From ae78b760aa536ecde3b7e7972070e144d6c3c072 Mon Sep 17 00:00:00 2001 From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Date: Wed, 6 Jul 2022 13:56:39 +0000 Subject: [PATCH] chore: prepare helm chart release 1.0.1 Release-As: 1.0.1 --- charts/index.yaml | 97 ++++++++++++++++-- charts/janssen-1.0.1.tgz | Bin 0 -> 67052 bytes charts/janssen/Chart.yaml | 36 +++---- charts/janssen/README.md | 34 +++--- .../auth-server-key-rotation/Chart.yaml | 4 +- .../charts/auth-server-key-rotation/README.md | 2 +- .../auth-server-key-rotation/values.yaml | 2 +- charts/janssen/charts/auth-server/Chart.yaml | 2 +- charts/janssen/charts/auth-server/README.md | 2 +- .../auth-server/templates/deployment.yml | 4 + charts/janssen/charts/auth-server/values.yaml | 2 +- charts/janssen/charts/client-api/Chart.yaml | 4 +- charts/janssen/charts/client-api/README.md | 2 +- .../client-api/templates/deployment.yaml | 4 + charts/janssen/charts/client-api/values.yaml | 2 +- charts/janssen/charts/config-api/Chart.yaml | 4 +- charts/janssen/charts/config-api/README.md | 2 +- .../config-api/templates/deployment.yaml | 4 + charts/janssen/charts/config-api/values.yaml | 2 +- charts/janssen/charts/config/Chart.yaml | 4 +- charts/janssen/charts/config/README.md | 4 +- .../charts/config/templates/configmaps.yaml | 2 +- charts/janssen/charts/config/values.yaml | 4 +- charts/janssen/charts/fido2/Chart.yaml | 4 +- charts/janssen/charts/fido2/README.md | 2 +- .../charts/fido2/templates/deployment.yml | 4 + charts/janssen/charts/fido2/values.yaml | 2 +- .../janssen/charts/nginx-ingress/Chart.yaml | 4 +- charts/janssen/charts/opendj/Chart.yaml | 4 +- charts/janssen/charts/persistence/Chart.yaml | 4 +- charts/janssen/charts/persistence/README.md | 2 +- charts/janssen/charts/persistence/values.yaml | 2 +- charts/janssen/charts/scim/Chart.yaml | 4 +- charts/janssen/charts/scim/README.md | 2 +- .../charts/scim/templates/deployment.yml | 4 + charts/janssen/charts/scim/values.yaml | 2 +- charts/janssen/values.schema.json | 5 +- charts/janssen/values.yaml | 26 +++-- jans-client-api/gen-client/README.md | 2 +- 39 files changed, 204 insertions(+), 92 deletions(-) create mode 100644 charts/janssen-1.0.1.tgz diff --git a/charts/index.yaml b/charts/index.yaml index a2afdb96782..f4ce392e5ae 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,91 @@ apiVersion: v1 entries: janssen: + - annotations: + artifacthub.io/changes: | + - Update always + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: janssenproject/auth-server:1.0.1-1 + - name: auth-server-key-rotation + image: janssenproject/certmanager:1.0.1-1 + - name: configuration-manager + image: janssenproject/configurator:1.0.1-1 + - name: config-api + image: janssenproject/config-api:1.0.1-1 + - name: fido2 + image: janssenproject/fido2:1.0.1-1 + - name: opendj + image: gluufederation/opendj:5.0.0_dev + - name: persistence + image: janssenproject/persistence-loader:1.0.1-1 + - name: scim + image: janssenproject/scim:1.0.1-1 + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Janssen Cloud Identity and Access Management + catalog.cattle.io/release-name: janssen + apiVersion: v2 + appVersion: 1.0.1-dev + created: "2022-07-06T13:38:15.9964746Z" + dependencies: + - condition: global.config.enabled + name: config + repository: "" + version: 1.0.1 + - condition: global.config-api.enabled + name: config-api + repository: "" + version: 1.0.1 + - condition: global.opendj.enabled + name: opendj + repository: "" + version: 1.0.1 + - condition: global.auth-server.enabled + name: auth-server + repository: "" + version: 1.0.1 + - condition: global.fido2.enabled + name: fido2 + repository: "" + version: 1.0.1 + - condition: global.scim.enabled + name: scim + repository: "" + version: 1.0.1 + - condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: 1.0.1 + - condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: "" + version: 1.0.1 + - condition: global.client-api.enabled + name: client-api + repository: "" + version: 1.0.1 + - condition: global.persistence.enabled + name: persistence + repository: "" + version: 1.0.1 + description: Janssen Access and Identity Management + digest: 466aa0823c784924e2d5caaa43221dc1a04ed2ba7955ef3731625a4372ba3ea4 + home: https://jans.io + icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png + kubeVersion: '>=v1.21.0-0' + maintainers: + - email: support@jans.io + name: moabu + name: janssen + sources: + - https://jans.io + - https://github.com/JanssenProject/jans/charts/janssen + urls: + - janssen-1.0.1.tgz + version: 1.0.1 - annotations: artifacthub.io/changes: | - Update always @@ -29,7 +114,7 @@ entries: catalog.cattle.io/release-name: janssen apiVersion: v2 appVersion: 1.0.1-dev - created: "2022-06-02T07:31:17.122295Z" + created: "2022-07-06T13:38:15.9854741Z" dependencies: - condition: global.config.enabled name: config @@ -116,7 +201,7 @@ entries: catalog.cattle.io/release-name: janssen apiVersion: v2 appVersion: 1.0.0 - created: "2022-06-02T07:31:17.1092957Z" + created: "2022-07-06T13:38:15.9729568Z" dependencies: - condition: global.config.enabled name: config @@ -203,7 +288,7 @@ entries: catalog.cattle.io/release-name: janssen apiVersion: v2 appVersion: 1.0.0 - created: "2022-06-02T07:31:17.0932934Z" + created: "2022-07-06T13:38:15.9579559Z" dependencies: - condition: global.config.enabled name: config @@ -290,7 +375,7 @@ entries: catalog.cattle.io/release-name: janssen apiVersion: v2 appVersion: 1.0.0 - created: "2022-06-02T07:31:17.0721731Z" + created: "2022-07-06T13:38:15.9452999Z" dependencies: - condition: global.config.enabled name: config @@ -377,7 +462,7 @@ entries: catalog.cattle.io/release-name: janssen apiVersion: v2 appVersion: 1.0.0 - created: "2022-06-02T07:31:17.0551691Z" + created: "2022-07-06T13:38:15.931924Z" dependencies: - condition: global.config.enabled name: config @@ -434,4 +519,4 @@ entries: urls: - janssen-1.0.0-beta.14.tgz version: 1.0.0-beta.14 -generated: "2022-06-02T07:31:17.038171Z" +generated: "2022-07-06T13:38:15.9196326Z" diff --git a/charts/janssen-1.0.1.tgz b/charts/janssen-1.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..add44ad7aa18b750be9cfdb8e4ac69fd022dd19b GIT binary patch literal 67052 zcmZUab8u!+^XFsRww+9D+fQuUeqwtjwv&l%JDJ$Y#I|kiyuWvMtG4!5om+ix_v!oJ zsoVYOFL4YE2FQP|Z(0y~V`)_uQ)vZGc_0sm$qx+{GXRIR4uFSKNkfBELDSC0*ue~_ zrs60dZEj}|a?uU++~;hd$?bj5_J#gPexGh~Wz5jAKb@jbs^5(IvGpf0DI;t85=ur| zR2~%pbgg>mb29)MA6E6Z_}JY%p*59#6a<`lSapT6`U~P)GFia26PTDrR)6{P@E@U6 zbL|`rxsPTB`uEnQi>98kR=gbVMh9)ebNI@w6Lx$<5Zn8*$pEr(qnEJ9otB0nKQiKz z_fV1WC?%g-kU-Kw@{>9lvt^c5SE^ZJ@-^`1S`d(YxEgS5Hi&#rXiN4|{#)E3K|&I0 zIM%GOy(VZnhFE3u9K1n9@-_ zWK2mxRLEMHVB@d9Qfv613avu*C}cL1B)l&()f>0kPdL?ugh_{!Nw-DdSy{%_1;94J zr~uGP*aN$ev6&ghhsMya7>~k2fzuG`_#C!9$|!{>K$tt1+ZQ*I5F*@Vg3)YE zJV^&+2o|%RlZ#gqrjj6NOZBMlI5b_SlY~)7YNk6}iyt6<*bjuzDsa<7eHmnVhrxh! zTBqn2O_n|(XDGB@Xb1dSBa|T_N@lOtwn$HmJHlA2YxNXlChQ+7Ru`!F-W)u?Y(^tm zA~rNhI2sH=Q3?Z*-ezMf)XG9DfF|! zVl`Qq&pX9npC(FFszy&+w$i-Zt&Lrd!@QQQD!?J*oYJr9BLKb|W^P0U1Z({JQL=K= z#`561qkXW-d_q;M4S384-aY^4;zn+VRMB}V`A z?yV|Mw^_#=T^_Wg5W~=^FKR~lgd9q8w*L!<+YAqd_!S{O!9dS;C-hU{@2(G`2Z|B; zsBokf#v2BUONeg=y#ELAg{vK6U(2p289r#JG@Cg64@e2Bd7tF!ldWM7n|cznAt=d; za~TFGMcqpf`X5ZH>%_LtNYpc7ioilF5Sye^P^SEGDZqtcLEj+KZvkb^nH}i; z3`$})oL{JXU0ppED**m3@q!RvD)F-xI%=mZGAxq_Fn%4?xF5O5pwa0zx_>W%4E;HF z5D89hYuYG?juOj!&5K~WhAA$BgoOUsopv%gk&TZgBbU)WKs?jBhz^0=IRdxSKmX86 zvhzPVTF+QH6UmF{8+>7fr@OXnft#EHe3LObJnjRr$(upyspJB5AZKX|NwVZYUovty@WI}uPN z1hc?fVIpZiFwQS{NOrwYwV+0H=E`T(dt&*K5g@XxMWem*p-TxeZJxqi{(uN&uF+uF zhn_}JMjMjSCW7FRL{ymQ$R;oXy`nR|3aH-?n|%!y;&MpNf+W`)O3H&Rtz-wZOD@#- zlZR*Oj?S)83xStqT$H-wskx5ymd$rJjCbu$ydtxv=$66R_;WHJl-Ft`d@0N%f}%_= zkiPntY!n_g@|5`t;mTr^d8K^h$4%ej}RK8|p-V!OE* zEvLDwqAUR03+RI(e)mx~I6tm0L}B$JOTo1ekvbHbC)UAPK2f4 zbk8f+L4Y_JmXIU%gG6M0%<@U>h^0kr#_G1x$hIV3TJM`P?w4o)R6hNZ;7O3~o&?AaFe2gm`VY45%ujhqlPd6VW`zw1IB9N#|-jW4|&css&h8uIX(I?Yk zy^f*wXJCkEi9*$Yp1gJF08yD&q{;!`E`!k$355ezbC2;~te4XieiFgq7V76Tl%EOA zlUZL{I;0M>v3GOef`PD6+?6r0=-t&XcbXW6u?s=RXohcp-uy!>gyW=1plTze^a2(J zu_H@My+Xb7-EXAX6kI72O4?h*0gH+W!V3)XmMyj)$DM!jjF%s02@z0F40E0SD8^%h z;K1}7Orm3NlEp#L{O$`PDiy_}^Jo?b4jp*OSA^~hkcKF6g1U;lE=1W-un^WI@jW1s zHRi4iLWe53fl>*?6^=K-h?Wq}%%0+0f-6`n^ty<-9Ptb)Ox@=ejh7%T?A$?WgpIt!{pP83>Q&eEmD|Lx(}#D~IM`a(fB? zK22j@U{Ball;)hUNk^d=Qd2^VdHGMgEvS(q3&}L12`e@jS_9FJ8zV_^Bg`=vV*vfx zr@45y*aA8{1WPDjs4a9@idKRF?tt|dfsXYEV>kI7*d64}PORo%OYJv#gUcje$P~!s zrf?z`EyS+8>67a% zpBk1fdn;Yfhw+ZFp@--bGoHR zUa00YRZ)J0FuaCV3-Qdu^XqmxIfcA}*@bR7_bU=bWs2e|+=kbgcdy-LM273%B>p8^ z$^w@`=ex!wHvDHGPwiHJmep9(!$u+Gg=>WKjX=&wN7KyvEI=!Qo{v9w$CO5{nc`}p zs6%#dUw3cc^>4n;UQWzzdZ;>H4?Z?mZ&!zx0=Aa>5-t!}^X@9B+9D;x8$llXe0k6_ zw8qsekIQjIN&tHkTPnx1=x9JD!!QAM6YslnR%9TnN9YI49<>4igf=>`~Gx^^E|@7VaD=HG5o37M7e%p#?XTLe#H5d{5~E`5~HCa;8tKErob&<$@LP=$9T!yn`4_6Hl1ezTqNN zxCG`@TLQFz=r;L&9!P<>jX5opqU`D4gv}H*8Dfs+u-x_ZstfdF1Ntb;nGS>LOUXga$M8(@prffZRDk5>1i7;1wNmF>(vXHA-&AR!4 zH3{*&Kio=6(q_7)QIjloNn&%IkP>gzdzirc)q?N zzO6qVHUsdETd!v9&kcW$4dr%h-5lpJte;7K-!tFEUErX@;aHaZ?H!r}ebRpraWEXM z4w9?)b#+S~gq2fIDfZhd3^g8-GGaKpR}A-ez}%!drZ6*#&S$P7!M!>~74db1qKXfe ztQfcRj&9GcE>aPtAB!}s>U{~xURTXd#b$;gv+oT`D1Yck%ktet)c3_~ zYrz&f3{j`0S~dePu2+EUPy{U-evl_FgvLfqWymHwGE(Ui6YVj&7S-=5g7Nz zQ7G|MoSLPwB$z*r9D+Yq>Q{Q@^?Y9~reX6YFHk!5*dvcOHVh*CZjKD4j&(5iHYC$; zGcXEi4Y8$RLQyPhYF)PIQp>wFtJ3t2_c|f>!P2mM+5UVhH0;u{xcasubrU(+nIF(m zYEZSAADxH1a>VH~aH?V;ZyNpyjTLzKWy{hFRwEXK0*sf*(Q#nfjv*`QD~q+5b#8NE zW{;VEmkdi>9EsOsBV;TAzhzS=Jde)3MkzZAr9Zy%IYlwy%A%DVo3cN(RH`#?DKs$7oI3jF<8ufSOoRD#cJbon}` z2ijllX@el(fL)eJr`ngCSIjEYrJ!)s^fq!^FrWSVub*|?tp%MHnlhB7?0I10NFHQE zdOKQKB;p({+NP|H27GlGAWN$UVrgZ@(lHaXci7-BdHH%dw2gzc(V7iT%!twqG}5%1 zV=QC%J*X<4ylC09i|jpFGfyO;0pU?aqdxYqkp3tMPM8^;#yFVQOr4a|JTv6!tLXe5 z&mFD&FR9~-CU}0UzlWLS%h@3-ma{S?CQK*Pc?tLYIxOVa*O2!P%l)V*{FKDnt` zm-}dgTVaGN7%iebM4sLY^{=}{R()o|`rp$V0N7BXbv0#Lr{1Njtex-F#tHjxaT{I! zp{*z=r?)Df&%HjDH-qZm47b{|fv>LI>N7t14cj%^R2%)fW4PG8I4%%Xw9cq)Cx*xY zZNx;#;m^yKpI!oPHxFz~KuNtta7-0;NETrvqNxK_$|Li_DW_eT6>G(~x3nD&&7M)| zMkh@xh|a#CX^2a(Xxz1w0*+2$yWhz(;otb{G`Mqyo;EvrYtk$nQwAW2Lve4rx5|=*ZU$Kx0?7ES{#x*V`AXWd%U;^q8^NUlxOrs z7r}jS88_D;)X4E*(*6FzGlvsR$~H}IQM-`|zy~gtZP(UDTo+F&$V8G~Lk&R@6rOxM z6h|8zJBUBd7ecR$D;9rzm=Z}Ri5fG+`1_+Qz}wlMAubO|sTO*0zf#I5iN8g9Eo<=N z?M%%M3KTY@h44!NuG`T&;5e>lm0#8+0r7P?^TTu6Y3`i;xswXJmwZTUcKH`?mu)>W ztrr9YEuL~MwB&423C{p`wDNi_cUd~hOp0^N5tLtu#o|VytbI%P<*`F>PSmfYMO{4| zCdC`vGO?