diff --git a/.gitignore b/.gitignore index f5420a77..4ebbc63b 100644 --- a/.gitignore +++ b/.gitignore @@ -25,8 +25,9 @@ jwt_* # Python __pycache__/ *.py[cod] +venv # Python Environments .venv .terraform -.terraform.lock.hcl \ No newline at end of file +.terraform.lock.hcl diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..b9618789 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,2 @@ +* @cloud-gov/platform-ops + diff --git a/bosh/opsfiles/clients.yml b/bosh/opsfiles/clients.yml index e969f8c6..35a25716 100644 --- a/bosh/opsfiles/clients.yml +++ b/bosh/opsfiles/clients.yml @@ -67,7 +67,7 @@ authorized-grant-types: authorization_code,client_credentials authorities: scim.read,password.write,uaa.admin,uaa.resource access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 redirect-uri: https://account.((system_domain))/oauth/login name: Invite Users autoapprove: true @@ -134,7 +134,7 @@ scope: cloud_controller.read,oauth.approvals,openid,scim.userids authorized-grant-types: authorization_code,refresh_token access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: Logsearch redirect-uri: https://logs.((system_domain))/login autoapprove: true @@ -149,7 +149,7 @@ authorized-grant-types: authorization_code,client_credentials,refresh_token authorities: uaa.none access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: "Dashboard" autoapprove: true show-on-homepage: true @@ -175,10 +175,25 @@ authorities: scim.userids,scim.invite,scim.read redirect-uri: https://cg-ui.((system_domain))/auth/login/callback +- type: replace + path: /variables/- + value: + name: external-domain-broker-client-secret + type: password + +- type: replace + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/external-domain-broker? + value: + override: true + authorized-grant-types: client_credentials,refresh_token + secret: ((external-domain-broker-client-secret)) + scope: uaa.none + authorities: cloud_controller.global_auditor + # Update existing clients - type: replace path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/access-token-validity value: 600 - type: replace path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/refresh-token-validity - value: 259200 + value: 43200 diff --git a/bosh/opsfiles/diego-cell-consumes-provides.yml b/bosh/opsfiles/diego-cell-consumes-provides.yml new file mode 100644 index 00000000..60ac239a --- /dev/null +++ b/bosh/opsfiles/diego-cell-consumes-provides.yml @@ -0,0 +1,34 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +# Needed because the isolation segment(s) exist +# Use distinct vxlan policy links for tenant cells +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa + value: {as: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa + value: {from: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa + value: {from: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables + value: {as: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config + value: {from: cni_config_tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config + value: {as: cni_config_tenant} + diff --git a/bosh/opsfiles/diego-cell-disk.yml b/bosh/opsfiles/diego-cell-disk.yml index d964f5de..2f7a151d 100644 --- a/bosh/opsfiles/diego-cell-disk.yml +++ b/bosh/opsfiles/diego-cell-disk.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/vm_extensions/0 value: 300GB_ephemeral_disk diff --git a/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml new file mode 100644 index 00000000..7878bb01 --- /dev/null +++ b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml @@ -0,0 +1,14 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +### This makes sure that absolute-cpu-entitlement is still emitting in addition to newer cpu_entitlement +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter + +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter + +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter + diff --git a/bosh/opsfiles/diego-cpu-entitlement.yml b/bosh/opsfiles/diego-cpu-entitlement.yml index e4e2f836..3cdcfcbb 100644 --- a/bosh/opsfiles/diego-cpu-entitlement.yml +++ b/bosh/opsfiles/diego-cpu-entitlement.yml @@ -1,12 +1,4 @@ --- -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter - -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter - -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter - type: remove path: /instance_groups/name=diego-api/jobs/name=bbs/properties/loggregator/app_metric_exclusion_filter diff --git a/bosh/opsfiles/diego-dns.yml b/bosh/opsfiles/diego-dns.yml deleted file mode 100644 index b729037a..00000000 --- a/bosh/opsfiles/diego-dns.yml +++ /dev/null @@ -1,3 +0,0 @@ -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=silk-cni/properties?