZ z&CZ(sqk0l|Esi|Xi|vesk}1AAfBr<@zZ;d(WyYs3qlW9|@NC`zrB9~u9sOmGk~-;! zS9YgmG>PAwFY8$_kut#oFCWa;Y0ex4*_FrT`A5akjNkd~iu-(kg!Zg=emE)L+X;>S zuy+ZRh`SJIIfHl9H=L<^oM3a4$@2H)wSUMgj8IzR*~_sf93eS$1-mt)Ix$vYtke>R z%jH;icX+y?OX2(KtwJIF>P8)PYeARt^X}p#II(KW95m`Qta9*x%JQcG?saENBq#nN z_!juM<#31_V1q&&zO^7-^)H>3AB75)K^EE4jaB$(9aExojiVFgz=27H=HBJ%j!-#A z3jME9+?KI?ncRYyM-1;i{?^iSIH4iuhXMMG);mentGlv!8KjGqNz6I*53)6&!oEIJ z3`8}aDHp929e=;!<&R3;Z$h~2O*G7{ZoU~xM&&%n#=b@Fd4aPaZ;nIPJl^u!^-pl= zPWx5Fi6p{fw%hwH!0MyFRKWK=*_U>)Qo21J2r0Ndf{$=v2X~7Td+Yc}h7PM1XM1JV z^ZS>q@BB``@=np{Xc?7T7!J3$+|BZFxN3*;^W-RA+TR@9bUNzP-KQEAwHirE71L7e zMABL{u4zwBd zx9!fqip*}H)ps)D-D+3jXP#Lhb)V1}>SZ}i;_JfM^Id3jZ?#yO3!N2a5NPA(;2d;h zqajFKOOt+|>!u;=;U(=pZ7f&0zr|`8q!F-p+U86K;X%xfvZ{Y5?UNBxVG_U)CL zAM)yDIKN-MAGG3C=;!i(2jz|?JYUsrk%dxfx^%IkCXY=7hPOV?lxm@1C zcuaZ86NT*jG^`22RJ{0greba+_q|+t7i~CF^!rAqGx7&}%o*uP_z|2s%<~n3g3M0S zy1z$hFy_zTGR-v(RbM~B@C;%<8{@z&+fRaPDKJkDNrWvvJeKcQA#S>V2bO=If2%RM zY=3J8NEZTgJaBMBay$2OKK2KxwY`8tU$N8+IQg?+p{ksW!tzpW4;8?nM3D}$Ab6>S zaOr^i{Z_*z2zia&$d5F>{Drz5isdCudkX%(n(u*lCjck^)@VTjjx~5;BK62bkn(tqcQof9~rl?)_If&8CK7_K)QvYss^HnCjMC`Y(Z?Og; zYA>#eL_4C;Z6yL+U4>s)KNj5SlF1-T5>P}zEyh?0CmST;y}ybn_o08R(14s$=EK!w z?6sMI1T*M6F)(Rq>OO7zVObCztoYFpO<`^cW?T$oJ7| zhNHj*NjAp0>ZZ@T5|o~g>|GX5?=<3pvoEOR7>)x`Zv`}F2gT23fC9-R6e{^JZ88!; zC*VCIz4SMMZk!;^k7V1OpTdLzE&t>|aF3{KkVP?fNU)i>|0rQ!DV6MgjCu-*Ywo#0K|Xl<}olr@Zo=3 zw1)^^=F_HvVze8Kj#L~ z`Dw-XrP4qo;dF0V)t*Vc3AZK?raWem&r)TMoXaDcI>m+`9uqrQ@|SB))bsl~-FYI+ zRihv}_^lmr+so(q^#r9MOP3$<(3az!$XW{2@yymiJ?FFO@>*uJWx5Byl8qC3J!Gf_ z%JAh65pg_kZ48E4p2GgDHR<2=JvqSM6yFqY@_r3!&#|KO_XAtkK-yQVrm)@aC*WZua*hcEVi3WfIn`VRI` z8S;6|464M>{qkrxX+`Iuh$!ywttb{m ze~F-kM*#s9iAs6{B}fvG{Pn%Ly_VB+RY1ZCb*grFr>6e<=#k=ZhlN5fsqfC(tRMQc zl2?`J#BPYT-*Dnz{#ngpFd!aRBKm#_RXcTi^!Aw>_OOqb;v+d4F$uxa9Z5Yuq{Zq< zjL6@=#%Ev<1}vzHIT>uv{r;~lL# zD1J&#nU4OZy?(D2AD>&#eaL}gbXEbWIAF9XI)Jh&T_=&wKCym>8D(gV>W`FpIJdg} zO{g68DK11)7T-sB1($+&>0(|7>Eu;=r<#t4_2qs2+R-S~f&>hHM`=mTtxAZ%^?ohw+9tBwgDAWysg!3Et4$U03G;pfQKQ_7(!But_$BtWL>GKRTFL~L&^QbJ zCCl(&C;;E_YxuT(0#7Vz!+4=1*WTO9S?Ycf6VZkVMbWB%VI!e)!gn2875=^)ze2d) zX$)R1w$5R;^nHcb4d&y{0-I9qH(JoEv~E|1l5I;)0|F+%*zs&5b<14N%Htj`KL;)X z2{(OV`g{n0gbz+CU$_=L+@s-eO33VVYH00vsDukaK1t{rG>O8aa-gt>%v=jfM=Ej( zYyTc{&mQWz8pS`}PV#{`f~da2BMC9=kLS{70w|GaCp80tgA<-7$$h^^qBGBM%X#dr z|9(rH%k58qR&f#du#iR2reb=$-~F%d--Ku!MaZ7C>FQ+_&+Q59{t13$PqL5qW#r?PmP7@iU7xn+{ahv+j#n8%|+eHtZ zGv+>C>9C8bBKZUF-k#X9o;WF_t|&kji+M7k@V^*jMeDA3`v|%Fx{bE>-mh7U?<;(5 zw?$O;d3~7-fQ#k_RY7|j?~{B?-VUG}=L^r&M0;Z^)Ov;e0$Djb)5-Y&`A@tvdFM0` z=Lam82evO?+w?q+!rOF=jsZhdif89DvIqXWueb5?L~C8xk5h)e!*Ihe_2K0uXC@AH z+mC)FUb&<^tny-|M0642at|Hp57BQSp{rnzyzdiwWm!J9@jLhDVM;sKVyWB{{ec>j>vVTjLB-6tmWYfatN~d zNqeNB-WNCNW8&a;WOTE+1W|?pi<~*Xzt%> zDU7p{-{6gLZS8(v_65JBw9Y>zB^0h#$Dq4Z5J9wrtEMI|n2z(qeq7&zhU5F1XB&C) zmq-1G0Yxg{f3_OX^Mqu=>%L0Ic2xZ8!b9|nkk`*};fw+Vx-b~_K_!Gu2vsGF2Qr5ISffyFV{cy;{Po0;*B{rKuzw zNA|1u)Q|o?=Y5Nk$zR6h-BPFDiHFyi?a~D-9JlYN+ZH)ATA+XB0P~o9;9VS_+vgIJ zVGjvp1QTwx*w^9lZpoU4zSTT}8MEZZy!CYJUwvpi)bU~dS^s0J8`DpKrn>C6f@NdR zTHT2eGbCZTH)CtE%)hCTlQqT?06rig*H&lHO@xeEG62P4HOLy z{-0(0X@=kg(4hOAgyk8mxH|qx#MslI8IRr`fw})SfH2{e>-{4=*Lfa(i$yAc2Jke= zPhPPJ&9QWdqUPJ(Vg?QYwLsOg8-Hd%&0z!Ur8tBSZ8w1Cfh9k=-1SCd;7lijclO(8 zGA7Asf3S$GGcQnZJqj*{?KS{|*&T5<`G}#(psT~)EJ@mLS0Cw`6QV=`fE4_@NWw_- z=OSAFT8-TbtOqjks!j68pw=|NXqD@DbboCkdP@8w?zCr3vGX%RSlY0)KdyI_t(GTr znkBA7sK{ePeM+(mWv{EqrJDqE-~!_>3QH?%JN_T#!j{I4D2`; z_t}uTF^x{bx9?5l0Rc%ggKpjoL^(hd-vaP)VD9-WZ_1`DW1LkSX9ViIQ`k_PC z=W-8QEQ09q`!$+$pC9CNrd>85))?kl6xSqh0KxkBHPT`xO zU`p*Lem@M|twmgoOI-)%+Q9P!K%iRt$iy>)v>qV|6gJ<7*FPAoIbZEQ7!Bg8o;^&c$;VB7>#qWxwjC z@Y{W8*UTh^$3MX*?R_bwI0a~o^|C&{SBUbTz1uWdKbqOU`o`2nEX*L}mH&Y;I+0_o^ zMjFC_FVD6_vl3kC37=E<$${mu7~kbviE7? z4d+yF`-vT$LaKR9zeCB|fJPnD?@v@UgJ{PK?pZ36;AEfx@g}|P0juhEP5RpT#L)Rm zxV=q#NW{tUK9S1%^o4^HWar$fq<+(AyU57A|x2Jtyqg7xA;F zLh<7MCoN!qxOe#D!!g;)%8C_lXd^dCbAe?g11E{Sf&KLMzUBL#A*UACJ&H;9-zEC} zsp19w7@XX`b2&BUcbc&l7EBJ;CG5crG-B`-O7J2jDF7_?Df9(r+gM2D=AsX&c9$f7Gh|87e$&`}W=s3#TjwH&ocyZ#Mr-t7!M= z0!%r+YZfdrOvyo4k&Bd_Xy((jaU;MKn9@_u%=7)){o}Kf?t7EaV4Z{yI_~ezuyHn3 z>R@&F=4*1r1UXZDtMQlfl)}B?eJhREbUUpH?bKZeToIifCQX%->fR*#0D`Rx)NQpx z3jYt^NaA}{?5%_6QeztfBCv<73<$u~+-R;(S_UCh{y5S5%@;WVMHgxR)2z{7#Ie5e zX{{D}Z0ibZ@Y^3CXMb|NCSZA(OKk9|Oq&8;ITg>qu;xrQQ(SH4xw;<6%bfte~a zJ=4T9!t4xLg(;q+bfD9c)LXv?iewpXmn^)*QF%!KZb%GG6Z!)f+pOos-O_;=dS%}1 zz)CIWOSJC~y1lS)Lig$ZT-+amyHy(Q1Z(asg5F*>=o1YHa z@8XlEm;0Xf=I4gv-Nkv^*B8bh0d|3HR?I=YAB5biE%Q&EJ|L zH5UJP0BG~!oS5ee%;-O_1(v1JxXx+!{P86H)hQ0^r!u2sV(*mddyMI`aZkD*D2Z@S z2jg^hYPPVOseUA}0lRR|AC-4V&7MP@>qO!{wDJ0U?$O4gy@DK|Xq}=rOr!YBuJ4kB z4`G5`JS9<6nfY_gz9i%gshDH9+deE_&a8SmgPT<(rflpMA{D{=_#%A+K|4?v{AaGi zV7{BUuWOZtN2&z_Nc`B|_X{TNsrLH(gz_H+mp^cato^E@452>w^^oaAJ;3v(A1@A` z2S^yYVlF<*R?|2k{EWDjcVJ;LG7IAMdsibSr5YiJJi_TUYohcp^%Hv^jO{+ytXka; zB|QGZLy$5getkO7add+ph8c7TWQ}xl`K-^oESu3EE`{Y}C$_fyiEZJK>Ni|`h!_;q zoQWiiUN*yA)vqXQ0m6@Gp`)8wW_O#HL5HS#b|&WIb)x2jIH2Oew{TWxz={p7N!T-?;Qi1pebgPMknB&r{CZ5^hbd)4vm?_%MQ0C8Appn zdB=C2cdInd-k-_rZ|YiPx=mhWA;VXl@4V_1C7lrZIEl*0su2wTC{NBR{`_q^%1pMDdW z;>R=)#I%B3PRIhT^!Gf=^hPzxod~<%&l;8nChnj7@sG~^#dCS6ZI0pqrBXZWS$I+D zd;RWL0J88vUIwE!jNHqjLk%o4Zl~~Nt%Ri0X?IN7 zm1AE}8DZ~w1py?9KM4z`ilU5(FUakH2Z%8Wj}U`ZA4gJukXgFrI zo}|XTnit*3&Sq@hjVob-KeH8kFk+6)-y#c6^?26~eCKH0Fty?QVoc{1JXP4d9Cp6H zAdW8gSn{BQamj2Ck;(kv@VuT%A9Dg5i#w4>el7)1fo#$|QB!)rV(+z4=ZcLQqJbK? z`jvH2L?@CzW5s(~;F{gUkFr{76MaZdlFU1$ez1`ZLGq#i2IG~cNdD1$+0k`8fU41E z&AB;|6-6{E#$Lhh1loRf!Ld_oqvrGTS)sU@#9W)nwgQpR+x3{HsLbSIcb4}4t*9gG zht5U8^vLZlAutxaH_ko%?O_ySnOHA=0~i`lFlp-ixT2!=qN}kXSs~-9z+bqL`MG}Z(7s0%8$U%0^G>7N{yg!%Ml*l_YMgaOrtC6 zkhUfA2rD@%0MQsnM|BGf$Eipmaywapn8l=c0tf<9}S31fo?|81{hxR3qT4K6OHGpn2Q-kKf} z>>1=~*>9xqN^26(g(F=(Vz+B?HbTS7sECyQ)9|-m$Y%RZwj?vStHZXTTf;iX@P8_M z02(SkM%&2|AG!ZNrqj{G5yx#G9KNqjJ0R?aBtHr$sPPyc&QrdzkS4m4aIl2yQMpCu zr&hv!b(ZT_iBvK}UiorMk{>$xd7%~m6)iC@a#;fPfr5tkmWm2S`F^Ns&@rzmAPtHl zkl;|iWhr~65_hReS?jh(5BTxR@)%U4`U`8D()~tmrTOWVZ1Ldcz=Dez-T_^7Q;*ng zwb|DmTw6tnW1!j*LxzYt*rmV@&=#)L#||A5Du#MRrlVj5BtVZBsI+N-I*Ir>{><7Q z&2^7h)|I>eDPe+|b@>ty*|}}5^n*(X0%`viO64b z*imoOPw?Zph%b=_mW@RtyuVUAdWJx>S6jlGm5&dBrS>pf9~*8%45DrpHZInMo-%j} zs4U+NY19Dtte>k1Up;U8(d4tI9Tos_v|m0R9(DnnRmf`$2tr9GMEERxR{@-%<&~Oe zpx8!$N9Vi-9d)?P2?nY8vJRBda2IkYjNT~ z*2bkzLyR49@0{<#pAESJv`f1L%j02)UuaPSg@poP6Z&sbt%_cM3}x|YQTe|dDX-;o z0QM|sh?SB(@9`joQg}mszk7Ah1jLo)&C7F_g>W~EDUKiQV-d?M04C$g&lD~s{hf3w z~ z!^q9Mix0reHgbb%F9aW@-zdIzy@{RRTYa}X{u@Y6CVs7?4RH7 zp~bX>)ogJMI+jQ<4auFPPVfkF83x)0p8L1jT)vdp)A5ySu<|N=&xRh-+DXUAtP8QM z6tCxfPRI`I59F3xMjoKeUJ%>I*+;m2b$maaVO`hdqGs~UBY4h&>P(jY&J&Ou>!eTs ze8#5d2_)Vir?=ZlTcu|ag)*sWr^>PJ0qlf*ag{|`S4dbNd=^ODYVXn^KVF4mAwQI+ z6uuVoxB30_swWL*zPGmR zZf6_1BCNnXwIgo5kf8s8+jI7AIp>(gq7XNKtZTSi{0_dBIP}4%L}t66=1ubRv`kEF zzt5a_eU#1OpU{}z?}Kci0SIYhSg%1W$fLRh!D(FuJW1e$^z1x`vi19Z>}T8&)-)WF zPbmP7?I(v4>Jez7vdN%&{k4hXw_M&qX(3+Ol^NyKWRvx^rxB`jp}mP)ktRg@jkvrl_~P=}CN~1SO@F@U!K~+#2YIM;d->Xs;Gw2i)8Kf!ku+do z9K@XFKF2th8L(FI( z(Nn%@ZPDEbR-$gO#iortttbCNFO+|WeT=}aNk4|SCEf3DQ8*V-vR>TbRH#Zg93Q=( z^jWO&lBAi|%lMKtC}-GD&;{n(1Y_qnpd>*=qJs|I;-%9Kbh`H?Rab`U6Mw$!zi@hm z6M(j-Vl@fu`*{8#5ugAX0CjWJV^V{dGDRL6?)RB&Qn#~^;Z#Sy?Tznsrk-^?Cl#~f zv?CiLQRg@j<^E!pDEtT%w7K^X`j4=n=XIgoJnH1OA!jx{=<(ExgV1K4_7OHZYFcwp zo9~FFpI6kbYZc028es@d>>c~`13o`=!qdl#Rwa;cXJ3Hr74x+*kqf{WjvyK0FB4YF zozl+~i8I_i7_hUPgF4l-ch&K>{PMj$?eq7h?0!S?rfWLfA~0(`lbngo?_1@^-h~-t z$0Y}kUl-SgN_>)d$YUPXp0o!UuIAwf)COp}=`Rf~z(WWt^gWp-WF*}k=cO5FBxq4lP-^;~DU=xQ&u!@y6H78l)s6De2dB^MT?w;fZbhLZ+mptaU;oW|wm)5P6 z_=Tbgo55aYFDY`L#}!QBk5@8}Tn{eNB%MR9{c)&D$?Hp~>4PU>K$MkQ;|nTha8{2S z_mXb$Pja}U>fGIYU%o+R_jVuOd!uVe?Sk?!%w-%XhPZuy_|5*F)V9`@&3v(0l+e^3 zONs$f_!5e8y(rIjcn3zxAojb+TolF08AR3lqe{~sRARVdqucR4>{TZirS5Xw7FGTT>}$fZ^7K@|4Ino1I9Pjdyf`?OguJ)!4?F9+V{ z^SVnF9@VInr@NOF9h<28gMJY`1`=U>lQaD4LbGBY!G8Ibn>bMR+kQQ+(kU-hxX&`? zEP?!^c#!1@Y+2>dJ-jn@jc62b<@2sZ9i<_ubFf#xJ8|B9&0l`}9pkT7n&V2rxXAI* z#GtlwhQG)n<&E6!F}=WZ!wOpqN;Q_RFRdz8;ZVssvl}d>Ah|R*0`Cp)2(+*Ke%!}7 z{~U!HIWFX1qWADPO%gI4&-(-tsM4HHQ%j}~c!WugB`lz!l@HK;4Dou_=)*}JW#!d= z<@C=K6mth`&IAL1F^urnv8_~`ok2BwLo2k0ocZHcBipdI7Q=_wpVxBd-s~9wT^-L) zZo~C}m_&HMrb;g3%9*+j`swa*ROJJdlEFGvHi?(*AO^Kl>CdL{(?GaSr9-Er9GRxT zGoK_Vtv5=ZQs+jJ6j&5`gh%fU3XW1I;<2-$ph{hLJ&rH|GZ$A9w|Y3Vd9g&50Xh3=?RAKPvp-r@vh(R`*5^4y5}ox zEZ%<*;q4Q%F!H^^EJxT<{xSr^XmwVQ5q~gd<@h}5maaE}BYZ!5gA~g^`$ddlDV6;( zl@AdlfG4Ec5enuSGWddjPACk@xIt9Oq=%d2d^5T?4tEfMuz#*zx6f!C`jc@eL)(f> zvCZRvOwu646utA?FoFR{s9u zG@iSB-?-S#&gN`tP81+)CO-CT7v_3ow2PT+WPHC6uo_w3O$KSjj|ex^O-OUtdJETT zzNn8F(jKj|WUfa=bu-P>JGI%p1_U{WDusxLd13p!SIGHheJa|{>0OFW-rN$k-G=A4 z&fMSye|P(%m(pE=rTGSnCm6^phjeIlp{fZ++NOOcl;_C9S=SwQb0O<$SXI{njwJ3O(f6rB&xh;{enuK+UH7M z0`BVlI#)tPnLplpGv{n7$IEitU=C{13YZ7lob8ogA?sTYAQS)*@aDdJFc`@39_5^h zyLt<5-;g@bzhr4;bDse1dfu-=^liEsSA?cb_Q<2P@1C&azINA#YhNiqh|+IP^q*k{ zS;HwKG-Sv!{hH0Z6H7qzZ@B#qxqCh7d)#^c*|W;f6YQmVom5e{;EMzIe*3XsFUJj% z9?;KFDYD{Klbpw!5Y_OaxTOYvdbp6CzS@`6d&z{GAaN%WE_sq&$B{vN)O#>xqD%Fq zsZzLICysrbYAM@W?y`lsYr`4nBDM1`RG^{$ zq_fMj8HvMEDE@%_27ttMY7y#`?1lC<3xg`Q-+Vtp$g*!nLR8yG$QlA)W2- z5=(zrig7wtTzGuAAFueGeQPx&Lex@e0b`)JOV+epX?Vi_&Xt)6&LPhx;JRB()Ks)d zMMW-{)M0zrai4?I1;yv?kkdEs{*>G93UkaZduz2`9=jP#uxK55ps=u!Tkb?sgx7qP z+hc6rH#i3R)XmKF_9CzpZLQuc7Xx5ao zb33a=nFtv1s#TUl=htg>(Z9|ahe3|FLbP}XR0;1sig{C;l$^NUz#|ga1Kc^t;HaE! zc_}ZM1v9DUF%~qN(>(FnC#rOo^|`|OKoI;Br)N(&Kamz2Ox`xs)U<8>dG7;wRke~C zJ?(u`z*dE{`=t=PZTr@R&SG~yo-#1d&9UrLM0*&#!cjPA{{5mFzZ(msH=M!t4DGsxueAMjpTs9FAm^X)QRkFW8wL*AIk2OxzBGxKQl9Hk_u6!W~m*zZbhK~=~% z{Ugf5*6(;c*(j#&c-sO`FOMdrq6Pgv-Dm6GJrkERq5B}uW=gA?{+Y6-u3}1He$Q-N zbpVrZ>N^gaX%${Jb^Str!jO__drI^N)AheSl7FZ?< zTBgA1^tn7)P5B6~$4ESX%E*6EW)LD5qShn?hUqy~%M*wXAo&1v=F?ynK)n2ibu2A7 z163!E`xcTDl;iXevSc)Y)RYx4?x({{O zA1qKVqbBzi9CBnHI(b?aj-v@%HOHg-RShioo;;jQ&2vYhY0QaELot55K^O%Fkvd>oHAAy+v5 z7=B#y8<;jMg*i!1P}f=&m*<^6VaH38JyE}HDB{|yhxc`|HfKF@$W{x@-mnc~Yjk7=Qq=p+g6D>k()AQO zlbCjhILv*_uJ7Zw&qvQ|lpp`}kp8-ZO1FFe$^Fxm`?tOl+0=x$ zD7*+P9VOl4#=AT?A=u+NCd`A4R`H4S$8(?Q9IJV8=R&Z<(K#Q!il|M<pHh@ppQswG+Fv^FeSB^kL!K6QVupC$vG)72Q2wc3B6BQ$@Qs73K^hd7>~{nSU6j;e#yNM2MZ)Oa}z**Pas$)+ywbgG>ubkUkD}d^E2l= zsAgrRcm#7r<602jt>Xjhi(>+oXBEVut`hu`lCkxMyTfZ;gr7w)8+|3#=LKr5>lk-F zg%E)Lu5|4}JJ35^a;@8v-=xv06UY()#snr7IxO$@p1SZ+=r6h9*LA~j5tpK=$}jomg7eJz2u$$ zaa9a!8-ibvdm4qi3JT`&=2-Uod^vb>W5Rm|jfC%FC0fds<>I+?}YGthBC`--1OLc!ojPgjf9lJQP58k z3D**{_yZzZb=0E9_BjmnOU}oa<Nxfg``M;#jL)66 z{H=o?aE};LPWUgJZG>x`MufOeq8RniaJa+z@{nrYM`^ggETMs-j^kJG;|Lu(#x+vs zVx;kHeD*<2p~ytuq6i{{4&^IZ#??&zkl)wgp%v#nS~9H13o4oQCX%#uZy4o39N#*e zFdgD*Tyr-Mu9|U+Dq$VjpKw@N*S`5Rfgeji+Xbsxb-Nu z$-vd6B=@`s&c_(M&*gzXwl^aV=g%F!T@`wo{LZEfu+gT4qY;u_26C5mQNr{&r!RnM z9TGVDnujCzVQte~I>Yb8LwS(;vN6{08T2$!;g8Nf#BIxX-%}N+f8Bx@Vw#^yEcNG- z!kMBAuz~z2Cd1HQ_VSbG+fpZDkeuW5bTN#i(P2Qo@rBn$2Y@JMY)<>#i_flaU-5gZ zg)~&j3!A3v97*US*|}0oZ~7Myf!O!4V1wASaL!vOp$(&ioQ^Y zXuX>#nvmPLwGz$I`>3214s)5XWE4&T z{I=j6ez?b(euau~XIyXRMQu&+;bUTmrkR9PD*@{i*NA$AH}RTU%{Oh_$7b3lHM~f0 z>Ba35LNq$dC?AyN=DyJ*3AbJ%Yd0U*jUj+x8jLbH^1V8rRGPjW>Z_wV+1GO{pO!RL z@kkp#@JVRa2)l<9PjMG(tC_L%<2?Kbhr<&HytlyPLM`NHac$4r6AFCz<3L_z_CWO> zxJ*#{-xo^POniQg^h=ZPpU}oF{DQyR_ik)(AdB}Kc$tgC&m|=K`68A#%p{8I`m=mu z+$AZcqRN`cW^zY>6m-Kp5#R`Pn-qpjjCtj~?xP30#{4OEea-2V4X{X-d^=NHj zzG{sVnda>qZ6C{dd;7}ynQ9e3q4a%o z!bb0T>od0eRQyUrOM!Cj+TXRV(|}(0jN`EP%^Pzv)Hb`q5OI#qoLzYAAByhD+VX zJptR0n&{md#pde-;4E7Apk0B5WX2t%rkss5*ic*CU>e!Gcor$On#%v!H)S?Rx_4!DW->+qh*4=A9x%jN6WZ{DctvuP!w zbS*$xz;z?s-^O&Ra|!y1s*&wC#-d(p9aS)Wg-36?udhHB#?PIDRS@S=FFR{&X5=De zYoULhdoRuJFlrW#BcFqirRG{NcM z$k$EZn-Z8W@Ml4R+4A2Bgh%$KL`li@e0=KQjPHwVBa_*W4S6{E<^ygFBSJfz6??r% z)|KMX(E0YLQ^A#10IMl8N}9>nA3dLJb>hRIPC8vYW&5yBt)H^Hkqdj|phNfjoa~C# za_8P-az#k6M_N?7w>S}^v7MhCG}^`5kE%|m@$L1-Z~8>}nh)QC)i(~~JOxS#kuf8nm@?A>uX^h93U zv##>b+aq;`QCI?#zU-7&?fHam>b_`U&w=!o!|x|~N?^V$w=h%KnU3KqyZ!*a4UV_p z#j;;57c2MUbZA@bR1}xHp+M@4o-Q|c^~jhJ73Ws^v$VHK{c2(mU*0h)SJ+xc4CYnV zdQU-yH2e8J=F8ac%i@=0@6-3uKIx9amdyPd4;s1wm>-woxXKTM+E84p!j%eCm?F>EPqo+3`9wAw*xmsqO!}Hm7 z9?$dd4b9IVcX?UbV3LZYxPsXZhxnCR7>|VSFfCA7X#K;_HXVk)eES$91Vm#m#ijSJ z09X8uUhKpB1MC1E)@kRC@#69q9-0kKl792aNVSyS)gjPV*`FBFw&!?3)h+aB56ibz z^ivQLwETu%3QfYm%TV!$@dR!aOVtSaKKuoiQLpIw~D$uo@2>%uh76I$F+ zgVgUO+Ses`nQC&(6t4bbzU*_m9hT6+q#BS+(-a&Hu;*k3>xg_#etPU7a_zKVXndN? zg${&BUDn3n`0SZ8YONV%dkJB(rJ8%^{Vb)e%F46mzIT^c!&d=fXF4EP%is8Id!5xM z7H4~W+b6L3E8zr13cu27AAF>L*cQakWq7YX#bx0&-;dZaz)Xe)dtB{NI`1Awdrswg z1pnOH8@#x;0<63Q2x&7wy3CA`c^k_ ztafjTiI53`hN#k>kMvSAgPx2pXey)5P#LF_cJf>R_8+|K1Viu1d(nE}oF|hcTkb9dIKB;@s@d&s$es-6P@gjPMbhr8%7~yuB%q ziEElk-Slz@GUmJv%R6n4HDxZ;TNuB({Rpl5w2=hQMT)hRU}uY@dnYo?Y(8zK(zY)| zrRP9=g4gD{nqJ0DV*GT{NhhtD+TTRjQmUwg{gx`Wk{8~FJy#0r>w1ph`DtV{n4ZkZ zA*}fZL1DRu(A@*~eqSSCOcUB$ybER%6xL*Nt}&rjj*;g4Zm%$moc$r;rL8&wY4}6p zZxcDnkNV}2RFGn&+yaz|MF6?rgjUOg9zem)Y`KZto=EtNMHB1waw(JFF(Pl5GLDT4QhEr|Z*V~h z&F?+|hD|8$;345NpwY^Z1CxpMll!OPqTQJKh{YD1Ir&T<_9*mo?(BUOkdpWF_=)YK zPA2ijbNB0TH}yP%rD|-*@Wo>6E(bV(QL^egzh0l54#6FO@rdXS4mGw@!^_Pcy1IzFY?p(bbIfWa#vxk8@N|CWf>X zm3?TGeG%d1NFo6ohEhNccE@oKXPJHWI;eXur~HeM8++=`hcLeJ039OB1T0*0Ealfw zwim$+NPtel8T)Me-rN@qrTyAPIjtazPqX~M1dbeUdzVGE<`nkgdIpr+CnXlNGnO@t z>7LT;Gh{TPvwZqOpRA6Xi_&xND|XTuYPNskjrf8HpG5AJ+((vpYOsa|Roxjir$3}B zF91ExOPKz^gOJWA7n)GdZy|tO`!=D9=JHn80@7tw((3iE&soIMYHzUeK4_3ra`m1U zbLroYaTGj?G#I?mb3?bZxpP3a!ZfAul{z^_n7f{o+#Xy?$@B<|FElZJBDAgPrNi`ej~t{OnPRC z=v5|260PUmj!M2Po16@8xIn4Nh4u>O1bM;;{D66e28ztK2lfke9Y5&=)5PvtFpwOQ z;3HiY6$K4;)z2a?byrh+iHE7b^T?UVHj1QQ2>seoJ;=3*7N5Ii-H2g{IX_vvjh_`*U*m&vj_baraFdS4TKonxCB3F4R zZdJaa%yVl%lyhX^uzjiFhrnX?zK%r_{+H z!<)cb+{^10NaCQ*_jRj3n=BUT43W6crQAMR4>;@XzVdq?{kh1 zek-5?3X6*egPh)ZJL$&*N9C7a)F9&+59HZ}#Z@+tW4}f60l?wk;SoK_Zi}t%J-nx; zzP^R$+YO7QIyd2nX|>7Dug?y~2>kvxL#9jm9AD?#{kxAjq59YdN_y{iS|*Iq za?2Q3Z`e|i$NbQ(gGk&y>jgf@c>c}YO7lq5wAJoA9A&wLn-rO>A#wT*L}>h_YTcJ0$nD{FkVC`qzU^Ye1KxhsBOBn%W!|FW{Q~ zsJp*JX~fTUV&k)Pr>-^hZ2-nR)KL?zb+29CcH)F{YwAX({t^Td-M{+@`Tf3_H- z*Jy*v@Vs#NLI$jl3w`VZm!oa*wBH70XH@(VsEc4;92$(DPmd`;s690^=b#uEQ&+_C zLW06j%ICx1oE*w$|C!yOUwoVYCNS?NozowEKaK1&mV%qJ_2*(s_LCX&63;I>3 zxqDyXhDZGfkY4L+H6BYUpJh4I_L)kjiSsiJEN|I({VV2)0dw>OzzG+vBU_}9y z#HXl>cW;h>f=H=9k&g|~vGe>C&HN$!xPu{GuUi>9_m=E03}x9`sDO;CYa_wH5;Y}d zz~uq_v#oEnBAaA^+a!Y~1o2{dqdg$tdn|o%UDZ5@(Lju|%e|i61M?y;9}Q1|P}6ZZ zd@iI(dZ9}MuxmpzyhN857B2GbeQ%<;z7Tn=gAfpj!|$_(s~0Pe&`B?U0_8~b>4|DQ z*Y1fX#Qm6z2=v2#LtroFBhMpNBm8ngy6AuB*U?Co)cAE4huSC%%qH;vsJlvoS=9H4 z7ZDdONBP}&9ly1y5LrKd!c6i0Q(u=ZV)%3B-z#fBjOST{h z`i&wgLG2t|Vm8w~qE_!fGb$V`#V4HB>@>r=KkNQ7o$=m^$a@)ywJV;>HK%>zn_iB~ z{(S)QV*ETSJ0@&DFQY-HC)*O%SPq&z<$VWbQCMW`m>+1okM1NmB;y39Js78fs6CNqOXS&_U0phqn71T^XVt!yJ zH9@j-H3V)`qQ;wH4hTZt^sejNR>^7)NPVx>8i^T5A+@e8ASe%OjQ2UkZ9BD> z%a;Fm{4}wG$$iSnaND{ku(ae&SRx^fLc~gYgPBw2zEb;uSWUK0AC2_n-VV}`?>yne zD3NMA0393IHl$yQ#V^6RSiR<*o+{ic>CXm?iUybzV|RS1!}YNG_F&ePx_^(R^5eYR zkL!V}!y+tz&XelvN^Z9&E-MYU3pf+eknq}t733#+Jk%HUthiJ5)w}H-1GiK--N>dp zWbYNiBSHO(Lwr77Cz?(}*7SdA9G9soe86>Ix;GfLXJP%DYnS+jK~GTk;qeNR?(&%A zMzZk{b^knEqMWGn3J<$geE8o?eYWaR-w2eFZ1%nQXL78f)J(42%tB(ThcX!)wg?5S{Etb;Dy z5Y6Y23u&lb5+{;{KA%)vM8~zi@!j6@J5QEv9)c-k`keupiMb|PF8aMIKi{vR%IgHkBq&0w6m?j+fOiT64pw!zj?*)m5kVxn+bMWnXKLl~#Fy z9h|tmpNd}jKLD}o*>>|UfYle$TU%q@I2ErOdl#y#-~2ueG6T8LRj1>9jTQsTaou8{(gEkh??)U*!tI z^}a;$E2p8|==M4ogr&C)wZi=R=~Gcz2%kJgYgFi7vY$-LXzKF5bYt%!0{?<7UhO;| zB>ToehAYKiK5kjUx{oKkhWB_F(+<w%&hHp=#{I|L%KcW@68L{~E4QCXr;qwt?{xKc}hfJXk?Y1f9&1?5JhASgf#mky2$eb6{s$_j@!`lTY+hbAS@09roL?~7d+YT0 z@PL&UDs*6zb>VO3*i^Sml#gjb?xTs4xbcOF6?+NFV!ct@lqfQLjl6FSQ$3D2sOyc~ zG##?eLk~b~&J^K)#vghzdjFNzY5iv?5EsS?J&j5CYP2C)1v#oX6gIJZiNP?$k@E9h1}c>HXS`{JF{T#^I(CY{u;X8$PP0mU|Ol=%6ZJ z?xpyMz*VMAZWxYq2DX*z!linc;VoF zT}ykqeGVDxj$1DrdIvO2aEazC{SU$49GjS)J@O949>>ba( zqeo~&JlXr2@fpqb6hQsBIpyim7_aw;gi#S9ZEd5cbMI~ywOOI3_ruzEoMR0p^9mE3 zyE>EIF}9%VBL(&6o%r_VAOK2R?rsoD{y_VQAkGx1b1xnfq0$$hT4^uo!{tNE8q;nt7bj&m0Y}ie;n}pLMc`7tXFZKu48Rw=aq|SiT7oi zja7o${Ij6hA6*AbTavdwGJej&IWn&`}~{7-{;VE*dl#q7t4EIuJ70H z1z_*ftV5u&wL^}bND*fJt6}HMo%;Hr*zvhlc%x&%j%e=+6Q2|}vWyao0H ziOd5y9=wEh)xsKl>{I=JVH2)K#XwCfz!Zi4R zm*e+mkuNSzs+>7f9SV?AnWsoB!~#4F_UA@yL&9_=s^4#QJdzMN3J% z-+F5XPozQ?aDxFVhVKiSe6X&V;j{Hgy`l#9-hnz;nZugk@x?yFqB(zTS(If3VU<-WadET`@3ZX(FY z(VyW|{nQH#!ak5W@}5dsC9|B(w<%fGnCJEw1n=DyihVC~8QED&sjghl`b2W4j#e-V z_mGBxOKGo1)(;(@<;=5cv)=r0X{XDccYVKt(VOH#3S%FYiE~fL6!WaURg(BYzppz% z9Pl;vOy)^#zHF(;Gi=W$n0R@VtNhs*ifjAzF3VbegM!O#t~2(@*|mC0fTTr_@D1i9 z<$Y?1mr3R3>2jZ>J35U3QV|!mJSFxZcZQL)CWr;Z@5DM&XFRvm{xWNEC6_1nQ?og^ zcz@@oB0TH{Mc6qG`abGj-6}hwU`O4A--4w_xsZq8Vr*BG5G4axL1~G<>EVg-E!sxV zj8OHg*6e@j#oN!m)Y1#(gW>$%HfpY2ARG&i@DR{6rLkWTI9Mwd#Ov%JS1_(gKhDn^ z5V8;2Rm3Ld@Bra0J^S0(y?+Qj{#3YBiqpBe>%xjdgA~KL6^|jBBJFM3cO3@0E_x;R zX7iVAYKsX*;SzbX3SOs~CJTWjCX@P=SzMgG#N*GhUWOYGXLygi@t(z8(3(qWAuE^e zckqLQe}aRimy;bH5^cJkGX(zO>7}1pyMbSbpKddf>-aF%tb6iwuLpi=y$Pm~Ge1T}t_~-t_4r+vZ*d8akIcqvnCyZ$r66he$+> zN5(dP{BOF9SCL-0>J@wN68JgA-zX#CO=TiEDL8%|c#SXM9hw$`L=jYQ4ea&T*OX>@ zWwXhdg{F_n>=?sgo_uPm*U9I*oqiiDdR?16umq=$H4sGH_T|nvpS%alc@L!v;^kVT z&*}6c%Aavmn_#j;Yi|n|4Rg|)i{0T=on-_yb&cm z2l{e2A9Md2oY|bz003M1)FIFJn?%M^f!E**$uUFoGTpy8#X&BaSCzkO2*bVp#7=(r zI~{)4S>N7%dOd{VlM&qeJBdWE-^d5?xV41)y!N$e=MuTrAFJ0&C@SgCyjza~4)YjM zDfE9vTwqruCiLkncUk-q>4vKcn}CT%Nc9$zeAwQt01CO#tUtg_n`B(cDTKSX z_AX-Gq}2_i37)ex3Q<6j8qwni_lPPnOWLQnh{2R4()*_L2Dr`H%OcHr^@IA;$J6C!I<{PjiqUPS!2Uv)LWT1t4`lStZ7>tC z?Yf(fi?$SZkD5z?-tP!^e!RMglKv9x9~Uy+bLu=q2Bv=UG3A^rX}b8f(JbyDG3HM5 zJZBTs9U6Xi{)QxR9J{+{CY$>Th($iC+Iy|V2P}ZezTQ*KY4tR&pSK#f(WGh5yNwt_ zmXVDi)By#7;|pF)`U4O#6V?gG1J7OCebI^{Ch*JroB=&|63uu}hy)z4#u-5|>9v`b+pUNGS^*&wY>gs;a1rve(d^^);jfF83?6Iy2zhr(gOgA)W2<^{Wv=7we+qL>x` z+JND1LKZ}+{Sugi8Hp+tL)bqf%+;%ZzK+UVuN*FmTzTZe)iB@3F2-P}$E~WPhws}T^2UtnC;VZ9DRzzoR}H<3wGQrQ-KAOJAyN5PV>2GLAe-1h z3XV5hEGb|+*j!yUOfMQ+SUl3=l5;k_BKxTKOmg0j*+Vy#vXKcu?sr|0FC*jS8+rU{ zU?KXUEMpmmb1Fm5MpLF1w;IaIYaQ z-LIaEr{Lm^!_56t+b27VLt@G*S?AIJ_QyG%BaYhQgzLuS-JaC_jqhyt7ZZnGuj!_g zHhWC>{HC(s#><)GnmO#Pf@&#?!Wu3wIgdS^SQrO8&^KzO8i}DHG=HSG`w&#>d?@AC zv^ARa-_IM$SUrm^BMx}z-{sUHHH=+tTk}fn4dF{!INTij({Kl5%kM#f}*VXY;?XKRp?PLQ-iiW0yuJk#y+6Cw@E)}Ay~l~U5bMNRcy zp$Dv6svT~rTNY2w!kor>KY7L=DD4&hA;!}_n8b!C$#T&4o0mSMgj&F}>~Y64e_R^} z>N4reKlh1CmN0)}@w<>@98|~H(1s|zB8Wv(xbYnAIi{P8d)nVya;u8U{vyT}-7gpW zju~3ny>gQ8QJo6uRrgvZ&55bft7tCdkqO8}b=7Iho>R5X}+O|6S|JBlH)4`cT_(Ze8Pnb* zg8yKj#lBZj^ET)!#<_#>&jhBh3fo1(d^Ak3GKV{au}Eb``~4arz#YpX~J{aK{@F0A;HbWr!B z0m)ZKa1Qbd=jiIT6wb<{5(u0f1x}{}pbyL8z^q@be4_(%3-fhHh`_;+}?OVfv z3xpuJ8e5p|=EXz7P$Q?yc$ zdr^2RIxlG`3rJr&ht5TbBz~5BR=^aFzR5pc?&K=({cXAx3=Xk6ii6ZeCoG1`g>QaX zEa3J>Tp!MRn`Ux=ViGUOz=IswY=IpYnSXB5`}S@YCP%xkT?MCzIh*Vwc9Sn><$-p6 z@*h8W(Y%d3d=h99jg0C2!M+cEUVu5|!qj38tneXQ5{{jIg;g)lgaf%~^=pP1kYwn! zTWf_uP4uF=ebU}94_s7UZ3FMlPH0fd9#Ff$7~L@Ff2VzsHd2Biho@6q^wg1csLCK4 zetzHSl)qhi=Q=DJbwM7VZUV)~fVJMZbd10(RKuyHX@MQe^Fi8!tHb)~vA@O>Y>7g} zaDH!5e(Z|I;z72mAHDE;MbG0`g=4AU+aA1S$p^OMiU^Cw*L}P@ASg?Mc{H!-hE&3O zS1cFyG^hNpfGJy-bhK}=UG(rPKJypSy*hJ0wm-S>r)x$i$XonHj(I5WYu)EvZ+dX- zr9o$b#;v8!B;&1P;t_cp?Zq$5ewMFA-6#F$bv29UCZ3+BVU|aLuLF(5G5imLW442s zp+&5u=p}pXrv1aN>^#w!M-{e){-lksP>mYH!uOyQ5|DDAY3O~Bv^L#R%(Y&7ZNnYD zmjQZ^_UwrGi8_cson{r=3|6zQD0f(N(Ie|SMH0bp{FLiw2W*!Z&7il6WID7<%1R3W z$D$QcR&TH3+-|Qa(EOuhS<$}mjW3a)?8A#TI@zc~HM!p0GF+#d3p)#RtIAfCo%bQY zm%~*EN*&F&P6F0FZrJ+5X2a)OaLqeC8prZv6SC??Ed?~$sd?1Z;Wmup#2Bwfu)ou8 z7}@sCoj$c*l)e13_V8`Lb$?GoVS0%_)XylISoA`0jDvde^1kW)#W_=Y=9Hh|=o=$x zImC5z*4Jg+%51gJ&xboQ_=sKGZ|iDILsbgKi%u67w_NK9dNhA74h+muK2xp?#e{QI zc0htwk7WR3F;lzSowl3+qa%NyKyS7Q>pj3_v9cQ+I`%;2XhTTDls`s_G>t|+va0u7 z0e7xb?oOf~yn3ErVk!h1+H8gj^zyN?bF52aJOPURh&ed3jmm(#0EiPmK{to6XLiJ4 zL%~)!U7EPmKXPsGKHDD5lB)eU%HZMLSdNUo$n4>M@uPc)vylm021nc0yG{`n^>z@wXYMgg!_vzNKQC^HnZ_#J9GnTM)MVHe)1#j&!{uBY0$ zg?Q$}Fn|f4=Z~t)TffYNRCw1Jh>b(Gv3(Px^nVdkH9rVf<`5m4`lw`Zgjgkhx>om( zaLUMcz_vSE)+!=v&4`~}L-~4>@@Sd(O1hWmEoIolVJg-^se#HoOdowD zmrh6aPCo|HG*haeH&6DCclq?v7qNqw&+RG}?Kg07Y#U$y8aZm z>Z=guFmHKbQI%;h{g7sl&$~E}ag!27aoxkS0bY?5FH&g1-PPy1&qvU$2WCh(*IRJI zS}9gX$9Nu{X@=UgL_ZdFQg43#af66vN^aKdZA!uw@AGM|cKv9XmNlv0TeykG|K=zo8?_bEo+y3Cbr9jO zWIY_U3infb0byNP?B}{^H(0mnn3VQg8DEJKJ<3YTjhsd675{6OD}1Q~I+K!B;Y5PH zo6(nUt<30JOZ>?X-LGNeDsaJyk^iTg-FjapyIGZ!?K6$W?#m*lw<9gp&)Qm64(RunTJZ>)Q&rRxxPx|2 zc{zQZevMZ#37s8}>?fN~XJF`&@8kQ{ulw?_$MA(+=BL;l$oJxXOy!Ob=|h*c?Gg78 ze_*&U6qnPhQ{KSG8tO@DMt2Yhjs4@$zb_9fzCV&n7iZ*h>>A_GWb+D-TG$TkNphsn zKQJlW5)v_1cP6uXrWoh8u0a1ygr{igp5(r3wghVHwtoJZ&56;n;rqznw z-BuNM&Fvw`%V!MUoaVALB~JD2T|K{Tw0Ap;dk(g5cge{4-SdN|QF0h8{JtZKwF3za zn-n@ntv-s_NnAC|*}`v6D;%zr>CB`dg&Qr$YU48p>S zeF_$=ck+KY-vfJl3QXF1Q1sC&B~ZofD%owLqu{u; z_ILS=V+~4Nce#WYKYvZa>rsVo!+FNl$t@&RV@K~ec_n2d5LN!V%wD$_k@bgn)F{hF zVc+b}5QX5tr3|gho<$XNUy-z}g9B!yv%n1sZr!0x@C6{$No1#N@tfnu9p$%FK_f#; z@9}C8!Yd@J5EOzAk^ilA2scvqfcXng;y@J3hjY!Zfib3E?{Bq9A-9^}O7acZoZo=< z*04W&qea%LF1meg z8rg@k;VbKna(RKQmtJj5-*6&#g%z=@a$4m{0icl$@C|P~%~7XhfCsR-nw>92N^nv% z0$Qlb;0lBS2t|8wAFp*9wIO3`oSZAO>5>pVj+qyGfLf5Wkhi-AK&i*52*728up?M) zOIy(pwaw4=?66fRu8%GMJp%s|-W+X`edK$nI7w*8lBNj(i8#*YOUb0?joS9L#|Cls zqU=wg{rpe_T_g0_?b|VZ6vE)UPn17GrUKgmXg%=*c;$^7K9|#lVI;U;!@tk`D=MIV z%1CQ7vo2bPUjEruL(lDZE4FHR@0ZBGjOF=CkGBjUnD{MYe~xvc_e4Le_EDst$woJX z=&E>*=6X)%a_YqLqXY2%x-CkICh!L|_YtA=4@X;ssB8Lp(5-A(dG4$~|0 zzId%BI>88gvi1?&K9dbnZ*W4l@wVL^NRSxn53TYeq0@SO$e~gTFwAGhMSsT6HOA(> zNEoalL_G~n?rtNBX7q_8GjuOW`&BV6jNpTh$z5LgCsvCBDwMl?Uhq@_y7+cm+wy&b zd(sEC8+}lH!-O{I`{!?h)9a641I`YHzPhI-QO#T^H&CFtN&x*@%sJOzhg)u!N%RTy zYrw<)Xk~Ke`P~yQ)l$*`zv>SS<^y0Z(h{u}0sqqQ9PW1ft-+clu*fXx0$ZNZO?fR8 zaO!9P?=PyaAR~yB6Eeu5Z+a~p~7?vX=TcL7@L%Q-y=x{@Obh>ei+RzAh{M)+Xt_);j&Cr zgO5h<6OJP|@;!yayb zLk>rRPR{SxqduUiU%a4}>^3^n3v+;BfPH*d z#qF{Frn9N~(=_=Ih9Aq;qO$sU@x}w^EcEBW+ds9<^-or62!{HZwLvGoe!fh35nsop z=fY>V2TtEpsF9L@UI;hn(C>M?-YWQZ1kykx*M6Tcg4=)0OWc=_*6|awK_|Mocu3M+@?`^ZrGDI7F|saJYvpoi_d#*} zq+j}I=MdMC?ycl}kt!k~w`m(&e!?Tpk{0V96G}R)cQ7rKOM=SmXHLpm4oLLlbUaQV zTiNxI(y`SLk?cP47E8GqEsON)a@ynB11c{{1Dck%29Hk+Tf%AS_O)fc;o1C`m&#eX zGZB5hNV88YRmpQVg+EPY=WF+%H`zjZzSD7&o;#FL6rY>tRPgWYmG?6WYdmDVvvQZc zLJR}j)TiW<ig=O^}@ECT)QHP!ueajhn9O28Me#-WA-AD#gl<1fj6C&(#lohNk zP!I%a;~m^rsM*J=S?CeXD!U=!-HSL2>)QI0w#$mn0_C7wL0 z7RdY!*=cSc9e=tX&#EK${%<{c+5Euy5bYQF{po#zhI_ojhXFk}9*w9g1jR4)wciE% zhhjKY1Ly+n%rm}Qb#EBUtEWa|@EtB@*%cVI_EY+GhQ`d?ePF1d;J=Y8=`eyuMnk7g zW@-y#H?K!2v-ohRYBH*B6q>q2@#3_>^2Aj5!@==KQ4H-~ENGLjIUt$=h7-TmzTAr0 z=|p^q9sa2h%$@L;&nY!eOv*Zb!@;iS@CMKY2k9N3F%fW?G~8$BPEEQ{gWLKXEnZ`CoXzuLCN9is!KxGjERZoLow{I!X`jM^gDJeP!B;yy!>Gd*iz3 z8^(5gpQtqU=)5%*LO<{gC$(Lk&GyCE5A$&mW%XC}btP$Z{cniQS<)A+qxgTBv{wNCp(tSPPfJcFlN!yd(iU%JhF z7SC@1NbTRyh{1rY)}agPp~gOt={}Q2Wv^YkzSMOuc>{1-snz{ak)u#PLJbrzwx(6_ zpc|W3ldnJeA`Lgx+&{;@pjy9fek_3Z9byzRaIxTCfWPQZ7H9IUgTHH1ee{~&?^UDe zr~7)YyTG?rw4X48MKjzzPR`{+ZX?>?H@~C2f83wwe0mVmy_4*`Uv`5Yu>Lytr@S() z7k_+?=Kxk$mHQXWbEA>)DhsjZ;Bq+MxH?256JyV4?wA#$9aCWLdr=!CsH;ZOJ*JrHGN{rn~S!%g) zZF_HqjMLb5Q$vwMB&ir7^Vw3cAzyj0t`Awiw|`6$Qa`wL;LtJQj0~FYnC*0#ayZDe zbNK3BzMp+p|H+ZIPA!zz)rCP+=7*+U-J59JrglxZcbJe=fOq}Jj>qpxq%QrX@%_Nx zXvkU)pE@x^TEDfxJ4wrTM9(WZI47)+B80?8N-HnZ)U>-ptEhhU-!PzWmaodoeYlhP z!`$xOzN5QAB8GmxI$|mR&Z%u@p;cLVJKO4xC!Q8gYzX7i6;{;WE2bAj6YJqT{aS!O zZ6tyIXli?vaF zU`lnaBo-;}fp6>hI}kR z&$7E^$)s7LmGvdo^ombeqM(ZRw7}P33Sfw?&k_I)fU!n<)ZXm{;Tv8$2nSpomSwP*!w>fL+7KKc?dLF5L5(WvWd^0|1 zn-b68eMRUoSv2YXU~;cME+&82o;Q`UZ8RA=gRS2>!q}j&A{zweoD&s7y5ZJ<1S2hz1r4wwh@uL_s|7$@UYjn9x4-?Z!$v zWVP>e^lPN(^R#DIeVxeL{@dp>TIKxjd3X=Bm43omXW8V=K2;e>Me@!P?`&GL=F~C7 zp&K!j#C=K6jESCwoXK{NLy_*u4n@)@TEbp0Fm#cKuie8q@2#}r`lW_rv^-~Xq6fOU zRlmo&Eu}~rCt+KK)AMlzhsWi=kC>;2a{B<#pGbb}v#8tIFMw{ohIit;`w#X$=l6cW z#6`Pj2{{vK72(@2EaIHGDDU^Cod5@m1w_M-cvHkbYcX{|YL-B?1208)lDM^K9>zOU z{A}No9K=vW;^hHTlZjZ1;cj-XXB(zG1#p{*Ld^V$o98K``RZalUHb!LSi6c%?;4I- zdq}=E3Z~E)K`dGQ)Cb5z+3)wYeo>IEvo?7x-l7r&hsqFU$W)N6vvYkMllvV0(5S}0 zM&`PAaZ}D))bum4uQukYs#)+nN!1ql7{xNxa9%K`b3^XetY+Jbw24Xt`klHqK70?3po^VI7#k6{VeMhum4i0@3*+mZ7{04KLz2>{D}46gnVU^FM!MK! zfw~%$oLt93LgI#(^|HqcxQE4RKDy^m1*Zms>}}I^UaM7Qws*w>S2jic`G%q*yaB&m zuQ~Y!Y$k}_eI45euMn;%as=d`;JS!+-GfOOesztSy^IEO#QOC65aRka6b6*b4`Xkm zY~uzbzqztehpvs6VR6*Q_g?^0c-;C4YFFnX$1{X(kDh>rS_FbdpafD@Q+_*YdJDFy zf8|Q(z(A$3e2MS#+N$t`WLI3r69DGkn`GZVeQIb(@SA6L zi?7PCtia<>vHhpU7r=PE_VmF2UfoISV3{agoj(V^4hnTPXResD2y(x>=J4(er{B1p zmBeMUI_lk=(HS>m&;w%ztpDr>kL~VlF5uN)@uzSGXyNvJg!;gCq!KFgRl5-7d#)WT zaQXB7{VN#pvD5Pu+gvhrf^E#}GaCUKC8T5w^5GM`w&%y^B~iW*v&j{0CVLJbvjvTs zbK>vY-mzk!-;y@Kl3-y=Bh%8yJuXD2e*iy>l)ct$x3M@`_e!5KgK8h!PG ze;XD13(YIPS}c;lH5UtWn>Tvt;DExlRvx5VkFUwA#;YVFmFof;hvdi_vU+Z zVIAO4V{rgp<=VI{e_gjf26=go3pg41~g(!+eN- z_0>L&gjSwjElLzr2_B@7@U<#^+As*{DQpqzici1=l9=GAP|ZW^^H8!wYr9b8d*|LV z!Uf^a+{Ov{@AYd2&)WkwS@i462L{R^${jnD=E2VB2uUhI36?9g2<$XqiM1q*&OEfF z5Z6FFZz^oHg?+9ZXJ(%XRCC`tyV)$GTd2C2`zgtX2Vrn;-^vZx1wOQkfga)D&-84_NRmAJN7VC`0Cq^!vEI1Ec$Xj6OHLCGX(bW6HMu zD^i~z$H}7hMI1J;B|?v%n@h51KRMx?lHu?DIVlyVvNSg=hg+g#4V!!n*st5|SBLv| ziXvagzw!bxp@@%f4!M2$Ew?8({k7SS7y5fnXJbX@8LH^25q$BMuuYyO8=gq;lH8)? z`-}IFRy;@s{Z;gH$e$6D$Ct_9amr%gNm?i02AX4!S}^*#*wIfRz1JPKP^{?8`;-1y3N>iM*p)_T49HJjWIK zxu$|;gLy4;qDbvU617Z6u>er(aJhQ;L6P|sj86Fb0`^MWLZ_^uYSZ5ywsT`oy^arB z->2W-R~KUct(?abUB&nF$Jai$`nGhb--Ch50U6<_9XKrkN7yx(TR>Epn+?CMeUs9% zc8EFeo$rf7tt7mPf0GQ*&wjWnppjgj$u-5~utLTmfOazS59eHMLHCkVFL&-Q)dEKD z^WM|2!teHwcom+*(mrXO(GUmd&xbK*C5JJ54{qZ<(=z)z>d2%TXnR7j{q0~^uRJdB zqAR&durq471vJ;@2#3WW^E?O`>EHEiurSPFwjc~!N)(|Jn^%tNIa1}%*XK%8hkX+W z`JeV7_S3QgM70RxWuMviQ}`|_uuRktQLd8Wq>6c;hI|ZnB%77so$FbCLV?Bb*FU^T zgNG<}{}2l4_M?U$n(L~)UZ_uWq}#J!*FJC3cY7?yiGSNb`9MDdl*lm=EDa5iS!#6=7c2BWkr5tmu(b8S?8k9yAvUr^_gY7eLzHJ>}%-s2aevf`-X0BV!w9 z+NG)iLmqBeVsiKS?0MO@4~QhrcVz2NIf7Ido=JLr(uVb>X+n=CEm{uPZ1)=pL=2O? zxlKB6R4@t(jUp8up?#RG{yea`tEgI5`-6>;kB-{PqwWpdV>6*5A*s%mHQvjYsG&jy zq)36Oa16fPeNYvig=L>jh#Lhl24|eY#Se4VJqQA)L2w!99`=PUj4b$&Z#ss%^3&zd zNlxRaeTR^xIMp3AdrbnD@0!fBKto zL3v3#i)+qt#>Z1Vmj5NSQ1mBeA>wg({tVOE4Ms7cDo)}NQ70Xg%--kUpGpf;J4@UR zeWe#*||W7;w=QZBXr)15Q&bA1bBl2n9q+ULADbYDE9NIoUl=vn_9U_H1` zL5Lh*(v#wo<5wp$D|*H!Rjf~?RQwD!-xCzn3zXnZ-{U%qhzJ-#ZqVisFDC!Y4vRLx zOIcR>lhb)mKcl53Ru#XK3iy3}sPE9+_Q4AS5;-4~PZNYuK@a!!n-C4#?AMd;KYeMf zAn~D<7@oA6ev#Pa-jzoFG+s)-Erj>FhQH_R!4kE%M>`n~FDMNoh_?wIx0!g#KU7l^ zEhMW<^RWPUf)OKd z9zl34`p0JHAoGfj)nBfUCF~zI2STHhUiM zk~AkhF8$w5l{!4Jk5#6$24M4A%i&RU4tKaS(-9|O?x*wmOtC+>IJ(y5_4{a}o82Au z!O<1D2mCEt(IX)vWd|{3m`lT%k@TZtlF5wUB(#@#s}44p6iSs#)8nl7gk{^2lDkXv z3frH)J{iwGp=afZ?x(E$L%9y_8(}s%2CN!ZxWC~;8-R4+beGnQ;|TDkTYeokfP4Fb zmB4{guflmUoN*wUMM_%cW|G0&>`Q!giioQKeONNy(BJWlAzPebH}XQgS0x4u#urn{ z8*K|N$Ym?W?2Rf=gLztX+Yd|l(hClmr!j}?QD`hpKoU|dzF{mmff5LPS}x`t%{J#} zaUE4&hLmk?+_Ed%j{%L7%HNOfaN;`J`=E9}gChT*aye>+d5p<~hs4BhcMGme7$pM-5YFEouh|L^d5>r=!Ja0}Md7 z?fb~@1qa8usZLZbeyFd&yW_Clpct|_yvfvi!aDi)fd}jjkNbQHH|FYu+@PjGQ~@^caXxDrXCHScx6wHUZI2TFG;}3%$MKVzuqJgH8O

=loj9z|jhr$-$fHvK?693fjfR4$#~`$Xc1J~byai^KYCE>4vW z)N4In+!pq|N&jTDa8R}5{2`HhW=BPb91X)G^9tsEot3XQjY8?nz`M*4)Q zf%clrem}XaF_7GPNqmDN?nARI3467{ayXp?ELx(Z%C9eZ#Q(Hgat&j%v~A<|bI6ah z`2E*C8_-YhVZdQagoW8h8~0F$1jdV9T$s7~q*D@p7G`i5;)hIP`$wmPTn`~GfwDZG zvG0;Axm>5a{0(cyYT^-ka6C7AS1D_-99x2Pj_%q^E~yjeI6_xxtu$fMdRhRa4EB2O zj8CDk5p4Nj%Cebv>tQ;$&%_0*AEV#z&kqzeXrlbVj?OA2Np3ZQjmRncGdjWV8s>eA zzT7EZQlqk66xJ4YI_A zf9dk8Z^@^*cIa9V!$BLq{&1|{OZ`!^eHH=h2W-X@cZ@oaVl3sTUZpzIFij}U`E(Qx zHSt%T$M?{BXtuC87uVucH=uhP>|%NHW@DofJlv9C0%%2Oaq5(d0Iq2QZ?np;9lTEm z95v@tp7;mwk3L6s`uP`sRzZj5@{;uZp|?@v7j6Zy-_ibkC>~C_!v9L6UEW-I^5g66 zyma15>AZoZduja7VUDH>%g@y3k;C;@O3{OZexWzeX*%%5m^E=LJrBowf2F zTI77gI|mw57G*f`)X!I!mx+3yEo}t2r0$~$6>lq(&DdAD)vFKj`+fm>R~MG7`2E08 zC@xni`0=R2_AAl>Mr{z^&3HbQ$`rnc!LC20ROxv+!;}giN#qXdz+Pm4RRo&w-{T?v zv^;Gm$N-VW2bVy~>rcQk(FTL1frO>RnM;B|wwS)7W1T#>Gvyy=1Af$5u`gKPOtwWFw3~Q5X;W=K?>u&?d<+oDBzt*=8QzBMvDKd= z(FE_`HA}O>(iZA{;=$J;_kcO0HFaM!1sF<@8qM*!kdjy9Z|lcjP6sn9&9SQzXbV zOvMc!kOZJJiI+DChxYFHnAs0kHi9MmU0j=2Z^6UjU|?NR@{zil$>-Z11=982;6I(> z==TK_0~wKF_9xRP?#LhTkH3QT+4#%^@6oOAMqC@BthUB%c+Dnzb}oD9b+`f*$~-TM zRVMeiY8r>7PBsbs+X{r5IQWZWT8;R8tdU$Z6x2y9f1-Y{K2VZ%8Ve^p?vtA)&zB#n zg=aAW_jEiUPtQa1g{JfGYxFQn@3}vGm1a3a6E{Xf7>2{XXW`vz0$Y=EAzf6c#IM7VFrwg##xZ3(|LhMm$>~j<@WfK>R__hshQ$v>13@m zsYfy&kYlUDTrZ2b`eMlB4XZ~BJl%bu7us-W3cYlOd8xl{w!~OpoacQsWQiP?GyhAs z>n!6Jsq|;}($JKUfK2h8@qOPfCBK*wc;Ps#RwpGto=bFYvrbn%}tlF6VxbTNi2Wa!+n3 zZ<%6WpmWT(pFdx)7V?pKh`*sxeNEjQi(_}(nw0yYj~O4x0FrYlw#tIP#Jls-tn|!N zkBCb+HH8&LE>f`}sVT&X7%gm|`1TxQqQOt1rJV$;^B!(7GuoLCG+IgZ^Hc!tOGsi@ zlm?t!_D?MQnJ=~e54$gP*~xtuUIw@Nk_``(@6-hU@F0eCx^ama;Wr1HTJ) zSs-!DtN?>5;+PYg?dE@EM8A?lerYZ!9Fc@iU` zWy)ZVWdQThT7JT;x^G$mg23MiQetnIY<$1@kT{P3+LZ@tz6!^F(AxU*ej8rIJ*jJK zCZ~&%Tbv^|(((6?r1R=hR12c;Um^-TibzliO6E-oDmh8|^|R?&Ywn%tZnY6ls8hA; z+YMv&PVYm{)>cYR9XwT|u;Q;HiLFT!8(4tiKXzxQ6 zo&@R`!Q%e3y?)9GGnP1OGW-fR*0oRNWp6*1`P~1s8La2RO`C+5%DCEsg=rkhf1Tq|Xzu5bi_yV08O195T?{SMYq3Cpf>m{*SvD3q89piafBe){ z`1ob+?O+}}ps%@}1$~sOx+^2}%q4r=Vkr#~yx$C(t+W_dzk1+s(YM zO%T7XVFn(&cWwG=Vm`SSlp&H5;;(P_g&AT0C?M;NOY0RF{=j`=yNRU_Wl%Wj-1g)4 z8-$;>zP|E|GrSu}rriSs-v@X~7Byl+4^3eAnExtgdY|CkyZNH`Hz+Y{FW%rQ75%D$ z1AxvhQ!g;fhxXu@0-Ql_w>?-YQ1X07j?%uT!IRJLUHz*hfe%2Uq zEUrT4P6=MXdsppnH5GMQg#2 zB&MP{5(Y%G@wLJ8U!IGt`#n23N9G0(na5cf-hay}dCE9)0H8ZNQ0hVH6w8pS0R%Dc z=cB=3s|51`|KwrG;k;hKT){GF-BnqV?{};Na)&0^w^v-YObT16wJ)?h(I0Q?(7S4D zsm3gYl`-;tA5Xsva|zGK!2sFW_OfR;|J3+Sm~U{zKA((uUk(8$GXz+~6%6L@aJ)nh z!ooKwbnkOqUvX-3(sJ9Hjr7Sq{H^PodQCqo)E^_^o?dId%NBDOP0rL8;wSTBboF&>!H z#czrz@;-z4SI-bGBqw!fnpU8&w}2DIFkqMZa?!U-O$%?q2%cS4YC?hL9tz2gK)vQR zk`Qe!<#78kaUEW+QPPLWIdc*DOO9Gwx z`USD)tEfM#S)!h#@G@^`R44iCA9*~+nq`t6j!I|iDkr{s>XmFMdJ1iuPg{-a%_7O=Q#28glDo%Jku5 zQU#|*pQ<|?)p*s2^pXgE^cGOA#LT7+RzD!FZF9XRYFVG}5rjdz_j+VvN)SU!d+zXf zXEl`h%>EmRfF2ukQQy}wn$WZQ%*A_YqSxnzi@4t%D`kkcyltj%FYdB9&4=*z+Pcqu zBeFX`<3Td1e1pwu2)Ps{<#!1`&X9y^OA$oW-Qd+?qrzhz`*rV{5!c9P?YG1&Ui2R9`kb%Sj0dhi2KaFqmA)(^Nk zTV#0_{k;dIW%r@;8~LTZ!C#4&D6)AZ2Uldymtya{6y5i}D5zRcJr##ZEx0Xq(Pv?D zw7%fS8o5YkZ$FFUPeI*3{C5DZW}j3C3)Z*lB_|P$;7GZR<^uFNaoaPrPJ`mBLf1(Z}rUJru z`~Z*rle-O#2RBuKFdoZWusjJ_}GW5f>bnK z;|6Hu8Vqb3e=E7U@dDjozt2!J~bmfbq8+b4zt}uTNuI9Qq=Vyf>EHmCr1nVKX!$TdG zHC#hP(!;Fbf8*`VgK|fa!~8-6-0QZ=z%Y&-ffR=L1%*66cRhc9MxQfsb*F|78ys91=4|-oKuczhgu5OqJr&Ztc4WeCZ8py** z#@#R3{da9mm-?#vG?=N|dhxhlc)abaiygn1>KKy18jhDRbief_wheELefSmrtRtaY zuj@{`5m8rX>{#FDE7HOEe_AHw_rN&&TE{p%Harny2nYfP4ui^`0&xbL-*iUV@BW7Z z4bj`UATHlWXcGh=0F4Angx2kdL)6Y`%nLa0d`SL6|4`D! zi`_JHKL!A!*Ye4EoQ^Jv^e?S?hG8{Y9=iE}-ar}N!H&4z?w#|vc0ahIO6_J3!Lf3x zW#sVI*M7V4i;9o%|RH@gFz@7*Z=Uv3 z`Z?ogdeP3$+vyIMhQQz;a2|n@xl~?QR1!-sA z6D$wtr@fA(;?|h$P`wqE%zXds0IsKVLbd0*xj3DTc5-;!;}Pd0dQ0hdbM=BjA%q)+ zHPlE#xJ^}@i0zp|o71GK#Z?}(pUU>}aVBnIsg)Cm!bnZz2}z=lx7pt)?w2gnTaKwC zJVw(UFIvi~JUSMpqXgTy=&=v^;dFU3&*R_eFcgqj{Yk21KjB!9=c}rW0`qgQCF(Jm`$?}dWya-4foHsEUpB2K8?Z`ABzG z+eWh)G4${N;XhREaqPGIFjLC5<6Z$LG}-cHn~HWG;rtuEG!MWZ=xe-9AC?0e+Rr04;w zQh!F@48CnnD066oKj7ZVcWLC5S)NTl&WSxPCikTy5YuMABf)gm@2B^2iOKnVP0Ph( zz?@+I#Z>n7IE%#)^qNm%i%+aFF$#>r6-8>f9ma#$Vzs)(n>&zRegv@f*s-l?Br_lpmVxiq0hyw7N| zV@@x<&~<6Ow_|$3OUl7ZxNzgdoc^j1^;<1k**+=#=V002s(cGi=L46faD3IEmv6UY z$5V*0dWbr;n>81KJC>cfU|#cJi)Iga9&d9EErig->dUz zJ7RvH-|j;vle2k-#qL>i49$kW_P+B>;Mz3?+~~YYSg)_rJBeh4_}^X`5XyfP;0`SU zAn|%sjXUpFl|Hi3EWi9c@I`uk<)H{)gC|vy&m>;;%p0nK=Dt*pXy z9|5G*^Bm_234`@-A2Tc0HJ?Lpn27J;WjZq_c>7R)m&ZpnYpi-$Mm$iRFP!ivb*L^B zdhZc^i5F2mK+VRKPa_M7FcyCTZ0Q*5x-TO8++nyXeWLs?kgqoC2E7`t)iz!FoC#l! z$ba{(_;*`Qw6MjmJ0Lt$n{6@ZAwF``+L-EN6n3m(Z zK7^6VEL8JKCx3L>9;@4Nib}ljY~#m=m(X35eWZV19xFF7b|duaH(V@KFE({WU$`E^ zA^}OBJr~F{Jj19j#JXX$-XY{=F`_5&%QT%zXkR}0^G8B(Bd*jcKKW;3B7DA`{bb9Vv&j*?N3HXO2ax{0Ou4Jub zzu#%SM;mN2(Nd1b

cG4!^HYT2AIKR|K4bANi5#^b4>zDw4TW5j^BnKbmBP#=qbx z8R!jb%tm<%JhDAu3%IcAbDwK$maLtwv=CW6S&=MJ7BjJJs{Ts8N;K8 z>nk0k#OMgM4m$nNz8%A}8OyjBFSuvE#B1oDn?depTcX{MS*CY+<*tZ4Dw{>F-~ZVA zbVo=`xA);ZQ1$IJf8QK~is5)=&iu8);q0tkGcmQ{+1jL^BPyGB zw+GptWWX~@&!-*?16_=~%-W6_lJAS89nCR4Q~lIjw8ugqx2=Bew_FaMX%yoq9-S%kb`vxmv)4$)^7=N~&B*KCclRXy45B;t2fL2*@^`f!D zUuL@p{8j@k<{;e1s%unsr5;9ni>lN9!KM*GJ7dV(NN4=>z&BbMXL z_Z6p{!T~+(H9}JP-R}VNoLyaiIu!M0HpdrFM664$blm(wh_}-hS!Ii%uZ01WDUhU; z`XGOg9#FoNqB8u-8|+l1_ibfFJsIG9%sfow!!q}o_O85cj0yqlZ+=^`hK9go^VFvi zZ%3YDl*2PX`;z3Q#j#MfL1bi4}Az+hDbGn7(n4XY7+Py@c}sjoxKJ3Gx)4sU_+fQO&EB9;5Q?t!U- zCfCn;7af*)9dsVqRT%yZmbc8qH?;t%nckuCTsT$=ZVN(Upp===x*)OC$3gKzlHeIF z)UovI@Q3P)1u5=DYgxQm>1Fo0$3D3IqeU;)Ls8%TAx*KW$m}TWM9_V4!=JX?(L-Xl zFH;fFoy<~Sqoes3JujTPsYo^PWK?jF9LUN&9GObi-DXIn36X^;JWkKAOSH$)(l*|* z-r9+)r&_P4Z1~>&FOfJ8kA0^wy~XqA?_zTg|D-{#k*GW~sx{Jv+3UJuIol?avKAn+jBeooP2_&uk9vz^yL(G?u* zWUtxJW9LB05Jl`EORk@M0;9gkw9@QIf*U%P%(^k1Iy3PEsil=yc~-zC}01bBDR zhvc`syp`S1zvEmVR;jAglm5Id?8bnG#W`Arzi+&F^^Ub~fyx9JDsSfz%*0iAhKV%`%&-Pjm*dZ}|FMMgE6%OeE%* z*0{+vu6t{(+=1M<)}a#%_odB0!8oajLf4g9WnFPtsJyTj90?L>{1XvP5T*R2FTNVwqgeF#(Ta?W|V@hceP5Est-Xbmbici+TKF2{XN z+&^@O;@a<;R~)g}Ij20fG$ZJHLAO6*3#D;2ke%P|<{sDL33%B0Y@cDxrglPkWq10* zKc>0&xsTks-md1ugeewUJO%ofTkErs+Cb59j$a(%sGPsN4G{ zo-WAA3~dT}X2KNP>-5^_BS2S?pHP_#3%bp|iG9&(=lYQtd5#+*0#iC0oaOk;LG_V{ zOv_q#urowKksK!s%QF3n1^E$rx!$-{mgbqeoT1QvyVD){tUYv*4vp-1!&@hOMGPXr z?T^z7)*C43>d*`0utUb z^LF=Qu}9hG(Nh!hY5Wi_y0j^d`rgheqHf0Cj?C+8V*qUj-nTFED~-;rdW3YSd}25r zNqop)5Tc^yF6)(2soQ5geY!3F`S;g1JM&{4#14&I#CD|dng+YC&I6n@?_G0x2=Gh5 z*JXZp)*tekFZbXDf>T_IJ>X-z+uq_Xr)&1RnR~WIMxWayevD(yR@>L%TF zCuj>Q*2q4US-v+ud(ZjC(ro%Mv$zKMTKO_6956ir6Gwf@f6dm&3{>$?I zOn=yqHgbeIlDz(ABjc;VQ|)7Phoa|`$Zo#!>&lx)Df!*%#2Q2+vBvir;`jma<&vze zzM;MZcjsiASPlLCj@;NrGu|KibUh92Z6Zg4Jp1Opn!wHHj_auQ z+bq}a0ZyL+#lNqF@d_;2LS8JpneWvYuJfzf4^2823Btb~{u<-i*Zo^0CC`2GGCB2M zZuT@Tdn8#Bz!^CTRFvdp1V*BN`yNG!y#k?UvN-`BWD0)y0dx&vSN;d~(ZV>3{Ey*97@e55lDj{$_GlKu{af;ae2p)Lw#jD2l2666s z6LtUVDDe=*;`0ox6(=2U6%QvHXtydyfO|CzCw0d3Z3+TW5WfV+aTPZstZ`dbcJ(dnf zRKstVBIqqF5o{-ZXaQFls9on>j8)c(6?uWE<~u4*@X5z#?etKk1La#IX(wj@V#y|f z?Ll7uw16Z8?vw$?!k-Q>YuHzpKI@WY+9S;A#udbw3f}D6u~mM0E{mvzDeHl zpYSKWzWm2|O@FS_le%}Q$fm69vH$V*p%F32$FoC*!v+2bIhcQ9PuCX~k6QXdt|Nzh zghDj4Py~5BUvF>KhHC1RT&Hx{Hzx$n=RNQwkmD2$I%n_iKP|C$d21i7oo@gwuW$fO|fwQf4{^Vh{hq!$^4yO}zp=y3S#N<&s96G$na6}4Q(WqnHx4bb`>>C+3ECF(K zRzHBcTqG*ViemaLCp5=kp!ECXAyNGFk_!u<(V?%r0~en(gJ+|ooX5GZZQzxi-dE`& z9EH(aQ>3ZaeU<@PHha0MP0x^x!Ht~g!g)S!Fj|)PcUP(}=CZ8na|A!+M~~%tG75<) zc-a`z-nbw9)_DRY;DQN1K6W99MQsUEt;iwg6?&JreMR43OqRiZE7vmo$|{vRppRO# zf8@*?f_`-(7`0;fvEvc5p`eKZ^GSsZ0?qV=K7gB(tKml+2@Nduh#np zlE63zoz&#in{F9(LIJNi@1S7$bWpeHcLd(b_qon~@1v|7^NPIhwqLGOdRajTeF^*Wbfan|^11m} zbWL_9tUYaXJ(U z&)b10->Lixr|_unOF>ymnEVwD!?a-}eO`uCP>;VAp7c1X zLcA`WJfZlS?xPEE=vHh1hc`q-&@L^W`q35pNBTa#X7*ug{Pnj!UwNja!*6tr>6lvw ziWLP|ap%b|2dP`>^rv4R+*8Z>n}DT4+u+Q+rUI!3%?ODe?MU5BkM}BH~n`p9eO9gCv_M6Kl)o zW*N|E-nm}$HemrR=GnbEVd0+Me zAsp`@(#PL2V?9;`C`SnOdeB0kxWw9?@0Z))jO2rynj^BV19yR`!<)0z z4J|L!ONk(~>`*wb`1k$0=r9Gi2|R?(Dh)^#?9lp}o~)mSOBPA~=w;4>q}ek#HTH8a zk;;z7y;~%Cz5LI;Qhq)UPqA#T)xSvGiG&9- zEX)o}U;L28d$P&No(R^sB6mV+(7KK^e=xSuHMQHfPj4TB4{h=RMoi|JPwdO0bi2Ew zr2HWMx!l)038~79;q<2v^R|eOX#dzVuqK5GYO7miwxGs-E%`~B$sMObKaB?w#>ZamS1kTPZl5jh6?K+{vuMFW8o^gg$0+c+fxR@YGyjTcHH$7z_Lo%JB5KW%W^) zz<_{giawwN^z=1@p;?!61QE`BK*8o7VxpbKnyE4Xp9_4%^$j3 z`VlV^U((S_Ko}xALxiT6O#5W(a!B?>P4@e-yUNQd|V7VGw zZ;({U@(sYxCSxgTOmBDQP3?`6;(DVuq+ФbHiwoI?ONxi^)%J8JAGY1-Ik+8; zUD8Jup0K#};L77yN-L zR|733v${XY?VtQv)ej6%RO&&OW-Qd=#@W&Dczp`)i|>%*xLjhxCDS`q1@vG5oE}A| zM_;o;l~U38V*5K}d9&ncrNO$!529Ql4uti-(;&oIgc9K5#h%CbP(~z-e zQ?s#eV|zXPa9sDr5A8uT0-1U?zNn?{???GMz+Z%~3HWFxvj@W`yQ!c1PY&EPoQ&(0 zFPu;v%QF#BPd8%~L}^DrB0*E^!JmUWIMC)SYiN;wGBrPuAx^Fh>s+LxKl&yy->+{D(zFC?^|i*K)0920AYWSjr1I<+YPcBUi+jD? z<2O4@hxB|te37c^?w|WAwvT7akQKehzBKp2hYBP-v#zEmP*?U+UD`%XbnvT#;nx-NQ<}Yb;6;=$84Rq=WT#K9CgnP;Wi@g~2V&7^Sq25`` zE#~PVPtW0^`}xPhfZrv~92!^9BqeI1TxPJTlM{;zJVK6~{~FHq6^!&pSxs zUC_$mh5w$a>do+1X9kKuE`}2(GILyRfqlnseQk7aMcgf&|cO&jU`v|yhc>KH;L!eH@95NGMbU9hmcx7g|P8wJY$z%)dDSbDX zo}w}R>{=FBRSf%=4&sV+E|-*S2+u}430oospMVQepI%8~Q2lLwwVIU}nu z*M$#Sw9O3F1sE0~6Z-s;U*EU0ZJuv#(qBRF%KHdVU7*&D#;87Mc!k};UC=M-&j_Ee zzm&Y%0u9G>7~=4ES*3m9Gtv?-Fqg|d(@LJNNZInnTN-ktJq4E<6i5s1%~0$yIc%RK zSo2;A>5h(zZxQ{P_Z#A}n@QNXO?bquu9A1aapyv<4R$Ir`ircVY`GS(C-mLZ3UW^g z6Z$tit_GaA@F~jA>)8nLH)6^0)EqmDGKO${*b$n%$m|J3G~JY@^VD$!FI6=ERHpE) zQbv^osBC_FB-p$~|3sOJyF1*#p&|;ZYj~uD=Fs$t7EKv-JZN_ObtLOX zP2Cli!~1)A&}%09-aAROmw_CKeC4uu|BcBV{6*{6^(VZx3XKQ4RNxm)T~f!o)H>a7 zV?%4a4GW0&swA%Um_8p5%*}c? z1`rvwiL&)P2Ti*l4m+*n_E7*8!F~$iUv-wk}PRU+4SE>LV<183;K@OcR7u zZl0+NZ#F%|cbS9JjMzw+kg}*zfqpLUpiFuGifufT9$3t?rvuRMC?`ntpuOgB#Y5lw zNpu#MAcv%{*@O7}eUIHD%noIV)0nTfhLpYSr>$Uad|ny#QHzT&IqpI|gP>-Pig0t?89>9_ zV3K_`!Jq4n+#Okcbh9{Hv{uRhg(anrcHibB5m)4!tS;ehUOHn?1MH}(7Uo6UZABuI!3IV!iqk@-G zkg~j+^@0*ZkgbqK=WbWsf8kY|^-g@I^7Z1YQHMs!?lL!|bbiDk(|^kah^W5;<=P(G zAfJq&vIVujiD=FpZ>-fkugCXMe00~+-%f3Y#XOkOctp3=IKv1vhvL~uW+=jPHxt;p z{N?Rz^*#CWpCs-wF1hD|FWg}=HAz8*zMS$TIo*K!X!bX~YIf38?E`$!p{5U`?H+V8 zTc9Xh_IYeRfC>62pW>7^O$o1i7Os?>ij!?Z#E0D(Su8%2>A?*)Q8-%umM6R@sZ_nik_Q|>qL@(aTxdV!=0)gj_FwiPhDa2Tm;+X|Yj)3XLKCF{tnP$T4(@+mdy6Jobnm=k)I8U1o z;dX~$WAR_0ppE?T`IW2(dUKysc}~n`hBH@uXl?I-EiSU7pC9f;eJed%M!)thB zMB?odo6Osb9_N<_os971NDsnr6OCm#ZwVnj(QBHH%ypeS{m&K3)yRl~fV0fNiB7LR zjyn+Lsa)XdXN!Nx@ZFr=#h$VQ4(-;}T7P!yj$dvteP1%TBD{ZnL3m+-->p!wAsKT@ z+GL|{7SQb0Lb{~9?n0}@~wqv z$KZ}{)|_kJou0FonChO4GCv_1NcX&W8i-{fl3xJd>UkM54chHckskRg``R#WD#wGy zGd-ZFaWCCNM2tW6U=JvW?6W#jaK?0*@CWlD_MFFEGAe6TR>XEJ^YJjW&ABFcWkuU8 z30vuu6dSa*oEp#*>i8r=`i#@pf;B?{buiqs8N2z$J5% zcoZgy8>r~~fYEL*+hDmV|La$}a5HK0kRR9aL6Ywb0_~VKS*mHvv@zZm|P#3U>-LW_8 zqci+$zi|;T$n&Hw+~vqz-F?cR+arps_;xzkXn8_|I8K6c>(1n>Vw;O?Ao&t{nwHIh z`2Ina3I&I22%fbnlyfPF63~}~tj>S3i{CD6k#i{lNuwB?M;#>>q9CfT8NHEd2f+}( zG3XS^OH~RJLzJvtpAP^?F zJuDNsG|Ci72a)edi}wZ45Z0w1%? zkc5`yc9Dia?wcu5O-q&D*Vkje0tkTXE$4+={R^B9G^F-_w(#4zLZ{-le~V0XK=s3k zjIsyrIvaRAQYNZ115cXTwGMj_S8u3C!2}f!fN>rbP3!ho+-&i7bj|l^%iT+p2nX($ zEyjESlYc@eg{l~GonCYu>JVR@x8-ogE?A*N-oQNmdtADwrM+R(oz19Q$ziOEj{8xkG)gNY#8h!!v5+Be4{JaV=Py|u_UD} zpVMJL$-nAgo!)tE%6a;i3);ja15=(j_FVJv58Y3G0$)D3Y+g@fEU+Nn2^WFBA_d>T zfcB$XnX8h9CfWOy?u%Nfu3Cu`eIpHu$L&3tvQ59(zX|~!a(jqfTQ<1@_rLo$dj6#T z_ETXBqU(JQW#*o@r8Aofa=&)P05%7A=@C}ZwYpux&fWYu(f9~vQ=YAt78DrNzm9xCO11s8oHueV(LE zz>;@H94QcG?9~5CoDYFNYMCGYnNic2NzSVPvY1gC^n}yba{#RWtY5yD9=#7t4F<9B zd&prhBP*pmrg$F(@g>wA(qk$=8>C*@lYXRn`qMKh)nHwlQa-f1wA zBTd9SxQIFDt39m%4ES>TD%GA|dpxz@6a>>xMK?~T8MS#aNzy$4X^BUUP9hZ3#|lya zQ1+9d2*}kXa9vj4j+RPR_&h~CP`0>@nJ0dqoYx-TlkZ&I2tApcX~MbeGi?u>1wuqY zl?Q5jv%r5^S-7(oK^k8@A$vWYtcF=oN@K;@JF}v0xg3L&DS+DkSzuPy7v12FkNBr5 zkhNc6=FUp==0xqswfQbKrB&GPc!Yf5b7C%M^qXjFRISYGd{~@_w{23!2~Pxbp99y| zRBQ7v{>a-r6p8lrZD-%YUW12>aOl(E>Bq$MXqZlno)Uw$_0~)n`*YTY_ItZu{NbfS z1`{@r9nl5I{&@1(y$zbEP=kt7D8*n64?Q_!i0uB6z6KN?JZR+hV}>ft2hOp~3XPjj zRSFEu5M3F|*K9HTt$KCq>2y7>`;KyO((Ue#X}ho7=9F0Yp3(o74?aqn_pa@4{Jr)= z#6J0Hl;qsXASn39wjaqj=Ocd7PRCC?;~xx1YDplStaRRT&9uCkyv#eZSH917cUJl% z6hrt5+>1iaKTkd#hu^)0+bd^2S^+RtICc*iWq6NA_J%{(601L@sWQrYJ;AWo2v10& zEe%e;w>jnn#@)NVtCQYQ{tcB?y!3)0{r2Cv{@Ik*k0XMaZTC&tCcNyZ?gQvXEl;#N z{rTJtrUju`xxckRI~wgt0$LAAhR%A6R!s`|p-Wu;VEzt6#!p}Q3=G%d)STp>UPVc~ zAGJ?YN+X_bXgm0eGF;pd*zO|r0~q5uTP}wV4v8j7Ec-k6Nh(l^_Vu=BdhnUO{TlDFD6Os$K0UeIt z0wrIw{`qWG*(7HCTn$<%U)Ln`ALuXLF&pCBouwFkUW3W&5vL!yV->w`*3|;CjOo5; znA?Lraw6?L;laKGcE1;2&x$P^!$jhPYUU6Tr}i6@;>Vsx`-iT+zJFi85q;xGS@K|i zNW+A)5;_2o8`@R zamE(#a^iy1f-JziP6i|}X-W(A{rBh47+oFi2MIGFK{!NBW@n1Zq#nUG0$oj+e-ixC z*$ly2s*dc^xaYW$V_`p6*iN1siirVv_74g7_$@hm*sCsNbNNOy)R0!VFNQ++GaB?8 zqMdpQjr;1@hbh?ys-hjGdVSe5zj@~B_zjzKR41nWI*#M(`yz{BgDuBY1&^q;#<`U#HU}qns(aSA$UR0)?j8lQKtBWx%(+5g(OGePbiFNli z?p3cMhxF0-&>~?xP)toO`fmg{==5iik>-koJ4g(V!;Ku|2>UM*HT(TgeqyQDmlxED z=**Mf>-t6ZrKW$*Sr88AF>_%Giuou`-`6tMT^4JUs;lwYlp_Q*RSHjG#o9m5%!sa5 zdV>`}_`nh)qDH_r;0ox-P@bOYMWIf6!V+Jip-^HMf7g$x#{`@)t}iLwJ9< z=TSHfu%h-TEs@bW{1r~bO)U=fw~WraPq1itx#)Zkk!U|j|7h2gfOE@qxL)8i{>?kD z%C}cq@B8^;OR7K7Xqp7o;%fcr*@a7W8I%vS@gbyt`{kzeuK}{|$m-vi@2?|z@D|Jc zOWK5A$WwoB2DBXz2Jwot^z!6Sf5^~goP04s#P2zpDu|U}c&TG|5!0Cd`>;VO<%Mga zzYaB3%106@fHX&6$;bhY? z?eXyl1vVF>2Fq?&dV{(9+|+u=F(O25I&1HJNdxfsVT6Ch<~Qk{_s=3FJ$R;bi8uu> z(OT|`n`JE~frlvUqp)6Fq+9s9-AVH!*{}I?VVE1ttuhgY8rdPjjwq@`fnF7@z3OsY zcXLtcIJ3$6^Au4#f>IoBo=$p01Djw4*ltf3q*`u$X=|>cM818@NG`f6pyVp-i)b8<^XiRgah*^2PorR~LO<&wU`9T;HQP`>-3k1iWJ| z`+j(1&?EzTmvnmma&Wfn&Ns(TS6ra|(#Gy*sJyhmU!xF+#6=_5f^4?@x3wS6RXo|h z(uJZIj<&|11n<{%RJ(`Z=E&c5&^K9E%t9snM)=(I9{e;sjB+n?g-MZ9AHH0LjlG+gL;AeO=JT{ zWxUjN7jw!V)L4U`Ou62Q2S5J2?As*0=hH`O%gI~FpCouI$s^Kd9{Y?mH0jn5 z!JLvt;d*o~My5pk&F}&p_Ol+(9Hm0p?XNKR+mS8eqvkFj?$5GHgLf^mvpIaLnO8|t zCjFWpN3v2#kuH$fmSF)j3j-lV<6DOY-RaEDq7P`J%VUqas7@qf7lyS<2f*qB$Lf8> z1=SPsJiaR6SNTZl61X#OI&_p&KZ2CoT@_@C%A?hI!$Ic6-8~6Cxl&%IBKW0f$|o{j z6}b{U(a(WvL$w~^hgSNT;SKeRsAMIGVUKb`3Ax$BCJ-E6S@;{o;u3I0C;&oXnBB8c zqwPQ`X?_1jp`@xY%UbsA1gdREUT_MNmjE71< zGFNflcl>^d(v!plG*pv8;sWnLnUK&xz|6JhPY=DTV9{@=EiM1W7c$rf)^UbKHa9N& z2TLlWZ!~vn-J_ci*I~hs7d7qmJrU7?5h|C4s>FA+nvB~pdevH1ABab*G9(~2LNCW2 z-RoZvb`{Ixuf)0C%FO=6fqxvNMa_hj#+f0wigVw8z3{9Rt#>G@qB_g0UL59Epob~0 z1RDt2vaFK&I|mfv6|n{!yRy5_(W08|jjyoQu^&IiJ^bFEY+rYQ7gv+4uJcLP_LZ-` z>nABRzZFJ{!rg zc1E;x%=&1hn;U;ksurJtZGWKoWzjS3*HuiO9{0R92LaH{d4A7-OL6on_Xx>`&KdSu z^%)B+a_z&O^{Ahui7q8FN*nc5y=}Ee z_pcE){Ym!RK<;pHczLg7iI;eQSb~-6l-b|R20!8JKH}PL=?)QMRJjEs-H2HnpJ17H zu>`-#0n_0hW8at4+1LCki>4Qzk@4#La1w9;nrwX!QK2i;k9lJW?DOUO9%4>*EVepUf9BFT zxNQDDXhMAD-tkS<_kjN`n?IS$A!9Q?%`P|S=;J4rsZUoQ zhq!4XmJ5T%Dhm>qkH;@S8{wfTgr-T7P;C2B;rk#s94!yR{5gYZVfoTG(+{`#agu>4 zAy#TLDuZbtkRI*=XIsdshYF*pnpS~biA&X>J1a6p=zw@HZrV3mJ`;uzIHPgmc?D8a z0u|pgy9nRpl0YtampwMQ)8Yj-4SpYxe%2hA(TR!#uE*$=FX9dAK@FZHs$UJCYqlXl zB0u6P-D=}?I02T!1oV2$3GG(t$dT31xD&7Kt*~ORD`$;%!?!xrr-1Wd9~t?Xb0Qb8 z4u51nlwythD+}$fVaEqs?mIa;nw>W*#kt1nyj4hOClW64{;-Uaf}VaZ=$q+q#!b;@ zb`AEYwBPr>vu5eBQLaf|z=dLB;5O$hFrjcYu5Hk{@5{VX?}D~>`PwR-Jl{H1Vq`f^ ztMwVbv^`BOFr7Qqlv%#73itFvB(FpGcq>u$C0yqT zyyi*&N78j|si}t1R|1uGDZQvP1>_C{r6baL`fMg^%}H_;8HB%lWtZ`ubf5eFJsaH`v-xpdkzZD8mMkE@aA{h87&?nihE8C6Kzj<@3b ztsDWJx2-S0g58opR19mKOwHbdzkVM?B$1irz|h>pn_9b3TIx~01 z6s>#n?ZdtU?+hKpFx|H*#R38tzv4mxzZaNh-hl0*mBO%5<)>NHYboer$$zg$0{p&5 z$q&z$^$^eLcJ0+K!H$#TeM#eVyb8~C@FL=_n_;y zKc$mmLB^+lco0B*e7103QL0q3HCZd(umyo&gPI&^g9?xxm@PPpYjJe;(W;dJOu<6* zb0|Y?x#urq>4ze(J-R#4#GQs0tkko)b?x@7w=1l?ma+VPyPiN5yvGSZdurEL4vtjL z=8*CDJ+2Ed>)Cvd8c>@ou9;kOnI=s!X6hIG`3jp)fKdsCR_fCuy;F~`y>1R{wC2@0 zbwAgvFPhn+(iiOCi;9Jg!|ut?=JbsqBFR3vxc!^t@5@DPOmI%VkZ0~BRJfl5q@V;Q^Kiz z#^hT5s_nbJT2uz}LxcV80R`GCB^;GWg;EwQ7e&5eXTTLL9 z)W3{Z-a&)uyDWQX%e(#$`>Xuf1Jcv@yFh#Dd%n2(jEcKVM3awT zFaC-QE)^+8;)U+2vfU4;-|u~bwV{{V+wlI$NJ%%QyluGva1TT?3fK$AApirRRXm1M z-VktL5&{W?vch35l*01x9m{d0vahpU>$R3+6Tru1PpIhW)mI_whpBdTxoOFszk6M4{!^=`aYCi!dwN#Qd zS$f+mC@)t(vp{eAj1j)dc$gkGhYL-fjiqDjXkd2Y57>%OUK4-3EXI-h^PEwUUjeK{gTi7N)L*Ut4TD6L%K zCdgOmOQoPO_=8hczk{Iauh3RemPaa&{#t05Quh}sb1zUR;rpAK;8%S-n zLv;h|`E+pu@fO@Q)R_6QzW4-+A1!rn`_Eey{rNPVx@&VJ;~u4Vf*`(ieHP}KWV{D= zTJO9wG5+Cj5b_rUbZdCpidodazuN8I5PE+dU|!<9jq};J#_{Zh!IHj%nS5#n11M)R z&*ffFG2BhpJMH;__H_*8^{B#Z??MB!&v=G$iPaBLG}C<23V>v->$$5ALc;{zt!a)F zV+`UN#~)+zr@H{v!s+k`_Eq!KGx5IlpFA4+2++~q^3Q62-nSyMHPM-oLCcSAHhl{R zC+{AA$@J${u+D9H-G4R*l<)R!&7Sqv?rd*=0*N4#wQ|3_LC%0*@-U>-C84HOAC2v{ z`+duBJ}GbA<*3#NoR(9CGC#ZecAU+=+5P2e4trcD6h@vBQ8YgO(AH{wE~tdK(S&{B zDtCyN>~!0s`@RjNYvB2;u9i$zo!jEkA3-9h^<$d|w+Ls|c@8dJN28jbq7s2UuVquaN=O zbwfT*r#^Xqu5L7H6E*xE{T>f&8I00?+)AJJa|Q!!OZ*%6eK*X(Vb_*ZP5ypkTD{lZ zY2UCM*o3TiitAIf|NT*%ZUr2~qwV;%W%O@g^sF~is+=B&C?<3rmQm?hB+{;DW8JpX zo5wN}P6I9cKc7$7xxyGbai#q$xWfZYHua34NV;8gDVoX#4+Z4Yr~5lvy?#c%5ZHW- zl3w+VU$C-5dd-DPTE19wJFDH(~Bm<_bkTh^>@f_8mQ;A|08^IzzW z#Yif)LB}nXOZUOh`vPG)0Mu{IyXJ{vsQjxp4}_}L?}@((`=F@~*eLTE-$2gl?_g@s z_AC&`-}g-7GRRKN=FeZGOnC{tSDKzc3n30c>+ud8Am^X*twZmb3k(alQy*5)OBYZ{ zzkxfl>I99&ZOiQ?UmVBT_S-~rm`pN&2c!=~r=edT2WNq1o=PA6b^U@t{(_(FA+a9X zR`E}kv8Zq)ML~|jy^uhl7u=u7c<;mW*p6j>uhW-?9~_lS9F|8Us>A1ij*FL(?z?EZ zgWm1G_K7v0f1k2dayUslCDzt}2V=wNGqPxmU{j6xfa}+!<)`k;Kqdd-r6j=2$^baj zed=Ehw44evzQK^Ak%^aBP$bR;v!8A54^CcI9q z<5M?9teMkZSfV(M|EsKlf(|y{cM2eKfisbv)_2@0{ zecGMga}w_kUi3jq&7(8>-b0AKhHESEU1)v=j*+skurC?q8*Kg52KSfFs3CBxot|YNXBcLeGvG^8 z5e-cyFUNfx9}~?!T(8vZK4Cj98gD6n61(IBFRJ_*U}kt>mX9s^QTN|t_hz{I?k}JI zZl2@;Y)YEc>S&{N+r6C2azw{2Y3|R9|*#e)cGxDP(Vftu`DOYUAmq{PQi;@Flt@GB$Q5KruO+864KJ9vu3 zn#qv9k4b=&B@$dY=@B`P`Obio(-ZNjl9T-Uoo@H@MYgpE{DeyOxL*u+IGRv>7f*q% zg{r5tfJ&(vVn>zelIx22MXuG`>3UmXjk>^{+c#by%fSl=!Zv@;Kw~eC3zJNQ(6EN$ zIz}|uF@a99MwaK>dG8?F4vNTfT?x`*glupg>C*V|!2zXxsm{d@W_lN=8)6r>5}7aX05CV8KM`pocL zV2T-6Jz=*&-(Mqi?~{8c(N>PS)02Y;N8V?AxW>whEww$c2U;F~{`4<0a{QxR{f{(e z!;*YM)+g@V58752@((}oc>Zva_NxDuJ4tF0knIl4cAv3-r>0t@`&0i(0VWw;yJ-XA z9(G=41|G1i+4z2ia^)_=_rP*QQqdipn@(P4Na2OK7Ozk6qpjDnvylwb2>jH=CC# zV!zoo2Cv~a(X|VpsyN@T28cC8`^Z{LrX~-G zLepyf*xuvVqQr(naklwvz~YDQ*Zb|JJc1hvtMgZjGnX2{__1jD1YzO~e8?f02Q;bE zcS!H|17PXnh&^`i*#01$^|dtTZ8ks4wcle+O-vn8J&t=-fetn47u33o&_H0uyT4CU z9Lxqa)Sn?QwfY&hk1u8++hrT*boh{WzbJHQo@-vevM-7X3rpW89ienLw=ed{e(7Xo z{XwEL9KK?c!I~p%pS7X0Kpox#MtHVCa!x@c%REmF7_6!^p$hv-aaXF#(N{$P^WEm! zw>OA|zl{JB4A^k@O1@@&n%EeIleUm_<#d1WFTg1C4e&XU_ZCB6m!p3Rr1i$rIYw;g zNyG1t4TQ%gSFBOa<&YXVsffkM$f>;j&U@^Gt|)Lv%P*vGI~eG|eye9xffi+NKir3C zUi)Bm$!p0%NyIXwFmFOBuYVUYa+4&Tt5y@>tIyYakFPNN5 zKGa_bP`;}h3X-?aWdn5BJlRU#e>>O1MRWyWNW^()KjLcy5f|r?CgNP&8DB3MOW^rC zXl365l@Bt&JO}ZH9>UP=!rucZ6ow;Yr%1HW75YA^zeWPLHxLf5$>pR$66rCX65k9{ zatw#7*A$wE=g9}Q_IVucrp#dZB?k4}1L~Z=Z+;v|U-L?*vR;H|KfR}J0J^Lx?s$vp z0hg0Jkz?veq7U$p?(KG#X2QbCCR7!@-Eyi5^(tq2l|t zo>K?XeX|4nzxduB>aME`miCI?W^!ApHypZWC6QzdbRk&NQ~*81{8bjZJ6cq2v+ zYlg}?__!iW1`S|Zo}B2c(bfdxK7*1yZH6qtUXkHB1%+n(UA=?H^cRRn2iE?L&7L7m5Ttn2w0pBjdGbk(=y*4GP9MuAt+TmtIyLdgKa`2hAlK3AG>u1D=M1*f+@ z9v+vq)vkVH_@^g~@@QRYqTdOwdPbg$?ZGqETlOP@U~lXqT|Ji8l&+1;nJD#iO# z?~Ur(Z~PSxp7`QB)*fg0|qvvj5phL%5xL*%2j zUS-FBif%e3boxA23e8UA=av6Fu9JUJ76IAd>K>coLUEvCltHg{c~}>N4l)OqqnfTqvWuXeJN;+%53TIJUH8IF zEYw1izTflx8;kxBq1ZOXQ09{;k$&(tNcEeEw8HvThv&?}dlvp;+7PVDFJ{Q!DP$Ju)|EL<|OiJfr$JCEwGnN+KnDTs%~nE&_l`C;m;d z)Cs=1oi-U@JNI5O#Z-T~rsda%ykrGV@tu%>^KXU-W)O^t9WqiukzBFO@o?vP3up%a zv{Gtbr*2ExxF$E?TAAGr zWRqa=a=t{)EW?6I7Bc`1TE3J#H?__~$Laz67Ws;SCTZ+r9$>0!k$Z>5VaH(^KGVca zW$ve&JXqKw77-mQGBa9H#JrdDwymKM`zjRH(6jU%qp*7bsPnL)mdk%!#RV7QRJ`7u z8?bKtgoainyq?gUXzzyYMmLW?iIz4aw*e4$pP{F(P2w;7kUw-WhZ_ z`%=dHx|9{G{mZf$&fG-68wmf8pCf;M{oWx^a9Lk6zt*EC;3-IZL>cS&Ac5POlq16eNyq)-gh zz5v(#eovqy$C~n@Q-gQZ-}J5cfg_C+Yiut`M-+ z0A5eTUk9AiO&tJ5irTD*GGIZrejddU=&0Kuy?uQzVXbG&{gk0QmPJYf!f{TMCKe^g3vAk+~c4sU(iYVOA-o$x>{Clkp8{PEVuwA#FfO&+PM%;TUlyc_1RGDdyDk(&%;>{Y5 zrzwivk@=k<&Q;$7Yn8Y-wfI}lz2fH;%mOyiUtd(=d5hS$Rtnws)9AaWi(fh=cZ>2*5Gx>=8QqNf2|tdvIZq|B187Q z?;FCjscCq7xF{_iLus)Td*t`n?(Em|(s;+Gc7k$3$$>|ffr-w><>@$bJ#0knj9xX# z-lK2(F(ZbsuKPDK`OA^}K0ejQ$sw-U&pprC-;!zP(yQh<1bUMq|)|Nq>!Htjyz{YUd3;$JcS4I4xD)X9z_BkxI%DOpa+9sn2&_@ za}R0q5;Ohp6_rQE84OfN2aUO(7!#6 zAG*-Rq^H{|G!A(PJ)J%!C83o@h+9A>b#^tR_-7TP_^nT%?w{wQ zL@sdjI;Zg{=Z9@NNwy+*usY1=?)rLCQcTAeDy3olWm<69TGbXJ{?Mp{X_F1PFHH~b zuOLeVkg9E+s^H0GsQZ}P;}%+3er_p4N%X17(v_vh!Aq>vC@nRcA&O;PHr(u^_uPXk z7zgx@R?WN+Bz5_;<4+)IegPeXOId&g+Q zFFI?oPL|N=4igF7b*U;>CP8eQ#;nZ)26$)AN0N zDqY0spikfPK;R42IzRyp2ZAap%eXi`(~{Kn?w|4y1lj>}QjT3cemlDTK|gjH63%2V z1ea1iS50OxEBB%HyH0LE0^iU&GvyDAqwjz{Upu&8i7bRN!+x8O5D^Sc7osLZQQ#+Y zH2_1<&Njvjh0fJ#u;1|=X;pK%$;I+23KJMQto3{|Yb{T~`e^T#Ho9cDA(y)EUw)U; zhUbucrg#TtOOj0zieYhTx5nKX{{<~_I7!{P_#Xqw*%b>56KbAgW{$ZmHhd&{g4&p!>2r7BWjA{ zRh)di{z<6{px>!@+v}ksIn^-f^ah~2V7?CI?eltX=3XL}4Ii{^Ix$i2Wr^ic-41ZS zxCx+Rgb!AD!kJil7Zwp%3irw+#{Mk)B8oYBbDw?ApP2FPcW6jj(s($PX&gjXQ3|L< zLLEu%yqxL5nbkh8eT_GtR-IJR@qP=2D@zO~_h=M|y_dvuK+2jS3-^QutjN~p`b>(4 zohSC`e8_y;vB*l^==QG*J>~7Z#PY==rP6MIuhS3sBGCLSvYviB--DX0+f1&ZR;jOI z6!M8W^6nBJIkOC|omb_ut4X0DULS>;2-`26Y^C`Xkkp@pJcJ z^@@g?3Y<-({o-Hc07}gC@QCm(tiTj@^rY^)cjeW-d6hchE57J*3RQv+>V$36`(?R) zvv-zzl@A3AViL}7&ZD#S#&S&hWIL4Um_}g_kNDiwALs&miJ>3L&zYJZqnF`2(RqBe*mqy!!;2-0;{e>Q=yboVE zX>iqsz%GkmQ!P?1^ncKaXGy!pio}DZmdOCciGd-&p|3%;O1t%cA$0DmJCamh*7O4h zqWN$poIgP)cU-KCCT&|@(}6DlscsDL5evrXY}u!mXO&tu410R@94^NrL;> zNfragZ%Rp3-Z1e}9f-)~;ycD0*Z|Mr3B|(xq+V_3JNF^)v0)eT*p~SjYKhQyJktOv znki@o7cGNq|3Nt{#|NS9alp|?i7-Ftz4neZsMGcliYoDtK8t$snb&>8h}iTCbTi)3 zv-*?W@{`xsF;%ikSi_(lfm6Y^@NlU-l|$7r^e1vXImhKD-BvBs5R%awPuy*Yt)2Z% z-WS}n1Kk)gt5_8OaohdzX+FsBRli?2X7p1;J##}FV870s#d`;bJZxZC1rA0X+d)z6>2vHZK)mkPaiP+-63 z9d)Q*ph#Y>aS*KMyi3G1r}kUSm*?X!T#Uf=*5o~%&ttQ}+9mR0jaf!G20v*hx|G-T zaKh9|s_$M@-vwvngRqtT0%S_MH_vKe2!pJ9rZX@V z%b13e(ip%+*-@9)|J|QJOLsk8Et5o=)KhHvY*6T{wh4;vim&phBD|o{PR1K67keY%9<5vUTd)OVHk z)hol-O8D43PkYi!dn{7bis}?A@e#tIatMohoLnZI;s#qBA6srgxxdFn$?7-G`2_3< zZznRst>g2jHT+9>4HgD~s+i~QQj#~Q397fF+M92Bh?C3cs|TeuZ>NhL)R#^C>~=OPSBCJfHh>pRdTSh|ac3{*bUt(bKASZD9<42WAX8whRRW z`Gn-pogqgc7iY#-L@N^ZCweEN#qcByQyGd4XvUDIYn)8)>ws6d05o;~BB8NG-CmjY znmM1DcKQ}%SEeq9j8z5e-26TEGE*L!7E#W%M_2~`2z>mMqU{!*LAQAwnpp3teJytU zuLECb{40z|s${t8H6=lP81|5%p{{%& zDWvg_l+g{UlJ8%**(bS%qFF9=1XmpH8^} zwU$@f|IF&79&$wa``6Mqp3%LRoP59aKq6m!a0}xB`AY~xLA|jv^&ts0;DE!yL$%c( zCewZNTbbA4tLpZ>r39LpuA3`4&yciG%&EE73;0vu}KJdpK4ege2h8XXVwsd2J^VF#!K#VRr}>ESlo3Z1bMpWrWh!?<+p&;lYB5 zAD@JZsEj)V>;vbMpJfKmjgz0P#J_#%*`S9E4{qXgg3o$OKBj&+E!l6QD(%BTkhy0q zmw|0%jhcY}I|00G*jw<|?K*QUP;2&ZJ+lk*s%epdbgA;yu3!k>JLAPSO{PH9)3;vh zd@SF2WTcm494ZODg@?ZRpvu_>9;mC)XyzlH>QE&LR2~P|f7kE(X|m${R9)Vy0s~IY z*87h&EfjrDY%@vyLOKP{jyUHFbWt!uJP4z+>8XwWx{O@|)EwkNUr=fOvg7CZ#dw1M zT}hlqioY;Rr@fO2B96iBDNKrddaV&l@1=`x>TSl;Y61c*W~x2guix|cE)A4%R-u|s z5JuOjPbn^Zp5NGTUlaaR?vV!o0MFe1Y=Z%H!>P&)j`l*S5uh@VD;^ zkpV`E48n)@m|j{`0<;BZ7tNa8zUq zEVL%qk74Rkc+$*7N8C<-ROxIu@Sn@!=Rry1^Yd(oAIvIK>jY=y_w!m1cgS-5pnuc?6YveTt)V{d^~{pPE<9QA!j~lQbrFJ*uUnNoo=voL8r4TU3TUY#D1p z_&Iy(ItKvgLRUDRNt}&NiNt(DujmL&Q8vjU3WPuDZR)fJ{%PR+b9pE#7w{^FRge%ycnO3f8N` zIx=@QwRO#V4;av9d^zl7X3?SkXvfPdW8h*Gi%S?pmgyEU%lsAy`X= z>j@@3_I{GGHr#SY)kw&eQkucij<9QIcai2qNZA;wCdltxUtu4-OKb6MI@xC9t zz+Omx%Fnx;yvre))k65hHI4Qf@cekc>YDlFqKm9Y9%MSN^vpc+w1h-4oyq%PofA4) zVS?N2n{?AJxZ=Fc;5i_V4~vpO-+NZ z;+5up2|FS-kmnjj8#t-MNfB?J&CIQC`{Xl(L|-(#CLgcs35GIn>X5WT;rXTh!{RqpHl?YCTlNR+>GZ#xyVofU(aIKw-v+D6x1Nm z;^QM&o?mi$6Jb4>Pgn-CiTHTzqmgRy;Rp%07{V87jZca0gs?Y)yLvF{s4V-uX1Ga~ zEsjMeVChazgmv>i5pmJyPxTrdw9UiszRrheO-X6Y4>P{_G(0@!s8Q$3@DY`jzUgns zc}y$;xJ_tP4_ zy%T;B`9e#VP&AQvdAr#}fO!D*^?7Hor_}X5xC~R!ZD&(>{hK zWB;TzJrf0LFhrWp$kuEASkW0IxG~}|qrB(!&3=yukQRoU%t$ocK@_`O0ox!@2TK>Gf~CzQY@G7Sr$k{*m|0 zX)fEaNB+qf9MC%)G>a#W(jlApV=tp_P%r#%9RXXEF?G9bmxv+5)@W0Rb)2-@A&M?8 z#Q?uAo|pVg(YKdQKc7+excs>Agzy5$IMctwIz;03yE<^5|5u{ZpZ&uQ?z^lapXx@! zLI_T--42Zy!sgznYj(Z;H=6-vs1IQ)0(v1A3jYy5uaD=*H_MlE%BAyXm%n<;VhH~6 zs)q*;BL7$2*#IK@el9>em1S?$HP+IFla#G5Nb`$1oE*&V-%5t znF;qKJ`9QoTSfA`*ky4I%|))@W+zhdF_6z&B<-``*Q;*&47n4j&8|$-U&TkesO*p) ziY6;k+1GM&$KZnW0NDIYTPBt3EN=(UbnqEaL2TH z7b{P@zw-iD%zKR{vJ%u}yr#zWT)XB0-U%Z$x~U+sB12gKL=BhTj$H@nGmdP+5C42Y z?EeOBwpmGQQkh=M)jALAbjgef^uArEgBSngDx8{O({tjqD?Rj4QdVd8oC~j9o-!${ zkV&e0dL@jr(u62iG)LhGg>C=^78vwS!76VLmiuk2$p~WV+vdf;VmNeP+@ojbu99## z7>MaK*&o;os*SZrVS}a8luR*1+ z*Cua7`?=~(@c#MwJ(%|$l?vwMC0{@H3{MYc?xbYqD;3;~H5Qw<8r`{=@#T%rX4M8x>KTY3X|NyWckP8TotuP2J3Wks3cY z`bjeF0xZLUNbTS#f?O~M!eEgOCsrn#t;cL%6<&w-WvH8*A{pRKE~LQXgeN0fv&lKq zq-qs8{Y|voXG`|@!*}yN&NX$#6#_x-pR@U=zB_ZT7FoHQ zRm(B&eU7sHp%U1lK`3Wha4!9q)z5A<=;3+2|C~B}IJs4j$s#4{lf5LJBHb0|nnwX} z6eV1gZ&wEtlK#sF_%!Q!Hq1FNhr&if`~Z32Xs*TPcw27!EqI-U9#W@2&I%)nVb1$y zJjX!5r2vrju5nJsfxr1k+iT>W&ZG zmM9^kX;{__-ij|?bc|7u z^>yn3qCzW;&R4ml{?e)R8=(f6=ke1MT5;LyG%~z=ql8mrs9+n{z95z5JU*KD$}LgK zdG6N=u<6NqPG1BrZ_l_8sGZI#;}Lyu+#3g_H@2~{7b5eMb-emEhkv4L^|B$$>>WyV zy9WbD%tGZ8V*l0eszCNhNaHZRh`D%=PTwI99U6R2K3a=Uk^#NJ4UDuw6vw*@omDJV z+o=ac^c5&#fRlHz8J^XG&pNq1RcmLs0V}hyE|6kU2b z`Jc9>>K!-)7~UTIaH8owHeyc*7ngTFc8@{~BogfCHB!jF*9Y`%#f zRhqP=%f43#)4hd@AYWO0uYy&RH=y|t&Gd~AY`v>K9ELJ@ZZ;}9z^56;7= z?GZT{ZUh<)*Y3h-=rpDKEst$r0v-$NES&ef92CC=#+KL8`(aec%zh^lpt86KMhCH>@FSOfUl#_Q1v2O_S!NpjBVY-ulMtUfR8oVg` z@Fw(_-glN9rXI%!c6r`{UboelKRQ~&jF|3~hzL@S=@4E4vDoj+;i;3O_`k0Z`oI>T1LG}CnKwCkB2i|M$2I4%?x-`AX<16^#es?$-!tAyX!11c^5N+h+ZmeG6`SAW|rHitg}3vySX7g%Pmc%5jdC|E~YR-@eLIpU&%X z1~7s=&*xl$5s8a;fG#IozRR*)e8Bd>w!8EeGoo^I6`MxIbAjM~6Kc?-Y5&X+kst86 zQQ7L{K(PvuLqrU{;> zPmSIO2&=b>u6CjA(X?p0cP-#vJ=04L*erJYC|LpeT!3!fXUm(Kx4uZhmVHcg-=hb| zX`gUhjc=KYQRaA=KZiqlU=P33uZ2|FOAodyTp8`O=&8fwYn4N2FbDLCW{qr~$IG_W z2EvkByNpLj02DWWIm>@K<*Je8uJwEmqzsF*#|dT@{T@fS)9?jSXZnp_&o@1r+%*Vz z2LC-lA;Mn}#MO_c__ofwv!%SfzrhP&C%>v*n}0}?!=);}?^|Of*y|(fyfn()2>2gB z*sCq#wm$(eFP`NM=fY3aKEh^OIOsA+5O#eY#_m(%{DSLCdaWwgAB2)P%gkBAt1L78 zfudUr^Hs`KGQa<^bCSy~N1emgqyj1%*KDR2IP26m8+3z&R3#aGhLi*vN1I6?|Y8n~u=@H5tz3NL48C4w;e+RCqSt_kw6<$ygu#a~_4U~~uP&^g_C0R@ z%)_Fhz9FOn7Rh()@$~xl2LBLSM$q6gK{VfqS-`uC_IXR)DkuI5uiqm#`|$eTS7N;w zEz%duY3?JhK9ccPe^F&7hjtQ6D3#X}z4Oa7k0D)r>QPSA! z@<+K> z+XN6dEXle-8^G}Tj-b4A@0{j3yba!M9Od;jFn;Du={tq*n(<~Y_OSqsV7tVRsBp#{ zPhO73Aou|n58TKBPOwkkgPf~KdE-Y5m;pFk2M1yG?+=XuGjZBlKFxg}96asyM{?g) zUml#r=<;?#wWh5hV;faRo`DYb00j^MV*0HP7a8_#UR7%ZZBv;)d|*hdY2UoUn(gMcVt?i(<*vN|~4E2W^~uI3GIBO55yFED1b|V0+q6 zs1E0LJCf|!yy%x6M>7crgsiso+AH?NYx{6l-%%R+{6xyi=i~SMMz@C6z?&9xsVeVF zpSgAGaz(%V4sEk%uvRTWOlBW1CKTi!f{fDBxY1`lq_L6W@P&^XU&5e1HbM8pf5Uu9&cc99&DcLg62-DYX z<}i;($_SYK(zDGxz(CKpYm{!j?3Q1(GrBjZ=$)tUo69Kp+~_|75V1c}?r|C57_z>v zU&%Dmex>6*ioKbDT*WvW7o>;?tPZAhRZ;>p@`QD-c??7is&171{p`Q;^~I`zPkp~= zgdMJ6(?b}^Ni8l(_IWW`#<+)CYE87t)1XaWPI|#5b#%FUM{#caRfe(&sE!dFTPjImMePDW{7eK?j9roGvgw^&Vqn(oo;pjhq>uj`5jl1dX(!9`vlJ^zv z`-r;nD{L1Wq7F=YucWe`qG)RLu94*SG91;D6?BGZc<}e`H|}0_NeZ@5+gC-nDa=!diFDuU#4) zN5kk!UR?>>esYz71|O<5yd!b`g5mLLfKbrFy18b@AEfvhB~6 zDEEQdJ_p}lFwA&1K*d--iHnRXdr&fxeb(?qB=vAw_GRK+2*B??%8+KU!d(s^l+Z4; z#>^t_s8uo!?x-a#`p;>Ub!wGo^8+^L;w4Kgec(+RZqmv5qk;~8fg)gV6`>WCz#S@3 zP4F;j?b$w%F~?Ac9wUrBCX{0~0USQ_fX#*^i=P?xNtWol}n z)Tv+iFFoLkpI~JQ+}-<$j`bY9kH{b}6n9#iknQP1?|Cn1de6C!5hR-hb-LVuxx!Dd zNm&7riFC4F_Fv*No>%7Vbk6zn_Fl(wrJls?)k%adSQo~Rnn%&nOJ@t6b9L<-Kg5GQ zJ_L2Noc5sc%jC77NDS%KJ=^J}9*ujKo^NfX+>kQu4~jw@FcSxqSA+U3a|^{OG%aP^ zJ1GA1r?0_Ea90p|!1156&&Oa+3EAftS^KRYVM(7l9jh*L>t24v-RcTX-mhZ>x5lIM z?FxA)DQr@5MgQmy+LIalU%I`!AcNC&Hx`KQCG5gO&HyjP;T?a%BVg*qJ((F6TZN-f zde@2Zr;9@98hxbRKFKiE*xr{|dsWPbseNii=&9JQpW-#}BKH9*hXIW2zK>)dneZQT`b`Z#OpIY<@#oPBl27y#(iDyK?h000Tyk^#z5nQIU{~silNWhaytW|{b{|bpn`Ip;JjQth`RB|1iDK(VfO*yEjefs+T$MgW@!lQc1P_%zYj%0cM2*k_ z11(*yQXBRFPlf2e~csk0@dFerfMO-;VTY z3bpWXz-_o*yybbodCv8IjsQE4t*@{HFoLM4EkjJrqzA#;8e=w+t#dYhuIn~VpZ#~? zhdjY}4yFT`VS&l>ZaY^4rER*PS7^XEQl`dT*itqt#8O)&|0bG zejkmqQ>L8M@%||`*)wrX?{4)rXRdsaUGahv21E~Te;2c{(sj5|HWdMW(npY-c4PEhQ=LqBAOSh*x;)ZHi?M9(I? zK7)%32Vl<=0@aB5cJ1sOKA-3F6$p?1RV9)*9=fBt^bcUZN`Ow5+0@MLf4}SfdGn9HfHnTtO*%|%iG$_npQt}Bc z&TGA)j6qrXLAlT$=SkYPNB2G&0KgE3GRXUxu?eo(;AdFG2z$^G*tcMM%6`l!5ElD| z=gho8HYN%7Rk|f)Q*?M>u87A;mSDNM@WIatl*YHEpt!z;$=6n2%XFCbds zl@C66N4|K@pBxwtieIo)zFpZ=f5Rm=p0bO#*U?x3dPZl2-l8-$|5K4q4$*i~EL0r^ zq&|E{8<>+tmq%nyg{R9F$(_FsxWFFqY~UjeHGt*TGO_H~xrq(auRSSo_D8Uiu}I3< z;^eJY=1*|a@e4m-Dhs+@XMzR37He9NAUN3M^o5wAceEM7}2ryk)Fb|nqQy7=aep7xD_Dl{~&Fxcv?#nm2 z-S$q5Ir9f;M?aLwk5U3~Psz!y%O^?>p#g#kw&xX2F=R#NP-iT5jcqxY)G1~mL&$+h zFFarhMK?Eii68f^@Va@0O1SFd0ZS$-u)}(x``z{@GN@3L zoJI5aIpoieRh+o&0yU!JYnGMNkTzYpIltuTMb7E&!L_V%pOwZk~FVDFxwDQHRVNni2-ftAqT!1q?Hol;jNJL}Z(K-9e? z-imJs<^;}yw9GFK|2sFQ(JDFO07X%FyPT5+o)gva4dfk#%TPCmx4FpoKV_@0_Ul_N zfv`*Oeb-y%$uY_iQ=k1DIM8eR^*DY@VU;9a;zETu_gtK9R25*1h!ZX{%7_sfTCFY zcZP$@0O(#-TF{}|!m|j=k7Cex`<$N$xKqSS1au(|Wt4-9 zmK*wXE@{6>_+d(Z{3T=eK5QkP!^`-&ejurMa_!}#HTV?hOn94;@MU|52A(ya0C6pW z!u-`u6^&Yvz2s*CTblD#W>3^spu5_t zdZIsqr&%2(RjEvX>#mgbsK>l!ig^!YPTs=}CpsZsO!BL5C=6Bm;8scERq}*(=OvyE z;Jleu$S%JJ13(t;{Wl!r-!l|w>1cSWh|{?CP%pE4|H11_n?IsHEO3e?(rSfc!CO3< zur2bmhgzJ&`lI6ueF(Ri>AU)~!Mak9%S>^^^(Wvyz&$9H)RF1R7>I+)P4vWni&XAQ z`#X$YtUPDH8K)aY`*~&FQ2xSMr!4-|q(x8AvxhYW=3@riJ@F?FjLi2NT8DU9X)AVE zwLP(Ffk568|H(=Y`|mXUA!yj6}+i2OU&#_*@G){kwYD6L{g+Q;5H<@O0VkTfm)M%(Dth zHk8JAzVmsJ4mU**^1oU!VhtP+_fAqFg4g0cd8c1+>tsl0S>iS;n&Et^m_B)U=lpGi z80t2!8?2Ka^K+3!JM>5+SgKL6!{FgQr~4-{V39GQ+O8PlLf)DqcbBCtX;TY;vk;dT zT4LX0U`%(x<4JoHQWG~D3Sf^x^11PM+`ptZTi#<}LY%M4(cwK|KwC=}^yK_u{8fIdqf(r5Sex z?68KD5s*t>evQ3{X8G0jiL0?TlQX|d35T|^>S>a4umtr1UmpCzLXLNM8E`eqc`Hh3 z4q};U4C}u`r?E$;w>$P4f>wBJ!$_U;@mh|bS4u1ozntf=LfG@1{1uXeJdXK#b#Ui? zq5Gr??Qm9GzSUh5ZlwhG0N33QBi#AF&mNF-ucAFmewpv9K>d8#_N+b#C_V0})XL@P5H=Pt665>=lf3B{0jm)q4$rk(KxW^gNS9Ut* zCF(|1_3`0$FzpB;dS%W zAJKG_?M(-&cS}n)N$qw8eB3>}Py+SB)1ODm?|s-@eQb5Q-+yA#5{Hi;UI6<)nnGgj zOTl$_1X6hLnwMYQ(o^{Zl5BS_K-+!a<;SGz^d<(_cI?=9us^!(!X4mS7&NwiFp1Z3 zz{>#>i-$oM$wQ%eXv7zRo<>)t<)c-6{b~FR@=S|cZQqon`0UF~Y1{{OMF^DoyEnSq-Y5b>z zmW$*+v7RWVSqS3ay|oa79!jaAu4wBb9!-Hz%tz~bes)#Fw?bANtU^Zp<{EPF#okIxlmG-f5b@9}5Cz8xE~1y(gl&H`H?fC-><_Fw7O zh-~$7o|MYEN0Pq>zt{|S4gTGBsdR-M1~1{xkw{f1G#-P{px=Xd{hmIX%!>#`=4xxY z`tG-%;v_%Fo%knl%u#&Q;sL@F&|IMKF|rc~NJt+i+-IhL7`Ii=PvYt1|BCXH9B<8j za^+cs;2))HLyl*{v-fvD7d$+71w3f;dtZ>^0IMnKv^|!qtoVP{i}NMwFDjg6{y;8M z10S-eZH$97R<4MK`SquX)z@Nl=GiKqy7f@nIRJ@)4{p5+O&EzO1S}oInz$cD0(4}2 zM3XC5CNA453B0Nnr7FB-&vIo7_Trz5ACi5z2#(yXr=QSiXJ>+wp-|?);F&F{bwkT< zx;diu!@1licl>P%{Gpt?hC*N_GMh6LB95~c)p9;wk2He&X1u>RnA zg(u;#1|9DB><1;OpYd$2@bTI5)6ss{!vL}_%zJ5=z+=-B;8$!gt+69bn%=`${dv3R zFCb<0-$&ED$S%1tHl7B}_iXevNeWat~Tr@G(YYgsm{sCqp zUtg$sa4p|+Ei?pfwtFskfLGdc2(|jpvbUhNhrkto_I=a>)ndLoJi&|`p}IXBUSL;| zgn%!-99-M!^+W5lCgY$as~d?Een8B9%*zk96H39^vKoq~^Ltx_)Do^UUq|0hm3aVZ zeK`O2gy*n++vbg!2l?>2gVNlz7kCZ$j74=#%C&)3zld<13b$i#wj3!sh>Q{S=P_zsh_s6?Xg2ybS$PbWyo~#pm z(^Fb~jxdh*LySI2zSBJ3uL?0`@e~h>Tp{4Ms8wW}KoAC~YXD;GO6ZaoFJ{LcL*sZu zW;?Q8)=1@0B+=TaSpzd9e84%duO=*u5u~AnP@yG&{fcXJ&qoOCJLYY4|1QmO=47=P*k<{;r zt{hKCg9jf~CQ+R6M|Y+68|%H;a-4pZOS{;)Ou{4eU_Wh%fu&rC0#$a#*PSj$^;>m) z0*l)R7Z0aWKHk3oR}0&@OA?1p919R$nX<<9m*xILlXXPZje&NjJ3khJIRl{V@!IIv8(?dd1#mXv`Gba1+eTaTJAbE#`>`aSgwS#`~_x`VHvhm009}m|rTe!vy-~P8H#`8j) zv;sA)_vsn}q9%~kDcBf+fY-$qKbE8YEyYOVMv(Gy*Zd92UNe}P6*lA3QhEb4wNEjy z=y-KpKGu4oj54H!yPp3E?l^IV#_}fv1i6`4e|d-Sm>I4wHDpI!UNPOb#gu{>E$$D}anrY|fgU{qDXZ zaqj7IJqwAdh~*&$_FKM!x&fAM_u<6&+QPG0c%#pa1ChFUx#f=oj6UPRNG39{;v{%> z7JGaJ%l&&dbpS3bBD~PnvR8Z$KnFFRx`!#n1e=9=k=akuAAIF(=Hqj(ftcEblp?15 zMi#4_Op?iylr}t;u>;o5l0NcD6}6b)3aOD(30m%L=_=bJx(7)yj=+V*(~kx48m;f@ zvh<+c%|;7IsU~jrn7kfhO1Kvf@`ndwGr6CzPb&<2>FCOggDZ3Pdy(B%@73`+4XDIi zYpa9eG@HHUbSNS4aWE_n`-s;fLC9G8-8SJ0^l6C+>B#QIp+C_~LYR_$=%?0OJx%_Z zhR@*@p24th47k7Pz0W@ytz^$u6u{UUZOMbNMc`mSc*T5qlO-Gs6Xo$%y@MD8kQ5gCZa)R>9vaH<%iC)4Weo_ROfMqvM+L)1c>HF9k zD1Rqqgts^|Z1g-LZbm_54^*=v>dhK`V^*9we?O<&sfXnbeR`gGYH00mzSK`H$4Uq~ zIJ7_MI~1?M6yAryeyjE=jaKdR>Nd;uvz6p>_b%$&CD2Z9_S=Bi{V*uI!UWQxMN7S( z0}FzG%SbPF)nE-A^w0YTM)cwBcW{y;lT22bk?8p5XVmPykOqw|+FgDcr_i3= zRq3^Ftj3voZT5eug^d5o(YGw(X``b)AJ)YDE7>4)ZG+(=z9&GUV86smzM73|i&@8b zk?$rxZGNbE0X>t24!ZSqu~(BNr%wEXE+{9L%i!ar&>@tbg3Aiv5C0;li<8_wVR3wm zl@DE0|E>El#V$)V2&k?MaT##LwaMbsZsC+>&#M!e$(wTWehE+Gv9<>H zSxHlK(~yuagsZ_5j7MFWFyHTGhCA2&1U~(-)so+B``uw^bMCh>wqVXMuU5f)*JQ5& zss?YjA=YH&-Z?aI%ruJ9CMwia4FYq1y(?!59cEsF)k-eIMruwk~{21S(ozK zdID}FC0}(z(lmCTBB(Z$9+%57oIW_+d(e~f^&hP-IXq-pRK!jJ+#g$tpMAli)IIKN zs9cE8<RPN9sQh=^5AwNM0tK6|!8cP(M z4=GCbnluN#{|w(~+JS8V2jgvsM_x_g;`>b@`q{O9-4k1DdGqIe-!(PKsXJR9ss;4V z1)f9@56k5MUgLYexF2Sg)rM(pvPyyvk^e}5xun-lP1z@0P)4aee09omG&4(3gc-6; zsWQCfX+wR06vi z&2*s3`ttHuR4T9i29xFQJ?JluUAeF^9IlVXK@nfg7O0G|g_+H!*i{g1GNn}nsT=a! z@7<>CH8$s;mrujrgvuFEYLgfTtYJ<~-WLNbE>HZ_4ll@JGf zz`TF- zBIr}Z!-B?I7?x3h$y-7Kod?~_6i4R{pz(872Wn^K*if^4yD^-{aHF%Da5)#;HpQ;cn!W572M_!A>ImfJXgss= zI(-JEN$x%1j$Fz@!0nnO*K&~d`$p-PN0czN3^?rcv_=?Mta>93BKtMcsuFOv6HzjV z$DX|!kY0vEVRu6}R2hKx#cN<=-1eMI)C%Fc8s`iMJO4s`53b5E05;2-K8Yo3K~9`g z_k4G|JiL94xXc_<9(=-CwRrhyS~DF9#u;=g*qyo;R4FMfxiSI5S8{}}J18gn{h%aR z3$&CY&m&ZsIh-=(DU@%d_No1Kw0q7%DxK>g_%g7~9dZaK$Ma?sC+;jL%8!r)M#3I0 zI_J_vP|@Sl$bP48C;M83(%mMt!f*h0zqt zlDeT-F3V{jthddTe$`7(A#ZwkKrft+I`{J{a0k;vwBn#)CtFl}hQk z+DO?xrF|#3QB3bDuL1u7?)TJ`OKgZw=o3yxV$h$sB~ z^3@M$NM7B~4$g^G?k7ggeqo#KMbFL?7NU(Fle$iqafewkpsDebpB*aKL+kNEmB;Tg zbpDUTj&J*y@_Aw$BKinD`2#!L7{-M(ll*L2x<%+7%GW0#kvdZRy%j>*?WUByGeo7eJi%IJ>R%@uI%F@c?I3#MYE@ak24xlW5V_I z%Qlq*?MB)^T!?qIXxyumLe(ANRP&+aF(*;a462$ch9$q0Z_k@Xs50Z{51<;h>-4)> zhJP=3^WA+g#e?Z+EApO1dGqDN(gpL5Gm;+m0kg{-|E`KjXsr_(rc+5oDIwl#*FIz@y5)PtDKuw_ zya()Gp00OR2|Cn1ADO{?fT_|5Md__&lu3)`mSBs>3+4!Uo{UOJyoR@YB{Ux`sT^N> zYYlVt75LbAk{wZB70CShn8F4xF1i_Bi=DO&ebCSczMtZ6+9CWBms36nM=AbroYa+9q!kME9ed2n5>Q$2Pwwuh+4fH9fJ6ch$|t>| z@|karPc7W>QNu#~ye~}qj+p+|lD`AbZg!^eGwQq}GLnDtR`+(L4W3ItuU6dd9i{ZB zF*(xf2Ju?=be*%#OrhIme=-Rgz#7ziPnYM#25zM2pAu}psM|gndlot00$5X^ru2H_ zYjq*IlA{|NsXNM_GwM5S-I(Sao{bYvUTc#XxPe$RC9dyJ#y;v)RA^KL%uO#G>hL5h z=(|X+WgqL)_no?Qb3Z@(?3nvSt4ZmHl%8<+`Q^&V+no7Q=vD`>8oVz%G?b+9UlgN*hm*XhG;8UQ;R$Z?h#J|5T?R;+@e6(=B)w5Hi zsET8As8CY}(|T;uzHpJ|*_vuW7RbnhD~F77g|!jCpY4^vc0OZG8T8(IPm%83i**5= z25dw*42Fm-2JUdg$Wvf?SqY;GE%?hILKgSobcH{>`HOq^tuZTynGWs&6cP4psR$bN zhlLjp1K2d0e+KuNkJS*O8TiMm7$W5h?l`_oM2U@)xKI?fO0pD1+IN;rE)$hsi-9TR zb{rOxkDqi0NYpelY?fEy3G`Ybefn;CJWU-BNh=s7JrC8PD25mAEr~cUY&!mho|oh% z-G5i&olfTJI7U+Xb(<}^%OjC@rU5DsouJsz`4;c)6fy2qa=K1~kd>Q!=WBycyX8l^ zg^%D25BZ9?9F`j!_|km}Jl|sOKRU^u8SES>^Rog(yhpS&8}hGOF?H;HhJPkKpRK=~ z;P-*f{BG!R>Hy*PU$pdKvB@CN(SP0AQJ&yh&l5|ceRuhkVxr;N{q6b4dIk`3Ww_VwG7Db zQrws`K$fpWRz6GE1Q0*Iq2u1Cq8LvS?6D3XBGFeCa>b%Q_TG7#-vQbW`+QbYTrThz ztfoNqp$guoIn+h&TU1%?l5DFP)j9<@$GkoF54Rb^{~$9 z|J$7{62x^2Ne2FGk5M9(iig+LUGhr( ze(c|s{^u3|uIxLp4{kHc-`Aou_M3uMv2s6uz8`e$Gx8UyU=ecRX21aq2_13z?(kG%ybo=m!dtqbtK?rOggg6tnzxodcPEu<*K-) zC1z2tpV67nISL(k&-o*0VE$}bj`4vzy72LJdTOs#MY<%93QVmpkk7}Cv+$&+n?ehK z$v?NwTf_VP6ngY$uL2xj@L}o?yoAbop48Px3gyXPkcs%lQXtY~o!g7o$4Pdf-YwD`c*}XoH&rdl5g&wy0EAtyrIkRIRVve%#2PMr z5-n04DtTH|`AE3Gjy*EJuj!5OzR9yU{d=|39v{v=rD=s7u1-7Rvq@HZ- zR7gw~o2TwjnB}ch*RSr#FBIo*@0a&LMK(`*^sKZC-2?N@P)=}|VkhANKR4oy>nE#b z8RHN(HYp@p_=D?m!AR?ym9A25loVh5I+CV2B zzXp0V9shU$t@49yfvSUEGAEa(J3?phqj9L7RNT<$CUA%T*2Fdfu3s&g^ zvEm6~0t~pvRae+kuGh=@G$xe{LN&P@8p@4|@$)e#?p(VR(_OFeZO=@vJ!I$rP`NPj ze1$qzUJXVx<}sT3C>fSRhIR5~sc&H9$hA)!`q?1|a&H+TDJ30@M|eC`6*Qjn>^?{) z|8Bo15T@`YN^CG`Qu#*{?DWO&hg$pbdrY={u_Gu!S+HvFSxXsxLi&C7O(v%9<7OGi z_J7OcQNR>swbE1jleGLM3L(7*QyAvbn<8XpPs}@Ib`(m3jOANim3sj~;68G?T0P}! zIDi3cnD-$?`--uwabJn>Th^0u-7aW-W$;9Jn`}y9lpVDUbImR_~O4X9~?6a%lA5?oe_0HsIWOpWR zMY|W`rsf!ZvzMIpHEryR+=6_DErciMiFy7unD#?9d`m}f6Hq|*>Xql*GTwsO7kiaa z`m$%&*{f|*^n+FJn~(GPo=b*w_CgIdWhSvt^wtY@MVr%5a{Q-hwCpwN({x&JndZgCs=l*8Pt*npi_ZZ{tV z2TGM%E=}+EdxQQsyC`j7z`o~XQ~j1``5r^iXp*ch&0n4l>MPX234jvO8Ikmi--BGg zXXBp2)zjFf^69~<4YP{^&0qzN%=s$_;R(}+xM2?*Hb6YJDuT`s?nBm z>wzyYaLOPl4IhOLpt6Ii_NzF(LpJzUgWU`d z>G0y`lPVbvOAxpj)Lbv$h9>^rH>tmp5~S6#3=;T>eFC%`VR3DDr;S>D|5eyEJ{bke znu`A@53t8R0`P^`R&7-;Q*d0PlA43i-#InPv>w@`8LX%RY*Fu0} z6QqQveGdJNJu>ONUoRyU4+*Yl?i@c@-2GDCFu1P|dwmPW4;O`hUfJF1&V8<{ z2%Wl^qp~ttKUQX)?-8vXqXn~7NzF4Ie`k8@f%%VCE8 z^nEG2UfYPtXs6CcU|#E1%R1J0kL}lkF?9Ra{PhCcs zLHQ{fJ2HSbZ9yasX!1-Pqc?qDdgh)!yV=-I{(8+4{&@wOMe)wdBEkJ-$v`mKnB=hL zg;gR&dq(4=xV}x+9=Bg%=5ss8=chJDuRWkjrb^Ur9|9gtqAvpkP+eauglPCL4FJ!T zBs_1)rj86E2}p49446=%^;TXU;2?8i3WVu}{ zr-OHz4lI9%=~$v}3&g{o1V3i(?egc$;2OmPc9qNt*!}>HFyp{G`z2k^!K2!bU19bE zo=iV&Fm);0&-?vu*E4KEy>LF`tqaDG#rRdNK{QhMC2nr5n$ZW$12FRE1j(vq{9;en zAt+k*c{Cvi33>J+{ecsken0#@X--}gCXe@k>ou07Ns1WEif3Q= zty$o$G>S`ns6U9z#pLdQF4~T+2y2{Dtzp_Sw7FXWK7CzL|D!=4Jrf76Q$lD@SE(-T zYlW2Rhc~L=iP#CLcbXRio;Klr!l(w`*5%1Bx3q>-G8tU-VG|{PPdmI1)HEPl1IpW^ zp*_0~OZXJ}G)u^bef}iZ*Mq9)`{{8vNOxs=y@Dcr<3XUki@$%Z73nJp+sBpjP=Be# zWf@Kl`2OyRju5WLF~l1NsC8cPZAm9SL;J~2-5FJmP6z;}D9Cs7fDLdIG-n3_9R9u{ z<-<{5K2tlr+t-23TfAh|9{i-U&mceU=Tyzzha$+*LpVf@kA9+t_+0}YR+Eom=ELam zcI-QP#-7UIScTnuaynSQIlNO=sN$Ccjdz}tr^T>oLbD#CWX=Rx1X6T1ZDTwpaGv%4?T5C_yGVYu)W3(xJcZ^tv`&M(&wK-!PH z@}!_F_}lLY*%7wPG!9$xsoehl+8b9&zKpu=^T+cZ$6OaX7@^GIpYr2bKazJC9;!MG zkC~IXHUO+Km2-4hX)jeJw|lkTiqb<@+unaFUL%*fZc>r3%n1s>*M6THjSQ(V#sbK4 z)%`=K8iK}vJ)H*mloVpj?^iu~aTByFvG7Zl>HG#QW6v-ev}--{X8BD(g-UuCFbM*R z>Le)@>cPCQU#kwz$#a{B>C*bfO1(bM4|v>ZuwU@oqYjl|l&)VA1KuPLOKnVTz09 zfBGP%mGm6}c`ONZx0{m(cc}_SKOJD*R(C<9+NvD8nHfXZDfS@H;Bf#Bdx{aA=nJ2v z!N7Kk57bRErv}=kjMRb*Bv*eWTfSpEv~8cud(=m`x+b+mpF9Rx=unc;UQToBuN?z-3IDhVa5yL|W1h~L!s<>?tewng`Ke@xwDrGXs35FNemsnLC_nk}`dPZ6ueq3v> z`T{FU-{eo4JyZkErECvMhE?k>ao&>RO3d4Y#RI6JIEMezJ^G;D{eeYjd@ce6fr=MF zTQ|fBIq&CFF<0p~Adn!T6fxQ`ox>(Xz5L+W(wyAy_d!~mrxGO)_U9BPPn*J+Vs!GZ zD(h!-pw?so{ZFaUA**1IN2587gZNISdij7_N93G zCikq0<;&L0#4nNngKLkH?4J17@xi_BY(0A2qHH)ky$tt!#-#)_{Y^l=2XM(&o*y3aV~Sm=>!4qN z1-yxNWuUuFj8%YIfus=z5&z)BY`-q=c<)k}RCqQ+6IkiwSsj#BlFAav>gc3h=I#fk zbv~@PvF>zhy*#`A#pYgr+-Iia#ULX0{iW#W0(#{hSL=H7KKD*qj{6K)RK|fzCnr8U z3VVv?P5QmM)amwoK&s#f@H7WDp)h99q&kj!R4y!2w=iv778E7lq^2NNdTR|7R*P|t zfgWI7>bd;f=*6}_XRS=V-sksFZG!bce$^KNrLqXpWl)3OJleY@H@GIjCipd4uk|9@ zY8Wzx8s;ZCV7L_zbhA!Vs&(Ncd^wEM{As~W0bwH_8uitBd#zEI0K#z~0XY=@+6G?@ ziqWTI2G$!J!1-xf4)w2a&>0Gj)oOS#U;PO!;JEm;9%uS57Kh*i&NtRZ^Kqm(+E9MP z`5W(%yMXl>Y-8Ba3LYwAzDO@0{q-}2_pCzM?)kgd@R8zgj&!+RltR&jL)mgi?$83E zf&Ga;_*<3Gxvw(%L$&3JVYlN3g^YJoFB{z}Q{F=k?uF&q*s?bW8<#Wd&d9ZobxwoQ z!KK^tVXklHcs%pzv$#PcgJS?;XswEHqZHs2muG3e{+qh?IaW9Eht`7@;V8( zx`rsH-mk5>PmJoQ=97V12p)&O4Z8WjroyAyWRz~t{W9%KeYD5frSnVTmTASIm$==@ zg2mxCAQ4)k|2}}+5umqlCNM|fHWqSNPD8SJ;~Gm7YCB5EGQJ#r7&4@eTCA@-btzZe z5XwxvbMGtCllviumE=csSO-n7?)T;8cpGU#=kfdOo4I~BG*s|zoFC=YJ%A#|5dJEw z`_hl%cT^{Q7O-9R=Z3IO?%Elmb4wnV!50{q>=xqf@kiIEp-Eg2 zZUBBNlEA!F_38+1kRpeeOhTJG?gP%8b!>YX#6!)5Y8;vMMB9B@gdqsZ^kvewXzz8~ zdaFO1CWIvC4<(~7M?+~Xc{KE~`&tp{3u+PSKI6(@gCP@yT(Na<+|T{iH9u+}2J9P+ z!KBd6yUc7$H#_7^>W>B>U9=|$d*Dj$*78yfkkLMm4S40%!rgBlFz05R_zMYcY!qJ- ziZFhSMKtyy&+7XYF5$JW)X{n{W6IAGUvUc!_Xh1%PQV;pFFMcn@7oIXKD4;1yQ{w} zo7Ov{0 z@Tl9e$18r%4>{g7s`ilg8|BviYxYr#X6(LD;*T=Fb+NDA~kdW0jHO)-!4G{ z$lSs!17~e6Ax)P*f7yfpEFWKGKHBE~`GJSE@1uU79mj&N_CDWs@g%rWRj>12T#CD0 zS#O&p{nG}APguRD$&pY@ZxK^HG5I)bfd0 z5KqsNq^yrLT?N)LDUCWNa1y%E;sdrbpwlOd)A@6f-^`0Zf8)2jMD{&_FhmJGx1XW8 zz++M5L|nVc5mH$Hf|-0NMDkKl?@9Ag{WXOpp*{MOFsSjJJ(YJcGeWAJmjCB2 zZ(f*8fW0?rwksLG4wYJ;Tk*@;=W}U)&XFW`>It&Jx9;3lU#4IaqoN+1%HVshk9){< zZ?K$7(t{4`VWW1QZtR|)4zo;ekrk=P@U+Z;j)-NyjsoJ((B*T>KQBJ%`dUcHQVir2Qxj)+ls7gbfb+y`_x9 zlW+a!e(UW+@abGb^@XMHm}v=6X#0^tKR+sTt79W1$`Lg!^f2S)1-n*)7O^ z+c_B1eIdOFUr_bXq0{Phx=sSNR*ng)I31~ii2V70(ym5>@Oj;VJ$Y}l{TfN`_ugBO zn~aY8wYq>l*8YxBA!@3|ESo$*dE5wlP#Awu0AHx-1&>beijfcHuO<^}^WGRm!!>Fg z7>i7Q`P0)oyw4twIawNS`-I~Mmdvw;PE5D^=kV&2=FaJUbQ|esb7vrW4ntv8zL z&`*L{AK7~x`z?yP z*!9P?P+JpJBfY&p=610(<uGfX)PWSKd*aKln&LbL>E&!U0^}(&iea43=V4Y$Q{1x5XK?7Q* z{Zo(8ryPlWSGaT0 zi3f=87{*sL)D-qXynuZk;Q@}~o-{Kd^Vxf+?@{TLCLHBY+n1=K9RCoLQxC-vB} z#g~cq#JXSe&6KGz8;?pgy|g1+Q@`tv6Bj^BPk;9@Cqe03a|h8$Aer|tIpV`b;Vvb-!7N;U;t03UxMWLXlo8$?t-GL5g0=S;Wj;3Af_qxmJJ zuTBWP>)W+Bt5XZDPMQ)0jX%AjaD22O!*^AAO6ZLe+~mtgD?Y%U>UItk9>Wax6ZDly=^@fr|AK=SlEk5Ds{JEBb-6_ z3Kn!?yc*H1^#wEPUliHmj(8fk%Ntn!L3s5qGL_t3 z{{&TW785GBM=KeDDcob)Si3y}emikD`xnOSf`r=zgS;IM5Xj5zBtz|uOBW7pn3TUy)W6=%Q0zDv*BUlC{GGK zF*@=OSIqP#c&#AlYX@(I7qj$->%!!Pn_ijoZv_kM?@U?Q3vSAs13!v(AG!DVcZpVP z!XR`F`jbCq14jn^p1fq~i*KbLA1^?G1OL`|*17o|v_>z9V6+FA8$YAoiEnb*(pAw> zKFVS9$?l9J+nJys5kE5asmr1Jh7$C)HJ@^=g)VvtwK}C4ZC3jRjWRww>tW&zYfxUmjBIXte0m*~(Xwu>NHRfSX2`BC3k^6TV zK`z>$CGM^Z0_v0p+FZ;ghA=_G#u+#FDbIJ$c!6#ERakiY3it_jW9yq#Wt2MTd_=F; z&bn?%mA%jN_PvvCsL_XZuZg`-Ao}g`Ft=HU$ap;{xkT?fycGaX!*J6nHbMsVH%ndKGe$sJe@_gB0E*E30PxqT5-q{ z%LbR=nv+ms4UmDDxCfyQdk&eK_GNg12-m5I(^^tvfu=~a;z4@_(|k=N<-H#@f*T=J zhvjWpt!41)OKOkYb#ovK`p2<{2-7}1*k?;9>^^zb*(kt%%%S^8$*-?IlD%Pwtan$y zvGhwkhsb^WIQm0xvvrJIL8Zg|$g&yvvU+aPoFK8emZB9H1wI_Dd!uIsaeU4xR~lmM zw-3yRAd8ov{8K?Q${+xI!p~%g2mf{jLsS*Z`_t9h?^0p2fWkk9z22jh8P& zIB}1!oNg`TC&ic8hV>PmZ~KC)q~U9uKgqt(0>}B`D8CPI9h6MFJw0B-`3Z?!VsHPCm zYp-+>%`U|JrA{}1Ib-*?wdXwU9%Tu*;N{Za8C7BP50rxcq}h(0ii3+o%w71RpX<`{ z;3`g&5@E(@Z^<7&C!{hnaPN?3huk~1UN4ZM3N+Q+hf=6KoP8d9if8V$HG6q=c#gto zGxE=Bw3agNy!XwR@YR$_{Q7W*3Ucs|S8W-_Ab9l6^LDd5!0)H8_d;^S{bI2`ID05d zGmNfVI^q$90C*Jti!dGUr3QAZUZ__CCzr9G+F7)au*LCn2|MI~%b%^_p8bY5cD~a= z@_y6@d1bP}B7AW;uMshw2x(5A5ui2Mh%E&WMb8G^P%)s1^7JIem^|jH9^oc_7y@Yd z0NtWX?L?pHvLRA@EPnunI8+P6p*i`mW!hbF&9B63dr&EL2^5klNR*AHaF8bXaWxmb zEI4fvCffEre0aZ2m=#>{NS#fMG8EMd-h#YrZT*>x#)l`4+N-@?~; z=CEWB1KtvP##l9MpSgSW{iBKliPNp9 zHa_j0!KR%I^NcV>~Q z3IFABxiA8fa9)<~^>9rs-)bjl{J&-BJYLly@0{>N)`9l6%iY~qX{xx>4_wA?$hA=w zzR{j;dNDdBc`2!~lC{juf{^KB5DRi9U!addqbT}4B@dY0%k!s(S`wj%7%5#JWW@=r z*jfnw8jdT+)?fb1e(rgX+gE96&E3=9ntg~K%tB~}U+tpvwxaMKPiJ$A>Pw=L@v{c7 zsZokE59dIq(mpC|(HP!YVi~7x zga5`z#<0}M+HMYnSTU|<-?c2m)D6WxIDOl1^6_2+tdQ;g$jO)%_C#13UFAv;;He zjc-+KW5qFbcsT6wi4Hq`ES`BF&JinzMU}uQxsb=LQPkE}6+$2%OUM8U+l|Bux(@0b zY>>mrow(>}9?0GY6)Z(m3MlM+j3siCvOP5i4;SQ^1tq%mJyswFmC8L4ABVK)rnH+) z%V|omz2$x7w5DK%)>kpSffSE^PIkG0i?CM?83 z(2D7-R4U!mSfL){t1tB@`U)RV&1q{s+}C}|hb*~OrL`P2zIUk?zl3fGX3)!-#N{sA z*DKwN^0mwXx)~raZ2|o{We?(P3tQ6ar~Uo*d!Z5tO#WW^qpwrY+ZT$3%p3w1rQ^l> z-P{6;>rqu9Kc#Aaja0o}_bop>`}Wh=rg2hIRF+CTd3;tZ;4Z1F^usmna$-A+KjQYI z_Lak@M!VOVy5#nC-z$#il&=dzw7;I6>R;CzpW263B|XxYOc#IO zXH~uwXMp?FdpTJ?CJzNO;Ws4P_BW?sqKwj;I+c%i9s<<`It}!K7j0O|@%!amkIi>m zV{D;=QFm}hU1<%7{jm&l&brESA#8fyr>RfB$iNz`x z-FF{542@0?u3h}T7aF+9%|0ihCsy=E4qgm+!V;CsfF!0(+HhKkas?z7OdUQN?lmf* zjyyv7XVGFcHltyK{Q~^U^#PbP<0^Jtp*<6tUe#&of9IC|_09A7yhQ9IS@5n!kP4_z zz;N(54}k`{ZPdG869BzLi0pbP*aD z6&nulr~U1vxBA6%ac?vGlnJA;@Aq^knl2eXrez^ySAH6*vlFCztK2(k?5X>Vx-SL8 z>tHK7nH#Oa(3kjY%IEjzI@5Q15+O_O3Xe?Aa|KIi>V7xG$lr&esTF9+g+0S5SW`#4 zQdkW1RK87uF`Om168JtU`QJCr4tBG6p+;l$B4_t8c=%BZ=hkRHTLj8XxFbItP}7}3 z8vLo&tff`O>PJEa8~{%T4EeE8-^pIyF1)f~w0%W0y=-*)PkmF6Yb}Qn29q{}r^1ID zf3s1;p-m6pNqJNh+#9Yq=RZHv=M_U(AZPmBI>86}e=+EQv3Je!BXTPuKn11#(rV0u zD)j>wQZN1cmzlE}cii8LhqT!Eq%Gc@Y6?_dr5Th~;J=fMxjp5M z9u5T@Xpa^ue0K>w`TR*~f!p_VoC^^aueT$04Y+sXIm@z*FZqKwyqWf?R^0lUZp_AE zLZV&llXcEsndxuMlG_y%e~knTj{RIAoEuy?he_!*{VAuY@`h%=ufG8m_N2a)p_MW> zMbcLb0*~B|dPL*OhWql6MwjZxEbHj3*cA%fc6lb@E4JL{c@Os6$FNQOaEE&GIx`a0 zf872+Z4Wx-i|~WKi9LEHsjm3ZalFovL089PW=MUDX+5~0_m9OuGM(e)dt8_TR4p`3 zz+EaVBqZ82(A;O)|E=`?ab@@79HRtQL}%CnR#;$!+_Fas_%%+$P-riA)+G*9e_C%F z$Kw+WdFg1)wF!rbZt%biEcdRxMWe<3Vuzkit6KanmA&m0Va_(%p$J#SUojTt9tJd zJk9v7KpGh*ZJ8^$}NhFzo9Qr_>CqvkHcgia~e(}oc^L2XxAvjk=1lP;{0IQz^ zeomUR^I2=vWRms_)17_Hpaci?-uF81Zy9s%C4OZSXaDlI$vVZVU1CNCoss{&&(Znx zruI)*RB|@QzJUUE%-sDDJ-JlQRZj~QlO%+#794vqffkmpyZu>zNuE~skE8;Y? z_04tZ?Rk3%CtG=By_suh2|GRR#j8k7sEwb*qCwO5_CJtjIUWU(s(ET?ra*9x$mgmiH_hqUA^%6#4kKlNn$I1;Uo6?ELgMf<~c{zvj z_fB~TF5Eqk`rH%bH;4zi%Q#aAc*n^?b)T=UYP3Zh)LoxurYO>6OS87a?TpIeqJkv_ ziiSb+r0BSO?G6>eqn9eXbB%Hw=BB))_bZ}~%RKCPB+My_G19^3M0Qa%i#~OOS(Nfh zjW#|$_@}1-Epwb z^=EHA`CCpKpi)Pf22iC{o+E36$-u?34oLm+@s&aE1)hEh_l?H=-V{}`f6VSy%4XD% z)S3M2UfAENlTV;L{9+(^V)X7E4X~XC0<-rlUmVcSt=4V!soUOHWlTHD>lb~T6MCVZ zhlEzx|DoRKd_buzog}i}Avuj80p7YIh9xC;tveVluRhs!7GaZ7PpQYdLFI=9ZrD7U z-G%D5?=_`e68`NT=m%r-+(dP6EMkc0)iWmAXD3JB`~oMo&;+eyKV?3e_727g-;sj! zj@HX2S2B@M{t|p=!!QELa<=(x~~kvxSB3Y zIycQd-;Ny?H$euF!-U}WHhrcUnN-2K#TG!-$G57i3~D%i3-rQOt_1vi>TYZK~lldRPl%GlavNc(0`p^U5b#Ai`d1&fYO zjZg-F<(B3YERd!iY_Ju#XK+9+M7@Gg$plWrp5ohn!$BMNl+f2$?LqhPZQqR=2*JYx zJ*yXc8l?1dxPT9gXZmPv#Xn~+`3>rc9dpKeozX0D-E3+_cZ)p~YDJug`}OlXuaso+ z;o<8mPfQKu-tq*l=LZUVP{Ud){HyLTZ>Kkq7@p~TrttDl<^}gHH(2XPSbSQa+NmnKiX!w-=}55A#{MnuWx6s;XxI*BIevX8ue2Y zG@zz^C;}7-m{L-^L--_*=%hCi5zYTJyvpJ(ICsw&>X=AsKL8X-Bi7)vJMNbTR!H5+scPn+Wnb&?cRb*ofoD=%Wv$|S+VatP`vf(q-)^cf) zY73voRHqq-Bh3CIy`mR~T#t>J`U6jx5BqW;9;nsxDYa_@G3q#)a&iXh){)P=g`6wE zf5+2PC&m1~3Ro`tbblQ;^l)~d{WyEU_vrfs5hlR2tW3{e4YT0%5tN7X;BKOO`h9M?KsDG< z{b>3X*fbbKGHp2e7-;pfW+e_TH~nP~fK(gJYhT$ z3uWI9A~4^Z!l8raaCx14*aIFVjnk)gP6Ur^ug$=ck7jjYc;C&&nWj^cni{Y)Vn`J0 zg1j*(-9ig+KD_oRQ*+=U5WIfnBZodT6e~u(*Zwf#mCZU8xa{_0lYQAeb_`Jrh}zMc zuKDtb(V)sW^VHivG_p+Ak*GmZ@{L-wvX8B`Pc#o_U%!G|isYRN(JkC55Bog1RpIbF zRfPaHxeo}i@9XFKM%onGlACIhCG`0q6G7;w-}2kDcv$G7YT>Kf13f%ygZ$;x4g~Wu z%b5I=18EgX>uSk`{g?;8>hnekP3(zcn*kck2e`S!PiWZL^T!vRi}`tM0_55r?_v$Y z{)?M*nkF7$&kM(O{KAbSb0HQq1oH_WIvtQRJ9enp4s~DHW%j|i9DZ@iyQH1|?UM0thw?p>;I=TRk6(%3ZdcUB{=+DP4@n9awqND~* zX*c9my{{zXgE^bornhxVF=i_E8UH%PeogFBh1CBJhB$YoM3fskCzgq=N`dB#XXfrvKW1pCq0s7wb|l|V zCgs4yJZU!CevjBxH)jH3z)tsJKg94@ffQFc$|GKqQ~2iui^Ag!LhR#wmuSG2g`Etj z7#0~4)8EB>-2XT{_+fwjvGp@q^Ujr6mYd}AN&wN+y?Mw}>nAwwJR(a-VaRg5zH>d-gAI8a{IQO`0$`sb*d*4B?u&fML8Cc5vzQeTdwvl{k<6l||~8Jy$;* z+x~JpY3B#eUeEztP4|{pv+qN2wfQn-!OOoUzc_^=#f#FLu9M-w@J-mj$}tTD!!Y#+ zVR+v{RH+7^GG7kOYksVs-((fJHM9lUdIRL&HJ5%T+8VK61hllF^94S~s+gE7N)qY{ zfqrEGBl3v$35Ik>rie16A>8>7!KkkQV!|zJF#7T^k*P%r#9H#>@p)@DzQry^&-Rm@ zsvTjf@EcJ?I=hs_H~m{@QAqd4ODq?Mvmek~CvN;H?3R+$8vS+=U&2|iAtR(EdhY&O z_3bS`L0)2PeA`wDoFUtXe;NL}cu?jFAh0>LG%R^@Z&dip_Br!(Z@n-lw97 zrRhNbM76$M58y@IE482X#J3*#Y9;gy8$Yzc+P~KaevD5QaFsn!2m?FTZu^QvEV8m+ z^9LM(p+UF4#lE-#Pwm%eo`dJ~3amb8fuI7 zV*N6&y!S_lRI;qOebmM*ECL$RUJ@rAcECsW%$5pN-UifisWm({Oa+RC-pjZ@_?!D8 zogTr7CTun)Smjtr2XT16w1@U89j^Hxssda+|EcEKk*4m>@3{~@N1qPgz^CF(?<31H zcRi&r1ZaJ+ZTG$)0D zn1ao!OD4;D<>eA00yPC+`Yble-=B(e$|Pwdz)5XpAGYt%Q@7P}Xe;R@Qe4I26#Su< zVPc6=(0OLkZ1pYPxocUN6u+lTsg-ftt}w|7%3Q>w0)@BZP%j2yCCkzITamsq(t z)%KTzymgpQl|4NoeD4V_Ub18F`G~uOcZ2Sg0da_u|H@WEewbu>_th%dl|A09ugeT3 z_TfIqTv|G$C#I+-`=K1&ccXBJkTPFikyi#f;hwsrpW6|j2x{{DkNOO9DR2+lO|CmM zTga#p?&+C3s8YfV+N>euo^$w9a4_OEw%^9}sH8PMCwwm!MP=Vc+_t@_NBk+Se)zFZ zJmb=y};5r`!GTcv8R%P-RY_dwt)mU6uTsIqPH9c=vSr zz1spmJcV?}Pvxi21k;g!(67FOsE185kn=0W(!VKl_~5*G;>4aJ0k4H$;@&&VWIR}(E=w;Jo*Am*B9kxjgh@}>Q$5!qnANKO#=lCqx3=i`y3P&xeomUb z*l=~fb=rL?>$4Quqx{jxLi;_@>W?$bUSvqW7H76O3zG$kw+3ct;U+)X0bPwnBd`Ju3HG+WU2w=>n8boQwW_ zKRCRJG7DUMgnJyx(qW&p-c`OO!?94!16l3!K%sqpsO#=C*qT+&&>fiqc{MEXuG*@` z_2I46AuA#9)`{&Wp1&w;++K{gaK*G2p2~`+wFK$Sgd zA3xphRGO)aw=OlyEmm6Gd#it6-K2k_2N=h{Nf-<9;&uGh{w>_c*d7Wy-yZU0ni{td z%%7MFPgFLz_o}q?doDt@Cj!1=AA8~c88sh7{~W&ctRk#Oqqgcjr8|v!N{ucV-9%xW zgckYKpA{Gu)H;_YkdauE))%wkio?Jq_g(1`4BIXINl>6=Vz#hv^Lj1)zJ!{*gsDpO zaxgjsg9xmFA-dOg&A7i-TZ=hbxhRMO&z7M!Oqb~?YwtY!TofG#htr$>SO0Rh?Wr8l zG6;Pg4ur4xLZIKFHHH8e`JYn>~v6WXt{n&SVi#)v^pKwA(j{kYPL>>9=4tTss63lnX zkfvv5+b{D(fYfbqmbL!U?}cW1RSzmGp2E#MPC)i*7|)Gat{kt3{M#P)!Ek2h2yG*r zq_Sfran3%YcF9NefwRVMipO3Eu9em=qR+C~eCdXIuX`eOcQ-qi$0P&F5eJSR=1;}F z0PQYwj@yJz{L91LlVW~ofy+T`#l5nlU)kaEPL9MJ9L4kV^=D4NxOo)J*dqxp`%?kN zsU!v}PG{~sxPUAJj0aEWalO7*^wiYDj+qt6Tc8qrVIQUICw3IElzuAA>?=-y@*VGl zoxU<4A4%fb294057q_3DP3woNeutc|WMdyqM*pRPd^lr4!7&@!lwR)-@tQ8*do3EI znwxhKySt+FdE;qxwx(JqD;fB!V`K@kBx?WbQx>)=*ZUVnP4CBpC4WPCkzE52D$8K$ zAO zI2U4V7-SVa*c8a;UJ5z82aFvBK*m_n{I6#2*qrHeoP@*oaRAO-aim#1RHIybNZ@RR zL>H9wdS0|H|KfvB8mG0N-oFsH1y@{f;~O{|SLK-Q7d@?B)p67so5{B?k`nlZ*9}`m zFkegJ(kOepHm(dA* z4=5<#%UD4xe(De~no7}@HXX#dstP(YZ|maseZbJ@m8abVNX2Rq<9 zBT>xlf#O9fDJXvPI=~*>GQwN_L9eqL_TKh+WnI-2qMI+Dt%4C2*yeAy=|H%@r(a}0 z{r2_HNwgI-;TtZ=m=^XS#x=n$;ZnLhQ5kctkf8*dxe?=`oWawY90$iqX&0=U8Q=sz`mQ|&LNC%623++k0Oev#B@ymyoV5P zKR(NoGCb_V3pfFr6kULhJ3dq<`%a#w+w19WH8Ts6_{)itb}}+a*TC7;t}lmfl)t^5 z*1-gV-S3<)_uOwDwO~`K5BmD+T?KlTc>JtNL9V-h)9vpd{`m;{n<}N&L*Uf=&zVv0epoe4j)xeP2WaG`l#M|6l7QO7n~WFEhn*A@ z1^E0G6QZZ5gTgB#YyPD6N)6LLJc~)D+@&^EL~FHGEU&Kt169Ov3T53Jk{HXA14#W- zyxRHUw=Pd-`9ed1$8nzky12sZmR5LbgyrMUI6TD>=1hB@F%7Z7QJj#FZqw;z44e|J z+i~ix?|4XwJ~S4KL=9cOZ1PITQQS;q@6XPUTw?!I3~@A}L*gpvn4FXxUC9HCfNk~| zDQ!H@qYisz=soMUfc_Z*CCSVSk~tQ_%l-Tzje{t~$J+eS@=9J_=W(yg%_hoa(iD|Q3koC z>+K-m;r)r0zS_N|LA9uh&N<5fQ7d^%RYn0*~>X7PEcaTV!X6a z;3Qo>`7a@#_r0J=xxo+3`!Gpu!)6*oBf0?p_Ary(ou$5i;HrA01-M(_=q?(_>&*DQ z*7_<)r>X{V$UyS2; z4#R2&#ZE1I-TLO>zJAmA*vP%DLO~1wPel6~0&jaJzO>E#U70)p+988~$piB5$hjNP z#SaP^5l7D5H>tm6K5fPDJtrmS>|#dzOOr0465^EqDV>7|JyvZo9HMH?o}0-KYI>;ul4@?Wwx zz*}vt=NZPx5*h^~1rvkvcxYjN8SrReJCLuRo@cVcm`dlwYeE_)ZQs9Lk&vJ7cbmGh&g>2?S8tz9>x3$1l_op3yf;l)>K)-{1bSZ;4*l_%E#C z+@e-`n>D;yt=-j{_ib?jhaq$y}`h+=L_H9QV;$d$M7XmND296)KslbDHpJ8<3kMoJ| zir?|spO+uPI3dCRw<8qS%hP`lw=Z(vdq!9&rS}_mnox2OJ35y`u_}or83kCB=DOcI zNp&I2pB5Rz>iML+BPj5l8+L;FV8-+hLtda8)Kn*D|2Eq9 z#DI(kXX0M-&p|x?&|*}c;f)<|tf9#F?&pT1^RVIfM+_tyLY=~~P_S9xX$Uvkqw`9d7S%kd>$ssD0!SciNcYrmZPhGKg*NvuT2^i3FzJHVSZ<7cG z*aL~AwZZt)H%(p=J1ozH^w0+h@TT>p6QR-FhBx+5IQEVVSG4!`R}mGM97us}1O@4_ zg~LUSE}wn#gy*q4kzPr;)2e}I4_osfzxvwvMH9z(@XM|Nr8a@mT;t+MxE_pywJyxC zL=urG0!Xj+KBzd)MN_a{UPvxy#LeKF{Z_&Qd`&#yT`X00D$2O)jp8Dg;KUl|4q7bp zzTYp5j1EPqQ2qF(iAsK5rF-;xxbpLptt^i5jqdg(r;Zee&(iubg}~)*yXlcu&gra{6xmeqrS{(ye#y*62C7 zk^6*mFGU^?I7fklAY5}I`D0dB0ah+=<(fJB3`TWUa_Z#P!}B=rnm#lCd1zgCEv{-8 zIPiRg@hke_;<|SjKHhfAOQCotG{=SV>+-Cxi;L7zSdc!bYcK*V=c zj}kq?rNTqH3O}t+qKwm|aC=J#{>4`bP|q9m&eEXVlnLI(*II28VWhTQU{R}G9qo>A zO08win-a=K4(^fYAK|G{Q6+3w9LF z@qPOMw4&Ol@_0e_hl9igFsX*^P|>w~--P)!AGjPNby~PkoJYkjO%D`@G%jR{?=j)1 zy&yE7Z|wFgO1DpmxUM!fN65x#9b>)Z=$^nqofK}1)SSmYYI1GHR4LR&pw0~H0cs)Z*q<|qW>ft{s^iB zV|O%_*g}QD5ohMoF_d?ggpfbFrJjW!%3-d|v@{2g4lWslom6_=L++S9v>X)ds7ACA z;M4c${Sm*Xru{wP8+Bn&{%6I{c07TUpR`Rct{K8RZog-%9SJYo)9n1b6enat9HVjh=oY5GiQF?2 zm+2Rk=coLEfvBps{^N|jSX+NysDaTKutK^+td)T>2H155jjl7sg7+`XOj+T)o&qZ$5a4Z7;c#mKL1#!-{u3J7rF__;d z_&U5c|MR@<_g8TpaydW`YN;83j+u{aNBAl}L%%Wu8;Bj~q_p6q(ZL^9n$LoOT2{cL zjPmF2D`ER<5sAIE)9wHzwDPdeX{mDBr+7HgI7*LK_kNf<`|uHbl1Aux>*;-0BmQ3F zR%B0@kGiughgL0rWuno&$~guB_wn}y?QB@RjZXgOTC#Gi^1;VH$)-z^DLiLsAy4qm zZ}L9Lf+8yZ$(xDFeMuX9`*aQWmS@OFgS|(1OT&Ns`8;upz;OMaC&Q-fBUB)j49+c& z7BALf&8oTiPB_->S0TI^RTai1F1PXyML30&BzeMyY=3 zPY=}3y1-S)+vn(i^{ zTMG!&dacnv39t)uTE%R%*{S*_5BeJ3*>l|z^qJ6d$Bg5p?X|%MBpy=u}$~Gv=cohCD9n`T8W>B`u6h#cd3;=Dr?4y9IGHGy&>shN;r5F(Q zI^)Cqw)+LM$Z|3CV{qet>&@9W0!lcZ6S=t7L{q+Aho+MB!x8I2fAo)Em8*p9f;rcV zpT(4a_^3r=HDR*}nL#jb|KuWSY+OPivV+jxC>3t+!F9Vbr!mH{Z&oHCBVQ~!0KsG@Bp>90mCscv@iGX& ziF+o>>Wu>tHcY6%Tf&zCh%6rDONy<$D5)2wIV6`bdvEU(sd^&=NQoJ%C1Xmrsyf2%iqQNNEmqaxwD`CH5X{ zFtF%KRc!Zrdd1N!vW~S)^TuZ3Dg`tpzZ3ZBf{1gYa9zjOuQIX<&ZV#LO^^+lV~$r? zWCmcB0x0fDCFXS!U;93dE~KCFPGD}@@cgmxXk?V@{T+`2W4u3(a|+kmR?w-ihbjQR zoblMsEZfg-C(0E^>*SmBWz^#Xj#GIUiZ}zDsEk~Qrxwo^8huHAm1DYT)nu!xBpPUN z4fud7&b6S~hnw79G0yiRO5(B@$X;jG=!3WSRJiC9sqR5MU6TxrRW#;$ympt_`~N#YTB+$rdkMOKQ$WM zPu#xUh;QTVvXAu{^_l`INvL&H?o#cKJ)K;;z+RHwm)VZ#i*mdcmcq)b`9^SSG86L| zUpC;(y~mPLc88e%FpnUgeWM~PWu$5xst(7sJOTlj@<)-j-F*~;CZ5WFi{)j5nybTu?miPBVXJ09tG*8g>oBgY5AwR?8oEw@KK z`S=GQfU2aLGHllFr9yPuCAo?2x9$1U7TI5h->V6BMBw>ug1;sdyJhz{3)q40H}3MC z2Z1(xe@rdGr}9Ol8L(Dz14eG1G$47u1hkGP>XGuhwwa)D-AApmZ9{iZ4LTZyx1z+a zH?#j+Un-);zpZbhbiF{y0!AxdwQSk#lXp*8qG~Qkxl4LrW*tSQ`-AoL;v?k)8|H6l zvEDi$4jRuLzReyQAVaqa4$JyqF$Kg5hvu(t2ogu|^;)V}sf&IP)2pskZqenMe&gUB zxz8=Q6+k7M!9X~JiOcD}^Wq!!jROGo0bTgfw(avFX3o*%X`gSUp|3E-N-RLGOeD@{ zjE+ejA@qTTd3_P^_ zu>O`b*PczWPu^G3{^~zwf&z&%t!u5Ges|69s8;%_aM(kZ{dp|K6DWHbA`m3uvTsZ~uoi|4#PJ$NXCh11E~ zJ?DBS9UkS0pJR;akl(A7{B{9g#oIFhw|9TDVWQ~{b@odSWoTZh=0&tK{|J$D+;DVZ zYHaA_XL(on3WuK|Fyz`UVopWCQVO#tzh*peRW1c*rpLm!{H`8hQdl!@CXp&oKz#C| zox>)))S(%)nMH*1p95|R*38Qv>GunueQRxwB)~jy=IWl4^x^NEZa8aXRO5>AA1yp+ z0(i?y#yJltcDRLQKTk54P90m_K-)w`NB(#rb<|Dth2kwS_2d23;~Nc4{~n#;E7c)- zyx#A*uYM)sJ4^e(ZOGrm^wZ4cEM+n0YnD-ix?T2(`P4Dh@|*O-VYG!k5b!^X@F|F* z4QHq0UyzJT-lU3rrc0x@@AKb1Ma^5oxDR4wg9E+acMd~cqU5KMAJ1auGpl}SIIY2Z z(@H-tH`q2O9}h!h8PCXDwZgSRG^-T$OLFKA{1~|y9yess9mac{(T;WUrti7BXrtP6 z0_b*l1#QBP{&Y*p=#UefYp-9TEqeP)T(M$;G#`wdDYCBM6yVpa4m$JXq(Jo(!icOTY&CBw_lXiC z5pLG$q+fF@&8&sX@9HX*iT#%ZD%{~GX#~iaP@NWVpupvIETEz{)^{#jysxw>L z?bw84{bX0#xj5`n`YeR&@WPt-y`agiu|I&PGWUbnj`$_T1qyXISzm=AN@VH7B?$z< z`JPrCkm$8an71L>haC9(DTL?vv}H$oD9kuFGts>1HHTYUxIyZJV||@E8i46?f2oCr zo;$-loRXdNYzs!MPJ+HFfn{PoCF_XCOMrALV@~SgIQ@N{j0n? zBe82TCPkGqL<4M;_zIwEymxt7Lc;jq)7Q=0V}^k2Ez$G5^c-9tt5-Dg#==}Rg|2Y5 zw@`MP^ZT`b+G<}GY)+=VOf?=MASB#nUT?NKYH{46J%_pMA!Tn_pZ%G_vHX#lB+Q^# zoFwUejQd_gp8E7=9%O0S&pD-{#!}!}GV!_MPM1E4YJTQ|7?0vubAnyZ zMR|V5U6vuJaHLA66YefUG6QwFuM;##YPyGX&)!dC=298&MUGFBJV=+*)pWuH_A4Lp z+O+%55YrT%TBQ$&ut8~I4xQ&>AK5(s$a#e@)!cZm)I=bURe1dz%l%HRa$x_Vsr6Ys zd7QQ5_7dhQE5E3;%#fSm86#(Ga3}pO=u|A+(hE%#tdZJ^*oemq54jcSyO>Y|)+) zp|KY)j0ax7%-@VHyL~Nc;=BPS(CzVV$|;I(uj9LF2q*DqfPpDRZyM$vJ}dpTwdaJ= zWcG}H>GqHVh;|oaDY%t(Zw}pL=7ZhicB$zsP@D%xG4M{WqPO zL@XfFAb&{rxK3kqx$SYm6aWWg1>+!55&jFakyer2KPu$y!5#`1`)#GP>{|h0PIdGa zxN+G;L;A3ybmRMj&XEYHx7)*Gkavnd`~CogfURle&slGHRFzI=qPo}`ltf~M0ps^R zE|wz6Qh((8{r>i^Kk>fUCC|_SvJnB-UTnqeJSri8>n#I?JE0RKh}wD;Sb!CZ=~=uE z*tluOy?~`qsXCcd{TRfMC76nV@9}j%FZ*NJ?+{%qapuu_cwM7?olRarM{OF&{YiTi zl^1>#$-@&iAW@wiYE?IT2P7rj*oxcpX+elrv_~w)o-{G8)4oyMe7Xbj7UNez9^V!0<(l&c;k)hd6n@;JhkGIZ2e}*W z86u@u+j11wb2_J4tXu4y<8FN#4#576oWqlXNm`L$E*)0OzrHNS#~#-2*YsfFBU0fB6RZ`Y7clGq5@wxy83qyb=;CAXH*_griV=}F710r2;NdWh@sUVY#XOQ?FP2Dr)h z3HJT2$yGWQoaVf5v%8}0Zs9y_aQmrI5m5lR9v)0oYW)ifOM(UYAtmq4UfGJHR5->l zr?eN~JmYXLiud(PbBKflsNjCj=`*xP`J?y8c`ZGf;>VvZ0f>p|9K;MG*t1xQT1`L9 zJ{9RfUHH5He$``)I>Uw%oJqJnJi>KC{9g%%!ySe2Y~GG-qCBhd5KY!L3Fc=3w3|}6 z=iGGUc1+lG-(T(P>78RTjFwTYZUyyuP;2~@#_Q@0`+9yPUX9%OCs?i120!@Qbmea{ zGMK!qTXbZLad+;Au(_14C~;3&D|Aezm-*I1iFDB->trU|^4(N$oycdqrN^Ih%xC~E z){-`^8$NEH-y;YzFR*$sP}I;Gk)6wrZSITe6gOIUqzBjplUOL;DfKLWe6;*R;GMT= ziT1>vDT$44!%o!7hxG&&t%!|_lwCYVJg4W^KCoNwvY;)|C$B@{1p5%i4-GO&=wQ`} zlqnO)J8l>9bi}wppzkTdNUyX)uPG?+x6x&`td1yU6h#eiF zAvtKyea26MO{gMCWw+-6F!bZ#mJ$aK3_!I79Szenc__D@f_W?E{QcH?GUc9r2h|CG zO}EfR1o)dbtj5+jsXg(mru`;tYL*9KeE8DgNqZZ=$5Of8d0#<2t>!CLTVM9Xt@7ot zcN{|K59KN&-~L+s*3xvnf*1+*PVNKr8>CZYF=EZw)MJ%V9l@`>7wf5c``Tt}!QFCu zF(_Z3x2}iCechl=L`L{E_OFk5tM72Ve*kuq>!@9#y}IM`R^Yf2ie>xQOA&P#`#;S@ znSKmwFJm1~=X6RW5$3@!^}2svk4>?`xRT=0C@pZ_2}CCuBKEb0V6pH#dio;u$E2J)2}7FVJs*$`5MaczP{_SRJHsWFJB<94(^D;+s+ zl2ku@wPz9=CRci~sXlIRXhr>q>RJhquZl?3vNRy;aXq4B)|mn} z8^>^5HkgM~AFnWO%2~6$7&?|@)83C3r^HAi?LdmY94(&6A6G;B(~e0RDY2n3Q1^q! z(*vAu4_7nqldgMao5uCG{5d{3im&$@3hvF%Dm7B$B6=$3<%46A2{LMc?6voPYKg-` z#C)sdx<+UInK1bSf9VNmYt zZrek?Q^fJ3@^*N*eUdXpS^Idf>D%PfjRDcxC$Uasok^}~{k%i?Y8=_vv+!sz!VCZA zg4%EVr_jP^YTfe%d;G}kX&d#ux#RbX4Yq5&#c_7}d+2$G_@Z#*vrD`$eRP`VwxiuI^3Q}7755tke1#hz!K(~Qf)pGWw=IeLB|}j!(v4Te0ii(& z6GiII@A)F)0SUP*I>~l~%GCRL-m~hGj-eyJ`8P!$Q9&tBhWpkkWt%Nkhtqz9z$0W=cn+NNJ-Ss-dn|OrB3C_npa!b5gLqMj8-_0hj|ZKjp*n5+)y(~N+zt>?EwXiZ zD^x-q_Y|uOyTIiAR0mL6f1{Li*8*+0%Cca25~}QeI_~@S9;Bxd{nPvI4#IXANOxaR z*6zUUO4@qdBvK6jErvO39_;y-rD*$X?1NiVCJ&I{fW|81{RaebTWr4GX1SFF_UlYF;*T%kQ> zzYx{z?T@!>XwKtp7w6};%|WYzNe-{JcbwWs@}$yENHWE>vQUviand-7sfbksH8nVq z6n8)VD#`CPm*Ph^izd>Zy`KO9S7r8BBu`-P9(aErfoB*N?rYJD4L-6+V7nrz`)ZWl zZDm6q2i4_t(cwk?yI`FQ%U2W+NOqs5cvf}-CVFM{L{~W);`#QjOlLEN2IMGM%58wr zuOf1=PstgrTMoGGr}u)!P{uW>y{AB$>SJ4i4<_HN=^T+&PO)YNV;@JX|7HwZOv;kp zcQ#l!4o(z}n|<7G+$^}K70!JY*h0X@6Z3)Hdw0}Jk?#-NbYn*ij5gg=sXj5I?|9qG z%B2_CDQFT#mrHPI`#6q2SpWk?KkhW$^7s3KH&$8j zA@J9og7w@(RfgvS_4FIs#e>9UIp!^z%kz4E;MtH^cuSO@2@rc_VH0$}zxEH}y^-(P z_A4C!xR*@AQ^Ce5tIP5lESwii-G9;zYw2nY!>@CHitt`%LjKkWhKi*}zrk!hP2!?_ z(4Ei`zFj`|z-N3S!BOxGP7B}JkIlOpMR%QhbP!m5Gowcl2IOZ9Rkm5!sQ-+t$(fGr zD{+1?<_$&u;hmbF5llTM_<*E(RCxV&y8$55U%UiOlf%$?&sC0icNkoKu}bZWZDS5iY()MxP~?kxdH>ubjQSXY-DH%&s?p&voKgrE9p zITOFc%(wi8YLH^4#IMj$F57?2iC0*iaVuIB_|e*c1=D`}dry~d-?YX=vhiEQz%o7_ zCc}@oB0X#;{;2+`fQCS(A7)Jq@A#=4chLgqSTp{T0BMPXY0stoN%gw5SOA&WmmpOO zbLGRmFB`22MO{CK(~_FER*=d2z3&hrg1nDHv%SWJHqf(v8H+Ryp%8GnF^GPx1w7Pa zBlZ!8<*;qRyC`k8vW~bEs>QOmc@o+J5ALlVtnx(PmTge;O+KST>eZaj50-TEYE*yW zhlV*K3{}O?=?}UqY<71sB_Fx!7o2;AZ~!3YdU%W#-R>XiqYJJ7JCy673t#^IAcg_h z7jO=UJVSpIf*mu!nci>cv#&FJwGI8d4_%(Q#nqLr&zjCj z%p<7-6KjC^d5ym&)={C8Yb22KUp-c4qvb6GmH6coY*?RVHwD@EzKKu{Gu$~qTRI)N z+a>PR3;N>Q%R)Fxu8JpaWM`@#&*kuVNDsX{KM@d0a8Ly;5y%Ji5Z9T$srP!Ievb1Q zW~>xro;QtjeC$JdX=KZ7zthNn8tYmfUsfM##hWWP#J|#UhDaJO^JyJ~_MUT@D@3XsiCz=qb`{?Ml;fv(A#|LP z{;Z+%JBh6PqvNBRmfd^iyVrgo5Y?s*Wk`HQKDdsNp1JpRT9=^o5a#raH}WZqVi4>8 zdO)?uE%Zi{J>kH5$os zK}#(YyRZGtKW{gqNZ63JYTR{LTyaj9#>+o7wt2?GyfKThFnYO_uBI0cT3^ z1H#-#{oBsv{YpgiAE-_O@c~%kJxqfCXiA~0ay?Di=~jFc1KEW_Z&>VEC7$Z`Q@eBy z3kfM0)u+e(uD%RaXrG)wl{cE8lY#vvetR`nYieHT?aaHwa2cZbt-o45oW@HjZd(9& zHet-5xv;;fb>i@z73>PHIeNd)dR*SA{?cpw;Z9tw8=Vp-@CYd0h zyOKtl&@6&q5>9}|D@^qO{AGyq{i*pzOi%6SwdQKG=cC1d!`S_>zYa6R?X%B#98B3EmVN3*8yR}yjk?aQ-Qad^#C zVOP=HV;=IfB1MbSd3{8j%=tuq>%)YQOVG;1%vk!g@VQb1^Ifj7p;H;8>n1=q&b#zC z&|Up7#h=kBv#v%A_;16vPm{!b`UwM zvi1ilwI~;ZftGYqzrggP@)m}vsv#>s2e`S0M=~UpoQW>>A=Qwn?(imnJtNrA?Cl%w zcQrUz4=mFv<5)K!;+0ul!XoDv2o>_mG}5-sRj7yn7`Z2hB|P80MyK#JW^1WN;ue0& zYOug1!7gR3{d|Bl4WHK(upt2qYc$Z^GX{e3_u=lP3`lYjFC^BUu2U^o7T=~f!cESD z=N5LWGS?gC#?h!b?X!J4B;TiT4F|7{kB3!-P*R7~;k0cNNgl2A%EOY6>)mKz_thQY zz;FJU-BCgZ)J%mpmI<{_V;;^hQG~#cHJ4e>LUKVU!&0|pfeBDmg6n0s&{7^~7tqd9 zMA)!pmUy`Ru*KP*gyDE@hu}c5l?vTrz`6A(G&k)#h3Q#9YprKiqLQ9((g9AxpQE`? zmxo?N#f1vMMcNk){I{_)yM`=yy_`w}bHQlUs&mtEM*j8)-{Sf}CP6dbA1GF9#ztRC z?#!)X#VK88vpcCZ(?K=;Sh;G;sgg5u?qHcQD9 z`9zz&_v`kC;1mN$0zGB<33;KQVCh}yHqnEN!RPnTu6&n`@$@N_f{tq&f^oHtElyr1=nk`QGd z#RDkr3b0B~sev5l$ z!;c}<4Y8*l}>`6+j8Y&{|Nn}pI(C-ryUXIo{z$&WRp-XD6r!dnv^ICuUP2#?g3 zFQ9m~LZU_dU(V`^^wAv$#jl->BRq+qSec>VSlrTrwr+pw7@7~$hAcM@6zP#^+r}H}7=yNvgu=)9|LKpf4yKploe>BsKr{jZ< z_TSjxmyW-NhkifCtTuV=HS26^ybARUT{I^(s1xelQ&e0==`O;IFiX1UPvn~~poPsY zeR#TL9KmRaQIH~1zs>B*g>Qzua}|Eq+Uz#RuLa~J@r!S}UHK|m@MT6A_T6~kmSH9* z4@A^$9B=CT2Y&?b24r6Gc82@0GCE?Zv_0| zRu&y_YfasuXB?@;pE%pC!e8b`{qztD6fn?T3{c$}rsx-EOUu_H?{PRh5Qi_o(L!T@ zE>-Od&@!aYlk(uJvRrTDE14(&hw##k`=;E<%Pb87p)4j3FY8Cp&ILb;xwgMzUq`x@ z6njNl&Yog?hS2p)`qX6da|lw{lWsdrUA+%ED)c%l5N05J7g4m^*#ld(Bsq}@zd8G{ z7LOXc?dLw3Blm5NXb~kcv1f>V73#{m%j@>C$HWk<^}FT8Hid_dG8kYY5{~#eAzL^i zCSo<*Z{b;bj`oxor~J|JgsL6!97#X-K5t|Qud@$`QMzx?2yFUL#r z%Y_knsWukcJ0ck&8%SbLmnN6aUnFJ}je?_O0X63-T*~MUnckv^c4(0uIWq-3&B=)mgQ|DmKDlks<6gHX9AFfhyJiUK-}WtL0arubaS1CwO?^u#Y7z zlk|}McE=TI-B37Yf5Iisy_68-dAr!}Q+okcpRgU!-m(P>g>^Mw*9-%0XX3_EcMcmJ7t1ky~w%ZNPM8c;Kl;(+U zXscn7OankliAwHd@+rOI-YzFJsDE8w zg<(Am{tN@G>HWR^?vdHAYQW~{?VC2hM~&7}&{Pk$(fw5T{r09Aw=nf<=o8u_j!$o% z4zJeMz%u*+IB$QGYP8_fQ|V`md^JaTZcG}ASEC<$>Bbx-wCZa)p#fMaA8)^VKZI@b z2C!9Bo5!sbE^k!q*(nkTIW4FBjgAxMdQ#jsb*(j`Lan%njE@GpsiEH=jUDqeQR99) zPTc$2AF#&5?GE1?;;2rRVxP+5j3zx^`JBA-Mn1&1R`YP?XkR8ASq0C8+}}AIYxbKy z8!#Y&IC#|_^%niI`xqSkBmma*rHg~)q+2Tk3IyQ#=c8i*581L6qL)*&6u z(>KXJ-(bHx8Vz=$-cpum5)6AT@baFD{3&S;Y+O(gtj^$?wUGuSslI8jcC)WRnj+UN zJftt@#F^2V*|z@CDZ#Xzdsf>a%u=u2)%jROfA}G9lL#aAZ_yra``0_gzv%~9bjPxN`TOXh-JA|*F@Xs9&` zEo%^`c0l#hPPVKbVft}h8&#vsz)bBqS5=ubvc#TSMXHLN4U}!wArBudOjU4LLBneL zJVI%RP*W-{D-P>j$6Uj%%FfcL#@pTk9+5y%fBFjQ>nG*R{? z{iTu&61}I-i(d;h@CD$TUGJbf^%a8e8dwp5bA941AG1<>{k|+|iJW1o>K@d|1gF+} z(0`#{QDNNZFu!jZ-D$XFm3ZWidmQ)TWIoO zB(~f4CfePZ_TT$0OU=hzDHQ*kX=u%dS8+(zu2TFgBOb#!{v$v8dQ4xrWfM@GIJ->* zwBZ&Qs&kNIXiPL5C44%1@ycoSJ>g-Our*FEo}FQ%X$1-(nfr*T6;dv;6w2OM^4aAw z%;$;mkEDf&436Ua$%y?u9pSoZbO&IfIo56B7j)oM$*2$d)? z`%MsfMO3#tfq8~J^qn%<*QzbUIIE;ySY^_tt+D1B$k(H1dNX3VhU#B}i%CL@lKEtr zgPb++5|A@vU#LOIs<`KHwd!#Q_Q&?StqRlc5zFsz4(G=K!L5|jEyX-aC zOkOPCl+(haurfj#C60-0#N?DP6)j#}@SNlWFK8A!!C@3ONYClw9aLn0vb4=kcKBuQ z7EdgG(|mDsDU43qviVqGCF2?#BPP>DOMOu;tNpbT1)KRSAFyKpJS8}&O7*7xT$ z2NcVC)ri;biDx%jY)|u?-Vd?9H$J-yI29ax*cnhr&CylC~%D zRz+T{Y*lKda7^!#ck%|Nqte%F4?n#5L%%opRd>60dh<@`kzllZ|Fy0^jA&Q*YLU>^ zD`*!V<+wfqYyup#;joXzq5?+!6!|F;6X9q;wZ+(|@0e>v{Ol)5YQw5yvXx+~00`Hm za|L0)I4ICma3PkGYrvKbl8(K8ydA7d1C34)gqeQNO{2d)en?}@W-LMFM^*ci`<@Ns zL*Fiz9Wrk7mY8!6x3Sl!lxZljNUm*NcG{lfh%GK*nQYcxH@I!P@|>Ky(39a!X@N(v zkSFD-?wgk1m8_mHc~E9!q0(Pvyn+vsmfcsg9(G|Lel9v=MPx)S=tYL()9nl6%~YK< z+q-C%G|`S~$ADVA_xXu1o9{V#ggRo|lkQx(?OId6Z$-bXXQ=2Xa?Ak`s{HG8$a=^a ziknC$=X!X*6j(Rgm@9zfd5PPFRu2NK74(jdHjdo6b<*HpZ^Ic9sEAW{fsvHC&M$fW ztmVZ^Hmrd;Um}7blAt!9&ZkvJ)vNb)FPEDHLFh+gKA`yBllI>IxT*cl4~RCH`)T#& zkiLH}i?7Pfdv2L`{q7I$L!-G4s%gyC>IIs}do66oLd8sHDw*g5-3S5FM( z+r2dGx7qf89mHRl%)Cv^B5<%c%9xc^4F(8i*=Z7<=cF;=BU)Kg;NdhN3Vlg5|5)i0 z4AKJ30^zeWIRx)EEpUIKad=^Z4Nk{XNF~44Aa%N?ueBV1&c9p~3q0tO#;XlAG>~X% z%Kab#7m)y5+lk7fdBpI%OclqIF6W-2`TcB2_5&L&2H>k(Zdqi-kLW2ES^a}qQdNNp zhV7|Hu2WjVQ%|y(QU+JD`vHeIt^rO%W83Cu6-0iV?& zbkIdn5GNOYE_Q(j+FhV&Z<4}~*L0uXrTe#Fs|qT{gCZZscWZk!_?{5j%5QP8Z|cJG zUYu{6*G=#1WJZ5?5ajs>&NL67XKKlNeUJAz*^v~~x>m{WDR?A>uVgXbzp=U}*9{|3 zHG&?=Z!}sDDSM6=(NFRK;epjoO5n=;9f4>iK(zuM7v{g!f0|vdZ|Tq~%ywFZ*2k zEHHjzoM+8fX)HiHJBIr-P|=h711*4U+@YH;gwN367OdhERw3TZh$)xwma57drsE&0 zQs(+|gd;IN`tODHOA3&AO~n8*{Vw;+Lf3;qIyL(eKpiFj3oe65Ux)8>i6Ux`CZOVi zJ9_nH3BE<%?a(Cgm`n9^>vnilR2@6jr_P$*O6wAEu0ciFk=|dH*1rk z)2fBKYlQf+yqo5iWvd~q&kMWUPqL`FnR9Mg5uJ8lbTH?KkszB-t@2OeX|A_5!l(Le z06-7&INyy~Pq?5=H?6pDR?8=zLb2#Gz}u(tqrB`-(s9a7+AUupgr9O2868-du3wCC zfHmff4<;PGN9%;p@P2ak{s-x&O+f7-8Otn8lXD3vb-L0&qN{oWUrzFW^>6TtnEJ`b zAR0jBdO#njBt*%Hx~UU;zM_Ym{(gy~<<%#=-mxi%FHT$7w_@+ZEGy_j~BY>&>eoYl)?y_9( z1jh9KHiubxxo%A|!GzzCLXa3OO41EPW{lpbI)-?5P zQLv9NMf>K=?_KZ^N8**Rh;(0dz`p$&SqQUJ%M>irO;Tn)Zdd4GY4ZCDegL_4fO!{~ zRE`*G>J1AdZ^Dc^y7kV7W^R0mUCOJ4*Iv5$s5uoUz-EcZVOSV#?+k74+$d7li#ONL zbn?S|Y}7{?3ouM~U|5U0sqqv4NY?F@x6>rH0$-kQ?*itzoVKslM5`Vyb%}~Cz>V>} zu3+Oz5JFWTGvA(1pUA;1rWSj;ikHX8`VxP=VZZ%WFfbay#DUNJ1s)llpYwBE3oy4* z<-P@6ziMy#2G29&aERo#+fx%T@__~j?q=$mAHwHr+^2V56`xFrN=k9q#P3J?Fx`oy zIXnJp9cZBD{+e$pQ9<=Sk?nq+jCZimz^qVo6geP63y!B8;5sNQJIh02F>)jwdd9O! z?jsc5#{0jZCODdhAj&}txu?dGiO_M6u^VoF4gaeAivVtN$qR$W8;|r)%bU_M4a3(m{p{V*)%2{c?Q06}`Wd32cUEZ#i_d``a z=r1-_q&l^YS-!0yz4e+=dS1I9 z6H}{dNZ)-WC!2zHtSmwY@FOYuKHK*+b|L_k@+X(mzXlQ^?WM+RbK?Q{9PrXkSGT9P z%OpyMm@&;+WX{gXzQ;zhh1I;@A%#aU!6=#SG=_ebCi0`# z`=Gx~4n_7T|U$E)A=mj?wlE4_d7aGB+g+X*7? zZ6^Pe%eTs~$9G9J&UknPTS4#V1-xT6fz;9uIb*wBR@0hcDgE<%Il@+^X@^cj33?AQ zhjQRocknc?i!_glvJV+w%Z7R$Q}*JOS=&-L~}m;PwcOc)*(_y}%mo%Y>wx zSy_O-NxQ$XB}<9M>6DD=NkfBR0mxy<7}(QFlKvGU$h;pW(+i<_IOu0xPWz>-jGM=B zNK^?i& zt5w%6eRS@p$8A-g?J5S@Ltw`ZCMJapu~1_MmIp*%#fQHNt!b`s5+(W8_i>+==shij z^qsBQS5~6h$9bk5dAO2-_{v%RcAX8K$oJ+;#1xx?20HQmD^nOdU;;C7Hk-_blxTLo z`*DNbyjA^oINr$aE4>fS7cqIvB&#V5?&Ux+moGw>6JT^VvyA3Sc%`$Lvs8lpjY`FP zI%m64=y}Of22kC4{mk-vjiyifCd+xho+S4esbKLH(e)4_IliFCY?|EDf)wV{_aagD zM-)Ts7%|3+^CcXgZ`oL5y7SPfV7@M_e6U^G-kj>v=zC}`?YCxY4OG2_?r}68zlrUy zVEx}-VNu5ysr;-~x}O?z(8QBIJNinUVJxbhfdva!AB~WqLONId-CJ~owxvZZk>^z1 zqC-~7)aLB-3DwP!6%anr7d^V)_viWO;pPlrN$Q(4G$!q16zqn%?h}b1HF{)h1VgT_!>2~n-RZzmtH}>U$MjtdUcNYB{&I`&pB4jfzI`QoAaXF{W zT4vNQlhfAEML5j;PO|k}TRA6dpCg@wFNR^wPH`ihR5Q^Dt$xZ0sUF|i573dCy~O%! zePe!7$1_LzBcf(Hd;~`dp*xBBUgG!WC~3Yd636dJ<_|dZ7b=^>7tAa_aS?g?-!ks= zQBNT$>wKK}hi!@E28Q(LsNe71n$z#d-M+)6zz(I%US}+3Fp{?RzsCF9zo1L2j?kne z!WqdzIg7bVXpexM8~wN$#CPPxf~)RaaXFA^vtWQ9KIG+hJzcKo*T}nU!Tba##buvo z+1uho&Dh$XNOOK*vxoN9$GUH`=iWu;!Bvqj%_1i}N99xW(Mj-~&)$=JtooCfd7^ps z*g~P7ejj)BcfSSY)rEox29n1NQ?qoRC(lApVoby<|7ThcOBKU6vgwjMj{J;-?Ct1> zqZK}(>C>3@?*a+W4+3ZVxk`ky2TM^emNjqo`o0X7P13AyZTj9}wu~P(1Tisa&49<4 zn5D3O@eDt_tK>RbpTR#R-)RpRyT{P&fnF&WcI?!P(e8JMNnT;Ps7gAtZFdJu9O2yP zL|2%1m_H4?XFwIp>$_Ll7c=%@T_J%3>jLjdF~wq^aJ%=@V;^7ls*(%hxS)=I)Nq=f zUwVs=X9>Mc+U%heIVjW~iB&le!N$sZwFg6`WiD6hm1x&pNTt?N03;8}cyK#*+eyp>2K%)lcLTVFn95?n-puWWLiyZ(H}pe!gz7(MjU-k0lS4=~!a;s1>+H z6RP{V4wablOLO~vM0B8D0_@N#{~0uLnxh0EWg18USdyeLhe;@|F>Gx;Co`6-Z-tU`6m zz4;I>BIywG$<~Zu*&iIpKwk7cDen5pB!}=)i103DT3u@3>2b+`n5jv@AdpDI^|e^b z(T>-jtQ>(@lounkX#MPFm}TlW^V?+K z?kmgw1lHNI-i_|L%BLaEG<{cEgh}eOzf=gP?(^_I(dUKD?ex>2M|>Vbm%7`8rokBl z{#~+>eE2bfiu1hh+vOuR?)gKEc~3o`2)H@Eg9O(|r4q zxvibwk5~q6IBytlpT+8=XI|7LIaZezs~2d;;wZovD!VEY(-Nj}xzo+ON&?aY59Uf9 zPhj~KJyA!k`g36%xi6n<#XIeRLr;1}Q7BuwYT7)gTx*mxs=H}8jdd~=5|FBEH#IAm zZyhlZ)ahUwa3%P_u*ulFOw$`(~v`K>yE`;SXx9&2H4F`f<^!{Yj@&0oR z?R`puqg}vt>rQ-6=JVp)ZE)||?(>AC4JsLhk8^$`)An~jv38a+<6c+`?@gvDGUWyj zV=Q21*G(nU3J2c3^B?amm?j!x>V!EO`@^2ekRoutY9E**v98pIWx?KY)@@+^$k$}# zimLSGDa0nn1eT!b$AH73({Dz~59l^p?4Rmm`5Ol=$_utw#xD7+;s|t{J?3{maEWyQ z^wQbm3*1LY5SM^tBV7e#1(3W4ntDz;9}Fb%VB9UBt6}~Ic$j`x(J4J2eFksc%})0{ z%f4N;j-8Oi>1T2u4EZI$=;jx63gkCdtrNR(31c0qY@V$m$xb?PjF;1g|CF~Fg~8Ra z#TFow;nBfYhB;lvHaU*f+esut(&NVqJo;xMtzi}7-2~gqOPaf*1>`}!X)keZw?JJ? zQM=d2$3DkBd{_!%LN&?F^-pyIL@R!;xXhUD)Feei{vEU=w0NA3RLZ~=I+v_(z~YCm zEikFJS*Y9$1Il^U)t*ws?&TiC&zQaP^J$BzZce5%g7u0<0qu1?6ysH+n^=-mnjA${ zA#BCFZA%j2kSOa!)oCE|Uja958XVS|xHiS-7F|pGs)*!E(9;0H$7?a&^ZRo`r=uX0 zLvl5V>$kD`z&$=+uRK}cqYbYWhnIP$_;l=Rg}rG$0IoY?>!>cwr?er_U2josB0HSA z?P|*(h=j$_zDxEXvp5gMPw&t8a&Xt0-h8`>rmW#i?bU`uXw+$D#KV!m_^smoYW!_4 z#f9wAz0!aEwc3{=^m;zhtFRQER%{X$;u6ta6)?F-<9U^vOj||9BxSL<$@}N`kOC;`HRRb zXfsy$+6p4B`kp+ifDMw?!O4c!wdI}p?3R$j0M{qTVZ}rK#6nY z6fx*!P$&;f`|#+~Q`oBqttbeK|gB$?yz+}RZp z%(EZH#)KYhrXROQq0W_InX*;_CRZZk-9jBiw~WM92F>0Tt0&TG^c}|1Sn6_vHh0)c zkJfcg{Hew8U1nG#2APB|h@w9!eIH`-vG=v3(5P52<8!U-cPGfMw|F9*vGIBf4AVok z9FjDF{c@*&6t->Ffb+HWk^$$?#9DoMIn0HNMDiQH@oY=&V!6Zx!ev3bEC<)V+JyqZ zGi>H40bc0~mPxh#{(fXtlK!_E_-k#WYl1%&_~mOUe+&Qf%_P$)4!uX&w0vzg$C#I7 zGe;E0GUZ6U524(){9P|6y%uo1#Y29osoSr}jrPiHcP?rF_!{<@>SUu&@!hd|Tgu}& z{l0B71-alc@fApz8)K+`4G0vS&H)dH+q~xl}aHO}dTD?tBKr)*34)I&tvk zhW^MOK4nD0T`?594^wcI?2PaimWlF|luGmm67LgIqnAmLM8m-T2JRW$6D7ZpC!OxTbSh0&aRm@`R# zWx+YAC`HNpo^8AVyCcr~5YN%IbvqxQVSvQ$-B%1PRD!n{=v5@7O)gK*pnH@z>(P&~ z2S@F<<@#={C`c1G$n(VErf?50c1t)CB&M!o{7dGsXI&jR9@Ymt*5`{eX|Gvu4eaGj zBmq}Z2mfw(V_L@#CWEh{a(&Lr+rR440p)P@LkReo5~@tvA-`(u?eHkQWGZ*4uE^2LV~e%GLod2x z2k#4H#IkYq{U7^rBpVX5i)J#bOdwXA7V;Y%)%K&}xm0hLtmfLP7^?RWNI$HiX(~u7Bc4Wyear6?T0hKzPL3r@JICwErH}i5bS<8?HO$F* z)q43C2^26q!oFBKt4yn;Sp*5wr9bl4ce4@u^Nh3#ZQmF(DaDhF*9Fa(T+mCw31kS7 z(RuruT*M!|UYpg_v-i{NxrX-J?Vv8Hi=;!{kJNk<5 z3=6LS#!ZF2O|Nc`@>FD0?V=#BVIAFQOXX3n{?s=Wd|*hQ8cq}GXrH~MP1^&T2;{hy zy$sU1%|o>G;U^Yj50Be3Yq8=8kq|tu?z$z*HEzp&;Z%7hrjl`G(^B`5=sW9W{5g8W zjcL|TT%{a(kK99Z2QJPS85DQ%E`SWdtCI|qArLuV9-FbqJ$&w3^^ z=$7E_TCi0#C0~Oxph%W?B2nM9aDyXj4Z6M?xtu;ZnOKG)6!;rfhv%~*D>_Q*E~ahm zc6^`nYefTPd4GtUL~P@QK4A(uRya$IX$Evn=hVe<4%Shc2?tP-Sk~B0pT_qKaLSld zF8Pu@&ap#wa(U1Zr>foCspD7-Q+T=HX1GK%XY=JsY>IVEy?uh8FDG;#odsa~Qh%$~ z=iVT5+=iev$$N5gFS?f@kJ3>3=U8A;R?j1=Uh`b6_fd}A4*qnlk~nc$h~h;3-ohVu zy>cUa^A*^jX$uq09v|HK~+Pi-B3a>aO-FMf#pNPW8P^%IS^2B68Ad#NS2$PRxE zqv|ngZp-Vnj1I-~?0{A#t1x(F<1acOl+A<>UJQ5<`%y{G?3vQ~XgqPpELoObadd|1 zhSXpE%b75B;hj<29!GJ4xa>EF7 z03YSVu(raOs+F{R3K0>0YK$?*KZr z$j63jZ5KsJ-Y}#f@l$I<&E`mUX|b2}-MnVsdUcew_;!!>W_oq)9WV0f)!}pp)ZN$3 zZG_QV33~iqe~{{Bo}2q#y+2hQ78gxDD)48! z+<%^Tq0L(i(EhRJuA}tWr$&#nXr}(sy=xT$p##EcsX?rz5UJdoi>vL681V!k8W1-J z2VM7BTYxVA_?5xirTRDvAo?61OhCM};1mV*;9VoY zUVNJV&ajN>pUw5s_4?CMV;Famw{jgLOzcwG$zWiV<`X+v&u4Bw_#mtG-GApcw?w7U z>=`Q1h1`;x_4`TnUCTk=&XNc}hGVaXd)hP>>8~$Gpif3UP4=Jqg$`Dvq=nzzPxc z`<#RV*g|l{_}f%nZGot%;`G|%OdPL!KPb+SC)f}E#OH6^&sx1gGK?QX`*iaGlA9uA z1S6pEqrB8bYDg;mvT^>pcCYm%)8Ao6qs@q4Fhp%t@2|`F`{3}>_3=Gl8%9w$n2rBq z@2$e4%C@1t#hBFh0ilBsS z@B&Vc(~AgH3;+U;IjA11lc817{9sBr1RUrd=f*=umR6`VD!m>aP$q#lN#t1#9y&x9 z#B2@^56M8T7-1=aFTzPem7qyf5S5FP)np97u-M21h_HgSB65k@8XcO;WGAQ^ zv7avIGa)@fWK+yh6GZQLLXAgb#d6g25Iv;8!0oAZZW?shiZo=qARxq`{;(6^LO61O z%qQuAPnQxR1F#Pp`i6YL5X+{L2#8(_6?v;0ztRhp))wlVUC;= z4PjCIe3p}-6Bt88pc4@Zd3LPd330*@2Lft7j#sVMtDSZ~8b=N>SXewkXOB`*jYHOp zz(!)Z1qz>NR5J+!U{1yB^EPFMnAjX8nP19*?v%CeaZI8>U#I1?%8R*GD}7z&{g z7G5f5a)~4o4bRXqloES17BX3b+_)A;P3Ym0)LJt$>{Ga60DA2~EIN`(1i)#KCG$}| z2p)>B18zh~idk9EC!UC#A*W#Cp#Fdr2Q~v#kOa*^FNWn&0)?Uv9~AO1CV?ImP^H!D zQIkBn0NLOop!zEm1qyQj%k@Wvt`HQiFb#SFO(u!@1!0CMfvPnMKv9r=;Cym?ey>mk zRis=lOUShld3v=hZi22MOazdFqikB#tmp9*aVLhT^!tf2zQ%y@+nGw#B7@crNnEbB zLIlwnS3w_!J*=L@ZVAC_Yz%fft_ zSVK2>n077{7x4u`mISX>;KNqGh3G?X!6Z%q&9I*wu>%Z@CSm2OpmEf1R5L^logI}^ z9YEsxgR~eRVZcJN*nr!>(bKg|ieBzg!s{3+nMtJ(RTc#UcouM2GE`&WC2Vpzu~siHV>*SP9q+EGLJj^LQ|1f+0a+ z^ElclO{(Uqhz5zt8xVoH#sb8mxQ|Umm?F0a4=MmrDuhaj5U25CA#fRjjzBh8Hz>j; z%V2j$d~u!@cp~up1T>(KF~IPP9tdKS&xhy(0lG0PkK>^z&PIyJc^Y6*j=-xD2()Wq zJ34^Y%OP=TG(h()4oE%jsLvBtndl4*2NsYOCu2ksa)77invFuLPKI+NfDIb2Pzw+{ zLeXi>I-Mep1L`KMh-8CW2}=U%{Ba??LFm%Qh$b>#AGPplK&ThfkYO!Z(61DPR(3Lt zrHjC66K9E8;HsEyga9T5^Nle z9_VdwU=&b!5g8u?z56z-SA^w;z`f+#Gy%0a*L8f4WYra`F7O$h)snUIaO1EZRsz_c0gKo;(|x=>s$HUlH#V$5zs zTnLT06|D$zmM;{B+E|*D&GG1HGzjH$#X%cX5>diXxQ>b7NJ_g2MzB-e9x^+wU}++h zxEK$u(k=ss;n$n=R&p2%3^u`lN|ErI9mJ?qnQ#&$e2h;|#%YNbyjso)$B87Mi?_xD z8q~XW0jvN?D*~BkDJ>eMHYgPf%m6>lrC|h7zQib2vz2lJ)61Y)&{Q1Bp$*_wplew) zy+_0lqHY2m{bh`b>2X%b&y6v$BnX|FSWF`+1~1qW7zJHO3yLesB-J(_WQAE2om5N0 z5*SW&2lD}f&xV672}Tmjt|JooXuQ+QMuUf9L`%Y1MG3Dr!s0Lu1Zy;+3INd+FI3K=%aQtQ1It(d8^L=$SjuSBUAfa6R#!VHy9ZblU=Th;S&b84IDxjG__dk7dModrc2=&PD=93j~NeBB{*a)^kNrU<*E(C!ls zg&=5*VK|*MNMX1_fp{Q*^J^tAF9<&#mj?Wtn2(DVmLW_iJO!pG4oA&pglSlngB>Gc zjU)<32V`9;h78JN6*RE9O=g9Gi4uJyKGgKl5-3iVHimIwAXx}WdTta#embECTC&A# zKyD%$nM|}!7y=b8C&zD9qK67u&!BpF`cNc9j3@9xy;ZJ;+h(yy@C%W;!<--j1_R5+ zqCrAN7<2Kp(7S06a?~=l8cLcxKb zi+cao3Y!}rk_4I1v?vfd$q1Fq2hvt({{vVrb1*IegAda9KA~Oc@>w)YzgHV3H~`o# z90sOiLBtJ54MG;+Y$m8bpa)z;6-4mOJTDvF_RzB(r$s_!)R_fVY$d=VlhpuiM5M>< zz)S@}S79O|BS9q<4{NPcKL(*)owVVDd; zor!Lt!oX3P!l?&tnvh+93o($e&S?u%u-<5Z!I4H;E|_qHmhgK3GbXOJI>IUiMW7@q zc`=0uOGeFu5KrPF%B&(6l*2{2IHyt-CzAt`u#m0y0jwqyi4n{~)a%5Fn0RzQkfB!G z!a}GxIy)>e0m`p{C>N30OtZshLom9Cj*dx0NnWSJtVN@%9HI%UR6wyGCalEzRc<4M zQOIGMNaeAJU_y0bq1EFeg^i>@5HyTg5?1M>Le$L?8pwEzn&@)j6L#Rx1QKDZl5L5Z zrB0<3lT>dBtNdE%i{&a2K8Qj zSa!WjBLf(0m`;{P90Rim@c*d+4q{-)3_fVOkEsGUlY^v9Xp}gOLj==}0I(B+cQF`D zyd`GP3xO6Eo1ohwfUy;(lYqs@LzF>JS483=Ss@X~C9ru>9JJjSFfqPVg$XB^CMgCw zA`w412JpzR^@40dl<0=^ACPWCdmMu(_7Q{%^osp#9@fT*0Z6MhBu4!-C@;|X4L)aB zt1wW|CQ)BN6KC7F&>3T9GaU(4Ou|)}5QJujgm1v11Nufe5Z1U&VvgGt4w?b*4OIpv zNYzsS(@x9Q>SYPDO=gz>dbkMDC%g=uffEKm5)alUvyee`!P_|^1YuI}P?GLQ0Cu}e zqk~!@yF$!>bPvG8vMmgvMX!)V=vG=RAd-m)(kS93uwpcVQEwzcJ{uDMOnpE`R6@J7 zHsEB0p~r>Hm&tX|F+wC@@M^7HW!9Rp7%q^#xB$~hqUQ^-Q782OaD`!-7u6yTwj8jl zkT@TzhERu3NI@i!i zlFEV}3Fua2^o36CS zd~8 z6QQEF&&xzL0fi3uJ7Jea7ZTIRh?OV_5_v#y=9S>dP6KeguW0Ldze>p5bkoQMaOyAVG}2?`a6)vuPvFdR|LOH%UiIxfzq=1J{J3C#fE-3S-e zTmmT%FhvbgzMG@w!&D!TTos!680znMN z$r6x>Y>|t{^l&{K1CvHIYjhgEm@YTRRcf)@BxkrG4+!n)WS&D~aGO+oV2kwQVS^wP zAr64!qXr2N7?SyDm;fj=!YVlsXi(9C#dM9$1RjzR=t_a`(jd`dGNl0T=Y$Cof=f>mK~o${z)}He z9+^s1U_3!!b=FhaUNR07!b6KdR2SjK%-&d(u8L`_5ZaUjT#PahkQpF?qmT+nerzD> z@o0z`H6$GgklS|1Dj;~H0lo<*5Ly(_5#m&XMS?Jh1ff$eVUsDYgcJqHK`3EM91!WT zF{a0)r8{&!jGPFslHHsDIR@D;8&~S3$$>M#O*Z+&WG0=#vqEhNN9mypv38Rml9N1> z8;V&R`k)#pDPib4W}!5h^T#QoobKMNNK@LWR0==xK>HVFd!< z$FAhCAsf&tUK3SK1+9d2<7|k8sEm840)AYngw!_4jn%1Pp;*A$VUfnjGQ^FAsFup+ zqXpxD?gFo<04fOFeWNv^j(8w*gm6vjXxLj>kaPi-&+32A$!YZNyQkB&kGpxdN_(9R3FfDD!^&HEC&H*7T6}jTAi0=ka8>N zdO-c#1OPHEr9c8!6~a^8tf*Wi52G`M0lXRwZXg-naBt{^z4Kg(> zp~Mn3D2e_+r~(~SjAO{HIF%pJ*D-jzh$=G>SOF{=eS!0wl|ZM|Ya?**G#dICqoqP< z!NTRh+#^;`prRTB>c9yIFzcf600F3Hup8l*S*c`-BtX|igzR&`5RmhOY#dKP3?c@I z*@JP;q8YS6v5A`L5F?f)s0m^KeVXhViu|ZLUB<70V5Pzq`;0C4JX(#tHTKB z>RzT)VnFvZF!DO&7#xp4LN7Q*gHK{1){m;jn3tgCAQ5kZYLx}36%~6Ls0kK^;Wa7Z zxX-IL0`77^51DEy#YIq(0(=(^-YwSn7%@B1!+;!})j|-9={~1a!~}r! z0Mp2jK}))XhS7$Z609AFB27$@2bBP|$HOGpAjucdgTIXUJ?K=y^ELu-gaAmEmM%00 zX)ZQbg;q5}m5eK<5NkXVFPQoP0IngTQci$KnnGs5IXNVjQH3`tc`|E2i??cV3>8Cx zgfUt@!jO8c0)h_W+iq#l?sR}#jE*DKQhZT84qQcaGHo0S%gazACWeOtdja~fg!B-B z<*+NI5tUWy2UK>bJ+srJ=tsFh5>^@`VA&W2mg#nw*?Omytk3|nk`Q3xm1B;`r7FM+)p4wBA3$_VDmW^w0VwUQpd>YuC2BiI@2gNLM7#pE zP1$Y_Y7vPmnx>(!7F{rd1fyXnTxh(HZ*oQgcr9OscbN=Y8V0!a#6dC56t!{z4hjtb zSmcy|%*I5~U4dj2{Vsx<&Zhx3d4Qqed!$gP#_%Z3Qi>eop_<})33QDG0L4E2^FB zqa(4U0L>DF`4T{qDvsWf*`;xCLwLkYmpNlx12(?-QozLU1O6Z*Ktj;V)T-3LM-D|?JU-%qXbeNFbkMxAcobga5fMLygMm&J zKTS_|io@WQz|%xXOGIE^*;tiX3L$9#8dDgeSf5Hu6On0rnkWv)i~xH=m%_VPewQ^s zvWNj{#7#$)Gyyg;Vs=IWp(aFQpgTD3GsqQDhZUj5;}R?Ibi*5HP#;0$*#WQK>oco4 z39H74SSV0a#I5)UbT-&R8m21>LMJuqeHH$OOGI#l6()xkktAH$1WQk)0i`p#XNgg( z!%c~Tyk$K;oq)tX0I zq7d6IaUy<{n;HO-5rv(?B3s-tmC-^9Xqc=B#$Yp$vcc}Rs;HUzqKB4Kzyk$A=a z2$cK7-w6t8Y@#|NO6LIek3YzkzynR(7Kiu;B0?QP6a0%KCNe+br^tYk4<6cB;gAg< zkOX~@h9&BtA{1m_W}+Zij!UPpDkyA=70~q}K9x)mL?r}=r^aY_s|9P-h$DCcz^}pA zv)EAGWPv6(r+})!qx>_7R>dbUQA0#Z*T9*M#K4MSSutKK2S>vO={_Hg9$*1sd%!I~ z{OF#N>HP-y&rtz3?mufaxtTdK_>NjBM7O7dsGl;=h3h-GN@F~>rd7%mVmTZ6+?_?lA z-DtL$cvLNcD2;}oMHYy!;4oxSsU&LHh_&)4RLE+u;n1$|K>@5I=)lAMA#@%g4lwIZ z29O`25Tb~Z9)Qmoxd@Mmh;*1ZGbklc*k&3{uR@n7LK9mPTsDD*5FKhes=5(1SIah# z;t_Nju&7Q1L{b4r1*$>SUXIcXo&NBZ7(~wH+em048c0a&Vw=^&$J;?KvrLFzDv~h4 zs)4>bIv%Q$*&IuZNo698pg@L57)AoBF`yR-ev3hgvnWOZ5#1N?rz7ZB1rTU6r1JrH zO%E9mJ57%DV6Dyo8i`~@QAH%9@$dww9LE?e5n!>90_I4-3B42wf`DTM(#J5o31NGv z)Ic=qBmixo8#PZ^BzJ^}?m9mys&lXbEC56ETFF*KEd^nMPgpe(Ya+@rf}wy=VpOUP zVF8?imPug5p~@$qM~KdfbH}3f6A_#fZ~^sp4i2Zp5h&<@fXa(1t)M1`-X8oVqo9-H z6bfuWzziMNVgg*Q9f1@TDm*dxfJs&{Vehm0CW^-7-Rsh3AnmER89ktz;iptt~?jO)eDhera~M(2FNf&0Z4Eq(LzDASCN3 zh*^t=`XqmxlTdRoOg2LyVG%KS0(8^Co2OT&0;l~;t?N%n!q|i^jL1P52lm_nPcdk1ph%1sV91~=cmaY=Ar>oq8eD`& zL?;NVW7-Wyx?h9GTU-eosv<4=h#A#FGzK2kKzfq_RR(}pBLj1kY;h#)c7h@T5mSG{ zL803D@EKt5Hc_1x8{}(zDhk5{lE`vK0|YSAEa=Nn@)hOc2^u{w?g~;g6r>#<)F)t@ z=&b>W9^#pmkKHkg9e{T6%&zM*rN8}_`Wu%)Q^W>6TT~;aU^W|n=TLrY%2JQaoc)$%AR5&L5xG_d=Zf>(ZB{Eq&8FCw;}qAtw537+ z&06Vuxxem5ZOw}BI&zv*HHy9|Fyz-AeYj2KaQbQZ@qKPhhT-hnQ|;ORc}=5|x^VhE z8rqmyuTH(peSuz8do){p?~;k}%kHl}der$39dc5t>&IhR+iR5#SZL{at`+weG3u95 zWzkD%V=AFuFJY@C=zzm|yq*5*fZG~f{M3e-`zJmx=>^j7QR)4|l@deweKdbgH~rm% z!?Sa8kSQ&RlAR9a?tS~LNxPyi2W4huE$7YZ)M3DGU;fhQ%R7rYXP=qXIipvv6un;G zLH<`=-pmdq%`Y~uUNN1c238JoY}4v`i*}K!ESmJs&8=HUR_>ao4LKswiMd$gt0Ohq zny`%T}@EwZ66Z06LtnZq@W2b=&mPRDbhq z`-SDUOUvi>9-4n<@ASy0*XG9E2i-R1-pggTIX!!A`Az3${pQ2r(uQm>`LGV3zhysz8~Lt0fOdu~gXkKgg(?#Q+;4}RJ7d8ka*u#;lVs7cMb z8!oTp#@?JG3!75&y?3Xcn9|BxXX(fv-)}IcD%Y#@w|Dy;3j{-kq~6@=T>ZUug9fAE z?$grKkx!w!!$0WnpUN%V6I}iI`wY%Lha4LV!rh)q`b@C(6Z%+T*M%?!s;o*fP(>~l8T7Lz5 z8q4R~a;Dqk!mSx2zC0(teSWK1->=4BO?E6SsAL*OM_MIc>%8FYiB=pKN<|b_;v@UIvS`T({Ff8S$0!{@INgQgQ+5 zifvrQMn5dA6wHzi+q3bzPG|!{1%)l75ok{Xmk}>kXgIci+MlOsUtp$B=hVt~SRSk_L_VWS-fzzv@%I zuLPNOByC>Xvvazuwe3MzWRaDY?CsmP3uBjRRt{!NuH2JbA2wXE6@!Yv(PdkDR*FEY zh7Go+9vE@r#&+whHPi2`OnqE(Y{I2{cmH1BKiL$2(pj_8HiE#- z?HTR%d%cu3wP&5d=I3op>#w$)n_qoxNt$7TY2@Dvsq(82Kfc)a(#4tlSEVLOnOLba zrV?f}pL8768BObtZ=F}MOofyCxm;b&%;~<_F|gO?vK3DhO>S&UztK27i_?E^sAHQ% zS=ywWl)zY5!gA`$S~+&e;omYdGuM=^*d{dJ++pwZ#&~La+PYV3cYJ>L)cDU|!cN;W z4xG-P-KKYNNv>fA$xd7IUuVV*g6(5rtGxyF-ITdx~*V$t*SM_1(S!4CWAQ-%l!#*H02Ab#a88WW6HfMtFpH*dLwuKab)hbo0tjnr7DO)##^d+l8R!#{jPlfZ$hP&&) z-kDL2{_6?!{^!9lbRqWb4NFp}n`l9GF8!B-BXbC?@}e}p)El$zC4)e=o|cu7UNOkO zY@!Y|lR^jC()%51;wNM03*k^8+_K-{{5oRG$^&hgzu12BBRb%{f0j-7b-?M1D!1Lj z+)Q6HIL_MF82{@D^engXE$=DDvhC+;!p?lV?;lyfs{a=sI)Si_amXg6O z?uOo8y}G~J28BOQ*k}F|7p)7>*>pF}{JG!%ZFi2U{`2HNGTNk`%7*C-^_oBVmy>^K zYUP==BK2>~30uVx=~^An_;o~EW~DW9V)SbJJyeLMh$pnE6ykpm*e_DK$Uauy;eqIU zrZlhAGynd*g+UZRxsEPDAMre`zpBL4S zmRfO5Y}#D?o`?8?>^$M-J6nQQO;P^RDdz3`Vs z9A*4zGGQM!Sh1yH#eivA-TgJ1t?Ac(l-Ia@`*xS-oqie=|56lNj6Zi#dBL)$*V>~h z4!3vBnhu~S34|+oMWrkJ_g;aWrQ0Enu>Mn0hur-s&M)`SUv32TR=UGv>-+6(BUatE zp3~iwgAa}vvCg)3+O%oMzgT|ND(|_K>hQ}#{M(x>R5tnJKR&}>7*e!1Jo_1L#pXS4 z9xekTQuTPjqF;ogux+JOKl2{EXl&IGB&cf(%RgB{-}kSdCU;x3Xpv-9$lt4IS@oPx zU()(ull95DyPHRsg^H%Roq+j1CuDI3EyC>Ix4{+`iT-QJ5zGbxy?LCw{V8DRl%)4Jc z9J0SIIdtwcw@;NTOYHXP;?mMauP*I+v&Hu@LsQhdAsLi@skI2KIHr{y>Y7=1A30WGIs%We&~J2$yW@sic21h zE0Fi}zezOTTW?rf_0f#0@8I-fE;%^7>*H=;e$fj5=c0S+_no|`XB5d_yJ7MBDraWb z9p8WLI?BG69j10!IIgMpz#kV1`PBJ>S6%zKzn#Bh6aF~1LA$;9N$F%EJ}Y%gcHaT~>nFU&YGib!ws^Pr>9o|l1u4Qo zdrHRA>sZpL*eV12eyhrT^xk;(&atwdiEVqo&$w`qQS|wbE){n;DS6GHJ(G`rHn9Kq zr2h5OX4`=+RaTz~>Th1N`)k*(Mg5gk{5cI;w#@msn*vJi*y$VE@b=-iNP>Ad=5TKj zxovvp?&i1ocmEVF89BQDob&e%lG%rQesWCBS}`z3f7aS4S#mJ_#n4rK^SY%R>Hai- zNI|o{>z>}~b-PuYHsh|`{pYf5)!`Zgif)(OYxdjVAHPwk)VrIW9${4_W%=F~#Q&a$ zJ9C=~Xn}aNuN~ODfB~=YZW66^zwaLJ2MA_}Ia_lkOfi_&&Uq{D{2nm=n8hc-2u_ zwWBqXLF`kz`v^?+R?*gsN8JWu%HCbiojY?Sqv@yD<>j<_msgcMcs>QZw01u56d$!q z8N{#JG;K)tr`OYuY-{vy?TKknWl`S=()*Z;jHR7Vpr_BnaVM^JR?oaxTvAd+EEYHJ zq$tbZoxApV(Y|H__k~7pj;3|_9?Cq^xc=A~3)&Z#=Ir=*>*UeDR{fPu!qxVS>s9=s zq*k~rr)KNLefsfmm-9;fAFohDBj04STjRR3tvW2$c|-e-9l5o-r0*{{d9w4R6`b7k zc&!Q7^F}di7M}gQle6X7*ndxFT{w>}=o?e(5|Ybu%26$PZRu9?*{1vZ_)>cfj z&fTZ`a1W;^rMSQ8l4|$-U!jXupm~GMne|%L#Rv<#qncNC1uVlA`5R|;Qu40e&z>~t z*lz#5EtYdFQ#-aYG9S*%H8_odKHzt_O`CS_D$~Gg_GBmQ5GI*IR0w?52a5w zQg)0euCl*pg0O%8{w@#Fzob=J-@rHaowEt%+01|6<_1t0=xuK3wfotfgQy)eJDqI1 z*s5^9wQY|bo^jZh2NtyJnbD(1OE@VD{%(Q4lDs|Iv}TiKE5c8&m3=B(QFeI`{_EFo zT^}?>M`(nO5atm6SFlb6rokgjPKv6zB=VS2p^~JxqZw^>)%!N(`h+P3hpTj7@lt+Z zd#LM9yyN=1ai>n5s+&va`BzqHkbCUb$r|m&ixt{bSLP6LQi}fDlhUrvzFoTtn{=IR z9bI$jyhEW+%zgio*Y~u_yLo1udXX=z7;9Wg?%Xj)Uv&FeI;lIx`>E69q0z=Kymu56 zo4!uRn@%<8GPiHvV+&pG+&QhNEtvDa4llUny|?rFpzSmH&n6_fki*H>HVgZGb26^& z&0ZWp{>k5X%Xj}(+Ss+rPt@ul+ufm)a_yMC@187^Jvg&&H+I_i{0C(hoBlk>3!7E$ z@hzM8AYOOH0T)_B_TDM@vwp8pqj*Hgs$trsX0;BVe|~Gr&|6KF6IQ66-=xHfe?t)D z%GwUsHxFj-bX@g4E5zQuyS)0tu9_kCIfZR&X=aVe*f@Con5v46i=F!GTSBKBcKPy7 zol2}VEfjBXuI05cyVPl82h}>Z_#4|_e5&Kj^#fX8==Gu3nb}>>*6r@BU-wJUA zc9m-r>0vL+cUNrkY)Qc+>yr5I`y$T~gJC%?twpQXt!`ZZy+GE3F^zf*?!H z+O>~4?3K?bZs;71alkNH062W!Pc#Q6pm_mWVBB- zk@@n4yZHIz@mFRtR-P`uw00MMpP{tjmWLOLD3Ow^&+ng3JEL4DDcf@5@D}k;#j+(> zwa3VMD^BSj&6x0_KN|M27oGBa=+>R`L9ux%c=#n7m(k113npqAQ}xFt7>|A|zsZzmtY*lgy#lWj*F z-gt_WS#WZNp<~~WtEjz1svVZ*JFH+@oiwH{ri+FK@kHGL2NJ|%@nqA%AK!;g zZjP;b=-c~NJtEI+bre7B_hyLu9O>^puxis6u*NX9i%Wm(KY67NZc@r>@ecR}^>*@-xszA4KY#2v^$+6uSrZy(0Hu+CV&UEolxwb=<9-+RFa6YP(5Uqb z`j03o`Sveit@l&Irr6T4jn7s@1KJATx0wNrg6mK8&fXiYb6`;G$<^iU)7B_zHY_b| z5YI>v@9)$2O_rGP{Pz!~*W2-n9~*8pQe{G9pk6Www=4MQ{IUUi0_*0kGf}cN`0x|O z*H_2tPrsS*{N~PMgwJ8F%X{_guo@92t9R^~fRUn)syCu6b^kr|eTxZEO9vxdN zd&(50w#(&%UtjZ&(@I}lT2bToy3I$mBsxsP@?+(Olpdj)?wdQLb?vzGhJTxXwAgd~RMT1U;KTGjeMDyCfIcH@S4-@ommmIZ zLs6pnmwGAV4^1O~e)nQ#y9F8PxRyifEk1mD`<&urNo{eTFTJY%Ip+1#dN2P+gEag< zH>c-A^QKG2Oxnt&v|coJO@U%q;nuWLIcE!LSX__}z z+jkhaz1yJqr231yi8?&GH@-o4^33=7-$}U(VPRYM`COKuUr)~hxuo&}aH?36L)#4)f%+wo_waXPMTn8aPt4N(*XTotE7hl&);fq&2S~ zc!ox}V-R9aBa#ZnXD7Y(Cbt2%FdMc==UiHT-iAR3bnn`~lLT&UN?(2s!h|cgu^`?% zed|v4u#XV5oYmpYll7ZB-OX$>QOTHlZUMP-N&A6+HyDZcs*{tA5UJ$#OP*SK$W^CD z>{V*!jLZWMv$F}fHhFu}t4_>LXE~9teH;suvkYMZH?`T z4ozzE$Kkho4wdXV*>lbE0)Kg}4)-4~6HHp#zI4ggc;_DVtVa#f4Fg(VSrZ?+X?tY| z4vi3u`e|*Pr&XGY|6Hy%WA6O%?(3z#9-V60e?;1}iZ^Q1)?TH3duyoWN78IzqWh#% z<)^ZzZ806~uzUAj{m08)U%h&N-nV|uzB+BXJg(kW{nQ*?dHwzxFe}Fw^&a|u&7rgW zy(S{Kxoaj*A>SR=XhxP$wqznD)o>Ex+se_hWa`RM>-N9mFCe++pNUa|4=10=ZXhjz zsCbKaz0qLf!X9DX#HyD~U#7mD(f?ch$4>C;K0aD9QgLnKp+h5^N;3!EZ*ceN)%B}C zH}^ci>N`}C|nJKVQawYrY{ zT0S91oYdBC=$|wrq%S-Fywl_K3E6#TbylmYp6tAN|MC|_dxGsj9FtDhP99A^xN>mv zq?NV4fC<^j0&B8kMAvig;4J%C`sVcRVV`h0P3tgZvUJ^*j#E@qoQKy>uaP%H4nc~l zlzk+fGOSuPZ1KM1uiloQE2HCjw(0(;#-qPmz3*BU+j}ba zAdx;|XqW1J+Wkq(51r!gH#Ot@HD>?9v$K=!c>`0&OvrArjmcotyU|CsFXDc;$8~pl zmpaK+GwUpe41wb;E77Q&F{pSI=F!L|q$V`vi6(ngYK!E{_eb2wOFwufGBcD*|0?zl z9{G*<`NPZ2NsZTbPG7xx<)kKoDXzA;%_OJ0obEV-j>9u<=T2^rtPMBP`Wwp%+_y$tDq?e5Oo ziWQjko!PoWmMW(nWUcjYca&V}`)_aAs=xX^Ts?qF>8KQco@nZM+9cp-Io zQ@8HQ$#G}(*^|VK@}-8tJwKA(x9KrDuZd&n^%)0}pY?k;pv&n6!+#1)KN`f_Py@EQ z{{+@D12vJedfH3JZ5Q7iV+yX^b!BE_#(-%B=lY+2^}4*^=7rx&u59WWD_{RI2B+uNtW`_emfyP8>3Z6oj#=w=mEWHsUe~qRW8srHM_5}9 z%hWVo+v4$Xe%o!wnMvc`J-xm@(G(1|1JnPWS1-M8-4u$XR<-m_+5O&JRS!0QytuJH zxn17ZZy)Ybb5djzRv3=w%q4pVP2GuPi5G83N;&-&LRNd$eM;-~gMYt4dD%ScV(IsT zzCpkLPc6Xew(UDt@6@|@?^&^ogE^;ishyc)o3@zN)46&sg}5;?4{TFDEpJ9#_2YBr z@AG=rSbg+Z$=#(S-h`Ql7t`BcEI+8T-CFKBajo&z_-j{(_pPZ@3dSb&`gH2g-HF~+ zZ$(zAyM+@uLbW@5m>1WvW$|7;^r2rvBT5 z!Y)NT!;w#K{2Z?6#60&|$;tt4#ipV4K_LBsyR?F_i&!^Ui@*&YJH5dLSGTKOOGkfZ zZX0=5cJNUaq`MjKwJ?{?Veh1Zt=52<*g?bxe?-?0cS*)wO zr)Q;~cu}+upTB^5^nLIpy^Qm%VNS{qV&}=9_WZqmiu1bu z!j82aS|w^-3cnofEP9eXiGO&>tq;X_bhBRB=FEQeW>0VSs&VYwGKBr$^(sl`VfEEV zg~77SO%v`io<4l%8}=y8^~2v$HilPx@cQq|A5^P<_;~8c9<73n%bNW3XByY7jP*61 zOg+)zTqgMJ^B=z+=&dtNeB@wu(tsR3>-8aR>qqC0(+cX19I0lovW^`))}muaJ48#) zeq6k7UnAb^{ar1muFXsptFP4c0aEy`E^NN;=A+w;sgP-2`*$rWPqnR{X@`J&H{uW#1?6r&7eER{Jo^_V7EMXC^K_!;6d&4 zOZtj)k6mt5#QL^~I{f#}t3|Yl!d8+i$7@}B{^I1uywSdBmHh{LOViiXM0iO@gbx4x zic<$C-tcA=*;S?5HnZYJhhFpl6+}SeDQKqu zf5j_S=1$N1{q(cxEnELsIEgtR(5ZHOUnx(MvVZ^WnWu8+*KXYL+4$XMrjJbnv^@Csw-(e)sx)fe!GE=nkLUSCbM?vjHGS7x&(mJ_ zPVUOMKfOEk2xESBI^KF-(f#SRcFaM~9@wtG&04+V)V1W(Gk4#5+$pas4*cwPf6eS5 zO`kMvTN746!({Q));<54>S|KbPc$$$OWUS&g(;GKD(yyQo;E#BW0 za{Iyn#_ha!uf{b}4UH`;FWz-AKe+nG2J?(Vw%EVQM@C)xne=&kgZ5(w8fOkC-5FXO z`}+2iZ)KX$?4tD4u3f&S$(R|>+vKfEtD5Z^+!1WYZFz9)y`RuHdDexqvpUZ?S1nnV z$)`;<%&J?HpZ_9_b=q1F&dz47=rODK>F}XNE6Jzt)I8*Gw05n%aOC}& zXYSPO@?;wQ-xeUy>X{cAFsy#P96P?Eizth z+f#9Zy&`cH0#?U|9q=2k4z?|snbfiOFe0`3t+PtTqh0LfFAlNWEqL1fC7P`rJ%-h9 z1lFI?E2SI^Y3a7HpC2T(s#S>p8NzuqkA8Qf2o2mPeAMQ?g4iza-Az+_&-&adaAp0} ztoFM&%Oq<@=gMceGxFSNt50mvP92qT-Wn|9{C=Tr=aI**U3yt;?_R%P)hbIUV`Tr7 z))T%=c+W2SU0GZ@GpEIyk?fc3HltQg=$Sdg_~E{*9_d)tLoR`#mZBSq*y;C ze?-qQkv5EWb8ZoPt=xR0oLh$RRMqYBE_r&bSY0wy0yVP>Do=^B;WlR6U!bxpE$GU_|)`vO-9b_I%V!RXmrT!|G-q?ktG{UUdCrKHk%HUG*vw7PKcj&7{Tz40HQ(m-bW6LtICw+l7;RpNVk$zSG zJJ8v>aUI?M9?k#x>v>IIpC5zoe;ockWx&^m{2gyTA3BvhV}8!OTx{WkRyFUg`=i09 z3!?q6V?%qr9a1f}d*6`Hx9`6CXF0L#1Ec+w^~x6gqpej(*#m}E?UgfY%*apkvwQBT z|NLIY#eYuL@rXp4CXJ@GP9v7c{^~KHX!nxak?o6Sa}E!y8vJWA=7;6ZrzJ@wcVTw* zHxC~q25vpvFPt;q#jVw?%?8o5eJP0+bGlEs^Bqr6EP5NUzIj*waAB=`C7->2tojie z+id!%DYeSJQYWWRm{McG!)KEq_O$j-#eZy)6)RS3b=(=Sa3QY6zyo#C+I9V-|Gh@# z{Jch`FYQ(DPR~Itv2%6WOHQ}{nhB>$wy~i;utG?E9U9r@F{j?Guy!&N}>P z<&84IUjKvF4>Ws*G4q|yD;p+${-foZ9<4^xMn|7_esZnr*8|20pZEH{kJ)=|GY9)N zZfv~&_9E%g3#~of-UnMQ<`&0t>EH|xTXw3Xfjpb0LGRDLaqf$2-v7A8d-v{b{XA#z z7UyktS?TkM%u9aFOLfZktF4aSD5{1fZ_c2m4Qk!K3w!;_JGI$w$Bldy#P;3YqsrQ~ zho^qbY#a`s*ff^W>p}mT`{b8j%^I4V*|ZMrcs9SR#qcIqi;A|S_GmhVJ%x44Q>2-3 zEFwpj&Q*1oX#SKJeZ7Bki#wqXq;?`buj!3i+XZ5K z_NAUWISZMfWyEI?;mA2CxxeM%scqhUXg2oADD}nCt4HRN-0V?rK9QWs-M@eQ7TwUY zPu-&41GiGrn)E+&ZT$L?sin))11ZyYpS5C7K5jaoO6FgyN=<>5Bck2M9<|$TPZy4V zvuW|%THb=8iIRg0=DdpOdJP-65KC@R)@wx77b9QMZv8<(3%=$GM_u4|)mY6kWQj^MHAma=Rbge`8xxsL$XI z0ZpXKjRk+AWfbA1UH&cKUq@c6@&4t>9KX^3a_zmsMbjtW<*V4dAsq`&GS)tuGC6Bx zG=S&=4Nna0J^9KG!hkoO$5d}KDCRts%3z)}eBXArM7KQU{kNUTn?$0r#_?Lcdk^sS z>DYqpxWbyV?3hnHrDc9A8>)@|AJX13F3Pt38Z|&b1f)R*kPaz9x+DidkVd4XRC)+O zLZovj=~6+uyE}#!>8>Fpq@-(~!|naN&%59M-uuJ;!Y6+}=Q^+BJYpSdt&1!1MrxE< zTF*g85*nPbFJUoW%ze*vQ`VAOlM3z=+i7J-XV2(gsPmvAU++_n#-lW)nVOT5*2HH` zs(&Bg9nnOX)OE4H!T!HJ0N@5T74n!pe0>;}wYU;wFnwWHCvBQuQ$@@0%Sl4GT#rHU zrcwcw{MwFqJsyj-^_%f+MQ5Ttub!@%H&YFiD{KbAXmd{?-hlz)s-nZwB zqoIjSk|##KNS zh@0hK+H<`hTTQ}mtnOcFXQrncUaXIdi`d*;IV-bPv|>-3Fu z0YNF4u&P=lzAl1%M90xn>#32C^_=IaMz_&+ymAsYHq?2X_eqTl`HKu$IzgOqB4wg{ ze;jBJ29+n^&TZXEhynD5zqcJ$x7!&%XD-Ni_=yki+p2Nc@;l`5fp?Z_-l$%3z_aJ= zq#yNtA>UxGi9y)iL{6Rc-|O*}5$NLXSGOx{reX&DO<;9@6n#k0<%miCy`(; z8P}|;Eo${4#7tV|?8ud&IE6p&*556}#&)mKLzr^6@iGK~Bs$k_pjvdhOD9p0m-QU3 zPPE7D416^(lJ+S>jIw;rjei!*%6m6Om^xnWoQxKuJQO9A| zam^GA?JTBuw`R>p-L2@90J%woFVIbN2)4cF_{c|*f3Bvo@NJf4odtr3*mEj!9ez#9 zm^v0kcq;w#d=79CD+<)kAp5q`e5AnfL% zaT3>lpegfjEn0=tK`a)snoZhBwW0fKOF^-T7+)PcUHNKDhIV>=mD8(8yr48T$1XKZ zjp4xrvg2}30o7-KGzcODO{u^^F)M~|X8x}rwRakYC2iJdYp0M?^fqNzq*Re&##r9kvculph2y^O?AUICJv9IUB$bu#1LV+0^}D>Ow9Cb* zqmQ58H`&k!wsv-1Bo~0N8y@Fe+aL6ViHS))R};tD`s%80JAw{+pNuT4VQ(lhGSU`o z&Ol3#rLV7Fq~3V48+f!53X+n`QuNe_U2!ql<)|_uAzU-fOz|Gs@hf<2aMSKod}{a? zG~9f(PhW7;v^LI0L&srD&f>+l7$dhj#N7QfTI z2?6Hj6OP1p*EqNuER3lav z@0c?&RaLosv7Od%6FedO%%S(7paAB%xy7jckd#xmX|0&h4*8009gSFWyOX*d(3bI4 zYwkrxMJeZhaAbQ`bYC%nPbQ5q6od+{$=lI9ZReGEb9HGN8k(TOvS(3@3w``^>L0K6 zdN_9hiY^({wW2<+(ZO-i;P50;dnoe-bqJ-frs>4-$%)aQwLvlwXWNFgWI_8o#H{K~ zfT{Z<{TX5KK_X|SvwaHYj$k~KZnb{h$2l=Ko~_)Ffz%HxZ=cj|H&~8Q*A`O{I?ag5 z^65=0Pe2BhH6$eD7^$9A7vt$3``V6$d-tkEwx-F> zAF;5|t&7_e!r}TDtQ%LcWpM4Gp-04+C@L6k6FNIsVZ9x4LK8@}H+Ns&BYvL1NBMD6 z>>g9t)%KKAC}w-%{>P_*i|wV;fM&eh6Z_ccr-`MIEx|!Ik<=Kj6+XV*ZT8=d)L2+p zJ9s;tk?oD&-tM3MC{mG{!YT89`KrVOi^>Iwe~(%WvR$_i?+&?7bG_&TWC5;^mu`R7 zM|$WZ(i9WbgkC8VGTX4k2hU+|~y`0-Whu~7@!=3FC)?Pg|=PJvb8uh}OKfGfI zsFVK`%{7S2B%cU?yVWp~yhsXhJIdY)-%1*&E`^7LwE2XIw|3{d&aZ2sDJfNcBvYz& z#OYae^N(!zE}dcXRmgPXrR?F~mMC()yFR0)ec`G9Rnq17>Jcb+}#TKiE=2y_YN zwV#~sD-b`@ROgftcG^_ddHypoy%CR$>&DTvJ>DIh2PTn-!D3^m+u2s7HbU;Iq}_C) z#8jTmWwW^RM;a9G9tGcXEGkkC-6l{The_g5BzV0m(LGhPf^4sR(Uz5%!S zeL=*J2SWG6nAmwl2s=YNCwR=&%^4J;Te1eXS0;C-KQeyRX(zS&HLATS(nuaQ=7NvG z@mmVU{o{-7?Q$H`qjs|M4-X{+AxA` zg2D^OgRKEUby%5YPukj~zuL!g#9)QjhkKI$^Dg2Z8`gcFzn-v^IsR7zlO$}>Rrm6| zr|{Tr_Lk3VfLE{$ewFhF8g?4op2k!!@G?qf+<0hjiJu=6n)Pb?z!-uSCNfi`ZFdc& zXG6e8*u4nkSv3lLST%B604nHod+SDwv`Bb9(^6-c7U$`EiwsMxYBl6I;7%s++Z3Qh zYU#T$^i)KG!!us$2z@ixP){K0ak5MbR&Ebal%y*+!Kh|97lIOV8 zVtGCh(-pahm^eT}j86VpWoOI~B1ia1@l{U@d$G-&7{fFGn!KQZ5Xr->3^9DUMT>?y z^XIL1@KpBoUM(>y?rhq-+mi~y-My@%^;^Et&CQQp>~j^&-~|M}P^X1nzz#I-_y?bN zh8*sD`HqLPq?t@s&czL4+tA$X`P(tYKQ`gSl}8n$Pi6mAjDF`WSMICM@3rj`j+feq zk6MrW46RBo;mPHxJ>liKed*+_-36%e!qyfJiy5oI9)+{Z zNnbWu#+K}i7<-_ha;ceOZ;B{Iz3WkbC4$Bm%CIk$K*S>IabA_vzB?d(^+h_6U_u&~ zh3o@B1b9=pD?ozLiic2tJTLAZ5C8B`l@vgC)U-}{dbK2xlra8?H0@F|RyC=~pWhV* z!J0sWQ#vRbBvMWH7u;g$?uQfR-Ed5?Nb)u_3XmRFQcFdyW+BHPWTAMDu4I%#j@`w^ z<$BBGXb!nM1SFIfB)Pbp%{oVlsyZ5~s-9=L71ENh2Zwq=%>!q&w#avoR~maV_?%iq z9LS)^OKawpt-CMy&7G?Rvh#4w&6%nMBt|q(t=eIEx(&3ghf~`jl5)R(p5R4_{(pt) z`COjNW)(4cAT}xI;$pi(6+ZqaV}Cs3<0-n&h7r~6o$U*23sM3OYh3-w!eKP6emQeZ zrOT;J{S}3GC2h$B~35?;q$d0Ut9HL;FWV8IwNEej7%NFg$4#Ax54q^ z%zoHlN9|;iyXh3AV*u@h90M2f6r_bcylBxlX)r!Tam^gi;{O&qHGJN|d!g@vb+A4* zu$yAc?_|_c5IbyMi48a7c)ISBzx}%xHkW@)1i=h#4{GJNV;9o4Qrq3Fs@G_rYDJ&@ z-M{11Sns}kIG3z~V898qdyFaio}@8(g!N&MkM1&lx}ECI(w6jLIsM~fqEd!G~OTmzlW z+go?IMJs}c3FmA$rllYfl;wN)@M+-fi~xw>2of><3ltbkG6VO6t0)@!B}wk5>3)8e z#u0hA`10KR_+qSD1#VgqOKD+Zs!YvtJ!~+xmqj=B;w@iv>3)Bui?8Qio!%~NCM>*{^~zfYn6 z6}PZo-3g;?<5k0{)yEY^ore|Y2TW%Dae?q;p|s94QEgYc?Ew3FsS+j<4&AIa^a<6- z*`JmE>0=v3eu#+3NH6iLbG3M)Vugw3Y;^STct$zqMyT4L|t<% zQ){iXx)hNpwO98`L5H<)RzFt7OOAu50BpD7v8}>CNz4L{iTc~EriMaaB zRe9siM2f^Z;$_#0oVdJ`-Bmf}4y$FP6s$KdsRFhJV@p@EGb?U|nmP$&-wQJ|;Ey_8 zk~w_Vw6>v@`H@I)(_U%Fg5p}eK=hh~=f57j&)9u^nB~0A@a6+vYcD{@ZyA`Q#sWd+ zydVOQuur*0M$WFo%m-est2PULrHEP|PoiBmp#B3KHZGSvlV}E-a&Djr%B*lm5^+%- z83Bg@Qq}SklI$p&3UDO$j&~JS`;$kUh*?O4OuLCbvuUdm(?(k{(00hJgbC6@QF=6h zVMo)@qCW%Vm!M{EjNBTI+V|TlK1DPj7T9m=0G5bw`i0iQV6=Hd=Qlz%9#gQ)BWCJ# zGo$H7Ul9#v;d@MMH24fN^to4J@K7T;mD0|xgMN;t0)&w2 zgaGH!lm1vKg%}QKUXqvpUDN_ikaCGIZvB#p3ZGF%ELIVm~5*+^{is!pxq-ZPrkq9Wk)8aTXI zWJVYPzH=LK4;TLl_^F?*C?YM*Bc2lgTdIn}bW-fTLIXQHI{~N7xDuudAs`f~RG3YL zqDl+?OODuqL{W^77q!a@94BvDoY9E-T{gO?Nj*A5Whm0(%(2ehjR?igjM-Xjq>UX` z1K()pJ2pTb?9aMZK|W|>4TXZy!XI}_rR-&~+d)?%SmOK*^$=m3U-37uUvdlQfAu%w zqsUlsk3-md)b@ea5kp7gdDU8rWzP{r9N5!k42X@vCtP2t2 zmHqZXSug3H@TVayr8MK@elubEsfO8)t1}^I6nyV|8aPF4oIchK9;1accsQOyBU+F5 zW2xSucBku@I$Cwm7fECI99EOzPr=sP^37HSi{Adk%BNRd4^OnQ@|tU+t(bs1v>o*G z_g2VfiqUTt*!L*I0|T3PXlx`(Qqo7Vv8T4O#6a-mvKUt#X$8-+!o)>v_gaAOBLiiD-Do*qhP^%AqCEk z6C=%44=0Ct8)`O%y2+wa(?aN%9^MRsRK(qehC!M?4=|a>u>#=K4~}4cMgN^~@j22+ zomCfu$$GOhPgE@evhB6{py5+@^N4Njp33Z07*As-d~1rwdUG^Qc(U9k^$5=9*6D?g zJ&dISWTD+Z?ZIF5n;Sp^J8TlXzdFzfG?2wE`({zwc7L!#FR$LBex&W6iGkxi8PN9i z#x9x7<~`EabLwkro7$6mI(EEXk_Z*?t4}(=C;Y@A1dUDBb7T57vj+5i5Y7R`lO}A= z`ZyzcUUuUBs}mv}DXqm_R`0=d6Ib2fh9K=JbHmkL(c_bm?=DVnW)gT`)~&^coXPus zZux;vr@pH)qv#VzYTy<@>mPlm&B#pZ-ztvu5z4<7LP3)vYf+SY&-Zb%^9eMmuQ$hw-%M9MHXBF@#ix@s?2UU2XsDlrtZRTk>iBe{Pz5x!8rU-Hce@5B z0s{lro!?cD&CF1O@l^)2>$_b{saa>BN3i^a2pRPKo2tl+;XkpxukqH0ga1#D39KMu z>`P`r&W|NwvpF zjs|Eg!zW{4R~JWVDEi<=e&zhqQrhW_doT@}8$x1WU~rF|8?CVMQt15R0;iR!5l(h-H6(PAhKQJ(Xg{M&xW@GI z{@*S`%I!z7oSogvk4oa)zw~)$T^f?RmAHDIdc3Y9bQ|*8)vY&rbN}bPSXz#+RUfgU zlwO`#3^Dd5^6)EMY2<3PZrIcrZ73@e2m%gq+_Dfpm%j4?Is+`AXfRui3FuLb03q5L z&`t44N&UewutqGk1rlbdXGhj3Ny8BcIe^P700DQFS|%=P-T(V7nBltrgdfhlpIZRW z-5Jkg{ux0-8xTMR9}W5U3YAUtJF}rCr?NK>8J#jvS4gp~rDyNiKUe65u3vTX`8^&Y z2OqRN)D?R7CL-#GN>w^_f!`)nKHiqT<0e+|-m;Gmnc>r5{I!?48=wyd@Lb-BJFhfo zK_C20%Jqi5n-ib6SbTrDlCCfLfX-rqk#l3RKVDfcWj$2hcm^`VWpgXE1E4BIZc<(OS8HTz2`j2Ms@P@<9 z$^3UpfMowXAEIT^c4$D`>3Q?EdQ3-{_+>yRmFqneL1u#dS3Kl>5QGj2Zv&u&dKOAM zalrff_3Po$SkPQbo< z)T*o5TsPFcZ?*owK+lQNG^A@lMK;n7WrLDz|B(Nyl$*T0l1$wdd)tS$hcvw81C<`= z(emo56WAbWO5Ba7x>}`{hC_yPXZ}rF1($NO+U>di`N^g8xMVXI}PZk>- z3}j2-alRwI+BtzGr5COLeY4_*H%dlL1y2f%j1%=Yu?)mFH zn5%S)!b!=4&qq;>{!1XJ_f}28FN@!{-q{>)n4!J1F`S>)7Fx30t(`7z;aCEQ)*8xB z^s?kChrn!H&T9$`9o8nxA88ioW{W*|^5*_Ze{!z$T|s=AcaA0`f`FBdMm;e}+b;cG z4(zh~?3TNUHKL@}9ps|aUeO1m)JO8j@ES_h`QgEYfBUXUOLGwt2GAV5dUBsocnFox zG7R6&)RYSqJcm;a&7{AoO1I_EuX|bf$fcyv!p(7_j}UU(;JL>gDoBm&EfU%$M{AmJ zMko6}2z<-wqMMy?h{gf!-X!wPc!y%*mmF`adLRY!BA`dc%J1&(u0MMC@F7$L=-G0< zWS#FlLks!C*oo*qS{@$<5J0YE27LD4wq?*zOCzQceW1hKq zptqFUV|^J&o`$i<(;@H!o1lmh)D?@Lef8T_<1aNnF1Cqx+O71y^)bL3h}jDFcpsX; ztCD7hgGl`(A@Ko{p&>=^ZyzG1q%C9$r1}6oy;HL|Vme0DK@0o*NDFt5!VAUd&Zni5 z4N*ofNLP&GlDO!Q@Hl(uDv3uW5&%eZOTnBC%Gr@6{OYISrIVr}B1Nc9`KE5abFAy~ zq(9XM%vATo_|q-#G9cPeo%y)Gq6lzfDdL|wDrtT~M|yCjT)kR8di3F;A;Q}jxNU&X zZ6eP+Sulv|Gv3{{GHOMd8-3Y?qurAOnMc5zHlA{z{xR-0&N>b?wT<)HaZ_h!rvUCx z!q)$cldXzcLMHUrkAwT~<0xBBSK$MirdD(#P-y5l*2P1#M*&vt*nbv64!+j(LhK|x zXN}!eLQhX`7nH@^`ZORY(LCyEP#3J#yZl_AzFmJr1@tC(<)j+FT~C%{M;vKiAsW;t z3Qqy&Jh$O{RZP-tPFIcX>QyR{{a&8qd#NPrjKqVU}7WwoN z(>8fEEcN^Liu22aEaM~dKPTUY#DgGk(Iav_F%;eP#9=0H%CSASr+_6~8i|R6(+(xrKSB*X=C69a5>f`$poVDNXszbHX{WU>Is|0}bNBENK=5mZspj`nK z(s{R?RO6;9KKNnB^WFe|Q4LoQ3Ty!WJLK_nKw+i9D}wYj8qQLgfQNraNJO-LcCqZ| zmDP`3X=`=0ggyl$@wf4>QW#U@ya5dOr3^e_wEhxz+WM#G?Z^7>JTI-4P31(D(627A zpLNBk_!B~`{qrI-0rbXBuc{-Z#2X>`4LEJcg1lN92%(il*z6+x&odMgbE4Fx%fcWzYQWmW>_3|SYLGq zV&i9$vvb%MrZVyi!l-s)wAv}4|GnbVWMzshK9qVsa=pWZ9!Itls~2SED!``3x0 z0O0HxZ25?s&ob_`)&wS(90E*r6fbn%Ss`q8Gz<0fFWH&$0|dBXNI9^u(Y1nBCnE3x z;~k!P0f3<43)E`h5XEhThxa{0hI@U#I6LBJfUu9Pp~`Rh(+V#Yx*eX=U4&*+!Mpu& z*EH1W&aM`5T!rpTj}QxQtt5N?y#+{jv0eBrl%>M(CvDUlUGcS(mk$zJkY2ZngIQmo zgm`b+Kt5GB18Drh!h+GydRRRsQ{4zZm$;sAGoI)&)RKIk7VLBGM$M#TVPWR<9u1 zybdzMK9(?5rPr|XDlb{egxkE|$c4Go21SRGnfahox!hv=?tB@(x zje9Czt3bEeI84-UyYWijbUJ7P zevEJ4pCkeHMH)_bWZ;`sAw~UL_Axr07I1&ZDxr6Ue;;)rt2D(<+Xpo6ZzFE(jR&IQ zr;mp4(K(9lREhnKsbIhCW!21)gdGMmBT zp0w2=wVV`}h9eC4}n<;a>0GWb}5|OLD#KB+9Z;?S)o}Sjb2o{hlEP+XN>Gp9r9q$$33kZKXvn z`k_qdK^?Gb%1H%SM)nyCIMXD1qCyb0jzlr&G`ML4q^R+k8S|0nzg{!H+@`Zoz5o8F zpvsj`o~U5p$9r?nJ^T82{t$JI2!i7gB*&MKf{(@AN?!?pfXyb#$?0ai0qk9L8L;2N zMR`fc;GQMHaF@#QQ)+QyBWO3*Z@BjOpH?Tcv5>QlyCvz72+tlSoEhUgU-~t-py4<_0(+uqGv0ZvY~oXkX}-`=X%dm8|n`p&K2y z2)+I$DWW*jrl)-m@6_V*nJ-tHh@gRXi5-p`qf|DMU4Wu6GFbNY>(^dn5#qTS(+UAs zi~X4HoJ;B!7MXj)8b}%bTdQ>Jlla${h4Fv7Ea3M7@B&C4G+SwP2=raIcpcH+f)(b- z5z5^Iq}tJinhC=rV~|p+ z95-URcf!+N=W66;z{9sDN;6r7KJ3g(Fod*qbmVv-dGK33ju$Z0vy_`R7f`yMh2Ov7 z9C|fzGyd#0Pg;a3P3vSU+jqH6G0A(x|ArvfsP1?EJ1EzM^`~D^_so%tBY^KZ<-@r< zWarJXBIx#=A>tkoRfOvL<8*Tj#9+E=q6GYYC>$=^>W4E}Xdn*e`)r-}zo!GiG@0cU z3;wDfjpb_L*)(48@!8CVpyb_N=RmEr;=0BHi}P2OX6ssER{7>5ggZLScnfSeR_{X~ zNsnhUW)r6zi3Il)iVWv$d{(WSscxPH&93dsT(2f9IEHj6Q1W0aNDg=A|MX+ABcwd+ z#qC#~J9_z_S9}Dr%AG%d)H?&aW3WydAlj^skkJCYTy6}c%psU5Re32*YJ&r=!Stga zYDfgX65$MbNRb%8$6MjpUL7E$_!pGI#YVtY==0?1sON1c#(o281>Z zOw#%fPXXc$7ueauzkK<^CdJg^KfH>GjjcAN2GA2fFuUhkfC(83;8{VC>gP^D5H^u@ z<^c(vP9vYyf_&o)(f$A2tdsqq_ary2how4HLe|1q@_M6&8d)}&jV;kUMo9#LmZnf? zj*Qy`6D1PmbpZQ=@HC_4&+v`0!X-fS00VjM=_VLn*G+H*zse{b8!|%sOOt6aWN@J_ zxRXM-;2EtbdA8zTH2saQ-c+r+(i_(}>HNt50U*-tlvV((OafrmwY9Yw0^b85?urwV zbO3i?o$M!&y<}NEf+6#gI$(gdRd;#15%=V6WcQx)@q+)zVKk7@>mVI)p)4Zr3IOXM z(vtKp7FO|;Y1P{lSYKDCUOb4Z!?a#N?eq=$AxiSQP5nWPP>usAOmVyxF|7JR zmg7Zkcbnk z&fggs0WGqg5h{0-Q>u!{iwD+#S!o`?*3lPuIG9-yN3zQT`LXI4-5uv+AEbbSsaw=JdjdV zTC>E)WGW)y!GPFV-XsBCOJEsDsW}fGss@_^oNRr39>{f#{>g@IU~_>+N=h2_7<8B9 z#GJjKP^k_=c1C0PH`5*Rg#F6CgSvcvwk)tUPiv{f8V`j$3(8+57OgbpIV^NLAXY|b zDqgL|5DBJdmd^m5h)+cY2hihdRN(^k*Q8%AYAb-VZs!(g zU>>2Np=F85hLC-gzV~+T0+^AqM6}M$8JGqDo*MS;JNJ}R6*3S2!wCRCmIx563cK<^ z-yRY~s*38{nf~e9X;4KND#k==^Zwds4z~oADq=a6E87KC9ripC!qG!!%I{vQ&IVDwy6cn=0mB5(ojnNDJ8Kd_}|0 z9zmH_Xw(9Si|p-P6yM1buWLO#CMBB&bXuOk#+D4w&Y;T5$|P&FZgTFpY7_vId$ubS z1WCGm!eHog^r+@wCSa&Y*tyX=7R8#?LuFDOv*QE){R(7em|?C14U+y{Tb5uJzYQ>PXdz+ zdNPqx0`Mk{C}RLwtRp7I$6p@A4{wDp8G>b5?qwbD=R(}=^^dk!uqCc8gT@>7&t@0)cR(3QWy&i(iXo|BEB`Flm(#C_67RPT)G5z_lx;o z+L-43`c2tttIB0^M(X*RHzZOX5Vw?)3>ves}mM1`XfNN#In(`G$nc2bd$X!j%D92duD z^9*<`)5Z}q01tg3A%TvrqO4A&B0==%;mbEapGhj76^c5a_&?o~pLMnGNh#NT2iyKU zC&*L%evZeSfVX3DYy3fBzSF_2Xfn=HQv;nXM!$FGI(E0k`v#Av1gY4iAHhCXay}=K zFZN<8+8H1B^18JTYsU=p#U_1SSbqq-Q;B;Ai%`oMpy)*z;n45*-Q}9njN#CG*TBL5 z_9uN#VJCrLw?(_*+_s-1e+(o`H={US4;WMk%Y3 zz$IC!sO4hY`@V=Dg^jy>poa;TCmtGHXsQ4UExyZ3S8|wrCGDd}w@LMFsc?li!(Td$ zL^)Q^7+4;@p!H|cdzGw2bTcuEN5%LvVmAP1SaWjNiTKgD=u{TPsQ9XY@_=N>x1|A* z{pUpQt2an=XrXV3j=wo}F~r7AKj^KOz&CCSz+a&!mVMt=B8LoM=$ju|M*Z~RSauz_ zm^(*X&Ikn{09vW%zoKMeAr4PWG?s2>)!^PuwK!d@TB?Z?>_%(3c5LpA_dgNmXi|G2 z<^%YD@yz+c+jWE>T-YNcdARIX%mucFe+%sQ>dTfrmzU?hLd&oE=NX_s%)C1&@KMk3 z4c@W#T4$+zq+qInVE@sb7wB(*8%qdV&F2T{UH@_cEO-e77rjO*qbCz$t#5Suzg=-s z4upG7N#nv_gK5o-;$CHC5ybt^AR{N#%*@Qen{AmR5c0U4ysG=W>^FBwkWR~oBQa_j znJ#9wZm5~8>2U5GrsMh(>F@I7h~B(_9?shPOi8wo7*2x*9)gVy3jg`6G~8BVEnTxc zWF44~uNd!$5f3zSbqw=cjAmx3h+>PnruYD~j{-kRMJI&7s7>>J(9}h{*%dtu&FIdX z5Ea5ALBX`&4uaNYy!tv@HHyf!*?QsA!>!=bexY25CfkK(AjGbDeM;V{Pl5kNG(tt} zQ59J8%a%EAXqKkVO?*>ri1_VMDGh%~h@cwuW1I z7TkCF42d~9nLQ{g*R+BRDaw6ZJw57dRZam%G~YWrm+JFh3==!W1TZr{O|(ChecoV}J{t!=flAUaEGtS(yPSl1m<$x+G3_`YoPxXowP-M-Q%2!M>1j|J5PtEqES$g3TDyV}O_ z%~WYzao2_pP3v2HOyBy)|%*&^zbSRK)RHf$xaVY zc3Zv4!ec%rd*%QnQg9v=e}y=bQO#suu1H-8srCaabSj((O_1D+!W@Gc(F~ z+7$D0&Uot5`cvfH*Q0i>xm$U;ix_`tBNJEv{oU{gu|FLevzsUi(p8{+|CaYe>1w=m zlgL}&YM!7V&-8R!I_3258DHKGnT^+KD{MAi-CQxDqbL4a^yPlz)#alcjlLEzKNfjN z;pS-M270wfet84E#IX+S>g~M|?gQw0L&FANCGS4q>dE`)Z%F;0aNTDLA=mwqG= zoUUrgeo;VUXb+q8G_4kL->P)4ZWdN`C?wd&1y(bvE`b``nG=U?KQkvzialbug#p@ zbJ%dswQZ2x;eZtH&@Xj)>9CnXh=OPG{jSG`tZL1#3Yc5D(^N9B2Ez!`~%jy8oe zrOPb@;Ge6a;Dgt|Y<#8X_En-UEymS2Pm3|Y5zIEQ2u&%S#*KtqS%QNh=L9FiYA@nN zvz~uzZ%Nk$eHm7juOB`Yn6sRH&dOD3p(gt@Yg$v_>dkXRwBl$66yWI!e+0h$gzTO9 zUaSOyb;#Quy6;aUR=x2u7OPkF+d#(gX4k2V55R`b+itdI!9No{6s`Z(6<_Lp#)n*9 z{)&*cqL0t7A(Fbgx8LNg4gmPTnu7SqZns^a~Soj|O!d+1SRbCdn(f<=J);Q)C0d%nEsbZ91EnOQ33CTMK;vd^# z73fzmeytq!CQC$kn*x@NnQJ$2f87~+As(M9==IDl!dpkJYQ*=Je3y8yo9*heo10N; zHUgKl5p)pwnhqL63;mkrTOddceGz9(v5eMdOToAX0e-lY>pi52h_25b(C}3kHo=Y@ zj>bvvDS3}$BeCBNu4oyGS48OOGR({XC&CDebgU>AfVlLs$>3e~vxq!q5EaEaIYF1b zVMH(#^y@81NE|up*>HLC=um-{>VdNoc zR1Go~i{oOwu0b8IkZ*>w@HwjHZz(?)xcD=KV|SOBh>aP1)0X)tlbeMSn@$v9%_31R zyj}Q%f+0j=vT#Tscvmjw1)*S{6GyLK=YQ}F$vl;9b)rG0)<+nN77udTi>fv2WTYlB zqljswq+hLl{zwdQew6;6nRsDsh#4jSZ}w^1rTaHnu2$BVpQsclq1~b5Bm2G}?XroO zQ!(+uzFa~cdHBHuUT&f7n7$KDDY z46F4`&c`k~eJq|34}^H^!b0gd&@7eutL`yNf4|PCFM}a&aVyk6usQ2~_&np8^x{;w zH-fB)1P(3j$cgy@T+u(u`&VEE)+vQ2YN8~&P(R%OI~dVQjM9$#^7%x7qwyR@h`$Hm z#RTy^Aa*$KZ%Ye8{vhpk&L^%|F|F$$d{$2&Nc(j;#UeSMRVl2@l%dSZOJqQ5=-D~3 zM`b6nOU?F#cnpA6UiduBuerX_afU&AxWzkhBhrd~bd5y3E?6kVyXxC|6!QCvXY*CY z(~>2zlu=dBklyF&h5EOFS^&6n@;0r70aototx1h6m3r=ijVtOuzh;E3p>j-<#?!w! z`OcUk=muxA4n<@@IWD`|jjF{uR1r(S(~s|?h|ABr?Sa6iYygu8Fy_JKYHk_QjQjjK zP&V<&Td&Mik4a2OZ|=h9C?z2*z({!V(KeZ#^?U-fxr(qsP+O(~=-B|3xC4L#!C?C- zkHj?g8sE$1s#ytC@ajeNp}G#SN+feRi|3L$nvzqG5&I%flG_Xx-n;h3?XsL6P(6G@6+ihNYr$aP=Flxa0r3_YpxZBM z)7^US%H?$clp}3_e(^*kXm(*fAmSFVVRwCh>n*I=Y>veTKLrkS$e7P^f z*li45RK2v^kLg>XkD0ZP92=B6c^P6b)(b~UB@nSKJ9 zcSkkx-^MGTbU*up4eCZ)g_ojQ$_@o&kx{MfAaGT1FEmX_4~U0@x8Fd^FaHs;7e*ZuyY2q18^^-{CJEeB@6K*y7~`_ z>UkO%~D#lA(9sz(nnAbvcezWw$BJh&5O*^6c9rd?Y zmflpVp^*c(SBWCYDs)VFuog|Zl5GBmY;~A=u3Q%BaWZ`Z%wqIP{N7p!%Je0_M*f`N3_e=pQ|3M}_UGu5D zhgf8#m4vDit}4GN-S>yo*(}fG3e~aRl1GQ9MEibgxrMx}zc--}YqWm~v7FKm@VZN^ zqF&4$GbC>jRfx!_TfIUqsZk>JoJJ0x2i|85$P@oEqwKr?p zKl6+N&g`2$)j3d)L#;?V&i{vy&6K*A1cR z^iiF3g5|d&PxilGeKE9PAVOM7OUTO*Sx?*?s)rK+_R$tU0H{*GFTPLf;*jG&SgBy7r;?f^l4-P%NHRd9c`B95fkr^jjo#Y^SPH;q0Q~QYF{>e9=;A z07|Cz=Q!cTa$I_-zaY$B*xPs0 zL+>8_*aANL)9USCbEaH zrp0K)1UZQ?GYNLrxkL#xue~gyA~LIhc8DI<>~=Ks-mZteGA?8n3b8{29kU-`JhzW{ zR&0`tN%(44>qoYtE&uER*8+#|v&$uFNeoDXj9#7}Z;PX3 zo3eg>*_40h0m4t-w)&c+q?d6M}NgE z3Q9bqZrFEVAGk6{By!B_#i>q;TSaY5MNP1gAvJ0qTq+F@&j{>7uh{HyGH`JScc}uL zPwLPjP~xm#I(y;Jv35trg{zReVP<#=fMHPt6aW+pywB+~;52RDQ!}f0pAxwbcKVx) zuxaO|P_x=@hFD#%4+rbyUws<7gq&~Th2a!{B{1q+T9-3G4-Rpj|FmKxlF}YCvnZHh zyD_Q&t4g1CN!}!F(DULRaFIR(Xu&5Gi9fH8h|l?tu=ug9LZJNT~^6Ic^`#B1Ywzo;tvP!?4O(i-mm5QLiSt0Gn`{dKq;=lH?a6RJ8Z^_ZUV*w zFH_;J^U2Skzo+jaH=7`WUD-F#UO1BIvt0&9>=MerYh-IiychFi$Ki?^33!_l%+-mNUto8_ zs`fkG3l1M_cZC~KZ3B3AjE^6F% z=g62Ej0`I@@m^Ty(SU+4%?{gP76}UHtp7v6sFd`^Cl0khqV_oc`b%u%63E1#x5XDnu<)i9PxoX^L>GOG^41>Kv|vjyAkTZraZCJXzt2WFMW9(ofW+H;Fe| zlSC7f&bO1F-FWdX{(!sW^7uZw%fy?R8U~KqbJp|AGXfKh{xi#x$-(Z`4aXE@7r%|RrDgXO(G)0wYLEOsHqLgH#tiR=aH>vUjQ0nnnn>JVrEY->d` zYLT{ct8&hoAc#BCTL&ZF-g`OGrlGldH6<98PWU6dZ#`*uunq*qh(QyxEoWq1Dk8hg zSNh6Cob3J>Q@btp<^lszptYUtgPfqFkEdvPx~&k)5b#+}`@GNS@8A(H?2ODg_>?oE z@;Sk;rA3m6nB-eHFMTEvAy<$_eDdvHgB$9381xLcebI%#38<=m3VD|$VDW^NGbPBx z5-QPbHto@AYdKklu2W&%o{==-ywe=9@PdHU;4SK%{DWTo^G-YzkyMBB(dYOx_q)pg z7L(N=bL#3xx)&xGOlP@+$KI$c(2lBMJ?uB9=_o$8aB8_pC^;0H&P8siS{in^L3bWv zh#_L$*WR@^=5iHlB$#y^)62L77U&}Z5AJEKcyDW)Cli+=nuoODB71VE+_bXsP%7nQ zK5vV4ci%*IP~b#;aV+Q^oD?){3sL3eV*Ycj5#nMPu_4I$?JCN+!Tvfwm(NwczKfkH((saRJ9UO( zwkb>sudIe*td3v*zEyYCCwX2bN-5Jf`LNzvls@x&A|`Io1N5m1qn?D3@#C@7muE-Z zNcv3LLMJ^U%|a_$hW-7$&>fXFIv0McJ1bYX>N&MbL@|mK@00RW^WpfitR5${C6}jU zUC+=#f9tJqrvK^UaKjUz=3k2pdHnDi>GOpr5t%LW7#2`GWcQ%&1sT&Cn*9LEc zj}=nF#ZKR-@e)RQfI}6Qfs0bo^h9YKtM(;9l;|-UMYsnrt`@YQL7ziNj3m`$;dOi6 zkCuOZK)6~>u$y!e*nZNFB)lOAS44O$wBmG&WFjQ+6D*i3!y%5tDrUllFj$GUE6T^S zw1QileBZ)07pomtmflw9?wHleD9Y;@UoeQ8rpG6v6Jj4SaVe?d?O0^JqVo=XJn)1c zTjt$eY7B_&)9gEYL86kPFJd6`N$5Sc>!LQVb!PmsG;0}ic;5yEjpWjy%gC{?O27Lc zq{^xx36uAw{MOmni6B8P8@XEJ^5wt$#H$edx^>jeQhxOriwyIzF^+O2PLU&F(W%Wt z*FN}?F;8yV&%*7md*TKZ5p*osP3L-I^PceIv+eJ4&t~BfbpHP0&vf0s|829Y#_eXt zdBJQ@Cck-VV)3|S#Cj8vol$~0USdN#`5n=mcODXuqm~Ijkz6CP#xQ=#`9g{1h0!=q zWhR%7IJPgV7#rX!_bq4hA?pL@NlOT0IDROUFzh^jr+J7?ZKAv)D1*DwI)6Aw$Jj6LyWSOZ%{AxqJd-5fwn^S*GA^Vq(jpk8P2u+OIbQ`XZiiz##OG-HXPNygozg3s| z3Na)5rqP?>HYLmU)|GeemaZfP-=mK9Q(BnOO5je2rt}n^HFONUI7a&+>Wf>P?0VRp zqmFB3hL1aBx({m#jdlew-;24*Mz|@|2dH^>>->NhJh7?A%Mlh3RF~5e`l=}SzU@&q#Ss(xfsmyo zflqZ#me|(^S=CE=F_HWt6_^0#mH+svOTEsU<9hp*RyeW0x4x(|_Vsr}B-cUX>)p$U zAXgg_6*XH9`O=X`fzfLr$vzxEnbOB0q2IYO#F;Y6MLT^Wn@F2;y-NaZ_n)jw=Jx1T>5p|52UYhQb6(+Xur5AE#{>cxX9 zjsWJ@bG8_zw~pAH7>*wBE0~}>E*whRsXSlbXRofC5E+O=d4cUMmY|)kA5kT3m^2zj z;FvqH_L06r^vPPPm#*nQ9YSSTs6FRZQbIm#CFFFulAZ$f_|$4aUa^sK+&W5e-hGL7 z@983}O)0uGo4M3+jvbDXp*m zTR3bJ{gDhp!BfNB}t+xis31~yv$Ybab*BM-1$r=Wa(J=G6^;NRD`!o_Sn++D3 zJ=XgRDx7N-Of)VC+P1gSUz;~`-|^DWeJdE1NJ_Dk-R(0cFO|boAKD_76IegLLj9em z;mbUZl)M&Q38Mbm4Z#IE`a7q;<-|p@RSC8<-sj`-8aYSh>40%p;ssGbYO~KluoR&82s)G5Y1!jMWmk!&t@f{%-Kn4ww$|VXAnj@aIL4*geg($bmGvJrcFujhR*J~`pwTr zQ!j`jTYOLs-n%TR%!tty#+?M+c#W|32jIlGidsrauebVRG;!_xv*RunpX(TkK@Pvu zo@eW~aWD*|5Ow)A{9)owPEOqJ+vLd(jXa`TM#RL#2-lC=+4@P3fFN$FbWg%tx8(d} z&O~U*!1D88Uxf|K$ftZh#Wg+`OCGM2NWHvDCxWB2tV3tLY*qZakb3pIt#8fSOyj)7 zMT_gA*aL5FPvuD-)hlz=MSwPl@7x^m%0MwEgbbwl?K&A=9bP=?c`l>KpB4;G&C~@0 zXMQa$EK#XPqraBc2;Jr=1dn(ok+~BTv@;1uxd1#ix=NAYs5pl?*)N^EFb!eOSnq;X zfYXF8e!MeNy`>5;2oCj!nd!uA#A2m3!+~1M&Ks>uRQsj(uxoXzakqqY>gQi^RIH<> zs$wir`M-ay^y%#kX@5@s`PkBhH0j#}HwU_;I?iaR=iSq~WvzxDvg+)^*-^8~~3x%y+qB(Xd4s2DvhkrPpMl_qB zmz8>U4@HVm4d2Quk@L zF^p5r&Q3z}F?Q$cJQ4`zi3GG(yn3$L5(+qMEC2ypML6X^nsE5TW_P7N`^^f1Nsf+p z@oZ(rAN$OOr$1#ls?T1@GGZio`daGBq2To^%JR46<)BPsq6_SgwVon|?t22A&wkP` z^}mjMAIn#8>X7)G_oT!IM}= zw;IT`_74mXKj(nm0Y!$wxutnT1WHif=yY8E`EAu|>QVK+*b8k% zxwTjN*KZYSp3*C`Z5rel1#D)-&5|X$8q+h71i!uMv%me(^ZJLYEl`u^p?1#AJ)NHjJ zA9Bf$z+N&!92Z4$eo>%<4%`# zZ{hEMbAvke;>+_q{z@_xF5E>P290)<6I4Z))FE_0t3=$S<^UR%Dl7|Y^;Akyu@ z)#B~z*?MIZk{^y}x)KE%qLMH&;5=OQ8C|K`eD-7d?_I9Bb-`2btt{?j;^4W?JEJXS&_y&RL!ulKq6pK$YVv=+?=1r zZHk~jXOtX=LQuZzra&(c+#q2N1&7$1VYdy>icU!hge>lPl#F{hBT(jrW@L5fL-2X! zIQE8>VI#_or;Q4lnvX*;Uu(V$ZC`BQ;DJD7Lnz4u$OwHCp56ZVs9bu(Z|FzKNi5c= zMnZM=aT@`1KIiMf=fuTD zjHx7bzSiEq;qG2ZAdtv!86L}agt9zReSeFy@pMe${Jfpivr7ZqX%8e}d7wf5F+?Ew z<>2ofrRniC_mUgnQdZfZ-2~7LQ6G(F82ww)P2&i16|1`$U4-Mq#SYaGPUw z3?IUhXC5?;({uifV(9p=STYalz+I-%J444#MhI2(o9k8qkQz&Y&KU^XkL-f14UhGp&HiSGy>5Xiqmz@fhHg|)aWNKC zVFuV%CJ{@3koAJhTFmt)%thd9rk6&4%0y>m{Ro}4=eeb z4f__HePIPZZ5tcbuqTfAtAwl>>O)m6AM6qqp6i}o{9dRKm2GfXQ285&Orj9{n&&l!MDY=cq zFN>tmJ0qSKMD35yT0J!Vw&J?Sog<^lAE`fe#yb(PL2+rrjDyQ7TL8Px~P?t?;Hehe5xR97(6rk)1HU ziibu$hOcb9dKJ9{E$)RpQOjB$zja5bb4$J2ciUr_UU87~NcZ>aW$Yi4WKl4{O~#Jx z+?iGBak$kl2lK5z<*sE!<;NuGC|$jV!JFBN|9gW-+6nsd!GE|6=12o@-BCmG9@46+ zxL{!eAX=-SC-?OGuzP;#j=~4+Do37_fGgwmTozm(OXn?Ktda0n$-Zaq-?1w!g5h8> zl>Sk(Lcm}h{~-Ifx1-^GgmoPUoHbj!W9NYWzB&Ml$UaCOc_w@RSafvuMM@_kg&HLw zvrt}avfMC&oJEvmvp2H(arO~UGf44Us+IJd`THKCcX38~NxEGTcLEt8Pq60W<8y>4>Qs6d z=Vf>IOGqp!6d{=`769<$HG9CAIzmkQf{4id$kNgsW802e0OyGGia9-`+>Ko@cZcFy z0E{}|EUp;O28&~&HwD6U(k3Ps0O%g6KH3hLJG)$4FjSv*;;VZGsU8(KJzr@oVG|Yg zh_`|&Tz3Wwbe}*TB2l0S5z>^1N~(%j;CRcdtn-lF|ZC zdxhD<;ioM;*0lgNHU7(yr*_CIBrP6r9cV+}-Rx*1UfBz-oglI(X%?piVYPm8Gr9ZA z&FZ7+he(rw*mjQ$GWC-WH5>hWTVW=4(cZSxxxe@_ejN&arYl6!e1bB5>kuk^iZKJo zywjkUQBENBN-Z@4ijyO^4rqf6L~I=)*_sY1B4h7J0RMFaQxS`)imvjHIW*x^1yhZd z*$d&Jc(RsH`C@m{ZUe`ZkonnN!ZUa@;efq3j|8{_aW@rHk@X@v37?w+ylvBGh&4N(4_y%?viWa;S|; zZ}*-+1d_m%(Z(u zwdLm=#Wf1Bs_+j}iBQ(-`Uk2Isv~=x+-I=!@-EXTdwWYD_v10gR_ZMM3SRPY?G!?; zXg`UmED+Eu^O6 zR)GqcAlzL54PJc)f;xhXGpF~g^R-Bq1;`fM532WE z*6WTAxF+0Yam0}6ygpw&Roz{}9S~Ydkn9OxcOZ<^?3@xLu1ymeRonHIM+tC2W-2kM zT4J7DB49y+AvF+;VX_g5cVzSP$^^K=u0;m4NjLPcj;Z!lx!M=K^yivMmLxt$Egdr? zzS%~PtlyXrbO&CRi6X2Q1E?7vqz_Z@HiM{~kZD%4#Ip)wtX)MmUA>PFkj!Eg1{qDw zKAI|u_nZ-J8k!C-cRO5`0PrQ?;><=fBwUN`X#2Uc-PTprgm@eR`{t#mq3l*K(_=dj z$dCs>m>^QKv;c%#iWsA~q^l!s)$_l6D#&;p!zIdI%q&NW)kDljZrRG!rJr|$EY+Eu zpjF_>G7tSCOB{!Od5`Sc_}z~xqGj#eRH@biLw5298??1iJR`Z;Go+$Lk+2gq7+Shg z*QBm!B(`lp{$RFzHUce!cXy>ZQqfb}bemlcSKjR$^`-vKZX~vK{|F80{z7sf0Z)-w zsC+`Rd}?e?e?C!_z^{&y-y-ViN606q4i_pG%w=UnAnRF%vuJvX77TfH|6YyNYvX6v zpcoiBnwo?2@y@=sC_R2wXP>$nJx>K6tgvDQ*Zi@uR3sJYIU9U5qlf=j#n$a6<7s z9cO6mv6zUNSiBvq-@nbPwer^9{5%cn9Rd%6A&6>32OBMO(dl=ro^G|@MywwhZ$cs| z@e3Xnv+6W<3*7!pZNK@gTPyS8r8L>L!vF(0n^Nj%{Q+nHa?RCv0k=CRaiz=te)!uiFng+ni23dFDF3Qk&5ij@L2V; z6v>xZ^fp$P#}kWP9yV7)U^pkLpPCQD44~VbsdWAFJSdTj28(UXsZ}6SFO&*Y(fKWU z>Z?2Rxi9%^SdZmiZg}YRd1OJhd*gKI^7r$1k{<&7kYZGQW$I=-hrdk{msF>HF_gAd zC%(7z`Q}#}ooQ|9Lm})k+|4jP`ma=!*VvyMzYE5*Gq}Y-Gh{P=HZ6)CY^QQe9@{-w z?rilhkw`@0^?I~NQk^?7d+*3!He5z|?EIvWF}14PAgY@$xoQ7Ay&3DRbu%Kl+k-6@ zI-wt)U2@?aay&3brzv~Co`Ih_z~ZEyHJ3P_`3D!bxs4t!hfqMJ)3a$j_C>_SvqUv0 zVaqBdAl6MLqXPjzOoO9XGp4RIkbjLwl? z`p~!&a8`u6!H)}HADb07Ry!GzJKN|(igwFp)6VGhM&wW5xj28yH(|2!MWD*`J*^6! zX?UHPVuen+@HwcFGvjjtdZNdViq(K4^{e-mZXFOSXlLu1$Xb%hyRCO{w3yUVIp&x* zW309`rWUD&GJ6n;=;GCJ7WLTQ{*Y|>L*?g3Jh#*sn{SVmIeGSCAWn9d73;dWovy3d z>1zIHzb!vK&pi)`$@N*h1yStNigwuZR12iW5+8}Vz-e8$Gp2gg(XU&<(~j+ia2@MC zCtKF1=R~w;i*H2!_7OjAU&SkhP>7#=SX#&NN{jo3+LGsgE@PfnS3-76d3wm`fi2C- zUQmJ&{;p=z`uxojtEV|kV@{1^uKhUWb1_ksO>G(=SxHu^y zsL0%xYbl&&s)&kpBHX&4{;-9KkN8M>cF$(%*aYG4+H7X7@$>&K8nOn~(%UNB6@Jg=w7zV(kxZ4HG~IPowKd4{!^Y!Lt?~fh%eQWfYO!$g zDxlM2CpQYz591Q#aKJV;bMQI7uMiipa>P{B(#lo6!^9a;@J1a>n=MP z3D$kN6e8QSfj`kyxp%qQ<5_dMM`iqj=KCD9{d*W=?VmxqroFu(FLvK)+QynS2d~sH z%?7!tOz--T5kW$cbpo!e5Z=ybXTD)uD8prh_ef)huTMH z=aPa4YvGWo1V}a!kt@8Y4Dxll{3J) z5dLB|jF{fCoH~G6Rb*5@Szo?7=$>ga4iO;@z++x1M5<=Nk1%;?YTcAnr8o$IM=x}hiG)%+o7W$b5R_v`rM^&E4GYe#8CBl+-`q}B* z!P=J_A5wlW_hy-CrOBNoR(RH!>ilSmlyClf&%IdP8-n}pHa`F+wZ8g-?Py%N14EK# zmDt}D=o3@cNcsdvH}(^ppTzb>!r1?94*3bDY9vt^2`)flga|p1LJ(8z$WX1HJrR9yPqW%bRSqv`$VvT(d5fR~%Da z8~cDaAxFR6M?-9PKH|fR+%YU!51ysK^wabTyO*24P%&??ls#Ry=2`umf9DVftF}6j z>jtqLd4bHs7og^HTbcH>*$+~g>GLJ6gsFxi3ONr>(11nukw>tp(NQU==3 zj*row?>{WGz2to`mvWcJh}OjZ z><2+QbsT`^;*HlMsLEX9qp zNs^Fx9+-|D!&1mOPcbDZ&+ML6d{}uL{+J#Sz#M9)k zj#ky|r_nrO9)ai=G8!pwMkzEgiwqvxZJ)Cbqr%lldC?>r6m6ry+C?EY!u!~NrF76V zgla8Wt;GWNA$T?baj9akP9xV60#6}hl=C>YXf3uXSk`xGa?h|C2UXs{({RC*F z3SuVh1lEiBo;|o%n9->j^M&%;g5&5amwJe!tlqbh0Xx&IcXcE}>mR8e)ji9wya4gS zK#d#Ufk!H!an!$nd?-Ko`~<2B)Gkk6TR}uXcyBI7g_A19jzq--HyL!xaNta)__~a* z(5l`CWnOsr|L|NP3%sS1GXdwb2?Ey+oPB-;dO^L*b`Ur-#Tgj9S)J)vZj#cPm>0ji zRVfZzQ#4sCwda5ryFVMkmp5`mwoz-CyIeG^?0h zTq`ZpzhzKK4`f0fU^(2rYh1x#drXCVkE_rCzDiUREq}i zR_e0PgBxa(LBK=X*_}{LXeN$)u=`pbxl$h#orCfb_+#%uO*qvUbROP`?}~m~_%>?) zy|7Agj-|<+P(*BXB;;!~VB7iBZiST|mXBD)KVb3GwyRux<&QV~C#}+hv+w(jclA}g z5zt%{bx(~Q$CG!XzZrHJmbIohISFg)LN*4pUF^`qk>^(QdUl|xAb@gYiC}YM;EQ~8 zyOwHx$e2N1DcX-Vlf}Cl(gZ*a=BVAB!KM#i_r6p09wM1`{^w}UkEhFF6A?68lV50T zt_R9Y3+S0ef`>fmp{kkPdXo0G98&dMV02XdAz=xL=X$(tBt?CR*Em zbsUqAY9p{tKYZPdvutD8WRK`_+nb-=rNb6=CCf?7Um2l+M5Mze0Ov=3{&z{v3QDd=>kv83G3P&}G zz{?{$!O~Z{GM66#|KXfiL)USvKgqcIq3y3cHknM-ag6?Wme67#XUWI^m?as-$y8#m zp6bc%c0*wxtI|RT4=ikF8}3HmXqvIo#v?T)CCHhvL2}n`TsDIC!9D?0{Vr3o_yG~2 zL@FBKI2BdYxiKgxMb841oS%T2ScH6_!IsmI>!kZ!zN$JLLHCin`6d+|cVB}W+Gz5x z?hAzOtG$Ym^QkR~h;^23gi%xed9G{NvvKZjnF6f7uQhg&eXXT7>kPecZutzBGx`?DeIeyL6UR(IzzsL>+<8-kl%e0T(UHR3|o(!2iG7pJAy+?5`bzr54foyT?CM8`v z@P+W6DKFI-4JLf^abiVXH|i}9^*Jch;`jOps=aWxtAyF>OqYyZyjEhR74x;}-(l}( zsr(@1(pcK_G|cfpHy7l2k+J%c8F!}b0WmYUdbscn)7N5G2PaQ2F(OHvjp8My}_d zHC)pymkZESgXGNqc)D4=@MM=jl4as9%wQivcOPpRcx9rn)=-oLYdL86}h zTQyU)6@dPK=&`bY9mz(bI%XsNkIlX5T4T!Ux_#1-W78QaUjt-uyOVm(9Uoi_9_V%* zWaJ|^?aE2S^p5&|%Z@;P+*Ix(J1iRAnwnI*fe z@qcd^ckULyJvq`sW@O{;2vMpTh?>dU*>M6H*&l2rDw)Auf*;?%+JEcdc{~e$*P6g% z)>CYGZU5_oBN<4j5pw(P3YY*l$Nu`-&vYXG4}vzcB2T34?_-2(*HCt^w_?PJ zdMeqvgZ)qPpRzMb5;buM3_e^WxqvBC9&$JvKyNe!0Sgae5o82DoJxccI7K)h^dBmN zD}ru4n9YO0C_?as`n8JJK#W_Sf5WK&SaS}?tho_ms%F9C5TkcN!R}tmV~QY5Nc@K4 zS&Z+5z8vdS`)!RKf+BCOo|cP%vPw^jUL&;^wzu!Di!DO<>>lto0BC>f_U%N)2p9{b zIO8s48IXkpXZn=61T?5yh$3sZ`;-%e9n)oT-^M+vcKnrlWPTx|F2`ISIY z=%$<(;lodaJz|j@-J63<9#7(p^Vd!?f5u$_;t_F()_jwu&eA6vv#qnpbPhlY9DwCO zp@B@WxGg+$br`&H=jjmu13MgnF$BsL5xheH`>#n5yALN?+TF*;wnc*bDRbcQvv>S8 z8o#{Q4M0(f5B6z29(|wxHu@QD8g<@Y+&7U$(vZ3lNSy(s_N4-?SMegsFATQ)9OMp5 zLnZ)7z$j?*$wz_aK04$V;@YB5>9tgyJ$~)ku4_AA>3%&rZ2b31OuLJkxUjZ~``?y= z##{p59b8~{sAsBDzj*a(%|?KW3vYOM7_^G#ImM^DL473@;_n!spMUnt%V$i;6-!@= zWJUfz8s7jg`MfgbI-tjpiKBN+nYZP}HBI`JUH_!J4=d!63_638TMI_%Ng`96QVE$#GFy~c0`)rec|{W(8xnc>)*79#R1e#Xln|+GOpBCO;5{rwi<>s_ zu$+Kj6x44^hreTurkAHPxcLiJ$tmFXwbJ}oYf%2T&R;GBjSq*X(xzk7$3tfpt~L<+ z3&pfdrhqS5r>i-O4@n}!4V0WJ!-6NGKNf!<)7I8Cy0-y!eCH~OmclR8G1gc7*^f80AglZ!3<>Z=oB8*C82aB=tNSZ5a8AwMWL>g4##~&Fx_hk|{W$JJfabJ_Gqa%Cl%%}%9+#?B3)iqv}XjCaPJvoeIB+jN+`{_x#v>5VWV zT`e|LPDI-MHH6uzH1X@QbcCpaDS3^nsa-n|u`k!|a|!eT41uU`PD?OX!^J};W0~f{ z&)wh;{I*z6RHe4`CoZ5O@VQV0hsZ*xHVWUUEyuP^Uu!xPWlsu=u4}itD~Q>a+M!^u z|GrhtHOz+$CX7eJm8A?!w-_JfbAp7t-rdXtZ9AFNs6bmz`LpNKD9#e2>^bjsa(I89 z&8(8E$A;ai#+Y$O1HD?Qe*Om{x+zJ*EN6&NB>TCVVv`_QhW|PBN9dtG`xTz^q;;Dc zAIA|>r=foh^B@0UL7iYQcJ_*Hn^s9J7_<(d8th?yVUiT4arsP^JgS`3p}vH3n9<(u zq8-6HDoU3#m#&f*F^WB5enlYQpY)Ajjefk7y#t{`f$g)FpXN=UM4`NimLiCfjPD+s(UI`3 z)I+b9lG+->*4Ctzt4~6=$>jpiYLRcy9YXOGKm7S^oO!Oaof=R~Lw4I8yA3v4$#D); zLpm6y(`>IJ5mPF^x_V;!ymd`nn+cBBWs1@Ya>iReRt)OsbKRf$%64NTQ`bmQxbS<# zzWc`ZD-f(Rp(HJb$>Q4o2rn@NzILF*1)Nd+a6(=w0YVnk&4taUdjJ3MjLl^tP!UrP zP=Vh$b0lr$kDx<6%WS+QauuP_*tNQP2GAL!-p}3boq4bZgbobR5sY*XBAz7VlA#db z|N1=qgrC1h#S~31D0uEF2QqwO^>2&7R$V6v?)m$3>XRpKOxp##@L(U=h+v2NYo>7N zg7NF7TxPll_i94=rBCjPl1g}d*QQKWk~|X#QDkAf~id~58JQl_vnOBadKa#sxo%w37yTq?jm)zEfvkm4Mz`MR_gdue+eb2+XPlp z(xe_W*bWX4xe+~B9WT5Fb`bcmq(q1>z^negS_*werheWzK{jIdQ-4_r;J9)uyXtK? zDM7Xu+%X+rzmp&bb>YJ@kmco2(8O2z_>K2_I~S|Hzl@BbxFm1A`e|L`TtE< zTr!Z8m_i=p#BOD?RKAICWJy~j9U_d9tQzEBO8C>>?z7O|YYai%&)5c=VvrGtwKv`K zrgNNxOOI&5C>nywL{(9=D@O=u9%|1)w! zzm`XnfZf!i2r#dK&(c?4!qp=Z%Mt`Ek9_uT)WT+R($DvPb(~4-e2T3W?C2_F+O4ob zn7F8ug-D^ppb*sez5H`Ea!Wm)_{}|0(pgs^casCAbW`ZYqYr0L_KI+ptgf9jS_=Jc zWvFNUu}9UWt8rJ0D?mf)BS$W*=X*Jp{XBo#n@R)=@0B8Ms;EwO5GX(l%8qNLcD1w_ zF!WPO;zvpTYzU?B`_pk`$c_UBmt17QC&=WHPBW)ja?0D@6jYK@wz`Zyqc#;E@W2Fi z;hD*(oBuZC1fK$6n-%fDgFFF*zfNCbF~ZW4tye>57};x2qzL=-0G;C_!pnX&#knY= zlQs6|SIj4JaID;K;zK%$@2)Rp{p*)s*Xmw?BQ(}M0SX*g4!!Ch#sAfJzq%Zs3MPlI znRR#MbwtpDN*2oB&ydnT3oDt;P>V(xuKaau`|Bx3$Tp^`c!?rHsA>gr&M^IJJbyio z2U3+Zf!Ut=G_pkx?#_K8t5bhJ178OoJrk-E+xi%;)a|=&@b?u{l5oZTooka3 ziijY4mA4N={$)9jA18GcS`mC!Uh6R?TuCT>!}jk1@o|L#SL#$_ApWc1?0qi_Vq>Hls+19HfPOTXZ=jU;0yPXRoABc`-&+8xT4y+s(wcw zp)hqd7bWbkc1X#>i^}>dlZ`?vnwY#wIR1W-HD>tXKu{C!2&Sk^?unuL*OSyqVM1-< zbwf{p8~!@uU%&ji))=|c***@h{WzjEm`R7)cZ;c`gvXp zeb`lTqwc47M$&qEm!Hs-u1-Du26ObkSx@u`AK;;25s7y%hGoBhT7I;q*8}hF$`?%U ztNtZ{=YBGQ*cDPNN&{7~QA{csjBibhULQtQDdb)C1*S;n=InTVLlBo5x4hte9Q(BX z`92}cQx~KC(wmCU^U28TguA=*?{>TB7?>Wi-ne`)QE`}|Ceb=DgeQQC5r7-p1M|oK z_6xQ@j@h3tEBFqN+8VOL&?3bMaF&OfGOxXhRq`968J}gpp7Yo|UE~U>yd(GUm$7c< zuRMJjyF23Dwf!~^O~iW{1WL>VJ#wzh<+mDg{Jl7QFrTQ@3m`DcBDsU!wRnAK&Oyt= zwk(_Q%Hz8)K-%@wrp#KeSn~bc*6t*B#^u3TSucx@D~i|WQU4FGdnr1jn1h9}R~XTn zk}d!Ur|xL@FEYo9^p8h<@`Z&KWeAE8-HR2>(KGG)M0PnMR8PUuh2w{>l7dHyS4hZwnsMWosK)_A>$gY-zfURze%&Y^@!6Gl73JMGgy+(5nL=1%!o9aQ7RbftRs8PE8OZd&oPC+@ zlrHXulDF()g?9~4?op(~(-8POOaI4x>C%K2XlerBAzz!sC!*ac~@_1;YyKd^W1Xp^tx4a9B75t8n zk|`e}C$K{apJO>Y&&|!vRKDdLUe&y&qiwF=w~(zq;A4tW*2;aw-(~f6ZB#7!7nsW^ zyrqHva29CjjSc1;RIfj;->4&#m#eY$C!iX0Csdi%PC%}Y%L-Yu))}uS)gU{)9wQ(? z`p3Wg{bijDG;5!SqIu3Nu~(QEwyiTydIsesD^gEG3ap$>b21Mn(C# zzn<|GJNu9qoRUUt(M{ch1E2o9-tRBnZ6VU>de44>+q3B)KkpdE9ltM=!jGz>-&Eets&1O-O&3@~zGRkzE<8vjNm4$gNzu z2zrF#+-8GPf6rnm^lIsPfa+x!W8hH|6krnAZDW)bQ@PEBFunJSMog35!G1&-we~at zA=0?RV8HzMW{HThKpm9DRk)gl*_$tYz}xEej&&Tl7cfb)24LG=n^t0f9!eBDZ4>l7 zpVwpt!+fIDW)G_<;P#h#Zxd>1$~So4KWk)h>uy}1CHULa9O36PISG%dHcBtrh&ZZB zozpedr+QffiyHRtLT5JY2d$X6DI<;h)YJ28!RNb9U1x}d=)Ph4dja7? z>SFyx8;?mJ2Kmk;nM%LBWkARkt~F;t&Nb)THX*001!3vBp29KuyV3er>#srO6rA}H zhjf7tUxull;Vl`Lz7>w9s=mEnb?sirrtuoC+}-AP*Z@Nb%&_{$7!w4GqjUq6M(~IJ z;G~Vx;>c&ru}fbn4V)aG$jTI$_1J!=DDXqHJ)k|GYi43LB?(UIDGjZ^-9B)E1ALgl zy`aoYc78pa;xw)mpYWiOa1|B!_&xt;#CYf~&ACrKw2>bG%~A<#Y)c zT-= zESFRy*^}xj`N(oV&F3>bhvTeMr6ehZeHGV&oQBAnu|PPzcZs6tA0Dxv&s({OUbBhj zbqtzF5v7#;%hR%qPH?0^+<7JX&jm~KrgZi|Ht-s?bucR_@gnWa{xl{emyQB^!T#TO@nh+leGpO|J|zQh*OfJqwbMF zGZqy+lMaLQkh|#2KgL-DIROMNjVD+@dkIzaSN}d~`jo-3V?C}0bzBc_Ay{{Y>u)=G z0Ztp3A&O+>$P-MN?&X6&{?y4AS3)@Ss8(g^c)+Pb#_pf?=>Ltw(XQ&;7w>m+y2ZPZ z&q&9rEX}r89I0|ER#2ff*o9Yd94stS%Mqg_ev=p`9hs-rF7mK%!0ONs7IP!x6edqgy&ZpOwzUr0QgaDhL z{bn&Hq<;Bq-<&L99MoDOk;=06BDWJPz%zFVq#e1F>PRSfdtvI}b?Q_}f&J{4Cehi$ zs-Wg41)%)w^;3&~66zsbonCv+3t1DU>>s}jV)a!zNl98@PzkL8z0M#|dc$<4IRr2q zXuB(#BMPaI=%YkdJOCx?TFSt}wb>S6C^an&yhU;!pWo?Dc_mKr`%Uwu>w&y2SK~3g z@2oo6?mVAu@31i-Wb*E(eVRto59Gl~zU~{7pzVb3N7bc3>%4NzRBs;2?wajOh8}Ag zFJ8Pz2=c+st42AP`?NnfMS+RE~Rc3o~a`c`$0jsKYpC=-gRlr z>xiZE@E*-bu~mdLT5eTP!Eu2#V4RL;*Q`~&&LA)@W(!RQPdmBj*1rF~9QalbuYyJ+%kxBso5Xy#= z={r2!dk{+WwR$TeWFJ|;1t>w8^Qh