{i=RdSTHHZQ=!r}D=QSkJidC&v<4#B_8>04UkUhxvNHUv7aJB-JPFXF`o z;Vt_}ndsaf=qHGybI!a`26=Ktv$cAYDMeQtS z;HjXGlDHG2{P0VZZf>O`WkeO(l5u`)gVxS)MFZiveu@}|nx5De)i#+j9}B>a99#TN zW;QHNO#{j=XJ(n?usBCV0l%2f(S?lejM_KUes{ScBYb}zS{_(Et{7D3b%kJ_K(9EF zdd5~KCU{MV)`$FzPF+)YB0h=H6Hw>qg)98(KaZIpB$dXH_zGG6>{q;qXns`Lek;R% zFa4zSTigfU>J<+EmHJ%uTcnPKgq;oS{iW%s9h>&D^)MW6HxEvxtIB~Z>hsaN-r>Tx zy^pdFHxFE2a~z|_zZaWvCsHbt^_`zcYEGv^a&AG>UPrmFR(by~^%n)v!U(oPglU1^C+35Yf)1)I?`1k{@Iy0WeLFT8K>w#HL zm&COU`U9Z_diQKhDettz``#7_2FT=Ok`TvOzG9vB)UR+kB%UP=>oT1h?z+FIpysAZ zWFJu_PbaZQLwGi94U<3yQfnZB36ZG_M5ZpLTxBccm1)e$SMBJDs$&zPFo*Z0& z8Fim(G;5qc)7Lspf*8mBCB-fK-@o1a-Gf06l>`PXkn%_+c$IO82pcE#zq(siPL^liI z3CQQU`yEOKc_)Akn6st=GhrALr&G)Bpm<)1H< z%5JGSN~l-Gb_4x-Nsf)!Ge%Z}8Z3%AH#QgX3(_umqYd~Ao|1IWg?-xLo8?t1p5a*_ z&k^o&vvVlVzm=U$lopmeAPq|Qhog9Z+Ts}KFje?v>PA@>N^XgBf*j^kz96|u2!2k;-A{l z9;l&$_PIM#kzq;F8RdW93&Z!b0s09EM}y}#VUxUNgae#z*M=V?LHBwwX)x`J2+ES% zuQyNC_lC%9ZAZCQJY7jGLBG-89h6={;CF?Rn(3v8WMq@Er3eU}a>$bo!ei4;w87(s z{a(r=2_$3RKMFBjoicV3f)aJ=kmv+BoGCe2eqMTh3o@hV!T$i{yS zw~wg3OqD)Iknf2P^y~eJj56P3d6#NgdkfG51x|S)=;$%yE=Ar!2 za$eyiFvV4tt@neL?+)BTEwUN`x?QQu7@h1VPAZW!wiY`0j}j;21=`ZhjX%8;p+u#F zY33~4VQen`V2*RaG!`7G>KpNjaf78lD~h1f6^F^e-kLq#Y;I&wJ}JV^j3b9OX=aNA z>LSvMYV^sztdu0yd1VsT9FuXhv#?}ooue>+W2{!bs>~#d-w}xsq9a>fD+sV<<6dt(uOY*{0atH)@p}G-uokFy%7q<|dAp zJN$Kz8Of%pFUO=MUZJZ@0J;C%bq>-NzC5niH@e7|<1+7r*{FD8ls$;vaE2&hi&P?p z0zS!*Y*0UNl=OBw|4IsM!*F7ai@842Q!ppM4gy^PVpl=^{N0dBY@U7u~&;WGAxh8buz7gQkoo|>eG!O#$#Y%88; zfwy}gOB9hD-Dsw*NN5czzn}G`*IyeotEnb+WAg?xdlQFZF`OH!R{Udp_F-aCWz#el z1UnD3HxjTDcH9^4oe*8g*S=W)+?P9+M6y19`npF$h2UZM0&{!1Kb|NSmOY>pgPgqe_bv zWA@*0cU9F4UG|3M?A0*GA=|!I?XWhEW-PE@;-KAf>h=KS4*F75uqMkViR`J1Su0{%nTyT+{?hQ zSLar=CeZ92c==VMQ1{djx%QNqzHm|YaD}X=6O29*i~aHJhX;PHyzpr2y``H_Q*c4+ zk#Fw1*n_N!W5Flvi|{Ww%xgx9c9-L5#>zVN0C+XCr|iqRs?|L z#z;YCb-6V1Vb22!E^ZGif&Elcqdcj+5%Mkpeu)shfBSZaSI1tTjhvjF4YFzr;Dfu@ z2=BViekxsk2nasZXHEA|oR4$O%iXsbVNX>O0?KA2lI!%7B0fY&8U*|BlNS_gR`hC6 z)9Lk=Cpq6@4z|fG#$eJa#PlTEe4V8A)P^vN#w#YJ1CJX_NDsmYq(N$j!%&eD7}-9_ zWhEe#Q?{1;i`LXAwsTL@B(i};aKUW{6$qKObZJWFYuckV?G}IcGI{0-Y3&Xaeth}f zQtVSc6wE|#$o@-c{V(CiE(h^sBA;1Y9r3mX?l*&pxSo+Z=MbiAdmYGyDACX((IiZC zX;4Ik=V(nwI`08iSYzAImoc!GA@jdG@_Mb2Jn(_c`$~F`y9_Qj?2d0Y#~G(d>ea=H zZGS&x@{idp|9zuN2BfwRcTO+y!h|_BA3Z&8IMn1$v($%nI9e~v{`=1C*U814weOH7 zyOdhcM3Q=x5)$$~x04ov2PwWu8FDT*`9g82S^Ariu1Fp}AEV#u4HP9sR_Wo#>t!Rtc4q<$8`f6(~c-sLEL}^d4Dl@n}S_d!L;+U9 zG4*p}X23zP#{;sXKn3=^V{M9Lk1i}*hy$Xs#pC$CA~$pvcJw<*P;=5?K>V*3x+V4q zlX*k)-xa%$!eL5pvK|n}inN${bODjB6UoMO%k&~K@Z%G5)X5*l++75LgFX4$E3=OA zJ&fT%Dm^?)ldB+ksWVY+Gc1zdldQb=Y>+6@rh>4R-Xf~uJ_aiKj*wS%F$d}kuA8 z2cH1C+oC#qD*My2j~_T&;-K7NU);f_5C+7E(~6Gxe9d`clLrDMWNG&`CF!w}G{24T zfC!qU${T&Z_g;XO*JpC`i`|x;!O^r2mIHo(73No2yX+|324xH~V@a&5D3yFuGB4WK z-`rx*%x~oN(9;m@2@&4;caH|0@I9&Dl?UuiQ_u}l(0ABl&}{$ZmSJn%2ccZx)#9S@ z9#a+C*LrSzn%&~E@ys#EDNA=Qm1K!G#1&lSZH-Nz-Lp$CqLN8jX_W(n+y>2ldt^XJ zD@s9zL?Dt*wFbR^Vd^pw4w1oGgiD9M1>8N=i;G%enD>3YZb#VfI)|WC>%xVLWJfZl z$*diCw`w;; zHHy|`jwQ%L!Jj8w>y;HpMFKbw@XBjOf|wwZC_XBY;YlbeOyKwav?ob>2W(24wDkHJ zc?{b4oov1A>n*T0g4+-rLTI|&Uu1d6<`jOIH2lr!q@`q?$F4XBC0O^r3rrnI?cW@Q!j#?dawb<@vR2#V;CmH*^zy6 zoB&ud@!0$Gf6aweMPE^kcbJ4dJ$S=-n7HEibRqM55OZeiQSjC@)QSU%3>aC2>q z(j~M2#tGSP`=-qI$2aUpjUs^KU&cyPKjS6csiQCKzBK~4;k-yT9DiehwrU3Fyiuu* z2;Eoa)$0_ZGAnv&VlZ_M0%`6oS21oAAH+&y_4A(suY2@B1-q~*FlSrF`gV+BA}CT= zF*o%?_}4& z7hX|WaFkOYyJY*`lG;tiopP^)qe@js!K>*X+$jOhsI9eT;o5dSs(pwF4Peoo=RAG* z>_xtY;KY5Q;-r4uxiV1o66rbr7IE-qnDDX$&g9_W4ns<GWo@T_xC%2idkVmLQALkft6)#tMyAll9ru*lov0qo0>GG3o^Wt~VqH?BX8)tj? z31WdE1a|pCojW0qX&3k`+Xys78!9L29LD!c4G&dtgwQd8mc*YrzcTb{4HGi-Zgpo5 zS1he!2NH9DNTpW8Pwoza)*rJGj>v?ezD%0cHe3Q3*aiLy3t;PHi>BE;6~2_nJa9t zEA_B8%rt5z`R-5tAsPWzxYj}b=}4ZJ8E#2Z)O^`GDqG7qdP~6ebm=!{;yV?TaQoLX zZBlPcHvSNk82bS6xGGNMeD)vid$u}A0s)w|%yQM{a(E0gQ3xY)kBE3=J$}4`c>0i| z;mpDbi3U`>ta@5Y%lTjX5@dM7Yue4ZNrC9R=p2{GN;3c=8x7_k0cZ1_p6^*LDK@$GZHETl{9*^}$D^70ZFuu)3PA@pT> zyspl>H{>}Nac@=eYesIy$k}alBwmmQ;}8C1!Kt3>t#PVSdV^KHn!5HHHIpoF+zU*s zgkJ*u`b>4<`aw4wZaNtg)SgNU^`kgS6bbeJWVM@67{A4QtRO|BkQVkxfhNABi)U zC*jShGZC4#(Dz7+1d2wO9+L_t9s=SvoZS*fOhES?PwZ^ak@>?UVd|EN2&^#Nj(+{-)+KE=9^m)TkOX_E<;c*SH$X=~sxc3?Zm7Q0g0IYz^`~ zPSUtr5Twq@@(;MNEYqi4EA+*T2ogl1=K8;eNjAYNVO~(-S7a?5Vyu8a&EqkK$lT>8$F5_Gr3DGM-xpRIt3o83MS>tLhvZIvz?!a(= z^QsP+m0Bo(_r))N&rfvf%pEDV|uSU5-t7kNgI&!@&ZJ zluVskP72{U?aqT3I*+`xt-INTS{tWiYzbI2;$Z^u-O=JzG39CH6QY6K0vK>@T}Jzd za`g>z%*D2wGCYHc31tOo6@`X zPgGnzj7(EEk#ZP}B~j9IZ;3M_m0f2O7)41bCwbVEf2*N7`8R(7ncSbj_T0A`lLPpE zf5Wa^`+PK*2iS~Gx#p4^Y`Ia$m5AnJ^w!tbnk#P>wbZen2gDG{O3urc{TtPw!%O#2 zkHLIQTLVX4-Dns0=Yb_52ESDdj@2+0r$)A=A2YM07IQoF$XV10FY}~pS@jK z6vyX;)C?tKKVbcW#bcOl4>NI>(;@F(ReP*)o(Q$}l#57jzJxt(r;~|73i2R-9CyXO$ z{OPFh+z-TvyyG=?d{`wE5}!N&-zQ-{iWY#!wdTPdXA%9jyIo| zH!d0#`dS`pYj#rK?pVfXYQf!(QdCTz#JBg$;OC7OOINSpxlno!dmCF5j_C<>L4V#D zUyiKG@5I8WDJ6!nC}7xt?x`l#d}A+F4>yL|AW$2?O)k;(O=C*UQD<_pJvCso0%PrXvrY>M2q>2vrag z{{ZeW+*mxLjnxyf20_vMkBCYw6q8!d0Jem#wj-L1>IEEAm+TgD_~(7m*Xi) zHgT>2a`=d*(vpuHR!TqeXJyfT(L2P1PuNa3k)^o?o(OR4r;5wze*n)8nW_@u*605P zJV1u0s!ooE9;q3|9dPp9!TMbLx#kwC^Qrpj-sT+%yF+_OYpom_N9GTsR@ zoxM(xA2!i^#lN`*+iLDaRTmac%H7m~o<_K-ziXTpN+I6Q>4##nHl(qJKpuw2e4((B1I~@2I6f%S(901U~U}Eqf{{4J=F`3_|W+WvLQw zU8baSBc!5nr%5b2A{^@=O`9JfEO$if86T&DI6JEFszJnwGsKU3r`s8=+{Thkhfc9WUP zF^mahf@FZ>7D@i5vP_FilAYv&7@t&U;j*i;@#Ga!Z`4OwP8lN`-^&`eua`-laRQxQ zl_E}K$l@*kGjXDulewRCwmBl~efh=MIIIk{Iv?iK_gmE7`B7K;8|Ip z8r_Ioeu=e-STd2`sQ4mvi2j-?QRrdV-9^1Q8!OZ&WEne+Pqdc-?iH%`JtPNls6YB$ z1Pk@+=->p5-3H5Rs+Yq9fs74XV2I~zVcE;)1S{+givu&1)G-Mi%M(1f4Kv||=n0V; z;{rUZ4mKSP-$y#fZVq2EIN9?J3WwCaT_U?pet<_JZe&>zztw&yQYoHm$um-rp<%g^ zizc`-hG-n7$uDA8*EvD_`+?8z=jhqEcZPcriRS>gwK~s+M!hq}2BQ5=X-x!H|I-^r zJhBsQjzS&I(w;*;A`WL_rA=&1^~9{{R-rwaA=&0a$wM+)rn(F8ksKB_`{4y|w;{{X zcPzpA$8Cwn&hlN&4>Yx7(Y>lS)@F4dz((uyf%xC5O z`+tzhv((78en5aw*BNn*@LFiS(IL@Z$`1F@ZK>s_ zfp-WG*qWYb7y8-_^@IE5_ALJl8J+Hw`5tz&d-DE7RDCn?@&5Yz9icL{+r3{wRD!_w zFznVSa}34H6*q~!K9ZOV?N;aeVe-aSVmbATeH2*l2StwE7@;T+dNAy!8~vN3ld0fD z;$eg8!o*y4IVi30!op4R7t1WnIs9uf)`#@pKt5h0iqQQHb{bcI@3R3GEHv&^1A34+ zH5C8v;~+)o&K8ba4ys2VdA#TSd}k%?&s^TeoPkD?7by&~u%75^ohUdJRyoKBSUq`1 zBH>|S+~chr1H>z4G4|m(HQ!}ss1Wko_cc>eHKFmjSEUPPfu}@vt2c+b>!bNrPT+jr zGNUB75F@$QN|mcyO)9jmHQIwgdV)nGe2mCZhumnAZo;0T0Wgcx<+LlAaE-#E7?D?O z!m^Qzk0|O$v-U9!BAkW~OA37j~qd_Zw4^FlkPxh{amI@)2)F zpKcQgc8Ct78Va6z+G-5`mN{Yb?5SD~S$nicyZ;KA*1L{N`58rWj1NjfyNZkCXvv{D z&j=?e^T>(c)}4#!Q7Jj|xuSu-0Tzd0a+}?3LuOkx*I0zu^&nOgBbxkW1LwLEGk}lu4OJ5}zJn>tZtrYq&-vl^tWb z+`#9+FvZ31s%37OUFyazST{|BHSucf#wu$(4V`&3G=m|R7VBdOk*(vS^mwJkn3G-w zJ1J9W{SJBpEZ+bxJ);nf;Mc*}*&y8|!Mf)lU3C$+J-%XiyM^?g*UiV;J?@TTZ<(t? zIwsuRrm{Nm89`X_kL0&0PobPsMiM4Sz0)V@gNm4g#cqD#Y#<*9v`NfUtd+11ICh0% zM|7l91TUa{y4e3M=OGfqD%wwv6fTHD$_s=KVVkVxjBhqiiI;W|E36O$vgQUYmxP5h zStY}MURs~}|DcZ)`jhe3Zi)qBgrqbhPS($|LvGA6P>}|3v6NAtDE6k%2Zq-|?zF#F zAUX3<68ms)67uRdS<=lU?&b>($%LXs7rC=2iwIH&(qb76lI+T-*#OrvBAtu&<81!Hf$u;w7YcU*Fdh5khQus^7G z+h`WhQ}Yr->sK%EDXjUyQz4|J`Jrmovm)ppN#B$Iaqm1llXy?|W{2(}WiH15AiL4V z&oT~HfoAthx=fu4lOnePidzMTEDzZDg2%xW=JInf{OhOmSu9V{g>-KEX=QKuxc8}e zazZ%}l=b)cP+j{5;~ppXX`Al{X`tZLtrhfn_Ks8Af4PSqN&X*UW1NAmb0}7^1+qC0 zW31uBa)lC#yNt<)mpv!Bj*t3Zy>JUMsUp2bKikJ{Ndibl1LOCGZ3N=o%5}fN@r{td z+wZhs#~6)9L-+7$!nS=7vl>K4z2jgJK7&ykd00Z<@fC4q(wC+G8}Ocm4j=OGjhf_x#9FoE z`jobFPLJ}%5Dho8aHOeGHOKK@<63f~S1nJJcdc-f^y8k_UO3HOq(*9i;EW(GXsYPS zR}6)w$|{G432l7&->pt^i6V>YIO1>egaenw;j($~-ce21iq}#Ji^)8L{(13Quzmzr zJ#;-Z=LV+06`+d($bgT@R7W|clLC&*rA}i5>)CQ>--uTW-S>SZfuZD_8I@XaHh((i z$;@Oyx(xxt!WSLjB9AO!k}8FWo5rnoRE@4G54K5$lTM0eV~3UOEcEE`;F{xXDTjP6a5gJriEBhY#IpAL`Rh`* zB3cLST(p|3CUK{p0GzHXGTpC{E_i8Qu zt-YJBHmrK9-Hxu^%X9SH>Z!i`SpCqdxtR{Ao})Yt1%+`ah|qU(dEJE-9bb}268 z)ye;jPO7+Nkzm2w4CquDewmnZQ11jS4-Y8F90ZrTt>$(sfz&TYd5Qp8r< znlGIrMHz;s$%5HTrPWbdD;b6~ul<@%)SRv!j3Jxs*@IfsF{<=|UdaE1D2!S-e$Je~ zxuB^z7MBegkB)uB2Ti|QPMXNF!v45FuBN+*r?vvexy=u@|J0n1FQ229R@?RRS01Y{ zM>!Hr(<8v?c%{s%@@wwfTJtaCQ`acP#8F`-?!I9_G@KRgD*HO+r0y<;6+K57h~vU- z@5Gk`e8jFEK#Q*Om^>d3Nj>u%ue?GK9Ub}5NaV|6s+e@82~$4r<@;LMPUn)`bxCYy zNY!^0P?u{z<>n&n#SmaL_-$eX>91zy7~!s!B#%S&!z2GmzdEQeru&DnsTm7f4jyIB zliFzROh^?Vm+2U(NDy+Bq~Iiz+WYd9S=2R1+!@}5qTLo++c3glMB5z!Uh(5P96XN zdqf2h=xT1qv4u3>5?A{JkM%D#1qg35+%{N-$4UM73piYH3iD7>)B8H&@lrfL8Diso zQ*G161u*<1$(IJqnu_y-W;RWlLnS8CyO$JO*G@I~Hf>6I!dm`g`H8HZB4*A3_~|ln zR$p=JqdXGiDI<@K0wbhgjELo>F^<+kTk&ia>#P6hglAU&$rSOctWPaGW-h3=m}y() z*IS0a4Av+6JX-!)HqL|8t5i*Zy^W?)A^5_uv@0PG6#xGD>Zv0%fzVTJIr6vB^nA4* z=JG$L2dAd1E#LaubW2NP^<`DyQ1vCl_uRh-Tk3bW3qoDK3`sv*YI=zo!vV#X;BvE| zb{oO2kFhEBur&6R3S>bg*CntLe#5r8J#!n|Mp?fW&PoNe=4Nfoou+2(Q!?GGr4Fwe zF2#SZtEc`2tgTgz1O9pJ?KS?npkV$z|8rRq^TgRQ)3#_A|G*P$Zl`;8*i=>Tx3n&& z+ZmC2DECf(wW++aTgs{KXjJ$7w_n|}63n<#{# z%a1a;jvfD5E`o7y>`;p`ZPQxcS;bczSquNO_fic`>@9nJIEWX9lxa#|V17w!`Znd! z1=*%11_|h0J$-Yv=@QQ?AAmjVC)?pwyuiR0PMBOw`+tGpL|y&qDj`~8=Ya0qgzJ}03onW(@D+4_6jfHT^E>wM&R~j1=|1<5DX|u-rK;vfFnS^95!}T|MCS9 z{5$Boq6%9*FXi=q{G_6b3lL$hiI4Qjs+DWhO*f)oXV@p1S=rPnY8?P$9s~u2(=IYo zNqMA;t8x3Hu>>lA2F@9Tuwgs{&IvZ_o&cYZjz-6%I^7+B^L`}ZXa@1+raW2!aCWrS z8Z<)&;1$$CZ)yB%!QbULVb$57pgr3k?vp!7;wh#QH)81V)yguq`5L6qv>_~Yl`!{S z(TzwB2sdS?4y;ed%(Q4GZkj3gg?jB_9TA5QPJnV>fNw34;q60BrQ%-_kKec)n-(jL zrXr`P-!RLC(X~G9B;*B~Qr6vIFd`vn`vw<9rwXA>@Ho-(+iM4ZQSTC_w>!R+E7={@ z+A!;5`=&~9NFcm^5J0rvRvY1OcQC1}zx)NuZn>@Q80GA7*ZuFEPqu&h(YLTBl!c6%T3M`EZ%Nho4{ zJdX%w2jD^|1HN8K&rN0k5}%RAIutBs(oE$nl4g>%E2eqoOtZ z55GnpDiJ%~?c!ouM~2t;_b#2C6$>t%Z=c#;APKP@m*lnWDlHtAE!)tS|lbc)TFD?B;l-I!HfTa1&f#qcjHs#AO(ZE}s`eLiC@#HvYzfIN?GHtbnY?X#f&#~mi~(_!U4GU$Uo z>$|Th6)!qY!&+Lc+g!yYO1SXwt!{c3t`j|ce z;-emLUWHpsCFnV;P@zECrND4s&97M;qHq{C2&0W@n!7IC7lB|RBIASTCcCbjf2sW? z8(>v}Zo|1rF;+%{^map%K`72Sg} z$9&eu6MEVh_VD5cp^Rb53Oh&6kQ~X<90&V`Cr#R-9;T~;K)&H^>pk6p;bQHpOsafx z9@*&qt7v(8d=>*A4Z*&*gvLEw~6vreIq8U8&o=1FPb;zL5h?@&W>Uy>I>O&m1~_4!;LJjzqWh+E`9NZ zM56vDxQ~l{9e7;Q%r|JXd8~+W=syo%vQn$|Xg0pQN&9%z+(7_91Bo6`qiDFZ<55(; zuFkz;evo{aa3OVEs_ZW>qyGV0TVKaF<&3(>6f5x&8n5@nMXQmI+-UJZ%1~ro2Q1++ zc6Rq}J5_y3!i&KFvh!SAji`PT{9kOnV{jYz9ox2E z&bhZ<-B_3G-i=J>|6=Ds@aX>3f|v|kp3SvkkOeMdLPWhvOyKm}BtuIa2c z9jsWz#&zCp5zDCo-LwI@aNRm@!LCMvaHd^qxJu#7uW;E)SZ=Ux!BH14I)WfLWU2Z(u7LP!$#x$5PposxGA7gILLYzmwQiTXcbfQR&5x&%Z^6~-xa|1=6MUA;>0`mI27(41b5>dvL$s!U z&%Uia_rK@q7jZf&Kyy9|wr)G0)97~!?qHz z^JDr5Vom3?t&%vuf)j$Ub4y6JteKzd)LHzgV{b_wN$swUS2a8kD$VnPWj4$38#$qy zT=rZsz+OvLtuzo@z@1x|E?C?b;}?@TGJ+#?bfVm)yECX z+AW!rYEJ8xbbf%-CX7HiLBO5s>K@!`%T+#|>sQVfA33(04!hs|Jw~|swqC&<;4yOO zE7H+`&U2W{o78cD8a9V4onxG*9o1hoA(x23AGV7^A8MVPLPfF58nJx=n>DQnn!g{C z>P2UGO|`Q69qT2XC42ae)BJ4}>a4$BXLVBqce%28 z^|j*bwBsti;@fG|+NnSkU)kM)e6?(8-Mm`;{Qhs_!U!S;Cp`kju_{g zp8KcvruC(|>PN4rXJIso9?65gel(p=vYvdlwX{FxNG0fi!?uknk{8{qm)rLP4~;wuLp!G zyG~B~ka^1Vmn>D`66HhgoLJ?Lr-a(YcVXDCW+7 z{eGqdu%ql<6WNhec#ZQZFmY(T9(>#HA#T&NTCr9`^`e{PfeLN{h;h0;Y(1^^x^m=% z?Vk*e zC*w1}%9CoF2kD_taC>buj!XMZc~IFpdSO{Ha>-?=AJNRu9?dR;ign2=TIU3LH{%ZM zvI@O}`x#zB?