/dns_servers - value: [169.254.0.2] diff --git a/bosh/opsfiles/diego-rds-certs.yml b/bosh/opsfiles/diego-rds-certs-diego-cell.yml similarity index 98% rename from bosh/opsfiles/diego-rds-certs.yml rename to bosh/opsfiles/diego-rds-certs-diego-cell.yml index 024eb9e5..5914e71c 100644 --- a/bosh/opsfiles/diego-rds-certs.yml +++ b/bosh/opsfiles/diego-rds-certs-diego-cell.yml @@ -1,6 +1,10 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- - value: &rds-ca |- + value: |- # rds-ca-2015-root.pem - expired 3/2020 but still in use some instances -----BEGIN CERTIFICATE----- MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx @@ -258,6 +262,4 @@ -----END CERTIFICATE----- -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- - value: *rds-ca + diff --git a/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml new file mode 100644 index 00000000..8c1795b8 --- /dev/null +++ b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml @@ -0,0 +1,18 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +# This file exists to remove CredHub Secured Service Credential Delivery which +# is now on by default in cf-deployment >=4.x. + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates + value: + - ((diego_instance_identity_ca.ca)) + - ((uaa_ssl.ca)) + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs + value: + - ((diego_instance_identity_ca.ca)) + - ((uaa_ssl.ca)) diff --git a/bosh/opsfiles/disable-secure-service-credentials.yml b/bosh/opsfiles/disable-secure-service-credentials.yml index 26e06ee8..4afda218 100644 --- a/bosh/opsfiles/disable-secure-service-credentials.yml +++ b/bosh/opsfiles/disable-secure-service-credentials.yml @@ -31,24 +31,6 @@ - type: remove path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates - value: - - ((application_ca.certificate)) - - ((uaa_ca.certificate)) - - type: remove path: /variables/name=uaa_clients_cc_service_key_client_secret -####This shouldn't have ever been here? -####- type: replace -#### path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup/properties/cflinuxfs3-rootfs/trusted_certs -#### value: -#### - ((diego_instance_identity_ca.ca)) -#### - ((uaa_ssl.ca)) - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates - value: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) diff --git a/bosh/opsfiles/enable-cflinuxfs4.yml b/bosh/opsfiles/enable-cflinuxfs4.yml deleted file mode 100644 index a63490fc..00000000 --- a/bosh/opsfiles/enable-cflinuxfs4.yml +++ /dev/null @@ -1,12 +0,0 @@ -# This file is the midpoint to get cflinuxfs4 enabled - -# Used to pull out credhub_tls certificate - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs - value: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - - - diff --git a/bosh/opsfiles/log-levels-diego-cell.yml b/bosh/opsfiles/log-levels-diego-cell.yml new file mode 100644 index 00000000..6724e729 --- /dev/null +++ b/bosh/opsfiles/log-levels-diego-cell.yml @@ -0,0 +1,15 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level? + value: error + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level? + value: error + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level? + value: error diff --git a/bosh/opsfiles/log-levels.yml b/bosh/opsfiles/log-levels.yml index c324518d..2955c3c0 100644 --- a/bosh/opsfiles/log-levels.yml +++ b/bosh/opsfiles/log-levels.yml @@ -1,15 +1,3 @@ -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level? - value: error - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level? - value: error - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level? - value: error - - type: replace path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_event_logging?/enabled value: true diff --git a/bosh/opsfiles/meta-data-v2-diego-cell.yml b/bosh/opsfiles/meta-data-v2-diego-cell.yml new file mode 100644 index 00000000..2f0ba7df --- /dev/null +++ b/bosh/opsfiles/meta-data-v2-diego-cell.yml @@ -0,0 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +- type: replace + path: /instance_groups/name=diego-cell/vm_extensions/- + value: meta-data-v2 diff --git a/bosh/opsfiles/meta-data-v2.yml b/bosh/opsfiles/meta-data-v2.yml deleted file mode 100644 index 34297775..00000000 --- a/bosh/opsfiles/meta-data-v2.yml +++ /dev/null @@ -1,6 +0,0 @@ -- type: replace - path: /instance_groups/name=diego-cell/vm_extensions/- - value: meta-data-v2 -- type: replace - path: /instance_groups/name=diego-platform-cell/vm_extensions/- - value: meta-data-v2 diff --git a/bosh/opsfiles/pages-clients-dev.yml b/bosh/opsfiles/pages-clients-dev.yml index 063c19c5..cd7fca23 100644 --- a/bosh/opsfiles/pages-clients-dev.yml +++ b/bosh/opsfiles/pages-clients-dev.yml @@ -13,8 +13,8 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 - name: Pages - Dev + refresh-token-validity: 43200 + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' diff --git a/bosh/opsfiles/pages-clients-production.yml b/bosh/opsfiles/pages-clients-production.yml index 75a04e79..a247b8e5 100644 --- a/bosh/opsfiles/pages-clients-production.yml +++ b/bosh/opsfiles/pages-clients-production.yml @@ -13,8 +13,8 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 - name: Pages - Production + refresh-token-validity: 43200 + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' diff --git a/bosh/opsfiles/pages-clients-staging.yml b/bosh/opsfiles/pages-clients-staging.yml index 388fed8e..4dfc76b6 100644 --- a/bosh/opsfiles/pages-clients-staging.yml +++ b/bosh/opsfiles/pages-clients-staging.yml @@ -13,8 +13,8 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 - name: Pages - Staging + refresh-token-validity: 43200 + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' diff --git a/bosh/opsfiles/pin-capi.yml b/bosh/opsfiles/pin-capi.yml new file mode 100644 index 00000000..e6669b60 --- /dev/null +++ b/bosh/opsfiles/pin-capi.yml @@ -0,0 +1,18 @@ +# Pin CAPI because of valkey +- type: replace + path: /releases/name=capi + value: + name: capi + version: 1.183.0 + url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.183.0 + sha1: fceb5095f6ffc975fe12e0cc36daca00a3cf4db4 + +# Switch to Redis +- type: remove + path: /instance_groups/name=api/jobs/name=valkey + +- type: replace + path: /instance_groups/name=api/jobs/- + value: + name: redis + release: capi diff --git a/bosh/opsfiles/platform-cells.yml b/bosh/opsfiles/platform-cells.yml index 6c07baec..d857a935 100644 --- a/bosh/opsfiles/platform-cells.yml +++ b/bosh/opsfiles/platform-cells.yml @@ -1,182 +1,6 @@ -# Copy original diego-cell from https://github.com/cloudfoundry/cf-deployment/blob/master/cf-deployment.yml -- type: replace - path: /instance_groups/- - value: - name: diego-platform-cell - azs: - - z1 - - z2 - instances: 2 - vm_type: small-highmem - vm_extensions: - - 200GB_ephemeral_disk - stemcell: default - networks: - - name: default - jobs: - - name: bosh-dns-adapter - properties: - internal_domains: ["apps.internal."] - dnshttps: - client: - tls: ((cf_app_sd_client_tls)) - server: - ca: ((cf_app_sd_client_tls.ca)) - release: cf-networking - - name: cflinuxfs4-rootfs-setup - release: cflinuxfs4 - properties: - cflinuxfs4-rootfs: - trusted_certs: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - - name: garden - release: garden-runc - provides: - iptables: {as: iptables-platform} - properties: - garden: - containerd_mode: true - cleanup_process_dirs_on_wait: true - debug_listen_address: 127.0.0.1:17019 - default_container_grace_time: 0 - destroy_containers_on_start: true - deny_networks: - - 0.0.0.0/0 - network_plugin: /var/vcap/packages/runc-cni/bin/garden-external-networker - network_plugin_extra_args: - - --configFile=/var/vcap/jobs/garden-cni/config/adapter.json - logging: - format: - timestamp: "rfc3339" - - name: rep - release: diego - properties: - bpm: - enabled: true - diego: - executor: - instance_identity_ca_cert: ((diego_instance_identity_ca.certificate)) - instance_identity_key: ((diego_instance_identity_ca.private_key)) - rep: - preloaded_rootfses: - - cflinuxfs4:/var/vcap/packages/cflinuxfs4/rootfs.tar - containers: - proxy: - enabled: true - require_and_verify_client_certificates: true - trusted_ca_certificates: - - ((gorouter_backend_tls.ca)) - - ((ssh_proxy_backends_tls.ca)) - verify_subject_alt_name: - - gorouter.service.cf.internal - - ssh-proxy.service.cf.internal - trusted_ca_certificates: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - enable_consul_service_registration: false - enable_declarative_healthcheck: true - loggregator: &diego_loggregator_client_properties - use_v2_api: true - ca_cert: "((loggregator_tls_agent.ca))" - cert: "((loggregator_tls_agent.certificate))" - key: "((loggregator_tls_agent.private_key))" - tls: - ca_cert: "((diego_rep_agent_v2.ca))" - cert: "((diego_rep_agent_v2.certificate))" - key: "((diego_rep_agent_v2.private_key))" - logging: - format: - timestamp: "rfc3339" - - name: cfdot - release: diego - properties: - tls: - ca_certificate: "((diego_rep_client.ca))" - certificate: "((diego_rep_client.certificate))" - private_key: "((diego_rep_client.private_key))" - - name: route_emitter - release: diego - properties: - bpm: - enabled: true - loggregator: *diego_loggregator_client_properties - diego: - route_emitter: - local_mode: true - bbs: - ca_cert: "((diego_bbs_client.ca))" - client_cert: "((diego_bbs_client.certificate))" - client_key: "((diego_bbs_client.private_key))" - nats: - tls: - enabled: true - client_cert: "((nats_client_cert.certificate))" - client_key: "((nats_client_cert.private_key))" - tcp: - enabled: true - uaa: - ca_cert: "((uaa_ssl.ca))" - client_secret: "((uaa_clients_tcp_emitter_secret))" - logging: - format: - timestamp: "rfc3339" - internal_routes: - enabled: true - - name: garden-cni - release: cf-networking - properties: - cni_plugin_dir: /var/vcap/packages/silk-cni/bin - cni_config_dir: /var/vcap/jobs/silk-cni/config/cni - - name: netmon - release: silk - consumes: - iptables: {from: iptables-platform} - - name: vxlan-policy-agent - release: silk - provides: - vpa: {as: vpa-platform} - consumes: - iptables: {from: iptables-platform} - cni_config: {from: cni_config_platform} - properties: - ca_cert: ((network_policy_client.ca)) - client_cert: ((network_policy_client.certificate)) - client_key: ((network_policy_client.private_key)) - loggregator: *diego_loggregator_client_properties - - name: silk-daemon - release: silk - consumes: - vpa: {from: vpa-platform} - iptables: {from: iptables-platform} - properties: - ca_cert: ((silk_daemon.ca)) - client_cert: ((silk_daemon.certificate)) - client_key: ((silk_daemon.private_key)) - - name: silk-cni - release: silk - properties: - dns_servers: - - 169.254.0.2 - consumes: - vpa: {from: vpa-platform} - provides: - cni_config: {as: cni_config_platform} - - name: silk-datastore-syncer - release: silk - - name: loggr-udp-forwarder - release: loggregator-agent - properties: - loggregator: - tls: - ca: "((loggregator_tls_agent.ca))" - cert: "((loggregator_tls_agent.certificate))" - key: "((loggregator_tls_agent.private_key))" - metrics: - ca_cert: "((loggr_udp_forwarder_tls.ca))" - cert: "((loggr_udp_forwarder_tls.certificate))" - key: "((loggr_udp_forwarder_tls.private_key))" - server_name: loggr_udp_forwarder_metrics +# NOTES: +# - Other than the scaling-*.yml files, this should be the only file to contain configurations for the diego-platform-cell instance group +# - This one is unique from other isolation segments in that it gets a custom identity profile on the vm # Set platform cell instance profile and placement tag - type: replace @@ -186,34 +10,6 @@ path: /instance_groups/name=diego-platform-cell/jobs/name=rep/properties/diego/rep/placement_tags?