cgbFP)cz)ZKQrzZy&@O0LH{6;x6vB%t$njE{U&wK5UpjC2R!j4rqF-B;trG3-Sbd;a{YSPcgWisDi7T)GK z@icQPG_0Gij#6;nq(A3chs|@5obM!Xx@V^l$hz~bmBwjov3x6TxnMW4ZhiCUo!MaV z*(t-}(XU?UTk}WZ7;CksIg-8xh-`U7V>mQko3_;N=E_FYC)`9MId%_&qv`<#83MC) zY^)`jlK4z=qav=nj$2(qlo!(7pscSLaKexEUk@vR zjt&BFr>}%k0Ru2)xKgtasr72?jVJ$jJwPFF<&CE8<{XMsV~0ENE& zqv;h)d(x=8Z7=@bckn}{=wu^yCtJ4$5GYj+3>AA{>zF(oC*onb;;tbHm*1L zzg~l~p6(w@gmXJ0f+80Ty{U~le~>P0FNJuc*-z%IRRvD?;7}GpT@cCj_2ALYuR4cC z6bBfSAtGDz8IBoe%D4B692zRByv@&=+vFV~Rr@%ypd=x3Ry2pzv*lHrmS*MKOxA*i zzDLA1JE!&&Vv&THSx_@>2BcDWZ-&CxzJWp~r+kA@0!FzAG+g0RlKbmuNW`8Pl$+iK z?xkbfg`foYNkFyISF5)PPx}+CZ+38jUZ+yO-f>p|I4MS|eOv|NwP1gBQKq&Un38PNEg-Q zhlJq$ebg1#FK6Ap6%Ys)Z#|q(Az{;bDt11+*1^f?9OWUt``zV2KC-q1$FHU%;ZMmA z`qAX)$Q^bVMd_szGU)5lPTfiMe%wy7Ik4>-_4G!2e~raPs)cSH=LET=C0VptLpr0y zSiZ!d{aCPNs^`Nhd5OT+_I1AV9zr;+A8O0x5kXv?S<=5YujYq7^xW!nZ67{xmIM^a zMwms2oZ-9OSzrGUt)Z@>MS0^VQZ%yv^|d<-c~y58eXa9q?vX|N9l*@sAL;}UWM+9U zC=FkIc8NqL@LYqIjzItrvH=b>R_@5;>laN65Jlcz7Lbh0w+yO~B_DWmlB1l)Uw_%w zTQk}#d@x6J6;*wHuzahwwf;-+#GPlM3Mrl_F_Qbua|>zt+}pVr8U?16?ePsxT{vYk zO_7qV0SnJeHt*#p-=7|^P|sUCDsZJSRwXeYKP>%jzE~4>eNj$BR{Byf3&K=E7Df8{ zll1g7#HT1kFzUtqth8<1P%O+WI)fLki{>7a``u5;b&bgitCZ#^lI+3i+*<2QhUyD* z-XhLtzE<;`%Ir?oYV>Dd^IEShjhBrOSU#-xWn|;I-JiswU7Q~}V==t1Dz?++2kxf! z3;f#T-3z!>V!lDCYe5ZMJMwSmUEg5FNOOJjWl%P#GRX+#zj5g&TlW6_RR}>i9~jBR zCb7-zr9{$mN}%i{-K+Qg%JjCHW^)&8|CNyvWjS-j`%ocp z9Tr6z5dX>fZiip8(oPq+wfug2@#6&%G1--+(Bj(LOK+}byL(h zB9WVuN9fsnYIx@`+B4@WHqHdpOxgvs^o069?WJ?<+LL2465=d~eiG z`uK*?gV4&7mG<((;UZe`AGp``rA)!0SlArA?-J6vFy@%#o_gZ z+hRYiK4=@HU@bIw7p>E*H_s)9Yrnz2%5dEBHdYh@R;bFB=X5hT>O$t5wm6cIMEqW< z_xpQWy+Gf$hD@7*oReWN_XRlwGnJkK)oh!}OmAD8B4Z+eM`^r%Y)gau<`s#Hc`8tM z7<51yeNfP@U%t+Y1ayN?{~LrTm0W3w*m`}*XrS|Zs6^p|uIPha9pv*_7Wa-m^I3_= zRNm6FA3cf251dfz`N=&fwJCIjmtNDF6|dI=LoUTQ`spr$ehc;1)Ex+4K{XL=`q zDQem(MLf$}Z>Zkn!U7vT4mR@6?iyI?K zYm4@{SN#|{8jAHEm;eHv0!_*&TNaXw*UJ$~S-4nGO7&BfD_44Y`t@9VCW3+K)8CYi zyHUmm5%hg`WIIlCj=Kii5*FTne#&D{$>EmGn9t@iz}v?150n0Vg>EEVvAow`NUAZH zpKWbP{`Upt{%}FO@h$okI=BVVlVOa%uSkf8E4F@oSe93fZd%q?_50PM$k+Mxp;JJI znxdFwY|GFJ8D_6u0!nw6Al;!TrGT`gbSg+HNS7iF(jcAtn&`8>wbp+3 z81L9)|J?r`$0Ksz*L_}R9_Mk;f&W;^yamd@w95{BR?QErKuj|hIE>ZFwEB8M1ceHV zYK8#k;x13WK3%2ba~%Kj7~^1biWrCxVq9EY7>+al_pjm> zM|`5=w-b86zB9^RSmxk+Zbbo)+%OunV>KWHQVqjtW@^U&dM5$IPaS3J#%4jo;Xhgc z$BD>DZg@YYNvW4JVCe2$-l~%PFSGbf^rpwm_^0=e9-!wvvg{8?idEzYB3w8Fs2^p_FWQFPcFL(fq{HZE8K5O13p3nFH5F zytudohI<?5tD_k&P-lO|4$Ec!&rjq82fv6*z7OMvEHI3wp2oT#WdOAJMZn>Ne&tx-#Q%JFk|b34Pa1KKNc+_>d1-yUo z_&6v&TO0)?gph&)=R`pcpX^_j%}bod<52M`e6TVZ3EL|T90We9wPyo}6^zH5-@TVB zExJvsrw9lMk;TQuVa&`>PR=dOg>QhsWd7qoCLuX__}%cs?k)G?k9VuMiTrY%ybcHJ z8x&FL&qArp%~kH8NK5N1Xz1*dc5L4d%(?i%Ns#1&_lw7R_w3|JT8%j;!khL2W$J*u zKtlbC%S%EcqMWn%*jQO7C+;W`wguJSQ~dvYtRQOaH9tM)+(&k=K@^Wgb1S13O%uzjMG@RHBn-4=k(N%rf0j9)7ab_>1VMx^W#ss#nVT`a(W9)FFp69*cnB z_LDT=l^T%4i})vAx7VP#iIvum6V=M0z~d^L`u#A+jO=LuS$>O*pR%nW~83RD4|X2R~l4Cy*d z;llThWTomH2sX3xvYv}!5vzi$!ONAn6 zSnfMC$VM{U`B$bgD=D$s5#>pcp9(V-{qu6;>1qy$biiP*@!ehvc{2C$?@GN!2Szap zA&Nub=X2haL-G;^6>w6;4gR&@^%Kvvfw(p^b*s-Scr8J;8I|6jtNSBpV*H3$JEj^Uily z5c4ob7H1zh48Z*x16U`U>{RUj&$kgl{QGI)MDidGB)ke5a1ViEuA0YTsV{-eeQBK+ z7FJB=xjN;#>LQ#NvDEiFo1fpVblQfToSs41*_ARQG>f&_U`$N&n^V>6p=9uecYw%s zuH?xG&SQK`>3_WiC5jN;LlFxGM4)!MkDR%IA&aN$JF>6^)XnQcn10!;V$w>4nIH{o zY9+kR2>p;k;vS_0Sn&2hW5a~O1tk5_vd*LBCUn2a?{L@cK}50B5+vN*`0(h&{66uN+`Pgg$Y~rMJI8S4&b#>KT!MG4(yP{fa$6z_bu@{IgAJi9*nZ zKrR*%38JUj$4}2!1hU8yf_kxlo+vq3kPUp13(T1@Up2G16a9y5C^@`FQH(Kz4UyL% zmZ^XyT;Y9r=+``vqe%-TJ6t?Gk9^8;@Js;J3!aJgUg8g6%JpeC-yu9Y^U2`~NG|(3 zl00+u$BH8&BO72YDO^VSk+fAt&!OQp7Y}T|$hR}NfSp8i(0#1FM-PWn0xDN|pkl(~ zG$(Spx~J_IkieDUBK~$- zAteqT0^u5fF@(ccV`??DmcE6}a?)5&+7(`9_v~HtmxEH7?u}*9u!4$G=V`U|&`xSF z#ra3p(f8Ir%NF`kAAVoJ1gXUop;H6|Ar!~1TjnQwpAg2>_jI<|d;JiUXmfxot^-t0 zvCI!%&w)0p1h~ryFJ6R!B`aN7)jP(`da^FPMT!V*Od!#iQj&OsE>T?R<2wbFYEP|0G%iM@G>N{9dyVJI$PZ&Rt zK9VV7p~+jZt%9P;WHq-{i3%y439j7DnfHcH*~Y z>Pl?G@#*4#6==!&KTf?3tL|Ztio{|E1+<6*SW5>Aokq()5-f^Co;^$9)&hYB?E1z8 zfE0!s8@VKa?jCjkUNV}>UzeGpCHM0Uo6DNTPE?ksEQ`g)a}rqo<93X~rQDs`Cqbi2 zmLE0*(3HDcJfHUrm0fS>UGxfL^^!lA{5}3@Vo(j2v1br-xdX+?cAh}av;Gs0T?kqg z!yEzJvP8+ttG<}<VRJEEW{kG#t8R+Bv@gxj-<`SWoTIin6;-V2uP`T0_<*LVc)6 zi-pvP;W4mh_C9GeEJ7&Y-poV8Bb3Zj7>EHLyZFo{QziuLvsrOCS(CwG1zjIQFm<#e zQ@~cgGB$P9XSuVem>6wn#Ha=0>SH3V*$RE9MiLUX;e(qG9rBy!PbvEHExV&wcIemD zLcYo=jD@UD2ect9ax=ws3u26*BN-*Z%D%AyfHk&eQma*16!PiUqS zVApljebnMp69t=U3v8Q~W6b#i7&XIys8%j;N>9Js<3c1$t_0vBo8w7Am_RZDc>9n? z5Ve5*gxT4ZO`g(8S0ED`7g=EWHSv|kWA(HAs>$82Hl^2BwjTnWSykyKqkparNK|k8 zYgBiP2-dFB-y>3;dm+3N6e!V7N+9$yR>Cr<-20=`63o;TWy)Tc@S{YIz$_s61na44 z_6$V^b!Aa0J%(V_J3lU*?BfEWi$X}E3A-n)`j`+|Iw?pDEWav6B-q0=VGTtYPWJ$z z96}OY0G9G-33T>wzzS~p{xgLSk&HQ=3@$w$RD{~F<1oXQ4LC`}nR2n3a4AdM+aS>o z;sKG0JB&{777;fwBCasPzwl|{a6gQKU^q!}h3`%@!0Z~F;7QW2dwY=LXdlQtb%DNU zoghx#*^bG_cbC+EjVnHQa;v+pOtM6m`O^eBtC0|zu4sJWcZj{xy(Gq$T=S1%PSPk7 z$|CHE6o_%9Ts-aj+8_mz@TCqXlBodbsi1zXU6D*2kdiY4!_D>Yfc2%G>bAbDUWrP&8Fl)`>M=vjh>AKt^D zD9?1dmLnSt=rWp=AM|@rch`KGaAsWa%SIDXMx-0ooR1wr22uvSNeSlJ@A@bTgW$Dc zgS{X~kQ{a2nkXTWEoX6eUS`rx!ZJ_X+z_ozx5&uEXLXk{vG8U_5*c{%gw_Gz;9RVqz50$OujKfE$hhfw?2fnbiq~=zlQW zyk{b@S|yj7Ze=?}p|@h*&P52XGk?L!kNpUupbnMSP7&uaR*^P+b9Z>eeqBvl8;Q#} zrR7wNRqGxaQ^$n{j|h^i^abHUw+e(T4Ug~R99kI*FfCF=dLNMNoSdC40EUjxQO^_x z>9E4BJ8>6OP-X?b=P8=+l-PnLU7Qsj)j4D;akCpd%!{Chc7KhEfXb>GB(f%KWR^i^ z^kGTT`_Frxa1y;@knJQVG+(lrSzEJVs)C65=`CX>ia`)eZ)yDYuZcu&-cJ_sew7MN zeBk{Ch`u#AfQn#TxzzJlKYM&a&46V>MBG}QTj#qxM$-1e!Ihk2Vw%J(vk)7Kd4_<5 z4s*t57X*|`w*yUXQIGG5aaKZ+;oi$2V^3hk?`>fC3@*($$rP;%Xtis<*FSviM*(WJ z$rfJ$6cm)vT0%vu*E3LmrGePKRF0A!g2-7x_jM8wOTA^2R|hh+SSnLkHKZ=htOgyC z|G@$v+$Zx*<^=ns0WzoW5jP1!cWiUVaXEea7W;S>fe<;PZSp&J*qe9>tHeb>fjcTd za0I$prurxs0jByB&U3Igv48Rk{<`#P3((OxNUzQvZ=iq+%Z-DMM-L@(WKIHB6qxko zf{`k`DXj+4I7C8fqjRDHk$NfR=BMRVTb7p(*a^b^0ibBHe) z%~0V_miavHAS@qbbTj>pWVuty04dq$6qOw99sp3m^{(3CghPQIw?f8chQ@y?dV;=3tvY?}0+_GgcZ#KbYG z59pS*H~%T=z6d*hh{=G4lWo#&Xiu2um6*f_AMVGkncU4r;>!kq?*OenE`9bnUl5vz z>YwLa+~)TT2mWNMjXKsC@gqN}_vX&a7$mM6!x#;KCD0=qfgjp{4hAUx|G(z{(?hdv z-=40yZDwZ1s+AwZJN8508ng#0rtAu}i;@h^o!uAZj>=2yANwNePg7YG!|wNMI@2;J z+f08Vf$>lMGWRIR3)f$y7{Bym+zvNl1OUH)!)S>vK0+uG@h`3>%F{}kn?pg$yf_|U z_@h4Ya^tDN6fMHc^%9XLoH=|_`4fYDvDXX*Ks?RcF}(b@ zG}lh9^=-sMNPuU6VV&Sq(%HZkb{&2>KMC#F2@4Y1Sh`-#rHs=iC~c(NXvZ}mv~u% zjwO6^^^*zbgdFaLJJ-WZk^Zk^V{0wNR7mdx1JC3Q@iRvTXI8OYn>cIX@yej7kP78Al@=1}2diVEil_Me-5gzzU$!G5Rr^ zCb{<(>w&!}v?~A~LfuOZxs9C`^2htaSFq&4-swQPR(NmY=Ga&{Z;b3xp;iGNB4Jb> z17$!7lnXk*Kk~MnfZr`Gkf6SEsAWj;ALlg0c176b0V zqRiDnS-SrkrJ%F zBr+n>EG8qYCTeM6MEsO)cKNQ0f}y| zmu%j~=q}px-&27SpuO?qkJESa{RzFy29uM|QKZr8;KnANfn;{YMN;VEbfCC;`8(TqkE@8OY+qFOjPf>xrR|XJIepXIo1PonT zV9w6!4b)T0;ZiT4;k?F{G&i9uxS0UVUfqm0?=99~_wxHy@{x@MMD@Fz#Pi?ouC`|+ zpz8dF$9p!RWHFA&bSj2bhHY-k;>GS7P1clsR?ux5c;gDAP343o8Az+%Pn5~AohbVZ zxOoC%dl<}R!trRdw_|1;njU24L35surlRGW_#dVcaaKhwrQNrEp~T8wP~Y>5z3PEn z?R!MRb(z?i8v{5t77W(VN7y{xiuo7qE5$Vy=d>y6;-hxMo0k zMgeHYr{i2i6BhyGVcl!`zU_G7#!lk~*O&<)tQ#e)0(v(|6(4lVjsGX-P&R1h8(*-{ zpXz+#ZA+v%%;o6rZY2|ZC01Wz#hvw(GA>Tke@pp`vT}}xDA`xZ) z2?H2p;)E{efhL1G{)2r9e$#fO`>NQ{;$R{NO7XDacgiJ{dnaGu!Vq8;YGIYx$?tu`t6V34*f5n-aEz?_8WpUk6ZA6J|u@m=Ei}Zyg zm}oA~6`t0H92_FQp1_uz5bjVfk)lsd@fpuFo=LyyXHBR!^@m0GFklld3o6UE1_Kr^ zL?^0WbLj*~!Xuc?-CuVAF{%*Yqji|fND>#p1e85WI&R#s*{hQ1!52ff*$kojUsbxg zZ9){j7TE_ou`O9 zC$vpDUG$3|BA6JKSj}ZV^Knx)`b+L(CD!jD*(BE6ofgQy^)O3=<@X!(R>=NOJDzq&jm=guP|DtP&UQ! zQ)1Bi0NUtELWRf)Hq8~p$BKPmgT===n2Ykjm)B_yW~vE7{*Rsdv``$8!@WlkcqRs6 zYbIxI!fn|@fWUATUquiyYKwvAUdg8a^V~lzRw{z7 zzRs#aom3`~{AvhUiSQ0=kVe_eu6={(5)y7@#G&%jqKaM9U>#s$%%XoNQF+?|sm{)Y zA=?swFAyNE1ncT*>4k6GOj>BTJi8O7+LpFxOFat-jr700aw235YBGX9HCdN5SvezA z9)xO!A*!LFq4k3Ze*0-tASGcl4I~4NlURV5pHd_Q02iC0W?8|#=n1t>6j5tbXSR0yc$Cv;!KA)HL$<+B zWrMbHgNkK?B-;8X27h4V=vxgA^85-ozkf3wnR7sxiSmhx8^&~V0MV;=kybU&=65hJ z>fyhJk5Vt@Ti5*LS%KdPeiKys`$^AURrcM;&!2u0GZ>iW_2?cR;YuZ>p_G2l@am=L zU1osF2V-pny!0$zojg1Ia~qr-J~6l`SYq^pR|S{S?`^-a(dD}7W~~2k+aq89tDi?b zF%#Puv}L#%Y8BT8N%8qJn;JCuqezWowT>pvDaOBp9&`sK+6P&Ywm8cTS%FBVMhwiu zctPuB_ri$mk;OXAa&;@ZdYdM#Pm)oJn7!S88? zFLs4H$Dhi-Vj-sQ?E}D{D+dx)9T*T*kE2|~@b#lwGei@0C?)q$xVG9lFm?_0Uk&1+ z33@8KHKT5duJV|PW(cs&wrmX2!6x#jVoBFDZg8I_T*Rl zU~W`V2E-FrqzEeBNB+Azf@MEfY7Yqpn{nc2ra@=)+Z(^;GCz!ixj$He9tL{7kMPB{ z+%W#zLFOnh+>Q+ZLI*jxem+|1>PeY$R@* z&3!gyMj63J@Ei)M5U-5V^XAP=&J9G-}-3*(LP%7q{A2b`MZ z{Vcb=-ZxnP^WA7j(JzUTzIO69)K#M3hXSbO0@b$} zpiXvhWVbB514opD*0C$98+1s0GI*8aAsVqo=!&C4PgMxlgHPNQ%3_=60;ERrS(0xR zOul&4aNm+UD@xXbAs77&^nL{+l2O%2j1P6?`Q^2A$ty^m9Q-KccF6_AG0+$J_xNK@ zOSh+xs0q3_m+VA4xI9{^OWUsxAz+lA58=>SsyKptyD7k?XZhmXff=>x)zBp*YZ|u@ zdlid0i4js%;ha3lZfS)Bd|-Xup{?i5ax_)=c!kxbvm`CN}abn^6Zvrm&=fH-NUMrFNd%v~d@;0PLz&%W1@ z+6U=gv@CZgd1E{rDdWUwpp~Z5B4J-628I*--nO1RvE=DVth#fCt+yO7@&r)pUjClc zW&~3McF$$6ikrZ@LP2o1hZOltz}AkOD5&*zP>Xf&5Y6VZ&&B@jef|<&^t&>mZ`@KY zb>VD9l{vhD_HFo4jem!_VT5vb2jgJzV5B1^xtw;|T}0i}?V6)Q5}tCFiZb@% zMU8Os?k8(qTDtUxMRZ3p$zG`=nRj=5{`C?qu9I#pT1(uS{Vsf_H|4x5T6n7K1CTyY zWnP@rp3(1i-SW+oyA}?L8w*NtJFl#G6(5$06}MB1M9e?AF|c+^`%aqe%Uvl%ozsKp z7r;L)yDi@rPX2Z+^r<6M41K6ji2x)JZ$fb**9&#ob~Q)4PAABUo)a?(tXjyx3Z{3D7Edb!bcwRE6IyzBRvMnw=L+#Y65bLKc=)03GJgaw3gVFQ z=AqqdXgFz$&lK~`bHCquu&5`0ZMAdz6x!$|u)832ZoFM#EEzSYErgQw)dwC@?eTd*2@ zB}6Xy?kKbckgBTC*nq)h2m6dI@ z+UyS|1~7)GP`&X>Yy!QuwbR;6CKOhLi)A_`Thl_i#m^?Myw^!LTP|u7bqFM^6 zF!g;nl)^_nzOC>n-@kX#hn{o@n=)&af)f%lfcvANIf8-DrPhiTJ1%CKpXM7>FHSCfB2 z$Qs=iG`eqkbjMyby+OnZ3ax&nwjUKtaJG~1o8sS@cZl~!;2b`;V~kYmlK{gw2A3m1Smrf|Ih@G?~P2J9Ie|z{fW1L*zpVy|f#s-@c9@#S8v)p2s`;i?y zd>V9@wxX^31`i_zl40K!$!@a(r_It!l9bIp`N5@bqx;eoeikTUS3A(*;ozAPbThlV zzN4R$=`w@uOkVN7sfe1}5Z;4~UuKrpR^x2Fz~7>NZgzMi(|mIJeB($f=M5cMtInus z*zB9J&Q6&O@jzN8yNRvdtW`5m3zLmUn&&Flgf%4`CYFS zlcIi+b5w=-6eVJ$_<;RwQ>=H_lkW3_{wRLETjSYG7dC2 zFq=GgTHUq)u{k#=i0_!RLO2a-I{|o%8z>#XSXdT8sVv_eM>D^%5uGa^FSQ;3*1OiH zL9>$bN0Vna*t#hfjsuv&T$>>d^jCn-cMhyEb%GgZh6QzuN3hPeK&A(1u}+urpLnsl zP<)s4hGgADcAx-o2ee!=<)5xJ_#u{C`JN58eLrq^t1MuG#P`R=N%ALaacZ9B_lw`9-EhbnTgc8@=roF{1%m?sE@_^`$I!a$@} zgEh$ia^#RJi{G9K(I){5h$T<)f)@+21Ec`iI$~Y%&}ail&INz9(vk`_bOpLki2c`y zxVWy#N(({=1m|?`S7kSC2k5YrpI>f*Jto$Nr4)Jb0FyQc4*LYG`|g32nfd;^ZJprX z`9&MRgwx#mDJ#Y8Cr6j{XF>qC@Cpkm8+7HRhdNArJ@M?Z)B>$AA4D^ug;};U79190 zeT$tcS1lVL@7&hjIk2dt1tH)U8(xn79h2=fZ-ovDW-3oVu{(=(2hFDOv{JYCTyKJG+y!csJY2 zq}A_fbW~egi&128LSYPO!xRN7ixP?5fUPNE9!By#BZ(s?$Dyk{#unKv)gj49q^$r`L|52uD}`r96^kp zkU&u5FH;NTO6=lQ)`1w0YL-ak=V`V!AyaqMZ%61 zku!q^!&EAO;58WMNH1N2nUMv+n(Fc~phO?AY0xC0%5>r?diZPuO-xqPL2vU=^VIVP z1wg$chCBHI9|q{3x;*3xD@M4|yRvbHDoKWhIsI)76vYf&;N%!k4QnweDtfpcx|QSe zy|?*U289bSUz^2m*0+?3!k^4na6Hg&z+Y=aVx`3vnIWjp%@92;Tv|%2N7f6ZsDF>c zol|3^fB>ojM#tRpWMF>Q%}ZCtGT+noTp@CUE&PNC*o$yKJTP+32^*j z;*HI|RG4Z;P3ZY1-3lVJBA$_Q<=e;Wow-$)(k^yDYF0aeEOcD-*&m<67dF58sya0e+N>^ogW=Jm!Z13GFTwg4j_mW z^FCdE$*>S3lSEPUPp!!K)rL3*KvJI#As zL=_@`4{jJygKSD597Yx! z6VnM$skrd>uY$|hwwOn*?cf0PKz9WJm_ zP7GlBBn^FF$)WP}Y4J23F*S8G7`P+ji|k4m^VA>s{1c9c*`8c>Aue9`&BfDP+Wq1; zzHBn6w|ZurK?u*AXj4P|XzImHr9uCMk-B$e73-7MnP5eAt7y2U5CzRtLk~6;aqIr+cM8M zAIHr4PwYS={-Ge9*JB2AtPi;J_ZgfnA$`TNMpuV1?qxg6<%{hhyql5YY9s@ibp1=1fdzf{^C)li!}ws-KNkHcI%T3&+1M@5{Xz+NA?_uT!{Ba0+1osSreSI|2 zAxy_;u+v!}T$39opE82(VgMsF0j1X%9oYr|O2OCeX#9B%eKoXoKE*c&CSC7X&f-5! zWaGGff>2-h`5faGmkVmGb^bgAn zBSBOy`8~!oQwMQeSzRr-_dHsHfk{lvIP!zJn1E#ekv3E4R>;VV_3%E7w zhTii0zc-o5W$~nEJs#mb-Op}6Z$oLJLiVRZ4ZgO2D@Kj~;ku7YqIu?4eGSfB_LFlL zm3zA%%iHm1f;H@ed`pZRjG_0%^ey6t2?%oyNy<(Z(lanhCvV#c;kgxKj8>^VdSOVE zfaVF+>l51r#hLIA#MDh^CGe3zUQZ;dOJ5Mgy~o@LrBMtslj-Tf9^5uuXMKq7;hyEV zhu-HlM1RL@%eQlRTm!MJCw;&0rh?#wc7v;ikd0xNlo~L|7WU*?Ds?|~KWaVS)>>^> zCffrGrzH~rwP8`JS1A=q;vzByM%H6{RxVb}SoBGU260*?h7DCj50HW0 zM|J3+E~CXd%8#!AjY_tUI#HrD8vZY>f!8m^04EU5{lN8!^78c;cTKJue@8;Y-#XN7 z;K{{>`8&|=c59p;C41^m*QLf7Vfs~Jcx^v4ZO=TKDC4U7vE0xgp+~=a$@uc;4?oC> zS@>ndqsW7v^_MNgmEfKSNd(R{$gRvj?o0&4I1jO3y2!l!z6$jc(vs;(v6YcYh1vrA zoRfQ%nDw+d&2NGm(_^?Xy;9BitBNQVHkbPTL|3djUe!G8 zjj;z95&S@`RjOxwRFxNn;cTay7!D=mo%P)j{T^_>Rm=(BF^Us5Xmn!(e-dDFL13tD zezvw~5hp{#wbF33p6onA6cMkbCA@+}tEA9kP*;P|)sPPBYAcgeye%^HIt;sFq_;r?uC z%6sLN^(Y5fsOn}$0`D|SJt zY5{;}?3$%O1_&YXGj;~Z3!3s;v8wkAK<)N4GoeN)Dk2wwmHPA)*hRV5pj!ebzo}7n z$bdQD*-1uC2m9d~eu)>j#!VuMi5*6koYP#gc+o;Hpz^hGq&$mY*;%PM0g8{eKMgMP z*sJaRtOyc39;m1&4MOV=z^G8Yza_RQgK{j6I~gmU*LtAvJxeUreJLQyLr6;M{_AZQ znCf)IXW;&9aJ6=S*qjo0eMt`d5U=I!SQ)RLj%X}eFlSeNpb`a9HM^(%j(4wpbL+^E zGOn2ts$c3wwfnoq@$M5NN>&P#J3lQ3zcLi$#hjt1T?_2$iqF}6xZD|jVdv|ekE{+8 zvE_ZN9NoBG?=Os_yp0vHOTQ8NeFJm|x??DLNA>4-9M#^EY)#N&~^%JgpP15)o{*OxniCkG>Hpn8e|<&{BAga5e)=@yea)2%$P`S{d7agCb| zF}ptWJKdiLOI5lWOjYkyb9(avANA`U5OJSLmw?ba;hVLSd9^Fzs&-^Udc6*&7vU_{ zrRZm1cMh4wxEt+{!;D=@Fj1i~kcL3J0UkayC@2WYv4>{_= zCzN&INUq5o&Vn(MN?Mv~Emm@OMA-3DgY5PhpcpDDEdN`5DkY@&8lv@qL3dGMELgN) zO_m`z1r}KucpZ@H$@1HS6jYRz7V_?ySP%dTdpM!!kcC(>xi1%rTg36HsFX+3k~*`L z0kpof46K%Rk{0F562)W;y+IZ11k}4;A-{juUAW=;?NK2}+p9hF-qBu~k*ZnQhwEIF zAiDbFt@4HrV6pxs<9+Rrn^dGxe<@+t?ev{aCz|(M0#xcb78z8o2elU{sXPM68uV?W3zcBt3I%VYdL*O*J(2|8m6 zRy>|jQ|vW_9ber&--5%lO7U@OcQn8@ki^A4oDh2CfIyu@upBlT8rgX zstj46F0&x#R}x9!v`doF&S61_o7T`OESNn)g-wLnQ8qMMvbaRpu+M1RGhwk;M(YN! zHN>77;HQ024^WRqRsxQ*F#rZxY%4>b$S<>-a45Hr+WSx-YuY@9?dD)MV#UO)wX{^t*k#9@~8a*mc1Cb8_vT#*7%~L|=IYs7^G`x0oc0mKGB(FNg@CZF7CS>{SJ` ziC!s*;N)4#YgOY2{T^di*x@^wxW6&5_YJ^>n=Si26V}NPTu0iKR4k4QJ{pbIvML@UONlXqCN8 z4u@qdU?)&`A>VJs;sVw`WQ zzRU7HLXe>?FG_;PeO)`1S2{{WP(f2ukxxHgg%YvwrZkt(Ocgf_lvkVg`#5$F4|NFX z_La+BH1!Gyj?I0`1~5 zjd0@G<$B{Sd%p2X*_^%NgwEG|2!#R6l6@WUr}ACyP(@&&=s!d$ChI+0BHMYlow4jv z-p9rYHSTNKUsI`fcW4&dJ>j)5@r7pAscYG9RSW+4*gI?3}5nTZ~*Du%OqUk z=~P>$z`;Wqyhy09-$@10gLi_pUt?%R^_OwYhLqda@ZW>`WxV6v>Uq}j`-|vQ?%(^B zl~GBy77YzY&+wul{sTW|PGS_GjgOAjYKx0vWjN)7MZURMU{}1(%K+#|&}G$myO=b= z=$aS~BUFQ-8ATbgw4Er4dJ7Wq!0MjE;V#MpUK5|0QN?#Kt?V#rGb&bp5PZz}`n7%W zFo-DeXf3W($%Sfn@QLZA#@tT|deM%oiVr@7bL00Ug0FLgW2|fTR8}v5TDJNoVkCJM<-fYp7J&Ae0 z6cw~ok6@Vb*qQbJdYHr_U7M=Fl|{^=`o?~y_UT3>2^{*6D6x;9ByyKvNV>ME=ZJ`q z3n8mpGxi{^`h}l(+{ThN$&}A+V#%r z95D=Dke#^6tV%gz{x=@tUC;chQ!p6FsvHn(NvL-AoByH!)a{(W!b?qyY!3H5a`>rC zj=0Q+`o^9kIH3ltQCU^i8KS(QlC3EZ?N}0gsu;B{m^D3R`)JS~EhgX^w4=6v$M6{B zi^u#T*NyFCzZydf!F9jN-F*@cum?2n|1^B?2ESO})Qw%go@c}^-UdT?7p3;KFP!OjWv8*-|v6l z+V&?SS6v*alM<8zjae4&_|eKHt^9(j-+|VOIDO^`Ii> z{%n(@Gok&KzOQ-Kk>cR$^X=hYIbupHDEdQB11t$v9EscjFc7o5aSt1^ard=v9~b#= zW_M%X8Q``aNKGukB7Yxj8M%e+?mKanU;G7__J32Mk&#$Z(0mTWTf4yn`NvarNS#ga z2GCm%I$7O?&EcWQwFQFc=6TZDV?RtMccePoZT078ejR?;Mq1A+*JFvz9WL; zLv2}m=>IQHB0HL+M;W?TFiImOEb%zC4alW@4w_v>!WiU zOy{>8{vAc&(?!0tNjb3j9PPX0ALCuc%cf{}aMsZ?+j~Cw*JJdYiyRb_A$m7IZjzP1 zBksePyFF998B@2h>qGup5RDj*OZq{0VoUOI<)c4kW8$&*nhqy8`PwFT#3IOFT)+mU zNkX-?U^O|B6Xu`KmM!dOzQq52Gya1cb&}>tVnR|}X9`Z9l_k=yWKcG~6v`#&UqsI# zi61(ako~oiQXkLyUM>KWK(S4*y7}ktV|n!Bhk%AobnpN4Y!46Q<-%}Tax`>HmnK-c&L%RqELb-E*C#XmRLKs=YNo3t{ujnFqI4CZsL&BPX&D-N0%dI{ zzf$U}nAeuN1#6V24i?i5^Qy?zng*@;6EjV0Bp9>~~qN8X}3D$pGa zSQzEC;!+U{b$_kf-jS+X2v~RP|7hL%pXrF+JI|@0K%p0ebBiGnfR2(nJv1$aPxvav z?If>Y>bUsiv}0wpKuX9mT1h5B9Oc4qesM7*ZIVx$mE`Fw5t_f|N#TvoJ2wetkl)z2 zAW1hDo=c`Xzf3yl>hQ|}x6o?5*cq!Dz1=?3gymx(ZBI+L2bN9N_QjSNKBf18dFQ6H zD}WgS=S}OGwu1M5E*>Wxw@Iy&k?#w>nPk9j4Kkn%-HMd6=SQQtq<-5p0i{2?W5-sc zfd4f-?^aEsdP^jch^5Xg{C!?7TbtvPr32g)!?`yKzd z1>Hf^+&XLYz>GLWNjrUZs1!|(@RD~&e%~pgZIwsj%Y=X8w za@|~2qYpNTn7@ptQp>)b{VaXv98f=XQyBF*X9CDAl|4a=#XmHO7}AGGu{K>=^7HAfqd`d-qORK(Xo zy6dBJNbMW$Lr1tO{~cDOJ?tl}#H7z8lCx{gJ;0%HpWXVjXN2I&t6_P5b7cG6-~KJo zOzihpfhZFTS~;U@87*7$1`{1sbC9MXdrmncmI!G{~S~oHGQbi4!G_IEk_8 zFdQq!$rlY~)i`Q3uv2s}gDkyg&%`Ic8Xr$$_yO*yyUT)-whcW|(r{u*TCkF=^aD<} zw5hgNJ2aUdAY!hSq60mq{V{@AF-Xp=82{H6fyB(n{DWtLlYe4}(7DncrNXS% zo6FLz;0DyL??DaL{IXo4kR9VK)@PoiJSKD5l$x;5t77m${0ZyMkF7eQ*0b>f+QdTf z^QK^1weE{(Y=SaG=EuosGP>43ztDo{oj2ep{$V^GH%yHmnx;@;LyUv-^;-bWgGY+; zEo`}uzZlE6C-RV(cE*3R>)NYt*s`X#nv`o`TRWY=t}QMRPR|9^gyp$gR)Rc+bdQkE zH^gddiG_6et8|A#I-LP|orC+Xe<#lxP-hBW;O$C<+J@|W zDYCP(6`q~Vg{gD{ydE`dwTn7My!US|lrGH;$Cpmw1d2;h(o*V1tM%EH&^+p|Z*hpe z*v`s9l(}1qCbTcMcn5U*ySt`!vY3S(R^BotI-wKTR}zra9aH#huHjC81yKT!(EMf5 zOoYs~%D-(vTc4~~NQDJH*I=jb#0JO)h4p0c52v7-7C8(otlYCUX>|~kdt7R%B{Fg5 z)_z;y=d9d{Hb%|*3&2oi%=>EWHb|I%YNuOk-)hbSw+8h_B%mroy$*@moTLT`OYM88 zb~>Nb1ayUTps2JO&OKsG=* zYETDM3djaojN5S0-mE$cl=sR)BgQ6>P9RKbnlMuv>(wZkXhsfh0 ztsizfzfQofJqI~aAu!o_$!Dk3ARyXA<$@b5vh7=}XR5O~1oP0aFaTm=3pgL3)E+?X z?tepVTibrzx?+0miv#$lmFe{eO?_4L=L_2>`;)m?LWFIyx4ZHIOYY?m@$pKBAK>YO zkeWJJHBHV~OK%0o?$CHoPPSeabP(6CISR~KSa#EM?>pq2!sR5LT%@ZEw^wdNKpVxgiW zEvQ_qBE7+_O%eMTY!O+OUJvgFuKBnG_r$}kZN%`=B`K`l--`8yc zdU_T@oVpWV^%w6#ekPMjT|ObCnkxtjVT%(dzU02pSz`>2HHJ@mWeJM%7V8^`%1XGm zY-Mb(eO2K!f8wDSO+iGIR$JZX9U7jTOoMt&C;&0vfjCjx*{>FDs*m<;Z=9WPbIyM1 zM$OkuetrFzv){e6rgIz6Ge3uDP^O*sH^#Hn(*2K6s;L6{9w!cEesRHlb)+QsC>=%> zIe!MK$f0z%h$;6pA1l*FhV|CP5l{~W5oO|1q8V7_OjT8Vu>75gl46$o^*$5 z&4n}*R5TR@z+3&AY4;Za-BKW6^6n-bTBr=lcTgKzOfF6~a_v|pZh&YZML?9ZOiXCB zwrAB(Ld<2)lHsM|AqcKV{Imm4RQK875Bhy_TN8`D$}2)dxrcD)^Q$(bKqWEO|%{I;IdYM~h^KnBYJJV;3uS}n5ELr@@ zZFI2i^jBg1B9QRvmH@kHtJkt$8#HS3nBkgi24 z+%A$aH$qhc3YSA3^WHn)A+Tw^PJe>=qjYH;ih_4g4fI@8f}AB{p;jIUAasSvIyu z0~l)b7Ykl}c0eVufkDHa zjOnEY8RAwFU)M{gKkdZuYe^oZ)(`EW#O|j^VcaNTcW}Wnmu;n|6O^!0_6t&!-SQ1N zD|=1Vjd(JDMGV4ccdxPZVi2loqb)1b5KEdP(shMZV|S_2 z>FK7ZS!r0=WwX_AWw8lq@6a+Xj-ixJVS;b%;I+bCi7}I(8`PTHtB+4acQ)GHYisuF zzyH7*A{1R$SKB05NndQg9G0dZAz1JcBfeo6X9_642Yagy)`n@XDKu;I%k%ItN76%0 z`pt4&VXIT4H>LNpkJ?;37<~pGuSS_GXAdnTCY|nP&VusmP7{EACix!p!6SgLCBi>q zmi9S=cWGlzbwE^zH!IQ)d9pWZD)%<>Zo9xFmLfKjN@Bb+d6Z;I;F7(rCx&e_1S?uzi$$+xmrdXWDt`j(Q;aOBR&1-NmtN?yZK8})Zi}JUNKSHUz#+U=s9dYn_+9Cr(P&{E z?y^x~%CFOLJ7hUU*~o#yuAPeukOGz;%mfsBOd3b&ajVY)GK!AK3NsVWjF{ltTy#3( z9G9iN?Ma`wv1zK-Js#bZzUda3gWAw}d| z+?t>C(n>4Dtq<~F-Kf!(<*_$1F^lN|ErsF|U_1s!QVOdk!H<@ns_5u?5DfP5C-9W* zX-u!)c9mQiCO)Kaovkl6c1sp#z^jWly9}GZrx`T1 zCq|3q-H#*}ttQ57l0ZGR?#Qr7EQbA;t3p=)Rk(!jTBtc^l-~p^}f;3+QaHKlJf1L)${SF zmXr=YW3qnC&Z7@6tSH@UDpo`q9v@>0BV%5R9_yL^`n0HitlM585MaW+q%}~`JR-6W zOdK`yn(moyF{?d6jC5r|G?nAe7lp$namGXDKlD%FY(xqs@A%*5t%vqP;~N^o&Guxi zR02ofpJH!~Sj(EEC=rcop26f{j6OzG|A>W&hQZZE}yq)k{f^A$9%U-NGiQ1 zzN}5DSR9){IjtNSxj`!(Hpz&%9Wm}x-mLEA^8Fh(Mfb@# zhayA!G23#e**JQK;7^KkT1GeuaLZ;{UFkz~si-SC?+%p=!ikCsSmmp`ADafC@(0Ysb0Bn8j^$ zbZlfLn!L=!C3Hmh7~H}$xvTOkCvH3+^xZ99D!F@Tv${{@bD1rCR^A>c8$X_j<60LV zFWmAk#tmAldyN+)uvf|Xo`9T6F_^tc^STSqy@1+I5l*4lY^nTg+)Jjm!ZcOe4h@uM z-RUGQ>+i)(+N0N^WbvGMmG%3^jJd~vyvH0Se~ZMt1x{nA(M8)d|64O-oaGHDm(uKc znu@{81jOe2-B=U7QIh9Al#b2qH)xo54=$HVq?Yvt?g=QgUuGM3=5vxShv3`F%%A{%aX~H`xmZJ*7`RMkbhPMFqt^ zvWsg;u_)=u;x`Y^5H>n^DXkWBHR)u{l*h1)KUdmAe^e)(BW!k1$GRi&+IpVasLj)i zXcJVHTVA{GkGZ8|zX#xcm?oecIBG68|Bf4747)%6o*Vy-%i^aP^356^p^39iJ%jEK z*<4wxX)?vi@+jLR=fwb8LyiDK`uDPh;m59;qyKzseX;(V_;lVKRB zwyeRh)gh@G%R1mZ4i^O3v1`VRBH($1LnF2wyU$)`r*oT^SbMr>uXW8WS;NrA<<%Qd z79UOA%u4+-LJZ-8cNz1d^M!MwzDuC^7u|TJrQat;!p*+s!S+i|^@{Hzmvi@&d%kM< z)WRS0@FRI;8Iyy&fK3YLdoaYuO>fLuYR4#FrHs!u+QW@+)jT};@q?Vuer8gnyBUm# zvSz=w`;?vXOa3vaSqv%p2$4LGJaRhw zXdKu#5uPtdE_173ypxK(7d?!@+B2DfDkaoDN@l2Z?sUGi^*7hpv-U&Rc0`nd-~^T0 z2*Debf~eD4+b5zuI~(`6Iyugm5T_@)_H`!(T4f>LDITY1BpN2`BEqXlFIG3M|EMk1 zu*W-|y5|+xq`c!_w6qEk7JY|l+*1aruUhf=82PSxwpe7iX4>WaEqxq6Vx{s(EKmID ze;7UrGkmq$QbLULw7UKv@`hFv_oMswNbyzJvvY2&KZTT~xe>GCa8rqg$r4 zV(kqoSF-fcFAwOz_MHJqQSqfx%$^cyMSf(vr1$hl$}r~0<0pzwko75hq&=rfK_gMp zM!K!6J!+imlA)C?ssyVhg8L4WBiuA@fr=-3R(rnu1_RsFq}PRwgqwZ4HMMr@xbGtE zAMxC+hb6s_Amj$5TY@vb^d=VBc%FR6a&4i=H5r#Av-k1%9q_Pk3}I%==~10~l38r3 z!yrkx_*8{whBxlhAU>*ZBvaPy#XT%WEJpczT`KxR855HNttrO|WrmH4U9$UiObxqd zHKHbu;;)OUXSzRs)&J_}%^p5W8QfUw)7#sJRtCR5QU`xiEV%CdKEk3!L2K7x!K?Yhj9a}J<@6t#_!MzO$?@M{4Ls6u>*L%egF_A6F9t*re3#Ey=a(?b?8#R%du%+(y zAg~b=b&M9>8Bwk$Z}LzZ+LdZ?+j)yJ9KVl@Z-)I)>u2-`kJFqs_;5Y& zPGe^2ae4&etT(y+op?<7}0gx?K#JC4gTrSuPY`4qib7mf$~NVpCBej83H%<^|KELg9Px!M9r^%u1Y~>gy6e7 zQ>>4$I3Wk*GF~Mwo(o{)PMN1ULOoN@M+Fp_Xh2*q!=`spXQTAdAd^$ zj@Yed%7s`9lceB?p5*1eqoWq9vT^<))Eu`gasjr;Q8D+i5G3I=5vhoT zu9vAESNh`;<#{C8!8}3a!PKIU&qanuVV8k~?R8H|so9|4NXEB`F?{_AN{t8@w7$4$ zfHODU{NahY6FH3)<6Yj0W&NuHsJ)V7p$8}K=>ut*Oc@ils`i1}+!^C%xl1wp3_Sdp z4arM~UC8#O+eZy-1`Fb_py{|xE(;t*oZyQCN_+cGQemBbinVjkSoJIcf=Yutx4YpX zP}z`N5Cy3sYhk_5^OvIKr#@#X7qCF4?SCYush%h5SV2dRJTS=GWKMM}N!zke{5W zZ=?2Zr5rnpNGFB$YhvvNoA^A3^GX%#ETkkurE ziJRi&-V2mueP>5Lx3^myQcYLpZdb360Oi*vKlJ-rROeK8vF0te1n1}QPZI$>V)r1c zed9H7_2L$vOTelX4>BzF#$I+-A0W^Ub*9C>xIo zrm&MUweRD?voQ^Mlv-Qy#EO+VQ{(Wm%Nan?l zBeY!XMc}W2zI5wd)g-d-Ti-RQbg zvgopLRGk`G+wbygTc0D_AaM~KySdOx-bAUxjEH89Mxb3)iQRG};v{3D)=?ZQdy+s@ zO*5-xFXBSg<%xRh>cJsbH`xKKU#H|7+FxLF2qHJ?iNzuq!~!XX;5#vzlu_S=oePin z?gPD)!I3}Ph}^@4JG9^c6XG=pOvtMN%*)l)_jB&nLD)q=dL>U^EiXZnuQRXb`&?EO zY~@6;#yNamWS2SM<2?V(gf13F`3j4-YuZ3#b>51b=%0sHnah9s>zr8*>s7l@pfj(0 zLg>7BcXLIw=GP)%3$q)}Oxh8HZltSTWx9S{c3HuAm*mR6ba4O8mw9f+Jwq|TNLqB! zXhy|D-iVnVxMBwIxt;Ke-43QI`_xaJhcTv!53!y;V$(8DkAVB{N=Dy>zY;L=`J0&W z05R*PcX+350sCVpM|heC7?>cfstsw?Xo^D-V|KTl7WM>Yn@953w9&ofa6X;SMRh_} zoLbaBe`;(Lb|GouRdUVwvS6nz3zwDkHh?PAWNZQicVoo4bo%y-39q#?x~g{BQswfH zq@8))v)b5B7h`qh>Yw)X(0eR6%duX-`fXPOKMg_X(7wXKp}DlNl?igntEdDs^1V3R1tx3dQYsf9;S4vKr+Jgp;M#x38 z$geON9qsERza=?|*oJ_NYOqwix)!uA63}H{eXiROy%ZO`V$j!Gbn6Hp+K<6%8xqBLg6X3{rH692W29_Li-Ral@k9mzu;)gAce3|R}EN^O2ch;fM zAk{m;%p%Byc|zwt^sU^Vt4Dx(U^_OtE2Otn6%KZrt^xIbd`hIPz^rajDd5et!xQAf zprXAF7C0wO`lWl-;X&~7Rg#-=m;GB?jekzrP8KG#Fjrd($x0S}f;>5Ot@Fmjn~`g&`q|{p8y91O*;V75Lj`Kn%7mGNK>9FVhUKJX~E0_9KsOl`w7Kr960k0ly*Dh z9RwGD#4ul9!tgpr_zqHG;hS2FqLo!uv!$c2+G^hyHPZ#ugS{opEvQAb9^9Y!+kmsd zESLP1pvc6lbA0w8_coE+jw)s6p$+3z3}ML&1Dw!(XWk`MzI6rp_g_RUhTIR2hOFkZ ze`hsig2M;QYk;}^yuLDthDO%#P)72}Im%h>qJ7QG1uf@G<-b{u9~Db(A7b=Ruy!y> zdgHMHbePW}^j8Ilv4uHx41>r8*!K_E-RxBQDXw>#T*4;sy7fmKuk607CKkQQqB9=I zegQ^S+{Xk9{m=cg^$Sn~cu+Sato)q2C9$qB`do2im(+6zSA=7DNwoYyM{~hV^1af* z@O%3IJ8VP}mX_W0X*xjnh<~j64GeAZ&9w(R_mnU8QNzWlJ8jHA>H@;f=MxrLK)^%C z5}_Ui#W@@1%vQL}59p$5@dS`lBws70(0hL?5IumLYS;i3)h;t=#(Dt||7X<6B@~NL zBCBmqxBh|0c5uapz1)+xuJ^)3YnJ$6iMHlB{XtI~WVBVc0O&1l$PjR-0PhaEN5s$17;=S>OnL)ptp6ceJlEYGp(%p@l{LT0Xv|c{|<#@2J zWxOQsmLAR`DZOOj8Ba6}f5j>P;zq_%r=iKd7IZEFT+w!PdqLMfV1C*se3T>(x_Wbv z`~7#{;C`wE8v1o+@k>WrNYHx*xoh^?;?I3?6pt7ycml~f+A@&!*RL3x4z^}zfidec zIv5$My``z=Ft8RwAu1|r3!0^xc!)V~&pmTlFEMP7<|>?ebFHyQo|>|awODBll@L+2y{fL2UhepNOv;?bS)xWi%R%P}Gwv;FESfdiT_(ZOeifg#ge z#;xHY4}n7;r3-(kYu_VV*uofBe>eB@4G4mQDoIxMn%!Q()z8J;m*)VDeGmvP2}}U! zcd(*aM^?37s^bcr=Rja`IgoWt0(FNS?Qt;gp{yvWr!88hKJBOvkqB{RvJyNi-P=y#pypPbfIC4qiW5@nZ1r<(C`8gXi)X zT=2mA7=kANP(>8DGVqX?R#{ejpzOzC z+=T$yOQZm9Axuo-UAJ2bH!4?6hV;R?4_o4OTy>uE!ZO)x0l?;UJp|bSK-^jjd{9ua z5Zex3W9>j0qcNk;sj7|xh09tYU^G{$#}gRyY?)@Jxi~i#=-e0@hT+;vJ>1_vSwFte zns-io`ve7`6~Q5#I|`l%Nr||HcxR=G+3c0#_}O%d=)w#E%nz#B8@UIbKxz)^nZ!a* z4nd)-6y{sp4{W7B>8dsqVMl5g#uCavX#&Saq6u?zfZU^DrE6?LJzIcly%D(FVIBBj z%_EIz+&oC!d0-LaYJSULzQ-jVpPlxh?!*n6hzlPyN&dZ8R@Y(T*Y3;-qQDyUZ_zMl z9=oFF*JTE%8wd}w;Xh@;l&Wdn$ylozxVrq6GN>X3m-O)GCs5F zPL`yu+|!vndRp2f*D-gntl~iiiocCYF)|#XHh|}7=zR<9bUVs&&*wwfND3(hYDAKFKygv-UQ)h<>{By~mb_@=DDaFU6@g2U^5lit4Z#;fq0CD*Bou=PedOuFc zJQ3!lH%xhV%O9K#pOLGAx@KCw_`qn;o&?rzF%BJZI9LS=1WKNM*+F- zvypB=aDVMfJ4Mfp=vbW8Ju_+b^^+7g3B=}2?nRz@_|5<7t?il%NlEUIN&@8}OrD_p#^S+d~3VTdSQFB(sPa+E1SriwPEOig5 zBEMzr?MLqr6=`p)jsAYJxT44oa%T;ophiqfO4kT`Vf~Gmm{jScv;otX7CiSkg(x&G zBx0T(k_gv3qhW*yq>o|F>pv2q=2mI0dE?wJOaZ%4CLSieRzl#@j!TLO(k>6==emlsA-IvrtNy+1kQUX^uvwr{{6M(l z`Cd`v>8nPiAVmK(1tgT$L7T|cP4n=jI5b4~aSQW>NVe+H8x7F`RZ#kKH-jD02KNQR z(pWr&^!rEWvIJNeSrLSmR)0YFw}_l2m>S8~KCA>J8w z=@K@t!q;JIFl^4PMNNOmpeO%Ru~jaK7hGd@MtL!n z7{y7~BKoTsG-zJiM9I_~b&W>YUXDaI&;#%K)3D=+^Wka!?;Ac}DJX{$)b_TC8b{Su zFeyl!D=-ELaecKH53iw9-kDkx;1m*OW-VhEgDl3p0~>yH85(6xd@n$0xQ8T84JMGT7(( zcnRau(6J;Fd^!=_wg1Hp+ix7*eEmtWodU-)&@Y1CN=gz~5i<_xmt2acUV&dqyttN$ z3Pia!(6#i`C~>9y;D-Y=G~_mrU78^9&$zw*&NIogc=GGquT_<6HyEL4U}Vnx>T{)Y zumpzb!T#m`n76@<1LODkfIct}?GR4r>VA2`2E#Hu2eXh{Cg-{DoysETLOaEDu9kiu z^}Ts}{&FBb;0yd(ycq^Q5IH>wxMs)=YR*O>Qut1 zlVmgh9)0Ws9KmBeCH%TmB+ZNSutv6aEq>!U1_kzpI1p_UOIH2Ep43;Ba}{@h%DjR@ z1Z52>4s1JcGBN_i4;Br`vYo`4V-1ib=72+anV9QhK4Rn z|Mgh1hd8a~`mYNc;eKK+`5oHAuWJ9vyv*ymqr5y9lW z13kDZg<@H~`O8$Gsb9aeD0nr@kjCL)M*%1R)AVm)BL6hZ<7eodw#1C`FR01M60yKs z7DB1H{=S-v(U5VTb`uj%Q;hujdjXRjsk6#+>O9wK_;$KE7zu1^p zD8D3L@Eu0H_l=N-{>PfHFZrB*=bIspSH*RkTTI{oc~7o0(_MVU7d#Vn1_A(Vr}$Cg zuLFRwMjm_>0x6khX(3}du3-DM#A1ywE)@KqFFo-(|BC86rVkWxK)rWnkaxWMmr*`o z#LqG-;ivt2`v}+q!M;rCYkySX-+s_F{9>*||C#Im5BusLcKM$~6|9+z-Uh%E@~UKI zQ$sis=T4c|Ki@q_BYagv3;WTQwDdQr`HMg!{m>ZY<0RnZf7dgAQz2*=)fk*Y)xZ7l r|4DAoe^(+7`}u!9_W#^A{-&1hx*V4L_1Fas{P$4ykxahS^Edwk6v_TD diff --git a/packages/cdk8s-loader/src/abs-app.ts b/packages/cdk8s-loader/src/abs-app.ts new file mode 100644 index 0000000..3fe3979 --- /dev/null +++ b/packages/cdk8s-loader/src/abs-app.ts @@ -0,0 +1,10 @@ +import { App, AppProps } from 'cdk8s' + +export abstract class AbsApp extends App { + public constructor(props?: AppProps) { + super(props) + this.loadChildren(props) + } + + protected abstract loadChildren(props?: AppProps): void +} diff --git a/packages/cdk8s-loader/src/abs-chart.ts b/packages/cdk8s-loader/src/abs-chart.ts new file mode 100644 index 0000000..956af86 --- /dev/null +++ b/packages/cdk8s-loader/src/abs-chart.ts @@ -0,0 +1,14 @@ +import { Chart, ChartProps } from 'cdk8s' +import { Construct } from 'constructs' + +export abstract class AbsChart extends Chart { + public constructor(scope: Construct, id: string, props: T) { + super(scope, id, { + labels: props.labels, + namespace: props.namespace + }) + this.loadChildren(id, props) + } + + protected abstract loadChildren(id: string, props: T): void +} diff --git a/packages/cdk8s-loader/src/index.ts b/packages/cdk8s-loader/src/index.ts index d4005b3..7b312ba 100644 --- a/packages/cdk8s-loader/src/index.ts +++ b/packages/cdk8s-loader/src/index.ts @@ -1,2 +1,4 @@ +export * from './abs-app' +export * from './abs-chart' export * from './base-loader' export * from './loaders' diff --git a/packages/cdk8s-loader/test/component-loader.test.ts b/packages/cdk8s-loader/test/component-loader.test.ts index 11046d9..e2965b6 100644 --- a/packages/cdk8s-loader/test/component-loader.test.ts +++ b/packages/cdk8s-loader/test/component-loader.test.ts @@ -1,4 +1,4 @@ -import { EnvVar } from '@package/k8s-generated/src' +import { EnvVar } from '@package/k8s-generated' import { ConfigMapLoader, DeployLoader, SecretLoader } from '../src' import _ from 'lodash' diff --git a/packages/cdk8s-loader/test/container-factory/set-prop.test.ts b/packages/cdk8s-loader/test/container-factory/set-prop.test.ts index 4336eda..1a88bea 100644 --- a/packages/cdk8s-loader/test/container-factory/set-prop.test.ts +++ b/packages/cdk8s-loader/test/container-factory/set-prop.test.ts @@ -1,4 +1,4 @@ -import { Container, ContainerPort } from '@package/k8s-generated/src' +import { Container, ContainerPort } from '@package/k8s-generated' import { ContainerFactory } from '../../src/container-factory' describe('container-factory', () => { diff --git a/packages/cdk8s-loader/test/container-factory/update-prop.test.ts b/packages/cdk8s-loader/test/container-factory/update-prop.test.ts index 8e33fce..cbb7446 100644 --- a/packages/cdk8s-loader/test/container-factory/update-prop.test.ts +++ b/packages/cdk8s-loader/test/container-factory/update-prop.test.ts @@ -1,4 +1,4 @@ -import { Container, ContainerPort } from '@package/k8s-generated/src' +import { Container, ContainerPort } from '@package/k8s-generated' import { ContainerFactory } from '../../src/container-factory' describe('container-factory', () => { diff --git a/packages/helm-value-inferrer/README.md b/packages/helm-value-inferrer/README.md index e62e580..c0e43c1 100644 --- a/packages/helm-value-inferrer/README.md +++ b/packages/helm-value-inferrer/README.md @@ -2,12 +2,12 @@ ## Introduction -- Infer schema type of Helm Chart's `value.yaml` on other languages like typescript. +- Generate schema type of Helm Chart's `value.yaml` to other languages.(typescript, golang, swift, etc...) - Internally use `helm show values `. ## How to use? -1. `pnpm check-dependency` on `helm-load`'s root. And install dependencies. +1. `pnpm check-dependency` 2. `pnpm link:global`. 3. Go to package for using Helm. (ex - `/chart/`). 4. `load-helm `. diff --git a/packages/helm-value-inferrer/scripts/generate-infer-helm-values.sh b/packages/helm-value-inferrer/scripts/generate-infer-helm-values.sh index 4d8a68b..5b175a8 100755 --- a/packages/helm-value-inferrer/scripts/generate-infer-helm-values.sh +++ b/packages/helm-value-inferrer/scripts/generate-infer-helm-values.sh @@ -2,7 +2,8 @@ function load_helm_chart_values_as_json() { local chart=$1 - echo "$(helm show values $chart | yq '.' -o json)" + local chart_version=$2 + echo "$(helm show values $chart --version $chart_version | yq '.' -o json)" } function generate_inferrence() { @@ -29,7 +30,12 @@ export default defaultValues EOF } -CHART=$1 +CHART_WITH_VERSION=$1 + +# @ +CHART=$(echo $CHART_WITH_VERSION | awk -F'@' '{print $1}') +CHART_VERSION=$(echo $CHART_WITH_VERSION | awk -F'@' '{print $2}') + # 일단은 다른 Lang 지원 안함. 현재는 안쓰는 변수 LANGUAGE=$2 @@ -42,7 +48,7 @@ DIR=$PWD/$CHART rm -rf $DIR -HELM_VALUES_JSON=$(load_helm_chart_values_as_json $CHART) +HELM_VALUES_JSON=$(load_helm_chart_values_as_json $CHART $CHART_VERSION) mkdir -p $DIR diff --git a/packages/k8s-generated/cdk8s.yaml b/packages/k8s-generated/cdk8s.yaml new file mode 100644 index 0000000..051ee14 --- /dev/null +++ b/packages/k8s-generated/cdk8s.yaml @@ -0,0 +1,13 @@ +language: typescript +output: ./src/generated/k8s +imports: + - k8s + - addresspools:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_addresspools.yaml + - bfdprofiles:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_bfdprofiles.yaml + - bgpadvertisements:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_bgpadvertisements.yaml + - bgppeers:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_bgppeers.yaml + - communities:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_communities.yaml + - ipaddresspools:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_ipaddresspools.yaml + - l2advertisements:=https://raw.githubusercontent.com/metallb/metallb/main/config/crd/bases/metallb.io_l2advertisements.yaml + - https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.crds.yaml + - https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/deploy/crds/jenkins.io_jenkins_crd.yaml diff --git a/packages/k8s-generated/generated/acme.cert-manager.io.ts b/packages/k8s-generated/generated/acme.cert-manager.io.ts new file mode 100644 index 0000000..ce41d54 --- /dev/null +++ b/packages/k8s-generated/generated/acme.cert-manager.io.ts @@ -0,0 +1,3503 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * Challenge is a type to represent a Challenge request with an ACME server + * + * @schema Challenge + */ +export class Challenge extends ApiObject { + /** + * Returns the apiVersion and kind for "Challenge" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'acme.cert-manager.io/v1', + kind: 'Challenge', + } + + /** + * Renders a Kubernetes manifest for "Challenge". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: ChallengeProps): any { + return { + ...Challenge.GVK, + ...toJson_ChallengeProps(props), + }; + } + + /** + * Defines a "Challenge" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: ChallengeProps) { + super(scope, id, { + ...Challenge.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Challenge.GVK, + ...toJson_ChallengeProps(resolved), + }; + } +} + +/** + * Challenge is a type to represent a Challenge request with an ACME server + * + * @schema Challenge + */ +export interface ChallengeProps { + /** + * @schema Challenge#metadata + */ + readonly metadata: ApiObjectMetadata; + + /** + * @schema Challenge#spec + */ + readonly spec: ChallengeSpec; + +} + +/** + * Converts an object of type 'ChallengeProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeProps(obj: ChallengeProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_ChallengeSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema ChallengeSpec + */ +export interface ChallengeSpec { + /** + * The URL to the ACME Authorization resource that this challenge is a part of. + * + * @schema ChallengeSpec#authorizationURL + */ + readonly authorizationUrl: string; + + /** + * dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + * + * @schema ChallengeSpec#dnsName + */ + readonly dnsName: string; + + /** + * References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + * + * @schema ChallengeSpec#issuerRef + */ + readonly issuerRef: ChallengeSpecIssuerRef; + + /** + * The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content. + * + * @schema ChallengeSpec#key + */ + readonly key: string; + + /** + * Contains the domain solving configuration that should be used to solve this challenge resource. + * + * @schema ChallengeSpec#solver + */ + readonly solver: ChallengeSpecSolver; + + /** + * The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + * + * @schema ChallengeSpec#token + */ + readonly token: string; + + /** + * The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + * + * @schema ChallengeSpec#type + */ + readonly type: ChallengeSpecType; + + /** + * The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + * + * @schema ChallengeSpec#url + */ + readonly url: string; + + /** + * wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + * + * @schema ChallengeSpec#wildcard + */ + readonly wildcard?: boolean; + +} + +/** + * Converts an object of type 'ChallengeSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpec(obj: ChallengeSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'authorizationURL': obj.authorizationUrl, + 'dnsName': obj.dnsName, + 'issuerRef': toJson_ChallengeSpecIssuerRef(obj.issuerRef), + 'key': obj.key, + 'solver': toJson_ChallengeSpecSolver(obj.solver), + 'token': obj.token, + 'type': obj.type, + 'url': obj.url, + 'wildcard': obj.wildcard, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + * + * @schema ChallengeSpecIssuerRef + */ +export interface ChallengeSpecIssuerRef { + /** + * Group of the resource being referred to. + * + * @schema ChallengeSpecIssuerRef#group + */ + readonly group?: string; + + /** + * Kind of the resource being referred to. + * + * @schema ChallengeSpecIssuerRef#kind + */ + readonly kind?: string; + + /** + * Name of the resource being referred to. + * + * @schema ChallengeSpecIssuerRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecIssuerRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecIssuerRef(obj: ChallengeSpecIssuerRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Contains the domain solving configuration that should be used to solve this challenge resource. + * + * @schema ChallengeSpecSolver + */ +export interface ChallengeSpecSolver { + /** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema ChallengeSpecSolver#dns01 + */ + readonly dns01?: ChallengeSpecSolverDns01; + + /** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema ChallengeSpecSolver#http01 + */ + readonly http01?: ChallengeSpecSolverHttp01; + + /** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema ChallengeSpecSolver#selector + */ + readonly selector?: ChallengeSpecSolverSelector; + +} + +/** + * Converts an object of type 'ChallengeSpecSolver' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolver(obj: ChallengeSpecSolver | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dns01': toJson_ChallengeSpecSolverDns01(obj.dns01), + 'http01': toJson_ChallengeSpecSolverHttp01(obj.http01), + 'selector': toJson_ChallengeSpecSolverSelector(obj.selector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + * + * @schema ChallengeSpecType + */ +export enum ChallengeSpecType { + /** HTTP-01 */ + HTTP_01 = 'HTTP-01', + /** DNS-01 */ + DNS_01 = 'DNS-01', +} + +/** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema ChallengeSpecSolverDns01 + */ +export interface ChallengeSpecSolverDns01 { + /** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#acmeDNS + */ + readonly acmeDns?: ChallengeSpecSolverDns01AcmeDns; + + /** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#akamai + */ + readonly akamai?: ChallengeSpecSolverDns01Akamai; + + /** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#azureDNS + */ + readonly azureDns?: ChallengeSpecSolverDns01AzureDns; + + /** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#cloudDNS + */ + readonly cloudDns?: ChallengeSpecSolverDns01CloudDns; + + /** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#cloudflare + */ + readonly cloudflare?: ChallengeSpecSolverDns01Cloudflare; + + /** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema ChallengeSpecSolverDns01#cnameStrategy + */ + readonly cnameStrategy?: ChallengeSpecSolverDns01CnameStrategy; + + /** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#digitalocean + */ + readonly digitalocean?: ChallengeSpecSolverDns01Digitalocean; + + /** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#rfc2136 + */ + readonly rfc2136?: ChallengeSpecSolverDns01Rfc2136; + + /** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#route53 + */ + readonly route53?: ChallengeSpecSolverDns01Route53; + + /** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01#webhook + */ + readonly webhook?: ChallengeSpecSolverDns01Webhook; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01(obj: ChallengeSpecSolverDns01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'acmeDNS': toJson_ChallengeSpecSolverDns01AcmeDns(obj.acmeDns), + 'akamai': toJson_ChallengeSpecSolverDns01Akamai(obj.akamai), + 'azureDNS': toJson_ChallengeSpecSolverDns01AzureDns(obj.azureDns), + 'cloudDNS': toJson_ChallengeSpecSolverDns01CloudDns(obj.cloudDns), + 'cloudflare': toJson_ChallengeSpecSolverDns01Cloudflare(obj.cloudflare), + 'cnameStrategy': obj.cnameStrategy, + 'digitalocean': toJson_ChallengeSpecSolverDns01Digitalocean(obj.digitalocean), + 'rfc2136': toJson_ChallengeSpecSolverDns01Rfc2136(obj.rfc2136), + 'route53': toJson_ChallengeSpecSolverDns01Route53(obj.route53), + 'webhook': toJson_ChallengeSpecSolverDns01Webhook(obj.webhook), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema ChallengeSpecSolverHttp01 + */ +export interface ChallengeSpecSolverHttp01 { + /** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema ChallengeSpecSolverHttp01#gatewayHTTPRoute + */ + readonly gatewayHttpRoute?: ChallengeSpecSolverHttp01GatewayHttpRoute; + + /** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema ChallengeSpecSolverHttp01#ingress + */ + readonly ingress?: ChallengeSpecSolverHttp01Ingress; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01(obj: ChallengeSpecSolverHttp01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'gatewayHTTPRoute': toJson_ChallengeSpecSolverHttp01GatewayHttpRoute(obj.gatewayHttpRoute), + 'ingress': toJson_ChallengeSpecSolverHttp01Ingress(obj.ingress), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema ChallengeSpecSolverSelector + */ +export interface ChallengeSpecSolverSelector { + /** + * List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema ChallengeSpecSolverSelector#dnsNames + */ + readonly dnsNames?: string[]; + + /** + * List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema ChallengeSpecSolverSelector#dnsZones + */ + readonly dnsZones?: string[]; + + /** + * A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + * + * @schema ChallengeSpecSolverSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverSelector(obj: ChallengeSpecSolverSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dnsNames': obj.dnsNames?.map(y => y), + 'dnsZones': obj.dnsZones?.map(y => y), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01AcmeDns + */ +export interface ChallengeSpecSolverDns01AcmeDns { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01AcmeDns#accountSecretRef + */ + readonly accountSecretRef: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef; + + /** + * @schema ChallengeSpecSolverDns01AcmeDns#host + */ + readonly host: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AcmeDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AcmeDns(obj: ChallengeSpecSolverDns01AcmeDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accountSecretRef': toJson_ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(obj.accountSecretRef), + 'host': obj.host, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Akamai + */ +export interface ChallengeSpecSolverDns01Akamai { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01Akamai#accessTokenSecretRef + */ + readonly accessTokenSecretRef: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01Akamai#clientSecretSecretRef + */ + readonly clientSecretSecretRef: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01Akamai#clientTokenSecretRef + */ + readonly clientTokenSecretRef: ChallengeSpecSolverDns01AkamaiClientTokenSecretRef; + + /** + * @schema ChallengeSpecSolverDns01Akamai#serviceConsumerDomain + */ + readonly serviceConsumerDomain: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Akamai' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Akamai(obj: ChallengeSpecSolverDns01Akamai | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessTokenSecretRef': toJson_ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(obj.accessTokenSecretRef), + 'clientSecretSecretRef': toJson_ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(obj.clientSecretSecretRef), + 'clientTokenSecretRef': toJson_ChallengeSpecSolverDns01AkamaiClientTokenSecretRef(obj.clientTokenSecretRef), + 'serviceConsumerDomain': obj.serviceConsumerDomain, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01AzureDns + */ +export interface ChallengeSpecSolverDns01AzureDns { + /** + * if both this and ClientSecret are left unset MSI will be used + * + * @schema ChallengeSpecSolverDns01AzureDns#clientID + */ + readonly clientId?: string; + + /** + * if both this and ClientID are left unset MSI will be used + * + * @schema ChallengeSpecSolverDns01AzureDns#clientSecretSecretRef + */ + readonly clientSecretSecretRef?: ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef; + + /** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema ChallengeSpecSolverDns01AzureDns#environment + */ + readonly environment?: ChallengeSpecSolverDns01AzureDnsEnvironment; + + /** + * name of the DNS zone that should be used + * + * @schema ChallengeSpecSolverDns01AzureDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema ChallengeSpecSolverDns01AzureDns#managedIdentity + */ + readonly managedIdentity?: ChallengeSpecSolverDns01AzureDnsManagedIdentity; + + /** + * resource group the DNS zone is located in + * + * @schema ChallengeSpecSolverDns01AzureDns#resourceGroupName + */ + readonly resourceGroupName: string; + + /** + * ID of the Azure subscription + * + * @schema ChallengeSpecSolverDns01AzureDns#subscriptionID + */ + readonly subscriptionId: string; + + /** + * when specifying ClientID and ClientSecret then this field is also needed + * + * @schema ChallengeSpecSolverDns01AzureDns#tenantID + */ + readonly tenantId?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AzureDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AzureDns(obj: ChallengeSpecSolverDns01AzureDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'clientSecretSecretRef': toJson_ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef(obj.clientSecretSecretRef), + 'environment': obj.environment, + 'hostedZoneName': obj.hostedZoneName, + 'managedIdentity': toJson_ChallengeSpecSolverDns01AzureDnsManagedIdentity(obj.managedIdentity), + 'resourceGroupName': obj.resourceGroupName, + 'subscriptionID': obj.subscriptionId, + 'tenantID': obj.tenantId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01CloudDns + */ +export interface ChallengeSpecSolverDns01CloudDns { + /** + * HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + * + * @schema ChallengeSpecSolverDns01CloudDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * @schema ChallengeSpecSolverDns01CloudDns#project + */ + readonly project: string; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01CloudDns#serviceAccountSecretRef + */ + readonly serviceAccountSecretRef?: ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01CloudDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01CloudDns(obj: ChallengeSpecSolverDns01CloudDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostedZoneName': obj.hostedZoneName, + 'project': obj.project, + 'serviceAccountSecretRef': toJson_ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef(obj.serviceAccountSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Cloudflare + */ +export interface ChallengeSpecSolverDns01Cloudflare { + /** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema ChallengeSpecSolverDns01Cloudflare#apiKeySecretRef + */ + readonly apiKeySecretRef?: ChallengeSpecSolverDns01CloudflareApiKeySecretRef; + + /** + * API token used to authenticate with Cloudflare. + * + * @schema ChallengeSpecSolverDns01Cloudflare#apiTokenSecretRef + */ + readonly apiTokenSecretRef?: ChallengeSpecSolverDns01CloudflareApiTokenSecretRef; + + /** + * Email of the account, only required when using API key based authentication. + * + * @schema ChallengeSpecSolverDns01Cloudflare#email + */ + readonly email?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Cloudflare' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Cloudflare(obj: ChallengeSpecSolverDns01Cloudflare | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiKeySecretRef': toJson_ChallengeSpecSolverDns01CloudflareApiKeySecretRef(obj.apiKeySecretRef), + 'apiTokenSecretRef': toJson_ChallengeSpecSolverDns01CloudflareApiTokenSecretRef(obj.apiTokenSecretRef), + 'email': obj.email, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema ChallengeSpecSolverDns01CnameStrategy + */ +export enum ChallengeSpecSolverDns01CnameStrategy { + /** None */ + NONE = 'None', + /** Follow */ + FOLLOW = 'Follow', +} + +/** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Digitalocean + */ +export interface ChallengeSpecSolverDns01Digitalocean { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01Digitalocean#tokenSecretRef + */ + readonly tokenSecretRef: ChallengeSpecSolverDns01DigitaloceanTokenSecretRef; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Digitalocean' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Digitalocean(obj: ChallengeSpecSolverDns01Digitalocean | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'tokenSecretRef': toJson_ChallengeSpecSolverDns01DigitaloceanTokenSecretRef(obj.tokenSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Rfc2136 + */ +export interface ChallengeSpecSolverDns01Rfc2136 { + /** + * The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + * + * @schema ChallengeSpecSolverDns01Rfc2136#nameserver + */ + readonly nameserver: string; + + /** + * The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + * + * @schema ChallengeSpecSolverDns01Rfc2136#tsigAlgorithm + */ + readonly tsigAlgorithm?: string; + + /** + * The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + * + * @schema ChallengeSpecSolverDns01Rfc2136#tsigKeyName + */ + readonly tsigKeyName?: string; + + /** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema ChallengeSpecSolverDns01Rfc2136#tsigSecretSecretRef + */ + readonly tsigSecretSecretRef?: ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Rfc2136' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Rfc2136(obj: ChallengeSpecSolverDns01Rfc2136 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nameserver': obj.nameserver, + 'tsigAlgorithm': obj.tsigAlgorithm, + 'tsigKeyName': obj.tsigKeyName, + 'tsigSecretSecretRef': toJson_ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef(obj.tsigSecretSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Route53 + */ +export interface ChallengeSpecSolverDns01Route53 { + /** + * The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ChallengeSpecSolverDns01Route53#accessKeyID + */ + readonly accessKeyId?: string; + + /** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ChallengeSpecSolverDns01Route53#accessKeyIDSecretRef + */ + readonly accessKeyIdSecretRef?: ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef; + + /** + * If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + * + * @schema ChallengeSpecSolverDns01Route53#hostedZoneID + */ + readonly hostedZoneId?: string; + + /** + * Always set the region when using AccessKeyID and SecretAccessKey + * + * @schema ChallengeSpecSolverDns01Route53#region + */ + readonly region: string; + + /** + * Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + * + * @schema ChallengeSpecSolverDns01Route53#role + */ + readonly role?: string; + + /** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ChallengeSpecSolverDns01Route53#secretAccessKeySecretRef + */ + readonly secretAccessKeySecretRef?: ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Route53' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Route53(obj: ChallengeSpecSolverDns01Route53 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessKeyID': obj.accessKeyId, + 'accessKeyIDSecretRef': toJson_ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef(obj.accessKeyIdSecretRef), + 'hostedZoneID': obj.hostedZoneId, + 'region': obj.region, + 'role': obj.role, + 'secretAccessKeySecretRef': toJson_ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef(obj.secretAccessKeySecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema ChallengeSpecSolverDns01Webhook + */ +export interface ChallengeSpecSolverDns01Webhook { + /** + * Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + * + * @schema ChallengeSpecSolverDns01Webhook#config + */ + readonly config?: any; + + /** + * The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + * + * @schema ChallengeSpecSolverDns01Webhook#groupName + */ + readonly groupName: string; + + /** + * The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + * + * @schema ChallengeSpecSolverDns01Webhook#solverName + */ + readonly solverName: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Webhook' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Webhook(obj: ChallengeSpecSolverDns01Webhook | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'config': obj.config, + 'groupName': obj.groupName, + 'solverName': obj.solverName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRoute + */ +export interface ChallengeSpecSolverHttp01GatewayHttpRoute { + /** + * Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#parentRefs + */ + readonly parentRefs?: ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs[]; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRoute#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01GatewayHttpRoute' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01GatewayHttpRoute(obj: ChallengeSpecSolverHttp01GatewayHttpRoute | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'parentRefs': obj.parentRefs?.map(y => toJson_ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs(y)), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema ChallengeSpecSolverHttp01Ingress + */ +export interface ChallengeSpecSolverHttp01Ingress { + /** + * The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + * + * @schema ChallengeSpecSolverHttp01Ingress#class + */ + readonly class?: string; + + /** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema ChallengeSpecSolverHttp01Ingress#ingressTemplate + */ + readonly ingressTemplate?: ChallengeSpecSolverHttp01IngressIngressTemplate; + + /** + * The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + * + * @schema ChallengeSpecSolverHttp01Ingress#name + */ + readonly name?: string; + + /** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema ChallengeSpecSolverHttp01Ingress#podTemplate + */ + readonly podTemplate?: ChallengeSpecSolverHttp01IngressPodTemplate; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema ChallengeSpecSolverHttp01Ingress#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01Ingress' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01Ingress(obj: ChallengeSpecSolverHttp01Ingress | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'class': obj.class, + 'ingressTemplate': toJson_ChallengeSpecSolverHttp01IngressIngressTemplate(obj.ingressTemplate), + 'name': obj.name, + 'podTemplate': toJson_ChallengeSpecSolverHttp01IngressPodTemplate(obj.podTemplate), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef + */ +export interface ChallengeSpecSolverDns01AcmeDnsAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01AcmeDnsAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AcmeDnsAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AcmeDnsAccountSecretRef(obj: ChallengeSpecSolverDns01AcmeDnsAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef + */ +export interface ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef(obj: ChallengeSpecSolverDns01AkamaiAccessTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef + */ +export interface ChallengeSpecSolverDns01AkamaiClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01AkamaiClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AkamaiClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AkamaiClientSecretSecretRef(obj: ChallengeSpecSolverDns01AkamaiClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef + */ +export interface ChallengeSpecSolverDns01AkamaiClientTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01AkamaiClientTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AkamaiClientTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AkamaiClientTokenSecretRef(obj: ChallengeSpecSolverDns01AkamaiClientTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * if both this and ClientID are left unset MSI will be used + * + * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef + */ +export interface ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef(obj: ChallengeSpecSolverDns01AzureDnsClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema ChallengeSpecSolverDns01AzureDnsEnvironment + */ +export enum ChallengeSpecSolverDns01AzureDnsEnvironment { + /** AzurePublicCloud */ + AZURE_PUBLIC_CLOUD = 'AzurePublicCloud', + /** AzureChinaCloud */ + AZURE_CHINA_CLOUD = 'AzureChinaCloud', + /** AzureGermanCloud */ + AZURE_GERMAN_CLOUD = 'AzureGermanCloud', + /** AzureUSGovernmentCloud */ + AZURE_US_GOVERNMENT_CLOUD = 'AzureUSGovernmentCloud', +} + +/** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity + */ +export interface ChallengeSpecSolverDns01AzureDnsManagedIdentity { + /** + * client ID of the managed identity, can not be used at the same time as resourceID + * + * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity#clientID + */ + readonly clientId?: string; + + /** + * resource ID of the managed identity, can not be used at the same time as clientID + * + * @schema ChallengeSpecSolverDns01AzureDnsManagedIdentity#resourceID + */ + readonly resourceId?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01AzureDnsManagedIdentity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01AzureDnsManagedIdentity(obj: ChallengeSpecSolverDns01AzureDnsManagedIdentity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'resourceID': obj.resourceId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef + */ +export interface ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef(obj: ChallengeSpecSolverDns01CloudDnsServiceAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef + */ +export interface ChallengeSpecSolverDns01CloudflareApiKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01CloudflareApiKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01CloudflareApiKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01CloudflareApiKeySecretRef(obj: ChallengeSpecSolverDns01CloudflareApiKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API token used to authenticate with Cloudflare. + * + * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef + */ +export interface ChallengeSpecSolverDns01CloudflareApiTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01CloudflareApiTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01CloudflareApiTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01CloudflareApiTokenSecretRef(obj: ChallengeSpecSolverDns01CloudflareApiTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef + */ +export interface ChallengeSpecSolverDns01DigitaloceanTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01DigitaloceanTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01DigitaloceanTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01DigitaloceanTokenSecretRef(obj: ChallengeSpecSolverDns01DigitaloceanTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef + */ +export interface ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef(obj: ChallengeSpecSolverDns01Rfc2136TsigSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef + */ +export interface ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef(obj: ChallengeSpecSolverDns01Route53AccessKeyIdSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef + */ +export interface ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef(obj: ChallengeSpecSolverDns01Route53SecretAccessKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + * The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs + */ +export interface ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs { + /** + * Group is the group of the referent. + * Support: Core + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * Support: Core (Gateway) + * Support: Custom (Other Resources) + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * Support: Core + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + * Support: Core + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + * When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + * For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Extended + * + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#port + */ + readonly port?: number; + + /** + * SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + * When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Core + * + * @schema ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs#sectionName + */ + readonly sectionName?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs(obj: ChallengeSpecSolverHttp01GatewayHttpRouteParentRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema ChallengeSpecSolverHttp01IngressIngressTemplate + */ +export interface ChallengeSpecSolverHttp01IngressIngressTemplate { + /** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ChallengeSpecSolverHttp01IngressIngressTemplate#metadata + */ + readonly metadata?: ChallengeSpecSolverHttp01IngressIngressTemplateMetadata; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressIngressTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressIngressTemplate(obj: ChallengeSpecSolverHttp01IngressIngressTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_ChallengeSpecSolverHttp01IngressIngressTemplateMetadata(obj.metadata), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplate + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplate { + /** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplate#metadata + */ + readonly metadata?: ChallengeSpecSolverHttp01IngressPodTemplateMetadata; + + /** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplate#spec + */ + readonly spec?: ChallengeSpecSolverHttp01IngressPodTemplateSpec; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplate(obj: ChallengeSpecSolverHttp01IngressPodTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_ChallengeSpecSolverHttp01IngressPodTemplateMetadata(obj.metadata), + 'spec': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ChallengeSpecSolverHttp01IngressIngressTemplateMetadata + */ +export interface ChallengeSpecSolverHttp01IngressIngressTemplateMetadata { + /** + * Annotations that should be added to the created ACME HTTP01 solver ingress. + * + * @schema ChallengeSpecSolverHttp01IngressIngressTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver ingress. + * + * @schema ChallengeSpecSolverHttp01IngressIngressTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressIngressTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressIngressTemplateMetadata(obj: ChallengeSpecSolverHttp01IngressIngressTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateMetadata + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateMetadata { + /** + * Annotations that should be added to the create ACME HTTP01 solver pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateMetadata(obj: ChallengeSpecSolverHttp01IngressPodTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpec { + /** + * If specified, the pod's scheduling constraints + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec#affinity + */ + readonly affinity?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity; + + /** + * NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec#nodeSelector + */ + readonly nodeSelector?: { [key: string]: string }; + + /** + * If specified, the pod's priorityClassName. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec#priorityClassName + */ + readonly priorityClassName?: string; + + /** + * If specified, the pod's service account + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec#serviceAccountName + */ + readonly serviceAccountName?: string; + + /** + * If specified, the pod's tolerations. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpec#tolerations + */ + readonly tolerations?: ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpec(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'affinity': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity(obj.affinity), + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'priorityClassName': obj.priorityClassName, + 'serviceAccountName': obj.serviceAccountName, + 'tolerations': obj.tolerations?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If specified, the pod's scheduling constraints + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity { + /** + * Describes node affinity scheduling rules for the pod. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity#nodeAffinity + */ + readonly nodeAffinity?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity; + + /** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity#podAffinity + */ + readonly podAffinity?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity; + + /** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity#podAntiAffinity + */ + readonly podAntiAffinity?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeAffinity': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj.nodeAffinity), + 'podAffinity': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity(obj.podAffinity), + 'podAntiAffinity': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj.podAntiAffinity), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations { + /** + * Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations#effect + */ + readonly effect?: string; + + /** + * Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations#key + */ + readonly key?: string; + + /** + * Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * + * @default Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations#operator + */ + readonly operator?: string; + + /** + * TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations#tolerationSeconds + */ + readonly tolerationSeconds?: number; + + /** + * Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations#value + */ + readonly value?: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecTolerations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'effect': obj.effect, + 'key': obj.key, + 'operator': obj.operator, + 'tolerationSeconds': obj.tolerationSeconds, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes node affinity scheduling rules for the pod. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj.requiredDuringSchedulingIgnoredDuringExecution), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * A node selector term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#preference + */ + readonly preference: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference; + + /** + * Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preference': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj.preference), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A list of node selector terms. The terms are ORed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution#nodeSelectorTerms + */ + readonly nodeSelectorTerms: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeSelectorTerms': obj.nodeSelectorTerms?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /** + * A list of node selector requirements by node's labels. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchFields + */ + readonly matchFields?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /** + * A list of node selector requirements by node's labels. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchFields + */ + readonly matchFields?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /** + * The label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /** + * The label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: ChallengeSpecSolverHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * Order is a type to represent an Order with an ACME server + * + * @schema Order + */ +export class Order extends ApiObject { + /** + * Returns the apiVersion and kind for "Order" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'acme.cert-manager.io/v1', + kind: 'Order', + } + + /** + * Renders a Kubernetes manifest for "Order". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: OrderProps): any { + return { + ...Order.GVK, + ...toJson_OrderProps(props), + }; + } + + /** + * Defines a "Order" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: OrderProps) { + super(scope, id, { + ...Order.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Order.GVK, + ...toJson_OrderProps(resolved), + }; + } +} + +/** + * Order is a type to represent an Order with an ACME server + * + * @schema Order + */ +export interface OrderProps { + /** + * @schema Order#metadata + */ + readonly metadata: ApiObjectMetadata; + + /** + * @schema Order#spec + */ + readonly spec: OrderSpec; + +} + +/** + * Converts an object of type 'OrderProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_OrderProps(obj: OrderProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_OrderSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema OrderSpec + */ +export interface OrderSpec { + /** + * CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + * + * @schema OrderSpec#commonName + */ + readonly commonName?: string; + + /** + * DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + * + * @schema OrderSpec#dnsNames + */ + readonly dnsNames?: string[]; + + /** + * Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + * + * @schema OrderSpec#duration + */ + readonly duration?: string; + + /** + * IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + * + * @schema OrderSpec#ipAddresses + */ + readonly ipAddresses?: string[]; + + /** + * IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + * + * @schema OrderSpec#issuerRef + */ + readonly issuerRef: OrderSpecIssuerRef; + + /** + * Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + * + * @schema OrderSpec#request + */ + readonly request: string; + +} + +/** + * Converts an object of type 'OrderSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_OrderSpec(obj: OrderSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'commonName': obj.commonName, + 'dnsNames': obj.dnsNames?.map(y => y), + 'duration': obj.duration, + 'ipAddresses': obj.ipAddresses?.map(y => y), + 'issuerRef': toJson_OrderSpecIssuerRef(obj.issuerRef), + 'request': obj.request, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + * + * @schema OrderSpecIssuerRef + */ +export interface OrderSpecIssuerRef { + /** + * Group of the resource being referred to. + * + * @schema OrderSpecIssuerRef#group + */ + readonly group?: string; + + /** + * Kind of the resource being referred to. + * + * @schema OrderSpecIssuerRef#kind + */ + readonly kind?: string; + + /** + * Name of the resource being referred to. + * + * @schema OrderSpecIssuerRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'OrderSpecIssuerRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_OrderSpecIssuerRef(obj: OrderSpecIssuerRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/addresspools-metallb.io.ts b/packages/k8s-generated/generated/addresspools-metallb.io.ts new file mode 100644 index 0000000..ee3e86d --- /dev/null +++ b/packages/k8s-generated/generated/addresspools-metallb.io.ts @@ -0,0 +1,416 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * AddressPool is the Schema for the addresspools API. + * + * @schema AddressPool + */ +export class AddressPool extends ApiObject { + /** + * Returns the apiVersion and kind for "AddressPool" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1alpha1', + kind: 'AddressPool', + } + + /** + * Renders a Kubernetes manifest for "AddressPool". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: AddressPoolProps): any { + return { + ...AddressPool.GVK, + ...toJson_AddressPoolProps(props), + }; + } + + /** + * Defines a "AddressPool" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: AddressPoolProps) { + super(scope, id, { + ...AddressPool.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...AddressPool.GVK, + ...toJson_AddressPoolProps(resolved), + }; + } +} + +/** + * AddressPool is the Schema for the addresspools API. + * + * @schema AddressPool + */ +export interface AddressPoolProps { + /** + * @schema AddressPool#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * AddressPoolSpec defines the desired state of AddressPool. + * + * @schema AddressPool#spec + */ + readonly spec: AddressPoolSpec; + +} + +/** + * Converts an object of type 'AddressPoolProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolProps(obj: AddressPoolProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_AddressPoolSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AddressPoolSpec defines the desired state of AddressPool. + * + * @schema AddressPoolSpec + */ +export interface AddressPoolSpec { + /** + * A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. + * + * @schema AddressPoolSpec#addresses + */ + readonly addresses: string[]; + + /** + * AutoAssign flag used to prevent MetallB from automatic allocation for a pool. + * + * @schema AddressPoolSpec#autoAssign + */ + readonly autoAssign?: boolean; + + /** + * When an IP is allocated from this pool, how should it be translated into BGP announcements? + * + * @schema AddressPoolSpec#bgpAdvertisements + */ + readonly bgpAdvertisements?: AddressPoolSpecBgpAdvertisements[]; + + /** + * Protocol can be used to select how the announcement is done. + * + * @schema AddressPoolSpec#protocol + */ + readonly protocol: AddressPoolSpecProtocol; + +} + +/** + * Converts an object of type 'AddressPoolSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolSpec(obj: AddressPoolSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'addresses': obj.addresses?.map(y => y), + 'autoAssign': obj.autoAssign, + 'bgpAdvertisements': obj.bgpAdvertisements?.map(y => toJson_AddressPoolSpecBgpAdvertisements(y)), + 'protocol': obj.protocol, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema AddressPoolSpecBgpAdvertisements + */ +export interface AddressPoolSpecBgpAdvertisements { + /** + * The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. + * + * @schema AddressPoolSpecBgpAdvertisements#aggregationLength + */ + readonly aggregationLength?: number; + + /** + * Optional, defaults to 128 (i.e. no aggregation) if not specified. + * + * @schema AddressPoolSpecBgpAdvertisements#aggregationLengthV6 + */ + readonly aggregationLengthV6?: number; + + /** + * BGP communities + * + * @schema AddressPoolSpecBgpAdvertisements#communities + */ + readonly communities?: string[]; + + /** + * BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. + * + * @schema AddressPoolSpecBgpAdvertisements#localPref + */ + readonly localPref?: number; + +} + +/** + * Converts an object of type 'AddressPoolSpecBgpAdvertisements' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolSpecBgpAdvertisements(obj: AddressPoolSpecBgpAdvertisements | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'aggregationLength': obj.aggregationLength, + 'aggregationLengthV6': obj.aggregationLengthV6, + 'communities': obj.communities?.map(y => y), + 'localPref': obj.localPref, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Protocol can be used to select how the announcement is done. + * + * @schema AddressPoolSpecProtocol + */ +export enum AddressPoolSpecProtocol { + /** layer2 */ + LAYER2 = 'layer2', + /** bgp */ + BGP = 'bgp', +} + + +/** + * AddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. AddressPool is deprecated and being replaced by IPAddressPool. + * + * @schema AddressPoolV1Beta1 + */ +export class AddressPoolV1Beta1 extends ApiObject { + /** + * Returns the apiVersion and kind for "AddressPoolV1Beta1" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'AddressPool', + } + + /** + * Renders a Kubernetes manifest for "AddressPoolV1Beta1". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: AddressPoolV1Beta1Props): any { + return { + ...AddressPoolV1Beta1.GVK, + ...toJson_AddressPoolV1Beta1Props(props), + }; + } + + /** + * Defines a "AddressPoolV1Beta1" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: AddressPoolV1Beta1Props) { + super(scope, id, { + ...AddressPoolV1Beta1.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...AddressPoolV1Beta1.GVK, + ...toJson_AddressPoolV1Beta1Props(resolved), + }; + } +} + +/** + * AddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. AddressPool is deprecated and being replaced by IPAddressPool. + * + * @schema AddressPoolV1Beta1 + */ +export interface AddressPoolV1Beta1Props { + /** + * @schema AddressPoolV1Beta1#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * AddressPoolSpec defines the desired state of AddressPool. + * + * @schema AddressPoolV1Beta1#spec + */ + readonly spec: AddressPoolV1Beta1Spec; + +} + +/** + * Converts an object of type 'AddressPoolV1Beta1Props' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolV1Beta1Props(obj: AddressPoolV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_AddressPoolV1Beta1Spec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AddressPoolSpec defines the desired state of AddressPool. + * + * @schema AddressPoolV1Beta1Spec + */ +export interface AddressPoolV1Beta1Spec { + /** + * A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. + * + * @schema AddressPoolV1Beta1Spec#addresses + */ + readonly addresses: string[]; + + /** + * AutoAssign flag used to prevent MetallB from automatic allocation for a pool. + * + * @schema AddressPoolV1Beta1Spec#autoAssign + */ + readonly autoAssign?: boolean; + + /** + * Drives how an IP allocated from this pool should translated into BGP announcements. + * + * @schema AddressPoolV1Beta1Spec#bgpAdvertisements + */ + readonly bgpAdvertisements?: AddressPoolV1Beta1SpecBgpAdvertisements[]; + + /** + * Protocol can be used to select how the announcement is done. + * + * @schema AddressPoolV1Beta1Spec#protocol + */ + readonly protocol: AddressPoolV1Beta1SpecProtocol; + +} + +/** + * Converts an object of type 'AddressPoolV1Beta1Spec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolV1Beta1Spec(obj: AddressPoolV1Beta1Spec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'addresses': obj.addresses?.map(y => y), + 'autoAssign': obj.autoAssign, + 'bgpAdvertisements': obj.bgpAdvertisements?.map(y => toJson_AddressPoolV1Beta1SpecBgpAdvertisements(y)), + 'protocol': obj.protocol, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema AddressPoolV1Beta1SpecBgpAdvertisements + */ +export interface AddressPoolV1Beta1SpecBgpAdvertisements { + /** + * The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. + * + * @schema AddressPoolV1Beta1SpecBgpAdvertisements#aggregationLength + */ + readonly aggregationLength?: number; + + /** + * Optional, defaults to 128 (i.e. no aggregation) if not specified. + * + * @schema AddressPoolV1Beta1SpecBgpAdvertisements#aggregationLengthV6 + */ + readonly aggregationLengthV6?: number; + + /** + * BGP communities to be associated with the given advertisement. + * + * @schema AddressPoolV1Beta1SpecBgpAdvertisements#communities + */ + readonly communities?: string[]; + + /** + * BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. + * + * @schema AddressPoolV1Beta1SpecBgpAdvertisements#localPref + */ + readonly localPref?: number; + +} + +/** + * Converts an object of type 'AddressPoolV1Beta1SpecBgpAdvertisements' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_AddressPoolV1Beta1SpecBgpAdvertisements(obj: AddressPoolV1Beta1SpecBgpAdvertisements | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'aggregationLength': obj.aggregationLength, + 'aggregationLengthV6': obj.aggregationLengthV6, + 'communities': obj.communities?.map(y => y), + 'localPref': obj.localPref, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Protocol can be used to select how the announcement is done. + * + * @schema AddressPoolV1Beta1SpecProtocol + */ +export enum AddressPoolV1Beta1SpecProtocol { + /** layer2 */ + LAYER2 = 'layer2', + /** bgp */ + BGP = 'bgp', +} + diff --git a/packages/k8s-generated/generated/bfdprofiles-metallb.io.ts b/packages/k8s-generated/generated/bfdprofiles-metallb.io.ts new file mode 100644 index 0000000..386e231 --- /dev/null +++ b/packages/k8s-generated/generated/bfdprofiles-metallb.io.ts @@ -0,0 +1,174 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * BFDProfile represents the settings of the bfd session that can be optionally associated with a BGP session. + * + * @schema BFDProfile + */ +export class BfdProfile extends ApiObject { + /** + * Returns the apiVersion and kind for "BFDProfile" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'BFDProfile', + } + + /** + * Renders a Kubernetes manifest for "BFDProfile". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: BfdProfileProps = {}): any { + return { + ...BfdProfile.GVK, + ...toJson_BfdProfileProps(props), + }; + } + + /** + * Defines a "BFDProfile" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: BfdProfileProps = {}) { + super(scope, id, { + ...BfdProfile.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...BfdProfile.GVK, + ...toJson_BfdProfileProps(resolved), + }; + } +} + +/** + * BFDProfile represents the settings of the bfd session that can be optionally associated with a BGP session. + * + * @schema BFDProfile + */ +export interface BfdProfileProps { + /** + * @schema BFDProfile#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * BFDProfileSpec defines the desired state of BFDProfile. + * + * @schema BFDProfile#spec + */ + readonly spec?: BfdProfileSpec; + +} + +/** + * Converts an object of type 'BfdProfileProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BfdProfileProps(obj: BfdProfileProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_BfdProfileSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * BFDProfileSpec defines the desired state of BFDProfile. + * + * @schema BfdProfileSpec + */ +export interface BfdProfileSpec { + /** + * Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. + * + * @schema BfdProfileSpec#detectMultiplier + */ + readonly detectMultiplier?: number; + + /** + * Configures the minimal echo receive transmission interval that this system is capable of handling in milliseconds. Defaults to 50ms + * + * @default 50ms + * @schema BfdProfileSpec#echoInterval + */ + readonly echoInterval?: number; + + /** + * Enables or disables the echo transmission mode. This mode is disabled by default, and not supported on multi hops setups. + * + * @schema BfdProfileSpec#echoMode + */ + readonly echoMode?: boolean; + + /** + * For multi hop sessions only: configure the minimum expected TTL for an incoming BFD control packet. + * + * @schema BfdProfileSpec#minimumTtl + */ + readonly minimumTtl?: number; + + /** + * Mark session as passive: a passive session will not attempt to start the connection and will wait for control packets from peer before it begins replying. + * + * @schema BfdProfileSpec#passiveMode + */ + readonly passiveMode?: boolean; + + /** + * The minimum interval that this system is capable of receiving control packets in milliseconds. Defaults to 300ms. + * + * @default 300ms. + * @schema BfdProfileSpec#receiveInterval + */ + readonly receiveInterval?: number; + + /** + * The minimum transmission interval (less jitter) that this system wants to use to send BFD control packets in milliseconds. Defaults to 300ms + * + * @default 300ms + * @schema BfdProfileSpec#transmitInterval + */ + readonly transmitInterval?: number; + +} + +/** + * Converts an object of type 'BfdProfileSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BfdProfileSpec(obj: BfdProfileSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'detectMultiplier': obj.detectMultiplier, + 'echoInterval': obj.echoInterval, + 'echoMode': obj.echoMode, + 'minimumTtl': obj.minimumTtl, + 'passiveMode': obj.passiveMode, + 'receiveInterval': obj.receiveInterval, + 'transmitInterval': obj.transmitInterval, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/bgpadvertisements-metallb.io.ts b/packages/k8s-generated/generated/bgpadvertisements-metallb.io.ts new file mode 100644 index 0000000..53f13c0 --- /dev/null +++ b/packages/k8s-generated/generated/bgpadvertisements-metallb.io.ts @@ -0,0 +1,345 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * BGPAdvertisement allows to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + * + * @schema BGPAdvertisement + */ +export class BgpAdvertisement extends ApiObject { + /** + * Returns the apiVersion and kind for "BGPAdvertisement" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'BGPAdvertisement', + } + + /** + * Renders a Kubernetes manifest for "BGPAdvertisement". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: BgpAdvertisementProps = {}): any { + return { + ...BgpAdvertisement.GVK, + ...toJson_BgpAdvertisementProps(props), + }; + } + + /** + * Defines a "BGPAdvertisement" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: BgpAdvertisementProps = {}) { + super(scope, id, { + ...BgpAdvertisement.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...BgpAdvertisement.GVK, + ...toJson_BgpAdvertisementProps(resolved), + }; + } +} + +/** + * BGPAdvertisement allows to advertise the IPs coming from the selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + * + * @schema BGPAdvertisement + */ +export interface BgpAdvertisementProps { + /** + * @schema BGPAdvertisement#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + * + * @schema BGPAdvertisement#spec + */ + readonly spec?: BgpAdvertisementSpec; + +} + +/** + * Converts an object of type 'BgpAdvertisementProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementProps(obj: BgpAdvertisementProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_BgpAdvertisementSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + * + * @schema BgpAdvertisementSpec + */ +export interface BgpAdvertisementSpec { + /** + * The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. + * + * @default 32. Works for IPv4 addresses. + * @schema BgpAdvertisementSpec#aggregationLength + */ + readonly aggregationLength?: number; + + /** + * The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. + * + * @default 128. Works for IPv6 addresses. + * @schema BgpAdvertisementSpec#aggregationLengthV6 + */ + readonly aggregationLengthV6?: number; + + /** + * The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. + * + * @schema BgpAdvertisementSpec#communities + */ + readonly communities?: string[]; + + /** + * A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + * + * @schema BgpAdvertisementSpec#ipAddressPoolSelectors + */ + readonly ipAddressPoolSelectors?: BgpAdvertisementSpecIpAddressPoolSelectors[]; + + /** + * The list of IPAddressPools to advertise via this advertisement, selected by name. + * + * @schema BgpAdvertisementSpec#ipAddressPools + */ + readonly ipAddressPools?: string[]; + + /** + * The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. + * + * @schema BgpAdvertisementSpec#localPref + */ + readonly localPref?: number; + + /** + * NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. + * + * @schema BgpAdvertisementSpec#nodeSelectors + */ + readonly nodeSelectors?: BgpAdvertisementSpecNodeSelectors[]; + + /** + * Peers limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. + * + * @schema BgpAdvertisementSpec#peers + */ + readonly peers?: string[]; + +} + +/** + * Converts an object of type 'BgpAdvertisementSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementSpec(obj: BgpAdvertisementSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'aggregationLength': obj.aggregationLength, + 'aggregationLengthV6': obj.aggregationLengthV6, + 'communities': obj.communities?.map(y => y), + 'ipAddressPoolSelectors': obj.ipAddressPoolSelectors?.map(y => toJson_BgpAdvertisementSpecIpAddressPoolSelectors(y)), + 'ipAddressPools': obj.ipAddressPools?.map(y => y), + 'localPref': obj.localPref, + 'nodeSelectors': obj.nodeSelectors?.map(y => toJson_BgpAdvertisementSpecNodeSelectors(y)), + 'peers': obj.peers?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectors + */ +export interface BgpAdvertisementSpecIpAddressPoolSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectors#matchExpressions + */ + readonly matchExpressions?: BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'BgpAdvertisementSpecIpAddressPoolSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementSpecIpAddressPoolSelectors(obj: BgpAdvertisementSpecIpAddressPoolSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema BgpAdvertisementSpecNodeSelectors + */ +export interface BgpAdvertisementSpecNodeSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema BgpAdvertisementSpecNodeSelectors#matchExpressions + */ + readonly matchExpressions?: BgpAdvertisementSpecNodeSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema BgpAdvertisementSpecNodeSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'BgpAdvertisementSpecNodeSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementSpecNodeSelectors(obj: BgpAdvertisementSpecNodeSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_BgpAdvertisementSpecNodeSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions + */ +export interface BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions(obj: BgpAdvertisementSpecIpAddressPoolSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema BgpAdvertisementSpecNodeSelectorsMatchExpressions + */ +export interface BgpAdvertisementSpecNodeSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema BgpAdvertisementSpecNodeSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema BgpAdvertisementSpecNodeSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema BgpAdvertisementSpecNodeSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'BgpAdvertisementSpecNodeSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpAdvertisementSpecNodeSelectorsMatchExpressions(obj: BgpAdvertisementSpecNodeSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/bgppeers-metallb.io.ts b/packages/k8s-generated/generated/bgppeers-metallb.io.ts new file mode 100644 index 0000000..c9ce376 --- /dev/null +++ b/packages/k8s-generated/generated/bgppeers-metallb.io.ts @@ -0,0 +1,619 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * BGPPeer is the Schema for the peers API. + * + * @schema BGPPeer + */ +export class BgpPeer extends ApiObject { + /** + * Returns the apiVersion and kind for "BGPPeer" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'BGPPeer', + } + + /** + * Renders a Kubernetes manifest for "BGPPeer". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: BgpPeerProps = {}): any { + return { + ...BgpPeer.GVK, + ...toJson_BgpPeerProps(props), + }; + } + + /** + * Defines a "BGPPeer" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: BgpPeerProps = {}) { + super(scope, id, { + ...BgpPeer.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...BgpPeer.GVK, + ...toJson_BgpPeerProps(resolved), + }; + } +} + +/** + * BGPPeer is the Schema for the peers API. + * + * @schema BGPPeer + */ +export interface BgpPeerProps { + /** + * @schema BGPPeer#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * BGPPeerSpec defines the desired state of Peer. + * + * @schema BGPPeer#spec + */ + readonly spec?: BgpPeerSpec; + +} + +/** + * Converts an object of type 'BgpPeerProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerProps(obj: BgpPeerProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_BgpPeerSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * BGPPeerSpec defines the desired state of Peer. + * + * @schema BgpPeerSpec + */ +export interface BgpPeerSpec { + /** + * @schema BgpPeerSpec#bfdProfile + */ + readonly bfdProfile?: string; + + /** + * EBGP peer is multi-hops away + * + * @schema BgpPeerSpec#ebgpMultiHop + */ + readonly ebgpMultiHop?: boolean; + + /** + * Requested BGP hold time, per RFC4271. + * + * @schema BgpPeerSpec#holdTime + */ + readonly holdTime?: string; + + /** + * Requested BGP keepalive time, per RFC4271. + * + * @schema BgpPeerSpec#keepaliveTime + */ + readonly keepaliveTime?: string; + + /** + * AS number to use for the local end of the session. + * + * @schema BgpPeerSpec#myASN + */ + readonly myAsn: number; + + /** + * Only connect to this peer on nodes that match one of these selectors. + * + * @schema BgpPeerSpec#nodeSelectors + */ + readonly nodeSelectors?: BgpPeerSpecNodeSelectors[]; + + /** + * Authentication password for routers enforcing TCP MD5 authenticated sessions + * + * @schema BgpPeerSpec#password + */ + readonly password?: string; + + /** + * AS number to expect from the remote end of the session. + * + * @schema BgpPeerSpec#peerASN + */ + readonly peerAsn: number; + + /** + * Address to dial when establishing the session. + * + * @schema BgpPeerSpec#peerAddress + */ + readonly peerAddress: string; + + /** + * Port to dial when establishing the session. + * + * @schema BgpPeerSpec#peerPort + */ + readonly peerPort?: number; + + /** + * BGP router ID to advertise to the peer + * + * @schema BgpPeerSpec#routerID + */ + readonly routerId?: string; + + /** + * Source address to use when establishing the session. + * + * @schema BgpPeerSpec#sourceAddress + */ + readonly sourceAddress?: string; + +} + +/** + * Converts an object of type 'BgpPeerSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerSpec(obj: BgpPeerSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'bfdProfile': obj.bfdProfile, + 'ebgpMultiHop': obj.ebgpMultiHop, + 'holdTime': obj.holdTime, + 'keepaliveTime': obj.keepaliveTime, + 'myASN': obj.myAsn, + 'nodeSelectors': obj.nodeSelectors?.map(y => toJson_BgpPeerSpecNodeSelectors(y)), + 'password': obj.password, + 'peerASN': obj.peerAsn, + 'peerAddress': obj.peerAddress, + 'peerPort': obj.peerPort, + 'routerID': obj.routerId, + 'sourceAddress': obj.sourceAddress, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema BgpPeerSpecNodeSelectors + */ +export interface BgpPeerSpecNodeSelectors { + /** + * @schema BgpPeerSpecNodeSelectors#matchExpressions + */ + readonly matchExpressions?: BgpPeerSpecNodeSelectorsMatchExpressions[]; + + /** + * @schema BgpPeerSpecNodeSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'BgpPeerSpecNodeSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerSpecNodeSelectors(obj: BgpPeerSpecNodeSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_BgpPeerSpecNodeSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema BgpPeerSpecNodeSelectorsMatchExpressions + */ +export interface BgpPeerSpecNodeSelectorsMatchExpressions { + /** + * @schema BgpPeerSpecNodeSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * @schema BgpPeerSpecNodeSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * @schema BgpPeerSpecNodeSelectorsMatchExpressions#values + */ + readonly values: string[]; + +} + +/** + * Converts an object of type 'BgpPeerSpecNodeSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerSpecNodeSelectorsMatchExpressions(obj: BgpPeerSpecNodeSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * BGPPeer is the Schema for the peers API. + * + * @schema BGPPeerV1Beta2 + */ +export class BgpPeerV1Beta2 extends ApiObject { + /** + * Returns the apiVersion and kind for "BGPPeerV1Beta2" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta2', + kind: 'BGPPeer', + } + + /** + * Renders a Kubernetes manifest for "BGPPeerV1Beta2". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: BgpPeerV1Beta2Props = {}): any { + return { + ...BgpPeerV1Beta2.GVK, + ...toJson_BgpPeerV1Beta2Props(props), + }; + } + + /** + * Defines a "BGPPeerV1Beta2" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: BgpPeerV1Beta2Props = {}) { + super(scope, id, { + ...BgpPeerV1Beta2.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...BgpPeerV1Beta2.GVK, + ...toJson_BgpPeerV1Beta2Props(resolved), + }; + } +} + +/** + * BGPPeer is the Schema for the peers API. + * + * @schema BGPPeerV1Beta2 + */ +export interface BgpPeerV1Beta2Props { + /** + * @schema BGPPeerV1Beta2#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * BGPPeerSpec defines the desired state of Peer. + * + * @schema BGPPeerV1Beta2#spec + */ + readonly spec?: BgpPeerV1Beta2Spec; + +} + +/** + * Converts an object of type 'BgpPeerV1Beta2Props' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerV1Beta2Props(obj: BgpPeerV1Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_BgpPeerV1Beta2Spec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * BGPPeerSpec defines the desired state of Peer. + * + * @schema BgpPeerV1Beta2Spec + */ +export interface BgpPeerV1Beta2Spec { + /** + * The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up. + * + * @schema BgpPeerV1Beta2Spec#bfdProfile + */ + readonly bfdProfile?: string; + + /** + * To set if the BGPPeer is multi-hops away. Needed for FRR mode only. + * + * @schema BgpPeerV1Beta2Spec#ebgpMultiHop + */ + readonly ebgpMultiHop?: boolean; + + /** + * Requested BGP hold time, per RFC4271. + * + * @schema BgpPeerV1Beta2Spec#holdTime + */ + readonly holdTime?: string; + + /** + * Requested BGP keepalive time, per RFC4271. + * + * @schema BgpPeerV1Beta2Spec#keepaliveTime + */ + readonly keepaliveTime?: string; + + /** + * AS number to use for the local end of the session. + * + * @schema BgpPeerV1Beta2Spec#myASN + */ + readonly myAsn: number; + + /** + * Only connect to this peer on nodes that match one of these selectors. + * + * @schema BgpPeerV1Beta2Spec#nodeSelectors + */ + readonly nodeSelectors?: BgpPeerV1Beta2SpecNodeSelectors[]; + + /** + * Authentication password for routers enforcing TCP MD5 authenticated sessions + * + * @schema BgpPeerV1Beta2Spec#password + */ + readonly password?: string; + + /** + * passwordSecret is name of the authentication secret for BGP Peer. the secret must be of type "kubernetes.io/basic-auth", and created in the same namespace as the MetalLB deployment. The password is stored in the secret as the key "password". + * + * @schema BgpPeerV1Beta2Spec#passwordSecret + */ + readonly passwordSecret?: BgpPeerV1Beta2SpecPasswordSecret; + + /** + * AS number to expect from the remote end of the session. + * + * @schema BgpPeerV1Beta2Spec#peerASN + */ + readonly peerAsn: number; + + /** + * Address to dial when establishing the session. + * + * @schema BgpPeerV1Beta2Spec#peerAddress + */ + readonly peerAddress: string; + + /** + * Port to dial when establishing the session. + * + * @schema BgpPeerV1Beta2Spec#peerPort + */ + readonly peerPort?: number; + + /** + * BGP router ID to advertise to the peer + * + * @schema BgpPeerV1Beta2Spec#routerID + */ + readonly routerId?: string; + + /** + * Source address to use when establishing the session. + * + * @schema BgpPeerV1Beta2Spec#sourceAddress + */ + readonly sourceAddress?: string; + + /** + * To set if we want to peer with the BGPPeer using an interface belonging to a host vrf + * + * @schema BgpPeerV1Beta2Spec#vrf + */ + readonly vrf?: string; + +} + +/** + * Converts an object of type 'BgpPeerV1Beta2Spec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerV1Beta2Spec(obj: BgpPeerV1Beta2Spec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'bfdProfile': obj.bfdProfile, + 'ebgpMultiHop': obj.ebgpMultiHop, + 'holdTime': obj.holdTime, + 'keepaliveTime': obj.keepaliveTime, + 'myASN': obj.myAsn, + 'nodeSelectors': obj.nodeSelectors?.map(y => toJson_BgpPeerV1Beta2SpecNodeSelectors(y)), + 'password': obj.password, + 'passwordSecret': toJson_BgpPeerV1Beta2SpecPasswordSecret(obj.passwordSecret), + 'peerASN': obj.peerAsn, + 'peerAddress': obj.peerAddress, + 'peerPort': obj.peerPort, + 'routerID': obj.routerId, + 'sourceAddress': obj.sourceAddress, + 'vrf': obj.vrf, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema BgpPeerV1Beta2SpecNodeSelectors + */ +export interface BgpPeerV1Beta2SpecNodeSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema BgpPeerV1Beta2SpecNodeSelectors#matchExpressions + */ + readonly matchExpressions?: BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema BgpPeerV1Beta2SpecNodeSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'BgpPeerV1Beta2SpecNodeSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerV1Beta2SpecNodeSelectors(obj: BgpPeerV1Beta2SpecNodeSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * passwordSecret is name of the authentication secret for BGP Peer. the secret must be of type "kubernetes.io/basic-auth", and created in the same namespace as the MetalLB deployment. The password is stored in the secret as the key "password". + * + * @schema BgpPeerV1Beta2SpecPasswordSecret + */ +export interface BgpPeerV1Beta2SpecPasswordSecret { + /** + * name is unique within a namespace to reference a secret resource. + * + * @schema BgpPeerV1Beta2SpecPasswordSecret#name + */ + readonly name?: string; + + /** + * namespace defines the space within which the secret name must be unique. + * + * @schema BgpPeerV1Beta2SpecPasswordSecret#namespace + */ + readonly namespace?: string; + +} + +/** + * Converts an object of type 'BgpPeerV1Beta2SpecPasswordSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerV1Beta2SpecPasswordSecret(obj: BgpPeerV1Beta2SpecPasswordSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'namespace': obj.namespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions + */ +export interface BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions(obj: BgpPeerV1Beta2SpecNodeSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/cert-manager.io.ts b/packages/k8s-generated/generated/cert-manager.io.ts new file mode 100644 index 0000000..a90d3a6 --- /dev/null +++ b/packages/k8s-generated/generated/cert-manager.io.ts @@ -0,0 +1,9227 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). + * + * @schema Certificate + */ +export class Certificate extends ApiObject { + /** + * Returns the apiVersion and kind for "Certificate" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'cert-manager.io/v1', + kind: 'Certificate', + } + + /** + * Renders a Kubernetes manifest for "Certificate". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: CertificateProps): any { + return { + ...Certificate.GVK, + ...toJson_CertificateProps(props), + }; + } + + /** + * Defines a "Certificate" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: CertificateProps) { + super(scope, id, { + ...Certificate.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Certificate.GVK, + ...toJson_CertificateProps(resolved), + }; + } +} + +/** + * A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + * The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). + * + * @schema Certificate + */ +export interface CertificateProps { + /** + * @schema Certificate#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Desired state of the Certificate resource. + * + * @schema Certificate#spec + */ + readonly spec: CertificateSpec; + +} + +/** + * Converts an object of type 'CertificateProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateProps(obj: CertificateProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_CertificateSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Desired state of the Certificate resource. + * + * @schema CertificateSpec + */ +export interface CertificateSpec { + /** + * AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components. + * + * @schema CertificateSpec#additionalOutputFormats + */ + readonly additionalOutputFormats?: CertificateSpecAdditionalOutputFormats[]; + + /** + * CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 + * + * @schema CertificateSpec#commonName + */ + readonly commonName?: string; + + /** + * DNSNames is a list of DNS subjectAltNames to be set on the Certificate. + * + * @schema CertificateSpec#dnsNames + */ + readonly dnsNames?: string[]; + + /** + * The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + * + * @schema CertificateSpec#duration + */ + readonly duration?: string; + + /** + * EmailAddresses is a list of email subjectAltNames to be set on the Certificate. + * + * @schema CertificateSpec#emailAddresses + */ + readonly emailAddresses?: string[]; + + /** + * EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest + * + * @schema CertificateSpec#encodeUsagesInRequest + */ + readonly encodeUsagesInRequest?: boolean; + + /** + * IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. + * + * @schema CertificateSpec#ipAddresses + */ + readonly ipAddresses?: string[]; + + /** + * IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`. + * + * @schema CertificateSpec#isCA + */ + readonly isCa?: boolean; + + /** + * IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. + * + * @schema CertificateSpec#issuerRef + */ + readonly issuerRef: CertificateSpecIssuerRef; + + /** + * Keystores configures additional keystore output formats stored in the `secretName` Secret resource. + * + * @schema CertificateSpec#keystores + */ + readonly keystores?: CertificateSpecKeystores; + + /** + * LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + * + * @schema CertificateSpec#literalSubject + */ + readonly literalSubject?: string; + + /** + * Options to control private keys used for the Certificate. + * + * @schema CertificateSpec#privateKey + */ + readonly privateKey?: CertificateSpecPrivateKey; + + /** + * How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + * + * @schema CertificateSpec#renewBefore + */ + readonly renewBefore?: string; + + /** + * revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + * + * @schema CertificateSpec#revisionHistoryLimit + */ + readonly revisionHistoryLimit?: number; + + /** + * SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. + * + * @schema CertificateSpec#secretName + */ + readonly secretName: string; + + /** + * SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + * + * @schema CertificateSpec#secretTemplate + */ + readonly secretTemplate?: CertificateSpecSecretTemplate; + + /** + * Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + * + * @schema CertificateSpec#subject + */ + readonly subject?: CertificateSpecSubject; + + /** + * URIs is a list of URI subjectAltNames to be set on the Certificate. + * + * @schema CertificateSpec#uris + */ + readonly uris?: string[]; + + /** + * Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified. + * + * @default digital signature` and `key encipherment` if not specified. + * @schema CertificateSpec#usages + */ + readonly usages?: CertificateSpecUsages[]; + +} + +/** + * Converts an object of type 'CertificateSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpec(obj: CertificateSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'additionalOutputFormats': obj.additionalOutputFormats?.map(y => toJson_CertificateSpecAdditionalOutputFormats(y)), + 'commonName': obj.commonName, + 'dnsNames': obj.dnsNames?.map(y => y), + 'duration': obj.duration, + 'emailAddresses': obj.emailAddresses?.map(y => y), + 'encodeUsagesInRequest': obj.encodeUsagesInRequest, + 'ipAddresses': obj.ipAddresses?.map(y => y), + 'isCA': obj.isCa, + 'issuerRef': toJson_CertificateSpecIssuerRef(obj.issuerRef), + 'keystores': toJson_CertificateSpecKeystores(obj.keystores), + 'literalSubject': obj.literalSubject, + 'privateKey': toJson_CertificateSpecPrivateKey(obj.privateKey), + 'renewBefore': obj.renewBefore, + 'revisionHistoryLimit': obj.revisionHistoryLimit, + 'secretName': obj.secretName, + 'secretTemplate': toJson_CertificateSpecSecretTemplate(obj.secretTemplate), + 'subject': toJson_CertificateSpecSubject(obj.subject), + 'uris': obj.uris?.map(y => y), + 'usages': obj.usages?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + * + * @schema CertificateSpecAdditionalOutputFormats + */ +export interface CertificateSpecAdditionalOutputFormats { + /** + * Type is the name of the format type that should be written to the Certificate's target Secret. + * + * @schema CertificateSpecAdditionalOutputFormats#type + */ + readonly type: CertificateSpecAdditionalOutputFormatsType; + +} + +/** + * Converts an object of type 'CertificateSpecAdditionalOutputFormats' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecAdditionalOutputFormats(obj: CertificateSpecAdditionalOutputFormats | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. + * + * @schema CertificateSpecIssuerRef + */ +export interface CertificateSpecIssuerRef { + /** + * Group of the resource being referred to. + * + * @schema CertificateSpecIssuerRef#group + */ + readonly group?: string; + + /** + * Kind of the resource being referred to. + * + * @schema CertificateSpecIssuerRef#kind + */ + readonly kind?: string; + + /** + * Name of the resource being referred to. + * + * @schema CertificateSpecIssuerRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'CertificateSpecIssuerRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecIssuerRef(obj: CertificateSpecIssuerRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Keystores configures additional keystore output formats stored in the `secretName` Secret resource. + * + * @schema CertificateSpecKeystores + */ +export interface CertificateSpecKeystores { + /** + * JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + * + * @schema CertificateSpecKeystores#jks + */ + readonly jks?: CertificateSpecKeystoresJks; + + /** + * PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + * + * @schema CertificateSpecKeystores#pkcs12 + */ + readonly pkcs12?: CertificateSpecKeystoresPkcs12; + +} + +/** + * Converts an object of type 'CertificateSpecKeystores' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecKeystores(obj: CertificateSpecKeystores | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'jks': toJson_CertificateSpecKeystoresJks(obj.jks), + 'pkcs12': toJson_CertificateSpecKeystoresPkcs12(obj.pkcs12), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Options to control private keys used for the Certificate. + * + * @schema CertificateSpecPrivateKey + */ +export interface CertificateSpecPrivateKey { + /** + * Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + * + * @schema CertificateSpecPrivateKey#algorithm + */ + readonly algorithm?: CertificateSpecPrivateKeyAlgorithm; + + /** + * The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + * + * @default PKCS1` if not specified. + * @schema CertificateSpecPrivateKey#encoding + */ + readonly encoding?: CertificateSpecPrivateKeyEncoding; + + /** + * RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. + * + * @default Never' for backward compatibility. + * @schema CertificateSpecPrivateKey#rotationPolicy + */ + readonly rotationPolicy?: CertificateSpecPrivateKeyRotationPolicy; + + /** + * Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + * + * @schema CertificateSpecPrivateKey#size + */ + readonly size?: number; + +} + +/** + * Converts an object of type 'CertificateSpecPrivateKey' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecPrivateKey(obj: CertificateSpecPrivateKey | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'algorithm': obj.algorithm, + 'encoding': obj.encoding, + 'rotationPolicy': obj.rotationPolicy, + 'size': obj.size, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + * + * @schema CertificateSpecSecretTemplate + */ +export interface CertificateSpecSecretTemplate { + /** + * Annotations is a key value map to be copied to the target Kubernetes Secret. + * + * @schema CertificateSpecSecretTemplate#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels is a key value map to be copied to the target Kubernetes Secret. + * + * @schema CertificateSpecSecretTemplate#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'CertificateSpecSecretTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecSecretTemplate(obj: CertificateSpecSecretTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + * + * @schema CertificateSpecSubject + */ +export interface CertificateSpecSubject { + /** + * Countries to be used on the Certificate. + * + * @schema CertificateSpecSubject#countries + */ + readonly countries?: string[]; + + /** + * Cities to be used on the Certificate. + * + * @schema CertificateSpecSubject#localities + */ + readonly localities?: string[]; + + /** + * Organizational Units to be used on the Certificate. + * + * @schema CertificateSpecSubject#organizationalUnits + */ + readonly organizationalUnits?: string[]; + + /** + * Organizations to be used on the Certificate. + * + * @schema CertificateSpecSubject#organizations + */ + readonly organizations?: string[]; + + /** + * Postal codes to be used on the Certificate. + * + * @schema CertificateSpecSubject#postalCodes + */ + readonly postalCodes?: string[]; + + /** + * State/Provinces to be used on the Certificate. + * + * @schema CertificateSpecSubject#provinces + */ + readonly provinces?: string[]; + + /** + * Serial number to be used on the Certificate. + * + * @schema CertificateSpecSubject#serialNumber + */ + readonly serialNumber?: string; + + /** + * Street addresses to be used on the Certificate. + * + * @schema CertificateSpecSubject#streetAddresses + */ + readonly streetAddresses?: string[]; + +} + +/** + * Converts an object of type 'CertificateSpecSubject' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecSubject(obj: CertificateSpecSubject | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'countries': obj.countries?.map(y => y), + 'localities': obj.localities?.map(y => y), + 'organizationalUnits': obj.organizationalUnits?.map(y => y), + 'organizations': obj.organizations?.map(y => y), + 'postalCodes': obj.postalCodes?.map(y => y), + 'provinces': obj.provinces?.map(y => y), + 'serialNumber': obj.serialNumber, + 'streetAddresses': obj.streetAddresses?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + * Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" + * + * @schema CertificateSpecUsages + */ +export enum CertificateSpecUsages { + /** signing */ + SIGNING = 'signing', + /** digital signature */ + DIGITAL_SIGNATURE = 'digital signature', + /** content commitment */ + CONTENT_COMMITMENT = 'content commitment', + /** key encipherment */ + KEY_ENCIPHERMENT = 'key encipherment', + /** key agreement */ + KEY_AGREEMENT = 'key agreement', + /** data encipherment */ + DATA_ENCIPHERMENT = 'data encipherment', + /** cert sign */ + CERT_SIGN = 'cert sign', + /** crl sign */ + CRL_SIGN = 'crl sign', + /** encipher only */ + ENCIPHER_ONLY = 'encipher only', + /** decipher only */ + DECIPHER_ONLY = 'decipher only', + /** any */ + ANY = 'any', + /** server auth */ + SERVER_AUTH = 'server auth', + /** client auth */ + CLIENT_AUTH = 'client auth', + /** code signing */ + CODE_SIGNING = 'code signing', + /** email protection */ + EMAIL_PROTECTION = 'email protection', + /** s/mime */ + S_MIME = 's/mime', + /** ipsec end system */ + IPSEC_END_SYSTEM = 'ipsec end system', + /** ipsec tunnel */ + IPSEC_TUNNEL = 'ipsec tunnel', + /** ipsec user */ + IPSEC_USER = 'ipsec user', + /** timestamping */ + TIMESTAMPING = 'timestamping', + /** ocsp signing */ + OCSP_SIGNING = 'ocsp signing', + /** microsoft sgc */ + MICROSOFT_SGC = 'microsoft sgc', + /** netscape sgc */ + NETSCAPE_SGC = 'netscape sgc', +} + +/** + * Type is the name of the format type that should be written to the Certificate's target Secret. + * + * @schema CertificateSpecAdditionalOutputFormatsType + */ +export enum CertificateSpecAdditionalOutputFormatsType { + /** DER */ + DER = 'DER', + /** CombinedPEM */ + COMBINED_PEM = 'CombinedPEM', +} + +/** + * JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + * + * @schema CertificateSpecKeystoresJks + */ +export interface CertificateSpecKeystoresJks { + /** + * Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + * + * @schema CertificateSpecKeystoresJks#create + */ + readonly create: boolean; + + /** + * PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + * + * @schema CertificateSpecKeystoresJks#passwordSecretRef + */ + readonly passwordSecretRef: CertificateSpecKeystoresJksPasswordSecretRef; + +} + +/** + * Converts an object of type 'CertificateSpecKeystoresJks' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecKeystoresJks(obj: CertificateSpecKeystoresJks | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'create': obj.create, + 'passwordSecretRef': toJson_CertificateSpecKeystoresJksPasswordSecretRef(obj.passwordSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + * + * @schema CertificateSpecKeystoresPkcs12 + */ +export interface CertificateSpecKeystoresPkcs12 { + /** + * Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + * + * @schema CertificateSpecKeystoresPkcs12#create + */ + readonly create: boolean; + + /** + * PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + * + * @schema CertificateSpecKeystoresPkcs12#passwordSecretRef + */ + readonly passwordSecretRef: CertificateSpecKeystoresPkcs12PasswordSecretRef; + +} + +/** + * Converts an object of type 'CertificateSpecKeystoresPkcs12' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecKeystoresPkcs12(obj: CertificateSpecKeystoresPkcs12 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'create': obj.create, + 'passwordSecretRef': toJson_CertificateSpecKeystoresPkcs12PasswordSecretRef(obj.passwordSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + * + * @schema CertificateSpecPrivateKeyAlgorithm + */ +export enum CertificateSpecPrivateKeyAlgorithm { + /** RSA */ + RSA = 'RSA', + /** ECDSA */ + ECDSA = 'ECDSA', + /** Ed25519 */ + ED25519 = 'Ed25519', +} + +/** + * The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + * + * @default PKCS1` if not specified. + * @schema CertificateSpecPrivateKeyEncoding + */ +export enum CertificateSpecPrivateKeyEncoding { + /** PKCS1 */ + PKCS1 = 'PKCS1', + /** PKCS8 */ + PKCS8 = 'PKCS8', +} + +/** + * RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. + * + * @default Never' for backward compatibility. + * @schema CertificateSpecPrivateKeyRotationPolicy + */ +export enum CertificateSpecPrivateKeyRotationPolicy { + /** Never */ + NEVER = 'Never', + /** Always */ + ALWAYS = 'Always', +} + +/** + * PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + * + * @schema CertificateSpecKeystoresJksPasswordSecretRef + */ +export interface CertificateSpecKeystoresJksPasswordSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema CertificateSpecKeystoresJksPasswordSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema CertificateSpecKeystoresJksPasswordSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'CertificateSpecKeystoresJksPasswordSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecKeystoresJksPasswordSecretRef(obj: CertificateSpecKeystoresJksPasswordSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + * + * @schema CertificateSpecKeystoresPkcs12PasswordSecretRef + */ +export interface CertificateSpecKeystoresPkcs12PasswordSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema CertificateSpecKeystoresPkcs12PasswordSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema CertificateSpecKeystoresPkcs12PasswordSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'CertificateSpecKeystoresPkcs12PasswordSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateSpecKeystoresPkcs12PasswordSecretRef(obj: CertificateSpecKeystoresPkcs12PasswordSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * A CertificateRequest is used to request a signed certificate from one of the configured issuers. + All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. + A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. + * + * @schema CertificateRequest + */ +export class CertificateRequest extends ApiObject { + /** + * Returns the apiVersion and kind for "CertificateRequest" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'cert-manager.io/v1', + kind: 'CertificateRequest', + } + + /** + * Renders a Kubernetes manifest for "CertificateRequest". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: CertificateRequestProps): any { + return { + ...CertificateRequest.GVK, + ...toJson_CertificateRequestProps(props), + }; + } + + /** + * Defines a "CertificateRequest" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: CertificateRequestProps) { + super(scope, id, { + ...CertificateRequest.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...CertificateRequest.GVK, + ...toJson_CertificateRequestProps(resolved), + }; + } +} + +/** + * A CertificateRequest is used to request a signed certificate from one of the configured issuers. + * All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. + * A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used. + * + * @schema CertificateRequest + */ +export interface CertificateRequestProps { + /** + * @schema CertificateRequest#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Desired state of the CertificateRequest resource. + * + * @schema CertificateRequest#spec + */ + readonly spec: CertificateRequestSpec; + +} + +/** + * Converts an object of type 'CertificateRequestProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateRequestProps(obj: CertificateRequestProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_CertificateRequestSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Desired state of the CertificateRequest resource. + * + * @schema CertificateRequestSpec + */ +export interface CertificateRequestSpec { + /** + * The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. + * + * @schema CertificateRequestSpec#duration + */ + readonly duration?: string; + + /** + * Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + * + * @schema CertificateRequestSpec#extra + */ + readonly extra?: { [key: string]: string[] }; + + /** + * Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + * + * @schema CertificateRequestSpec#groups + */ + readonly groups?: string[]; + + /** + * IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`. + * + * @schema CertificateRequestSpec#isCA + */ + readonly isCa?: boolean; + + /** + * IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. + * + * @schema CertificateRequestSpec#issuerRef + */ + readonly issuerRef: CertificateRequestSpecIssuerRef; + + /** + * The PEM-encoded x509 certificate signing request to be submitted to the CA for signing. + * + * @schema CertificateRequestSpec#request + */ + readonly request: string; + + /** + * UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + * + * @schema CertificateRequestSpec#uid + */ + readonly uid?: string; + + /** + * Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. + * + * @default digital signature` and `key encipherment` if not specified. + * @schema CertificateRequestSpec#usages + */ + readonly usages?: CertificateRequestSpecUsages[]; + + /** + * Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + * + * @schema CertificateRequestSpec#username + */ + readonly username?: string; + +} + +/** + * Converts an object of type 'CertificateRequestSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateRequestSpec(obj: CertificateRequestSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'duration': obj.duration, + 'extra': ((obj.extra) === undefined) ? undefined : (Object.entries(obj.extra).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.map(y => y) }), {})), + 'groups': obj.groups?.map(y => y), + 'isCA': obj.isCa, + 'issuerRef': toJson_CertificateRequestSpecIssuerRef(obj.issuerRef), + 'request': obj.request, + 'uid': obj.uid, + 'usages': obj.usages?.map(y => y), + 'username': obj.username, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. + * + * @schema CertificateRequestSpecIssuerRef + */ +export interface CertificateRequestSpecIssuerRef { + /** + * Group of the resource being referred to. + * + * @schema CertificateRequestSpecIssuerRef#group + */ + readonly group?: string; + + /** + * Kind of the resource being referred to. + * + * @schema CertificateRequestSpecIssuerRef#kind + */ + readonly kind?: string; + + /** + * Name of the resource being referred to. + * + * @schema CertificateRequestSpecIssuerRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'CertificateRequestSpecIssuerRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CertificateRequestSpecIssuerRef(obj: CertificateRequestSpecIssuerRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + * Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" + * + * @schema CertificateRequestSpecUsages + */ +export enum CertificateRequestSpecUsages { + /** signing */ + SIGNING = 'signing', + /** digital signature */ + DIGITAL_SIGNATURE = 'digital signature', + /** content commitment */ + CONTENT_COMMITMENT = 'content commitment', + /** key encipherment */ + KEY_ENCIPHERMENT = 'key encipherment', + /** key agreement */ + KEY_AGREEMENT = 'key agreement', + /** data encipherment */ + DATA_ENCIPHERMENT = 'data encipherment', + /** cert sign */ + CERT_SIGN = 'cert sign', + /** crl sign */ + CRL_SIGN = 'crl sign', + /** encipher only */ + ENCIPHER_ONLY = 'encipher only', + /** decipher only */ + DECIPHER_ONLY = 'decipher only', + /** any */ + ANY = 'any', + /** server auth */ + SERVER_AUTH = 'server auth', + /** client auth */ + CLIENT_AUTH = 'client auth', + /** code signing */ + CODE_SIGNING = 'code signing', + /** email protection */ + EMAIL_PROTECTION = 'email protection', + /** s/mime */ + S_MIME = 's/mime', + /** ipsec end system */ + IPSEC_END_SYSTEM = 'ipsec end system', + /** ipsec tunnel */ + IPSEC_TUNNEL = 'ipsec tunnel', + /** ipsec user */ + IPSEC_USER = 'ipsec user', + /** timestamping */ + TIMESTAMPING = 'timestamping', + /** ocsp signing */ + OCSP_SIGNING = 'ocsp signing', + /** microsoft sgc */ + MICROSOFT_SGC = 'microsoft sgc', + /** netscape sgc */ + NETSCAPE_SGC = 'netscape sgc', +} + + +/** + * A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + * + * @schema ClusterIssuer + */ +export class ClusterIssuer extends ApiObject { + /** + * Returns the apiVersion and kind for "ClusterIssuer" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'cert-manager.io/v1', + kind: 'ClusterIssuer', + } + + /** + * Renders a Kubernetes manifest for "ClusterIssuer". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: ClusterIssuerProps): any { + return { + ...ClusterIssuer.GVK, + ...toJson_ClusterIssuerProps(props), + }; + } + + /** + * Defines a "ClusterIssuer" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: ClusterIssuerProps) { + super(scope, id, { + ...ClusterIssuer.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...ClusterIssuer.GVK, + ...toJson_ClusterIssuerProps(resolved), + }; + } +} + +/** + * A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + * + * @schema ClusterIssuer + */ +export interface ClusterIssuerProps { + /** + * @schema ClusterIssuer#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Desired state of the ClusterIssuer resource. + * + * @schema ClusterIssuer#spec + */ + readonly spec: ClusterIssuerSpec; + +} + +/** + * Converts an object of type 'ClusterIssuerProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerProps(obj: ClusterIssuerProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_ClusterIssuerSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Desired state of the ClusterIssuer resource. + * + * @schema ClusterIssuerSpec + */ +export interface ClusterIssuerSpec { + /** + * ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + * + * @schema ClusterIssuerSpec#acme + */ + readonly acme?: ClusterIssuerSpecAcme; + + /** + * CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + * + * @schema ClusterIssuerSpec#ca + */ + readonly ca?: ClusterIssuerSpecCa; + + /** + * SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + * + * @schema ClusterIssuerSpec#selfSigned + */ + readonly selfSigned?: ClusterIssuerSpecSelfSigned; + + /** + * Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + * + * @schema ClusterIssuerSpec#vault + */ + readonly vault?: ClusterIssuerSpecVault; + + /** + * Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + * + * @schema ClusterIssuerSpec#venafi + */ + readonly venafi?: ClusterIssuerSpecVenafi; + +} + +/** + * Converts an object of type 'ClusterIssuerSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpec(obj: ClusterIssuerSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'acme': toJson_ClusterIssuerSpecAcme(obj.acme), + 'ca': toJson_ClusterIssuerSpecCa(obj.ca), + 'selfSigned': toJson_ClusterIssuerSpecSelfSigned(obj.selfSigned), + 'vault': toJson_ClusterIssuerSpecVault(obj.vault), + 'venafi': toJson_ClusterIssuerSpecVenafi(obj.venafi), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + * + * @schema ClusterIssuerSpecAcme + */ +export interface ClusterIssuerSpecAcme { + /** + * Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + * + * @default false. + * @schema ClusterIssuerSpecAcme#disableAccountKeyGeneration + */ + readonly disableAccountKeyGeneration?: boolean; + + /** + * Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + * + * @schema ClusterIssuerSpecAcme#email + */ + readonly email?: string; + + /** + * Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + * + * @default false. + * @schema ClusterIssuerSpecAcme#enableDurationFeature + */ + readonly enableDurationFeature?: boolean; + + /** + * ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + * + * @schema ClusterIssuerSpecAcme#externalAccountBinding + */ + readonly externalAccountBinding?: ClusterIssuerSpecAcmeExternalAccountBinding; + + /** + * PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + * + * @schema ClusterIssuerSpecAcme#preferredChain + */ + readonly preferredChain?: string; + + /** + * PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + * + * @schema ClusterIssuerSpecAcme#privateKeySecretRef + */ + readonly privateKeySecretRef: ClusterIssuerSpecAcmePrivateKeySecretRef; + + /** + * Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + * + * @schema ClusterIssuerSpecAcme#server + */ + readonly server: string; + + /** + * Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false. + * + * @default false. + * @schema ClusterIssuerSpecAcme#skipTLSVerify + */ + readonly skipTlsVerify?: boolean; + + /** + * Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + * + * @schema ClusterIssuerSpecAcme#solvers + */ + readonly solvers?: ClusterIssuerSpecAcmeSolvers[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcme' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcme(obj: ClusterIssuerSpecAcme | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'disableAccountKeyGeneration': obj.disableAccountKeyGeneration, + 'email': obj.email, + 'enableDurationFeature': obj.enableDurationFeature, + 'externalAccountBinding': toJson_ClusterIssuerSpecAcmeExternalAccountBinding(obj.externalAccountBinding), + 'preferredChain': obj.preferredChain, + 'privateKeySecretRef': toJson_ClusterIssuerSpecAcmePrivateKeySecretRef(obj.privateKeySecretRef), + 'server': obj.server, + 'skipTLSVerify': obj.skipTlsVerify, + 'solvers': obj.solvers?.map(y => toJson_ClusterIssuerSpecAcmeSolvers(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + * + * @schema ClusterIssuerSpecCa + */ +export interface ClusterIssuerSpecCa { + /** + * The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + * + * @schema ClusterIssuerSpecCa#crlDistributionPoints + */ + readonly crlDistributionPoints?: string[]; + + /** + * The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + * + * @schema ClusterIssuerSpecCa#ocspServers + */ + readonly ocspServers?: string[]; + + /** + * SecretName is the name of the secret used to sign Certificates issued by this Issuer. + * + * @schema ClusterIssuerSpecCa#secretName + */ + readonly secretName: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecCa' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecCa(obj: ClusterIssuerSpecCa | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'crlDistributionPoints': obj.crlDistributionPoints?.map(y => y), + 'ocspServers': obj.ocspServers?.map(y => y), + 'secretName': obj.secretName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + * + * @schema ClusterIssuerSpecSelfSigned + */ +export interface ClusterIssuerSpecSelfSigned { + /** + * The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + * + * @schema ClusterIssuerSpecSelfSigned#crlDistributionPoints + */ + readonly crlDistributionPoints?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecSelfSigned' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecSelfSigned(obj: ClusterIssuerSpecSelfSigned | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'crlDistributionPoints': obj.crlDistributionPoints?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + * + * @schema ClusterIssuerSpecVault + */ +export interface ClusterIssuerSpecVault { + /** + * Auth configures how cert-manager authenticates with the Vault server. + * + * @schema ClusterIssuerSpecVault#auth + */ + readonly auth: ClusterIssuerSpecVaultAuth; + + /** + * PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection. + * + * @schema ClusterIssuerSpecVault#caBundle + */ + readonly caBundle?: string; + + /** + * CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + * + * @schema ClusterIssuerSpecVault#caBundleSecretRef + */ + readonly caBundleSecretRef?: ClusterIssuerSpecVaultCaBundleSecretRef; + + /** + * Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + * + * @schema ClusterIssuerSpecVault#namespace + */ + readonly namespace?: string; + + /** + * Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + * + * @schema ClusterIssuerSpecVault#path + */ + readonly path: string; + + /** + * Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + * + * @schema ClusterIssuerSpecVault#server + */ + readonly server: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVault' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVault(obj: ClusterIssuerSpecVault | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'auth': toJson_ClusterIssuerSpecVaultAuth(obj.auth), + 'caBundle': obj.caBundle, + 'caBundleSecretRef': toJson_ClusterIssuerSpecVaultCaBundleSecretRef(obj.caBundleSecretRef), + 'namespace': obj.namespace, + 'path': obj.path, + 'server': obj.server, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + * + * @schema ClusterIssuerSpecVenafi + */ +export interface ClusterIssuerSpecVenafi { + /** + * Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema ClusterIssuerSpecVenafi#cloud + */ + readonly cloud?: ClusterIssuerSpecVenafiCloud; + + /** + * TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema ClusterIssuerSpecVenafi#tpp + */ + readonly tpp?: ClusterIssuerSpecVenafiTpp; + + /** + * Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + * + * @schema ClusterIssuerSpecVenafi#zone + */ + readonly zone: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVenafi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVenafi(obj: ClusterIssuerSpecVenafi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'cloud': toJson_ClusterIssuerSpecVenafiCloud(obj.cloud), + 'tpp': toJson_ClusterIssuerSpecVenafiTpp(obj.tpp), + 'zone': obj.zone, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBinding + */ +export interface ClusterIssuerSpecAcmeExternalAccountBinding { + /** + * Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBinding#keyAlgorithm + */ + readonly keyAlgorithm?: ClusterIssuerSpecAcmeExternalAccountBindingKeyAlgorithm; + + /** + * keyID is the ID of the CA key that the External Account is bound to. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBinding#keyID + */ + readonly keyId: string; + + /** + * keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBinding#keySecretRef + */ + readonly keySecretRef: ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeExternalAccountBinding' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeExternalAccountBinding(obj: ClusterIssuerSpecAcmeExternalAccountBinding | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'keyAlgorithm': obj.keyAlgorithm, + 'keyID': obj.keyId, + 'keySecretRef': toJson_ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef(obj.keySecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + * + * @schema ClusterIssuerSpecAcmePrivateKeySecretRef + */ +export interface ClusterIssuerSpecAcmePrivateKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmePrivateKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmePrivateKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmePrivateKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmePrivateKeySecretRef(obj: ClusterIssuerSpecAcmePrivateKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + * + * @schema ClusterIssuerSpecAcmeSolvers + */ +export interface ClusterIssuerSpecAcmeSolvers { + /** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema ClusterIssuerSpecAcmeSolvers#dns01 + */ + readonly dns01?: ClusterIssuerSpecAcmeSolversDns01; + + /** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema ClusterIssuerSpecAcmeSolvers#http01 + */ + readonly http01?: ClusterIssuerSpecAcmeSolversHttp01; + + /** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema ClusterIssuerSpecAcmeSolvers#selector + */ + readonly selector?: ClusterIssuerSpecAcmeSolversSelector; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolvers' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolvers(obj: ClusterIssuerSpecAcmeSolvers | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dns01': toJson_ClusterIssuerSpecAcmeSolversDns01(obj.dns01), + 'http01': toJson_ClusterIssuerSpecAcmeSolversHttp01(obj.http01), + 'selector': toJson_ClusterIssuerSpecAcmeSolversSelector(obj.selector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Auth configures how cert-manager authenticates with the Vault server. + * + * @schema ClusterIssuerSpecVaultAuth + */ +export interface ClusterIssuerSpecVaultAuth { + /** + * AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + * + * @schema ClusterIssuerSpecVaultAuth#appRole + */ + readonly appRole?: ClusterIssuerSpecVaultAuthAppRole; + + /** + * Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + * + * @schema ClusterIssuerSpecVaultAuth#kubernetes + */ + readonly kubernetes?: ClusterIssuerSpecVaultAuthKubernetes; + + /** + * TokenSecretRef authenticates with Vault by presenting a token. + * + * @schema ClusterIssuerSpecVaultAuth#tokenSecretRef + */ + readonly tokenSecretRef?: ClusterIssuerSpecVaultAuthTokenSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuth' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuth(obj: ClusterIssuerSpecVaultAuth | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'appRole': toJson_ClusterIssuerSpecVaultAuthAppRole(obj.appRole), + 'kubernetes': toJson_ClusterIssuerSpecVaultAuthKubernetes(obj.kubernetes), + 'tokenSecretRef': toJson_ClusterIssuerSpecVaultAuthTokenSecretRef(obj.tokenSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + * + * @schema ClusterIssuerSpecVaultCaBundleSecretRef + */ +export interface ClusterIssuerSpecVaultCaBundleSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecVaultCaBundleSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVaultCaBundleSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultCaBundleSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultCaBundleSecretRef(obj: ClusterIssuerSpecVaultCaBundleSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema ClusterIssuerSpecVenafiCloud + */ +export interface ClusterIssuerSpecVenafiCloud { + /** + * APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + * + * @schema ClusterIssuerSpecVenafiCloud#apiTokenSecretRef + */ + readonly apiTokenSecretRef: ClusterIssuerSpecVenafiCloudApiTokenSecretRef; + + /** + * URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + * + * @default https://api.venafi.cloud/v1". + * @schema ClusterIssuerSpecVenafiCloud#url + */ + readonly url?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVenafiCloud' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVenafiCloud(obj: ClusterIssuerSpecVenafiCloud | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiTokenSecretRef': toJson_ClusterIssuerSpecVenafiCloudApiTokenSecretRef(obj.apiTokenSecretRef), + 'url': obj.url, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema ClusterIssuerSpecVenafiTpp + */ +export interface ClusterIssuerSpecVenafiTpp { + /** + * CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates. + * + * @schema ClusterIssuerSpecVenafiTpp#caBundle + */ + readonly caBundle?: string; + + /** + * CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + * + * @schema ClusterIssuerSpecVenafiTpp#credentialsRef + */ + readonly credentialsRef: ClusterIssuerSpecVenafiTppCredentialsRef; + + /** + * URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + * + * @schema ClusterIssuerSpecVenafiTpp#url + */ + readonly url: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVenafiTpp' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVenafiTpp(obj: ClusterIssuerSpecVenafiTpp | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'caBundle': obj.caBundle, + 'credentialsRef': toJson_ClusterIssuerSpecVenafiTppCredentialsRef(obj.credentialsRef), + 'url': obj.url, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBindingKeyAlgorithm + */ +export enum ClusterIssuerSpecAcmeExternalAccountBindingKeyAlgorithm { + /** HS256 */ + HS256 = 'HS256', + /** HS384 */ + HS384 = 'HS384', + /** HS512 */ + HS512 = 'HS512', +} + +/** + * keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef + */ +export interface ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef(obj: ClusterIssuerSpecAcmeExternalAccountBindingKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema ClusterIssuerSpecAcmeSolversDns01 + */ +export interface ClusterIssuerSpecAcmeSolversDns01 { + /** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#acmeDNS + */ + readonly acmeDns?: ClusterIssuerSpecAcmeSolversDns01AcmeDns; + + /** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#akamai + */ + readonly akamai?: ClusterIssuerSpecAcmeSolversDns01Akamai; + + /** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#azureDNS + */ + readonly azureDns?: ClusterIssuerSpecAcmeSolversDns01AzureDns; + + /** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#cloudDNS + */ + readonly cloudDns?: ClusterIssuerSpecAcmeSolversDns01CloudDns; + + /** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#cloudflare + */ + readonly cloudflare?: ClusterIssuerSpecAcmeSolversDns01Cloudflare; + + /** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#cnameStrategy + */ + readonly cnameStrategy?: ClusterIssuerSpecAcmeSolversDns01CnameStrategy; + + /** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#digitalocean + */ + readonly digitalocean?: ClusterIssuerSpecAcmeSolversDns01Digitalocean; + + /** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#rfc2136 + */ + readonly rfc2136?: ClusterIssuerSpecAcmeSolversDns01Rfc2136; + + /** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#route53 + */ + readonly route53?: ClusterIssuerSpecAcmeSolversDns01Route53; + + /** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01#webhook + */ + readonly webhook?: ClusterIssuerSpecAcmeSolversDns01Webhook; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01(obj: ClusterIssuerSpecAcmeSolversDns01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'acmeDNS': toJson_ClusterIssuerSpecAcmeSolversDns01AcmeDns(obj.acmeDns), + 'akamai': toJson_ClusterIssuerSpecAcmeSolversDns01Akamai(obj.akamai), + 'azureDNS': toJson_ClusterIssuerSpecAcmeSolversDns01AzureDns(obj.azureDns), + 'cloudDNS': toJson_ClusterIssuerSpecAcmeSolversDns01CloudDns(obj.cloudDns), + 'cloudflare': toJson_ClusterIssuerSpecAcmeSolversDns01Cloudflare(obj.cloudflare), + 'cnameStrategy': obj.cnameStrategy, + 'digitalocean': toJson_ClusterIssuerSpecAcmeSolversDns01Digitalocean(obj.digitalocean), + 'rfc2136': toJson_ClusterIssuerSpecAcmeSolversDns01Rfc2136(obj.rfc2136), + 'route53': toJson_ClusterIssuerSpecAcmeSolversDns01Route53(obj.route53), + 'webhook': toJson_ClusterIssuerSpecAcmeSolversDns01Webhook(obj.webhook), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01 + */ +export interface ClusterIssuerSpecAcmeSolversHttp01 { + /** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01#gatewayHTTPRoute + */ + readonly gatewayHttpRoute?: ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute; + + /** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01#ingress + */ + readonly ingress?: ClusterIssuerSpecAcmeSolversHttp01Ingress; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01(obj: ClusterIssuerSpecAcmeSolversHttp01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'gatewayHTTPRoute': toJson_ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute(obj.gatewayHttpRoute), + 'ingress': toJson_ClusterIssuerSpecAcmeSolversHttp01Ingress(obj.ingress), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema ClusterIssuerSpecAcmeSolversSelector + */ +export interface ClusterIssuerSpecAcmeSolversSelector { + /** + * List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema ClusterIssuerSpecAcmeSolversSelector#dnsNames + */ + readonly dnsNames?: string[]; + + /** + * List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema ClusterIssuerSpecAcmeSolversSelector#dnsZones + */ + readonly dnsZones?: string[]; + + /** + * A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + * + * @schema ClusterIssuerSpecAcmeSolversSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversSelector(obj: ClusterIssuerSpecAcmeSolversSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dnsNames': obj.dnsNames?.map(y => y), + 'dnsZones': obj.dnsZones?.map(y => y), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + * + * @schema ClusterIssuerSpecVaultAuthAppRole + */ +export interface ClusterIssuerSpecVaultAuthAppRole { + /** + * Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + * + * @schema ClusterIssuerSpecVaultAuthAppRole#path + */ + readonly path: string; + + /** + * RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + * + * @schema ClusterIssuerSpecVaultAuthAppRole#roleId + */ + readonly roleId: string; + + /** + * Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + * + * @schema ClusterIssuerSpecVaultAuthAppRole#secretRef + */ + readonly secretRef: ClusterIssuerSpecVaultAuthAppRoleSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuthAppRole' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuthAppRole(obj: ClusterIssuerSpecVaultAuthAppRole | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'path': obj.path, + 'roleId': obj.roleId, + 'secretRef': toJson_ClusterIssuerSpecVaultAuthAppRoleSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + * + * @schema ClusterIssuerSpecVaultAuthKubernetes + */ +export interface ClusterIssuerSpecVaultAuthKubernetes { + /** + * The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + * + * @schema ClusterIssuerSpecVaultAuthKubernetes#mountPath + */ + readonly mountPath?: string; + + /** + * A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + * + * @schema ClusterIssuerSpecVaultAuthKubernetes#role + */ + readonly role: string; + + /** + * The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + * + * @schema ClusterIssuerSpecVaultAuthKubernetes#secretRef + */ + readonly secretRef: ClusterIssuerSpecVaultAuthKubernetesSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuthKubernetes' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuthKubernetes(obj: ClusterIssuerSpecVaultAuthKubernetes | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'mountPath': obj.mountPath, + 'role': obj.role, + 'secretRef': toJson_ClusterIssuerSpecVaultAuthKubernetesSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TokenSecretRef authenticates with Vault by presenting a token. + * + * @schema ClusterIssuerSpecVaultAuthTokenSecretRef + */ +export interface ClusterIssuerSpecVaultAuthTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecVaultAuthTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVaultAuthTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuthTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuthTokenSecretRef(obj: ClusterIssuerSpecVaultAuthTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + * + * @schema ClusterIssuerSpecVenafiCloudApiTokenSecretRef + */ +export interface ClusterIssuerSpecVenafiCloudApiTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecVenafiCloudApiTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVenafiCloudApiTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVenafiCloudApiTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVenafiCloudApiTokenSecretRef(obj: ClusterIssuerSpecVenafiCloudApiTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + * + * @schema ClusterIssuerSpecVenafiTppCredentialsRef + */ +export interface ClusterIssuerSpecVenafiTppCredentialsRef { + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVenafiTppCredentialsRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVenafiTppCredentialsRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVenafiTppCredentialsRef(obj: ClusterIssuerSpecVenafiTppCredentialsRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDns + */ +export interface ClusterIssuerSpecAcmeSolversDns01AcmeDns { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDns#accountSecretRef + */ + readonly accountSecretRef: ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef; + + /** + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDns#host + */ + readonly host: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AcmeDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AcmeDns(obj: ClusterIssuerSpecAcmeSolversDns01AcmeDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accountSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(obj.accountSecretRef), + 'host': obj.host, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Akamai + */ +export interface ClusterIssuerSpecAcmeSolversDns01Akamai { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Akamai#accessTokenSecretRef + */ + readonly accessTokenSecretRef: ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Akamai#clientSecretSecretRef + */ + readonly clientSecretSecretRef: ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Akamai#clientTokenSecretRef + */ + readonly clientTokenSecretRef: ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef; + + /** + * @schema ClusterIssuerSpecAcmeSolversDns01Akamai#serviceConsumerDomain + */ + readonly serviceConsumerDomain: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Akamai' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Akamai(obj: ClusterIssuerSpecAcmeSolversDns01Akamai | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessTokenSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(obj.accessTokenSecretRef), + 'clientSecretSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(obj.clientSecretSecretRef), + 'clientTokenSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(obj.clientTokenSecretRef), + 'serviceConsumerDomain': obj.serviceConsumerDomain, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns + */ +export interface ClusterIssuerSpecAcmeSolversDns01AzureDns { + /** + * if both this and ClientSecret are left unset MSI will be used + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#clientID + */ + readonly clientId?: string; + + /** + * if both this and ClientID are left unset MSI will be used + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#clientSecretSecretRef + */ + readonly clientSecretSecretRef?: ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef; + + /** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#environment + */ + readonly environment?: ClusterIssuerSpecAcmeSolversDns01AzureDnsEnvironment; + + /** + * name of the DNS zone that should be used + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#managedIdentity + */ + readonly managedIdentity?: ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity; + + /** + * resource group the DNS zone is located in + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#resourceGroupName + */ + readonly resourceGroupName: string; + + /** + * ID of the Azure subscription + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#subscriptionID + */ + readonly subscriptionId: string; + + /** + * when specifying ClientID and ClientSecret then this field is also needed + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDns#tenantID + */ + readonly tenantId?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AzureDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AzureDns(obj: ClusterIssuerSpecAcmeSolversDns01AzureDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'clientSecretSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(obj.clientSecretSecretRef), + 'environment': obj.environment, + 'hostedZoneName': obj.hostedZoneName, + 'managedIdentity': toJson_ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(obj.managedIdentity), + 'resourceGroupName': obj.resourceGroupName, + 'subscriptionID': obj.subscriptionId, + 'tenantID': obj.tenantId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDns + */ +export interface ClusterIssuerSpecAcmeSolversDns01CloudDns { + /** + * HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDns#project + */ + readonly project: string; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDns#serviceAccountSecretRef + */ + readonly serviceAccountSecretRef?: ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01CloudDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01CloudDns(obj: ClusterIssuerSpecAcmeSolversDns01CloudDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostedZoneName': obj.hostedZoneName, + 'project': obj.project, + 'serviceAccountSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(obj.serviceAccountSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Cloudflare + */ +export interface ClusterIssuerSpecAcmeSolversDns01Cloudflare { + /** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Cloudflare#apiKeySecretRef + */ + readonly apiKeySecretRef?: ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef; + + /** + * API token used to authenticate with Cloudflare. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Cloudflare#apiTokenSecretRef + */ + readonly apiTokenSecretRef?: ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef; + + /** + * Email of the account, only required when using API key based authentication. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Cloudflare#email + */ + readonly email?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Cloudflare' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Cloudflare(obj: ClusterIssuerSpecAcmeSolversDns01Cloudflare | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiKeySecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(obj.apiKeySecretRef), + 'apiTokenSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(obj.apiTokenSecretRef), + 'email': obj.email, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CnameStrategy + */ +export enum ClusterIssuerSpecAcmeSolversDns01CnameStrategy { + /** None */ + NONE = 'None', + /** Follow */ + FOLLOW = 'Follow', +} + +/** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Digitalocean + */ +export interface ClusterIssuerSpecAcmeSolversDns01Digitalocean { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Digitalocean#tokenSecretRef + */ + readonly tokenSecretRef: ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Digitalocean' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Digitalocean(obj: ClusterIssuerSpecAcmeSolversDns01Digitalocean | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'tokenSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(obj.tokenSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136 + */ +export interface ClusterIssuerSpecAcmeSolversDns01Rfc2136 { + /** + * The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136#nameserver + */ + readonly nameserver: string; + + /** + * The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136#tsigAlgorithm + */ + readonly tsigAlgorithm?: string; + + /** + * The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136#tsigKeyName + */ + readonly tsigKeyName?: string; + + /** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136#tsigSecretSecretRef + */ + readonly tsigSecretSecretRef?: ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Rfc2136' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Rfc2136(obj: ClusterIssuerSpecAcmeSolversDns01Rfc2136 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nameserver': obj.nameserver, + 'tsigAlgorithm': obj.tsigAlgorithm, + 'tsigKeyName': obj.tsigKeyName, + 'tsigSecretSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(obj.tsigSecretSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53 + */ +export interface ClusterIssuerSpecAcmeSolversDns01Route53 { + /** + * The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#accessKeyID + */ + readonly accessKeyId?: string; + + /** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#accessKeyIDSecretRef + */ + readonly accessKeyIdSecretRef?: ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef; + + /** + * If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#hostedZoneID + */ + readonly hostedZoneId?: string; + + /** + * Always set the region when using AccessKeyID and SecretAccessKey + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#region + */ + readonly region: string; + + /** + * Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#role + */ + readonly role?: string; + + /** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53#secretAccessKeySecretRef + */ + readonly secretAccessKeySecretRef?: ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Route53' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Route53(obj: ClusterIssuerSpecAcmeSolversDns01Route53 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessKeyID': obj.accessKeyId, + 'accessKeyIDSecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef(obj.accessKeyIdSecretRef), + 'hostedZoneID': obj.hostedZoneId, + 'region': obj.region, + 'role': obj.role, + 'secretAccessKeySecretRef': toJson_ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(obj.secretAccessKeySecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Webhook + */ +export interface ClusterIssuerSpecAcmeSolversDns01Webhook { + /** + * Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Webhook#config + */ + readonly config?: any; + + /** + * The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Webhook#groupName + */ + readonly groupName: string; + + /** + * The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Webhook#solverName + */ + readonly solverName: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Webhook' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Webhook(obj: ClusterIssuerSpecAcmeSolversDns01Webhook | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'config': obj.config, + 'groupName': obj.groupName, + 'solverName': obj.solverName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute + */ +export interface ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute { + /** + * Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute#parentRefs + */ + readonly parentRefs?: ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs[]; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute(obj: ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRoute | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'parentRefs': obj.parentRefs?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs(y)), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress + */ +export interface ClusterIssuerSpecAcmeSolversHttp01Ingress { + /** + * The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress#class + */ + readonly class?: string; + + /** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress#ingressTemplate + */ + readonly ingressTemplate?: ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate; + + /** + * The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress#name + */ + readonly name?: string; + + /** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress#podTemplate + */ + readonly podTemplate?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01Ingress#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01Ingress' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01Ingress(obj: ClusterIssuerSpecAcmeSolversHttp01Ingress | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'class': obj.class, + 'ingressTemplate': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate(obj.ingressTemplate), + 'name': obj.name, + 'podTemplate': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate(obj.podTemplate), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + * + * @schema ClusterIssuerSpecVaultAuthAppRoleSecretRef + */ +export interface ClusterIssuerSpecVaultAuthAppRoleSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecVaultAuthAppRoleSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVaultAuthAppRoleSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuthAppRoleSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuthAppRoleSecretRef(obj: ClusterIssuerSpecVaultAuthAppRoleSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + * + * @schema ClusterIssuerSpecVaultAuthKubernetesSecretRef + */ +export interface ClusterIssuerSpecVaultAuthKubernetesSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecVaultAuthKubernetesSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecVaultAuthKubernetesSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecVaultAuthKubernetesSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecVaultAuthKubernetesSecretRef(obj: ClusterIssuerSpecVaultAuthKubernetesSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * if both this and ClientID are left unset MSI will be used + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsEnvironment + */ +export enum ClusterIssuerSpecAcmeSolversDns01AzureDnsEnvironment { + /** AzurePublicCloud */ + AZURE_PUBLIC_CLOUD = 'AzurePublicCloud', + /** AzureChinaCloud */ + AZURE_CHINA_CLOUD = 'AzureChinaCloud', + /** AzureGermanCloud */ + AZURE_GERMAN_CLOUD = 'AzureGermanCloud', + /** AzureUSGovernmentCloud */ + AZURE_US_GOVERNMENT_CLOUD = 'AzureUSGovernmentCloud', +} + +/** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity + */ +export interface ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity { + /** + * client ID of the managed identity, can not be used at the same time as resourceID + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity#clientID + */ + readonly clientId?: string; + + /** + * resource ID of the managed identity, can not be used at the same time as clientID + * + * @schema ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity#resourceID + */ + readonly resourceId?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(obj: ClusterIssuerSpecAcmeSolversDns01AzureDnsManagedIdentity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'resourceID': obj.resourceId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(obj: ClusterIssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API token used to authenticate with Cloudflare. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef(obj: ClusterIssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef + */ +export interface ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(obj: ClusterIssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + * The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs + */ +export interface ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs { + /** + * Group is the group of the referent. + * Support: Core + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * Support: Core (Gateway) + * Support: Custom (Other Resources) + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * Support: Core + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + * Support: Core + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + * When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + * For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Extended + * + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#port + */ + readonly port?: number; + + /** + * SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + * When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Core + * + * @schema ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#sectionName + */ + readonly sectionName?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs(obj: ClusterIssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate { + /** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate#metadata + */ + readonly metadata?: ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate(obj: ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(obj.metadata), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate { + /** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate#metadata + */ + readonly metadata?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata; + + /** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate#spec + */ + readonly spec?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(obj.metadata), + 'spec': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata { + /** + * Annotations that should be added to the created ACME HTTP01 solver ingress. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver ingress. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(obj: ClusterIssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata { + /** + * Annotations that should be added to the create ACME HTTP01 solver pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec { + /** + * If specified, the pod's scheduling constraints + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#affinity + */ + readonly affinity?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity; + + /** + * NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#nodeSelector + */ + readonly nodeSelector?: { [key: string]: string }; + + /** + * If specified, the pod's priorityClassName. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#priorityClassName + */ + readonly priorityClassName?: string; + + /** + * If specified, the pod's service account + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#serviceAccountName + */ + readonly serviceAccountName?: string; + + /** + * If specified, the pod's tolerations. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#tolerations + */ + readonly tolerations?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'affinity': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(obj.affinity), + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'priorityClassName': obj.priorityClassName, + 'serviceAccountName': obj.serviceAccountName, + 'tolerations': obj.tolerations?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If specified, the pod's scheduling constraints + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity { + /** + * Describes node affinity scheduling rules for the pod. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#nodeAffinity + */ + readonly nodeAffinity?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity; + + /** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#podAffinity + */ + readonly podAffinity?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity; + + /** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#podAntiAffinity + */ + readonly podAntiAffinity?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeAffinity': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj.nodeAffinity), + 'podAffinity': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(obj.podAffinity), + 'podAntiAffinity': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj.podAntiAffinity), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations { + /** + * Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#effect + */ + readonly effect?: string; + + /** + * Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#key + */ + readonly key?: string; + + /** + * Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * + * @default Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#operator + */ + readonly operator?: string; + + /** + * TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#tolerationSeconds + */ + readonly tolerationSeconds?: number; + + /** + * Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#value + */ + readonly value?: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'effect': obj.effect, + 'key': obj.key, + 'operator': obj.operator, + 'tolerationSeconds': obj.tolerationSeconds, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes node affinity scheduling rules for the pod. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj.requiredDuringSchedulingIgnoredDuringExecution), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * A node selector term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#preference + */ + readonly preference: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference; + + /** + * Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preference': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj.preference), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A list of node selector terms. The terms are ORed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution#nodeSelectorTerms + */ + readonly nodeSelectorTerms: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeSelectorTerms': obj.nodeSelectorTerms?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /** + * A list of node selector requirements by node's labels. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchFields + */ + readonly matchFields?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /** + * A list of node selector requirements by node's labels. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchFields + */ + readonly matchFields?