$<6}*H7bV;vPT$HCF9o%*1CoVnVs^dHk@H$saO|*F}hqW0QS-Uot9Q0CmL&G6m&{ zU3HT`BTuTvdCS!JZq#@^qI`vqOe8Jl7(N1UKa(Ler=2O=^eOryWJ7jpuGC%(5YNV| z^WBhvcv&3ChyRuWHIDwo_QYX^ZX@3BTKnVdcQ!3pX?CUngrv8Xi^IqxMyP*QeI+0R z>3oizvTQh=-ip7SVtkqXf~1(E{a=(pF;p=vCbHC>4o$J{_My~3;c$MMny&}8NDMz_ zI6*Vwxv>x5NofggusI21tH1($i2Qs#;4iyE+MqK(gaufZ0=i5+)Hv?+K!Kf% z9o?T_Bh*tomUrc4UkBp*;eE^6x~to{$19;kMrZ>IZ?}Lk#83dUO|<9%uZt3O((vy` z*1wfsk13=e+2(bybrcD23B=fCN@l(-Ve_#hj`>-+8R z=K0+JS0#~3gdX?iU3HvYtu3-_f2EzosuvhpIX4zdhn3bvUhT0=Hp&MBCD z+-x2NEN8g-Cxr4Y8`vup^q&ffhs9hbr8L3{<4ENoZHTkvt)g~KS=a1`u#BFiKI)6}T4 z<)=j>XFU@8gJgnE>-Du zd#0dw%xTUCVr^om=oS!{Pf`{TAs!@ZX2&!|t%FAs3Ed!-*z-H^LlKy9P&ri=#Oi>f zXRH75mk=tm+HW`V8s5kfno!UP80OA2(O%AXHaBTl_h=c({5e}KGcDE5L8dLHOP%;+ z(e-$mJj1|l08X7}mimj<5J1`?%IP9h(4w73Q6f}~NR4toSpoYnh8pDUsk(R86jY`R zk*fvn4ph(YqT9-AL1j=Ai`jB5n1mdnYtpLJy=SfX5hRXtDhpxK9i&!Sj`m)meujTG zMu~1{hF7?Tm!sd;N=e2+c@1)8?(2Q(p|mw&4O_i$Q~dXGMCRFS&4t$)To~j%joiEN zKZqy>gk|vjjA-i^F<@Q=+~X?}5A_bxvPkTM6b+mM?g#5EanK788$ zpAiJATnLV(QI?dVvV{WgW1pqpEkG%jGnV+syAAr9A?vsDfXyj#$cOYFUK9w0$!BfI z0`_nmBLy<`R|5cuXNN|x0}FvxiSZw3R5i97GO*R#52s#4SDtK?+(>v#^zBUs0*uQ_ z6Jg=^Z6m-y;A8v{#Clks2G4lUYQ@8VemvDc)um49^#(y!#h05Yb?M9VCcv{-drared zH~GMxi_mbTnkdztR8SDq9b~5GcoeCbJrteL->D-Bm4~3>5rEHt1}PE+bCLeO0j^8zT`TdFeV=VvHvna%}2e~wq|4}ZTO7QfF+-pE_^htuZ! zA0wvvvKsc!H}c7rj`^R@s83?pga0K0jrXNyrMlU;KJR}NJ{(=5b&-OP108x#9E(Rc*>b*#r3Chls}u&YRRU znVRV4y(SCpFzWtKeYqi~+KS|Hl(`S+8&n)sYeRzsd8RFcK&hxqI0EKuDM- zBqHVPmMIu8A1C5pi%|~;hbcoWhk91`JM9Vo4TFopMuII>KK_Qk!})PJ{)1zM;`BIX zBc`>w%=hAb6HtxA(Xj5FM4`#JzcFRp0ypDdtn>X>*23@@KbR+H_UK0MaR*#*Z=nkM zq$(Of>Ljd^g87)FD$LV`qGZ`<;j%9-%p>ZDkeAktheswF<57a&@f?_Ox$X^ml=GHg z2aqs3uwHO@`;^}>#S~SF@NhjX(qru7Gl?y+d<}^?{xa-l5Z~D1pd`tm*7d=7ZO^!^ zbY#$l!PmpiU=kl8da{!uyN(HO^sT=i1Q2Q;iGeQP1|)A!yPv$c{!)ICaQ zpIv-ydDV(HJjNflVpzoytU=j?N7{2JngdR;X~o|ciuo_V*Bcjr`0h}o{zxF_-&J5I zq$?SKGJp@FpPK5qo1g-eyN^RV@v)1dK9u_w{^gYHiTvnHZrDBZ#yYa|N^@fwL6wP_ zJi%`s@)_mWYHfY-3BP|Pm*qCy^|?z;t)s4pWiJG@2b|D_ z`WU*u#+FbnxV0?wn~=iqHnP9G31ObqT|Ld=11xW12#>|72F>C6G5(IwcZ6hpbFwHO zFF(>?^pIO*dt$8=6A%v*TDSzCc3$zZ>~ud3^G>pfo;_}(2CTNzmM{lILHr&fT5Aa> zVPb%gh50)}zG*f{asLSpRCuYo#s3I)9!$1x0$=`&ijxPuunGv>e*Yh(j`KG()5YroUq*(pQoxLWW!fJ-w~6;`4vBI`|BDSd3eQ?*lB1__8-+ zt8`F8Lk8{KB@$z~Nmb(Edp^(VhqrqifvqHm%KP1d(S>wgxeq-kU+@H;Nx`XoEKU$9 zVs95TrEJeSJwvwxP{i$VLEJqMdjP?|Ycdv8{!G0I>L#$s_ox0S-qly0G$gs?R~`u2 z#IE84S(BW@jIz^#$c@^pLUSeC56dFha86e-Yv4#tN;)cur3}2Aeo@K>(Im3JN)3Z| z4_5Rh-R5Da5mD><9>krjfKJH!{xxE@N0e$GbTF8ZllSAECFzJvDj*R&SVo>h$fdvl z1@FN0<7_Uic%do*-5neX_I3*03|XN?oRYgHCHtw#q%%99Hpyj7Kn=?)8k*#_lW)WROK|gH<>zUM zwvJjJeCU3#x3GBaNkCAfSz_2$Z$IJP6 zJc0WBDssVachazkgusCiTAc@=#NKpykWg<<`8xUfD4A(#`zdoddz~}Ez^DH&yFH>n zk>`0BTa?6urkvhe&{!_pB}%lA9VV8^zK|vyR~O8gjGkugPCM}*aNC;1*T@CyR1Bz? zDeG(ygbzZkzdAa#F&`MVc(R`8S|AAwj#5}00ZBYUKW;NYT7xuEy41A}DVD{eMMp0O z&33HxAZ%{um5mrj0D#f-En6kxe?2{0N4S9u2TtrF$~{O42oTy+pxXO?+bW8+eNI8& z#D1?a+3sl~U6XwrtQtN0s45Hlv(!0rH$?*sZ>ExHis@V0;-8wMN#cGp1*H3fQe*;w zKTts`3854fHAr28_$Q;DO`f2L)~Q#sIp}T)kj8`xS!xBma5Lj*VPmYZQh+R7q+dt8 zAOqC6ihVV}w)C$0#*Z~HP-;uMFsNd98sQy6%FneVn-zB|i?2iiRcfP>P`YW`KVqjA zaXF9hd}d0d^1Qf3jj*n4;y=7>#)|oqfxm_wG&rh@v>}Q+K<(K1QpE8WHkqO2AkWtR zd4!`rkz{~m^gUpcku+-)Y}UB$NKNIQC<`W8cCmykW`XbdI45i|*lZ&AD1hP(!y*pC z^xK|r=$jaa`)wzK+n#hxO7IDm#DTO#Bl5%-sB*!~V!!{GYA^*f{$r}a5&N0q(4(`g z8lz<1s(GG8N#gvkdB%~%$9$weg2Pm#zNFB;1;I{1^MS^ zB$YwzaWw~vBdr3wv~+_q3?I3^%$#K(d!fOW;X}~23fj|f8e^LcbU+^dcOVcmSs$=B z+aQA+2GuMtVPx|iOPbfG!T53|SIONXSdO49-WCVnZP?tMJb04KIZr`U_ zWds7Ryg^?2$TeL4F9U#?MX$Joc!52xrMpEyA4qqj!&ci5T+@bU!L+HRgGtPEnH7cl z6O)mvFM|jDx8LtodjBSXz^_v-XW<(;tdtuA?+vY|ptDz2n;5AV_#l-Z3~P*eADyQA zL*M==(nSv<@3%9Nwo(>u=VP)SMJkP9y<1&&T4dAE<`0AuOB~P%Ly72pU#MKZ3cKj^~kqj{^Z@= zIFjOnguid`NiVa3Ex*u@&RqYS_HtLvnCUU$NZe#8lM!wOh#2!K)PZya?}Df^%BvEx zSG7;jVR15-iFupk2Srepso<%uo-sgKmKFu^Col z<_NWe0W~_g1QbggONk(d{Mf*7OL`12SJdPwdPfvNZRUm-+`QU)dsty*Y^&NoqON{w z;m5B1nE7nEVZY+-v?sZJns+Xtp=GV#L0C6=QqzMEeS+LRZ>iPLM)*B7>=9Czmm*VM zV6BKbQ!cFN>rj+e<8MPkTl>+TH};@a3BzE+o%i}wEp)>W8VV|OR{AkfraTxp_8|!& z6!^*r(a&}^j*h?BG*InZ>qso(FgeWOnArw-(tm9=N6{&bfsuzEggBL*g{4eR`FwvE z2?)NkewpQ%BJ}^mEC>FVS)NpwRtMn2d^w|OnMMC0XVg%}jG(S9iW-~9Q}5G@emt-D zm0X?!KTC4MUoPmbA}By5&> z-KKI*joL{Hrr)|i4W^Rkf3zF*SBb%%4;0NIAEL|)PlowaCZw^7qL6qx2U?H{Ih`_4CJpd5k~+X zMqpxpEL6zhvM;Y3Qv>lGL4>Uw!>goV)DbfpVU}#e6NYEo@|kYg#-l%RzL!gjTpblv zu1ZH!6O8S4@%UZUN5DaPzz8*52=a>@0|rIsCf-s01|U~GXLqz!To-Rbg_J5DsqEzB z;;4}3 zzY-W8^MFdh&TW9v{qg_GV6-FuBZDFJQyM=7JnK*DAe8&Zdi&G(a(!j9IX3Y6rZszT z<8RW?yY{={S}WO{XF^BI zJmU~6j|h=W_M2nlno^I8N5e&4!{U9^b9;DSIYVOmwq`8)de>8YT^+pm5$4cb6m%PS zF6y0ImwY6dcv<�@|Xy+dmix5{nTy`~fsb+KkQ}r%_r9SZh*~%wERX>5=oK>ajIP zso$FW9}^L630VhVJqg(>W#5D!daYJQMyL}xq214liFFPP+}|*G_*pg+?idsl)7)#QaA97Uoy2Z-gW~q`ZW)_%< z9sk<3hqnigxMwj>A5I zNEiOhJJ&2dqX9A2S;`|ziFwJ?uS6mbLA?EH%c1`=9Jycd~e(2R@ zQG$p*@(o;4fkQxjgV_>v`^l;YPg6NA#Qyg9M0~Q}8Er>A8=1}yODgP>*2U&r&e(l1 zj{$bavtJ9VuI{9rCNshRh3cLhutjn&wOc*tOY~K1$bfiHNgE=6M*B>p{(uDQh|D!Ji zJ~v|`(*`v6Ba0m=$0D_0L1x8Jjl?gpruUu>_F>{Bfp}E>J(bc5)uE+fJiP;COD;m` z)&m)h`Ulu>Q6N*w!#+NgD86nCo7i5fpoVFG@#?~6!W(?n$VKI7$>Nw?TC9G`YvKd> z#1=;=rSw3Sgln>eC_Kd$>@?L@3;}%u(jkYQ9Si3umz^!`M8egzVG6oy0!$V z%Ojy+NfZ`%z!xC>Xv)+v?~_sS zskp$jnXe0wBPN}x2D}~-UAB(-4hT!mjPgcxR`enhe?=8+V_A$;sQti-j8A}!{UxGQ zc(rHwk7Zf`Ve%i1j;g}Z3US_)c?RJQRIDljdtIiZ(J-vQayd;(zwdp~dMi*w68Mlb zol`;tcV-m1vx9};lH9g()G}-mdA{AGkW=*$$+K@3g^4qmL&FqZQ|6Usuc*y^g7z_I zo%xlxrRlYPDo{cQPXM8S-eZ%fzOwv_H;l=lSJmYxKasu0y54DRc+slw0mxD$^3b@% z4{MhjC}kEO84lJMYQupm0mFkH(Ewc~O!^xN&S$#DMi%p!Z|toA#a zO^bZ(VX;Pp_re&mWr2A<7B?5ag%*QfhfJ=_Z}dok{$^(sk?*i4VO1_|3hyY2OYuNx8eww-fG6))P z>1l!m65mNP#cpKeMR{E6vEdx@Xat2`$7SYKTXNJ++?2``l%Ue&uQI>s zAB8@q>m-C@KCA6}kK_fq=a;Bt7XHeR7-x10WD~qQ%kMY}c;oU#nfapNJBiLSAyZ{2 z`~I1{J{o;G&ivo%he~z-GdhdnI7!qd#nos|dT5<0?XCon>&gakjDw+@S7KwkPU@`b zwD1D$St?Oi_l@Tl5^g+C#ZiiY#zW%!i91UYU>gaEne%B7bO_NhICrf3i5Hu2_SZdd zchmEuC?6Y$VMfSbcyMF!sEWSKQ<*?SI5!_S*D1$9mX-S~+UD7Z!DqUo(X+#V+Li+eumD-I# z=2Vdm=WYeA0s#Q97g`X=FACJz5$_Sx{cJ%UI~_Eg?p;+?cOhH=W1Kqr_wHp?3RVOnkUPl zYK%*o=_}2<0GcXP*-{3pB+kvHkoh|n7ycM&CSGDA2%Jt^M)MlBnW5zs+bjDKif*QmZLYb(bfDXcDcxJ78D91$M9or3*_;HFPwl%(YL@a|& z_A@01?f3FaOy@?auKaZQe#+Fj{Bk7t+>{Utft@Y(sUWVfMCf$KARq~wM7M?GD#LHa z2uvWIEqHxQl&~ith?Fr$#)J~|;lr_=%iHhaI9aiaK7PRhN&tEgkoE@{tui8uQc4om zE6W*xBw$;P-2e|^k&-DEM*)UPCGr4gf^$57QeAT;r$#zZRS$%|nt;Xb1;a2e?x_Vv zOqdXoy!d%%P(b?6JlM+p(@`e;W%y1R1Ot|nB5#%QHOqZRp2RER$j#6gsT~Vns zXXh9psecNFxk`(%nWVZ22YP_2bgP5ad{Y8@$ZScH(uYqT8brQ83e>}A`vaA#xGDB+ zCtJ-AQewa9DhAJQp~M9eiH=J!_xI+vI?yL^Q)~mMN8P`<3j=ZGW&vq}W9GvA*yZDy zw?5(sFnI?|xPxi{hsV%V8TFqxQwzApL(wly(8Y2fgW5sWseCm=;LD*RJ{bEWmQA|g z{~oSSVUZrS$mf`2cKkJj0tcE=VMTS@_=h_ScN5Zp*wtV}DG8 z7B@n(PWnt^Jx7(ILxPC5Pf+&~iaY!x-$HkrmaFji??xACtdVZ#b~W|DoQV?Ks#SgR z((;ye%!*6#Baq7WL?lIxhrBaAALLTTLPZUya*C|$=4TA;vM%M-g|mAK;$Mzj6n#P| zGt*@sgq~dlm9XRYVEUnI)1(sP+SNT(2t7}GYN)AoZk`@=CVCFIR92t3Y+AP!?aX=y zh$nGQuRxuas7ko2{cXWUjRdI2d1wKCU2!3DROhRivbRbOYNROUA8$Vg2R4CjIvg?q zb`RO(6y?7%#0mll=3d@;N$iz2>Zzi4uub1f)29rnm)leaIu!(zmR_MZs)yqida0yz z;B_Dl%v?DpUTshw=$6q?@pBjdpmU%f6(^N46??9ywV0TY|5>tWNL`)B)<|4Kv1&3x z6%P0ya+MTlrA|PyxnPwST4|J3L{M3WUH|G>gR3vb!YJGWPQG_zz*dsi5(e4B)2h4e z=A`fZKn1tHD=cWqWFC9!E!Rt;;{ZCk?F+9{{31^JMqgHeLH#d=Ub9_-KC zxkpOp2YPmp&~K@VSwLKD-<=Lt>9a;Kl*ysShFJ)r?Rv$`I(=T8kuqK_qrYcHU2nL< zS1-K+AXacRdmwFdiI`GlXGEeeI5wWHudnI;IfUgNaf*$$o#tR#D$MK?>9GMO8yWS& zEUe62*r5sRi?T>mp)7sRd=n{raDO1F2zZylEc_lJ8jg~Xhz2=elBn%j*9k_Zzc*P7 zza%Bp!9x+Enlfn^GTxY#CkuzMdjp>BNDY`*9_mtFNvyV(xV>`qc)eX1cu9>BFQNH%r$<`1bNfGEdMgZ!cA3b%5jjdHqY=5!vA%;eCw zuC#txCo8Nu5+N{&BOVn@Wq-hp)QKW7g<$74M+t%8o)TtC!&~zpu_>>+9_46@^>z;4 zk_;vXsm6zijk9fG&*TSXLGd^xgnubLuV=?g@-NUh3|`7MKuZ)D4n2vsLpGR)o^%@Q zb7Ct%XTF^2hsBaHTY{su(fOfKyWw>1&F$_K5w#xF_;Y*YdRVD4W;4T{08%;denwl9 zo=IBXEoFnoOa{97>AN#rud3gx?K(nQ9RD^gs%H>EwRyl2Bi$%+CB zpbTHc;@tjA`W&5Dle*Y2UY-`^S-QyC5g5gb7*3C~C)jkZvyXu~qatm52F$#S_x}za$zD)zoORC^-wZ%<2Va788O< zq&|t@nn>h@LxL2u;`Is%NoBZFJgJa5JW3Pkj%M(Q^+bz9gT$6Gu^zFNRFy^ej26+> z9N#&dikG}872z#s9&6!=1Z~sB38!mbiXmuaq@LrF z$Y28nO9&I0@XNVxi&&pw4!`ckyx7^u(R!G0)fr>1aBv<;6!ykT2O{_q)0NS{C+!>W z1iL#tB*Alm9|*}4=sOLf2X9ykX|p`~&=w`AchG#bG2vQaZ<6`4{BiI^zer6_3_=OJ zGb;(9w`Y7M9HbFq`SwGraJ^j^&oq^L908AWwTzk1>x_*H(|A4HoD!ss)t*2LGuQCy z3L__tz5ByE$5%W8w@(0~y1vqlgTyooFJ>7XXNUs3K~AK*dP0nw_k1_^t^yo>!UOLv zxE~fFE3oxi@@gO=>d5knYpQ$7rLUwd42tZuUixsW?H?OJe_sJeeqcY1dEH7~<S71KU>%EyEC7R+Y)Qi0o2-e=?L(b$5Te@CW!37(%ejA2>+ARi z(mG=Oc;LMhB<3AqZYAb{qM(v#tKE~4(5hQkOsZ~-{)Gq2Y9)o-z-2}u99X&v|;#@=LHoS9Ztjj}#I9de}wGO(=SiWsR z=bD4s=NeY_cj9NMHVJCN9M!WD;ex9)hD1GiNM@!Rxx;hQY7eT7Ul*SJw8a;ot+{4D zE0NNzKtN9E%_7Y)%_Dx*pA>#Jh(u+iLrZG#LTJ->QyRFA_f4Bu&)?T{pPRO=jX$G`H-8T`jZg1YEPVm)2r1skG~RCJusu2*16CxmSx1`ZIV+7b&R zOIZnUO6)fTa3l)d`GT~uf8MUXGLmBn`DOg=w0_eafhLFU$hD*=KMGRwgN!|U1YrjL zI>!h8ZF}~$SAM}iEIw`vZDbEx^mQ6#2Bq9<460b^BQ7jNjJSHAAJfxnPF|JkY@760 zT|VQ(93V`COJ@{DBR{FzlCU6Nrr@|<$~;*H*e>D;F(*z;HUuc3at3K;czB|)ii-Lx z@gKZ)<=LU8I`7pWf{l3?+=oWgFc64EeSVp#Rs%y8Z%)HeiSE$V@l)R554{{8R;Z4Z zVjM4$;Cm#h3I}AoVZF~pAHe*>pZG0qu6o!4tUo*3+v}S%_dj3NU*z9E7_*uOm|W!e zL|6z}&^|1;+6w4Y2J*MAl(Y8rq9^maWknC3a5F4v@CPj`@l2Lx)d32S(fg5I?s7~= zwW8HgS5+ zF~@`vMt!>^zL2#h?FvWQIM+R4k-+cVXZfpIJJzH2;6I!~R8g1>l&;~ZZ1c<3GkhF> z#-Qg?`1kyv;)CF4`cDOt&j~10U@Xq-5fVczo_by|RG3P_t%SZxxeDsBD=jz?p(W>> zd7#q-j=9U>Qt-jJ&CSZX^|W(u(mmgh*91AuXz1`6k&G|2nUGYLAeuiMMH(C>A? zb#xz_9VP;JeX0X%yk?%B7kfFp*6{OOBfbK=&FAmR~2aqJU716{9@33H!} z3tK|(p(SE#egu#_v8EA2V}3+(&viz32=4|Hn3QF`05_K5 zzYjeq4l+m4SS5k$;v$WuSB4+!>LTI+#Y(tMML=J7<{{JGUtuRoP)01AZ%}U@bH`6| zC6SK@_i#y<=nL>4=dh)^@ITK9zNIDb1k)L-+Sgr>B4f)!pR=b!)oX}~=Ri`4C+aWe zIE^E?D5e2I9yjnmTZ`Il3O?3FG5>1k5dk(71^C%H{r4cWB#mWPD2zT$7YkOQSAe#{ z7VqWJ62?0N1kT?LOK-Z<wM1u@46>dlEgy0zj77%Q z0CkzHj0kQ%S|8okhbdW^8L**9hEaI4oa{t*2;3ie!mUn*RB?`xF`?9%>9?DL38d#( zf366#huezaRUjqug9EDr@W2T)gL6;RVN$I*t-y$apvVNdorE@HYx5_yF9Dk33M6(Mdc5Nr3x>dn-=PAuA2{cgVCE@vPwbH#zsrx*xOaCfwzc zwWN6;5ua>+>jeRXO*lSQS=f$B1>hwG!d;+1O)|O%L%s$I7*4~QJD`0I;9OmKp$`lf zCIBuc9A!{GzI*CF5j~SY^)^WAaygIJj^sr7^6x=#15T(=o2Sk-vkf;AWmz(jSS>iCAL!~AS_x$4W~kB zgi+t4#xa%0J=sW4|8|gpT7x#m2sOqcT@a!yaFhgov#ycY88t%#G?1SYRZ>t8KtW}r zrP?f-;`a-imaS+*z~?4pizrQ4f;?wbCY7BJ=g8&WbN0y2mBxX;iv6^dI-Htg#_S<1 zogg~fV8Wng7N+MNHr_wMQkLByl6W9Qs1l*GD{onrd#JC2Xi`}gl|H@IFGnqAQZ5_O z?&5aV2-k_Shr$rk@B%+?bMb?vj`tiS1>xl!^9F;0J<9fwXqfbzXpv3|3Nh3j{*X75Uh8KI)SN2m^~T?oW=K?i4uCxOq+1V012onsMh1~IK9Sd7+s>L9g=VPVt=-d05838pT{pOMa_MjBP&K_w{*0>X_l@Oe;9t@;E{-aI+>7<`=kkP(nCS+*F?5HO@iY$=1P8jS|3--JML&6~V!>ZevcL z3gcQpP+y`X9K5zGAS#4$hQ`SWj$M^!2c*y|SwkHwX;%1rymjGRC)qVwpij(Q`TMLo zImN>89Y1^KsmNaf3TYjyJ{ib6R)g^9QSA;b5%HXOp`ky;OOd|t__3mFYq0~r9d`%@o^cWB~Cdh$N|+!O^#pg0AP!B=!D@ zKgQDie(E2*$m8bh$*WE3I(Ybj*nr6_lqw%41%kz_JLY`L%{-J zk+gE13Th;f57(T#GESX;?yw*J$(As^gZDso$sT&qWP=3z*dLmO!*TrS%_@i6Md$^6 z#r5xAQ3o#SUc^QMSxUX1;c(1O`nPG!kv0LH?7mE&foWcy;L>uDFMleH7xPZpgrt3a zjF27&Qbkt*UbFvSF3wv!@K^& zJMwU*d_me#&q$E``GYwG^rVcu4N^VsBgensFe{8GHL~@x}+kx zX<{gMi^vpT?h|t0soaL??