/- value: platform -# Use distinct vxlan policy links for tenant cells -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa - value: {as: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa - value: {from: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa - value: {from: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables - value: {as: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config - value: {from: cni_config_tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config - value: {as: cni_config_tenant} # Add platform cells to DNS aliases - type: replace @@ -225,20 +21,3 @@ network: ((network_name)) domain: bosh -# Enable service discovery -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=bosh-dns-adapter? - value: - name: bosh-dns-adapter - properties: - internal_domains: ["apps.internal."] - dnshttps: - client: - tls: ((cf_app_sd_client_tls)) - server: - ca: ((cf_app_sd_server_tls.ca)) - release: cf-networking -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=route_emitter/properties/internal_routes? - value: - enabled: true diff --git a/bosh/opsfiles/scaling-development.yml b/bosh/opsfiles/scaling-development.yml index b80f22d4..6c62d2b2 100644 --- a/bosh/opsfiles/scaling-development.yml +++ b/bosh/opsfiles/scaling-development.yml @@ -137,8 +137,21 @@ - type: replace path: /instance_groups/name=diego-platform-cell/vm_type value: t3.xlarge - +- type: replace + path: /instance_groups/name=diego-platform-cell/instances + value: 2 + # rotate-cc-database-key - type: replace path: /instance_groups/name=rotate-cc-database-key/vm_type value: t3.medium + + +# iso-segs +#- type: replace +# path: /instance_groups/name=diego-cell-iso-seg1/vm_type +# value: r6i.4xlarge +# +#- type: replace +# path: /instance_groups/name=diego-cell-iso-seg1/instances +# value: 2 \ No newline at end of file diff --git a/bosh/opsfiles/scaling-staging.yml b/bosh/opsfiles/scaling-staging.yml index f4187cc5..77662eec 100644 --- a/bosh/opsfiles/scaling-staging.yml +++ b/bosh/opsfiles/scaling-staging.yml @@ -138,6 +138,9 @@ - type: replace path: /instance_groups/name=diego-platform-cell/vm_type value: r6i.2xlarge +- type: replace + path: /instance_groups/name=diego-platform-cell/instances + value: 2 # rotate-cc-database-key - type: replace diff --git a/ci/acceptance-tests-config.yml b/ci/acceptance-tests-config.yml index efd18e25..a08ce67c 100644 --- a/ci/acceptance-tests-config.yml +++ b/ci/acceptance-tests-config.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests outputs: diff --git a/ci/check-deployment-was-zdt.yml b/ci/check-deployment-was-zdt.yml index a90aa26a..283aa3c5 100644 --- a/ci/check-deployment-was-zdt.yml +++ b/ci/check-deployment-was-zdt.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: timestamp diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh new file mode 100755 index 00000000..39954909 --- /dev/null +++ b/ci/create-diego-cell-iso-seg.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +set -eux + +## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files +## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future + +echo "Creating isolation segments for: ${ISO_SEG_NAMES}"... + +## Create the starting point of a configured diego-cell for cg (minus scaling-*.ymls) +bosh int \ + cf-deployment/cf-deployment.yml \ + -o cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-disk.yml \ + -o cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml \ + --path /instance_groups/name=diego-cell > diego-cell_raw.yml + + +## Loop through and create a single iso seg ops file, intermediate files aren't deleted for debugging + +for iso_seg_name in $ISO_SEG_NAMES; do + + echo "Creating isolation segment ${iso_seg_name}"... + + ## Create ops file header - Always start with the instance group declaration + cat > diego-cell-iso-seg-${iso_seg_name}-header.yml < sed1.yml + sed "s/iptables-tenant/iptables-iso-seg-${iso_seg_name}/" sed1.yml > sed2.yml + sed "s/cni_config_tenant/cni_config_iso-seg-${iso_seg_name}/" sed2.yml > sed3.yml + sed "s/vpa-tenant/vpa-iso-seg-${iso_seg_name}/" sed3.yml > sed4.yml + sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg-${iso_seg_name}.yml + + ## Create ops file footer - All the "replace" that can only be run once the instance group exists (order matters) + cat > diego-cell-iso-seg-${iso_seg_name}-footer.yml < diego-cell-iso-seg-${iso_seg_name}.yml + + ## Merge this iso-seg into one file which will have all of them at the end of the loop + cat diego-cell-iso-seg-${iso_seg_name}.yml >> diego-cell-iso-seg.yml +done + +## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline +if [ -n "$ISO_SEG_NAMES" ]; then + echo "Returing iso seg ops file for ${ISO_SEG_NAMES}..." + cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml +else + echo "Returing blank iso seg ops file..." + cat > diego-cell-iso-seg/diego-cell-iso-seg.yml << EOF +# Intentionally left blank +EOF +fi + +echo "Final iso seg ops file written to diego-cell-iso-seg/diego-cell-iso-seg.yml" +## return: diego-cell-iso-seg/diego-cell-iso-seg.yml \ No newline at end of file diff --git a/ci/create-diego-cell-iso-seg.yml b/ci/create-diego-cell-iso-seg.yml new file mode 100644 index 00000000..a7d52f32 --- /dev/null +++ b/ci/create-diego-cell-iso-seg.yml @@ -0,0 +1,10 @@ +platform: linux + +inputs: +- name: cf-deployment +- name: cf-manifests +outputs: +- name: diego-cell-iso-seg + +run: + path: cf-manifests/ci/create-diego-cell-iso-seg.sh diff --git a/ci/create-diego-platform-cell.sh b/ci/create-diego-platform-cell.sh new file mode 100755 index 00000000..9f1c71e6 --- /dev/null +++ b/ci/create-diego-platform-cell.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -eux + +## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files +## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future +bosh int \ + cf-deployment/cf-deployment.yml \ + -o cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-disk.yml \ + -o cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml \ + --path /instance_groups/name=diego-cell > diego-cell_raw.yml + +## Create ops file header +cat > diego-platform-cell.yml < sed1.yml +sed 's/iptables-tenant/iptables-platform/' sed1.yml > sed2.yml +sed 's/cni_config_tenant/cni_config_platform/' sed2.yml > sed3.yml +sed 's/vpa-tenant/vpa-platform/' sed3.yml > sed4.yml +sed 's/^/ /' sed4.yml > diego-platform-cell_indented.yml + +## Append the platform-diego-cell yaml to the ops file header +cat diego-platform-cell_indented.yml >> diego-platform-cell.yml +cp diego-platform-cell.yml diego-platform-cell/diego-platform-cell.yml + +## return: diego-platform-cell/diego-platform-cell.yml \ No newline at end of file diff --git a/ci/create-diego-platform-cell.yml b/ci/create-diego-platform-cell.yml new file mode 100644 index 00000000..9c82fcf1 --- /dev/null +++ b/ci/create-diego-platform-cell.yml @@ -0,0 +1,12 @@ +platform: linux + +inputs: +- name: cf-deployment +- name: cf-manifests +outputs: +- name: diego-platform-cell + +run: + path: cf-manifests/ci/create-diego-platform-cell.sh + + diff --git a/ci/create-router-logstash.yml b/ci/create-router-logstash.yml index 4ab1176d..554892a5 100644 --- a/ci/create-router-logstash.yml +++ b/ci/create-router-logstash.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/create-router-main.yml b/ci/create-router-main.yml index 6be479a9..dbcd03a9 100644 --- a/ci/create-router-main.yml +++ b/ci/create-router-main.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/enable-cf-features.yml b/ci/enable-cf-features.yml index 2c3e5b32..6d366ba4 100644 --- a/ci/enable-cf-features.yml +++ b/ci/enable-cf-features.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 4ac73eca..c6c35fbd 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -21,12 +21,24 @@ jobs: trigger: true - get: cg-s3-secureproxy-release trigger: true + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + image: general-task + file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + image: general-task + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + ISO_SEG_NAMES: "" #((names_of_iso_segs_development)) # Value in credhub - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -62,21 +74,24 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-development.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/content-security-policy.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-main-dev.yml - cf-manifests/bosh/opsfiles/router-logstash.yml @@ -85,12 +100,15 @@ jobs: - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/add-opensearch-ca.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml - cf-manifests/bosh/opsfiles/aggregate_drains.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/development.yml - terraform-secrets/terraform.yml - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-development)) @@ -144,7 +162,9 @@ jobs: resource: terraform-config trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-development TERRAFORM_ACTION: plan @@ -177,7 +197,9 @@ jobs: passed: [terraform-plan-development] trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-development @@ -231,7 +253,9 @@ jobs: passed: [deploy-cf-development] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-development)) @@ -249,7 +273,9 @@ jobs: passed: [deploy-cf-development] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-development)) @@ -281,7 +307,9 @@ jobs: - get: cg-s3-secureproxy-release trigger: true passed: [deploy-cf-development] + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -372,9 +400,9 @@ jobs: source: aws_access_key_id: ((ecr_aws_key)) aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task + repository: general-task aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + tag: latest inputs: - name: common run: @@ -415,7 +443,9 @@ jobs: passed: [deploy-cf-development] - get: cf-stemcell-jammy passed: [deploy-cf-development] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-development-params CF_API_URL: ((cf-api-url-development)) @@ -426,10 +456,12 @@ jobs: CF_APP_DOMAIN: dev.us-gov-west-1.aws-us-gov.cloud.gov on_failure: &test-space-egress-development-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-development-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-development-params @@ -469,7 +501,9 @@ jobs: passed: [deploy-cf-development] - get: cf-stemcell-jammy passed: [deploy-cf-development] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-headers/task-deploy-test-env.yml params: &test-headers-development-params CF_API_URL: ((cf-api-url-development)) @@ -480,10 +514,12 @@ jobs: CF_APP_DOMAIN: dev.us-gov-west-1.aws-us-gov.cloud.gov on_failure: &test-headers-development-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-headers/task-clean-test-env.yml params: <<: *test-headers-development-params - task: run-tests + image: general-task file: cf-manifests/ci/test-headers/task-run-tests.yml params: <<: *test-headers-development-params @@ -534,13 +570,25 @@ jobs: - get: cg-s3-secureproxy-release trigger: true passed: [smoke-tests-development] + - get: general-task - put: timestamp - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + image: general-task + file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + image: general-task + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + ISO_SEG_NAMES: "" #((names_of_iso_segs_staging)) # Value in credhub - put: cf-deployment-staging params: <<: *deploy-params @@ -572,31 +620,37 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-staging.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml - cf-manifests/bosh/opsfiles/add-opensearch-ca.yml - cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/staging.yml - terraform-secrets/terraform.yml - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-staging)) @@ -622,6 +676,7 @@ jobs: user_org_creation hide_marketplace_from_unauthenticated_users - task: validate-zdt + image: general-task file: cf-manifests/ci/check-deployment-was-zdt.yml params: HEALTH_CHECK_ID: ((staging-route53-healthcheck-id)) @@ -693,7 +748,9 @@ jobs: passed: [deploy-cf-staging] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-staging)) @@ -711,7 +768,9 @@ jobs: passed: [deploy-cf-staging] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-staging)) @@ -740,7 +799,9 @@ jobs: passed: [terraform-apply-staging] trigger: true - get: master-bosh-root-cert + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -780,7 +841,9 @@ jobs: trigger: true passed: [terraform-apply-development] - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-staging TERRAFORM_ACTION: plan @@ -813,7 +876,9 @@ jobs: trigger: true passed: [terraform-plan-staging] - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-staging @@ -934,7 +999,9 @@ jobs: - uaa-smoke-tests-staging - test-space-egress-staging - smoke-tests-staging + - get: general-task - task: test-config + image: general-task file: cf-manifests/ci/acceptance-tests-config.yml params: API_URL: api.fr-stage.cloud.gov @@ -988,7 +1055,9 @@ jobs: - get: terraform-config passed: [terraform-apply-staging] trigger: true + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-staging-params CF_API_URL: ((cf-api-url-staging)) @@ -999,10 +1068,12 @@ jobs: CF_APP_DOMAIN: fr-stage.cloud.gov on_failure: &test-space-egress-staging-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-staging-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-staging-params @@ -1051,12 +1122,24 @@ jobs: passed: [acceptance-tests-staging] - get: cg-s3-secureproxy-release passed: [acceptance-tests-staging] + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + image: general-task + file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + image: general-task + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: &prod-deploy-params <<: *deploy-params @@ -1088,25 +1171,30 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-production.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml - cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/production.yml - terraform-secrets/terraform.yml @@ -1148,18 +1236,31 @@ jobs: passed: [plan-cf-production] - get: cg-s3-secureproxy-release passed: [plan-cf-production] + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + image: general-task + file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + image: general-task + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: <<: *prod-deploy-params dry_run: false - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-production)) @@ -1234,7 +1335,9 @@ jobs: passed: [deploy-cf-production] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-production)) @@ -1252,7 +1355,9 @@ jobs: passed: [deploy-cf-production] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-production)) @@ -1269,7 +1374,9 @@ jobs: passed: [deploy-cf-production] trigger: true - get: master-bosh-root-cert + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -1309,7 +1416,9 @@ jobs: passed: [acceptance-tests-staging] trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-production TERRAFORM_ACTION: plan @@ -1342,7 +1451,9 @@ jobs: passed: [terraform-plan-production] - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-production @@ -1396,7 +1507,9 @@ jobs: - get: cf-manifests trigger: true passed: [deploy-cf-production] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-production-params CF_API_URL: ((cf-api-url-production)) @@ -1407,10 +1520,12 @@ jobs: CF_APP_DOMAIN: app.cloud.gov on_failure: &test-space-egress-production-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-production-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-production-params @@ -1577,6 +1692,15 @@ resources: - name: timestamp type: time +- name: general-task + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: general-task + aws_region: us-gov-west-1 + tag: latest + resource_types: - name: registry-image type: registry-image @@ -1597,14 +1721,40 @@ resource_types: tag: latest - name: bosh-deployment - type: docker-image + type: registry-image source: - repository: cloudfoundry/bosh-deployment-resource + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: bosh-deployment-resource + aws_region: us-gov-west-1 + tag: latest - name: s3-iam - type: docker-image + type: registry-image source: - repository: 18fgsa/s3-resource + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: s3-resource + aws_region: us-gov-west-1 + tag: latest + +- name: time + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: time-resource + aws_region: us-gov-west-1 + tag: latest + +- name: bosh-io-stemcell + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: bosh-io-stemcell-resource + aws_region: us-gov-west-1 + tag: latest groups: - name: all diff --git a/ci/terraform-secrets.yml b/ci/terraform-secrets.yml index 0a01e66c..bf358ef5 100644 --- a/ci/terraform-secrets.yml +++ b/ci/terraform-secrets.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: terraform-yaml diff --git a/ci/test-headers/task-clean-test-env.yml b/ci/test-headers/task-clean-test-env.yml index e604344d..cb552816 100644 --- a/ci/test-headers/task-clean-test-env.yml +++ b/ci/test-headers/task-clean-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-headers/task-deploy-test-env.yml b/ci/test-headers/task-deploy-test-env.yml index 83f86aa9..e04b4ee7 100644 --- a/ci/test-headers/task-deploy-test-env.yml +++ b/ci/test-headers/task-deploy-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-headers/task-run-tests.yml b/ci/test-headers/task-run-tests.yml index a1a28c81..3930b148 100644 --- a/ci/test-headers/task-run-tests.yml +++ b/ci/test-headers/task-run-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 166180f6..e5af3365 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -1,28 +1,28 @@ argcomplete==1.12.3 asgiref==3.4.1 -certifi==2021.5.30 +certifi==2024.7.4 cfenv==0.5.3 charset-normalizer==2.0.4 click==8.0.1 -fastapi==0.68.1 +fastapi==0.111.0 furl==2.1.3 h11==0.12.0 -idna==3.2 +idna==3.7 mypy-extensions==0.4.3 orderedmultidict==1.0.1 packaging==21.0 pathspec==0.9.0 platformdirs==2.3.0 -protobuf==3.17.3 +protobuf==3.18.3 psycopg2==2.9.1 -pydantic==1.8.2 +pydantic==1.10.13 pyparsing==2.4.7 regex==2021.8.28 -requests==2.26.0 +requests==2.32.2 six==1.16.0 -starlette==0.14.2 +starlette==0.37.2 tomli==1.2.1 -typing-extensions==3.10.0.2 -urllib3==1.26.6 +typing-extensions==4.8.0 +urllib3==1.26.19 userpath==1.7.0 uvicorn==0.15.0 diff --git a/ci/test-space-egress/task-clean-test-env.yml b/ci/test-space-egress/task-clean-test-env.yml index 204d3853..1136f9ac 100644 --- a/ci/test-space-egress/task-clean-test-env.yml +++ b/ci/test-space-egress/task-clean-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/task-deploy-test-env.yml b/ci/test-space-egress/task-deploy-test-env.yml index bcc2e2d3..5a970983 100644 --- a/ci/test-space-egress/task-deploy-test-env.yml +++ b/ci/test-space-egress/task-deploy-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/task-run-tests.yml b/ci/test-space-egress/task-run-tests.yml index 1abdcf63..d8636e64 100644 --- a/ci/test-space-egress/task-run-tests.yml +++ b/ci/test-space-egress/task-run-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/tic-smoke-tests.yml b/ci/tic-smoke-tests.yml index 1e308b07..b6ef438b 100644 --- a/ci/tic-smoke-tests.yml +++ b/ci/tic-smoke-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: master-bosh-root-cert diff --git a/ci/uaa-client-audit.yml b/ci/uaa-client-audit.yml index 80481725..14457c46 100644 --- a/ci/uaa-client-audit.yml +++ b/ci/uaa-client-audit.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: cf-deployment diff --git a/ci/uaa-monitor-account-creation.yml b/ci/uaa-monitor-account-creation.yml index f835db62..7ff90869 100644 --- a/ci/uaa-monitor-account-creation.yml +++ b/ci/uaa-monitor-account-creation.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: cf-deployment diff --git a/terraform/stack/asg.tf b/terraform/stack/asg.tf index e1b9484c..a4cd111e 100644 --- a/terraform/stack/asg.tf +++ b/terraform/stack/asg.tf @@ -338,155 +338,3 @@ resource "cloudfoundry_default_asg" "staging" { ] } -resource "cloudfoundry_org_quota" "default-tts" { - name = "default-tts" - allow_paid_service_plans = true - total_memory = 81920 - total_routes = 1000 - total_services = 200 - total_route_ports = -1 -} - -resource "cloudfoundry_org" "cloud-gov" { - name = "cloud-gov" - quota = cloudfoundry_org_quota.default-tts.id -} - -resource "cloudfoundry_isolation_segment" "platform" { - name = "platform" -} - -resource "cloudfoundry_isolation_segment_entitlement" "platform" { - segment = cloudfoundry_isolation_segment.platform.id - orgs = [ - cloudfoundry_org.cloud-gov.id - ] -} - -resource "cloudfoundry_space" "services" { - name = "services" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.brokers.