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /** + * The label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /** + * The label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: ClusterIssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + + +/** + * An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + * + * @schema Issuer + */ +export class Issuer extends ApiObject { + /** + * Returns the apiVersion and kind for "Issuer" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'cert-manager.io/v1', + kind: 'Issuer', + } + + /** + * Renders a Kubernetes manifest for "Issuer". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: IssuerProps): any { + return { + ...Issuer.GVK, + ...toJson_IssuerProps(props), + }; + } + + /** + * Defines a "Issuer" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: IssuerProps) { + super(scope, id, { + ...Issuer.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Issuer.GVK, + ...toJson_IssuerProps(resolved), + }; + } +} + +/** + * An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + * + * @schema Issuer + */ +export interface IssuerProps { + /** + * @schema Issuer#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Desired state of the Issuer resource. + * + * @schema Issuer#spec + */ + readonly spec: IssuerSpec; + +} + +/** + * Converts an object of type 'IssuerProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerProps(obj: IssuerProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_IssuerSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Desired state of the Issuer resource. + * + * @schema IssuerSpec + */ +export interface IssuerSpec { + /** + * ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + * + * @schema IssuerSpec#acme + */ + readonly acme?: IssuerSpecAcme; + + /** + * CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + * + * @schema IssuerSpec#ca + */ + readonly ca?: IssuerSpecCa; + + /** + * SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + * + * @schema IssuerSpec#selfSigned + */ + readonly selfSigned?: IssuerSpecSelfSigned; + + /** + * Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + * + * @schema IssuerSpec#vault + */ + readonly vault?: IssuerSpecVault; + + /** + * Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + * + * @schema IssuerSpec#venafi + */ + readonly venafi?: IssuerSpecVenafi; + +} + +/** + * Converts an object of type 'IssuerSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpec(obj: IssuerSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'acme': toJson_IssuerSpecAcme(obj.acme), + 'ca': toJson_IssuerSpecCa(obj.ca), + 'selfSigned': toJson_IssuerSpecSelfSigned(obj.selfSigned), + 'vault': toJson_IssuerSpecVault(obj.vault), + 'venafi': toJson_IssuerSpecVenafi(obj.venafi), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + * + * @schema IssuerSpecAcme + */ +export interface IssuerSpecAcme { + /** + * Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + * + * @default false. + * @schema IssuerSpecAcme#disableAccountKeyGeneration + */ + readonly disableAccountKeyGeneration?: boolean; + + /** + * Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + * + * @schema IssuerSpecAcme#email + */ + readonly email?: string; + + /** + * Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + * + * @default false. + * @schema IssuerSpecAcme#enableDurationFeature + */ + readonly enableDurationFeature?: boolean; + + /** + * ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + * + * @schema IssuerSpecAcme#externalAccountBinding + */ + readonly externalAccountBinding?: IssuerSpecAcmeExternalAccountBinding; + + /** + * PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN + * + * @schema IssuerSpecAcme#preferredChain + */ + readonly preferredChain?: string; + + /** + * PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + * + * @schema IssuerSpecAcme#privateKeySecretRef + */ + readonly privateKeySecretRef: IssuerSpecAcmePrivateKeySecretRef; + + /** + * Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported. + * + * @schema IssuerSpecAcme#server + */ + readonly server: string; + + /** + * Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false. + * + * @default false. + * @schema IssuerSpecAcme#skipTLSVerify + */ + readonly skipTlsVerify?: boolean; + + /** + * Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/ + * + * @schema IssuerSpecAcme#solvers + */ + readonly solvers?: IssuerSpecAcmeSolvers[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcme' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcme(obj: IssuerSpecAcme | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'disableAccountKeyGeneration': obj.disableAccountKeyGeneration, + 'email': obj.email, + 'enableDurationFeature': obj.enableDurationFeature, + 'externalAccountBinding': toJson_IssuerSpecAcmeExternalAccountBinding(obj.externalAccountBinding), + 'preferredChain': obj.preferredChain, + 'privateKeySecretRef': toJson_IssuerSpecAcmePrivateKeySecretRef(obj.privateKeySecretRef), + 'server': obj.server, + 'skipTLSVerify': obj.skipTlsVerify, + 'solvers': obj.solvers?.map(y => toJson_IssuerSpecAcmeSolvers(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + * + * @schema IssuerSpecCa + */ +export interface IssuerSpecCa { + /** + * The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + * + * @schema IssuerSpecCa#crlDistributionPoints + */ + readonly crlDistributionPoints?: string[]; + + /** + * The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + * + * @schema IssuerSpecCa#ocspServers + */ + readonly ocspServers?: string[]; + + /** + * SecretName is the name of the secret used to sign Certificates issued by this Issuer. + * + * @schema IssuerSpecCa#secretName + */ + readonly secretName: string; + +} + +/** + * Converts an object of type 'IssuerSpecCa' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecCa(obj: IssuerSpecCa | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'crlDistributionPoints': obj.crlDistributionPoints?.map(y => y), + 'ocspServers': obj.ocspServers?.map(y => y), + 'secretName': obj.secretName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + * + * @schema IssuerSpecSelfSigned + */ +export interface IssuerSpecSelfSigned { + /** + * The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + * + * @schema IssuerSpecSelfSigned#crlDistributionPoints + */ + readonly crlDistributionPoints?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecSelfSigned' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecSelfSigned(obj: IssuerSpecSelfSigned | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'crlDistributionPoints': obj.crlDistributionPoints?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + * + * @schema IssuerSpecVault + */ +export interface IssuerSpecVault { + /** + * Auth configures how cert-manager authenticates with the Vault server. + * + * @schema IssuerSpecVault#auth + */ + readonly auth: IssuerSpecVaultAuth; + + /** + * PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the cert-manager controller system root certificates are used to validate the TLS connection. + * + * @schema IssuerSpecVault#caBundle + */ + readonly caBundle?: string; + + /** + * CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + * + * @schema IssuerSpecVault#caBundleSecretRef + */ + readonly caBundleSecretRef?: IssuerSpecVaultCaBundleSecretRef; + + /** + * Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + * + * @schema IssuerSpecVault#namespace + */ + readonly namespace?: string; + + /** + * Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name". + * + * @schema IssuerSpecVault#path + */ + readonly path: string; + + /** + * Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + * + * @schema IssuerSpecVault#server + */ + readonly server: string; + +} + +/** + * Converts an object of type 'IssuerSpecVault' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVault(obj: IssuerSpecVault | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'auth': toJson_IssuerSpecVaultAuth(obj.auth), + 'caBundle': obj.caBundle, + 'caBundleSecretRef': toJson_IssuerSpecVaultCaBundleSecretRef(obj.caBundleSecretRef), + 'namespace': obj.namespace, + 'path': obj.path, + 'server': obj.server, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + * + * @schema IssuerSpecVenafi + */ +export interface IssuerSpecVenafi { + /** + * Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema IssuerSpecVenafi#cloud + */ + readonly cloud?: IssuerSpecVenafiCloud; + + /** + * TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema IssuerSpecVenafi#tpp + */ + readonly tpp?: IssuerSpecVenafiTpp; + + /** + * Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + * + * @schema IssuerSpecVenafi#zone + */ + readonly zone: string; + +} + +/** + * Converts an object of type 'IssuerSpecVenafi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVenafi(obj: IssuerSpecVenafi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'cloud': toJson_IssuerSpecVenafiCloud(obj.cloud), + 'tpp': toJson_IssuerSpecVenafiTpp(obj.tpp), + 'zone': obj.zone, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + * + * @schema IssuerSpecAcmeExternalAccountBinding + */ +export interface IssuerSpecAcmeExternalAccountBinding { + /** + * Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + * + * @schema IssuerSpecAcmeExternalAccountBinding#keyAlgorithm + */ + readonly keyAlgorithm?: IssuerSpecAcmeExternalAccountBindingKeyAlgorithm; + + /** + * keyID is the ID of the CA key that the External Account is bound to. + * + * @schema IssuerSpecAcmeExternalAccountBinding#keyID + */ + readonly keyId: string; + + /** + * keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + * + * @schema IssuerSpecAcmeExternalAccountBinding#keySecretRef + */ + readonly keySecretRef: IssuerSpecAcmeExternalAccountBindingKeySecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeExternalAccountBinding' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeExternalAccountBinding(obj: IssuerSpecAcmeExternalAccountBinding | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'keyAlgorithm': obj.keyAlgorithm, + 'keyID': obj.keyId, + 'keySecretRef': toJson_IssuerSpecAcmeExternalAccountBindingKeySecretRef(obj.keySecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + * + * @schema IssuerSpecAcmePrivateKeySecretRef + */ +export interface IssuerSpecAcmePrivateKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmePrivateKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmePrivateKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmePrivateKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmePrivateKeySecretRef(obj: IssuerSpecAcmePrivateKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + * + * @schema IssuerSpecAcmeSolvers + */ +export interface IssuerSpecAcmeSolvers { + /** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema IssuerSpecAcmeSolvers#dns01 + */ + readonly dns01?: IssuerSpecAcmeSolversDns01; + + /** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema IssuerSpecAcmeSolvers#http01 + */ + readonly http01?: IssuerSpecAcmeSolversHttp01; + + /** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema IssuerSpecAcmeSolvers#selector + */ + readonly selector?: IssuerSpecAcmeSolversSelector; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolvers' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolvers(obj: IssuerSpecAcmeSolvers | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dns01': toJson_IssuerSpecAcmeSolversDns01(obj.dns01), + 'http01': toJson_IssuerSpecAcmeSolversHttp01(obj.http01), + 'selector': toJson_IssuerSpecAcmeSolversSelector(obj.selector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Auth configures how cert-manager authenticates with the Vault server. + * + * @schema IssuerSpecVaultAuth + */ +export interface IssuerSpecVaultAuth { + /** + * AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + * + * @schema IssuerSpecVaultAuth#appRole + */ + readonly appRole?: IssuerSpecVaultAuthAppRole; + + /** + * Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + * + * @schema IssuerSpecVaultAuth#kubernetes + */ + readonly kubernetes?: IssuerSpecVaultAuthKubernetes; + + /** + * TokenSecretRef authenticates with Vault by presenting a token. + * + * @schema IssuerSpecVaultAuth#tokenSecretRef + */ + readonly tokenSecretRef?: IssuerSpecVaultAuthTokenSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuth' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuth(obj: IssuerSpecVaultAuth | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'appRole': toJson_IssuerSpecVaultAuthAppRole(obj.appRole), + 'kubernetes': toJson_IssuerSpecVaultAuthKubernetes(obj.kubernetes), + 'tokenSecretRef': toJson_IssuerSpecVaultAuthTokenSecretRef(obj.tokenSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CABundleSecretRef is a reference to a Secret which contains the CABundle which will be used when connecting to Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundleSecretRef nor CABundle are defined, the cert-manager controller system root certificates are used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + * + * @schema IssuerSpecVaultCaBundleSecretRef + */ +export interface IssuerSpecVaultCaBundleSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecVaultCaBundleSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVaultCaBundleSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVaultCaBundleSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultCaBundleSecretRef(obj: IssuerSpecVaultCaBundleSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema IssuerSpecVenafiCloud + */ +export interface IssuerSpecVenafiCloud { + /** + * APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + * + * @schema IssuerSpecVenafiCloud#apiTokenSecretRef + */ + readonly apiTokenSecretRef: IssuerSpecVenafiCloudApiTokenSecretRef; + + /** + * URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + * + * @default https://api.venafi.cloud/v1". + * @schema IssuerSpecVenafiCloud#url + */ + readonly url?: string; + +} + +/** + * Converts an object of type 'IssuerSpecVenafiCloud' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVenafiCloud(obj: IssuerSpecVenafiCloud | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiTokenSecretRef': toJson_IssuerSpecVenafiCloudApiTokenSecretRef(obj.apiTokenSecretRef), + 'url': obj.url, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + * + * @schema IssuerSpecVenafiTpp + */ +export interface IssuerSpecVenafiTpp { + /** + * CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates. + * + * @schema IssuerSpecVenafiTpp#caBundle + */ + readonly caBundle?: string; + + /** + * CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + * + * @schema IssuerSpecVenafiTpp#credentialsRef + */ + readonly credentialsRef: IssuerSpecVenafiTppCredentialsRef; + + /** + * URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk". + * + * @schema IssuerSpecVenafiTpp#url + */ + readonly url: string; + +} + +/** + * Converts an object of type 'IssuerSpecVenafiTpp' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVenafiTpp(obj: IssuerSpecVenafiTpp | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'caBundle': obj.caBundle, + 'credentialsRef': toJson_IssuerSpecVenafiTppCredentialsRef(obj.credentialsRef), + 'url': obj.url, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme. + * + * @schema IssuerSpecAcmeExternalAccountBindingKeyAlgorithm + */ +export enum IssuerSpecAcmeExternalAccountBindingKeyAlgorithm { + /** HS256 */ + HS256 = 'HS256', + /** HS384 */ + HS384 = 'HS384', + /** HS512 */ + HS512 = 'HS512', +} + +/** + * keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + * + * @schema IssuerSpecAcmeExternalAccountBindingKeySecretRef + */ +export interface IssuerSpecAcmeExternalAccountBindingKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeExternalAccountBindingKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeExternalAccountBindingKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeExternalAccountBindingKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeExternalAccountBindingKeySecretRef(obj: IssuerSpecAcmeExternalAccountBindingKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + * + * @schema IssuerSpecAcmeSolversDns01 + */ +export interface IssuerSpecAcmeSolversDns01 { + /** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#acmeDNS + */ + readonly acmeDns?: IssuerSpecAcmeSolversDns01AcmeDns; + + /** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#akamai + */ + readonly akamai?: IssuerSpecAcmeSolversDns01Akamai; + + /** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#azureDNS + */ + readonly azureDns?: IssuerSpecAcmeSolversDns01AzureDns; + + /** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#cloudDNS + */ + readonly cloudDns?: IssuerSpecAcmeSolversDns01CloudDns; + + /** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#cloudflare + */ + readonly cloudflare?: IssuerSpecAcmeSolversDns01Cloudflare; + + /** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema IssuerSpecAcmeSolversDns01#cnameStrategy + */ + readonly cnameStrategy?: IssuerSpecAcmeSolversDns01CnameStrategy; + + /** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#digitalocean + */ + readonly digitalocean?: IssuerSpecAcmeSolversDns01Digitalocean; + + /** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#rfc2136 + */ + readonly rfc2136?: IssuerSpecAcmeSolversDns01Rfc2136; + + /** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#route53 + */ + readonly route53?: IssuerSpecAcmeSolversDns01Route53; + + /** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01#webhook + */ + readonly webhook?: IssuerSpecAcmeSolversDns01Webhook; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01(obj: IssuerSpecAcmeSolversDns01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'acmeDNS': toJson_IssuerSpecAcmeSolversDns01AcmeDns(obj.acmeDns), + 'akamai': toJson_IssuerSpecAcmeSolversDns01Akamai(obj.akamai), + 'azureDNS': toJson_IssuerSpecAcmeSolversDns01AzureDns(obj.azureDns), + 'cloudDNS': toJson_IssuerSpecAcmeSolversDns01CloudDns(obj.cloudDns), + 'cloudflare': toJson_IssuerSpecAcmeSolversDns01Cloudflare(obj.cloudflare), + 'cnameStrategy': obj.cnameStrategy, + 'digitalocean': toJson_IssuerSpecAcmeSolversDns01Digitalocean(obj.digitalocean), + 'rfc2136': toJson_IssuerSpecAcmeSolversDns01Rfc2136(obj.rfc2136), + 'route53': toJson_IssuerSpecAcmeSolversDns01Route53(obj.route53), + 'webhook': toJson_IssuerSpecAcmeSolversDns01Webhook(obj.webhook), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + * + * @schema IssuerSpecAcmeSolversHttp01 + */ +export interface IssuerSpecAcmeSolversHttp01 { + /** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema IssuerSpecAcmeSolversHttp01#gatewayHTTPRoute + */ + readonly gatewayHttpRoute?: IssuerSpecAcmeSolversHttp01GatewayHttpRoute; + + /** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema IssuerSpecAcmeSolversHttp01#ingress + */ + readonly ingress?: IssuerSpecAcmeSolversHttp01Ingress; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01(obj: IssuerSpecAcmeSolversHttp01 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'gatewayHTTPRoute': toJson_IssuerSpecAcmeSolversHttp01GatewayHttpRoute(obj.gatewayHttpRoute), + 'ingress': toJson_IssuerSpecAcmeSolversHttp01Ingress(obj.ingress), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + * + * @schema IssuerSpecAcmeSolversSelector + */ +export interface IssuerSpecAcmeSolversSelector { + /** + * List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema IssuerSpecAcmeSolversSelector#dnsNames + */ + readonly dnsNames?: string[]; + + /** + * List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + * + * @schema IssuerSpecAcmeSolversSelector#dnsZones + */ + readonly dnsZones?: string[]; + + /** + * A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + * + * @schema IssuerSpecAcmeSolversSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversSelector(obj: IssuerSpecAcmeSolversSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'dnsNames': obj.dnsNames?.map(y => y), + 'dnsZones': obj.dnsZones?.map(y => y), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + * + * @schema IssuerSpecVaultAuthAppRole + */ +export interface IssuerSpecVaultAuthAppRole { + /** + * Path where the App Role authentication backend is mounted in Vault, e.g: "approle" + * + * @schema IssuerSpecVaultAuthAppRole#path + */ + readonly path: string; + + /** + * RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + * + * @schema IssuerSpecVaultAuthAppRole#roleId + */ + readonly roleId: string; + + /** + * Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + * + * @schema IssuerSpecVaultAuthAppRole#secretRef + */ + readonly secretRef: IssuerSpecVaultAuthAppRoleSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuthAppRole' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuthAppRole(obj: IssuerSpecVaultAuthAppRole | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'path': obj.path, + 'roleId': obj.roleId, + 'secretRef': toJson_IssuerSpecVaultAuthAppRoleSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + * + * @schema IssuerSpecVaultAuthKubernetes + */ +export interface IssuerSpecVaultAuthKubernetes { + /** + * The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + * + * @schema IssuerSpecVaultAuthKubernetes#mountPath + */ + readonly mountPath?: string; + + /** + * A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + * + * @schema IssuerSpecVaultAuthKubernetes#role + */ + readonly role: string; + + /** + * The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + * + * @schema IssuerSpecVaultAuthKubernetes#secretRef + */ + readonly secretRef: IssuerSpecVaultAuthKubernetesSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuthKubernetes' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuthKubernetes(obj: IssuerSpecVaultAuthKubernetes | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'mountPath': obj.mountPath, + 'role': obj.role, + 'secretRef': toJson_IssuerSpecVaultAuthKubernetesSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TokenSecretRef authenticates with Vault by presenting a token. + * + * @schema IssuerSpecVaultAuthTokenSecretRef + */ +export interface IssuerSpecVaultAuthTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecVaultAuthTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVaultAuthTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuthTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuthTokenSecretRef(obj: IssuerSpecVaultAuthTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + * + * @schema IssuerSpecVenafiCloudApiTokenSecretRef + */ +export interface IssuerSpecVenafiCloudApiTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecVenafiCloudApiTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVenafiCloudApiTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVenafiCloudApiTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVenafiCloudApiTokenSecretRef(obj: IssuerSpecVenafiCloudApiTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + * + * @schema IssuerSpecVenafiTppCredentialsRef + */ +export interface IssuerSpecVenafiTppCredentialsRef { + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVenafiTppCredentialsRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVenafiTppCredentialsRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVenafiTppCredentialsRef(obj: IssuerSpecVenafiTppCredentialsRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01AcmeDns + */ +export interface IssuerSpecAcmeSolversDns01AcmeDns { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01AcmeDns#accountSecretRef + */ + readonly accountSecretRef: IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef; + + /** + * @schema IssuerSpecAcmeSolversDns01AcmeDns#host + */ + readonly host: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AcmeDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AcmeDns(obj: IssuerSpecAcmeSolversDns01AcmeDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accountSecretRef': toJson_IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(obj.accountSecretRef), + 'host': obj.host, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Akamai DNS zone management API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Akamai + */ +export interface IssuerSpecAcmeSolversDns01Akamai { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01Akamai#accessTokenSecretRef + */ + readonly accessTokenSecretRef: IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01Akamai#clientSecretSecretRef + */ + readonly clientSecretSecretRef: IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01Akamai#clientTokenSecretRef + */ + readonly clientTokenSecretRef: IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef; + + /** + * @schema IssuerSpecAcmeSolversDns01Akamai#serviceConsumerDomain + */ + readonly serviceConsumerDomain: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Akamai' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Akamai(obj: IssuerSpecAcmeSolversDns01Akamai | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessTokenSecretRef': toJson_IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(obj.accessTokenSecretRef), + 'clientSecretSecretRef': toJson_IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(obj.clientSecretSecretRef), + 'clientTokenSecretRef': toJson_IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(obj.clientTokenSecretRef), + 'serviceConsumerDomain': obj.serviceConsumerDomain, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Microsoft Azure DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01AzureDns + */ +export interface IssuerSpecAcmeSolversDns01AzureDns { + /** + * if both this and ClientSecret are left unset MSI will be used + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#clientID + */ + readonly clientId?: string; + + /** + * if both this and ClientID are left unset MSI will be used + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#clientSecretSecretRef + */ + readonly clientSecretSecretRef?: IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef; + + /** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#environment + */ + readonly environment?: IssuerSpecAcmeSolversDns01AzureDnsEnvironment; + + /** + * name of the DNS zone that should be used + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#managedIdentity + */ + readonly managedIdentity?: IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity; + + /** + * resource group the DNS zone is located in + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#resourceGroupName + */ + readonly resourceGroupName: string; + + /** + * ID of the Azure subscription + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#subscriptionID + */ + readonly subscriptionId: string; + + /** + * when specifying ClientID and ClientSecret then this field is also needed + * + * @schema IssuerSpecAcmeSolversDns01AzureDns#tenantID + */ + readonly tenantId?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AzureDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AzureDns(obj: IssuerSpecAcmeSolversDns01AzureDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'clientSecretSecretRef': toJson_IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(obj.clientSecretSecretRef), + 'environment': obj.environment, + 'hostedZoneName': obj.hostedZoneName, + 'managedIdentity': toJson_IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(obj.managedIdentity), + 'resourceGroupName': obj.resourceGroupName, + 'subscriptionID': obj.subscriptionId, + 'tenantID': obj.tenantId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Google Cloud DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01CloudDns + */ +export interface IssuerSpecAcmeSolversDns01CloudDns { + /** + * HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + * + * @schema IssuerSpecAcmeSolversDns01CloudDns#hostedZoneName + */ + readonly hostedZoneName?: string; + + /** + * @schema IssuerSpecAcmeSolversDns01CloudDns#project + */ + readonly project: string; + + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01CloudDns#serviceAccountSecretRef + */ + readonly serviceAccountSecretRef?: IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01CloudDns' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01CloudDns(obj: IssuerSpecAcmeSolversDns01CloudDns | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'hostedZoneName': obj.hostedZoneName, + 'project': obj.project, + 'serviceAccountSecretRef': toJson_IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(obj.serviceAccountSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the Cloudflare API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Cloudflare + */ +export interface IssuerSpecAcmeSolversDns01Cloudflare { + /** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema IssuerSpecAcmeSolversDns01Cloudflare#apiKeySecretRef + */ + readonly apiKeySecretRef?: IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef; + + /** + * API token used to authenticate with Cloudflare. + * + * @schema IssuerSpecAcmeSolversDns01Cloudflare#apiTokenSecretRef + */ + readonly apiTokenSecretRef?: IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef; + + /** + * Email of the account, only required when using API key based authentication. + * + * @schema IssuerSpecAcmeSolversDns01Cloudflare#email + */ + readonly email?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Cloudflare' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Cloudflare(obj: IssuerSpecAcmeSolversDns01Cloudflare | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiKeySecretRef': toJson_IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(obj.apiKeySecretRef), + 'apiTokenSecretRef': toJson_IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(obj.apiTokenSecretRef), + 'email': obj.email, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + * + * @schema IssuerSpecAcmeSolversDns01CnameStrategy + */ +export enum IssuerSpecAcmeSolversDns01CnameStrategy { + /** None */ + NONE = 'None', + /** Follow */ + FOLLOW = 'Follow', +} + +/** + * Use the DigitalOcean DNS API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Digitalocean + */ +export interface IssuerSpecAcmeSolversDns01Digitalocean { + /** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01Digitalocean#tokenSecretRef + */ + readonly tokenSecretRef: IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Digitalocean' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Digitalocean(obj: IssuerSpecAcmeSolversDns01Digitalocean | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'tokenSecretRef': toJson_IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(obj.tokenSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136 + */ +export interface IssuerSpecAcmeSolversDns01Rfc2136 { + /** + * The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136#nameserver + */ + readonly nameserver: string; + + /** + * The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136#tsigAlgorithm + */ + readonly tsigAlgorithm?: string; + + /** + * The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136#tsigKeyName + */ + readonly tsigKeyName?: string; + + /** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136#tsigSecretSecretRef + */ + readonly tsigSecretSecretRef?: IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Rfc2136' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Rfc2136(obj: IssuerSpecAcmeSolversDns01Rfc2136 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nameserver': obj.nameserver, + 'tsigAlgorithm': obj.tsigAlgorithm, + 'tsigKeyName': obj.tsigKeyName, + 'tsigSecretSecretRef': toJson_IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(obj.tsigSecretSecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Use the AWS Route53 API to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Route53 + */ +export interface IssuerSpecAcmeSolversDns01Route53 { + /** + * The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema IssuerSpecAcmeSolversDns01Route53#accessKeyID + */ + readonly accessKeyId?: string; + + /** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema IssuerSpecAcmeSolversDns01Route53#accessKeyIDSecretRef + */ + readonly accessKeyIdSecretRef?: IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef; + + /** + * If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. + * + * @schema IssuerSpecAcmeSolversDns01Route53#hostedZoneID + */ + readonly hostedZoneId?: string; + + /** + * Always set the region when using AccessKeyID and SecretAccessKey + * + * @schema IssuerSpecAcmeSolversDns01Route53#region + */ + readonly region: string; + + /** + * Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + * + * @schema IssuerSpecAcmeSolversDns01Route53#role + */ + readonly role?: string; + + /** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema IssuerSpecAcmeSolversDns01Route53#secretAccessKeySecretRef + */ + readonly secretAccessKeySecretRef?: IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Route53' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Route53(obj: IssuerSpecAcmeSolversDns01Route53 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'accessKeyID': obj.accessKeyId, + 'accessKeyIDSecretRef': toJson_IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef(obj.accessKeyIdSecretRef), + 'hostedZoneID': obj.hostedZoneId, + 'region': obj.region, + 'role': obj.role, + 'secretAccessKeySecretRef': toJson_IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(obj.secretAccessKeySecretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + * + * @schema IssuerSpecAcmeSolversDns01Webhook + */ +export interface IssuerSpecAcmeSolversDns01Webhook { + /** + * Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + * + * @schema IssuerSpecAcmeSolversDns01Webhook#config + */ + readonly config?: any; + + /** + * The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + * + * @schema IssuerSpecAcmeSolversDns01Webhook#groupName + */ + readonly groupName: string; + + /** + * The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + * + * @schema IssuerSpecAcmeSolversDns01Webhook#solverName + */ + readonly solverName: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Webhook' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Webhook(obj: IssuerSpecAcmeSolversDns01Webhook | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'config': obj.config, + 'groupName': obj.groupName, + 'solverName': obj.solverName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRoute + */ +export interface IssuerSpecAcmeSolversHttp01GatewayHttpRoute { + /** + * Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRoute#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute/#attaching-to-gateways + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRoute#parentRefs + */ + readonly parentRefs?: IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs[]; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRoute#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01GatewayHttpRoute' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01GatewayHttpRoute(obj: IssuerSpecAcmeSolversHttp01GatewayHttpRoute | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'parentRefs': obj.parentRefs?.map(y => toJson_IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs(y)), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress + */ +export interface IssuerSpecAcmeSolversHttp01Ingress { + /** + * The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress#class + */ + readonly class?: string; + + /** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress#ingressTemplate + */ + readonly ingressTemplate?: IssuerSpecAcmeSolversHttp01IngressIngressTemplate; + + /** + * The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress#name + */ + readonly name?: string; + + /** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress#podTemplate + */ + readonly podTemplate?: IssuerSpecAcmeSolversHttp01IngressPodTemplate; + + /** + * Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + * + * @schema IssuerSpecAcmeSolversHttp01Ingress#serviceType + */ + readonly serviceType?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01Ingress' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01Ingress(obj: IssuerSpecAcmeSolversHttp01Ingress | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'class': obj.class, + 'ingressTemplate': toJson_IssuerSpecAcmeSolversHttp01IngressIngressTemplate(obj.ingressTemplate), + 'name': obj.name, + 'podTemplate': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplate(obj.podTemplate), + 'serviceType': obj.serviceType, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + * + * @schema IssuerSpecVaultAuthAppRoleSecretRef + */ +export interface IssuerSpecVaultAuthAppRoleSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecVaultAuthAppRoleSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVaultAuthAppRoleSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuthAppRoleSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuthAppRoleSecretRef(obj: IssuerSpecVaultAuthAppRoleSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + * + * @schema IssuerSpecVaultAuthKubernetesSecretRef + */ +export interface IssuerSpecVaultAuthKubernetesSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecVaultAuthKubernetesSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecVaultAuthKubernetesSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecVaultAuthKubernetesSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecVaultAuthKubernetesSecretRef(obj: IssuerSpecVaultAuthKubernetesSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef + */ +export interface IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef(obj: IssuerSpecAcmeSolversDns01AcmeDnsAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef + */ +export interface IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef(obj: IssuerSpecAcmeSolversDns01AkamaiAccessTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef + */ +export interface IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef(obj: IssuerSpecAcmeSolversDns01AkamaiClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef + */ +export interface IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef(obj: IssuerSpecAcmeSolversDns01AkamaiClientTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * if both this and ClientID are left unset MSI will be used + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef + */ +export interface IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef(obj: IssuerSpecAcmeSolversDns01AzureDnsClientSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * name of the Azure environment (default AzurePublicCloud) + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsEnvironment + */ +export enum IssuerSpecAcmeSolversDns01AzureDnsEnvironment { + /** AzurePublicCloud */ + AZURE_PUBLIC_CLOUD = 'AzurePublicCloud', + /** AzureChinaCloud */ + AZURE_CHINA_CLOUD = 'AzureChinaCloud', + /** AzureGermanCloud */ + AZURE_GERMAN_CLOUD = 'AzureGermanCloud', + /** AzureUSGovernmentCloud */ + AZURE_US_GOVERNMENT_CLOUD = 'AzureUSGovernmentCloud', +} + +/** + * managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity + */ +export interface IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity { + /** + * client ID of the managed identity, can not be used at the same time as resourceID + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity#clientID + */ + readonly clientId?: string; + + /** + * resource ID of the managed identity, can not be used at the same time as clientID + * + * @schema IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity#resourceID + */ + readonly resourceId?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity(obj: IssuerSpecAcmeSolversDns01AzureDnsManagedIdentity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'clientID': obj.clientId, + 'resourceID': obj.resourceId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef + */ +export interface IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef(obj: IssuerSpecAcmeSolversDns01CloudDnsServiceAccountSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions. + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef + */ +export interface IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef(obj: IssuerSpecAcmeSolversDns01CloudflareApiKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * API token used to authenticate with Cloudflare. + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef + */ +export interface IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef(obj: IssuerSpecAcmeSolversDns01CloudflareApiTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + * + * @schema IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef + */ +export interface IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef(obj: IssuerSpecAcmeSolversDns01DigitaloceanTokenSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef + */ +export interface IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef(obj: IssuerSpecAcmeSolversDns01Rfc2136TsigSecretSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef + */ +export interface IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef(obj: IssuerSpecAcmeSolversDns01Route53AccessKeyIdSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + * + * @schema IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef + */ +export interface IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef { + /** + * The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + * + * @schema IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef#key + */ + readonly key?: string; + + /** + * Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef(obj: IssuerSpecAcmeSolversDns01Route53SecretAccessKeySecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. + * The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs + */ +export interface IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs { + /** + * Group is the group of the referent. + * Support: Core + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#group + */ + readonly group?: string; + + /** + * Kind is kind of the referent. + * Support: Core (Gateway) + * Support: Custom (Other Resources) + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#kind + */ + readonly kind?: string; + + /** + * Name is the name of the referent. + * Support: Core + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#name + */ + readonly name: string; + + /** + * Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. + * Support: Core + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#namespace + */ + readonly namespace?: string; + + /** + * Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. + * When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. + * For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Extended + * + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#port + */ + readonly port?: number; + + /** + * SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: + * * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. + * Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. + * When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. + * Support: Core + * + * @schema IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs#sectionName + */ + readonly sectionName?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs(obj: IssuerSpecAcmeSolversHttp01GatewayHttpRouteParentRefs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'port': obj.port, + 'sectionName': obj.sectionName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + * + * @schema IssuerSpecAcmeSolversHttp01IngressIngressTemplate + */ +export interface IssuerSpecAcmeSolversHttp01IngressIngressTemplate { + /** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressIngressTemplate#metadata + */ + readonly metadata?: IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressIngressTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressIngressTemplate(obj: IssuerSpecAcmeSolversHttp01IngressIngressTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(obj.metadata), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplate + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplate { + /** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplate#metadata + */ + readonly metadata?: IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata; + + /** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplate#spec + */ + readonly spec?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplate' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplate(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(obj.metadata), + 'spec': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata + */ +export interface IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata { + /** + * Annotations that should be added to the created ACME HTTP01 solver ingress. + * + * @schema IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver ingress. + * + * @schema IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata(obj: IssuerSpecAcmeSolversHttp01IngressIngressTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata { + /** + * Annotations that should be added to the create ACME HTTP01 solver pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Labels that should be added to the created ACME HTTP01 solver pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata#labels + */ + readonly labels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateMetadata | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec { + /** + * If specified, the pod's scheduling constraints + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#affinity + */ + readonly affinity?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity; + + /** + * NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#nodeSelector + */ + readonly nodeSelector?: { [key: string]: string }; + + /** + * If specified, the pod's priorityClassName. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#priorityClassName + */ + readonly priorityClassName?: string; + + /** + * If specified, the pod's service account + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#serviceAccountName + */ + readonly serviceAccountName?: string; + + /** + * If specified, the pod's tolerations. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec#tolerations + */ + readonly tolerations?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'affinity': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(obj.affinity), + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'priorityClassName': obj.priorityClassName, + 'serviceAccountName': obj.serviceAccountName, + 'tolerations': obj.tolerations?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If specified, the pod's scheduling constraints + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity { + /** + * Describes node affinity scheduling rules for the pod. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#nodeAffinity + */ + readonly nodeAffinity?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity; + + /** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#podAffinity + */ + readonly podAffinity?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity; + + /** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity#podAntiAffinity + */ + readonly podAntiAffinity?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeAffinity': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj.nodeAffinity), + 'podAffinity': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(obj.podAffinity), + 'podAntiAffinity': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj.podAntiAffinity), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations { + /** + * Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#effect + */ + readonly effect?: string; + + /** + * Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#key + */ + readonly key?: string; + + /** + * Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * + * @default Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#operator + */ + readonly operator?: string; + + /** + * TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#tolerationSeconds + */ + readonly tolerationSeconds?: number; + + /** + * Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations#value + */ + readonly value?: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecTolerations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'effect': obj.effect, + 'key': obj.key, + 'operator': obj.operator, + 'tolerationSeconds': obj.tolerationSeconds, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes node affinity scheduling rules for the pod. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj.requiredDuringSchedulingIgnoredDuringExecution), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity { + /** + * The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#preferredDuringSchedulingIgnoredDuringExecution + */ + readonly preferredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution[]; + + /** + * If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity#requiredDuringSchedulingIgnoredDuringExecution + */ + readonly requiredDuringSchedulingIgnoredDuringExecution?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinity | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * A node selector term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#preference + */ + readonly preference: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference; + + /** + * Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'preference': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj.preference), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A list of node selector terms. The terms are ORed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution#nodeSelectorTerms + */ + readonly nodeSelectorTerms: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'nodeSelectorTerms': obj.nodeSelectorTerms?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#podAffinityTerm + */ + readonly podAffinityTerm: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm; + + /** + * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution#weight + */ + readonly weight: number; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'podAffinityTerm': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#labelSelector + */ + readonly labelSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaceSelector + */ + readonly namespaceSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /** + * A list of node selector requirements by node's labels. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference#matchFields + */ + readonly matchFields?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /** + * A list of node selector requirements by node's labels. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions[]; + + /** + * A list of node selector requirements by node's fields. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms#matchFields + */ + readonly matchFields?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(y)), + 'matchFields': obj.matchFields?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required. A pod affinity term, associated with the corresponding weight. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#labelSelector + */ + readonly labelSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector; + + /** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaceSelector + */ + readonly namespaceSelector?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector; + + /** + * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#namespaces + */ + readonly namespaces?: string[]; + + /** + * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm#topologyKey + */ + readonly topologyKey: string; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'labelSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /** + * The label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /** + * The label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /** + * The label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#key + */ + readonly key: string; + + /** + * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#operator + */ + readonly operator: string; + + /** + * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over a set of resources, in this case pods. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchExpressions + */ + readonly matchExpressions?: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions + */ +export interface IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions(obj: IssuerSpecAcmeSolversHttp01IngressPodTemplateSpecAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/communities-metallb.io.ts b/packages/k8s-generated/generated/communities-metallb.io.ts new file mode 100644 index 0000000..8306653 --- /dev/null +++ b/packages/k8s-generated/generated/communities-metallb.io.ts @@ -0,0 +1,156 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * Community is a collection of aliases for communities. Users can define named aliases to be used in the BGPPeer CRD. + * + * @schema Community + */ +export class Community extends ApiObject { + /** + * Returns the apiVersion and kind for "Community" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'Community', + } + + /** + * Renders a Kubernetes manifest for "Community". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: CommunityProps = {}): any { + return { + ...Community.GVK, + ...toJson_CommunityProps(props), + }; + } + + /** + * Defines a "Community" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: CommunityProps = {}) { + super(scope, id, { + ...Community.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Community.GVK, + ...toJson_CommunityProps(resolved), + }; + } +} + +/** + * Community is a collection of aliases for communities. Users can define named aliases to be used in the BGPPeer CRD. + * + * @schema Community + */ +export interface CommunityProps { + /** + * @schema Community#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * CommunitySpec defines the desired state of Community. + * + * @schema Community#spec + */ + readonly spec?: CommunitySpec; + +} + +/** + * Converts an object of type 'CommunityProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CommunityProps(obj: CommunityProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_CommunitySpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CommunitySpec defines the desired state of Community. + * + * @schema CommunitySpec + */ +export interface CommunitySpec { + /** + * @schema CommunitySpec#communities + */ + readonly communities?: CommunitySpecCommunities[]; + +} + +/** + * Converts an object of type 'CommunitySpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CommunitySpec(obj: CommunitySpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'communities': obj.communities?.map(y => toJson_CommunitySpecCommunities(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * @schema CommunitySpecCommunities + */ +export interface CommunitySpecCommunities { + /** + * The name of the alias for the community. + * + * @schema CommunitySpecCommunities#name + */ + readonly name?: string; + + /** + * The BGP community value corresponding to the given name. + * + * @schema CommunitySpecCommunities#value + */ + readonly value?: string; + +} + +/** + * Converts an object of type 'CommunitySpecCommunities' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_CommunitySpecCommunities(obj: CommunitySpecCommunities | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/index.ts b/packages/k8s-generated/generated/index.ts new file mode 100644 index 0000000..4a34e1b --- /dev/null +++ b/packages/k8s-generated/generated/index.ts @@ -0,0 +1,11 @@ +export * from './acme.cert-manager.io' +export * from './addresspools-metallb.io' +export * from './bfdprofiles-metallb.io' +export * from './bgpadvertisements-metallb.io' +export * from './bgppeers-metallb.io' +export * from './cert-manager.io' +export * from './communities-metallb.io' +export * from './ipaddresspools-metallb.io' +export * from './jenkins.io' +export * from './k8s' +export * from './l2advertisements-metallb.io' diff --git a/packages/k8s-generated/generated/ipaddresspools-metallb.io.ts b/packages/k8s-generated/generated/ipaddresspools-metallb.io.ts new file mode 100644 index 0000000..6428ccb --- /dev/null +++ b/packages/k8s-generated/generated/ipaddresspools-metallb.io.ts @@ -0,0 +1,364 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * IPAddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. + * + * @schema IPAddressPool + */ +export class IpAddressPool extends ApiObject { + /** + * Returns the apiVersion and kind for "IPAddressPool" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'IPAddressPool', + } + + /** + * Renders a Kubernetes manifest for "IPAddressPool". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: IpAddressPoolProps): any { + return { + ...IpAddressPool.GVK, + ...toJson_IpAddressPoolProps(props), + }; + } + + /** + * Defines a "IPAddressPool" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: IpAddressPoolProps) { + super(scope, id, { + ...IpAddressPool.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...IpAddressPool.GVK, + ...toJson_IpAddressPoolProps(resolved), + }; + } +} + +/** + * IPAddressPool represents a pool of IP addresses that can be allocated to LoadBalancer services. + * + * @schema IPAddressPool + */ +export interface IpAddressPoolProps { + /** + * @schema IPAddressPool#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * IPAddressPoolSpec defines the desired state of IPAddressPool. + * + * @schema IPAddressPool#spec + */ + readonly spec: IpAddressPoolSpec; + +} + +/** + * Converts an object of type 'IpAddressPoolProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolProps(obj: IpAddressPoolProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_IpAddressPoolSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * IPAddressPoolSpec defines the desired state of IPAddressPool. + * + * @schema IpAddressPoolSpec + */ +export interface IpAddressPoolSpec { + /** + * A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool, they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs. + * + * @schema IpAddressPoolSpec#addresses + */ + readonly addresses: string[]; + + /** + * AutoAssign flag used to prevent MetallB from automatic allocation for a pool. + * + * @schema IpAddressPoolSpec#autoAssign + */ + readonly autoAssign?: boolean; + + /** + * AvoidBuggyIPs prevents addresses ending with .0 and .255 to be used by a pool. + * + * @schema IpAddressPoolSpec#avoidBuggyIPs + */ + readonly avoidBuggyIPs?: boolean; + + /** + * AllocateTo makes ip pool allocation to specific namespace and/or service. The controller will use the pool with lowest value of priority in case of multiple matches. A pool with no priority set will be used only if the pools with priority can't be used. If multiple matching IPAddressPools are available it will check for the availability of IPs sorting the matching IPAddressPools by priority, starting from the highest to the lowest. If multiple IPAddressPools have the same priority, choice will be random. + * + * @schema IpAddressPoolSpec#serviceAllocation + */ + readonly serviceAllocation?: IpAddressPoolSpecServiceAllocation; + +} + +/** + * Converts an object of type 'IpAddressPoolSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpec(obj: IpAddressPoolSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'addresses': obj.addresses?.map(y => y), + 'autoAssign': obj.autoAssign, + 'avoidBuggyIPs': obj.avoidBuggyIPs, + 'serviceAllocation': toJson_IpAddressPoolSpecServiceAllocation(obj.serviceAllocation), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AllocateTo makes ip pool allocation to specific namespace and/or service. The controller will use the pool with lowest value of priority in case of multiple matches. A pool with no priority set will be used only if the pools with priority can't be used. If multiple matching IPAddressPools are available it will check for the availability of IPs sorting the matching IPAddressPools by priority, starting from the highest to the lowest. If multiple IPAddressPools have the same priority, choice will be random. + * + * @schema IpAddressPoolSpecServiceAllocation + */ +export interface IpAddressPoolSpecServiceAllocation { + /** + * NamespaceSelectors list of label selectors to select namespace(s) for ip pool, an alternative to using namespace list. + * + * @schema IpAddressPoolSpecServiceAllocation#namespaceSelectors + */ + readonly namespaceSelectors?: IpAddressPoolSpecServiceAllocationNamespaceSelectors[]; + + /** + * Namespaces list of namespace(s) on which ip pool can be attached. + * + * @schema IpAddressPoolSpecServiceAllocation#namespaces + */ + readonly namespaces?: string[]; + + /** + * Priority priority given for ip pool while ip allocation on a service. + * + * @schema IpAddressPoolSpecServiceAllocation#priority + */ + readonly priority?: number; + + /** + * ServiceSelectors list of label selector to select service(s) for which ip pool can be used for ip allocation. + * + * @schema IpAddressPoolSpecServiceAllocation#serviceSelectors + */ + readonly serviceSelectors?: IpAddressPoolSpecServiceAllocationServiceSelectors[]; + +} + +/** + * Converts an object of type 'IpAddressPoolSpecServiceAllocation' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpecServiceAllocation(obj: IpAddressPoolSpecServiceAllocation | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'namespaceSelectors': obj.namespaceSelectors?.map(y => toJson_IpAddressPoolSpecServiceAllocationNamespaceSelectors(y)), + 'namespaces': obj.namespaces?.map(y => y), + 'priority': obj.priority, + 'serviceSelectors': obj.serviceSelectors?.map(y => toJson_IpAddressPoolSpecServiceAllocationServiceSelectors(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectors + */ +export interface IpAddressPoolSpecServiceAllocationNamespaceSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectors#matchExpressions + */ + readonly matchExpressions?: IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IpAddressPoolSpecServiceAllocationNamespaceSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpecServiceAllocationNamespaceSelectors(obj: IpAddressPoolSpecServiceAllocationNamespaceSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectors + */ +export interface IpAddressPoolSpecServiceAllocationServiceSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectors#matchExpressions + */ + readonly matchExpressions?: IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'IpAddressPoolSpecServiceAllocationServiceSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpecServiceAllocationServiceSelectors(obj: IpAddressPoolSpecServiceAllocationServiceSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions + */ +export interface IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions(obj: IpAddressPoolSpecServiceAllocationNamespaceSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions + */ +export interface IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions(obj: IpAddressPoolSpecServiceAllocationServiceSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/jenkins.io.ts b/packages/k8s-generated/generated/jenkins.io.ts new file mode 100644 index 0000000..a3d4925 --- /dev/null +++ b/packages/k8s-generated/generated/jenkins.io.ts @@ -0,0 +1,6864 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * Jenkins is the Schema for the jenkins API + * + * @schema Jenkins + */ +export class Jenkins extends ApiObject { + /** + * Returns the apiVersion and kind for "Jenkins" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'jenkins.io/v1alpha2', + kind: 'Jenkins', + } + + /** + * Renders a Kubernetes manifest for "Jenkins". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: JenkinsProps = {}): any { + return { + ...Jenkins.GVK, + ...toJson_JenkinsProps(props), + }; + } + + /** + * Defines a "Jenkins" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: JenkinsProps = {}) { + super(scope, id, { + ...Jenkins.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...Jenkins.GVK, + ...toJson_JenkinsProps(resolved), + }; + } +} + +/** + * Jenkins is the Schema for the jenkins API + * + * @schema Jenkins + */ +export interface JenkinsProps { + /** + * @schema Jenkins#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * Spec defines the desired state of the Jenkins + * + * @schema Jenkins#spec + */ + readonly spec?: JenkinsSpec; + +} + +/** + * Converts an object of type 'JenkinsProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsProps(obj: JenkinsProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_JenkinsSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Spec defines the desired state of the Jenkins + * + * @schema JenkinsSpec + */ +export interface JenkinsSpec { + /** + * Backup defines configuration of Jenkins backup More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore + * + * @schema JenkinsSpec#backup + */ + readonly backup?: JenkinsSpecBackup; + + /** + * ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin + * + * @schema JenkinsSpec#configurationAsCode + */ + readonly configurationAsCode?: JenkinsSpecConfigurationAsCode; + + /** + * GroovyScripts defines configuration of Jenkins customization via groovy scripts + * + * @schema JenkinsSpec#groovyScripts + */ + readonly groovyScripts?: JenkinsSpecGroovyScripts; + + /** + * JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API + * + * @schema JenkinsSpec#jenkinsAPISettings + */ + readonly jenkinsApiSettings: JenkinsSpecJenkinsApiSettings; + + /** + * Master represents Jenkins master pod properties and Jenkins plugins. Every single change here requires a pod restart. + * + * @schema JenkinsSpec#master + */ + readonly master: JenkinsSpecMaster; + + /** + * Notifications defines list of a services which are used to inform about Jenkins status Can be used to integrate chat services like Slack, Microsoft Teams or Mailgun + * + * @schema JenkinsSpec#notifications + */ + readonly notifications?: JenkinsSpecNotifications[]; + + /** + * Backup defines configuration of Jenkins backup restore More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore + * + * @schema JenkinsSpec#restore + */ + readonly restore?: JenkinsSpecRestore; + + /** + * Roles defines list of extra RBAC roles for the Jenkins Master pod service account + * + * @schema JenkinsSpec#roles + */ + readonly roles?: JenkinsSpecRoles[]; + + /** + * SeedJobs defines list of Jenkins Seed Job configurations More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines + * + * @schema JenkinsSpec#seedJobs + */ + readonly seedJobs?: JenkinsSpecSeedJobs[]; + + /** + * Service is Kubernetes service of Jenkins master HTTP pod Defaults to : port: 8080 type: ClusterIP + * + * @default port: 8080 type: ClusterIP + * @schema JenkinsSpec#service + */ + readonly service?: JenkinsSpecService; + + /** + * ServiceAccount defines Jenkins master service account attributes + * + * @schema JenkinsSpec#serviceAccount + */ + readonly serviceAccount?: JenkinsSpecServiceAccount; + + /** + * Service is Kubernetes service of Jenkins slave pods Defaults to : port: 50000 type: ClusterIP + * + * @default port: 50000 type: ClusterIP + * @schema JenkinsSpec#slaveService + */ + readonly slaveService?: JenkinsSpecSlaveService; + +} + +/** + * Converts an object of type 'JenkinsSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpec(obj: JenkinsSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'backup': toJson_JenkinsSpecBackup(obj.backup), + 'configurationAsCode': toJson_JenkinsSpecConfigurationAsCode(obj.configurationAsCode), + 'groovyScripts': toJson_JenkinsSpecGroovyScripts(obj.groovyScripts), + 'jenkinsAPISettings': toJson_JenkinsSpecJenkinsApiSettings(obj.jenkinsApiSettings), + 'master': toJson_JenkinsSpecMaster(obj.master), + 'notifications': obj.notifications?.map(y => toJson_JenkinsSpecNotifications(y)), + 'restore': toJson_JenkinsSpecRestore(obj.restore), + 'roles': obj.roles?.map(y => toJson_JenkinsSpecRoles(y)), + 'seedJobs': obj.seedJobs?.map(y => toJson_JenkinsSpecSeedJobs(y)), + 'service': toJson_JenkinsSpecService(obj.service), + 'serviceAccount': toJson_JenkinsSpecServiceAccount(obj.serviceAccount), + 'slaveService': toJson_JenkinsSpecSlaveService(obj.slaveService), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Backup defines configuration of Jenkins backup More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore + * + * @schema JenkinsSpecBackup + */ +export interface JenkinsSpecBackup { + /** + * Action defines action which performs backup in backup container sidecar + * + * @schema JenkinsSpecBackup#action + */ + readonly action: JenkinsSpecBackupAction; + + /** + * ContainerName is the container name responsible for backup operation + * + * @schema JenkinsSpecBackup#containerName + */ + readonly containerName: string; + + /** + * Interval tells how often make backup in seconds Defaults to 30. + * + * @default 30. + * @schema JenkinsSpecBackup#interval + */ + readonly interval: number; + + /** + * MakeBackupBeforePodDeletion tells operator to make backup before Jenkins master pod deletion + * + * @schema JenkinsSpecBackup#makeBackupBeforePodDeletion + */ + readonly makeBackupBeforePodDeletion: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecBackup' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecBackup(obj: JenkinsSpecBackup | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'action': toJson_JenkinsSpecBackupAction(obj.action), + 'containerName': obj.containerName, + 'interval': obj.interval, + 'makeBackupBeforePodDeletion': obj.makeBackupBeforePodDeletion, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ConfigurationAsCode defines configuration of Jenkins customization via Configuration as Code Jenkins plugin + * + * @schema JenkinsSpecConfigurationAsCode + */ +export interface JenkinsSpecConfigurationAsCode { + /** + * @schema JenkinsSpecConfigurationAsCode#configurations + */ + readonly configurations: JenkinsSpecConfigurationAsCodeConfigurations[]; + + /** + * SecretRef is reference to Kubernetes secret + * + * @schema JenkinsSpecConfigurationAsCode#secret + */ + readonly secret: JenkinsSpecConfigurationAsCodeSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecConfigurationAsCode' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecConfigurationAsCode(obj: JenkinsSpecConfigurationAsCode | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'configurations': obj.configurations?.map(y => toJson_JenkinsSpecConfigurationAsCodeConfigurations(y)), + 'secret': toJson_JenkinsSpecConfigurationAsCodeSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GroovyScripts defines configuration of Jenkins customization via groovy scripts + * + * @schema JenkinsSpecGroovyScripts + */ +export interface JenkinsSpecGroovyScripts { + /** + * @schema JenkinsSpecGroovyScripts#configurations + */ + readonly configurations: JenkinsSpecGroovyScriptsConfigurations[]; + + /** + * SecretRef is reference to Kubernetes secret + * + * @schema JenkinsSpecGroovyScripts#secret + */ + readonly secret: JenkinsSpecGroovyScriptsSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecGroovyScripts' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecGroovyScripts(obj: JenkinsSpecGroovyScripts | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'configurations': obj.configurations?.map(y => toJson_JenkinsSpecGroovyScriptsConfigurations(y)), + 'secret': toJson_JenkinsSpecGroovyScriptsSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * JenkinsAPISettings defines configuration used by the operator to gain admin access to the Jenkins API + * + * @schema JenkinsSpecJenkinsApiSettings + */ +export interface JenkinsSpecJenkinsApiSettings { + /** + * AuthorizationStrategy defines authorization strategy of the operator for the Jenkins API + * + * @schema JenkinsSpecJenkinsApiSettings#authorizationStrategy + */ + readonly authorizationStrategy: string; + +} + +/** + * Converts an object of type 'JenkinsSpecJenkinsApiSettings' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecJenkinsApiSettings(obj: JenkinsSpecJenkinsApiSettings | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'authorizationStrategy': obj.authorizationStrategy, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Master represents Jenkins master pod properties and Jenkins plugins. Every single change here requires a pod restart. + * + * @schema JenkinsSpecMaster + */ +export interface JenkinsSpecMaster { + /** + * Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + * + * @schema JenkinsSpecMaster#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * BasePlugins contains plugins required by operator Defaults to : - name: kubernetes version: 1.29.6 - name: workflow-job version: "2.39" - name: workflow-aggregator version: "2.6" - name: git version: 4.7.2 - name: job-dsl version: "1.74" - name: configuration-as-code version: "1.51" - name: kubernetes-credentials-provider version: 0.18-1 + * + * @default name: kubernetes version: 1.29.6 - name: workflow-job version: "2.39" - name: workflow-aggregator version: "2.6" - name: git version: 4.7.2 - name: job-dsl version: "1.74" - name: configuration-as-code version: "1.51" - name: kubernetes-credentials-provider version: 0.18-1 + * @schema JenkinsSpecMaster#basePlugins + */ + readonly basePlugins?: JenkinsSpecMasterBasePlugins[]; + + /** + * List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Defaults to: - image: jenkins/jenkins:lts imagePullPolicy: Always livenessProbe: failureThreshold: 12 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 80 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: jenkins-master readinessProbe: failureThreshold: 3 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 1500m memory: 3Gi requests: cpu: "1" memory: 600Mi + * + * @default image: jenkins/jenkins:lts imagePullPolicy: Always livenessProbe: failureThreshold: 12 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 80 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: jenkins-master readinessProbe: failureThreshold: 3 httpGet: path: /login port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 1500m memory: 3Gi requests: cpu: "1" memory: 600Mi + * @schema JenkinsSpecMaster#containers + */ + readonly containers?: JenkinsSpecMasterContainers[]; + + /** + * DisableCSRFProtection allows you to toggle CSRF Protection on Jenkins + * + * @schema JenkinsSpecMaster#disableCSRFProtection + */ + readonly disableCsrfProtection: boolean; + + /** + * ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + * + * @schema JenkinsSpecMaster#imagePullSecrets + */ + readonly imagePullSecrets?: JenkinsSpecMasterImagePullSecrets[]; + + /** + * Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels + * + * @schema JenkinsSpecMaster#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations Deprecated: will be removed in the future, please use Annotations(annotations) + * + * @schema JenkinsSpecMaster#masterAnnotations + */ + readonly masterAnnotations?: { [key: string]: string }; + + /** + * NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + * + * @schema JenkinsSpecMaster#nodeSelector + */ + readonly nodeSelector?: { [key: string]: string }; + + /** + * Plugins contains plugins required by user + * + * @schema JenkinsSpecMaster#plugins + */ + readonly plugins?: JenkinsSpecMasterPlugins[]; + + /** + * SecurityContext that applies to all the containers of the Jenkins Master. As per kubernetes specification, it can be overridden for each container individually. Defaults to: runAsUser: 1000 fsGroup: 1000 + * + * @default runAsUser: 1000 fsGroup: 1000 + * @schema JenkinsSpecMaster#securityContext + */ + readonly securityContext?: JenkinsSpecMasterSecurityContext; + + /** + * If specified, the pod's tolerations. + * + * @schema JenkinsSpecMaster#tolerations + */ + readonly tolerations?: JenkinsSpecMasterTolerations[]; + + /** + * List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes + * + * @schema JenkinsSpecMaster#volumes + */ + readonly volumes?: JenkinsSpecMasterVolumes[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMaster' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMaster(obj: JenkinsSpecMaster | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'basePlugins': obj.basePlugins?.map(y => toJson_JenkinsSpecMasterBasePlugins(y)), + 'containers': obj.containers?.map(y => toJson_JenkinsSpecMasterContainers(y)), + 'disableCSRFProtection': obj.disableCsrfProtection, + 'imagePullSecrets': obj.imagePullSecrets?.map(y => toJson_JenkinsSpecMasterImagePullSecrets(y)), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'masterAnnotations': ((obj.masterAnnotations) === undefined) ? undefined : (Object.entries(obj.masterAnnotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'plugins': obj.plugins?.map(y => toJson_JenkinsSpecMasterPlugins(y)), + 'securityContext': toJson_JenkinsSpecMasterSecurityContext(obj.securityContext), + 'tolerations': obj.tolerations?.map(y => toJson_JenkinsSpecMasterTolerations(y)), + 'volumes': obj.volumes?.map(y => toJson_JenkinsSpecMasterVolumes(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Notification is a service configuration used to send notifications about Jenkins status + * + * @schema JenkinsSpecNotifications + */ +export interface JenkinsSpecNotifications { + /** + * NotificationLevel defines the level of a Notification + * + * @schema JenkinsSpecNotifications#level + */ + readonly level: string; + + /** + * Mailgun is handler for Mailgun email service notification channel + * + * @schema JenkinsSpecNotifications#mailgun + */ + readonly mailgun?: JenkinsSpecNotificationsMailgun; + + /** + * @schema JenkinsSpecNotifications#name + */ + readonly name: string; + + /** + * Slack is handler for Slack notification channel + * + * @schema JenkinsSpecNotifications#slack + */ + readonly slack?: JenkinsSpecNotificationsSlack; + + /** + * SMTP is handler for sending emails via this protocol + * + * @schema JenkinsSpecNotifications#smtp + */ + readonly smtp?: JenkinsSpecNotificationsSmtp; + + /** + * MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel + * + * @schema JenkinsSpecNotifications#teams + */ + readonly teams?: JenkinsSpecNotificationsTeams; + + /** + * @schema JenkinsSpecNotifications#verbose + */ + readonly verbose: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecNotifications' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotifications(obj: JenkinsSpecNotifications | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'level': obj.level, + 'mailgun': toJson_JenkinsSpecNotificationsMailgun(obj.mailgun), + 'name': obj.name, + 'slack': toJson_JenkinsSpecNotificationsSlack(obj.slack), + 'smtp': toJson_JenkinsSpecNotificationsSmtp(obj.smtp), + 'teams': toJson_JenkinsSpecNotificationsTeams(obj.teams), + 'verbose': obj.verbose, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Backup defines configuration of Jenkins backup restore More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-backup-and-restore + * + * @schema JenkinsSpecRestore + */ +export interface JenkinsSpecRestore { + /** + * Action defines action which performs restore backup in restore container sidecar + * + * @schema JenkinsSpecRestore#action + */ + readonly action: JenkinsSpecRestoreAction; + + /** + * ContainerName is the container name responsible for restore backup operation + * + * @schema JenkinsSpecRestore#containerName + */ + readonly containerName: string; + + /** + * RecoveryOnce if want to restore specific backup set this field and then Jenkins will be restarted and desired backup will be restored + * + * @schema JenkinsSpecRestore#recoveryOnce + */ + readonly recoveryOnce?: number; + +} + +/** + * Converts an object of type 'JenkinsSpecRestore' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecRestore(obj: JenkinsSpecRestore | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'action': toJson_JenkinsSpecRestoreAction(obj.action), + 'containerName': obj.containerName, + 'recoveryOnce': obj.recoveryOnce, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RoleRef contains information that points to the role being used + * + * @schema JenkinsSpecRoles + */ +export interface JenkinsSpecRoles { + /** + * APIGroup is the group for the resource being referenced + * + * @schema JenkinsSpecRoles#apiGroup + */ + readonly apiGroup: string; + + /** + * Kind is the type of resource being referenced + * + * @schema JenkinsSpecRoles#kind + */ + readonly kind: string; + + /** + * Name is the name of resource being referenced + * + * @schema JenkinsSpecRoles#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'JenkinsSpecRoles' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecRoles(obj: JenkinsSpecRoles | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiGroup': obj.apiGroup, + 'kind': obj.kind, + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SeedJob defines configuration for seed job More info: https://github.com/jenkinsci/kubernetes-operator/blob/master/docs/getting-started.md#configure-seed-jobs-and-pipelines + * + * @schema JenkinsSpecSeedJobs + */ +export interface JenkinsSpecSeedJobs { + /** + * AdditionalClasspath is setting for Job DSL API plugin to set Additional Classpath + * + * @schema JenkinsSpecSeedJobs#additionalClasspath + */ + readonly additionalClasspath?: string; + + /** + * BitbucketPushTrigger is used for Bitbucket web hooks + * + * @schema JenkinsSpecSeedJobs#bitbucketPushTrigger + */ + readonly bitbucketPushTrigger?: boolean; + + /** + * BuildPeriodically is setting for scheduled trigger + * + * @schema JenkinsSpecSeedJobs#buildPeriodically + */ + readonly buildPeriodically?: string; + + /** + * CredentialID is the Kubernetes secret name which stores repository access credentials + * + * @schema JenkinsSpecSeedJobs#credentialID + */ + readonly credentialId?: string; + + /** + * JenkinsCredentialType is the https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/ credential type + * + * @schema JenkinsSpecSeedJobs#credentialType + */ + readonly credentialType?: string; + + /** + * Description is the description of the seed job + * + * @schema JenkinsSpecSeedJobs#description + */ + readonly description?: string; + + /** + * FailOnMissingPlugin is setting for Job DSL API plugin that fails job if required plugin is missing + * + * @schema JenkinsSpecSeedJobs#failOnMissingPlugin + */ + readonly failOnMissingPlugin?: boolean; + + /** + * GitHubPushTrigger is used for GitHub web hooks + * + * @schema JenkinsSpecSeedJobs#githubPushTrigger + */ + readonly githubPushTrigger?: boolean; + + /** + * ID is the unique seed job name + * + * @schema JenkinsSpecSeedJobs#id + */ + readonly id?: string; + + /** + * IgnoreMissingFiles is setting for Job DSL API plugin to ignore files that miss + * + * @schema JenkinsSpecSeedJobs#ignoreMissingFiles + */ + readonly ignoreMissingFiles?: boolean; + + /** + * PollSCM is setting for polling changes in SCM + * + * @schema JenkinsSpecSeedJobs#pollSCM + */ + readonly pollScm?: string; + + /** + * RepositoryBranch is the repository branch where are seed job definitions + * + * @schema JenkinsSpecSeedJobs#repositoryBranch + */ + readonly repositoryBranch?: string; + + /** + * RepositoryURL is the repository access URL. Can be SSH or HTTPS. + * + * @schema JenkinsSpecSeedJobs#repositoryUrl + */ + readonly repositoryUrl?: string; + + /** + * Targets is the repository path where are seed job definitions + * + * @schema JenkinsSpecSeedJobs#targets + */ + readonly targets?: string; + + /** + * UnstableOnDeprecation is setting for Job DSL API plugin that sets build status as unstable if build using deprecated features + * + * @schema JenkinsSpecSeedJobs#unstableOnDeprecation + */ + readonly unstableOnDeprecation?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecSeedJobs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecSeedJobs(obj: JenkinsSpecSeedJobs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'additionalClasspath': obj.additionalClasspath, + 'bitbucketPushTrigger': obj.bitbucketPushTrigger, + 'buildPeriodically': obj.buildPeriodically, + 'credentialID': obj.credentialId, + 'credentialType': obj.credentialType, + 'description': obj.description, + 'failOnMissingPlugin': obj.failOnMissingPlugin, + 'githubPushTrigger': obj.githubPushTrigger, + 'id': obj.id, + 'ignoreMissingFiles': obj.ignoreMissingFiles, + 'pollSCM': obj.pollScm, + 'repositoryBranch': obj.repositoryBranch, + 'repositoryUrl': obj.repositoryUrl, + 'targets': obj.targets, + 'unstableOnDeprecation': obj.unstableOnDeprecation, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Service is Kubernetes service of Jenkins master HTTP pod Defaults to : port: 8080 type: ClusterIP + * + * @default port: 8080 type: ClusterIP + * @schema JenkinsSpecService + */ +export interface JenkinsSpecService { + /** + * Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + * + * @schema JenkinsSpecService#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ + * + * @schema JenkinsSpecService#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. + * + * @schema JenkinsSpecService#loadBalancerIP + */ + readonly loadBalancerIp?: string; + + /** + * If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ + * + * @schema JenkinsSpecService#loadBalancerSourceRanges + */ + readonly loadBalancerSourceRanges?: string[]; + + /** + * The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + * + * @default to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + * @schema JenkinsSpecService#nodePort + */ + readonly nodePort?: number; + + /** + * The port that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + * + * @schema JenkinsSpecService#port + */ + readonly port?: number; + + /** + * Type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types + * + * @default ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types + * @schema JenkinsSpecService#type + */ + readonly type?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecService' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecService(obj: JenkinsSpecService | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'loadBalancerIP': obj.loadBalancerIp, + 'loadBalancerSourceRanges': obj.loadBalancerSourceRanges?.map(y => y), + 'nodePort': obj.nodePort, + 'port': obj.port, + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ServiceAccount defines Jenkins master service account attributes + * + * @schema JenkinsSpecServiceAccount + */ +export interface JenkinsSpecServiceAccount { + /** + * Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + * + * @schema JenkinsSpecServiceAccount#annotations + */ + readonly annotations?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'JenkinsSpecServiceAccount' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecServiceAccount(obj: JenkinsSpecServiceAccount | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Service is Kubernetes service of Jenkins slave pods Defaults to : port: 50000 type: ClusterIP + * + * @default port: 50000 type: ClusterIP + * @schema JenkinsSpecSlaveService + */ +export interface JenkinsSpecSlaveService { + /** + * Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations + * + * @schema JenkinsSpecSlaveService#annotations + */ + readonly annotations?: { [key: string]: string }; + + /** + * Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ + * + * @schema JenkinsSpecSlaveService#labels + */ + readonly labels?: { [key: string]: string }; + + /** + * Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. + * + * @schema JenkinsSpecSlaveService#loadBalancerIP + */ + readonly loadBalancerIp?: string; + + /** + * If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ + * + * @schema JenkinsSpecSlaveService#loadBalancerSourceRanges + */ + readonly loadBalancerSourceRanges?: string[]; + + /** + * The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + * + * @default to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + * @schema JenkinsSpecSlaveService#nodePort + */ + readonly nodePort?: number; + + /** + * The port that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + * + * @schema JenkinsSpecSlaveService#port + */ + readonly port?: number; + + /** + * Type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types + * + * @default ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types + * @schema JenkinsSpecSlaveService#type + */ + readonly type?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecSlaveService' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecSlaveService(obj: JenkinsSpecSlaveService | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'loadBalancerIP': obj.loadBalancerIp, + 'loadBalancerSourceRanges': obj.loadBalancerSourceRanges?.map(y => y), + 'nodePort': obj.nodePort, + 'port': obj.port, + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Action defines action which performs backup in backup container sidecar + * + * @schema JenkinsSpecBackupAction + */ +export interface JenkinsSpecBackupAction { + /** + * Exec specifies the action to take. + * + * @schema JenkinsSpecBackupAction#exec + */ + readonly exec?: JenkinsSpecBackupActionExec; + +} + +/** + * Converts an object of type 'JenkinsSpecBackupAction' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecBackupAction(obj: JenkinsSpecBackupAction | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecBackupActionExec(obj.exec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ConfigMapRef is reference to Kubernetes ConfigMap + * + * @schema JenkinsSpecConfigurationAsCodeConfigurations + */ +export interface JenkinsSpecConfigurationAsCodeConfigurations { + /** + * @schema JenkinsSpecConfigurationAsCodeConfigurations#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'JenkinsSpecConfigurationAsCodeConfigurations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecConfigurationAsCodeConfigurations(obj: JenkinsSpecConfigurationAsCodeConfigurations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretRef is reference to Kubernetes secret + * + * @schema JenkinsSpecConfigurationAsCodeSecret + */ +export interface JenkinsSpecConfigurationAsCodeSecret { + /** + * @schema JenkinsSpecConfigurationAsCodeSecret#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'JenkinsSpecConfigurationAsCodeSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecConfigurationAsCodeSecret(obj: JenkinsSpecConfigurationAsCodeSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ConfigMapRef is reference to Kubernetes ConfigMap + * + * @schema JenkinsSpecGroovyScriptsConfigurations + */ +export interface JenkinsSpecGroovyScriptsConfigurations { + /** + * @schema JenkinsSpecGroovyScriptsConfigurations#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'JenkinsSpecGroovyScriptsConfigurations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecGroovyScriptsConfigurations(obj: JenkinsSpecGroovyScriptsConfigurations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretRef is reference to Kubernetes secret + * + * @schema JenkinsSpecGroovyScriptsSecret + */ +export interface JenkinsSpecGroovyScriptsSecret { + /** + * @schema JenkinsSpecGroovyScriptsSecret#name + */ + readonly name: string; + +} + +/** + * Converts an object of type 'JenkinsSpecGroovyScriptsSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecGroovyScriptsSecret(obj: JenkinsSpecGroovyScriptsSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Plugin defines Jenkins plugin + * + * @schema JenkinsSpecMasterBasePlugins + */ +export interface JenkinsSpecMasterBasePlugins { + /** + * Name is the name of Jenkins plugin + * + * @schema JenkinsSpecMasterBasePlugins#name + */ + readonly name: string; + + /** + * Version is the version of Jenkins plugin + * + * @schema JenkinsSpecMasterBasePlugins#version + */ + readonly version: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterBasePlugins' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterBasePlugins(obj: JenkinsSpecMasterBasePlugins | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'version': obj.version, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Container defines Kubernetes container attributes + * + * @schema JenkinsSpecMasterContainers + */ +export interface JenkinsSpecMasterContainers { + /** + * Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + * + * @schema JenkinsSpecMasterContainers#args + */ + readonly args?: string[]; + + /** + * Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + * + * @schema JenkinsSpecMasterContainers#command + */ + readonly command?: string[]; + + /** + * List of environment variables to set in the container. + * + * @schema JenkinsSpecMasterContainers#env + */ + readonly env?: JenkinsSpecMasterContainersEnv[]; + + /** + * List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. + * + * @schema JenkinsSpecMasterContainers#envFrom + */ + readonly envFrom?: JenkinsSpecMasterContainersEnvFrom[]; + + /** + * Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + * + * @schema JenkinsSpecMasterContainers#image + */ + readonly image: string; + + /** + * Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always. + * + * @default Always. + * @schema JenkinsSpecMasterContainers#imagePullPolicy + */ + readonly imagePullPolicy: string; + + /** + * Actions that the management system should take in response to container lifecycle events. + * + * @schema JenkinsSpecMasterContainers#lifecycle + */ + readonly lifecycle?: JenkinsSpecMasterContainersLifecycle; + + /** + * Periodic probe of container liveness. Container will be restarted if the probe fails. + * + * @schema JenkinsSpecMasterContainers#livenessProbe + */ + readonly livenessProbe?: JenkinsSpecMasterContainersLivenessProbe; + + /** + * Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). + * + * @schema JenkinsSpecMasterContainers#name + */ + readonly name: string; + + /** + * List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. + * + * @schema JenkinsSpecMasterContainers#ports + */ + readonly ports?: JenkinsSpecMasterContainersPorts[]; + + /** + * Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. + * + * @schema JenkinsSpecMasterContainers#readinessProbe + */ + readonly readinessProbe?: JenkinsSpecMasterContainersReadinessProbe; + + /** + * Compute Resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + * + * @schema JenkinsSpecMasterContainers#resources + */ + readonly resources: JenkinsSpecMasterContainersResources; + + /** + * Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + * + * @schema JenkinsSpecMasterContainers#securityContext + */ + readonly securityContext?: JenkinsSpecMasterContainersSecurityContext; + + /** + * Pod volumes to mount into the container's filesystem. + * + * @schema JenkinsSpecMasterContainers#volumeMounts + */ + readonly volumeMounts?: JenkinsSpecMasterContainersVolumeMounts[]; + + /** + * Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. + * + * @schema JenkinsSpecMasterContainers#workingDir + */ + readonly workingDir?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainers' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainers(obj: JenkinsSpecMasterContainers | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'args': obj.args?.map(y => y), + 'command': obj.command?.map(y => y), + 'env': obj.env?.map(y => toJson_JenkinsSpecMasterContainersEnv(y)), + 'envFrom': obj.envFrom?.map(y => toJson_JenkinsSpecMasterContainersEnvFrom(y)), + 'image': obj.image, + 'imagePullPolicy': obj.imagePullPolicy, + 'lifecycle': toJson_JenkinsSpecMasterContainersLifecycle(obj.lifecycle), + 'livenessProbe': toJson_JenkinsSpecMasterContainersLivenessProbe(obj.livenessProbe), + 'name': obj.name, + 'ports': obj.ports?.map(y => toJson_JenkinsSpecMasterContainersPorts(y)), + 'readinessProbe': toJson_JenkinsSpecMasterContainersReadinessProbe(obj.readinessProbe), + 'resources': toJson_JenkinsSpecMasterContainersResources(obj.resources), + 'securityContext': toJson_JenkinsSpecMasterContainersSecurityContext(obj.securityContext), + 'volumeMounts': obj.volumeMounts?.map(y => toJson_JenkinsSpecMasterContainersVolumeMounts(y)), + 'workingDir': obj.workingDir, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + * + * @schema JenkinsSpecMasterImagePullSecrets + */ +export interface JenkinsSpecMasterImagePullSecrets { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterImagePullSecrets#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterImagePullSecrets' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterImagePullSecrets(obj: JenkinsSpecMasterImagePullSecrets | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Plugin defines Jenkins plugin + * + * @schema JenkinsSpecMasterPlugins + */ +export interface JenkinsSpecMasterPlugins { + /** + * Name is the name of Jenkins plugin + * + * @schema JenkinsSpecMasterPlugins#name + */ + readonly name: string; + + /** + * Version is the version of Jenkins plugin + * + * @schema JenkinsSpecMasterPlugins#version + */ + readonly version: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterPlugins' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterPlugins(obj: JenkinsSpecMasterPlugins | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'version': obj.version, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecurityContext that applies to all the containers of the Jenkins Master. As per kubernetes specification, it can be overridden for each container individually. Defaults to: runAsUser: 1000 fsGroup: 1000 + * + * @default runAsUser: 1000 fsGroup: 1000 + * @schema JenkinsSpecMasterSecurityContext + */ +export interface JenkinsSpecMasterSecurityContext { + /** + * A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: + * 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- + * If unset, the Kubelet will not modify the ownership and permissions of any volume. + * + * @schema JenkinsSpecMasterSecurityContext#fsGroup + */ + readonly fsGroup?: number; + + /** + * The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + * + * @schema JenkinsSpecMasterSecurityContext#runAsGroup + */ + readonly runAsGroup?: number; + + /** + * Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterSecurityContext#runAsNonRoot + */ + readonly runAsNonRoot?: boolean; + + /** + * The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + * + * @default user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + * @schema JenkinsSpecMasterSecurityContext#runAsUser + */ + readonly runAsUser?: number; + + /** + * The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + * + * @schema JenkinsSpecMasterSecurityContext#seLinuxOptions + */ + readonly seLinuxOptions?: JenkinsSpecMasterSecurityContextSeLinuxOptions; + + /** + * A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + * + * @schema JenkinsSpecMasterSecurityContext#supplementalGroups + */ + readonly supplementalGroups?: number[]; + + /** + * Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + * + * @schema JenkinsSpecMasterSecurityContext#sysctls + */ + readonly sysctls?: JenkinsSpecMasterSecurityContextSysctls[]; + + /** + * The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterSecurityContext#windowsOptions + */ + readonly windowsOptions?: JenkinsSpecMasterSecurityContextWindowsOptions; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterSecurityContext' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterSecurityContext(obj: JenkinsSpecMasterSecurityContext | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsGroup': obj.fsGroup, + 'runAsGroup': obj.runAsGroup, + 'runAsNonRoot': obj.runAsNonRoot, + 'runAsUser': obj.runAsUser, + 'seLinuxOptions': toJson_JenkinsSpecMasterSecurityContextSeLinuxOptions(obj.seLinuxOptions), + 'supplementalGroups': obj.supplementalGroups?.map(y => y), + 'sysctls': obj.sysctls?.map(y => toJson_JenkinsSpecMasterSecurityContextSysctls(y)), + 'windowsOptions': toJson_JenkinsSpecMasterSecurityContextWindowsOptions(obj.windowsOptions), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + * + * @schema JenkinsSpecMasterTolerations + */ +export interface JenkinsSpecMasterTolerations { + /** + * Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + * + * @schema JenkinsSpecMasterTolerations#effect + */ + readonly effect?: string; + + /** + * Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + * + * @schema JenkinsSpecMasterTolerations#key + */ + readonly key?: string; + + /** + * Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * + * @default Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + * @schema JenkinsSpecMasterTolerations#operator + */ + readonly operator?: string; + + /** + * TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + * + * @schema JenkinsSpecMasterTolerations#tolerationSeconds + */ + readonly tolerationSeconds?: number; + + /** + * Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + * + * @schema JenkinsSpecMasterTolerations#value + */ + readonly value?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterTolerations' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterTolerations(obj: JenkinsSpecMasterTolerations | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'effect': obj.effect, + 'key': obj.key, + 'operator': obj.operator, + 'tolerationSeconds': obj.tolerationSeconds, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Volume represents a named volume in a pod that may be accessed by any container in the pod. + * + * @schema JenkinsSpecMasterVolumes + */ +export interface JenkinsSpecMasterVolumes { + /** + * AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + * + * @schema JenkinsSpecMasterVolumes#awsElasticBlockStore + */ + readonly awsElasticBlockStore?: JenkinsSpecMasterVolumesAwsElasticBlockStore; + + /** + * AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + * + * @schema JenkinsSpecMasterVolumes#azureDisk + */ + readonly azureDisk?: JenkinsSpecMasterVolumesAzureDisk; + + /** + * AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + * + * @schema JenkinsSpecMasterVolumes#azureFile + */ + readonly azureFile?: JenkinsSpecMasterVolumesAzureFile; + + /** + * CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + * + * @schema JenkinsSpecMasterVolumes#cephfs + */ + readonly cephfs?: JenkinsSpecMasterVolumesCephfs; + + /** + * Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * + * @schema JenkinsSpecMasterVolumes#cinder + */ + readonly cinder?: JenkinsSpecMasterVolumesCinder; + + /** + * ConfigMap represents a configMap that should populate this volume + * + * @schema JenkinsSpecMasterVolumes#configMap + */ + readonly configMap?: JenkinsSpecMasterVolumesConfigMap; + + /** + * CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + * + * @schema JenkinsSpecMasterVolumes#csi + */ + readonly csi?: JenkinsSpecMasterVolumesCsi; + + /** + * DownwardAPI represents downward API about the pod that should populate this volume + * + * @schema JenkinsSpecMasterVolumes#downwardAPI + */ + readonly downwardApi?: JenkinsSpecMasterVolumesDownwardApi; + + /** + * EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + * + * @schema JenkinsSpecMasterVolumes#emptyDir + */ + readonly emptyDir?: JenkinsSpecMasterVolumesEmptyDir; + + /** + * FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + * + * @schema JenkinsSpecMasterVolumes#fc + */ + readonly fc?: JenkinsSpecMasterVolumesFc; + + /** + * FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + * + * @schema JenkinsSpecMasterVolumes#flexVolume + */ + readonly flexVolume?: JenkinsSpecMasterVolumesFlexVolume; + + /** + * Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + * + * @schema JenkinsSpecMasterVolumes#flocker + */ + readonly flocker?: JenkinsSpecMasterVolumesFlocker; + + /** + * GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * + * @schema JenkinsSpecMasterVolumes#gcePersistentDisk + */ + readonly gcePersistentDisk?: JenkinsSpecMasterVolumesGcePersistentDisk; + + /** + * GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + * + * @schema JenkinsSpecMasterVolumes#gitRepo + */ + readonly gitRepo?: JenkinsSpecMasterVolumesGitRepo; + + /** + * Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + * + * @schema JenkinsSpecMasterVolumes#glusterfs + */ + readonly glusterfs?: JenkinsSpecMasterVolumesGlusterfs; + + /** + * HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + * + * @schema JenkinsSpecMasterVolumes#hostPath + */ + readonly hostPath?: JenkinsSpecMasterVolumesHostPath; + + /** + * ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + * + * @schema JenkinsSpecMasterVolumes#iscsi + */ + readonly iscsi?: JenkinsSpecMasterVolumesIscsi; + + /** + * Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * + * @schema JenkinsSpecMasterVolumes#name + */ + readonly name: string; + + /** + * NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * + * @schema JenkinsSpecMasterVolumes#nfs + */ + readonly nfs?: JenkinsSpecMasterVolumesNfs; + + /** + * PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + * + * @schema JenkinsSpecMasterVolumes#persistentVolumeClaim + */ + readonly persistentVolumeClaim?: JenkinsSpecMasterVolumesPersistentVolumeClaim; + + /** + * PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumes#photonPersistentDisk + */ + readonly photonPersistentDisk?: JenkinsSpecMasterVolumesPhotonPersistentDisk; + + /** + * PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumes#portworxVolume + */ + readonly portworxVolume?: JenkinsSpecMasterVolumesPortworxVolume; + + /** + * Items for all in one resources secrets, configmaps, and downward API + * + * @schema JenkinsSpecMasterVolumes#projected + */ + readonly projected?: JenkinsSpecMasterVolumesProjected; + + /** + * Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + * + * @schema JenkinsSpecMasterVolumes#quobyte + */ + readonly quobyte?: JenkinsSpecMasterVolumesQuobyte; + + /** + * RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + * + * @schema JenkinsSpecMasterVolumes#rbd + */ + readonly rbd?: JenkinsSpecMasterVolumesRbd; + + /** + * ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + * + * @schema JenkinsSpecMasterVolumes#scaleIO + */ + readonly scaleIo?: JenkinsSpecMasterVolumesScaleIo; + + /** + * Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + * + * @schema JenkinsSpecMasterVolumes#secret + */ + readonly secret?: JenkinsSpecMasterVolumesSecret; + + /** + * StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + * + * @schema JenkinsSpecMasterVolumes#storageos + */ + readonly storageos?: JenkinsSpecMasterVolumesStorageos; + + /** + * VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumes#vsphereVolume + */ + readonly vsphereVolume?: JenkinsSpecMasterVolumesVsphereVolume; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumes' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumes(obj: JenkinsSpecMasterVolumes | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'awsElasticBlockStore': toJson_JenkinsSpecMasterVolumesAwsElasticBlockStore(obj.awsElasticBlockStore), + 'azureDisk': toJson_JenkinsSpecMasterVolumesAzureDisk(obj.azureDisk), + 'azureFile': toJson_JenkinsSpecMasterVolumesAzureFile(obj.azureFile), + 'cephfs': toJson_JenkinsSpecMasterVolumesCephfs(obj.cephfs), + 'cinder': toJson_JenkinsSpecMasterVolumesCinder(obj.cinder), + 'configMap': toJson_JenkinsSpecMasterVolumesConfigMap(obj.configMap), + 'csi': toJson_JenkinsSpecMasterVolumesCsi(obj.csi), + 'downwardAPI': toJson_JenkinsSpecMasterVolumesDownwardApi(obj.downwardApi), + 'emptyDir': toJson_JenkinsSpecMasterVolumesEmptyDir(obj.emptyDir), + 'fc': toJson_JenkinsSpecMasterVolumesFc(obj.fc), + 'flexVolume': toJson_JenkinsSpecMasterVolumesFlexVolume(obj.flexVolume), + 'flocker': toJson_JenkinsSpecMasterVolumesFlocker(obj.flocker), + 'gcePersistentDisk': toJson_JenkinsSpecMasterVolumesGcePersistentDisk(obj.gcePersistentDisk), + 'gitRepo': toJson_JenkinsSpecMasterVolumesGitRepo(obj.gitRepo), + 'glusterfs': toJson_JenkinsSpecMasterVolumesGlusterfs(obj.glusterfs), + 'hostPath': toJson_JenkinsSpecMasterVolumesHostPath(obj.hostPath), + 'iscsi': toJson_JenkinsSpecMasterVolumesIscsi(obj.iscsi), + 'name': obj.name, + 'nfs': toJson_JenkinsSpecMasterVolumesNfs(obj.nfs), + 'persistentVolumeClaim': toJson_JenkinsSpecMasterVolumesPersistentVolumeClaim(obj.persistentVolumeClaim), + 'photonPersistentDisk': toJson_JenkinsSpecMasterVolumesPhotonPersistentDisk(obj.photonPersistentDisk), + 'portworxVolume': toJson_JenkinsSpecMasterVolumesPortworxVolume(obj.portworxVolume), + 'projected': toJson_JenkinsSpecMasterVolumesProjected(obj.projected), + 'quobyte': toJson_JenkinsSpecMasterVolumesQuobyte(obj.quobyte), + 'rbd': toJson_JenkinsSpecMasterVolumesRbd(obj.rbd), + 'scaleIO': toJson_JenkinsSpecMasterVolumesScaleIo(obj.scaleIo), + 'secret': toJson_JenkinsSpecMasterVolumesSecret(obj.secret), + 'storageos': toJson_JenkinsSpecMasterVolumesStorageos(obj.storageos), + 'vsphereVolume': toJson_JenkinsSpecMasterVolumesVsphereVolume(obj.vsphereVolume), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Mailgun is handler for Mailgun email service notification channel + * + * @schema JenkinsSpecNotificationsMailgun + */ +export interface JenkinsSpecNotificationsMailgun { + /** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsMailgun#apiKeySecretKeySelector + */ + readonly apiKeySecretKeySelector: JenkinsSpecNotificationsMailgunApiKeySecretKeySelector; + + /** + * @schema JenkinsSpecNotificationsMailgun#domain + */ + readonly domain: string; + + /** + * @schema JenkinsSpecNotificationsMailgun#from + */ + readonly from: string; + + /** + * @schema JenkinsSpecNotificationsMailgun#recipient + */ + readonly recipient: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsMailgun' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsMailgun(obj: JenkinsSpecNotificationsMailgun | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiKeySecretKeySelector': toJson_JenkinsSpecNotificationsMailgunApiKeySecretKeySelector(obj.apiKeySecretKeySelector), + 'domain': obj.domain, + 'from': obj.from, + 'recipient': obj.recipient, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Slack is handler for Slack notification channel + * + * @schema JenkinsSpecNotificationsSlack + */ +export interface JenkinsSpecNotificationsSlack { + /** + * The web hook URL to Slack App + * + * @schema JenkinsSpecNotificationsSlack#webHookURLSecretKeySelector + */ + readonly webHookUrlSecretKeySelector: JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSlack' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSlack(obj: JenkinsSpecNotificationsSlack | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'webHookURLSecretKeySelector': toJson_JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector(obj.webHookUrlSecretKeySelector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SMTP is handler for sending emails via this protocol + * + * @schema JenkinsSpecNotificationsSmtp + */ +export interface JenkinsSpecNotificationsSmtp { + /** + * @schema JenkinsSpecNotificationsSmtp#from + */ + readonly from: string; + + /** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsSmtp#passwordSecretKeySelector + */ + readonly passwordSecretKeySelector: JenkinsSpecNotificationsSmtpPasswordSecretKeySelector; + + /** + * @schema JenkinsSpecNotificationsSmtp#port + */ + readonly port: number; + + /** + * @schema JenkinsSpecNotificationsSmtp#server + */ + readonly server: string; + + /** + * @schema JenkinsSpecNotificationsSmtp#tlsInsecureSkipVerify + */ + readonly tlsInsecureSkipVerify?: boolean; + + /** + * @schema JenkinsSpecNotificationsSmtp#to + */ + readonly to: string; + + /** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsSmtp#usernameSecretKeySelector + */ + readonly usernameSecretKeySelector: JenkinsSpecNotificationsSmtpUsernameSecretKeySelector; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSmtp' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSmtp(obj: JenkinsSpecNotificationsSmtp | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'from': obj.from, + 'passwordSecretKeySelector': toJson_JenkinsSpecNotificationsSmtpPasswordSecretKeySelector(obj.passwordSecretKeySelector), + 'port': obj.port, + 'server': obj.server, + 'tlsInsecureSkipVerify': obj.tlsInsecureSkipVerify, + 'to': obj.to, + 'usernameSecretKeySelector': toJson_JenkinsSpecNotificationsSmtpUsernameSecretKeySelector(obj.usernameSecretKeySelector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * MicrosoftTeams is handler for Microsoft MicrosoftTeams notification channel + * + * @schema JenkinsSpecNotificationsTeams + */ +export interface JenkinsSpecNotificationsTeams { + /** + * The web hook URL to MicrosoftTeams App + * + * @schema JenkinsSpecNotificationsTeams#webHookURLSecretKeySelector + */ + readonly webHookUrlSecretKeySelector: JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsTeams' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsTeams(obj: JenkinsSpecNotificationsTeams | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'webHookURLSecretKeySelector': toJson_JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector(obj.webHookUrlSecretKeySelector), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Action defines action which performs restore backup in restore container sidecar + * + * @schema JenkinsSpecRestoreAction + */ +export interface JenkinsSpecRestoreAction { + /** + * Exec specifies the action to take. + * + * @schema JenkinsSpecRestoreAction#exec + */ + readonly exec?: JenkinsSpecRestoreActionExec; + +} + +/** + * Converts an object of type 'JenkinsSpecRestoreAction' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecRestoreAction(obj: JenkinsSpecRestoreAction | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecRestoreActionExec(obj.exec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Exec specifies the action to take. + * + * @schema JenkinsSpecBackupActionExec + */ +export interface JenkinsSpecBackupActionExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecBackupActionExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecBackupActionExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecBackupActionExec(obj: JenkinsSpecBackupActionExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * EnvVar represents an environment variable present in a Container. + * + * @schema JenkinsSpecMasterContainersEnv + */ +export interface JenkinsSpecMasterContainersEnv { + /** + * Name of the environment variable. Must be a C_IDENTIFIER. + * + * @schema JenkinsSpecMasterContainersEnv#name + */ + readonly name: string; + + /** + * Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". + * + * @default . + * @schema JenkinsSpecMasterContainersEnv#value + */ + readonly value?: string; + + /** + * Source for the environment variable's value. Cannot be used if value is not empty. + * + * @schema JenkinsSpecMasterContainersEnv#valueFrom + */ + readonly valueFrom?: JenkinsSpecMasterContainersEnvValueFrom; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnv' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnv(obj: JenkinsSpecMasterContainersEnv | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + 'valueFrom': toJson_JenkinsSpecMasterContainersEnvValueFrom(obj.valueFrom), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * EnvFromSource represents the source of a set of ConfigMaps + * + * @schema JenkinsSpecMasterContainersEnvFrom + */ +export interface JenkinsSpecMasterContainersEnvFrom { + /** + * The ConfigMap to select from + * + * @schema JenkinsSpecMasterContainersEnvFrom#configMapRef + */ + readonly configMapRef?: JenkinsSpecMasterContainersEnvFromConfigMapRef; + + /** + * An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + * + * @schema JenkinsSpecMasterContainersEnvFrom#prefix + */ + readonly prefix?: string; + + /** + * The Secret to select from + * + * @schema JenkinsSpecMasterContainersEnvFrom#secretRef + */ + readonly secretRef?: JenkinsSpecMasterContainersEnvFromSecretRef; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvFrom' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvFrom(obj: JenkinsSpecMasterContainersEnvFrom | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'configMapRef': toJson_JenkinsSpecMasterContainersEnvFromConfigMapRef(obj.configMapRef), + 'prefix': obj.prefix, + 'secretRef': toJson_JenkinsSpecMasterContainersEnvFromSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Actions that the management system should take in response to container lifecycle events. + * + * @schema JenkinsSpecMasterContainersLifecycle + */ +export interface JenkinsSpecMasterContainersLifecycle { + /** + * PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + * + * @schema JenkinsSpecMasterContainersLifecycle#postStart + */ + readonly postStart?: JenkinsSpecMasterContainersLifecyclePostStart; + + /** + * PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + * + * @schema JenkinsSpecMasterContainersLifecycle#preStop + */ + readonly preStop?: JenkinsSpecMasterContainersLifecyclePreStop; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecycle' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecycle(obj: JenkinsSpecMasterContainersLifecycle | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'postStart': toJson_JenkinsSpecMasterContainersLifecyclePostStart(obj.postStart), + 'preStop': toJson_JenkinsSpecMasterContainersLifecyclePreStop(obj.preStop), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Periodic probe of container liveness. Container will be restarted if the probe fails. + * + * @schema JenkinsSpecMasterContainersLivenessProbe + */ +export interface JenkinsSpecMasterContainersLivenessProbe { + /** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLivenessProbe#exec + */ + readonly exec?: JenkinsSpecMasterContainersLivenessProbeExec; + + /** + * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + * + * @default 3. Minimum value is 1. + * @schema JenkinsSpecMasterContainersLivenessProbe#failureThreshold + */ + readonly failureThreshold?: number; + + /** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLivenessProbe#httpGet + */ + readonly httpGet?: JenkinsSpecMasterContainersLivenessProbeHttpGet; + + /** + * Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * + * @schema JenkinsSpecMasterContainersLivenessProbe#initialDelaySeconds + */ + readonly initialDelaySeconds?: number; + + /** + * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + * + * @default 10 seconds. Minimum value is 1. + * @schema JenkinsSpecMasterContainersLivenessProbe#periodSeconds + */ + readonly periodSeconds?: number; + + /** + * Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + * + * @default 1. Must be 1 for liveness and startup. Minimum value is 1. + * @schema JenkinsSpecMasterContainersLivenessProbe#successThreshold + */ + readonly successThreshold?: number; + + /** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLivenessProbe#tcpSocket + */ + readonly tcpSocket?: JenkinsSpecMasterContainersLivenessProbeTcpSocket; + + /** + * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * + * @default 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * @schema JenkinsSpecMasterContainersLivenessProbe#timeoutSeconds + */ + readonly timeoutSeconds?: number; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLivenessProbe' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLivenessProbe(obj: JenkinsSpecMasterContainersLivenessProbe | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecMasterContainersLivenessProbeExec(obj.exec), + 'failureThreshold': obj.failureThreshold, + 'httpGet': toJson_JenkinsSpecMasterContainersLivenessProbeHttpGet(obj.httpGet), + 'initialDelaySeconds': obj.initialDelaySeconds, + 'periodSeconds': obj.periodSeconds, + 'successThreshold': obj.successThreshold, + 'tcpSocket': toJson_JenkinsSpecMasterContainersLivenessProbeTcpSocket(obj.tcpSocket), + 'timeoutSeconds': obj.timeoutSeconds, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ContainerPort represents a network port in a single container. + * + * @schema JenkinsSpecMasterContainersPorts + */ +export interface JenkinsSpecMasterContainersPorts { + /** + * Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + * + * @schema JenkinsSpecMasterContainersPorts#containerPort + */ + readonly containerPort: number; + + /** + * What host IP to bind the external port to. + * + * @schema JenkinsSpecMasterContainersPorts#hostIP + */ + readonly hostIp?: string; + + /** + * Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + * + * @schema JenkinsSpecMasterContainersPorts#hostPort + */ + readonly hostPort?: number; + + /** + * If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + * + * @schema JenkinsSpecMasterContainersPorts#name + */ + readonly name?: string; + + /** + * Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + * + * @default TCP". + * @schema JenkinsSpecMasterContainersPorts#protocol + */ + readonly protocol?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersPorts' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersPorts(obj: JenkinsSpecMasterContainersPorts | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'containerPort': obj.containerPort, + 'hostIP': obj.hostIp, + 'hostPort': obj.hostPort, + 'name': obj.name, + 'protocol': obj.protocol, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. + * + * @schema JenkinsSpecMasterContainersReadinessProbe + */ +export interface JenkinsSpecMasterContainersReadinessProbe { + /** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersReadinessProbe#exec + */ + readonly exec?: JenkinsSpecMasterContainersReadinessProbeExec; + + /** + * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + * + * @default 3. Minimum value is 1. + * @schema JenkinsSpecMasterContainersReadinessProbe#failureThreshold + */ + readonly failureThreshold?: number; + + /** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersReadinessProbe#httpGet + */ + readonly httpGet?: JenkinsSpecMasterContainersReadinessProbeHttpGet; + + /** + * Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * + * @schema JenkinsSpecMasterContainersReadinessProbe#initialDelaySeconds + */ + readonly initialDelaySeconds?: number; + + /** + * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + * + * @default 10 seconds. Minimum value is 1. + * @schema JenkinsSpecMasterContainersReadinessProbe#periodSeconds + */ + readonly periodSeconds?: number; + + /** + * Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + * + * @default 1. Must be 1 for liveness and startup. Minimum value is 1. + * @schema JenkinsSpecMasterContainersReadinessProbe#successThreshold + */ + readonly successThreshold?: number; + + /** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersReadinessProbe#tcpSocket + */ + readonly tcpSocket?: JenkinsSpecMasterContainersReadinessProbeTcpSocket; + + /** + * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * + * @default 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + * @schema JenkinsSpecMasterContainersReadinessProbe#timeoutSeconds + */ + readonly timeoutSeconds?: number; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersReadinessProbe' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersReadinessProbe(obj: JenkinsSpecMasterContainersReadinessProbe | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecMasterContainersReadinessProbeExec(obj.exec), + 'failureThreshold': obj.failureThreshold, + 'httpGet': toJson_JenkinsSpecMasterContainersReadinessProbeHttpGet(obj.httpGet), + 'initialDelaySeconds': obj.initialDelaySeconds, + 'periodSeconds': obj.periodSeconds, + 'successThreshold': obj.successThreshold, + 'tcpSocket': toJson_JenkinsSpecMasterContainersReadinessProbeTcpSocket(obj.tcpSocket), + 'timeoutSeconds': obj.timeoutSeconds, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Compute Resources required by this container. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + * + * @schema JenkinsSpecMasterContainersResources + */ +export interface JenkinsSpecMasterContainersResources { + /** + * Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + * + * @schema JenkinsSpecMasterContainersResources#limits + */ + readonly limits?: { [key: string]: string }; + + /** + * Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + * + * @schema JenkinsSpecMasterContainersResources#requests + */ + readonly requests?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersResources' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersResources(obj: JenkinsSpecMasterContainersResources | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'limits': ((obj.limits) === undefined) ? undefined : (Object.entries(obj.limits).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'requests': ((obj.requests) === undefined) ? undefined : (Object.entries(obj.requests).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + * + * @schema JenkinsSpecMasterContainersSecurityContext + */ +export interface JenkinsSpecMasterContainersSecurityContext { + /** + * AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + * + * @schema JenkinsSpecMasterContainersSecurityContext#allowPrivilegeEscalation + */ + readonly allowPrivilegeEscalation?: boolean; + + /** + * The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + * + * @default the default set of capabilities granted by the container runtime. + * @schema JenkinsSpecMasterContainersSecurityContext#capabilities + */ + readonly capabilities?: JenkinsSpecMasterContainersSecurityContextCapabilities; + + /** + * Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + * + * @default false. + * @schema JenkinsSpecMasterContainersSecurityContext#privileged + */ + readonly privileged?: boolean; + + /** + * procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + * + * @schema JenkinsSpecMasterContainersSecurityContext#procMount + */ + readonly procMount?: string; + + /** + * Whether this container has a read-only root filesystem. Default is false. + * + * @default false. + * @schema JenkinsSpecMasterContainersSecurityContext#readOnlyRootFilesystem + */ + readonly readOnlyRootFilesystem?: boolean; + + /** + * The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContext#runAsGroup + */ + readonly runAsGroup?: number; + + /** + * Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContext#runAsNonRoot + */ + readonly runAsNonRoot?: boolean; + + /** + * The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @default user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * @schema JenkinsSpecMasterContainersSecurityContext#runAsUser + */ + readonly runAsUser?: number; + + /** + * The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContext#seLinuxOptions + */ + readonly seLinuxOptions?: JenkinsSpecMasterContainersSecurityContextSeLinuxOptions; + + /** + * The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContext#windowsOptions + */ + readonly windowsOptions?: JenkinsSpecMasterContainersSecurityContextWindowsOptions; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersSecurityContext' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersSecurityContext(obj: JenkinsSpecMasterContainersSecurityContext | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'allowPrivilegeEscalation': obj.allowPrivilegeEscalation, + 'capabilities': toJson_JenkinsSpecMasterContainersSecurityContextCapabilities(obj.capabilities), + 'privileged': obj.privileged, + 'procMount': obj.procMount, + 'readOnlyRootFilesystem': obj.readOnlyRootFilesystem, + 'runAsGroup': obj.runAsGroup, + 'runAsNonRoot': obj.runAsNonRoot, + 'runAsUser': obj.runAsUser, + 'seLinuxOptions': toJson_JenkinsSpecMasterContainersSecurityContextSeLinuxOptions(obj.seLinuxOptions), + 'windowsOptions': toJson_JenkinsSpecMasterContainersSecurityContextWindowsOptions(obj.windowsOptions), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * VolumeMount describes a mounting of a Volume within a container. + * + * @schema JenkinsSpecMasterContainersVolumeMounts + */ +export interface JenkinsSpecMasterContainersVolumeMounts { + /** + * Path within the container at which the volume should be mounted. Must not contain ':'. + * + * @schema JenkinsSpecMasterContainersVolumeMounts#mountPath + */ + readonly mountPath: string; + + /** + * mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + * + * @schema JenkinsSpecMasterContainersVolumeMounts#mountPropagation + */ + readonly mountPropagation?: string; + + /** + * This must match the Name of a Volume. + * + * @schema JenkinsSpecMasterContainersVolumeMounts#name + */ + readonly name: string; + + /** + * Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + * + * @default false. + * @schema JenkinsSpecMasterContainersVolumeMounts#readOnly + */ + readonly readOnly?: boolean; + + /** + * Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + * + * @default volume's root). + * @schema JenkinsSpecMasterContainersVolumeMounts#subPath + */ + readonly subPath?: string; + + /** + * Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15. + * + * @default volume's root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15. + * @schema JenkinsSpecMasterContainersVolumeMounts#subPathExpr + */ + readonly subPathExpr?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersVolumeMounts' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersVolumeMounts(obj: JenkinsSpecMasterContainersVolumeMounts | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'mountPath': obj.mountPath, + 'mountPropagation': obj.mountPropagation, + 'name': obj.name, + 'readOnly': obj.readOnly, + 'subPath': obj.subPath, + 'subPathExpr': obj.subPathExpr, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + * + * @schema JenkinsSpecMasterSecurityContextSeLinuxOptions + */ +export interface JenkinsSpecMasterSecurityContextSeLinuxOptions { + /** + * Level is SELinux level label that applies to the container. + * + * @schema JenkinsSpecMasterSecurityContextSeLinuxOptions#level + */ + readonly level?: string; + + /** + * Role is a SELinux role label that applies to the container. + * + * @schema JenkinsSpecMasterSecurityContextSeLinuxOptions#role + */ + readonly role?: string; + + /** + * Type is a SELinux type label that applies to the container. + * + * @schema JenkinsSpecMasterSecurityContextSeLinuxOptions#type + */ + readonly type?: string; + + /** + * User is a SELinux user label that applies to the container. + * + * @schema JenkinsSpecMasterSecurityContextSeLinuxOptions#user + */ + readonly user?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterSecurityContextSeLinuxOptions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterSecurityContextSeLinuxOptions(obj: JenkinsSpecMasterSecurityContextSeLinuxOptions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'level': obj.level, + 'role': obj.role, + 'type': obj.type, + 'user': obj.user, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Sysctl defines a kernel parameter to be set + * + * @schema JenkinsSpecMasterSecurityContextSysctls + */ +export interface JenkinsSpecMasterSecurityContextSysctls { + /** + * Name of a property to set + * + * @schema JenkinsSpecMasterSecurityContextSysctls#name + */ + readonly name: string; + + /** + * Value of a property to set + * + * @schema JenkinsSpecMasterSecurityContextSysctls#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterSecurityContextSysctls' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterSecurityContextSysctls(obj: JenkinsSpecMasterSecurityContextSysctls | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterSecurityContextWindowsOptions + */ +export interface JenkinsSpecMasterSecurityContextWindowsOptions { + /** + * GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. + * + * @schema JenkinsSpecMasterSecurityContextWindowsOptions#gmsaCredentialSpec + */ + readonly gmsaCredentialSpec?: string; + + /** + * GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. + * + * @schema JenkinsSpecMasterSecurityContextWindowsOptions#gmsaCredentialSpecName + */ + readonly gmsaCredentialSpecName?: string; + + /** + * The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + * + * @default the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + * @schema JenkinsSpecMasterSecurityContextWindowsOptions#runAsUserName + */ + readonly runAsUserName?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterSecurityContextWindowsOptions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterSecurityContextWindowsOptions(obj: JenkinsSpecMasterSecurityContextWindowsOptions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'gmsaCredentialSpec': obj.gmsaCredentialSpec, + 'gmsaCredentialSpecName': obj.gmsaCredentialSpecName, + 'runAsUserName': obj.runAsUserName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + * + * @schema JenkinsSpecMasterVolumesAwsElasticBlockStore + */ +export interface JenkinsSpecMasterVolumesAwsElasticBlockStore { + /** + * Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine + * + * @schema JenkinsSpecMasterVolumesAwsElasticBlockStore#fsType + */ + readonly fsType?: string; + + /** + * The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + * + * @schema JenkinsSpecMasterVolumesAwsElasticBlockStore#partition + */ + readonly partition?: number; + + /** + * Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + * + * @schema JenkinsSpecMasterVolumesAwsElasticBlockStore#readOnly + */ + readonly readOnly?: boolean; + + /** + * Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + * + * @schema JenkinsSpecMasterVolumesAwsElasticBlockStore#volumeID + */ + readonly volumeId: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesAwsElasticBlockStore' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesAwsElasticBlockStore(obj: JenkinsSpecMasterVolumesAwsElasticBlockStore | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'partition': obj.partition, + 'readOnly': obj.readOnly, + 'volumeID': obj.volumeId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + * + * @schema JenkinsSpecMasterVolumesAzureDisk + */ +export interface JenkinsSpecMasterVolumesAzureDisk { + /** + * Host Caching mode: None, Read Only, Read Write. + * + * @schema JenkinsSpecMasterVolumesAzureDisk#cachingMode + */ + readonly cachingMode?: string; + + /** + * The Name of the data disk in the blob storage + * + * @schema JenkinsSpecMasterVolumesAzureDisk#diskName + */ + readonly diskName: string; + + /** + * The URI the data disk in the blob storage + * + * @schema JenkinsSpecMasterVolumesAzureDisk#diskURI + */ + readonly diskUri: string; + + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + * + * @schema JenkinsSpecMasterVolumesAzureDisk#fsType + */ + readonly fsType?: string; + + /** + * Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + * + * @schema JenkinsSpecMasterVolumesAzureDisk#kind + */ + readonly kind?: string; + + /** + * Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesAzureDisk#readOnly + */ + readonly readOnly?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesAzureDisk' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesAzureDisk(obj: JenkinsSpecMasterVolumesAzureDisk | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'cachingMode': obj.cachingMode, + 'diskName': obj.diskName, + 'diskURI': obj.diskUri, + 'fsType': obj.fsType, + 'kind': obj.kind, + 'readOnly': obj.readOnly, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + * + * @schema JenkinsSpecMasterVolumesAzureFile + */ +export interface JenkinsSpecMasterVolumesAzureFile { + /** + * Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesAzureFile#readOnly + */ + readonly readOnly?: boolean; + + /** + * the name of secret that contains Azure Storage Account Name and Key + * + * @schema JenkinsSpecMasterVolumesAzureFile#secretName + */ + readonly secretName: string; + + /** + * Share Name + * + * @schema JenkinsSpecMasterVolumesAzureFile#shareName + */ + readonly shareName: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesAzureFile' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesAzureFile(obj: JenkinsSpecMasterVolumesAzureFile | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'readOnly': obj.readOnly, + 'secretName': obj.secretName, + 'shareName': obj.shareName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + * + * @schema JenkinsSpecMasterVolumesCephfs + */ +export interface JenkinsSpecMasterVolumesCephfs { + /** + * Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesCephfs#monitors + */ + readonly monitors: string[]; + + /** + * Optional: Used as the mounted root, rather than the full Ceph tree, default is / + * + * @schema JenkinsSpecMasterVolumesCephfs#path + */ + readonly path?: string; + + /** + * Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesCephfs#readOnly + */ + readonly readOnly?: boolean; + + /** + * Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesCephfs#secretFile + */ + readonly secretFile?: string; + + /** + * Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesCephfs#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesCephfsSecretRef; + + /** + * Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesCephfs#user + */ + readonly user?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCephfs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCephfs(obj: JenkinsSpecMasterVolumesCephfs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'monitors': obj.monitors?.map(y => y), + 'path': obj.path, + 'readOnly': obj.readOnly, + 'secretFile': obj.secretFile, + 'secretRef': toJson_JenkinsSpecMasterVolumesCephfsSecretRef(obj.secretRef), + 'user': obj.user, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * + * @schema JenkinsSpecMasterVolumesCinder + */ +export interface JenkinsSpecMasterVolumesCinder { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * + * @schema JenkinsSpecMasterVolumesCinder#fsType + */ + readonly fsType?: string; + + /** + * Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * @schema JenkinsSpecMasterVolumesCinder#readOnly + */ + readonly readOnly?: boolean; + + /** + * Optional: points to a secret object containing parameters used to connect to OpenStack. + * + * @schema JenkinsSpecMasterVolumesCinder#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesCinderSecretRef; + + /** + * volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md + * + * @schema JenkinsSpecMasterVolumesCinder#volumeID + */ + readonly volumeId: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCinder' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCinder(obj: JenkinsSpecMasterVolumesCinder | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesCinderSecretRef(obj.secretRef), + 'volumeID': obj.volumeId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ConfigMap represents a configMap that should populate this volume + * + * @schema JenkinsSpecMasterVolumesConfigMap + */ +export interface JenkinsSpecMasterVolumesConfigMap { + /** + * Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * @schema JenkinsSpecMasterVolumesConfigMap#defaultMode + */ + readonly defaultMode?: number; + + /** + * If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + * + * @schema JenkinsSpecMasterVolumesConfigMap#items + */ + readonly items?: JenkinsSpecMasterVolumesConfigMapItems[]; + + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesConfigMap#name + */ + readonly name?: string; + + /** + * Specify whether the ConfigMap or its keys must be defined + * + * @schema JenkinsSpecMasterVolumesConfigMap#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesConfigMap' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesConfigMap(obj: JenkinsSpecMasterVolumesConfigMap | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesConfigMapItems(y)), + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + * + * @schema JenkinsSpecMasterVolumesCsi + */ +export interface JenkinsSpecMasterVolumesCsi { + /** + * Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + * + * @schema JenkinsSpecMasterVolumesCsi#driver + */ + readonly driver: string; + + /** + * Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + * + * @schema JenkinsSpecMasterVolumesCsi#fsType + */ + readonly fsType?: string; + + /** + * NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + * + * @schema JenkinsSpecMasterVolumesCsi#nodePublishSecretRef + */ + readonly nodePublishSecretRef?: JenkinsSpecMasterVolumesCsiNodePublishSecretRef; + + /** + * Specifies a read-only configuration for the volume. Defaults to false (read/write). + * + * @default false (read/write). + * @schema JenkinsSpecMasterVolumesCsi#readOnly + */ + readonly readOnly?: boolean; + + /** + * VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + * + * @schema JenkinsSpecMasterVolumesCsi#volumeAttributes + */ + readonly volumeAttributes?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCsi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCsi(obj: JenkinsSpecMasterVolumesCsi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'driver': obj.driver, + 'fsType': obj.fsType, + 'nodePublishSecretRef': toJson_JenkinsSpecMasterVolumesCsiNodePublishSecretRef(obj.nodePublishSecretRef), + 'readOnly': obj.readOnly, + 'volumeAttributes': ((obj.volumeAttributes) === undefined) ? undefined : (Object.entries(obj.volumeAttributes).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * DownwardAPI represents downward API about the pod that should populate this volume + * + * @schema JenkinsSpecMasterVolumesDownwardApi + */ +export interface JenkinsSpecMasterVolumesDownwardApi { + /** + * Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * @schema JenkinsSpecMasterVolumesDownwardApi#defaultMode + */ + readonly defaultMode?: number; + + /** + * Items is a list of downward API volume file + * + * @schema JenkinsSpecMasterVolumesDownwardApi#items + */ + readonly items?: JenkinsSpecMasterVolumesDownwardApiItems[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesDownwardApi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesDownwardApi(obj: JenkinsSpecMasterVolumesDownwardApi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesDownwardApiItems(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + * + * @schema JenkinsSpecMasterVolumesEmptyDir + */ +export interface JenkinsSpecMasterVolumesEmptyDir { + /** + * What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + * + * @schema JenkinsSpecMasterVolumesEmptyDir#medium + */ + readonly medium?: string; + + /** + * Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir + * + * @schema JenkinsSpecMasterVolumesEmptyDir#sizeLimit + */ + readonly sizeLimit?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesEmptyDir' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesEmptyDir(obj: JenkinsSpecMasterVolumesEmptyDir | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'medium': obj.medium, + 'sizeLimit': obj.sizeLimit, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + * + * @schema JenkinsSpecMasterVolumesFc + */ +export interface JenkinsSpecMasterVolumesFc { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine + * + * @schema JenkinsSpecMasterVolumesFc#fsType + */ + readonly fsType?: string; + + /** + * Optional: FC target lun number + * + * @schema JenkinsSpecMasterVolumesFc#lun + */ + readonly lun?: number; + + /** + * Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesFc#readOnly + */ + readonly readOnly?: boolean; + + /** + * Optional: FC target worldwide names (WWNs) + * + * @schema JenkinsSpecMasterVolumesFc#targetWWNs + */ + readonly targetWwNs?: string[]; + + /** + * Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + * + * @schema JenkinsSpecMasterVolumesFc#wwids + */ + readonly wwids?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesFc' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesFc(obj: JenkinsSpecMasterVolumesFc | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'lun': obj.lun, + 'readOnly': obj.readOnly, + 'targetWWNs': obj.targetWwNs?.map(y => y), + 'wwids': obj.wwids?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + * + * @schema JenkinsSpecMasterVolumesFlexVolume + */ +export interface JenkinsSpecMasterVolumesFlexVolume { + /** + * Driver is the name of the driver to use for this volume. + * + * @schema JenkinsSpecMasterVolumesFlexVolume#driver + */ + readonly driver: string; + + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + * + * @schema JenkinsSpecMasterVolumesFlexVolume#fsType + */ + readonly fsType?: string; + + /** + * Optional: Extra command options if any. + * + * @schema JenkinsSpecMasterVolumesFlexVolume#options + */ + readonly options?: { [key: string]: string }; + + /** + * Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesFlexVolume#readOnly + */ + readonly readOnly?: boolean; + + /** + * Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + * + * @schema JenkinsSpecMasterVolumesFlexVolume#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesFlexVolumeSecretRef; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesFlexVolume' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesFlexVolume(obj: JenkinsSpecMasterVolumesFlexVolume | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'driver': obj.driver, + 'fsType': obj.fsType, + 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesFlexVolumeSecretRef(obj.secretRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + * + * @schema JenkinsSpecMasterVolumesFlocker + */ +export interface JenkinsSpecMasterVolumesFlocker { + /** + * Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + * + * @schema JenkinsSpecMasterVolumesFlocker#datasetName + */ + readonly datasetName?: string; + + /** + * UUID of the dataset. This is unique identifier of a Flocker dataset + * + * @schema JenkinsSpecMasterVolumesFlocker#datasetUUID + */ + readonly datasetUuid?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesFlocker' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesFlocker(obj: JenkinsSpecMasterVolumesFlocker | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'datasetName': obj.datasetName, + 'datasetUUID': obj.datasetUuid, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * + * @schema JenkinsSpecMasterVolumesGcePersistentDisk + */ +export interface JenkinsSpecMasterVolumesGcePersistentDisk { + /** + * Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine + * + * @schema JenkinsSpecMasterVolumesGcePersistentDisk#fsType + */ + readonly fsType?: string; + + /** + * The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * + * @schema JenkinsSpecMasterVolumesGcePersistentDisk#partition + */ + readonly partition?: number; + + /** + * Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * + * @schema JenkinsSpecMasterVolumesGcePersistentDisk#pdName + */ + readonly pdName: string; + + /** + * ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * + * @default false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + * @schema JenkinsSpecMasterVolumesGcePersistentDisk#readOnly + */ + readonly readOnly?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesGcePersistentDisk' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesGcePersistentDisk(obj: JenkinsSpecMasterVolumesGcePersistentDisk | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'partition': obj.partition, + 'pdName': obj.pdName, + 'readOnly': obj.readOnly, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + * + * @schema JenkinsSpecMasterVolumesGitRepo + */ +export interface JenkinsSpecMasterVolumesGitRepo { + /** + * Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + * + * @schema JenkinsSpecMasterVolumesGitRepo#directory + */ + readonly directory?: string; + + /** + * Repository URL + * + * @schema JenkinsSpecMasterVolumesGitRepo#repository + */ + readonly repository: string; + + /** + * Commit hash for the specified revision. + * + * @schema JenkinsSpecMasterVolumesGitRepo#revision + */ + readonly revision?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesGitRepo' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesGitRepo(obj: JenkinsSpecMasterVolumesGitRepo | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'directory': obj.directory, + 'repository': obj.repository, + 'revision': obj.revision, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md + * + * @schema JenkinsSpecMasterVolumesGlusterfs + */ +export interface JenkinsSpecMasterVolumesGlusterfs { + /** + * EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + * + * @schema JenkinsSpecMasterVolumesGlusterfs#endpoints + */ + readonly endpoints: string; + + /** + * Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + * + * @schema JenkinsSpecMasterVolumesGlusterfs#path + */ + readonly path: string; + + /** + * ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + * + * @default false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + * @schema JenkinsSpecMasterVolumesGlusterfs#readOnly + */ + readonly readOnly?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesGlusterfs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesGlusterfs(obj: JenkinsSpecMasterVolumesGlusterfs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'endpoints': obj.endpoints, + 'path': obj.path, + 'readOnly': obj.readOnly, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. + * + * @schema JenkinsSpecMasterVolumesHostPath + */ +export interface JenkinsSpecMasterVolumesHostPath { + /** + * Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + * + * @schema JenkinsSpecMasterVolumesHostPath#path + */ + readonly path: string; + + /** + * Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + * + * @default More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + * @schema JenkinsSpecMasterVolumesHostPath#type + */ + readonly type?