^*gLm!5qdjo@<}Cc7&1!F@}f16z2P?kf^nE=XKM>q|jn zQp%0fI;e4m;}c#dJetf*yz_@mj~{U!Lbj1X3FDMC+e$ow>&eeux6)Vh$qFQqYwFOx_@1pEAJ=1FJh-q%<5IP3Hc*7em>&5He? zVyrTKLGfsj{4elLJi`nMy`8aO_r?1T>wA8NCH-jxMZ0&HF*G#SBipU%Jp(n>r^NAz zF^wK!wc-4dZ%yquy`Idrvhw2+iVm_u%{b4Nr|d+zN^Q7Ct~^GYuv)w{D!zb)B<sdx7}MTmcE%70-E5U8|-Ld_=x#0(d0@;QQ~s>cgdKef3yg>Jx) z+a?~+hicQ!eS^(6u%NdT8*~km$zdmA2BFEkRyJ;u+pBZ)(#aO<|9gK{X7!Akj|!bKD2UaMsdn6QYw? zP9^<>WSS$mOy3q!mz2F}AgCo*s?{;c3mM0E&38{4YINO3doGK2))s`@xM1 zR14{kdKOqnS)t|YWyiW3Kpf@y8hUM!d>%?v4L&w-pDw>8z23yfn_XDl?w=c5o8FCy z%b%;Qt*x@JAI4mk(Z$zH$H&UbJrUYi@~hh=w^T-uw*kps?hZUH@!f9ZvL-= zolXoqyksTjgNX!UBc{2?ztZ#M;<;f@FQ+*$Cad6PTS-aZZ@0I`_Vc`FPw0yTCrb$h zqIl1OFNGgAZVLFW`>hE9-F-eq#|$b{7v9`)d*BP)m~iji58t9PoOc&GKi++1-k@7l z|7h_l`MtF#FZ3gkjk=}1B=&hMIIb*~)f_-kvxwtLqt(Zfc+emHqG<_e)M6R_WZ zlZBT=i}vNCLawkhRoSNE>n(m=pDljA3%#fC{-!~VwzYa>IVrS*-2Gz*gxff7vuIPF zfv?D_ejSJCJ$(;8-22JR`^lhPXE*)_d0>GihsZ_AxjS8NrjTz+uLu&E$2mV> z$~YKOe@s$V@$A^sBXOu@ULIYnT<=GXA74CGy5{uzcLIAxyng`OS>w`vRPTY8v+l`Q zmbL(hBc#!(ds0ETq%8_MKN0)TyfpVMk+M5hXb)W0PmMoq6!n_Jnb2A$Yw>pQb4Ou` zv&pi4%XOhEd~v;>#z)JiE<7TvCZZ6fen>he+cP*JTt+OsAE)uB4JewY?6PaAp+OW; zN9lI9yYjq>wrF$FGKDp;I2)|fR$yz&qDp0ojGC&XT}1!Jfgib9hKbz<3!9ts*t*Kg zrGi7u#@-Rtx1p}xC2+a(@O_6vB>cYgL)>X0MV?h)i` zM-}CAuV*%8X&~S2{t?1Qli}l2rsXX&YM%SV4_~fQ)56n%<5Nc(Bh|!8H%elf1`^j$ zrnC^mMg}P$JvuF9wP_d00%~6B&|)HmHqu)2e8)wIMnpzKE57v$&oizFwt2UD%7hSo zAM%0|gOM!%tt~}St~8KwaW%vpE%SIdYUQ8F0CzrzaR>tclfU%^kJaKk10#PLP9XV5 z2WnpA9vR|M!DFkWm_^$+$n^C`nwp;eRIx|w3jjH52Xhs|+>vnz6}E&LC(sb^ULhOe z;5yG5DwbA=1sJXw6obUaM?}W-={J)k!b9-w-sn-i9+K0ueEq`n-ZYl5Vn|Q)tVDGQ z+Rr`UHV&xGPwocqWX0#cUh5zAe)a0?e-MNlApY%*3;vw!jUV0JcEPhFMhTi4!l0F_ z?8mB|H7*c>LR-Sq&Ay*J36Lb*Nu_?qed&dsl%ekz9$lSz)b0p^wS8iWl6vmEc=7+% z<{Ecw(a|_~+E4R(FYsLA>pwOq)SXPSS>_R7V?(>Y--d6m-p=Zm;9!*`j?&aMau~v! zs62aFn-yPfMHZz^>7`gQMGv_I!v5I$sl0VbL#BJxp;-n+03!nW&VAPi3@&CisIYnpML|?vR+qP}nw(X?jbeweF z*k;G<*ha^;ZQJHM`PR&T)|z=P>bB~po>k}U-`)p9RY`{z%lV|ps{c#odA$%{4TCj+ z)GW1y!P>B;Vae0@`bN9iUAd7~t?5n+^54_y>#0OHl<&vOL*CxnKtV%84_rv$Yn>I= zrihdOYLE$v>?lv|9`=Y_aU7VdrWdyV-l&Rjsvqx-0Kv;yWo>e|IBUr^Az_vSQ^rDp zLzNDK#G_(=RHR@9Z27p%t5DxWb%AR@@6}|gB^d^<9rb*wr^tM+$BY%)02)f7XcU^b z6>^=-O`!tLx)FLxF1{lxNQLfgY9UP!=06dpuddj1j5(ZD;}LOy(ed2yknJs(E2QB? z1QuH#c1}FP6Di~%376C#6}b(EYPcE4L`_bVp6_u!L^=NiHl@#!eso5FC`eNmkG7-m zPDIlf+fiTamR5v4r$9EIym5%3d6V^hzU43&%q34|hh36j?>WDEQ*Tu}ma>B2=psru zlD}pMFcDujw+kA?;Wdw9zj8Mgi!otG{_yKxQJzVKgcI&kIGBkCUs*-Z@ep(5kKP{8 z*uqvd=Hy&1y4TN^!j<&T?QlNZNBW*g{S6^DY0x<;@~2tHVEr~IRuH7iUy`IMv&0_4 zp$bdILAd+tO+rdU17{K6UnB~}S`C9Yv7r~C_a&AZ_=+0QWOhkp3h_P@2Y0cGQrlV%v;=C#2!h zT|KakQxBn~_2)&n0WGw|yQsu-8q1~tDpP}d79azG1I`~Vxu<_HFkzT5qRosnsoCK= zl3H;ha+DFsW{BVdK?nyK6CwUdl94Glszdla2%RFnKC*zF+WKn})v&BokY4xRBK?hV z`Efc>@TlwU2fUhx!L?_7#@2VyF;;cd zWqqOEkNA_pY#~)pJW6VZj=I6==UGQJcWfRWeywZV3?6u2F{T$2M^tX_UuL+nFk*Zr z{J_NNy#e)7l>94l;^@;8D`{=@@hZ}iqm=BN#WmP5`9*J0y4sz;MSbcX?1)|T@D!ioKjh=0GBQi2dZRNY<7O!d?fE{-=6+#U7Q}{VzvIXe#~r=}187ht zZ7#)s>P|9D{u-`PI*FrlhsScUdalu-%x0ltjA+>XB*(D*`S~0aFW@yQ^Y66h$SJel z_k+~QShjTBW&%9=6eOCMHaMi)LnO|U3rc0!IiFP+b$J{G4pFUKBe`K})0--RL9cV- zsa9g8H`Mr+6VAqFO)Vl>%|p zyrAuIo>Y*wx547h(D3K*0^bUPGty}P-d|qYqrI&E&|>Pm%mevRfiI&iJ) zzSDHV+*jHrYX0@C)NUx~ggcG4E>Bhc49)92jg~*dqxmhJlz{vocMd^|W?LSB7Yx$d za9wB1N3KlOe@nj*8Lpj80<&av0!xrTEmPr#da1a9DMb;$oD*UrUT0r1RCOx(El`@A z^WH6&5W=N1ir+vQTw`_ybZ5}R4}HYB?O&(XB`^+&^54HceK7Qh=2%FG2-`h)gnrf7 z=5^B<%W!x%tRwa7gEgU0^#-$I{+JhO);2B;JjR-@&g^???n~Oq* zq?dQ75aUz*#gZO;MZ397o@VpYq{lXu(S3mQs-#Kcb6Tsxn^PZM5f4>yf<-r=Ev4ee z_2kH$_&gWk7k943LJBz_gX2 z4snbyWZf)fF)Q^C+#+#-%M4_eF{Y+Uzo2iIJ=S=qlX(k>Mtu)z#-(<^aH_si7k`0$AU4j}E+a&Uu)14;Hg6muPwG#j7d~&<<(IFTrN!cp+A!sbFzW;EP1|HS_>t6FaT_WWY6 zIGH2Hq1c!RNt;wtL@CMoqJdrZkL}E(S|Vjoax!;}5Ua^QUPo`6`<|4Gooaxi&A(#Y zOq3|2^DV+mdjVvs_iN}M{l(kL-=_Sty5y5okt;@JB0hB03{+M&_Wp51VTTAz;W4Fn zaxoS7PE+|gpP*)GzLA-wWbJtwRhEZCIjU!#0bhdCmOlfLptw^$Ie3Y2r(2K->lUQ9 zZ<-yOQ@?p{H-1gS@lnff%A-9~LO^=@6)QR4xc**rurGPjHdI5>Gz1||`JjPoF&-WN zP{la+t1$34algIq4Yv3l+HV8ZRD0cWp(3}IlyKxY_u}*#qBcd3Y&t95sI{huOIP

E+Iyi2TfuSr%_KfAxj>^K2)JGswkLut}E1az(ZJwlV@OMH?;#gsN zB)*;fb12K)FY|QUNn@xuT~zb!`M9!~nk;;nW{EX)sSJuceGhK{A*k(Ih0CtKOnz1} zKK&q-%^vrpg4RYXPbn+KgXzJ_**?Pzd_X01Q|nnkrNl zO(<=VjFes7_Y_59_6svnN2)z&#QHP49_6I;!C@LXn#p3MFPd0VUsB8)jP!R^?X`E- zi#e_+u3wAR-n!0TC|0zN7#;;C&-5U^^R^sD9~{kk5Eeh2to^JHjo2>5!901EY~ zr2@rHXtmgdrZ-pk>t4c)Z+DWTf}!qpgF-;usGxpUs=_`DFn=bgCS!m56PPVIKzW7{ zu^{mg0$*qDF60$n|E9%mCM=kf9DkM3-juiE;7+ma*l;t^!>*2oe%ZHk{}bqs-t-PI z&_)WBHm|r%OKBo@w5i7ZS5*n6Gd-6gPTE+|XUL3m6gC7$nf_xxbM*4^u1#vO*4N2p za}>O>g#^=2gp@ zE|n|;8e;0i+*9FbLYq?23tbV)^^UAY^PeoY`JOJF$W@0Xk9mr;C-og7+=_8ZSI*&l zdRBi=&2RwMdw`b%7c{fcPPf;B#89#OB!wD*(35XsRwuKim1Yfsp=gC&(Q9T^f(^v( zTGHh49s*ObCI6CwTyap1epV-OrZ3m~vzg(+*7kyo!J6P?PJ2Vi0i#bkxa4vv=cg!$2?vIpw$ADnv{x@{U8sE{1jD~Ez88jEmN6m!%*h1ere zDP+%YxJi1T2g3nt(kG)0zi4zfQ_%9l=1r3dC^nL&Dv@%+yS7bHosu2ZcE7!MFC>2% z#t(G7G`|Km8+NYwi~(P%zZ2Qoe$3I}NL{E;({4uc{p(R>?4O>YuwpXqb05j1JEmj} zJugo^QSuI1l%GJk>m;^tD~0EO6+U0W{-+Pssi>nBN$hWR7xgw2E><}M$Da3WM#I?b z;br3CS?qCY%TzCP(-01{x*XM9g~q%AW?yRY0CPJ(sXng@`Q0Wdug{}Z9sa%y6kYGL z_eX)RWFtR(WK3|)-s4^5O=aqa*5wL{P&^#M!4s-0z$BLK$dn14r?+Zmxutm&{mzhm z_N&)+xhslJi=tHejQ8+kSlcO64{YQpl(o09>Wr`d)6{PXp1%0h8ax7uP*+ zkhU;R%n`t4=jZ0cE5Oka0F?Rii9W{R4H{8rqy`y`FI=Z_o~15`RoH~Nt8`6#f&W~X_~*CHOY_Fd5#dT0M@)@t!TZ13Jh1QH<9>J zyxV2$1NG{ic0QYzM);I`FIkpz_Z|UT*M#`bnQZTdYo&(3^%{3~57u+Q^Wsv{=W!wb zbdi6*k|)52Xk1rs(*4(XU>fVYmIB(xmaHBbdTJkZ5{2A;r6*A=) z65KJO7n{42bv+Ua;t1s1`a4`afzw_>YaWK-)B-XcpO#H z{T;=d*7#GUE$Sa%k<9j)H%G&lRW{e?vb*IYM?o?h`MESp>iG4DZZ3s+@jar)uotHb zg2T(*<^{E^(qJ?1}B|CS!FA|E+} z+%e5|!xGCTX2Eo=?_p>`-leXH!%Ns+#DDj|iHkV;)j!x7mV;63z5ytPq?P83^5}8- zDp9}k(48#baBE@90R$8HM5jpt*T-uvF1^XiD$8{{qtQE2OU%MYvh>1f>7yCmctY$C zrro09V-zBCZ1!8DN2N2Sm%-f>m=Dr0(6{Jn!QXA7xhheKys&p(CAvG=tR z^*6Y94`)T+vnAz?fJKzS@Qgy!wNJKZ4RssqNFVm&gmNMF4_Sbq7Qmg#-1`dtg)KnK zf~~JMtzis{*7J8K$CU|j`|vjD*mci~LIHHGO{Q$#hf%9;k67f3rVKMvt@oYFL) z?PvKb46B8ThI(+8tQ{13WW&0R=g-$^knR^M-b=|{bxR~#CUT4rN90b`@;a(Ac(lk8+zGT3mE1Nk^3W!A zYU~d@88XgS%>9Wb{fGgk^+2uy;+H2B5>F7bMV~*EvHl?1<0M#b%2u(p|3he02OT3x zhYeFYkv0$LzQaQyC*6|ntEVr>Eqtz3^FQM2d6S*a!tnw~u@PnDiA<9@&Se44`CH1n|~3A2J9W&xYRDebEuP#qUg}0tJS3Pf_j{8 zBE)vXNh}#L&=;No)cwM}<_D4_OvGK!#;P7f1xglMQ| zW|?w}vjw*K^GvDAC}3*Os7=hcmyfn#Ih+0}2ycuuaULGf&zu`o-)+>8_-8u%c+rj1 zVGreQIW{m?k#P;On^K8<1gT=zKnm4HOn>-Gki1$O6x~`6Gf&kvI;GH0Nr}VlrJ742c!%!#DatyQ%$)v$d?~Jc7epldy=<`#m=Z%`M}A zOvIWyMYEkWAAYCcmsLO^c}cQT!1|pS{dSHhYR|5|-<)Pb>Yh4F3T(#VQ5&NcCA3BA z+h#dk8kEFfoki9Ue01 zUsceU@clNlDKR3oR$6BIW7`iqT&H%eN*BX1tiP_kfc(-L`A#z%Em|W_x_^9}5dhH~ zX=%FQQ4P@RibPtoAb4P_%Z?L9~jc~z8Z*5;UWWLm6F8C83+Z`sur`my{Z!;?Su595=DMZKl5E2u|I_S zoct68#e+k((d?3pg#lC%!LQ!unf69@@^Ja_ax2o@%ZHgf^>w-H z9sIeiPmbADpV_}p_REwuf{0wAyCY(uyGWqf{?aG>4s$R{d3=}6gwu+R`K$=MBKn4o zJl!Qhqs-HmDmpFkW~GlX{VqJ#U1SOH&c{U)w)6!82cubS)=U12eM*zaA| zQnt!}eM2eE(4u0G1Nj0x6YZLP_58&~W<{RitA4fh;?d37^=&mp(Az1DQkt@pXHq{@ zM|4E&^o6pVwE?3S74u8JHmnQKoSFUQLvLA>NgBd62*a(iId8)+6B7+jfaPQiVx+GyFbSaV?m^fe?z`mRcd?NTLFzY#b_n^Qvh zX?{Vx-E7Ss?i2vN^4KR>;GD#sAS{l0V&+w|i(vGESRfOj_yn;Wp(7AzEA5qpVvX4#UMDdvGEZP(p{tLScBV~FwteWK*5HFV zs$qmNv%1wT#Zt?usoVDhmWn<_6Z*Iyq)vd&xTCH;;I zBw%C4qYMe7lrb5=Gg zMWih$8~|z-CVNS(JI< zzX)y%bvirl$!(?be}kZ69{l^mx}mbT_m6nh(6an>?J_qKs!(GTd-(^rNlhU%xf`z2 zTM<3D4;Fe|_^%1?Y<#KMeyQ7sP;ijRIYqpF-}aPg(y3u9*T*j{!>jl-VXK7wyjE$| z?|NIgu}t>2yj;r$3u>t>;ZA2=#I@%yZXMeju`C{1XuRqwbY%WA(B#{E#+l$K83ZfX ztmcC}GwzJuRr&d{mxvW6yof?TiB$?owtWm@xM-%NNU~F*88;^Z-kTIIHbJ390=Z=y z2wLOvvA|_^-hQiqWaWx7^kL9nEod_{DP%?T#r7Y(`G!Jp_1t}JjI1{fH<+l(-Yc$| zH)>2w7j3*Sy~1g&?q~=DbHvRH3L*lbPQu7xo$006|C@$#YX|;+G!!FI4< zi}{uu{05v!gtoPkJ0BZC-$0R{FeQ(ZOkNXaS=`qyadOYhk05^CzW>2B;*1ftHpRsH zB(24o6!~u059ZV8+UxoyQ-b&hhq$`a$cv1XM{53RiVOK1uY1vj7kM-nxv$sudeo&Z z$}ioqZ4bU_Kt>QX$x!piOcoSKpG9}+n0)G7Mk3M4TR5&q!`xZStgiG7FVVaNJ9#9Ls42 znZ?NkhuVuHBZ_rxT#(0Bu--1N>vy$qz96r_%33g{P|Z!0m-)|3VZ8J2#~wo0$BA{!&v4E z5@bwS1?gM`hzV)Q7rYN2$ugP^ERX8Rs8cKlw`GfYnAZ{t9)Ul$VVQpH(8Y4yCc6QZ zb2LKDeEUTZ`+syy41+lL?;5THp@BAUS4GYWN8i(jvqK|{ojK&u?c?x1lJV8vLM-2b z1uSy-9G(o^nC|s{n05WXwrC0il+n3EHo=9WLrbY^RaCn0EOT@%4P*m`L(Vo~r*NYx z1oNUot@$U~$vGV6&Ub8?7NERgUx6_X=R|fV6|h^%YYBHc-e!x+ z3?ST$=%9kXDeiaJck*l~3^-1#`E|6a-(!yHE?v9y=Z%y)K;4O)M$l>@MYEtXsCftB ztF#jZCYi)fuJp{@HWPkeIpr1lBK=ZJIBShF(UNEDR??}?M|UWgTl$p8Xd z-WUk^+ce_X34g%l(T|i<+QEY?>h7f~c?knxIkJ{c?X1s31$kP%V_DU@!kWK5(x;gb z9WpZy!FF@#Do-i4WC9W@p&z$B=Tx2rvTN_Vk#@AV9Q+a<+Wx74ni2}fY3UumdqlIS zs1WW)n@8BAdX=ZT?!MOs{{6=9qrK?s!0Dn4hl!2Yg!TLYDhT#NvOtz&C9R0j2)amn^i~z zTWAVPFXm}QkOMRHgSZ3L6p9xI%|9r6H_jDva&JgSy6T*Vc=Xi;@`u#`#?Ah~1#`D~ z8@D-0*r`OmeE0No)bgeK?$W^w-X7}EOtLXmmadwq!7$~D>B=cKI>UfNHHZ3bLl2(K zeWFq>c=EIm>E2rWX%g1nc6U^g?>i}n3#m@aN>)@CJ_s7Kv?-ruNpa($ATeUj@aFnf zke3wb*=l;4j_d`7DhcsQv0OX}WA4muKu7C5<4J*MTWeIs`OFe7ZJdzwkER{QDp>WH z5%j$o)p`rT*rW$tvh(^)k=&Uyep~=J(Jum>NghMfk0y$z_usJ7fYAUiZi-kX&?WfK z#kjzzJ;2rR1EA(9=dN3D>i^=R&`4%y@lIDsTx^P%wz9k@7IFjnww?O64?=Gr@d*m4 zFuzLLmXswFdI_Lejd@4^bQV9M6k!NZ=E5SSwILw{jWo@CA%4hM1zGbK6D64ZoC&v$ zB7z+y#2zETZ()nYw~7@MU&%Kc^9sL?lACK9QW9qe!4Ta-zJ?PcGc{rKU~^1$(F-w* zBl#KKYID?AvDcQI?}kGM+%fMN7v1=stBp6=G_;F7S^)zhac4zYBeX-HutKncWE{$z zS98Nq=!AN=MjsAW+BFm$1DBFoD&-w!Q=21(#p`$$R}*V1j|f6Z(9hD#_2>;j{^{So zi;V-YI@(T82%yR^bXZCOj!a0||9Qn#g-rbOH;G=DW`&DB~n2Ss}9rnZC(e*Ts%98_;~bB_u>{6tec$Wk4fWAXUb6R^HTfC z?|;N8N}6S}YAjCg?_U!7rcb3=LfFd%(?Cn+E{dvbC`jJ<~-@X75%R%F`?oqQcj z16jP=UV56^a%Th{S5#5GUbE!5hFe^`SEdZ;2!=}mOs--o@e5QPHyG|q_#2P$Xkptw zmgCy+sg9)88_UR(Ss#L|1(K}6_G$@F&8yQr$-42#im-zNtELgYxKG_-LtV=@h$N^> z;Uiyr?n&Jc+^CF+vy&B(!bJU5GPSvtoBnAEJAmOPR$l|Y4c(BqrT%X5D3B;DV=i1j zY1Ce*ZZI^h4=;<+vUb+fi}RF__nj7kMRF79tOn0p-30+f?sNr{aGUr7C8s~ z+u5|kg*Zn^pA{6kPsQ4dY!PWZbF$X9MEYmJQg}N9r$RS-)x-7lo6=V!DWd4ZB>9H1%$8u6M0nc6uv0-o3c!dt#*OCNVS0yDN3>+JrTcX5d7`D?uIsB zm{0Y_%ylAkK6xQ@LfLmko4q?#ZY;w**^rmb)_Y;E*!FMg)Vy?2xFiNRasFa`c(_p2 zUrA0`OQUjS%xThki*1XVsz-^M`lK_7F&vSrqn01)?eZLIGz2?$qr8QhI|kjMtGtie zC;LvYG6QM4oCROe?a4L7Y>?8N#L*G5WLZlds@t}6&-~54&FkoPa0K8cbG0v4XpnF8P=w!RimZg)$HRdkiiQi0Ahkni z#E6K0ld#gsr|0l5X|HU(^_P(s1jBHVj=NhD(mq%V7zklp83jkPsk-PTukq1pQP8)I zF|4G2e>`gZYF4fOs^)QF56Hz1O?L6eS^MgczaR4!sHFp}xxCE&?EKGTs@$i>N)3bgQRCa+atOQ zHK3Us>+6;AQna;;oyNb+q^uX2IbI)I!@uA|8}#6Q>QuUkUk+ZNl<8*Sm@_W*#N4ndcSJmWi+|Is+_;p z*SDtM0GAg6uKKep$ajeMPkr>M8QXP^1N!vFW?$K%;qC7T2Ev$lp z%LzT+hJ{yhnC{i=e1)EqfQI}=eI1!?#c7aUy=y$-QWNtQI=T83(DLl9r zfR7^=5%5|D_{=@c<{H``56&pAk7~v^Hxo@t8@T+w(msUNmth-Y#rn4_Tw)A46LmNs zm_t-aX>*hkHatkoTZ~vX?uoF2Gi)a@0-C&)ap8FY6Lf8xGvj2z?I?b45ldRc+cK=Z zsBOub5I*!fM-Li`^!N1kBjiXih@LGw6}w#oK%8m`cXIYxMD7EvJ3~?TX8Q%A!&wiv z2c@~1%t-vi$o8LIyif(1miH;7x27J zWPnMp4?O<7>UHksX}B(lIeYA0+*;optpxrD$iL*q-SHYLBz+*O->eBBA*Qk8|7tmz z2xbO_Tr$}fybIPJJfbC>xc{#}!?||fjTd7zJ>!h((?0tWZT=^vYeF9U6cR5t!6t(e z6<8{?