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] - isolation_segment = cloudfoundry_isolation_segment.platform.id -} - -resource "cloudfoundry_space" "dashboard" { - name = "dashboard" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "cg-ui" { - name = "cg-ui" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "uaa-extras" { - name = "uaa-extras" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "cspr-collector" { - name = "cspr-collector" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "opensearch-dashboards-proxy" { - name = "opensearch-dashboards-proxy" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.public_networks_egress.id, - cloudfoundry_asg.dns.id, - ] - staging_asgs = [ - cloudfoundry_asg.dns.id, - ] -} - -# Federalist/Pages - -data "cloudfoundry_org" "gsa-18f-federalist" { - name = "gsa-18f-federalist" -} - -resource "cloudfoundry_space_quota" "tiny" { - name = "tiny-tf-managed" - allow_paid_service_plans = true - total_memory = 1024 - total_routes = -1 - total_services = -1 - total_route_ports = -1 - org = data.cloudfoundry_org.gsa-18f-federalist.id -} - -resource "cloudfoundry_space" "email" { - name = "email" - org = data.cloudfoundry_org.gsa-18f-federalist.id - quota = cloudfoundry_space_quota.tiny.id - asgs = [ - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} diff --git a/terraform/stack/iso.tf b/terraform/stack/iso.tf new file mode 100644 index 00000000..e48aa5d3 --- /dev/null +++ b/terraform/stack/iso.tf @@ -0,0 +1,10 @@ +resource "cloudfoundry_isolation_segment" "platform" { + name = "platform" +} + +resource "cloudfoundry_isolation_segment_entitlement" "platform" { + segment = cloudfoundry_isolation_segment.platform.id + orgs = [ + cloudfoundry_org.cloud-gov.id + ] +} diff --git a/terraform/stack/orgs.tf b/terraform/stack/orgs.tf new file mode 100644 index 00000000..f5c166f7 --- /dev/null +++ b/terraform/stack/orgs.tf @@ -0,0 +1,15 @@ +resource "cloudfoundry_org" "cloud-gov" { + name = "cloud-gov" + quota = cloudfoundry_org_quota.default-tts.id +} + +resource "cloudfoundry_org" "acceptance_tests" { + name = "cloud-gov-acceptance-tests" + quota = cloudfoundry_org_quota.default-tts.id +} + +# Federalist/Pages + +data "cloudfoundry_org" "gsa-18f-federalist" { + name = "gsa-18f-federalist" +} diff --git a/terraform/stack/quotas.tf b/terraform/stack/quotas.tf new file mode 100644 index 00000000..5cd7759e --- /dev/null +++ b/terraform/stack/quotas.tf @@ -0,0 +1,20 @@ +resource "cloudfoundry_org_quota" "default-tts" { + name = "default-tts" + allow_paid_service_plans = true + total_memory = 81920 + total_routes = 1000 + total_services = 200 + total_route_ports = -1 +} + +# Federalist/ Pages + +resource "cloudfoundry_space_quota" "tiny" { + name = "tiny-tf-managed" + allow_paid_service_plans = true + total_memory = 1024 + total_routes = -1 + total_services = -1 + total_route_ports = -1 + org = data.cloudfoundry_org.gsa-18f-federalist.id +} diff --git a/terraform/stack/spaces.tf b/terraform/stack/spaces.tf new file mode 100644 index 00000000..a43b7287 --- /dev/null +++ b/terraform/stack/spaces.tf @@ -0,0 +1,126 @@ +resource "cloudfoundry_space" "services" { + name = "services" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.brokers.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] + isolation_segment = cloudfoundry_isolation_segment.platform.id +} + +resource "cloudfoundry_space" "dashboard" { + name = "dashboard" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "cg-ui" { + name = "cg-ui" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "uaa-extras" { + name = "uaa-extras" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "cspr-collector" { + name = "cspr-collector" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "opensearch-dashboards-proxy" { + name = "opensearch-dashboards-proxy" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.public_networks_egress.id, + cloudfoundry_asg.dns.id, + ] + staging_asgs = [ + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "external_domain_broker_tests" { + name = "external-domain-broker-tests" + org = cloudfoundry_org.acceptance_tests.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] + staging_asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +# Federalist/ Pages + +resource "cloudfoundry_space" "email" { + name = "email" + org = data.cloudfoundry_org.gsa-18f-federalist.id + quota = cloudfoundry_space_quota.tiny.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} diff --git a/terraform/terraform-apply.yml b/terraform/terraform-apply.yml index c21baf12..a575569f 100644 --- a/terraform/terraform-apply.yml +++ b/terraform/terraform-apply.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: terraform-templates - name: pipeline-tasks