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesHostPath' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesHostPath(obj: JenkinsSpecMasterVolumesHostPath | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'path': obj.path, + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md + * + * @schema JenkinsSpecMasterVolumesIscsi + */ +export interface JenkinsSpecMasterVolumesIscsi { + /** + * whether support iSCSI Discovery CHAP authentication + * + * @schema JenkinsSpecMasterVolumesIscsi#chapAuthDiscovery + */ + readonly chapAuthDiscovery?: boolean; + + /** + * whether support iSCSI Session CHAP authentication + * + * @schema JenkinsSpecMasterVolumesIscsi#chapAuthSession + */ + readonly chapAuthSession?: boolean; + + /** + * Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine + * + * @schema JenkinsSpecMasterVolumesIscsi#fsType + */ + readonly fsType?: string; + + /** + * Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + * + * @schema JenkinsSpecMasterVolumesIscsi#initiatorName + */ + readonly initiatorName?: string; + + /** + * Target iSCSI Qualified Name. + * + * @schema JenkinsSpecMasterVolumesIscsi#iqn + */ + readonly iqn: string; + + /** + * iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + * + * @default default' (tcp). + * @schema JenkinsSpecMasterVolumesIscsi#iscsiInterface + */ + readonly iscsiInterface?: string; + + /** + * iSCSI Target Lun number. + * + * @schema JenkinsSpecMasterVolumesIscsi#lun + */ + readonly lun: number; + + /** + * iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + * + * @schema JenkinsSpecMasterVolumesIscsi#portals + */ + readonly portals?: string[]; + + /** + * ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + * + * @default false. + * @schema JenkinsSpecMasterVolumesIscsi#readOnly + */ + readonly readOnly?: boolean; + + /** + * CHAP Secret for iSCSI target and initiator authentication + * + * @schema JenkinsSpecMasterVolumesIscsi#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesIscsiSecretRef; + + /** + * iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + * + * @schema JenkinsSpecMasterVolumesIscsi#targetPortal + */ + readonly targetPortal: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesIscsi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesIscsi(obj: JenkinsSpecMasterVolumesIscsi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'chapAuthDiscovery': obj.chapAuthDiscovery, + 'chapAuthSession': obj.chapAuthSession, + 'fsType': obj.fsType, + 'initiatorName': obj.initiatorName, + 'iqn': obj.iqn, + 'iscsiInterface': obj.iscsiInterface, + 'lun': obj.lun, + 'portals': obj.portals?.map(y => y), + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesIscsiSecretRef(obj.secretRef), + 'targetPortal': obj.targetPortal, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * + * @schema JenkinsSpecMasterVolumesNfs + */ +export interface JenkinsSpecMasterVolumesNfs { + /** + * Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * + * @schema JenkinsSpecMasterVolumesNfs#path + */ + readonly path: string; + + /** + * ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * + * @default false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * @schema JenkinsSpecMasterVolumesNfs#readOnly + */ + readonly readOnly?: boolean; + + /** + * Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + * + * @schema JenkinsSpecMasterVolumesNfs#server + */ + readonly server: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesNfs' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesNfs(obj: JenkinsSpecMasterVolumesNfs | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'path': obj.path, + 'readOnly': obj.readOnly, + 'server': obj.server, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + * + * @schema JenkinsSpecMasterVolumesPersistentVolumeClaim + */ +export interface JenkinsSpecMasterVolumesPersistentVolumeClaim { + /** + * ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + * + * @schema JenkinsSpecMasterVolumesPersistentVolumeClaim#claimName + */ + readonly claimName: string; + + /** + * Will force the ReadOnly setting in VolumeMounts. Default false. + * + * @schema JenkinsSpecMasterVolumesPersistentVolumeClaim#readOnly + */ + readonly readOnly?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesPersistentVolumeClaim' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesPersistentVolumeClaim(obj: JenkinsSpecMasterVolumesPersistentVolumeClaim | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'claimName': obj.claimName, + 'readOnly': obj.readOnly, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumesPhotonPersistentDisk + */ +export interface JenkinsSpecMasterVolumesPhotonPersistentDisk { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + * + * @schema JenkinsSpecMasterVolumesPhotonPersistentDisk#fsType + */ + readonly fsType?: string; + + /** + * ID that identifies Photon Controller persistent disk + * + * @schema JenkinsSpecMasterVolumesPhotonPersistentDisk#pdID + */ + readonly pdId: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesPhotonPersistentDisk' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesPhotonPersistentDisk(obj: JenkinsSpecMasterVolumesPhotonPersistentDisk | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'pdID': obj.pdId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumesPortworxVolume + */ +export interface JenkinsSpecMasterVolumesPortworxVolume { + /** + * FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + * + * @schema JenkinsSpecMasterVolumesPortworxVolume#fsType + */ + readonly fsType?: string; + + /** + * Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesPortworxVolume#readOnly + */ + readonly readOnly?: boolean; + + /** + * VolumeID uniquely identifies a Portworx volume + * + * @schema JenkinsSpecMasterVolumesPortworxVolume#volumeID + */ + readonly volumeId: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesPortworxVolume' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesPortworxVolume(obj: JenkinsSpecMasterVolumesPortworxVolume | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'volumeID': obj.volumeId, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Items for all in one resources secrets, configmaps, and downward API + * + * @schema JenkinsSpecMasterVolumesProjected + */ +export interface JenkinsSpecMasterVolumesProjected { + /** + * Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesProjected#defaultMode + */ + readonly defaultMode?: number; + + /** + * list of volume projections + * + * @schema JenkinsSpecMasterVolumesProjected#sources + */ + readonly sources: JenkinsSpecMasterVolumesProjectedSources[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjected' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjected(obj: JenkinsSpecMasterVolumesProjected | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'defaultMode': obj.defaultMode, + 'sources': obj.sources?.map(y => toJson_JenkinsSpecMasterVolumesProjectedSources(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + * + * @schema JenkinsSpecMasterVolumesQuobyte + */ +export interface JenkinsSpecMasterVolumesQuobyte { + /** + * Group to map volume access to Default is no group + * + * @default no group + * @schema JenkinsSpecMasterVolumesQuobyte#group + */ + readonly group?: string; + + /** + * ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + * + * @default false. + * @schema JenkinsSpecMasterVolumesQuobyte#readOnly + */ + readonly readOnly?: boolean; + + /** + * Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + * + * @schema JenkinsSpecMasterVolumesQuobyte#registry + */ + readonly registry: string; + + /** + * Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + * + * @schema JenkinsSpecMasterVolumesQuobyte#tenant + */ + readonly tenant?: string; + + /** + * User to map volume access to Defaults to serivceaccount user + * + * @default serivceaccount user + * @schema JenkinsSpecMasterVolumesQuobyte#user + */ + readonly user?: string; + + /** + * Volume is a string that references an already created Quobyte volume by name. + * + * @schema JenkinsSpecMasterVolumesQuobyte#volume + */ + readonly volume: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesQuobyte' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesQuobyte(obj: JenkinsSpecMasterVolumesQuobyte | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'group': obj.group, + 'readOnly': obj.readOnly, + 'registry': obj.registry, + 'tenant': obj.tenant, + 'user': obj.user, + 'volume': obj.volume, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md + * + * @schema JenkinsSpecMasterVolumesRbd + */ +export interface JenkinsSpecMasterVolumesRbd { + /** + * Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine + * + * @schema JenkinsSpecMasterVolumesRbd#fsType + */ + readonly fsType?: string; + + /** + * The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesRbd#image + */ + readonly image: string; + + /** + * Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbd#keyring + */ + readonly keyring?: string; + + /** + * A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesRbd#monitors + */ + readonly monitors: string[]; + + /** + * The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbd#pool + */ + readonly pool?: string; + + /** + * ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbd#readOnly + */ + readonly readOnly?: boolean; + + /** + * SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbd#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesRbdSecretRef; + + /** + * The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbd#user + */ + readonly user?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesRbd' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesRbd(obj: JenkinsSpecMasterVolumesRbd | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'image': obj.image, + 'keyring': obj.keyring, + 'monitors': obj.monitors?.map(y => y), + 'pool': obj.pool, + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesRbdSecretRef(obj.secretRef), + 'user': obj.user, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + * + * @schema JenkinsSpecMasterVolumesScaleIo + */ +export interface JenkinsSpecMasterVolumesScaleIo { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + * + * @default xfs". + * @schema JenkinsSpecMasterVolumesScaleIo#fsType + */ + readonly fsType?: string; + + /** + * The host address of the ScaleIO API Gateway. + * + * @schema JenkinsSpecMasterVolumesScaleIo#gateway + */ + readonly gateway: string; + + /** + * The name of the ScaleIO Protection Domain for the configured storage. + * + * @schema JenkinsSpecMasterVolumesScaleIo#protectionDomain + */ + readonly protectionDomain?: string; + + /** + * Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesScaleIo#readOnly + */ + readonly readOnly?: boolean; + + /** + * SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + * + * @schema JenkinsSpecMasterVolumesScaleIo#secretRef + */ + readonly secretRef: JenkinsSpecMasterVolumesScaleIoSecretRef; + + /** + * Flag to enable/disable SSL communication with Gateway, default false + * + * @schema JenkinsSpecMasterVolumesScaleIo#sslEnabled + */ + readonly sslEnabled?: boolean; + + /** + * Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + * + * @default ThinProvisioned. + * @schema JenkinsSpecMasterVolumesScaleIo#storageMode + */ + readonly storageMode?: string; + + /** + * The ScaleIO Storage Pool associated with the protection domain. + * + * @schema JenkinsSpecMasterVolumesScaleIo#storagePool + */ + readonly storagePool?: string; + + /** + * The name of the storage system as configured in ScaleIO. + * + * @schema JenkinsSpecMasterVolumesScaleIo#system + */ + readonly system: string; + + /** + * The name of a volume already created in the ScaleIO system that is associated with this volume source. + * + * @schema JenkinsSpecMasterVolumesScaleIo#volumeName + */ + readonly volumeName?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesScaleIo' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesScaleIo(obj: JenkinsSpecMasterVolumesScaleIo | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'gateway': obj.gateway, + 'protectionDomain': obj.protectionDomain, + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesScaleIoSecretRef(obj.secretRef), + 'sslEnabled': obj.sslEnabled, + 'storageMode': obj.storageMode, + 'storagePool': obj.storagePool, + 'system': obj.system, + 'volumeName': obj.volumeName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + * + * @schema JenkinsSpecMasterVolumesSecret + */ +export interface JenkinsSpecMasterVolumesSecret { + /** + * Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * @schema JenkinsSpecMasterVolumesSecret#defaultMode + */ + readonly defaultMode?: number; + + /** + * If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + * + * @schema JenkinsSpecMasterVolumesSecret#items + */ + readonly items?: JenkinsSpecMasterVolumesSecretItems[]; + + /** + * Specify whether the Secret or its keys must be defined + * + * @schema JenkinsSpecMasterVolumesSecret#optional + */ + readonly optional?: boolean; + + /** + * Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + * + * @schema JenkinsSpecMasterVolumesSecret#secretName + */ + readonly secretName?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesSecret(obj: JenkinsSpecMasterVolumesSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesSecretItems(y)), + 'optional': obj.optional, + 'secretName': obj.secretName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + * + * @schema JenkinsSpecMasterVolumesStorageos + */ +export interface JenkinsSpecMasterVolumesStorageos { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + * + * @schema JenkinsSpecMasterVolumesStorageos#fsType + */ + readonly fsType?: string; + + /** + * Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * + * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + * @schema JenkinsSpecMasterVolumesStorageos#readOnly + */ + readonly readOnly?: boolean; + + /** + * SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + * + * @schema JenkinsSpecMasterVolumesStorageos#secretRef + */ + readonly secretRef?: JenkinsSpecMasterVolumesStorageosSecretRef; + + /** + * VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + * + * @schema JenkinsSpecMasterVolumesStorageos#volumeName + */ + readonly volumeName?: string; + + /** + * VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + * + * @schema JenkinsSpecMasterVolumesStorageos#volumeNamespace + */ + readonly volumeNamespace?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesStorageos' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesStorageos(obj: JenkinsSpecMasterVolumesStorageos | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_JenkinsSpecMasterVolumesStorageosSecretRef(obj.secretRef), + 'volumeName': obj.volumeName, + 'volumeNamespace': obj.volumeNamespace, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + * + * @schema JenkinsSpecMasterVolumesVsphereVolume + */ +export interface JenkinsSpecMasterVolumesVsphereVolume { + /** + * Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + * + * @schema JenkinsSpecMasterVolumesVsphereVolume#fsType + */ + readonly fsType?: string; + + /** + * Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + * + * @schema JenkinsSpecMasterVolumesVsphereVolume#storagePolicyID + */ + readonly storagePolicyId?: string; + + /** + * Storage Policy Based Management (SPBM) profile name. + * + * @schema JenkinsSpecMasterVolumesVsphereVolume#storagePolicyName + */ + readonly storagePolicyName?: string; + + /** + * Path that identifies vSphere volume vmdk + * + * @schema JenkinsSpecMasterVolumesVsphereVolume#volumePath + */ + readonly volumePath: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesVsphereVolume' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesVsphereVolume(obj: JenkinsSpecMasterVolumesVsphereVolume | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fsType': obj.fsType, + 'storagePolicyID': obj.storagePolicyId, + 'storagePolicyName': obj.storagePolicyName, + 'volumePath': obj.volumePath, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsMailgunApiKeySecretKeySelector + */ +export interface JenkinsSpecNotificationsMailgunApiKeySecretKeySelector { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecNotificationsMailgunApiKeySecretKeySelector#key + */ + readonly key: string; + + /** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsMailgunApiKeySecretKeySelector#secret + */ + readonly secret: JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsMailgunApiKeySecretKeySelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsMailgunApiKeySecretKeySelector(obj: JenkinsSpecNotificationsMailgunApiKeySecretKeySelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'secret': toJson_JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The web hook URL to Slack App + * + * @schema JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector + */ +export interface JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector#key + */ + readonly key: string; + + /** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector#secret + */ + readonly secret: JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector(obj: JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'secret': toJson_JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsSmtpPasswordSecretKeySelector + */ +export interface JenkinsSpecNotificationsSmtpPasswordSecretKeySelector { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecNotificationsSmtpPasswordSecretKeySelector#key + */ + readonly key: string; + + /** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSmtpPasswordSecretKeySelector#secret + */ + readonly secret: JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSmtpPasswordSecretKeySelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSmtpPasswordSecretKeySelector(obj: JenkinsSpecNotificationsSmtpPasswordSecretKeySelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'secret': toJson_JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretKeySelector selects a key of a Secret. + * + * @schema JenkinsSpecNotificationsSmtpUsernameSecretKeySelector + */ +export interface JenkinsSpecNotificationsSmtpUsernameSecretKeySelector { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecNotificationsSmtpUsernameSecretKeySelector#key + */ + readonly key: string; + + /** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSmtpUsernameSecretKeySelector#secret + */ + readonly secret: JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSmtpUsernameSecretKeySelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSmtpUsernameSecretKeySelector(obj: JenkinsSpecNotificationsSmtpUsernameSecretKeySelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'secret': toJson_JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The web hook URL to MicrosoftTeams App + * + * @schema JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector + */ +export interface JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector#key + */ + readonly key: string; + + /** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector#secret + */ + readonly secret: JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector(obj: JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelector | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'secret': toJson_JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret(obj.secret), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Exec specifies the action to take. + * + * @schema JenkinsSpecRestoreActionExec + */ +export interface JenkinsSpecRestoreActionExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecRestoreActionExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecRestoreActionExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecRestoreActionExec(obj: JenkinsSpecRestoreActionExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Source for the environment variable's value. Cannot be used if value is not empty. + * + * @schema JenkinsSpecMasterContainersEnvValueFrom + */ +export interface JenkinsSpecMasterContainersEnvValueFrom { + /** + * Selects a key of a ConfigMap. + * + * @schema JenkinsSpecMasterContainersEnvValueFrom#configMapKeyRef + */ + readonly configMapKeyRef?: JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef; + + /** + * Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP. + * + * @schema JenkinsSpecMasterContainersEnvValueFrom#fieldRef + */ + readonly fieldRef?: JenkinsSpecMasterContainersEnvValueFromFieldRef; + + /** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + * + * @schema JenkinsSpecMasterContainersEnvValueFrom#resourceFieldRef + */ + readonly resourceFieldRef?: JenkinsSpecMasterContainersEnvValueFromResourceFieldRef; + + /** + * Selects a key of a secret in the pod's namespace + * + * @schema JenkinsSpecMasterContainersEnvValueFrom#secretKeyRef + */ + readonly secretKeyRef?: JenkinsSpecMasterContainersEnvValueFromSecretKeyRef; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvValueFrom' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvValueFrom(obj: JenkinsSpecMasterContainersEnvValueFrom | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'configMapKeyRef': toJson_JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef(obj.configMapKeyRef), + 'fieldRef': toJson_JenkinsSpecMasterContainersEnvValueFromFieldRef(obj.fieldRef), + 'resourceFieldRef': toJson_JenkinsSpecMasterContainersEnvValueFromResourceFieldRef(obj.resourceFieldRef), + 'secretKeyRef': toJson_JenkinsSpecMasterContainersEnvValueFromSecretKeyRef(obj.secretKeyRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The ConfigMap to select from + * + * @schema JenkinsSpecMasterContainersEnvFromConfigMapRef + */ +export interface JenkinsSpecMasterContainersEnvFromConfigMapRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterContainersEnvFromConfigMapRef#name + */ + readonly name?: string; + + /** + * Specify whether the ConfigMap must be defined + * + * @schema JenkinsSpecMasterContainersEnvFromConfigMapRef#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvFromConfigMapRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvFromConfigMapRef(obj: JenkinsSpecMasterContainersEnvFromConfigMapRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Secret to select from + * + * @schema JenkinsSpecMasterContainersEnvFromSecretRef + */ +export interface JenkinsSpecMasterContainersEnvFromSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterContainersEnvFromSecretRef#name + */ + readonly name?: string; + + /** + * Specify whether the Secret must be defined + * + * @schema JenkinsSpecMasterContainersEnvFromSecretRef#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvFromSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvFromSecretRef(obj: JenkinsSpecMasterContainersEnvFromSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + * + * @schema JenkinsSpecMasterContainersLifecyclePostStart + */ +export interface JenkinsSpecMasterContainersLifecyclePostStart { + /** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStart#exec + */ + readonly exec?: JenkinsSpecMasterContainersLifecyclePostStartExec; + + /** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStart#httpGet + */ + readonly httpGet?: JenkinsSpecMasterContainersLifecyclePostStartHttpGet; + + /** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLifecyclePostStart#tcpSocket + */ + readonly tcpSocket?: JenkinsSpecMasterContainersLifecyclePostStartTcpSocket; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePostStart' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePostStart(obj: JenkinsSpecMasterContainersLifecyclePostStart | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecMasterContainersLifecyclePostStartExec(obj.exec), + 'httpGet': toJson_JenkinsSpecMasterContainersLifecyclePostStartHttpGet(obj.httpGet), + 'tcpSocket': toJson_JenkinsSpecMasterContainersLifecyclePostStartTcpSocket(obj.tcpSocket), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + * + * @schema JenkinsSpecMasterContainersLifecyclePreStop + */ +export interface JenkinsSpecMasterContainersLifecyclePreStop { + /** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStop#exec + */ + readonly exec?: JenkinsSpecMasterContainersLifecyclePreStopExec; + + /** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStop#httpGet + */ + readonly httpGet?: JenkinsSpecMasterContainersLifecyclePreStopHttpGet; + + /** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLifecyclePreStop#tcpSocket + */ + readonly tcpSocket?: JenkinsSpecMasterContainersLifecyclePreStopTcpSocket; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePreStop' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePreStop(obj: JenkinsSpecMasterContainersLifecyclePreStop | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'exec': toJson_JenkinsSpecMasterContainersLifecyclePreStopExec(obj.exec), + 'httpGet': toJson_JenkinsSpecMasterContainersLifecyclePreStopHttpGet(obj.httpGet), + 'tcpSocket': toJson_JenkinsSpecMasterContainersLifecyclePreStopTcpSocket(obj.tcpSocket), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLivenessProbeExec + */ +export interface JenkinsSpecMasterContainersLivenessProbeExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecMasterContainersLivenessProbeExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLivenessProbeExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLivenessProbeExec(obj: JenkinsSpecMasterContainersLivenessProbeExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet + */ +export interface JenkinsSpecMasterContainersLivenessProbeHttpGet { + /** + * Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet#host + */ + readonly host?: string; + + /** + * Custom headers to set in the request. HTTP allows repeated headers. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet#httpHeaders + */ + readonly httpHeaders?: JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders[]; + + /** + * Path to access on the HTTP server. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet#path + */ + readonly path?: string; + + /** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet#port + */ + readonly port: JenkinsSpecMasterContainersLivenessProbeHttpGetPort; + + /** + * Scheme to use for connecting to the host. Defaults to HTTP. + * + * @default HTTP. + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGet#scheme + */ + readonly scheme?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLivenessProbeHttpGet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLivenessProbeHttpGet(obj: JenkinsSpecMasterContainersLivenessProbeHttpGet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'httpHeaders': obj.httpHeaders?.map(y => toJson_JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders(y)), + 'path': obj.path, + 'port': obj.port?.value, + 'scheme': obj.scheme, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLivenessProbeTcpSocket + */ +export interface JenkinsSpecMasterContainersLivenessProbeTcpSocket { + /** + * Optional: Host name to connect to, defaults to the pod IP. + * + * @schema JenkinsSpecMasterContainersLivenessProbeTcpSocket#host + */ + readonly host?: string; + + /** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLivenessProbeTcpSocket#port + */ + readonly port: JenkinsSpecMasterContainersLivenessProbeTcpSocketPort; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLivenessProbeTcpSocket' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLivenessProbeTcpSocket(obj: JenkinsSpecMasterContainersLivenessProbeTcpSocket | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'port': obj.port?.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersReadinessProbeExec + */ +export interface JenkinsSpecMasterContainersReadinessProbeExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecMasterContainersReadinessProbeExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersReadinessProbeExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersReadinessProbeExec(obj: JenkinsSpecMasterContainersReadinessProbeExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet + */ +export interface JenkinsSpecMasterContainersReadinessProbeHttpGet { + /** + * Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet#host + */ + readonly host?: string; + + /** + * Custom headers to set in the request. HTTP allows repeated headers. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet#httpHeaders + */ + readonly httpHeaders?: JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders[]; + + /** + * Path to access on the HTTP server. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet#path + */ + readonly path?: string; + + /** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet#port + */ + readonly port: JenkinsSpecMasterContainersReadinessProbeHttpGetPort; + + /** + * Scheme to use for connecting to the host. Defaults to HTTP. + * + * @default HTTP. + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGet#scheme + */ + readonly scheme?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersReadinessProbeHttpGet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersReadinessProbeHttpGet(obj: JenkinsSpecMasterContainersReadinessProbeHttpGet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'httpHeaders': obj.httpHeaders?.map(y => toJson_JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders(y)), + 'path': obj.path, + 'port': obj.port?.value, + 'scheme': obj.scheme, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersReadinessProbeTcpSocket + */ +export interface JenkinsSpecMasterContainersReadinessProbeTcpSocket { + /** + * Optional: Host name to connect to, defaults to the pod IP. + * + * @schema JenkinsSpecMasterContainersReadinessProbeTcpSocket#host + */ + readonly host?: string; + + /** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersReadinessProbeTcpSocket#port + */ + readonly port: JenkinsSpecMasterContainersReadinessProbeTcpSocketPort; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersReadinessProbeTcpSocket' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersReadinessProbeTcpSocket(obj: JenkinsSpecMasterContainersReadinessProbeTcpSocket | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'port': obj.port?.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + * + * @default the default set of capabilities granted by the container runtime. + * @schema JenkinsSpecMasterContainersSecurityContextCapabilities + */ +export interface JenkinsSpecMasterContainersSecurityContextCapabilities { + /** + * Added capabilities + * + * @schema JenkinsSpecMasterContainersSecurityContextCapabilities#add + */ + readonly add?: string[]; + + /** + * Removed capabilities + * + * @schema JenkinsSpecMasterContainersSecurityContextCapabilities#drop + */ + readonly drop?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersSecurityContextCapabilities' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersSecurityContextCapabilities(obj: JenkinsSpecMasterContainersSecurityContextCapabilities | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'add': obj.add?.map(y => y), + 'drop': obj.drop?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContextSeLinuxOptions + */ +export interface JenkinsSpecMasterContainersSecurityContextSeLinuxOptions { + /** + * Level is SELinux level label that applies to the container. + * + * @schema JenkinsSpecMasterContainersSecurityContextSeLinuxOptions#level + */ + readonly level?: string; + + /** + * Role is a SELinux role label that applies to the container. + * + * @schema JenkinsSpecMasterContainersSecurityContextSeLinuxOptions#role + */ + readonly role?: string; + + /** + * Type is a SELinux type label that applies to the container. + * + * @schema JenkinsSpecMasterContainersSecurityContextSeLinuxOptions#type + */ + readonly type?: string; + + /** + * User is a SELinux user label that applies to the container. + * + * @schema JenkinsSpecMasterContainersSecurityContextSeLinuxOptions#user + */ + readonly user?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersSecurityContextSeLinuxOptions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersSecurityContextSeLinuxOptions(obj: JenkinsSpecMasterContainersSecurityContextSeLinuxOptions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'level': obj.level, + 'role': obj.role, + 'type': obj.type, + 'user': obj.user, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + * + * @schema JenkinsSpecMasterContainersSecurityContextWindowsOptions + */ +export interface JenkinsSpecMasterContainersSecurityContextWindowsOptions { + /** + * GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. + * + * @schema JenkinsSpecMasterContainersSecurityContextWindowsOptions#gmsaCredentialSpec + */ + readonly gmsaCredentialSpec?: string; + + /** + * GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag. + * + * @schema JenkinsSpecMasterContainersSecurityContextWindowsOptions#gmsaCredentialSpecName + */ + readonly gmsaCredentialSpecName?: string; + + /** + * The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + * + * @default the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag. + * @schema JenkinsSpecMasterContainersSecurityContextWindowsOptions#runAsUserName + */ + readonly runAsUserName?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersSecurityContextWindowsOptions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersSecurityContextWindowsOptions(obj: JenkinsSpecMasterContainersSecurityContextWindowsOptions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'gmsaCredentialSpec': obj.gmsaCredentialSpec, + 'gmsaCredentialSpecName': obj.gmsaCredentialSpecName, + 'runAsUserName': obj.runAsUserName, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + * + * @schema JenkinsSpecMasterVolumesCephfsSecretRef + */ +export interface JenkinsSpecMasterVolumesCephfsSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesCephfsSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCephfsSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCephfsSecretRef(obj: JenkinsSpecMasterVolumesCephfsSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional: points to a secret object containing parameters used to connect to OpenStack. + * + * @schema JenkinsSpecMasterVolumesCinderSecretRef + */ +export interface JenkinsSpecMasterVolumesCinderSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesCinderSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCinderSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCinderSecretRef(obj: JenkinsSpecMasterVolumesCinderSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Maps a string key to a path within a volume. + * + * @schema JenkinsSpecMasterVolumesConfigMapItems + */ +export interface JenkinsSpecMasterVolumesConfigMapItems { + /** + * The key to project. + * + * @schema JenkinsSpecMasterVolumesConfigMapItems#key + */ + readonly key: string; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesConfigMapItems#mode + */ + readonly mode?: number; + + /** + * The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + * + * @schema JenkinsSpecMasterVolumesConfigMapItems#path + */ + readonly path: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesConfigMapItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesConfigMapItems(obj: JenkinsSpecMasterVolumesConfigMapItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'mode': obj.mode, + 'path': obj.path, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + * + * @schema JenkinsSpecMasterVolumesCsiNodePublishSecretRef + */ +export interface JenkinsSpecMasterVolumesCsiNodePublishSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesCsiNodePublishSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesCsiNodePublishSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesCsiNodePublishSecretRef(obj: JenkinsSpecMasterVolumesCsiNodePublishSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * DownwardAPIVolumeFile represents information to create the file containing the pod field + * + * @schema JenkinsSpecMasterVolumesDownwardApiItems + */ +export interface JenkinsSpecMasterVolumesDownwardApiItems { + /** + * Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItems#fieldRef + */ + readonly fieldRef?: JenkinsSpecMasterVolumesDownwardApiItemsFieldRef; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItems#mode + */ + readonly mode?: number; + + /** + * Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + * + * @schema JenkinsSpecMasterVolumesDownwardApiItems#path + */ + readonly path: string; + + /** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItems#resourceFieldRef + */ + readonly resourceFieldRef?: JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesDownwardApiItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesDownwardApiItems(obj: JenkinsSpecMasterVolumesDownwardApiItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fieldRef': toJson_JenkinsSpecMasterVolumesDownwardApiItemsFieldRef(obj.fieldRef), + 'mode': obj.mode, + 'path': obj.path, + 'resourceFieldRef': toJson_JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef(obj.resourceFieldRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. + * + * @schema JenkinsSpecMasterVolumesFlexVolumeSecretRef + */ +export interface JenkinsSpecMasterVolumesFlexVolumeSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesFlexVolumeSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesFlexVolumeSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesFlexVolumeSecretRef(obj: JenkinsSpecMasterVolumesFlexVolumeSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * CHAP Secret for iSCSI target and initiator authentication + * + * @schema JenkinsSpecMasterVolumesIscsiSecretRef + */ +export interface JenkinsSpecMasterVolumesIscsiSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesIscsiSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesIscsiSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesIscsiSecretRef(obj: JenkinsSpecMasterVolumesIscsiSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Projection that may be projected along with other supported volume types + * + * @schema JenkinsSpecMasterVolumesProjectedSources + */ +export interface JenkinsSpecMasterVolumesProjectedSources { + /** + * information about the configMap data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSources#configMap + */ + readonly configMap?: JenkinsSpecMasterVolumesProjectedSourcesConfigMap; + + /** + * information about the downwardAPI data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSources#downwardAPI + */ + readonly downwardApi?: JenkinsSpecMasterVolumesProjectedSourcesDownwardApi; + + /** + * information about the secret data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSources#secret + */ + readonly secret?: JenkinsSpecMasterVolumesProjectedSourcesSecret; + + /** + * information about the serviceAccountToken data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSources#serviceAccountToken + */ + readonly serviceAccountToken?: JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSources' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSources(obj: JenkinsSpecMasterVolumesProjectedSources | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'configMap': toJson_JenkinsSpecMasterVolumesProjectedSourcesConfigMap(obj.configMap), + 'downwardAPI': toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApi(obj.downwardApi), + 'secret': toJson_JenkinsSpecMasterVolumesProjectedSourcesSecret(obj.secret), + 'serviceAccountToken': toJson_JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken(obj.serviceAccountToken), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * + * @default nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + * @schema JenkinsSpecMasterVolumesRbdSecretRef + */ +export interface JenkinsSpecMasterVolumesRbdSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesRbdSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesRbdSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesRbdSecretRef(obj: JenkinsSpecMasterVolumesRbdSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + * + * @schema JenkinsSpecMasterVolumesScaleIoSecretRef + */ +export interface JenkinsSpecMasterVolumesScaleIoSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesScaleIoSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesScaleIoSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesScaleIoSecretRef(obj: JenkinsSpecMasterVolumesScaleIoSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Maps a string key to a path within a volume. + * + * @schema JenkinsSpecMasterVolumesSecretItems + */ +export interface JenkinsSpecMasterVolumesSecretItems { + /** + * The key to project. + * + * @schema JenkinsSpecMasterVolumesSecretItems#key + */ + readonly key: string; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesSecretItems#mode + */ + readonly mode?: number; + + /** + * The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + * + * @schema JenkinsSpecMasterVolumesSecretItems#path + */ + readonly path: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesSecretItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesSecretItems(obj: JenkinsSpecMasterVolumesSecretItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'mode': obj.mode, + 'path': obj.path, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + * + * @schema JenkinsSpecMasterVolumesStorageosSecretRef + */ +export interface JenkinsSpecMasterVolumesStorageosSecretRef { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesStorageosSecretRef#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesStorageosSecretRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesStorageosSecretRef(obj: JenkinsSpecMasterVolumesStorageosSecretRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret + */ +export interface JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret(obj: JenkinsSpecNotificationsMailgunApiKeySecretKeySelectorSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret + */ +export interface JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret(obj: JenkinsSpecNotificationsSlackWebHookUrlSecretKeySelectorSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret + */ +export interface JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret(obj: JenkinsSpecNotificationsSmtpPasswordSecretKeySelectorSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret + */ +export interface JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret(obj: JenkinsSpecNotificationsSmtpUsernameSecretKeySelectorSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * The name of the secret in the pod's namespace to select from. + * + * @schema JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret + */ +export interface JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret { + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret#name + */ + readonly name?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret(obj: JenkinsSpecNotificationsTeamsWebHookUrlSecretKeySelectorSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a key of a ConfigMap. + * + * @schema JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef + */ +export interface JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef { + /** + * The key to select. + * + * @schema JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef#key + */ + readonly key: string; + + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef#name + */ + readonly name?: string; + + /** + * Specify whether the ConfigMap or its key must be defined + * + * @schema JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef(obj: JenkinsSpecMasterContainersEnvValueFromConfigMapKeyRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP. + * + * @schema JenkinsSpecMasterContainersEnvValueFromFieldRef + */ +export interface JenkinsSpecMasterContainersEnvValueFromFieldRef { + /** + * Version of the schema the FieldPath is written in terms of, defaults to "v1". + * + * @schema JenkinsSpecMasterContainersEnvValueFromFieldRef#apiVersion + */ + readonly apiVersion?: string; + + /** + * Path of the field to select in the specified API version. + * + * @schema JenkinsSpecMasterContainersEnvValueFromFieldRef#fieldPath + */ + readonly fieldPath: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvValueFromFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvValueFromFieldRef(obj: JenkinsSpecMasterContainersEnvValueFromFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiVersion': obj.apiVersion, + 'fieldPath': obj.fieldPath, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + * + * @schema JenkinsSpecMasterContainersEnvValueFromResourceFieldRef + */ +export interface JenkinsSpecMasterContainersEnvValueFromResourceFieldRef { + /** + * Container name: required for volumes, optional for env vars + * + * @schema JenkinsSpecMasterContainersEnvValueFromResourceFieldRef#containerName + */ + readonly containerName?: string; + + /** + * Specifies the output format of the exposed resources, defaults to "1" + * + * @schema JenkinsSpecMasterContainersEnvValueFromResourceFieldRef#divisor + */ + readonly divisor?: string; + + /** + * Required: resource to select + * + * @schema JenkinsSpecMasterContainersEnvValueFromResourceFieldRef#resource + */ + readonly resource: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvValueFromResourceFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvValueFromResourceFieldRef(obj: JenkinsSpecMasterContainersEnvValueFromResourceFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'containerName': obj.containerName, + 'divisor': obj.divisor, + 'resource': obj.resource, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a key of a secret in the pod's namespace + * + * @schema JenkinsSpecMasterContainersEnvValueFromSecretKeyRef + */ +export interface JenkinsSpecMasterContainersEnvValueFromSecretKeyRef { + /** + * The key of the secret to select from. Must be a valid secret key. + * + * @schema JenkinsSpecMasterContainersEnvValueFromSecretKeyRef#key + */ + readonly key: string; + + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterContainersEnvValueFromSecretKeyRef#name + */ + readonly name?: string; + + /** + * Specify whether the Secret or its key must be defined + * + * @schema JenkinsSpecMasterContainersEnvValueFromSecretKeyRef#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersEnvValueFromSecretKeyRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersEnvValueFromSecretKeyRef(obj: JenkinsSpecMasterContainersEnvValueFromSecretKeyRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartExec + */ +export interface JenkinsSpecMasterContainersLifecyclePostStartExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePostStartExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePostStartExec(obj: JenkinsSpecMasterContainersLifecyclePostStartExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet + */ +export interface JenkinsSpecMasterContainersLifecyclePostStartHttpGet { + /** + * Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet#host + */ + readonly host?: string; + + /** + * Custom headers to set in the request. HTTP allows repeated headers. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet#httpHeaders + */ + readonly httpHeaders?: JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders[]; + + /** + * Path to access on the HTTP server. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet#path + */ + readonly path?: string; + + /** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet#port + */ + readonly port: JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort; + + /** + * Scheme to use for connecting to the host. Defaults to HTTP. + * + * @default HTTP. + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGet#scheme + */ + readonly scheme?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePostStartHttpGet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePostStartHttpGet(obj: JenkinsSpecMasterContainersLifecyclePostStartHttpGet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'httpHeaders': obj.httpHeaders?.map(y => toJson_JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders(y)), + 'path': obj.path, + 'port': obj.port?.value, + 'scheme': obj.scheme, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartTcpSocket + */ +export interface JenkinsSpecMasterContainersLifecyclePostStartTcpSocket { + /** + * Optional: Host name to connect to, defaults to the pod IP. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartTcpSocket#host + */ + readonly host?: string; + + /** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartTcpSocket#port + */ + readonly port: JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePostStartTcpSocket' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePostStartTcpSocket(obj: JenkinsSpecMasterContainersLifecyclePostStartTcpSocket | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'port': obj.port?.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * One and only one of the following should be specified. Exec specifies the action to take. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopExec + */ +export interface JenkinsSpecMasterContainersLifecyclePreStopExec { + /** + * Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopExec#command + */ + readonly command?: string[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePreStopExec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePreStopExec(obj: JenkinsSpecMasterContainersLifecyclePreStopExec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'command': obj.command?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPGet specifies the http request to perform. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet + */ +export interface JenkinsSpecMasterContainersLifecyclePreStopHttpGet { + /** + * Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet#host + */ + readonly host?: string; + + /** + * Custom headers to set in the request. HTTP allows repeated headers. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet#httpHeaders + */ + readonly httpHeaders?: JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders[]; + + /** + * Path to access on the HTTP server. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet#path + */ + readonly path?: string; + + /** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet#port + */ + readonly port: JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort; + + /** + * Scheme to use for connecting to the host. Defaults to HTTP. + * + * @default HTTP. + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGet#scheme + */ + readonly scheme?: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePreStopHttpGet' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePreStopHttpGet(obj: JenkinsSpecMasterContainersLifecyclePreStopHttpGet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'httpHeaders': obj.httpHeaders?.map(y => toJson_JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders(y)), + 'path': obj.path, + 'port': obj.port?.value, + 'scheme': obj.scheme, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopTcpSocket + */ +export interface JenkinsSpecMasterContainersLifecyclePreStopTcpSocket { + /** + * Optional: Host name to connect to, defaults to the pod IP. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopTcpSocket#host + */ + readonly host?: string; + + /** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopTcpSocket#port + */ + readonly port: JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePreStopTcpSocket' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePreStopTcpSocket(obj: JenkinsSpecMasterContainersLifecyclePreStopTcpSocket | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'host': obj.host, + 'port': obj.port?.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader describes a custom header to be used in HTTP probes + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders + */ +export interface JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders { + /** + * The header field name + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders#name + */ + readonly name: string; + + /** + * The header field value + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders(obj: JenkinsSpecMasterContainersLivenessProbeHttpGetHttpHeaders | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLivenessProbeHttpGetPort + */ +export class JenkinsSpecMasterContainersLivenessProbeHttpGetPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLivenessProbeHttpGetPort { + return new JenkinsSpecMasterContainersLivenessProbeHttpGetPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLivenessProbeHttpGetPort { + return new JenkinsSpecMasterContainersLivenessProbeHttpGetPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLivenessProbeTcpSocketPort + */ +export class JenkinsSpecMasterContainersLivenessProbeTcpSocketPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLivenessProbeTcpSocketPort { + return new JenkinsSpecMasterContainersLivenessProbeTcpSocketPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLivenessProbeTcpSocketPort { + return new JenkinsSpecMasterContainersLivenessProbeTcpSocketPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * HTTPHeader describes a custom header to be used in HTTP probes + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders + */ +export interface JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders { + /** + * The header field name + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders#name + */ + readonly name: string; + + /** + * The header field value + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders(obj: JenkinsSpecMasterContainersReadinessProbeHttpGetHttpHeaders | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersReadinessProbeHttpGetPort + */ +export class JenkinsSpecMasterContainersReadinessProbeHttpGetPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersReadinessProbeHttpGetPort { + return new JenkinsSpecMasterContainersReadinessProbeHttpGetPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersReadinessProbeHttpGetPort { + return new JenkinsSpecMasterContainersReadinessProbeHttpGetPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersReadinessProbeTcpSocketPort + */ +export class JenkinsSpecMasterContainersReadinessProbeTcpSocketPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersReadinessProbeTcpSocketPort { + return new JenkinsSpecMasterContainersReadinessProbeTcpSocketPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersReadinessProbeTcpSocketPort { + return new JenkinsSpecMasterContainersReadinessProbeTcpSocketPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsFieldRef + */ +export interface JenkinsSpecMasterVolumesDownwardApiItemsFieldRef { + /** + * Version of the schema the FieldPath is written in terms of, defaults to "v1". + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsFieldRef#apiVersion + */ + readonly apiVersion?: string; + + /** + * Path of the field to select in the specified API version. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsFieldRef#fieldPath + */ + readonly fieldPath: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesDownwardApiItemsFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesDownwardApiItemsFieldRef(obj: JenkinsSpecMasterVolumesDownwardApiItemsFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiVersion': obj.apiVersion, + 'fieldPath': obj.fieldPath, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef + */ +export interface JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef { + /** + * Container name: required for volumes, optional for env vars + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef#containerName + */ + readonly containerName?: string; + + /** + * Specifies the output format of the exposed resources, defaults to "1" + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef#divisor + */ + readonly divisor?: string; + + /** + * Required: resource to select + * + * @schema JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef#resource + */ + readonly resource: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef(obj: JenkinsSpecMasterVolumesDownwardApiItemsResourceFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'containerName': obj.containerName, + 'divisor': obj.divisor, + 'resource': obj.resource, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * information about the configMap data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMap + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesConfigMap { + /** + * If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMap#items + */ + readonly items?: JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems[]; + + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMap#name + */ + readonly name?: string; + + /** + * Specify whether the ConfigMap or its keys must be defined + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMap#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesConfigMap' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesConfigMap(obj: JenkinsSpecMasterVolumesProjectedSourcesConfigMap | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems(y)), + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * information about the downwardAPI data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApi + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesDownwardApi { + /** + * Items is a list of DownwardAPIVolume file + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApi#items + */ + readonly items?: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems[]; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesDownwardApi' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApi(obj: JenkinsSpecMasterVolumesProjectedSourcesDownwardApi | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * information about the secret data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecret + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesSecret { + /** + * If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecret#items + */ + readonly items?: JenkinsSpecMasterVolumesProjectedSourcesSecretItems[]; + + /** + * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecret#name + */ + readonly name?: string; + + /** + * Specify whether the Secret or its key must be defined + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecret#optional + */ + readonly optional?: boolean; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesSecret' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesSecret(obj: JenkinsSpecMasterVolumesProjectedSourcesSecret | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'items': obj.items?.map(y => toJson_JenkinsSpecMasterVolumesProjectedSourcesSecretItems(y)), + 'name': obj.name, + 'optional': obj.optional, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * information about the serviceAccountToken data to project + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken { + /** + * Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken#audience + */ + readonly audience?: string; + + /** + * ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + * + * @default 1 hour and must be at least 10 minutes. + * @schema JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken#expirationSeconds + */ + readonly expirationSeconds?: number; + + /** + * Path is the path relative to the mount point of the file to project the token into. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken#path + */ + readonly path: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken(obj: JenkinsSpecMasterVolumesProjectedSourcesServiceAccountToken | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'audience': obj.audience, + 'expirationSeconds': obj.expirationSeconds, + 'path': obj.path, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * HTTPHeader describes a custom header to be used in HTTP probes + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders + */ +export interface JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders { + /** + * The header field name + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders#name + */ + readonly name: string; + + /** + * The header field value + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders(obj: JenkinsSpecMasterContainersLifecyclePostStartHttpGetHttpHeaders | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort + */ +export class JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort { + return new JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort { + return new JenkinsSpecMasterContainersLifecyclePostStartHttpGetPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort + */ +export class JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort { + return new JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort { + return new JenkinsSpecMasterContainersLifecyclePostStartTcpSocketPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * HTTPHeader describes a custom header to be used in HTTP probes + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders + */ +export interface JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders { + /** + * The header field name + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders#name + */ + readonly name: string; + + /** + * The header field value + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders#value + */ + readonly value: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders(obj: JenkinsSpecMasterContainersLifecyclePreStopHttpGetHttpHeaders | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'name': obj.name, + 'value': obj.value, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort + */ +export class JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort { + return new JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort { + return new JenkinsSpecMasterContainersLifecyclePreStopHttpGetPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + * + * @schema JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort + */ +export class JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort { + public static fromNumber(value: number): JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort { + return new JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort(value); + } + public static fromString(value: string): JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort { + return new JenkinsSpecMasterContainersLifecyclePreStopTcpSocketPort(value); + } + private constructor(public readonly value: any) { + } +} + +/** + * Maps a string key to a path within a volume. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems { + /** + * The key to project. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems#key + */ + readonly key: string; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems#mode + */ + readonly mode?: number; + + /** + * The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems#path + */ + readonly path: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems(obj: JenkinsSpecMasterVolumesProjectedSourcesConfigMapItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'mode': obj.mode, + 'path': obj.path, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * DownwardAPIVolumeFile represents information to create the file containing the pod field + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems { + /** + * Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems#fieldRef + */ + readonly fieldRef?: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems#mode + */ + readonly mode?: number; + + /** + * Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems#path + */ + readonly path: string; + + /** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems#resourceFieldRef + */ + readonly resourceFieldRef?: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems(obj: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'fieldRef': toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef(obj.fieldRef), + 'mode': obj.mode, + 'path': obj.path, + 'resourceFieldRef': toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef(obj.resourceFieldRef), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Maps a string key to a path within a volume. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecretItems + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesSecretItems { + /** + * The key to project. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecretItems#key + */ + readonly key: string; + + /** + * Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecretItems#mode + */ + readonly mode?: number; + + /** + * The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesSecretItems#path + */ + readonly path: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesSecretItems' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesSecretItems(obj: JenkinsSpecMasterVolumesProjectedSourcesSecretItems | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'mode': obj.mode, + 'path': obj.path, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef { + /** + * Version of the schema the FieldPath is written in terms of, defaults to "v1". + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef#apiVersion + */ + readonly apiVersion?: string; + + /** + * Path of the field to select in the specified API version. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef#fieldPath + */ + readonly fieldPath: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef(obj: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'apiVersion': obj.apiVersion, + 'fieldPath': obj.fieldPath, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef + */ +export interface JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef { + /** + * Container name: required for volumes, optional for env vars + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef#containerName + */ + readonly containerName?: string; + + /** + * Specifies the output format of the exposed resources, defaults to "1" + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef#divisor + */ + readonly divisor?: string; + + /** + * Required: resource to select + * + * @schema JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef#resource + */ + readonly resource: string; + +} + +/** + * Converts an object of type 'JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef(obj: JenkinsSpecMasterVolumesProjectedSourcesDownwardApiItemsResourceFieldRef | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'containerName': obj.containerName, + 'divisor': obj.divisor, + 'resource': obj.resource, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/src/generated/k8s.ts b/packages/k8s-generated/generated/k8s.ts similarity index 80% rename from packages/k8s-generated/src/generated/k8s.ts rename to packages/k8s-generated/generated/k8s.ts index f6f10dc..f292eef 100644 --- a/packages/k8s-generated/src/generated/k8s.ts +++ b/packages/k8s-generated/generated/k8s.ts @@ -1,6 +1,6 @@ // generated by cdk8s -import { ApiObject, GroupVersionKind } from 'cdk8s' -import { Construct } from 'constructs' +import { ApiObject, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; /** * MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. @@ -13,7 +13,7 @@ export class KubeMutatingWebhookConfiguration extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'admissionregistration.k8s.io/v1', - kind: 'MutatingWebhookConfiguration' + kind: 'MutatingWebhookConfiguration', } /** @@ -26,8 +26,8 @@ export class KubeMutatingWebhookConfiguration extends ApiObject { public static manifest(props: KubeMutatingWebhookConfigurationProps = {}): any { return { ...KubeMutatingWebhookConfiguration.GVK, - ...toJson_KubeMutatingWebhookConfigurationProps(props) - } + ...toJson_KubeMutatingWebhookConfigurationProps(props), + }; } /** @@ -39,20 +39,20 @@ export class KubeMutatingWebhookConfiguration extends ApiObject { public constructor(scope: Construct, id: string, props: KubeMutatingWebhookConfigurationProps = {}) { super(scope, id, { ...KubeMutatingWebhookConfiguration.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeMutatingWebhookConfiguration.GVK, - ...toJson_KubeMutatingWebhookConfigurationProps(resolved) - } + ...toJson_KubeMutatingWebhookConfigurationProps(resolved), + }; } } @@ -67,7 +67,7 @@ export class KubeMutatingWebhookConfigurationList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'admissionregistration.k8s.io/v1', - kind: 'MutatingWebhookConfigurationList' + kind: 'MutatingWebhookConfigurationList', } /** @@ -80,8 +80,8 @@ export class KubeMutatingWebhookConfigurationList extends ApiObject { public static manifest(props: KubeMutatingWebhookConfigurationListProps): any { return { ...KubeMutatingWebhookConfigurationList.GVK, - ...toJson_KubeMutatingWebhookConfigurationListProps(props) - } + ...toJson_KubeMutatingWebhookConfigurationListProps(props), + }; } /** @@ -93,20 +93,20 @@ export class KubeMutatingWebhookConfigurationList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeMutatingWebhookConfigurationListProps) { super(scope, id, { ...KubeMutatingWebhookConfigurationList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeMutatingWebhookConfigurationList.GVK, - ...toJson_KubeMutatingWebhookConfigurationListProps(resolved) - } + ...toJson_KubeMutatingWebhookConfigurationListProps(resolved), + }; } } @@ -121,7 +121,7 @@ export class KubeValidatingWebhookConfiguration extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'admissionregistration.k8s.io/v1', - kind: 'ValidatingWebhookConfiguration' + kind: 'ValidatingWebhookConfiguration', } /** @@ -134,8 +134,8 @@ export class KubeValidatingWebhookConfiguration extends ApiObject { public static manifest(props: KubeValidatingWebhookConfigurationProps = {}): any { return { ...KubeValidatingWebhookConfiguration.GVK, - ...toJson_KubeValidatingWebhookConfigurationProps(props) - } + ...toJson_KubeValidatingWebhookConfigurationProps(props), + }; } /** @@ -147,20 +147,20 @@ export class KubeValidatingWebhookConfiguration extends ApiObject { public constructor(scope: Construct, id: string, props: KubeValidatingWebhookConfigurationProps = {}) { super(scope, id, { ...KubeValidatingWebhookConfiguration.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeValidatingWebhookConfiguration.GVK, - ...toJson_KubeValidatingWebhookConfigurationProps(resolved) - } + ...toJson_KubeValidatingWebhookConfigurationProps(resolved), + }; } } @@ -175,7 +175,7 @@ export class KubeValidatingWebhookConfigurationList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'admissionregistration.k8s.io/v1', - kind: 'ValidatingWebhookConfigurationList' + kind: 'ValidatingWebhookConfigurationList', } /** @@ -188,8 +188,8 @@ export class KubeValidatingWebhookConfigurationList extends ApiObject { public static manifest(props: KubeValidatingWebhookConfigurationListProps): any { return { ...KubeValidatingWebhookConfigurationList.GVK, - ...toJson_KubeValidatingWebhookConfigurationListProps(props) - } + ...toJson_KubeValidatingWebhookConfigurationListProps(props), + }; } /** @@ -201,20 +201,20 @@ export class KubeValidatingWebhookConfigurationList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeValidatingWebhookConfigurationListProps) { super(scope, id, { ...KubeValidatingWebhookConfigurationList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeValidatingWebhookConfigurationList.GVK, - ...toJson_KubeValidatingWebhookConfigurationListProps(resolved) - } + ...toJson_KubeValidatingWebhookConfigurationListProps(resolved), + }; } } @@ -229,7 +229,7 @@ export class KubeStorageVersionV1Alpha1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'internal.apiserver.k8s.io/v1alpha1', - kind: 'StorageVersion' + kind: 'StorageVersion', } /** @@ -242,8 +242,8 @@ export class KubeStorageVersionV1Alpha1 extends ApiObject { public static manifest(props: KubeStorageVersionV1Alpha1Props): any { return { ...KubeStorageVersionV1Alpha1.GVK, - ...toJson_KubeStorageVersionV1Alpha1Props(props) - } + ...toJson_KubeStorageVersionV1Alpha1Props(props), + }; } /** @@ -255,20 +255,20 @@ export class KubeStorageVersionV1Alpha1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStorageVersionV1Alpha1Props) { super(scope, id, { ...KubeStorageVersionV1Alpha1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStorageVersionV1Alpha1.GVK, - ...toJson_KubeStorageVersionV1Alpha1Props(resolved) - } + ...toJson_KubeStorageVersionV1Alpha1Props(resolved), + }; } } @@ -283,7 +283,7 @@ export class KubeStorageVersionListV1Alpha1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'internal.apiserver.k8s.io/v1alpha1', - kind: 'StorageVersionList' + kind: 'StorageVersionList', } /** @@ -296,8 +296,8 @@ export class KubeStorageVersionListV1Alpha1 extends ApiObject { public static manifest(props: KubeStorageVersionListV1Alpha1Props): any { return { ...KubeStorageVersionListV1Alpha1.GVK, - ...toJson_KubeStorageVersionListV1Alpha1Props(props) - } + ...toJson_KubeStorageVersionListV1Alpha1Props(props), + }; } /** @@ -309,20 +309,20 @@ export class KubeStorageVersionListV1Alpha1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStorageVersionListV1Alpha1Props) { super(scope, id, { ...KubeStorageVersionListV1Alpha1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStorageVersionListV1Alpha1.GVK, - ...toJson_KubeStorageVersionListV1Alpha1Props(resolved) - } + ...toJson_KubeStorageVersionListV1Alpha1Props(resolved), + }; } } @@ -337,7 +337,7 @@ export class KubeControllerRevision extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'ControllerRevision' + kind: 'ControllerRevision', } /** @@ -350,8 +350,8 @@ export class KubeControllerRevision extends ApiObject { public static manifest(props: KubeControllerRevisionProps): any { return { ...KubeControllerRevision.GVK, - ...toJson_KubeControllerRevisionProps(props) - } + ...toJson_KubeControllerRevisionProps(props), + }; } /** @@ -363,20 +363,20 @@ export class KubeControllerRevision extends ApiObject { public constructor(scope: Construct, id: string, props: KubeControllerRevisionProps) { super(scope, id, { ...KubeControllerRevision.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeControllerRevision.GVK, - ...toJson_KubeControllerRevisionProps(resolved) - } + ...toJson_KubeControllerRevisionProps(resolved), + }; } } @@ -391,7 +391,7 @@ export class KubeControllerRevisionList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'ControllerRevisionList' + kind: 'ControllerRevisionList', } /** @@ -404,8 +404,8 @@ export class KubeControllerRevisionList extends ApiObject { public static manifest(props: KubeControllerRevisionListProps): any { return { ...KubeControllerRevisionList.GVK, - ...toJson_KubeControllerRevisionListProps(props) - } + ...toJson_KubeControllerRevisionListProps(props), + }; } /** @@ -417,20 +417,20 @@ export class KubeControllerRevisionList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeControllerRevisionListProps) { super(scope, id, { ...KubeControllerRevisionList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeControllerRevisionList.GVK, - ...toJson_KubeControllerRevisionListProps(resolved) - } + ...toJson_KubeControllerRevisionListProps(resolved), + }; } } @@ -445,7 +445,7 @@ export class KubeDaemonSet extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'DaemonSet' + kind: 'DaemonSet', } /** @@ -458,8 +458,8 @@ export class KubeDaemonSet extends ApiObject { public static manifest(props: KubeDaemonSetProps = {}): any { return { ...KubeDaemonSet.GVK, - ...toJson_KubeDaemonSetProps(props) - } + ...toJson_KubeDaemonSetProps(props), + }; } /** @@ -471,20 +471,20 @@ export class KubeDaemonSet extends ApiObject { public constructor(scope: Construct, id: string, props: KubeDaemonSetProps = {}) { super(scope, id, { ...KubeDaemonSet.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeDaemonSet.GVK, - ...toJson_KubeDaemonSetProps(resolved) - } + ...toJson_KubeDaemonSetProps(resolved), + }; } } @@ -499,7 +499,7 @@ export class KubeDaemonSetList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'DaemonSetList' + kind: 'DaemonSetList', } /** @@ -512,8 +512,8 @@ export class KubeDaemonSetList extends ApiObject { public static manifest(props: KubeDaemonSetListProps): any { return { ...KubeDaemonSetList.GVK, - ...toJson_KubeDaemonSetListProps(props) - } + ...toJson_KubeDaemonSetListProps(props), + }; } /** @@ -525,20 +525,20 @@ export class KubeDaemonSetList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeDaemonSetListProps) { super(scope, id, { ...KubeDaemonSetList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeDaemonSetList.GVK, - ...toJson_KubeDaemonSetListProps(resolved) - } + ...toJson_KubeDaemonSetListProps(resolved), + }; } } @@ -553,7 +553,7 @@ export class KubeDeployment extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'Deployment' + kind: 'Deployment', } /** @@ -566,8 +566,8 @@ export class KubeDeployment extends ApiObject { public static manifest(props: KubeDeploymentProps = {}): any { return { ...KubeDeployment.GVK, - ...toJson_KubeDeploymentProps(props) - } + ...toJson_KubeDeploymentProps(props), + }; } /** @@ -579,20 +579,20 @@ export class KubeDeployment extends ApiObject { public constructor(scope: Construct, id: string, props: KubeDeploymentProps = {}) { super(scope, id, { ...KubeDeployment.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeDeployment.GVK, - ...toJson_KubeDeploymentProps(resolved) - } + ...toJson_KubeDeploymentProps(resolved), + }; } } @@ -607,7 +607,7 @@ export class KubeDeploymentList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'DeploymentList' + kind: 'DeploymentList', } /** @@ -620,8 +620,8 @@ export class KubeDeploymentList extends ApiObject { public static manifest(props: KubeDeploymentListProps): any { return { ...KubeDeploymentList.GVK, - ...toJson_KubeDeploymentListProps(props) - } + ...toJson_KubeDeploymentListProps(props), + }; } /** @@ -633,20 +633,20 @@ export class KubeDeploymentList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeDeploymentListProps) { super(scope, id, { ...KubeDeploymentList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeDeploymentList.GVK, - ...toJson_KubeDeploymentListProps(resolved) - } + ...toJson_KubeDeploymentListProps(resolved), + }; } } @@ -661,7 +661,7 @@ export class KubeReplicaSet extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'ReplicaSet' + kind: 'ReplicaSet', } /** @@ -674,8 +674,8 @@ export class KubeReplicaSet extends ApiObject { public static manifest(props: KubeReplicaSetProps = {}): any { return { ...KubeReplicaSet.GVK, - ...toJson_KubeReplicaSetProps(props) - } + ...toJson_KubeReplicaSetProps(props), + }; } /** @@ -687,20 +687,20 @@ export class KubeReplicaSet extends ApiObject { public constructor(scope: Construct, id: string, props: KubeReplicaSetProps = {}) { super(scope, id, { ...KubeReplicaSet.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeReplicaSet.GVK, - ...toJson_KubeReplicaSetProps(resolved) - } + ...toJson_KubeReplicaSetProps(resolved), + }; } } @@ -715,7 +715,7 @@ export class KubeReplicaSetList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'ReplicaSetList' + kind: 'ReplicaSetList', } /** @@ -728,8 +728,8 @@ export class KubeReplicaSetList extends ApiObject { public static manifest(props: KubeReplicaSetListProps): any { return { ...KubeReplicaSetList.GVK, - ...toJson_KubeReplicaSetListProps(props) - } + ...toJson_KubeReplicaSetListProps(props), + }; } /** @@ -741,20 +741,20 @@ export class KubeReplicaSetList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeReplicaSetListProps) { super(scope, id, { ...KubeReplicaSetList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeReplicaSetList.GVK, - ...toJson_KubeReplicaSetListProps(resolved) - } + ...toJson_KubeReplicaSetListProps(resolved), + }; } } @@ -773,7 +773,7 @@ export class KubeStatefulSet extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'StatefulSet' + kind: 'StatefulSet', } /** @@ -786,8 +786,8 @@ export class KubeStatefulSet extends ApiObject { public static manifest(props: KubeStatefulSetProps = {}): any { return { ...KubeStatefulSet.GVK, - ...toJson_KubeStatefulSetProps(props) - } + ...toJson_KubeStatefulSetProps(props), + }; } /** @@ -799,20 +799,20 @@ export class KubeStatefulSet extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStatefulSetProps = {}) { super(scope, id, { ...KubeStatefulSet.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStatefulSet.GVK, - ...toJson_KubeStatefulSetProps(resolved) - } + ...toJson_KubeStatefulSetProps(resolved), + }; } } @@ -827,7 +827,7 @@ export class KubeStatefulSetList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apps/v1', - kind: 'StatefulSetList' + kind: 'StatefulSetList', } /** @@ -840,8 +840,8 @@ export class KubeStatefulSetList extends ApiObject { public static manifest(props: KubeStatefulSetListProps): any { return { ...KubeStatefulSetList.GVK, - ...toJson_KubeStatefulSetListProps(props) - } + ...toJson_KubeStatefulSetListProps(props), + }; } /** @@ -853,20 +853,20 @@ export class KubeStatefulSetList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStatefulSetListProps) { super(scope, id, { ...KubeStatefulSetList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStatefulSetList.GVK, - ...toJson_KubeStatefulSetListProps(resolved) - } + ...toJson_KubeStatefulSetListProps(resolved), + }; } } @@ -881,7 +881,7 @@ export class KubeTokenRequest extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authentication.k8s.io/v1', - kind: 'TokenRequest' + kind: 'TokenRequest', } /** @@ -894,8 +894,8 @@ export class KubeTokenRequest extends ApiObject { public static manifest(props: KubeTokenRequestProps): any { return { ...KubeTokenRequest.GVK, - ...toJson_KubeTokenRequestProps(props) - } + ...toJson_KubeTokenRequestProps(props), + }; } /** @@ -907,20 +907,20 @@ export class KubeTokenRequest extends ApiObject { public constructor(scope: Construct, id: string, props: KubeTokenRequestProps) { super(scope, id, { ...KubeTokenRequest.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeTokenRequest.GVK, - ...toJson_KubeTokenRequestProps(resolved) - } + ...toJson_KubeTokenRequestProps(resolved), + }; } } @@ -935,7 +935,7 @@ export class KubeTokenReview extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authentication.k8s.io/v1', - kind: 'TokenReview' + kind: 'TokenReview', } /** @@ -948,8 +948,8 @@ export class KubeTokenReview extends ApiObject { public static manifest(props: KubeTokenReviewProps): any { return { ...KubeTokenReview.GVK, - ...toJson_KubeTokenReviewProps(props) - } + ...toJson_KubeTokenReviewProps(props), + }; } /** @@ -961,20 +961,20 @@ export class KubeTokenReview extends ApiObject { public constructor(scope: Construct, id: string, props: KubeTokenReviewProps) { super(scope, id, { ...KubeTokenReview.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeTokenReview.GVK, - ...toJson_KubeTokenReviewProps(resolved) - } + ...toJson_KubeTokenReviewProps(resolved), + }; } } @@ -989,7 +989,7 @@ export class KubeLocalSubjectAccessReview extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authorization.k8s.io/v1', - kind: 'LocalSubjectAccessReview' + kind: 'LocalSubjectAccessReview', } /** @@ -1002,8 +1002,8 @@ export class KubeLocalSubjectAccessReview extends ApiObject { public static manifest(props: KubeLocalSubjectAccessReviewProps): any { return { ...KubeLocalSubjectAccessReview.GVK, - ...toJson_KubeLocalSubjectAccessReviewProps(props) - } + ...toJson_KubeLocalSubjectAccessReviewProps(props), + }; } /** @@ -1015,20 +1015,20 @@ export class KubeLocalSubjectAccessReview extends ApiObject { public constructor(scope: Construct, id: string, props: KubeLocalSubjectAccessReviewProps) { super(scope, id, { ...KubeLocalSubjectAccessReview.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeLocalSubjectAccessReview.GVK, - ...toJson_KubeLocalSubjectAccessReviewProps(resolved) - } + ...toJson_KubeLocalSubjectAccessReviewProps(resolved), + }; } } @@ -1043,7 +1043,7 @@ export class KubeSelfSubjectAccessReview extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authorization.k8s.io/v1', - kind: 'SelfSubjectAccessReview' + kind: 'SelfSubjectAccessReview', } /** @@ -1056,8 +1056,8 @@ export class KubeSelfSubjectAccessReview extends ApiObject { public static manifest(props: KubeSelfSubjectAccessReviewProps): any { return { ...KubeSelfSubjectAccessReview.GVK, - ...toJson_KubeSelfSubjectAccessReviewProps(props) - } + ...toJson_KubeSelfSubjectAccessReviewProps(props), + }; } /** @@ -1069,20 +1069,20 @@ export class KubeSelfSubjectAccessReview extends ApiObject { public constructor(scope: Construct, id: string, props: KubeSelfSubjectAccessReviewProps) { super(scope, id, { ...KubeSelfSubjectAccessReview.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeSelfSubjectAccessReview.GVK, - ...toJson_KubeSelfSubjectAccessReviewProps(resolved) - } + ...toJson_KubeSelfSubjectAccessReviewProps(resolved), + }; } } @@ -1097,7 +1097,7 @@ export class KubeSelfSubjectRulesReview extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authorization.k8s.io/v1', - kind: 'SelfSubjectRulesReview' + kind: 'SelfSubjectRulesReview', } /** @@ -1110,8 +1110,8 @@ export class KubeSelfSubjectRulesReview extends ApiObject { public static manifest(props: KubeSelfSubjectRulesReviewProps): any { return { ...KubeSelfSubjectRulesReview.GVK, - ...toJson_KubeSelfSubjectRulesReviewProps(props) - } + ...toJson_KubeSelfSubjectRulesReviewProps(props), + }; } /** @@ -1123,20 +1123,20 @@ export class KubeSelfSubjectRulesReview extends ApiObject { public constructor(scope: Construct, id: string, props: KubeSelfSubjectRulesReviewProps) { super(scope, id, { ...KubeSelfSubjectRulesReview.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeSelfSubjectRulesReview.GVK, - ...toJson_KubeSelfSubjectRulesReviewProps(resolved) - } + ...toJson_KubeSelfSubjectRulesReviewProps(resolved), + }; } } @@ -1151,7 +1151,7 @@ export class KubeSubjectAccessReview extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'authorization.k8s.io/v1', - kind: 'SubjectAccessReview' + kind: 'SubjectAccessReview', } /** @@ -1164,8 +1164,8 @@ export class KubeSubjectAccessReview extends ApiObject { public static manifest(props: KubeSubjectAccessReviewProps): any { return { ...KubeSubjectAccessReview.GVK, - ...toJson_KubeSubjectAccessReviewProps(props) - } + ...toJson_KubeSubjectAccessReviewProps(props), + }; } /** @@ -1177,20 +1177,20 @@ export class KubeSubjectAccessReview extends ApiObject { public constructor(scope: Construct, id: string, props: KubeSubjectAccessReviewProps) { super(scope, id, { ...KubeSubjectAccessReview.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeSubjectAccessReview.GVK, - ...toJson_KubeSubjectAccessReviewProps(resolved) - } + ...toJson_KubeSubjectAccessReviewProps(resolved), + }; } } @@ -1205,7 +1205,7 @@ export class KubeHorizontalPodAutoscaler extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v1', - kind: 'HorizontalPodAutoscaler' + kind: 'HorizontalPodAutoscaler', } /** @@ -1218,8 +1218,8 @@ export class KubeHorizontalPodAutoscaler extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerProps = {}): any { return { ...KubeHorizontalPodAutoscaler.GVK, - ...toJson_KubeHorizontalPodAutoscalerProps(props) - } + ...toJson_KubeHorizontalPodAutoscalerProps(props), + }; } /** @@ -1231,20 +1231,20 @@ export class KubeHorizontalPodAutoscaler extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerProps = {}) { super(scope, id, { ...KubeHorizontalPodAutoscaler.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscaler.GVK, - ...toJson_KubeHorizontalPodAutoscalerProps(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerProps(resolved), + }; } } @@ -1259,7 +1259,7 @@ export class KubeHorizontalPodAutoscalerList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v1', - kind: 'HorizontalPodAutoscalerList' + kind: 'HorizontalPodAutoscalerList', } /** @@ -1272,8 +1272,8 @@ export class KubeHorizontalPodAutoscalerList extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerListProps): any { return { ...KubeHorizontalPodAutoscalerList.GVK, - ...toJson_KubeHorizontalPodAutoscalerListProps(props) - } + ...toJson_KubeHorizontalPodAutoscalerListProps(props), + }; } /** @@ -1285,20 +1285,20 @@ export class KubeHorizontalPodAutoscalerList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerListProps) { super(scope, id, { ...KubeHorizontalPodAutoscalerList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscalerList.GVK, - ...toJson_KubeHorizontalPodAutoscalerListProps(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerListProps(resolved), + }; } } @@ -1313,7 +1313,7 @@ export class KubeScale extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v1', - kind: 'Scale' + kind: 'Scale', } /** @@ -1326,8 +1326,8 @@ export class KubeScale extends ApiObject { public static manifest(props: KubeScaleProps = {}): any { return { ...KubeScale.GVK, - ...toJson_KubeScaleProps(props) - } + ...toJson_KubeScaleProps(props), + }; } /** @@ -1339,20 +1339,20 @@ export class KubeScale extends ApiObject { public constructor(scope: Construct, id: string, props: KubeScaleProps = {}) { super(scope, id, { ...KubeScale.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeScale.GVK, - ...toJson_KubeScaleProps(resolved) - } + ...toJson_KubeScaleProps(resolved), + }; } } @@ -1367,7 +1367,7 @@ export class KubeHorizontalPodAutoscalerV2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v2', - kind: 'HorizontalPodAutoscaler' + kind: 'HorizontalPodAutoscaler', } /** @@ -1380,8 +1380,8 @@ export class KubeHorizontalPodAutoscalerV2 extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerV2Props = {}): any { return { ...KubeHorizontalPodAutoscalerV2.GVK, - ...toJson_KubeHorizontalPodAutoscalerV2Props(props) - } + ...toJson_KubeHorizontalPodAutoscalerV2Props(props), + }; } /** @@ -1393,20 +1393,20 @@ export class KubeHorizontalPodAutoscalerV2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerV2Props = {}) { super(scope, id, { ...KubeHorizontalPodAutoscalerV2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscalerV2.GVK, - ...toJson_KubeHorizontalPodAutoscalerV2Props(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerV2Props(resolved), + }; } } @@ -1421,7 +1421,7 @@ export class KubeHorizontalPodAutoscalerListV2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v2', - kind: 'HorizontalPodAutoscalerList' + kind: 'HorizontalPodAutoscalerList', } /** @@ -1434,8 +1434,8 @@ export class KubeHorizontalPodAutoscalerListV2 extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerListV2Props): any { return { ...KubeHorizontalPodAutoscalerListV2.GVK, - ...toJson_KubeHorizontalPodAutoscalerListV2Props(props) - } + ...toJson_KubeHorizontalPodAutoscalerListV2Props(props), + }; } /** @@ -1447,20 +1447,20 @@ export class KubeHorizontalPodAutoscalerListV2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerListV2Props) { super(scope, id, { ...KubeHorizontalPodAutoscalerListV2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscalerListV2.GVK, - ...toJson_KubeHorizontalPodAutoscalerListV2Props(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerListV2Props(resolved), + }; } } @@ -1475,7 +1475,7 @@ export class KubeHorizontalPodAutoscalerV2Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v2beta2', - kind: 'HorizontalPodAutoscaler' + kind: 'HorizontalPodAutoscaler', } /** @@ -1488,8 +1488,8 @@ export class KubeHorizontalPodAutoscalerV2Beta2 extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerV2Beta2Props = {}): any { return { ...KubeHorizontalPodAutoscalerV2Beta2.GVK, - ...toJson_KubeHorizontalPodAutoscalerV2Beta2Props(props) - } + ...toJson_KubeHorizontalPodAutoscalerV2Beta2Props(props), + }; } /** @@ -1501,20 +1501,20 @@ export class KubeHorizontalPodAutoscalerV2Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerV2Beta2Props = {}) { super(scope, id, { ...KubeHorizontalPodAutoscalerV2Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscalerV2Beta2.GVK, - ...toJson_KubeHorizontalPodAutoscalerV2Beta2Props(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerV2Beta2Props(resolved), + }; } } @@ -1529,7 +1529,7 @@ export class KubeHorizontalPodAutoscalerListV2Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'autoscaling/v2beta2', - kind: 'HorizontalPodAutoscalerList' + kind: 'HorizontalPodAutoscalerList', } /** @@ -1542,8 +1542,8 @@ export class KubeHorizontalPodAutoscalerListV2Beta2 extends ApiObject { public static manifest(props: KubeHorizontalPodAutoscalerListV2Beta2Props): any { return { ...KubeHorizontalPodAutoscalerListV2Beta2.GVK, - ...toJson_KubeHorizontalPodAutoscalerListV2Beta2Props(props) - } + ...toJson_KubeHorizontalPodAutoscalerListV2Beta2Props(props), + }; } /** @@ -1555,20 +1555,20 @@ export class KubeHorizontalPodAutoscalerListV2Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeHorizontalPodAutoscalerListV2Beta2Props) { super(scope, id, { ...KubeHorizontalPodAutoscalerListV2Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeHorizontalPodAutoscalerListV2Beta2.GVK, - ...toJson_KubeHorizontalPodAutoscalerListV2Beta2Props(resolved) - } + ...toJson_KubeHorizontalPodAutoscalerListV2Beta2Props(resolved), + }; } } @@ -1583,7 +1583,7 @@ export class KubeCronJob extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'batch/v1', - kind: 'CronJob' + kind: 'CronJob', } /** @@ -1596,8 +1596,8 @@ export class KubeCronJob extends ApiObject { public static manifest(props: KubeCronJobProps = {}): any { return { ...KubeCronJob.GVK, - ...toJson_KubeCronJobProps(props) - } + ...toJson_KubeCronJobProps(props), + }; } /** @@ -1609,20 +1609,20 @@ export class KubeCronJob extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCronJobProps = {}) { super(scope, id, { ...KubeCronJob.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCronJob.GVK, - ...toJson_KubeCronJobProps(resolved) - } + ...toJson_KubeCronJobProps(resolved), + }; } } @@ -1637,7 +1637,7 @@ export class KubeCronJobList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'batch/v1', - kind: 'CronJobList' + kind: 'CronJobList', } /** @@ -1650,8 +1650,8 @@ export class KubeCronJobList extends ApiObject { public static manifest(props: KubeCronJobListProps): any { return { ...KubeCronJobList.GVK, - ...toJson_KubeCronJobListProps(props) - } + ...toJson_KubeCronJobListProps(props), + }; } /** @@ -1663,20 +1663,20 @@ export class KubeCronJobList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCronJobListProps) { super(scope, id, { ...KubeCronJobList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCronJobList.GVK, - ...toJson_KubeCronJobListProps(resolved) - } + ...toJson_KubeCronJobListProps(resolved), + }; } } @@ -1691,7 +1691,7 @@ export class KubeJob extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'batch/v1', - kind: 'Job' + kind: 'Job', } /** @@ -1704,8 +1704,8 @@ export class KubeJob extends ApiObject { public static manifest(props: KubeJobProps = {}): any { return { ...KubeJob.GVK, - ...toJson_KubeJobProps(props) - } + ...toJson_KubeJobProps(props), + }; } /** @@ -1717,20 +1717,20 @@ export class KubeJob extends ApiObject { public constructor(scope: Construct, id: string, props: KubeJobProps = {}) { super(scope, id, { ...KubeJob.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeJob.GVK, - ...toJson_KubeJobProps(resolved) - } + ...toJson_KubeJobProps(resolved), + }; } } @@ -1745,7 +1745,7 @@ export class KubeJobList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'batch/v1', - kind: 'JobList' + kind: 'JobList', } /** @@ -1758,8 +1758,8 @@ export class KubeJobList extends ApiObject { public static manifest(props: KubeJobListProps): any { return { ...KubeJobList.GVK, - ...toJson_KubeJobListProps(props) - } + ...toJson_KubeJobListProps(props), + }; } /** @@ -1771,20 +1771,20 @@ export class KubeJobList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeJobListProps) { super(scope, id, { ...KubeJobList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeJobList.GVK, - ...toJson_KubeJobListProps(resolved) - } + ...toJson_KubeJobListProps(resolved), + }; } } @@ -1805,7 +1805,7 @@ export class KubeCertificateSigningRequest extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'certificates.k8s.io/v1', - kind: 'CertificateSigningRequest' + kind: 'CertificateSigningRequest', } /** @@ -1818,8 +1818,8 @@ export class KubeCertificateSigningRequest extends ApiObject { public static manifest(props: KubeCertificateSigningRequestProps): any { return { ...KubeCertificateSigningRequest.GVK, - ...toJson_KubeCertificateSigningRequestProps(props) - } + ...toJson_KubeCertificateSigningRequestProps(props), + }; } /** @@ -1831,20 +1831,20 @@ export class KubeCertificateSigningRequest extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCertificateSigningRequestProps) { super(scope, id, { ...KubeCertificateSigningRequest.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCertificateSigningRequest.GVK, - ...toJson_KubeCertificateSigningRequestProps(resolved) - } + ...toJson_KubeCertificateSigningRequestProps(resolved), + }; } } @@ -1859,7 +1859,7 @@ export class KubeCertificateSigningRequestList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'certificates.k8s.io/v1', - kind: 'CertificateSigningRequestList' + kind: 'CertificateSigningRequestList', } /** @@ -1872,8 +1872,8 @@ export class KubeCertificateSigningRequestList extends ApiObject { public static manifest(props: KubeCertificateSigningRequestListProps): any { return { ...KubeCertificateSigningRequestList.GVK, - ...toJson_KubeCertificateSigningRequestListProps(props) - } + ...toJson_KubeCertificateSigningRequestListProps(props), + }; } /** @@ -1885,20 +1885,20 @@ export class KubeCertificateSigningRequestList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCertificateSigningRequestListProps) { super(scope, id, { ...KubeCertificateSigningRequestList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCertificateSigningRequestList.GVK, - ...toJson_KubeCertificateSigningRequestListProps(resolved) - } + ...toJson_KubeCertificateSigningRequestListProps(resolved), + }; } } @@ -1913,7 +1913,7 @@ export class KubeLease extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'coordination.k8s.io/v1', - kind: 'Lease' + kind: 'Lease', } /** @@ -1926,8 +1926,8 @@ export class KubeLease extends ApiObject { public static manifest(props: KubeLeaseProps = {}): any { return { ...KubeLease.GVK, - ...toJson_KubeLeaseProps(props) - } + ...toJson_KubeLeaseProps(props), + }; } /** @@ -1939,20 +1939,20 @@ export class KubeLease extends ApiObject { public constructor(scope: Construct, id: string, props: KubeLeaseProps = {}) { super(scope, id, { ...KubeLease.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeLease.GVK, - ...toJson_KubeLeaseProps(resolved) - } + ...toJson_KubeLeaseProps(resolved), + }; } } @@ -1967,7 +1967,7 @@ export class KubeLeaseList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'coordination.k8s.io/v1', - kind: 'LeaseList' + kind: 'LeaseList', } /** @@ -1980,8 +1980,8 @@ export class KubeLeaseList extends ApiObject { public static manifest(props: KubeLeaseListProps): any { return { ...KubeLeaseList.GVK, - ...toJson_KubeLeaseListProps(props) - } + ...toJson_KubeLeaseListProps(props), + }; } /** @@ -1993,20 +1993,20 @@ export class KubeLeaseList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeLeaseListProps) { super(scope, id, { ...KubeLeaseList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeLeaseList.GVK, - ...toJson_KubeLeaseListProps(resolved) - } + ...toJson_KubeLeaseListProps(resolved), + }; } } @@ -2021,7 +2021,7 @@ export class KubeBinding extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Binding' + kind: 'Binding', } /** @@ -2034,8 +2034,8 @@ export class KubeBinding extends ApiObject { public static manifest(props: KubeBindingProps): any { return { ...KubeBinding.GVK, - ...toJson_KubeBindingProps(props) - } + ...toJson_KubeBindingProps(props), + }; } /** @@ -2047,20 +2047,20 @@ export class KubeBinding extends ApiObject { public constructor(scope: Construct, id: string, props: KubeBindingProps) { super(scope, id, { ...KubeBinding.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeBinding.GVK, - ...toJson_KubeBindingProps(resolved) - } + ...toJson_KubeBindingProps(resolved), + }; } } @@ -2075,7 +2075,7 @@ export class KubeComponentStatus extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ComponentStatus' + kind: 'ComponentStatus', } /** @@ -2088,8 +2088,8 @@ export class KubeComponentStatus extends ApiObject { public static manifest(props: KubeComponentStatusProps = {}): any { return { ...KubeComponentStatus.GVK, - ...toJson_KubeComponentStatusProps(props) - } + ...toJson_KubeComponentStatusProps(props), + }; } /** @@ -2101,20 +2101,20 @@ export class KubeComponentStatus extends ApiObject { public constructor(scope: Construct, id: string, props: KubeComponentStatusProps = {}) { super(scope, id, { ...KubeComponentStatus.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeComponentStatus.GVK, - ...toJson_KubeComponentStatusProps(resolved) - } + ...toJson_KubeComponentStatusProps(resolved), + }; } } @@ -2129,7 +2129,7 @@ export class KubeComponentStatusList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ComponentStatusList' + kind: 'ComponentStatusList', } /** @@ -2142,8 +2142,8 @@ export class KubeComponentStatusList extends ApiObject { public static manifest(props: KubeComponentStatusListProps): any { return { ...KubeComponentStatusList.GVK, - ...toJson_KubeComponentStatusListProps(props) - } + ...toJson_KubeComponentStatusListProps(props), + }; } /** @@ -2155,20 +2155,20 @@ export class KubeComponentStatusList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeComponentStatusListProps) { super(scope, id, { ...KubeComponentStatusList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeComponentStatusList.GVK, - ...toJson_KubeComponentStatusListProps(resolved) - } + ...toJson_KubeComponentStatusListProps(resolved), + }; } } @@ -2183,7 +2183,7 @@ export class KubeConfigMap extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ConfigMap' + kind: 'ConfigMap', } /** @@ -2196,8 +2196,8 @@ export class KubeConfigMap extends ApiObject { public static manifest(props: KubeConfigMapProps = {}): any { return { ...KubeConfigMap.GVK, - ...toJson_KubeConfigMapProps(props) - } + ...toJson_KubeConfigMapProps(props), + }; } /** @@ -2209,20 +2209,20 @@ export class KubeConfigMap extends ApiObject { public constructor(scope: Construct, id: string, props: KubeConfigMapProps = {}) { super(scope, id, { ...KubeConfigMap.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeConfigMap.GVK, - ...toJson_KubeConfigMapProps(resolved) - } + ...toJson_KubeConfigMapProps(resolved), + }; } } @@ -2237,7 +2237,7 @@ export class KubeConfigMapList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ConfigMapList' + kind: 'ConfigMapList', } /** @@ -2250,8 +2250,8 @@ export class KubeConfigMapList extends ApiObject { public static manifest(props: KubeConfigMapListProps): any { return { ...KubeConfigMapList.GVK, - ...toJson_KubeConfigMapListProps(props) - } + ...toJson_KubeConfigMapListProps(props), + }; } /** @@ -2263,20 +2263,20 @@ export class KubeConfigMapList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeConfigMapListProps) { super(scope, id, { ...KubeConfigMapList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeConfigMapList.GVK, - ...toJson_KubeConfigMapListProps(resolved) - } + ...toJson_KubeConfigMapListProps(resolved), + }; } } @@ -2303,7 +2303,7 @@ export class KubeEndpoints extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Endpoints' + kind: 'Endpoints', } /** @@ -2316,8 +2316,8 @@ export class KubeEndpoints extends ApiObject { public static manifest(props: KubeEndpointsProps = {}): any { return { ...KubeEndpoints.GVK, - ...toJson_KubeEndpointsProps(props) - } + ...toJson_KubeEndpointsProps(props), + }; } /** @@ -2329,20 +2329,20 @@ export class KubeEndpoints extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEndpointsProps = {}) { super(scope, id, { ...KubeEndpoints.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEndpoints.GVK, - ...toJson_KubeEndpointsProps(resolved) - } + ...toJson_KubeEndpointsProps(resolved), + }; } } @@ -2357,7 +2357,7 @@ export class KubeEndpointsList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'EndpointsList' + kind: 'EndpointsList', } /** @@ -2370,8 +2370,8 @@ export class KubeEndpointsList extends ApiObject { public static manifest(props: KubeEndpointsListProps): any { return { ...KubeEndpointsList.GVK, - ...toJson_KubeEndpointsListProps(props) - } + ...toJson_KubeEndpointsListProps(props), + }; } /** @@ -2383,20 +2383,20 @@ export class KubeEndpointsList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEndpointsListProps) { super(scope, id, { ...KubeEndpointsList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEndpointsList.GVK, - ...toJson_KubeEndpointsListProps(resolved) - } + ...toJson_KubeEndpointsListProps(resolved), + }; } } @@ -2411,7 +2411,7 @@ export class KubeEvent extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'events.k8s.io/v1', - kind: 'Event' + kind: 'Event', } /** @@ -2424,8 +2424,8 @@ export class KubeEvent extends ApiObject { public static manifest(props: KubeEventProps): any { return { ...KubeEvent.GVK, - ...toJson_KubeEventProps(props) - } + ...toJson_KubeEventProps(props), + }; } /** @@ -2437,20 +2437,20 @@ export class KubeEvent extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEventProps) { super(scope, id, { ...KubeEvent.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEvent.GVK, - ...toJson_KubeEventProps(resolved) - } + ...toJson_KubeEventProps(resolved), + }; } } @@ -2465,7 +2465,7 @@ export class KubeEventList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'events.k8s.io/v1', - kind: 'EventList' + kind: 'EventList', } /** @@ -2478,8 +2478,8 @@ export class KubeEventList extends ApiObject { public static manifest(props: KubeEventListProps): any { return { ...KubeEventList.GVK, - ...toJson_KubeEventListProps(props) - } + ...toJson_KubeEventListProps(props), + }; } /** @@ -2491,20 +2491,20 @@ export class KubeEventList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEventListProps) { super(scope, id, { ...KubeEventList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEventList.GVK, - ...toJson_KubeEventListProps(resolved) - } + ...toJson_KubeEventListProps(resolved), + }; } } @@ -2519,7 +2519,7 @@ export class KubeLimitRange extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'LimitRange' + kind: 'LimitRange', } /** @@ -2532,8 +2532,8 @@ export class KubeLimitRange extends ApiObject { public static manifest(props: KubeLimitRangeProps = {}): any { return { ...KubeLimitRange.GVK, - ...toJson_KubeLimitRangeProps(props) - } + ...toJson_KubeLimitRangeProps(props), + }; } /** @@ -2545,20 +2545,20 @@ export class KubeLimitRange extends ApiObject { public constructor(scope: Construct, id: string, props: KubeLimitRangeProps = {}) { super(scope, id, { ...KubeLimitRange.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeLimitRange.GVK, - ...toJson_KubeLimitRangeProps(resolved) - } + ...toJson_KubeLimitRangeProps(resolved), + }; } } @@ -2573,7 +2573,7 @@ export class KubeLimitRangeList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'LimitRangeList' + kind: 'LimitRangeList', } /** @@ -2586,8 +2586,8 @@ export class KubeLimitRangeList extends ApiObject { public static manifest(props: KubeLimitRangeListProps): any { return { ...KubeLimitRangeList.GVK, - ...toJson_KubeLimitRangeListProps(props) - } + ...toJson_KubeLimitRangeListProps(props), + }; } /** @@ -2599,20 +2599,20 @@ export class KubeLimitRangeList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeLimitRangeListProps) { super(scope, id, { ...KubeLimitRangeList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeLimitRangeList.GVK, - ...toJson_KubeLimitRangeListProps(resolved) - } + ...toJson_KubeLimitRangeListProps(resolved), + }; } } @@ -2627,7 +2627,7 @@ export class KubeNamespace extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Namespace' + kind: 'Namespace', } /** @@ -2640,8 +2640,8 @@ export class KubeNamespace extends ApiObject { public static manifest(props: KubeNamespaceProps = {}): any { return { ...KubeNamespace.GVK, - ...toJson_KubeNamespaceProps(props) - } + ...toJson_KubeNamespaceProps(props), + }; } /** @@ -2653,20 +2653,20 @@ export class KubeNamespace extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNamespaceProps = {}) { super(scope, id, { ...KubeNamespace.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNamespace.GVK, - ...toJson_KubeNamespaceProps(resolved) - } + ...toJson_KubeNamespaceProps(resolved), + }; } } @@ -2681,7 +2681,7 @@ export class KubeNamespaceList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'NamespaceList' + kind: 'NamespaceList', } /** @@ -2694,8 +2694,8 @@ export class KubeNamespaceList extends ApiObject { public static manifest(props: KubeNamespaceListProps): any { return { ...KubeNamespaceList.GVK, - ...toJson_KubeNamespaceListProps(props) - } + ...toJson_KubeNamespaceListProps(props), + }; } /** @@ -2707,20 +2707,20 @@ export class KubeNamespaceList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNamespaceListProps) { super(scope, id, { ...KubeNamespaceList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNamespaceList.GVK, - ...toJson_KubeNamespaceListProps(resolved) - } + ...toJson_KubeNamespaceListProps(resolved), + }; } } @@ -2735,7 +2735,7 @@ export class KubeNode extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Node' + kind: 'Node', } /** @@ -2748,8 +2748,8 @@ export class KubeNode extends ApiObject { public static manifest(props: KubeNodeProps = {}): any { return { ...KubeNode.GVK, - ...toJson_KubeNodeProps(props) - } + ...toJson_KubeNodeProps(props), + }; } /** @@ -2761,20 +2761,20 @@ export class KubeNode extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNodeProps = {}) { super(scope, id, { ...KubeNode.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNode.GVK, - ...toJson_KubeNodeProps(resolved) - } + ...toJson_KubeNodeProps(resolved), + }; } } @@ -2789,7 +2789,7 @@ export class KubeNodeList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'NodeList' + kind: 'NodeList', } /** @@ -2802,8 +2802,8 @@ export class KubeNodeList extends ApiObject { public static manifest(props: KubeNodeListProps): any { return { ...KubeNodeList.GVK, - ...toJson_KubeNodeListProps(props) - } + ...toJson_KubeNodeListProps(props), + }; } /** @@ -2815,20 +2815,20 @@ export class KubeNodeList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNodeListProps) { super(scope, id, { ...KubeNodeList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNodeList.GVK, - ...toJson_KubeNodeListProps(resolved) - } + ...toJson_KubeNodeListProps(resolved), + }; } } @@ -2843,7 +2843,7 @@ export class KubePersistentVolume extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PersistentVolume' + kind: 'PersistentVolume', } /** @@ -2856,8 +2856,8 @@ export class KubePersistentVolume extends ApiObject { public static manifest(props: KubePersistentVolumeProps = {}): any { return { ...KubePersistentVolume.GVK, - ...toJson_KubePersistentVolumeProps(props) - } + ...toJson_KubePersistentVolumeProps(props), + }; } /** @@ -2869,20 +2869,20 @@ export class KubePersistentVolume extends ApiObject { public constructor(scope: Construct, id: string, props: KubePersistentVolumeProps = {}) { super(scope, id, { ...KubePersistentVolume.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePersistentVolume.GVK, - ...toJson_KubePersistentVolumeProps(resolved) - } + ...toJson_KubePersistentVolumeProps(resolved), + }; } } @@ -2897,7 +2897,7 @@ export class KubePersistentVolumeClaim extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PersistentVolumeClaim' + kind: 'PersistentVolumeClaim', } /** @@ -2910,8 +2910,8 @@ export class KubePersistentVolumeClaim extends ApiObject { public static manifest(props: KubePersistentVolumeClaimProps = {}): any { return { ...KubePersistentVolumeClaim.GVK, - ...toJson_KubePersistentVolumeClaimProps(props) - } + ...toJson_KubePersistentVolumeClaimProps(props), + }; } /** @@ -2923,20 +2923,20 @@ export class KubePersistentVolumeClaim extends ApiObject { public constructor(scope: Construct, id: string, props: KubePersistentVolumeClaimProps = {}) { super(scope, id, { ...KubePersistentVolumeClaim.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePersistentVolumeClaim.GVK, - ...toJson_KubePersistentVolumeClaimProps(resolved) - } + ...toJson_KubePersistentVolumeClaimProps(resolved), + }; } } @@ -2951,7 +2951,7 @@ export class KubePersistentVolumeClaimList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PersistentVolumeClaimList' + kind: 'PersistentVolumeClaimList', } /** @@ -2964,8 +2964,8 @@ export class KubePersistentVolumeClaimList extends ApiObject { public static manifest(props: KubePersistentVolumeClaimListProps): any { return { ...KubePersistentVolumeClaimList.GVK, - ...toJson_KubePersistentVolumeClaimListProps(props) - } + ...toJson_KubePersistentVolumeClaimListProps(props), + }; } /** @@ -2977,20 +2977,20 @@ export class KubePersistentVolumeClaimList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePersistentVolumeClaimListProps) { super(scope, id, { ...KubePersistentVolumeClaimList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePersistentVolumeClaimList.GVK, - ...toJson_KubePersistentVolumeClaimListProps(resolved) - } + ...toJson_KubePersistentVolumeClaimListProps(resolved), + }; } } @@ -3005,7 +3005,7 @@ export class KubePersistentVolumeList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PersistentVolumeList' + kind: 'PersistentVolumeList', } /** @@ -3018,8 +3018,8 @@ export class KubePersistentVolumeList extends ApiObject { public static manifest(props: KubePersistentVolumeListProps): any { return { ...KubePersistentVolumeList.GVK, - ...toJson_KubePersistentVolumeListProps(props) - } + ...toJson_KubePersistentVolumeListProps(props), + }; } /** @@ -3031,20 +3031,20 @@ export class KubePersistentVolumeList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePersistentVolumeListProps) { super(scope, id, { ...KubePersistentVolumeList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePersistentVolumeList.GVK, - ...toJson_KubePersistentVolumeListProps(resolved) - } + ...toJson_KubePersistentVolumeListProps(resolved), + }; } } @@ -3059,7 +3059,7 @@ export class KubePod extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Pod' + kind: 'Pod', } /** @@ -3072,8 +3072,8 @@ export class KubePod extends ApiObject { public static manifest(props: KubePodProps = {}): any { return { ...KubePod.GVK, - ...toJson_KubePodProps(props) - } + ...toJson_KubePodProps(props), + }; } /** @@ -3085,20 +3085,20 @@ export class KubePod extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodProps = {}) { super(scope, id, { ...KubePod.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePod.GVK, - ...toJson_KubePodProps(resolved) - } + ...toJson_KubePodProps(resolved), + }; } } @@ -3113,7 +3113,7 @@ export class KubePodList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PodList' + kind: 'PodList', } /** @@ -3126,8 +3126,8 @@ export class KubePodList extends ApiObject { public static manifest(props: KubePodListProps): any { return { ...KubePodList.GVK, - ...toJson_KubePodListProps(props) - } + ...toJson_KubePodListProps(props), + }; } /** @@ -3139,20 +3139,20 @@ export class KubePodList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodListProps) { super(scope, id, { ...KubePodList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePodList.GVK, - ...toJson_KubePodListProps(resolved) - } + ...toJson_KubePodListProps(resolved), + }; } } @@ -3167,7 +3167,7 @@ export class KubePodTemplate extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PodTemplate' + kind: 'PodTemplate', } /** @@ -3180,8 +3180,8 @@ export class KubePodTemplate extends ApiObject { public static manifest(props: KubePodTemplateProps = {}): any { return { ...KubePodTemplate.GVK, - ...toJson_KubePodTemplateProps(props) - } + ...toJson_KubePodTemplateProps(props), + }; } /** @@ -3193,20 +3193,20 @@ export class KubePodTemplate extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodTemplateProps = {}) { super(scope, id, { ...KubePodTemplate.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePodTemplate.GVK, - ...toJson_KubePodTemplateProps(resolved) - } + ...toJson_KubePodTemplateProps(resolved), + }; } } @@ -3221,7 +3221,7 @@ export class KubePodTemplateList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'PodTemplateList' + kind: 'PodTemplateList', } /** @@ -3234,8 +3234,8 @@ export class KubePodTemplateList extends ApiObject { public static manifest(props: KubePodTemplateListProps): any { return { ...KubePodTemplateList.GVK, - ...toJson_KubePodTemplateListProps(props) - } + ...toJson_KubePodTemplateListProps(props), + }; } /** @@ -3247,20 +3247,20 @@ export class KubePodTemplateList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodTemplateListProps) { super(scope, id, { ...KubePodTemplateList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePodTemplateList.GVK, - ...toJson_KubePodTemplateListProps(resolved) - } + ...toJson_KubePodTemplateListProps(resolved), + }; } } @@ -3275,7 +3275,7 @@ export class KubeReplicationController extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ReplicationController' + kind: 'ReplicationController', } /** @@ -3288,8 +3288,8 @@ export class KubeReplicationController extends ApiObject { public static manifest(props: KubeReplicationControllerProps = {}): any { return { ...KubeReplicationController.GVK, - ...toJson_KubeReplicationControllerProps(props) - } + ...toJson_KubeReplicationControllerProps(props), + }; } /** @@ -3301,20 +3301,20 @@ export class KubeReplicationController extends ApiObject { public constructor(scope: Construct, id: string, props: KubeReplicationControllerProps = {}) { super(scope, id, { ...KubeReplicationController.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeReplicationController.GVK, - ...toJson_KubeReplicationControllerProps(resolved) - } + ...toJson_KubeReplicationControllerProps(resolved), + }; } } @@ -3329,7 +3329,7 @@ export class KubeReplicationControllerList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ReplicationControllerList' + kind: 'ReplicationControllerList', } /** @@ -3342,8 +3342,8 @@ export class KubeReplicationControllerList extends ApiObject { public static manifest(props: KubeReplicationControllerListProps): any { return { ...KubeReplicationControllerList.GVK, - ...toJson_KubeReplicationControllerListProps(props) - } + ...toJson_KubeReplicationControllerListProps(props), + }; } /** @@ -3355,20 +3355,20 @@ export class KubeReplicationControllerList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeReplicationControllerListProps) { super(scope, id, { ...KubeReplicationControllerList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeReplicationControllerList.GVK, - ...toJson_KubeReplicationControllerListProps(resolved) - } + ...toJson_KubeReplicationControllerListProps(resolved), + }; } } @@ -3383,7 +3383,7 @@ export class KubeResourceQuota extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ResourceQuota' + kind: 'ResourceQuota', } /** @@ -3396,8 +3396,8 @@ export class KubeResourceQuota extends ApiObject { public static manifest(props: KubeResourceQuotaProps = {}): any { return { ...KubeResourceQuota.GVK, - ...toJson_KubeResourceQuotaProps(props) - } + ...toJson_KubeResourceQuotaProps(props), + }; } /** @@ -3409,20 +3409,20 @@ export class KubeResourceQuota extends ApiObject { public constructor(scope: Construct, id: string, props: KubeResourceQuotaProps = {}) { super(scope, id, { ...KubeResourceQuota.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeResourceQuota.GVK, - ...toJson_KubeResourceQuotaProps(resolved) - } + ...toJson_KubeResourceQuotaProps(resolved), + }; } } @@ -3437,7 +3437,7 @@ export class KubeResourceQuotaList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ResourceQuotaList' + kind: 'ResourceQuotaList', } /** @@ -3450,8 +3450,8 @@ export class KubeResourceQuotaList extends ApiObject { public static manifest(props: KubeResourceQuotaListProps): any { return { ...KubeResourceQuotaList.GVK, - ...toJson_KubeResourceQuotaListProps(props) - } + ...toJson_KubeResourceQuotaListProps(props), + }; } /** @@ -3463,20 +3463,20 @@ export class KubeResourceQuotaList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeResourceQuotaListProps) { super(scope, id, { ...KubeResourceQuotaList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeResourceQuotaList.GVK, - ...toJson_KubeResourceQuotaListProps(resolved) - } + ...toJson_KubeResourceQuotaListProps(resolved), + }; } } @@ -3491,7 +3491,7 @@ export class KubeSecret extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Secret' + kind: 'Secret', } /** @@ -3504,8 +3504,8 @@ export class KubeSecret extends ApiObject { public static manifest(props: KubeSecretProps = {}): any { return { ...KubeSecret.GVK, - ...toJson_KubeSecretProps(props) - } + ...toJson_KubeSecretProps(props), + }; } /** @@ -3517,20 +3517,20 @@ export class KubeSecret extends ApiObject { public constructor(scope: Construct, id: string, props: KubeSecretProps = {}) { super(scope, id, { ...KubeSecret.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeSecret.GVK, - ...toJson_KubeSecretProps(resolved) - } + ...toJson_KubeSecretProps(resolved), + }; } } @@ -3545,7 +3545,7 @@ export class KubeSecretList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'SecretList' + kind: 'SecretList', } /** @@ -3558,8 +3558,8 @@ export class KubeSecretList extends ApiObject { public static manifest(props: KubeSecretListProps): any { return { ...KubeSecretList.GVK, - ...toJson_KubeSecretListProps(props) - } + ...toJson_KubeSecretListProps(props), + }; } /** @@ -3571,20 +3571,20 @@ export class KubeSecretList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeSecretListProps) { super(scope, id, { ...KubeSecretList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeSecretList.GVK, - ...toJson_KubeSecretListProps(resolved) - } + ...toJson_KubeSecretListProps(resolved), + }; } } @@ -3599,7 +3599,7 @@ export class KubeService extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Service' + kind: 'Service', } /** @@ -3612,8 +3612,8 @@ export class KubeService extends ApiObject { public static manifest(props: KubeServiceProps = {}): any { return { ...KubeService.GVK, - ...toJson_KubeServiceProps(props) - } + ...toJson_KubeServiceProps(props), + }; } /** @@ -3625,20 +3625,20 @@ export class KubeService extends ApiObject { public constructor(scope: Construct, id: string, props: KubeServiceProps = {}) { super(scope, id, { ...KubeService.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeService.GVK, - ...toJson_KubeServiceProps(resolved) - } + ...toJson_KubeServiceProps(resolved), + }; } } @@ -3653,7 +3653,7 @@ export class KubeServiceAccount extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ServiceAccount' + kind: 'ServiceAccount', } /** @@ -3666,8 +3666,8 @@ export class KubeServiceAccount extends ApiObject { public static manifest(props: KubeServiceAccountProps = {}): any { return { ...KubeServiceAccount.GVK, - ...toJson_KubeServiceAccountProps(props) - } + ...toJson_KubeServiceAccountProps(props), + }; } /** @@ -3679,20 +3679,20 @@ export class KubeServiceAccount extends ApiObject { public constructor(scope: Construct, id: string, props: KubeServiceAccountProps = {}) { super(scope, id, { ...KubeServiceAccount.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeServiceAccount.GVK, - ...toJson_KubeServiceAccountProps(resolved) - } + ...toJson_KubeServiceAccountProps(resolved), + }; } } @@ -3707,7 +3707,7 @@ export class KubeServiceAccountList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ServiceAccountList' + kind: 'ServiceAccountList', } /** @@ -3720,8 +3720,8 @@ export class KubeServiceAccountList extends ApiObject { public static manifest(props: KubeServiceAccountListProps): any { return { ...KubeServiceAccountList.GVK, - ...toJson_KubeServiceAccountListProps(props) - } + ...toJson_KubeServiceAccountListProps(props), + }; } /** @@ -3733,20 +3733,20 @@ export class KubeServiceAccountList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeServiceAccountListProps) { super(scope, id, { ...KubeServiceAccountList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeServiceAccountList.GVK, - ...toJson_KubeServiceAccountListProps(resolved) - } + ...toJson_KubeServiceAccountListProps(resolved), + }; } } @@ -3761,7 +3761,7 @@ export class KubeServiceList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'ServiceList' + kind: 'ServiceList', } /** @@ -3774,8 +3774,8 @@ export class KubeServiceList extends ApiObject { public static manifest(props: KubeServiceListProps): any { return { ...KubeServiceList.GVK, - ...toJson_KubeServiceListProps(props) - } + ...toJson_KubeServiceListProps(props), + }; } /** @@ -3787,20 +3787,20 @@ export class KubeServiceList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeServiceListProps) { super(scope, id, { ...KubeServiceList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeServiceList.GVK, - ...toJson_KubeServiceListProps(resolved) - } + ...toJson_KubeServiceListProps(resolved), + }; } } @@ -3815,7 +3815,7 @@ export class KubeEndpointSlice extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'discovery.k8s.io/v1', - kind: 'EndpointSlice' + kind: 'EndpointSlice', } /** @@ -3828,8 +3828,8 @@ export class KubeEndpointSlice extends ApiObject { public static manifest(props: KubeEndpointSliceProps): any { return { ...KubeEndpointSlice.GVK, - ...toJson_KubeEndpointSliceProps(props) - } + ...toJson_KubeEndpointSliceProps(props), + }; } /** @@ -3841,20 +3841,20 @@ export class KubeEndpointSlice extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEndpointSliceProps) { super(scope, id, { ...KubeEndpointSlice.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEndpointSlice.GVK, - ...toJson_KubeEndpointSliceProps(resolved) - } + ...toJson_KubeEndpointSliceProps(resolved), + }; } } @@ -3869,7 +3869,7 @@ export class KubeEndpointSliceList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'discovery.k8s.io/v1', - kind: 'EndpointSliceList' + kind: 'EndpointSliceList', } /** @@ -3882,8 +3882,8 @@ export class KubeEndpointSliceList extends ApiObject { public static manifest(props: KubeEndpointSliceListProps): any { return { ...KubeEndpointSliceList.GVK, - ...toJson_KubeEndpointSliceListProps(props) - } + ...toJson_KubeEndpointSliceListProps(props), + }; } /** @@ -3895,20 +3895,20 @@ export class KubeEndpointSliceList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEndpointSliceListProps) { super(scope, id, { ...KubeEndpointSliceList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEndpointSliceList.GVK, - ...toJson_KubeEndpointSliceListProps(resolved) - } + ...toJson_KubeEndpointSliceListProps(resolved), + }; } } @@ -3923,7 +3923,7 @@ export class KubeFlowSchemaV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta1', - kind: 'FlowSchema' + kind: 'FlowSchema', } /** @@ -3936,8 +3936,8 @@ export class KubeFlowSchemaV1Beta1 extends ApiObject { public static manifest(props: KubeFlowSchemaV1Beta1Props = {}): any { return { ...KubeFlowSchemaV1Beta1.GVK, - ...toJson_KubeFlowSchemaV1Beta1Props(props) - } + ...toJson_KubeFlowSchemaV1Beta1Props(props), + }; } /** @@ -3949,20 +3949,20 @@ export class KubeFlowSchemaV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeFlowSchemaV1Beta1Props = {}) { super(scope, id, { ...KubeFlowSchemaV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeFlowSchemaV1Beta1.GVK, - ...toJson_KubeFlowSchemaV1Beta1Props(resolved) - } + ...toJson_KubeFlowSchemaV1Beta1Props(resolved), + }; } } @@ -3977,7 +3977,7 @@ export class KubeFlowSchemaListV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta1', - kind: 'FlowSchemaList' + kind: 'FlowSchemaList', } /** @@ -3990,8 +3990,8 @@ export class KubeFlowSchemaListV1Beta1 extends ApiObject { public static manifest(props: KubeFlowSchemaListV1Beta1Props): any { return { ...KubeFlowSchemaListV1Beta1.GVK, - ...toJson_KubeFlowSchemaListV1Beta1Props(props) - } + ...toJson_KubeFlowSchemaListV1Beta1Props(props), + }; } /** @@ -4003,20 +4003,20 @@ export class KubeFlowSchemaListV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeFlowSchemaListV1Beta1Props) { super(scope, id, { ...KubeFlowSchemaListV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeFlowSchemaListV1Beta1.GVK, - ...toJson_KubeFlowSchemaListV1Beta1Props(resolved) - } + ...toJson_KubeFlowSchemaListV1Beta1Props(resolved), + }; } } @@ -4031,7 +4031,7 @@ export class KubePriorityLevelConfigurationV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta1', - kind: 'PriorityLevelConfiguration' + kind: 'PriorityLevelConfiguration', } /** @@ -4044,8 +4044,8 @@ export class KubePriorityLevelConfigurationV1Beta1 extends ApiObject { public static manifest(props: KubePriorityLevelConfigurationV1Beta1Props = {}): any { return { ...KubePriorityLevelConfigurationV1Beta1.GVK, - ...toJson_KubePriorityLevelConfigurationV1Beta1Props(props) - } + ...toJson_KubePriorityLevelConfigurationV1Beta1Props(props), + }; } /** @@ -4057,20 +4057,20 @@ export class KubePriorityLevelConfigurationV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityLevelConfigurationV1Beta1Props = {}) { super(scope, id, { ...KubePriorityLevelConfigurationV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityLevelConfigurationV1Beta1.GVK, - ...toJson_KubePriorityLevelConfigurationV1Beta1Props(resolved) - } + ...toJson_KubePriorityLevelConfigurationV1Beta1Props(resolved), + }; } } @@ -4085,7 +4085,7 @@ export class KubePriorityLevelConfigurationListV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta1', - kind: 'PriorityLevelConfigurationList' + kind: 'PriorityLevelConfigurationList', } /** @@ -4098,8 +4098,8 @@ export class KubePriorityLevelConfigurationListV1Beta1 extends ApiObject { public static manifest(props: KubePriorityLevelConfigurationListV1Beta1Props): any { return { ...KubePriorityLevelConfigurationListV1Beta1.GVK, - ...toJson_KubePriorityLevelConfigurationListV1Beta1Props(props) - } + ...toJson_KubePriorityLevelConfigurationListV1Beta1Props(props), + }; } /** @@ -4111,20 +4111,20 @@ export class KubePriorityLevelConfigurationListV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityLevelConfigurationListV1Beta1Props) { super(scope, id, { ...KubePriorityLevelConfigurationListV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityLevelConfigurationListV1Beta1.GVK, - ...toJson_KubePriorityLevelConfigurationListV1Beta1Props(resolved) - } + ...toJson_KubePriorityLevelConfigurationListV1Beta1Props(resolved), + }; } } @@ -4139,7 +4139,7 @@ export class KubeFlowSchemaV1Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta2', - kind: 'FlowSchema' + kind: 'FlowSchema', } /** @@ -4152,8 +4152,8 @@ export class KubeFlowSchemaV1Beta2 extends ApiObject { public static manifest(props: KubeFlowSchemaV1Beta2Props = {}): any { return { ...KubeFlowSchemaV1Beta2.GVK, - ...toJson_KubeFlowSchemaV1Beta2Props(props) - } + ...toJson_KubeFlowSchemaV1Beta2Props(props), + }; } /** @@ -4165,20 +4165,20 @@ export class KubeFlowSchemaV1Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeFlowSchemaV1Beta2Props = {}) { super(scope, id, { ...KubeFlowSchemaV1Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeFlowSchemaV1Beta2.GVK, - ...toJson_KubeFlowSchemaV1Beta2Props(resolved) - } + ...toJson_KubeFlowSchemaV1Beta2Props(resolved), + }; } } @@ -4193,7 +4193,7 @@ export class KubeFlowSchemaListV1Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta2', - kind: 'FlowSchemaList' + kind: 'FlowSchemaList', } /** @@ -4206,8 +4206,8 @@ export class KubeFlowSchemaListV1Beta2 extends ApiObject { public static manifest(props: KubeFlowSchemaListV1Beta2Props): any { return { ...KubeFlowSchemaListV1Beta2.GVK, - ...toJson_KubeFlowSchemaListV1Beta2Props(props) - } + ...toJson_KubeFlowSchemaListV1Beta2Props(props), + }; } /** @@ -4219,20 +4219,20 @@ export class KubeFlowSchemaListV1Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeFlowSchemaListV1Beta2Props) { super(scope, id, { ...KubeFlowSchemaListV1Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeFlowSchemaListV1Beta2.GVK, - ...toJson_KubeFlowSchemaListV1Beta2Props(resolved) - } + ...toJson_KubeFlowSchemaListV1Beta2Props(resolved), + }; } } @@ -4247,7 +4247,7 @@ export class KubePriorityLevelConfigurationV1Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta2', - kind: 'PriorityLevelConfiguration' + kind: 'PriorityLevelConfiguration', } /** @@ -4260,8 +4260,8 @@ export class KubePriorityLevelConfigurationV1Beta2 extends ApiObject { public static manifest(props: KubePriorityLevelConfigurationV1Beta2Props = {}): any { return { ...KubePriorityLevelConfigurationV1Beta2.GVK, - ...toJson_KubePriorityLevelConfigurationV1Beta2Props(props) - } + ...toJson_KubePriorityLevelConfigurationV1Beta2Props(props), + }; } /** @@ -4273,20 +4273,20 @@ export class KubePriorityLevelConfigurationV1Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityLevelConfigurationV1Beta2Props = {}) { super(scope, id, { ...KubePriorityLevelConfigurationV1Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityLevelConfigurationV1Beta2.GVK, - ...toJson_KubePriorityLevelConfigurationV1Beta2Props(resolved) - } + ...toJson_KubePriorityLevelConfigurationV1Beta2Props(resolved), + }; } } @@ -4301,7 +4301,7 @@ export class KubePriorityLevelConfigurationListV1Beta2 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'flowcontrol.apiserver.k8s.io/v1beta2', - kind: 'PriorityLevelConfigurationList' + kind: 'PriorityLevelConfigurationList', } /** @@ -4314,8 +4314,8 @@ export class KubePriorityLevelConfigurationListV1Beta2 extends ApiObject { public static manifest(props: KubePriorityLevelConfigurationListV1Beta2Props): any { return { ...KubePriorityLevelConfigurationListV1Beta2.GVK, - ...toJson_KubePriorityLevelConfigurationListV1Beta2Props(props) - } + ...toJson_KubePriorityLevelConfigurationListV1Beta2Props(props), + }; } /** @@ -4327,20 +4327,20 @@ export class KubePriorityLevelConfigurationListV1Beta2 extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityLevelConfigurationListV1Beta2Props) { super(scope, id, { ...KubePriorityLevelConfigurationListV1Beta2.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityLevelConfigurationListV1Beta2.GVK, - ...toJson_KubePriorityLevelConfigurationListV1Beta2Props(resolved) - } + ...toJson_KubePriorityLevelConfigurationListV1Beta2Props(resolved), + }; } } @@ -4355,7 +4355,7 @@ export class KubeIngress extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress' + kind: 'Ingress', } /** @@ -4368,8 +4368,8 @@ export class KubeIngress extends ApiObject { public static manifest(props: KubeIngressProps = {}): any { return { ...KubeIngress.GVK, - ...toJson_KubeIngressProps(props) - } + ...toJson_KubeIngressProps(props), + }; } /** @@ -4381,20 +4381,20 @@ export class KubeIngress extends ApiObject { public constructor(scope: Construct, id: string, props: KubeIngressProps = {}) { super(scope, id, { ...KubeIngress.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeIngress.GVK, - ...toJson_KubeIngressProps(resolved) - } + ...toJson_KubeIngressProps(resolved), + }; } } @@ -4409,7 +4409,7 @@ export class KubeIngressClass extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'IngressClass' + kind: 'IngressClass', } /** @@ -4422,8 +4422,8 @@ export class KubeIngressClass extends ApiObject { public static manifest(props: KubeIngressClassProps = {}): any { return { ...KubeIngressClass.GVK, - ...toJson_KubeIngressClassProps(props) - } + ...toJson_KubeIngressClassProps(props), + }; } /** @@ -4435,20 +4435,20 @@ export class KubeIngressClass extends ApiObject { public constructor(scope: Construct, id: string, props: KubeIngressClassProps = {}) { super(scope, id, { ...KubeIngressClass.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeIngressClass.GVK, - ...toJson_KubeIngressClassProps(resolved) - } + ...toJson_KubeIngressClassProps(resolved), + }; } } @@ -4463,7 +4463,7 @@ export class KubeIngressClassList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'IngressClassList' + kind: 'IngressClassList', } /** @@ -4476,8 +4476,8 @@ export class KubeIngressClassList extends ApiObject { public static manifest(props: KubeIngressClassListProps): any { return { ...KubeIngressClassList.GVK, - ...toJson_KubeIngressClassListProps(props) - } + ...toJson_KubeIngressClassListProps(props), + }; } /** @@ -4489,20 +4489,20 @@ export class KubeIngressClassList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeIngressClassListProps) { super(scope, id, { ...KubeIngressClassList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeIngressClassList.GVK, - ...toJson_KubeIngressClassListProps(resolved) - } + ...toJson_KubeIngressClassListProps(resolved), + }; } } @@ -4517,7 +4517,7 @@ export class KubeIngressList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'IngressList' + kind: 'IngressList', } /** @@ -4530,8 +4530,8 @@ export class KubeIngressList extends ApiObject { public static manifest(props: KubeIngressListProps): any { return { ...KubeIngressList.GVK, - ...toJson_KubeIngressListProps(props) - } + ...toJson_KubeIngressListProps(props), + }; } /** @@ -4543,20 +4543,20 @@ export class KubeIngressList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeIngressListProps) { super(scope, id, { ...KubeIngressList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeIngressList.GVK, - ...toJson_KubeIngressListProps(resolved) - } + ...toJson_KubeIngressListProps(resolved), + }; } } @@ -4571,7 +4571,7 @@ export class KubeNetworkPolicy extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'NetworkPolicy' + kind: 'NetworkPolicy', } /** @@ -4584,8 +4584,8 @@ export class KubeNetworkPolicy extends ApiObject { public static manifest(props: KubeNetworkPolicyProps = {}): any { return { ...KubeNetworkPolicy.GVK, - ...toJson_KubeNetworkPolicyProps(props) - } + ...toJson_KubeNetworkPolicyProps(props), + }; } /** @@ -4597,20 +4597,20 @@ export class KubeNetworkPolicy extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNetworkPolicyProps = {}) { super(scope, id, { ...KubeNetworkPolicy.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNetworkPolicy.GVK, - ...toJson_KubeNetworkPolicyProps(resolved) - } + ...toJson_KubeNetworkPolicyProps(resolved), + }; } } @@ -4625,7 +4625,7 @@ export class KubeNetworkPolicyList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1', - kind: 'NetworkPolicyList' + kind: 'NetworkPolicyList', } /** @@ -4638,8 +4638,8 @@ export class KubeNetworkPolicyList extends ApiObject { public static manifest(props: KubeNetworkPolicyListProps): any { return { ...KubeNetworkPolicyList.GVK, - ...toJson_KubeNetworkPolicyListProps(props) - } + ...toJson_KubeNetworkPolicyListProps(props), + }; } /** @@ -4651,20 +4651,20 @@ export class KubeNetworkPolicyList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeNetworkPolicyListProps) { super(scope, id, { ...KubeNetworkPolicyList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeNetworkPolicyList.GVK, - ...toJson_KubeNetworkPolicyListProps(resolved) - } + ...toJson_KubeNetworkPolicyListProps(resolved), + }; } } @@ -4679,7 +4679,7 @@ export class KubeClusterCidrv1Alpha1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1alpha1', - kind: 'ClusterCIDR' + kind: 'ClusterCIDR', } /** @@ -4692,8 +4692,8 @@ export class KubeClusterCidrv1Alpha1 extends ApiObject { public static manifest(props: KubeClusterCidrv1Alpha1Props = {}): any { return { ...KubeClusterCidrv1Alpha1.GVK, - ...toJson_KubeClusterCidrv1Alpha1Props(props) - } + ...toJson_KubeClusterCidrv1Alpha1Props(props), + }; } /** @@ -4705,20 +4705,20 @@ export class KubeClusterCidrv1Alpha1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterCidrv1Alpha1Props = {}) { super(scope, id, { ...KubeClusterCidrv1Alpha1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterCidrv1Alpha1.GVK, - ...toJson_KubeClusterCidrv1Alpha1Props(resolved) - } + ...toJson_KubeClusterCidrv1Alpha1Props(resolved), + }; } } @@ -4733,7 +4733,7 @@ export class KubeClusterCidrListV1Alpha1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'networking.k8s.io/v1alpha1', - kind: 'ClusterCIDRList' + kind: 'ClusterCIDRList', } /** @@ -4746,8 +4746,8 @@ export class KubeClusterCidrListV1Alpha1 extends ApiObject { public static manifest(props: KubeClusterCidrListV1Alpha1Props): any { return { ...KubeClusterCidrListV1Alpha1.GVK, - ...toJson_KubeClusterCidrListV1Alpha1Props(props) - } + ...toJson_KubeClusterCidrListV1Alpha1Props(props), + }; } /** @@ -4759,20 +4759,20 @@ export class KubeClusterCidrListV1Alpha1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterCidrListV1Alpha1Props) { super(scope, id, { ...KubeClusterCidrListV1Alpha1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterCidrListV1Alpha1.GVK, - ...toJson_KubeClusterCidrListV1Alpha1Props(resolved) - } + ...toJson_KubeClusterCidrListV1Alpha1Props(resolved), + }; } } @@ -4787,7 +4787,7 @@ export class KubeRuntimeClass extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'node.k8s.io/v1', - kind: 'RuntimeClass' + kind: 'RuntimeClass', } /** @@ -4800,8 +4800,8 @@ export class KubeRuntimeClass extends ApiObject { public static manifest(props: KubeRuntimeClassProps): any { return { ...KubeRuntimeClass.GVK, - ...toJson_KubeRuntimeClassProps(props) - } + ...toJson_KubeRuntimeClassProps(props), + }; } /** @@ -4813,20 +4813,20 @@ export class KubeRuntimeClass extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRuntimeClassProps) { super(scope, id, { ...KubeRuntimeClass.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRuntimeClass.GVK, - ...toJson_KubeRuntimeClassProps(resolved) - } + ...toJson_KubeRuntimeClassProps(resolved), + }; } } @@ -4841,7 +4841,7 @@ export class KubeRuntimeClassList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'node.k8s.io/v1', - kind: 'RuntimeClassList' + kind: 'RuntimeClassList', } /** @@ -4854,8 +4854,8 @@ export class KubeRuntimeClassList extends ApiObject { public static manifest(props: KubeRuntimeClassListProps): any { return { ...KubeRuntimeClassList.GVK, - ...toJson_KubeRuntimeClassListProps(props) - } + ...toJson_KubeRuntimeClassListProps(props), + }; } /** @@ -4867,20 +4867,20 @@ export class KubeRuntimeClassList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRuntimeClassListProps) { super(scope, id, { ...KubeRuntimeClassList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRuntimeClassList.GVK, - ...toJson_KubeRuntimeClassListProps(resolved) - } + ...toJson_KubeRuntimeClassListProps(resolved), + }; } } @@ -4895,7 +4895,7 @@ export class KubeEviction extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'policy/v1', - kind: 'Eviction' + kind: 'Eviction', } /** @@ -4908,8 +4908,8 @@ export class KubeEviction extends ApiObject { public static manifest(props: KubeEvictionProps = {}): any { return { ...KubeEviction.GVK, - ...toJson_KubeEvictionProps(props) - } + ...toJson_KubeEvictionProps(props), + }; } /** @@ -4921,20 +4921,20 @@ export class KubeEviction extends ApiObject { public constructor(scope: Construct, id: string, props: KubeEvictionProps = {}) { super(scope, id, { ...KubeEviction.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeEviction.GVK, - ...toJson_KubeEvictionProps(resolved) - } + ...toJson_KubeEvictionProps(resolved), + }; } } @@ -4949,7 +4949,7 @@ export class KubePodDisruptionBudget extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'policy/v1', - kind: 'PodDisruptionBudget' + kind: 'PodDisruptionBudget', } /** @@ -4962,8 +4962,8 @@ export class KubePodDisruptionBudget extends ApiObject { public static manifest(props: KubePodDisruptionBudgetProps = {}): any { return { ...KubePodDisruptionBudget.GVK, - ...toJson_KubePodDisruptionBudgetProps(props) - } + ...toJson_KubePodDisruptionBudgetProps(props), + }; } /** @@ -4975,20 +4975,20 @@ export class KubePodDisruptionBudget extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodDisruptionBudgetProps = {}) { super(scope, id, { ...KubePodDisruptionBudget.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePodDisruptionBudget.GVK, - ...toJson_KubePodDisruptionBudgetProps(resolved) - } + ...toJson_KubePodDisruptionBudgetProps(resolved), + }; } } @@ -5003,7 +5003,7 @@ export class KubePodDisruptionBudgetList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'policy/v1', - kind: 'PodDisruptionBudgetList' + kind: 'PodDisruptionBudgetList', } /** @@ -5016,8 +5016,8 @@ export class KubePodDisruptionBudgetList extends ApiObject { public static manifest(props: KubePodDisruptionBudgetListProps): any { return { ...KubePodDisruptionBudgetList.GVK, - ...toJson_KubePodDisruptionBudgetListProps(props) - } + ...toJson_KubePodDisruptionBudgetListProps(props), + }; } /** @@ -5029,20 +5029,20 @@ export class KubePodDisruptionBudgetList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePodDisruptionBudgetListProps) { super(scope, id, { ...KubePodDisruptionBudgetList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePodDisruptionBudgetList.GVK, - ...toJson_KubePodDisruptionBudgetListProps(resolved) - } + ...toJson_KubePodDisruptionBudgetListProps(resolved), + }; } } @@ -5057,7 +5057,7 @@ export class KubeClusterRole extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole' + kind: 'ClusterRole', } /** @@ -5070,8 +5070,8 @@ export class KubeClusterRole extends ApiObject { public static manifest(props: KubeClusterRoleProps = {}): any { return { ...KubeClusterRole.GVK, - ...toJson_KubeClusterRoleProps(props) - } + ...toJson_KubeClusterRoleProps(props), + }; } /** @@ -5083,20 +5083,20 @@ export class KubeClusterRole extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterRoleProps = {}) { super(scope, id, { ...KubeClusterRole.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterRole.GVK, - ...toJson_KubeClusterRoleProps(resolved) - } + ...toJson_KubeClusterRoleProps(resolved), + }; } } @@ -5111,7 +5111,7 @@ export class KubeClusterRoleBinding extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding' + kind: 'ClusterRoleBinding', } /** @@ -5124,8 +5124,8 @@ export class KubeClusterRoleBinding extends ApiObject { public static manifest(props: KubeClusterRoleBindingProps): any { return { ...KubeClusterRoleBinding.GVK, - ...toJson_KubeClusterRoleBindingProps(props) - } + ...toJson_KubeClusterRoleBindingProps(props), + }; } /** @@ -5137,20 +5137,20 @@ export class KubeClusterRoleBinding extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterRoleBindingProps) { super(scope, id, { ...KubeClusterRoleBinding.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterRoleBinding.GVK, - ...toJson_KubeClusterRoleBindingProps(resolved) - } + ...toJson_KubeClusterRoleBindingProps(resolved), + }; } } @@ -5165,7 +5165,7 @@ export class KubeClusterRoleBindingList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBindingList' + kind: 'ClusterRoleBindingList', } /** @@ -5178,8 +5178,8 @@ export class KubeClusterRoleBindingList extends ApiObject { public static manifest(props: KubeClusterRoleBindingListProps): any { return { ...KubeClusterRoleBindingList.GVK, - ...toJson_KubeClusterRoleBindingListProps(props) - } + ...toJson_KubeClusterRoleBindingListProps(props), + }; } /** @@ -5191,20 +5191,20 @@ export class KubeClusterRoleBindingList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterRoleBindingListProps) { super(scope, id, { ...KubeClusterRoleBindingList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterRoleBindingList.GVK, - ...toJson_KubeClusterRoleBindingListProps(resolved) - } + ...toJson_KubeClusterRoleBindingListProps(resolved), + }; } } @@ -5219,7 +5219,7 @@ export class KubeClusterRoleList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleList' + kind: 'ClusterRoleList', } /** @@ -5232,8 +5232,8 @@ export class KubeClusterRoleList extends ApiObject { public static manifest(props: KubeClusterRoleListProps): any { return { ...KubeClusterRoleList.GVK, - ...toJson_KubeClusterRoleListProps(props) - } + ...toJson_KubeClusterRoleListProps(props), + }; } /** @@ -5245,20 +5245,20 @@ export class KubeClusterRoleList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeClusterRoleListProps) { super(scope, id, { ...KubeClusterRoleList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeClusterRoleList.GVK, - ...toJson_KubeClusterRoleListProps(resolved) - } + ...toJson_KubeClusterRoleListProps(resolved), + }; } } @@ -5273,7 +5273,7 @@ export class KubeRole extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role' + kind: 'Role', } /** @@ -5286,8 +5286,8 @@ export class KubeRole extends ApiObject { public static manifest(props: KubeRoleProps = {}): any { return { ...KubeRole.GVK, - ...toJson_KubeRoleProps(props) - } + ...toJson_KubeRoleProps(props), + }; } /** @@ -5299,20 +5299,20 @@ export class KubeRole extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRoleProps = {}) { super(scope, id, { ...KubeRole.