^IH&;<1Gt8KSnSOvRE<~BrG7DWA)nlZEs6 zKujDAbbr;FTqT0{L^g`Z55gj3WIF6did8B%LEfeeRN}6CulCCK#F%^#uqag4y`#0y zM$1=$UNrVXCgCb(v$4N#0I`OIhlGTzOVYXWb9E3mcXnYo{o~uXC~a;Xk)#wNBF>3$ z=`wX<*TjY3m0;nz1#Gvm#`-O3WjkNmrNYMRbIEjCNrs`4iP1dzTO)^i6?xQ|z-=>i z(xYD1*YZckFBYX)eI&3-3miRk1#U2}bi1G9lxkp4Dr8Y>zbRB~eI<32n0`-LES`f0j1ivN;}^Fj^$JcTq96VEP*%oK^5kPH8e1#(<$>L5{IG zZ4|p%D@VVw$lBSZPPc9FDbgisQGuaZD^<7B(z32|Z^HBuE$R?i8boFj^6#0=e3Vw# zvGsb{(5JfL^77@fz4Yoo*@;W^jSC93asXA1oH%Gtw>$q8Z6rDjdnjz)WSV-an(&2P zUFsF)AYQHajk>Ehork=*Rx>Mm^RVU*%h=5C=f!)A zkK&J(nXh9FO<+sQ{m#>y!l`Hwep27_&^9` zVCBUBq_L=FP$9D%9yPj56q&KUC9^ z6x!I3@Y!vX(wA<6#%F?q2(+k&l?IseykCL#T^plibdnku11t^P2;w(hJi;z7(>-|- zcD|$(U~UqWAI=Bx(tq%6mvJK|U9Dd!o2}H_{M+ZIbmje5bkHup<9Nol6A9dBB(CL$ zB>e}yQfWs(_}uY9OW?2m3*-6Os{w(b-wb{8HRUJJQ%?*vfpZMnTGL$?QA<0r%ZeI} z)${vt(m}viqj$s*=ju>|W}_xa$GO7q=iucNY#WB$4i=S`Is<(Yf>H#LE@G<{o%Bal z!hVcy$7D7)dd-sZd~O=$$~k~s6FqP$f*9jns|N1YARw8Fj2ap^EPr6Nd$SG4{|x1r91F$Vm(O9pX%{0M-hwIVJ3dN_ z3~tz%9%;=<;eJpQ6fHeLA22A4Ia<`%z`qp5Rs8Aoq8u27P7-&rfA+u4xstwz46;VRX40z1TTOdn1!>O=XWUJq~v*|(= zr*qLOvnp#e+8d?Rmn;3V$wXRkjor8TI-Z6q&vrU3{%PqVpsbCC;lQKw@2)Tk)&-hY zAAF!N=xX)meZE&hrEpb%;e8-@+V0otar%Ngp&1bcWQuC!<>{>2UwJsgL)Els2Np5n zSRTZ>%)Tmohy1qi-HC)l&T%}ybBSt(>N^PbS>b~<{Yd{}3(gdrr_5BkTA5g9mOTrF z5p`mRRgaZQ0=##zvpFa3N9|T)_9?~bT*-ZBNwUnGT4VMu0e&8A!YqD-5ium_LK2+V zQrmTika@TwKI{)yZ@=2HKj@K%gVI=+nD}Z*aG1q$I29M@Oit$z?#(l7!44%0Aoi%Q zRP_P__@cgz+h0`3eYcd3IW>CR69yWM!3i4kQGGE0QpV`e0ZWscq1Hc%(IIFsGw5s@ z&~?xggu`h6$vMek* zml?t;t`2J?6VBob!@EEt=y{xCwHoWtNWy|gTSbIWQ#~sx1?@4$J5sQ#lmFBJ|9jdt z=E4NPk{tgl)bR!x3az;-KoBGDmCXbl17gS9MXsl6D03FsAU%*%D}0y5`DpNw#EvTx z&)aN7mxo81U$^%-caO*@{`G!38=%iRr{*#woY8apJ*#-%>zSM7(EI*l-a{%at$+V& zy8r&__NEfBb)Kv5+IeB^18YalDPNb&@@?{GrP3wAPBL81Xea_{wBe5=I5# zW8d!Z^?tEd48r<30ozoqqhhm4b28cS^}2KOa4>oAwnbu2JGu4L4eVxkz}a25HSdyO z+5#Gxy_~~6>>YeeW>zWX)rw8GbpKnS4kV%?UQ&Q@U_saw6)+-P`r3}?kz_DQScL6_ zzDhofWFpM$vuykr^c!7(+*vKYlNfHa#t$6PXofNsq1VorSfJAUndLt}vKl^-_?;x}MGYUsGug-&*aLb>1g*^@lofp<%U3Sd7udiNf^oF%8P_Gf49X~ZrpI@I~a*CLY@tt6w{qR z>RLv zX>fUwx=Iwux0a0(#A#mSBl{};XO%jO^ZS~AJPZdwRj;0rv)eq(LEy^v^eV9P=QaN= zaM<(vG*;>nvPv3xg}R!KFCP)WZ7SgO4U_baa}kwg`S5&vWTlfTXW;2vKs8Tv2TGA! zC=S`=g8Xh=(oh3q@ta>AGe#G97OwwGV#3-$pNNZQip+3F7w~g%5a&e*sxl~=IXqmY zdC=Ouq|V{mYpp;P2|t?{VtcBw7T1OERH%4;(HOiOqrv!uG{82ONW|K|k9 zi9>Eo?HA3Jrz5HkPL0S=ZmcJMEj4TqAtPgm58nVBr=@5N>0A*(ca2#umm&D}f5lh0 zsvtf2W~P%2VMQ~yV64!c7qvFd#1AZ(n#w1gB=)q?3g$%U#+Fb~pcm|-Jf)K!a1$yQ%Dab@O8ZCSG=W~falFVV3Sf%zf;HBW zqr(_W8h8`LgyV>6~Fn<{mzQAC5S$DCL-DL2VSm?9*4Z-z8`Wu}QP1U>W|CE)M)3CLDts?2JTaxD4sP&j56 z%ztrZ-5b~NaC1w|!FzVE_*X|7nJ_Jj!y|FGYskz^oKcl6%stnpbs&QD^L+zsOOR0B zMC@}{dACg^ry8G~LzWN_!3!+gs|67n5i!%TlTpR=(!af^ye=}oMN=bl}(L2{cb(`%)acJz|Hb)|l2P z0Z5wj%LK{5Gk-~;sB?;9Qs6$sf6Nwj5b=&4>Om=Je}U`|1$>I`ztswxqb%4q3_nsT zK%79kBIa~NUSdeG%jT4c8d*xZVCi%WK7m%(o0;oFb^J3xjl*ky6Ymy2og{A^_f!w7 zW_=mUA-3#BIz`LtDs@@~mG}Wp3080mDLfyccLsiGP~x66^H-FD3bP1MM1L@3sG9rt z+k{>O={`UnIwb5e+LU0h%1Ia;lIA#V5i-OUL8DTYa?{s-i(FghgQQ$<`MVKVI?#-L zD6ai+n=tSMSjdesW3I;*{X!#~Djiw!<4`)Xa)g`(a zk6A!4FkpN=-gqdbpo8hXD9HPxz(ivP7AEzUdfEw|K;vDI21QT?#xR)R~#YKXv9ABj$O0X-W zc8m&?(R^74qFDc?dg|i(1b0@Pg&{d8&lh`K;cGtotQB2Kq+wo@LKn9yd$46)PBd zTp}vwPJdOTGAocvET$fS%s?sN^f5;O%<2z^UXCE-EhC!N?e^% zX|cjQJIH5}AMtb)d(n>M5j_N#uA-`w*qD>ZG^k+++se5!MAdZiecIaSRcKQ3*`2^g z`;+M!flnv?(iHSZ(Qo<_%4QRq+cSoLi|a8~-J|2BeH0xnaLpkXRV=#qQ3Gu{3Px=jnZZFNp&7)6EQZm@D(e z=#HlOAEw=XdAUq5O7s-!BqK{3)qhaw>s<)@F~E6`i69$;k=&tF&^-+;A$ULxeQavk8i*GIueYUF*G$GaMJ!kR5rpD;p37g~6qh zFTOt3Bj~1~0=W3Nu~u@$8*EbI?Z>_gxlYNOxW%%T z(XCvsdtTX|+j0ndjYOw_pDE<}c|S#(Qj6#6XLrek&1KUz)E`b*gkR+>}j_|#jpF)a(V8t%lw49 z*`?Hn+a^_191px-xJlK@trL^a5s<|d_-Gp3DGkOab+SSs+&@Np=N4gaOW+7TvQ9jQifCN zgJO^{Q^@+EW5~T|T7UdYW;0bb&CJ{7ofM{%I4dPz-BX5Vu@Axu*UO^zm#!Y;_)*&; z$uR_1XU;11!%ZSH)LHKEZshJ!3Dt&ijFZ)SWAN8lRtO`gme~0K?!kKGh9_F^tsC~# z*NIi#d-NyLqfPxW(w@2S8r5Dg%5QJ|ZiW}zn0KPWLNgm6@WtA9;}UpH2A#$yDIm4Q zbv=29Ac*%tmbI5g|6AdQ7X!X1r^pe==@%;JIL#|K8RL#OX4^?!K;5EVD4jK!&2YVMq1mi5D7mSQ!3#Ew0`1ORvhu|5g|=< zdhax+Uj##J=Fjq7dBl+>3my7OCdJ9QZ47g{J{7)txKtr@!}s=HRy-Y8Y8#^eHAbDpm6Vd_mj(UpvD2F zUtc{z=9zvF5fEVw0TF>#N&&OI*Otas{oaZ!+t!f3XUy32UHTQsMAH$68Rcz9e~Twl zyLF~Wq+&?WB~liUS_Hi6jEcm8DY3x2sh6vvrhpV6m!TVx(K&Sr__^$7irw$T!IGq& zsGAa8PG0vMO||U%K`E_RS(5`-_4JxI?07PN#YBWRSMq9G_rDlB=itb{w#~=3ZF^$d zwmq?(Ofs=;PMnEt+nLxC+qQfA_q_Y;`|Q?M?f%XRY0eksU{5}@H)05E?opRNd>BrAr)nL!^?OjyH zFwp|bzl?bF5j;s&!*X(Oqxf_LLnx7d8u0aSJ>T#F(;(4+keNTpR1k%PytB zCi;(~!$HKqjh-k@C!b83TP^~}(>EmpKMI`u$)kVAs?>u192$R%R3G|s{nR}AlSLaE zh3YGFcLx`*hmpimHx+p6IQGG1CVl4zcP6Lsp8FNONZ&p(a;-LjeOxDox9n@hU^+mD zpEJbq;J&}4B-BWVC>+m0fDN`Ugkb#h+ggv)0~iO#j>fQp?+b06N<%U13wymYGzU3ayvu5z5eCNdZD6}I(8rpAH zwCZb>{^FFoLwxElqb`}o@04VjPIC~KVFUZC^>=~oVSrtg5LntjPOBI8eY*)+jFda9 zOY^HyL3JS1FXiR`ZJMm>++#)AyeEv3+SEe{<9}e%oJ=Y`{_}O?Ik5QwMXdT2K)j2g z^J{rM0P`NOU!(#G@bQ|z6}q5|xawA;c1|b2Sr8hqri4niK-dP0IDPo|_|v)2>KGD? z?4eKE0abZ~kv5U@bjk~3dGk|duMwWT^d4fw{}BwCad#4G5VfGII%t~7QKw!b5YDEv z>+ig_-qce76v2B>eLcSL_ibF(mMr`9FHLl&j;?;lgJZazW4H}Vh)wqk%3oS034M-{ z0l?J}toDG~zX~-NIJPYB=Zy_@J;+iIyYwX@Kx2Iv6QgCvlk4^up-g<@IV;A}`X^>` z4=ft<%@FmG=$k{-HfGm5>#<*;qmdK{)53G-`6~1g0DjuP^Fqfb_#?aNL;v z#NWV2=B*bgi`}+KGk@jrTdgPDk8Zi4a|3Y0>k>OW6zk!aB{bi5c}hGOS=ArBR(aFe zG=bk(uuR%+Ozd%FF?d8kzQbO(2G|;;Ja8q=So^WmtaeD&6jkw z=`CY4OI1=~T%D#vPXazch;sKzO3)sJi z5uvF!UwY$jU~Y&zMcTvyF9rxhlWzSjNfI#k0miI}x7%^f4-OyOVkbAm*LZ-r4p9g0 z;Lq^(TIIX1YXpdfz0W*?SaU$$`1ts5AHXweF6?wDA&i+G%2*DsvVesA5EN7SGj#G; zYVn}#MIG96Nb1XpFhJH9ycG=a-680)0C1ou5DK>}nNbP9#Fp0QIpUp9q_D_n>^%aR zlKVy?u+R9-dt_bo0RwK9^uY~AfKYU%8_F6iMBlNQZ-*GG;t3G_B9z>(()zV7XB7r; ztrvmSN9Fr~QyQDpiJ;!viP1Ng<=kP+WI)4uFk&*y>GsX#X^pMw4-R?nFTTj!dHA>h z1^L`rsf8Rs){#nVsum8UQ`_2&iayxf1#IXk#{&4kzf1~j0FL}LF@SxMRzPohUmbG` z{wjP1Ii=S-bho*<67%23!VfYb=zB+SFwDU@uvKH}O>NoR2YVJ=GaNR1$w@}Hxhs+Ive*j`4l{iOjH~Q#7W=%=nx=$^K#E1`-$crn^JE(5 zT?S1=r_Sws%E4*t2_My=4kK|vnMj|4p+Dl!20dw$OYoxil6G;<2{0)B&dgruh348I z)B&mn4G&v>SN4#H%FQ<__l!dZftumqbc@bEgo=<%0Z}VG)ac3!hLTt+U#LKrNedEf zz_Z=86 z5C|H45Yjoh-Jo|U&h3}-Ck95A7r|mkEy^H~q6YCbq${42Hl{HS zt4x5367j@i9?f|TwESo<76wUBZ#pn8p-QV?(TydG#!Z-5^L$5TuiV|s>NzI-sR(lE z&C#;YkwLu*FfuAN|GB+8KBqDYXis-)eQ|8#bMJHXg!z!f*dXosB#ChR-F!`ahB&iD zx4R{+^J~A$nOu^x55G2!82)cHDgmy_0(u|mpR+m8giEHB8NkWYG91)6){Rl>$93o@ zV9uE3?8g5YP5haOItu7X|Hy0mCHt&rP1b<_!rWn^H70oo@$}%^$11h)lRiU?VZ80s z>MH3wqw~Ov2E>JpWn886kgQYxJmTsl90*;0YL_vp*wA2Ognc5YxEI?AuX7gN#pn(1 z6Pg#Egg@YBH~S)ZcnnGst+t>5eCT9nY>~18mZ!wpNKq)t8FLwF9-5^cR&m_W*31Uy0@&rP#JAx8m#AzFr2_Hh&kx?MRI3Yz9c-mX=?Mq#Z!cRp`f*JEq_(FF%tCS-9JqwBp6t(r}yXD)Y|uO;EcW8Zx)Owa<#tuB!4 zNI^51k0Jr+z>a%L#nRaG)0&`DtA0RpD!;+lUwkHjcx?{AF5mL<_r`(^9gQ4k3Np@# zf;~2}6rmOW4h=>tXa@^M>mKUcz0vuz+cTE1Tx?u@&*BS36T)grnlrpYAdqf?_Ux(0 zQ-#=(W*cB6IZgE94=wSvJ^mY*yDo>KCDPWtaJ#@z*voT))r-y0rUrH?0q~H5+SCya zZUiYjLmp};HAT{~y^^^O4--GXR@xg`UqIed8DTsf; zUN}G~KGBvYzeI&i%W+R_^7!45%o@&wiB@W5k~&_zPvDZPoTPjoHahXOz$%)I!pa~G zN&4|L)a55i{mE`~4s}=e%C&!RqT|*{1e&0G<>1okC93u22JuMXMsD9sPhhJ*z4ahMYY{ zw?kc~;lC|os);xUtC=$b={aljSTb$zAeBx~_D&wRyBDp@jzWGfUT?OR+E?EeaR9Yl z+&X+c4l#k0PIUn%n!uS-Mq0PNs>p*tI0ltOwfwT zsLO}YANT5LHxZtAw-!_Wo+!rT3P({sec32F z(};YColhej!LZBqqxQV2HzxQG)wU<^N9HJo(7uWTSzx)d5EmBOX#~-G0tDY9k}3-X zf3zK;{R;S{0>7R=#prsgG5hzhYRiP-+Cz=nH8&kR-1dYq4Yqw(-RSf2(c$2XElPL( z^yG>|eKuZ}FUWz2!(Bb}Qzs{ukirHVZ^UKA`fO?50w#G0fUhBi* z7i66bG+PoPh2Fh2+KfK*Y#)~t{QTHXdWj6Jxb=5pxCg{i6AuKy@I&Mz&oXfc}mvwctf zbw)^rNDjz|kb;#a@zCL60n@U?k*if<0xA!^9b;X?x;j-vSUQFozLkppy-zo}G>$KOp>wlLEyM9SoD-Vs@gVH!QP$ z(_MXoFg`gdfiArDrXQsCHj7nfSkPk6a2;*a#u0>StAkh@eMLm0B zLZJD+gAT32ybxi7XZpMB*sCoO8UoBqQRb#4*zh{ynRl-{&g)tVY2G_Mj<*E;2cH>e z6)!*_Q{D_PW8w+$6e_?4Z0k94-tTg7R+JuFdMWFO3hjB`_aPXH2*un;AMHtWpa*O# zu8iNId|>tOTyVhb6M+zK=O(FOD*?WGoe(vrq4dN15k_{r+Y6S_nV|~cQC;?8A*azy z0jRmw!q7ihs2UB{Ond@n(i!8m{l@elyqpF&qb}8VT&4?>tG-7djW^NiQyar=CK!7p zbDJQ8yf6ki2Qhe`1=`B5LcTs0PIUkS#ok704Yt%qOuYCeKFk)?2*sZ4?~H&W1^<2z_10LDrdmyRE?f9S0 zXn@^tzc}8W{PW?;D?~}8G?aXHI5*cOJmpF37Q)L&s|}0J)zQaxvnUsR3qwR0+Z-yi zoT?_n^n&395$puTtSW?HYJ%h~bJ8dwjWspCN$0@#*1!A^jQp8oBr{tJ@E8TtuK&W% ziwR=|{4v|u?Y*GfU<3g9ZeFZD;BS4fxZw=?MWP>||4Rr>Qn+Sl>IW!1xeO(rv5E+x zRDPOXyxKClFJLzPCFhJRC6k$Vmy84>wyp z%O6=VJ>pIzqf(Z<4uWVa2urEKSf5$!5mnXIhzQJIS)DMSHcc%#6eZ)T( zvSrHJDHNEuA$|lPM*L?taAY>o`ly|tJaN!A?nM0%Q5mq&G*t&%-<+-b-9i?RsYLFn zv2#Wi9Ov-lJU>-YZbRoSHbQLMM4o_I)@L@L71^QDe8NQO$EakK4APRl){?T(lD*{t zKfP5t826j1WJ!5J)kT*?i0)>=p#o=)Rc#;>PWFe|pJ?TAr3x)6SEMDzrDh48Rui?9(V5E^ z40CI|nicz1LyeGKiPQ~b1Jc!R=kzp|evq-NMoa49J6~<`B60&_$`jUbYd2XzcpD|= zISO1s{Ft5F#vSFmk||k~9Bb}N?|rz3%@8;1^%E?g=tBIyak*|n){^9tq#FVT5?a!PX z8#b5xAAV;hbY^D<77aP>4eaGU#GkQ3+N>fN;W8&-J%~U(SqVMb&sP<{-c-bpUdcM4B%4d>b+UFD5QscF_25B zGEvh<&xqFE*p!!Vek%@UP;1vXkJD;Ta!IRF-m>Km%(earZf~S|NFs4OA3@Yqa1CV= z=w|S-1L5jE0IVR4 zB&YqK(0RXF;{Xbu|7;gE0{~m6pA`4KN^x;Y9nV0e4i~v_y}qy6Jn;NRtu<(9xqgQu z*vSvi?8i^vHI<{Kv^s3%ZX(aH8)NCG9j+6+C(qy? zpmTCELiE)XE6OEQd{vo!Ua~IYBp4;#7H90{ zNx8Of-&@}PMj_UmeR#4nZ2)+9PG7d4(6VlOyTfVVzz-CBdB4Sx`rwZlqFwQ&I|Yx` zd~($xtb9vaomM@oeJ}pTH=N9(I{#edF9gEMwpqCnvnIa^9ppT~Nq7~VBd=G^sc&wu z>RZP5Dho+G9W_>K`bfF5PpFKZ6q=+Zq_G*< z-WZ`TTJRV-$Du25UGD}AAO#Y%$>Ox)i~#PL>>&Te5mUN_0Chnb3(v^6hz72 zg8|Fzne!6z6*5K^DuEcS+=tXKegHfsgK=H4 zP{~x7WCU)t!)vS15s2b3)&ZI_i7#w1Q|o%Fc@mruY|-LrB4 z@PqPu)W;!#LBpv<;mL6s47mEX6Zoj((f{!Fw&p@MY9LAi;A9Ce6&KlC?KY0QzMa9%6uNoBjG@HJv@A^)D` zG2zooTEXkfHUVOt%?B~Y6Cgf5F8p6QoA525BlZpHz82mG#(flEKMO)X0wDX^w&Fg! zF?vSl{pdvk)K0(mBH|ejzYF0a#hU@PZ`Qb;0rqnsdTlc2C^s2Cx8K8B z7TPGbi8*s>Mm?q72~{@<$(IDY$C^JrH<^!gJ(|)3zY}%?8=KeMYar59L>0^0U=w)f zBF*e7%^A9cnkwNMizb-vyVJo4>vGI=Jc+HCd&xLJNiCj=_3QoCiT!HX{~c!PChuk= zJJxcC{f;}raRru@c!|Ocos$13(OQUWU+@CdsT&yYkjudf3PX;QF$u!zbf<-JgOaUg zc8l|IxBlvCS|ivaK#3(3gWJZKALA?l;>XkN^+nQOqN*_~(G06NGeZQjrv6pPHJHBV zG~o){j1DK)?|piWR>aTTj|?wWObloh`H3dB^tF9^+tvqgosR|hz#<5RcH8Z^0eAnK z+n8IveDk&^%l;WyqV@6EKOj`bS8W)tQefq@pn^gtjO5<(<4l-;Ng`Juf+7d?T0sMm z_ip~$vk(w08sFz3ux=D^I-Nih*b9kt0yR2@C-7YLy#5`62d_3TI0#B|%Gpvvvt{&< z$qA^*pr%fV$@#t@;s?_&a~p&>38Pbl;$OjicnYit3}`YS`+_KS^-k)PX_{05kh3*u z%p)nT#-FU$n8apwSyjGcQyeafW1L9sdGmbLJJ|#E{}%6@Wvf2C;d3i9qCEWf#=c z@EbHgQTlXR6KWXo?bs3ZHMD8!cd1|OHRqZm--D){8F@Fm<1{OOZ^MHY_&Pd*C3V+C zAzL+;pDYuOOb|?I7ErP2Kzs%D_w-6XLwhB;NP8PpQ)H>^St+VyeHju2N4|D+yfkLmWzFKiVX=VP7#i5BM04% zHouaKJnqYG5RBHcB&m}Dr>+-GfF1FRlk7KI5@43usnbivzsk?qY>^Z%&~7)}+E4Fe zaE;^MqU1<+0AH4T$LqGCr~$xe4v`^X+#ScryPs@yvjdOUugPtsJb3lItFp`JT{q8= zP!sOTzH&$kn$=hzmAM9kDQ>%LAtRi4F`mKomGUEd(PMh2Rh@*z%96#)z}!fYJf5hV z&GjJ;=Wtz5F8su@fPTfLe7i=%N@To5`eO1p_m9W1^*W^=(qcWFB(`ExFOxDRjw+RnfGBS-<)dmc&Lxgth^-_`y*ukDMhIMgAU z8&^QyCX69Z(6OZ-0iNmzwY+P(Fm8m=R&CdaEf|NDrYR)D3|L$#vqg)&2d$_g?p7rT z-0$ptuYR(y2q`Reu~;l)$?sl-KCt|;g}weSPKt3jre@&ekt;kWWie-iA_<&9#EgMN z)ggq8WbhoJ_|=dcy0C1znq-t6WpFx8g&DzT z2pB>=@WIa}83$YjA*?N8&t?XHVJ&vBDaV$KdZ&Y)opyJvv9be?chXB(JolJFTw~?A zC2Y)?x)WG}K(o_<4CNB9e$0?