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRole.GVK, - ...toJson_KubeRoleProps(resolved) - } + ...toJson_KubeRoleProps(resolved), + }; } } @@ -5327,7 +5327,7 @@ export class KubeRoleBinding extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding' + kind: 'RoleBinding', } /** @@ -5340,8 +5340,8 @@ export class KubeRoleBinding extends ApiObject { public static manifest(props: KubeRoleBindingProps): any { return { ...KubeRoleBinding.GVK, - ...toJson_KubeRoleBindingProps(props) - } + ...toJson_KubeRoleBindingProps(props), + }; } /** @@ -5353,20 +5353,20 @@ export class KubeRoleBinding extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRoleBindingProps) { super(scope, id, { ...KubeRoleBinding.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRoleBinding.GVK, - ...toJson_KubeRoleBindingProps(resolved) - } + ...toJson_KubeRoleBindingProps(resolved), + }; } } @@ -5381,7 +5381,7 @@ export class KubeRoleBindingList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBindingList' + kind: 'RoleBindingList', } /** @@ -5394,8 +5394,8 @@ export class KubeRoleBindingList extends ApiObject { public static manifest(props: KubeRoleBindingListProps): any { return { ...KubeRoleBindingList.GVK, - ...toJson_KubeRoleBindingListProps(props) - } + ...toJson_KubeRoleBindingListProps(props), + }; } /** @@ -5407,20 +5407,20 @@ export class KubeRoleBindingList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRoleBindingListProps) { super(scope, id, { ...KubeRoleBindingList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRoleBindingList.GVK, - ...toJson_KubeRoleBindingListProps(resolved) - } + ...toJson_KubeRoleBindingListProps(resolved), + }; } } @@ -5435,7 +5435,7 @@ export class KubeRoleList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleList' + kind: 'RoleList', } /** @@ -5448,8 +5448,8 @@ export class KubeRoleList extends ApiObject { public static manifest(props: KubeRoleListProps): any { return { ...KubeRoleList.GVK, - ...toJson_KubeRoleListProps(props) - } + ...toJson_KubeRoleListProps(props), + }; } /** @@ -5461,20 +5461,20 @@ export class KubeRoleList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeRoleListProps) { super(scope, id, { ...KubeRoleList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeRoleList.GVK, - ...toJson_KubeRoleListProps(resolved) - } + ...toJson_KubeRoleListProps(resolved), + }; } } @@ -5489,7 +5489,7 @@ export class KubePriorityClass extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'scheduling.k8s.io/v1', - kind: 'PriorityClass' + kind: 'PriorityClass', } /** @@ -5502,8 +5502,8 @@ export class KubePriorityClass extends ApiObject { public static manifest(props: KubePriorityClassProps): any { return { ...KubePriorityClass.GVK, - ...toJson_KubePriorityClassProps(props) - } + ...toJson_KubePriorityClassProps(props), + }; } /** @@ -5515,20 +5515,20 @@ export class KubePriorityClass extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityClassProps) { super(scope, id, { ...KubePriorityClass.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityClass.GVK, - ...toJson_KubePriorityClassProps(resolved) - } + ...toJson_KubePriorityClassProps(resolved), + }; } } @@ -5543,7 +5543,7 @@ export class KubePriorityClassList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'scheduling.k8s.io/v1', - kind: 'PriorityClassList' + kind: 'PriorityClassList', } /** @@ -5556,8 +5556,8 @@ export class KubePriorityClassList extends ApiObject { public static manifest(props: KubePriorityClassListProps): any { return { ...KubePriorityClassList.GVK, - ...toJson_KubePriorityClassListProps(props) - } + ...toJson_KubePriorityClassListProps(props), + }; } /** @@ -5569,20 +5569,20 @@ export class KubePriorityClassList extends ApiObject { public constructor(scope: Construct, id: string, props: KubePriorityClassListProps) { super(scope, id, { ...KubePriorityClassList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubePriorityClassList.GVK, - ...toJson_KubePriorityClassListProps(resolved) - } + ...toJson_KubePriorityClassListProps(resolved), + }; } } @@ -5597,7 +5597,7 @@ export class KubeCsiDriver extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSIDriver' + kind: 'CSIDriver', } /** @@ -5610,8 +5610,8 @@ export class KubeCsiDriver extends ApiObject { public static manifest(props: KubeCsiDriverProps): any { return { ...KubeCsiDriver.GVK, - ...toJson_KubeCsiDriverProps(props) - } + ...toJson_KubeCsiDriverProps(props), + }; } /** @@ -5623,20 +5623,20 @@ export class KubeCsiDriver extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiDriverProps) { super(scope, id, { ...KubeCsiDriver.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiDriver.GVK, - ...toJson_KubeCsiDriverProps(resolved) - } + ...toJson_KubeCsiDriverProps(resolved), + }; } } @@ -5651,7 +5651,7 @@ export class KubeCsiDriverList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSIDriverList' + kind: 'CSIDriverList', } /** @@ -5664,8 +5664,8 @@ export class KubeCsiDriverList extends ApiObject { public static manifest(props: KubeCsiDriverListProps): any { return { ...KubeCsiDriverList.GVK, - ...toJson_KubeCsiDriverListProps(props) - } + ...toJson_KubeCsiDriverListProps(props), + }; } /** @@ -5677,20 +5677,20 @@ export class KubeCsiDriverList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiDriverListProps) { super(scope, id, { ...KubeCsiDriverList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiDriverList.GVK, - ...toJson_KubeCsiDriverListProps(resolved) - } + ...toJson_KubeCsiDriverListProps(resolved), + }; } } @@ -5705,7 +5705,7 @@ export class KubeCsiNode extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSINode' + kind: 'CSINode', } /** @@ -5718,8 +5718,8 @@ export class KubeCsiNode extends ApiObject { public static manifest(props: KubeCsiNodeProps): any { return { ...KubeCsiNode.GVK, - ...toJson_KubeCsiNodeProps(props) - } + ...toJson_KubeCsiNodeProps(props), + }; } /** @@ -5731,20 +5731,20 @@ export class KubeCsiNode extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiNodeProps) { super(scope, id, { ...KubeCsiNode.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiNode.GVK, - ...toJson_KubeCsiNodeProps(resolved) - } + ...toJson_KubeCsiNodeProps(resolved), + }; } } @@ -5759,7 +5759,7 @@ export class KubeCsiNodeList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSINodeList' + kind: 'CSINodeList', } /** @@ -5772,8 +5772,8 @@ export class KubeCsiNodeList extends ApiObject { public static manifest(props: KubeCsiNodeListProps): any { return { ...KubeCsiNodeList.GVK, - ...toJson_KubeCsiNodeListProps(props) - } + ...toJson_KubeCsiNodeListProps(props), + }; } /** @@ -5785,20 +5785,20 @@ export class KubeCsiNodeList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiNodeListProps) { super(scope, id, { ...KubeCsiNodeList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiNodeList.GVK, - ...toJson_KubeCsiNodeListProps(resolved) - } + ...toJson_KubeCsiNodeListProps(resolved), + }; } } @@ -5821,7 +5821,7 @@ export class KubeCsiStorageCapacity extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSIStorageCapacity' + kind: 'CSIStorageCapacity', } /** @@ -5834,8 +5834,8 @@ export class KubeCsiStorageCapacity extends ApiObject { public static manifest(props: KubeCsiStorageCapacityProps): any { return { ...KubeCsiStorageCapacity.GVK, - ...toJson_KubeCsiStorageCapacityProps(props) - } + ...toJson_KubeCsiStorageCapacityProps(props), + }; } /** @@ -5847,20 +5847,20 @@ export class KubeCsiStorageCapacity extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiStorageCapacityProps) { super(scope, id, { ...KubeCsiStorageCapacity.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiStorageCapacity.GVK, - ...toJson_KubeCsiStorageCapacityProps(resolved) - } + ...toJson_KubeCsiStorageCapacityProps(resolved), + }; } } @@ -5875,7 +5875,7 @@ export class KubeCsiStorageCapacityList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'CSIStorageCapacityList' + kind: 'CSIStorageCapacityList', } /** @@ -5888,8 +5888,8 @@ export class KubeCsiStorageCapacityList extends ApiObject { public static manifest(props: KubeCsiStorageCapacityListProps): any { return { ...KubeCsiStorageCapacityList.GVK, - ...toJson_KubeCsiStorageCapacityListProps(props) - } + ...toJson_KubeCsiStorageCapacityListProps(props), + }; } /** @@ -5901,20 +5901,20 @@ export class KubeCsiStorageCapacityList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiStorageCapacityListProps) { super(scope, id, { ...KubeCsiStorageCapacityList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiStorageCapacityList.GVK, - ...toJson_KubeCsiStorageCapacityListProps(resolved) - } + ...toJson_KubeCsiStorageCapacityListProps(resolved), + }; } } @@ -5931,7 +5931,7 @@ export class KubeStorageClass extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'StorageClass' + kind: 'StorageClass', } /** @@ -5944,8 +5944,8 @@ export class KubeStorageClass extends ApiObject { public static manifest(props: KubeStorageClassProps): any { return { ...KubeStorageClass.GVK, - ...toJson_KubeStorageClassProps(props) - } + ...toJson_KubeStorageClassProps(props), + }; } /** @@ -5957,20 +5957,20 @@ export class KubeStorageClass extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStorageClassProps) { super(scope, id, { ...KubeStorageClass.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStorageClass.GVK, - ...toJson_KubeStorageClassProps(resolved) - } + ...toJson_KubeStorageClassProps(resolved), + }; } } @@ -5985,7 +5985,7 @@ export class KubeStorageClassList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'StorageClassList' + kind: 'StorageClassList', } /** @@ -5998,8 +5998,8 @@ export class KubeStorageClassList extends ApiObject { public static manifest(props: KubeStorageClassListProps): any { return { ...KubeStorageClassList.GVK, - ...toJson_KubeStorageClassListProps(props) - } + ...toJson_KubeStorageClassListProps(props), + }; } /** @@ -6011,20 +6011,20 @@ export class KubeStorageClassList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStorageClassListProps) { super(scope, id, { ...KubeStorageClassList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStorageClassList.GVK, - ...toJson_KubeStorageClassListProps(resolved) - } + ...toJson_KubeStorageClassListProps(resolved), + }; } } @@ -6041,7 +6041,7 @@ export class KubeVolumeAttachment extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'VolumeAttachment' + kind: 'VolumeAttachment', } /** @@ -6054,8 +6054,8 @@ export class KubeVolumeAttachment extends ApiObject { public static manifest(props: KubeVolumeAttachmentProps): any { return { ...KubeVolumeAttachment.GVK, - ...toJson_KubeVolumeAttachmentProps(props) - } + ...toJson_KubeVolumeAttachmentProps(props), + }; } /** @@ -6067,20 +6067,20 @@ export class KubeVolumeAttachment extends ApiObject { public constructor(scope: Construct, id: string, props: KubeVolumeAttachmentProps) { super(scope, id, { ...KubeVolumeAttachment.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeVolumeAttachment.GVK, - ...toJson_KubeVolumeAttachmentProps(resolved) - } + ...toJson_KubeVolumeAttachmentProps(resolved), + }; } } @@ -6095,7 +6095,7 @@ export class KubeVolumeAttachmentList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1', - kind: 'VolumeAttachmentList' + kind: 'VolumeAttachmentList', } /** @@ -6108,8 +6108,8 @@ export class KubeVolumeAttachmentList extends ApiObject { public static manifest(props: KubeVolumeAttachmentListProps): any { return { ...KubeVolumeAttachmentList.GVK, - ...toJson_KubeVolumeAttachmentListProps(props) - } + ...toJson_KubeVolumeAttachmentListProps(props), + }; } /** @@ -6121,20 +6121,20 @@ export class KubeVolumeAttachmentList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeVolumeAttachmentListProps) { super(scope, id, { ...KubeVolumeAttachmentList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeVolumeAttachmentList.GVK, - ...toJson_KubeVolumeAttachmentListProps(resolved) - } + ...toJson_KubeVolumeAttachmentListProps(resolved), + }; } } @@ -6157,7 +6157,7 @@ export class KubeCsiStorageCapacityV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1beta1', - kind: 'CSIStorageCapacity' + kind: 'CSIStorageCapacity', } /** @@ -6170,8 +6170,8 @@ export class KubeCsiStorageCapacityV1Beta1 extends ApiObject { public static manifest(props: KubeCsiStorageCapacityV1Beta1Props): any { return { ...KubeCsiStorageCapacityV1Beta1.GVK, - ...toJson_KubeCsiStorageCapacityV1Beta1Props(props) - } + ...toJson_KubeCsiStorageCapacityV1Beta1Props(props), + }; } /** @@ -6183,20 +6183,20 @@ export class KubeCsiStorageCapacityV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiStorageCapacityV1Beta1Props) { super(scope, id, { ...KubeCsiStorageCapacityV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiStorageCapacityV1Beta1.GVK, - ...toJson_KubeCsiStorageCapacityV1Beta1Props(resolved) - } + ...toJson_KubeCsiStorageCapacityV1Beta1Props(resolved), + }; } } @@ -6211,7 +6211,7 @@ export class KubeCsiStorageCapacityListV1Beta1 extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'storage.k8s.io/v1beta1', - kind: 'CSIStorageCapacityList' + kind: 'CSIStorageCapacityList', } /** @@ -6224,8 +6224,8 @@ export class KubeCsiStorageCapacityListV1Beta1 extends ApiObject { public static manifest(props: KubeCsiStorageCapacityListV1Beta1Props): any { return { ...KubeCsiStorageCapacityListV1Beta1.GVK, - ...toJson_KubeCsiStorageCapacityListV1Beta1Props(props) - } + ...toJson_KubeCsiStorageCapacityListV1Beta1Props(props), + }; } /** @@ -6237,20 +6237,20 @@ export class KubeCsiStorageCapacityListV1Beta1 extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCsiStorageCapacityListV1Beta1Props) { super(scope, id, { ...KubeCsiStorageCapacityListV1Beta1.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCsiStorageCapacityListV1Beta1.GVK, - ...toJson_KubeCsiStorageCapacityListV1Beta1Props(resolved) - } + ...toJson_KubeCsiStorageCapacityListV1Beta1Props(resolved), + }; } } @@ -6265,7 +6265,7 @@ export class KubeCustomResourceDefinition extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apiextensions.k8s.io/v1', - kind: 'CustomResourceDefinition' + kind: 'CustomResourceDefinition', } /** @@ -6278,8 +6278,8 @@ export class KubeCustomResourceDefinition extends ApiObject { public static manifest(props: KubeCustomResourceDefinitionProps): any { return { ...KubeCustomResourceDefinition.GVK, - ...toJson_KubeCustomResourceDefinitionProps(props) - } + ...toJson_KubeCustomResourceDefinitionProps(props), + }; } /** @@ -6291,20 +6291,20 @@ export class KubeCustomResourceDefinition extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCustomResourceDefinitionProps) { super(scope, id, { ...KubeCustomResourceDefinition.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCustomResourceDefinition.GVK, - ...toJson_KubeCustomResourceDefinitionProps(resolved) - } + ...toJson_KubeCustomResourceDefinitionProps(resolved), + }; } } @@ -6319,7 +6319,7 @@ export class KubeCustomResourceDefinitionList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apiextensions.k8s.io/v1', - kind: 'CustomResourceDefinitionList' + kind: 'CustomResourceDefinitionList', } /** @@ -6332,8 +6332,8 @@ export class KubeCustomResourceDefinitionList extends ApiObject { public static manifest(props: KubeCustomResourceDefinitionListProps): any { return { ...KubeCustomResourceDefinitionList.GVK, - ...toJson_KubeCustomResourceDefinitionListProps(props) - } + ...toJson_KubeCustomResourceDefinitionListProps(props), + }; } /** @@ -6345,20 +6345,20 @@ export class KubeCustomResourceDefinitionList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeCustomResourceDefinitionListProps) { super(scope, id, { ...KubeCustomResourceDefinitionList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeCustomResourceDefinitionList.GVK, - ...toJson_KubeCustomResourceDefinitionListProps(resolved) - } + ...toJson_KubeCustomResourceDefinitionListProps(resolved), + }; } } @@ -6373,7 +6373,7 @@ export class KubeStatus extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'v1', - kind: 'Status' + kind: 'Status', } /** @@ -6386,8 +6386,8 @@ export class KubeStatus extends ApiObject { public static manifest(props: KubeStatusProps = {}): any { return { ...KubeStatus.GVK, - ...toJson_KubeStatusProps(props) - } + ...toJson_KubeStatusProps(props), + }; } /** @@ -6399,20 +6399,20 @@ export class KubeStatus extends ApiObject { public constructor(scope: Construct, id: string, props: KubeStatusProps = {}) { super(scope, id, { ...KubeStatus.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeStatus.GVK, - ...toJson_KubeStatusProps(resolved) - } + ...toJson_KubeStatusProps(resolved), + }; } } @@ -6427,7 +6427,7 @@ export class KubeApiService extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apiregistration.k8s.io/v1', - kind: 'APIService' + kind: 'APIService', } /** @@ -6440,8 +6440,8 @@ export class KubeApiService extends ApiObject { public static manifest(props: KubeApiServiceProps = {}): any { return { ...KubeApiService.GVK, - ...toJson_KubeApiServiceProps(props) - } + ...toJson_KubeApiServiceProps(props), + }; } /** @@ -6453,20 +6453,20 @@ export class KubeApiService extends ApiObject { public constructor(scope: Construct, id: string, props: KubeApiServiceProps = {}) { super(scope, id, { ...KubeApiService.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeApiService.GVK, - ...toJson_KubeApiServiceProps(resolved) - } + ...toJson_KubeApiServiceProps(resolved), + }; } } @@ -6481,7 +6481,7 @@ export class KubeApiServiceList extends ApiObject { */ public static readonly GVK: GroupVersionKind = { apiVersion: 'apiregistration.k8s.io/v1', - kind: 'APIServiceList' + kind: 'APIServiceList', } /** @@ -6494,8 +6494,8 @@ export class KubeApiServiceList extends ApiObject { public static manifest(props: KubeApiServiceListProps): any { return { ...KubeApiServiceList.GVK, - ...toJson_KubeApiServiceListProps(props) - } + ...toJson_KubeApiServiceListProps(props), + }; } /** @@ -6507,20 +6507,20 @@ export class KubeApiServiceList extends ApiObject { public constructor(scope: Construct, id: string, props: KubeApiServiceListProps) { super(scope, id, { ...KubeApiServiceList.GVK, - ...props - }) + ...props, + }); } /** * Renders the object to Kubernetes JSON. */ public toJson(): any { - const resolved = super.toJson() + const resolved = super.toJson(); return { ...KubeApiServiceList.GVK, - ...toJson_KubeApiServiceListProps(resolved) - } + ...toJson_KubeApiServiceListProps(resolved), + }; } } @@ -6535,32 +6535,29 @@ export interface KubeMutatingWebhookConfigurationProps { * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Webhooks is a list of webhooks and the affected resources and operations. * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration#webhooks */ - readonly webhooks?: MutatingWebhook[] + readonly webhooks?: MutatingWebhook[]; + } /** * Converts an object of type 'KubeMutatingWebhookConfigurationProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeMutatingWebhookConfigurationProps( - obj: KubeMutatingWebhookConfigurationProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeMutatingWebhookConfigurationProps(obj: KubeMutatingWebhookConfigurationProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - webhooks: obj.webhooks?.map((y) => toJson_MutatingWebhook(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'webhooks': obj.webhooks?.map(y => toJson_MutatingWebhook(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6575,32 +6572,29 @@ export interface KubeMutatingWebhookConfigurationListProps { * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList#items */ - readonly items: KubeMutatingWebhookConfigurationProps[] + readonly items: KubeMutatingWebhookConfigurationProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeMutatingWebhookConfigurationListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeMutatingWebhookConfigurationListProps( - obj: KubeMutatingWebhookConfigurationListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeMutatingWebhookConfigurationListProps(obj: KubeMutatingWebhookConfigurationListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeMutatingWebhookConfigurationProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeMutatingWebhookConfigurationProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6615,32 +6609,29 @@ export interface KubeValidatingWebhookConfigurationProps { * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Webhooks is a list of webhooks and the affected resources and operations. * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration#webhooks */ - readonly webhooks?: ValidatingWebhook[] + readonly webhooks?: ValidatingWebhook[]; + } /** * Converts an object of type 'KubeValidatingWebhookConfigurationProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeValidatingWebhookConfigurationProps( - obj: KubeValidatingWebhookConfigurationProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeValidatingWebhookConfigurationProps(obj: KubeValidatingWebhookConfigurationProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - webhooks: obj.webhooks?.map((y) => toJson_ValidatingWebhook(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'webhooks': obj.webhooks?.map(y => toJson_ValidatingWebhook(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6655,32 +6646,29 @@ export interface KubeValidatingWebhookConfigurationListProps { * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList#items */ - readonly items: KubeValidatingWebhookConfigurationProps[] + readonly items: KubeValidatingWebhookConfigurationProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeValidatingWebhookConfigurationListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeValidatingWebhookConfigurationListProps( - obj: KubeValidatingWebhookConfigurationListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeValidatingWebhookConfigurationListProps(obj: KubeValidatingWebhookConfigurationListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeValidatingWebhookConfigurationProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeValidatingWebhookConfigurationProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6695,32 +6683,29 @@ export interface KubeStorageVersionV1Alpha1Props { * * @schema io.k8s.api.apiserverinternal.v1alpha1.StorageVersion#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec is an empty spec. It is here to comply with Kubernetes API style. * * @schema io.k8s.api.apiserverinternal.v1alpha1.StorageVersion#spec */ - readonly spec: any + readonly spec: any; + } /** * Converts an object of type 'KubeStorageVersionV1Alpha1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeStorageVersionV1Alpha1Props( - obj: KubeStorageVersionV1Alpha1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeStorageVersionV1Alpha1Props(obj: KubeStorageVersionV1Alpha1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: obj.spec - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': obj.spec, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6735,32 +6720,29 @@ export interface KubeStorageVersionListV1Alpha1Props { * * @schema io.k8s.api.apiserverinternal.v1alpha1.StorageVersionList#items */ - readonly items: KubeStorageVersionV1Alpha1Props[] + readonly items: KubeStorageVersionV1Alpha1Props[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.apiserverinternal.v1alpha1.StorageVersionList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeStorageVersionListV1Alpha1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeStorageVersionListV1Alpha1Props( - obj: KubeStorageVersionListV1Alpha1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeStorageVersionListV1Alpha1Props(obj: KubeStorageVersionListV1Alpha1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeStorageVersionV1Alpha1Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeStorageVersionV1Alpha1Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6775,40 +6757,37 @@ export interface KubeControllerRevisionProps { * * @schema io.k8s.api.apps.v1.ControllerRevision#data */ - readonly data?: any + readonly data?: any; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.apps.v1.ControllerRevision#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Revision indicates the revision of the state represented by Data. * * @schema io.k8s.api.apps.v1.ControllerRevision#revision */ - readonly revision: number + readonly revision: number; + } /** * Converts an object of type 'KubeControllerRevisionProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeControllerRevisionProps( - obj: KubeControllerRevisionProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeControllerRevisionProps(obj: KubeControllerRevisionProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - data: obj.data, - metadata: toJson_ObjectMeta(obj.metadata), - revision: obj.revision - } + 'data': obj.data, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'revision': obj.revision, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6823,32 +6802,29 @@ export interface KubeControllerRevisionListProps { * * @schema io.k8s.api.apps.v1.ControllerRevisionList#items */ - readonly items: KubeControllerRevisionProps[] + readonly items: KubeControllerRevisionProps[]; /** * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.apps.v1.ControllerRevisionList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeControllerRevisionListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeControllerRevisionListProps( - obj: KubeControllerRevisionListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeControllerRevisionListProps(obj: KubeControllerRevisionListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeControllerRevisionProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeControllerRevisionProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6863,14 +6839,15 @@ export interface KubeDaemonSetProps { * * @schema io.k8s.api.apps.v1.DaemonSet#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.apps.v1.DaemonSet#spec */ - readonly spec?: DaemonSetSpec + readonly spec?: DaemonSetSpec; + } /** @@ -6878,15 +6855,13 @@ export interface KubeDaemonSetProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeDaemonSetProps(obj: KubeDaemonSetProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_DaemonSetSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_DaemonSetSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6901,32 +6876,29 @@ export interface KubeDaemonSetListProps { * * @schema io.k8s.api.apps.v1.DaemonSetList#items */ - readonly items: KubeDaemonSetProps[] + readonly items: KubeDaemonSetProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.apps.v1.DaemonSetList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeDaemonSetListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeDaemonSetListProps( - obj: KubeDaemonSetListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeDaemonSetListProps(obj: KubeDaemonSetListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeDaemonSetProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeDaemonSetProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6941,14 +6913,15 @@ export interface KubeDeploymentProps { * * @schema io.k8s.api.apps.v1.Deployment#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of the Deployment. * * @schema io.k8s.api.apps.v1.Deployment#spec */ - readonly spec?: DeploymentSpec + readonly spec?: DeploymentSpec; + } /** @@ -6956,15 +6929,13 @@ export interface KubeDeploymentProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeDeploymentProps(obj: KubeDeploymentProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_DeploymentSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_DeploymentSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -6979,32 +6950,29 @@ export interface KubeDeploymentListProps { * * @schema io.k8s.api.apps.v1.DeploymentList#items */ - readonly items: KubeDeploymentProps[] + readonly items: KubeDeploymentProps[]; /** * Standard list metadata. * * @schema io.k8s.api.apps.v1.DeploymentList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeDeploymentListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeDeploymentListProps( - obj: KubeDeploymentListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeDeploymentListProps(obj: KubeDeploymentListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeDeploymentProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeDeploymentProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7019,14 +6987,15 @@ export interface KubeReplicaSetProps { * * @schema io.k8s.api.apps.v1.ReplicaSet#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.apps.v1.ReplicaSet#spec */ - readonly spec?: ReplicaSetSpec + readonly spec?: ReplicaSetSpec; + } /** @@ -7034,15 +7003,13 @@ export interface KubeReplicaSetProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeReplicaSetProps(obj: KubeReplicaSetProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ReplicaSetSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ReplicaSetSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7057,32 +7024,29 @@ export interface KubeReplicaSetListProps { * * @schema io.k8s.api.apps.v1.ReplicaSetList#items */ - readonly items: KubeReplicaSetProps[] + readonly items: KubeReplicaSetProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.apps.v1.ReplicaSetList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeReplicaSetListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeReplicaSetListProps( - obj: KubeReplicaSetListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeReplicaSetListProps(obj: KubeReplicaSetListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeReplicaSetProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeReplicaSetProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7101,14 +7065,15 @@ export interface KubeStatefulSetProps { * * @schema io.k8s.api.apps.v1.StatefulSet#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the desired identities of pods in this set. * * @schema io.k8s.api.apps.v1.StatefulSet#spec */ - readonly spec?: StatefulSetSpec + readonly spec?: StatefulSetSpec; + } /** @@ -7116,15 +7081,13 @@ export interface KubeStatefulSetProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeStatefulSetProps(obj: KubeStatefulSetProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_StatefulSetSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_StatefulSetSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7139,32 +7102,29 @@ export interface KubeStatefulSetListProps { * * @schema io.k8s.api.apps.v1.StatefulSetList#items */ - readonly items: KubeStatefulSetProps[] + readonly items: KubeStatefulSetProps[]; /** * Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.apps.v1.StatefulSetList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeStatefulSetListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeStatefulSetListProps( - obj: KubeStatefulSetListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeStatefulSetListProps(obj: KubeStatefulSetListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeStatefulSetProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeStatefulSetProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7179,14 +7139,15 @@ export interface KubeTokenRequestProps { * * @schema io.k8s.api.authentication.v1.TokenRequest#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated * * @schema io.k8s.api.authentication.v1.TokenRequest#spec */ - readonly spec: TokenRequestSpec + readonly spec: TokenRequestSpec; + } /** @@ -7194,15 +7155,13 @@ export interface KubeTokenRequestProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeTokenRequestProps(obj: KubeTokenRequestProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_TokenRequestSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_TokenRequestSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7217,14 +7176,15 @@ export interface KubeTokenReviewProps { * * @schema io.k8s.api.authentication.v1.TokenReview#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated * * @schema io.k8s.api.authentication.v1.TokenReview#spec */ - readonly spec: TokenReviewSpec + readonly spec: TokenReviewSpec; + } /** @@ -7232,15 +7192,13 @@ export interface KubeTokenReviewProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeTokenReviewProps(obj: KubeTokenReviewProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_TokenReviewSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_TokenReviewSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7255,32 +7213,29 @@ export interface KubeLocalSubjectAccessReviewProps { * * @schema io.k8s.api.authorization.v1.LocalSubjectAccessReview#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted. * * @schema io.k8s.api.authorization.v1.LocalSubjectAccessReview#spec */ - readonly spec: SubjectAccessReviewSpec + readonly spec: SubjectAccessReviewSpec; + } /** * Converts an object of type 'KubeLocalSubjectAccessReviewProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeLocalSubjectAccessReviewProps( - obj: KubeLocalSubjectAccessReviewProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeLocalSubjectAccessReviewProps(obj: KubeLocalSubjectAccessReviewProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_SubjectAccessReviewSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_SubjectAccessReviewSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7295,32 +7250,29 @@ export interface KubeSelfSubjectAccessReviewProps { * * @schema io.k8s.api.authorization.v1.SelfSubjectAccessReview#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated. user and groups must be empty * * @schema io.k8s.api.authorization.v1.SelfSubjectAccessReview#spec */ - readonly spec: SelfSubjectAccessReviewSpec + readonly spec: SelfSubjectAccessReviewSpec; + } /** * Converts an object of type 'KubeSelfSubjectAccessReviewProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeSelfSubjectAccessReviewProps( - obj: KubeSelfSubjectAccessReviewProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeSelfSubjectAccessReviewProps(obj: KubeSelfSubjectAccessReviewProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_SelfSubjectAccessReviewSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_SelfSubjectAccessReviewSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7335,32 +7287,29 @@ export interface KubeSelfSubjectRulesReviewProps { * * @schema io.k8s.api.authorization.v1.SelfSubjectRulesReview#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated. * * @schema io.k8s.api.authorization.v1.SelfSubjectRulesReview#spec */ - readonly spec: SelfSubjectRulesReviewSpec + readonly spec: SelfSubjectRulesReviewSpec; + } /** * Converts an object of type 'KubeSelfSubjectRulesReviewProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeSelfSubjectRulesReviewProps( - obj: KubeSelfSubjectRulesReviewProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeSelfSubjectRulesReviewProps(obj: KubeSelfSubjectRulesReviewProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_SelfSubjectRulesReviewSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_SelfSubjectRulesReviewSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7375,32 +7324,29 @@ export interface KubeSubjectAccessReviewProps { * * @schema io.k8s.api.authorization.v1.SubjectAccessReview#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec holds information about the request being evaluated * * @schema io.k8s.api.authorization.v1.SubjectAccessReview#spec */ - readonly spec: SubjectAccessReviewSpec + readonly spec: SubjectAccessReviewSpec; + } /** * Converts an object of type 'KubeSubjectAccessReviewProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeSubjectAccessReviewProps( - obj: KubeSubjectAccessReviewProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeSubjectAccessReviewProps(obj: KubeSubjectAccessReviewProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_SubjectAccessReviewSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_SubjectAccessReviewSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7415,32 +7361,29 @@ export interface KubeHorizontalPodAutoscalerProps { * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscaler#spec */ - readonly spec?: HorizontalPodAutoscalerSpec + readonly spec?: HorizontalPodAutoscalerSpec; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerProps( - obj: KubeHorizontalPodAutoscalerProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerProps(obj: KubeHorizontalPodAutoscalerProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_HorizontalPodAutoscalerSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_HorizontalPodAutoscalerSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7455,32 +7398,29 @@ export interface KubeHorizontalPodAutoscalerListProps { * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerList#items */ - readonly items: KubeHorizontalPodAutoscalerProps[] + readonly items: KubeHorizontalPodAutoscalerProps[]; /** * Standard list metadata. * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerListProps( - obj: KubeHorizontalPodAutoscalerListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerListProps(obj: KubeHorizontalPodAutoscalerListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeHorizontalPodAutoscalerProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeHorizontalPodAutoscalerProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7495,14 +7435,15 @@ export interface KubeScaleProps { * * @schema io.k8s.api.autoscaling.v1.Scale#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. * * @schema io.k8s.api.autoscaling.v1.Scale#spec */ - readonly spec?: ScaleSpec + readonly spec?: ScaleSpec; + } /** @@ -7510,15 +7451,13 @@ export interface KubeScaleProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeScaleProps(obj: KubeScaleProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ScaleSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ScaleSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7533,32 +7472,29 @@ export interface KubeHorizontalPodAutoscalerV2Props { * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscaler#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscaler#spec */ - readonly spec?: HorizontalPodAutoscalerSpecV2 + readonly spec?: HorizontalPodAutoscalerSpecV2; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerV2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerV2Props( - obj: KubeHorizontalPodAutoscalerV2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerV2Props(obj: KubeHorizontalPodAutoscalerV2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_HorizontalPodAutoscalerSpecV2(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_HorizontalPodAutoscalerSpecV2(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7573,32 +7509,29 @@ export interface KubeHorizontalPodAutoscalerListV2Props { * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList#items */ - readonly items: KubeHorizontalPodAutoscalerV2Props[] + readonly items: KubeHorizontalPodAutoscalerV2Props[]; /** * metadata is the standard list metadata. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerListV2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerListV2Props( - obj: KubeHorizontalPodAutoscalerListV2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerListV2Props(obj: KubeHorizontalPodAutoscalerListV2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeHorizontalPodAutoscalerV2Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeHorizontalPodAutoscalerV2Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7613,32 +7546,29 @@ export interface KubeHorizontalPodAutoscalerV2Beta2Props { * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler#spec */ - readonly spec?: HorizontalPodAutoscalerSpecV2Beta2 + readonly spec?: HorizontalPodAutoscalerSpecV2Beta2; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerV2Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerV2Beta2Props( - obj: KubeHorizontalPodAutoscalerV2Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerV2Beta2Props(obj: KubeHorizontalPodAutoscalerV2Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_HorizontalPodAutoscalerSpecV2Beta2(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_HorizontalPodAutoscalerSpecV2Beta2(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7653,32 +7583,29 @@ export interface KubeHorizontalPodAutoscalerListV2Beta2Props { * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList#items */ - readonly items: KubeHorizontalPodAutoscalerV2Beta2Props[] + readonly items: KubeHorizontalPodAutoscalerV2Beta2Props[]; /** * metadata is the standard list metadata. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeHorizontalPodAutoscalerListV2Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeHorizontalPodAutoscalerListV2Beta2Props( - obj: KubeHorizontalPodAutoscalerListV2Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeHorizontalPodAutoscalerListV2Beta2Props(obj: KubeHorizontalPodAutoscalerListV2Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeHorizontalPodAutoscalerV2Beta2Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeHorizontalPodAutoscalerV2Beta2Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7693,14 +7620,15 @@ export interface KubeCronJobProps { * * @schema io.k8s.api.batch.v1.CronJob#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.batch.v1.CronJob#spec */ - readonly spec?: CronJobSpec + readonly spec?: CronJobSpec; + } /** @@ -7708,15 +7636,13 @@ export interface KubeCronJobProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeCronJobProps(obj: KubeCronJobProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_CronJobSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_CronJobSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7731,14 +7657,15 @@ export interface KubeCronJobListProps { * * @schema io.k8s.api.batch.v1.CronJobList#items */ - readonly items: KubeCronJobProps[] + readonly items: KubeCronJobProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.batch.v1.CronJobList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -7746,15 +7673,13 @@ export interface KubeCronJobListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeCronJobListProps(obj: KubeCronJobListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCronJobProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCronJobProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7769,14 +7694,15 @@ export interface KubeJobProps { * * @schema io.k8s.api.batch.v1.Job#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.batch.v1.Job#spec */ - readonly spec?: JobSpec + readonly spec?: JobSpec; + } /** @@ -7784,15 +7710,13 @@ export interface KubeJobProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeJobProps(obj: KubeJobProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_JobSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_JobSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7807,14 +7731,15 @@ export interface KubeJobListProps { * * @schema io.k8s.api.batch.v1.JobList#items */ - readonly items: KubeJobProps[] + readonly items: KubeJobProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.batch.v1.JobList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -7822,15 +7747,13 @@ export interface KubeJobListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeJobListProps(obj: KubeJobListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeJobProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeJobProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7849,32 +7772,29 @@ export interface KubeCertificateSigningRequestProps { /** * @schema io.k8s.api.certificates.v1.CertificateSigningRequest#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequest#spec */ - readonly spec: CertificateSigningRequestSpec + readonly spec: CertificateSigningRequestSpec; + } /** * Converts an object of type 'KubeCertificateSigningRequestProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCertificateSigningRequestProps( - obj: KubeCertificateSigningRequestProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCertificateSigningRequestProps(obj: KubeCertificateSigningRequestProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_CertificateSigningRequestSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_CertificateSigningRequestSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7889,30 +7809,27 @@ export interface KubeCertificateSigningRequestListProps { * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestList#items */ - readonly items: KubeCertificateSigningRequestProps[] + readonly items: KubeCertificateSigningRequestProps[]; /** * @schema io.k8s.api.certificates.v1.CertificateSigningRequestList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeCertificateSigningRequestListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCertificateSigningRequestListProps( - obj: KubeCertificateSigningRequestListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCertificateSigningRequestListProps(obj: KubeCertificateSigningRequestListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCertificateSigningRequestProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCertificateSigningRequestProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7927,14 +7844,15 @@ export interface KubeLeaseProps { * * @schema io.k8s.api.coordination.v1.Lease#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the Lease. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.coordination.v1.Lease#spec */ - readonly spec?: LeaseSpec + readonly spec?: LeaseSpec; + } /** @@ -7942,15 +7860,13 @@ export interface KubeLeaseProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeLeaseProps(obj: KubeLeaseProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_LeaseSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_LeaseSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -7965,14 +7881,15 @@ export interface KubeLeaseListProps { * * @schema io.k8s.api.coordination.v1.LeaseList#items */ - readonly items: KubeLeaseProps[] + readonly items: KubeLeaseProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.coordination.v1.LeaseList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -7980,15 +7897,13 @@ export interface KubeLeaseListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeLeaseListProps(obj: KubeLeaseListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeLeaseProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeLeaseProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8003,14 +7918,15 @@ export interface KubeBindingProps { * * @schema io.k8s.api.core.v1.Binding#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * The target object that you want to bind to the standard object. * * @schema io.k8s.api.core.v1.Binding#target */ - readonly target: ObjectReference + readonly target: ObjectReference; + } /** @@ -8018,15 +7934,13 @@ export interface KubeBindingProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeBindingProps(obj: KubeBindingProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - target: toJson_ObjectReference(obj.target) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'target': toJson_ObjectReference(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8041,32 +7955,29 @@ export interface KubeComponentStatusProps { * * @schema io.k8s.api.core.v1.ComponentStatus#conditions */ - readonly conditions?: ComponentCondition[] + readonly conditions?: ComponentCondition[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.core.v1.ComponentStatus#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; + } /** * Converts an object of type 'KubeComponentStatusProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeComponentStatusProps( - obj: KubeComponentStatusProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeComponentStatusProps(obj: KubeComponentStatusProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - conditions: obj.conditions?.map((y) => toJson_ComponentCondition(y)), - metadata: toJson_ObjectMeta(obj.metadata) - } + 'conditions': obj.conditions?.map(y => toJson_ComponentCondition(y)), + 'metadata': toJson_ObjectMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8081,32 +7992,29 @@ export interface KubeComponentStatusListProps { * * @schema io.k8s.api.core.v1.ComponentStatusList#items */ - readonly items: KubeComponentStatusProps[] + readonly items: KubeComponentStatusProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ComponentStatusList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeComponentStatusListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeComponentStatusListProps( - obj: KubeComponentStatusListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeComponentStatusListProps(obj: KubeComponentStatusListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeComponentStatusProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeComponentStatusProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8121,28 +8029,29 @@ export interface KubeConfigMapProps { * * @schema io.k8s.api.core.v1.ConfigMap#binaryData */ - readonly binaryData?: { [key: string]: string } + readonly binaryData?: { [key: string]: string }; /** * Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process. * * @schema io.k8s.api.core.v1.ConfigMap#data */ - readonly data?: { [key: string]: string } + readonly data?: { [key: string]: string }; /** * Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil. * * @schema io.k8s.api.core.v1.ConfigMap#immutable */ - readonly immutable?: boolean + readonly immutable?: boolean; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.core.v1.ConfigMap#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; + } /** @@ -8150,23 +8059,15 @@ export interface KubeConfigMapProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeConfigMapProps(obj: KubeConfigMapProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - binaryData: - obj.binaryData === undefined - ? undefined - : Object.entries(obj.binaryData).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - data: - obj.data === undefined - ? undefined - : Object.entries(obj.data).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - immutable: obj.immutable, - metadata: toJson_ObjectMeta(obj.metadata) - } + 'binaryData': ((obj.binaryData) === undefined) ? undefined : (Object.entries(obj.binaryData).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'data': ((obj.data) === undefined) ? undefined : (Object.entries(obj.data).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'immutable': obj.immutable, + 'metadata': toJson_ObjectMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8181,32 +8082,29 @@ export interface KubeConfigMapListProps { * * @schema io.k8s.api.core.v1.ConfigMapList#items */ - readonly items: KubeConfigMapProps[] + readonly items: KubeConfigMapProps[]; /** * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.core.v1.ConfigMapList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeConfigMapListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeConfigMapListProps( - obj: KubeConfigMapListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeConfigMapListProps(obj: KubeConfigMapListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeConfigMapProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeConfigMapProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8233,14 +8131,15 @@ export interface KubeEndpointsProps { * * @schema io.k8s.api.core.v1.Endpoints#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service. * * @schema io.k8s.api.core.v1.Endpoints#subsets */ - readonly subsets?: EndpointSubset[] + readonly subsets?: EndpointSubset[]; + } /** @@ -8248,15 +8147,13 @@ export interface KubeEndpointsProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeEndpointsProps(obj: KubeEndpointsProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - subsets: obj.subsets?.map((y) => toJson_EndpointSubset(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'subsets': obj.subsets?.map(y => toJson_EndpointSubset(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8271,32 +8168,29 @@ export interface KubeEndpointsListProps { * * @schema io.k8s.api.core.v1.EndpointsList#items */ - readonly items: KubeEndpointsProps[] + readonly items: KubeEndpointsProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.EndpointsList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeEndpointsListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeEndpointsListProps( - obj: KubeEndpointsListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeEndpointsListProps(obj: KubeEndpointsListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeEndpointsProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeEndpointsProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8311,105 +8205,106 @@ export interface KubeEventProps { * * @schema io.k8s.api.events.v1.Event#action */ - readonly action?: string + readonly action?: string; /** * deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type. * * @schema io.k8s.api.events.v1.Event#deprecatedCount */ - readonly deprecatedCount?: number + readonly deprecatedCount?: number; /** * deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. * * @schema io.k8s.api.events.v1.Event#deprecatedFirstTimestamp */ - readonly deprecatedFirstTimestamp?: Date + readonly deprecatedFirstTimestamp?: Date; /** * deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. * * @schema io.k8s.api.events.v1.Event#deprecatedLastTimestamp */ - readonly deprecatedLastTimestamp?: Date + readonly deprecatedLastTimestamp?: Date; /** * deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type. * * @schema io.k8s.api.events.v1.Event#deprecatedSource */ - readonly deprecatedSource?: EventSource + readonly deprecatedSource?: EventSource; /** * eventTime is the time when this Event was first observed. It is required. * * @schema io.k8s.api.events.v1.Event#eventTime */ - readonly eventTime: Date + readonly eventTime: Date; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.events.v1.Event#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB. * * @schema io.k8s.api.events.v1.Event#note */ - readonly note?: string + readonly note?: string; /** * reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters. * * @schema io.k8s.api.events.v1.Event#reason */ - readonly reason?: string + readonly reason?: string; /** * regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object. * * @schema io.k8s.api.events.v1.Event#regarding */ - readonly regarding?: ObjectReference + readonly regarding?: ObjectReference; /** * related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object. * * @schema io.k8s.api.events.v1.Event#related */ - readonly related?: ObjectReference + readonly related?: ObjectReference; /** * reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events. * * @schema io.k8s.api.events.v1.Event#reportingController */ - readonly reportingController?: string + readonly reportingController?: string; /** * reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters. * * @schema io.k8s.api.events.v1.Event#reportingInstance */ - readonly reportingInstance?: string + readonly reportingInstance?: string; /** * series is data about the Event series this event represents or nil if it's a singleton Event. * * @schema io.k8s.api.events.v1.Event#series */ - readonly series?: EventSeries + readonly series?: EventSeries; /** * type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events. * * @schema io.k8s.api.events.v1.Event#type */ - readonly type?: string + readonly type?: string; + } /** @@ -8417,28 +8312,26 @@ export interface KubeEventProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeEventProps(obj: KubeEventProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - action: obj.action, - deprecatedCount: obj.deprecatedCount, - deprecatedFirstTimestamp: obj.deprecatedFirstTimestamp?.toISOString(), - deprecatedLastTimestamp: obj.deprecatedLastTimestamp?.toISOString(), - deprecatedSource: toJson_EventSource(obj.deprecatedSource), - eventTime: obj.eventTime?.toISOString(), - metadata: toJson_ObjectMeta(obj.metadata), - note: obj.note, - reason: obj.reason, - regarding: toJson_ObjectReference(obj.regarding), - related: toJson_ObjectReference(obj.related), - reportingController: obj.reportingController, - reportingInstance: obj.reportingInstance, - series: toJson_EventSeries(obj.series), - type: obj.type - } + 'action': obj.action, + 'deprecatedCount': obj.deprecatedCount, + 'deprecatedFirstTimestamp': obj.deprecatedFirstTimestamp?.toISOString(), + 'deprecatedLastTimestamp': obj.deprecatedLastTimestamp?.toISOString(), + 'deprecatedSource': toJson_EventSource(obj.deprecatedSource), + 'eventTime': obj.eventTime?.toISOString(), + 'metadata': toJson_ObjectMeta(obj.metadata), + 'note': obj.note, + 'reason': obj.reason, + 'regarding': toJson_ObjectReference(obj.regarding), + 'related': toJson_ObjectReference(obj.related), + 'reportingController': obj.reportingController, + 'reportingInstance': obj.reportingInstance, + 'series': toJson_EventSeries(obj.series), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8453,14 +8346,15 @@ export interface KubeEventListProps { * * @schema io.k8s.api.events.v1.EventList#items */ - readonly items: KubeEventProps[] + readonly items: KubeEventProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.events.v1.EventList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -8468,15 +8362,13 @@ export interface KubeEventListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeEventListProps(obj: KubeEventListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeEventProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeEventProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8491,14 +8383,15 @@ export interface KubeLimitRangeProps { * * @schema io.k8s.api.core.v1.LimitRange#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.LimitRange#spec */ - readonly spec?: LimitRangeSpec + readonly spec?: LimitRangeSpec; + } /** @@ -8506,15 +8399,13 @@ export interface KubeLimitRangeProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeLimitRangeProps(obj: KubeLimitRangeProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_LimitRangeSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_LimitRangeSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8529,32 +8420,29 @@ export interface KubeLimitRangeListProps { * * @schema io.k8s.api.core.v1.LimitRangeList#items */ - readonly items: KubeLimitRangeProps[] + readonly items: KubeLimitRangeProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.LimitRangeList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeLimitRangeListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeLimitRangeListProps( - obj: KubeLimitRangeListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeLimitRangeListProps(obj: KubeLimitRangeListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeLimitRangeProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeLimitRangeProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8569,14 +8457,15 @@ export interface KubeNamespaceProps { * * @schema io.k8s.api.core.v1.Namespace#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.Namespace#spec */ - readonly spec?: NamespaceSpec + readonly spec?: NamespaceSpec; + } /** @@ -8584,15 +8473,13 @@ export interface KubeNamespaceProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeNamespaceProps(obj: KubeNamespaceProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_NamespaceSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_NamespaceSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8607,32 +8494,29 @@ export interface KubeNamespaceListProps { * * @schema io.k8s.api.core.v1.NamespaceList#items */ - readonly items: KubeNamespaceProps[] + readonly items: KubeNamespaceProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.NamespaceList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeNamespaceListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeNamespaceListProps( - obj: KubeNamespaceListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeNamespaceListProps(obj: KubeNamespaceListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeNamespaceProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeNamespaceProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8647,14 +8531,15 @@ export interface KubeNodeProps { * * @schema io.k8s.api.core.v1.Node#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.Node#spec */ - readonly spec?: NodeSpec + readonly spec?: NodeSpec; + } /** @@ -8662,15 +8547,13 @@ export interface KubeNodeProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeNodeProps(obj: KubeNodeProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_NodeSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_NodeSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8685,14 +8568,15 @@ export interface KubeNodeListProps { * * @schema io.k8s.api.core.v1.NodeList#items */ - readonly items: KubeNodeProps[] + readonly items: KubeNodeProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.NodeList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -8700,15 +8584,13 @@ export interface KubeNodeListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeNodeListProps(obj: KubeNodeListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeNodeProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeNodeProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8723,32 +8605,29 @@ export interface KubePersistentVolumeProps { * * @schema io.k8s.api.core.v1.PersistentVolume#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes * * @schema io.k8s.api.core.v1.PersistentVolume#spec */ - readonly spec?: PersistentVolumeSpec + readonly spec?: PersistentVolumeSpec; + } /** * Converts an object of type 'KubePersistentVolumeProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePersistentVolumeProps( - obj: KubePersistentVolumeProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePersistentVolumeProps(obj: KubePersistentVolumeProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PersistentVolumeSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PersistentVolumeSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8763,32 +8642,29 @@ export interface KubePersistentVolumeClaimProps { * * @schema io.k8s.api.core.v1.PersistentVolumeClaim#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims * * @schema io.k8s.api.core.v1.PersistentVolumeClaim#spec */ - readonly spec?: PersistentVolumeClaimSpec + readonly spec?: PersistentVolumeClaimSpec; + } /** * Converts an object of type 'KubePersistentVolumeClaimProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePersistentVolumeClaimProps( - obj: KubePersistentVolumeClaimProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePersistentVolumeClaimProps(obj: KubePersistentVolumeClaimProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PersistentVolumeClaimSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PersistentVolumeClaimSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8803,32 +8679,29 @@ export interface KubePersistentVolumeClaimListProps { * * @schema io.k8s.api.core.v1.PersistentVolumeClaimList#items */ - readonly items: KubePersistentVolumeClaimProps[] + readonly items: KubePersistentVolumeClaimProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.PersistentVolumeClaimList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePersistentVolumeClaimListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePersistentVolumeClaimListProps( - obj: KubePersistentVolumeClaimListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePersistentVolumeClaimListProps(obj: KubePersistentVolumeClaimListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePersistentVolumeClaimProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePersistentVolumeClaimProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8843,32 +8716,29 @@ export interface KubePersistentVolumeListProps { * * @schema io.k8s.api.core.v1.PersistentVolumeList#items */ - readonly items: KubePersistentVolumeProps[] + readonly items: KubePersistentVolumeProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.PersistentVolumeList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePersistentVolumeListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePersistentVolumeListProps( - obj: KubePersistentVolumeListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePersistentVolumeListProps(obj: KubePersistentVolumeListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePersistentVolumeProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePersistentVolumeProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8883,14 +8753,15 @@ export interface KubePodProps { * * @schema io.k8s.api.core.v1.Pod#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.Pod#spec */ - readonly spec?: PodSpec + readonly spec?: PodSpec; + } /** @@ -8898,15 +8769,13 @@ export interface KubePodProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubePodProps(obj: KubePodProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PodSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PodSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8921,14 +8790,15 @@ export interface KubePodListProps { * * @schema io.k8s.api.core.v1.PodList#items */ - readonly items: KubePodProps[] + readonly items: KubePodProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.PodList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -8936,15 +8806,13 @@ export interface KubePodListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubePodListProps(obj: KubePodListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePodProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePodProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8959,14 +8827,15 @@ export interface KubePodTemplateProps { * * @schema io.k8s.api.core.v1.PodTemplate#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.PodTemplate#template */ - readonly template?: PodTemplateSpec + readonly template?: PodTemplateSpec; + } /** @@ -8974,15 +8843,13 @@ export interface KubePodTemplateProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubePodTemplateProps(obj: KubePodTemplateProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - template: toJson_PodTemplateSpec(obj.template) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'template': toJson_PodTemplateSpec(obj.template), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -8997,32 +8864,29 @@ export interface KubePodTemplateListProps { * * @schema io.k8s.api.core.v1.PodTemplateList#items */ - readonly items: KubePodTemplateProps[] + readonly items: KubePodTemplateProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.PodTemplateList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePodTemplateListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePodTemplateListProps( - obj: KubePodTemplateListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePodTemplateListProps(obj: KubePodTemplateListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePodTemplateProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePodTemplateProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9037,32 +8901,29 @@ export interface KubeReplicationControllerProps { * * @schema io.k8s.api.core.v1.ReplicationController#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.ReplicationController#spec */ - readonly spec?: ReplicationControllerSpec + readonly spec?: ReplicationControllerSpec; + } /** * Converts an object of type 'KubeReplicationControllerProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeReplicationControllerProps( - obj: KubeReplicationControllerProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeReplicationControllerProps(obj: KubeReplicationControllerProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ReplicationControllerSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ReplicationControllerSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9077,32 +8938,29 @@ export interface KubeReplicationControllerListProps { * * @schema io.k8s.api.core.v1.ReplicationControllerList#items */ - readonly items: KubeReplicationControllerProps[] + readonly items: KubeReplicationControllerProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ReplicationControllerList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeReplicationControllerListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeReplicationControllerListProps( - obj: KubeReplicationControllerListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeReplicationControllerListProps(obj: KubeReplicationControllerListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeReplicationControllerProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeReplicationControllerProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9117,32 +8975,29 @@ export interface KubeResourceQuotaProps { * * @schema io.k8s.api.core.v1.ResourceQuota#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.ResourceQuota#spec */ - readonly spec?: ResourceQuotaSpec + readonly spec?: ResourceQuotaSpec; + } /** * Converts an object of type 'KubeResourceQuotaProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeResourceQuotaProps( - obj: KubeResourceQuotaProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeResourceQuotaProps(obj: KubeResourceQuotaProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ResourceQuotaSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ResourceQuotaSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9157,32 +9012,29 @@ export interface KubeResourceQuotaListProps { * * @schema io.k8s.api.core.v1.ResourceQuotaList#items */ - readonly items: KubeResourceQuotaProps[] + readonly items: KubeResourceQuotaProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ResourceQuotaList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeResourceQuotaListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeResourceQuotaListProps( - obj: KubeResourceQuotaListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeResourceQuotaListProps(obj: KubeResourceQuotaListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeResourceQuotaProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeResourceQuotaProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9197,35 +9049,36 @@ export interface KubeSecretProps { * * @schema io.k8s.api.core.v1.Secret#data */ - readonly data?: { [key: string]: string } + readonly data?: { [key: string]: string }; /** * Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil. * * @schema io.k8s.api.core.v1.Secret#immutable */ - readonly immutable?: boolean + readonly immutable?: boolean; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.core.v1.Secret#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. * * @schema io.k8s.api.core.v1.Secret#stringData */ - readonly stringData?: { [key: string]: string } + readonly stringData?: { [key: string]: string }; /** * Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types * * @schema io.k8s.api.core.v1.Secret#type */ - readonly type?: string + readonly type?: string; + } /** @@ -9233,24 +9086,16 @@ export interface KubeSecretProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeSecretProps(obj: KubeSecretProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - data: - obj.data === undefined - ? undefined - : Object.entries(obj.data).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - immutable: obj.immutable, - metadata: toJson_ObjectMeta(obj.metadata), - stringData: - obj.stringData === undefined - ? undefined - : Object.entries(obj.stringData).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - type: obj.type - } + 'data': ((obj.data) === undefined) ? undefined : (Object.entries(obj.data).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'immutable': obj.immutable, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'stringData': ((obj.stringData) === undefined) ? undefined : (Object.entries(obj.stringData).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9265,14 +9110,15 @@ export interface KubeSecretListProps { * * @schema io.k8s.api.core.v1.SecretList#items */ - readonly items: KubeSecretProps[] + readonly items: KubeSecretProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.SecretList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -9280,15 +9126,13 @@ export interface KubeSecretListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeSecretListProps(obj: KubeSecretListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeSecretProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeSecretProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9303,14 +9147,15 @@ export interface KubeServiceProps { * * @schema io.k8s.api.core.v1.Service#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.Service#spec */ - readonly spec?: ServiceSpec + readonly spec?: ServiceSpec; + } /** @@ -9318,15 +9163,13 @@ export interface KubeServiceProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeServiceProps(obj: KubeServiceProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ServiceSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ServiceSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9341,48 +9184,45 @@ export interface KubeServiceAccountProps { * * @schema io.k8s.api.core.v1.ServiceAccount#automountServiceAccountToken */ - readonly automountServiceAccountToken?: boolean + readonly automountServiceAccountToken?: boolean; /** * ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod * * @schema io.k8s.api.core.v1.ServiceAccount#imagePullSecrets */ - readonly imagePullSecrets?: LocalObjectReference[] + readonly imagePullSecrets?: LocalObjectReference[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.core.v1.ServiceAccount#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret * * @schema io.k8s.api.core.v1.ServiceAccount#secrets */ - readonly secrets?: ObjectReference[] + readonly secrets?: ObjectReference[]; + } /** * Converts an object of type 'KubeServiceAccountProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeServiceAccountProps( - obj: KubeServiceAccountProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeServiceAccountProps(obj: KubeServiceAccountProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - automountServiceAccountToken: obj.automountServiceAccountToken, - imagePullSecrets: obj.imagePullSecrets?.map((y) => toJson_LocalObjectReference(y)), - metadata: toJson_ObjectMeta(obj.metadata), - secrets: obj.secrets?.map((y) => toJson_ObjectReference(y)) - } + 'automountServiceAccountToken': obj.automountServiceAccountToken, + 'imagePullSecrets': obj.imagePullSecrets?.map(y => toJson_LocalObjectReference(y)), + 'metadata': toJson_ObjectMeta(obj.metadata), + 'secrets': obj.secrets?.map(y => toJson_ObjectReference(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9397,32 +9237,29 @@ export interface KubeServiceAccountListProps { * * @schema io.k8s.api.core.v1.ServiceAccountList#items */ - readonly items: KubeServiceAccountProps[] + readonly items: KubeServiceAccountProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ServiceAccountList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeServiceAccountListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeServiceAccountListProps( - obj: KubeServiceAccountListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeServiceAccountListProps(obj: KubeServiceAccountListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeServiceAccountProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeServiceAccountProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9437,14 +9274,15 @@ export interface KubeServiceListProps { * * @schema io.k8s.api.core.v1.ServiceList#items */ - readonly items: KubeServiceProps[] + readonly items: KubeServiceProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ServiceList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -9452,15 +9290,13 @@ export interface KubeServiceListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeServiceListProps(obj: KubeServiceListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeServiceProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeServiceProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9477,48 +9313,45 @@ export interface KubeEndpointSliceProps { * * @schema io.k8s.api.discovery.v1.EndpointSlice#addressType */ - readonly addressType: string + readonly addressType: string; /** * endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints. * * @schema io.k8s.api.discovery.v1.EndpointSlice#endpoints */ - readonly endpoints: Endpoint[] + readonly endpoints: Endpoint[]; /** * Standard object's metadata. * * @schema io.k8s.api.discovery.v1.EndpointSlice#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports. * * @schema io.k8s.api.discovery.v1.EndpointSlice#ports */ - readonly ports?: EndpointPort[] + readonly ports?: EndpointPort[]; + } /** * Converts an object of type 'KubeEndpointSliceProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeEndpointSliceProps( - obj: KubeEndpointSliceProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeEndpointSliceProps(obj: KubeEndpointSliceProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - addressType: obj.addressType, - endpoints: obj.endpoints?.map((y) => toJson_Endpoint(y)), - metadata: toJson_ObjectMeta(obj.metadata), - ports: obj.ports?.map((y) => toJson_EndpointPort(y)) - } + 'addressType': obj.addressType, + 'endpoints': obj.endpoints?.map(y => toJson_Endpoint(y)), + 'metadata': toJson_ObjectMeta(obj.metadata), + 'ports': obj.ports?.map(y => toJson_EndpointPort(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9533,32 +9366,29 @@ export interface KubeEndpointSliceListProps { * * @schema io.k8s.api.discovery.v1.EndpointSliceList#items */ - readonly items: KubeEndpointSliceProps[] + readonly items: KubeEndpointSliceProps[]; /** * Standard list metadata. * * @schema io.k8s.api.discovery.v1.EndpointSliceList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeEndpointSliceListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeEndpointSliceListProps( - obj: KubeEndpointSliceListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeEndpointSliceListProps(obj: KubeEndpointSliceListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeEndpointSliceProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeEndpointSliceProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9573,32 +9403,29 @@ export interface KubeFlowSchemaV1Beta1Props { * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchema#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * `spec` is the specification of the desired behavior of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchema#spec */ - readonly spec?: FlowSchemaSpecV1Beta1 + readonly spec?: FlowSchemaSpecV1Beta1; + } /** * Converts an object of type 'KubeFlowSchemaV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeFlowSchemaV1Beta1Props( - obj: KubeFlowSchemaV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeFlowSchemaV1Beta1Props(obj: KubeFlowSchemaV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_FlowSchemaSpecV1Beta1(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_FlowSchemaSpecV1Beta1(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9613,32 +9440,29 @@ export interface KubeFlowSchemaListV1Beta1Props { * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaList#items */ - readonly items: KubeFlowSchemaV1Beta1Props[] + readonly items: KubeFlowSchemaV1Beta1Props[]; /** * `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeFlowSchemaListV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeFlowSchemaListV1Beta1Props( - obj: KubeFlowSchemaListV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeFlowSchemaListV1Beta1Props(obj: KubeFlowSchemaListV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeFlowSchemaV1Beta1Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeFlowSchemaV1Beta1Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9653,32 +9477,29 @@ export interface KubePriorityLevelConfigurationV1Beta1Props { * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * `spec` is the specification of the desired behavior of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfiguration#spec */ - readonly spec?: PriorityLevelConfigurationSpecV1Beta1 + readonly spec?: PriorityLevelConfigurationSpecV1Beta1; + } /** * Converts an object of type 'KubePriorityLevelConfigurationV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityLevelConfigurationV1Beta1Props( - obj: KubePriorityLevelConfigurationV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityLevelConfigurationV1Beta1Props(obj: KubePriorityLevelConfigurationV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PriorityLevelConfigurationSpecV1Beta1(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PriorityLevelConfigurationSpecV1Beta1(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9693,32 +9514,29 @@ export interface KubePriorityLevelConfigurationListV1Beta1Props { * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList#items */ - readonly items: KubePriorityLevelConfigurationV1Beta1Props[] + readonly items: KubePriorityLevelConfigurationV1Beta1Props[]; /** * `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePriorityLevelConfigurationListV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityLevelConfigurationListV1Beta1Props( - obj: KubePriorityLevelConfigurationListV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityLevelConfigurationListV1Beta1Props(obj: KubePriorityLevelConfigurationListV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePriorityLevelConfigurationV1Beta1Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePriorityLevelConfigurationV1Beta1Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9733,32 +9551,29 @@ export interface KubeFlowSchemaV1Beta2Props { * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchema#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * `spec` is the specification of the desired behavior of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchema#spec */ - readonly spec?: FlowSchemaSpecV1Beta2 + readonly spec?: FlowSchemaSpecV1Beta2; + } /** * Converts an object of type 'KubeFlowSchemaV1Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeFlowSchemaV1Beta2Props( - obj: KubeFlowSchemaV1Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeFlowSchemaV1Beta2Props(obj: KubeFlowSchemaV1Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_FlowSchemaSpecV1Beta2(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_FlowSchemaSpecV1Beta2(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9773,32 +9588,29 @@ export interface KubeFlowSchemaListV1Beta2Props { * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaList#items */ - readonly items: KubeFlowSchemaV1Beta2Props[] + readonly items: KubeFlowSchemaV1Beta2Props[]; /** * `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeFlowSchemaListV1Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeFlowSchemaListV1Beta2Props( - obj: KubeFlowSchemaListV1Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeFlowSchemaListV1Beta2Props(obj: KubeFlowSchemaListV1Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeFlowSchemaV1Beta2Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeFlowSchemaV1Beta2Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9813,32 +9625,29 @@ export interface KubePriorityLevelConfigurationV1Beta2Props { * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * `spec` is the specification of the desired behavior of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfiguration#spec */ - readonly spec?: PriorityLevelConfigurationSpecV1Beta2 + readonly spec?: PriorityLevelConfigurationSpecV1Beta2; + } /** * Converts an object of type 'KubePriorityLevelConfigurationV1Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityLevelConfigurationV1Beta2Props( - obj: KubePriorityLevelConfigurationV1Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityLevelConfigurationV1Beta2Props(obj: KubePriorityLevelConfigurationV1Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PriorityLevelConfigurationSpecV1Beta2(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PriorityLevelConfigurationSpecV1Beta2(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9853,32 +9662,29 @@ export interface KubePriorityLevelConfigurationListV1Beta2Props { * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationList#items */ - readonly items: KubePriorityLevelConfigurationV1Beta2Props[] + readonly items: KubePriorityLevelConfigurationV1Beta2Props[]; /** * `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePriorityLevelConfigurationListV1Beta2Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityLevelConfigurationListV1Beta2Props( - obj: KubePriorityLevelConfigurationListV1Beta2Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityLevelConfigurationListV1Beta2Props(obj: KubePriorityLevelConfigurationListV1Beta2Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePriorityLevelConfigurationV1Beta2Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePriorityLevelConfigurationV1Beta2Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9893,14 +9699,15 @@ export interface KubeIngressProps { * * @schema io.k8s.api.networking.v1.Ingress#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.networking.v1.Ingress#spec */ - readonly spec?: IngressSpec + readonly spec?: IngressSpec; + } /** @@ -9908,15 +9715,13 @@ export interface KubeIngressProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeIngressProps(obj: KubeIngressProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_IngressSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_IngressSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9931,14 +9736,15 @@ export interface KubeIngressClassProps { * * @schema io.k8s.api.networking.v1.IngressClass#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.networking.v1.IngressClass#spec */ - readonly spec?: IngressClassSpec + readonly spec?: IngressClassSpec; + } /** @@ -9946,15 +9752,13 @@ export interface KubeIngressClassProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeIngressClassProps(obj: KubeIngressClassProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_IngressClassSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_IngressClassSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -9969,32 +9773,29 @@ export interface KubeIngressClassListProps { * * @schema io.k8s.api.networking.v1.IngressClassList#items */ - readonly items: KubeIngressClassProps[] + readonly items: KubeIngressClassProps[]; /** * Standard list metadata. * * @schema io.k8s.api.networking.v1.IngressClassList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeIngressClassListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeIngressClassListProps( - obj: KubeIngressClassListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeIngressClassListProps(obj: KubeIngressClassListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeIngressClassProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeIngressClassProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10009,14 +9810,15 @@ export interface KubeIngressListProps { * * @schema io.k8s.api.networking.v1.IngressList#items */ - readonly items: KubeIngressProps[] + readonly items: KubeIngressProps[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.networking.v1.IngressList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -10024,15 +9826,13 @@ export interface KubeIngressListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeIngressListProps(obj: KubeIngressListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeIngressProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeIngressProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10047,32 +9847,29 @@ export interface KubeNetworkPolicyProps { * * @schema io.k8s.api.networking.v1.NetworkPolicy#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior for this NetworkPolicy. * * @schema io.k8s.api.networking.v1.NetworkPolicy#spec */ - readonly spec?: NetworkPolicySpec + readonly spec?: NetworkPolicySpec; + } /** * Converts an object of type 'KubeNetworkPolicyProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeNetworkPolicyProps( - obj: KubeNetworkPolicyProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeNetworkPolicyProps(obj: KubeNetworkPolicyProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_NetworkPolicySpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_NetworkPolicySpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10087,32 +9884,29 @@ export interface KubeNetworkPolicyListProps { * * @schema io.k8s.api.networking.v1.NetworkPolicyList#items */ - readonly items: KubeNetworkPolicyProps[] + readonly items: KubeNetworkPolicyProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.networking.v1.NetworkPolicyList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeNetworkPolicyListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeNetworkPolicyListProps( - obj: KubeNetworkPolicyListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeNetworkPolicyListProps(obj: KubeNetworkPolicyListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeNetworkPolicyProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeNetworkPolicyProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10127,32 +9921,29 @@ export interface KubeClusterCidrv1Alpha1Props { * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDR#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec is the desired state of the ClusterCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDR#spec */ - readonly spec?: ClusterCidrSpecV1Alpha1 + readonly spec?: ClusterCidrSpecV1Alpha1; + } /** * Converts an object of type 'KubeClusterCidrv1Alpha1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeClusterCidrv1Alpha1Props( - obj: KubeClusterCidrv1Alpha1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeClusterCidrv1Alpha1Props(obj: KubeClusterCidrv1Alpha1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ClusterCidrSpecV1Alpha1(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ClusterCidrSpecV1Alpha1(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10167,32 +9958,29 @@ export interface KubeClusterCidrListV1Alpha1Props { * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRList#items */ - readonly items: KubeClusterCidrv1Alpha1Props[] + readonly items: KubeClusterCidrv1Alpha1Props[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeClusterCidrListV1Alpha1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeClusterCidrListV1Alpha1Props( - obj: KubeClusterCidrListV1Alpha1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeClusterCidrListV1Alpha1Props(obj: KubeClusterCidrListV1Alpha1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeClusterCidrv1Alpha1Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeClusterCidrv1Alpha1Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10207,14 +9995,14 @@ export interface KubeRuntimeClassProps { * * @schema io.k8s.api.node.v1.RuntimeClass#handler */ - readonly handler: string + readonly handler: string; /** * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.node.v1.RuntimeClass#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see @@ -10222,14 +10010,15 @@ export interface KubeRuntimeClassProps { * * @schema io.k8s.api.node.v1.RuntimeClass#overhead */ - readonly overhead?: Overhead + readonly overhead?: Overhead; /** * Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes. * * @schema io.k8s.api.node.v1.RuntimeClass#scheduling */ - readonly scheduling?: Scheduling + readonly scheduling?: Scheduling; + } /** @@ -10237,17 +10026,15 @@ export interface KubeRuntimeClassProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeRuntimeClassProps(obj: KubeRuntimeClassProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - handler: obj.handler, - metadata: toJson_ObjectMeta(obj.metadata), - overhead: toJson_Overhead(obj.overhead), - scheduling: toJson_Scheduling(obj.scheduling) - } + 'handler': obj.handler, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'overhead': toJson_Overhead(obj.overhead), + 'scheduling': toJson_Scheduling(obj.scheduling), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10262,32 +10049,29 @@ export interface KubeRuntimeClassListProps { * * @schema io.k8s.api.node.v1.RuntimeClassList#items */ - readonly items: KubeRuntimeClassProps[] + readonly items: KubeRuntimeClassProps[]; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.node.v1.RuntimeClassList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeRuntimeClassListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeRuntimeClassListProps( - obj: KubeRuntimeClassListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeRuntimeClassListProps(obj: KubeRuntimeClassListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeRuntimeClassProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeRuntimeClassProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10302,14 +10086,15 @@ export interface KubeEvictionProps { * * @schema io.k8s.api.policy.v1.Eviction#deleteOptions */ - readonly deleteOptions?: DeleteOptions + readonly deleteOptions?: DeleteOptions; /** * ObjectMeta describes the pod that is being evicted. * * @schema io.k8s.api.policy.v1.Eviction#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; + } /** @@ -10317,15 +10102,13 @@ export interface KubeEvictionProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeEvictionProps(obj: KubeEvictionProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - deleteOptions: toJson_DeleteOptions(obj.deleteOptions), - metadata: toJson_ObjectMeta(obj.metadata) - } + 'deleteOptions': toJson_DeleteOptions(obj.deleteOptions), + 'metadata': toJson_ObjectMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10340,32 +10123,29 @@ export interface KubePodDisruptionBudgetProps { * * @schema io.k8s.api.policy.v1.PodDisruptionBudget#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of the PodDisruptionBudget. * * @schema io.k8s.api.policy.v1.PodDisruptionBudget#spec */ - readonly spec?: PodDisruptionBudgetSpec + readonly spec?: PodDisruptionBudgetSpec; + } /** * Converts an object of type 'KubePodDisruptionBudgetProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePodDisruptionBudgetProps( - obj: KubePodDisruptionBudgetProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePodDisruptionBudgetProps(obj: KubePodDisruptionBudgetProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PodDisruptionBudgetSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PodDisruptionBudgetSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10380,32 +10160,29 @@ export interface KubePodDisruptionBudgetListProps { * * @schema io.k8s.api.policy.v1.PodDisruptionBudgetList#items */ - readonly items: KubePodDisruptionBudgetProps[] + readonly items: KubePodDisruptionBudgetProps[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.policy.v1.PodDisruptionBudgetList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePodDisruptionBudgetListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePodDisruptionBudgetListProps( - obj: KubePodDisruptionBudgetListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePodDisruptionBudgetListProps(obj: KubePodDisruptionBudgetListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePodDisruptionBudgetProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePodDisruptionBudgetProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10420,21 +10197,22 @@ export interface KubeClusterRoleProps { * * @schema io.k8s.api.rbac.v1.ClusterRole#aggregationRule */ - readonly aggregationRule?: AggregationRule + readonly aggregationRule?: AggregationRule; /** * Standard object's metadata. * * @schema io.k8s.api.rbac.v1.ClusterRole#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Rules holds all the PolicyRules for this ClusterRole * * @schema io.k8s.api.rbac.v1.ClusterRole#rules */ - readonly rules?: PolicyRule[] + readonly rules?: PolicyRule[]; + } /** @@ -10442,16 +10220,14 @@ export interface KubeClusterRoleProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeClusterRoleProps(obj: KubeClusterRoleProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - aggregationRule: toJson_AggregationRule(obj.aggregationRule), - metadata: toJson_ObjectMeta(obj.metadata), - rules: obj.rules?.map((y) => toJson_PolicyRule(y)) - } + 'aggregationRule': toJson_AggregationRule(obj.aggregationRule), + 'metadata': toJson_ObjectMeta(obj.metadata), + 'rules': obj.rules?.map(y => toJson_PolicyRule(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10466,40 +10242,37 @@ export interface KubeClusterRoleBindingProps { * * @schema io.k8s.api.rbac.v1.ClusterRoleBinding#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. * * @schema io.k8s.api.rbac.v1.ClusterRoleBinding#roleRef */ - readonly roleRef: RoleRef + readonly roleRef: RoleRef; /** * Subjects holds references to the objects the role applies to. * * @schema io.k8s.api.rbac.v1.ClusterRoleBinding#subjects */ - readonly subjects?: Subject[] + readonly subjects?: Subject[]; + } /** * Converts an object of type 'KubeClusterRoleBindingProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeClusterRoleBindingProps( - obj: KubeClusterRoleBindingProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeClusterRoleBindingProps(obj: KubeClusterRoleBindingProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - roleRef: toJson_RoleRef(obj.roleRef), - subjects: obj.subjects?.map((y) => toJson_Subject(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'roleRef': toJson_RoleRef(obj.roleRef), + 'subjects': obj.subjects?.map(y => toJson_Subject(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10514,32 +10287,29 @@ export interface KubeClusterRoleBindingListProps { * * @schema io.k8s.api.rbac.v1.ClusterRoleBindingList#items */ - readonly items: KubeClusterRoleBindingProps[] + readonly items: KubeClusterRoleBindingProps[]; /** * Standard object's metadata. * * @schema io.k8s.api.rbac.v1.ClusterRoleBindingList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeClusterRoleBindingListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeClusterRoleBindingListProps( - obj: KubeClusterRoleBindingListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeClusterRoleBindingListProps(obj: KubeClusterRoleBindingListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeClusterRoleBindingProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeClusterRoleBindingProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10554,32 +10324,29 @@ export interface KubeClusterRoleListProps { * * @schema io.k8s.api.rbac.v1.ClusterRoleList#items */ - readonly items: KubeClusterRoleProps[] + readonly items: KubeClusterRoleProps[]; /** * Standard object's metadata. * * @schema io.k8s.api.rbac.v1.ClusterRoleList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeClusterRoleListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeClusterRoleListProps( - obj: KubeClusterRoleListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeClusterRoleListProps(obj: KubeClusterRoleListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeClusterRoleProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeClusterRoleProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10594,14 +10361,15 @@ export interface KubeRoleProps { * * @schema io.k8s.api.rbac.v1.Role#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Rules holds all the PolicyRules for this Role * * @schema io.k8s.api.rbac.v1.Role#rules */ - readonly rules?: PolicyRule[] + readonly rules?: PolicyRule[]; + } /** @@ -10609,15 +10377,13 @@ export interface KubeRoleProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeRoleProps(obj: KubeRoleProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - rules: obj.rules?.map((y) => toJson_PolicyRule(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'rules': obj.rules?.map(y => toJson_PolicyRule(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10632,21 +10398,22 @@ export interface KubeRoleBindingProps { * * @schema io.k8s.api.rbac.v1.RoleBinding#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. * * @schema io.k8s.api.rbac.v1.RoleBinding#roleRef */ - readonly roleRef: RoleRef + readonly roleRef: RoleRef; /** * Subjects holds references to the objects the role applies to. * * @schema io.k8s.api.rbac.v1.RoleBinding#subjects */ - readonly subjects?: Subject[] + readonly subjects?: Subject[]; + } /** @@ -10654,16 +10421,14 @@ export interface KubeRoleBindingProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeRoleBindingProps(obj: KubeRoleBindingProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - roleRef: toJson_RoleRef(obj.roleRef), - subjects: obj.subjects?.map((y) => toJson_Subject(y)) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'roleRef': toJson_RoleRef(obj.roleRef), + 'subjects': obj.subjects?.map(y => toJson_Subject(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10678,32 +10443,29 @@ export interface KubeRoleBindingListProps { * * @schema io.k8s.api.rbac.v1.RoleBindingList#items */ - readonly items: KubeRoleBindingProps[] + readonly items: KubeRoleBindingProps[]; /** * Standard object's metadata. * * @schema io.k8s.api.rbac.v1.RoleBindingList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeRoleBindingListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeRoleBindingListProps( - obj: KubeRoleBindingListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeRoleBindingListProps(obj: KubeRoleBindingListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeRoleBindingProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeRoleBindingProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10718,14 +10480,15 @@ export interface KubeRoleListProps { * * @schema io.k8s.api.rbac.v1.RoleList#items */ - readonly items: KubeRoleProps[] + readonly items: KubeRoleProps[]; /** * Standard object's metadata. * * @schema io.k8s.api.rbac.v1.RoleList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -10733,15 +10496,13 @@ export interface KubeRoleListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeRoleListProps(obj: KubeRoleListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeRoleProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeRoleProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10756,21 +10517,21 @@ export interface KubePriorityClassProps { * * @schema io.k8s.api.scheduling.v1.PriorityClass#description */ - readonly description?: string + readonly description?: string; /** * globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority. * * @schema io.k8s.api.scheduling.v1.PriorityClass#globalDefault */ - readonly globalDefault?: boolean + readonly globalDefault?: boolean; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.scheduling.v1.PriorityClass#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. @@ -10778,35 +10539,32 @@ export interface KubePriorityClassProps { * @default PreemptLowerPriority if unset. * @schema io.k8s.api.scheduling.v1.PriorityClass#preemptionPolicy */ - readonly preemptionPolicy?: string + readonly preemptionPolicy?: string; /** * The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec. * * @schema io.k8s.api.scheduling.v1.PriorityClass#value */ - readonly value: number + readonly value: number; + } /** * Converts an object of type 'KubePriorityClassProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityClassProps( - obj: KubePriorityClassProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityClassProps(obj: KubePriorityClassProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - description: obj.description, - globalDefault: obj.globalDefault, - metadata: toJson_ObjectMeta(obj.metadata), - preemptionPolicy: obj.preemptionPolicy, - value: obj.value - } + 'description': obj.description, + 'globalDefault': obj.globalDefault, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'preemptionPolicy': obj.preemptionPolicy, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10821,32 +10579,29 @@ export interface KubePriorityClassListProps { * * @schema io.k8s.api.scheduling.v1.PriorityClassList#items */ - readonly items: KubePriorityClassProps[] + readonly items: KubePriorityClassProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.scheduling.v1.PriorityClassList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubePriorityClassListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubePriorityClassListProps( - obj: KubePriorityClassListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubePriorityClassListProps(obj: KubePriorityClassListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubePriorityClassProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubePriorityClassProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10861,14 +10616,15 @@ export interface KubeCsiDriverProps { * * @schema io.k8s.api.storage.v1.CSIDriver#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the CSI Driver. * * @schema io.k8s.api.storage.v1.CSIDriver#spec */ - readonly spec: CsiDriverSpec + readonly spec: CsiDriverSpec; + } /** @@ -10876,15 +10632,13 @@ export interface KubeCsiDriverProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeCsiDriverProps(obj: KubeCsiDriverProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_CsiDriverSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_CsiDriverSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10899,32 +10653,29 @@ export interface KubeCsiDriverListProps { * * @schema io.k8s.api.storage.v1.CSIDriverList#items */ - readonly items: KubeCsiDriverProps[] + readonly items: KubeCsiDriverProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.CSIDriverList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeCsiDriverListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCsiDriverListProps( - obj: KubeCsiDriverListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCsiDriverListProps(obj: KubeCsiDriverListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCsiDriverProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCsiDriverProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10939,14 +10690,15 @@ export interface KubeCsiNodeProps { * * @schema io.k8s.api.storage.v1.CSINode#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec is the specification of CSINode * * @schema io.k8s.api.storage.v1.CSINode#spec */ - readonly spec: CsiNodeSpec + readonly spec: CsiNodeSpec; + } /** @@ -10954,15 +10706,13 @@ export interface KubeCsiNodeProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeCsiNodeProps(obj: KubeCsiNodeProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_CsiNodeSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_CsiNodeSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -10977,14 +10727,15 @@ export interface KubeCsiNodeListProps { * * @schema io.k8s.api.storage.v1.CSINodeList#items */ - readonly items: KubeCsiNodeProps[] + readonly items: KubeCsiNodeProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.CSINodeList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** @@ -10992,15 +10743,13 @@ export interface KubeCsiNodeListProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeCsiNodeListProps(obj: KubeCsiNodeListProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCsiNodeProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCsiNodeProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11025,7 +10774,7 @@ export interface KubeCsiStorageCapacityProps { * * @schema io.k8s.api.storage.v1.CSIStorageCapacity#capacity */ - readonly capacity?: Quantity + readonly capacity?: Quantity; /** * MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. @@ -11034,7 +10783,7 @@ export interface KubeCsiStorageCapacityProps { * * @schema io.k8s.api.storage.v1.CSIStorageCapacity#maximumVolumeSize */ - readonly maximumVolumeSize?: Quantity + readonly maximumVolumeSize?: Quantity; /** * Standard object's metadata. The name has no particular meaning. It must be be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-, a generated name, or a reverse-domain name which ends with the unique CSI driver name. @@ -11045,42 +10794,39 @@ export interface KubeCsiStorageCapacityProps { * * @schema io.k8s.api.storage.v1.CSIStorageCapacity#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * NodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable. * * @schema io.k8s.api.storage.v1.CSIStorageCapacity#nodeTopology */ - readonly nodeTopology?: LabelSelector + readonly nodeTopology?: LabelSelector; /** * The name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable. * * @schema io.k8s.api.storage.v1.CSIStorageCapacity#storageClassName */ - readonly storageClassName: string + readonly storageClassName: string; + } /** * Converts an object of type 'KubeCsiStorageCapacityProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCsiStorageCapacityProps( - obj: KubeCsiStorageCapacityProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCsiStorageCapacityProps(obj: KubeCsiStorageCapacityProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - capacity: obj.capacity?.value, - maximumVolumeSize: obj.maximumVolumeSize?.value, - metadata: toJson_ObjectMeta(obj.metadata), - nodeTopology: toJson_LabelSelector(obj.nodeTopology), - storageClassName: obj.storageClassName - } + 'capacity': obj.capacity?.value, + 'maximumVolumeSize': obj.maximumVolumeSize?.value, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'nodeTopology': toJson_LabelSelector(obj.nodeTopology), + 'storageClassName': obj.storageClassName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11095,32 +10841,29 @@ export interface KubeCsiStorageCapacityListProps { * * @schema io.k8s.api.storage.v1.CSIStorageCapacityList#items */ - readonly items: KubeCsiStorageCapacityProps[] + readonly items: KubeCsiStorageCapacityProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.CSIStorageCapacityList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeCsiStorageCapacityListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCsiStorageCapacityListProps( - obj: KubeCsiStorageCapacityListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCsiStorageCapacityListProps(obj: KubeCsiStorageCapacityListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCsiStorageCapacityProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCsiStorageCapacityProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11137,42 +10880,42 @@ export interface KubeStorageClassProps { * * @schema io.k8s.api.storage.v1.StorageClass#allowVolumeExpansion */ - readonly allowVolumeExpansion?: boolean + readonly allowVolumeExpansion?: boolean; /** * Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature. * * @schema io.k8s.api.storage.v1.StorageClass#allowedTopologies */ - readonly allowedTopologies?: TopologySelectorTerm[] + readonly allowedTopologies?: TopologySelectorTerm[]; /** * Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.StorageClass#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid. * * @schema io.k8s.api.storage.v1.StorageClass#mountOptions */ - readonly mountOptions?: string[] + readonly mountOptions?: string[]; /** * Parameters holds the parameters for the provisioner that should create volumes of this storage class. * * @schema io.k8s.api.storage.v1.StorageClass#parameters */ - readonly parameters?: { [key: string]: string } + readonly parameters?: { [key: string]: string }; /** * Provisioner indicates the type of the provisioner. * * @schema io.k8s.api.storage.v1.StorageClass#provisioner */ - readonly provisioner: string + readonly provisioner: string; /** * Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete. @@ -11180,14 +10923,15 @@ export interface KubeStorageClassProps { * @default Delete. * @schema io.k8s.api.storage.v1.StorageClass#reclaimPolicy */ - readonly reclaimPolicy?: string + readonly reclaimPolicy?: string; /** * VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature. * * @schema io.k8s.api.storage.v1.StorageClass#volumeBindingMode */ - readonly volumeBindingMode?: string + readonly volumeBindingMode?: string; + } /** @@ -11195,24 +10939,19 @@ export interface KubeStorageClassProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeStorageClassProps(obj: KubeStorageClassProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - allowVolumeExpansion: obj.allowVolumeExpansion, - allowedTopologies: obj.allowedTopologies?.map((y) => toJson_TopologySelectorTerm(y)), - metadata: toJson_ObjectMeta(obj.metadata), - mountOptions: obj.mountOptions?.map((y) => y), - parameters: - obj.parameters === undefined - ? undefined - : Object.entries(obj.parameters).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - provisioner: obj.provisioner, - reclaimPolicy: obj.reclaimPolicy, - volumeBindingMode: obj.volumeBindingMode - } + 'allowVolumeExpansion': obj.allowVolumeExpansion, + 'allowedTopologies': obj.allowedTopologies?.map(y => toJson_TopologySelectorTerm(y)), + 'metadata': toJson_ObjectMeta(obj.metadata), + 'mountOptions': obj.mountOptions?.map(y => y), + 'parameters': ((obj.parameters) === undefined) ? undefined : (Object.entries(obj.parameters).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'provisioner': obj.provisioner, + 'reclaimPolicy': obj.reclaimPolicy, + 'volumeBindingMode': obj.volumeBindingMode, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11227,32 +10966,29 @@ export interface KubeStorageClassListProps { * * @schema io.k8s.api.storage.v1.StorageClassList#items */ - readonly items: KubeStorageClassProps[] + readonly items: KubeStorageClassProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.StorageClassList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeStorageClassListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeStorageClassListProps( - obj: KubeStorageClassListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeStorageClassListProps(obj: KubeStorageClassListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeStorageClassProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeStorageClassProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11269,32 +11005,29 @@ export interface KubeVolumeAttachmentProps { * * @schema io.k8s.api.storage.v1.VolumeAttachment#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired attach/detach volume behavior. Populated by the Kubernetes system. * * @schema io.k8s.api.storage.v1.VolumeAttachment#spec */ - readonly spec: VolumeAttachmentSpec + readonly spec: VolumeAttachmentSpec; + } /** * Converts an object of type 'KubeVolumeAttachmentProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeVolumeAttachmentProps( - obj: KubeVolumeAttachmentProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeVolumeAttachmentProps(obj: KubeVolumeAttachmentProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_VolumeAttachmentSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_VolumeAttachmentSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11309,32 +11042,29 @@ export interface KubeVolumeAttachmentListProps { * * @schema io.k8s.api.storage.v1.VolumeAttachmentList#items */ - readonly items: KubeVolumeAttachmentProps[] + readonly items: KubeVolumeAttachmentProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1.VolumeAttachmentList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeVolumeAttachmentListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeVolumeAttachmentListProps( - obj: KubeVolumeAttachmentListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeVolumeAttachmentListProps(obj: KubeVolumeAttachmentListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeVolumeAttachmentProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeVolumeAttachmentProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11359,7 +11089,7 @@ export interface KubeCsiStorageCapacityV1Beta1Props { * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacity#capacity */ - readonly capacity?: Quantity + readonly capacity?: Quantity; /** * MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. @@ -11368,7 +11098,7 @@ export interface KubeCsiStorageCapacityV1Beta1Props { * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacity#maximumVolumeSize */ - readonly maximumVolumeSize?: Quantity + readonly maximumVolumeSize?: Quantity; /** * Standard object's metadata. The name has no particular meaning. It must be be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-, a generated name, or a reverse-domain name which ends with the unique CSI driver name. @@ -11379,42 +11109,39 @@ export interface KubeCsiStorageCapacityV1Beta1Props { * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacity#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * NodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable. * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacity#nodeTopology */ - readonly nodeTopology?: LabelSelector + readonly nodeTopology?: LabelSelector; /** * The name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable. * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacity#storageClassName */ - readonly storageClassName: string + readonly storageClassName: string; + } /** * Converts an object of type 'KubeCsiStorageCapacityV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCsiStorageCapacityV1Beta1Props( - obj: KubeCsiStorageCapacityV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCsiStorageCapacityV1Beta1Props(obj: KubeCsiStorageCapacityV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - capacity: obj.capacity?.value, - maximumVolumeSize: obj.maximumVolumeSize?.value, - metadata: toJson_ObjectMeta(obj.metadata), - nodeTopology: toJson_LabelSelector(obj.nodeTopology), - storageClassName: obj.storageClassName - } + 'capacity': obj.capacity?.value, + 'maximumVolumeSize': obj.maximumVolumeSize?.value, + 'metadata': toJson_ObjectMeta(obj.metadata), + 'nodeTopology': toJson_LabelSelector(obj.nodeTopology), + 'storageClassName': obj.storageClassName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11429,32 +11156,29 @@ export interface KubeCsiStorageCapacityListV1Beta1Props { * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacityList#items */ - readonly items: KubeCsiStorageCapacityV1Beta1Props[] + readonly items: KubeCsiStorageCapacityV1Beta1Props[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.api.storage.v1beta1.CSIStorageCapacityList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeCsiStorageCapacityListV1Beta1Props' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCsiStorageCapacityListV1Beta1Props( - obj: KubeCsiStorageCapacityListV1Beta1Props | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCsiStorageCapacityListV1Beta1Props(obj: KubeCsiStorageCapacityListV1Beta1Props | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCsiStorageCapacityV1Beta1Props(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCsiStorageCapacityV1Beta1Props(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11469,32 +11193,29 @@ export interface KubeCustomResourceDefinitionProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * spec describes how the user wants the resources to appear * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition#spec */ - readonly spec: CustomResourceDefinitionSpec + readonly spec: CustomResourceDefinitionSpec; + } /** * Converts an object of type 'KubeCustomResourceDefinitionProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCustomResourceDefinitionProps( - obj: KubeCustomResourceDefinitionProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCustomResourceDefinitionProps(obj: KubeCustomResourceDefinitionProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_CustomResourceDefinitionSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_CustomResourceDefinitionSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11509,32 +11230,29 @@ export interface KubeCustomResourceDefinitionListProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList#items */ - readonly items: KubeCustomResourceDefinitionProps[] + readonly items: KubeCustomResourceDefinitionProps[]; /** * Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeCustomResourceDefinitionListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeCustomResourceDefinitionListProps( - obj: KubeCustomResourceDefinitionListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeCustomResourceDefinitionListProps(obj: KubeCustomResourceDefinitionListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeCustomResourceDefinitionProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeCustomResourceDefinitionProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11549,35 +11267,36 @@ export interface KubeStatusProps { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.Status#code */ - readonly code?: number + readonly code?: number; /** * Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.Status#details */ - readonly details?: StatusDetails + readonly details?: StatusDetails; /** * A human-readable description of the status of this operation. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.Status#message */ - readonly message?: string + readonly message?: string; /** * Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.Status#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; /** * A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.Status#reason */ - readonly reason?: string + readonly reason?: string; + } /** @@ -11585,18 +11304,16 @@ export interface KubeStatusProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeStatusProps(obj: KubeStatusProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - code: obj.code, - details: toJson_StatusDetails(obj.details), - message: obj.message, - metadata: toJson_ListMeta(obj.metadata), - reason: obj.reason - } + 'code': obj.code, + 'details': toJson_StatusDetails(obj.details), + 'message': obj.message, + 'metadata': toJson_ListMeta(obj.metadata), + 'reason': obj.reason, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11611,14 +11328,15 @@ export interface KubeApiServiceProps { * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Spec contains information for locating and communicating with a server * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService#spec */ - readonly spec?: ApiServiceSpec + readonly spec?: ApiServiceSpec; + } /** @@ -11626,15 +11344,13 @@ export interface KubeApiServiceProps { */ /* eslint-disable max-len, quote-props */ export function toJson_KubeApiServiceProps(obj: KubeApiServiceProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_ApiServiceSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_ApiServiceSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11649,32 +11365,29 @@ export interface KubeApiServiceListProps { * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceList#items */ - readonly items: KubeApiServiceProps[] + readonly items: KubeApiServiceProps[]; /** * Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceList#metadata */ - readonly metadata?: ListMeta + readonly metadata?: ListMeta; + } /** * Converts an object of type 'KubeApiServiceListProps' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_KubeApiServiceListProps( - obj: KubeApiServiceListProps | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_KubeApiServiceListProps(obj: KubeApiServiceListProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KubeApiServiceProps(y)), - metadata: toJson_ListMeta(obj.metadata) - } + 'items': obj.items?.map(y => toJson_KubeApiServiceProps(y)), + 'metadata': toJson_ListMeta(obj.metadata), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11689,7 +11402,7 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#annotations */ - readonly annotations?: { [key: string]: string } + readonly annotations?: { [key: string]: string }; /** * CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. @@ -11698,14 +11411,14 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#creationTimestamp */ - readonly creationTimestamp?: Date + readonly creationTimestamp?: Date; /** * Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#deletionGracePeriodSeconds */ - readonly deletionGracePeriodSeconds?: number + readonly deletionGracePeriodSeconds?: number; /** * DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. @@ -11714,14 +11427,14 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#deletionTimestamp */ - readonly deletionTimestamp?: Date + readonly deletionTimestamp?: Date; /** * Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#finalizers */ - readonly finalizers?: string[] + readonly finalizers?: string[]; /** * GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. @@ -11732,35 +11445,35 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#generateName */ - readonly generateName?: string + readonly generateName?: string; /** * A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#generation */ - readonly generation?: number + readonly generation?: number; /** * Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#labels */ - readonly labels?: { [key: string]: string } + readonly labels?: { [key: string]: string }; /** * ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#managedFields */ - readonly managedFields?: ManagedFieldsEntry[] + readonly managedFields?: ManagedFieldsEntry[]; /** * Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#name */ - readonly name?: string + readonly name?: string; /** * Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. @@ -11769,14 +11482,14 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#namespace */ - readonly namespace?: string + readonly namespace?: string; /** * List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#ownerReferences */ - readonly ownerReferences?: OwnerReference[] + readonly ownerReferences?: OwnerReference[]; /** * An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. @@ -11785,14 +11498,14 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#resourceVersion */ - readonly resourceVersion?: string + readonly resourceVersion?: string; /** * Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#selfLink */ - readonly selfLink?: string + readonly selfLink?: string; /** * UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. @@ -11801,7 +11514,8 @@ export interface ObjectMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta#uid */ - readonly uid?: string + readonly uid?: string; + } /** @@ -11809,34 +11523,26 @@ export interface ObjectMeta { */ /* eslint-disable max-len, quote-props */ export function toJson_ObjectMeta(obj: ObjectMeta | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - annotations: - obj.annotations === undefined - ? undefined - : Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - creationTimestamp: obj.creationTimestamp?.toISOString(), - deletionGracePeriodSeconds: obj.deletionGracePeriodSeconds, - deletionTimestamp: obj.deletionTimestamp?.toISOString(), - finalizers: obj.finalizers?.map((y) => y), - generateName: obj.generateName, - generation: obj.generation, - labels: - obj.labels === undefined - ? undefined - : Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - managedFields: obj.managedFields?.map((y) => toJson_ManagedFieldsEntry(y)), - name: obj.name, - namespace: obj.namespace, - ownerReferences: obj.ownerReferences?.map((y) => toJson_OwnerReference(y)), - resourceVersion: obj.resourceVersion, - selfLink: obj.selfLink, - uid: obj.uid - } + 'annotations': ((obj.annotations) === undefined) ? undefined : (Object.entries(obj.annotations).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'creationTimestamp': obj.creationTimestamp?.toISOString(), + 'deletionGracePeriodSeconds': obj.deletionGracePeriodSeconds, + 'deletionTimestamp': obj.deletionTimestamp?.toISOString(), + 'finalizers': obj.finalizers?.map(y => y), + 'generateName': obj.generateName, + 'generation': obj.generation, + 'labels': ((obj.labels) === undefined) ? undefined : (Object.entries(obj.labels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'managedFields': obj.managedFields?.map(y => toJson_ManagedFieldsEntry(y)), + 'name': obj.name, + 'namespace': obj.namespace, + 'ownerReferences': obj.ownerReferences?.map(y => toJson_OwnerReference(y)), + 'resourceVersion': obj.resourceVersion, + 'selfLink': obj.selfLink, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -11851,14 +11557,14 @@ export interface MutatingWebhook { * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#admissionReviewVersions */ - readonly admissionReviewVersions: string[] + readonly admissionReviewVersions: string[]; /** * ClientConfig defines how to communicate with the hook. Required * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#clientConfig */ - readonly clientConfig: WebhookClientConfig + readonly clientConfig: WebhookClientConfig; /** * FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail. @@ -11866,7 +11572,7 @@ export interface MutatingWebhook { * @default Fail. * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#failurePolicy */ - readonly failurePolicy?: string + readonly failurePolicy?: string; /** * matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". @@ -11880,14 +11586,14 @@ export interface MutatingWebhook { * @default Equivalent" * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#matchPolicy */ - readonly matchPolicy?: string + readonly matchPolicy?: string; /** * The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required. * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#name */ - readonly name: string + readonly name: string; /** * NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. @@ -11925,7 +11631,7 @@ export interface MutatingWebhook { * @default the empty LabelSelector, which matches everything. * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#namespaceSelector */ - readonly namespaceSelector?: LabelSelector + readonly namespaceSelector?: LabelSelector; /** * ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything. @@ -11933,7 +11639,7 @@ export interface MutatingWebhook { * @default the empty LabelSelector, which matches everything. * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#objectSelector */ - readonly objectSelector?: LabelSelector + readonly objectSelector?: LabelSelector; /** * reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded". @@ -11947,21 +11653,21 @@ export interface MutatingWebhook { * @default Never". * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#reinvocationPolicy */ - readonly reinvocationPolicy?: string + readonly reinvocationPolicy?: string; /** * Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#rules */ - readonly rules?: RuleWithOperations[] + readonly rules?: RuleWithOperations[]; /** * SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some. * * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#sideEffects */ - readonly sideEffects: string + readonly sideEffects: string; /** * TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds. @@ -11969,7 +11675,8 @@ export interface MutatingWebhook { * @default 10 seconds. * @schema io.k8s.api.admissionregistration.v1.MutatingWebhook#timeoutSeconds */ - readonly timeoutSeconds?: number + readonly timeoutSeconds?: number; + } /** @@ -11977,24 +11684,22 @@ export interface MutatingWebhook { */ /* eslint-disable max-len, quote-props */ export function toJson_MutatingWebhook(obj: MutatingWebhook | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - admissionReviewVersions: obj.admissionReviewVersions?.map((y) => y), - clientConfig: toJson_WebhookClientConfig(obj.clientConfig), - failurePolicy: obj.failurePolicy, - matchPolicy: obj.matchPolicy, - name: obj.name, - namespaceSelector: toJson_LabelSelector(obj.namespaceSelector), - objectSelector: toJson_LabelSelector(obj.objectSelector), - reinvocationPolicy: obj.reinvocationPolicy, - rules: obj.rules?.map((y) => toJson_RuleWithOperations(y)), - sideEffects: obj.sideEffects, - timeoutSeconds: obj.timeoutSeconds - } + 'admissionReviewVersions': obj.admissionReviewVersions?.map(y => y), + 'clientConfig': toJson_WebhookClientConfig(obj.clientConfig), + 'failurePolicy': obj.failurePolicy, + 'matchPolicy': obj.matchPolicy, + 'name': obj.name, + 'namespaceSelector': toJson_LabelSelector(obj.namespaceSelector), + 'objectSelector': toJson_LabelSelector(obj.objectSelector), + 'reinvocationPolicy': obj.reinvocationPolicy, + 'rules': obj.rules?.map(y => toJson_RuleWithOperations(y)), + 'sideEffects': obj.sideEffects, + 'timeoutSeconds': obj.timeoutSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12009,28 +11714,29 @@ export interface ListMeta { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta#continue */ - readonly continue?: string + readonly continue?: string; /** * remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta#remainingItemCount */ - readonly remainingItemCount?: number + readonly remainingItemCount?: number; /** * String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta#resourceVersion */ - readonly resourceVersion?: string + readonly resourceVersion?: string; /** * Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta#selfLink */ - readonly selfLink?: string + readonly selfLink?: string; + } /** @@ -12038,17 +11744,15 @@ export interface ListMeta { */ /* eslint-disable max-len, quote-props */ export function toJson_ListMeta(obj: ListMeta | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - continue: obj.continue, - remainingItemCount: obj.remainingItemCount, - resourceVersion: obj.resourceVersion, - selfLink: obj.selfLink - } + 'continue': obj.continue, + 'remainingItemCount': obj.remainingItemCount, + 'resourceVersion': obj.resourceVersion, + 'selfLink': obj.selfLink, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12063,14 +11767,14 @@ export interface ValidatingWebhook { * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#admissionReviewVersions */ - readonly admissionReviewVersions: string[] + readonly admissionReviewVersions: string[]; /** * ClientConfig defines how to communicate with the hook. Required * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#clientConfig */ - readonly clientConfig: WebhookClientConfig + readonly clientConfig: WebhookClientConfig; /** * FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail. @@ -12078,7 +11782,7 @@ export interface ValidatingWebhook { * @default Fail. * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#failurePolicy */ - readonly failurePolicy?: string + readonly failurePolicy?: string; /** * matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". @@ -12092,14 +11796,14 @@ export interface ValidatingWebhook { * @default Equivalent" * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#matchPolicy */ - readonly matchPolicy?: string + readonly matchPolicy?: string; /** * The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required. * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#name */ - readonly name: string + readonly name: string; /** * NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. @@ -12137,7 +11841,7 @@ export interface ValidatingWebhook { * @default the empty LabelSelector, which matches everything. * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#namespaceSelector */ - readonly namespaceSelector?: LabelSelector + readonly namespaceSelector?: LabelSelector; /** * ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything. @@ -12145,21 +11849,21 @@ export interface ValidatingWebhook { * @default the empty LabelSelector, which matches everything. * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#objectSelector */ - readonly objectSelector?: LabelSelector + readonly objectSelector?: LabelSelector; /** * Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#rules */ - readonly rules?: RuleWithOperations[] + readonly rules?: RuleWithOperations[]; /** * SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some. * * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#sideEffects */ - readonly sideEffects: string + readonly sideEffects: string; /** * TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds. @@ -12167,7 +11871,8 @@ export interface ValidatingWebhook { * @default 10 seconds. * @schema io.k8s.api.admissionregistration.v1.ValidatingWebhook#timeoutSeconds */ - readonly timeoutSeconds?: number + readonly timeoutSeconds?: number; + } /** @@ -12175,23 +11880,21 @@ export interface ValidatingWebhook { */ /* eslint-disable max-len, quote-props */ export function toJson_ValidatingWebhook(obj: ValidatingWebhook | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - admissionReviewVersions: obj.admissionReviewVersions?.map((y) => y), - clientConfig: toJson_WebhookClientConfig(obj.clientConfig), - failurePolicy: obj.failurePolicy, - matchPolicy: obj.matchPolicy, - name: obj.name, - namespaceSelector: toJson_LabelSelector(obj.namespaceSelector), - objectSelector: toJson_LabelSelector(obj.objectSelector), - rules: obj.rules?.map((y) => toJson_RuleWithOperations(y)), - sideEffects: obj.sideEffects, - timeoutSeconds: obj.timeoutSeconds - } + 'admissionReviewVersions': obj.admissionReviewVersions?.map(y => y), + 'clientConfig': toJson_WebhookClientConfig(obj.clientConfig), + 'failurePolicy': obj.failurePolicy, + 'matchPolicy': obj.matchPolicy, + 'name': obj.name, + 'namespaceSelector': toJson_LabelSelector(obj.namespaceSelector), + 'objectSelector': toJson_LabelSelector(obj.objectSelector), + 'rules': obj.rules?.map(y => toJson_RuleWithOperations(y)), + 'sideEffects': obj.sideEffects, + 'timeoutSeconds': obj.timeoutSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12207,7 +11910,7 @@ export interface DaemonSetSpec { * @default 0 (pod will be considered available as soon as it is ready). * @schema io.k8s.api.apps.v1.DaemonSetSpec#minReadySeconds */ - readonly minReadySeconds?: number + readonly minReadySeconds?: number; /** * The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. @@ -12215,28 +11918,29 @@ export interface DaemonSetSpec { * @default 10. * @schema io.k8s.api.apps.v1.DaemonSetSpec#revisionHistoryLimit */ - readonly revisionHistoryLimit?: number + readonly revisionHistoryLimit?: number; /** * A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors * * @schema io.k8s.api.apps.v1.DaemonSetSpec#selector */ - readonly selector: LabelSelector + readonly selector: LabelSelector; /** * An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template * * @schema io.k8s.api.apps.v1.DaemonSetSpec#template */ - readonly template: PodTemplateSpec + readonly template: PodTemplateSpec; /** * An update strategy to replace existing DaemonSet pods with new pods. * * @schema io.k8s.api.apps.v1.DaemonSetSpec#updateStrategy */ - readonly updateStrategy?: DaemonSetUpdateStrategy + readonly updateStrategy?: DaemonSetUpdateStrategy; + } /** @@ -12244,18 +11948,16 @@ export interface DaemonSetSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_DaemonSetSpec(obj: DaemonSetSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - minReadySeconds: obj.minReadySeconds, - revisionHistoryLimit: obj.revisionHistoryLimit, - selector: toJson_LabelSelector(obj.selector), - template: toJson_PodTemplateSpec(obj.template), - updateStrategy: toJson_DaemonSetUpdateStrategy(obj.updateStrategy) - } + 'minReadySeconds': obj.minReadySeconds, + 'revisionHistoryLimit': obj.revisionHistoryLimit, + 'selector': toJson_LabelSelector(obj.selector), + 'template': toJson_PodTemplateSpec(obj.template), + 'updateStrategy': toJson_DaemonSetUpdateStrategy(obj.updateStrategy), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12271,14 +11973,14 @@ export interface DeploymentSpec { * @default 0 (pod will be considered available as soon as it is ready) * @schema io.k8s.api.apps.v1.DeploymentSpec#minReadySeconds */ - readonly minReadySeconds?: number + readonly minReadySeconds?: number; /** * Indicates that the deployment is paused. * * @schema io.k8s.api.apps.v1.DeploymentSpec#paused */ - readonly paused?: boolean + readonly paused?: boolean; /** * The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. @@ -12286,7 +11988,7 @@ export interface DeploymentSpec { * @default 600s. * @schema io.k8s.api.apps.v1.DeploymentSpec#progressDeadlineSeconds */ - readonly progressDeadlineSeconds?: number + readonly progressDeadlineSeconds?: number; /** * Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. @@ -12294,7 +11996,7 @@ export interface DeploymentSpec { * @default 1. * @schema io.k8s.api.apps.v1.DeploymentSpec#replicas */ - readonly replicas?: number + readonly replicas?: number; /** * The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. @@ -12302,28 +12004,29 @@ export interface DeploymentSpec { * @default 10. * @schema io.k8s.api.apps.v1.DeploymentSpec#revisionHistoryLimit */ - readonly revisionHistoryLimit?: number + readonly revisionHistoryLimit?: number; /** * Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. * * @schema io.k8s.api.apps.v1.DeploymentSpec#selector */ - readonly selector: LabelSelector + readonly selector: LabelSelector; /** * The deployment strategy to use to replace existing pods with new ones. * * @schema io.k8s.api.apps.v1.DeploymentSpec#strategy */ - readonly strategy?: DeploymentStrategy + readonly strategy?: DeploymentStrategy; /** * Template describes the pods that will be created. * * @schema io.k8s.api.apps.v1.DeploymentSpec#template */ - readonly template: PodTemplateSpec + readonly template: PodTemplateSpec; + } /** @@ -12331,21 +12034,19 @@ export interface DeploymentSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_DeploymentSpec(obj: DeploymentSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - minReadySeconds: obj.minReadySeconds, - paused: obj.paused, - progressDeadlineSeconds: obj.progressDeadlineSeconds, - replicas: obj.replicas, - revisionHistoryLimit: obj.revisionHistoryLimit, - selector: toJson_LabelSelector(obj.selector), - strategy: toJson_DeploymentStrategy(obj.strategy), - template: toJson_PodTemplateSpec(obj.template) - } + 'minReadySeconds': obj.minReadySeconds, + 'paused': obj.paused, + 'progressDeadlineSeconds': obj.progressDeadlineSeconds, + 'replicas': obj.replicas, + 'revisionHistoryLimit': obj.revisionHistoryLimit, + 'selector': toJson_LabelSelector(obj.selector), + 'strategy': toJson_DeploymentStrategy(obj.strategy), + 'template': toJson_PodTemplateSpec(obj.template), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12361,7 +12062,7 @@ export interface ReplicaSetSpec { * @default 0 (pod will be considered available as soon as it is ready) * @schema io.k8s.api.apps.v1.ReplicaSetSpec#minReadySeconds */ - readonly minReadySeconds?: number + readonly minReadySeconds?: number; /** * Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller @@ -12369,21 +12070,22 @@ export interface ReplicaSetSpec { * @default 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller * @schema io.k8s.api.apps.v1.ReplicaSetSpec#replicas */ - readonly replicas?: number + readonly replicas?: number; /** * Selector is a label query over pods that should match the replica count. Label keys and values that must match in order to be controlled by this replica set. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors * * @schema io.k8s.api.apps.v1.ReplicaSetSpec#selector */ - readonly selector: LabelSelector + readonly selector: LabelSelector; /** * Template is the object that describes the pod that will be created if insufficient replicas are detected. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template * * @schema io.k8s.api.apps.v1.ReplicaSetSpec#template */ - readonly template?: PodTemplateSpec + readonly template?: PodTemplateSpec; + } /** @@ -12391,17 +12093,15 @@ export interface ReplicaSetSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_ReplicaSetSpec(obj: ReplicaSetSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - minReadySeconds: obj.minReadySeconds, - replicas: obj.replicas, - selector: toJson_LabelSelector(obj.selector), - template: toJson_PodTemplateSpec(obj.template) - } + 'minReadySeconds': obj.minReadySeconds, + 'replicas': obj.replicas, + 'selector': toJson_LabelSelector(obj.selector), + 'template': toJson_PodTemplateSpec(obj.template), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12417,14 +12117,14 @@ export interface StatefulSetSpec { * @default 0 (pod will be considered available as soon as it is ready) * @schema io.k8s.api.apps.v1.StatefulSetSpec#minReadySeconds */ - readonly minReadySeconds?: number + readonly minReadySeconds?: number; /** * persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent volume claims created from volumeClaimTemplates. By default, all persistent volume claims are created as needed and retained until manually deleted. This policy allows the lifecycle to be altered, for example by deleting persistent volume claims when their stateful set is deleted, or when their pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha. +optional * * @schema io.k8s.api.apps.v1.StatefulSetSpec#persistentVolumeClaimRetentionPolicy */ - readonly persistentVolumeClaimRetentionPolicy?: StatefulSetPersistentVolumeClaimRetentionPolicy + readonly persistentVolumeClaimRetentionPolicy?: StatefulSetPersistentVolumeClaimRetentionPolicy; /** * podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once. @@ -12433,56 +12133,57 @@ export interface StatefulSetSpec { * * @schema io.k8s.api.apps.v1.StatefulSetSpec#podManagementPolicy */ - readonly podManagementPolicy?: string + readonly podManagementPolicy?: string; /** * replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#replicas */ - readonly replicas?: number + readonly replicas?: number; /** * revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#revisionHistoryLimit */ - readonly revisionHistoryLimit?: number + readonly revisionHistoryLimit?: number; /** * selector is a label query over pods that should match the replica count. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors * * @schema io.k8s.api.apps.v1.StatefulSetSpec#selector */ - readonly selector: LabelSelector + readonly selector: LabelSelector; /** * serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#serviceName */ - readonly serviceName: string + readonly serviceName: string; /** * template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#template */ - readonly template: PodTemplateSpec + readonly template: PodTemplateSpec; /** * updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#updateStrategy */ - readonly updateStrategy?: StatefulSetUpdateStrategy + readonly updateStrategy?: StatefulSetUpdateStrategy; /** * volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. * * @schema io.k8s.api.apps.v1.StatefulSetSpec#volumeClaimTemplates */ - readonly volumeClaimTemplates?: KubePersistentVolumeClaimProps[] + readonly volumeClaimTemplates?: KubePersistentVolumeClaimProps[]; + } /** @@ -12490,25 +12191,21 @@ export interface StatefulSetSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_StatefulSetSpec(obj: StatefulSetSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - minReadySeconds: obj.minReadySeconds, - persistentVolumeClaimRetentionPolicy: toJson_StatefulSetPersistentVolumeClaimRetentionPolicy( - obj.persistentVolumeClaimRetentionPolicy - ), - podManagementPolicy: obj.podManagementPolicy, - replicas: obj.replicas, - revisionHistoryLimit: obj.revisionHistoryLimit, - selector: toJson_LabelSelector(obj.selector), - serviceName: obj.serviceName, - template: toJson_PodTemplateSpec(obj.template), - updateStrategy: toJson_StatefulSetUpdateStrategy(obj.updateStrategy), - volumeClaimTemplates: obj.volumeClaimTemplates?.map((y) => toJson_KubePersistentVolumeClaimProps(y)) - } + 'minReadySeconds': obj.minReadySeconds, + 'persistentVolumeClaimRetentionPolicy': toJson_StatefulSetPersistentVolumeClaimRetentionPolicy(obj.persistentVolumeClaimRetentionPolicy), + 'podManagementPolicy': obj.podManagementPolicy, + 'replicas': obj.replicas, + 'revisionHistoryLimit': obj.revisionHistoryLimit, + 'selector': toJson_LabelSelector(obj.selector), + 'serviceName': obj.serviceName, + 'template': toJson_PodTemplateSpec(obj.template), + 'updateStrategy': toJson_StatefulSetUpdateStrategy(obj.updateStrategy), + 'volumeClaimTemplates': obj.volumeClaimTemplates?.map(y => toJson_KubePersistentVolumeClaimProps(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12523,21 +12220,22 @@ export interface TokenRequestSpec { * * @schema io.k8s.api.authentication.v1.TokenRequestSpec#audiences */ - readonly audiences: string[] + readonly audiences: string[]; /** * BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation. * * @schema io.k8s.api.authentication.v1.TokenRequestSpec#boundObjectRef */ - readonly boundObjectRef?: BoundObjectReference + readonly boundObjectRef?: BoundObjectReference; /** * ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response. * * @schema io.k8s.api.authentication.v1.TokenRequestSpec#expirationSeconds */ - readonly expirationSeconds?: number + readonly expirationSeconds?: number; + } /** @@ -12545,16 +12243,14 @@ export interface TokenRequestSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_TokenRequestSpec(obj: TokenRequestSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - audiences: obj.audiences?.map((y) => y), - boundObjectRef: toJson_BoundObjectReference(obj.boundObjectRef), - expirationSeconds: obj.expirationSeconds - } + 'audiences': obj.audiences?.map(y => y), + 'boundObjectRef': toJson_BoundObjectReference(obj.boundObjectRef), + 'expirationSeconds': obj.expirationSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12569,14 +12265,15 @@ export interface TokenReviewSpec { * * @schema io.k8s.api.authentication.v1.TokenReviewSpec#audiences */ - readonly audiences?: string[] + readonly audiences?: string[]; /** * Token is the opaque bearer token. * * @schema io.k8s.api.authentication.v1.TokenReviewSpec#token */ - readonly token?: string + readonly token?: string; + } /** @@ -12584,15 +12281,13 @@ export interface TokenReviewSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_TokenReviewSpec(obj: TokenReviewSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - audiences: obj.audiences?.map((y) => y), - token: obj.token - } + 'audiences': obj.audiences?.map(y => y), + 'token': obj.token, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12607,70 +12302,61 @@ export interface SubjectAccessReviewSpec { * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#extra */ - readonly extra?: { [key: string]: string[] } + readonly extra?: { [key: string]: string[] }; /** * Groups is the groups you're testing for. * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#groups */ - readonly groups?: string[] + readonly groups?: string[]; /** * NonResourceAttributes describes information for a non-resource access request * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#nonResourceAttributes */ - readonly nonResourceAttributes?: NonResourceAttributes + readonly nonResourceAttributes?: NonResourceAttributes; /** * ResourceAuthorizationAttributes describes information for a resource access request * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#resourceAttributes */ - readonly resourceAttributes?: ResourceAttributes + readonly resourceAttributes?: ResourceAttributes; /** * UID information about the requesting user. * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#uid */ - readonly uid?: string + readonly uid?: string; /** * User is the user you're testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups * * @schema io.k8s.api.authorization.v1.SubjectAccessReviewSpec#user */ - readonly user?: string + readonly user?: string; + } /** * Converts an object of type 'SubjectAccessReviewSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_SubjectAccessReviewSpec( - obj: SubjectAccessReviewSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_SubjectAccessReviewSpec(obj: SubjectAccessReviewSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - extra: - obj.extra === undefined - ? undefined - : Object.entries(obj.extra).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.map((y) => y) }), - {} - ), - groups: obj.groups?.map((y) => y), - nonResourceAttributes: toJson_NonResourceAttributes(obj.nonResourceAttributes), - resourceAttributes: toJson_ResourceAttributes(obj.resourceAttributes), - uid: obj.uid, - user: obj.user - } + 'extra': ((obj.extra) === undefined) ? undefined : (Object.entries(obj.extra).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.map(y => y) }), {})), + 'groups': obj.groups?.map(y => y), + 'nonResourceAttributes': toJson_NonResourceAttributes(obj.nonResourceAttributes), + 'resourceAttributes': toJson_ResourceAttributes(obj.resourceAttributes), + 'uid': obj.uid, + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12685,32 +12371,29 @@ export interface SelfSubjectAccessReviewSpec { * * @schema io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec#nonResourceAttributes */ - readonly nonResourceAttributes?: NonResourceAttributes + readonly nonResourceAttributes?: NonResourceAttributes; /** * ResourceAuthorizationAttributes describes information for a resource access request * * @schema io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec#resourceAttributes */ - readonly resourceAttributes?: ResourceAttributes + readonly resourceAttributes?: ResourceAttributes; + } /** * Converts an object of type 'SelfSubjectAccessReviewSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_SelfSubjectAccessReviewSpec( - obj: SelfSubjectAccessReviewSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_SelfSubjectAccessReviewSpec(obj: SelfSubjectAccessReviewSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - nonResourceAttributes: toJson_NonResourceAttributes(obj.nonResourceAttributes), - resourceAttributes: toJson_ResourceAttributes(obj.resourceAttributes) - } + 'nonResourceAttributes': toJson_NonResourceAttributes(obj.nonResourceAttributes), + 'resourceAttributes': toJson_ResourceAttributes(obj.resourceAttributes), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12725,24 +12408,21 @@ export interface SelfSubjectRulesReviewSpec { * * @schema io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec#namespace */ - readonly namespace?: string + readonly namespace?: string; + } /** * Converts an object of type 'SelfSubjectRulesReviewSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_SelfSubjectRulesReviewSpec( - obj: SelfSubjectRulesReviewSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_SelfSubjectRulesReviewSpec(obj: SelfSubjectRulesReviewSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - namespace: obj.namespace - } + 'namespace': obj.namespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12757,48 +12437,45 @@ export interface HorizontalPodAutoscalerSpec { * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec#maxReplicas */ - readonly maxReplicas: number + readonly maxReplicas: number; /** * minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec#minReplicas */ - readonly minReplicas?: number + readonly minReplicas?: number; /** * reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption and will set the desired number of pods by using its Scale subresource. * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec#scaleTargetRef */ - readonly scaleTargetRef: CrossVersionObjectReference + readonly scaleTargetRef: CrossVersionObjectReference; /** * target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. * * @schema io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerSpec#targetCPUUtilizationPercentage */ - readonly targetCpuUtilizationPercentage?: number + readonly targetCpuUtilizationPercentage?: number; + } /** * Converts an object of type 'HorizontalPodAutoscalerSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HorizontalPodAutoscalerSpec( - obj: HorizontalPodAutoscalerSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HorizontalPodAutoscalerSpec(obj: HorizontalPodAutoscalerSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - maxReplicas: obj.maxReplicas, - minReplicas: obj.minReplicas, - scaleTargetRef: toJson_CrossVersionObjectReference(obj.scaleTargetRef), - targetCPUUtilizationPercentage: obj.targetCpuUtilizationPercentage - } + 'maxReplicas': obj.maxReplicas, + 'minReplicas': obj.minReplicas, + 'scaleTargetRef': toJson_CrossVersionObjectReference(obj.scaleTargetRef), + 'targetCPUUtilizationPercentage': obj.targetCpuUtilizationPercentage, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12813,7 +12490,8 @@ export interface ScaleSpec { * * @schema io.k8s.api.autoscaling.v1.ScaleSpec#replicas */ - readonly replicas?: number + readonly replicas?: number; + } /** @@ -12821,14 +12499,12 @@ export interface ScaleSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_ScaleSpec(obj: ScaleSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - replicas: obj.replicas - } + 'replicas': obj.replicas, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12843,56 +12519,53 @@ export interface HorizontalPodAutoscalerSpecV2 { * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerSpec#behavior */ - readonly behavior?: HorizontalPodAutoscalerBehaviorV2 + readonly behavior?: HorizontalPodAutoscalerBehaviorV2; /** * maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerSpec#maxReplicas */ - readonly maxReplicas: number + readonly maxReplicas: number; /** * metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerSpec#metrics */ - readonly metrics?: MetricSpecV2[] + readonly metrics?: MetricSpecV2[]; /** * minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerSpec#minReplicas */ - readonly minReplicas?: number + readonly minReplicas?: number; /** * scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count. * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerSpec#scaleTargetRef */ - readonly scaleTargetRef: CrossVersionObjectReferenceV2 + readonly scaleTargetRef: CrossVersionObjectReferenceV2; + } /** * Converts an object of type 'HorizontalPodAutoscalerSpecV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HorizontalPodAutoscalerSpecV2( - obj: HorizontalPodAutoscalerSpecV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HorizontalPodAutoscalerSpecV2(obj: HorizontalPodAutoscalerSpecV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - behavior: toJson_HorizontalPodAutoscalerBehaviorV2(obj.behavior), - maxReplicas: obj.maxReplicas, - metrics: obj.metrics?.map((y) => toJson_MetricSpecV2(y)), - minReplicas: obj.minReplicas, - scaleTargetRef: toJson_CrossVersionObjectReferenceV2(obj.scaleTargetRef) - } + 'behavior': toJson_HorizontalPodAutoscalerBehaviorV2(obj.behavior), + 'maxReplicas': obj.maxReplicas, + 'metrics': obj.metrics?.map(y => toJson_MetricSpecV2(y)), + 'minReplicas': obj.minReplicas, + 'scaleTargetRef': toJson_CrossVersionObjectReferenceV2(obj.scaleTargetRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12907,56 +12580,53 @@ export interface HorizontalPodAutoscalerSpecV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec#behavior */ - readonly behavior?: HorizontalPodAutoscalerBehaviorV2Beta2 + readonly behavior?: HorizontalPodAutoscalerBehaviorV2Beta2; /** * maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec#maxReplicas */ - readonly maxReplicas: number + readonly maxReplicas: number; /** * metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec#metrics */ - readonly metrics?: MetricSpecV2Beta2[] + readonly metrics?: MetricSpecV2Beta2[]; /** * minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec#minReplicas */ - readonly minReplicas?: number + readonly minReplicas?: number; /** * scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count. * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerSpec#scaleTargetRef */ - readonly scaleTargetRef: CrossVersionObjectReferenceV2Beta2 + readonly scaleTargetRef: CrossVersionObjectReferenceV2Beta2; + } /** * Converts an object of type 'HorizontalPodAutoscalerSpecV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HorizontalPodAutoscalerSpecV2Beta2( - obj: HorizontalPodAutoscalerSpecV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HorizontalPodAutoscalerSpecV2Beta2(obj: HorizontalPodAutoscalerSpecV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - behavior: toJson_HorizontalPodAutoscalerBehaviorV2Beta2(obj.behavior), - maxReplicas: obj.maxReplicas, - metrics: obj.metrics?.map((y) => toJson_MetricSpecV2Beta2(y)), - minReplicas: obj.minReplicas, - scaleTargetRef: toJson_CrossVersionObjectReferenceV2Beta2(obj.scaleTargetRef) - } + 'behavior': toJson_HorizontalPodAutoscalerBehaviorV2Beta2(obj.behavior), + 'maxReplicas': obj.maxReplicas, + 'metrics': obj.metrics?.map(y => toJson_MetricSpecV2Beta2(y)), + 'minReplicas': obj.minReplicas, + 'scaleTargetRef': toJson_CrossVersionObjectReferenceV2Beta2(obj.scaleTargetRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -12973,7 +12643,7 @@ export interface CronJobSpec { * * @schema io.k8s.api.batch.v1.CronJobSpec#concurrencyPolicy */ - readonly concurrencyPolicy?: string + readonly concurrencyPolicy?: string; /** * The number of failed finished jobs to retain. Value must be non-negative integer. Defaults to 1. @@ -12981,28 +12651,28 @@ export interface CronJobSpec { * @default 1. * @schema io.k8s.api.batch.v1.CronJobSpec#failedJobsHistoryLimit */ - readonly failedJobsHistoryLimit?: number + readonly failedJobsHistoryLimit?: number; /** * Specifies the job that will be created when executing a CronJob. * * @schema io.k8s.api.batch.v1.CronJobSpec#jobTemplate */ - readonly jobTemplate: JobTemplateSpec + readonly jobTemplate: JobTemplateSpec; /** * The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. * * @schema io.k8s.api.batch.v1.CronJobSpec#schedule */ - readonly schedule: string + readonly schedule: string; /** * Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones. * * @schema io.k8s.api.batch.v1.CronJobSpec#startingDeadlineSeconds */ - readonly startingDeadlineSeconds?: number + readonly startingDeadlineSeconds?: number; /** * The number of successful finished jobs to retain. Value must be non-negative integer. Defaults to 3. @@ -13010,7 +12680,7 @@ export interface CronJobSpec { * @default 3. * @schema io.k8s.api.batch.v1.CronJobSpec#successfulJobsHistoryLimit */ - readonly successfulJobsHistoryLimit?: number + readonly successfulJobsHistoryLimit?: number; /** * This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false. @@ -13018,14 +12688,15 @@ export interface CronJobSpec { * @default false. * @schema io.k8s.api.batch.v1.CronJobSpec#suspend */ - readonly suspend?: boolean + readonly suspend?: boolean; /** * The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones This is beta field and must be enabled via the `CronJobTimeZone` feature gate. * * @schema io.k8s.api.batch.v1.CronJobSpec#timeZone */ - readonly timeZone?: string + readonly timeZone?: string; + } /** @@ -13033,21 +12704,19 @@ export interface CronJobSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_CronJobSpec(obj: CronJobSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - concurrencyPolicy: obj.concurrencyPolicy, - failedJobsHistoryLimit: obj.failedJobsHistoryLimit, - jobTemplate: toJson_JobTemplateSpec(obj.jobTemplate), - schedule: obj.schedule, - startingDeadlineSeconds: obj.startingDeadlineSeconds, - successfulJobsHistoryLimit: obj.successfulJobsHistoryLimit, - suspend: obj.suspend, - timeZone: obj.timeZone - } + 'concurrencyPolicy': obj.concurrencyPolicy, + 'failedJobsHistoryLimit': obj.failedJobsHistoryLimit, + 'jobTemplate': toJson_JobTemplateSpec(obj.jobTemplate), + 'schedule': obj.schedule, + 'startingDeadlineSeconds': obj.startingDeadlineSeconds, + 'successfulJobsHistoryLimit': obj.successfulJobsHistoryLimit, + 'suspend': obj.suspend, + 'timeZone': obj.timeZone, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13062,7 +12731,7 @@ export interface JobSpec { * * @schema io.k8s.api.batch.v1.JobSpec#activeDeadlineSeconds */ - readonly activeDeadlineSeconds?: number + readonly activeDeadlineSeconds?: number; /** * Specifies the number of retries before marking this job failed. Defaults to 6 @@ -13070,7 +12739,7 @@ export interface JobSpec { * @default 6 * @schema io.k8s.api.batch.v1.JobSpec#backoffLimit */ - readonly backoffLimit?: number + readonly backoffLimit?: number; /** * CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. @@ -13083,28 +12752,28 @@ export interface JobSpec { * * @schema io.k8s.api.batch.v1.JobSpec#completionMode */ - readonly completionMode?: string + readonly completionMode?: string; /** * Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ * * @schema io.k8s.api.batch.v1.JobSpec#completions */ - readonly completions?: number + readonly completions?: number; /** * manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector * * @schema io.k8s.api.batch.v1.JobSpec#manualSelector */ - readonly manualSelector?: boolean + readonly manualSelector?: boolean; /** * Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ * * @schema io.k8s.api.batch.v1.JobSpec#parallelism */ - readonly parallelism?: number + readonly parallelism?: number; /** * Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure. @@ -13113,14 +12782,14 @@ export interface JobSpec { * * @schema io.k8s.api.batch.v1.JobSpec#podFailurePolicy */ - readonly podFailurePolicy?: PodFailurePolicy + readonly podFailurePolicy?: PodFailurePolicy; /** * A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors * * @schema io.k8s.api.batch.v1.JobSpec#selector */ - readonly selector?: LabelSelector + readonly selector?: LabelSelector; /** * Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false. @@ -13128,21 +12797,22 @@ export interface JobSpec { * @default false. * @schema io.k8s.api.batch.v1.JobSpec#suspend */ - readonly suspend?: boolean + readonly suspend?: boolean; /** * Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ * * @schema io.k8s.api.batch.v1.JobSpec#template */ - readonly template: PodTemplateSpec + readonly template: PodTemplateSpec; /** * ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. * * @schema io.k8s.api.batch.v1.JobSpec#ttlSecondsAfterFinished */ - readonly ttlSecondsAfterFinished?: number + readonly ttlSecondsAfterFinished?: number; + } /** @@ -13150,24 +12820,22 @@ export interface JobSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_JobSpec(obj: JobSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - activeDeadlineSeconds: obj.activeDeadlineSeconds, - backoffLimit: obj.backoffLimit, - completionMode: obj.completionMode, - completions: obj.completions, - manualSelector: obj.manualSelector, - parallelism: obj.parallelism, - podFailurePolicy: toJson_PodFailurePolicy(obj.podFailurePolicy), - selector: toJson_LabelSelector(obj.selector), - suspend: obj.suspend, - template: toJson_PodTemplateSpec(obj.template), - ttlSecondsAfterFinished: obj.ttlSecondsAfterFinished - } + 'activeDeadlineSeconds': obj.activeDeadlineSeconds, + 'backoffLimit': obj.backoffLimit, + 'completionMode': obj.completionMode, + 'completions': obj.completions, + 'manualSelector': obj.manualSelector, + 'parallelism': obj.parallelism, + 'podFailurePolicy': toJson_PodFailurePolicy(obj.podFailurePolicy), + 'selector': toJson_LabelSelector(obj.selector), + 'suspend': obj.suspend, + 'template': toJson_PodTemplateSpec(obj.template), + 'ttlSecondsAfterFinished': obj.ttlSecondsAfterFinished, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13193,28 +12861,28 @@ export interface CertificateSigningRequestSpec { * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#expirationSeconds */ - readonly expirationSeconds?: number + readonly expirationSeconds?: number; /** * extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#extra */ - readonly extra?: { [key: string]: string[] } + readonly extra?: { [key: string]: string[] }; /** * groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#groups */ - readonly groups?: string[] + readonly groups?: string[]; /** * request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#request */ - readonly request: string + readonly request: string; /** * signerName indicates the requested signer, and is a qualified name. @@ -13241,14 +12909,14 @@ export interface CertificateSigningRequestSpec { * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#signerName */ - readonly signerName: string + readonly signerName: string; /** * uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#uid */ - readonly uid?: string + readonly uid?: string; /** * usages specifies a set of key usages requested in the issued certificate. @@ -13268,44 +12936,35 @@ export interface CertificateSigningRequestSpec { * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#usages */ - readonly usages?: string[] + readonly usages?: string[]; /** * username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable. * * @schema io.k8s.api.certificates.v1.CertificateSigningRequestSpec#username */ - readonly username?: string + readonly username?: string; + } /** * Converts an object of type 'CertificateSigningRequestSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CertificateSigningRequestSpec( - obj: CertificateSigningRequestSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CertificateSigningRequestSpec(obj: CertificateSigningRequestSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - expirationSeconds: obj.expirationSeconds, - extra: - obj.extra === undefined - ? undefined - : Object.entries(obj.extra).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.map((y) => y) }), - {} - ), - groups: obj.groups?.map((y) => y), - request: obj.request, - signerName: obj.signerName, - uid: obj.uid, - usages: obj.usages?.map((y) => y), - username: obj.username - } + 'expirationSeconds': obj.expirationSeconds, + 'extra': ((obj.extra) === undefined) ? undefined : (Object.entries(obj.extra).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.map(y => y) }), {})), + 'groups': obj.groups?.map(y => y), + 'request': obj.request, + 'signerName': obj.signerName, + 'uid': obj.uid, + 'usages': obj.usages?.map(y => y), + 'username': obj.username, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13320,35 +12979,36 @@ export interface LeaseSpec { * * @schema io.k8s.api.coordination.v1.LeaseSpec#acquireTime */ - readonly acquireTime?: Date + readonly acquireTime?: Date; /** * holderIdentity contains the identity of the holder of a current lease. * * @schema io.k8s.api.coordination.v1.LeaseSpec#holderIdentity */ - readonly holderIdentity?: string + readonly holderIdentity?: string; /** * leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed RenewTime. * * @schema io.k8s.api.coordination.v1.LeaseSpec#leaseDurationSeconds */ - readonly leaseDurationSeconds?: number + readonly leaseDurationSeconds?: number; /** * leaseTransitions is the number of transitions of a lease between holders. * * @schema io.k8s.api.coordination.v1.LeaseSpec#leaseTransitions */ - readonly leaseTransitions?: number + readonly leaseTransitions?: number; /** * renewTime is a time when the current holder of a lease has last updated the lease. * * @schema io.k8s.api.coordination.v1.LeaseSpec#renewTime */ - readonly renewTime?: Date + readonly renewTime?: Date; + } /** @@ -13356,18 +13016,16 @@ export interface LeaseSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_LeaseSpec(obj: LeaseSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - acquireTime: obj.acquireTime?.toISOString(), - holderIdentity: obj.holderIdentity, - leaseDurationSeconds: obj.leaseDurationSeconds, - leaseTransitions: obj.leaseTransitions, - renewTime: obj.renewTime?.toISOString() - } + 'acquireTime': obj.acquireTime?.toISOString(), + 'holderIdentity': obj.holderIdentity, + 'leaseDurationSeconds': obj.leaseDurationSeconds, + 'leaseTransitions': obj.leaseTransitions, + 'renewTime': obj.renewTime?.toISOString(), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13382,49 +13040,50 @@ export interface ObjectReference { * * @schema io.k8s.api.core.v1.ObjectReference#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. * * @schema io.k8s.api.core.v1.ObjectReference#fieldPath */ - readonly fieldPath?: string + readonly fieldPath?: string; /** * Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.api.core.v1.ObjectReference#kind */ - readonly kind?: string + readonly kind?: string; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.ObjectReference#name */ - readonly name?: string + readonly name?: string; /** * Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ * * @schema io.k8s.api.core.v1.ObjectReference#namespace */ - readonly namespace?: string + readonly namespace?: string; /** * Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency * * @schema io.k8s.api.core.v1.ObjectReference#resourceVersion */ - readonly resourceVersion?: string + readonly resourceVersion?: string; /** * UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids * * @schema io.k8s.api.core.v1.ObjectReference#uid */ - readonly uid?: string + readonly uid?: string; + } /** @@ -13432,20 +13091,18 @@ export interface ObjectReference { */ /* eslint-disable max-len, quote-props */ export function toJson_ObjectReference(obj: ObjectReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - fieldPath: obj.fieldPath, - kind: obj.kind, - name: obj.name, - namespace: obj.namespace, - resourceVersion: obj.resourceVersion, - uid: obj.uid - } + 'apiVersion': obj.apiVersion, + 'fieldPath': obj.fieldPath, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'resourceVersion': obj.resourceVersion, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13460,28 +13117,29 @@ export interface ComponentCondition { * * @schema io.k8s.api.core.v1.ComponentCondition#error */ - readonly error?: string + readonly error?: string; /** * Message about the condition for a component. For example, information about a health check. * * @schema io.k8s.api.core.v1.ComponentCondition#message */ - readonly message?: string + readonly message?: string; /** * Status of the condition for a component. Valid values for "Healthy": "True", "False", or "Unknown". * * @schema io.k8s.api.core.v1.ComponentCondition#status */ - readonly status: string + readonly status: string; /** * Type of condition for a component. Valid value: "Healthy" * * @schema io.k8s.api.core.v1.ComponentCondition#type */ - readonly type: string + readonly type: string; + } /** @@ -13489,17 +13147,15 @@ export interface ComponentCondition { */ /* eslint-disable max-len, quote-props */ export function toJson_ComponentCondition(obj: ComponentCondition | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - error: obj.error, - message: obj.message, - status: obj.status, - type: obj.type - } + 'error': obj.error, + 'message': obj.message, + 'status': obj.status, + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13524,21 +13180,22 @@ export interface EndpointSubset { * * @schema io.k8s.api.core.v1.EndpointSubset#addresses */ - readonly addresses?: EndpointAddress[] + readonly addresses?: EndpointAddress[]; /** * IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check. * * @schema io.k8s.api.core.v1.EndpointSubset#notReadyAddresses */ - readonly notReadyAddresses?: EndpointAddress[] + readonly notReadyAddresses?: EndpointAddress[]; /** * Port numbers available on the related IP addresses. * * @schema io.k8s.api.core.v1.EndpointSubset#ports */ - readonly ports?: EndpointPort[] + readonly ports?: EndpointPort[]; + } /** @@ -13546,16 +13203,14 @@ export interface EndpointSubset { */ /* eslint-disable max-len, quote-props */ export function toJson_EndpointSubset(obj: EndpointSubset | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - addresses: obj.addresses?.map((y) => toJson_EndpointAddress(y)), - notReadyAddresses: obj.notReadyAddresses?.map((y) => toJson_EndpointAddress(y)), - ports: obj.ports?.map((y) => toJson_EndpointPort(y)) - } + 'addresses': obj.addresses?.map(y => toJson_EndpointAddress(y)), + 'notReadyAddresses': obj.notReadyAddresses?.map(y => toJson_EndpointAddress(y)), + 'ports': obj.ports?.map(y => toJson_EndpointPort(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13570,14 +13225,15 @@ export interface EventSource { * * @schema io.k8s.api.core.v1.EventSource#component */ - readonly component?: string + readonly component?: string; /** * Node name on which the event is generated. * * @schema io.k8s.api.core.v1.EventSource#host */ - readonly host?: string + readonly host?: string; + } /** @@ -13585,15 +13241,13 @@ export interface EventSource { */ /* eslint-disable max-len, quote-props */ export function toJson_EventSource(obj: EventSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - component: obj.component, - host: obj.host - } + 'component': obj.component, + 'host': obj.host, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13608,14 +13262,15 @@ export interface EventSeries { * * @schema io.k8s.api.events.v1.EventSeries#count */ - readonly count: number + readonly count: number; /** * lastObservedTime is the time when last Event from the series was seen before last heartbeat. * * @schema io.k8s.api.events.v1.EventSeries#lastObservedTime */ - readonly lastObservedTime: Date + readonly lastObservedTime: Date; + } /** @@ -13623,15 +13278,13 @@ export interface EventSeries { */ /* eslint-disable max-len, quote-props */ export function toJson_EventSeries(obj: EventSeries | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - count: obj.count, - lastObservedTime: obj.lastObservedTime?.toISOString() - } + 'count': obj.count, + 'lastObservedTime': obj.lastObservedTime?.toISOString(), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13646,7 +13299,8 @@ export interface LimitRangeSpec { * * @schema io.k8s.api.core.v1.LimitRangeSpec#limits */ - readonly limits: LimitRangeItem[] + readonly limits: LimitRangeItem[]; + } /** @@ -13654,14 +13308,12 @@ export interface LimitRangeSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_LimitRangeSpec(obj: LimitRangeSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - limits: obj.limits?.map((y) => toJson_LimitRangeItem(y)) - } + 'limits': obj.limits?.map(y => toJson_LimitRangeItem(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13676,7 +13328,8 @@ export interface NamespaceSpec { * * @schema io.k8s.api.core.v1.NamespaceSpec#finalizers */ - readonly finalizers?: string[] + readonly finalizers?: string[]; + } /** @@ -13684,14 +13337,12 @@ export interface NamespaceSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_NamespaceSpec(obj: NamespaceSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - finalizers: obj.finalizers?.map((y) => y) - } + 'finalizers': obj.finalizers?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13706,49 +13357,50 @@ export interface NodeSpec { * * @schema io.k8s.api.core.v1.NodeSpec#configSource */ - readonly configSource?: NodeConfigSource + readonly configSource?: NodeConfigSource; /** * Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966 * * @schema io.k8s.api.core.v1.NodeSpec#externalID */ - readonly externalId?: string + readonly externalId?: string; /** * PodCIDR represents the pod IP range assigned to the node. * * @schema io.k8s.api.core.v1.NodeSpec#podCIDR */ - readonly podCidr?: string + readonly podCidr?: string; /** * podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6. * * @schema io.k8s.api.core.v1.NodeSpec#podCIDRs */ - readonly podCidRs?: string[] + readonly podCidRs?: string[]; /** * ID of the node assigned by the cloud provider in the format: :// * * @schema io.k8s.api.core.v1.NodeSpec#providerID */ - readonly providerId?: string + readonly providerId?: string; /** * If specified, the node's taints. * * @schema io.k8s.api.core.v1.NodeSpec#taints */ - readonly taints?: Taint[] + readonly taints?: Taint[]; /** * Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration * * @schema io.k8s.api.core.v1.NodeSpec#unschedulable */ - readonly unschedulable?: boolean + readonly unschedulable?: boolean; + } /** @@ -13756,20 +13408,18 @@ export interface NodeSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_NodeSpec(obj: NodeSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - configSource: toJson_NodeConfigSource(obj.configSource), - externalID: obj.externalId, - podCIDR: obj.podCidr, - podCIDRs: obj.podCidRs?.map((y) => y), - providerID: obj.providerId, - taints: obj.taints?.map((y) => toJson_Taint(y)), - unschedulable: obj.unschedulable - } + 'configSource': toJson_NodeConfigSource(obj.configSource), + 'externalID': obj.externalId, + 'podCIDR': obj.podCidr, + 'podCIDRs': obj.podCidRs?.map(y => y), + 'providerID': obj.providerId, + 'taints': obj.taints?.map(y => toJson_Taint(y)), + 'unschedulable': obj.unschedulable, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -13784,140 +13434,140 @@ export interface PersistentVolumeSpec { * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#accessModes */ - readonly accessModes?: string[] + readonly accessModes?: string[]; /** * awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#awsElasticBlockStore */ - readonly awsElasticBlockStore?: AwsElasticBlockStoreVolumeSource + readonly awsElasticBlockStore?: AwsElasticBlockStoreVolumeSource; /** * azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#azureDisk */ - readonly azureDisk?: AzureDiskVolumeSource + readonly azureDisk?: AzureDiskVolumeSource; /** * azureFile represents an Azure File Service mount on the host and bind mount to the pod. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#azureFile */ - readonly azureFile?: AzureFilePersistentVolumeSource + readonly azureFile?: AzureFilePersistentVolumeSource; /** * capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#capacity */ - readonly capacity?: { [key: string]: Quantity } + readonly capacity?: { [key: string]: Quantity }; /** * cephFS represents a Ceph FS mount on the host that shares a pod's lifetime * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#cephfs */ - readonly cephfs?: CephFsPersistentVolumeSource + readonly cephfs?: CephFsPersistentVolumeSource; /** * cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#cinder */ - readonly cinder?: CinderPersistentVolumeSource + readonly cinder?: CinderPersistentVolumeSource; /** * claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#claimRef */ - readonly claimRef?: ObjectReference + readonly claimRef?: ObjectReference; /** * csi represents storage that is handled by an external CSI driver (Beta feature). * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#csi */ - readonly csi?: CsiPersistentVolumeSource + readonly csi?: CsiPersistentVolumeSource; /** * fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#fc */ - readonly fc?: FcVolumeSource + readonly fc?: FcVolumeSource; /** * flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#flexVolume */ - readonly flexVolume?: FlexPersistentVolumeSource + readonly flexVolume?: FlexPersistentVolumeSource; /** * flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#flocker */ - readonly flocker?: FlockerVolumeSource + readonly flocker?: FlockerVolumeSource; /** * gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#gcePersistentDisk */ - readonly gcePersistentDisk?: GcePersistentDiskVolumeSource + readonly gcePersistentDisk?: GcePersistentDiskVolumeSource; /** * glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#glusterfs */ - readonly glusterfs?: GlusterfsPersistentVolumeSource + readonly glusterfs?: GlusterfsPersistentVolumeSource; /** * hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#hostPath */ - readonly hostPath?: HostPathVolumeSource + readonly hostPath?: HostPathVolumeSource; /** * iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#iscsi */ - readonly iscsi?: IscsiPersistentVolumeSource + readonly iscsi?: IscsiPersistentVolumeSource; /** * local represents directly-attached storage with node affinity * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#local */ - readonly local?: LocalVolumeSource + readonly local?: LocalVolumeSource; /** * mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#mountOptions */ - readonly mountOptions?: string[] + readonly mountOptions?: string[]; /** * nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#nfs */ - readonly nfs?: NfsVolumeSource + readonly nfs?: NfsVolumeSource; /** * nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#nodeAffinity */ - readonly nodeAffinity?: VolumeNodeAffinity + readonly nodeAffinity?: VolumeNodeAffinity; /** * persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming @@ -13926,70 +13576,71 @@ export interface PersistentVolumeSpec { * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#persistentVolumeReclaimPolicy */ - readonly persistentVolumeReclaimPolicy?: string + readonly persistentVolumeReclaimPolicy?: string; /** * photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#photonPersistentDisk */ - readonly photonPersistentDisk?: PhotonPersistentDiskVolumeSource + readonly photonPersistentDisk?: PhotonPersistentDiskVolumeSource; /** * portworxVolume represents a portworx volume attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#portworxVolume */ - readonly portworxVolume?: PortworxVolumeSource + readonly portworxVolume?: PortworxVolumeSource; /** * quobyte represents a Quobyte mount on the host that shares a pod's lifetime * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#quobyte */ - readonly quobyte?: QuobyteVolumeSource + readonly quobyte?: QuobyteVolumeSource; /** * rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#rbd */ - readonly rbd?: RbdPersistentVolumeSource + readonly rbd?: RbdPersistentVolumeSource; /** * scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#scaleIO */ - readonly scaleIo?: ScaleIoPersistentVolumeSource + readonly scaleIo?: ScaleIoPersistentVolumeSource; /** * storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#storageClassName */ - readonly storageClassName?: string + readonly storageClassName?: string; /** * storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#storageos */ - readonly storageos?: StorageOsPersistentVolumeSource + readonly storageos?: StorageOsPersistentVolumeSource; /** * volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec. * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#volumeMode */ - readonly volumeMode?: string + readonly volumeMode?: string; /** * vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.PersistentVolumeSpec#vsphereVolume */ - readonly vsphereVolume?: VsphereVirtualDiskVolumeSource + readonly vsphereVolume?: VsphereVirtualDiskVolumeSource; + } /** @@ -13997,46 +13648,41 @@ export interface PersistentVolumeSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_PersistentVolumeSpec(obj: PersistentVolumeSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - accessModes: obj.accessModes?.map((y) => y), - awsElasticBlockStore: toJson_AwsElasticBlockStoreVolumeSource(obj.awsElasticBlockStore), - azureDisk: toJson_AzureDiskVolumeSource(obj.azureDisk), - azureFile: toJson_AzureFilePersistentVolumeSource(obj.azureFile), - capacity: - obj.capacity === undefined - ? undefined - : Object.entries(obj.capacity).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - cephfs: toJson_CephFsPersistentVolumeSource(obj.cephfs), - cinder: toJson_CinderPersistentVolumeSource(obj.cinder), - claimRef: toJson_ObjectReference(obj.claimRef), - csi: toJson_CsiPersistentVolumeSource(obj.csi), - fc: toJson_FcVolumeSource(obj.fc), - flexVolume: toJson_FlexPersistentVolumeSource(obj.flexVolume), - flocker: toJson_FlockerVolumeSource(obj.flocker), - gcePersistentDisk: toJson_GcePersistentDiskVolumeSource(obj.gcePersistentDisk), - glusterfs: toJson_GlusterfsPersistentVolumeSource(obj.glusterfs), - hostPath: toJson_HostPathVolumeSource(obj.hostPath), - iscsi: toJson_IscsiPersistentVolumeSource(obj.iscsi), - local: toJson_LocalVolumeSource(obj.local), - mountOptions: obj.mountOptions?.map((y) => y), - nfs: toJson_NfsVolumeSource(obj.nfs), - nodeAffinity: toJson_VolumeNodeAffinity(obj.nodeAffinity), - persistentVolumeReclaimPolicy: obj.persistentVolumeReclaimPolicy, - photonPersistentDisk: toJson_PhotonPersistentDiskVolumeSource(obj.photonPersistentDisk), - portworxVolume: toJson_PortworxVolumeSource(obj.portworxVolume), - quobyte: toJson_QuobyteVolumeSource(obj.quobyte), - rbd: toJson_RbdPersistentVolumeSource(obj.rbd), - scaleIO: toJson_ScaleIoPersistentVolumeSource(obj.scaleIo), - storageClassName: obj.storageClassName, - storageos: toJson_StorageOsPersistentVolumeSource(obj.storageos), - volumeMode: obj.volumeMode, - vsphereVolume: toJson_VsphereVirtualDiskVolumeSource(obj.vsphereVolume) - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'accessModes': obj.accessModes?.map(y => y), + 'awsElasticBlockStore': toJson_AwsElasticBlockStoreVolumeSource(obj.awsElasticBlockStore), + 'azureDisk': toJson_AzureDiskVolumeSource(obj.azureDisk), + 'azureFile': toJson_AzureFilePersistentVolumeSource(obj.azureFile), + 'capacity': ((obj.capacity) === undefined) ? undefined : (Object.entries(obj.capacity).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'cephfs': toJson_CephFsPersistentVolumeSource(obj.cephfs), + 'cinder': toJson_CinderPersistentVolumeSource(obj.cinder), + 'claimRef': toJson_ObjectReference(obj.claimRef), + 'csi': toJson_CsiPersistentVolumeSource(obj.csi), + 'fc': toJson_FcVolumeSource(obj.fc), + 'flexVolume': toJson_FlexPersistentVolumeSource(obj.flexVolume), + 'flocker': toJson_FlockerVolumeSource(obj.flocker), + 'gcePersistentDisk': toJson_GcePersistentDiskVolumeSource(obj.gcePersistentDisk), + 'glusterfs': toJson_GlusterfsPersistentVolumeSource(obj.glusterfs), + 'hostPath': toJson_HostPathVolumeSource(obj.hostPath), + 'iscsi': toJson_IscsiPersistentVolumeSource(obj.iscsi), + 'local': toJson_LocalVolumeSource(obj.local), + 'mountOptions': obj.mountOptions?.map(y => y), + 'nfs': toJson_NfsVolumeSource(obj.nfs), + 'nodeAffinity': toJson_VolumeNodeAffinity(obj.nodeAffinity), + 'persistentVolumeReclaimPolicy': obj.persistentVolumeReclaimPolicy, + 'photonPersistentDisk': toJson_PhotonPersistentDiskVolumeSource(obj.photonPersistentDisk), + 'portworxVolume': toJson_PortworxVolumeSource(obj.portworxVolume), + 'quobyte': toJson_QuobyteVolumeSource(obj.quobyte), + 'rbd': toJson_RbdPersistentVolumeSource(obj.rbd), + 'scaleIO': toJson_ScaleIoPersistentVolumeSource(obj.scaleIo), + 'storageClassName': obj.storageClassName, + 'storageos': toJson_StorageOsPersistentVolumeSource(obj.storageos), + 'volumeMode': obj.volumeMode, + 'vsphereVolume': toJson_VsphereVirtualDiskVolumeSource(obj.vsphereVolume), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14051,14 +13697,14 @@ export interface PersistentVolumeClaimSpec { * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#accessModes */ - readonly accessModes?: string[] + readonly accessModes?: string[]; /** * dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#dataSource */ - readonly dataSource?: TypedLocalObjectReference + readonly dataSource?: TypedLocalObjectReference; /** * dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef @@ -14070,66 +13716,63 @@ export interface PersistentVolumeClaimSpec { * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#dataSourceRef */ - readonly dataSourceRef?: TypedLocalObjectReference + readonly dataSourceRef?: TypedLocalObjectReference; /** * resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#resources */ - readonly resources?: ResourceRequirements + readonly resources?: ResourceRequirements; /** * selector is a label query over volumes to consider for binding. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#selector */ - readonly selector?: LabelSelector + readonly selector?: LabelSelector; /** * storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#storageClassName */ - readonly storageClassName?: string + readonly storageClassName?: string; /** * volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#volumeMode */ - readonly volumeMode?: string + readonly volumeMode?: string; /** * volumeName is the binding reference to the PersistentVolume backing this claim. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimSpec#volumeName */ - readonly volumeName?: string + readonly volumeName?: string; + } /** * Converts an object of type 'PersistentVolumeClaimSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PersistentVolumeClaimSpec( - obj: PersistentVolumeClaimSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PersistentVolumeClaimSpec(obj: PersistentVolumeClaimSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - accessModes: obj.accessModes?.map((y) => y), - dataSource: toJson_TypedLocalObjectReference(obj.dataSource), - dataSourceRef: toJson_TypedLocalObjectReference(obj.dataSourceRef), - resources: toJson_ResourceRequirements(obj.resources), - selector: toJson_LabelSelector(obj.selector), - storageClassName: obj.storageClassName, - volumeMode: obj.volumeMode, - volumeName: obj.volumeName - } + 'accessModes': obj.accessModes?.map(y => y), + 'dataSource': toJson_TypedLocalObjectReference(obj.dataSource), + 'dataSourceRef': toJson_TypedLocalObjectReference(obj.dataSourceRef), + 'resources': toJson_ResourceRequirements(obj.resources), + 'selector': toJson_LabelSelector(obj.selector), + 'storageClassName': obj.storageClassName, + 'volumeMode': obj.volumeMode, + 'volumeName': obj.volumeName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14144,35 +13787,35 @@ export interface PodSpec { * * @schema io.k8s.api.core.v1.PodSpec#activeDeadlineSeconds */ - readonly activeDeadlineSeconds?: number + readonly activeDeadlineSeconds?: number; /** * If specified, the pod's scheduling constraints * * @schema io.k8s.api.core.v1.PodSpec#affinity */ - readonly affinity?: Affinity + readonly affinity?: Affinity; /** * AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. * * @schema io.k8s.api.core.v1.PodSpec#automountServiceAccountToken */ - readonly automountServiceAccountToken?: boolean + readonly automountServiceAccountToken?: boolean; /** * List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. * * @schema io.k8s.api.core.v1.PodSpec#containers */ - readonly containers: Container[] + readonly containers: Container[]; /** * Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. * * @schema io.k8s.api.core.v1.PodSpec#dnsConfig */ - readonly dnsConfig?: PodDnsConfig + readonly dnsConfig?: PodDnsConfig; /** * Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. @@ -14182,7 +13825,7 @@ export interface PodSpec { * @default ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. * @schema io.k8s.api.core.v1.PodSpec#dnsPolicy */ - readonly dnsPolicy?: string + readonly dnsPolicy?: string; /** * EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. @@ -14190,21 +13833,21 @@ export interface PodSpec { * @default true. * @schema io.k8s.api.core.v1.PodSpec#enableServiceLinks */ - readonly enableServiceLinks?: boolean + readonly enableServiceLinks?: boolean; /** * List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. * * @schema io.k8s.api.core.v1.PodSpec#ephemeralContainers */ - readonly ephemeralContainers?: EphemeralContainer[] + readonly ephemeralContainers?: EphemeralContainer[]; /** * HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. * * @schema io.k8s.api.core.v1.PodSpec#hostAliases */ - readonly hostAliases?: HostAlias[] + readonly hostAliases?: HostAlias[]; /** * Use the host's ipc namespace. Optional: Default to false. @@ -14212,7 +13855,7 @@ export interface PodSpec { * @default false. * @schema io.k8s.api.core.v1.PodSpec#hostIPC */ - readonly hostIpc?: boolean + readonly hostIpc?: boolean; /** * Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. @@ -14220,7 +13863,7 @@ export interface PodSpec { * @default false. * @schema io.k8s.api.core.v1.PodSpec#hostNetwork */ - readonly hostNetwork?: boolean + readonly hostNetwork?: boolean; /** * Use the host's pid namespace. Optional: Default to false. @@ -14228,7 +13871,7 @@ export interface PodSpec { * @default false. * @schema io.k8s.api.core.v1.PodSpec#hostPID */ - readonly hostPid?: boolean + readonly hostPid?: boolean; /** * Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. @@ -14236,42 +13879,42 @@ export interface PodSpec { * @default true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. * @schema io.k8s.api.core.v1.PodSpec#hostUsers */ - readonly hostUsers?: boolean + readonly hostUsers?: boolean; /** * Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. * * @schema io.k8s.api.core.v1.PodSpec#hostname */ - readonly hostname?: string + readonly hostname?: string; /** * ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod * * @schema io.k8s.api.core.v1.PodSpec#imagePullSecrets */ - readonly imagePullSecrets?: LocalObjectReference[] + readonly imagePullSecrets?: LocalObjectReference[]; /** * List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ * * @schema io.k8s.api.core.v1.PodSpec#initContainers */ - readonly initContainers?: Container[] + readonly initContainers?: Container[]; /** * NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. * * @schema io.k8s.api.core.v1.PodSpec#nodeName */ - readonly nodeName?: string + readonly nodeName?: string; /** * NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ * * @schema io.k8s.api.core.v1.PodSpec#nodeSelector */ - readonly nodeSelector?: { [key: string]: string } + readonly nodeSelector?: { [key: string]: string }; /** * Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. @@ -14282,14 +13925,14 @@ export interface PodSpec { * * @schema io.k8s.api.core.v1.PodSpec#os */ - readonly os?: PodOs + readonly os?: PodOs; /** * Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md * * @schema io.k8s.api.core.v1.PodSpec#overhead */ - readonly overhead?: { [key: string]: Quantity } + readonly overhead?: { [key: string]: Quantity }; /** * PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. @@ -14297,28 +13940,28 @@ export interface PodSpec { * @default PreemptLowerPriority if unset. * @schema io.k8s.api.core.v1.PodSpec#preemptionPolicy */ - readonly preemptionPolicy?: string + readonly preemptionPolicy?: string; /** * The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. * * @schema io.k8s.api.core.v1.PodSpec#priority */ - readonly priority?: number + readonly priority?: number; /** * If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. * * @schema io.k8s.api.core.v1.PodSpec#priorityClassName */ - readonly priorityClassName?: string + readonly priorityClassName?: string; /** * If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates * * @schema io.k8s.api.core.v1.PodSpec#readinessGates */ - readonly readinessGates?: PodReadinessGate[] + readonly readinessGates?: PodReadinessGate[]; /** * Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy @@ -14328,21 +13971,21 @@ export interface PodSpec { * @default Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy * @schema io.k8s.api.core.v1.PodSpec#restartPolicy */ - readonly restartPolicy?: string + readonly restartPolicy?: string; /** * RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class * * @schema io.k8s.api.core.v1.PodSpec#runtimeClassName */ - readonly runtimeClassName?: string + readonly runtimeClassName?: string; /** * If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. * * @schema io.k8s.api.core.v1.PodSpec#schedulerName */ - readonly schedulerName?: string + readonly schedulerName?: string; /** * SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. @@ -14350,21 +13993,21 @@ export interface PodSpec { * @default empty. See type description for default values of each field. * @schema io.k8s.api.core.v1.PodSpec#securityContext */ - readonly securityContext?: PodSecurityContext + readonly securityContext?: PodSecurityContext; /** * DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead. * * @schema io.k8s.api.core.v1.PodSpec#serviceAccount */ - readonly serviceAccount?: string + readonly serviceAccount?: string; /** * ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ * * @schema io.k8s.api.core.v1.PodSpec#serviceAccountName */ - readonly serviceAccountName?: string + readonly serviceAccountName?: string; /** * If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. @@ -14372,7 +14015,7 @@ export interface PodSpec { * @default false. * @schema io.k8s.api.core.v1.PodSpec#setHostnameAsFQDN */ - readonly setHostnameAsFqdn?: boolean + readonly setHostnameAsFqdn?: boolean; /** * Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. @@ -14380,14 +14023,14 @@ export interface PodSpec { * @default false. * @schema io.k8s.api.core.v1.PodSpec#shareProcessNamespace */ - readonly shareProcessNamespace?: boolean + readonly shareProcessNamespace?: boolean; /** * If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. * * @schema io.k8s.api.core.v1.PodSpec#subdomain */ - readonly subdomain?: string + readonly subdomain?: string; /** * Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. @@ -14395,28 +14038,29 @@ export interface PodSpec { * @default 30 seconds. * @schema io.k8s.api.core.v1.PodSpec#terminationGracePeriodSeconds */ - readonly terminationGracePeriodSeconds?: number + readonly terminationGracePeriodSeconds?: number; /** * If specified, the pod's tolerations. * * @schema io.k8s.api.core.v1.PodSpec#tolerations */ - readonly tolerations?: Toleration[] + readonly tolerations?: Toleration[]; /** * TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. * * @schema io.k8s.api.core.v1.PodSpec#topologySpreadConstraints */ - readonly topologySpreadConstraints?: TopologySpreadConstraint[] + readonly topologySpreadConstraints?: TopologySpreadConstraint[]; /** * List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes * * @schema io.k8s.api.core.v1.PodSpec#volumes */ - readonly volumes?: Volume[] + readonly volumes?: Volume[]; + } /** @@ -14424,56 +14068,48 @@ export interface PodSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_PodSpec(obj: PodSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - activeDeadlineSeconds: obj.activeDeadlineSeconds, - affinity: toJson_Affinity(obj.affinity), - automountServiceAccountToken: obj.automountServiceAccountToken, - containers: obj.containers?.map((y) => toJson_Container(y)), - dnsConfig: toJson_PodDnsConfig(obj.dnsConfig), - dnsPolicy: obj.dnsPolicy, - enableServiceLinks: obj.enableServiceLinks, - ephemeralContainers: obj.ephemeralContainers?.map((y) => toJson_EphemeralContainer(y)), - hostAliases: obj.hostAliases?.map((y) => toJson_HostAlias(y)), - hostIPC: obj.hostIpc, - hostNetwork: obj.hostNetwork, - hostPID: obj.hostPid, - hostUsers: obj.hostUsers, - hostname: obj.hostname, - imagePullSecrets: obj.imagePullSecrets?.map((y) => toJson_LocalObjectReference(y)), - initContainers: obj.initContainers?.map((y) => toJson_Container(y)), - nodeName: obj.nodeName, - nodeSelector: - obj.nodeSelector === undefined - ? undefined - : Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - os: toJson_PodOs(obj.os), - overhead: - obj.overhead === undefined - ? undefined - : Object.entries(obj.overhead).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - preemptionPolicy: obj.preemptionPolicy, - priority: obj.priority, - priorityClassName: obj.priorityClassName, - readinessGates: obj.readinessGates?.map((y) => toJson_PodReadinessGate(y)), - restartPolicy: obj.restartPolicy, - runtimeClassName: obj.runtimeClassName, - schedulerName: obj.schedulerName, - securityContext: toJson_PodSecurityContext(obj.securityContext), - serviceAccount: obj.serviceAccount, - serviceAccountName: obj.serviceAccountName, - setHostnameAsFQDN: obj.setHostnameAsFqdn, - shareProcessNamespace: obj.shareProcessNamespace, - subdomain: obj.subdomain, - terminationGracePeriodSeconds: obj.terminationGracePeriodSeconds, - tolerations: obj.tolerations?.map((y) => toJson_Toleration(y)), - topologySpreadConstraints: obj.topologySpreadConstraints?.map((y) => toJson_TopologySpreadConstraint(y)), - volumes: obj.volumes?.map((y) => toJson_Volume(y)) - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'activeDeadlineSeconds': obj.activeDeadlineSeconds, + 'affinity': toJson_Affinity(obj.affinity), + 'automountServiceAccountToken': obj.automountServiceAccountToken, + 'containers': obj.containers?.map(y => toJson_Container(y)), + 'dnsConfig': toJson_PodDnsConfig(obj.dnsConfig), + 'dnsPolicy': obj.dnsPolicy, + 'enableServiceLinks': obj.enableServiceLinks, + 'ephemeralContainers': obj.ephemeralContainers?.map(y => toJson_EphemeralContainer(y)), + 'hostAliases': obj.hostAliases?.map(y => toJson_HostAlias(y)), + 'hostIPC': obj.hostIpc, + 'hostNetwork': obj.hostNetwork, + 'hostPID': obj.hostPid, + 'hostUsers': obj.hostUsers, + 'hostname': obj.hostname, + 'imagePullSecrets': obj.imagePullSecrets?.map(y => toJson_LocalObjectReference(y)), + 'initContainers': obj.initContainers?.map(y => toJson_Container(y)), + 'nodeName': obj.nodeName, + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'os': toJson_PodOs(obj.os), + 'overhead': ((obj.overhead) === undefined) ? undefined : (Object.entries(obj.overhead).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'preemptionPolicy': obj.preemptionPolicy, + 'priority': obj.priority, + 'priorityClassName': obj.priorityClassName, + 'readinessGates': obj.readinessGates?.map(y => toJson_PodReadinessGate(y)), + 'restartPolicy': obj.restartPolicy, + 'runtimeClassName': obj.runtimeClassName, + 'schedulerName': obj.schedulerName, + 'securityContext': toJson_PodSecurityContext(obj.securityContext), + 'serviceAccount': obj.serviceAccount, + 'serviceAccountName': obj.serviceAccountName, + 'setHostnameAsFQDN': obj.setHostnameAsFqdn, + 'shareProcessNamespace': obj.shareProcessNamespace, + 'subdomain': obj.subdomain, + 'terminationGracePeriodSeconds': obj.terminationGracePeriodSeconds, + 'tolerations': obj.tolerations?.map(y => toJson_Toleration(y)), + 'topologySpreadConstraints': obj.topologySpreadConstraints?.map(y => toJson_TopologySpreadConstraint(y)), + 'volumes': obj.volumes?.map(y => toJson_Volume(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14488,14 +14124,15 @@ export interface PodTemplateSpec { * * @schema io.k8s.api.core.v1.PodTemplateSpec#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.core.v1.PodTemplateSpec#spec */ - readonly spec?: PodSpec + readonly spec?: PodSpec; + } /** @@ -14503,15 +14140,13 @@ export interface PodTemplateSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_PodTemplateSpec(obj: PodTemplateSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PodSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PodSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14527,7 +14162,7 @@ export interface ReplicationControllerSpec { * @default 0 (pod will be considered available as soon as it is ready) * @schema io.k8s.api.core.v1.ReplicationControllerSpec#minReadySeconds */ - readonly minReadySeconds?: number + readonly minReadySeconds?: number; /** * Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller @@ -14535,44 +14170,38 @@ export interface ReplicationControllerSpec { * @default 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller * @schema io.k8s.api.core.v1.ReplicationControllerSpec#replicas */ - readonly replicas?: number + readonly replicas?: number; /** * Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors * * @schema io.k8s.api.core.v1.ReplicationControllerSpec#selector */ - readonly selector?: { [key: string]: string } + readonly selector?: { [key: string]: string }; /** * Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template * * @schema io.k8s.api.core.v1.ReplicationControllerSpec#template */ - readonly template?: PodTemplateSpec + readonly template?: PodTemplateSpec; + } /** * Converts an object of type 'ReplicationControllerSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ReplicationControllerSpec( - obj: ReplicationControllerSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ReplicationControllerSpec(obj: ReplicationControllerSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - minReadySeconds: obj.minReadySeconds, - replicas: obj.replicas, - selector: - obj.selector === undefined - ? undefined - : Object.entries(obj.selector).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - template: toJson_PodTemplateSpec(obj.template) - } + 'minReadySeconds': obj.minReadySeconds, + 'replicas': obj.replicas, + 'selector': ((obj.selector) === undefined) ? undefined : (Object.entries(obj.selector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'template': toJson_PodTemplateSpec(obj.template), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14587,21 +14216,22 @@ export interface ResourceQuotaSpec { * * @schema io.k8s.api.core.v1.ResourceQuotaSpec#hard */ - readonly hard?: { [key: string]: Quantity } + readonly hard?: { [key: string]: Quantity }; /** * scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. * * @schema io.k8s.api.core.v1.ResourceQuotaSpec#scopeSelector */ - readonly scopeSelector?: ScopeSelector + readonly scopeSelector?: ScopeSelector; /** * A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. * * @schema io.k8s.api.core.v1.ResourceQuotaSpec#scopes */ - readonly scopes?: string[] + readonly scopes?: string[]; + } /** @@ -14609,19 +14239,14 @@ export interface ResourceQuotaSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_ResourceQuotaSpec(obj: ResourceQuotaSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - hard: - obj.hard === undefined - ? undefined - : Object.entries(obj.hard).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - scopeSelector: toJson_ScopeSelector(obj.scopeSelector), - scopes: obj.scopes?.map((y) => y) - } + 'hard': ((obj.hard) === undefined) ? undefined : (Object.entries(obj.hard).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'scopeSelector': toJson_ScopeSelector(obj.scopeSelector), + 'scopes': obj.scopes?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14637,14 +14262,14 @@ export interface ServiceSpec { * @default true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. * @schema io.k8s.api.core.v1.ServiceSpec#allocateLoadBalancerNodePorts */ - readonly allocateLoadBalancerNodePorts?: boolean + readonly allocateLoadBalancerNodePorts?: boolean; /** * clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies * * @schema io.k8s.api.core.v1.ServiceSpec#clusterIP */ - readonly clusterIp?: string + readonly clusterIp?: string; /** * ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. @@ -14653,21 +14278,21 @@ export interface ServiceSpec { * * @schema io.k8s.api.core.v1.ServiceSpec#clusterIPs */ - readonly clusterIPs?: string[] + readonly clusterIPs?: string[]; /** * externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. * * @schema io.k8s.api.core.v1.ServiceSpec#externalIPs */ - readonly externalIPs?: string[] + readonly externalIPs?: string[]; /** * externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". * * @schema io.k8s.api.core.v1.ServiceSpec#externalName */ - readonly externalName?: string + readonly externalName?: string; /** * externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. @@ -14676,21 +14301,21 @@ export interface ServiceSpec { * * @schema io.k8s.api.core.v1.ServiceSpec#externalTrafficPolicy */ - readonly externalTrafficPolicy?: string + readonly externalTrafficPolicy?: string; /** * healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set. * * @schema io.k8s.api.core.v1.ServiceSpec#healthCheckNodePort */ - readonly healthCheckNodePort?: number + readonly healthCheckNodePort?: number; /** * InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). * * @schema io.k8s.api.core.v1.ServiceSpec#internalTrafficPolicy */ - readonly internalTrafficPolicy?: string + readonly internalTrafficPolicy?: string; /** * IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. @@ -14699,56 +14324,56 @@ export interface ServiceSpec { * * @schema io.k8s.api.core.v1.ServiceSpec#ipFamilies */ - readonly ipFamilies?: string[] + readonly ipFamilies?: string[]; /** * IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName. * * @schema io.k8s.api.core.v1.ServiceSpec#ipFamilyPolicy */ - readonly ipFamilyPolicy?: string + readonly ipFamilyPolicy?: string; /** * loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. * * @schema io.k8s.api.core.v1.ServiceSpec#loadBalancerClass */ - readonly loadBalancerClass?: string + readonly loadBalancerClass?: string; /** * Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version. * * @schema io.k8s.api.core.v1.ServiceSpec#loadBalancerIP */ - readonly loadBalancerIp?: string + readonly loadBalancerIp?: string; /** * If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ * * @schema io.k8s.api.core.v1.ServiceSpec#loadBalancerSourceRanges */ - readonly loadBalancerSourceRanges?: string[] + readonly loadBalancerSourceRanges?: string[]; /** * The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies * * @schema io.k8s.api.core.v1.ServiceSpec#ports */ - readonly ports?: ServicePort[] + readonly ports?: ServicePort[]; /** * publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior. * * @schema io.k8s.api.core.v1.ServiceSpec#publishNotReadyAddresses */ - readonly publishNotReadyAddresses?: boolean + readonly publishNotReadyAddresses?: boolean; /** * Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/ * * @schema io.k8s.api.core.v1.ServiceSpec#selector */ - readonly selector?: { [key: string]: string } + readonly selector?: { [key: string]: string }; /** * Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies @@ -14758,14 +14383,14 @@ export interface ServiceSpec { * @default None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies * @schema io.k8s.api.core.v1.ServiceSpec#sessionAffinity */ - readonly sessionAffinity?: string + readonly sessionAffinity?: string; /** * sessionAffinityConfig contains the configurations of session affinity. * * @schema io.k8s.api.core.v1.ServiceSpec#sessionAffinityConfig */ - readonly sessionAffinityConfig?: SessionAffinityConfig + readonly sessionAffinityConfig?: SessionAffinityConfig; /** * type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -14775,7 +14400,8 @@ export interface ServiceSpec { * @default ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types * @schema io.k8s.api.core.v1.ServiceSpec#type */ - readonly type?: string + readonly type?: string; + } /** @@ -14783,35 +14409,30 @@ export interface ServiceSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_ServiceSpec(obj: ServiceSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - allocateLoadBalancerNodePorts: obj.allocateLoadBalancerNodePorts, - clusterIP: obj.clusterIp, - clusterIPs: obj.clusterIPs?.map((y) => y), - externalIPs: obj.externalIPs?.map((y) => y), - externalName: obj.externalName, - externalTrafficPolicy: obj.externalTrafficPolicy, - healthCheckNodePort: obj.healthCheckNodePort, - internalTrafficPolicy: obj.internalTrafficPolicy, - ipFamilies: obj.ipFamilies?.map((y) => y), - ipFamilyPolicy: obj.ipFamilyPolicy, - loadBalancerClass: obj.loadBalancerClass, - loadBalancerIP: obj.loadBalancerIp, - loadBalancerSourceRanges: obj.loadBalancerSourceRanges?.map((y) => y), - ports: obj.ports?.map((y) => toJson_ServicePort(y)), - publishNotReadyAddresses: obj.publishNotReadyAddresses, - selector: - obj.selector === undefined - ? undefined - : Object.entries(obj.selector).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - sessionAffinity: obj.sessionAffinity, - sessionAffinityConfig: toJson_SessionAffinityConfig(obj.sessionAffinityConfig), - type: obj.type - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'allocateLoadBalancerNodePorts': obj.allocateLoadBalancerNodePorts, + 'clusterIP': obj.clusterIp, + 'clusterIPs': obj.clusterIPs?.map(y => y), + 'externalIPs': obj.externalIPs?.map(y => y), + 'externalName': obj.externalName, + 'externalTrafficPolicy': obj.externalTrafficPolicy, + 'healthCheckNodePort': obj.healthCheckNodePort, + 'internalTrafficPolicy': obj.internalTrafficPolicy, + 'ipFamilies': obj.ipFamilies?.map(y => y), + 'ipFamilyPolicy': obj.ipFamilyPolicy, + 'loadBalancerClass': obj.loadBalancerClass, + 'loadBalancerIP': obj.loadBalancerIp, + 'loadBalancerSourceRanges': obj.loadBalancerSourceRanges?.map(y => y), + 'ports': obj.ports?.map(y => toJson_ServicePort(y)), + 'publishNotReadyAddresses': obj.publishNotReadyAddresses, + 'selector': ((obj.selector) === undefined) ? undefined : (Object.entries(obj.selector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'sessionAffinity': obj.sessionAffinity, + 'sessionAffinityConfig': toJson_SessionAffinityConfig(obj.sessionAffinityConfig), + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14826,7 +14447,8 @@ export interface LocalObjectReference { * * @schema io.k8s.api.core.v1.LocalObjectReference#name */ - readonly name?: string + readonly name?: string; + } /** @@ -14834,14 +14456,12 @@ export interface LocalObjectReference { */ /* eslint-disable max-len, quote-props */ export function toJson_LocalObjectReference(obj: LocalObjectReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14856,56 +14476,57 @@ export interface Endpoint { * * @schema io.k8s.api.discovery.v1.Endpoint#addresses */ - readonly addresses: string[] + readonly addresses: string[]; /** * conditions contains information about the current status of the endpoint. * * @schema io.k8s.api.discovery.v1.Endpoint#conditions */ - readonly conditions?: EndpointConditions + readonly conditions?: EndpointConditions; /** * deprecatedTopology contains topology information part of the v1beta1 API. This field is deprecated, and will be removed when the v1beta1 API is removed (no sooner than kubernetes v1.24). While this field can hold values, it is not writable through the v1 API, and any attempts to write to it will be silently ignored. Topology information can be found in the zone and nodeName fields instead. * * @schema io.k8s.api.discovery.v1.Endpoint#deprecatedTopology */ - readonly deprecatedTopology?: { [key: string]: string } + readonly deprecatedTopology?: { [key: string]: string }; /** * hints contains information associated with how an endpoint should be consumed. * * @schema io.k8s.api.discovery.v1.Endpoint#hints */ - readonly hints?: EndpointHints + readonly hints?: EndpointHints; /** * hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation. * * @schema io.k8s.api.discovery.v1.Endpoint#hostname */ - readonly hostname?: string + readonly hostname?: string; /** * nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. * * @schema io.k8s.api.discovery.v1.Endpoint#nodeName */ - readonly nodeName?: string + readonly nodeName?: string; /** * targetRef is a reference to a Kubernetes object that represents this endpoint. * * @schema io.k8s.api.discovery.v1.Endpoint#targetRef */ - readonly targetRef?: ObjectReference + readonly targetRef?: ObjectReference; /** * zone is the name of the Zone this endpoint exists in. * * @schema io.k8s.api.discovery.v1.Endpoint#zone */ - readonly zone?: string + readonly zone?: string; + } /** @@ -14913,27 +14534,19 @@ export interface Endpoint { */ /* eslint-disable max-len, quote-props */ export function toJson_Endpoint(obj: Endpoint | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - addresses: obj.addresses?.map((y) => y), - conditions: toJson_EndpointConditions(obj.conditions), - deprecatedTopology: - obj.deprecatedTopology === undefined - ? undefined - : Object.entries(obj.deprecatedTopology).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), - {} - ), - hints: toJson_EndpointHints(obj.hints), - hostname: obj.hostname, - nodeName: obj.nodeName, - targetRef: toJson_ObjectReference(obj.targetRef), - zone: obj.zone - } + 'addresses': obj.addresses?.map(y => y), + 'conditions': toJson_EndpointConditions(obj.conditions), + 'deprecatedTopology': ((obj.deprecatedTopology) === undefined) ? undefined : (Object.entries(obj.deprecatedTopology).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'hints': toJson_EndpointHints(obj.hints), + 'hostname': obj.hostname, + 'nodeName': obj.nodeName, + 'targetRef': toJson_ObjectReference(obj.targetRef), + 'zone': obj.zone, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -14948,21 +14561,21 @@ export interface EndpointPort { * * @schema io.k8s.api.core.v1.EndpointPort#appProtocol */ - readonly appProtocol?: string + readonly appProtocol?: string; /** * The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined. * * @schema io.k8s.api.core.v1.EndpointPort#name */ - readonly name?: string + readonly name?: string; /** * The port number of the endpoint. * * @schema io.k8s.api.core.v1.EndpointPort#port */ - readonly port: number + readonly port: number; /** * The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP. @@ -14972,7 +14585,8 @@ export interface EndpointPort { * @default TCP. * @schema io.k8s.api.core.v1.EndpointPort#protocol */ - readonly protocol?: string + readonly protocol?: string; + } /** @@ -14980,17 +14594,15 @@ export interface EndpointPort { */ /* eslint-disable max-len, quote-props */ export function toJson_EndpointPort(obj: EndpointPort | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - appProtocol: obj.appProtocol, - name: obj.name, - port: obj.port, - protocol: obj.protocol - } + 'appProtocol': obj.appProtocol, + 'name': obj.name, + 'port': obj.port, + 'protocol': obj.protocol, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15005,28 +14617,29 @@ export interface FlowSchemaSpecV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaSpec#distinguisherMethod */ - readonly distinguisherMethod?: FlowDistinguisherMethodV1Beta1 + readonly distinguisherMethod?: FlowDistinguisherMethodV1Beta1; /** * `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default. * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaSpec#matchingPrecedence */ - readonly matchingPrecedence?: number + readonly matchingPrecedence?: number; /** * `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot be resolved, the FlowSchema will be ignored and marked as invalid in its status. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaSpec#priorityLevelConfiguration */ - readonly priorityLevelConfiguration: PriorityLevelConfigurationReferenceV1Beta1 + readonly priorityLevelConfiguration: PriorityLevelConfigurationReferenceV1Beta1; /** * `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema. * * @schema io.k8s.api.flowcontrol.v1beta1.FlowSchemaSpec#rules */ - readonly rules?: PolicyRulesWithSubjectsV1Beta1[] + readonly rules?: PolicyRulesWithSubjectsV1Beta1[]; + } /** @@ -15034,17 +14647,15 @@ export interface FlowSchemaSpecV1Beta1 { */ /* eslint-disable max-len, quote-props */ export function toJson_FlowSchemaSpecV1Beta1(obj: FlowSchemaSpecV1Beta1 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - distinguisherMethod: toJson_FlowDistinguisherMethodV1Beta1(obj.distinguisherMethod), - matchingPrecedence: obj.matchingPrecedence, - priorityLevelConfiguration: toJson_PriorityLevelConfigurationReferenceV1Beta1(obj.priorityLevelConfiguration), - rules: obj.rules?.map((y) => toJson_PolicyRulesWithSubjectsV1Beta1(y)) - } + 'distinguisherMethod': toJson_FlowDistinguisherMethodV1Beta1(obj.distinguisherMethod), + 'matchingPrecedence': obj.matchingPrecedence, + 'priorityLevelConfiguration': toJson_PriorityLevelConfigurationReferenceV1Beta1(obj.priorityLevelConfiguration), + 'rules': obj.rules?.map(y => toJson_PolicyRulesWithSubjectsV1Beta1(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15059,32 +14670,29 @@ export interface PriorityLevelConfigurationSpecV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationSpec#limited */ - readonly limited?: LimitedPriorityLevelConfigurationV1Beta1 + readonly limited?: LimitedPriorityLevelConfigurationV1Beta1; /** * `type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationSpec#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'PriorityLevelConfigurationSpecV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PriorityLevelConfigurationSpecV1Beta1( - obj: PriorityLevelConfigurationSpecV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PriorityLevelConfigurationSpecV1Beta1(obj: PriorityLevelConfigurationSpecV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - limited: toJson_LimitedPriorityLevelConfigurationV1Beta1(obj.limited), - type: obj.type - } + 'limited': toJson_LimitedPriorityLevelConfigurationV1Beta1(obj.limited), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15099,28 +14707,29 @@ export interface FlowSchemaSpecV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaSpec#distinguisherMethod */ - readonly distinguisherMethod?: FlowDistinguisherMethodV1Beta2 + readonly distinguisherMethod?: FlowDistinguisherMethodV1Beta2; /** * `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default. * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaSpec#matchingPrecedence */ - readonly matchingPrecedence?: number + readonly matchingPrecedence?: number; /** * `priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot be resolved, the FlowSchema will be ignored and marked as invalid in its status. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaSpec#priorityLevelConfiguration */ - readonly priorityLevelConfiguration: PriorityLevelConfigurationReferenceV1Beta2 + readonly priorityLevelConfiguration: PriorityLevelConfigurationReferenceV1Beta2; /** * `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema. * * @schema io.k8s.api.flowcontrol.v1beta2.FlowSchemaSpec#rules */ - readonly rules?: PolicyRulesWithSubjectsV1Beta2[] + readonly rules?: PolicyRulesWithSubjectsV1Beta2[]; + } /** @@ -15128,17 +14737,15 @@ export interface FlowSchemaSpecV1Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_FlowSchemaSpecV1Beta2(obj: FlowSchemaSpecV1Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - distinguisherMethod: toJson_FlowDistinguisherMethodV1Beta2(obj.distinguisherMethod), - matchingPrecedence: obj.matchingPrecedence, - priorityLevelConfiguration: toJson_PriorityLevelConfigurationReferenceV1Beta2(obj.priorityLevelConfiguration), - rules: obj.rules?.map((y) => toJson_PolicyRulesWithSubjectsV1Beta2(y)) - } + 'distinguisherMethod': toJson_FlowDistinguisherMethodV1Beta2(obj.distinguisherMethod), + 'matchingPrecedence': obj.matchingPrecedence, + 'priorityLevelConfiguration': toJson_PriorityLevelConfigurationReferenceV1Beta2(obj.priorityLevelConfiguration), + 'rules': obj.rules?.map(y => toJson_PolicyRulesWithSubjectsV1Beta2(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15153,32 +14760,29 @@ export interface PriorityLevelConfigurationSpecV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationSpec#limited */ - readonly limited?: LimitedPriorityLevelConfigurationV1Beta2 + readonly limited?: LimitedPriorityLevelConfigurationV1Beta2; /** * `type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationSpec#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'PriorityLevelConfigurationSpecV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PriorityLevelConfigurationSpecV1Beta2( - obj: PriorityLevelConfigurationSpecV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PriorityLevelConfigurationSpecV1Beta2(obj: PriorityLevelConfigurationSpecV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - limited: toJson_LimitedPriorityLevelConfigurationV1Beta2(obj.limited), - type: obj.type - } + 'limited': toJson_LimitedPriorityLevelConfigurationV1Beta2(obj.limited), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15193,28 +14797,29 @@ export interface IngressSpec { * * @schema io.k8s.api.networking.v1.IngressSpec#defaultBackend */ - readonly defaultBackend?: IngressBackend + readonly defaultBackend?: IngressBackend; /** * IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present. * * @schema io.k8s.api.networking.v1.IngressSpec#ingressClassName */ - readonly ingressClassName?: string + readonly ingressClassName?: string; /** * A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend. * * @schema io.k8s.api.networking.v1.IngressSpec#rules */ - readonly rules?: IngressRule[] + readonly rules?: IngressRule[]; /** * TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. * * @schema io.k8s.api.networking.v1.IngressSpec#tls */ - readonly tls?: IngressTls[] + readonly tls?: IngressTls[]; + } /** @@ -15222,17 +14827,15 @@ export interface IngressSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressSpec(obj: IngressSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - defaultBackend: toJson_IngressBackend(obj.defaultBackend), - ingressClassName: obj.ingressClassName, - rules: obj.rules?.map((y) => toJson_IngressRule(y)), - tls: obj.tls?.map((y) => toJson_IngressTls(y)) - } + 'defaultBackend': toJson_IngressBackend(obj.defaultBackend), + 'ingressClassName': obj.ingressClassName, + 'rules': obj.rules?.map(y => toJson_IngressRule(y)), + 'tls': obj.tls?.map(y => toJson_IngressTls(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15247,14 +14850,15 @@ export interface IngressClassSpec { * * @schema io.k8s.api.networking.v1.IngressClassSpec#controller */ - readonly controller?: string + readonly controller?: string; /** * Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters. * * @schema io.k8s.api.networking.v1.IngressClassSpec#parameters */ - readonly parameters?: IngressClassParametersReference + readonly parameters?: IngressClassParametersReference; + } /** @@ -15262,15 +14866,13 @@ export interface IngressClassSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressClassSpec(obj: IngressClassSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - controller: obj.controller, - parameters: toJson_IngressClassParametersReference(obj.parameters) - } + 'controller': obj.controller, + 'parameters': toJson_IngressClassParametersReference(obj.parameters), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15285,28 +14887,29 @@ export interface NetworkPolicySpec { * * @schema io.k8s.api.networking.v1.NetworkPolicySpec#egress */ - readonly egress?: NetworkPolicyEgressRule[] + readonly egress?: NetworkPolicyEgressRule[]; /** * List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default) * * @schema io.k8s.api.networking.v1.NetworkPolicySpec#ingress */ - readonly ingress?: NetworkPolicyIngressRule[] + readonly ingress?: NetworkPolicyIngressRule[]; /** * Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. * * @schema io.k8s.api.networking.v1.NetworkPolicySpec#podSelector */ - readonly podSelector: LabelSelector + readonly podSelector: LabelSelector; /** * List of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8 * * @schema io.k8s.api.networking.v1.NetworkPolicySpec#policyTypes */ - readonly policyTypes?: string[] + readonly policyTypes?: string[]; + } /** @@ -15314,17 +14917,15 @@ export interface NetworkPolicySpec { */ /* eslint-disable max-len, quote-props */ export function toJson_NetworkPolicySpec(obj: NetworkPolicySpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - egress: obj.egress?.map((y) => toJson_NetworkPolicyEgressRule(y)), - ingress: obj.ingress?.map((y) => toJson_NetworkPolicyIngressRule(y)), - podSelector: toJson_LabelSelector(obj.podSelector), - policyTypes: obj.policyTypes?.map((y) => y) - } + 'egress': obj.egress?.map(y => toJson_NetworkPolicyEgressRule(y)), + 'ingress': obj.ingress?.map(y => toJson_NetworkPolicyIngressRule(y)), + 'podSelector': toJson_LabelSelector(obj.podSelector), + 'policyTypes': obj.policyTypes?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15339,48 +14940,45 @@ export interface ClusterCidrSpecV1Alpha1 { * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRSpec#ipv4 */ - readonly ipv4?: string + readonly ipv4?: string; /** * IPv6 defines an IPv6 IP block in CIDR notation(e.g. "fd12:3456:789a:1::/64"). At least one of IPv4 and IPv6 must be specified. This field is immutable. * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRSpec#ipv6 */ - readonly ipv6?: string + readonly ipv6?: string; /** * NodeSelector defines which nodes the config is applicable to. An empty or nil NodeSelector selects all nodes. This field is immutable. * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRSpec#nodeSelector */ - readonly nodeSelector?: NodeSelector + readonly nodeSelector?: NodeSelector; /** * PerNodeHostBits defines the number of host bits to be configured per node. A subnet mask determines how much of the address is used for network bits and host bits. For example an IPv4 address of 192.168.0.0/24, splits the address into 24 bits for the network portion and 8 bits for the host portion. To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). Minimum value is 4 (16 IPs). This field is immutable. * * @schema io.k8s.api.networking.v1alpha1.ClusterCIDRSpec#perNodeHostBits */ - readonly perNodeHostBits: number + readonly perNodeHostBits: number; + } /** * Converts an object of type 'ClusterCidrSpecV1Alpha1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ClusterCidrSpecV1Alpha1( - obj: ClusterCidrSpecV1Alpha1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ClusterCidrSpecV1Alpha1(obj: ClusterCidrSpecV1Alpha1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - ipv4: obj.ipv4, - ipv6: obj.ipv6, - nodeSelector: toJson_NodeSelector(obj.nodeSelector), - perNodeHostBits: obj.perNodeHostBits - } + 'ipv4': obj.ipv4, + 'ipv6': obj.ipv6, + 'nodeSelector': toJson_NodeSelector(obj.nodeSelector), + 'perNodeHostBits': obj.perNodeHostBits, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15395,7 +14993,8 @@ export interface Overhead { * * @schema io.k8s.api.node.v1.Overhead#podFixed */ - readonly podFixed?: { [key: string]: Quantity } + readonly podFixed?: { [key: string]: Quantity }; + } /** @@ -15403,17 +15002,12 @@ export interface Overhead { */ /* eslint-disable max-len, quote-props */ export function toJson_Overhead(obj: Overhead | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - podFixed: - obj.podFixed === undefined - ? undefined - : Object.entries(obj.podFixed).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}) - } + 'podFixed': ((obj.podFixed) === undefined) ? undefined : (Object.entries(obj.podFixed).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15428,14 +15022,15 @@ export interface Scheduling { * * @schema io.k8s.api.node.v1.Scheduling#nodeSelector */ - readonly nodeSelector?: { [key: string]: string } + readonly nodeSelector?: { [key: string]: string }; /** * tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass. * * @schema io.k8s.api.node.v1.Scheduling#tolerations */ - readonly tolerations?: Toleration[] + readonly tolerations?: Toleration[]; + } /** @@ -15443,18 +15038,13 @@ export interface Scheduling { */ /* eslint-disable max-len, quote-props */ export function toJson_Scheduling(obj: Scheduling | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - nodeSelector: - obj.nodeSelector === undefined - ? undefined - : Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - tolerations: obj.tolerations?.map((y) => toJson_Toleration(y)) - } + 'nodeSelector': ((obj.nodeSelector) === undefined) ? undefined : (Object.entries(obj.nodeSelector).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'tolerations': obj.tolerations?.map(y => toJson_Toleration(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15469,14 +15059,14 @@ export interface DeleteOptions { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#dryRun */ - readonly dryRun?: string[] + readonly dryRun?: string[]; /** * The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately. @@ -15484,35 +15074,36 @@ export interface DeleteOptions { * @default a per object value if not specified. zero means delete immediately. * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#gracePeriodSeconds */ - readonly gracePeriodSeconds?: number + readonly gracePeriodSeconds?: number; /** * Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#kind */ - readonly kind?: IoK8SApimachineryPkgApisMetaV1DeleteOptionsKind + readonly kind?: IoK8SApimachineryPkgApisMetaV1DeleteOptionsKind; /** * Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#orphanDependents */ - readonly orphanDependents?: boolean + readonly orphanDependents?: boolean; /** * Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#preconditions */ - readonly preconditions?: Preconditions + readonly preconditions?: Preconditions; /** * Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions#propagationPolicy */ - readonly propagationPolicy?: string + readonly propagationPolicy?: string; + } /** @@ -15520,20 +15111,18 @@ export interface DeleteOptions { */ /* eslint-disable max-len, quote-props */ export function toJson_DeleteOptions(obj: DeleteOptions | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - dryRun: obj.dryRun?.map((y) => y), - gracePeriodSeconds: obj.gracePeriodSeconds, - kind: obj.kind, - orphanDependents: obj.orphanDependents, - preconditions: toJson_Preconditions(obj.preconditions), - propagationPolicy: obj.propagationPolicy - } + 'apiVersion': obj.apiVersion, + 'dryRun': obj.dryRun?.map(y => y), + 'gracePeriodSeconds': obj.gracePeriodSeconds, + 'kind': obj.kind, + 'orphanDependents': obj.orphanDependents, + 'preconditions': toJson_Preconditions(obj.preconditions), + 'propagationPolicy': obj.propagationPolicy, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15548,40 +15137,37 @@ export interface PodDisruptionBudgetSpec { * * @schema io.k8s.api.policy.v1.PodDisruptionBudgetSpec#maxUnavailable */ - readonly maxUnavailable?: IntOrString + readonly maxUnavailable?: IntOrString; /** * An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". * * @schema io.k8s.api.policy.v1.PodDisruptionBudgetSpec#minAvailable */ - readonly minAvailable?: IntOrString + readonly minAvailable?: IntOrString; /** * Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace. * * @schema io.k8s.api.policy.v1.PodDisruptionBudgetSpec#selector */ - readonly selector?: LabelSelector + readonly selector?: LabelSelector; + } /** * Converts an object of type 'PodDisruptionBudgetSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PodDisruptionBudgetSpec( - obj: PodDisruptionBudgetSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PodDisruptionBudgetSpec(obj: PodDisruptionBudgetSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - maxUnavailable: obj.maxUnavailable?.value, - minAvailable: obj.minAvailable?.value, - selector: toJson_LabelSelector(obj.selector) - } + 'maxUnavailable': obj.maxUnavailable?.value, + 'minAvailable': obj.minAvailable?.value, + 'selector': toJson_LabelSelector(obj.selector), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15596,7 +15182,8 @@ export interface AggregationRule { * * @schema io.k8s.api.rbac.v1.AggregationRule#clusterRoleSelectors */ - readonly clusterRoleSelectors?: LabelSelector[] + readonly clusterRoleSelectors?: LabelSelector[]; + } /** @@ -15604,14 +15191,12 @@ export interface AggregationRule { */ /* eslint-disable max-len, quote-props */ export function toJson_AggregationRule(obj: AggregationRule | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - clusterRoleSelectors: obj.clusterRoleSelectors?.map((y) => toJson_LabelSelector(y)) - } + 'clusterRoleSelectors': obj.clusterRoleSelectors?.map(y => toJson_LabelSelector(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15626,35 +15211,36 @@ export interface PolicyRule { * * @schema io.k8s.api.rbac.v1.PolicyRule#apiGroups */ - readonly apiGroups?: string[] + readonly apiGroups?: string[]; /** * NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. * * @schema io.k8s.api.rbac.v1.PolicyRule#nonResourceURLs */ - readonly nonResourceUrLs?: string[] + readonly nonResourceUrLs?: string[]; /** * ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. * * @schema io.k8s.api.rbac.v1.PolicyRule#resourceNames */ - readonly resourceNames?: string[] + readonly resourceNames?: string[]; /** * Resources is a list of resources this rule applies to. '*' represents all resources. * * @schema io.k8s.api.rbac.v1.PolicyRule#resources */ - readonly resources?: string[] + readonly resources?: string[]; /** * Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. * * @schema io.k8s.api.rbac.v1.PolicyRule#verbs */ - readonly verbs: string[] + readonly verbs: string[]; + } /** @@ -15662,18 +15248,16 @@ export interface PolicyRule { */ /* eslint-disable max-len, quote-props */ export function toJson_PolicyRule(obj: PolicyRule | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiGroups: obj.apiGroups?.map((y) => y), - nonResourceURLs: obj.nonResourceUrLs?.map((y) => y), - resourceNames: obj.resourceNames?.map((y) => y), - resources: obj.resources?.map((y) => y), - verbs: obj.verbs?.map((y) => y) - } + 'apiGroups': obj.apiGroups?.map(y => y), + 'nonResourceURLs': obj.nonResourceUrLs?.map(y => y), + 'resourceNames': obj.resourceNames?.map(y => y), + 'resources': obj.resources?.map(y => y), + 'verbs': obj.verbs?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15688,21 +15272,22 @@ export interface RoleRef { * * @schema io.k8s.api.rbac.v1.RoleRef#apiGroup */ - readonly apiGroup: string + readonly apiGroup: string; /** * Kind is the type of resource being referenced * * @schema io.k8s.api.rbac.v1.RoleRef#kind */ - readonly kind: string + readonly kind: string; /** * Name is the name of resource being referenced * * @schema io.k8s.api.rbac.v1.RoleRef#name */ - readonly name: string + readonly name: string; + } /** @@ -15710,16 +15295,14 @@ export interface RoleRef { */ /* eslint-disable max-len, quote-props */ export function toJson_RoleRef(obj: RoleRef | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiGroup: obj.apiGroup, - kind: obj.kind, - name: obj.name - } + 'apiGroup': obj.apiGroup, + 'kind': obj.kind, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15735,28 +15318,29 @@ export interface Subject { * @default for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. * @schema io.k8s.api.rbac.v1.Subject#apiGroup */ - readonly apiGroup?: string + readonly apiGroup?: string; /** * Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. * * @schema io.k8s.api.rbac.v1.Subject#kind */ - readonly kind: string + readonly kind: string; /** * Name of the object being referenced. * * @schema io.k8s.api.rbac.v1.Subject#name */ - readonly name: string + readonly name: string; /** * Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. * * @schema io.k8s.api.rbac.v1.Subject#namespace */ - readonly namespace?: string + readonly namespace?: string; + } /** @@ -15764,17 +15348,15 @@ export interface Subject { */ /* eslint-disable max-len, quote-props */ export function toJson_Subject(obj: Subject | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiGroup: obj.apiGroup, - kind: obj.kind, - name: obj.name, - namespace: obj.namespace - } + 'apiGroup': obj.apiGroup, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15791,7 +15373,7 @@ export interface CsiDriverSpec { * * @schema io.k8s.api.storage.v1.CSIDriverSpec#attachRequired */ - readonly attachRequired?: boolean + readonly attachRequired?: boolean; /** * Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. @@ -15803,7 +15385,7 @@ export interface CsiDriverSpec { * @default ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce. * @schema io.k8s.api.storage.v1.CSIDriverSpec#fsGroupPolicy */ - readonly fsGroupPolicy?: string + readonly fsGroupPolicy?: string; /** * If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume @@ -15816,7 +15398,7 @@ export interface CsiDriverSpec { * @default false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume * @schema io.k8s.api.storage.v1.CSIDriverSpec#podInfoOnMount */ - readonly podInfoOnMount?: boolean + readonly podInfoOnMount?: boolean; /** * RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false. @@ -15825,7 +15407,7 @@ export interface CsiDriverSpec { * * @schema io.k8s.api.storage.v1.CSIDriverSpec#requiresRepublish */ - readonly requiresRepublish?: boolean + readonly requiresRepublish?: boolean; /** * SELinuxMount specifies if the CSI driver supports "-o context" mount option. @@ -15839,7 +15421,7 @@ export interface CsiDriverSpec { * @default false". * @schema io.k8s.api.storage.v1.CSIDriverSpec#seLinuxMount */ - readonly seLinuxMount?: boolean + readonly seLinuxMount?: boolean; /** * If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information. @@ -15852,7 +15434,7 @@ export interface CsiDriverSpec { * * @schema io.k8s.api.storage.v1.CSIDriverSpec#storageCapacity */ - readonly storageCapacity?: boolean + readonly storageCapacity?: boolean; /** * TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": { @@ -15867,7 +15449,7 @@ export interface CsiDriverSpec { * * @schema io.k8s.api.storage.v1.CSIDriverSpec#tokenRequests */ - readonly tokenRequests?: TokenRequest[] + readonly tokenRequests?: TokenRequest[]; /** * volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. This field is beta. @@ -15876,7 +15458,8 @@ export interface CsiDriverSpec { * * @schema io.k8s.api.storage.v1.CSIDriverSpec#volumeLifecycleModes */ - readonly volumeLifecycleModes?: string[] + readonly volumeLifecycleModes?: string[]; + } /** @@ -15884,21 +15467,19 @@ export interface CsiDriverSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_CsiDriverSpec(obj: CsiDriverSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - attachRequired: obj.attachRequired, - fsGroupPolicy: obj.fsGroupPolicy, - podInfoOnMount: obj.podInfoOnMount, - requiresRepublish: obj.requiresRepublish, - seLinuxMount: obj.seLinuxMount, - storageCapacity: obj.storageCapacity, - tokenRequests: obj.tokenRequests?.map((y) => toJson_TokenRequest(y)), - volumeLifecycleModes: obj.volumeLifecycleModes?.map((y) => y) - } + 'attachRequired': obj.attachRequired, + 'fsGroupPolicy': obj.fsGroupPolicy, + 'podInfoOnMount': obj.podInfoOnMount, + 'requiresRepublish': obj.requiresRepublish, + 'seLinuxMount': obj.seLinuxMount, + 'storageCapacity': obj.storageCapacity, + 'tokenRequests': obj.tokenRequests?.map(y => toJson_TokenRequest(y)), + 'volumeLifecycleModes': obj.volumeLifecycleModes?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15913,7 +15494,8 @@ export interface CsiNodeSpec { * * @schema io.k8s.api.storage.v1.CSINodeSpec#drivers */ - readonly drivers: CsiNodeDriver[] + readonly drivers: CsiNodeDriver[]; + } /** @@ -15921,14 +15503,12 @@ export interface CsiNodeSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_CsiNodeSpec(obj: CsiNodeSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - drivers: obj.drivers?.map((y) => toJson_CsiNodeDriver(y)) - } + 'drivers': obj.drivers?.map(y => toJson_CsiNodeDriver(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15937,12 +15517,13 @@ export function toJson_CsiNodeSpec(obj: CsiNodeSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - matchExpressions: obj.matchExpressions?.map((y) => toJson_LabelSelectorRequirement(y)), - matchLabels: - obj.matchLabels === undefined - ? undefined - : Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) - } + 'matchExpressions': obj.matchExpressions?.map(y => toJson_LabelSelectorRequirement(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -15997,7 +15574,8 @@ export interface TopologySelectorTerm { * * @schema io.k8s.api.core.v1.TopologySelectorTerm#matchLabelExpressions */ - readonly matchLabelExpressions?: TopologySelectorLabelRequirement[] + readonly matchLabelExpressions?: TopologySelectorLabelRequirement[]; + } /** @@ -16005,14 +15583,12 @@ export interface TopologySelectorTerm { */ /* eslint-disable max-len, quote-props */ export function toJson_TopologySelectorTerm(obj: TopologySelectorTerm | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - matchLabelExpressions: obj.matchLabelExpressions?.map((y) => toJson_TopologySelectorLabelRequirement(y)) - } + 'matchLabelExpressions': obj.matchLabelExpressions?.map(y => toJson_TopologySelectorLabelRequirement(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16027,21 +15603,22 @@ export interface VolumeAttachmentSpec { * * @schema io.k8s.api.storage.v1.VolumeAttachmentSpec#attacher */ - readonly attacher: string + readonly attacher: string; /** * The node that the volume should be attached to. * * @schema io.k8s.api.storage.v1.VolumeAttachmentSpec#nodeName */ - readonly nodeName: string + readonly nodeName: string; /** * Source represents the volume that should be attached. * * @schema io.k8s.api.storage.v1.VolumeAttachmentSpec#source */ - readonly source: VolumeAttachmentSource + readonly source: VolumeAttachmentSource; + } /** @@ -16049,16 +15626,14 @@ export interface VolumeAttachmentSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeAttachmentSpec(obj: VolumeAttachmentSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - attacher: obj.attacher, - nodeName: obj.nodeName, - source: toJson_VolumeAttachmentSource(obj.source) - } + 'attacher': obj.attacher, + 'nodeName': obj.nodeName, + 'source': toJson_VolumeAttachmentSource(obj.source), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16073,64 +15648,61 @@ export interface CustomResourceDefinitionSpec { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#conversion */ - readonly conversion?: CustomResourceConversion + readonly conversion?: CustomResourceConversion; /** * group is the API group of the defined custom resource. The custom resources are served under `/apis//...`. Must match the name of the CustomResourceDefinition (in the form `.`). * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#group */ - readonly group: string + readonly group: string; /** * names specify the resource and kind names for the custom resource. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#names */ - readonly names: CustomResourceDefinitionNames + readonly names: CustomResourceDefinitionNames; /** * preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#preserveUnknownFields */ - readonly preserveUnknownFields?: boolean + readonly preserveUnknownFields?: boolean; /** * scope indicates whether the defined custom resource is cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#scope */ - readonly scope: string + readonly scope: string; /** * versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec#versions */ - readonly versions: CustomResourceDefinitionVersion[] + readonly versions: CustomResourceDefinitionVersion[]; + } /** * Converts an object of type 'CustomResourceDefinitionSpec' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceDefinitionSpec( - obj: CustomResourceDefinitionSpec | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceDefinitionSpec(obj: CustomResourceDefinitionSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - conversion: toJson_CustomResourceConversion(obj.conversion), - group: obj.group, - names: toJson_CustomResourceDefinitionNames(obj.names), - preserveUnknownFields: obj.preserveUnknownFields, - scope: obj.scope, - versions: obj.versions?.map((y) => toJson_CustomResourceDefinitionVersion(y)) - } + 'conversion': toJson_CustomResourceConversion(obj.conversion), + 'group': obj.group, + 'names': toJson_CustomResourceDefinitionNames(obj.names), + 'preserveUnknownFields': obj.preserveUnknownFields, + 'scope': obj.scope, + 'versions': obj.versions?.map(y => toJson_CustomResourceDefinitionVersion(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16145,42 +15717,43 @@ export interface StatusDetails { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#causes */ - readonly causes?: StatusCause[] + readonly causes?: StatusCause[]; /** * The group attribute of the resource associated with the status StatusReason. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#group */ - readonly group?: string + readonly group?: string; /** * The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#kind */ - readonly kind?: string + readonly kind?: string; /** * The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#name */ - readonly name?: string + readonly name?: string; /** * If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#retryAfterSeconds */ - readonly retryAfterSeconds?: number + readonly retryAfterSeconds?: number; /** * UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails#uid */ - readonly uid?: string + readonly uid?: string; + } /** @@ -16188,19 +15761,17 @@ export interface StatusDetails { */ /* eslint-disable max-len, quote-props */ export function toJson_StatusDetails(obj: StatusDetails | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - causes: obj.causes?.map((y) => toJson_StatusCause(y)), - group: obj.group, - kind: obj.kind, - name: obj.name, - retryAfterSeconds: obj.retryAfterSeconds, - uid: obj.uid - } + 'causes': obj.causes?.map(y => toJson_StatusCause(y)), + 'group': obj.group, + 'kind': obj.kind, + 'name': obj.name, + 'retryAfterSeconds': obj.retryAfterSeconds, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16215,49 +15786,50 @@ export interface ApiServiceSpec { * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#caBundle */ - readonly caBundle?: string + readonly caBundle?: string; /** * Group is the API group name this server hosts * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#group */ - readonly group?: string + readonly group?: string; /** * GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#groupPriorityMinimum */ - readonly groupPriorityMinimum: number + readonly groupPriorityMinimum: number; /** * InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead. * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#insecureSkipTLSVerify */ - readonly insecureSkipTlsVerify?: boolean + readonly insecureSkipTlsVerify?: boolean; /** * Service is a reference to the service for this API server. It must communicate on port 443. If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled. * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#service */ - readonly service?: ServiceReference + readonly service?: ServiceReference; /** * Version is the API version this server hosts. For example, "v1" * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#version */ - readonly version?: string + readonly version?: string; /** * VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. * * @schema io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec#versionPriority */ - readonly versionPriority: number + readonly versionPriority: number; + } /** @@ -16265,20 +15837,18 @@ export interface ApiServiceSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_ApiServiceSpec(obj: ApiServiceSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - caBundle: obj.caBundle, - group: obj.group, - groupPriorityMinimum: obj.groupPriorityMinimum, - insecureSkipTLSVerify: obj.insecureSkipTlsVerify, - service: toJson_ServiceReference(obj.service), - version: obj.version, - versionPriority: obj.versionPriority - } + 'caBundle': obj.caBundle, + 'group': obj.group, + 'groupPriorityMinimum': obj.groupPriorityMinimum, + 'insecureSkipTLSVerify': obj.insecureSkipTlsVerify, + 'service': toJson_ServiceReference(obj.service), + 'version': obj.version, + 'versionPriority': obj.versionPriority, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16293,49 +15863,50 @@ export interface ManagedFieldsEntry { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#fieldsType */ - readonly fieldsType?: string + readonly fieldsType?: string; /** * FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#fieldsV1 */ - readonly fieldsV1?: any + readonly fieldsV1?: any; /** * Manager is an identifier of the workflow managing these fields. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#manager */ - readonly manager?: string + readonly manager?: string; /** * Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#operation */ - readonly operation?: string + readonly operation?: string; /** * Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#subresource */ - readonly subresource?: string + readonly subresource?: string; /** * Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry#time */ - readonly time?: Date + readonly time?: Date; + } /** @@ -16343,20 +15914,18 @@ export interface ManagedFieldsEntry { */ /* eslint-disable max-len, quote-props */ export function toJson_ManagedFieldsEntry(obj: ManagedFieldsEntry | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - fieldsType: obj.fieldsType, - fieldsV1: obj.fieldsV1, - manager: obj.manager, - operation: obj.operation, - subresource: obj.subresource, - time: obj.time?.toISOString() - } + 'apiVersion': obj.apiVersion, + 'fieldsType': obj.fieldsType, + 'fieldsV1': obj.fieldsV1, + 'manager': obj.manager, + 'operation': obj.operation, + 'subresource': obj.subresource, + 'time': obj.time?.toISOString(), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16371,7 +15940,7 @@ export interface OwnerReference { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#apiVersion */ - readonly apiVersion: string + readonly apiVersion: string; /** * If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. @@ -16379,35 +15948,36 @@ export interface OwnerReference { * @default false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#blockOwnerDeletion */ - readonly blockOwnerDeletion?: boolean + readonly blockOwnerDeletion?: boolean; /** * If true, this reference points to the managing controller. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#controller */ - readonly controller?: boolean + readonly controller?: boolean; /** * Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#kind */ - readonly kind: string + readonly kind: string; /** * Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#name */ - readonly name: string + readonly name: string; /** * UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference#uid */ - readonly uid: string + readonly uid: string; + } /** @@ -16415,19 +15985,17 @@ export interface OwnerReference { */ /* eslint-disable max-len, quote-props */ export function toJson_OwnerReference(obj: OwnerReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - blockOwnerDeletion: obj.blockOwnerDeletion, - controller: obj.controller, - kind: obj.kind, - name: obj.name, - uid: obj.uid - } + 'apiVersion': obj.apiVersion, + 'blockOwnerDeletion': obj.blockOwnerDeletion, + 'controller': obj.controller, + 'kind': obj.kind, + 'name': obj.name, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16442,7 +16010,7 @@ export interface WebhookClientConfig { * * @schema io.k8s.api.admissionregistration.v1.WebhookClientConfig#caBundle */ - readonly caBundle?: string + readonly caBundle?: string; /** * `service` is a reference to the service for this webhook. Either `service` or `url` must be specified. @@ -16451,7 +16019,7 @@ export interface WebhookClientConfig { * * @schema io.k8s.api.admissionregistration.v1.WebhookClientConfig#service */ - readonly service?: ServiceReference + readonly service?: ServiceReference; /** * `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. @@ -16468,7 +16036,8 @@ export interface WebhookClientConfig { * * @schema io.k8s.api.admissionregistration.v1.WebhookClientConfig#url */ - readonly url?: string + readonly url?: string; + } /** @@ -16476,16 +16045,14 @@ export interface WebhookClientConfig { */ /* eslint-disable max-len, quote-props */ export function toJson_WebhookClientConfig(obj: WebhookClientConfig | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - caBundle: obj.caBundle, - service: toJson_ServiceReference(obj.service), - url: obj.url - } + 'caBundle': obj.caBundle, + 'service': toJson_ServiceReference(obj.service), + 'url': obj.url, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16500,21 +16067,21 @@ export interface RuleWithOperations { * * @schema io.k8s.api.admissionregistration.v1.RuleWithOperations#apiGroups */ - readonly apiGroups?: string[] + readonly apiGroups?: string[]; /** * APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. * * @schema io.k8s.api.admissionregistration.v1.RuleWithOperations#apiVersions */ - readonly apiVersions?: string[] + readonly apiVersions?: string[]; /** * Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. * * @schema io.k8s.api.admissionregistration.v1.RuleWithOperations#operations */ - readonly operations?: string[] + readonly operations?: string[]; /** * Resources is a list of resources this rule applies to. @@ -16527,7 +16094,7 @@ export interface RuleWithOperations { * * @schema io.k8s.api.admissionregistration.v1.RuleWithOperations#resources */ - readonly resources?: string[] + readonly resources?: string[]; /** * scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". @@ -16535,7 +16102,8 @@ export interface RuleWithOperations { * @default . * @schema io.k8s.api.admissionregistration.v1.RuleWithOperations#scope */ - readonly scope?: string + readonly scope?: string; + } /** @@ -16543,18 +16111,16 @@ export interface RuleWithOperations { */ /* eslint-disable max-len, quote-props */ export function toJson_RuleWithOperations(obj: RuleWithOperations | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiGroups: obj.apiGroups?.map((y) => y), - apiVersions: obj.apiVersions?.map((y) => y), - operations: obj.operations?.map((y) => y), - resources: obj.resources?.map((y) => y), - scope: obj.scope - } + 'apiGroups': obj.apiGroups?.map(y => y), + 'apiVersions': obj.apiVersions?.map(y => y), + 'operations': obj.operations?.map(y => y), + 'resources': obj.resources?.map(y => y), + 'scope': obj.scope, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16569,7 +16135,7 @@ export interface DaemonSetUpdateStrategy { * * @schema io.k8s.api.apps.v1.DaemonSetUpdateStrategy#rollingUpdate */ - readonly rollingUpdate?: RollingUpdateDaemonSet + readonly rollingUpdate?: RollingUpdateDaemonSet; /** * Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. @@ -16579,25 +16145,22 @@ export interface DaemonSetUpdateStrategy { * @default RollingUpdate. * @schema io.k8s.api.apps.v1.DaemonSetUpdateStrategy#type */ - readonly type?: string + readonly type?: string; + } /** * Converts an object of type 'DaemonSetUpdateStrategy' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_DaemonSetUpdateStrategy( - obj: DaemonSetUpdateStrategy | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_DaemonSetUpdateStrategy(obj: DaemonSetUpdateStrategy | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - rollingUpdate: toJson_RollingUpdateDaemonSet(obj.rollingUpdate), - type: obj.type - } + 'rollingUpdate': toJson_RollingUpdateDaemonSet(obj.rollingUpdate), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16612,7 +16175,7 @@ export interface DeploymentStrategy { * * @schema io.k8s.api.apps.v1.DeploymentStrategy#rollingUpdate */ - readonly rollingUpdate?: RollingUpdateDeployment + readonly rollingUpdate?: RollingUpdateDeployment; /** * Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -16622,7 +16185,8 @@ export interface DeploymentStrategy { * @default RollingUpdate. * @schema io.k8s.api.apps.v1.DeploymentStrategy#type */ - readonly type?: string + readonly type?: string; + } /** @@ -16630,15 +16194,13 @@ export interface DeploymentStrategy { */ /* eslint-disable max-len, quote-props */ export function toJson_DeploymentStrategy(obj: DeploymentStrategy | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - rollingUpdate: toJson_RollingUpdateDeployment(obj.rollingUpdate), - type: obj.type - } + 'rollingUpdate': toJson_RollingUpdateDeployment(obj.rollingUpdate), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16653,32 +16215,29 @@ export interface StatefulSetPersistentVolumeClaimRetentionPolicy { * * @schema io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy#whenDeleted */ - readonly whenDeleted?: string + readonly whenDeleted?: string; /** * WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of `Retain` causes PVCs to not be affected by a scaledown. The `Delete` policy causes the associated PVCs for any excess pods above the replica count to be deleted. * * @schema io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy#whenScaled */ - readonly whenScaled?: string + readonly whenScaled?: string; + } /** * Converts an object of type 'StatefulSetPersistentVolumeClaimRetentionPolicy' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_StatefulSetPersistentVolumeClaimRetentionPolicy( - obj: StatefulSetPersistentVolumeClaimRetentionPolicy | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_StatefulSetPersistentVolumeClaimRetentionPolicy(obj: StatefulSetPersistentVolumeClaimRetentionPolicy | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - whenDeleted: obj.whenDeleted, - whenScaled: obj.whenScaled - } + 'whenDeleted': obj.whenDeleted, + 'whenScaled': obj.whenScaled, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16693,7 +16252,7 @@ export interface StatefulSetUpdateStrategy { * * @schema io.k8s.api.apps.v1.StatefulSetUpdateStrategy#rollingUpdate */ - readonly rollingUpdate?: RollingUpdateStatefulSetStrategy + readonly rollingUpdate?: RollingUpdateStatefulSetStrategy; /** * Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate. @@ -16703,25 +16262,22 @@ export interface StatefulSetUpdateStrategy { * @default RollingUpdate. * @schema io.k8s.api.apps.v1.StatefulSetUpdateStrategy#type */ - readonly type?: string + readonly type?: string; + } /** * Converts an object of type 'StatefulSetUpdateStrategy' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_StatefulSetUpdateStrategy( - obj: StatefulSetUpdateStrategy | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_StatefulSetUpdateStrategy(obj: StatefulSetUpdateStrategy | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - rollingUpdate: toJson_RollingUpdateStatefulSetStrategy(obj.rollingUpdate), - type: obj.type - } + 'rollingUpdate': toJson_RollingUpdateStatefulSetStrategy(obj.rollingUpdate), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16736,28 +16292,29 @@ export interface BoundObjectReference { * * @schema io.k8s.api.authentication.v1.BoundObjectReference#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * Kind of the referent. Valid kinds are 'Pod' and 'Secret'. * * @schema io.k8s.api.authentication.v1.BoundObjectReference#kind */ - readonly kind?: string + readonly kind?: string; /** * Name of the referent. * * @schema io.k8s.api.authentication.v1.BoundObjectReference#name */ - readonly name?: string + readonly name?: string; /** * UID of the referent. * * @schema io.k8s.api.authentication.v1.BoundObjectReference#uid */ - readonly uid?: string + readonly uid?: string; + } /** @@ -16765,17 +16322,15 @@ export interface BoundObjectReference { */ /* eslint-disable max-len, quote-props */ export function toJson_BoundObjectReference(obj: BoundObjectReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - kind: obj.kind, - name: obj.name, - uid: obj.uid - } + 'apiVersion': obj.apiVersion, + 'kind': obj.kind, + 'name': obj.name, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16790,14 +16345,15 @@ export interface NonResourceAttributes { * * @schema io.k8s.api.authorization.v1.NonResourceAttributes#path */ - readonly path?: string + readonly path?: string; /** * Verb is the standard HTTP verb * * @schema io.k8s.api.authorization.v1.NonResourceAttributes#verb */ - readonly verb?: string + readonly verb?: string; + } /** @@ -16805,15 +16361,13 @@ export interface NonResourceAttributes { */ /* eslint-disable max-len, quote-props */ export function toJson_NonResourceAttributes(obj: NonResourceAttributes | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - path: obj.path, - verb: obj.verb - } + 'path': obj.path, + 'verb': obj.verb, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16828,49 +16382,50 @@ export interface ResourceAttributes { * * @schema io.k8s.api.authorization.v1.ResourceAttributes#group */ - readonly group?: string + readonly group?: string; /** * Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. * * @schema io.k8s.api.authorization.v1.ResourceAttributes#name */ - readonly name?: string + readonly name?: string; /** * Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview * * @schema io.k8s.api.authorization.v1.ResourceAttributes#namespace */ - readonly namespace?: string + readonly namespace?: string; /** * Resource is one of the existing resource types. "*" means all. * * @schema io.k8s.api.authorization.v1.ResourceAttributes#resource */ - readonly resource?: string + readonly resource?: string; /** * Subresource is one of the existing resource types. "" means none. * * @schema io.k8s.api.authorization.v1.ResourceAttributes#subresource */ - readonly subresource?: string + readonly subresource?: string; /** * Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. * * @schema io.k8s.api.authorization.v1.ResourceAttributes#verb */ - readonly verb?: string + readonly verb?: string; /** * Version is the API Version of the Resource. "*" means all. * * @schema io.k8s.api.authorization.v1.ResourceAttributes#version */ - readonly version?: string + readonly version?: string; + } /** @@ -16878,20 +16433,18 @@ export interface ResourceAttributes { */ /* eslint-disable max-len, quote-props */ export function toJson_ResourceAttributes(obj: ResourceAttributes | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - group: obj.group, - name: obj.name, - namespace: obj.namespace, - resource: obj.resource, - subresource: obj.subresource, - verb: obj.verb, - version: obj.version - } + 'group': obj.group, + 'name': obj.name, + 'namespace': obj.namespace, + 'resource': obj.resource, + 'subresource': obj.subresource, + 'verb': obj.verb, + 'version': obj.version, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16906,40 +16459,37 @@ export interface CrossVersionObjectReference { * * @schema io.k8s.api.autoscaling.v1.CrossVersionObjectReference#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" * * @schema io.k8s.api.autoscaling.v1.CrossVersionObjectReference#kind */ - readonly kind: string + readonly kind: string; /** * Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names * * @schema io.k8s.api.autoscaling.v1.CrossVersionObjectReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'CrossVersionObjectReference' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CrossVersionObjectReference( - obj: CrossVersionObjectReference | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CrossVersionObjectReference(obj: CrossVersionObjectReference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - kind: obj.kind, - name: obj.name - } + 'apiVersion': obj.apiVersion, + 'kind': obj.kind, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16954,7 +16504,7 @@ export interface HorizontalPodAutoscalerBehaviorV2 { * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerBehavior#scaleDown */ - readonly scaleDown?: HpaScalingRulesV2 + readonly scaleDown?: HpaScalingRulesV2; /** * scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: @@ -16964,25 +16514,22 @@ export interface HorizontalPodAutoscalerBehaviorV2 { * * @schema io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerBehavior#scaleUp */ - readonly scaleUp?: HpaScalingRulesV2 + readonly scaleUp?: HpaScalingRulesV2; + } /** * Converts an object of type 'HorizontalPodAutoscalerBehaviorV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HorizontalPodAutoscalerBehaviorV2( - obj: HorizontalPodAutoscalerBehaviorV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HorizontalPodAutoscalerBehaviorV2(obj: HorizontalPodAutoscalerBehaviorV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - scaleDown: toJson_HpaScalingRulesV2(obj.scaleDown), - scaleUp: toJson_HpaScalingRulesV2(obj.scaleUp) - } + 'scaleDown': toJson_HpaScalingRulesV2(obj.scaleDown), + 'scaleUp': toJson_HpaScalingRulesV2(obj.scaleUp), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -16997,42 +16544,43 @@ export interface MetricSpecV2 { * * @schema io.k8s.api.autoscaling.v2.MetricSpec#containerResource */ - readonly containerResource?: ContainerResourceMetricSourceV2 + readonly containerResource?: ContainerResourceMetricSourceV2; /** * external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster). * * @schema io.k8s.api.autoscaling.v2.MetricSpec#external */ - readonly external?: ExternalMetricSourceV2 + readonly external?: ExternalMetricSourceV2; /** * object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object). * * @schema io.k8s.api.autoscaling.v2.MetricSpec#object */ - readonly object?: ObjectMetricSourceV2 + readonly object?: ObjectMetricSourceV2; /** * pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value. * * @schema io.k8s.api.autoscaling.v2.MetricSpec#pods */ - readonly pods?: PodsMetricSourceV2 + readonly pods?: PodsMetricSourceV2; /** * resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. * * @schema io.k8s.api.autoscaling.v2.MetricSpec#resource */ - readonly resource?: ResourceMetricSourceV2 + readonly resource?: ResourceMetricSourceV2; /** * type is the type of metric source. It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled * * @schema io.k8s.api.autoscaling.v2.MetricSpec#type */ - readonly type: string + readonly type: string; + } /** @@ -17040,19 +16588,17 @@ export interface MetricSpecV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_MetricSpecV2(obj: MetricSpecV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - containerResource: toJson_ContainerResourceMetricSourceV2(obj.containerResource), - external: toJson_ExternalMetricSourceV2(obj.external), - object: toJson_ObjectMetricSourceV2(obj.object), - pods: toJson_PodsMetricSourceV2(obj.pods), - resource: toJson_ResourceMetricSourceV2(obj.resource), - type: obj.type - } + 'containerResource': toJson_ContainerResourceMetricSourceV2(obj.containerResource), + 'external': toJson_ExternalMetricSourceV2(obj.external), + 'object': toJson_ObjectMetricSourceV2(obj.object), + 'pods': toJson_PodsMetricSourceV2(obj.pods), + 'resource': toJson_ResourceMetricSourceV2(obj.resource), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17067,40 +16613,37 @@ export interface CrossVersionObjectReferenceV2 { * * @schema io.k8s.api.autoscaling.v2.CrossVersionObjectReference#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" * * @schema io.k8s.api.autoscaling.v2.CrossVersionObjectReference#kind */ - readonly kind: string + readonly kind: string; /** * Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names * * @schema io.k8s.api.autoscaling.v2.CrossVersionObjectReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'CrossVersionObjectReferenceV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CrossVersionObjectReferenceV2( - obj: CrossVersionObjectReferenceV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CrossVersionObjectReferenceV2(obj: CrossVersionObjectReferenceV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - kind: obj.kind, - name: obj.name - } + 'apiVersion': obj.apiVersion, + 'kind': obj.kind, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17115,7 +16658,7 @@ export interface HorizontalPodAutoscalerBehaviorV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerBehavior#scaleDown */ - readonly scaleDown?: HpaScalingRulesV2Beta2 + readonly scaleDown?: HpaScalingRulesV2Beta2; /** * scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: @@ -17125,25 +16668,22 @@ export interface HorizontalPodAutoscalerBehaviorV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerBehavior#scaleUp */ - readonly scaleUp?: HpaScalingRulesV2Beta2 + readonly scaleUp?: HpaScalingRulesV2Beta2; + } /** * Converts an object of type 'HorizontalPodAutoscalerBehaviorV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HorizontalPodAutoscalerBehaviorV2Beta2( - obj: HorizontalPodAutoscalerBehaviorV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HorizontalPodAutoscalerBehaviorV2Beta2(obj: HorizontalPodAutoscalerBehaviorV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - scaleDown: toJson_HpaScalingRulesV2Beta2(obj.scaleDown), - scaleUp: toJson_HpaScalingRulesV2Beta2(obj.scaleUp) - } + 'scaleDown': toJson_HpaScalingRulesV2Beta2(obj.scaleDown), + 'scaleUp': toJson_HpaScalingRulesV2Beta2(obj.scaleUp), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17158,42 +16698,43 @@ export interface MetricSpecV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#containerResource */ - readonly containerResource?: ContainerResourceMetricSourceV2Beta2 + readonly containerResource?: ContainerResourceMetricSourceV2Beta2; /** * external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster). * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#external */ - readonly external?: ExternalMetricSourceV2Beta2 + readonly external?: ExternalMetricSourceV2Beta2; /** * object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object). * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#object */ - readonly object?: ObjectMetricSourceV2Beta2 + readonly object?: ObjectMetricSourceV2Beta2; /** * pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value. * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#pods */ - readonly pods?: PodsMetricSourceV2Beta2 + readonly pods?: PodsMetricSourceV2Beta2; /** * resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#resource */ - readonly resource?: ResourceMetricSourceV2Beta2 + readonly resource?: ResourceMetricSourceV2Beta2; /** * type is the type of metric source. It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled * * @schema io.k8s.api.autoscaling.v2beta2.MetricSpec#type */ - readonly type: string + readonly type: string; + } /** @@ -17201,19 +16742,17 @@ export interface MetricSpecV2Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_MetricSpecV2Beta2(obj: MetricSpecV2Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - containerResource: toJson_ContainerResourceMetricSourceV2Beta2(obj.containerResource), - external: toJson_ExternalMetricSourceV2Beta2(obj.external), - object: toJson_ObjectMetricSourceV2Beta2(obj.object), - pods: toJson_PodsMetricSourceV2Beta2(obj.pods), - resource: toJson_ResourceMetricSourceV2Beta2(obj.resource), - type: obj.type - } + 'containerResource': toJson_ContainerResourceMetricSourceV2Beta2(obj.containerResource), + 'external': toJson_ExternalMetricSourceV2Beta2(obj.external), + 'object': toJson_ObjectMetricSourceV2Beta2(obj.object), + 'pods': toJson_PodsMetricSourceV2Beta2(obj.pods), + 'resource': toJson_ResourceMetricSourceV2Beta2(obj.resource), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17228,40 +16767,37 @@ export interface CrossVersionObjectReferenceV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.CrossVersionObjectReference#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" * * @schema io.k8s.api.autoscaling.v2beta2.CrossVersionObjectReference#kind */ - readonly kind: string + readonly kind: string; /** * Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names * * @schema io.k8s.api.autoscaling.v2beta2.CrossVersionObjectReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'CrossVersionObjectReferenceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CrossVersionObjectReferenceV2Beta2( - obj: CrossVersionObjectReferenceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CrossVersionObjectReferenceV2Beta2(obj: CrossVersionObjectReferenceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - kind: obj.kind, - name: obj.name - } + 'apiVersion': obj.apiVersion, + 'kind': obj.kind, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17276,14 +16812,15 @@ export interface JobTemplateSpec { * * @schema io.k8s.api.batch.v1.JobTemplateSpec#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status * * @schema io.k8s.api.batch.v1.JobTemplateSpec#spec */ - readonly spec?: JobSpec + readonly spec?: JobSpec; + } /** @@ -17291,15 +16828,13 @@ export interface JobTemplateSpec { */ /* eslint-disable max-len, quote-props */ export function toJson_JobTemplateSpec(obj: JobTemplateSpec | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_JobSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_JobSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17314,7 +16849,8 @@ export interface PodFailurePolicy { * * @schema io.k8s.api.batch.v1.PodFailurePolicy#rules */ - readonly rules: PodFailurePolicyRule[] + readonly rules: PodFailurePolicyRule[]; + } /** @@ -17322,14 +16858,12 @@ export interface PodFailurePolicy { */ /* eslint-disable max-len, quote-props */ export function toJson_PodFailurePolicy(obj: PodFailurePolicy | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - rules: obj.rules?.map((y) => toJson_PodFailurePolicyRule(y)) - } + 'rules': obj.rules?.map(y => toJson_PodFailurePolicyRule(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17344,28 +16878,29 @@ export interface EndpointAddress { * * @schema io.k8s.api.core.v1.EndpointAddress#hostname */ - readonly hostname?: string + readonly hostname?: string; /** * The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready. * * @schema io.k8s.api.core.v1.EndpointAddress#ip */ - readonly ip: string + readonly ip: string; /** * Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. * * @schema io.k8s.api.core.v1.EndpointAddress#nodeName */ - readonly nodeName?: string + readonly nodeName?: string; /** * Reference to object providing the endpoint. * * @schema io.k8s.api.core.v1.EndpointAddress#targetRef */ - readonly targetRef?: ObjectReference + readonly targetRef?: ObjectReference; + } /** @@ -17373,17 +16908,15 @@ export interface EndpointAddress { */ /* eslint-disable max-len, quote-props */ export function toJson_EndpointAddress(obj: EndpointAddress | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - hostname: obj.hostname, - ip: obj.ip, - nodeName: obj.nodeName, - targetRef: toJson_ObjectReference(obj.targetRef) - } + 'hostname': obj.hostname, + 'ip': obj.ip, + 'nodeName': obj.nodeName, + 'targetRef': toJson_ObjectReference(obj.targetRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17398,42 +16931,43 @@ export interface LimitRangeItem { * * @schema io.k8s.api.core.v1.LimitRangeItem#default */ - readonly default?: { [key: string]: Quantity } + readonly default?: { [key: string]: Quantity }; /** * DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. * * @schema io.k8s.api.core.v1.LimitRangeItem#defaultRequest */ - readonly defaultRequest?: { [key: string]: Quantity } + readonly defaultRequest?: { [key: string]: Quantity }; /** * Max usage constraints on this kind by resource name. * * @schema io.k8s.api.core.v1.LimitRangeItem#max */ - readonly max?: { [key: string]: Quantity } + readonly max?: { [key: string]: Quantity }; /** * MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. * * @schema io.k8s.api.core.v1.LimitRangeItem#maxLimitRequestRatio */ - readonly maxLimitRequestRatio?: { [key: string]: Quantity } + readonly maxLimitRequestRatio?: { [key: string]: Quantity }; /** * Min usage constraints on this kind by resource name. * * @schema io.k8s.api.core.v1.LimitRangeItem#min */ - readonly min?: { [key: string]: Quantity } + readonly min?: { [key: string]: Quantity }; /** * Type of resource that this limit applies to. * * @schema io.k8s.api.core.v1.LimitRangeItem#type */ - readonly type: string + readonly type: string; + } /** @@ -17441,40 +16975,17 @@ export interface LimitRangeItem { */ /* eslint-disable max-len, quote-props */ export function toJson_LimitRangeItem(obj: LimitRangeItem | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - default: - obj.default === undefined - ? undefined - : Object.entries(obj.default).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - defaultRequest: - obj.defaultRequest === undefined - ? undefined - : Object.entries(obj.defaultRequest).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), - {} - ), - max: - obj.max === undefined - ? undefined - : Object.entries(obj.max).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - maxLimitRequestRatio: - obj.maxLimitRequestRatio === undefined - ? undefined - : Object.entries(obj.maxLimitRequestRatio).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), - {} - ), - min: - obj.min === undefined - ? undefined - : Object.entries(obj.min).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - type: obj.type - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'default': ((obj.default) === undefined) ? undefined : (Object.entries(obj.default).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'defaultRequest': ((obj.defaultRequest) === undefined) ? undefined : (Object.entries(obj.defaultRequest).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'max': ((obj.max) === undefined) ? undefined : (Object.entries(obj.max).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'maxLimitRequestRatio': ((obj.maxLimitRequestRatio) === undefined) ? undefined : (Object.entries(obj.maxLimitRequestRatio).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'min': ((obj.min) === undefined) ? undefined : (Object.entries(obj.min).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'type': obj.type, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17489,7 +17000,8 @@ export interface NodeConfigSource { * * @schema io.k8s.api.core.v1.NodeConfigSource#configMap */ - readonly configMap?: ConfigMapNodeConfigSource + readonly configMap?: ConfigMapNodeConfigSource; + } /** @@ -17497,14 +17009,12 @@ export interface NodeConfigSource { */ /* eslint-disable max-len, quote-props */ export function toJson_NodeConfigSource(obj: NodeConfigSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - configMap: toJson_ConfigMapNodeConfigSource(obj.configMap) - } + 'configMap': toJson_ConfigMapNodeConfigSource(obj.configMap), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17521,28 +17031,29 @@ export interface Taint { * * @schema io.k8s.api.core.v1.Taint#effect */ - readonly effect: string + readonly effect: string; /** * Required. The taint key to be applied to a node. * * @schema io.k8s.api.core.v1.Taint#key */ - readonly key: string + readonly key: string; /** * TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. * * @schema io.k8s.api.core.v1.Taint#timeAdded */ - readonly timeAdded?: Date + readonly timeAdded?: Date; /** * The taint value corresponding to the taint key. * * @schema io.k8s.api.core.v1.Taint#value */ - readonly value?: string + readonly value?: string; + } /** @@ -17550,17 +17061,15 @@ export interface Taint { */ /* eslint-disable max-len, quote-props */ export function toJson_Taint(obj: Taint | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - effect: obj.effect, - key: obj.key, - timeAdded: obj.timeAdded?.toISOString(), - value: obj.value - } + 'effect': obj.effect, + 'key': obj.key, + 'timeAdded': obj.timeAdded?.toISOString(), + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17577,48 +17086,45 @@ export interface AwsElasticBlockStoreVolumeSource { * * @schema io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). * * @schema io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource#partition */ - readonly partition?: number + readonly partition?: number; /** * readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore * * @schema io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore * * @schema io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource#volumeID */ - readonly volumeId: string + readonly volumeId: string; + } /** * Converts an object of type 'AwsElasticBlockStoreVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_AwsElasticBlockStoreVolumeSource( - obj: AwsElasticBlockStoreVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_AwsElasticBlockStoreVolumeSource(obj: AwsElasticBlockStoreVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - partition: obj.partition, - readOnly: obj.readOnly, - volumeID: obj.volumeId - } + 'fsType': obj.fsType, + 'partition': obj.partition, + 'readOnly': obj.readOnly, + 'volumeID': obj.volumeId, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17633,35 +17139,35 @@ export interface AzureDiskVolumeSource { * * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#cachingMode */ - readonly cachingMode?: string + readonly cachingMode?: string; /** * diskName is the Name of the data disk in the blob storage * * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#diskName */ - readonly diskName: string + readonly diskName: string; /** * diskURI is the URI of data disk in the blob storage * * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#diskURI */ - readonly diskUri: string + readonly diskUri: string; /** * fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. * * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared * * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#kind */ - readonly kind?: string + readonly kind?: string; /** * readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -17669,7 +17175,8 @@ export interface AzureDiskVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * @schema io.k8s.api.core.v1.AzureDiskVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; + } /** @@ -17677,19 +17184,17 @@ export interface AzureDiskVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_AzureDiskVolumeSource(obj: AzureDiskVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - cachingMode: obj.cachingMode, - diskName: obj.diskName, - diskURI: obj.diskUri, - fsType: obj.fsType, - kind: obj.kind, - readOnly: obj.readOnly - } + 'cachingMode': obj.cachingMode, + 'diskName': obj.diskName, + 'diskURI': obj.diskUri, + 'fsType': obj.fsType, + 'kind': obj.kind, + 'readOnly': obj.readOnly, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17704,48 +17209,45 @@ export interface AzureFilePersistentVolumeSource { * * @schema io.k8s.api.core.v1.AzureFilePersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretName is the name of secret that contains Azure Storage Account Name and Key * * @schema io.k8s.api.core.v1.AzureFilePersistentVolumeSource#secretName */ - readonly secretName: string + readonly secretName: string; /** * secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod * * @schema io.k8s.api.core.v1.AzureFilePersistentVolumeSource#secretNamespace */ - readonly secretNamespace?: string + readonly secretNamespace?: string; /** * shareName is the azure Share Name * * @schema io.k8s.api.core.v1.AzureFilePersistentVolumeSource#shareName */ - readonly shareName: string + readonly shareName: string; + } /** * Converts an object of type 'AzureFilePersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_AzureFilePersistentVolumeSource( - obj: AzureFilePersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_AzureFilePersistentVolumeSource(obj: AzureFilePersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - readOnly: obj.readOnly, - secretName: obj.secretName, - secretNamespace: obj.secretNamespace, - shareName: obj.shareName - } + 'readOnly': obj.readOnly, + 'secretName': obj.secretName, + 'secretNamespace': obj.secretNamespace, + 'shareName': obj.shareName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17760,14 +17262,14 @@ export interface CephFsPersistentVolumeSource { * * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#monitors */ - readonly monitors: string[] + readonly monitors: string[]; /** * path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / * * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#path */ - readonly path?: string + readonly path?: string; /** * readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -17775,50 +17277,47 @@ export interface CephFsPersistentVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#secretFile */ - readonly secretFile?: string + readonly secretFile?: string; /** * secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#secretRef */ - readonly secretRef?: SecretReference + readonly secretRef?: SecretReference; /** * user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSPersistentVolumeSource#user */ - readonly user?: string + readonly user?: string; + } /** * Converts an object of type 'CephFsPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CephFsPersistentVolumeSource( - obj: CephFsPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CephFsPersistentVolumeSource(obj: CephFsPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - monitors: obj.monitors?.map((y) => y), - path: obj.path, - readOnly: obj.readOnly, - secretFile: obj.secretFile, - secretRef: toJson_SecretReference(obj.secretRef), - user: obj.user - } + 'monitors': obj.monitors?.map(y => y), + 'path': obj.path, + 'readOnly': obj.readOnly, + 'secretFile': obj.secretFile, + 'secretRef': toJson_SecretReference(obj.secretRef), + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17833,7 +17332,7 @@ export interface CinderPersistentVolumeSource { * * @schema io.k8s.api.core.v1.CinderPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -17841,41 +17340,38 @@ export interface CinderPersistentVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * @schema io.k8s.api.core.v1.CinderPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack. * * @schema io.k8s.api.core.v1.CinderPersistentVolumeSource#secretRef */ - readonly secretRef?: SecretReference + readonly secretRef?: SecretReference; /** * volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * * @schema io.k8s.api.core.v1.CinderPersistentVolumeSource#volumeID */ - readonly volumeId: string + readonly volumeId: string; + } /** * Converts an object of type 'CinderPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CinderPersistentVolumeSource( - obj: CinderPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CinderPersistentVolumeSource(obj: CinderPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - readOnly: obj.readOnly, - secretRef: toJson_SecretReference(obj.secretRef), - volumeID: obj.volumeId - } + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_SecretReference(obj.secretRef), + 'volumeID': obj.volumeId, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17890,49 +17386,49 @@ export interface CsiPersistentVolumeSource { * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#controllerExpandSecretRef */ - readonly controllerExpandSecretRef?: SecretReference + readonly controllerExpandSecretRef?: SecretReference; /** * controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#controllerPublishSecretRef */ - readonly controllerPublishSecretRef?: SecretReference + readonly controllerPublishSecretRef?: SecretReference; /** * driver is the name of the driver to use for this volume. Required. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#driver */ - readonly driver: string + readonly driver: string; /** * fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is an alpha field and requires enabling CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#nodeExpandSecretRef */ - readonly nodeExpandSecretRef?: SecretReference + readonly nodeExpandSecretRef?: SecretReference; /** * nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#nodePublishSecretRef */ - readonly nodePublishSecretRef?: SecretReference + readonly nodePublishSecretRef?: SecretReference; /** * nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#nodeStageSecretRef */ - readonly nodeStageSecretRef?: SecretReference + readonly nodeStageSecretRef?: SecretReference; /** * readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write). @@ -17940,50 +17436,44 @@ export interface CsiPersistentVolumeSource { * @default false (read/write). * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * volumeAttributes of the volume to publish. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#volumeAttributes */ - readonly volumeAttributes?: { [key: string]: string } + readonly volumeAttributes?: { [key: string]: string }; /** * volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required. * * @schema io.k8s.api.core.v1.CSIPersistentVolumeSource#volumeHandle */ - readonly volumeHandle: string + readonly volumeHandle: string; + } /** * Converts an object of type 'CsiPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CsiPersistentVolumeSource( - obj: CsiPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CsiPersistentVolumeSource(obj: CsiPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - controllerExpandSecretRef: toJson_SecretReference(obj.controllerExpandSecretRef), - controllerPublishSecretRef: toJson_SecretReference(obj.controllerPublishSecretRef), - driver: obj.driver, - fsType: obj.fsType, - nodeExpandSecretRef: toJson_SecretReference(obj.nodeExpandSecretRef), - nodePublishSecretRef: toJson_SecretReference(obj.nodePublishSecretRef), - nodeStageSecretRef: toJson_SecretReference(obj.nodeStageSecretRef), - readOnly: obj.readOnly, - volumeAttributes: - obj.volumeAttributes === undefined - ? undefined - : Object.entries(obj.volumeAttributes).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - volumeHandle: obj.volumeHandle - } + 'controllerExpandSecretRef': toJson_SecretReference(obj.controllerExpandSecretRef), + 'controllerPublishSecretRef': toJson_SecretReference(obj.controllerPublishSecretRef), + 'driver': obj.driver, + 'fsType': obj.fsType, + 'nodeExpandSecretRef': toJson_SecretReference(obj.nodeExpandSecretRef), + 'nodePublishSecretRef': toJson_SecretReference(obj.nodePublishSecretRef), + 'nodeStageSecretRef': toJson_SecretReference(obj.nodeStageSecretRef), + 'readOnly': obj.readOnly, + 'volumeAttributes': ((obj.volumeAttributes) === undefined) ? undefined : (Object.entries(obj.volumeAttributes).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'volumeHandle': obj.volumeHandle, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -17998,14 +17488,14 @@ export interface FcVolumeSource { * * @schema io.k8s.api.core.v1.FCVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * lun is Optional: FC target lun number * * @schema io.k8s.api.core.v1.FCVolumeSource#lun */ - readonly lun?: number + readonly lun?: number; /** * readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -18013,21 +17503,22 @@ export interface FcVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * @schema io.k8s.api.core.v1.FCVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * targetWWNs is Optional: FC target worldwide names (WWNs) * * @schema io.k8s.api.core.v1.FCVolumeSource#targetWWNs */ - readonly targetWwNs?: string[] + readonly targetWwNs?: string[]; /** * wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. * * @schema io.k8s.api.core.v1.FCVolumeSource#wwids */ - readonly wwids?: string[] + readonly wwids?: string[]; + } /** @@ -18035,18 +17526,16 @@ export interface FcVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_FcVolumeSource(obj: FcVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - lun: obj.lun, - readOnly: obj.readOnly, - targetWWNs: obj.targetWwNs?.map((y) => y), - wwids: obj.wwids?.map((y) => y) - } + 'fsType': obj.fsType, + 'lun': obj.lun, + 'readOnly': obj.readOnly, + 'targetWWNs': obj.targetWwNs?.map(y => y), + 'wwids': obj.wwids?