_SGy zK7;PL_4|Pu9t`zjVWxx*J36*XO;buITx>HLc{A@KOIB)IJmN0f;r$Otv;vf3gppb& z^{Nn#gZ&hlg@Nl9sW{)4w&2dt$7<1Ub|A;}4$M(Ac^I-L^wOKWP8|v;@Oep*HY||e zT;Ema8OnXjE4QGLRVyVDHj%PhbgP*Be1+G}P&J@p?ZI*0RdvH6cs6Fd45CmgLwN0D z5G(OqpZT|<=zo_KRr~$6FDB86si4Pz4lHF&a^Q=yxR;bUe}gTOjnh5uh$AgelM96& zRNHn%;bPC|i&noU`bQM3=!+b8$f%oUq{{Zsfy~;fUxzn#fAUXHY)r*h9)1NL5d4WB z{)%y0)Q$hp%7kf+qMFWwL_OnB=708wf zAwN}6{A=dKl_&US!<2-5RJCtR4lKYE7tj(V9U+2Ix z6D4n0`P&!vZC?23zQboL(8xf@^JV7j*&lz%@|*f503Xrpqjr35PUiXRnw)<>F`swn zxFuqy6GU=dfB_Fu!e?N1o{qf%PX83o%j`K^ek#3Su<)v`>>49lclV6`zXpu@5lTD5 zFsw2Nad14)YIh6z?RW8>oSdxcE)@sA9$sg6T7nUMysT2LJO8CEnVzHt#1t1#d2&R{ zrl58=u%DJx#cZuZDPC9$`yTVL`$)W{F<;&i#_zV`0PFt^srp#F6Rwehz{>=aUV?0b zO(HzF9jt$i41usuRJ zCDA(*Wil7T$fX-i7&!qn?x;Ikl(DWEUUWRIqsm{EL7T5oH_sDYJWX1m4EDxGO1BuJSYikgP)4k+_NiD?|end40J8FR1?iTqlIO1~A;dteB6kB1)LOhhm$pn&7&xEIY)PouFJhF1grpoSNuB}u?`lKfA& zs?!&fx_m9Tp{?wA*;8p*c$qh@z{`?tdlt{1;&dY@g@?Q)r9SzN24dS>%)vLjC*i0F zU755upF1fJJUMf{DnNfLR@)diu|Ptlve}?veh9C9NgnPAasv99ohFDh?b1TrA*?aC zLELhd&o{bkk!Gg0lPUECcum@Tbvv1E*K+$a!Dmx$cNBIl6jIAwNO*JuJ%1GF*@xEF zQzaYUk5mb8oh}O-TC<{g#TuwjxVQg3-MxWSadgz#W*Lq3W3ChZ* zVE?5kMiqF))@rJnUAHSpc%1!{zu4}djd{N`1m#L9d?F{4vMkG6ss-;f6OpHExj8I} zTn6cJ9JQhTdRDVG;KV*A7B80l7I$gaYzWb#A9>Uq=7JDP-Ab5DvoBB8Z<3|PuASa$ z`61y_{)j1hH^ID$qVcClH@di^;@~~2EeC1&VLGWH zv;uSRJ*ysgLK=DSANp(eGBKK2J7$$`DokyQHWn`Dw!^o+Y2Tlq%o=2Ex4I@OCK^<4 zs@6AtNh4E777g&~%=1~D8IHqSEl{=p)S&%ws-R1eu3IFMWk{gPSYv~l9x%W`WiN7O z)K#IC#i%3i1gaBnGU}zB&-F~R0{r*@$!=Fz?i{8b+ypgfVRC0uWc(yOj?aCpjKo?W z47sjv@PzT|?n75N0cgD#ws)@7Dv>gnWuN=YT|N}0^!U|0ADiz-Lh`Vz3#!P+e@Ms?AHwLTnK$eW`=uUmF^!UBr0>8Ng2#D-zk7w=y(RweUZ z4B{L)QzD8_BTT&0ZA1tqv&glKH>e^c`;QBv?LEN>h%r_Ij{++sD-5h3_(xm%SqY1Y z7*4n)6z*Q-ZE(9>&`SJ_Eyr>MQJ?H!@lT{2{9aIofTyct-(%unSQYfSD)?mqM9XWu<$O6@jvL z@|Z}fUady2BoUOPuYvMXd`>g}#BTVv0+n<-W_L2WAUb{8EP0|#5o>t2H5OOQ(xTzL zk&|U4SS0rM0B1oY7<1HEMUKg{7V$Q#i?PdL58aiL7)xw{>nmW928TXCMj+~f>aY3( z+~J5u^;Lo5-!9LyTe-6?j43BMb_r=#`BS&KT(#cQ{k>tHUUh8ML}Ci{KiAu^9^uky z`CwToyCV13#m2fX*rE-ZDv&*PX8FU&V=!{zYDnz|)a5m9v*fqYm^xIj$nBA%mZ&ou z^32kU?NEu(*%7<}y{|`YXsZv4&der(*dQRer$z{=+G5$s9PcH=xM<)awX}jzla?b; z%+SoxF7Ky$_xYAtR0c3*-uAl|L*KdD=cnRrg6S!|SdKJ%v{e(olX_d))R!MJ?>HUB z34ZO}oIozK>RgUxoeiy6U2vu~(YaeH@Y(9xD-=67vSnk2sd*+})vwR&UG{rhsHa}_ zYpYH94n@Vdm-DVi*;ig=(K^DqJA0T}J#rbGKLv9>wUi`GUwBxwu3e-VEMM8NH1^xT z>$hcot|~Blf_CRlVWRQle5c>GtsSdJ>1M0FV{)Ej3v3PgCO*ETjA|{VsY&141l?3$ z_2!oI?J~x?`CIkV(W$)6aD(R4(~k>I4JY%8mNNYZ=Y8 zQ)CEmMTzu-`>4H(;5#_g!H!X}D zsZ(4bC|P>h;1N0NuLZx(*<-uNtDL4UjID2`ky1WwN7^R^G7xv#>&72V)g-vw635sl z84J_1rhND8483zOK^@d^?rp@eZhe;05N>#Ta&-4qPp@h$$U&@bDOf5SrAuBT?1QaQ zVI{l!-dc)xa?Jac(CG9KU}poW+(Guo^kcfF;-X^hTkuDcZVw^8M)w78?Dq72J=qUS zV?OZpjlQjD|F9-=*$EMVulBDJNS60e2bp$Sc>#Dj;NRLqoeH#ULM5&TkfY{z^>Xv1 zNPmKCQ`yQUpJTFS^UQ9Js*;&6aQRCxTVrc;uQzQEpeuJ$+a-ZA;`EE3?glvD1O~Vt zcj7()PFkSm2D(zq7!#nx{ajn#@rDIwG4T1CgvTOr*^sjYO?032kv!$b)u9Hng7qcd zNr$S+9y0Lm-$NOi^+dadOG;1kxq@J0APs=;;D4tit7Xle13mmdS%RBx5M5}2^T*-z zXo?t8tUEgW>H(0C^CifPAK!RSbl{m!7lfM7papE-dY$vW#)%lQeeWEfKnx-kI> zmQi;_grU2!u{z>z^2%K!0TlEfmjI^^f1Y~m8dPqdPpISRvT|haG_GL9Jc+nLAtGLO z@6-PP3Of1eUi{<3i@pPeeYeG3f1qHLygKIN|3-n<_lwQz@ije#X5(K-!4S4r81Mgv z6f{UDX0HC?u}gkA3OoW>%VydsJDN30^MjJPjKIl_=5AkQ{o9O z|G$WWn1>z7l3HjkU2pGy5d}Zy|4kJ1%L1?k{qzjqdaYPD+1Lc^Q6%M?gG7S7yR*SY zpn3s^Gg@M{>`hQdJDzCiie%26pXd&Kh7oYN6XVBvO@4A?nVHy6D z=SS1eW@;%@eCn{AA=@!P-=8XBrBremR`U%5Ji@5NiWVj7!o9zdCdr77yVQdCx&A6K z^dlAETBVWik~NWNsEJfm=iGx|W;A0XF*D&%l)N)=x?mtmhqNyw^DY?ekXC5?uWWWj zjs$pXm0j!>p>mM~GRqAYg(;(2!w35mFN3AmscRG1f5Ys@fKqiluT}*>K(O+XEO4zuFrkHio~~k zv1(q4ZM$%FPp;0^?f49N$G|Lo=D=9yz;RH$9i%4d^uj@WSpvzZ!OAsXqrefPfNgAYjCUCT4!L;sHw zexm2>pAueg2D2)hijjg;2t%(Xn@3KwCds5qBVOh9e(8iE)y=Ylzv;8sFxBQUgEd@< zXFXcW(s3OaWYH^}xxy*-0~N0LRJtZ0L)kLlp4tz$RpMP;E5IuH*UpYQLUn<#uf@9Wz$lmJOr)uQqHpmL+!e>@zUs|wB#Jq&PsR}z*9-d>i zxb&qpX7ZAJpEB&>?NAHEdtd<4QeM_^v^-!-exSk0A z!6(?shQ6`?y@&QY+6?8FrZ(PaE)_J7a2$SN42yaf8ri;qao7QkB&4?dES~!Og6+F>aNsxzo5CJ=c7crtmO~yj)`WSx zu75CT#(vGdWp5#q-M-hmDj-*l@0^B5vj{|d4P2r6X7XuiAEZ-wfMM`_Lr7vy7I}#M z_%6|3=n2cUV!|)xF++hDnklKU3?a}ZIjwtddDZrIyhYb*835Ury8qhpQ-h>a$goRm z7TlQdeF87J5<(y=0bkL3@hS1*>@>31-H?8c!HwC(j#JhrycPC^jN;BbeJk}QYxCDI z11_NUWOL^dQF!>ppC1S5@D|Y4324uAn)QK_cO4CWs|kPDL_RrnnyvsuRnwiKo@_fy z43Ic~+&hI)&y2bM#36o2Lw&3;Ntd+?z(#rLpMc*IyK^ANM;J#x#(xgce<`U6uALV0 zljqN~J|h@mLO`S&kW-oK%=9<7UvP!Z*J?iwKyVYk%d-S05<6J6g6k9DXHRX1j{iVFML?5D zF%(89Lir(s<7fx6$~}FA>^nXvmvGGRz>02}sQ3}4I&j~79SmQnl#-U`+uTomlW85x zBfT@fyEU^xR26JE*-Juk_Ub^2#k;nhHv}8Gq&Z(w z%6Y6!5j7rQahFz5x>YPG`Wym8gm|6sZJyjEZhvyzAP_NwS6g~)8}$`8u+epA(&C#q3>nMj&K~sx zXSCEvycWgYUmilrh%q&)IjYo24B^-nF2`m=^UR_lS7xr?30?_l5IZXE;)3{s+Qi>) zS@TGb{(6FLvSgs{-@33UuhDLI27!vhFcj=l%Xz|X%H1jM6BB;93=%+~Oz%wco)kw; z?>kLA&Twt#cPf%_bk0%fg!N~n+s*+S67zOMiav(^XWuk@+_X_e4NoFb`H(vWld zD@p%VaX(IR=4=Ri>4pnehhNIyoD%E=B=0+O8vLKot;42^y_y;6<}0nRuLCZ8S5-sL z-6*F6-62Vj{ym+y=CGeIBV)3KoO+;`z?_zGZCyY-6m_z5>({o_%U3r5O#cV{ugUA9 zT;ya02tdrrAFqw({%ApWnX6vzlkQinT?rGiDRY@^AZ2Q;o{Utad{fv$0~IzdLAoFt zO~i(xRJurLzzZg~=e`rP|LygpnrZpI{TUI5iW(6LA%&cgu5<3f>~(Ubrx(;{CGL7k zfd4=ewLHXq_MKR|kpvbk8?^=%Ozni%D>DSh^t7KNSHEYs#U@%a=-B+Gnh@Jbr|lm9 zc-w@Gi?+=13cddq)YJGbB@V}Cd5Y+HH~FV}5O2ng5Q0GUqp9oAd-_&V944P)WOlI2>47w3-B@Rio<3miMRvI%59}!mQkzUgK?F7>CA|0-CpEqXJ+5jkZ}jkt<%r+QkfJE$rPyQ9CDMMP5>YDd zh??`1A`O=Ep_wR1?#|@dj5w5S)v4%M!|Uf>A11420XIXg zuK2M`!|BXV9xIM2=GPJOOYCMLb^pFj!j68{bls0Ta@+)YH z3Z|7(yA)V$-|N=f(b+t%aO>AgU@P1xwf#Uo{>#gtRCabCbX$9JSshtvJAandUkHl6+wgaP8^A%Qi{}SR&`~XNL&$aymTvAFefI|%*6%4^M zdQA3jNg|@)#>z5T^ZnD)q9yrz-ca?YkJ|nOt;AXOc{|(EW*nk|NcY-Cu~uA zd<>lP>hUGd7FCPjN_Cf>N-PG8-eXrsKeB`OViUMXjgi$%vuAsuPx#Jl9~ohGiZ>>z zRde`en__GqUbCOvUG%T{S;COnG`SA~0vpWfe8g!c!R*hc!^=@*VkQ5>KmOZ}GyBM~ zqX2ql#bw1f8?Al6f6g%%iv8Xgs^H`zARHpq)_DssYAVwIZP~;T?oXy9S%xtJ*gKhz z{p!T|EI*USWIbQe>5Hm!Li4(`duellpBFzOYloT{+cjvrOR`&t$O3oFl?5aEYfT;Q z|9XuCW|u#%$RzVkjiBF+$l;_jVJB;7mJ=2yGiLy+=6gIeC54q4Ckx%??+g|w*qq3| zy?_D}QRZay8Xj7&*Cd5(2$FuEhFQwKFxKCsh%2*t4Cwd>(7{;>!>=ctHf5$A6PyJy zJ=`Del(v~w9WBQ8DsD9Pixj;6iyfD0sbAra#MAHvhHr%|$>HHQwx8y;VF z*eJrRbPz@fjvz{TcL$WN&u1-M}2+m z4)U~z;}>D9#Lr}wUXQIs70r#|aBEJ3>1HcIYEj*-^8m>dY=l2DohWUfpy$-gjf)a+ zsMAZK=d^zpz|LffO||H%u#H5eLxY~}=&8*DUy^8wa7 z@lEA_M-zgL5hy0*j`1>`qGFDxLPAgxc2cBC(8cy&T}3$VIDV|1zo{{w6cxYBx(#1* z?M(wwAdV=RiA86!PW|3E3q`Qca%`PBs1F}fQh!upD48x&5DF|Ku&16IbLs~HYB5OZW6l}%fXKrjIF6s zR!>lQSw*NoCJ&7MDdC3e!@l8iuNOc*CONFP($;zryVQ_Uo0Or?})bOY7?5 zvngz@(f_35sFAXMUJ$p{im&iXUn%kn{{yeRw#h!XwzMzSB?-H`SfN7*1|ClXtJSFM zEK_a8U7;dk59e#Jgsxz7b+UHqb|em)OT;wbv@7=bdmeGxB<2Q!(}|SS`J3_q1ZYg` zF{FgEhSrqvm*gGKRG^XJa6-NYw;IuEgIt8~d->u&AQDm4(E3U_9%(&eA21d`Q#pjg3;J0SsR7|t)V2fJs@oET~S})i*K7gLi*B@jjudBfk2zC4N;>Uh_mt=iBSV6lF$VF zF>P7S=BKxB;q=zdqMrB+FcGK@*c%TD7|E%D#KaqFJM1*`}D3uGD6$DqBYAO~WskLvWVquJL=^nk9h* zj|ArSb7&4>xbAarT4Ez2!at+JR@``hUW9_jWjq14#3Jl*Z3PSUQw$xSJP7bB@K_s+ z-x&3;G_^)LI*l){gA$=$gad-_$qf$$gg(S>Yw}oRm+hEA!7|sS`wgPr8Dpmg$^X>f zZ)@Ahlyj>>GO%{WY6iA3nCr`x*c8R4WQlM#zI`J(Vh^pOq>x&%gD1S@vEVFwQJ|BK zx|}pMQ=VBXgn`vfKa}d?|AY`_e9zm0w{d;#L<0N~egY5^Ape7NLd^9YOLh;~`^$yL z1z#z?2p)l+RnEi-r7{Vsc_ex6BIGvmdGB%OZF8~Xih3;-_wzoZ7O$V^=|4iv{Qk2K zDeNdAV>WrU@f#LP72Ti>w0iJab1OtMbN<~2U>ghgC>FXpa^B=HS$Yv7AduMyQe=zO zfG4z}$Gknk$}Qm?nr0IN7n~v1kWPm>NB-4?`uEnc*N!mg?kY-MV|*|qEtYVrF3^R2 za-6okvf#Bygt22J`$Gl;#tQ+Ehx zMvZ{~5hOec&sA|_K*WuXvL@pMdIX5B=r**Mp-c{Jx3M#f=?Pz?C*-&Y;qwNpg|;XN zb_&G>_E`gxrQ5(`=`q#|;|&)Hg0!kW4N5=Giy=sLaPH&V-XBN-0-rQ8M8N--TDk*l znXI7pi%9)HqW=^LoQwCpV$WMIvwSe8 zjcZ3Sn*?Dmjm{_+W@j~jZy}>H+Q&WLoUcXi!a>2FJ-S%H<9|%oLjV-_<{!Zvn*9e5 z+dvPth7?BN!iCHaX4{&j_vie9EIIXEwI{e6JYl9JATW^zwEjZ(3DB*goCtQv^g5A* zVa>3ho;f2VYs#O!@!u9K#<)DDOp@LKW~Jxa=3Z1uA|JmaEC2TnE|x!g1lTdyJ;MZu2=Kth34JM4H*lZC=MeQ~zhTi^ z?b69K+o|yBcgV_)@{v$eVA6T5Z`dctQiW0hF&%ate9h6$1-#CCC-ANS8e3^e8jd_B zxg?+U8{U%1cJV)RYjwcz9^0J)Ps|bgr=4oc4I(^RR0p6Vi9ecU?Y|vKex8=g7Xo4i zw1AEzy7HgPqj{wL3H~)}35tH?vmxGrB zoM$^SU_r2aR3_B$T^K-8xhGB(T&5A#DOvCVube~SG< zCuMY-AAgqTgtf@t`CL*=k zjY1F4XcsWRmIcn}dqSz<(xW%9M!3U%!fQWs7P<&r4XqPvkZ*NxrYZ>I>oA=C(a&P{ l86zR;(`3&d_?BfCy3mC#bYTbK{|^8F|NlEOAA|rP2mow3*VO<3 literal 0 HcmV?d00001 diff --git a/charts/janssen/Chart.yaml b/charts/janssen/Chart.yaml index 3d12ded7e19..5f8b71ae67f 100644 --- a/charts/janssen/Chart.yaml +++ b/charts/janssen/Chart.yaml @@ -5,21 +5,21 @@ annotations: artifacthub.io/containsSecurityUpdates: 'true' artifacthub.io/images: | - name: auth-server - image: janssenproject/auth-server:1.0.1_dev + image: janssenproject/auth-server:1.0.1-1 - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.1_dev + image: janssenproject/certmanager:1.0.1-1 - name: configuration-manager - image: janssenproject/configurator:1.0.1_dev + image: janssenproject/configurator:1.0.1-1 - name: config-api - image: janssenproject/config-api:1.0.1_dev + image: janssenproject/config-api:1.0.1-1 - name: fido2 - image: janssenproject/fido2:1.0.1_dev + image: janssenproject/fido2:1.0.1-1 - name: opendj image: gluufederation/opendj:5.0.0_dev - name: persistence - image: janssenproject/persistence-loader:1.0.1_dev + image: janssenproject/persistence-loader:1.0.1-1 - name: scim - image: janssenproject/scim:1.0.1_dev + image: janssenproject/scim:1.0.1-1 artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: 'true' catalog.cattle.io/certified: partner @@ -38,35 +38,35 @@ maintainers: email: support@jans.io description: Janssen Access and Identity Management name: janssen -version: 1.0.1-dev +version: 1.0.1 dependencies: - name: config condition: global.config.enabled - version: 1.0.1-dev + version: 1.0.1 - name: config-api condition: global.config-api.enabled - version: 1.0.1-dev + version: 1.0.1 - name: opendj condition: global.opendj.enabled - version: 1.0.1-dev + version: 1.0.1 - name: auth-server condition: global.auth-server.enabled - version: 1.0.1-dev + version: 1.0.1 - name: fido2 condition: global.fido2.enabled - version: 1.0.1-dev + version: 1.0.1 - name: scim condition: global.scim.enabled - version: 1.0.1-dev + version: 1.0.1 - name: nginx-ingress condition: global.nginx-ingress.enabled - version: 1.0.1-dev + version: 1.0.1 - name: auth-server-key-rotation condition: global.auth-server-key-rotation.enabled - version: 1.0.1-dev + version: 1.0.1 - name: client-api condition: global.client-api.enabled - version: 1.0.1-dev + version: 1.0.1 - name: persistence condition: global.persistence.enabled - version: 1.0.1-dev + version: 1.0.1 diff --git a/charts/janssen/README.md b/charts/janssen/README.md index 92a89afc090..acb8067c0b2 100644 --- a/charts/janssen/README.md +++ b/charts/janssen/README.md @@ -38,8 +38,8 @@ Kubernetes: `>=v1.21.