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18061,59 +17550,53 @@ export interface FlexPersistentVolumeSource { * * @schema io.k8s.api.core.v1.FlexPersistentVolumeSource#driver */ - readonly driver: string + readonly driver: string; /** * fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. * * @schema io.k8s.api.core.v1.FlexPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * options is Optional: this field holds extra command options if any. * * @schema io.k8s.api.core.v1.FlexPersistentVolumeSource#options */ - readonly options?: { [key: string]: string } + readonly options?: { [key: string]: string }; /** * readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.FlexPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. * * @schema io.k8s.api.core.v1.FlexPersistentVolumeSource#secretRef */ - readonly secretRef?: SecretReference + readonly secretRef?: SecretReference; + } /** * Converts an object of type 'FlexPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_FlexPersistentVolumeSource( - obj: FlexPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_FlexPersistentVolumeSource(obj: FlexPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - driver: obj.driver, - fsType: obj.fsType, - options: - obj.options === undefined - ? undefined - : Object.entries(obj.options).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - readOnly: obj.readOnly, - secretRef: toJson_SecretReference(obj.secretRef) - } + 'driver': obj.driver, + 'fsType': obj.fsType, + 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'readOnly': obj.readOnly, + 'secretRef': toJson_SecretReference(obj.secretRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18128,14 +17611,15 @@ export interface FlockerVolumeSource { * * @schema io.k8s.api.core.v1.FlockerVolumeSource#datasetName */ - readonly datasetName?: string + readonly datasetName?: string; /** * datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset * * @schema io.k8s.api.core.v1.FlockerVolumeSource#datasetUUID */ - readonly datasetUuid?: string + readonly datasetUuid?: string; + } /** @@ -18143,15 +17627,13 @@ export interface FlockerVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_FlockerVolumeSource(obj: FlockerVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - datasetName: obj.datasetName, - datasetUUID: obj.datasetUuid - } + 'datasetName': obj.datasetName, + 'datasetUUID': obj.datasetUuid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18168,21 +17650,21 @@ export interface GcePersistentDiskVolumeSource { * * @schema io.k8s.api.core.v1.GCEPersistentDiskVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk * * @schema io.k8s.api.core.v1.GCEPersistentDiskVolumeSource#partition */ - readonly partition?: number + readonly partition?: number; /** * pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk * * @schema io.k8s.api.core.v1.GCEPersistentDiskVolumeSource#pdName */ - readonly pdName: string + readonly pdName: string; /** * readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -18190,27 +17672,24 @@ export interface GcePersistentDiskVolumeSource { * @default false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk * @schema io.k8s.api.core.v1.GCEPersistentDiskVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; + } /** * Converts an object of type 'GcePersistentDiskVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GcePersistentDiskVolumeSource( - obj: GcePersistentDiskVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_GcePersistentDiskVolumeSource(obj: GcePersistentDiskVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - partition: obj.partition, - pdName: obj.pdName, - readOnly: obj.readOnly - } + 'fsType': obj.fsType, + 'partition': obj.partition, + 'pdName': obj.pdName, + 'readOnly': obj.readOnly, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18225,21 +17704,21 @@ export interface GlusterfsPersistentVolumeSource { * * @schema io.k8s.api.core.v1.GlusterfsPersistentVolumeSource#endpoints */ - readonly endpoints: string + readonly endpoints: string; /** * endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod * * @schema io.k8s.api.core.v1.GlusterfsPersistentVolumeSource#endpointsNamespace */ - readonly endpointsNamespace?: string + readonly endpointsNamespace?: string; /** * path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod * * @schema io.k8s.api.core.v1.GlusterfsPersistentVolumeSource#path */ - readonly path: string + readonly path: string; /** * readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod @@ -18247,27 +17726,24 @@ export interface GlusterfsPersistentVolumeSource { * @default false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod * @schema io.k8s.api.core.v1.GlusterfsPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; + } /** * Converts an object of type 'GlusterfsPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_GlusterfsPersistentVolumeSource( - obj: GlusterfsPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_GlusterfsPersistentVolumeSource(obj: GlusterfsPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - endpoints: obj.endpoints, - endpointsNamespace: obj.endpointsNamespace, - path: obj.path, - readOnly: obj.readOnly - } + 'endpoints': obj.endpoints, + 'endpointsNamespace': obj.endpointsNamespace, + 'path': obj.path, + 'readOnly': obj.readOnly, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18282,7 +17758,7 @@ export interface HostPathVolumeSource { * * @schema io.k8s.api.core.v1.HostPathVolumeSource#path */ - readonly path: string + readonly path: string; /** * type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath @@ -18290,7 +17766,8 @@ export interface HostPathVolumeSource { * @default More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath * @schema io.k8s.api.core.v1.HostPathVolumeSource#type */ - readonly type?: string + readonly type?: string; + } /** @@ -18298,15 +17775,13 @@ export interface HostPathVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_HostPathVolumeSource(obj: HostPathVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - path: obj.path, - type: obj.type - } + 'path': obj.path, + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18321,35 +17796,35 @@ export interface IscsiPersistentVolumeSource { * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#chapAuthDiscovery */ - readonly chapAuthDiscovery?: boolean + readonly chapAuthDiscovery?: boolean; /** * chapAuthSession defines whether support iSCSI Session CHAP authentication * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#chapAuthSession */ - readonly chapAuthSession?: boolean + readonly chapAuthSession?: boolean; /** * fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#initiatorName */ - readonly initiatorName?: string + readonly initiatorName?: string; /** * iqn is Target iSCSI Qualified Name. * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#iqn */ - readonly iqn: string + readonly iqn: string; /** * iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -18357,21 +17832,21 @@ export interface IscsiPersistentVolumeSource { * @default default' (tcp). * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#iscsiInterface */ - readonly iscsiInterface?: string + readonly iscsiInterface?: string; /** * lun is iSCSI Target Lun number. * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#lun */ - readonly lun: number + readonly lun: number; /** * portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#portals */ - readonly portals?: string[] + readonly portals?: string[]; /** * readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. @@ -18379,48 +17854,45 @@ export interface IscsiPersistentVolumeSource { * @default false. * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is the CHAP Secret for iSCSI target and initiator authentication * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#secretRef */ - readonly secretRef?: SecretReference + readonly secretRef?: SecretReference; /** * targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). * * @schema io.k8s.api.core.v1.ISCSIPersistentVolumeSource#targetPortal */ - readonly targetPortal: string + readonly targetPortal: string; + } /** * Converts an object of type 'IscsiPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_IscsiPersistentVolumeSource( - obj: IscsiPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_IscsiPersistentVolumeSource(obj: IscsiPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - chapAuthDiscovery: obj.chapAuthDiscovery, - chapAuthSession: obj.chapAuthSession, - fsType: obj.fsType, - initiatorName: obj.initiatorName, - iqn: obj.iqn, - iscsiInterface: obj.iscsiInterface, - lun: obj.lun, - portals: obj.portals?.map((y) => y), - readOnly: obj.readOnly, - secretRef: toJson_SecretReference(obj.secretRef), - targetPortal: obj.targetPortal - } + 'chapAuthDiscovery': obj.chapAuthDiscovery, + 'chapAuthSession': obj.chapAuthSession, + 'fsType': obj.fsType, + 'initiatorName': obj.initiatorName, + 'iqn': obj.iqn, + 'iscsiInterface': obj.iscsiInterface, + 'lun': obj.lun, + 'portals': obj.portals?.map(y => y), + 'readOnly': obj.readOnly, + 'secretRef': toJson_SecretReference(obj.secretRef), + 'targetPortal': obj.targetPortal, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18435,14 +17907,15 @@ export interface LocalVolumeSource { * * @schema io.k8s.api.core.v1.LocalVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...). * * @schema io.k8s.api.core.v1.LocalVolumeSource#path */ - readonly path: string + readonly path: string; + } /** @@ -18450,15 +17923,13 @@ export interface LocalVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_LocalVolumeSource(obj: LocalVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - path: obj.path - } + 'fsType': obj.fsType, + 'path': obj.path, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18473,7 +17944,7 @@ export interface NfsVolumeSource { * * @schema io.k8s.api.core.v1.NFSVolumeSource#path */ - readonly path: string + readonly path: string; /** * readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -18481,14 +17952,15 @@ export interface NfsVolumeSource { * @default false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs * @schema io.k8s.api.core.v1.NFSVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs * * @schema io.k8s.api.core.v1.NFSVolumeSource#server */ - readonly server: string + readonly server: string; + } /** @@ -18496,16 +17968,14 @@ export interface NfsVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_NfsVolumeSource(obj: NfsVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - path: obj.path, - readOnly: obj.readOnly, - server: obj.server - } + 'path': obj.path, + 'readOnly': obj.readOnly, + 'server': obj.server, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18520,7 +17990,8 @@ export interface VolumeNodeAffinity { * * @schema io.k8s.api.core.v1.VolumeNodeAffinity#required */ - readonly required?: NodeSelector + readonly required?: NodeSelector; + } /** @@ -18528,14 +17999,12 @@ export interface VolumeNodeAffinity { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeNodeAffinity(obj: VolumeNodeAffinity | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - required: toJson_NodeSelector(obj.required) - } + 'required': toJson_NodeSelector(obj.required), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18550,32 +18019,29 @@ export interface PhotonPersistentDiskVolumeSource { * * @schema io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * pdID is the ID that identifies Photon Controller persistent disk * * @schema io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource#pdID */ - readonly pdId: string + readonly pdId: string; + } /** * Converts an object of type 'PhotonPersistentDiskVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PhotonPersistentDiskVolumeSource( - obj: PhotonPersistentDiskVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PhotonPersistentDiskVolumeSource(obj: PhotonPersistentDiskVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - pdID: obj.pdId - } + 'fsType': obj.fsType, + 'pdID': obj.pdId, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18590,21 +18056,22 @@ export interface PortworxVolumeSource { * * @schema io.k8s.api.core.v1.PortworxVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.PortworxVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * volumeID uniquely identifies a Portworx volume * * @schema io.k8s.api.core.v1.PortworxVolumeSource#volumeID */ - readonly volumeId: string + readonly volumeId: string; + } /** @@ -18612,16 +18079,14 @@ export interface PortworxVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_PortworxVolumeSource(obj: PortworxVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - readOnly: obj.readOnly, - volumeID: obj.volumeId - } + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'volumeID': obj.volumeId, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18637,7 +18102,7 @@ export interface QuobyteVolumeSource { * @default no group * @schema io.k8s.api.core.v1.QuobyteVolumeSource#group */ - readonly group?: string + readonly group?: string; /** * readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. @@ -18645,21 +18110,21 @@ export interface QuobyteVolumeSource { * @default false. * @schema io.k8s.api.core.v1.QuobyteVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes * * @schema io.k8s.api.core.v1.QuobyteVolumeSource#registry */ - readonly registry: string + readonly registry: string; /** * tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin * * @schema io.k8s.api.core.v1.QuobyteVolumeSource#tenant */ - readonly tenant?: string + readonly tenant?: string; /** * user to map volume access to Defaults to serivceaccount user @@ -18667,14 +18132,15 @@ export interface QuobyteVolumeSource { * @default serivceaccount user * @schema io.k8s.api.core.v1.QuobyteVolumeSource#user */ - readonly user?: string + readonly user?: string; /** * volume is a string that references an already created Quobyte volume by name. * * @schema io.k8s.api.core.v1.QuobyteVolumeSource#volume */ - readonly volume: string + readonly volume: string; + } /** @@ -18682,19 +18148,17 @@ export interface QuobyteVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_QuobyteVolumeSource(obj: QuobyteVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - group: obj.group, - readOnly: obj.readOnly, - registry: obj.registry, - tenant: obj.tenant, - user: obj.user, - volume: obj.volume - } + 'group': obj.group, + 'readOnly': obj.readOnly, + 'registry': obj.registry, + 'tenant': obj.tenant, + 'user': obj.user, + 'volume': obj.volume, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18709,14 +18173,14 @@ export interface RbdPersistentVolumeSource { * * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#image */ - readonly image: string + readonly image: string; /** * keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -18724,14 +18188,14 @@ export interface RbdPersistentVolumeSource { * @default etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#keyring */ - readonly keyring?: string + readonly keyring?: string; /** * monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#monitors */ - readonly monitors: string[] + readonly monitors: string[]; /** * pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -18739,7 +18203,7 @@ export interface RbdPersistentVolumeSource { * @default rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#pool */ - readonly pool?: string + readonly pool?: string; /** * readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -18747,7 +18211,7 @@ export interface RbdPersistentVolumeSource { * @default false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -18755,7 +18219,7 @@ export interface RbdPersistentVolumeSource { * @default nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#secretRef */ - readonly secretRef?: SecretReference + readonly secretRef?: SecretReference; /** * user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -18763,31 +18227,28 @@ export interface RbdPersistentVolumeSource { * @default admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDPersistentVolumeSource#user */ - readonly user?: string + readonly user?: string; + } /** * Converts an object of type 'RbdPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_RbdPersistentVolumeSource( - obj: RbdPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_RbdPersistentVolumeSource(obj: RbdPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - image: obj.image, - keyring: obj.keyring, - monitors: obj.monitors?.map((y) => y), - pool: obj.pool, - readOnly: obj.readOnly, - secretRef: toJson_SecretReference(obj.secretRef), - user: obj.user - } + 'fsType': obj.fsType, + 'image': obj.image, + 'keyring': obj.keyring, + 'monitors': obj.monitors?.map(y => y), + 'pool': obj.pool, + 'readOnly': obj.readOnly, + 'secretRef': toJson_SecretReference(obj.secretRef), + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18803,42 +18264,42 @@ export interface ScaleIoPersistentVolumeSource { * @default xfs" * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * gateway is the host address of the ScaleIO API Gateway. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#gateway */ - readonly gateway: string + readonly gateway: string; /** * protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#protectionDomain */ - readonly protectionDomain?: string + readonly protectionDomain?: string; /** * readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#secretRef */ - readonly secretRef: SecretReference + readonly secretRef: SecretReference; /** * sslEnabled is the flag to enable/disable SSL communication with Gateway, default false * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#sslEnabled */ - readonly sslEnabled?: boolean + readonly sslEnabled?: boolean; /** * storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -18846,54 +18307,51 @@ export interface ScaleIoPersistentVolumeSource { * @default ThinProvisioned. * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#storageMode */ - readonly storageMode?: string + readonly storageMode?: string; /** * storagePool is the ScaleIO Storage Pool associated with the protection domain. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#storagePool */ - readonly storagePool?: string + readonly storagePool?: string; /** * system is the name of the storage system as configured in ScaleIO. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#system */ - readonly system: string + readonly system: string; /** * volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. * * @schema io.k8s.api.core.v1.ScaleIOPersistentVolumeSource#volumeName */ - readonly volumeName?: string + readonly volumeName?: string; + } /** * Converts an object of type 'ScaleIoPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ScaleIoPersistentVolumeSource( - obj: ScaleIoPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ScaleIoPersistentVolumeSource(obj: ScaleIoPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - gateway: obj.gateway, - protectionDomain: obj.protectionDomain, - readOnly: obj.readOnly, - secretRef: toJson_SecretReference(obj.secretRef), - sslEnabled: obj.sslEnabled, - storageMode: obj.storageMode, - storagePool: obj.storagePool, - system: obj.system, - volumeName: obj.volumeName - } + 'fsType': obj.fsType, + 'gateway': obj.gateway, + 'protectionDomain': obj.protectionDomain, + 'readOnly': obj.readOnly, + 'secretRef': toJson_SecretReference(obj.secretRef), + 'sslEnabled': obj.sslEnabled, + 'storageMode': obj.storageMode, + 'storagePool': obj.storagePool, + 'system': obj.system, + 'volumeName': obj.volumeName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18908,56 +18366,53 @@ export interface StorageOsPersistentVolumeSource { * * @schema io.k8s.api.core.v1.StorageOSPersistentVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.StorageOSPersistentVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. * * @schema io.k8s.api.core.v1.StorageOSPersistentVolumeSource#secretRef */ - readonly secretRef?: ObjectReference + readonly secretRef?: ObjectReference; /** * volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. * * @schema io.k8s.api.core.v1.StorageOSPersistentVolumeSource#volumeName */ - readonly volumeName?: string + readonly volumeName?: string; /** * volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. * * @schema io.k8s.api.core.v1.StorageOSPersistentVolumeSource#volumeNamespace */ - readonly volumeNamespace?: string + readonly volumeNamespace?: string; + } /** * Converts an object of type 'StorageOsPersistentVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_StorageOsPersistentVolumeSource( - obj: StorageOsPersistentVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_StorageOsPersistentVolumeSource(obj: StorageOsPersistentVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - readOnly: obj.readOnly, - secretRef: toJson_ObjectReference(obj.secretRef), - volumeName: obj.volumeName, - volumeNamespace: obj.volumeNamespace - } + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_ObjectReference(obj.secretRef), + 'volumeName': obj.volumeName, + 'volumeNamespace': obj.volumeNamespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -18972,48 +18427,45 @@ export interface VsphereVirtualDiskVolumeSource { * * @schema io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. * * @schema io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource#storagePolicyID */ - readonly storagePolicyId?: string + readonly storagePolicyId?: string; /** * storagePolicyName is the storage Policy Based Management (SPBM) profile name. * * @schema io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource#storagePolicyName */ - readonly storagePolicyName?: string + readonly storagePolicyName?: string; /** * volumePath is the path that identifies vSphere volume vmdk * * @schema io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource#volumePath */ - readonly volumePath: string + readonly volumePath: string; + } /** * Converts an object of type 'VsphereVirtualDiskVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_VsphereVirtualDiskVolumeSource( - obj: VsphereVirtualDiskVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_VsphereVirtualDiskVolumeSource(obj: VsphereVirtualDiskVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - storagePolicyID: obj.storagePolicyId, - storagePolicyName: obj.storagePolicyName, - volumePath: obj.volumePath - } + 'fsType': obj.fsType, + 'storagePolicyID': obj.storagePolicyId, + 'storagePolicyName': obj.storagePolicyName, + 'volumePath': obj.volumePath, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19028,40 +18480,37 @@ export interface TypedLocalObjectReference { * * @schema io.k8s.api.core.v1.TypedLocalObjectReference#apiGroup */ - readonly apiGroup?: string + readonly apiGroup?: string; /** * Kind is the type of resource being referenced * * @schema io.k8s.api.core.v1.TypedLocalObjectReference#kind */ - readonly kind: string + readonly kind: string; /** * Name is the name of resource being referenced * * @schema io.k8s.api.core.v1.TypedLocalObjectReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'TypedLocalObjectReference' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_TypedLocalObjectReference( - obj: TypedLocalObjectReference | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_TypedLocalObjectReference(obj: TypedLocalObjectReference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiGroup: obj.apiGroup, - kind: obj.kind, - name: obj.name - } + 'apiGroup': obj.apiGroup, + 'kind': obj.kind, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19076,14 +18525,15 @@ export interface ResourceRequirements { * * @schema io.k8s.api.core.v1.ResourceRequirements#limits */ - readonly limits?: { [key: string]: Quantity } + readonly limits?: { [key: string]: Quantity }; /** * Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ * * @schema io.k8s.api.core.v1.ResourceRequirements#requests */ - readonly requests?: { [key: string]: Quantity } + readonly requests?: { [key: string]: Quantity }; + } /** @@ -19091,21 +18541,13 @@ export interface ResourceRequirements { */ /* eslint-disable max-len, quote-props */ export function toJson_ResourceRequirements(obj: ResourceRequirements | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - limits: - obj.limits === undefined - ? undefined - : Object.entries(obj.limits).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}), - requests: - obj.requests === undefined - ? undefined - : Object.entries(obj.requests).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1]?.value }), {}) - } + 'limits': ((obj.limits) === undefined) ? undefined : (Object.entries(obj.limits).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + 'requests': ((obj.requests) === undefined) ? undefined : (Object.entries(obj.requests).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1]?.value }), {})), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19120,21 +18562,22 @@ export interface Affinity { * * @schema io.k8s.api.core.v1.Affinity#nodeAffinity */ - readonly nodeAffinity?: NodeAffinity + readonly nodeAffinity?: NodeAffinity; /** * Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). * * @schema io.k8s.api.core.v1.Affinity#podAffinity */ - readonly podAffinity?: PodAffinity + readonly podAffinity?: PodAffinity; /** * Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). * * @schema io.k8s.api.core.v1.Affinity#podAntiAffinity */ - readonly podAntiAffinity?: PodAntiAffinity + readonly podAntiAffinity?: PodAntiAffinity; + } /** @@ -19142,16 +18585,14 @@ export interface Affinity { */ /* eslint-disable max-len, quote-props */ export function toJson_Affinity(obj: Affinity | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - nodeAffinity: toJson_NodeAffinity(obj.nodeAffinity), - podAffinity: toJson_PodAffinity(obj.podAffinity), - podAntiAffinity: toJson_PodAntiAffinity(obj.podAntiAffinity) - } + 'nodeAffinity': toJson_NodeAffinity(obj.nodeAffinity), + 'podAffinity': toJson_PodAffinity(obj.podAffinity), + 'podAntiAffinity': toJson_PodAntiAffinity(obj.podAntiAffinity), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19166,35 +18607,35 @@ export interface Container { * * @schema io.k8s.api.core.v1.Container#args */ - readonly args?: string[] + readonly args?: string[]; /** * Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell * * @schema io.k8s.api.core.v1.Container#command */ - readonly command?: string[] + readonly command?: string[]; /** * List of environment variables to set in the container. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#env */ - readonly env?: EnvVar[] + readonly env?: EnvVar[]; /** * List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#envFrom */ - readonly envFrom?: EnvFromSource[] + readonly envFrom?: EnvFromSource[]; /** * Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. * * @schema io.k8s.api.core.v1.Container#image */ - readonly image?: string + readonly image?: string; /** * Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images @@ -19204,63 +18645,63 @@ export interface Container { * @default Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images * @schema io.k8s.api.core.v1.Container#imagePullPolicy */ - readonly imagePullPolicy?: string + readonly imagePullPolicy?: string; /** * Actions that the management system should take in response to container lifecycle events. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#lifecycle */ - readonly lifecycle?: Lifecycle + readonly lifecycle?: Lifecycle; /** * Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes * * @schema io.k8s.api.core.v1.Container#livenessProbe */ - readonly livenessProbe?: Probe + readonly livenessProbe?: Probe; /** * Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. * * @schema io.k8s.api.core.v1.Container#name */ - readonly name: string + readonly name: string; /** * List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#ports */ - readonly ports?: ContainerPort[] + readonly ports?: ContainerPort[]; /** * Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes * * @schema io.k8s.api.core.v1.Container#readinessProbe */ - readonly readinessProbe?: Probe + readonly readinessProbe?: Probe; /** * Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ * * @schema io.k8s.api.core.v1.Container#resources */ - readonly resources?: ResourceRequirements + readonly resources?: ResourceRequirements; /** * SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ * * @schema io.k8s.api.core.v1.Container#securityContext */ - readonly securityContext?: SecurityContext + readonly securityContext?: SecurityContext; /** * StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes * * @schema io.k8s.api.core.v1.Container#startupProbe */ - readonly startupProbe?: Probe + readonly startupProbe?: Probe; /** * Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. @@ -19268,7 +18709,7 @@ export interface Container { * @default false. * @schema io.k8s.api.core.v1.Container#stdin */ - readonly stdin?: boolean + readonly stdin?: boolean; /** * Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false @@ -19276,7 +18717,7 @@ export interface Container { * @default false * @schema io.k8s.api.core.v1.Container#stdinOnce */ - readonly stdinOnce?: boolean + readonly stdinOnce?: boolean; /** * Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. @@ -19284,7 +18725,7 @@ export interface Container { * @default dev/termination-log. Cannot be updated. * @schema io.k8s.api.core.v1.Container#terminationMessagePath */ - readonly terminationMessagePath?: string + readonly terminationMessagePath?: string; /** * Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. @@ -19294,7 +18735,7 @@ export interface Container { * @default File. Cannot be updated. * @schema io.k8s.api.core.v1.Container#terminationMessagePolicy */ - readonly terminationMessagePolicy?: string + readonly terminationMessagePolicy?: string; /** * Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. @@ -19302,28 +18743,29 @@ export interface Container { * @default false. * @schema io.k8s.api.core.v1.Container#tty */ - readonly tty?: boolean + readonly tty?: boolean; /** * volumeDevices is the list of block devices to be used by the container. * * @schema io.k8s.api.core.v1.Container#volumeDevices */ - readonly volumeDevices?: VolumeDevice[] + readonly volumeDevices?: VolumeDevice[]; /** * Pod volumes to mount into the container's filesystem. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#volumeMounts */ - readonly volumeMounts?: VolumeMount[] + readonly volumeMounts?: VolumeMount[]; /** * Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. * * @schema io.k8s.api.core.v1.Container#workingDir */ - readonly workingDir?: string + readonly workingDir?: string; + } /** @@ -19331,35 +18773,33 @@ export interface Container { */ /* eslint-disable max-len, quote-props */ export function toJson_Container(obj: Container | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - args: obj.args?.map((y) => y), - command: obj.command?.map((y) => y), - env: obj.env?.map((y) => toJson_EnvVar(y)), - envFrom: obj.envFrom?.map((y) => toJson_EnvFromSource(y)), - image: obj.image, - imagePullPolicy: obj.imagePullPolicy, - lifecycle: toJson_Lifecycle(obj.lifecycle), - livenessProbe: toJson_Probe(obj.livenessProbe), - name: obj.name, - ports: obj.ports?.map((y) => toJson_ContainerPort(y)), - readinessProbe: toJson_Probe(obj.readinessProbe), - resources: toJson_ResourceRequirements(obj.resources), - securityContext: toJson_SecurityContext(obj.securityContext), - startupProbe: toJson_Probe(obj.startupProbe), - stdin: obj.stdin, - stdinOnce: obj.stdinOnce, - terminationMessagePath: obj.terminationMessagePath, - terminationMessagePolicy: obj.terminationMessagePolicy, - tty: obj.tty, - volumeDevices: obj.volumeDevices?.map((y) => toJson_VolumeDevice(y)), - volumeMounts: obj.volumeMounts?.map((y) => toJson_VolumeMount(y)), - workingDir: obj.workingDir - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'args': obj.args?.map(y => y), + 'command': obj.command?.map(y => y), + 'env': obj.env?.map(y => toJson_EnvVar(y)), + 'envFrom': obj.envFrom?.map(y => toJson_EnvFromSource(y)), + 'image': obj.image, + 'imagePullPolicy': obj.imagePullPolicy, + 'lifecycle': toJson_Lifecycle(obj.lifecycle), + 'livenessProbe': toJson_Probe(obj.livenessProbe), + 'name': obj.name, + 'ports': obj.ports?.map(y => toJson_ContainerPort(y)), + 'readinessProbe': toJson_Probe(obj.readinessProbe), + 'resources': toJson_ResourceRequirements(obj.resources), + 'securityContext': toJson_SecurityContext(obj.securityContext), + 'startupProbe': toJson_Probe(obj.startupProbe), + 'stdin': obj.stdin, + 'stdinOnce': obj.stdinOnce, + 'terminationMessagePath': obj.terminationMessagePath, + 'terminationMessagePolicy': obj.terminationMessagePolicy, + 'tty': obj.tty, + 'volumeDevices': obj.volumeDevices?.map(y => toJson_VolumeDevice(y)), + 'volumeMounts': obj.volumeMounts?.map(y => toJson_VolumeMount(y)), + 'workingDir': obj.workingDir, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19374,21 +18814,22 @@ export interface PodDnsConfig { * * @schema io.k8s.api.core.v1.PodDNSConfig#nameservers */ - readonly nameservers?: string[] + readonly nameservers?: string[]; /** * A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. * * @schema io.k8s.api.core.v1.PodDNSConfig#options */ - readonly options?: PodDnsConfigOption[] + readonly options?: PodDnsConfigOption[]; /** * A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. * * @schema io.k8s.api.core.v1.PodDNSConfig#searches */ - readonly searches?: string[] + readonly searches?: string[]; + } /** @@ -19396,16 +18837,14 @@ export interface PodDnsConfig { */ /* eslint-disable max-len, quote-props */ export function toJson_PodDnsConfig(obj: PodDnsConfig | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - nameservers: obj.nameservers?.map((y) => y), - options: obj.options?.map((y) => toJson_PodDnsConfigOption(y)), - searches: obj.searches?.map((y) => y) - } + 'nameservers': obj.nameservers?.map(y => y), + 'options': obj.options?.map(y => toJson_PodDnsConfigOption(y)), + 'searches': obj.searches?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19422,35 +18861,35 @@ export interface EphemeralContainer { * * @schema io.k8s.api.core.v1.EphemeralContainer#args */ - readonly args?: string[] + readonly args?: string[]; /** * Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell * * @schema io.k8s.api.core.v1.EphemeralContainer#command */ - readonly command?: string[] + readonly command?: string[]; /** * List of environment variables to set in the container. Cannot be updated. * * @schema io.k8s.api.core.v1.EphemeralContainer#env */ - readonly env?: EnvVar[] + readonly env?: EnvVar[]; /** * List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. * * @schema io.k8s.api.core.v1.EphemeralContainer#envFrom */ - readonly envFrom?: EnvFromSource[] + readonly envFrom?: EnvFromSource[]; /** * Container image name. More info: https://kubernetes.io/docs/concepts/containers/images * * @schema io.k8s.api.core.v1.EphemeralContainer#image */ - readonly image?: string + readonly image?: string; /** * Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images @@ -19460,63 +18899,63 @@ export interface EphemeralContainer { * @default Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images * @schema io.k8s.api.core.v1.EphemeralContainer#imagePullPolicy */ - readonly imagePullPolicy?: string + readonly imagePullPolicy?: string; /** * Lifecycle is not allowed for ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#lifecycle */ - readonly lifecycle?: Lifecycle + readonly lifecycle?: Lifecycle; /** * Probes are not allowed for ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#livenessProbe */ - readonly livenessProbe?: Probe + readonly livenessProbe?: Probe; /** * Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#name */ - readonly name: string + readonly name: string; /** * Ports are not allowed for ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#ports */ - readonly ports?: ContainerPort[] + readonly ports?: ContainerPort[]; /** * Probes are not allowed for ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#readinessProbe */ - readonly readinessProbe?: Probe + readonly readinessProbe?: Probe; /** * Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. * * @schema io.k8s.api.core.v1.EphemeralContainer#resources */ - readonly resources?: ResourceRequirements + readonly resources?: ResourceRequirements; /** * Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. * * @schema io.k8s.api.core.v1.EphemeralContainer#securityContext */ - readonly securityContext?: SecurityContext + readonly securityContext?: SecurityContext; /** * Probes are not allowed for ephemeral containers. * * @schema io.k8s.api.core.v1.EphemeralContainer#startupProbe */ - readonly startupProbe?: Probe + readonly startupProbe?: Probe; /** * Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. @@ -19524,7 +18963,7 @@ export interface EphemeralContainer { * @default false. * @schema io.k8s.api.core.v1.EphemeralContainer#stdin */ - readonly stdin?: boolean + readonly stdin?: boolean; /** * Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false @@ -19532,7 +18971,7 @@ export interface EphemeralContainer { * @default false * @schema io.k8s.api.core.v1.EphemeralContainer#stdinOnce */ - readonly stdinOnce?: boolean + readonly stdinOnce?: boolean; /** * If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. @@ -19541,7 +18980,7 @@ export interface EphemeralContainer { * * @schema io.k8s.api.core.v1.EphemeralContainer#targetContainerName */ - readonly targetContainerName?: string + readonly targetContainerName?: string; /** * Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. @@ -19549,7 +18988,7 @@ export interface EphemeralContainer { * @default dev/termination-log. Cannot be updated. * @schema io.k8s.api.core.v1.EphemeralContainer#terminationMessagePath */ - readonly terminationMessagePath?: string + readonly terminationMessagePath?: string; /** * Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. @@ -19559,7 +18998,7 @@ export interface EphemeralContainer { * @default File. Cannot be updated. * @schema io.k8s.api.core.v1.EphemeralContainer#terminationMessagePolicy */ - readonly terminationMessagePolicy?: string + readonly terminationMessagePolicy?: string; /** * Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. @@ -19567,28 +19006,29 @@ export interface EphemeralContainer { * @default false. * @schema io.k8s.api.core.v1.EphemeralContainer#tty */ - readonly tty?: boolean + readonly tty?: boolean; /** * volumeDevices is the list of block devices to be used by the container. * * @schema io.k8s.api.core.v1.EphemeralContainer#volumeDevices */ - readonly volumeDevices?: VolumeDevice[] + readonly volumeDevices?: VolumeDevice[]; /** * Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. * * @schema io.k8s.api.core.v1.EphemeralContainer#volumeMounts */ - readonly volumeMounts?: VolumeMount[] + readonly volumeMounts?: VolumeMount[]; /** * Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. * * @schema io.k8s.api.core.v1.EphemeralContainer#workingDir */ - readonly workingDir?: string + readonly workingDir?: string; + } /** @@ -19596,36 +19036,34 @@ export interface EphemeralContainer { */ /* eslint-disable max-len, quote-props */ export function toJson_EphemeralContainer(obj: EphemeralContainer | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - args: obj.args?.map((y) => y), - command: obj.command?.map((y) => y), - env: obj.env?.map((y) => toJson_EnvVar(y)), - envFrom: obj.envFrom?.map((y) => toJson_EnvFromSource(y)), - image: obj.image, - imagePullPolicy: obj.imagePullPolicy, - lifecycle: toJson_Lifecycle(obj.lifecycle), - livenessProbe: toJson_Probe(obj.livenessProbe), - name: obj.name, - ports: obj.ports?.map((y) => toJson_ContainerPort(y)), - readinessProbe: toJson_Probe(obj.readinessProbe), - resources: toJson_ResourceRequirements(obj.resources), - securityContext: toJson_SecurityContext(obj.securityContext), - startupProbe: toJson_Probe(obj.startupProbe), - stdin: obj.stdin, - stdinOnce: obj.stdinOnce, - targetContainerName: obj.targetContainerName, - terminationMessagePath: obj.terminationMessagePath, - terminationMessagePolicy: obj.terminationMessagePolicy, - tty: obj.tty, - volumeDevices: obj.volumeDevices?.map((y) => toJson_VolumeDevice(y)), - volumeMounts: obj.volumeMounts?.map((y) => toJson_VolumeMount(y)), - workingDir: obj.workingDir - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'args': obj.args?.map(y => y), + 'command': obj.command?.map(y => y), + 'env': obj.env?.map(y => toJson_EnvVar(y)), + 'envFrom': obj.envFrom?.map(y => toJson_EnvFromSource(y)), + 'image': obj.image, + 'imagePullPolicy': obj.imagePullPolicy, + 'lifecycle': toJson_Lifecycle(obj.lifecycle), + 'livenessProbe': toJson_Probe(obj.livenessProbe), + 'name': obj.name, + 'ports': obj.ports?.map(y => toJson_ContainerPort(y)), + 'readinessProbe': toJson_Probe(obj.readinessProbe), + 'resources': toJson_ResourceRequirements(obj.resources), + 'securityContext': toJson_SecurityContext(obj.securityContext), + 'startupProbe': toJson_Probe(obj.startupProbe), + 'stdin': obj.stdin, + 'stdinOnce': obj.stdinOnce, + 'targetContainerName': obj.targetContainerName, + 'terminationMessagePath': obj.terminationMessagePath, + 'terminationMessagePolicy': obj.terminationMessagePolicy, + 'tty': obj.tty, + 'volumeDevices': obj.volumeDevices?.map(y => toJson_VolumeDevice(y)), + 'volumeMounts': obj.volumeMounts?.map(y => toJson_VolumeMount(y)), + 'workingDir': obj.workingDir, + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19640,14 +19078,15 @@ export interface HostAlias { * * @schema io.k8s.api.core.v1.HostAlias#hostnames */ - readonly hostnames?: string[] + readonly hostnames?: string[]; /** * IP address of the host file entry. * * @schema io.k8s.api.core.v1.HostAlias#ip */ - readonly ip?: string + readonly ip?: string; + } /** @@ -19655,15 +19094,13 @@ export interface HostAlias { */ /* eslint-disable max-len, quote-props */ export function toJson_HostAlias(obj: HostAlias | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - hostnames: obj.hostnames?.map((y) => y), - ip: obj.ip - } + 'hostnames': obj.hostnames?.map(y => y), + 'ip': obj.ip, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19678,7 +19115,8 @@ export interface PodOs { * * @schema io.k8s.api.core.v1.PodOS#name */ - readonly name: string + readonly name: string; + } /** @@ -19686,14 +19124,12 @@ export interface PodOs { */ /* eslint-disable max-len, quote-props */ export function toJson_PodOs(obj: PodOs | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19708,7 +19144,8 @@ export interface PodReadinessGate { * * @schema io.k8s.api.core.v1.PodReadinessGate#conditionType */ - readonly conditionType: string + readonly conditionType: string; + } /** @@ -19716,14 +19153,12 @@ export interface PodReadinessGate { */ /* eslint-disable max-len, quote-props */ export function toJson_PodReadinessGate(obj: PodReadinessGate | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - conditionType: obj.conditionType - } + 'conditionType': obj.conditionType, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19742,28 +19177,28 @@ export interface PodSecurityContext { * * @schema io.k8s.api.core.v1.PodSecurityContext#fsGroup */ - readonly fsGroup?: number + readonly fsGroup?: number; /** * fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#fsGroupChangePolicy */ - readonly fsGroupChangePolicy?: string + readonly fsGroupChangePolicy?: string; /** * The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#runAsGroup */ - readonly runAsGroup?: number + readonly runAsGroup?: number; /** * Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. * * @schema io.k8s.api.core.v1.PodSecurityContext#runAsNonRoot */ - readonly runAsNonRoot?: boolean + readonly runAsNonRoot?: boolean; /** * The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. @@ -19771,42 +19206,43 @@ export interface PodSecurityContext { * @default user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. * @schema io.k8s.api.core.v1.PodSecurityContext#runAsUser */ - readonly runAsUser?: number + readonly runAsUser?: number; /** * The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#seLinuxOptions */ - readonly seLinuxOptions?: SeLinuxOptions + readonly seLinuxOptions?: SeLinuxOptions; /** * The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#seccompProfile */ - readonly seccompProfile?: SeccompProfile + readonly seccompProfile?: SeccompProfile; /** * A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#supplementalGroups */ - readonly supplementalGroups?: number[] + readonly supplementalGroups?: number[]; /** * Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.PodSecurityContext#sysctls */ - readonly sysctls?: Sysctl[] + readonly sysctls?: Sysctl[]; /** * The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. * * @schema io.k8s.api.core.v1.PodSecurityContext#windowsOptions */ - readonly windowsOptions?: WindowsSecurityContextOptions + readonly windowsOptions?: WindowsSecurityContextOptions; + } /** @@ -19814,23 +19250,21 @@ export interface PodSecurityContext { */ /* eslint-disable max-len, quote-props */ export function toJson_PodSecurityContext(obj: PodSecurityContext | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsGroup: obj.fsGroup, - fsGroupChangePolicy: obj.fsGroupChangePolicy, - runAsGroup: obj.runAsGroup, - runAsNonRoot: obj.runAsNonRoot, - runAsUser: obj.runAsUser, - seLinuxOptions: toJson_SeLinuxOptions(obj.seLinuxOptions), - seccompProfile: toJson_SeccompProfile(obj.seccompProfile), - supplementalGroups: obj.supplementalGroups?.map((y) => y), - sysctls: obj.sysctls?.map((y) => toJson_Sysctl(y)), - windowsOptions: toJson_WindowsSecurityContextOptions(obj.windowsOptions) - } + 'fsGroup': obj.fsGroup, + 'fsGroupChangePolicy': obj.fsGroupChangePolicy, + 'runAsGroup': obj.runAsGroup, + 'runAsNonRoot': obj.runAsNonRoot, + 'runAsUser': obj.runAsUser, + 'seLinuxOptions': toJson_SeLinuxOptions(obj.seLinuxOptions), + 'seccompProfile': toJson_SeccompProfile(obj.seccompProfile), + 'supplementalGroups': obj.supplementalGroups?.map(y => y), + 'sysctls': obj.sysctls?.map(y => toJson_Sysctl(y)), + 'windowsOptions': toJson_WindowsSecurityContextOptions(obj.windowsOptions), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19847,14 +19281,14 @@ export interface Toleration { * * @schema io.k8s.api.core.v1.Toleration#effect */ - readonly effect?: string + readonly effect?: string; /** * Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. * * @schema io.k8s.api.core.v1.Toleration#key */ - readonly key?: string + readonly key?: string; /** * Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. @@ -19864,21 +19298,22 @@ export interface Toleration { * @default Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. * @schema io.k8s.api.core.v1.Toleration#operator */ - readonly operator?: string + readonly operator?: string; /** * TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. * * @schema io.k8s.api.core.v1.Toleration#tolerationSeconds */ - readonly tolerationSeconds?: number + readonly tolerationSeconds?: number; /** * Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. * * @schema io.k8s.api.core.v1.Toleration#value */ - readonly value?: string + readonly value?: string; + } /** @@ -19886,18 +19321,16 @@ export interface Toleration { */ /* eslint-disable max-len, quote-props */ export function toJson_Toleration(obj: Toleration | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - effect: obj.effect, - key: obj.key, - operator: obj.operator, - tolerationSeconds: obj.tolerationSeconds, - value: obj.value - } + 'effect': obj.effect, + 'key': obj.key, + 'operator': obj.operator, + 'tolerationSeconds': obj.tolerationSeconds, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -19912,21 +19345,21 @@ export interface TopologySpreadConstraint { * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#labelSelector */ - readonly labelSelector?: LabelSelector + readonly labelSelector?: LabelSelector; /** * MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#matchLabelKeys */ - readonly matchLabelKeys?: string[] + readonly matchLabelKeys?: string[]; /** * MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#maxSkew */ - readonly maxSkew: number + readonly maxSkew: number; /** * MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. @@ -19937,7 +19370,7 @@ export interface TopologySpreadConstraint { * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#minDomains */ - readonly minDomains?: number + readonly minDomains?: number; /** * NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. @@ -19946,7 +19379,7 @@ export interface TopologySpreadConstraint { * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#nodeAffinityPolicy */ - readonly nodeAffinityPolicy?: string + readonly nodeAffinityPolicy?: string; /** * NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. @@ -19955,14 +19388,14 @@ export interface TopologySpreadConstraint { * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#nodeTaintsPolicy */ - readonly nodeTaintsPolicy?: string + readonly nodeTaintsPolicy?: string; /** * TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#topologyKey */ - readonly topologyKey: string + readonly topologyKey: string; /** * WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, @@ -19974,31 +19407,28 @@ export interface TopologySpreadConstraint { * * @schema io.k8s.api.core.v1.TopologySpreadConstraint#whenUnsatisfiable */ - readonly whenUnsatisfiable: string + readonly whenUnsatisfiable: string; + } /** * Converts an object of type 'TopologySpreadConstraint' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_TopologySpreadConstraint( - obj: TopologySpreadConstraint | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_TopologySpreadConstraint(obj: TopologySpreadConstraint | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - labelSelector: toJson_LabelSelector(obj.labelSelector), - matchLabelKeys: obj.matchLabelKeys?.map((y) => y), - maxSkew: obj.maxSkew, - minDomains: obj.minDomains, - nodeAffinityPolicy: obj.nodeAffinityPolicy, - nodeTaintsPolicy: obj.nodeTaintsPolicy, - topologyKey: obj.topologyKey, - whenUnsatisfiable: obj.whenUnsatisfiable - } + 'labelSelector': toJson_LabelSelector(obj.labelSelector), + 'matchLabelKeys': obj.matchLabelKeys?.map(y => y), + 'maxSkew': obj.maxSkew, + 'minDomains': obj.minDomains, + 'nodeAffinityPolicy': obj.nodeAffinityPolicy, + 'nodeTaintsPolicy': obj.nodeTaintsPolicy, + 'topologyKey': obj.topologyKey, + 'whenUnsatisfiable': obj.whenUnsatisfiable, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20013,63 +19443,63 @@ export interface Volume { * * @schema io.k8s.api.core.v1.Volume#awsElasticBlockStore */ - readonly awsElasticBlockStore?: AwsElasticBlockStoreVolumeSource + readonly awsElasticBlockStore?: AwsElasticBlockStoreVolumeSource; /** * azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. * * @schema io.k8s.api.core.v1.Volume#azureDisk */ - readonly azureDisk?: AzureDiskVolumeSource + readonly azureDisk?: AzureDiskVolumeSource; /** * azureFile represents an Azure File Service mount on the host and bind mount to the pod. * * @schema io.k8s.api.core.v1.Volume#azureFile */ - readonly azureFile?: AzureFileVolumeSource + readonly azureFile?: AzureFileVolumeSource; /** * cephFS represents a Ceph FS mount on the host that shares a pod's lifetime * * @schema io.k8s.api.core.v1.Volume#cephfs */ - readonly cephfs?: CephFsVolumeSource + readonly cephfs?: CephFsVolumeSource; /** * cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * * @schema io.k8s.api.core.v1.Volume#cinder */ - readonly cinder?: CinderVolumeSource + readonly cinder?: CinderVolumeSource; /** * configMap represents a configMap that should populate this volume * * @schema io.k8s.api.core.v1.Volume#configMap */ - readonly configMap?: ConfigMapVolumeSource + readonly configMap?: ConfigMapVolumeSource; /** * csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). * * @schema io.k8s.api.core.v1.Volume#csi */ - readonly csi?: CsiVolumeSource + readonly csi?: CsiVolumeSource; /** * downwardAPI represents downward API about the pod that should populate this volume * * @schema io.k8s.api.core.v1.Volume#downwardAPI */ - readonly downwardApi?: DownwardApiVolumeSource + readonly downwardApi?: DownwardApiVolumeSource; /** * emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir * * @schema io.k8s.api.core.v1.Volume#emptyDir */ - readonly emptyDir?: EmptyDirVolumeSource + readonly emptyDir?: EmptyDirVolumeSource; /** * ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. @@ -20089,147 +19519,148 @@ export interface Volume { * * @schema io.k8s.api.core.v1.Volume#ephemeral */ - readonly ephemeral?: EphemeralVolumeSource + readonly ephemeral?: EphemeralVolumeSource; /** * fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. * * @schema io.k8s.api.core.v1.Volume#fc */ - readonly fc?: FcVolumeSource + readonly fc?: FcVolumeSource; /** * flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. * * @schema io.k8s.api.core.v1.Volume#flexVolume */ - readonly flexVolume?: FlexVolumeSource + readonly flexVolume?: FlexVolumeSource; /** * flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running * * @schema io.k8s.api.core.v1.Volume#flocker */ - readonly flocker?: FlockerVolumeSource + readonly flocker?: FlockerVolumeSource; /** * gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk * * @schema io.k8s.api.core.v1.Volume#gcePersistentDisk */ - readonly gcePersistentDisk?: GcePersistentDiskVolumeSource + readonly gcePersistentDisk?: GcePersistentDiskVolumeSource; /** * gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. * * @schema io.k8s.api.core.v1.Volume#gitRepo */ - readonly gitRepo?: GitRepoVolumeSource + readonly gitRepo?: GitRepoVolumeSource; /** * glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md * * @schema io.k8s.api.core.v1.Volume#glusterfs */ - readonly glusterfs?: GlusterfsVolumeSource + readonly glusterfs?: GlusterfsVolumeSource; /** * hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath * * @schema io.k8s.api.core.v1.Volume#hostPath */ - readonly hostPath?: HostPathVolumeSource + readonly hostPath?: HostPathVolumeSource; /** * iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md * * @schema io.k8s.api.core.v1.Volume#iscsi */ - readonly iscsi?: IscsiVolumeSource + readonly iscsi?: IscsiVolumeSource; /** * name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.Volume#name */ - readonly name: string + readonly name: string; /** * nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs * * @schema io.k8s.api.core.v1.Volume#nfs */ - readonly nfs?: NfsVolumeSource + readonly nfs?: NfsVolumeSource; /** * persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims * * @schema io.k8s.api.core.v1.Volume#persistentVolumeClaim */ - readonly persistentVolumeClaim?: PersistentVolumeClaimVolumeSource + readonly persistentVolumeClaim?: PersistentVolumeClaimVolumeSource; /** * photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.Volume#photonPersistentDisk */ - readonly photonPersistentDisk?: PhotonPersistentDiskVolumeSource + readonly photonPersistentDisk?: PhotonPersistentDiskVolumeSource; /** * portworxVolume represents a portworx volume attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.Volume#portworxVolume */ - readonly portworxVolume?: PortworxVolumeSource + readonly portworxVolume?: PortworxVolumeSource; /** * projected items for all in one resources secrets, configmaps, and downward API * * @schema io.k8s.api.core.v1.Volume#projected */ - readonly projected?: ProjectedVolumeSource + readonly projected?: ProjectedVolumeSource; /** * quobyte represents a Quobyte mount on the host that shares a pod's lifetime * * @schema io.k8s.api.core.v1.Volume#quobyte */ - readonly quobyte?: QuobyteVolumeSource + readonly quobyte?: QuobyteVolumeSource; /** * rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md * * @schema io.k8s.api.core.v1.Volume#rbd */ - readonly rbd?: RbdVolumeSource + readonly rbd?: RbdVolumeSource; /** * scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. * * @schema io.k8s.api.core.v1.Volume#scaleIO */ - readonly scaleIo?: ScaleIoVolumeSource + readonly scaleIo?: ScaleIoVolumeSource; /** * secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret * * @schema io.k8s.api.core.v1.Volume#secret */ - readonly secret?: SecretVolumeSource + readonly secret?: SecretVolumeSource; /** * storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. * * @schema io.k8s.api.core.v1.Volume#storageos */ - readonly storageos?: StorageOsVolumeSource + readonly storageos?: StorageOsVolumeSource; /** * vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine * * @schema io.k8s.api.core.v1.Volume#vsphereVolume */ - readonly vsphereVolume?: VsphereVirtualDiskVolumeSource + readonly vsphereVolume?: VsphereVirtualDiskVolumeSource; + } /** @@ -20237,43 +19668,41 @@ export interface Volume { */ /* eslint-disable max-len, quote-props */ export function toJson_Volume(obj: Volume | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - awsElasticBlockStore: toJson_AwsElasticBlockStoreVolumeSource(obj.awsElasticBlockStore), - azureDisk: toJson_AzureDiskVolumeSource(obj.azureDisk), - azureFile: toJson_AzureFileVolumeSource(obj.azureFile), - cephfs: toJson_CephFsVolumeSource(obj.cephfs), - cinder: toJson_CinderVolumeSource(obj.cinder), - configMap: toJson_ConfigMapVolumeSource(obj.configMap), - csi: toJson_CsiVolumeSource(obj.csi), - downwardAPI: toJson_DownwardApiVolumeSource(obj.downwardApi), - emptyDir: toJson_EmptyDirVolumeSource(obj.emptyDir), - ephemeral: toJson_EphemeralVolumeSource(obj.ephemeral), - fc: toJson_FcVolumeSource(obj.fc), - flexVolume: toJson_FlexVolumeSource(obj.flexVolume), - flocker: toJson_FlockerVolumeSource(obj.flocker), - gcePersistentDisk: toJson_GcePersistentDiskVolumeSource(obj.gcePersistentDisk), - gitRepo: toJson_GitRepoVolumeSource(obj.gitRepo), - glusterfs: toJson_GlusterfsVolumeSource(obj.glusterfs), - hostPath: toJson_HostPathVolumeSource(obj.hostPath), - iscsi: toJson_IscsiVolumeSource(obj.iscsi), - name: obj.name, - nfs: toJson_NfsVolumeSource(obj.nfs), - persistentVolumeClaim: toJson_PersistentVolumeClaimVolumeSource(obj.persistentVolumeClaim), - photonPersistentDisk: toJson_PhotonPersistentDiskVolumeSource(obj.photonPersistentDisk), - portworxVolume: toJson_PortworxVolumeSource(obj.portworxVolume), - projected: toJson_ProjectedVolumeSource(obj.projected), - quobyte: toJson_QuobyteVolumeSource(obj.quobyte), - rbd: toJson_RbdVolumeSource(obj.rbd), - scaleIO: toJson_ScaleIoVolumeSource(obj.scaleIo), - secret: toJson_SecretVolumeSource(obj.secret), - storageos: toJson_StorageOsVolumeSource(obj.storageos), - vsphereVolume: toJson_VsphereVirtualDiskVolumeSource(obj.vsphereVolume) - } - // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + if (obj === undefined) { return undefined; } + const result = { + 'awsElasticBlockStore': toJson_AwsElasticBlockStoreVolumeSource(obj.awsElasticBlockStore), + 'azureDisk': toJson_AzureDiskVolumeSource(obj.azureDisk), + 'azureFile': toJson_AzureFileVolumeSource(obj.azureFile), + 'cephfs': toJson_CephFsVolumeSource(obj.cephfs), + 'cinder': toJson_CinderVolumeSource(obj.cinder), + 'configMap': toJson_ConfigMapVolumeSource(obj.configMap), + 'csi': toJson_CsiVolumeSource(obj.csi), + 'downwardAPI': toJson_DownwardApiVolumeSource(obj.downwardApi), + 'emptyDir': toJson_EmptyDirVolumeSource(obj.emptyDir), + 'ephemeral': toJson_EphemeralVolumeSource(obj.ephemeral), + 'fc': toJson_FcVolumeSource(obj.fc), + 'flexVolume': toJson_FlexVolumeSource(obj.flexVolume), + 'flocker': toJson_FlockerVolumeSource(obj.flocker), + 'gcePersistentDisk': toJson_GcePersistentDiskVolumeSource(obj.gcePersistentDisk), + 'gitRepo': toJson_GitRepoVolumeSource(obj.gitRepo), + 'glusterfs': toJson_GlusterfsVolumeSource(obj.glusterfs), + 'hostPath': toJson_HostPathVolumeSource(obj.hostPath), + 'iscsi': toJson_IscsiVolumeSource(obj.iscsi), + 'name': obj.name, + 'nfs': toJson_NfsVolumeSource(obj.nfs), + 'persistentVolumeClaim': toJson_PersistentVolumeClaimVolumeSource(obj.persistentVolumeClaim), + 'photonPersistentDisk': toJson_PhotonPersistentDiskVolumeSource(obj.photonPersistentDisk), + 'portworxVolume': toJson_PortworxVolumeSource(obj.portworxVolume), + 'projected': toJson_ProjectedVolumeSource(obj.projected), + 'quobyte': toJson_QuobyteVolumeSource(obj.quobyte), + 'rbd': toJson_RbdVolumeSource(obj.rbd), + 'scaleIO': toJson_ScaleIoVolumeSource(obj.scaleIo), + 'secret': toJson_SecretVolumeSource(obj.secret), + 'storageos': toJson_StorageOsVolumeSource(obj.storageos), + 'vsphereVolume': toJson_VsphereVirtualDiskVolumeSource(obj.vsphereVolume), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20288,7 +19717,8 @@ export interface ScopeSelector { * * @schema io.k8s.api.core.v1.ScopeSelector#matchExpressions */ - readonly matchExpressions?: ScopedResourceSelectorRequirement[] + readonly matchExpressions?: ScopedResourceSelectorRequirement[]; + } /** @@ -20296,14 +19726,12 @@ export interface ScopeSelector { */ /* eslint-disable max-len, quote-props */ export function toJson_ScopeSelector(obj: ScopeSelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - matchExpressions: obj.matchExpressions?.map((y) => toJson_ScopedResourceSelectorRequirement(y)) - } + 'matchExpressions': obj.matchExpressions?.map(y => toJson_ScopedResourceSelectorRequirement(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20318,28 +19746,28 @@ export interface ServicePort { * * @schema io.k8s.api.core.v1.ServicePort#appProtocol */ - readonly appProtocol?: string + readonly appProtocol?: string; /** * The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service. * * @schema io.k8s.api.core.v1.ServicePort#name */ - readonly name?: string + readonly name?: string; /** * The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport * * @schema io.k8s.api.core.v1.ServicePort#nodePort */ - readonly nodePort?: number + readonly nodePort?: number; /** * The port that will be exposed by this service. * * @schema io.k8s.api.core.v1.ServicePort#port */ - readonly port: number + readonly port: number; /** * The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. @@ -20349,14 +19777,15 @@ export interface ServicePort { * @default TCP. * @schema io.k8s.api.core.v1.ServicePort#protocol */ - readonly protocol?: string + readonly protocol?: string; /** * Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service * * @schema io.k8s.api.core.v1.ServicePort#targetPort */ - readonly targetPort?: IntOrString + readonly targetPort?: IntOrString; + } /** @@ -20364,19 +19793,17 @@ export interface ServicePort { */ /* eslint-disable max-len, quote-props */ export function toJson_ServicePort(obj: ServicePort | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - appProtocol: obj.appProtocol, - name: obj.name, - nodePort: obj.nodePort, - port: obj.port, - protocol: obj.protocol, - targetPort: obj.targetPort?.value - } + 'appProtocol': obj.appProtocol, + 'name': obj.name, + 'nodePort': obj.nodePort, + 'port': obj.port, + 'protocol': obj.protocol, + 'targetPort': obj.targetPort?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20391,7 +19818,8 @@ export interface SessionAffinityConfig { * * @schema io.k8s.api.core.v1.SessionAffinityConfig#clientIP */ - readonly clientIp?: ClientIpConfig + readonly clientIp?: ClientIpConfig; + } /** @@ -20399,14 +19827,12 @@ export interface SessionAffinityConfig { */ /* eslint-disable max-len, quote-props */ export function toJson_SessionAffinityConfig(obj: SessionAffinityConfig | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - clientIP: toJson_ClientIpConfig(obj.clientIp) - } + 'clientIP': toJson_ClientIpConfig(obj.clientIp), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20421,21 +19847,22 @@ export interface EndpointConditions { * * @schema io.k8s.api.discovery.v1.EndpointConditions#ready */ - readonly ready?: boolean + readonly ready?: boolean; /** * serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. This field can be enabled with the EndpointSliceTerminatingCondition feature gate. * * @schema io.k8s.api.discovery.v1.EndpointConditions#serving */ - readonly serving?: boolean + readonly serving?: boolean; /** * terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. This field can be enabled with the EndpointSliceTerminatingCondition feature gate. * * @schema io.k8s.api.discovery.v1.EndpointConditions#terminating */ - readonly terminating?: boolean + readonly terminating?: boolean; + } /** @@ -20443,16 +19870,14 @@ export interface EndpointConditions { */ /* eslint-disable max-len, quote-props */ export function toJson_EndpointConditions(obj: EndpointConditions | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - ready: obj.ready, - serving: obj.serving, - terminating: obj.terminating - } + 'ready': obj.ready, + 'serving': obj.serving, + 'terminating': obj.terminating, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20467,7 +19892,8 @@ export interface EndpointHints { * * @schema io.k8s.api.discovery.v1.EndpointHints#forZones */ - readonly forZones?: ForZone[] + readonly forZones?: ForZone[]; + } /** @@ -20475,14 +19901,12 @@ export interface EndpointHints { */ /* eslint-disable max-len, quote-props */ export function toJson_EndpointHints(obj: EndpointHints | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - forZones: obj.forZones?.map((y) => toJson_ForZone(y)) - } + 'forZones': obj.forZones?.map(y => toJson_ForZone(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20497,24 +19921,21 @@ export interface FlowDistinguisherMethodV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.FlowDistinguisherMethod#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'FlowDistinguisherMethodV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_FlowDistinguisherMethodV1Beta1( - obj: FlowDistinguisherMethodV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_FlowDistinguisherMethodV1Beta1(obj: FlowDistinguisherMethodV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - type: obj.type - } + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20529,24 +19950,21 @@ export interface PriorityLevelConfigurationReferenceV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'PriorityLevelConfigurationReferenceV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PriorityLevelConfigurationReferenceV1Beta1( - obj: PriorityLevelConfigurationReferenceV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PriorityLevelConfigurationReferenceV1Beta1(obj: PriorityLevelConfigurationReferenceV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20561,40 +19979,37 @@ export interface PolicyRulesWithSubjectsV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.PolicyRulesWithSubjects#nonResourceRules */ - readonly nonResourceRules?: NonResourcePolicyRuleV1Beta1[] + readonly nonResourceRules?: NonResourcePolicyRuleV1Beta1[]; /** * `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty. * * @schema io.k8s.api.flowcontrol.v1beta1.PolicyRulesWithSubjects#resourceRules */ - readonly resourceRules?: ResourcePolicyRuleV1Beta1[] + readonly resourceRules?: ResourcePolicyRuleV1Beta1[]; /** * subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.PolicyRulesWithSubjects#subjects */ - readonly subjects: SubjectV1Beta1[] + readonly subjects: SubjectV1Beta1[]; + } /** * Converts an object of type 'PolicyRulesWithSubjectsV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PolicyRulesWithSubjectsV1Beta1( - obj: PolicyRulesWithSubjectsV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PolicyRulesWithSubjectsV1Beta1(obj: PolicyRulesWithSubjectsV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - nonResourceRules: obj.nonResourceRules?.map((y) => toJson_NonResourcePolicyRuleV1Beta1(y)), - resourceRules: obj.resourceRules?.map((y) => toJson_ResourcePolicyRuleV1Beta1(y)), - subjects: obj.subjects?.map((y) => toJson_SubjectV1Beta1(y)) - } + 'nonResourceRules': obj.nonResourceRules?.map(y => toJson_NonResourcePolicyRuleV1Beta1(y)), + 'resourceRules': obj.resourceRules?.map(y => toJson_ResourcePolicyRuleV1Beta1(y)), + 'subjects': obj.subjects?.map(y => toJson_SubjectV1Beta1(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20615,32 +20030,29 @@ export interface LimitedPriorityLevelConfigurationV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.LimitedPriorityLevelConfiguration#assuredConcurrencyShares */ - readonly assuredConcurrencyShares?: number + readonly assuredConcurrencyShares?: number; /** * `limitResponse` indicates what to do with requests that can not be executed right now * * @schema io.k8s.api.flowcontrol.v1beta1.LimitedPriorityLevelConfiguration#limitResponse */ - readonly limitResponse?: LimitResponseV1Beta1 + readonly limitResponse?: LimitResponseV1Beta1; + } /** * Converts an object of type 'LimitedPriorityLevelConfigurationV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_LimitedPriorityLevelConfigurationV1Beta1( - obj: LimitedPriorityLevelConfigurationV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_LimitedPriorityLevelConfigurationV1Beta1(obj: LimitedPriorityLevelConfigurationV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - assuredConcurrencyShares: obj.assuredConcurrencyShares, - limitResponse: toJson_LimitResponseV1Beta1(obj.limitResponse) - } + 'assuredConcurrencyShares': obj.assuredConcurrencyShares, + 'limitResponse': toJson_LimitResponseV1Beta1(obj.limitResponse), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20655,24 +20067,21 @@ export interface FlowDistinguisherMethodV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.FlowDistinguisherMethod#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'FlowDistinguisherMethodV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_FlowDistinguisherMethodV1Beta2( - obj: FlowDistinguisherMethodV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_FlowDistinguisherMethodV1Beta2(obj: FlowDistinguisherMethodV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - type: obj.type - } + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20687,24 +20096,21 @@ export interface PriorityLevelConfigurationReferenceV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationReference#name */ - readonly name: string + readonly name: string; + } /** * Converts an object of type 'PriorityLevelConfigurationReferenceV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PriorityLevelConfigurationReferenceV1Beta2( - obj: PriorityLevelConfigurationReferenceV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PriorityLevelConfigurationReferenceV1Beta2(obj: PriorityLevelConfigurationReferenceV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20719,40 +20125,37 @@ export interface PolicyRulesWithSubjectsV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.PolicyRulesWithSubjects#nonResourceRules */ - readonly nonResourceRules?: NonResourcePolicyRuleV1Beta2[] + readonly nonResourceRules?: NonResourcePolicyRuleV1Beta2[]; /** * `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty. * * @schema io.k8s.api.flowcontrol.v1beta2.PolicyRulesWithSubjects#resourceRules */ - readonly resourceRules?: ResourcePolicyRuleV1Beta2[] + readonly resourceRules?: ResourcePolicyRuleV1Beta2[]; /** * subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.PolicyRulesWithSubjects#subjects */ - readonly subjects: SubjectV1Beta2[] + readonly subjects: SubjectV1Beta2[]; + } /** * Converts an object of type 'PolicyRulesWithSubjectsV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PolicyRulesWithSubjectsV1Beta2( - obj: PolicyRulesWithSubjectsV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PolicyRulesWithSubjectsV1Beta2(obj: PolicyRulesWithSubjectsV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - nonResourceRules: obj.nonResourceRules?.map((y) => toJson_NonResourcePolicyRuleV1Beta2(y)), - resourceRules: obj.resourceRules?.map((y) => toJson_ResourcePolicyRuleV1Beta2(y)), - subjects: obj.subjects?.map((y) => toJson_SubjectV1Beta2(y)) - } + 'nonResourceRules': obj.nonResourceRules?.map(y => toJson_NonResourcePolicyRuleV1Beta2(y)), + 'resourceRules': obj.resourceRules?.map(y => toJson_ResourcePolicyRuleV1Beta2(y)), + 'subjects': obj.subjects?.map(y => toJson_SubjectV1Beta2(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20773,32 +20176,29 @@ export interface LimitedPriorityLevelConfigurationV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.LimitedPriorityLevelConfiguration#assuredConcurrencyShares */ - readonly assuredConcurrencyShares?: number + readonly assuredConcurrencyShares?: number; /** * `limitResponse` indicates what to do with requests that can not be executed right now * * @schema io.k8s.api.flowcontrol.v1beta2.LimitedPriorityLevelConfiguration#limitResponse */ - readonly limitResponse?: LimitResponseV1Beta2 + readonly limitResponse?: LimitResponseV1Beta2; + } /** * Converts an object of type 'LimitedPriorityLevelConfigurationV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_LimitedPriorityLevelConfigurationV1Beta2( - obj: LimitedPriorityLevelConfigurationV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_LimitedPriorityLevelConfigurationV1Beta2(obj: LimitedPriorityLevelConfigurationV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - assuredConcurrencyShares: obj.assuredConcurrencyShares, - limitResponse: toJson_LimitResponseV1Beta2(obj.limitResponse) - } + 'assuredConcurrencyShares': obj.assuredConcurrencyShares, + 'limitResponse': toJson_LimitResponseV1Beta2(obj.limitResponse), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20813,14 +20213,15 @@ export interface IngressBackend { * * @schema io.k8s.api.networking.v1.IngressBackend#resource */ - readonly resource?: TypedLocalObjectReference + readonly resource?: TypedLocalObjectReference; /** * Service references a Service as a Backend. This is a mutually exclusive setting with "Resource". * * @schema io.k8s.api.networking.v1.IngressBackend#service */ - readonly service?: IngressServiceBackend + readonly service?: IngressServiceBackend; + } /** @@ -20828,15 +20229,13 @@ export interface IngressBackend { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressBackend(obj: IngressBackend | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - resource: toJson_TypedLocalObjectReference(obj.resource), - service: toJson_IngressServiceBackend(obj.service) - } + 'resource': toJson_TypedLocalObjectReference(obj.resource), + 'service': toJson_IngressServiceBackend(obj.service), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20858,12 +20257,13 @@ export interface IngressRule { * * @schema io.k8s.api.networking.v1.IngressRule#host */ - readonly host?: string + readonly host?: string; /** * @schema io.k8s.api.networking.v1.IngressRule#http */ - readonly http?: HttpIngressRuleValue + readonly http?: HttpIngressRuleValue; + } /** @@ -20871,15 +20271,13 @@ export interface IngressRule { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressRule(obj: IngressRule | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - host: obj.host, - http: toJson_HttpIngressRuleValue(obj.http) - } + 'host': obj.host, + 'http': toJson_HttpIngressRuleValue(obj.http), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20895,14 +20293,15 @@ export interface IngressTls { * @default the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. * @schema io.k8s.api.networking.v1.IngressTLS#hosts */ - readonly hosts?: string[] + readonly hosts?: string[]; /** * SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. * * @schema io.k8s.api.networking.v1.IngressTLS#secretName */ - readonly secretName?: string + readonly secretName?: string; + } /** @@ -20910,15 +20309,13 @@ export interface IngressTls { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressTls(obj: IngressTls | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - hosts: obj.hosts?.map((y) => y), - secretName: obj.secretName - } + 'hosts': obj.hosts?.map(y => y), + 'secretName': obj.secretName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20933,56 +20330,53 @@ export interface IngressClassParametersReference { * * @schema io.k8s.api.networking.v1.IngressClassParametersReference#apiGroup */ - readonly apiGroup?: string + readonly apiGroup?: string; /** * Kind is the type of resource being referenced. * * @schema io.k8s.api.networking.v1.IngressClassParametersReference#kind */ - readonly kind: string + readonly kind: string; /** * Name is the name of resource being referenced. * * @schema io.k8s.api.networking.v1.IngressClassParametersReference#name */ - readonly name: string + readonly name: string; /** * Namespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster". * * @schema io.k8s.api.networking.v1.IngressClassParametersReference#namespace */ - readonly namespace?: string + readonly namespace?: string; /** * Scope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace". * * @schema io.k8s.api.networking.v1.IngressClassParametersReference#scope */ - readonly scope?: string + readonly scope?: string; + } /** * Converts an object of type 'IngressClassParametersReference' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_IngressClassParametersReference( - obj: IngressClassParametersReference | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_IngressClassParametersReference(obj: IngressClassParametersReference | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiGroup: obj.apiGroup, - kind: obj.kind, - name: obj.name, - namespace: obj.namespace, - scope: obj.scope - } + 'apiGroup': obj.apiGroup, + 'kind': obj.kind, + 'name': obj.name, + 'namespace': obj.namespace, + 'scope': obj.scope, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -20997,32 +20391,29 @@ export interface NetworkPolicyEgressRule { * * @schema io.k8s.api.networking.v1.NetworkPolicyEgressRule#ports */ - readonly ports?: NetworkPolicyPort[] + readonly ports?: NetworkPolicyPort[]; /** * List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list. * * @schema io.k8s.api.networking.v1.NetworkPolicyEgressRule#to */ - readonly to?: NetworkPolicyPeer[] + readonly to?: NetworkPolicyPeer[]; + } /** * Converts an object of type 'NetworkPolicyEgressRule' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_NetworkPolicyEgressRule( - obj: NetworkPolicyEgressRule | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_NetworkPolicyEgressRule(obj: NetworkPolicyEgressRule | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - ports: obj.ports?.map((y) => toJson_NetworkPolicyPort(y)), - to: obj.to?.map((y) => toJson_NetworkPolicyPeer(y)) - } + 'ports': obj.ports?.map(y => toJson_NetworkPolicyPort(y)), + 'to': obj.to?.map(y => toJson_NetworkPolicyPeer(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21037,32 +20428,29 @@ export interface NetworkPolicyIngressRule { * * @schema io.k8s.api.networking.v1.NetworkPolicyIngressRule#from */ - readonly from?: NetworkPolicyPeer[] + readonly from?: NetworkPolicyPeer[]; /** * List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. * * @schema io.k8s.api.networking.v1.NetworkPolicyIngressRule#ports */ - readonly ports?: NetworkPolicyPort[] + readonly ports?: NetworkPolicyPort[]; + } /** * Converts an object of type 'NetworkPolicyIngressRule' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_NetworkPolicyIngressRule( - obj: NetworkPolicyIngressRule | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_NetworkPolicyIngressRule(obj: NetworkPolicyIngressRule | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - from: obj.from?.map((y) => toJson_NetworkPolicyPeer(y)), - ports: obj.ports?.map((y) => toJson_NetworkPolicyPort(y)) - } + 'from': obj.from?.map(y => toJson_NetworkPolicyPeer(y)), + 'ports': obj.ports?.map(y => toJson_NetworkPolicyPort(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21077,7 +20465,8 @@ export interface NodeSelector { * * @schema io.k8s.api.core.v1.NodeSelector#nodeSelectorTerms */ - readonly nodeSelectorTerms: NodeSelectorTerm[] + readonly nodeSelectorTerms: NodeSelectorTerm[]; + } /** @@ -21085,14 +20474,12 @@ export interface NodeSelector { */ /* eslint-disable max-len, quote-props */ export function toJson_NodeSelector(obj: NodeSelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - nodeSelectorTerms: obj.nodeSelectorTerms?.map((y) => toJson_NodeSelectorTerm(y)) - } + 'nodeSelectorTerms': obj.nodeSelectorTerms?.map(y => toJson_NodeSelectorTerm(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21103,7 +20490,7 @@ export function toJson_NodeSelector(obj: NodeSelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - resourceVersion: obj.resourceVersion, - uid: obj.uid - } + 'resourceVersion': obj.resourceVersion, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21149,12 +20535,13 @@ export function toJson_Preconditions(obj: Preconditions | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - audience: obj.audience, - expirationSeconds: obj.expirationSeconds - } + 'audience': obj.audience, + 'expirationSeconds': obj.expirationSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21206,28 +20592,29 @@ export interface CsiNodeDriver { * * @schema io.k8s.api.storage.v1.CSINodeDriver#allocatable */ - readonly allocatable?: VolumeNodeResources + readonly allocatable?: VolumeNodeResources; /** * This is the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver. * * @schema io.k8s.api.storage.v1.CSINodeDriver#name */ - readonly name: string + readonly name: string; /** * nodeID of the node from the driver point of view. This field enables Kubernetes to communicate with storage systems that do not share the same nomenclature for nodes. For example, Kubernetes may refer to a given node as "node1", but the storage system may refer to the same node as "nodeA". When Kubernetes issues a command to the storage system to attach a volume to a specific node, it can use this field to refer to the node name using the ID that the storage system will understand, e.g. "nodeA" instead of "node1". This field is required. * * @schema io.k8s.api.storage.v1.CSINodeDriver#nodeID */ - readonly nodeId: string + readonly nodeId: string; /** * topologyKeys is the list of keys supported by the driver. When a driver is initialized on a cluster, it provides a set of topology keys that it understands (e.g. "company.com/zone", "company.com/region"). When a driver is initialized on a node, it provides the same topology keys along with values. Kubelet will expose these topology keys as labels on its own node object. When Kubernetes does topology aware provisioning, it can use this list to determine which labels it should retrieve from the node object and pass back to the driver. It is possible for different nodes to use different topology keys. This can be empty if driver does not support topology. * * @schema io.k8s.api.storage.v1.CSINodeDriver#topologyKeys */ - readonly topologyKeys?: string[] + readonly topologyKeys?: string[]; + } /** @@ -21235,17 +20622,15 @@ export interface CsiNodeDriver { */ /* eslint-disable max-len, quote-props */ export function toJson_CsiNodeDriver(obj: CsiNodeDriver | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - allocatable: toJson_VolumeNodeResources(obj.allocatable), - name: obj.name, - nodeID: obj.nodeId, - topologyKeys: obj.topologyKeys?.map((y) => y) - } + 'allocatable': toJson_VolumeNodeResources(obj.allocatable), + 'name': obj.name, + 'nodeID': obj.nodeId, + 'topologyKeys': obj.topologyKeys?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21260,40 +20645,37 @@ export interface LabelSelectorRequirement { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement#key */ - readonly key: string + readonly key: string; /** * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement#operator */ - readonly operator: string + readonly operator: string; /** * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement#values */ - readonly values?: string[] + readonly values?: string[]; + } /** * Converts an object of type 'LabelSelectorRequirement' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_LabelSelectorRequirement( - obj: LabelSelectorRequirement | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_LabelSelectorRequirement(obj: LabelSelectorRequirement | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - operator: obj.operator, - values: obj.values?.map((y) => y) - } + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21308,32 +20690,29 @@ export interface TopologySelectorLabelRequirement { * * @schema io.k8s.api.core.v1.TopologySelectorLabelRequirement#key */ - readonly key: string + readonly key: string; /** * An array of string values. One value must match the label to be selected. Each entry in Values is ORed. * * @schema io.k8s.api.core.v1.TopologySelectorLabelRequirement#values */ - readonly values: string[] + readonly values: string[]; + } /** * Converts an object of type 'TopologySelectorLabelRequirement' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_TopologySelectorLabelRequirement( - obj: TopologySelectorLabelRequirement | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_TopologySelectorLabelRequirement(obj: TopologySelectorLabelRequirement | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - values: obj.values?.map((y) => y) - } + 'key': obj.key, + 'values': obj.values?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21348,32 +20727,29 @@ export interface VolumeAttachmentSource { * * @schema io.k8s.api.storage.v1.VolumeAttachmentSource#inlineVolumeSpec */ - readonly inlineVolumeSpec?: PersistentVolumeSpec + readonly inlineVolumeSpec?: PersistentVolumeSpec; /** * Name of the persistent volume to attach. * * @schema io.k8s.api.storage.v1.VolumeAttachmentSource#persistentVolumeName */ - readonly persistentVolumeName?: string + readonly persistentVolumeName?: string; + } /** * Converts an object of type 'VolumeAttachmentSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_VolumeAttachmentSource( - obj: VolumeAttachmentSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_VolumeAttachmentSource(obj: VolumeAttachmentSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - inlineVolumeSpec: toJson_PersistentVolumeSpec(obj.inlineVolumeSpec), - persistentVolumeName: obj.persistentVolumeName - } + 'inlineVolumeSpec': toJson_PersistentVolumeSpec(obj.inlineVolumeSpec), + 'persistentVolumeName': obj.persistentVolumeName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21389,32 +20765,29 @@ export interface CustomResourceConversion { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion#strategy */ - readonly strategy: string + readonly strategy: string; /** * webhook describes how to call the conversion webhook. Required when `strategy` is set to `Webhook`. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceConversion#webhook */ - readonly webhook?: WebhookConversion + readonly webhook?: WebhookConversion; + } /** * Converts an object of type 'CustomResourceConversion' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceConversion( - obj: CustomResourceConversion | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceConversion(obj: CustomResourceConversion | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - strategy: obj.strategy, - webhook: toJson_WebhookConversion(obj.webhook) - } + 'strategy': obj.strategy, + 'webhook': toJson_WebhookConversion(obj.webhook), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21429,14 +20802,14 @@ export interface CustomResourceDefinitionNames { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#categories */ - readonly categories?: string[] + readonly categories?: string[]; /** * kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#kind */ - readonly kind: string + readonly kind: string; /** * listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". @@ -21444,21 +20817,21 @@ export interface CustomResourceDefinitionNames { * @default kind`List". * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#listKind */ - readonly listKind?: string + readonly listKind?: string; /** * plural is the plural name of the resource to serve. The custom resources are served under `/apis///.../`. Must match the name of the CustomResourceDefinition (in the form `.`). Must be all lowercase. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#plural */ - readonly plural: string + readonly plural: string; /** * shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get `. It must be all lowercase. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#shortNames */ - readonly shortNames?: string[] + readonly shortNames?: string[]; /** * singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. @@ -21466,29 +20839,26 @@ export interface CustomResourceDefinitionNames { * @default lowercased `kind`. * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionNames#singular */ - readonly singular?: string + readonly singular?: string; + } /** * Converts an object of type 'CustomResourceDefinitionNames' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceDefinitionNames( - obj: CustomResourceDefinitionNames | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceDefinitionNames(obj: CustomResourceDefinitionNames | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - categories: obj.categories?.map((y) => y), - kind: obj.kind, - listKind: obj.listKind, - plural: obj.plural, - shortNames: obj.shortNames?.map((y) => y), - singular: obj.singular - } + 'categories': obj.categories?.map(y => y), + 'kind': obj.kind, + 'listKind': obj.listKind, + 'plural': obj.plural, + 'shortNames': obj.shortNames?.map(y => y), + 'singular': obj.singular, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21503,7 +20873,7 @@ export interface CustomResourceDefinitionVersion { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#additionalPrinterColumns */ - readonly additionalPrinterColumns?: CustomResourceColumnDefinition[] + readonly additionalPrinterColumns?: CustomResourceColumnDefinition[]; /** * deprecated indicates this version of the custom resource API is deprecated. When set to true, API requests to this version receive a warning header in the server response. Defaults to false. @@ -21511,73 +20881,70 @@ export interface CustomResourceDefinitionVersion { * @default false. * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#deprecated */ - readonly deprecated?: boolean + readonly deprecated?: boolean; /** * deprecationWarning overrides the default warning returned to API clients. May only be set when `deprecated` is true. The default warning indicates this version is deprecated and recommends use of the newest served version of equal or greater stability, if one exists. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#deprecationWarning */ - readonly deprecationWarning?: string + readonly deprecationWarning?: string; /** * name is the version name, e.g. “v1”, “v2beta1”, etc. The custom resources are served under this version at `/apis///...` if `served` is true. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#name */ - readonly name: string + readonly name: string; /** * schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#schema */ - readonly schema?: CustomResourceValidation + readonly schema?: CustomResourceValidation; /** * served is a flag enabling/disabling this version from being served via REST APIs * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#served */ - readonly served: boolean + readonly served: boolean; /** * storage indicates this version should be used when persisting custom resources to storage. There must be exactly one version with storage=true. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#storage */ - readonly storage: boolean + readonly storage: boolean; /** * subresources specify what subresources this version of the defined custom resource have. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionVersion#subresources */ - readonly subresources?: CustomResourceSubresources + readonly subresources?: CustomResourceSubresources; + } /** * Converts an object of type 'CustomResourceDefinitionVersion' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceDefinitionVersion( - obj: CustomResourceDefinitionVersion | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceDefinitionVersion(obj: CustomResourceDefinitionVersion | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - additionalPrinterColumns: obj.additionalPrinterColumns?.map((y) => toJson_CustomResourceColumnDefinition(y)), - deprecated: obj.deprecated, - deprecationWarning: obj.deprecationWarning, - name: obj.name, - schema: toJson_CustomResourceValidation(obj.schema), - served: obj.served, - storage: obj.storage, - subresources: toJson_CustomResourceSubresources(obj.subresources) - } + 'additionalPrinterColumns': obj.additionalPrinterColumns?.map(y => toJson_CustomResourceColumnDefinition(y)), + 'deprecated': obj.deprecated, + 'deprecationWarning': obj.deprecationWarning, + 'name': obj.name, + 'schema': toJson_CustomResourceValidation(obj.schema), + 'served': obj.served, + 'storage': obj.storage, + 'subresources': toJson_CustomResourceSubresources(obj.subresources), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21596,21 +20963,22 @@ export interface StatusCause { * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause#field */ - readonly field?: string + readonly field?: string; /** * A human-readable description of the cause of the error. This field may be presented as-is to a reader. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause#message */ - readonly message?: string + readonly message?: string; /** * A machine-readable description of the cause of the error. If this value is empty there is no information available. * * @schema io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause#reason */ - readonly reason?: string + readonly reason?: string; + } /** @@ -21618,16 +20986,14 @@ export interface StatusCause { */ /* eslint-disable max-len, quote-props */ export function toJson_StatusCause(obj: StatusCause | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - field: obj.field, - message: obj.message, - reason: obj.reason - } + 'field': obj.field, + 'message': obj.message, + 'reason': obj.reason, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21642,21 +21008,21 @@ export interface ServiceReference { * * @schema io.k8s.api.admissionregistration.v1.ServiceReference#name */ - readonly name: string + readonly name: string; /** * `namespace` is the namespace of the service. Required * * @schema io.k8s.api.admissionregistration.v1.ServiceReference#namespace */ - readonly namespace: string + readonly namespace: string; /** * `path` is an optional URL path which will be sent in any request to this service. * * @schema io.k8s.api.admissionregistration.v1.ServiceReference#path */ - readonly path?: string + readonly path?: string; /** * If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive). @@ -21664,7 +21030,8 @@ export interface ServiceReference { * @default 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive). * @schema io.k8s.api.admissionregistration.v1.ServiceReference#port */ - readonly port?: number + readonly port?: number; + } /** @@ -21672,17 +21039,15 @@ export interface ServiceReference { */ /* eslint-disable max-len, quote-props */ export function toJson_ServiceReference(obj: ServiceReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - namespace: obj.namespace, - path: obj.path, - port: obj.port - } + 'name': obj.name, + 'namespace': obj.namespace, + 'path': obj.path, + 'port': obj.port, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21697,32 +21062,29 @@ export interface RollingUpdateDaemonSet { * * @schema io.k8s.api.apps.v1.RollingUpdateDaemonSet#maxSurge */ - readonly maxSurge?: IntOrString + readonly maxSurge?: IntOrString; /** * The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update. * * @schema io.k8s.api.apps.v1.RollingUpdateDaemonSet#maxUnavailable */ - readonly maxUnavailable?: IntOrString + readonly maxUnavailable?: IntOrString; + } /** * Converts an object of type 'RollingUpdateDaemonSet' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_RollingUpdateDaemonSet( - obj: RollingUpdateDaemonSet | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_RollingUpdateDaemonSet(obj: RollingUpdateDaemonSet | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - maxSurge: obj.maxSurge?.value, - maxUnavailable: obj.maxUnavailable?.value - } + 'maxSurge': obj.maxSurge?.value, + 'maxUnavailable': obj.maxUnavailable?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21738,7 +21100,7 @@ export interface RollingUpdateDeployment { * @default 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods. * @schema io.k8s.api.apps.v1.RollingUpdateDeployment#maxSurge */ - readonly maxSurge?: IntOrString + readonly maxSurge?: IntOrString; /** * The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods. @@ -21746,25 +21108,22 @@ export interface RollingUpdateDeployment { * @default 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods. * @schema io.k8s.api.apps.v1.RollingUpdateDeployment#maxUnavailable */ - readonly maxUnavailable?: IntOrString + readonly maxUnavailable?: IntOrString; + } /** * Converts an object of type 'RollingUpdateDeployment' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_RollingUpdateDeployment( - obj: RollingUpdateDeployment | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_RollingUpdateDeployment(obj: RollingUpdateDeployment | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - maxSurge: obj.maxSurge?.value, - maxUnavailable: obj.maxUnavailable?.value - } + 'maxSurge': obj.maxSurge?.value, + 'maxUnavailable': obj.maxUnavailable?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21780,32 +21139,29 @@ export interface RollingUpdateStatefulSetStrategy { * @default 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable. * @schema io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy#maxUnavailable */ - readonly maxUnavailable?: IntOrString + readonly maxUnavailable?: IntOrString; /** * Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0. * * @schema io.k8s.api.apps.v1.RollingUpdateStatefulSetStrategy#partition */ - readonly partition?: number + readonly partition?: number; + } /** * Converts an object of type 'RollingUpdateStatefulSetStrategy' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_RollingUpdateStatefulSetStrategy( - obj: RollingUpdateStatefulSetStrategy | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_RollingUpdateStatefulSetStrategy(obj: RollingUpdateStatefulSetStrategy | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - maxUnavailable: obj.maxUnavailable?.value, - partition: obj.partition - } + 'maxUnavailable': obj.maxUnavailable?.value, + 'partition': obj.partition, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21820,21 +21176,22 @@ export interface HpaScalingRulesV2 { * * @schema io.k8s.api.autoscaling.v2.HPAScalingRules#policies */ - readonly policies?: HpaScalingPolicyV2[] + readonly policies?: HpaScalingPolicyV2[]; /** * selectPolicy is used to specify which policy should be used. If not set, the default value Max is used. * * @schema io.k8s.api.autoscaling.v2.HPAScalingRules#selectPolicy */ - readonly selectPolicy?: string + readonly selectPolicy?: string; /** * StabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long). * * @schema io.k8s.api.autoscaling.v2.HPAScalingRules#stabilizationWindowSeconds */ - readonly stabilizationWindowSeconds?: number + readonly stabilizationWindowSeconds?: number; + } /** @@ -21842,16 +21199,14 @@ export interface HpaScalingRulesV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_HpaScalingRulesV2(obj: HpaScalingRulesV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - policies: obj.policies?.map((y) => toJson_HpaScalingPolicyV2(y)), - selectPolicy: obj.selectPolicy, - stabilizationWindowSeconds: obj.stabilizationWindowSeconds - } + 'policies': obj.policies?.map(y => toJson_HpaScalingPolicyV2(y)), + 'selectPolicy': obj.selectPolicy, + 'stabilizationWindowSeconds': obj.stabilizationWindowSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21866,40 +21221,37 @@ export interface ContainerResourceMetricSourceV2 { * * @schema io.k8s.api.autoscaling.v2.ContainerResourceMetricSource#container */ - readonly container: string + readonly container: string; /** * name is the name of the resource in question. * * @schema io.k8s.api.autoscaling.v2.ContainerResourceMetricSource#name */ - readonly name: string + readonly name: string; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2.ContainerResourceMetricSource#target */ - readonly target: MetricTargetV2 + readonly target: MetricTargetV2; + } /** * Converts an object of type 'ContainerResourceMetricSourceV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ContainerResourceMetricSourceV2( - obj: ContainerResourceMetricSourceV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ContainerResourceMetricSourceV2(obj: ContainerResourceMetricSourceV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - container: obj.container, - name: obj.name, - target: toJson_MetricTargetV2(obj.target) - } + 'container': obj.container, + 'name': obj.name, + 'target': toJson_MetricTargetV2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21914,32 +21266,29 @@ export interface ExternalMetricSourceV2 { * * @schema io.k8s.api.autoscaling.v2.ExternalMetricSource#metric */ - readonly metric: MetricIdentifierV2 + readonly metric: MetricIdentifierV2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2.ExternalMetricSource#target */ - readonly target: MetricTargetV2 + readonly target: MetricTargetV2; + } /** * Converts an object of type 'ExternalMetricSourceV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ExternalMetricSourceV2( - obj: ExternalMetricSourceV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ExternalMetricSourceV2(obj: ExternalMetricSourceV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metric: toJson_MetricIdentifierV2(obj.metric), - target: toJson_MetricTargetV2(obj.target) - } + 'metric': toJson_MetricIdentifierV2(obj.metric), + 'target': toJson_MetricTargetV2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -21954,21 +21303,22 @@ export interface ObjectMetricSourceV2 { * * @schema io.k8s.api.autoscaling.v2.ObjectMetricSource#describedObject */ - readonly describedObject: CrossVersionObjectReferenceV2 + readonly describedObject: CrossVersionObjectReferenceV2; /** * metric identifies the target metric by name and selector * * @schema io.k8s.api.autoscaling.v2.ObjectMetricSource#metric */ - readonly metric: MetricIdentifierV2 + readonly metric: MetricIdentifierV2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2.ObjectMetricSource#target */ - readonly target: MetricTargetV2 + readonly target: MetricTargetV2; + } /** @@ -21976,16 +21326,14 @@ export interface ObjectMetricSourceV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_ObjectMetricSourceV2(obj: ObjectMetricSourceV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - describedObject: toJson_CrossVersionObjectReferenceV2(obj.describedObject), - metric: toJson_MetricIdentifierV2(obj.metric), - target: toJson_MetricTargetV2(obj.target) - } + 'describedObject': toJson_CrossVersionObjectReferenceV2(obj.describedObject), + 'metric': toJson_MetricIdentifierV2(obj.metric), + 'target': toJson_MetricTargetV2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22000,14 +21348,15 @@ export interface PodsMetricSourceV2 { * * @schema io.k8s.api.autoscaling.v2.PodsMetricSource#metric */ - readonly metric: MetricIdentifierV2 + readonly metric: MetricIdentifierV2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2.PodsMetricSource#target */ - readonly target: MetricTargetV2 + readonly target: MetricTargetV2; + } /** @@ -22015,15 +21364,13 @@ export interface PodsMetricSourceV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_PodsMetricSourceV2(obj: PodsMetricSourceV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - metric: toJson_MetricIdentifierV2(obj.metric), - target: toJson_MetricTargetV2(obj.target) - } + 'metric': toJson_MetricIdentifierV2(obj.metric), + 'target': toJson_MetricTargetV2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22038,32 +21385,29 @@ export interface ResourceMetricSourceV2 { * * @schema io.k8s.api.autoscaling.v2.ResourceMetricSource#name */ - readonly name: string + readonly name: string; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2.ResourceMetricSource#target */ - readonly target: MetricTargetV2 + readonly target: MetricTargetV2; + } /** * Converts an object of type 'ResourceMetricSourceV2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ResourceMetricSourceV2( - obj: ResourceMetricSourceV2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ResourceMetricSourceV2(obj: ResourceMetricSourceV2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - target: toJson_MetricTargetV2(obj.target) - } + 'name': obj.name, + 'target': toJson_MetricTargetV2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22078,40 +21422,37 @@ export interface HpaScalingRulesV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingRules#policies */ - readonly policies?: HpaScalingPolicyV2Beta2[] + readonly policies?: HpaScalingPolicyV2Beta2[]; /** * selectPolicy is used to specify which policy should be used. If not set, the default value MaxPolicySelect is used. * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingRules#selectPolicy */ - readonly selectPolicy?: string + readonly selectPolicy?: string; /** * StabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long). * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingRules#stabilizationWindowSeconds */ - readonly stabilizationWindowSeconds?: number + readonly stabilizationWindowSeconds?: number; + } /** * Converts an object of type 'HpaScalingRulesV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HpaScalingRulesV2Beta2( - obj: HpaScalingRulesV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HpaScalingRulesV2Beta2(obj: HpaScalingRulesV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - policies: obj.policies?.map((y) => toJson_HpaScalingPolicyV2Beta2(y)), - selectPolicy: obj.selectPolicy, - stabilizationWindowSeconds: obj.stabilizationWindowSeconds - } + 'policies': obj.policies?.map(y => toJson_HpaScalingPolicyV2Beta2(y)), + 'selectPolicy': obj.selectPolicy, + 'stabilizationWindowSeconds': obj.stabilizationWindowSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22126,40 +21467,37 @@ export interface ContainerResourceMetricSourceV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.ContainerResourceMetricSource#container */ - readonly container: string + readonly container: string; /** * name is the name of the resource in question. * * @schema io.k8s.api.autoscaling.v2beta2.ContainerResourceMetricSource#name */ - readonly name: string + readonly name: string; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2beta2.ContainerResourceMetricSource#target */ - readonly target: MetricTargetV2Beta2 + readonly target: MetricTargetV2Beta2; + } /** * Converts an object of type 'ContainerResourceMetricSourceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ContainerResourceMetricSourceV2Beta2( - obj: ContainerResourceMetricSourceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ContainerResourceMetricSourceV2Beta2(obj: ContainerResourceMetricSourceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - container: obj.container, - name: obj.name, - target: toJson_MetricTargetV2Beta2(obj.target) - } + 'container': obj.container, + 'name': obj.name, + 'target': toJson_MetricTargetV2Beta2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22174,32 +21512,29 @@ export interface ExternalMetricSourceV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.ExternalMetricSource#metric */ - readonly metric: MetricIdentifierV2Beta2 + readonly metric: MetricIdentifierV2Beta2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2beta2.ExternalMetricSource#target */ - readonly target: MetricTargetV2Beta2 + readonly target: MetricTargetV2Beta2; + } /** * Converts an object of type 'ExternalMetricSourceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ExternalMetricSourceV2Beta2( - obj: ExternalMetricSourceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ExternalMetricSourceV2Beta2(obj: ExternalMetricSourceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metric: toJson_MetricIdentifierV2Beta2(obj.metric), - target: toJson_MetricTargetV2Beta2(obj.target) - } + 'metric': toJson_MetricIdentifierV2Beta2(obj.metric), + 'target': toJson_MetricTargetV2Beta2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22212,40 +21547,37 @@ export interface ObjectMetricSourceV2Beta2 { /** * @schema io.k8s.api.autoscaling.v2beta2.ObjectMetricSource#describedObject */ - readonly describedObject: CrossVersionObjectReferenceV2Beta2 + readonly describedObject: CrossVersionObjectReferenceV2Beta2; /** * metric identifies the target metric by name and selector * * @schema io.k8s.api.autoscaling.v2beta2.ObjectMetricSource#metric */ - readonly metric: MetricIdentifierV2Beta2 + readonly metric: MetricIdentifierV2Beta2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2beta2.ObjectMetricSource#target */ - readonly target: MetricTargetV2Beta2 + readonly target: MetricTargetV2Beta2; + } /** * Converts an object of type 'ObjectMetricSourceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ObjectMetricSourceV2Beta2( - obj: ObjectMetricSourceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ObjectMetricSourceV2Beta2(obj: ObjectMetricSourceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - describedObject: toJson_CrossVersionObjectReferenceV2Beta2(obj.describedObject), - metric: toJson_MetricIdentifierV2Beta2(obj.metric), - target: toJson_MetricTargetV2Beta2(obj.target) - } + 'describedObject': toJson_CrossVersionObjectReferenceV2Beta2(obj.describedObject), + 'metric': toJson_MetricIdentifierV2Beta2(obj.metric), + 'target': toJson_MetricTargetV2Beta2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22260,32 +21592,29 @@ export interface PodsMetricSourceV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.PodsMetricSource#metric */ - readonly metric: MetricIdentifierV2Beta2 + readonly metric: MetricIdentifierV2Beta2; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2beta2.PodsMetricSource#target */ - readonly target: MetricTargetV2Beta2 + readonly target: MetricTargetV2Beta2; + } /** * Converts an object of type 'PodsMetricSourceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PodsMetricSourceV2Beta2( - obj: PodsMetricSourceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PodsMetricSourceV2Beta2(obj: PodsMetricSourceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metric: toJson_MetricIdentifierV2Beta2(obj.metric), - target: toJson_MetricTargetV2Beta2(obj.target) - } + 'metric': toJson_MetricIdentifierV2Beta2(obj.metric), + 'target': toJson_MetricTargetV2Beta2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22300,32 +21629,29 @@ export interface ResourceMetricSourceV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.ResourceMetricSource#name */ - readonly name: string + readonly name: string; /** * target specifies the target value for the given metric * * @schema io.k8s.api.autoscaling.v2beta2.ResourceMetricSource#target */ - readonly target: MetricTargetV2Beta2 + readonly target: MetricTargetV2Beta2; + } /** * Converts an object of type 'ResourceMetricSourceV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ResourceMetricSourceV2Beta2( - obj: ResourceMetricSourceV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ResourceMetricSourceV2Beta2(obj: ResourceMetricSourceV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - target: toJson_MetricTargetV2Beta2(obj.target) - } + 'name': obj.name, + 'target': toJson_MetricTargetV2Beta2(obj.target), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22348,21 +21674,22 @@ export interface PodFailurePolicyRule { * * @schema io.k8s.api.batch.v1.PodFailurePolicyRule#action */ - readonly action: string + readonly action: string; /** * Represents the requirement on the container exit codes. * * @schema io.k8s.api.batch.v1.PodFailurePolicyRule#onExitCodes */ - readonly onExitCodes?: PodFailurePolicyOnExitCodesRequirement + readonly onExitCodes?: PodFailurePolicyOnExitCodesRequirement; /** * Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed. * * @schema io.k8s.api.batch.v1.PodFailurePolicyRule#onPodConditions */ - readonly onPodConditions: PodFailurePolicyOnPodConditionsPattern[] + readonly onPodConditions: PodFailurePolicyOnPodConditionsPattern[]; + } /** @@ -22370,16 +21697,14 @@ export interface PodFailurePolicyRule { */ /* eslint-disable max-len, quote-props */ export function toJson_PodFailurePolicyRule(obj: PodFailurePolicyRule | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - action: obj.action, - onExitCodes: toJson_PodFailurePolicyOnExitCodesRequirement(obj.onExitCodes), - onPodConditions: obj.onPodConditions?.map((y) => toJson_PodFailurePolicyOnPodConditionsPattern(y)) - } + 'action': obj.action, + 'onExitCodes': toJson_PodFailurePolicyOnExitCodesRequirement(obj.onExitCodes), + 'onPodConditions': obj.onPodConditions?.map(y => toJson_PodFailurePolicyOnPodConditionsPattern(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22394,56 +21719,53 @@ export interface ConfigMapNodeConfigSource { * * @schema io.k8s.api.core.v1.ConfigMapNodeConfigSource#kubeletConfigKey */ - readonly kubeletConfigKey: string + readonly kubeletConfigKey: string; /** * Name is the metadata.name of the referenced ConfigMap. This field is required in all cases. * * @schema io.k8s.api.core.v1.ConfigMapNodeConfigSource#name */ - readonly name: string + readonly name: string; /** * Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases. * * @schema io.k8s.api.core.v1.ConfigMapNodeConfigSource#namespace */ - readonly namespace: string + readonly namespace: string; /** * ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status. * * @schema io.k8s.api.core.v1.ConfigMapNodeConfigSource#resourceVersion */ - readonly resourceVersion?: string + readonly resourceVersion?: string; /** * UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status. * * @schema io.k8s.api.core.v1.ConfigMapNodeConfigSource#uid */ - readonly uid?: string + readonly uid?: string; + } /** * Converts an object of type 'ConfigMapNodeConfigSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ConfigMapNodeConfigSource( - obj: ConfigMapNodeConfigSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ConfigMapNodeConfigSource(obj: ConfigMapNodeConfigSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - kubeletConfigKey: obj.kubeletConfigKey, - name: obj.name, - namespace: obj.namespace, - resourceVersion: obj.resourceVersion, - uid: obj.uid - } + 'kubeletConfigKey': obj.kubeletConfigKey, + 'name': obj.name, + 'namespace': obj.namespace, + 'resourceVersion': obj.resourceVersion, + 'uid': obj.uid, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22458,14 +21780,15 @@ export interface SecretReference { * * @schema io.k8s.api.core.v1.SecretReference#name */ - readonly name?: string + readonly name?: string; /** * namespace defines the space within which the secret name must be unique. * * @schema io.k8s.api.core.v1.SecretReference#namespace */ - readonly namespace?: string + readonly namespace?: string; + } /** @@ -22473,15 +21796,13 @@ export interface SecretReference { */ /* eslint-disable max-len, quote-props */ export function toJson_SecretReference(obj: SecretReference | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - namespace: obj.namespace - } + 'name': obj.name, + 'namespace': obj.namespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22496,14 +21817,15 @@ export interface NodeAffinity { * * @schema io.k8s.api.core.v1.NodeAffinity#preferredDuringSchedulingIgnoredDuringExecution */ - readonly preferredDuringSchedulingIgnoredDuringExecution?: PreferredSchedulingTerm[] + readonly preferredDuringSchedulingIgnoredDuringExecution?: PreferredSchedulingTerm[]; /** * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. * * @schema io.k8s.api.core.v1.NodeAffinity#requiredDuringSchedulingIgnoredDuringExecution */ - readonly requiredDuringSchedulingIgnoredDuringExecution?: NodeSelector + readonly requiredDuringSchedulingIgnoredDuringExecution?: NodeSelector; + } /** @@ -22511,19 +21833,13 @@ export interface NodeAffinity { */ /* eslint-disable max-len, quote-props */ export function toJson_NodeAffinity(obj: NodeAffinity | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - preferredDuringSchedulingIgnoredDuringExecution: obj.preferredDuringSchedulingIgnoredDuringExecution?.map((y) => - toJson_PreferredSchedulingTerm(y) - ), - requiredDuringSchedulingIgnoredDuringExecution: toJson_NodeSelector( - obj.requiredDuringSchedulingIgnoredDuringExecution - ) - } + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_PreferredSchedulingTerm(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': toJson_NodeSelector(obj.requiredDuringSchedulingIgnoredDuringExecution), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22538,14 +21854,15 @@ export interface PodAffinity { * * @schema io.k8s.api.core.v1.PodAffinity#preferredDuringSchedulingIgnoredDuringExecution */ - readonly preferredDuringSchedulingIgnoredDuringExecution?: WeightedPodAffinityTerm[] + readonly preferredDuringSchedulingIgnoredDuringExecution?: WeightedPodAffinityTerm[]; /** * If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. * * @schema io.k8s.api.core.v1.PodAffinity#requiredDuringSchedulingIgnoredDuringExecution */ - readonly requiredDuringSchedulingIgnoredDuringExecution?: PodAffinityTerm[] + readonly requiredDuringSchedulingIgnoredDuringExecution?: PodAffinityTerm[]; + } /** @@ -22553,19 +21870,13 @@ export interface PodAffinity { */ /* eslint-disable max-len, quote-props */ export function toJson_PodAffinity(obj: PodAffinity | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - preferredDuringSchedulingIgnoredDuringExecution: obj.preferredDuringSchedulingIgnoredDuringExecution?.map((y) => - toJson_WeightedPodAffinityTerm(y) - ), - requiredDuringSchedulingIgnoredDuringExecution: obj.requiredDuringSchedulingIgnoredDuringExecution?.map((y) => - toJson_PodAffinityTerm(y) - ) - } + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_WeightedPodAffinityTerm(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_PodAffinityTerm(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22580,14 +21891,15 @@ export interface PodAntiAffinity { * * @schema io.k8s.api.core.v1.PodAntiAffinity#preferredDuringSchedulingIgnoredDuringExecution */ - readonly preferredDuringSchedulingIgnoredDuringExecution?: WeightedPodAffinityTerm[] + readonly preferredDuringSchedulingIgnoredDuringExecution?: WeightedPodAffinityTerm[]; /** * If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. * * @schema io.k8s.api.core.v1.PodAntiAffinity#requiredDuringSchedulingIgnoredDuringExecution */ - readonly requiredDuringSchedulingIgnoredDuringExecution?: PodAffinityTerm[] + readonly requiredDuringSchedulingIgnoredDuringExecution?: PodAffinityTerm[]; + } /** @@ -22595,19 +21907,13 @@ export interface PodAntiAffinity { */ /* eslint-disable max-len, quote-props */ export function toJson_PodAntiAffinity(obj: PodAntiAffinity | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - preferredDuringSchedulingIgnoredDuringExecution: obj.preferredDuringSchedulingIgnoredDuringExecution?.map((y) => - toJson_WeightedPodAffinityTerm(y) - ), - requiredDuringSchedulingIgnoredDuringExecution: obj.requiredDuringSchedulingIgnoredDuringExecution?.map((y) => - toJson_PodAffinityTerm(y) - ) - } + 'preferredDuringSchedulingIgnoredDuringExecution': obj.preferredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_WeightedPodAffinityTerm(y)), + 'requiredDuringSchedulingIgnoredDuringExecution': obj.requiredDuringSchedulingIgnoredDuringExecution?.map(y => toJson_PodAffinityTerm(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22622,7 +21928,7 @@ export interface EnvVar { * * @schema io.k8s.api.core.v1.EnvVar#name */ - readonly name: string + readonly name: string; /** * Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". @@ -22630,14 +21936,15 @@ export interface EnvVar { * @default . * @schema io.k8s.api.core.v1.EnvVar#value */ - readonly value?: string + readonly value?: string; /** * Source for the environment variable's value. Cannot be used if value is not empty. * * @schema io.k8s.api.core.v1.EnvVar#valueFrom */ - readonly valueFrom?: EnvVarSource + readonly valueFrom?: EnvVarSource; + } /** @@ -22645,16 +21952,14 @@ export interface EnvVar { */ /* eslint-disable max-len, quote-props */ export function toJson_EnvVar(obj: EnvVar | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - value: obj.value, - valueFrom: toJson_EnvVarSource(obj.valueFrom) - } + 'name': obj.name, + 'value': obj.value, + 'valueFrom': toJson_EnvVarSource(obj.valueFrom), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22669,21 +21974,22 @@ export interface EnvFromSource { * * @schema io.k8s.api.core.v1.EnvFromSource#configMapRef */ - readonly configMapRef?: ConfigMapEnvSource + readonly configMapRef?: ConfigMapEnvSource; /** * An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. * * @schema io.k8s.api.core.v1.EnvFromSource#prefix */ - readonly prefix?: string + readonly prefix?: string; /** * The Secret to select from * * @schema io.k8s.api.core.v1.EnvFromSource#secretRef */ - readonly secretRef?: SecretEnvSource + readonly secretRef?: SecretEnvSource; + } /** @@ -22691,16 +21997,14 @@ export interface EnvFromSource { */ /* eslint-disable max-len, quote-props */ export function toJson_EnvFromSource(obj: EnvFromSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - configMapRef: toJson_ConfigMapEnvSource(obj.configMapRef), - prefix: obj.prefix, - secretRef: toJson_SecretEnvSource(obj.secretRef) - } + 'configMapRef': toJson_ConfigMapEnvSource(obj.configMapRef), + 'prefix': obj.prefix, + 'secretRef': toJson_SecretEnvSource(obj.secretRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22715,14 +22019,15 @@ export interface Lifecycle { * * @schema io.k8s.api.core.v1.Lifecycle#postStart */ - readonly postStart?: LifecycleHandler + readonly postStart?: LifecycleHandler; /** * PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks * * @schema io.k8s.api.core.v1.Lifecycle#preStop */ - readonly preStop?: LifecycleHandler + readonly preStop?: LifecycleHandler; + } /** @@ -22730,15 +22035,13 @@ export interface Lifecycle { */ /* eslint-disable max-len, quote-props */ export function toJson_Lifecycle(obj: Lifecycle | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - postStart: toJson_LifecycleHandler(obj.postStart), - preStop: toJson_LifecycleHandler(obj.preStop) - } + 'postStart': toJson_LifecycleHandler(obj.postStart), + 'preStop': toJson_LifecycleHandler(obj.preStop), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22753,7 +22056,7 @@ export interface Probe { * * @schema io.k8s.api.core.v1.Probe#exec */ - readonly exec?: ExecAction + readonly exec?: ExecAction; /** * Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. @@ -22761,28 +22064,28 @@ export interface Probe { * @default 3. Minimum value is 1. * @schema io.k8s.api.core.v1.Probe#failureThreshold */ - readonly failureThreshold?: number + readonly failureThreshold?: number; /** * GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. * * @schema io.k8s.api.core.v1.Probe#grpc */ - readonly grpc?: GrpcAction + readonly grpc?: GrpcAction; /** * HTTPGet specifies the http request to perform. * * @schema io.k8s.api.core.v1.Probe#httpGet */ - readonly httpGet?: HttpGetAction + readonly httpGet?: HttpGetAction; /** * Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes * * @schema io.k8s.api.core.v1.Probe#initialDelaySeconds */ - readonly initialDelaySeconds?: number + readonly initialDelaySeconds?: number; /** * How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. @@ -22790,7 +22093,7 @@ export interface Probe { * @default 10 seconds. Minimum value is 1. * @schema io.k8s.api.core.v1.Probe#periodSeconds */ - readonly periodSeconds?: number + readonly periodSeconds?: number; /** * Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. @@ -22798,21 +22101,21 @@ export interface Probe { * @default 1. Must be 1 for liveness and startup. Minimum value is 1. * @schema io.k8s.api.core.v1.Probe#successThreshold */ - readonly successThreshold?: number + readonly successThreshold?: number; /** * TCPSocket specifies an action involving a TCP port. * * @schema io.k8s.api.core.v1.Probe#tcpSocket */ - readonly tcpSocket?: TcpSocketAction + readonly tcpSocket?: TcpSocketAction; /** * Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. * * @schema io.k8s.api.core.v1.Probe#terminationGracePeriodSeconds */ - readonly terminationGracePeriodSeconds?: number + readonly terminationGracePeriodSeconds?: number; /** * Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes @@ -22820,7 +22123,8 @@ export interface Probe { * @default 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes * @schema io.k8s.api.core.v1.Probe#timeoutSeconds */ - readonly timeoutSeconds?: number + readonly timeoutSeconds?: number; + } /** @@ -22828,23 +22132,21 @@ export interface Probe { */ /* eslint-disable max-len, quote-props */ export function toJson_Probe(obj: Probe | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - exec: toJson_ExecAction(obj.exec), - failureThreshold: obj.failureThreshold, - grpc: toJson_GrpcAction(obj.grpc), - httpGet: toJson_HttpGetAction(obj.httpGet), - initialDelaySeconds: obj.initialDelaySeconds, - periodSeconds: obj.periodSeconds, - successThreshold: obj.successThreshold, - tcpSocket: toJson_TcpSocketAction(obj.tcpSocket), - terminationGracePeriodSeconds: obj.terminationGracePeriodSeconds, - timeoutSeconds: obj.timeoutSeconds - } + 'exec': toJson_ExecAction(obj.exec), + 'failureThreshold': obj.failureThreshold, + 'grpc': toJson_GrpcAction(obj.grpc), + 'httpGet': toJson_HttpGetAction(obj.httpGet), + 'initialDelaySeconds': obj.initialDelaySeconds, + 'periodSeconds': obj.periodSeconds, + 'successThreshold': obj.successThreshold, + 'tcpSocket': toJson_TcpSocketAction(obj.tcpSocket), + 'terminationGracePeriodSeconds': obj.terminationGracePeriodSeconds, + 'timeoutSeconds': obj.timeoutSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22859,28 +22161,28 @@ export interface ContainerPort { * * @schema io.k8s.api.core.v1.ContainerPort#containerPort */ - readonly containerPort: number + readonly containerPort: number; /** * What host IP to bind the external port to. * * @schema io.k8s.api.core.v1.ContainerPort#hostIP */ - readonly hostIp?: string + readonly hostIp?: string; /** * Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. * * @schema io.k8s.api.core.v1.ContainerPort#hostPort */ - readonly hostPort?: number + readonly hostPort?: number; /** * If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. * * @schema io.k8s.api.core.v1.ContainerPort#name */ - readonly name?: string + readonly name?: string; /** * Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". @@ -22890,7 +22192,8 @@ export interface ContainerPort { * @default TCP". * @schema io.k8s.api.core.v1.ContainerPort#protocol */ - readonly protocol?: string + readonly protocol?: string; + } /** @@ -22898,18 +22201,16 @@ export interface ContainerPort { */ /* eslint-disable max-len, quote-props */ export function toJson_ContainerPort(obj: ContainerPort | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - containerPort: obj.containerPort, - hostIP: obj.hostIp, - hostPort: obj.hostPort, - name: obj.name, - protocol: obj.protocol - } + 'containerPort': obj.containerPort, + 'hostIP': obj.hostIp, + 'hostPort': obj.hostPort, + 'name': obj.name, + 'protocol': obj.protocol, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -22924,7 +22225,7 @@ export interface SecurityContext { * * @schema io.k8s.api.core.v1.SecurityContext#allowPrivilegeEscalation */ - readonly allowPrivilegeEscalation?: boolean + readonly allowPrivilegeEscalation?: boolean; /** * The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. @@ -22932,7 +22233,7 @@ export interface SecurityContext { * @default the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. * @schema io.k8s.api.core.v1.SecurityContext#capabilities */ - readonly capabilities?: Capabilities + readonly capabilities?: Capabilities; /** * Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. @@ -22940,14 +22241,14 @@ export interface SecurityContext { * @default false. Note that this field cannot be set when spec.os.name is windows. * @schema io.k8s.api.core.v1.SecurityContext#privileged */ - readonly privileged?: boolean + readonly privileged?: boolean; /** * procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.SecurityContext#procMount */ - readonly procMount?: string + readonly procMount?: string; /** * Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. @@ -22955,21 +22256,21 @@ export interface SecurityContext { * @default false. Note that this field cannot be set when spec.os.name is windows. * @schema io.k8s.api.core.v1.SecurityContext#readOnlyRootFilesystem */ - readonly readOnlyRootFilesystem?: boolean + readonly readOnlyRootFilesystem?: boolean; /** * The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.SecurityContext#runAsGroup */ - readonly runAsGroup?: number + readonly runAsGroup?: number; /** * Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. * * @schema io.k8s.api.core.v1.SecurityContext#runAsNonRoot */ - readonly runAsNonRoot?: boolean + readonly runAsNonRoot?: boolean; /** * The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. @@ -22977,28 +22278,29 @@ export interface SecurityContext { * @default user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. * @schema io.k8s.api.core.v1.SecurityContext#runAsUser */ - readonly runAsUser?: number + readonly runAsUser?: number; /** * The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.SecurityContext#seLinuxOptions */ - readonly seLinuxOptions?: SeLinuxOptions + readonly seLinuxOptions?: SeLinuxOptions; /** * The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. * * @schema io.k8s.api.core.v1.SecurityContext#seccompProfile */ - readonly seccompProfile?: SeccompProfile + readonly seccompProfile?: SeccompProfile; /** * The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. * * @schema io.k8s.api.core.v1.SecurityContext#windowsOptions */ - readonly windowsOptions?: WindowsSecurityContextOptions + readonly windowsOptions?: WindowsSecurityContextOptions; + } /** @@ -23006,24 +22308,22 @@ export interface SecurityContext { */ /* eslint-disable max-len, quote-props */ export function toJson_SecurityContext(obj: SecurityContext | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - allowPrivilegeEscalation: obj.allowPrivilegeEscalation, - capabilities: toJson_Capabilities(obj.capabilities), - privileged: obj.privileged, - procMount: obj.procMount, - readOnlyRootFilesystem: obj.readOnlyRootFilesystem, - runAsGroup: obj.runAsGroup, - runAsNonRoot: obj.runAsNonRoot, - runAsUser: obj.runAsUser, - seLinuxOptions: toJson_SeLinuxOptions(obj.seLinuxOptions), - seccompProfile: toJson_SeccompProfile(obj.seccompProfile), - windowsOptions: toJson_WindowsSecurityContextOptions(obj.windowsOptions) - } + 'allowPrivilegeEscalation': obj.allowPrivilegeEscalation, + 'capabilities': toJson_Capabilities(obj.capabilities), + 'privileged': obj.privileged, + 'procMount': obj.procMount, + 'readOnlyRootFilesystem': obj.readOnlyRootFilesystem, + 'runAsGroup': obj.runAsGroup, + 'runAsNonRoot': obj.runAsNonRoot, + 'runAsUser': obj.runAsUser, + 'seLinuxOptions': toJson_SeLinuxOptions(obj.seLinuxOptions), + 'seccompProfile': toJson_SeccompProfile(obj.seccompProfile), + 'windowsOptions': toJson_WindowsSecurityContextOptions(obj.windowsOptions), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23038,14 +22338,15 @@ export interface VolumeDevice { * * @schema io.k8s.api.core.v1.VolumeDevice#devicePath */ - readonly devicePath: string + readonly devicePath: string; /** * name must match the name of a persistentVolumeClaim in the pod * * @schema io.k8s.api.core.v1.VolumeDevice#name */ - readonly name: string + readonly name: string; + } /** @@ -23053,15 +22354,13 @@ export interface VolumeDevice { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeDevice(obj: VolumeDevice | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - devicePath: obj.devicePath, - name: obj.name - } + 'devicePath': obj.devicePath, + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23076,21 +22375,21 @@ export interface VolumeMount { * * @schema io.k8s.api.core.v1.VolumeMount#mountPath */ - readonly mountPath: string + readonly mountPath: string; /** * mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. * * @schema io.k8s.api.core.v1.VolumeMount#mountPropagation */ - readonly mountPropagation?: string + readonly mountPropagation?: string; /** * This must match the Name of a Volume. * * @schema io.k8s.api.core.v1.VolumeMount#name */ - readonly name: string + readonly name: string; /** * Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. @@ -23098,7 +22397,7 @@ export interface VolumeMount { * @default false. * @schema io.k8s.api.core.v1.VolumeMount#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). @@ -23106,7 +22405,7 @@ export interface VolumeMount { * @default volume's root). * @schema io.k8s.api.core.v1.VolumeMount#subPath */ - readonly subPath?: string + readonly subPath?: string; /** * Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. @@ -23114,7 +22413,8 @@ export interface VolumeMount { * @default volume's root). SubPathExpr and SubPath are mutually exclusive. * @schema io.k8s.api.core.v1.VolumeMount#subPathExpr */ - readonly subPathExpr?: string + readonly subPathExpr?: string; + } /** @@ -23122,19 +22422,17 @@ export interface VolumeMount { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeMount(obj: VolumeMount | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - mountPath: obj.mountPath, - mountPropagation: obj.mountPropagation, - name: obj.name, - readOnly: obj.readOnly, - subPath: obj.subPath, - subPathExpr: obj.subPathExpr - } + 'mountPath': obj.mountPath, + 'mountPropagation': obj.mountPropagation, + 'name': obj.name, + 'readOnly': obj.readOnly, + 'subPath': obj.subPath, + 'subPathExpr': obj.subPathExpr, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23149,12 +22447,13 @@ export interface PodDnsConfigOption { * * @schema io.k8s.api.core.v1.PodDNSConfigOption#name */ - readonly name?: string + readonly name?: string; /** * @schema io.k8s.api.core.v1.PodDNSConfigOption#value */ - readonly value?: string + readonly value?: string; + } /** @@ -23162,15 +22461,13 @@ export interface PodDnsConfigOption { */ /* eslint-disable max-len, quote-props */ export function toJson_PodDnsConfigOption(obj: PodDnsConfigOption | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - value: obj.value - } + 'name': obj.name, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23185,28 +22482,29 @@ export interface SeLinuxOptions { * * @schema io.k8s.api.core.v1.SELinuxOptions#level */ - readonly level?: string + readonly level?: string; /** * Role is a SELinux role label that applies to the container. * * @schema io.k8s.api.core.v1.SELinuxOptions#role */ - readonly role?: string + readonly role?: string; /** * Type is a SELinux type label that applies to the container. * * @schema io.k8s.api.core.v1.SELinuxOptions#type */ - readonly type?: string + readonly type?: string; /** * User is a SELinux user label that applies to the container. * * @schema io.k8s.api.core.v1.SELinuxOptions#user */ - readonly user?: string + readonly user?: string; + } /** @@ -23214,17 +22512,15 @@ export interface SeLinuxOptions { */ /* eslint-disable max-len, quote-props */ export function toJson_SeLinuxOptions(obj: SeLinuxOptions | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - level: obj.level, - role: obj.role, - type: obj.type, - user: obj.user - } + 'level': obj.level, + 'role': obj.role, + 'type': obj.type, + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23239,7 +22535,7 @@ export interface SeccompProfile { * * @schema io.k8s.api.core.v1.SeccompProfile#localhostProfile */ - readonly localhostProfile?: string + readonly localhostProfile?: string; /** * type indicates which kind of seccomp profile will be applied. Valid options are: @@ -23250,7 +22546,8 @@ export interface SeccompProfile { * * @schema io.k8s.api.core.v1.SeccompProfile#type */ - readonly type: string + readonly type: string; + } /** @@ -23258,15 +22555,13 @@ export interface SeccompProfile { */ /* eslint-disable max-len, quote-props */ export function toJson_SeccompProfile(obj: SeccompProfile | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - localhostProfile: obj.localhostProfile, - type: obj.type - } + 'localhostProfile': obj.localhostProfile, + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23281,14 +22576,15 @@ export interface Sysctl { * * @schema io.k8s.api.core.v1.Sysctl#name */ - readonly name: string + readonly name: string; /** * Value of a property to set * * @schema io.k8s.api.core.v1.Sysctl#value */ - readonly value: string + readonly value: string; + } /** @@ -23296,15 +22592,13 @@ export interface Sysctl { */ /* eslint-disable max-len, quote-props */ export function toJson_Sysctl(obj: Sysctl | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - value: obj.value - } + 'name': obj.name, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23319,21 +22613,21 @@ export interface WindowsSecurityContextOptions { * * @schema io.k8s.api.core.v1.WindowsSecurityContextOptions#gmsaCredentialSpec */ - readonly gmsaCredentialSpec?: string + readonly gmsaCredentialSpec?: string; /** * GMSACredentialSpecName is the name of the GMSA credential spec to use. * * @schema io.k8s.api.core.v1.WindowsSecurityContextOptions#gmsaCredentialSpecName */ - readonly gmsaCredentialSpecName?: string + readonly gmsaCredentialSpecName?: string; /** * HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. * * @schema io.k8s.api.core.v1.WindowsSecurityContextOptions#hostProcess */ - readonly hostProcess?: boolean + readonly hostProcess?: boolean; /** * The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. @@ -23341,27 +22635,24 @@ export interface WindowsSecurityContextOptions { * @default the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. * @schema io.k8s.api.core.v1.WindowsSecurityContextOptions#runAsUserName */ - readonly runAsUserName?: string + readonly runAsUserName?: string; + } /** * Converts an object of type 'WindowsSecurityContextOptions' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_WindowsSecurityContextOptions( - obj: WindowsSecurityContextOptions | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_WindowsSecurityContextOptions(obj: WindowsSecurityContextOptions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - gmsaCredentialSpec: obj.gmsaCredentialSpec, - gmsaCredentialSpecName: obj.gmsaCredentialSpecName, - hostProcess: obj.hostProcess, - runAsUserName: obj.runAsUserName - } + 'gmsaCredentialSpec': obj.gmsaCredentialSpec, + 'gmsaCredentialSpecName': obj.gmsaCredentialSpecName, + 'hostProcess': obj.hostProcess, + 'runAsUserName': obj.runAsUserName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23376,21 +22667,22 @@ export interface AzureFileVolumeSource { * * @schema io.k8s.api.core.v1.AzureFileVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretName is the name of secret that contains Azure Storage Account Name and Key * * @schema io.k8s.api.core.v1.AzureFileVolumeSource#secretName */ - readonly secretName: string + readonly secretName: string; /** * shareName is the azure share Name * * @schema io.k8s.api.core.v1.AzureFileVolumeSource#shareName */ - readonly shareName: string + readonly shareName: string; + } /** @@ -23398,16 +22690,14 @@ export interface AzureFileVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_AzureFileVolumeSource(obj: AzureFileVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - readOnly: obj.readOnly, - secretName: obj.secretName, - shareName: obj.shareName - } + 'readOnly': obj.readOnly, + 'secretName': obj.secretName, + 'shareName': obj.shareName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23422,14 +22712,14 @@ export interface CephFsVolumeSource { * * @schema io.k8s.api.core.v1.CephFSVolumeSource#monitors */ - readonly monitors: string[] + readonly monitors: string[]; /** * path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / * * @schema io.k8s.api.core.v1.CephFSVolumeSource#path */ - readonly path?: string + readonly path?: string; /** * readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -23437,28 +22727,29 @@ export interface CephFsVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * @schema io.k8s.api.core.v1.CephFSVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSVolumeSource#secretFile */ - readonly secretFile?: string + readonly secretFile?: string; /** * secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; /** * user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.CephFSVolumeSource#user */ - readonly user?: string + readonly user?: string; + } /** @@ -23466,19 +22757,17 @@ export interface CephFsVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_CephFsVolumeSource(obj: CephFsVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - monitors: obj.monitors?.map((y) => y), - path: obj.path, - readOnly: obj.readOnly, - secretFile: obj.secretFile, - secretRef: toJson_LocalObjectReference(obj.secretRef), - user: obj.user - } + 'monitors': obj.monitors?.map(y => y), + 'path': obj.path, + 'readOnly': obj.readOnly, + 'secretFile': obj.secretFile, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23493,28 +22782,29 @@ export interface CinderVolumeSource { * * @schema io.k8s.api.core.v1.CinderVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * * @schema io.k8s.api.core.v1.CinderVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. * * @schema io.k8s.api.core.v1.CinderVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; /** * volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md * * @schema io.k8s.api.core.v1.CinderVolumeSource#volumeID */ - readonly volumeId: string + readonly volumeId: string; + } /** @@ -23522,17 +22812,15 @@ export interface CinderVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_CinderVolumeSource(obj: CinderVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef), - volumeID: obj.volumeId - } + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'volumeID': obj.volumeId, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23550,28 +22838,29 @@ export interface ConfigMapVolumeSource { * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. * @schema io.k8s.api.core.v1.ConfigMapVolumeSource#defaultMode */ - readonly defaultMode?: number + readonly defaultMode?: number; /** * items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. * * @schema io.k8s.api.core.v1.ConfigMapVolumeSource#items */ - readonly items?: KeyToPath[] + readonly items?: KeyToPath[]; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.ConfigMapVolumeSource#name */ - readonly name?: string + readonly name?: string; /** * optional specify whether the ConfigMap or its keys must be defined * * @schema io.k8s.api.core.v1.ConfigMapVolumeSource#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -23579,17 +22868,15 @@ export interface ConfigMapVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_ConfigMapVolumeSource(obj: ConfigMapVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - defaultMode: obj.defaultMode, - items: obj.items?.map((y) => toJson_KeyToPath(y)), - name: obj.name, - optional: obj.optional - } + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_KeyToPath(y)), + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23604,21 +22891,21 @@ export interface CsiVolumeSource { * * @schema io.k8s.api.core.v1.CSIVolumeSource#driver */ - readonly driver: string + readonly driver: string; /** * fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. * * @schema io.k8s.api.core.v1.CSIVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. * * @schema io.k8s.api.core.v1.CSIVolumeSource#nodePublishSecretRef */ - readonly nodePublishSecretRef?: LocalObjectReference + readonly nodePublishSecretRef?: LocalObjectReference; /** * readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). @@ -23626,14 +22913,15 @@ export interface CsiVolumeSource { * @default false (read/write). * @schema io.k8s.api.core.v1.CSIVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. * * @schema io.k8s.api.core.v1.CSIVolumeSource#volumeAttributes */ - readonly volumeAttributes?: { [key: string]: string } + readonly volumeAttributes?: { [key: string]: string }; + } /** @@ -23641,21 +22929,16 @@ export interface CsiVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_CsiVolumeSource(obj: CsiVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - driver: obj.driver, - fsType: obj.fsType, - nodePublishSecretRef: toJson_LocalObjectReference(obj.nodePublishSecretRef), - readOnly: obj.readOnly, - volumeAttributes: - obj.volumeAttributes === undefined - ? undefined - : Object.entries(obj.volumeAttributes).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) - } + 'driver': obj.driver, + 'fsType': obj.fsType, + 'nodePublishSecretRef': toJson_LocalObjectReference(obj.nodePublishSecretRef), + 'readOnly': obj.readOnly, + 'volumeAttributes': ((obj.volumeAttributes) === undefined) ? undefined : (Object.entries(obj.volumeAttributes).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23671,32 +22954,29 @@ export interface DownwardApiVolumeSource { * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. * @schema io.k8s.api.core.v1.DownwardAPIVolumeSource#defaultMode */ - readonly defaultMode?: number + readonly defaultMode?: number; /** * Items is a list of downward API volume file * * @schema io.k8s.api.core.v1.DownwardAPIVolumeSource#items */ - readonly items?: DownwardApiVolumeFile[] + readonly items?: DownwardApiVolumeFile[]; + } /** * Converts an object of type 'DownwardApiVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_DownwardApiVolumeSource( - obj: DownwardApiVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_DownwardApiVolumeSource(obj: DownwardApiVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - defaultMode: obj.defaultMode, - items: obj.items?.map((y) => toJson_DownwardApiVolumeFile(y)) - } + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_DownwardApiVolumeFile(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23711,14 +22991,15 @@ export interface EmptyDirVolumeSource { * * @schema io.k8s.api.core.v1.EmptyDirVolumeSource#medium */ - readonly medium?: string + readonly medium?: string; /** * sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir * * @schema io.k8s.api.core.v1.EmptyDirVolumeSource#sizeLimit */ - readonly sizeLimit?: Quantity + readonly sizeLimit?: Quantity; + } /** @@ -23726,15 +23007,13 @@ export interface EmptyDirVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_EmptyDirVolumeSource(obj: EmptyDirVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - medium: obj.medium, - sizeLimit: obj.sizeLimit?.value - } + 'medium': obj.medium, + 'sizeLimit': obj.sizeLimit?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23755,7 +23034,8 @@ export interface EphemeralVolumeSource { * * @schema io.k8s.api.core.v1.EphemeralVolumeSource#volumeClaimTemplate */ - readonly volumeClaimTemplate?: PersistentVolumeClaimTemplate + readonly volumeClaimTemplate?: PersistentVolumeClaimTemplate; + } /** @@ -23763,14 +23043,12 @@ export interface EphemeralVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_EphemeralVolumeSource(obj: EphemeralVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - volumeClaimTemplate: toJson_PersistentVolumeClaimTemplate(obj.volumeClaimTemplate) - } + 'volumeClaimTemplate': toJson_PersistentVolumeClaimTemplate(obj.volumeClaimTemplate), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23785,35 +23063,36 @@ export interface FlexVolumeSource { * * @schema io.k8s.api.core.v1.FlexVolumeSource#driver */ - readonly driver: string + readonly driver: string; /** * fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. * * @schema io.k8s.api.core.v1.FlexVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * options is Optional: this field holds extra command options if any. * * @schema io.k8s.api.core.v1.FlexVolumeSource#options */ - readonly options?: { [key: string]: string } + readonly options?: { [key: string]: string }; /** * readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.FlexVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. * * @schema io.k8s.api.core.v1.FlexVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; + } /** @@ -23821,21 +23100,16 @@ export interface FlexVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_FlexVolumeSource(obj: FlexVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - driver: obj.driver, - fsType: obj.fsType, - options: - obj.options === undefined - ? undefined - : Object.entries(obj.options).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef) - } + 'driver': obj.driver, + 'fsType': obj.fsType, + 'options': ((obj.options) === undefined) ? undefined : (Object.entries(obj.options).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23852,21 +23126,22 @@ export interface GitRepoVolumeSource { * * @schema io.k8s.api.core.v1.GitRepoVolumeSource#directory */ - readonly directory?: string + readonly directory?: string; /** * repository is the URL * * @schema io.k8s.api.core.v1.GitRepoVolumeSource#repository */ - readonly repository: string + readonly repository: string; /** * revision is the commit hash for the specified revision. * * @schema io.k8s.api.core.v1.GitRepoVolumeSource#revision */ - readonly revision?: string + readonly revision?: string; + } /** @@ -23874,16 +23149,14 @@ export interface GitRepoVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_GitRepoVolumeSource(obj: GitRepoVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - directory: obj.directory, - repository: obj.repository, - revision: obj.revision - } + 'directory': obj.directory, + 'repository': obj.repository, + 'revision': obj.revision, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23898,14 +23171,14 @@ export interface GlusterfsVolumeSource { * * @schema io.k8s.api.core.v1.GlusterfsVolumeSource#endpoints */ - readonly endpoints: string + readonly endpoints: string; /** * path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod * * @schema io.k8s.api.core.v1.GlusterfsVolumeSource#path */ - readonly path: string + readonly path: string; /** * readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod @@ -23913,7 +23186,8 @@ export interface GlusterfsVolumeSource { * @default false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod * @schema io.k8s.api.core.v1.GlusterfsVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; + } /** @@ -23921,16 +23195,14 @@ export interface GlusterfsVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_GlusterfsVolumeSource(obj: GlusterfsVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - endpoints: obj.endpoints, - path: obj.path, - readOnly: obj.readOnly - } + 'endpoints': obj.endpoints, + 'path': obj.path, + 'readOnly': obj.readOnly, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -23945,35 +23217,35 @@ export interface IscsiVolumeSource { * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#chapAuthDiscovery */ - readonly chapAuthDiscovery?: boolean + readonly chapAuthDiscovery?: boolean; /** * chapAuthSession defines whether support iSCSI Session CHAP authentication * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#chapAuthSession */ - readonly chapAuthSession?: boolean + readonly chapAuthSession?: boolean; /** * fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#initiatorName */ - readonly initiatorName?: string + readonly initiatorName?: string; /** * iqn is the target iSCSI Qualified Name. * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#iqn */ - readonly iqn: string + readonly iqn: string; /** * iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -23981,21 +23253,21 @@ export interface IscsiVolumeSource { * @default default' (tcp). * @schema io.k8s.api.core.v1.ISCSIVolumeSource#iscsiInterface */ - readonly iscsiInterface?: string + readonly iscsiInterface?: string; /** * lun represents iSCSI Target Lun number. * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#lun */ - readonly lun: number + readonly lun: number; /** * portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#portals */ - readonly portals?: string[] + readonly portals?: string[]; /** * readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. @@ -24003,21 +23275,22 @@ export interface IscsiVolumeSource { * @default false. * @schema io.k8s.api.core.v1.ISCSIVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is the CHAP Secret for iSCSI target and initiator authentication * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; /** * targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). * * @schema io.k8s.api.core.v1.ISCSIVolumeSource#targetPortal */ - readonly targetPortal: string + readonly targetPortal: string; + } /** @@ -24025,24 +23298,22 @@ export interface IscsiVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_IscsiVolumeSource(obj: IscsiVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - chapAuthDiscovery: obj.chapAuthDiscovery, - chapAuthSession: obj.chapAuthSession, - fsType: obj.fsType, - initiatorName: obj.initiatorName, - iqn: obj.iqn, - iscsiInterface: obj.iscsiInterface, - lun: obj.lun, - portals: obj.portals?.map((y) => y), - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef), - targetPortal: obj.targetPortal - } + 'chapAuthDiscovery': obj.chapAuthDiscovery, + 'chapAuthSession': obj.chapAuthSession, + 'fsType': obj.fsType, + 'initiatorName': obj.initiatorName, + 'iqn': obj.iqn, + 'iscsiInterface': obj.iscsiInterface, + 'lun': obj.lun, + 'portals': obj.portals?.map(y => y), + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'targetPortal': obj.targetPortal, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24057,32 +23328,29 @@ export interface PersistentVolumeClaimVolumeSource { * * @schema io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource#claimName */ - readonly claimName: string + readonly claimName: string; /** * readOnly Will force the ReadOnly setting in VolumeMounts. Default false. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; + } /** * Converts an object of type 'PersistentVolumeClaimVolumeSource' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PersistentVolumeClaimVolumeSource( - obj: PersistentVolumeClaimVolumeSource | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PersistentVolumeClaimVolumeSource(obj: PersistentVolumeClaimVolumeSource | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - claimName: obj.claimName, - readOnly: obj.readOnly - } + 'claimName': obj.claimName, + 'readOnly': obj.readOnly, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24097,14 +23365,15 @@ export interface ProjectedVolumeSource { * * @schema io.k8s.api.core.v1.ProjectedVolumeSource#defaultMode */ - readonly defaultMode?: number + readonly defaultMode?: number; /** * sources is the list of volume projections * * @schema io.k8s.api.core.v1.ProjectedVolumeSource#sources */ - readonly sources?: VolumeProjection[] + readonly sources?: VolumeProjection[]; + } /** @@ -24112,15 +23381,13 @@ export interface ProjectedVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_ProjectedVolumeSource(obj: ProjectedVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - defaultMode: obj.defaultMode, - sources: obj.sources?.map((y) => toJson_VolumeProjection(y)) - } + 'defaultMode': obj.defaultMode, + 'sources': obj.sources?.map(y => toJson_VolumeProjection(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24135,14 +23402,14 @@ export interface RbdVolumeSource { * * @schema io.k8s.api.core.v1.RBDVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.RBDVolumeSource#image */ - readonly image: string + readonly image: string; /** * keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24150,14 +23417,14 @@ export interface RbdVolumeSource { * @default etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDVolumeSource#keyring */ - readonly keyring?: string + readonly keyring?: string; /** * monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * * @schema io.k8s.api.core.v1.RBDVolumeSource#monitors */ - readonly monitors: string[] + readonly monitors: string[]; /** * pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24165,7 +23432,7 @@ export interface RbdVolumeSource { * @default rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDVolumeSource#pool */ - readonly pool?: string + readonly pool?: string; /** * readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24173,7 +23440,7 @@ export interface RbdVolumeSource { * @default false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24181,7 +23448,7 @@ export interface RbdVolumeSource { * @default nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; /** * user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -24189,7 +23456,8 @@ export interface RbdVolumeSource { * @default admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it * @schema io.k8s.api.core.v1.RBDVolumeSource#user */ - readonly user?: string + readonly user?: string; + } /** @@ -24197,21 +23465,19 @@ export interface RbdVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_RbdVolumeSource(obj: RbdVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - image: obj.image, - keyring: obj.keyring, - monitors: obj.monitors?.map((y) => y), - pool: obj.pool, - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef), - user: obj.user - } + 'fsType': obj.fsType, + 'image': obj.image, + 'keyring': obj.keyring, + 'monitors': obj.monitors?.map(y => y), + 'pool': obj.pool, + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'user': obj.user, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24227,21 +23493,21 @@ export interface ScaleIoVolumeSource { * @default xfs". * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * gateway is the host address of the ScaleIO API Gateway. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#gateway */ - readonly gateway: string + readonly gateway: string; /** * protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#protectionDomain */ - readonly protectionDomain?: string + readonly protectionDomain?: string; /** * readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -24249,21 +23515,21 @@ export interface ScaleIoVolumeSource { * @default false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#secretRef */ - readonly secretRef: LocalObjectReference + readonly secretRef: LocalObjectReference; /** * sslEnabled Flag enable/disable SSL communication with Gateway, default false * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#sslEnabled */ - readonly sslEnabled?: boolean + readonly sslEnabled?: boolean; /** * storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -24271,28 +23537,29 @@ export interface ScaleIoVolumeSource { * @default ThinProvisioned. * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#storageMode */ - readonly storageMode?: string + readonly storageMode?: string; /** * storagePool is the ScaleIO Storage Pool associated with the protection domain. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#storagePool */ - readonly storagePool?: string + readonly storagePool?: string; /** * system is the name of the storage system as configured in ScaleIO. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#system */ - readonly system: string + readonly system: string; /** * volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. * * @schema io.k8s.api.core.v1.ScaleIOVolumeSource#volumeName */ - readonly volumeName?: string + readonly volumeName?: string; + } /** @@ -24300,23 +23567,21 @@ export interface ScaleIoVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_ScaleIoVolumeSource(obj: ScaleIoVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - gateway: obj.gateway, - protectionDomain: obj.protectionDomain, - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef), - sslEnabled: obj.sslEnabled, - storageMode: obj.storageMode, - storagePool: obj.storagePool, - system: obj.system, - volumeName: obj.volumeName - } + 'fsType': obj.fsType, + 'gateway': obj.gateway, + 'protectionDomain': obj.protectionDomain, + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'sslEnabled': obj.sslEnabled, + 'storageMode': obj.storageMode, + 'storagePool': obj.storagePool, + 'system': obj.system, + 'volumeName': obj.volumeName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24334,28 +23599,29 @@ export interface SecretVolumeSource { * @default 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. * @schema io.k8s.api.core.v1.SecretVolumeSource#defaultMode */ - readonly defaultMode?: number + readonly defaultMode?: number; /** * items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. * * @schema io.k8s.api.core.v1.SecretVolumeSource#items */ - readonly items?: KeyToPath[] + readonly items?: KeyToPath[]; /** * optional field specify whether the Secret or its keys must be defined * * @schema io.k8s.api.core.v1.SecretVolumeSource#optional */ - readonly optional?: boolean + readonly optional?: boolean; /** * secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret * * @schema io.k8s.api.core.v1.SecretVolumeSource#secretName */ - readonly secretName?: string + readonly secretName?: string; + } /** @@ -24363,17 +23629,15 @@ export interface SecretVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_SecretVolumeSource(obj: SecretVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - defaultMode: obj.defaultMode, - items: obj.items?.map((y) => toJson_KeyToPath(y)), - optional: obj.optional, - secretName: obj.secretName - } + 'defaultMode': obj.defaultMode, + 'items': obj.items?.map(y => toJson_KeyToPath(y)), + 'optional': obj.optional, + 'secretName': obj.secretName, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24388,35 +23652,36 @@ export interface StorageOsVolumeSource { * * @schema io.k8s.api.core.v1.StorageOSVolumeSource#fsType */ - readonly fsType?: string + readonly fsType?: string; /** * readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. * * @schema io.k8s.api.core.v1.StorageOSVolumeSource#readOnly */ - readonly readOnly?: boolean + readonly readOnly?: boolean; /** * secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. * * @schema io.k8s.api.core.v1.StorageOSVolumeSource#secretRef */ - readonly secretRef?: LocalObjectReference + readonly secretRef?: LocalObjectReference; /** * volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. * * @schema io.k8s.api.core.v1.StorageOSVolumeSource#volumeName */ - readonly volumeName?: string + readonly volumeName?: string; /** * volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. * * @schema io.k8s.api.core.v1.StorageOSVolumeSource#volumeNamespace */ - readonly volumeNamespace?: string + readonly volumeNamespace?: string; + } /** @@ -24424,18 +23689,16 @@ export interface StorageOsVolumeSource { */ /* eslint-disable max-len, quote-props */ export function toJson_StorageOsVolumeSource(obj: StorageOsVolumeSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fsType: obj.fsType, - readOnly: obj.readOnly, - secretRef: toJson_LocalObjectReference(obj.secretRef), - volumeName: obj.volumeName, - volumeNamespace: obj.volumeNamespace - } + 'fsType': obj.fsType, + 'readOnly': obj.readOnly, + 'secretRef': toJson_LocalObjectReference(obj.secretRef), + 'volumeName': obj.volumeName, + 'volumeNamespace': obj.volumeNamespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24452,7 +23715,7 @@ export interface ScopedResourceSelectorRequirement { * * @schema io.k8s.api.core.v1.ScopedResourceSelectorRequirement#operator */ - readonly operator: string + readonly operator: string; /** * The name of the scope that the selector applies to. @@ -24461,33 +23724,30 @@ export interface ScopedResourceSelectorRequirement { * * @schema io.k8s.api.core.v1.ScopedResourceSelectorRequirement#scopeName */ - readonly scopeName: string + readonly scopeName: string; /** * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. * * @schema io.k8s.api.core.v1.ScopedResourceSelectorRequirement#values */ - readonly values?: string[] + readonly values?: string[]; + } /** * Converts an object of type 'ScopedResourceSelectorRequirement' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ScopedResourceSelectorRequirement( - obj: ScopedResourceSelectorRequirement | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ScopedResourceSelectorRequirement(obj: ScopedResourceSelectorRequirement | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - operator: obj.operator, - scopeName: obj.scopeName, - values: obj.values?.map((y) => y) - } + 'operator': obj.operator, + 'scopeName': obj.scopeName, + 'values': obj.values?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24502,7 +23762,8 @@ export interface ClientIpConfig { * * @schema io.k8s.api.core.v1.ClientIPConfig#timeoutSeconds */ - readonly timeoutSeconds?: number + readonly timeoutSeconds?: number; + } /** @@ -24510,14 +23771,12 @@ export interface ClientIpConfig { */ /* eslint-disable max-len, quote-props */ export function toJson_ClientIpConfig(obj: ClientIpConfig | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - timeoutSeconds: obj.timeoutSeconds - } + 'timeoutSeconds': obj.timeoutSeconds, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24532,7 +23791,8 @@ export interface ForZone { * * @schema io.k8s.api.discovery.v1.ForZone#name */ - readonly name: string + readonly name: string; + } /** @@ -24540,14 +23800,12 @@ export interface ForZone { */ /* eslint-disable max-len, quote-props */ export function toJson_ForZone(obj: ForZone | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24568,32 +23826,29 @@ export interface NonResourcePolicyRuleV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.NonResourcePolicyRule#nonResourceURLs */ - readonly nonResourceUrLs: string[] + readonly nonResourceUrLs: string[]; /** * `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.NonResourcePolicyRule#verbs */ - readonly verbs: string[] + readonly verbs: string[]; + } /** * Converts an object of type 'NonResourcePolicyRuleV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_NonResourcePolicyRuleV1Beta1( - obj: NonResourcePolicyRuleV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_NonResourcePolicyRuleV1Beta1(obj: NonResourcePolicyRuleV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - nonResourceURLs: obj.nonResourceUrLs?.map((y) => y), - verbs: obj.verbs?.map((y) => y) - } + 'nonResourceURLs': obj.nonResourceUrLs?.map(y => y), + 'verbs': obj.verbs?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24608,56 +23863,53 @@ export interface ResourcePolicyRuleV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.ResourcePolicyRule#apiGroups */ - readonly apiGroups: string[] + readonly apiGroups: string[]; /** * `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list. * * @schema io.k8s.api.flowcontrol.v1beta1.ResourcePolicyRule#clusterScope */ - readonly clusterScope?: boolean + readonly clusterScope?: boolean; /** * `namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true. * * @schema io.k8s.api.flowcontrol.v1beta1.ResourcePolicyRule#namespaces */ - readonly namespaces?: string[] + readonly namespaces?: string[]; /** * `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.ResourcePolicyRule#resources */ - readonly resources: string[] + readonly resources: string[]; /** * `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.ResourcePolicyRule#verbs */ - readonly verbs: string[] + readonly verbs: string[]; + } /** * Converts an object of type 'ResourcePolicyRuleV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ResourcePolicyRuleV1Beta1( - obj: ResourcePolicyRuleV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ResourcePolicyRuleV1Beta1(obj: ResourcePolicyRuleV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiGroups: obj.apiGroups?.map((y) => y), - clusterScope: obj.clusterScope, - namespaces: obj.namespaces?.map((y) => y), - resources: obj.resources?.map((y) => y), - verbs: obj.verbs?.map((y) => y) - } + 'apiGroups': obj.apiGroups?.map(y => y), + 'clusterScope': obj.clusterScope, + 'namespaces': obj.namespaces?.map(y => y), + 'resources': obj.resources?.map(y => y), + 'verbs': obj.verbs?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24672,28 +23924,29 @@ export interface SubjectV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.Subject#group */ - readonly group?: GroupSubjectV1Beta1 + readonly group?: GroupSubjectV1Beta1; /** * `kind` indicates which one of the other fields is non-empty. Required * * @schema io.k8s.api.flowcontrol.v1beta1.Subject#kind */ - readonly kind: string + readonly kind: string; /** * `serviceAccount` matches ServiceAccounts. * * @schema io.k8s.api.flowcontrol.v1beta1.Subject#serviceAccount */ - readonly serviceAccount?: ServiceAccountSubjectV1Beta1 + readonly serviceAccount?: ServiceAccountSubjectV1Beta1; /** * `user` matches based on username. * * @schema io.k8s.api.flowcontrol.v1beta1.Subject#user */ - readonly user?: UserSubjectV1Beta1 + readonly user?: UserSubjectV1Beta1; + } /** @@ -24701,17 +23954,15 @@ export interface SubjectV1Beta1 { */ /* eslint-disable max-len, quote-props */ export function toJson_SubjectV1Beta1(obj: SubjectV1Beta1 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - group: toJson_GroupSubjectV1Beta1(obj.group), - kind: obj.kind, - serviceAccount: toJson_ServiceAccountSubjectV1Beta1(obj.serviceAccount), - user: toJson_UserSubjectV1Beta1(obj.user) - } + 'group': toJson_GroupSubjectV1Beta1(obj.group), + 'kind': obj.kind, + 'serviceAccount': toJson_ServiceAccountSubjectV1Beta1(obj.serviceAccount), + 'user': toJson_UserSubjectV1Beta1(obj.user), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24726,14 +23977,15 @@ export interface LimitResponseV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.LimitResponse#queuing */ - readonly queuing?: QueuingConfigurationV1Beta1 + readonly queuing?: QueuingConfigurationV1Beta1; /** * `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.LimitResponse#type */ - readonly type: string + readonly type: string; + } /** @@ -24741,15 +23993,13 @@ export interface LimitResponseV1Beta1 { */ /* eslint-disable max-len, quote-props */ export function toJson_LimitResponseV1Beta1(obj: LimitResponseV1Beta1 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - queuing: toJson_QueuingConfigurationV1Beta1(obj.queuing), - type: obj.type - } + 'queuing': toJson_QueuingConfigurationV1Beta1(obj.queuing), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24770,32 +24020,29 @@ export interface NonResourcePolicyRuleV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.NonResourcePolicyRule#nonResourceURLs */ - readonly nonResourceUrLs: string[] + readonly nonResourceUrLs: string[]; /** * `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.NonResourcePolicyRule#verbs */ - readonly verbs: string[] + readonly verbs: string[]; + } /** * Converts an object of type 'NonResourcePolicyRuleV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_NonResourcePolicyRuleV1Beta2( - obj: NonResourcePolicyRuleV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_NonResourcePolicyRuleV1Beta2(obj: NonResourcePolicyRuleV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - nonResourceURLs: obj.nonResourceUrLs?.map((y) => y), - verbs: obj.verbs?.map((y) => y) - } + 'nonResourceURLs': obj.nonResourceUrLs?.map(y => y), + 'verbs': obj.verbs?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24810,56 +24057,53 @@ export interface ResourcePolicyRuleV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.ResourcePolicyRule#apiGroups */ - readonly apiGroups: string[] + readonly apiGroups: string[]; /** * `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list. * * @schema io.k8s.api.flowcontrol.v1beta2.ResourcePolicyRule#clusterScope */ - readonly clusterScope?: boolean + readonly clusterScope?: boolean; /** * `namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true. * * @schema io.k8s.api.flowcontrol.v1beta2.ResourcePolicyRule#namespaces */ - readonly namespaces?: string[] + readonly namespaces?: string[]; /** * `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.ResourcePolicyRule#resources */ - readonly resources: string[] + readonly resources: string[]; /** * `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.ResourcePolicyRule#verbs */ - readonly verbs: string[] + readonly verbs: string[]; + } /** * Converts an object of type 'ResourcePolicyRuleV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ResourcePolicyRuleV1Beta2( - obj: ResourcePolicyRuleV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ResourcePolicyRuleV1Beta2(obj: ResourcePolicyRuleV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - apiGroups: obj.apiGroups?.map((y) => y), - clusterScope: obj.clusterScope, - namespaces: obj.namespaces?.map((y) => y), - resources: obj.resources?.map((y) => y), - verbs: obj.verbs?.map((y) => y) - } + 'apiGroups': obj.apiGroups?.map(y => y), + 'clusterScope': obj.clusterScope, + 'namespaces': obj.namespaces?.map(y => y), + 'resources': obj.resources?.map(y => y), + 'verbs': obj.verbs?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24874,28 +24118,29 @@ export interface SubjectV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.Subject#group */ - readonly group?: GroupSubjectV1Beta2 + readonly group?: GroupSubjectV1Beta2; /** * `kind` indicates which one of the other fields is non-empty. Required * * @schema io.k8s.api.flowcontrol.v1beta2.Subject#kind */ - readonly kind: string + readonly kind: string; /** * `serviceAccount` matches ServiceAccounts. * * @schema io.k8s.api.flowcontrol.v1beta2.Subject#serviceAccount */ - readonly serviceAccount?: ServiceAccountSubjectV1Beta2 + readonly serviceAccount?: ServiceAccountSubjectV1Beta2; /** * `user` matches based on username. * * @schema io.k8s.api.flowcontrol.v1beta2.Subject#user */ - readonly user?: UserSubjectV1Beta2 + readonly user?: UserSubjectV1Beta2; + } /** @@ -24903,17 +24148,15 @@ export interface SubjectV1Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_SubjectV1Beta2(obj: SubjectV1Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - group: toJson_GroupSubjectV1Beta2(obj.group), - kind: obj.kind, - serviceAccount: toJson_ServiceAccountSubjectV1Beta2(obj.serviceAccount), - user: toJson_UserSubjectV1Beta2(obj.user) - } + 'group': toJson_GroupSubjectV1Beta2(obj.group), + 'kind': obj.kind, + 'serviceAccount': toJson_ServiceAccountSubjectV1Beta2(obj.serviceAccount), + 'user': toJson_UserSubjectV1Beta2(obj.user), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24928,14 +24171,15 @@ export interface LimitResponseV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.LimitResponse#queuing */ - readonly queuing?: QueuingConfigurationV1Beta2 + readonly queuing?: QueuingConfigurationV1Beta2; /** * `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.LimitResponse#type */ - readonly type: string + readonly type: string; + } /** @@ -24943,15 +24187,13 @@ export interface LimitResponseV1Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_LimitResponseV1Beta2(obj: LimitResponseV1Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - queuing: toJson_QueuingConfigurationV1Beta2(obj.queuing), - type: obj.type - } + 'queuing': toJson_QueuingConfigurationV1Beta2(obj.queuing), + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -24966,14 +24208,15 @@ export interface IngressServiceBackend { * * @schema io.k8s.api.networking.v1.IngressServiceBackend#name */ - readonly name: string + readonly name: string; /** * Port of the referenced service. A port name or port number is required for a IngressServiceBackend. * * @schema io.k8s.api.networking.v1.IngressServiceBackend#port */ - readonly port?: ServiceBackendPort + readonly port?: ServiceBackendPort; + } /** @@ -24981,15 +24224,13 @@ export interface IngressServiceBackend { */ /* eslint-disable max-len, quote-props */ export function toJson_IngressServiceBackend(obj: IngressServiceBackend | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - port: toJson_ServiceBackendPort(obj.port) - } + 'name': obj.name, + 'port': toJson_ServiceBackendPort(obj.port), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25004,7 +24245,8 @@ export interface HttpIngressRuleValue { * * @schema io.k8s.api.networking.v1.HTTPIngressRuleValue#paths */ - readonly paths: HttpIngressPath[] + readonly paths: HttpIngressPath[]; + } /** @@ -25012,14 +24254,12 @@ export interface HttpIngressRuleValue { */ /* eslint-disable max-len, quote-props */ export function toJson_HttpIngressRuleValue(obj: HttpIngressRuleValue | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - paths: obj.paths?.map((y) => toJson_HttpIngressPath(y)) - } + 'paths': obj.paths?.map(y => toJson_HttpIngressPath(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25034,21 +24274,22 @@ export interface NetworkPolicyPort { * * @schema io.k8s.api.networking.v1.NetworkPolicyPort#endPort */ - readonly endPort?: number + readonly endPort?: number; /** * The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. * * @schema io.k8s.api.networking.v1.NetworkPolicyPort#port */ - readonly port?: IntOrString + readonly port?: IntOrString; /** * The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. * * @schema io.k8s.api.networking.v1.NetworkPolicyPort#protocol */ - readonly protocol?: string + readonly protocol?: string; + } /** @@ -25056,16 +24297,14 @@ export interface NetworkPolicyPort { */ /* eslint-disable max-len, quote-props */ export function toJson_NetworkPolicyPort(obj: NetworkPolicyPort | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - endPort: obj.endPort, - port: obj.port?.value, - protocol: obj.protocol - } + 'endPort': obj.endPort, + 'port': obj.port?.value, + 'protocol': obj.protocol, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25080,7 +24319,7 @@ export interface NetworkPolicyPeer { * * @schema io.k8s.api.networking.v1.NetworkPolicyPeer#ipBlock */ - readonly ipBlock?: IpBlock + readonly ipBlock?: IpBlock; /** * Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. @@ -25089,7 +24328,7 @@ export interface NetworkPolicyPeer { * * @schema io.k8s.api.networking.v1.NetworkPolicyPeer#namespaceSelector */ - readonly namespaceSelector?: LabelSelector + readonly namespaceSelector?: LabelSelector; /** * This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods. @@ -25098,7 +24337,8 @@ export interface NetworkPolicyPeer { * * @schema io.k8s.api.networking.v1.NetworkPolicyPeer#podSelector */ - readonly podSelector?: LabelSelector + readonly podSelector?: LabelSelector; + } /** @@ -25106,16 +24346,14 @@ export interface NetworkPolicyPeer { */ /* eslint-disable max-len, quote-props */ export function toJson_NetworkPolicyPeer(obj: NetworkPolicyPeer | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - ipBlock: toJson_IpBlock(obj.ipBlock), - namespaceSelector: toJson_LabelSelector(obj.namespaceSelector), - podSelector: toJson_LabelSelector(obj.podSelector) - } + 'ipBlock': toJson_IpBlock(obj.ipBlock), + 'namespaceSelector': toJson_LabelSelector(obj.namespaceSelector), + 'podSelector': toJson_LabelSelector(obj.podSelector), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25130,14 +24368,15 @@ export interface NodeSelectorTerm { * * @schema io.k8s.api.core.v1.NodeSelectorTerm#matchExpressions */ - readonly matchExpressions?: NodeSelectorRequirement[] + readonly matchExpressions?: NodeSelectorRequirement[]; /** * A list of node selector requirements by node's fields. * * @schema io.k8s.api.core.v1.NodeSelectorTerm#matchFields */ - readonly matchFields?: NodeSelectorRequirement[] + readonly matchFields?: NodeSelectorRequirement[]; + } /** @@ -25145,15 +24384,13 @@ export interface NodeSelectorTerm { */ /* eslint-disable max-len, quote-props */ export function toJson_NodeSelectorTerm(obj: NodeSelectorTerm | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - matchExpressions: obj.matchExpressions?.map((y) => toJson_NodeSelectorRequirement(y)), - matchFields: obj.matchFields?.map((y) => toJson_NodeSelectorRequirement(y)) - } + 'matchExpressions': obj.matchExpressions?.map(y => toJson_NodeSelectorRequirement(y)), + 'matchFields': obj.matchFields?.map(y => toJson_NodeSelectorRequirement(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25168,7 +24405,8 @@ export interface VolumeNodeResources { * * @schema io.k8s.api.storage.v1.VolumeNodeResources#count */ - readonly count?: number + readonly count?: number; + } /** @@ -25176,14 +24414,12 @@ export interface VolumeNodeResources { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeNodeResources(obj: VolumeNodeResources | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - count: obj.count - } + 'count': obj.count, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25198,14 +24434,15 @@ export interface WebhookConversion { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion#clientConfig */ - readonly clientConfig?: WebhookClientConfig + readonly clientConfig?: WebhookClientConfig; /** * conversionReviewVersions is an ordered list of preferred `ConversionReview` versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.WebhookConversion#conversionReviewVersions */ - readonly conversionReviewVersions: string[] + readonly conversionReviewVersions: string[]; + } /** @@ -25213,15 +24450,13 @@ export interface WebhookConversion { */ /* eslint-disable max-len, quote-props */ export function toJson_WebhookConversion(obj: WebhookConversion | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - clientConfig: toJson_WebhookClientConfig(obj.clientConfig), - conversionReviewVersions: obj.conversionReviewVersions?.map((y) => y) - } + 'clientConfig': toJson_WebhookClientConfig(obj.clientConfig), + 'conversionReviewVersions': obj.conversionReviewVersions?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25236,64 +24471,61 @@ export interface CustomResourceColumnDefinition { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#description */ - readonly description?: string + readonly description?: string; /** * format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#format */ - readonly format?: string + readonly format?: string; /** * jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#jsonPath */ - readonly jsonPath: string + readonly jsonPath: string; /** * name is a human readable name for the column. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#name */ - readonly name: string + readonly name: string; /** * priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#priority */ - readonly priority?: number + readonly priority?: number; /** * type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceColumnDefinition#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'CustomResourceColumnDefinition' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceColumnDefinition( - obj: CustomResourceColumnDefinition | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceColumnDefinition(obj: CustomResourceColumnDefinition | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - description: obj.description, - format: obj.format, - jsonPath: obj.jsonPath, - name: obj.name, - priority: obj.priority, - type: obj.type - } + 'description': obj.description, + 'format': obj.format, + 'jsonPath': obj.jsonPath, + 'name': obj.name, + 'priority': obj.priority, + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25308,24 +24540,21 @@ export interface CustomResourceValidation { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceValidation#openAPIV3Schema */ - readonly openApiv3Schema?: JsonSchemaProps + readonly openApiv3Schema?: JsonSchemaProps; + } /** * Converts an object of type 'CustomResourceValidation' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceValidation( - obj: CustomResourceValidation | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceValidation(obj: CustomResourceValidation | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - openAPIV3Schema: toJson_JsonSchemaProps(obj.openApiv3Schema) - } + 'openAPIV3Schema': toJson_JsonSchemaProps(obj.openApiv3Schema), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25340,32 +24569,29 @@ export interface CustomResourceSubresources { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources#scale */ - readonly scale?: CustomResourceSubresourceScale + readonly scale?: CustomResourceSubresourceScale; /** * status indicates the custom resource should serve a `/status` subresource. When enabled: 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresources#status */ - readonly status?: any + readonly status?: any; + } /** * Converts an object of type 'CustomResourceSubresources' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceSubresources( - obj: CustomResourceSubresources | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceSubresources(obj: CustomResourceSubresources | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - scale: toJson_CustomResourceSubresourceScale(obj.scale), - status: obj.status - } + 'scale': toJson_CustomResourceSubresourceScale(obj.scale), + 'status': obj.status, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25380,21 +24606,22 @@ export interface HpaScalingPolicyV2 { * * @schema io.k8s.api.autoscaling.v2.HPAScalingPolicy#periodSeconds */ - readonly periodSeconds: number + readonly periodSeconds: number; /** * Type is used to specify the scaling policy. * * @schema io.k8s.api.autoscaling.v2.HPAScalingPolicy#type */ - readonly type: string + readonly type: string; /** * Value contains the amount of change which is permitted by the policy. It must be greater than zero * * @schema io.k8s.api.autoscaling.v2.HPAScalingPolicy#value */ - readonly value: number + readonly value: number; + } /** @@ -25402,16 +24629,14 @@ export interface HpaScalingPolicyV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_HpaScalingPolicyV2(obj: HpaScalingPolicyV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - periodSeconds: obj.periodSeconds, - type: obj.type, - value: obj.value - } + 'periodSeconds': obj.periodSeconds, + 'type': obj.type, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25426,28 +24651,29 @@ export interface MetricTargetV2 { * * @schema io.k8s.api.autoscaling.v2.MetricTarget#averageUtilization */ - readonly averageUtilization?: number + readonly averageUtilization?: number; /** * averageValue is the target value of the average of the metric across all relevant pods (as a quantity) * * @schema io.k8s.api.autoscaling.v2.MetricTarget#averageValue */ - readonly averageValue?: Quantity + readonly averageValue?: Quantity; /** * type represents whether the metric type is Utilization, Value, or AverageValue * * @schema io.k8s.api.autoscaling.v2.MetricTarget#type */ - readonly type: string + readonly type: string; /** * value is the target value of the metric (as a quantity). * * @schema io.k8s.api.autoscaling.v2.MetricTarget#value */ - readonly value?: Quantity + readonly value?: Quantity; + } /** @@ -25455,17 +24681,15 @@ export interface MetricTargetV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_MetricTargetV2(obj: MetricTargetV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - averageUtilization: obj.averageUtilization, - averageValue: obj.averageValue?.value, - type: obj.type, - value: obj.value?.value - } + 'averageUtilization': obj.averageUtilization, + 'averageValue': obj.averageValue?.value, + 'type': obj.type, + 'value': obj.value?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25480,14 +24704,15 @@ export interface MetricIdentifierV2 { * * @schema io.k8s.api.autoscaling.v2.MetricIdentifier#name */ - readonly name: string + readonly name: string; /** * selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics. * * @schema io.k8s.api.autoscaling.v2.MetricIdentifier#selector */ - readonly selector?: LabelSelector + readonly selector?: LabelSelector; + } /** @@ -25495,15 +24720,13 @@ export interface MetricIdentifierV2 { */ /* eslint-disable max-len, quote-props */ export function toJson_MetricIdentifierV2(obj: MetricIdentifierV2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - selector: toJson_LabelSelector(obj.selector) - } + 'name': obj.name, + 'selector': toJson_LabelSelector(obj.selector), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25518,40 +24741,37 @@ export interface HpaScalingPolicyV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingPolicy#periodSeconds */ - readonly periodSeconds: number + readonly periodSeconds: number; /** * Type is used to specify the scaling policy. * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingPolicy#type */ - readonly type: string + readonly type: string; /** * Value contains the amount of change which is permitted by the policy. It must be greater than zero * * @schema io.k8s.api.autoscaling.v2beta2.HPAScalingPolicy#value */ - readonly value: number + readonly value: number; + } /** * Converts an object of type 'HpaScalingPolicyV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_HpaScalingPolicyV2Beta2( - obj: HpaScalingPolicyV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_HpaScalingPolicyV2Beta2(obj: HpaScalingPolicyV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - periodSeconds: obj.periodSeconds, - type: obj.type, - value: obj.value - } + 'periodSeconds': obj.periodSeconds, + 'type': obj.type, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25566,28 +24786,29 @@ export interface MetricTargetV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.MetricTarget#averageUtilization */ - readonly averageUtilization?: number + readonly averageUtilization?: number; /** * averageValue is the target value of the average of the metric across all relevant pods (as a quantity) * * @schema io.k8s.api.autoscaling.v2beta2.MetricTarget#averageValue */ - readonly averageValue?: Quantity + readonly averageValue?: Quantity; /** * type represents whether the metric type is Utilization, Value, or AverageValue * * @schema io.k8s.api.autoscaling.v2beta2.MetricTarget#type */ - readonly type: string + readonly type: string; /** * value is the target value of the metric (as a quantity). * * @schema io.k8s.api.autoscaling.v2beta2.MetricTarget#value */ - readonly value?: Quantity + readonly value?: Quantity; + } /** @@ -25595,17 +24816,15 @@ export interface MetricTargetV2Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_MetricTargetV2Beta2(obj: MetricTargetV2Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - averageUtilization: obj.averageUtilization, - averageValue: obj.averageValue?.value, - type: obj.type, - value: obj.value?.value - } + 'averageUtilization': obj.averageUtilization, + 'averageValue': obj.averageValue?.value, + 'type': obj.type, + 'value': obj.value?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25620,32 +24839,29 @@ export interface MetricIdentifierV2Beta2 { * * @schema io.k8s.api.autoscaling.v2beta2.MetricIdentifier#name */ - readonly name: string + readonly name: string; /** * selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics. * * @schema io.k8s.api.autoscaling.v2beta2.MetricIdentifier#selector */ - readonly selector?: LabelSelector + readonly selector?: LabelSelector; + } /** * Converts an object of type 'MetricIdentifierV2Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_MetricIdentifierV2Beta2( - obj: MetricIdentifierV2Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_MetricIdentifierV2Beta2(obj: MetricIdentifierV2Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - selector: toJson_LabelSelector(obj.selector) - } + 'name': obj.name, + 'selector': toJson_LabelSelector(obj.selector), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25660,7 +24876,7 @@ export interface PodFailurePolicyOnExitCodesRequirement { * * @schema io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement#containerName */ - readonly containerName?: string + readonly containerName?: string; /** * Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code @@ -25675,33 +24891,30 @@ export interface PodFailurePolicyOnExitCodesRequirement { * * @schema io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement#operator */ - readonly operator: string + readonly operator: string; /** * Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed. * * @schema io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement#values */ - readonly values: number[] + readonly values: number[]; + } /** * Converts an object of type 'PodFailurePolicyOnExitCodesRequirement' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PodFailurePolicyOnExitCodesRequirement( - obj: PodFailurePolicyOnExitCodesRequirement | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PodFailurePolicyOnExitCodesRequirement(obj: PodFailurePolicyOnExitCodesRequirement | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - containerName: obj.containerName, - operator: obj.operator, - values: obj.values?.map((y) => y) - } + 'containerName': obj.containerName, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25717,32 +24930,29 @@ export interface PodFailurePolicyOnPodConditionsPattern { * @default True. * @schema io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern#status */ - readonly status: string + readonly status: string; /** * Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type. * * @schema io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern#type */ - readonly type: string + readonly type: string; + } /** * Converts an object of type 'PodFailurePolicyOnPodConditionsPattern' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PodFailurePolicyOnPodConditionsPattern( - obj: PodFailurePolicyOnPodConditionsPattern | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PodFailurePolicyOnPodConditionsPattern(obj: PodFailurePolicyOnPodConditionsPattern | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - status: obj.status, - type: obj.type - } + 'status': obj.status, + 'type': obj.type, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25757,32 +24967,29 @@ export interface PreferredSchedulingTerm { * * @schema io.k8s.api.core.v1.PreferredSchedulingTerm#preference */ - readonly preference: NodeSelectorTerm + readonly preference: NodeSelectorTerm; /** * Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. * * @schema io.k8s.api.core.v1.PreferredSchedulingTerm#weight */ - readonly weight: number + readonly weight: number; + } /** * Converts an object of type 'PreferredSchedulingTerm' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PreferredSchedulingTerm( - obj: PreferredSchedulingTerm | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PreferredSchedulingTerm(obj: PreferredSchedulingTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - preference: toJson_NodeSelectorTerm(obj.preference), - weight: obj.weight - } + 'preference': toJson_NodeSelectorTerm(obj.preference), + 'weight': obj.weight, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25797,32 +25004,29 @@ export interface WeightedPodAffinityTerm { * * @schema io.k8s.api.core.v1.WeightedPodAffinityTerm#podAffinityTerm */ - readonly podAffinityTerm: PodAffinityTerm + readonly podAffinityTerm: PodAffinityTerm; /** * weight associated with matching the corresponding podAffinityTerm, in the range 1-100. * * @schema io.k8s.api.core.v1.WeightedPodAffinityTerm#weight */ - readonly weight: number + readonly weight: number; + } /** * Converts an object of type 'WeightedPodAffinityTerm' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_WeightedPodAffinityTerm( - obj: WeightedPodAffinityTerm | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_WeightedPodAffinityTerm(obj: WeightedPodAffinityTerm | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - podAffinityTerm: toJson_PodAffinityTerm(obj.podAffinityTerm), - weight: obj.weight - } + 'podAffinityTerm': toJson_PodAffinityTerm(obj.podAffinityTerm), + 'weight': obj.weight, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25837,28 +25041,29 @@ export interface PodAffinityTerm { * * @schema io.k8s.api.core.v1.PodAffinityTerm#labelSelector */ - readonly labelSelector?: LabelSelector + readonly labelSelector?: LabelSelector; /** * A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. * * @schema io.k8s.api.core.v1.PodAffinityTerm#namespaceSelector */ - readonly namespaceSelector?: LabelSelector + readonly namespaceSelector?: LabelSelector; /** * namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". * * @schema io.k8s.api.core.v1.PodAffinityTerm#namespaces */ - readonly namespaces?: string[] + readonly namespaces?: string[]; /** * This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. * * @schema io.k8s.api.core.v1.PodAffinityTerm#topologyKey */ - readonly topologyKey: string + readonly topologyKey: string; + } /** @@ -25866,17 +25071,15 @@ export interface PodAffinityTerm { */ /* eslint-disable max-len, quote-props */ export function toJson_PodAffinityTerm(obj: PodAffinityTerm | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - labelSelector: toJson_LabelSelector(obj.labelSelector), - namespaceSelector: toJson_LabelSelector(obj.namespaceSelector), - namespaces: obj.namespaces?.map((y) => y), - topologyKey: obj.topologyKey - } + 'labelSelector': toJson_LabelSelector(obj.labelSelector), + 'namespaceSelector': toJson_LabelSelector(obj.namespaceSelector), + 'namespaces': obj.namespaces?.map(y => y), + 'topologyKey': obj.topologyKey, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25891,28 +25094,29 @@ export interface EnvVarSource { * * @schema io.k8s.api.core.v1.EnvVarSource#configMapKeyRef */ - readonly configMapKeyRef?: ConfigMapKeySelector + readonly configMapKeyRef?: ConfigMapKeySelector; /** * Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. * * @schema io.k8s.api.core.v1.EnvVarSource#fieldRef */ - readonly fieldRef?: ObjectFieldSelector + readonly fieldRef?: ObjectFieldSelector; /** * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. * * @schema io.k8s.api.core.v1.EnvVarSource#resourceFieldRef */ - readonly resourceFieldRef?: ResourceFieldSelector + readonly resourceFieldRef?: ResourceFieldSelector; /** * Selects a key of a secret in the pod's namespace * * @schema io.k8s.api.core.v1.EnvVarSource#secretKeyRef */ - readonly secretKeyRef?: SecretKeySelector + readonly secretKeyRef?: SecretKeySelector; + } /** @@ -25920,17 +25124,15 @@ export interface EnvVarSource { */ /* eslint-disable max-len, quote-props */ export function toJson_EnvVarSource(obj: EnvVarSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - configMapKeyRef: toJson_ConfigMapKeySelector(obj.configMapKeyRef), - fieldRef: toJson_ObjectFieldSelector(obj.fieldRef), - resourceFieldRef: toJson_ResourceFieldSelector(obj.resourceFieldRef), - secretKeyRef: toJson_SecretKeySelector(obj.secretKeyRef) - } + 'configMapKeyRef': toJson_ConfigMapKeySelector(obj.configMapKeyRef), + 'fieldRef': toJson_ObjectFieldSelector(obj.fieldRef), + 'resourceFieldRef': toJson_ResourceFieldSelector(obj.resourceFieldRef), + 'secretKeyRef': toJson_SecretKeySelector(obj.secretKeyRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25947,14 +25149,15 @@ export interface ConfigMapEnvSource { * * @schema io.k8s.api.core.v1.ConfigMapEnvSource#name */ - readonly name?: string + readonly name?: string; /** * Specify whether the ConfigMap must be defined * * @schema io.k8s.api.core.v1.ConfigMapEnvSource#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -25962,15 +25165,13 @@ export interface ConfigMapEnvSource { */ /* eslint-disable max-len, quote-props */ export function toJson_ConfigMapEnvSource(obj: ConfigMapEnvSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - optional: obj.optional - } + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -25987,14 +25188,15 @@ export interface SecretEnvSource { * * @schema io.k8s.api.core.v1.SecretEnvSource#name */ - readonly name?: string + readonly name?: string; /** * Specify whether the Secret must be defined * * @schema io.k8s.api.core.v1.SecretEnvSource#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -26002,15 +25204,13 @@ export interface SecretEnvSource { */ /* eslint-disable max-len, quote-props */ export function toJson_SecretEnvSource(obj: SecretEnvSource | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - optional: obj.optional - } + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26025,21 +25225,22 @@ export interface LifecycleHandler { * * @schema io.k8s.api.core.v1.LifecycleHandler#exec */ - readonly exec?: ExecAction + readonly exec?: ExecAction; /** * HTTPGet specifies the http request to perform. * * @schema io.k8s.api.core.v1.LifecycleHandler#httpGet */ - readonly httpGet?: HttpGetAction + readonly httpGet?: HttpGetAction; /** * Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. * * @schema io.k8s.api.core.v1.LifecycleHandler#tcpSocket */ - readonly tcpSocket?: TcpSocketAction + readonly tcpSocket?: TcpSocketAction; + } /** @@ -26047,16 +25248,14 @@ export interface LifecycleHandler { */ /* eslint-disable max-len, quote-props */ export function toJson_LifecycleHandler(obj: LifecycleHandler | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - exec: toJson_ExecAction(obj.exec), - httpGet: toJson_HttpGetAction(obj.httpGet), - tcpSocket: toJson_TcpSocketAction(obj.tcpSocket) - } + 'exec': toJson_ExecAction(obj.exec), + 'httpGet': toJson_HttpGetAction(obj.httpGet), + 'tcpSocket': toJson_TcpSocketAction(obj.tcpSocket), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26071,7 +25270,8 @@ export interface ExecAction { * * @schema io.k8s.api.core.v1.ExecAction#command */ - readonly command?: string[] + readonly command?: string[]; + } /** @@ -26079,14 +25279,12 @@ export interface ExecAction { */ /* eslint-disable max-len, quote-props */ export function toJson_ExecAction(obj: ExecAction | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - command: obj.command?.map((y) => y) - } + 'command': obj.command?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26099,7 +25297,7 @@ export interface GrpcAction { * * @schema io.k8s.api.core.v1.GRPCAction#port */ - readonly port: number + readonly port: number; /** * Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). @@ -26108,7 +25306,8 @@ export interface GrpcAction { * * @schema io.k8s.api.core.v1.GRPCAction#service */ - readonly service?: string + readonly service?: string; + } /** @@ -26116,15 +25315,13 @@ export interface GrpcAction { */ /* eslint-disable max-len, quote-props */ export function toJson_GrpcAction(obj: GrpcAction | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - port: obj.port, - service: obj.service - } + 'port': obj.port, + 'service': obj.service, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26139,28 +25336,28 @@ export interface HttpGetAction { * * @schema io.k8s.api.core.v1.HTTPGetAction#host */ - readonly host?: string + readonly host?: string; /** * Custom headers to set in the request. HTTP allows repeated headers. * * @schema io.k8s.api.core.v1.HTTPGetAction#httpHeaders */ - readonly httpHeaders?: HttpHeader[] + readonly httpHeaders?: HttpHeader[]; /** * Path to access on the HTTP server. * * @schema io.k8s.api.core.v1.HTTPGetAction#path */ - readonly path?: string + readonly path?: string; /** * Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. * * @schema io.k8s.api.core.v1.HTTPGetAction#port */ - readonly port: IntOrString + readonly port: IntOrString; /** * Scheme to use for connecting to the host. Defaults to HTTP. @@ -26170,7 +25367,8 @@ export interface HttpGetAction { * @default HTTP. * @schema io.k8s.api.core.v1.HTTPGetAction#scheme */ - readonly scheme?: string + readonly scheme?: string; + } /** @@ -26178,18 +25376,16 @@ export interface HttpGetAction { */ /* eslint-disable max-len, quote-props */ export function toJson_HttpGetAction(obj: HttpGetAction | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - host: obj.host, - httpHeaders: obj.httpHeaders?.map((y) => toJson_HttpHeader(y)), - path: obj.path, - port: obj.port?.value, - scheme: obj.scheme - } + 'host': obj.host, + 'httpHeaders': obj.httpHeaders?.map(y => toJson_HttpHeader(y)), + 'path': obj.path, + 'port': obj.port?.value, + 'scheme': obj.scheme, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26204,14 +25400,15 @@ export interface TcpSocketAction { * * @schema io.k8s.api.core.v1.TCPSocketAction#host */ - readonly host?: string + readonly host?: string; /** * Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. * * @schema io.k8s.api.core.v1.TCPSocketAction#port */ - readonly port: IntOrString + readonly port: IntOrString; + } /** @@ -26219,15 +25416,13 @@ export interface TcpSocketAction { */ /* eslint-disable max-len, quote-props */ export function toJson_TcpSocketAction(obj: TcpSocketAction | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - host: obj.host, - port: obj.port?.value - } + 'host': obj.host, + 'port': obj.port?.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26242,14 +25437,15 @@ export interface Capabilities { * * @schema io.k8s.api.core.v1.Capabilities#add */ - readonly add?: string[] + readonly add?: string[]; /** * Removed capabilities * * @schema io.k8s.api.core.v1.Capabilities#drop */ - readonly drop?: string[] + readonly drop?: string[]; + } /** @@ -26257,15 +25453,13 @@ export interface Capabilities { */ /* eslint-disable max-len, quote-props */ export function toJson_Capabilities(obj: Capabilities | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - add: obj.add?.map((y) => y), - drop: obj.drop?.map((y) => y) - } + 'add': obj.add?.map(y => y), + 'drop': obj.drop?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26280,21 +25474,22 @@ export interface KeyToPath { * * @schema io.k8s.api.core.v1.KeyToPath#key */ - readonly key: string + readonly key: string; /** * mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. * * @schema io.k8s.api.core.v1.KeyToPath#mode */ - readonly mode?: number + readonly mode?: number; /** * path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. * * @schema io.k8s.api.core.v1.KeyToPath#path */ - readonly path: string + readonly path: string; + } /** @@ -26302,16 +25497,14 @@ export interface KeyToPath { */ /* eslint-disable max-len, quote-props */ export function toJson_KeyToPath(obj: KeyToPath | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - mode: obj.mode, - path: obj.path - } + 'key': obj.key, + 'mode': obj.mode, + 'path': obj.path, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26326,28 +25519,29 @@ export interface DownwardApiVolumeFile { * * @schema io.k8s.api.core.v1.DownwardAPIVolumeFile#fieldRef */ - readonly fieldRef?: ObjectFieldSelector + readonly fieldRef?: ObjectFieldSelector; /** * Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. * * @schema io.k8s.api.core.v1.DownwardAPIVolumeFile#mode */ - readonly mode?: number + readonly mode?: number; /** * Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' * * @schema io.k8s.api.core.v1.DownwardAPIVolumeFile#path */ - readonly path: string + readonly path: string; /** * Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. * * @schema io.k8s.api.core.v1.DownwardAPIVolumeFile#resourceFieldRef */ - readonly resourceFieldRef?: ResourceFieldSelector + readonly resourceFieldRef?: ResourceFieldSelector; + } /** @@ -26355,17 +25549,15 @@ export interface DownwardApiVolumeFile { */ /* eslint-disable max-len, quote-props */ export function toJson_DownwardApiVolumeFile(obj: DownwardApiVolumeFile | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - fieldRef: toJson_ObjectFieldSelector(obj.fieldRef), - mode: obj.mode, - path: obj.path, - resourceFieldRef: toJson_ResourceFieldSelector(obj.resourceFieldRef) - } + 'fieldRef': toJson_ObjectFieldSelector(obj.fieldRef), + 'mode': obj.mode, + 'path': obj.path, + 'resourceFieldRef': toJson_ResourceFieldSelector(obj.resourceFieldRef), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26380,32 +25572,29 @@ export interface PersistentVolumeClaimTemplate { * * @schema io.k8s.api.core.v1.PersistentVolumeClaimTemplate#metadata */ - readonly metadata?: ObjectMeta + readonly metadata?: ObjectMeta; /** * The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. * * @schema io.k8s.api.core.v1.PersistentVolumeClaimTemplate#spec */ - readonly spec: PersistentVolumeClaimSpec + readonly spec: PersistentVolumeClaimSpec; + } /** * Converts an object of type 'PersistentVolumeClaimTemplate' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_PersistentVolumeClaimTemplate( - obj: PersistentVolumeClaimTemplate | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_PersistentVolumeClaimTemplate(obj: PersistentVolumeClaimTemplate | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - metadata: toJson_ObjectMeta(obj.metadata), - spec: toJson_PersistentVolumeClaimSpec(obj.spec) - } + 'metadata': toJson_ObjectMeta(obj.metadata), + 'spec': toJson_PersistentVolumeClaimSpec(obj.spec), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26420,28 +25609,29 @@ export interface VolumeProjection { * * @schema io.k8s.api.core.v1.VolumeProjection#configMap */ - readonly configMap?: ConfigMapProjection + readonly configMap?: ConfigMapProjection; /** * downwardAPI information about the downwardAPI data to project * * @schema io.k8s.api.core.v1.VolumeProjection#downwardAPI */ - readonly downwardApi?: DownwardApiProjection + readonly downwardApi?: DownwardApiProjection; /** * secret information about the secret data to project * * @schema io.k8s.api.core.v1.VolumeProjection#secret */ - readonly secret?: SecretProjection + readonly secret?: SecretProjection; /** * serviceAccountToken is information about the serviceAccountToken data to project * * @schema io.k8s.api.core.v1.VolumeProjection#serviceAccountToken */ - readonly serviceAccountToken?: ServiceAccountTokenProjection + readonly serviceAccountToken?: ServiceAccountTokenProjection; + } /** @@ -26449,17 +25639,15 @@ export interface VolumeProjection { */ /* eslint-disable max-len, quote-props */ export function toJson_VolumeProjection(obj: VolumeProjection | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - configMap: toJson_ConfigMapProjection(obj.configMap), - downwardAPI: toJson_DownwardApiProjection(obj.downwardApi), - secret: toJson_SecretProjection(obj.secret), - serviceAccountToken: toJson_ServiceAccountTokenProjection(obj.serviceAccountToken) - } + 'configMap': toJson_ConfigMapProjection(obj.configMap), + 'downwardAPI': toJson_DownwardApiProjection(obj.downwardApi), + 'secret': toJson_SecretProjection(obj.secret), + 'serviceAccountToken': toJson_ServiceAccountTokenProjection(obj.serviceAccountToken), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26474,7 +25662,8 @@ export interface GroupSubjectV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.GroupSubject#name */ - readonly name: string + readonly name: string; + } /** @@ -26482,14 +25671,12 @@ export interface GroupSubjectV1Beta1 { */ /* eslint-disable max-len, quote-props */ export function toJson_GroupSubjectV1Beta1(obj: GroupSubjectV1Beta1 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26504,32 +25691,29 @@ export interface ServiceAccountSubjectV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.ServiceAccountSubject#name */ - readonly name: string + readonly name: string; /** * `namespace` is the namespace of matching ServiceAccount objects. Required. * * @schema io.k8s.api.flowcontrol.v1beta1.ServiceAccountSubject#namespace */ - readonly namespace: string + readonly namespace: string; + } /** * Converts an object of type 'ServiceAccountSubjectV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ServiceAccountSubjectV1Beta1( - obj: ServiceAccountSubjectV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ServiceAccountSubjectV1Beta1(obj: ServiceAccountSubjectV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - namespace: obj.namespace - } + 'name': obj.name, + 'namespace': obj.namespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26544,7 +25728,8 @@ export interface UserSubjectV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.UserSubject#name */ - readonly name: string + readonly name: string; + } /** @@ -26552,14 +25737,12 @@ export interface UserSubjectV1Beta1 { */ /* eslint-disable max-len, quote-props */ export function toJson_UserSubjectV1Beta1(obj: UserSubjectV1Beta1 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26574,40 +25757,37 @@ export interface QueuingConfigurationV1Beta1 { * * @schema io.k8s.api.flowcontrol.v1beta1.QueuingConfiguration#handSize */ - readonly handSize?: number + readonly handSize?: number; /** * `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50. * * @schema io.k8s.api.flowcontrol.v1beta1.QueuingConfiguration#queueLengthLimit */ - readonly queueLengthLimit?: number + readonly queueLengthLimit?: number; /** * `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64. * * @schema io.k8s.api.flowcontrol.v1beta1.QueuingConfiguration#queues */ - readonly queues?: number + readonly queues?: number; + } /** * Converts an object of type 'QueuingConfigurationV1Beta1' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_QueuingConfigurationV1Beta1( - obj: QueuingConfigurationV1Beta1 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_QueuingConfigurationV1Beta1(obj: QueuingConfigurationV1Beta1 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - handSize: obj.handSize, - queueLengthLimit: obj.queueLengthLimit, - queues: obj.queues - } + 'handSize': obj.handSize, + 'queueLengthLimit': obj.queueLengthLimit, + 'queues': obj.queues, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26622,7 +25802,8 @@ export interface GroupSubjectV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.GroupSubject#name */ - readonly name: string + readonly name: string; + } /** @@ -26630,14 +25811,12 @@ export interface GroupSubjectV1Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_GroupSubjectV1Beta2(obj: GroupSubjectV1Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26652,32 +25831,29 @@ export interface ServiceAccountSubjectV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.ServiceAccountSubject#name */ - readonly name: string + readonly name: string; /** * `namespace` is the namespace of matching ServiceAccount objects. Required. * * @schema io.k8s.api.flowcontrol.v1beta2.ServiceAccountSubject#namespace */ - readonly namespace: string + readonly namespace: string; + } /** * Converts an object of type 'ServiceAccountSubjectV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ServiceAccountSubjectV1Beta2( - obj: ServiceAccountSubjectV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ServiceAccountSubjectV1Beta2(obj: ServiceAccountSubjectV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - namespace: obj.namespace - } + 'name': obj.name, + 'namespace': obj.namespace, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26692,7 +25868,8 @@ export interface UserSubjectV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.UserSubject#name */ - readonly name: string + readonly name: string; + } /** @@ -26700,14 +25877,12 @@ export interface UserSubjectV1Beta2 { */ /* eslint-disable max-len, quote-props */ export function toJson_UserSubjectV1Beta2(obj: UserSubjectV1Beta2 | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name - } + 'name': obj.name, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26722,40 +25897,37 @@ export interface QueuingConfigurationV1Beta2 { * * @schema io.k8s.api.flowcontrol.v1beta2.QueuingConfiguration#handSize */ - readonly handSize?: number + readonly handSize?: number; /** * `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50. * * @schema io.k8s.api.flowcontrol.v1beta2.QueuingConfiguration#queueLengthLimit */ - readonly queueLengthLimit?: number + readonly queueLengthLimit?: number; /** * `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64. * * @schema io.k8s.api.flowcontrol.v1beta2.QueuingConfiguration#queues */ - readonly queues?: number + readonly queues?: number; + } /** * Converts an object of type 'QueuingConfigurationV1Beta2' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_QueuingConfigurationV1Beta2( - obj: QueuingConfigurationV1Beta2 | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_QueuingConfigurationV1Beta2(obj: QueuingConfigurationV1Beta2 | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - handSize: obj.handSize, - queueLengthLimit: obj.queueLengthLimit, - queues: obj.queues - } + 'handSize': obj.handSize, + 'queueLengthLimit': obj.queueLengthLimit, + 'queues': obj.queues, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26770,14 +25942,15 @@ export interface ServiceBackendPort { * * @schema io.k8s.api.networking.v1.ServiceBackendPort#name */ - readonly name?: string + readonly name?: string; /** * Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name". * * @schema io.k8s.api.networking.v1.ServiceBackendPort#number */ - readonly number?: number + readonly number?: number; + } /** @@ -26785,15 +25958,13 @@ export interface ServiceBackendPort { */ /* eslint-disable max-len, quote-props */ export function toJson_ServiceBackendPort(obj: ServiceBackendPort | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - number: obj.number - } + 'name': obj.name, + 'number': obj.number, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26808,14 +25979,14 @@ export interface HttpIngressPath { * * @schema io.k8s.api.networking.v1.HTTPIngressPath#backend */ - readonly backend: IngressBackend + readonly backend: IngressBackend; /** * Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix". * * @schema io.k8s.api.networking.v1.HTTPIngressPath#path */ - readonly path?: string + readonly path?: string; /** * PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is @@ -26832,7 +26003,8 @@ export interface HttpIngressPath { * * @schema io.k8s.api.networking.v1.HTTPIngressPath#pathType */ - readonly pathType: string + readonly pathType: string; + } /** @@ -26840,16 +26012,14 @@ export interface HttpIngressPath { */ /* eslint-disable max-len, quote-props */ export function toJson_HttpIngressPath(obj: HttpIngressPath | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - backend: toJson_IngressBackend(obj.backend), - path: obj.path, - pathType: obj.pathType - } + 'backend': toJson_IngressBackend(obj.backend), + 'path': obj.path, + 'pathType': obj.pathType, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26864,14 +26034,15 @@ export interface IpBlock { * * @schema io.k8s.api.networking.v1.IPBlock#cidr */ - readonly cidr: string + readonly cidr: string; /** * Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range * * @schema io.k8s.api.networking.v1.IPBlock#except */ - readonly except?: string[] + readonly except?: string[]; + } /** @@ -26879,15 +26050,13 @@ export interface IpBlock { */ /* eslint-disable max-len, quote-props */ export function toJson_IpBlock(obj: IpBlock | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - cidr: obj.cidr, - except: obj.except?.map((y) => y) - } + 'cidr': obj.cidr, + 'except': obj.except?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26902,7 +26071,7 @@ export interface NodeSelectorRequirement { * * @schema io.k8s.api.core.v1.NodeSelectorRequirement#key */ - readonly key: string + readonly key: string; /** * Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. @@ -26911,33 +26080,30 @@ export interface NodeSelectorRequirement { * * @schema io.k8s.api.core.v1.NodeSelectorRequirement#operator */ - readonly operator: string + readonly operator: string; /** * An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. * * @schema io.k8s.api.core.v1.NodeSelectorRequirement#values */ - readonly values?: string[] + readonly values?: string[]; + } /** * Converts an object of type 'NodeSelectorRequirement' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_NodeSelectorRequirement( - obj: NodeSelectorRequirement | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_NodeSelectorRequirement(obj: NodeSelectorRequirement | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - operator: obj.operator, - values: obj.values?.map((y) => y) - } + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -26950,79 +26116,79 @@ export interface JsonSchemaProps { /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#$ref */ - readonly ref?: string + readonly ref?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#$schema */ - readonly schema?: string + readonly schema?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#additionalItems */ - readonly additionalItems?: any + readonly additionalItems?: any; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#additionalProperties */ - readonly additionalProperties?: any + readonly additionalProperties?: any; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#allOf */ - readonly allOf?: JsonSchemaProps[] + readonly allOf?: JsonSchemaProps[]; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#anyOf */ - readonly anyOf?: JsonSchemaProps[] + readonly anyOf?: JsonSchemaProps[]; /** * default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#default */ - readonly default?: any + readonly default?: any; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#definitions */ - readonly definitions?: { [key: string]: JsonSchemaProps } + readonly definitions?: { [key: string]: JsonSchemaProps }; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#dependencies */ - readonly dependencies?: { [key: string]: any } + readonly dependencies?: { [key: string]: any }; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#description */ - readonly description?: string + readonly description?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#enum */ - readonly enum?: any[] + readonly enum?: any[]; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#example */ - readonly example?: any + readonly example?: any; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#exclusiveMaximum */ - readonly exclusiveMaximum?: boolean + readonly exclusiveMaximum?: boolean; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#exclusiveMinimum */ - readonly exclusiveMinimum?: boolean + readonly exclusiveMinimum?: boolean; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#externalDocs */ - readonly externalDocs?: ExternalDocumentation + readonly externalDocs?: ExternalDocumentation; /** * format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: @@ -27031,119 +26197,119 @@ export interface JsonSchemaProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#format */ - readonly format?: string + readonly format?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#id */ - readonly id?: string + readonly id?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#items */ - readonly items?: any + readonly items?: any; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#maxItems */ - readonly maxItems?: number + readonly maxItems?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#maxLength */ - readonly maxLength?: number + readonly maxLength?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#maxProperties */ - readonly maxProperties?: number + readonly maxProperties?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#maximum */ - readonly maximum?: number + readonly maximum?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#minItems */ - readonly minItems?: number + readonly minItems?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#minLength */ - readonly minLength?: number + readonly minLength?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#minProperties */ - readonly minProperties?: number + readonly minProperties?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#minimum */ - readonly minimum?: number + readonly minimum?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#multipleOf */ - readonly multipleOf?: number + readonly multipleOf?: number; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#not */ - readonly not?: JsonSchemaProps + readonly not?: JsonSchemaProps; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#nullable */ - readonly nullable?: boolean + readonly nullable?: boolean; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#oneOf */ - readonly oneOf?: JsonSchemaProps[] + readonly oneOf?: JsonSchemaProps[]; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#pattern */ - readonly pattern?: string + readonly pattern?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#patternProperties */ - readonly patternProperties?: { [key: string]: JsonSchemaProps } + readonly patternProperties?: { [key: string]: JsonSchemaProps }; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#properties */ - readonly properties?: { [key: string]: JsonSchemaProps } + readonly properties?: { [key: string]: JsonSchemaProps }; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#required */ - readonly required?: string[] + readonly required?: string[]; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#title */ - readonly title?: string + readonly title?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#type */ - readonly type?: string + readonly type?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#uniqueItems */ - readonly uniqueItems?: boolean + readonly uniqueItems?: boolean; /** * x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata). * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-embedded-resource */ - readonly xKubernetesEmbeddedResource?: boolean + readonly xKubernetesEmbeddedResource?: boolean; /** * x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns: @@ -27159,7 +26325,7 @@ export interface JsonSchemaProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-int-or-string */ - readonly xKubernetesIntOrString?: boolean + readonly xKubernetesIntOrString?: boolean; /** * x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map. @@ -27170,7 +26336,7 @@ export interface JsonSchemaProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-list-map-keys */ - readonly xKubernetesListMapKeys?: string[] + readonly xKubernetesListMapKeys?: string[]; /** * x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values: @@ -27191,7 +26357,7 @@ export interface JsonSchemaProps { * @default atomic for arrays. * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-list-type */ - readonly xKubernetesListType?: string + readonly xKubernetesListType?: string; /** * x-kubernetes-map-type annotates an object to further describe its topology. This extension must only be used when type is object and may have 2 possible values: @@ -27205,21 +26371,22 @@ export interface JsonSchemaProps { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-map-type */ - readonly xKubernetesMapType?: string + readonly xKubernetesMapType?: string; /** * x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-preserve-unknown-fields */ - readonly xKubernetesPreserveUnknownFields?: boolean + readonly xKubernetesPreserveUnknownFields?: boolean; /** * x-kubernetes-validations describes a list of validation rules written in the CEL expression language. This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps#x-kubernetes-validations */ - readonly xKubernetesValidations?: ValidationRule[] + readonly xKubernetesValidations?: ValidationRule[]; + } /** @@ -27227,78 +26394,55 @@ export interface JsonSchemaProps { */ /* eslint-disable max-len, quote-props */ export function toJson_JsonSchemaProps(obj: JsonSchemaProps | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } - const result = { - $ref: obj.ref, - $schema: obj.schema, - additionalItems: obj.additionalItems, - additionalProperties: obj.additionalProperties, - allOf: obj.allOf?.map((y) => toJson_JsonSchemaProps(y)), - anyOf: obj.anyOf?.map((y) => toJson_JsonSchemaProps(y)), - default: obj.default, - definitions: - obj.definitions === undefined - ? undefined - : Object.entries(obj.definitions).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), - {} - ), - dependencies: - obj.dependencies === undefined - ? undefined - : Object.entries(obj.dependencies).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}), - description: obj.description, - enum: obj.enum?.map((y) => y), - example: obj.example, - exclusiveMaximum: obj.exclusiveMaximum, - exclusiveMinimum: obj.exclusiveMinimum, - externalDocs: toJson_ExternalDocumentation(obj.externalDocs), - format: obj.format, - id: obj.id, - items: obj.items, - maxItems: obj.maxItems, - maxLength: obj.maxLength, - maxProperties: obj.maxProperties, - maximum: obj.maximum, - minItems: obj.minItems, - minLength: obj.minLength, - minProperties: obj.minProperties, - minimum: obj.minimum, - multipleOf: obj.multipleOf, - not: toJson_JsonSchemaProps(obj.not), - nullable: obj.nullable, - oneOf: obj.oneOf?.map((y) => toJson_JsonSchemaProps(y)), - pattern: obj.pattern, - patternProperties: - obj.patternProperties === undefined - ? undefined - : Object.entries(obj.patternProperties).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), - {} - ), - properties: - obj.properties === undefined - ? undefined - : Object.entries(obj.properties).reduce( - (r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), - {} - ), - required: obj.required?.map((y) => y), - title: obj.title, - type: obj.type, - uniqueItems: obj.uniqueItems, + if (obj === undefined) { return undefined; } + const result = { + '$ref': obj.ref, + '$schema': obj.schema, + 'additionalItems': obj.additionalItems, + 'additionalProperties': obj.additionalProperties, + 'allOf': obj.allOf?.map(y => toJson_JsonSchemaProps(y)), + 'anyOf': obj.anyOf?.map(y => toJson_JsonSchemaProps(y)), + 'default': obj.default, + 'definitions': ((obj.definitions) === undefined) ? undefined : (Object.entries(obj.definitions).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), {})), + 'dependencies': ((obj.dependencies) === undefined) ? undefined : (Object.entries(obj.dependencies).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + 'description': obj.description, + 'enum': obj.enum?.map(y => y), + 'example': obj.example, + 'exclusiveMaximum': obj.exclusiveMaximum, + 'exclusiveMinimum': obj.exclusiveMinimum, + 'externalDocs': toJson_ExternalDocumentation(obj.externalDocs), + 'format': obj.format, + 'id': obj.id, + 'items': obj.items, + 'maxItems': obj.maxItems, + 'maxLength': obj.maxLength, + 'maxProperties': obj.maxProperties, + 'maximum': obj.maximum, + 'minItems': obj.minItems, + 'minLength': obj.minLength, + 'minProperties': obj.minProperties, + 'minimum': obj.minimum, + 'multipleOf': obj.multipleOf, + 'not': toJson_JsonSchemaProps(obj.not), + 'nullable': obj.nullable, + 'oneOf': obj.oneOf?.map(y => toJson_JsonSchemaProps(y)), + 'pattern': obj.pattern, + 'patternProperties': ((obj.patternProperties) === undefined) ? undefined : (Object.entries(obj.patternProperties).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), {})), + 'properties': ((obj.properties) === undefined) ? undefined : (Object.entries(obj.properties).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: toJson_JsonSchemaProps(i[1]) }), {})), + 'required': obj.required?.map(y => y), + 'title': obj.title, + 'type': obj.type, + 'uniqueItems': obj.uniqueItems, 'x-kubernetes-embedded-resource': obj.xKubernetesEmbeddedResource, 'x-kubernetes-int-or-string': obj.xKubernetesIntOrString, - 'x-kubernetes-list-map-keys': obj.xKubernetesListMapKeys?.map((y) => y), + 'x-kubernetes-list-map-keys': obj.xKubernetesListMapKeys?.map(y => y), 'x-kubernetes-list-type': obj.xKubernetesListType, 'x-kubernetes-map-type': obj.xKubernetesMapType, 'x-kubernetes-preserve-unknown-fields': obj.xKubernetesPreserveUnknownFields, - 'x-kubernetes-validations': obj.xKubernetesValidations?.map((y) => toJson_ValidationRule(y)) - } + 'x-kubernetes-validations': obj.xKubernetesValidations?.map(y => toJson_ValidationRule(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27313,40 +26457,37 @@ export interface CustomResourceSubresourceScale { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale#labelSelectorPath */ - readonly labelSelectorPath?: string + readonly labelSelectorPath?: string; /** * specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.spec`. If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale#specReplicasPath */ - readonly specReplicasPath: string + readonly specReplicasPath: string; /** * statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status`. If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource will default to 0. * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceSubresourceScale#statusReplicasPath */ - readonly statusReplicasPath: string + readonly statusReplicasPath: string; + } /** * Converts an object of type 'CustomResourceSubresourceScale' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_CustomResourceSubresourceScale( - obj: CustomResourceSubresourceScale | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_CustomResourceSubresourceScale(obj: CustomResourceSubresourceScale | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - labelSelectorPath: obj.labelSelectorPath, - specReplicasPath: obj.specReplicasPath, - statusReplicasPath: obj.statusReplicasPath - } + 'labelSelectorPath': obj.labelSelectorPath, + 'specReplicasPath': obj.specReplicasPath, + 'statusReplicasPath': obj.statusReplicasPath, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27361,21 +26502,22 @@ export interface ConfigMapKeySelector { * * @schema io.k8s.api.core.v1.ConfigMapKeySelector#key */ - readonly key: string + readonly key: string; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.ConfigMapKeySelector#name */ - readonly name?: string + readonly name?: string; /** * Specify whether the ConfigMap or its key must be defined * * @schema io.k8s.api.core.v1.ConfigMapKeySelector#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -27383,16 +26525,14 @@ export interface ConfigMapKeySelector { */ /* eslint-disable max-len, quote-props */ export function toJson_ConfigMapKeySelector(obj: ConfigMapKeySelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - name: obj.name, - optional: obj.optional - } + 'key': obj.key, + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27407,14 +26547,15 @@ export interface ObjectFieldSelector { * * @schema io.k8s.api.core.v1.ObjectFieldSelector#apiVersion */ - readonly apiVersion?: string + readonly apiVersion?: string; /** * Path of the field to select in the specified API version. * * @schema io.k8s.api.core.v1.ObjectFieldSelector#fieldPath */ - readonly fieldPath: string + readonly fieldPath: string; + } /** @@ -27422,15 +26563,13 @@ export interface ObjectFieldSelector { */ /* eslint-disable max-len, quote-props */ export function toJson_ObjectFieldSelector(obj: ObjectFieldSelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - apiVersion: obj.apiVersion, - fieldPath: obj.fieldPath - } + 'apiVersion': obj.apiVersion, + 'fieldPath': obj.fieldPath, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27445,21 +26584,22 @@ export interface ResourceFieldSelector { * * @schema io.k8s.api.core.v1.ResourceFieldSelector#containerName */ - readonly containerName?: string + readonly containerName?: string; /** * Specifies the output format of the exposed resources, defaults to "1" * * @schema io.k8s.api.core.v1.ResourceFieldSelector#divisor */ - readonly divisor?: Quantity + readonly divisor?: Quantity; /** * Required: resource to select * * @schema io.k8s.api.core.v1.ResourceFieldSelector#resource */ - readonly resource: string + readonly resource: string; + } /** @@ -27467,16 +26607,14 @@ export interface ResourceFieldSelector { */ /* eslint-disable max-len, quote-props */ export function toJson_ResourceFieldSelector(obj: ResourceFieldSelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - containerName: obj.containerName, - divisor: obj.divisor?.value, - resource: obj.resource - } + 'containerName': obj.containerName, + 'divisor': obj.divisor?.value, + 'resource': obj.resource, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27491,21 +26629,22 @@ export interface SecretKeySelector { * * @schema io.k8s.api.core.v1.SecretKeySelector#key */ - readonly key: string + readonly key: string; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.SecretKeySelector#name */ - readonly name?: string + readonly name?: string; /** * Specify whether the Secret or its key must be defined * * @schema io.k8s.api.core.v1.SecretKeySelector#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -27513,16 +26652,14 @@ export interface SecretKeySelector { */ /* eslint-disable max-len, quote-props */ export function toJson_SecretKeySelector(obj: SecretKeySelector | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - key: obj.key, - name: obj.name, - optional: obj.optional - } + 'key': obj.key, + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27537,14 +26674,15 @@ export interface HttpHeader { * * @schema io.k8s.api.core.v1.HTTPHeader#name */ - readonly name: string + readonly name: string; /** * The header field value * * @schema io.k8s.api.core.v1.HTTPHeader#value */ - readonly value: string + readonly value: string; + } /** @@ -27552,15 +26690,13 @@ export interface HttpHeader { */ /* eslint-disable max-len, quote-props */ export function toJson_HttpHeader(obj: HttpHeader | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - name: obj.name, - value: obj.value - } + 'name': obj.name, + 'value': obj.value, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27577,21 +26713,22 @@ export interface ConfigMapProjection { * * @schema io.k8s.api.core.v1.ConfigMapProjection#items */ - readonly items?: KeyToPath[] + readonly items?: KeyToPath[]; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.ConfigMapProjection#name */ - readonly name?: string + readonly name?: string; /** * optional specify whether the ConfigMap or its keys must be defined * * @schema io.k8s.api.core.v1.ConfigMapProjection#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -27599,16 +26736,14 @@ export interface ConfigMapProjection { */ /* eslint-disable max-len, quote-props */ export function toJson_ConfigMapProjection(obj: ConfigMapProjection | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KeyToPath(y)), - name: obj.name, - optional: obj.optional - } + 'items': obj.items?.map(y => toJson_KeyToPath(y)), + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27623,7 +26758,8 @@ export interface DownwardApiProjection { * * @schema io.k8s.api.core.v1.DownwardAPIProjection#items */ - readonly items?: DownwardApiVolumeFile[] + readonly items?: DownwardApiVolumeFile[]; + } /** @@ -27631,14 +26767,12 @@ export interface DownwardApiProjection { */ /* eslint-disable max-len, quote-props */ export function toJson_DownwardApiProjection(obj: DownwardApiProjection | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_DownwardApiVolumeFile(y)) - } + 'items': obj.items?.map(y => toJson_DownwardApiVolumeFile(y)), + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27655,21 +26789,22 @@ export interface SecretProjection { * * @schema io.k8s.api.core.v1.SecretProjection#items */ - readonly items?: KeyToPath[] + readonly items?: KeyToPath[]; /** * Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names * * @schema io.k8s.api.core.v1.SecretProjection#name */ - readonly name?: string + readonly name?: string; /** * optional field specify whether the Secret or its key must be defined * * @schema io.k8s.api.core.v1.SecretProjection#optional */ - readonly optional?: boolean + readonly optional?: boolean; + } /** @@ -27677,16 +26812,14 @@ export interface SecretProjection { */ /* eslint-disable max-len, quote-props */ export function toJson_SecretProjection(obj: SecretProjection | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - items: obj.items?.map((y) => toJson_KeyToPath(y)), - name: obj.name, - optional: obj.optional - } + 'items': obj.items?.map(y => toJson_KeyToPath(y)), + 'name': obj.name, + 'optional': obj.optional, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27701,7 +26834,7 @@ export interface ServiceAccountTokenProjection { * * @schema io.k8s.api.core.v1.ServiceAccountTokenProjection#audience */ - readonly audience?: string + readonly audience?: string; /** * expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. @@ -27709,33 +26842,30 @@ export interface ServiceAccountTokenProjection { * @default 1 hour and must be at least 10 minutes. * @schema io.k8s.api.core.v1.ServiceAccountTokenProjection#expirationSeconds */ - readonly expirationSeconds?: number + readonly expirationSeconds?: number; /** * path is the path relative to the mount point of the file to project the token into. * * @schema io.k8s.api.core.v1.ServiceAccountTokenProjection#path */ - readonly path: string + readonly path: string; + } /** * Converts an object of type 'ServiceAccountTokenProjection' to JSON representation. */ /* eslint-disable max-len, quote-props */ -export function toJson_ServiceAccountTokenProjection( - obj: ServiceAccountTokenProjection | undefined -): Record | undefined { - if (obj === undefined) { - return undefined - } +export function toJson_ServiceAccountTokenProjection(obj: ServiceAccountTokenProjection | undefined): Record | undefined { + if (obj === undefined) { return undefined; } const result = { - audience: obj.audience, - expirationSeconds: obj.expirationSeconds, - path: obj.path - } + 'audience': obj.audience, + 'expirationSeconds': obj.expirationSeconds, + 'path': obj.path, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27748,12 +26878,13 @@ export interface ExternalDocumentation { /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation#description */ - readonly description?: string + readonly description?: string; /** * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation#url */ - readonly url?: string + readonly url?: string; + } /** @@ -27761,15 +26892,13 @@ export interface ExternalDocumentation { */ /* eslint-disable max-len, quote-props */ export function toJson_ExternalDocumentation(obj: ExternalDocumentation | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - description: obj.description, - url: obj.url - } + 'description': obj.description, + 'url': obj.url, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ @@ -27784,7 +26913,7 @@ export interface ValidationRule { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule#message */ - readonly message?: string + readonly message?: string; /** * Rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The `self` variable in the CEL expression is bound to the scoped value. Example: - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"} @@ -27815,7 +26944,8 @@ export interface ValidationRule { * * @schema io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule#rule */ - readonly rule: string + readonly rule: string; + } /** @@ -27823,14 +26953,13 @@ export interface ValidationRule { */ /* eslint-disable max-len, quote-props */ export function toJson_ValidationRule(obj: ValidationRule | undefined): Record | undefined { - if (obj === undefined) { - return undefined - } + if (obj === undefined) { return undefined; } const result = { - message: obj.message, - rule: obj.rule - } + 'message': obj.message, + 'rule': obj.rule, + }; // filter undefined values - return Object.entries(result).reduce((r, i) => (i[1] === undefined ? r : { ...r, [i[0]]: i[1] }), {}) + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); } /* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/generated/l2advertisements-metallb.io.ts b/packages/k8s-generated/generated/l2advertisements-metallb.io.ts new file mode 100644 index 0000000..79422af --- /dev/null +++ b/packages/k8s-generated/generated/l2advertisements-metallb.io.ts @@ -0,0 +1,311 @@ +// generated by cdk8s +import { ApiObject, ApiObjectMetadata, GroupVersionKind } from 'cdk8s'; +import { Construct } from 'constructs'; + + +/** + * L2Advertisement allows to advertise the LoadBalancer IPs provided by the selected pools via L2. + * + * @schema L2Advertisement + */ +export class L2Advertisement extends ApiObject { + /** + * Returns the apiVersion and kind for "L2Advertisement" + */ + public static readonly GVK: GroupVersionKind = { + apiVersion: 'metallb.io/v1beta1', + kind: 'L2Advertisement', + } + + /** + * Renders a Kubernetes manifest for "L2Advertisement". + * + * This can be used to inline resource manifests inside other objects (e.g. as templates). + * + * @param props initialization props + */ + public static manifest(props: L2AdvertisementProps = {}): any { + return { + ...L2Advertisement.GVK, + ...toJson_L2AdvertisementProps(props), + }; + } + + /** + * Defines a "L2Advertisement" API object + * @param scope the scope in which to define this object + * @param id a scope-local name for the object + * @param props initialization props + */ + public constructor(scope: Construct, id: string, props: L2AdvertisementProps = {}) { + super(scope, id, { + ...L2Advertisement.GVK, + ...props, + }); + } + + /** + * Renders the object to Kubernetes JSON. + */ + public toJson(): any { + const resolved = super.toJson(); + + return { + ...L2Advertisement.GVK, + ...toJson_L2AdvertisementProps(resolved), + }; + } +} + +/** + * L2Advertisement allows to advertise the LoadBalancer IPs provided by the selected pools via L2. + * + * @schema L2Advertisement + */ +export interface L2AdvertisementProps { + /** + * @schema L2Advertisement#metadata + */ + readonly metadata?: ApiObjectMetadata; + + /** + * L2AdvertisementSpec defines the desired state of L2Advertisement. + * + * @schema L2Advertisement#spec + */ + readonly spec?: L2AdvertisementSpec; + +} + +/** + * Converts an object of type 'L2AdvertisementProps' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementProps(obj: L2AdvertisementProps | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'metadata': obj.metadata, + 'spec': toJson_L2AdvertisementSpec(obj.spec), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * L2AdvertisementSpec defines the desired state of L2Advertisement. + * + * @schema L2AdvertisementSpec + */ +export interface L2AdvertisementSpec { + /** + * A list of interfaces to announce from. The LB IP will be announced only from these interfaces. If the field is not set, we advertise from all the interfaces on the host. + * + * @schema L2AdvertisementSpec#interfaces + */ + readonly interfaces?: string[]; + + /** + * A selector for the IPAddressPools which would get advertised via this advertisement. If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + * + * @schema L2AdvertisementSpec#ipAddressPoolSelectors + */ + readonly ipAddressPoolSelectors?: L2AdvertisementSpecIpAddressPoolSelectors[]; + + /** + * The list of IPAddressPools to advertise via this advertisement, selected by name. + * + * @schema L2AdvertisementSpec#ipAddressPools + */ + readonly ipAddressPools?: string[]; + + /** + * NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops. + * + * @schema L2AdvertisementSpec#nodeSelectors + */ + readonly nodeSelectors?: L2AdvertisementSpecNodeSelectors[]; + +} + +/** + * Converts an object of type 'L2AdvertisementSpec' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementSpec(obj: L2AdvertisementSpec | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'interfaces': obj.interfaces?.map(y => y), + 'ipAddressPoolSelectors': obj.ipAddressPoolSelectors?.map(y => toJson_L2AdvertisementSpecIpAddressPoolSelectors(y)), + 'ipAddressPools': obj.ipAddressPools?.map(y => y), + 'nodeSelectors': obj.nodeSelectors?.map(y => toJson_L2AdvertisementSpecNodeSelectors(y)), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectors + */ +export interface L2AdvertisementSpecIpAddressPoolSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectors#matchExpressions + */ + readonly matchExpressions?: L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'L2AdvertisementSpecIpAddressPoolSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementSpecIpAddressPoolSelectors(obj: L2AdvertisementSpecIpAddressPoolSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + * + * @schema L2AdvertisementSpecNodeSelectors + */ +export interface L2AdvertisementSpecNodeSelectors { + /** + * matchExpressions is a list of label selector requirements. The requirements are ANDed. + * + * @schema L2AdvertisementSpecNodeSelectors#matchExpressions + */ + readonly matchExpressions?: L2AdvertisementSpecNodeSelectorsMatchExpressions[]; + + /** + * matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + * + * @schema L2AdvertisementSpecNodeSelectors#matchLabels + */ + readonly matchLabels?: { [key: string]: string }; + +} + +/** + * Converts an object of type 'L2AdvertisementSpecNodeSelectors' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementSpecNodeSelectors(obj: L2AdvertisementSpecNodeSelectors | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'matchExpressions': obj.matchExpressions?.map(y => toJson_L2AdvertisementSpecNodeSelectorsMatchExpressions(y)), + 'matchLabels': ((obj.matchLabels) === undefined) ? undefined : (Object.entries(obj.matchLabels).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {})), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions + */ +export interface L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions(obj: L2AdvertisementSpecIpAddressPoolSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + +/** + * A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + * + * @schema L2AdvertisementSpecNodeSelectorsMatchExpressions + */ +export interface L2AdvertisementSpecNodeSelectorsMatchExpressions { + /** + * key is the label key that the selector applies to. + * + * @schema L2AdvertisementSpecNodeSelectorsMatchExpressions#key + */ + readonly key: string; + + /** + * operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + * + * @schema L2AdvertisementSpecNodeSelectorsMatchExpressions#operator + */ + readonly operator: string; + + /** + * values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + * + * @schema L2AdvertisementSpecNodeSelectorsMatchExpressions#values + */ + readonly values?: string[]; + +} + +/** + * Converts an object of type 'L2AdvertisementSpecNodeSelectorsMatchExpressions' to JSON representation. + */ +/* eslint-disable max-len, quote-props */ +export function toJson_L2AdvertisementSpecNodeSelectorsMatchExpressions(obj: L2AdvertisementSpecNodeSelectorsMatchExpressions | undefined): Record | undefined { + if (obj === undefined) { return undefined; } + const result = { + 'key': obj.key, + 'operator': obj.operator, + 'values': obj.values?.map(y => y), + }; + // filter undefined values + return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {}); +} +/* eslint-enable max-len, quote-props */ + diff --git a/packages/k8s-generated/package.json b/packages/k8s-generated/package.json index bd31c27..6d23872 100644 --- a/packages/k8s-generated/package.json +++ b/packages/k8s-generated/package.json @@ -1,7 +1,7 @@ { "name": "@package/k8s-generated", "version": "1.25.0", - "main": "src", + "main": "generated", "repository": "https://github.com/BaeKY/k8s-lab.git", "author": { "name": "Bob", @@ -9,6 +9,6 @@ }, "license": "MIT", "scripts": { - "generate": "cdk8s import k8s --language typescript --output ./src/generated" + "generate": "cdk8s import --output ./generated" } } diff --git a/packages/k8s-generated/src/index.ts b/packages/k8s-generated/src/index.ts deleted file mode 100644 index 3277aca..0000000 --- a/packages/k8s-generated/src/index.ts +++ /dev/null @@ -1 +0,0 @@ -export * from './generated/k8s' diff --git a/packages/k8s-generated/tsconfig.json b/packages/k8s-generated/tsconfig.json index 7273aa3..b5da3c1 100644 --- a/packages/k8s-generated/tsconfig.json +++ b/packages/k8s-generated/tsconfig.json @@ -1,4 +1,4 @@ { "extends": "../../tsconfig.json", - "include": ["src/**/*"] + "include": ["generated/**/*"] } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index bc8b3ff..d30ae1e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -39,10 +39,12 @@ importers: '@package/cdk8s-loader': workspace:^0.0.1 '@package/common': workspace:^0.0.1 '@package/k8s-generated': workspace:^1.25.0 + dotenv: ^16.0.3 dependencies: '@package/cdk8s-loader': link:../packages/cdk8s-loader '@package/common': link:../packages/common '@package/k8s-generated': link:../packages/k8s-generated + dotenv: 16.0.3 packages/cdk8s-loader: specifiers: @@ -1341,6 +1343,11 @@ packages: tslib: 2.4.1 dev: false + /dotenv/16.0.3: + resolution: {integrity: sha512-7GO6HghkA5fYG9TYnNxi14/7K9f5occMlp3zXAuSxn7CKCxt9xbNWG7yF8hTCSUchlfWSe3uLmlPfigevRItzQ==} + engines: {node: '>=12'} + dev: false + /electron-to-chromium/1.4.284: resolution: {integrity: sha512-M8WEXFuKXMYMVr45fo8mq0wUrrJHheiKZf6BArTKk9ZBYCKJEOU5H8cdWgDT+qCVZf7Na4lVUaZsA+h6uA9+PA==} dev: false

9;my7#}ITFPF`6PhEL!=zR2>S_MpUo;g)H<`ekLMzN zd~^sNYTpI**kDhM`L}d6&_kL2wo?6j@O#{<3wIlHO23sKAnjGJ7JD#puDA0rh?Di} zX)+MpGDPlhCDetBrt9$80P6o8$orCLMnU_3#fQf~g&(!QEXar2J|549j(G0>*qcyY z4lnE6xq{_hw$5Omuk6R2x00gwEsrZ&g5s~!gYdb3d28z=JF(h_N?wwm*|p-8~BS+7qZop0jPaP2J9P+h*%>kDKtwx}^^5aUx^kH^0NwrPJ0`|NP?79`vt z2{}ecRTgqh&4`4FO*8RN?t_U|aW|Dy z=sqe^xE|G-&6zhhbuqox3oECwKVika9p}z>*Q^ZfA4~t1Ep%fswD&@j*Vmo6 zrhI&B1N(5F?vLg`jG*6NOldpPM`e3#rW9UfzdyF!P-P~-to{)B-2uro_m6Q9b$g`M z!&6v;0BV?aFC!*U^AuqD-&6RMP1Kk#sFCpft8&uQ0J5g?2;9tpI(hpLohriNdlUxd z_r+zo56WS=`~p?8_mRu5bn|cla~pf~X}@re7p*rG(^#CqO->?dm^wH-PtX_HA?9sA zF6b0TKbqmOQN=0VJ&&JSGBu}#N1j)|U$XU5zz}WYf|EXwv%4(fgHK$+9L5e$9G#vb ze+*-#CYwVW6Q+Y`XrEjyy|J#a7DMj~fb4!_f_r|WpSk4m?^8RUL88mHL(bEI7(uPE z?}JIh?V6I-^|3KgX(m(&y>+o}4-MEb(0ejpkSf0R@8tX4gE;dI7!0JrPfLxksqTqcVd~Zv{Wi5^am0(kCoLy zr!_pqT!0dSw~RkcGJZ5KGG!aI`#W;h^!?s4#8Id&p3gwg9uoyN9lyCMra*Q?)&+u% zg(%FT|6v#UO@n`><#*UMpkUIPf!kb!==_tH^`9j=xPs;1ttV}#UIeK z)^1-vcP;vq8+7mbI8K@RQ&;urY_#oULuGTb3-1cAlE8bWH~dUxkKc|3ZuMNv{u zmq_>=aDMoC`mTX#6?<7^=%-ikTAE;^gi|65c^3tGg8__B_AZ5*8wtTph2q5D7@=k; zG^gLRP5Aj<#Pul>x~C7ku0+UR;RzMU)gxt^(D+~mK$U$(sGxS?17d~_`nJ1zX@fh7i9 zYS{7q+_dp!Mk)31)tV_flPdGaQ?7^L@`LL47$8zm$imdWrr^Ly?PB!i!%YK!;KZgMO{U=U8nfLdUMlw%>t+fxmnnsNWqKEir#Kp97gSYh+XP zn0)a~wMTg^)wDPQ?E@n1NpNbv7+_)!UzPpCcA-=cAK_L3*Zn;=Axj4SzE-EleV)}G zV#w}Gw#0Q8H<(tKn(@^*U(aqG3K~+7&tqk&)ys;xl-e|)J8%B>w7dwj&t0CDMG42^ z_P*6$T@LJ1A3)-#=7d*0#lJ$Hvne&Vm+TPA3q4O3dyGM59{ff5In_S%QrfLAO9 zI8M*UZ(b3TA>>f(s(Y2K|8TE0whUc zI>+Cq-sERY9sG$rQ{i!_nZWrOf)oW>H!IZlm;UZCC|S4H96OqO$cvn546>?D`m*k` zr^}Kg=#k1CY3Z@wKgRRwSs#ZPdO~VX5f$u{K>yGT7`iBFyd~#7NSH?e2aR9%;9*!G zx&4E+UduR5_d0d4*{Ut}P1y^bo?LW4F#p<-Z(`~+0B~V{!iD~GgtULEAw2Nztag9i zfC(gfqX7ruc^t7lFf8v_s@Uts8QQH__t}Ec`a~uoE*psnbFED*iPx#60H4wrd_@sT}Znb9NLB=|hk`nD2_2{j$${QHsxAc_{1t znT6I7*r2%Vkq10~qpheu!y40+W{4E_;&rE}hk|~pLcT98nhE+;Z>!cIV&bi<5Pnw* z^p;0>&+D#UO%0)>PUEYG_2VsJrk$hHrTBrjugML*kNs@`wioH}H?BY8W0`!T9-AjIZ3xnYKHOuUlw-J5-XAUgOzGs=q= z-Y%;7TE#IBWn z+7R|Dsn=59+K>U4UGHa%xxVP}HUYHfiM#Lbj6;0%ckJJ_64xP_Q$_V%Z6;ef;Y%&0 zHb6$jAWZ!7f?3kNMah_Xp@H#A5?1?Xm18+HIWfP$VjFUNmz?`>9}m3jCP93A!atw- zx39pcGqbyMJsq@SJrH>Vbw-0hffpIL?Tl+33@Pu{OFwdj4;Rq^b_BJ|WOfk4BkRPx9_Hz1UQ?94k>E4!C(I341BGC$Z_Ib7(x)0zE* zw%Cr${q%A{L}EhlAw&sHr8P~(oZuOv=&8Pd>WUAuceADV*+hM1xbODr&#L!j`D}&# z#Opls1k&>X_7C{Tah)zg3Un0sCcfd_7>pzi@TlW<^pM^4G9BWJ+;hhFU*r7{f|FL9 z70&xhN|uF??g~<+`Y&u1H^pXr^a|*+^eU?HJ-nCqSwJrX912ZZyBYL&SRYF(H4S@t zU|WGVAPE486K~P#uGx=8(2RM5>rypp)lqBbM!PwJ(;j)p*`8BlXKyx1Moy+{ zt6YRn(KeA}1+*-PwS`2j30!oJy|3*8C*CI>KH4H}syQYwb%px6uP6EC*?*eoa1;HB zAb;l}#wKX1R9JaQgZb5$?i13>jd85L1 zC^^lv`kFz;YQ82P$r1ct{?b~;s~*Jnw+|}I5WdiglJ1E{n&IQih0Yi8mv<^{BT_xN z-Tq=$u`K1~Soya4vk^09&D!?7p?+2`X6J+-?)Kn5`$YdRDz{3O+XVOc^2^G-kUM=g zPa`MtreDtj-9Pxt*4i6lAEeHIGL(5HK^KZ{Jp>_m^yPPCO+p3sw}AFd9-pZCM9A6y;bR*eL#9B4nDFBdIdRH7Z9!l){}?-m+4-_Hcv zgsp_-^j$zdeW6W}9e(?jY!GJ(F+Iuqth3WmMD`&gY1=;A=KIp_h`e)`UlD+WSO&0# zsGCOZ15K7jd62}d`O&5QjASc3DU}RT7^cfzn>?=yKsFmwJ0y-wGoFZb<%H+3w#!1@0iJG*aQbtLi>8HzET>R4f zU9IXi9V|5$nc?OK*#8q1scx7Q}9)aSB27frcieLQ8nDE0tUjtc^ zn#s(o`%aDQgbX=vKXxQIVDhfALL$-`8V}~@dI++hdhYaw&(L2V*Yo~UM4KVW=J4{m z%!f$7oZD9wjQGL(b*(67%YZgNU4ch!viP`J$|(;B6)r)r{i%cCR9})ka;#r}eDM+( z<+NQB1-v_rDA?l>7)L*HSw^Q-x$zJdwG_%D1G&Pb(7H#T3tBQrFBA|4_RBRan8)vv ze8upRvaCRo_OIpcMjRhzJ2gUIeb+RbRoSwigGWyo^)Bd!x0tY~E2piO_RvEOx3BM?6=3`g*?5*8$s5{+y6w zcfU`(kDRqD^?h>G<%~Z0paBf`=TMM0r;!T%X!kLzo#_O3w*OehpLV!Z`Q;kWR{_0A z>@47g>e~3la&NysPX#W;&}`CnCT~5G(g4qmr!|4=$4Wb0)AU9p;D*hFbqq5Gp_b{; z^$Ne{qobSzlsceu9K9=pZGh;V1x}L|XUr-LQobuVn?Kn=BhFIe+I?E?Py51Ez-r70 z-rtw@tOO$L7{^iRpUL&ui1?-0yKKjn#^Z`ozVj*A1J(9b$Lo-cLccAJ_iSq0u}mzu zuwN6d>}?@v1UlM|Hh_adTjZA6=bW}(DBX!0&4w#EJYZ20l`OG_3@2%h3@ z&ryUL+@4u`4v%wzy@;0H3_+!>Bi|x{!q^gIq#AlCuZ9;?%1u2j#TDv7R1Ppm_nYUR zzPj|Yng-h@fQrx2%WkawV1Ybrd}MR1Nv7h9cyy}hy&T72##(gm6%dzw9=jqmo5Un~ zo>=2KUQe8pUdfAmO~}iQTBEpNUe%8G?;@tuabC1clYbHUsa%qHK z$@L)WXTP?qBlY=f$VGc#=6PRXBi266T^%p?WH?-Yn@dF8*FlDOeksq*7ZkDwF9XZhtYSC|t1uf^pQJl{8*}mU*%s+)UGb*)=x891QibT+e)2O2$-}wi z$b#%1hD+>Y#=tqpr*=jd1e`x78_)31kOGHep_VHZk&$nE6>?5&H-{i^7 z*h6-Ee=Wy#x##6V_{FlH1N=ElyO2U^k#H`Adw~?|##XkoZ*cje?dbh@^9^D?;zg~z z4@+o&#E{=`eYb{=7}H0rvsl-~D^`@pqi%<-ZGHm*k zS$j98eT!Dkt%pVpF2aF6+N?*HU&*^7+lB7;sw(epmoSv%ZMq)r$7$$7>{jUzfguk) znTeKwYjiq!K~Qg5s`hltRoF+hh{Pd1$(R?j%TgSuxe}R*hL=&lf8)U}0q@XE+0ahS zi>>R4Ek$~HrzDYLr7#{7;@keT`;bv@y||Dj{Y>LhdGH48o%Vqg*&m`pf20qO#DK$Q z>e@_sDa9R;;=r#W_Dzpo5AwWz?7eKNsob$my9tHYZ8IMInp0+S&lSZr2lb|*=_fJK zS!9&M9Vd!^3#>L!WnHT>ZYZcJgd~1G#^LS&IC3$HPCm-wUQc!KqiZKB3cUMs3^n@0 zTa$1NN_swEmmh0xoLQ;5XUpCelIATcKdsjslwiFANc~q;gGaqz+Qnq{vO!u;?LPU{9+GfHaLvE2qJK@e=)hM|@WZbRT~NJxIehZdr#QWIkiy9RPm}Bui_+=Ua<(prtp9AV zdf3N?s>8{72h#?ul{r=N669JYNtBMBiUV+z^OGAYvfIedOX+c?X^r}rAyR)k=95P-g$)*X44 z_!dpiP))oJwxd`4Goc^mDG+{Il}NpUU>*W&(XyqxL)8w=9t6s zQqJ`kD?B)r(i>|NJULDIYF( zB*yZ~DA%h$cf?Z6>nnWav$eUD{33w<=}*w=o-PSx{BD;*9kR44rn_HU$G-bo6Dl@- zJN=li9g)tIsy87y!R{rdxBAdXWTBHDf%VVH{yi)EmRscPAXq-%UQ6!bW>%b*mp87_ zxKAJO)2`w@msb_T&;=QzUQV=(GJf zblKpAt(v{O^AEe|bmeL>NsQvPSaYNDZUm*pEOXmR&gSE){Xzozo_wFM~tRAVgkVnz}@ z6Aj4|x!r`l3MqURr@EzK`oSmKV;|k#zit<-8{cUKq)XEufl3P6@M*;Tv*gzDbXePd z6E4=3Fd)CqBH#z#U(yNtSiKmhY6RHJ?njsmqwUgP#ZU)cdq_i9ZlxdV+1YemqyFOK z0G<-xJrL$?acJ=)FFny;4EJhDpX~d%ypWexR-)6QOn_`Gqqjr%d>UcBzU+naB^YzB zQS%bCyY-!^_{$;ZTilFht?;O zI8}S#yUht62cz+Tcc&4iu~%`{ZFc)a19I?I6S{~jjxN5r7?Zc7#M#Fru0WhniM{(p zJ9n=>xHq$ej@3%PCG|K(nH3E?0>kOwd!3xDhMT6tas9ij@k{2a{%)<%-!YL)zT$rE zV>i7I#=gvj;8CH{?0vMqM~T(H)BS+(KGe}P`kJ*z65;1F#d6bpT8gg6YYAWqMPG#a z>?1a9ji(=jIqab7ZWO)Xd|dUM?q5k8tr`8N*7V1S(2g@ zo+G|CM`7p5 z;1Mu^`Dt)%j8@n?*C_Gm&MQm_1}Qwo;tZMm&p>vi|FFS1E`Ry_VqVMR^&uEGdMBaj z6oI21yqha#Ta>-Hg=;=Fj$16COB_=W~l<^sEd@2QNig~lT3+~f2*zgXP!?M6P$y%oS` zBV?J2R!!zMmd=TJKLQ}(O^*;$mo&ptm#{b-Poh#~fyMqZAoV}WKhNQC`Ot6RA@Rlt z-G6)xjyj)2VBuewQRZ4%5+gYMz70nRXhxh_E&kTCp$kls+}LaT3@ri2rZ!`5lO$Dw zCwGqIa&?-=YthO3r9Lj*vCu9N)0vHa-<}<|TBw2zl(MH9L{{bK@YcV}+uiT|eK~>u zapp!{8m6?UW}o^JrGP4%M_?2P21pncJn%EI>|8K#OB4!2DXqGm$e+vQo5WZm%$Dr7 zk?yB7;&;U%M;-Ps!>@ENK9iXaioVNrZ`nstaxxtpXo5gI7D7)eMiX0#9k|O#csE-FvXS9)ZY=tb6K0R*p|3ZFM;7ecvU<&J*cqK-+v>?H_# zZ(J%bJ5fr`;YKu*kFF`L?l=@rQDg zmvy0U^CVgM&d7e%z6qJ&3+=J6zno5uG-U1#p7vcUKr1ovH1x|b#08WP%V}g3=Dk-8 zjHYh+r$a8|2Qjf9H!Oz$7|8aG74hwpoE|YgMf?IghLM1)V6Ny^V7Cdz2z;M2&Eb;% zh+hvdN-k4x^5_QhK%KW6Hq&MD!M@^6MzTY`>v4t>fVMMP#xPp^Xu)7ae+(0-Xm#o@ z`U%>riNVoz_?r*y3}nFzBgq{-3MKAW5Vu7+t+>fWw}bt%IX8U_!%$r;>YSu^Y2F7; z_ZS#SFC67pbKno^*U^!ZprhY2y&3?LAUM?ve?gRT!(-~r<>bw%eO>yeK-yIp zOxggMl+9PX>T26(LQQJCJ}}L!!tZPKau+c!-!NikOBVvo&*gd2qey-_F)4tVurC2B z?g`kMXI;^Y7C{oDw^vxVSw|JhfE&j~m+bVc>#@ErP!`L^>*koMb0$BtHD^D$J~&PP z$#rbRe)kzul1uv1{GfMQQptP zk2GL}_}nfmR>e-$1Vwh(ynW7br8iNt*O3CG@HLZAoXQk~g`QN~Cx?Dl`%^f&Lv3a( z9n^pU@Xkz&b#_r*0fC6n1xq1)%>Z{4^kk1~gpblA5+gj~Xh~LdM!4GUliQC4y}tZ? zP-3)V=pI1)(7NvwmqVK3=RSnYKLmx_y`x0xS-|1_%FoA1ia>)-^3!XbL}Z5_t_1Z< zGSXW{C*Q+drAI3}bB$+cgRemc^OsT%H^2asW5ECIVd9dJi1bEYf(hN%7$Jl`5Qhxk z-p*RjjHw8@qqpqOV1es+s)^{r;%R0_`0%exde!q2S5Eo6UUchrEYOJdYpS@HF2+lV zz8f~I9)DEbb&bq-yefAmB99~@QcMDCT`9Ncs0g^RISJv5>yuR#?)tH+=ThG1g4Q^X z;=y}L0^6A>Lb4X@aLA9b@@4`*-su={+xHWI)d~CMZs6v*_r2u1fbkO><{AfI{g{0^ zsH!3;;1B73oz}T5_lMQlXQ(xNr9;4~Di^?0M3Pt*<&}$@?1KOKJXC*Ui6b2j~kQuNm;Dz_!$Vv?)uPNk?SQeAyN9 z!*5W>WNWK`Z7x6PqW~J!;r^b{IewU{*xa)KLB;;PkKSU@TkoG{0k3%4KxcCnc@1xf z8z3s}3(!FoH50B>{OAoWiqv9T^vc$zXHs}aZ&|9els^CUtjLhzHf1kZO;v9u6b_x2f@W~XGLJ( zPc_`APW@)P2S#BG@Q?3bAUgoA1a+0MG51%_3y=s)GIm*IMg3a<kIcGs44e!U8j4IrN?+Go=5-KL5@?zEoL6R_{{M0WiY@`N5K4;iNV36>^sNdCnA_+L9xOE+kgs* z?!fV>rxK2qbjpCXk?H<$@daE|XSlKIOpO&C#ho;K3_Jf`xO8RpzYN9?0&PRBN0jkC zhLE#MyBrrPkGXp=+7r1Icr8Uo>QuNUT`}LD+MNi;o8ENW9!III`6El;ip)J6DqhxTlV)XJv?do(8-wzY z<)zukuY2ftQ?!BUMHR(^Y)mzNFznsP;CkZMhLp>#0mr}h{9q#K+u;MBD zMG-{pP6sv+vuSzQI%VCJ#8<;oosY+?gzy={SBKGX=z6iSHtyo?FFQ>B1}MLW3R|AKEF>U)E_A-Y062 zofPLNPa^=-C{|tMgC-%<-djEQ}kFJrvzaEg2`r&=eZLMQKg-|{F>)}XH zrv5R{>cqsYRzbSFrV)e)icYYc9zbcNnh-Ati90>=6XEF}2nR)Xh4~QZGqo?~y{I=o zBs$vt_PFVAf|~A&NbOUDL$g&IM_v9a*&Qp=hMhdq&FU9#TJX4Z(8BM&Zt@OynN(RE9}u5qvRWKkfb|zm$5xxoX1(J zP*y)U#sjTQ3(=}zawfUp@<)r|Sim9^Zj_q(_x#q&|izm{;xB{B=N;7`d>rtXJe) zS%TMo?{>NB#EMcI<%ZqmsC->A+4aIuOYLMH=8(KXX|RCmb3)xIHkbaAwxGy1tKaqH zy<;GUl<#}Ut?2R_b2G=`m9>J0OFpso*&xPdI<9*Nd#f!!`mwVcCaXghG&O{yys$!>%$2f$bG$_TV^+4=6J2p=oDjMXJi_`Hi>tLwMrA?)5~0 zdY*jx8h^cgCwoHI>j^pT^RYBC`Nh&ZN{d_l$6>hHz-3*bDZzlxan{rG%s13-wO&H7 z^!?k)VR)upnA+1(fEb&)4jTwXx0sbA#fTsV%RWCaGlTLKFjd9ny@di7q*Z-;+lTfE zXM6W?zVso4?IuGA(&V_06Sj&|4y1-uoyGOqCpyY*=A#MXOR4H{2=a*S=>_beJ45lkhYyGQ|YM*^%?x@O}QtN zL+|VPxIE^b#9AVlF4Y~U=)Ht@>2>?)^{;olKG~R6- zo&yv<05f)z5WZK6e}ZYyl$r2r@VxK&Pu##^TEBWbQEAY7Xt{3?{7gH9X( z&v%+z#*qZhqW7~>9YGsDA1;8}nufDZ$+*n(@&^9N<+e6*;otGK+< z;|6}fdXj$$#?tzGllIsBY^?&XVeOMi2vz|R*w?R2xgzv~C5L1>Gl{>YxoxNKgZ+p% zxg2Ok-NfT#L>}K8x~80B$SmS0{3J)wY~a9!zsA*+LELCC)|JQ`EjZORk4@!uBj8Em zZ?Jh@J!8qjMQ`^=%@|wtcIQsN4K_9GX;!Nvd*gxl{cg4RP?9Q0t&0*r+1F3oj<4u_ zQ{LT!c$qicl6~*nLA3&Zu1lDf#6ojTP~1z3v`qan%e%*yr+jjpVM&X6*!@-6pD$0k z(WL5mZ6@&ORFS=Ka>?~xz36Y8@Ph>t1?5HwHPx;76ri)L4PwzH(qo*JFm^n*$Efe% zNH}@OLJmhUK_di}81b%4W-Suwa6riYaN!RI-v#;zGrWD5aNb3Cg7sR$#v>BB$k$lJ z4q>@ACY>PXhK~d2>ThhX_(u6&uZ*>Ya>&00-27xbzA0yX?#!8ljp4OC#m2ks`t))s z1b;1V4JZ5W!&5*0CZaFcrxe}pVv6ig354(gD1Jxm_l(9_yfJ#8pTZl%xfq8vW1?PE zEAa+r!v5FOOu?{Uhg%iQinFW#;W$=>rTY4+ZUiDP~z#~$~`ww!(i1f2@+nTkaqM!u^rCG zn$~vT0R_kQq`T-d4S2C7g5anJP;`i8^(Rx)`CxNAc8PK?)-8@^A!M};l(_MM$}3&UDhF>=gNYm@kVKl?tjD}T_t(?CcW0}qUSi?RN5>My#vM7gZxg+nsPl2~}Hw0mrJVP?t zChs%-kT@&PKRjb;?K=>xT(0xv?M6QXFnZW}oarS)k$rk}G6R#=k^*a^qU}|_J7ze; z(@kN-u`oXr!KXXN43-8I1m90Cd67s3Tk3)Q!C;AI0)Pvk%N%#nwN2lYTug1m2CGKV z$Fir}Aj=cocnUT)coWL+;rp+vqWt1tQKUqo$@b|vVAut6q6R=N+&Aj}J9P>ny*Gmv zm@TiVt7G0=bV~csySE!Fdp~avl&*PX<=H8rJeH41e$q+p1Vwbb={Jts*o$kCTkSL7*5%8LqpSKeB4sCwNx z8TqCSvXK2~-udqw9>>n@TgXbDvhA$cMU5HGecd^a1+Z01cQ=$#PCCuN$Yk|~p3O}$ z+6T!A{IsU6or|$;&Bl8(Xk8M*Qf>}jeOLoWG&x5>OcgR6gl^Fk%{v@m?e70RW3=Z4 zRu#op0qNhxsin(VtJ~B+YR+)yFNRPQBU)EfQ*Jntixq=^e2$1Wgdcw+6#I$4Rk8<5 z!q13m;@Fo+Z}ypB%?m5OrfA>E-|{qX-BsNeFNoiuzHz@$?+5zUr}zE9@rNVPeIZ>* z>f*jk=jFZ(ViCRq#@W{1tOojV04wNXYCcS|>>QZiLC)HV^n)wd!8q;Id4BTNqhh~n zTXz$fw&0dlgqw}~JfAlE;>4$iNI{FL5W_+~n-6>;cwe2N%?My*AdNb4AFuELKOZl~ zW%tk(EdIg3!l9{~qah>pw_a@q2#E!e)!1 z?sa)}Gdbl!7Q z4DQ!@{M9mkZ`R1leb3CPatt*s2RH!#LbsEC)~_MT7}zNVRzM8aL8m5auIdpOBM9&9 zzrs8YFU03~#Mkl{c~5i~KE=C@N8M93h>djZ`1!KQ@se=YY>D9{?+yAFEI(c$Deq7g zn+v1e5#w`h^lrEfK=r-0g!GW6af!PlLf^A(ly&-TrpYv3-7QfLd>HayigEc@`8`k! zd&F)1vESbNzL;ABGaN?z{=9byUnbAgp(_9K&IeAuL-S6J`ObNuz%sutPD);R5_U*i z7aUY*ZsNCnTscHd4(2q}>Qg#RAIhI2mg<#;_p5hytisFQIPS$Iw;qmqSN?f~_BVT5 zH?Z~PJ%{|Q0m{Sp3x3?Vqv&4QpD;e8fWWKY<9NiPuFdXYVh8mJQ5}~`4w78`-mad* zE28>phvDa1*5z#g6h^F_RlP6LnnGPlgn#|{{4jis_uGza zN``g>fB8TL%#SBxPn-0F#wLwQEh7;h)>NujAh*Bo0}8=F<3(b}?l$a#@PaGc%`Ysu zr(uFq)9g=AYRFx>BYr1`U^8Yw%Jm}J%TQvphVokY^GUnF=>UcSG}^+-thal z`1g@-#XeP(w-=YhUno2wFDA zw#&>o!5W-ZngMVsy?_Idk>}$)J*LU8U?3}ko2)D#g49jQvr_qHQu-p33CayL%iewHBJhuVE;n= z^Fx!yul)C@y@R+)n>kh>nmhp0A-GsRd=Lcmor&6dYo2tqfW&6-QoeuOfvm!-+Q`d-NR?AkKALF(5RBkt z-vOy1s-u!8rFnRLgOS{7zk!39b`$%3Pa99JrNo=0%u5`*?%87WuaHT%SSrS~uPw|B zoYV7u>%M_&`Sdfcgq1pm!erdzhpgbHpYNe940rga$?JC7H_X1wKEL5yT&6KxviqlMg>h$p zqlb7N?9&0EH^C{>9{**bWrpU%)MNj7aKz|zd#yj7tg>>L(4KlsTXzSc675Iy!^81Q z(OP(iNLAVH}H z50}ZCjkX-o-u2CwBk5K9FV9!+#CvE9${BJIwzbS6 zQv(JPLp}|r(9nd%eT^%E2Ux$5=`4=YUL&G{k2cX%4xGn9$?69rFIYW|_R--WxZ%1_ zW4$Ovr^NY)j_nKn-)m*txpSWOT4UL9R8=ys{a*V2z+UH z&wHP@c&^!20H;ID&2J!S5Aznw7&Jm889YYGbla}+)oxiw1^EK<~#~fW7t{u7f-1Iu4Sz?D)M$~WC zc~O_k;rwhh2L2$+?Cr~sBo@*&;8v-z`)xbQSK$g-Z>CYoNYK~7KJtXsKpcs^OSY%S z(vX`8iiaROss~#JmvsL^Y38kY_X5P=EYvuumitY>sF`rYoBMzGIkfFK6nTL)Uhufn zQ&Zpk0yV#miY|aWiE8(|U$A0isF)J-9*5)SSg4QA8{@se;P_Cy2sSY$id0m2UI3LK zpX2xGDj(t-57!!1%L)i4-^o2*&!1N=zcZsEIUlz7oviXX`_s3Mh2(X zA73;SASNtx=fGVHt21#z>*NAtD_l?a-nc!}eHy%0#SVu_N8pdW+5U7mSdFtbSY+Y)eTI`?SleVs%r8m)7Qt| z(_~&dMH8haqBo8vxeZ6@K2VFcMWOf-_t&G98Vuut+&bC+hbY$NLOE3DVfB%_}EWr#2fr%ULJeU zji1Wf;MS`<ZPPu}i}xAV3Ft|mQQWZ%UMrtnnfOrUbcdmoRdPKg=@WXx-|_6d z-gnlOKk}9MnQM0Nia4ImihLPm)nuZ1F6)acsky#1c(6K< zCR`p#$^Pa(s+I3H5Bh6v9#%-Z$@^Iw$Nql5fSQNpLm=SVg#{gm2SC zbUtV1+1@wX@CPB6S+2uU35>w=PWuWNE8dQ~;0$Y*$>lV^`l#Zq``l0K5n&#qINL(? zMjV}(^(}Zh;e1R;eDUT)RHQk(15^b7Q}!P47Cnf!o1>Dk)eWwZCm+9j_YAZj%90Fn z+H+68?8d(7z7>1Zew_4zBIcMAyMQ1L*(R-~d>5bVv{pKTx0=tmS2OjDA|nC8-X{eh zl5BQ6g{n$g9~}DO+K-_hPF_f=MRG6&;~-sS8b?YS9SjSnFbyZ{uT8L z3+=huPcux44sF-X3cld*9=wCfM&&F>i7jyjl=*{;9A>x7n$=5VE?f6Vlbf>ShjNJP z$~>q@V9ERa5%Np4rXt+5j(t4NT9{=4;G||$4>b_cz$gyUa0Suct3_y$C03A5;4+W< zsHfH#EIFcV>+sD^(Rj{+cM0hiyj72f6aLrzwZ0*97?O`i|IKr|T@sdgjW-qLNT7X} zi1gi!fYZQm@U@GAeF5%B($kA{$joW)0hc%!VBDjCwD&%=a9n@uI=~nLRRb6pFJUXNrQ!Tnk35=3;rt|7e_zQ$ zlU4$vAB&$v5%=sf3FY@b-}Vk0x6imabfH?Ps6y-gq}L_n`?c9-=C);?^bXMY6TSszAh%wKRHdn_rX2yK>c006N=-VUrY8BotztUb zJ|09$1oM|^!^@F>HFS6YkoQZU`a?Wd>OrOeqm1)`JwMczi-j1H^za2^hzQB!pmwp> z2H^=9QRofIaqD@odC@ZL_vE4pplcPPZFk%EHlzi5JmU{4zakuqhDw>6&|+CtjLV_( z50E5-$9&*`?345j2T|R_F`|&&YF#Da=AmmSEF}2}58)MPd3VG{2pwKytb24JmI3BF zq+LXPYX3y`pnM7NvY#!yvVR`Jvc5K{A8duR@H#oADs_gJ>kzRaAQbHQn0(w?Cxp|z z^6XOOeew{s-@Z6u8ehJ_rEdUVCB8;(LO%_hcii2f7qSzIB=s9Be`fbXD?EUtwTkA> z=R5mhU-L79E}y}xSk~Ji;_5Kpqzf%@$3U8wNoG{Y?x`RMt@6_#EASVupSwu(2@`|Z z@{X;3e3nlyn3(b=07;9eZJ3&ZR!W2{L&)QJZ#%$Xg=e38ec|jqNMX3D!aRw$Js85a z3`kC>;nITWU>EJMui~HMDUkj&@m{C!me$!40@%M@J!n(*pRXtxRQhyY=?-xNR&Av@ zh&#{+&ZDzXNZv$?g_9F#igDr!)c&gQ$ZKyCd)ze134cSQ*9tSN$CoLy1;dCx{?*VR zd$Qlyhn(+Uq3cWN$;B3YNgh!wO3dwd!IR;1FtCbh`G!sxw}}DtnzRQ4c$&iT{PiJS z7e+>PWR5C)?w;`<7>6pqSy2~Pgsa>EU_8CI=+%Q3olDm*-Nr{RE87&cZS2dE1MT{Q zL$lRK)EsMu@VWd3y0f73*ULIEq@BW9tExys>yO2AFh{fg$vjznQyQao-x?2GC%@br zT2efb>^Jmc()bh3woIOIQ{FtOT+N*?iq_rIt-Zs3V1aq(`}-qv9VI&7?mi3(HAXoh zyTL_6tcCtCpLDpslwxr|Y;!64U3&lfg~8(CbJ>$0U?6Q6c57HLIjfP#I^Cb{q)5NN z=j6V|PWO1NU!OdN0hdNwT7&WgYq9-)>#Yo*WwN}nG*G&Dp$FSwpCd&O3e&kPNZ?n` zzw7z5viUc99iQUGA<>3$7yr|plaZNQO5(#KU= z9dAQ?zD>S6P}{kE08>n;M!8&)Hy^o)1o!VOPygD;6}PAYBge~M?9J?T<=trs=o3xq z;E43i`|Ud~#mw1YLz!UHW~&+2=jf(9HbpTJL~|FL1I9WVM(Rz#)OOgT*Cu2`7aT9? zfotPJco?7klo7_qIr-J-VwJQ5P0F#r)ZYh29=tp6o6aYX?37O?Bf=0I`R0^T*k8y~ zcT9G#bzA=qj4mrcOmi@)=snefV4sy%C|;}Q#Cz{@v-klzweOhYCBNvgZNoz+okQILpG3P*)9ttVHw-xbsOpvq# zzN`)3$Syg7Tbxf(et^0ta`}zMz>~YML0-a|(1R?bsH|D+3}>Mdd+l~@{rm!LENd0G z3xuCp`>TcHm|k=|Yl(K**NSs)q)4a*m|D^|1QvjMXmdC#44mL&qHfprm(;H>ygJuu z>h}3v6hD{PFXm9G+@3UTjiqFSP#poje%$T{yyXjW%m8zqmJlHaJKor4qE{lmh!}VT zbLzd$JsBEl4%}o;_3apBA@9}G14^fz`R&d1a6EkyBTCRco18b3pxkek34&FeJe2R= z!p6t_`EdJ=Y39Whwk0&JOee?CTAG7l~1S}d&9m6{-rRKHGE&tpQ3CM;f@P2I?+}|f+WC;d*Bb&jN_9NJQJlDrnr|(j6)D3vd zY{%_$2nzGpJ?}Fmm(lGh*5;>Ne-gnFyEVaC#+%B3?sL!8uQ~T!agl}TJN(YkYbxNRN<_2btnkcC63gU(64#QvAY%FT6 zq#KC)4z|R2{4Zb#6l7p?4fJSP<$k|9Ff3 z5%P4EeO}2~*61R0X!1kx=4)affS!Kv`(CyNhr&xUUz;MtH~AHE9&5%2eoEN4VS5=l zkZSBNt6|dn^_4HBR{4pElkhU`!;qY&4Hiw~(|9r$`1K`lQ`=X$;JjF=7-@0r%GjqaF}`G*enuW0t@2OH-w-7YvWA66dY zLV~_=WwAg$mf8GDn}oXOpVhh}r6X66VbhE>Z+Y_Uf`Vj$x-_qaXN6cwb7+s%H<~bv z*|(q4YB;`#>f9TGBE??B*mH#&X+@$sx{yg_Whj3bVk13IMX=xtaq0&`VEP-!aa@zl zXW9fY>rh;F#+h z`0yUq!aj?5#EJWMQM~)(RY;|i^6RXJDcG;P-A5efFT0GpeEqF2G0acLd1MPFk|Rhr z+O&eBw8Pdy7G8Bg3DJMv!(qR%y7jGwRs?IOzsPbK2%Cs-Qw0>ZAI~5QHHfcjH1E&+ z)heMRxR8)TzJLQz$ntJdw%@$hspqabP24ahxYGkv#uSUyEACDh8^`+mgQVXRZ+*vt zIA_Uy!*jD0>0Iq`+HX(<>|Bkf9K?ijs;9jQ)R!4< z27hC;d&)CVgL{jQ^J+9tne5n!p8}1I#*shlQ()+VrjZ_OyhS;E$Q~}e%V2X!e4WYi z2)8v&hmz4b%u+e_5~QAD$)hziT9i@i&u|}662~sJr@ilC&kV_d2SZggB!M`skZDxY zkFA}rx9xjihdltbr4N@ZO2$&Gljn@hG`b;x20%dV;u<;+fzc`e7`%o*U1{|+r|Fco zw+QYz$9m3wu!okY>X%<#nxcy^$^;@}XBfyH8ePBUN0r;+%>z>fRey5xISuw}$E(*e zp4;d2qIgww01!dz_ptOvK4<^KD$nDU2#VR-BMRZ;LYRPh#q^EL@AjTX3b1*ib-25# zPp8V{Ur^IG4kj0WeEJ2{#H8ceZ*zMu*Qn zP{O&pez>XC7*wIPaxh>1PF%(kKw( zGA;|h4lg%xT{jp3ZpqC7i{b;8jhy?TZSu3@nZ)&wKZ5OKKx?~zYRCF*sc&Lzr_RV` zIRqIZ@y))5#C|`+s+(@+sdWfoPR+ZY8?QgtCeMIoDw^BJyE|=V&;S1H&nsg6(3k3P zsuOnQM_k^EeeTPGfa0Xh5qy=1bUnkYQw#?@Pk)JwZ zoo>7Tp=kFzRJ=XmcD0*x0R8#hlu$So>u`+f-Iq2M4u@^MY_5*reH_XJT1ch*>-zzmYmM z=kFu9=!wAniSpEge7w!p8tnZI*k_aRE&{Yg!#N`cXh{lo;hy+IThR*+Kw#i6kq@{r z{_*>UtlAnH6Mbf^GJB#4aR49MjF+l`PAKFA@RAuh{e?!Ec|^7g3ID%be7au$w)JU$ zJZ5SW-?XP(k41z72iQg|WB~@D7E<5Yf6xE`Xi`)IGqk5#nX8a!J^ViC+njyBo6_xN z$xw;*h~ZDa@`gIA$NnY&g#il!K$vY!SfFZe^Ybm)C@gYpx$xht>?Gd|ReCSut$7bN z!U{q0#oL%0UD9jO*r3*^+KhyHP;w8io!HxVEXn!<}Zp7=i z$UB4MuQTvgILCL`P6>?`%6x12V@ehT6eG*QfNV{r-me`E>``KUFY==@o3XV_Q=aMe z;x4+&%*Q`JBRR~yW_d@A!M&0kKn++If5~PwVW56-0oJ=}9%YB50=s?R z7R)9RlQdd*WxJi=2&%1*zQ0!7k=oRY`Ad88x9FD~E~;q{gEF#-hg%r;vi@W#UF0E1 zlkI875yru6IefpJcVynFmG09z`%Vv~VDCIBfzp^)G1B6Hkve_`#>t4b3f|rLJ`r);vc?M%a@o z9KGihe+G=>>07{yJS)0q9P&{zo4vq$Hc77oN1QckB(m9B*^4-qYNUa?!4we+fc5cOwAfn z6zi9UbLRKZhfoY}p{wzF`6Yl?!?QJl$_kTH&FNY!T~=u<-47Fc`>1403oVJI=RJ5Q z4SzCeb25o<;JJ%o14;W`5%zmJB5y(m^Trqz=_o%uhJ0QC7U z!~MxWUi6>x06^ET;03o1wt^;;YOFv#kjiVpLi;20Sf%CHfEgpCXR^LgT61NKs+13V zT8meOT-9!=R7QXDv(7=>F14%i!oIv>ik(arhNWX=F-knvpBJ+fw*_xqv&(h5EW(NT z6QvvzF`~tw&%cM!VviT=nv6S8lrx(DpW-=(lw&RG3oPl`bFX|<^@FNHz_|7bJoV}O znV3#)fYgG?`MER+KRv2YpUhIzz9Md*oHDjm`O=D)a~^7jm1@E5P|kTua(%_{#QV)6 zvJg<@gdiutfWayj>|8;v#=!*(<|YoS{$BH3OsbV^GD50|hkjiqvM*e&1z}H7xsoI4 zpX<4o*8c`(9PPIa-=d2JHp?{PLqN{x4MthQnMZSgwnK2c=Yu-1`uP$Vmm2}_m2+V= z;bfCO!@>%p{OAxY^!C+-ajjsFHXVqbFw`EnV(W*d;rShh$&NxcPO4v-D(p%A9BJyy zrQVlv@AoFu%Cs!MDyFS<{!IDRG1lU{-(aHhn%#+E5;FgU+2 z(6JUHG*kI8hm=s}$QMQ>zPiQLP5mrsh+1I&NJ@aa5R!5{CC9XZ#@OX0SVCY zy3&186vaX2YZlFtBoN@+1ZmL^gj^V~e4C}&lvm##`nrhw*st$#r)I7OZAP z6<$cp=YC%w2Le9r7dXtjvpsMa8h8~#hd!`yJoKPnh+v-t4<`bWuuR3O)o%jHfu_KU zOkVH+3gpk^&(gx}&{&(G*D|+xv%p1gfTZx1Kmz_lgHog{TGcWzk`2MYdN%tDa zUMbz8&zA3k@&&mIl;70I`t>*o3ID6-{B2$b<6}$#y2ttX@hf5RGdo{D4ySI{f>Q@I8 zyuGY1vRFhp{GCq2so*QVB3Di;*eDBiJlGGY>quA9KGT(NBLv@jpMPKiQO+-*igHJY5L3O6uE-HUckNu{(JxJ62JnqQn%Bd z#-E;FRWOF&FdFeMc25^vVo>Hcog$6rpNvW{G5TLr5AOg6#DnUt(uz!4wJlv6jU%GR z<-ATf=Zg4%<5&0UnYDi`Mj&J|yj=1kn_`vXM(s|l+qTyv!jCif&CPv4))ClHSvbV{ zuj&;Uo|E?SI2U)x*hDapS=NpoXgilF7e&{>15-gakJOSMeJf2NyyIoTJ|nc6K0<2T zAUdh)UuzrRN+Jx$TsnF7W%FLpRi>`#*DRK7NG--K>o_S_x69|eh1WYSf&&vHIMXYm z%>zIwq(eSEn86L_e1{Eih=l~`SK!Z6R5`5n#%mw%ChjV^Ld<>N$F|GV+uMWZs^6{+ z_1m{*;i!6XWx&#*zwDb~o9p8Ju?PPbPyk^kyaY6Q1E#$}0J~f4z>mDI&uvq(3~(3| zs>X-x=*p(%a(bTA%!TPyt#d4g`O^%({uGd3z2iq99!~D;P?oCQ7kgj*dvr0*AlF`AV(Ii|(;LP)yQRN0lk|amk2o(U^^fsq2!#6EF3O@e zEC5;CnPrcVqYHitZes3{;+?sg7ErhfQUqWlE<*-$2?;Qblig(HETQzEnUAHfTJ>R# zIAfA|_)6yqnS=IuaMJotX;$iC4}Y}Idm=apOs-EQFO03tJeP9?L=<`1xCIYQIM?=R z_?7nMXe*aP*7THpk5SNU#=XOU_5N7vZ?{=TV|XWiI)hE_RaMib#h2K}Ntz^k|Hw3M z2JjxyQ2(|sVkyBSWT$vPB^_Rn2!34nnZ&l99e?%ndA+bbxdQ?Y?cms1X}5&%x)yT+ zhiR1_y*mJLD0RV>Tv!m?yt3j(+vqa_sE!YH`y7!;d#c#O-f{(ur#OWrd->H#I+Bk2 z73(j*qJWH5aPUqYI(!$P%`Vr-5kv07KSeBMz!z0%Ub>^C5-kbnqIO%VQh44NDt4vN zH@f+ekA2^b!!%K*x=KviXV)!h#~+NIHMk2;&m;K>B%|07av5Q4*iJ6 z0=xPT^MQp{TBa?It$eZ1$sy6Gm_IuawX!2ezV8)fiy!^ayi^aG^G`+S9?bL=n{;AL zSo8v!o7Whfi=5x0K(lgCvKpLzgF34cenr_n56P z9JGYf!+Ggshzjjz?qjk`lmmL~02Wt{swI3Fu6_MNZ*N%(!n^Wp9=G3LpK?+SZJ zho8^8V_HVM!C&%VIeAB%-|9$_g*a+(J+khx*G>>9Bk?MgAc)t$%nH0X?cc9YhBtL*FvVi!yv*?@q z5sX3@nRL=6b*?u;w7*p&3oS4)$FG|~u!{yL9bvHWg9;OwfS~jeSXe*YMMO^Fcn|ZJ zf8icX;0FAm;NRo~Q`r;irthYZ{;IQemy*Klq^1PFyozjbSAuIA?W54DzY=u{PsiOlON-Mzbw^gPm_!CuCm>NrXE8deO;7)EF9s8wo z^}>7X60$OF4MjB`>{`1WrHLjXi~ijA&qwmO2Jd3l9MY6q;NW_V-k6gl>C3OSm&>w% z(Ty!M*q2UJE}PGtRG>}u(MH4M$NRDic0P!5zTUnix=lN<%mw`K zN`;4npXPW+lK99`ulu9Mk9ix8r6X+CQZ&l&?5@ScygLQrvl3nQ$x3?zpDA zjfooO?=;MF84AGB*EjR4X3oD@&-JDt6J+wMA!H7hxeu>QkHwx zSR3YKQRk~{g`9AYBpjupN>0c$ej zk1N77+9$t~PV&$%{1|X&2^h1j{4weJr-+AB4X5RHwqzxbZ{Izh%A&~mkUt0~pBFiS zOmMZ~W$vj1$Pdra(7g){n!LB!4S^o{rvW>x5C*^7A#r$W^>v3X&}* z<5nTL$ZgBIADb)nIH2xl{O~3neKv+rhsOk7=<|ZC--7X((>w2vSHhC=^AvV%6K)`f zrGWzZouo&Gd|92USlYl40Io(SoTvPx$I$Kp|H!=%me8Pn-@MMg5->hds&CHf@ZMfR zS&omsalFEz^*!D7GmpKIQ@=+|0QNf14>W#Xk6~Y-{q{`}A?)Mx z7Im_lM!nxkr}PFPD;Fpn!P}Vkso>V8`hGy=hH(QZsXzh% zVm&c-t&1w`$foQiGUw{E`Rqvjfr&RGfbW~4N;!K>?MiNQI;NXKLRwwko#igbu#&qs@#D8+_k0jLn^2)JThIYs?bn+Q5QqHXW$0F2B(@ z!9#)1p!EAa9`+b09QvXL-g3XI8nlc`+Dv6DIu(hN9cX6nnVcK0dVR=y*#$?K820+{ z4f_e}`@>A-lB-%sb7l;B%KOUT9|C{kma zVXr!cdYTNDKk=hAR#0%C*-2K9xxCC*m@ zN2Myi{rX-;af9@&;A?k2Vh`sF6oY_fcaVj6hhx}^vB}{CA=1m z2aXrT%UjSZ7^|8Nk2Bykgc%^dkfbYoo63dy?6<>6g+fuJ_*G@!Z|wm`yw%c$pN#^( zatCK5tlM0c>NR-#=-`q4QAqhyH%^)|yS*Q7dy5Ka1D=@4HYDWn`&?pB6D3dx@CIaz zFZ=lDT}y>$>7E5)EDnx3Mwk0RiQPYccQgKp6heR0nCro;?(dtmO4qw2)tE1wg~)XJ z)Y^~is*Gu_8SoXjP(i?&%hl@WNp6}`vN#Uab{KT-^7>sb^M$E0+syXjH3uqpqo)qL zcLO+0c)=q^C|}oCm2wl>u9weS?LO`5hcYD1U}$BgBCrbeg~eXLsW(^+*2rE2k4!|3 zlcuFAf-k-aqGQEB+vOFbo-_Cq7Dgn13y06QFRoB`Vf5~NItOVT>gyZ&;zyHsQnzkg zsQ2&VYk6Jtw-;*&2TJw55x9o$7y3A__c^{sbN|>1r-4)?V;)YMGPHd1kfGz0$u&gi zAum`jr!^d`-X{RAe&w6jM9mA@5vr;%wwb7&lz*_iB%k+F75LBdr|x`*iu0hSKD%79 zhj(WDJSJDc(g?0^Qb<4KeagP$hLz@97qyX?@#}SvU;Z8-v9znLs{EMdER75zlPzlrd#4pGtAkQM~#;Wunp^*N!lQaB&OJ z$qd9BH;G1hfQcJii^~I-ex{#-l&lHAZyNkx^%IVdm3V?2CBTSF5tL&IkS2Nki7WY~ zYh>wKq-!FkWq5^q^n}EhE{pM(yCqM%TXecZ*6j9fpYEx=`iq*C-YpMB>j6ITzIR0{ z?H%V+jWi#NotdJdgzu7UxC@)EuwwS8RGV*$)>EqFkHVPn@EJdLZ^?xtdU4HbWhV*= z**&cJ)D9CqWFcG*5DkEpEI9x~nu_X_ZV7-qdHRVjo z=taSC>n~#2@2Hs8v7^JE2R6ye+b#}4C6Wf1dxQ?W6EHL&isF3sjq?JliD&7<7Q-J7 zkjW3#)rSo@I8bi(Jx+eFxMrg~eE--U_D2h;aX2hLEHCNjrz9UWgNT4JKn=A?lHqA8;B;Puq$bgxnvtxkyWxf{T=7bvmc8zWeAn65Y^ zSw~Jtcjcy(pj(|FB&OtPNyfE5dM&J@_&OSEJoBTmiXX5Biu)%>0Narx*{@@CTpznn# z!8ivDb`GG!oIbsNf=X@>=L_7cN??SDVCefFNoTgCC=f)^UjhMvM?pYk6_D*s76n1} zMfm!;^h9(_&p6#EP*i1Q-aL2vjRw?aB( zca`k+Qf>Gd7$CVBg*UFrOV>V2-ze1&Iocy7J<$(vaBgQ8vl9TK`7GrH1@pr9ug?O^x`FsvpuYZ4X1!PI^TE=_sS%7~c{(|^6h552R97Dj zwl`(}jqnVPWfw-M-agD#pN`|g$|r$Co-W#IP9Pp*W=0zsNFv<)x1`3pk1CEjWShkK z9C@Mm;*(Y-at;^ukeZE&kkUGd&Fy5^XWoYc953*U8=(@v9imIIuPg8`SJwLxZSjWV z3+~sZ$D|&t12tlHk$EXA8vo|@!smxR7Q&?x9>x6P)E<02ZuQEQ~jNxWafI6kMy-D5`<*v?8ShwAZ7UKFWs-r0-} zrzHpRH#~k`@n}+b>SeXPMaetbr1yU6a{HMRag^V(WAv8z24X26ZWWat{&WK~TGubE zG#oY|u~jSUd#CGDpS81iy7S8@jvRm z{Mro~?BoJ1WZvU?0g0-+Ndyu+qRHPVB^y89>i~x>BzGH6Jywga<-Yzt>-WPFBtMIS z^u}3tb+CYg*QD@&eoqc=i%G{q-uZIt~ka89Z*=r1@(9B?&!o`^)aY(5TQ|d5B{)z^)dbF+k6Yoq|ekve1Xr_!-DiYjGGr80a0aA?rxiYf*2+`RuXXLI$tgv5P%>=j5;PMHpwy8O z|Mbu|u3MG258>a=3>1t(M^JltE$Zd&=M$;SPJA}6hy2rDh0M32VWD3xCJh8sEAgP2@G zw@-|}0GG8=`*V|Z1LMR$i6d4T>`Wk7i@U5o5M05{`p8Ks28iC2L)2upm~X8Au+Bzk z(Qo&OP9MSRYIKplPvObGcEx>fyOK$Qvew1av{tZsWK4Zg?Lywfe3f7o?WnzXiAWcl&m~aleeVcKl3yCO$P9LV%n^ zG43-h#bC6oaau2R=`?&Z=oH8c{`coSXPqSsZ}SeXliDv_65Kmyk3gEdj!~I!Pihdg zLpnCkKTlVpfu@PyIYjafANK419A7_z&H?8A1OF({AQO5vJ)+C1+@ET*b1>xw*ISrL zfr%c-(X|MRc=!!ONI8rU@tLm~d3US>{ub`7K}bRgg8{_ zidjEWYS_-|V+d&ZntL~6gx3?Yfydiqzm};X+R}gWlWl)abq1};U%~3Lwh4Un&WH94 zzlhz+d6o3m?=C>R*>Ob0baFt$TFOAHQo)tT_^aOr-n^UpAsPF8`eJhRf^C1!Jr7ON zNSYeFLYsDt_FkM#vxFersFe(Q(1}p(U2KT7D#WH+{ z<wuFJG*J19x@ik#o`Ux=?*grT|B&m|Gx`DJOZ=YnT^5+7dS+a0q%Aj$ zkao9Ikw@l{)T;+3g>2dvPXl*LI8jfdS{%=v@B20Z$b2fku+SV%>|-uYtUA1y9MTWi z+J6aEJKJo3<(gOa;gbC`-e0qLo3%B}2yx|Bv8n@|IT}vYW@i{a(`Xh9N|(E0Xv(?! z%<3o%gjSmVti2xHI73 z=?)HG=n#oADPSY8g?Q?7er$$x#?%7`9l5Jz_Vs9=0c3qZZe@?S_}c_AmT3*3w(s{Y z;{r$dsNYM>NYm75$XjXNku-knIrzq8OgGDSeE`yZN{wpsXVHBzK75C)c%4q4Wwqci zGaMnPiT}>!r~MI-Umom9giab)RqBPP%}j5tjUh5O;ReFr~5be<74`6F_^`<=X za0_CRNbq_r9B^ zVHLK|`<|6v)t@EO=8|fnC4}6`d%3;FePn5$yHCKtDq)LufGCwWV&F@6+($6J?3;Ko zZ@`NdL&m*slBD|F?aK+*mRANnQ_Jq6y|39phhN>DBuha#R)Iao2OE&1i@24OyC3Dd zJg*;%JDRve!p76U_0!M}1a7ycG0o7QeJG6ORj&a72)4_W=9%Dq$F&e7^b^{(vv3A~ z{aWq?jrLBWA+$XQzXxYtdgAaLhie_#A7&`cCwVCS86kq4ex( zJ2#Vpz9nm6$c*tTSI-(Tth@D>ymSd|0ogWG2$GG+>$d)}mKq|qH zt1P55G+R*VRr}1|B#r>En{PXN#!eRx^s7|F-@(mQZhx9-&orH}zfZpr|6*}#WYx|U zVWIVOiDnp$J8lqyFQcABV*9~I;@ReFDHH9)%P0G*w8yLZQV4~6aJk&m81#UgWA|l% zu26qtpG{7%H%6BWE;E;(Wb~tW6q(18t_g=Uks|ON?kS5r(Tw{o#IQu%@2|@7G?jc^ zQ)6;CBFOeJG4tT)%;>{o)h-pES4d!rVkFtqSj6FN(CjEil^??BklUB$pgp~_FQeHH z3j&mV=sNpEDkda#5Yc_A2ZMV`orf|s&%GZym<{O$cuo`lynW=Y=VAa1z>-T)){gJy z*`v>BSDc=52h6c;CB4Ey+V#Xs7XQEueD>!bg_db zNnxz~G5F6j-$s4z^hJ;BR0-UijyZ<;CK@s7=c78)7pS((SyHF;bP8L6z83knIjTSe zxmx6X_6gpLeN;Srt@(@G+?VIw+Vhe;+qZTJP!b@o>f1qo+}!QsumdzRbE6trID>ba z*e{T&yF8}_=Ve8ceQk@nXyh9yr1OdtxVSH4Wi|16Pdbbbr)l!bqrWEAx%>*{jeh*X zobf@t=;SI(= z^Oy3-!vNv`>=?$T6Y7hvP-S!NR@vX|ICt!T#!vv%IOU@S) zCP6edUN|7BHpFvmI0qX~oOMt{mP?+sD00g3(gbEFvW*!QX>MIqsDUyV-$Jl_i(WcH z{4@1v6)!D`HmIJ-g;Rb~P`C=%v1OS_ig>DD@^6nBJZ*vU4uAQXc~tEI@>_C7>GKeK z;(B?(YAk>X(0oa8^>Ke9hM9nP_;i%83$35h0dB9^MRDSczrb#YHaHge2xz|H;xmKS zq1~Hjbg1DRmw?9Yj)(oNhPxbb;lGeGlv!gjC}dj%0AbJExh>@@&H~j z-g4h;AM(&4_M|!+jI6G>mtmF$=@gpMqJ(#~25-t^uH#J~M92Gu*Y|nR)Y0019ggMM zMFNJMt7Ia)wS0XIkkntTLG|99vxv1zS=y%#-*f*Pvb1sbJic7{KMuHEq&1B}@HH4*@>6E0~c+JVbrpvgUdhthC=Q zoO6STF(7_g=S)lMyc8!Ok*yNsj4Z4vtTmToE!rN$Lwc=TPCyC*Z}U)~>5Pck8za>r zfAm`kz7~Fqe2#j3h0mvr8Ae_|Ii20}-T13IfRgk_DF}64WnphR$jWa$9fCFBC;V(s zqDgBIfZbA3lXF;(#ETQXUzUVA4){hx0F&eUA5Mz2zKfR(b<48H6&qU_h@#(u?N}Sr zyIUxyd(=<(kn}jl%$FmQ35}|IALQq{iO)b6b5Wfh7n}Vlt1(+s=5ZY4m5*5>IY{q4 z^Bf^lay^~oVh?}5`&fvn^F!Ws{*2l@fO+0wAadt;7mY$u+<1*QpvU!nQ!C@jBj-HU zTmbvem%BC3 zUdM+tQ+n{-Zwp0pdu$_)<#goW#+D$(-$ub*yYj=Cyju=Oe$U7GE~E36BUzUni9>Qj z*MWNv7V#uW1Ui5+AJ3i1h^#?X%V=^LGogNF8ey$xZkZ`yKy3sDHpMOq= z7<$=+J8$7Ov-CctU0CKEeZ9)_0oke3#O*E|_Wz|3FTIkYm#saZALFQV%J+f`E65>Q zc<_De@8^ANz)Ngf&1-ggd`aA@CZ2-h|(v@Ec4HAQO&YFk3>VTIRU(L5;PhK>!f+O`4o>a-ER`7;r zkeJwiaXj=>!ef*PtZ|sIGa>4D@)HY{kyPKVr6>r$CqofeAu?@K*klM<@A36OVRXW- zPhaS!=&OMRZy9{R?Mry|1#`QwZ}}3X$^VD|qLSLO&LbfrURa&vpY@#kV47hG_%x*& z_+dkVP>iLNUt5=<7K76EF@A@&AD%#gZz!p`PB*)X$Pmk~mYL5g{@QmMIydN4_~)Hd zHlLGWCz@RLDg1DYy6GAQtKxs~davkdI6bb6x!=pwhfQu`$F+ukJgP8CQcNIkSW>%& zZu4r{DjIj$oaqrMQ#dlSN2&d#daip|c8eS%>0+X<{88!lq4YA+ZS@xMm7eWa#P$uG zPm6+64cmZ5(H=SSnW1%{d&;myR7pO1edC1Gs&2jWXJED4E5iu)ONR{8_;wiXd`9Zr z=z=xj;iI<5{C8%1QI$14{r+P3We&b{Uf}GS&FjO)g@*HE&64A%o7`Ilt-oXP*32jB z^K|52HyPy#KXT8qq9yqmdorfvnaq9wI>6!~J7fo1bu$UhRQFhWtn=$Zvoe#%-mR}B zu@>)S{8h2zZ{<^s_p+B)rX9J!y9f4$@a>W`^!r+wVyvgcv18su{)HX9c_gxjO+LX# zzWE~02G!u+|70KrG4+CBR$ABvPrgg9MxTZZ!1k%dHY42**46dHAr2tQeZXasg1S4g zS}%wfLhsW(3i#^QG(pv**Ft0O%W~qwz;P&aHE8}CVXwjJD!knekExL0w}5%1Z~yl0 z(oOh&g~yJFyFFZX`pzZ+>T+e+my~B%=OpvwlQGJ#V5$>zAEUhaG_;e+(n*h{4${g& zPe*s9v{D%0z>Uk$2X8f>A98C+H^&WEX}45?M_(=d^uLZ<`0?C+1e^B;RDy!XQ1ZY( z0tItSd1!MIBra)ICEy|0eLyZhZCtYy*kG8>y*1U_GZ3v}EIPONEl2E2(rN0(AJLXovp@V%Wakl!_3!urqE|+B}Z$H<})L;I*rJzsrWFOhD zYey21Z=XhEI*H8i6p9-B|6c{m^|Br>m#lT`G&I}r{mqY2NYId;e&9DAVy7ws0h$V2 zwa&kcdSRd<2%yW)IL;6{?ei|VPbl#3?fdo1F#4@ZI$3Xf^8LCJ1qr@WbI;&XOH?$x z3~k8!%Cs={b%a)*tJK!8eOiIozw9x?p8m@|Y`t-?{N=sn!(Si!Yxpt&S z@#8e=-D1EPJ?(q>wb+Wzb46m14YU1HjUOk8;k(hxcQatvL-@9W8NQznzI@Mx9>|r? zZe?Ea?{dW<9v!74D&@0iZ1*cWz7B6uDNXhq`^;*|9+j`xC1_u01a{6BA_u+S=c+5Y zuNz7b+^^4iKhC&(AA3sH|K`rJHvxiTJCT{5%9c#@=IdG_h?XB@thcIjEp8nAjA}}s z5du^eJhW`DtzkL9#Jzql?09TwxbXXUG_8_;bvQoY2(zepzMG^(2GrP_ zeVxZ7U=L3wA0!uhZ=v;LDl*Xds7@LI17U``?_n6qtZtO31OvDNjLYxVRKUaXmg(K? za3yLrf=wcZ@4S=>g^EeE0xfi(C3t+0>+4f%=zz^j^pzilvH7vTF^wlzh~caGT0W57 zDLzBQX9&51M0D_(M<+o)^Mx`yn{+kay{doYFLZChe(e9r2m| zh0YhEL}9_*?2B`~?-STGvg=)Om^)IKd!Twh4aO&Dbab||DF3_#q~^{GZg6v;OEN;e zQ}k~yPx150VmbF8#9pHZ_yyUJo_rb=LDc!_d=bk@6@mmwBr9%mLoj zCjdT6D%06oeS2@V?seCWS!^`nN3x4pnWmuXs?r-m#r6-l(D=PFK!fW5C zjv4%2LEl6o=(pVw#beujJX zUqO|rS_GW*n+dYGl)2YMKOB$|c%EM=h;v8XzWXWMCf>Z_c>;5V&2R$O7Q`5T6kw7! z$3d6-l|v1;w>*f_Cx4%sa^?NWkzhb{OrVcr*<6jRBPnjuZ%oCyKYbREsVXsvWw_Ss ziF)a!{J|U}eeBYy(mt^W2y=G+7N_r)dg_rftEvqT=^cd55xK9_?35;4RDf-CHgRx!S-#U&{aVp8(d zhQ1bn0scmqgAM%fYaqj=vWoNPs<`;;=zV@~Mb!0x?u%q}vs4f69SxGm?4!k#(7a$s}roCbTVU zJaPJlWv!K&_GtE%+V_Tl!S2y{!{yh=fB)ad$PDR4< ztUaz5wIm`}`I%_Gr*zN%%*eR@Y~3SmJ~3_U9r(a9th||Yi|Ca;i!TYRqQf(K zJeqsSXlFq^Yq?;a$nQ7<=Df1={mMTtBCD>4-oj@sTAL1nSJaZw1|{fA*iUTm5`z&4 zP0m0zYkJ$U@5S|i!sqxj_jODKiqU7| z)h{9B;hbtFr^cWmjo-AuuwIX_8*TJ#d3t%+mv!}0bW#r0J@MWWd-yGOF@j0VHSbF; z6i?~Ve#x5DKZmxYL8`_aieDmd{_jbM%d1AVOh{5*`T9~c9^g=XpV$nojd6o> zoj8h6&SX$zhdmFAt}J|rckI#}7z+yRz|jo;^i<_uZ+>GKFY$$0@Ku<>ooJe(dRy^? z{q5J~LoV+hU9we5`ZgPBWygjTG@)8Q4B zB|1I(sELuKy~*v5rflb?{C?6*I6duPG7=SuY{59|-{n1!T14xz=#&@8iB zyjsQG{S2boFL-Q!s?8Z@X0^!|3x5E^yNH$T^|}G{c<6!dgtK%xUQX&OtH^iG?*SC5 z0AZU;oKqZoBvPuA?LzgQux9o=KaJx$y#zX(`BCxuqh3!}l^~C}^ItajtUow;wd}ReY8;s1U~>}dw1vdBcF9Mpou&% zu*THK(KuESAl;k*pUKzf5!8ERptOIT;j9BqvXzjhthgAhM!R37+Yl+pWs~Lj1}>@g zd@8kh7$g()N~&TG8AIA{`q>tA2csPKom?20r#P|`H(uAXRibrqt-@5phVSpiHafL% z_&Lh`JyJL&@_1x!pt)-I$y!0(d)W&DZ|YT^h$0i4?RhxfNsvN8!^!Zy8VoU-Q=xDK?N$1<#z7>eDhY4jebk_qxN z?*UI(jPBk;+hu5CY&C5T={cm!7 ze%>BZH-QZ;;9Ux(UsZw@|KQ~!i|*zzbpW86_Qzxh_s!w+uQB5W`zUh3_CpRXZu`-% z`>g@Xd%mbdkr3vd7W1bN3SvUM!;wW7C*|9EoWc>u`zZy;?iqM6Ki*gN-Hf9ZX-Bs# zDmr%7ol#E%UWfN%!`8PV(Z_8FkXn-DLt>R)*oZerJhvw^EBc;gH(hJaD4kU9QB`&x zsBr&$;aJu>kMY&^pL9N~$8Vr64rL%0B(r*-yu}(^S7a}vzHQVoWyQxU^E<}W-U)1Z zF03+r#vWLTi(?Jr$=c&B>KO#?jeY%*2P++o&5!2jMqJy(m& zs9<^=%2%xfYhilga^jOIMSPVNC3wGiXL`9{TwMBwk3@JgF_bhq(fNbMDQ!_5(P*5G zytiLO1q-dVC8>iX>+~z-gki{U5?qIat`LajEMIG`I$Y{R#l^L$;ABz)e-J_oB z(M0fMbUqtFT)%Srcz6GM{89e(I_%S&mKP?&eF15NgrayPK3;o#TaYIEKDqs%V&aEl zpROa40l9$TUND-F8A_N6EJI-MNdrNimV~91q6>D$R9J58Dj{d>8yNvxiC?X> z3YN%f1=>VxOD{N;hJfq`UP>!}bi&wk?9}{at@HE<&!~1!mz1J##>ccH>xvJc_yj3u_7~zP5>eWgl0=Rt z8Qp#8BRLOTceuI!4DYNTar+&^wE)Q}3$*I};`eLwS2b|EJyQglF?;=M!8d&et)&8N zR%-q<`UTWj_Va3q!jm$-!|L^3CKcs+P#U%euSYB2;kBI@n7X-OU(f446Cq1}aEDKI zI2`ErTQDIQKQPL+X+4ov_YO3$x%Ak|M5-3&ZJjjjlYGSQGswT$@}=N;BBJ5*0lU5_ z3Kq;*f>fD&9k_)KKjx8#QR15@M!mAT(q0y+$BEn7us3ZaDz0q98SpIZ;MER!^fdow5+#^wWYYv z`0zL!*-OQ=_E+bQ>*w-zRDR;Woa1rdMNP|1gqP5gP?x(~{~kj!rx@}Y_3DKTyE<92 z)v12J(Myl%Tz;4P!oy;gLz{LuHuR%-TLZwtGg|W$UP(CTifxy##KS$8fkDzz?T6(P zZGeaL6OJwfP9Og%{atY!2^3Hs)_>9L4QDKP!oj?eC$~k>(%H7mNiq#s=?Ve)JR?_n zHTTbe2Au5#H&fXaQ85q<4ck1W`)=pQ>nl!u)9ve{jwM@nD+@5x;mH;HW6s}!ei)`C zb@u4UugBiw4%EILSr@c%KcDW`9GECt?=zfZyNz)uPwm^ddsyxK3WgUa1pJA%8nY?( z6Lt-qQ;74JkNa$A^9L#pRKd+?_t#)%j1! z?C-1VPya|am+a@v4np6Ke0aA^r{mcm__C5wH5&B{_5@L3y7T!t|H5En*5WwxxtP>{ z(_%;5!hIrbql%418c>y+L^AAe8ndV26soQE^AqV`&%-C9$Gh>W-@Epo_^n$zqLm)y z&(H>tQ<25!CucSaeh@)wh>G&RZnAMXN&UOgr#EmSI0kUy)7*R= zmuZ*ZU!sX_!V9*M6_n3sy$TTc#LW1U|5u;A~ zw)Ao12P2_?&Rsw9d$y%EeiWS;kLx@P-N%$4vB9n)M@v1jW6S+eESK{YRo3Hy?(X`y zZvJAX8tZ7kkoD+w_4bHpT4okG{=kwOP2IA)mVCQXM{~&m3Je{PI|fc*?UX&y=#*?c ztLWoF0iskTqT-U3rYKg8A%oi+9=zvvHOja539)GL7Hjbc^-(P@%TZ*WWnLVGqY}jO<)Ttlj}l|R&fneBeR)r!7M$6>_I`ISy|G81T9Td+LYC+zJCOC{LYa_D&mmuNp<|8^cl0?tgE1y=r43<*O* z3MEhnx1&Z6ZtuV1-szWWkD46+4gC&t-KWF0LdRl{>S4tJqF>SaGstRx;^UZ93qD7E z;Zo;vO{=#gFhKdWfAi3#9ekrrvqb+mwVRs`Hk6V!&I3{6mwW30^d{_i+-$R>( z>bCpVAcxlM4^}E4ezj8;=SK~bX*J%L4BuyA3Sm}3a#i?*|0R$9XS#YJM%21}`{ zIILUgKz$RL3N&lj&F-;Yk=16MuixzmQB60Y`zAlIUc99+QCx2@4;%>Ql0|1hjO_jp zb>YaP-bt+S1>G*fe)FA5Cb3f7w^-I2XuYF8*4t; zH2w18+mn$x281K@qxjv;k`TjimGIr;2H2B3z|(@SSQ?p%u=$E9N?>br@_Ekh+wgBv z>K@(aiG+hd{`Pwa1;idUp|OCq_Qx6<7aWM69wpH;07zM#_CA#RKIR>R@Am@5@%b`q zE30|5A3Vx~5nD`1heotPAoC0zP*-l1X~*$w6hnB%8WU5rzT%-4Z{%-y!(Y~F9Z#^J zbX@q!6N}r0s7JkATkO~z%`=`)t%({W7;En+lEmaG%(EK9^PYaL4fN)%x^TL`U#xC^ zY?SAh_T1OEOhn_jITQEM)`s^84e&`g4J%&B{CG9$ISA^LqbK9(-0e9y;=8Kk?^jh3fM{q4I6Rn$ zs;{tQbFM=&nk#+6x})~R#sS`QfgOnlCgt1U?r7RpZiNHki&zC}oe&2mQrGOy`(^#z z5hlQ0=>188xU)L|ixOyj*1nu0NxZ^yxIRFzZtsDqc_Cz{L1KBro^$w0(8HY)(#ac@ zsL|y?88ZCi1Nj#~aInHtw%=JFSOg!Jag>*he#6PjI?#ml@(_HoBHQL8qlTNLa(bop;sbJ?{hM?DnvE`qH-P zr4;4|;Y@CdpdlkuwhnlG^HI=97>q66ow?iMlzaytlAZ z3|V@gm=P1d65^IT-V+moRzon|apc1ot?&sE(rv1Mo*#5ccl)W3&p_(3@9t99zY}Hx zbG;N;^7r$=LzcCo?*$*z_Xw`?AkBQH!PBW`cr>#Ke6)?dyg+G6Og!?#9S2bZp*z_2 zzFg|(XSl)pxu-(;JOKQ%$QRo(F`Ws42=A8t0WO|hU`^5^HT4RYLntnD;reZOeSG96 z+GoyJfFy!@wSPYU#EXW4#ueAuCE%GqIu+bZSePbLb(8vT z>+LDcKInS0rwHAE8Ee|#C#8N>^lvM$J1J`RhKTJ(WDsG8JR=WhbK%6x{h9U=7KZd~ z8%~M*m~lRQjd+NUQ(o2e#vHbL4j_eI{)Y zne#zChXlg|EB%@;)V|;;`gTl*N4XNucp@iMxFV|nAA(E0+ogUC5qyREb5bGKPfw-2 z`LQIpU3zmnz0Ss693r1tzIIZVaTf5M{*npyqU0(aSSKfwMsR0+hjbWe9-Y$}O|586Ovs2+Y4KHOclQd}-sH0!9x?x(}EB|xV6X@esQ zgN>)aiuRKh3ar|{pLswkoN6YQDk}RxUYi>u$=W+r`EN6a5$R?#M!Fo%XX;h3kf}4) zTd9~eOU4ARQ_byO({q%GCg8b5I^aBi7~y(m0Iic z(SP_~>Z25tF^5a@oKtS>D{fc|tLamf$)s)$_>X;|^nwB{4R-VZ7UQ>T406ld&yzk& zD4Q;#CM8Egc|vcA7hUSOuiP5U-4ydUdrZ~@f1ZNZp%2yzxUCHibldbbAg3if)XSGY ztD}C@@wlS>U9i1gj3@FEHY7l7g8|@f$D|=i`2bkpCKg8N3{JMQcUMr5}jtChG9J?OS_34rLy} zO9MnAO{tKy6TC zYi}nSNfB5oewsIP?8wOqQGbyG&w_Qv%c^As>Kl{BR=$z%7 z*A?ZV=#yz7;RX%blz$C4W46X0<1F&zco5veMoq#{Rf(ux$+9fYcy zT^0`4vMKYpCd^c%mLY#HW+T)*#0CH^ZDmMMydD-zlXTB-a4JHlo2;1=e7?{88#XvE=z zjBXXw2E&m3L}~6rn`;W7rk=b;4}H~q?+LOyasJ(tGsr5In9cEMA(st@e@fM-(N z^@inEJaqh%%kU6{^iNr`#c|hA&xtth-U{#8CHTq_k2N1q)iMM0D%?K?z!P4af^+LI z486r*p>-r&f>r*oZ@2n~F`GyJciSJz|6hi!w#Mt|(<|c^NOT&H_>=6&SeR-@!^+m?pRmN^}N5q`f-B3*#qMJnc8N(=W;>*4nzaYWFptD9)RGQIHcWl+X@+M6ci0e%4`2 zJPCprfX4>r7340YGBhZ>`-rwUa-@cX7iE=XF$TO?EjvF#~P zKmLiU{rYpb3yVvtb_;b3bst>I{_`D=XV_vuTX#eXwn7I$VKg%DsAHCnP=kz{(J&+o zKyepvtTs^XuRQ4M<@ICZSNrWab{{?W-@4Rf%Sr50T%T}U`B1wREv=k-k)}a90F1WW z*K~lI(7RZ?`Dd;@Pyv5(H?C92dOV_C<=o`i2mEdP+`*Qy(UwmOhpv)t)?mi8TW>!M zgE7$e(Nck*5Wjm7eQ4+W>Y=eKVl>oI{Q3>_+ddh^b(bbEE`*?cpJzAyy`0rs^x-av zqCBc=a%jlpK#cwO+9RE%!`^w+sZO7Ue1Obo6Zf!wzxPOoBLL)UpQnf;(qUArN7Upd zh)nonda_D*B*Fvu?K&2b3UwM$89aWBM=spi2VHL!+SZP}1m>^yWREa`WO;z5fl+!vm$`*#{Z_NyyU&`KUp1l?$ z@a{nu8;6?&&JZP6q#5wJ5=J~yxF>pM(?z#=kv55xCer{f+Dv&;GWTChhZ zo$JY0k^hYyZhyp;2RdN&)`js2{rr=?^bDRp-VeW31}}xB*LXkY7W)J~2T89Vj3H@G?7$+%=`mgJucnL^_c z2v}xzJ_W3#=vS?o3P7M{kQW3;_FDH#RObOF>RWgk+Ne>nJGs60J0M**RC|**ra$=` zG?l~aI=rn9PoS5&7X-U~>=iXc zOL*n>)6YtCN?Ufb%lGv?KEGns3-W7x_si8t<3=;`hUipaJZP+->iu<7_D$}nX`|$B zr$xuE0#9rXp~5wltXTT|H$K{hFt23vki|Sh$?kPXwqq&AtArtJj}xrYm<$1oynor4wkiVqf?YQyLj3W}e0>@gY0@2L(Y88ek2%%+hI)iG+z*Ga$F zJ=*wI^~D^1ubczQ)&BF$#^WKoM}YFxOhDc+vFT|t;d8r(isozxR!{BgKm{$y9#6Nd z_6lmB07zla(5OZO!aicOOo=+ ztL7=HstR3;^y{$8SBDIs>oYa{dbz(}C9Gs37-D@!rH~oRDHT&E-W_l6Zb)7=oNDcR zJi`+;L)j(UmLD%60=e!1j=7wtv;KO=TfLZipoC3`EtmgJTaxrP%plj=4OHCGYrj1n z@Hw=D6IotA5EFeZi0nQ9v7JRURBa)+oO?jv;;5|~x8lk)k`==F2g_0pm_Gbm04#5c zI;)&oijN1*p=VL2b`vdFW_P~$TQ1&je(uB5draV`7m_8!jjcivxgYs1IPM|!oUh?J z>e21vJB>#qKUl9OW@XCL%6J^P{zvlN>HoC9vbHzl?TgNX8EZ(<#K%l>{S8A7y)BNXnjEWP<1P-PZ!E=@d zFKxNPoK=yeAWg%oSdC^6>KZG(@U16Rj-;#t8@*oi9h-k)?G}|Gt|!w`z2`8U(iN-; z3@VvYgahS0pH(UD5wpC@inz8gDZz;izb{kf_-u-6a?~$nXkDG7a9sMkLxRskGFO@H ze?IG**loke?YM226yz?>M2f=FBtO#hgV_M=QVk^gYhY>o)6$TbqZYK1XC&Zo%1q7a zZ(sVKFX-$z!;eD&bv>9gvw-K`1FM%URa5}A6x!!o^u}Wu4a@b00-=459Q{iA_d_UA z;g7v`p)7e78dvYJPtdQ+k)tG~rw!J!gyea>?2FZ>^53`c^H8(nX}JnTYujt+zn=yi}e+~OBYW|XNO`BKM}9+ zVcLUatE>Qt#l8{i2njL^KN2quL{A6ia_JT~xMdp7Og&Wa^u>RbXDE97H`SzWqEVhz z?>8;KP|-cy??}Arb+lLSs)+w!qL2kUx5`r_T;AMwcm+PgFG}iSO%?hBe>b=ne#W_~ zHgj^c1CUAglSOb}b_Zvk+E68c5`WDTG@sXb>Tx>q4fbx7#W~dd3jHfyi1jjg(?SC0 z6aD@e^9M2AucYll73B6apUbsu#iD*S~d-Dka zdr?nlL+yCs+)$K_?QPC!^Jmp#c1!R(sqcFbYKdc7i|bW9B;z3TqlHitz%^1ec^LJ> zIX7p_rUbccuQlg!Jp>cj#mgIhl?BE35VAdILfaz?sqTk;W|4hx$ELX5=Wc1lj%Bxo zf_bNSUh#zEvd1iSJ^0r+HVG)88~Dqj8yi1{Fk&|eCB zXAC6&7jTXO>qB=hb4{UiI zAxIUvTK_&|CuaS|!+f~TCo$ru<-%Ab-d8sL^nFfFvV~R=_dM;FOy+eQ4Bxrrk4bRT z(=@>1Ciss~b}X*N>LNI=ebL2VOm^>j686AjNq&zn#UTSb|Au{twAYvLy_}Ie%L`yO z+?*`+kD#EwP~97LIsy&1~V8lW0#6ZNSh=}QPxVO$P$sr zz9h2CE?Gi$o-_H>_xpUlzw3IQ=ileLY-8SY-sgSJeeU&j-?t-5fkB5DIz}6>r)36% z8AB}Xk#cZdoQt~!=p!PhMMD^BS(zhT=qS*g2dD1oW+Ve3n-Cwgx`vSk7Jyt#EvaZj zh$~uK#s{tMVJ2^mao2(YeF0QF@IsoQbVx2BY7TC#M>q4L8-RN1SSzG45!5xu1CJ0H zW=;g9YUSw$R6lJ{8yA$j)Wtw8=p;ZA^6uuEX0qmJH=K^S4-939RIrDDQaYL#f-yx0 z>1?T?fdE7gU`k$=SPPgT$xIJrfyMd580-MRkbTtUkp=+lXyk-;(AKx2>(Y=EoUtot zy5j1C#{y$npR7edlE`lUps0<$7s1}e8L3BsgBn^CXSylH2y}16n-W2;3ku5MD@Z3j zkQ0lvbTPo8tjHSrWJ8L!FN~`10hpq;y%zA`xvQg5R=??527x!x^uv09(n3fp32Ip<1nLNaF1FxW1%j5PvmqW7R>r`{PO_ewcq6(8!QTPIc<8<` z7nnLjKD+AUOc<%ELVjP3k;OYf8O+mz1p4|RD4w9vl_eJLi;~eqlR&Ln0D-_GJZ@a2&4-|!^6lx9Y>escGs0Oz0nb=z2ES*_8K-Tap+QEOfwHYQ3nb26&I|6SVT=RRuMQe7VJ*>CR1(e< z3~vsx*D`n0AX2m(aB}VrGB|B3vZ0PY%Fo4=0II}+!juR@Cm5EDw4e~pKz1R)$4cFk z=&dgAi!`&+1k4HpK~fE&1ga)Mn~ZWJ=*nt<5}Y_a2R{=N11r!877MHfIWH|wII#Q~ zA{+2Tl#3J1(!vx2>iD>5fNrlud!&wxt{%?Wk6?z@l+&WCTQL?Csl^a>0JEtskM##> zEND8AU5tlA)8y1aJ7;4fw51jWy!O_DfUZd+}#C(R|l9V4KKQuA!vdKE`mD2WGO(6M4>Ew@pzmUi6-lT zbz^wFNDv)>$}wQbC|whMQ^uh&aFRE(H}fRuP{NKrbqe> zL<2QP7>CB!!PU^mQ5}ZRAVACv@Sv*)!Vk+pvcu6JCTF3g0VoaQN}=mv0eFKzrI|T+ z0CK@tP#Fit4^$7)qtmrrun?FD)qsLDFi{|29Dxl_GP2aOAR79})4lvia8n(50w_ah zrVCu_;A5a!lo|L166#2d5=|&j6AS#Lf&?=R)y)K=PcZ=XuHCSpUlOPxhQWL3Sh-+f z2vbK-Qwy@D5r#@ObFo6BNhnYeoMw(Bg5);F(qP;PW^@xhZCwg*rDOCh!2&tae8|pt zGL_6ww1^}u+>4=Cl61Y@3}m6&{-#E5I#AFm1#ba#e$aUg&rsB%{%%lkwH^_s4{-oB z-(a8`4Bp956YI=)Zdq5Tz3=bZ*I1f7mZ3@E@IID|hwz1a1CWQKBOah&K=!MH6+z!f zPF9zqgFq1p7%zeXDC>%*;WQBXj6L#4(E#hhfIy?XqajG!#xW$Bt31>ZFAGX%fSx=0 z0FVShgRZ3DY81qcMv(I*DR^rGMFD~G2E5io!;I{u;Y>3k(A{Bhvc40L(kOcmGa5i4 zv`Y1%>+{;fAtw9V3*f1r+J*tLd)=8js?2<@J3OOaZ;x8|!M3 z%|Xc)EX4uotVhKYk@8w-G|Ypb{u{!JFm`aTr{O^fS1_of4oU&^&!JeFDEN}qY33+7 zAlr4YhMGiOHwz1OlBYXEUq_-rt5r0ffB{qlN-l%XfiH7ils?wg1yub4`3rOl8o?QK zD90+;(>#$DR^Hk;Spa0&z7l-M3t+h2sa`PPQ`dyJ$iR@!I6Ph5Lkljet^mWz;XuAG zjQ|**rWOq4XUjQzIr$vS#^IsOD&j@4%rgzNc4nZDFj!ThCV3F zW8f?&r->ypXjNMt^amy*At1~F$|bot8M@J6?s8=9-zJiVEARmt;i(vRU&gvHWE~Ab zbjHcKQ7Ia_pi(+0?uFDer@=vE2bi%vUE5q1&<#ch#rO$gWnh~zIv80q8L)XMBX2TX z!NS{%PD98ujttoWWH=ICbwEQnq5~3&bWpd~kh28Vm7JxH2hM@9)d)P=hmHa6eZLLYHp6x(?RMX0O|;4CC6Zz zL~RgvBIrB1=u_YbvX8T`g_pCYArwOM(SbUsLo6tuLzJEs468svXv!LchF}z9{BNSc zf$dY!FfozQN8*VLreO6uBl)*#<;g&HV#shmD+B>+ETc!U5}fY? zvav749}WfX3xGv&0>Ja%9p0fN9}LkH3aUw>AVAQdWKcu}6Of=u!YhDE_23^Q7Y{jk zBLwKF25Rsa5-hNw1*tn;79^^n5TL39)sq0%w8R5cH&z}K0Uegr0_} znYO&Eldb_&*1-Y~3SwG;f%HMUo8JI-aJk>_b^&1bQO*jQBqCf+4kBxyPt(PF(md3O zvIZb%sckM}222=xq=q5rzTgW!B!^(^132cu04ADxcrX+RBan&)e)(It>mar4O?=>Z zIbWiJm6o@q2Gjt=N-RMMFU#MCqAob|3|k8*KPZ};i8ct7$)OOA_WE8Z9X!m@1e{G* zR~^O`>MnSQytAW~rJo~XhDI`uz$yks=;eSSt_4mP1_%t4rluj0CZmVefJ3|)(iZ&7 z$&fC_M#+>&MKQF=0(QT?-CmiJ`qA84B9Vfj69G@fLER*cL>OarE7& zjAb##Gnfj_8HMy9P-U?&P#W5l!6^aWT-{K{-%*wTENT$?Ff#l-D>=Ls4d?=lB{OzH zGwx{wVW4eM7CsctIyz!HEY9#;f_0D*rH z{N*gDL|2qH9@yaw5D~`7)t=yO?;!?7Z@>2N#e<*@c&V5XwP(kU<2$r8kS4yiQ%TIA z^fzC4*}{IU;|o$~fAjPRk<&KZyaCnwX;tB+eD@uy_DV>kww_6iXidk?l&T*WE+s65 zynCM*!gJu|tttFWugbh~%Z*ZctXHK&`l!bd^{5IMbDjTwJ?Q=U7;F{(VtC z#I&xF9uT-cefR(UjeoA<-N`-S!18~5OBZ!cqex2}RV4g>8W_CS`MLVe`7Y0~>^vsAh-H3^`@6b-A1jJwd|ZfoLh6!K`#3ka zSLyu`;{RUtcKfQ)`${Pj(J^tW9J~UV|K2fMt>3p>(&m9|rTSd|yq*>($o4-Er!AhE z7NU_JCFXbKVoaQW`sLRD83)k&tEWC4WZZ6aO zxghaN?!>+tCys5hx!|x%aaB{JDDq@$V(}Bl^uBuJ$A6YOjCFWqWN;+j?xT)$smXYl zB6ae@uc@yt{qIUw10HMNxqUH3i7vIeG-Eg3wZ0z6w0G~_2-;vp*gYA?y{fC@q9sdx z0lv$FSDg?4A??CDzjt-|OV*8A9g$SWbQErz+yk%fK+mVes%GyEtUFtfs(t75Jz3{# zKmA`FRq^MQBYyU@O6L?*Ugj`ZiQpE6ka`f@6Ym_&WQ~6BQZ?)E?GsFq>YoDZxhgI! z@O!1omsn1Si=W0d{`?jt?XWQ3GP%^#V+|vIX1TimSVi&7yC_XTzYnf)?;NVw9)xVJ z5Xu=dZsM9y+ggX(hHOv|;)VG5uGUEv>uxA1Dju#3-&dJsoMDnuM4yQvB>U~nF?(th zQZ^K$1abRv#?)@CF==ix=lN>i@TZ8d-=}LJcY70M#A6vW9P49vc>7d@vYpIx|0?VA z{fpk~V($@cG2dvEfnsHM+M`E?Pp#xK(5oj?0xx}edY!?`;71h4(zSE8MH`c7h;_ZSJ-mOkb9`tUi zKwlmnc6tyn{kHRkBlG6QQvao(dD+rGY>H!>;5wr<8Dy=gC=tDVLe7Qpq-LxZeScS^1^-wq`JDxvZ{nbnFKgFr2GD8`y$JuVpH!2ytu2h-d+}!+sxe6B@Iy%+fk^5D} zu0>Z|@lJ%3KR%APz2^43^vi@No$xFD2iE3tRP?Yz^ z^m&KBGe}kz=&96yp+B=WmJ;&p*OQQ6UkS1~f7YP!_%;XF`EL$jf(X5Sodf3HY4~Fi zEN70X89ltDEm2RV{%4zkntgLBQtIG@@}-8^`m(LfwLu zjGSmEedHl6As{QEu(sCd%^lZK9lS$}sr@0j?uQB%zZ3aPEPBcAo#nzjpp&HA~>y zkAeYJFaHK2MB@w3DoSfd1W^7H$JiME#4Zsv;_ z3kyE4UCJv?&^ZF&lY_e|Zi?wBf7CsE=>L(><1RMfEBi_VyuN*4rDBR4f5PbwATC_l zn55MHb-ag1T5F(3>-^;JftL4g%NhDqg^6gpjFBS{LfXh9NS|-DZ}$mC;79QDi7@VLll3wq{aQ;T#_`A^@cP?z5cl4e~JHjIEjSc6PLO>%)JW?6t`bH?cW2j z?BwJA&3$Z`Y_eNKfe7%It84$?t0>!7HOSFb+l~MpB_JVd`0o`c+13%J?}%U6L{9K$ zt!Rp>{KMk@>(bl0+Zuq*&;S2u0RN?%m0NG0W=ca+(*mX%`*cSY{?+^b{<0n$s;SDz zbcD(AfA3S>Kk7~;U?mK(l;p4C<$=eGKRY7Nq1U9s2b2rVTjF~8#a;{JxIk6c1M(g{ z5uc1RL?95u;{9)t|E-}i$c=JfTb?Lfwe6QYCMu_N{YQ5}T1ORM4#~(mrT;N|vfrpc zzDM^VP%HuwypD)DrWBt4*<^WTO%zDg*Ti;|we?Z`57k3o2`N=6A)Bn%g4ER1>Jyas zz&P-=yvHH`rVqrnnngd5Z9QtmAhoW$Hg?@Fo$EXon;(Xq-oJl8rhwF&=f6lyfBg78 zsesQv$)UvRH4#Cbf(`_UuVW zOKWBSJ9PQT_BO>2#j_;|1F~=YJod@$%X7Qf;GnglTy`FD-Evd)@WOvaZaPrY)TD_* z?TQgn3YW|280d^sufZCigM$Tu@WYjwdB7AiSntcbg&&q9N(@S&|L)1G)V6q~Hufyk^5n!Q4 zWgb6ylAZ3Q8FSRj6>b->LGAIbJ1h0n_%zQhRO&Yt!_=AHSA5?)o>pBOku)qN!cJdZ zb8L3D;XZV9M?kRD)Enha5Bc`2>$ykQOT9(qrxij&&26IgA5*G5#d#2J(|YsIjSIFF zm|oRmt>?TL?601wY;)C3S&n$Su9)96>!!9MpMb!`&!WdDumL>=$7N)=+nxkpzID<- zL`jn8N7K{jC~24I<7I)J?kjoS9xgs1n&Ogt`x2`{f@8Ue7+SneCL5Viw)>nB>?PlvQ+|PE=Cc}%T zOZk*fp|1UTT;U5r+k3h=)_qeH99SslEYQ6^2OFm?udO|F?LAzWWx#3j)SA^&K_Noz z&UN*%E6fAYx4aR2ntFGoxrB^|#s>3EKe*bL6h#O5#PihVIC z3+cRbq2TKeY*S4|vg1U=vu-wzt~Wd%|HD)GxPJ4m(hC(&5ln!8%`YESnJCyd6?T$T zwl{PT$D*1c>J60*PViGI60~PZ{I46_rB#WqPmAS-?%V~kbfP)$93Ii zEjHD5(Z#g#(+8&yA2ozeoZ!t8P_TGy&v&|=6k}T|EjjGLH}Ib+%Wa!HUmiHtEm>7# z8hL3E1q}+7#8Cw z)*)?YGtWOyzVVMz2F}wN{of3>VA<*X>$TsEBgX%ymM&14Lw9akC{O5ps4~M`=#{^x zHi_$;|Jl6xD*$))bVjG}QJsa#Clj~g;%`NV&O~cYZ!TIC(V(P&;0HyUNissIHdkZt zg6|d@P)zsX+z-bZC$zEH@*Z+o)!A@qm4(OVJzI8BIp}SvXJ{Ce9jW*UW_Tf`hk~>iurs%J(4cTH`!c{h8Gu zq4?IJX&VwrDmVek+$|n_QCutI#+Sz`KNIE8t$)(U?JYbuR-neGzDmDUO`?ow&RaJ z`P&3{kQQXfHo=L3kZ3%CkaDPc=T6|G*i&f#HJ~fy|F|7|KOe{`*LHlZ4>FUsqld6XLwJPSey)jLOf9E>e z({`-8U?_fWsAV=~By*TE-IgY7G#t7k%md0hHaKQADr10_7Wwf05z2W)#rMq|B z3WU#!vhTZ4{enCyET+WwNhQF(IfC2eb7q_=w^rGor(RaxnKa`l(i+rft-Kp(*eY$6 zZBGT&Xu7N;H*RoU2@e-Jb7m?ZL6>mrcve-ub2ryP?r_T)mCOEe-v;=2wF}@=mKm|8 zue#l9u=;323zkcuO3~4nDZaz3!(;E06T=#cmxi)6ZH?J?>D-k<1CI~;YjyImvJaHO z z&P}4y^&y;F%#c&~(w>m#=;zZv@`5^c=6=oFt+*L8`an9)0_VAp1`<^jY~4X{o*1l&i^VV?tW_VW19U$>tkQfVeFOFZph@DhvR+k z#4cUh#Xep4slFmhwE9MT(q*fLMBdd3(yOm8i1YiEm)<)$eO;gXnyv-BNkLg2wR=$I zmb?0Xl_)4pUn`t$eyF}YQpw4^GOwJ^&We(nvbb~W>YW!YnO!B^_vJjUus6Adj%RLN zEy@W~S{B}9N^@V&qjv0cB8;WlmmcoS4^opSbzeT@D&X>ZZHLIl#vC0l?^$)h+OMfJ z)AAJ_&7srvA6Kij?zyqGd%)9H89(`eVUaYpTg;jN=q)x6EA4n@bN+``Q+@ph;1`Jj zChoqP22>g8SW7O_!z9a^)&AjomSwV#($d?p;SpiEvpmc(RYM)lZeGe_JbX)&VJ%H+ zv9q%kcB7KPPOXm$xM#!18geNw1Ha0i@!$00&@#Y0+whr=ur5B9F+~eZN{l^{A`q&7 z_WSNP%AUwZ7QZESj`vT_cF#4Hbj=@ zyiEMDg%A=Fo; zF&U2^+xM0DEeE!qplY0NF*IjejFNuGum1eq;oYlCnvZMmB)Q{}nUc zSA0*>VQ@;pVso8RsBrpd!d9fu8zM90qzaFXVCfMLB{}ufvSTwriabj_h#iCW!n%Y| z)9(fLi{Zz{+n*kDIE~JJDy4M_6se=^oP6FN;~%<{xFh#_PQLDf-@M1dWLrivjx>Gj z;b*D8=1bwVZPI)8NNUlA;ir9iO>*`dHPRCMHU9vo>Iw&@FNBj+JQt37N_kF9{PHyJ z!2|2#trG`__(<0lB7j4q>$T21PxFBXD@5bI*^&gW>3gEz3TEC_zFF#fpBiEK;8)sK znN!z~dzO#co&^LV4u8(AXBO(;%xCG~n934yo1zuh&NilX5Ie4`XMEAi^R3!@<{sqW z5++=@Id+CWqwadXt`GkrOzMcN#z^&z|5*PPQQI^Ba{v7EiKpPuP@6Nne{%C2y*M{i zJ=CqBHniB%^sR!#C()wE&2Zt^ujae%=_R-*m)(X!mDocvPqYc+^@#!y}oh@Se1orZK4*v)B-Q>-N$wC;K)mw zHI7@s>!FCa_~`Ya(OP4**zE2is^nofDfibhssEkL#&qqKz{to*MBp;Ss(@sZ{LHMg z6fia%e%nf6fhTi1%lSl9i7~r1&P()@OG=E1Jx9h_mskI=H+(-=s%*vwB?s>bcl% zp61&2L>pV24f!6NhKbG#T=CY>)J*f6A6*6>QqMlWu{$}D^gci4-eS6Dyp+u>@CMie zRe@M{>EN{jHFEO(-J?m%)Gudp0~ejeS_$a{dz`L^39$#LK^mCaQ^R9Ue4UYJfAF?) zx>wUpMap*{_MjdeC{_#eWhKj(>2jE%msrPMtn`ezq=d-f4@}le13b&Lp7SnkFL;8N=QOYET`qRI z7k)Cyez@VjoTSM~K30hKimIq*ZYf9IHCc*$jgR(%fk_2-yNH@DS8hb-}p4(Ubj(C7 zjT-nXx%ug53WPkU~ZBIpB_Wbd>BinImbA8?*pWH9#SRG>;umX4Qym&I%cNd_m zld3DjJh^sdwu@0e+9=Z!tzU({sDMaP)#dX$1p{Z1>vPpY*Q$W#;ng3slr^=+5l1*s z{+2S9{cbLz1W>4;u&{99&sxbj;D^sDqvQZfOKo{zH}x!g_55rl=MV^hAV+HNc(v)l zPbD8+djRsV{eC)e0G}H9-HLdOpi1^fIKKWK+kAxo+WhFvs~OktxcB9=Qu_UQ&K9_T z_|+3w|Gb6is~0scDb7rywSrW4H6>)n)XH1m^%~4@cj$G+eRDc4C#H)=tjeW#^sg^K z*K<0mi^}+fJ4w|Shbs$3PV6YA{LCv>KgkieAOllc>XH3rLISRr-!9<`XMuXPfhH)6 zv_5stv28mKNVzt3=+#dz2~oa)R`0m`j+K%@N}`e~`{MV9@UyEPyL|6H^+w{I$b4hg z!l}OM+3u?|siYiQVZgTnmVLA8murrHX5~cnvh1z6`}FpS)>AdoW$WH0i(k(Bf~A~W zn<-19&-7_q+ff?imcc&V_Ur}Gp!+b_M@*-yWM%|pogxnOGTb(y)rlfLwYN`cXSS+u z{H&9{{PjDW)RTGTq)H=iA;*$5Nm_Z2-1CQ;_md|;^zG7Gi6!&W?IVLFyvJraciiD|%1m3fPoyf^cM-#anMN5D88Hh}_xx z(pjfn6|KBb`|F2iACr~bhChHHD!tHA%yUeWvZ0usNFuePz!hM-N|tDOp|K1R<( zr(aXB_=5#t6NM!oEo??MS_dwJ-S=uzS-S12<5_qJ0CtA_xZk?g=0T*^X^FDLTlgh zW~Za}R~4|8WA(?)kg3LGLT{5E$UX zuwP=Qo~p)I|Kv&NymddP@f_h3R=?u><$&_0CZP?CYV_BccZS$>&frP8_2to5EG!%q znJITgJ_vK0+!@$mZ6tX#E_Ahzs-A9q9kWT-ZF{JG6}WC1bZEf8Xg# z@%l%UNpmyk5QjM>^27N^M~mCcXR`VaM?_%s@kQCSqypiZCeD>v;~DNZ>wzCuogZ2* z^+jZz7dqLob@?te+oAWJV<%-8aZ_J>U_D*5urE23H}P1G+n1`xv1*~uRElykIZypH zr9v+j1ckH+fGEFRo+nQXt{SV?xq-5=@`W8^Zk=b_yz9BVL%cUcRJPT~^GB594dC{e zXi~dA8GTCfr5G@uNG)L-wDhAp|aIqJ%E6_EQcO_nWxV;4I*VVdFl)adawHY%L0w1K1j$;srw zt{8`o*q}=M?n=djsNK91)`b_|_#Kkk0kOK6EBVN`ZQhK##HSk|I6rWvgv1!PWr#?^ zIYZ#?vH3OpP8k{5*%GalsEQj&iD`%8mTv`ogFMPHLH-bL;Bs$Lzu>JLGqOB5o@LT` zi>C!Kc)T%+?W$cG<%a2V)m4sT*MM93Q0G08(1`yZL1-pA;L&gA^AR9Qh+ihfHbA8B z6{lZqGH-JtiP!&=ev&T6=$cxEsQQZw_3E9a{->r_Jr5t?JXXFWt#ZvQenGQ9$rgq8 zKa{P}&3%lI67E@26wLeR(n86ESXi;~nbv?!01j{%u8BL%l%&;kFRSN8zDo;=)$y8- zf3d(#4_>x9QO%f4PjYy0n-ahsWZ2@pi<+AaN8(0<=UyHBV!$c8L_ZQ%k&qm;nbJpR z>m-+LnElWpJS>lnjy7fAag-UYxKww9nrl;R7JaqPcUnbSKOG3+>eE+3mZp0NKC$*I z7@K-T6IZ}AoRf|1v}rmtH;J87*N||#Y-{rfpRMmh?at~wR~{t{B!s50ivfhdrjJsG z+O=uw*0ZV}FUPny_=Ef9iBY9-rk{TuDsBjWkUqq+p94d(l`4d*z)mp5#c{Lbb>Bz~ zJdiNqiq+B&53%4yNuouiM0lg!Owgs2!w;Q{LG~>6oQBg0sfph6BQ}4Hq;ftM-&?i= zffGOxDU!A*WUbD0Oc$RDekk?Bps8v`6Uw#`ecq7sXpKg&t>7=Il<3aA9?j`C?875p z^W1td>D4pHjrmnkNHZsO@=CJI2ignaajt;TejP`zHy^wfG>i>p?FB+I_>v;~uUE`c z{U5F^%{rc}w@>W2g zB{QhMr<%k&6dWF7e9t%?Iu*q99$Ab+g`*9^cp~gegjVg<|OD8LFV6PSTZFE$co%Ln&ZIBn}SY*5U;T}21>)((h>{H-OtFzQ)T%V zt7>vSMjy$sKKU%WAa^5f?aD>?fm!j=@|E9gjGXVneqE~?dlqu^gwu#)Z z5ZlF#H7N3h?OX5TH*d{z9rzZz9;o#5=hU7M_Wi%qpIT*9A=JBb!uCEg^?^)cn6jjo zibmW;l2ErTd&<^->WswU4=5xjHV%8)1ufpuUck(}5N@5I;`x_=0-gOb&DhsFL~g4g zsHZ2ban_TKh_}jc!MDPKEgxEpaek-v#5baMUh}Lrq{hT0*Z40^W_=)WNE4D4el?}2 z*`1Yuq(A5*ioY33nB<*EQlgu&j?sQ}J+2se%bc=!_ckJiwP4vf`cpr`EIb`LoXozP z7uiE@3S$oc2AxV4NfiD*eC|2CfYTFqsi)>ESKmUaaVLdS@%soLR#3WHI&RpsCt>oN zR>y01H|r*JCYn8@+8jD|f$ShY6^cBK3V(a@bcRs%NuKKLh<%z~$ZkSk1fOjX`;l1j zG@EFwwVHe8%e2*fhqEQ_;K$@Em)bIhE|@YJxAik`fo5iULLg*}z}BC$l5CUwZP~Ii6K39i zK3VlsDXP4i#W&HmnIVkGukcaVHNh^*o@j5F3RD`m91~ppu?D@7Kv1{PI380)5K&gf zM*1Y~i-=}L;jIK8RqSd`#Y+%1nI73Y87ADUQuwKmh$Y-Z@Z=psc%J*=HWGixmduM6 zAB*Qdgd^ZH`BAtik8Jh^^Y zA4fjnH>9%A3b8y2{m_>9>0L{AV}+YQ-&Q@eDO1BwIXk9o-U=g{r=mH7;Db)TTbsTl zJQplpI>e{PJz?g5sjlB#m1pMN7VDvBeN1IHW-qaA7#w?V(DqKF;jkQ=94an&Y8+Q0 zhgUxIv^$bU%}L#IF7-TpinUZ~;;}bOlADx)G6Um$+#8ErsQT zily^{cAu(jgZIvz;Ci>^jlAcFd%!)R{PqL3_EQ*?wDfI4sOMT$6Tj4`cgr1|&B!S< zx+rJztU=1Kt?&S_$@Qcerdm;fTD~AD_K?)OB|_FU(3A@x4B((_xpc!j?b!cSB(eD=~!xQI9kRhWt|yZIJ;ge`JDHtP_3it+u6Dr znc(C+wW+8aRZSI{tF2GCJemJ`0H*UKvR;{hurDZHcBrtNI3%Z`SjJ`Q6hg8sU~9Ju{E8wBsH?Cc+iU6uVX4Zw`#puIASlUoMfk{3dLHZiwANjQ92{+w^Z#JuOBeHtdyxPbJq^tIXOi6FjRdv{*5 z3xB3WQN&tm6nS-pd%0&iS}3Z0=Z~wpr7Y1!Xnc?*l5O_fHW~mdvKpJcaxK2Lhhce ztToLsamY0Xwj0`W*0QGIQ)tM!i?wYRj?Rr`2WzXK$~l;>mk1g^(cO8=FZn4#v{hgP z-K4}$QG&#?7C6bYX5ky|hy98H5_#}QtVDD~gkhZJ^_SlWP2J?Or^=%}oJ~P< zrYx`XXcrc)gU1~NUJUb-H~Aw?-(t(1a_Wz?6;a*l>XUp-SPB#Wnj7@<@t^I^FaXhe zue_7DCEtUR4`1#~ArNjwvI^|&pZTeJZ)J#+@PL|pD=E5HiSDqmN=5ij@sr;E_=Qps zQSJ_KwP7ht*%1a+udR+13c)xkhevCjJ4H&GOXn*%+54jPkx0_6^-4~)Glf?K$-wh- z^@08DLbma^(jhi_vbVRqfg(?|EKd+FuF+V3`EX@-)Tq>;miWT34)-q90POFf`^oG3 z4@6pu^tt2XcZWbD8wJ*gjXON4QKXR3tPC087&jSz>S*sf{S6&*;TyBix32Hcjcv