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.1_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.1_dev"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.1-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.1-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | @@ -47,7 +47,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | @@ -69,7 +69,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | @@ -84,7 +84,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.1_dev"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. | +| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.1-1"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. | | client-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | client-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | client-api.dnsConfig | object | `{}` | Add custom dns config | @@ -95,7 +95,7 @@ Kubernetes: `>=v1.21.0-0` | client-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | client-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | client-api.image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | -| client-api.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| client-api.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | client-api.livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | client-api.livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | | client-api.readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | @@ -110,8 +110,8 @@ Kubernetes: `>=v1.21.0-0` | client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"janssen","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"janssen","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.1_dev"},"ldapPassword":"P@ssw0rds","orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.1_dev"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"janssen","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"janssen","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.1-1"},"ldapPassword":"P@ssw0rds","orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.1-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.dnsConfig | object | `{}` | Add custom dns config | @@ -122,7 +122,7 @@ Kubernetes: `>=v1.21.0-0` | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | @@ -164,7 +164,7 @@ Kubernetes: `>=v1.21.0-0` | config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | | config.configmap.cnLdapUrl | string | `"opendj:1636"` | OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. | | config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | -| config.configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| config.configmap.cnPersistenceHybridMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | | config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | @@ -188,7 +188,7 @@ Kubernetes: `>=v1.21.0-0` | config.email | string | `"support@jans.io"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | | config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| config.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | config.orgName | string | `"Janssen"` | Organization name. Used for certificate creation. | | config.redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | @@ -203,7 +203,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.1_dev"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.1-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.dnsConfig | object | `{}` | Add custom dns config | @@ -214,7 +214,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | | fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| fido2.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | @@ -386,7 +386,7 @@ Kubernetes: `>=v1.21.0-0` | opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.1_dev"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Janssen Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.1-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Janssen Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.dnsConfig | object | `{}` | Add custom dns config | @@ -394,7 +394,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -405,7 +405,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.1_dev"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.1-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.dnsConfig | object | `{}` | Add custom dns config | @@ -416,7 +416,7 @@ Kubernetes: `>=v1.21.0-0` | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | | scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| scim.image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | diff --git a/charts/janssen/charts/auth-server-key-rotation/Chart.yaml b/charts/janssen/charts/auth-server-key-rotation/Chart.yaml index ed656793ebf..4626a78e35f 100644 --- a/charts/janssen/charts/auth-server-key-rotation/Chart.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: auth-server-key-rotation -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Responsible for regenerating auth-keys per x hours type: application @@ -16,4 +16,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" \ No newline at end of file +appVersion: "1.0.1" \ No newline at end of file diff --git a/charts/janssen/charts/auth-server-key-rotation/README.md b/charts/janssen/charts/auth-server-key-rotation/README.md index 258bceafe73..a0992aa08f7 100644 --- a/charts/janssen/charts/auth-server-key-rotation/README.md +++ b/charts/janssen/charts/auth-server-key-rotation/README.md @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | nodeSelector | object | `{}` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/janssen/charts/auth-server-key-rotation/values.yaml b/charts/janssen/charts/auth-server-key-rotation/values.yaml index 841cacfcccc..e2d66be8a2b 100644 --- a/charts/janssen/charts/auth-server-key-rotation/values.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours diff --git a/charts/janssen/charts/auth-server/Chart.yaml b/charts/janssen/charts/auth-server/Chart.yaml index b20ab647af8..e66bc31d551 100644 --- a/charts/janssen/charts/auth-server/Chart.yaml +++ b/charts/janssen/charts/auth-server/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: auth-server -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. type: application diff --git a/charts/janssen/charts/auth-server/README.md b/charts/janssen/charts/auth-server/README.md index fecaef2a965..cb6dfb40127 100644 --- a/charts/janssen/charts/auth-server/README.md +++ b/charts/janssen/charts/auth-server/README.md @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml index 7df84899fb8..57e9720726b 100644 --- a/charts/janssen/charts/auth-server/templates/deployment.yml +++ b/charts/janssen/charts/auth-server/templates/deployment.yml @@ -59,6 +59,10 @@ spec: ports: - name: {{ .Values.service.name }} containerPort: {{ .Values.service.port }} + {{ if .Values.global.cnPrometheusPort }} + - name: prometheus-port + containerPort: {{ .Values.global.cnPrometheusPort }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-cm diff --git a/charts/janssen/charts/auth-server/values.yaml b/charts/janssen/charts/auth-server/values.yaml index 123ced2503f..01f9d7d30c6 100644 --- a/charts/janssen/charts/auth-server/values.yaml +++ b/charts/janssen/charts/auth-server/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/janssen/charts/client-api/Chart.yaml b/charts/janssen/charts/client-api/Chart.yaml index b460e2a2e6a..a89968b29d9 100644 --- a/charts/janssen/charts/client-api/Chart.yaml +++ b/charts/janssen/charts/client-api/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: client-api -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. type: application @@ -18,4 +18,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/client-api/README.md b/charts/janssen/charts/client-api/README.md index 2c242a71b3e..0da3318dce2 100644 --- a/charts/janssen/charts/client-api/README.md +++ b/charts/janssen/charts/client-api/README.md @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | | nodeSelector | object | `{}` | | diff --git a/charts/janssen/charts/client-api/templates/deployment.yaml b/charts/janssen/charts/client-api/templates/deployment.yaml index b906ebd5781..123fe6266a5 100644 --- a/charts/janssen/charts/client-api/templates/deployment.yaml +++ b/charts/janssen/charts/client-api/templates/deployment.yaml @@ -61,6 +61,10 @@ spec: ports: - containerPort: 8444 - containerPort: 8443 + {{ if .Values.global.cnPrometheusPort }} + - name: prometheus-port + containerPort: {{ .Values.global.cnPrometheusPort }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-cm diff --git a/charts/janssen/charts/client-api/values.yaml b/charts/janssen/charts/client-api/values.yaml index e9efec8bce5..fd1bda7a4c8 100644 --- a/charts/janssen/charts/client-api/values.yaml +++ b/charts/janssen/charts/client-api/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/client-api # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/janssen/charts/config-api/Chart.yaml b/charts/janssen/charts/config-api/Chart.yaml index d3344eb0fde..a8720f46a2e 100644 --- a/charts/janssen/charts/config-api/Chart.yaml +++ b/charts/janssen/charts/config-api/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: config-api -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) type: application @@ -18,4 +18,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/config-api/README.md b/charts/janssen/charts/config-api/README.md index ce2b72e6407..c729999816e 100644 --- a/charts/janssen/charts/config-api/README.md +++ b/charts/janssen/charts/config-api/README.md @@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | nameOverride | string | `""` | | diff --git a/charts/janssen/charts/config-api/templates/deployment.yaml b/charts/janssen/charts/config-api/templates/deployment.yaml index bbde7b20854..4047f8bf596 100644 --- a/charts/janssen/charts/config-api/templates/deployment.yaml +++ b/charts/janssen/charts/config-api/templates/deployment.yaml @@ -56,6 +56,10 @@ spec: ports: - containerPort: 9444 - containerPort: 8074 + {{ if .Values.global.cnPrometheusPort }} + - name: prometheus-port + containerPort: {{ .Values.global.cnPrometheusPort }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-cm diff --git a/charts/janssen/charts/config-api/values.yaml b/charts/janssen/charts/config-api/values.yaml index a1794f57ab1..4a538bc51ca 100644 --- a/charts/janssen/charts/config-api/values.yaml +++ b/charts/janssen/charts/config-api/values.yaml @@ -33,7 +33,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/janssen/charts/config/Chart.yaml b/charts/janssen/charts/config/Chart.yaml index d295f1a2fba..2c99cb1500c 100644 --- a/charts/janssen/charts/config/Chart.yaml +++ b/charts/janssen/charts/config/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: config -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. type: application @@ -18,4 +18,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/config/README.md b/charts/janssen/charts/config/README.md index 1fe462dd763..db697a0fff6 100644 --- a/charts/janssen/charts/config/README.md +++ b/charts/janssen/charts/config/README.md @@ -54,7 +54,7 @@ Kubernetes: `>=v1.21.0-0` | configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | | configmap.cnLdapUrl | string | `"opendj:1636"` | OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. | | configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | -| configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| configmap.cnPersistenceHybridMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | | configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | @@ -79,7 +79,7 @@ Kubernetes: `>=v1.21.0-0` | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | migration.enabled | bool | `false` | Boolean flag to enable migration from CE | diff --git a/charts/janssen/charts/config/templates/configmaps.yaml b/charts/janssen/charts/config/templates/configmaps.yaml index 25ccd3a2076..016dee9a3ca 100644 --- a/charts/janssen/charts/config/templates/configmaps.yaml +++ b/charts/janssen/charts/config/templates/configmaps.yaml @@ -139,7 +139,7 @@ data: {{- if or (eq .Values.global.cnPersistenceType "hybrid") (eq .Values.global.cnPersistenceType "ldap") }} # must the same as the opendj service name CN_CERT_ALT_NAME: {{ .Values.global.opendj.ldapServiceName }} #{{ template "cn.fullname" . }}-service - CN_PERSISTENCE_LDAP_MAPPING: {{ .Values.configmap.cnPersistenceLdapMapping | quote }} + CN_PERSISTENCE_LDAP_MAPPING: {{ .Values.configmap.cnPersistenceHybridMapping | quote }} {{- end }} # Auto enable installation of some services CN_CLIENT_API_CERT_CN: {{ .Values.configmap.cnClientApiCertCn | quote }} diff --git a/charts/janssen/charts/config/values.yaml b/charts/janssen/charts/config/values.yaml index c7c874f3802..02f9b16d80e 100644 --- a/charts/janssen/charts/config/values.yaml +++ b/charts/janssen/charts/config/values.yaml @@ -83,7 +83,7 @@ configmap: # -- Value passed to Java option -XX:MaxRAMPercentage cnMaxRamPercent: "75.0" # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. - cnPersistenceLdapMapping: default + cnPersistenceHybridMapping: default # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. cnRedisSentinelGroup: "" # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. @@ -106,7 +106,7 @@ image: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. diff --git a/charts/janssen/charts/fido2/Chart.yaml b/charts/janssen/charts/fido2/Chart.yaml index 9ccea256794..5d3b2afe7a9 100644 --- a/charts/janssen/charts/fido2/Chart.yaml +++ b/charts/janssen/charts/fido2/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fido2 -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. type: application @@ -19,4 +19,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/fido2/README.md b/charts/janssen/charts/fido2/README.md index 6b5aeb058a3..568b9e2c6e9 100644 --- a/charts/janssen/charts/fido2/README.md +++ b/charts/janssen/charts/fido2/README.md @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml index 92be60e0d17..44143d7e341 100644 --- a/charts/janssen/charts/fido2/templates/deployment.yml +++ b/charts/janssen/charts/fido2/templates/deployment.yml @@ -59,6 +59,10 @@ spec: ports: - name: {{ .Values.service.name }} containerPort: {{ .Values.service.port }} + {{ if .Values.global.cnPrometheusPort }} + - name: prometheus-port + containerPort: {{ .Values.global.cnPrometheusPort }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-cm diff --git a/charts/janssen/charts/fido2/values.yaml b/charts/janssen/charts/fido2/values.yaml index 1548d3ad56b..2abe7aafdb3 100644 --- a/charts/janssen/charts/fido2/values.yaml +++ b/charts/janssen/charts/fido2/values.yaml @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/janssen/charts/nginx-ingress/Chart.yaml b/charts/janssen/charts/nginx-ingress/Chart.yaml index d71e649fb38..25add2ff658 100644 --- a/charts/janssen/charts/nginx-ingress/Chart.yaml +++ b/charts/janssen/charts/nginx-ingress/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nginx-ingress -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Nginx ingress definitions chart type: application @@ -18,4 +18,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/opendj/Chart.yaml b/charts/janssen/charts/opendj/Chart.yaml index b4ab0f77bfa..23f27d03044 100644 --- a/charts/janssen/charts/opendj/Chart.yaml +++ b/charts/janssen/charts/opendj/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: opendj -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. type: application @@ -17,4 +17,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" \ No newline at end of file +appVersion: "1.0.1" \ No newline at end of file diff --git a/charts/janssen/charts/persistence/Chart.yaml b/charts/janssen/charts/persistence/Chart.yaml index 54aa7422a75..99e0091ae9b 100644 --- a/charts/janssen/charts/persistence/Chart.yaml +++ b/charts/janssen/charts/persistence/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: persistence -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: Job to generate data and initial config for Janssen Server persistence layer. type: application @@ -16,5 +16,5 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/persistence/README.md b/charts/janssen/charts/persistence/README.md index 65b88bd2861..e4265fb2378 100644 --- a/charts/janssen/charts/persistence/README.md +++ b/charts/janssen/charts/persistence/README.md @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenfederation/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/janssen/charts/persistence/values.yaml b/charts/janssen/charts/persistence/values.yaml index 0da393c6595..39465c81ced 100644 --- a/charts/janssen/charts/persistence/values.yaml +++ b/charts/janssen/charts/persistence/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenfederation/persistence # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/janssen/charts/scim/Chart.yaml b/charts/janssen/charts/scim/Chart.yaml index 4bf76dd1c08..19a376bdcd0 100644 --- a/charts/janssen/charts/scim/Chart.yaml +++ b/charts/janssen/charts/scim/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: scim -version: 1.0.1-dev +version: 1.0.1 kubeVersion: ">=v1.21.0-0" description: System for Cross-domain Identity Management (SCIM) version 2.0 type: application @@ -18,4 +18,4 @@ maintainers: email: support@jans.io url: https://github.com/moabu icon: https://github.com/JanssenProject/jans/raw/main/docs/logo/janssen_project_favicon_transparent_50px_50px.png -appVersion: "1.0.1-dev" +appVersion: "1.0.1" diff --git a/charts/janssen/charts/scim/README.md b/charts/janssen/charts/scim/README.md index 768f5fc39bc..6a2f390ec45 100644 --- a/charts/janssen/charts/scim/README.md +++ b/charts/janssen/charts/scim/README.md @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.0.1_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.1-1"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml index 9bb1cd27aa6..39989074827 100644 --- a/charts/janssen/charts/scim/templates/deployment.yml +++ b/charts/janssen/charts/scim/templates/deployment.yml @@ -67,6 +67,10 @@ spec: ports: - name: {{ .Values.service.name }} containerPort: {{ .Values.service.port }} + {{ if .Values.global.cnPrometheusPort }} + - name: prometheus-port + containerPort: {{ .Values.global.cnPrometheusPort }} + {{- end }} envFrom: - configMapRef: name: {{ .Release.Name }}-config-cm diff --git a/charts/janssen/charts/scim/values.yaml b/charts/janssen/charts/scim/values.yaml index 5eb39ea00c8..df2f034d7a7 100644 --- a/charts/janssen/charts/scim/values.yaml +++ b/charts/janssen/charts/scim/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/janssen/values.schema.json b/charts/janssen/values.schema.json index 4130fa96892..61c71a8a46f 100644 --- a/charts/janssen/values.schema.json +++ b/charts/janssen/values.schema.json @@ -191,10 +191,9 @@ "type": "string", "pattern": "^(OAUTH|TEST|UMA)$" }, - "cnPersistenceLdapMapping": { + "cnPersistenceHybridMapping": { "description": "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", - "type": "string", - "pattern": "^(default|user|site|cache|statistic)$" + "type": "string" }, "cnRedisSentinelGroup": { "description": "Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index 668dc4764f4..70f550433e2 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -29,7 +29,7 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Service replica number. @@ -96,7 +96,7 @@ auth-server-key-rotation: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Auth server key rotation keys life in hours @@ -152,7 +152,7 @@ client-api: # -- Image to use for deploying. repository: janssenproject/client-api # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Service replica number. @@ -282,7 +282,15 @@ config: # -- SCIM protection mode OAUTH|TEST|UMA cnScimProtectionMode: "OAUTH" # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. - cnPersistenceLdapMapping: default + #{ + # "default": "", + # "user": "", + # "site": "", + # "cache": "", + # "token": "", + # "session": "", + #} + cnPersistenceHybridMapping: "{}" # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. cnRedisSentinelGroup: "" # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. @@ -305,7 +313,7 @@ config: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- LDAP admin password if OpennDJ is used for persistence. @@ -369,7 +377,7 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Service replica number. @@ -442,7 +450,7 @@ fido2: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Service replica number. @@ -947,7 +955,7 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Resource specs. @@ -1001,7 +1009,7 @@ scim: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.1_dev + tag: 1.0.1-1 # -- Image Pull Secrets pullSecrets: [] # -- Service replica number. diff --git a/jans-client-api/gen-client/README.md b/jans-client-api/gen-client/README.md index 6b517748254..d4a9d486e88 100644 --- a/jans-client-api/gen-client/README.md +++ b/jans-client-api/gen-client/README.md @@ -39,7 +39,7 @@ Add this dependency to your project's POM: io.swagger swagger-java-client - 1.0.1-SNAPSHOT + 1.0.1 compile ```